Running with a stricter .pylintrc generates a lot of
C0330 warnings (hanging/continued indentation). Fix
the ones in neutron/db.
Trivialfix
Change-Id: I9311cfe5efc51552008072d84aa238e5d0c9de60
When new dvr router is going to be created on the node, L3 agent
asks server for list of ports plugged to the subnets, to populate
arp entries for all fixed IPs from those ports.
There was missing info about allowed address pairs there, so those
IPs were not populated in the qrouter namespace.
Now it's added and L3 agent can add those arp entries to the qrouter
namespaces too.
Closes-Bug: #1928466
Change-Id: I5d6c72c271ff450d9e43b3e33a99dd59d727882d
This patch switches over to neutron-lib's version of the the
_AuthenticBase, AuthenticEUI and AuthenticIPNetwork classes by
deleting them from neutron and using lib's version instead.
Depends-On: https://review.opendev.org/#/c/659881/
NeutronLibImpact
Change-Id: Ia3d3db401d6abcb9c9965b945bcd4c199f8e812b
Reduces E128 warnings by ~260 to just ~900,
no way we're getting rid of all of them at once (or ever).
Files under neutron/tests still have a ton of E128 warnings.
Change-Id: I9137150ccf129bf443e33428267cd4bc9c323b54
Co-Authored-By: Akihiro Motoki <amotoki@gmail.com>
The _resource_extend module is already rehomed into neutron-lib and is
shimmed in neutron. This patch removes the module as no active
consumers are using it.
NeutronLibImpact
Change-Id: I1550075fa5fa2aa2f1a88ee7189d311a1fe78391
The neutron.db.api.context_manager already references neutron-lib's
context manager; so consumers of it are already using neutron-lib. This
patch switches neutron's references to the context_manager over to
use neutron-lib's directly rather than that in neutron.db.api.
NeutronLibImpact
Change-Id: I97120faeec73690592ed21a5ec3c6202f61e1429
The APIs our consumers are using from neutron.db_utils were rehomed into
neutron-lib with https://review.openstack.org/#/c/540161/
This patch consumes them by removing the rehomed APIs and using lib's
implementation where applicable.
NeutronLibImpact
Change-Id: I7ee53bce917feae8e37bf278eb3121a5af47131c
Fix W503 (line break before binary operator) pep8 warnings
and no longer ignore new failures.
Trivialfix
Change-Id: I7539f3b7187f2ad40681781f74b6e05a01bac474
The allowed address pairs extension's API definition was rehomed into
neutron-lib with I7958a2d6f470f088ca2cb8ad638c075788f22851. This patch
consumes the API definition in neutron.
NeutronLibImpact
Change-Id: I46cfeee9711973ec15881c8dc2bd0bf763bc2226
neutron-lib contains the OVO exception module. This patch switches all
such reference's over to lib's version of the module and removes it
from neutron.
Change-Id: Ic3d435eef51f970598bf50486894838498b2d438
Note: We don't currently have any out-of-tree consumers of this module.
neutron-lib now contains the API definitions for neutron's core
resources. This patch removes the constant core resource and collection
variables and uses them from lib. Subsequent patches will consume the
actual core resource attribute definitions.
NeutronLibImpact
Change-Id: Ia9afdf620cd538b2aa420593277d6403a45c996b
By registering functions directly we cut off the dependency of the
"resource extend" functions on the plugin. This is a step towards
the goal of removing the CommonDbMixin mixin class.
Also, we register all "resource extend" functions at plugin create
(in __new__) instead of in the class definition (which caused the
hooks to be registered on import). This ensures the "resource
extend" functions are only registered for the plugins/mixins that
are actually used.
Note that decorators are used to register "resource extend" methods,
similar to the callback receiver decorators.
Related-Blueprint: neutron-lib
Change-Id: I128cfda773d5f9597df9cd61261fdc05f2a174aa
Use reader and writer for db operations.
Partially-Implements blueprint: enginefacade-switch
Depends-On: Iba3520ac6cfb6b82b2013df9b8e1aee64b10a11c
Change-Id: I50be115ea69f805b48b02aebe4259ec2c839830e
Move the model query hook registration and resource extend funcs
registration methods out of the CommonDbMixin class and make them
regular utility functions.
This is a step in refactoring the CommonDbMixin class.
Change-Id: Iec1bb7f7098c83640ae695fd7cf2f4736f414ad2
Sometimes we don't need to construct objects before deleting them, and
it's a waste to do so. It may also be easier to use a single
delete_objects call instead of a loop with get_objects and delete.
This patch introduces a method that will delete all matching resources
without constructing full blown versioned objects.
before:
for obj in cls.get_objects(...):
obj.delete()
after:
cls.delete_objects(...)
delete_objects also returns the number of entries deleted from DB.
The default non-db implementation relies on get_objects and delete
methods, meaning it still constructs objects.
Co-Authored-By: Artur Korzeniewski <artur.korzeniewski@intel.com>
Partially-Implements: blueprint adopt-oslo-versioned-objects-for-db
Change-Id: I94a79d244b80421f77b714c94248d8ec55c95946
Extract all the common utils from common_db_mixin.py in preparation
for moving them to neutron-lib.
This is a preliminary step in preparation for refactoring the
CommonDbMixin class and moving it to neutron-lib also.
Partial Blueprint: neutron-lib
Change-Id: I3cba375a8162cb68e8f988f22f5c8b1ce7915180
Sometimes object users need access to corresponding models that are used
to persist object data. While it's not encouraged, and object consumers
should try to rely solely on object API and fields, we should fulfill
this special need, at least for now.
One of use cases to access the corresponding database model are
functions registered by plugins to extend core resources. Those
functions are passed into register_dict_extend_funcs and expect the
model as one of its arguments.
Later, when more objects are adopted in base plugin code, and we are
ready to switch extensions to objects, we can pass to those functions
some wrappers that would trigger deprecation warnings on attempts to
access attributes that are not available on objects; and then after a
while finally switch to passing objects directly instead of those
wrappers. Of course, that would not happen overnight, and the path would
take several cycles.
To avoid the stored reference to the model to influence other code
fetching from the session, we detach (expunge) the model from the active
database session on every fetch. We also refresh the model before
detaching it when the corresponding object had synthetic fields changed,
because that's usually an indication that some relationships may be
stale on the model.
Since we now consistently detach the model from the active session on
each fetch, we cannot reuse it. So every time we hit update, we now need
to refetch the model from the session, otherwise we will hit an error
trying to refresh and/or detach an already detached model. Hence the
change in NeutronDbObject.update to always trigger update_object
irrespective to whether any persistent fields were changed. This makes
test_update_no_changes test case incorrect, hence its removal.
Due to the way RBAC metaclass works, it may trigger cls.get_object in
the middle of object creation (to validate newly created RBAC entry
against the object). It results in duplicate expunge calls for the same
object model (one during object creation, another when fetching the same
object to validate it for RBAC). To avoid that, switched RBAC code from
objects API to direct objects.db_api.get_object calls that will avoid
triggering the whole model expunge/refresh machinery.
Now that we have models stored on objects, the patch switched back
plugin code to passing models in places where we previously, by mistake,
were passing objects into extensions.
Specifically, the switch for allowed address pairs occurred with
I3c937267ce789ed510373616713b3fa9517c18ac. For subnetpools, it happened
in I1415c7a29af86d377ed31cce40888631a34d4811. Neither of those was
released in Mitaka, so it did not break anyone using major releases.
Also, we have not heard from any trunk chaser that would be affected by
the mistake.
There are not other objects used in database code where we would pass
them into extensions, so we should be good.
Closes-Bug: #1621837
Change-Id: I130609194f15b89df89e5606fb8193849edd14d8
Partially-Implements: blueprint adopt-oslo-versioned-objects-for-db
This patch is dependent on commit I8d03528f8f45f5f50fa467b39245a513a37c5d89.
It integrates the VersionedObject with the existing code.
Integration revealed that using IPAddress is not correct for allowed
address pairs, because the address can also represent a subnet.
Another issue revealed by the integration is that we must retain the
original string format passed by users through API for MAC addresses.
Neither we can use IPNetworkField from oslo.versionedobjects for
ip_address field because it will then always append prefix length to
base network address, even if prefix length is maximum for the type of
IP network (meaning, the address actually represents a single host),
which is contradictory to how API currently behaves (returning mask-less
addresses for /32 - for ipv4 - and /128 - for ipv6 - prefix lengths).
To solve those issues, 'authentic' flavors for netaddr.EUI and
netaddr.IPNetwork types are introduced. Those 'authentic' flavors
attempt to retain the original string representation, as passed by the
caller.
Since base IPNetworkField recreates network object on coerce(), and
hence looses information about the original string representation, we
introduce our custom flavor of the field type that reuses the network
object passed by the caller.
The change for the type of ip_address field triggers hash change.
Anyway, we are safe to change it without considering backwards
compatibility, because the object is not used anywhere yet.
