Migrate references from neutron to neutron-lib
Where constants and functions have been shown to move from neutron to neutron-lib, reflect those in the neutron-fwaas source code. Change-Id: I70a24a8cc2095e010a05aa27acda153ae5335833
This commit is contained in:
parent
7e6e20681d
commit
c93fbf7606
|
@ -20,7 +20,7 @@ from neutron.db import common_db_mixin as base_db
|
|||
from neutron.extensions import l3
|
||||
from neutron import manager
|
||||
from neutron.plugins.common import constants as p_const
|
||||
from neutron_lib import constants
|
||||
from neutron_lib import constants as nl_constants
|
||||
from neutron_lib.db import model_base
|
||||
from oslo_config import cfg
|
||||
from oslo_log import log as logging
|
||||
|
@ -309,8 +309,8 @@ class Firewall_db_mixin(fw_ext.FirewallPluginBase, base_db.CommonDbMixin):
|
|||
|
||||
def _validate_fwr_protocol_parameters(self, fwr):
|
||||
protocol = fwr['protocol']
|
||||
if protocol not in (constants.PROTO_NAME_TCP,
|
||||
constants.PROTO_NAME_UDP):
|
||||
if protocol not in (nl_constants.PROTO_NAME_TCP,
|
||||
nl_constants.PROTO_NAME_UDP):
|
||||
if fwr['source_port'] or fwr['destination_port']:
|
||||
raise fw_ext.FirewallRuleInvalidICMPParameter(
|
||||
param="Source, destination port")
|
||||
|
@ -323,8 +323,8 @@ class Firewall_db_mixin(fw_ext.FirewallPluginBase, base_db.CommonDbMixin):
|
|||
# the introduction of a new 'CREATED' state allows this, whilst
|
||||
# keeping a backward compatible behavior of the logical resource.
|
||||
if not status:
|
||||
status = (p_const.CREATED if cfg.CONF.router_distributed
|
||||
else p_const.PENDING_CREATE)
|
||||
status = (nl_constants.CREATED if cfg.CONF.router_distributed
|
||||
else nl_constants.PENDING_CREATE)
|
||||
with context.session.begin(subtransactions=True):
|
||||
self._validate_fw_parameters(context, fw, tenant_id)
|
||||
firewall_db = Firewall(
|
||||
|
|
|
@ -14,8 +14,7 @@
|
|||
# under the License.
|
||||
|
||||
from neutron.db import common_db_mixin as base_db
|
||||
from neutron.plugins.common import constants as p_const
|
||||
import neutron_lib.constants as libconstants
|
||||
from neutron_lib import constants as nl_constants
|
||||
from neutron_lib.db import model_base
|
||||
from oslo_config import cfg
|
||||
from oslo_log import log as logging
|
||||
|
@ -143,8 +142,8 @@ class Firewall_db_mixin_v2(fw_ext.Firewallv2PluginBase, base_db.CommonDbMixin):
|
|||
|
||||
def _validate_fwr_protocol_parameters(self, fwr):
|
||||
protocol = fwr['protocol']
|
||||
if protocol not in (libconstants.PROTO_NAME_TCP,
|
||||
libconstants.PROTO_NAME_UDP):
|
||||
if protocol not in (nl_constants.PROTO_NAME_TCP,
|
||||
nl_constants.PROTO_NAME_UDP):
|
||||
if fwr['source_port'] or fwr['destination_port']:
|
||||
raise fw_ext.FirewallRuleInvalidICMPParameter(
|
||||
param="Source, destination port")
|
||||
|
@ -729,8 +728,8 @@ class Firewall_db_mixin_v2(fw_ext.Firewallv2PluginBase, base_db.CommonDbMixin):
|
|||
def create_firewall_group(self, context, firewall_group, status=None):
|
||||
fwg = firewall_group['firewall_group']
|
||||
if not status:
|
||||
status = (p_const.CREATED if cfg.CONF.router_distributed
|
||||
else p_const.PENDING_CREATE)
|
||||
status = (nl_constants.CREATED if cfg.CONF.router_distributed
|
||||
else nl_constants.PENDING_CREATE)
|
||||
with context.session.begin(subtransactions=True):
|
||||
self._validate_fwg_parameters(context, fwg, fwg['tenant_id'])
|
||||
fwg_db = FirewallGroup(id=uuidutils.generate_uuid(),
|
||||
|
|
|
@ -18,6 +18,7 @@ from neutron.api.v2 import attributes as attr
|
|||
from neutron.api.v2 import resource_helper
|
||||
from neutron.services import service_base
|
||||
from neutron_lib.api import converters
|
||||
from neutron_lib.db import constants as nl_db_constants
|
||||
from neutron_lib import exceptions as nexception
|
||||
import six
|
||||
|
||||
|
@ -190,29 +191,30 @@ RESOURCE_ATTRIBUTE_MAP = {
|
|||
'is_visible': True, 'primary_key': True},
|
||||
'tenant_id': {'allow_post': True, 'allow_put': False,
|
||||
'required_by_policy': True,
|
||||
'validate': {'type:string': attr.TENANT_ID_MAX_LEN},
|
||||
'validate': {'type:string':
|
||||
nl_db_constants.UUID_FIELD_SIZE},
|
||||
'is_visible': True},
|
||||
'name': {'allow_post': True, 'allow_put': True,
|
||||
'validate': {'type:string': attr.NAME_MAX_LEN},
|
||||
'validate': {'type:string': nl_db_constants.NAME_FIELD_SIZE},
|
||||
'is_visible': True, 'default': ''},
|
||||
'description': {'allow_post': True, 'allow_put': True,
|
||||
'validate': {'type:string':
|
||||
attr.DESCRIPTION_MAX_LEN},
|
||||
nl_db_constants.DESCRIPTION_FIELD_SIZE},
|
||||
'is_visible': True, 'default': ''},
|
||||
'firewall_policy_id': {'allow_post': False, 'allow_put': False,
|
||||
'validate': {'type:uuid_or_none': None},
|
||||
'is_visible': True},
|
||||
'public': {'allow_post': True, 'allow_put': True,
|
||||
'default': False, 'convert_to': attr.convert_to_boolean,
|
||||
'is_visible': True, 'required_by_policy': True,
|
||||
'enforce_policy': True},
|
||||
'default': False, 'is_visible': True,
|
||||
'convert_to': converters.convert_to_boolean,
|
||||
'required_by_policy': True, 'enforce_policy': True},
|
||||
'protocol': {'allow_post': True, 'allow_put': True,
|
||||
'is_visible': True, 'default': None,
|
||||
'convert_to': fwaas_v1.convert_protocol,
|
||||
'validate': {'type:values':
|
||||
fwaas_v1.fw_valid_protocol_values}},
|
||||
'ip_version': {'allow_post': True, 'allow_put': True,
|
||||
'default': 4, 'convert_to': attr.convert_to_int,
|
||||
'default': 4, 'convert_to': converters.convert_to_int,
|
||||
'validate': {'type:values': [4, 6]},
|
||||
'is_visible': True},
|
||||
'source_ip_address': {'allow_post': True, 'allow_put': True,
|
||||
|
@ -238,8 +240,8 @@ RESOURCE_ATTRIBUTE_MAP = {
|
|||
fwaas_v1.fw_valid_action_values},
|
||||
'is_visible': True, 'default': 'deny'},
|
||||
'enabled': {'allow_post': True, 'allow_put': True,
