Implement neutron network protectable plugin

Closes-Bug: 1569998

Change-Id: Ie99bb1e7a6ba9e70e1f65ab7b252827cf783e6c5

etc/providers.d/openstack-infra.conf

@@ -7,6 +7,7 @@ plugin=karbor-volume-protection-plugin
 plugin=karbor-image-protection-plugin
 plugin=karbor-server-protection-plugin
 plugin=karbor-share-protection-plugin
+plugin=karbor-network-protection-plugin
 bank=karbor-swift-bank-plugin
 
 [swift_client]

karbor/common/constants.py

@@ -35,11 +35,13 @@ RESOURCE_TYPES = (PROJECT_RESOURCE_TYPE,
                   VOLUME_RESOURCE_TYPE,
                   IMAGE_RESOURCE_TYPE,
                   SHARE_RESOURCE_TYPE,
+                  NETWORK_RESOURCE_TYPE,
                   ) = ('OS::Keystone::Project',
                        'OS::Nova::Server',
                        'OS::Cinder::Volume',
                        'OS::Glance::Image',
-                       'OS::Manila::Share'
+                       'OS::Manila::Share',
+                       'OS::Neutron::Network',
                        )
 # plan status
 PLAN_STATUS_SUSPENDED = 'suspended'

karbor/services/protection/protectable_plugins/network.py

@@ -0,0 +1,156 @@
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+import six
+
+from karbor.common import constants
+from karbor import exception
+from karbor import resource
+from karbor.services.protection.client_factory import ClientFactory
+from karbor.services.protection import protectable_plugin
+from oslo_log import log as logging
+
+LOG = logging.getLogger(__name__)
+
+
+class NetworkProtectablePlugin(protectable_plugin.ProtectablePlugin):
+    """Protectable plugin implementation for Network from Neutron.
+
+    """
+
+    _SUPPORT_RESOURCE_TYPE = constants.NETWORK_RESOURCE_TYPE
+
+    def _neutron_client(self, cntxt):
+        return ClientFactory.create_client('neutron', cntxt)
+
+    def _nova_client(self, cntxt):
+        return ClientFactory.create_client('nova', cntxt)
+
+    def get_resource_type(self):
+        return self._SUPPORT_RESOURCE_TYPE
+
+    def get_parent_resource_types(self):
+        return (constants.SERVER_RESOURCE_TYPE,
+                constants.PROJECT_RESOURCE_TYPE)
+
+    def _get_network_id(self):
+        """Set network_id as project_id
+
+        Cause the network plugin include the ports, networks,
+        subnets, routes, securitygroups, So make the id for
+        the whole plugin-package info, not just like the server
+        plugin which have the real server-id for the server.
+        """
+
+        network_id = self._context.project_id
+        return network_id
+
+    def list_resources(self, context, parameters=None):
+        try:
+            netclient = self._neutron_client(context)
+            networks = netclient.list_networks().get('networks')
+        except Exception as e:
+            LOG.exception("List all summary networks from neutron failed.")
+            raise exception.ListProtectableResourceFailed(
+                type=self._SUPPORT_RESOURCE_TYPE,
+                reason=six.text_type(e))
+        else:
+            if networks:
+                return [resource.Resource(type=self._SUPPORT_RESOURCE_TYPE,
+                                          id=self._get_network_id(),
+                                          name="Network Topology")]
+            return []
+
+    def show_resource(self, context, resource_id, parameters=None):
+        try:
+            if resource_id != self._get_network_id():
+                return None
+
+            netclient = self._neutron_client(context)
+            networks = netclient.list_networks().get('networks')
+        except Exception as e:
+            LOG.exception("List all summary networks from neutron failed.")
+            raise exception.ListProtectableResourceFailed(
+                type=self._SUPPORT_RESOURCE_TYPE,
+                reason=six.text_type(e))
+        else:
+            if networks:
+                return resource.Resource(type=self._SUPPORT_RESOURCE_TYPE,
+                                         id=self._get_network_id(),
+                                         name="Network Topology")
+            return None
+
+    def _get_dependent_resources_by_server(self,
+                                           context,
+                                           parent_resource):
+        try:
+            # get metadata about network from neutron
+            net_client = self._neutron_client(context)
+            network_infos = net_client.list_networks().get('networks')
+            neutron_networks = {network["id"] for network in network_infos}
+
+            # get interface info from server
+            nova_networks = set()
+            serverid = parent_resource.id
+            nova_client = ClientFactory.create_client("nova", context)
+            interface_list = nova_client.servers.interface_list(serverid)
+
+            # check net_id in interface
+            for iface in interface_list:
+                net_id = iface.net_id
+                if net_id not in nova_networks:
+                    nova_networks.add(net_id)
+
+            # get the exsited networks
+            valid_networks = nova_networks.intersection(neutron_networks)
+            if valid_networks:
+                return [resource.Resource(type=self._SUPPORT_RESOURCE_TYPE,
+                                          id=self._get_network_id(),
+                                          name="Network Topology")]
+            return []
+        except Exception as e:
+            LOG.exception("List all interfaces from nova failed.")
+            raise exception.ListProtectableResourceFailed(
+                type=self._SUPPORT_RESOURCE_TYPE,
+                reason=six.text_type(e))
+
+    def _get_dependent_resources_by_project(self,
+                                            context,
+                                            parent_resource):
+        try:
+            tid = parent_resource.id
+            netclient = self._neutron_client(context)
+            networks = netclient.list_networks(tenant_id=tid).get('networks')
+
+            if networks:
+                return [resource.Resource(type=self._SUPPORT_RESOURCE_TYPE,
+                                          id=self._get_network_id(),
+                                          name="Network Topology")]
+            else:
+                return []
+
+        except Exception as e:
+            LOG.exception("List all summary networks from neutron failed.")
+            raise exception.ListProtectableResourceFailed(
+                type=self._SUPPORT_RESOURCE_TYPE,
+                reason=six.text_type(e))
+
+    def get_dependent_resources(self, context, parent_resource):
+        if parent_resource.type == constants.SERVER_RESOURCE_TYPE:
+            return self._get_dependent_resources_by_server(context,
+                                                           parent_resource)
+
+        if parent_resource.type == constants.PROJECT_RESOURCE_TYPE:
+            return self._get_dependent_resources_by_project(context,
+                                                            parent_resource)
+
+        return []

