Set firewall state to CREATED when dealing with DVR
When DVR is enabled as a default option for creating routers, firewall resources will need to have a new initial state, so that reconciliation can be done once all L3 agents have processed the firewall rules. The new state has been introduced to preserve API bw compatibility with centralized routers. Partial-bug: #1360351 Supports-blueprint: neutron-dvr-fwaas Change-Id: I53122570dd3a2311eedb24ccd925bcdc9ad4f70c
This commit is contained in:
armando-migliaccio
parent
921969d374
commit
050c41a145
|
|
@ -15,6 +15,8 @@
|
||||||
#
|
#
|
||||||
# @author: Sumit Naiksatam, sumitnaiksatam@gmail.com, Big Switch Networks, Inc.
|
# @author: Sumit Naiksatam, sumitnaiksatam@gmail.com, Big Switch Networks, Inc.
|
||||||
|
|
||||||
|
from oslo.config import cfg
|
||||||
|
|
||||||
import sqlalchemy as sa
|
import sqlalchemy as sa
|
||||||
from sqlalchemy.ext.orderinglist import ordering_list
|
from sqlalchemy.ext.orderinglist import ordering_list
|
||||||
from sqlalchemy import orm
|
from sqlalchemy import orm
|
||||||
|
|
@ -239,6 +241,11 @@ class Firewall_db_mixin(firewall.FirewallPluginBase, base_db.CommonDbMixin):
|
||||||
LOG.debug(_("create_firewall() called"))
|
LOG.debug(_("create_firewall() called"))
|
||||||
fw = firewall['firewall']
|
fw = firewall['firewall']
|
||||||
tenant_id = self._get_tenant_id_for_create(context, fw)
|
tenant_id = self._get_tenant_id_for_create(context, fw)
|
||||||
|
# distributed routers may required a more complex state machine;
|
||||||
|
# the introduction of a new 'CREATED' state allows this, whilst
|
||||||
|
# keeping a backward compatible behavior of the logical resource.
|
||||||
|
status = (const.CREATED
|
||||||
|
if cfg.CONF.router_distributed else const.PENDING_CREATE)
|
||||||
with context.session.begin(subtransactions=True):
|
with context.session.begin(subtransactions=True):
|
||||||
firewall_db = Firewall(id=uuidutils.generate_uuid(),
|
firewall_db = Firewall(id=uuidutils.generate_uuid(),
|
||||||
tenant_id=tenant_id,
|
tenant_id=tenant_id,
|
||||||
|
|
@ -247,7 +254,7 @@ class Firewall_db_mixin(firewall.FirewallPluginBase, base_db.CommonDbMixin):
|
||||||
firewall_policy_id=
|
firewall_policy_id=
|
||||||
fw['firewall_policy_id'],
|
fw['firewall_policy_id'],
|
||||||
admin_state_up=fw['admin_state_up'],
|
admin_state_up=fw['admin_state_up'],
|
||||||
status=const.PENDING_CREATE)
|
status=status)
|
||||||
context.session.add(firewall_db)
|
context.session.add(firewall_db)
|
||||||
return self._make_firewall_dict(firewall_db)
|
return self._make_firewall_dict(firewall_db)
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -50,6 +50,7 @@ COMMON_PREFIXES = {
|
||||||
# Service operation status constants
|
# Service operation status constants
|
||||||
ACTIVE = "ACTIVE"
|
ACTIVE = "ACTIVE"
|
||||||
DOWN = "DOWN"
|
DOWN = "DOWN"
|
||||||
|
CREATED = "CREATED"
|
||||||
PENDING_CREATE = "PENDING_CREATE"
|
PENDING_CREATE = "PENDING_CREATE"
|
||||||
PENDING_UPDATE = "PENDING_UPDATE"
|
PENDING_UPDATE = "PENDING_UPDATE"
|
||||||
PENDING_DELETE = "PENDING_DELETE"
|
PENDING_DELETE = "PENDING_DELETE"
