Enforce log hints in neutron.services.firewall
This change enforces log hints use and removes debug level log translation, modifications are validated through a hacking rule. Validate that hacking rules apply to directories: - neutron/services/firewall Change-Id: Ie3f75fe207652cbd800cef067a89a819696d1f3a Partial-bug: #1320867
This commit is contained in:
parent
fa70c4011f
commit
cc537ebf57
|
@ -57,6 +57,7 @@ def _directory_to_check_translation(filename):
|
|||
"neutron/openstack",
|
||||
"neutron/scheduler",
|
||||
"neutron/server",
|
||||
"neutron/services/firewall",
|
||||
"neutron/services/l3_router"]
|
||||
return any([dir in filename for dir in dirs])
|
||||
|
||||
|
|
|
@ -20,6 +20,7 @@ from neutron.agent.linux import ip_lib
|
|||
from neutron.common import topics
|
||||
from neutron import context
|
||||
from neutron.extensions import firewall as fw_ext
|
||||
from neutron.openstack.common.gettextutils import _LE
|
||||
from neutron.openstack.common import importutils
|
||||
from neutron.openstack.common import log as logging
|
||||
from neutron.plugins.common import constants
|
||||
|
@ -36,7 +37,7 @@ class FWaaSL3PluginApi(api.FWaaSPluginApiMixin):
|
|||
|
||||
def get_firewalls_for_tenant(self, context, **kwargs):
|
||||
"""Get the Firewalls with rules from the Plugin to send to driver."""
|
||||
LOG.debug(_("Retrieve Firewall with rules from Plugin"))
|
||||
LOG.debug("Retrieve Firewall with rules from Plugin")
|
||||
|
||||
return self.call(context,
|
||||
self.make_msg('get_firewalls_for_tenant',
|
||||
|
@ -44,7 +45,7 @@ class FWaaSL3PluginApi(api.FWaaSPluginApiMixin):
|
|||
|
||||
def get_tenants_with_firewalls(self, context, **kwargs):
|
||||
"""Get all Tenants that have Firewalls configured from plugin."""
|
||||
LOG.debug(_("Retrieve Tenants with Firewalls configured from Plugin"))
|
||||
LOG.debug("Retrieve Tenants with Firewalls configured from Plugin")
|
||||
|
||||
return self.call(context,
|
||||
self.make_msg('get_tenants_with_firewalls',
|
||||
|
@ -55,7 +56,7 @@ class FWaaSL3AgentRpcCallback(api.FWaaSAgentRpcCallbackMixin):
|
|||
"""FWaaS Agent support to be used by Neutron L3 agent."""
|
||||
|
||||
def __init__(self, conf):
|
||||
LOG.debug(_("Initializing firewall agent"))
|
||||
LOG.debug("Initializing firewall agent")
|
||||
self.conf = conf
|
||||
fwaas_driver_class_path = cfg.CONF.fwaas.driver
|
||||
self.fwaas_enabled = cfg.CONF.fwaas.enabled
|
||||
|
@ -76,8 +77,7 @@ class FWaaSL3AgentRpcCallback(api.FWaaSAgentRpcCallbackMixin):
|
|||
try:
|
||||
self.fwaas_driver = importutils.import_object(
|
||||
fwaas_driver_class_path)
|
||||
LOG.debug(_("FWaaS Driver Loaded: '%s'"),
|
||||
fwaas_driver_class_path)
|
||||
LOG.debug("FWaaS Driver Loaded: '%s'", fwaas_driver_class_path)
|
||||
except ImportError:
|
||||
msg = _('Error importing FWaaS device driver: %s')
|
||||
raise ImportError(msg % fwaas_driver_class_path)
|
||||
|
@ -116,7 +116,7 @@ class FWaaSL3AgentRpcCallback(api.FWaaSAgentRpcCallbackMixin):
|
|||
|
||||
def _invoke_driver_for_plugin_api(self, context, fw, func_name):
|
||||
"""Invoke driver method for plugin API and provide status back."""
|
||||
LOG.debug(_("%(func_name)s from agent for fw: %(fwid)s"),
|
||||
LOG.debug("%(func_name)s from agent for fw: %(fwid)s",
|
||||
{'func_name': func_name, 'fwid': fw['id']})
|
||||
try:
|
||||
routers = self.plugin_rpc.get_routers(context)
|
||||
|
@ -124,14 +124,14 @@ class FWaaSL3AgentRpcCallback(api.FWaaSAgentRpcCallbackMixin):
|
|||
routers,
|
||||
fw['tenant_id'])
|
||||
if not router_info_list:
|
||||
LOG.debug(_('No Routers on tenant: %s'), fw['tenant_id'])
|
||||
LOG.debug('No Routers on tenant: %s', fw['tenant_id'])
