x
/
group-based-policy
Code Issues Proposed changes

Renaming of GBP resources 

The following resources are being renamed:

Endpoints to Policy Targets
Endpoints Group to Policy Target Groups
Contracts to Policy Rule Sets

The changes to the spec are outlined in:
https://review.openstack.org/#/c/134747

This cascades to a number of changes including DB.

Change-Id: I5139a59fec135d39a32838ce1d05e168a55e2fec
Partially-implements: blueprint group-based-policy-abstraction
This commit is contained in:
Sumit Naiksatam 2014-11-12 05:05:52 -08:00
parent b3be657650
commit 0322515b48
37 changed files with 2573 additions and 2426 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
README.rst
View File

@ -25,3 +25,12 @@ GBP project management (blueprints, bugs) is done via Launchpad:
For help using or hacking on GBP, you can send mail to
<mailto:openstack-dev@lists.openstack.org>.
Acronyms used in code for brevity:
PT: Policy Target
PTG: Policy Target Group
PR: Policy Rule
PRS: Policy Rule Set
L2P: L2 Policy
L3P: L3 Policy
NSP: Network Service Policy

637
gbp/neutron/db/grouppolicy/group_policy_db.py
View File

@ -32,12 +32,9 @@ MAX_IPV4_SUBNET_PREFIX_LENGTH = 31
MAX_IPV6_SUBNET_PREFIX_LENGTH = 127
class Endpoint(model_base.BASEV2, models_v2.HasId, models_v2.HasTenant):
"""Endpoint is the lowest unit of abstraction on which a policy is applied.
This Endpoint is unrelated to the Endpoint terminology used in Keystone.
"""
__tablename__ = 'gp_endpoints'
class PolicyTarget(model_base.BASEV2, models_v2.HasId, models_v2.HasTenant):
"""Lowest unit of abstraction on which a policy is applied."""
__tablename__ = 'gp_policy_targets'
type = sa.Column(sa.String(15))
__mapper_args__ = {
'polymorphic_on': type,
@ -45,36 +42,40 @@ class Endpoint(model_base.BASEV2, models_v2.HasId, models_v2.HasTenant):
}
name = sa.Column(sa.String(50))
description = sa.Column(sa.String(255))
endpoint_group_id = sa.Column(sa.String(36),
sa.ForeignKey('gp_endpoint_groups.id'),
nullable=True)
policy_target_group_id = sa.Column(sa.String(36),
sa.ForeignKey(
'gp_policy_target_groups.id'),
nullable=True)
class EndpointGroupContractProvidingAssociation(model_base.BASEV2):
"""Models many to many providing relation between EPGs and Contracts."""
__tablename__ = 'gp_endpoint_group_contract_providing_associations'
contract_id = sa.Column(sa.String(36),
sa.ForeignKey('gp_contracts.id'),
primary_key=True)
endpoint_group_id = sa.Column(sa.String(36),
sa.ForeignKey('gp_endpoint_groups.id'),
primary_key=True)
class PTGToPRSProvidingAssociation(model_base.BASEV2):
"""Many to many providing relation between PTGs and Policy Rule Sets."""
__tablename__ = 'gp_ptg_to_prs_providing_associations'
policy_rule_set_id = sa.Column(sa.String(36),
sa.ForeignKey('gp_policy_rule_sets.id'),
primary_key=True)
policy_target_group_id = sa.Column(sa.String(36),
sa.ForeignKey(
'gp_policy_target_groups.id'),
primary_key=True)
class EndpointGroupContractConsumingAssociation(model_base.BASEV2):
"""Models many to many consuming relation between EPGs and Contracts."""
__tablename__ = 'gp_endpoint_group_contract_consuming_associations'
contract_id = sa.Column(sa.String(36),
sa.ForeignKey('gp_contracts.id'),
primary_key=True)
endpoint_group_id = sa.Column(sa.String(36),
sa.ForeignKey('gp_endpoint_groups.id'),
primary_key=True)
class PTGToPRSConsumingAssociation(model_base.BASEV2):
"""Many to many consuming relation between PTGs and Policy Rule Sets."""
__tablename__ = 'gp_ptg_to_prs_consuming_associations'
policy_rule_set_id = sa.Column(sa.String(36),
sa.ForeignKey('gp_policy_rule_sets.id'),
primary_key=True)
policy_target_group_id = sa.Column(sa.String(36),
sa.ForeignKey(
'gp_policy_target_groups.id'),
primary_key=True)
class EndpointGroup(model_base.BASEV2, models_v2.HasId, models_v2.HasTenant):
"""Represents an Endpoint Group that is a collection of endpoints."""
__tablename__ = 'gp_endpoint_groups'
class PolicyTargetGroup(model_base.BASEV2, models_v2.HasId,
models_v2.HasTenant):
"""It is a collection of policy_targets."""
__tablename__ = 'gp_policy_target_groups'
type = sa.Column(sa.String(15))
__mapper_args__ = {
'polymorphic_on': type,
@ -82,23 +83,24 @@ class EndpointGroup(model_base.BASEV2, models_v2.HasId, models_v2.HasTenant):
}
name = sa.Column(sa.String(50))
description = sa.Column(sa.String(255))
endpoints = orm.relationship(Endpoint, backref='endpoint_group')
policy_targets = orm.relationship(PolicyTarget,
backref='policy_target_group')
l2_policy_id = sa.Column(sa.String(36),
sa.ForeignKey('gp_l2_policies.id'),
nullable=True)
network_service_policy_id = sa.Column(
sa.String(36), sa.ForeignKey('gp_network_service_policies.id'),
nullable=True)
provided_contracts = orm.relationship(
EndpointGroupContractProvidingAssociation,
backref='providing_endpoint_group', cascade='all, delete-orphan')
consumed_contracts = orm.relationship(
EndpointGroupContractConsumingAssociation,
backref='consuming_endpoint_group', cascade='all, delete-orphan')
provided_policy_rule_sets = orm.relationship(
PTGToPRSProvidingAssociation,
backref='providing_policy_target_group', cascade='all, delete-orphan')
consumed_policy_rule_sets = orm.relationship(
PTGToPRSConsumingAssociation,
backref='consuming_policy_target_group', cascade='all, delete-orphan')
class L2Policy(model_base.BASEV2, models_v2.HasId, models_v2.HasTenant):
"""Represents a L2 Policy for a collection of endpoint_groups."""
"""Represents a L2 Policy for a collection of policy_target_groups."""
__tablename__ = 'gp_l2_policies'
type = sa.Column(sa.String(15))
__mapper_args__ = {
@ -107,7 +109,8 @@ class L2Policy(model_base.BASEV2, models_v2.HasId, models_v2.HasTenant):
}
name = sa.Column(sa.String(50))
description = sa.Column(sa.String(255))
endpoint_groups = orm.relationship(EndpointGroup, backref='l2_policy')
policy_target_groups = orm.relationship(PolicyTargetGroup,
backref='l2_policy')
l3_policy_id = sa.Column(sa.String(36),
sa.ForeignKey('gp_l3_policies.id'),
nullable=True)
@ -146,18 +149,18 @@ class NetworkServicePolicy(
__tablename__ = 'gp_network_service_policies'
name = sa.Column(sa.String(50))
description = sa.Column(sa.String(255))
endpoint_groups = orm.relationship(EndpointGroup,
backref='network_service_policy')
network_service_params = orm.relationship(NetworkServiceParam,
backref='network_service_policy')
policy_target_groups = orm.relationship(PolicyTargetGroup,
backref='network_service_policy')
network_service_params = orm.relationship(
NetworkServiceParam, backref='network_service_policy')
class ContractPolicyRuleAssociation(model_base.BASEV2):
"""Models the many to many relation between Contract and Policy rules."""
__tablename__ = 'gp_contract_policy_rule_associations'
contract_id = sa.Column(sa.String(36),
sa.ForeignKey('gp_contracts.id'),
primary_key=True)
class PRSToPRAssociation(model_base.BASEV2):
"""Many to many relation between Policy Rule Set and Policy rules."""
__tablename__ = 'gp_prs_to_pr_associations'
policy_rule_set_id = sa.Column(sa.String(36),
sa.ForeignKey('gp_policy_rule_sets.id'),
primary_key=True)
policy_rule_id = sa.Column(sa.String(36),
sa.ForeignKey('gp_policy_rules.id'),
primary_key=True)
@ -225,27 +228,27 @@ class PolicyAction(model_base.BASEV2, models_v2.HasId, models_v2.HasTenant):
cascade='all', backref='gp_policy_actions')
class Contract(model_base.BASEV2, models_v2.HasTenant):
"""Represents a Contract that is a collection of Policy rules."""
__tablename__ = 'gp_contracts'
class PolicyRuleSet(model_base.BASEV2, models_v2.HasTenant):
"""It is a collection of Policy rules."""
__tablename__ = 'gp_policy_rule_sets'
id = sa.Column(sa.String(36), primary_key=True,
default=uuidutils.generate_uuid)
name = sa.Column(sa.String(50))
description = sa.Column(sa.String(255))
parent_id = sa.Column(sa.String(255), sa.ForeignKey('gp_contracts.id'),
parent_id = sa.Column(sa.String(255),
sa.ForeignKey('gp_policy_rule_sets.id'),
nullable=True)
child_contracts = orm.relationship('Contract',
backref=orm.backref('parent',
remote_side=[id]))
policy_rules = orm.relationship(ContractPolicyRuleAssociation,
backref='contract', lazy="joined",
child_policy_rule_sets = orm.relationship(
'PolicyRuleSet', backref=orm.backref('parent', remote_side=[id]))
policy_rules = orm.relationship(PRSToPRAssociation,
backref='policy_rule_set', lazy="joined",
cascade='all, delete-orphan')
providing_endpoint_groups = orm.relationship(
EndpointGroupContractProvidingAssociation, backref='provided_contract',
lazy="joined", cascade='all')
consuming_endpoint_groups = orm.relationship(
EndpointGroupContractConsumingAssociation, backref='consumed_contract',
lazy="joined", cascade='all')
providing_policy_target_groups = orm.relationship(
PTGToPRSProvidingAssociation,
backref='provided_policy_rule_set', lazy="joined", cascade='all')
consuming_policy_target_groups = orm.relationship(
PTGToPRSConsumingAssociation,
backref='consumed_policy_rule_set', lazy="joined", cascade='all')
class GroupPolicyDbPlugin(gpolicy.GroupPolicyPluginBase,
@ -260,18 +263,20 @@ class GroupPolicyDbPlugin(gpolicy.GroupPolicyPluginBase,
def __init__(self, *args, **kwargs):
super(GroupPolicyDbPlugin, self).__init__(*args, **kwargs)
def _get_endpoint(self, context, endpoint_id):
def _get_policy_target(self, context, policy_target_id):
try:
return self._get_by_id(context, Endpoint, endpoint_id)
return self._get_by_id(context, PolicyTarget, policy_target_id)
except exc.NoResultFound:
raise gpolicy.EndpointNotFound(endpoint_id=endpoint_id)
raise gpolicy.PolicyTargetNotFound(
policy_target_id=policy_target_id)
def _get_endpoint_group(self, context, endpoint_group_id):
def _get_policy_target_group(self, context, policy_target_group_id):
try:
return self._get_by_id(context, EndpointGroup, endpoint_group_id)
return self._get_by_id(
context, PolicyTargetGroup, policy_target_group_id)
except exc.NoResultFound:
raise gpolicy.EndpointGroupNotFound(
endpoint_group_id=endpoint_group_id)
raise gpolicy.PolicyTargetGroupNotFound(
policy_target_group_id=policy_target_group_id)
def _get_l2_policy(self, context, l2_policy_id):
try:
@ -283,8 +288,7 @@ class GroupPolicyDbPlugin(gpolicy.GroupPolicyPluginBase,
try:
return self._get_by_id(context, L3Policy, l3_policy_id)
except exc.NoResultFound:
raise gpolicy.L3PolicyNotFound(l3_policy_id=
l3_policy_id)
raise gpolicy.L3PolicyNotFound(l3_policy_id=l3_policy_id)
def _get_network_service_policy(self, context, network_service_policy_id):
try:
@ -299,16 +303,16 @@ class GroupPolicyDbPlugin(gpolicy.GroupPolicyPluginBase,
return self._get_by_id(context, PolicyClassifier,
policy_classifier_id)
except exc.NoResultFound:
raise gpolicy.PolicyClassifierNotFound(policy_classifier_id=
policy_classifier_id)
raise gpolicy.PolicyClassifierNotFound(
policy_classifier_id=policy_classifier_id)
def _get_policy_action(self, context, policy_action_id):
try:
policy_action = self._get_by_id(context, PolicyAction,
policy_action_id)
except exc.NoResultFound:
raise gpolicy.PolicyActionNotFound(policy_action_id=
policy_action_id)
raise gpolicy.PolicyActionNotFound(
policy_action_id=policy_action_id)
return policy_action
def _get_policy_rule(self, context, policy_rule_id):
@ -316,16 +320,18 @@ class GroupPolicyDbPlugin(gpolicy.GroupPolicyPluginBase,
policy_rule = self._get_by_id(context, PolicyRule,
policy_rule_id)
except exc.NoResultFound:
raise gpolicy.PolicyRuleNotFound(policy_rule_id=
policy_rule_id)
raise gpolicy.PolicyRuleNotFound(
policy_rule_id=policy_rule_id)
return policy_rule
def _get_contract(self, context, contract_id):
def _get_policy_rule_set(self, context, policy_rule_set_id):
try:
contract = self._get_by_id(context, Contract, contract_id)
policy_rule_set = self._get_by_id(
context, PolicyRuleSet, policy_rule_set_id)
except exc.NoResultFound:
raise gpolicy.ContractNotFound(contract_id=contract_id)
return contract
raise gpolicy.PolicyRuleSetNotFound(
policy_rule_set_id=policy_rule_set_id)
return policy_rule_set
@staticmethod
def _get_min_max_ports_from_range(port_range):
@ -359,8 +365,8 @@ class GroupPolicyDbPlugin(gpolicy.GroupPolicyPluginBase,
if action_id not in actions_set:
# If we find an invalid action in the list we
# do not perform the update
raise gpolicy.PolicyActionNotFound(policy_action_id=
action_id)
raise gpolicy.PolicyActionNotFound(
policy_action_id=action_id)
# New list of actions is valid so we will first reset the existing
# list and then add each action in order.
# Note that the list could be empty in which case we interpret
@ -371,87 +377,93 @@ class GroupPolicyDbPlugin(gpolicy.GroupPolicyPluginBase,
policy_action_id=action_id)
pr_db.policy_actions.append(assoc)
def _validate_contract_list(self, context, contracts_id_list):
def _validate_policy_rule_set_list(self, context,
policy_rule_sets_id_list):
with context.session.begin(subtransactions=True):
filters = {'id': [c_id for c_id in contracts_id_list]}
contracts_in_db = self._get_collection_query(
context, Contract, filters=filters)
existing_contract_ids = set(c_db['id'] for c_db in contracts_in_db)
for contract_id in contracts_id_list:
if contract_id not in existing_contract_ids:
# If we find an invalid contract id in the list we
filters = {'id': [c_id for c_id in policy_rule_sets_id_list]}
policy_rule_sets_in_db = self._get_collection_query(
context, PolicyRuleSet, filters=filters)
existing_policy_rule_set_ids = set(
c_db['id'] for c_db in policy_rule_sets_in_db)
for policy_rule_set_id in policy_rule_sets_id_list:
if policy_rule_set_id not in existing_policy_rule_set_ids:
# If we find an invalid policy_rule_set id in the list we
# dont process the entire list
raise gpolicy.ContractNotFound(contract_id=contract_id)
return contracts_in_db
raise gpolicy.PolicyRuleSetNotFound(
policy_rule_set_id=policy_rule_set_id)
return policy_rule_sets_in_db
def _set_providers_or_consumers_for_endpoint_group(self, context, epg_db,
contracts_dict,
provider=True):
# TODO(Sumit): Check that the same contract ID does not belong to
# provider and consumer dicts
if not contracts_dict:
def _set_providers_or_consumers_for_policy_target_group(
self, context, ptg_db, policy_rule_sets_dict, provider=True):
# TODO(Sumit): Check that the same policy_rule_set ID does not belong
# to provider and consumer dicts
if not policy_rule_sets_dict:
if provider:
epg_db.provided_contracts = []
ptg_db.provided_policy_rule_sets = []
return
else:
epg_db.consumed_contracts = []
ptg_db.consumed_policy_rule_sets = []
return
with context.session.begin(subtransactions=True):
contracts_id_list = contracts_dict.keys()
# We will first check if the new list of contracts is valid
self._validate_contract_list(context, contracts_id_list)
# New list of contracts is valid so we will first reset the
# existing list and then add each contract.
policy_rule_sets_id_list = policy_rule_sets_dict.keys()
# We will first check if the new list of policy_rule_sets is valid
self._validate_policy_rule_set_list(
context, policy_rule_sets_id_list)
# New list of policy_rule_sets is valid so we will first reset the
# existing list and then add each policy_rule_set.
# Note that the list could be empty in which case we interpret
# it as clearing existing rules.
if provider:
epg_db.provided_contracts = []
ptg_db.provided_policy_rule_sets = []
else:
epg_db.consumed_contracts = []
for contract_id in contracts_id_list:
ptg_db.consumed_policy_rule_sets = []
for policy_rule_set_id in policy_rule_sets_id_list:
if provider:
assoc = EndpointGroupContractProvidingAssociation(
endpoint_group_id=epg_db.id,
contract_id=contract_id)
epg_db.provided_contracts.append(assoc)
assoc = PTGToPRSProvidingAssociation(
policy_target_group_id=ptg_db.id,
policy_rule_set_id=policy_rule_set_id)
ptg_db.provided_policy_rule_sets.append(assoc)
else:
assoc = EndpointGroupContractConsumingAssociation(
endpoint_group_id=epg_db.id,
contract_id=contract_id)
epg_db.consumed_contracts.append(assoc)
assoc = PTGToPRSConsumingAssociation(
policy_target_group_id=ptg_db.id,
policy_rule_set_id=policy_rule_set_id)
ptg_db.consumed_policy_rule_sets.append(assoc)
def _set_children_for_contract(self, context, contract_db, child_id_list):
def _set_children_for_policy_rule_set(self, context,
policy_rule_set_db, child_id_list):
if not child_id_list:
contract_db.child_contracts = []
policy_rule_set_db.child_policy_rule_sets = []
return
if contract_db['parent_id']:
if policy_rule_set_db['parent_id']:
# Only one hierarchy level allowed for now
raise gpolicy.ThreeLevelContractHierarchyNotSupported(
contract_id=contract_db['id'])
raise gpolicy.ThreeLevelPolicyRuleSetHierarchyNotSupported(
policy_rule_set_id=policy_rule_set_db['id'])
with context.session.begin(subtransactions=True):
# We will first check if the new list of contracts is valid
# We will first check if the new list of policy_rule_sets is valid
contracts_in_db = self._validate_contract_list(
policy_rule_sets_in_db = self._validate_policy_rule_set_list(
context, child_id_list)
for child in contracts_in_db:
if (child['child_contracts'] or
child['id'] == contract_db['id']):
# Only one level contract relationship supported for now
# No loops allowed
raise gpolicy.BadContractRelationship(
parent_id=contract_db['id'], child_id=child['id'])
# New list of child contracts is valid so we will first reset the
# existing list and then add each contract.
for child in policy_rule_sets_in_db:
if (child['child_policy_rule_sets'] or
child['id'] == policy_rule_set_db['id']):
# Only one level policy_rule_set relationship supported for
# now. No loops allowed
raise gpolicy.BadPolicyRuleSetRelationship(
parent_id=policy_rule_set_db['id'],
child_id=child['id'])
# New list of child policy_rule_sets is valid so we will first
# reset the existing list and then add each policy_rule_set.
# Note that the list could be empty in which case we interpret
# it as clearing existing child contracts.
contract_db.child_contracts = []
for child in contracts_in_db:
contract_db.child_contracts.append(child)
# it as clearing existing child policy_rule_sets.
policy_rule_set_db.child_policy_rule_sets = []
for child in policy_rule_sets_in_db:
policy_rule_set_db.child_policy_rule_sets.append(child)
def _set_rules_for_contract(self, context, contract_db, rule_id_list):
ct_db = contract_db
def _set_rules_for_policy_rule_set(self, context,
policy_rule_set_db, rule_id_list):
prs_db = policy_rule_set_db
if not rule_id_list:
ct_db.policy_rules = []
prs_db.policy_rules = []
return
with context.session.begin(subtransactions=True):
# We will first check if the new list of rules is valid
@ -468,42 +480,42 @@ class GroupPolicyDbPlugin(gpolicy.GroupPolicyPluginBase,
# list and then add each rule in order.
# Note that the list could be empty in which case we interpret
# it as clearing existing rules.
ct_db.policy_rules = []
prs_db.policy_rules = []
for rule_id in rule_id_list:
ct_rule_db = ContractPolicyRuleAssociation(
prs_rule_db = PRSToPRAssociation(
policy_rule_id=rule_id,
contract_id=ct_db.id)
ct_db.policy_rules.append(ct_rule_db)
policy_rule_set_id=prs_db.id)
prs_db.policy_rules.append(prs_rule_db)
def _process_contracts_for_epg(self, context, epg_db, epg):
if 'provided_contracts' in epg:
self._set_providers_or_consumers_for_endpoint_group(
context, epg_db, epg['provided_contracts'])
del epg['provided_contracts']
if 'consumed_contracts' in epg:
self._set_providers_or_consumers_for_endpoint_group(
context, epg_db, epg['consumed_contracts'], False)
del epg['consumed_contracts']
return epg
def _process_policy_rule_sets_for_ptg(self, context, ptg_db, ptg):
if 'provided_policy_rule_sets' in ptg:
self._set_providers_or_consumers_for_policy_target_group(
context, ptg_db, ptg['provided_policy_rule_sets'])
del ptg['provided_policy_rule_sets']
if 'consumed_policy_rule_sets' in ptg:
self._set_providers_or_consumers_for_policy_target_group(
context, ptg_db, ptg['consumed_policy_rule_sets'], False)
del ptg['consumed_policy_rule_sets']
return ptg
def _set_l3_policy_for_l2_policy(self, context, l2p_id, l3p_id):
with context.session.begin(subtransactions=True):
l2p_db = self._get_l2_policy(context, l2p_id)
l2p_db.l3_policy_id = l3p_id
def _set_l2_policy_for_endpoint_group(self, context, epg_id, l2p_id):
def _set_l2_policy_for_policy_target_group(self, context, ptg_id, l2p_id):
with context.session.begin(subtransactions=True):
epg_db = self._get_endpoint_group(context, epg_id)
epg_db.l2_policy_id = l2p_id
ptg_db = self._get_policy_target_group(context, ptg_id)
ptg_db.l2_policy_id = l2p_id
def _set_network_service_policy_for_endpoint_group(
self, context, epg_id, nsp_id):
def _set_network_service_policy_for_policy_target_group(
self, context, ptg_id, nsp_id):
with context.session.begin(subtransactions=True):
epg_db = self._get_endpoint_group(context, epg_id)
epg_db.network_service_policy_id = nsp_id
ptg_db = self._get_policy_target_group(context, ptg_id)
ptg_db.network_service_policy_id = nsp_id
def _set_params_for_network_service_policy(
self, context, network_service_policy_db, network_service_policy):
self, context, network_service_policy_db, network_service_policy):
nsp_db = network_service_policy_db
params = network_service_policy['network_service_params']
if not params:
@ -519,27 +531,29 @@ class GroupPolicyDbPlugin(gpolicy.GroupPolicyPluginBase,
nsp_db.network_service_params.append(param_db)
del network_service_policy['network_service_params']
def _make_endpoint_dict(self, ep, fields=None):
res = {'id': ep['id'],
'tenant_id': ep['tenant_id'],
'name': ep['name'],
'description': ep['description'],
'endpoint_group_id': ep['endpoint_group_id']}
def _make_policy_target_dict(self, pt, fields=None):
res = {'id': pt['id'],
'tenant_id': pt['tenant_id'],
'name': pt['name'],
'description': pt['description'],
'policy_target_group_id': pt['policy_target_group_id']}
return self._fields(res, fields)
def _make_endpoint_group_dict(self, epg, fields=None):
res = {'id': epg['id'],
'tenant_id': epg['tenant_id'],
'name': epg['name'],
'description': epg['description'],
'l2_policy_id': epg['l2_policy_id'],
'network_service_policy_id': epg['network_service_policy_id']}
res['endpoints'] = [ep['id']
for ep in epg['endpoints']]
res['provided_contracts'] = [pc['contract_id']
for pc in epg['provided_contracts']]
res['consumed_contracts'] = [cc['contract_id']
for cc in epg['consumed_contracts']]
def _make_policy_target_group_dict(self, ptg, fields=None):
res = {'id': ptg['id'],
'tenant_id': ptg['tenant_id'],
'name': ptg['name'],
'description': ptg['description'],
'l2_policy_id': ptg['l2_policy_id'],
'network_service_policy_id': ptg['network_service_policy_id']}
res['policy_targets'] = [
pt['id'] for pt in ptg['policy_targets']]
res['provided_policy_rule_sets'] = (
[pprs['policy_rule_set_id'] for pprs in ptg[
'provided_policy_rule_sets']])
res['consumed_policy_rule_sets'] = (
[cprs['policy_rule_set_id'] for cprs in ptg[
'consumed_policy_rule_sets']])
return self._fields(res, fields)
def _make_l2_policy_dict(self, l2p, fields=None):
@ -548,8 +562,8 @@ class GroupPolicyDbPlugin(gpolicy.GroupPolicyPluginBase,
'name': l2p['name'],
'description': l2p['description'],
'l3_policy_id': l2p['l3_policy_id']}
res['endpoint_groups'] = [epg['id']
for epg in l2p['endpoint_groups']]
res['policy_target_groups'] = [
ptg['id'] for ptg in l2p['policy_target_groups']]
return self._fields(res, fields)
def _make_l3_policy_dict(self, l3p, fields=None):
@ -570,8 +584,8 @@ class GroupPolicyDbPlugin(gpolicy.GroupPolicyPluginBase,
'tenant_id': nsp['tenant_id'],
'name': nsp['name'],
'description': nsp['description']}
res['endpoint_groups'] = [epg['id']
for epg in nsp['endpoint_groups']]
res['policy_target_groups'] = [
ptg['id'] for ptg in nsp['policy_target_groups']]
params = []
for param in nsp['network_service_params']:
params.append({
@ -614,36 +628,36 @@ class GroupPolicyDbPlugin(gpolicy.GroupPolicyPluginBase,
for pa in pr['policy_actions']]
return self._fields(res, fields)
def _make_contract_dict(self, ct, fields=None):
res = {'id': ct['id'],
'tenant_id': ct['tenant_id'],
'name': ct['name'],
'description': ct['description']}
if ct['parent']:
res['parent_id'] = ct['parent']['id']
def _make_policy_rule_set_dict(self, prs, fields=None):
res = {'id': prs['id'],
'tenant_id': prs['tenant_id'],
'name': prs['name'],
'description': prs['description']}
if prs['parent']:
res['parent_id'] = prs['parent']['id']
else:
res['parent_id'] = None
ctx = context.get_admin_context()
if 'child_contracts' in ct:
if 'child_policy_rule_sets' in prs:
# They have been updated
res['child_contracts'] = [child_ct['id']
for child_ct in ct['child_contracts']]
res['child_policy_rule_sets'] = [
child_prs['id'] for child_prs in prs['child_policy_rule_sets']]
else:
with ctx.session.begin(subtransactions=True):
filters = {'parent_id': [ct['id']]}
child_contracts_in_db = self._get_collection_query(
ctx, Contract, filters=filters)
res['child_contracts'] = [child_ct['id']
for child_ct in
child_contracts_in_db]
filters = {'parent_id': [prs['id']]}
child_prs_in_db = self._get_collection_query(
ctx, PolicyRuleSet, filters=filters)
res['child_policy_rule_sets'] = [child_prs['id']
for child_prs
in child_prs_in_db]
res['policy_rules'] = [pr['policy_rule_id']
for pr in ct['policy_rules']]
for pr in prs['policy_rules']]
return self._fields(res, fields)
def _get_policy_rule_contracts(self, context, policy_rule_id):
return [x['contract_id'] for x in
context.session.query(ContractPolicyRuleAssociation).filter_by(
def _get_policy_rule_policy_rule_sets(self, context, policy_rule_id):
return [x['policy_rule_set_id'] for x in
context.session.query(PRSToPRAssociation).filter_by(
policy_rule_id=policy_rule_id)]
@staticmethod
@ -659,108 +673,108 @@ class GroupPolicyDbPlugin(gpolicy.GroupPolicyPluginBase,
# than size of the ip_pool's subnet
@log.log
def create_endpoint(self, context, endpoint):
ep = endpoint['endpoint']
tenant_id = self._get_tenant_id_for_create(context, ep)
def create_policy_target(self, context, policy_target):
pt = policy_target['policy_target']
tenant_id = self._get_tenant_id_for_create(context, pt)
with context.session.begin(subtransactions=True):
ep_db = Endpoint(id=uuidutils.generate_uuid(),
tenant_id=tenant_id,
name=ep['name'],
description=ep['description'],
endpoint_group_id=ep['endpoint_group_id'])
context.session.add(ep_db)
return self._make_endpoint_dict(ep_db)
pt_db = PolicyTarget(
id=uuidutils.generate_uuid(), tenant_id=tenant_id,
name=pt['name'], description=pt['description'],
policy_target_group_id=pt['policy_target_group_id'])
context.session.add(pt_db)
return self._make_policy_target_dict(pt_db)
@log.log
def update_endpoint(self, context, endpoint_id, endpoint):
ep = endpoint['endpoint']
def update_policy_target(self, context, policy_target_id, policy_target):
pt = policy_target['policy_target']
with context.session.begin(subtransactions=True):
ep_db = self._get_endpoint(context, endpoint_id)
ep_db.update(ep)
return self._make_endpoint_dict(ep_db)
pt_db = self._get_policy_target(context, policy_target_id)
pt_db.update(pt)
return self._make_policy_target_dict(pt_db)
@log.log
def delete_endpoint(self, context, endpoint_id):
def delete_policy_target(self, context, policy_target_id):
with context.session.begin(subtransactions=True):
ep_db = self._get_endpoint(context, endpoint_id)
context.session.delete(ep_db)
pt_db = self._get_policy_target(context, policy_target_id)
context.session.delete(pt_db)
@log.log
def get_endpoint(self, context, endpoint_id, fields=None):
ep = self._get_endpoint(context, endpoint_id)
return self._make_endpoint_dict(ep, fields)
def get_policy_target(self, context, policy_target_id, fields=None):
pt = self._get_policy_target(context, policy_target_id)
return self._make_policy_target_dict(pt, fields)
@log.log
def get_endpoints(self, context, filters=None, fields=None,
sorts=None, limit=None, marker=None,
page_reverse=False):
marker_obj = self._get_marker_obj(context, 'endpoint', limit,
def get_policy_targets(self, context, filters=None, fields=None,
sorts=None, limit=None, marker=None,
page_reverse=False):
marker_obj = self._get_marker_obj(context, 'policy_target', limit,
marker)
return self._get_collection(context, Endpoint,
self._make_endpoint_dict,
return self._get_collection(context, PolicyTarget,
self._make_policy_target_dict,
filters=filters, fields=fields,
sorts=sorts, limit=limit,
marker_obj=marker_obj,
page_reverse=page_reverse)
@log.log
def get_endpoints_count(self, context, filters=None):
return self._get_collection_count(context, Endpoint,
def get_policy_targets_count(self, context, filters=None):
return self._get_collection_count(context, PolicyTarget,
filters=filters)
@log.log
def create_endpoint_group(self, context, endpoint_group):
epg = endpoint_group['endpoint_group']
tenant_id = self._get_tenant_id_for_create(context, epg)
def create_policy_target_group(self, context, policy_target_group):
ptg = policy_target_group['policy_target_group']
tenant_id = self._get_tenant_id_for_create(context, ptg)
with context.session.begin(subtransactions=True):
epg_db = EndpointGroup(id=uuidutils.generate_uuid(),
tenant_id=tenant_id,
name=epg['name'],
description=epg['description'],
l2_policy_id=epg['l2_policy_id'],
network_service_policy_id=
epg['network_service_policy_id'])
context.session.add(epg_db)
self._process_contracts_for_epg(context, epg_db, epg)
return self._make_endpoint_group_dict(epg_db)
ptg_db = PolicyTargetGroup(
id=uuidutils.generate_uuid(), tenant_id=tenant_id,
name=ptg['name'], description=ptg['description'],
l2_policy_id=ptg['l2_policy_id'],
network_service_policy_id=ptg['network_service_policy_id'])
context.session.add(ptg_db)
self._process_policy_rule_sets_for_ptg(context, ptg_db, ptg)
return self._make_policy_target_group_dict(ptg_db)
@log.log
def update_endpoint_group(self, context, endpoint_group_id,
endpoint_group):
epg = endpoint_group['endpoint_group']
def update_policy_target_group(self, context, policy_target_group_id,
policy_target_group):
ptg = policy_target_group['policy_target_group']
with context.session.begin(subtransactions=True):
epg_db = self._get_endpoint_group(context, endpoint_group_id)
epg = self._process_contracts_for_epg(context, epg_db, epg)
epg_db.update(epg)
return self._make_endpoint_group_dict(epg_db)
ptg_db = self._get_policy_target_group(
context, policy_target_group_id)
ptg = self._process_policy_rule_sets_for_ptg(context, ptg_db, ptg)
ptg_db.update(ptg)
return self._make_policy_target_group_dict(ptg_db)
@log.log
def delete_endpoint_group(self, context, endpoint_group_id):
def delete_policy_target_group(self, context, policy_target_group_id):
with context.session.begin(subtransactions=True):
epg_db = self._get_endpoint_group(context, endpoint_group_id)
context.session.delete(epg_db)
ptg_db = self._get_policy_target_group(
context, policy_target_group_id)
context.session.delete(ptg_db)
@log.log
def get_endpoint_group(self, context, endpoint_group_id, fields=None):
epg = self._get_endpoint_group(context, endpoint_group_id)
return self._make_endpoint_group_dict(epg, fields)
def get_policy_target_group(self, context, policy_target_group_id,
fields=None):
ptg = self._get_policy_target_group(context, policy_target_group_id)
return self._make_policy_target_group_dict(ptg, fields)
@log.log
def get_endpoint_groups(self, context, filters=None, fields=None,
sorts=None, limit=None, marker=None,
page_reverse=False):
marker_obj = self._get_marker_obj(context, 'endpoint_group', limit,
marker)
return self._get_collection(context, EndpointGroup,
self._make_endpoint_group_dict,
def get_policy_target_groups(self, context, filters=None, fields=None,
sorts=None, limit=None, marker=None,
page_reverse=False):
marker_obj = self._get_marker_obj(
context, 'policy_target_group', limit, marker)
return self._get_collection(context, PolicyTargetGroup,
self._make_policy_target_group_dict,
filters=filters, fields=fields,
sorts=sorts, limit=limit,
marker_obj=marker_obj,
page_reverse=page_reverse)
@log.log
def get_endpoint_groups_count(self, context, filters=None):
return self._get_collection_count(context, EndpointGroup,
def get_policy_target_groups_count(self, context, filters=None):
return self._get_collection_count(context, PolicyTargetGroup,
filters=filters)
@log.log
@ -902,15 +916,15 @@ class GroupPolicyDbPlugin(gpolicy.GroupPolicyPluginBase,
@log.log
def get_network_service_policy(
self, context, network_service_policy_id, fields=None):
self, context, network_service_policy_id, fields=None):
nsp = self._get_network_service_policy(
context, network_service_policy_id)
return self._make_network_service_policy_dict(nsp, fields)
@log.log
def get_network_service_policies(
self, context, filters=None, fields=None, sorts=None, limit=None,
marker=None, page_reverse=False):
self, context, filters=None, fields=None, sorts=None, limit=None,
marker=None, page_reverse=False):
marker_obj = self._get_marker_obj(
context, 'network_service_policy', limit, marker)
return self._get_collection(context, NetworkServicePolicy,
@ -1090,55 +1104,56 @@ class GroupPolicyDbPlugin(gpolicy.GroupPolicyPluginBase,
filters=filters)
@log.log
def create_contract(self, context, contract):
ct = contract['contract']
tenant_id = self._get_tenant_id_for_create(context, ct)
def create_policy_rule_set(self, context, policy_rule_set):
prs = policy_rule_set['policy_rule_set']
tenant_id = self._get_tenant_id_for_create(context, prs)
with context.session.begin(subtransactions=True):
ct_db = Contract(id=uuidutils.generate_uuid(),
tenant_id=tenant_id,
name=ct['name'],
description=ct['description'])
context.session.add(ct_db)
self._set_rules_for_contract(context, ct_db,
ct['policy_rules'])
self._set_children_for_contract(context, ct_db,
ct['child_contracts'])
return self._make_contract_dict(ct_db)
prs_db = PolicyRuleSet(id=uuidutils.generate_uuid(),
tenant_id=tenant_id,
name=prs['name'],
description=prs['description'])
context.session.add(prs_db)
self._set_rules_for_policy_rule_set(context, prs_db,
prs['policy_rules'])
self._set_children_for_policy_rule_set(
context, prs_db, prs['child_policy_rule_sets'])
return self._make_policy_rule_set_dict(prs_db)
@log.log
def update_contract(self, context, contract_id, contract):
ct = contract['contract']
def update_policy_rule_set(self, context, policy_rule_set_id,
policy_rule_set):
prs = policy_rule_set['policy_rule_set']
with context.session.begin(subtransactions=True):
ct_db = self._get_contract(context, contract_id)
if 'policy_rules' in ct:
self._set_rules_for_contract(context, ct_db,
ct['policy_rules'])
del ct['policy_rules']
if 'child_contracts' in ct:
self._set_children_for_contract(context, ct_db,
ct['child_contracts'])
del ct['child_contracts']
ct_db.update(ct)
return self._make_contract_dict(ct_db)
prs_db = self._get_policy_rule_set(context, policy_rule_set_id)
if 'policy_rules' in prs:
self._set_rules_for_policy_rule_set(
context, prs_db, prs['policy_rules'])
del prs['policy_rules']
if 'child_policy_rule_sets' in prs:
self._set_children_for_policy_rule_set(
context, prs_db, prs['child_policy_rule_sets'])
del prs['child_policy_rule_sets']
prs_db.update(prs)
return self._make_policy_rule_set_dict(prs_db)
@log.log
def delete_contract(self, context, contract_id):
def delete_policy_rule_set(self, context, policy_rule_set_id):
with context.session.begin(subtransactions=True):
ct_db = self._get_contract(context, contract_id)
context.session.delete(ct_db)
prs_db = self._get_policy_rule_set(context, policy_rule_set_id)
context.session.delete(prs_db)
@log.log
def get_contract(self, context, contract_id, fields=None):
ct = self._get_contract(context, contract_id)
return self._make_contract_dict(ct, fields)
def get_policy_rule_set(self, context, policy_rule_set_id, fields=None):
prs = self._get_policy_rule_set(context, policy_rule_set_id)
return self._make_policy_rule_set_dict(prs, fields)
@log.log
def get_contracts(self, context, filters=None, fields=None):
return self._get_collection(context, Contract,
self._make_contract_dict,
def get_policy_rule_sets(self, context, filters=None, fields=None):
return self._get_collection(context, PolicyRuleSet,
self._make_policy_rule_set_dict,
filters=filters, fields=fields)
@log.log
def get_contracts_count(self, context, filters=None):
return self._get_collection_count(context, Contract,
def get_policy_rule_sets_count(self, context, filters=None):
return self._get_collection_count(context, PolicyRuleSet,
filters=filters)

