Merge "remove some db method access from nsxlib code"
This commit is contained in:
commit
fd1edd264a
@ -349,3 +349,20 @@ def get_port_mirror_session_mapping(session, tf_id):
|
|||||||
def delete_port_mirror_session_mapping(session, tf_id):
|
def delete_port_mirror_session_mapping(session, tf_id):
|
||||||
return (session.query(nsx_models.NsxPortMirrorSessionMapping).
|
return (session.query(nsx_models.NsxPortMirrorSessionMapping).
|
||||||
filter_by(tap_flow_id=tf_id).delete())
|
filter_by(tap_flow_id=tf_id).delete())
|
||||||
|
|
||||||
|
|
||||||
|
def save_sg_mappings(session, sg_id, nsgroup_id, section_id):
|
||||||
|
with session.begin(subtransactions=True):
|
||||||
|
session.add(
|
||||||
|
nsx_models.NeutronNsxFirewallSectionMapping(neutron_id=sg_id,
|
||||||
|
nsx_id=section_id))
|
||||||
|
session.add(
|
||||||
|
nsx_models.NeutronNsxSecurityGroupMapping(neutron_id=sg_id,
|
||||||
|
nsx_id=nsgroup_id))
|
||||||
|
|
||||||
|
|
||||||
|
def get_sg_rule_mapping(session, rule_id):
|
||||||
|
rule_mapping = session.query(
|
||||||
|
nsx_models.NeutronNsxRuleMapping).filter_by(
|
||||||
|
neutron_id=rule_id).one()
|
||||||
|
return rule_mapping.nsx_id
|
||||||
|
@ -184,6 +184,7 @@ class Security(object):
|
|||||||
# for usability purposes.
|
# for usability purposes.
|
||||||
return '%(name)s - %(id)s' % security_group
|
return '%(name)s - %(id)s' % security_group
|
||||||
|
|
||||||
|
# XXX remove db calls from nsxlib
|
||||||
def save_sg_rule_mappings(self, session, firewall_rules):
|
def save_sg_rule_mappings(self, session, firewall_rules):
|
||||||
# REVISIT(roeyc): This method should take care db access only.
|
# REVISIT(roeyc): This method should take care db access only.
|
||||||
rules = [(rule['display_name'], rule['id']) for rule in firewall_rules]
|
rules = [(rule['display_name'], rule['id']) for rule in firewall_rules]
|
||||||
@ -194,23 +195,6 @@ class Security(object):
|
|||||||
session.add(mapping)
|
session.add(mapping)
|
||||||
return mapping
|
return mapping
|
||||||
|
|
||||||
# XXX db calls should not be here...
|
|
||||||
def save_sg_mappings(self, session, sg_id, nsgroup_id, section_id):
|
|
||||||
with session.begin(subtransactions=True):
|
|
||||||
session.add(
|
|
||||||
nsx_models.NeutronNsxFirewallSectionMapping(neutron_id=sg_id,
|
|
||||||
nsx_id=section_id))
|
|
||||||
session.add(
|
|
||||||
nsx_models.NeutronNsxSecurityGroupMapping(neutron_id=sg_id,
|
|
||||||
nsx_id=nsgroup_id))
|
|
||||||
|
|
||||||
# XXX db calls should not be here...
|
|
||||||
def get_sg_rule_mapping(self, session, rule_id):
|
|
||||||
rule_mapping = session.query(
|
|
||||||
nsx_models.NeutronNsxRuleMapping).filter_by(
|
|
||||||
neutron_id=rule_id).one()
|
|
||||||
return rule_mapping.nsx_id
|
|
||||||
|
|
||||||
# XXX db calls should not be here...
|
# XXX db calls should not be here...
|
||||||
def get_sg_mappings(self, session, sg_id):
|
def get_sg_mappings(self, session, sg_id):
|
||||||
nsgroup_mapping = session.query(
|
nsgroup_mapping = session.query(
|
||||||
|
@ -2766,7 +2766,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
|
|||||||
super(NsxV3Plugin, self).create_security_group(
|
super(NsxV3Plugin, self).create_security_group(
|
||||||
context, security_group, default_sg))
|
context, security_group, default_sg))
|
||||||
|
|
||||||
self.nsxlib.save_sg_mappings(context.session,
|
nsx_db.save_sg_mappings(context.session,
|
||||||
secgroup_db['id'],
|
secgroup_db['id'],
|
||||||
ns_group['id'],
|
ns_group['id'],
|
||||||
firewall_section['id'])
|
firewall_section['id'])
|
||||||
@ -2910,6 +2910,6 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
|
|||||||
rule_db = self._get_security_group_rule(context, id)
|
rule_db = self._get_security_group_rule(context, id)
|
||||||
sg_id = rule_db['security_group_id']
|
sg_id = rule_db['security_group_id']
|
||||||
_, section_id = self.nsxlib.get_sg_mappings(context.session, sg_id)
|
_, section_id = self.nsxlib.get_sg_mappings(context.session, sg_id)
|
||||||
fw_rule_id = self.nsxlib.get_sg_rule_mapping(context.session, id)
|
fw_rule_id = nsx_db.get_sg_rule_mapping(context.session, id)
|
||||||
self.nsxlib.delete_rule(section_id, fw_rule_id)
|
self.nsxlib.delete_rule(section_id, fw_rule_id)
|
||||||
super(NsxV3Plugin, self).delete_security_group_rule(context, id)
|
super(NsxV3Plugin, self).delete_security_group_rule(context, id)
|
||||||
|
@ -210,7 +210,7 @@ def fix_security_groups(resource, event, trigger, **kwargs):
|
|||||||
neutron_sg.delete_security_group_backend_mapping(sg_id)
|
neutron_sg.delete_security_group_backend_mapping(sg_id)
|
||||||
nsgroup, fw_section = (
|
nsgroup, fw_section = (
|
||||||
plugin._create_security_group_backend_resources(secgroup))
|
plugin._create_security_group_backend_resources(secgroup))
|
||||||
nsxlib.save_sg_mappings(
|
nsx_db.save_sg_mappings(
|
||||||
context_.session, sg_id, nsgroup['id'], fw_section['id'])
|
context_.session, sg_id, nsgroup['id'], fw_section['id'])
|
||||||
# If version > 1.1 then we use dynamic criteria tags, and the port
|
# If version > 1.1 then we use dynamic criteria tags, and the port
|
||||||
# should already have them.
|
# should already have them.
|
||||||
|
Loading…
Reference in New Issue
Block a user