|
||||||
|
|
|
||||||
|
|
@ -15,6 +15,8 @@
|
||||||
#
|
#
|
||||||
# @author: Sumit Naiksatam, sumitnaiksatam@gmail.com, Big Switch Networks, Inc.
|
# @author: Sumit Naiksatam, sumitnaiksatam@gmail.com, Big Switch Networks, Inc.
|
||||||
|
|
||||||
|
from oslo.config import cfg
|
||||||
|
|
||||||
import contextlib
|
import contextlib
|
||||||
|
|
||||||
import mock
|
import mock
|
||||||
|
|
@ -139,11 +141,12 @@ class FirewallPluginDbTestCase(test_db_plugin.NeutronDbPluginV2TestCase):
|
||||||
'audited': audited}
|
'audited': audited}
|
||||||
return attrs
|
return attrs
|
||||||
|
|
||||||
def _get_test_firewall_attrs(self, name='firewall_1'):
|
def _get_test_firewall_attrs(
|
||||||
|
self, name='firewall_1', status='PENDING_CREATE'):
|
||||||
attrs = {'name': name,
|
attrs = {'name': name,
|
||||||
'tenant_id': self._tenant_id,
|
'tenant_id': self._tenant_id,
|
||||||
'admin_state_up': ADMIN_STATE_UP,
|
'admin_state_up': ADMIN_STATE_UP,
|
||||||
'status': 'PENDING_CREATE'}
|
'status': status}
|
||||||
|
|
||||||
return attrs
|
return attrs
|
||||||
|
|
||||||
|
|
@ -761,20 +764,26 @@ class TestFirewallDBPlugin(FirewallPluginDbTestCase):
|
||||||
res = req.get_response(self.ext_api)
|
res = req.get_response(self.ext_api)
|
||||||
self.assertEqual(res.status_int, 409)
|
self.assertEqual(res.status_int, 409)
|
||||||
|
|
||||||
def test_create_firewall(self):
|
def _test_create_firewall(self, attrs):
|
||||||
name = "firewall1"
|
|
||||||
attrs = self._get_test_firewall_attrs(name)
|
|
||||||
|
|
||||||
with self.firewall_policy() as fwp:
|
with self.firewall_policy() as fwp:
|
||||||
fwp_id = fwp['firewall_policy']['id']
|
fwp_id = fwp['firewall_policy']['id']
|
||||||
attrs['firewall_policy_id'] = fwp_id
|
attrs['firewall_policy_id'] = fwp_id
|
||||||
with self.firewall(name=name,
|
with self.firewall(name=attrs['name'],
|
||||||
firewall_policy_id=fwp_id,
|
firewall_policy_id=fwp_id,
|
||||||
admin_state_up=
|
admin_state_up=
|
||||||
ADMIN_STATE_UP) as firewall:
|
ADMIN_STATE_UP) as firewall:
|
||||||
for k, v in attrs.iteritems():
|
for k, v in attrs.iteritems():
|
||||||
self.assertEqual(firewall['firewall'][k], v)
|
self.assertEqual(firewall['firewall'][k], v)
|
||||||
|
|
||||||
|
def test_create_firewall(self):
|
||||||
|
attrs = self._get_test_firewall_attrs("firewall1")
|
||||||
|
self._test_create_firewall(attrs)
|
||||||
|
|
||||||
|
def test_create_firewall_with_dvr(self):
|
||||||
|
cfg.CONF.set_override('router_distributed', True)
|
||||||
|
attrs = self._get_test_firewall_attrs("firewall1", "CREATED")
|
||||||
|
self._test_create_firewall(attrs)
|
||||||
|
|
||||||
def test_show_firewall(self):
|
def test_show_firewall(self):
|
||||||
name = "firewall1"
|
name = "firewall1"
|
||||||
attrs = self._get_test_firewall_attrs(name)
|
attrs = self._get_test_firewall_attrs(name)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue