In the check for all security groups on port belong to tenant,
add a filter to get security groups for the tenant which are in
common with the security groups of the port.
Sean Dague [Mon, 7 Apr 2014 21:07:41 +0000 (17:07 -0400)]
set api.extensions logging to ERROR in unit tests
neutron.api.extensions generates a lot of output in a normal
unit test run. It's responsible for > 80% of the lines in the
subunit_log.txt. Logging each file load 10k times slows everything
down, takes up valuable memory, and doesn't really help with testing.
Instead we can set this to ERROR level in a fixture to ignore most
of that logging and help make the unit tests run faster.
Dan Prince [Thu, 10 Apr 2014 16:40:13 +0000 (12:40 -0400)]
Make default nova_url use a version
The default nova_url for neutron is missing an API
version number. This can cause requests to fail
because the Nova /versions API cannot respond
to Neutron notification requests.
It seems reasonable for the default value to
at least have a chance at being correct so
this patch upgrades the default Nova API url to
use the Nova 'v2' API.
In case the network is without a subnet, calling the validation
logic during the report phase leads to an error because the LSN
would have been already allocated during the migration phase.
Bypass the issue by calling the plugin directly, which is what
the validation logic does in the first place.
Russell Bryant [Wed, 9 Apr 2014 15:32:44 +0000 (11:32 -0400)]
Update ensure()/reconnect() to catch MessagingError
The error handling code that gets connections reset if necessary
caught ConnectionError. It really needs to catch MessagingError,
which ConnectionError inherits from. There are other types of
MessagingErrors that may occur, such as InternalError, and they need
to cause the connection to reset, as well.
This fix has already been merged into oslo.messaging.
If one quries NSX doing GET /ws.v1/lswitch/LS_UUID/lport and LS_UUID
is a UUID that does not exist in NSX. NSX raises a 404. If LS_UUID is *
NSX returns an empty result string. This patch fixes the fake_api_client
so that it's behavior is correct.
netaddr<=0.7.10 raises ValueError instead of AddrFormatError
This patch ensures that ValueError is also caught in addition to
AddrFormatError as in netaddr>=0.7.11 AddrFormatError is raised and
in netaddr<=0.7.10 ValueError is raised.
marios [Fri, 29 Nov 2013 16:23:54 +0000 (18:23 +0200)]
Validate CIDR given as ip-prefix in security-group-rule-create
There was no validation for the provided ip prefix. This just adds
a simple parse using netaddr and explodes with appropriate message.
Also makes sure ip prefix _is_ cidr (192.168.1.1-->192.168.1.1/32).
Validation occurs at the attribute level (API model) as well as at
the db level, where the ethertype is validated against the ip_prefix
address type.
Unit test cases added - bad prefix, unmasked prefix and incorrect
ethertype. Also adds attribute test cases for the added
convert_ip_prefix_to_cidr method
This forces the object to be ready ahead of accessing time.
The change in loading behavior is also beneficial while listing
routers, as reduces the amount of queries being issued. Tests
show a performance gain of 15-30% for router-list times.
NSX: ensure dhcp port is setup on metadata network
Change in scheduling behavior caused a regression
where the dhcp port is no longer provisioned on
the (admin) metadata network created when a subnet
is uplinked to a router.
This change recovers the past behavior and extend UT
coverage to avoid further regression.
Thomas Goirand [Mon, 2 Jun 2014 16:08:25 +0000 (00:08 +0800)]
Adds Install_SNAT_rules_for_ipv4_only.patch. Note that without this patch,
it's possible to destroy an OpenStack cloud network, which is why I'm
putting urgency=high in this upload.
NSX: Fix KeyError in sync if nsx_router_id not found
Previously, a KeyError would occur in the sync code which would
cause the sync thread to stop running. This would occur if there
was a router entry in the database but no nsx_router_mapping and
the router was not found in nsx. Note: this should never happen unless
one did not run the db migration which introduced and migrated the data
for the NeutronNsxRouterMapping table.
