dec28f6d2b
In Rocky we are going to start working on decoupling neutron db. This will be a long effort, so from a vmware-nsx POV we can hopefully pick away at it as we go. This patch changes to use of class references to fully qulified class names when defining ORM relationships. This allows us to remove a few of the neutron db related imports in vmware-nsx. Change-Id: I1df4cb3eec59488a5b35fac9f943bbfdbb44df63
92 lines
3.5 KiB
Python
92 lines
3.5 KiB
Python
# Copyright 2016 VMware, Inc.
|
|
# All Rights Reserved
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from neutron_lib.db import model_base
|
|
import sqlalchemy as sa
|
|
from sqlalchemy import orm
|
|
|
|
from neutron.db import _resource_extend as resource_extend
|
|
from neutron.db import api as db_api
|
|
from neutron.extensions import securitygroup as ext_sg
|
|
from neutron_lib.api import validators
|
|
from neutron_lib import exceptions as nexception
|
|
from vmware_nsx._i18n import _
|
|
from vmware_nsx.extensions import secgroup_rule_local_ip_prefix as ext_local_ip
|
|
|
|
|
|
class NotIngressRule(nexception.BadRequest):
|
|
message = _("Specifying local_ip_prefix is supported "
|
|
"with ingress rules only.")
|
|
|
|
|
|
class NsxExtendedSecurityGroupRuleProperties(model_base.BASEV2):
|
|
"""Persist security group rule properties for the
|
|
extended-security-group-rule extension.
|
|
"""
|
|
|
|
__tablename__ = 'nsx_extended_security_group_rule_properties'
|
|
|
|
rule_id = sa.Column(sa.String(36),
|
|
sa.ForeignKey('securitygrouprules.id',
|
|
ondelete='CASCADE'),
|
|
primary_key=True,
|
|
nullable=False)
|
|
local_ip_prefix = sa.Column(sa.String(255), nullable=False)
|
|
|
|
rule = orm.relationship(
|
|
'neutron.db.models.securitygroup.SecurityGroupRule',
|
|
backref=orm.backref('ext_properties', lazy='joined',
|
|
uselist=False, cascade='delete'))
|
|
|
|
|
|
@resource_extend.has_resource_extenders
|
|
class ExtendedSecurityGroupRuleMixin(object):
|
|
|
|
def _check_local_ip_prefix(self, context, rule):
|
|
rule_specify_local_ip_prefix = validators.is_attr_set(
|
|
rule.get(ext_local_ip.LOCAL_IP_PREFIX))
|
|
|
|
if rule_specify_local_ip_prefix and rule['direction'] != 'ingress':
|
|
raise NotIngressRule()
|
|
|
|
if not rule_specify_local_ip_prefix:
|
|
# remove ATTR_NOT_SPECIFIED
|
|
rule[ext_local_ip.LOCAL_IP_PREFIX] = None
|
|
return rule_specify_local_ip_prefix
|
|
|
|
def _process_security_group_rule_properties(self, context,
|
|
rule_res, rule_req):
|
|
rule_res[ext_local_ip.LOCAL_IP_PREFIX] = None
|
|
if not validators.is_attr_set(
|
|
rule_req.get(ext_local_ip.LOCAL_IP_PREFIX)):
|
|
return
|
|
|
|
with db_api.context_manager.writer.using(context):
|
|
properties = NsxExtendedSecurityGroupRuleProperties(
|
|
rule_id=rule_res['id'],
|
|
local_ip_prefix=rule_req[ext_local_ip.LOCAL_IP_PREFIX])
|
|
context.session.add(properties)
|
|
rule_res[ext_local_ip.LOCAL_IP_PREFIX] = (
|
|
rule_req[ext_local_ip.LOCAL_IP_PREFIX])
|
|
|
|
@staticmethod
|
|
@resource_extend.extends([ext_sg.SECURITYGROUPRULES])
|
|
def _extend_security_group_rule_with_params(sg_rule_res, sg_rule_db):
|
|
if sg_rule_db.ext_properties:
|
|
sg_rule_res[ext_local_ip.LOCAL_IP_PREFIX] = (
|
|
sg_rule_db.ext_properties.local_ip_prefix)
|
|
else:
|
|
sg_rule_res[ext_local_ip.LOCAL_IP_PREFIX] = None
|