NSX|V: Skip md-proxy routers in fwaas

Metadata proxy rotuers should not be attached to to a firewall. Change-Id: I6acd1fe475183735fc999ef6892b3286de34f671
2017-05-21 08:51:05 +03:00 · 2017-05-21 08:51:05 +03:00 · ea73271a47
commit ea73271a47
parent 60008b4928
1 changed files with 7 additions and 0 deletions
--- a/vmware_nsx/services/fwaas/nsx_v/edge_fwaas_driver.py
+++ b/vmware_nsx/services/fwaas/nsx_v/edge_fwaas_driver.py
@ -51,6 +51,7 @@ class EdgeFwaasDriver(fwaas_base.FwaasDriverBase):
        Return False in those cases:
        - shared router (not supported)
        - router without an external gateway
+        - md proxy router
        """
        if not router_data.get('external_gateway_info'):
            LOG.info("Cannot apply firewall to router %s with no gateway",
@ -61,6 +62,12 @@ class EdgeFwaasDriver(fwaas_base.FwaasDriverBase):
            LOG.info("Cannot apply firewall to shared router %s",
                     router_data['id'])
            return False
+
+        if router_data.get('name', '').startswith('metadata_proxy_router'):
+            LOG.info("Cannot apply firewall to the metadata proxy router %s",
+                     router_data['id'])
+            return False
+
        return True

    def _get_routers_edges(self, context, apply_list):