karbor/services/protection/protection_plugins/network/neutron_protection_plugin.py

@@ -0,0 +1,57 @@
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from karbor.common import constants
+from karbor.services.protection import protection_plugin
+
+
+class NeutronProtectionPlugin(protection_plugin.ProtectionPlugin):
+    _SUPPORT_RESOURCE_TYPES = [constants.NETWORK_RESOURCE_TYPE]
+
+    def __init__(self, config=None):
+        super(NeutronProtectionPlugin, self).__init__(config)
+
+    @classmethod
+    def get_supported_resources_types(self):
+        return self._SUPPORT_RESOURCE_TYPES
+
+    @classmethod
+    def get_options_schema(self, resources_type):
+        # TODO(chenhuayi)
+        pass
+
+    @classmethod
+    def get_restore_schema(self, resources_type):
+        # TODO(chenhuayi)
+        pass
+
+    @classmethod
+    def get_saved_info_schema(self, resources_type):
+        # TODO(chenhuayi)
+        pass
+
+    @classmethod
+    def get_saved_info(self, metadata_store, resource):
+        # TODO(chenhuayi)
+        pass
+
+    def get_protect_operation(self, resource):
+        # TODO(chenhuayi)
+        pass
+
+    def get_restore_operation(self, resource):
+        # TODO(chenhuayi)
+        pass
+
+    def get_delete_operation(self, resource):
+        # TODO(chenhuayi)
+        pass

karbor/tests/fullstack/karbor_objects.py

@@ -416,3 +416,55 @@ class Share(object):
             return
         utils.wait_until_none(self._share_status, timeout=timeout,
                               sleep=MEDIUM_SLEEP)
+
+
+class Network(object):
+    def __init__(self):
+        super(Network, self).__init__()
+        self.id = None
+        self.project_id = None
+        self._name = "private-net"
+        self.neutron_client = base._get_neutron_client()
+
+    def _network_status(self, status=None):
+        try:
+            networks = self.neutron_client.list_networks(name=self._name)
+            assert len(networks['networks']) > 0
+            network = networks['networks'][0]
+        except Exception:
+            return False
+
+        if status is None or status == network['status']:
+            return True
+        else:
+            return False
+
+    def to_dict(self):
+        return {
+            "id": self.id,
+            "type": constants.NETWORK_RESOURCE_TYPE,
+            "name": self._name,
+        }
+
+    def create(self, timeout=MEDIUM_TIMEOUT):
+        network = {'name': self._name, 'admin_state_up': True}
+        self.neutron_client.create_network({'network': network})
+
+        networks = self.neutron_client.list_networks(name=self._name)
+        assert len(networks['networks']) > 0
+        network_id = networks['networks'][0]['id']
+        self.id = network_id
+        self.project_id = networks['networks'][0]['tenant_id']
+
+        utils.wait_until_true(partial(self._network_status, 'ACTIVE'),
+                              timeout=timeout, sleep=MEDIUM_SLEEP)
+
+        return self.id
+
+    def close(self, timeout=LONG_TIMEOUT):
+        try:
+            self.neutron_client.delete_network(self.id)
+        except Exception:
+            return
+        utils.wait_until_none(self._network_status, timeout=timeout,
+                              sleep=MEDIUM_SLEEP)

karbor/tests/fullstack/test_protectables.py

@@ -32,6 +32,10 @@ class ProtectablesTest(karbor_base.KarborBaseTest):
         res = self.karbor_client.protectables.get(protectable_type)
         self.assertEqual(protectable_type, res.name)
 
