def _call_operation_object(self, operation, object_type):
context = self._get_mock_operation_context(object_type)
if object_type in [odl_const.ODL_SG, odl_const.ODL_SG_RULE]:
res_type = [
rt for rt in callback._RESOURCE_MAPPING.values()
if rt.singular == object_type
][0]
res_id = context[object_type]['id']
context_ = (copy.deepcopy(context)
if operation != odl_const.ODL_DELETE else None)
plugin_context = self.db_context
if (object_type == odl_const.ODL_SG and operation
in [odl_const.ODL_CREATE, odl_const.ODL_DELETE]):
# TODO(yamahata): remove this work around once
# https://review.openstack.org/#/c/281693/
# is merged.
if operation == odl_const.ODL_CREATE:
sg = securitygroup.SecurityGroup(
id=res_id,
name=context_[object_type]['name'],
tenant_id=context_[object_type]['tenant_id'],
description=context_[object_type]['description'])
plugin_context.session.add(sg)
sg_dict = dict(sg)
sg_dict['security_group_rules'] = []
with self.db_session.begin(subtransactions=True):
self.mech.sync_from_callback_precommit(
plugin_context,
operation,
res_type,
res_id,
context_,
security_group=sg_dict)
if operation == odl_const.ODL_DELETE:
with self.db_session.begin(subtransactions=True):
self.mech.sync_from_callback_precommit(
plugin_context,
operation,
res_type,
res_id,
context_,
security_group={
'security_group_rules': {
'id': SG_RULE_FAKE_ID
}
},
security_group_rule_ids=[SG_RULE_FAKE_ID])
else:
with self.db_session.begin(subtransactions=True):
self.mech.sync_from_callback_precommit(
plugin_context, operation, res_type, res_id, context_)
else:
method = getattr(self.mech,
'%s_%s_precommit' % (operation, object_type))
with self.db_session.begin(subtransactions=True):
method(context)
def create_provider_security_group(self, context, security_group):
"""Create a provider security group.
This method creates a security group that does not by default
enable egress traffic which normal neutron security groups do.
"""
s = security_group['security_group']
tenant_id = s['tenant_id']
with db_api.autonested_transaction(context.session):
security_group_db = securitygroups_db.SecurityGroup(
id=s.get('id') or (uuidutils.generate_uuid()),
description=s.get('description', ''),
tenant_id=tenant_id,
name=s.get('name', ''))
context.session.add(security_group_db)
secgroup_dict = self._make_security_group_dict(security_group_db)
secgroup_dict[provider_sg.PROVIDER] = True
return secgroup_dict
def _call_operation_object(self, operation, object_type):
context = self._get_mock_operation_context(object_type)
if object_type in [odl_const.ODL_SG, odl_const.ODL_SG_RULE]:
plugin_context_mock = mock.Mock()
plugin_context_mock.session = neutron_db_api.get_writer_session()
res_type = [
rt for rt in callback._RESOURCE_MAPPING.values()
if rt.singular == object_type
][0]
res_id = context[object_type]['id']
context_ = (copy.deepcopy(context)
if operation != odl_const.ODL_DELETE else None)
if (object_type == odl_const.ODL_SG and operation
in [odl_const.ODL_CREATE, odl_const.ODL_DELETE]):
# TODO(yamahata): remove this work around once
# https://review.openstack.org/#/c/281693/
# is merged.
if operation == odl_const.ODL_CREATE:
sg = securitygroup.SecurityGroup(
id=res_id,
name=context_[object_type]['name'],
tenant_id=context_[object_type]['tenant_id'],
description=context_[object_type]['description'])
plugin_context_mock.session.add(sg)
context_[odl_const.ODL_SG].pop('id', None)
if operation == odl_const.ODL_DELETE:
sg = mock.Mock()
sg.rules = []
self.mech.sync_from_callback_precommit(plugin_context_mock,
operation,
res_type,
res_id,
context_,
security_group=sg)
else:
self.mech.sync_from_callback_precommit(plugin_context_mock,
operation, res_type,
res_id, context_)
else:
method = getattr(self.mech,
'%s_%s_precommit' % (operation, object_type))
method(context)
def create_security_group(self, context, security_group, default_sg=False):
"""Create security group.
If default_sg is true that means we are a default security group for
a given tenant if it does not exist.
