cfg_vif_type = override
port[portbindings.VIF_TYPE] = cfg_vif_type
+ sg_enabled = sg_rpc.is_firewall_enabled()
port[portbindings.VIF_DETAILS] = {
# TODO(rkukura): Replace with new VIF security details
portbindings.CAP_PORT_FILTER:
'security-group' in self.supported_extension_aliases,
- portbindings.OVS_HYBRID_PLUG: True
+ portbindings.OVS_HYBRID_PLUG: sg_enabled
}
return port
# License for the specific language governing permissions and limitations
# under the License.
+from neutron.agent import securitygroups_rpc
from neutron.common import constants
from neutron.extensions import portbindings
from neutron.openstack.common import log
"""
def __init__(self):
+ sg_enabled = securitygroups_rpc.is_firewall_enabled()
+ vif_details = {portbindings.CAP_PORT_FILTER: sg_enabled,
+ portbindings.OVS_HYBRID_PLUG: sg_enabled}
super(OfagentMechanismDriver, self).__init__(
constants.AGENT_TYPE_OFA,
portbindings.VIF_TYPE_OVS,
- {portbindings.CAP_PORT_FILTER: True,
- portbindings.OVS_HYBRID_PLUG: True})
+ vif_details)
def check_segment_for_agent(self, segment, agent):
bridge_mappings = agent['configurations'].get('bridge_mappings', {})
# License for the specific language governing permissions and limitations
# under the License.
+from neutron.agent import securitygroups_rpc
from neutron.common import constants
from neutron.extensions import portbindings
from neutron.openstack.common import log
"""
def __init__(self):
+ sg_enabled = securitygroups_rpc.is_firewall_enabled()
+ vif_details = {portbindings.CAP_PORT_FILTER: sg_enabled,
+ portbindings.OVS_HYBRID_PLUG: sg_enabled}
super(OpenvswitchMechanismDriver, self).__init__(
constants.AGENT_TYPE_OVS,
portbindings.VIF_TYPE_OVS,
- {portbindings.CAP_PORT_FILTER: True,
- portbindings.OVS_HYBRID_PLUG: True})
+ vif_details)
def check_segment_for_agent(self, segment, agent):
mappings = agent['configurations'].get('bridge_mappings', {})
self._cleanup_ofc_tenant(context, tenant_id)
def _get_base_binding_dict(self):
- binding = {
- portbindings.VIF_TYPE: portbindings.VIF_TYPE_OVS,
- portbindings.VIF_DETAILS: {
- # TODO(rkukura): Replace with new VIF security details
- portbindings.CAP_PORT_FILTER:
- 'security-group' in self.supported_extension_aliases,
- portbindings.OVS_HYBRID_PLUG: True
- }
- }
+ sg_enabled = sg_rpc.is_firewall_enabled()
+ vif_details = {portbindings.CAP_PORT_FILTER: sg_enabled,
+ portbindings.OVS_HYBRID_PLUG: sg_enabled}
+ binding = {portbindings.VIF_TYPE: portbindings.VIF_TYPE_OVS,
+ portbindings.VIF_DETAILS: vif_details}
return binding
def _extend_port_dict_binding_portinfo(self, port_res, portinfo):
def __init__(self, configfile=None):
super(RyuNeutronPluginV2, self).__init__()
- self.base_binding_dict = {
- portbindings.VIF_TYPE: portbindings.VIF_TYPE_OVS,
- portbindings.VIF_DETAILS: {
- # TODO(rkukura): Replace with new VIF security details
- portbindings.CAP_PORT_FILTER:
- 'security-group' in self.supported_extension_aliases,
- portbindings.OVS_HYBRID_PLUG: True
- }
- }
+ self.base_binding_dict = self._get_base_binding_dict()
portbindings_base.register_port_dict_function()
self.tunnel_key = db_api_v2.TunnelKey(
cfg.CONF.OVS.tunnel_key_min, cfg.CONF.OVS.tunnel_key_max)
# register known all network list on startup
self._create_all_tenant_network()
+ def _get_base_binding_dict(self):
+ sg_enabled = sg_rpc.is_firewall_enabled()
+ vif_details = {portbindings.CAP_PORT_FILTER: sg_enabled,
+ portbindings.OVS_HYBRID_PLUG: sg_enabled}
+ binding = {portbindings.VIF_TYPE: portbindings.VIF_TYPE_OVS,
+ portbindings.VIF_DETAILS: vif_details}
+ return binding
+
def _setup_rpc(self):
self.service_topics = {svc_constants.CORE: topics.PLUGIN,
svc_constants.L3_ROUTER_NAT: topics.L3PLUGIN}
# VIF_TYPE must be overridden according to plugin vif_type
VIF_TYPE = portbindings.VIF_TYPE_OTHER
- # The plugin supports the port security feature such as
- # security groups and anti spoofing.
