diff --git a/requirements.txt b/requirements.txt index a8212716..43efa20d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -9,7 +9,6 @@ eventlet!=0.18.3,!=0.20.1,<0.21.0,>=0.18.2 # MIT netaddr>=0.7.18 # BSD tenacity>=3.2.1 # Apache-2.0 six>=1.9.0 # MIT -neutron-lib>=1.11.0 # Apache-2.0 oslo.i18n>=3.15.3 # Apache-2.0 oslo.log>=3.30.0 # Apache-2.0 oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0 diff --git a/tox.ini b/tox.ini index 54b3b4b3..58d82be1 100644 --- a/tox.ini +++ b/tox.ini @@ -91,9 +91,7 @@ exclude = build,dist import-order-style = pep8 [hacking] -import_exceptions = vmware_nsxlib._i18n, - vmware_nsxlib_tempest._i18n -local-check-factory = neutron_lib.hacking.checks.factory +import_exceptions = vmware_nsxlib._i18n [testenv:genconfig] commands = diff --git a/vmware_nsxlib/tests/unit/v3/test_cert.py b/vmware_nsxlib/tests/unit/v3/test_cert.py index 24c589b3..d348bc5c 100644 --- a/vmware_nsxlib/tests/unit/v3/test_cert.py +++ b/vmware_nsxlib/tests/unit/v3/test_cert.py @@ -15,7 +15,6 @@ # import os -from neutron_lib import exceptions from OpenSSL import crypto from oslo_serialization import jsonutils @@ -291,6 +290,6 @@ class NsxV3ClientCertificateTestCase(nsxlib_testcase.NsxClientTestCase): 'subject': {}}] for args in bad_cert_values: - self.assertRaises(exceptions.InvalidInput, + self.assertRaises(nsxlib_exc.NsxLibInvalidInput, client_cert.generate_self_signed_cert_pair, **args) diff --git a/vmware_nsxlib/tests/unit/v3/test_utils.py b/vmware_nsxlib/tests/unit/v3/test_utils.py index c9ec2211..3be2fce4 100644 --- a/vmware_nsxlib/tests/unit/v3/test_utils.py +++ b/vmware_nsxlib/tests/unit/v3/test_utils.py @@ -13,9 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. -from neutron_lib import exceptions as n_exc - from vmware_nsxlib.tests.unit.v3 import nsxlib_testcase +from vmware_nsxlib.v3 import exceptions from vmware_nsxlib.v3 import nsx_constants from vmware_nsxlib.v3 import utils @@ -50,7 +49,7 @@ class TestNsxV3Utils(nsxlib_testcase.NsxClientTestCase): self.assertEqual(expected, result) def test_build_v3_tags_payload_invalid_length(self): - self.assertRaises(n_exc.InvalidInput, + self.assertRaises(exceptions.NsxLibInvalidInput, self.nsxlib.build_v3_tags_payload, {'id': 'fake_id', 'project_id': 'fake_proj_id'}, @@ -115,7 +114,7 @@ class TestNsxV3Utils(nsxlib_testcase.NsxClientTestCase): self.assertEqual(expected, result) def test_add_v3_tag_invalid_scope_length(self): - self.assertRaises(n_exc.InvalidInput, + self.assertRaises(exceptions.NsxLibInvalidInput, utils.add_v3_tag, [], 'fake-scope-name-is-far-too-long', @@ -242,13 +241,13 @@ class TestNsxV3Utils(nsxlib_testcase.NsxClientTestCase): max_retries = 5 total_count = {'val': 0} - @utils.retry_upon_exception(n_exc.InvalidInput, + @utils.retry_upon_exception(exceptions.NsxLibInvalidInput, max_attempts=max_retries) def func_to_fail(x): total_count['val'] = total_count['val'] + 