Esempio n. 1
0
    def __init__(self):

        ndb.initialize()
        self.ofc = ofc_manager.OFCManager()
        self.base_binding_dict = self._get_base_binding_dict()
        portbindings_base.register_port_dict_function()

        neutron_extensions.append_api_extensions_path(extensions.__path__)

        self.setup_rpc()
        self.l3_rpc_notifier = nec_router.L3AgentNotifyAPI()

        self.network_scheduler = importutils.import_object(
            config.CONF.network_scheduler_driver
        )
        self.router_scheduler = importutils.import_object(
            config.CONF.router_scheduler_driver
        )

        nec_router.load_driver(self, self.ofc)
        self.port_handlers = {
            'create': {
                const.DEVICE_OWNER_ROUTER_GW: self.create_router_port,
                const.DEVICE_OWNER_ROUTER_INTF: self.create_router_port,
                'default': self.activate_port_if_ready,
            },
            'delete': {
                const.DEVICE_OWNER_ROUTER_GW: self.delete_router_port,
                const.DEVICE_OWNER_ROUTER_INTF: self.delete_router_port,
                'default': self.deactivate_port,
            }
        }
Esempio n. 2
0
 def __init__(self):
     super(NuagePlugin, self).__init__()
     neutron_extensions.append_api_extensions_path(extensions.__path__)
     config.nuage_register_cfg_opts()
     self.nuageclient_init()
     net_partition = cfg.CONF.RESTPROXY.default_net_partition_name
     self._create_default_net_partition(net_partition)
Esempio n. 3
0
    def __init__(self, server_timeout=None):
        super(NeutronRestProxyV2, self).__init__()
        LOG.info(_('NeutronRestProxy: Starting plugin. Version=%s'),
                 version_string_with_vcs())
        pl_config.register_config()

        # Include the BigSwitch Extensions path in the api_extensions
        neutron_extensions.append_api_extensions_path(extensions.__path__)

        self.add_meta_server_route = cfg.CONF.RESTPROXY.add_meta_server_route

        # init network ctrl connections
        self.servers = servermanager.ServerPool(server_timeout)

        # init dhcp support
        self.topic = topics.PLUGIN
        self.network_scheduler = importutils.import_object(
            cfg.CONF.network_scheduler_driver
        )
        self._dhcp_agent_notifier = dhcp_rpc_agent_api.DhcpAgentNotifyAPI()
        self.agent_notifiers[const.AGENT_TYPE_DHCP] = (
            self._dhcp_agent_notifier
        )
        self.conn = rpc.create_connection(new=True)
        self.callbacks = RpcProxy()
        self.dispatcher = self.callbacks.create_rpc_dispatcher()
        self.conn.create_consumer(self.topic, self.dispatcher,
                                  fanout=False)
        # Consume from all consumers in a thread
        self.conn.consume_in_thread()
        if cfg.CONF.RESTPROXY.sync_data:
            self._send_all_data()

        LOG.debug(_("NeutronRestProxyV2: initialization done"))
Esempio n. 4
0
    def __init__(self, server_timeout=None):
        super(NeutronRestProxyV2, self).__init__()
        LOG.info(_('NeutronRestProxy: Starting plugin. Version=%s'),
                 version_string_with_vcs())
        pl_config.register_config()
        self.evpool = eventlet.GreenPool(cfg.CONF.RESTPROXY.thread_pool_size)

        # Include the BigSwitch Extensions path in the api_extensions
        neutron_extensions.append_api_extensions_path(extensions.__path__)

        self.add_meta_server_route = cfg.CONF.RESTPROXY.add_meta_server_route

        # init network ctrl connections
        self.servers = servermanager.ServerPool(server_timeout)
        self.servers.get_topo_function = self._get_all_data
        self.servers.get_topo_function_args = {'get_ports': True,
                                               'get_floating_ips': True,
                                               'get_routers': True}

        self.network_scheduler = importutils.import_object(
            cfg.CONF.network_scheduler_driver
        )

        # setup rpc for security and DHCP agents
        self._setup_rpc()

        if cfg.CONF.RESTPROXY.sync_data:
            self._send_all_data()

        LOG.debug(_("NeutronRestProxyV2: initialization done"))
Esempio n. 5
0
 def __init__(self):
     # Dynamically change the validators so that they are applicable to
     # the MidoNet implementation of L2GW.
     l2gw_validators.validate_gwdevice_list = (l2gw_midonet_validators.
                                               validate_gwdevice_list)
     neutron_extensions.append_api_extensions_path(l2gateway_ext.__path__)
     super(MidonetL2GatewayPlugin, self).__init__()
Esempio n. 6
0
    def __init__(self):
        super(MidonetL3ServicePlugin, self).__init__()

        # Instantiate MidoNet API client
        self.client = c_base.load_client(cfg.CONF.MIDONET)

        neutron_extensions.append_api_extensions_path(extensions.__path__)
Esempio n. 7
0
    def __init__(self):
        super(MidonetL3ServicePlugin, self).__init__()

        # Instantiate MidoNet API client
        self.client = c_base.load_client(cfg.CONF.MIDONET)

        # Avoid any side effect from DVR getting set to true
        cfg.CONF.set_override("router_distributed", False)
        neutron_extensions.append_api_extensions_path(extensions.__path__)
Esempio n. 8
0
 def __init__(self):
     extensions.append_api_extensions_path(extensions_pkg.__path__)
     super(ApicL3ServicePlugin, self).__init__()
     self.synchronizer = None
     # NB(tbachman): the mechanism driver depends on the existence
     # of the _apic_driver member. If this member is changed or
     # deleted, the code in the mechanism driver should be changed
     # as well.
     self._apic_driver = apic_driver.ApicL3Driver(self)
 def __init__(self):
     super(NuageFWaaSPlugin, self).__init__()
     from neutron.api import extensions as neutron_extensions
     from neutron_fwaas import extensions
     neutron_extensions.append_api_extensions_path(extensions.__path__)
     self.agent_rpc = NuageNoOpAgent()
     enterprise_name = cfg.CONF.RESTPROXY.default_net_partition_name
     netpart_db = nuagedb.get_net_partition_by_name(db_api.get_session(),
                                                    enterprise_name)
     self.enterprise_id = netpart_db.id
Esempio n. 10
0
 def setUp(self):
     extensions.append_api_extensions_path(dr_extensions.__path__)
     service_plugins = {ext_bgp.BGP_EXT_ALIAS: BGP_PLUGIN}
     super(TestNSXvBgpPlugin, self).setUp(service_plugins=service_plugins)
     self.bgp_plugin = bgp_plugin.NSXvBgpPlugin()
     self.nsxv_driver = self.bgp_plugin.drivers['nsx-v']
     self.nsxv_driver._validate_gateway_network = mock.Mock()
     self.nsxv_driver._validate_bgp_configuration_on_peer_esg = (
         mock.Mock())
     self.plugin = directory.get_plugin()
     self.l3plugin = self.plugin
     self.plugin.init_is_complete = True
     self.context = context.get_admin_context()
     self.project_id = 'dummy_project'
Esempio n. 11
0
    def __init__(self):
        """Load the model class."""
        self._model_name = config.CISCO.model_class
        self._model = importutils.import_object(self._model_name)
        native_bulk_attr_name = ("_%s__native_bulk_support"
                                 % self._model.__class__.__name__)
        self.__native_bulk_support = getattr(self._model,
                                             native_bulk_attr_name, False)

        neutron_extensions.append_api_extensions_path(extensions.__path__)

        # Extend the fault map
        self._extend_fault_map()

        LOG.debug("Plugin initialization complete")
Esempio n. 12
0
    def __init__(self):
        super(NsxDvsV2, self).__init__()
        config.validate_config_options()
        LOG.debug('Driver support: DVS: %s' % dvs_utils.dvs_is_enabled())
        neutron_extensions.append_api_extensions_path([vmware.NSX_EXT_PATH])
        self._dvs = dvs.DvsManager()

