ovn: support allow-stateless ACL verb

It was added in OVN 21.06. It is used to implement stateless firewall. Change-Id: I7343fb609fab91c20490842378747f7265241e82
2021-05-20 12:49:21 -04:00 · 2021-05-20 12:49:21 -04:00 · a7127ffe86
parent 6596164f51
commit a7127ffe86
3 changed files with 11 additions and 4 deletions
--- a/ovsdbapp/schema/ovn_northbound/api.py
+++ b/ovsdbapp/schema/ovn_northbound/api.py
@ -109,7 +109,8 @@ class API(api.API, metaclass=abc.ABCMeta):
        :param match:     The match rule
        :type match:      string
        :param action:    The action to take upon match
-        :type action:     'allow', 'allow-related', 'drop', or 'reject'
+        :type action:     'allow', 'allow-related', 'allow-stateless', 'drop',
+                          or 'reject'
        :param log:       If True, enable packet logging for the ACL
        :type log:        boolean
        :returns:         :class:`Command` with RowView result
@ -159,7 +160,8 @@ class API(api.API, metaclass=abc.ABCMeta):
        :param match:        The match rule
        :type match:         string
        :param action:       The action to take upon match
-        :type action:        'allow', 'allow-related', 'drop', or 'reject'
+        :type action:        'allow', 'allow-related', 'allow-stateless',
+                             'drop', or 'reject'
        :param log:          If True, enable packet logging for the ACL
        :type log:           boolean
        :param may_exist:    If True, don't fail if the ACL already exists
--- a/ovsdbapp/schema/ovn_northbound/commands.py
+++ b/ovsdbapp/schema/ovn_northbound/commands.py
@ -91,8 +91,10 @@ class _AclAddHelper(cmd.AddCommand):
        if not 0 <= priority <= const.ACL_PRIORITY_MAX:
            raise ValueError("priority must be between 0 and %s, inclusive" % (
                             const.ACL_PRIORITY_MAX))
-        if action not in ('allow', 'allow-related', 'drop', 'reject'):
-            raise TypeError("action must be allow/allow-related/drop/reject")
+        if action not in ('allow', 'allow-related', 'allow-stateless',
+                          'drop', 'reject'):
+            raise TypeError("action must be allow/allow-related/"
+                            "allow-stateless/drop/reject")
        super().__init__(api)
        self.entity = entity
        self.direction = direction
--- a/releasenotes/notes/ovn-support-allow-stateless-01aed5acdcd1c0d1.yaml
+++ b/releasenotes/notes/ovn-support-allow-stateless-01aed5acdcd1c0d1.yaml
@ -0,0 +1,3 @@
+---
+features:
+  - Support the new "allow-stateless" ACL action. It was added in OVN 21.06.