openstack
/
neutron-vpnaas
Code Issues Proposed changes

Migrate to neutron-lib released API definition for VPNaaS APIs 

This patch shows how to use a neutron-lib released API definition for
the VPNaaS extensions. This is a baby step towards a
consolidated set of Neutron APIs.

See I06760fbbbc87570412a21364fba58efe880a907b for more details.

The method get_namespace in API extensions is also removed during this
migration. Since it was removed from neutron long time ago [1].

Co-Authored-By: Anh Tran <trananhkma@gmail.com>
Co-Authored-By: Hunt Xu <mhuntxu@gmail.com>
Co-Authored-By: Dongcan Ye <hellochosen@gmail.com>

[1] I3c406910991c33cf959c5345d76153eabe3ace2d

Depends-On: https://review.opendev.org/#/c/710559/
Depends-On: https://review.opendev.org/#/c/712657/
Change-Id: I1034814639a03b6482d9c9d1a389950aef967a59
This commit is contained in:
Mohammed Naser 2022-05-23 11:42:13 -04:00
parent 1fd3a6633c
commit 6a226281bb
11 changed files with 131 additions and 680 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
neutron_vpnaas/db/vpn/vpn_db.py
View File

@ -23,6 +23,7 @@ from neutron_lib.db import api as db_api
from neutron_lib.db import model_query
from neutron_lib.db import utils as db_utils
from neutron_lib.exceptions import l3 as l3_exception
from neutron_lib.exceptions import vpn as vpn_exception
from neutron_lib.plugins import constants as p_constants
from neutron_lib.plugins import directory
from neutron_lib.plugins import utils
@ -68,17 +69,18 @@ class VPNPluginDb(vpnaas.VPNPluginBase,
except exc.NoResultFound:
with excutils.save_and_reraise_exception(reraise=False) as ctx:
if issubclass(model, vpn_models.IPsecSiteConnection):
raise vpnaas.IPsecSiteConnectionNotFound(
raise vpn_exception.IPsecSiteConnectionNotFound(
ipsec_site_conn_id=v_id
)
elif issubclass(model, vpn_models.IKEPolicy):
raise vpnaas.IKEPolicyNotFound(ikepolicy_id=v_id)
raise vpn_exception.IKEPolicyNotFound(ikepolicy_id=v_id)
elif issubclass(model, vpn_models.IPsecPolicy):
raise vpnaas.IPsecPolicyNotFound(ipsecpolicy_id=v_id)
raise vpn_exception.IPsecPolicyNotFound(
ipsecpolicy_id=v_id)
elif issubclass(model, vpn_models.VPNService):
raise vpnaas.VPNServiceNotFound(vpnservice_id=v_id)
raise vpn_exception.VPNServiceNotFound(vpnservice_id=v_id)
elif issubclass(model, vpn_models.VPNEndpointGroup):
raise vpnaas.VPNEndpointGroupNotFound(
raise vpn_exception.VPNEndpointGroupNotFound(
endpoint_group_id=v_id)
ctx.reraise = True
return r
@ -87,7 +89,7 @@ class VPNPluginDb(vpnaas.VPNPluginBase,
status = getattr(obj, 'status', None)
_id = getattr(obj, 'id', None)
if utils.in_pending_status(status):
raise vpnaas.VPNStateInvalidToUpdate(id=_id, state=status)
raise vpn_exception.VPNStateInvalidToUpdate(id=_id, state=status)
def _make_ipsec_site_connection_dict(self, ipsec_site_conn, fields=None):
@ -288,7 +290,7 @@ class VPNPluginDb(vpnaas.VPNPluginBase,
"""
try:
conn_db = self._get_ipsec_site_connection(context, conn_id)
except vpnaas.IPsecSiteConnectionNotFound:
except vpn_exception.IPsecSiteConnectionNotFound:
return
if not utils.in_pending_status(conn_db.status) or updated_pending:
conn_db.status = new_status
@ -344,7 +346,7 @@ class VPNPluginDb(vpnaas.VPNPluginBase,
validator.validate_ike_policy(context, ike)
if context.session.query(vpn_models.IPsecSiteConnection).filter_by(
ikepolicy_id=ikepolicy_id).first():
raise vpnaas.IKEPolicyInUse(ikepolicy_id=ikepolicy_id)
raise vpn_exception.IKEPolicyInUse(ikepolicy_id=ikepolicy_id)
ike_db = self._get_resource(
context, vpn_models.IKEPolicy, ikepolicy_id)
if ike:
@ -361,7 +363,7 @@ class VPNPluginDb(vpnaas.VPNPluginBase,
with db_api.CONTEXT_WRITER.using(context):
if context.session.query(vpn_models.IPsecSiteConnection).filter_by(
ikepolicy_id=ikepolicy_id).first():
raise vpnaas.IKEPolicyInUse(ikepolicy_id=ikepolicy_id)
raise vpn_exception.IKEPolicyInUse(ikepolicy_id=ikepolicy_id)
ike_db = self._get_resource(
context, vpn_models.IKEPolicy, ikepolicy_id)
context.session.delete(ike_db)
@ -426,7 +428,8 @@ class VPNPluginDb(vpnaas.VPNPluginBase,
validator.validate_ipsec_policy(context, ipsecp)
if context.session.query(vpn_models.IPsecSiteConnection).filter_by(
ipsecpolicy_id=ipsecpolicy_id).first():
raise vpnaas.IPsecPolicyInUse(ipsecpolicy_id=ipsecpolicy_id)
raise vpn_exception.IPsecPolicyInUse(
ipsecpolicy_id=ipsecpolicy_id)
ipsecp_db = self._get_resource(
context, vpn_models.IPsecPolicy, ipsecpolicy_id)
if ipsecp:
@ -443,7 +446,8 @@ class VPNPluginDb(vpnaas.VPNPluginBase,
with db_api.CONTEXT_WRITER.using(context):
if context.session.query(vpn_models.IPsecSiteConnection).filter_by(
ipsecpolicy_id=ipsecpolicy_id).first():
raise vpnaas.IPsecPolicyInUse(ipsecpolicy_id=ipsecpolicy_id)
raise vpn_exception.IPsecPolicyInUse(
ipsecpolicy_id=ipsecpolicy_id)
ipsec_db = self._get_resource(
context, vpn_models.IPsecPolicy, ipsecpolicy_id)
context.session.delete(ipsec_db)
@ -516,7 +520,8 @@ class VPNPluginDb(vpnaas.VPNPluginBase,
if context.session.query(vpn_models.IPsecSiteConnection).filter_by(
vpnservice_id=vpnservice_id
).first():
raise vpnaas.VPNServiceInUse(vpnservice_id=vpnservice_id)
raise vpn_exception.VPNServiceInUse(
vpnservice_id=vpnservice_id)
vpns_db = self._get_resource(context, vpn_models.VPNService,
vpnservice_id)
context.session.delete(vpns_db)
@ -553,7 +558,7 @@ class VPNPluginDb(vpnaas.VPNPluginBase,
vpn_models.VPNService).filter_by(
subnet_id=subnet_id, router_id=router_id).first()
if vpnservices:
raise vpnaas.SubnetInUseByVPNService(
raise vpn_exception.SubnetInUseByVPNService(
subnet_id=subnet_id,
vpnservice_id=vpnservices['id'])
@ -576,7 +581,7 @@ class VPNPluginDb(vpnaas.VPNPluginBase,
vpn_models.VPNService.router_id == router_id)
connection = query.first()
if connection:
raise vpnaas.SubnetInUseByIPsecSiteConnection(
raise vpn_exception.SubnetInUseByIPsecSiteConnection(
subnet_id=subnet_id,
ipsec_site_connection_id=connection['id'])
@ -592,7 +597,7 @@ class VPNPluginDb(vpnaas.VPNPluginBase,
vpn_models.VPNEndpoint.endpoint == subnet_id))
group = query.first()
if group:
raise vpnaas.SubnetInUseByEndpointGroup(
raise vpn_exception.SubnetInUseByEndpointGroup(
subnet_id=subnet_id, group_id=group['id'])
def _make_endpoint_group_dict(self, endpoint_group, fields=None):
@ -661,7 +666,7 @@ class VPNPluginDb(vpnaas.VPNPluginBase,
vpn_models.IPsecSiteConnection.peer_ep_group_id == group_id)
)
if query.first():
raise vpnaas.EndpointGroupInUse(group_id=group_id)
raise vpn_exception.EndpointGroupInUse(group_id=group_id)
class VPNPluginRpcDbMixin(object):
@ -703,7 +708,7 @@ class VPNPluginRpcDbMixin(object):
try:
vpnservice_db = self._get_vpnservice(
context, vpnservice['id'])
except vpnaas.VPNServiceNotFound:
except vpn_exception.VPNServiceNotFound:
LOG.warning('vpnservice %s in db is already deleted',
vpnservice['id'])
continue

