x/group-based-policy
Code Issues Proposed changes

Merge "fix redirect action for external policies"

Browse Source
This commit is contained in:
Jenkins 2015-04-04 04:33:12 +00:00 committed by Gerrit Code Review
commit 275dab7eec
5 changed files with 175 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
gbpservice/neutron/db/migration/alembic_migrations/versions/6d76bcf836a7_gbp_ptgs_servicechain_mapping.py
View File

@ -38,9 +38,6 @@ def upgrade(active_plugins=None, options=None):
sa.ForeignKeyConstraint(['provider_ptg_id'],
['gp_policy_target_groups.id'],
ondelete='CASCADE'),
sa.ForeignKeyConstraint(['consumer_ptg_id'],
['gp_policy_target_groups.id'],
ondelete='CASCADE'),
sa.ForeignKeyConstraint(['servicechain_instance_id'],
['sc_instances.id'],
ondelete='CASCADE'),

6
gbpservice/neutron/services/grouppolicy/drivers/implicit_policy.py
View File

@ -151,8 +151,7 @@ class ImplicitPolicyDriver(api.PolicyDriver):
def update_external_policy_postcommit(self, context):
old_es_ids = set(context.original['external_segments'])
new_es_ids = set(context.current['external_segments'])
added = new_es_ids - old_es_ids
if not added:
if old_es_ids != new_es_ids and not new_es_ids:
self._use_implicit_external_segment(context)
@log.log
@ -164,8 +163,7 @@ class ImplicitPolicyDriver(api.PolicyDriver):
def update_l3_policy_postcommit(self, context):
old_es_ids = set(context.original['external_segments'].keys())
new_es_ids = set(context.current['external_segments'].keys())
added = new_es_ids - old_es_ids
if not added:
if old_es_ids != new_es_ids and not new_es_ids:
self._use_implicit_external_segment(context)
def _use_implicit_l2_policy(self, context):