156
gbp/neutron/db/grouppolicy/group_policy_mapping_db.py
View File

@ -24,8 +24,8 @@ from gbp.neutron.db.grouppolicy import group_policy_db as gpdb
LOG = logging.getLogger(__name__)
class EndpointMapping(gpdb.Endpoint):
"""Mapping of Endpoint to Neutron Port."""
class PolicyTargetMapping(gpdb.PolicyTarget):
"""Mapping of PolicyTarget to Neutron Port."""
__table_args__ = {'extend_existing': True}
__mapper_args__ = {'polymorphic_identity': 'mapping'}
# REVISIT(ivar): Set null on delete is a temporary workaround until Nova
@ -35,21 +35,21 @@ class EndpointMapping(gpdb.Endpoint):
nullable=True, unique=True)
class EndpointGroupSubnetAssociation(model_base.BASEV2):
"""Models the many to many relation between EndpointGroup and Subnets."""
__tablename__ = 'gp_endpoint_group_subnet_associations'
endpoint_group_id = sa.Column(sa.String(36),
sa.ForeignKey('gp_endpoint_groups.id'),
primary_key=True)
class PTGToSubnetAssociation(model_base.BASEV2):
"""Many to many relation between PolicyTargetGroup and Subnets."""
__tablename__ = 'gp_ptg_to_subnet_associations'
policy_target_group_id = sa.Column(
sa.String(36), sa.ForeignKey('gp_policy_target_groups.id'),
primary_key=True)
subnet_id = sa.Column(sa.String(36), sa.ForeignKey('subnets.id'),
primary_key=True)
class EndpointGroupMapping(gpdb.EndpointGroup):
"""Mapping of EndpointGroup to set of Neutron Subnets."""
class PolicyTargetGroupMapping(gpdb.PolicyTargetGroup):
"""Mapping of PolicyTargetGroup to set of Neutron Subnets."""
__table_args__ = {'extend_existing': True}
__mapper_args__ = {'polymorphic_identity': 'mapping'}
subnets = orm.relationship(EndpointGroupSubnetAssociation,
subnets = orm.relationship(PTGToSubnetAssociation,
cascade='all', lazy="joined")
@ -82,16 +82,16 @@ class GroupPolicyMappingDbPlugin(gpdb.GroupPolicyDbPlugin):
"""Group Policy Mapping interface implementation using SQLAlchemy models.
"""
def _make_endpoint_dict(self, ep, fields=None):
def _make_policy_target_dict(self, pt, fields=None):
res = super(GroupPolicyMappingDbPlugin,
self)._make_endpoint_dict(ep)
res['port_id'] = ep.port_id
self)._make_policy_target_dict(pt)
res['port_id'] = pt.port_id
return self._fields(res, fields)
def _make_endpoint_group_dict(self, epg, fields=None):
def _make_policy_target_group_dict(self, ptg, fields=None):
res = super(GroupPolicyMappingDbPlugin,
self)._make_endpoint_group_dict(epg)
res['subnets'] = [subnet.subnet_id for subnet in epg.subnets]
self)._make_policy_target_group_dict(ptg)
res['subnets'] = [subnet.subnet_id for subnet in ptg.subnets]
return self._fields(res, fields)
def _make_l2_policy_dict(self, l2p, fields=None):
@ -106,18 +106,18 @@ class GroupPolicyMappingDbPlugin(gpdb.GroupPolicyDbPlugin):
res['routers'] = [router.router_id for router in l3p.routers]
return self._fields(res, fields)
def _set_port_for_endpoint(self, context, ep_id, port_id):
def _set_port_for_policy_target(self, context, pt_id, port_id):
with context.session.begin(subtransactions=True):
ep_db = self._get_endpoint(context, ep_id)
ep_db.port_id = port_id
pt_db = self._get_policy_target(context, pt_id)
pt_db.port_id = port_id
def _add_subnet_to_endpoint_group(self, context, epg_id, subnet_id):
def _add_subnet_to_policy_target_group(self, context, ptg_id, subnet_id):
with context.session.begin(subtransactions=True):
epg_db = self._get_endpoint_group(context, epg_id)
assoc = EndpointGroupSubnetAssociation(endpoint_group_id=epg_id,
subnet_id=subnet_id)
epg_db.subnets.append(assoc)
return [subnet.subnet_id for subnet in epg_db.subnets]
ptg_db = self._get_policy_target_group(context, ptg_id)
assoc = PTGToSubnetAssociation(policy_target_group_id=ptg_id,
subnet_id=subnet_id)
ptg_db.subnets.append(assoc)
return [subnet.subnet_id for subnet in ptg_db.subnets]
def _set_network_for_l2_policy(self, context, l2p_id, network_id):
with context.session.begin(subtransactions=True):
@ -133,71 +133,73 @@ class GroupPolicyMappingDbPlugin(gpdb.GroupPolicyDbPlugin):
return [router.router_id for router in l3p_db.routers]
@log.log
def create_endpoint(self, context, endpoint):
ep = endpoint['endpoint']
tenant_id = self._get_tenant_id_for_create(context, ep)
def create_policy_target(self, context, policy_target):
pt = policy_target['policy_target']
tenant_id = self._get_tenant_id_for_create(context, pt)
with context.session.begin(subtransactions=True):
ep_db = EndpointMapping(id=uuidutils.generate_uuid(),
tenant_id=tenant_id,
name=ep['name'],
description=ep['description'],
endpoint_group_id=
ep['endpoint_group_id'],
port_id=ep['port_id'])
context.session.add(ep_db)
return self._make_endpoint_dict(ep_db)
pt_db = PolicyTargetMapping(id=uuidutils.generate_uuid(),
tenant_id=tenant_id,
name=pt['name'],
description=pt['description'],
policy_target_group_id=
pt['policy_target_group_id'],
port_id=pt['port_id'])
context.session.add(pt_db)
return self._make_policy_target_dict(pt_db)
@log.log
def create_endpoint_group(self, context, endpoint_group):
epg = endpoint_group['endpoint_group']
tenant_id = self._get_tenant_id_for_create(context, epg)
def create_policy_target_group(self, context, policy_target_group):
ptg = policy_target_group['policy_target_group']
tenant_id = self._get_tenant_id_for_create(context, ptg)
with context.session.begin(subtransactions=True):
epg_db = EndpointGroupMapping(id=uuidutils.generate_uuid(),
tenant_id=tenant_id,
name=epg['name'],
description=epg['description'],
l2_policy_id=epg['l2_policy_id'],
network_service_policy_id=
epg['network_service_policy_id'])
context.session.add(epg_db)
if 'subnets' in epg:
for subnet in epg['subnets']:
assoc = EndpointGroupSubnetAssociation(
endpoint_group_id=epg_db.id,
ptg_db = PolicyTargetGroupMapping(id=uuidutils.generate_uuid(),
tenant_id=tenant_id,
name=ptg['name'],
description=ptg['description'],
l2_policy_id=ptg['l2_policy_id'],
network_service_policy_id=
ptg['network_service_policy_id'])
context.session.add(ptg_db)
if 'subnets' in ptg:
for subnet in ptg['subnets']:
assoc = PTGToSubnetAssociation(
policy_target_group_id=ptg_db.id,
subnet_id=subnet
)
epg_db.subnets.append(assoc)
self._process_contracts_for_epg(context, epg_db, epg)
return self._make_endpoint_group_dict(epg_db)
ptg_db.subnets.append(assoc)
self._process_policy_rule_sets_for_ptg(context, ptg_db, ptg)
return self._make_policy_target_group_dict(ptg_db)
@log.log
def update_endpoint_group(self, context, endpoint_group_id,
endpoint_group):
epg = endpoint_group['endpoint_group']
def update_policy_target_group(self, context, policy_target_group_id,
policy_target_group):
ptg = policy_target_group['policy_target_group']
with context.session.begin(subtransactions=True):
epg_db = self._get_endpoint_group(context, endpoint_group_id)
self._process_contracts_for_epg(context, epg_db, epg)
if 'subnets' in epg:
ptg_db = self._get_policy_target_group(
context, policy_target_group_id)
self._process_policy_rule_sets_for_ptg(context, ptg_db, ptg)
if 'subnets' in ptg:
# Add/remove associations for changes in subnets.
new_subnets = set(epg['subnets'])
new_subnets = set(ptg['subnets'])
old_subnets = set(subnet.subnet_id
for subnet in epg_db.subnets)
for subnet in ptg_db.subnets)
for subnet in new_subnets - old_subnets:
assoc = EndpointGroupSubnetAssociation(
endpoint_group_id=endpoint_group_id, subnet_id=subnet)
epg_db.subnets.append(assoc)
assoc = PTGToSubnetAssociation(
policy_target_group_id=policy_target_group_id,
subnet_id=subnet)
ptg_db.subnets.append(assoc)
for subnet in old_subnets - new_subnets:
assoc = (context.session.
query(EndpointGroupSubnetAssociation).
filter_by(endpoint_group_id=endpoint_group_id,
subnet_id=subnet).
one())
epg_db.subnets.remove(assoc)
assoc = (
context.session.query(
PTGToSubnetAssociation).filter_by(
policy_target_group_id=policy_target_group_id,
subnet_id=subnet).one())
ptg_db.subnets.remove(assoc)
context.session.delete(assoc)
# Don't update epg_db.subnets with subnet IDs.
del epg['subnets']
epg_db.update(epg)
return self._make_endpoint_group_dict(epg_db)
# Don't update ptg_db.subnets with subnet IDs.
del ptg['subnets']
ptg_db.update(ptg)
return self._make_policy_target_group_dict(ptg_db)
@log.log
def create_l2_policy(self, context, l2_policy):

65
gbp/neutron/db/migration/alembic_migrations/versions/3ef186997b02_gbp_contracts.py
View File

@ -13,7 +13,7 @@
# under the License.
#
"""gbp_contracts
"""gbp_policy_rule_sets
Revision ID: 3ef186997b02
Create Date: 2014-07-30 14:48:49.838182
@ -30,49 +30,58 @@ import sqlalchemy as sa
def upgrade():
op.create_table(
'gp_contracts',
'gp_policy_rule_sets',
sa.Column('id', sa.String(36), nullable=False),
sa.Column('tenant_id', sa.String(length=255), nullable=True),
sa.Column('name', sa.String(length=50), nullable=True),
sa.Column('description', sa.String(length=255), nullable=True),
sa.Column('parent_id', sa.String(length=36), nullable=True),
sa.ForeignKeyConstraint(['parent_id'],
['gp_contracts.id']),
['gp_policy_rule_sets.id']),
sa.PrimaryKeyConstraint('id'))
op.create_table(
'gp_endpoint_group_contract_providing_associations',
sa.Column('contract_id', sa.String(length=36), nullable=True),
sa.ForeignKeyConstraint(['contract_id'],
['gp_contracts.id'], ondelete='CASCADE'),
sa.Column('endpoint_group_id', sa.String(length=36), nullable=True),
sa.ForeignKeyConstraint(['endpoint_group_id'],
['gp_endpoint_groups.id'], ondelete='CASCADE'),
sa.PrimaryKeyConstraint('contract_id', 'endpoint_group_id'))
'gp_ptg_to_prs_providing_associations',
sa.Column('policy_rule_set_id', sa.String(length=36), nullable=True),
sa.ForeignKeyConstraint(['policy_rule_set_id'],
['gp_policy_rule_sets.id'],
ondelete='CASCADE'),
sa.Column('policy_target_group_id', sa.String(length=36),
nullable=True),
sa.ForeignKeyConstraint(['policy_target_group_id'],
['gp_policy_target_groups.id'],
ondelete='CASCADE'),
sa.PrimaryKeyConstraint('policy_rule_set_id',
'policy_target_group_id'))
op.create_table(
'gp_endpoint_group_contract_consuming_associations',
sa.Column('contract_id', sa.String(length=36), nullable=True),
sa.ForeignKeyConstraint(['contract_id'],
['gp_contracts.id'], ondelete='CASCADE'),
sa.Column('endpoint_group_id', sa.String(length=36), nullable=True),
sa.ForeignKeyConstraint(['endpoint_group_id'],
['gp_endpoint_groups.id'], ondelete='CASCADE'),
sa.PrimaryKeyConstraint('contract_id', 'endpoint_group_id'))
'gp_ptg_to_prs_consuming_associations',
sa.Column('policy_rule_set_id', sa.String(length=36), nullable=True),
sa.ForeignKeyConstraint(['policy_rule_set_id'],
['gp_policy_rule_sets.id'],
ondelete='CASCADE'),
sa.Column('policy_target_group_id', sa.String(length=36),
nullable=True),
sa.ForeignKeyConstraint(['policy_target_group_id'],
['gp_policy_target_groups.id'],
ondelete='CASCADE'),
sa.PrimaryKeyConstraint('policy_rule_set_id',
'policy_target_group_id'))
op.create_table(
'gp_contract_policy_rule_associations',
sa.Column('contract_id', sa.String(length=36), nullable=True),
sa.ForeignKeyConstraint(['contract_id'],
['gp_contracts.id'], ondelete='CASCADE'),
'gp_prs_to_pr_associations',
sa.Column('policy_rule_set_id', sa.String(length=36), nullable=True),
sa.ForeignKeyConstraint(['policy_rule_set_id'],
['gp_policy_rule_sets.id'],
ondelete='CASCADE'),
sa.Column('policy_rule_id', sa.String(length=36), nullable=True),
sa.ForeignKeyConstraint(['policy_rule_id'],
['gp_policy_rules.id'], ondelete='CASCADE'),
sa.PrimaryKeyConstraint('contract_id', 'policy_rule_id'))
sa.PrimaryKeyConstraint('policy_rule_set_id', 'policy_rule_id'))
def downgrade():
op.drop_table('gp_endpoint_group_contract_providing_associations')
op.drop_table('gp_endpoint_group_contract_consuming_associations')
op.drop_table('gp_contract_policy_rule_associations')
op.drop_table('gp_contracts')
op.drop_table('gp_ptg_to_prs_consuming_associations')
op.drop_table('gp_ptg_to_prs_providing_associations')
op.drop_table('gp_prs_to_pr_associations')
op.drop_table('gp_policy_rule_sets')

34
gbp/neutron/db/migration/alembic_migrations/versions/53de98f7a066_gpm_db_1.py
View File

@ -33,13 +33,14 @@ import sqlalchemy as sa
def upgrade():
op.create_table(
'gp_endpoint_group_subnet_associations',
sa.Column('endpoint_group_id', sa.String(length=36), nullable=False),
'gp_ptg_to_subnet_associations',
sa.Column('policy_target_group_id', sa.String(length=36),
nullable=False),
sa.Column('subnet_id', sa.String(length=36), nullable=False),
sa.ForeignKeyConstraint(['endpoint_group_id'],
['gp_endpoint_groups.id']),
sa.ForeignKeyConstraint(['policy_target_group_id'],
['gp_policy_target_groups.id']),
sa.ForeignKeyConstraint(['subnet_id'], ['subnets.id']),
sa.PrimaryKeyConstraint('endpoint_group_id', 'subnet_id')
sa.PrimaryKeyConstraint('policy_target_group_id', 'subnet_id')
)
op.create_table(
@ -52,12 +53,12 @@ def upgrade():
)
op.add_column(
'gp_endpoint_groups',
'gp_policy_target_groups',
sa.Column('type', sa.String(length=15), nullable=True)
)
op.add_column(
'gp_endpoints',
'gp_policy_targets',
sa.Column('type', sa.String(length=15), nullable=True)
)
@ -72,12 +73,12 @@ def upgrade():
)
op.add_column(
'gp_endpoints',
'gp_policy_targets',
sa.Column('port_id', sa.String(length=36), nullable=True)
)
op.create_unique_constraint(None, 'gp_endpoints', ['port_id'])
op.create_foreign_key('gp_endpoints_ibfk_2',
source='gp_endpoints', referent='ports',
op.create_unique_constraint(None, 'gp_policy_targets', ['port_id'])
op.create_foreign_key('gp_policy_targets_ibfk_2',
source='gp_policy_targets', referent='ports',
local_cols=['port_id'], remote_cols=['id'],
ondelete='SET NULL')
@ -95,11 +96,12 @@ def downgrade():
op.drop_constraint('gp_l2_policies_ibfk_2', 'gp_l2_policies', 'foreignkey')
op.drop_column('gp_l2_policies', 'network_id')
op.drop_constraint('gp_endpoints_ibfk_2', 'gp_endpoints', 'foreignkey')
op.drop_column('gp_endpoints', 'port_id')
op.drop_constraint('gp_policy_targets_ibfk_2', 'gp_policy_targets',
'foreignkey')
op.drop_column('gp_policy_targets', 'port_id')
op.drop_column('gp_l3_policies', 'type')
op.drop_column('gp_l2_policies', 'type')
op.drop_column('gp_endpoints', 'type')
op.drop_column('gp_endpoint_groups', 'type')
op.drop_column('gp_policy_targets', 'type')
op.drop_column('gp_policy_target_groups', 'type')
op.drop_table('gp_l3_policy_router_associations')
op.drop_table('gp_endpoint_group_subnet_associations')
op.drop_table('gp_ptg_to_subnet_associations')

13
gbp/neutron/db/migration/alembic_migrations/versions/577bb4469944_gbp_network_service_policy.py
View File

@ -54,14 +54,14 @@ def upgrade():
sa.PrimaryKeyConstraint('id'))
op.add_column(
'gp_endpoint_groups',
'gp_policy_target_groups',
sa.Column('network_service_policy_id',
sa.String(length=36), nullable=True))
op.create_unique_constraint(None, 'gp_endpoint_groups',
op.create_unique_constraint(None, 'gp_policy_target_groups',
['network_service_policy_id'])
op.create_foreign_key('gp_endpoint_groups_ibfk_nsp',
source='gp_endpoint_groups',
op.create_foreign_key('gp_policy_target_groups_ibfk_nsp',
source='gp_policy_target_groups',
referent='gp_network_service_policies',
local_cols=['network_service_policy_id'],
remote_cols=['id'], ondelete='CASCADE')
@ -69,8 +69,9 @@ def upgrade():
def downgrade():
op.drop_constraint('gp_endpoint_groups_ibfk_nsp', 'gp_endpoint_groups',
op.drop_constraint('gp_policy_target_groups_ibfk_nsp',
'gp_policy_target_groups',
'foreignkey')
op.drop_column('gp_endpoint_groups', 'network_service_policy_id')
op.drop_column('gp_policy_target_groups', 'network_service_policy_id')
op.drop_table('gp_network_service_params')
op.drop_table('gp_network_service_policies')

11
gbp/neutron/db/migration/alembic_migrations/versions/5c65abe72596_gbp_security_group_mapping.py
View File

@ -32,18 +32,19 @@ import sqlalchemy as sa
def upgrade():
op.create_table(
'gpm_contract_sg_mapping',
sa.Column('contract_id', sa.String(length=36), nullable=False),
'gpm_policy_rule_set_sg_mapping',
sa.Column('policy_rule_set_id', sa.String(length=36), nullable=False),
sa.Column('provided_sg_id', sa.String(length=36)),
sa.Column('consumed_sg_id', sa.String(length=36)),
sa.ForeignKeyConstraint(['contract_id'], ['gp_contracts.id'],
sa.ForeignKeyConstraint(['policy_rule_set_id'],
['gp_policy_rule_sets.id'],
ondelete='CASCADE'),
sa.ForeignKeyConstraint(['provided_sg_id'], ['securitygroups.id']),
sa.ForeignKeyConstraint(['consumed_sg_id'], ['securitygroups.id']),
sa.PrimaryKeyConstraint('contract_id')
sa.PrimaryKeyConstraint('policy_rule_set_id')
)
def downgrade():
op.drop_table('gpm_contract_sg_mapping')
op.drop_table('gpm_policy_rule_set_sg_mapping')

18
gbp/neutron/db/migration/alembic_migrations/versions/ab64381ee820_gbp_db_ep_epg_l2_l3_policy.py
View File

@ -13,7 +13,7 @@
# under the License.
#
""" gbp_db_ep_epg_l2_l3_policy
""" gbp_db_ep_ptg_l2_l3_policy
Revision ID: ab64381ee820
"""
@ -52,7 +52,7 @@ def upgrade():
sa.PrimaryKeyConstraint('id'))
op.create_table(
'gp_endpoint_groups',
'gp_policy_target_groups',
sa.Column('id', sa.String(36), nullable=False),
sa.Column('tenant_id', sa.String(length=255), nullable=True),
sa.Column('name', sa.String(length=50), nullable=True),
@ -63,20 +63,22 @@ def upgrade():
sa.PrimaryKeyConstraint('id'))
op.create_table(
'gp_endpoints',
'gp_policy_targets',
sa.Column('id', sa.String(36), nullable=False),
sa.Column('tenant_id', sa.String(length=255), nullable=True),
sa.Column('name', sa.String(length=50), nullable=True),
sa.Column('description', sa.String(length=255), nullable=True),
sa.Column('endpoint_group_id', sa.String(length=36), nullable=True),
sa.ForeignKeyConstraint(['endpoint_group_id'],
['gp_endpoint_groups.id'], ondelete='CASCADE'),
sa.Column('policy_target_group_id', sa.String(length=36),
nullable=True),
sa.ForeignKeyConstraint(['policy_target_group_id'],
['gp_policy_target_groups.id'],
ondelete='CASCADE'),
sa.PrimaryKeyConstraint('id'))
def downgrade():
op.drop_table('gp_endpoints')
op.drop_table('gp_endpoint_groups')
op.drop_table('gp_policy_targets')
op.drop_table('gp_policy_target_groups')
op.drop_table('gp_l2_policies')
op.drop_table('gp_l3_policies')

9
gbp/neutron/db/migration/alembic_migrations/versions/ceba6e091b2a_nsp_epg_ip_mapping.py
View File

@ -34,10 +34,11 @@ def upgrade(active_plugins=None, options=None):
'gpm_service_policy_ipaddress_mappings',
sa.Column('service_policy_id', sa.String(length=36), nullable=False),
sa.Column('ipaddress', sa.String(length=36)),
sa.Column('endpoint_group', sa.String(length=36)),
sa.PrimaryKeyConstraint('endpoint_group'),
sa.ForeignKeyConstraint(['endpoint_group'],
['gp_endpoint_groups.id'], ondelete='CASCADE'),
sa.Column('policy_target_group', sa.String(length=36)),
sa.PrimaryKeyConstraint('policy_target_group'),
sa.ForeignKeyConstraint(['policy_target_group'],
['gp_policy_target_groups.id'],
ondelete='CASCADE'),
sa.PrimaryKeyConstraint('service_policy_id'),
sa.ForeignKeyConstraint(['service_policy_id'],
['gp_network_service_policies.id'],

18
gbp/neutron/db/migration/alembic_migrations/versions/ebfd08bc4714_servicechain.py
View File

@ -60,16 +60,18 @@ def upgrade(active_plugins=None, options=None):
sa.Column('description', sa.String(length=255), nullable=True),
sa.Column('config_param_values', sa.String(length=4096),
nullable=True),
sa.Column('provider_epg', sa.String(length=36), nullable=True),
sa.Column('consumer_epg', sa.String(length=36), nullable=True),
sa.Column('provider_ptg', sa.String(length=36), nullable=True),
sa.Column('consumer_ptg', sa.String(length=36), nullable=True),
sa.Column('classifier', sa.String(length=36), nullable=True),
sa.Column('servicechain_spec', sa.String(length=36), nullable=True),
#FixMe(Magesh) Deletes the instances table itself !!!
#sa.ForeignKeyConstraint(['provider_epg'], ['gp_endpoint_groups.id'],
# ondelete='CASCADE'),
#sa.ForeignKeyConstraint(['consumer_epg'], ['gp_endpoint_groups.id'],
# ondelete='CASCADE'),
#sa.ForeignKeyConstraint(['classifier'], ['gp_policy_classifiers.id'],
# FixMe(Magesh) Deletes the instances table itself !!!
# sa.ForeignKeyConstraint(['provider_ptg'],
# ['gp_policy_target_groups.id'],
# ondelete='CASCADE'),
# sa.ForeignKeyConstraint(['consumer_ptg'],
# ['gp_policy_target_groups.id'],
# ondelete='CASCADE'),
# sa.ForeignKeyConstraint(['classifier'], ['gp_policy_classifiers.id'],
# ondelete='CASCADE'),
sa.ForeignKeyConstraint(['servicechain_spec'], ['sc_specs.id']),
sa.PrimaryKeyConstraint('id')

55
gbp/neutron/db/servicechain_db.py
View File

@ -33,9 +33,8 @@ MAX_IPV6_SUBNET_PREFIX_LENGTH = 127
class SpecNodeAssociation(model_base.BASEV2):
"""Models many to many providing relation between Specs and Nodes."""
__tablename__ = 'sc_spec_node_associations'
servicechain_spec = sa.Column(sa.String(36),
sa.ForeignKey('sc_specs.id'),
primary_key=True)
servicechain_spec = sa.Column(
sa.String(36), sa.ForeignKey('sc_specs.id'), primary_key=True)
node_id = sa.Column(sa.String(36),
sa.ForeignKey('sc_nodes.id'),
primary_key=True)
@ -61,18 +60,17 @@ class ServiceChainInstance(model_base.BASEV2, models_v2.HasId,
name = sa.Column(sa.String(50))
description = sa.Column(sa.String(255))
config_param_values = sa.Column(sa.String(4096))
servicechain_spec = sa.Column(sa.String(36),
sa.ForeignKey('sc_specs.id'),
nullable=True)
provider_epg = sa.Column(sa.String(36),
#FixMe(Magesh) Deletes the instances table itself
#sa.ForeignKey('gp_endpoint_groups.id'),
servicechain_spec = sa.Column(
sa.String(36), sa.ForeignKey('sc_specs.id'), nullable=True)
provider_ptg = sa.Column(sa.String(36),
# FixMe(Magesh) Deletes the instances table itself
# sa.ForeignKey('gp_policy_target_groups.id'),
nullable=True)
consumer_epg = sa.Column(sa.String(36),
#sa.ForeignKey('gp_endpoint_groups.id'),
consumer_ptg = sa.Column(sa.String(36),
# sa.ForeignKey('gp_policy_target_groups.id'),
nullable=True)
classifier = sa.Column(sa.String(36),
#sa.ForeignKey('gp_policy_classifiers.id'),
# sa.ForeignKey('gp_policy_classifiers.id'),
nullable=True)
@ -120,7 +118,7 @@ class ServiceChainDbPlugin(schain.ServiceChainPluginBase,
return self._get_by_id(context, ServiceChainInstance, instance_id)
except exc.NoResultFound:
raise schain.ServiceChainInstanceNotFound(
sc_instance_id=instance_id)
sc_instance_id=instance_id)
def _make_sc_node_dict(self, sc_node, fields=None):
res = {'id': sc_node['id'],
@ -147,8 +145,8 @@ class ServiceChainDbPlugin(schain.ServiceChainPluginBase,
'description': instance['description'],
'config_param_values': instance['config_param_values'],
'servicechain_spec': instance['servicechain_spec'],
'provider_epg': instance['provider_epg'],
'consumer_epg': instance['consumer_epg'],
'provider_ptg': instance['provider_ptg'],
'consumer_ptg': instance['consumer_ptg'],
'classifier': instance['classifier']}
return self._fields(res, fields)
@ -249,7 +247,7 @@ class ServiceChainDbPlugin(schain.ServiceChainPluginBase,
spec_db.config_param_names = str(config_params.keys())
else:
config_param_names = ast.literal_eval(
spec_db.config_param_names)
spec_db.config_param_names)
config_param_names.extend(config_params.keys())
spec_db.config_param_names = str(config_param_names)
@ -318,17 +316,14 @@ class ServiceChainDbPlugin(schain.ServiceChainPluginBase,
tenant_id = self._get_tenant_id_for_create(context, instance)
with context.session.begin(subtransactions=True):
instance_db = ServiceChainInstance(
id=uuidutils.generate_uuid(),
tenant_id=tenant_id,
name=instance['name'],
description=instance['description'],
config_param_values=instance[
'config_param_values'],
servicechain_spec=instance[
'servicechain_spec'],
provider_epg=instance['provider_epg'],
consumer_epg=instance['consumer_epg'],
classifier=instance['classifier'])
id=uuidutils.generate_uuid(),
tenant_id=tenant_id, name=instance['name'],
description=instance['description'],
config_param_values=instance['config_param_values'],
servicechain_spec=instance['servicechain_spec'],
provider_ptg=instance['provider_ptg'],
consumer_ptg=instance['consumer_ptg'],
classifier=instance['classifier'])
context.session.add(instance_db)
return self._make_sc_instance_dict(instance_db)
@ -338,8 +333,7 @@ class ServiceChainDbPlugin(schain.ServiceChainPluginBase,
instance = servicechain_instance['servicechain_instance']
with context.session.begin(subtransactions=True):
instance_db = self._get_servicechain_instance(
context,
servicechain_instance_id)
context, servicechain_instance_id)
instance_db.update(instance)
return self._make_sc_instance_dict(instance_db)
@ -347,8 +341,7 @@ class ServiceChainDbPlugin(schain.ServiceChainPluginBase,
def delete_servicechain_instance(self, context, servicechain_instance_id):
with context.session.begin(subtransactions=True):
instance_db = self._get_servicechain_instance(
context,
servicechain_instance_id)
context, servicechain_instance_id)
context.session.delete(instance_db)
@log.log

130
gbp/neutron/extensions/group_policy.py
View File

@ -40,12 +40,13 @@ LOG = logging.getLogger(__name__)
# Group Policy Exceptions
class EndpointNotFound(nexc.NotFound):
message = _("Endpoint %(endpoint_id)s could not be found")
class PolicyTargetNotFound(nexc.NotFound):
message = _("Policy Target %(policy_target_id)s could not be found")
class EndpointGroupNotFound(nexc.NotFound):
message = _("EndpointGroup %(endpoint_group_id)s could not be found")
class PolicyTargetGroupNotFound(nexc.NotFound):
message = _("Policy Target Group %(policy_target_group_id)s could not "
"be found")
class L2PolicyNotFound(nexc.NotFound):
@ -78,20 +79,20 @@ class PolicyRuleNotFound(nexc.NotFound):
message = _("PolicyRule %(policy_rule_id)s could not be found")
class ContractNotFound(nexc.NotFound):
message = _("Contract %(contract_id)s could not be found")
class PolicyRuleSetNotFound(nexc.NotFound):
message = _("Policy Rule Set %(policy_rule_set_id)s could not be found")
class BadContractRelationship(nexc.BadRequest):
message = _("Contract %(parent_id)s is an invalid parent for "
"%(child_id)s, make sure that child contract has no "
class BadPolicyRuleSetRelationship(nexc.BadRequest):
message = _("Policy Rule Set %(parent_id)s is an invalid parent for "
"%(child_id)s, make sure that child policy_rule_set has no "
"children, or that you are not creating a relationship loop")
class ThreeLevelContractHierarchyNotSupported(nexc.BadRequest):
message = _("Can't add children to contract %(contract_id)s "
"which already has a parent. Only one level of contract "
"hierarchy supported.")
class ThreeLevelPolicyRuleSetHierarchyNotSupported(nexc.BadRequest):
message = _("Can't add children to policy_rule_set %(policy_rule_set_id)s "
"which already has a parent. Only one level "
"of policy_rule_set hierarchy supported.")
class GroupPolicyInvalidPortValue(nexc.InvalidInput):
@ -229,19 +230,19 @@ attr.validators['type:port_range'] = _validate_port_range
attr.validators['type:network_service_params'] = _validate_network_svc_params
ENDPOINTS = 'endpoints'
ENDPOINT_GROUPS = 'endpoint_groups'
POLICY_TARGETS = 'policy_targets'
POLICY_TARGET_GROUPS = 'policy_target_groups'
L2_POLICIES = 'l2_policies'
L3_POLICIES = 'l3_policies'
POLICY_CLASSIFIERS = 'policy_classifiers'
POLICY_ACTIONS = 'policy_actions'
POLICY_RULES = 'policy_rules'
CONTRACTS = 'contracts'
POLICY_RULE_SETS = 'policy_rule_sets'
NETWORK_SERVICE_POLICIES = 'network_service_policies'
RESOURCE_ATTRIBUTE_MAP = {
ENDPOINTS: {
POLICY_TARGETS: {
'id': {'allow_post': False, 'allow_put': False,
'validate': {'type:uuid': None}, 'is_visible': True,
'primary_key': True},
@ -254,11 +255,11 @@ RESOURCE_ATTRIBUTE_MAP = {
'tenant_id': {'allow_post': True, 'allow_put': False,
'validate': {'type:string': None},
'required_by_policy': True, 'is_visible': True},
'endpoint_group_id': {'allow_post': True, 'allow_put': True,
'validate': {'type:uuid_or_none': None},
'required': True, 'is_visible': True},
'policy_target_group_id': {'allow_post': True, 'allow_put': True,
'validate': {'type:uuid_or_none': None},
'required': True, 'is_visible': True},
},
ENDPOINT_GROUPS: {
POLICY_TARGET_GROUPS: {
'id': {'allow_post': False, 'allow_put': False,
'validate': {'type:uuid': None}, 'is_visible': True,
'primary_key': True},
@ -271,21 +272,23 @@ RESOURCE_ATTRIBUTE_MAP = {
'tenant_id': {'allow_post': True, 'allow_put': False,
'validate': {'type:string': None},
'required_by_policy': True, 'is_visible': True},
'endpoints': {'allow_post': False, 'allow_put': False,
'validate': {'type:uuid_list': None},
'convert_to': attr.convert_none_to_empty_list,
'default': None, 'is_visible': True},
'policy_targets': {'allow_post': False, 'allow_put': False,
'validate': {'type:uuid_list': None},
'convert_to': attr.convert_none_to_empty_list,
'default': None, 'is_visible': True},
'l2_policy_id': {'allow_post': True, 'allow_put': True,
'validate': {'type:uuid_or_none': None},
'default': None, 'is_visible': True},
'provided_contracts': {'allow_post': True, 'allow_put': True,
'validate': {'type:dict_or_none': None},
'convert_to': attr.convert_none_to_empty_dict,
'default': None, 'is_visible': True},
'consumed_contracts': {'allow_post': True, 'allow_put': True,
'validate': {'type:dict_or_none': None},
'convert_to': attr.convert_none_to_empty_dict,
'default': None, 'is_visible': True},
'provided_policy_rule_sets': {'allow_post': True, 'allow_put': True,
'validate': {'type:dict_or_none': None},
'convert_to':
attr.convert_none_to_empty_dict,
'default': None, 'is_visible': True},
'consumed_policy_rule_sets': {'allow_post': True, 'allow_put': True,
'validate': {'type:dict_or_none': None},
'convert_to':
attr.convert_none_to_empty_dict,
'default': None, 'is_visible': True},
'network_service_policy_id': {'allow_post': True, 'allow_put': True,
'validate': {'type:uuid_or_none': None},
'default': None, 'is_visible': True},
@ -303,10 +306,10 @@ RESOURCE_ATTRIBUTE_MAP = {
'tenant_id': {'allow_post': True, 'allow_put': False,
'validate': {'type:string': None},
'required_by_policy': True, 'is_visible': True},
'endpoint_groups': {'allow_post': False, 'allow_put': False,
'validate': {'type:uuid_list': None},
'convert_to': attr.convert_none_to_empty_list,
'default': None, 'is_visible': True},
'policy_target_groups': {'allow_post': False, 'allow_put': False,
'validate': {'type:uuid_list': None},
'convert_to': attr.convert_none_to_empty_list,
'default': None, 'is_visible': True},
'l3_policy_id': {'allow_post': True, 'allow_put': True,
'validate': {'type:uuid_or_none': None},
'default': None, 'is_visible': True,
@ -420,7 +423,7 @@ RESOURCE_ATTRIBUTE_MAP = {
'validate': {'type:uuid_list': None},
'convert_to': attr.convert_none_to_empty_list},
},
CONTRACTS: {
POLICY_RULE_SETS: {
'id': {'allow_post': False, 'allow_put': False,
'validate': {'type:uuid': None},
'is_visible': True,
@ -439,10 +442,11 @@ RESOURCE_ATTRIBUTE_MAP = {
'parent_id': {'allow_post': False, 'allow_put': False,
'validate': {'type:uuid': None},
'is_visible': True},
'child_contracts': {'allow_post': True, 'allow_put': True,
'default': None, 'is_visible': True,
'validate': {'type:uuid_list': None},
'convert_to': attr.convert_none_to_empty_list},
'child_policy_rule_sets': {'allow_post': True, 'allow_put': True,
'default': None, 'is_visible': True,
'validate': {'type:uuid_list': None},
'convert_to':
attr.convert_none_to_empty_list},
'policy_rules': {'allow_post': True, 'allow_put': True,
'default': None, 'validate': {'type:uuid_list': None},
'convert_to': attr.convert_none_to_empty_list,
@ -461,10 +465,10 @@ RESOURCE_ATTRIBUTE_MAP = {
'tenant_id': {'allow_post': True, 'allow_put': False,
'validate': {'type:string': None},
'required_by_policy': True, 'is_visible': True},
'endpoint_groups': {'allow_post': False, 'allow_put': False,
'validate': {'type:uuid_list': None},
'convert_to': attr.convert_none_to_empty_list,
'default': None, 'is_visible': True},
'policy_target_groups': {'allow_post': False, 'allow_put': False,
'validate': {'type:uuid_list': None},
'convert_to': attr.convert_none_to_empty_list,
'default': None, 'is_visible': True},
'network_service_params': {'allow_post': True, 'allow_put': False,
'validate':
{'type:network_service_params': None},
@ -535,44 +539,45 @@ class GroupPolicyPluginBase(service_base.ServicePluginBase):
return 'Group Policy plugin'
@abc.abstractmethod
def get_endpoints(self, context, filters=None, fields=None):
def get_policy_targets(self, context, filters=None, fields=None):
pass
@abc.abstractmethod
def get_endpoint(self, context, endpoint_id, fields=None):
def get_policy_target(self, context, policy_target_id, fields=None):
pass
@abc.abstractmethod
def create_endpoint(self, context, endpoint):
def create_policy_target(self, context, policy_target):
pass
@abc.abstractmethod
def update_endpoint(self, context, endpoint_id, endpoint):
def update_policy_target(self, context, policy_target_id, policy_target):
pass
@abc.abstractmethod
def delete_endpoint(self, context, endpoint_id):
def delete_policy_target(self, context, policy_target_id):
pass
@abc.abstractmethod
def get_endpoint_groups(self, context, filters=None, fields=None):
def get_policy_target_groups(self, context, filters=None, fields=None):
pass
@abc.abstractmethod
def get_endpoint_group(self, context, endpoint_group_id, fields=None):
def get_policy_target_group(self, context, policy_target_group_id,
fields=None):
pass
@abc.abstractmethod
def create_endpoint_group(self, context, endpoint_group):
def create_policy_target_group(self, context, policy_target_group):
pass
@abc.abstractmethod
def update_endpoint_group(self, context, endpoint_group_id,
endpoint_group):
def update_policy_target_group(self, context, policy_target_group_id,
policy_target_group):
pass
@abc.abstractmethod
def delete_endpoint_group(self, context, endpoint_group_id):
def delete_policy_target_group(self, context, policy_target_group_id):
pass
@abc.abstractmethod
@ -701,21 +706,22 @@ class GroupPolicyPluginBase(service_base.ServicePluginBase):
pass
@abc.abstractmethod
def create_contract(self, context, contract):
def create_policy_rule_set(self, context, policy_rule_set):
pass
@abc.abstractmethod
def update_contract(self, context, contract_id, contract):
def update_policy_rule_set(self, context, policy_rule_set_id,
policy_rule_set):
pass
@abc.abstractmethod
def get_contracts(self, context, filters=None, fields=None):
def get_policy_rule_sets(self, context, filters=None, fields=None):
pass
@abc.abstractmethod
def get_contract(self, context, contract_id, fields=None):
def get_policy_rule_set(self, context, policy_rule_set_id, fields=None):
pass
@abc.abstractmethod
def delete_contract(self, context, contract_id):
def delete_policy_rule_set(self, context, policy_rule_set_id):
pass

4
gbp/neutron/extensions/group_policy_mapping.py
View File

@ -17,12 +17,12 @@ from gbp.neutron.extensions import group_policy as gp
# Extended attributes for Group Policy resource to map to Neutron constructs
EXTENDED_ATTRIBUTES_2_0 = {
gp.ENDPOINTS: {
gp.POLICY_TARGETS: {
'port_id': {'allow_post': True, 'allow_put': False,
'validate': {'type:uuid_or_none': None},
'is_visible': True, 'default': None},
},
gp.ENDPOINT_GROUPS: {
gp.POLICY_TARGET_GROUPS: {
'subnets': {'allow_post': True, 'allow_put': True,
'validate': {'type:uuid_list': None},
'convert_to': attr.convert_none_to_empty_list,

8
gbp/neutron/extensions/servicechain.py
View File

@ -149,11 +149,11 @@ RESOURCE_ATTRIBUTE_MAP = {
'validate': {'type:uuid_or_none': None},
'default': None, 'is_visible': True,
'required': True},
'provider_epg': {'allow_post': True, 'allow_put': False,
'provider_ptg': {'allow_post': True, 'allow_put': False,
'validate': {'type:uuid_or_none': None},
'is_visible': True, 'default': None,
'required': True},
'consumer_epg': {'allow_post': True, 'allow_put': False,
'consumer_ptg': {'allow_post': True, 'allow_put': False,
'validate': {'type:uuid_or_none': None},
'is_visible': True, 'default': None,
'required': True},
@ -162,8 +162,8 @@ RESOURCE_ATTRIBUTE_MAP = {
'is_visible': True, 'default': None,
'required': True},
'config_param_values': {'allow_post': True, 'allow_put': False,
'validate': {'type:string': None},
'default': "", 'is_visible': True},
'validate': {'type:string': None},
'default': "", 'is_visible': True},
},
}

2
gbp/neutron/plugins/ml2/drivers/grouppolicy/apic/driver.py
View File

@ -38,7 +38,7 @@ class APICMechanismGBPDriver(api.MechanismDriver):
# DHCP Ports are created implicitly by Neutron, need to inform GBP
if (context.current.get('device_owner') ==
n_constants.DEVICE_OWNER_DHCP):
self.apic_gbp.create_dhcp_endpoint_if_needed(
self.apic_gbp.create_dhcp_policy_target_if_needed(
context._plugin_context, context.current)
def update_port_postcommit(self, context):

19
gbp/neutron/services/grouppolicy/common/exceptions.py
View File

@ -38,16 +38,19 @@ class GroupPolicyBadRequest(exceptions.BadRequest, GroupPolicyException):
pass
class EndpointRequiresEndpointGroup(GroupPolicyBadRequest):
message = _("An endpoint group was not specified when creating endpoint.")
class PolicyTargetRequiresPolicyTargetGroup(GroupPolicyBadRequest):
message = _("An policy target group was not specified when "
"creating policy_target.")
class EndpointEndpointGroupUpdateNotSupported(GroupPolicyBadRequest):
message = _("Updating endpoint's endpoint group is not supported.")
class PolicyTargetGroupUpdateOfPolicyTargetNotSupported(GroupPolicyBadRequest):
message = _("Updating policy target group of policy target "
"is not supported.")
class EndpointGroupSubnetRemovalNotSupported(GroupPolicyBadRequest):
message = _("Removing a subnet from an endpoint group is not supported.")
class PolicyTargetGroupSubnetRemovalNotSupported(GroupPolicyBadRequest):
message = _("Removing a subnet from an policy target group is not "
"supported.")
class L3PolicyMultipleRoutersNotSupported(GroupPolicyBadRequest):
@ -62,5 +65,5 @@ class NoSubnetAvailable(exceptions.ResourceExhausted, GroupPolicyException):
message = _("No subnet is available from l3 policy's pool.")
class EndpointGroupInUse(GroupPolicyBadRequest):
message = _("Endpoint Group %(endpoint_group)s is in use")
class PolicyTargetGroupInUse(GroupPolicyBadRequest):
message = _("Policy Target Group %(policy_target_group)s is in use")

311
gbp/neutron/services/grouppolicy/drivers/cisco/apic/apic_mapping.py
View File

@ -32,10 +32,10 @@ from gbp.neutron.services.grouppolicy.drivers import resource_mapping as api
LOG = logging.getLogger(__name__)
class L2PolicyMultipleEndpointGroupNotSupportedOnApicDriver(
class L2PolicyMultiplePolicyTargetGroupNotSupportedOnApicDriver(
gpexc.GroupPolicyBadRequest):
message = _("An L2 policy can't have multiple endpoint groups on APIC "
"GBP driver.")
message = _("An L2 policy can't have multiple policy target groups on "
"APIC GBP driver.")
class RedirectActionNotSupportedOnApicDriver(gpexc.GroupPolicyBadRequest):
@ -108,48 +108,49 @@ class ApicMappingDriver(api.ResourceMappingDriver):
port_id = (kwargs.get('port_id') or
self._core_plugin._device_to_port_id(kwargs['device']))
port = self._core_plugin.get_port(context, port_id)
# retrieve EPG and network from a given Port
if not kwargs.get('endpoint'):
epg, network = self._port_to_epg_network(context, port,
# retrieve PTG and network from a given Port
if not kwargs.get('policy_target'):
ptg, network = self._port_to_ptg_network(context, port,
kwargs['host'])
if not epg:
if not ptg:
return
else:
ep = kwargs['endpoint']
epg = self.gbp_plugin.get_endpoint_group(context,
ep['endpoint_group_id'])
network = self._l2p_id_to_network(context, epg['l2_policy_id'])
pt = kwargs['policy_target']
ptg = self.gbp_plugin.get_policy_target_group(
context, pt['policy_target_group_id'])
network = self._l2p_id_to_network(context, ptg['l2_policy_id'])
return {'port_id': port_id,
'mac_address': port['mac_address'],
'epg_id': epg['id'],
'ptg_id': ptg['id'],
'segmentation_id': network[pn.SEGMENTATION_ID],
'network_type': network[pn.NETWORK_TYPE],
'l2_policy_id': epg['l2_policy_id'],
'l2_policy_id': ptg['l2_policy_id'],
'tenant_id': port['tenant_id'],
'host': port['binding:host_id']
}
def create_dhcp_endpoint_if_needed(self, plugin_context, port):
def create_dhcp_policy_target_if_needed(self, plugin_context, port):
session = plugin_context.session
if (self._port_is_owned(session, port['id'])):
# Nothing to do
return
# Retrieve EPG
# Retrieve PTG
filters = {'network_id': [port['network_id']]}
epgs = self.gbp_plugin.get_endpoint_groups(plugin_context,
filters=filters)
if epgs:
epg = epgs[0]
# Create Endpoint
attrs = {'endpoint':
ptgs = self.gbp_plugin.get_policy_target_groups(
plugin_context, filters=filters)
if ptgs:
ptg = ptgs[0]
# Create PolicyTarget
attrs = {'policy_target':
{'tenant_id': port['tenant_id'],
'name': 'dhcp-%s' % epg['id'],
'description': _("Implicitly created DHCP endpoint"),
'endpoint_group_id': epg['id'],
'name': 'dhcp-%s' % ptg['id'],
'description': _("Implicitly created DHCP policy "
"target"),
'policy_target_group_id': ptg['id'],
'port_id': port['id']}}
self.gbp_plugin.create_endpoint(plugin_context, attrs)
self.gbp_plugin.create_policy_target(plugin_context, attrs)
sg_id = self._ensure_default_security_group(plugin_context,
port['tenant_id'])
data = {'port': {'security_groups': [sg_id]}}
@ -188,42 +189,46 @@ class ApicMappingDriver(api.ResourceMappingDriver):
self.apic_manager.create_tenant_filter(policy_rule, owner=tenant,
**attrs)
def create_contract_postcommit(self, context):
def create_policy_rule_set_postcommit(self, context):
# Create APIC contract
tenant = self.name_mapper.tenant(context, context.current['tenant_id'])
contract = self.name_mapper.contract(context, context.current['id'])
contract = self.name_mapper.policy_rule_set(context,
context.current['id'])
with self.apic_manager.apic.transaction(None) as trs:
self.apic_manager.create_contract(contract, owner=tenant,
transaction=trs)
self._apply_contract_rules(context, context.current,
context.current['policy_rules'],
transaction=trs)
self.apic_manager.create_contract(
contract, owner=tenant, transaction=trs)
self._apply_policy_rule_set_rules(
context, context.current, context.current['policy_rules'],
transaction=trs)
def create_endpoint_postcommit(self, context):
def create_policy_target_postcommit(self, context):
# The path needs to be created at bind time, this will be taken
# care by the GBP ML2 apic driver.
super(ApicMappingDriver, self).create_endpoint_postcommit(context)
self._manage_endpoint_port(context._plugin_context, context.current)
super(ApicMappingDriver, self).create_policy_target_postcommit(context)
self._manage_policy_target_port(
context._plugin_context, context.current)
def create_endpoint_group_postcommit(self, context):
super(ApicMappingDriver, self).create_endpoint_group_postcommit(
def create_policy_target_group_postcommit(self, context):
super(ApicMappingDriver, self).create_policy_target_group_postcommit(
context)
tenant = self.name_mapper.tenant(context, context.current['tenant_id'])
l2_policy = self.name_mapper.l2_policy(context,
context.current['l2_policy_id'])
epg = self.name_mapper.endpoint_group(context, context.current['id'])
ptg = self.name_mapper.policy_target_group(context,
context.current['id'])
with self.apic_manager.apic.transaction(None) as trs:
self.apic_manager.ensure_epg_created(tenant, epg,
self.apic_manager.ensure_epg_created(tenant, ptg,
bd_name=l2_policy)
subnets = self._subnet_ids_to_objects(context._plugin_context,
context.current['subnets'])
self._manage_epg_subnets(context._plugin_context, context.current,
self._manage_ptg_subnets(context._plugin_context, context.current,
subnets, [], transaction=trs)
self._manage_epg_contracts(
self._manage_ptg_policy_rule_sets(
context._plugin_context, context.current,
context.current['provided_contracts'],
context.current['consumed_contracts'], [], [], transaction=trs)
context.current['provided_policy_rule_sets'],
context.current['consumed_policy_rule_sets'], [], [],
transaction=trs)
def create_l2_policy_postcommit(self, context):
super(ApicMappingDriver, self).create_l2_policy_postcommit(context)
@ -249,37 +254,39 @@ class ApicMappingDriver(api.ResourceMappingDriver):
context.current['id'])
self.apic_manager.delete_tenant_filter(policy_rule, owner=tenant)
def delete_contract_precommit(self, context):
def delete_policy_rule_set_precommit(self, context):
# Intercept Parent Call
pass
def delete_contract_postcommit(self, context):
def delete_policy_rule_set_postcommit(self, context):
# TODO(ivar): disassociate EPGs to avoid reference leak
tenant = self.name_mapper.tenant(context, context.current['tenant_id'])
contract = self.name_mapper.contract(context, context.current['id'])
self.apic_manager.delete_contract(contract, owner=tenant)
policy_rule_set = self.name_mapper.policy_rule_set(
context, context.current['id'])
self.apic_manager.delete_contract(policy_rule_set, owner=tenant)
def delete_endpoint_postcommit(self, context):
def delete_policy_target_postcommit(self, context):
port = self._core_plugin.get_port(context._plugin_context,
context.current['port_id'])
if port['binding:host_id']:
self.process_path_deletion(context._plugin_context, port,
endpoint=context.current)
policy_target=context.current)
# Delete Neutron's port
super(ApicMappingDriver, self).delete_endpoint_postcommit(context)
super(ApicMappingDriver, self).delete_policy_target_postcommit(context)
def delete_endpoint_group_postcommit(self, context):
def delete_policy_target_group_postcommit(self, context):
if context.current['subnets']:
subnets = self._subnet_ids_to_objects(context._plugin_context,
context.current['subnets'])
self._manage_epg_subnets(context._plugin_context, context.current,
self._manage_ptg_subnets(context._plugin_context, context.current,
[], subnets)
for subnet_id in context.current['subnets']:
self._cleanup_subnet(context._plugin_context, subnet_id, None)
tenant = self.name_mapper.tenant(context, context.current['tenant_id'])
epg = self.name_mapper.endpoint_group(context, context.current['id'])
ptg = self.name_mapper.policy_target_group(context,
context.current['id'])
self.apic_manager.delete_epg_for_network(tenant, epg)
self.apic_manager.delete_epg_for_network(tenant, ptg)
def delete_l2_policy_postcommit(self, context):
super(ApicMappingDriver, self).delete_l2_policy_postcommit(context)
@ -294,7 +301,7 @@ class ApicMappingDriver(api.ResourceMappingDriver):
self.apic_manager.ensure_context_deleted(tenant, l3_policy)
def update_endpoint_postcommit(self, context):
def update_policy_target_postcommit(self, context):
# TODO(ivar): redo binding procedure if the EPG is modified,
# not doable unless driver extension framework is in place
pass
@ -303,21 +310,29 @@ class ApicMappingDriver(api.ResourceMappingDriver):
# TODO(ivar): add support for action update on policy rules
raise PolicyRuleUpdateNotSupportedOnApicDriver()
def update_endpoint_group_postcommit(self, context):
def update_policy_target_group_postcommit(self, context):
# TODO(ivar): refactor parent to avoid code duplication
orig_provided_contracts = context.original['provided_contracts']
curr_provided_contracts = context.current['provided_contracts']
orig_consumed_contracts = context.original['consumed_contracts']
curr_consumed_contracts = context.current['consumed_contracts']
orig_provided_policy_rule_sets = context.original[
'provided_policy_rule_sets']
curr_provided_policy_rule_sets = context.current[
'provided_policy_rule_sets']
orig_consumed_policy_rule_sets = context.original[
'consumed_policy_rule_sets']
curr_consumed_policy_rule_sets = context.current[
'consumed_policy_rule_sets']
new_provided_contracts = list(set(curr_provided_contracts) -
set(orig_provided_contracts))
new_consumed_contracts = list(set(curr_consumed_contracts) -
set(orig_consumed_contracts))
removed_provided_contracts = list(set(orig_provided_contracts) -
set(curr_provided_contracts))
removed_consumed_contracts = list(set(orig_consumed_contracts) -
set(curr_consumed_contracts))
new_provided_policy_rule_sets = list(
set(curr_provided_policy_rule_sets) - set(
orig_provided_policy_rule_sets))
new_consumed_policy_rule_sets = list(
set(curr_consumed_policy_rule_sets) - set(
orig_consumed_policy_rule_sets))
removed_provided_policy_rule_sets = list(
set(orig_provided_policy_rule_sets) - set(
curr_provided_policy_rule_sets))
removed_consumed_policy_rule_sets = list(
set(orig_consumed_policy_rule_sets) - set(
curr_consumed_policy_rule_sets))
orig_subnets = context.original['subnets']
curr_subnets = context.current['subnets']
@ -325,67 +340,69 @@ class ApicMappingDriver(api.ResourceMappingDriver):
removed_subnets = list(set(orig_subnets) - set(curr_subnets))
with self.apic_manager.apic.transaction(None) as trs:
self._manage_epg_contracts(
self._manage_ptg_policy_rule_sets(
context._plugin_context, context.current,
new_provided_contracts, new_consumed_contracts,
removed_provided_contracts, removed_consumed_contracts,
transaction=trs)
new_provided_policy_rule_sets, new_consumed_policy_rule_sets,
removed_provided_policy_rule_sets,
removed_consumed_policy_rule_sets, transaction=trs)
new_subnets = self._subnet_ids_to_objects(
context._plugin_context, new_subnets)
removed_subnets = self._subnet_ids_to_objects(
context._plugin_context, removed_subnets)
self._manage_epg_subnets(context._plugin_context, context.current,
self._manage_ptg_subnets(context._plugin_context, context.current,
new_subnets, removed_subnets)
def process_subnet_changed(self, context, old, new):
if old['gateway_ip'] != new['gateway_ip']:
epg = self._subnet_to_epg(context, new['id'])
if epg:
ptg = self._subnet_to_ptg(context, new['id'])
if ptg:
# Is GBP owned, reflect on APIC
self._manage_epg_subnets(context, epg, [new], [old])
self._manage_ptg_subnets(context, ptg, [new], [old])
def process_port_changed(self, context, old, new):
# Port's EP can't change unless EP is deleted/created, therefore the
# binding will mostly be the same except for the host
if old['binding:host_id'] != new['binding:host_id']:
ep = self._port_id_to_ep(context, new['id'])
if ep:
pt = self._port_id_to_pt(context, new['id'])
if pt:
if old['binding:host_id']:
self.process_path_deletion(context, old)
self._manage_endpoint_port(context, ep)
self._manage_policy_target_port(context, pt)
def process_path_deletion(self, context, port, endpoint=None):
def process_path_deletion(self, context, port, policy_target=None):
port_details = self.get_gbp_details(
context, port_id=port['id'], host=port['binding:host_id'],
endpoint=endpoint)
policy_target=policy_target)
self._delete_path_if_last(context, port_details)
def _apply_contract_rules(self, context, contract, policy_rules,
transaction=None):
def _apply_policy_rule_set_rules(
self, context, policy_rule_set, policy_rules, transaction=None):
# TODO(ivar): refactor parent to avoid code duplication
if contract['parent_id']:
parent = context._plugin.get_contract(
context._plugin_context, contract['parent_id'])
if policy_rule_set['parent_id']:
parent = context._plugin.get_policy_rule_set(
context._plugin_context, policy_rule_set['parent_id'])
policy_rules = policy_rules & set(parent['policy_rules'])
# Don't add rules unallowed by the parent
self._manage_contract_rules(context, contract, policy_rules,
transaction=transaction)
self._manage_policy_rule_set_rules(
context, policy_rule_set, policy_rules, transaction=transaction)
def _remove_contract_rules(self, context, contract, policy_rules,
transaction=None):
self._manage_contract_rules(context, contract, policy_rules,
unset=True, transaction=transaction)
def _remove_policy_rule_set_rules(
self, context, policy_rule_set, policy_rules, transaction=None):
self._manage_policy_rule_set_rules(
context, policy_rule_set, policy_rules, unset=True,
transaction=transaction)
def _manage_contract_rules(self, context, contract, policy_rules,
unset=False, transaction=None):
def _manage_policy_rule_set_rules(
self, context, policy_rule_set, policy_rules, unset=False,
transaction=None):
# REVISIT(ivar): figure out what should be moved in apicapi instead
if policy_rules:
tenant = self.name_mapper.tenant(context,
context.current['tenant_id'])
contract = self.name_mapper.contract(context,
context.current['id'])
policy_rule_set = self.name_mapper.policy_rule_set(
context, context.current['id'])
in_dir = [g_const.GP_DIRECTION_BI, g_const.GP_DIRECTION_IN]
out_dir = [g_const.GP_DIRECTION_BI, g_const.GP_DIRECTION_OUT]
filters = {'id': policy_rules}
@ -395,20 +412,21 @@ class ApicMappingDriver(api.ResourceMappingDriver):
classifier = context._plugin.get_policy_classifier(
context._plugin_context, rule['policy_classifier_id'])
with self.apic_manager.apic.transaction(transaction) as trs:
mgr = self.apic_manager
if classifier['direction'] in in_dir:
# Contract and subject are the same thing in this case
self.apic_manager.manage_contract_subject_in_filter(
contract, contract, policy_rule, owner=tenant,
transaction=trs, unset=unset)
mgr.manage_contract_subject_in_filter(
policy_rule_set, policy_rule_set, policy_rule,
owner=tenant, transaction=trs, unset=unset)
if classifier['direction'] in out_dir:
# Contract and subject are the same thing in this case
self.apic_manager.manage_contract_subject_out_filter(
contract, contract, policy_rule, owner=tenant,
transaction=trs, unset=unset)
mgr.manage_contract_subject_out_filter(
policy_rule_set, policy_rule_set, policy_rule,
owner=tenant, transaction=trs, unset=unset)
@lockutils.synchronized('apic-portlock')
def _manage_endpoint_port(self, plugin_context, ep):
port = self._core_plugin.get_port(plugin_context, ep['port_id'])
def _manage_policy_target_port(self, plugin_context, pt):
port = self._core_plugin.get_port(plugin_context, pt['port_id'])
if port.get('binding:host_id'):
port_details = self.get_gbp_details(
plugin_context, port_id=port['id'],
@ -419,28 +437,28 @@ class ApicMappingDriver(api.ResourceMappingDriver):
plugin_context._plugin_context = plugin_context
tenant_id = self.name_mapper.tenant(plugin_context,
port['tenant_id'])
epg = self.name_mapper.endpoint_group(
plugin_context, port_details['epg_id'])
ptg = self.name_mapper.policy_target_group(
plugin_context, port_details['ptg_id'])
bd = self.name_mapper.l2_policy(
plugin_context, port_details['l2_policy_id'])
seg = port_details['segmentation_id']
# Create a static path attachment for the host/epg/switchport
with self.apic_manager.apic.transaction() as trs:
self.apic_manager.ensure_path_created_for_port(
tenant_id, epg, port['binding:host_id'], seg,
tenant_id, ptg, port['binding:host_id'], seg,
bd_name=bd,
transaction=trs)
def _manage_epg_contracts(self, plugin_context, epg, added_provided,
added_consumed, removed_provided,
removed_consumed, transaction=None):
def _manage_ptg_policy_rule_sets(
self, plugin_context, ptg, added_provided, added_consumed,
removed_provided, removed_consumed, transaction=None):
# TODO(ivar): change APICAPI to not expect a resource context
plugin_context._plugin = self.gbp_plugin
plugin_context._plugin_context = plugin_context
mapped_tenant = self.name_mapper.tenant(plugin_context,
epg['tenant_id'])
mapped_epg = self.name_mapper.endpoint_group(plugin_context,
epg['id'])
ptg['tenant_id'])
mapped_ptg = self.name_mapper.policy_target_group(plugin_context,
ptg['id'])
provided = [added_provided, removed_provided]
consumed = [added_consumed, removed_consumed]
methods = [self.apic_manager.set_contract_for_epg,
@ -448,24 +466,24 @@ class ApicMappingDriver(api.ResourceMappingDriver):
with self.apic_manager.apic.transaction(transaction) as trs:
for x in xrange(len(provided)):
for c in provided[x]:
c = self.name_mapper.contract(plugin_context, c)
methods[x](mapped_tenant, mapped_epg, c, provider=True,
c = self.name_mapper.policy_rule_set(plugin_context, c)
methods[x](mapped_tenant, mapped_ptg, c, provider=True,
transaction=trs)
for x in xrange(len(consumed)):
for c in consumed[x]:
c = self.name_mapper.contract(plugin_context, c)
methods[x](mapped_tenant, mapped_epg, c, provider=False,
c = self.name_mapper.policy_rule_set(plugin_context, c)
methods[x](mapped_tenant, mapped_ptg, c, provider=False,
transaction=trs)
def _manage_epg_subnets(self, plugin_context, epg, added_subnets,
def _manage_ptg_subnets(self, plugin_context, ptg, added_subnets,
removed_subnets, transaction=None):
# TODO(ivar): change APICAPI to not expect a resource context
plugin_context._plugin = self.gbp_plugin
plugin_context._plugin_context = plugin_context
mapped_tenant = self.name_mapper.tenant(plugin_context,
epg['tenant_id'])
ptg['tenant_id'])
mapped_l2p = self.name_mapper.l2_policy(plugin_context,
epg['l2_policy_id'])
ptg['l2_policy_id'])
subnets = [added_subnets, removed_subnets]
methods = [self.apic_manager.ensure_subnet_created_on_apic,
self.apic_manager.ensure_subnet_deleted_on_apic]
@ -483,10 +501,10 @@ class ApicMappingDriver(api.ResourceMappingDriver):
models.PortBinding.port_id != port_info['port_id']).count()
@lockutils.synchronized('apic-portlock')
def _delete_port_path(self, context, atenant_id, epg, port_info):
def _delete_port_path(self, context, atenant_id, ptg, port_info):
if not self._get_active_path_count(context, port_info):
self.apic_manager.ensure_path_deleted_for_port(
atenant_id, epg, port_info['host'])
atenant_id, ptg, port_info['host'])
def _delete_path_if_last(self, context, port_info):
if not self._get_active_path_count(context, port_info):
@ -495,8 +513,9 @@ class ApicMappingDriver(api.ResourceMappingDriver):
context._plugin_context = context
atenant_id = self.name_mapper.tenant(context,
port_info['tenant_id'])
epg = self.name_mapper.endpoint_group(context, port_info['epg_id'])
self._delete_port_path(context, atenant_id, epg, port_info)
ptg = self.name_mapper.policy_target_group(context,
port_info['ptg_id'])
self._delete_port_path(context, atenant_id, ptg, port_info)
def _ensure_default_security_group(self, context, tenant_id):
filters = {'name': ['gbp_apic_default'], 'tenant_id': [tenant_id]}
@ -522,10 +541,10 @@ class ApicMappingDriver(api.ResourceMappingDriver):
else:
return default_group[0]['id']
def _assoc_epg_sg_to_ep(self, context, ep_id, epg_id):
def _assoc_ptg_sg_to_pt(self, context, pt_id, ptg_id):
pass
def _handle_contracts(self, context):
def _handle_policy_rule_sets(self, context):
pass
def _gateway_ip(self, subnet):
@ -536,26 +555,26 @@ class ApicMappingDriver(api.ResourceMappingDriver):
return [x for x in self._core_plugin.get_subnets(
plugin_context, filters={'id': ids})]
def _port_to_epg_network(self, context, port, host=None):
epg = self._port_id_to_epg(context, port['id'])
if not epg:
def _port_to_ptg_network(self, context, port, host=None):
ptg = self._port_id_to_ptg(context, port['id'])
if not ptg:
# Not GBP port
return None, None
network = self._l2p_id_to_network(context, epg['l2_policy_id'])
return epg, network
network = self._l2p_id_to_network(context, ptg['l2_policy_id'])
return ptg, network
def _port_id_to_ep(self, context, port_id):
ep = (context.session.query(gpdb.EndpointMapping).
def _port_id_to_pt(self, context, port_id):
pt = (context.session.query(gpdb.PolicyTargetMapping).
filter_by(port_id=port_id).first())
if ep:
if pt:
db_utils = gpdb.GroupPolicyMappingDbPlugin()
return db_utils._make_endpoint_dict(ep)
return db_utils._make_policy_target_dict(pt)
def _port_id_to_epg(self, context, port_id):
ep = self._port_id_to_ep(context, port_id)
if ep:
return self.gbp_plugin.get_endpoint_group(
context, ep['endpoint_group_id'])
def _port_id_to_ptg(self, context, port_id):
pt = self._port_id_to_pt(context, port_id)
if pt:
return self.gbp_plugin.get_policy_target_group(
context, pt['policy_target_group_id'])
return
def _l2p_id_to_network(self, context, l2p_id):
@ -567,12 +586,12 @@ class ApicMappingDriver(api.ResourceMappingDriver):
context, filters={'network_id': [network_id]})
return l2ps[0] if l2ps else None
def _subnet_to_epg(self, context, subnet_id):
epg = (context.session.query(gpdb.EndpointGroupMapping).
join(gpdb.EndpointGroupMapping.subnets).
filter(gpdb.EndpointGroupSubnetAssociation.subnet_id ==
def _subnet_to_ptg(self, context, subnet_id):
ptg = (context.session.query(gpdb.PolicyTargetGroupMapping).
join(gpdb.PolicyTargetGroupMapping.subnets).
filter(gpdb.PTGToSubnetAssociation.subnet_id ==
subnet_id).
first())
if epg:
if ptg:
db_utils = gpdb.GroupPolicyMappingDbPlugin()
return db_utils._make_endpoint_group_dict(epg)
return db_utils._make_policy_target_group_dict(ptg)

36
gbp/neutron/services/grouppolicy/drivers/dummy_driver.py
View File

@ -22,51 +22,51 @@ class NoopDriver(api.PolicyDriver):
pass
@log.log
def create_endpoint_precommit(self, context):
def create_policy_target_precommit(self, context):
pass
@log.log
def create_endpoint_postcommit(self, context):
def create_policy_target_postcommit(self, context):
pass
@log.log
def update_endpoint_precommit(self, context):
def update_policy_target_precommit(self, context):
pass
@log.log
def update_endpoint_postcommit(self, context):
def update_policy_target_postcommit(self, context):
pass
@log.log
def delete_endpoint_precommit(self, context):
def delete_policy_target_precommit(self, context):
pass
@log.log
def delete_endpoint_postcommit(self, context):
def delete_policy_target_postcommit(self, context):
pass
@log.log
def create_endpoint_group_precommit(self, context):
def create_policy_target_group_precommit(self, context):
pass
@log.log
def create_endpoint_group_postcommit(self, context):
def create_policy_target_group_postcommit(self, context):
pass
@log.log
def update_endpoint_group_precommit(self, context):
def update_policy_target_group_precommit(self, context):
pass
@log.log
def update_endpoint_group_postcommit(self, context):
def update_policy_target_group_postcommit(self, context):
pass
@log.log
def delete_endpoint_group_precommit(self, context):
def delete_policy_target_group_precommit(self, context):
pass
@log.log
def delete_endpoint_group_postcommit(self, context):
def delete_policy_target_group_postcommit(self, context):
pass
@log.log
@ -214,25 +214,25 @@ class NoopDriver(api.PolicyDriver):
pass
@log.log
def create_contract_precommit(self, context):
def create_policy_rule_set_precommit(self, context):
pass
@log.log
def create_contract_postcommit(self, context):
def create_policy_rule_set_postcommit(self, context):
pass
@log.log
def update_contract_precommit(self, context):
def update_policy_rule_set_precommit(self, context):
pass
@log.log
def update_contract_postcommit(self, context):
def update_policy_rule_set_postcommit(self, context):
pass
@log.log
def delete_contract_precommit(self, context):
def delete_policy_rule_set_precommit(self, context):
pass
@log.log
def delete_contract_postcommit(self, context):
def delete_policy_rule_set_postcommit(self, context):
pass

12
gbp/neutron/services/grouppolicy/drivers/implicit_policy.py
View File

@ -33,13 +33,13 @@ opts = [
cfg.StrOpt('default_ip_pool',
default='172.16.0.0/12',
help=_("IP pool for implicitly created default L3 policies, "
"from which subnets are allocated for endpoint "
"from which subnets are allocated for policy target "
"groups.")),
cfg.IntOpt('default_subnet_prefix_length',
default=26,
help=_("Subnet prefix length for implicitly created default L3 "
"polices, controlling size of subnets allocated for "
"endpoint groups.")),
"policy target groups.")),
]
cfg.CONF.register_opts(opts, "group_policy_implicit_policy")
@ -69,7 +69,7 @@ class ImplicitPolicyDriver(api.PolicyDriver):
"""Implicit Policy driver for Group Policy plugin.
This driver ensures that the l2_policy_id attribute of
EndpointGroup references an L2Policy instance and that the
PolicyTargetGroup references an L2Policy instance and that the
l3_policy_id attribute of L2Policy references an L3Policy instance
when the default value of None is specified.
"""
@ -83,12 +83,12 @@ class ImplicitPolicyDriver(api.PolicyDriver):
self._default_subnet_prefix_length = gpip.default_subnet_prefix_length
@log.log
def create_endpoint_group_postcommit(self, context):
def create_policy_target_group_postcommit(self, context):
if not context.current['l2_policy_id']:
self._use_implicit_l2_policy(context)
@log.log
def update_endpoint_group_postcommit(self, context):
def update_policy_target_group_postcommit(self, context):
old_l2p_id = context.original['l2_policy_id']
new_l2p_id = context.current['l2_policy_id']
if old_l2p_id != new_l2p_id:
@ -97,7 +97,7 @@ class ImplicitPolicyDriver(api.PolicyDriver):
self._use_implicit_l2_policy(context)
@log.log
def delete_endpoint_group_postcommit(self, context):
def delete_policy_target_group_postcommit(self, context):
l2p_id = context.current['l2_policy_id']
self._cleanup_l2_policy(context, l2p_id)

94
gbp/neutron/services/grouppolicy/drivers/oneconvergence/nvsd_gbp_driver.py
View File

@ -12,10 +12,10 @@
# License for the specific language governing permissions and limitations
# under the License.
from gbp.neutron.services.grouppolicy.drivers.oneconvergence import\
nvsd_gbp_api
from gbp.neutron.services.grouppolicy.drivers import resource_mapping\
as res_map
from gbp.neutron.services.grouppolicy.drivers import (
resource_mapping as res_map)
from gbp.neutron.services.grouppolicy.drivers.oneconvergence import (
nvsd_gbp_api as api)
from neutron.common import exceptions as n_exc
from neutron.common import log
@ -30,52 +30,51 @@ class NvsdGbpDriver(res_map.ResourceMappingDriver):
This class inherits from ResourceMappingDriver and overrides the implicit
Subnet creation for an EndPointGroup. One Convergence NVSD only supports
REDIRECT to an L2 Service at present and the Provider and Consumer EPGs
REDIRECT to an L2 Service at present and the Provider and Consumer PTGs
have to be on the same network and subnet. Hence, One Convergence NVSD
Group Policy Driver creates only one default L2 Policy for a tenant.
Further, the EPGs do not have a one-to-one mapping to a subnet, but rather
multiple EPGs are mapped to one subnet. One Convergence NVSD maps an EPG to
Further, the PTGs do not have a one-to-one mapping to a subnet, but rather
multiple PTGs are mapped to one subnet. One Convergence NVSD maps an PTG to
a NVSD Port Group.
"""
def __init__(self):
self.nvsd_api = nvsd_gbp_api.NVSDServiceApi()
self.nvsd_api = api.NVSDServiceApi()
@log.log
def create_endpoint_postcommit(self, context):
super(NvsdGbpDriver, self).create_endpoint_postcommit(context)
def create_policy_target_postcommit(self, context):
super(NvsdGbpDriver, self).create_policy_target_postcommit(context)
try:
self.nvsd_api.create_endpoint(context._plugin_context,
context.current)
except Exception:
with excutils.save_and_reraise_exception():
super(NvsdGbpDriver, self).delete_endpoint_postcommit(context)
super(NvsdGbpDriver,
self).delete_policy_target_postcommit(context)
@log.log
def update_endpoint_postcommit(self, context):
def update_policy_target_postcommit(self, context):
self.nvsd_api.update_endpoint(context._plugin_context,
context.current)
@log.log
def delete_endpoint_postcommit(self, context):
def delete_policy_target_postcommit(self, context):
self.nvsd_api.delete_endpoint(context._plugin_context,
context.current['id'])
super(NvsdGbpDriver, self).delete_endpoint_postcommit(context)
super(NvsdGbpDriver, self).delete_policy_target_postcommit(context)
@log.log
def create_endpoint_group_precommit(self, context):
#Reuse the previously created implicit L2 Policy for the tenant
def create_policy_target_group_precommit(self, context):
# Reuse the previously created implicit L2 Policy for the tenant
if not context.current['l2_policy_id']:
l2ps = context._plugin.get_l2_policies(
context._plugin_context,
filters=({'description':
["Implicitly created L2 policy"],
"tenant_id": [
context.current['tenant_id']]}))
context._plugin_context,
filters=({'description': ["Implicitly created L2 policy"],
"tenant_id": [context.current['tenant_id']]}))
if l2ps:
context.set_l2_policy_id(l2ps[0]['id'])
@log.log
def create_endpoint_group_postcommit(self, context):
def create_policy_target_group_postcommit(self, context):
subnets = context.current['subnets']
if subnets:
l2p_id = context.current['l2_policy_id']
@ -91,26 +90,28 @@ class NvsdGbpDriver(res_map.ResourceMappingDriver):
self._use_implicit_subnet(context)
self.nvsd_api.create_endpointgroup(context._plugin_context,
context.current)
self._handle_contracts(context)
self._handle_policy_rule_sets(context)
@log.log
def update_endpoint_group_postcommit(self, context):
super(NvsdGbpDriver, self).update_endpoint_group_postcommit(context)
def update_policy_target_group_postcommit(self, context):
super(NvsdGbpDriver,
self).update_policy_target_group_postcommit(context)
self.nvsd_api.update_endpointgroup(context._plugin_context,
context.current)
@log.log
def delete_endpoint_group_precommit(self, context):
def delete_policy_target_group_precommit(self, context):
l2p_id = context.current['l2_policy_id']
epgs = context._plugin.get_endpoint_groups(
context._plugin_context, filters=({'l2_policy_id': [l2p_id]}))
for epg in epgs:
if epg['id'] != context.current['id']:
ptgs = context._plugin.get_policy_target_groups(
context._plugin_context,
filters=({'l2_policy_id': [l2p_id]}))
for ptg in ptgs:
if ptg['id'] != context.current['id']:
context.current['l2_policy_id'] = None
return
@log.log
def delete_endpoint_group_postcommit(self, context):
def delete_policy_target_group_postcommit(self, context):
try:
self._cleanup_redirect_action(context)
except Exception as err:
@ -122,7 +123,7 @@ class NvsdGbpDriver(res_map.ResourceMappingDriver):
for subnet_id in context.current['subnets']:
self._cleanup_subnet(context, subnet_id, router_id)
except Exception as err:
LOG.error(_("Cleanup of Endpoint group failed. "
LOG.error(_("Cleanup of Policy target group failed. "
"Error : %s"), err)
self.nvsd_api.delete_endpointgroup(context._plugin_context,
context.current['id'])
@ -158,24 +159,25 @@ class NvsdGbpDriver(res_map.ResourceMappingDriver):
pass
def _use_implicit_subnet(self, context):
#One Convergence NVSD does not support REDIRECT to a different Subnet
#at present. So restricting to use same subnet for a given L2 Policy
epgs = context._plugin.get_endpoint_groups(context._plugin_context,
filters=({'l2_policy_id':
[context.current['l2_policy_id']]}))
for epg in epgs:
if epg['subnets']:
context.add_subnet(epg['subnets'][0])
# One Convergence NVSD does not support REDIRECT to a different Subnet
# at present. So restricting to use same subnet for a given L2 Policy
ptgs = context._plugin.get_policy_target_groups(
context._plugin_context, filters=(
{'l2_policy_id': [context.current['l2_policy_id']]}))
for ptg in ptgs:
if ptg['subnets']:
context.add_subnet(ptg['subnets'][0])
return
#Create a new Subnet for first EPG using the L2 Policy
# Create a new Subnet for first PTG using the L2 Policy
super(NvsdGbpDriver, self)._use_implicit_subnet(context)
def _cleanup_subnet(self, context, subnet_id, router_id):
#Cleanup is performed only when the last EPG on subnet is removed
epgs = context._plugin.get_endpoint_groups(context._plugin_context)
for epg in epgs:
epg_subnets = epg['subnets']
if subnet_id in epg_subnets:
# Cleanup is performed only when the last PTG on subnet is removed
ptgs = context._plugin.get_policy_target_groups(
context._plugin_context)
for ptg in ptgs:
ptg_subnets = ptg['subnets']
if subnet_id in ptg_subnets:
return
super(NvsdGbpDriver, self)._cleanup_subnet(context._plugin_context,
subnet_id, router_id)

801
gbp/neutron/services/grouppolicy/drivers/resource_mapping.py
View File

File diff suppressed because it is too large Load Diff

74
gbp/neutron/services/grouppolicy/group_policy_context.py
View File

@ -20,59 +20,61 @@ class GroupPolicyContext(object):
self._plugin_context = plugin_context
class EndpointContext(GroupPolicyContext, api.EndpointContext):
class PolicyTargetContext(GroupPolicyContext, api.PolicyTargetContext):
def __init__(self, plugin, plugin_context, endpoint,
original_endpoint=None):
super(EndpointContext, self).__init__(plugin, plugin_context)
self._endpoint = endpoint
self._original_endpoint = original_endpoint
def __init__(self, plugin, plugin_context, policy_target,
original_policy_target=None):
super(PolicyTargetContext, self).__init__(plugin, plugin_context)
self._policy_target = policy_target
self._original_policy_target = original_policy_target
@property
def current(self):
return self._endpoint
return self._policy_target
@property
def original(self):
return self._original_endpoint
return self._original_policy_target
def set_port_id(self, port_id):
self._plugin._set_port_for_endpoint(
self._plugin_context, self._endpoint['id'], port_id)
self._endpoint['port_id'] = port_id
self._plugin._set_port_for_policy_target(
self._plugin_context, self._policy_target['id'], port_id)
self._policy_target['port_id'] = port_id
class EndpointGroupContext(GroupPolicyContext, api.EndpointGroupContext):
class PolicyTargetGroupContext(GroupPolicyContext,
api.PolicyTargetGroupContext):
def __init__(self, plugin, plugin_context, endpoint_group,
original_endpoint_group=None):
super(EndpointGroupContext, self).__init__(plugin, plugin_context)
self._endpoint_group = endpoint_group
self._original_endpoint_group = original_endpoint_group
def __init__(self, plugin, plugin_context, policy_target_group,
original_policy_target_group=None):
super(PolicyTargetGroupContext, self).__init__(plugin, plugin_context)
self._policy_target_group = policy_target_group
self._original_policy_target_group = original_policy_target_group
@property
def current(self):
return self._endpoint_group
return self._policy_target_group
@property
def original(self):
return self._original_endpoint_group
return self._original_policy_target_group
def set_l2_policy_id(self, l2_policy_id):
self._plugin._set_l2_policy_for_endpoint_group(
self._plugin_context, self._endpoint_group['id'], l2_policy_id)
self._endpoint_group['l2_policy_id'] = l2_policy_id
self._plugin._set_l2_policy_for_policy_target_group(
self._plugin_context, self._policy_target_group['id'],
l2_policy_id)
self._policy_target_group['l2_policy_id'] = l2_policy_id
def set_network_service_policy_id(self, network_service_policy_id):
nsp_id = network_service_policy_id
self._plugin._set_network_service_policy_for_endpoint_group(
self._plugin_context, self._endpoint_group['id'], nsp_id)
self._endpoint_group['network_service_policy_id'] = nsp_id
self._plugin._set_network_service_policy_for_policy_target_group(
self._plugin_context, self._policy_target_group['id'], nsp_id)
self._policy_target_group['network_service_policy_id'] = nsp_id
def add_subnet(self, subnet_id):
subnets = self._plugin._add_subnet_to_endpoint_group(
self._plugin_context, self._endpoint_group['id'], subnet_id)
self._endpoint_group['subnets'] = subnets
subnets = self._plugin._add_subnet_to_policy_target_group(
self._plugin_context, self._policy_target_group['id'], subnet_id)
self._policy_target_group['subnets'] = subnets
class L2PolicyContext(GroupPolicyContext, api.L2PolicyContext):
@ -194,18 +196,18 @@ class PolicyRuleContext(GroupPolicyContext, api.PolicyRuleContext):
return self._original_policy_rule
class ContractContext(GroupPolicyContext, api.ContractContext):
class PolicyRuleSetContext(GroupPolicyContext, api.PolicyRuleSetContext):
def __init__(self, plugin, plugin_context, contract,
original_contract=None):
super(ContractContext, self).__init__(plugin, plugin_context)
self._contract = contract
self._original_contract = original_contract
def __init__(self, plugin, plugin_context, policy_rule_set,
original_policy_rule_set=None):
super(PolicyRuleSetContext, self).__init__(plugin, plugin_context)
self._policy_rule_set = policy_rule_set
self._original_policy_rule_set = original_policy_rule_set
@property
def current(self):
return self._contract
return self._policy_rule_set
@property
def original(self):
return self._original_contract
return self._original_policy_rule_set

253
gbp/neutron/services/grouppolicy/group_policy_driver_api.py
View File

@ -16,100 +16,101 @@ import six
@six.add_metaclass(abc.ABCMeta)
class EndpointContext(object):
"""Context passed to policy engine for endpoint resource changes.
class PolicyTargetContext(object):
"""Context passed to policy engine for policy_target resource changes.
An EndpointContext instance wraps an endpoint resource. It provides
A PolicyTargetContext instance wraps a policy_target resource. It provides
helper methods for accessing other relevant information. Results
from expensive operations are cached for convenient access.
"""
@abc.abstractproperty
def current(self):
"""Return the current state of the endpoint.
"""Return the current state of the policy_target.
Return the current state of the endpoint, as defined by
GroupPolicyPlugin.create_endpoint.
Return the current state of the policy_target, as defined by
GroupPolicyPlugin.create_policy_target.
"""
pass
@abc.abstractproperty
def original(self):
"""Return the original state of the endpoint.
"""Return the original state of the policy_target.
Return the original state of the endpoint, prior to a call to
update_endpoint. Method is only valid within calls to
update_endpoint_precommit and update_endpoint_postcommit.
Return the original state of the policy_target, prior to a call to
update_policy_target. Method is only valid within calls to
update_policy_target_precommit and update_policy_target_postcommit.
"""
pass
@abc.abstractmethod
def set_port_id(self, port_id):
"""Set the port for the endpoint.
"""Set the port for the policy_target.
:param port_id: Port to which endpoint is mapped.
:param port_id: Port to which policy_target is mapped.
Set the neutron port to which the endpoint is mapped.
Set the neutron port to which the policy_target is mapped.
"""
pass
@six.add_metaclass(abc.ABCMeta)
class EndpointGroupContext(object):
"""Context passed to policy engine for endpoint_group resource changes.
class PolicyTargetGroupContext(object):
"""Context passed to policy engine for policy_target_group resource changes.
An EndpointContext instance wraps an endpoint_group resource. It provides
helper methods for accessing other relevant information. Results
PolicyTargetContext instance wraps a policy_target_group resource. It
provides helper methods for accessing other relevant information. Results
from expensive operations are cached for convenient access.
"""
@abc.abstractproperty
def current(self):
"""Return the current state of the endpoint_group.
"""Return the current state of the policy_target_group.
Return the current state of the endpoint_group, as defined by
GroupPolicyPlugin.create_endpoint_group.
Return the current state of the policy_target_group, as defined by
GroupPolicyPlugin.create_policy_target_group.
"""
pass
@abc.abstractproperty
def original(self):
"""Return the original state of the endpoint_group.
"""Return the original state of the policy_target_group.
Return the original state of the endpoint_group, prior to a call to
update_endpoint_group. Method is only valid within calls to
update_endpoint_group_precommit and update_endpoint_group_postcommit.
Return the original state of the policy_target_group, prior to a call
to update_policy_target_group. Method is only valid within calls to
update_policy_target_group_precommit and
update_policy_target_group_postcommit.
"""
pass
@abc.abstractmethod
def set_l2_policy_id(self, l2_policy_id):
"""Set the l2_policy for the endpoint_group.
"""Set the l2_policy for the policy_target_group.
:param l2_policy_id: l2_policy for the endpoint_group.
:param l2_policy_id: l2_policy for the policy_target_group.
Set the l2_policy for the endpoint_group.
Set the l2_policy for the policy_target_group.
"""
pass
@abc.abstractmethod
def set_network_service_policy_id(self, network_service_policy_id):
"""Set the network_service_policy for the endpoint_group.
"""Set the network_service_policy for the policy_target_group.
:param network_service_policy_id: network_service_policy for the epg.
:param network_service_policy_id: network_service_policy for the ptg.
Set the network_service_policy for the endpoint_group.
Set the network_service_policy for the policy_target_group.
"""
pass
@abc.abstractmethod
def add_subnet(self, subnet_id):
"""Add the subnet to the endpoint_group.
"""Add the subnet to the policy_target_group.
:param subnet_id: Subnet to which endpoint_group is mapped.
:param subnet_id: Subnet to which policy_target_group is mapped.
Add a neutron subnet to the set of subnets to which the
endpoint_group is mapped.
policy_target_group is mapped.
"""
pass
@ -242,7 +243,7 @@ class NetworkServicePolicyContext(object):
class PolicyClassifierContext(object):
"""Context passed to policy engine for policy_classifier resource changes.
An PolicyClassifierContext instance wraps an policy_classifier resource.
An PolicyClassifierContext instance wraps a policy_classifier resource.
It provides helper methods for accessing other relevant information.
Results from expensive operations are cached for convenient access.
"""
@ -272,7 +273,7 @@ class PolicyClassifierContext(object):
class PolicyActionContext(object):
"""Context passed to policy engine for policy_action resource changes.
An PolicyActionContext instance wraps an policy_action resource.
An PolicyActionContext instance wraps a policy_action resource.
It provides helper methods for accessing other relevant information.
Results from expensive operations are cached for convenient access.
"""
@ -301,7 +302,7 @@ class PolicyActionContext(object):
class PolicyRuleContext(object):
"""Context passed to policy engine for policy_rule resource changes.
An PolicyRuleContext instance wraps an policy_rule resource.
An PolicyRuleContext instance wraps a policy_rule resource.
It provides helper methods for accessing other relevant information.
Results from expensive operations are cached for convenient access.
"""
@ -328,30 +329,30 @@ class PolicyRuleContext(object):
@six.add_metaclass(abc.ABCMeta)
class ContractContext(object):
"""Context passed to policy engine for changes to contract resources.
class PolicyRuleSetContext(object):
"""Context passed to policy engine for changes to policy_rule_set resources.
An ContractContext instance wraps an contract resource. It provides
helper methods for accessing other relevant information. Results
PolicyRuleSetContext instance wraps a policy_rule_set resource. It
provides helper methods for accessing other relevant information. Results
from expensive operations are cached for convenient access.
"""
@abc.abstractproperty
def current(self):
"""Return the current state of the contract.
"""Return the current state of the policy_rule_set.
Return the current state of the contract, as defined by
GroupPolicyPlugin.create_contract.
Return the current state of the policy_rule_set, as defined by
GroupPolicyPlugin.create_policy_rule_set.
"""
pass
@abc.abstractproperty
def original(self):
"""Return the original state of the contract.
"""Return the original state of the policy_rule_set.
Return the original state of the contract, prior to a call to
update_contract. Method is only valid within calls to
update_contract_precommit and update_contract_postcommit.
Return the original state of the policy_rule_set, prior to a call to
update_policy_rule_set. Method is only valid within calls to
update_policy_rule_set_precommit and update_policy_rule_set_postcommit.
"""
pass
@ -388,103 +389,105 @@ class PolicyDriver(object):
"""
pass
def create_endpoint_precommit(self, context):
"""Allocate resources for a new endpoint.
def create_policy_target_precommit(self, context):
"""Allocate resources for a new policy_target.
:param context: EndpointContext instance describing the new
endpoint.
:param context: PolicyTargetContext instance describing the new
policy_target.
"""
pass
def create_endpoint_postcommit(self, context):
"""Create a endpoint.
def create_policy_target_postcommit(self, context):
"""Create a policy_target.
:param context: EndpointContext instance describing the new
endpoint.
:param context: PolicyTargetContext instance describing the new
policy_target.
"""
pass
def update_endpoint_precommit(self, context):
"""Update resources of a endpoint.
def update_policy_target_precommit(self, context):
"""Update resources of a policy_target.
:param context: EndpointContext instance describing the new
state of the endpoint, as well as the original state prior
to the update_endpoint call.
:param context: PolicyTargetContext instance describing the new
state of the policy_target, as well as the original state prior
to the update_policy_target call.
"""
pass
def update_endpoint_postcommit(self, context):
"""Update a endpoint.
def update_policy_target_postcommit(self, context):
"""Update a policy_target.
:param context: EndpointContext instance describing the new
state of the endpoint, as well as the original state prior
to the update_endpoint call.
:param context: PolicyTargetContext instance describing the new
state of the policy_target, as well as the original state prior
to the update_policy_target call.
"""
pass
def delete_endpoint_precommit(self, context):
"""Delete resources for a endpoint.
def delete_policy_target_precommit(self, context):
"""Delete resources for a policy_target.
:param context: EndpointContext instance describing the current
state of the endpoint, prior to the call to delete it.
:param context: PolicyTargetContext instance describing the current
state of the policy_target, prior to the call to delete it.
"""
pass
def delete_endpoint_postcommit(self, context):
"""Delete a endpoint.
def delete_policy_target_postcommit(self, context):
"""Delete a policy_target.
:param context: EndpointContext instance describing the current
state of the endpoint, prior to the call to delete it.
:param context: PolicyTargetContext instance describing the current
state of the policy_target, prior to the call to delete it.
"""
pass
def create_endpoint_group_precommit(self, context):
"""Allocate resources for a new endpoint_group.
def create_policy_target_group_precommit(self, context):
"""Allocate resources for a new policy_target_group.
:param context: EndpointGroupContext instance describing the new
endpoint_group.
:param context: PolicyTargetGroupContext instance describing the new
policy_target_group.
"""
pass
def create_endpoint_group_postcommit(self, context):
"""Create a endpoint_group.
def create_policy_target_group_postcommit(self, context):
"""Create a policy_target_group.
:param context: EndpointGroupContext instance describing the new
endpoint_group.
:param context: PolicyTargetGroupContext instance describing the new
policy_target_group.
"""
pass
def update_endpoint_group_precommit(self, context):
"""Update resources of a endpoint_group.
def update_policy_target_group_precommit(self, context):
"""Update resources of a policy_target_group.
:param context: EndpointGroupContext instance describing the new
state of the endpoint_group, as well as the original state prior
to the update_endpoint_group call.
:param context: PolicyTargetGroupContext instance describing the new
state of the policy_target_group, as well as the original state prior
to the update_policy_target_group call.
"""
pass
def update_endpoint_group_postcommit(self, context):
"""Update a endpoint_group.
def update_policy_target_group_postcommit(self, context):
"""Update a policy_target_group.
:param context: EndpointGroupContext instance describing the new
state of the endpoint_group, as well as the original state prior
to the update_endpoint_group call.
:param context: PolicyTargetGroupContext instance describing the new
state of the policy_target_group, as well as the original state prior
to the update_policy_target_group call.
"""
pass
def delete_endpoint_group_precommit(self, context):
"""Delete resources for a endpoint_group.
def delete_policy_target_group_precommit(self, context):
"""Delete resources for a policy_target_group.
:param context: EndpointGroupContext instance describing the current
state of the endpoint_group, prior to the call to delete it.
:param context: PolicyTargetGroupContext instance describing the
current state of the policy_target_group, prior to the call to delete
it.
"""
pass
def delete_endpoint_group_postcommit(self, context):
"""Delete a endpoint_group.
def delete_policy_target_group_postcommit(self, context):
"""Delete a policy_target_group.
:param context: EndpointGroupContext instance describing the current
state of the endpoint_group, prior to the call to delete it.
:param context: PolicyTargetGroupContext instance describing the
current state of the policy_target_group, prior to the call to delete
it.
"""
pass
@ -738,53 +741,53 @@ class PolicyDriver(object):
"""
pass
def create_contract_precommit(self, context):
"""Allocate resources for a new contract.
def create_policy_rule_set_precommit(self, context):
"""Allocate resources for a new policy_rule_set.
:param context: ContractContext instance describing the new
contract.
:param context: PolicyRuleSetContext instance describing the new
policy_rule_set.
"""
pass
def create_contract_postcommit(self, context):
"""Create a contract.
def create_policy_rule_set_postcommit(self, context):
"""Create a policy_rule_set.
:param context: ContractContext instance describing the new
contract.
:param context: PolicyRuleSetContext instance describing the new
policy_rule_set.
"""
pass
def update_contract_precommit(self, context):
"""Update resources of a contract.
def update_policy_rule_set_precommit(self, context):
"""Update resources of a policy_rule_set.
:param context: ContractContext instance describing the new
state of the contract, as well as the original state prior
to the update_contract call.
:param context: PolicyRuleSetContext instance describing the new
state of the policy_rule_set, as well as the original state prior
to the update_policy_rule_set call.
"""
pass
def update_contract_postcommit(self, context):
"""Update a contract.
def update_policy_rule_set_postcommit(self, context):
"""Update a policy_rule_set.
:param context: ContractContext instance describing the new
state of the contract, as well as the original state prior
to the update_contract call.
:param context: PolicyRuleSetContext instance describing the new
state of the policy_rule_set, as well as the original state prior
to the update_policy_rule_set call.
"""
pass
def delete_contract_precommit(self, context):
"""Delete resources for a contract.
def delete_policy_rule_set_precommit(self, context):
"""Delete resources for a policy_rule_set.
:param context: ContractContext instance describing the current
state of the contract, prior to the call to delete it.
:param context: PolicyRuleSetContext instance describing the current
state of the policy_rule_set, prior to the call to delete it.
"""
pass
def delete_contract_postcommit(self, context):
"""Delete a contract.
def delete_policy_rule_set_postcommit(self, context):
"""Delete a policy_rule_set.
:param context: ContractContext instance describing the current
state of the contract, prior to the call to delete it.
:param context: PolicyRuleSetContext instance describing the current
state of the policy_rule_set, prior to the call to delete it.
"""
pass

271
gbp/neutron/services/grouppolicy/plugin.py
View File

@ -39,134 +39,139 @@ class GroupPolicyPlugin(group_policy_mapping_db.GroupPolicyMappingDbPlugin):
self.policy_driver_manager.initialize()
@log.log
def create_endpoint(self, context, endpoint):
session = context.session
with session.begin(subtransactions=True):
result = super(GroupPolicyPlugin, self).create_endpoint(context,
endpoint)
policy_context = p_context.EndpointContext(self, context, result)
self.policy_driver_manager.create_endpoint_precommit(
policy_context)
try:
self.policy_driver_manager.create_endpoint_postcommit(
policy_context)
except gp_exc.GroupPolicyDriverError:
with excutils.save_and_reraise_exception():
LOG.error(_("create_endpoint_postcommit "
"failed, deleting endpoint '%s'"), result['id'])
self.delete_endpoint(context, result['id'])
return result
@log.log
def update_endpoint(self, context, endpoint_id, endpoint):
session = context.session
with session.begin(subtransactions=True):
original_endpoint = super(GroupPolicyPlugin,
self).get_endpoint(context, endpoint_id)
updated_endpoint = super(GroupPolicyPlugin,
self).update_endpoint(context,
endpoint_id,
endpoint)
policy_context = p_context.EndpointContext(
self, context, updated_endpoint,
original_endpoint=original_endpoint)
self.policy_driver_manager.update_endpoint_precommit(
policy_context)
self.policy_driver_manager.update_endpoint_postcommit(policy_context)
return updated_endpoint
@log.log
def delete_endpoint(self, context, endpoint_id):
session = context.session
with session.begin(subtransactions=True):
endpoint = self.get_endpoint(context, endpoint_id)
policy_context = p_context.EndpointContext(self, context, endpoint)
self.policy_driver_manager.delete_endpoint_precommit(
policy_context)
super(GroupPolicyPlugin, self).delete_endpoint(context,
endpoint_id)
try:
self.policy_driver_manager.delete_endpoint_postcommit(
policy_context)
except gp_exc.GroupPolicyDriverError:
with excutils.save_and_reraise_exception():
LOG.error(_("delete_endpoint_postcommit "
"failed, deleting contract '%s'"), endpoint_id)
@log.log
def create_endpoint_group(self, context, endpoint_group):
def create_policy_target(self, context, policy_target):
session = context.session
with session.begin(subtransactions=True):
result = super(GroupPolicyPlugin,
self).create_endpoint_group(context, endpoint_group)
policy_context = p_context.EndpointGroupContext(self, context,
result)
self.policy_driver_manager.create_endpoint_group_precommit(
self).create_policy_target(context, policy_target)
policy_context = p_context.PolicyTargetContext(self, context,
result)
self.policy_driver_manager.create_policy_target_precommit(
policy_context)
try:
self.policy_driver_manager.create_endpoint_group_postcommit(
self.policy_driver_manager.create_policy_target_postcommit(
policy_context)
except gp_exc.GroupPolicyDriverError:
with excutils.save_and_reraise_exception():
LOG.error(_("create_endpoint_group_postcommit "
"failed, deleting endpoint_group '%s'"),
LOG.error(_("create_policy_target_postcommit "
"failed, deleting policy_target '%s'"),
result['id'])
self.delete_endpoint_group(context, result['id'])
self.delete_policy_target(context, result['id'])
return result
@log.log
def update_endpoint_group(self, context, endpoint_group_id,
endpoint_group):
def update_policy_target(self, context, policy_target_id, policy_target):
session = context.session
with session.begin(subtransactions=True):
original_endpoint_group = super(GroupPolicyPlugin,
self).get_endpoint_group(
context, endpoint_group_id)
updated_endpoint_group = super(GroupPolicyPlugin,
self).update_endpoint_group(
context, endpoint_group_id,
endpoint_group)
policy_context = p_context.EndpointGroupContext(
self, context, updated_endpoint_group,
original_endpoint_group=original_endpoint_group)
self.policy_driver_manager.update_endpoint_group_precommit(
original_policy_target = super(
GroupPolicyPlugin, self).get_policy_target(context,
policy_target_id)
updated_policy_target = super(
GroupPolicyPlugin, self).update_policy_target(
context, policy_target_id, policy_target)
policy_context = p_context.PolicyTargetContext(
self, context, updated_policy_target,
original_policy_target=original_policy_target)
self.policy_driver_manager.update_policy_target_precommit(
policy_context)
self.policy_driver_manager.update_endpoint_group_postcommit(
self.policy_driver_manager.update_policy_target_postcommit(
policy_context)
return updated_endpoint_group
return updated_policy_target
@log.log
def delete_endpoint_group(self, context, endpoint_group_id):
def delete_policy_target(self, context, policy_target_id):
session = context.session
with session.begin(subtransactions=True):
endpoint_group = self.get_endpoint_group(context,
endpoint_group_id)
if endpoint_group['endpoints']:
raise gp_exc.EndpointGroupInUse(
endpoint_group=endpoint_group_id)
policy_context = p_context.EndpointGroupContext(self, context,
endpoint_group)
self.policy_driver_manager.delete_endpoint_group_precommit(
policy_target = self.get_policy_target(context, policy_target_id)
policy_context = p_context.PolicyTargetContext(
self, context, policy_target)
self.policy_driver_manager.delete_policy_target_precommit(
policy_context)
super(GroupPolicyPlugin, self).delete_endpoint_group(
context, endpoint_group_id)
super(GroupPolicyPlugin, self).delete_policy_target(
context, policy_target_id)
try:
self.policy_driver_manager.delete_endpoint_group_postcommit(
self.policy_driver_manager.delete_policy_target_postcommit(
policy_context)
except gp_exc.GroupPolicyDriverError:
with excutils.save_and_reraise_exception():
LOG.error(_("delete_endpoint_group_postcommit "
"failed, deleting endpoint_group '%s'"),
endpoint_group_id)
LOG.error(_("delete_policy_target_postcommit "
"failed, deleting policy_rule_set '%s'"),
policy_target_id)
@log.log
def create_policy_target_group(self, context, policy_target_group):
session = context.session
with session.begin(subtransactions=True):
result = super(GroupPolicyPlugin,
self).create_policy_target_group(
context, policy_target_group)
policy_context = p_context.PolicyTargetGroupContext(
self, context, result)
self.policy_driver_manager.create_policy_target_group_precommit(
policy_context)
try:
self.policy_driver_manager.create_policy_target_group_postcommit(
policy_context)
except gp_exc.GroupPolicyDriverError:
with excutils.save_and_reraise_exception():
LOG.error(_("create_policy_target_group_postcommit "
"failed, deleting policy_target_group '%s'"),
result['id'])
self.delete_policy_target_group(context, result['id'])
return result
@log.log
def update_policy_target_group(self, context, policy_target_group_id,
policy_target_group):
session = context.session
with session.begin(subtransactions=True):
original_policy_target_group = super(
GroupPolicyPlugin, self).get_policy_target_group(
context, policy_target_group_id)
updated_policy_target_group = super(
GroupPolicyPlugin, self).update_policy_target_group(
context, policy_target_group_id, policy_target_group)
policy_context = p_context.PolicyTargetGroupContext(
self, context, updated_policy_target_group,
original_policy_target_group=original_policy_target_group)
self.policy_driver_manager.update_policy_target_group_precommit(
policy_context)
self.policy_driver_manager.update_policy_target_group_postcommit(
policy_context)
return updated_policy_target_group
@log.log
def delete_policy_target_group(self, context, policy_target_group_id):
session = context.session
with session.begin(subtransactions=True):
policy_target_group = self.get_policy_target_group(
context, policy_target_group_id)
if policy_target_group['policy_targets']:
raise gp_exc.PolicyTargetGroupInUse(
policy_target_group=policy_target_group_id)
policy_context = p_context.PolicyTargetGroupContext(
self, context, policy_target_group)
self.policy_driver_manager.delete_policy_target_group_precommit(
policy_context)
super(GroupPolicyPlugin, self).delete_policy_target_group(
context, policy_target_group_id)
try:
self.policy_driver_manager.delete_policy_target_group_postcommit(
policy_context)
except gp_exc.GroupPolicyDriverError:
with excutils.save_and_reraise_exception():
LOG.error(_("delete_policy_target_group_postcommit "
"failed, deleting policy_target_group '%s'"),
policy_target_group_id)
@log.log
def create_l2_policy(self, context, l2_policy):
@ -255,8 +260,8 @@ class GroupPolicyPlugin(group_policy_mapping_db.GroupPolicyMappingDbPlugin):
return result
@log.log
def update_network_service_policy(
self, context, network_service_policy_id, network_service_policy):
def update_network_service_policy(self, context, network_service_policy_id,
network_service_policy):
session = context.session
with session.begin(subtransactions=True):
original_network_service_policy = super(
@ -557,58 +562,64 @@ class GroupPolicyPlugin(group_policy_mapping_db.GroupPolicyMappingDbPlugin):
" failed, deleting policy_rule '%s'"), id)
@log.log
def create_contract(self, context, contract):
def create_policy_rule_set(self, context, policy_rule_set):
session = context.session
with session.begin(subtransactions=True):
result = super(GroupPolicyPlugin, self).create_contract(context,
contract)
policy_context = p_context.ContractContext(self, context, result)
self.policy_driver_manager.create_contract_precommit(
result = super(GroupPolicyPlugin,
self).create_policy_rule_set(
context, policy_rule_set)
policy_context = p_context.PolicyRuleSetContext(
self, context, result)
self.policy_driver_manager.create_policy_rule_set_precommit(
policy_context)
try:
self.policy_driver_manager.create_contract_postcommit(
self.policy_driver_manager.create_policy_rule_set_postcommit(
policy_context)
except gp_exc.GroupPolicyDriverError:
with excutils.save_and_reraise_exception():
LOG.error(_("policy_driver_manager.create_contract_postcommit "
"failed, deleting contract '%s'"), result['id'])
self.delete_contract(context, result['id'])
LOG.error(_(
"policy_driver_manager.create_policy_rule_set_postcommit "
"failed, deleting policy_rule_set '%s'"), result['id'])
self.delete_policy_rule_set(context, result['id'])
return result
@log.log
def update_contract(self, context, id, contract):
def update_policy_rule_set(self, context, id, policy_rule_set):
session = context.session
with session.begin(subtransactions=True):
original_contract = super(GroupPolicyPlugin,
self).get_contract(context, id)
updated_contract = super(GroupPolicyPlugin,
self).update_contract(context, id,
contract)
policy_context = p_context.ContractContext(
self, context, updated_contract,
original_contract=original_contract)
self.policy_driver_manager.update_contract_precommit(
original_policy_rule_set = super(
GroupPolicyPlugin, self).get_policy_rule_set(context, id)
updated_policy_rule_set = super(
GroupPolicyPlugin, self).update_policy_rule_set(
context, id, policy_rule_set)
policy_context = p_context.PolicyRuleSetContext(
self, context, updated_policy_rule_set,
original_policy_rule_set=original_policy_rule_set)
self.policy_driver_manager.update_policy_rule_set_precommit(
policy_context)
self.policy_driver_manager.update_contract_postcommit(policy_context)
return updated_contract
self.policy_driver_manager.update_policy_rule_set_postcommit(
policy_context)
return updated_policy_rule_set
@log.log
def delete_contract(self, context, id):
def delete_policy_rule_set(self, context, id):
session = context.session
with session.begin(subtransactions=True):
contract = self.get_contract(context, id)
policy_context = p_context.ContractContext(self, context, contract)
self.policy_driver_manager.delete_contract_precommit(
policy_rule_set = self.get_policy_rule_set(context, id)
policy_context = p_context.PolicyRuleSetContext(
self, context, policy_rule_set)
self.policy_driver_manager.delete_policy_rule_set_precommit(
policy_context)
super(GroupPolicyPlugin, self).delete_contract(context, id)
super(GroupPolicyPlugin, self).delete_policy_rule_set(context, id)
try:
self.policy_driver_manager.delete_contract_postcommit(
self.policy_driver_manager.delete_policy_rule_set_postcommit(
policy_context)
except gp_exc.GroupPolicyDriverError:
with excutils.save_and_reraise_exception():
LOG.error(_("policy_driver_manager.delete_contract_postcommit "
"failed, deleting contract '%s'"), id)
LOG.error(_(
"policy_driver_manager.delete_policy_rule_set_postcommit "
"failed, deleting policy_rule_set '%s'"), id)