53
neutron_vpnaas/db/vpn/vpn_validator.py
View File

@ -19,11 +19,11 @@ from neutron.db import l3_db
from neutron.db import models_v2
from neutron_lib.api import validators
from neutron_lib import exceptions as nexception
from neutron_lib.exceptions import vpn as vpn_exception
from neutron_lib.plugins import constants as plugin_const
from neutron_lib.plugins import directory
from neutron_vpnaas._i18n import _
from neutron_vpnaas.extensions import vpnaas
from neutron_vpnaas.services.vpn.common import constants
@ -56,13 +56,13 @@ class VpnReferenceValidator(object):
def _check_dpd(self, ipsec_sitecon):
"""Ensure that DPD timeout is greater than DPD interval."""
if ipsec_sitecon['dpd_timeout'] <= ipsec_sitecon['dpd_interval']:
raise vpnaas.IPsecSiteConnectionDpdIntervalValueError(
raise vpn_exception.IPsecSiteConnectionDpdIntervalValueError(
attr='dpd_timeout')
def _check_mtu(self, context, mtu, ip_version):
if mtu < VpnReferenceValidator.IP_MIN_MTU[ip_version]:
raise vpnaas.IPsecSiteConnectionMtuError(mtu=mtu,
version=ip_version)
raise vpn_exception.IPsecSiteConnectionMtuError(
mtu=mtu, version=ip_version)
def _validate_peer_address(self, ip_version, router):
# NOTE: peer_address ip version should match with
@ -75,7 +75,7 @@ class VpnReferenceValidator(object):
if ip_version == netaddr.IPAddress(addr).version:
return
raise vpnaas.ExternalNetworkHasNoSubnet(
raise vpn_exception.ExternalNetworkHasNoSubnet(
router_id=router.id,
ip_version="IPv6" if ip_version == 6 else "IPv4")
@ -89,14 +89,15 @@ class VpnReferenceValidator(object):
addrinfo = socket.getaddrinfo(address, None)[0]
ipsec_sitecon['peer_address'] = addrinfo[-1][0]
except socket.gaierror:
raise vpnaas.VPNPeerAddressNotResolved(peer_address=address)
raise vpn_exception.VPNPeerAddressNotResolved(
peer_address=address)
ip_version = netaddr.IPAddress(ipsec_sitecon['peer_address']).version
self._validate_peer_address(ip_version, router)
def _get_local_subnets(self, context, endpoint_group):
if endpoint_group['type'] != constants.SUBNET_ENDPOINT:
raise vpnaas.WrongEndpointGroupType(
raise vpn_exception.WrongEndpointGroupType(
group_type=endpoint_group['type'], which=endpoint_group['id'],
expected=constants.SUBNET_ENDPOINT)
subnet_ids = endpoint_group['endpoints']
@ -105,7 +106,7 @@ class VpnReferenceValidator(object):
def _get_peer_cidrs(self, endpoint_group):
if endpoint_group['type'] != constants.CIDR_ENDPOINT:
raise vpnaas.WrongEndpointGroupType(
raise vpn_exception.WrongEndpointGroupType(
group_type=endpoint_group['type'], which=endpoint_group['id'],
expected=constants.CIDR_ENDPOINT)
return endpoint_group['endpoints']
@ -119,7 +120,8 @@ class VpnReferenceValidator(object):
return local_subnets[0]['ip_version']
ip_versions = set([subnet['ip_version'] for subnet in local_subnets])
if len(ip_versions) > 1:
raise vpnaas.MixedIPVersionsForIPSecEndpoints(group=group_id)
raise vpn_exception.MixedIPVersionsForIPSecEndpoints(
group=group_id)
return ip_versions.pop()
def _check_peer_endpoint_ip_versions(self, group_id, peer_cidrs):
@ -131,7 +133,8 @@ class VpnReferenceValidator(object):
return netaddr.IPNetwork(peer_cidrs[0]).version
ip_versions = set([netaddr.IPNetwork(pc).version for pc in peer_cidrs])
if len(ip_versions) > 1:
raise vpnaas.MixedIPVersionsForIPSecEndpoints(group=group_id)
raise vpn_exception.MixedIPVersionsForIPSecEndpoints(
group=group_id)
return ip_versions.pop()
def _check_peer_cidrs(self, peer_cidrs):
@ -139,7 +142,7 @@ class VpnReferenceValidator(object):
for peer_cidr in peer_cidrs:
msg = validators.validate_subnet(peer_cidr)
if msg:
raise vpnaas.IPsecSiteConnectionPeerCidrError(
raise vpn_exception.IPsecSiteConnectionPeerCidrError(
peer_cidr=peer_cidr)
def _check_peer_cidrs_ip_versions(self, peer_cidrs):
@ -148,7 +151,7 @@ class VpnReferenceValidator(object):
return netaddr.IPNetwork(peer_cidrs[0]).version
ip_versions = set([netaddr.IPNetwork(pc).version for pc in peer_cidrs])
if len(ip_versions) > 1:
raise vpnaas.MixedIPVersionsForPeerCidrs()
raise vpn_exception.MixedIPVersionsForPeerCidrs()
return ip_versions.pop()
def _check_local_subnets_on_router(self, context, router, local_subnets):
@ -158,7 +161,7 @@ class VpnReferenceValidator(object):
def _validate_compatible_ip_versions(self, local_ip_version,
peer_ip_version):
if local_ip_version != peer_ip_version:
raise vpnaas.MixedIPVersionsForIPSecConnection()
raise vpn_exception.MixedIPVersionsForIPSecConnection()
def validate_ipsec_conn_optional_args(self, ipsec_sitecon, subnet):
"""Ensure that proper combinations of optional args are used.
@ -175,7 +178,7 @@ class VpnReferenceValidator(object):
peer_cidrs = ipsec_sitecon.get('peer_cidrs')
if subnet:
if not peer_cidrs:
raise vpnaas.MissingPeerCidrs()
raise vpn_exception.MissingPeerCidrs()
epgs = []
if local_epg_id:
epgs.append('local')
@ -184,10 +187,11 @@ class VpnReferenceValidator(object):
if epgs:
which = ' and '.join(epgs)
suffix = 's' if len(epgs) > 1 else ''
raise vpnaas.InvalidEndpointGroup(which=which, suffix=suffix)
raise vpn_exception.InvalidEndpointGroup(which=which,
suffix=suffix)
else:
if peer_cidrs:
raise vpnaas.PeerCidrsInvalid()
raise vpn_exception.PeerCidrsInvalid()
epgs = []
if not local_epg_id:
epgs.append('local')
@ -196,8 +200,8 @@ class VpnReferenceValidator(object):
if epgs:
which = ' and '.join(epgs)
suffix = 's' if len(epgs) > 1 else ''
raise vpnaas.MissingRequiredEndpointGroup(which=which,
suffix=suffix)
raise vpn_exception.MissingRequiredEndpointGroup(
which=which, suffix=suffix)
def assign_sensible_ipsec_sitecon_defaults(self, ipsec_sitecon,
prev_conn=None):
@ -271,7 +275,7 @@ class VpnReferenceValidator(object):
def _check_router(self, context, router_id):
router = self.l3_plugin.get_router(context, router_id)
if not router.get(l3_db.EXTERNAL_GW_INFO):
raise vpnaas.RouterIsNotExternal(router_id=router_id)
raise vpn_exception.RouterIsNotExternal(router_id=router_id)
def _check_subnet_id(self, context, router_id, subnet_id):
ports = self.core_plugin.get_ports(
@ -280,7 +284,7 @@ class VpnReferenceValidator(object):
'fixed_ips': {'subnet_id': [subnet_id]},
'device_id': [router_id]})
if not ports:
raise vpnaas.SubnetIsNotConnectedToRouter(
raise vpn_exception.SubnetIsNotConnectedToRouter(
subnet_id=subnet_id,
router_id=router_id)
@ -303,7 +307,7 @@ class VpnReferenceValidator(object):
for cidr in cidrs:
msg = validators.validate_subnet(cidr)
if msg:
raise vpnaas.InvalidEndpointInEndpointGroup(
raise vpn_exception.InvalidEndpointInEndpointGroup(
group_type=constants.CIDR_ENDPOINT, endpoint=cidr,
why=_("Invalid CIDR"))
@ -312,13 +316,13 @@ class VpnReferenceValidator(object):
for subnet_id in subnet_ids:
msg = validators.validate_uuid(subnet_id)
if msg:
raise vpnaas.InvalidEndpointInEndpointGroup(
raise vpn_exception.InvalidEndpointInEndpointGroup(
group_type=constants.SUBNET_ENDPOINT, endpoint=subnet_id,
why=_('Invalid UUID'))
try:
self.core_plugin.get_subnet(context, subnet_id)
except nexception.SubnetNotFound:
raise vpnaas.NonExistingSubnetInEndpointGroup(
raise vpn_exception.NonExistingSubnetInEndpointGroup(
subnet=subnet_id)
def validate_endpoint_group(self, context, endpoint_group):
@ -330,7 +334,8 @@ class VpnReferenceValidator(object):
"""
endpoints = endpoint_group['endpoints']
if not endpoints:
raise vpnaas.MissingEndpointForEndpointGroup(group=endpoint_group)
raise vpn_exception.MissingEndpointForEndpointGroup(
group=endpoint_group)
group_type = endpoint_group['type']
if group_type == constants.CIDR_ENDPOINT:
self._validate_cidrs(endpoints)

