John Schwarz [Mon, 3 Aug 2015 12:49:13 +0000 (15:49 +0300)]
Add API tests for non-accessible policies
Tests which dealt with creating a rule for a policy that the tenant has
no access to, or for a policy which does not even exist, were missing.
This patch adds them.
Also renamed service_notification_drivers into notification_drivers
since it's clear where it belongs anyway (it's in neutron.conf meaning
it's a server side configuration value).
The only values in qos_rules table are: type, id and qos_policy_id. Both
id fields point to qos_*_rules and qos_policies objects.
Type is redundant since qos_rule and qos_*_rule objects maintain 1-to-1
relationship.
Keeping a separate table just to link qos_*_rule and qos_policy objects
has no meaning. At the same time, it complicates the code for rule
objects significantly.
So instead of copying with all those issues, we just squash the tables
into single one. It allows us to reuse all base methods from
NeutronObject for rules.
LOC stats for the patch clearly shows the point:
65 insertions(+), 267 deletions(-)
And no actual functionality is lost.
While at it, the following changes were applied:
- some base tests are reimplemented to test objects in a more explicit
way;
- fields_no_update class attribute is now actually enforced in base
object class.
John Schwarz [Sun, 26 Jul 2015 13:00:12 +0000 (16:00 +0300)]
Fix accessing shared policies, add assoc tests
This patch is two-fold:
1. Previously, policies that were created using the 'shared=True' flag
were not accessible to other tenants, since the context used to
search the policies was not elevated. This patch elevates the context
prior to retrieving the policy, and if a match was found, makes sure
that the user has permissions to access it (either the policy is
shared or it's from the same tenant id).
2. Tests for both associations and disassociations of policies to both
networks and ports are added in this patch, to make sure coverage is
good and that the problem is fixed.
This patch adds tests for 'update' for both policies and rules. This
completes the CRUD tests and leaves the association/disassociation for
a later patch. Note that deleting a rule isn't tested explicitly
because of a bug with the rule delete logic on the server side. Once
that code is fixed, the test should be added.
to_dict() for policies should also convert any rules inside rule lists
to dicts too, otherwise API layer receives rule object __repr__ strings
instead of actual dicts. This patch introduces a fix to the existing
to_dict() code to properly support policies.
This patch also modifies the base infra to create policies and rules for
admins and not for tenant.
Ihar Hrachyshka [Thu, 11 Jun 2015 06:11:08 +0000 (08:11 +0200)]
Introduce mechanism to determine supported qos rule types for a plugin
Every plugin that supports some of QoS rules will define a property
called supported_qos_rule_types of list type.
For ml2, determine supported qos rule types as a subset of rule types
supported by all drivers. (In the future, we may expand the list to
include all types supported by at least one of enabled drivers. This
would require synchronized work with nova scheduler though.)
For ml2, tests are limited, and should be expanded to check that common
subset of qos rules is calculated properly when intersection != the list
of each plugins. For now, it's enough since we don't have more than one
rule type planned for Liberty.
Added API test for the resource.
Partially-Implements: blueprint ml2-qos Co-Authored-By: Irena Berezovsky <irenab.dev@gmail.com> Co-Authored-By: John Schwarz <jschwarz@redhat.com>
Change-Id: I0d18ae256877a129e203110003fcadd1d63590b4
Jakub Libosvar [Tue, 21 Jul 2015 11:17:18 +0000 (11:17 +0000)]
QoS: Remove type attribute from QoS rules
The type is given by object itself. We don't specify type when creating
resource cause it's a part of uri. This patch allows a
bandwidth_limit_rule to be created in given policy.
Moshe Levi [Thu, 9 Jul 2015 10:21:49 +0000 (13:21 +0300)]
Add versioned object serialize/deserialize for resources RPC
Also switched RPC callback API to consistently receive resource_type
string and not a resource class. This is because for get_info(), we
cannot propagate a class thru RPC but only a string that uniquely
identifies the class. So it would be not optimal to require the server
to discover the corresponding class from the type name passed from the
agent.
Also updated some comments in api/rpc/callbacks directory to reflect
that we handle NeutronObjects, not dicts.
Finally, killed the rule resource registration from QoS plugin and the
rule type from supported resources since it's YAGNI at least now.
Jakub Libosvar [Tue, 21 Jul 2015 08:04:00 +0000 (08:04 +0000)]
Support qos rules and fields parameters in GET requests
Previously we didn't load the rules into policy object. This patch adds
loading the rules and defines bandwidth_limit_rules as a policy
resource in a single transaction. As a part of moving towards usage of
single transaction, create() and update() of rule were modified
accordingly.
Finally, we support types in GET requests in this patch.
Instead of having a separate function for id-based search, make
get_object accept any kwargs, including id=, and reuse it everywhere
where we used _find_object before.
John Schwarz [Tue, 30 Jun 2015 14:57:19 +0000 (17:57 +0300)]
Base infrastructure for QoS API tests
This introduces the basic methods in the tempest client, that allow the
testing of the QoS plugin. This also contains 2 (very) simple tests
which test creation and deletion of both policies and bandwidth rules,
as well as list/show for both resources. While creation is done
explicitly, deletion is done implicitly (all resources are deleted after
the test, during tearDown)
Minor fixes to the QoS plugin are included as well.
We don't use callbacks to extend resources anymore, instead relying on
ml2 extension drivers. No need for the patch to achieve QoS, and it also
breaks test_delete_subnet_with_callback that was added in master
recently.
===
3. updated requirements.txt and test-requirements.txt based on:
https://review.openstack.org/#/c/204398/
to avoid requirements gate checks failing due to incompatible
requirements comparing to global-requirements.txt
Fix handling of port-range-min 0 in secgroup RPC and agent
For TCP/UDP protocol, port valid range is 0 to 65535, so for a
security group rule, its valid range is also 0 to 65535. this
patch makes two changes:
1. if a security group rule port_range_min is 0, l2 agent also can
get port_range_min real value 0 when it gets this rule for a
device via RPC.
2. For IptablesFirewallDriver, if port range is [0, xxxx], l2 agent
also need add this rule to iptables.
This patch adds the address scope api tests and
also returns the address scope resource attr map
in the get_extended_resources() function which was
missed in the previous patch
Code Review / openstack-build / neutron-build.git / log