Merge "Restore Brocade Vyatta firewall functionality" into stable/kilo

This commit is contained in:
Jenkins 2015-04-22 17:50:14 +00:00 committed by Gerrit Code Review
commit 331316624a
3 changed files with 74 additions and 26 deletions

View File

@ -0,0 +1,58 @@
# Copyright 2015 Brocade Communications System, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
from neutron.callbacks import events
from neutron.callbacks import registry
from neutron.callbacks import resources
from neutron import context
from oslo_log import log as logging
from neutron_fwaas.services.firewall.agents.vyatta import vyatta_utils
LOG = logging.getLogger(__name__)
class VyattaFirewallService(object):
# TODO(vishwanathj): Code to be revised in Liberty release to use
# the base class firewall_service.FirewallService for registrations
def __init__(self, l3_agent):
self.conf = l3_agent.conf
registry.subscribe(
sync_firewall_zones, resources.ROUTER, events.AFTER_CREATE)
registry.subscribe(
sync_firewall_zones, resources.ROUTER, events.AFTER_DELETE)
registry.subscribe(
sync_firewall_zones, resources.ROUTER, events.AFTER_UPDATE)
def sync_firewall_zones(resource, event, l3_agent, **kwargs):
LOG.debug('VyattaFirewallService:: sync_firewall_zones() called')
ri = kwargs['router']
ctx = context.Context(None, ri.router['tenant_id'])
client = l3_agent._vyatta_clients_pool.get_by_db_lookup(
ri.router['id'], ctx)
fw_list = l3_agent.fwplugin_rpc.get_firewalls_for_tenant(ctx)
if fw_list:
zone_cmds = []
for fw in fw_list:
if ri.router['id'] in fw['router_ids']:
fw_name = vyatta_utils.get_firewall_name(ri, fw)
zone_cmds.extend(vyatta_utils.get_zone_cmds(client, ri,
fw_name))
client.exec_cmd_batch(zone_cmds)

View File

@ -1,4 +1,4 @@
# Copyright 2015 OpenStack Foundation.
# Copyright 2015 Brocade Communications System, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
@ -16,34 +16,21 @@
from networking_brocade.vyatta.common import l3_agent as vyatta_l3
from neutron.agent import l3_agent
from neutron import context
from oslo_log import log as logging
from neutron_fwaas.services.firewall.agents.vyatta import vyatta_utils
LOG = logging.getLogger(__name__)
from neutron_fwaas.services.firewall.agents.vyatta import firewall_service
class VyattaFirewallAgent(vyatta_l3.L3AgentMiddleware):
"""Brocade Neutron Firewall agent for Vyatta vRouter.
Configures zone policies on Vyatta vRouter instance.
The base class FWaaSL3AgentRpcCallback of the VyattaFirewallAgent creates
the reference FirewallService object that loads the VyattaFirewallDriver
class.The VyattaFirewallService class registers callbacks and subscribes
to router events.
"""
def process_router(self, ri):
LOG.debug("VyattaFirewallAgent:: process_router() called")
ctx = context.Context(None, ri.router['tenant_id'])
client = self._vyatta_clients_pool.get_by_db_lookup(
ri.router['id'], ctx)
fw_list = self.fwplugin_rpc.get_firewalls_for_tenant(ctx)
if fw_list:
zone_cmds = []
for fw in fw_list:
if ri.router['id'] in fw['router_ids']:
fw_name = vyatta_utils.get_firewall_name(ri, fw)
zone_cmds.extend(vyatta_utils.get_zone_cmds(client, ri,
fw_name))
client.exec_cmd_batch(zone_cmds)
def __init__(self, host, conf=None):
super(VyattaFirewallAgent, self).__init__(host, conf)
self.service = firewall_service.VyattaFirewallService(self)
def main():

View File

@ -22,9 +22,10 @@ from neutron.tests import base
class FakeL3AgentMidleware(object):
def __init__(self, host):
def __init__(self, host, conf=None):
self._vyatta_clients_pool = mock.Mock()
self.fwplugin_rpc = mock.Mock()
self.conf = conf
# Mocking imports of 3rd party vyatta library in unit tests and all modules
# that depends on this library. Import will fail if not mocked and 3rd party
@ -37,6 +38,7 @@ with mock.patch.dict(sys.modules, {
}):
from networking_brocade.vyatta.common import l3_agent
l3_agent.L3AgentMiddleware = FakeL3AgentMidleware
from neutron_fwaas.services.firewall.agents.vyatta import firewall_service
from neutron_fwaas.services.firewall.agents.vyatta import fwaas_agent
from neutron_fwaas.services.firewall.agents.vyatta import vyatta_utils
@ -45,9 +47,9 @@ def fake_cmd(*args, **kwargs):
return (args, kwargs)
class TestVyattaFirewallAgent(base.BaseTestCase):
class TestVyattaFirewallService(base.BaseTestCase):
def test_process_router(self):
def test_sync_firewall_zones(self):
agent = self._make_agent()
fake_client = mock.Mock()
@ -84,7 +86,8 @@ class TestVyattaFirewallAgent(base.BaseTestCase):
vyatta_utils, 'get_zone_cmds') as get_zone_mock:
get_zone_mock.return_value = cmd_list
agent.process_router(router_info)
firewall_service.sync_firewall_zones(
None, None, agent, router=router_info)
agent._vyatta_clients_pool.get_by_db_lookup.assert_called_once_with(
router_info.router['id'], mock.ANY)