def _process_create_allowed_address_pairs(self, context, port, allowed_address_pairs): if not validators.is_attr_set(allowed_address_pairs): return [] try: with context.session.begin(subtransactions=True): for address_pair in allowed_address_pairs: # use port.mac_address if no mac address in address pair if 'mac_address' not in address_pair: address_pair['mac_address'] = port['mac_address'] # retain string format as passed through API mac_address = utils.AuthenticEUI( address_pair['mac_address']) ip_address = utils.AuthenticIPNetwork( address_pair['ip_address']) pair_obj = obj_addr_pair.AllowedAddressPair( context, port_id=port['id'], mac_address=mac_address, ip_address=ip_address) pair_obj.create() except obj_base.NeutronDbObjectDuplicateEntry: raise addr_pair.DuplicateAddressPairInRequest( mac_address=address_pair['mac_address'], ip_address=address_pair['ip_address']) return allowed_address_pairs
def _update_subnet_host_routes(self, context, id, s): def _combine(ht): return "{}_{}".format(ht['destination'], ht['nexthop']) old_route_list = self._get_route_by_subnet(context, id) new_route_set = set([_combine(route) for route in s['host_routes']]) old_route_set = set([_combine(route) for route in old_route_list]) for route_str in old_route_set - new_route_set: for route in old_route_list: if _combine(route) == route_str: route.delete() for route_str in new_route_set - old_route_set: route = subnet_obj.Route(context, destination=common_utils.AuthenticIPNetwork( route_str.partition("_")[0]), nexthop=netaddr.IPAddress(route_str.partition("_")[2]), subnet_id=id) route.create() # Gather host routes for result new_routes = [] for route_str in new_route_set: new_routes.append( {'destination': route_str.partition("_")[0], 'nexthop': route_str.partition("_")[2]}) del s["host_routes"] return new_routes
def _create_security_group_rule(self, context, security_group_rule, validate=True): if validate: sg_id = self._validate_security_group_rule(context, security_group_rule) rule_dict = security_group_rule['security_group_rule'] remote_ip_prefix = rule_dict.get('remote_ip_prefix') if remote_ip_prefix: remote_ip_prefix = utils.AuthenticIPNetwork(remote_ip_prefix) protocol = rule_dict.get('protocol') if protocol: # object expects strings only protocol = six.text_type(protocol) args = { 'id': (rule_dict.get('id') or uuidutils.generate_uuid()), 'project_id': rule_dict['tenant_id'], 'security_group_id': rule_dict['security_group_id'], 'direction': rule_dict['direction'], 'remote_group_id': rule_dict.get('remote_group_id'), 'ethertype': rule_dict['ethertype'], 'protocol': protocol, 'remote_ip_prefix': remote_ip_prefix, 'description': rule_dict.get('description'), } port_range_min = self._safe_int(rule_dict['port_range_min']) if port_range_min is not None: args['port_range_min'] = port_range_min port_range_max = self._safe_int(rule_dict['port_range_max']) if port_range_max is not None: args['port_range_max'] = port_range_max kwargs = { 'context': context, 'security_group_rule': args } self._registry_notify(resources.SECURITY_GROUP_RULE, events.BEFORE_CREATE, exc_cls=ext_sg.SecurityGroupConflict, **kwargs) with db_api.CONTEXT_WRITER.using(context): if validate: self._check_for_duplicate_rules(context, sg_id, [security_group_rule]) sg_rule = sg_obj.SecurityGroupRule(context, **args) sg_rule.create() # fetch sg_rule from db to load the sg rules with sg model # otherwise a DetachedInstanceError can occur for model extensions sg_rule = sg_obj.SecurityGroupRule.get_object(context, id=sg_rule.id) res_rule_dict = self._make_security_group_rule_dict(sg_rule.db_obj) kwargs['security_group_rule'] = res_rule_dict self._registry_notify( resources.SECURITY_GROUP_RULE, events.PRECOMMIT_CREATE, exc_cls=ext_sg.SecurityGroupConflict, **kwargs) return res_rule_dict
