def attach_vpn_gateway(context, vpc_id, vpn_gateway_id): vpn_gateway = ec2utils.get_db_item(context, vpn_gateway_id) vpc = ec2utils.get_db_item(context, vpc_id) if vpn_gateway["vpc_id"] and vpn_gateway["vpc_id"] != vpc["id"]: raise exception.VpnGatewayAttachmentLimitExceeded() attached_vgw = ec2utils.get_attached_gateway(context, vpc["id"], "vgw") if attached_vgw and attached_vgw["id"] != vpn_gateway["id"]: raise exception.InvalidVpcState(vpc_id=vpc["id"], vgw_id=attached_vgw["id"]) subnets = [subnet for subnet in db_api.get_items(context, "subnet") if subnet["vpc_id"] == vpc["id"]] if not vpn_gateway["vpc_id"]: external_network_id = None if not ec2utils.get_attached_gateway(context, vpc["id"], "igw"): external_network_id = ec2utils.get_os_public_network(context)["id"] neutron = clients.neutron(context) with common.OnCrashCleaner() as cleaner: _attach_vpn_gateway_item(context, vpn_gateway, vpc["id"]) cleaner.addCleanup(_detach_vpn_gateway_item, context, vpn_gateway) if external_network_id: neutron.add_gateway_router(vpc["os_id"], {"network_id": external_network_id}) cleaner.addCleanup(neutron.remove_gateway_router, vpc["os_id"]) for subnet in subnets: _create_subnet_vpnservice(context, neutron, cleaner, subnet, vpc) vpn_connection_api._reset_vpn_connections(context, neutron, cleaner, vpn_gateway, subnets=subnets) return {"attachment": _format_attachment(vpn_gateway)}
def attach_vpn_gateway(context, vpc_id, vpn_gateway_id): vpn_gateway = ec2utils.get_db_item(context, vpn_gateway_id) vpc = ec2utils.get_db_item(context, vpc_id) if vpn_gateway['vpc_id'] and vpn_gateway['vpc_id'] != vpc['id']: raise exception.VpnGatewayAttachmentLimitExceeded() attached_vgw = ec2utils.get_attached_gateway(context, vpc['id'], 'vgw') if attached_vgw and attached_vgw['id'] != vpn_gateway['id']: raise exception.InvalidVpcState(vpc_id=vpc['id'], vgw_id=attached_vgw['id']) subnets = [subnet for subnet in db_api.get_items(context, 'subnet') if subnet['vpc_id'] == vpc['id']] if not vpn_gateway['vpc_id']: external_network_id = None if not ec2utils.get_attached_gateway(context, vpc['id'], 'igw'): external_network_id = ec2utils.get_os_public_network(context)['id'] neutron = clients.neutron(context) with common.OnCrashCleaner() as cleaner: _attach_vpn_gateway_item(context, vpn_gateway, vpc['id']) cleaner.addCleanup(_detach_vpn_gateway_item, context, vpn_gateway) if external_network_id: neutron.add_gateway_router(vpc['os_id'], {'network_id': external_network_id}) cleaner.addCleanup(neutron.remove_gateway_router, vpc['os_id']) for subnet in subnets: _create_subnet_vpnservice(context, neutron, cleaner, subnet, vpc) vpn_connection_api._reset_vpn_connections( context, neutron, cleaner, vpn_gateway, subnets=subnets) return {'attachment': _format_attachment(vpn_gateway)}
def _start_vpn_in_subnet(context, neutron, cleaner, subnet, vpc, route_table): vpn_gateway = ec2utils.get_attached_gateway(context, vpc["id"], "vgw") if not vpn_gateway: return _create_subnet_vpnservice(context, neutron, cleaner, subnet, vpc) vpn_connection_api._reset_vpn_connections( context, neutron, cleaner, vpn_gateway, subnets=[subnet], route_tables=[route_table] )
def _start_vpn_in_subnet(context, neutron, cleaner, subnet, vpc, route_table): vpn_gateway = ec2utils.get_attached_gateway(context, vpc['id'], 'vgw') if not vpn_gateway: return _create_subnet_vpnservice(context, neutron, cleaner, subnet, vpc) vpn_connection_api._reset_vpn_connections(context, neutron, cleaner, vpn_gateway, subnets=[subnet], route_tables=[route_table])
