rehome allowedaddresspairs API definition
This patch rehomes neutron.extensions.allowedaddresspairs into neutron-lib including API def, exceptions and validator. UTs and a release note are also included. Change-Id: I7958a2d6f470f088ca2cb8ad638c075788f22851
This commit is contained in:
parent
5876ff6e44
commit
6769e787a1
|
@ -12,6 +12,7 @@
|
|||
|
||||
from neutron_lib.api.definitions import address_scope
|
||||
from neutron_lib.api.definitions import agent
|
||||
from neutron_lib.api.definitions import allowedaddresspairs
|
||||
from neutron_lib.api.definitions import auto_allocated_topology
|
||||
from neutron_lib.api.definitions import bgpvpn
|
||||
from neutron_lib.api.definitions import bgpvpn_routes_control
|
||||
|
@ -42,6 +43,7 @@ from neutron_lib.api.definitions import trunk_details
|
|||
_ALL_API_DEFINITIONS = {
|
||||
address_scope,
|
||||
agent,
|
||||
allowedaddresspairs,
|
||||
auto_allocated_topology,
|
||||
bgpvpn,
|
||||
bgpvpn_routes_control,
|
||||
|
|
|
@ -0,0 +1,53 @@
|
|||
# Copyright 2013 VMware, Inc. All rights reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from neutron_lib.api import converters
|
||||
from neutron_lib.api.definitions import port
|
||||
from neutron_lib.api import validators
|
||||
from neutron_lib.api.validators import allowedaddresspairs as addr_validation
|
||||
from neutron_lib import constants
|
||||
|
||||
validators.add_validator('allowed_address_pairs',
|
||||
addr_validation._validate_allowed_address_pairs)
|
||||
|
||||
|
||||
ADDRESS_PAIRS = 'allowed_address_pairs'
|
||||
ALIAS = 'allowed-address-pairs'
|
||||
LABEL = ALIAS
|
||||
IS_SHIM_EXTENSION = False
|
||||
IS_STANDARD_ATTR_EXTENSION = False
|
||||
NAME = 'Allowed Address Pairs'
|
||||
API_PREFIX = ''
|
||||
DESCRIPTION = 'Provides allowed address pairs'
|
||||
UPDATED_TIMESTAMP = '2013-07-23T10:00:00-00:00'
|
||||
RESOURCE_NAME = port.RESOURCE_NAME
|
||||
COLLECTION_NAME = port.COLLECTION_NAME
|
||||
RESOURCE_ATTRIBUTE_MAP = {
|
||||
COLLECTION_NAME: {
|
||||
ADDRESS_PAIRS: {
|
||||
'allow_post': True, 'allow_put': True,
|
||||
'convert_to': converters.convert_none_to_empty_list,
|
||||
'convert_list_to':
|
||||
converters.convert_kvp_list_to_dict,
|
||||
'validate': {'type:allowed_address_pairs': None},
|
||||
'enforce_policy': True,
|
||||
'default': constants.ATTR_NOT_SPECIFIED,
|
||||
'is_visible': True},
|
||||
}
|
||||
}
|
||||
SUB_RESOURCE_ATTRIBUTE_MAP = {}
|
||||
ACTION_MAP = {}
|
||||
REQUIRED_EXTENSIONS = []
|
||||
OPTIONAL_EXTENSIONS = []
|
||||
ACTION_STATUS = {}
|
|
@ -0,0 +1,81 @@
|
|||
# Copyright 2013 VMware, Inc. All rights reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_config import cfg
|
||||
from webob import exc
|
||||
|
||||
from neutron_lib._i18n import _
|
||||
from neutron_lib.api import validators
|
||||
from neutron_lib.exceptions import allowedaddresspairs as exceptions
|
||||
|
||||
|
||||
def _validate_allowed_address_pairs(address_pairs, valid_values=None):
|
||||
"""Validates a list of allowed address pair dicts.
|
||||
|
||||
Validation herein requires the caller to have registered the
|
||||
max_allowed_address_pair oslo config option in the global CONF prior
|
||||
to having this validator used.
|
||||
|
||||
:param address_pairs: A list of address pair dicts to validate.
|
||||
:param valid_values: Not used.
|
||||
:returns: None
|
||||
:raises: AllowedAddressPairExhausted if the address pairs requested
|
||||
exceeds cfg.CONF.max_allowed_address_pair. AllowedAddressPairsMissingIP
|
||||
if any address pair dicts are missing and IP address.
