x/vmware-nsx
Code Issues Proposed changes

Merge "remove some db method access from nsxlib code"

Browse Source
This commit is contained in:
Jenkins 2016-08-23 20:03:18 +00:00 committed by Gerrit Code Review
commit fd1edd264a
4 changed files with 24 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
vmware_nsx/db/db.py
View File

@ -349,3 +349,20 @@ def get_port_mirror_session_mapping(session, tf_id):
def delete_port_mirror_session_mapping(session, tf_id):
return (session.query(nsx_models.NsxPortMirrorSessionMapping).
filter_by(tap_flow_id=tf_id).delete())
def save_sg_mappings(session, sg_id, nsgroup_id, section_id):
with session.begin(subtransactions=True):
session.add(
nsx_models.NeutronNsxFirewallSectionMapping(neutron_id=sg_id,
nsx_id=section_id))
session.add(
nsx_models.NeutronNsxSecurityGroupMapping(neutron_id=sg_id,
nsx_id=nsgroup_id))
def get_sg_rule_mapping(session, rule_id):
rule_mapping = session.query(
nsx_models.NeutronNsxRuleMapping).filter_by(
neutron_id=rule_id).one()
return rule_mapping.nsx_id

18
vmware_nsx/nsxlib/v3/security.py
View File

@ -184,6 +184,7 @@ class Security(object):
# for usability purposes.
return '%(name)s - %(id)s' % security_group
# XXX remove db calls from nsxlib
def save_sg_rule_mappings(self, session, firewall_rules):
# REVISIT(roeyc): This method should take care db access only.
rules = [(rule['display_name'], rule['id']) for rule in firewall_rules]
@ -194,23 +195,6 @@ class Security(object):
session.add(mapping)
return mapping
# XXX db calls should not be here...
def save_sg_mappings(self, session, sg_id, nsgroup_id, section_id):
with session.begin(subtransactions=True):
session.add(
nsx_models.NeutronNsxFirewallSectionMapping(neutron_id=sg_id,
nsx_id=section_id))
session.add(
nsx_models.NeutronNsxSecurityGroupMapping(neutron_id=sg_id,
nsx_id=nsgroup_id))
# XXX db calls should not be here...
def get_sg_rule_mapping(self, session, rule_id):
rule_mapping = session.query(
nsx_models.NeutronNsxRuleMapping).filter_by(
neutron_id=rule_id).one()
return rule_mapping.nsx_id
# XXX db calls should not be here...
def get_sg_mappings(self, session, sg_id):
nsgroup_mapping = session.query(

10
vmware_nsx/plugins/nsx_v3/plugin.py
View File

@ -2766,10 +2766,10 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
super(NsxV3Plugin, self).create_security_group(
context, security_group, default_sg))
self.nsxlib.save_sg_mappings(context.session,
secgroup_db['id'],
ns_group['id'],
firewall_section['id'])
nsx_db.save_sg_mappings(context.session,
secgroup_db['id'],
ns_group['id'],
firewall_section['id'])
self._process_security_group_properties_create(context,
secgroup_db,
@ -2910,6 +2910,6 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
rule_db = self._get_security_group_rule(context, id)
sg_id = rule_db['security_group_id']
_, section_id = self.nsxlib.get_sg_mappings(context.session, sg_id)
fw_rule_id = self.nsxlib.get_sg_rule_mapping(context.session, id)
fw_rule_id = nsx_db.get_sg_rule_mapping(context.session, id)
self.nsxlib.delete_rule(section_id, fw_rule_id)
super(NsxV3Plugin, self).delete_security_group_rule(context, id)

2
vmware_nsx/shell/admin/plugins/nsxv3/resources/securitygroups.py
View File

@ -210,7 +210,7 @@ def fix_security_groups(resource, event, trigger, **kwargs):
neutron_sg.delete_security_group_backend_mapping(sg_id)
nsgroup, fw_section = (
plugin._create_security_group_backend_resources(secgroup))
nsxlib.save_sg_mappings(
nsx_db.save_sg_mappings(
context_.session, sg_id, nsgroup['id'], fw_section['id'])
# If version > 1.1 then we use dynamic criteria tags, and the port
# should already have them.