|
||||
'default': True, 'convert_to': attr.convert_to_boolean,
|
||||
'is_visible': True},
|
||||
'convert_to': converters.convert_to_boolean,
|
||||
'default': True, 'is_visible': True},
|
||||
},
|
||||
'firewall_groups': {
|
||||
'id': {'allow_post': False, 'allow_put': False,
|
||||
|
@ -247,28 +249,29 @@ RESOURCE_ATTRIBUTE_MAP = {
|
|||
'is_visible': True,
|
||||
'primary_key': True},
|
||||
'name': {'allow_post': True, 'allow_put': True,
|
||||
'validate': {'type:string': attr.NAME_MAX_LEN},
|
||||
'validate': {'type:string': nl_db_constants.NAME_FIELD_SIZE},
|
||||
'is_visible': True, 'default': ''},
|
||||
'description': {'allow_post': True, 'allow_put': True,
|
||||
'validate': {'type:string':
|
||||
attr.DESCRIPTION_MAX_LEN},
|
||||
nl_db_constants.DESCRIPTION_FIELD_SIZE},
|
||||
'is_visible': True, 'default': ''},
|
||||
'admin_state_up': {'allow_post': True, 'allow_put': True,
|
||||
'default': True, 'is_visible': True,
|
||||
'convert_to': converters.convert_to_boolean},
|
||||
'status': {'allow_post': False, 'allow_put': False,
|
||||
'is_visible': True},
|
||||
'public': {'allow_post': True, 'allow_put': True,
|
||||
'default': False, 'convert_to': attr.convert_to_boolean,
|
||||
'public': {'allow_post': True, 'allow_put': True, 'default': False,
|
||||
'convert_to': converters.convert_to_boolean,
|
||||
'is_visible': True, 'required_by_policy': True,
|
||||
'enforce_policy': True},
|
||||
'ports': {'allow_post': True, 'allow_put': True,
|
||||
'validate': {'type:uuid_list': None},
|
||||
'convert_to': attr.convert_none_to_empty_list,
|
||||
'convert_to': converters.convert_none_to_empty_list,
|
||||
'default': None, 'is_visible': True},
|
||||
'tenant_id': {'allow_post': True, 'allow_put': False,
|
||||
'required_by_policy': True,
|
||||
'validate': {'type:string': attr.TENANT_ID_MAX_LEN},
|
||||
'validate': {'type:string':
|
||||
nl_db_constants.UUID_FIELD_SIZE},
|
||||
'is_visible': True},
|
||||
'ingress_firewall_policy_id': {'allow_post': True,
|
||||
'allow_put': True,
|
||||
|
@ -288,25 +291,26 @@ RESOURCE_ATTRIBUTE_MAP = {
|
|||
'primary_key': True},
|
||||
'tenant_id': {'allow_post': True, 'allow_put': False,
|
||||
'required_by_policy': True,
|
||||
'validate': {'type:string': attr.TENANT_ID_MAX_LEN},
|
||||
'validate': {'type:string':
|
||||
nl_db_constants.UUID_FIELD_SIZE},
|
||||
'is_visible': True},
|
||||
'name': {'allow_post': True, 'allow_put': True,
|
||||
'validate': {'type:string': attr.NAME_MAX_LEN},
|
||||
'validate': {'type:string': nl_db_constants.NAME_FIELD_SIZE},
|
||||
'is_visible': True, 'default': ''},
|
||||
'description': {'allow_post': True, 'allow_put': True,
|
||||
'validate': {'type:string':
|
||||
attr.DESCRIPTION_MAX_LEN},
|
||||
nl_db_constants.DESCRIPTION_FIELD_SIZE},
|
||||
'is_visible': True, 'default': ''},
|
||||
'public': {'allow_post': True, 'allow_put': True,
|
||||
'default': False, 'convert_to': attr.convert_to_boolean,
|
||||
'public': {'allow_post': True, 'allow_put': True, 'default': False,
|
||||
'convert_to': converters.convert_to_boolean,
|
||||
'is_visible': True, 'required_by_policy': True,
|
||||
'enforce_policy': True},
|
||||
'firewall_rules': {'allow_post': True, 'allow_put': True,
|
||||
'validate': {'type:uuid_list': None},
|
||||
'convert_to': attr.convert_none_to_empty_list,
|
||||
'convert_to': converters.convert_none_to_empty_list,
|
||||
'default': None, 'is_visible': True},
|
||||
'audited': {'allow_post': True, 'allow_put': True,
|
||||
'default': False, 'convert_to': attr.convert_to_boolean,
|
||||
'audited': {'allow_post': True, 'allow_put': True, 'default': False,
|
||||
'convert_to': converters.convert_to_boolean,
|
||||
'is_visible': True},
|
||||
|
||||
},
|
||||
|
|
|
@ -22,11 +22,12 @@ from oslo_log import helpers as log_helpers
|
|||
from oslo_log import log as logging
|
||||
|
||||
from neutron_fwaas._i18n import _, _LE
|
||||
from neutron_fwaas.common import fwaas_constants as f_const
|
||||
from neutron_fwaas.common import fwaas_constants
|
||||
from neutron_fwaas.common import resources as f_resources
|
||||
from neutron_fwaas.extensions import firewall as fw_ext
|
||||
from neutron_fwaas.services.firewall.agents import firewall_agent_api as api
|
||||
from neutron_fwaas.services.firewall.agents import firewall_service
|
||||
from neutron_lib import constants as nl_constants
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
|
@ -76,7 +77,7 @@ class FWaaSL3AgentExtension(l3_agent_extension.L3AgentCoreResourceExtension):
|
|||
|
||||
self.conn = n_rpc.create_connection()
|
||||
self.conn.create_consumer(
|
||||
f_const.FW_AGENT, self.endpoints, fanout=False)
|
||||
fwaas_constants.FW_AGENT, self.endpoints, fanout=False)
|
||||
return self.conn.consume_in_threads()
|
||||
|
||||
def __init__(self, host, conf):
|
||||
|
@ -105,7 +106,7 @@ class FWaaSL3AgentExtension(l3_agent_extension.L3AgentCoreResourceExtension):
|
|||
self.fwaas_driver = self.fw_service.load_device_drivers()
|
||||
self.services_sync_needed = False
|
||||
# setup RPC to msg fwaas plugin
|
||||
self.fwplugin_rpc = FWaaSL3PluginApi(f_const.FIREWALL_PLUGIN,
|
||||
self.fwplugin_rpc = FWaaSL3PluginApi(fwaas_constants.FIREWALL_PLUGIN,
|
||||
host)
|
||||
|
||||
def _has_router_insertion_fields(self, fw):
|
||||
|
@ -142,7 +143,7 @@ class FWaaSL3AgentExtension(l3_agent_extension.L3AgentCoreResourceExtension):
|
|||
update method for all other status to (re)apply on driver which is
|
||||
Idempotent.
|
||||
"""
|
||||
if fw['status'] == n_const.PENDING_DELETE:
|
||||
if fw['status'] == nl_constants.PENDING_DELETE:
|
||||
try:
|
||||
self.fwaas_driver.delete_firewall(
|
||||
self.conf.agent_mode,
|
||||
|
@ -158,7 +159,7 @@ class FWaaSL3AgentExtension(l3_agent_extension.L3AgentCoreResourceExtension):
|
|||
self.fwplugin_rpc.set_firewall_status(
|
||||
ctx,
|
||||
fw['id'],
|
||||
n_const.ERROR)
|
||||
nl_constants.ERROR)
|
||||
else:
