Merge "Add VPNaaS IpsecPolicy resource"

doc/source/user/proxies/network.rst

@@ -254,7 +254,9 @@ VPNaaS Operations
    delete_vpn_ipsec_site_connection, get_vpn_ipsec_site_connection,
    find_vpn_ipsec_site_connection, vpn_ipsec_site_connections,
    create_vpn_ikepolicy, update_vpn_ikepolicy, delete_vpn_ikepolicy,
-   get_vpn_ikepolicy, find_vpn_ikepolicy, vpn_ikepolicies
+   get_vpn_ikepolicy, find_vpn_ikepolicy, vpn_ikepolicies,
+   create_vpn_ipsecpolicy, update_vpn_ipsecpolicy, delete_vpn_ipsecpolicy,
+   get_vpn_ipsecpolicy, find_vpn_ipsecpolicy, vpn_ipsecpolicies
 
 Extension Operations
 ^^^^^^^^^^^^^^^^^^^^

doc/source/user/resources/network/v2/vpn/index.rst

@@ -7,4 +7,5 @@ VPNaaS Resources
    endpoint_group
    ipsec_site_connection
    ikepolicy
+   ipsecpolicy
    service

doc/source/user/resources/network/v2/vpn/ipsecpolicy.rst

@@ -0,0 +1,13 @@
+openstack.network.v2.vpn_ikepolicy
+==================================
+
+.. automodule:: openstack.network.v2.vpn_ikepolicy
+
+The VpnIkePolicy Class
+----------------------
+
+The ``VpnIkePolicy`` class inherits from
+:class:`~openstack.resource.Resource`.
+
+.. autoclass:: openstack.network.v2.vpn_ikepolicy.VpnIkePolicy
+   :members:

openstack/network/v2/_proxy.py

@@ -65,6 +65,7 @@ from openstack.network.v2 import vpn_endpoint_group as _vpn_endpoint_group
 from openstack.network.v2 import vpn_ikepolicy as _ikepolicy
 from openstack.network.v2 import vpn_ipsec_site_connection as \
     _ipsec_site_connection
+from openstack.network.v2 import vpn_ipsecpolicy as _ipsecpolicy
 from openstack.network.v2 import vpn_service as _vpn_service
 from openstack import proxy
 
@@ -4672,8 +4673,105 @@ class Proxy(proxy.Proxy):
             _ikepolicy.VpnIkePolicy, ikepolicy,
             ignore_missing=ignore_missing)
 
-    # ========== VPN Service ==========
+    # ========== IPSecPolicy ==========
+    def create_vpn_ipsecpolicy(self, **attrs):
+        """Create a new ipsec policy from attributes
 