|
||||
DuplicateAddressPairInRequest if duplicated IPs are in the list of
|
||||
address pair dicts. Otherwise a HTTPBadRequest is raised if any of
|
||||
the address pairs are invalid.
|
||||
"""
|
||||
unique_check = {}
|
||||
if not isinstance(address_pairs, list):
|
||||
raise exc.HTTPBadRequest(
|
||||
_("Allowed address pairs must be a list."))
|
||||
if len(address_pairs) > cfg.CONF.max_allowed_address_pair:
|
||||
raise exceptions.AllowedAddressPairExhausted(
|
||||
quota=cfg.CONF.max_allowed_address_pair)
|
||||
|
||||
for address_pair in address_pairs:
|
||||
msg = validators.validate_dict(address_pair)
|
||||
if msg:
|
||||
return msg
|
||||
# mac_address is optional, if not set we use the mac on the port
|
||||
if 'mac_address' in address_pair:
|
||||
msg = validators.validate_mac_address(address_pair['mac_address'])
|
||||
if msg:
|
||||
raise exc.HTTPBadRequest(msg)
|
||||
if 'ip_address' not in address_pair:
|
||||
raise exceptions.AllowedAddressPairsMissingIP()
|
||||
|
||||
mac = address_pair.get('mac_address')
|
||||
ip_address = address_pair['ip_address']
|
||||
if (mac, ip_address) not in unique_check:
|
||||
unique_check[(mac, ip_address)] = None
|
||||
else:
|
||||
raise exceptions.DuplicateAddressPairInRequest(
|
||||
mac_address=mac, ip_address=ip_address)
|
||||
|
||||
invalid_attrs = set(address_pair.keys()) - set(['mac_address',
|
||||
'ip_address'])
|
||||
if invalid_attrs:
|
||||
msg = (_("Unrecognized attribute(s) '%s'") %
|
||||
', '.join(set(address_pair.keys()) -
|
||||
set(['mac_address', 'ip_address'])))
|
||||
raise exc.HTTPBadRequest(msg)
|
||||
|
||||
if '/' in ip_address:
|
||||
msg = validators.validate_subnet(ip_address)
|
||||
else:
|
||||
msg = validators.validate_ip_address(ip_address)
|
||||
if msg:
|
||||
raise exc.HTTPBadRequest(msg)
|
|
@ -0,0 +1,35 @@
|
|||
# Copyright 2013 VMware, Inc. All rights reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from neutron_lib._i18n import _
|
||||
from neutron_lib import exceptions
|
||||
|
||||
|
||||
class AllowedAddressPairsMissingIP(exceptions.InvalidInput):
|
||||
message = _("AllowedAddressPair must contain ip_address")
|
||||
|
||||
|
||||
class AddressPairAndPortSecurityRequired(exceptions.Conflict):
|
||||
message = _("Port Security must be enabled in order to have allowed "
|
||||
"address pairs on a port.")
|
||||
|
||||
|
||||
class DuplicateAddressPairInRequest(exceptions.InvalidInput):
|
||||
message = _("Request contains duplicate address pair: "
|
||||
"mac_address %(mac_address)s ip_address %(ip_address)s.")
|
||||
|
||||
|
||||
class AllowedAddressPairExhausted(exceptions.BadRequest):
|
||||
message = _("The number of allowed address pair "
|
||||
"exceeds the maximum %(quota)s.")
