Code refactor Iptables firewall driver
The idea is:
- Split long functions into smaller ones, easier to understand.
- Normalized ipset/normal security group rules generation.
This is the start point, I want to split into 4 patches: https:/
The point of this refactor is making the current code easier to understand and maintain,
without modifying behavior.
Blueprint information
- Status:
- Complete
- Approver:
- Kyle Mestery
- Priority:
- High
- Drafter:
- Miguel Angel Ajo
- Direction:
- Approved
- Assignee:
- Miguel Angel Ajo
- Definition:
- Approved
- Series goal:
- Accepted for kilo
- Implementation:
-
Implemented
- Milestone target:
-
2015.1.0
- Started by
- Miguel Angel Ajo
- Completed by
- Kyle Mestery
Related branches
Related bugs
Sprints
Whiteboard
February-5 (mestery): Moving to Kilo-3 for the last patch.
December-18 (mestery): Kilo-2, assuming this comes from the below neutron spec.
https:/
January-13 (mangelajo): This spec deserves it's own bp, my intention here was to cleanup a bit the logic in the current IptablesFirewal
IptablesFirewal
jlibosva has been working on.
February-2 (mangelajo) I need to split a last part out off the original all-in-one patch, and it's done. Working on it at the moment.
Gerrit topic: https:/
Addressed by: https:/
Corrected singulars/plurals in iptables_
Addressed by: https:/
Added comments, and refactored _add_rule_
Addressed by: https:/
Update _cur names to _current in iptables_
Addressed by: https:/
Refactor iptables rule expansion for the non ipset case
Addressed by: https:/
Refactor _convert_
Addressed by: https:/
Cleanup/
Addressed by: https:/
Refactor _remove_
Addressed by: https:/
Extend test coverage for iptables_