def test_add_and_remove_metering_label_rule_rpc_call(self): second_uuid = 'e27fe2df-376e-4ac7-ae13-92f050a21f84' expected_add = [{'status': 'ACTIVE', 'name': 'router1', 'gw_port_id': None, 'admin_state_up': True, 'distributed': False, 'tenant_id': self.tenant_id, '_metering_labels': [ {'rule': { 'remote_ip_prefix': utils.AuthenticIPNetwork( '10.0.0.0/24'), 'direction': 'ingress', 'metering_label_id': self.uuid, 'excluded': False, 'id': second_uuid}, 'id': self.uuid}], 'id': self.uuid}] expected_del = [{'status': 'ACTIVE', 'name': 'router1', 'gw_port_id': None, 'admin_state_up': True, 'distributed': False, 'tenant_id': self.tenant_id, '_metering_labels': [ {'rule': { 'remote_ip_prefix': utils.AuthenticIPNetwork( '10.0.0.0/24'), 'direction': 'ingress', 'metering_label_id': self.uuid, 'excluded': False, 'id': second_uuid}, 'id': self.uuid}], 'id': self.uuid}] with self.router(tenant_id=self.tenant_id, set_context=True): with self.metering_label(tenant_id=self.tenant_id, set_context=True) as label: la = label['metering_label'] self.mock_uuid.return_value = second_uuid with self.metering_label_rule(la['id']): self.mock_add_rule.assert_called_with(self.ctx, expected_add) self._delete('metering-label-rules', second_uuid) self.mock_remove_rule.assert_called_with(self.ctx, expected_del)
def _save_subnet(self, context, network, subnet_args, dns_nameservers, host_routes, subnet_request): self._validate_subnet_cidr(context, network, subnet_args['cidr']) self._validate_network_subnetpools(network, subnet_args['subnetpool_id'], subnet_args['ip_version']) service_types = subnet_args.pop('service_types', []) segment_id = subnet_args.get('segment_id') if segment_id: # TODO(slaweq): integrate check if segment exists in # self._validate_segment() method segment = network_obj.NetworkSegment.get_object(context, id=segment_id) if not segment: raise segment_exc.SegmentNotFound(segment_id=segment_id) subnet = subnet_obj.Subnet(context, **subnet_args) subnet.create() # TODO(slaweq): when check is segment exists will be integrated in # self._validate_segment() method, it should be moved to be done before # subnet object is created self._validate_segment(context, network['id'], segment_id) # NOTE(changzhi) Store DNS nameservers with order into DB one # by one when create subnet with DNS nameservers if validators.is_attr_set(dns_nameservers): for order, server in enumerate(dns_nameservers): dns = subnet_obj.DNSNameServer(context, address=server, order=order, subnet_id=subnet.id) dns.create() if validators.is_attr_set(host_routes): for rt in host_routes: route = subnet_obj.Route( context, subnet_id=subnet.id, destination=common_utils.AuthenticIPNetwork( rt['destination']), nexthop=netaddr.IPAddress(rt['nexthop'])) route.create() if validators.is_attr_set(service_types): for service_type in service_types: service_type_obj = subnet_obj.SubnetServiceType( context, subnet_id=subnet.id, service_type=service_type) service_type_obj.create() self.save_allocation_pools(context, subnet, subnet_request.allocation_pools) return subnet_obj.Subnet.get_object(context, id=subnet.id)
def modify_fields_from_db(cls, db_obj): result = super(RouterRoute, cls).modify_fields_from_db(db_obj) if 'destination' in result: result['destination'] = utils.AuthenticIPNetwork( result['destination']) if 'nexthop' in result: result['nexthop'] = netaddr.IPAddress(result['nexthop']) return result
def _subnet_dict(gw_mac=None): return { 'id': mock.ANY, 'ip_version': 4, 'gateway_mac': gw_mac, 'cidr': utils.AuthenticIPNetwork(CIDR), 'gateway_ip': netaddr.IPAddress(GW_IP) }
def modify_fields_from_db(cls, db_obj): # TODO(korzen) remove this method when IP and CIDR decorator ready result = super(Subnet, cls).modify_fields_from_db(db_obj) if 'cidr' in result: result['cidr'] = utils.AuthenticIPNetwork(result['cidr']) if 'gateway_ip' in result and result['gateway_ip'] is not None: result['gateway_ip'] = netaddr.IPAddress(result['gateway_ip']) return result