82
gbp/neutron/services/grouppolicy/policy_driver_manager.py
View File

@ -32,10 +32,10 @@ class PolicyDriverManager(stevedore.named.NamedExtensionManager):
resources.
precommit operation:
Notifies all policy drivers during endpoint creation.
Notifies all policy drivers during policy_target creation.
Raises neutron.services.grouppolicy.common.GroupPolicyDriverError
if any policy driver create_endpoint_precommit call fails.
if any policy driver create_policy_target_precommit call fails.
Called within the database transaction. If a policy driver
raises an exception, then a GroupPolicyDriverError is propogated
@ -43,14 +43,14 @@ class PolicyDriverManager(stevedore.named.NamedExtensionManager):
that all policy drivers are called in this case.
postcommit operation:
Notifies all policy drivers after endpoint creation.
Notifies all policy drivers after policy_target creation.
Raises neutron.services.grouppolicy.common.GroupPolicyDriverError
if any policy driver create_endpoint_postcommit call fails.
if any policy driver create_policy_target_postcommit call fails.
Called after the database transaction. If a policy driver
raises an exception, then a GroupPolicyDriverError is propagated
to the caller, where the endpoint will be deleted, triggering
to the caller, where the policy_target will be deleted, triggering
any required cleanup. There is no guarantee that all policy
drivers are called in this case.
"""
@ -134,42 +134,42 @@ class PolicyDriverManager(stevedore.named.NamedExtensionManager):
method=method_name
)
def create_endpoint_precommit(self, context):
self._call_on_drivers("create_endpoint_precommit", context)
def create_policy_target_precommit(self, context):
self._call_on_drivers("create_policy_target_precommit", context)
def create_endpoint_postcommit(self, context):
self._call_on_drivers("create_endpoint_postcommit", context)
def create_policy_target_postcommit(self, context):
self._call_on_drivers("create_policy_target_postcommit", context)
def update_endpoint_precommit(self, context):
self._call_on_drivers("update_endpoint_precommit", context)
def update_policy_target_precommit(self, context):
self._call_on_drivers("update_policy_target_precommit", context)
def update_endpoint_postcommit(self, context):
self._call_on_drivers("update_endpoint_postcommit", context)
def update_policy_target_postcommit(self, context):
self._call_on_drivers("update_policy_target_postcommit", context)
def delete_endpoint_precommit(self, context):
self._call_on_drivers("delete_endpoint_precommit", context)
def delete_policy_target_precommit(self, context):
self._call_on_drivers("delete_policy_target_precommit", context)
def delete_endpoint_postcommit(self, context):
self._call_on_drivers("delete_endpoint_postcommit", context,
def delete_policy_target_postcommit(self, context):
self._call_on_drivers("delete_policy_target_postcommit", context,
continue_on_failure=True)
def create_endpoint_group_precommit(self, context):
self._call_on_drivers("create_endpoint_group_precommit", context)
def create_policy_target_group_precommit(self, context):
self._call_on_drivers("create_policy_target_group_precommit", context)
def create_endpoint_group_postcommit(self, context):
self._call_on_drivers("create_endpoint_group_postcommit", context)
def create_policy_target_group_postcommit(self, context):
self._call_on_drivers("create_policy_target_group_postcommit", context)
def update_endpoint_group_precommit(self, context):
self._call_on_drivers("update_endpoint_group_precommit", context)
def update_policy_target_group_precommit(self, context):
self._call_on_drivers("update_policy_target_group_precommit", context)
def update_endpoint_group_postcommit(self, context):
self._call_on_drivers("update_endpoint_group_postcommit", context)
def update_policy_target_group_postcommit(self, context):
self._call_on_drivers("update_policy_target_group_postcommit", context)
def delete_endpoint_group_precommit(self, context):
self._call_on_drivers("delete_endpoint_group_precommit", context)
def delete_policy_target_group_precommit(self, context):
self._call_on_drivers("delete_policy_target_group_precommit", context)
def delete_endpoint_group_postcommit(self, context):
self._call_on_drivers("delete_endpoint_group_postcommit", context,
def delete_policy_target_group_postcommit(self, context):
self._call_on_drivers("delete_policy_target_group_postcommit", context,
continue_on_failure=True)
def create_l2_policy_precommit(self, context):
@ -292,21 +292,21 @@ class PolicyDriverManager(stevedore.named.NamedExtensionManager):
self._call_on_drivers("delete_policy_rule_postcommit", context,
continue_on_failure=True)
def create_contract_precommit(self, context):
self._call_on_drivers("create_contract_precommit", context)
def create_policy_rule_set_precommit(self, context):
self._call_on_drivers("create_policy_rule_set_precommit", context)
def create_contract_postcommit(self, context):
self._call_on_drivers("create_contract_postcommit", context)
def create_policy_rule_set_postcommit(self, context):
self._call_on_drivers("create_policy_rule_set_postcommit", context)
def update_contract_precommit(self, context):
self._call_on_drivers("update_contract_precommit", context)
def update_policy_rule_set_precommit(self, context):
self._call_on_drivers("update_policy_rule_set_precommit", context)
def update_contract_postcommit(self, context):
self._call_on_drivers("update_contract_postcommit", context)
def update_policy_rule_set_postcommit(self, context):
self._call_on_drivers("update_policy_rule_set_postcommit", context)
def delete_contract_precommit(self, context):
self._call_on_drivers("delete_contract_precommit", context)
def delete_policy_rule_set_precommit(self, context):
self._call_on_drivers("delete_policy_rule_set_precommit", context)
def delete_contract_postcommit(self, context):
self._call_on_drivers("delete_contract_postcommit", context,
def delete_policy_rule_set_postcommit(self, context):
self._call_on_drivers("delete_policy_rule_set_postcommit", context,
continue_on_failure=True)

18
gbp/neutron/services/servicechain/drivers/oneconvergence_servicechain_driver.py
View File

@ -44,12 +44,12 @@ class PendingServiceChainInsertions(object):
"""Encapsulates a ServiceChain Insertion Operation"""
def __init__(self, context, node_stacks, chain_instance_id,
provider_epg, consumer_epg, classifier):
provider_ptg, consumer_ptg, classifier):
self.context = context
self.node_stacks = node_stacks
self.chain_instance_id = chain_instance_id
self.provider_epg = provider_epg
self.consumer_epg = consumer_epg
self.provider_ptg = provider_ptg
self.consumer_ptg = consumer_ptg
self.classifier = classifier
@ -88,8 +88,8 @@ class OneconvergenceServiceChainDriver(simplechain_driver.SimpleChainDriver):
thread_context,
node_stacks,
context.current['id'],
context.current['provider_epg'],
context.current['consumer_epg'],
context.current['provider_ptg'],
context.current['consumer_ptg'],
context.current['classifier'])
eventlet.spawn_n(self._process_chain_processing, pendinginsertion)
@ -127,8 +127,8 @@ class OneconvergenceServiceChainDriver(simplechain_driver.SimpleChainDriver):
thread_context,
node_stacks,
context.current['id'],
context.current['provider_epg'],
context.current['consumer_epg'],
context.current['provider_ptg'],
context.current['consumer_ptg'],
context.current['classifier'])
eventlet.spawn_n(self._process_chain_processing, pendinginsertion)
@ -286,8 +286,8 @@ class OneconvergenceServiceChainDriver(simplechain_driver.SimpleChainDriver):
nvsd_action_list = self._create_nvsd_services_action(context,
service_ids)
left_group = pending_chain.consumer_epg
right_group = pending_chain.provider_epg
left_group = pending_chain.consumer_ptg
right_group = pending_chain.provider_ptg
classifier_id = pending_chain.classifier
if nvsd_action_list:
policy_id = self.create_nvsd_policy(context, left_group,

73
gbp/neutron/services/servicechain/drivers/simplechain_driver.py
View File

@ -84,7 +84,7 @@ class SimpleChainDriver(object):
def update_servicechain_spec_postcommit(self, context):
filters = {'servicechain_spec': [context.original['id']]}
sc_instances = context._plugin.get_servicechain_instances(
context._plugin_context, filters)
context._plugin_context, filters)
if sc_instances:
self._update_servicechain_instance(context,
sc_instances[0],
@ -122,7 +122,7 @@ class SimpleChainDriver(object):
new_spec_id = context.current.get('servicechain_spec')
if original_spec_id != new_spec_id:
newspec = context._plugin.get_servicechain_spec(
context._plugin_context, new_spec_id)
context._plugin_context, new_spec_id)
self._update_servicechain_instance(context, context.current,
newspec)
@ -135,17 +135,17 @@ class SimpleChainDriver(object):
self._delete_servicechain_instance_stacks(context._plugin_context,
context.current['id'])
def _get_epg(self, context, epg_id):
def _get_ptg(self, context, ptg_id):
return self._get_resource(self._grouppolicy_plugin,
context._plugin_context,
'endpoint_group',
epg_id)
'policy_target_group',
ptg_id)
def _get_ep(self, context, ep_id):
def _get_pt(self, context, pt_id):
return self._get_resource(self._grouppolicy_plugin,
context._plugin_context,
'endpoint',
ep_id)
'policy_target',
pt_id)
def _get_port(self, context, port_id):
return self._get_resource(self._core_plugin,
@ -153,17 +153,17 @@ class SimpleChainDriver(object):
'port',
port_id)
def _get_epg_subnet(self, context, epg_id):
epg = self._get_epg(context, epg_id)
return epg.get("subnets")[0]
def _get_ptg_subnet(self, context, ptg_id):
ptg = self._get_ptg(context, ptg_id)
return ptg.get("subnets")[0]
def _get_member_ips(self, context, epg_id):
epg = self._get_epg(context, epg_id)
ep_ids = epg.get("endpoints")
def _get_member_ips(self, context, ptg_id):
ptg = self._get_ptg(context, ptg_id)
pt_ids = ptg.get("policy_targets")
member_addresses = []
for ep_id in ep_ids:
ep = self._get_ep(context, ep_id)
port_id = ep.get("port_id")
for pt_id in pt_ids:
pt = self._get_pt(context, pt_id)
port_id = pt.get("port_id")
port = self._get_port(context, port_id)
ipAddress = port.get('fixed_ips')[0].get("ip_address")
member_addresses.append(ipAddress)
@ -172,7 +172,7 @@ class SimpleChainDriver(object):
def _fetch_template_and_params(self, context, sc_instance,
sc_spec, sc_node):
stack_template = sc_node.get('config')
#TODO(magesh):Raise an exception ??
# TODO(magesh):Raise an exception ??
if not stack_template:
LOG.error(_("Service Config is not defined for the service"
" chain Node"))
@ -180,33 +180,33 @@ class SimpleChainDriver(object):
stack_template = jsonutils.loads(stack_template)
config_param_values = sc_instance.get('config_param_values', {})
stack_params = {}
#config_param_values has the parameters for all Nodes. Only apply
#the ones relevant for this Node
# config_param_values has the parameters for all Nodes. Only apply
# the ones relevant for this Node
if config_param_values:
config_param_values = jsonutils.loads(config_param_values)
config_param_names = sc_spec.get('config_param_names', [])
if config_param_names:
config_param_names = ast.literal_eval(config_param_names)
#This service chain driver knows how to fill in two parameter values
#for the template at present.
#1)Subnet -> Provider EPG subnet is used
#2)PoolMemberIPs -> List of IP Addresses of all EPs in Provider EPG
# This service chain driver knows how to fill in two parameter values
# for the template at present.
# 1)Subnet -> Provider PTG subnet is used
# 2)PoolMemberIPs -> List of IP Addresses of all PTs in Provider PTG
#TODO(magesh):Process on the basis of ResourceType rather than Name
#eg: Type: OS::Neutron::PoolMember
#Variable number of pool members is not handled yet. We may have to
#dynamically modify the template json to achieve that
provider_epg = sc_instance.get("provider_epg")
# TODO(magesh):Process on the basis of ResourceType rather than Name
# eg: Type: OS::Neutron::PoolMember
# Variable number of pool members is not handled yet. We may have to
# dynamically modify the template json to achieve that
provider_ptg = sc_instance.get("provider_ptg")
for key in config_param_names or []:
if key == "PoolMemberIPs":
value = self._get_member_ips(context, provider_epg)
#TODO(Magesh):Return one value for now
value = self._get_member_ips(context, provider_ptg)
# TODO(Magesh):Return one value for now
if value:
value = value[0]
config_param_values[key] = value
elif key == "Subnet":
value = self._get_epg_subnet(context, provider_epg)
value = self._get_ptg_subnet(context, provider_ptg)
config_param_values[key] = value
node_params = (stack_template.get('Parameters')
or stack_template.get('parameters'))
@ -224,7 +224,7 @@ class SimpleChainDriver(object):
context._plugin_context, sc_node_id)
stack_template, stack_params = self._fetch_template_and_params(
context, sc_instance, sc_spec, sc_node)
context, sc_instance, sc_spec, sc_node)
stack = heatclient.create(
"stack_" + sc_instance['name'] + sc_node['name']
@ -232,8 +232,9 @@ class SimpleChainDriver(object):
stack_template,
stack_params)
self._insert_chain_stack_db(context._plugin_context.session,
sc_instance['id'], stack['stack']['id'])
self._insert_chain_stack_db(
context._plugin_context.session, sc_instance['id'],
stack['stack']['id'])
def _delete_servicechain_instance_stacks(self, context, instance_id):
stack_ids = self._get_chain_stacks(context.session, instance_id)
@ -245,7 +246,7 @@ class SimpleChainDriver(object):
def _get_instance_by_spec_id(self, context, spec_id):
filters = {'servicechain_spec': [spec_id]}
return context._plugin.get_servicechain_instances(
context._plugin_context, filters)
context._plugin_context, filters)
def _update_servicechain_instance(self, context, sc_instance, newspec):
self._delete_servicechain_instance_stacks(context._plugin_context,

460
gbp/neutron/tests/unit/db/grouppolicy/test_group_policy_db.py
View File

@ -58,28 +58,28 @@ class GroupPolicyDBTestBase(object):
self.assertEqual(sorted([i['id'] for i in res[resource_plural]]),
sorted([i[resource]['id'] for i in items]))
def _get_test_endpoint_attrs(self, name='ep1', description='test ep',
endpoint_group_id=None):
def _get_test_policy_target_attrs(
self, name='pt1', description='test pt', policy_target_group_id=None):
attrs = {'name': name, 'description': description,
'endpoint_group_id': endpoint_group_id,
'policy_target_group_id': policy_target_group_id,
'tenant_id': self._tenant_id}
return attrs
def _get_test_endpoint_group_attrs(self, name='epg1',
description='test epg',
l2_policy_id=None,
provided_contracts=None,
consumed_contracts=None):
pc_ids = cc_ids = []
if provided_contracts:
pc_ids = [pc_id for pc_id in provided_contracts]
if consumed_contracts:
cc_ids = [cc_id for cc_id in consumed_contracts]
def _get_test_policy_target_group_attrs(self, name='ptg1',
description='test ptg',
l2_policy_id=None,
provided_policy_rule_sets=None,
consumed_policy_rule_sets=None):
pprs_ids = cprs_ids = []
if provided_policy_rule_sets:
pprs_ids = [pprs_id for pprs_id in provided_policy_rule_sets]
if consumed_policy_rule_sets:
cprs_ids = [cc_id for cc_id in consumed_policy_rule_sets]
attrs = {'name': name, 'description': description,
'tenant_id': self._tenant_id, 'l2_policy_id': l2_policy_id,
'provided_contracts': pc_ids,
'consumed_contracts': cc_ids}
'provided_policy_rule_sets': pprs_ids,
'consumed_policy_rule_sets': cprs_ids}
return attrs
@ -145,63 +145,66 @@ class GroupPolicyDBTestBase(object):
return attrs
def _get_test_contract_attrs(self, name='contract1',
description='test contract',
child_contracts=None, policy_rules=None):
if not child_contracts:
child_contracts = []
def _get_test_prs_attrs(self, name='policy_rule_set1',
description='test policy_rule_set',
child_policy_rule_sets=None,
policy_rules=None):
if not child_policy_rule_sets:
child_policy_rule_sets = []
if not policy_rules:
policy_rules = []
attrs = {'name': name, 'description': description,
'tenant_id': self._tenant_id,
'child_contracts': child_contracts,
'child_policy_rule_sets': child_policy_rule_sets,
'policy_rules': policy_rules}
return attrs
def create_endpoint(self, endpoint_group_id=None,
expected_res_status=None, **kwargs):
defaults = {'name': 'ep1', 'description': 'test ep'}
def create_policy_target(self, policy_target_group_id=None,
expected_res_status=None, **kwargs):
defaults = {'name': 'pt1', 'description': 'test pt'}
defaults.update(kwargs)
data = {'endpoint': {'endpoint_group_id': endpoint_group_id,
'tenant_id': self._tenant_id}}
data['endpoint'].update(defaults)
data = {'policy_target':
{'policy_target_group_id': policy_target_group_id,
'tenant_id': self._tenant_id}}
data['policy_target'].update(defaults)
ep_req = self.new_create_request('endpoints', data, self.fmt)
ep_res = ep_req.get_response(self.ext_api)
pt_req = self.new_create_request('policy_targets', data, self.fmt)
pt_res = pt_req.get_response(self.ext_api)
if expected_res_status:
self.assertEqual(ep_res.status_int, expected_res_status)
elif ep_res.status_int >= webob.exc.HTTPClientError.code:
raise webob.exc.HTTPClientError(code=ep_res.status_int)
self.assertEqual(pt_res.status_int, expected_res_status)
elif pt_res.status_int >= webob.exc.HTTPClientError.code:
raise webob.exc.HTTPClientError(code=pt_res.status_int)
ep = self.deserialize(self.fmt, ep_res)
pt = self.deserialize(self.fmt, pt_res)
return ep
return pt
def create_endpoint_group(self, l2_policy_id=None,
expected_res_status=None, **kwargs):
defaults = {'name': 'epg1', 'description': 'test epg',
'provided_contracts': {},
'consumed_contracts': {}}
def create_policy_target_group(self, l2_policy_id=None,
expected_res_status=None, **kwargs):
defaults = {'name': 'ptg1', 'description': 'test ptg',
'provided_policy_rule_sets': {},
'consumed_policy_rule_sets': {}}
defaults.update(kwargs)
data = {'endpoint_group': {'tenant_id': self._tenant_id,
'l2_policy_id': l2_policy_id}}
data['endpoint_group'].update(defaults)
data = {'policy_target_group': {'tenant_id': self._tenant_id,
'l2_policy_id': l2_policy_id}}
data['policy_target_group'].update(defaults)
epg_req = self.new_create_request('endpoint_groups', data, self.fmt)
epg_res = epg_req.get_response(self.ext_api)
ptg_req = self.new_create_request(
'policy_target_groups', data, self.fmt)
ptg_res = ptg_req.get_response(self.ext_api)
if expected_res_status:
self.assertEqual(epg_res.status_int, expected_res_status)
elif epg_res.status_int >= webob.exc.HTTPClientError.code:
raise webob.exc.HTTPClientError(code=epg_res.status_int)
self.assertEqual(ptg_res.status_int, expected_res_status)
elif ptg_res.status_int >= webob.exc.HTTPClientError.code:
raise webob.exc.HTTPClientError(code=ptg_res.status_int)
epg = self.deserialize(self.fmt, epg_res)
ptg = self.deserialize(self.fmt, ptg_res)
return epg
return ptg
def create_l2_policy(self, l3_policy_id=None, expected_res_status=None,
**kwargs):
@ -333,26 +336,27 @@ class GroupPolicyDBTestBase(object):
return pr
def create_contract(self, expected_res_status=None, **kwargs):
defaults = {'name': 'contract1', 'description': 'test contract',
'child_contracts': [], 'policy_rules': []}
def create_policy_rule_set(self, expected_res_status=None, **kwargs):
defaults = {'name': 'policy_rule_set1',
'description': 'test policy_rule_set',
'child_policy_rule_sets': [], 'policy_rules': []}
defaults.update(kwargs)
kwargs = defaults
data = {'contract': {'tenant_id': self._tenant_id}}
data['contract'].update(kwargs)
data = {'policy_rule_set': {'tenant_id': self._tenant_id}}
data['policy_rule_set'].update(kwargs)
ct_req = self.new_create_request('contracts', data, self.fmt)
ct_res = ct_req.get_response(self.ext_api)
prs_req = self.new_create_request('policy_rule_sets', data, self.fmt)
prs_res = prs_req.get_response(self.ext_api)
if expected_res_status:
self.assertEqual(ct_res.status_int, expected_res_status)
elif ct_res.status_int >= webob.exc.HTTPClientError.code:
raise webob.exc.HTTPClientError(code=ct_res.status_int)
self.assertEqual(prs_res.status_int, expected_res_status)
elif prs_res.status_int >= webob.exc.HTTPClientError.code:
raise webob.exc.HTTPClientError(code=prs_res.status_int)
ct = self.deserialize(self.fmt, ct_res)
prs = self.deserialize(self.fmt, prs_res)
return ct
return prs
class GroupPolicyDBTestPlugin(gpdb.GroupPolicyDbPlugin):
@ -398,137 +402,147 @@ class TestGroupResources(GroupPolicyDbTestCase):
for k, v in attrs.iteritems():
self.assertEqual(res[resource][k], v)
def test_create_and_show_endpoint(self):
epg_id = self.create_endpoint_group()['endpoint_group']['id']
attrs = self._get_test_endpoint_attrs(endpoint_group_id=epg_id)
def test_create_and_show_policy_target(self):
ptg_id = self.create_policy_target_group()['policy_target_group']['id']
attrs = self._get_test_policy_target_attrs(
policy_target_group_id=ptg_id)
ep = self.create_endpoint(endpoint_group_id=epg_id)
pt = self.create_policy_target(policy_target_group_id=ptg_id)
for k, v in attrs.iteritems():
self.assertEqual(ep['endpoint'][k], v)
self.assertEqual(pt['policy_target'][k], v)
req = self.new_show_request('endpoint_groups', epg_id, fmt=self.fmt)
req = self.new_show_request(
'policy_target_groups', ptg_id, fmt=self.fmt)
res = self.deserialize(self.fmt, req.get_response(self.ext_api))
self.assertEqual(res['endpoint_group']['endpoints'],
[ep['endpoint']['id']])
self.assertEqual(res['policy_target_group']['policy_targets'],
[pt['policy_target']['id']])
self._test_show_resource('endpoint', ep['endpoint']['id'], attrs)
self._test_show_resource(
'policy_target', pt['policy_target']['id'], attrs)
def test_list_endpoints(self):
eps = [self.create_endpoint(name='ep1', description='ep'),
self.create_endpoint(name='ep2', description='ep'),
self.create_endpoint(name='ep3', description='ep')]
self._test_list_resources('endpoint', eps,
query_params='description=ep')
def test_list_policy_targets(self):
pts = [self.create_policy_target(name='pt1', description='pt'),
self.create_policy_target(name='pt2', description='pt'),
self.create_policy_target(name='pt3', description='pt')]
self._test_list_resources('policy_target', pts,
query_params='description=pt')
def test_update_endpoint(self):
name = 'new_endpoint'
def test_update_policy_target(self):
name = 'new_policy_target'
description = 'new desc'
attrs = self._get_test_endpoint_attrs(name=name,
description=description)
attrs = self._get_test_policy_target_attrs(name=name,
description=description)
ep = self.create_endpoint()
pt = self.create_policy_target()
data = {'endpoint': {'name': name, 'description': description}}
req = self.new_update_request('endpoints', data, ep['endpoint']['id'])
data = {'policy_target': {'name': name, 'description': description}}
req = self.new_update_request(
'policy_targets', data, pt['policy_target']['id'])
res = self.deserialize(self.fmt, req.get_response(self.ext_api))
for k, v in attrs.iteritems():
self.assertEqual(res['endpoint'][k], v)
self.assertEqual(res['policy_target'][k], v)
self._test_show_resource('endpoint', ep['endpoint']['id'], attrs)
self._test_show_resource(
'policy_target', pt['policy_target']['id'], attrs)
def test_delete_endpoint(self):
def test_delete_policy_target(self):
ctx = context.get_admin_context()
ep = self.create_endpoint()
ep_id = ep['endpoint']['id']
pt = self.create_policy_target()
pt_id = pt['policy_target']['id']
req = self.new_delete_request('endpoints', ep_id)
req = self.new_delete_request('policy_targets', pt_id)
res = req.get_response(self.ext_api)
self.assertEqual(res.status_int, webob.exc.HTTPNoContent.code)
self.assertRaises(gpolicy.EndpointNotFound, self.plugin.get_endpoint,
ctx, ep_id)
self.assertRaises(gpolicy.PolicyTargetNotFound,
self.plugin.get_policy_target, ctx, pt_id)
def test_create_and_show_endpoint_group(self):
name = "epg1"
def test_create_and_show_policy_target_group(self):
name = "ptg1"
l3p = self.create_l3_policy()
l3p_id = l3p['l3_policy']['id']
l2p = self.create_l2_policy(name=name, l3_policy_id=l3p_id)
l2p_id = l2p['l2_policy']['id']
provided_ct_id = self.create_contract()['contract']['id']
consumed_ct_id = self.create_contract()['contract']['id']
attrs = self._get_test_endpoint_group_attrs(name,
l2_policy_id=l2p_id,
provided_contracts=
[provided_ct_id],
consumed_contracts=
[consumed_ct_id])
provided_prs_id = (
self.create_policy_rule_set()['policy_rule_set']['id'])
consumed_prs_id = (
self.create_policy_rule_set()['policy_rule_set']['id'])
attrs = self._get_test_policy_target_group_attrs(
name, l2_policy_id=l2p_id,
provided_policy_rule_sets=[provided_prs_id],
consumed_policy_rule_sets=[consumed_prs_id])
epg = self.create_endpoint_group(name=name, l2_policy_id=l2p_id,
provided_contracts={provided_ct_id:
None},
consumed_contracts={consumed_ct_id:
None})
ptg = self.create_policy_target_group(
name=name, l2_policy_id=l2p_id,
provided_policy_rule_sets={provided_prs_id: None},
consumed_policy_rule_sets={consumed_prs_id: None})
for k, v in attrs.iteritems():
self.assertEqual(epg['endpoint_group'][k], v)
self.assertEqual(ptg['policy_target_group'][k], v)
self._test_show_resource('endpoint_group', epg['endpoint_group']['id'],
attrs)
self._test_show_resource(
'policy_target_group', ptg['policy_target_group']['id'], attrs)
def test_list_endpoint_groups(self):
epgs = [self.create_endpoint_group(name='epg1', description='epg'),
self.create_endpoint_group(name='epg2', description='epg'),
self.create_endpoint_group(name='epg3', description='epg')]
self._test_list_resources('endpoint_group', epgs,
query_params='description=epg')
def test_list_policy_target_groups(self):
ptgs = (
[self.create_policy_target_group(name='ptg1', description='ptg'),
self.create_policy_target_group(name='ptg2', description='ptg'),
self.create_policy_target_group(name='ptg3', description='ptg')])
self._test_list_resources('policy_target_group', ptgs,
query_params='description=ptg')
def test_update_endpoint_group(self):
name = "new_endpoint_group1"
def test_update_policy_target_group(self):
name = "new_policy_target_group1"
description = 'new desc'
l3p_id = self.create_l3_policy()['l3_policy']['id']
l2p_id = self.create_l2_policy(l3_policy_id=l3p_id)['l2_policy']['id']
attrs = self._get_test_endpoint_group_attrs(name=name,
description=description,
l2_policy_id=l2p_id)
ct1_id = self.create_contract(name='contract1')['contract']['id']
ct2_id = self.create_contract(name='contract2')['contract']['id']
epg = self.create_endpoint_group(consumed_contracts={ct1_id: 'scope'},
provided_contracts={ct2_id: 'scope'})
ct3_id = self.create_contract(name='contract3')['contract']['id']
ct4_id = self.create_contract(name='contract4')['contract']['id']
data = {'endpoint_group': {'name': name, 'description': description,
'l2_policy_id': l2p_id,
'provided_contracts': {ct3_id: 'scope'},
'consumed_contracts': {ct4_id: 'scope'}}}
req = self.new_update_request('endpoint_groups', data,
epg['endpoint_group']['id'])
attrs = self._get_test_policy_target_group_attrs(
name=name, description=description, l2_policy_id=l2p_id)
ct1_id = self.create_policy_rule_set(
name='policy_rule_set1')['policy_rule_set']['id']
ct2_id = self.create_policy_rule_set(
name='policy_rule_set2')['policy_rule_set']['id']
ptg = self.create_policy_target_group(
consumed_policy_rule_sets={ct1_id: 'scope'},
provided_policy_rule_sets={ct2_id: 'scope'})
ct3_id = self.create_policy_rule_set(
name='policy_rule_set3')['policy_rule_set']['id']
ct4_id = self.create_policy_rule_set(
name='policy_rule_set4')['policy_rule_set']['id']
data = {'policy_target_group':
{'name': name, 'description': description,
'l2_policy_id': l2p_id,
'provided_policy_rule_sets': {ct3_id: 'scope'},
'consumed_policy_rule_sets': {ct4_id: 'scope'}}}
req = self.new_update_request('policy_target_groups', data,
ptg['policy_target_group']['id'])
res = self.deserialize(self.fmt, req.get_response(self.ext_api))
attrs['provided_contracts'] = [ct3_id]
attrs['consumed_contracts'] = [ct4_id]
attrs['provided_policy_rule_sets'] = [ct3_id]
attrs['consumed_policy_rule_sets'] = [ct4_id]
for k, v in attrs.iteritems():
self.assertEqual(res['endpoint_group'][k], v)
self.assertEqual(res['policy_target_group'][k], v)
self._test_show_resource('endpoint_group',
epg['endpoint_group']['id'], attrs)
self._test_show_resource('policy_target_group',
ptg['policy_target_group']['id'], attrs)
def test_delete_endpoint_group(self):
def test_delete_policy_target_group(self):
ctx = context.get_admin_context()
epg = self.create_endpoint_group()
epg_id = epg['endpoint_group']['id']
ptg = self.create_policy_target_group()
ptg_id = ptg['policy_target_group']['id']
req = self.new_delete_request('endpoint_groups', epg_id)
req = self.new_delete_request('policy_target_groups', ptg_id)
res = req.get_response(self.ext_api)
self.assertEqual(res.status_int, webob.exc.HTTPNoContent.code)
self.assertRaises(gpolicy.EndpointGroupNotFound,
self.plugin.get_endpoint_group, ctx, epg_id)
self.assertRaises(gpolicy.PolicyTargetGroupNotFound,
self.plugin.get_policy_target_group, ctx, ptg_id)
def test_create_and_show_l2_policy(self):
l3p_id = self.create_l3_policy()['l3_policy']['id']
@ -920,26 +934,26 @@ class TestGroupResources(GroupPolicyDbTestCase):
self.assertRaises(gpolicy.PolicyRuleNotFound,
self.plugin.get_policy_rule, ctx, pr_id)
def test_create_and_show_contract(self):
name = "contract1"
attrs = self._get_test_contract_attrs(name=name)
def test_create_and_show_policy_rule_set(self):
name = "policy_rule_set1"
attrs = self._get_test_prs_attrs(name=name)
ct = self.create_contract(name=name)
prs = self.create_policy_rule_set(name=name)
for k, v in attrs.iteritems():
self.assertEqual(ct['contract'][k], v)
self.assertEqual(prs['policy_rule_set'][k], v)
req = self.new_show_request('contracts', ct['contract']['id'],
fmt=self.fmt)
req = self.new_show_request(
'policy_rule_sets', prs['policy_rule_set']['id'], fmt=self.fmt)
res = self.deserialize(self.fmt, req.get_response(self.ext_api))
for k, v in attrs.iteritems():
self.assertEqual(res['contract'][k], v)
self.assertEqual(res['policy_rule_set'][k], v)
self._test_show_resource('contract',
ct['contract']['id'], attrs)
self._test_show_resource('policy_rule_set',
prs['policy_rule_set']['id'], attrs)
def test_create_contract_with_multiple_rules_children(self, **kwargs):
def test_create_prs_with_multiple_rules_children(self, **kwargs):
policy_classifiers = [
self.create_policy_classifier()['policy_classifier']['id'],
self.create_policy_classifier()['policy_classifier']['id']]
@ -950,109 +964,119 @@ class TestGroupResources(GroupPolicyDbTestCase):
self.create_policy_rule(
policy_classifier_id=
policy_classifiers[1])['policy_rule']['id']])
child_contracts = sorted([self.create_contract()['contract']['id'],
self.create_contract()['contract']['id']])
attrs = self._get_test_contract_attrs(
policy_rules=policy_rules, child_contracts=child_contracts)
ct = self.create_contract(policy_rules=policy_rules,
child_contracts=child_contracts)
child_policy_rule_sets = sorted(
[self.create_policy_rule_set()['policy_rule_set']['id'],
self.create_policy_rule_set()['policy_rule_set']['id']])
attrs = self._get_test_prs_attrs(
policy_rules=policy_rules,
child_policy_rule_sets=child_policy_rule_sets)
prs = self.create_policy_rule_set(
policy_rules=policy_rules,
child_policy_rule_sets=child_policy_rule_sets)
req = self.new_show_request('contracts', ct['contract']['id'],
req = self.new_show_request('policy_rule_sets',
prs['policy_rule_set']['id'],
fmt=self.fmt)
res = self.deserialize(self.fmt, req.get_response(self.ext_api))
parent_id = res['contract']['id']
res['contract']['policy_rules'] = sorted(
res['contract']['policy_rules'])
res['contract']['child_contracts'] = sorted(
res['contract']['child_contracts'])
parent_id = res['policy_rule_set']['id']
res['policy_rule_set']['policy_rules'] = sorted(
res['policy_rule_set']['policy_rules'])
res['policy_rule_set']['child_policy_rule_sets'] = sorted(
res['policy_rule_set']['child_policy_rule_sets'])
for k, v in attrs.iteritems():
self.assertEqual(res['contract'][k], v)
self.assertEqual(res['policy_rule_set'][k], v)
req = self.new_show_request('contracts', child_contracts[0],
req = self.new_show_request('policy_rule_sets',
child_policy_rule_sets[0],
fmt=self.fmt)
c1 = self.deserialize(self.fmt, req.get_response(self.ext_api))
self.assertEqual(c1['contract']['parent_id'], parent_id)
req = self.new_show_request('contracts', child_contracts[1],
self.assertEqual(c1['policy_rule_set']['parent_id'], parent_id)
req = self.new_show_request('policy_rule_sets',
child_policy_rule_sets[1],
fmt=self.fmt)
c2 = self.deserialize(self.fmt, req.get_response(self.ext_api))
self.assertEqual(c2['contract']['parent_id'], parent_id)
self.assertEqual(c2['policy_rule_set']['parent_id'], parent_id)
def test_create_child_contract_fail(self, **kwargs):
self.create_contract(child_contracts=[
def test_create_child_prs_fail(self, **kwargs):
self.create_policy_rule_set(child_policy_rule_sets=[
'00000000-ffff-ffff-ffff-000000000000'],
expected_res_status=webob.exc.HTTPNotFound.code)
def test_list_contracts(self):
contracts = [
self.create_contract(name='ct1', description='ct'),
self.create_contract(name='ct2', description='ct'),
self.create_contract(name='ct3', description='ct')]
self._test_list_resources('contract', contracts,
def test_list_policy_rule_sets(self):
policy_rule_sets = [
self.create_policy_rule_set(name='ct1', description='ct'),
self.create_policy_rule_set(name='ct2', description='ct'),
self.create_policy_rule_set(name='ct3', description='ct')]
self._test_list_resources('policy_rule_set', policy_rule_sets,
query_params='description=ct')
def test_update_contract(self):
name = "new_contract"
def test_update_policy_rule_set(self):
name = "new_policy_rule_set"
description = 'new desc'
pc_id = self.create_policy_classifier()['policy_classifier']['id']
policy_rules = [self.create_policy_rule(
policy_classifier_id=pc_id)['policy_rule']['id']]
child_contracts = [self.create_contract()['contract']['id']]
ct = self.create_contract(child_contracts=child_contracts,
policy_rules=policy_rules)
child_contracts = [self.create_contract()['contract']['id']]
child_policy_rule_sets = [
self.create_policy_rule_set()['policy_rule_set']['id']]
prs = self.create_policy_rule_set(
child_policy_rule_sets=child_policy_rule_sets,
policy_rules=policy_rules)
child_policy_rule_sets = [
self.create_policy_rule_set()['policy_rule_set']['id']]
policy_rules = [self.create_policy_rule(
policy_classifier_id=pc_id)['policy_rule']['id']]
attrs = self._get_test_contract_attrs(
attrs = self._get_test_prs_attrs(
name=name, description=description, policy_rules=policy_rules,
child_contracts=child_contracts)
data = {'contract': {'name': name, 'description': description,
'policy_rules': policy_rules,
'child_contracts': child_contracts}}
child_policy_rule_sets=child_policy_rule_sets)
data = {'policy_rule_set':
{'name': name, 'description': description,
'policy_rules': policy_rules,
'child_policy_rule_sets': child_policy_rule_sets}}
req = self.new_update_request('contracts', data,
ct['contract']['id'])
req = self.new_update_request('policy_rule_sets', data,
prs['policy_rule_set']['id'])
res = self.deserialize(self.fmt, req.get_response(self.ext_api))
for k, v in attrs.iteritems():
self.assertEqual(res['contract'][k], v)
self.assertEqual(res['policy_rule_set'][k], v)
self._test_show_resource('contract',
ct['contract']['id'], attrs)
self._test_show_resource('policy_rule_set',
prs['policy_rule_set']['id'], attrs)
def test_delete_contract(self):
def test_delete_policy_rule_set(self):
ctx = context.get_admin_context()
ct = self.create_contract()
ct_id = ct['contract']['id']
prs = self.create_policy_rule_set()
prs_id = prs['policy_rule_set']['id']
req = self.new_delete_request('contracts', ct_id)
req = self.new_delete_request('policy_rule_sets', prs_id)
res = req.get_response(self.ext_api)
self.assertEqual(res.status_int, webob.exc.HTTPNoContent.code)
self.assertRaises(gpolicy.ContractNotFound,
self.plugin.get_contract, ctx, ct_id)
self.assertRaises(gpolicy.PolicyRuleSetNotFound,
self.plugin.get_policy_rule_set, ctx, prs_id)
def test_contract_one_hierarchy_children(self):
child = self.create_contract()['contract']
parent = self.create_contract(
child_contracts = [child['id']])['contract']
self.create_contract(
child_contracts = [parent['id']],
def test_prs_one_hierarchy_children(self):
child = self.create_policy_rule_set()['policy_rule_set']
parent = self.create_policy_rule_set(
child_policy_rule_sets=[child['id']])['policy_rule_set']
self.create_policy_rule_set(
child_policy_rule_sets=[parent['id']],
expected_res_status=webob.exc.HTTPBadRequest.code)
def test_contract_one_hierarchy_parent(self):
child = self.create_contract()['contract']
def test_prs_one_hierarchy_parent(self):
child = self.create_policy_rule_set()['policy_rule_set']
# parent
self.create_contract(
child_contracts = [child['id']])['contract']
nephew = self.create_contract()['contract']
data = {'contract': {'child_contracts': [nephew['id']]}}
req = self.new_update_request('contracts', data, child['id'])
self.create_policy_rule_set(
child_policy_rule_sets=[child['id']])['policy_rule_set']
nephew = self.create_policy_rule_set()['policy_rule_set']
data = {'policy_rule_set': {'child_policy_rule_sets': [nephew['id']]}}
req = self.new_update_request('policy_rule_sets', data, child['id'])
res = req.get_response(self.ext_api)
self.assertEqual(res.status_int, webob.exc.HTTPBadRequest.code)
def test_contract_parent_no_loop(self):
ct = self.create_contract()['contract']
data = {'contract': {'child_contracts': [ct['id']]}}
req = self.new_update_request('contracts', data, ct['id'])
def test_prs_parent_no_loop(self):
prs = self.create_policy_rule_set()['policy_rule_set']
data = {'policy_rule_set': {'child_policy_rule_sets': [prs['id']]}}
req = self.new_update_request('policy_rule_sets', data, prs['id'])
res = req.get_response(self.ext_api)
self.assertEqual(res.status_int, webob.exc.HTTPBadRequest.code)

