476b3b924b
When getting floating ips by port id, we should ignore the requesting tenant since this is called via nova with a service tenant. Change-Id: I557a9bb7071481e15c8be064a14cad583140991f
945 lines
42 KiB
Python
945 lines
42 KiB
Python
# Copyright 2014 VMware, Inc.
|
|
# All Rights Reserved
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from neutron_lib.api.definitions import network as net_def
|
|
from neutron_lib.api.definitions import port as port_def
|
|
from neutron_lib.api.definitions import subnet as subnet_def
|
|
from neutron_lib.callbacks import events
|
|
from neutron_lib.callbacks import registry
|
|
from neutron_lib.callbacks import resources
|
|
from neutron_lib import context as n_context
|
|
from neutron_lib.plugins import constants as plugin_constants
|
|
from neutron_lib.plugins import directory
|
|
from oslo_config import cfg
|
|
from oslo_log import log as logging
|
|
from oslo_utils import excutils
|
|
from oslo_utils import uuidutils
|
|
|
|
from neutron.db import _resource_extend as resource_extend
|
|
from neutron.db import _utils as db_utils
|
|
from neutron.db import agents_db
|
|
from neutron.db import agentschedulers_db
|
|
from neutron.db import allowedaddresspairs_db as addr_pair_db
|
|
from neutron.db import api as db_api
|
|
from neutron.db.availability_zone import router as router_az_db
|
|
from neutron.db import external_net_db
|
|
from neutron.db import extradhcpopt_db
|
|
from neutron.db import extraroute_db
|
|
from neutron.db import l3_db
|
|
from neutron.db import l3_gwmode_db
|
|
from neutron.db.models import l3 as l3_db_models
|
|
from neutron.db.models import securitygroup as securitygroup_model # noqa
|
|
from neutron.db import models_v2
|
|
from neutron.db import portsecurity_db
|
|
from neutron.db import quota_db # noqa
|
|
from neutron.db import securitygroups_db
|
|
from neutron.quota import resource_registry
|
|
from neutron_lib.api import validators
|
|
from neutron_lib import exceptions as n_exc
|
|
|
|
from vmware_nsx.common import availability_zones as nsx_com_az
|
|
from vmware_nsx.common import config
|
|
from vmware_nsx.common import exceptions as nsx_exc
|
|
from vmware_nsx.common import managers as nsx_managers
|
|
from vmware_nsx.db import (
|
|
routertype as rt_rtr)
|
|
from vmware_nsx.db import db as nsx_db
|
|
from vmware_nsx.db import nsx_portbindings_db as pbin_db
|
|
from vmware_nsx.extensions import advancedserviceproviders as as_providers
|
|
from vmware_nsx.extensions import projectpluginmap
|
|
from vmware_nsx.plugins.common import plugin as nsx_plugin_common
|
|
from vmware_nsx.plugins.dvs import plugin as dvs
|
|
from vmware_nsx.plugins.nsx_v import plugin as v
|
|
from vmware_nsx.plugins.nsx_v3 import plugin as t
|
|
from vmware_nsx.services.lbaas.nsx import lb_driver_v2
|
|
|
|
LOG = logging.getLogger(__name__)
|
|
TVD_PLUGIN_TYPE = "Nsx-TVD"
|
|
|
|
|
|
@resource_extend.has_resource_extenders
|
|
class NsxTVDPlugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
|
|
addr_pair_db.AllowedAddressPairsMixin,
|
|
agents_db.AgentDbMixin,
|
|
nsx_plugin_common.NsxPluginBase,
|
|
rt_rtr.RouterType_mixin,
|
|
external_net_db.External_net_db_mixin,
|
|
extraroute_db.ExtraRoute_db_mixin,
|
|
extradhcpopt_db.ExtraDhcpOptMixin,
|
|
router_az_db.RouterAvailabilityZoneMixin,
|
|
l3_gwmode_db.L3_NAT_db_mixin,
|
|
pbin_db.NsxPortBindingMixin,
|
|
portsecurity_db.PortSecurityDbMixin,
|
|
securitygroups_db.SecurityGroupDbMixin,
|
|
nsx_com_az.NSXAvailabilityZonesPluginCommon,
|
|
projectpluginmap.ProjectPluginMapPluginBase):
|
|
|
|
supported_extension_aliases = ['project-plugin-map']
|
|
|
|
__native_bulk_support = True
|
|
__native_pagination_support = True
|
|
__native_sorting_support = True
|
|
|
|
@resource_registry.tracked_resources(
|
|
network=models_v2.Network,
|
|
port=models_v2.Port,
|
|
subnet=models_v2.Subnet,
|
|
subnetpool=models_v2.SubnetPool,
|
|
security_group=securitygroup_model.SecurityGroup,
|
|
security_group_rule=securitygroup_model.SecurityGroupRule,
|
|
router=l3_db_models.Router,
|
|
floatingip=l3_db_models.FloatingIP)
