From 6a226281bb28b6e64c55f997b79224bcfad79ea5 Mon Sep 17 00:00:00 2001 From: Mohammed Naser Date: Mon, 23 May 2022 11:42:13 -0400 Subject: [PATCH] Migrate to neutron-lib released API definition for VPNaaS APIs This patch shows how to use a neutron-lib released API definition for the VPNaaS extensions. This is a baby step towards a consolidated set of Neutron APIs. See I06760fbbbc87570412a21364fba58efe880a907b for more details. The method get_namespace in API extensions is also removed during this migration. Since it was removed from neutron long time ago [1]. Co-Authored-By: Anh Tran Co-Authored-By: Hunt Xu Co-Authored-By: Dongcan Ye [1] I3c406910991c33cf959c5345d76153eabe3ace2d Depends-On: https://review.opendev.org/#/c/710559/ Depends-On: https://review.opendev.org/#/c/712657/ Change-Id: I1034814639a03b6482d9c9d1a389950aef967a59 --- neutron_vpnaas/db/vpn/vpn_db.py | 39 +- neutron_vpnaas/db/vpn/vpn_validator.py | 53 +- .../extensions/vpn_endpoint_groups.py | 82 +-- neutron_vpnaas/extensions/vpn_flavors.py | 40 +- neutron_vpnaas/extensions/vpnaas.py | 488 +----------------- .../services/vpn/device_drivers/ipsec.py | 5 +- neutron_vpnaas/services/vpn/vpn_service.py | 5 +- .../tests/unit/db/vpn/test_vpn_db.py | 23 +- .../tests/unit/db/vpn/test_vpn_validator.py | 66 +-- .../services/vpn/device_drivers/test_ipsec.py | 6 +- .../unit/services/vpn/test_vpn_service.py | 4 +- 11 files changed, 131 insertions(+), 680 deletions(-) diff --git a/neutron_vpnaas/db/vpn/vpn_db.py b/neutron_vpnaas/db/vpn/vpn_db.py index e761e95d1..c4fae60d4 100644 --- a/neutron_vpnaas/db/vpn/vpn_db.py +++ b/neutron_vpnaas/db/vpn/vpn_db.py @@ -23,6 +23,7 @@ from neutron_lib.db import api as db_api from neutron_lib.db import model_query from neutron_lib.db import utils as db_utils from neutron_lib.exceptions import l3 as l3_exception +from neutron_lib.exceptions import vpn as vpn_exception from neutron_lib.plugins import constants as p_constants from neutron_lib.plugins import directory from neutron_lib.plugins import utils @@ -68,17 +69,18 @@ class VPNPluginDb(vpnaas.VPNPluginBase, except exc.NoResultFound: with excutils.save_and_reraise_exception(reraise=False) as ctx: if issubclass(model, vpn_models.IPsecSiteConnection): - raise vpnaas.IPsecSiteConnectionNotFound( + raise vpn_exception.IPsecSiteConnectionNotFound( ipsec_site_conn_id=v_id ) elif issubclass(model, vpn_models.IKEPolicy): - raise vpnaas.IKEPolicyNotFound(ikepolicy_id=v_id) + raise vpn_exception.IKEPolicyNotFound(ikepolicy_id=v_id) elif issubclass(model, vpn_models.IPsecPolicy): - raise vpnaas.IPsecPolicyNotFound(ipsecpolicy_id=v_id) + raise vpn_exception.IPsecPolicyNotFound( + ipsecpolicy_id=v_id) elif issubclass(model, vpn_models.VPNService): - raise vpnaas.VPNServiceNotFound(vpnservice_id=v_id) + raise vpn_exception.VPNServiceNotFound(vpnservice_id=v_id) elif issubclass(model, vpn_models.VPNEndpointGroup): - raise vpnaas.VPNEndpointGroupNotFound( + raise vpn_exception.VPNEndpointGroupNotFound( endpoint_group_id=v_id) ctx.reraise = True return r @@ -87,7 +89,7 @@ class VPNPluginDb(vpnaas.VPNPluginBase, status = getattr(obj, 'status', None) _id = getattr(obj, 'id', None) if utils.in_pending_status(status): - raise vpnaas.VPNStateInvalidToUpdate(id=_id, state=status) + raise vpn_exception.VPNStateInvalidToUpdate(id=_id, state=status) def _make_ipsec_site_connection_dict(self, ipsec_site_conn, fields=None): @@ -288,7 +290,7 @@ class VPNPluginDb(vpnaas.VPNPluginBase, """ try: conn_db = self._get_ipsec_site_connection(context, conn_id) - except vpnaas.IPsecSiteConnectionNotFound: + except vpn_exception.IPsecSiteConnectionNotFound: return if not utils.in_pending_status(conn_db.status) or updated_pending: conn_db.status = new_status @@ -344,7 +346,7 @@ class VPNPluginDb(vpnaas.VPNPluginBase, validator.validate_ike_policy(context, ike) if context.session.query(vpn_models.IPsecSiteConnection).filter_by( ikepolicy_id=ikepolicy_id).first(): - raise vpnaas.IKEPolicyInUse(ikepolicy_id=ikepolicy_id) + raise vpn_exception.IKEPolicyInUse(ikepolicy_id=ikepolicy_id) ike_db = self._get_resource( context, vpn_models.IKEPolicy, ikepolicy_id) if ike: @@ -361,7 +363,7 @@ class VPNPluginDb(vpnaas.VPNPluginBase, with db_api.CONTEXT_WRITER.using(context): if context.session.query(vpn_models.IPsecSiteConnection).filter_by( ikepolicy_id=ikepolicy_id).first(): - raise vpnaas.IKEPolicyInUse(ikepolicy_id=ikepolicy_id) + raise vpn_exception.IKEPolicyInUse(ikepolicy_id=ikepolicy_id) ike_db = self._get_resource( context, vpn_models.IKEPolicy, ikepolicy_id) context.session.delete(ike_db) @@ -426,7 +428,8 @@ class VPNPluginDb(vpnaas.VPNPluginBase, validator.validate_ipsec_policy(context, ipsecp) if context.session.query(vpn_models.IPsecSiteConnection).filter_by( ipsecpolicy_id=ipsecpolicy_id).first(): - raise vpnaas.IPsecPolicyInUse(ipsecpolicy_id=ipsecpolicy_id) + raise vpn_exception.IPsecPolicyInUse( + ipsecpolicy_id=ipsecpolicy_id) ipsecp_db = self._get_resource( context, vpn_models.IPsecPolicy, ipsecpolicy_id) if ipsecp: @@ -443,7 +446,8 @@ class VPNPluginDb(vpnaas.VPNPluginBase, with db_api.CONTEXT_WRITER.using(context): if context.session.query(vpn_models.IPsecSiteConnection).filter_by( ipsecpolicy_id=ipsecpolicy_id).first(): - raise vpnaas.IPsecPolicyInUse(ipsecpolicy_id=ipsecpolicy_id) + raise vpn_exception.IPsecPolicyInUse( + ipsecpolicy_id=ipsecpolicy_id) ipsec_db = self._get_resource( context, vpn_models.IPsecPolicy, ipsecpolicy_id) context.session.delete(ipsec_db) @@ -516,7 +520,8 @@ class VPNPluginDb(vpnaas.VPNPluginBase, if context.session.query(vpn_models.IPsecSiteConnection).filter_by( vpnservice_id=vpnservice_id ).first(): - raise vpnaas.VPNServiceInUse(vpnservice_id=vpnservice_id) + raise vpn_exception.VPNServiceInUse( + vpnservice_id=vpnservice_id) vpns_db = self._get_resource(context, vpn_models.VPNService, vpnservice_id) context.session.delete(vpns_db) @@ -553,7 +558,7 @@ class VPNPluginDb(vpnaas.VPNPluginBase, vpn_models.VPNService).filter_by( subnet_id=subnet_id, router_id=router_id).first() if vpnservices: - raise vpnaas.SubnetInUseByVPNService( + raise vpn_exception.SubnetInUseByVPNService( subnet_id=subnet_id, vpnservice_id=vpnservices['id']) @@ -576,7 +581,7 @@ class VPNPluginDb(vpnaas.VPNPluginBase, vpn_models.VPNService.router_id == router_id) connection = query.first() if connection: - raise vpnaas.SubnetInUseByIPsecSiteConnection( + raise vpn_exception.SubnetInUseByIPsecSiteConnection( subnet_id=subnet_id, ipsec_site_connection_id=connection['id']) @@ -592,7 +597,7 @@ class VPNPluginDb(vpnaas.VPNPluginBase, vpn_models.VPNEndpoint.endpoint == subnet_id)) group = query.first() if group: - raise vpnaas.SubnetInUseByEndpointGroup( + raise vpn_exception.SubnetInUseByEndpointGroup( subnet_id=subnet_id, group_id=group['id']) def _make_endpoint_group_dict(self, endpoint_group, fields=None): @@ -661,7 +666,7 @@ class VPNPluginDb(vpnaas.VPNPluginBase, vpn_models.IPsecSiteConnection.peer_ep_group_id == group_id) ) if query.first(): - raise vpnaas.EndpointGroupInUse(group_id=group_id) + raise