Co-Authored-By: Ihar Hrachyshka <ihrachys@redhat.com>
Change-Id: I3c937267ce789ed510373616713b3fa9517c18ac
Partial-Bug: #1541928
Wrong usage of "a" in the messages:
"'%s' is not a integer"
"Create a address scope"
"Return True if port has as a allowed address pair"
"But if a agent does not report its status"
"a ipv4 link-local address"
"Retrieve and return a extended information about a network"
"It could be a eui-64 address, a random IPv6 address"
"push a elastic-recheck query for it (see below)"
"is not a enforced requirement"
"a ovs_lib.VifPort object"
Should be:
"'%s' is not an integer"
"Create an address scope"
"Return True if port has as an allowed address pair"
"But if an agent does not report its status"
"an ipv4 link-local address"
"Retrieve and return extended information about a network"
"It could be an eui-64 address, a random IPv6 address"
"push an elastic-recheck query for it (see below)"
"is not an enforced requirement"
"an ovs_lib.VifPort object"
Totally 9 occurrences in Neutron base code.
Change-Id: I0f980fc8c98524db3d194ecb779f76abb37eb31c
If None is submitted as a MAC address in an allowed_address_pair,
the port MAC will be used. So if two entries are submitted with the
same IP and one's MAC is None while the others is the port's MAC,
they will pass the API duplication check and fail to insert into the DB
due to a unique constraint violation.
This patch catches the db error and turns it into the same exception
the API uses on duplicate entries.
Closes-bug: #1373756
Change-Id: Ide995810d6fe0481d3add206bf0674cbbde7f05f
Some of the overlap check has been removed in the following patch:
https://review.openstack.org/#/c/94508/
But the patch did not remove all the overlap check. I remove the
rest part.
Change-Id: I575ec54c0b3d6dc31ef80819d4258c6d162b4cfd
Closes-Bug: #1326007
Current code does not allow assigning a fixed ip to a port when that ip
overlaps with one of the addresses in the allowed-addresspairs list.
This is an unnecessary check as the overlap does not have any negative
effect. Further, such a check actually makes it hard to use this
API. For example, if a fixed IP 10.10.1.1 exists on a port and we
want to allow addresses in 10.10.1.0/24 cidr on that port, then one
has to configure a list of 8 cidrs ([10.10.1.0/32, 10.10.1.2/31,
10.10.1.4/30, ..., 10.10.1.128/25]) on the allowed-addresspairs.
In addition to the above reasons, the current code also does not
check for the overlaps in all cases.
This patch summarily removes this overlap check.
Closes-Bug: #1321864
Change-Id: I5498c4a72b31267644da10a54a9860c1fc3bb250
Found when I enabled test_extension_allowedaddress_pairs, where
test_create_port_removed_allowed_address_pairs would fail due to the
returned port still containing the original addresspair. The cause is
ovs simply not updating the port info being returned.
This patch additionally enables test_extension_allowedaddress_pairs for
openvswitch.
Moved checks and updating into method similar to what we do for
extradhcpopts and security_groups.
Additionally, this required fixing is_address_pairs_attribute_updated() as
it was passing (non-hashable) dicts to utils.compare_elements.
Change-Id: Ic871fea68fb9fcc862b1fd5ae5fe7aec540e4a30
Partial-Bug: #1255150
In the process __init__.py involved have been emptied;
vim modelines and author lines have been dropped from
the license headers affected by the change as well.
Partial-implements blueprint nicira-plugin-renaming
Change-Id: I9c535b59bb2e83f275816472e0e32b41444d3bbe
This patch ensures allowed address pairs bindings are refreshed
only when they actually change.
This will also avoid sending a notification to the agent if no
change actually occured.
Closes-Bug: #1255145
Partial blueprint neutron-tempest-parallel
Change-Id: Iac2502586a0d215a29194590c16c2e1a064f943b
Previously one could update a port to match one of the address_pairs.
This patch prevents that.
Fixes bug: 1223646
Change-Id: Ic8cecfdb83b3fd9d2691bb41e0427cf578577fc8
The following patch adds the concept of allowed address pairs.
This allows one to add additional ip/mac address pairs on a port to
allow traffic that matches those specified values. This is useful in order
to leverage dataplane failover mechanisms like vrrp. This patch adds support
for the NVP plugin, the OVS plugin, and Ml2.
DocImpact
implements blueprint: allowed-address-pairs
Change-Id: Ie73b3886c5be8e1fc4ade86a0cfb854267f345ac
Brian Haley