NSX|P: Add neutron object ID to NSX tags

Change-Id: I75b2b1412cf32445f9b2ab0ba65e04b44e6a4dc9
This commit is contained in:
Adit Sarfaty 2019-01-30 10:50:24 +02:00
parent e3613af0a1
commit 0faf9e181c
3 changed files with 43 additions and 36 deletions

View File

@ -326,8 +326,9 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
# update the network name to indicate the neutron id too.
net_name = utils.get_name_and_uuid(net_data['name'] or 'network',
net_data['id'])
tags = self.nsxpolicy.build_v3_api_version_project_tag(
context.tenant_name)
tags = self.nsxpolicy.build_v3_tags_payload(
net_data, resource_type='os-neutron-net-id',
project_name=context.tenant_name)
admin_state = net_data.get('admin_state_up', True)
LOG.debug('create_network: %(net_name)s, %(physical_net)s, '
@ -666,8 +667,15 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
attachment_type = policy_constants.ATTACHMENT_INDEPENDENT
tags = self._build_port_tags(port_data)
tags.extend(self.nsxpolicy.build_v3_api_version_project_tag(
context.tenant_name, project_id=port_data.get('tenant_id')))
if device_owner == const.DEVICE_OWNER_DHCP:
tag_resource_type = 'os-neutron-dport-id'
elif device_owner == l3_db.DEVICE_OWNER_ROUTER_INTF:
tag_resource_type = 'os-neutron-rport-id'
else:
tag_resource_type = 'os-neutron-port-id'
tags.extend(self.nsxpolicy.build_v3_tags_payload(
port_data, resource_type=tag_resource_type,
project_name=context.tenant_name))
if self._is_excluded_port(device_owner, is_psec_on):
tags.append({'scope': security.PORT_SG_SCOPE,
@ -1225,8 +1233,9 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
router_name = utils.get_name_and_uuid(router['name'] or 'router',
router['id'])
tags = self.nsxpolicy.build_v3_api_version_project_tag(
context.tenant_name, project_id=r.get('tenant_id'))
tags = self.nsxpolicy.build_v3_tags_payload(
r, resource_type='os-neutron-router-id',
project_name=context.tenant_name)
try:
self.nsxpolicy.tier1.create_or_overwrite(
router_name, router['id'],
@ -1650,8 +1659,9 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
Both will have the security group id as their NSX id.
"""
sg_id = secgroup['id']
tags = self.nsxpolicy.build_v3_api_version_project_tag(
context.tenant_name, project_id=secgroup.get('tenant_id'))
tags = self.nsxpolicy.build_v3_tags_payload(
secgroup, resource_type='os-neutron-secg-id',
project_name=secgroup.get('tenant_id'))
nsx_name = utils.get_name_and_uuid(secgroup['name'] or 'securitygroup',
sg_id)
# Create the groups membership criteria for ports by scope & tag
@ -1686,13 +1696,11 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
self.nsxpolicy.group.delete(domain_id, sg_id)
raise nsx_exc.NsxPluginException(err_msg=msg)
def _get_rule_service_id(self, context, sg_rule):
def _get_rule_service_id(self, context, sg_rule, tags):
"""Return the NSX Policy service id matching the SG rule"""
srv_id = None
l4_protocol = nsxlib_utils.get_l4_protocol_name(sg_rule['protocol'])
srv_name = 'Service for OS rule %s' % sg_rule['id']
tags = self.nsxpolicy.build_v3_api_version_project_tag(
context.tenant_name, project_id=sg_rule.get('tenant_id'))
if l4_protocol in [nsxlib_consts.TCP, nsxlib_consts.UDP]:
# If port_range_min is not specified then we assume all ports are
@ -1753,8 +1761,11 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
self._fix_sg_rule_dict_ips(sg_rule)
source = None
destination = this_group_id
tags = self.nsxpolicy.build_v3_api_version_project_tag(
context.tenant_name, project_id=sg_rule.get('tenant_id'))
tags = self.nsxpolicy.build_v3_tags_payload(
sg_rule, resource_type='os-neutron-secgr-id',
project_name=sg_rule.get('tenant_id'))
if sg_rule.get('remote_group_id'):
# This is the ID of a security group that already exists,
# so it should be known to the policy manager
@ -1786,7 +1797,7 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
# Swap source and destination
source, destination = destination, source
service = self._get_rule_service_id(context, sg_rule)
service = self._get_rule_service_id(context, sg_rule, tags)
logging = (cfg.CONF.nsx_p.log_security_groups_allowed_traffic or
secgroup_logging)
self.nsxpolicy.comm_map.create_entry(

View File

@ -49,10 +49,15 @@ class PolicyQosNotificationsHandler(object):
def _nsxpolicy(self):
return self.core_plugin.nsxpolicy
def _get_tags(self, context, policy):
policy_dict = {'id': policy.id, 'tenant_id': policy.tenant_id}
return self._nsxpolicy.build_v3_tags_payload(
policy_dict, resource_type='os-neutron-qos-id',
project_name=context.tenant_name)
def create_or_update_policy(self, context, policy):
policy_id = policy.id
tags = self._nsxpolicy.build_v3_api_version_project_tag(
context.tenant_name, project_id=policy.tenant_id)
tags = self._get_tags(context, policy)
pol_name = utils.get_name_and_uuid(policy.name or 'policy',
policy.id)

