From bec12b05b77569dbd7c6258eb26afc4097f3cb75 Mon Sep 17 00:00:00 2001 From: Aaron Rosen Date: Mon, 22 Aug 2016 10:26:18 -0700 Subject: [PATCH] remove some db method access from nsxlib code These were some low hanging fruit. The calls get_sg_mappings() and save_sg_rule_mappings() still need to be pulled out though this will require a larger refactor. Change-Id: Ibd7eab37f602859a02cdbf358405ed29daaee3a5 --- vmware_nsx/db/db.py | 17 +++++++++++++++++ vmware_nsx/nsxlib/v3/security.py | 18 +----------------- vmware_nsx/plugins/nsx_v3/plugin.py | 10 +++++----- .../plugins/nsxv3/resources/securitygroups.py | 2 +- 4 files changed, 24 insertions(+), 23 deletions(-) diff --git a/vmware_nsx/db/db.py b/vmware_nsx/db/db.py index 192e4ac21f..3ac9b53009 100644 --- a/vmware_nsx/db/db.py +++ b/vmware_nsx/db/db.py @@ -349,3 +349,20 @@ def get_port_mirror_session_mapping(session, tf_id): def delete_port_mirror_session_mapping(session, tf_id): return (session.query(nsx_models.NsxPortMirrorSessionMapping). filter_by(tap_flow_id=tf_id).delete()) + + +def save_sg_mappings(session, sg_id, nsgroup_id, section_id): + with session.begin(subtransactions=True): + session.add( + nsx_models.NeutronNsxFirewallSectionMapping(neutron_id=sg_id, + nsx_id=section_id)) + session.add( + nsx_models.NeutronNsxSecurityGroupMapping(neutron_id=sg_id, + nsx_id=nsgroup_id)) + + +def get_sg_rule_mapping(session, rule_id): + rule_mapping = session.query( + nsx_models.NeutronNsxRuleMapping).filter_by( + neutron_id=rule_id).one() + return rule_mapping.nsx_id diff --git a/vmware_nsx/nsxlib/v3/security.py b/vmware_nsx/nsxlib/v3/security.py index 848f1c8793..3f38db3b58 100644 --- a/vmware_nsx/nsxlib/v3/security.py +++ b/vmware_nsx/nsxlib/v3/security.py @@ -184,6 +184,7 @@ class Security(object): # for usability purposes. return '%(name)s - %(id)s' % security_group + # XXX remove db calls from nsxlib def save_sg_rule_mappings(self, session, firewall_rules): # REVISIT(roeyc): This method should take care db access only. rules = [(rule['display_name'], rule['id']) for rule in firewall_rules] @@ -194,23 +195,6 @@ class Security(object): session.add(mapping) return mapping - # XXX db calls should not be here... - def save_sg_mappings(self, session, sg_id, nsgroup_id, section_id): - with session.begin(subtransactions=True): - session.add( - nsx_models.NeutronNsxFirewallSectionMapping(neutron_id=sg_id, - nsx_id=section_id)) - session.add( - nsx_models.NeutronNsxSecurityGroupMapping(neutron_id=sg_id, - nsx_id=nsgroup_id)) - - # XXX db calls should not be here... - def get_sg_rule_mapping(self, session, rule_id): - rule_mapping = session.query( - nsx_models.NeutronNsxRuleMapping).filter_by( - neutron_id=rule_id).one() - return rule_mapping.nsx_id - # XXX db calls should not be here... def get_sg_mappings(self, session, sg_id): nsgroup_mapping = session.query( diff --git a/vmware_nsx/plugins/nsx_v3/plugin.py b/vmware_nsx/plugins/nsx_v3/plugin.py index 8c02553d6c..da6809c616 100644 --- a/vmware_nsx/plugins/nsx_v3/plugin.py +++ b/vmware_nsx/plugins/nsx_v3/plugin.py @@ -2776,10 +2776,10 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin, super(NsxV3Plugin, self).create_security_group( context, security_group, default_sg)) - self.nsxlib.save_sg_mappings(context.session, - secgroup_db['id'], - ns_group['id'], - firewall_section['id']) + nsx_db.save_sg_mappings(context.session, + secgroup_db['id'], + ns_group['id'], + firewall_section['id']) self._process_security_group_properties_create(context, secgroup_db, @@ -2920,6 +2920,6 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin, rule_db = self._get_security_group_rule(context, id) sg_id = rule_db['security_group_id'] _, section_id = self.nsxlib.get_sg_mappings(context.session, sg_id) - fw_rule_id = self.nsxlib.get_sg_rule_mapping(context.session, id) + fw_rule_id = nsx_db.get_sg_rule_mapping(context.session, id) self.nsxlib.delete_rule(section_id, fw_rule_id) super(NsxV3Plugin, self).delete_security_group_rule(context, id) diff --git a/vmware_nsx/shell/admin/plugins/nsxv3/resources/securitygroups.py b/vmware_nsx/shell/admin/plugins/nsxv3/resources/securitygroups.py index fe0a215cd9..609847dab0 100644 --- a/vmware_nsx/shell/admin/plugins/nsxv3/resources/securitygroups.py +++ b/vmware_nsx/shell/admin/plugins/nsxv3/resources/securitygroups.py @@ -210,7 +210,7 @@ def fix_security_groups(resource, event, trigger, **kwargs): neutron_sg.delete_security_group_backend_mapping(sg_id) nsgroup, fw_section = ( plugin._create_security_group_backend_resources(secgroup)) - nsxlib.save_sg_mappings( + nsx_db.save_sg_mappings( context_.session, sg_id, nsgroup['id'], fw_section['id']) # If version > 1.1 then we use dynamic criteria tags, and the port # should already have them.