vpn_exception.EndpointGroupInUse(group_id=group_id) class VPNPluginRpcDbMixin(object): @@ -703,7 +708,7 @@ class VPNPluginRpcDbMixin(object): try: vpnservice_db = self._get_vpnservice( context, vpnservice['id']) - except vpnaas.VPNServiceNotFound: + except vpn_exception.VPNServiceNotFound: LOG.warning('vpnservice %s in db is already deleted', vpnservice['id']) continue diff --git a/neutron_vpnaas/db/vpn/vpn_validator.py b/neutron_vpnaas/db/vpn/vpn_validator.py index 40e7d4613..3366be2fb 100644 --- a/neutron_vpnaas/db/vpn/vpn_validator.py +++ b/neutron_vpnaas/db/vpn/vpn_validator.py @@ -19,11 +19,11 @@ from neutron.db import l3_db from neutron.db import models_v2 from neutron_lib.api import validators from neutron_lib import exceptions as nexception +from neutron_lib.exceptions import vpn as vpn_exception from neutron_lib.plugins import constants as plugin_const from neutron_lib.plugins import directory from neutron_vpnaas._i18n import _ -from neutron_vpnaas.extensions import vpnaas from neutron_vpnaas.services.vpn.common import constants @@ -56,13 +56,13 @@ class VpnReferenceValidator(object): def _check_dpd(self, ipsec_sitecon): """Ensure that DPD timeout is greater than DPD interval.""" if ipsec_sitecon['dpd_timeout'] <= ipsec_sitecon['dpd_interval']: - raise vpnaas.IPsecSiteConnectionDpdIntervalValueError( + raise vpn_exception.IPsecSiteConnectionDpdIntervalValueError( attr='dpd_timeout') def _check_mtu(self, context, mtu, ip_version): if mtu < VpnReferenceValidator.IP_MIN_MTU[ip_version]: - raise vpnaas.IPsecSiteConnectionMtuError(mtu=mtu, - version=ip_version) + raise vpn_exception.IPsecSiteConnectionMtuError( + mtu=mtu, version=ip_version) def _validate_peer_address(self, ip_version, router): # NOTE: peer_address ip version should match with @@ -75,7 +75,7 @@ class VpnReferenceValidator(object): if ip_version == netaddr.IPAddress(addr).version: return - raise vpnaas.ExternalNetworkHasNoSubnet( + raise vpn_exception.ExternalNetworkHasNoSubnet( router_id=router.id, ip_version="IPv6" if ip_version == 6 else "IPv4") @@ -89,14 +89,15 @@ class VpnReferenceValidator(object): addrinfo = socket.getaddrinfo(address, None)[0] ipsec_sitecon['peer_address'] = addrinfo[-1][0] except socket.gaierror: - raise vpnaas.VPNPeerAddressNotResolved(peer_address=address) + raise vpn_exception.VPNPeerAddressNotResolved( + peer_address=address) ip_version = netaddr.IPAddress(ipsec_sitecon['peer_address']).version self._validate_peer_address(ip_version, router) def _get_local_subnets(self, context, endpoint_group): if endpoint_group['type'] != constants.SUBNET_ENDPOINT: - raise vpnaas.WrongEndpointGroupType( + raise vpn_exception.WrongEndpointGroupType( group_type=endpoint_group['type'], which=endpoint_group['id'], expected=constants.SUBNET_ENDPOINT) subnet_ids = endpoint_group['endpoints'] @@ -105,7 +106,7 @@ class VpnReferenceValidator(object): def _get_peer_cidrs(self, endpoint_group): if endpoint_group['type'] != constants.CIDR_ENDPOINT: - raise vpnaas.WrongEndpointGroupType( + raise vpn_exception.WrongEndpointGroupType( group_type=endpoint_group['type'], which=endpoint_group['id'], expected=constants.CIDR_ENDPOINT) return endpoint_group['endpoints'] @@ -119,7 +120,8 @@ class VpnReferenceValidator(object): return local_subnets[0]['ip_version'] ip_versions = set([subnet['ip_version'] for subnet in local_subnets]) if len(ip_versions) > 1: - raise vpnaas.MixedIPVersionsForIPSecEndpoints(group=group_id) + raise vpn_exception.MixedIPVersionsForIPSecEndpoints( + group=group_id) return ip_versions.pop() def _check_peer_endpoint_ip_versions(self, group_id, peer_cidrs): @@ -131,7 +133,8 @@ class VpnReferenceValidator(object): return netaddr.IPNetwork(peer_cidrs[0]).version ip_versions = set([netaddr.IPNetwork(pc).version for pc in peer_cidrs]) if len(ip_versions) > 1: - raise vpnaas.MixedIPVersionsForIPSecEndpoints(group=group_id) + raise vpn_exception.MixedIPVersionsForIPSecEndpoints( + group=group_id) return ip_versions.pop() def _check_peer_cidrs(self, peer_cidrs): @@ -139,7 +142,7 @@ class VpnReferenceValidator(object): for peer_cidr in peer_cidrs: msg = validators.validate_subnet(peer_cidr) if msg: - raise vpnaas.IPsecSiteConnectionPeerCidrError( + raise vpn_exception.IPsecSiteConnectionPeerCidrError( peer_cidr=peer_cidr) def _check_peer_cidrs_ip_versions(self, peer_cidrs): @@ -148,7 +151,7 @@ class VpnReferenceValidator(object): return netaddr.IPNetwork(peer_cidrs[0]).version ip_versions = set([netaddr.IPNetwork(pc).version for pc in peer_cidrs]) if len(ip_versions) > 1: - raise vpnaas.MixedIPVersionsForPeerCidrs() + raise vpn_exception.MixedIPVersionsForPeerCidrs() return ip_versions.pop() def _check_local_subnets_on_router(self, context, router, local_subnets): @@ -158,7 +161,7 @@ class VpnReferenceValidator(object): def _validate_compatible_ip_versions(self, local_ip_version, peer_ip_version): if local_ip_version != peer_ip_version: - raise vpnaas.MixedIPVersionsForIPSecConnection() + raise vpn_exception.MixedIPVersionsForIPSecConnection() def validate_ipsec_conn_optional_args(self, ipsec_sitecon, subnet): """Ensure that proper combinations of optional args are used. @@ -175,7 +178,7 @@ class VpnReferenceValidator(object): peer_cidrs = ipsec_sitecon.get('peer_cidrs') if subnet: if not peer_cidrs: - raise vpnaas.MissingPeerCidrs() + raise vpn_exception.MissingPeerCidrs() epgs = [] if local_epg_id: epgs.append('local') @@ -184,10 +187,11 @@ class VpnReferenceValidator(object): if epgs: which = ' and '.join(epgs) suffix = 's' if len(epgs) > 1 else '' - raise vpnaas.InvalidEndpointGroup(which=which, suffix=suffix) + raise vpn_exception.InvalidEndpointGroup(which=which, + suffix=suffix) else: if peer_cidrs: - raise vpnaas.PeerCidrsInvalid() + raise vpn_exception.PeerCidrsInvalid() epgs = [] if not local_epg_id: epgs.append('local') @@ -196,8 +200,8 @@ class VpnReferenceValidator(object): if epgs: which = ' and '.join(epgs) suffix = 's' if len(epgs) > 1 else '' - raise vpnaas.MissingRequiredEndpointGroup(which=which, - suffix=suffix) + raise vpn_exception.MissingRequiredEndpointGroup( + which=which, suffix=suffix) def assign_sensible_ipsec_sitecon_defaults(self, ipsec_sitecon, prev_conn=None): @@ -271,7 +275,7 @@ class VpnReferenceValidator(object): def _check_router(self, context, router_id): router = self.l3_plugin.get_router(context, router_id) if not router.get(l3_db.EXTERNAL_GW_INFO): - raise vpnaas.RouterIsNotExternal(router_id=router_id) + raise vpn_exception.RouterIsNotExternal(router_id=router_id) def _check_subnet_id(self, context, router_id, subnet_id): ports = self.core_plugin.get_ports( @@ -280,7 +284,7 @@ class VpnReferenceValidator(object): 'fixed_ips': {'subnet_id': [subnet_id]}, 'device_id': [router_id]}) if not ports: - raise vpnaas.SubnetIsNotConnectedToRouter( + raise vpn_exception.SubnetIsNotConnectedToRouter( subnet_id=subnet_id, router_id=router_id) @@ -303,7 +307,7 @@ class VpnReferenceValidator(object): for cidr in cidrs: msg = validators.validate_subnet(cidr) if msg: - raise vpnaas.InvalidEndpointInEndpointGroup( + raise