View File

@ -93,6 +93,12 @@ class TestQosNsxPNotification(base.BaseQosTestCase,
self.nsxlib = v3_utils.get_nsxlib_wrapper()
def _get_expected_tags(self):
policy_dict = {'id': self.policy.id, 'tenant_id': self.project_id}
return self.nsxlib.build_v3_tags_payload(
policy_dict, resource_type='os-neutron-qos-id',
project_name=self.ctxt.tenant_name)
@mock.patch.object(QoSPolicy, 'create_rbac_policy')
def test_policy_create_profile(self, *mocks):
# test the profile creation when a QoS policy is created
@ -103,9 +109,6 @@ class TestQosNsxPNotification(base.BaseQosTestCase,
return_value=self.policy),\
mock.patch.object(QoSPolicy, 'create'):
self.qos_plugin.create_policy(self.ctxt, self.policy_data)
expected_tags = self.nsxlib.build_v3_api_version_project_tag(
project_name=self.ctxt.tenant_name,
project_id=self.project_id)
exp_name = utils.get_name_and_uuid(self.policy.name,
self.policy.id)
@ -115,7 +118,7 @@ class TestQosNsxPNotification(base.BaseQosTestCase,
description=self.policy_data["policy"]["description"],
dscp=None,
shaper_configurations=[],
tags=expected_tags)
tags=self._get_expected_tags())
@mock.patch.object(QoSPolicy, '_reload_rules')
def test_bw_rule_create_profile(self, *mocks):
@ -139,9 +142,6 @@ class TestQosNsxPNotification(base.BaseQosTestCase,
rule_dict['max_kbps']) / 1024))
expected_burst = rule_dict['max_burst_kbps'] * 128
expected_peak = int(expected_bw * self.peak_bw_multiplier)
expected_tags = self.nsxlib.build_v3_api_version_project_tag(
project_name=self.ctxt.tenant_name,
project_id=self.project_id)
exp_name = utils.get_name_and_uuid(self.policy.name,
self.policy.id)
# egress neutron rule -> ingress nsx args
@ -158,7 +158,7 @@ class TestQosNsxPNotification(base.BaseQosTestCase,
description=self.policy_data["policy"]["description"],
dscp=None,
shaper_configurations=[mock.ANY],
tags=expected_tags)
tags=self._get_expected_tags())
# Compare the shaper
actual_shaper = create_profile.call_args[1][
'shaper_configurations'][0]
@ -190,9 +190,6 @@ class TestQosNsxPNotification(base.BaseQosTestCase,
expected_peak = int(expected_bw * self.peak_bw_multiplier)
exp_name = utils.get_name_and_uuid(self.policy.name,
self.policy.id)
expected_tags = self.nsxlib.build_v3_api_version_project_tag(
project_name=self.ctxt.tenant_name,
project_id=self.project_id)
# ingress neutron rule -> egress nsx args
shaper_type = policy_defs.QoSRateLimiter.EGRESS_RATE_LIMITER_TYPE
expected_shaper = policy_defs.QoSRateLimiter(
@ -207,7 +204,7 @@ class TestQosNsxPNotification(base.BaseQosTestCase,
description=self.policy_data["policy"]["description"],
dscp=None,
shaper_configurations=[mock.ANY],
tags=expected_tags)
tags=self._get_expected_tags())
# Compare the shaper
actual_shaper = create_profile.call_args[1][
'shaper_configurations'][0]
@ -287,9 +284,6 @@ class TestQosNsxPNotification(base.BaseQosTestCase,
exp_name = utils.get_name_and_uuid(self.policy.name,
self.policy.id)
expected_tags = self.nsxlib.build_v3_api_version_project_tag(
project_name=self.ctxt.tenant_name,
project_id=self.project_id)
expected_dscp = policy_defs.QoSDscp(
mode=policy_defs.QoSDscp.QOS_DSCP_UNTRUSTED,
priority=dscp_mark)
@ -299,7 +293,7 @@ class TestQosNsxPNotification(base.BaseQosTestCase,
description=self.policy_data["policy"]["description"],
dscp=mock.ANY,
shaper_configurations=[],
tags=expected_tags)
tags=self._get_expected_tags())
# Compare the dscp obj
actual_dscp = create_profile.call_args[1]['dscp']
self.assertEqual(expected_dscp.get_obj_dict(),
@ -342,9 +336,6 @@ class TestQosNsxPNotification(base.BaseQosTestCase,
self.qos_plugin.delete_policy_bandwidth_limit_rule(
self.ctxt, self.rule.id, self.policy.id)
# validate the data on the profile
expected_tags = self.nsxlib.build_v3_api_version_project_tag(
project_name=self.ctxt.tenant_name,
project_id=self.project_id)
exp_name = utils.get_name_and_uuid(self.policy.name,
self.policy.id)
@ -354,7 +345,7 @@ class TestQosNsxPNotification(base.BaseQosTestCase,
description=self.policy_data["policy"]["description"],
dscp=None,
shaper_configurations=[],
tags=expected_tags)
tags=self._get_expected_tags())
@mock.patch('neutron.objects.db.api.get_object', return_value=None)
def test_policy_delete_profile(self, *mocks):