1 - raise n_exc.InvalidInput() + raise exceptions.NsxLibInvalidInput(error_message='foo') - self.assertRaises(n_exc.InvalidInput, func_to_fail, 99) + self.assertRaises(exceptions.NsxLibInvalidInput, func_to_fail, 99) self.assertEqual(max_retries, total_count['val']) diff --git a/vmware_nsxlib/v3/client_cert.py b/vmware_nsxlib/v3/client_cert.py index da734f6c..7727fb3a 100644 --- a/vmware_nsxlib/v3/client_cert.py +++ b/vmware_nsxlib/v3/client_cert.py @@ -17,7 +17,6 @@ import datetime from time import time import uuid -from neutron_lib import exceptions from OpenSSL import crypto from oslo_log import log @@ -39,7 +38,7 @@ def validate_cert_params(key_size, valid_for_days, expected_key_sizes = (2048, 4096) if key_size not in expected_key_sizes: - raise exceptions.InvalidInput( + raise nsxlib_exceptions.NsxLibInvalidInput( error_message=_('Invalid key size %(value)d' '(must be one of %(list)s)') % {'value': key_size, @@ -47,7 +46,7 @@ def validate_cert_params(key_size, valid_for_days, expected_signature_algs = ('sha224', 'sha256') if signature_alg not in expected_signature_algs: - raise exceptions.InvalidInput( + raise nsxlib_exceptions.NsxLibInvalidInput( error_message=_('Invalid signature algorithm %(value)s' '(must be one of %(list)s)') % {'value': signature_alg, @@ -55,7 +54,7 @@ def validate_cert_params(key_size, valid_for_days, if (CERT_SUBJECT_COUNTRY in subject and (len(subject[CERT_SUBJECT_COUNTRY]) != 2)): - raise exceptions.InvalidInput( + raise nsxlib_exceptions.NsxLibInvalidInput( error_message=_('Invalid country %s: ' 'must be exactly 2 characters') % subject[CERT_SUBJECT_COUNTRY]) @@ -68,7 +67,7 @@ def validate_cert_params(key_size, valid_for_days, for field, max_len in max_len_constraints.items(): if field in subject and (len(subject[field]) > max_len): - raise exceptions.InvalidInput( + raise nsxlib_exceptions.NsxLibInvalidInput( error_message=_('Invalid %(field)s [%(value)s]: ' 'must not exceed %(max)d characters') % {'field': field, diff --git a/vmware_nsxlib/v3/constants.py b/vmware_nsxlib/v3/constants.py new file mode 100644 index 00000000..c05aa175 --- /dev/null +++ b/vmware_nsxlib/v3/constants.py @@ -0,0 +1,88 @@ +# Copyright 2016 VMware, Inc. +# All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +IPv4_ANY = '0.0.0.0/0' + +# Protocol names and numbers for Security Groups/Firewalls +PROTO_NAME_AH = 'ah' +PROTO_NAME_DCCP = 'dccp' +PROTO_NAME_EGP = 'egp' +PROTO_NAME_ESP = 'esp' +PROTO_NAME_GRE = 'gre' +PROTO_NAME_ICMP = 'icmp' +PROTO_NAME_IGMP = 'igmp' +PROTO_NAME_IPV6_ENCAP = 'ipv6-encap' +PROTO_NAME_IPV6_FRAG = 'ipv6-frag' +PROTO_NAME_IPV6_ICMP = 'ipv6-icmp' +# For backward-compatibility of security group rule API, we keep the old value +# for IPv6 ICMP. It should be clean up in the future. +PROTO_NAME_IPV6_ICMP_LEGACY = 'icmpv6' +PROTO_NAME_IPV6_NONXT = 