82
neutron_vpnaas/extensions/vpn_endpoint_groups.py
View File

@ -14,86 +14,26 @@
import abc
from neutron.api.v2 import resource_helper
from neutron_lib.api import converters
from neutron_lib.api.definitions import vpn_endpoint_groups
from neutron_lib.api import extensions
from neutron_lib.db import constants as db_const
from neutron_lib.plugins import constants as nconstants
from neutron_vpnaas.services.vpn.common import constants
from neutron.api.v2 import resource_helper
RESOURCE_ATTRIBUTE_MAP = {
'endpoint_groups': {
'id': {'allow_post': False, 'allow_put': False,
'validate': {'type:uuid': None},
'is_visible': True,
'primary_key': True},
'tenant_id': {'allow_post': True, 'allow_put': False,
'validate': {
'type:string': db_const.PROJECT_ID_FIELD_SIZE},
'required_by_policy': True,
'is_visible': True},
'name': {'allow_post': True, 'allow_put': True,
'validate': {'type:string': db_const.NAME_FIELD_SIZE},
'is_visible': True, 'default': ''},
'description': {'allow_post': True, 'allow_put': True,
'validate': {
'type:string': db_const.DESCRIPTION_FIELD_SIZE},
'is_visible': True, 'default': ''},
'type': {'allow_post': True, 'allow_put': False,
'validate': {
'type:values': constants.VPN_SUPPORTED_ENDPOINT_TYPES,
},
'is_visible': True},
'endpoints': {'allow_post': True, 'allow_put': False,
'convert_to': converters.convert_to_list,
'is_visible': True},
},
}
class Vpn_endpoint_groups(extensions.ExtensionDescriptor):
@classmethod
def get_name(cls):
return "VPN Endpoint Groups"
@classmethod
def get_alias(cls):
return "vpn-endpoint-groups"
@classmethod
def get_description(cls):
return "VPN endpoint groups support"
@classmethod
def get_updated(cls):
return "2015-08-04T10:00:00-00:00"
class Vpn_endpoint_groups(extensions.APIExtensionDescriptor):
api_definition = vpn_endpoint_groups
@classmethod
def get_resources(cls):
plural_mappings = resource_helper.build_plural_mappings(
{}, RESOURCE_ATTRIBUTE_MAP)
return resource_helper.build_resource_info(plural_mappings,
RESOURCE_ATTRIBUTE_MAP,
nconstants.VPN,
register_quota=True,
translate_name=True)
def get_required_extensions(self):
return ["vpnaas"]
def update_attributes_map(self, attributes):
super(Vpn_endpoint_groups, self).update_attributes_map(
attributes, extension_attrs_map=RESOURCE_ATTRIBUTE_MAP)
def get_extended_resources(self, version):
if version == "2.0":
return RESOURCE_ATTRIBUTE_MAP
return {}
{}, vpn_endpoint_groups.RESOURCE_ATTRIBUTE_MAP)
return resource_helper.build_resource_info(
plural_mappings,
vpn_endpoint_groups.RESOURCE_ATTRIBUTE_MAP,
nconstants.VPN,
register_quota=True,
translate_name=True)
class VPNEndpointGroupsPluginBase(object, metaclass=abc.ABCMeta):

40
neutron_vpnaas/extensions/vpn_flavors.py
View File

@ -13,6 +13,7 @@
# under the License.
#
from neutron_lib.api.definitions import vpn_flavors
from neutron_lib.api import extensions
from neutron_lib import exceptions as nexception
@ -27,41 +28,6 @@ class NoProviderFoundForFlavor(nexception.NotFound):
message = _("No service provider found for flavor %(flavor_id)s")
EXTENDED_ATTRIBUTES_2_0 = {
'vpnservices': {
'flavor_id': {'allow_post': True, 'allow_put': False,
'validate': {'type:uuid_or_none': None},
'is_visible': True, 'default': None}
}
}
class Vpn_flavors(extensions.ExtensionDescriptor):
class Vpn_flavors(extensions.APIExtensionDescriptor):
"""Extension class supporting flavors for vpnservices."""
@classmethod
def get_name(cls):
return "VPN Service Flavor Extension"
@classmethod
def get_alias(cls):
return 'vpn-flavors'
@classmethod
def get_description(cls):
return "Flavor support for vpnservices."
@classmethod
def get_updated(cls):
return "2017-04-19T00:00:00-00:00"
def get_extended_resources(self, version):
if version == "2.0":
return EXTENDED_ATTRIBUTES_2_0
return {}
def get_required_extensions(self):
return ["vpnaas"]
def get_optional_extensions(self):
return ["flavors"]
api_definition = vpn_flavors

