Enforce parent redirect in all update scenarios
1) Fixes Parent redirect enforcement when Parent ruleset is created after the child ruleset is asoociated with PTGs 2) Fixes child ruleset add/delete on parent ruleset update Change-Id: I2771d6ce2fc3dcac3e9ec3f7a9556933cd9aae48 Closes-bug: 1407636
This commit is contained in:
parent
588983f476
commit
cf2b00324d
|
@ -752,6 +752,8 @@ class ResourceMappingDriver(api.PolicyDriver):
|
|||
if context.current['child_policy_rule_sets']:
|
||||
self._recompute_policy_rule_sets(
|
||||
context, context.current['child_policy_rule_sets'])
|
||||
self._handle_redirect_action(
|
||||
context, context.current['child_policy_rule_sets'])
|
||||
|
||||
@log.log
|
||||
def update_policy_rule_set_precommit(self, context):
|
||||
|
@ -777,7 +779,17 @@ class ResourceMappingDriver(api.PolicyDriver):
|
|||
to_recompute = (set(context.original['child_policy_rule_sets']) &
|
||||
set(context.current['child_policy_rule_sets']))
|
||||
self._recompute_policy_rule_sets(context, to_recompute)
|
||||
# Handle any Redirects from the current Policy Rule Set
|
||||
self._handle_redirect_action(context, [context.current['id']])
|
||||
# Handle Update/Delete of Redirects for any child Rule Sets
|
||||
if (set(context.original['child_policy_rule_sets']) !=
|
||||
set(context.current['child_policy_rule_sets'])):
|
||||
if context.original['child_policy_rule_sets']:
|
||||
self._handle_redirect_action(
|
||||
context, context.original['child_policy_rule_sets'])
|
||||
if context.current['child_policy_rule_sets']:
|
||||
self._handle_redirect_action(
|
||||
context, context.current['child_policy_rule_sets'])
|
||||
|
||||
@log.log
|
||||
def delete_policy_rule_set_precommit(self, context):
|
||||
|
@ -800,6 +812,9 @@ class ResourceMappingDriver(api.PolicyDriver):
|
|||
# Delete SGs
|
||||
for sg in sg_list:
|
||||
self._delete_sg(context._plugin_context, sg)
|
||||
if context.current['child_policy_rule_sets']:
|
||||
self._handle_redirect_action(
|
||||
context, context.current['child_policy_rule_sets'])
|
||||
|
||||
@log.log
|
||||
def delete_network_service_policy_postcommit(self, context):
|
||||
|
|
|
@ -1423,7 +1423,11 @@ class TestPolicyRuleSet(ResourceMappingTestCase):
|
|||
consumer_ptg_id, scs_id_list):
|
||||
self.assertEqual(sc_instance['provider_ptg_id'], provider_ptg_id)
|
||||
self.assertEqual(sc_instance['consumer_ptg_id'], consumer_ptg_id)
|
||||
self.assertEqual(scs_id_list, sc_instance['servicechain_specs'])