        # Common driver code
        self.base_binding_dict = {
            pbin.VIF_TYPE: pbin.VIF_TYPE_DVS,
            pbin.VIF_DETAILS: {
                # TODO(rkukura): Replace with new VIF security details
                pbin.CAP_PORT_FILTER:
                'security-group' in self.supported_extension_aliases}}

        self.setup_dhcpmeta_access()
Esempio n. 13
0
    def setUp(self):
        # Enable the test mechanism driver to ensure that
        # we can successfully call through to all mechanism
        # driver apis.
        cfg.CONF.set_override('mechanism_drivers',
                ['logger_plus', 'test'], group='ml2')
        cfg.CONF.set_override('network_vlan_ranges',
                ['physnet1:1000:1099'], group='ml2_type_vlan')

        extensions.append_api_extensions_path(
            gbpservice.neutron.extensions.__path__)
        super(Ml2PlusPluginV2TestCase, self).setUp(PLUGIN_NAME)
        ext_mgr = extensions.PluginAwareExtensionManager.get_instance()
        self.ext_api = test_extensions.setup_extensions_middleware(ext_mgr)
        self.port_create_status = 'DOWN'
        self.plugin = directory.get_plugin()
    def setUp(self, core_plugin=None, sc_plugin=None, service_plugins=None,
              ext_mgr=None):
        extensions.append_api_extensions_path(gbp.neutron.extensions.__path__)
        if not sc_plugin:
            sc_plugin = DB_GP_PLUGIN_KLASS
        self.plugin = importutils.import_object(sc_plugin)
        if not service_plugins:
            service_plugins = {'sc_plugin_name': sc_plugin}

        super(ServiceChainDbTestCase, self).setUp(
            plugin=core_plugin, ext_mgr=ext_mgr,
            service_plugins=service_plugins
        )

        if not ext_mgr:
            ext_mgr = extensions.PluginAwareExtensionManager.get_instance()
            self.ext_api = test_extensions.setup_extensions_middleware(ext_mgr)
Esempio n. 15
0
    def __init__(self):
        """Override initialization to avoid any RPC setup as MidoNet does not
        rely on any agent to implement FWaaS.  Instead, set the rpc handling
        to the _MidonetFirewallDriver class so that it handles the FWaaS update
        events.
        """

        # Register the FWaaS extensions path
        neutron_extensions.append_api_extensions_path(extensions.__path__)

        # Although callbacks are unnecessary in midonet, use FirewallCallbacks
        # because it contains useful methods for DB updates.
        self.callbacks = fw_plugin.FirewallCallbacks(self)
        self.client = c_base.load_client(cfg.CONF.MIDONET)
        self.agent_rpc = _MidonetFirewallDriver(self.client, self.callbacks)
        self.endpoints = [self.callbacks]  # So that tests don't complain
        firewall_db.subscribe()
Esempio n. 16
0
    def __init__(self):
        super(MidonetMixinBase, self).__init__()

        # Instantiate MidoNet API client
        self.client = c_base.load_client(cfg.CONF.MIDONET)

        neutron_extensions.append_api_extensions_path(extensions.__path__)
        self.setup_rpc()

        self.base_binding_dict = {
            portbindings.VIF_TYPE: const.VIF_TYPE_MIDONET,
            portbindings.VNIC_TYPE: portbindings.VNIC_NORMAL,
            portbindings.VIF_DETAILS: {
                # TODO(rkukura): Replace with new VIF security details
                portbindings.CAP_PORT_FILTER:
                'security-group' in self.supported_extension_aliases}}
        self.network_scheduler = importutils.import_object(
            cfg.CONF.network_scheduler_driver
        )
Esempio n. 17
0
 def __init__(self):
     self._is_sub_plugin = tvd_utils.is_tvd_core_plugin()
     dvs_utils.dvs_register_exceptions()
     super(NsxDvsV2, self).__init__()
     if self._is_sub_plugin:
         extension_drivers = cfg.CONF.nsx_tvd.dvs_extension_drivers
     else:
         extension_drivers = cfg.CONF.nsx_extension_drivers
     self._extension_manager = nsx_managers.ExtensionManager(
          extension_drivers=extension_drivers)
     LOG.debug('Driver support: DVS: %s' % dvs_utils.dvs_is_enabled())
     self._extension_manager.initialize()
     self.supported_extension_aliases.extend(
         self._extension_manager.extension_aliases())
     neutron_extensions.append_api_extensions_path(
         [vmware_nsx.NSX_EXT_PATH])
     self.cfg_group = 'dvs'  # group name for dvs section in nsx.ini
     self._dvs = dvs.SingleDvsManager()
     self.setup_dhcpmeta_access()
Esempio n. 18
0
    def __init__(self):
        super(NECPluginV2Impl, self).__init__()
        self.ofc = ofc_manager.OFCManager(self.safe_reference)
        self.l2mgr = l2manager.L2Manager(self.safe_reference)
        self.base_binding_dict = self._get_base_binding_dict()
        portbindings_base.register_port_dict_function()

        neutron_extensions.append_api_extensions_path(extensions.__path__)

        self.setup_rpc()
        self.l3_rpc_notifier = router_plugin.L3AgentNotifyAPI()

        self.network_scheduler = importutils.import_object(
            cfg.CONF.network_scheduler_driver
        )
        self.router_scheduler = importutils.import_object(
            cfg.CONF.router_scheduler_driver
        )

        router_plugin.load_driver(self.safe_reference, self.ofc)
        self.start_periodic_dhcp_agent_status_check()
Esempio n. 19
0
    def __init__(self):
        """Load the model class."""
        self._model = importutils.import_object(config.CISCO.model_class)
        if hasattr(self._model, "MANAGE_STATE") and self._model.MANAGE_STATE:
            self._master = False
            LOG.debug(_("Model %s manages state"), config.CISCO.model_class)
            native_bulk_attr_name = ("_%s__native_bulk_support"
                                     % self._model.__class__.__name__)
            self.__native_bulk_support = getattr(self._model,
                                                 native_bulk_attr_name, False)

        if hasattr(self._model, "supported_extension_aliases"):
            self.supported_extension_aliases.extend(
                self._model.supported_extension_aliases)

        neutron_extensions.append_api_extensions_path(extensions.__path__)

        # Extend the fault map
        self._extend_fault_map()

        LOG.debug(_("Plugin initialization complete"))
    def __init__(self):
        super(MidonetMixin, self).__init__()

        # Instantiate MidoNet API client
        conf = cfg.CONF.MIDONET
        neutron_extensions.append_api_extensions_path(extensions.__path__)
        self.api_cli = client.MidonetClient(conf.midonet_uri, conf.username,
                                            conf.password,
                                            project_id=conf.project_id)

        self.setup_rpc()

        self.base_binding_dict = {
            portbindings.VIF_TYPE: portbindings.VIF_TYPE_MIDONET,
            portbindings.VNIC_TYPE: portbindings.VNIC_NORMAL,
            portbindings.VIF_DETAILS: {
                # TODO(rkukura): Replace with new VIF security details
                portbindings.CAP_PORT_FILTER:
                'security-group' in self.supported_extension_aliases}}
        self.network_scheduler = importutils.import_object(
            cfg.CONF.network_scheduler_driver
        )
Esempio n. 21
0
from neutron_lib.api import extensions
from neutron_lib.api import validators as lib_validators
from neutron_lib.db import constants as db_const
from neutron_lib import exceptions as neutron_exc
from neutron_lib.services import base as service_base
from oslo_config import cfg

from neutron.api import extensions as neutron_ext
from neutron.api.v2 import resource_helper

from networking_sfc._i18n import _
from networking_sfc import extensions as sfc_extensions
from networking_sfc.extensions import flowclassifier as ext_fc

cfg.CONF.import_opt('api_extensions_path', 'neutron.common.config')
neutron_ext.append_api_extensions_path(sfc_extensions.__path__)

SFC_EXT = "sfc"
SFC_PREFIX = "/sfc"

# Default Chain Parameters
DEFAULT_CHAIN_CORRELATION = 'mpls'
DEFAULT_CHAIN_SYMMETRY = False
DEFAULT_CHAIN_PARAMETERS = {
    'correlation': DEFAULT_CHAIN_CORRELATION,
    'symmetric': DEFAULT_CHAIN_SYMMETRY
}

# Default SF Parameters
DEFAULT_SF_PARAMETERS = {'correlation': None, 'weight': 1}
 def __init__(self):
     super(NetworkProfilePlugin, self).__init__()
     api_extensions.append_api_extensions_path(extensions.__path__)
     # Initialize N1KV client
     self.n1kvclient = n1kv_client.Client()
Esempio n. 23
0
 def __init__(self):
     LOG.info(_LI("APIC AIM L3 Plugin __init__"))
     extensions.append_api_extensions_path(extensions_pkg.__path__)
     self._mechanism_driver = None
     super(ApicL3Plugin, self).__init__()
Esempio n. 24
0
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

from neutron.api import extensions as neutron_extensions
from neutron.api.v2 import base
from neutron.api.v2 import resource_helper
from neutron_lib.api import extensions
from neutron_lib.plugins import directory

import abc
from networking_bigswitch.plugins.bigswitch import constants
from networking_bigswitch.plugins.bigswitch import extensions as bsn_extensions

# Ensure the extension is loaded at startup
neutron_extensions.append_api_extensions_path(bsn_extensions.__path__)

RESOURCE_ATTRIBUTE_MAP = {
    'networktemplates': {
        'id': {
            'allow_post': False,
            'allow_put': False,
            'validate': {
                'type:string': None
            },
            'is_visible': True
        },
        'tenant_id': {
            'allow_post': True,
            'allow_put': False,
            'validate': {
 def __init__(self):
     super(PolicyProfilePlugin, self).__init__()
     api_extensions.append_api_extensions_path(extensions.__path__)
     # Initialize N1KV client
     self.n1kvclient = n1kv_client.Client()
     eventlet.spawn(self._poll_policy_profiles)
Esempio n. 26
0
# License for the specific language governing permissions and limitations
# under the License.

