NSX|P: Policy plugin use passthrough api

Adding a configuration flag (True by default) to allow the passthrough api usage. Using this plag for the nsxpolicy initialization and for calling the specific apis. Change-Id: Ie574d56af6258726f774d623e5cce25aa5f20ead
2018-12-06 10:59:15 +02:00 · 2018-12-06 10:59:15 +02:00 · 0fc5c7a5a3
commit 0fc5c7a5a3
parent 77a9571925
4 changed files with 32 additions and 6 deletions
--- a/vmware_nsx/common/config.py
+++ b/vmware_nsx/common/config.py
@ -505,6 +505,10 @@ nsx_p_opts = nsx_v3_and_p + [
                      "specified. If only one VLAN transport zone is present "
                      "on backend, it will be assumed as default unless this "
                      "value is provided")),
+    cfg.BoolOpt('allow_passthrough',
+                default=True,
+                help=_("If True, use nsx manager api for cases which are not "
+                       "supported by the policy manager api")),
 ]


--- a/vmware_nsx/plugins/nsx_p/plugin.py
+++ b/vmware_nsx/plugins/nsx_p/plugin.py
@ -212,6 +212,7 @@ class NsxPolicyPlugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
                return None

    def _init_default_config(self):
+        """Validate the configuration & initialize default values"""
        # Default Tier0 router
        self.default_tier0_router = self._init_default_resource(
            self.nsxpolicy.tier0,
@ -980,7 +981,19 @@ class NsxPolicyPlugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
                                        tier0=new_tier0_uuid)

            # Set/Unset the router TZ to allow vlan switches traffic
-            #TODO(asarfaty) no api for this yet
+            if cfg.CONF.nsx_p.allow_passthrough:
+                # TODO(asarfaty) need to wait for realization before using
+                # the passthrough api
+                if new_tier0_uuid:
+                    tz_uuid = self.nsxpolicy.tier0.get_overlay_transport_zone(
+                        new_tier0_uuid)
+                else:
+                    tz_uuid = None
+                self.nsxpolicy.tier1.update_transport_zone(
+                    router_id, tz_uuid)
+            else:
+                LOG.debug("Not adding transport-zone to tier1 router %s as "
+                          "passthrough api is disabled", router_id)

        if actions['add_snat_rules']:
            # Add SNAT rules for all the subnets which are in different scope
@ -1002,8 +1015,9 @@ class NsxPolicyPlugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
        # TODO(asarfaty): handle enable/disable snat, router adv flags, etc.

        if actions['remove_service_router']:
-            # disable edge firewall before removing  the service router
-            #TODO(asarfaty) no api for this yet
+            # Disable edge firewall before removing the service router
+            #TODO(asarfaty) no api for this yet. Use passthrough api when
+            # adding fwaas support

            # remove the edge cluster
            self.nsxpolicy.tier1.remove_edge_cluster(router_id)
--- a/vmware_nsx/plugins/nsx_v3/utils.py
+++ b/vmware_nsx/plugins/nsx_v3/utils.py
@ -170,7 +170,7 @@ def get_nsxlib_wrapper(nsx_username=None, nsx_password=None, basic_auth=False,

 def get_nsxpolicy_wrapper(nsx_username=None, nsx_password=None,
                          basic_auth=False):
-    #TODO(asarfaty) move to a different file?
+    #TODO(asarfaty) move to a different file? (under common_v3)
    client_cert_provider = None
    if not basic_auth:
        # if basic auth requested, dont use cert file even if provided
@ -193,7 +193,8 @@ def get_nsxpolicy_wrapper(nsx_username=None, nsx_password=None,
        nsx_api_managers=cfg.CONF.nsx_p.nsx_api_managers,
        plugin_scope=OS_NEUTRON_ID_SCOPE,
        plugin_tag=NSX_NEUTRON_PLUGIN,
-        plugin_ver=n_version.version_info.release_string())
+        plugin_ver=n_version.version_info.release_string(),
+        allow_passthrough=cfg.CONF.nsx_p.allow_passthrough)
    return v3.NsxPolicyLib(nsxlib_config)


--- a/vmware_nsx/tests/unit/nsx_p/test_plugin.py
+++ b/vmware_nsx/tests/unit/nsx_p/test_plugin.py
@ -40,6 +40,7 @@ from vmware_nsx.common import utils
 from vmware_nsx.tests.unit.common_plugin import common_v3
 from vmware_nsxlib.v3 import exceptions as nsxlib_exc
 from vmware_nsxlib.v3 import nsx_constants
+from vmware_nsxlib.v3 import policy_constants

 PLUGIN_NAME = 'vmware_nsx.plugin.NsxPolicyPlugin'
 NSX_OVERLAY_TZ_NAME = 'OVERLAY_TZ'
@ -85,6 +86,12 @@ class NsxPPluginTestCaseMixin(
        mock.patch("vmware_nsxlib.v3.policy_resources."
                   "NsxPolicyCommunicationMapApi._get_last_seq_num",
                   return_value=-1).start()
+        mock.patch("vmware_nsxlib.v3.policy_resources."
+                   "NsxPolicyResourceBase._wait_until_realized",
+                   return_value={'state': policy_constants.STATE_REALIZED}
+                   ).start()
+        mock.patch("vmware_nsxlib.v3.policy_resources."
+                   "NsxPolicyTier1Api.update_transport_zone").start()

    def setup_conf_overrides(self):
        cfg.CONF.set_override('default_overlay_tz', NSX_OVERLAY_TZ_NAME,