x/vmware-nsx
Code Issues Proposed changes

NSX|V: Fix FWaaS V2 handling 0.0.0.0 ips

Browse Source 
Change-Id: Ib1de24b8a0d57ab0dcb43ae971f7084d308f6991
This commit is contained in:
Adit Sarfaty 2019-08-01 09:55:15 +03:00
parent 0705f382dc
commit 23ab43b3ae
2 changed files with 30 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
vmware_nsx/services/fwaas/nsx_v/fwaas_callbacks_v2.py
View File

@ -155,13 +155,19 @@ class NsxvFwaasCallbacksV2(com_callbacks.NsxFwaasCallbacksV2):
not rule['destination_ip_address'].startswith('0.0.0.0')): not rule['destination_ip_address'].startswith('0.0.0.0')):
rule['destination_ip_address'] = [ rule['destination_ip_address'] = [
rule['destination_ip_address']] rule['destination_ip_address']]
elif replace_dest: else:
rule['destination_vnic_groups'] = [replace_dest] if replace_dest:
rule['destination_vnic_groups'] = [replace_dest]
if 'destination_ip_address' in rule:
del rule['destination_ip_address']
if (rule.get('source_ip_address') and if (rule.get('source_ip_address') and
not rule['source_ip_address'].startswith('0.0.0.0')): not rule['source_ip_address'].startswith('0.0.0.0')):
rule['source_ip_address'] = [rule['source_ip_address']] rule['source_ip_address'] = [rule['source_ip_address']]
elif replace_src: else:
rule['source_vnic_groups'] = [replace_src] if replace_src:
rule['source_vnic_groups'] = [replace_src]
if 'source_ip_address' in rule:
del rule['source_ip_address']
if logged: if logged:
rule['logged'] = True rule['logged'] = True
translated_rules.append(rule) translated_rules.append(rule)

28
vmware_nsx/tests/unit/nsx_v/test_fwaas_v2_driver.py
View File

@ -119,17 +119,25 @@ class NsxvFwaasTestCase(test_v_plugin.NsxVPluginV2TestCase):
if logged: if logged:
rule['logged'] = True rule['logged'] = True
if is_ingress: if is_ingress:
if not rule.get('destination_ip_address'): if (not rule.get('destination_ip_address') or
rule['destination_ip_address'].startswith('0.0.0.0')):
rule['destination_vnic_groups'] = ['vnic-index-1'] rule['destination_vnic_groups'] = ['vnic-index-1']
else: else:
if not rule.get('source_ip_address'): if (not rule.get('source_ip_address') or
rule['source_ip_address'].startswith('0.0.0.0')):
rule['source_vnic_groups'] = ['vnic-index-1'] rule['source_vnic_groups'] = ['vnic-index-1']
if rule.get('destination_ip_address'): if rule.get('destination_ip_address'):
rule['destination_ip_address'] = [ if rule['destination_ip_address'].startswith('0.0.0.0'):
rule['destination_ip_address']] del rule['destination_ip_address']
else:
rule['destination_ip_address'] = [
rule['destination_ip_address']]
if rule.get('source_ip_address'): if rule.get('source_ip_address'):
rule['source_ip_address'] = [ if rule['source_ip_address'].startswith('0.0.0.0'):
rule['source_ip_address']] del rule['source_ip_address']
else:
rule['source_ip_address'] = [
rule['source_ip_address']]
rule['name'] = (fwaas_callbacks_v2.RULE_NAME_PREFIX + rule['name'] = (fwaas_callbacks_v2.RULE_NAME_PREFIX +
(rule.get('name') or rule['id']))[:30] (rule.get('name') or rule['id']))[:30]
if rule.get('id'): if rule.get('id'):
@ -210,10 +218,10 @@ class NsxvFwaasTestCase(test_v_plugin.NsxVPluginV2TestCase):
{'firewall_rule_list': expected_rules}) {'firewall_rule_list': expected_rules})
def _setup_firewall_with_rules(self, func, is_ingress=True, def _setup_firewall_with_rules(self, func, is_ingress=True,
is_conflict=False): is_conflict=False, cidr='10.24.4.0/24'):
apply_list = self._fake_apply_list() apply_list = self._fake_apply_list()
rule_list = self._fake_rules_v4(is_ingress=is_ingress, rule_list = self._fake_rules_v4(is_ingress=is_ingress,
is_conflict=is_conflict) is_conflict=is_conflict, cidr=cidr)
firewall = self._fake_firewall_group(rule_list, is_ingress=is_ingress) firewall = self._fake_firewall_group(rule_list, is_ingress=is_ingress)
with mock.patch.object(self.plugin.fwaas_callbacks, 'get_port_fwg', with mock.patch.object(self.plugin.fwaas_callbacks, 'get_port_fwg',
return_value=firewall),\ return_value=firewall),\
@ -255,6 +263,10 @@ class NsxvFwaasTestCase(test_v_plugin.NsxVPluginV2TestCase):
self._setup_firewall_with_rules(self.firewall.create_firewall_group, self._setup_firewall_with_rules(self.firewall.create_firewall_group,
is_ingress=False) is_ingress=False)
def test_create_firewall_with_illegal_cidr(self):
self._setup_firewall_with_rules(self.firewall.create_firewall_group,
cidr='0.0.0.0/24')
def test_update_firewall_with_egress_rules(self): def test_update_firewall_with_egress_rules(self):
self._setup_firewall_with_rules(self.firewall.update_firewall_group, self._setup_firewall_with_rules(self.firewall.update_firewall_group,
is_ingress=False) is_ingress=False)