Make iptables firewall work with L3 plugin without DVR support
iptables firewall implementation expects 'distributed' attribute
is populated in router_info.router, but this attribute is only
populated when L3 plugin supports DVR extension. This commits
take into account the case where 'distributed' attribute does
not exist in router_info.router.
Change-Id: I2b0c208d74923f9ea0fc35bcea00e11152bbdb3d
Closes-Bug: #1448439
(cherry picked from commit 649fab93ce
)
This commit is contained in:
parent
331316624a
commit
cdcd5a7b69
|
@ -73,7 +73,7 @@ class IptablesFwaasDriver(fwaas_base.FwaasDriverBase):
|
|||
namespace and a fip so this is provided back as a list - so in that
|
||||
scenario rules can be applied on both.
|
||||
"""
|
||||
if not router_info.router['distributed']:
|
||||
if not router_info.router.get('distributed'):
|
||||
return [{'ipt': router_info.iptables_manager,
|
||||
'if_prefix': INTERNAL_DEV_PREFIX}]
|
||||
ipt_mgrs = []
|
||||
|
|
|
@ -93,7 +93,10 @@ class IptablesFwaasTestCase(base.BaseTestCase):
|
|||
apply_list = []
|
||||
while router_count > 0:
|
||||
iptables_inst = mock.Mock()
|
||||
router_inst = {'distributed': distributed}
|
||||
if distributed is not None:
|
||||
router_inst = {'distributed': distributed}
|
||||
else:
|
||||
router_inst = {}
|
||||
v4filter_inst = mock.Mock()
|
||||
v6filter_inst = mock.Mock()
|
||||
v4filter_inst.chains = []
|
||||
|
@ -203,6 +206,10 @@ class IptablesFwaasTestCase(base.BaseTestCase):
|
|||
def test_create_firewall_with_rules(self):
|
||||
self._setup_firewall_with_rules(self.firewall.create_firewall)
|
||||
|
||||
def test_create_firewall_with_rules_without_distributed_attr(self):
|
||||
self._setup_firewall_with_rules(self.firewall.create_firewall,
|
||||
distributed=None)
|
||||
|
||||
def test_create_firewall_with_rules_two_routers(self):
|
||||
self._setup_firewall_with_rules(self.firewall.create_firewall,
|
||||
router_count=2)
|
||||
|
@ -210,8 +217,12 @@ class IptablesFwaasTestCase(base.BaseTestCase):
|
|||
def test_update_firewall_with_rules(self):
|
||||
self._setup_firewall_with_rules(self.firewall.update_firewall)
|
||||
|
||||
def test_delete_firewall(self):
|
||||
apply_list = self._fake_apply_list()
|
||||
def test_update_firewall_with_rules_without_distributed_attr(self):
|
||||
self._setup_firewall_with_rules(self.firewall.update_firewall,
|
||||
distributed=None)
|
||||
|
||||
def _test_delete_firewall(self, distributed=False):
|
||||
apply_list = self._fake_apply_list(distributed=distributed)
|
||||
firewall = self._fake_firewall_no_rule()
|
||||
self.firewall.delete_firewall('legacy', apply_list, firewall)
|
||||
ingress_chain = 'iv4%s' % firewall['id']
|
||||
|
@ -221,6 +232,12 @@ class IptablesFwaasTestCase(base.BaseTestCase):
|
|||
mock.call.remove_chain('fwaas-default-policy')]
|
||||
apply_list[0].iptables_manager.ipv4['filter'].assert_has_calls(calls)
|
||||
|
||||
def test_delete_firewall(self):
|
||||
self._test_delete_firewall()
|
||||
|
||||
def test_delete_firewall_without_distributed_attr(self):
|
||||
self._test_delete_firewall(distributed=None)
|
||||
|
||||
def test_create_firewall_with_admin_down(self):
|
||||
apply_list = self._fake_apply_list()
|
||||
rule_list = self._fake_rules_v4(FAKE_FW_ID, apply_list)
|
||||
|
|
Loading…
Reference in New Issue