We contentedly announce the release of: neutron-fwaas 13.0.0: OpenStack Networking FWaaS This release is part of the rocky release series. Download the package from: https://tarballs.openstack.org/neutron-fwaas/ For more details, please see below. 13.0.0 ^^^^^^ Prelude ******* Resource type **firewall group** has been supported for neutron packet logging framework. You can specify firewall group as "--resource- type" for logging API. New Features ************ * Enable to collect network packet log for ACCEPT/DROP action from firewall groups. Currently, packet logging supports only L3(router) ports. Known Issues ************ * [bug 1720727] Currently, we cannot specify the following combination on CLI due to missing validation of --resource-type: * --resource-type firewall_group --resource <ID of firewall group> * --resource-type firewall_group --resource <ID of firewall group> --target <ID of port> Therefore, you can only run with following combinations: * --resource-type firewall_group --target <ID of port> * --resource-type firewall_group Changes in neutron-fwaas 12.0.0..13.0.0 --------------------------------------- 7567c42 Remove remaining NFLOG rules on deleting log resource 1b7aaba Update .gitreview for stable/rocky 5b3ac1e Add releasenote for FWaaS v2 logging 507392b [log] FWaaS L3 Logging driver based iptables 15cabc7 Add python binding for libnetfilter_log ea430ee Adding resources callback handler for FWaaS v2 logging fb1dab7 [log]: Add rpc stuff for logging dd9aec1 Add log validator for FWaaS v2 logging d61bd29 Adding 'logapi' in apidoc_excluded_paths for sphinx-docs job 2cbb6c6 Add neutron as required-projects d865155 Add notification callback events for FWaaS v2 d38f76e Introduce accepted/dropped/rejected chains for future processing 3b1590f FWaaS v2: L3 logging agent extension 81d41e2 Follow-up to fix some namespace tests f6e0a06 [FWaaS_v2]: RPC listener should be served by rpc worker d625886 update requirements for neutron-lib 1.18.0 a661959 use autonested_transaction from neutron-lib 21b0063 Add release note in README 048750b Remove setting of DEVSTACK_GATE_EXERCISES a3be36c python3: fix netlink_lib delete_entries ca1c3b7 Exclude requirements from doc8 06517c1 [FWaaS v1] RPC listener should be served by rpc worker 06c235a Imported Translations from Zanata 1f3bfe2 [Gate] Avoid sphinx_build error and fix functional test b3a0f3b Check pep8 without ignoring D000 1f97119 Add fullstack testing for neutron-fwaas 636d909 add missing __init__.py file for alembic a42b27f Imported Translations from Zanata 9b353af Implements a plugable backend driver 87442ec Fix python3 dict values breakage f11b1a8 Remove firewall (v1) shared attribute from tests cd33d79 uncap eventlet 3bbeb64 use rpc Connection rather than create_connection 87eb1b1 Fix pep8 new warnings e4b6f60 Follow the new PTI for document build d8ed590 Fix incompatible requirement in lower-constraints dafefbe Remove unused plugin.get_plugin_name() d9c52bc Fix sanity check for default firewall group name e6b60df Updated from global requirements e1231cd tests: don't rely on configuration files outside tests directory 449568c add lower-constraints job d4de944 Updated from global requirements 4b315e1 Avoid tox-install.sh 5706252 DVR-FWaaS: Fix DVR FWaaS rules for fipnamespace 089d413 Updated from global requirements 4aa3cec Filter out conntrack entries with unknown protocol 29fd5ff Revert "Skip unknown protocols while deleting conntrack" 9b89d48 Skip unknown protocols while deleting conntrack 07a6a05 Imported Translations from Zanata acc08e0 