vpn_exception.InvalidEndpointInEndpointGroup( group_type=constants.CIDR_ENDPOINT, endpoint=cidr, why=_("Invalid CIDR")) @@ -312,13 +316,13 @@ class VpnReferenceValidator(object): for subnet_id in subnet_ids: msg = validators.validate_uuid(subnet_id) if msg: - raise vpnaas.InvalidEndpointInEndpointGroup( + raise vpn_exception.InvalidEndpointInEndpointGroup( group_type=constants.SUBNET_ENDPOINT, endpoint=subnet_id, why=_('Invalid UUID')) try: self.core_plugin.get_subnet(context, subnet_id) except nexception.SubnetNotFound: - raise vpnaas.NonExistingSubnetInEndpointGroup( + raise vpn_exception.NonExistingSubnetInEndpointGroup( subnet=subnet_id) def validate_endpoint_group(self, context, endpoint_group): @@ -330,7 +334,8 @@ class VpnReferenceValidator(object): """ endpoints = endpoint_group['endpoints'] if not endpoints: - raise vpnaas.MissingEndpointForEndpointGroup(group=endpoint_group) + raise vpn_exception.MissingEndpointForEndpointGroup( + group=endpoint_group) group_type = endpoint_group['type'] if group_type == constants.CIDR_ENDPOINT: self._validate_cidrs(endpoints) diff --git a/neutron_vpnaas/extensions/vpn_endpoint_groups.py b/neutron_vpnaas/extensions/vpn_endpoint_groups.py index 2e706d3d1..97afcff00 100644 --- a/neutron_vpnaas/extensions/vpn_endpoint_groups.py +++ b/neutron_vpnaas/extensions/vpn_endpoint_groups.py @@ -14,86 +14,26 @@ import abc -from neutron.api.v2 import resource_helper - -from neutron_lib.api import converters +from neutron_lib.api.definitions import vpn_endpoint_groups from neutron_lib.api import extensions -from neutron_lib.db import constants as db_const from neutron_lib.plugins import constants as nconstants -from neutron_vpnaas.services.vpn.common import constants +from neutron.api.v2 import resource_helper -RESOURCE_ATTRIBUTE_MAP = { - - 'endpoint_groups': { - 'id': {'allow_post': False, 'allow_put': False, - 'validate': {'type:uuid': None}, - 'is_visible': True, - 'primary_key': True}, - 'tenant_id': {'allow_post': True, 'allow_put': False, - 'validate': { - 'type:string': db_const.PROJECT_ID_FIELD_SIZE}, - 'required_by_policy': True, - 'is_visible': True}, - 'name': {'allow_post': True, 'allow_put': True, - 'validate': {'type:string': db_const.NAME_FIELD_SIZE}, - 'is_visible': True, 'default': ''}, - 'description': {'allow_post': True, 'allow_put': True, - 'validate': { - 'type:string': db_const.DESCRIPTION_FIELD_SIZE}, - 'is_visible': True, 'default': ''}, - 'type': {'allow_post': True, 'allow_put': False, - 'validate': { - 'type:values': constants.VPN_SUPPORTED_ENDPOINT_TYPES, - }, - 'is_visible': True}, - 'endpoints': {'allow_post': True, 'allow_put': False, - 'convert_to': converters.convert_to_list, - 'is_visible': True}, - }, -} - - -class Vpn_endpoint_groups(extensions.ExtensionDescriptor): - - @classmethod - def get_name(cls): - return "VPN Endpoint Groups" - - @classmethod - def get_alias(cls): - return "vpn-endpoint-groups" - - @classmethod - def get_description(cls): - return "VPN endpoint groups support" - - @classmethod - def get_updated(cls): - return "2015-08-04T10:00:00-00:00" +class Vpn_endpoint_groups(extensions.APIExtensionDescriptor): + api_definition = vpn_endpoint_groups @classmethod def get_resources(cls): plural_mappings = resource_helper.build_plural_mappings( - {}, RESOURCE_ATTRIBUTE_MAP) - return resource_helper.build_resource_info(plural_mappings, - RESOURCE_ATTRIBUTE_MAP, - nconstants.VPN, - register_quota=True, - translate_name=True) - - def get_required_extensions(self): - return ["vpnaas"] - - def update_attributes_map(self, attributes): - super(Vpn_endpoint_groups, self).update_attributes_map( - attributes, extension_attrs_map=RESOURCE_ATTRIBUTE_MAP) - - def get_extended_resources(self, version): - if version == "2.0": - return RESOURCE_ATTRIBUTE_MAP - return {} + {}, vpn_endpoint_groups.RESOURCE_ATTRIBUTE_MAP) + return resource_helper.build_resource_info( + plural_mappings, + vpn_endpoint_groups.RESOURCE_ATTRIBUTE_MAP, + nconstants.VPN, + register_quota=True, + translate_name=True) class VPNEndpointGroupsPluginBase(object, metaclass=abc.ABCMeta): diff --git a/neutron_vpnaas/extensions/vpn_flavors.py b/neutron_vpnaas/extensions/vpn_flavors.py index 94aa931e3..5c4db1e53 100644 --- a/neutron_vpnaas/extensions/vpn_flavors.py +++ b/neutron_vpnaas/extensions/vpn_flavors.py @@ -13,6 +13,7 @@ # under the License. # +from neutron_lib.api.definitions import vpn_flavors from neutron_lib.api import extensions from neutron_lib import exceptions as nexception @@ -27,41 +28,6 @@ class NoProviderFoundForFlavor(nexception.NotFound): message = _("No service provider found for flavor %(flavor_id)s") -EXTENDED_ATTRIBUTES_2_0 = { - 'vpnservices': { - 'flavor_id': {'allow_post': True, 'allow_put': False, - 'validate': {'type:uuid_or_none': None}, - 'is_visible': True, 'default': None} - } -} - - -class Vpn_flavors(extensions.ExtensionDescriptor): +class Vpn_flavors(extensions.APIExtensionDescriptor): """Extension class supporting flavors for vpnservices.""" - - @classmethod - def get_name(cls): - return "VPN Service Flavor Extension" - - @classmethod - def get_alias(cls): - return 'vpn-flavors' - - @classmethod - def get_description(cls): - return "Flavor support for vpnservices." - - @classmethod - def get_updated(cls): - return "2017-04-19T00:00:00-00:00" - - def get_extended_resources(self, version): - if version == "2.0": - return EXTENDED_ATTRIBUTES_2_0 - return {} - - def get_required_extensions(self): - return ["vpnaas"] - - def get_optional_extensions(self): - return ["flavors"] + api_definition = vpn_flavors diff --git a/neutron_vpnaas/extensions/vpnaas.py b/neutron_vpnaas/extensions/vpnaas.py index ee2fd7e5a..e3b9d6883 100644 --- a/neutron_vpnaas/extensions/vpnaas.py +++ b/neutron_vpnaas/extensions/vpnaas.py @@ -15,503 +15,35 @@ import abc -from neutron_lib.api import converters +from neutron_lib.api.definitions import vpn from neutron_lib.api import extensions -from neutron_lib.api import validators -from neutron_lib.db import constants as db_const -from neutron_lib import exceptions as nexception from neutron_lib.plugins import constants as nconstants from neutron_lib.services import base as service_base from neutron.api.v2 import resource_helper -from neutron_vpnaas._i18n import _ - -class VPNServiceNotFound(nexception.NotFound): - message = _("VPNService %(vpnservice_id)s could not be found") - - -class IPsecSiteConnectionNotFound(nexception.NotFound): - message = _("ipsec_site_connection %(ipsec_site_conn_id)s not found") - - -class IPsecSiteConnectionDpdIntervalValueError(nexception.InvalidInput): - message = _("ipsec_site_connection %(attr)s is " - "equal to or less than dpd_interval") - - -class IPsecSiteConnectionMtuError(nexception.InvalidInput): - message = _("ipsec_site_connection MTU %(mtu)d is too small " - "for ipv%(version)s") - - -class IPsecSiteConnectionPeerCidrError(nexception.InvalidInput): - message = _("ipsec_site_connection peer cidr %(peer_cidr)s is " - "invalid CIDR") - - -class IKEPolicyNotFound(nexception.NotFound): - message = _("IKEPolicy %(ikepolicy_id)s could not