x/vmware-nsx
Code Issues Proposed changes

Remove duplicate ensure_remove_chain method in iptables_manager

Browse Source 
Change-Id: I168eda2fa430446786d4106d6807207f4facbfc3
Closes-Bug: #1388162
This commit is contained in:
Elena Ezhova 2014-10-31 19:37:46 +03:00
parent 314f8530dd
commit a2a4532be3
5 changed files with 29 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
neutron/agent/linux/iptables_firewall.py
View File

@ -159,8 +159,8 @@ class IptablesFirewallDriver(firewall.FirewallDriver):
self.iptables.ipv4['filter'].add_chain(chain_name)
def _remove_chain_by_name_v4v6(self, chain_name):
self.iptables.ipv4['filter'].ensure_remove_chain(chain_name)
self.iptables.ipv6['filter'].ensure_remove_chain(chain_name)
self.iptables.ipv4['filter'].remove_chain(chain_name)
self.iptables.ipv6['filter'].remove_chain(chain_name)
def _add_rule_to_chain_v4v6(self, chain_name, ipv4_rules, ipv6_rules,
comment=None):

13
neutron/agent/linux/iptables_manager.py
View File

@ -138,19 +138,6 @@ class IptablesTable(object):
else:
return self.unwrapped_chains
def ensure_remove_chain(self, name, wrap=True):
"""Ensure the chain is removed.
This removal "cascades". All rule in the chain are removed, as are
all rules in other chains that jump to it.
"""
name = get_chain_name(name, wrap)
chain_set = self._select_chain_set(wrap)
if name not in chain_set:
return
self.remove_chain(name, wrap)
def remove_chain(self, name, wrap=True):
"""Remove named chain.

4
neutron/services/firewall/drivers/linux/iptables_fwaas.py
View File

@ -227,9 +227,9 @@ class IptablesFwaasDriver(fwaas_base.FwaasDriverBase):
def _remove_chain_by_name(self, ver, chain_name, ipt_mgr):
if ver == IPV4:
ipt_mgr.ipv4['filter'].ensure_remove_chain(chain_name)
ipt_mgr.ipv4['filter'].remove_chain(chain_name)
else:
ipt_mgr.ipv6['filter'].ensure_remove_chain(chain_name)
ipt_mgr.ipv6['filter'].remove_chain(chain_name)
def _add_rules_to_chain(self, ipt_mgr, ver, chain_name, rules):
if ver == IPV4:

24
neutron/tests/unit/services/firewall/drivers/linux/test_iptables_fwaas.py
View File

@ -136,9 +136,9 @@ class IptablesFwaasTestCase(base.BaseTestCase):
ipt_mgr_echain = '%s-%s' % (bname, egress_chain[:11])
for router_info_inst in apply_list:
v4filter_inst = router_info_inst.iptables_manager.ipv4['filter']
calls = [mock.call.ensure_remove_chain('iv4fake-fw-uuid'),
mock.call.ensure_remove_chain('ov4fake-fw-uuid'),
mock.call.ensure_remove_chain('fwaas-default-policy'),
calls = [mock.call.remove_chain('iv4fake-fw-uuid'),
mock.call.remove_chain('ov4fake-fw-uuid'),
mock.call.remove_chain('fwaas-default-policy'),
mock.call.add_chain('fwaas-default-policy'),
mock.call.add_rule('fwaas-default-policy', '-j DROP'),
mock.call.add_chain(ingress_chain),
@ -176,11 +176,11 @@ class IptablesFwaasTestCase(base.BaseTestCase):
for ip_version in (4, 6):
ingress_chain = ('iv%s%s' % (ip_version, firewall['id']))
egress_chain = ('ov%s%s' % (ip_version, firewall['id']))
calls = [mock.call.ensure_remove_chain(
calls = [mock.call.remove_chain(
'iv%sfake-fw-uuid' % ip_version),
mock.call.ensure_remove_chain(
mock.call.remove_chain(
'ov%sfake-fw-uuid' % ip_version),
mock.call.ensure_remove_chain('fwaas-default-policy'),
mock.call.remove_chain('fwaas-default-policy'),
mock.call.add_chain('fwaas-default-policy'),
mock.call.add_rule('fwaas-default-policy', '-j DROP'),
mock.call.add_chain(ingress_chain),
@ -216,9 +216,9 @@ class IptablesFwaasTestCase(base.BaseTestCase):
self.firewall.delete_firewall('legacy', apply_list, firewall)
ingress_chain = 'iv4%s' % firewall['id']
egress_chain = 'ov4%s' % firewall['id']
calls = [mock.call.ensure_remove_chain(ingress_chain),
mock.call.ensure_remove_chain(egress_chain),
mock.call.ensure_remove_chain('fwaas-default-policy')]
calls = [mock.call.remove_chain(ingress_chain),
mock.call.remove_chain(egress_chain),
mock.call.remove_chain('fwaas-default-policy')]
apply_list[0].iptables_manager.ipv4['filter'].assert_has_calls(calls)
def test_create_firewall_with_admin_down(self):
@ -226,9 +226,9 @@ class IptablesFwaasTestCase(base.BaseTestCase):
rule_list = self._fake_rules_v4(FAKE_FW_ID, apply_list)
firewall = self._fake_firewall_with_admin_down(rule_list)
self.firewall.create_firewall('legacy', apply_list, firewall)
calls = [mock.call.ensure_remove_chain('iv4fake-fw-uuid'),
mock.call.ensure_remove_chain('ov4fake-fw-uuid'),
mock.call.ensure_remove_chain('fwaas-default-policy'),
calls = [mock.call.remove_chain('iv4fake-fw-uuid'),
mock.call.remove_chain('ov4fake-fw-uuid'),
mock.call.remove_chain('fwaas-default-policy'),
mock.call.add_chain('fwaas-default-policy'),
mock.call.add_rule('fwaas-default-policy', '-j DROP')]
apply_list[0].iptables_manager.ipv4['filter'].assert_has_calls(calls)

26
neutron/tests/unit/test_iptables_firewall.py
View File

@ -77,7 +77,7 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase):
mock.call.add_rule(
'sg-fallback', '-j DROP',
comment=ic.UNMATCH_DROP),
mock.call.ensure_remove_chain('sg-chain'),
mock.call.remove_chain('sg-chain'),
mock.call.add_chain('sg-chain'),
mock.call.add_chain('ifake_dev'),
mock.call.add_rule('FORWARD',
@ -904,7 +904,7 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase):
'sg-fallback',
'-j DROP',
comment=ic.UNMATCH_DROP),
mock.call.ensure_remove_chain('sg-chain'),
mock.call.remove_chain('sg-chain'),
mock.call.add_chain('sg-chain'),
mock.call.add_chain('ifake_dev'),
mock.call.add_rule('FORWARD',
@ -1011,7 +1011,7 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase):
'sg-fallback',
'-j DROP',
comment=ic.UNMATCH_DROP),
mock.call.ensure_remove_chain('sg-chain'),
mock.call.remove_chain('sg-chain'),
mock.call.add_chain('sg-chain'),
mock.call.add_chain('ifake_dev'),
mock.call.add_rule(
@ -1082,10 +1082,10 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase):
'ofake_dev',
'-j $sg-fallback', comment=None),
mock.call.add_rule('sg-chain', '-j ACCEPT'),
mock.call.ensure_remove_chain('ifake_dev'),
mock.call.ensure_remove_chain('ofake_dev'),
mock.call.ensure_remove_chain('sfake_dev'),
mock.call.ensure_remove_chain('sg-chain'),
mock.call.remove_chain('ifake_dev'),
mock.call.remove_chain('ofake_dev'),
mock.call.remove_chain('sfake_dev'),
mock.call.remove_chain('sg-chain'),
mock.call.add_chain('sg-chain'),
mock.call.add_chain('ifake_dev'),
mock.call.add_rule(
@ -1156,10 +1156,10 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase):
'-j $sg-fallback',
comment=None),
mock.call.add_rule('sg-chain', '-j ACCEPT'),
mock.call.ensure_remove_chain('ifake_dev'),
mock.call.ensure_remove_chain('ofake_dev'),
mock.call.ensure_remove_chain('sfake_dev'),
mock.call.ensure_remove_chain('sg-chain'),
mock.call.remove_chain('ifake_dev'),
mock.call.remove_chain('ofake_dev'),
mock.call.remove_chain('sfake_dev'),
mock.call.remove_chain('sg-chain'),
mock.call.add_chain('sg-chain')]
self.v4filter_inst.assert_has_calls(calls)
@ -1259,7 +1259,7 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase):
mock.call.add_rule(
'sg-fallback', '-j DROP',
comment=ic.UNMATCH_DROP),
mock.call.ensure_remove_chain('sg-chain'),
mock.call.remove_chain('sg-chain'),
mock.call.add_chain('sg-chain'),
mock.call.add_chain('ifake_dev'),
mock.call.add_rule('FORWARD',
@ -1338,7 +1338,7 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase):
mock.call.add_rule(
'sg-fallback', '-j DROP',
comment=ic.UNMATCH_DROP),
mock.call.ensure_remove_chain('sg-chain'),
mock.call.remove_chain('sg-chain'),
mock.call.add_chain('sg-chain'),
mock.call.add_chain('ifake_dev'),
mock.call.add_rule('FORWARD',