Shared column in APG schema & change devstack plugin name

Also updates exercise script which will catch this.

And also fixes an issue due to which the AIM gate job was
running against the master branch of GBP source versus
the branch checked out for this patchset by the infra
job. This is fixed by changing the GBP devstack plugin name
to group-based-policy instead of the earlier name 'gbp'.
This allows the job to use the 'group-based-policy' source
directory cloned by the OpenStack infra job (for the current
patchset) as opposed to cloning into a new 'gbp' directory
from the master. Unfortunately, a lot of special casing
needs to be introduced for configuration of other services
as well. It is not possible to get away from this special
casing to be able to install from the intree devstack plugin
and the GBP master branch is behind the OpenStack master
release.

Closes-bug: 1674024

Change-Id: I5bd3f1c3ecfbedbd24243c2c111472dcff9059a2

devstack/README-NFP-Base-Mode

@@ -32,7 +32,7 @@ Steps to test Base Mode:
 ========================
 
 (1) Create a test chain with the service VM.
-    # cd /opt/stack/gbp/devstack/exercises/nfp_service
+    # cd /opt/stack/group-based-policy/devstack/exercises/nfp_service
     # bash lb_base.sh
 
 (2) Login to the UI, create one member in consumer group and two members
@@ -45,14 +45,14 @@ Steps to test Base Mode:
 (4) Delete members created in the consumer and provider groups in step 2.
 
 (5) Delete the test chain.
-    # cd /opt/stack/gbp/devstack/exercises/nfp_service
+    # cd /opt/stack/group-based-policy/devstack/exercises/nfp_service
     # bash lb_base_clean.sh
 
 
 Steps to test Base Mode with VM:
 ================================
 (1) Create a test chain with the service VM.
-    # cd /opt/stack/gbp/devstack/exercises/nfp_service
+    # cd /opt/stack/group-based-policy/devstack/exercises/nfp_service
     # bash fw_base_vm.sh
 
 (2) Login to the UI, create a member in the consumer and provider groups.
@@ -60,12 +60,12 @@ Steps to test Base Mode with VM:
 (3) Test firewall with traffic from consumer VM.
 
 (4) Log-in into service VM
-    # cd /opt/stack/gbp/gbpservice/contrib/nfp/tools/image_builder
+    # cd /opt/stack/group-based-policy/gbpservice/contrib/nfp/tools/image_builder
     # sudo ip netns exec nfp-proxy ssh -i nfp_reference_service ubuntu@<nfp_service mgmt-ip>
 
 (5) Delete members created in the consumer and provider groups in step 2.
 
 (6) Delete the test chain.
-    # cd /opt/stack/gbp/devstack/exercises/nfp_service
+    # cd /opt/stack/group-based-policy/devstack/exercises/nfp_service
     # bash fw_base_vm_clean.sh
 

devstack/lib/group-based-policy

@@ -1,4 +1,4 @@
-# lib/gbp
+# lib/group-based-policy
 # functions - functions specific to group-based-policy
 
 # Dependencies:
@@ -15,7 +15,7 @@
 # ``unstack.sh`` calls the entry points in this order:
 
 # Set up default directories
-GBPSERVICE_DIR=$DEST/gbp
+GBPSERVICE_DIR=$DEST/group-based-policy
 GBPCLIENT_DIR=$DEST/python-gbpclient
 GBPHEAT_DIR=$DEST/gbpautomation
 GBPUI_DIR=$DEST/gbpui

devstack/local.conf.nfp

@@ -55,5 +55,5 @@ if [[ $ENABLE_NFP = True ]]; then
 
     fi
 fi
-enable_plugin gbp $GBPSERVICE_REPO $GBPSERVICE_BRANCH
+enable_plugin group-based-policy $GBPSERVICE_REPO $GBPSERVICE_BRANCH
 

