From: Elena Ezhova Date: Fri, 31 Oct 2014 16:37:46 +0000 (+0300) Subject: Remove duplicate ensure_remove_chain method in iptables_manager X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=6eee93a98c67;p=openstack-build%2Fneutron-build.git Remove duplicate ensure_remove_chain method in iptables_manager Change-Id: I168eda2fa430446786d4106d6807207f4facbfc3 Closes-Bug: #1388162 --- diff --git a/neutron/agent/linux/iptables_firewall.py b/neutron/agent/linux/iptables_firewall.py index 102e90634..f9ecbf2e4 100644 --- a/neutron/agent/linux/iptables_firewall.py +++ b/neutron/agent/linux/iptables_firewall.py @@ -159,8 +159,8 @@ class IptablesFirewallDriver(firewall.FirewallDriver): self.iptables.ipv4['filter'].add_chain(chain_name) def _remove_chain_by_name_v4v6(self, chain_name): - self.iptables.ipv4['filter'].ensure_remove_chain(chain_name) - self.iptables.ipv6['filter'].ensure_remove_chain(chain_name) + self.iptables.ipv4['filter'].remove_chain(chain_name) + self.iptables.ipv6['filter'].remove_chain(chain_name) def _add_rule_to_chain_v4v6(self, chain_name, ipv4_rules, ipv6_rules, comment=None): diff --git a/neutron/agent/linux/iptables_manager.py b/neutron/agent/linux/iptables_manager.py index 6af69ad32..8fbde1051 100644 --- a/neutron/agent/linux/iptables_manager.py +++ b/neutron/agent/linux/iptables_manager.py @@ -138,19 +138,6 @@ class IptablesTable(object): else: return self.unwrapped_chains - def ensure_remove_chain(self, name, wrap=True): - """Ensure the chain is removed. - - This removal "cascades". All rule in the chain are removed, as are - all rules in other chains that jump to it. - """ - name = get_chain_name(name, wrap) - chain_set = self._select_chain_set(wrap) - if name not in chain_set: - return - - self.remove_chain(name, wrap) - def remove_chain(self, name, wrap=True): """Remove named chain. diff --git a/neutron/services/firewall/drivers/linux/iptables_fwaas.py b/neutron/services/firewall/drivers/linux/iptables_fwaas.py index 7f4a2c12a..50c2b8f76 100644 --- a/neutron/services/firewall/drivers/linux/iptables_fwaas.py +++ b/neutron/services/firewall/drivers/linux/iptables_fwaas.py @@ -227,9 +227,9 @@ class IptablesFwaasDriver(fwaas_base.FwaasDriverBase): def _remove_chain_by_name(self, ver, chain_name, ipt_mgr): if ver == IPV4: - ipt_mgr.ipv4['filter'].ensure_remove_chain(chain_name) + ipt_mgr.ipv4['filter'].remove_chain(chain_name) else: - ipt_mgr.ipv6['filter'].ensure_remove_chain(chain_name) + ipt_mgr.ipv6['filter'].remove_chain(chain_name) def _add_rules_to_chain(self, ipt_mgr, ver, chain_name, rules): if ver == IPV4: diff --git a/neutron/tests/unit/services/firewall/drivers/linux/test_iptables_fwaas.py b/neutron/tests/unit/services/firewall/drivers/linux/test_iptables_fwaas.py index f865818c0..c4e633a20 100644 --- a/neutron/tests/unit/services/firewall/drivers/linux/test_iptables_fwaas.py +++ b/neutron/tests/unit/services/firewall/drivers/linux/test_iptables_fwaas.py @@ -136,9 +136,9 @@ class IptablesFwaasTestCase(base.BaseTestCase): ipt_mgr_echain = '%s-%s' % (bname, egress_chain[:11]) for router_info_inst in apply_list: v4filter_inst = router_info_inst.iptables_manager.ipv4['filter'] - calls = [mock.call.ensure_remove_chain('iv4fake-fw-uuid'), - mock.call.ensure_remove_chain('ov4fake-fw-uuid'), - mock.call.ensure_remove_chain('fwaas-default-policy'), + calls = [mock.call.remove_chain('iv4fake-fw-uuid'), + mock.call.remove_chain('ov4fake-fw-uuid'), + mock.call.remove_chain('fwaas-default-policy'), mock.call.add_chain('fwaas-default-policy'), mock.call.add_rule('fwaas-default-policy', '-j DROP'), mock.call.add_chain(ingress_chain), @@ -176,11 +176,11 @@ class IptablesFwaasTestCase(base.BaseTestCase): for ip_version in (4, 6): ingress_chain = ('iv%s%s' % (ip_version, firewall['id'])) egress_chain = ('ov%s%s' % (ip_version, firewall['id'])) - calls = [mock.call.ensure_remove_chain( + calls = [mock.call.remove_chain( 'iv%sfake-fw-uuid' % ip_version), - mock.call.ensure_remove_chain( + mock.call.remove_chain( 'ov%sfake-fw-uuid' % ip_version), - mock.call.ensure_remove_chain('fwaas-default-policy'), + mock.call.remove_chain('fwaas-default-policy'), mock.call.add_chain('fwaas-default-policy'), mock.call.add_rule('fwaas-default-policy', '-j DROP'), mock.call.add_chain(ingress_chain), @@ -216,9 +216,9 @@ class