58
gbpservice/neutron/services/grouppolicy/drivers/resource_mapping.py
View File

@ -98,10 +98,8 @@ class PtgServiceChainInstanceMapping(model_base.BASEV2):
sa.ForeignKey('gp_policy_target_groups.id',
ondelete='CASCADE'),
nullable=False)
consumer_ptg_id = sa.Column(sa.String(36),
sa.ForeignKey('gp_policy_target_groups.id',
ondelete='CASCADE'),
nullable=False)
# Consumer PTG could be an External Policy
consumer_ptg_id = sa.Column(sa.String(36), nullable=False)
servicechain_instance_id = sa.Column(sa.String(36),
sa.ForeignKey('sc_instances.id',
ondelete='CASCADE'),
@ -888,14 +886,11 @@ class ResourceMappingDriver(api.PolicyDriver):
# see bug #1398156
if len(context.current['external_segments']) > 1:
raise exc.MultipleESPerEPNotSupported()
# REVISIT(ivar): Remove when ES update is supported for EP
if not context.current['external_segments']:
raise exc.ESIdRequiredWhenCreatingEP()
# REVISIT(ivar): bug #1398156 only one EP is allowed per tenant
ep_number = context._plugin.get_external_policies_count(
context._plugin_context,
filters={'tenant_id': [context.current['tenant_id']]})
if ep_number - 1:
if ep_number > 1:
raise exc.OnlyOneEPPerTenantAllowed()
def create_external_policy_postcommit(self, context):
@ -903,6 +898,9 @@ class ResourceMappingDriver(api.PolicyDriver):
# The rules will be calculated as the symmetric difference between
# the union of all the Tenant's L3P supernets and the union of all the
# ES routes.
# REVISIT(ivar): Remove when ES update is supported for EP
if not context.current['external_segments']:
raise exc.ESIdRequiredWhenCreatingEP()
ep = context.current
if ep['external_segments']:
if (ep['provided_policy_rule_sets'] or
@ -913,11 +911,24 @@ class ResourceMappingDriver(api.PolicyDriver):
self._set_sg_rules_for_cidrs(
context, cidr_list, ep['provided_policy_rule_sets'],
ep['consumed_policy_rule_sets'])
if ep['consumed_policy_rule_sets']:
self._handle_redirect_action(context,
ep['consumed_policy_rule_sets'])
def update_external_policy_precommit(self, context):
if (context.current['external_segments'] !=
context.original['external_segments']):
raise exc.ESUpdateNotSupportedForEP()
if context.original['external_segments']:
if (set(context.current['external_segments']) !=
set(context.original['external_segments'])):
raise exc.ESUpdateNotSupportedForEP()
provider_ptg_chain_map = self._get_ptg_servicechain_mapping(
context._plugin_context.session,
context.current['id'],
None)
consumer_ptg_chain_map = self._get_ptg_servicechain_mapping(
context._plugin_context.session,
None,
context.current['id'],)
context.ptg_chain_map = provider_ptg_chain_map + consumer_ptg_chain_map
def update_external_policy_postcommit(self, context):
# REVISIT(ivar): Concurrency issue, the cidr_list could be different
@ -939,6 +950,9 @@ class ResourceMappingDriver(api.PolicyDriver):
context, cidr_list, prov_cons['provided_policy_rule_sets'],
prov_cons['consumed_policy_rule_sets'])
if prov_cons['consumed_policy_rule_sets']:
self._cleanup_redirect_action(context)
# Added PRS
for attr in prov_cons:
orig_policy_rule_sets = context.original[attr]
@ -952,10 +966,21 @@ class ResourceMappingDriver(api.PolicyDriver):
self._set_sg_rules_for_cidrs(
context, cidr_list, prov_cons['provided_policy_rule_sets'],
prov_cons['consumed_policy_rule_sets'])
# REVISIT(ivar): manage redirect action
if prov_cons['consumed_policy_rule_sets']:
self._handle_redirect_action(
context, prov_cons['consumed_policy_rule_sets'])
def delete_external_policy_precommit(self, context):
pass
provider_ptg_chain_map = self._get_ptg_servicechain_mapping(
context._plugin_context.session,
context.current['id'],
None)
consumer_ptg_chain_map = self._get_ptg_servicechain_mapping(
context._plugin_context.session,
None,
context.current['id'],)
context.ptg_chain_map = provider_ptg_chain_map + consumer_ptg_chain_map
def delete_external_policy_postcommit(self, context):
if (context.current['provided_policy_rule_sets'] or
@ -967,7 +992,7 @@ class ResourceMappingDriver(api.PolicyDriver):
context, cidr_list,
context.current['provided_policy_rule_sets'],
context.current['consumed_policy_rule_sets'])
# REVISIT(ivar): manage redirect action
self._cleanup_redirect_action(context)
def create_nat_pool_precommit(self, context):
# No FIP supported right now
@ -1293,8 +1318,9 @@ class ResourceMappingDriver(api.PolicyDriver):
context._plugin_context,
filters={'id': policy_rule_set_ids})
for policy_rule_set in policy_rule_sets:
ptgs_consuming_prs = policy_rule_set[
'consuming_policy_target_groups']
ptgs_consuming_prs = (
policy_rule_set['consuming_policy_target_groups'] +
policy_rule_set['consuming_external_policies'])
ptgs_providing_prs = policy_rule_set[
'providing_policy_target_groups']

12
gbpservice/neutron/tests/unit/db/grouppolicy/test_group_policy_db.py
View File