def modify_fields_from_db(cls, db_obj): # TODO(korzen) remove this method when IP and CIDR decorator ready result = super(Route, cls).modify_fields_from_db(db_obj) if 'destination' in result: result['destination'] = utils.AuthenticIPNetwork( result['destination']) if 'nexthop' in result: result['nexthop'] = netaddr.IPAddress(result['nexthop']) return result
def modify_fields_from_db(cls, db_obj): fields = super(AllowedAddressPair, cls).modify_fields_from_db(db_obj) if 'ip_address' in fields: # retain string format as stored in the database fields['ip_address'] = utils.AuthenticIPNetwork( fields['ip_address']) if 'mac_address' in fields: # retain string format as stored in the database fields['mac_address'] = utils.AuthenticEUI(fields['mac_address']) return fields
def _save_subnet(self, context, network, subnet_args, dns_nameservers, host_routes, subnet_request): self._validate_subnet_cidr(context, network, subnet_args['cidr']) self._validate_network_subnetpools(network, subnet_args['subnetpool_id'], subnet_args['ip_version']) service_types = subnet_args.pop('service_types', []) subnet = models_v2.Subnet(**subnet_args) segment_id = subnet_args.get('segment_id') try: context.session.add(subnet) context.session.flush() except db_exc.DBReferenceError: raise segment_exc.SegmentNotFound(segment_id=segment_id) self._validate_segment(context, network['id'], segment_id) # NOTE(changzhi) Store DNS nameservers with order into DB one # by one when create subnet with DNS nameservers if validators.is_attr_set(dns_nameservers): for order, server in enumerate(dns_nameservers): dns = subnet_obj.DNSNameServer(context, address=server, order=order, subnet_id=subnet.id) dns.create() if validators.is_attr_set(host_routes): for rt in host_routes: route = subnet_obj.Route( context, subnet_id=subnet.id, destination=common_utils.AuthenticIPNetwork( rt['destination']), nexthop=netaddr.IPAddress(rt['nexthop'])) route.create() if validators.is_attr_set(service_types): for service_type in service_types: service_type_entry = sst_model.SubnetServiceType( subnet_id=subnet.id, service_type=service_type) context.session.add(service_type_entry) self.save_allocation_pools(context, subnet, subnet_request.allocation_pools) return subnet
def _update_extra_routes(self, context, router, routes): self._validate_routes(context, router['id'], routes) old_routes = self._get_extra_routes_by_router_id(context, router['id']) added, removed = helpers.diff_list_of_dict(old_routes, routes) LOG.debug('Added routes are %s', added) for route in added: l3_obj.RouterRoute( context, router_id=router['id'], destination=utils.AuthenticIPNetwork(route['destination']), nexthop=netaddr.IPAddress(route['nexthop'])).create() LOG.debug('Removed routes are %s', removed) for route in removed: l3_obj.RouterRoute.get_object(context, router_id=router['id'], destination=route['destination'], nexthop=route['nexthop']).delete()
def _create_routerroutes(self, context, core_router_id, routes): destination = None nexthop = None try: with context.session.begin(subtransactions=True): for rt in routes: destination = self.filter_to_str( common_utils.AuthenticIPNetwork(rt['destination'])) nexthop = self.filter_to_str( netaddr.IPAddress(rt['nexthop'])) new_core_routerroute = core.create_resource( context, models.CoreRouterRoute, { 'core_router_id': core_router_id, 'destination': destination, 'nexthop': nexthop }) except db_exc.DBDuplicateEntry as e1: LOG.exception( 'Record core_routerroute already exists : ' 'core_router_id %(core_router_id)s: ' 'destination%(destination)s: ' 'nexthop%(nexthop)s: ' '%(exception)s', { 'core_router_id': core_router_id, 'destination': destination, 'nexthop': nexthop, 'exception': e1 }) raise t_exceptions.CoreRouterRoutesCreateException() except Exception as e2: LOG.exception( 'Failed to create core_routerroute : ' 'core_router_id %(core_router_id)s: ' 'destination%(destination)s: ' 'nexthop%(nexthop)s: ' '%(exception)s', { 'core_router_id': core_router_id, 'destination': destination, 'nexthop': nexthop, 'exception': e2 }) raise t_exceptions.CoreRouterRoutesCreateException()
