From 4df8a3508676ce3c3cef617de36a97e502b24d07 Mon Sep 17 00:00:00 2001 From: Paul Michali Date: Tue, 12 Aug 2014 21:26:27 -0400 Subject: [PATCH] VPNaaS: Cisco fix validation for GW IP The validation to check that the router has a GW IP for the Cisco service driver was trying to directly get the gw_port information, which is not available, as the validator only has a dict of the vpn_service info. Modified validator to get the router object (not a dict representation), using the vpn_service's router_id and then check the attributes for the router directly. Change-Id: I48286cda23d9737ddd90251dc0d1db1c310e7784 Closes-Bug: 1356127 --- .../vpn/service_drivers/cisco_validator.py | 10 +++++----- .../vpn/service_drivers/test_cisco_ipsec.py | 18 +++++++++++------- 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/neutron/services/vpn/service_drivers/cisco_validator.py b/neutron/services/vpn/service_drivers/cisco_validator.py index 5ccf401a7e..f78b8bdc1e 100644 --- a/neutron/services/vpn/service_drivers/cisco_validator.py +++ b/neutron/services/vpn/service_drivers/cisco_validator.py @@ -73,9 +73,9 @@ class CiscoCsrVpnValidator(vpn_validator.VpnReferenceValidator): key='mtu', value=mtu) - def validate_public_ip_present(self, vpn_service): + def validate_public_ip_present(self, router): """Ensure there is one gateway IP specified for the router used.""" - gw_port = vpn_service.router.gw_port + gw_port = router.gw_port if not gw_port or len(gw_port.fixed_ips) != 1: raise CsrValidationFailure(resource='IPSec Connection', key='router:gw_port:ip_address', @@ -106,11 +106,11 @@ class CiscoCsrVpnValidator(vpn_validator.VpnReferenceValidator): context, ipsec_sitecon['ipsecpolicy_id']) vpn_service = self.service_plugin.get_vpnservice( context, ipsec_sitecon['vpnservice_id']) + router = self.l3_plugin._get_router(context, vpn_service['router_id']) self.validate_lifetime('IKE Policy', ike_policy) self.validate_lifetime('IPSec Policy', ipsec_policy) self.validate_ike_version(ike_policy) self.validate_mtu(ipsec_sitecon) - self.validate_public_ip_present(vpn_service) + self.validate_public_ip_present(router) self.validate_peer_id(ipsec_sitecon) - LOG.debug("IPSec connection %s validated for Cisco CSR", - ipsec_sitecon['id']) + LOG.debug("IPSec connection validated for Cisco CSR") diff --git a/neutron/tests/unit/services/vpn/service_drivers/test_cisco_ipsec.py b/neutron/tests/unit/services/vpn/service_drivers/test_cisco_ipsec.py index b1ea6925b4..d9e1d1ca1b 100644 --- a/neutron/tests/unit/services/vpn/service_drivers/test_cisco_ipsec.py +++ b/neutron/tests/unit/services/vpn/service_drivers/test_cisco_ipsec.py @@ -83,7 +83,8 @@ class TestCiscoIPsecDriverValidation(base.BaseTestCase): mock.patch('neutron.manager.NeutronManager.get_plugin', return_value=self.core_plugin).start() self.context = n_ctx.Context('some_user', 'some_tenant') - self.vpn_service = mock.Mock() + self.vpn_service = {'router_id': '123'} + self.router = mock.Mock() self.service_plugin = mock.Mock() self.validator = validator.CiscoCsrVpnValidator(self.service_plugin) @@ -167,23 +168,25 @@ class TestCiscoIPsecDriverValidation(base.BaseTestCase): """Helper function indicating that tunnel has a gateway IP.""" def have_one(): return 1 - self.vpn_service.router.gw_port.fixed_ips.__len__ = have_one + self.router.gw_port.fixed_ips.__len__ = have_one ip_addr_mock = mock.Mock() - self.vpn_service.router.gw_port.fixed_ips = [ip_addr_mock] - return ip_addr_mock + self.router.gw_port.fixed_ips = [ip_addr_mock] def test_have_public_ip_for_router(self): """Ensure that router for IPSec connection has gateway IP.""" self.simulate_gw_ip_available() - self.validator.validate_public_ip_present(self.vpn_service) + try: + self.validator.validate_public_ip_present(self.router) + except Exception: + self.fail("Unexpected exception on validation") def test_router_with_missing_gateway_ip(self): """Failure test of IPSec connection with missing gateway IP.""" self.simulate_gw_ip_available() - self.vpn_service.router.gw_port = None + self.router.gw_port = None self.assertRaises(validator.CsrValidationFailure, self.validator.validate_public_ip_present, - self.vpn_service) + self.router) def test_peer_id_is_an_ip_address(self): """Ensure peer ID is an IP address for IPsec connection create.""" @@ -206,6 +209,7 @@ class TestCiscoIPsecDriverValidation(base.BaseTestCase): return_value={'lifetime': {'units': 'seconds', 'value': 120}}) self.service_plugin.get_vpnservice = mock.Mock( return_value=self.vpn_service) + self.l3_plugin._get_router = mock.Mock(return_value=self.router) # Provide the minimum needed items to validate ipsec_sitecon = {'id': '1', 'vpnservice_id': FAKE_SERVICE_ID,