Restore FEATURE_ROUTER_FIREWALL, remove nat_pass usage

This patch restores FEATURE_ROUTER_FIREWALL, since the corresponding
feature is still available in NSX 4.0.1 onwards, but dropt usage of
the deprecated nat_pass parameter in favour of firewall_match.

All existing supported NSX releases can leverage the firewall_match
parameter for NAT rules.

Change-Id: I1dd5d2582ee291ce08af541c1a9a30ea86b33503
This commit is contained in:
Salvatore Orlando 2022-08-22 00:41:50 -07:00
parent 26acee40ad
commit 7624236634
5 changed files with 11 additions and 21 deletions

View File

@ -989,8 +989,8 @@ class LogicalRouterTestCase(BaseTestResource):
'logging': logging
}
if add_bypass_arg and not firewall_match:
# Expect nat_pass to be sent to the backend
data['nat_pass'] = False
# When bypass is specified we either set match to internal addr
data['firewall_match'] = 'MATCH_INTERNAL_ADDRESS'
elif firewall_match:
data['firewall_match'] = firewall_match

View File

@ -375,14 +375,6 @@ class NsxFeaturesTestCase(nsxlib_testcase.NsxLibTestCase):
self.assertTrue(self.nsxlib.feature_supported(
nsx_constants.FEATURE_EXCLUDE_PORT_BY_TAG))
def test_v4_features(self):
self.nsxlib.nsx_version = "4.0.1"
self.assertFalse(self.nsxlib.feature_supported(
nsx_constants.FEATURE_ROUTER_FIREWALL))
self.nsxlib.nsx_version = "4.0.0"
self.assertTrue(self.nsxlib.feature_supported(
nsx_constants.FEATURE_ROUTER_FIREWALL))
def test_v2_features_plus(self):
self.test_v2_features(current_version='2.0.1')

View File

@ -148,12 +148,6 @@ class NsxLib(lib.NsxLibBase):
return node.get('export_type') == 'RESTRICTED'
def feature_supported(self, feature):
if (version.LooseVersion(self.get_version()) >=
version.LooseVersion(nsx_constants.NSX_VERSION_4_0_1)):
# feature added since 2.0, removed since 4.0.1
if feature == nsx_constants.FEATURE_ROUTER_FIREWALL:
return False
if (version.LooseVersion(self.get_version()) >=
version.LooseVersion(nsx_constants.NSX_VERSION_3_1_0)):
# features available since 3.1.0

View File

@ -636,14 +636,19 @@ class NsxLibLogicalRouter(utils.NsxLibApiBase):
'destination_ports': match_ports,
'l4_protocol': match_protocol or nsx_constants.TCP}
# nat_pass parameter is supported with the router firewall feature
# this parameter is deprecated, and should never be used
# the router firewall feature is implemented with the firewall_match
# paramter which has replaced nat_pass
if (self.nsxlib and
self.nsxlib.feature_supported(
nsx_constants.FEATURE_ROUTER_FIREWALL)):
# only consider nat_pass if firewall_match is not specified
# only consider bypass_firewall if firewall_match is not specified
if not firewall_match:
body['nat_pass'] = bypass_firewall
if bypass_firewall:
body['firewall_match'] = (
nsx_constants.NAT_FIREWALL_MATCH_BYPASS)
else:
body['firewall_match'] = (
nsx_constants.NAT_FIREWALL_MATCH_INTERNAL)
else:
body['firewall_match'] = firewall_match
elif not bypass_firewall or firewall_match:

View File

@ -165,7 +165,6 @@ NSX_VERSION_3_1_0 = '3.1.0'
NSX_VERSION_3_2_0 = '3.2.0'
NSX_VERSION_3_2_1 = '3.2.1'
NSX_VERSION_4_0_0 = '4.0.0'
NSX_VERSION_4_0_1 = '4.0.1'
# Features available depending on the NSX Manager backend version
FEATURE_MAC_LEARNING = 'MAC Learning'