|
||||
# PENDING_UPDATE, PENDING_CREATE, ...
|
||||
try:
|
||||
|
@ -167,14 +168,14 @@ class FWaaSL3AgentExtension(l3_agent_extension.L3AgentCoreResourceExtension):
|
|||
router_info_list,
|
||||
fw)
|
||||
if fw['admin_state_up']:
|
||||
status = n_const.ACTIVE
|
||||
status = nl_constants.ACTIVE
|
||||
else:
|
||||
status = n_const.DOWN
|
||||
status = nl_constants.DOWN
|
||||
except fw_ext.FirewallInternalDriverError:
|
||||
LOG.error(_LE("Firewall Driver Error on fw state %(fwmsg)s "
|
||||
"for fw: %(fwid)s"),
|
||||
{'fwmsg': fw['status'], 'fwid': fw['id']})
|
||||
status = n_const.ERROR
|
||||
status = nl_constants.ERROR
|
||||
|
||||
self.fwplugin_rpc.set_firewall_status(
|
||||
ctx,
|
||||
|
@ -254,10 +255,10 @@ class FWaaSL3AgentExtension(l3_agent_extension.L3AgentCoreResourceExtension):
|
|||
ctx = context.Context('', tenant_id)
|
||||
fw_list = self.fwplugin_rpc.get_firewalls_for_tenant(ctx)
|
||||
for fw in fw_list:
|
||||
if fw['status'] == n_const.PENDING_DELETE:
|
||||
if fw['status'] == nl_constants.PENDING_DELETE:
|
||||
self.delete_firewall(ctx, fw, self.host)
|
||||
# no need to apply sync data for ACTIVE fw
|
||||
elif fw['status'] != n_const.ACTIVE:
|
||||
elif fw['status'] != nl_constants.ACTIVE:
|
||||
self.update_firewall(ctx, fw, self.host)
|
||||
self.services_sync_needed = False
|
||||
except Exception:
|
||||
|
@ -283,14 +284,14 @@ class FWaaSL3AgentExtension(l3_agent_extension.L3AgentCoreResourceExtension):
|
|||
router_info_list,
|
||||
firewall)
|
||||
if firewall['admin_state_up']:
|
||||
status = n_const.ACTIVE
|
||||
status = nl_constants.ACTIVE
|
||||
else:
|
||||
status = n_const.DOWN
|
||||
status = nl_constants.DOWN
|
||||
except fw_ext.FirewallInternalDriverError:
|
||||
LOG.error(_LE("Firewall Driver Error for create_firewall "
|
||||
"for firewall: %(fwid)s"),
|
||||
{'fwid': firewall['id']})
|
||||
status = n_const.ERROR
|
||||
status = nl_constants.ERROR
|
||||
|
||||
try:
|
||||
# send status back to plugin
|
||||
|
@ -330,21 +331,21 @@ class FWaaSL3AgentExtension(l3_agent_extension.L3AgentCoreResourceExtension):
|
|||
router_info_list,
|
||||
firewall)
|
||||
if firewall['last-router']:
|
||||
status = n_const.INACTIVE
|
||||
status = nl_constants.INACTIVE
|
||||
elif firewall['admin_state_up']:
|
||||
status = n_const.ACTIVE
|
||||
status = nl_constants.ACTIVE
|
||||
else:
|
||||
status = n_const.DOWN
|
||||
status = nl_constants.DOWN
|
||||
except fw_ext.FirewallInternalDriverError:
|
||||
LOG.error(_LE("Firewall Driver Error for "
|
||||
"update_firewall for firewall: "
|
||||
"%(fwid)s"),
|
||||
{'fwid': firewall['id']})
|
||||
status = n_const.ERROR
|
||||
status = nl_constants.ERROR
|
||||
|
||||
# handle the add router and/or rule, policy, firewall
|
||||
# attribute updates
|
||||
if status not in (n_const.ERROR, n_const.INACTIVE):
|
||||
if status not in (nl_constants.ERROR, nl_constants.INACTIVE):
|
||||
router_ids = self._get_router_ids_for_fw(context, firewall)
|
||||
if router_ids or firewall['router_ids']:
|
||||
router_info_list = self._get_router_info_list_for_tenant(
|
||||
|
@ -359,17 +360,17 @@ class FWaaSL3AgentExtension(l3_agent_extension.L3AgentCoreResourceExtension):
|
|||
router_info_list,
|
||||
firewall)
|
||||
if firewall['admin_state_up']:
|
||||
status = n_const.ACTIVE
|
||||
status = nl_constants.ACTIVE
|
||||
else:
|
||||
status = n_const.DOWN
|
||||
status = nl_constants.DOWN
|
||||
except fw_ext.FirewallInternalDriverError:
|
||||
LOG.error(_LE("Firewall Driver Error for "
|
||||
"update_firewall for firewall: "
|
||||
"%(fwid)s"),
|
||||
{'fwid': firewall['id']})
|
||||
status = n_const.ERROR
|
||||
status = nl_constants.ERROR
|
||||
else:
|
||||
status = n_const.INACTIVE
|
||||
status = nl_constants.INACTIVE
|
||||
try:
|
||||
# send status back to plugin
|
||||
self.fwplugin_rpc.set_firewall_status(
|
||||
|
@ -404,18 +405,18 @@ class FWaaSL3AgentExtension(l3_agent_extension.L3AgentCoreResourceExtension):
|
|||
router_info_list,
|
||||
firewall)
|
||||
if firewall['admin_state_up']:
|
||||
status = n_const.ACTIVE
|
||||
status = nl_constants.ACTIVE
|
||||
else:
|
||||
status = n_const.DOWN
|
||||
status = nl_constants.DOWN
|
||||
except fw_ext.FirewallInternalDriverError:
|
||||
LOG.error(_LE("Firewall Driver Error for delete_firewall "
|
||||
"for firewall: %(fwid)s"),
|
||||
{'fwid': firewall['id']})
|
||||
status = n_const.ERROR
|
||||
status = nl_constants.ERROR
|
||||
|
||||
try:
|
||||
# send status back to plugin
|
||||
if status in [n_const.ACTIVE, n_const.DOWN]:
|
||||
if status in [nl_constants.ACTIVE, nl_constants.DOWN]:
|
||||
self.fwplugin_rpc.firewall_deleted(context, firewall['id'])
|
||||
else:
|
||||
self.fwplugin_rpc.set_firewall_status(
|
||||
|
|
|
@ -18,8 +18,8 @@ from neutron.agent.linux import ip_lib
|
|||
from neutron.common import rpc as n_rpc
|
||||
from neutron import context
|
||||
from neutron.plugins.common import constants as n_const
|
||||
from neutron_fwaas.common import fwaas_constants as f_const
|
||||
from neutron_lib import constants as lib_constants
|
||||
from neutron_fwaas.common import fwaas_constants
|
||||
from neutron_lib import constants as nl_constants
|
||||
from oslo_config import cfg
|
||||
from oslo_log import helpers as log_helpers
|
||||
from oslo_log import log as logging
|
||||
|
@ -93,7 +93,7 @@ class FWaaSL3AgentExtension(l3_agent_extension.L3AgentCoreResourceExtension):
|
|||
|
||||
self.conn = n_rpc.create_connection()
|
||||
self.conn.create_consumer(
|
||||
f_const.FW_AGENT, self.endpoints, fanout=False)
|
||||
fwaas_constants.FW_AGENT, self.endpoints, fanout=False)
|
||||
return self.conn.consume_in_threads()
|
||||
|
||||
def __init__(self, host, conf):
|
||||
|
@ -122,7 +122,7 @@ class FWaaSL3AgentExtension(l3_agent_extension.L3AgentCoreResourceExtension):
|
|||
self.fwaas_driver = self.fw_service.load_device_drivers()
|
||||
|
||||
self.services_sync_needed = False
|
||||
self.fwplugin_rpc = FWaaSL3PluginApi(f_const.FIREWALL_PLUGIN,
|
||||
self.fwplugin_rpc = FWaaSL3PluginApi(fwaas_constants.FIREWALL_PLUGIN,
|
||||
host)
|
||||
super(FWaaSL3AgentExtension, self).__init__()
|
||||
|
||||
|
@ -187,7 +187,7 @@ class FWaaSL3AgentExtension(l3_agent_extension.L3AgentCoreResourceExtension):
|
|||
update_firewall_group method for all other statuses. Both of these
|
||||
methods are idempotent.
|
||||
"""
|
||||
if firewall_group['status'] == n_const.PENDING_DELETE:
|
||||
if firewall_group['status'] == nl_constants.PENDING_DELETE:
|
||||
try:
|
||||
self.fwaas_driver.delete_firewall_group(
|
||||
self.conf.agent_mode, [port], firewall_group)
|
||||
|
@ -199,15 +199,15 @@ class FWaaSL3AgentExtension(l3_agent_extension.L3AgentCoreResourceExtension):
|
|||
LOG.exception(msg, {'status': firewall_group['status'],
|
||||
'fwg_id': firewall_group['id']})
|
||||
self.fwplugin_rpc.set_firewall_group_status(
|
||||
ctx, firewall_group['id'], n_const.ERROR)
|
||||
ctx, firewall_group['id'], nl_constants.ERROR)
|
||||
else: # PENDING_UPDATE, PENDING_CREATE, ...
|
||||
|
||||
# Prepare firewall group status to return to plugin; may be
|
||||
# overwritten if call to driver fails.
|
||||
if firewall_group['admin_state_up']:
|
||||
status = n_const.ACTIVE
|
||||
status = nl_constants.ACTIVE
|
||||
else:
|
||||
status = n_const.DOWN
|
||||
status = nl_constants.DOWN
|
||||
|
||||
# Call the driver.
|
||||
try:
|
||||
|
@ -219,7 +219,7 @@ class FWaaSL3AgentExtension(l3_agent_extension.L3AgentCoreResourceExtension):
|
|||
"%(fwg_id)s")
|
||||
LOG.exception(msg, {'status': firewall_group['status'],
|
||||
'fwg_id': firewall_group['id']})
|
||||
status = n_const.ERROR
|
||||
status = nl_constants.ERROR
|
||||
|
||||
# Notify the plugin of firewall group's status.
|
||||
self.fwplugin_rpc.set_firewall_group_status(
|
||||
|
@ -245,8 +245,8 @@ class FWaaSL3AgentExtension(l3_agent_extension.L3AgentCoreResourceExtension):
|
|||
fwg_list = self.fwplugin_rpc.get_firewall_groups_for_project(ctx)