Make firewall l2 agent extension more generic 580c959 use is_extension_supported from neutron-lib 3976042 Update reno for stable/queens b120784 Enable hacking-extensions H204, H205 55ffabd Fix devstack configuration for fwaas v2 5df09f1 Shrink Tempest scenario manager copy 83f85e1 Fix V2 update_firewall_group logging Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + .zuul.yaml | 48 + README.rst | 3 + devstack/README.rst | 8 +- devstack/plugin.sh | 18 +- devstack/settings | 3 +- lower-constraints.txt | 149 +++ neutron_fwaas/common/fwaas_constants.py | 6 + neutron_fwaas/db/firewall/v2/firewall_db_v2.py | 301 ++--- .../db/migration/alembic_migrations/__init__.py | 0 .../versions/4202e3047e47_add_index_tenant_id.py | 3 +- .../540142f314f4_fwaas_router_insertion.py | 8 +- .../versions/796c68dffbb_cisco_csr_fwaas.py | 7 +- ...5cc0_shared_attribute_for_firewall_resources.py | 6 +- ...2258a43_create_default_firewall_groups_table.py | 10 +- ...e5bff_uniq_firewallgroupportassociation0port.py | 8 +- neutron_fwaas/extensions/firewall.py | 3 - neutron_fwaas/extensions/firewall_v2.py | 28 +- .../locale/en_GB/LC_MESSAGES/neutron_fwaas.po | 36 +- neutron_fwaas/opts.py | 12 +- neutron_fwaas/privileged/netfilter_log/__init__.py | 0 .../privileged/netfilter_log/libnetfilter_log.py | 329 +++++ neutron_fwaas/privileged/netlink_lib.py | 7 +- neutron_fwaas/privileged/utils.py | 26 +- neutron_fwaas/services/firewall/agents/__init__.py | 0 .../services/firewall/agents/firewall_agent_api.py | 91 -- .../services/firewall/agents/firewall_service.py | 44 - .../services/firewall/agents/l2/__init__.py | 0 .../services/firewall/agents/l2/fwaas_v2.py | 493 ------- .../firewall/agents/l3reference/__init__.py | 0 .../agents/l3reference/firewall_l3_agent.py | 426 ------- .../agents/l3reference/firewall_l3_agent_v2.py | 543 -------- .../services/firewall/drivers/__init__.py | 0 .../services/firewall/drivers/conntrack_base.py | 55 - .../services/firewall/drivers/fwaas_base.py | 120 -- .../services/firewall/drivers/fwaas_base_v2.py | 97 -- .../services/firewall/drivers/linux/__init__.py | 0 .../firewall/drivers/linux/iptables_fwaas.py | 430 ------- .../firewall/drivers/linux/iptables_fwaas_v2.py | 462 ------- .../services/firewall/drivers/linux/l2/__init__.py | 0 .../firewall/drivers/linux/l2/driver_base.py | 63 - .../firewall/drivers/linux/l2/noop/__init__.py | 0 .../firewall/drivers/linux/l2/noop/noop_driver.py | 40 - .../linux/l2/openvswitch_firewall/__init__.py | 19 - .../linux/l2/openvswitch_firewall/constants.py | 64 - .../linux/l2/openvswitch_firewall/exceptions.py | 26 - .../linux/l2/openvswitch_firewall/firewall.py | 1034 --------------- .../drivers/linux/l2/openvswitch_firewall/rules.py | 206 --- .../firewall/drivers/linux/legacy_conntrack.py | 215 ---- .../firewall/drivers/linux/netlink_conntrack.py | 143 --- neutron_fwaas/services/firewall/fwaas_plugin.py | 11 +- neutron_fwaas/services/firewall/fwaas_plugin_v2.py | 679 +++++----- .../services/firewall/service_drivers/__init__.py | 0 .../firewall/service_drivers/agents/__init__.py | 0 .../firewall/service_drivers/agents/agents.py | 354 +++++ .../service_drivers/agents/drivers/__init__.py | 0 .../agents/drivers/conntrack_base.py | 55 + .../service_drivers/agents/drivers/fwaas_base.py | 120 ++ .../agents/drivers/fwaas_base_v2.py | 97 ++ .../agents/drivers/linux/__init__.py | 0 .../agents/drivers/linux/iptables_fwaas.py | 431 +++++++ .../agents/drivers/linux/iptables_fwaas_v2.py | 532 ++++++++ .../agents/drivers/linux/l2/__init__.py | 0 .../agents/drivers/linux/l2/driver_base.py | 63 + .../agents/drivers/linux/l2/noop/__init__.py | 0 .../agents/drivers/linux/l2/noop/noop_driver.py | 41 + .../linux/l2/openvswitch_firewall/__init__.py | 19 + .../linux/l2/openvswitch_firewall/constants.py | 64 + .../linux/l2/openvswitch_firewall/exceptions.py | 26 + .../linux/l2/openvswitch_firewall/firewall.py | 1032 +++++++++++++++ .../drivers/linux/l2/openvswitch_firewall/rules.py | 207 +++ .../agents/drivers/linux/legacy_conntrack.py | 221 ++++ .../agents/drivers/linux/netlink_conntrack.py | 144 +++ .../service_drivers/agents/firewall_agent_api.py | 94 ++ .../service_drivers/agents/firewall_service.py | 44 + .../firewall/service_drivers/agents/l2/__init__.py | 0 .../firewall/service_drivers/agents/l2/fwaas_v2.py | 493 +++++++ .../service_drivers/agents/l3reference/__init__.py | 0 .../agents/l3reference/firewall_l3_agent.py | 428 +++++++ .../agents/l3reference/firewall_l3_agent_v2.py | 545 ++++++++ .../firewall/service_drivers/driver_api.py | 526 ++++++++ neutron_fwaas/services/logapi/__init__.py | 0 neutron_fwaas/services/logapi/agents/__init__.py | 0 .../services/logapi/agents/drivers/__init__.py | 0 .../logapi/agents/drivers/iptables/__init__.py | 0 .../logapi/agents/drivers/iptables/driver.py | 67 + .../services/logapi/agents/drivers/iptables/log.py | 518 ++++++++ .../services/logapi/agents/l3/__init__.py | 0 neutron_fwaas/services/logapi/agents/l3/fwg_log.py | 36 + neutron_fwaas/services/logapi/common/__init__.py | 0 .../services/logapi/common/fwg_callback.py | 61 + neutron_fwaas/services/logapi/common/log_db_api.py | 217 ++++ neutron_fwaas/services/logapi/constants.py | 21 + neutron_fwaas/services/logapi/exceptions.py | 34 + neutron_fwaas/services/logapi/fwg_validate.py | 125 ++ neutron_fwaas/services/logapi/rpc/__init__.py | 0 neutron_fwaas/services/logapi/rpc/log_server.py | 30 + .../unit/db/firewall/v2/test_firewall_db_v2.py | 631 ++------- .../unit/privileged/netfilter_log/__init__.py | 0 .../netfilter_log/test_libnetfilter_log.py | 137 ++ .../unit/services/firewall/agents/__init__.py | 0 .../unit/services/firewall/agents/l2/__init__.py | 0 .../unit/services/firewall/agents/l2/fake_data.py | 153 --- .../services/firewall/agents/l2/test_fwaas_v2.py | 769 ----------- .../firewall/agents/l3reference/__init__.py | 0 .../agents/l3reference/test_firewall_l3_agent.py | 360 ------ .../l3reference/test_firewall_l3_agent_v2.py | 456 ------- .../firewall/agents/test_firewall_agent_api.py | 94 -- .../firewall/agents/test_firewall_service.py | 59 - .../unit/services/firewall/drivers/__init__.py | 0 .../services/firewall/drivers/linux/__init__.py | 0 .../services/firewall/drivers/linux/l2/__init__.py | 0 .../firewall/drivers/linux/l2/noop/__init__.py | 0 .../drivers/linux/l2/noop/test_noop_driver.py | 43 - .../linux/l2/openvswitch_firewall/__init__.py | 0 .../linux/l2/openvswitch_firewall/test_firewall.py | 690 ---------- .../linux/l2/openvswitch_firewall/test_rules.py | 338 ----- .../firewall/drivers/linux/test_iptables_fwaas.py | 411 ------ .../drivers/linux/test_iptables_fwaas_v2.py | 426 ------- .../drivers/linux/test_legacy_conntrack.py | 141 -- .../drivers/linux/test_netlink_conntrack.py | 239 ---- .../unit/services/firewall/plugins/__init__.py | 0 .../services/firewall/service_drivers/__init__.py | 0 .../firewall/service_drivers/agents/__init__.py | 0 .../service_drivers/agents/drivers/__init__.py | 0 .../agents/drivers/linux/__init__.py | 0 .../agents/drivers/linux/l2/__init__.py | 0 .../agents/drivers/linux/l2/noop/__init__.py | 0 .../drivers/linux/l2/noop/test_noop_driver.py | 