def attach_vpn_gateway(context, vpc_id, vpn_gateway_id):
vpn_gateway = ec2utils.get_db_item(context, vpn_gateway_id)
vpc = ec2utils.get_db_item(context, vpc_id)
if vpn_gateway["vpc_id"] and vpn_gateway["vpc_id"] != vpc["id"]:
raise exception.VpnGatewayAttachmentLimitExceeded()
attached_vgw = ec2utils.get_attached_gateway(context, vpc["id"], "vgw")
if attached_vgw and attached_vgw["id"] != vpn_gateway["id"]:
raise exception.InvalidVpcState(vpc_id=vpc["id"], vgw_id=attached_vgw["id"])
subnets = [subnet for subnet in db_api.get_items(context, "subnet") if subnet["vpc_id"] == vpc["id"]]
if not vpn_gateway["vpc_id"]:
external_network_id = None
if not ec2utils.get_attached_gateway(context, vpc["id"], "igw"):
external_network_id = ec2utils.get_os_public_network(context)["id"]
neutron = clients.neutron(context)
with common.OnCrashCleaner() as cleaner:
_attach_vpn_gateway_item(context, vpn_gateway, vpc["id"])
cleaner.addCleanup(_detach_vpn_gateway_item, context, vpn_gateway)
if external_network_id:
neutron.add_gateway_router(vpc["os_id"], {"network_id": external_network_id})
cleaner.addCleanup(neutron.remove_gateway_router, vpc["os_id"])
for subnet in subnets:
_create_subnet_vpnservice(context, neutron, cleaner, subnet, vpc)
vpn_connection_api._reset_vpn_connections(context, neutron, cleaner, vpn_gateway, subnets=subnets)
return {"attachment": _format_attachment(vpn_gateway)}
def attach_vpn_gateway(context, vpc_id, vpn_gateway_id):
vpn_gateway = ec2utils.get_db_item(context, vpn_gateway_id)
vpc = ec2utils.get_db_item(context, vpc_id)
if vpn_gateway['vpc_id'] and vpn_gateway['vpc_id'] != vpc['id']:
raise exception.VpnGatewayAttachmentLimitExceeded()
attached_vgw = ec2utils.get_attached_gateway(context, vpc['id'], 'vgw')
if attached_vgw and attached_vgw['id'] != vpn_gateway['id']:
raise exception.InvalidVpcState(vpc_id=vpc['id'],
vgw_id=attached_vgw['id'])
subnets = [subnet for subnet in db_api.get_items(context, 'subnet')
if subnet['vpc_id'] == vpc['id']]
if not vpn_gateway['vpc_id']:
external_network_id = None
if not ec2utils.get_attached_gateway(context, vpc['id'], 'igw'):
external_network_id = ec2utils.get_os_public_network(context)['id']
neutron = clients.neutron(context)
with common.OnCrashCleaner() as cleaner:
_attach_vpn_gateway_item(context, vpn_gateway, vpc['id'])
cleaner.addCleanup(_detach_vpn_gateway_item, context, vpn_gateway)
if external_network_id:
neutron.add_gateway_router(vpc['os_id'],
{'network_id': external_network_id})
cleaner.addCleanup(neutron.remove_gateway_router, vpc['os_id'])
for subnet in subnets:
_create_subnet_vpnservice(context, neutron, cleaner,
subnet, vpc)
vpn_connection_api._reset_vpn_connections(
context, neutron, cleaner, vpn_gateway, subnets=subnets)
return {'attachment': _format_attachment(vpn_gateway)}
def _start_vpn_in_subnet(context, neutron, cleaner, subnet, vpc, route_table):
vpn_gateway = ec2utils.get_attached_gateway(context, vpc["id"], "vgw")
if not vpn_gateway:
return
_create_subnet_vpnservice(context, neutron, cleaner, subnet, vpc)
vpn_connection_api._reset_vpn_connections(
context, neutron, cleaner, vpn_gateway, subnets=[subnet], route_tables=[route_table]
)
def _start_vpn_in_subnet(context, neutron, cleaner, subnet, vpc, route_table):
vpn_gateway = ec2utils.get_attached_gateway(context, vpc['id'], 'vgw')
if not vpn_gateway:
return
_create_subnet_vpnservice(context, neutron, cleaner, subnet, vpc)
vpn_connection_api._reset_vpn_connections(context, neutron, cleaner,
vpn_gateway, subnets=[subnet],
route_tables=[route_table])
def test_reset_vpn_connections(self, get_route_table_vpn_cidrs,
set_subnet_vpn, delete_subnet_vpn):
context = base.create_context()
cleaner = common.OnCrashCleaner()
vpn_gateway_3 = {'id': fakes.random_ec2_id('vpn'),
'os_id': None,
'vpc_id': None}
vpn_connection_api._reset_vpn_connections(
context, self.neutron, cleaner, vpn_gateway_3)
self.assertEqual(0, len(self.db_api.mock_calls))
self.assertFalse(get_route_table_vpn_cidrs.called)
self.assertFalse(set_subnet_vpn.called)
self.assertFalse(delete_subnet_vpn.called)
customer_gateway_3 = {'id': fakes.random_ec2_id('cgw')}
subnet_3 = {'id': fakes.random_ec2_id('subnet'),
'vpc_id': fakes.ID_EC2_VPC_2}
vpn_connection_3 = {'id': fakes.random_ec2_id('vpn'),
'vpn_gateway_id': fakes.ID_EC2_VPN_GATEWAY_1,
'customer_gateway_id': customer_gateway_3['id'],
'cidrs': []}
self.set_mock_db_items(
fakes.DB_VPC_1, fakes.DB_VPC_2,
fakes.DB_CUSTOMER_GATEWAY_1, fakes.DB_CUSTOMER_GATEWAY_2,
customer_gateway_3,
fakes.DB_SUBNET_1, fakes.DB_SUBNET_2, subnet_3,
fakes.DB_ROUTE_TABLE_1, fakes.DB_ROUTE_TABLE_2,
fakes.DB_ROUTE_TABLE_3,
fakes.DB_VPN_CONNECTION_1, fakes.DB_VPN_CONNECTION_2,
vpn_connection_3)
# common case
vpn_connection_api._reset_vpn_connections(
context, self.neutron, cleaner, fakes.DB_VPN_GATEWAY_1)
self.assertEqual(2, set_subnet_vpn.call_count)
set_subnet_vpn.assert_any_call(
context, self.neutron, cleaner, fakes.DB_SUBNET_2,
fakes.DB_VPN_CONNECTION_1, fakes.DB_CUSTOMER_GATEWAY_1,
[fakes.CIDR_VPN_1_STATIC])
set_subnet_vpn.assert_any_call(
context, self.neutron, cleaner, fakes.DB_SUBNET_2,
vpn_connection_3, customer_gateway_3,
[fakes.CIDR_VPN_1_STATIC])
self.assertEqual(2, delete_subnet_vpn.call_count)
delete_subnet_vpn.assert_any_call(
context, self.neutron, cleaner, fakes.DB_SUBNET_1,
fakes.DB_VPN_CONNECTION_1)
delete_subnet_vpn.assert_any_call(
context, self.neutron, cleaner, fakes.DB_SUBNET_1,
vpn_connection_3)
self.assertEqual(2, get_route_table_vpn_cidrs.call_count)
get_route_table_vpn_cidrs.assert_any_call(