def _create_route_entry_destination_cidrs(self, context, route_entry_id, routes): destination = None print "MaXiao Print cidr destination :" + str(destination) try: with context.session.begin(subtransactions=True): for rt in routes: destination = self.filter_to_str( common_utils.AuthenticIPNetwork(rt['destination'])) print "MaXiao Print cidr destination :" + str(destination) new_core_routerroute = core.create_resource( context, models.DestinationCidr, { 'route_entry_id': route_entry_id, 'destination': destination }) except db_exc.DBDuplicateEntry as e1: LOG.exception( 'Record destination_cidr already exists : ' 'route_entry_id%(route_entry_id)s: ' 'destination%(destination)s: ' '%(exception)s', { 'route_entry_id': route_entry_id, 'destination': destination, 'exception': e1 }) raise t_exceptions.RouteEntryDestinationCidrsCreateException() except Exception as e2: LOG.exception( 'Failed to create destination_cidr : ' 'route_entry_id %(route_entry_id)s: ' 'destination%(destination)s: ' '%(exception)s', { 'route_entry_id': route_entry_id, 'destination': destination, 'exception': e2 }) raise t_exceptions.RouteEntryDestinationCidrsCreateException()
def test_get_sg_log_info_for_port_added_event(self): with self.network() as network, \ self.subnet(network), \ self.security_group() as sg: sg_id = sg['security_group']['id'] tenant_id = sg['security_group']['tenant_id'] rule1 = self._build_security_group_rule( sg_id, 'ingress', const.PROTO_NAME_TCP, '11', '13', remote_ip_prefix='10.0.0.1', ) rule2 = self._build_security_group_rule( sg_id, 'egress', const.PROTO_NAME_ICMP, ) rules = { 'security_group_rules': [rule1['security_group_rule'], rule2['security_group_rule']] } self._create_security_group_rule(self.fmt, rules) res = self._create_port(self.fmt, network['network']['id'], security_groups=[sg_id], tenant_id=tenant_id) ports_rest = self.deserialize(self.fmt, res) port_id = ports_rest['port']['id'] log = _create_log(tenant_id=tenant_id) with mock.patch.object(log_object.Log, 'get_objects', return_value=[log]): with mock.patch.object(validators, 'validate_log_type_for_port', return_value=True): ports_log = (self.rpc_callback.get_sg_log_info_for_port( self.context, port_id=port_id)) expected = [{ 'event': log.event, 'id': log.id, 'ports_log': [{ 'port_id': port_id, 'security_group_rules': [{ 'direction': 'egress', 'ethertype': u'IPv4', 'security_group_id': sg_id }, { 'direction': 'egress', 'ethertype': u'IPv6', 'security_group_id': sg_id }, { 'direction': 'ingress', 'ethertype': u'IPv4', 'port_range_max': 13, 'port_range_min': 11, 'protocol': u'tcp', 'source_ip_prefix': utils.AuthenticIPNetwork('10.0.0.1/32'), 'security_group_id': sg_id }, { 'direction': 'egress', 'ethertype': u'IPv4', 'protocol': u'icmp', 'security_group_id': sg_id }] }], 'project_id': tenant_id }] self.assertEqual(expected, ports_log) self._delete('ports', port_id)
def from_primitive(obj, attr, value): try: return utils.AuthenticIPNetwork(value) except Exception: msg = _("Field value %s is not a netaddr.IPNetwork") % value raise ValueError(msg)