def test_reset_vpn_connections(self, get_route_table_vpn_cidrs, set_subnet_vpn, delete_subnet_vpn): context = base.create_context() cleaner = common.OnCrashCleaner() vpn_gateway_3 = {'id': fakes.random_ec2_id('vpn'), 'os_id': None, 'vpc_id': None} vpn_connection_api._reset_vpn_connections( context, self.neutron, cleaner, vpn_gateway_3) self.assertEqual(0, len(self.db_api.mock_calls)) self.assertFalse(get_route_table_vpn_cidrs.called) self.assertFalse(set_subnet_vpn.called) self.assertFalse(delete_subnet_vpn.called) customer_gateway_3 = {'id': fakes.random_ec2_id('cgw')} subnet_3 = {'id': fakes.random_ec2_id('subnet'), 'vpc_id': fakes.ID_EC2_VPC_2} vpn_connection_3 = {'id': fakes.random_ec2_id('vpn'), 'vpn_gateway_id': fakes.ID_EC2_VPN_GATEWAY_1, 'customer_gateway_id': customer_gateway_3['id'], 'cidrs': []} self.set_mock_db_items( fakes.DB_VPC_1, fakes.DB_VPC_2, fakes.DB_CUSTOMER_GATEWAY_1, fakes.DB_CUSTOMER_GATEWAY_2, customer_gateway_3, fakes.DB_SUBNET_1, fakes.DB_SUBNET_2, subnet_3, fakes.DB_ROUTE_TABLE_1, fakes.DB_ROUTE_TABLE_2, fakes.DB_ROUTE_TABLE_3, fakes.DB_VPN_CONNECTION_1, fakes.DB_VPN_CONNECTION_2, vpn_connection_3) # common case vpn_connection_api._reset_vpn_connections( context, self.neutron, cleaner, fakes.DB_VPN_GATEWAY_1) self.assertEqual(2, set_subnet_vpn.call_count) set_subnet_vpn.assert_any_call( context, self.neutron, cleaner, fakes.DB_SUBNET_2, fakes.DB_VPN_CONNECTION_1, fakes.DB_CUSTOMER_GATEWAY_1, [fakes.CIDR_VPN_1_STATIC]) set_subnet_vpn.assert_any_call( context, self.neutron, cleaner, fakes.DB_SUBNET_2, vpn_connection_3, customer_gateway_3, [fakes.CIDR_VPN_1_STATIC]) self.assertEqual(2, delete_subnet_vpn.call_count) delete_subnet_vpn.assert_any_call( context, self.neutron, cleaner, fakes.DB_SUBNET_1, fakes.DB_VPN_CONNECTION_1) delete_subnet_vpn.assert_any_call( context, self.neutron, cleaner, fakes.DB_SUBNET_1, vpn_connection_3) self.assertEqual(2, get_route_table_vpn_cidrs.call_count) get_route_table_vpn_cidrs.assert_any_call( fakes.DB_ROUTE_TABLE_1, fakes.DB_VPN_GATEWAY_1, [fakes.DB_VPN_CONNECTION_1, vpn_connection_3]) get_route_table_vpn_cidrs.assert_any_call( fakes.DB_ROUTE_TABLE_3, fakes.DB_VPN_GATEWAY_1, [fakes.DB_VPN_CONNECTION_1, vpn_connection_3]) # reset for the vpn connection set_subnet_vpn.reset_mock() delete_subnet_vpn.reset_mock() self.db_api.reset_mock() get_route_table_vpn_cidrs.reset_mock() vpn_connection_api._reset_vpn_connections( context, self.neutron, cleaner, fakes.DB_VPN_GATEWAY_1, vpn_connections=[fakes.DB_VPN_CONNECTION_1]) self.assertEqual(1, set_subnet_vpn.call_count) self.assertEqual(1, delete_subnet_vpn.call_count) self.assertNotIn(mock.call(mock.ANY, 'vpn'), self.db_api.get_items.mock_calls) # reset for the subnet list set_subnet_vpn.reset_mock() delete_subnet_vpn.reset_mock() self.db_api.reset_mock() get_route_table_vpn_cidrs.reset_mock() vpn_connection_api._reset_vpn_connections( context, self.neutron, cleaner, fakes.DB_VPN_GATEWAY_1, subnets=[fakes.DB_SUBNET_1]) self.assertFalse(set_subnet_vpn.called) self.assertEqual(2, delete_subnet_vpn.call_count) self.assertNotIn(mock.call(mock.ANY, 'subnets'), self.db_api.get_items.mock_calls) # reset for the subnet list and the route table set_subnet_vpn.reset_mock() delete_subnet_vpn.reset_mock() self.db_api.reset_mock() get_route_table_vpn_cidrs.reset_mock() vpn_connection_api._reset_vpn_connections( context, self.neutron, cleaner, fakes.DB_VPN_GATEWAY_1, subnets=[fakes.DB_SUBNET_2], route_tables=[fakes.DB_ROUTE_TABLE_3]) self.assertEqual(2, set_subnet_vpn.call_count) self.assertFalse(delete_subnet_vpn.called) self.assertNotIn(mock.call(mock.ANY, 'subnets'), self.db_api.get_items.mock_calls) self.assertNotIn(mock.call(mock.ANY, 'rtb'), self.db_api.get_items.mock_calls)