be found") - - -class IPsecPolicyNotFound(nexception.NotFound): - message = _("IPsecPolicy %(ipsecpolicy_id)s could not be found") - - -class IKEPolicyInUse(nexception.InUse): - message = _("IKEPolicy %(ikepolicy_id)s is in use by existing " - "IPsecSiteConnection and can't be updated or deleted") - - -class VPNServiceInUse(nexception.InUse): - message = _("VPNService %(vpnservice_id)s is still in use") - - -class SubnetInUseByVPNService(nexception.InUse): - message = _("Subnet %(subnet_id)s is used by VPNService %(vpnservice_id)s") - - -class SubnetInUseByEndpointGroup(nexception.InUse): - message = _("Subnet %(subnet_id)s is used by endpoint group %(group_id)s") - - -class SubnetInUseByIPsecSiteConnection(nexception.InUse): - message = _("Subnet %(subnet_id)s is used by ipsec site connection " - "%(ipsec_site_connection_id)s") - - -class VPNStateInvalidToUpdate(nexception.BadRequest): - message = _("Invalid state %(state)s of vpnaas resource %(id)s" - " for updating") - - -class IPsecPolicyInUse(nexception.InUse): - message = _("IPsecPolicy %(ipsecpolicy_id)s is in use by existing " - "IPsecSiteConnection and can't be updated or deleted") - - -class DeviceDriverImportError(nexception.NeutronException): - message = _("Can not load driver :%(device_driver)s") - - -class SubnetIsNotConnectedToRouter(nexception.BadRequest): - message = _("Subnet %(subnet_id)s is not " - "connected to Router %(router_id)s") - - -class RouterIsNotExternal(nexception.BadRequest): - message = _("Router %(router_id)s has no external network gateway set") - - -class VPNPeerAddressNotResolved(nexception.InvalidInput): - message = _("Peer address %(peer_address)s cannot be resolved") - - -class ExternalNetworkHasNoSubnet(nexception.BadRequest): - message = _("Router's %(router_id)s external network has " - "no %(ip_version)s subnet") - - -class VPNEndpointGroupNotFound(nexception.NotFound): - message = _("Endpoint group %(endpoint_group_id)s could not be found") - - -class InvalidEndpointInEndpointGroup(nexception.InvalidInput): - message = _("Endpoint '%(endpoint)s' is invalid for group " - "type '%(group_type)s': %(why)s") - - -class MissingEndpointForEndpointGroup(nexception.BadRequest): - message = _("No endpoints specified for endpoint group '%(group)s'") - - -class NonExistingSubnetInEndpointGroup(nexception.InvalidInput): - message = _("Subnet %(subnet)s in endpoint group does not exist") - - -class MixedIPVersionsForIPSecEndpoints(nexception.BadRequest): - message = _("Endpoints in group %(group)s do not have the same IP " - "version, as required for IPSec site-to-site connection") - - -class MixedIPVersionsForPeerCidrs(nexception.BadRequest): - message = _("Peer CIDRs do not have the same IP version, as required " - "for IPSec site-to-site connection") - - -class MixedIPVersionsForIPSecConnection(nexception.BadRequest): - message = _("IP versions are not compatible between peer and local " - "endpoints") - - -class InvalidEndpointGroup(nexception.BadRequest): - message = _("Endpoint group%(suffix)s %(which)s cannot be specified, " - "when VPN Service has subnet specified") - - -class WrongEndpointGroupType(nexception.BadRequest): - message = _("Endpoint group %(which)s type is '%(group_type)s' and " - "should be '%(expected)s'") - - -class PeerCidrsInvalid(nexception.BadRequest): - message = _("Peer CIDRs cannot be specified, when using endpoint " - "groups") - - -class MissingPeerCidrs(nexception.BadRequest): - message = _("Missing peer CIDRs for IPsec site-to-site connection") - - -class MissingRequiredEndpointGroup(nexception.BadRequest): - message = _("Missing endpoint group%(suffix)s %(which)s for IPSec " - "site-to-site connection") - - -class EndpointGroupInUse(nexception.BadRequest): - message = _("Endpoint group %(group_id)s is in use and cannot be deleted") - - -def _validate_subnet_list_or_none(data, key_specs=None): - if data is not None: - return validators.validate_subnet_list(data, key_specs) - - -validators.add_validator('type:subnet_list_or_none', - _validate_subnet_list_or_none) - -vpn_supported_initiators = ['bi-directional', 'response-only'] -vpn_supported_encryption_algorithms = ['3des', 'aes-128', - 'aes-192', 'aes-256'] -vpn_dpd_supported_actions = [ - 'hold', 'clear', 'restart', 'restart-by-peer', 'disabled' -] -vpn_supported_transform_protocols = ['esp', 'ah', 'ah-esp'] -vpn_supported_encapsulation_mode = ['tunnel', 'transport'] -#TODO(nati) add kilobytes when we support it -vpn_supported_lifetime_units = ['seconds'] -vpn_supported_pfs = ['group2', 'group5', 'group14'] -vpn_supported_ike_versions = ['v1', 'v2'] -vpn_supported_auth_mode = ['psk'] -vpn_supported_auth_algorithms = ['sha1', 'sha256', 'sha384', 'sha512'] -vpn_supported_phase1_negotiation_mode = ['main', 'aggressive'] - -vpn_lifetime_limits = (60, validators.UNLIMITED) -positive_int = (0, validators.UNLIMITED) - -RESOURCE_ATTRIBUTE_MAP = { - - 'vpnservices': { - 'id': {'allow_post': False, 'allow_put': False, - 'validate': {'type:uuid': None}, - 'is_visible': True, - 'primary_key': True, - 'is_sort_key': True}, - 'tenant_id': {'allow_post': True, 'allow_put': False, - 'validate': { - 'type:string': db_const.PROJECT_ID_FIELD_SIZE}, - 'required_by_policy': True, - 'is_visible': True, - 'is_sort_key': True}, - 'name': {'allow_post': True, 'allow_put': True, - 'validate': {'type:string': db_const.NAME_FIELD_SIZE}, - 'is_visible': True, 'default': '', - 'is_sort_key': True}, - 'description': {'allow_post': True, 'allow_put': True, - 'validate': { - 'type:string': db_const.DESCRIPTION_FIELD_SIZE}, - 'is_visible': True, 'default': ''}, - 'subnet_id': {'allow_post': True, 'allow_put': False, - 'validate': {'type:uuid_or_none': None}, - 'is_visible': True, 'default': None, - 'is_sort_key': True}, - 'router_id': {'allow_post': True, 'allow_put': False, - 'validate': {'type:uuid': None}, - 'is_visible': True, - 'is_sort_key': True}, - 'admin_state_up': {'allow_post': True, 'allow_put': True, - 'default': True, - 'convert_to': converters.convert_to_boolean, - 'is_visible': True}, - 'external_v4_ip': {'allow_post': False, 'allow_put': False, - 'is_visible': True}, - 'external_v6_ip': {'allow_post': False, 'allow_put': False, - 'is_visible': True}, - 'status': {'allow_post': False, 'allow_put': False, - 'is_visible': True} - }, - - 'ipsec_site_connections': { - 'id': {'allow_post': False, 'allow_put': False, - 'validate': {'type:uuid': None}, - 'is_visible': True, - 'primary_key': True, - 'is_sort_key': True}, - 'tenant_id': {'allow_post': True, 'allow_put': False, - 'validate': { - 'type:string': db_const.PROJECT_ID_FIELD_SIZE}, - 'required_by_policy': True, - 'is_visible': True, - 'is_sort_key': True}, - 'name': {'allow_post': True, 'allow_put': True, - 'validate': {'type:string': db_const.NAME_FIELD_SIZE}, - 'is_visible': True, 'default': '', - 'is_sort_key': True}, - 'description': {'allow_post': True, 'allow_put': True, - 'validate': { - 'type:string': db_const.DESCRIPTION_FIELD_SIZE}, - 'is_visible': True, 'default': ''}, - 'local_id': {'allow_post': True, 'allow_put': True, - 