76
gbp/neutron/tests/unit/db/grouppolicy/test_group_policy_mapping_db.py
View File

@ -50,24 +50,26 @@ class GroupPolicyMappingDbTestCase(tgpdb.GroupPolicyDbTestCase,
service_plugins=service_plugins
)
def _get_test_endpoint_attrs(self, name='ep1', description='test ep',
endpoint_group_id=None, port_id=None):
def _get_test_policy_target_attrs(self, name='pt1',
description='test pt',
policy_target_group_id=None,
port_id=None):
attrs = (super(GroupPolicyMappingDbTestCase, self).
_get_test_endpoint_attrs(name, description,
endpoint_group_id))
_get_test_policy_target_attrs(name, description,
policy_target_group_id))
attrs.update({'port_id': port_id})
return attrs
def _get_test_endpoint_group_attrs(self, name='epg1',
description='test epg',
l2_policy_id=None,
provided_contracts=None,
consumed_contracts=None, subnets=None):
def _get_test_policy_target_group_attrs(self, name='ptg1',
description='test ptg',
l2_policy_id=None,
provided_policy_rule_sets=None,
consumed_policy_rule_sets=None,
subnets=None):
attrs = (super(GroupPolicyMappingDbTestCase, self).
_get_test_endpoint_group_attrs(name, description,
l2_policy_id,
provided_contracts,
consumed_contracts))
_get_test_policy_target_group_attrs(
name, description, l2_policy_id,
provided_policy_rule_sets, consumed_policy_rule_sets))
attrs.update({'subnets': subnets or []})
return attrs
@ -97,62 +99,62 @@ class TestMappedGroupResources(GroupPolicyMappingDbTestCase,
class TestMappedGroupResourceAttrs(GroupPolicyMappingDbTestCase):
def test_create_delete_endpoint_with_port(self):
def test_create_delete_policy_target_with_port(self):
with self.port() as port:
port_id = port['port']['id']
ep = self.create_endpoint(port_id=port_id)
ep_id = ep['endpoint']['id']
self.assertEqual(port_id, ep['endpoint']['port_id'])
req = self.new_show_request('endpoints', ep_id, fmt=self.fmt)
pt = self.create_policy_target(port_id=port_id)
pt_id = pt['policy_target']['id']
self.assertEqual(port_id, pt['policy_target']['port_id'])
req = self.new_show_request('policy_targets', pt_id, fmt=self.fmt)
res = self.deserialize(self.fmt, req.get_response(self.ext_api))
self.assertEqual(port_id, res['endpoint']['port_id'])
req = self.new_delete_request('endpoints', ep_id)
self.assertEqual(port_id, res['policy_target']['port_id'])
req = self.new_delete_request('policy_targets', pt_id)
res = req.get_response(self.ext_api)
self.assertEqual(res.status_int, webob.exc.HTTPNoContent.code)
def test_create_delete_endpoint_group_with_subnets(self):
def test_create_delete_policy_target_group_with_subnets(self):
with contextlib.nested(self.subnet(cidr='10.10.1.0/24'),
self.subnet(cidr='10.10.2.0/24')) as (
subnet1, subnet2):
subnets = [subnet1['subnet']['id'], subnet2['subnet']['id']]
epg = self.create_endpoint_group(subnets=subnets)
epg_id = epg['endpoint_group']['id']
ptg = self.create_policy_target_group(subnets=subnets)
ptg_id = ptg['policy_target_group']['id']
self.assertEqual(sorted(subnets),
sorted(epg['endpoint_group']['subnets']))
req = self.new_show_request('endpoint_groups', epg_id,
sorted(ptg['policy_target_group']['subnets']))
req = self.new_show_request('policy_target_groups', ptg_id,
fmt=self.fmt)
res = self.deserialize(self.fmt, req.get_response(self.ext_api))
self.assertEqual(sorted(subnets),
sorted(res['endpoint_group']['subnets']))
req = self.new_delete_request('endpoint_groups', epg_id)
sorted(res['policy_target_group']['subnets']))
req = self.new_delete_request('policy_target_groups', ptg_id)
res = req.get_response(self.ext_api)
self.assertEqual(res.status_int, webob.exc.HTTPNoContent.code)
def test_update_endpoint_group_subnets(self):
def test_update_policy_target_group_subnets(self):
with contextlib.nested(self.subnet(cidr='10.10.1.0/24'),
self.subnet(cidr='10.10.2.0/24'),
self.subnet(cidr='10.10.3.0/24')) as (
subnet1, subnet2, subnet3):
orig_subnets = [subnet1['subnet']['id'], subnet2['subnet']['id']]
epg = self.create_endpoint_group(subnets=orig_subnets)
epg_id = epg['endpoint_group']['id']
ptg = self.create_policy_target_group(subnets=orig_subnets)
ptg_id = ptg['policy_target_group']['id']
self.assertEqual(sorted(orig_subnets),
sorted(epg['endpoint_group']['subnets']))
sorted(ptg['policy_target_group']['subnets']))
new_subnets = [subnet1['subnet']['id'], subnet3['subnet']['id']]
data = {'endpoint_group': {'subnets': new_subnets}}
req = self.new_update_request('endpoint_groups', data, epg_id)
data = {'policy_target_group': {'subnets': new_subnets}}
req = self.new_update_request('policy_target_groups', data, ptg_id)
res = self.deserialize(self.fmt, req.get_response(self.ext_api))
self.assertEqual(sorted(new_subnets),
sorted(res['endpoint_group']['subnets']))
req = self.new_show_request('endpoint_groups', epg_id,
sorted(res['policy_target_group']['subnets']))
req = self.new_show_request('policy_target_groups', ptg_id,
fmt=self.fmt)
res = self.deserialize(self.fmt, req.get_response(self.ext_api))
self.assertEqual(sorted(new_subnets),
sorted(res['endpoint_group']['subnets']))
sorted(res['policy_target_group']['subnets']))
# REVISIT(rkukura): Remove delete once subnet() context
# manager is replaced with a function that does not delete
# the resource(s) that are created.
req = self.new_delete_request('endpoint_groups', epg_id)
req = self.new_delete_request('policy_target_groups', ptg_id)
res = req.get_response(self.ext_api)
self.assertEqual(res.status_int, webob.exc.HTTPNoContent.code)

96
gbp/neutron/tests/unit/db/grouppolicy/test_servicechain_db.py
View File

@ -68,8 +68,8 @@ class ServiceChainDBTestBase(object):
return attrs
def _get_test_servicechain_spec_attrs(self, name='scs1',
description='test scs',
nodes=None):
description='test scs',
nodes=None):
node_ids = []
if nodes:
node_ids = [node_id for node_id in nodes]
@ -80,18 +80,18 @@ class ServiceChainDBTestBase(object):
return attrs
def _get_test_servicechain_instance_attrs(self, name='sci1',
description='test sci',
config_param_values="{}",
servicechain_spec=None,
provider_epg=None,
consumer_epg=None,
classifier=None):
description='test sci',
config_param_values="{}",
servicechain_spec=None,
provider_ptg=None,
consumer_ptg=None,
classifier=None):
attrs = {'name': name, 'description': description,
'tenant_id': self._tenant_id,
'config_param_values': config_param_values,
'servicechain_spec': servicechain_spec,
'provider_epg': provider_epg,
'consumer_epg': consumer_epg,
'provider_ptg': provider_ptg,
'consumer_ptg': consumer_ptg,
'classifier': classifier}
return attrs
@ -142,19 +142,19 @@ class ServiceChainDBTestBase(object):
def create_servicechain_instance(self, servicechain_spec=None,
config_param_values="{}",
provider_epg=None,
consumer_epg=None,
provider_ptg=None,
consumer_ptg=None,
classifier=None,
expected_res_status=None, **kwargs):
defaults = {'name': 'sci1', 'description': 'test sci'}
defaults.update(kwargs)
data = {'servicechain_instance': {
'config_param_values': config_param_values,
'servicechain_spec': servicechain_spec,
'tenant_id': self._tenant_id,
'provider_epg': provider_epg,
'consumer_epg': consumer_epg,
'classifier': classifier}}
data = {'servicechain_instance':
{'config_param_values': config_param_values,
'servicechain_spec': servicechain_spec,
'tenant_id': self._tenant_id,
'provider_ptg': provider_ptg,
'consumer_ptg': consumer_ptg,
'classifier': classifier}}
data['servicechain_instance'].update(defaults)
sci_req = self.new_create_request('servicechain_instances',
@ -181,7 +181,7 @@ DB_GP_PLUGIN_KLASS = (ServiceChainDBTestPlugin.__module__ + '.' +
class ServiceChainDbTestCase(ServiceChainDBTestBase,
test_db_plugin.NeutronDbPluginV2TestCase):
test_db_plugin.NeutronDbPluginV2TestCase):
def setUp(self, core_plugin=None, sc_plugin=None, service_plugins=None,
ext_mgr=None):
@ -216,10 +216,10 @@ class TestServiceChainResources(ServiceChainDbTestCase):
def test_create_and_show_servicechain_node(self):
attrs = self._get_test_servicechain_node_attrs(
service_type=constants.LOADBALANCER, config="config1")
service_type=constants.LOADBALANCER, config="config1")
scn = self.create_servicechain_node(
service_type=constants.LOADBALANCER, config="config1")
service_type=constants.LOADBALANCER, config="config1")
for k, v in attrs.iteritems():
self.assertEqual(scn['servicechain_node'][k], v)
@ -230,8 +230,8 @@ class TestServiceChainResources(ServiceChainDbTestCase):
def test_list_servicechain_nodes(self):
scns = [self.create_servicechain_node(name='scn1', description='scn'),
self.create_servicechain_node(name='scn2', description='scn'),
self.create_servicechain_node(name='scn3', description='scn')]
self.create_servicechain_node(name='scn2', description='scn'),
self.create_servicechain_node(name='scn3', description='scn')]
self._test_list_resources('servicechain_node', scns,
query_params='description=scn')
@ -327,22 +327,18 @@ class TestServiceChainResources(ServiceChainDbTestCase):
def test_create_and_show_servicechain_instance(self):
scs_id = self.create_servicechain_spec()['servicechain_spec']['id']
endpoint_group_id = uuidutils.generate_uuid()
policy_target_group_id = uuidutils.generate_uuid()
classifier_id = uuidutils.generate_uuid()
config_param_values = "{}"
attrs = self._get_test_servicechain_instance_attrs(
servicechain_spec=scs_id,
provider_epg=endpoint_group_id,
consumer_epg=endpoint_group_id,
classifier=classifier_id,
config_param_values=config_param_values)
servicechain_spec=scs_id, provider_ptg=policy_target_group_id,
consumer_ptg=policy_target_group_id, classifier=classifier_id,
config_param_values=config_param_values)
sci = self.create_servicechain_instance(
servicechain_spec=scs_id,
provider_epg=endpoint_group_id,
consumer_epg=endpoint_group_id,
classifier=classifier_id,
config_param_values=config_param_values)
servicechain_spec=scs_id, provider_ptg=policy_target_group_id,
consumer_ptg=policy_target_group_id, classifier=classifier_id,
config_param_values=config_param_values)
for k, v in attrs.iteritems():
self.assertEqual(sci['servicechain_instance'][k], v)
@ -355,11 +351,9 @@ class TestServiceChainResources(ServiceChainDbTestCase):
def test_list_servicechain_instances(self):
servicechain_instances = [self.create_servicechain_instance(
name='sci1', description='sci'),
self.create_servicechain_instance(name='sci2',
description='sci'),
self.create_servicechain_instance(name='sci3',
description='sci')]
name='sci1', description='sci'),
self.create_servicechain_instance(name='sci2', description='sci'),
self.create_servicechain_instance(name='sci3', description='sci')]
self._test_list_resources('servicechain_instance',
servicechain_instances,
query_params='description=sci')
@ -369,24 +363,18 @@ class TestServiceChainResources(ServiceChainDbTestCase):
description = 'new desc'
config_param_values = "{}"
scs_id = self.create_servicechain_spec()['servicechain_spec']['id']
provider_epg = uuidutils.generate_uuid()
consumer_epg = uuidutils.generate_uuid()
provider_ptg = uuidutils.generate_uuid()
consumer_ptg = uuidutils.generate_uuid()
classifier = uuidutils.generate_uuid()
attrs = self._get_test_servicechain_instance_attrs(
name=name,
description=description,
servicechain_spec=scs_id,
provider_epg=provider_epg,
consumer_epg=consumer_epg,
classifier=classifier,
config_param_values=config_param_values)
name=name, description=description, servicechain_spec=scs_id,
provider_ptg=provider_ptg, consumer_ptg=consumer_ptg,
classifier=classifier, config_param_values=config_param_values)
sci = self.create_servicechain_instance(
servicechain_spec=scs_id,
provider_epg=provider_epg,
consumer_epg=consumer_epg,
classifier=classifier,
config_param_values=config_param_values)
servicechain_spec=scs_id, provider_ptg=provider_ptg,
consumer_ptg=consumer_ptg, classifier=classifier,
config_param_values=config_param_values)
data = {'servicechain_instance': {'name': name,
'description': description,
'servicechain_spec': scs_id}}

234
gbp/neutron/tests/unit/services/grouppolicy/test_apic_mapping.py
View File

@ -29,7 +29,7 @@ from gbp.neutron.tests.unit.services.grouppolicy import test_grouppolicy_plugin
APIC_L2_POLICY = 'l2_policy'
APIC_L3_POLICY = 'l3_policy'
APIC_CONTRACT = 'contract'
APIC_ENDPOINT_GROUP = 'endpoint_group'
APIC_ENDPOINT_GROUP = 'policy_target_group'
APIC_POLICY_RULE = 'policy_rule'
CORE_PLUGIN = 'neutron.plugins.ml2.plugin.Ml2Plugin'
@ -68,10 +68,10 @@ class ApicMappingTestCase(
self.driver.name_mapper.tenant = echo
self.driver.name_mapper.l2_policy = echo
self.driver.name_mapper.l3_policy = echo
self.driver.name_mapper.contract = echo
self.driver.name_mapper.policy_rule_set = echo
self.driver.name_mapper.policy_rule = echo
self.driver.name_mapper.app_profile.return_value = mocked.APIC_AP
self.driver.name_mapper.endpoint_group = echo
self.driver.name_mapper.policy_target_group = echo
self.driver.apic_manager = mock.Mock(name_mapper=mock.Mock())
self.driver.apic_manager.apic.transaction = self.fake_transaction
@ -80,21 +80,23 @@ class ApicMappingTestCase(
return self.deserialize(self.fmt, req.get_response(api))
class TestEndpoint(ApicMappingTestCase):
class TestPolicyTarget(ApicMappingTestCase):
def test_endpoint_created_on_apic(self):
epg = self.create_endpoint_group()['endpoint_group']
subnet = self._get_object('subnets', epg['subnets'][0], self.api)
def test_policy_target_created_on_apic(self):
ptg = self.create_policy_target_group()['policy_target_group']
subnet = self._get_object('subnets', ptg['subnets'][0], self.api)
with self.port(subnet=subnet) as port:
self._bind_port_to_host(port['port']['id'], 'h1')
self.create_endpoint(epg['id'], port_id=port['port']['id'])
self.create_policy_target(ptg['id'], port_id=port['port']['id'])
mgr = self.driver.apic_manager
self.assertEqual(mgr.ensure_path_created_for_port.call_count, 1)
def test_endpoint_port_update_on_apic_none_to_host(self):
epg = self.create_endpoint_group(name="epg1")['endpoint_group']
ep = self.create_endpoint(endpoint_group_id=epg['id'])['endpoint']
port = self._get_object('ports', ep['port_id'], self.api)
def test_policy_target_port_update_on_apic_none_to_host(self):
ptg = self.create_policy_target_group(
name="ptg1")['policy_target_group']
pt = self.create_policy_target(
policy_target_group_id=ptg['id'])['policy_target']
port = self._get_object('ports', pt['port_id'], self.api)
port_up = self._bind_port_to_host(port['port']['id'], 'h1')
self.driver.process_port_changed(context.get_admin_context(),
@ -102,24 +104,26 @@ class TestEndpoint(ApicMappingTestCase):
mgr = self.driver.apic_manager
self.assertEqual(mgr.ensure_path_created_for_port.call_count, 1)
def test_endpoint_port_deleted_on_apic(self):
epg = self.create_endpoint_group()['endpoint_group']
subnet = self._get_object('subnets', epg['subnets'][0], self.api)
def test_policy_target_port_deleted_on_apic(self):
ptg = self.create_policy_target_group()['policy_target_group']
subnet = self._get_object('subnets', ptg['subnets'][0], self.api)
with self.port(subnet=subnet) as port:
self._bind_port_to_host(port['port']['id'], 'h1')
ep = self.create_endpoint(epg['id'], port_id=port['port']['id'])
self.new_delete_request('endpoints', ep['endpoint']['id'],
self.fmt).get_response(self.ext_api)
pt = self.create_policy_target(
ptg['id'], port_id=port['port']['id'])
self.new_delete_request(
'policy_targets', pt['policy_target']['id'],
self.fmt).get_response(self.ext_api)
mgr = self.driver.apic_manager
self.assertEqual(mgr.ensure_path_deleted_for_port.call_count, 1)
def test_endpoint_port_deleted_on_apic_host_to_host(self):
epg = self.create_endpoint_group()['endpoint_group']
subnet = self._get_object('subnets', epg['subnets'][0], self.api)
def test_policy_target_port_deleted_on_apic_host_to_host(self):
ptg = self.create_policy_target_group()['policy_target_group']
subnet = self._get_object('subnets', ptg['subnets'][0], self.api)
with self.port(subnet=subnet) as port:
# Create EP with bound port
port = self._bind_port_to_host(port['port']['id'], 'h1')
self.create_endpoint(epg['id'], port_id=port['port']['id'])
self.create_policy_target(ptg['id'], port_id=port['port']['id'])
# Change port binding and notify driver
port_up = self._bind_port_to_host(port['port']['id'], 'h2')
@ -132,16 +136,19 @@ class TestEndpoint(ApicMappingTestCase):
# Path deleted 1 time
self.assertEqual(mgr.ensure_path_deleted_for_port.call_count, 1)
def test_endpoint_port_not_deleted(self):
def test_policy_target_port_not_deleted(self):
# Create 2 EP same EPG same host bound
epg = self.create_endpoint_group(name="epg1")['endpoint_group']
ep1 = self.create_endpoint(endpoint_group_id=epg['id'])['endpoint']
self._bind_port_to_host(ep1['port_id'], 'h1')
ep2 = self.create_endpoint(endpoint_group_id=epg['id'])['endpoint']
self._bind_port_to_host(ep2['port_id'], 'h1')
ptg = self.create_policy_target_group(
name="ptg1")['policy_target_group']
pt1 = self.create_policy_target(
policy_target_group_id=ptg['id'])['policy_target']
self._bind_port_to_host(pt1['port_id'], 'h1')
pt2 = self.create_policy_target(
policy_target_group_id=ptg['id'])['policy_target']
self._bind_port_to_host(pt2['port_id'], 'h1')
# Delete EP1
self.new_delete_request('endpoints', ep1['id'],
self.new_delete_request('policy_targets', pt1['id'],
self.fmt).get_response(self.ext_api)
# APIC path not deleted
mgr = self.driver.apic_manager
@ -155,106 +162,113 @@ class TestEndpoint(ApicMappingTestCase):
return self.deserialize(self.fmt, req.get_response(self.api))
class TestEndpointGroup(ApicMappingTestCase):
class TestPolicyTargetGroup(ApicMappingTestCase):
def test_endpoint_group_created_on_apic(self):
epg = self.create_endpoint_group(name="epg1")['endpoint_group']
def test_policy_target_group_created_on_apic(self):
ptg = self.create_policy_target_group(
name="ptg1")['policy_target_group']
mgr = self.driver.apic_manager
mgr.ensure_epg_created.assert_called_once_with(
epg['tenant_id'], epg['id'], bd_name=epg['l2_policy_id'])
ptg['tenant_id'], ptg['id'], bd_name=ptg['l2_policy_id'])
def _test_epg_contract_created(self, provider=True):
cntr = self.create_contract(name='c')['contract']
def _test_ptg_policy_rule_set_created(self, provider=True):
cntr = self.create_policy_rule_set(name='c')['policy_rule_set']
if provider:
epg = self.create_endpoint_group(
provided_contracts={cntr['id']: 'scope'})['endpoint_group']
ptg = self.create_policy_target_group(
provided_policy_rule_sets={cntr['id']: 'scope'})[
'policy_target_group']
else:
epg = self.create_endpoint_group(
consumed_contracts={cntr['id']: 'scope'})['endpoint_group']
ptg = self.create_policy_target_group(
consumed_policy_rule_sets={cntr['id']: 'scope'})[
'policy_target_group']
# Verify that the apic call is issued
mgr = self.driver.apic_manager
mgr.set_contract_for_epg.assert_called_with(
epg['tenant_id'], epg['id'], cntr['id'], transaction='transaction',
ptg['tenant_id'], ptg['id'], cntr['id'], transaction='transaction',
provider=provider)
def _test_epg_contract_updated(self, provider=True):
p_or_c = {True: 'provided_contracts', False: 'consumed_contracts'}
cntr = self.create_contract(name='c1')['contract']
new_cntr = self.create_contract(name='c2')['contract']
def _test_ptg_policy_rule_set_updated(self, provider=True):
p_or_c = {True: 'provided_policy_rule_sets',
False: 'consumed_policy_rule_sets'}
cntr = self.create_policy_rule_set(name='c1')['policy_rule_set']
new_cntr = self.create_policy_rule_set(name='c2')['policy_rule_set']
if provider:
epg = self.create_endpoint_group(
provided_contracts={cntr['id']: 'scope'})
ptg = self.create_policy_target_group(
provided_policy_rule_sets={cntr['id']: 'scope'})
else:
epg = self.create_endpoint_group(
consumed_contracts={cntr['id']: 'scope'})
ptg = self.create_policy_target_group(
consumed_policy_rule_sets={cntr['id']: 'scope'})
data = {'endpoint_group': {p_or_c[provider]:
data = {'policy_target_group': {p_or_c[provider]:
{new_cntr['id']: 'scope'}}}
req = self.new_update_request('endpoint_groups', data,
epg['endpoint_group']['id'], self.fmt)
epg = self.deserialize(self.fmt, req.get_response(self.ext_api))
epg = epg['endpoint_group']
req = self.new_update_request('policy_target_groups', data,
ptg['policy_target_group']['id'],
self.fmt)
ptg = self.deserialize(self.fmt, req.get_response(self.ext_api))
ptg = ptg['policy_target_group']
mgr = self.driver.apic_manager
mgr.set_contract_for_epg.assert_called_with(
epg['tenant_id'], epg['id'], new_cntr['id'],
ptg['tenant_id'], ptg['id'], new_cntr['id'],
transaction='transaction', provider=provider)
mgr.unset_contract_for_epg.assert_called_with(
epg['tenant_id'], epg['id'], cntr['id'],
ptg['tenant_id'], ptg['id'], cntr['id'],
transaction='transaction', provider=provider)
def test_epg_contract_provider_created(self):
self._test_epg_contract_created()
def test_ptg_policy_rule_set_provider_created(self):
self._test_ptg_policy_rule_set_created()
def test_epg_contract_provider_updated(self):
self._test_epg_contract_updated()
def test_ptg_policy_rule_set_provider_updated(self):
self._test_ptg_policy_rule_set_updated()
def test_epg_contract_consumer_created(self):
self._test_epg_contract_created(False)
def test_ptg_policy_rule_set_consumer_created(self):
self._test_ptg_policy_rule_set_created(False)
def test_epg_contract_consumer_updated(self):
self._test_epg_contract_updated(False)
def test_ptg_policy_rule_set_consumer_updated(self):
self._test_ptg_policy_rule_set_updated(False)
def test_endpoint_group_deleted_on_apic(self):
epg = self.create_endpoint_group(name="epg1")['endpoint_group']
req = self.new_delete_request('endpoint_groups', epg['id'], self.fmt)
def test_policy_target_group_deleted_on_apic(self):
ptg = self.create_policy_target_group(
name="ptg1")['policy_target_group']
req = self.new_delete_request(
'policy_target_groups', ptg['id'], self.fmt)
req.get_response(self.ext_api)
mgr = self.driver.apic_manager
mgr.delete_epg_for_network.assert_called_once_with(
epg['tenant_id'], epg['id'])
ptg['tenant_id'], ptg['id'])
def test_endpoint_group_subnet_created_on_apic(self):
def test_policy_target_group_subnet_created_on_apic(self):
epg = self._create_explicit_subnet_epg('10.0.0.0/24')
ptg = self._create_explicit_subnet_ptg('10.0.0.0/24')
mgr = self.driver.apic_manager
mgr.ensure_subnet_created_on_apic.assert_called_once_with(
epg['tenant_id'], epg['l2_policy_id'], '10.0.0.1/24',
ptg['tenant_id'], ptg['l2_policy_id'], '10.0.0.1/24',
transaction='transaction')
def test_endpoint_group_subnet_added(self):
epg = self._create_explicit_subnet_epg('10.0.0.0/24')
l2p = self._get_object('l2_policies', epg['l2_policy_id'],
def test_policy_target_group_subnet_added(self):
ptg = self._create_explicit_subnet_ptg('10.0.0.0/24')
l2p = self._get_object('l2_policies', ptg['l2_policy_id'],
self.ext_api)
network = self._get_object('networks', l2p['l2_policy']['network_id'],
self.api)
with self.subnet(network=network, cidr='10.0.1.0/24') as subnet:
data = {'endpoint_group':
{'subnets': epg['subnets'] + [subnet['subnet']['id']]}}
data = {'policy_target_group':
{'subnets': ptg['subnets'] + [subnet['subnet']['id']]}}
mgr = self.driver.apic_manager
self.new_update_request('endpoint_groups', data, epg['id'],
self.new_update_request('policy_target_groups', data, ptg['id'],
self.fmt).get_response(self.ext_api)
mgr.ensure_subnet_created_on_apic.assert_called_with(
epg['tenant_id'], epg['l2_policy_id'], '10.0.1.1/24',
ptg['tenant_id'], ptg['l2_policy_id'], '10.0.1.1/24',
transaction='transaction')
def test_process_subnet_update(self):
epg = self._create_explicit_subnet_epg('10.0.0.0/24')
subnet = self._get_object('subnets', epg['subnets'][0], self.api)
ptg = self._create_explicit_subnet_ptg('10.0.0.0/24')
subnet = self._get_object('subnets', ptg['subnets'][0], self.api)
subnet2 = copy.deepcopy(subnet)
subnet2['subnet']['gateway_ip'] = '10.0.0.254'
mgr = self.driver.apic_manager
@ -262,22 +276,22 @@ class TestEndpointGroup(ApicMappingTestCase):
self.driver.process_subnet_changed(context.get_admin_context(),
subnet['subnet'], subnet2['subnet'])
mgr.ensure_subnet_created_on_apic.assert_called_once_with(
epg['tenant_id'], epg['l2_policy_id'], '10.0.0.254/24',
transaction='transaction')
ptg['tenant_id'], ptg['l2_policy_id'], '10.0.0.254/24',
transaction='transaction')
mgr.ensure_subnet_deleted_on_apic.assert_called_with(
epg['tenant_id'], epg['l2_policy_id'], '10.0.0.1/24',
transaction='transaction')
ptg['tenant_id'], ptg['l2_policy_id'], '10.0.0.1/24',
transaction='transaction')
def _create_explicit_subnet_epg(self, cidr):
def _create_explicit_subnet_ptg(self, cidr):
l2p = self.create_l2_policy(name="l2p")
l2p_id = l2p['l2_policy']['id']
network_id = l2p['l2_policy']['network_id']
network = self._get_object('networks', network_id, self.api)
with self.subnet(network=network, cidr=cidr) as subnet:
subnet_id = subnet['subnet']['id']
return self.create_endpoint_group(
name="epg1", l2_policy_id=l2p_id,
subnets=[subnet_id])['endpoint_group']
return self.create_policy_target_group(
name="ptg1", l2_policy_id=l2p_id,
subnets=[subnet_id])['policy_target_group']
class TestL2Policy(ApicMappingTestCase):
@ -317,22 +331,23 @@ class TestL3Policy(ApicMappingTestCase):
l3p['tenant_id'], l3p['id'])
class TestContract(ApicMappingTestCase):
class TestPolicyRuleSet(ApicMappingTestCase):
# TODO(ivar): verify rule intersection with hierarchical contracts happens
# on APIC
def test_contract_created_on_apic(self):
self.create_contract(name="ctr")
# TODO(ivar): verify rule intersection with hierarchical policy_rule_sets
# happens on APIC
def test_policy_rule_set_created_on_apic(self):
self.create_policy_rule_set(name="ctr")
mgr = self.driver.apic_manager
self.assertEqual(1, mgr.create_contract.call_count)
def test_contract_created_with_rules(self):
def test_policy_rule_set_created_with_rules(self):
bi, in_d, out = range(3)
rules = self._create_3_direction_rules()
# exclude BI rule for now
ctr = self.create_contract(
name="ctr", policy_rules=[x['id'] for x in rules[1:]])['contract']
ctr = self.create_policy_rule_set(
name="ctr", policy_rules=[x['id'] for x in rules[1:]])[
'policy_rule_set']
# Verify that the in-out rules are correctly enforced on the APIC
mgr = self.driver.apic_manager
@ -343,9 +358,9 @@ class TestContract(ApicMappingTestCase):
ctr['id'], ctr['id'], rules[out]['id'], owner=ctr['tenant_id'],
transaction='transaction', unset=False)
# Create contract with BI rule
ctr = self.create_contract(
name="ctr", policy_rules=[rules[bi]['id']])['contract']
# Create policy_rule_set with BI rule
ctr = self.create_policy_rule_set(
name="ctr", policy_rules=[rules[bi]['id']])['policy_rule_set']
mgr.manage_contract_subject_in_filter.assert_called_with(
ctr['id'], ctr['id'], rules[bi]['id'], owner=ctr['tenant_id'],
@ -354,20 +369,22 @@ class TestContract(ApicMappingTestCase):
ctr['id'], ctr['id'], rules[bi]['id'], owner=ctr['tenant_id'],
transaction='transaction', unset=False)
def test_contract_updated_with_new_rules(self):
def test_policy_rule_set_updated_with_new_rules(self):
bi, in_d, out = range(3)
old_rules = self._create_3_direction_rules()
new_rules = self._create_3_direction_rules()
# exclude BI rule for now
ctr = self.create_contract(
ctr = self.create_policy_rule_set(
name="ctr",
policy_rules=[x['id'] for x in old_rules[1:]])['contract']
data = {'contract': {'policy_rules': [x['id'] for x in new_rules[1:]]}}
policy_rules=[x['id'] for x in old_rules[1:]])['policy_rule_set']
data = {'policy_rule_set':
{'policy_rules': [x['id'] for x in new_rules[1:]]}}
mgr = self.driver.apic_manager
mgr.manage_contract_subject_in_filter = MockCallRecorder()
mgr.manage_contract_subject_out_filter = MockCallRecorder()
self.new_update_request(
'contracts', data, ctr['id'], self.fmt).get_response(self.ext_api)
'policy_rule_sets', data, ctr['id'], self.fmt).get_response(
self.ext_api)
# Verify old IN rule unset and new IN rule set
self.assertTrue(
mgr.manage_contract_subject_in_filter.call_happened_with(
@ -388,12 +405,13 @@ class TestContract(ApicMappingTestCase):
owner=ctr['tenant_id'], transaction='transaction',
unset=False))
ctr = self.create_contract(
ctr = self.create_policy_rule_set(
name="ctr",
policy_rules=[old_rules[0]['id']])['contract']
data = {'contract': {'policy_rules': [new_rules[0]['id']]}}
policy_rules=[old_rules[0]['id']])['policy_rule_set']
data = {'policy_rule_set': {'policy_rules': [new_rules[0]['id']]}}
self.new_update_request(
'contracts', data, ctr['id'], self.fmt).get_response(self.ext_api)
'policy_rule_sets', data, ctr['id'], self.fmt).get_response(
self.ext_api)
# Verify old BI rule unset and new Bu rule set
self.assertTrue(
mgr.manage_contract_subject_in_filter.call_happened_with(
@ -465,4 +483,4 @@ class TestPolicyRule(ApicMappingTestCase):
action = self.create_policy_action(
action_type='allow')['policy_action']
return self.create_policy_rule(
cls['id'], policy_actions=[action['id']])['policy_rule']
cls['id'], policy_actions=[action['id']])['policy_rule']