488
neutron_vpnaas/extensions/vpnaas.py
View File

@ -15,503 +15,35 @@
import abc
from neutron_lib.api import converters
from neutron_lib.api.definitions import vpn
from neutron_lib.api import extensions
from neutron_lib.api import validators
from neutron_lib.db import constants as db_const
from neutron_lib import exceptions as nexception
from neutron_lib.plugins import constants as nconstants
from neutron_lib.services import base as service_base
from neutron.api.v2 import resource_helper
from neutron_vpnaas._i18n import _
class VPNServiceNotFound(nexception.NotFound):
message = _("VPNService %(vpnservice_id)s could not be found")
class IPsecSiteConnectionNotFound(nexception.NotFound):
message = _("ipsec_site_connection %(ipsec_site_conn_id)s not found")
class IPsecSiteConnectionDpdIntervalValueError(nexception.InvalidInput):
message = _("ipsec_site_connection %(attr)s is "
"equal to or less than dpd_interval")
class IPsecSiteConnectionMtuError(nexception.InvalidInput):
message = _("ipsec_site_connection MTU %(mtu)d is too small "
"for ipv%(version)s")
class IPsecSiteConnectionPeerCidrError(nexception.InvalidInput):
message = _("ipsec_site_connection peer cidr %(peer_cidr)s is "
"invalid CIDR")
class IKEPolicyNotFound(nexception.NotFound):
message = _("IKEPolicy %(ikepolicy_id)s could not be found")
class IPsecPolicyNotFound(nexception.NotFound):
message = _("IPsecPolicy %(ipsecpolicy_id)s could not be found")
class IKEPolicyInUse(nexception.InUse):
message = _("IKEPolicy %(ikepolicy_id)s is in use by existing "
"IPsecSiteConnection and can't be updated or deleted")
class VPNServiceInUse(nexception.InUse):
message = _("VPNService %(vpnservice_id)s is still in use")
class SubnetInUseByVPNService(nexception.InUse):
message = _("Subnet %(subnet_id)s is used by VPNService %(vpnservice_id)s")
class SubnetInUseByEndpointGroup(nexception.InUse):
message = _("Subnet %(subnet_id)s is used by endpoint group %(group_id)s")
class SubnetInUseByIPsecSiteConnection(nexception.InUse):
message = _("Subnet %(subnet_id)s is used by ipsec site connection "
"%(ipsec_site_connection_id)s")
class VPNStateInvalidToUpdate(nexception.BadRequest):
message = _("Invalid state %(state)s of vpnaas resource %(id)s"
" for updating")
class IPsecPolicyInUse(nexception.InUse):
message = _("IPsecPolicy %(ipsecpolicy_id)s is in use by existing "
"IPsecSiteConnection and can't be updated or deleted")
class DeviceDriverImportError(nexception.NeutronException):
message = _("Can not load driver :%(device_driver)s")
class SubnetIsNotConnectedToRouter(nexception.BadRequest):
message = _("Subnet %(subnet_id)s is not "
"connected to Router %(router_id)s")
class RouterIsNotExternal(nexception.BadRequest):
message = _("Router %(router_id)s has no external network gateway set")
class VPNPeerAddressNotResolved(nexception.InvalidInput):
message = _("Peer address %(peer_address)s cannot be resolved")
class ExternalNetworkHasNoSubnet(nexception.BadRequest):
message = _("Router's %(router_id)s external network has "
"no %(ip_version)s subnet")
class VPNEndpointGroupNotFound(nexception.NotFound):
message = _("Endpoint group %(endpoint_group_id)s could not be found")
class InvalidEndpointInEndpointGroup(nexception.InvalidInput):
message = _("Endpoint '%(endpoint)s' is invalid for group "
"type '%(group_type)s': %(why)s")
class MissingEndpointForEndpointGroup(nexception.BadRequest):
message = _("No endpoints specified for endpoint group '%(group)s'")
class NonExistingSubnetInEndpointGroup(nexception.InvalidInput):
message = _("Subnet %(subnet)s in endpoint group does not exist")
class MixedIPVersionsForIPSecEndpoints(nexception.BadRequest):
message = _("Endpoints in group %(group)s do not have the same IP "
"version, as required for IPSec site-to-site connection")
class MixedIPVersionsForPeerCidrs(nexception.BadRequest):
message = _("Peer CIDRs do not have the same IP version, as required "
"for IPSec site-to-site connection")
class MixedIPVersionsForIPSecConnection(nexception.BadRequest):
message = _("IP versions are not compatible between peer and local "
"endpoints")
class InvalidEndpointGroup(nexception.BadRequest):
message = _("Endpoint group%(suffix)s %(which)s cannot be specified, "
"when VPN Service has subnet specified")
class WrongEndpointGroupType(nexception.BadRequest):
message = _("Endpoint group %(which)s type is '%(group_type)s' and "
"should be '%(expected)s'")
class PeerCidrsInvalid(nexception.BadRequest):
message = _("Peer CIDRs cannot be specified, when using endpoint "
"groups")
class MissingPeerCidrs(nexception.BadRequest):
message = _("Missing peer CIDRs for IPsec site-to-site connection")
class MissingRequiredEndpointGroup(nexception.BadRequest):
message = _("Missing endpoint group%(suffix)s %(which)s for IPSec "
"site-to-site connection")
class EndpointGroupInUse(nexception.BadRequest):
message = _("Endpoint group %(group_id)s is in use and cannot be deleted")
def _validate_subnet_list_or_none(data, key_specs=None):
if data is not None:
return validators.validate_subnet_list(data, key_specs)
validators.add_validator('type:subnet_list_or_none',
_validate_subnet_list_or_none)
vpn_supported_initiators = ['bi-directional', 'response-only']
vpn_supported_encryption_algorithms = ['3des', 'aes-128',
'aes-192', 'aes-256']
vpn_dpd_supported_actions = [
'hold', 'clear', 'restart', 'restart-by-peer', 'disabled'
]
vpn_supported_transform_protocols = ['esp', 'ah', 'ah-esp']
vpn_supported_encapsulation_mode = ['tunnel', 'transport']
#TODO(nati) add kilobytes when we support it
vpn_supported_lifetime_units = ['seconds']
vpn_supported_pfs = ['group2', 'group5', 'group14']
vpn_supported_ike_versions = ['v1', 'v2']
vpn_supported_auth_mode = ['psk']
vpn_supported_auth_algorithms = ['sha1', 'sha256', 'sha384', 'sha512']
vpn_supported_phase1_negotiation_mode = ['main', 'aggressive']
vpn_lifetime_limits = (60, validators.UNLIMITED)
positive_int = (0, validators.UNLIMITED)
RESOURCE_ATTRIBUTE_MAP = {
'vpnservices': {
'id': {'allow_post': False, 'allow_put': False,
'validate': {'type:uuid': None},
'is_visible': True,
'primary_key': True,
'is_sort_key': True},
'tenant_id': {'allow_post': True, 'allow_put': False,
'validate': {
'type:string': db_const.PROJECT_ID_FIELD_SIZE},
'required_by_policy': True,
'is_visible': True,
'is_sort_key': True},
'name': {'allow_post': True, 'allow_put': True,
'validate': {'type:string': db_const.NAME_FIELD_SIZE},
'is_visible': True, 'default': '',
'is_sort_key': True},
'description': {'allow_post': True, 'allow_put': True,
'validate': {
'type:string': db_const.DESCRIPTION_FIELD_SIZE},
'is_visible': True, 'default': ''},
'subnet_id': {'allow_post': True, 'allow_put': False,
'validate': {'type:uuid_or_none': None},
'is_visible': True, 'default': None,
'is_sort_key': True},
'router_id': {'allow_post': True, 'allow_put': False,
'validate': {'type:uuid': None},
'is_visible': True,
'is_sort_key': True},
'admin_state_up': {'allow_post': True, 'allow_put': True,
'default': True,
'convert_to': converters.convert_to_boolean,
'is_visible': True},
'external_v4_ip': {'allow_post': False, 'allow_put': False,
'is_visible': True},
'external_v6_ip': {'allow_post': False, 'allow_put': False,
'is_visible': True},
'status': {'allow_post': False, 'allow_put': False,
'is_visible': True}
},
'ipsec_site_connections': {
'id': {'allow_post': False, 'allow_put': False,
'validate': {'type:uuid': None},
'is_visible': True,
'primary_key': True,
'is_sort_key': True},
'tenant_id': {'allow_post': True, 'allow_put': False,
'validate': {
'type:string': db_const.PROJECT_ID_FIELD_SIZE},
'required_by_policy': True,
'is_visible': True,
'is_sort_key': True},