+        protectable_type = 'OS::Neutron::Network'
+        res = self.karbor_client.protectables.get(protectable_type)
+        self.assertEqual(protectable_type, res.name)
+
     def test_protectables_list_instances(self):
         volume = self.store(objects.Volume())
         volume.create(1)
@@ -47,6 +51,12 @@ class ProtectablesTest(karbor_base.KarborBaseTest):
         ids = [item.id for item in items]
         self.assertTrue(server.id in ids)
 
+        network = self.store(objects.Network())
+        network.create()
+        items = self.karbor_client.protectables.list_instances(
+            'OS::Neutron::Network')
+        self.assertEqual(items[0].id, network.project_id)
+
     def test_protectables_get_instance(self):
         volume = self.store(objects.Volume())
         volume.create(1)

karbor/tests/unit/plugins/test_network_protectable_plugin.py

@@ -0,0 +1,160 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from collections import namedtuple
+import mock
+
+from karbor.common import constants
+from karbor.context import RequestContext
+from karbor import resource
+from karbor.services.protection.protectable_plugins.network import \
+    NetworkProtectablePlugin
+from karbor.tests import base
+from keystoneauth1 import session as keystone_session
+from neutronclient.v2_0 import client
+from oslo_config import cfg
+
+CONF = cfg.CONF
+
+server_info = namedtuple('server_info',
+                         field_names=['id', 'type', 'name', 'addresses'])
+project_info = namedtuple('project_info', field_names=['id', 'type'])
+
+FakePorts = {'ports': [
+    {'fixed_ips': [{'subnet_id': 'subnet-1',
+                    'ip_address': '10.0.0.21'}],
+     'id': 'port-1',
+     'mac_address': 'mac_address_1',
+     'device_id': 'vm_id_1',
+     'name': '',
+     'admin_state_up': True,
+     'network_id': '658e1063-4ee3-4649-a2c9'},
+    {'fixed_ips': [{'subnet_id': 'subnet-1',
+                    'ip_address': '10.0.0.22'}],
+     'id': 'port-2',
+     'mac_address': 'mac_address_2',
+     'device_id': 'vm_id_2',
+     'name': '',
+     'admin_state_up': True,
+     'network_id': 'network_id_2'}
+]}
+
+
+class NetworkProtectablePluginTest(base.TestCase):
+    def setUp(self):
+        super(NetworkProtectablePluginTest, self).setUp()
+
+        service_catalog = [{
+            'type': 'network',
+            'endpoints': [{'publicURL': 'http://127.0.0.1:9696'}]
+        }, {
+            'type': 'compute',
+            'endpoints': [{'publicURL': 'http://127.0.0.1:8774/v2.1/abcd'}]
+        }]
+        self._context = RequestContext(user_id='admin',
+                                       project_id='abcd',
+                                       auth_token='efgh',
+                                       service_catalog=service_catalog)
+
+    @mock.patch('karbor.services.protection.client_factory.ClientFactory.'
+                '_generate_session')
+    def test_create_client_by_endpoint(self, mock_generate_session):
+        CONF.set_default('neutron_endpoint', 'http://127.0.0.1:9696',
+                         'neutron_client')
+        CONF.set_default('nova_endpoint', 'http://127.0.0.1:8774/v2.1',
+                         'nova_client')
+        plugin = NetworkProtectablePlugin(self._context)
+        neutronclient = plugin._neutron_client(self._context)
+        novaclient = plugin._nova_client(self._context)
+        mock_generate_session.return_value = keystone_session.Session(
+            auth=None)
+        self.assertEqual('network',
+                         neutronclient.httpclient.service_type)
+        self.assertEqual(neutronclient.httpclient.endpoint_url,
+                         'http://127.0.0.1:9696')
+        self.assertEqual(novaclient.client.management_url,
+                         'http://127.0.0.1:8774/v2.1/abcd')
+
+    @mock.patch('karbor.services.protection.client_factory.ClientFactory.'
+                '_generate_session')
+    def test_create_client_by_catalog(self, mock_generate_session):
+        CONF.set_default('neutron_catalog_info', 'network:neutron:publicURL',
+                         'neutron_client')
+        CONF.set_default('nova_catalog_info', 'compute:nova:publicURL',
+                         'nova_client')
+        plugin = NetworkProtectablePlugin(self._context)
+        neutronclient = plugin._neutron_client(self._context)
+        novaclient = plugin._nova_client(self._context)
+        mock_generate_session.return_value = keystone_session.Session(
+            auth=None)
+        self.assertEqual('network',
+                         neutronclient.httpclient.service_type)
+        self.assertEqual(neutronclient.httpclient.endpoint_url,
+                         'http://127.0.0.1:9696')
+        self.assertEqual(novaclient.client.management_url,
+                         'http://127.0.0.1:8774/v2.1/abcd')
+
+    def test_get_resource_type(self):
+        plugin = NetworkProtectablePlugin(self._context)
+        self.assertEqual(plugin.get_resource_type(),
+                         constants.NETWORK_RESOURCE_TYPE)
+
+    def test_get_parent_resource_type(self):
+        plugin = NetworkProtectablePlugin(self._context)
+        self.assertItemsEqual(plugin.get_parent_resource_types(),
+                              (constants.SERVER_RESOURCE_TYPE,
+                               constants.PROJECT_RESOURCE_TYPE))
+
+    @mock.patch.object(client.Client, 'list_networks')
+    def test_list_resources(self, mock_client_list_networks):
+        plugin = NetworkProtectablePlugin(self._context)
+
+        fake_network_info = {'networks': [
+            {u'status': u'ACTIVE',
+             u'description': u'',
+             u'tenant_id': u'abcd',
+             u'name': u'private'},
+            {u'status': u'ACTIVE',
+             u'description': u'',
+             u'name': u'ext_net',
+             u'tenant_id': u'abcd'}
+            ]}
+
+        mock_client_list_networks.return_value = fake_network_info
+        self.assertEqual(plugin.list_resources(self._context),
+                         [resource.Resource
+                             (type=constants.NETWORK_RESOURCE_TYPE,
+                              id='abcd',
+                              name="Network Topology")])
+
+    @mock.patch.object(client.Client, 'list_networks')
+    def test_get_project_dependent_resources(self, mock_client_list_networks):
+        project = project_info(id='abcd',
+                               type=constants.PROJECT_RESOURCE_TYPE)
+        plugin = NetworkProtectablePlugin(self._context)
+        fake_network_info = {'networks': [
+            {u'status': u'ACTIVE',
+             u'description': u'',
+             u'tenant_id': u'abcd',
+             u'name': u'private'},
+            {u'status': u'ACTIVE',
+             u'description': u'',
+             u'name': u'ext_net',
+             u'tenant_id': u'abcd'}
+            ]}
+        mock_client_list_networks.return_value = fake_network_info
+        self.assertEqual(plugin.get_dependent_resources(self._context,
+                                                        project),
+                         [resource.Resource
+                             (type=constants.NETWORK_RESOURCE_TYPE,
+                              id='abcd',
+                              name="Network Topology")])