'validate': {'type:string': None}, - 'is_visible': True, 'default': ''}, - 'peer_address': {'allow_post': True, 'allow_put': True, - 'validate': {'type:string': None}, - 'is_visible': True}, - 'peer_id': {'allow_post': True, 'allow_put': True, - 'validate': {'type:string': None}, - 'is_visible': True}, - 'peer_cidrs': {'allow_post': True, 'allow_put': True, - 'convert_to': converters.convert_to_list, - 'validate': {'type:subnet_list_or_none': None}, - 'is_visible': True, - 'default': None}, - 'local_ep_group_id': {'allow_post': True, 'allow_put': True, - 'validate': {'type:uuid_or_none': None}, - 'is_visible': True, 'default': None}, - 'peer_ep_group_id': {'allow_post': True, 'allow_put': True, - 'validate': {'type:uuid_or_none': None}, - 'is_visible': True, 'default': None}, - 'route_mode': {'allow_post': False, 'allow_put': False, - 'default': 'static', - 'is_visible': True}, - 'mtu': {'allow_post': True, 'allow_put': True, - 'default': '1500', - 'validate': {'type:range': positive_int}, - 'convert_to': converters.convert_to_int, - 'is_visible': True}, - 'initiator': {'allow_post': True, 'allow_put': True, - 'default': 'bi-directional', - 'validate': {'type:values': vpn_supported_initiators}, - 'is_visible': True}, - 'auth_mode': {'allow_post': False, 'allow_put': False, - 'default': 'psk', - 'validate': {'type:values': vpn_supported_auth_mode}, - 'is_visible': True}, - 'psk': {'allow_post': True, 'allow_put': True, - 'validate': {'type:string': None}, - 'is_visible': True}, - 'dpd': {'allow_post': True, 'allow_put': True, - 'convert_to': converters.convert_none_to_empty_dict, - 'is_visible': True, - 'default': {}, - 'validate': { - 'type:dict_or_empty': { - 'action': { - 'type:values': vpn_dpd_supported_actions, - }, - 'interval': { - 'type:range': positive_int - }, - 'timeout': { - 'type:range': positive_int - }}}}, - 'admin_state_up': {'allow_post': True, 'allow_put': True, - 'default': True, - 'convert_to': converters.convert_to_boolean, - 'is_visible': True}, - 'status': {'allow_post': False, 'allow_put': False, - 'is_visible': True}, - 'vpnservice_id': {'allow_post': True, 'allow_put': False, - 'validate': {'type:uuid': None}, - 'is_visible': True}, - 'ikepolicy_id': {'allow_post': True, 'allow_put': False, - 'validate': {'type:uuid': None}, - 'is_visible': True}, - 'ipsecpolicy_id': {'allow_post': True, 'allow_put': False, - 'validate': {'type:uuid': None}, - 'is_visible': True} - }, - - 'ipsecpolicies': { - 'id': {'allow_post': False, 'allow_put': False, - 'validate': {'type:uuid': None}, - 'is_visible': True, - 'primary_key': True, - 'is_sort_key': True}, - 'tenant_id': {'allow_post': True, 'allow_put': False, - 'validate': { - 'type:string': db_const.PROJECT_ID_FIELD_SIZE}, - 'required_by_policy': True, - 'is_visible': True, - 'is_sort_key': True}, - 'name': {'allow_post': True, 'allow_put': True, - 'validate': {'type:string': db_const.NAME_FIELD_SIZE}, - 'is_visible': True, 'default': '', - 'is_sort_key': True}, - 'description': {'allow_post': True, 'allow_put': True, - 'validate': { - 'type:string': db_const.DESCRIPTION_FIELD_SIZE}, - 'is_visible': True, 'default': ''}, - 'transform_protocol': { - 'allow_post': True, - 'allow_put': True, - 'default': 'esp', - 'validate': { - 'type:values': vpn_supported_transform_protocols}, - 'is_visible': True}, - 'auth_algorithm': { - 'allow_post': True, - 'allow_put': True, - 'default': 'sha1', - 'validate': { - 'type:values': vpn_supported_auth_algorithms - }, - 'is_visible': True}, - 'encryption_algorithm': { - 'allow_post': True, - 'allow_put': True, - 'default': 'aes-128', - 'validate': { - 'type:values': vpn_supported_encryption_algorithms - }, - 'is_visible': True}, - 'encapsulation_mode': { - 'allow_post': True, - 'allow_put': True, - 'default': 'tunnel', - 'validate': { - 'type:values': vpn_supported_encapsulation_mode - }, - 'is_visible': True}, - 'lifetime': {'allow_post': True, 'allow_put': True, - 'convert_to': converters.convert_none_to_empty_dict, - 'default': {}, - 'validate': { - 'type:dict_or_empty': { - 'units': { - 'type:values': vpn_supported_lifetime_units, - }, - 'value': { - 'type:range': vpn_lifetime_limits - }}}, - 'is_visible': True}, - 'pfs': {'allow_post': True, 'allow_put': True, - 'default': 'group5', - 'validate': {'type:values': vpn_supported_pfs}, - 'is_visible': True} - }, - - 'ikepolicies': { - 'id': {'allow_post': False, 'allow_put': False, - 'validate': {'type:uuid': None}, - 'is_visible': True, - 'primary_key': True, - 'is_sort_key': True}, - 'tenant_id': {'allow_post': True, 'allow_put': False, - 'validate': { - 'type:string': db_const.PROJECT_ID_FIELD_SIZE}, - 'required_by_policy': True, - 'is_visible': True, - 'is_sort_key': True}, - 'name': {'allow_post': True, 'allow_put': True, - 'validate': {'type:string': db_const.NAME_FIELD_SIZE}, - 'is_visible': True, 'default': '', - 'is_sort_key': True}, - 'description': {'allow_post': True, 'allow_put': True, - 'validate': { - 'type:string': db_const.DESCRIPTION_FIELD_SIZE}, - 'is_visible': True, 'default': ''}, - 'auth_algorithm': {'allow_post': True, 'allow_put': True, - 'default': 'sha1', - 'validate': { - 'type:values': vpn_supported_auth_algorithms}, - 'is_visible': True}, - 'encryption_algorithm': { - 'allow_post': True, 'allow_put': True, - 'default': 'aes-128', - 'validate': {'type:values': vpn_supported_encryption_algorithms}, - 'is_visible': True}, - 'phase1_negotiation_mode': { - 'allow_post': True, 'allow_put': True, - 'default': 'main', - 'validate': { - 'type:values': vpn_supported_phase1_negotiation_mode - }, - 'is_visible': True}, - 'lifetime': {'allow_post': True, 'allow_put': True, - 'convert_to': converters.convert_none_to_empty_dict, - 'default': {}, - 'validate': { - 'type:dict_or_empty': { - 'units': { - 'type:values': vpn_supported_lifetime_units, - }, - 'value': { - 'type:range': vpn_lifetime_limits, - }}}, - 'is_visible': True}, - 'ike_version': {'allow_post': True, 'allow_put': True, - 'default': 'v1', - 'validate': { - 'type:values': vpn_supported_ike_versions}, - 'is_visible': True}, - 'pfs': {'allow_post': True, 'allow_put': True, - 'default': 'group5', - 'validate': {'type:values': vpn_supported_pfs}, - 'is_visible': True} - }, -} - - -class Vpnaas(extensions.ExtensionDescriptor): - - @classmethod - def get_name(cls): - return "VPN service" - - @classmethod - def get_alias(cls): - return "vpnaas" - - @classmethod - def get_description(cls): - return "Extension for VPN service" - - @classmethod - def get_namespace(cls): - return "https://wiki.openstack.org/Neutron/VPNaaS" - - @classmethod - def get_updated(cls): - return "2013-05-29T10:00:00-00:00" +class Vpnaas(extensions.APIExtensionDescriptor): + api_definition = vpn @classmethod def get_resources(cls): special_mappings = {'ikepolicies': 'ikepolicy', 'ipsecpolicies': 'ipsecpolicy'} plural_mappings = resource_helper.build_plural_mappings( - special_mappings, RESOURCE_ATTRIBUTE_MAP) + special_mappings, vpn.RESOURCE_ATTRIBUTE_MAP) plural_mappings['peer_cidrs'] = 'peer_cidr' - return resource_helper.build_resource_info(plural_mappings, - RESOURCE_ATTRIBUTE_MAP, - nconstants.VPN, - register_quota=True, - translate_name=True) + return resource_helper.build_resource_info( + plural_mappings, + vpn.RESOURCE_ATTRIBUTE_MAP, + nconstants.VPN, + register_quota=True, + translate_name=True) @classmethod def get_plugin_interface(cls): return VPNPluginBase - def update_attributes_map(self, attributes): - super(Vpnaas, self).update_attributes_map( - attributes, extension_attrs_map=RESOURCE_ATTRIBUTE_MAP) - - def get_extended_resources(self, version): - if version == "2.0": - return RESOURCE_ATTRIBUTE_MAP - return {} - class VPNPluginBase(service_base.ServicePluginBase, metaclass=abc.ABCMeta): diff --git a/neutron_vpnaas/services/vpn/device_drivers/ipsec.py b/neutron_vpnaas/services/vpn/device_drivers/ipsec.py index 424c0eea0..7ffcaac71 100644 --- a/neutron_vpnaas/services/vpn/device_drivers/ipsec.py +++ b/neutron_vpnaas/services/vpn/device_drivers/ipsec.py @@ -30,6 +30,7 @@ from neutron.agent.linux import utils as agent_utils from neutron_lib.api import validators from neutron_lib import constants from neutron_lib import context +from neutron_lib.exceptions import vpn as vpn_exception from neutron_lib.plugins import utils as plugin_utils from neutron_lib import rpc as n_rpc from neutron_lib.utils import file as file_utils @@ -43,7 +44,6 @@ from oslo_utils import encodeutils from oslo_utils import fileutils from neutron_vpnaas._i18n import _ -from neutron_vpnaas.extensions import vpnaas from neutron_vpnaas.services.vpn.common import topics from neutron_vpnaas.services.vpn import device_drivers @@ -610,7 +610,8 @@ class OpenSwanProcess(BaseSwanProcess): if not ip_addr: self._record_connection_status(connection_id, constants.ERROR, force_status_update=True) - raise vpnaas.VPNPeerAddressNotResolved(peer_address=address) + raise vpn_exception.VPNPeerAddressNotResolved( + peer_address=address) else: ip_addr = address routes = self._execute(['ip', 'route', 'get', ip_addr]) diff --git a/neutron_vpnaas/services/vpn/vpn_service.py b/neutron_vpnaas/services/vpn/vpn_service.py index ac9c0e97e..e2b463d66 100644 --- a/neutron_vpnaas/services/vpn/vpn_service.py +++ b/neutron_vpnaas/services/vpn/vpn_service.py @@ -14,11 +14,10 @@ # under the License. from neutron.services import provider_configuration as provconfig +from neutron_lib.exceptions import vpn as vpn_exception from oslo_log import log as logging from oslo_utils import importutils -from neutron_vpnaas.extensions import vpnaas - LOG = logging.getLogger(__name__) DEVICE_DRIVERS = 'device_drivers' @@ -42,6 +41,6 @@ class VPNService(object): host)) LOG.debug('Loaded VPNaaS device driver: %s', device_driver) except ImportError: - raise vpnaas.DeviceDriverImportError( + raise vpn_exception.DeviceDriverImportError( device_driver=device_driver) return drivers diff --git a/neutron_vpnaas/tests/unit/db/vpn/test_vpn_db.py b/neutron_vpnaas/tests/unit/db/vpn/test_vpn_db.py index c7f828517..d763b45ac 100644 --- a/neutron_vpnaas/tests/unit/db/vpn/test_vpn_db.py +++ b/neutron_vpnaas/tests/unit/db/vpn/test_vpn_db.py @@ -28,10 +28,12 @@ from neutron import extensions as nextensions from neutron.scheduler import l3_agent_scheduler from neutron.tests.unit.db import test_db_base_plugin_v2 as test_db_plugin from neutron.tests.unit.extensions import test_l3 as test_l3_plugin +from neutron_lib.api.definitions import vpn from neutron_lib.callbacks import events from neutron_lib import constants as lib_constants from neutron_lib import context from neutron_lib.exceptions import l3 as l3_exception +from neutron_lib.exceptions import vpn as vpn_exception from neutron_lib.plugins import constants as nconstants from neutron_lib.plugins import directory from oslo_db import exception as db_exc @@ -45,7 +47,6 @@ from neutron_vpnaas.services.vpn import plugin as vpn_plugin from neutron_vpnaas.tests import base from neutron_vpnaas import extensions -from neutron_vpnaas.extensions import vpnaas DB_CORE_PLUGIN_KLASS = 'neutron.db.db_base_plugin_v2.NeutronDbPluginV2' DB_VPN_PLUGIN_KLASS = "neutron_vpnaas.services.vpn.plugin.VPNPlugin" @@ -71,7 +72,7 @@ class VPNTestMixin(object): resource_prefix_map = dict( (k.replace('_', '-'), "/vpn") - for k in vpnaas.RESOURCE_ATTRIBUTE_MAP + for k in vpn.RESOURCE_ATTRIBUTE_MAP ) def _create_ikepolicy(self, fmt, @@ -1692,7 +1693,7 @@ class TestVpnaas(VPNPluginDbTestCase): self.router() as router: with self.vpnservice(subnet=subnet, router=router): - self.assertRaises(vpnaas.SubnetInUseByVPNService, + self.assertRaises(vpn_exception.SubnetInUseByVPNService, self.plugin.check_subnet_in_use, context.get_admin_context(), subnet['subnet']['id'], @@ -1957,7 +1958,7 @@ class TestVpnDatabase(base.NeutronDbPluginV2TestCase, NeutronResourcesMixin): endpoint_group = self.plugin.get_endpoint_group(self.context, endpoint_group_id) is_found = True - except vpnaas.VPNEndpointGroupNotFound: + except vpn_exception.VPNEndpointGroupNotFound: is_found = False except Exception as e: self.fail("Unexpected exception getting endpoint group: %s" % e) @@ -1981,7 +1982,7 @@ class TestVpnDatabase(base.NeutronDbPluginV2TestCase, NeutronResourcesMixin): self.plugin.delete_endpoint_group(self.context, group_id) self.check_endpoint_group_entry(group_id, expected, should_exist=False) - self.assertRaises(vpnaas.VPNEndpointGroupNotFound, + self.assertRaises(vpn_exception.VPNEndpointGroupNotFound, self.plugin.delete_endpoint_group, self.context, group_id) @@ -1998,7 +1999,7 @@ class TestVpnDatabase(base.NeutronDbPluginV2TestCase, NeutronResourcesMixin): def test_fail_showing_non_existent_endpoint_group(self): """Test failure to show non-existent endpoint group.""" - self.assertRaises(vpnaas.VPNEndpointGroupNotFound, + self.assertRaises(vpn_exception.VPNEndpointGroupNotFound, self.plugin.get_endpoint_group, self.context, uuidutils.generate_uuid()) @@ -2054,7 +2055,7 @@ class TestVpnDatabase(base.NeutronDbPluginV2TestCase, NeutronResourcesMixin): """Test fail updating a non-existent group.""" group_updates = {'endpoint_group': {'name': 'new name'}} self.assertRaises( - vpnaas.VPNEndpointGroupNotFound, + vpn_exception.VPNEndpointGroupNotFound, self.plugin.update_endpoint_group, self.context, _uuid(), group_updates) @@ -2225,11 +2226,11 @@ class TestVpnDatabase(base.NeutronDbPluginV2TestCase, NeutronResourcesMixin): {'local_ep_group_id': local_ep_group['id'], 'peer_ep_group_id': peer_ep_group['id']}) self.plugin.create_ipsec_site_connection(self.context, info) - self.assertRaises(vpnaas.EndpointGroupInUse, + self.assertRaises(vpn_exception.EndpointGroupInUse, self.plugin.delete_endpoint_group, self.context, local_ep_group['id']) - self.assertRaises(vpnaas.EndpointGroupInUse, + self.assertRaises(vpn_exception.EndpointGroupInUse, self.plugin.delete_endpoint_group, self.context, peer_ep_group['id']) @@ -2248,7 +2249,7 @@ class TestVpnDatabase(base.NeutronDbPluginV2TestCase, NeutronResourcesMixin): local_subnet = self.create_subnet(overrides=overrides) self.create_endpoint_group(group_type='subnet', endpoints=[local_subnet['id']]) - self.assertRaises(vpnaas.SubnetInUseByEndpointGroup, + self.assertRaises(vpn_exception.SubnetInUseByEndpointGroup, self.plugin.check_subnet_in_use_by_endpoint_group, self.context, local_subnet['id']) @@ -2283,7 +2284,7 @@ class TestVpnDatabase(base.NeutronDbPluginV2TestCase, NeutronResourcesMixin): self.plugin.create_ipsec_site_connection(self.context, ipsec_site_connection) - self.assertRaises(vpnaas.SubnetInUseByIPsecSiteConnection, + self.assertRaises(vpn_exception.SubnetInUseByIPsecSiteConnection, self.plugin.check_subnet_in_use, self.context, private_subnet['id'], diff --git a/neutron_vpnaas/tests/unit/db/vpn/test_vpn_validator.py b/neutron_vpnaas/tests/unit/db/vpn/test_vpn_validator.py index c4fb35ef3..09a801101 100644 --- a/neutron_vpnaas/tests/unit/db/vpn/test_vpn_validator.py +++ b/neutron_vpnaas/tests/unit/db/vpn/test_vpn_validator.py @@ -19,13 +19,13 @@ from unittest import mock from neutron.db import l3_db from neutron_lib import context as n_ctx from neutron_lib import exceptions as nexception +from neutron_lib.exceptions import vpn as vpn_exception from neutron_lib.plugins import constants as nconstants from neutron_lib.plugins import directory from oslo_utils import uuidutils from sqlalchemy.orm import query from neutron_vpnaas.db.vpn import vpn_validator -from neutron_vpnaas.extensions import vpnaas from neutron_vpnaas.services.vpn.common import constants as v_constants from neutron_vpnaas.tests import base @@ -55,7 +55,7 @@ class TestVpnValidation(base.BaseTestCase): """Failure test of service validate, when router missing ext. I/F.""" self.l3_plugin.get_router.return_value = {} # No external gateway vpnservice = {'router_id': 123, 'subnet_id': 456} - self.assertRaises(vpnaas.RouterIsNotExternal, + self.assertRaises(vpn_exception.RouterIsNotExternal, self.validator.validate_vpnservice, self.context, vpnservice) @@ -64,7 +64,7 @@ class TestVpnValidation(base.BaseTestCase): self.l3_plugin.get_router.return_value = FAKE_ROUTER self.core_plugin.get_ports.return_value = None vpnservice = {'router_id': FAKE_ROUTER_ID, 'subnet_id': FAKE_SUBNET_ID} - self.assertRaises(vpnaas.SubnetIsNotConnectedToRouter, + self.assertRaises(vpn_exception.SubnetIsNotConnectedToRouter, self.validator.validate_vpnservice, self.context, vpnservice) @@ -122,7 +122,7 @@ class TestVpnValidation(base.BaseTestCase): raise socket.gaierror() mock_getaddr_info.side_effect = getaddr_info_failer ipsec_sitecon = {'peer_address': 'fqdn.invalid'} - self.assertRaises(vpnaas.VPNPeerAddressNotResolved, + self.assertRaises(vpn_exception.VPNPeerAddressNotResolved, self.validator.resolve_peer_address, ipsec_sitecon, self.router) @@ -134,7 +134,7 @@ class TestVpnValidation(base.BaseTestCase): self.validator._validate_peer_address(ip_version, self.router) if expected_exception: self.fail("No exception raised for invalid peer address") - except vpnaas.ExternalNetworkHasNoSubnet: + except vpn_exception.ExternalNetworkHasNoSubnet: if not expected_exception: self.fail("exception for valid peer address raised") @@ -213,12 +213,14 @@ class TestVpnValidation(base.BaseTestCase): """Failure tests of DPD settings for IPSec conn during create.""" ipsec_sitecon = {'dpd_action': 'hold', 'dpd_interval': 100, 'dpd_timeout': 100} - self.assertRaises(vpnaas.IPsecSiteConnectionDpdIntervalValueError, - self.validator._check_dpd, ipsec_sitecon) + self.assertRaises( + vpn_exception.IPsecSiteConnectionDpdIntervalValueError, + self.validator._check_dpd, ipsec_sitecon) ipsec_sitecon = {'dpd_action': 'hold', 'dpd_interval': 100, 'dpd_timeout': 99} - self.assertRaises(vpnaas.IPsecSiteConnectionDpdIntervalValueError, - self.validator._check_dpd, ipsec_sitecon) + self.assertRaises( + vpn_exception.IPsecSiteConnectionDpdIntervalValueError, + self.validator._check_dpd, ipsec_sitecon) def test_bad_mtu_for_ipsec_connection(self): """Failure test of invalid MTU values for IPSec conn create/update.""" @@ -226,7 +228,7 @@ class TestVpnValidation(base.BaseTestCase): for version, limit in ip_version_limits.items(): ipsec_sitecon = {'mtu': limit - 1} self.assertRaises( - vpnaas.IPsecSiteConnectionMtuError, + vpn_exception.IPsecSiteConnectionMtuError, self.validator._check_mtu, self.context, ipsec_sitecon['mtu'], version) @@ -254,19 +256,19 @@ class TestVpnValidation(base.BaseTestCase): """Fail when mixing types of endpoints in endpoint group.""" endpoint_group = {'type': v_constants.CIDR_ENDPOINT, 'endpoints': ['10.10.10.0/24', _uuid()]} - self.assertRaises(vpnaas.InvalidEndpointInEndpointGroup, + self.assertRaises(vpn_exception.InvalidEndpointInEndpointGroup, self.validator.validate_endpoint_group, self.context, endpoint_group) endpoint_group = {'type': v_constants.SUBNET_ENDPOINT, 'endpoints': [_uuid(), '10.10.10.0/24']} - self.assertRaises(vpnaas.InvalidEndpointInEndpointGroup, + self.assertRaises(vpn_exception.InvalidEndpointInEndpointGroup, self.validator.validate_endpoint_group, self.context, endpoint_group) def test_missing_endpoints_for_endpoint_group(self): endpoint_group = {'type': v_constants.CIDR_ENDPOINT, 'endpoints': []} - self.assertRaises(vpnaas.MissingEndpointForEndpointGroup, + self.assertRaises(vpn_exception.MissingEndpointForEndpointGroup, self.validator.validate_endpoint_group, self.context, endpoint_group) @@ -277,7 +279,7 @@ class TestVpnValidation(base.BaseTestCase): """ endpoint_group = {'type': v_constants.CIDR_ENDPOINT, 'endpoints': ['10.10.10.10/24', '20.20.20.1']} - self.assertRaises(vpnaas.InvalidEndpointInEndpointGroup, + self.assertRaises(vpn_exception.InvalidEndpointInEndpointGroup, self.validator.validate_endpoint_group, self.context, endpoint_group) @@ -287,7 +289,7 @@ class TestVpnValidation(base.BaseTestCase): subnet_id=subnet_id) endpoint_group = {'type': v_constants.SUBNET_ENDPOINT, 'endpoints': [subnet_id]} - self.assertRaises(vpnaas.NonExistingSubnetInEndpointGroup, + self.assertRaises(vpn_exception.NonExistingSubnetInEndpointGroup, self.validator.validate_endpoint_group, self.context, endpoint_group) @@ -299,7 +301,7 @@ class TestVpnValidation(base.BaseTestCase): multiple_subnets = [subnet1, subnet2] port_mock = mock.patch.object(self.core_plugin, "get_ports").start() port_mock.side_effect = ['dummy info', None] - self.assertRaises(vpnaas.SubnetIsNotConnectedToRouter, + self.assertRaises(vpn_exception.SubnetIsNotConnectedToRouter, self.validator._check_local_subnets_on_router, self.context, router, multiple_subnets) @@ -323,7 +325,7 @@ class TestVpnValidation(base.BaseTestCase): subnet1 = {'ip_version': 6} subnet2 = {'ip_version': 4} mixed_subnets = [subnet1, subnet2] - self.assertRaises(vpnaas.MixedIPVersionsForIPSecEndpoints, + self.assertRaises(vpn_exception.MixedIPVersionsForIPSecEndpoints, self.validator._check_local_endpoint_ip_versions, endpoint_group_id, mixed_subnets) @@ -343,13 +345,13 @@ class TestVpnValidation(base.BaseTestCase): """Fail when mixed IP versions in peer endpoints.""" endpoint_group_id = _uuid() mixed_cidrs = ['10.10.10.0/24', '2002:1400::/48'] - self.assertRaises(vpnaas.MixedIPVersionsForIPSecEndpoints, + self.assertRaises(vpn_exception.MixedIPVersionsForIPSecEndpoints, self.validator._check_peer_endpoint_ip_versions, endpoint_group_id, mixed_cidrs) def