import abc

from neutron_lib.api import extensions as api_extensions
from neutron_lib.api import validators

from neutron.api import extensions
from neutron.api.v2 import resource_helper

from networking_l2gw import extensions as l2gw_extensions
from networking_l2gw.services.l2gateway.common import constants
from networking_l2gw.services.l2gateway.common import l2gw_validators

extensions.append_api_extensions_path(l2gw_extensions.__path__)

RESOURCE_ATTRIBUTE_MAP = {
    constants.L2_GATEWAYS: {
        'id': {'allow_post': False, 'allow_put': False,
               'is_visible': True},
        'name': {'allow_post': True, 'allow_put': True,
                 'validate': {'type:string': None},
                 'is_visible': True, 'default': ''},
        'devices': {'allow_post': True, 'allow_put': True,
                    'validate': {'type:l2gwdevice_list': None},
                    'is_visible': True},
        'tenant_id': {'allow_post': True, 'allow_put': False,
                      'validate': {'type:string': None},
                      'required_by_policy': True,
                      'is_visible': True}
 def initialize(self):
     neutron_extensions.append_api_extensions_path(extensions.__path__)
     LOG.info(_("HPEIronicCredentialExtDriver initialization complete"))
Esempio n. 28
0
    def setUp(self):
        """
        Setup method for n1kv plugin tests.

        First step is to define an acceptable response from the VSM to
        our requests. This needs to be done BEFORE the setUp() function
        of the super-class is called.

        This default here works for many cases. If you need something
        extra, please define your own setUp() function in your test class,
        and set your DEFAULT_RESPONSE value also BEFORE calling the
        setUp() of the super-function (this one here). If you have set
        a value already, it will not be overwritten by this code.

        """
        if not self.DEFAULT_RESP_BODY:
            self.DEFAULT_RESP_BODY = (
                """<?xml version="1.0" encoding="utf-8"?>
                <set name="events_set">
                <instance name="1" url="/api/hyper-v/events/1">
                <properties>
                <cmd>configure terminal ; port-profile type vethernet grizzlyPP
                    (SUCCESS)
                </cmd>
                <id>42227269-e348-72ed-bdb7-7ce91cd1423c</id>
                <time>1369223611</time>
                <name>grizzlyPP</name>
                </properties>
                </instance>
                <instance name="2" url="/api/hyper-v/events/2">
                <properties>
                <cmd>configure terminal ; port-profile type vethernet havanaPP
                    (SUCCESS)
                </cmd>
                <id>3fc83608-ae36-70e7-9d22-dec745623d06</id>
                <time>1369223661</time>
                <name>havanaPP</name>
                </properties>
                </instance>
                </set>
                """)
        # Creating a mock HTTP connection object for httplib. The N1KV client
        # interacts with the VSM via HTTP. Since we don't have a VSM running
        # in the unit tests, we need to 'fake' it by patching the HTTP library
        # itself. We install a patch for a fake HTTP connection class.
        # Using __name__ to avoid having to enter the full module path.
        http_patcher = patch(n1kv_client.httplib2.__name__ + ".Http")
        FakeHttpConnection = http_patcher.start()
        # Now define the return values for a few functions that may be called
        # on any instance of the fake HTTP connection class.
        instance = FakeHttpConnection.return_value
        instance.getresponse.return_value = (FakeResponse(
                                             self.DEFAULT_RESP_CODE,
                                             self.DEFAULT_RESP_BODY,
                                             'application/xml'))
        instance.request.return_value = (instance.getresponse.return_value,
                                         self.DEFAULT_RESP_BODY)

        # Patch some internal functions in a few other parts of the system.
        # These help us move along, without having to mock up even more systems
        # in the background.

        # Return a dummy VSM IP address
        get_vsm_hosts_patcher = patch(n1kv_client.__name__ +
                                      ".Client._get_vsm_hosts")
        fake_get_vsm_hosts = get_vsm_hosts_patcher.start()
        fake_get_vsm_hosts.return_value = ["127.0.0.1"]

        # Return dummy user profiles
        get_cred_name_patcher = patch(cdb.__name__ + ".get_credential_name")
        fake_get_cred_name = get_cred_name_patcher.start()
        fake_get_cred_name.return_value = {"user_name": "admin",
                                           "password": "******"}

        n1kv_neutron_plugin.N1kvNeutronPluginV2._setup_vsm = _fake_setup_vsm

        neutron_extensions.append_api_extensions_path(extensions.__path__)
        ext_mgr = NetworkProfileTestExtensionManager()

        # Save the original RESOURCE_ATTRIBUTE_MAP
        self.saved_attr_map = {}
        for resource, attrs in attributes.RESOURCE_ATTRIBUTE_MAP.items():
            self.saved_attr_map[resource] = attrs.copy()
        # Update the RESOURCE_ATTRIBUTE_MAP with n1kv specific extended attrs.
        attributes.RESOURCE_ATTRIBUTE_MAP["networks"].update(
            n1kv.EXTENDED_ATTRIBUTES_2_0["networks"])
        attributes.RESOURCE_ATTRIBUTE_MAP["ports"].update(
            n1kv.EXTENDED_ATTRIBUTES_2_0["ports"])
        self.addCleanup(self.restore_resource_attribute_map)
        self.addCleanup(db.clear_db)
        super(N1kvPluginTestCase, self).setUp(self._plugin_name,
                                              ext_mgr=ext_mgr)
        # Create some of the database entries that we require.
        self._make_test_profile()
        self._make_test_policy_profile()
Esempio n. 29
0
    def setUp(self):
        """
        Setup method for n1kv plugin tests.

        First step is to define an acceptable response from the VSM to
        our requests. This needs to be done BEFORE the setUp() function
        of the super-class is called.

        This default here works for many cases. If you need something
        extra, please define your own setUp() function in your test class,
        and set your DEFAULT_RESPONSE value also BEFORE calling the
        setUp() of the super-function (this one here). If you have set
        a value already, it will not be overwritten by this code.

        """
        if not self.DEFAULT_RESP_BODY:
            self.DEFAULT_RESP_BODY = (
                """<?xml version="1.0" encoding="utf-8"?>
                <set name="events_set">
                <instance name="1" url="/api/hyper-v/events/1">
                <properties>
                <cmd>configure terminal ; port-profile type vethernet grizzlyPP
                    (SUCCESS)
                </cmd>
                <id>42227269-e348-72ed-bdb7-7ce91cd1423c</id>
                <time>1369223611</time>
                <name>grizzlyPP</name>
                </properties>
                </instance>
                <instance name="2" url="/api/hyper-v/events/2">
                <properties>
                <cmd>configure terminal ; port-profile type vethernet havanaPP
                    (SUCCESS)
                </cmd>
                <id>3fc83608-ae36-70e7-9d22-dec745623d06</id>
                <time>1369223661</time>
                <name>havanaPP</name>
                </properties>
                </instance>
                </set>
                """)
        # Creating a mock HTTP connection object for httplib. The N1KV client
        # interacts with the VSM via HTTP. Since we don't have a VSM running
        # in the unit tests, we need to 'fake' it by patching the HTTP library
        # itself. We install a patch for a fake HTTP connection class.
        # Using __name__ to avoid having to enter the full module path.
        http_patcher = patch(n1kv_client.httplib2.__name__ + ".Http")
        FakeHttpConnection = http_patcher.start()
        self.addCleanup(http_patcher.stop)
        # Now define the return values for a few functions that may be called
        # on any instance of the fake HTTP connection class.
        instance = FakeHttpConnection.return_value
        instance.getresponse.return_value = (FakeResponse(
                                             self.DEFAULT_RESP_CODE,
                                             self.DEFAULT_RESP_BODY,
                                             'application/xml'))
        instance.request.return_value = (instance.getresponse.return_value,
                                         self.DEFAULT_RESP_BODY)

        # Patch some internal functions in a few other parts of the system.
        # These help us move along, without having to mock up even more systems
        # in the background.

