Add api support for enabling snat rule logging
1. For MP, add logging parameter in snat rule creating api
2. For Policy, change parameter name from log to logging for tier0
and tier1 snat rule object.
Change-Id: I4f03fa6a35f138a7112782d58a1cc5a4b1648d61
(cherry picked from commit 0323737ed1
)
This commit is contained in:
parent
6a05cd2383
commit
7301402c29
|
@ -3575,6 +3575,7 @@ class TestPolicyTier0NatRule(NsxPolicyLibTestCase):
|
|||
cidr1 = '1.1.1.1/32'
|
||||
cidr2 = '2.2.2.0/24'
|
||||
enabled = True
|
||||
logging = False
|
||||
|
||||
with mock.patch.object(self.policy_api,
|
||||
"create_or_update") as api_call:
|
||||
|
@ -3587,7 +3588,8 @@ class TestPolicyTier0NatRule(NsxPolicyLibTestCase):
|
|||
source_network=cidr2,
|
||||
firewall_match=firewall_match,
|
||||
tenant=TEST_TENANT,
|
||||
enabled=enabled)
|
||||
enabled=enabled,
|
||||
logging=logging)
|
||||
expected_def = core_defs.Tier0NatRule(
|
||||
tier0_id=tier0_id,
|
||||
nat_rule_id=nat_rule_id,
|
||||
|
@ -3599,7 +3601,8 @@ class TestPolicyTier0NatRule(NsxPolicyLibTestCase):
|
|||
source_network=cidr2,
|
||||
firewall_match=firewall_match,
|
||||
tenant=TEST_TENANT,
|
||||
enabled=enabled)
|
||||
enabled=enabled,
|
||||
logging=logging)
|
||||
self.assert_called_with_def(api_call, expected_def)
|
||||
self.assertIsNotNone(result)
|
||||
|
||||
|
@ -3643,6 +3646,7 @@ class TestPolicyTier0NatRule(NsxPolicyLibTestCase):
|
|||
cidr1 = '1.1.1.1/32'
|
||||
cidr2 = '2.2.2.0/24'
|
||||
enabled = True
|
||||
logging = False
|
||||
|
||||
with mock.patch.object(self.policy_api,
|
||||
"create_or_update") as api_call:
|
||||
|
@ -3655,7 +3659,8 @@ class TestPolicyTier0NatRule(NsxPolicyLibTestCase):
|
|||
firewall_match=firewall_match,
|
||||
source_network=cidr2,
|
||||
tenant=TEST_TENANT,
|
||||
enabled=enabled)
|
||||
enabled=enabled,
|
||||
logging=logging)
|
||||
|
||||
expected_def = core_defs.Tier0NatRule(
|
||||
tier0_id=tier0_id,
|
||||
|
@ -3668,7 +3673,8 @@ class TestPolicyTier0NatRule(NsxPolicyLibTestCase):
|
|||
firewall_match=firewall_match,
|
||||
source_network=cidr2,
|
||||
tenant=TEST_TENANT,
|
||||
enabled=enabled)
|
||||
enabled=enabled,
|
||||
logging=logging)
|
||||
self.assert_called_with_def(api_call, expected_def)
|
||||
|
||||
|
||||
|
@ -3688,6 +3694,7 @@ class TestPolicyTier1NatRule(NsxPolicyLibTestCase):
|
|||
cidr1 = '1.1.1.1/32'
|
||||
cidr2 = '2.2.2.0/24'
|
||||
enabled = True
|
||||
logging = True
|
||||
|
||||
with mock.patch.object(self.policy_api,
|
||||
"create_or_update") as api_call:
|
||||
|
@ -3700,7 +3707,8 @@ class TestPolicyTier1NatRule(NsxPolicyLibTestCase):
|
|||
firewall_match=firewall_match,
|
||||
source_network=cidr2,
|
||||
tenant=TEST_TENANT,
|
||||
enabled=enabled)
|
||||
enabled=enabled,
|
||||
logging=logging)
|
||||
|
||||
expected_def = core_defs.Tier1NatRule(
|
||||
tier1_id=tier1_id,
|
||||
|
@ -3713,7 +3721,8 @@ class TestPolicyTier1NatRule(NsxPolicyLibTestCase):
|
|||
firewall_match=firewall_match,
|
||||
source_network=cidr2,
|
||||
tenant=TEST_TENANT,
|
||||
enabled=enabled)
|
||||
enabled=enabled,
