move neutron only common constants to private module

Almost all of neutron.common.constants is rehomed into
neutron_lib.constants now and as per the discussion in [1] it seems
most folks think the remaining constants should stay in neutron as they
are only used internally within neutron.

This patch moves the neutron only neutron.common.constants into a
private neutron.common._constants. The former will be removed once we
consume the final constants from neutron-lib.

[1] https://review.openstack.org/#/c/647807/

Change-Id: I2d65f8fcfa08984ccf60c4d023f9a9d72b89d79c

neutron/agent/linux/iptables_firewall.py

@@ -30,6 +30,7 @@ from neutron.agent.linux import ip_conntrack
 from neutron.agent.linux import ipset_manager
 from neutron.agent.linux import iptables_comments as ic
 from neutron.agent.linux import iptables_manager
+from neutron.common import _constants as const
 from neutron.common import constants as n_const
 from neutron.common import ipv6_utils
 from neutron.common import utils as c_utils
@@ -733,10 +734,10 @@ class IptablesFirewallDriver(firewall.FirewallDriver):
             # icmp code can be 0 so we cannot use "if port_range_max" here
             if port_range_max is not None:
                 args[-1] += '/%s' % port_range_max
-        elif protocol in n_const.SG_PORT_PROTO_NAMES:
+        elif protocol in const.SG_PORT_PROTO_NAMES:
             # iptables protocols that support --dport, --sport and -m multiport
             if port_range_min == port_range_max:
-                if protocol in n_const.IPTABLES_MULTIPORT_ONLY_PROTOCOLS:
+                if protocol in const.IPTABLES_MULTIPORT_ONLY_PROTOCOLS:
                     # use -m multiport, but without a port range
                     args += ['-m', 'multiport', '--%ss' % direction,
                              '%s' % port_range_min]

neutron/common/_constants.py

@@ -0,0 +1,42 @@
+# Copyright (c) 2012 OpenStack Foundation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from neutron_lib import constants
+
+# NOTE(boden): This module is common constants for neutron only.
+# Any constants used outside of neutron should go into neutron-lib.
+
+
+# Security group protocols that support ports
+SG_PORT_PROTO_NUMS = [
+    constants.PROTO_NUM_DCCP,
+    constants.PROTO_NUM_SCTP,
+    constants.PROTO_NUM_TCP,
+    constants.PROTO_NUM_UDP,
+    constants.PROTO_NUM_UDPLITE
+]
+
+SG_PORT_PROTO_NAMES = [
+    constants.PROTO_NAME_DCCP,
+    constants.PROTO_NAME_SCTP,
+    constants.PROTO_NAME_TCP,
+    constants.PROTO_NAME_UDP,
+    constants.PROTO_NAME_UDPLITE
+]
+
+# iptables protocols that only support --dport and --sport using -m multiport
+IPTABLES_MULTIPORT_ONLY_PROTOCOLS = [
+    constants.PROTO_NAME_UDPLITE
+]

neutron/common/constants.py

@@ -132,28 +132,6 @@ IPTABLES_PROTOCOL_NAME_MAP = {lib_constants.PROTO_NAME_IPV6_ENCAP: 'ipv6',
                               '141': 'wesp',
                               '142': 'rohc'}
 
-# Security group protocols that support ports
-SG_PORT_PROTO_NUMS = [
-    lib_constants.PROTO_NUM_DCCP,
-    lib_constants.PROTO_NUM_SCTP,
-    lib_constants.PROTO_NUM_TCP,
-    lib_constants.PROTO_NUM_UDP,
-    lib_constants.PROTO_NUM_UDPLITE
-]
-
-SG_PORT_PROTO_NAMES = [
-    lib_constants.PROTO_NAME_DCCP,
-    lib_constants.PROTO_NAME_SCTP,
-    lib_constants.PROTO_NAME_TCP,
-    lib_constants.PROTO_NAME_UDP,
-    lib_constants.PROTO_NAME_UDPLITE
-]
-
-# iptables protocols that only support --dport and --sport using -m multiport
-IPTABLES_MULTIPORT_ONLY_PROTOCOLS = [
-    lib_constants.PROTO_NAME_UDPLITE
-]
-
 # A length of a iptables chain name must be less than or equal to 11
 # characters.
 # <max length of iptables chain name> - (<binary_name> + '-') = 28-(16+1) = 11

neutron/db/securitygroups_db.py

@@ -32,6 +32,7 @@ import six
 from sqlalchemy.orm import scoped_session
 
 from neutron._i18n import _
+from neutron.common import _constants as const
 from neutron.common import constants as n_const
 from neutron.common import utils
 from neutron.db.models import securitygroup as sg_models
@@ -474,8 +475,8 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase,
         ip_proto = self._get_ip_proto_number(rule['protocol'])
         # Not all firewall_driver support all these protocols,
         # but being strict here doesn't hurt.
-        if (ip_proto in n_const.SG_PORT_PROTO_NUMS or
-                ip_proto in n_const.SG_PORT_PROTO_NAMES):
+        if (ip_proto in const.SG_PORT_PROTO_NUMS or
+                ip_proto in const.SG_PORT_PROTO_NAMES):
             if rule['port_range_min'] == 0 or rule['port_range_max'] == 0:
                 raise ext_sg.SecurityGroupInvalidPortValue(port=0)
             elif (rule['port_range_min'] is not None and
@@ -501,7 +502,7 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase,
             if (rule['port_range_min'] is not None or
                     rule['port_range_max'] is not None):
                 port_protocols = (
-                    ', '.join(s.upper() for s in n_const.SG_PORT_PROTO_NAMES))
+                    ', '.join(s.upper() for s in const.SG_PORT_PROTO_NAMES))
                 raise ext_sg.SecurityGroupInvalidProtocolForPort(
                     protocol=ip_proto, valid_port_protocols=port_protocols)