|
|
def __init__(self):
|
|
self._extension_manager = nsx_managers.ExtensionManager()
|
|
LOG.info("Start NSX TVD Plugin")
|
|
# Validate configuration
|
|
config.validate_nsx_config_options()
|
|
super(NsxTVDPlugin, self).__init__()
|
|
|
|
# init the different supported plugins
|
|
self.init_plugins()
|
|
|
|
# init the extensions supported by any of the plugins
|
|
self.init_extensions()
|
|
self.lbv2_driver = lb_driver_v2.EdgeLoadbalancerDriverV2()
|
|
|
|
self._unsubscribe_callback_events()
|
|
|
|
@staticmethod
|
|
def plugin_type():
|
|
return TVD_PLUGIN_TYPE
|
|
|
|
@staticmethod
|
|
def is_tvd_plugin():
|
|
return True
|
|
|
|
def _init_plugin(self, map_type, plugin_class):
|
|
try:
|
|
self.plugins[map_type] = plugin_class()
|
|
except Exception as e:
|
|
LOG.warning("%s plugin will not be supported: %s",
|
|
map_type.upper(), e)
|
|
if map_type == self.default_plugin:
|
|
msg = (_("The default plugin %(def)s failed to start. "
|
|
"Reason: %(reason)s") % {'def': self.default_plugin,
|
|
'reason': e})
|
|
LOG.error(msg)
|
|
raise nsx_exc.NsxPluginException(err_msg=msg)
|
|
else:
|
|
LOG.info("%s plugin will be supported", map_type.upper())
|
|
|
|
def init_plugins(self):
|
|
# initialize all supported plugins
|
|
self.plugins = {}
|
|
self.as_providers = {}
|
|
# update the default plugin for new projects
|
|
self.default_plugin = cfg.CONF.nsx_tvd.default_plugin
|
|
plugins = [(projectpluginmap.NsxPlugins.NSX_T, t.NsxV3Plugin),
|
|
(projectpluginmap.NsxPlugins.NSX_V, v.NsxVPluginV2),
|
|
(projectpluginmap.NsxPlugins.DVS, dvs.NsxDvsV2)]
|
|
for (map_type, plugin_class) in plugins:
|
|
self._init_plugin(map_type, plugin_class)
|
|
if not len(self.plugins):
|
|
msg = _("No active plugins were found")
|
|
raise nsx_exc.NsxPluginException(err_msg=msg)
|
|
|
|
for k, val in self.plugins.items():
|
|
if "advanced-service-providers" in val.supported_extension_aliases:
|
|
self.as_providers[k] = val
|
|
LOG.info("NSX-TVD plugin will use %s as the default plugin",
|
|
self.default_plugin)
|
|
|
|
# validate the availability zones configuration
|
|
self.init_availability_zones()
|
|
|
|
def get_plugin_by_type(self, plugin_type):
|
|
return self.plugins.get(plugin_type)
|
|
|
|
def init_extensions(self):
|
|
# Support all the extensions supported by any of the plugins
|
|
extensions = []
|
|
for plugin in self.plugins:
|
|
extensions.extend(self.plugins[plugin].supported_extension_aliases)
|
|
self.supported_extension_aliases.extend(list(set(extensions)))
|
|
|
|
# mark extensions which are supported by only one of the plugins
|
|
self._unsupported_fields = {}
|
|
for plugin in self.plugins:
|
|
# TODO(asarfaty): add other resources here
|
|
plugin_type = self.plugins[plugin].plugin_type()
|
|
self._unsupported_fields[plugin_type] = {'router': [],
|
|
'port': [],
|
|
'security_group': []}
|
|
|
|
# router size and type are supported only by the V plugin
|
|
if plugin_type in [t.NsxV3Plugin.plugin_type(),
|
|
dvs.NsxDvsV2.plugin_type()]:
|
|
self._unsupported_fields[plugin_type]['router'] = [
|
|
'router_size', 'router_type']
|
|
|
|
# port mac learning, and provider sg are not supported by
|
|
# the dvs plugin
|
|
if plugin_type in [dvs.NsxDvsV2.plugin_type()]:
|
|
self._unsupported_fields[plugin_type]['port'] = [
|
|
'mac_learning_enabled', 'provider_security_groups']
|
|
|
|
# security group policy can be supported only by nsx-v
|
|
if plugin_type in [t.NsxV3Plugin.plugin_type(),
|
|
dvs.NsxDvsV2.plugin_type()]:
|
|
self._unsupported_fields[plugin_type]['security_group'] = [
|
|
'policy']
|
|
|
|
def init_availability_zones(self):
|
|
# Make sure there are no overlaps between v/t availability zones
|
|
if (self.plugins.get(projectpluginmap.NsxPlugins.NSX_V) and
|
|
self.plugins.get(projectpluginmap.NsxPlugins.NSX_T) and
|
|
bool(set(cfg.CONF.nsxv.availability_zones) &
|
|
set(cfg.CONF.nsx_v3.availability_zones))):
|
|
msg = _("Cannot use the same availability zones in NSX-V and T")
|
|
raise nsx_exc.NsxPluginException(err_msg=msg)
|
|
|
|
def _unsubscribe_callback_events(self):
