[API Replay] Migrate RBAC policies

Migrate RBAC policies, skipping those which have been implicitly created from shared or external networks. Change-Id: I0833a52993248857b1eb25491928ca86a720c04c
2021-11-26 13:36:22 -08:00 · 2021-11-26 13:36:22 -08:00 · 5706012434
commit 5706012434
parent 2158636ebc
1 changed files with 35 additions and 0 deletions
--- a/vmware_nsx/api_replay/client.py
+++ b/vmware_nsx/api_replay/client.py
@ -183,6 +183,7 @@ class ApiReplayClient(utils.PrepareObjectForMigration):
        self.migrate_fwaas()
        if self.octavia:
            self.migrate_octavia(source_networks)
+        self.migrate_rbac()

        if self.n_errors:
            LOG.error("NSX migration is Done with %s errors:", self.n_errors)
@ -311,6 +312,40 @@ class ApiReplayClient(utils.PrepareObjectForMigration):
                                   {'q': quota, 'e': e})
        self._log_elapsed(outer_start, "Quota migration", debug=False)

+    def migrate_rbac(self):
+        outer_start = datetime.now()
+        source_data = self.source_neutron.list_rbac_policies()
+        source_rbac = source_data['rbac_policies']
+        for count, rbac_policy in enumerate(source_rbac, 1):
+            inner_start = datetime.now()
+            # Careful: for shared and external networks an auto generated RBAC
+            # policy might have been already added. Adding again the same rule
+            # will trigger an error
+            try:
+                new_rbac_policy = rbac_policy.copy()
+                new_rbac_policy.pop('id')
+                self.dest_neutron.create_rbac_policy(
+                    {'rbac_policy': new_rbac_policy})
+                LOG.info("Migrated RBAC policy %s for %s %s",
+                         rbac_policy['action'],
+                         rbac_policy['object_type'],
+                         rbac_policy['object_id'])
+                self._log_elapsed(
+                    inner_start,
+                    "Migrate RBAC policy %s" % rbac_policy['id'])
+            except n_exc.Conflict as e:
+                LOG.info("Skipping RBAC policy %s due to %s",
+                         rbac_policy['id'], e)
+            except Exception as e:
+                self.add_error(
+                    "Failed to migrate RBAC policy %s for %s %si: %s" % (
+                        rbac_policy['action'],
+                        rbac_policy['object_type'],
+                        rbac_policy['object_id'],
+                        e))
+
+        self._log_elapsed(outer_start, "Quota migration", debug=False)
+
    def migrate_qos_rule(self, dest_policy, source_rule):
        """Add the QoS rule from the source to the QoS policy