def setUp(self): super(TestL3GwModeMixin, self).setUp() plugin = __name__ + '.' + TestDbIntPlugin.__name__ self.setup_coreplugin(plugin) self.target_object = TestDbIntPlugin() # Patch the context ctx_patcher = mock.patch('neutron_lib.context', autospec=True) mock_context = ctx_patcher.start() self.context = mock_context.get_admin_context() # This ensure also calls to elevated work in unit tests self.context.elevated.return_value = self.context self.context.session = db_api.get_writer_session() # Create sample data for tests self.ext_net_id = _uuid() self.int_net_id = _uuid() self.int_sub_id = _uuid() self.tenant_id = 'the_tenant' self.network = net_obj.Network(self.context, id=self.ext_net_id, project_id=self.tenant_id, admin_state_up=True, status=constants.NET_STATUS_ACTIVE) self.net_ext = net_obj.ExternalNetwork(self.context, network_id=self.ext_net_id) self.network.create() self.net_ext.create() self.router = l3_models.Router(id=_uuid(), name=None, tenant_id=self.tenant_id, admin_state_up=True, status=constants.NET_STATUS_ACTIVE, enable_snat=True, gw_port_id=None) self.context.session.add(self.router) self.context.session.flush() self.router_gw_port = port_obj.Port( self.context, id=FAKE_GW_PORT_ID, project_id=self.tenant_id, device_id=self.router.id, device_owner=l3_db.DEVICE_OWNER_ROUTER_GW, admin_state_up=True, status=constants.PORT_STATUS_ACTIVE, mac_address=netaddr.EUI(FAKE_GW_PORT_MAC), network_id=self.ext_net_id) self.router_gw_port.create() self.router.gw_port_id = self.router_gw_port.id self.context.session.add(self.router) self.context.session.flush() self.fip_ext_port = port_obj.Port( self.context, id=FAKE_FIP_EXT_PORT_ID, project_id=self.tenant_id, admin_state_up=True, device_id=self.router.id, device_owner=l3_db.DEVICE_OWNER_FLOATINGIP, status=constants.PORT_STATUS_ACTIVE, mac_address=netaddr.EUI(FAKE_FIP_EXT_PORT_MAC), network_id=self.ext_net_id) self.fip_ext_port.create() self.context.session.flush() self.int_net = net_obj.Network(self.context, id=self.int_net_id, project_id=self.tenant_id, admin_state_up=True, status=constants.NET_STATUS_ACTIVE) self.int_sub = subnet_obj.Subnet( self.context, id=self.int_sub_id, project_id=self.tenant_id, ip_version=4, cidr=utils.AuthenticIPNetwork('3.3.3.0/24'), gateway_ip=netaddr.IPAddress('3.3.3.1'), network_id=self.int_net_id) self.router_port = port_obj.Port( self.context, id=FAKE_ROUTER_PORT_ID, project_id=self.tenant_id, admin_state_up=True, device_id=self.router.id, device_owner=l3_db.DEVICE_OWNER_ROUTER_INTF, status=constants.PORT_STATUS_ACTIVE, mac_address=netaddr.EUI(FAKE_ROUTER_PORT_MAC), network_id=self.int_net_id) self.router_port_ip_info = port_obj.IPAllocation( self.context, port_id=self.router_port.id, network_id=self.int_net.id, subnet_id=self.int_sub_id, ip_address='3.3.3.1') self.int_net.create() self.int_sub.create() self.router_port.create() self.router_port_ip_info.create() self.context.session.flush() self.fip_int_port = port_obj.Port( self.context, id=FAKE_FIP_INT_PORT_ID, project_id=self.tenant_id, admin_state_up=True, device_id='something', device_owner=constants.DEVICE_OWNER_COMPUTE_PREFIX + 'nova', status=constants.PORT_STATUS_ACTIVE, mac_address=netaddr.EUI(FAKE_FIP_INT_PORT_MAC), network_id=self.int_net_id) self.fip_int_ip_info = port_obj.IPAllocation( self.context, port_id=self.fip_int_port.id, network_id=self.int_net.id, subnet_id=self.int_sub_id, ip_address='3.3.3.3') self.fip = l3_models.FloatingIP(id=_uuid(), floating_ip_address='1.1.1.2', floating_network_id=self.ext_net_id, floating_port_id=FAKE_FIP_EXT_PORT_ID, fixed_port_id=None, fixed_ip_address=None, router_id=None) self.fip_int_port.create() self.fip_int_ip_info.create() self.context.session.add(self.fip) self.context.session.flush() self.context.session.expire_all() self.fip_request = { 'port_id': FAKE_FIP_INT_PORT_ID, 'tenant_id': self.tenant_id }
def modify_fields_from_db(cls, db_obj): result = super(MeteringLabelRule, cls).modify_fields_from_db(db_obj) if 'remote_ip_prefix' in result: result['remote_ip_prefix'] = utils.AuthenticIPNetwork( result['remote_ip_prefix']) return result