- HAS_PORT_FILTER = False
+ # VIF_DETAILS must be overridden according to plugin vif_details
+ VIF_DETAILS = None
def _check_response_portbindings(self, port):
self.assertEqual(port[portbindings.VIF_TYPE], self.VIF_TYPE)
- vif_details = port[portbindings.VIF_DETAILS]
# REVISIT(rkukura): Consider reworking tests to enable ML2 to bind
+
if self.VIF_TYPE not in [portbindings.VIF_TYPE_UNBOUND,
portbindings.VIF_TYPE_BINDING_FAILED]:
- # TODO(rkukura): Replace with new VIF security details
- self.assertEqual(vif_details[portbindings.CAP_PORT_FILTER],
- self.HAS_PORT_FILTER)
+ # NOTE(r-mibu): The following six lines are just for backward
+ # compatibility. In this class, HAS_PORT_FILTER has been replaced
+ # by VIF_DETAILS which can be set expected vif_details to check,
+ # but all replacement of HAS_PORT_FILTER in successor has not been
+ # completed.
+ if self.VIF_DETAILS is None:
+ expected = getattr(self, 'HAS_PORT_FILTER', False)
+ vif_details = port[portbindings.VIF_DETAILS]
+ port_filter = vif_details[portbindings.CAP_PORT_FILTER]
+ self.assertEqual(expected, port_filter)
+ return
+ self.assertEqual(self.VIF_DETAILS, port[portbindings.VIF_DETAILS])
def _check_response_no_portbindings(self, port):
self.assertIn('status', port)
# The following must be overridden for the specific mechanism
# driver being tested:
VIF_TYPE = None
- CAP_PORT_FILTER = None
+ VIF_DETAILS = None
AGENT_TYPE = None
AGENTS = None
AGENTS_DEAD = None
self.assertEqual(context._bound_vif_type, self.VIF_TYPE)
vif_details = context._bound_vif_details
self.assertIsNotNone(vif_details)
- self.assertEqual(vif_details[portbindings.CAP_PORT_FILTER],
- self.CAP_PORT_FILTER)
+ # NOTE(r-mibu): The following five lines are just for backward
+ # compatibility. In this class, HAS_PORT_FILTER has been replaced
+ # by VIF_DETAILS which can be set expected vif_details to check,
+ # but all replacement of HAS_PORT_FILTER in successor has not been
+ # completed.
+ if self.VIF_DETAILS is None:
+ expected = getattr(self, 'CAP_PORT_FILTER', None)
+ port_filter = vif_details[portbindings.CAP_PORT_FILTER]
+ self.assertEqual(expected, port_filter)
+ return
+ self.assertEqual(self.VIF_DETAILS, vif_details)
class AgentMechanismGenericTestCase(AgentMechanismBaseTestCase):