'name': {'allow_post': True, 'allow_put': True,
'validate': {'type:string': db_const.NAME_FIELD_SIZE},
'is_visible': True, 'default': '',
'is_sort_key': True},
'description': {'allow_post': True, 'allow_put': True,
'validate': {
'type:string': db_const.DESCRIPTION_FIELD_SIZE},
'is_visible': True, 'default': ''},
'local_id': {'allow_post': True, 'allow_put': True,
'validate': {'type:string': None},
'is_visible': True, 'default': ''},
'peer_address': {'allow_post': True, 'allow_put': True,
'validate': {'type:string': None},
'is_visible': True},
'peer_id': {'allow_post': True, 'allow_put': True,
'validate': {'type:string': None},
'is_visible': True},
'peer_cidrs': {'allow_post': True, 'allow_put': True,
'convert_to': converters.convert_to_list,
'validate': {'type:subnet_list_or_none': None},
'is_visible': True,
'default': None},
'local_ep_group_id': {'allow_post': True, 'allow_put': True,
'validate': {'type:uuid_or_none': None},
'is_visible': True, 'default': None},
'peer_ep_group_id': {'allow_post': True, 'allow_put': True,
'validate': {'type:uuid_or_none': None},
'is_visible': True, 'default': None},
'route_mode': {'allow_post': False, 'allow_put': False,
'default': 'static',
'is_visible': True},
'mtu': {'allow_post': True, 'allow_put': True,
'default': '1500',
'validate': {'type:range': positive_int},
'convert_to': converters.convert_to_int,
'is_visible': True},
'initiator': {'allow_post': True, 'allow_put': True,
'default': 'bi-directional',
'validate': {'type:values': vpn_supported_initiators},
'is_visible': True},
'auth_mode': {'allow_post': False, 'allow_put': False,
'default': 'psk',
'validate': {'type:values': vpn_supported_auth_mode},
'is_visible': True},
'psk': {'allow_post': True, 'allow_put': True,
'validate': {'type:string': None},
'is_visible': True},
'dpd': {'allow_post': True, 'allow_put': True,
'convert_to': converters.convert_none_to_empty_dict,
'is_visible': True,
'default': {},
'validate': {
'type:dict_or_empty': {
'action': {
'type:values': vpn_dpd_supported_actions,
},
'interval': {
'type:range': positive_int
},
'timeout': {
'type:range': positive_int
}}}},
'admin_state_up': {'allow_post': True, 'allow_put': True,
'default': True,
'convert_to': converters.convert_to_boolean,
'is_visible': True},
'status': {'allow_post': False, 'allow_put': False,
'is_visible': True},
'vpnservice_id': {'allow_post': True, 'allow_put': False,
'validate': {'type:uuid': None},
'is_visible': True},
'ikepolicy_id': {'allow_post': True, 'allow_put': False,
'validate': {'type:uuid': None},
'is_visible': True},
'ipsecpolicy_id': {'allow_post': True, 'allow_put': False,
'validate': {'type:uuid': None},
'is_visible': True}
},
'ipsecpolicies': {
'id': {'allow_post': False, 'allow_put': False,
'validate': {'type:uuid': None},
'is_visible': True,
'primary_key': True,
'is_sort_key': True},
'tenant_id': {'allow_post': True, 'allow_put': False,
'validate': {
'type:string': db_const.PROJECT_ID_FIELD_SIZE},
'required_by_policy': True,
'is_visible': True,
'is_sort_key': True},
'name': {'allow_post': True, 'allow_put': True,
'validate': {'type:string': db_const.NAME_FIELD_SIZE},
'is_visible': True, 'default': '',
'is_sort_key': True},
'description': {'allow_post': True, 'allow_put': True,
'validate': {
'type:string': db_const.DESCRIPTION_FIELD_SIZE},
'is_visible': True, 'default': ''},
'transform_protocol': {
'allow_post': True,
'allow_put': True,
'default': 'esp',
'validate': {
'type:values': vpn_supported_transform_protocols},
'is_visible': True},
'auth_algorithm': {
'allow_post': True,
'allow_put': True,
'default': 'sha1',
'validate': {
'type:values': vpn_supported_auth_algorithms
},
'is_visible': True},
'encryption_algorithm': {
'allow_post': True,
'allow_put': True,
'default': 'aes-128',
'validate': {
'type:values': vpn_supported_encryption_algorithms
},
'is_visible': True},
'encapsulation_mode': {
'allow_post': True,
'allow_put': True,
'default': 'tunnel',
'validate': {
'type:values': vpn_supported_encapsulation_mode
},
'is_visible': True},
'lifetime': {'allow_post': True, 'allow_put': True,
'convert_to': converters.convert_none_to_empty_dict,
'default': {},
'validate': {
'type:dict_or_empty': {
'units': {
'type:values': vpn_supported_lifetime_units,
},
'value': {
'type:range': vpn_lifetime_limits
}}},
'is_visible': True},
'pfs': {'allow_post': True, 'allow_put': True,
'default': 'group5',
'validate': {'type:values': vpn_supported_pfs},
'is_visible': True}
},
'ikepolicies': {
'id': {'allow_post': False, 'allow_put': False,
'validate': {'type:uuid': None},
'is_visible': True,
'primary_key': True,
'is_sort_key': True},
'tenant_id': {'allow_post': True, 'allow_put': False,
'validate': {
'type:string': db_const.PROJECT_ID_FIELD_SIZE},
'required_by_policy': True,
'is_visible': True,
'is_sort_key': True},
'name': {'allow_post': True, 'allow_put': True,
'validate': {'type:string': db_const.NAME_FIELD_SIZE},
'is_visible': True, 'default': '',
'is_sort_key': True},
'description': {'allow_post': True, 'allow_put': True,
'validate': {
'type:string': db_const.DESCRIPTION_FIELD_SIZE},
'is_visible': True, 'default': ''},
'auth_algorithm': {'allow_post': True, 'allow_put': True,
'default': 'sha1',
'validate': {
'type:values': vpn_supported_auth_algorithms},
'is_visible': True},
'encryption_algorithm': {
'allow_post': True, 'allow_put': True,
'default': 'aes-128',
'validate': {'type:values': vpn_supported_encryption_algorithms},
'is_visible': True},
'phase1_negotiation_mode': {
'allow_post': True, 'allow_put': True,
'default': 'main',
'validate': {
'type:values': vpn_supported_phase1_negotiation_mode
},
'is_visible': True},
'lifetime': {'allow_post': True, 'allow_put': True,
'convert_to': converters.convert_none_to_empty_dict,
'default': {},
'validate': {
'type:dict_or_empty': {
'units': {
'type:values': vpn_supported_lifetime_units,
},
'value': {
'type:range': vpn_lifetime_limits,
}}},
'is_visible': True},
'ike_version': {'allow_post': True, 'allow_put': True,
'default': 'v1',
'validate': {
'type:values': vpn_supported_ike_versions},
'is_visible': True},
'pfs': {'allow_post': True, 'allow_put': True,
'default': 'group5',
'validate': {'type:values': vpn_supported_pfs},
'is_visible': True}
},
}
class Vpnaas(extensions.ExtensionDescriptor):
@classmethod
def get_name(cls):
return "VPN service"
@classmethod
def get_alias(cls):
return "vpnaas"
@classmethod
def get_description(cls):
return "Extension for VPN service"
@classmethod
def get_namespace(cls):
return "https://wiki.openstack.org/Neutron/VPNaaS"
@classmethod
def get_updated(cls):
return "2013-05-29T10:00:00-00:00"
class Vpnaas(extensions.APIExtensionDescriptor):
api_definition = vpn
@classmethod
def get_resources(cls):
special_mappings = {'ikepolicies': 'ikepolicy',
'ipsecpolicies': 'ipsecpolicy'}
plural_mappings = resource_helper.build_plural_mappings(
special_mappings, RESOURCE_ATTRIBUTE_MAP)
special_mappings, vpn.RESOURCE_ATTRIBUTE_MAP)
plural_mappings['peer_cidrs'] = 'peer_cidr'
return resource_helper.build_resource_info(plural_mappings,
RESOURCE_ATTRIBUTE_MAP,
nconstants.VPN,
register_quota=True,
translate_name=True)
return resource_helper.build_resource_info(
plural_mappings,
vpn.RESOURCE_ATTRIBUTE_MAP,
nconstants.VPN,
register_quota=True,
translate_name=True)
@classmethod
def get_plugin_interface(cls):
return VPNPluginBase
def update_attributes_map(self, attributes):
super(Vpnaas, self).update_attributes_map(
attributes, extension_attrs_map=RESOURCE_ATTRIBUTE_MAP)
def get_extended_resources(self, version):
if version == "2.0":
return RESOURCE_ATTRIBUTE_MAP
return {}
class VPNPluginBase(service_base.ServicePluginBase, metaclass=abc.ABCMeta):