        # Return a dummy VSM IP address
        get_vsm_hosts_patcher = patch(n1kv_client.__name__ +
                                      ".Client._get_vsm_hosts")
        fake_get_vsm_hosts = get_vsm_hosts_patcher.start()
        self.addCleanup(get_vsm_hosts_patcher.stop)
        fake_get_vsm_hosts.return_value = ["127.0.0.1"]

        # Return dummy user profiles
        get_cred_name_patcher = patch(cdb.__name__ + ".get_credential_name")
        fake_get_cred_name = get_cred_name_patcher.start()
        self.addCleanup(get_cred_name_patcher.stop)
        fake_get_cred_name.return_value = {"user_name": "admin",
                                           "password": "******"}

        n1kv_neutron_plugin.N1kvNeutronPluginV2._setup_vsm = _fake_setup_vsm

        neutron_extensions.append_api_extensions_path(extensions.__path__)
        self.addCleanup(cfg.CONF.reset)
        ext_mgr = NetworkProfileTestExtensionManager()

        # Save the original RESOURCE_ATTRIBUTE_MAP
        self.saved_attr_map = {}
        for resource, attrs in attributes.RESOURCE_ATTRIBUTE_MAP.items():
            self.saved_attr_map[resource] = attrs.copy()
        # Update the RESOURCE_ATTRIBUTE_MAP with n1kv specific extended attrs.
        attributes.RESOURCE_ATTRIBUTE_MAP["networks"].update(
            n1kv_profile.EXTENDED_ATTRIBUTES_2_0["networks"])
        attributes.RESOURCE_ATTRIBUTE_MAP["ports"].update(
            n1kv_profile.EXTENDED_ATTRIBUTES_2_0["ports"])
        self.addCleanup(self.restore_resource_attribute_map)
        self.addCleanup(db.clear_db)
        super(N1kvPluginTestCase, self).setUp(self._plugin_name,
                                              ext_mgr=ext_mgr)
        # Create some of the database entries that we require.
        self._make_test_profile()
        self._make_test_policy_profile()
from neutron.common import exceptions as nexc
from neutron.plugins.common import constants
from neutron.quota import resource_registry
from neutron.services import service_base
from oslo_config import cfg
from oslo_log import log as logging
import six

import gbpservice.neutron.extensions
import gbpservice.neutron.extensions.group_policy  # noqa
from gbpservice.neutron.services.servicechain.common import constants as scc

# The code below is a monkey patch of key Neutron's modules. This is needed for
# the GBP service to be loaded correctly. GBP extensions' path is added
# to Neutron's so that it's found at extension scanning time.
extensions.append_api_extensions_path(gbpservice.neutron.extensions.__path__)
LOG = logging.getLogger(__name__)


# Service Chain Exceptions
class ServiceProfileNotFound(nexc.NotFound):
    message = _("ServiceProfile %(profile_id)s could not be found")


class ServiceProfileInUse(nexc.NotFound):
    message = _("Unable to complete operation, ServiceProfile "
                "%(profile_id)s is in use")


class ServiceChainNodeNotFound(nexc.NotFound):
    message = _("ServiceChainNode %(sc_node_id)s could not be found")
Esempio n. 31
0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

import abc
from neutron.api import extensions
from neutron.api.v2 import attributes
from neutron.api.v2 import resource_helper

import networking_l2gw.extensions
from networking_l2gw.services.l2gateway.common import constants
from networking_l2gw.services.l2gateway.common import l2gw_validators

extensions.append_api_extensions_path(networking_l2gw.extensions.__path__)

RESOURCE_ATTRIBUTE_MAP = {
    constants.L2_GATEWAYS: {
        'id': {
            'allow_post': False,
            'allow_put': False,
            'is_visible': True
        },
        'name': {
            'allow_post': True,
            'allow_put': True,
            'validate': {
                'type:string': None
            },
            'is_visible': True,
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

from neutron.api import extensions
from neutron.api.v2 import base
from neutron.api.v2 import resource_helper
from neutron import manager

import abc
from bsnstacklib.plugins.bigswitch import extensions as bsn_extensions

# Ensure the extension is loaded at startup
extensions.append_api_extensions_path(bsn_extensions.__path__)

RESOURCE_ATTRIBUTE_MAP = {
    'networktemplates': {
        'id': {
            'allow_post': False,
            'allow_put': False,
            'validate': {
                'type:string': None
            },
            'is_visible': True
        },
        'tenant_id': {
            'allow_post': True,
            'allow_put': False,
            'validate': {
Esempio n. 33
0
    def setUp(self):
        """
        Setup method for n1kv plugin tests.

        First step is to define an acceptable response from the VSM to
        our requests. This needs to be done BEFORE the setUp() function
        of the super-class is called.

        This default here works for many cases. If you need something
        extra, please define your own setUp() function in your test class,
        and set your DEFAULT_RESPONSE value also BEFORE calling the
        setUp() of the super-function (this one here). If you have set
        a value already, it will not be overwritten by this code.

        """
        if not self.DEFAULT_RESP_BODY:
            self.DEFAULT_RESP_BODY = {
                "icehouse-pp": {
                    "properties": {
                        "name": "icehouse-pp",
                        "id": "some-uuid-1"
                    }
                },
                "havana_pp": {
                    "properties": {
                        "name": "havana_pp",
                        "id": "some-uuid-2"
                    }
                },
                "dhcp_pp": {
                    "properties": {
                        "name": "dhcp_pp",
                        "id": "some-uuid-3"
                    }
                },
            }
        # Creating a mock HTTP connection object for requests lib. The N1KV
        # client interacts with the VSM via HTTP. Since we don't have a VSM
        # running in the unit tests, we need to 'fake' it by patching the HTTP
        # library itself. We install a patch for a fake HTTP connection class.
        # Using __name__ to avoid having to enter the full module path.
        http_patcher = mock.patch(n1kv_client.requests.__name__ + ".request")
        FakeHttpConnection = http_patcher.start()
        # Now define the return values for a few functions that may be called
        # on any instance of the fake HTTP connection class.
        self.resp_headers = {"content-type": "application/json"}
        FakeHttpConnection.return_value = (FakeResponse(
            self.DEFAULT_RESP_CODE, self.DEFAULT_RESP_BODY, self.resp_headers))

        # Patch some internal functions in a few other parts of the system.
        # These help us move along, without having to mock up even more systems
        # in the background.

        # Return a dummy VSM IP address
        mock.patch(n1kv_client.__name__ + ".Client._get_vsm_hosts",
                   new=lambda self: "127.0.0.1").start()

        # Return dummy user profiles
        mock.patch(cdb.__name__ + ".get_credential_name",
                   new=lambda self: {
                       "user_name": "admin",
                       "password": "******"
                   }).start()

        n1kv_neutron_plugin.N1kvNeutronPluginV2._setup_vsm = _fake_setup_vsm

        neutron_extensions.append_api_extensions_path(extensions.__path__)
        ext_mgr = NetworkProfileTestExtensionManager()

        # Save the original RESOURCE_ATTRIBUTE_MAP
        self.saved_attr_map = {}
        for resource, attrs in attributes.RESOURCE_ATTRIBUTE_MAP.items():
            self.saved_attr_map[resource] = attrs.copy()
        # Update the RESOURCE_ATTRIBUTE_MAP with n1kv specific extended attrs.
        attributes.RESOURCE_ATTRIBUTE_MAP["networks"].update(
            n1kv.EXTENDED_ATTRIBUTES_2_0["networks"])
        attributes.RESOURCE_ATTRIBUTE_MAP["ports"].update(
            n1kv.EXTENDED_ATTRIBUTES_2_0["ports"])
        self.addCleanup(self.restore_resource_attribute_map)
        super(N1kvPluginTestCase, self).setUp(self._plugin_name,
                                              ext_mgr=ext_mgr)
        # Create some of the database entries that we require.
        self._make_test_profile()
        self._make_test_policy_profile()
Esempio n. 34
0
 def initialize(self):
     api_extensions.append_api_extensions_path(extensions.__path__)
 def __init__(self):
     super(NetworkProfilePlugin, self).__init__()
     api_extensions.append_api_extensions_path(extensions.__path__)
     # Initialize N1KV client
     self.n1kvclient = n1kv_client.Client()
Esempio n. 36
0
 def __init__(self, **args):
     super(TestNetworkGatewayPlugin, self).__init__(**args)
     extensions.append_api_extensions_path([NSXEXT_PATH])
Esempio n. 37
0
 def __init__(self, **args):
     super(TestNetworkGatewayPlugin, self).__init__(**args)
     extensions.append_api_extensions_path([NVP_EXT_PATH])
Esempio n. 38
0
from neutron.services.service_base import ServicePluginBase

from oslo_log import log

from networking_bgpvpn.neutron import extensions as bgpvpn_ext
from networking_bgpvpn.neutron.services.common import constants

LOG = log.getLogger(__name__)

