Continue to flesh out the Database API

Begin to follow the pattern of passing in a context, that contains a session which is used to conduct database transactions and operations. Change-Id: I4a0cfe45bf51d5548eb9e2fd0206cb51b44320e8
2015-11-02 05:42:36 +09:00 · 2015-11-02 05:42:36 +09:00 · 79cc73fcd3
parent c6e1f91681
commit 79cc73fcd3
3 changed files with 102 additions and 14 deletions
--- a/neutron_classifier/common/constants.py
+++ b/neutron_classifier/common/constants.py
@ -7,4 +7,4 @@ PROTOCOLS = ['tcp', 'udp', 'icmp', 'icmpv6']

 ENCAPSULATION_TYPES = ['vxlan', 'gre']

-NEUTRON_SERVICES = ['neutron-fwaas', 'networking-sfc']
+NEUTRON_SERVICES = ['neutron-fwaas', 'networking-sfc', 'security-group']
--- a/neutron_classifier/db/api.py
+++ b/neutron_classifier/db/api.py
@ -19,9 +19,56 @@ def get_classifier_chain():
    pass


-def create_classifier_chain(classifier_group, classifier):
+def create_classifier_chain(context, classifier_group, classifier):
    chain = models.ClassifierChainEntry()
    chain.sequence = 1
    chain.classifier = classifier
    chain.classifier_group = classifier_group
+    context.session.add(chain)
+    context.session.commit()
    return chain
+
+
+def convert_security_group_rule_to_classifier(context, security_group_rule):
+    # TODO(sc68cal) Pass in the classifier group
+    group = models.ClassifierGroup()
+    group.service = 'security-group'
+
+    # Pull the source from the SG rule
+    cl1 = models.IpClassifier()
+    cl1.source_ip_prefix = security_group_rule['remote_ip_prefix']
+
+    # Ports
+    cl2 = models.TransportClassifier()
+    cl2.destination_port_range_min = security_group_rule['port_range_min']
+    cl2.destination_port_range_max = security_group_rule['port_range_max']
+
+    chain1 = models.ClassifierChainEntry()
+    chain1.classifier_group = group
+    chain1.classifier = cl1
+    chain1.sequence = 1
+
+    chain2 = models.ClassifierChainEntry()
+    chain2.classifier_group = group
+    chain2.classifier = cl2
+    # Security Group classifiers might not need to be nested or have sequences?
+    chain2.sequence = 1
+    context.session.add(group)
+    context.session.add(cl1)
+    context.session.add(cl2)
+    context.session.add(chain1)
+    context.session.add(chain2)
+    context.session.commit()
+    return group
+
+
+def convert_firewall_rule_to_classifier(context, firewall_rule):
+    pass
+
+
+def convert_classifier_chain_to_security_group(context, chain_id):
+    pass
+
+
+def convert_classifier_to_firewall_policy(context, chain_id):
+    pass
--- a/neutron_classifier/tests/test_db_api.py
+++ b/neutron_classifier/tests/test_db_api.py
@ -16,18 +16,26 @@ from neutron_classifier.db import models
 import sqlalchemy as sa
 from sqlalchemy.orm import sessionmaker

-from oslotest import base
 from oslo_utils import uuidutils
+from oslotest import base
+
+
+class ClassifierTestContext(object):
+    "Classifier Database Context."
+    engine = None
+    session = None
+
+    def __init__(self):
+        self.engine = sa.create_engine('sqlite:///:memory:', echo=True)
+        self.session = sessionmaker(bind=self.engine)()


 class DbApiTestCase(base.BaseTestCase):

    def setUp(self):
        super(DbApiTestCase, self).setUp()
-        engine = sa.create_engine('sqlite:///:memory:', echo=True)
-        Session = sessionmaker(bind=engine)
-        self.session = Session()
-        models.Base.metadata.create_all(engine)
+        self.context = ClassifierTestContext()
+        models.Base.metadata.create_all(self.context.engine)

    def test_create_classifier_chain(self):
        # TODO(sc68cal) Make this not hacky, and make it pass a session
@ -39,10 +47,43 @@ class DbApiTestCase(base.BaseTestCase):
        a.description = 'ensure all data inserted correctly'
        a.service = 'neutron-fwaas'
        b = models.IpClassifier()
-        b.destination_ip_prefix = "fd70:fbb6:449e::/48"
-        b.source_ip_prefix = "fddf:cb3b:bc4::/48"
-        result = api.create_classifier_chain(a, b)
-        self.session.add(a)
-        self.session.add(b)
-        self.session.add(result)
-        self.session.commit()
+        b.destination_ip_prefix = 'fd70:fbb6:449e::/48'
+        b.source_ip_prefix = 'fddf:cb3b:bc4::/48'
+        result = api.create_classifier_chain(self.context, a, b)
+        self.assertIsNotNone(result)
+
+    def test_convert_security_group_rule_to_classifier(self):
+        sg_rule = {'direction': 'INGRESS',
+                   'protocol': 'tcp',
+                   'ethertype': 6,
+                   'tenant_id': 'fake_tenant',
+                   'port_range_min': 80,
+                   'port_range_max': 80,
+                   'remote_ip_prefix': 'fddf:cb3b:bc4::/48',
+                   }
+        api.convert_security_group_rule_to_classifier(self.context, sg_rule)
+
+    def test_convert_firewall_rule_to_classifier(self):
+        firewall_rule = {'protocol': 'foo',
+                         'ip_version': 6,
+                         'source_ip_address': 'fddf:cb3b:bc4::/48',
+                         'destination_ip_address': 'fddf:cb3b:b33f::/48',
+                         'source_port': 80,
+                         'destination_port': 80,
+                         'position': 1,
+                         'action': 'ALLOW',
+                         'enabled': True
+                         }
+        api.convert_firewall_rule_to_classifier(self.context, firewall_rule)
+
+    def test_convert_firewall_policy_to_classifier_chain(self):
+        pass
+
+    def test_convert_security_group_to_classifier_chain(self):
+        pass
+
+    def test_convert_classifier_chain_to_security_group(self):
+        pass
+
+    def test_convert_classifier_chain_to_firewall_policy(self):
+        pass