5
neutron_vpnaas/services/vpn/device_drivers/ipsec.py
View File

@ -30,6 +30,7 @@ from neutron.agent.linux import utils as agent_utils
from neutron_lib.api import validators
from neutron_lib import constants
from neutron_lib import context
from neutron_lib.exceptions import vpn as vpn_exception
from neutron_lib.plugins import utils as plugin_utils
from neutron_lib import rpc as n_rpc
from neutron_lib.utils import file as file_utils
@ -43,7 +44,6 @@ from oslo_utils import encodeutils
from oslo_utils import fileutils
from neutron_vpnaas._i18n import _
from neutron_vpnaas.extensions import vpnaas
from neutron_vpnaas.services.vpn.common import topics
from neutron_vpnaas.services.vpn import device_drivers
@ -610,7 +610,8 @@ class OpenSwanProcess(BaseSwanProcess):
if not ip_addr:
self._record_connection_status(connection_id, constants.ERROR,
force_status_update=True)
raise vpnaas.VPNPeerAddressNotResolved(peer_address=address)
raise vpn_exception.VPNPeerAddressNotResolved(
peer_address=address)
else:
ip_addr = address
routes = self._execute(['ip', 'route', 'get', ip_addr])

5
neutron_vpnaas/services/vpn/vpn_service.py
View File

@ -14,11 +14,10 @@
# under the License.
from neutron.services import provider_configuration as provconfig
from neutron_lib.exceptions import vpn as vpn_exception
from oslo_log import log as logging
from oslo_utils import importutils
from neutron_vpnaas.extensions import vpnaas
LOG = logging.getLogger(__name__)
DEVICE_DRIVERS = 'device_drivers'
@ -42,6 +41,6 @@ class VPNService(object):
host))
LOG.debug('Loaded VPNaaS device driver: %s', device_driver)
except ImportError:
raise vpnaas.DeviceDriverImportError(
raise vpn_exception.DeviceDriverImportError(
device_driver=device_driver)
return drivers

23
neutron_vpnaas/tests/unit/db/vpn/test_vpn_db.py
View File

@ -28,10 +28,12 @@ from neutron import extensions as nextensions
from neutron.scheduler import l3_agent_scheduler
from neutron.tests.unit.db import test_db_base_plugin_v2 as test_db_plugin
from neutron.tests.unit.extensions import test_l3 as test_l3_plugin
from neutron_lib.api.definitions import vpn
from neutron_lib.callbacks import events
from neutron_lib import constants as lib_constants
from neutron_lib import context
from neutron_lib.exceptions import l3 as l3_exception
from neutron_lib.exceptions import vpn as vpn_exception
from neutron_lib.plugins import constants as nconstants
from neutron_lib.plugins import directory
from oslo_db import exception as db_exc
@ -45,7 +47,6 @@ from neutron_vpnaas.services.vpn import plugin as vpn_plugin
from neutron_vpnaas.tests import base
from neutron_vpnaas import extensions
from neutron_vpnaas.extensions import vpnaas
DB_CORE_PLUGIN_KLASS = 'neutron.db.db_base_plugin_v2.NeutronDbPluginV2'
DB_VPN_PLUGIN_KLASS = "neutron_vpnaas.services.vpn.plugin.VPNPlugin"
@ -71,7 +72,7 @@ class VPNTestMixin(object):
resource_prefix_map = dict(
(k.replace('_', '-'),
"/vpn")
for k in vpnaas.RESOURCE_ATTRIBUTE_MAP
for k in vpn.RESOURCE_ATTRIBUTE_MAP
)
def _create_ikepolicy(self, fmt,
@ -1692,7 +1693,7 @@ class TestVpnaas(VPNPluginDbTestCase):
self.router() as router:
with self.vpnservice(subnet=subnet,
router=router):
self.assertRaises(vpnaas.SubnetInUseByVPNService,
self.assertRaises(vpn_exception.SubnetInUseByVPNService,
self.plugin.check_subnet_in_use,
context.get_admin_context(),
subnet['subnet']['id'],
@ -1957,7 +1958,7 @@ class TestVpnDatabase(base.NeutronDbPluginV2TestCase, NeutronResourcesMixin):
endpoint_group = self.plugin.get_endpoint_group(self.context,
endpoint_group_id)
is_found = True
except vpnaas.VPNEndpointGroupNotFound:
except vpn_exception.VPNEndpointGroupNotFound:
is_found = False
except Exception as e:
self.fail("Unexpected exception getting endpoint group: %s" % e)
@ -1981,7 +1982,7 @@ class TestVpnDatabase(base.NeutronDbPluginV2TestCase, NeutronResourcesMixin):
self.plugin.delete_endpoint_group(self.context, group_id)
self.check_endpoint_group_entry(group_id, expected, should_exist=False)
self.assertRaises(vpnaas.VPNEndpointGroupNotFound,
self.assertRaises(vpn_exception.VPNEndpointGroupNotFound,
self.plugin.delete_endpoint_group,
self.context, group_id)
@ -1998,7 +1999,7 @@ class TestVpnDatabase(base.NeutronDbPluginV2TestCase, NeutronResourcesMixin):
def test_fail_showing_non_existent_endpoint_group(self):
"""Test failure to show non-existent endpoint group."""
self.assertRaises(vpnaas.VPNEndpointGroupNotFound,
self.assertRaises(vpn_exception.VPNEndpointGroupNotFound,
self.plugin.get_endpoint_group,
self.context, uuidutils.generate_uuid())
@ -2054,7 +2055,7 @@ class TestVpnDatabase(base.NeutronDbPluginV2TestCase, NeutronResourcesMixin):
"""Test fail updating a non-existent group."""
group_updates = {'endpoint_group': {'name': 'new name'}}
self.assertRaises(
vpnaas.VPNEndpointGroupNotFound,
vpn_exception.VPNEndpointGroupNotFound,
self.plugin.update_endpoint_group,
self.context, _uuid(), group_updates)
@ -2225,11 +2226,11 @@ class TestVpnDatabase(base.NeutronDbPluginV2TestCase, NeutronResourcesMixin):
{'local_ep_group_id': local_ep_group['id'],
'peer_ep_group_id': peer_ep_group['id']})
self.plugin.create_ipsec_site_connection(self.context, info)
self.assertRaises(vpnaas.EndpointGroupInUse,
self.assertRaises(vpn_exception.EndpointGroupInUse,
self.plugin.delete_endpoint_group,
self.context,
local_ep_group['id'])
self.assertRaises(vpnaas.EndpointGroupInUse,
self.assertRaises(vpn_exception.EndpointGroupInUse,
self.plugin.delete_endpoint_group,
self.context,
peer_ep_group['id'])
@ -2248,7 +2249,7 @@ class TestVpnDatabase(base.NeutronDbPluginV2TestCase, NeutronResourcesMixin):
local_subnet = self.create_subnet(overrides=overrides)
self.create_endpoint_group(group_type='subnet',
endpoints=[local_subnet['id']])
self.assertRaises(vpnaas.SubnetInUseByEndpointGroup,
self.assertRaises(vpn_exception.SubnetInUseByEndpointGroup,
self.plugin.check_subnet_in_use_by_endpoint_group,
self.context, local_subnet['id'])
@ -2283,7 +2284,7 @@ class TestVpnDatabase(base.NeutronDbPluginV2TestCase, NeutronResourcesMixin):
self.plugin.create_ipsec_site_connection(self.context,
ipsec_site_connection)
self.assertRaises(vpnaas.SubnetInUseByIPsecSiteConnection,
self.assertRaises(vpn_exception.SubnetInUseByIPsecSiteConnection,
self.plugin.check_subnet_in_use,
self.context,
private_subnet['id'],