# Regular expression to validate Route Target list format
# ["<asn1>:<nn1>","<asn2>:<nn2>", ...] with asn and nn in range 0-65535
RT_REGEX = (r'^((?:0|[1-9]\d{0,3}|[1-5]\d{4}|6[0-4]\d{3}|65[0-4]\d{2}|655[0-2]'
            r'\d|6553[0-5]):(?:0|[1-9]\d{0,3}|[1-5]\d{4}|6[0-4]\d{3}|65[0-4]\d'
            r'{2}|655[0-2]\d|6553[0-5]))$')

extensions.append_api_extensions_path(bgpvpn_ext.__path__)
n_const.EXT_TO_SERVICE_MAPPING['bgpvpn'] = constants.BGPVPN


class BGPVPNNotFound(n_exc.NotFound):
    message = _("BGPVPN %(id)s could not be found")


class BGPVPNNetAssocNotFound(n_exc.NotFound):
    message = _("BGPVPN network association %(id)s could not be found "
                "for BGPVPN %(bgpvpn_id)s")


class BGPVPNRouterAssocNotFound(n_exc.NotFound):
    message = _("BGPVPN router association %(id)s could not be found "
                "for BGPVPN %(bgpvpn_id)s")
 def initialize(self):
     # self.network_extension = 'Test_Network_Extension'
     # self.subnet_extension = 'Test_Subnet_Extension'
     # self.port_extension = 'Test_Port_Extension'
     extensions.append_api_extensions_path(test_ext.__path__)
 def initialize(self):
     extensions_api.append_api_extensions_path(rk_extensions.__path__)
Esempio n. 41
0
 def initialize(self):
     extensions.append_api_extensions_path(test_extensions.__path__)
 def initialize(self):
     LOG.info(_LI("APIC AIM ED initializing"))
     extensions.append_api_extensions_path(extensions_pkg.__path__)
Esempio n. 43
0
 def __init__(self):
     LOG.info("APIC AIM L3 Plugin __init__")
     extensions.append_api_extensions_path(extensions_pkg.__path__)
     self._mechanism_driver = None
     super(ApicL3Plugin, self).__init__()
Esempio n. 44
0
 def __init__(self):
     # Include the Big Switch Extensions path in the api_extensions
     neutron_extensions.append_api_extensions_path(extensions.__path__)
     super(L3RestProxy, self).__init__()
     self.servers = servermanager.ServerPool.get_instance()
Esempio n. 45
0
    def setUp(self):
        """
        Setup method for n1kv plugin tests.

        First step is to define an acceptable response from the VSM to
        our requests. This needs to be done BEFORE the setUp() function
        of the super-class is called.

        This default here works for many cases. If you need something
        extra, please define your own setUp() function in your test class,
        and set your DEFAULT_RESPONSE value also BEFORE calling the
        setUp() of the super-function (this one here). If you have set
        a value already, it will not be overwritten by this code.

        """
        if not self.DEFAULT_RESP_BODY:
            self.DEFAULT_RESP_BODY = {
                "icehouse-pp": {"properties": {"name": "icehouse-pp",
                                               "id": "some-uuid-1"}},
                "havana_pp": {"properties": {"name": "havana_pp",
                                             "id": "some-uuid-2"}},
                "dhcp_pp": {"properties": {"name": "dhcp_pp",
                                           "id": "some-uuid-3"}},
            }
        # Creating a mock HTTP connection object for requests lib. The N1KV
        # client interacts with the VSM via HTTP. Since we don't have a VSM
        # running in the unit tests, we need to 'fake' it by patching the HTTP
        # library itself. We install a patch for a fake HTTP connection class.
        # Using __name__ to avoid having to enter the full module path.
        http_patcher = mock.patch(n1kv_client.requests.__name__ + ".request")
        FakeHttpConnection = http_patcher.start()
        # Now define the return values for a few functions that may be called
        # on any instance of the fake HTTP connection class.
        self.resp_headers = {"content-type": "application/json"}
        FakeHttpConnection.return_value = (FakeResponse(
                                           self.DEFAULT_RESP_CODE,
                                           self.DEFAULT_RESP_BODY,
                                           self.resp_headers))

        # Patch some internal functions in a few other parts of the system.
        # These help us move along, without having to mock up even more systems
        # in the background.

        # Return a dummy VSM IP address
        mock.patch(n1kv_client.__name__ + ".Client._get_vsm_hosts",
                   new=lambda self: "127.0.0.1").start()

        # Return dummy user profiles
        mock.patch(cdb.__name__ + ".get_credential_name",
                   new=lambda self: {"user_name": "admin",
                                     "password": "******"}).start()

        n1kv_neutron_plugin.N1kvNeutronPluginV2._setup_vsm = _fake_setup_vsm

        neutron_extensions.append_api_extensions_path(extensions.__path__)
        ext_mgr = NetworkProfileTestExtensionManager()

        # Save the original RESOURCE_ATTRIBUTE_MAP
        self.saved_attr_map = {}
        for resource, attrs in attributes.RESOURCE_ATTRIBUTE_MAP.items():
            self.saved_attr_map[resource] = attrs.copy()
        # Update the RESOURCE_ATTRIBUTE_MAP with n1kv specific extended attrs.
        attributes.RESOURCE_ATTRIBUTE_MAP["networks"].update(
            n1kv.EXTENDED_ATTRIBUTES_2_0["networks"])
        attributes.RESOURCE_ATTRIBUTE_MAP["ports"].update(
            n1kv.EXTENDED_ATTRIBUTES_2_0["ports"])
        self.addCleanup(self.restore_resource_attribute_map)
        self.addCleanup(db.clear_db)
        super(N1kvPluginTestCase, self).setUp(self._plugin_name,
                                              ext_mgr=ext_mgr)
        # Create some of the database entries that we require.
        self._make_test_profile()
        self._make_test_policy_profile()
import six

from oslo_config import cfg

from neutron_lib.api import extensions as api_ext
from neutron_lib.services import base as service_base

from neutron.api import extensions as ext
from neutron.api.v2 import resource_helper

from neutron_classifier.common import resources as classifier_resources
from neutron_classifier import extensions

cfg.CONF.import_opt('api_extensions_path', 'neutron.common.config')
ext.append_api_extensions_path(extensions.__path__)

EXT_NAME = "neutron_classifier"


def validate_string(String):
    if String is None:
        String = ''
    return String


RESOURCE_ATTRIBUTE_MAP = {
    'classification_type':
    classifier_resources.CLASSIFICATION_TYPE_RESOURCE_MAP,
    'classification_groups':
    classifier_resources.CLASSIFICATION_GROUP_RESOURCE_MAP,
Esempio n. 47
0
from neutron.api import extensions
from neutron.api.v2 import attributes as attr
from neutron.api.v2 import resource_helper
from neutron.common import exceptions as nexc
from neutron.openstack.common import log as logging
from neutron.plugins.common import constants
from neutron.services import service_base

import gbp.neutron.extensions
from gbp.neutron.services.grouppolicy.common import constants as gp_constants

# The code below is a monkey patch of key Neutron's modules. This is needed for
# the GBP service to be loaded correctly. GBP extensions' path is added
# to Neutron's so that it's found at extension scanning time.

extensions.append_api_extensions_path(gbp.neutron.extensions.__path__)
constants.GROUP_POLICY = "GROUP_POLICY"
constants.COMMON_PREFIXES["GROUP_POLICY"] = "/grouppolicy"
constants.EXT_TO_SERVICE_MAPPING['gp'] = constants.GROUP_POLICY
constants.ALLOWED_SERVICES.append(constants.GROUP_POLICY)


LOG = logging.getLogger(__name__)


# Group Policy Exceptions
class PolicyTargetNotFound(nexc.NotFound):
    message = _("Policy Target %(policy_target_id)s could not be found")


class PolicyTargetGroupNotFound(nexc.NotFound):
class FortinetFirewallPlugin(
    firewall_db.Firewall_db_mixin,
    firewall_router_insertion_db.FirewallRouterInsertionDbMixin):
    """Implementation of the Neutron Firewall Service Plugin.

    This class manages the workflow of FWaaS request/response.
    Most DB related works are implemented in class
    firewall_db.Firewall_db_mixin.
    """
    neutron_extensions.append_api_extensions_path(extensions.__path__)
    supported_extension_aliases = ["fwaas", "fwaasrouterinsertion"]
    path_prefix = fw_ext.API_PREFIX

    def __init__(self):
        """Do the initialization for the firewall service plugin here."""
        self._fortigate = config.fgt_info
        self._driver = config.get_apiclient()
        self.task_manager = tasks.TaskManager()
        self.task_manager.start()
        firewall_db.subscribe()

    def _rpc_update_firewall(self, context, firewall_id):
        status_update = {"firewall": {"status": n_consts.PENDING_UPDATE}}
        super(FortinetFirewallPlugin, self).update_firewall(
            context, firewall_id, status_update)
        fw_with_rules = self._make_firewall_dict_with_rules(context,
                                                            firewall_id)
        # this is triggered on an update to fw rule or policy, no
        # change in associated routers.
        fw_with_rules['add-router-ids'] = self.get_firewall_routers(
                context, firewall_id)
        fw_with_rules['del-router-ids'] = []
        self._apply_firewall(context, **fw_with_rules)

    def _rpc_update_firewall_policy(self, context, firewall_policy_id):
        firewall_policy = self.get_firewall_policy(context, firewall_policy_id)
        if firewall_policy:
            for firewall_id in firewall_policy['firewall_list']:
                self._rpc_update_firewall(context, firewall_id)

