Add api support for enabling snat rule logging
1. For MP, add logging parameter in snat rule creating api 2. For Policy, change parameter name from log to logging for tier0 and tier1 snat rule object. Change-Id: I4f03fa6a35f138a7112782d58a1cc5a4b1648d61
This commit is contained in:
parent
20ec669402
commit
0323737ed1
@ -3575,6 +3575,7 @@ class TestPolicyTier0NatRule(NsxPolicyLibTestCase):
|
|||||||
cidr1 = '1.1.1.1/32'
|
cidr1 = '1.1.1.1/32'
|
||||||
cidr2 = '2.2.2.0/24'
|
cidr2 = '2.2.2.0/24'
|
||||||
enabled = True
|
enabled = True
|
||||||
|
logging = False
|
||||||
|
|
||||||
with mock.patch.object(self.policy_api,
|
with mock.patch.object(self.policy_api,
|
||||||
"create_or_update") as api_call:
|
"create_or_update") as api_call:
|
||||||
@ -3587,7 +3588,8 @@ class TestPolicyTier0NatRule(NsxPolicyLibTestCase):
|
|||||||
source_network=cidr2,
|
source_network=cidr2,
|
||||||
firewall_match=firewall_match,
|
firewall_match=firewall_match,
|
||||||
tenant=TEST_TENANT,
|
tenant=TEST_TENANT,
|
||||||
enabled=enabled)
|
enabled=enabled,
|
||||||
|
logging=logging)
|
||||||
expected_def = core_defs.Tier0NatRule(
|
expected_def = core_defs.Tier0NatRule(
|
||||||
tier0_id=tier0_id,
|
tier0_id=tier0_id,
|
||||||
nat_rule_id=nat_rule_id,
|
nat_rule_id=nat_rule_id,
|
||||||
@ -3599,7 +3601,8 @@ class TestPolicyTier0NatRule(NsxPolicyLibTestCase):
|
|||||||
source_network=cidr2,
|
source_network=cidr2,
|
||||||
firewall_match=firewall_match,
|
firewall_match=firewall_match,
|
||||||
tenant=TEST_TENANT,
|
tenant=TEST_TENANT,
|
||||||
enabled=enabled)
|
enabled=enabled,
|
||||||
|
logging=logging)
|
||||||
self.assert_called_with_def(api_call, expected_def)
|
self.assert_called_with_def(api_call, expected_def)
|
||||||
self.assertIsNotNone(result)
|
self.assertIsNotNone(result)
|
||||||
|
|
||||||
@ -3643,6 +3646,7 @@ class TestPolicyTier0NatRule(NsxPolicyLibTestCase):
|
|||||||
cidr1 = '1.1.1.1/32'
|
cidr1 = '1.1.1.1/32'
|
||||||
cidr2 = '2.2.2.0/24'
|
cidr2 = '2.2.2.0/24'
|
||||||
enabled = True
|
enabled = True
|
||||||
|
logging = False
|
||||||
|
|
||||||
with mock.patch.object(self.policy_api,
|
with mock.patch.object(self.policy_api,
|
||||||
"create_or_update") as api_call:
|
"create_or_update") as api_call:
|
||||||
@ -3655,7 +3659,8 @@ class TestPolicyTier0NatRule(NsxPolicyLibTestCase):
|
|||||||
firewall_match=firewall_match,
|
firewall_match=firewall_match,
|
||||||
source_network=cidr2,
|
source_network=cidr2,
|
||||||
tenant=TEST_TENANT,
|
tenant=TEST_TENANT,
|
||||||
enabled=enabled)
|
enabled=enabled,
|
||||||
|
logging=logging)
|
||||||
|
|
||||||
expected_def = core_defs.Tier0NatRule(
|
expected_def = core_defs.Tier0NatRule(
|
||||||
tier0_id=tier0_id,
|
tier0_id=tier0_id,
|
||||||
@ -3668,7 +3673,8 @@ class TestPolicyTier0NatRule(NsxPolicyLibTestCase):
|
|||||||
firewall_match=firewall_match,
|
firewall_match=firewall_match,
|
||||||
source_network=cidr2,
|
source_network=cidr2,
|
||||||
tenant=TEST_TENANT,
|
tenant=TEST_TENANT,
|
||||||
enabled=enabled)
|
enabled=enabled,
|
||||||
|
logging=logging)
|
||||||
self.assert_called_with_def(api_call, expected_def)
|
self.assert_called_with_def(api_call, expected_def)
|
||||||
|
|
||||||
|
|
||||||
@ -3688,6 +3694,7 @@ class TestPolicyTier1NatRule(NsxPolicyLibTestCase):
|
|||||||
cidr1 = '1.1.1.1/32'
|
cidr1 = '1.1.1.1/32'
|
||||||
cidr2 = '2.2.2.0/24'
|
cidr2 = '2.2.2.0/24'
|
||||||
enabled = True
|
enabled = True
|
||||||
|
