NSX|V3: Move logic from fwaas driver to the v3 plugin

As a preparation towards a unified TV driver, moving some logic that could be in the plugin instead of the driver, to make the transition easier Also remove the unused nsxlib from the fwaas v3 callbacks init Change-Id: Ia29cba8c7e6d048ff28940d1b08e7df08c585641
2017-12-13 19:03:57 +02:00 · 2017-12-13 19:03:57 +02:00 · f728cf5646
commit f728cf5646
parent d78ea32453
7 changed files with 41 additions and 48 deletions
--- a/vmware_nsx/plugins/nsx_v3/plugin.py
+++ b/vmware_nsx/plugins/nsx_v3/plugin.py
@ -338,12 +338,10 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
        self.fwaas_callbacks = None
        if fwaas_utils.is_fwaas_v1_plugin_enabled():
            LOG.info("NSXv3 FWaaS v1 plugin enabled")
-            self.fwaas_callbacks = fwaas_callbacks_v1.Nsxv3FwaasCallbacksV1(
-                self.nsxlib)
+            self.fwaas_callbacks = fwaas_callbacks_v1.Nsxv3FwaasCallbacksV1()
        if fwaas_utils.is_fwaas_v2_plugin_enabled():
            LOG.info("NSXv3 FWaaS v2 plugin enabled")
-            self.fwaas_callbacks = fwaas_callbacks_v2.Nsxv3FwaasCallbacksV2(
-                self.nsxlib)
+            self.fwaas_callbacks = fwaas_callbacks_v2.Nsxv3FwaasCallbacksV2()

    def _init_lbv2_driver(self):
        # Get LBaaSv2 driver during plugin initialization. If the platform
@ -3505,6 +3503,28 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
                                                             route)
                router_db['status'] = curr_status

+    def _get_nsx_router_and_fw_section(self, context, router_id):
+        # find the backend router id in the DB
+        nsx_router_id = nsx_db.get_nsx_router_id(context.session, router_id)
+        if nsx_router_id is None:
+            LOG.error("Didn't find nsx router for router %s", router_id)
+            raise self.driver_exception(driver=self.driver_name)
+
+        # get the FW section id of the backend router
+        try:
+            section_id = self.nsxlib.logical_router.get_firewall_section_id(
+                nsx_router_id)
+        except Exception as e:
+            LOG.error("Failed to find router firewall section for router "
+                      "%(id)s: %(e)s", {'id': router_id, 'e': e})
+            raise self.driver_exception(driver=self.driver_name)
+        if section_id is None:
+            LOG.error("Failed to find router firewall section for router "
+                      "%(id)s.", {'id': router_id})
+            raise self.driver_exception(driver=self.driver_name)
+
+        return nsx_router_id, section_id
+
    def update_router_firewall(self, context, router_id):
        """Rewrite all the rules in the router edge firewall

@ -3519,9 +3539,12 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
            # TODO(asarfaty): Add vm ports as well
            ports = self._get_router_interfaces(context, router_id)

+            nsx_router_id, section_id = self._get_nsx_router_and_fw_section(
+                context, router_id)
            # let the fwaas callbacks update the router FW
            return self.fwaas_callbacks.update_router_firewall(
-                context, self.nsxlib, router_id, ports)
+                context, self.nsxlib, router_id, ports,
+                nsx_router_id, section_id)

    def _get_port_relay_servers(self, context, port_id, network_id=None):
        if not network_id:
--- a/vmware_nsx/services/fwaas/nsx_v3/edge_fwaas_driver_base.py
+++ b/vmware_nsx/services/fwaas/nsx_v3/edge_fwaas_driver_base.py
@ -23,7 +23,6 @@ from neutron_lib.callbacks import resources
 from neutron_lib.plugins import directory
 from oslo_log import log as logging

-from vmware_nsx.db import db as nsx_db
 from vmware_nsxlib.v3 import nsx_constants as consts