@ -135,12 +135,18 @@ class GroupPolicyDBTestBase(object):
raise webob.exc.HTTPClientError(code=res.status_int)
return self.deserialize(self.fmt, res)
def _show_gbp_resource(self, id, plural, is_admin_context=False,
tenant_id=None):
def _show_gbp_resource(self, id, plural, expected_res_status=None,
is_admin_context=False, tenant_id=None):
req = self.new_show_request(plural, id, fmt=self.fmt)
req.environ['neutron.context'] = context.Context(
'', tenant_id or self._tenant_id, is_admin_context)
return self.deserialize(self.fmt, req.get_response(self.ext_api))
res = req.get_response(self.ext_api)
if expected_res_status:
self.assertEqual(res.status_int, expected_res_status)
elif res.status_int >= webob.exc.HTTPClientError.code:
raise webob.exc.HTTPClientError(code=res.status_int)
return self.deserialize(self.fmt, res)
def _delete_gbp_resource(self, id, plural, is_admin_context=False,
expected_res_status=None, tenant_id=None):

130
gbpservice/neutron/tests/unit/services/grouppolicy/test_resource_mapping.py
View File

@ -56,9 +56,9 @@ CORE_PLUGIN = ('gbpservice.neutron.tests.unit.services.grouppolicy.'
class ResourceMappingTestCase(test_plugin.GroupPolicyPluginTestCase):
def setUp(self, policy_drivers=[]):
if not policy_drivers:
policy_drivers = ['implicit_policy', 'resource_mapping']
def setUp(self, policy_drivers=None):
policy_drivers = policy_drivers or ['implicit_policy',
'resource_mapping']
config.cfg.CONF.set_override('policy_drivers',
policy_drivers,
group='group_policy')
@ -214,13 +214,9 @@ class ResourceMappingTestCase(test_plugin.GroupPolicyPluginTestCase):
providing_ep_cidrs = self._get_cidrs_from_ep(
prs['providing_external_policies'], l3p_cidrs)
if len(prs['providing_external_policies']):
self.assertTrue(len(providing_ep_cidrs))
consuming_ep_cidrs = self._get_cidrs_from_ep(
prs['consuming_external_policies'], l3p_cidrs)
if len(prs['consuming_external_policies']):
self.assertTrue(len(consuming_ep_cidrs))
consumers = consuming_ep_cidrs | consuming_ptg_cidrs
providers = providing_ptg_cidrs | providing_ep_cidrs
@ -1822,7 +1818,7 @@ class TestPolicyRuleSet(ResourceMappingTestCase):
# No more service chain instances when all the providers are deleted
self.assertEqual(len(sc_instances['servicechain_instances']), 0)
def test_hierarchial_redirect(self):
def test_hierarchical_redirect(self):
scs_id = self._create_servicechain_spec()
_, classifier_id, policy_rule_id = self._create_tcp_redirect_rule(
"20:90", scs_id)
@ -2276,6 +2272,98 @@ class TestPolicyRuleSet(ResourceMappingTestCase):
self.delete_policy_target_group(ptg['id'])
self._verify_prs_rules(prs['id'])
def test_redirect_to_ep(self):
scs_id = self._create_servicechain_spec()
_, _, policy_rule_id = self._create_tcp_redirect_rule(
"20:90", scs_id)
policy_rule_set = self.create_policy_rule_set(
name="c1", policy_rules=[policy_rule_id])
policy_rule_set_id = policy_rule_set['policy_rule_set']['id']
with self.network(router__external=True, shared=True) as net:
with self.subnet(cidr='192.168.0.0/24', network=net) as sub:
self.create_external_segment(
shared=True,
tenant_id='admin', name="default",
subnet_id=sub['subnet']['id'])['external_segment']
ep = self.create_external_policy(
consumed_policy_rule_sets={policy_rule_set_id: ''})
provider = self.create_policy_target_group(
provided_policy_rule_sets={policy_rule_set_id: ''})
self._verify_prs_rules(policy_rule_set_id)
sc_node_list_req = self.new_list_request(
SERVICECHAIN_INSTANCES)
res = sc_node_list_req.get_response(self.ext_api)
sc_instances = self.deserialize(self.fmt, res)
# We should have one service chain instance created now
self.assertEqual(