'ipv6-nonxt' +PROTO_NAME_IPV6_OPTS = 'ipv6-opts' +PROTO_NAME_IPV6_ROUTE = 'ipv6-route' +PROTO_NAME_OSPF = 'ospf' +PROTO_NAME_PGM = 'pgm' +PROTO_NAME_RSVP = 'rsvp' +PROTO_NAME_SCTP = 'sctp' +PROTO_NAME_TCP = 'tcp' +PROTO_NAME_UDP = 'udp' +PROTO_NAME_UDPLITE = 'udplite' +PROTO_NAME_VRRP = 'vrrp' + +PROTO_NUM_AH = 51 +PROTO_NUM_DCCP = 33 +PROTO_NUM_EGP = 8 +PROTO_NUM_ESP = 50 +PROTO_NUM_GRE = 47 +PROTO_NUM_ICMP = 1 +PROTO_NUM_IGMP = 2 +PROTO_NUM_IPV6_ENCAP = 41 +PROTO_NUM_IPV6_FRAG = 44 +PROTO_NUM_IPV6_ICMP = 58 +PROTO_NUM_IPV6_NONXT = 59 +PROTO_NUM_IPV6_OPTS = 60 +PROTO_NUM_IPV6_ROUTE = 43 +PROTO_NUM_OSPF = 89 +PROTO_NUM_PGM = 113 +PROTO_NUM_RSVP = 46 +PROTO_NUM_SCTP = 132 +PROTO_NUM_TCP = 6 +PROTO_NUM_UDP = 17 +PROTO_NUM_UDPLITE = 136 +PROTO_NUM_VRRP = 112 + +IP_PROTOCOL_MAP = {PROTO_NAME_AH: PROTO_NUM_AH, + PROTO_NAME_DCCP: PROTO_NUM_DCCP, + PROTO_NAME_EGP: PROTO_NUM_EGP, + PROTO_NAME_ESP: PROTO_NUM_ESP, + PROTO_NAME_GRE: PROTO_NUM_GRE, + PROTO_NAME_ICMP: PROTO_NUM_ICMP, + PROTO_NAME_IGMP: PROTO_NUM_IGMP, + PROTO_NAME_IPV6_ENCAP: PROTO_NUM_IPV6_ENCAP, + PROTO_NAME_IPV6_FRAG: PROTO_NUM_IPV6_FRAG, + PROTO_NAME_IPV6_ICMP: PROTO_NUM_IPV6_ICMP, + # For backward-compatibility of security group rule API + PROTO_NAME_IPV6_ICMP_LEGACY: PROTO_NUM_IPV6_ICMP, + PROTO_NAME_IPV6_NONXT: PROTO_NUM_IPV6_NONXT, + PROTO_NAME_IPV6_OPTS: PROTO_NUM_IPV6_OPTS, + PROTO_NAME_IPV6_ROUTE: PROTO_NUM_IPV6_ROUTE, + PROTO_NAME_OSPF: PROTO_NUM_OSPF, + PROTO_NAME_PGM: PROTO_NUM_PGM, + PROTO_NAME_RSVP: PROTO_NUM_RSVP, + PROTO_NAME_SCTP: PROTO_NUM_SCTP, + PROTO_NAME_TCP: PROTO_NUM_TCP, + PROTO_NAME_UDP: PROTO_NUM_UDP, + PROTO_NAME_UDPLITE: PROTO_NUM_UDPLITE, + PROTO_NAME_VRRP: PROTO_NUM_VRRP} diff --git a/vmware_nsxlib/v3/exceptions.py b/vmware_nsxlib/v3/exceptions.py index 10b97eee..b4013eda 100644 --- a/vmware_nsxlib/v3/exceptions.py +++ b/vmware_nsxlib/v3/exceptions.py @@ -63,6 +63,10 @@ class CertificateError(NsxLibException): message = _("Certificate error: %(msg)s") +class NsxLibInvalidInput(NsxLibException): + message = _("Invalid input for operation: %(error_message)s.") + + class ManagerError(NsxLibException): message = _("Unexpected error from backend manager (%(manager)s) " "for %(operation)s %(details)s") diff --git a/vmware_nsxlib/v3/native_dhcp.py b/vmware_nsxlib/v3/native_dhcp.py index 1d4bb835..c25932cc 100644 --- a/vmware_nsxlib/v3/native_dhcp.py +++ b/vmware_nsxlib/v3/native_dhcp.py @@ -14,9 +14,8 @@ # under the License. import netaddr -from neutron_lib.api import validators -from neutron_lib import constants +from vmware_nsxlib.v3 import constants from vmware_nsxlib.v3 import utils @@ -49,14 +48,14 @@ class NsxLibNativeDhcp(utils.NsxLibApiBase): server_ip = "%s/%u" % (port['fixed_ips'][0]['ip_address'], netaddr.IPNetwork(subnet['cidr']).prefixlen) dns_nameservers = subnet['dns_nameservers'] - if not dns_nameservers or not validators.is_attr_set(dns_nameservers): + if