devstack/plugin.sh

@@ -104,8 +104,8 @@ if is_service_enabled group-policy; then
         fi
     elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
         echo_summary "Configuring $GBP"
-        gbp_configure_nova
-        gbp_configure_heat
+        [[ $ENABLE_APIC_AIM_GATE = False ]] && gbp_configure_nova
+        [[ $ENABLE_APIC_AIM_GATE = False ]] && gbp_configure_heat
         gbp_configure_neutron
         if [[ $ENABLE_NFP = True ]]; then
             echo_summary "Configuring $NFP"
@@ -123,11 +123,11 @@ if is_service_enabled group-policy; then
         [[ $ENABLE_NFP = True ]] && install_nfpgbpservice
         init_gbpservice
         [[ $ENABLE_NFP = True ]] && init_nfpgbpservice
-        install_gbpheat
-        install_gbpui
+        [[ $ENABLE_APIC_AIM_GATE = False ]] && install_gbpheat
+        [[ $ENABLE_APIC_AIM_GATE = False ]] && install_gbpui
         [[ $ENABLE_APIC_AIM = True || $ENABLE_APIC_AIM_GATE = True ]] && configure_apic_aim
-        stop_apache_server
-        start_apache_server
+        [[ $ENABLE_APIC_AIM_GATE = False ]] && stop_apache_server
+        [[ $ENABLE_APIC_AIM_GATE = False ]] && start_apache_server
     elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
         echo_summary "Initializing $GBP"
         if [[ $ENABLE_NFP = True ]]; then

devstack/settings

@@ -1,14 +1,14 @@
-# Make sure the plugin name in local.conf is "gbp", as in: enable_plugin gbp <remote> <branch>
-source $DEST/gbp/devstack/lib/gbp
+# Make sure the plugin name in local.conf is "group-based-policy", as in: enable_plugin group-based-policy <remote> <branch>
+source $DEST/group-based-policy/devstack/lib/group-based-policy
 
 ENABLE_APIC_AIM=${ENABLE_APIC_AIM:-False}
 ENABLE_APIC_AIM_GATE=${ENABLE_APIC_AIM_GATE:-False}
-[[ $ENABLE_APIC_AIM = True ]] && source $DEST/gbp/devstack/lib/apic_aim
-[[ $ENABLE_APIC_AIM_GATE = True ]] && source $DEST/gbp/devstack/lib/apic_aim
+[[ $ENABLE_APIC_AIM = True ]] && source $DEST/group-based-policy/devstack/lib/apic_aim
+[[ $ENABLE_APIC_AIM_GATE = True ]] && source $DEST/group-based-policy/devstack/lib/apic_aim
 
 ENABLE_NFP=${ENABLE_NFP:-False}
 [[ $ENABLE_NFP = True ]] && NFP_DEVSTACK_MODE=${NFP_DEVSTACK_MODE:-base}
-[[ $ENABLE_NFP = True ]] && source $DEST/gbp/devstack/lib/nfp
+[[ $ENABLE_NFP = True ]] && source $DEST/group-based-policy/devstack/lib/nfp
 # VM locations
 ConfiguratorQcow2Image=${ConfiguratorQcow2Image:-build}
 
@@ -35,7 +35,6 @@ APICAPI_BRANCH=${APICAPI_BRANCH:-aci_integration_manager}
 
 # Enable necessary services, including group-policy (and disable others)
 disable_service n-net
-enable_service n-novnc
 enable_service q-svc
 if [[ $ENABLE_APIC_AIM = True || $ENABLE_APIC_AIM_GATE = True ]]; then
    disable_service q-agt
@@ -61,8 +60,13 @@ fi
 enable_service q-meta
 enable_service neutron
 enable_service group-policy
-disable_service tempest
-ENABLED_SERVICES+=,heat,h-api,h-api-cfn,h-api-cw,h-eng
+if [[ $ENABLE_APIC_AIM_GATE = False ]]; then
+    ENABLED_SERVICES+=,heat,h-api,h-api-cfn,h-api-cw,h-eng
+    disable_service tempest
+else
+    # this may not be required
+    DISABLED_SERVICES+=,n-api,n-cpu,n-cond,n-sch,n-novnc,n-cauth,g-api,g-reg,c-sch,c-api,c-vol,horizon,heat,h-api,h-api-cfn,h-api-cw,h-eng,dstat,tempest
+fi
 if [[ $ENABLE_NFP = True ]]; then
     # NFP services
     enable_service nfp_orchestrator

doc/source/installation.rst

@@ -14,15 +14,25 @@ Or, if you have virtualenvwrapper installed::
 Using DevStack
 --------------
 
-First, clone the latest ``stable/mitaka`` branch of DevStack::
+First, clone the latest ``stable/newton`` branch of DevStack::
 