logging = True
|
||||||
|
|
||||||
with mock.patch.object(self.policy_api,
|
with mock.patch.object(self.policy_api,
|
||||||
"create_or_update") as api_call:
|
"create_or_update") as api_call:
|
||||||
@ -3700,7 +3707,8 @@ class TestPolicyTier1NatRule(NsxPolicyLibTestCase):
|
|||||||
firewall_match=firewall_match,
|
firewall_match=firewall_match,
|
||||||
source_network=cidr2,
|
source_network=cidr2,
|
||||||
tenant=TEST_TENANT,
|
tenant=TEST_TENANT,
|
||||||
enabled=enabled)
|
enabled=enabled,
|
||||||
|
logging=logging)
|
||||||
|
|
||||||
expected_def = core_defs.Tier1NatRule(
|
expected_def = core_defs.Tier1NatRule(
|
||||||
tier1_id=tier1_id,
|
tier1_id=tier1_id,
|
||||||
@ -3713,7 +3721,8 @@ class TestPolicyTier1NatRule(NsxPolicyLibTestCase):
|
|||||||
firewall_match=firewall_match,
|
firewall_match=firewall_match,
|
||||||
source_network=cidr2,
|
source_network=cidr2,
|
||||||
tenant=TEST_TENANT,
|
tenant=TEST_TENANT,
|
||||||
enabled=enabled)
|
enabled=enabled,
|
||||||
|
logging=logging)
|
||||||
self.assert_called_with_def(api_call, expected_def)
|
self.assert_called_with_def(api_call, expected_def)
|
||||||
self.assertIsNotNone(result)
|
self.assertIsNotNone(result)
|
||||||
|
|
||||||
@ -3742,6 +3751,7 @@ class TestPolicyTier1NatRule(NsxPolicyLibTestCase):
|
|||||||
cidr1 = '1.1.1.1/32'
|
cidr1 = '1.1.1.1/32'
|
||||||
cidr2 = '2.2.2.0/24'
|
cidr2 = '2.2.2.0/24'
|
||||||
enabled = True
|
enabled = True
|
||||||
|
logging = True
|
||||||
|
|
||||||
with mock.patch.object(self.policy_api,
|
with mock.patch.object(self.policy_api,
|
||||||
"create_or_update") as api_call:
|
"create_or_update") as api_call:
|
||||||
@ -3754,7 +3764,8 @@ class TestPolicyTier1NatRule(NsxPolicyLibTestCase):
|
|||||||
firewall_match=firewall_match,
|
firewall_match=firewall_match,
|
||||||
source_network=cidr2,
|
source_network=cidr2,
|
||||||
tenant=TEST_TENANT,
|
tenant=TEST_TENANT,
|
||||||
enabled=enabled)
|
enabled=enabled,
|
||||||
|
logging=logging)
|
||||||
|
|
||||||
expected_def = core_defs.Tier1NatRule(
|
expected_def = core_defs.Tier1NatRule(
|
||||||
tier1_id=tier1_id,
|
tier1_id=tier1_id,
|
||||||
@ -3767,7 +3778,8 @@ class TestPolicyTier1NatRule(NsxPolicyLibTestCase):
|
|||||||
firewall_match=firewall_match,
|
firewall_match=firewall_match,
|
||||||
source_network=cidr2,
|
source_network=cidr2,
|
||||||
tenant=TEST_TENANT,
|
tenant=TEST_TENANT,
|
||||||
enabled=enabled)
|
enabled=enabled,
|
||||||
|
logging=logging)
|
||||||
self.assert_called_with_def(api_call, expected_def)
|
self.assert_called_with_def(api_call, expected_def)
|
||||||
|
|
||||||
|
|
||||||
|
@ -972,7 +972,8 @@ class LogicalRouterTestCase(BaseTestResource):
|
|||||||
self.assertEqual(test_constants.FAKE_ROUTER_FW_SEC_UUID, section_id)
|
self.assertEqual(test_constants.FAKE_ROUTER_FW_SEC_UUID, section_id)
|
||||||
|
|
||||||
def _test_nat_rule_create(self, nsx_version, add_bypas_arg=True,
|
def _test_nat_rule_create(self, nsx_version, add_bypas_arg=True,
|
||||||
action='SNAT', expect_failure=False):
|
action='SNAT', expect_failure=False,
|
||||||
|
logging=False):
|
||||||
router = self.get_mocked_resource()
|
router = self.get_mocked_resource()
|
||||||
translated_net = '1.1.1.1'
|
translated_net = '1.1.1.1'
|
||||||
priority = 10
|
priority = 10
|
||||||
@ -983,7 +984,8 @@ class LogicalRouterTestCase(BaseTestResource):
|
|||||||
'display_name': display_name,
|
'display_name': display_name,
|
||||||
'enabled': True,