fakes.DB_ROUTE_TABLE_1, fakes.DB_VPN_GATEWAY_1,
[fakes.DB_VPN_CONNECTION_1, vpn_connection_3])
get_route_table_vpn_cidrs.assert_any_call(
fakes.DB_ROUTE_TABLE_3, fakes.DB_VPN_GATEWAY_1,
[fakes.DB_VPN_CONNECTION_1, vpn_connection_3])
# reset for the vpn connection
set_subnet_vpn.reset_mock()
delete_subnet_vpn.reset_mock()
self.db_api.reset_mock()
get_route_table_vpn_cidrs.reset_mock()
vpn_connection_api._reset_vpn_connections(
context, self.neutron, cleaner, fakes.DB_VPN_GATEWAY_1,
vpn_connections=[fakes.DB_VPN_CONNECTION_1])
self.assertEqual(1, set_subnet_vpn.call_count)
self.assertEqual(1, delete_subnet_vpn.call_count)
self.assertNotIn(mock.call(mock.ANY, 'vpn'),
self.db_api.get_items.mock_calls)
# reset for the subnet list
set_subnet_vpn.reset_mock()
delete_subnet_vpn.reset_mock()
self.db_api.reset_mock()
get_route_table_vpn_cidrs.reset_mock()
vpn_connection_api._reset_vpn_connections(
context, self.neutron, cleaner, fakes.DB_VPN_GATEWAY_1,
subnets=[fakes.DB_SUBNET_1])
self.assertFalse(set_subnet_vpn.called)
self.assertEqual(2, delete_subnet_vpn.call_count)
self.assertNotIn(mock.call(mock.ANY, 'subnets'),
self.db_api.get_items.mock_calls)
# reset for the subnet list and the route table
set_subnet_vpn.reset_mock()
delete_subnet_vpn.reset_mock()
self.db_api.reset_mock()
get_route_table_vpn_cidrs.reset_mock()
vpn_connection_api._reset_vpn_connections(
context, self.neutron, cleaner, fakes.DB_VPN_GATEWAY_1,
subnets=[fakes.DB_SUBNET_2], route_tables=[fakes.DB_ROUTE_TABLE_3])
self.assertEqual(2, set_subnet_vpn.call_count)
self.assertFalse(delete_subnet_vpn.called)
self.assertNotIn(mock.call(mock.ANY, 'subnets'),
self.db_api.get_items.mock_calls)
self.assertNotIn(mock.call(mock.ANY, 'rtb'),
self.db_api.get_items.mock_calls)
def test_reset_vpn_connections(self, get_route_table_vpn_cidrs,
set_subnet_vpn, delete_subnet_vpn):
context = base.create_context()
cleaner = common.OnCrashCleaner()
vpn_gateway_3 = {
'id': fakes.random_ec2_id('vpn'),
'os_id': None,
'vpc_id': None
}
vpn_connection_api._reset_vpn_connections(context, self.neutron,
cleaner, vpn_gateway_3)
self.assertEqual(0, len(self.db_api.mock_calls))
self.assertFalse(get_route_table_vpn_cidrs.called)
self.assertFalse(set_subnet_vpn.called)
self.assertFalse(delete_subnet_vpn.called)
customer_gateway_3 = {'id': fakes.random_ec2_id('cgw')}
subnet_3 = {
'id': fakes.random_ec2_id('subnet'),
'vpc_id': fakes.ID_EC2_VPC_2
}
vpn_connection_3 = {
'id': fakes.random_ec2_id('vpn'),
'vpn_gateway_id': fakes.ID_EC2_VPN_GATEWAY_1,
'customer_gateway_id': customer_gateway_3['id'],
'cidrs': []
}
self.set_mock_db_items(fakes.DB_VPC_1, fakes.DB_VPC_2,
fakes.DB_CUSTOMER_GATEWAY_1,
fakes.DB_CUSTOMER_GATEWAY_2, customer_gateway_3,
fakes.DB_SUBNET_1, fakes.DB_SUBNET_2, subnet_3,