|
||||
|
||||
# Apply a firewall group, as requested, to ports on the new router.
|
||||
if lib_constants.INTERFACE_KEY in updated_router:
|
||||
for port in updated_router[lib_constants.INTERFACE_KEY]:
|
||||
if nl_constants.INTERFACE_KEY in updated_router:
|
||||
for port in updated_router[nl_constants.INTERFACE_KEY]:
|
||||
for firewall_group in fwg_list:
|
||||
if (self._has_port_insertion_fields(firewall_group) and
|
||||
(port['id'] in firewall_group['add-port-ids'] or
|
||||
|
@ -313,11 +313,11 @@ class FWaaSL3AgentExtension(l3_agent_extension.L3AgentCoreResourceExtension):
|
|||
fwg_list = \
|
||||
self.fwplugin_rpc.get_firewall_groups_for_project(ctx)
|
||||
for firewall_group in fwg_list:
|
||||
if firewall_group['status'] == n_const.PENDING_DELETE:
|
||||
if firewall_group['status'] == nl_constants.PENDING_DELETE:
|
||||
self.delete_firewall_group(ctx, firewall_group,
|
||||
self.host)
|
||||
# No need to apply sync data for ACTIVE firewall group.
|
||||
elif firewall_group['status'] != n_const.ACTIVE:
|
||||
elif firewall_group['status'] != nl_constants.ACTIVE:
|
||||
self.update_firewall_group(ctx, firewall_group,
|
||||
self.host)
|
||||
self.services_sync_needed = False
|
||||
|
@ -343,9 +343,9 @@ class FWaaSL3AgentExtension(l3_agent_extension.L3AgentCoreResourceExtension):
|
|||
# Set firewall group status; will be overwritten if call to driver
|
||||
# fails.
|
||||
if firewall_group['admin_state_up']:
|
||||
status = n_const.ACTIVE
|
||||
status = nl_constants.ACTIVE
|
||||
else:
|
||||
status = n_const.DOWN
|
||||
status = nl_constants.DOWN
|
||||
|
||||
# Call the driver.
|
||||
try:
|
||||
|
@ -356,7 +356,7 @@ class FWaaSL3AgentExtension(l3_agent_extension.L3AgentCoreResourceExtension):
|
|||
msg = _LE("FWaaS driver error in create_firewall_group "
|
||||
"for firewall group: %(fwg_id)s")
|
||||
LOG.exception(msg, {'fwg_id': firewall_group['id']})
|
||||
status = n_const.ERROR
|
||||
status = nl_constants.ERROR
|
||||
|
||||
# Send firewall group's status to plugin.
|
||||
try:
|
||||
|
@ -392,11 +392,11 @@ class FWaaSL3AgentExtension(l3_agent_extension.L3AgentCoreResourceExtension):
|
|||
# driver fails.
|
||||
|
||||
if firewall_group['admin_state_up']:
|
||||
status = n_const.ACTIVE
|
||||
status = nl_constants.ACTIVE
|
||||
if firewall_group['last-port']:
|
||||
status = n_const.INACTIVE
|
||||
status = nl_constants.INACTIVE
|
||||
else:
|
||||
status = n_const.DOWN
|
||||
status = nl_constants.DOWN
|
||||
|
||||
# Call the driver.
|
||||
try:
|
||||
|
@ -407,11 +407,11 @@ class FWaaSL3AgentExtension(l3_agent_extension.L3AgentCoreResourceExtension):
|
|||
msg = _LE("FWaaS driver error in update_firewall_group "
|
||||
"(add) for firewall group: %s")
|
||||
LOG.exception(msg, firewall_group['id'])
|
||||
status = n_const.ERROR
|
||||
status = nl_constants.ERROR
|
||||
|
||||
# Handle the add router and/or rule, policy, firewall group attribute
|
||||
# updates.
|
||||
if status not in (n_const.ERROR, n_const.INACTIVE):
|
||||
if status not in (nl_constants.ERROR, nl_constants.INACTIVE):
|
||||
ports_for_fwg = self._get_firewall_group_ports(context,
|
||||
firewall_group)
|
||||
if ports_for_fwg:
|
||||
|
@ -424,9 +424,9 @@ class FWaaSL3AgentExtension(l3_agent_extension.L3AgentCoreResourceExtension):
|
|||
# Set firewall group status, which will be overwritten if call
|
||||
# to driver fails.
|
||||
if firewall_group['admin_state_up']:
|
||||
status = n_const.ACTIVE
|
||||
status = nl_constants.ACTIVE
|
||||
else:
|
||||
status = n_const.DOWN
|
||||
status = nl_constants.DOWN
|
||||
|
||||
# Call the driver.
|
||||
try:
|
||||
|
@ -437,9 +437,9 @@ class FWaaSL3AgentExtension(l3_agent_extension.L3AgentCoreResourceExtension):
|
|||
msg = _LE("FWaaS driver error in update_firewall_group "
|
||||
"for firewall group: %s")
|
||||
LOG.exception(msg, firewall_group['id'])
|
||||
status = n_const.ERROR
|
||||
status = nl_constants.ERROR
|
||||
else:
|
||||
status = n_const.INACTIVE
|
||||
status = nl_constants.INACTIVE
|
||||
|
||||
# Return status to plugin.
|
||||
try:
|
||||
|
@ -470,9 +470,9 @@ class FWaaSL3AgentExtension(l3_agent_extension.L3AgentCoreResourceExtension):
|
|||
# Set the firewall group's status to return to plugin; status may be
|
||||
# overwritten if call to driver fails.
|
||||
if firewall_group['admin_state_up']:
|
||||
status = n_const.ACTIVE
|
||||
status = nl_constants.ACTIVE
|
||||
else:
|
||||
status = n_const.DOWN
|
||||
status = nl_constants.DOWN
|
||||
try:
|
||||
self.fwaas_driver.delete_firewall_group(self.conf.agent_mode,
|
||||
ports_for_fwg,
|
||||
|
@ -482,12 +482,12 @@ class FWaaSL3AgentExtension(l3_agent_extension.L3AgentCoreResourceExtension):
|
|||
LOG.exception(_LE("FWaaS driver error in delete_firewall_group "
|
||||
"for firewall group: %(fwg_id)s"),
|
||||
{'fwg_id': firewall_group['id']})
|
||||
status = n_const.ERROR
|
||||
status = nl_constants.ERROR
|
||||
|
||||
# Notify plugin of deletion or return firewall group's status to
|
||||
# plugin, as appopriate.
|
||||
try:
|
||||
if status in [n_const.ACTIVE, n_const.DOWN]:
|
||||
if status in [nl_constants.ACTIVE, nl_constants.DOWN]:
|
||||
self.fwplugin_rpc.firewall_group_deleted(context,
|
||||
firewall_group['id'])
|
||||
else:
|
||||
|
|
|
@ -17,7 +17,7 @@ from neutron.common import rpc as n_rpc
|
|||
from neutron import context as neutron_context
|
||||
from neutron import manager
|
||||
from neutron.plugins.common import constants as n_const
|
||||
from neutron_lib import constants
|
||||
from neutron_lib import constants as nl_constants
|
||||
from oslo_config import cfg
|
||||
from oslo_log import log as logging
|
||||
import oslo_messaging
|
||||
|
@ -43,19 +43,21 @@ class FirewallCallbacks(object):
|
|||
"""Agent uses this to set a firewall's status."""
|
||||
LOG.debug("Setting firewall %s to status: %s" % (firewall_id, status))
|
||||
# Sanitize status first
|
||||
if status in (n_const.ACTIVE, n_const.DOWN, n_const.INACTIVE):
|
||||
if status in (nl_constants.ACTIVE, nl_constants.DOWN,
|
||||
nl_constants.INACTIVE):
|
||||
to_update = status
|
||||
else:
|
||||
to_update = n_const.ERROR
|
||||
to_update = nl_constants.ERROR
|
||||
# ignore changing status if firewall expects to be deleted
|
||||
# That case means that while some pending operation has been
|
||||
# performed on the backend, neutron server received delete request
|
||||
# and changed firewall status to PENDING_DELETE
|
||||
updated = self.plugin.update_firewall_status(
|
||||
context, firewall_id, to_update, not_in=(n_const.PENDING_DELETE,))
|
||||
context, firewall_id, to_update,
|
||||
not_in=(nl_constants.PENDING_DELETE,))
|
||||
if updated:
|
||||
LOG.debug("firewall %s status set: %s" % (firewall_id, to_update))
|
||||
return updated and to_update != n_const.ERROR
|
||||
return updated and to_update != nl_constants.ERROR
|
||||
|
||||
def firewall_deleted(self, context, firewall_id, **kwargs):
|
||||
"""Agent uses this to indicate firewall is deleted."""