|
|
@ -0,0 +1,20 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from neutron_lib.api.definitions import allowedaddresspairs
|
||||
from neutron_lib.tests.unit.api.definitions import base
|
||||
|
||||
|
||||
class AllowedAddressPairsDefinitionTestCase(base.DefinitionBaseTestCase):
|
||||
extension_module = allowedaddresspairs
|
||||
extension_resources = ()
|
||||
extension_attributes = (allowedaddresspairs.ADDRESS_PAIRS,)
|
|
@ -0,0 +1,95 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import mock
|
||||
from oslo_config import cfg
|
||||
from webob import exc
|
||||
|
||||
from neutron_lib.api.validators import allowedaddresspairs as validator
|
||||
from neutron_lib.exceptions import allowedaddresspairs as addr_exc
|
||||
from neutron_lib.tests import _base as base
|
||||
|
||||
|
||||
class TestAllowedAddressPairs(base.BaseTestCase):
|
||||
|
||||
def test__validate_allowed_address_pairs_not_a_list(self):
|
||||
for d in [{}, set(), 'abc', True, 1]:
|
||||
self.assertRaisesRegex(
|
||||
exc.HTTPBadRequest, 'must be a list',
|
||||
validator._validate_allowed_address_pairs, d)
|
||||
|
||||
@mock.patch.object(cfg, 'CONF')
|
||||
def test__validate_allowed_address_pairs_exhausted(self, mock_conf):
|
||||
mock_conf.max_allowed_address_pair = 1
|
||||
self.assertRaises(
|
||||
addr_exc.AllowedAddressPairExhausted,
|
||||
validator._validate_allowed_address_pairs,
|
||||
[{}, {}])
|
||||
|
||||
@mock.patch.object(cfg, 'CONF')
|
||||
def test__validate_allowed_address_pairs_invalid_mac(self, mock_conf):
|
||||
mock_conf.max_allowed_address_pair = 3
|
||||
self.assertRaisesRegex(
|
||||
exc.HTTPBadRequest, 'is not a valid MAC address',
|
||||
validator._validate_allowed_address_pairs,
|
||||
[{'mac_address': 1}])
|
||||
|
||||
@mock.patch.object(cfg, 'CONF')
|
||||
def test__validate_allowed_address_pairs_missing_ip(self, mock_conf):
|
||||
mock_conf.max_allowed_address_pair = 3
|
||||
self.assertRaises(
|
||||
addr_exc.AllowedAddressPairsMissingIP,
|
||||
validator._validate_allowed_address_pairs,
|
||||
[{'ip_adress': '192.168.1.11'}])
|
||||
|
||||
@mock.patch.object(cfg, 'CONF')
|
||||
def test__validate_allowed_address_pairs_duplicate(self, mock_conf):
|
||||
mock_conf.max_allowed_address_pair = 3
|
||||
self.assertRaises(
|
||||
addr_exc.DuplicateAddressPairInRequest,
|
||||
validator._validate_allowed_address_pairs,
|
||||
[{'ip_address': '192.168.1.11'},
|
||||
{'ip_address': '192.168.1.11'}])
|
||||
|
||||
@mock.patch.object(cfg, 'CONF')
|
||||
def test__validate_allowed_address_pairs_invalid_attrs(self, mock_conf):
|
||||
mock_conf.max_allowed_address_pair = 3
|
||||
self.assertRaisesRegex(
|
||||
exc.HTTPBadRequest, 'Unrecognized attribute',
|
||||
validator._validate_allowed_address_pairs,
|
||||
[{'ip_address': '192.168.1.11'},
|
||||
{'ip_address': '192.168.1.12', 'idk': True}])
|
||||
|
||||
@mock.patch.object(cfg, 'CONF')
|
||||
def test__validate_allowed_address_pairs_invalid_subnet(self, mock_conf):
|
||||
mock_conf.max_allowed_address_pair = 3
|
||||
self.assertRaisesRegex(
|
||||
exc.HTTPBadRequest, 'is not a valid IP subnet',
|
||||
validator._validate_allowed_address_pairs,
|
||||
[{'ip_address': '192.168.1.11'},
|
||||
{'ip_address': '192.168.1.0/a'}])
|
||||
|
||||
@mock.patch.object(cfg, 'CONF')
|
||||
def test__validate_allowed_address_pairs_invalid_ip_address(
|
||||
self, mock_conf):
|
||||
mock_conf.max_allowed_address_pair = 3
|
||||
self.assertRaisesRegex(
|
||||
exc.HTTPBadRequest, 'is not a valid IP address',
|
||||
validator._validate_allowed_address_pairs,
|
||||
[{'ip_address': '192.168.1.a'},
|
||||
{'ip_address': '192.168.1.2'}])
|
||||
|
||||
@mock.patch.object(cfg, 'CONF')
|
||||
def test__validate_allowed_address_pairs_good_data(self, mock_conf):
|
||||
mock_conf.max_allowed_address_pair = 3
|
||||
self.assertIsNone(validator._validate_allowed_address_pairs(
|
||||
[{'ip_address': '192.1.1.11'}, {'ip_address': '19.1.1.11'}]))
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
features:
|
||||
- The ``allowed-address-pairs`` API definition is now available in
|
||||
``neutron_lib.api.definitions.allowedaddresspairs``.
|
||||
- The address pair validation is now available via the
|
||||
``type:allowed_address_pairs`` validation type.
|
||||
- Address pair API definition exceptions are available in
|
||||
``neutron_lib.exceptions.allowedaddresspairs``.
|
Loading…
Reference in New Issue