+        :param dict attrs: Keyword arguments which will be used to create a
+            :class:`~openstack.network.v2.vpn_ipsecpolicy.VpnIpsecPolicy`,
+            comprised of the properties on the VpnIpsecPolicy class.
+
+        :returns: The results of ipsec policy creation :rtype:
+            :class:`~openstack.network.v2.vpn_ipsecpolicy.VpnIpsecPolicy`
+        """
+        return self._create(
+            _ipsecpolicy.VpnIpsecPolicy, **attrs)
+
+    def find_vpn_ipsecpolicy(
+        self, name_or_id, ignore_missing=True, **args
+    ):
+        """Find a single ipsec policy
+
+        :param name_or_id: The name or ID of an ipsec policy.
+        :param bool ignore_missing: When set to ``False``
+            :class:`~openstack.exceptions.ResourceNotFound`
+            will be raised when the resource does not exist.  When set to
+            ``True``, None will be returned when attempting to find a
+            nonexistent resource.
+        :param dict args: Any additional parameters to be passed into
+            underlying methods such as query filters.
+        :returns: One
+            :class:`~openstack.network.v2.vpn_ipsecpolicy.VpnIpsecPolicy`
+            or None.
+        """
+        return self._find(
+            _ipsecpolicy.VpnIpsecPolicy, name_or_id,
+            ignore_missing=ignore_missing, **args)
+
+    def get_vpn_ipsecpolicy(self, ipsecpolicy):
+        """Get a single ipsec policy
+
+        :param ipsecpolicy: The value can be the ID of an ipsecpolicy or a
+            :class:`~openstack.network.v2.vpn_ipsecpolicy.VpnIpsecPolicy`
+            instance.
+
+        :returns: One
+            :class:`~openstack.network.v2.vpn_ipsecpolicy.VpnIpsecPolicy`
+        :rtype: :class:`~openstack.network.v2.ipsecpolicy.VpnIpsecPolicy`
+        :raises: :class:`~openstack.exceptions.ResourceNotFound` when no
+            resource can be found.
+        """
+        return self._get(
+            _ipsecpolicy.VpnIpsecPolicy, ipsecpolicy)
+
+    def vpn_ipsecpolicies(self, **query):
+        """Return a generator of ipsec policy
+
+        :param dict query: Optional query parameters to be sent to limit the
+            resources being returned.
+
+        :returns: A generator of ipsec policy objects
+        :rtype: :class:`~openstack.network.v2.vpn_ipsecpolicy.VpnIpsecPolicy`
+        """
+        return self._list(
+            _ipsecpolicy.VpnIpsecPolicy, **query)
+
+    def update_vpn_ipsecpolicy(self, ipsecpolicy, **attrs):
+        """Update a ipsec policy
+
+        :ipsecpolicy: Either the id of an ipsec policy or a
+            :class:`~openstack.network.v2.vpn_ipsecpolicy.VpnIpsecPolicy`
+            instance.
+        :param dict attrs: The attributes to update on the ipsec policy
+            represented by ``ipsecpolicy``.
+
+        :returns: The updated ipsec policy
+        :rtype: :class:`~openstack.network.v2.vpn_ipsecpolicy.VpnIpsecPolicy`
+        """
+        return self._update(
+            _ipsecpolicy.VpnIpsecPolicy, ipsecpolicy, **attrs)
+
+    def delete_vpn_ipsecpolicy(self, ipsecpolicy, ignore_missing=True):
+        """Delete a ipsecpolicy
+
+        :param ipsecpolicy: The value can be either the ID of an ipsec policy,
+            or a
+            :class:`~openstack.network.v2.vpn_ipsecpolicy.VpnIpsecPolicy`
+            instance.
+        :param bool ignore_missing:
+            When set to ``False``
+            :class:`~openstack.exceptions.ResourceNotFound`
+            will be raised when the ipsec policy does not exist.  When set to
+            ``True``, no exception will be set when attempting to delete a
+            nonexistent ipsec policy.
+
+        :returns: ``None``
+        """
+        self._delete(
+            _ipsecpolicy.VpnIpsecPolicy, ipsecpolicy,
+            ignore_missing=ignore_missing)
+
+    # ========== VPN Service ==========
     def create_vpn_service(self, **attrs):
         """Create a new vpn service from attributes
 