fakes.DB_ROUTE_TABLE_1, fakes.DB_ROUTE_TABLE_2,
fakes.DB_ROUTE_TABLE_3,
fakes.DB_VPN_CONNECTION_1,
fakes.DB_VPN_CONNECTION_2, vpn_connection_3)
# common case
vpn_connection_api._reset_vpn_connections(context, self.neutron,
cleaner,
fakes.DB_VPN_GATEWAY_1)
self.assertEqual(2, set_subnet_vpn.call_count)
set_subnet_vpn.assert_any_call(context, self.neutron, cleaner,
fakes.DB_SUBNET_2,
fakes.DB_VPN_CONNECTION_1,
fakes.DB_CUSTOMER_GATEWAY_1,
[fakes.CIDR_VPN_1_STATIC])
set_subnet_vpn.assert_any_call(context, self.neutron, cleaner,
fakes.DB_SUBNET_2, vpn_connection_3,
customer_gateway_3,
[fakes.CIDR_VPN_1_STATIC])
self.assertEqual(2, delete_subnet_vpn.call_count)
delete_subnet_vpn.assert_any_call(context, self.neutron, cleaner,
fakes.DB_SUBNET_1,
fakes.DB_VPN_CONNECTION_1)
delete_subnet_vpn.assert_any_call(context, self.neutron, cleaner,
fakes.DB_SUBNET_1, vpn_connection_3)
self.assertEqual(2, get_route_table_vpn_cidrs.call_count)
get_route_table_vpn_cidrs.assert_any_call(
fakes.DB_ROUTE_TABLE_1, fakes.DB_VPN_GATEWAY_1,
[fakes.DB_VPN_CONNECTION_1, vpn_connection_3])
get_route_table_vpn_cidrs.assert_any_call(
fakes.DB_ROUTE_TABLE_3, fakes.DB_VPN_GATEWAY_1,
[fakes.DB_VPN_CONNECTION_1, vpn_connection_3])
# reset for the vpn connection
set_subnet_vpn.reset_mock()
delete_subnet_vpn.reset_mock()
self.db_api.reset_mock()
get_route_table_vpn_cidrs.reset_mock()
vpn_connection_api._reset_vpn_connections(
context,
self.neutron,
cleaner,
fakes.DB_VPN_GATEWAY_1,
vpn_connections=[fakes.DB_VPN_CONNECTION_1])
self.assertEqual(1, set_subnet_vpn.call_count)
self.assertEqual(1, delete_subnet_vpn.call_count)
self.assertNotIn(mock.call(mock.ANY, 'vpn'),
self.db_api.get_items.mock_calls)
# reset for the subnet list
set_subnet_vpn.reset_mock()
delete_subnet_vpn.reset_mock()
self.db_api.reset_mock()
get_route_table_vpn_cidrs.reset_mock()
vpn_connection_api._reset_vpn_connections(context,
self.neutron,
cleaner,
fakes.DB_VPN_GATEWAY_1,
subnets=[fakes.DB_SUBNET_1])
self.assertFalse(set_subnet_vpn.called)
self.assertEqual(2, delete_subnet_vpn.call_count)
self.assertNotIn(mock.call(mock.ANY, 'subnets'),
self.db_api.get_items.mock_calls)
# reset for the subnet list and the route table
set_subnet_vpn.reset_mock()
delete_subnet_vpn.reset_mock()
self.db_api.reset_mock()
get_route_table_vpn_cidrs.reset_mock()
vpn_connection_api._reset_vpn_connections(
context,
self.neutron,
cleaner,
fakes.DB_VPN_GATEWAY_1,
subnets=[fakes.DB_SUBNET_2],
route_tables=[fakes.DB_ROUTE_TABLE_3])
self.assertEqual(2, set_subnet_vpn.call_count)
self.assertFalse(delete_subnet_vpn.called)
self.assertNotIn(mock.call(mock.ANY, 'subnets'),
self.db_api.get_items.mock_calls)
self.assertNotIn(mock.call(mock.ANY, 'rtb'),
self.db_api.get_items.mock_calls)
