From 104f8d411e20cf627df3886c3758913fd4edd668 Mon Sep 17 00:00:00 2001
From: Dmitrii Shcherbakov <dmitrii.shcherbakov@canonical.com>
Date: Mon, 2 Sep 2019 20:21:39 -0400
Subject: [PATCH] Add an option to enable port forwarding feature

* Adds an option to enable port forwarding service plugin;
* Exposes whether port forwarding is enabled or not to neutron-gateway
  and neutron-openvswitch charms via the respective relation.

See LP: #1842353

Change-Id: Ic3a8e302942ed331bc3d80223e123c13d61db3b2
Closes-Bug: #1842353
---
 config.yaml                            |  5 +++
 hooks/neutron_api_context.py           | 24 +++++++++++
 hooks/neutron_api_hooks.py             |  2 +
 unit_tests/test_neutron_api_context.py | 11 +++++
 unit_tests/test_neutron_api_hooks.py   | 60 ++++++++++++++++++++++++++
 5 files changed, 102 insertions(+)

diff --git a/config.yaml b/config.yaml
index b4f026a1..135d3282 100755
--- a/config.yaml
+++ b/config.yaml
@@ -30,6 +30,11 @@ options:
       WARNING: Enabling this may affect your disk I/O performance since this
       may log ALL traffic being passed via gateway. Logging configuration
       such as thresholds and a destination log file are available in the neutron-gateway charm.
+  enable-port-forwarding:
+    type: boolean
+    default: False
+    description: |
+      Setting this to True will enable port forwarding (Rocky and later).
   openstack-origin:
     type: string
     default: distro
diff --git a/hooks/neutron_api_context.py b/hooks/neutron_api_context.py
index 18cde174..962be8f5 100644
--- a/hooks/neutron_api_context.py
+++ b/hooks/neutron_api_context.py
@@ -261,6 +261,27 @@ def is_nfg_logging_enabled():
     return False
 
 
+def is_port_forwarding_enabled():
+    """
+    Check if Neutron port forwarding featur should be enabled.
+
+    returns: True if enable-port-forwarding config item is True,
+        otherwise False.
+    :rtype: boolean
+    """
+    if config('enable-port-forwarding'):
+
+        if CompareOpenStackReleases(os_release('neutron-server')) < 'rocky':
+            log("The port forwarding option is"
+                "only supported on Rocky or later",
+                ERROR)
+            return False
+
+        return True
+
+    return False
+
+
 def is_vlan_trunking_requested_and_valid():
     """Check whether VLAN trunking should be enabled by checking whether
        it has been requested and, if it has, is it supported in the current
@@ -607,6 +628,9 @@ class NeutronCCContext(context.NeutronContext):
             if is_nsg_logging_enabled() or is_nfg_logging_enabled():
                 ctxt['service_plugins'].append('log')
 
+            if is_port_forwarding_enabled():
+                ctxt['service_plugins'].append('port_forwarding')
+
             if is_qos_requested_and_valid():
                 ctxt['service_plugins'].append('qos')
 
diff --git a/hooks/neutron_api_hooks.py b/hooks/neutron_api_hooks.py
index 0de4bc08..dd9326d5 100755
--- a/hooks/neutron_api_hooks.py
+++ b/hooks/neutron_api_hooks.py
@@ -108,6 +108,7 @@ from neutron_api_context import (
     is_nfg_logging_enabled,
     is_nsg_logging_enabled,
     is_qos_requested_and_valid,
+    is_port_forwarding_enabled,
     is_vlan_trunking_requested_and_valid,
 )
 
@@ -509,6 +510,7 @@ def neutron_plugin_api_relation_joined(rid=None):
             'enable-vlan-trunking': is_vlan_trunking_requested_and_valid(),
             'enable-nsg-logging': is_nsg_logging_enabled(),
             'enable-nfg-logging': is_nfg_logging_enabled(),
+            'enable-port-forwarding': is_port_forwarding_enabled(),
             'overlay-network-type': get_overlay_network_type(),
             'addr': unit_get('private-address'),
             'polling-interval': config('polling-interval'),
diff --git a/unit_tests/test_neutron_api_context.py b/unit_tests/test_neutron_api_context.py
index 009a03b5..df9cc3a8 100644
--- a/unit_tests/test_neutron_api_context.py
+++ b/unit_tests/test_neutron_api_context.py
@@ -261,6 +261,17 @@ class GeneralTests(CharmTestCase):
         self.test_config.set('enable-firewall-group-logging', True)
         self.assertFalse(context.is_nfg_logging_enabled())
 
+    def test_is_port_forwarding_enabled(self):
+        self.os_release.return_value = 'rocky'
+        self.test_config.set('enable-port-forwarding', True)
+        self.assertTrue(context.is_port_forwarding_enabled())
+        self.os_release.return_value = 'rocky'
+        self.test_config.set('enable-port-forwarding', False)
+        self.assertFalse(context.is_port_forwarding_enabled())
+        self.os_release.return_value = 'queens'
+        self.test_config.set('enable-port-forwarding', True)
+        self.assertFalse(context.is_port_forwarding_enabled())
+
 
 class IdentityServiceContext(CharmTestCase):
 
diff --git a/unit_tests/test_neutron_api_hooks.py b/unit_tests/test_neutron_api_hooks.py
index d941dacb..01d39206 100644
--- a/unit_tests/test_neutron_api_hooks.py
+++ b/unit_tests/test_neutron_api_hooks.py
@@ -90,6 +90,7 @@ TO_PATCH = [
     'generate_ha_relation_data',
     'is_nsg_logging_enabled',
     'is_nfg_logging_enabled',
+    'is_port_forwarding_enabled',
     'remove_old_packages',
     'services',
     'service_restart',
@@ -139,6 +140,7 @@ class NeutronAPIHooksTests(CharmTestCase):
         self.neutron_plugin_attribute.side_effect = _mock_nuage_npa
         self.is_nsg_logging_enabled.return_value = False
         self.is_nfg_logging_enabled.return_value = False
+        self.is_port_forwarding_enabled.return_value = False
 
     def _fake_relids(self, rel_name):
         return [randrange(100) for _count in range(2)]
@@ -529,6 +531,7 @@ class NeutronAPIHooksTests(CharmTestCase):
             'neutron-api-ready': 'no',
             'enable-nsg-logging': False,
             'enable-nfg-logging': False,
+            'enable-port-forwarding': False,
             'global-physnet-mtu': 1500,
             'physical-network-mtus': None,
         }
@@ -574,6 +577,7 @@ class NeutronAPIHooksTests(CharmTestCase):
             'neutron-api-ready': 'no',
             'enable-nsg-logging': True,
             'enable-nfg-logging': False,
+            'enable-port-forwarding': False,
             'global-physnet-mtu': 1500,
             'physical-network-mtus': None,
         }
@@ -625,6 +629,7 @@ class NeutronAPIHooksTests(CharmTestCase):
             'neutron-api-ready': 'no',
             'enable-nsg-logging': False,
             'enable-nfg-logging': True,
+            'enable-port-forwarding': False,
             'global-physnet-mtu': 1500,
             'physical-network-mtus': None,
         }
@@ -646,6 +651,57 @@ class NeutronAPIHooksTests(CharmTestCase):
             relation_id=None,
             **_relation_data)
 
+    def test_neutron_plugin_api_relation_joined_port_forwarding(self):
+        self.unit_get.return_value = '172.18.18.18'
+        self.IdentityServiceContext.return_value = \
+            DummyContext(return_value={})
+        _relation_data = {
+            'neutron-security-groups': False,
+            'enable-dvr': False,
+            'enable-l3ha': False,
+            'enable-qos': False,
+            'enable-vlan-trunking': False,
+            'addr': '172.18.18.18',
+            'polling-interval': 2,
+            'rpc-response-timeout': 60,
+            'report-interval': 30,
+            'l2-population': False,
+            'overlay-network-type': 'vxlan',
+            'service_protocol': None,
+            'auth_protocol': None,
+            'service_tenant': None,
+            'service_port': None,
+            'region': 'RegionOne',
+            'service_password': None,
+            'auth_port': None,
+            'auth_host': None,
+            'service_username': None,
+            'service_host': None,
+            'neutron-api-ready': 'no',
+            'enable-nsg-logging': False,
+            'enable-nfg-logging': False,
+            'enable-port-forwarding': True,
+            'global-physnet-mtu': 1500,
+            'physical-network-mtus': None,
+        }
+
+        self.is_qos_requested_and_valid.return_value = False
+        self.is_vlan_trunking_requested_and_valid.return_value = False
+        self.get_dvr.return_value = False
+        self.get_l3ha.return_value = False
+        self.get_l2population.return_value = False
+        self.get_overlay_network_type.return_value = 'vxlan'
+        self.get_dns_domain.return_value = ''
+
+        self.test_config.set('enable-port-forwarding', True)
+        self.is_port_forwarding_enabled.return_value = True
+
+        self._call_hook('neutron-plugin-api-relation-joined')
+
+        self.relation_set.assert_called_with(
+            relation_id=None,
+            **_relation_data)
+
     def test_neutron_plugin_api_relation_joined_dvr(self):
         self.unit_get.return_value = '172.18.18.18'
         self.IdentityServiceContext.return_value = \
@@ -675,6 +731,7 @@ class NeutronAPIHooksTests(CharmTestCase):
             'neutron-api-ready': 'no',
             'enable-nsg-logging': False,
             'enable-nfg-logging': False,
+            'enable-port-forwarding': False,
             'global-physnet-mtu': 1500,
             'physical-network-mtus': None,
         }
@@ -720,6 +777,7 @@ class NeutronAPIHooksTests(CharmTestCase):
             'neutron-api-ready': 'no',
             'enable-nsg-logging': False,
             'enable-nfg-logging': False,
+            'enable-port-forwarding': False,
             'global-physnet-mtu': 1500,
             'physical-network-mtus': None,
         }
@@ -767,6 +825,7 @@ class NeutronAPIHooksTests(CharmTestCase):
             'neutron-api-ready': 'no',
             'enable-nsg-logging': False,
             'enable-nfg-logging': False,
+            'enable-port-forwarding': False,
             'global-physnet-mtu': 1500,
             'physical-network-mtus': None,
         }
@@ -813,6 +872,7 @@ class NeutronAPIHooksTests(CharmTestCase):
             'dns-domain': 'openstack.example.',
             'enable-nsg-logging': False,
             'enable-nfg-logging': False,
+            'enable-port-forwarding': False,
             'global-physnet-mtu': 1500,
             'physical-network-mtus': None,
         }