From 69623f20fa6472c56f21b49d4152eb9bb3873c9b Mon Sep 17 00:00:00 2001
From: sridhargaddam <sridhar.gaddam@enovance.com>
Date: Sun, 27 Apr 2014 06:25:28 +0530
Subject: [PATCH] Exit Firewall Agent if config is invalid

When fwaas config file is not provided to the agent,
but the service is enabled in neutron.conf file the
agent should exit with an error message and should
not proceed further. This patch adds the necessary fix.

Change-Id: Iaced777e3a34e9405050252b17a203689e1c1fc0
Closes-Bug: #1310857
---
 neutron/agent/l3_agent.py                            | 11 +++++++++++
 neutron/db/l3_rpc_base.py                            |  4 ++++
 .../firewall/agents/l3reference/firewall_l3_agent.py | 11 ++++++++++-
 neutron/services/l3_router/l3_router_plugin.py       |  3 ++-
 .../agents/l3reference/test_firewall_l3_agent.py     | 12 ++++++++++++
 .../firewall/agents/varmour/test_varmour_router.py   |  2 ++
 .../firewall/drivers/varmour/test_varmour_fwaas.py   |  2 ++
 neutron/tests/unit/services/vpn/test_vpn_agent.py    |  2 +-
 neutron/tests/unit/test_l3_agent.py                  |  4 ++--
 9 files changed, 46 insertions(+), 5 deletions(-)

diff --git a/neutron/agent/l3_agent.py b/neutron/agent/l3_agent.py
index cf66df7b1b..5c2a4070e4 100644
--- a/neutron/agent/l3_agent.py
+++ b/neutron/agent/l3_agent.py
@@ -82,6 +82,7 @@ class L3PluginApi(n_rpc.RpcProxy):
               - get_ports_by_subnet
               - get_agent_gateway_port
               Needed by the agent when operating in DVR/DVR_SNAT mode
+        1.3 - Get the list of activated services
 
     """
 
@@ -136,6 +137,13 @@ class L3PluginApi(n_rpc.RpcProxy):
                          topic=self.topic,
                          version='1.2')
 
+    def get_service_plugin_list(self, context):
+        """Make a call to get the list of activated services."""
+        return self.call(context,
+                         self.make_msg('get_service_plugin_list'),
+                         topic=self.topic,
+                         version='1.3')
+
 
 class RouterInfo(object):
 
@@ -420,6 +428,9 @@ class L3NATAgent(firewall_l3_agent.FWaaSL3AgentRpcCallback, manager.Manager):
         self.removed_routers = set()
         self.sync_progress = False
 
+        # Get the list of service plugins from Neutron Server
+        self.neutron_service_plugins = (
+            self.plugin_rpc.get_service_plugin_list(self.context))
         self._clean_stale_namespaces = self.conf.use_namespaces
 
         # dvr data
diff --git a/neutron/db/l3_rpc_base.py b/neutron/db/l3_rpc_base.py
index d0d8287f15..209c7b4587 100644
--- a/neutron/db/l3_rpc_base.py
+++ b/neutron/db/l3_rpc_base.py
@@ -124,6 +124,10 @@ class L3RpcCallbackMixin(object):
                   net_id)
         return net_id
 
+    def get_service_plugin_list(self, context, **kwargs):
+        plugins = manager.NeutronManager.get_service_plugins()
+        return plugins.keys()
+
     def update_floatingip_statuses(self, context, router_id, fip_statuses):
         """Update operational status for a floating IP."""
         l3_plugin = manager.NeutronManager.get_service_plugins()[
diff --git a/neutron/services/firewall/agents/l3reference/firewall_l3_agent.py b/neutron/services/firewall/agents/l3reference/firewall_l3_agent.py
index fbe8c132a5..15b2423882 100644
--- a/neutron/services/firewall/agents/l3reference/firewall_l3_agent.py
+++ b/neutron/services/firewall/agents/l3reference/firewall_l3_agent.py
@@ -64,7 +64,16 @@ class FWaaSL3AgentRpcCallback(api.FWaaSAgentRpcCallbackMixin):
         LOG.debug(_("Initializing firewall agent"))
         self.conf = conf
         fwaas_driver_class_path = cfg.CONF.fwaas.driver
-        self.fwaas_enabled = cfg.CONF.fwaas.enabled
+        fwaas_enabled = cfg.CONF.fwaas.enabled
+        fwaas_plugin_configured = (constants.FIREWALL
+                                   in self.neutron_service_plugins)
+        if fwaas_plugin_configured and not fwaas_enabled:
+            msg = _("FWaaS plugin is configured in the server side, but "
+                    "FWaaS is disabled in L3-agent.")
+            LOG.error(msg)
+            raise SystemExit(1)
+
+        self.fwaas_enabled = fwaas_enabled and fwaas_plugin_configured
         if self.fwaas_enabled:
             try:
                 self.fwaas_driver = importutils.import_object(
diff --git a/neutron/services/l3_router/l3_router_plugin.py b/neutron/services/l3_router/l3_router_plugin.py
index 61614d684a..0faa54e4e2 100644
--- a/neutron/services/l3_router/l3_router_plugin.py
+++ b/neutron/services/l3_router/l3_router_plugin.py
@@ -36,9 +36,10 @@ from neutron.plugins.common import constants
 class L3RouterPluginRpcCallbacks(n_rpc.RpcCallback,
                                  l3_rpc_base.L3RpcCallbackMixin):
 