|
||||
logging=logging)
|
||||
self.assert_called_with_def(api_call, expected_def)
|
||||
self.assertIsNotNone(result)
|
||||
|
||||
|
@ -3742,6 +3751,7 @@ class TestPolicyTier1NatRule(NsxPolicyLibTestCase):
|
|||
cidr1 = '1.1.1.1/32'
|
||||
cidr2 = '2.2.2.0/24'
|
||||
enabled = True
|
||||
logging = True
|
||||
|
||||
with mock.patch.object(self.policy_api,
|
||||
"create_or_update") as api_call:
|
||||
|
@ -3754,7 +3764,8 @@ class TestPolicyTier1NatRule(NsxPolicyLibTestCase):
|
|||
firewall_match=firewall_match,
|
||||
source_network=cidr2,
|
||||
tenant=TEST_TENANT,
|
||||
enabled=enabled)
|
||||
enabled=enabled,
|
||||
logging=logging)
|
||||
|
||||
expected_def = core_defs.Tier1NatRule(
|
||||
tier1_id=tier1_id,
|
||||
|
@ -3767,7 +3778,8 @@ class TestPolicyTier1NatRule(NsxPolicyLibTestCase):
|
|||
firewall_match=firewall_match,
|
||||
source_network=cidr2,
|
||||
tenant=TEST_TENANT,
|
||||
enabled=enabled)
|
||||
enabled=enabled,
|
||||
logging=logging)
|
||||
self.assert_called_with_def(api_call, expected_def)
|
||||
|
||||
|
||||
|
|
|
@ -972,7 +972,8 @@ class LogicalRouterTestCase(BaseTestResource):
|
|||
self.assertEqual(test_constants.FAKE_ROUTER_FW_SEC_UUID, section_id)
|
||||
|
||||
def _test_nat_rule_create(self, nsx_version, add_bypas_arg=True,
|
||||
action='SNAT', expect_failure=False):
|
||||
action='SNAT', expect_failure=False,
|
||||
logging=False):
|
||||
router = self.get_mocked_resource()
|
||||
translated_net = '1.1.1.1'
|
||||
priority = 10
|
||||
|
@ -983,7 +984,8 @@ class LogicalRouterTestCase(BaseTestResource):
|
|||
'display_name': display_name,
|
||||
'enabled': True,
|
||||
'translated_network': translated_net,
|
||||
'rule_priority': priority
|
||||
'rule_priority': priority,
|
||||
'logging': logging
|
||||
}
|
||||
if add_bypas_arg:
|
||||
# Expect nat_pass to be sent to the backend
|
||||
|
@ -998,7 +1000,8 @@ class LogicalRouterTestCase(BaseTestResource):
|
|||
translated_network=translated_net,
|
||||
rule_priority=priority,
|
||||
bypass_firewall=False,
|
||||
display_name=display_name)
|
||||
display_name=display_name,
|
||||
logging=logging)
|
||||
except exceptions.InvalidInput as e:
|
||||
if expect_failure:
|
||||
return
|
||||
|
@ -1016,6 +1019,10 @@ class LogicalRouterTestCase(BaseTestResource):
|
|||
# Ignoring 'bypass_firewall' with version 1.1
|
||||
self._test_nat_rule_create('1.1.0', add_bypas_arg=False)
|
||||
|
||||
def test_nat_rule_create_with_logging(self):
|
||||
# enable logging parameter in snat obj
|
||||
self._test_nat_rule_create('1.1.0', add_bypas_arg=False, logging=True)
|
||||
|
||||
def test_nat_rule_create_v2(self):
|
||||
# Sending 'bypass_firewall' with version 1.1
|
||||
self._test_nat_rule_create('2.0.0')
|
||||
|
|
|
@ -596,7 +596,7 @@ class NsxLibLogicalRouter(utils.NsxLibApiBase):
|
|||
enabled=True, rule_priority=None,
|
||||
match_ports=None, match_protocol=None,
|
||||
match_resource_type=None,
|
||||
bypass_firewall=True,
|
||||
bypass_firewall=True, logging=None,
|
||||
tags=None,
|
||||
display_name=None):
|
||||
self._validate_nat_rule_action(action)
