Policy: support multiple services in a communication map
Change-Id: I982b04e428f86168838c114b233e646d332dde28
This commit is contained in:
Adit Sarfaty
parent
f680a5acd2
commit
44d566d636
@ -205,7 +205,7 @@ class TestPolicyCommunicationMap(TestPolicyApi):
|
|||||||
source_groups=["group1",
|
source_groups=["group1",
|
||||||
"group2"],
|
"group2"],
|
||||||
dest_groups=["group1"],
|
dest_groups=["group1"],
|
||||||
service_id="service1")
|
service_ids=["service1"])
|
||||||
|
|
||||||
self.entry2 = policy.CommunicationMapEntryDef(
|
self.entry2 = policy.CommunicationMapEntryDef(
|
||||||
'd1', 'cm2', 'en2',
|
'd1', 'cm2', 'en2',
|
||||||
@ -213,7 +213,7 @@ class TestPolicyCommunicationMap(TestPolicyApi):
|
|||||||
source_groups=["group1",
|
source_groups=["group1",
|
||||||
"group2"],
|
"group2"],
|
||||||
dest_groups=["group3"],
|
dest_groups=["group3"],
|
||||||
service_id="service2")
|
service_ids=["service2"])
|
||||||
|
|
||||||
self.expected_data1 = {'id': 'en1',
|
self.expected_data1 = {'id': 'en1',
|
||||||
'display_name': None,
|
'display_name': None,
|
||||||
|
|||||||
@ -624,7 +624,7 @@ class TestPolicyCommunicationMap(NsxPolicyLibTestCase):
|
|||||||
map_id=map_id,
|
map_id=map_id,
|
||||||
description=description,
|
description=description,
|
||||||
sequence_number=seq_num,
|
sequence_number=seq_num,
|
||||||
service_id=service_id,
|
service_ids=[service_id],
|
||||||
source_groups=[source_group],
|
source_groups=[source_group],
|
||||||
dest_groups=[dest_group],
|
dest_groups=[dest_group],
|
||||||
tenant=TEST_TENANT)
|
tenant=TEST_TENANT)
|
||||||
@ -645,7 +645,7 @@ class TestPolicyCommunicationMap(NsxPolicyLibTestCase):
|
|||||||
name=name,
|
name=name,
|
||||||
description=description,
|
description=description,
|
||||||
sequence_number=seq_num,
|
sequence_number=seq_num,
|
||||||
service_id=service_id,
|
service_ids=[service_id],
|
||||||
source_groups=[source_group],
|
source_groups=[source_group],
|
||||||
dest_groups=[dest_group],
|
dest_groups=[dest_group],
|
||||||
tenant=TEST_TENANT)
|
tenant=TEST_TENANT)
|
||||||
@ -668,7 +668,7 @@ class TestPolicyCommunicationMap(NsxPolicyLibTestCase):
|
|||||||
self.resourceApi.create_or_overwrite(name, domain_id,
|
self.resourceApi.create_or_overwrite(name, domain_id,
|
||||||
map_id=map_id,
|
map_id=map_id,
|
||||||
description=description,
|
description=description,
|
||||||
service_id=service_id,
|
service_ids=[service_id],
|
||||||
source_groups=[source_group],
|
source_groups=[source_group],
|
||||||
dest_groups=[dest_group],
|
dest_groups=[dest_group],
|
||||||
category=category,
|
category=category,
|
||||||
@ -691,7 +691,7 @@ class TestPolicyCommunicationMap(NsxPolicyLibTestCase):
|
|||||||
name=name,
|
name=name,
|
||||||
description=description,
|
description=description,
|
||||||
sequence_number=1,
|
sequence_number=1,
|
||||||
service_id=service_id,
|
service_ids=[service_id],
|
||||||
source_groups=[source_group],
|
source_groups=[source_group],
|
||||||
dest_groups=[dest_group],
|
dest_groups=[dest_group],
|
||||||
tenant=TEST_TENANT)
|
tenant=TEST_TENANT)
|
||||||
@ -703,12 +703,14 @@ class TestPolicyCommunicationMap(NsxPolicyLibTestCase):
|
|||||||
description = 'desc'
|
description = 'desc'
|
||||||
source_group = 'g1'
|
source_group = 'g1'
|
||||||
dest_group = 'g2'
|
dest_group = 'g2'
|
||||||
service_id = 'c1'
|
service1_id = 'c1'
|
||||||
|
service2_id = 'c2'
|
||||||
with mock.patch.object(self.policy_api,
|
with mock.patch.object(self.policy_api,
|
||||||
"create_with_parent") as api_call:
|
"create_with_parent") as api_call:
|
||||||
self.resourceApi.create_or_overwrite(name, domain_id,
|
self.resourceApi.create_or_overwrite(name, domain_id,
|
||||||
description=description,
|
description=description,
|
||||||
service_id=service_id,
|
service_ids=[service1_id,
|
||||||
|
service2_id],
|
||||||
source_groups=[source_group],
|
source_groups=[source_group],
|
||||||