def _update_route_entry_destination_cidrs(self, context, route_entry_id, route_entry): def _combine(ht): return "{}".format(ht['destination']) try: with context.session.begin(subtransactions=True): old_route_list = self._get_destination_cidrs_by_route_entry_id( context, route_entry_id) new_route_set = set([ _combine(route) for route in route_entry['destination_cidr_list'] ]) old_route_set = set( [_combine(route) for route in old_route_list]) new_routes = [] for route_str in old_route_set - new_route_set: for route in old_route_list: if _combine(route) == route_str: destination = self.filter_to_str( common_utils.AuthenticIPNetwork( route_str.partition("_")[0])) route_filters = [{ 'key': 'route_entry_id', 'comparator': 'eq', 'value': route_entry_id }, { 'key': 'destination', 'comparator': 'eq', 'value': destination }] core.delete_resources(context, models.DestinationCidr, route_filters) for route_str in new_route_set - old_route_set: destination = self.filter_to_str( common_utils.AuthenticIPNetwork( route_str.partition("_")[0])) new_core_routerroute = core.create_resource( context, models.DestinationCidr, { 'route_entry_id': route_entry_id, 'destination': destination }) for route_str in new_route_set: new_routes.append({'destination': route_str}) del route_entry["destination_cidr_list"] return new_routes except Exception as e: LOG.exception( 'Failed to update destination_cidr: ' 'route_entry_id %(route_entry_id)s: ' '%(exception)s', { 'route_entry_id': route_entry_id, 'exception': e }) raise t_exceptions.RouteEntryDestinationCidrsUpdateException()
def test_invalid_values(self): for addr in ('XXXX', 'ypp', 'g3:vvv'): with testtools.ExpectedException(netaddr.core.AddrFormatError): utils.AuthenticIPNetwork(addr)
def test_retains_original_format(self): for addr_str in ('10.0.0.0/24', '10.0.0.10/32', '100.0.0.1'): self.assertEqual(addr_str, str(utils.AuthenticIPNetwork(addr_str)))
def modify_fields_from_db(cls, db_obj): fields = super(SecurityGroupRule, cls).modify_fields_from_db(db_obj) if 'remote_ip_prefix' in fields: fields['remote_ip_prefix'] = (utils.AuthenticIPNetwork( fields['remote_ip_prefix'])) return fields
def _update_core_router_routes(self, context, core_router_id, core_router): try: with context.session.begin(subtransactions=True): def _combine(ht): return "{}_{}".format(ht['destination'], ht['nexthop']) old_route_list = self._get_routes_by_core_router_id( context, core_router_id) new_route_set = set( [_combine(route) for route in core_router['routes']]) old_route_set = set( [_combine(route) for route in old_route_list]) new_routes = [] for route_str in old_route_set - new_route_set: for route in old_route_list: if _combine(route) == route_str: destination = self.filter_to_str( common_utils.AuthenticIPNetwork( route_str.partition("_")[0])) nexthop = self.filter_to_str( netaddr.IPAddress(route_str.partition("_")[2])) route_filters = [{ 'key': 'core_router_id', 'comparator': 'eq', 'value': core_router_id }, { 'key': 'destination', 'comparator': 'eq', 'value': destination }, { 'key': 'nexthop', 'comparator': 'eq', 'value': nexthop }] core.delete_resources(context, models.CoreRouterRoute, route_filters) for route_str in new_route_set - old_route_set: destination = self.filter_to_str( common_utils.AuthenticIPNetwork( route_str.partition("_")[0])) nexthop = self.filter_to_str( netaddr.IPAddress(route_str.partition("_")[2])) new_core_routerroute = core.create_resource( context, models.CoreRouterRoute, { 'core_router_id': core_router_id, 'destination': destination, 'nexthop': nexthop }) for route_str in new_route_set: new_routes.append({ 'destination': route_str.partition("_")[0], 'nexthop': route_str.partition("_")[2] }) del core_router["routes"] return new_routes except Exception as e: LOG.exception( 'Failed to update core_routerroute : ' 'core_router_id %(core_router_id)s: ' '%(exception)s', { 'core_router_id': core_router_id, 'exception': e }) raise t_exceptions.CoreRouterRoutesUpdateException()