Darren Birkett [Thu, 6 Mar 2014 16:17:03 +0000 (16:17 +0000)]
Correctly inherit __table_args__ from parent class
Where unique constraints are added to certain tables by populating
__table_args__, we need to ensure we inherit the top level
__table_args__ that define the default storage engine to use when
creating tables.
Carl Baldwin [Tue, 1 Apr 2014 22:02:17 +0000 (22:02 +0000)]
Delete routers that are requested but not reported as active
There are two cases that I can think of that result in a router being
requested but not reported as active. One is that admin_state_up has
been set to False. In this case, the router is never removed and
continues to be operational.
The other case is if a router is changed and then deleted before the
change is processed. In this case, it is prudent to be sure that the
router is queued for deletion.
Aaron Rosen [Sat, 15 Mar 2014 05:57:09 +0000 (22:57 -0700)]
Fix _validate_mac_address method
The method _validate_mac_address previously used: netaddr.EUI(data)
which would convert data passed in to the correct mac_address representation.
For example if data=123 it would return: EUI('00-00-00-00-00-7B'). To fix
this issue I used netaddr.valid_mac() instead which returns a bool if a mac is
valid or not and does not raise. Note this file needs some improvements to
improve how exception handling is done that will come later.
Irena Berezovsky [Tue, 25 Mar 2014 07:30:17 +0000 (09:30 +0200)]
Add L2 Agent side handling for non consistent security_group settings
Add setting of the firewall_driver to NoopDriver when firewall_driver is None and
add warning if driver combination is not valid.
Modify is_valid_driver_combination to verify default settings: enable_security_group (True) and firewall_driver (None).
The -propose-translation-update and -upstream-translation-update
jobs do not update from transifex since our po files contain
duplicate entries where obsolete entries duplicate normal entries.
Robert Kukura [Thu, 3 Apr 2014 21:01:00 +0000 (17:01 -0400)]
ML2: ODL driver sets port status
The OpenDaylight mechanism driver does not depend on an L2 agent to
plug the port. Now that nova waits for notification that the port
status is ACTIVE, the ML2 driver API is extended so that the mechanism
driver that binds a port can optionally set the port status, and the
OpenDaylight mechanism driver uses this to set the port status to
ACTIVE.
Kevin Benton [Thu, 20 Mar 2014 14:24:33 +0000 (07:24 -0700)]
De-duplicate unit tests for ports in Big Switch
This eliminates the separate classes that existed
for the VIF type testing. Each class was going
through all of the port tests when none of the
logic those tests were exercising was affected by
the VIF types.
This cut the number of tests run in test_restproxy_plugin
by close to 44% without a reduction in code coverage.
Miguel Angel Ajo [Mon, 31 Mar 2014 13:50:55 +0000 (15:50 +0200)]
fixes tests using called_once_ without assert
A few tests were using mock's called_once, or called_once_with_args
instead of assert_called_once or assert_called_once_with_args. Those
methods return a bool that needs to be actively checked.
The tests are fixed to avoid them from passing if the call condition
is not met.
Kevin Benton [Tue, 1 Apr 2014 08:05:29 +0000 (01:05 -0700)]
Stop using portbindings_db in BSN ML2 driver
Avoids using the portbindings_db in the Big Switch
ML2 driver since ML2 has deprecated that database for
its own version that tracks the same information.
Also eliminates unnecessary 'binding_host' field since
it is now always the same as as the 'portbinding:host_id'
field.
A minor change is made to the Arista API between ML2 Driver and the
back-end. This fix addresses this change to align Icehouse release with
Arista EOS releases.
Second firewall creation returns 500, but it is an expected behavior
of firewall reference implementation and an internal server error
should not be returned.
Gateway certificates are validated by the NSX backend.
The code currently treats a failure in certification
validation as a backend failure and therefore returns
a 500 status code.
This patch changes this behaviour by returning a 400
status code and an appropriate error description.
To this aim a handler for 400 errors has been added to
the NSX API client.