9
gbp/neutron/tests/unit/services/grouppolicy/test_grouppolicy_plugin.py
View File

@ -64,10 +64,11 @@ class GroupPolicyPluginTestCase(tgpmdb.GroupPolicyMappingDbTestCase):
finally:
manager.ordered_policy_drivers = drivers
def test_delete_fails_on_used_epg(self):
epg = self.create_endpoint_group()['endpoint_group']
self.create_endpoint(endpoint_group_id=epg['id'])
req = self.new_delete_request('endpoint_groups', epg['id'], self.fmt)
def test_delete_fails_on_used_ptg(self):
ptg = self.create_policy_target_group()['policy_target_group']
self.create_policy_target(policy_target_group_id=ptg['id'])
req = self.new_delete_request('policy_target_groups', ptg['id'],
self.fmt)
res = req.get_response(self.ext_api)
self.assertEqual(res.status_int, 400)

91
gbp/neutron/tests/unit/services/grouppolicy/test_implicit_policy.py
View File

@ -30,38 +30,39 @@ class ImplicitPolicyTestCase(
class TestImplicitL2Policy(ImplicitPolicyTestCase):
def test_impicit_lifecycle(self):
# Create endpoint group with implicit L2 policy.
epg1 = self.create_endpoint_group()
epg1_id = epg1['endpoint_group']['id']
l2p1_id = epg1['endpoint_group']['l2_policy_id']
# Create policy_target group with implicit L2 policy.
ptg1 = self.create_policy_target_group()
ptg1_id = ptg1['policy_target_group']['id']
l2p1_id = ptg1['policy_target_group']['l2_policy_id']
self.assertIsNotNone(l2p1_id)
req = self.new_show_request('endpoint_groups', epg1_id, fmt=self.fmt)
req = self.new_show_request('policy_target_groups', ptg1_id,
fmt=self.fmt)
res = self.deserialize(self.fmt, req.get_response(self.ext_api))
self.assertEqual(l2p1_id, res['endpoint_group']['l2_policy_id'])
self.assertEqual(l2p1_id, res['policy_target_group']['l2_policy_id'])
req = self.new_show_request('l2_policies', l2p1_id, fmt=self.fmt)
l2p1 = self.deserialize(self.fmt, req.get_response(self.ext_api))
self.assertEqual(epg1['endpoint_group']['name'],
self.assertEqual(ptg1['policy_target_group']['name'],
l2p1['l2_policy']['name'])
# Create 2nd endpoint group with different implicit L2 policy.
epg2 = self.create_endpoint_group()
epg2_id = epg2['endpoint_group']['id']
l2p2_id = epg2['endpoint_group']['l2_policy_id']
# Create 2nd policy_target group with different implicit L2 policy.
ptg2 = self.create_policy_target_group()
ptg2_id = ptg2['policy_target_group']['id']
l2p2_id = ptg2['policy_target_group']['l2_policy_id']
self.assertIsNotNone(l2p2_id)
self.assertNotEqual(l2p1_id, l2p2_id)
# Verify deleting 1st endpoint group does cleanup its L2
# Verify deleting 1st policy_target group does cleanup its L2
# policy.
req = self.new_delete_request('endpoint_groups', epg1_id)
req = self.new_delete_request('policy_target_groups', ptg1_id)
res = req.get_response(self.ext_api)
self.assertEqual(res.status_int, webob.exc.HTTPNoContent.code)
req = self.new_show_request('l2_policies', l2p1_id, fmt=self.fmt)
res = req.get_response(self.ext_api)
self.assertEqual(res.status_int, webob.exc.HTTPNotFound.code)
# Verify deleting 2nd endpoint group does cleanup its L2
# Verify deleting 2nd policy_target group does cleanup its L2
# policy.
req = self.new_delete_request('endpoint_groups', epg2_id)
req = self.new_delete_request('policy_target_groups', ptg2_id)
res = req.get_response(self.ext_api)
self.assertEqual(res.status_int, webob.exc.HTTPNoContent.code)
req = self.new_show_request('l2_policies', l2p2_id, fmt=self.fmt)
@ -69,15 +70,15 @@ class TestImplicitL2Policy(ImplicitPolicyTestCase):
self.assertEqual(res.status_int, webob.exc.HTTPNotFound.code)
def test_explicit_lifecycle(self):
# Create endpoint group with explicit L2 policy.
# Create policy_target group with explicit L2 policy.
l2p = self.create_l2_policy()
l2p_id = l2p['l2_policy']['id']
epg = self.create_endpoint_group(l2_policy_id=l2p_id)
epg_id = epg['endpoint_group']['id']
self.assertEqual(l2p_id, epg['endpoint_group']['l2_policy_id'])
ptg = self.create_policy_target_group(l2_policy_id=l2p_id)
ptg_id = ptg['policy_target_group']['id']
self.assertEqual(l2p_id, ptg['policy_target_group']['l2_policy_id'])
# Verify deleting endpoint group does not cleanup L2 policy.
req = self.new_delete_request('endpoint_groups', epg_id)
# Verify deleting policy_target group does not cleanup L2 policy.
req = self.new_delete_request('policy_target_groups', ptg_id)
res = req.get_response(self.ext_api)
self.assertEqual(res.status_int, webob.exc.HTTPNoContent.code)
req = self.new_show_request('l2_policies', l2p_id, fmt=self.fmt)
@ -85,31 +86,31 @@ class TestImplicitL2Policy(ImplicitPolicyTestCase):
self.assertEqual(res.status_int, webob.exc.HTTPOk.code)
def test_update_from_implicit(self):
# Create endpoint group with implicit L2 policy.
epg = self.create_endpoint_group()
epg_id = epg['endpoint_group']['id']
l2p1_id = epg['endpoint_group']['l2_policy_id']
# Create policy_target group with implicit L2 policy.
ptg = self.create_policy_target_group()
ptg_id = ptg['policy_target_group']['id']
l2p1_id = ptg['policy_target_group']['l2_policy_id']
req = self.new_show_request('l2_policies', l2p1_id, fmt=self.fmt)
l2p1 = self.deserialize(self.fmt, req.get_response(self.ext_api))
self.assertEqual(epg['endpoint_group']['name'],
self.assertEqual(ptg['policy_target_group']['name'],
l2p1['l2_policy']['name'])
# Update endpoint group to explicit L2 policy.
# Update policy_target group to explicit L2 policy.
l2p2 = self.create_l2_policy()
l2p2_id = l2p2['l2_policy']['id']
data = {'endpoint_group': {'l2_policy_id': l2p2_id}}
req = self.new_update_request('endpoint_groups', data, epg_id)
epg = self.deserialize(self.fmt, req.get_response(self.ext_api))
self.assertEqual(l2p2_id, epg['endpoint_group']['l2_policy_id'])
data = {'policy_target_group': {'l2_policy_id': l2p2_id}}
req = self.new_update_request('policy_target_groups', data, ptg_id)
ptg = self.deserialize(self.fmt, req.get_response(self.ext_api))
self.assertEqual(l2p2_id, ptg['policy_target_group']['l2_policy_id'])
# Verify old L2 policy was cleaned up.
req = self.new_show_request('l2_policies', l2p1_id, fmt=self.fmt)
res = req.get_response(self.ext_api)
self.assertEqual(res.status_int, webob.exc.HTTPNotFound.code)
# Verify deleting endpoint group does not cleanup new L2
# Verify deleting policy_target group does not cleanup new L2
# policy.
req = self.new_delete_request('endpoint_groups', epg_id)
req = self.new_delete_request('policy_target_groups', ptg_id)
res = req.get_response(self.ext_api)
self.assertEqual(res.status_int, webob.exc.HTTPNoContent.code)
req = self.new_show_request('l2_policies', l2p2_id, fmt=self.fmt)
@ -117,23 +118,23 @@ class TestImplicitL2Policy(ImplicitPolicyTestCase):
self.assertEqual(res.status_int, webob.exc.HTTPOk.code)
def test_update_to_implicit(self):
# Create endpoint group with explicit L2 policy.
# Create policy_target group with explicit L2 policy.
l2p1 = self.create_l2_policy()
l2p1_id = l2p1['l2_policy']['id']
epg = self.create_endpoint_group(l2_policy_id=l2p1_id)
epg_id = epg['endpoint_group']['id']
self.assertEqual(l2p1_id, epg['endpoint_group']['l2_policy_id'])
ptg = self.create_policy_target_group(l2_policy_id=l2p1_id)
ptg_id = ptg['policy_target_group']['id']
self.assertEqual(l2p1_id, ptg['policy_target_group']['l2_policy_id'])
# Update endpoint group to implicit L2 policy.
data = {'endpoint_group': {'l2_policy_id': None}}
req = self.new_update_request('endpoint_groups', data, epg_id)
epg = self.deserialize(self.fmt, req.get_response(self.ext_api))
l2p2_id = epg['endpoint_group']['l2_policy_id']
# Update policy_target group to implicit L2 policy.
data = {'policy_target_group': {'l2_policy_id': None}}
req = self.new_update_request('policy_target_groups', data, ptg_id)
ptg = self.deserialize(self.fmt, req.get_response(self.ext_api))
l2p2_id = ptg['policy_target_group']['l2_policy_id']
self.assertNotEqual(l2p1_id, l2p2_id)
self.assertIsNotNone(l2p2_id)
req = self.new_show_request('l2_policies', l2p2_id, fmt=self.fmt)
l2p2 = self.deserialize(self.fmt, req.get_response(self.ext_api))
self.assertEqual(epg['endpoint_group']['name'],
self.assertEqual(ptg['policy_target_group']['name'],
l2p2['l2_policy']['name'])
# Verify old L2 policy was not cleaned up.
@ -141,8 +142,8 @@ class TestImplicitL2Policy(ImplicitPolicyTestCase):
res = req.get_response(self.ext_api)
self.assertEqual(res.status_int, webob.exc.HTTPOk.code)
# Verify deleting endpoint group does cleanup new L2 policy.
req = self.new_delete_request('endpoint_groups', epg_id)
# Verify deleting policy_target group does cleanup new L2 policy.
req = self.new_delete_request('policy_target_groups', ptg_id)
res = req.get_response(self.ext_api)
self.assertEqual(res.status_int, webob.exc.HTTPNoContent.code)
req = self.new_show_request('l2_policies', l2p2_id, fmt=self.fmt)

386
gbp/neutron/tests/unit/services/grouppolicy/test_resource_mapping.py
View File

@ -29,8 +29,9 @@ from gbp.neutron.services.servicechain import servicechain_plugin
from gbp.neutron.tests.unit.services.grouppolicy import test_grouppolicy_plugin
class NoL3NatSGTestPlugin(test_l3_plugin.TestNoL3NatPlugin,
test_extension_security_group.SecurityGroupTestPlugin):
class NoL3NatSGTestPlugin(
test_l3_plugin.TestNoL3NatPlugin,
test_extension_security_group.SecurityGroupTestPlugin):
supported_extension_aliases = ["external-net", "security-group"]
@ -49,24 +50,25 @@ class ResourceMappingTestCase(
super(ResourceMappingTestCase, self).setUp(core_plugin=CORE_PLUGIN)
class TestEndpoint(ResourceMappingTestCase):
class TestPolicyTarget(ResourceMappingTestCase):
def test_implicit_port_lifecycle(self):
# Create endpoint group.
epg = self.create_endpoint_group(name="epg1")
epg_id = epg['endpoint_group']['id']
# Create policy_target group.
ptg = self.create_policy_target_group(name="ptg1")
ptg_id = ptg['policy_target_group']['id']
# Create endpoint with implicit port.
ep = self.create_endpoint(name="ep1", endpoint_group_id=epg_id)
ep_id = ep['endpoint']['id']
port_id = ep['endpoint']['port_id']
# Create policy_target with implicit port.
pt = self.create_policy_target(name="pt1",
policy_target_group_id=ptg_id)
pt_id = pt['policy_target']['id']
port_id = pt['policy_target']['port_id']
self.assertIsNotNone(port_id)
# TODO(rkukura): Verify implicit port belongs to endpoint
# TODO(rkukura): Verify implicit port belongs to policy_target
# group's subnet.
# Verify deleting endpoint cleans up port.
req = self.new_delete_request('endpoints', ep_id)
# Verify deleting policy_target cleans up port.
req = self.new_delete_request('policy_targets', pt_id)
res = req.get_response(self.ext_api)
self.assertEqual(res.status_int, webob.exc.HTTPNoContent.code)
req = self.new_show_request('ports', port_id, fmt=self.fmt)
@ -74,67 +76,67 @@ class TestEndpoint(ResourceMappingTestCase):
self.assertEqual(res.status_int, webob.exc.HTTPNotFound.code)
def test_explicit_port_lifecycle(self):
# Create endpoint group.
epg = self.create_endpoint_group(name="epg1")
epg_id = epg['endpoint_group']['id']
subnet_id = epg['endpoint_group']['subnets'][0]
# Create policy_target group.
ptg = self.create_policy_target_group(name="ptg1")
ptg_id = ptg['policy_target_group']['id']
subnet_id = ptg['policy_target_group']['subnets'][0]
req = self.new_show_request('subnets', subnet_id)
subnet = self.deserialize(self.fmt, req.get_response(self.api))
# Create endpoint with explicit port.
# Create policy_target with explicit port.
with self.port(subnet=subnet) as port:
port_id = port['port']['id']
ep = self.create_endpoint(name="ep1", endpoint_group_id=epg_id,
port_id=port_id)
ep_id = ep['endpoint']['id']
self.assertEqual(port_id, ep['endpoint']['port_id'])
pt = self.create_policy_target(
name="pt1", policy_target_group_id=ptg_id, port_id=port_id)
pt_id = pt['policy_target']['id']
self.assertEqual(port_id, pt['policy_target']['port_id'])
# Verify deleting endpoint does not cleanup port.
req = self.new_delete_request('endpoints', ep_id)
# Verify deleting policy_target does not cleanup port.
req = self.new_delete_request('policy_targets', pt_id)
res = req.get_response(self.ext_api)
self.assertEqual(res.status_int, webob.exc.HTTPNoContent.code)
req = self.new_show_request('ports', port_id, fmt=self.fmt)
res = req.get_response(self.api)
self.assertEqual(res.status_int, webob.exc.HTTPOk.code)
def test_missing_epg_rejected(self):
data = self.create_endpoint(name="ep1",
expected_res_status=
webob.exc.HTTPBadRequest.code)
self.assertEqual('EndpointRequiresEndpointGroup',
def test_missing_ptg_rejected(self):
data = self.create_policy_target(
name="pt1", expected_res_status=webob.exc.HTTPBadRequest.code)
self.assertEqual('PolicyTargetRequiresPolicyTargetGroup',
data['NeutronError']['type'])
def test_epg_update_rejected(self):
# Create two endpoint groups.
epg1 = self.create_endpoint_group(name="epg1")
epg1_id = epg1['endpoint_group']['id']
epg2 = self.create_endpoint_group(name="epg2")
epg2_id = epg2['endpoint_group']['id']
def test_ptg_update_rejected(self):
# Create two policy_target groups.
ptg1 = self.create_policy_target_group(name="ptg1")
ptg1_id = ptg1['policy_target_group']['id']
ptg2 = self.create_policy_target_group(name="ptg2")
ptg2_id = ptg2['policy_target_group']['id']
# Create endpoint.
ep = self.create_endpoint(name="ep1", endpoint_group_id=epg1_id)
ep_id = ep['endpoint']['id']
# Create policy_target.
pt = self.create_policy_target(name="pt1",
policy_target_group_id=ptg1_id)
pt_id = pt['policy_target']['id']
# Verify updating endpoint group rejected.
data = {'endpoint': {'endpoint_group_id': epg2_id}}
req = self.new_update_request('endpoints', data, ep_id)
# Verify updating policy_target group rejected.
data = {'policy_target': {'policy_target_group_id': ptg2_id}}
req = self.new_update_request('policy_targets', data, pt_id)
data = self.deserialize(self.fmt, req.get_response(self.ext_api))
self.assertEqual('EndpointEndpointGroupUpdateNotSupported',
self.assertEqual('PolicyTargetGroupUpdateOfPolicyTargetNotSupported',
data['NeutronError']['type'])
class TestEndpointGroup(ResourceMappingTestCase):
class TestPolicyTargetGroup(ResourceMappingTestCase):
def test_implicit_subnet_lifecycle(self):
# Use explicit L2 policy so network and subnet not deleted
# with endpoint group.
# with policy_target group.
l2p = self.create_l2_policy()
l2p_id = l2p['l2_policy']['id']
# Create endpoint group with implicit subnet.
epg = self.create_endpoint_group(name="epg1", l2_policy_id=l2p_id)
epg_id = epg['endpoint_group']['id']
subnets = epg['endpoint_group']['subnets']
# Create policy_target group with implicit subnet.
ptg = self.create_policy_target_group(name="ptg1", l2_policy_id=l2p_id)
ptg_id = ptg['policy_target_group']['id']
subnets = ptg['policy_target_group']['subnets']
self.assertIsNotNone(subnets)
self.assertEqual(len(subnets), 1)
subnet_id = subnets[0]
@ -143,8 +145,8 @@ class TestEndpointGroup(ResourceMappingTestCase):
# network, is within L3 policy's ip_pool, and was added as
# router interface.
# Verify deleting endpoint group cleans up subnet.
req = self.new_delete_request('endpoint_groups', epg_id)
# Verify deleting policy_target group cleans up subnet.
req = self.new_delete_request('policy_target_groups', ptg_id)
res = req.get_response(self.ext_api)
self.assertEqual(res.status_int, webob.exc.HTTPNoContent.code)
req = self.new_show_request('subnets', subnet_id, fmt=self.fmt)
@ -166,13 +168,13 @@ class TestEndpointGroup(ResourceMappingTestCase):
req = self.new_show_request('networks', network_id)
network = self.deserialize(self.fmt, req.get_response(self.api))
# Create endpoint group with explicit subnet.
# Create policy_target group with explicit subnet.
with self.subnet(network=network, cidr='10.10.1.0/24') as subnet:
subnet_id = subnet['subnet']['id']
epg = self.create_endpoint_group(name="epg1", l2_policy_id=l2p_id,
subnets=[subnet_id])
epg_id = epg['endpoint_group']['id']
subnets = epg['endpoint_group']['subnets']
ptg = self.create_policy_target_group(
name="ptg1", l2_policy_id=l2p_id, subnets=[subnet_id])
ptg_id = ptg['policy_target_group']['id']
subnets = ptg['policy_target_group']['subnets']
self.assertIsNotNone(subnets)
self.assertEqual(len(subnets), 1)
self.assertEqual(subnet_id, subnets[0])
@ -180,8 +182,8 @@ class TestEndpointGroup(ResourceMappingTestCase):
# TODO(rkukura): Verify explicit subnet was added as
# router interface.
# Verify deleting endpoint group does not cleanup subnet.
req = self.new_delete_request('endpoint_groups', epg_id)
# Verify deleting policy_target group does not cleanup subnet.
req = self.new_delete_request('policy_target_groups', ptg_id)
res = req.get_response(self.ext_api)
self.assertEqual(res.status_int, webob.exc.HTTPNoContent.code)
req = self.new_show_request('subnets', subnet_id, fmt=self.fmt)
@ -203,7 +205,7 @@ class TestEndpointGroup(ResourceMappingTestCase):
req = self.new_show_request('networks', network_id)
network = self.deserialize(self.fmt, req.get_response(self.api))
# Create endpoint group with explicit subnet.
# Create policy_target group with explicit subnet.
with contextlib.nested(
self.subnet(network=network, cidr='10.10.1.0/24'),
self.subnet(network=network, cidr='10.10.2.0/24')
@ -211,14 +213,14 @@ class TestEndpointGroup(ResourceMappingTestCase):
subnet1_id = subnet1['subnet']['id']
subnet2_id = subnet2['subnet']['id']
subnets = [subnet1_id]
epg = self.create_endpoint_group(l2_policy_id=l2p_id,
subnets=subnets)
epg_id = epg['endpoint_group']['id']
ptg = self.create_policy_target_group(
l2_policy_id=l2p_id, subnets=subnets)
ptg_id = ptg['policy_target_group']['id']
# Add subnet.
subnets = [subnet1_id, subnet2_id]
data = {'endpoint_group': {'subnets': subnets}}
req = self.new_update_request('endpoint_groups', data, epg_id)
data = {'policy_target_group': {'subnets': subnets}}
req = self.new_update_request('policy_target_groups', data, ptg_id)
res = req.get_response(self.ext_api)
self.assertEqual(res.status_int, webob.exc.HTTPOk.code)
@ -234,7 +236,7 @@ class TestEndpointGroup(ResourceMappingTestCase):
req = self.new_show_request('networks', network_id)
network = self.deserialize(self.fmt, req.get_response(self.api))
# Create endpoint group with explicit subnets.
# Create policy_target group with explicit subnets.
with contextlib.nested(
self.subnet(network=network, cidr='10.10.1.0/24'),
self.subnet(network=network, cidr='10.10.2.0/24')
@ -242,25 +244,25 @@ class TestEndpointGroup(ResourceMappingTestCase):
subnet1_id = subnet1['subnet']['id']
subnet2_id = subnet2['subnet']['id']
subnets = [subnet1_id, subnet2_id]
epg = self.create_endpoint_group(l2_policy_id=l2p_id,
subnets=subnets)
epg_id = epg['endpoint_group']['id']
ptg = self.create_policy_target_group(
l2_policy_id=l2p_id, subnets=subnets)
ptg_id = ptg['policy_target_group']['id']
# Verify removing subnet rejected.
data = {'endpoint_group': {'subnets': [subnet2_id]}}
req = self.new_update_request('endpoint_groups', data, epg_id)
data = {'policy_target_group': {'subnets': [subnet2_id]}}
req = self.new_update_request('policy_target_groups', data, ptg_id)
data = self.deserialize(self.fmt, req.get_response(self.ext_api))
self.assertEqual('EndpointGroupSubnetRemovalNotSupported',
self.assertEqual('PolicyTargetGroupSubnetRemovalNotSupported',
data['NeutronError']['type'])
def test_subnet_allocation(self):
epg1 = self.create_endpoint_group(name="epg1")
subnets = epg1['endpoint_group']['subnets']
ptg1 = self.create_policy_target_group(name="ptg1")
subnets = ptg1['policy_target_group']['subnets']
req = self.new_show_request('subnets', subnets[0], fmt=self.fmt)
subnet1 = self.deserialize(self.fmt, req.get_response(self.api))
epg2 = self.create_endpoint_group(name="epg2")
subnets = epg2['endpoint_group']['subnets']
ptg2 = self.create_policy_target_group(name="ptg2")
subnets = ptg2['policy_target_group']['subnets']
req = self.new_show_request('subnets', subnets[0], fmt=self.fmt)
subnet2 = self.deserialize(self.fmt, req.get_response(self.api))
@ -375,10 +377,12 @@ class NotificationTest(ResourceMappingTestCase):
def test_dhcp_notifier(self):
with mock.patch.object(dhcp_rpc_agent_api.DhcpAgentNotifyAPI,
'notify') as dhcp_notifier:
epg = self.create_endpoint_group(name="epg1")
epg_id = epg['endpoint_group']['id']
ep = self.create_endpoint(name="ep1", endpoint_group_id=epg_id)
self.assertEqual(ep['endpoint']['endpoint_group_id'], epg_id)
ptg = self.create_policy_target_group(name="ptg1")
ptg_id = ptg['policy_target_group']['id']
pt = self.create_policy_target(
name="pt1", policy_target_group_id=ptg_id)
self.assertEqual(
pt['policy_target']['policy_target_group_id'], ptg_id)
# REVISIT(rkukura): Check dictionaries for correct id, etc..
dhcp_notifier.assert_any_call(mock.ANY, mock.ANY,
"router.create.end")
@ -392,10 +396,12 @@ class NotificationTest(ResourceMappingTestCase):
def test_nova_notifier(self):
with mock.patch.object(nova.Notifier,
'send_network_change') as nova_notifier:
epg = self.create_endpoint_group(name="epg1")
epg_id = epg['endpoint_group']['id']
ep = self.create_endpoint(name="ep1", endpoint_group_id=epg_id)
self.assertEqual(ep['endpoint']['endpoint_group_id'], epg_id)
ptg = self.create_policy_target_group(name="ptg1")
ptg_id = ptg['policy_target_group']['id']
pt = self.create_policy_target(
name="pt1", policy_target_group_id=ptg_id)
self.assertEqual(
pt['policy_target']['policy_target_group_id'], ptg_id)
# REVISIT(rkukura): Check dictionaries for correct id, etc..
nova_notifier.assert_any_call("create_router", {}, mock.ANY)
nova_notifier.assert_any_call("create_network", {}, mock.ANY)
@ -403,34 +409,37 @@ class NotificationTest(ResourceMappingTestCase):
nova_notifier.assert_any_call("create_port", {}, mock.ANY)
# TODO(ivar): We need a UT that verifies that the EP's ports have the default
# SG when there are no contracts involved, that the default SG is properly
# created and shared, and that it has the right content.
class TestContract(ResourceMappingTestCase):
# TODO(ivar): We need a UT that verifies that the PT's ports have the default
# SG when there are no policy_rule_sets involved, that the default SG is
# properly # created and shared, and that it has the right content.
class TestPolicyRuleSet(ResourceMappingTestCase):
def test_contract_creation(self):
# Create contracts
classifier = self.create_policy_classifier(name="class1",
protocol="tcp", direction="out", port_range="50:100")
def test_policy_rule_set_creation(self):
# Create policy_rule_sets
classifier = self.create_policy_classifier(
name="class1", protocol="tcp", direction="out",
port_range="50:100")
classifier_id = classifier['policy_classifier']['id']
action = self.create_policy_action(name="action1")
action_id = action['policy_action']['id']
action_id_list = [action_id]
policy_rule = self.create_policy_rule(name='pr1',
policy_classifier_id=classifier_id,
policy_actions=action_id_list)
policy_rule = self.create_policy_rule(
name='pr1', policy_classifier_id=classifier_id,
policy_actions=action_id_list)
policy_rule_id = policy_rule['policy_rule']['id']
policy_rule_list = [policy_rule_id]
contract = self.create_contract(name="c1",
policy_rules=policy_rule_list)
contract_id = contract['contract']['id']
epg = self.create_endpoint_group(name="epg1",
provided_contracts={contract_id: None})
epg_id = epg['endpoint_group']['id']
ep = self.create_endpoint(name="ep1", endpoint_group_id=epg_id)
policy_rule_set = self.create_policy_rule_set(
name="c1", policy_rules=policy_rule_list)
policy_rule_set_id = policy_rule_set['policy_rule_set']['id']
ptg = self.create_policy_target_group(
name="ptg1", provided_policy_rule_sets={
policy_rule_set_id: None})
ptg_id = ptg['policy_target_group']['id']
pt = self.create_policy_target(
name="pt1", policy_target_group_id=ptg_id)
# verify SG bind to port
port_id = ep['endpoint']['port_id']
port_id = pt['policy_target']['port_id']
res = self.new_show_request('ports', port_id)
port = self.deserialize(self.fmt, res.get_response(self.api))
security_groups = port['port'][ext_sg.SECURITYGROUPS]
@ -438,169 +447,170 @@ class TestContract(ResourceMappingTestCase):
# TODO(ivar): we also need to verify that those security groups have the
# right rules
def test_consumed_contract(self):
classifier = self.create_policy_classifier(name="class1",
protocol="tcp", direction="in", port_range="20:90")
def test_consumed_policy_rule_set(self):
classifier = self.create_policy_classifier(
name="class1", protocol="tcp", direction="in", port_range="20:90")
classifier_id = classifier['policy_classifier']['id']
action = self.create_policy_action(name="action1",
action_type=gconst.GP_ACTION_ALLOW)
action_id = action['policy_action']['id']
action_id_list = [action_id]
policy_rule = self.create_policy_rule(name='pr1',
policy_classifier_id=classifier_id,
policy_actions=action_id_list)
policy_rule = self.create_policy_rule(
name='pr1', policy_classifier_id=classifier_id,
policy_actions=action_id_list)
policy_rule_id = policy_rule['policy_rule']['id']
policy_rule_list = [policy_rule_id]
contract = self.create_contract(name="c1",
policy_rules=policy_rule_list)
contract_id = contract['contract']['id']
self.create_endpoint_group(name="epg1",
provided_contracts={contract_id: None})
consumed_epg = self.create_endpoint_group(name="epg2",
consumed_contracts={contract_id: None})
epg_id = consumed_epg['endpoint_group']['id']
ep = self.create_endpoint(name="ep2", endpoint_group_id=epg_id)
policy_rule_set = self.create_policy_rule_set(
name="c1", policy_rules=policy_rule_list)
policy_rule_set_id = policy_rule_set['policy_rule_set']['id']
self.create_policy_target_group(
name="ptg1", provided_policy_rule_sets={policy_rule_set_id: None})
consumed_ptg = self.create_policy_target_group(
name="ptg2", consumed_policy_rule_sets={policy_rule_set_id: None})
ptg_id = consumed_ptg['policy_target_group']['id']
pt = self.create_policy_target(
name="pt2", policy_target_group_id=ptg_id)
# verify SG bind to port
port_id = ep['endpoint']['port_id']
port_id = pt['policy_target']['port_id']
res = self.new_show_request('ports', port_id)
port = self.deserialize(self.fmt, res.get_response(self.api))
security_groups = port['port'][ext_sg.SECURITYGROUPS]
self.assertEqual(len(security_groups), 2)
# Test update and delete of EPG, how it affects SG mapping
def test_endpoint_group_update(self):
# create two contracts: bind one to an EPG, update with
# adding another one (increase SG count on EP on EPG)
classifier1 = self.create_policy_classifier(name="class1",
protocol="tcp", direction="bi", port_range="30:80")
classifier2 = self.create_policy_classifier(name="class2",
protocol="udp", direction="out", port_range="20:30")
# Test update and delete of PTG, how it affects SG mapping
def test_policy_target_group_update(self):
# create two policy_rule_sets: bind one to an PTG, update with
# adding another one (increase SG count on PT on PTG)
classifier1 = self.create_policy_classifier(
name="class1", protocol="tcp", direction="bi", port_range="30:80")
classifier2 = self.create_policy_classifier(
name="class2", protocol="udp", direction="out", port_range="20:30")
classifier1_id = classifier1['policy_classifier']['id']
classifier2_id = classifier2['policy_classifier']['id']
action = self.create_policy_action(name="action1",
action_type=gconst.GP_ACTION_ALLOW)
action_id = action['policy_action']['id']
action_id_list = [action_id]
policy_rule1 = self.create_policy_rule(name='pr1',
policy_classifier_id=classifier1_id,
policy_actions=action_id_list)
policy_rule2 = self.create_policy_rule(name='pr2',
policy_classifier_id=classifier2_id,
policy_actions=action_id_list)
policy_rule1 = self.create_policy_rule(
name='pr1', policy_classifier_id=classifier1_id,
policy_actions=action_id_list)
policy_rule2 = self.create_policy_rule(
name='pr2', policy_classifier_id=classifier2_id,
policy_actions=action_id_list)
policy_rule1_id = policy_rule1['policy_rule']['id']
policy_rule1_list = [policy_rule1_id]
policy_rule2_id = policy_rule2['policy_rule']['id']
policy_rule2_list = [policy_rule2_id]
contract1 = self.create_contract(name="c1",
policy_rules=policy_rule1_list)
contract1_id = contract1['contract']['id']
contract2 = self.create_contract(name="c2",
policy_rules=policy_rule2_list)
contract2_id = contract2['contract']['id']
epg1 = self.create_endpoint_group(name="epg1",
provided_contracts={contract1_id: None})
epg2 = self.create_endpoint_group(name="epg2",
consumed_contracts={contract1_id: None})
epg1_id = epg1['endpoint_group']['id']
epg2_id = epg2['endpoint_group']['id']
policy_rule_set1 = self.create_policy_rule_set(
name="c1", policy_rules=policy_rule1_list)
policy_rule_set1_id = policy_rule_set1['policy_rule_set']['id']
policy_rule_set2 = self.create_policy_rule_set(
name="c2", policy_rules=policy_rule2_list)
policy_rule_set2_id = policy_rule_set2['policy_rule_set']['id']
ptg1 = self.create_policy_target_group(
name="ptg1", provided_policy_rule_sets={policy_rule_set1_id: None})
ptg2 = self.create_policy_target_group(
name="ptg2", consumed_policy_rule_sets={policy_rule_set1_id: None})
ptg1_id = ptg1['policy_target_group']['id']
ptg2_id = ptg2['policy_target_group']['id']
# endpoint ep1 now with epg2 consumes contract1_id
ep1 = self.create_endpoint(name="ep1",
endpoint_group_id=epg2_id)
# ep1's port should have 2 SG associated
port_id = ep1['endpoint']['port_id']
# policy_target pt1 now with ptg2 consumes policy_rule_set1_id
pt1 = self.create_policy_target(
name="pt1", policy_target_group_id=ptg2_id)
# pt1's port should have 2 SG associated
port_id = pt1['policy_target']['port_id']
res = self.new_show_request('ports', port_id)
port = self.deserialize(self.fmt, res.get_response(self.api))
security_groups = port['port'][ext_sg.SECURITYGROUPS]
self.assertEqual(len(security_groups), 2)
# now add a contract to EPG
# First we update contract2 to be provided by consumed_epg
data = {'endpoint_group': {'provided_contracts': {contract2_id: None}}}
req = self.new_update_request('endpoint_groups', data, epg2_id)
# now add a policy_rule_set to PTG
# First we update policy_rule_set2 to be provided by consumed_ptg
data = {'policy_target_group':
{'provided_policy_rule_sets': {policy_rule_set2_id: None}}}
req = self.new_update_request('policy_target_groups', data, ptg2_id)
res = req.get_response(self.ext_api)
self.assertEqual(res.status_int, webob.exc.HTTPOk.code)
# set epg1 to provide contract1 and consume contract2
# contract2 now maps to SG which has epg2's subnet as CIDR on rules
data = {'endpoint_group': {'consumed_contracts': {contract2_id: None}}}
req = self.new_update_request('endpoint_groups', data, epg1_id)
# set ptg1 to provide policy_rule_set1 and consume policy_rule_set2
# policy_rule_set2 now maps to SG which has ptg2's subnet as CIDR on
# rules
data = {'policy_target_group':
{'consumed_policy_rule_sets': {policy_rule_set2_id: None}}}
req = self.new_update_request('policy_target_groups', data, ptg1_id)
res = req.get_response(self.ext_api)
self.assertEqual(res.status_int, webob.exc.HTTPOk.code)
port_id = ep1['endpoint']['port_id']
port_id = pt1['policy_target']['port_id']
res = self.new_show_request('ports', port_id)
port = self.deserialize(self.fmt, res.get_response(self.api))
security_groups = port['port'][ext_sg.SECURITYGROUPS]
self.assertEqual(len(security_groups), 3)
def test_redirect_to_chain(self):
classifier = self.create_policy_classifier(name="class1",
protocol="tcp", direction="in", port_range="20:90")
classifier = self.create_policy_classifier(
name="class1", protocol="tcp", direction="in", port_range="20:90")
classifier_id = classifier['policy_classifier']['id']
action = self.create_policy_action(
name="action1",
action_type=gconst.GP_ACTION_REDIRECT,
action_value=uuidutils.generate_uuid())
name="action1", action_type=gconst.GP_ACTION_REDIRECT,
action_value=uuidutils.generate_uuid())
action_id = action['policy_action']['id']
action_id_list = [action_id]
policy_rule = self.create_policy_rule(name='pr1',
policy_classifier_id=classifier_id,
policy_actions=action_id_list)
policy_rule = self.create_policy_rule(
name='pr1', policy_classifier_id=classifier_id,
policy_actions=action_id_list)
policy_rule_id = policy_rule['policy_rule']['id']
policy_rule_list = [policy_rule_id]
contract = self.create_contract(name="c1",
policy_rules=policy_rule_list)
contract_id = contract['contract']['id']
policy_rule_set = self.create_policy_rule_set(
name="c1", policy_rules=policy_rule_list)
policy_rule_set_id = policy_rule_set['policy_rule_set']['id']
sg_ingress_rule = mock.patch.object(
resource_mapping.ResourceMappingDriver,
'_sg_ingress_rule')
resource_mapping.ResourceMappingDriver, '_sg_ingress_rule')
sg_ingress_rule = sg_ingress_rule.start()
params = [{'type': 'ip_single', 'name': 'vip', 'value': 'self_subnet'}]
nsp = self.create_network_service_policy(network_service_params=params)
nsp_id = nsp['network_service_policy']['id']
self.create_endpoint_group(name="epg1",
provided_contracts={contract_id: None},
network_service_policy_id=nsp_id)
self.create_policy_target_group(
name="ptg1", provided_policy_rule_sets={policy_rule_set_id: None},
network_service_policy_id=nsp_id)
sg_ingress_rule.assert_called_once_with(mock.ANY, mock.ANY,
"tcp", "20:90", mock.ANY,
unset=False)
create_chain_instance = mock.patch.object(
servicechain_plugin.ServiceChainPlugin,
'create_servicechain_instance')
servicechain_plugin.ServiceChainPlugin,
'create_servicechain_instance')
create_chain_instance = create_chain_instance.start()
chain_instance_id = uuidutils.generate_uuid()
create_chain_instance.return_value = {'id': chain_instance_id}
#TODO(Magesh):Add tests which verifies that provide/consumer EPGs
#are set correctly for the SCI
# TODO(Magesh):Add tests which verifies that provide/consumer PTGs
# are set correctly for the SCI
with mock.patch.object(
resource_mapping.ResourceMappingDriver,
'_set_rule_servicechain_instance_mapping') as set_rule:
with mock.patch.object(servicechain_db.ServiceChainDbPlugin,
'get_servicechain_spec') as sc_spec_get:
sc_spec_get.return_value = {'servicechain_spec': {}}
consumer_epg = self.create_endpoint_group(name="epg2",
consumed_contracts={contract_id: None})
consumer_epg_id = consumer_epg['endpoint_group']['id']
consumer_ptg = self.create_policy_target_group(
name="ptg2",
consumed_policy_rule_sets={policy_rule_set_id: None})
consumer_ptg_id = consumer_ptg['policy_target_group']['id']
set_rule.assert_called_once_with(mock.ANY, policy_rule_id,
chain_instance_id)
with mock.patch.object(servicechain_plugin.ServiceChainPlugin,
'delete_servicechain_instance'):
with mock.patch.object(
resource_mapping.ResourceMappingDriver,
'_get_rule_servicechain_mapping') as get_rule:
resource_mapping.ResourceMappingDriver,
'_get_rule_servicechain_mapping') as get_rule:
r_sc_map = resource_mapping.RuleServiceChainInstanceMapping()
r_sc_map.rule_id = policy_rule_id
r_sc_map.servicechain_instance_id = chain_instance_id
get_rule.return_value = r_sc_map
get_chain_inst = mock.patch.object(
servicechain_db.ServiceChainDbPlugin,
'get_servicechain_instance')
servicechain_db.ServiceChainDbPlugin,
'get_servicechain_instance')
get_chain_inst.start()
get_chain_inst.return_value = {
"servicechain_instance": {
'id': chain_instance_id}}
"servicechain_instance": {'id': chain_instance_id}}
req = self.new_delete_request(
'endpoint_groups',
consumer_epg_id)
'policy_target_groups', consumer_ptg_id)
res = req.get_response(self.ext_api)
self.assertEqual(res.status_int, webob.exc.HTTPNoContent.code)