    def _ensure_update_firewall(self, context, firewall_id):
        fwall = self.get_firewall(context, firewall_id)
        if fwall['status'] in [n_consts.PENDING_CREATE,
                               n_consts.PENDING_UPDATE,
                               n_consts.PENDING_DELETE]:
            raise fw_exc.FirewallInPendingState(firewall_id=firewall_id,
                                                pending_state=fwall['status'])

    def _ensure_update_firewall_policy(self, context, firewall_policy_id):
        firewall_policy = self.get_firewall_policy(context, firewall_policy_id)
        if firewall_policy and 'firewall_list' in firewall_policy:
            for firewall_id in firewall_policy['firewall_list']:
                self._ensure_update_firewall(context, firewall_id)

    def _ensure_update_firewall_rule(self, context, firewall_rule_id):
        fw_rule = self.get_firewall_rule(context, firewall_rule_id)
        if 'firewall_policy_id' in fw_rule and fw_rule['firewall_policy_id']:
            self._ensure_update_firewall_policy(context,
                                                fw_rule['firewall_policy_id'])

    def _get_routers_for_create_firewall(self, tenant_id, context, firewall):
        # pop router_id as this goes in the router association db
        # and not firewall db
        LOG.debug("# _get_routers_for_create_firewall called Fortinet_plugin")
        router_ids = firewall['firewall'].pop('router_ids', None)
        if router_ids == n_consts.ATTR_NOT_SPECIFIED:
            # old semantics router-ids keyword not specified pick up
            # all routers on tenant.
            l3_plugin = directory.get_plugin(n_consts.L3)
            ctx = neutron_context.get_admin_context()
            routers = l3_plugin.get_routers(ctx)
            router_ids = [
                router['id']
                for router in routers
                if router['tenant_id'] == tenant_id]
            # validation can still fail this if there is another fw
            # which is associated with one of these routers.
            self.validate_firewall_routers_not_in_use(context, router_ids)
            return router_ids
        else:
            if not router_ids:
                # This indicates that user specifies no routers.
                return []
            else:
                # some router(s) provided.
                self.validate_firewall_routers_not_in_use(context, router_ids)
                return router_ids

    def create_firewall(self, context, firewall):
        LOG.debug("create_firewall() called Fortinet_plugin")
        tenant_id = firewall['firewall']['tenant_id']
        fw_new_rtrs = self._get_routers_for_create_firewall(
            tenant_id, context, firewall)
        if not fw_new_rtrs:
            # no messaging to agent needed, and fw needs to go
            # to INACTIVE(no associated rtrs) state.
            status = n_consts.INACTIVE
            fw = super(FortinetFirewallPlugin, self).create_firewall(
                context, firewall, status)
            fw['router_ids'] = []
            return fw
        else:
            fw = super(FortinetFirewallPlugin, self).create_firewall(
                context, firewall)
            fw['router_ids'] = fw_new_rtrs

        fw_with_rules = (
            self._make_firewall_dict_with_rules(context, fw['id']))

        fw_with_rtrs = {'fw_id': fw['id'], 'router_ids': fw_new_rtrs}
        self.set_routers_for_firewall(context, fw_with_rtrs)
        fw_with_rules['add-router-ids'] = fw_new_rtrs
        fw_with_rules['del-router-ids'] = []

        self._apply_firewall(context, **fw_with_rules)
        return fw

    def update_firewall(self, context, id, firewall):
        LOG.debug("Fortinet_plugin update_firewall() called, "
                  "id is %(id)s, firewall is %(fw)s",
                  {'id': id, 'fw': firewall})
        self._ensure_update_firewall(context, id)
        # pop router_id as this goes in the router association db
        # and not firewall db
        router_ids = firewall['firewall'].pop('router_ids', None)
        fw_current_rtrs = self.get_firewall_routers(context, id)
        if router_ids is not None:
            if router_ids == []:
                # This indicates that user is indicating no routers.
                fw_new_rtrs = []
            else:
                self.validate_firewall_routers_not_in_use(
                    context, router_ids, id)
                fw_new_rtrs = router_ids
            self.update_firewall_routers(context, {'fw_id': id,
                'router_ids': fw_new_rtrs})
        else:
            # router-ids keyword not specified for update pick up
            # existing routers.
            fw_new_rtrs = self.get_firewall_routers(context, id)

        if not fw_new_rtrs and not fw_current_rtrs:
            # no messaging to agent needed, and we need to continue
            # in INACTIVE state
            firewall['firewall']['status'] = n_consts.INACTIVE
            fw = super(FortinetFirewallPlugin, self).update_firewall(
                context, id, firewall)
            fw['router_ids'] = []
            return fw
        else:
            firewall['firewall']['status'] = n_consts.PENDING_UPDATE
            fw = super(FortinetFirewallPlugin, self).update_firewall(
                context, id, firewall)
            fw['router_ids'] = fw_new_rtrs

        fw_with_rules = (
            self._make_firewall_dict_with_rules(context, fw['id']))

        # determine rtrs to add fw to and del from
        fw_with_rules['add-router-ids'] = fw_new_rtrs
        fw_with_rules['del-router-ids'] = list(
            set(fw_current_rtrs).difference(set(fw_new_rtrs)))

        # last-router drives agent to ack with status to set state to INACTIVE
        fw_with_rules['last-router'] = not fw_new_rtrs

        LOG.debug("## update_firewall %s: Add Routers: %s, Del Routers: %s",
            fw['id'],
            fw_with_rules['add-router-ids'],
            fw_with_rules['del-router-ids'])
        self._apply_firewall(context, **fw_with_rules)
        #self.agent_rpc.update_firewall(context, fw_with_rules)
        return fw

    def update_firewall_for_delete_router(self, context, router_id):
        LOG.debug("fwaas delete_router() called, router_id: %(rtid)s",
                  {'rtid': router_id})
        cls = firewall_router_insertion_db.FirewallRouterAssociation
        db_fw_rt = fortinet_db.query_record(context, cls, router_id=router_id)
        if not db_fw_rt:
            return None
        firewall = {u'firewall': {'router_ids': []}}
        return self.update_firewall(context, db_fw_rt.fw_id, firewall)

    def delete_db_firewall_object(self, context, id):
        super(FortinetFirewallPlugin, self).delete_firewall(context, id)

    def delete_firewall(self, context, id):
        LOG.debug("Fortinet_plugin delete_firewall() called, fw_id %(id)s",
                  {'id': id})
        fw_with_rules = (
            self._make_firewall_dict_with_rules(context, id))

        status = {"firewall": {"status": n_consts.PENDING_DELETE}}
        super(FortinetFirewallPlugin, self).update_firewall(
            context, id, status)
        # Reflect state change in fw_with_rules
        fw_with_rules['del-router-ids'] = self.get_firewall_routers(
            context, id)
        self._apply_firewall(context, **fw_with_rules)
        self.delete_db_firewall_object(context, id)

    def update_firewall_policy(self, context, id, firewall_policy):
        LOG.debug("update_firewall_policy called, "
                  "id =%(id)s, firewall_policy=%(fp)s",
                  {'id': id, 'fp': firewall_policy})
        self._ensure_update_firewall_policy(context, id)
        firewall_policy_old = self.get_firewall_policy(context, id)
        firewall_rule_ids = firewall_policy_old.get('firewall_rules', [])
        tenant_id = firewall_policy_old.get('tenant_id', None)
        fwp = super(FortinetFirewallPlugin,
                    self).update_firewall_policy(context, id, firewall_policy)
        for fwr_id in firewall_rule_ids:
            fw_rule = self.get_firewall_rule(context, fwr_id)
            self._delete_firewall_rule(context, tenant_id, **fw_rule)
        self._rpc_update_firewall_policy(context, id)
        return fwp

    def create_firewall_rule(self, context, firewall_rule):
        """
        :param context:
        :param firewall_rule:
        firewall_rule={'firewall_rule': {... }}
        :return:
        """
        LOG.debug("create_firewall_rule() firewall_rule=%(fwr)s",
                  {'fwr': firewall_rule})
        return super(FortinetFirewallPlugin,
            self).create_firewall_rule(context, firewall_rule)

    def delete_firewall_rule(self, context, id):
        super(FortinetFirewallPlugin, self).delete_firewall_rule(context, id)

    def update_firewall_rule(self, context, id, firewall_rule):
        LOG.debug("update_firewall_rule() id: %(id)s, "
                  "firewall_rule: %(firewall_rule)s",
                  {'id': id, 'firewall_rule': firewall_rule})
        try:
            fwr = self._update_firewall_rule_dict(context, id, firewall_rule)
            self._update_firewall_rule(context, id, fwr)
            self._ensure_update_firewall_rule(context, id)
            fwr = super(FortinetFirewallPlugin,
                        self).update_firewall_rule(context, id, firewall_rule)
            utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
            return fwr
        except Exception as e:
            with excutils.save_and_reraise_exception():
                LOG.error(_LE("update_firewall_rule %(fwr)s failed"),
                          {'fwr': firewall_rule})
                utils._rollback_on_err(self, context, e)