|
||||
# fw was created before any routers were added, and if a
|
||||
# delete is sent then we need to ack so that plugin can
|
||||
# cleanup.
|
||||
if func_name == 'delete_firewall':
|
||||
self.fwplugin_rpc.firewall_deleted(context, fw['id'])
|
||||
return
|
||||
LOG.debug(_("Apply fw on Router List: '%s'"),
|
||||
LOG.debug("Apply fw on Router List: '%s'",
|
||||
[ri.router['id'] for ri in router_info_list])
|
||||
# call into the driver
|
||||
try:
|
||||
|
@ -144,8 +144,8 @@ class FWaaSL3AgentRpcCallback(api.FWaaSAgentRpcCallbackMixin):
|
|||
else:
|
||||
status = constants.DOWN
|
||||
except fw_ext.FirewallInternalDriverError:
|
||||
LOG.error(_("Firewall Driver Error for %(func_name)s "
|
||||
"for fw: %(fwid)s"),
|
||||
LOG.error(_LE("Firewall Driver Error for %(func_name)s "
|
||||
"for fw: %(fwid)s"),
|
||||
{'func_name': func_name, 'fwid': fw['id']})
|
||||
status = constants.ERROR
|
||||
# delete needs different handling
|
||||
|
@ -159,7 +159,7 @@ class FWaaSL3AgentRpcCallback(api.FWaaSAgentRpcCallbackMixin):
|
|||
status)
|
||||
except Exception:
|
||||
LOG.exception(
|
||||
_("FWaaS RPC failure in %(func_name)s for fw: %(fwid)s"),
|
||||
_LE("FWaaS RPC failure in %(func_name)s for fw: %(fwid)s"),
|
||||
{'func_name': func_name, 'fwid': fw['id']})
|
||||
self.services_sync = True
|
||||
return
|
||||
|
@ -179,8 +179,8 @@ class FWaaSL3AgentRpcCallback(api.FWaaSAgentRpcCallbackMixin):
|
|||
ctx,
|
||||
fw['id'])
|
||||
except fw_ext.FirewallInternalDriverError:
|
||||
LOG.error(_("Firewall Driver Error on fw state %(fwmsg)s "
|
||||
"for fw: %(fwid)s"),
|
||||
LOG.error(_LE("Firewall Driver Error on fw state %(fwmsg)s "
|
||||
"for fw: %(fwid)s"),
|
||||
{'fwmsg': fw['status'], 'fwid': fw['id']})
|
||||
self.fwplugin_rpc.set_firewall_status(
|
||||
ctx,
|
||||
|
@ -198,8 +198,8 @@ class FWaaSL3AgentRpcCallback(api.FWaaSAgentRpcCallbackMixin):
|
|||
else:
|
||||
status = constants.DOWN
|
||||
except fw_ext.FirewallInternalDriverError:
|
||||
LOG.error(_("Firewall Driver Error on fw state %(fwmsg)s "
|
||||
"for fw: %(fwid)s"),
|
||||
LOG.error(_LE("Firewall Driver Error on fw state %(fwmsg)s "
|
||||
"for fw: %(fwid)s"),
|
||||
{'fwmsg': fw['status'], 'fwid': fw['id']})
|
||||
status = constants.ERROR
|
||||
|
||||
|
@ -210,7 +210,7 @@ class FWaaSL3AgentRpcCallback(api.FWaaSAgentRpcCallbackMixin):
|
|||
|
||||
def _process_router_add(self, ri):
|
||||
"""On router add, get fw with rules from plugin and update driver."""
|
||||
LOG.debug(_("Process router add, router_id: '%s'"), ri.router['id'])
|
||||
LOG.debug("Process router add, router_id: '%s'", ri.router['id'])
|
||||
routers = []
|
||||
routers.append(ri.router)
|
||||
router_info_list = self._get_router_info_list_for_tenant(
|
||||
|
@ -221,7 +221,7 @@ class FWaaSL3AgentRpcCallback(api.FWaaSAgentRpcCallbackMixin):
