Restore FEATURE_ROUTER_FIREWALL, remove nat_pass usage
This patch restores FEATURE_ROUTER_FIREWALL, since the corresponding feature is still available in NSX 4.0.1 onwards, but dropt usage of the deprecated nat_pass parameter in favour of firewall_match. All existing supported NSX releases can leverage the firewall_match parameter for NAT rules. Change-Id: I1dd5d2582ee291ce08af541c1a9a30ea86b33503
This commit is contained in:
parent
26acee40ad
commit
7624236634
@ -989,8 +989,8 @@ class LogicalRouterTestCase(BaseTestResource):
|
||||
'logging': logging
|
||||
}
|
||||
if add_bypass_arg and not firewall_match:
|
||||
# Expect nat_pass to be sent to the backend
|
||||
data['nat_pass'] = False
|
||||
# When bypass is specified we either set match to internal addr
|
||||
data['firewall_match'] = 'MATCH_INTERNAL_ADDRESS'
|
||||
elif firewall_match:
|
||||
data['firewall_match'] = firewall_match
|
||||
|
||||
|
@ -375,14 +375,6 @@ class NsxFeaturesTestCase(nsxlib_testcase.NsxLibTestCase):
|
||||
self.assertTrue(self.nsxlib.feature_supported(
|
||||
nsx_constants.FEATURE_EXCLUDE_PORT_BY_TAG))
|
||||
|
||||
def test_v4_features(self):
|
||||
self.nsxlib.nsx_version = "4.0.1"
|
||||
self.assertFalse(self.nsxlib.feature_supported(
|
||||
nsx_constants.FEATURE_ROUTER_FIREWALL))
|
||||
self.nsxlib.nsx_version = "4.0.0"
|
||||
self.assertTrue(self.nsxlib.feature_supported(
|
||||
nsx_constants.FEATURE_ROUTER_FIREWALL))
|
||||
|
||||
def test_v2_features_plus(self):
|
||||
self.test_v2_features(current_version='2.0.1')
|
||||
|
||||
|
@ -148,12 +148,6 @@ class NsxLib(lib.NsxLibBase):
|
||||
return node.get('export_type') == 'RESTRICTED'
|
||||
|
||||
def feature_supported(self, feature):
|
||||
if (version.LooseVersion(self.get_version()) >=
|
||||
version.LooseVersion(nsx_constants.NSX_VERSION_4_0_1)):
|
||||
# feature added since 2.0, removed since 4.0.1
|
||||
if feature == nsx_constants.FEATURE_ROUTER_FIREWALL:
|
||||
return False
|
||||
|
||||
if (version.LooseVersion(self.get_version()) >=
|
||||
version.LooseVersion(nsx_constants.NSX_VERSION_3_1_0)):
|
||||
# features available since 3.1.0
|
||||
|
@ -636,14 +636,19 @@ class NsxLibLogicalRouter(utils.NsxLibApiBase):
|
||||
'destination_ports': match_ports,
|
||||
'l4_protocol': match_protocol or nsx_constants.TCP}
|
||||
|
||||
# nat_pass parameter is supported with the router firewall feature
|
||||
# this parameter is deprecated, and should never be used
|
||||
# the router firewall feature is implemented with the firewall_match
|
||||
# paramter which has replaced nat_pass
|
||||
if (self.nsxlib and
|
||||
self.nsxlib.feature_supported(
|
||||
nsx_constants.FEATURE_ROUTER_FIREWALL)):
|
||||
# only consider nat_pass if firewall_match is not specified
|
||||
# only consider bypass_firewall if firewall_match is not specified
|
||||
if not firewall_match:
|
||||
body['nat_pass'] = bypass_firewall
|
||||
if bypass_firewall:
|
||||
body['firewall_match'] = (
|
||||
nsx_constants.NAT_FIREWALL_MATCH_BYPASS)
|
||||
else:
|
||||
body['firewall_match'] = (
|
||||
nsx_constants.NAT_FIREWALL_MATCH_INTERNAL)
|
||||
else:
|
||||
body['firewall_match'] = firewall_match
|
||||
elif not bypass_firewall or firewall_match:
|
||||
|
@ -165,7 +165,6 @@ NSX_VERSION_3_1_0 = '3.1.0'
|
||||
NSX_VERSION_3_2_0 = '3.2.0'
|
||||
NSX_VERSION_3_2_1 = '3.2.1'
|
||||
NSX_VERSION_4_0_0 = '4.0.0'
|
||||
NSX_VERSION_4_0_1 = '4.0.1'
|
||||
|
||||
# Features available depending on the NSX Manager backend version
|
||||
FEATURE_MAC_LEARNING = 'MAC Learning'
|
||||
|
Loading…
Reference in New Issue
Block a user