karbor/tests/unit/protection/test_manager.py

@@ -65,7 +65,8 @@ class ProtectionServiceTest(base.TestCase):
         result = self.pro_manager.show_protectable_type(None,
                                                         "OS::Nova::Server")
         self.assertEqual("OS::Nova::Server", result["name"])
-        self.assertEqual({"OS::Cinder::Volume", "OS::Glance::Image"},
+        self.assertEqual({"OS::Cinder::Volume", "OS::Glance::Image",
+                          "OS::Neutron::Network"},
                          set(result["dependent_types"]))
 
     @mock.patch.object(protectable_registry.ProtectableRegistry,

setup.cfg

@@ -48,6 +48,7 @@ karbor.protections =
     karbor-server-protection-plugin = karbor.services.protection.protection_plugins.server.nova_protection_plugin:NovaProtectionPlugin
     karbor-share-protection-plugin = karbor.services.protection.protection_plugins.share.share_snapshot_plugin:ManilaSnapshotProtectionPlugin
     karbor-noop-protection-plugin = karbor.services.protection.protection_plugins.noop_plugin:NoopProtectionPlugin
+    karbor-network-protection-plugin = karbor.services.protection.protection_plugins.network.neutron_protection_plugin:NeutronProtectionPlugin
 karbor.provider =
     provider-registry = karbor.services.protection.provider:ProviderRegistry
 karbor.protectables =
@@ -56,6 +57,7 @@ karbor.protectables =
     volume = karbor.services.protection.protectable_plugins.volume:VolumeProtectablePlugin
     image = karbor.services.protection.protectable_plugins.image:ImageProtectablePlugin
     share = karbor.services.protection.protectable_plugins.share:ShareProtectablePlugin
+    network = karbor.services.protection.protectable_plugins.network:NetworkProtectablePlugin
 karbor.operationengine.engine.timetrigger.time_format =
     crontab = karbor.services.operationengine.engine.triggers.timetrigger.timeformats.crontab_time:Crontab
     calendar = karbor.services.operationengine.engine.triggers.timetrigger.timeformats.calendar_time:ICal