|
|||
# for the tenant the router is on.
|
||||
ctx = context.Context('', ri.router['tenant_id'])
|
||||
fw_list = self.fwplugin_rpc.get_firewalls_for_tenant(ctx)
|
||||
LOG.debug(_("Process router add, fw_list: '%s'"),
|
||||
LOG.debug("Process router add, fw_list: '%s'",
|
||||
[fw['id'] for fw in fw_list])
|
||||
for fw in fw_list:
|
||||
self._invoke_driver_for_sync_from_plugin(
|
||||
|
@ -238,7 +238,7 @@ class FWaaSL3AgentRpcCallback(api.FWaaSAgentRpcCallbackMixin):
|
|||
self._process_router_add(ri)
|
||||
except Exception:
|
||||
LOG.exception(
|
||||
_("FWaaS RPC info call failed for '%s'."),
|
||||
_LE("FWaaS RPC info call failed for '%s'."),
|
||||
ri.router['id'])
|
||||
self.services_sync = True
|
||||
|
||||
|
@ -253,7 +253,7 @@ class FWaaSL3AgentRpcCallback(api.FWaaSAgentRpcCallbackMixin):
|
|||
# get the list of tenants with firewalls configured
|
||||
# from the plugin
|
||||
tenant_ids = self.fwplugin_rpc.get_tenants_with_firewalls(ctx)
|
||||
LOG.debug(_("Tenants with Firewalls: '%s'"), tenant_ids)
|
||||
LOG.debug("Tenants with Firewalls: '%s'", tenant_ids)
|
||||
for tenant_id in tenant_ids:
|
||||
ctx = context.Context('', tenant_id)
|
||||
fw_list = self.fwplugin_rpc.get_firewalls_for_tenant(ctx)
|
||||
|
@ -263,15 +263,15 @@ class FWaaSL3AgentRpcCallback(api.FWaaSAgentRpcCallbackMixin):
|
|||
routers,
|
||||
tenant_id)
|
||||
if router_info_list:
|
||||
LOG.debug(_("Router List: '%s'"),
|
||||
LOG.debug("Router List: '%s'",
|
||||
[ri.router['id'] for ri in router_info_list])
|
||||
LOG.debug(_("fw_list: '%s'"),
|
||||
LOG.debug("fw_list: '%s'",
|
||||
[fw['id'] for fw in fw_list])
|
||||
# apply sync data on fw for this tenant
|
||||
for fw in fw_list:
|
||||
# fw, routers present on this host for tenant
|
||||
# install
|
||||
LOG.debug(_("Apply fw on Router List: '%s'"),
|
||||
LOG.debug("Apply fw on Router List: '%s'",
|
||||
[ri.router['id']
|
||||
for ri in router_info_list])
|
||||
# no need to apply sync data for ACTIVE fw
|
||||
|
@ -282,7 +282,7 @@ class FWaaSL3AgentRpcCallback(api.FWaaSAgentRpcCallbackMixin):
|
|||
fw)
|
||||
self.services_sync = False
|
||||
except Exception:
|
||||
LOG.exception(_("Failed fwaas process services sync"))
|
||||
LOG.exception(_LE("Failed fwaas process services sync"))
|
||||
self.services_sync = True
|
||||
|
||||
def create_firewall(self, context, firewall, host):
|
||||
|
|
|
@ -19,6 +19,7 @@ import httplib2
|
|||
from oslo.config import cfg
|
||||
from oslo.serialization import jsonutils
|
||||
|
||||
from neutron.openstack.common.gettextutils import _LE
|
||||
from neutron.openstack.common import log as logging
|
||||
from neutron.services.firewall.agents.varmour import varmour_utils as va_utils
|
||||
|
||||
|
@ -60,7 +61,7 @@ class AuthenticationFailure(vArmourAPIException):
|
|||
class vArmourRestAPI(object):
|
||||
|
||||
def __init__(self):
|
||||
LOG.debug(_('vArmourRestAPI: started'))
|
||||
LOG.debug('vArmourRestAPI: started')
|
||||
self.user = cfg.CONF.vArmour.username
|
||||
self.passwd = cfg.CONF.vArmour.password
|
||||
self.server = cfg.CONF.vArmour.director
|
||||
|
@ -93,14 +94,14 @@ class vArmourRestAPI(object):
|
|||
enc = base64.b64encode('%s:%s' % (self.user, self.key))
|
||||
headers['Authorization'] = 'Basic ' + enc
|
||||
|
||||
LOG.debug(_("vArmourRestAPI: %(server)s %(port)s"),
|
||||
LOG.debug("vArmourRestAPI: %(server)s %(port)s",
|
||||
{'server': self.server, 'port': self.port})
|
||||
|
||||
try:
|
||||
action = "https://" + self.server + ":" + self.port + url
|
||||
|
||||
LOG.debug(_("vArmourRestAPI Sending: "
|
||||
"%(method)s %(action)s %(headers)s %(body_data)s"),
|
||||
