x/vmware-nsx
Code Issues Proposed changes

Merge "NSXv: use correct DFW config for LBaaS rules"

Browse Source
This commit is contained in:
Zuul 2020-03-11 08:18:19 +00:00 committed by Gerrit Code Review
commit 3b9ab3c95f
1 changed files with 20 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
vmware_nsx/services/lbaas/nsx_v/lbaas_common.py
View File

@ -317,31 +317,36 @@ def update_pool_fw_rule(vcns, pool_id, edge_id, section_id, member_ips):
for rule in section.iter('rule'): for rule in section.iter('rule'):
if rule.find('name').text == pool_id: if rule.find('name').text == pool_id:
pool_rule = rule pool_rule = rule
if member_ips: sources = pool_rule.find('sources')
pool_rule.find('sources').find('source').find( if sources:
'value').text = (','.join(edge_ips)) pool_rule.remove(sources)
pool_rule.find('destinations').find(
'destination').find('value').text = ','.join( destinations = pool_rule.find('destinations')
member_ips) if destinations:
else: pool_rule.remove(destinations)
section.remove(pool_rule)
break break
if member_ips and pool_rule is None: if not pool_rule and member_ips:
pool_rule = et.SubElement(section, 'rule') pool_rule = et.SubElement(section, 'rule')
et.SubElement(pool_rule, 'name').text = pool_id et.SubElement(pool_rule, 'name').text = pool_id
et.SubElement(pool_rule, 'action').text = 'allow' et.SubElement(pool_rule, 'action').text = 'allow'
if member_ips:
sources = et.SubElement(pool_rule, 'sources') sources = et.SubElement(pool_rule, 'sources')
sources.attrib['excluded'] = 'false' sources.attrib['excluded'] = 'false'
source = et.SubElement(sources, 'source') for edge_ip in edge_ips:
et.SubElement(source, 'type').text = 'Ipv4Address' source = et.SubElement(sources, 'source')
et.SubElement(source, 'value').text = ','.join(edge_ips) et.SubElement(source, 'type').text = 'Ipv4Address'
et.SubElement(source, 'value').text = edge_ip
destinations = et.SubElement(pool_rule, 'destinations') destinations = et.SubElement(pool_rule, 'destinations')
destinations.attrib['excluded'] = 'false' destinations.attrib['excluded'] = 'false'
destination = et.SubElement(destinations, 'destination') for member_ip in member_ips:
et.SubElement(destination, 'type').text = 'Ipv4Address' destination = et.SubElement(destinations, 'destination')
et.SubElement(destination, 'value').text = ','.join(member_ips) et.SubElement(destination, 'type').text = 'Ipv4Address'
et.SubElement(destination, 'value').text = member_ip
elif pool_rule:
section.remove(pool_rule)
vcns.update_section(section_uri, vcns.update_section(section_uri,
et.tostring(section, encoding="us-ascii"), et.tostring(section, encoding="us-ascii"),