From ece7d2fa493e901c2a826e42a86ca93bb0afaed4 Mon Sep 17 00:00:00 2001
From: Todd Willey <todd@ansolabs.com>
Date: Wed, 26 Jan 2011 22:56:34 -0800
Subject: Apply lp:707675 to this branch to be able to test.

---
 nova/tests/test_virt.py   |  7 ++++++-
 nova/virt/libvirt_conn.py | 29 +++++++++++++++++++----------
 2 files changed, 25 insertions(+), 11 deletions(-)

(limited to 'nova')

diff --git a/nova/tests/test_virt.py b/nova/tests/test_virt.py
index 0b9b847a0..1008f32ae 100644
--- a/nova/tests/test_virt.py
+++ b/nova/tests/test_virt.py
@@ -221,7 +221,12 @@ class IptablesFirewallTestCase(test.TestCase):
         self.project = self.manager.create_project('fake', 'fake', 'fake')
         self.context = context.RequestContext('fake', 'fake')
         self.network = utils.import_object(FLAGS.network_manager)
-        self.fw = libvirt_conn.IptablesFirewallDriver()
+
+        class FakeLibvirtConnection(object):
+            pass
+        self.fake_libvirt_connection = FakeLibvirtConnection()
+        self.fw = libvirt_conn.IptablesFirewallDriver(
+                      get_connection=lambda: self.fake_libvirt_connection)
 
     def tearDown(self):
         self.manager.delete_project(self.project)
diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py
index 5b5b329ed..cac6a4440 100644
--- a/nova/virt/libvirt_conn.py
+++ b/nova/virt/libvirt_conn.py
@@ -149,13 +149,8 @@ class LibvirtConnection(object):
         self._wrapped_conn = None
         self.read_only = read_only
 
-        self.nwfilter = NWFilterFirewall(self._get_connection)
-
-        if not FLAGS.firewall_driver:
-            self.firewall_driver = self.nwfilter
-            self.nwfilter.handle_security_groups = True
-        else:
-            self.firewall_driver = utils.import_object(FLAGS.firewall_driver)
+        fw_class = utils.import_class(FLAGS.firewall_driver)
+        self.firewall_driver = fw_class(get_connection=self._get_connection)
 
     def init_host(self, host):
         # Adopt existing VM's running here
@@ -409,7 +404,7 @@ class LibvirtConnection(object):
                               instance['id'],
                               power_state.NOSTATE,
                               'launching')
-        self.nwfilter.setup_basic_filtering(instance)
+        self.firewall_driver.setup_basic_filtering(instance)
         self.firewall_driver.prepare_instance_filter(instance)
         self._create_image(instance, xml)
         self._conn.createXML(xml, 0)
@@ -915,6 +910,15 @@ class FirewallDriver(object):
         the list of rules (via admin api)."""
         raise NotImplementedError()
 
+    def setup_basic_filtering(self, instance):
+        """Create rules to block spoofing and allow dhcp.
+
+        This gets called when spawning an instance, before
+        :method:`prepare_instance_filter`.
+
+        """
+        raise NotImplementedError()
+
 
 class NWFilterFirewall(FirewallDriver):
     """
@@ -962,7 +966,7 @@ class NWFilterFirewall(FirewallDriver):
 
     """
 
-    def __init__(self, get_connection):
+    def __init__(self, get_connection, **kwargs):
         self._libvirt_get_connection = get_connection
         self.static_filters_configured = False
         self.handle_security_groups = False
@@ -1254,9 +1258,14 @@ class NWFilterFirewall(FirewallDriver):
 
 
 class IptablesFirewallDriver(FirewallDriver):
-    def __init__(self, execute=None):
+    def __init__(self, execute=None, **kwargs):
         self.execute = execute or utils.execute
         self.instances = {}
+        self.nwfilter = NWFilterFirewall(kwargs['get_connection'])
+
+    def setup_basic_filtering(self, instance):
+        """Use NWFilter from libvirt for this."""
+        return self.nwfilter.setup_basic_filtering(instance)
 
     def apply_instance_filter(self, instance):
         """No-op. Everything is done in prepare_instance_filter"""
-- 
cgit