LOG.debug("vArmourRestAPI Sending: "
|
||||
"%(method)s %(action)s %(headers)s %(body_data)s",
|
||||
{'method': method, 'action': action,
|
||||
'headers': headers, 'body_data': body_data})
|
||||
|
||||
|
@ -110,7 +111,7 @@ class vArmourRestAPI(object):
|
|||
body=body_data,
|
||||
headers=headers)
|
||||
|
||||
LOG.debug(_("vArmourRestAPI Response: %(status)s %(resp_str)s"),
|
||||
LOG.debug("vArmourRestAPI Response: %(status)s %(resp_str)s",
|
||||
{'status': resp.status, 'resp_str': resp_str})
|
||||
|
||||
if resp.status == 200:
|
||||
|
@ -118,7 +119,8 @@ class vArmourRestAPI(object):
|
|||
'reason': resp.reason,
|
||||
'body': jsonutils.loads(resp_str)}
|
||||
except Exception:
|
||||
LOG.error(_('vArmourRestAPI: Could not establish HTTP connection'))
|
||||
LOG.error(_LE('vArmourRestAPI: Could not establish HTTP '
|
||||
'connection'))
|
||||
|
||||
def del_cfg_objs(self, url, prefix):
|
||||
resp = self.rest_api('GET', url)
|
||||
|
|
|
@ -30,6 +30,7 @@ from neutron.agent.linux import ip_lib
|
|||
from neutron.common import config as common_config
|
||||
from neutron.common import constants as l3_constants
|
||||
from neutron.common import topics
|
||||
from neutron.openstack.common.gettextutils import _LW
|
||||
from neutron.openstack.common import log as logging
|
||||
from neutron.openstack.common import service
|
||||
from neutron import service as neutron_service
|
||||
|
@ -44,7 +45,7 @@ LOG = logging.getLogger(__name__)
|
|||
class vArmourL3NATAgent(l3_agent.L3NATAgent,
|
||||
firewall_l3_agent.FWaaSL3AgentRpcCallback):
|
||||
def __init__(self, host, conf=None):
|
||||
LOG.debug(_('vArmourL3NATAgent: __init__'))
|
||||
LOG.debug('vArmourL3NATAgent: __init__')
|
||||
self.rest = varmour_api.vArmourRestAPI()
|
||||
super(vArmourL3NATAgent, self).__init__(host, conf)
|
||||
|
||||
|
@ -58,13 +59,13 @@ class vArmourL3NATAgent(l3_agent.L3NATAgent,
|
|||
return
|
||||
|
||||
def _router_added(self, router_id, router):
|
||||
LOG.debug(_("_router_added: %s"), router_id)
|
||||
LOG.debug("_router_added: %s", router_id)
|
||||
ri = l3_agent.RouterInfo(router_id, self.root_helper, router)
|
||||
self.router_info[router_id] = ri
|
||||
super(vArmourL3NATAgent, self).process_router_add(ri)
|
||||
|
||||
def _router_removed(self, router_id):
|
||||
LOG.debug(_("_router_removed: %s"), router_id)
|
||||
LOG.debug("_router_removed: %s", router_id)
|
||||
|
||||
ri = self.router_info[router_id]
|
||||
if ri:
|
||||
|
@ -99,13 +100,14 @@ class vArmourL3NATAgent(l3_agent.L3NATAgent,
|
|||
raise Exception(_("Router port %s has no IP address") % port['id'])
|
||||
return
|
||||
if len(ips) > 1:
|
||||
LOG.warn(_("Ignoring multiple IPs on router port %s"), port['id'])
|
||||
LOG.warn(_LW("Ignoring multiple IPs on router port %s"),
|
||||
port['id'])
|
||||
prefixlen = netaddr.IPNetwork(port['subnet']['cidr']).prefixlen
|
||||
port['ip_cidr'] = "%s/%s" % (ips[0]['ip_address'], prefixlen)
|
||||
|
||||
def _va_unset_zone_interfaces(self, zone_name, remove_zone=False):
|
||||
# return True if zone exists; otherwise, return False
|
||||
LOG.debug(_("_va_unset_zone_interfaces: %s"), zone_name)
|
||||
LOG.debug("_va_unset_zone_interfaces: %s", zone_name)
|
||||
resp = self.rest.rest_api('GET', va_utils.REST_URL_CONF_ZONE)
|
||||
if resp and resp['status'] == 200:
|
||||
zlist = resp['body']['response']
|
||||
|
@ -137,7 +139,7 @@ class vArmourL3NATAgent(l3_agent.L3NATAgent,
|
|||
return pif + '.0'
|
||||
|
||||
def _va_set_interface_ip(self, pif, cidr):
|
||||
LOG.debug(_("_va_set_interface_ip: %(pif)s %(cidr)s"),
|
||||
LOG.debug("_va_set_interface_ip: %(pif)s %(cidr)s",
|
||||
{'pif': pif, 'cidr': cidr})
|
||||