44 + .../linux/l2/openvswitch_firewall/__init__.py | 0 .../linux/l2/openvswitch_firewall/test_firewall.py | 695 ++++++++++ .../linux/l2/openvswitch_firewall/test_rules.py | 338 +++++ .../agents/drivers/linux/test_iptables_fwaas.py | 412 ++++++ .../agents/drivers/linux/test_iptables_fwaas_v2.py | 437 +++++++ .../agents/drivers/linux/test_legacy_conntrack.py | 163 +++ .../agents/drivers/linux/test_netlink_conntrack.py | 240 ++++ .../firewall/service_drivers/agents/l2/__init__.py | 0 .../service_drivers/agents/l2/fake_data.py | 153 +++ .../service_drivers/agents/l2/test_fwaas_v2.py | 770 +++++++++++ .../service_drivers/agents/l3reference/__init__.py | 0 .../agents/l3reference/test_firewall_l3_agent.py | 361 ++++++ .../l3reference/test_firewall_l3_agent_v2.py | 457 +++++++ .../firewall/service_drivers/agents/test_agents.py | 654 ++++++++++ .../agents/test_firewall_agent_api.py | 97 ++ .../agents/test_firewall_service.py | 61 + .../unit/services/firewall/test_fwaas_plugin.py | 32 +- .../unit/services/firewall/test_fwaas_plugin_v2.py | 1348 +++++++++----------- .../services/logapi/agents/drivers/__init__.py | 0 .../logapi/agents/drivers/iptables/__init__.py | 0 .../logapi/agents/drivers/iptables/test_driver.py | 53 + .../logapi/agents/drivers/iptables/test_log.py | 341 +++++ .../unit/services/logapi/agents/l3/__init__.py | 0 .../unit/services/logapi/agents/l3/test_fwg_log.py | 51 + .../services/logapi/common/test_fwg_callback.py | 223 ++++ .../unit/services/logapi/common/test_log_db_api.py | 299 +++++ .../unit/services/logapi/rpc/test_log_server.py | 56 + .../unit/services/logapi/test_fwg_validate.py | 157 +++ playbooks/neutron-fwaas-fullstack/post.yaml | 80 ++ playbooks/neutron-fwaas-fullstack/run.yaml | 53 + .../notes/fwaas-v2-logging-79cbaa43ff17f47f.yaml | 22 + releasenotes/source/index.rst | 1 + .../locale/en_GB/LC_MESSAGES/releasenotes.po | 123 +- releasenotes/source/queens.rst | 6 + requirements.txt | 12 +- setup.cfg | 38 +- test-requirements.txt | 9 +- tools/configure_for_func_testing.sh | 281 ++++ tools/tox_install.sh | 70 - tox.ini | 60 +- 200 files changed, 17060 insertions(+), 12063 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index b1ed3cb..f4bd3c0 100644 --- a/requirements.txt +++ b/requirements.txt @@ -6 +6 @@ pbr!=2.1.0,>=2.0.0 # Apache-2.0 -eventlet!=0.18.3,!=0.20.1,<0.21.0,>=0.18.2 # MIT +eventlet!=0.18.3,!=0.20.1,>=0.18.2 # MIT @@ -11,2 +11,2 @@ six>=1.10.0 # MIT -neutron-lib>=1.13.0 # Apache-2.0 -oslo.config>=5.1.0 # Apache-2.0 +neutron-lib>=1.18.0 # Apache-2.0 +oslo.config>=5.2.0 # Apache-2.0 @@ -20,4 +20,2 @@ pyroute2>=0.4.21;sys_platform!='win32' # Apache-2.0 (+ dual licensed GPL2) -# This project does depend on neutron as a library, but the -# openstack tooling does not play nicely with projects that -# are not publicly available in pypi. -# -e git+https://git.openstack.org/openstack/neutron#egg=neutron +neutron>=13.0.0.0b1 # Apache-2.0 +pyzmq>=14.3.1 # LGPL+BSD diff --git a/test-requirements.txt b/test-requirements.txt index 9a655fd..ff121d7 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -7 +6,0 @@ coverage!=4.4,>=4.0 # Apache-2.0 -fixtures>=3.0.0 # Apache-2.0/BSD @@ -11,4 +10,2 @@ python-subunit>=1.0.0 # Apache-2.0/BSD -requests-mock>=1.1.0 # Apache-2.0 -sphinx!=1.6.6,>=1.6.2 # BSD -openstackdocstheme>=1.18.1 # Apache-2.0 -oslo.concurrency>=3.25.0 # Apache-2.0 +requests-mock>=1.2.0 # Apache-2.0 +oslo.concurrency>=3.26.0 # Apache-2.0 @@ -23 +19,0 @@ oslotest>=3.2.0 # Apache-2.0 -reno>=2.5.0 # Apache-2.0 @@ -26,0 +23 @@ doc8>=0.6.0 # Apache-2.0 +Pygments>=2.2.0 # BSD