-
Notifications
You must be signed in to change notification settings - Fork 515
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature request: Add support for FWaaS v2.0 #514
Comments
I am working on implementing this right now (for Huawei Cloud providers like OTC) in a private fork. When this is finished and tested, I'll do a Pull request. |
@khdegraaf Thanks for your interest in this. Just a heads up that for large features such as this, you'll want to open one PR for each API request method. For example, one PR for Let me know if you have any questions. |
Got it. |
Hey Christian, you can see my work in progress at https://github.com/khdegraaf/gophercloud. It appears to work, and runs all of the acceptance tests I have turned on. I didn't turn on TestFirewallGroupCRUDPort and TestFirewallGroupCRUDRemovePort as I haven't been able to figure out how to use the REST apis to create an attachable port for the firewall group when using the OTC cloud. I have code that works against the current OpenStack release, but am having trouble with the older release Huawei/OTC uses. The attached port remains "DOWN" and therefore times out in the layer3.CreateRouterInterface utility function to create it. I can't connect the firewall group to a DOWN router port (409 error). Since I just notice you are editing https://github.com/OpenTelekomCloud, it sounds like we are both working for the same end goal or customer here. I am a consultant for Huawei tasked with getting a Huawei Cloud compatible Terraform provider working, with OTC being the first client who requested this. One minor note and caveat about my code, the older apis used "public" as an attribute on all of the firewall objects rather than the current "shared". My current code checked in is targeting the older api for now (I'll fix when I do individual PRs to merge this into the active source). You can reach me at khdegraaf at gmail.com or kevin.degraaf at huawei.com. In theory, this should work, but I am still trying to figure out how to come up with a working test case for the OTC/OpenStack production release. I also having a working Terraform Huawei Cloud provider that adds support for this (with the same limitation above) at https://github.com/khdegraaf/terraform-provider-huaweicloud on the "fw2" branch. If you can give me any advice on this, it would be appreciated... |
@khdegraaf I read both the above reply + your comments in the Terraform repo. While I don't think I can provide assistance with the OTC cloud, when you're ready to start submitting code to either here or Terraform, I'll be glad to review. Also just wanted to say thank you for your work on this. |
OK Thanks. I'm sure I'll sort this out eventually. I have confirmed that my code appears to work properly against OpenStack/Pike, although my test case still has problems, but I get all the way to successfully creating the firewall group, just not leaving "PENDING CREATE" status. So even just a working script for getting a firewall group active using any sort of automation (cli, rest api) would be helpful. |
I got complete acceptance test working against Pike in VM, so I figured out my port/router/firewall group problem (l3_agent was goofed up on my VM). I still have issues with OTC, and need to review and package up into the proper bite sized PRs. |
@khdegraaf Cheers, |
Thanks for the email. This is fixed and working in my private repository. Merging it into official build is currently lower priority, but actively being argued about (which you should know, since you are involved). |
Did this ever go anywhere or is it stalled indefinitely? |
@Crapworks @jtopjian @khdegraaf I'm very interested in getting this working fully and merged. My end goal is FWaaS v2.0 support in the terraform-openstack-provider. I've written a patch for terraform and for that provider previously so have some familiarity with those codebases We use terraform heavily with openstack here. I'd developing/testing against queens and then rocky. I've taken a quick look over the code and there's already a lot of good work done there. I've successfully created a firewall_group and am putting together some more test code to create rules etc, policies, add ports etc. If anyone could weigh in on what they think is missing from the work already done that I should concentrate on, I'd appreciate it. |
@Elethiomel The first step to get "proper" Terraform support is to add the various API calls to Gophercloud. I recommend adding the packages under The parts in the contributor tutorial that talk about adding an API "suite" will be relevant here. Please let me know if you need any help or have any questions :) |
@Elethiomel I'd say it's a transient error and ignorable. :) |
@jtopjian Excellent thanks :) how am I doing so far? Any thing needed to move from the WIP state here? |
@Crapworks @codemanufaktur @Elethiomel @jtopjian @khdegraaf Hi and thank you all for the great contributions. Is there more work to do WRT the implementation of the fwass_v2 API? |
@pierreprinetti I did a quick scan and it looks like standard CRUD functionality is implemented for Groups. Rules, and Policies. I think this issue is safe to close. If there are any missing API calls, a separate issue can be opened specifically for them. |
Hi There!
My OpenStack provider only supports FWaaS v2.0 and the v1.0 endpoint is disabled. Since v1.0 is also flagged as deprecated, Gophercloud should support the new FWaaS v2.0 endpoint:
https://developer.openstack.org/api-ref/network/v2/index.html#fwaas-v2-0-current-fwaas-firewall-groups-firewall-policies-firewall-rules
Cheers,
Christian
The text was updated successfully, but these errors were encountered: