Adds the destination and source fwg to fwr
This will add the source and destination firewall group id to firewall rules. Change-Id: If69b87fc58d36aa7d879ace8e73bc0f7534a1ef4
This commit is contained in:
parent
86a67409e6
commit
a385656802
neutronclient
releasenotes/notes
@ -47,6 +47,10 @@ _attr_map = (
|
||||
('destination_port', 'Destination Port', column_util.LIST_LONG_ONLY),
|
||||
('shared', 'Shared', column_util.LIST_LONG_ONLY),
|
||||
('tenant_id', 'Project', column_util.LIST_LONG_ONLY),
|
||||
('source_firewall_group_id', 'Source Firewall Group ID',
|
||||
column_util.LIST_LONG_ONLY),
|
||||
('destination_firewall_group_id', 'Destination Firewall Group ID',
|
||||
column_util.LIST_LONG_ONLY),
|
||||
)
|
||||
|
||||
|
||||
@ -145,11 +149,30 @@ def _get_common_parser(parser):
|
||||
'--disable-rule',
|
||||
action='store_true',
|
||||
help=_('Disable this rule'))
|
||||
src_fwg_group = parser.add_mutually_exclusive_group()
|
||||
src_fwg_group.add_argument(
|
||||
'--source-firewall-group',
|
||||
metavar='<source-firewall-group>',
|
||||
help=_('Source firewall group (name or ID)'))
|
||||
src_fwg_group.add_argument(
|
||||
'--no-source-firewall-group',
|
||||
action='store_true',
|
||||
help=_('No associated destination firewall group'))
|
||||
dst_fwg_group = parser.add_mutually_exclusive_group()
|
||||
dst_fwg_group.add_argument(
|
||||
'--destination-firewall-group',
|
||||
metavar='<destination-firewall-group>',
|
||||
help=_('Destination firewall group (name or ID)'))
|
||||
dst_fwg_group.add_argument(
|
||||
'--no-destination-firewall-group',
|
||||
action='store_true',
|
||||
help=_('No associated destination firewall group'))
|
||||
return parser
|
||||
|
||||
|
||||
def _get_common_attrs(client_manager, parsed_args, is_create=True):
|
||||
attrs = {}
|
||||
client = client_manager.neutronclient
|
||||
if is_create:
|
||||
if 'project' in parsed_args and parsed_args.project is not None:
|
||||
attrs['tenant_id'] = osc_utils.find_project(
|
||||
@ -193,6 +216,18 @@ def _get_common_attrs(client_manager, parsed_args, is_create=True):
|
||||
attrs['shared'] = True
|
||||
if parsed_args.no_share or parsed_args.private:
|
||||
attrs['shared'] = False
|
||||
if parsed_args.source_firewall_group:
|
||||
attrs['source_firewall_group_id'] = client.find_resource(
|
||||
const.FWG, parsed_args.source_firewall_group,
|
||||
cmd_resource=const.CMD_FWG)['id']
|
||||
if parsed_args.no_source_firewall_group:
|
||||
attrs['source_firewall_group_id'] = None
|
||||
if parsed_args.destination_firewall_group:
|
||||
attrs['destination_firewall_group_id'] = client.find_resource(
|
||||
const.FWG, parsed_args.destination_firewall_group,
|
||||
cmd_resource=const.CMD_FWG)['id']
|
||||
if parsed_args.no_destination_firewall_group:
|
||||
attrs['destination_firewall_group_id'] = None
|
||||
return attrs
|
||||
|
||||
|
||||
@ -391,6 +426,16 @@ class UnsetFirewallRule(command.Command):
|
||||
'--enable-rule',
|
||||
action='store_true',
|
||||
help=_('Disable this rule'))
|
||||
|
||||
parser.add_argument(
|
||||
'--source-firewall-group',
|
||||
action='store_true',
|
||||
help=_('Source firewall group (name or ID)'))
|
||||
|
||||
parser.add_argument(
|
||||
'--destination-firewall-group',
|
||||
action='store_true',
|
||||
help=_('Destination firewall group (name or ID)'))
|
||||
return parser
|
||||
|
||||
def _get_attrs(self, client_manager, parsed_args):
|
||||
@ -407,6 +452,10 @@ class UnsetFirewallRule(command.Command):
|
||||
attrs['shared'] = False
|
||||
if parsed_args.enable_rule:
|
||||
attrs['enabled'] = False
|
||||
if parsed_args.source_firewall_group:
|
||||
attrs['source_firewall_group_id'] = None
|
||||
if parsed_args.source_firewall_group:
|
||||
attrs['destination_firewall_group_id'] = None
|
||||
return attrs
|
||||
|
||||
def take_action(self, parsed_args):
|
||||
|
@ -127,4 +127,8 @@ class FirewallRule(FakeFWaaS):
|
||||
('shared', False),
|
||||
('tenant_id', 'tenant-id-' +
|
||||
uuidutils.generate_uuid(dashed=False)),
|
||||
('source_firewall_group_id', 'firewall-group-id-' +
|
||||
uuidutils.generate_uuid(dashed=False)),
|
||||
('destination_firewall_group_id', 'firewall-group-id-' +
|
||||
uuidutils.generate_uuid(dashed=False)),
|
||||
))
|
||||
|
@ -37,6 +37,10 @@ CONVERT_MAP = {
|
||||
'disable_rule': 'enabled',
|
||||
'share': 'shared',
|
||||
'no_share': 'shared',
|
||||
'source_firewall_group': 'source_firewall_group_id',
|
||||
'destination_firewall_group': 'destination_firewall_group_id',
|
||||
'no_source_firewall_group': 'source_firewall_group_id',
|
||||
'no_destination_firewall_group': 'destination_firewall_group_id',
|
||||
}
|
||||
|
||||
|
||||
@ -114,11 +118,14 @@ class TestFirewallRule(test_fakes.TestNeutronClientOSCV2):
|
||||
'Destination Port',
|
||||
'Shared',
|
||||
'Project',
|
||||
'Source Firewall Group ID',
|
||||
'Destination Firewall Group ID',
|
||||
)
|
||||
self.data = _generate_data()
|
||||
self.ordered_headers = (
|
||||
'Action',
|
||||
'Description',
|
||||
'Destination Firewall Group ID',
|
||||
'Destination IP Address',
|
||||
'Destination Port',
|
||||
'Enabled',
|
||||
@ -128,12 +135,14 @@ class TestFirewallRule(test_fakes.TestNeutronClientOSCV2):
|
||||
'Project',
|
||||
'Protocol',
|
||||
'Shared',
|
||||
'Source Firewall Group ID',
|
||||
'Source IP Address',
|
||||
'Source Port',
|
||||
)
|
||||
self.ordered_data = (
|
||||
_fwr['action'],
|
||||
_fwr['description'],
|
||||
_fwr['destination_firewall_group_id'],
|
||||
_fwr['destination_ip_address'],
|
||||
_fwr['destination_port'],
|
||||
_fwr['enabled'],
|
||||
@ -143,12 +152,14 @@ class TestFirewallRule(test_fakes.TestNeutronClientOSCV2):
|
||||
_fwr['tenant_id'],
|
||||
_replace_display_columns('protocol', _fwr['protocol']),
|
||||
_fwr['shared'],
|
||||
_fwr['source_firewall_group_id'],
|
||||
_fwr['source_ip_address'],
|
||||
_fwr['source_port'],
|
||||
)
|
||||
self.ordered_columns = (
|
||||
'action',
|
||||
'description',
|
||||
'destination_firewall_group_id',
|
||||
'destination_ip_address',
|
||||
'destination_port',
|
||||
'enabled',
|
||||
@ -158,6 +169,7 @@ class TestFirewallRule(test_fakes.TestNeutronClientOSCV2):
|
||||
'tenant_id',
|
||||
'protocol',
|
||||
'shared',
|
||||
'source_firewall_group_id',
|
||||
'source_ip_address',
|
||||
'source_port',
|
||||
)
|
||||
@ -201,6 +213,10 @@ class TestCreateFirewallRule(TestFirewallRule, common.TestCreateFWaaS):
|
||||
action = args.get('action') or 'deny'
|
||||
ip_version = args.get('ip_version') or '4'
|
||||
destination_port = args.get('destination_port') or '0:65535'
|
||||
destination_firewall_group = args.get(
|
||||
'destination_firewall_group') or 'my-dst-fwg'
|
||||
source_firewall_group = args.get(
|
||||
'source_firewall_group') or 'my-src-fwg'
|
||||
tenant_id = args.get('tenant_id') or 'my-tenant'
|
||||
arglist = [
|
||||
'--description', description,
|
||||
@ -215,7 +231,10 @@ class TestCreateFirewallRule(TestFirewallRule, common.TestCreateFWaaS):
|
||||
'--project', tenant_id,
|
||||
'--disable-rule',
|
||||
'--share',
|
||||
'--source-firewall-group', source_firewall_group,
|
||||
'--destination-firewall-group', destination_firewall_group
|
||||
]
|
||||
|
||||
verifylist = [
|
||||
('name', name),
|
||||
('description', description),
|
||||
@ -229,10 +248,23 @@ class TestCreateFirewallRule(TestFirewallRule, common.TestCreateFWaaS):
|
||||
('action', action),
|
||||
('disable_rule', True),
|
||||
('project', tenant_id),
|
||||
('source_firewall_group', source_firewall_group),
|
||||
('destination_firewall_group', destination_firewall_group)
|
||||
]
|
||||
return arglist, verifylist
|
||||
|
||||
def _test_create_with_all_params(self, args={}):
|
||||
def _mock_fwr(*args, **kwargs):
|
||||
if self.neutronclient.find_resource.call_count == 1:
|
||||
self.neutronclient.find_resource.assert_called_once_with(
|
||||
const.FWG, 'my-src-fwg', cmd_resource=const.CMD_FWG)
|
||||
if self.neutronclient.find_resource.call_count == 2:
|
||||
self.neutronclient.find_resource.assert_called_with(
|
||||
const.FWG, 'my-dst-fwg', cmd_resource=const.CMD_FWG)
|
||||
return {'id': args[1]}
|
||||
|
||||
self.neutronclient.find_resource.side_effect = mock.Mock(
|
||||
side_effect=_mock_fwr)
|
||||
arglist, verifylist = self._set_all_params(args)
|
||||
request, response = _generate_req_and_res(verifylist)
|
||||
self._update_expect_response(request, response)
|
||||
@ -278,6 +310,34 @@ class TestCreateFirewallRule(TestFirewallRule, common.TestCreateFWaaS):
|
||||
testtools.matchers._impl.MismatchError,
|
||||
self.check_parser, self.cmd, arglist, verifylist)
|
||||
|
||||
def test_create_with_src_fwg_and_no(self):
|
||||
fwg = 'my-fwg'
|
||||
arglist = [
|
||||
'--source-firewall-group', fwg,
|
||||
'--no-source-firewall-group',
|
||||
]
|
||||
verifylist = [
|
||||
('source_firewall_group', fwg),
|
||||
('no_source_firewall_group', True),
|
||||
]
|
||||
self.assertRaises(
|
||||
utils.ParserException,
|
||||
self.check_parser, self.cmd, arglist, verifylist)
|
||||
|
||||
def test_create_with_dst_fwg_and_no(self):
|
||||
fwg = 'my-fwg'
|
||||
arglist = [
|
||||
'--destination-firewall-group', fwg,
|
||||
'--no-destination-firewall-group',
|
||||
]
|
||||
verifylist = [
|
||||
('destination_firewall_group', fwg),
|
||||
('no_destination_firewall_group', True),
|
||||
]
|
||||
self.assertRaises(
|
||||
utils.ParserException,
|
||||
self.check_parser, self.cmd, arglist, verifylist)
|
||||
|
||||
|
||||
class TestListFirewallRule(TestFirewallRule):
|
||||
|
||||
@ -326,7 +386,8 @@ class TestListFirewallRule(TestFirewallRule):
|
||||
|
||||
self.mocked.assert_called_once_with()
|
||||
self.assertEqual(list(self.headers), headers)
|
||||
self.assertListItemEqual([self.data], list(data))
|
||||
m = list(data)
|
||||
self.assertListItemEqual([self.data], m)
|
||||
|
||||
def test_list_with_no_option(self):
|
||||
arglist = []
|
||||
@ -646,6 +707,74 @@ class TestSetFirewallRule(TestFirewallRule, common.TestSetFWaaS):
|
||||
self.assertRaises(
|
||||
exceptions.CommandError, self.cmd.take_action, parsed_args)
|
||||
|
||||
def test_set_no_destination_fwg(self):
|
||||
target = self.resource['id']
|
||||
arglist = [
|
||||
target,
|
||||
'--no-destination-firewall-group',
|
||||
]
|
||||
verifylist = [
|
||||
(self.res, target),
|
||||
('no_destination_firewall_group', True),
|
||||
]
|
||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||
result = self.cmd.take_action(parsed_args)
|
||||
|
||||
self.mocked.assert_called_once_with(
|
||||
target, {self.res: {'destination_firewall_group_id': None}})
|
||||
self.assertIsNone(result)
|
||||
|
||||
def test_set_no_source_fwg(self):
|
||||
target = self.resource['id']
|
||||
arglist = [
|
||||
target,
|
||||
'--no-source-firewall-group',
|
||||
]
|
||||
verifylist = [
|
||||
(self.res, target),
|
||||
('no_source_firewall_group', True),
|
||||
]
|
||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||
result = self.cmd.take_action(parsed_args)
|
||||
|
||||
self.mocked.assert_called_once_with(
|
||||
target, {self.res: {'source_firewall_group_id': None}})
|
||||
self.assertIsNone(result)
|
||||
|
||||
def test_create_with_src_fwg_and_no(self):
|
||||
target = self.resource['id']
|
||||
fwg = 'my-fwg'
|
||||
arglist = [
|
||||
target,
|
||||
'--source-firewall-group', fwg,
|
||||
'--no-source-firewall-group',
|
||||
]
|
||||
verifylist = [
|
||||
(self.res, target),
|
||||
('source_firewall_group', fwg),
|
||||
('no_source_firewall_group', True),
|
||||
]
|
||||
self.assertRaises(
|
||||
utils.ParserException,
|
||||
self.check_parser, self.cmd, arglist, verifylist)
|
||||
|
||||
def test_create_with_dst_fwg_and_no(self):
|
||||
target = self.resource['id']
|
||||
fwg = 'my-fwg'
|
||||
arglist = [
|
||||
target,
|
||||
'--destination-firewall-group', fwg,
|
||||
'--no-destination-firewall-group',
|
||||
]
|
||||
verifylist = [
|
||||
(self.res, target),
|
||||
('destination_firewall_group', fwg),
|
||||
('no_destination_firewall_group', True),
|
||||
]
|
||||
self.assertRaises(
|
||||
utils.ParserException,
|
||||
self.check_parser, self.cmd, arglist, verifylist)
|
||||
|
||||
|
||||
class TestUnsetFirewallRule(TestFirewallRule, common.TestUnsetFWaaS):
|
||||
|
||||
|
5
releasenotes/notes/remote_fwg-0f5362e5be8b2e84.yaml
Normal file
5
releasenotes/notes/remote_fwg-0f5362e5be8b2e84.yaml
Normal file
@ -0,0 +1,5 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
Adds the remote source firewall group and the remote destination
|
||||
firewall group field to the firewall rules.
|
Loading…
x
Reference in New Issue
Block a user