move neutron only common constants to private module
Almost all of neutron.common.constants is rehomed into neutron_lib.constants now and as per the discussion in [1] it seems most folks think the remaining constants should stay in neutron as they are only used internally within neutron. This patch moves the neutron only neutron.common.constants into a private neutron.common._constants. The former will be removed once we consume the final constants from neutron-lib. [1] https://review.openstack.org/#/c/647807/ Change-Id: I2d65f8fcfa08984ccf60c4d023f9a9d72b89d79c
This commit is contained in:
parent
bb9edb25b0
commit
fb6094fe8d
|
@ -30,6 +30,7 @@ from neutron.agent.linux import ip_conntrack
|
|||
from neutron.agent.linux import ipset_manager
|
||||
from neutron.agent.linux import iptables_comments as ic
|
||||
from neutron.agent.linux import iptables_manager
|
||||
from neutron.common import _constants as const
|
||||
from neutron.common import constants as n_const
|
||||
from neutron.common import ipv6_utils
|
||||
from neutron.common import utils as c_utils
|
||||
|
@ -733,10 +734,10 @@ class IptablesFirewallDriver(firewall.FirewallDriver):
|
|||
# icmp code can be 0 so we cannot use "if port_range_max" here
|
||||
if port_range_max is not None:
|
||||
args[-1] += '/%s' % port_range_max
|
||||
elif protocol in n_const.SG_PORT_PROTO_NAMES:
|
||||
elif protocol in const.SG_PORT_PROTO_NAMES:
|
||||
# iptables protocols that support --dport, --sport and -m multiport
|
||||
if port_range_min == port_range_max:
|
||||
if protocol in n_const.IPTABLES_MULTIPORT_ONLY_PROTOCOLS:
|
||||
if protocol in const.IPTABLES_MULTIPORT_ONLY_PROTOCOLS:
|
||||
# use -m multiport, but without a port range
|
||||
args += ['-m', 'multiport', '--%ss' % direction,
|
||||
'%s' % port_range_min]
|
||||
|
|
|
@ -0,0 +1,42 @@
|
|||
# Copyright (c) 2012 OpenStack Foundation.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
# implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
from neutron_lib import constants
|
||||
|
||||
# NOTE(boden): This module is common constants for neutron only.
|
||||
# Any constants used outside of neutron should go into neutron-lib.
|
||||
|
||||
|
||||
# Security group protocols that support ports
|
||||
SG_PORT_PROTO_NUMS = [
|
||||
constants.PROTO_NUM_DCCP,
|
||||
constants.PROTO_NUM_SCTP,
|
||||
constants.PROTO_NUM_TCP,
|
||||
constants.PROTO_NUM_UDP,
|
||||
constants.PROTO_NUM_UDPLITE
|
||||
]
|
||||
|
||||
SG_PORT_PROTO_NAMES = [
|
||||
constants.PROTO_NAME_DCCP,
|
||||
constants.PROTO_NAME_SCTP,
|
||||
constants.PROTO_NAME_TCP,
|
||||
constants.PROTO_NAME_UDP,
|
||||
constants.PROTO_NAME_UDPLITE
|
||||
]
|
||||
|
||||
# iptables protocols that only support --dport and --sport using -m multiport
|
||||
IPTABLES_MULTIPORT_ONLY_PROTOCOLS = [
|
||||
constants.PROTO_NAME_UDPLITE
|
||||
]
|
|
@ -132,28 +132,6 @@ IPTABLES_PROTOCOL_NAME_MAP = {lib_constants.PROTO_NAME_IPV6_ENCAP: 'ipv6',
|
|||
'141': 'wesp',
|
||||
'142': 'rohc'}
|
||||
|
||||
# Security group protocols that support ports
|
||||
SG_PORT_PROTO_NUMS = [
|
||||
lib_constants.PROTO_NUM_DCCP,
|
||||
lib_constants.PROTO_NUM_SCTP,
|
||||
lib_constants.PROTO_NUM_TCP,
|
||||
lib_constants.PROTO_NUM_UDP,
|
||||
lib_constants.PROTO_NUM_UDPLITE
|
||||
]
|
||||
|
||||
SG_PORT_PROTO_NAMES = [
|
||||
lib_constants.PROTO_NAME_DCCP,
|
||||
lib_constants.PROTO_NAME_SCTP,
|
||||
lib_constants.PROTO_NAME_TCP,
|
||||
lib_constants.PROTO_NAME_UDP,
|
||||
lib_constants.PROTO_NAME_UDPLITE
|
||||
]
|
||||
|
||||
# iptables protocols that only support --dport and --sport using -m multiport
|
||||
IPTABLES_MULTIPORT_ONLY_PROTOCOLS = [
|
||||
lib_constants.PROTO_NAME_UDPLITE
|
||||
]
|
||||
|
||||
# A length of a iptables chain name must be less than or equal to 11
|
||||
# characters.
|
||||
# <max length of iptables chain name> - (<binary_name> + '-') = 28-(16+1) = 11
|
||||
|
|
|
@ -32,6 +32,7 @@ import six
|
|||
from sqlalchemy.orm import scoped_session
|
||||
|
||||
from neutron._i18n import _
|
||||
from neutron.common import _constants as const
|
||||
from neutron.common import constants as n_const
|
||||
from neutron.common import utils
|
||||
from neutron.db.models import securitygroup as sg_models
|
||||
|
@ -474,8 +475,8 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase,
|
|||
ip_proto = self._get_ip_proto_number(rule['protocol'])
|
||||
# Not all firewall_driver support all these protocols,
|
||||
# but being strict here doesn't hurt.
|
||||
if (ip_proto in n_const.SG_PORT_PROTO_NUMS or
|
||||
ip_proto in n_const.SG_PORT_PROTO_NAMES):
|
||||
if (ip_proto in const.SG_PORT_PROTO_NUMS or
|
||||
ip_proto in const.SG_PORT_PROTO_NAMES):
|
||||
if rule['port_range_min'] == 0 or rule['port_range_max'] == 0:
|
||||
raise ext_sg.SecurityGroupInvalidPortValue(port=0)
|
||||
elif (rule['port_range_min'] is not None and
|
||||
|
@ -501,7 +502,7 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase,
|
|||
if (rule['port_range_min'] is not None or
|
||||
rule['port_range_max'] is not None):
|
||||
port_protocols = (
|
||||
', '.join(s.upper() for s in n_const.SG_PORT_PROTO_NAMES))
|
||||
', '.join(s.upper() for s in const.SG_PORT_PROTO_NAMES))
|
||||
raise ext_sg.SecurityGroupInvalidProtocolForPort(
|
||||
protocol=ip_proto, valid_port_protocols=port_protocols)
|
||||
|
||||
|
|
Loading…
Reference in New Issue