As part of the Secure RBAC community goal, we should switch options
"enforce_new_defaults" and "enforce_scope" to be True by default.
It will be still possible to fallback to old policy rules by configuring
those config options to False in Neutron config.
Change-Id: I09c0026ccf87e6c0bb1fa59165c03dc508fba6fa
This patch enables the gateway IP network QoS inheritance in
the OVN backend driver. The OVN QoS extension will use the
router external network (GW network) QoS policy if the gateway
IP port has no QoS policy assigned.
Partial-Bug: #1950454
Change-Id: I5ee51dc124ae464b9e9fd366cf7bf85176376c25
When I writing 'ndp_proxy' service plugin, I found I couldn't get enough
informations about router from the callback system (Such as: the origin
request body of user send). So, for write service plugin that related
router plugin more concisely I commit this patch.
This patch proposal two changes about router callback publish events:
1. Add 'request_body' parameter to some event's payload
2. add 'BEFORE_UPDATE' event for router gateway
Related-bug: #1877301
Change-Id: I5f6a4e6f0b7c5feb794ddb7efbd07d01bad91af8
Config option allow_overlapping_ips is deprecated to removal now and
will be removed in the Z cycle.
Default value for that option is now set to True as this is supported by
IPAM module in Neutron.
Related-Bug: #1942294
Change-Id: I17bf5e4483025e9cc4ee04dd3e7c925f7bddc3db
Now that we are python3 only, we should move to using the built
in version of mock that supports all of our testing needs and
remove the dependency on the "mock" package.
This patch moves all references to "import mock" to
"from unittest import mock". It also cleans up some new line
inconsistency.
Fixed an inconsistency in the OVSBridge.deferred() definition
as it needs to also have an *args argument.
Fixed an issue where an l3-agent test was mocking
functools.partial, causing a python3.8 failure.
Unit tests only, removing from tests/base.py affects
functional tests which need additional work.
Change-Id: I40e8a8410840c3774c72ae1a8054574445d66ece
Removed E125 (continuation line does not distinguish itself
from next logical line) from the ignore list and fixed all
the indentation issues. Didn't think it was going to be
close to 100 files when I started.
Change-Id: I0a6f5efec4b7d8d3632dd9dbb43e0ab58af9dff3
This patch switches over to neutron-lib's version of the the
_AuthenticBase, AuthenticEUI and AuthenticIPNetwork classes by
deleting them from neutron and using lib's version instead.
Depends-On: https://review.opendev.org/#/c/659881/
NeutronLibImpact
Change-Id: Ia3d3db401d6abcb9c9965b945bcd4c199f8e812b
Today a number of classes define their supported_extension_aliases
using static strings rather than API definition ALIASes. This patch
switches them to use the ALIAS where applicable.
Change-Id: I716270c68a9fcd850c3c26de31bc13ea16def23d
The get_reader_session and get_writer_session functions are available
in neutron-lib. This patch consumes them by removing the functions
from neutron and using lib's instead.
NeutronLibImpact
Change-Id: I4055172799a0d9a0ceb387b6d47e421e1c270ada
Commit I81748aa0e48b1275df3e1ea41b1d36a117d0097d added the l3 extension
API definition to neutron-lib and commit
I2324a3a02789c798248cab41c278a2d9981d24be rehomed the l3 exceptions,
while Ifd79eb1a92853e49bd4ef028e7a7bd89811c6957 shims the l3
exceptions.
This patch consumes the l3 api def by:
- Removing the code from neutron that's now in lib.
- Using lib's version of the code where applicable.
- Tidying up the related unit tests as now that the l3 api def from lib
is used the necessary fixture is already setup in the parent chain when
setting up the unit test class.
NeutronLibImpact
Change-Id: If2e66e06b83e15ee2851ea2bc3b64ad366e675dd
The l3 ext gw mode extension's API defintion was rehomed into
neutron-lib with commit I2fbef43f076652758476f988d868e1d47c8cf713
This patch consumes the API definition by removing the rehomed code
and using APIExtensionDescriptor for the extensions parent class.
NeutronLibImpact
Change-Id: Ifb924d6a700f068465e60a85729fb1cdbc28c9fc
Today our unit test code uses various ways to "patch" the global
RESOURCE_ATTRIBUTE_MAP as well as extension specific maps in some cases.
This patch consolidates such patching whereby tests should use neutron's
AttributeMapMemento in their setup() chain (only once) if they update
the global map and they should individually handle backup/restore of per
extension map updates. This change will simplify the code and make it
easier to phase-in API definition usage with neutron-lib where we have
some as API definitions and others not. Longer term the
AttributeMapMemento will be replace with neutron-lib's fixture as we
move all extension maps to API definitions in neutron-lib.
Change-Id: I2586f0b11b107d7f57214a0d65bcf7c38a5f0ebb
This patch integrates the Oslo-Versioned Object created for
IPAllocation model class.
Change-Id: Ibb731c4635d89c848081fac73f216d2ecf10b599
Partially-Implements: blueprint adopt-oslo-versioned-objects-for-db
Handle interim flushes by tracking 'new' objects in session.info
until commit time. This is necessary because new objects will no
longer be in 'session.new' during the before_commit event if flushes
have occurred.
Don't load relationships until final commit in nested commits. This
ensures we are on the outermost commit that will end the session
before loading up all of the relationships.
Partially-Implements: blueprint enginefacade-switch
Change-Id: Id0f79ebaafc446bb28363d281249f02eacd1e28d
This patch introduces and implements Olso-Versioned Objects for
network extension External Networks.
There were joined performed to order the fetching of external
networks by standard attribute which seems useless because,
in networks/services/auto_allocated/db.py while fetching
external networks it logs error when multiple networks are
returned. Expected default external network there is one, so
ordering does not make much sense.
Co-Authored-By: Manjeet Singh Bhatia <manjeet.s.bhatia@intel.com>
Co-Authored-By: Victor Morales <victor.morales@intel.com>
Change-Id: Iad609f72945b84df7881b43d1fdf9a188e5816bc
Partially-Implements: blueprint adopt-oslo-versioned-objects-for-db
We should use addCleanup instead of tearDown because:
- tearDown is executed only if the test succeeds
- cleanups (defined with addCleanup) are executed even if the test fails
This change removes useless tearDown and transforms remaining ones into
addCleanup.
Change-Id: I44bd26dcb5c8456126a35cb807f0bafc772c0ab0
Introduce get_reader_session() and get_writer_session()
and replace get_session() with them.
Mark get_session as depricated.
Stop using get_engine from legacy facade. Use writer engine for
places where it is required.
Partially-Implements blueprint: enginefacade-switch
Change-Id: I28b741bfa27bf04cbe273586e6e3e00e14fbe683
Port object is already merged. This patch uses it for the unit test.
Change-Id: I4bb5918ea09325f012783b06b49906590c412882
Partially-Implements: blueprint adopt-oslo-versioned-objects-for-db
Neutron Manager is loaded at the very startup of the neutron
server process and with it plugins are loaded and stored for
lookup purposes as their references are widely used across the
entire neutron codebase.
Rather than holding these references directly in NeutronManager
this patch refactors the code so that these references are held
by a plugin directory.
This allows subprojects and other parts of the Neutron codebase
to use the directory in lieu of the manager. The result is a
leaner, cleaner, and more decoupled code.
Usage pattern [1,2] can be translated to [3,4] respectively.
[1] manager.NeutronManager.get_service_plugins()[FOO]
[2] manager.NeutronManager.get_plugin()
[3] directory.get_plugin(FOO)
[4] directory.get_plugin()
The more entangled part is in the neutron unit tests, where the
use of the manager can be simplified as mocking is typically
replaced by a call to the directory add_plugin() method. This is
safe as each test case gets its own copy of the plugin directory.
That said, unit tests that look more like API tests and that rely on
the entire plugin machinery, need some tweaking to avoid stumbling
into plugin loading failures.
Due to the massive use of the manager, deprecation warnings are
considered impractical as they cause logs to bloat out of proportion.
Follow-up patches that show how to adopt the directory in neutron
subprojects are tagged with topic:plugin-directory.
NeutronLibImpact
Partially-implements: blueprint neutron-lib
Change-Id: I7331e914234c5f0b7abe836604fdd7e4067551cf
This patch is replacing some occurences of network and
subnet creation in a test with oslo versioned object use.
The scope of change is limited to extensions/test_l3_ext_gw_mode.py,
rest integrations would be done in separate patches
Partially-Implements: blueprint adopt-oslo-versioned-objects-for-db
Change-Id: I533d941fd74acc173f53a06a19cd33fa45b0d309
This patch will relocate external network db models
and separate it from mixins for OVO implementation.
Change-Id: I83e2c7bbab3bd59cc9d2af71c66c0662c7724ecc
Partial-Bug: #1597913
Clean up related core plugin ports on routers when there is a failure
creating the record for the router port.
The two partial bugs will be fixed after
I476d3e03c8ee763cc4be6d679fe9f501eb3a19b5 has merged.
Closes-Bug: #1600344
Partial-Bug: #1535225
Partial-Bug: #1535226
Change-Id: I8dd832f35e20d1ee090ebab921f0deea533b6fc8
This adjusts the update handler in the API layer to pass a deepcopy
of the original update body to ensure that the original is used on
any generated retry requests.
Without this update handlers that modified the body as they processed
it (e.g. the external gateway update for routers) would be missing
data on a retry request.
This adds a test case for the bug that was caused by this.
Closes-Bug: #1584920
Change-Id: I88fb9d45eb82ef48e0d865decdcc7fad1c5fb361
Fix params order to correspond to real signature:
assertEqual(expected, actual)
Change-Id: I722b998f6eae47076f3d10213073296a0a9a2081
Closes-Bug: #1277104
In resource_map dict, if the 'validate' section of type:dict_or_nodata
contains 'validate' key, the validation will not be performed correctly,
because in _validate_dict_item(), it checks key name that starts with
'type:', and perform the validation.
This patch removed 'validate' key in 'external_fixed_ips' section in
neutron/extensions/l3_ext_gw_mode.py
Change-Id: I1ee49f8313bddef6f41b133f49830a8fbbe4769e
Closes-Bug: #1533518
Now that we have the constant defined, we should reuse it from other
code to avoid potential typos.
Change-Id: Iebb270be46b116df3441370dc1a6784571311aa9
Went through all of the docstrings in Neutron and did
some cleanup. I'm sure there are bunch more that I have missed.
Change-Id: Ib29d2de1c580880c89ed4fd069e1515d0977a3e7
Currently neutron resets enable_snat attribute to True when enable_snat
is not provided in router external_gateway_info. But in some deployments
(private/enterprise clouds) such behavior is not the expected default
one as snat/nat/floating-ips is not used (at least by default).
This change defines the option enable_snat_by_default which allows
deployers to set enable_snat default value when neutron resets it. The
option default value is True for backward compatibility.
DocImpact
APIImpact
Closes-Bug: #1388858
Change-Id: I455a552230ec89fe907a087c1de8c8144b5d086e
Neutron resets enable_snat attribute when external_gateway_info is
cleared but not when external_gateway_info is only updated which
implies the following sets of actions have different behaviors:
neutron router-gateway-set router1 pub1 --disable-snat
neutron router-gateway-set router1 pub2
enable_snat is False after the last command
neutron router-gateway-set router1 pub1 --disable-snat
neutron router-gateway-clear router1
neutron router-gateway-set router1 pub2
enable_snat is True after the 2nd command resets the gateway AND
enable_snat.
This change proposes to always reset the attribute enable_snat when
enable_snat is not provided in external_gateway_info on POST/PUT for
consistency.
APIImpact
Change-Id: Ibab289936c55b1cf9614b44a4f18f54c959ee9e8
Closes-Bug: #1384146
This change ensures that the structure of the unit test tree matches
that of the code tree to make it obvious where to find tests for a
given module. A check is added to the pep8 job to protect against
regressions.
The plugin test paths are relocated to neutron/tests/unit/plugins
but are otherwise ignored for now.
Change-Id: If307593259139171be21a71c58e3a34bf148cc7f
Partial-Bug: #1440834
Slawek Kaplonski