diff --git a/neutron_fwaas/extensions/firewall.py b/neutron_fwaas/extensions/firewall.py deleted file mode 100644 index 013a24eff..000000000 --- a/neutron_fwaas/extensions/firewall.py +++ /dev/null @@ -1,205 +0,0 @@ -# Copyright 2013 Big Switch Networks, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import abc - -from debtcollector import moves -from neutron.api.v2 import resource_helper -from neutron_lib.api.definitions import constants as api_const -from neutron_lib.api.definitions import firewall -from neutron_lib.api import extensions -from neutron_lib.exceptions import firewall_v1 as f_exc -from neutron_lib.services import base as service_base -from oslo_config import cfg -from oslo_log import log as logging -import six - -from neutron_fwaas._i18n import _ -from neutron_fwaas.common import fwaas_constants - - -LOG = logging.getLogger(__name__) - -FirewallNotFound = moves.moved_class( - f_exc.FirewallNotFound, 'FirewallNotFound', __name__) -FirewallInUse = moves.moved_class( - f_exc.FirewallInUse, 'FirewallInUse', __name__) -FirewallPolicyNotFound = moves.moved_class( - f_exc.FirewallPolicyNotFound, 'FirewallPolicyNotFound', __name__) -FirewallPolicyInUse = moves.moved_class( - f_exc.FirewallPolicyInUse, 'FirewallPolicyInUse', __name__) -FirewallPolicyConflict = moves.moved_class( - f_exc.FirewallPolicyConflict, 'FirewallPolicyConflict', __name__) -FirewallRuleSharingConflict = moves.moved_class( - f_exc.FirewallRuleSharingConflict, 'FirewallRuleSharingConflict', __name__) -FirewallPolicySharingConflict = moves.moved_class( - f_exc.FirewallPolicySharingConflict, 'FirewallPolicySharingConflict', - __name__) -FirewallRuleNotFound = moves.moved_class( - f_exc.FirewallRuleNotFound, 'FirewallRuleNotFound', __name__) -FirewallRuleInUse = moves.moved_class( - f_exc.FirewallRuleInUse, 'FirewallRuleInUse', __name__) -FirewallRuleNotAssociatedWithPolicy = moves.moved_class( - f_exc.FirewallRuleNotAssociatedWithPolicy, - 'FirewallRuleNotAssociatedWithPolicy', - __name__) -FirewallRuleInvalidProtocol = moves.moved_class( - f_exc.FirewallRuleInvalidProtocol, 'FirewallRuleInvalidProtocol', - __name__) -FirewallRuleInvalidAction = moves.moved_class( - f_exc.FirewallRuleInvalidAction, 'FirewallRuleInvalidAction', __name__) -FirewallRuleInvalidICMPParameter = moves.moved_class( - f_exc.FirewallRuleInvalidICMPParameter, - 'FirewallRuleInvalidICMPParameter', __name__) -FirewallRuleWithPortWithoutProtocolInvalid = moves.moved_class( - f_exc.FirewallRuleWithPortWithoutProtocolInvalid, - 'FirewallRuleWithPortWithoutProtocolInvalid', __name__) -FirewallRuleInvalidPortValue = moves.moved_class( - f_exc.FirewallRuleInvalidPortValue, 'FirewallRuleInvalidPortValue', - __name__) -FirewallRuleInfoMissing = moves.moved_class( - f_exc.FirewallRuleInfoMissing, 'FirewallRuleInfoMissing', __name__) -FirewallIpAddressConflict = moves.moved_class( - f_exc.FirewallIpAddressConflict, 'FirewallIpAddressConflict', __name__) -FirewallInternalDriverError = moves.moved_class( - f_exc.FirewallInternalDriverError, 'FirewallInternalDriverError', __name__) -FirewallRuleConflict = moves.moved_class( - f_exc.FirewallRuleConflict, 'FirewallRuleConflict', __name__) - - -firewall_quota_opts = [ - cfg.IntOpt('quota_firewall', - default=10, - help=_('Number of firewalls allowed per tenant. ' - 'A negative value means unlimited.')), - cfg.IntOpt('quota_firewall_policy', - default=10, - help=_('Number of firewall policies allowed per tenant. ' - 'A negative value means unlimited.')), - cfg.IntOpt('quota_firewall_rule', - default=100, - help=_('Number of firewall rules allowed per tenant. ' - 'A negative value means unlimited.')), -] -cfg.CONF.register_opts(firewall_quota_opts, 'QUOTAS') - - -# TODO(Reedip): Remove the convert_to functionality after bug1706061 is fixed. -def convert_to_string(value): - if value is not None: - return str(value) - return None - - -firewall.RESOURCE_ATTRIBUTE_MAP[api_const.FIREWALL_RULES][ - 'source_port']['convert_to'] = convert_to_string -firewall.RESOURCE_ATTRIBUTE_MAP[api_const.FIREWALL_RULES][ - 'destination_port']['convert_to'] = convert_to_string - - -class Firewall(extensions.APIExtensionDescriptor): - api_definition = firewall - - @classmethod - def get_resources(cls): - special_mappings = {'firewall_policies': 'firewall_policy'} - plural_mappings = resource_helper.build_plural_mappings( - special_mappings, firewall.RESOURCE_ATTRIBUTE_MAP) - return resource_helper.build_resource_info( - plural_mappings, firewall.RESOURCE_ATTRIBUTE_MAP, - fwaas_constants.FIREWALL, action_map=firewall.ACTION_MAP, - register_quota=True) - - @classmethod - def get_plugin_interface(cls): - return FirewallPluginBase - - -@six.add_metaclass(abc.ABCMeta) -class FirewallPluginBase(service_base.ServicePluginBase): - - def get_plugin_type(self): - return fwaas_constants.FIREWALL - - def get_plugin_description(self): - return 'Firewall service