|
||||
# REVISIT(Magesh): List api for chain instance retrieves specs in
|
||||
# different order. Functionally the order is fine on create/update
|
||||
# and verified on devstack.
|
||||
self.assertEqual(set(scs_id_list),
|
||||
set(sc_instance['servicechain_specs']))
|
||||
|
||||
def test_redirect_to_chain(self):
|
||||
scs_id = self._create_servicechain_spec()
|
||||
|
@ -1824,6 +1828,153 @@ class TestPolicyRuleSet(ResourceMappingTestCase):
|
|||
sc_instances = self.deserialize(self.fmt, res)
|
||||
self.assertEqual(len(sc_instances['servicechain_instances']), 0)
|
||||
|
||||
def test_enforce_parent_redirect_after_ptg_create(self):
|
||||
scs_id = self._create_servicechain_spec()
|
||||
_, classifier_id, policy_rule_id = self._create_tcp_redirect_rule(
|
||||
"20:90", scs_id)
|
||||
|
||||
child_prs = self.create_policy_rule_set(
|
||||
name="prs", policy_rules=[policy_rule_id])
|
||||
child_prs_id = child_prs['policy_rule_set']['id']
|
||||
|
||||
self._verify_prs_rules(child_prs_id)
|
||||
|
||||
provider_ptg = self.create_policy_target_group(
|
||||
name="ptg1", provided_policy_rule_sets={child_prs_id: None})
|
||||
provider_ptg_id = provider_ptg['policy_target_group']['id']
|
||||
consumer_ptg = self.create_policy_target_group(
|
||||
name="ptg2",
|
||||
consumed_policy_rule_sets={child_prs_id: None})
|
||||
consumer_ptg_id = consumer_ptg['policy_target_group']['id']
|
||||
|
||||
self._verify_prs_rules(child_prs_id)
|
||||
sc_node_list_req = self.new_list_request(SERVICECHAIN_INSTANCES)
|
||||
res = sc_node_list_req.get_response(self.ext_api)
|
||||
sc_instances = self.deserialize(self.fmt, res)
|
||||
# We should have one service chain instance created now
|
||||
self.assertEqual(len(sc_instances['servicechain_instances']), 1)
|
||||
sc_instance = sc_instances['servicechain_instances'][0]
|
||||
self.assertEqual(sc_instance['provider_ptg_id'], provider_ptg_id)
|
||||
self.assertEqual(sc_instance['consumer_ptg_id'], consumer_ptg_id)
|
||||
self.assertEqual(sc_instance['classifier_id'], classifier_id)
|
||||
self.assertEqual(len(sc_instance['servicechain_specs']), 1)
|
||||
|
||||
parent_scs_id = self._create_servicechain_spec(node_types='FIREWALL')
|
||||
parent_action = self.create_policy_action(
|
||||
name="action2", action_type=gconst.GP_ACTION_REDIRECT,
|
||||
action_value=parent_scs_id)
|
||||
parent_action_id = parent_action['policy_action']['id']
|
||||
parent_policy_rule = self.create_policy_rule(
|
||||
name='pr1', policy_classifier_id=classifier_id,
|
||||
policy_actions=[parent_action_id])
|
||||
parent_policy_rule_id = parent_policy_rule['policy_rule']['id']
|
||||
|
||||
parent_prs = self.create_policy_rule_set(
|
||||
name="c1", policy_rules=[parent_policy_rule_id],
|
||||
child_policy_rule_sets=[child_prs_id])
|
||||
parent_prs_id = parent_prs['policy_rule_set']['id']
|
||||
|
||||
self._verify_prs_rules(child_prs_id)
|
||||
sc_node_list_req = self.new_list_request(SERVICECHAIN_INSTANCES)
|
||||
res = sc_node_list_req.get_response(self.ext_api)
|
||||
sc_instances = self.deserialize(self.fmt, res)
|
||||
# We should have a new service chain instance created now from both
|
||||
# parent and child specs
|
||||
self.assertEqual(len(sc_instances['servicechain_instances']), 1)
|
||||
sc_instance = sc_instances['servicechain_instances'][0]
|
||||
self._assert_proper_chain_instance(sc_instance, provider_ptg_id,
|
||||
consumer_ptg_id,
|
||||
[parent_scs_id, scs_id])
|
||||
|
||||
# Delete parent ruleset and verify that the parent spec association
|
||||
# is removed from servicechain instance
|
||||
self.delete_policy_rule_set(
|
||||
parent_prs_id, expected_res_status=webob.exc.HTTPNoContent.code)
|
||||
self._verify_prs_rules(child_prs_id)
|
||||
sc_node_list_req = self.new_list_request(SERVICECHAIN_INSTANCES)
|
||||
res = sc_node_list_req.get_response(self.ext_api)
|
||||
sc_instances = self.deserialize(self.fmt, res)
|
||||
self.assertEqual(len(sc_instances['servicechain_instances']), 1)
|
||||
sc_instance = sc_instances['servicechain_instances'][0]
