Commit Graph

51 Commits (e8ef5db4e97239e542a95309c6a66d3d3eb90d21)

Author SHA1 Message Date
Anna Khmelnitsky e8ef5db4e9 Client certificate management for NSXV3 authentication
Client certificate authentication will replace basic authentication.
A single client certificate will be generated by admin for the
configuration agent (openstack, container,..).

This commit focuses on certificate generation and coordination of
certificate management on backend, storage and in the agent itself.

Change-Id: Ib00e2c00aecb53cec63a746e9db6829a5594eb3a
2017-01-05 09:55:54 -08:00
Adit Sarfaty d7473ecf2f Expand PEP8 tests on nsxlib
There were some directories excluded from the pep8 run, and many checks
were ignored.
This cleans the exclude list, and fixes the PEP8 issues.

Change-Id: Ib56d45443009349a42fecfc14a792fdaa6d88d67
2016-12-25 07:55:36 +02:00
Jenkins b77a3ec496 Merge "Add Constraints support" 2016-12-24 16:29:16 +00:00
Tony Breeds 64719c6eea Add Constraints support
Adding constraints support to libraries is slightly more complex than
services as the libraries themselves are listed in upper-constraints.txt
which leads to errors that you can't install a specific version and a
constrained version.

This change adds constraints support by also adding a helper script to
edit the constraints to remove vmware-nsxlib.

Change-Id: Ibbb6da2551bf7eb840fb4b1d11e090dbe4db7c52
2016-12-21 14:00:57 +11:00
Anna Khmelnitsky 635439325f Unit tests: Allow multiple responses in mocked client
Sometimes function under test makes multiple calls to the backend,
and being able to provide list of different responses would improve
test coverage.

Change-Id: I27a8cefe28287d25ed5411d44c6e2cc6f0a0701e
2016-12-20 18:56:02 -08:00
Jenkins fc115e4605 Merge "IpPools support" 2016-12-20 10:21:54 +00:00
Adit Sarfaty ea8eb2a59a IpPools support
Adding support for IP pool create/delete/get actions,
and also allocate & release IPs from the pool

Change-Id: Ieac0aad2268cffa9d4fb5b521ebec268f2b408f3
2016-12-19 12:49:19 +02:00
Shih-Hao Li a78c9ca11c Add gateway_ip arg for static bindings
Change-Id: I9c54023d0c59840829bf311900621228696ce24e
2016-12-14 15:42:56 -08:00
Roey Chen c52244b8b9 NSXv3: Search for the default section from the end
Upon startup we inquire the backend for the list of firewall section, as
we want to find the specific default section.
Because the firewall section should be located at the bottom, it is more
likely it is located at the end of the list, thus iterating the list in
reversed fashion may save few cycles on startup.

Change-Id: I6212adaa4924cbd46b9d810e95f737d341e10883
2016-12-05 07:29:09 -08:00
Roey Chen 85459a7f9b NSXv3: Do not allow empty tag values on resources
Change-Id: I1a02672675565b239e1c1ae538f63d4fc12e2c65
2016-12-05 01:26:08 -08:00
Roey Chen b990e0a547 NSXv3: Require target_type when adding to firewall exclude list
Change-Id: Ic7fe85f3a01d2f8841509a4f931e0137a08ec6e7
2016-12-04 15:01:46 -08:00
Jenkins c540b0f61f Merge "NSXv3 Client: Add paginated response" 2016-12-04 14:52:59 +00:00
Jenkins e0f53966dd Merge "NSXv3: Add support for firewall exclude list API" 2016-12-04 11:42:54 +00:00
Roey Chen 69bd8f3158 NSXv3: Add support for firewall exclude list API
Change-Id: I49935f818b8425d9e146daf5db0d26cc057d3385
2016-12-04 11:29:12 +00:00
Jenkins 8f238e0b71 Merge "Ensure that correct exception is raised" 2016-12-04 10:07:03 +00:00
Roey Chen 3650b33e4d NSXv3 Client: Add paginated response
Change-Id: I8fb23fb239c0c2d9f5d08085dabcb2e96384b8fd
2016-12-04 08:28:47 +00:00
Gary Kotton 862e916b19 Ensure that correct exception is raised
ManagerError is a nsxlib exception and not a neutron one

Change-Id: I218a2c5ffd13dcd73c0557419d31cffd34e77c26
2016-12-01 03:57:48 -08:00
melissaml 2aa2d21e48 Using assertIsNone() instead of assertEqual(None)
Following OpenStack Style Guidelines[1]:
[H203] Unit test assertions tend to give better messages for more
specific assertions. As a result, assertIsNotNone(...) is preferred
over assertNotEqual(None, ...) and assertIsNot(None, ...)