|
'enabled': True,
|
||||||
'translated_network': translated_net,
|
'translated_network': translated_net,
|
||||||
'rule_priority': priority
|
'rule_priority': priority,
|
||||||
|
'logging': logging
|
||||||
}
|
}
|
||||||
if add_bypas_arg:
|
if add_bypas_arg:
|
||||||
# Expect nat_pass to be sent to the backend
|
# Expect nat_pass to be sent to the backend
|
||||||
@ -998,7 +1000,8 @@ class LogicalRouterTestCase(BaseTestResource):
|
|||||||
translated_network=translated_net,
|
translated_network=translated_net,
|
||||||
rule_priority=priority,
|
rule_priority=priority,
|
||||||
bypass_firewall=False,
|
bypass_firewall=False,
|
||||||
display_name=display_name)
|
display_name=display_name,
|
||||||
|
logging=logging)
|
||||||
except exceptions.InvalidInput as e:
|
except exceptions.InvalidInput as e:
|
||||||
if expect_failure:
|
if expect_failure:
|
||||||
return
|
return
|
||||||
@ -1016,6 +1019,10 @@ class LogicalRouterTestCase(BaseTestResource):
|
|||||||
# Ignoring 'bypass_firewall' with version 1.1
|
# Ignoring 'bypass_firewall' with version 1.1
|
||||||
self._test_nat_rule_create('1.1.0', add_bypas_arg=False)
|
self._test_nat_rule_create('1.1.0', add_bypas_arg=False)
|
||||||
|
|
||||||
|
def test_nat_rule_create_with_logging(self):
|
||||||
|
# enable logging parameter in snat obj
|
||||||
|
self._test_nat_rule_create('1.1.0', add_bypas_arg=False, logging=True)
|
||||||
|
|
||||||
def test_nat_rule_create_v2(self):
|
def test_nat_rule_create_v2(self):
|
||||||
# Sending 'bypass_firewall' with version 1.1
|
# Sending 'bypass_firewall' with version 1.1
|
||||||
self._test_nat_rule_create('2.0.0')
|
self._test_nat_rule_create('2.0.0')
|
||||||
|
@ -596,7 +596,7 @@ class NsxLibLogicalRouter(utils.NsxLibApiBase):
|
|||||||
enabled=True, rule_priority=None,
|
enabled=True, rule_priority=None,
|
||||||
match_ports=None, match_protocol=None,
|
match_ports=None, match_protocol=None,
|
||||||
match_resource_type=None,
|
match_resource_type=None,
|
||||||
bypass_firewall=True,
|
bypass_firewall=True, logging=None,
|
||||||
tags=None,
|
tags=None,
|
||||||
display_name=None):
|
display_name=None):
|
||||||
self._validate_nat_rule_action(action)
|
self._validate_nat_rule_action(action)
|
||||||
@ -629,6 +629,8 @@ class NsxLibLogicalRouter(utils.NsxLibApiBase):
|
|||||||
body['tags'] = tags
|
body['tags'] = tags
|
||||||
if display_name:
|
if display_name:
|
||||||
body['display_name'] = display_name
|
body['display_name'] = display_name
|
||||||
|
if logging is not None:
|
||||||
|
body['logging'] = logging
|
||||||
return self.client.create(resource, body)
|
return self.client.create(resource, body)
|
||||||
|
|
||||||
def change_edge_firewall_status(self, logical_router_id, action):
|
def change_edge_firewall_status(self, logical_router_id, action):
|
||||||
|
@ -647,7 +647,7 @@ class RouterNatRule(ResourceDef):
|
|||||||
'destination_network',
|
'destination_network',
|
||||||
'translated_network',
|
'translated_network',
|
||||||
'firewall_match',
|
'firewall_match',
|
||||||
'log',
|
'logging',
|
||||||
'sequence_number',
|
'sequence_number',
|
||||||
'enabled'])
|
'enabled'])
|
||||||
return body
|
return body
|
||||||
|
@ -1693,7 +1693,7 @@ class NsxPolicyTier0NatRuleApi(NsxPolicyResourceBase):
|
|||||||
firewall_match=constants.NAT_FIREWALL_MATCH_BYPASS,
|
firewall_match=constants.NAT_FIREWALL_MATCH_BYPASS,
|
||||||
action=IGNORE,
|
action=IGNORE,
|
||||||
sequence_number=IGNORE,
