Send Notifications for Firewall policy updates
Currently notifications are generated for the following:
a. When a Firewall is created/deleted
b. when a rule is created/deleted/modified
c. When a policy is created/deleted.
But, after a policy is created, when rules are inserted or
removed from a policy, no notifications are generated.
These notifications refer to the audit logs for
fwaas operations performed by a user.
The proposed fix is similar to how notifications are generated
for interfaces added or deleted to router and DHCP agent notifications.
Change-Id: I7242867e41abc625eb1085983118c09a28249b85
Closes-Bug: #1531011
(cherry picked from commit 79237e5080
)
This commit is contained in:
parent
4db4a46df1
commit
7c747579c2
|
@ -358,12 +358,18 @@ class FirewallPlugin(
|
|||
self._rpc_update_firewall_policy(context, firewall_policy_id)
|
||||
return fwr
|
||||
|
||||
def _notify_firewall_updates(self, context, resource, update_info):
|
||||
notifier = n_rpc.get_notifier('network')
|
||||
notifier.info(context, resource, update_info)
|
||||
|
||||
def insert_rule(self, context, id, rule_info):
|
||||
LOG.debug("insert_rule() called")
|
||||
self._ensure_update_firewall_policy(context, id)
|
||||
fwp = super(FirewallPlugin,
|
||||
self).insert_rule(context, id, rule_info)
|
||||
self._rpc_update_firewall_policy(context, id)
|
||||
resource = 'firewall_policy.update.insert_rule'
|
||||
self._notify_firewall_updates(context, resource, rule_info)
|
||||
return fwp
|
||||
|
||||
def remove_rule(self, context, id, rule_info):
|
||||
|
@ -372,6 +378,8 @@ class FirewallPlugin(
|
|||
fwp = super(FirewallPlugin,
|
||||
self).remove_rule(context, id, rule_info)
|
||||
self._rpc_update_firewall_policy(context, id)
|
||||
resource = 'firewall_policy.update.remove_rule'
|
||||
self._notify_firewall_updates(context, resource, rule_info)
|
||||
return fwp
|
||||
|
||||
def get_firewalls(self, context, filters=None, fields=None):
|
||||
|
|
|
@ -19,6 +19,7 @@ from neutron.api.v2 import attributes as attr
|
|||
from neutron import context
|
||||
from neutron import manager
|
||||
from neutron.plugins.common import constants as const
|
||||
from neutron.tests import fake_notifier
|
||||
from neutron.tests.unit.extensions import test_l3 as test_l3_plugin
|
||||
from oslo_config import cfg
|
||||
import six
|
||||
|
@ -299,6 +300,7 @@ class TestFirewallPluginBase(TestFirewallRouterInsertionBase,
|
|||
|
||||
def setUp(self):
|
||||
super(TestFirewallPluginBase, self).setUp(fw_plugin=FW_PLUGIN_KLASS)
|
||||
fake_notifier.reset()
|
||||
|
||||
def tearDown(self):
|
||||
super(TestFirewallPluginBase, self).tearDown()
|
||||
|
@ -596,6 +598,20 @@ class TestFirewallPluginBase(TestFirewallRouterInsertionBase,
|
|||
self.assertEqual(fr_id,
|
||||
fw_rules['firewall_rule_list'][0]['id'])
|
||||
|
||||
def test_insert_rule_notif(self):
|
||||
ctx = context.get_admin_context()
|
||||
with self.firewall_rule() as fwr:
|
||||
fr_id = fwr['firewall_rule']['id']
|
||||
rule_info = {'firewall_rule_id': fr_id}
|
||||
with self.firewall_policy() as fwp:
|
||||
fwp_id = fwp['firewall_policy']['id']
|
||||
with self.firewall(firewall_policy_id=fwp_id):
|
||||
self.plugin.insert_rule(ctx, fwp_id, rule_info)
|
||||
notifications = fake_notifier.NOTIFICATIONS
|
||||
expected_event_type = 'firewall_policy.update.insert_rule'
|
||||
event_types = [event['event_type'] for event in notifications]
|
||||
self.assertIn(expected_event_type, event_types)
|
||||
|
||||
def test_remove_rule(self):
|
||||
ctx = context.get_admin_context()
|
||||
with self.firewall_rule() as fwr:
|
||||
|
@ -624,3 +640,17 @@ class TestFirewallPluginBase(TestFirewallRouterInsertionBase,
|
|||
res = req.get_response(self.ext_api)
|
||||
self.assertIn('Quota exceeded', res.body.decode('utf-8'))
|
||||
self.assertEqual(exc.HTTPConflict.code, res.status_int)
|
||||
|
||||
def test_remove_rule_notif(self):
|
||||
ctx = context.get_admin_context()
|
||||
with self.firewall_rule() as fwr:
|
||||
fr_id = fwr['firewall_rule']['id']
|
||||
rule_info = {'firewall_rule_id': fr_id}
|
||||
with self.firewall_policy(firewall_rules=[fr_id]) as fwp:
|
||||
fwp_id = fwp['firewall_policy']['id']
|
||||
with self.firewall(firewall_policy_id=fwp_id):
|
||||
self.plugin.remove_rule(ctx, fwp_id, rule_info)
|
||||
notifications = fake_notifier.NOTIFICATIONS
|
||||
expected_event_type = 'firewall_policy.update.remove_rule'
|
||||
event_types = [event['event_type'] for event in notifications]
|
||||
self.assertIn(expected_event_type, event_types)
|
||||
|
|
Loading…
Reference in New Issue