Restore Brocade Vyatta firewall functionality

Code changes related to the patch set I467bb680666ec9bc82e55cfe534d74db29009cce removed the process_router() method that was being used by the Vyatta Firewall agent code to update/apply firewall to the Vyatta VRouter when an end user executed the "Set Gateway" or "Add/Remove interfaces" method on a router. The current patch set restores the functionality by leveraging functionality provided by neutron.callbacks. Change-Id: If3ad35ff08d69b6567350354bc7f4bf7fc71f263 Closes-Bug: #1442043 (cherry picked from commit 650e68b4f7)
2015-04-09 05:15:37 -05:00 · 2015-04-09 05:15:37 -05:00 · f4eca886ed
parent 96dc29350d
commit f4eca886ed
3 changed files with 74 additions and 26 deletions
--- a/neutron_fwaas/services/firewall/agents/vyatta/firewall_service.py
+++ b/neutron_fwaas/services/firewall/agents/vyatta/firewall_service.py
@ -0,0 +1,58 @@
+# Copyright 2015 Brocade Communications System, Inc.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+#
+
+from neutron.callbacks import events
+from neutron.callbacks import registry
+from neutron.callbacks import resources
+from neutron import context
+from oslo_log import log as logging
+
+from neutron_fwaas.services.firewall.agents.vyatta import vyatta_utils
+
+
+LOG = logging.getLogger(__name__)
+
+
+class VyattaFirewallService(object):
+    # TODO(vishwanathj): Code to be revised in Liberty release to use
+    # the base class firewall_service.FirewallService for registrations
+    def __init__(self, l3_agent):
+        self.conf = l3_agent.conf
+        registry.subscribe(
+            sync_firewall_zones, resources.ROUTER, events.AFTER_CREATE)
+        registry.subscribe(
+            sync_firewall_zones, resources.ROUTER, events.AFTER_DELETE)
+        registry.subscribe(
+            sync_firewall_zones, resources.ROUTER, events.AFTER_UPDATE)
+
+
+def sync_firewall_zones(resource, event, l3_agent, **kwargs):
+    LOG.debug('VyattaFirewallService:: sync_firewall_zones() called')
+
+    ri = kwargs['router']
+
+    ctx = context.Context(None, ri.router['tenant_id'])
+    client = l3_agent._vyatta_clients_pool.get_by_db_lookup(
+        ri.router['id'], ctx)
+    fw_list = l3_agent.fwplugin_rpc.get_firewalls_for_tenant(ctx)
+    if fw_list:
+        zone_cmds = []
+        for fw in fw_list:
+            if ri.router['id'] in fw['router_ids']:
+                fw_name = vyatta_utils.get_firewall_name(ri, fw)
+                zone_cmds.extend(vyatta_utils.get_zone_cmds(client, ri,
+                                                            fw_name))
+        client.exec_cmd_batch(zone_cmds)
--- a/neutron_fwaas/services/firewall/agents/vyatta/fwaas_agent.py
+++ b/neutron_fwaas/services/firewall/agents/vyatta/fwaas_agent.py
@ -1,4 +1,4 @@
-# Copyright 2015 OpenStack Foundation.
+# Copyright 2015 Brocade Communications System, Inc.
 # All Rights Reserved.
 #
 #    Licensed under the Apache License, Version 2.0 (the "License"); you may
@ -16,34 +16,21 @@

 from networking_brocade.vyatta.common import l3_agent as vyatta_l3
 from neutron.agent import l3_agent
-from neutron import context
-from oslo_log import log as logging

-from neutron_fwaas.services.firewall.agents.vyatta import vyatta_utils
-
-
-LOG = logging.getLogger(__name__)
+from neutron_fwaas.services.firewall.agents.vyatta import firewall_service


 class VyattaFirewallAgent(vyatta_l3.L3AgentMiddleware):
    """Brocade Neutron Firewall agent for Vyatta vRouter.

-    Configures zone policies on Vyatta vRouter instance.
+    The base class FWaaSL3AgentRpcCallback of the VyattaFirewallAgent creates
+    the reference FirewallService object that loads the VyattaFirewallDriver
+    class.The VyattaFirewallService class registers callbacks and subscribes
+    to router events.
    """
-    def process_router(self, ri):
-        LOG.debug("VyattaFirewallAgent:: process_router() called")
-        ctx = context.Context(None, ri.router['tenant_id'])
-        client = self._vyatta_clients_pool.get_by_db_lookup(
-            ri.router['id'], ctx)
-        fw_list = self.fwplugin_rpc.get_firewalls_for_tenant(ctx)
-        if fw_list:
-            zone_cmds = []
-            for fw in fw_list:
-                if ri.router['id'] in fw['router_ids']:
-                    fw_name = vyatta_utils.get_firewall_name(ri, fw)
-                    zone_cmds.extend(vyatta_utils.get_zone_cmds(client, ri,
-                                                                fw_name))
-            client.exec_cmd_batch(zone_cmds)
+    def __init__(self, host, conf=None):
+        super(VyattaFirewallAgent, self).__init__(host, conf)
+        self.service = firewall_service.VyattaFirewallService(self)


 def main():
--- a/neutron_fwaas/tests/unit/services/firewall/agents/vyatta/test_firewall_service.py
+++ b/neutron_fwaas/tests/unit/services/firewall/agents/vyatta/test_firewall_service.py
@ -22,9 +22,10 @@ from neutron.tests import base


 class FakeL3AgentMidleware(object):
-    def __init__(self, host):
+    def __init__(self, host, conf=None):
        self._vyatta_clients_pool = mock.Mock()
        self.fwplugin_rpc = mock.Mock()
+        self.conf = conf

 # Mocking imports of 3rd party vyatta library in unit tests and all modules
 # that depends on this library. Import will fail if not mocked and 3rd party
@ -37,6 +38,7 @@ with mock.patch.dict(sys.modules, {
 }):
    from networking_brocade.vyatta.common import l3_agent
    l3_agent.L3AgentMiddleware = FakeL3AgentMidleware
+    from neutron_fwaas.services.firewall.agents.vyatta import firewall_service
    from neutron_fwaas.services.firewall.agents.vyatta import fwaas_agent
    from neutron_fwaas.services.firewall.agents.vyatta import vyatta_utils

@ -45,9 +47,9 @@ def fake_cmd(*args, **kwargs):
    return (args, kwargs)


-class TestVyattaFirewallAgent(base.BaseTestCase):
+class TestVyattaFirewallService(base.BaseTestCase):

-    def test_process_router(self):
+    def test_sync_firewall_zones(self):
        agent = self._make_agent()

        fake_client = mock.Mock()
@ -84,7 +86,8 @@ class TestVyattaFirewallAgent(base.BaseTestCase):
                vyatta_utils, 'get_zone_cmds') as get_zone_mock:
            get_zone_mock.return_value = cmd_list

-            agent.process_router(router_info)
+            firewall_service.sync_firewall_zones(
+                None, None, agent, router=router_info)

        agent._vyatta_clients_pool.get_by_db_lookup.assert_called_once_with(
            router_info.router['id'], mock.ANY)