Merge "move neutron only common constants to private module" into stable/stein

2020-04-29 21:35:27 +00:00 · 2020-04-29 21:35:27 +00:00 · 1e7f4ce6a9
parent 25b72ec88f 5f7b55424a
commit 1e7f4ce6a9
4 changed files with 49 additions and 27 deletions
--- a/neutron/agent/linux/iptables_firewall.py
+++ b/neutron/agent/linux/iptables_firewall.py
@ -30,6 +30,7 @@ from neutron.agent.linux import ip_conntrack
 from neutron.agent.linux import ipset_manager
 from neutron.agent.linux import iptables_comments as ic
 from neutron.agent.linux import iptables_manager
+from neutron.common import _constants as const
 from neutron.common import constants as n_const
 from neutron.common import ipv6_utils
 from neutron.common import utils as c_utils
@ -733,10 +734,10 @@ class IptablesFirewallDriver(firewall.FirewallDriver):
            # icmp code can be 0 so we cannot use "if port_range_max" here
            if port_range_max is not None:
                args[-1] += '/%s' % port_range_max
-        elif protocol in n_const.SG_PORT_PROTO_NAMES:
+        elif protocol in const.SG_PORT_PROTO_NAMES:
            # iptables protocols that support --dport, --sport and -m multiport
            if port_range_min == port_range_max:
-                if protocol in n_const.IPTABLES_MULTIPORT_ONLY_PROTOCOLS:
+                if protocol in const.IPTABLES_MULTIPORT_ONLY_PROTOCOLS:
                    # use -m multiport, but without a port range
                    args += ['-m', 'multiport', '--%ss' % direction,
                             '%s' % port_range_min]
--- a/neutron/common/_constants.py
+++ b/neutron/common/_constants.py
@ -0,0 +1,42 @@
+# Copyright (c) 2012 OpenStack Foundation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from neutron_lib import constants
+
+# NOTE(boden): This module is common constants for neutron only.
+# Any constants used outside of neutron should go into neutron-lib.
+
+
+# Security group protocols that support ports
+SG_PORT_PROTO_NUMS = [
+    constants.PROTO_NUM_DCCP,
+    constants.PROTO_NUM_SCTP,
+    constants.PROTO_NUM_TCP,
+    constants.PROTO_NUM_UDP,
+    constants.PROTO_NUM_UDPLITE
+]
+
+SG_PORT_PROTO_NAMES = [
+    constants.PROTO_NAME_DCCP,
+    constants.PROTO_NAME_SCTP,
+    constants.PROTO_NAME_TCP,
+    constants.PROTO_NAME_UDP,
+    constants.PROTO_NAME_UDPLITE
+]
+
+# iptables protocols that only support --dport and --sport using -m multiport
+IPTABLES_MULTIPORT_ONLY_PROTOCOLS = [
+    constants.PROTO_NAME_UDPLITE
+]
--- a/neutron/common/constants.py
+++ b/neutron/common/constants.py
@ -134,28 +134,6 @@ IPTABLES_PROTOCOL_NAME_MAP = {lib_constants.PROTO_NAME_IPV6_ENCAP: 'ipv6',
                              '141': 'wesp',
                              '142': 'rohc'}

-# Security group protocols that support ports
-SG_PORT_PROTO_NUMS = [
-    lib_constants.PROTO_NUM_DCCP,
-    lib_constants.PROTO_NUM_SCTP,
-    lib_constants.PROTO_NUM_TCP,
-    lib_constants.PROTO_NUM_UDP,
-    lib_constants.PROTO_NUM_UDPLITE
-]
-
-SG_PORT_PROTO_NAMES = [
-    lib_constants.PROTO_NAME_DCCP,
-    lib_constants.PROTO_NAME_SCTP,
-    lib_constants.PROTO_NAME_TCP,
-    lib_constants.PROTO_NAME_UDP,
-    lib_constants.PROTO_NAME_UDPLITE
-]
-
-# iptables protocols that only support --dport and --sport using -m multiport
-IPTABLES_MULTIPORT_ONLY_PROTOCOLS = [
-    lib_constants.PROTO_NAME_UDPLITE
-]
-
 # A length of a iptables chain name must be less than or equal to 11
 # characters.
 # <max length of iptables chain name> - (<binary_name> + '-') = 28-(16+1) = 11
--- a/neutron/db/securitygroups_db.py
+++ b/neutron/db/securitygroups_db.py
@ -33,6 +33,7 @@ import six
 from sqlalchemy.orm import scoped_session

 from neutron._i18n import _
+from neutron.common import _constants as const
 from neutron.common import constants as n_const
 from neutron.common import utils
 from neutron.db.models import securitygroup as sg_models
@ -476,8 +477,8 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase,
        ip_proto = self._get_ip_proto_number(rule['protocol'])
        # Not all firewall_driver support all these protocols,
        # but being strict here doesn't hurt.
-        if (ip_proto in n_const.SG_PORT_PROTO_NUMS or
-                ip_proto in n_const.SG_PORT_PROTO_NAMES):
+        if (ip_proto in const.SG_PORT_PROTO_NUMS or
+                ip_proto in const.SG_PORT_PROTO_NAMES):
            if rule['port_range_min'] == 0 or rule['port_range_max'] == 0:
                raise ext_sg.SecurityGroupInvalidPortValue(port=0)
            elif (rule['port_range_min'] is not None and
@ -503,7 +504,7 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase,
            if (rule['port_range_min'] is not None or
                    rule['port_range_max'] is not None):
                port_protocols = (
-                    ', '.join(s.upper() for s in n_const.SG_PORT_PROTO_NAMES))
+                    ', '.join(s.upper() for s in const.SG_PORT_PROTO_NAMES))
                raise ext_sg.SecurityGroupInvalidProtocolForPort(
                    protocol=ip_proto, valid_port_protocols=port_protocols)