|
||||
self._assert_proper_chain_instance(sc_instance, provider_ptg_id,
|
||||
consumer_ptg_id, [scs_id])
|
||||
|
||||
req = self.new_delete_request(
|
||||
'policy_target_groups', consumer_ptg_id)
|
||||
res = req.get_response(self.ext_api)
|
||||
self.assertEqual(res.status_int, webob.exc.HTTPNoContent.code)
|
||||
sc_node_list_req = self.new_list_request(SERVICECHAIN_INSTANCES)
|
||||
res = sc_node_list_req.get_response(self.ext_api)
|
||||
sc_instances = self.deserialize(self.fmt, res)
|
||||
self.assertEqual(len(sc_instances['servicechain_instances']), 0)
|
||||
|
||||
def test_parent_ruleset_update_for_redirect(self):
|
||||
scs_id = self._create_servicechain_spec()
|
||||
_, classifier_id, policy_rule_id = self._create_tcp_redirect_rule(
|
||||
"20:90", scs_id)
|
||||
|
||||
child_prs = self.create_policy_rule_set(
|
||||
name="prs", policy_rules=[policy_rule_id])
|
||||
child_prs_id = child_prs['policy_rule_set']['id']
|
||||
|
||||
self._verify_prs_rules(child_prs_id)
|
||||
|
||||
parent_scs_id = self._create_servicechain_spec(node_types='FIREWALL')
|
||||
parent_action = self.create_policy_action(
|
||||
name="action2", action_type=gconst.GP_ACTION_REDIRECT,
|
||||
action_value=parent_scs_id)
|
||||
parent_action_id = parent_action['policy_action']['id']
|
||||
parent_policy_rule = self.create_policy_rule(
|
||||
name='pr1', policy_classifier_id=classifier_id,
|
||||
policy_actions=[parent_action_id])
|
||||
parent_policy_rule_id = parent_policy_rule['policy_rule']['id']
|
||||
|
||||
parent_prs = self.create_policy_rule_set(
|
||||
name="c1", policy_rules=[parent_policy_rule_id])
|
||||
parent_prs_id = parent_prs['policy_rule_set']['id']
|
||||
|
||||
provider_ptg = self.create_policy_target_group(
|
||||
name="ptg1", provided_policy_rule_sets={child_prs_id: None})
|
||||
provider_ptg_id = provider_ptg['policy_target_group']['id']
|
||||
consumer_ptg = self.create_policy_target_group(
|
||||
name="ptg2",
|
||||
consumed_policy_rule_sets={child_prs_id: None})
|
||||
consumer_ptg_id = consumer_ptg['policy_target_group']['id']
|
||||
|
||||
self._verify_prs_rules(child_prs_id)
|
||||
sc_node_list_req = self.new_list_request(SERVICECHAIN_INSTANCES)
|
||||
res = sc_node_list_req.get_response(self.ext_api)
|
||||
sc_instances = self.deserialize(self.fmt, res)
|
||||
# We should have one service chain instance created now
|
||||
self.assertEqual(len(sc_instances['servicechain_instances']), 1)
|
||||
sc_instance = sc_instances['servicechain_instances'][0]
|
||||
self._assert_proper_chain_instance(sc_instance, provider_ptg_id,
|
||||
consumer_ptg_id, [scs_id])
|
||||
|
||||
self.update_policy_rule_set(parent_prs_id, expected_res_status=200,
|
||||
child_policy_rule_sets=[child_prs_id])
|
||||
|
||||
self._verify_prs_rules(child_prs_id)
|
||||
sc_node_list_req = self.new_list_request(SERVICECHAIN_INSTANCES)
|
||||
res = sc_node_list_req.get_response(self.ext_api)
|
||||
sc_instances = self.deserialize(self.fmt, res)
|
||||
# We should have a new service chain instance created now from both
|
||||
# parent and child specs
|
||||
self.assertEqual(len(sc_instances['servicechain_instances']), 1)
|
||||
sc_instance = sc_instances['servicechain_instances'][0]
|
||||
self._assert_proper_chain_instance(sc_instance, provider_ptg_id,
|
||||
consumer_ptg_id,
|
||||
[parent_scs_id, scs_id])
|
||||
|
||||
req = self.new_delete_request(
|
||||
'policy_target_groups', consumer_ptg_id)
|
||||
res = req.get_response(self.ext_api)
|
||||
self.assertEqual(res.status_int, webob.exc.HTTPNoContent.code)
|
||||
sc_node_list_req = self.new_list_request(SERVICECHAIN_INSTANCES)
|
||||
res = sc_node_list_req.get_response(self.ext_api)
|
||||
sc_instances = self.deserialize(self.fmt, res)
|
||||
self.assertEqual(len(sc_instances['servicechain_instances']), 0)
|
||||
|
||||
def test_shared_policy_rule_set_create_negative(self):
|
||||
self.create_policy_rule_set(shared=True,
|
||||
expected_res_status=400)
|
||||
|
|
Loading…
Reference in New Issue