From 0faf9e181c955938455d03e1ed317459d72a7b58 Mon Sep 17 00:00:00 2001 From: Adit Sarfaty Date: Wed, 30 Jan 2019 10:50:24 +0200 Subject: [PATCH] NSX|P: Add neutron object ID to NSX tags Change-Id: I75b2b1412cf32445f9b2ab0ba65e04b44e6a4dc9 --- vmware_nsx/plugins/nsx_p/plugin.py | 39 ++++++++++++------- vmware_nsx/services/qos/nsx_v3/pol_utils.py | 9 ++++- .../services/qos/test_nsxp_notification.py | 31 ++++++--------- 3 files changed, 43 insertions(+), 36 deletions(-) diff --git a/vmware_nsx/plugins/nsx_p/plugin.py b/vmware_nsx/plugins/nsx_p/plugin.py index 1e7fb35b93..69ecd76210 100644 --- a/vmware_nsx/plugins/nsx_p/plugin.py +++ b/vmware_nsx/plugins/nsx_p/plugin.py @@ -326,8 +326,9 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base): # update the network name to indicate the neutron id too. net_name = utils.get_name_and_uuid(net_data['name'] or 'network', net_data['id']) - tags = self.nsxpolicy.build_v3_api_version_project_tag( - context.tenant_name) + tags = self.nsxpolicy.build_v3_tags_payload( + net_data, resource_type='os-neutron-net-id', + project_name=context.tenant_name) admin_state = net_data.get('admin_state_up', True) LOG.debug('create_network: %(net_name)s, %(physical_net)s, ' @@ -666,8 +667,15 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base): attachment_type = policy_constants.ATTACHMENT_INDEPENDENT tags = self._build_port_tags(port_data) - tags.extend(self.nsxpolicy.build_v3_api_version_project_tag( - context.tenant_name, project_id=port_data.get('tenant_id'))) + if device_owner == const.DEVICE_OWNER_DHCP: + tag_resource_type = 'os-neutron-dport-id' + elif device_owner == l3_db.DEVICE_OWNER_ROUTER_INTF: + tag_resource_type = 'os-neutron-rport-id' + else: + tag_resource_type = 'os-neutron-port-id' + tags.extend(self.nsxpolicy.build_v3_tags_payload( + port_data, resource_type=tag_resource_type, + project_name=context.tenant_name)) if self._is_excluded_port(device_owner, is_psec_on): tags.append({'scope': security.PORT_SG_SCOPE, @@ -1225,8 +1233,9 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base): router_name = utils.get_name_and_uuid(router['name'] or 'router', router['id']) - tags = self.nsxpolicy.build_v3_api_version_project_tag( - context.tenant_name, project_id=r.get('tenant_id')) + tags = self.nsxpolicy.build_v3_tags_payload( + r, resource_type='os-neutron-router-id', + project_name=context.tenant_name) try: self.nsxpolicy.tier1.create_or_overwrite( router_name, router['id'], @@ -1650,8 +1659,9 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base): Both will have the security group id as their NSX id. """ sg_id = secgroup['id'] - tags = self.nsxpolicy.build_v3_api_version_project_tag( - context.tenant_name, project_id=secgroup.get('tenant_id')) + tags = self.nsxpolicy.build_v3_tags_payload( + secgroup, resource_type='os-neutron-secg-id', + project_name=secgroup.get('tenant_id')) nsx_name = utils.get_name_and_uuid(secgroup['name'] or 'securitygroup', sg_id) # Create the groups membership criteria for ports by scope & tag @@ -1686,13 +1696,11 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base): self.nsxpolicy.group.delete(domain_id, sg_id) raise nsx_exc.NsxPluginException(err_msg=msg) - def _get_rule_service_id(self, context, sg_rule): + def _get_rule_service_id(self, context, sg_rule, tags): """Return the NSX Policy service id matching the SG rule""" srv_id = None