openstack
/
neutron
Code Issues Proposed changes

Refactoring security group config options 

Refactoring neutron security grp config opts to be in
neutron/conf/agent so that all the configuration options
reside in a centralized location. This simplifies the
process of looking up the config opts and provides an
easy way to import.

Change-Id: Ia9538f41dfd894ed55c1db1556b37aad09ad2ae1
Partial-Bug: #1563069
This commit is contained in:
sindhu devale 2016-08-02 16:46:35 +00:00
parent 6e334424cc
commit 39aedaf745
5 changed files with 56 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
neutron/agent/securitygroups_rpc.py
View File

@ -20,32 +20,16 @@ from oslo_config import cfg
from oslo_log import log as logging
import oslo_messaging
from neutron._i18n import _, _LI, _LW
from neutron._i18n import _LI, _LW
from neutron.agent import firewall
from neutron.api.rpc.handlers import securitygroups_rpc
from neutron.conf.agent import securitygroups_rpc as sc_cfg
LOG = logging.getLogger(__name__)
security_group_opts = [
cfg.StrOpt(
'firewall_driver',
help=_('Driver for security groups firewall in the L2 agent')),
cfg.BoolOpt(
'enable_security_group',
default=True,
help=_(
'Controls whether the neutron security group API is enabled '
'in the server. It should be false when using no security '
'groups or using the nova security group API.')),
cfg.BoolOpt(
'enable_ipset',
default=True,
help=_('Use ipset to speed-up the iptables based security groups. '
'Enabling ipset support requires that ipset is installed on L2 '
'agent node.'))
]
cfg.CONF.register_opts(security_group_opts, 'SECURITYGROUP')
sc_cfg.register_securitygroups_opts()
#This is backward compatibility check for Havana

44
neutron/conf/agent/securitygroups_rpc.py Normal file
View File

@ -0,0 +1,44 @@
# Copyright 2012, Nachi Ueno, NTT MCL, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
from oslo_config import cfg
from neutron._i18n import _
security_group_opts = [
cfg.StrOpt(
'firewall_driver',
help=_('Driver for security groups firewall in the L2 agent')),
cfg.BoolOpt(
'enable_security_group',
default=True,
help=_(
'Controls whether the neutron security group API is enabled '
'in the server. It should be false when using no security '
'groups or using the nova security group API.')),
cfg.BoolOpt(
'enable_ipset',
default=True,
help=_('Use ipset to speed-up the iptables based security groups. '
'Enabling ipset support requires that ipset is installed on L2 '
'agent node.'))
]
def register_securitygroups_opts(cfg=cfg.CONF):
cfg.register_opts(security_group_opts, 'SECURITYGROUP')

8
neutron/opts.py
View File

@ -189,7 +189,7 @@ def list_linux_bridge_opts():
('agent',
neutron.plugins.ml2.drivers.agent.config.agent_opts),
('securitygroup',
neutron.agent.securitygroups_rpc.security_group_opts)
neutron.conf.agent.securitygroups_rpc.security_group_opts)
]
@ -213,7 +213,7 @@ def list_macvtap_opts():
('agent',
neutron.plugins.ml2.drivers.agent.config.agent_opts),
('securitygroup',
neutron.agent.securitygroups_rpc.security_group_opts)
neutron.conf.agent.securitygroups_rpc.security_group_opts)
]
@ -256,7 +256,7 @@ def list_ml2_conf_opts():
('ml2_type_geneve',
neutron.plugins.ml2.drivers.type_geneve.geneve_opts),
('securitygroup',
neutron.agent.securitygroups_rpc.security_group_opts)
neutron.conf.agent.securitygroups_rpc.security_group_opts)
]
@ -280,7 +280,7 @@ def list_ovs_opts():
neutron.plugins.ml2.drivers.openvswitch.agent.common.config.
agent_opts),
('securitygroup',
neutron.agent.securitygroups_rpc.security_group_opts)
neutron.conf.agent.securitygroups_rpc.security_group_opts)
]

4
neutron/tests/functional/agent/test_firewall.py
View File

@ -30,8 +30,8 @@ import testscenarios
from neutron.agent import firewall
from neutron.agent.linux import iptables_firewall
from neutron.agent.linux import openvswitch_firewall
from neutron.agent import securitygroups_rpc as sg_cfg
from neutron.cmd.sanity import checks
from neutron.conf.agent import securitygroups_rpc as security_config
from neutron.tests.common import conn_testers
from neutron.tests.functional.agent.linux import base as linux_base
from neutron.tests.functional import base
@ -94,7 +94,7 @@ class BaseFirewallTestCase(base.BaseSudoTestCase):
vlan_range = set(range(VLAN_COUNT))
def setUp(self):
cfg.CONF.register_opts(sg_cfg.security_group_opts, 'SECURITYGROUP')
security_config.register_securitygroups_opts()
super(BaseFirewallTestCase, self).setUp()
self.tester, self.firewall = getattr(self, self.initialize)()
if self.firewall_name == "openvswitch":

4
neutron/tests/unit/agent/linux/test_iptables_firewall.py
View File

@ -26,9 +26,9 @@ from neutron.agent import firewall
from neutron.agent.linux import ipset_manager
from neutron.agent.linux import iptables_comments as ic
from neutron.agent.linux import iptables_firewall
from neutron.agent import securitygroups_rpc as sg_cfg
from neutron.common import exceptions as n_exc
from neutron.common import utils
from neutron.conf.agent import securitygroups_rpc as security_config
from neutron.tests import base
from neutron.tests.unit.api.v2 import test_base
@ -71,7 +71,7 @@ class BaseIptablesFirewallTestCase(base.BaseTestCase):
def setUp(self):
super(BaseIptablesFirewallTestCase, self).setUp()
cfg.CONF.register_opts(a_cfg.ROOT_HELPER_OPTS, 'AGENT')
cfg.CONF.register_opts(sg_cfg.security_group_opts, 'SECURITYGROUP')
security_config.register_securitygroups_opts()
cfg.CONF.set_override('comment_iptables_rules', False, 'AGENT')
self.utils_exec_p = mock.patch(
'neutron.agent.linux.utils.execute')