    def insert_rule(self, context, id, rule_info):
        self._ensure_update_firewall_policy(context, id)
        try:
            fwp = super(FortinetFirewallPlugin,
                    self).insert_rule(context, id, rule_info)
            self._rpc_update_firewall_policy(context, id)
            utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)
            return fwp
        except Exception as e:
            with excutils.save_and_reraise_exception():
                self.remove_rule(context, id, rule_info)
                utils._rollback_on_err(self, context, e)

    def remove_rule(self, context, id, rule_info):
        LOG.debug("Fortinet_plugin remove_rule() called")
        self._ensure_update_firewall_policy(context, id)
        if rule_info.get('firewall_rule_id', None):
            firewall_rule = self._get_firewall_rule(
                context, rule_info['firewall_rule_id'])
            fwr = self._make_firewall_rule_dict(firewall_rule)
            self._delete_firewall_rule(context, fwr['tenant_id'], **fwr)
        fwp = super(FortinetFirewallPlugin, self).remove_rule(
            context, id, rule_info)
        self._rpc_update_firewall_policy(context, id)
        return fwp

    def get_firewalls(self, context, filters=None, fields=None):
        LOG.debug("fwaas get_firewalls() called, filters=%(filters)s, "
                  "fields=%(fields)s",
                  {'filters': filters, 'fields': fields})
        fw_list = super(FortinetFirewallPlugin, self).get_firewalls(
                        context, filters, fields)
        for fw in fw_list:
            fw_current_rtrs = self.get_firewall_routers(context, fw['id'])
            fw['router_ids'] = fw_current_rtrs
        return fw_list

    def get_firewall(self, context, id, fields=None):
        LOG.debug("fwaas get_firewall() called")
        res = super(FortinetFirewallPlugin, self).get_firewall(
                        context, id, fields)
        fw_current_rtrs = self.get_firewall_routers(context, id)
        res['router_ids'] = fw_current_rtrs
        return res

    def _apply_firewall(self, context, **fw_with_rules):
        tenant_id = fw_with_rules['tenant_id']
        default_fwr = self._make_default_firewall_rule_dict(tenant_id)
        try:
            if fw_with_rules.get('del-router-ids', None):
                for fwr in list(fw_with_rules.get('firewall_rule_list', None)):
                    self._delete_firewall_rule(context, tenant_id, **fwr)
                if default_fwr:
                    self._delete_firewall_rule(
                        context, tenant_id, **default_fwr)
                self.update_firewall_status(
                    context, fw_with_rules['id'], n_consts.INACTIVE)

            if fw_with_rules.get('add-router-ids', None):
                vdom = getattr(
                    fortinet_db.Fortinet_ML2_Namespace.query_one(
                        context, tenant_id=tenant_id), 'vdom', None)
                if not vdom:
                    raise fw_exc.FirewallInternalDriverError(
                        driver='Fortinet_fwaas_plugin')
                if default_fwr:
                    self._add_firewall_rule(context, tenant_id, **default_fwr)
                for fwr in reversed(
                        list(fw_with_rules.get('firewall_rule_list', None))):
                    self._add_firewall_rule(context, tenant_id, **fwr)
                self.update_firewall_status(
                    context, fw_with_rules['id'], n_consts.ACTIVE)
            else:
                self.update_firewall_status(
                    context, fw_with_rules['id'], n_consts.INACTIVE)
        except Exception as e:
            with excutils.save_and_reraise_exception():
                LOG.error(_LE("apply_firewall %(fws)s failed"),
                          {'fws': fw_with_rules})
                utils._rollback_on_err(self, context, e)
        utils.update_status(self, context, t_consts.TaskStatus.COMPLETED)

    def _add_firewall_rule(self, context, fwp_tenant_id, **fwr):
        """
        :param obj:
        :param context:
        :param kwargs: dictionary, firewall rule
        firewall_rule: {'source_ip_address': u'192.176.10.0/24',... }
        :return:
        """
        LOG.debug("# _add_firewall_rule() called")
        namespace = fortinet_db.Fortinet_ML2_Namespace.query_one(
            context, tenant_id=fwp_tenant_id)
        vdom = getattr(namespace, 'vdom', None)
        if not vdom or not fwr:
            return None
        inf_int, inf_ext = utils.get_vlink_intf(
            self, context, vdom=namespace.vdom)
        srcaddr = self._add_fwr_ip_address(
            context, vdom, place='source_ip_address', **fwr)
        dstaddr = self._add_fwr_ip_address(
            context, vdom, place='destination_ip_address', **fwr)
        service = self._add_fwr_service(context, vdom, **fwr)
        action = self._get_fwr_action(**fwr)
        profiles = self._get_fwp_profiles(action)
        match_vip = 'enable'
        name = fwr.get('name', '')
        # add a basic firewall rule('accept': incoming, 'deny': bidirectional)
        fortinet_fwp = utils.add_fwpolicy_to_head(self, context,
                                                  vdom=vdom,
                                                  srcaddr=srcaddr['name'],
                                                  srcintf='any',
                                                  dstaddr=dstaddr['name'],
                                                  dstintf='any',
                                                  service=service['name'],
                                                  match_vip=match_vip,
                                                  action=action,
                                                  comments=name,
                                                  **profiles)
        utils.add_record(self, context,
                         fortinet_db.Fortinet_FW_Rule_Association,
                         fwr_id=fwr['id'],
                         fortinet_pid=fortinet_fwp.id,
                         type=constants.TYPE_INT)

        if action in ['accept']:
            # if allow, for the outgoing traffic it need to enable nat
            fortinet_fwp = utils.add_fwpolicy_to_head(self, context,
                                                      vdom=vdom,
                                                      srcaddr=srcaddr['name'],
                                                      srcintf='any',
                                                      dstaddr=dstaddr['name'],
                                                      dstintf=inf_int,
                                                      nat='enable',
                                                      service=service['name'],
                                                      action=action,
                                                      comments=name,
                                                      **profiles)
            utils.add_record(self, context,
                             fortinet_db.Fortinet_FW_Rule_Association,
                             fwr_id=fwr['id'],
                             fortinet_pid=fortinet_fwp.id,
                             type=constants.TYPE_EXT)

    def _update_firewall_rule(self, context, id, firewall_rule):
        LOG.debug("# _add_firewall_rule() called")
        fwps_int = fortinet_db.Fortinet_FW_Rule_Association.query_all(
            context, fwr_id=id, type=constants.TYPE_INT)
        fwps_ext = fortinet_db.Fortinet_FW_Rule_Association.query_all(
            context, fwr_id=id, type=constants.TYPE_EXT)
        if fwps_ext and fwps_int:
            fwps = fwps_int + fwps_ext
        else:
            fwps = fwps_int or fwps_ext
        if not fwps:
            return
        firewall_rule.setdefault('id', id)
        srcaddr = self._make_fortinet_fwaddress_dict(
            place='source_ip_address', **firewall_rule)
        dstaddr = self._make_fortinet_fwaddress_dict(
            place='destination_ip_address', **firewall_rule)
        service = self._make_fortinet_fwservice_dict(**firewall_rule)
        action = self._get_fwr_action(**firewall_rule)
        profiles = self._get_fwp_profiles(action)
        for fwp in fwps_int:
            vdom = fwp.fortinet_policy.vdom
            if service['name'] != 'ALL':
                utils.set_fwservice(self, context, vdom=vdom, **service)
            if srcaddr['name'] != 'all':
                utils.set_fwaddress(self, context, vdom=vdom, **srcaddr)
            if dstaddr['name'] != 'all':
                utils.set_fwaddress(self, context, vdom=vdom, **dstaddr)
        # check whether related firewall policies need to update
        fwp = fwps_int[0].fortinet_policy
        name = firewall_rule.setdefault('name', fwp.comments)
        if fwp.srcaddr == srcaddr['name'] and fwp.action == action and \
            fwp.dstaddr == dstaddr['name'] and fwp.service == service['name']:
            return
        if action in ['accept']:
            for fwp in fwps:
                fortinet_fwp = utils.set_fwpolicy(self, context,
                                                  id=fwp.fortinet_pid,
                                                  srcaddr=srcaddr['name'],
                                                  dstaddr=dstaddr['name'],
                                                  service=service['name'],
                                                  action=action,
                                                  comments=name,
                                                  **profiles)
                if not fwps_ext:
                    inf_int, inf_ext = utils.get_vlink_intf(
                        self, context, vdom=fortinet_fwp.vdom)
                    utils.add_fwaas_subpolicy(self, context,
                                              before=fortinet_fwp.edit_id,
                                              vdom=fortinet_fwp.vdom,
                                              srcaddr=srcaddr['name'],
                                              dstaddr=dstaddr['name'],
                                              dstintf=inf_int,
                                              nat='enable',
                                              service=service['name'],
                                              action=action,
                                              comments=name,
                                              fwr_id=id,
                                              type=constants.TYPE_EXT,
                                              **profiles)
        elif action in ['deny']:
            for fwp_ext in fwps_ext:
                utils.delete_fwaas_subpolicy(self, context,
                                             fwr_id=fwp_ext.fwr_id,
                                             fortinet_pid=fwp_ext.fortinet_pid)
            for fwp in fwps_int:
                utils.set_fwpolicy(self, context,
                                   id=fwp.fortinet_pid,
                                   srcaddr=srcaddr['name'],
                                   dstaddr=dstaddr['name'],
                                   service=service['name'],
                                   action=action,
                                   comments=name,
                                   **profiles)
        for fwp in fwps_int:
            vdom = fwp.fortinet_policy.vdom
            if service['name'] == 'ALL':
                #delete all old services if exist
                utils.delete_fwservice(self, context, vdom=vdom, name=id)
            if srcaddr['name'] == 'all':
                name = constants.PREFIX['source_ip_address'] + id
                utils.delete_fwaddress(self, context, vdom=vdom, name=name)
            if dstaddr['name'] == 'all':
                name = constants.PREFIX['destination_ip_address'] + id
                utils.delete_fwaddress(self, context, vdom=vdom, name=name)

