FWaaS v2: L3 logging agent extension

This patch introduces L3 logging agent extension for firewall group.
It also configures the extension for devstack when log plugin is
enabled.

Co-Authored-By: Kim Bao Long <longkb@vn.fujitsu.com>
Partial-Bug: #1720727
Change-Id: I4d9af5325f157fbb35ea6fdb25723268856a0db4

devstack/plugin.sh

@@ -54,6 +54,10 @@ function configure_fwaas_v2() {
     iniset /$NEUTRON_CORE_PLUGIN_CONF agent extensions fwaas_v2
 }
 
+function configure_l3_log_fwaas_v2(){
+    iniadd $Q_L3_CONF_FILE agent extensions fwaas_v2_log
+}
+
 function neutron_fwaas_generate_config_files {
     (cd $NEUTRON_FWAAS_DIR && exec ./tools/generate_config_file_samples.sh)
 }
@@ -113,6 +117,10 @@ if is_service_enabled q-svc neutron-api && is_service_enabled q-fwaas q-fwaas-v1
         elif is_service_enabled q-fwaas-v2 neutron-fwaas-v2; then
             echo_summary "Configuring neutron-fwaas for FWaaS v2"
             configure_fwaas_v2
+            if is_service_enabled q-log neutron-log; then
+                echo_summary "Configuring FwaaS V2 packet log for l3 extension"
+                configure_l3_log_fwaas_v2
+            fi
         else
             echo_summary "Configuring neutron-fwaas for FWaaS v1"
             configure_fwaas_v1

neutron_fwaas/services/logapi/agents/l3/fwg_log.py

@@ -0,0 +1,36 @@
+# Copyright (c) 2018 Fujitsu Limited
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from neutron.services.logapi.agent.l3 import base
+from neutron.services.logapi.agent import log_extension as log_ext
+from neutron.services.logapi.rpc import agent as agent_rpc
+from neutron_lib.agent import l3_extension
+
+#TODO(annp) move to neutron-lib
+FIREWALL_LOG_DRIVER_NAME = 'fwaas_v2_log'
+
+
+class FWaaSL3LoggingExtension(base.L3LoggingExtensionBase,
+                          l3_extension.L3AgentExtension):
+
+    def initialize(self, connection, driver_type):
+        """Initialize L3 logging agent extension"""
+
+        fw_log_cls = self._load_driver_cls(
+            log_ext.LOGGING_DRIVERS_NAMESPACE, FIREWALL_LOG_DRIVER_NAME)
+        self.log_driver = fw_log_cls(self.agent_api)
+        self.resource_rpc = agent_rpc.LoggingApiStub()
+        self._register_rpc_consumers()
+        self.log_driver.initialize(self.resource_rpc)

neutron_fwaas/tests/unit/services/logapi/agents/l3/test_fwg_log.py

@@ -0,0 +1,51 @@
+# Copyright (c) 2018 Fujitsu Limited.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+import mock
+
+from neutron.api.rpc.callbacks.consumer import registry
+from neutron.api.rpc.callbacks import resources
+from neutron.api.rpc.handlers import resources_rpc
+from neutron.tests.unit.services.logapi.agent.l3 import test_base as base
+from neutron_lib import constants as lib_const
+
+from neutron_fwaas.services.logapi.agents.l3 import fwg_log
+
+
+class FWaaSL3LoggingExtensionInitializeTestCase(base.L3LoggingExtBaseTestCase):
+
+    def setUp(self):
+        super(FWaaSL3LoggingExtensionInitializeTestCase, self).setUp()
+        self.fw_l3_log_ext = fwg_log.FWaaSL3LoggingExtension()
+        self.fw_l3_log_ext.consume_api(self.agent_api)
+
+    @mock.patch.object(registry, 'register')
+    @mock.patch.object(resources_rpc, 'ResourcesPushRpcCallback')
+    def test_initialize_subscribed_to_rpc(self, rpc_mock, subscribe_mock):
+        call_to_patch = 'neutron.common.rpc.Connection'
+        with mock.patch(call_to_patch,
+                        return_value=self.connection) as create_connection:
+            self.fw_l3_log_ext.initialize(
+                self.connection, lib_const.L3_AGENT_MODE)
+            create_connection.assert_has_calls([mock.call()])
+            self.connection.create_consumer.assert_has_calls(
+                [mock.call(
+                     resources_rpc.resource_type_versioned_topic(
+                         resources.LOGGING_RESOURCE),
+                     [rpc_mock()],
+                     fanout=True)]
+            )
+            subscribe_mock.assert_called_with(
+                mock.ANY, resources.LOGGING_RESOURCE)

setup.cfg

@@ -57,6 +57,7 @@ neutron.agent.l2.firewall_drivers =
 neutron.agent.l3.extensions =
     fwaas = neutron_fwaas.services.firewall.service_drivers.agents.l3reference.firewall_l3_agent:L3WithFWaaS
     fwaas_v2 = neutron_fwaas.services.firewall.service_drivers.agents.l3reference.firewall_l3_agent_v2:L3WithFWaaS
+    fwaas_v2_log = neutron_fwaas.services.logapi.agents.l3.fwg_log:FWaaSL3LoggingExtension
 neutron.agent.l3.firewall_drivers =
     conntrack = neutron_fwaas.services.firewall.service_drivers.agents.drivers.linux.legacy_conntrack:ConntrackLegacy
     netlink_conntrack = neutron_fwaas.services.firewall.service_drivers.agents.drivers.linux.netlink_conntrack:ConntrackNetlink