l4_protocol = nsxlib_utils.get_l4_protocol_name(sg_rule['protocol']) srv_name = 'Service for OS rule %s' % sg_rule['id'] - tags = self.nsxpolicy.build_v3_api_version_project_tag( - context.tenant_name, project_id=sg_rule.get('tenant_id')) if l4_protocol in [nsxlib_consts.TCP, nsxlib_consts.UDP]: # If port_range_min is not specified then we assume all ports are @@ -1753,8 +1761,11 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base): self._fix_sg_rule_dict_ips(sg_rule) source = None destination = this_group_id - tags = self.nsxpolicy.build_v3_api_version_project_tag( - context.tenant_name, project_id=sg_rule.get('tenant_id')) + + tags = self.nsxpolicy.build_v3_tags_payload( + sg_rule, resource_type='os-neutron-secgr-id', + project_name=sg_rule.get('tenant_id')) + if sg_rule.get('remote_group_id'): # This is the ID of a security group that already exists, # so it should be known to the policy manager @@ -1786,7 +1797,7 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base): # Swap source and destination source, destination = destination, source - service = self._get_rule_service_id(context, sg_rule) + service = self._get_rule_service_id(context, sg_rule, tags) logging = (cfg.CONF.nsx_p.log_security_groups_allowed_traffic or secgroup_logging) self.nsxpolicy.comm_map.create_entry( diff --git a/vmware_nsx/services/qos/nsx_v3/pol_utils.py b/vmware_nsx/services/qos/nsx_v3/pol_utils.py index 55b92f7f64..67b649d7b0 100644 --- a/vmware_nsx/services/qos/nsx_v3/pol_utils.py +++ b/vmware_nsx/services/qos/nsx_v3/pol_utils.py @@ -49,10 +49,15 @@ class PolicyQosNotificationsHandler(object): def _nsxpolicy(self): return self.core_plugin.nsxpolicy + def _get_tags(self, context, policy): + policy_dict = {'id': policy.id, 'tenant_id': policy.tenant_id} + return self._nsxpolicy.build_v3_tags_payload( + policy_dict, resource_type='os-neutron-qos-id', + project_name=context.tenant_name) + def create_or_update_policy(self, context, policy): policy_id = policy.id - tags = self._nsxpolicy.build_v3_api_version_project_tag( - context.tenant_name, project_id=policy.tenant_id) + tags = self._get_tags(context, policy) pol_name = utils.get_name_and_uuid(policy.name or 'policy', policy.id) diff --git a/vmware_nsx/tests/unit/services/qos/test_nsxp_notification.py b/vmware_nsx/tests/unit/services/qos/test_nsxp_notification.py index 711b32f092..4f7de22cce 100644 --- a/vmware_nsx/tests/unit/services/qos/test_nsxp_notification.py +++ b/vmware_nsx/tests/unit/services/qos/test_nsxp_notification.py @@ -93,6 +93,12 @@ class TestQosNsxPNotification(base.BaseQosTestCase, self.nsxlib = v3_utils.get_nsxlib_wrapper() + def _get_expected_tags(self): + policy_dict = {'id': self.policy.id, 'tenant_id': self.project_id} + return self.nsxlib.build_v3_tags_payload( + policy_dict, resource_type='os-neutron-qos-id', + project_name=self.ctxt.tenant_name) + @mock.patch.object(QoSPolicy, 'create_rbac_policy') def test_policy_create_profile(self, *mocks): # test the profile creation when a QoS policy is created @@ -103,9 +109,6 @@ class TestQosNsxPNotification(base.BaseQosTestCase, return_value=self.policy),\ mock.patch.object(QoSPolicy, 'create'): self.qos_plugin.create_policy(self.ctxt, self.policy_data) - expected_tags = self.nsxlib.build_v3_api_version_project_tag( - project_name=self.ctxt.tenant_name, - project_id=self.project_id) exp_name = utils.get_name_and_uuid(self.policy.name, self.policy.id) @@ -115,7 +118,7 @@ class TestQosNsxPNotification(base.BaseQosTestCase, description=self.policy_data["policy"]["description"], dscp=None, shaper_configurations=[], - tags=expected_tags) + tags=self._get_expected_tags()) @mock.patch.object(QoSPolicy, '_reload_rules') def test_bw_rule_create_profile(self, *mocks): @@ -139,9 +142,6 @@ class TestQosNsxPNotification(base.BaseQosTestCase, rule_dict['max_kbps']) / 1024)) expected_burst = rule_dict['max_burst_kbps'] * 128 expected_peak = int(expected_bw * self.peak_bw_multiplier) - expected_tags = self.nsxlib.build_v3_api_version_project_tag( - project_name=self.ctxt.tenant_name, - project_id=self.project_id) exp_name = utils.get_name_and_uuid(self.policy.name, self.policy.id) # egress neutron rule -> ingress nsx args @@ -158,7 +158,7 @@ class TestQosNsxPNotification(base.BaseQosTestCase, description=self.policy_data["policy"]["description"], dscp=None, shaper_configurations=[mock.ANY], - tags=expected_tags) + tags=self._get_expected_tags()) # Compare the shaper actual_shaper = create_profile.call_args[1][ 'shaper_configurations'][0] @@ -190,9 +190,6 @@ class TestQosNsxPNotification(base.BaseQosTestCase, expected_peak = int(expected_bw * self.peak_bw_multiplier) exp_name = utils.get_name_and_uuid(self.policy.name, self.policy.id) - expected_tags = self.nsxlib.build_v3_api_version_project_tag( - project_name=self.ctxt.tenant_name, - project_id=self.project_id) # ingress neutron rule -> egress nsx args shaper_type = policy_defs.QoSRateLimiter.EGRESS_RATE_LIMITER_TYPE expected_shaper = policy_defs.QoSRateLimiter( @@ -207,7 +204,7 @@ class TestQosNsxPNotification(base.BaseQosTestCase, description=self.policy_data["policy"]["description"], dscp=None, shaper_configurations=[mock.ANY], - tags=expected_tags) + tags=self._get_expected_tags()) # Compare the shaper actual_shaper = create_profile.call_args[1][ 'shaper_configurations'][0] @@ -287,9 +284,6 @@ class TestQosNsxPNotification(base.BaseQosTestCase, exp_name = utils.get_name_and_uuid(self.policy.name, self.policy.id) - expected_tags = self.nsxlib.build_v3_api_version_project_tag( - project_name=self.ctxt.tenant_name, - project_id=self.project_id) expected_dscp = policy_defs.QoSDscp( mode=policy_defs.QoSDscp.QOS_DSCP_UNTRUSTED, priority=dscp_mark) @@ -299,7 +293,7 @@ class TestQosNsxPNotification(base.BaseQosTestCase, description=self.policy_data["policy"]["description"], dscp=mock.ANY, shaper_configurations=[], - tags=expected_tags) + tags=self._get_expected_tags()) # Compare the dscp obj actual_dscp = create_profile.call_args[1]['dscp'] self.assertEqual(expected_dscp.get_obj_dict(), @@ -342,9 +336,6 @@ class TestQosNsxPNotification(base.BaseQosTestCase, self.qos_plugin.delete_policy_bandwidth_limit_rule( self.ctxt, self.rule.id, self.policy.id) # validate the data on the profile - expected_tags = self.nsxlib.build_v3_api_version_project_tag( - project_name=self.ctxt.tenant_name, - project_id=self.project_id) exp_name = utils.get_name_and_uuid(self.policy.name, self.policy.id) @@ -354,7 +345,7 @@ class TestQosNsxPNotification(base.BaseQosTestCase, description=self.policy_data["policy"]["description"], dscp=None, shaper_configurations=[], - tags=expected_tags) + tags=self._get_expected_tags()) @mock.patch('neutron.objects.db.api.get_object', return_value=None) def test_policy_delete_profile(self, *mocks):