NSX|V3+P: Ignore IP ::/x in security group rules

Setting ::/x as remote/local IP of a security group rule is not
allowed by the NSX.
This patch uses 'ANY' instead, similar to the way it handles 0.0.0.0/x
for IPv4.

Change-Id: I1a2c1e0111d24c24fe51e60e70bd663cabeed346
This commit is contained in:
Adit Sarfaty 2019-06-24 10:35:03 +03:00
parent f418e6db08
commit 62672b5adf

View File

@ -282,14 +282,16 @@ class NsxPluginV3Base(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
return net_id return net_id
def _fix_sg_rule_dict_ips(self, sg_rule): def _fix_sg_rule_dict_ips(self, sg_rule):
# 0.0.0.0/# is not a valid entry for local and remote so we need # 0.0.0.0/# and ::/ are not valid entries for local and remote so we
# to change this to None # need to change this to None
if (sg_rule.get('remote_ip_prefix') and if (sg_rule.get('remote_ip_prefix') and
sg_rule['remote_ip_prefix'].startswith('0.0.0.0/')): (sg_rule['remote_ip_prefix'].startswith('0.0.0.0/') or
sg_rule['remote_ip_prefix'].startswith('::/'))):
sg_rule['remote_ip_prefix'] = None sg_rule['remote_ip_prefix'] = None
if (sg_rule.get(sg_prefix.LOCAL_IP_PREFIX) and if (sg_rule.get(sg_prefix.LOCAL_IP_PREFIX) and
validators.is_attr_set(sg_rule[sg_prefix.LOCAL_IP_PREFIX]) and validators.is_attr_set(sg_rule[sg_prefix.LOCAL_IP_PREFIX]) and
sg_rule[sg_prefix.LOCAL_IP_PREFIX].startswith('0.0.0.0/')): (sg_rule[sg_prefix.LOCAL_IP_PREFIX].startswith('0.0.0.0/') or
sg_rule[sg_prefix.LOCAL_IP_PREFIX].startswith('::/'))):
sg_rule[sg_prefix.LOCAL_IP_PREFIX] = None sg_rule[sg_prefix.LOCAL_IP_PREFIX] = None
def _validate_interface_address_scope(self, context, def _validate_interface_address_scope(self, context,