|
||||
|
@ -63,14 +65,15 @@ class FirewallCallbacks(object):
|
|||
with context.session.begin(subtransactions=True):
|
||||
fw_db = self.plugin._get_firewall(context, firewall_id)
|
||||
# allow to delete firewalls in ERROR state
|
||||
if fw_db.status in (n_const.PENDING_DELETE, n_const.ERROR):
|
||||
if fw_db.status in (nl_constants.PENDING_DELETE,
|
||||
nl_constants.ERROR):
|
||||
self.plugin.delete_db_firewall_object(context, firewall_id)
|
||||
return True
|
||||
else:
|
||||
LOG.warning(_LW('Firewall %(fw)s unexpectedly deleted by '
|
||||
'agent, status was %(status)s'),
|
||||
{'fw': firewall_id, 'status': fw_db.status})
|
||||
fw_db.update({"status": n_const.ERROR})
|
||||
fw_db.update({"status": nl_constants.ERROR})
|
||||
return False
|
||||
|
||||
def get_firewalls_for_tenant(self, context, **kwargs):
|
||||
|
@ -80,7 +83,7 @@ class FirewallCallbacks(object):
|
|||
for fw in self.plugin.get_firewalls(context):
|
||||
fw_with_rules = self.plugin._make_firewall_dict_with_rules(
|
||||
context, fw['id'])
|
||||
if fw['status'] == n_const.PENDING_DELETE:
|
||||
if fw['status'] == nl_constants.PENDING_DELETE:
|
||||
fw_with_rules['add-router-ids'] = []
|
||||
fw_with_rules['del-router-ids'] = (
|
||||
self.plugin.get_firewall_routers(context, fw['id']))
|
||||
|
@ -162,7 +165,7 @@ class FirewallPlugin(
|
|||
return self.conn.consume_in_threads()
|
||||
|
||||
def _rpc_update_firewall(self, context, firewall_id):
|
||||
status_update = {"firewall": {"status": n_const.PENDING_UPDATE}}
|
||||
status_update = {"firewall": {"status": nl_constants.PENDING_UPDATE}}
|
||||
super(FirewallPlugin, self).update_firewall(context, firewall_id,
|
||||
status_update)
|
||||
fw_with_rules = self._make_firewall_dict_with_rules(context,
|
||||
|
@ -182,9 +185,9 @@ class FirewallPlugin(
|
|||
|
||||
def _ensure_update_firewall(self, context, firewall_id):
|
||||
fwall = self.get_firewall(context, firewall_id)
|
||||
if fwall['status'] in [n_const.PENDING_CREATE,
|
||||
n_const.PENDING_UPDATE,
|
||||
n_const.PENDING_DELETE]:
|
||||
if fwall['status'] in [nl_constants.PENDING_CREATE,
|
||||
nl_constants.PENDING_UPDATE,
|
||||
nl_constants.PENDING_DELETE]:
|
||||
raise fw_ext.FirewallInPendingState(firewall_id=firewall_id,
|
||||
pending_state=fwall['status'])
|
||||
|
||||
|
@ -201,11 +204,10 @@ class FirewallPlugin(
|
|||
fw_rule['firewall_policy_id'])
|
||||
|
||||
def _get_routers_for_create_firewall(self, tenant_id, context, firewall):
|
||||
|
||||
# pop router_id as this goes in the router association db
|
||||
# and not firewall db
|
||||
router_ids = firewall['firewall'].pop('router_ids', None)
|
||||
if router_ids == constants.ATTR_NOT_SPECIFIED:
|
||||
if router_ids == nl_constants.ATTR_NOT_SPECIFIED:
|
||||
# old semantics router-ids keyword not specified pick up
|
||||
# all routers on tenant.
|
||||
l3_plugin = manager.NeutronManager.get_service_plugins().get(
|
||||
|
@ -238,7 +240,7 @@ class FirewallPlugin(
|
|||
if not fw_new_rtrs:
|
||||
# no messaging to agent needed, and fw needs to go
|
||||
# to INACTIVE(no associated rtrs) state.
|
||||
status = n_const.INACTIVE
|
||||
status = nl_constants.INACTIVE
|
||||
fw = super(FirewallPlugin, self).create_firewall(
|
||||
context, firewall, status)
|
||||
fw['router_ids'] = []
|
||||
|
@ -287,13 +289,13 @@ class FirewallPlugin(
|
|||
if not fw_new_rtrs and not fw_current_rtrs:
|
||||
# no messaging to agent needed, and we need to continue
|
||||
# in INACTIVE state
|
||||
firewall['firewall']['status'] = n_const.INACTIVE
|
||||
firewall['firewall']['status'] = nl_constants.INACTIVE
|
||||
fw = super(FirewallPlugin, self).update_firewall(
|
||||
context, id, firewall)
|
||||
fw['router_ids'] = []
|
||||
return fw
|
||||
else:
|
||||
firewall['firewall']['status'] = n_const.PENDING_UPDATE
|
||||
firewall['firewall']['status'] = nl_constants.PENDING_UPDATE
|
||||
fw = super(FirewallPlugin, self).update_firewall(
|
||||
context, id, firewall)
|
||||
fw['router_ids'] = fw_new_rtrs
|
||||
|
@ -332,7 +334,7 @@ class FirewallPlugin(
|
|||
# no routers to delete on the agent side
|
||||
self.delete_db_firewall_object(context, id)
|
||||
else:
|
||||
status = {"firewall": {"status": n_const.PENDING_DELETE}}
|
||||
status = {"firewall": {"status": nl_constants.PENDING_DELETE}}
|
||||
super(FirewallPlugin, self).update_firewall(context, id, status)
|
||||
# Reflect state change in fw_with_rules
|
||||
fw_with_rules['status'] = status['firewall']['status']
|
||||
|
|
|
@ -15,12 +15,12 @@
|
|||
from neutron.common import rpc as n_rpc
|
||||
from neutron import context as neutron_context
|
||||
from neutron import manager
|
||||
from neutron.plugins.common import constants as n_const
|
||||
from neutron_lib import constants as nl_constants
|
||||
from oslo_config import cfg
|
||||
from oslo_log import log as logging
|
||||
import oslo_messaging
|
||||
|
||||
from neutron_fwaas.common import fwaas_constants as f_const
|
||||
from neutron_fwaas.common import fwaas_constants
|
||||
from neutron_fwaas.db.firewall.v2 import firewall_db_v2
|
||||
from neutron_fwaas.extensions import firewall_v2 as fw_ext
|
||||
|
||||
|
@ -67,19 +67,20 @@ class FirewallCallbacks(object):
|
|||
LOG.debug("Setting firewall_group %s to status: %s" % (
|
||||
fwg_id, status))
|
||||
# Sanitize status first
|
||||
if status in (n_const.ACTIVE, n_const.DOWN, n_const.INACTIVE):
|
||||
if status in (nl_constants.ACTIVE, nl_constants.DOWN,
|
||||
nl_constants.INACTIVE):
|
||||
to_update = status
|
||||
else:
|
||||
to_update = n_const.ERROR
|
||||
to_update = nl_constants.ERROR
|
||||
# ignore changing status if firewall_group expects to be deleted
|
||||
# That case means that while some pending operation has been
|
||||
# performed on the backend, neutron server received delete request
|
||||
# and changed firewall status to PENDING_DELETE
|
||||
updated = self.plugin.update_firewall_group_status(
|
||||
context, fwg_id, to_update, not_in=(n_const.PENDING_DELETE,))
|
||||
context, fwg_id, to_update, not_in=(nl_constants.PENDING_DELETE,))
|
||||
if updated:
|
||||
LOG.debug("firewall %s status set: %s" % (fwg_id, to_update))
|
||||
return updated and to_update != n_const.ERROR
|
||||
return updated and to_update != nl_constants.ERROR
|
||||
|
||||
def firewall_group_deleted(self, context, fwg_id, **kwargs):
|
||||
"""Agent uses this to indicate firewall is deleted."""
