Add api support for enabling snat rule logging

1. For MP, add logging parameter in snat rule creating api
2. For Policy, change parameter name from log to logging for tier0
   and tier1 snat rule object.

Change-Id: I4f03fa6a35f138a7112782d58a1cc5a4b1648d61
This commit is contained in:
sean 2020-11-05 18:26:46 -08:00
parent 20ec669402
commit 0323737ed1
5 changed files with 42 additions and 21 deletions

View File

@ -3575,6 +3575,7 @@ class TestPolicyTier0NatRule(NsxPolicyLibTestCase):
cidr1 = '1.1.1.1/32' cidr1 = '1.1.1.1/32'
cidr2 = '2.2.2.0/24' cidr2 = '2.2.2.0/24'
enabled = True enabled = True
logging = False
with mock.patch.object(self.policy_api, with mock.patch.object(self.policy_api,
"create_or_update") as api_call: "create_or_update") as api_call:
@ -3587,7 +3588,8 @@ class TestPolicyTier0NatRule(NsxPolicyLibTestCase):
source_network=cidr2, source_network=cidr2,
firewall_match=firewall_match, firewall_match=firewall_match,
tenant=TEST_TENANT, tenant=TEST_TENANT,
enabled=enabled) enabled=enabled,
logging=logging)
expected_def = core_defs.Tier0NatRule( expected_def = core_defs.Tier0NatRule(
tier0_id=tier0_id, tier0_id=tier0_id,
nat_rule_id=nat_rule_id, nat_rule_id=nat_rule_id,
@ -3599,7 +3601,8 @@ class TestPolicyTier0NatRule(NsxPolicyLibTestCase):
source_network=cidr2, source_network=cidr2,
firewall_match=firewall_match, firewall_match=firewall_match,
tenant=TEST_TENANT, tenant=TEST_TENANT,
enabled=enabled) enabled=enabled,
logging=logging)
self.assert_called_with_def(api_call, expected_def) self.assert_called_with_def(api_call, expected_def)
self.assertIsNotNone(result) self.assertIsNotNone(result)
@ -3643,6 +3646,7 @@ class TestPolicyTier0NatRule(NsxPolicyLibTestCase):
cidr1 = '1.1.1.1/32' cidr1 = '1.1.1.1/32'
cidr2 = '2.2.2.0/24' cidr2 = '2.2.2.0/24'
enabled = True enabled = True
logging = False
with mock.patch.object(self.policy_api, with mock.patch.object(self.policy_api,
"create_or_update") as api_call: "create_or_update") as api_call:
@ -3655,7 +3659,8 @@ class TestPolicyTier0NatRule(NsxPolicyLibTestCase):
firewall_match=firewall_match, firewall_match=firewall_match,
source_network=cidr2, source_network=cidr2,
tenant=TEST_TENANT, tenant=TEST_TENANT,
enabled=enabled) enabled=enabled,
logging=logging)
expected_def = core_defs.Tier0NatRule( expected_def = core_defs.Tier0NatRule(
tier0_id=tier0_id, tier0_id=tier0_id,
@ -3668,7 +3673,8 @@ class TestPolicyTier0NatRule(NsxPolicyLibTestCase):
firewall_match=firewall_match, firewall_match=firewall_match,
source_network=cidr2, source_network=cidr2,
tenant=TEST_TENANT, tenant=TEST_TENANT,
enabled=enabled) enabled=enabled,
logging=logging)
self.assert_called_with_def(api_call, expected_def) self.assert_called_with_def(api_call, expected_def)
@ -3688,6 +3694,7 @@ class TestPolicyTier1NatRule(NsxPolicyLibTestCase):
cidr1 = '1.1.1.1/32' cidr1 = '1.1.1.1/32'
cidr2 = '2.2.2.0/24' cidr2 = '2.2.2.0/24'
enabled = True enabled = True
logging = True
with mock.patch.object(self.policy_api, with mock.patch.object(self.policy_api,
"create_or_update") as api_call: "create_or_update") as api_call:
@ -3700,7 +3707,8 @@ class TestPolicyTier1NatRule(NsxPolicyLibTestCase):
firewall_match=firewall_match, firewall_match=firewall_match,
source_network=cidr2, source_network=cidr2,
tenant=TEST_TENANT, tenant=TEST_TENANT,
enabled=enabled) enabled=enabled,
logging=logging)
expected_def = core_defs.Tier1NatRule( expected_def = core_defs.Tier1NatRule(
tier1_id=tier1_id, tier1_id=tier1_id,
@ -3713,7 +3721,8 @@ class TestPolicyTier1NatRule(NsxPolicyLibTestCase):
firewall_match=firewall_match, firewall_match=firewall_match,
source_network=cidr2, source_network=cidr2,
tenant=TEST_TENANT, tenant=TEST_TENANT,
enabled=enabled) enabled=enabled,
logging=logging)
self.assert_called_with_def(api_call, expected_def) self.assert_called_with_def(api_call, expected_def)
self.assertIsNotNone(result) self.assertIsNotNone(result)
@ -3742,6 +3751,7 @@ class TestPolicyTier1NatRule(NsxPolicyLibTestCase):
cidr1 = '1.1.1.1/32' cidr1 = '1.1.1.1/32'
cidr2 = '2.2.2.0/24' cidr2 = '2.2.2.0/24'
enabled = True enabled = True
logging = True
with mock.patch.object(self.policy_api, with mock.patch.object(self.policy_api,
"create_or_update") as api_call: "create_or_update") as api_call:
@ -3754,7 +3764,8 @@ class TestPolicyTier1NatRule(NsxPolicyLibTestCase):
firewall_match=firewall_match, firewall_match=firewall_match,
source_network=cidr2, source_network=cidr2,
tenant=TEST_TENANT, tenant=TEST_TENANT,
enabled=enabled) enabled=enabled,
logging=logging)
expected_def = core_defs.Tier1NatRule( expected_def = core_defs.Tier1NatRule(
tier1_id=tier1_id, tier1_id=tier1_id,
@ -3767,7 +3778,8 @@ class TestPolicyTier1NatRule(NsxPolicyLibTestCase):
firewall_match=firewall_match, firewall_match=firewall_match,
source_network=cidr2, source_network=cidr2,
tenant=TEST_TENANT, tenant=TEST_TENANT,
enabled=enabled) enabled=enabled,
logging=logging)
self.assert_called_with_def(api_call, expected_def) self.assert_called_with_def(api_call, expected_def)