|
||||
lif = self._va_pif_2_lif(pif)
|
||||
|
@ -157,7 +159,7 @@ class vArmourL3NATAgent(l3_agent.L3NATAgent,
|
|||
|
||||
def _va_config_trusted_zone(self, ri, plist):
|
||||
zone = va_utils.get_trusted_zone_name(ri)
|
||||
LOG.debug(_("_va_config_trusted_zone: %s"), zone)
|
||||
LOG.debug("_va_config_trusted_zone: %s", zone)
|
||||
|
||||
body = {
|
||||
'name': zone,
|
||||
|
@ -188,7 +190,7 @@ class vArmourL3NATAgent(l3_agent.L3NATAgent,
|
|||
|
||||
def _va_config_untrusted_zone(self, ri, plist):
|
||||
zone = va_utils.get_untrusted_zone_name(ri)
|
||||
LOG.debug(_("_va_config_untrusted_zone: %s"), zone)
|
||||
LOG.debug("_va_config_untrusted_zone: %s", zone)
|
||||
|
||||
body = {
|
||||
'name': zone,
|
||||
|
@ -203,7 +205,7 @@ class vArmourL3NATAgent(l3_agent.L3NATAgent,
|
|||
|
||||
# add new gateway ports to untrusted zone
|
||||
if ri.ex_gw_port:
|
||||
LOG.debug(_("_va_config_untrusted_zone: gw=%r"), ri.ex_gw_port)
|
||||
LOG.debug("_va_config_untrusted_zone: gw=%r", ri.ex_gw_port)
|
||||
dev = self.get_external_device_name(ri.ex_gw_port['id'])
|
||||
pif = self._va_get_port_name(plist, dev)
|
||||
if pif:
|
||||
|
@ -216,7 +218,7 @@ class vArmourL3NATAgent(l3_agent.L3NATAgent,
|
|||
self.rest.commit()
|
||||
|
||||
def _va_config_router_snat_rules(self, ri, plist):
|
||||
LOG.debug(_('_va_config_router_snat_rules: %s'), ri.router['id'])
|
||||
LOG.debug('_va_config_router_snat_rules: %s', ri.router['id'])
|
||||
|
||||
prefix = va_utils.get_snat_rule_name(ri)
|
||||
self.rest.del_cfg_objs(va_utils.REST_URL_CONF_NAT_RULE, prefix)
|
||||
|
@ -248,7 +250,7 @@ class vArmourL3NATAgent(l3_agent.L3NATAgent,
|
|||
self.rest.commit()
|
||||
|
||||
def _va_config_floating_ips(self, ri):
|
||||
LOG.debug(_('_va_config_floating_ips: %s'), ri.router['id'])
|
||||
LOG.debug('_va_config_floating_ips: %s', ri.router['id'])
|
||||
|
||||
prefix = va_utils.get_dnat_rule_name(ri)
|
||||
self.rest.del_cfg_objs(va_utils.REST_URL_CONF_NAT_RULE, prefix)
|
||||
|
@ -270,7 +272,7 @@ class vArmourL3NATAgent(l3_agent.L3NATAgent,
|
|||
self.rest.commit()
|
||||
|
||||
def process_router(self, ri):
|
||||
LOG.debug(_("process_router: %s"), ri.router['id'])
|
||||
LOG.debug("process_router: %s", ri.router['id'])
|
||||
super(vArmourL3NATAgent, self).process_router(ri)
|
||||
|
||||
self.rest.auth()
|
||||
|
@ -281,10 +283,10 @@ class vArmourL3NATAgent(l3_agent.L3NATAgent,
|
|||
try:
|
||||
plist = resp['body']['response']
|
||||
except ValueError:
|
||||
LOG.warn(_("Unable to parse interface mapping."))
|
||||
LOG.warn(_LW("Unable to parse interface mapping."))
|
||||
return
|
||||
else:
|
||||
LOG.warn(_("Unable to read interface mapping."))
|
||||
LOG.warn(_LW("Unable to read interface mapping."))
|
||||
return
|
||||
|
||||
if ri.ex_gw_port:
|
||||
|
@ -303,7 +305,7 @@ class vArmourL3NATAgent(l3_agent.L3NATAgent,
|
|||
|
||||
def external_gateway_added(self, ri, ex_gw_port,
|
||||
interface_name, internal_cidrs):
|
||||
LOG.debug(_("external_gateway_added: %s"), ri.router['id'])
|
||||
LOG.debug("external_gateway_added: %s", ri.router['id'])
|
||||
|
||||
if not ip_lib.device_exists(interface_name,
|
||||
root_helper=self.root_helper,
|
||||
|
|
|
@ -15,6 +15,7 @@
|
|||
|
||||
from neutron.agent.linux import iptables_manager
|
||||
from neutron.extensions import firewall as fw_ext
|
||||
from neutron.openstack.common.gettextutils import _LE
|
||||
from neutron.openstack.common import log as logging
|
||||
from neutron.services.firewall.drivers import fwaas_base
|
||||
|
||||
|
@ -46,10 +47,10 @@ class IptablesFwaasDriver(fwaas_base.FwaasDriverBase):
|
|||
"""IPTables driver for Firewall As A Service."""
|
||||
|
||||
def __init__(self):
|
||||
LOG.debug(_("Initializing fwaas iptables driver"))
|
||||
LOG.debug("Initializing fwaas iptables driver")
|
||||
|
||||
def create_firewall(self, agent_mode, apply_list, firewall):
|
||||
LOG.debug(_('Creating firewall %(fw_id)s for tenant %(tid)s)'),
|
||||
LOG.debug('Creating firewall %(fw_id)s for tenant %(tid)s)',
|
||||
{'fw_id': firewall['id'], 'tid': firewall['tenant_id']})
|
||||
try:
|
||||
if firewall['admin_state_up']:
|
||||
|
@ -58,7 +59,7 @@ class IptablesFwaasDriver(fwaas_base.FwaasDriverBase):
|
|||
self.apply_default_policy(agent_mode, apply_list, firewall)
|
||||
except (LookupError, RuntimeError):
|
||||
# catch known library exceptions and raise Fwaas generic exception
|
||||
LOG.exception(_("Failed to create firewall: %s"), firewall['id'])
|
||||
LOG.exception(_LE("Failed to create firewall: %s"), firewall['id'])
|
||||
raise fw_ext.FirewallInternalDriverError(driver=FWAAS_DRIVER_NAME)
|
||||
|
||||
def _get_ipt_mgrs_with_if_prefix(self, agent_mode, router_info):
|
||||
|
@ -87,7 +88,7 @@ class IptablesFwaasDriver(fwaas_base.FwaasDriverBase):
|
|||
return ipt_mgrs
|
||||
|
||||
def delete_firewall(self, agent_mode, apply_list, firewall):
|
||||
LOG.debug(_('Deleting firewall %(fw_id)s for tenant %(tid)s)'),
|
||||
LOG.debug('Deleting firewall %(fw_id)s for tenant %(tid)s)',
|
||||
{'fw_id': firewall['id'], 'tid': firewall['tenant_id']})
|
||||
fwid = firewall['id']
|
||||
try:
|
||||
|
@ -102,11 +103,11 @@ class IptablesFwaasDriver(fwaas_base.FwaasDriverBase):
|
|||
ipt_mgr.defer_apply_off()
|
||||
except (LookupError, RuntimeError):
|
||||
# catch known library exceptions and raise Fwaas generic exception
|
||||
LOG.exception(_("Failed to delete firewall: %s"), fwid)
|
||||
LOG.exception(_LE("Failed to delete firewall: %s"), fwid)
|
||||
raise fw_ext.FirewallInternalDriverError(driver=FWAAS_DRIVER_NAME)
|
||||
|
||||
def update_firewall(self, agent_mode, apply_list, firewall):
|
||||
LOG.debug(_('Updating firewall %(fw_id)s for tenant %(tid)s)'),
|
||||
LOG.debug('Updating firewall %(fw_id)s for tenant %(tid)s)',
|
||||
{'fw_id': firewall['id'], 'tid': firewall['tenant_id']})
|
||||
try:
|
||||
if firewall['admin_state_up']:
|
||||
|
@ -115,11 +116,11 @@ class IptablesFwaasDriver(fwaas_base.FwaasDriverBase):
|
|||
self.apply_default_policy(agent_mode, apply_list, firewall)
|
||||
except (LookupError, RuntimeError):
|
||||
# catch known library exceptions and raise Fwaas generic exception
|
||||
LOG.exception(_("Failed to update firewall: %s"), firewall['id'])
|
||||
LOG.exception(_LE("Failed to update firewall: %s"), firewall['id'])
|
||||
raise fw_ext.FirewallInternalDriverError(driver=FWAAS_DRIVER_NAME)
|
||||
|
||||
def apply_default_policy(self, agent_mode, apply_list, firewall):
|
||||
LOG.debug(_('Applying firewall %(fw_id)s for tenant %(tid)s)'),
|
||||
LOG.debug('Applying firewall %(fw_id)s for tenant %(tid)s)',
|
||||
{'fw_id': firewall['id'], 'tid': firewall['tenant_id']})
|
||||
fwid = firewall['id']
|
||||
try:
|
||||
|
@ -140,8 +141,8 @@ class IptablesFwaasDriver(fwaas_base.FwaasDriverBase):
|
|||
ipt_mgr.defer_apply_off()
|
||||
except (LookupError, RuntimeError):
|
||||
# catch known library exceptions and raise Fwaas generic exception
|
||||
LOG.exception(_("Failed to apply default policy on firewall: %s"),
|
||||
fwid)
|
||||
LOG.exception(
|
||||
_LE("Failed to apply default policy on firewall: %s"), fwid)
|
||||
raise fw_ext.FirewallInternalDriverError(driver=FWAAS_DRIVER_NAME)
|
||||
|
||||
def _setup_firewall(self, agent_mode, apply_list, firewall):
|
||||
|
|
|
@ -13,6 +13,7 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from neutron.openstack.common.gettextutils import _LW
|
||||
from neutron.openstack.common import log as logging
|
||||
from neutron.services.firewall.agents.varmour import varmour_api
|
||||
from neutron.services.firewall.agents.varmour import varmour_utils as va_utils
|
||||
|
@ -23,17 +24,17 @@ LOG = logging.getLogger(__name__)
|
|||
|
||||
class vArmourFwaasDriver(fwaas_base.FwaasDriverBase):
|
||||
def __init__(self):
|
||||
LOG.debug(_("Initializing fwaas vArmour driver"))
|
||||
LOG.debug("Initializing fwaas vArmour driver")
|
||||
|
||||
self.rest = varmour_api.vArmourRestAPI()
|
||||
|
||||
def create_firewall(self, apply_list, firewall):
|
||||
LOG.debug(_('create_firewall (%s)'), firewall['id'])
|
||||
LOG.debug('create_firewall (%s)', firewall['id'])
|
||||
|
||||
return self.update_firewall(apply_list, firewall)
|
||||
|
||||
def update_firewall(self, apply_list, firewall):
|
||||
LOG.debug(_("update_firewall (%s)"), firewall['id'])
|
||||
LOG.debug("update_firewall (%s)", firewall['id'])
|
||||
|
||||
if firewall['admin_state_up']:
|
||||
return self._update_firewall(apply_list, firewall)
|
||||
|
@ -41,12 +42,12 @@ class vArmourFwaasDriver(fwaas_base.FwaasDriverBase):
|
|||
return self.apply_default_policy(apply_list, firewall)
|
||||
|
||||
def delete_firewall(self, apply_list, firewall):
|
||||
LOG.debug(_("delete_firewall (%s)"), firewall['id'])
|
||||
LOG.debug("delete_firewall (%s)", firewall['id'])
|
||||
|
||||
return self.apply_default_policy(apply_list, firewall)
|
||||
|
||||
def apply_default_policy(self, apply_list, firewall):
|
||||
LOG.debug(_("apply_default_policy (%s)"), firewall['id'])
|
||||
LOG.debug("apply_default_policy (%s)", firewall['id'])
|
||||
|
||||
self.rest.auth()
|
||||
|
||||
|
@ -56,7 +57,7 @@ class vArmourFwaasDriver(fwaas_base.FwaasDriverBase):
|
|||
return True
|
||||
|
||||
def _update_firewall(self, apply_list, firewall):
|
||||
LOG.debug(_("Updating firewall (%s)"), firewall['id'])
|
||||
LOG.debug("Updating firewall (%s)", firewall['id'])
|
||||
|
||||
self.rest.auth()
|
||||
|
||||
|
@ -105,7 +106,7 @@ class vArmourFwaasDriver(fwaas_base.FwaasDriverBase):
|
|||
|
||||
self.rest.commit()
|
||||
else:
|
||||
LOG.warn(_("Unsupported IP version rule."))
|
||||
LOG.warn(_LW("Unsupported IP version rule."))
|
||||
|
||||
def _clear_policy(self, ri, fw):
|
||||
prefix = va_utils.get_firewall_object_prefix(ri, fw)
|
||||
|
|
|
@ -21,6 +21,7 @@ from neutron.common import topics
|
|||
from neutron import context as neutron_context
|
||||
from neutron.db.firewall import firewall_db
|
||||
from neutron.extensions import firewall as fw_ext
|
||||
from neutron.openstack.common.gettextutils import _LW
|
||||
from neutron.openstack.common import log as logging
|
||||
from neutron.plugins.common import constants as const
|
||||
|
||||
|
@ -37,7 +38,7 @@ class FirewallCallbacks(n_rpc.RpcCallback):
|
|||
|
||||
def set_firewall_status(self, context, firewall_id, status, **kwargs):
|
||||
"""Agent uses this to set a firewall's status."""
|
||||
LOG.debug(_("set_firewall_status() called"))
|
||||
LOG.debug("set_firewall_status() called")
|
||||
with context.session.begin(subtransactions=True):
|
||||
fw_db = self.plugin._get_firewall(context, firewall_id)
|
||||
# ignore changing status if firewall expects to be deleted
|
||||
|
@ -45,8 +46,8 @@ class FirewallCallbacks(n_rpc.RpcCallback):
|
|||
# performed on the backend, neutron server received delete request
|
||||
# and changed firewall status to const.PENDING_DELETE
|
||||
if fw_db.status == const.PENDING_DELETE:
|
||||
LOG.debug(_("Firewall %(fw_id)s in PENDING_DELETE state, "
|
||||
"not changing to %(status)s"),
|
||||
LOG.debug("Firewall %(fw_id)s in PENDING_DELETE state, "
|
||||
"not changing to %(status)s",
|
||||
{'fw_id': firewall_id, 'status': status})
|
||||
return False
|
||||
if status in (const.ACTIVE, const.DOWN):
|
||||
|
@ -58,7 +59,7 @@ class FirewallCallbacks(n_rpc.RpcCallback):
|
|||
|
||||
def firewall_deleted(self, context, firewall_id, **kwargs):
|
||||
"""Agent uses this to indicate firewall is deleted."""
|
||||
LOG.debug(_("firewall_deleted() called"))
|
||||
LOG.debug("firewall_deleted() called")
|
||||
with context.session.begin(subtransactions=True):
|
||||
fw_db = self.plugin._get_firewall(context, firewall_id)
|
||||
# allow to delete firewalls in ERROR state
|
||||
|
@ -66,15 +67,15 @@ class FirewallCallbacks(n_rpc.RpcCallback):
|
|||
self.plugin.delete_db_firewall_object(context, firewall_id)
|
||||
return True
|
||||
else:
|
||||
LOG.warn(_('Firewall %(fw)s unexpectedly deleted by agent, '
|
||||
'status was %(status)s'),
|
||||
LOG.warn(_LW('Firewall %(fw)s unexpectedly deleted by agent, '
|
||||
'status was %(status)s'),
|
||||
{'fw': firewall_id, 'status': fw_db.status})
|
||||
fw_db.status = const.ERROR
|
||||
return False
|
||||
|
||||
def get_firewalls_for_tenant(self, context, **kwargs):
|
||||
"""Agent uses this to get all firewalls and rules for a tenant."""