|
sequence_number=IGNORE,
|
||||||
log=IGNORE,
|
logging=IGNORE,
|
||||||
tags=IGNORE,
|
tags=IGNORE,
|
||||||
tenant=constants.POLICY_INFRA_TENANT,
|
tenant=constants.POLICY_INFRA_TENANT,
|
||||||
enabled=IGNORE):
|
enabled=IGNORE):
|
||||||
@ -1710,7 +1710,7 @@ class NsxPolicyTier0NatRuleApi(NsxPolicyResourceBase):
|
|||||||
firewall_match=firewall_match,
|
firewall_match=firewall_match,
|
||||||
action=action,
|
action=action,
|
||||||
sequence_number=sequence_number,
|
sequence_number=sequence_number,
|
||||||
log=log,
|
logging=logging,
|
||||||
tags=tags,
|
tags=tags,
|
||||||
tenant=tenant,
|
tenant=tenant,
|
||||||
enabled=enabled)
|
enabled=enabled)
|
||||||
@ -1745,7 +1745,7 @@ class NsxPolicyTier0NatRuleApi(NsxPolicyResourceBase):
|
|||||||
firewall_match=IGNORE,
|
firewall_match=IGNORE,
|
||||||
action=IGNORE,
|
action=IGNORE,
|
||||||
sequence_number=IGNORE,
|
sequence_number=IGNORE,
|
||||||
log=IGNORE,
|
logging=IGNORE,
|
||||||
tags=IGNORE,
|
tags=IGNORE,
|
||||||
tenant=constants.POLICY_INFRA_TENANT,
|
tenant=constants.POLICY_INFRA_TENANT,
|
||||||
enabled=IGNORE):
|
enabled=IGNORE):
|
||||||
@ -1760,7 +1760,7 @@ class NsxPolicyTier0NatRuleApi(NsxPolicyResourceBase):
|
|||||||
firewall_match=firewall_match,
|
firewall_match=firewall_match,
|
||||||
action=action,
|
action=action,
|
||||||
sequence_number=sequence_number,
|
sequence_number=sequence_number,
|
||||||
log=log,
|
logging=logging,
|
||||||
tags=tags,
|
tags=tags,
|
||||||
tenant=tenant,
|
tenant=tenant,
|
||||||
enabled=enabled)
|
enabled=enabled)
|
||||||
@ -1783,7 +1783,7 @@ class NsxPolicyTier1NatRuleApi(NsxPolicyResourceBase):
|
|||||||
firewall_match=constants.NAT_FIREWALL_MATCH_BYPASS,
|
firewall_match=constants.NAT_FIREWALL_MATCH_BYPASS,
|
||||||
action=IGNORE,
|
action=IGNORE,
|
||||||
sequence_number=IGNORE,
|
sequence_number=IGNORE,
|
||||||
log=IGNORE,
|
logging=IGNORE,
|
||||||
tags=IGNORE,
|
tags=IGNORE,
|
||||||
tenant=constants.POLICY_INFRA_TENANT,
|
tenant=constants.POLICY_INFRA_TENANT,
|
||||||
enabled=IGNORE):
|
enabled=IGNORE):
|
||||||
@ -1800,7 +1800,7 @@ class NsxPolicyTier1NatRuleApi(NsxPolicyResourceBase):
|
|||||||
firewall_match=firewall_match,
|
firewall_match=firewall_match,
|
||||||
action=action,
|
action=action,
|
||||||
sequence_number=sequence_number,
|
sequence_number=sequence_number,
|
||||||
log=log,
|
logging=logging,
|
||||||
tags=tags,
|
tags=tags,
|
||||||
tenant=tenant,
|
tenant=tenant,
|
||||||
enabled=enabled)
|
enabled=enabled)
|
||||||
@ -1835,7 +1835,7 @@ class NsxPolicyTier1NatRuleApi(NsxPolicyResourceBase):
|
|||||||
firewall_match=IGNORE,
|
firewall_match=IGNORE,
|
||||||
action=IGNORE,
|
action=IGNORE,
|
||||||
sequence_number=IGNORE,
|
sequence_number=IGNORE,
|
||||||
log=IGNORE,
|
logging=IGNORE,
|
||||||
tags=IGNORE,
|
tags=IGNORE,
|
||||||
tenant=constants.POLICY_INFRA_TENANT,
|
tenant=constants.POLICY_INFRA_TENANT,
|
||||||
enabled=IGNORE):
|
enabled=IGNORE):
|
||||||
@ -1850,7 +1850,7 @@ class NsxPolicyTier1NatRuleApi(NsxPolicyResourceBase):
|
|||||||
firewall_match=firewall_match,
|
firewall_match=firewall_match,
|
||||||
action=action,
|
action=action,
|
||||||
sequence_number=sequence_number,
|
sequence_number=sequence_number,
|
||||||
log=log,
|
logging=logging,
|
||||||
tags=tags,
|
tags=tags,
|
||||||
tenant=tenant,
|
tenant=tenant,
|
||||||
enabled=enabled)
|
enabled=enabled)
|
||||||
|
Loading…
Reference in New Issue
Block a user