test_fail_ipsec_conn_locals_and_peers_different_ip_version(self): """Ensure catch when local and peer IP versions are not the same.""" - self.assertRaises(vpnaas.MixedIPVersionsForIPSecConnection, + self.assertRaises(vpn_exception.MixedIPVersionsForIPSecConnection, self.validator._validate_compatible_ip_versions, 4, 6) @@ -363,28 +365,28 @@ class TestVpnValidation(base.BaseTestCase): ipsec_sitecon = {'peer_cidrs': ['10.0.0.0/24'], 'local_ep_group_id': 'local-epg-id', 'peer_ep_group_id': 'peer-epg-id'} - self.assertRaises(vpnaas.PeerCidrsInvalid, + self.assertRaises(vpn_exception.PeerCidrsInvalid, self.validator.validate_ipsec_conn_optional_args, ipsec_sitecon, subnet) ipsec_sitecon = {'peer_cidrs': [], 'local_ep_group_id': None, 'peer_ep_group_id': 'peer-epg-id'} - self.assertRaises(vpnaas.MissingRequiredEndpointGroup, + self.assertRaises(vpn_exception.MissingRequiredEndpointGroup, self.validator.validate_ipsec_conn_optional_args, ipsec_sitecon, subnet) ipsec_sitecon = {'peer_cidrs': [], 'local_ep_group_id': 'local-epg-id', 'peer_ep_group_id': None} - self.assertRaises(vpnaas.MissingRequiredEndpointGroup, + self.assertRaises(vpn_exception.MissingRequiredEndpointGroup, self.validator.validate_ipsec_conn_optional_args, ipsec_sitecon, subnet) ipsec_sitecon = {'peer_cidrs': [], 'local_ep_group_id': None, 'peer_ep_group_id': None} - self.assertRaises(vpnaas.MissingRequiredEndpointGroup, + self.assertRaises(vpn_exception.MissingRequiredEndpointGroup, self.validator.validate_ipsec_conn_optional_args, ipsec_sitecon, subnet) @@ -398,28 +400,28 @@ class TestVpnValidation(base.BaseTestCase): ipsec_sitecon = {'peer_cidrs': [], 'local_ep_group_id': None, 'peer_ep_group_id': None} - self.assertRaises(vpnaas.MissingPeerCidrs, + self.assertRaises(vpn_exception.MissingPeerCidrs, self.validator.validate_ipsec_conn_optional_args, ipsec_sitecon, subnet) ipsec_sitecon = {'peer_cidrs': ['10.0.0.0/24'], 'local_ep_group_id': 'local-epg-id', 'peer_ep_group_id': None} - self.assertRaises(vpnaas.InvalidEndpointGroup, + self.assertRaises(vpn_exception.InvalidEndpointGroup, self.validator.validate_ipsec_conn_optional_args, ipsec_sitecon, subnet) ipsec_sitecon = {'peer_cidrs': ['10.0.0.0/24'], 'local_ep_group_id': None, 'peer_ep_group_id': 'peer-epg-id'} - self.assertRaises(vpnaas.InvalidEndpointGroup, + self.assertRaises(vpn_exception.InvalidEndpointGroup, self.validator.validate_ipsec_conn_optional_args, ipsec_sitecon, subnet) ipsec_sitecon = {'peer_cidrs': ['10.0.0.0/24'], 'local_ep_group_id': 'local-epg-id', 'peer_ep_group_id': 'peer-epg-id'} - self.assertRaises(vpnaas.InvalidEndpointGroup, + self.assertRaises(vpn_exception.InvalidEndpointGroup, self.validator.validate_ipsec_conn_optional_args, ipsec_sitecon, subnet) @@ -452,11 +454,11 @@ class TestVpnValidation(base.BaseTestCase): def test_fail_ipsec_conn_peer_cidrs_with_invalid_format(self): peer_cidrs = ['invalid_cidr'] - self.assertRaises(vpnaas.IPsecSiteConnectionPeerCidrError, + self.assertRaises(vpn_exception.IPsecSiteConnectionPeerCidrError, self.validator._check_peer_cidrs, peer_cidrs) peer_cidrs = ['192/24'] - self.assertRaises(vpnaas.IPsecSiteConnectionPeerCidrError, + self.assertRaises(vpn_exception.IPsecSiteConnectionPeerCidrError, self.validator._check_peer_cidrs, peer_cidrs) @@ -464,13 +466,13 @@ class TestVpnValidation(base.BaseTestCase): local_epg = {'id': 'should-be-subnets', 'type': v_constants.CIDR_ENDPOINT, 'endpoints': ['10.10.10.10/24', '20.20.20.20/24']} - self.assertRaises(vpnaas.WrongEndpointGroupType, + self.assertRaises(vpn_exception.WrongEndpointGroupType, self.validator._get_local_subnets, self.context, local_epg) peer_epg = {'id': 'should-be-cidrs', 'type': v_constants.SUBNET_ENDPOINT, 'endpoints': [_uuid(), _uuid()]} - self.assertRaises(vpnaas.WrongEndpointGroupType, + self.assertRaises(vpn_exception.WrongEndpointGroupType, self.validator._get_peer_cidrs, peer_epg) @@ -527,6 +529,6 @@ class TestVpnValidation(base.BaseTestCase): def test_fail_ipsec_conn_peer_cidrs_mixed_ip_version(self): mixed_cidrs = ['2002:0a00::/48', '20.20.20.0/24'] - self.assertRaises(vpnaas.MixedIPVersionsForPeerCidrs, + self.assertRaises(vpn_exception.MixedIPVersionsForPeerCidrs, self.validator._check_peer_cidrs_ip_versions, mixed_cidrs) diff --git a/neutron_vpnaas/tests/unit/services/vpn/device_drivers/test_ipsec.py b/neutron_vpnaas/tests/unit/services/vpn/device_drivers/test_ipsec.py index 3a2c83986..eab6ff2b8 100644 --- a/neutron_vpnaas/tests/unit/services/vpn/device_drivers/test_ipsec.py +++ b/neutron_vpnaas/tests/unit/services/vpn/device_drivers/test_ipsec.py @@ -26,10 +26,10 @@ from neutron.agent.l3 import legacy_router from neutron.agent.linux import iptables_manager from neutron.conf.agent.l3 import config as l3_config from neutron_lib import constants +from neutron_lib.exceptions import vpn as vpn_exception from oslo_config import cfg from oslo_utils import uuidutils -from neutron_vpnaas.extensions import vpnaas from neutron_vpnaas.services.vpn.device_drivers import ipsec as openswan_ipsec from neutron_vpnaas.services.vpn.device_drivers import libreswan_ipsec from neutron_vpnaas.services.vpn.device_drivers import strongswan_ipsec @@ -1292,7 +1292,7 @@ class TestOpenSwanProcess(IPSecDeviceLegacy): {'fake-conn-id': {'status': constants.ERROR, 'updated_pending_status': True}}) - self.assertRaises(vpnaas.VPNPeerAddressNotResolved, + self.assertRaises(vpn_exception.VPNPeerAddressNotResolved, self.process._get_nexthop, 'foo.peer.addr', 'fake-conn-id') self.assertEqual(expected_connection_status_dict, @@ -1302,7 +1302,7 @@ class TestOpenSwanProcess(IPSecDeviceLegacy): {'fake-conn-id': {'status': constants.PENDING_CREATE, 'updated_pending_status': False}}) - self.assertRaises(vpnaas.VPNPeerAddressNotResolved, + self.assertRaises(vpn_exception.VPNPeerAddressNotResolved, self.process._get_nexthop, 'foo.peer.addr', 'fake-conn-id') self.assertEqual(expected_connection_status_dict, diff --git a/neutron_vpnaas/tests/unit/services/vpn/test_vpn_service.py b/neutron_vpnaas/tests/unit/services/vpn/test_vpn_service.py index e9a72cb01..59df0736c 100644 --- a/neutron_vpnaas/tests/unit/services/vpn/test_vpn_service.py +++ b/neutron_vpnaas/tests/unit/services/vpn/test_vpn_service.py @@ -16,10 +16,10 @@ from unittest import mock from neutron_lib.callbacks import registry +from neutron_lib.exceptions import vpn as vpn_exception from oslo_config import cfg from oslo_utils import uuidutils -from neutron_vpnaas.extensions import vpnaas from neutron_vpnaas.services.vpn import agent as vpn_agent from neutron_vpnaas.services.vpn import device_drivers from neutron_vpnaas.services.vpn import vpn_service @@ -88,5 +88,5 @@ class TestVirtualPrivateNetworkDeviceDriverLoading(VPNBaseTestCase): cfg.CONF.set_override('vpn_device_driver', ['no.such.class'], 'vpnagent') - self.assertRaises(vpnaas.DeviceDriverImportError, + self.assertRaises(vpn_exception.DeviceDriverImportError, self.service.load_device_drivers, 'host')