openstack/network/v2/vpn_ipsec_policy.py

@@ -0,0 +1,59 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from openstack import resource
+
+
+class VpnIpsecPolicy(resource.Resource):
+    resource_key = 'ipsecpolicy'
+    resources_key = 'ipsecpolicies'
+    base_path = '/vpn/ipsecpolicies'
+
+    # capabilities
+    allow_create = True
+    allow_fetch = True
+    allow_commit = True
+    allow_delete = True
+    allow_list = True
+
+    # Properties
+    #: The authentication hash algorithm. Valid values are sha1,
+    # sha256, sha384, sha512. The default is sha1.
+    auth_algorithm = resource.Body('auth_algorithm')
+    #: A human-readable description for the resource.
+    # Default is an empty string.
+    description = resource.Body('description')
+    #: The encryption algorithm. A valid value is 3des, aes-128,
+    # aes-192, aes-256, and so on. Default is aes-128.
+    encryption_algorithm = resource.Body('encryption_algorithm')
+    #: The lifetime of the security association. The lifetime consists
+    # of a unit and integer value. You can omit either the unit or value
+    # portion of the lifetime. Default unit is seconds and
+    # default value is 3600.
+    lifetime = resource.Body('lifetime', type=dict)
+    #: Perfect forward secrecy (PFS). A valid value is Group2,
+    # Group5, Group14, and so on. Default is Group5.
+    pfs = resource.Body('pfs')
+    #: The ID of the project.
+    project_id = resource.Body('project_id')
+    #: The IKE mode. A valid value is main, which is the default.
+    phase1_negotiation_mode = resource.Body('phase1_negotiation_mode')
+    #: The units for the lifetime of the security association.
+    # The lifetime consists of a unit and integer value.
+    # You can omit either the unit or value portion of the lifetime.
+    # Default unit is seconds and default value is 3600.
+    units = resource.Body('units')
+    #: The lifetime value, as a positive integer. The lifetime
+    # consists of a unit and integer value.
+    # You can omit either the unit or value portion of the lifetime.
+    # Default unit is seconds and default value is 3600.
+    value = resource.Body('value', type=int)

openstack/network/v2/vpn_ipsecpolicy.py

@@ -0,0 +1,57 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from openstack import resource
+
+
+class VpnIpsecPolicy(resource.Resource):
+    resource_key = 'ipsecpolicy'
+    resources_key = 'ipsecpolicies'
+    base_path = '/vpn/ipsecpolicies'
+
+    # capabilities
+    allow_create = True
+    allow_fetch = True
+    allow_commit = True
+    allow_delete = True
+    allow_list = True
+
+    # Properties
+    #: The authentication hash algorithm. Valid values are sha1,
+    # sha256, sha384, sha512. The default is sha1.
+    auth_algorithm = resource.Body('auth_algorithm')
+    #: A human-readable description for the resource.
+    # Default is an empty string.
+    description = resource.Body('description')
+    #: The encryption algorithm. A valid value is 3des, aes-128,
+    # aes-192, aes-256, and so on. Default is aes-128.
+    encryption_algorithm = resource.Body('encryption_algorithm')
+    #: The lifetime of the security association. The lifetime consists
+    # of a unit and integer value. You can omit either the unit or value
+    # portion of the lifetime. Default unit is seconds and
+    # default value is 3600.
+    lifetime = resource.Body('lifetime', type=dict)
+    #: Perfect forward secrecy (PFS). A valid value is Group2,
+    # Group5, Group14, and so on. Default is Group5.
+    pfs = resource.Body('pfs')
+    #: The ID of the project.
+    project_id = resource.Body('project_id')
+    #: The units for the lifetime of the security association.
+    # The lifetime consists of a unit and integer value.
+    # You can omit either the unit or value portion of the lifetime.
+    # Default unit is seconds and default value is 3600.
+    units = resource.Body('units')
+    #: The lifetime value, as a positive integer. The lifetime
+    # consists of a unit and integer value.
+    # You can omit either the unit or value portion of the lifetime.
+    # Default unit is seconds and default value is 3600.
+    value = resource.Body('value', type=int)

openstack/tests/unit/network/v2/test_proxy.py

@@ -61,6 +61,7 @@ from openstack.network.v2 import subnet_pool
 from openstack.network.v2 import vpn_endpoint_group
 from openstack.network.v2 import vpn_ikepolicy
 from openstack.network.v2 import vpn_ipsec_site_connection
+from openstack.network.v2 import vpn_ipsecpolicy
 from openstack.network.v2 import vpn_service
 from openstack import proxy as proxy_base
 from openstack.tests.unit import test_proxy_base
@@ -1684,6 +1685,43 @@ class TestNetworkVpnIkePolicy(TestNetworkProxy):
             vpn_ikepolicy.VpnIkePolicy)
 
