NSX|V3+P: Ignore IP ::/x in security group rules
Setting ::/x as remote/local IP of a security group rule is not allowed by the NSX. This patch uses 'ANY' instead, similar to the way it handles 0.0.0.0/x for IPv4. Change-Id: I1a2c1e0111d24c24fe51e60e70bd663cabeed346
This commit is contained in:
parent
f418e6db08
commit
62672b5adf
@ -282,14 +282,16 @@ class NsxPluginV3Base(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
|
|||||||
return net_id
|
return net_id
|
||||||
|
|
||||||
def _fix_sg_rule_dict_ips(self, sg_rule):
|
def _fix_sg_rule_dict_ips(self, sg_rule):
|
||||||
# 0.0.0.0/# is not a valid entry for local and remote so we need
|
# 0.0.0.0/# and ::/ are not valid entries for local and remote so we
|
||||||
# to change this to None
|
# need to change this to None
|
||||||
if (sg_rule.get('remote_ip_prefix') and
|
if (sg_rule.get('remote_ip_prefix') and
|
||||||
sg_rule['remote_ip_prefix'].startswith('0.0.0.0/')):
|
(sg_rule['remote_ip_prefix'].startswith('0.0.0.0/') or
|
||||||
|
sg_rule['remote_ip_prefix'].startswith('::/'))):
|
||||||
sg_rule['remote_ip_prefix'] = None
|
sg_rule['remote_ip_prefix'] = None
|
||||||
if (sg_rule.get(sg_prefix.LOCAL_IP_PREFIX) and
|
if (sg_rule.get(sg_prefix.LOCAL_IP_PREFIX) and
|
||||||
validators.is_attr_set(sg_rule[sg_prefix.LOCAL_IP_PREFIX]) and
|
validators.is_attr_set(sg_rule[sg_prefix.LOCAL_IP_PREFIX]) and
|
||||||
sg_rule[sg_prefix.LOCAL_IP_PREFIX].startswith('0.0.0.0/')):
|
(sg_rule[sg_prefix.LOCAL_IP_PREFIX].startswith('0.0.0.0/') or
|
||||||
|
sg_rule[sg_prefix.LOCAL_IP_PREFIX].startswith('::/'))):
|
||||||
sg_rule[sg_prefix.LOCAL_IP_PREFIX] = None
|
sg_rule[sg_prefix.LOCAL_IP_PREFIX] = None
|
||||||
|
|
||||||
def _validate_interface_address_scope(self, context,
|
def _validate_interface_address_scope(self, context,
|
||||||
|
Loading…
x
Reference in New Issue
Block a user