Send Notifications for Firewall policy updates

Currently notifications are generated for the following: a. When a Firewall is created/deleted b. when a rule is created/deleted/modified c. When a policy is created/deleted. But, after a policy is created, when rules are inserted or removed from a policy, no notifications are generated. These notifications refer to the audit logs for fwaas operations performed by a user. The proposed fix is similar to how notifications are generated for interfaces added or deleted to router and DHCP agent notifications. Change-Id: I7242867e41abc625eb1085983118c09a28249b85 Closes-Bug: #1531011 (cherry picked from commit 79237e5080)
2016-01-21 18:37:46 -08:00 · 2016-01-21 18:37:46 -08:00 · 7c747579c2
parent 4db4a46df1
commit 7c747579c2
2 changed files with 38 additions and 0 deletions
--- a/neutron_fwaas/services/firewall/fwaas_plugin.py
+++ b/neutron_fwaas/services/firewall/fwaas_plugin.py
@ -358,12 +358,18 @@ class FirewallPlugin(
            self._rpc_update_firewall_policy(context, firewall_policy_id)
        return fwr

+    def _notify_firewall_updates(self, context, resource, update_info):
+        notifier = n_rpc.get_notifier('network')
+        notifier.info(context, resource, update_info)
+
    def insert_rule(self, context, id, rule_info):
        LOG.debug("insert_rule() called")
        self._ensure_update_firewall_policy(context, id)
        fwp = super(FirewallPlugin,
                    self).insert_rule(context, id, rule_info)
        self._rpc_update_firewall_policy(context, id)
+        resource = 'firewall_policy.update.insert_rule'
+        self._notify_firewall_updates(context, resource, rule_info)
        return fwp

    def remove_rule(self, context, id, rule_info):
@ -372,6 +378,8 @@ class FirewallPlugin(
        fwp = super(FirewallPlugin,
                    self).remove_rule(context, id, rule_info)
        self._rpc_update_firewall_policy(context, id)
+        resource = 'firewall_policy.update.remove_rule'
+        self._notify_firewall_updates(context, resource, rule_info)
        return fwp

    def get_firewalls(self, context, filters=None, fields=None):
--- a/neutron_fwaas/tests/unit/services/firewall/test_fwaas_plugin.py
+++ b/neutron_fwaas/tests/unit/services/firewall/test_fwaas_plugin.py
@ -19,6 +19,7 @@ from neutron.api.v2 import attributes as attr
 from neutron import context
 from neutron import manager
 from neutron.plugins.common import constants as const
+from neutron.tests import fake_notifier
 from neutron.tests.unit.extensions import test_l3 as test_l3_plugin
 from oslo_config import cfg
 import six
@ -299,6 +300,7 @@ class TestFirewallPluginBase(TestFirewallRouterInsertionBase,

    def setUp(self):
        super(TestFirewallPluginBase, self).setUp(fw_plugin=FW_PLUGIN_KLASS)
+        fake_notifier.reset()

    def tearDown(self):
        super(TestFirewallPluginBase, self).tearDown()
@ -596,6 +598,20 @@ class TestFirewallPluginBase(TestFirewallRouterInsertionBase,
                    self.assertEqual(fr_id,
                                     fw_rules['firewall_rule_list'][0]['id'])

+    def test_insert_rule_notif(self):
+        ctx = context.get_admin_context()
+        with self.firewall_rule() as fwr:
+            fr_id = fwr['firewall_rule']['id']
+            rule_info = {'firewall_rule_id': fr_id}
+            with self.firewall_policy() as fwp:
+                fwp_id = fwp['firewall_policy']['id']
+                with self.firewall(firewall_policy_id=fwp_id):
+                    self.plugin.insert_rule(ctx, fwp_id, rule_info)
+            notifications = fake_notifier.NOTIFICATIONS
+            expected_event_type = 'firewall_policy.update.insert_rule'
+            event_types = [event['event_type'] for event in notifications]
+            self.assertIn(expected_event_type, event_types)
+
    def test_remove_rule(self):
        ctx = context.get_admin_context()
        with self.firewall_rule() as fwr:
@ -624,3 +640,17 @@ class TestFirewallPluginBase(TestFirewallRouterInsertionBase,
            res = req.get_response(self.ext_api)
            self.assertIn('Quota exceeded', res.body.decode('utf-8'))
            self.assertEqual(exc.HTTPConflict.code, res.status_int)
+
+    def test_remove_rule_notif(self):
+        ctx = context.get_admin_context()
+        with self.firewall_rule() as fwr:
+            fr_id = fwr['firewall_rule']['id']
+            rule_info = {'firewall_rule_id': fr_id}
+            with self.firewall_policy(firewall_rules=[fr_id]) as fwp:
+                fwp_id = fwp['firewall_policy']['id']
+                with self.firewall(firewall_policy_id=fwp_id):
+                    self.plugin.remove_rule(ctx, fwp_id, rule_info)
+            notifications = fake_notifier.NOTIFICATIONS
+            expected_event_type = 'firewall_policy.update.remove_rule'
+            event_types = [event['event_type'] for event in notifications]
+            self.assertIn(expected_event_type, event_types)