-    $ git clone -b stable/mitaka https://git.openstack.org/openstack-dev/devstack
+    $ git clone -b stable/newton https://git.openstack.org/openstack-dev/devstack
     $ cd devstack
 
 Then, create a basic ``local.conf`` including at least the following lines::
 
     [[local|localrc]]
-    enable_plugin gbp https://git.openstack.org/openstack/group-based-policy master
+    enable_plugin group-based-policy https://git.openstack.org/openstack/group-based-policy master
+
+Or, if you need install from a patch under review::
+
+    [[local|localrc]]
+    enable_plugin group-based-policy https://git.openstack.org/openstack/group-based-policy <GITREF>
+
+where, GITREF is the patchset reference of the patchset under review. E.g.::
+
+    [[local|localrc]]
+    enable_plugin group-based-policy https://git.openstack.org/openstack/group-based-policy refs/changes/65/353265/2
 
 Finally, you are ready to run ``stack.sh``.
 
@@ -43,5 +53,4 @@ pointing to GitHub::
     GIT_BASE=https://github.com
     RECLONE=True
 
-    enable_plugin gbp https://github.com/openstack/group-based-policy.git master
-
+    enable_plugin group-based-policy https://github.com/openstack/group-based-policy.git master

gbpservice/neutron/db/migration/alembic_migrations/versions/b6e301d5757f_application_policy_group.py

@@ -25,6 +25,7 @@ down_revision = 'daaa11a358a2'
 
 from alembic import op
 import sqlalchemy as sa
+from sqlalchemy import sql
 
 
 def upgrade():
@@ -37,6 +38,8 @@ def upgrade():
         sa.Column('description', sa.String(length=255), nullable=True),
         sa.Column('status', sa.String(length=16), nullable=True),
         sa.Column('status_details', sa.String(length=4096), nullable=True),
+        sa.Column('shared', sa.Boolean, nullable=True,
+                  server_default=sql.false()),
         sa.PrimaryKeyConstraint('id'))
 
     op.add_column(

gbpservice/tests/contrib/devstack/exercises-aim/gbp_aim.sh

@@ -68,10 +68,13 @@ gbp policy-rule-set-create icmp-policy-rule-set --policy-rules ping-policy-rule
 gbp policy-rule-set-create web-policy-rule-set --policy-rules web-policy-rule
 
 # ====== PROJECT OPERATION ======
+# APG creation
+gbp apg-create myapp
+
 # PTGs creation
-gbp group-create  web
-gbp group-create  client-1
-gbp group-create  client-2
+gbp group-create  --application-policy-group myapp web
+gbp group-create  --application-policy-group myapp client-1
+gbp group-create  --application-policy-group myapp client-2
 
 # PT creation
 WEB_PORT=$(gbp policy-target-create web-pt-1 --policy-target-group web | awk "/port_id/ {print \$4}")
@@ -129,6 +132,8 @@ gbp group-delete  web
 gbp group-delete  client-1
 gbp group-delete  client-2
 
+gbp apg-delete myapp
+
 gbp policy-rule-set-delete icmp-policy-rule-set
 gbp policy-rule-set-delete web-policy-rule-set
 

gbpservice/tests/contrib/devstack/exercises/gbp.sh

@@ -68,10 +68,13 @@ gbp policy-rule-set-create icmp-policy-rule-set --policy-rules ping-policy-rule
 gbp policy-rule-set-create web-policy-rule-set --policy-rules web-policy-rule
 
 # ====== PROJECT OPERATION ======
+# APG creation
+gbp apg-create myapp
+
 # PTGs creation
-gbp group-create  web
-gbp group-create  client-1
-gbp group-create  client-2
+gbp group-create  --application-policy-group myapp web
+gbp group-create  --application-policy-group myapp client-1
+gbp group-create  --application-policy-group myapp client-2
 
 # PT creation
 WEB_PORT=$(gbp policy-target-create web-pt-1 --policy-target-group web | awk "/port_id/ {print \$4}")
@@ -127,6 +130,8 @@ gbp group-delete  web
 gbp group-delete  client-1
 gbp group-delete  client-2
 