 
+class TestNetworkVpnIpsecPolicy(TestNetworkProxy):
+    def test_ipsecpolicy_create_attrs(self):
+        self.verify_create(
+            self.proxy.create_vpn_ipsecpolicy,
+            vpn_ipsecpolicy.VpnIpsecPolicy)
+
+    def test_ipsecpolicy_delete(self):
+        self.verify_delete(
+            self.proxy.delete_vpn_ipsecpolicy,
+            vpn_ipsecpolicy.VpnIpsecPolicy, False)
+
+    def test_ipsecpolicy_delete_ignore(self):
+        self.verify_delete(
+            self.proxy.delete_vpn_ipsecpolicy,
+            vpn_ipsecpolicy.VpnIpsecPolicy, True)
+
+    def test_ipsecpolicy_find(self):
+        self.verify_find(
+            self.proxy.find_vpn_ipsecpolicy,
+            vpn_ipsecpolicy.VpnIpsecPolicy)
+
+    def test_ipsecpolicy_get(self):
+        self.verify_get(
+            self.proxy.get_vpn_ipsecpolicy,
+            vpn_ipsecpolicy.VpnIpsecPolicy)
+
+    def test_ipsecpolicies(self):
+        self.verify_list(
+            self.proxy.vpn_ipsecpolicies,
+            vpn_ipsecpolicy.VpnIpsecPolicy)
+
+    def test_ipsecpolicy_update(self):
+        self.verify_update(
+            self.proxy.update_vpn_ipsecpolicy,
+            vpn_ipsecpolicy.VpnIpsecPolicy)
+
+
 class TestNetworkVpnService(TestNetworkProxy):
     def test_vpn_service_create_attrs(self):
         self.verify_create(self.proxy.create_vpn_service,

openstack/tests/unit/network/v2/test_vpn_ipsecpolicy.py

@@ -0,0 +1,61 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from openstack.network.v2 import vpn_ipsecpolicy
+from openstack.tests.unit import base
+
+
+EXAMPLE = {
+    "auth_algorithm": "1",
+    "description": "2",
+    "encryption_algorithm": "3",
+    "lifetime": {'a': 5},
+    "name": "5",
+    "pfs": "6",
+    "project_id": "7",
+    "units": "9",
+    "value": 10
+}
+
+
+class TestVpnIpsecPolicy(base.TestCase):
+
+    def test_basic(self):
+        sot = vpn_ipsecpolicy.VpnIpsecPolicy()
+        self.assertEqual('ipsecpolicy', sot.resource_key)
+        self.assertEqual('ipsecpolicies', sot.resources_key)
+        self.assertEqual('/vpn/ipsecpolicies', sot.base_path)
+        self.assertTrue(sot.allow_create)
+        self.assertTrue(sot.allow_fetch)
+        self.assertTrue(sot.allow_commit)
+        self.assertTrue(sot.allow_delete)
+        self.assertTrue(sot.allow_list)
+
+    def test_make_it(self):
+        sot = vpn_ipsecpolicy.VpnIpsecPolicy(**EXAMPLE)
+        self.assertEqual(EXAMPLE['auth_algorithm'], sot.auth_algorithm)
+        self.assertEqual(EXAMPLE['description'], sot.description)
+        self.assertEqual(EXAMPLE['encryption_algorithm'],
+                         sot.encryption_algorithm)
+        self.assertEqual(EXAMPLE['lifetime'], sot.lifetime)
+        self.assertEqual(EXAMPLE['name'], sot.name)
+        self.assertEqual(EXAMPLE['pfs'], sot.pfs)
+        self.assertEqual(EXAMPLE['project_id'], sot.project_id)
+        self.assertEqual(EXAMPLE['units'], sot.units)
+        self.assertEqual(EXAMPLE['value'], sot.value)
+
+        self.assertDictEqual(
+            {
+                "limit": "limit",
+                "marker": "marker",
+            },
+            sot._query_mapping._mapping)