Support fwaasrouterinsertion extension

fwaasrouterinsertion extension allows to specify which routers implement a firewall (on create/update). This changes adds its support by allowing to: * set routers with --router option in firewall-create/update commands, * unset routers with --no-routers option in firewall-update command. Change-Id: I654c1ddd4140a60b8a09237f7142ad211e951d92 Closes-Bug: #1435264
2015-04-02 11:32:31 +02:00 · 2015-04-02 11:32:31 +02:00 · 6588c42430
commit 6588c42430
parent 9b5d39789f
2 changed files with 71 additions and 2 deletions
--- a/neutronclient/neutron/v2_0/fw/firewall.py
+++ b/neutronclient/neutron/v2_0/fw/firewall.py
@ -63,15 +63,27 @@ class CreateFirewall(neutronv20.CreateCommand):
            dest='admin_state',
            action='store_false',
            help=_('Set admin state up to false.'))
+        parser.add_argument(
+            '--router',
+            dest='routers',
+            metavar='ROUTER',
+            action='append',
+            help=_('Firewall associated router names or IDs (requires FWaaS '
+                   'router insertion extension, this option can be repeated)'))

    def args2body(self, parsed_args):
+        client = self.get_client()
        _policy_id = neutronv20.find_resourceid_by_name_or_id(
-            self.get_client(), 'firewall_policy',
+            client, 'firewall_policy',
            parsed_args.firewall_policy_id)
        body = {
            self.resource: {
                'firewall_policy_id': _policy_id,
                'admin_state_up': parsed_args.admin_state, }, }
+        if parsed_args.routers:
+            body[self.resource]['router_ids'] = [
+                neutronv20.find_resourceid_by_name_or_id(client, 'router', r)
+                for r in parsed_args.routers]
        neutronv20.update_dict(parsed_args, body[self.resource],
                               ['name', 'description', 'shared',
                                'tenant_id'])
@ -87,14 +99,34 @@ class UpdateFirewall(neutronv20.UpdateCommand):
        parser.add_argument(
            '--policy', metavar='POLICY',
            help=_('Firewall policy name or ID.'))
+        router_sg = parser.add_mutually_exclusive_group()
+        router_sg.add_argument(
+            '--router',
+            dest='routers',
+            metavar='ROUTER',
+            action='append',
+            help=_('Firewall associated router names or IDs (requires FWaaS '
+                   'router insertion extension, this option can be repeated)'))
+        router_sg.add_argument(
+            '--no-routers',
+            action='store_true',
+            help=_('Associate no routers with the firewall (requires FWaaS '
+                   'router insertion extension)'))

    def args2body(self, parsed_args):
        data = {}
+        client = self.get_client()
        if parsed_args.policy:
            _policy_id = neutronv20.find_resourceid_by_name_or_id(
-                self.get_client(), 'firewall_policy',
+                client, 'firewall_policy',
                parsed_args.policy)
            data['firewall_policy_id'] = _policy_id
+        if parsed_args.routers:
+            data['router_ids'] = [
+                neutronv20.find_resourceid_by_name_or_id(client, 'router', r)
+                for r in parsed_args.routers]
+        elif parsed_args.no_routers:
+            data['router_ids'] = []
        return {self.resource: data}


--- a/neutronclient/tests/unit/fw/test_cli20_firewall.py
+++ b/neutronclient/tests/unit/fw/test_cli20_firewall.py
@ -61,6 +61,19 @@ class CLITestV20FirewallJSON(test_cli20.CLITestV20Base):
                                   shared=True, admin_state_up=False,
                                   tenant_id=tenant_id)

+    def test_create_firewall_with_routers(self):
+        resource = 'firewall'
+        cmd = firewall.CreateFirewall(test_cli20.MyApp(sys.stdout), None)
+        name = 'my-name'
+        policy_id = 'my-policy-id'
+        my_id = 'my-id'
+        args = ['--router', 'fake-id', '--router', 'fake-name', policy_id]
+        router_ids = ['fake-id', 'fake-name']
+        position_names = ['firewall_policy_id', 'router_ids']
+        position_values = [policy_id, router_ids]
+        self._test_create_resource(resource, cmd, name, my_id, args,
+                                   position_names, position_values)
+
    def test_list_firewalls(self):
        """firewall-list."""
        resources = "firewalls"
@ -120,6 +133,30 @@ class CLITestV20FirewallJSON(test_cli20.CLITestV20Base):
                                   ['myid', '--policy', 'newpolicy'],
                                   {'firewall_policy_id': 'newpolicy'})

+    def test_update_firewall_with_routers(self):
+        resource = 'firewall'
+        cmd = firewall.UpdateFirewall(test_cli20.MyApp(sys.stdout), None)
+        self._test_update_resource(
+            resource, cmd, 'myid',
+            ['myid', '--router', 'fake-id', '--router', 'fake-name'],
+            {'router_ids': ['fake-id', 'fake-name']})
+
+    def test_update_firewall_with_no_routers(self):
+        resource = 'firewall'
+        cmd = firewall.UpdateFirewall(test_cli20.MyApp(sys.stdout), None)
+        self._test_update_resource(
+            resource, cmd, 'myid',
+            ['myid', '--no-routers'], {'router_ids': []})
+
+    def test_update_firewall_with_bad_router_options(self):
+        resource = 'firewall'
+        cmd = firewall.UpdateFirewall(test_cli20.MyApp(sys.stdout), None)
+        self.assertRaises(
+            SystemExit,
+            self._test_update_resource,
+            resource, cmd, 'myid',
+            ['myid', '--no-routers', '--router', 'fake-id'], {})
+
    def test_delete_firewall(self):
        """firewall-delete my-id."""
        resource = 'firewall'