Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vpnaas: Create IPSec Policy #768

Merged
merged 14 commits into from
Feb 22, 2018

Conversation

@coveralls
Copy link

coveralls commented Feb 16, 2018

Coverage Status

Coverage increased (+0.003%) to 73.444% when pulling b895234 on simonre:vpnaas-ipsecpolicy-create into d693a2e on gophercloud:master.

@theopenlab-ci
Copy link

theopenlab-ci bot commented Feb 16, 2018

Build succeeded.

@simonre simonre changed the title [WIP] Vpnaas: Create IPSec Policy Vpnaas: Create IPSec Policy Feb 16, 2018
@theopenlab-ci
Copy link

theopenlab-ci bot commented Feb 16, 2018

Build succeeded.

@simonre
Copy link
Contributor Author

simonre commented Feb 16, 2018

@jtopjian this is ready for review

Copy link
Contributor

@jtopjian jtopjian left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@simonre This is looking good, too. :)

I've left some comments inline about some changes to fields. Let me know if you have questions.

Another thing I noticed is that VPNaaS is defining a number of enum db columns here:

https://github.com/openstack/neutron-vpnaas/blob/master/neutron_vpnaas/db/vpn/vpn_models.py#L38-L62

Because there are only a finite number of choices for these columns, we can make some dedicated types to pass into CreateOpts. For example:

type AuthAlgorithm string
const (
  AuthSHA1 AuthAlgorithem = "sha1"
  ...
)

And then for CreateOpts, you would change the field to:

AuthAlgorithm AuthAlgorithm `json:"auth_algorithm,omitempty"`

We should be able to have dedicated types for TransformProtocol, AuthAlgorithm, EncryptionAlgorithm, EncapsulationMode, LifetimeUnits, and PFS.

However, the values in the result struct should be kept as a string. These types are only for CreateOpts.

See the security group rules requests.go file as an example.

Let me know if you have any questions or need any help.

TransformProtocol string `json:"transform_protocol"`

// Lifetime is the lifetime of the security association
Lifetime *Lifetime `json:"lifetime"`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be:

Lifetime Lifetime `json:"lifetime"`

type Lifetime struct {
// LifetimeUnits is the unit for the lifetime
// Default is seconds
LifetimeUnits string `json:"units"`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's rename this to Units.


// LifetimeValue is the lifetime
// Default is 3600
LifetimeValue int `json:"value"`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's rename this to Value.

th.AssertEquals(t, "group5", actual.PFS)
th.AssertEquals(t, "", actual.Description)
th.AssertEquals(t, "seconds", actual.Lifetime.LifetimeUnits)
th.AssertEquals(t, 7200, actual.Lifetime.LifetimeValue)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar to our other discussion, we'll want to compare full structs. I've tested this out locally and it works, so let me know if you run into problems.

type LifetimeCreateOpts struct {
// LifetimeUnits is the units for the lifetime of the security association
// Default unit is seconds
LifetimeUnits string `json:"units,omitempty"`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's change this to Units.

// The lifetime value.
// Must be a positive integer.
// Default value is 3600.
LifetimeValue int `json:"value,omitempty"`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's change this to Value.

@theopenlab-ci
Copy link

theopenlab-ci bot commented Feb 17, 2018

Build succeeded.

Copy link
Contributor

@jtopjian jtopjian left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@simonre This looks really good. I spotted a typo + this looks like it'll need to be rebased with master. After that, this is good to go.

TransformProtocolAHESP TransformProtocol = "ah-esp"
AuthAlgorithmSHA1 AuthAlgorithm = "sha1"
AuthAlgorithmSHA256 AuthAlgorithm = "sha256"
AuthAlgorithmHA384 AuthAlgorithm = "sha384"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AuthAlgorithmSHA384

@theopenlab-ci
Copy link

theopenlab-ci bot commented Feb 19, 2018

Build succeeded.

@simonre
Copy link
Contributor Author

simonre commented Feb 19, 2018

@jtopjian While writing the List function I noticed that this was missing an 'id' field in the resulting struct so I added it as well.

@theopenlab-ci
Copy link

theopenlab-ci bot commented Feb 19, 2018

Build succeeded.

@jtopjian
Copy link
Contributor

@simonre Nice catch - thanks.

It looks like this might need another rebase. The Vpnaas: Create VPN service (#760) commit should be omitted because if I squash these commits, including that one commit might make the git history look as though this commit added the Services resource.

@simonre
Copy link
Contributor Author

simonre commented Feb 20, 2018

@jtopjian Is this better?

@theopenlab-ci
Copy link

theopenlab-ci bot commented Feb 20, 2018

Build succeeded.

@jtopjian
Copy link
Contributor

@simonre This looks good, but unfortunately the merge of the VPN service delete PR caused a conflict with the acceptance/openstack/networking/v2/extensions/vpnaas/vpnaas.go file. Another rebase will resolve this.

Note that when you do the rebase, git will now complain that there's a merge issue. This is expected. You'll want to edit the vpnaas.go file and resolve the conflict, then continue with the rebase (git rebase --continue).

Let me know if you need help.

Once the conflict is resolved, this is good to go :)

@theopenlab-ci
Copy link

theopenlab-ci bot commented Feb 21, 2018

Build succeeded.

@jtopjian
Copy link
Contributor

@simonre This looks good to me. Very nice work on this - especially with the types.

Just a heads up that the TestPolicyCRUD acceptance test should probably be renamed to TestIPSecPolicyCRUD or else it'll clash with the upcoming TestPolicyCRUD in the IKE PRs.

@jtopjian jtopjian merged commit 6c823a6 into gophercloud:master Feb 22, 2018
cardoe pushed a commit to cardoe/gophercloud that referenced this pull request Aug 27, 2020
* Enable import instance
Since openstack does not keep track of NIC ordering, the user
must specify network in the order of the imported state.

* Add a test case and documentation.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants