-
Notifications
You must be signed in to change notification settings - Fork 510
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vpnaas: Create IPSec Policy #768
Vpnaas: Create IPSec Policy #768
Conversation
Build succeeded.
|
Build succeeded.
|
@jtopjian this is ready for review |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@simonre This is looking good, too. :)
I've left some comments inline about some changes to fields. Let me know if you have questions.
Another thing I noticed is that VPNaaS is defining a number of enum db columns here:
https://github.com/openstack/neutron-vpnaas/blob/master/neutron_vpnaas/db/vpn/vpn_models.py#L38-L62
Because there are only a finite number of choices for these columns, we can make some dedicated types to pass into CreateOpts
. For example:
type AuthAlgorithm string
const (
AuthSHA1 AuthAlgorithem = "sha1"
...
)
And then for CreateOpts
, you would change the field to:
AuthAlgorithm AuthAlgorithm `json:"auth_algorithm,omitempty"`
We should be able to have dedicated types for TransformProtocol
, AuthAlgorithm
, EncryptionAlgorithm
, EncapsulationMode
, LifetimeUnits
, and PFS
.
However, the values in the result struct should be kept as a string
. These types are only for CreateOpts
.
See the security group rules requests.go file as an example.
Let me know if you have any questions or need any help.
TransformProtocol string `json:"transform_protocol"` | ||
|
||
// Lifetime is the lifetime of the security association | ||
Lifetime *Lifetime `json:"lifetime"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be:
Lifetime Lifetime `json:"lifetime"`
type Lifetime struct { | ||
// LifetimeUnits is the unit for the lifetime | ||
// Default is seconds | ||
LifetimeUnits string `json:"units"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's rename this to Units
.
|
||
// LifetimeValue is the lifetime | ||
// Default is 3600 | ||
LifetimeValue int `json:"value"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's rename this to Value
.
th.AssertEquals(t, "group5", actual.PFS) | ||
th.AssertEquals(t, "", actual.Description) | ||
th.AssertEquals(t, "seconds", actual.Lifetime.LifetimeUnits) | ||
th.AssertEquals(t, 7200, actual.Lifetime.LifetimeValue) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Similar to our other discussion, we'll want to compare full structs. I've tested this out locally and it works, so let me know if you run into problems.
type LifetimeCreateOpts struct { | ||
// LifetimeUnits is the units for the lifetime of the security association | ||
// Default unit is seconds | ||
LifetimeUnits string `json:"units,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's change this to Units
.
// The lifetime value. | ||
// Must be a positive integer. | ||
// Default value is 3600. | ||
LifetimeValue int `json:"value,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's change this to Value
.
Build succeeded.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@simonre This looks really good. I spotted a typo + this looks like it'll need to be rebased with master. After that, this is good to go.
TransformProtocolAHESP TransformProtocol = "ah-esp" | ||
AuthAlgorithmSHA1 AuthAlgorithm = "sha1" | ||
AuthAlgorithmSHA256 AuthAlgorithm = "sha256" | ||
AuthAlgorithmHA384 AuthAlgorithm = "sha384" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AuthAlgorithmSHA384
Build succeeded.
|
@jtopjian While writing the List function I noticed that this was missing an 'id' field in the resulting struct so I added it as well. |
Build succeeded.
|
@simonre Nice catch - thanks. It looks like this might need another rebase. The |
6cedfe2
to
40efda3
Compare
@jtopjian Is this better? |
Build succeeded.
|
@simonre This looks good, but unfortunately the merge of the VPN service delete PR caused a conflict with the Note that when you do the rebase, git will now complain that there's a merge issue. This is expected. You'll want to edit the Let me know if you need help. Once the conflict is resolved, this is good to go :) |
…est to compare struct instead of fields
…TransformProtocol
c08e292
to
b895234
Compare
Build succeeded.
|
@simonre This looks good to me. Very nice work on this - especially with the types. Just a heads up that the |
* Enable import instance Since openstack does not keep track of NIC ordering, the user must specify network in the order of the imported state. * Add a test case and documentation.
For #723
Links to the line numbers/files in the OpenStack source code that support the
code in this PR:
https://github.com/openstack/neutron-vpnaas/blob/058469e1b99b647537a5228c6a384d93df5484df/neutron_vpnaas/db/vpn/vpn_db.py#L396
https://github.com/openstack/neutron-vpnaas/blob/058469e1b99b647537a5228c6a384d93df5484df/neutron_vpnaas/db/vpn/vpn_db.py#L377
API:
https://developer.openstack.org/api-ref/network/v2/#create-ipsec-policy