diff --git a/neutron_fwaas/db/firewall/firewall_db.py b/neutron_fwaas/db/firewall/firewall_db.py index 5265e576c..82d70c174 100644 --- a/neutron_fwaas/db/firewall/firewall_db.py +++ b/neutron_fwaas/db/firewall/firewall_db.py @@ -23,6 +23,7 @@ from neutron_lib.callbacks import registry from neutron_lib.callbacks import resources from neutron_lib import constants as nl_constants from neutron_lib.db import model_base +from neutron_lib.exceptions import firewall_v1 as f_exc from neutron_lib.exceptions import l3 from neutron_lib.plugins import directory from oslo_config import cfg @@ -110,19 +111,19 @@ class Firewall_db_mixin(fw_ext.FirewallPluginBase, base_db.CommonDbMixin): try: return self._get_by_id(context, Firewall, id) except exc.NoResultFound: - raise fw_ext.FirewallNotFound(firewall_id=id) + raise f_exc.FirewallNotFound(firewall_id=id) def _get_firewall_policy(self, context, id): try: return self._get_by_id(context, FirewallPolicy, id) except exc.NoResultFound: - raise fw_ext.FirewallPolicyNotFound(firewall_policy_id=id) + raise f_exc.FirewallPolicyNotFound(firewall_policy_id=id) def _get_firewall_rule(self, context, id): try: return self._get_by_id(context, FirewallRule, id) except exc.NoResultFound: - raise fw_ext.FirewallRuleNotFound(firewall_rule_id=id) + raise f_exc.FirewallRuleNotFound(firewall_rule_id=id) def _make_firewall_dict(self, fw, fields=None): res = {'id': fw['id'], @@ -197,9 +198,9 @@ class Firewall_db_mixin(fw_ext.FirewallPluginBase, base_db.CommonDbMixin): def _check_firewall_rule_conflict(self, fwr_db, fwp_db): if not fwr_db['shared']: if fwr_db['tenant_id'] != fwp_db['tenant_id']: - raise fw_ext.FirewallRuleConflict( + raise f_exc.FirewallRuleConflict( firewall_rule_id=fwr_db['id'], - tenant_id=fwr_db['tenant_id']) + project_id=fwr_db['tenant_id']) def _set_rules_for_policy(self, context, firewall_policy_db, fwp): rule_id_list = fwp['firewall_rules'] @@ -219,20 +220,20 @@ class Firewall_db_mixin(fw_ext.FirewallPluginBase, base_db.CommonDbMixin): # If we find an invalid rule in the list we # do not perform the update since this breaks # the integrity of this list. - raise fw_ext.FirewallRuleNotFound( + raise f_exc.FirewallRuleNotFound( firewall_rule_id=fwrule_id) elif rules_dict[fwrule_id]['firewall_policy_id']: if (rules_dict[fwrule_id]['firewall_policy_id'] != fwp_db['id']): - raise fw_ext.FirewallRuleInUse( + raise f_exc.FirewallRuleInUse( firewall_rule_id=fwrule_id) if 'shared' in fwp: if fwp['shared'] and not rules_dict[fwrule_id]['shared']: - raise fw_ext.FirewallRuleSharingConflict( + raise f_exc.FirewallRuleSharingConflict( firewall_rule_id=fwrule_id, firewall_policy_id=fwp_db['id']) elif fwp_db['shared'] and not rules_dict[fwrule_id]['shared']: - raise fw_ext.FirewallRuleSharingConflict( + raise f_exc.FirewallRuleSharingConflict( firewall_rule_id=fwrule_id, firewall_policy_id=fwp_db['id']) for fwr_db in rules_in_db: @@ -252,7 +253,7 @@ class Firewall_db_mixin(fw_ext.FirewallPluginBase, base_db.CommonDbMixin): rules_in_db = fwp_db['firewall_rules'] for fwr_db in rules_in_db: if not fwr_db['shared']: - raise fw_ext.FirewallPolicySharingConflict( + raise f_exc.FirewallPolicySharingConflict( firewall_rule_id=fwr_db['id'], firewall_policy_id=fwp_db['id']) @@ -295,7 +296,7 @@ class Firewall_db_mixin(fw_ext.FirewallPluginBase, base_db.CommonDbMixin): fwp_id = fw['firewall_policy_id'] fwp = self._get_firewall_policy(context, fwp_id) if fw_tenant_id != fwp['tenant_id'] and not fwp['shared']: - raise fw_ext.FirewallPolicyConflict(firewall_policy_id=fwp_id) + raise f_exc.FirewallPolicyConflict(firewall_policy_id=fwp_id) def _validate_fwr_src_dst_ip_version(self, fwr): src_version = dst_version = None @@ -307,12 +308,12 @@ class Firewall_db_mixin(fw_ext.FirewallPluginBase, base_db.CommonDbMixin): rule_ip_version = fwr.get('ip_version', None) if ((src_version and src_version != rule_ip_version) or (dst_version and dst_version != rule_ip_version)): - raise fw_ext.FirewallIpAddressConflict() + raise f_exc.FirewallIpAddressConflict() def _validate_fwr_port_range(self, min_port, max_port): if int(min_port) > int(max_port): port_range = '%s:%s' % (min_port, max_port) - raise fw_ext.FirewallRuleInvalidPortValue(port=port_range) + raise f_exc.FirewallRuleInvalidPortValue(port=port_range) def _validate_fwr_protocol_parameters(self, fwr): protocol = fwr.get('protocol', None) @@ -320,7 +321,7 @@ class Firewall_db_mixin(fw_ext.FirewallPluginBase, base_db.CommonDbMixin): nl_constants.PROTO_NAME_UDP): if (fwr.get('source_port', None) or fwr.get('destination_port', None)): - raise fw_ext.FirewallRuleInvalidICMPParameter( + raise f_exc.FirewallRuleInvalidICMPParameter( param="Source, destination port") def create_firewall(self, context, firewall, status=None): @@ -354,7 +355,7 @@ class Firewall_db_mixin(fw_ext.FirewallPluginBase, base_db.CommonDbMixin): self._validate_fw_parameters(context, fw, fw_db['tenant_id']) count = context.session.query(Firewall).filter_by(id=id).update(fw) if not count: - raise fw_ext.FirewallNotFound(firewall_id=id) + raise f_exc.FirewallNotFound(firewall_id=id) return self.get_firewall(context, id) def update_firewall_status(self, context, id, status, not_in=None): @@ -378,7 +379,7 @@ class Firewall_db_mixin(fw_ext.FirewallPluginBase, base_db.CommonDbMixin): # firewall is active count = context.session.query(Firewall).filter_by(id=id).delete() if not count: - raise fw_ext.FirewallNotFound(firewall_id=id) + raise f_exc.FirewallNotFound(firewall_id=id) def get_firewall(self, context, id, fields=None): LOG.debug("get_firewall() called") @@ -419,7 +420,7 @@ class Firewall_db_mixin(fw_ext.FirewallPluginBase, base_db.CommonDbMixin): if not fwp.get('shared', True) and fwp_db.firewalls: for fw in fwp_db['firewalls']: if fwp_db['tenant_id'] != fw['tenant_id']: - raise fw_ext.FirewallPolicyInUse( + raise f_exc.FirewallPolicyInUse( firewall_policy_id=id) # check any existing rules are not shared if 'shared' in fwp and 'firewall_rules' not in fwp: @@ -440,7 +441,7 @@ class Firewall_db_mixin(fw_ext.FirewallPluginBase, base_db.CommonDbMixin): # being used qry = context.session.query(Firewall) if qry.filter_by(firewall_policy_id=id).first(): - raise fw_ext.FirewallPolicyInUse(firewall_policy_id=id) + raise f_exc.FirewallPolicyInUse(firewall_policy_id=id) else: context.session.delete(fwp) @@ -467,7 +468,7 @@ class Firewall_db_mixin(fw_ext.FirewallPluginBase, base_db.CommonDbMixin): self._validate_fwr_src_dst_ip_version(fwr) if not fwr['protocol'] and (fwr['source_port'] or fwr['destination_port']): - raise fw_ext.FirewallRuleWithPortWithoutProtocolInvalid() + raise f_exc.FirewallRuleWithPortWithoutProtocolInvalid() src_port_min, src_port_max = self._get_min_max_ports_from_range( fwr['source_port']) dst_port_min, dst_port_max = self._get_min_max_ports_from_range( @@ -503,7 +504,7 @@ class Firewall_db_mixin(fw_ext.FirewallPluginBase, base_db.CommonDbMixin): fwr_db.firewall_policy_id) if 'shared' in fwr and not fwr['shared']: if fwr_db['tenant_id'] != fwp_db['tenant_id']: - raise fw_ext.FirewallRuleInUse(firewall_rule_id=id) + raise f_exc.FirewallRuleInUse(firewall_rule_id=id) if 'source_port' in fwr: src_port_min, src_port_max = self._get_min_max_ports_from_range( fwr['source_port']) @@ -524,7 +525,7 @@ class Firewall_db_mixin(fw_ext.FirewallPluginBase, base_db.CommonDbMixin): dport = fwr.get('destination_port_range_min', fwr_db['destination_port_range_min']) if