plugin' - - @abc.abstractmethod - def get_firewalls(self, context, filters=None, fields=None): - pass - - @abc.abstractmethod - def get_firewall(self, context, id, fields=None): - pass - - @abc.abstractmethod - def create_firewall(self, context, firewall): - pass - - @abc.abstractmethod - def update_firewall(self, context, id, firewall): - pass - - @abc.abstractmethod - def delete_firewall(self, context, id): - pass - - @abc.abstractmethod - def get_firewall_rules(self, context, filters=None, fields=None): - pass - - @abc.abstractmethod - def get_firewall_rule(self, context, id, fields=None): - pass - - @abc.abstractmethod - def create_firewall_rule(self, context, firewall_rule): - pass - - @abc.abstractmethod - def update_firewall_rule(self, context, id, firewall_rule): - pass - - @abc.abstractmethod - def delete_firewall_rule(self, context, id): - pass - - @abc.abstractmethod - def get_firewall_policy(self, context, id, fields=None): - pass - - @abc.abstractmethod - def get_firewall_policies(self, context, filters=None, fields=None): - pass - - @abc.abstractmethod - def create_firewall_policy(self, context, firewall_policy): - pass - - @abc.abstractmethod - def update_firewall_policy(self, context, id, firewall_policy): - pass - - @abc.abstractmethod - def delete_firewall_policy(self, context, id): - pass - - @abc.abstractmethod - def insert_rule(self, context, id, rule_info): - pass - - @abc.abstractmethod - def remove_rule(self, context, id, rule_info): - pass diff --git a/neutron_fwaas/extensions/firewall_v2.py b/neutron_fwaas/extensions/firewall_v2.py index d8745e971..401fd2803 100644 --- a/neutron_fwaas/extensions/firewall_v2.py +++ b/neutron_fwaas/extensions/firewall_v2.py @@ -172,7 +172,22 @@ default_fwg_rules_opts = [ help=_('Firewall group rule enabled. ' 'Default is True.')), ] +firewall_quota_opts = [ + cfg.IntOpt('quota_firewall_group', + default=10, + help=_('Number of firewall groups allowed per tenant. ' + 'A negative value means unlimited.')), + cfg.IntOpt('quota_firewall_policy', + default=10, + help=_('Number of firewall policies allowed per tenant. ' + 'A negative value means unlimited.')), + cfg.IntOpt('quota_firewall_rule', + default=100, + help=_('Number of firewall rules allowed per tenant. ' + 'A negative value means unlimited.')), +] cfg.CONF.register_opts(default_fwg_rules_opts, 'default_fwg_rules') +cfg.CONF.register_opts(firewall_quota_opts, 'QUOTAS') # TODO(Reedip): Remove the convert_to functionality after bug1706061 is fixed. diff --git a/neutron_fwaas/extensions/firewallrouterinsertion.py b/neutron_fwaas/extensions/firewallrouterinsertion.py deleted file mode 100644 index e0ce9bc0b..000000000 --- a/neutron_fwaas/extensions/firewallrouterinsertion.py +++ /dev/null @@ -1,39 +0,0 @@ -# Copyright 2015 Cisco Systems Inc. -# All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from neutron_lib.api.definitions import firewallrouterinsertion -from neutron_lib.api import extensions - - -class Firewallrouterinsertion(extensions.APIExtensionDescriptor): - """Extension class supporting Firewall and Router(s) association. - - The extension enables providing an option to specify router-ids of - routers where the firewall is to be installed. This is supported in - a manner so that the older version of the API continues to be supported. - On a CREATE, if the router_ids option is not specified then the firewall - is installed on all routers on the tenant. If the router-ids option is - provided with a list of routers then the firewall is installed on the - specified routers. If the router-ids option is provided with an empty - list then the firewall is created but put in an INACTIVE state to reflect - that no routers are associated. This firewall can be updated with a list - of routers which will then drive the state to ACTIVE after the agent - installs and acks back. UPDATE also supports the option in a similar - manner. If the router_ids option is not provided, then there is no change - to the existing association with the routers. When the router_is option is - provided with a list of routers or an empty list - this drives the new - set of routers that the firewall is associated with. - """ - api_definition = firewallrouterinsertion diff --git a/neutron_fwaas/opts.py b/neutron_fwaas/opts.py index bc6a2e2f7..4a375498a 100644 --- a/neutron_fwaas/opts.py +++ b/neutron_fwaas/opts.py @@ -14,7 +14,6 @@ import neutron.conf.services.provider_configuration import neutron_fwaas.services.firewall.service_drivers.agents.\ firewall_agent_api -import neutron_fwaas.extensions.firewall import neutron_fwaas.extensions.firewall_v2 @@ -29,7 +28,7 @@ def list_agent_opts(): def list_opts(): return [ ('quotas', - neutron_fwaas.extensions.firewall.firewall_quota_opts), + neutron_fwaas.extensions.firewall_v2.firewall_quota_opts), ('service_providers', neutron.conf.services.provider_configuration.serviceprovider_opts), ('default_fwg_rules',