dest_groups=[dest_group],
|
dest_groups=[dest_group],
|
||||||
tenant=TEST_TENANT)
|
tenant=TEST_TENANT)
|
||||||
@ -729,7 +731,7 @@ class TestPolicyCommunicationMap(NsxPolicyLibTestCase):
|
|||||||
name=name,
|
name=name,
|
||||||
description=description,
|
description=description,
|
||||||
sequence_number=1,
|
sequence_number=1,
|
||||||
service_id=service_id,
|
service_ids=[service1_id, service2_id],
|
||||||
source_groups=[source_group],
|
source_groups=[source_group],
|
||||||
dest_groups=[dest_group],
|
dest_groups=[dest_group],
|
||||||
tenant=TEST_TENANT)
|
tenant=TEST_TENANT)
|
||||||
@ -790,7 +792,8 @@ class TestPolicyCommunicationMap(NsxPolicyLibTestCase):
|
|||||||
description = 'new desc'
|
description = 'new desc'
|
||||||
source_group = 'ng1'
|
source_group = 'ng1'
|
||||||
dest_group = 'ng2'
|
dest_group = 'ng2'
|
||||||
service_id = 'nc1'
|
service1_id = 'nc1'
|
||||||
|
service2_id = 'nc2'
|
||||||
with mock.patch.object(self.policy_api, "get",
|
with mock.patch.object(self.policy_api, "get",
|
||||||
return_value={}) as get_call,\
|
return_value={}) as get_call,\
|
||||||
mock.patch.object(self.policy_api,
|
mock.patch.object(self.policy_api,
|
||||||
@ -798,7 +801,7 @@ class TestPolicyCommunicationMap(NsxPolicyLibTestCase):
|
|||||||
self.resourceApi.update(domain_id, map_id,
|
self.resourceApi.update(domain_id, map_id,
|
||||||
name=name,
|
name=name,
|
||||||
description=description,
|
description=description,
|
||||||
service_id=service_id,
|
service_ids=[service1_id, service2_id],
|
||||||
source_groups=[source_group],
|
source_groups=[source_group],
|
||||||
dest_groups=[dest_group],
|
dest_groups=[dest_group],
|
||||||
tenant=TEST_TENANT)
|
tenant=TEST_TENANT)
|
||||||
|
|||||||
@ -372,7 +372,7 @@ class CommunicationMapEntryDef(ResourceDef):
|
|||||||
sequence_number=None,
|
sequence_number=None,
|
||||||
source_groups=None,
|
source_groups=None,
|
||||||
dest_groups=None,
|
dest_groups=None,
|
||||||
service_id=None,
|
service_ids=None,
|
||||||
action=policy_constants.ACTION_ALLOW,
|
action=policy_constants.ACTION_ALLOW,
|
||||||
scope="ANY",
|
scope="ANY",
|
||||||
name=None,
|
name=None,
|
||||||
@ -390,8 +390,8 @@ class CommunicationMapEntryDef(ResourceDef):
|
|||||||
self.scope = scope
|
self.scope = scope
|
||||||
self.source_groups = self.get_groups_path(domain_id, source_groups)
|
self.source_groups = self.get_groups_path(domain_id, source_groups)
|
||||||
self.dest_groups = self.get_groups_path(domain_id, dest_groups)
|
self.dest_groups = self.get_groups_path(domain_id, dest_groups)
|
||||||
self.service_path = self.get_service_path(
|
self.service_paths = [self.get_service_path(service_id) for service_id
|
||||||
service_id) if service_id else None
|
in service_ids] if service_ids else []
|
||||||
self.parent_ids = (tenant, domain_id, map_id)
|
self.parent_ids = (tenant, domain_id, map_id)
|
||||||
|
|
||||||
# convert groups and services to full path
|
# convert groups and services to full path
|
||||||
@ -418,7 +418,7 @@ class CommunicationMapEntryDef(ResourceDef):
|
|||||||
body['source_groups'] = self.source_groups
|
body['source_groups'] = self.source_groups
|
||||||
body['destination_groups'] = self.dest_groups
|
body['destination_groups'] = self.dest_groups
|
||||||
body['sequence_number'] = self.sequence_number
|
body['sequence_number'] = self.sequence_number
|
||||||
body['services'] = [self.service_path]
|
body['services'] = self.service_paths
|
||||||
body['scope'] = [self.scope]
|
body['scope'] = [self.scope]
|
||||||
body['action'] = self.action
|
body['action'] = self.action
|
||||||
return body
|
return body
|
||||||
@ -428,10 +428,10 @@ class CommunicationMapEntryDef(ResourceDef):
|
|||||||
if 'body' in kwargs:
|
if 'body' in kwargs:
|
||||||
del kwargs['body']
|
del kwargs['body']
|
||||||
# Fix params that need special conversions
|
# Fix params that need special conversions
|
||||||