1, len(sc_instances['servicechain_instances']))
sc_instance = sc_instances['servicechain_instances'][0]
self._assert_proper_chain_instance(
sc_instance, provider['policy_target_group']['id'],
ep['external_policy']['id'], [scs_id])
# Verify that PTG delete cleans up the chain instances
req = self.new_delete_request(
'external_policies', ep['external_policy']['id'])
res = req.get_response(self.ext_api)
self.assertEqual(res.status_int, webob.exc.HTTPNoContent.code)
sc_node_list_req = self.new_list_request(
SERVICECHAIN_INSTANCES)
res = sc_node_list_req.get_response(self.ext_api)
sc_instances = self.deserialize(self.fmt, res)
self.assertEqual(
0, len(sc_instances['servicechain_instances']))
def test_redirect_to_ep_update(self):
scs_id = self._create_servicechain_spec()
_, _, policy_rule_id = self._create_tcp_redirect_rule(
"20:90", scs_id)
policy_rule_set = self.create_policy_rule_set(
name="c1", policy_rules=[policy_rule_id])
policy_rule_set_id = policy_rule_set['policy_rule_set']['id']
with self.network(router__external=True, shared=True) as net:
with self.subnet(cidr='192.168.0.0/24', network=net) as sub:
self.create_external_segment(
shared=True,
tenant_id='admin', name="default",
subnet_id=sub['subnet']['id'])['external_segment']
ep = self.create_external_policy()
provider = self.create_policy_target_group(
provided_policy_rule_sets={policy_rule_set_id: ''})
self.update_external_policy(
ep['external_policy']['id'],
consumed_policy_rule_sets={policy_rule_set_id: ''})
self._verify_prs_rules(policy_rule_set_id)
sc_node_list_req = self.new_list_request(
SERVICECHAIN_INSTANCES)
res = sc_node_list_req.get_response(self.ext_api)
sc_instances = self.deserialize(self.fmt, res)
# We should have one service chain instance created now
self.assertEqual(
1, len(sc_instances['servicechain_instances']))
sc_instance = sc_instances['servicechain_instances'][0]
self._assert_proper_chain_instance(
sc_instance, provider['policy_target_group']['id'],
ep['external_policy']['id'], [scs_id])
self.update_external_policy(
ep['external_policy']['id'],
consumed_policy_rule_sets={})
sc_node_list_req = self.new_list_request(
SERVICECHAIN_INSTANCES)
res = sc_node_list_req.get_response(self.ext_api)
sc_instances = self.deserialize(self.fmt, res)
self.assertEqual(
0, len(sc_instances['servicechain_instances']))
class TestExternalSegment(ResourceMappingTestCase):
@ -2390,6 +2478,32 @@ class TestExternalSegment(ResourceMappingTestCase):
l3p = self.create_l3_policy()['l3_policy']
self.assertEqual(es['id'], l3p['external_segments'].keys()[0])
ep = self.create_external_policy()['external_policy']
self.assertEqual(es['id'], ep['external_segments'][0])
prs = self.create_policy_rule_set()['policy_rule_set']
ep = self.update_external_policy(
ep['id'], provided_policy_rule_sets={prs['id']: ''},
expected_res_status=200)
def test_implicit_es_shared(self):
with self.network(router__external=True, shared=True) as net:
with self.subnet(cidr='192.168.0.0/24', network=net) as sub:
es = self.create_external_segment(
shared=True,
tenant_id='admin', name="default",
subnet_id=sub['subnet']['id'])['external_segment']
l3p = self.create_l3_policy()['l3_policy']
self.assertEqual(es['id'], l3p['external_segments'].keys()[0])
ep = self.create_external_policy()['external_policy']
self.assertEqual(es['id'], ep['external_segments'][0])
prs = self.create_policy_rule_set()['policy_rule_set']
ep = self.update_external_policy(
ep['id'], provided_policy_rule_sets={prs['id']: ''},
expected_res_status=200)
class TestExternalPolicy(ResourceMappingTestCase):