Vpnaas: Create IPSec Policy #768
Conversation
|
Build succeeded.
|
simonre
changed the title
|
Build succeeded.
|
|
@jtopjian this is ready for review |
There was a problem hiding this comment.
@simonre This is looking good, too. :)
I've left some comments inline about some changes to fields. Let me know if you have questions.
Another thing I noticed is that VPNaaS is defining a number of enum db columns here:
https://github.com/openstack/neutron-vpnaas/blob/master/neutron_vpnaas/db/vpn/vpn_models.py#L38-L62
Because there are only a finite number of choices for these columns, we can make some dedicated types to pass into CreateOpts. For example:
type AuthAlgorithm string
const (
AuthSHA1 AuthAlgorithem = "sha1"
...
)And then for CreateOpts, you would change the field to:
AuthAlgorithm AuthAlgorithm `json:"auth_algorithm,omitempty"`We should be able to have dedicated types for TransformProtocol, AuthAlgorithm, EncryptionAlgorithm, EncapsulationMode, LifetimeUnits, and PFS.
However, the values in the result struct should be kept as a string. These types are only for CreateOpts.
See the security group rules requests.go file as an example.
Let me know if you have any questions or need any help.
| TransformProtocol string `json:"transform_protocol"` | ||
|
|
||
| // Lifetime is the lifetime of the security association | ||
| Lifetime *Lifetime `json:"lifetime"` |
There was a problem hiding this comment.
This should be:
Lifetime Lifetime `json:"lifetime"`| type Lifetime struct { | ||
| // LifetimeUnits is the unit for the lifetime | ||
| // Default is seconds | ||
| LifetimeUnits string `json:"units"` |
There was a problem hiding this comment.
Let's rename this to Units.
|
|
||
| // LifetimeValue is the lifetime | ||
| // Default is 3600 | ||
| LifetimeValue int `json:"value"` |
There was a problem hiding this comment.
Let's rename this to Value.
| th.AssertEquals(t, "group5", actual.PFS) | ||
| th.AssertEquals(t, "", actual.Description) | ||
| th.AssertEquals(t, "seconds", actual.Lifetime.LifetimeUnits) | ||
| th.AssertEquals(t, 7200, actual.Lifetime.LifetimeValue) |
There was a problem hiding this comment.
Similar to our other discussion, we'll want to compare full structs. I've tested this out locally and it works, so let me know if you run into problems.
| type LifetimeCreateOpts struct { | ||
| // LifetimeUnits is the units for the lifetime of the security association | ||
| // Default unit is seconds | ||
| LifetimeUnits string `json:"units,omitempty"` |
There was a problem hiding this comment.
Let's change this to Units.
| // The lifetime value. | ||
| // Must be a positive integer. | ||
| // Default value is 3600. | ||
| LifetimeValue int `json:"value,omitempty"` |
There was a problem hiding this comment.
Let's change this to Value.
|
Build succeeded.
|
| TransformProtocolAHESP TransformProtocol = "ah-esp" | ||
| AuthAlgorithmSHA1 AuthAlgorithm = "sha1" | ||
| AuthAlgorithmSHA256 AuthAlgorithm = "sha256" | ||
| AuthAlgorithmHA384 AuthAlgorithm = "sha384" |
|
Build succeeded.
|
|
@jtopjian While writing the List function I noticed that this was missing an 'id' field in the resulting struct so I added it as well. |
|
Build succeeded.
|
|
@simonre Nice catch - thanks. It looks like this might need another rebase. The |
simonre
force-pushed
the
vpnaas-ipsecpolicy-create
branch
from
6cedfe2
to
40efda3
Compare
|
@jtopjian Is this better? |
|
Build succeeded.
|
|
@simonre This looks good, but unfortunately the merge of the VPN service delete PR caused a conflict with the Note that when you do the rebase, git will now complain that there's a merge issue. This is expected. You'll want to edit the Let me know if you need help. Once the conflict is resolved, this is good to go :) |
…est to compare struct instead of fields
…TransformProtocol
simonre
force-pushed
the
vpnaas-ipsecpolicy-create
branch
from
c08e292
to
b895234
Compare
|
Build succeeded.
|
|
@simonre This looks good to me. Very nice work on this - especially with the types. Just a heads up that the |
* Enable import instance Since openstack does not keep track of NIC ordering, the user must specify network in the order of the imported state. * Add a test case and documentation.
For #723
Links to the line numbers/files in the OpenStack source code that support the
code in this PR:
https://github.com/openstack/neutron-vpnaas/blob/058469e1b99b647537a5228c6a384d93df5484df/neutron_vpnaas/db/vpn/vpn_db.py#L396
https://github.com/openstack/neutron-vpnaas/blob/058469e1b99b647537a5228c6a384d93df5484df/neutron_vpnaas/db/vpn/vpn_db.py#L377
API:
https://developer.openstack.org/api-ref/network/v2/#create-ipsec-policy