View File

@ -972,7 +972,8 @@ class LogicalRouterTestCase(BaseTestResource):
self.assertEqual(test_constants.FAKE_ROUTER_FW_SEC_UUID, section_id) self.assertEqual(test_constants.FAKE_ROUTER_FW_SEC_UUID, section_id)
def _test_nat_rule_create(self, nsx_version, add_bypas_arg=True, def _test_nat_rule_create(self, nsx_version, add_bypas_arg=True,
action='SNAT', expect_failure=False): action='SNAT', expect_failure=False,
logging=False):
router = self.get_mocked_resource() router = self.get_mocked_resource()
translated_net = '1.1.1.1' translated_net = '1.1.1.1'
priority = 10 priority = 10
@ -983,7 +984,8 @@ class LogicalRouterTestCase(BaseTestResource):
'display_name': display_name, 'display_name': display_name,
'enabled': True, 'enabled': True,
'translated_network': translated_net, 'translated_network': translated_net,
'rule_priority': priority 'rule_priority': priority,
'logging': logging
} }
if add_bypas_arg: if add_bypas_arg:
# Expect nat_pass to be sent to the backend # Expect nat_pass to be sent to the backend
@ -998,7 +1000,8 @@ class LogicalRouterTestCase(BaseTestResource):
translated_network=translated_net, translated_network=translated_net,
rule_priority=priority, rule_priority=priority,
bypass_firewall=False, bypass_firewall=False,
display_name=display_name) display_name=display_name,
logging=logging)
except exceptions.InvalidInput as e: except exceptions.InvalidInput as e:
if expect_failure: if expect_failure:
return return
@ -1016,6 +1019,10 @@ class LogicalRouterTestCase(BaseTestResource):
# Ignoring 'bypass_firewall' with version 1.1 # Ignoring 'bypass_firewall' with version 1.1
self._test_nat_rule_create('1.1.0', add_bypas_arg=False) self._test_nat_rule_create('1.1.0', add_bypas_arg=False)
def test_nat_rule_create_with_logging(self):
# enable logging parameter in snat obj
self._test_nat_rule_create('1.1.0', add_bypas_arg=False, logging=True)
def test_nat_rule_create_v2(self): def test_nat_rule_create_v2(self):
# Sending 'bypass_firewall' with version 1.1 # Sending 'bypass_firewall' with version 1.1
self._test_nat_rule_create('2.0.0') self._test_nat_rule_create('2.0.0')

View File

@ -596,7 +596,7 @@ class NsxLibLogicalRouter(utils.NsxLibApiBase):
enabled=True, rule_priority=None, enabled=True, rule_priority=None,
match_ports=None, match_protocol=None, match_ports=None, match_protocol=None,
match_resource_type=None, match_resource_type=None,
bypass_firewall=True, bypass_firewall=True, logging=None,
tags=None, tags=None,
display_name=None): display_name=None):
self._validate_nat_rule_action(action) self._validate_nat_rule_action(action)
@ -629,6 +629,8 @@ class NsxLibLogicalRouter(utils.NsxLibApiBase):
body['tags'] = tags body['tags'] = tags
if display_name: if display_name:
body['display_name'] = display_name body['display_name'] = display_name
if logging is not None:
body['logging'] = logging
return self.client.create(resource, body) return self.client.create(resource, body)
def change_edge_firewall_status(self, logical_router_id, action): def change_edge_firewall_status(self, logical_router_id, action):

