def setup_conf():
ovs_conf.register_ovs_agent_opts(cfg.CONF)
lb_conf.register_linuxbridge_opts(cfg.CONF)
ml2_conf.register_ml2_plugin_opts(cfg.CONF)
securitygroups_rpc.register_securitygroups_opts(cfg.CONF)
dhcp_agent.register_options(cfg.CONF)
l3_hamode_db.register_db_l3_hamode_opts(cfg.CONF)
def setUp(self):
super(TestACLs, self).setUp()
self.driver = mock.Mock()
self.driver._nb_ovn = fakes.FakeOvsdbNbOvnIdl()
self.plugin = fakes.FakePlugin()
self.admin_context = mock.Mock()
self.fake_port = fakes.FakePort.create_one_port({
'id':
'fake_port_id1',
'network_id':
'network_id1',
'fixed_ips': [{
'subnet_id': 'subnet_id1',
'ip_address': '1.1.1.1'
}],
}).info()
self.fake_subnet = fakes.FakeSubnet.create_one_subnet({
'id':
'subnet_id1',
'ip_version':
4,
'cidr':
'1.1.1.0/24',
}).info()
mock_row_by_value = mock.patch.object(idlutils, 'row_by_value')
mock_row_by_value.start()
self.addCleanup(mock_row_by_value.stop)
mock_acl_columns_severity = mock.patch.object(
ovn_acl, '_acl_columns_name_severity_supported', return_value=True)
mock_acl_columns_severity.start()
self.addCleanup(mock_acl_columns_severity.stop)
securitygroups_rpc.register_securitygroups_opts()
def setup_conf():
ovs_conf.register_ovs_agent_opts(cfg.CONF)
lb_conf.register_linuxbridge_opts(cfg.CONF)
ml2_conf.register_ml2_plugin_opts(cfg.CONF)
securitygroups_rpc.register_securitygroups_opts(cfg.CONF)
dhcp_agent.register_options(cfg.CONF)
l3_hamode_db.register_db_l3_hamode_opts(cfg.CONF)
def setup_conf():
config.register_common_config_options()
ovs_conf.register_ovs_agent_opts(cfg.CONF)
lb_conf.register_linuxbridge_opts(cfg.CONF)
sriov_conf.register_agent_sriov_nic_opts(cfg.CONF)
ml2_conf.register_ml2_plugin_opts(cfg.CONF)
securitygroups_rpc.register_securitygroups_opts(cfg.CONF)
dhcp_agent.register_options(cfg.CONF)
l3_hamode_db.register_db_l3_hamode_opts(cfg.CONF)
common_config.register_core_common_config_opts(cfg.CONF)
def setUp(self):
super(TestOVSFirewallDriver, self).setUp()
mock_bridge = mock.patch.object(ovs_lib, 'OVSBridge',
autospec=True).start()
securitygroups_rpc.register_securitygroups_opts()
self.firewall = ovsfw.OVSFirewallDriver(mock_bridge)
self.mock_bridge = self.firewall.int_br
self.mock_bridge.reset_mock()
self.fake_ovs_port = FakeOVSPort('port', 1, '00:00:00:00:00:00')
self.mock_bridge.br.get_vif_port_by_id.return_value = \
self.fake_ovs_port
def setUp(self):
security_config.register_securitygroups_opts()
super(BaseFirewallTestCase, self).setUp()
self.tester, self.firewall = getattr(self, self.initialize)()
if self.firewall_name == "openvswitch":
self.assign_vlan_to_peers()
self.src_port_desc = self._create_port_description(
self.tester.vm_port_id, [self.tester.vm_ip_address],
self.tester.vm_mac_address, [self.FAKE_SECURITY_GROUP_ID])
# FIXME(jlibosva): We should consider to call prepare_port_filter with
# deferred bridge depending on its performance
self.firewall.prepare_port_filter(self.src_port_desc)
def setUp(self):
security_config.register_securitygroups_opts()
super(BaseFirewallTestCase, self).setUp()
self.tester, self.firewall = getattr(self, self.initialize)()
if self.firewall_name == "openvswitch":
self.assign_vlan_to_peers()
self.src_port_desc = self._create_port_description(
self.tester.vm_port_id,
[self.tester.vm_ip_address],
self.tester.vm_mac_address,
[self.FAKE_SECURITY_GROUP_ID])
# FIXME(jlibosva): We should consider to call prepare_port_filter with
# deferred bridge depending on its performance
self.firewall.prepare_port_filter(self.src_port_desc)