IptablesFwaasTestCase(base.BaseTestCase): self.firewall.delete_firewall('legacy', apply_list, firewall) ingress_chain = 'iv4%s' % firewall['id'] egress_chain = 'ov4%s' % firewall['id'] - calls = [mock.call.ensure_remove_chain(ingress_chain), - mock.call.ensure_remove_chain(egress_chain), - mock.call.ensure_remove_chain('fwaas-default-policy')] + calls = [mock.call.remove_chain(ingress_chain), + mock.call.remove_chain(egress_chain), + mock.call.remove_chain('fwaas-default-policy')] apply_list[0].iptables_manager.ipv4['filter'].assert_has_calls(calls) def test_create_firewall_with_admin_down(self): @@ -226,9 +226,9 @@ class IptablesFwaasTestCase(base.BaseTestCase): rule_list = self._fake_rules_v4(FAKE_FW_ID, apply_list) firewall = self._fake_firewall_with_admin_down(rule_list) self.firewall.create_firewall('legacy', apply_list, firewall) - calls = [mock.call.ensure_remove_chain('iv4fake-fw-uuid'), - mock.call.ensure_remove_chain('ov4fake-fw-uuid'), - mock.call.ensure_remove_chain('fwaas-default-policy'), + calls = [mock.call.remove_chain('iv4fake-fw-uuid'), + mock.call.remove_chain('ov4fake-fw-uuid'), + mock.call.remove_chain('fwaas-default-policy'), mock.call.add_chain('fwaas-default-policy'), mock.call.add_rule('fwaas-default-policy', '-j DROP')] apply_list[0].iptables_manager.ipv4['filter'].assert_has_calls(calls) diff --git a/neutron/tests/unit/test_iptables_firewall.py b/neutron/tests/unit/test_iptables_firewall.py index c4c0cafb2..4e777c3f4 100644 --- a/neutron/tests/unit/test_iptables_firewall.py +++ b/neutron/tests/unit/test_iptables_firewall.py @@ -77,7 +77,7 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase): mock.call.add_rule( 'sg-fallback', '-j DROP', comment=ic.UNMATCH_DROP), - mock.call.ensure_remove_chain('sg-chain'), + mock.call.remove_chain('sg-chain'), mock.call.add_chain('sg-chain'), mock.call.add_chain('ifake_dev'), mock.call.add_rule('FORWARD', @@ -904,7 +904,7 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase): 'sg-fallback', '-j DROP', comment=ic.UNMATCH_DROP), - mock.call.ensure_remove_chain('sg-chain'), + mock.call.remove_chain('sg-chain'), mock.call.add_chain('sg-chain'), mock.call.add_chain('ifake_dev'), mock.call.add_rule('FORWARD', @@ -1011,7 +1011,7 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase): 'sg-fallback', '-j DROP', comment=ic.UNMATCH_DROP), - mock.call.ensure_remove_chain('sg-chain'), + mock.call.remove_chain('sg-chain'), mock.call.add_chain('sg-chain'), mock.call.add_chain('ifake_dev'), mock.call.add_rule( @@ -1082,10 +1082,10 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase): 'ofake_dev', '-j $sg-fallback', comment=None), mock.call.add_rule('sg-chain', '-j ACCEPT'), - mock.call.ensure_remove_chain('ifake_dev'), - mock.call.ensure_remove_chain('ofake_dev'), - mock.call.ensure_remove_chain('sfake_dev'), - mock.call.ensure_remove_chain('sg-chain'), + mock.call.remove_chain('ifake_dev'), + mock.call.remove_chain('ofake_dev'), + mock.call.remove_chain('sfake_dev'), + mock.call.remove_chain('sg-chain'), mock.call.add_chain('sg-chain'), mock.call.add_chain('ifake_dev'), mock.call.add_rule( @@ -1156,10 +1156,10 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase): '-j $sg-fallback', comment=None), mock.call.add_rule('sg-chain', '-j ACCEPT'), - mock.call.ensure_remove_chain('ifake_dev'), - mock.call.ensure_remove_chain('ofake_dev'), - mock.call.ensure_remove_chain('sfake_dev'), - mock.call.ensure_remove_chain('sg-chain'), + mock.call.remove_chain('ifake_dev'), + mock.call.remove_chain('ofake_dev'), + mock.call.remove_chain('sfake_dev'), + mock.call.remove_chain('sg-chain'), mock.call.add_chain('sg-chain')] self.v4filter_inst.assert_has_calls(calls) @@ -1259,7 +1259,7 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase): mock.call.add_rule( 'sg-fallback', '-j DROP', comment=ic.UNMATCH_DROP), - mock.call.ensure_remove_chain('sg-chain'), + mock.call.remove_chain('sg-chain'), mock.call.add_chain('sg-chain'), mock.call.add_chain('ifake_dev'), mock.call.add_rule('FORWARD', @@ -1338,7 +1338,7 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase): mock.call.add_rule( 'sg-fallback', '-j DROP', comment=ic.UNMATCH_DROP), - mock.call.ensure_remove_chain('sg-chain'), + mock.call.remove_chain('sg-chain'), mock.call.add_chain('sg-chain'), mock.call.add_chain('ifake_dev'), mock.call.add_rule('FORWARD',