+gbp apg-delete myapp
+
 gbp policy-rule-set-delete icmp-policy-rule-set
 gbp policy-rule-set-delete web-policy-rule-set
 

gbpservice/tests/contrib/devstack/local-aim.conf

@@ -12,12 +12,7 @@ SCREEN_LOGDIR=$DEST/logs/screen
 LOGFILE=$DEST/logs/stack.sh.log
 SKIP_EXERCISES=volumes,trove,swift,sahara,euca,bundle,boot_from_volume,aggregates,zaqar,client-env,client-args,sec_groups,neutron-adv-test,floating_ips,horizon
 
-#OFFLINE=True
-RECLONE=True
-
-# TODO(Sumit): Revert the following once this patch is merged
-#enable_plugin gbp https://github.com/openstack/group-based-policy.git master
-enable_plugin gbp https://git.openstack.org/openstack/group-based-policy refs/changes/47/439247/16
+enable_plugin group-based-policy https://github.com/openstack/group-based-policy.git master
 
 ENABLE_APIC_AIM_GATE=True
 

gbpservice/tests/contrib/functions-gbp

@@ -50,6 +50,20 @@ function prepare_gbp_aim_devstack {
     # Use the aim version of the shared PRS test
     sudo mv $GBP_FUNC_DIR/testcases/tc_gbp_prs_pr_shared_func.py.aim $GBP_FUNC_DIR/testcases/tc_gbp_prs_pr_shared_func.py 
     sudo mv $GBP_FUNC_DIR/testcases/tc_gbp_prs_func.py.aim $GBP_FUNC_DIR/testcases/tc_gbp_prs_func.py
+    # The following should updated when master moves to a new release
+    # We need to do the following since the infra job clones these repos and
+    # checks out the master branch (as this is the master branch) and later
+    # does not switch to the stable/newton branch when installing devstack
+    # since the repo is already present.
+    # This can be worked around by changing the job description in
+    # project-config to set BRANCH_OVERRIDE to use the stable/newton branch
+    sudo git --git-dir=/opt/stack/new/neutron/.git --work-tree=/opt/stack/new/neutron checkout stable/newton
+    sudo git --git-dir=/opt/stack/new/nova/.git --work-tree=/opt/stack/new/nova checkout stable/newton
+    sudo git --git-dir=/opt/stack/new/keystone/.git --work-tree=/opt/stack/new/keystone checkout stable/newton
+    sudo git --git-dir=/opt/stack/new/cinder/.git --work-tree=/opt/stack/new/cinder checkout stable/newton
+    sudo git --git-dir=/opt/stack/new/requirements/.git --work-tree=/opt/stack/new/requirements checkout stable/newton
+    export ENABLED_SERVICES="key,rabbit,mysql"
+
     source $TOP_DIR/functions
     source $TOP_DIR/functions-common
 }
@@ -105,6 +119,7 @@ function check_residual_resources {
     gbp nat-pool-list
     gbp external-policy-list
     gbp external-segment-list
+    gbp apg-list
 
     neutron router-list
     neutron net-list

gbpservice/tests/contrib/gbpfunctests/libs/verify_libs.py

@@ -23,6 +23,19 @@ _log = logging.getLogger()
 _log.setLevel(logging.INFO)
 
 
+orig_getoutput = commands.getoutput
+
+
+def getoutput(cmd):
+    _log.info('Running cmd: %s\n' % (cmd))
+    cmd_out = orig_getoutput(cmd)
+    _log.info('Cmd output: %s\n' % (cmd_out))
+    return cmd_out
+
+
+commands.getoutput = getoutput
+
+
 class Gbp_Verify(object):
 
     def __init__(self):

gbpservice/tests/contrib/post_test_hook.sh

@@ -6,6 +6,12 @@ set -x
 
 trap prepare_logs ERR
 
+sudo git --git-dir=/opt/stack/new/neutron/.git --work-tree=/opt/stack/new/neutron show --name-only
+sudo git --git-dir=/opt/stack/new/neutron/.git --work-tree=/opt/stack/new/neutron status
+sudo pip show neutron-lib
+sudo git --git-dir=/opt/stack/new/group-based-policy/.git --work-tree=/opt/stack/new/group-based-policy show --name-only
+sudo git --git-dir=/opt/stack/new/group-based-policy/.git --work-tree=/opt/stack/new/group-based-policy status
+
 # Run exercise scripts
 $TOP_DIR/exercise.sh
 exercises_exit_code=$?