x/vmware-nsx
Code Issues Proposed changes

Merge "Add tag for os default dfw section"

Browse Source
This commit is contained in:
Jenkins 2015-12-05 00:40:40 +00:00 committed by Gerrit Code Review
commit 79555e941c
3 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
vmware_nsx/common/nsx_constants.py
View File

@ -54,3 +54,6 @@ VIF_TYPE_DVS = 'dvs'
# NSXv3 L2 Gateway constants # NSXv3 L2 Gateway constants
BRIDGE_ENDPOINT = "BRIDGEENDPOINT" BRIDGE_ENDPOINT = "BRIDGEENDPOINT"
# NSXv3 tag constants
SHARED_TAG_TENANT_ID = "neutron-nsx-plugin"

8
vmware_nsx/nsxlib/v3/security.py
View File

@ -20,12 +20,15 @@ NSX-V3 Plugin security integration module
from neutron.db import securitygroups_db from neutron.db import securitygroups_db
from vmware_nsx.common import nsx_constants
from vmware_nsx.common import utils
from vmware_nsx.db import nsx_models from vmware_nsx.db import nsx_models
from vmware_nsx.nsxlib.v3 import dfw_api as firewall from vmware_nsx.nsxlib.v3 import dfw_api as firewall
NSGROUP_CONTAINER = 'NSGroup Container' NSGROUP_CONTAINER = 'NSGroup Container'
DEFAULT_SECTION = 'OS default section for security-groups' DEFAULT_SECTION = 'OS default section for security-groups'
DEFAULT_SECTION_TAG_NAME = 'neutron_default_dfw_section'
def _get_l4_protocol_name(protocol_number): def _get_l4_protocol_name(protocol_number):
@ -230,7 +233,10 @@ def _init_default_section(name, description, nsgroup_id):
break break
else: else:
section = firewall.create_empty_section( section = firewall.create_empty_section(
name, description, [nsgroup_id], []) name, description, [nsgroup_id],
utils.build_v3_tags_payload({
'id': DEFAULT_SECTION_TAG_NAME,
'tenant_id': nsx_constants.SHARED_TAG_TENANT_ID}))
block_rule = firewall.get_firewall_rule_dict( block_rule = firewall.get_firewall_rule_dict(
'Block All', action=firewall.DROP) 'Block All', action=firewall.DROP)
# TODO(roeyc): Add additional rules to allow IPV6 NDP. # TODO(roeyc): Add additional rules to allow IPV6 NDP.

4
vmware_nsx/plugins/nsx_v3/plugin.py
View File

@ -181,7 +181,7 @@ class NsxV3Plugin(addr_pair_db.AllowedAddressPairsMixin,
NSX_V3_DHCP_PROFILE_NAME, 'Neutron DHCP Security Profile', NSX_V3_DHCP_PROFILE_NAME, 'Neutron DHCP Security Profile',
tags=utils.build_v3_tags_payload({ tags=utils.build_v3_tags_payload({
'id': NSX_V3_DHCP_PROFILE_NAME, 'id': NSX_V3_DHCP_PROFILE_NAME,
'tenant_id': 'neutron-nsx-plugin'})) 'tenant_id': nsx_constants.SHARED_TAG_TENANT_ID}))
return self._get_dhcp_security_profile() return self._get_dhcp_security_profile()
def _get_dhcp_security_profile(self): def _get_dhcp_security_profile(self):
@ -222,7 +222,7 @@ class NsxV3Plugin(addr_pair_db.AllowedAddressPairsMixin,
whitelist_ports=True, whitelist_switches=False, whitelist_ports=True, whitelist_switches=False,
tags=utils.build_v3_tags_payload({ tags=utils.build_v3_tags_payload({
'id': NSX_V3_PSEC_PROFILE_NAME, 'id': NSX_V3_PSEC_PROFILE_NAME,
'tenant_id': 'neutron-nsx-plugin'})) 'tenant_id': nsx_constants.SHARED_TAG_TENANT_ID}))
return self._get_port_security_profile() return self._get_port_security_profile()