    def _delete_firewall_rule(self, context, fwp_tenant_id, **fwr):
        """
        :param obj:
        :param context:
        :param kwargs: dictionary, firewall rule
        firewall_rule: {'source_ip_address': u'192.176.10.0/24',... }
        :return:
        """
        # need to consider shared firewall rules
        LOG.debug("# _delete_firewall_rule() called")
        namespace = fortinet_db.Fortinet_ML2_Namespace.query_one(
            context, tenant_id=fwp_tenant_id)
        if not namespace:
            return None
        fwp_assed = fortinet_db.Fortinet_FW_Rule_Association.query_all(
            context, fwr_id=fwr['id'])
        for fwp in fwp_assed:
            fortinet_db.delete_record(
                context, fortinet_db.Fortinet_FW_Rule_Association,
                fwr_id=fwp.fwr_id, fortinet_pid=fwp.fortinet_pid)
            utils.delete_fwpolicy(
                self, context, id=fwp.fortinet_pid, vdom=namespace.vdom)

        if fwr.get('source_ip_address', None):
            srcaddr = constants.PREFIX['source_ip_address'] + fwr['id']
            utils.delete_fwaddress(
                self, context, vdom=namespace.vdom, name=srcaddr)
        if fwr.get('destination_ip_address', None):
            dstaddr = constants.PREFIX['destination_ip_address'] + fwr['id']
            utils.delete_fwaddress(
                self, context, vdom=namespace.vdom, name=dstaddr)
        self._delete_fwr_service(context, namespace.vdom, **fwr)

    def _update_firewall_rule_dict(self, context, id, firewall_rule):
        fwr = firewall_rule.get('firewall_rule', firewall_rule)
        fwr_db = self._get_firewall_rule(context, id)
        if fwr_db.firewall_policy_id:
            fwp_db = self._get_firewall_policy(context,
                                               fwr_db.firewall_policy_id)
            if 'shared' in fwr and not fwr['shared']:
                if fwr_db['tenant_id'] != fwp_db['tenant_id']:
                    raise fw_exc.FirewallRuleInUse(firewall_rule_id=id)
        fwr.setdefault('source_port',
                       self._get_port_range_from_min_max_ports(
                           fwr_db['source_port_range_min'],
                           fwr_db['source_port_range_max']))
        fwr.setdefault('destination_port',
                       self._get_port_range_from_min_max_ports(
                           fwr_db['destination_port_range_min'],
                           fwr_db['destination_port_range_max']))
        keys = ['name', 'protocol', 'action', 'shared', 'ip_version',
                'source_ip_address', 'destination_ip_address', 'enabled']
        for key in keys:
            fwr.setdefault(key, fwr_db[key])
        return fwr

    def _make_default_firewall_rule_dict(self, tenant_id):
        if tenant_id and self._fortigate["enable_default_fwrule"]:
            return {'id': tenant_id,
                    'tenant_id': tenant_id,
                    'name': '_default_rule_deny_all',
                    'description': '_default_rule_deny_all',
                    'protocol': None,
                    'source_ip_address': None,
                    'source_port': None,
                    'destination_ip_address': None,
                    'destination_port': None,
                    'action': 'deny'}
        else:
            return {}

    def _add_fwr_ip_address(self, context, vdom,
                            place='source_ip_address', **fwr):
        fwaddress = self._make_fortinet_fwaddress_dict(
            place=place, vdom=vdom, **fwr)
        utils.add_fwaddress(self, context, **fwaddress)
        return fwaddress

    def _make_fortinet_fwaddress_dict(self, place='source_ip_address',
                                      vdom=None, **fwr):
        fwaddress = {}
        if place not in ['source_ip_address', 'destination_ip_address']:
            raise ValueError("_add_fwr_ip_address() value error of where")
        if vdom:
            fwaddress.setdefault('vdom', vdom)
        if fwr.get(place, None):
            fwaddress.setdefault('name', constants.PREFIX[place] + fwr['id'])
            fwaddress.setdefault('subnet', utils.get_subnet(fwr[place]))
        else:
            fwaddress.setdefault('name', 'all')
        return fwaddress

    def _add_fwr_service(self, context, vdom, **fwr):
        kw_service = self._make_fortinet_fwservice_dict(vdom=vdom, **fwr)
        utils.add_fwservice(self, context, **kw_service)
        return kw_service

    def _make_fortinet_fwservice_dict(self, vdom=None, **fwr):
        LOG.debug("_make_fortinet_fwservice_dict() fwr=%(fwr)s", {'fwr': fwr})
        kw_service = {}
        if vdom:
            kw_service.setdefault('vdom', vdom)
        if fwr['protocol'] in ['any', None] and \
            not fwr['destination_port'] and not fwr['source_port']:
            # SamSu: The firewall service 'all' was already added by default
            kw_service.setdefault('name', 'ALL')
        else:
            portrange = ':'.join([
                utils.port_range(fwr['destination_port']),
                utils.port_range(fwr['source_port'])])
            if fwr['protocol'] in ['tcp']:
                kw_service.setdefault('tcp_portrange', portrange)
            elif fwr['protocol'] in ['udp']:
                kw_service.setdefault('udp_portrange', portrange)
            elif fwr['protocol'] in ['icmp']:
                kw_service.setdefault('protocol', 'ICMP')
            kw_service.setdefault('name', fwr['id'])
            kw_service.setdefault('comment', fwr.get('name', ''))
        return kw_service

    def _delete_fwr_service(self, context, vdom, **fwr):
        LOG.debug("# _delete_fwr_service() fwr=%(fwr)s", {'fwr': fwr})
        if fwr['protocol'] in ['any', None] and \
            not fwr['destination_port'] and not fwr['source_port']:
            return None
        else:
            return utils.delete_fwservice(
                self, context, vdom=vdom, name=fwr['id'])

    def _get_fwr_action(self, **fwr):
        if fwr.get('action', None) in ['allow']:
            action = 'accept'
        else:
            action = 'deny'
        return action

    def _get_fwp_profiles(self, action):
        profiles = {
            'av_profile': None,
            'webfilter_profile': None,
            'ips_sensor': None,
            'application_list': None,
            'ssl_ssh_profile': None
        }
        if action in ['allow', 'accept']:
            for key in profiles:
                profiles[key] = self._fortigate[key]
        return profiles

    def _get_fip_before_id(self, context, fwr_id):
        fwp_assed = fortinet_db.Fortinet_FW_Rule_Association.query_one(
                context, type=constants.TYPE_EXT, fwr_id=fwr_id)
        if not fwp_assed:
            fwp_assed = fortinet_db.Fortinet_FW_Rule_Association.query_one(
                context, type=constants.TYPE_INT, fwr_id=fwr_id)
        fwp = fortinet_db.query_record(context,
                                       fortinet_db.Fortinet_Firewall_Policy,
                                       id=fwp_assed.fortinet_pid)
        return getattr(fwp, 'edit_id', None)

    def _get_fips_in_fw(self, context, tenant_id, fw_net):
        fw_fips = []
        if not fw_net:
            return fw_fips
        namespace = fortinet_db.Fortinet_ML2_Namespace.query_one(
            context, tenant_id=tenant_id)
        if not namespace:
            return fw_fips
        db_fips = fortinet_db.query_records(
            context, l3_db.FloatingIP, tenant_id=tenant_id,
            status=n_consts.FLOATINGIP_STATUS_ACTIVE)
        for fip in db_fips:
            if getattr(fip, 'fixed_ip_address', None) and \
                    IPAddress(fip.fixed_ip_address) in IPNetwork(fw_net):
                fw_fips.append((fip.id, fip.floating_ip_address))
        return fw_fips