Change-Id: Ic584db06c10fa351c9bf86d0ed8def047305d1df
2016-12-01 10:00:34 +08:00
Jenkins 1471251c67 Merge "NSXv3: Remove duplicate method definition" 2016-12-01 01:53:27 +00:00
Roey Chen 8ec3cf5b61 NSXv3: Remove duplicate method definition
The method "init_default_section" isn't used and was replaced priviously
with "init_default" method under the the class NsxLibFirewallSection in
the same module.

Change-Id: I484134e4686b6b592bf9f75542c3c0fb9920f6d3
2016-11-28 12:20:46 +00:00
Jenkins 4d762e61b6 Merge "Fix exception handling" 2016-11-28 08:30:45 +00:00
Roey Chen e1c26e52fc Remove retry from nsgroup member update call
Change-Id: Id4770a3497321d195e6b3ad25806dacc55bae7d5
2016-11-27 14:10:15 +00:00
Gary Kotton a18187dab8 Fix exception handling
There may be some cases where we call ManagerError and pass 'details'
as a paramter instead of manager. This makes the code more robust.

Change-Id: I03e4ccf0c1a074798ce364bd7ffd647b703196d1
2016-11-25 06:13:47 -08:00
Jenkins 6bd068859e Merge "NSXv3: Fix a router port name update issue" 2016-11-24 10:23:32 +00:00
Jenkins 7bdbbcb64a Merge "NSXv3: Fix string format in logging message" 2016-11-22 09:11:45 +00:00
Roey Chen 4a90402f81 NSXv3: Fix string format in logging message
Change-Id: I1f502494af5777172620b2cbaf9768e9e85f031c
2016-11-22 00:57:38 -08:00
Shih-Hao Li 5c67a5c25a NSXv3: Fix a router port name update issue
When updating the name of a router, the name of associated router
ports should also be updated. The current code has a bug that also
tries to update the attachment at the same time. This patch fixes
that problem.

Change-Id: Ifdd58a0e9cd5a35fd3ab68617a07a25c3630a8fa
2016-11-21 17:09:50 +00:00
Jenkins 16e81e4641 Merge "Add NSGroup manager tests" 2016-11-20 13:10:11 +00:00
Jenkins 6f9a26d1e4 Merge "Remove vmware-nsxlib bug link" 2016-11-14 06:20:53 +00:00
OpenStack Proposal Bot c4d8548330 Updated from global requirements
Change-Id: I2994070e0d9941515fdf92354330c93619d504bd
2016-11-09 04:26:32 +00:00
Chuck Short 8634f85e3a Remove vmware-nsxlib bug link
Remove non-existant vmware-nsxlib launchpad link.

Change-Id: I49e3079e075b2ca6de085e53084ff69549883806
Signed-off-by: Chuck Short <>
2016-11-08 13:18:36 -05:00
Adit Sarfaty f92e480321 Support both egress and ingress directions on QoS profile
Change-Id: Ibfaf5c59b39a6cb2dfb6108ee17c9561336f5d36
2016-11-02 10:57:00 +02:00
Adit Sarfaty ea615ad00c Add NSGroup manager tests
Those tests belong in the nsxlib and not nsx project.

Change-Id: I9702da0b56fd03c6c09e1902ca167a01ccc730a7
2016-11-02 09:33:55 +02:00
Jenkins c80df80627 Merge "Updated from global requirements" 2016-10-24 16:31:40 +00:00
Jenkins a1e38ed7cc Merge "NSXv3: Fix allowed address pairs switching profile" 2016-10-23 23:46:17 +00:00
OpenStack Proposal Bot 5eacc9808a Updated from global requirements
Change-Id: Ie316116802eda9990d31e45d471766c390473f54
2016-10-22 01:29:32 +00:00
OpenStack Proposal Bot 082820af27 Updated from global requirements
Change-Id: I396eeca0a171fc9b45166dbf6afe3f7a02b25041
2016-10-21 00:52:34 +00:00
Adit Sarfaty 047b098840 NSXv3: Fix allowed address pairs switching profile
For allowed address pairs to be functional on NSXv3 plugin, we
need to enforce both Spoof Guard and MAC Learning switching
profile. MAC Learning is used to learning the mac address and
spoof guard is used for switch security to ensure only added
allowed address pairs to be allowed on this port.