if kwargs.get('service_id') is not None:
|
if kwargs.get('service_ids') is not None:
|
||||||
service_path = self.get_service_path(kwargs['service_id'])
|
body['services'] = [self.get_service_path(service_id) for
|
||||||
body['services'] = [service_path]
|
service_id in kwargs['service_ids']]
|
||||||
del kwargs['service_id']
|
del kwargs['service_ids']
|
||||||
|
|
||||||
if kwargs.get('dest_groups') is not None:
|
if kwargs.get('dest_groups') is not None:
|
||||||
groups = self.get_groups_path(
|
groups = self.get_groups_path(
|
||||||
|
|||||||
@ -434,7 +434,7 @@ class NsxPolicyCommunicationMapApi(NsxPolicyResourceBase):
|
|||||||
def create_or_overwrite(self, name, domain_id, map_id=None,
|
def create_or_overwrite(self, name, domain_id, map_id=None,
|
||||||
description=None, precedence=0,
|
description=None, precedence=0,
|
||||||
category=policy_constants.CATEGORY_DEFAULT,
|
category=policy_constants.CATEGORY_DEFAULT,
|
||||||
sequence_number=None, service_id=None,
|
sequence_number=None, service_ids=None,
|
||||||
action=policy_constants.ACTION_ALLOW,
|
action=policy_constants.ACTION_ALLOW,
|
||||||
source_groups=None, dest_groups=None,
|
source_groups=None, dest_groups=None,
|
||||||
tenant=policy_constants.POLICY_INFRA_TENANT):
|
tenant=policy_constants.POLICY_INFRA_TENANT):
|
||||||
@ -447,10 +447,10 @@ class NsxPolicyCommunicationMapApi(NsxPolicyResourceBase):
|
|||||||
end up with same sequence number.
|
end up with same sequence number.
|
||||||
"""
|
"""
|
||||||
# Validate and convert inputs
|
# Validate and convert inputs
|
||||||
if not service_id:
|
if not service_ids:
|
||||||
# service-id must be provided
|
# service-ids must be provided
|
||||||
err_msg = (_("Cannot create a communication map %(name)s without "
|
err_msg = (_("Cannot create a communication map %(name)s without "
|
||||||
"service id") % {'name': name})
|
"services") % {'name': name})
|
||||||
raise exceptions.ManagerError(details=err_msg)
|
raise exceptions.ManagerError(details=err_msg)
|
||||||
if map_id:
|
if map_id:
|
||||||
# get the next available sequence number
|
# get the next available sequence number
|
||||||
@ -477,7 +477,7 @@ class NsxPolicyCommunicationMapApi(NsxPolicyResourceBase):
|
|||||||
sequence_number=sequence_number,
|
sequence_number=sequence_number,
|
||||||
source_groups=source_groups,
|
source_groups=source_groups,
|
||||||
dest_groups=dest_groups,
|
dest_groups=dest_groups,
|
||||||
service_id=service_id,
|
service_ids=service_ids,
|
||||||
action=action,
|
action=action,
|
||||||
tenant=tenant)
|
tenant=tenant)
|
||||||
|
|
||||||
@ -525,7 +525,7 @@ class NsxPolicyCommunicationMapApi(NsxPolicyResourceBase):
|
|||||||
return self.policy_api.list(map_def)['results']
|
return self.policy_api.list(map_def)['results']
|
||||||
|
|
||||||
def update(self, domain_id, map_id, name=None, description=None,
|
def update(self, domain_id, map_id, name=None, description=None,
|
||||||
sequence_number=None, service_id=None, action=None,
|
sequence_number=None, service_ids=None, action=None,
|
||||||
source_groups=None, dest_groups=None, precedence=None,
|
source_groups=None, dest_groups=None, precedence=None,
|
||||||
category=None,
|
category=None,
|
||||||
tenant=policy_constants.POLICY_INFRA_TENANT):
|
tenant=policy_constants.POLICY_INFRA_TENANT):
|
||||||
@ -554,7 +554,7 @@ class NsxPolicyCommunicationMapApi(NsxPolicyResourceBase):
|
|||||||
entry_def.update_attributes_in_body(
|
entry_def.update_attributes_in_body(
|
||||||
body=comm_entry, name=name,
|
body=comm_entry, name=name,
|
||||||
description=description,
|
description=description,
|
||||||
service_id=service_id,
|
service_ids=service_ids,
|
||||||
source_groups=source_groups,
|
source_groups=source_groups,
|
||||||
dest_groups=dest_groups,
|
dest_groups=dest_groups,
|
||||||
sequence_number=sequence_number,
|
sequence_number=sequence_number,
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user