|
||||
|
@ -87,14 +88,15 @@ class FirewallCallbacks(object):
|
|||
with context.session.begin(subtransactions=True):
|
||||
fwg_db = self.plugin._get_firewall_group(context, fwg_id)
|
||||
# allow to delete firewalls in ERROR state
|
||||
if fwg_db.status in (n_const.PENDING_DELETE, n_const.ERROR):
|
||||
if fwg_db.status in (nl_constants.PENDING_DELETE,
|
||||
nl_constants.ERROR):
|
||||
self.plugin.delete_db_firewall_group_object(context, fwg_id)
|
||||
return True
|
||||
else:
|
||||
LOG.warning(('Firewall %(fw)s unexpectedly deleted by '
|
||||
'agent, status was %(status)s'),
|
||||
{'fwg': fwg_id, 'status': fwg_db.status})
|
||||
fwg_db.update({"status": n_const.ERROR})
|
||||
fwg_db.update({"status": nl_constants.ERROR})
|
||||
return False
|
||||
|
||||
def get_firewall_groups_for_project(self, context, **kwargs):
|
||||
|
@ -104,7 +106,7 @@ class FirewallCallbacks(object):
|
|||
for fwg in self.plugin.get_firewall_groups(context):
|
||||
fwg_with_rules = self.plugin._make_firewall_group_dict_with_rules(
|
||||
context, fwg['id'])
|
||||
if fwg['status'] == n_const.PENDING_DELETE:
|
||||
if fwg['status'] == nl_constants.PENDING_DELETE:
|
||||
fwg_with_rules['add-port-ids'] = []
|
||||
fwg_with_rules['del-port-ids'] = (
|
||||
self.plugin._get_ports_in_firewall_group(context,
|
||||
|
@ -142,7 +144,7 @@ class FirewallPluginV2(
|
|||
self.start_rpc_listeners()
|
||||
|
||||
self.agent_rpc = FirewallAgentApi(
|
||||
f_const.FW_AGENT,
|
||||
fwaas_constants.FW_AGENT,
|
||||
cfg.CONF.host
|
||||
)
|
||||
|
||||
|
@ -155,11 +157,12 @@ class FirewallPluginV2(
|
|||
|
||||
self.conn = n_rpc.create_connection()
|
||||
self.conn.create_consumer(
|
||||
f_const.FIREWALL_PLUGIN, self.endpoints, fanout=False)
|
||||
fwaas_constants.FIREWALL_PLUGIN, self.endpoints, fanout=False)
|
||||
return self.conn.consume_in_threads()
|
||||
|
||||
def _rpc_update_firewall_group(self, context, fwg_id):
|
||||
status_update = {"firewall_group": {"status": n_const.PENDING_UPDATE}}
|
||||
status_update = {"firewall_group": {"status":
|
||||
nl_constants.PENDING_UPDATE}}
|
||||
super(FirewallPluginV2, self).update_firewall_group(
|
||||
context, fwg_id, status_update)
|
||||
fwg_with_rules = self._make_firewall_group_dict_with_rules(context,
|
||||
|
@ -181,9 +184,9 @@ class FirewallPluginV2(
|
|||
|
||||
def _ensure_update_firewall_group(self, context, fwg_id):
|
||||
fwg = self.get_firewall_group(context, fwg_id)
|
||||
if fwg['status'] in [n_const.PENDING_CREATE,
|
||||
n_const.PENDING_UPDATE,
|
||||
n_const.PENDING_DELETE]:
|
||||
if fwg['status'] in [nl_constants.PENDING_CREATE,
|
||||
nl_constants.PENDING_UPDATE,
|
||||
nl_constants.PENDING_DELETE]:
|
||||
raise fw_ext.FirewallGroupInPendingState(firewall_id=fwg_id,
|
||||
pending_state=fwg['status'])
|
||||
|
||||
|
@ -218,7 +221,7 @@ class FirewallPluginV2(
|
|||
if not fwg_ports:
|
||||
# no messaging to agent needed, and fw needs to go
|
||||
# to INACTIVE(no associated ports) state.
|
||||
status = n_const.INACTIVE
|
||||
status = nl_constants.INACTIVE
|
||||
fwg = super(FirewallPluginV2, self).create_firewall_group(
|
||||
context, firewall_group, status)
|
||||
fwg['ports'] = []
|
||||
|
@ -233,7 +236,7 @@ class FirewallPluginV2(
|
|||
if (not fwgrp['ingress_firewall_policy_id'] and
|
||||
not fwgrp['egress_firewall_policy_id']):
|
||||
# No policy configured
|
||||
status = n_const.INACTIVE
|
||||
status = nl_constants.INACTIVE
|
||||
fwg = super(FirewallPluginV2, self).create_firewall_group(
|
||||
context, firewall_group, status)
|
||||
return fwg
|
||||
|
@ -276,13 +279,14 @@ class FirewallPluginV2(
|
|||
if not fwg_new_ports and not fwg_current_ports:
|
||||
# no messaging to agent needed, and we need to continue
|
||||
# in INACTIVE state
|
||||
firewall_group['firewall_group']['status'] = n_const.INACTIVE
|
||||
firewall_group['firewall_group']['status'] = nl_constants.INACTIVE
|
||||
fwg = super(FirewallPluginV2, self).update_firewall_group(
|
||||
context, id, firewall_group)
|
||||
fwg['ports'] = []
|
||||
return fwg
|
||||
else:
|
||||
firewall_group['firewall_group']['status'] = n_const.PENDING_UPDATE
|
||||
firewall_group['firewall_group']['status'] = (nl_constants.
|
||||
PENDING_UPDATE)
|
||||
fwg = super(FirewallPluginV2, self).update_firewall_group(
|
||||
context, id, firewall_group)
|
||||
fwg['ports'] = fwg_new_ports
|
||||
|
@ -321,7 +325,8 @@ class FirewallPluginV2(
|
|||
# no ports, no need to talk to the agent
|
||||
self.delete_db_firewall_group_object(context, id)
|
||||
else:
|
||||
status = {"firewall_group": {"status": n_const.PENDING_DELETE}}
|
||||
status = {"firewall_group":
|
||||
{"status": nl_constants.PENDING_DELETE}}
|
||||
super(FirewallPluginV2, self).update_firewall_group(
|
||||
context, id, status)
|
||||
# Reflect state change in fw_with_rules
|
||||
|
|
|
@ -21,9 +21,8 @@ from tempest.lib.common.utils import data_utils
|
|||
from tempest.lib.common.utils import test_utils
|
||||
from tempest.lib import exceptions as lib_exc
|
||||
|
||||
from neutron.plugins.common import constants as p_const
|
||||
|
||||
from neutron_fwaas.tests.tempest_plugin.services import client
|
||||
from neutron_lib import constants as nl_constants
|
||||
|
||||
CONF = config.CONF
|
||||
|
||||
|
@ -91,13 +90,13 @@ class FWaaSClientMixin(object):
|
|||
|
||||
def delete_firewall_and_wait(self, firewall_id):
|
||||
self.firewalls_client.delete_firewall(firewall_id)
|
||||
self._wait_firewall_while(firewall_id, [p_const.PENDING_DELETE],
|
||||
self._wait_firewall_while(firewall_id, [nl_constants.PENDING_DELETE],
|
||||
not_found_ok=True)
|
||||
|
||||
def _wait_firewall_ready(self, firewall_id):
|
||||
self._wait_firewall_while(firewall_id,
|
||||
[p_const.PENDING_CREATE,
|
||||
p_const.PENDING_UPDATE])
|
||||
[nl_constants.PENDING_CREATE,
|
||||
nl_constants.PENDING_UPDATE])
|
||||
|
||||
def _wait_firewall_while(self, firewall_id, statuses, not_found_ok=False):
|
||||
start = int(time.time())
|
||||
|
|
|
@ -34,6 +34,7 @@ from neutron_fwaas import extensions
|
|||
from neutron_fwaas.extensions import firewall
|
||||
from neutron_fwaas.services.firewall import fwaas_plugin
|
||||
from neutron_fwaas.tests import base
|
||||
from neutron_lib import constants as nl_constants
|
||||
|
||||
DB_FW_PLUGIN_KLASS = (
|
||||
"neutron_fwaas.db.firewall.firewall_db.Firewall_db_mixin"
|
||||
|
@ -1158,7 +1159,7 @@ class TestFirewallDBPlugin(FirewallPluginDbTestCase):
|
|||
context=ctx) as firewall:
|
||||
fw_id = firewall['firewall']['id']
|
||||
fw_db = self.plugin._get_firewall(ctx, fw_id)
|
||||
fw_db['status'] = constants.ACTIVE
|
||||
fw_db['status'] = nl_constants.ACTIVE
|
||||
# update firewall from fwp1 to fwp2(different tenant)
|
||||
data = {'firewall': {'firewall_policy_id': fwp2_id}}
|
||||
req = self.new_update_request('firewalls', data, fw_id,