not dns_nameservers or not utils.is_attr_set(dns_nameservers): # use the default one , or the globally configured one if default_dns_nameservers is not None: dns_nameservers = default_dns_nameservers else: dns_nameservers = self.nsxlib_config.dns_nameservers gateway_ip = subnet['gateway_ip'] - if not validators.is_attr_set(gateway_ip): + if not utils.is_attr_set(gateway_ip): gateway_ip = None static_routes, gateway_ip = self.build_static_routes( gateway_ip, subnet['cidr'], subnet['host_routes']) diff --git a/vmware_nsxlib/v3/router.py b/vmware_nsxlib/v3/router.py index 926466ef..852e4d7f 100644 --- a/vmware_nsxlib/v3/router.py +++ b/vmware_nsxlib/v3/router.py @@ -18,7 +18,6 @@ NSX-V3 Plugin router module """ import copy -from neutron_lib import exceptions as n_exc from oslo_log import log from vmware_nsxlib._i18n import _ @@ -72,7 +71,7 @@ class RouterLib(object): 'exp_num': MIN_EDGE_NODE_NUM, 'cluster_id': edge_cluster_uuid} if err_msg: - raise n_exc.InvalidInput(error_message=err_msg) + raise exceptions.NsxLibInvalidInput(error_message=err_msg) else: tier0_groups_dict[tier0_uuid] = { 'edge_cluster_uuid': edge_cluster_uuid, diff --git a/vmware_nsxlib/v3/security.py b/vmware_nsxlib/v3/security.py index 127668cf..9cb5625b 100644 --- a/vmware_nsxlib/v3/security.py +++ b/vmware_nsxlib/v3/security.py @@ -18,10 +18,10 @@ NSX-V3 Plugin security & Distributed Firewall integration module """ -from neutron_lib import constants from oslo_log import log from oslo_utils import excutils +from vmware_nsxlib.v3 import constants from vmware_nsxlib.v3 import exceptions from vmware_nsxlib.v3 import nsx_constants as consts from vmware_nsxlib.v3 import utils diff --git a/vmware_nsxlib/v3/utils.py b/vmware_nsxlib/v3/utils.py index 939d8ed3..cd98390a 100644 --- a/vmware_nsxlib/v3/utils.py +++ b/vmware_nsxlib/v3/utils.py @@ -18,7 +18,6 @@ import inspect import re import time -from neutron_lib import exceptions from oslo_log import log import tenacity from tenacity import _utils as tenacity_utils @@ -33,6 +32,18 @@ MAX_TAG_LEN = 40 DEFAULT_MAX_ATTEMPTS = 10 DEFAULT_CACHE_AGE_SEC = 600 INJECT_HEADERS_CALLBACK = None +IS_ATTR_SET_CALLBACK = None + + +def set_is_attr_callback(callback): + global IS_ATTR_SET_CALLBACK + IS_ATTR_SET_CALLBACK = callback + + +def is_attr_set(attr): + if IS_ATTR_SET_CALLBACK: + return IS_ATTR_SET_CALLBACK(attr) + return attr is not None def set_inject_headers_callback(callback): @@ -43,7 +54,7 @@ def set_inject_headers_callback(callback): def _validate_resource_type_length(resource_type): # Add in a validation to ensure that we catch this at build time if len(resource_type) > MAX_RESOURCE_TYPE_LEN: - raise exceptions.InvalidInput( + raise nsxlib_exceptions.NsxLibInvalidInput( error_message=(_('Resource type cannot exceed %(max_len)s ' 'characters: %(resource_type)s') % {'max_len': MAX_RESOURCE_TYPE_LEN,