66
neutron_vpnaas/tests/unit/db/vpn/test_vpn_validator.py
View File

@ -19,13 +19,13 @@ from unittest import mock
from neutron.db import l3_db
from neutron_lib import context as n_ctx
from neutron_lib import exceptions as nexception
from neutron_lib.exceptions import vpn as vpn_exception
from neutron_lib.plugins import constants as nconstants
from neutron_lib.plugins import directory
from oslo_utils import uuidutils
from sqlalchemy.orm import query
from neutron_vpnaas.db.vpn import vpn_validator
from neutron_vpnaas.extensions import vpnaas
from neutron_vpnaas.services.vpn.common import constants as v_constants
from neutron_vpnaas.tests import base
@ -55,7 +55,7 @@ class TestVpnValidation(base.BaseTestCase):
"""Failure test of service validate, when router missing ext. I/F."""
self.l3_plugin.get_router.return_value = {} # No external gateway
vpnservice = {'router_id': 123, 'subnet_id': 456}
self.assertRaises(vpnaas.RouterIsNotExternal,
self.assertRaises(vpn_exception.RouterIsNotExternal,
self.validator.validate_vpnservice,
self.context, vpnservice)
@ -64,7 +64,7 @@ class TestVpnValidation(base.BaseTestCase):
self.l3_plugin.get_router.return_value = FAKE_ROUTER
self.core_plugin.get_ports.return_value = None
vpnservice = {'router_id': FAKE_ROUTER_ID, 'subnet_id': FAKE_SUBNET_ID}
self.assertRaises(vpnaas.SubnetIsNotConnectedToRouter,
self.assertRaises(vpn_exception.SubnetIsNotConnectedToRouter,
self.validator.validate_vpnservice,
self.context, vpnservice)
@ -122,7 +122,7 @@ class TestVpnValidation(base.BaseTestCase):
raise socket.gaierror()
mock_getaddr_info.side_effect = getaddr_info_failer
ipsec_sitecon = {'peer_address': 'fqdn.invalid'}
self.assertRaises(vpnaas.VPNPeerAddressNotResolved,
self.assertRaises(vpn_exception.VPNPeerAddressNotResolved,
self.validator.resolve_peer_address,
ipsec_sitecon, self.router)
@ -134,7 +134,7 @@ class TestVpnValidation(base.BaseTestCase):
self.validator._validate_peer_address(ip_version, self.router)
if expected_exception:
self.fail("No exception raised for invalid peer address")
except vpnaas.ExternalNetworkHasNoSubnet:
except vpn_exception.ExternalNetworkHasNoSubnet:
if not expected_exception:
self.fail("exception for valid peer address raised")
@ -213,12 +213,14 @@ class TestVpnValidation(base.BaseTestCase):
"""Failure tests of DPD settings for IPSec conn during create."""
ipsec_sitecon = {'dpd_action': 'hold', 'dpd_interval': 100,
'dpd_timeout': 100}
self.assertRaises(vpnaas.IPsecSiteConnectionDpdIntervalValueError,
self.validator._check_dpd, ipsec_sitecon)
self.assertRaises(
vpn_exception.IPsecSiteConnectionDpdIntervalValueError,
self.validator._check_dpd, ipsec_sitecon)
ipsec_sitecon = {'dpd_action': 'hold', 'dpd_interval': 100,
'dpd_timeout': 99}
self.assertRaises(vpnaas.IPsecSiteConnectionDpdIntervalValueError,
self.validator._check_dpd, ipsec_sitecon)
self.assertRaises(
vpn_exception.IPsecSiteConnectionDpdIntervalValueError,
self.validator._check_dpd, ipsec_sitecon)
def test_bad_mtu_for_ipsec_connection(self):
"""Failure test of invalid MTU values for IPSec conn create/update."""
@ -226,7 +228,7 @@ class TestVpnValidation(base.BaseTestCase):
for version, limit in ip_version_limits.items():
ipsec_sitecon = {'mtu': limit - 1}
self.assertRaises(
vpnaas.IPsecSiteConnectionMtuError,
vpn_exception.IPsecSiteConnectionMtuError,
self.validator._check_mtu,
self.context, ipsec_sitecon['mtu'], version)
@ -254,19 +256,19 @@ class TestVpnValidation(base.BaseTestCase):
"""Fail when mixing types of endpoints in endpoint group."""
endpoint_group = {'type': v_constants.CIDR_ENDPOINT,
'endpoints': ['10.10.10.0/24', _uuid()]}
self.assertRaises(vpnaas.InvalidEndpointInEndpointGroup,
self.assertRaises(vpn_exception.InvalidEndpointInEndpointGroup,
self.validator.validate_endpoint_group,
self.context, endpoint_group)
endpoint_group = {'type': v_constants.SUBNET_ENDPOINT,
'endpoints': [_uuid(), '10.10.10.0/24']}
self.assertRaises(vpnaas.InvalidEndpointInEndpointGroup,
self.assertRaises(vpn_exception.InvalidEndpointInEndpointGroup,
self.validator.validate_endpoint_group,
self.context, endpoint_group)
def test_missing_endpoints_for_endpoint_group(self):
endpoint_group = {'type': v_constants.CIDR_ENDPOINT,
'endpoints': []}
self.assertRaises(vpnaas.MissingEndpointForEndpointGroup,
self.assertRaises(vpn_exception.MissingEndpointForEndpointGroup,
self.validator.validate_endpoint_group,
self.context, endpoint_group)
@ -277,7 +279,7 @@ class TestVpnValidation(base.BaseTestCase):
"""
endpoint_group = {'type': v_constants.CIDR_ENDPOINT,
'endpoints': ['10.10.10.10/24', '20.20.20.1']}
self.assertRaises(vpnaas.InvalidEndpointInEndpointGroup,
self.assertRaises(vpn_exception.InvalidEndpointInEndpointGroup,
self.validator.validate_endpoint_group,
self.context, endpoint_group)
@ -287,7 +289,7 @@ class TestVpnValidation(base.BaseTestCase):
subnet_id=subnet_id)
endpoint_group = {'type': v_constants.SUBNET_ENDPOINT,
'endpoints': [subnet_id]}
self.assertRaises(vpnaas.NonExistingSubnetInEndpointGroup,
self.assertRaises(vpn_exception.NonExistingSubnetInEndpointGroup,
self.validator.validate_endpoint_group,
self.context, endpoint_group)
@ -299,7 +301,7 @@ class TestVpnValidation(base.BaseTestCase):
multiple_subnets = [subnet1, subnet2]
port_mock = mock.patch.object(self.core_plugin, "get_ports").start()
port_mock.side_effect = ['dummy info', None]
self.assertRaises(vpnaas.SubnetIsNotConnectedToRouter,
self.assertRaises(vpn_exception.SubnetIsNotConnectedToRouter,
self.validator._check_local_subnets_on_router,
self.context, router, multiple_subnets)
@ -323,7 +325,7 @@ class TestVpnValidation(base.BaseTestCase):
subnet1 = {'ip_version': 6}
subnet2 = {'ip_version': 4}
mixed_subnets = [subnet1, subnet2]
self.assertRaises(vpnaas.MixedIPVersionsForIPSecEndpoints,
self.assertRaises(vpn_exception.MixedIPVersionsForIPSecEndpoints,
self.validator._check_local_endpoint_ip_versions,
endpoint_group_id, mixed_subnets)
@ -343,13 +345,13 @@ class TestVpnValidation(base.BaseTestCase):
"""Fail when mixed IP versions in peer endpoints."""
endpoint_group_id = _uuid()
mixed_cidrs = ['10.10.10.0/24', '2002:1400::/48']
self.assertRaises(vpnaas.MixedIPVersionsForIPSecEndpoints,
self.assertRaises(vpn_exception.MixedIPVersionsForIPSecEndpoints,
self.validator._check_peer_endpoint_ip_versions,
endpoint_group_id, mixed_cidrs)
def test_fail_ipsec_conn_locals_and_peers_different_ip_version(self):
"""Ensure catch when local and peer IP versions are not the same."""
self.assertRaises(vpnaas.MixedIPVersionsForIPSecConnection,
self.assertRaises(vpn_exception.MixedIPVersionsForIPSecConnection,
self.validator._validate_compatible_ip_versions,
4, 6)
@ -363,28 +365,28 @@ class TestVpnValidation(base.BaseTestCase):
ipsec_sitecon = {'peer_cidrs': ['10.0.0.0/24'],
'local_ep_group_id': 'local-epg-id',
'peer_ep_group_id': 'peer-epg-id'}
self.assertRaises(vpnaas.PeerCidrsInvalid,
self.assertRaises(vpn_exception.PeerCidrsInvalid,
self.validator.validate_ipsec_conn_optional_args,
ipsec_sitecon, subnet)
ipsec_sitecon = {'peer_cidrs': [],
'local_ep_group_id': None,
'peer_ep_group_id': 'peer-epg-id'}
self.assertRaises(vpnaas.MissingRequiredEndpointGroup,
self.assertRaises(vpn_exception.MissingRequiredEndpointGroup,
self.validator.validate_ipsec_conn_optional_args,
ipsec_sitecon, subnet)
ipsec_sitecon = {'peer_cidrs': [],
'local_ep_group_id': 'local-epg-id',
'peer_ep_group_id': None}
self.assertRaises(vpnaas.MissingRequiredEndpointGroup,
self.assertRaises(vpn_exception.MissingRequiredEndpointGroup,
self.validator.validate_ipsec_conn_optional_args,
ipsec_sitecon, subnet)
ipsec_sitecon = {'peer_cidrs': [],
'local_ep_group_id': None,
'peer_ep_group_id': None}
self.assertRaises(vpnaas.MissingRequiredEndpointGroup,
self.assertRaises(vpn_exception.MissingRequiredEndpointGroup,
self.validator.validate_ipsec_conn_optional_args,
ipsec_sitecon, subnet)
@ -398,28 +400,28 @@ class TestVpnValidation(base.BaseTestCase):
ipsec_sitecon = {'peer_cidrs': [],
'local_ep_group_id': None,
'peer_ep_group_id': None}
self.assertRaises(vpnaas.MissingPeerCidrs,
self.assertRaises(vpn_exception.MissingPeerCidrs,
self.validator.validate_ipsec_conn_optional_args,
ipsec_sitecon, subnet)
ipsec_sitecon = {'peer_cidrs': ['10.0.0.0/24'],
'local_ep_group_id': 'local-epg-id',
'peer_ep_group_id': None}
self.assertRaises(vpnaas.InvalidEndpointGroup,
self.assertRaises(vpn_exception.InvalidEndpointGroup,
self.validator.validate_ipsec_conn_optional_args,
ipsec_sitecon, subnet)
ipsec_sitecon = {'peer_cidrs': ['10.0.0.0/24'],
'local_ep_group_id': None,
'peer_ep_group_id': 'peer-epg-id'}
self.assertRaises(vpnaas.InvalidEndpointGroup,
self.assertRaises(vpn_exception.InvalidEndpointGroup,
self.validator.validate_ipsec_conn_optional_args,
ipsec_sitecon, subnet)
ipsec_sitecon = {'peer_cidrs': ['10.0.0.0/24'],
'local_ep_group_id': 'local-epg-id',
'peer_ep_group_id': 'peer-epg-id'}
self.assertRaises(vpnaas.InvalidEndpointGroup,
self.assertRaises(vpn_exception.InvalidEndpointGroup,
self.validator.validate_ipsec_conn_optional_args,
ipsec_sitecon, subnet)
@ -452,11 +454,11 @@ class TestVpnValidation(base.BaseTestCase):
def test_fail_ipsec_conn_peer_cidrs_with_invalid_format(self):
peer_cidrs = ['invalid_cidr']
self.assertRaises(vpnaas.IPsecSiteConnectionPeerCidrError,
self.assertRaises(vpn_exception.IPsecSiteConnectionPeerCidrError,
self.validator._check_peer_cidrs,
peer_cidrs)
peer_cidrs = ['192/24']
self.assertRaises(vpnaas.IPsecSiteConnectionPeerCidrError,
self.assertRaises(vpn_exception.IPsecSiteConnectionPeerCidrError,
self.validator._check_peer_cidrs,
peer_cidrs)
@ -464,13 +466,13 @@ class TestVpnValidation(base.BaseTestCase):
local_epg = {'id': 'should-be-subnets',
'type': v_constants.CIDR_ENDPOINT,
'endpoints': ['10.10.10.10/24', '20.20.20.20/24']}
self.assertRaises(vpnaas.WrongEndpointGroupType,
self.assertRaises(vpn_exception.WrongEndpointGroupType,
self.validator._get_local_subnets,
self.context, local_epg)
peer_epg = {'id': 'should-be-cidrs',
'type': v_constants.SUBNET_ENDPOINT,
'endpoints': [_uuid(), _uuid()]}
self.assertRaises(vpnaas.WrongEndpointGroupType,
self.assertRaises(vpn_exception.WrongEndpointGroupType,
self.validator._get_peer_cidrs,
peer_epg)
@ -527,6 +529,6 @@ class TestVpnValidation(base.BaseTestCase):
def test_fail_ipsec_conn_peer_cidrs_mixed_ip_version(self):
mixed_cidrs = ['2002:0a00::/48', '20.20.20.0/24']
self.assertRaises(vpnaas.MixedIPVersionsForPeerCidrs,
self.assertRaises(vpn_exception.MixedIPVersionsForPeerCidrs,
self.validator._check_peer_cidrs_ip_versions,
mixed_cidrs)

