Merge "Restore Brocade Vyatta firewall functionality" into stable/kilo
This commit is contained in:
commit
331316624a
|
@ -0,0 +1,58 @@
|
|||
# Copyright 2015 Brocade Communications System, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
|
||||
from neutron.callbacks import events
|
||||
from neutron.callbacks import registry
|
||||
from neutron.callbacks import resources
|
||||
from neutron import context
|
||||
from oslo_log import log as logging
|
||||
|
||||
from neutron_fwaas.services.firewall.agents.vyatta import vyatta_utils
|
||||
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
|
||||
class VyattaFirewallService(object):
|
||||
# TODO(vishwanathj): Code to be revised in Liberty release to use
|
||||
# the base class firewall_service.FirewallService for registrations
|
||||
def __init__(self, l3_agent):
|
||||
self.conf = l3_agent.conf
|
||||
registry.subscribe(
|
||||
sync_firewall_zones, resources.ROUTER, events.AFTER_CREATE)
|
||||
registry.subscribe(
|
||||
sync_firewall_zones, resources.ROUTER, events.AFTER_DELETE)
|
||||
registry.subscribe(
|
||||
sync_firewall_zones, resources.ROUTER, events.AFTER_UPDATE)
|
||||
|
||||
|
||||
def sync_firewall_zones(resource, event, l3_agent, **kwargs):
|
||||
LOG.debug('VyattaFirewallService:: sync_firewall_zones() called')
|
||||
|
||||
ri = kwargs['router']
|
||||
|
||||
ctx = context.Context(None, ri.router['tenant_id'])
|
||||
client = l3_agent._vyatta_clients_pool.get_by_db_lookup(
|
||||
ri.router['id'], ctx)
|
||||
fw_list = l3_agent.fwplugin_rpc.get_firewalls_for_tenant(ctx)
|
||||
if fw_list:
|
||||
zone_cmds = []
|
||||
for fw in fw_list:
|
||||
if ri.router['id'] in fw['router_ids']:
|
||||
fw_name = vyatta_utils.get_firewall_name(ri, fw)
|
||||
zone_cmds.extend(vyatta_utils.get_zone_cmds(client, ri,
|
||||
fw_name))
|
||||
client.exec_cmd_batch(zone_cmds)
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2015 OpenStack Foundation.
|
||||
# Copyright 2015 Brocade Communications System, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
|
@ -16,34 +16,21 @@
|
|||
|
||||
from networking_brocade.vyatta.common import l3_agent as vyatta_l3
|
||||
from neutron.agent import l3_agent
|
||||
from neutron import context
|
||||
from oslo_log import log as logging
|
||||
|
||||
from neutron_fwaas.services.firewall.agents.vyatta import vyatta_utils
|
||||
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
from neutron_fwaas.services.firewall.agents.vyatta import firewall_service
|
||||
|
||||
|
||||
class VyattaFirewallAgent(vyatta_l3.L3AgentMiddleware):
|
||||
"""Brocade Neutron Firewall agent for Vyatta vRouter.
|
||||
|
||||
Configures zone policies on Vyatta vRouter instance.
|
||||
The base class FWaaSL3AgentRpcCallback of the VyattaFirewallAgent creates
|
||||
the reference FirewallService object that loads the VyattaFirewallDriver
|
||||
class.The VyattaFirewallService class registers callbacks and subscribes
|
||||
to router events.
|
||||
"""
|
||||
def process_router(self, ri):
|
||||
LOG.debug("VyattaFirewallAgent:: process_router() called")
|
||||
ctx = context.Context(None, ri.router['tenant_id'])
|
||||
client = self._vyatta_clients_pool.get_by_db_lookup(
|
||||
ri.router['id'], ctx)
|
||||
fw_list = self.fwplugin_rpc.get_firewalls_for_tenant(ctx)
|
||||
if fw_list:
|
||||
zone_cmds = []
|
||||
for fw in fw_list:
|
||||
if ri.router['id'] in fw['router_ids']:
|
||||
fw_name = vyatta_utils.get_firewall_name(ri, fw)
|
||||
zone_cmds.extend(vyatta_utils.get_zone_cmds(client, ri,
|
||||
fw_name))
|
||||
client.exec_cmd_batch(zone_cmds)
|
||||
def __init__(self, host, conf=None):
|
||||
super(VyattaFirewallAgent, self).__init__(host, conf)
|
||||
self.service = firewall_service.VyattaFirewallService(self)
|
||||
|
||||
|
||||
def main():
|
||||
|
|
|
@ -22,9 +22,10 @@ from neutron.tests import base
|
|||
|
||||
|
||||
class FakeL3AgentMidleware(object):
|
||||
def __init__(self, host):
|
||||
def __init__(self, host, conf=None):
|
||||
self._vyatta_clients_pool = mock.Mock()
|
||||
self.fwplugin_rpc = mock.Mock()
|
||||
self.conf = conf
|
||||
|
||||
# Mocking imports of 3rd party vyatta library in unit tests and all modules
|
||||
# that depends on this library. Import will fail if not mocked and 3rd party
|
||||
|
@ -37,6 +38,7 @@ with mock.patch.dict(sys.modules, {
|
|||
}):
|
||||
from networking_brocade.vyatta.common import l3_agent
|
||||
l3_agent.L3AgentMiddleware = FakeL3AgentMidleware
|
||||
from neutron_fwaas.services.firewall.agents.vyatta import firewall_service
|
||||
from neutron_fwaas.services.firewall.agents.vyatta import fwaas_agent
|
||||
from neutron_fwaas.services.firewall.agents.vyatta import vyatta_utils
|
||||
|
||||
|
@ -45,9 +47,9 @@ def fake_cmd(*args, **kwargs):
|
|||
return (args, kwargs)
|
||||
|
||||
|
||||
class TestVyattaFirewallAgent(base.BaseTestCase):
|
||||
class TestVyattaFirewallService(base.BaseTestCase):
|
||||
|
||||
def test_process_router(self):
|
||||
def test_sync_firewall_zones(self):
|
||||
agent = self._make_agent()
|
||||
|
||||
fake_client = mock.Mock()
|
||||
|
@ -84,7 +86,8 @@ class TestVyattaFirewallAgent(base.BaseTestCase):
|
|||
vyatta_utils, 'get_zone_cmds') as get_zone_mock:
|
||||
get_zone_mock.return_value = cmd_list
|
||||
|
||||
agent.process_router(router_info)
|
||||
firewall_service.sync_firewall_zones(
|
||||
None, None, agent, router=router_info)
|
||||
|
||||
agent._vyatta_clients_pool.get_by_db_lookup.assert_called_once_with(
|
||||
router_info.router['id'], mock.ANY)
|
Loading…
Reference in New Issue