NSX|P: Limit allowed cidr rule comment length

Change-Id: I3c09849ffa05efffcdab9eb1b3b1ed13e7ca2a2b
2021-01-21 17:46:31 +02:00 · 2021-01-21 17:46:31 +02:00 · 45c2e19b4c
commit 45c2e19b4c
parent 09d2de0e75
1 changed files with 3 additions and 0 deletions
--- a/vmware_nsx/services/lbaas/nsx_p/implementation/lb_utils.py
+++ b/vmware_nsx/services/lbaas/nsx_p/implementation/lb_utils.py
@ -40,6 +40,7 @@ SERVICE_LB_TAG_MAX = 20

 VIP_GRP_ID = '%s-vip'
 MAX_SOURCES_IN_RULE = 128
+MAX_DESC_LEN = 1024


 def get_rule_match_conditions(policy):
@ -516,6 +517,8 @@ def set_allowed_cidrs_fw(core_plugin, context, loadbalancer, listeners):
                    rule_index, len(listener['negate_cidrs']))
                rule_id = rule_id + "-%s" % rule_index
            description = "Allow only %s" % listener['allowed_cidrs']
+            if len(description) >= MAX_DESC_LEN:
+                description = "Allow only configured allowed-cidrs"
            rules.append(nsxpolicy.gateway_policy.build_entry(
                rule_name,
                p_constants.DEFAULT_DOMAIN, loadbalancer['id'],