"""
s = security_group['security_group']
kwargs = {
'context': context,
'security_group': s,
'is_default': default_sg,
}
self._registry_notify(resources.SECURITY_GROUP, events.BEFORE_CREATE,
exc_cls=ext_sg.SecurityGroupConflict, **kwargs)
tenant_id = s['tenant_id']
if not default_sg:
self._ensure_default_security_group(context, tenant_id)
else:
existing_def_sg_id = self._get_default_sg_id(context, tenant_id)
if existing_def_sg_id is not None:
# default already exists, return it
return self.get_security_group(context, existing_def_sg_id)
with db_api.autonested_transaction(context.session):
security_group_db = sg_models.SecurityGroup(id=s.get('id') or (
uuidutils.generate_uuid()),
description=s['description'],
tenant_id=tenant_id,
name=s['name'])
context.session.add(security_group_db)
if default_sg:
context.session.add(sg_models.DefaultSecurityGroup(
security_group=security_group_db,
tenant_id=security_group_db['tenant_id']))
for ethertype in ext_sg.sg_supported_ethertypes:
if default_sg:
# Allow intercommunication
ingress_rule = sg_models.SecurityGroupRule(
id=uuidutils.generate_uuid(), tenant_id=tenant_id,
security_group=security_group_db,
direction='ingress',
ethertype=ethertype,
source_group=security_group_db)
context.session.add(ingress_rule)
egress_rule = sg_models.SecurityGroupRule(
id=uuidutils.generate_uuid(), tenant_id=tenant_id,
security_group=security_group_db,
direction='egress',
ethertype=ethertype)
context.session.add(egress_rule)
self._registry_notify(resources.SECURITY_GROUP,
events.PRECOMMIT_CREATE,
exc_cls=ext_sg.SecurityGroupConflict,
**kwargs)
secgroup_dict = self._make_security_group_dict(security_group_db)
kwargs['security_group'] = secgroup_dict
registry.notify(resources.SECURITY_GROUP, events.AFTER_CREATE, self,
**kwargs)
return secgroup_dict
def _populate_neutron_db(self):
self.plugin.create_network(self.ctx, {"network": {
"tenant_id": self.tenant_id,
"id": self.net_id,
"shared": False,
"name": "test_net_1",
"admin_state_up": True,
"description": ""
}})
self.plugin.create_subnetpool(self.ctx, {"subnetpool": {
"tenant_id": self.tenant_id,
"id": self.ip_pool_id,
"name": "default_test_pool",
"prefixes": ["192.168.0.0", "192.168.1.0", "192.168.2.0"],
# "min_prefix": 16,
"min_prefixlen": 16,
# "max_prefix": "",
"max_prefixlen": 32,
# "default_prefix": "",
"default_prefixlen": 32,
# "default_quota": "",
# "address_scope_id": "",
"is_default": True,
"shared": True,
"description": ""
}})
self.plugin.create_port(self.ctx, {"port": {
"tenant_id": self.tenant_id,
"name": "test_port_1",
"id": self.port_id_1,
"network_id": self.net_id,
"fixed_ips": constants.ATTR_NOT_SPECIFIED,
"admin_state_up": True,
"device_id": "123",
"device_owner": "admin",
"description": ""
}})
self.plugin.create_port(self.ctx, {"port": {
"tenant_id": self.tenant_id,
"name": "test_port_2",
"id": self.port_id_2,
"network_id": self.net_id,
"fixed_ips": constants.ATTR_NOT_SPECIFIED,
"admin_state_up": True,
"device_id": "1234",
"device_owner": "admin",
"description": ""
}})
subnet = self.plugin.create_subnet(self.ctx, {"subnet": {
"tenant_id": self.tenant_id,
"name": "subnet_192_168",
"cidr": "192.168.0.0/32",
"ip_version": 4,
"network_id": self.net_id,
"subnetpool_id": self.ip_pool_id,
"allocation_pools": [],
"enable_dhcp": True,
"dns_nameservers": [],
"host_routes": []
}})
neutron_db = [
ml2_models.PortBinding(
port_id=self.port_id_1,
host=self.host,
vif_type="ovs"
),
ml2_models.PortBindingLevel(
port_id=self.port_id_1,
host=self.host,
driver=nsxv3_constants.NSXV3,
level=1
),
models_v2.IPAllocation(
port_id=self.port_id_1,
ip_address="192.168.0.100",
subnet_id=subnet.get("id"),
network_id=self.net_id
),
QosPolicy(
id=self.qos_id_1,
project_id=self.tenant_id,
name="Test_QOS_1"
),
trunk_model.Trunk(
id=self.trunk_id_1,
project_id=self.tenant_id,
name="test_trunk_1",
port_id=self.port_id_1
),
sg_model.SecurityGroup(
id=self.sg_id_1,
project_id=self.tenant_id,
name="test_sg_1",
)
]
with self.session.begin(subtransactions=True):
for entry in neutron_db:
self.session.add(entry)