 LOG = logging.getLogger(__name__)
@ -201,28 +200,6 @@ class CommonEdgeFwaasV3Driver(fwaas_base.FwaasDriverBase):
            LOG.error("The NSX backend does not support router firewall")
            raise self.driver_exception(driver=self.driver_name)

-    def get_backend_router_and_fw_section(self, context, router_id):
-        # find the backend router id in the DB
-        nsx_router_id = nsx_db.get_nsx_router_id(context.session, router_id)
-        if nsx_router_id is None:
-            LOG.error("Didn't find nsx router for router %s", router_id)
-            raise self.driver_exception(driver=self.driver_name)
-
-        # get the FW section id of the backend router
-        try:
-            section_id = self.nsx_router.get_firewall_section_id(
-                nsx_router_id)
-        except Exception as e:
-            LOG.error("Failed to find router firewall section for router "
-                      "%(id)s: %(e)s", {'id': router_id, 'e': e})
-            raise self.driver_exception(driver=self.driver_name)
-        if section_id is None:
-            LOG.error("Failed to find router firewall section for router "
-                      "%(id)s.", {'id': router_id})
-            raise self.driver_exception(driver=self.driver_name)
-
-        return nsx_router_id, section_id
-
    def get_default_backend_rule(self, section_id, allow_all=True):
        # Add default allow all rule
        old_default_rule = self.nsx_firewall.get_default_rule(
--- a/vmware_nsx/services/fwaas/nsx_v3/fwaas_callbacks_v1.py
+++ b/vmware_nsx/services/fwaas/nsx_v3/fwaas_callbacks_v1.py
@ -23,7 +23,7 @@ LOG = logging.getLogger(__name__)
 class Nsxv3FwaasCallbacksV1(com_clbcks.NsxFwaasCallbacks):
    """NSX-V3 RPC callbacks for Firewall As A Service - V1."""

-    def __init__(self, nsxlib):
+    def __init__(self):
        super(Nsxv3FwaasCallbacksV1, self).__init__()

    def should_apply_firewall_to_router(self, context, router_id):
@ -47,15 +47,12 @@ class Nsxv3FwaasCallbacksV1(com_clbcks.NsxFwaasCallbacks):
        return True

    def update_router_firewall(self, context, nsxlib, router_id,
-                               router_interfaces):
+                               router_interfaces, nsx_router_id, section_id):
        """Rewrite all the FWaaS v1 rules in the router edge firewall

        This method should be called on FWaaS updates, and on router
        interfaces changes.
        """
-        # find the backend router and its firewall section
-        nsx_id, sect_id = self.fwaas_driver.get_backend_router_and_fw_section(
-            context, router_id)
        fw_rules = []
        fw_id = None
        if self.should_apply_firewall_to_router(context, router_id):
@ -74,14 +71,14 @@ class Nsxv3FwaasCallbacksV1(com_clbcks.NsxFwaasCallbacks):

            # Add the default drop all rule
            fw_rules.append(self.fwaas_driver.get_default_backend_rule(
-                sect_id, allow_all=False))
+                section_id, allow_all=False))
        else:
            # default allow all rule
            fw_rules.append(self.fwaas_driver.get_default_backend_rule(
-                sect_id, allow_all=True))
+                section_id, allow_all=True))

        # update the backend
-        nsxlib.firewall_section.update(sect_id, rules=fw_rules)
+        nsxlib.firewall_section.update(section_id, rules=fw_rules)

        # Also update the router tags
-        self.fwaas_driver.update_nsx_router_tags(nsx_id, fw_id=fw_id)
+        self.fwaas_driver.update_nsx_router_tags(nsx_router_id, fw_id=fw_id)
--- a/vmware_nsx/services/fwaas/nsx_v3/fwaas_callbacks_v2.py
+++ b/vmware_nsx/services/fwaas/nsx_v3/fwaas_callbacks_v2.py
@ -25,7 +25,7 @@ LOG = logging.getLogger(__name__)
 class Nsxv3FwaasCallbacksV2(com_callbacks.NsxFwaasCallbacksV2):
    """NSX-V3 RPC callbacks for Firewall As A Service - V2."""