|
||||
|
@ -629,6 +629,8 @@ class NsxLibLogicalRouter(utils.NsxLibApiBase):
|
|||
body['tags'] = tags
|
||||
if display_name:
|
||||
body['display_name'] = display_name
|
||||
if logging is not None:
|
||||
body['logging'] = logging
|
||||
return self.client.create(resource, body)
|
||||
|
||||
def change_edge_firewall_status(self, logical_router_id, action):
|
||||
|
|
|
@ -647,7 +647,7 @@ class RouterNatRule(ResourceDef):
|
|||
'destination_network',
|
||||
'translated_network',
|
||||
'firewall_match',
|
||||
'log',
|
||||
'logging',
|
||||
'sequence_number',
|
||||
'enabled'])
|
||||
return body
|
||||
|
|
|
@ -1693,7 +1693,7 @@ class NsxPolicyTier0NatRuleApi(NsxPolicyResourceBase):
|
|||
firewall_match=constants.NAT_FIREWALL_MATCH_BYPASS,
|
||||
action=IGNORE,
|
||||
sequence_number=IGNORE,
|
||||
log=IGNORE,
|
||||
logging=IGNORE,
|
||||
tags=IGNORE,
|
||||
tenant=constants.POLICY_INFRA_TENANT,
|
||||
enabled=IGNORE):
|
||||
|
@ -1710,7 +1710,7 @@ class NsxPolicyTier0NatRuleApi(NsxPolicyResourceBase):
|
|||
firewall_match=firewall_match,
|
||||
action=action,
|
||||
sequence_number=sequence_number,
|
||||
log=log,
|
||||
logging=logging,
|
||||
tags=tags,
|
||||
tenant=tenant,
|
||||
enabled=enabled)
|
||||
|
@ -1745,7 +1745,7 @@ class NsxPolicyTier0NatRuleApi(NsxPolicyResourceBase):
|
|||
firewall_match=IGNORE,
|
||||
action=IGNORE,
|
||||
sequence_number=IGNORE,
|
||||
log=IGNORE,
|
||||
logging=IGNORE,
|
||||
tags=IGNORE,
|
||||
tenant=constants.POLICY_INFRA_TENANT,
|
||||
enabled=IGNORE):
|
||||
|
@ -1760,7 +1760,7 @@ class NsxPolicyTier0NatRuleApi(NsxPolicyResourceBase):
|
|||
firewall_match=firewall_match,
|
||||
action=action,
|
||||
sequence_number=sequence_number,
|
||||
log=log,
|
||||
logging=logging,
|
||||
tags=tags,
|
||||
tenant=tenant,
|
||||
enabled=enabled)
|
||||
|
@ -1783,7 +1783,7 @@ class NsxPolicyTier1NatRuleApi(NsxPolicyResourceBase):
|
|||
firewall_match=constants.NAT_FIREWALL_MATCH_BYPASS,
|
||||
action=IGNORE,
|
||||
sequence_number=IGNORE,
|
||||
log=IGNORE,
|
||||
logging=IGNORE,
|
||||
tags=IGNORE,
|
||||
tenant=constants.POLICY_INFRA_TENANT,
|
||||
enabled=IGNORE):
|
||||
|
@ -1800,7 +1800,7 @@ class NsxPolicyTier1NatRuleApi(NsxPolicyResourceBase):
|
|||
firewall_match=firewall_match,
|
||||
action=action,
|
||||
sequence_number=sequence_number,
|
||||
log=log,
|
||||
logging=logging,
|
||||
tags=tags,
|
||||
tenant=tenant,
|
||||
enabled=enabled)
|
||||
|
@ -1835,7 +1835,7 @@ class NsxPolicyTier1NatRuleApi(NsxPolicyResourceBase):
|
|||
firewall_match=IGNORE,
|
||||
action=IGNORE,
|
||||
sequence_number=IGNORE,
|
||||
log=IGNORE,
|
||||
logging=IGNORE,
|
||||
tags=IGNORE,
|
||||
tenant=constants.POLICY_INFRA_TENANT,
|
||||
enabled=IGNORE):
|
||||
|
@ -1850,7 +1850,7 @@ class NsxPolicyTier1NatRuleApi(NsxPolicyResourceBase):
|
|||
firewall_match=firewall_match,
|
||||
action=action,
|
||||
sequence_number=sequence_number,
|
||||
log=log,
|
||||
logging=logging,
|
||||
tags=tags,
|
||||
tenant=tenant,
|
||||
enabled=enabled)
|
||||
|
|
Loading…
Reference in New Issue