Moreover, during fix bug #1631540, we removed the parameter
"mac_change_allowed". After further discussion with NSX team,
it doesn't have negative effect to add it back. The value it can
bring is to support guest VM on ESX host to change MAC address (
the mac_address still needs to be in allowed address pairs) on the

(Cherry picked from: I2c725df74835165587170f6136c06494d1bfcf7b)
Closes-Bug: #1631539

Change-Id: I1bd8b8e78d955d0f5d2e5a846dfa25c0a7312e47
2016-10-18 11:37:30 +03:00
Jenkins 646ae07af9 Merge "NSX|V3 fix nsxlib raised error with managers" 2016-10-18 06:13:12 +00:00
Adit Sarfaty 6ee469e2f9 Replace retrying with tenacity
We are replacing all usages of the retrying package with
tenacity with an end goal of removing the retrying package
from our requirements.

(Cherry picked from: Ie1b082848ac6153d29af7779de914071dc8c1ba5)

Change-Id: I6b6c57e772723f41d8182a83d2efcc4afc6290a2
2016-10-13 16:04:43 +03:00
Adit Sarfaty fb7f9d8674 NSX|V3 fix nsxlib raised error with managers
The NSX3Client did not get the nsx managers IPs, and they where missing
from error messages.

To fix this, and also better fix a similar problem with max_attempts,
the client init method may get another instance of the client, and copy
relevant information from it.
This option is used by the copy-constructor "new_client_for" without the
RestClient class being aware of arguments relevant only to the NSXClient.

Also adding a new test for a resource error message, to make sure it contains
the nsx_manager ip.

(Cherry picked from : I9e7e28eb5fd69ace44547d40cf8cd09e2457c5ed)

Change-Id: I5066ae12aadd286ff880c8545df99a567aeddbeb
2016-10-13 15:54:05 +03:00
Adit Sarfaty 1eda9e1cdc NSX|v3 replace dhcp profile and metadata proxy uuids with names
Support configuration of name or uuid (instead of only uuid) for
2 nsx_v3 parameters: dhcp_profile, metadata_proxy.

nsxlib part was cherry picked from: Ife6263b7cf1759a2fc309205552eb79138d512a1

Change-Id: If82e5090426cd4198c8ff4d9bd79b3ea53046112
2016-10-13 15:40:52 +03:00
Adit Sarfaty 73c80d18c5 Fix nsxlib tox init to not fail on upper constraints
Change-Id: Icaa12c1b00c3dfee25aef91c09f4f0350bb21b00
2016-10-13 15:40:05 +03:00
Jenkins c8b3f162c2 Merge "Updated from global requirements" 2016-10-10 08:37:17 +00:00
Jenkins de35c12ae1 Merge "Enable release notes translation" 2016-10-10 08:36:09 +00:00
Andreas Jaeger fd9b9e0c17 Enable release notes translation
Releasenote translation publishing is being prepared. 'locale_dirs'
needs to be defined in to generate translated version of the
release notes.

Note that this repository might not get translated release notes - or
no translations at all - but we add the entry here nevertheless to
prepare for it.

Change-Id: Ic84a7a395ea948b68e8b4e3362fb970e15ff01a0
2016-10-06 20:56:37 +02:00
Adit Sarfaty e9ddc3dd33 Move all nsxlib code and tests to vmware_nsxlib
Change-Id: I75533e713a680674368d16f0a7aeb4fdbffe3608
2016-10-06 09:59:47 +03:00
OpenStack Proposal Bot f8471844be Updated from global requirements
Change-Id: I8212797876676039b3ff3718a77f34a01cadb897
2016-10-05 13:38:14 +00:00
Andreas Jaeger f32c46d037 Cleanup tox.ini: Remove obsolete constraints
Remove old and unused constraints environments from tox.ini. Those
have never been used. Use standard environments as default list.

Note that the repo has in the past not used constraints in OpenStack
CI, this change keeps the status quo.

For more information about constraints see:

Change-Id: I37b9109c36b7ee3f8d2b23606e0ed697f38abd9e
2016-08-26 18:17:46 +02:00
Aaron Rosen d7727dc9c6 Add initial framework using cookiecutter
Change-Id: I4a9da62f0e5ecb07973f54313722a72f2fc556e1
2016-08-08 20:41:29 +00:00