|
||||
|
|
|
@ -35,6 +35,7 @@ from neutron_fwaas import extensions
|
|||
from neutron_fwaas.extensions import firewall_v2 as firewall
|
||||
from neutron_fwaas.services.firewall import fwaas_plugin_v2
|
||||
from neutron_fwaas.tests import base
|
||||
from neutron_lib import constants as nl_constants
|
||||
|
||||
DB_FW_PLUGIN_KLASS = (
|
||||
"neutron_fwaas.db.firewall.v2.firewall_db_v2.Firewall_db_mixin_v2"
|
||||
|
@ -1200,7 +1201,7 @@ class TestFirewallDBPluginV2(FirewallPluginV2DbTestCase):
|
|||
context=ctx) as firewall:
|
||||
fw_id = firewall['firewall_group']['id']
|
||||
fw_db = self.plugin._get_firewall_group(ctx, fw_id)
|
||||
fw_db['status'] = constants.ACTIVE
|
||||
fw_db['status'] = nl_constants.ACTIVE
|
||||
# update firewall from fwp1 to fwp2(different tenant)
|
||||
data = {'firewall_group':
|
||||
{'ingress_firewall_policy_id': fwp2_id}}
|
||||
|
|
|
@ -33,6 +33,7 @@ from neutron_fwaas.services.firewall import fwaas_plugin
|
|||
from neutron_fwaas.tests import base
|
||||
from neutron_fwaas.tests.unit.db.firewall import (
|
||||
test_firewall_db as test_db_firewall)
|
||||
from neutron_lib import constants as nl_constants
|
||||
|
||||
extensions_path = neutron_fwaas.extensions.__path__[0]
|
||||
|
||||
|
@ -146,15 +147,15 @@ class TestFirewallCallbacks(TestFirewallRouterInsertionBase):
|
|||
) as fw:
|
||||
fw_id = fw['firewall']['id']
|
||||
res = self.callbacks.set_firewall_status(ctx, fw_id,
|
||||
const.ACTIVE,
|
||||
nl_constants.ACTIVE,
|
||||
host='dummy')
|
||||
fw_db = self.plugin.get_firewall(ctx, fw_id)
|
||||
self.assertEqual(const.ACTIVE, fw_db['status'])
|
||||
self.assertEqual(nl_constants.ACTIVE, fw_db['status'])
|
||||
self.assertTrue(res)
|
||||
res = self.callbacks.set_firewall_status(ctx, fw_id,
|
||||
const.ERROR)
|
||||
nl_constants.ERROR)
|
||||
fw_db = self.plugin.get_firewall(ctx, fw_id)
|
||||
self.assertEqual(const.ERROR, fw_db['status'])
|
||||
self.assertEqual(nl_constants.ERROR, fw_db['status'])
|
||||
self.assertFalse(res)
|
||||
|
||||
def test_set_firewall_status_pending_delete(self):
|
||||
|
@ -167,13 +168,13 @@ class TestFirewallCallbacks(TestFirewallRouterInsertionBase):
|
|||
) as fw:
|
||||
fw_id = fw['firewall']['id']
|
||||
fw_db = self.plugin._get_firewall(ctx, fw_id)
|
||||
fw_db['status'] = const.PENDING_DELETE
|
||||
fw_db['status'] = nl_constants.PENDING_DELETE
|
||||
ctx.session.flush()
|
||||
res = self.callbacks.set_firewall_status(ctx, fw_id,
|
||||
const.ACTIVE,
|
||||
nl_constants.ACTIVE,
|
||||
host='dummy')
|
||||
fw_db = self.plugin.get_firewall(ctx, fw_id)
|
||||
self.assertEqual(const.PENDING_DELETE, fw_db['status'])
|
||||
self.assertEqual(nl_constants.PENDING_DELETE, fw_db['status'])
|
||||
self.assertFalse(res)
|
||||
|
||||
def test_firewall_deleted(self):
|
||||
|
@ -186,7 +187,7 @@ class TestFirewallCallbacks(TestFirewallRouterInsertionBase):
|
|||
fw_id = fw['firewall']['id']
|
||||
with ctx.session.begin(subtransactions=True):
|
||||
fw_db = self.plugin._get_firewall(ctx, fw_id)
|
||||
fw_db['status'] = const.PENDING_DELETE
|
||||
fw_db['status'] = nl_constants.PENDING_DELETE
|
||||
ctx.session.flush()
|
||||
res = self.callbacks.firewall_deleted(ctx, fw_id,
|
||||
host='dummy')
|
||||
|
@ -208,7 +209,7 @@ class TestFirewallCallbacks(TestFirewallRouterInsertionBase):
|
|||
host='dummy')
|
||||
self.assertFalse(res)
|
||||
fw_db = self.plugin._get_firewall(ctx, fw_id)
|
||||
self.assertEqual(const.ERROR, fw_db['status'])
|
||||
self.assertEqual(nl_constants.ERROR, fw_db['status'])
|
||||
|
||||
def test_get_firewall_for_tenant(self):
|
||||
tenant_id = 'test-tenant'
|
||||
|
@ -313,7 +314,7 @@ class TestFirewallPluginBase(TestFirewallRouterInsertionBase,
|
|||
with self.router(name='router2', admin_state_up=True,
|
||||
tenant_id=self._tenant_id):
|
||||
with self.firewall() as fw1:
|
||||
self.assertEqual(const.PENDING_CREATE,
|
||||
self.assertEqual(nl_constants.PENDING_CREATE,
|
||||
fw1['firewall']['status'])
|
||||
|
||||
def test_create_firewall_routers_specified(self):
|
||||
|
@ -324,7 +325,7 @@ class TestFirewallPluginBase(TestFirewallRouterInsertionBase,
|
|||
tenant_id=self._tenant_id) as router2:
|
||||
router_ids = [router1['router']['id'], router2['router']['id']]
|
||||
with self.firewall(router_ids=router_ids) as fw1:
|
||||
self.assertEqual(const.PENDING_CREATE,
|
||||
self.assertEqual(nl_constants.PENDING_CREATE,
|
||||
fw1['firewall']['status'])
|
||||
|
||||
def test_create_firewall_routers_present_empty_list_specified(self):
|
||||
|
@ -335,14 +336,14 @@ class TestFirewallPluginBase(TestFirewallRouterInsertionBase,
|
|||
tenant_id=self._tenant_id):
|
||||
router_ids = []
|
||||
with self.firewall(router_ids=router_ids) as fw1:
|
||||
self.assertEqual(const.INACTIVE,
|
||||
self.assertEqual(nl_constants.INACTIVE,
|
||||
fw1['firewall']['status'])
|
||||
|
||||
def test_create_firewall_no_routers_empty_list_specified(self):
|
||||
"""neutron firewall-create test-policy --router-ids "" """
|
||||
router_ids = []
|
||||
with self.firewall(router_ids=router_ids) as fw1:
|
||||
self.assertEqual(const.INACTIVE,
|
||||
self.assertEqual(nl_constants.INACTIVE,
|
||||
fw1['firewall']['status'])
|
||||
|
||||
def test_create_second_firewall_on_same_tenant(self):
|
||||
|
@ -354,9 +355,9 @@ class TestFirewallPluginBase(TestFirewallRouterInsertionBase,
|
|||
router_ids = []
|
||||
with self.firewall() as fw1:
|
||||
with self.firewall(router_ids=router_ids) as fw2:
|
||||
self.assertEqual(const.PENDING_CREATE,
|
||||
self.assertEqual(nl_constants.PENDING_CREATE,
|
||||
fw1['firewall']['status'])
|
||||
self.assertEqual(const.INACTIVE,
|
||||
self.assertEqual(nl_constants.INACTIVE,
|
||||
fw2['firewall']['status'])
|
||||
|
||||
def test_create_firewall_admin_not_affected_by_other_tenant(self):
|
||||
|
@ -383,14 +384,16 @@ class TestFirewallPluginBase(TestFirewallRouterInsertionBase,
|
|||
) as firewall:
|
||||
fw_id = firewall['firewall']['id']
|
||||
res = self.callbacks.set_firewall_status(ctx, fw_id,
|
||||
const.ACTIVE)
|
||||
nl_constants.ACTIVE)
|
||||
data = {'firewall': {'name': name}}
|
||||
req = self.new_update_request('firewalls', data, fw_id)
|
||||
res = self.deserialize(self.fmt,
|
||||
req.get_response(self.ext_api))
|
||||
attrs = self._replace_firewall_status(attrs,
|
||||
const.PENDING_CREATE,
|
||||
const.PENDING_UPDATE)
|
||||
nl_constants.
|
||||
PENDING_CREATE,
|
||||
nl_constants.
|
||||
PENDING_UPDATE)
|
||||
for k, v in six.iteritems(attrs):
|
||||
self.assertEqual(v, res['firewall'][k])
|
||||
|
||||
|
@ -436,8 +439,10 @@ class TestFirewallPluginBase(TestFirewallRouterInsertionBase,
|
|||
res = self.deserialize(self.fmt,
|
||||
req.get_response(self.ext_api))
|
||||
attrs = self._replace_firewall_status(attrs,
|
||||
const.PENDING_CREATE,
|
||||
const.PENDING_UPDATE)
|
||||
nl_constants.