def test_reset_vpn_connections(self, get_route_table_vpn_cidrs, set_subnet_vpn, delete_subnet_vpn): context = base.create_context() cleaner = common.OnCrashCleaner() vpn_gateway_3 = { 'id': fakes.random_ec2_id('vpn'), 'os_id': None, 'vpc_id': None } vpn_connection_api._reset_vpn_connections(context, self.neutron, cleaner, vpn_gateway_3) self.assertEqual(0, len(self.db_api.mock_calls)) self.assertFalse(get_route_table_vpn_cidrs.called) self.assertFalse(set_subnet_vpn.called) self.assertFalse(delete_subnet_vpn.called) customer_gateway_3 = {'id': fakes.random_ec2_id('cgw')} subnet_3 = { 'id': fakes.random_ec2_id('subnet'), 'vpc_id': fakes.ID_EC2_VPC_2 } vpn_connection_3 = { 'id': fakes.random_ec2_id('vpn'), 'vpn_gateway_id': fakes.ID_EC2_VPN_GATEWAY_1, 'customer_gateway_id': customer_gateway_3['id'], 'cidrs': [] } self.set_mock_db_items(fakes.DB_VPC_1, fakes.DB_VPC_2, fakes.DB_CUSTOMER_GATEWAY_1, fakes.DB_CUSTOMER_GATEWAY_2, customer_gateway_3, fakes.DB_SUBNET_1, fakes.DB_SUBNET_2, subnet_3, fakes.DB_ROUTE_TABLE_1, fakes.DB_ROUTE_TABLE_2, fakes.DB_ROUTE_TABLE_3, fakes.DB_VPN_CONNECTION_1, fakes.DB_VPN_CONNECTION_2, vpn_connection_3) # common case vpn_connection_api._reset_vpn_connections(context, self.neutron, cleaner, fakes.DB_VPN_GATEWAY_1) self.assertEqual(2, set_subnet_vpn.call_count) set_subnet_vpn.assert_any_call(context, self.neutron, cleaner, fakes.DB_SUBNET_2, fakes.DB_VPN_CONNECTION_1, fakes.DB_CUSTOMER_GATEWAY_1, [fakes.CIDR_VPN_1_STATIC]) set_subnet_vpn.assert_any_call(context, self.neutron, cleaner, fakes.DB_SUBNET_2, vpn_connection_3, customer_gateway_3, [fakes.CIDR_VPN_1_STATIC]) self.assertEqual(2, delete_subnet_vpn.call_count) delete_subnet_vpn.assert_any_call(context, self.neutron, cleaner, fakes.DB_SUBNET_1, fakes.DB_VPN_CONNECTION_1) delete_subnet_vpn.assert_any_call(context, self.neutron, cleaner, fakes.DB_SUBNET_1, vpn_connection_3) self.assertEqual(2, get_route_table_vpn_cidrs.call_count) get_route_table_vpn_cidrs.assert_any_call( fakes.DB_ROUTE_TABLE_1, fakes.DB_VPN_GATEWAY_1, [fakes.DB_VPN_CONNECTION_1, vpn_connection_3]) get_route_table_vpn_cidrs.assert_any_call( fakes.DB_ROUTE_TABLE_3, fakes.DB_VPN_GATEWAY_1, [fakes.DB_VPN_CONNECTION_1, vpn_connection_3]) # reset for the vpn connection set_subnet_vpn.reset_mock() delete_subnet_vpn.reset_mock() self.db_api.reset_mock() get_route_table_vpn_cidrs.reset_mock() vpn_connection_api._reset_vpn_connections( context, self.neutron, cleaner, fakes.DB_VPN_GATEWAY_1, vpn_connections=[fakes.DB_VPN_CONNECTION_1]) self.assertEqual(1, set_subnet_vpn.call_count) self.assertEqual(1, delete_subnet_vpn.call_count) self.assertNotIn(mock.call(mock.ANY, 'vpn'), self.db_api.get_items.mock_calls) # reset for the subnet list set_subnet_vpn.reset_mock() delete_subnet_vpn.reset_mock() self.db_api.reset_mock() get_route_table_vpn_cidrs.reset_mock() vpn_connection_api._reset_vpn_connections(context, self.neutron, cleaner, fakes.DB_VPN_GATEWAY_1, subnets=[fakes.DB_SUBNET_1]) self.assertFalse(set_subnet_vpn.called) self.assertEqual(2, delete_subnet_vpn.call_count) self.assertNotIn(mock.call(mock.ANY, 'subnets'), self.db_api.get_items.mock_calls) # reset for the subnet list and the route table set_subnet_vpn.reset_mock() delete_subnet_vpn.reset_mock() self.db_api.reset_mock() get_route_table_vpn_cidrs.reset_mock() vpn_connection_api._reset_vpn_connections( context, self.neutron, cleaner, fakes.DB_VPN_GATEWAY_1, subnets=[fakes.DB_SUBNET_2], route_tables=[fakes.DB_ROUTE_TABLE_3]) self.assertEqual(2, set_subnet_vpn.call_count) self.assertFalse(delete_subnet_vpn.called) self.assertNotIn(mock.call(mock.ANY, 'subnets'), self.db_api.get_items.mock_calls) self.assertNotIn(mock.call(mock.ANY, 'rtb'), self.db_api.get_items.mock_calls)