def register_securitygroups_opts(cfg):
# Mitaka compatibility
try:
from neutron.conf.agent import securitygroups_rpc
securitygroups_rpc.register_securitygroups_opts()
except ImportError:
security_group_opts = [
cfg.BoolOpt(
'enable_security_group', default=True,
help=_('Controls whether neutron security groups is enabled '
'Set it to false to disable security groups')), ]
# This can get loaded from other parts of Mitaka because other
# mechanism drivers respect this flag too
if not (hasattr(cfg.CONF, 'SECURITYGROUP') and
hasattr(cfg.CONF.SECURITYGROUP.enable_security_group)):
cfg.register_opts(security_group_opts, 'SECURITYGROUP')
def register_securitygroups_opts(cfg):
# Mitaka compatibility
try:
from neutron.conf.agent import securitygroups_rpc
securitygroups_rpc.register_securitygroups_opts()
except ImportError:
security_group_opts = [
cfg.BoolOpt(
'enable_security_group',
default=True,
help=_('Controls whether neutron security groups is enabled '
'Set it to false to disable security groups')),
]
# This can get loaded from other parts of Mitaka because other
# mechanism drivers respect this flag too
if not (hasattr(cfg.CONF, 'SECURITYGROUP')
and hasattr(cfg.CONF.SECURITYGROUP.enable_security_group)):
cfg.register_opts(security_group_opts, 'SECURITYGROUP')
def setUp(self):
super(TestCookieContext, self).setUp()
# Don't attempt to connect to ovsdb
mock.patch('neutron.agent.ovsdb.impl_idl.api_factory').start()
# Don't trigger iptables -> ovsfw migration
mock.patch('neutron.agent.linux.openvswitch_firewall.iptables.Helper'
).start()
self.execute = mock.patch.object(utils, "execute",
spec=utils.execute).start()
bridge = ovs_bridge.OVSAgentBridge('foo', os_ken_app=mock.Mock())
mock.patch.object(ovsfw.OVSFirewallDriver,
'initialize_bridge',
return_value=bridge.deferred(
full_ordered=True, use_bundle=True)).start()
securitygroups_rpc.register_securitygroups_opts()
self.firewall = ovsfw.OVSFirewallDriver(bridge)
# Remove calls from firewall initialization
self.execute.reset_mock()
import functools
from oslo_concurrency import lockutils
from oslo_config import cfg
from oslo_log import log as logging
import oslo_messaging
from neutron.agent import firewall
from neutron.common import constants as common_constants
from neutron.conf.agent import securitygroups_rpc as sc_cfg
LOG = logging.getLogger(__name__)
sc_cfg.register_securitygroups_opts()
def is_firewall_enabled():
return cfg.CONF.SECURITYGROUP.enable_security_group
def _disable_extension(extension, aliases):
if extension in aliases:
aliases.remove(extension)
def disable_security_group_extension_by_config(aliases):
if not is_firewall_enabled():
LOG.info('Disabled security-group extension.')
_disable_extension('security-group', aliases)
#
import functools
from oslo_config import cfg
from oslo_log import log as logging
import oslo_messaging
from neutron.agent import firewall
from neutron.conf.agent import securitygroups_rpc as sc_cfg
LOG = logging.getLogger(__name__)
sc_cfg.register_securitygroups_opts()
def is_firewall_enabled():
return cfg.CONF.SECURITYGROUP.enable_security_group
def _disable_extension(extension, aliases):
if extension in aliases:
aliases.remove(extension)
def disable_security_group_extension_by_config(aliases):
if not is_firewall_enabled():
LOG.info('Disabled security-group extension.')
_disable_extension('security-group', aliases)
