NSX|V: add in security rule tags for 'project_id'
Leverage the NSX DFW tag to store the neutron project ID. This will help a admin filter logging. The tag will be 'Project_<PROJECT_UUID>' Change-Id: Ie6ff0594012e3fa252aa999eb68cff872d1c2c5e
This commit is contained in:
Gary Kotton
parent
5e9d41ac17
commit
cf956b65a0
@ -4235,7 +4235,8 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
|
||||
services=services,
|
||||
flags=flags,
|
||||
action=action,
|
||||
logged=logged)
|
||||
logged=logged,
|
||||
tag='Project_%s' % rule['tenant_id'])
|
||||
return nsx_rule
|
||||
|
||||
def create_security_group_rule(self, context, security_group_rule):
|
||||
|
||||
@ -60,7 +60,7 @@ class NsxSecurityGroupUtils(object):
|
||||
def get_rule_config(self, applied_to_ids, name, action='allow',
|
||||
applied_to='SecurityGroup',
|
||||
source=None, destination=None, services=None,
|
||||
flags=None, logged=False):
|
||||
flags=None, logged=False, tag=None):
|
||||
"""Helper method to create a nsx rule dict."""
|
||||
ruleTag = et.Element('rule')
|
||||
ruleTag.attrib['logged'] = 'true' if logged else 'false'
|
||||
@ -123,6 +123,9 @@ class NsxSecurityGroupUtils(object):
|
||||
if flags.get('direction') is not None:
|
||||
dirTag = et.SubElement(ruleTag, 'direction')
|
||||
dirTag.text = flags.get('direction')
|
||||
if tag:
|
||||
tagTag = et.SubElement(ruleTag, 'tag')
|
||||
tagTag.text = tag
|
||||
return ruleTag
|
||||
|
||||
def get_rule_id_pair_from_section(self, resp):
|
||||
|
||||
@ -110,7 +110,7 @@ class TestNsxVExtendedSGRule(test_nsxv_plugin.NsxVSecurityGroupsTestCase,
|
||||
plugin.nsx_sg_utils.get_rule_config.assert_called_with(
|
||||
source=mock.ANY, destination=dest, services=mock.ANY,
|
||||
name=mock.ANY, applied_to_ids=mock.ANY, flags=mock.ANY,
|
||||
logged=mock.ANY, action=mock.ANY)
|
||||
logged=mock.ANY, action=mock.ANY, tag=mock.ANY)
|
||||
|
||||
|
||||
class TestNSXv3ExtendedSGRule(test_nsxv3_plugin.NsxV3PluginTestCaseMixin,
|
||||
|
||||
Loading…
Reference in New Issue
Block a user