View File

@ -647,7 +647,7 @@ class RouterNatRule(ResourceDef):
'destination_network', 'destination_network',
'translated_network', 'translated_network',
'firewall_match', 'firewall_match',
'log', 'logging',
'sequence_number', 'sequence_number',
'enabled']) 'enabled'])
return body return body

View File

@ -1693,7 +1693,7 @@ class NsxPolicyTier0NatRuleApi(NsxPolicyResourceBase):
firewall_match=constants.NAT_FIREWALL_MATCH_BYPASS, firewall_match=constants.NAT_FIREWALL_MATCH_BYPASS,
action=IGNORE, action=IGNORE,
sequence_number=IGNORE, sequence_number=IGNORE,
log=IGNORE, logging=IGNORE,
tags=IGNORE, tags=IGNORE,
tenant=constants.POLICY_INFRA_TENANT, tenant=constants.POLICY_INFRA_TENANT,
enabled=IGNORE): enabled=IGNORE):
@ -1710,7 +1710,7 @@ class NsxPolicyTier0NatRuleApi(NsxPolicyResourceBase):
firewall_match=firewall_match, firewall_match=firewall_match,
action=action, action=action,
sequence_number=sequence_number, sequence_number=sequence_number,
log=log, logging=logging,
tags=tags, tags=tags,
tenant=tenant, tenant=tenant,
enabled=enabled) enabled=enabled)
@ -1745,7 +1745,7 @@ class NsxPolicyTier0NatRuleApi(NsxPolicyResourceBase):
firewall_match=IGNORE, firewall_match=IGNORE,
action=IGNORE, action=IGNORE,
sequence_number=IGNORE, sequence_number=IGNORE,
log=IGNORE, logging=IGNORE,
tags=IGNORE, tags=IGNORE,
tenant=constants.POLICY_INFRA_TENANT, tenant=constants.POLICY_INFRA_TENANT,
enabled=IGNORE): enabled=IGNORE):
@ -1760,7 +1760,7 @@ class NsxPolicyTier0NatRuleApi(NsxPolicyResourceBase):
firewall_match=firewall_match, firewall_match=firewall_match,
action=action, action=action,
sequence_number=sequence_number, sequence_number=sequence_number,
log=log, logging=logging,
tags=tags, tags=tags,
tenant=tenant, tenant=tenant,
enabled=enabled) enabled=enabled)
@ -1783,7 +1783,7 @@ class NsxPolicyTier1NatRuleApi(NsxPolicyResourceBase):
firewall_match=constants.NAT_FIREWALL_MATCH_BYPASS, firewall_match=constants.NAT_FIREWALL_MATCH_BYPASS,
action=IGNORE, action=IGNORE,
sequence_number=IGNORE, sequence_number=IGNORE,
log=IGNORE, logging=IGNORE,
tags=IGNORE, tags=IGNORE,
tenant=constants.POLICY_INFRA_TENANT, tenant=constants.POLICY_INFRA_TENANT,
enabled=IGNORE): enabled=IGNORE):
@ -1800,7 +1800,7 @@ class NsxPolicyTier1NatRuleApi(NsxPolicyResourceBase):
firewall_match=firewall_match, firewall_match=firewall_match,
action=action, action=action,
sequence_number=sequence_number, sequence_number=sequence_number,
log=log, logging=logging,
tags=tags, tags=tags,
tenant=tenant, tenant=tenant,
enabled=enabled) enabled=enabled)
@ -1835,7 +1835,7 @@ class NsxPolicyTier1NatRuleApi(NsxPolicyResourceBase):
firewall_match=IGNORE, firewall_match=IGNORE,
action=IGNORE, action=IGNORE,
sequence_number=IGNORE, sequence_number=IGNORE,
log=IGNORE, logging=IGNORE,
tags=IGNORE, tags=IGNORE,
tenant=constants.POLICY_INFRA_TENANT, tenant=constants.POLICY_INFRA_TENANT,
enabled=IGNORE): enabled=IGNORE):
@ -1850,7 +1850,7 @@ class NsxPolicyTier1NatRuleApi(NsxPolicyResourceBase):
firewall_match=firewall_match, firewall_match=firewall_match,
action=action, action=action,
sequence_number=sequence_number, sequence_number=sequence_number,
log=log, logging=logging,
tags=tags, tags=tags,
tenant=tenant, tenant=tenant,
enabled=enabled) enabled=enabled)