Code refactor Iptables firewall driver

Registered by Miguel Angel Ajo on 2014-12-09

The idea is:
- Split long functions into smaller ones, easier to understand.
- Normalized ipset/normal security group rules generation.

This is the start point, I want to split into 4 patches: https://review.openstack.org/#/c/137823/

The point of this refactor is making the current code easier to understand and maintain,
without modifying behavior.

Blueprint information

Status:
Complete
Approver:
Kyle Mestery
Priority:
High
Drafter:
Miguel Angel Ajo
Direction:
Approved
Assignee:
Miguel Angel Ajo
Definition:
Approved
Series goal:
Accepted for kilo
Implementation:
Implemented
Milestone target:
milestone icon 2015.1.0
Started by
Miguel Angel Ajo
Completed by
Kyle Mestery

Related branches

Sprints

Whiteboard

February-5 (mestery): Moving to Kilo-3 for the last patch.

December-18 (mestery): Kilo-2, assuming this comes from the below neutron spec.

https://review.openstack.org/#/c/138107/

January-13 (mangelajo): This spec deserves it's own bp, my intention here was to cleanup a bit the logic in the current IptablesFirewallDriver for clarity, and consistency. While the spec targets a new
IptablesFirewallDriver (alternative to the current one) based on the new objectized IptablesManager
jlibosva has been working on.

February-2 (mangelajo) I need to split a last part out off the original all-in-one patch, and it's done. Working on it at the moment.

Gerrit topic: https://review.openstack.org/#q,topic:bp/refactor-iptables-firewall-driver,n,z

Addressed by: https://review.openstack.org/148066 (Merged)
    Corrected singulars/plurals in iptables_firewall.py functions

Addressed by: https://review.openstack.org/148093 (Merged)
    Added comments, and refactored _add_rule_by_security_group

Addressed by: https://review.openstack.org/148094 (Merged)
    Update _cur names to _current in iptables_firewall.py

Addressed by: https://review.openstack.org/148233 (Merged)
    Refactor iptables rule expansion for the non ipset case

Addressed by: https://review.openstack.org/150833 (Merged)
    Refactor _convert_sgr_to_iptables_rules in iptables_firewall

Addressed by: https://review.openstack.org/#/c/137823/ (Abandoned)
    Cleanup/refactor neutron/agent/linux/iptables_firewall.py

Addressed by: https://review.openstack.org/152512
    Refactor _remove_unused_security_group_info

Addressed by: https://review.openstack.org/153532 (Merged)
    Extend test coverage for iptables_firewall.py

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.