sport or dport: - raise fw_ext.FirewallRuleWithPortWithoutProtocolInvalid() + raise f_exc.FirewallRuleWithPortWithoutProtocolInvalid() fwr_db.update(fwr) if fwr_db.firewall_policy_id: fwp_db.audited = False @@ -535,7 +536,7 @@ class Firewall_db_mixin(fw_ext.FirewallPluginBase, base_db.CommonDbMixin): with context.session.begin(subtransactions=True): fwr = self._get_firewall_rule(context, id) if fwr.firewall_policy_id: - raise fw_ext.FirewallRuleInUse(firewall_rule_id=id) + raise f_exc.FirewallRuleInUse(firewall_rule_id=id) context.session.delete(fwr) def get_firewall_rule(self, context, id, fields=None): @@ -556,7 +557,7 @@ class Firewall_db_mixin(fw_ext.FirewallPluginBase, base_db.CommonDbMixin): def _validate_insert_remove_rule_request(self, id, rule_info): if not rule_info or 'firewall_rule_id' not in rule_info: - raise fw_ext.FirewallRuleInfoMissing() + raise f_exc.FirewallRuleInfoMissing() def insert_rule(self, context, id, rule_info): LOG.debug("insert_rule() called") @@ -565,7 +566,7 @@ class Firewall_db_mixin(fw_ext.FirewallPluginBase, base_db.CommonDbMixin): insert_before = True ref_firewall_rule_id = None if not firewall_rule_id: - raise fw_ext.FirewallRuleNotFound(firewall_rule_id=None) + raise f_exc.FirewallRuleNotFound(firewall_rule_id=None) if 'insert_before' in rule_info: ref_firewall_rule_id = rule_info['insert_before'] if not ref_firewall_rule_id and 'insert_after' in rule_info: @@ -576,7 +577,7 @@ class Firewall_db_mixin(fw_ext.FirewallPluginBase, base_db.CommonDbMixin): fwr_db = self._get_firewall_rule(context, firewall_rule_id) fwp_db = self._get_firewall_policy(context, id) if fwr_db.firewall_policy_id: - raise fw_ext.FirewallRuleInUse(firewall_rule_id=fwr_db['id']) + raise f_exc.FirewallRuleInUse(firewall_rule_id=fwr_db['id']) self._check_firewall_rule_conflict(fwr_db, fwp_db) if ref_firewall_rule_id: # If reference_firewall_rule_id is set, the new rule @@ -587,7 +588,7 @@ class Firewall_db_mixin(fw_ext.FirewallPluginBase, base_db.CommonDbMixin): ref_fwr_db = self._get_firewall_rule( context, ref_firewall_rule_id) if ref_fwr_db.firewall_policy_id != id: - raise fw_ext.FirewallRuleNotAssociatedWithPolicy( + raise f_exc.FirewallRuleNotAssociatedWithPolicy( firewall_rule_id=ref_fwr_db['id'], firewall_policy_id=id) if insert_before: @@ -609,11 +610,11 @@ class Firewall_db_mixin(fw_ext.FirewallPluginBase, base_db.CommonDbMixin): self._validate_insert_remove_rule_request(id, rule_info) firewall_rule_id = rule_info['firewall_rule_id'] if not firewall_rule_id: - raise fw_ext.FirewallRuleNotFound(firewall_rule_id=None) + raise f_exc.FirewallRuleNotFound(firewall_rule_id=None) with context.session.begin(subtransactions=True): fwr_db = self._get_firewall_rule(context, firewall_rule_id) if fwr_db.firewall_policy_id != id: - raise fw_ext.FirewallRuleNotAssociatedWithPolicy( + raise f_exc.FirewallRuleNotAssociatedWithPolicy( firewall_rule_id=fwr_db['id'], firewall_policy_id=id) return self._process_rule_for_policy(context, id, fwr_db, None) diff --git a/neutron_fwaas/db/firewall/firewall_router_insertion_db.py b/neutron_fwaas/db/firewall/firewall_router_insertion_db.py index 76f1503b0..143f69968 100644 --- a/neutron_fwaas/db/firewall/firewall_router_insertion_db.py +++ b/neutron_fwaas/db/firewall/firewall_router_insertion_db.py @@ -14,11 +14,11 @@ # under the License. from neutron_lib.db import model_base +from neutron_lib.exceptions import firewall_v1 as fwrtrins from oslo_log import helpers as log_helpers from oslo_log import log as logging import sqlalchemy as sa -from neutron_fwaas.extensions import firewallrouterinsertion as fwrtrins LOG = logging.getLogger(__name__) diff --git a/neutron_fwaas/db/firewall/v2/firewall_db_v2.py b/neutron_fwaas/db/firewall/v2/firewall_db_v2.py index ae72744e7..b9b90fc5a 100644 --- a/neutron_fwaas/db/firewall/v2/firewall_db_v2.py +++ b/neutron_fwaas/db/firewall/v2/firewall_db_v2.py @@ -16,6 +16,7 @@ from neutron.db import common_db_mixin as base_db from neutron_lib import constants as nl_constants from neutron_lib.db import model_base +from neutron_lib.exceptions import firewall_v2 as f_exc from oslo_config import cfg from oslo_log import log as logging from oslo_utils import uuidutils @@ -125,19 +126,19 @@ class Firewall_db_mixin_v2(fw_ext.Firewallv2PluginBase, base_db.CommonDbMixin): try: return self._get_by_id(context, FirewallGroup, id) except exc.NoResultFound: - raise fw_ext.FirewallGroupNotFound(firewall_id=id) + raise f_exc.FirewallGroupNotFound(firewall_id=id) def _get_firewall_policy(self, context, id): try: return self._get_by_id(context, FirewallPolicy, id) except exc.NoResultFound: - raise fw_ext.FirewallPolicyNotFound(firewall_policy_id=id) + raise f_exc.FirewallPolicyNotFound(firewall_policy_id=id) def _get_firewall_rule(self, context, id): try: return self._get_by_id(context, FirewallRuleV2, id) except exc.NoResultFound: - raise fw_ext.FirewallRuleNotFound(firewall_rule_id=id) + raise f_exc.FirewallRuleNotFound(firewall_rule_id=id) def _validate_fwr_protocol_parameters(self, fwr, fwr_db=None): protocol = fwr.get('protocol', None) @@ -147,7 +148,7 @@ class Firewall_db_mixin_v2(fw_ext.Firewallv2PluginBase, base_db.CommonDbMixin): nl_constants.PROTO_NAME_UDP): if (fwr.get('source_port', None) or fwr.get('destination_port', None)): - raise fw_ext.FirewallRuleInvalidICMPParameter( + raise f_exc.FirewallRuleInvalidICMPParameter( param="Source, destination port") def _validate_fwr_src_dst_ip_version(self, fwr, fwr_db=None): @@ -162,12 +163,12 @@ class Firewall_db_mixin_v2(fw_ext.Firewallv2PluginBase, base_db.CommonDbMixin): rule_ip_version = fwr_db.ip_version if ((src_version and src_version != rule_ip_version) or (dst_version and dst_version != rule_ip_version)): - raise fw_ext.FirewallIpAddressConflict() + raise f_exc.FirewallIpAddressConflict() def _validate_fwr_port_range(self, min_port, max_port): if int(min_port) > int(max_port): port_range = '%s:%s' % (min_port, max_port) - raise fw_ext.FirewallRuleInvalidPortValue(port=port_range) + raise f_exc.FirewallRuleInvalidPortValue(port=port_range) def _get_min_max_ports_from_range(self, port_range): if not port_range: @@ -267,9 +268,9 @@ class Firewall_db_mixin_v2(fw_ext.Firewallv2PluginBase, base_db.CommonDbMixin): def _check_firewall_rule_conflict(self, fwr_db, fwp_db): if not fwr_db['shared']: if fwr_db['tenant_id'] != fwp_db['tenant_id']: - raise fw_ext.FirewallRuleConflict( + raise f_exc.FirewallRuleConflict( firewall_rule_id=fwr_db['id'], - tenant_id=fwr_db['tenant_id']) + project_id=fwr_db['tenant_id']) def _process_rule_for_policy(self, context, firewall_policy_id, firewall_rule_id, position, association_db): @@ -305,7 +306,7 @@ class Firewall_db_mixin_v2(fw_ext.Firewallv2PluginBase, base_db.CommonDbMixin): try: self._get_policy_rule_association_query( context, firewall_policy_id, firewall_rule_id).one() - raise fw_ext.FirewallRuleAlreadyAssociated( + raise f_exc.FirewallRuleAlreadyAssociated( firewall_rule_id=firewall_rule_id, firewall_policy_id=firewall_policy_id) except exc.NoResultFound: @@ -320,7 +321,7 @@ class Firewall_db_mixin_v2(fw_ext.Firewallv2PluginBase, base_db.CommonDbMixin): return self._get_policy_rule_association_query( context, firewall_policy_id, firewall_rule_id).one() except exc.NoResultFound: - raise fw_ext.FirewallRuleNotAssociatedWithPolicy( + raise f_exc.FirewallRuleNotAssociatedWithPolicy( firewall_rule_id=firewall_rule_id, firewall_policy_id=firewall_policy_id) @@ -331,7 +332,7 @@ class Firewall_db_mixin_v2(fw_ext.Firewallv2PluginBase, base_db.CommonDbMixin): self._validate_fwr_src_dst_ip_version(fwr) if not fwr['protocol'] and (fwr['source_port'] or fwr['destination_port']): - raise fw_ext.FirewallRuleWithPortWithoutProtocolInvalid() + raise f_exc.FirewallRuleWithPortWithoutProtocolInvalid() src_port_min, src_port_max = self._get_min_max_ports_from_range( fwr['source_port']) dst_port_min, dst_port_max = self._get_min_max_ports_from_range( @@ -382,7 +383,7 @@ class Firewall_db_mixin_v2(fw_ext.Firewallv2PluginBase, base_db.CommonDbMixin): dport = fwr.get('destination_port_range_min', fwr_db['destination_port_range_min']) if sport or dport: - raise fw_ext.FirewallRuleWithPortWithoutProtocolInvalid() + raise f_exc.FirewallRuleWithPortWithoutProtocolInvalid() fwr_db.update(fwr) # if the rule on a policy, fix audited flag fwp_ids = self._get_policies_with_rule(context, id) @@ -397,7 +398,7 @@ class Firewall_db_mixin_v2(fw_ext.Firewallv2PluginBase, base_db.CommonDbMixin): fwr = self._get_firewall_rule(context, id) # make sure rule is not associated with any policy if self._get_policies_with_rule(context, id): - raise fw_ext.FirewallRuleInUse(firewall_rule_id=id) + raise f_exc.FirewallRuleInUse(firewall_rule_id=id) context.session.delete(fwr) def insert_rule(self, context, id, rule_info): @@ -409,7 +410,7 @@ class Firewall_db_mixin_v2(fw_ext.Firewallv2PluginBase, base_db.CommonDbMixin): insert_before = True ref_firewall_rule_id = None if not firewall_rule_id: - raise fw_ext.FirewallRuleNotFound(firewall_rule_id=None) + raise f_exc.FirewallRuleNotFound(firewall_rule_id=None) if 'insert_before' in rule_info: ref_firewall_rule_id = rule_info['insert_before'] if not ref_firewall_rule_id and 'insert_after' in rule_info: @@ -447,7 +448,7 @@ class Firewall_db_mixin_v2(fw_ext.Firewallv2PluginBase, base_db.CommonDbMixin): self._validate_insert_remove_rule_request(id, rule_info) firewall_rule_id = rule_info['firewall_rule_id'] if not firewall_rule_id: - raise fw_ext.FirewallRuleNotFound(firewall_rule_id=None) + raise f_exc.FirewallRuleNotFound(firewall_rule_id=None) with context.session.begin(subtransactions=True): self._get_firewall_rule(context, firewall_rule_id) fwpra_db = self._get_policy_rule_association(context, id, @@ -468,7 +469,7 @@ class Firewall_db_mixin_v2(fw_ext.Firewallv2PluginBase, base_db.CommonDbMixin): def _validate_insert_remove_rule_request(self, id, rule_info): if not rule_info or 'firewall_rule_id' not in rule_info: - raise fw_ext.FirewallRuleInfoMissing() + raise f_exc.FirewallRuleInfoMissing() def _delete_rules_in_policy(self, context, firewall_policy_id): """Delete the rules in the firewall policy.""" @@ -522,15 +523,15 @@ class Firewall_db_mixin_v2(fw_ext.Firewallv2PluginBase, base_db.CommonDbMixin): for fwrule_id in rule_id_list: if fwrule_id not in rules_dict: # Bail as soon as we find an invalid rule. - raise fw_ext.FirewallRuleNotFound( + raise f_exc.FirewallRuleNotFound( firewall_rule_id=fwrule_id) if 'shared' in fwp: if fwp['shared'] and not rules_dict[fwrule_id]['shared']: - raise fw_ext.FirewallRuleSharingConflict( + raise f_exc.FirewallRuleSharingConflict( firewall_rule_id=fwrule_id, firewall_policy_id=fwp_db['id']) elif fwp_db['shared'] and not rules_dict[fwrule_id]['shared']: - raise fw_ext.FirewallRuleSharingConflict( + raise f_exc.FirewallRuleSharingConflict( firewall_rule_id=fwrule_id, firewall_policy_id=fwp_db['id']) else: @@ -539,9 +540,9 @@ class Firewall_db_mixin_v2(fw_ext.Firewallv2PluginBase, base_db.CommonDbMixin): if not rules_dict[fwrule_id]['shared']: if (rules_dict[fwrule_id]['tenant_id'] != fwp_db[ 'tenant_id']): - raise fw_ext.FirewallRuleConflict( + raise f_exc.FirewallRuleConflict( firewall_rule_id=fwrule_id, - tenant_id=rules_dict[fwrule_id]['tenant_id']) + project_id=rules_dict[fwrule_id]['tenant_id']) def _check_if_rules_shared_for_policy_shared(self, context, fwp_db, fwp): if fwp['shared']: @@ -550,7 +551,7 @@ class Firewall_db_mixin_v2(fw_ext.Firewallv2PluginBase, base_db.CommonDbMixin): fwr_db = self._get_firewall_rule(context, entry.firewall_rule_id) if not fwp_db['shared']: - raise fw_ext.FirewallPolicySharingConflict( + raise f_exc.FirewallPolicySharingConflict( firewall_rule_id=fwr_db['id'], firewall_policy_id=fwp_db['id']) @@ -578,7 +579,7 @@ class Firewall_db_mixin_v2(fw_ext.Firewallv2PluginBase, base_db.CommonDbMixin): filters=filters) for entry in fwg_with_fwp_id_db: if entry.tenant_id != fwp_tenant_id: - raise fw_ext.FirewallPolicyInUse( + raise f_exc.FirewallPolicyInUse( firewall_policy_id=fwp_id) def _set_rules_for_policy(self, context, firewall_policy_db, fwp): @@ -660,9 +661,9 @@ class Firewall_db_mixin_v2(fw_ext.Firewallv2PluginBase, base_db.CommonDbMixin): # check if policy in use qry = context.session.query(FirewallGroup) if qry.filter_by(ingress_firewall_policy_id=id).first(): - raise fw_ext.FirewallPolicyInUse(firewall_policy_id=id) + raise f_exc.FirewallPolicyInUse(firewall_policy_id=id) elif qry.filter_by(egress_firewall_policy_id=id).first(): - raise fw_ext.FirewallPolicyInUse(firewall_policy_id=id) + raise f_exc.FirewallPolicyInUse(firewall_policy_id=id) else: # Policy is not being used, delete. self._delete_rules_in_policy(context, id) @@ -686,7 +687,7 @@ class Firewall_db_mixin_v2(fw_ext.Firewallv2PluginBase, base_db.CommonDbMixin): if fwp_id is not None: fwp = self._get_firewall_policy(context, fwp_id) if fwg_tenant_id != fwp['tenant_id'] and not fwp['shared']: - raise fw_ext.FirewallPolicyConflict( + raise f_exc.FirewallPolicyConflict( firewall_policy_id=fwp_id) if 'egress_firewall_policy_id' in fwg: @@ -694,7 +695,7 @@ class Firewall_db_mixin_v2(fw_ext.Firewallv2PluginBase, base_db.CommonDbMixin): if fwp_id is not None: fwp = self._get_firewall_policy(context, fwp_id) if fwg_tenant_id != fwp['tenant_id'] and not fwp['shared']: - raise fw_ext.FirewallPolicyConflict( + raise f_exc.FirewallPolicyConflict( firewall_policy_id=fwp_id) return @@ -741,7 +742,7 @@ class Firewall_db_mixin_v2(fw_ext.Firewallv2PluginBase, base_db.CommonDbMixin): FirewallGroupPortAssociation.firewall_group_id != fwg_id).all() if fwg_ports: port_ids = [entry.port_id for entry in fwg_ports] - raise fw_ext.FirewallGroupPortInUse(port_ids=port_ids) + raise f_exc.FirewallGroupPortInUse(port_ids=port_ids) def create_firewall_group(self, context, firewall_group, status=None): fwg = firewall_group['firewall_group'] @@ -777,7 +778,7 @@ class Firewall_db_mixin_v2(fw_ext.Firewallv2PluginBase, base_db.CommonDbMixin): count = context.session.query( FirewallGroup).filter_by(id=id).update(fwg) if not count: - raise fw_ext.FirewallGroupNotFound(firewall_id=id) + raise f_exc.FirewallGroupNotFound(firewall_id=id) return self.get_firewall_group(context, id) def update_firewall_group_status(self, context, id, status, not_in=None): @@ -801,7 +802,7 @@ class Firewall_db_mixin_v2(fw_ext.Firewallv2PluginBase, base_db.CommonDbMixin): count = context.session.query( FirewallGroup).filter_by(id=id).delete() if not count: - raise fw_ext.FirewallGroupNotFound(firewall_id=id) + raise f_exc.FirewallGroupNotFound(firewall_id=id) def get_firewall_group(self, context, id, fields=None): LOG.debug("get_firewall_group() called") diff --git a/neutron_fwaas/extensions/firewall.py b/neutron_fwaas/extensions/firewall.py index ca0c35c26..bc85df5b5 100644 --- a/neutron_fwaas/extensions/firewall.py +++ b/neutron_fwaas/extensions/firewall.py @@ -15,13 +15,15 @@ import abc +from debtcollector import moves + from neutron.api.v2 import resource_helper from neutron_lib.api import converters from neutron_lib.api import extensions from neutron_lib.api import validators from neutron_lib import constants from neutron_lib.db import constants as db_const -from neutron_lib import exceptions as nexception +from neutron_lib.exceptions import firewall_v1 as f_exc from neutron_lib.services import base as service_base from oslo_config import cfg from oslo_log import log as logging @@ -33,6 +35,52 @@ from neutron_fwaas.common import fwaas_constants LOG = logging.getLogger(__name__) +FirewallNotFound = moves.moved_class( + f_exc.FirewallNotFound, 'FirewallNotFound', __name__) +FirewallInUse = moves.moved_class( + f_exc.FirewallInUse, 'FirewallInUse', __name__) +FirewallPolicyNotFound = moves.moved_class( + f_exc.FirewallPolicyNotFound, 'FirewallPolicyNotFound', __name__) +FirewallPolicyInUse = moves.moved_class( + f_exc.FirewallPolicyInUse, 'FirewallPolicyInUse', __name__) +FirewallPolicyConflict = moves.moved_class( + f_exc.FirewallPolicyConflict, 'FirewallPolicyConflict', __name__) +FirewallRuleSharingConflict = moves.moved_class( + f_exc.FirewallRuleSharingConflict, 'FirewallRuleSharingConflict', __name__) +FirewallPolicySharingConflict = moves.moved_class( + f_exc.FirewallPolicySharingConflict, 'FirewallPolicySharingConflict', + __name__) +FirewallRuleNotFound = moves.moved_class( + f_exc.FirewallRuleNotFound, 'FirewallRuleNotFound', __name__) +FirewallRuleInUse = moves.moved_class( + f_exc.FirewallRuleInUse, 'FirewallRuleInUse', __name__) +FirewallRuleNotAssociatedWithPolicy = moves.moved_class( + f_exc.FirewallRuleNotAssociatedWithPolicy, + 'FirewallRuleNotAssociatedWithPolicy', + __name__) +FirewallRuleInvalidProtocol = moves.moved_class( + f_exc.FirewallRuleInvalidProtocol, 'FirewallRuleInvalidProtocol', + __name__) +FirewallRuleInvalidAction = moves.moved_class( + f_exc.FirewallRuleInvalidAction, 'FirewallRuleInvalidAction', __name__) +FirewallRuleInvalidICMPParameter = moves.moved_class( + f_exc.FirewallRuleInvalidICMPParameter, + 'FirewallRuleInvalidICMPParameter', __name__) +FirewallRuleWithPortWithoutProtocolInvalid = moves.moved_class( + f_exc.FirewallRuleWithPortWithoutProtocolInvalid, + 'FirewallRuleWithPortWithoutProtocolInvalid', __name__) +FirewallRuleInvalidPortValue = moves.moved_class( + f_exc.FirewallRuleInvalidPortValue, 'FirewallRuleInvalidPortValue', + __name__) +FirewallRuleInfoMissing = moves.moved_class( + f_exc.FirewallRuleInfoMissing, 'FirewallRuleInfoMissing', __name__) +FirewallIpAddressConflict = moves.moved_class( + f_exc.FirewallIpAddressConflict, 'FirewallIpAddressConflict', __name__) +FirewallInternalDriverError = moves.moved_class( + f_exc.FirewallInternalDriverError, 'FirewallInternalDriverError', __name__) +FirewallRuleConflict = moves.moved_class( + f_exc.FirewallRuleConflict, 'FirewallRuleConflict', __name__) + # Firewall rule action FWAAS_ALLOW = "allow" FWAAS_DENY = "deny" @@ -42,131 +90,6 @@ FWAAS_REJECT = "reject" FIREWALL_PREFIX = "/fw" -# Firewall Exceptions -class FirewallNotFound(nexception.NotFound): - message = _("Firewall %(firewall_id)s could not be found.") - - -class FirewallInUse(nexception.InUse): - message = _("Firewall %(firewall_id)s is still active.") - - -class FirewallInPendingState(nexception.Conflict): - message = _("Operation cannot be performed since associated Firewall " - "%(firewall_id)s is in %(pending_state)s.") - - -class FirewallPolicyNotFound(nexception.NotFound): - message = _("Firewall Policy %(firewall_policy_id)s could not be found.") - - -class FirewallPolicyInUse(nexception.InUse): - message = _("Firewall Policy %(firewall_policy_id)s is being used.") - - -class FirewallPolicyConflict(nexception.Conflict): - """FWaaS exception for firewall policy - - Occurs when admin policy tries to use another tenant's unshared - policy. - """ - message = _("Operation cannot be performed since Firewall Policy " - "%(firewall_policy_id)s is not shared and does not belong to " - "your tenant.") - - -class FirewallRuleSharingConflict(nexception.Conflict): - - """FWaaS exception for firewall rules - - When a shared policy is created or updated with unshared rules, - this exception will be raised. - """ - message = _("Operation cannot be performed since Firewall Policy " - "%(firewall_policy_id)s is shared but Firewall Rule " - "%(firewall_rule_id)s is not shared") - - -class FirewallPolicySharingConflict(nexception.Conflict): - - """FWaaS exception for firewall policy - - When a policy is shared without sharing its associated rules, - this exception will be raised. - """ - message = _("Operation cannot be performed. Before sharing Firewall " - "Policy %(firewall_policy_id)s, share associated Firewall " - "Rule %(firewall_rule_id)s") - - -class FirewallRuleNotFound(nexception.NotFound): - message = _("Firewall Rule %(firewall_rule_id)s could not be found.") - - -class FirewallRuleInUse(nexception.InUse): - message = _("Firewall Rule %(firewall_rule_id)s is being used.") - - -class FirewallRuleNotAssociatedWithPolicy(nexception.InvalidInput): - message = _("Firewall Rule %(firewall_rule_id)s is not associated " - "with Firewall Policy %(firewall_policy_id)s.") - - -class FirewallRuleInvalidProtocol(nexception.InvalidInput): - message = _("Firewall Rule protocol %(protocol)s is not supported. " - "Only protocol values %(values)s and their integer " - "representation (0 to 255) are supported.") - - -class FirewallRuleInvalidAction(nexception.InvalidInput): - message = _("Firewall rule action %(action)s is not supported. " - "Only action values %(values)s are supported.") - - -class FirewallRuleInvalidICMPParameter(nexception.InvalidInput): - message = _("%(param)s are not allowed when protocol " - "is set to ICMP.") - - -class FirewallRuleWithPortWithoutProtocolInvalid(nexception.InvalidInput): - message = _("Source/destination port requires a protocol") - - -class FirewallRuleInvalidPortValue(nexception.InvalidInput): - message = _("Invalid value for port %(port)s.") - - -class FirewallRuleInfoMissing(nexception.InvalidInput): - message = _("Missing rule info argument for insert/remove " - "rule operation.") - - -class FirewallIpAddressConflict(nexception.InvalidInput): - message = _("Invalid input - IP addresses do not agree with IP Version") - - -class FirewallInternalDriverError(nexception.NeutronException): - """Fwaas exception for all driver errors. - - On any failure or exception in the driver, driver should log it and - raise this exception to the agent - """ - message = _("%(driver)s: Internal driver error.") - - -class FirewallRuleConflict(nexception.Conflict): - - """Firewall rule conflict exception. - - Occurs when admin policy tries to use another tenant's unshared - rule. - """ - - message = _("Operation cannot be performed since Firewall Rule " - "%(firewall_rule_id)s is not shared and belongs to " - "another tenant %(tenant_id)s") - - fw_valid_protocol_values = [None, constants.PROTO_NAME_TCP, constants.PROTO_NAME_UDP, constants.PROTO_NAME_ICMP] @@ -182,12 +105,12 @@ def convert_protocol(value): if 0 <= val <= 255: return val else: - raise FirewallRuleInvalidProtocol( + raise f_exc.FirewallRuleInvalidProtocol( protocol=value, values=fw_valid_protocol_values) elif isinstance(value, six.string_types): if value.lower() in fw_valid_protocol_values: return value.lower() - raise FirewallRuleInvalidProtocol( + raise f_exc.FirewallRuleInvalidProtocol( protocol=value, values=fw_valid_protocol_values) diff --git a/neutron_fwaas/extensions/firewall_v2.py b/neutron_fwaas/extensions/firewall_v2.py index b44c3ddf3..a8d95e2e0 100644 --- a/neutron_fwaas/extensions/firewall_v2.py +++ b/neutron_fwaas/extensions/firewall_v2.py @@ -14,16 +14,16 @@ import abc +from debtcollector import moves + from neutron.api.v2 import resource_helper from neutron_lib.api import converters from neutron_lib.api import extensions from neutron_lib.db import constants as nl_db_constants -from neutron_lib import exceptions as nexception +from neutron_lib.exceptions import firewall_v2 as f_exc from neutron_lib.services import base as service_base import six -from neutron_fwaas._i18n import _ - # Import firewall v1 API to get the validators # TODO(shpadubi): pull the validators out of fwaas v1 into a separate file from neutron_fwaas.extensions import firewall as fwaas_v1 @@ -32,157 +32,65 @@ FIREWALL_PREFIX = '/fwaas' FIREWALL_CONST = 'FIREWALL_V2' - -# Firewall Exceptions -class FirewallGroupNotFound(nexception.NotFound): - message = _("Firewall Group %(firewall_id)s could not be found.") - - -class FirewallGroupInUse(nexception.InUse): - message = _("Firewall %(firewall_id)s is still active.") - - -class FirewallGroupInPendingState(nexception.Conflict): - message = _("Operation cannot be performed since associated Firewall " - "%(firewall_id)s is in %(pending_state)s.") - - -class FirewallGroupPortInvalid(nexception.Conflict): - message = _("Firewall Group Port %(port_id)s is invalid") - - -class FirewallGroupPortInvalidProject(nexception.Conflict): - message = _("Operation cannot be performed as port %(port_id)s " - "is in an invalid project %(tenant_id)s.") - - -class FirewallGroupPortInUse(nexception.InUse): - message = _("Port(s) %(port_ids)s provided already associated with " - "other Firewall Group(s). ") - - -class FirewallPolicyNotFound(nexception.NotFound): - message = _("Firewall Policy %(firewall_policy_id)s could not be found.") - - -class FirewallPolicyInUse(nexception.InUse): - message = _("Firewall Policy %(firewall_policy_id)s is being used.") - - -class FirewallPolicyConflict(nexception.Conflict): - """FWaaS exception for firewall policy - - Occurs when admin policy tries to use another tenant's policy that - is not shared. - """ - - message = _("Operation cannot be performed since Firewall Policy " - "%(firewall_policy_id)s is not shared and does not belong to " - "your tenant.") - - -class FirewallRuleSharingConflict(nexception.Conflict): - """FWaaS exception for firewall rules - - This exception will be raised when a shared policy is created or - updated with rules that are not shared. - """ - - message = _("Operation cannot be performed since Firewall Policy " - "%(firewall_policy_id)s is shared but Firewall Rule " - "%(firewall_rule_id)s is not shared.") - - -class FirewallPolicySharingConflict(nexception.Conflict): - """FWaaS exception for firewall policy - - When a policy is 'shared' without sharing its associated rules, - this exception will be raised. - """ - - message = _("Operation cannot be performed. Before sharing Firewall " - "Policy %(firewall_policy_id)s, share associated Firewall " - "Rule %(firewall_rule_id)s.") - - -class FirewallRuleNotFound(nexception.NotFound): - message = _("Firewall Rule %(firewall_rule_id)s could not be found.") - - -class FirewallRuleInUse(nexception.InUse): - message = _("Firewall Rule %(firewall_rule_id)s is being used.") - - -class FirewallRuleNotAssociatedWithPolicy(nexception.InvalidInput): - message = _("Firewall Rule %(firewall_rule_id)s is not associated " - "with Firewall Policy %(firewall_policy_id)s.") - - -class FirewallRuleInvalidProtocol(nexception.InvalidInput): - message = _("Firewall Rule protocol %(protocol)s is not supported. " - "Only protocol values %(values)s and their integer " - "representation (0 to 255) are supported.") - - -class FirewallRuleInvalidAction(nexception.InvalidInput): - message = _("Firewall rule action %(action)s is not supported. " - "Only action values %(values)s are supported.") - - -class FirewallRuleInvalidICMPParameter(nexception.InvalidInput): - message = _("%(param)s are not allowed when protocol " - "is set to ICMP.") - - -class FirewallRuleWithPortWithoutProtocolInvalid(nexception.InvalidInput): - message = _("Source/destination port requires a protocol") - - -class FirewallRuleInvalidPortValue(nexception.InvalidInput): - message = _("Invalid value for port %(port)s.") - - -class FirewallRuleInfoMissing(nexception.InvalidInput): - message = _("Missing rule info argument for insert/remove " - "rule operation.") - - -class FirewallIpAddressConflict(nexception.InvalidInput): - message = _("Invalid input - IP addresses do not agree with IP Version.") - - -class FirewallInternalDriverError(nexception.NeutronException): - """Fwaas exception for all driver errors. - - On any failure or exception in the driver, driver should log it and - raise this exception to the agent - """ - - message = _("%(driver)s: Internal driver error.") - - -class FirewallRuleConflict(nexception.Conflict): - """Firewall rule conflict exception. - - Occurs when admin policy tries to use another tenant's rule that is - not shared - """ - - message = _("Operation cannot be performed since Firewall Rule " - "%(firewall_rule_id)s is not shared and belongs to " - "another tenant %(tenant_id)s.") - - -class FirewallRuleAlreadyAssociated(nexception.Conflict): - """Firewall rule conflict exception. - - Occurs when there is an attempt to assign a rule to a policy that - the rule is already associated with. - """ - - message = _("Operation cannot be performed since Firewall Rule " - "%(firewall_rule_id)s is already associated with Firewall" - "Policy %(firewall_policy_id)s.") +FirewallGroupNotFound = moves.moved_class( + f_exc.FirewallGroupNotFound, 'FirewallGroupNotFound', __name__) +FirewallGroupInUse = moves.moved_class( + f_exc.FirewallGroupInUse, 'FirewallGroupInUse', __name__) +FirewallGroupInPendingState = moves.moved_class( + f_exc.FirewallGroupInPendingState, 'FirewallGroupInPendingState', __name__) +FirewallGroupPortInvalid = moves.moved_class( + f_exc.FirewallGroupPortInvalid, 'FirewallGroupPortInvalid', __name__) +FirewallGroupPortInvalidProject = moves.moved_class( + f_exc.FirewallGroupPortInvalidProject, 'FirewallGroupPortInvalidProject', + __name__) +FirewallGroupPortInUse = moves.moved_class( + f_exc.FirewallGroupPortInUse, 'FirewallGroupPortInUse', __name__) +FirewallPolicyNotFound = moves.moved_class( + f_exc.FirewallPolicyNotFound, 'FirewallPolicyNotFound', __name__) +FirewallPolicyInUse = moves.moved_class( + f_exc.FirewallPolicyInUse, 'FirewallPolicyInUse', __name__) +FirewallPolicyConflict = moves.moved_class( + f_exc.FirewallPolicyConflict, 'FirewallPolicyConflict', __name__) +FirewallRuleSharingConflict = moves.moved_class( + f_exc.FirewallRuleSharingConflict, 'FirewallRuleSharingConflict', + __name__) +FirewallPolicySharingConflict = moves.moved_class( + f_exc.FirewallPolicySharingConflict, 'FirewallPolicySharingConflict', + __name__) +FirewallRuleNotFound = moves.moved_class( + f_exc.FirewallRuleNotFound, 'FirewallRuleNotFound', __name__) +FirewallRuleInUse = moves.moved_class( + f_exc.FirewallRuleInUse, 'FirewallRuleInUse', __name__) +FirewallRuleNotAssociatedWithPolicy = moves.moved_class( + f_exc.FirewallRuleNotAssociatedWithPolicy, + 'FirewallRuleNotAssociatedWithPolicy', + __name__) +FirewallRuleInvalidProtocol = moves.moved_class( + f_exc.FirewallRuleInvalidProtocol, 'FirewallRuleInvalidProtocol', + __name__) +FirewallRuleInvalidAction = moves.moved_class( + f_exc.FirewallRuleInvalidAction, 'FirewallRuleInvalidAction', + __name__) +FirewallRuleInvalidICMPParameter = moves.moved_class( + f_exc.FirewallRuleInvalidICMPParameter, + 'FirewallRuleInvalidICMPParameter', __name__) +FirewallRuleWithPortWithoutProtocolInvalid = moves.moved_class( + f_exc.FirewallRuleWithPortWithoutProtocolInvalid, + 'FirewallRuleWithPortWithoutProtocolInvalid', __name__) +FirewallRuleInvalidPortValue = moves.moved_class( + f_exc.FirewallRuleInvalidPortValue, 'FirewallRuleInvalidPortValue', + __name__) +FirewallRuleInfoMissing = moves.moved_class( + f_exc.FirewallRuleInfoMissing, 'FirewallRuleInfoMissing', __name__) +FirewallIpAddressConflict = moves.moved_class( + f_exc.FirewallIpAddressConflict, 'FirewallIpAddressConflict', __name__) +FirewallInternalDriverError = moves.moved_class( + f_exc.FirewallInternalDriverError, 'FirewallInternalDriverError', __name__) +FirewallRuleConflict = moves.moved_class( + f_exc.FirewallRuleConflict, 'FirewallRuleConflict', __name__) +FirewallRuleAlreadyAssociated = moves.moved_class( + f_exc.FirewallRuleAlreadyAssociated, 'FirewallRuleAlreadyAssociated', + __name__) RESOURCE_ATTRIBUTE_MAP = { diff --git a/neutron_fwaas/extensions/firewallrouterinsertion.py b/neutron_fwaas/extensions/firewallrouterinsertion.py index 8c2a88600..a630c856e 100644 --- a/neutron_fwaas/extensions/firewallrouterinsertion.py +++ b/neutron_fwaas/extensions/firewallrouterinsertion.py @@ -15,14 +15,6 @@ from neutron_lib.api import extensions from neutron_lib import constants -from neutron_lib import exceptions as nexception - -from neutron_fwaas._i18n import _ - - -class FirewallRouterInUse(nexception.InUse): - message = _("Router(s) %(router_ids)s provided already associated with " - "other Firewall(s). ") EXTENDED_ATTRIBUTES_2_0 = { diff --git a/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas.py b/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas.py index b653a7eec..1784d5619 100644 --- a/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas.py +++ b/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas.py @@ -21,8 +21,8 @@ from neutron.agent.linux import iptables_manager from neutron.common import utils from neutron_fwaas._i18n import _LE from neutron_fwaas.common import fwaas_constants as f_const -from neutron_fwaas.extensions import firewall as fw_ext from neutron_fwaas.services.firewall.drivers import fwaas_base +from neutron_lib.exceptions import firewall_v2 as f_exc LOG = logging.getLogger(__name__) FWAAS_DRIVER_NAME = 'Fwaas iptables driver' @@ -94,7 +94,7 @@ class IptablesFwaasDriver(fwaas_base.FwaasDriverBase): except (LookupError, RuntimeError): # catch known library exceptions and raise Fwaas generic exception LOG.exception(_LE("Failed to create firewall: %s"), firewall['id']) - raise fw_ext.FirewallInternalDriverError(driver=FWAAS_DRIVER_NAME) + raise f_exc.FirewallInternalDriverError(driver=FWAAS_DRIVER_NAME) def _get_ipt_mgrs_with_if_prefix(self, agent_mode, router_info): """Gets the iptables manager along with the if prefix to apply rules. @@ -139,7 +139,7 @@ class IptablesFwaasDriver(fwaas_base.FwaasDriverBase): except (LookupError, RuntimeError): # catch known library exceptions and raise Fwaas generic exception LOG.exception(_LE("Failed to delete firewall: %s"), fwid) - raise fw_ext.FirewallInternalDriverError(driver=FWAAS_DRIVER_NAME) + raise f_exc.FirewallInternalDriverError(driver=FWAAS_DRIVER_NAME) def update_firewall(self, agent_mode, apply_list, firewall): LOG.debug('Updating firewall %(fw_id)s for tenant %(tid)s', @@ -159,7 +159,7 @@ class IptablesFwaasDriver(fwaas_base.FwaasDriverBase): except (LookupError, RuntimeError): # catch known library exceptions and raise Fwaas generic exception LOG.exception(_LE("Failed to update firewall: %s"), firewall['id']) - raise fw_ext.FirewallInternalDriverError(driver=FWAAS_DRIVER_NAME) + raise f_exc.FirewallInternalDriverError(driver=FWAAS_DRIVER_NAME) def apply_default_policy(self, agent_mode, apply_list, firewall): LOG.debug('Applying firewall %(fw_id)s for tenant %(tid)s', @@ -185,7 +185,7 @@ class IptablesFwaasDriver(fwaas_base.FwaasDriverBase): # catch known library exceptions and raise Fwaas generic exception LOG.exception( _LE("Failed to apply default policy on firewall: %s"), fwid) - raise fw_ext.FirewallInternalDriverError(driver=FWAAS_DRIVER_NAME) + raise f_exc.FirewallInternalDriverError(driver=FWAAS_DRIVER_NAME) def _setup_firewall(self, agent_mode, apply_list, firewall): fwid = firewall['id'] diff --git a/neutron_fwaas/services/firewall/fwaas_plugin.py b/neutron_fwaas/services/firewall/fwaas_plugin.py index 9553b373c..0f73f4e91 100644 --- a/neutron_fwaas/services/firewall/fwaas_plugin.py +++ b/neutron_fwaas/services/firewall/fwaas_plugin.py @@ -14,6 +14,7 @@ # under the License. from neutron_lib import constants as nl_constants from neutron_lib import context as neutron_context +from neutron_lib.exceptions import firewall_v1 as f_exc from neutron_lib.plugins import constants as plugin_constants from neutron_lib.plugins import directory @@ -78,7 +79,7 @@ class FirewallCallbacks(object): {'fw': firewall_id, 'status': fw_db.status}) fw_db.update({"status": nl_constants.ERROR}) return False - except fw_ext.FirewallNotFound: + except f_exc.FirewallNotFound: LOG.info(_LI('Firewall %s already deleted'), firewall_id) return True @@ -215,8 +216,8 @@ class FirewallPlugin( if fwall['status'] in [nl_constants.PENDING_CREATE, nl_constants.PENDING_UPDATE, nl_constants.PENDING_DELETE]: - raise fw_ext.FirewallInPendingState(firewall_id=firewall_id, - pending_state=fwall['status']) + raise f_exc.FirewallInPendingState(firewall_id=firewall_id, + pending_state=fwall['status']) def _ensure_update_firewall_policy(self, context, firewall_policy_id): firewall_policy = self.get_firewall_policy(context, firewall_policy_id) diff --git a/neutron_fwaas/services/firewall/fwaas_plugin_v2.py b/neutron_fwaas/services/firewall/fwaas_plugin_v2.py index 08db3264b..6f8b07ae6 100644 --- a/neutron_fwaas/services/firewall/fwaas_plugin_v2.py +++ b/neutron_fwaas/services/firewall/fwaas_plugin_v2.py @@ -13,6 +13,7 @@ # under the License. from neutron_lib import context as neutron_context +from neutron_lib.exceptions import firewall_v2 as f_exc from neutron_lib.plugins import directory from neutron.common import rpc as n_rpc @@ -112,7 +113,7 @@ class FirewallCallbacks(object): {'fwg': fwg_id, 'status': fwg_db.status}) fwg_db.update({"status": nl_constants.ERROR}) return False - except fw_ext.FirewallGroupNotFound: + except f_exc.FirewallGroupNotFound: LOG.info(_LI('Firewall group %s already deleted'), fwg_id) return True @@ -207,7 +208,7 @@ class FirewallPluginV2( if fwg['status'] in [nl_constants.PENDING_CREATE, nl_constants.PENDING_UPDATE, nl_constants.PENDING_DELETE]: - raise fw_ext.FirewallGroupInPendingState(firewall_id=fwg_id, + raise f_exc.FirewallGroupInPendingState(firewall_id=fwg_id, pending_state=fwg['status']) def _ensure_update_firewall_policy(self, context, firewall_policy_id): @@ -229,9 +230,9 @@ class FirewallPluginV2( for port_id in fwg_ports: port_db = self._core_plugin._get_port(context, port_id) if port_db['device_owner'] != "network:router_interface": - raise fw_ext.FirewallGroupPortInvalid(port_id=port_id) + raise f_exc.FirewallGroupPortInvalid(port_id=port_id) if port_db['tenant_id'] != tenant_id: - raise fw_ext.FirewallGroupPortInvalidProject( + raise f_exc.FirewallGroupPortInvalidProject( port_id=port_id, tenant_id=port_db['tenant_id']) return diff --git a/neutron_fwaas/tests/tempest_plugin/tests/api/test_fwaas_extensions.py b/neutron_fwaas/tests/tempest_plugin/tests/api/test_fwaas_extensions.py index fb7256b59..364039b9e 100644 --- a/neutron_fwaas/tests/tempest_plugin/tests/api/test_fwaas_extensions.py +++ b/neutron_fwaas/tests/tempest_plugin/tests/api/test_fwaas_extensions.py @@ -347,7 +347,7 @@ class FWaaSExtensionTestJSON(base.BaseFWaaSTest): # Try to create firewall with the same router self.assertRaisesRegex( lib_exc.Conflict, - "already associated with other Firewall", + "already associated with other firewall", self.firewalls_client.create_firewall, name=data_utils.rand_name("firewall"), firewall_policy_id=self.fw_policy['id'], diff --git a/neutron_fwaas/tests/unit/db/firewall/test_firewall_db.py b/neutron_fwaas/tests/unit/db/firewall/test_firewall_db.py index 5f08c02da..94f701d20 100644 --- a/neutron_fwaas/tests/unit/db/firewall/test_firewall_db.py +++ b/neutron_fwaas/tests/unit/db/firewall/test_firewall_db.py @@ -31,6 +31,7 @@ from neutron_fwaas.services.firewall import fwaas_plugin from neutron_fwaas.tests import base from neutron_lib import constants as nl_constants from neutron_lib import context +from neutron_lib.exceptions import firewall_v1 as f_exc from neutron_lib.exceptions import l3 from neutron_lib.plugins import directory @@ -627,7 +628,7 @@ class TestFirewallDBPlugin(FirewallPluginDbTestCase): req = self.new_delete_request('firewall_policies', fwp_id) res = req.get_response(self.ext_api) self.assertEqual(204, res.status_int) - self.assertRaises(firewall.FirewallPolicyNotFound, + self.assertRaises(f_exc.FirewallPolicyNotFound, self.plugin.get_firewall_policy, ctx, fwp_id) @@ -650,7 +651,7 @@ class TestFirewallDBPlugin(FirewallPluginDbTestCase): req = self.new_delete_request('firewall_policies', fwp_id) res = req.get_response(self.ext_api) self.assertEqual(204, res.status_int) - self.assertRaises(firewall.FirewallPolicyNotFound, + self.assertRaises(f_exc.FirewallPolicyNotFound, self.plugin.get_firewall_policy, ctx, fwp_id) fw_rule = self.plugin.get_firewall_rule(ctx, fr_id) @@ -980,7 +981,7 @@ class TestFirewallDBPlugin(FirewallPluginDbTestCase): req = self.new_delete_request('firewall_rules', fwr_id) res = req.get_response(self.ext_api) self.assertEqual(204, res.status_int) - self.assertRaises(firewall.FirewallRuleNotFound, + self.assertRaises(f_exc.FirewallRuleNotFound, self.plugin.get_firewall_rule, ctx, fwr_id) @@ -1196,7 +1197,7 @@ class TestFirewallDBPlugin(FirewallPluginDbTestCase): req = self.new_delete_request('firewalls', fw_id) res = req.get_response(self.ext_api) self.assertEqual(204, res.status_int) - self.assertRaises(firewall.FirewallNotFound, + self.assertRaises(f_exc.FirewallNotFound, self.plugin.get_firewall, ctx, fw_id) @@ -1406,8 +1407,8 @@ class TestFirewallDBPlugin(FirewallPluginDbTestCase): name='firewall_policy2', firewall_rules=[associated]) as fwp: fwp_id = fwp['firewall_policy']['id'] not_associated = fwr2['firewall_rule']['id'] - msg = "Firewall Rule {0} is not associated with " \ - "Firewall Policy {1}.".format(not_associated, fwp_id) + msg = "Firewall rule {0} is not associated with " \ + "firewall policy {1}.".format(not_associated, fwp_id) result = self._rule_action( 'remove', fwp_id, not_associated, insert_before=None, diff --git a/neutron_fwaas/tests/unit/db/firewall/v2/test_firewall_db_v2.py b/neutron_fwaas/tests/unit/db/firewall/v2/test_firewall_db_v2.py index 082dcbb97..7dac54c21 100644 --- a/neutron_fwaas/tests/unit/db/firewall/v2/test_firewall_db_v2.py +++ b/neutron_fwaas/tests/unit/db/firewall/v2/test_firewall_db_v2.py @@ -34,6 +34,7 @@ from neutron_fwaas.services.firewall import fwaas_plugin_v2 from neutron_fwaas.tests import base from neutron_lib import constants as nl_constants from neutron_lib import context +from neutron_lib.exceptions import firewall_v2 as f_exc from neutron_lib.plugins import directory DB_FW_PLUGIN_KLASS = ( @@ -404,7 +405,7 @@ class TestFirewallDBPluginV2(FirewallPluginV2DbTestCase): firewall_rules=fw_rule_ids, audited=AUDITED, tenant_id='admin-tenant') - self.assertEqual(webob.exc.HTTPConflict.code, res.status_int) + self.assertEqual(webob.exc.HTTPNotFound.code, res.status_int) def test_create_firewall_policy_with_previously_associated_rule(self): with self.firewall_rule() as fwr: @@ -424,7 +425,7 @@ class TestFirewallDBPluginV2(FirewallPluginV2DbTestCase): shared=SHARED, firewall_rules=fw_rule_ids, audited=AUDITED) - self.assertEqual(webob.exc.HTTPConflict.code, res.status_int) + self.assertEqual(webob.exc.HTTPNotFound.code, res.status_int) def test_show_firewall_policy(self): name = "firewall_policy1" @@ -620,7 +621,7 @@ class TestFirewallDBPluginV2(FirewallPluginV2DbTestCase): req = self.new_update_request('firewall_policies', data, fwp['firewall_policy']['id']) res = req.get_response(self.ext_api) - self.assertEqual(webob.exc.HTTPConflict.code, res.status_int) + self.assertEqual(webob.exc.HTTPNotFound.code, res.status_int) def test_update_firewall_policy_with_shared_attr_nonshared_rule(self): with self.firewall_rule(name='fwr1', shared=False) as fr: @@ -632,7 +633,7 @@ class TestFirewallDBPluginV2(FirewallPluginV2DbTestCase): req = self.new_update_request('firewall_policies', data, fwp['firewall_policy']['id']) res = req.get_response(self.ext_api) - self.assertEqual(webob.exc.HTTPConflict.code, res.status_int) + self.assertEqual(webob.exc.HTTPNotFound.code, res.status_int) def test_update_firewall_policy_with_shared_attr_exist_unshare_rule(self): with self.firewall_rule(name='fwr1', shared=False) as fr: @@ -664,7 +665,7 @@ class TestFirewallDBPluginV2(FirewallPluginV2DbTestCase): req = self.new_delete_request('firewall_policies', fwp_id) res = req.get_response(self.ext_api) self.assertEqual(204, res.status_int) - self.assertRaises(firewall.FirewallPolicyNotFound, + self.assertRaises(f_exc.FirewallPolicyNotFound, self.plugin.get_firewall_policy, ctx, fwp_id) @@ -688,7 +689,7 @@ class TestFirewallDBPluginV2(FirewallPluginV2DbTestCase): req = self.new_delete_request('firewall_policies', fwp_id) res = req.get_response(self.ext_api) self.assertEqual(204, res.status_int) - self.assertRaises(firewall.FirewallPolicyNotFound, + self.assertRaises(f_exc.FirewallPolicyNotFound, self.plugin.get_firewall_policy, ctx, fwp_id) fw_rule = self.plugin.get_firewall_rule(ctx, fr_id) @@ -1036,7 +1037,7 @@ class TestFirewallDBPluginV2(FirewallPluginV2DbTestCase): req = self.new_delete_request('firewall_rules', fwr_id) res = req.get_response(self.ext_api) self.assertEqual(204, res.status_int) - self.assertRaises(firewall.FirewallRuleNotFound, + self.assertRaises(f_exc.FirewallRuleNotFound, self.plugin.get_firewall_rule, ctx, fwr_id) @@ -1124,7 +1125,7 @@ class TestFirewallDBPluginV2(FirewallPluginV2DbTestCase): description, fwp_id, fwp_id, tenant_id="admin-tenant", context=ctx, - expected_res_status=409) + expected_res_status=404) def test_create_firewall_group_with_admin_and_fwp_is_shared(self): fwg_name = "fw_with_shared_fwp" @@ -1263,7 +1264,7 @@ class TestFirewallDBPluginV2(FirewallPluginV2DbTestCase): req = self.new_update_request('firewall_groups', data, fw_id, context=ctx) res = req.get_response(self.ext_api) - self.assertEqual(409, res.status_int) + self.assertEqual(404, res.status_int) def test_update_firewall_group_fwp_not_found_on_different_tenant(self): with self.firewall_policy(name='fwp1', tenant_id='tenant1', @@ -1299,7 +1300,7 @@ class TestFirewallDBPluginV2(FirewallPluginV2DbTestCase): req = self.new_delete_request('firewall_groups', fw_id) res = req.get_response(self.ext_api) self.assertEqual(204, res.status_int) - self.assertRaises(firewall.FirewallGroupNotFound, + self.assertRaises(f_exc.FirewallGroupNotFound, self.plugin.get_firewall_group, ctx, fw_id) @@ -1379,8 +1380,8 @@ class TestFirewallDBPluginV2(FirewallPluginV2DbTestCase): fwr_id = fwr['firewall_rule']['id'] with self.firewall_policy(firewall_rules=[fwr_id]) as fwp: fwp_id = fwp['firewall_policy']['id'] - msg = "Operation cannot be performed since Firewall Rule " \ - "{0} is already associated with FirewallPolicy " \ + msg = "Operation cannot be performed since firewall rule " \ + "{0} is already associated with firewallpolicy " \ "{1}.".format(fwr_id, fwp_id) result = self._rule_action( 'insert', fwp_id, fwr_id, @@ -1534,8 +1535,8 @@ class TestFirewallDBPluginV2(FirewallPluginV2DbTestCase): with self.firewall_policy(name='firewall_policy2') as fwp: fwp_id = fwp['firewall_policy']['id'] fwr_id = fwr['firewall_rule']['id'] - msg = "Firewall Rule {0} is not associated with " \ - "Firewall Policy {1}.".format(fwr_id, fwp_id) + msg = "Firewall rule {0} is not associated with " \ + "firewall policy {1}.".format(fwr_id, fwp_id) result = self._rule_action( 'remove', fwp_id, fwr_id, insert_before=None, diff --git a/neutron_fwaas/tests/unit/extensions/test_firewall.py b/neutron_fwaas/tests/unit/extensions/test_firewall.py index 07a180564..83b134764 100644 --- a/neutron_fwaas/tests/unit/extensions/test_firewall.py +++ b/neutron_fwaas/tests/unit/extensions/test_firewall.py @@ -20,6 +20,7 @@ from neutron.tests import base from neutron.tests.unit.api.v2 import test_base as test_api_v2 from neutron.tests.unit.extensions import base as test_api_v2_extension from neutron_lib.db import constants as db_const +from neutron_lib.exceptions import firewall_v1 as f_exc from oslo_utils import uuidutils from webob import exc import webtest @@ -628,20 +629,20 @@ class TestFirewallConvertProtocols(base.BaseTestCase): def test_convert_protocol_another_types(self): res = lambda: firewall.convert_protocol(['abc']) - self.assertRaises(firewall.FirewallRuleInvalidProtocol, res) + self.assertRaises(f_exc.FirewallRuleInvalidProtocol, res) res = lambda: firewall.convert_protocol({1: 'foo'}) - self.assertRaises(firewall.FirewallRuleInvalidProtocol, res) + self.assertRaises(f_exc.FirewallRuleInvalidProtocol, res) res = lambda: firewall.convert_protocol((1, 100)) - self.assertRaises(firewall.FirewallRuleInvalidProtocol, res) + self.assertRaises(f_exc.FirewallRuleInvalidProtocol, res) res = lambda: firewall.convert_protocol(object) - self.assertRaises(firewall.FirewallRuleInvalidProtocol, res) + self.assertRaises(f_exc.FirewallRuleInvalidProtocol, res) def test_convert_protocol_invalid_digit(self): res = lambda: firewall.convert_protocol("-1") - self.assertRaises(firewall.FirewallRuleInvalidProtocol, res) + self.assertRaises(f_exc.FirewallRuleInvalidProtocol, res) res = lambda: firewall.convert_protocol("256") - self.assertRaises(firewall.FirewallRuleInvalidProtocol, res) + self.assertRaises(f_exc.FirewallRuleInvalidProtocol, res) def test_convert_protocol_name(self): res = firewall.convert_protocol("tcp") @@ -655,7 +656,7 @@ class TestFirewallConvertProtocols(base.BaseTestCase): def test_convert_protocol_invalid_name(self): res = lambda: firewall.convert_protocol("foo") - self.assertRaises(firewall.FirewallRuleInvalidProtocol, res) + self.assertRaises(f_exc.FirewallRuleInvalidProtocol, res) class TestConvertActionToCaseInsensitive(base.BaseTestCase): diff --git a/neutron_fwaas/tests/unit/services/firewall/test_fwaas_plugin.py b/neutron_fwaas/tests/unit/services/firewall/test_fwaas_plugin.py index 53497690f..426513eec 100644 --- a/neutron_fwaas/tests/unit/services/firewall/test_fwaas_plugin.py +++ b/neutron_fwaas/tests/unit/services/firewall/test_fwaas_plugin.py @@ -25,6 +25,7 @@ from neutron.tests.unit.extensions import test_l3 as test_l3_plugin from neutron_lib.api import attributes as attr from neutron_lib import constants as nl_constants from neutron_lib import context +from neutron_lib.exceptions import firewall_v1 as f_exc from neutron_lib.plugins import constants as plugin_constants from neutron_lib.plugins import directory from oslo_config import cfg @@ -185,7 +186,7 @@ class TestFirewallCallbacks(TestFirewallRouterInsertionBase): ctx.session.flush() res = self.callbacks.firewall_deleted(ctx, fw_id) self.assertTrue(res) - self.assertRaises(firewall.FirewallNotFound, + self.assertRaises(f_exc.FirewallNotFound, self.plugin.get_firewall, ctx, fw_id) @@ -220,7 +221,7 @@ class TestFirewallCallbacks(TestFirewallRouterInsertionBase): observed = self.callbacks.firewall_deleted(ctx, fw_id) self.assertTrue(observed) - self.assertRaises(firewall.FirewallNotFound, + self.assertRaises(f_exc.FirewallNotFound, self.plugin.get_firewall, ctx, fw_id) @@ -535,7 +536,7 @@ class TestFirewallPluginBase(TestFirewallRouterInsertionBase, req = self.new_delete_request('firewalls', fw_id) res = req.get_response(self.ext_api) self.assertEqual(exc.HTTPNoContent.code, res.status_int) - self.assertRaises(firewall.FirewallNotFound, + self.assertRaises(f_exc.FirewallNotFound, self.plugin.get_firewall, ctx, fw_id) @@ -549,7 +550,7 @@ class TestFirewallPluginBase(TestFirewallRouterInsertionBase, req = self.new_delete_request('firewalls', fw_id) res = req.get_response(self.ext_api) self.assertEqual(exc.HTTPNoContent.code, res.status_int) - self.assertRaises(firewall.FirewallNotFound, + self.assertRaises(f_exc.FirewallNotFound, self.plugin.get_firewall, ctx, fw_id) diff --git a/neutron_fwaas/tests/unit/services/firewall/test_fwaas_plugin_v2.py b/neutron_fwaas/tests/unit/services/firewall/test_fwaas_plugin_v2.py index edd21b9e9..c06681adb 100644 --- a/neutron_fwaas/tests/unit/services/firewall/test_fwaas_plugin_v2.py +++ b/neutron_fwaas/tests/unit/services/firewall/test_fwaas_plugin_v2.py @@ -27,6 +27,7 @@ from neutron_fwaas.tests.unit.db.firewall.v2 import ( test_firewall_db_v2 as test_db_firewall) from neutron_lib import constants as nl_constants from neutron_lib import context +from neutron_lib.exceptions import firewall_v2 as f_exc from neutron_lib.plugins import constants as plugin_constants from neutron_lib.plugins import directory @@ -160,7 +161,7 @@ class TestFirewallCallbacks(TestFirewallRouterPortBase): observed = self.callbacks.firewall_group_deleted(ctx, fwg_id) self.assertTrue(observed) - self.assertRaises(firewall_v2.FirewallGroupNotFound, + self.assertRaises(f_exc.FirewallGroupNotFound, self.plugin.get_firewall_group, ctx, fwg_id) @@ -196,7 +197,7 @@ class TestFirewallCallbacks(TestFirewallRouterPortBase): ctx, fwg_id) self.assertTrue(observed) - self.assertRaises(firewall_v2.FirewallGroupNotFound, + self.assertRaises(f_exc.FirewallGroupNotFound, self.plugin.get_firewall_group, ctx, fwg_id)