As part of the Secure RBAC community goal, we should switch options
"enforce_new_defaults" and "enforce_scope" to be True by default.
It will be still possible to fallback to old policy rules by configuring
those config options to False in Neutron config.
Change-Id: I09c0026ccf87e6c0bb1fa59165c03dc508fba6fa
To write a new unit test, need to set "project_id", and then
use the discarded "tenant_id" is not appropriate.
this patch updated creating resources method, both "project_id"
and "tenant_id" are acceptable. of course, "project_id" priority.
Closes-bug: #1966354
Change-Id: Ic24f03da169dd3d1549b05b35ec77d3e9a25f17b
Now that we are python3 only, we should move to using the built
in version of mock that supports all of our testing needs and
remove the dependency on the "mock" package.
This patch moves all references to "import mock" to
"from unittest import mock". It also cleans up some new line
inconsistency.
Fixed an inconsistency in the OVSBridge.deferred() definition
as it needs to also have an *args argument.
Fixed an issue where an l3-agent test was mocking
functools.partial, causing a python3.8 failure.
Unit tests only, removing from tests/base.py affects
functional tests which need additional work.
Change-Id: I40e8a8410840c3774c72ae1a8054574445d66ece
This change relaxes the constraint that all subnets of the same
address family on a network must be allocated from the same subnet
pool. It allows subnets that share the same address scope to
co-exist on a network. If there is no address scope involved the
subnet pool / network affinity constraints continue to enforced
as done previously.
Change-Id: I33bd17c723b3e8d409415bda008440f8ed9cfa68
Closes: 1830240
Implements: subnets-different-pools-same-net
Today a number of classes define their supported_extension_aliases
using static strings rather than API definition ALIASes. This patch
switches them to use the ALIAS where applicable.
Change-Id: I716270c68a9fcd850c3c26de31bc13ea16def23d
Today our unit test code uses various ways to "patch" the global
RESOURCE_ATTRIBUTE_MAP as well as extension specific maps in some cases.
This patch consolidates such patching whereby tests should use neutron's
AttributeMapMemento in their setup() chain (only once) if they update
the global map and they should individually handle backup/restore of per
extension map updates. This change will simplify the code and make it
easier to phase-in API definition usage with neutron-lib where we have
some as API definitions and others not. Longer term the
AttributeMapMemento will be replace with neutron-lib's fixture as we
move all extension maps to API definitions in neutron-lib.
Change-Id: I2586f0b11b107d7f57214a0d65bcf7c38a5f0ebb
neutron-lib contains the address scope API definition. This
patch moves neutron over to lib's API def for it.
NeutronLibImpact
Change-Id: Ib11b90500e871ecf3f23ba262c3c9199611cc6a7
The callback modules have been available in neutron-lib since commit [1]
and are ready for consumption.
As the callback registry is implemented with a singleton manager
instance, sync complications can arise ensuring all consumers switch to
lib's implementation at the same time. Therefore this consumption has
been broken down:
1) Shim neutron's callbacks using lib's callback system and remove
existing neutron internals related to callbacks (devref, UTs, etc.).
2) Switch all neutron's callback imports over to neutron-lib's.
3) Have all sub-projects using callbacks move their imports over to use
neutron-lib's callbacks implementation.
4) Remove the callback shims in neutron-lib once sub-projects are moved
over to lib's callbacks.
5) Follow-on patches moving our existing uses of callbacks to the new
event payload model provided by neutron-lib.callback.events
This patch implements #2 from above, moving all neutron's callback
imports to use neutron-lib's callbacks.
There are also a few places in the UT code that still patch callbacks,
we can address those in step #4 which may need [2].
NeutronLibImpact
[1] fea8bb64ba7ff52632c2bd3e3298eaedf623ee4f
[2] I9966c90e3f90552b41ed84a68b19f3e540426432
Change-Id: I8dae56f0f5c009bdf3e8ebfa1b360756216ab886
With address scope being enabled, networks now are in one ipv4
address scope and one ipv6 address scope.
This patch adds derived attributes to the network as part of the
address scopes extension that will show related address scopes
when viewing a network through the API.
APIImpact
Change-Id: Ib1657636033ad2c0009d50ebe7c5ae4f72f6b175
Closes-Bug: #1547380
When the address scope of a subnetpool changes, the scope of related
subnet will change too. If this subnet has been connected to a router,
the related routing information needs to be updated.
This patch will fire the router update to correlative routers. The
routers will get all things updated in the update action.
Change-Id: Ia2eb484eb949a8d42fc909291de7be07b002adda
Partially-Implements: blueprint address-scopes
Fix params order to correspond to real signature:
assertEqual(expected, actual)
Change-Id: I722b998f6eae47076f3d10213073296a0a9a2081
Closes-Bug: #1277104
Adds an ip_version field for enforcing an address family on
an AddressScope. All SubnetPools in an AddressScope must be
from the same address family. A SubnetPool cannot be created
in an AddressScope with a different address family.
Change-Id: Ibc6de08e0ef58a5da954d13f274f6003012a76cd
Partially-Implements: blueprint address-scopes
This patch supports the following
- create a subnetpool with address scope
- update a subnetpool
- to associate with an address scope
- to change the association to another address scope
- to remove the association with the address scope
DocImpact
APIImpact
Change-Id: I889096235ae81fcc736fabd4686c8e88b1a226b7
Co-Authored-By: Ryan Tidwell <rktidwell85@gmail.com>
Co-Authored-By: Numan Siddique <nusiddiq@redhat.com>
Partially-implements: blueprint address-scopes
This patch adds the support for basic address scope CRUD.
Subsequent patches will be added to use this address scope
on subnet pools.
DocImpact
APIImpact
Co-Authored-By: Ryan Tidwell <rktidwell85@gmail.com>
Co-Authored-By: Numan Siddique <nusiddiq@redhat.com>
Change-Id: Icabdd22577cfda0e1fbf6042e4b05b8080e54fdb
Partially-implements: blueprint address-scopes
Slawek Kaplonski