|
||||
LOG.debug(_("get_firewalls_for_tenant() called"))
|
||||
LOG.debug("get_firewalls_for_tenant() called")
|
||||
fw_list = [
|
||||
self.plugin._make_firewall_dict_with_rules(context, fw['id'])
|
||||
for fw in self.plugin.get_firewalls(context)
|
||||
|
@ -83,13 +84,13 @@ class FirewallCallbacks(n_rpc.RpcCallback):
|
|||
|
||||
def get_firewalls_for_tenant_without_rules(self, context, **kwargs):
|
||||
"""Agent uses this to get all firewalls for a tenant."""
|
||||
LOG.debug(_("get_firewalls_for_tenant_without_rules() called"))
|
||||
LOG.debug("get_firewalls_for_tenant_without_rules() called")
|
||||
fw_list = [fw for fw in self.plugin.get_firewalls(context)]
|
||||
return fw_list
|
||||
|
||||
def get_tenants_with_firewalls(self, context, **kwargs):
|
||||
"""Agent uses this to get all tenants that have firewalls."""
|
||||
LOG.debug(_("get_tenants_with_firewalls() called"))
|
||||
LOG.debug("get_tenants_with_firewalls() called")
|
||||
ctx = neutron_context.get_admin_context()
|
||||
fw_list = self.plugin.get_firewalls(ctx)
|
||||
fw_tenant_list = list(set(fw['tenant_id'] for fw in fw_list))
|
||||
|
@ -213,7 +214,7 @@ class FirewallPlugin(firewall_db.Firewall_db_mixin):
|
|||
fw_rule['firewall_policy_id'])
|
||||
|
||||
def create_firewall(self, context, firewall):
|
||||
LOG.debug(_("create_firewall() called"))
|
||||
LOG.debug("create_firewall() called")
|
||||
tenant_id = self._get_tenant_id_for_create(context,
|
||||
firewall['firewall'])
|
||||
fw_count = self.get_firewalls_count(context,
|
||||
|
@ -227,7 +228,7 @@ class FirewallPlugin(firewall_db.Firewall_db_mixin):
|
|||
return fw
|
||||
|
||||
def update_firewall(self, context, id, firewall):
|
||||
LOG.debug(_("update_firewall() called"))
|
||||
LOG.debug("update_firewall() called")
|
||||
self._ensure_update_firewall(context, id)
|
||||
firewall['firewall']['status'] = const.PENDING_UPDATE
|
||||
fw = super(FirewallPlugin, self).update_firewall(context, id, firewall)
|
||||
|
@ -242,7 +243,7 @@ class FirewallPlugin(firewall_db.Firewall_db_mixin):
|
|||
super(FirewallPlugin, self).delete_firewall(context, id)
|
||||
|
||||
def delete_firewall(self, context, id):
|
||||
LOG.debug(_("delete_firewall() called"))
|
||||
LOG.debug("delete_firewall() called")
|
||||
status_update = {"firewall": {"status": const.PENDING_DELETE}}
|
||||
fw = super(FirewallPlugin, self).update_firewall(context, id,
|
||||
status_update)
|
||||
|
@ -251,7 +252,7 @@ class FirewallPlugin(firewall_db.Firewall_db_mixin):
|
|||
self.agent_rpc.delete_firewall(context, fw_with_rules)
|
||||
|
||||
def update_firewall_policy(self, context, id, firewall_policy):
|
||||
LOG.debug(_("update_firewall_policy() called"))
|
||||
LOG.debug("update_firewall_policy() called")
|
||||
self._ensure_update_firewall_policy(context, id)
|
||||
fwp = super(FirewallPlugin,
|
||||
self).update_firewall_policy(context, id, firewall_policy)
|
||||
|
@ -259,7 +260,7 @@ class FirewallPlugin(firewall_db.Firewall_db_mixin):
|
|||
return fwp
|
||||
|
||||
def update_firewall_rule(self, context, id, firewall_rule):
|
||||
LOG.debug(_("update_firewall_rule() called"))
|
||||
LOG.debug("update_firewall_rule() called")
|
||||
self._ensure_update_firewall_rule(context, id)
|
||||
fwr = super(FirewallPlugin,
|
||||
self).update_firewall_rule(context, id, firewall_rule)
|
||||
|
@ -269,7 +270,7 @@ class FirewallPlugin(firewall_db.Firewall_db_mixin):
|
|||
return fwr
|
||||
|
||||
def insert_rule(self, context, id, rule_info):
|
||||
LOG.debug(_("insert_rule() called"))
|
||||
LOG.debug("insert_rule() called")
|
||||
self._ensure_update_firewall_policy(context, id)
|
||||
fwp = super(FirewallPlugin,
|
||||
self).insert_rule(context, id, rule_info)
|
||||
|
@ -277,7 +278,7 @@ class FirewallPlugin(firewall_db.Firewall_db_mixin):
|
|||
return fwp
|
||||
|
||||
def remove_rule(self, context, id, rule_info):
|
||||
LOG.debug(_("remove_rule() called"))
|
||||
LOG.debug("remove_rule() called")
|
||||
self._ensure_update_firewall_policy(context, id)
|
||||
fwp = super(FirewallPlugin,
|
||||
self).remove_rule(context, id, rule_info)
|
||||
|
|
Loading…
Reference in New Issue