# License for the specific language governing permissions and limitations
# under the License.
+from oslo.config import cfg
+
from neutron.common import constants
from neutron.extensions import portbindings
from neutron.plugins.ml2.drivers import mech_ofagent
class OfagentMechanismBaseTestCase(base.AgentMechanismBaseTestCase):
VIF_TYPE = portbindings.VIF_TYPE_OVS
- CAP_PORT_FILTER = True
+ VIF_DETAILS = {portbindings.CAP_PORT_FILTER: True,
+ portbindings.OVS_HYBRID_PLUG: True}
AGENT_TYPE = constants.AGENT_TYPE_OFA
GOOD_MAPPINGS = {'fake_physical_network': 'fake_interface'}
self.driver.initialize()
+class OfagentMechanismSGDisabledBaseTestCase(OfagentMechanismBaseTestCase):
+ VIF_DETAILS = {portbindings.CAP_PORT_FILTER: False,
+ portbindings.OVS_HYBRID_PLUG: False}
+
+ def setUp(self):
+ cfg.CONF.set_override('enable_security_group',
+ False,
+ group='SECURITYGROUP')
+ super(OfagentMechanismSGDisabledBaseTestCase, self).setUp()
+
+
class OfagentMechanismGenericTestCase(OfagentMechanismBaseTestCase,
base.AgentMechanismGenericTestCase):
pass
pass
+class OfagentMechanismSGDisabledLocalTestCase(
+ OfagentMechanismSGDisabledBaseTestCase,
+ base.AgentMechanismLocalTestCase):
+ pass
+
+
# The following tests are for deprecated "bridge_mappings".
# TODO(yamamoto): Remove them.
class OfagentMechanismPhysBridgeTestCase(base.AgentMechanismBaseTestCase):
VIF_TYPE = portbindings.VIF_TYPE_OVS
- CAP_PORT_FILTER = True
+ VIF_DETAILS = {portbindings.CAP_PORT_FILTER: True,
+ portbindings.OVS_HYBRID_PLUG: True}
AGENT_TYPE = constants.AGENT_TYPE_OFA
GOOD_MAPPINGS = {'fake_physical_network': 'fake_bridge'}
# License for the specific language governing permissions and limitations
# under the License.
+from oslo.config import cfg
+
from neutron.common import constants
from neutron.extensions import portbindings
from neutron.plugins.ml2.drivers import mech_openvswitch
class OpenvswitchMechanismBaseTestCase(base.AgentMechanismBaseTestCase):
VIF_TYPE = portbindings.VIF_TYPE_OVS
- CAP_PORT_FILTER = True
+ VIF_DETAILS = {portbindings.CAP_PORT_FILTER: True,
+ portbindings.OVS_HYBRID_PLUG: True}
AGENT_TYPE = constants.AGENT_TYPE_OVS
GOOD_MAPPINGS = {'fake_physical_network': 'fake_bridge'}
self.driver.initialize()
+class OpenvswitchMechanismSGDisabledBaseTestCase(
+ OpenvswitchMechanismBaseTestCase):
+ VIF_DETAILS = {portbindings.CAP_PORT_FILTER: False,
+ portbindings.OVS_HYBRID_PLUG: False}
+
+ def setUp(self):
+ cfg.CONF.set_override('enable_security_group',
+ False,
+ group='SECURITYGROUP')
+ super(OpenvswitchMechanismSGDisabledBaseTestCase, self).setUp()
+
+
class OpenvswitchMechanismGenericTestCase(OpenvswitchMechanismBaseTestCase,
base.AgentMechanismGenericTestCase):
pass
class OpenvswitchMechanismGreTestCase(OpenvswitchMechanismBaseTestCase,
base.AgentMechanismGreTestCase):
pass
+
+
+class OpenvswitchMechanismSGDisabledLocalTestCase(
+ OpenvswitchMechanismSGDisabledBaseTestCase,
+ base.AgentMechanismLocalTestCase):
+ pass
class TestNecPortBinding(test_bindings.PortBindingsTestCase,
test_nec_plugin.NecPluginV2TestCase):
VIF_TYPE = portbindings.VIF_TYPE_OVS
- HAS_PORT_FILTER = True
+ VIF_DETAILS = {portbindings.CAP_PORT_FILTER: True,
+ portbindings.OVS_HYBRID_PLUG: True}
ENABLE_SG = True
FIREWALL_DRIVER = test_sg_rpc.FIREWALL_HYBRID_DRIVER
class TestNecPortBindingNoSG(TestNecPortBinding):
- HAS_PORT_FILTER = False
+ VIF_DETAILS = {portbindings.CAP_PORT_FILTER: False,
+ portbindings.OVS_HYBRID_PLUG: False}
ENABLE_SG = False
FIREWALL_DRIVER = test_sg_rpc.FIREWALL_NOOP_DRIVER
Code Review / openstack-build / neutron-build.git / commitdiff