|
||||
PENDING_CREATE,
|
||||
nl_constants.
|
||||
PENDING_UPDATE)
|
||||
for k, v in six.iteritems(attrs):
|
||||
self.assertEqual(v, res['firewall'][k])
|
||||
|
||||
|
@ -456,7 +461,7 @@ class TestFirewallPluginBase(TestFirewallRouterInsertionBase,
|
|||
) as firewall:
|
||||
fw_id = firewall['firewall']['id']
|
||||
self.callbacks.set_firewall_status(ctx, fw_id,
|
||||
const.ACTIVE)
|
||||
nl_constants.ACTIVE)
|
||||
data = {'firewall': {'shared': True}}
|
||||
req = self.new_update_request(
|
||||
'firewalls', data, fw_id,
|
||||
|
|
|
@ -29,6 +29,7 @@ from neutron_fwaas.services.firewall import fwaas_plugin_v2
|
|||
from neutron_fwaas.tests import base
|
||||
from neutron_fwaas.tests.unit.db.firewall.v2 import (
|
||||
test_firewall_db_v2 as test_db_firewall)
|
||||
from neutron_lib import constants as nl_constants
|
||||
|
||||
extensions_path = neutron_fwaas.extensions.__path__[0]
|
||||
|
||||
|
@ -146,15 +147,15 @@ class TestFirewallCallbacks(TestFirewallRouterPortBase):
|
|||
) as fwg:
|
||||
fwg_id = fwg['firewall_group']['id']
|
||||
res = self.callbacks.set_firewall_group_status(ctx, fwg_id,
|
||||
const.ACTIVE,
|
||||
nl_constants.ACTIVE,
|
||||
host='dummy')
|
||||
fwg_db = self.plugin.get_firewall_group(ctx, fwg_id)
|
||||
self.assertEqual(const.ACTIVE, fwg_db['status'])
|
||||
self.assertEqual(nl_constants.ACTIVE, fwg_db['status'])
|
||||
self.assertTrue(res)
|
||||
res = self.callbacks.set_firewall_group_status(ctx, fwg_id,
|
||||
const.ERROR)
|
||||
nl_constants.ERROR)
|
||||
fwg_db = self.plugin.get_firewall_group(ctx, fwg_id)
|
||||
self.assertEqual(const.ERROR, fwg_db['status'])
|
||||
self.assertEqual(nl_constants.ERROR, fwg_db['status'])
|
||||
self.assertFalse(res)
|
||||
|
||||
|
||||
|
@ -177,7 +178,7 @@ class TestFirewallPluginBasev2(TestFirewallRouterPortBase,
|
|||
ingress_firewall_policy_id=fwp_id,
|
||||
egress_firewall_policy_id=fwp_id,
|
||||
admin_state_up=True) as fwg1:
|
||||
self.assertEqual(const.INACTIVE,
|
||||
self.assertEqual(nl_constants.INACTIVE,
|
||||
fwg1['firewall_group']['status'])
|
||||
|
||||
def test_create_firewall_group_with_ports(self):
|
||||
|
@ -208,7 +209,7 @@ class TestFirewallPluginBasev2(TestFirewallRouterPortBase,
|
|||
ingress_firewall_policy_id=fwp_id,
|
||||
egress_firewall_policy_id=fwp_id, ports=fwg_ports,
|
||||
admin_state_up=True) as fwg1:
|
||||
self.assertEqual(const.PENDING_CREATE,
|
||||
self.assertEqual(nl_constants.PENDING_CREATE,
|
||||
fwg1['firewall_group']['status'])
|
||||
|
||||
self._router_interface_action('remove',
|
||||
|
@ -260,7 +261,7 @@ class TestFirewallPluginBasev2(TestFirewallRouterPortBase,
|
|||
egress_firewall_policy_id=fwp_id,
|
||||
ports=fwg_ports,
|
||||
admin_state_up=True) as fwg1:
|
||||
self.assertEqual(const.PENDING_CREATE,
|
||||
self.assertEqual(nl_constants.PENDING_CREATE,
|
||||
fwg1['firewall_group']['status'])
|
||||
|
||||
self._router_interface_action('remove',
|
||||
|
@ -304,7 +305,7 @@ class TestFirewallPluginBasev2(TestFirewallRouterPortBase,
|
|||
default_policy=False,
|
||||
ports=fwg_ports,
|
||||
admin_state_up=True) as fwg1:
|
||||
self.assertEqual(const.INACTIVE,
|
||||
self.assertEqual(nl_constants.INACTIVE,
|
||||
fwg1['firewall_group']['status'])
|
||||
|
||||
self._router_interface_action('remove',
|
||||
|
@ -352,7 +353,7 @@ class TestFirewallPluginBasev2(TestFirewallRouterPortBase,
|
|||
default_policy=False,
|
||||
ports=fwg_ports,
|
||||
admin_state_up=True) as fwg1:
|
||||
self.assertEqual(const.INACTIVE,
|
||||
self.assertEqual(nl_constants.INACTIVE,
|
||||
fwg1['firewall_group']['status'])
|
||||
data = {'firewall_group': {'ports': [port_id2, port_id3]}}
|
||||
req = self.new_update_request('firewall_groups', data,
|
||||
|
@ -410,7 +411,7 @@ class TestFirewallPluginBasev2(TestFirewallRouterPortBase,
|
|||
ingress_firewall_policy_id=fwp_id,
|
||||
egress_firewall_policy_id=fwp_id, ports=fwg_ports,
|
||||
admin_state_up=True) as fwg1:
|
||||
self.assertEqual(const.PENDING_CREATE,
|
||||
self.assertEqual(nl_constants.PENDING_CREATE,
|
||||
fwg1['firewall_group']['status'])
|
||||
data = {'firewall_group': {'ports': [port_id2, port_id3]}}
|
||||
req = self.new_update_request('firewall_groups', data,
|
||||
|
@ -464,12 +465,12 @@ class TestFirewallPluginBasev2(TestFirewallRouterPortBase,
|
|||
ingress_firewall_policy_id=fwp_id,
|
||||
egress_firewall_policy_id=fwp_id, ports=fwg_ports,
|
||||
admin_state_up=True) as fwg1:
|
||||
self.assertEqual(const.PENDING_CREATE,
|
||||
self.assertEqual(nl_constants.PENDING_CREATE,
|
||||
fwg1['firewall_group']['status'])
|
||||
|
||||
ctx = context.get_admin_context()
|
||||
self.callbacks.set_firewall_group_status(ctx,
|
||||
fwg1['firewall_group']['id'], const.ACTIVE)
|
||||
fwg1['firewall_group']['id'], nl_constants.ACTIVE)
|
||||
data = {'firewall_group': {'ports': [port_id2, port_id3]}}
|
||||
req = self.new_update_request('firewall_groups', data,
|
||||
fwg1['firewall_group']['id'])
|
||||
|
@ -510,12 +511,12 @@ class TestFirewallPluginBasev2(TestFirewallRouterPortBase,
|
|||
ingress_firewall_policy_id=fwp_id,
|
||||
egress_firewall_policy_id=fwp_id, ports=[port_id1],
|
||||
admin_state_up=True) as fwg1:
|
||||
self.assertEqual(const.PENDING_CREATE,
|
||||
self.assertEqual(nl_constants.PENDING_CREATE,
|
||||
fwg1['firewall_group']['status'])
|
||||
|
||||
ctx = context.get_admin_context()
|
||||
self.callbacks.set_firewall_group_status(ctx,
|
||||
fwg1['firewall_group']['id'], const.ACTIVE)
|
||||
fwg1['firewall_group']['id'], nl_constants.ACTIVE)
|
||||
data = {'firewall_rule': {'name': name}}
|
||||
req = self.new_update_request('firewall_rules', data,
|
||||
fwr['firewall_rule']['id'])
|
||||
|
@ -551,7 +552,7 @@ class TestFirewallPluginBasev2(TestFirewallRouterPortBase,
|
|||
ingress_firewall_policy_id=fwp_id,
|
||||
egress_firewall_policy_id=fwp_id, ports=[port_id1],
|
||||
admin_state_up=True) as fwg1:
|
||||
self.assertEqual(const.PENDING_CREATE,
|
||||
self.assertEqual(nl_constants.PENDING_CREATE,
|
||||
fwg1['firewall_group']['status'])
|
||||
|
||||
data = {'firewall_rule': {'name': name}}
|
||||
|
|
Loading…
Reference in New Issue