6
neutron_vpnaas/tests/unit/services/vpn/device_drivers/test_ipsec.py
View File

@ -26,10 +26,10 @@ from neutron.agent.l3 import legacy_router
from neutron.agent.linux import iptables_manager
from neutron.conf.agent.l3 import config as l3_config
from neutron_lib import constants
from neutron_lib.exceptions import vpn as vpn_exception
from oslo_config import cfg
from oslo_utils import uuidutils
from neutron_vpnaas.extensions import vpnaas
from neutron_vpnaas.services.vpn.device_drivers import ipsec as openswan_ipsec
from neutron_vpnaas.services.vpn.device_drivers import libreswan_ipsec
from neutron_vpnaas.services.vpn.device_drivers import strongswan_ipsec
@ -1292,7 +1292,7 @@ class TestOpenSwanProcess(IPSecDeviceLegacy):
{'fake-conn-id': {'status': constants.ERROR,
'updated_pending_status': True}})
self.assertRaises(vpnaas.VPNPeerAddressNotResolved,
self.assertRaises(vpn_exception.VPNPeerAddressNotResolved,
self.process._get_nexthop, 'foo.peer.addr',
'fake-conn-id')
self.assertEqual(expected_connection_status_dict,
@ -1302,7 +1302,7 @@ class TestOpenSwanProcess(IPSecDeviceLegacy):
{'fake-conn-id': {'status': constants.PENDING_CREATE,
'updated_pending_status': False}})
self.assertRaises(vpnaas.VPNPeerAddressNotResolved,
self.assertRaises(vpn_exception.VPNPeerAddressNotResolved,
self.process._get_nexthop, 'foo.peer.addr',
'fake-conn-id')
self.assertEqual(expected_connection_status_dict,

4
neutron_vpnaas/tests/unit/services/vpn/test_vpn_service.py
View File

@ -16,10 +16,10 @@
from unittest import mock
from neutron_lib.callbacks import registry
from neutron_lib.exceptions import vpn as vpn_exception
from oslo_config import cfg
from oslo_utils import uuidutils
from neutron_vpnaas.extensions import vpnaas
from neutron_vpnaas.services.vpn import agent as vpn_agent
from neutron_vpnaas.services.vpn import device_drivers
from neutron_vpnaas.services.vpn import vpn_service
@ -88,5 +88,5 @@ class TestVirtualPrivateNetworkDeviceDriverLoading(VPNBaseTestCase):
cfg.CONF.set_override('vpn_device_driver',
['no.such.class'],
'vpnagent')
self.assertRaises(vpnaas.DeviceDriverImportError,
self.assertRaises(vpn_exception.DeviceDriverImportError,
self.service.load_device_drivers, 'host')