374
gbp/neutron/tests/unit/test_extension_group_policy.py
View File

@ -28,14 +28,14 @@ GP_PLUGIN_BASE_NAME = (
gp.GroupPolicyPluginBase.__module__ + '.' +
gp.GroupPolicyPluginBase.__name__)
GROUPPOLICY_URI = 'grouppolicy'
ENDPOINTS_URI = GROUPPOLICY_URI + '/' + 'endpoints'
ENDPOINT_GROUPS_URI = GROUPPOLICY_URI + '/' + 'endpoint_groups'
POLICY_TARGETS_URI = GROUPPOLICY_URI + '/' + 'policy_targets'
POLICY_TARGET_GROUPS_URI = GROUPPOLICY_URI + '/' + 'policy_target_groups'
L2_POLICIES_URI = GROUPPOLICY_URI + '/' + 'l2_policies'
L3_POLICIES_URI = GROUPPOLICY_URI + '/' + 'l3_policies'
POLICY_RULES_URI = GROUPPOLICY_URI + '/' + 'policy_rules'
POLICY_CLASSIFIERS_URI = GROUPPOLICY_URI + '/' + 'policy_classifiers'
POLICY_ACTIONS_URI = GROUPPOLICY_URI + '/' + 'policy_actions'
CONTRACTS_URI = GROUPPOLICY_URI + '/' + 'contracts'
POLICY_RULE_SETS_URI = GROUPPOLICY_URI + '/' + 'policy_rule_sets'
NET_SVC_POLICIES_URI = GROUPPOLICY_URI + '/' + 'network_service_policies'
@ -53,204 +53,210 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
plural_mappings=plural_mappings)
self.instance = self.plugin.return_value
def _test_create_endpoint(self, data, expected_value, default_data=None):
def _test_create_policy_target(self, data, expected_value,
default_data=None):
if not default_data:
default_data = data
self.instance.create_endpoint.return_value = expected_value
res = self.api.post(_get_path(ENDPOINTS_URI, fmt=self.fmt),
self.instance.create_policy_target.return_value = expected_value
res = self.api.post(_get_path(POLICY_TARGETS_URI, fmt=self.fmt),
self.serialize(data),
content_type='application/%s' % self.fmt)
self.instance.create_endpoint.assert_called_once_with(
mock.ANY, endpoint=default_data)
self.instance.create_policy_target.assert_called_once_with(
mock.ANY, policy_target=default_data)
self.assertEqual(exc.HTTPCreated.code, res.status_int)
res = self.deserialize(res)
self.assertIn('endpoint', res)
self.assertEqual(expected_value, res['endpoint'])
self.assertIn('policy_target', res)
self.assertEqual(expected_value, res['policy_target'])
def _get_create_endpoint_default_attrs(self):
def _get_create_policy_target_default_attrs(self):
return {'name': '', 'description': ''}
def _get_create_endpoint_attrs(self):
return {'name': 'ep1', 'endpoint_group_id': _uuid(),
'tenant_id': _uuid(), 'description': 'test endpoint'}
def _get_create_policy_target_attrs(self):
return {'name': 'ep1', 'policy_target_group_id': _uuid(),
'tenant_id': _uuid(), 'description': 'test policy_target'}
def _get_update_endpoint_attrs(self):
def _get_update_policy_target_attrs(self):
return {'name': 'new_name'}
def test_create_endpoint_with_defaults(self):
endpoint_id = _uuid()
data = {'endpoint': {'endpoint_group_id': _uuid(),
'tenant_id': _uuid()}}
default_attrs = self._get_create_endpoint_default_attrs()
def test_create_policy_target_with_defaults(self):
policy_target_id = _uuid()
data = {'policy_target': {'policy_target_group_id': _uuid(),
'tenant_id': _uuid()}}
default_attrs = self._get_create_policy_target_default_attrs()
default_data = copy.copy(data)
default_data['endpoint'].update(default_attrs)
expected_value = dict(default_data['endpoint'])
expected_value['id'] = endpoint_id
default_data['policy_target'].update(default_attrs)
expected_value = dict(default_data['policy_target'])
expected_value['id'] = policy_target_id
self._test_create_endpoint(data, expected_value, default_data)
self._test_create_policy_target(data, expected_value, default_data)
def test_create_endpoint(self):
endpoint_id = _uuid()
data = {'endpoint': self._get_create_endpoint_attrs()}
expected_value = dict(data['endpoint'])
expected_value['id'] = endpoint_id
def test_create_policy_target(self):
policy_target_id = _uuid()
data = {'policy_target': self._get_create_policy_target_attrs()}
expected_value = dict(data['policy_target'])
expected_value['id'] = policy_target_id
self._test_create_endpoint(data, expected_value)
self._test_create_policy_target(data, expected_value)
def test_list_endpoints(self):
endpoint_id = _uuid()
expected_value = [{'tenant_id': _uuid(), 'id': endpoint_id}]
def test_list_policy_targets(self):
policy_target_id = _uuid()
expected_value = [{'tenant_id': _uuid(), 'id': policy_target_id}]
self.instance.get_endpoints.return_value = expected_value
self.instance.get_policy_targets.return_value = expected_value
res = self.api.get(_get_path(ENDPOINTS_URI, fmt=self.fmt))
res = self.api.get(_get_path(POLICY_TARGETS_URI, fmt=self.fmt))
self.instance.get_endpoints.assert_called_once_with(
self.instance.get_policy_targets.assert_called_once_with(
mock.ANY, fields=mock.ANY, filters=mock.ANY)
self.assertEqual(exc.HTTPOk.code, res.status_int)
res = self.deserialize(res)
self.assertIn('endpoints', res)
self.assertEqual(expected_value, res['endpoints'])
self.assertIn('policy_targets', res)
self.assertEqual(expected_value, res['policy_targets'])
def test_get_endpoint(self):
endpoint_id = _uuid()
expected_value = {'tenant_id': _uuid(), 'id': endpoint_id}
def test_get_policy_target(self):
policy_target_id = _uuid()
expected_value = {'tenant_id': _uuid(), 'id': policy_target_id}
self.instance.get_endpoint.return_value = expected_value
self.instance.get_policy_target.return_value = expected_value
res = self.api.get(_get_path(ENDPOINTS_URI, id=endpoint_id,
res = self.api.get(_get_path(POLICY_TARGETS_URI, id=policy_target_id,
fmt=self.fmt))
self.instance.get_endpoint.assert_called_once_with(
mock.ANY, endpoint_id, fields=mock.ANY)
self.instance.get_policy_target.assert_called_once_with(
mock.ANY, policy_target_id, fields=mock.ANY)
self.assertEqual(exc.HTTPOk.code, res.status_int)
res = self.deserialize(res)
self.assertIn('endpoint', res)
self.assertEqual(expected_value, res['endpoint'])
self.assertIn('policy_target', res)
self.assertEqual(expected_value, res['policy_target'])
def test_update_endpoint(self):
endpoint_id = _uuid()
update_data = {'endpoint': self._get_update_endpoint_attrs()}
expected_value = {'tenant_id': _uuid(), 'id': endpoint_id}
def test_update_policy_target(self):
policy_target_id = _uuid()
update_data = {'policy_target': self._get_update_policy_target_attrs()}
expected_value = {'tenant_id': _uuid(), 'id': policy_target_id}
self.instance.update_endpoint.return_value = expected_value
self.instance.update_policy_target.return_value = expected_value
res = self.api.put(_get_path(ENDPOINTS_URI, id=endpoint_id,
res = self.api.put(_get_path(POLICY_TARGETS_URI, id=policy_target_id,
fmt=self.fmt),
self.serialize(update_data))
self.instance.update_endpoint.assert_called_once_with(
mock.ANY, endpoint_id, endpoint=update_data)
self.instance.update_policy_target.assert_called_once_with(
mock.ANY, policy_target_id, policy_target=update_data)
self.assertEqual(exc.HTTPOk.code, res.status_int)
res = self.deserialize(res)
self.assertIn('endpoint', res)
self.assertEqual(expected_value, res['endpoint'])
self.assertIn('policy_target', res)
self.assertEqual(expected_value, res['policy_target'])
def test_delete_endpoint(self):
self._test_entity_delete('endpoint')
def test_delete_policy_target(self):
self._test_entity_delete('policy_target')
def _test_create_endpoint_group(self, data, expected_value,
default_data=None):
def _test_create_policy_target_group(self, data, expected_value,
default_data=None):
if not default_data:
default_data = data
self.instance.create_endpoint_group.return_value = expected_value
res = self.api.post(_get_path(ENDPOINT_GROUPS_URI, fmt=self.fmt),
self.instance.create_policy_target_group.return_value = expected_value
res = self.api.post(_get_path(POLICY_TARGET_GROUPS_URI, fmt=self.fmt),
self.serialize(data),
content_type='application/%s' % self.fmt)
self.instance.create_endpoint_group.assert_called_once_with(
mock.ANY, endpoint_group=default_data)
self.instance.create_policy_target_group.assert_called_once_with(
mock.ANY, policy_target_group=default_data)
self.assertEqual(exc.HTTPCreated.code, res.status_int)
res = self.deserialize(res)
self.assertIn('endpoint_group', res)
self.assertEqual(expected_value, res['endpoint_group'])
self.assertIn('policy_target_group', res)
self.assertEqual(expected_value, res['policy_target_group'])
def _get_create_endpoint_group_default_attrs(self):
def _get_create_policy_target_group_default_attrs(self):
return {'name': '', 'description': '', 'l2_policy_id': None,
'provided_contracts': {}, 'consumed_contracts': {},
'provided_policy_rule_sets': {},
'consumed_policy_rule_sets': {},
'network_service_policy_id': None}
def _get_create_endpoint_group_attrs(self):
return {'name': 'epg1', 'tenant_id': _uuid(),
'description': 'test endpoint group', 'l2_policy_id': _uuid(),
'provided_contracts': {_uuid(): None},
'consumed_contracts': {_uuid(): None},
def _get_create_policy_target_group_attrs(self):
return {'name': 'ptg1', 'tenant_id': _uuid(),
'description': 'test policy_target group',
'l2_policy_id': _uuid(),
'provided_policy_rule_sets': {_uuid(): None},
'consumed_policy_rule_sets': {_uuid(): None},
'network_service_policy_id': _uuid()}
def _get_update_endpoint_group_attrs(self):
def _get_update_policy_target_group_attrs(self):
return {'name': 'new_name'}
def test_create_endpoint_group_with_defaults(self):
endpoint_group_id = _uuid()
data = {'endpoint_group': {'tenant_id': _uuid()}}
default_attrs = self._get_create_endpoint_group_default_attrs()
def test_create_policy_target_group_with_defaults(self):
policy_target_group_id = _uuid()
data = {'policy_target_group': {'tenant_id': _uuid()}}
default_attrs = self._get_create_policy_target_group_default_attrs()
default_data = copy.copy(data)
default_data['endpoint_group'].update(default_attrs)
expected_value = copy.deepcopy(default_data['endpoint_group'])
expected_value['id'] = endpoint_group_id
default_data['policy_target_group'].update(default_attrs)
expected_value = copy.deepcopy(default_data['policy_target_group'])
expected_value['id'] = policy_target_group_id
self._test_create_endpoint_group(data, expected_value, default_data)
self._test_create_policy_target_group(data, expected_value,
default_data)
def test_create_endpoint_group(self):
endpoint_group_id = _uuid()
data = {'endpoint_group': self._get_create_endpoint_group_attrs()}
expected_value = copy.deepcopy(data['endpoint_group'])
expected_value['id'] = endpoint_group_id
def test_create_policy_target_group(self):
policy_target_group_id = _uuid()
data = {'policy_target_group':
self._get_create_policy_target_group_attrs()}
expected_value = copy.deepcopy(data['policy_target_group'])
expected_value['id'] = policy_target_group_id
self._test_create_endpoint_group(data, expected_value)
self._test_create_policy_target_group(data, expected_value)
def test_list_endpoint_groups(self):
endpoint_group_id = _uuid()
expected_value = [{'tenant_id': _uuid(), 'id': endpoint_group_id}]
def test_list_policy_target_groups(self):
policy_target_group_id = _uuid()
expected_value = [{'tenant_id': _uuid(), 'id': policy_target_group_id}]
self.instance.get_endpoint_groups.return_value = expected_value
self.instance.get_policy_target_groups.return_value = expected_value
res = self.api.get(_get_path(ENDPOINT_GROUPS_URI, fmt=self.fmt))
res = self.api.get(_get_path(POLICY_TARGET_GROUPS_URI, fmt=self.fmt))
self.instance.get_endpoint_groups.assert_called_once_with(
self.instance.get_policy_target_groups.assert_called_once_with(
mock.ANY, fields=mock.ANY, filters=mock.ANY)
self.assertEqual(exc.HTTPOk.code, res.status_int)
res = self.deserialize(res)
self.assertIn('endpoint_groups', res)
self.assertEqual(expected_value, res['endpoint_groups'])
self.assertIn('policy_target_groups', res)
self.assertEqual(expected_value, res['policy_target_groups'])
def test_get_endpoint_group(self):
endpoint_group_id = _uuid()
expected_value = {'tenant_id': _uuid(), 'id': endpoint_group_id}
def test_get_policy_target_group(self):
policy_target_group_id = _uuid()
expected_value = {'tenant_id': _uuid(), 'id': policy_target_group_id}
self.instance.get_endpoint_group.return_value = expected_value
self.instance.get_policy_target_group.return_value = expected_value
res = self.api.get(_get_path(ENDPOINT_GROUPS_URI, id=endpoint_group_id,
res = self.api.get(_get_path(POLICY_TARGET_GROUPS_URI,
id=policy_target_group_id,
fmt=self.fmt))
self.instance.get_endpoint_group.assert_called_once_with(
mock.ANY, endpoint_group_id, fields=mock.ANY)
self.instance.get_policy_target_group.assert_called_once_with(
mock.ANY, policy_target_group_id, fields=mock.ANY)
self.assertEqual(exc.HTTPOk.code, res.status_int)
res = self.deserialize(res)
self.assertIn('endpoint_group', res)
self.assertEqual(expected_value, res['endpoint_group'])
self.assertIn('policy_target_group', res)
self.assertEqual(expected_value, res['policy_target_group'])
def test_update_endpoint_group(self):
endpoint_group_id = _uuid()
update_data = {'endpoint_group':
self._get_update_endpoint_group_attrs()}
expected_value = {'tenant_id': _uuid(), 'id': endpoint_group_id}
def test_update_policy_target_group(self):
policy_target_group_id = _uuid()
update_data = {'policy_target_group':
self._get_update_policy_target_group_attrs()}
expected_value = {'tenant_id': _uuid(), 'id': policy_target_group_id}
self.instance.update_endpoint_group.return_value = expected_value
self.instance.update_policy_target_group.return_value = expected_value
res = self.api.put(_get_path(ENDPOINT_GROUPS_URI,
id=endpoint_group_id, fmt=self.fmt),
res = self.api.put(_get_path(POLICY_TARGET_GROUPS_URI,
id=policy_target_group_id, fmt=self.fmt),
self.serialize(update_data))
self.instance.update_endpoint_group.assert_called_once_with(
mock.ANY, endpoint_group_id, endpoint_group=update_data)
self.instance.update_policy_target_group.assert_called_once_with(
mock.ANY, policy_target_group_id, policy_target_group=update_data)
self.assertEqual(exc.HTTPOk.code, res.status_int)
res = self.deserialize(res)
self.assertIn('endpoint_group', res)
self.assertEqual(expected_value, res['endpoint_group'])
self.assertIn('policy_target_group', res)
self.assertEqual(expected_value, res['policy_target_group'])
def test_delete_endpoint_group(self):
self._test_entity_delete('endpoint_group')
def test_delete_policy_target_group(self):
self._test_entity_delete('policy_target_group')
def _test_create_l2_policy(self, data, expected_value, default_data=None):
if not default_data:
@ -619,11 +625,8 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
res = self.api.get(_get_path(POLICY_CLASSIFIERS_URI, fmt=self.fmt))
instance.get_policy_classifiers.assert_called_once_with(mock.ANY,
fields=
mock.ANY,
filters=
mock.ANY)
instance.get_policy_classifiers.assert_called_once_with(
mock.ANY, fields=mock.ANY, filters=mock.ANY)
self.assertEqual(res.status_int, exc.HTTPOk.code)
def test_get_policy_classifier(self):
@ -781,113 +784,114 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
def test_delete_policy_rule(self):
self._test_entity_delete('policy_action')
def _test_create_contract(self, data, expected_value, default_data=None):
def _test_create_policy_rule_set(self, data, expected_value,
default_data=None):
if not default_data:
default_data = data
self.instance.create_contract.return_value = expected_value
res = self.api.post(_get_path(CONTRACTS_URI, fmt=self.fmt),
self.instance.create_policy_rule_set.return_value = expected_value
res = self.api.post(_get_path(POLICY_RULE_SETS_URI, fmt=self.fmt),
self.serialize(data),
content_type='application/%s' % self.fmt)
self.instance.create_contract.assert_called_once_with(
mock.ANY, contract=default_data)
self.instance.create_policy_rule_set.assert_called_once_with(
mock.ANY, policy_rule_set=default_data)
self.assertEqual(res.status_int, exc.HTTPCreated.code)
res = self.deserialize(res)
self.assertIn('contract', res)
self.assertEqual(expected_value, res['contract'])
self.assertIn('policy_rule_set', res)
self.assertEqual(expected_value, res['policy_rule_set'])
def _get_create_contract_default_attrs(self):
def _get_create_policy_rule_set_default_attrs(self):
return {'name': '',
'description': '',
'child_contracts': [],
'child_policy_rule_sets': [],
'policy_rules': []}
def _get_create_contract_attrs(self):
return {'name': 'contract1',
'description': 'test contract',
def _get_create_policy_rule_set_attrs(self):
return {'name': 'policy_rule_set1',
'description': 'test policy_rule_set',
'tenant_id': _uuid(),
'child_contracts': [_uuid()],
'child_policy_rule_sets': [_uuid()],
'policy_rules': [_uuid()]}
def _get_update_contract_attrs(self):
def _get_update_policy_rule_set_attrs(self):
return {'name': 'new_name'}
def test_create_contract_with_defaults(self):
contract_id = _uuid()
data = {'contract': {'tenant_id': _uuid()}}
default_attrs = self._get_create_contract_default_attrs()
def test_create_policy_rule_set_with_defaults(self):
policy_rule_set_id = _uuid()
data = {'policy_rule_set': {'tenant_id': _uuid()}}
default_attrs = self._get_create_policy_rule_set_default_attrs()
default_data = copy.copy(data)
default_data['contract'].update(default_attrs)
expected_value = dict(default_data['contract'])
expected_value['id'] = contract_id
default_data['policy_rule_set'].update(default_attrs)
expected_value = dict(default_data['policy_rule_set'])
expected_value['id'] = policy_rule_set_id
self._test_create_contract(data, expected_value, default_data)
self._test_create_policy_rule_set(data, expected_value, default_data)
def test_create_contract(self):
contract_id = _uuid()
data = {'contract':
self._get_create_contract_attrs()}
expected_value = dict(data['contract'])
expected_value['id'] = contract_id
def test_create_policy_rule_set(self):
policy_rule_set_id = _uuid()
data = {'policy_rule_set':
self._get_create_policy_rule_set_attrs()}
expected_value = dict(data['policy_rule_set'])
expected_value['id'] = policy_rule_set_id
self._test_create_contract(data, expected_value)
self._test_create_policy_rule_set(data, expected_value)
def test_list_contracts(self):
contract_id = _uuid()
def test_list_policy_rule_sets(self):
policy_rule_set_id = _uuid()
expected_value = [{'tenant_id': _uuid(),
'id': contract_id}]
'id': policy_rule_set_id}]
instance = self.plugin.return_value
instance.get_contracts.return_value = expected_value
instance.get_policy_rule_sets.return_value = expected_value
res = self.api.get(_get_path(CONTRACTS_URI, fmt=self.fmt))
res = self.api.get(_get_path(POLICY_RULE_SETS_URI, fmt=self.fmt))
instance.get_contracts.assert_called_once_with(mock.ANY,
fields=mock.ANY,
filters=mock.ANY)
instance.get_policy_rule_sets.assert_called_once_with(
mock.ANY, fields=mock.ANY, filters=mock.ANY)
self.assertEqual(res.status_int, exc.HTTPOk.code)
def test_get_contract(self):
contract_id = _uuid()
def test_get_policy_rule_set(self):
policy_rule_set_id = _uuid()
expected_value = {'tenant_id': _uuid(),
'id': contract_id}
'id': policy_rule_set_id}
instance = self.plugin.return_value
instance.get_contract.return_value = expected_value
instance.get_policy_rule_set.return_value = expected_value
res = self.api.get(_get_path(CONTRACTS_URI,
id=contract_id, fmt=self.fmt))
res = self.api.get(_get_path(POLICY_RULE_SETS_URI,
id=policy_rule_set_id, fmt=self.fmt))
instance.get_contract.assert_called_once_with(
mock.ANY, contract_id, fields=mock.ANY)
instance.get_policy_rule_set.assert_called_once_with(
mock.ANY, policy_rule_set_id, fields=mock.ANY)
self.assertEqual(res.status_int, exc.HTTPOk.code)
res = self.deserialize(res)
self.assertIn('contract', res)
self.assertEqual(expected_value, res['contract'])
self.assertIn('policy_rule_set', res)
self.assertEqual(expected_value, res['policy_rule_set'])
def test_update_contract(self):
contract_id = _uuid()
update_data = {'contract':
self._get_update_contract_attrs()}
def test_update_policy_rule_set(self):
policy_rule_set_id = _uuid()
update_data = {'policy_rule_set':
self._get_update_policy_rule_set_attrs()}
expected_value = {'tenant_id': _uuid(),
'id': contract_id}
'id': policy_rule_set_id}
instance = self.plugin.return_value
instance.update_contract.return_value = expected_value
instance.update_policy_rule_set.return_value = expected_value
res = self.api.put(_get_path(CONTRACTS_URI, id=contract_id,
res = self.api.put(_get_path(POLICY_RULE_SETS_URI,
id=policy_rule_set_id,
fmt=self.fmt),
self.serialize(update_data))
instance.update_contract.assert_called_once_with(
mock.ANY, contract_id, contract=update_data)
instance.update_policy_rule_set.assert_called_once_with(
mock.ANY, policy_rule_set_id, policy_rule_set=update_data)
self.assertEqual(res.status_int, exc.HTTPOk.code)
res = self.deserialize(res)
self.assertIn('contract', res)
self.assertEqual(expected_value, res['contract'])
self.assertIn('policy_rule_set', res)
self.assertEqual(expected_value, res['policy_rule_set'])
def test_delete_contract(self):
self._test_entity_delete('contract')
def test_delete_policy_rule_set(self):
self._test_entity_delete('policy_rule_set')
def _test_create_network_service_policy(
self, data, expected_value, default_data=None):

28
gbp/neutron/tests/unit/test_extension_group_policy_mapping.py
View File

@ -27,10 +27,10 @@ class GroupPolicyMappingExtTestCase(tgp.GroupPolicyExtensionTestCase):
super(tgp.GroupPolicyExtensionTestCase, self).setUp()
attr_map = gp.RESOURCE_ATTRIBUTE_MAP
attr_map[gp.ENDPOINTS].update(
gpm.EXTENDED_ATTRIBUTES_2_0[gp.ENDPOINTS])
attr_map[gp.ENDPOINT_GROUPS].update(
gpm.EXTENDED_ATTRIBUTES_2_0[gp.ENDPOINT_GROUPS])
attr_map[gp.POLICY_TARGETS].update(
gpm.EXTENDED_ATTRIBUTES_2_0[gp.POLICY_TARGETS])
attr_map[gp.POLICY_TARGET_GROUPS].update(
gpm.EXTENDED_ATTRIBUTES_2_0[gp.POLICY_TARGET_GROUPS])
attr_map[gp.L2_POLICIES].update(
gpm.EXTENDED_ATTRIBUTES_2_0[gp.L2_POLICIES])
attr_map[gp.L3_POLICIES].update(
@ -48,33 +48,33 @@ class GroupPolicyMappingExtTestCase(tgp.GroupPolicyExtensionTestCase):
def _restore_gp_attr_map(self):
gp.RESOURCE_ATTRIBUTE_MAP = self._saved_gp_attr_map
def _get_create_endpoint_default_attrs(self):
def _get_create_policy_target_default_attrs(self):
attrs = (super(GroupPolicyMappingExtTestCase, self).
_get_create_endpoint_default_attrs())
_get_create_policy_target_default_attrs())
attrs.update({'port_id': None})
return attrs
def _get_create_endpoint_attrs(self):
def _get_create_policy_target_attrs(self):
attrs = (super(GroupPolicyMappingExtTestCase, self).
_get_create_endpoint_attrs())
_get_create_policy_target_attrs())
attrs.update({'port_id': tgp._uuid()})
return attrs
def _get_create_endpoint_group_default_attrs(self):
def _get_create_policy_target_group_default_attrs(self):
attrs = (super(GroupPolicyMappingExtTestCase, self).
_get_create_endpoint_group_default_attrs())
_get_create_policy_target_group_default_attrs())
attrs.update({'subnets': []})
return attrs
def _get_create_endpoint_group_attrs(self):
def _get_create_policy_target_group_attrs(self):
attrs = (super(GroupPolicyMappingExtTestCase, self).
_get_create_endpoint_group_attrs())
_get_create_policy_target_group_attrs())
attrs.update({'subnets': [tgp._uuid()]})
return attrs
def _get_update_endpoint_group_attrs(self):
def _get_update_policy_target_group_attrs(self):
attrs = (super(GroupPolicyMappingExtTestCase, self).
_get_update_endpoint_group_attrs())
_get_update_policy_target_group_attrs())
attrs.update({'subnets': [tgp._uuid()]})
return attrs

32
gbp/neutron/tests/unit/test_extension_servicechain.py
View File

@ -87,9 +87,9 @@ class ServiceChainExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
servicechain_node_id = _uuid()
data = {
'servicechain_node': {
'service_type': 'FIREWALL',
'tenant_id': _uuid(),
'config': 'test_config'
'service_type': 'FIREWALL',
'tenant_id': _uuid(),
'config': 'test_config'
}
}
default_attrs = self._get_create_servicechain_node_default_attrs()
@ -127,8 +127,7 @@ class ServiceChainExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
def test_get_servicechain_node(self):
servicechain_node_id = _uuid()
expected_value = {
'tenant_id': _uuid(), 'id': servicechain_node_id
}
'tenant_id': _uuid(), 'id': servicechain_node_id}
self.instance.get_servicechain_node.return_value = expected_value
res = self.api.get(_get_path(SERVICECHAIN_NODES_URI,
@ -207,8 +206,7 @@ class ServiceChainExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
servicechain_spec_id = _uuid()
data = {
'servicechain_spec': {
'nodes': [_uuid(), _uuid()],
'tenant_id': _uuid()
'nodes': [_uuid(), _uuid()], 'tenant_id': _uuid()
}
}
default_attrs = self._get_create_servicechain_spec_default_attrs()
@ -287,7 +285,7 @@ class ServiceChainExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
if not default_data:
default_data = data
self.instance.create_servicechain_instance.return_value = (
expected_value)
expected_value)
res = self.api.post(_get_path(SERVICECHAIN_INSTANCES_URI,
fmt=self.fmt),
self.serialize(data),
@ -308,8 +306,8 @@ class ServiceChainExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
'name': 'servicechaininstance1',
'servicechain_spec': _uuid(),
'tenant_id': _uuid(),
'provider_epg': _uuid(),
'consumer_epg': _uuid(),
'provider_ptg': _uuid(),
'consumer_ptg': _uuid(),
'classifier': _uuid(),
'config_param_values': "{}",
'description': 'test servicechain instance'
@ -325,12 +323,12 @@ class ServiceChainExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
servicechain_instance_id = _uuid()
data = {
'servicechain_instance': {
'servicechain_spec': _uuid(),
'tenant_id': _uuid(),
'provider_epg': _uuid(),
'consumer_epg': _uuid(),
'classifier': _uuid()
}
'servicechain_spec': _uuid(),
'tenant_id': _uuid(),
'provider_ptg': _uuid(),
'consumer_ptg': _uuid(),
'classifier': _uuid()
}
}
default_attrs = self._get_create_servicechain_instance_default_attrs()
default_data = copy.copy(data)
@ -387,7 +385,7 @@ class ServiceChainExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
self._get_update_servicechain_instance_attrs()}
expected_value = {'tenant_id': _uuid(), 'id': servicechain_instance_id}
self.instance.update_servicechain_instance.return_value = (
expected_value)
expected_value)
res = self.api.put(_get_path(SERVICECHAIN_INSTANCES_URI,
id=servicechain_instance_id,