x/vmware-nsx
Code Issues Proposed changes

Merge "NSX|V3: Make sure LB member is connected to the LB router"

Browse Source
This commit is contained in:
Zuul 2018-08-12 09:57:55 +00:00 committed by Gerrit Code Review
commit d4f7b28084
3 changed files with 56 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
vmware_nsx/services/lbaas/nsx_v3/implementation/lb_utils.py
View File

@ -87,6 +87,39 @@ def validate_lb_subnet(context, plugin, subnet_id):
return False
def validate_lb_member_subnet(context, plugin, subnet_id, lb):
'''Validate LB member subnet before creating a member.
The member subnet should belong to an external network or be connected
to the same T1 router as the Lb vip.
It will throw exception if the subnet doesn't meet this requirement.
:param context: context
:param plugin: core plugin
:param subnet_id: loadbalancer's subnet id
:return: True if subnet meet requirement, otherwise return False
'''
network = get_network_from_subnet(context, plugin, subnet_id)
if network.get('router:external'):
return True
member_router_id = get_router_from_network(
context, plugin, subnet_id)
lb_router_id = get_router_from_network(
context, plugin, lb['vip_subnet_id'])
if lb_router_id:
# Lb on non-external network. member must be on the same router
if lb_router_id == member_router_id:
return True
else:
return False
else:
# LB on external network. member subnet must have a router
if member_router_id:
return True
else:
return False
def get_rule_match_conditions(policy):
match_conditions = []
# values in rule have already been validated in LBaaS API,

8
vmware_nsx/services/lbaas/nsx_v3/implementation/member_mgr.py
View File

@ -112,11 +112,13 @@ class EdgeMemberManagerFromDict(base_mgr.Nsxv3LoadbalancerBaseManager):
lb_id = member['pool']['loadbalancer_id']
pool_id = member['pool']['id']
loadbalancer = member['pool']['loadbalancer']
if not lb_utils.validate_lb_subnet(context, self.core_plugin,
member['subnet_id']):
if not lb_utils.validate_lb_member_subnet(context, self.core_plugin,
member['subnet_id'],
loadbalancer):
completor(success=False)
msg = (_('Cannot add member %(member)s to pool as member subnet '
'%(subnet)s is neither public nor connected to router') %
'%(subnet)s is neither public nor connected to the LB '
'router') %
{'member': member['id'], 'subnet': member['subnet_id']})
raise n_exc.BadRequest(resource='lbaas-subnet', msg=msg)

20
vmware_nsx/tests/unit/services/lbaas/test_nsxv3_driver.py
View File

@ -488,7 +488,7 @@ class TestEdgeLbaasV2Member(BaseTestEdgeLbaasV2):
return 'member'
def test_create(self):
with mock.patch.object(lb_utils, 'validate_lb_subnet'
with mock.patch.object(lb_utils, 'validate_lb_member_subnet'
) as mock_validate_lb_subnet, \
mock.patch.object(self.lbv2_driver.plugin, 'get_pool_members'
) as mock_get_pool_members, \
@ -538,7 +538,7 @@ class TestEdgeLbaasV2Member(BaseTestEdgeLbaasV2):
delete=False)
def test_create_lbs_no_router_gateway(self):
with mock.patch.object(lb_utils, 'validate_lb_subnet'
with mock.patch.object(lb_utils, 'validate_lb_member_subnet'
) as mock_validate_lb_subnet, \
mock.patch.object(self.lbv2_driver.plugin, 'get_pool_members'
) as mock_get_pool_members, \
@ -571,6 +571,22 @@ class TestEdgeLbaasV2Member(BaseTestEdgeLbaasV2):
self.context,
self.member)
def test_create_member_different_router(self):
with mock.patch.object(self.lbv2_driver.plugin, 'get_pool_members'
) as mock_get_pool_members, \
mock.patch.object(lb_utils, 'get_network_from_subnet'
) as mock_get_network, \
mock.patch.object(lb_utils, 'get_router_from_network'
) as mock_get_router:
mock_get_pool_members.return_value = [self.member]
mock_get_network.return_value = LB_NETWORK
mock_get_router.return_value = None
self.assertRaises(n_exc.BadRequest,
self.edge_driver.member.create,
self.context,
self.member)
def test_update(self):
new_member = lb_models.Member(MEMBER_ID, LB_TENANT_ID, POOL_ID,
MEMBER_ADDRESS, 80, 2, pool=self.pool,