-    def __init__(self, nsxlib):
+    def __init__(self):
        super(Nsxv3FwaasCallbacksV2, self).__init__()

    def should_apply_firewall_to_router(self, context, router_id):
@ -53,16 +53,12 @@ class Nsxv3FwaasCallbacksV2(com_callbacks.NsxFwaasCallbacksV2):
                                                           plugin_rules)

    def update_router_firewall(self, context, nsxlib, router_id,
-                               router_interfaces):
+                               router_interfaces, nsx_router_id, section_id):
        """Rewrite all the FWaaS v2 rules in the router edge firewall

        This method should be called on FWaaS updates, and on router
        interfaces changes.
        """
-        # find the backend router and its firewall section
-        nsx_id, sect_id = self.fwaas_driver.get_backend_router_and_fw_section(
-            context, router_id)
-
        fw_rules = []
        # Add firewall rules per port attached to a firewall group
        for port in router_interfaces:
@ -84,7 +80,7 @@ class Nsxv3FwaasCallbacksV2(com_callbacks.NsxFwaasCallbacksV2):

        # add a default allow-all rule to all other traffic & ports
        fw_rules.append(self.fwaas_driver.get_default_backend_rule(
-            sect_id, allow_all=True))
+            section_id, allow_all=True))

        # update the backend router firewall
-        nsxlib.firewall_section.update(sect_id, rules=fw_rules)
+        nsxlib.firewall_section.update(section_id, rules=fw_rules)
--- a/vmware_nsx/shell/admin/plugins/nsxv3/resources/utils.py
+++ b/vmware_nsx/shell/admin/plugins/nsxv3/resources/utils.py
@ -119,7 +119,7 @@ class NsxV3PluginWrapper(plugin.NsxV3Plugin):
        fwaas_plugin_class = manager.NeutronManager.load_class_for_provider(
            'neutron.service_plugins', provider)
        fwaas_plugin = fwaas_plugin_class()
-        self.fwaas_callbacks = callbacks_class(self.nsxlib)
+        self.fwaas_callbacks = callbacks_class()
        # override the fwplugin_rpc since there is no RPC support in adminutils
        self.fwaas_callbacks.fwplugin_rpc = plugin_callbacks(fwaas_plugin)

--- a/vmware_nsx/tests/unit/nsx_v3/test_fwaas_v1_driver.py
+++ b/vmware_nsx/tests/unit/nsx_v3/test_fwaas_v1_driver.py
@ -62,7 +62,7 @@ class Nsxv3FwaasTestCase(test_v3_plugin.NsxV3PluginTestCaseMixin):

        self.plugin = directory.get_plugin()
        self.plugin.fwaas_callbacks = fwaas_callbacks_v1.\
-            Nsxv3FwaasCallbacksV1(self.plugin.nsxlib)
+            Nsxv3FwaasCallbacksV1()
        self.plugin.fwaas_callbacks.fwaas_enabled = True
        self.plugin.fwaas_callbacks.fwaas_driver = self.firewall
        self.plugin.init_is_complete = True
--- a/vmware_nsx/tests/unit/nsx_v3/test_fwaas_v2_driver.py
+++ b/vmware_nsx/tests/unit/nsx_v3/test_fwaas_v2_driver.py
@ -62,7 +62,7 @@ class Nsxv3FwaasTestCase(test_v3_plugin.NsxV3PluginTestCaseMixin):

        self.plugin = directory.get_plugin()
        self.plugin.fwaas_callbacks = fwaas_callbacks_v2.\
-            Nsxv3FwaasCallbacksV2(self.plugin.nsxlib)
+            Nsxv3FwaasCallbacksV2()
        self.plugin.fwaas_callbacks.fwaas_enabled = True
        self.plugin.fwaas_callbacks.fwaas_driver = self.firewall
        self.plugin.init_is_complete = True