Setuptools v54.1.0 introduces a warning that the use of
dash-separated options in 'setup.cfg' will not be supported
in a future version [1].
Get ahead of the issue by replacing the dashes with underscores.
Without this, we see 'UserWarning' messages
like the following on new enough
versions of setuptools:
UserWarning: Usage of dash-separated 'description-file' will not be
supported in future versions. Please use the underscore name
'description_file' instead
[1] https://github.com/pypa/setuptools/commit/a2e9ae4cb
Change-Id: If3a6ae3ae3d8d4e87fcb864ba2edf4d1aba6b25e
Library "distutils" will be marked as deprecated in Python 3.10:
https://peps.python.org/pep-0386/
This patch does the following replacements, that provide the same
functionality and API:
- distutils.spawn.find_executable -> shutil.which
Change-Id: Ib9cf36a70b6e5aba93f87e6be5c2636599166de2
Closes-Bug: #1973780
Neutron code migrated to SQLAlchemy 2.0[1], the goal of this
patch is to make the fwaas plugin code compliant with
SQLAlchemy 2.0.
[1] https://review.opendev.org/c/openstack/neutron/+/833247
Related-Bug: #1964575
Change-Id: If3e996740d4b5024e9c798227d0a58ceb09eb1d6
In Zed cycle, we have dropped the python 3.6/3.7[1] testing
and its support. Add release notes and update the python
classifier for the same.
[1] https://governance.openstack.org/tc/reference/runtimes/zed.html
Change-Id: Ib04b560408ccf22c86e899e15fbcbe86b53f636e
When apply firewall group to a port with rule have dest port large than
source port, neutron-openvswitch-agent raise error 'port_max' is smaller
than 'port_min'. It because key 'port_range_max' is assigned by
source_port_range_max. Fix hard code 'port_range_max' to key_max.
Change-Id: I32d9efd857932547a13d275b8a4f294e03fe7535
Closes-Bug: #1869121
All setUp and tearDown methods must upcall using the super()
method.tearDown methods should be avoided and addCleanup calls
should be preferred[1].
[1] https://github.com/openstack/neutron/blob/master/HACKING.rst
Change-Id: Idef345a44cc9f926c61af342729736d1f9245036
This reverts commit caae7b6a6f5e8944dbe359b6472be2507bbf5e12.
Reason for revert:
Many users still need L3 firewalls and Inspur team wants to maintain
this project.
Neutron drivers team discussed the topic of the maintenance of
neutron-fwaas, and agreed to include neutron-fwaas again to Neutron
stadium[1].
Some updates have been made:
Remove use "autonested_transaction" method, see more [2]
Replace "neutron_lib.callbacks.registry.notify" with "registry.publish"
Replace rootwrap execution with privsep context execution.
Ensure db Models and migration scripts are sync, set table
firewall_group_port_associations_v2's two columns nullable=False
[1] https://meetings.opendev.org/meetings/neutron_drivers/2022/neutron_drivers.2022-01-28-14.00.log.html#l-14
[2] https://review.opendev.org/c/openstack/neutron-lib/+/761728
Change-Id: I14f551c199d9badcf25b9e65c954c012326d27cd
It's sad but as we still don't have any maintainers for this project,
I think it's time to start process of deprecating this as part of
the Neutron stadium.
Change-Id: I8c8fc6b5ab8a169a0f4a7d77153bb1dfc1530b8e
1. It's Ussuri. We can *finally* stop testing Python 2 [1]. Time to party.
We don't attempt any cleanup but simply stop testing with Python 2,
indicate that we only support Python 3 via 'setup.cfg' and remove any
Python 2 only dependencies.
This should free up a significant amount of resources from the gate and
let us start using Python 3 idioms in our code. Win-win.
2. Cleanup basepython from individual testenv sections
3. From this point on the codebase will be incompatible with python2
[1] https://governance.openstack.org/tc/resolutions/20180529-python2-deprecation-timeline.html#python2-deprecation-timeline
Change-Id: Ia08c363263aaa406d0bf55e10ce8258695387578
- pbr hasn't need the hook configuration since forever [1]
- Remove the 'wheel' group
[1] c84876dc0f
Change-Id: Ic448d7d0f4fb906a4ded14aadaf119dce7ab43d7
All projects should be switched to use stestr already. In
neutron-fwaas it is already done but there were some leftovers
after os-testr and this commit removes them.
Change-Id: I7d0c72d1327eedcfd309ec4c346064d0adad6008
The module reference in PDF doc is not easy to read
and the HTML version is much better, so I decided to show
the module reference in HTML doc only.
Change-Id: I914d26ce1b430573020c78af54a38598ae96886b
Story: 2006099
Task: 35129
L3AgentExtensionAPI now takes the new parameter 'router_factory'.
This API change breaks the test cases, so pass None to initialize
the class to aovid the failure.
Depends-On: https://review.openstack.org/#/c/620349/
Change-Id: Iaf3a8071eb6eec8c0c7240d1a0a5d057f7b152d2
Add new options to neutron_fwaas.conf for using in Default firewall group
rules. Separate ingress and egress: action, source ipv4, source ipv6,
source port, destination ipv4, destination ipv6, destination port.
Shared options for ingress and egress: protocol, enabled and shared.
New options are used in _create_default_firewall_rules and default
value are same as before this change, ingress (deny all),
egress (allow all).
Change-Id: Ic48872f3b7dfd4a87065799b7d3656de3d06e4c3
Closes-Bug: #1799358
When restarting l3 agent, it will detect whether the
router is updated. If the port in the firewall group is
not updated, it will also change its status. This patch
skips updating the status of firewall group which has no ports.
Change-Id: Ife294430409a9fb2944917a28a08323f41c89c0d
Closes-Bug:#1783327
When updating only the policy in firewall group, the 'del-port-ids'
and 'add-port-ids' return empty list, which causes the fwg status
to be inactive and iptables in the router namespace are not changed.
This patch fixes the above problem.
Change-Id: I1a4bc0a8258fbbc340825cccb6d287c94304d3c5
Closes-Bug: #1836015
If 'local_output_log_base' is specified, logging can use the
'logging_default_format_string' configuration in l3_agent.ini
like ovs firewall log. It can also set the log level based on
whether debug is enabled.
Change-Id: I7f10361b41acf58987399ea9e0c5720a9129a39b
Old job name was "legacy-neutron-fwaas-v2-dsvm-tempest-multinode",
new name is "neutron-fwaas-v2-dsvm-tempest-multinode"
Change-Id: Ia717bbac366bbd067e65a3895bb2ffb3aded75b7
When removing a port from the firewall group, the last port is detected as
true or false based on the old port and the new port, but it ignores the
specific number of ports, which causes the fwg status to be inactive regardless
of whether there is a port after the firewall group is reset.
Change-Id: I887e06893f3e11031548767272e95afee40462d8
Closes-Bug: #1817455
As privsep communicates with main process via socket, data passed
through this socket must be string type in Python 3. This patch
converts bytes to string, then privsep works correctly.
Change-Id: Ia6fa9a230853311849e327029ef7f0ad7d5d0451