-    RPC_API_VERSION = '1.2'
+    RPC_API_VERSION = '1.3'
     # history
     #   1.2 Added methods for DVR support
+    #   1.3 Added a method that returns the list of activated services
 
 
 class L3RouterPlugin(common_db_mixin.CommonDbMixin,
diff --git a/neutron/tests/unit/services/firewall/agents/l3reference/test_firewall_l3_agent.py b/neutron/tests/unit/services/firewall/agents/l3reference/test_firewall_l3_agent.py
index 0edc64647d..8bb4358291 100644
--- a/neutron/tests/unit/services/firewall/agents/l3reference/test_firewall_l3_agent.py
+++ b/neutron/tests/unit/services/firewall/agents/l3reference/test_firewall_l3_agent.py
@@ -39,10 +39,18 @@ class FWaasHelper(object):
 
 
 class FWaasAgent(firewall_l3_agent.FWaaSL3AgentRpcCallback, FWaasHelper):
+    neutron_service_plugins = []
+
     def __init__(self, conf=None):
         super(FWaasAgent, self).__init__(conf)
 
 
+class FWaasTestAgent(firewall_l3_agent.FWaaSL3AgentRpcCallback, FWaasHelper):
+    def __init__(self, conf=None):
+        self.neutron_service_plugins = [constants.FIREWALL]
+        super(FWaasTestAgent, self).__init__(conf)
+
+
 class TestFwaasL3AgentRpcCallback(base.BaseTestCase):
     def setUp(self):
         super(TestFwaasL3AgentRpcCallback, self).setUp()
@@ -56,6 +64,10 @@ class TestFwaasL3AgentRpcCallback(base.BaseTestCase):
         self.api = FWaasAgent(self.conf)
         self.api.fwaas_driver = test_firewall_agent_api.NoopFwaasDriver()
 
+    def test_missing_fw_config(self):
+        self.conf.fwaas_enabled = False
+        self.assertRaises(SystemExit, FWaasTestAgent, self.conf)
+
     def test_create_firewall(self):
         fake_firewall = {'id': 0}
         with mock.patch.object(
diff --git a/neutron/tests/unit/services/firewall/agents/varmour/test_varmour_router.py b/neutron/tests/unit/services/firewall/agents/varmour/test_varmour_router.py
index d778321189..735bcd118b 100644
--- a/neutron/tests/unit/services/firewall/agents/varmour/test_varmour_router.py
+++ b/neutron/tests/unit/services/firewall/agents/varmour/test_varmour_router.py
@@ -74,6 +74,8 @@ class TestVarmourRouter(base.BaseTestCase):
         self.mock_ip = mock.MagicMock()
         ip_cls.return_value = self.mock_ip
 
+        mock.patch('neutron.agent.l3_agent.L3PluginApi').start()
+
         self.looping_call_p = mock.patch(
             'neutron.openstack.common.loopingcall.FixedIntervalLoopingCall')
         self.looping_call_p.start()
diff --git a/neutron/tests/unit/services/firewall/drivers/varmour/test_varmour_fwaas.py b/neutron/tests/unit/services/firewall/drivers/varmour/test_varmour_fwaas.py
index 46ced61637..2cdfff34a3 100644
--- a/neutron/tests/unit/services/firewall/drivers/varmour/test_varmour_fwaas.py
+++ b/neutron/tests/unit/services/firewall/drivers/varmour/test_varmour_fwaas.py
@@ -75,6 +75,8 @@ class TestBasicRouterOperations(base.BaseTestCase):
         self.mock_ip = mock.MagicMock()
         ip_cls.return_value = self.mock_ip
 
+        mock.patch('neutron.agent.l3_agent.L3PluginApi').start()
+
         self.looping_call_p = mock.patch(
             'neutron.openstack.common.loopingcall.FixedIntervalLoopingCall')
         self.looping_call_p.start()
diff --git a/neutron/tests/unit/services/vpn/test_vpn_agent.py b/neutron/tests/unit/services/vpn/test_vpn_agent.py
index b998c948d3..0371cb26d4 100644
--- a/neutron/tests/unit/services/vpn/test_vpn_agent.py
+++ b/neutron/tests/unit/services/vpn/test_vpn_agent.py
@@ -71,7 +71,7 @@ class TestVPNAgent(base.BaseTestCase):
 
         l3pluginApi_cls = mock.patch(
             'neutron.agent.l3_agent.L3PluginApi').start()
-        self.plugin_api = mock.Mock()
+        self.plugin_api = mock.MagicMock()
         l3pluginApi_cls.return_value = self.plugin_api
 
         looping_call_p = mock.patch(
diff --git a/neutron/tests/unit/test_l3_agent.py b/neutron/tests/unit/test_l3_agent.py
index 3a8b87da2c..2905b91185 100644
--- a/neutron/tests/unit/test_l3_agent.py
+++ b/neutron/tests/unit/test_l3_agent.py
@@ -247,7 +247,7 @@ class TestBasicRouterOperations(base.BaseTestCase):
         self.l3pluginApi_cls_p = mock.patch(
             'neutron.agent.l3_agent.L3PluginApi')
         l3pluginApi_cls = self.l3pluginApi_cls_p.start()
-        self.plugin_api = mock.Mock()
+        self.plugin_api = mock.MagicMock()
         l3pluginApi_cls.return_value = self.plugin_api
 
         self.looping_call_p = mock.patch(
@@ -1864,7 +1864,7 @@ class TestL3AgentEventHandler(base.BaseTestCase):
         l3_plugin_p = mock.patch(
             'neutron.agent.l3_agent.L3PluginApi')
         l3_plugin_cls = l3_plugin_p.start()
-        l3_plugin_cls.return_value = mock.Mock()
+        l3_plugin_cls.return_value = mock.MagicMock()
 
         self.external_process_p = mock.patch(
             'neutron.agent.linux.external_process.ProcessManager'