|
|
# unsubscribe the callback that should be called on all plugins
|
|
# other that NSX-T.
|
|
registry.unsubscribe_all(
|
|
l3_db.L3_NAT_dbonly_mixin._prevent_l3_port_delete_callback)
|
|
|
|
# Instead we will subscribe our internal callback.
|
|
registry.subscribe(self._prevent_l3_port_delete_callback,
|
|
resources.PORT, events.BEFORE_DELETE)
|
|
|
|
@staticmethod
|
|
def _prevent_l3_port_delete_callback(resource, event, trigger, **kwargs):
|
|
"""Register a callback to replace the default one
|
|
|
|
This callback will prevent port deleting only if the port plugin
|
|
is not NSX-T (in NSX-T plugin it was already handled)
|
|
"""
|
|
context = kwargs['context']
|
|
port_id = kwargs['port_id']
|
|
port_check = kwargs['port_check']
|
|
l3plugin = directory.get_plugin(plugin_constants.L3)
|
|
if l3plugin and port_check:
|
|
# if not nsx-t - call super code
|
|
core_plugin = directory.get_plugin()
|
|
db_port = core_plugin._get_port(context, port_id)
|
|
p = core_plugin._get_plugin_from_net_id(
|
|
context, db_port['network_id'])
|
|
if p.plugin_type() != projectpluginmap.NsxPlugins.NSX_T:
|
|
l3plugin.prevent_l3_port_deletion(context, port_id)
|
|
|
|
def _validate_obj_extensions(self, data, plugin_type, obj_type):
|
|
"""prevent configuration of unsupported extensions"""
|
|
for field in self._unsupported_fields[plugin_type][obj_type]:
|
|
if validators.is_attr_set(data.get(field)):
|
|
err_msg = (_('Can not support %(field)s extension for '
|
|
'%(obj_type)s %(p)s plugin') % {
|
|
'field': field,
|
|
'obj_type': obj_type,
|
|
'p': plugin_type})
|
|
raise n_exc.InvalidInput(error_message=err_msg)
|
|
|
|
def _cleanup_obj_fields(self, data, plugin_type, obj_type):
|
|
"""Remove data of unsupported extensions"""
|
|
for field in self._unsupported_fields[plugin_type][obj_type]:
|
|
if field in data:
|
|
del data[field]
|
|
|
|
def _list_availability_zones(self, context, filters=None):
|
|
p = self._get_plugin_for_request(context, filters)
|
|
if p:
|
|
return p._list_availability_zones(context, filters=filters)
|
|
return []
|
|
|
|
def validate_availability_zones(self, context, resource_type,
|
|
availability_zones):
|
|
p = self._get_plugin_from_project(context, context.project_id)
|
|
return p.validate_availability_zones(context, resource_type,
|
|
availability_zones)
|
|
|
|
def _get_plugin_from_net_id(self, context, net_id):
|
|
# get the network using the super plugin - here we use the
|
|
# _get_network (so as not to call the make dict method)
|
|
network = self._get_network(context, net_id)
|
|
return self._get_plugin_from_project(context, network['tenant_id'])
|
|
|
|
def get_network_availability_zones(self, net_db):
|
|
ctx = n_context.get_admin_context()
|
|
p = self._get_plugin_from_project(ctx, net_db['tenant_id'])
|
|
return p.get_network_availability_zones(net_db)
|
|
|
|
def create_network(self, context, network):
|
|
net_data = network['network']
|
|
tenant_id = net_data['tenant_id']
|
|
self._ensure_default_security_group(context, tenant_id)
|
|
p = self._get_plugin_from_project(context, tenant_id)
|
|
return p.create_network(context, network)
|
|
|
|
@db_api.retry_if_session_inactive()
|
|
def create_network_bulk(self, context, networks):
|
|
#Implement create bulk so that the plugin calculation will be done once
|
|
objects = []
|
|
items = networks['networks']
|
|
|
|
# look at the first network to find out the project & plugin
|
|
net_data = items[0]['network']
|
|
tenant_id = net_data['tenant_id']
|
|
self._ensure_default_security_group(context, tenant_id)
|
|
p = self._get_plugin_from_project(context, tenant_id)
|
|
|
|
# create all networks one by one
|
|
try:
|
|
with db_api.context_manager.writer.using(context):
|
|
for item in items:
|
|
objects.append(p.create_network(context, item))
|
|
except Exception:
|
|
with excutils.save_and_reraise_exception():
|
|
LOG.error("An exception occurred while creating "
|
|
"the networks:%(item)s",
|
|
{'item': item})
|
|
return objects
|
|
|
|
def delete_network(self, context, id):
|
|
p = self._get_plugin_from_net_id(context, id)
|
|
p.delete_network(context, id)
|
|
|
|
def get_network(self, context, id, fields=None):
|
|
p = self._get_plugin_from_net_id(context, id)
|
|
return p.get_network(context, id, fields=fields)
|
|
|
|
def _get_plugin_for_request(self, context, filters, keys=None):
|
|
project_id = context.project_id
|
|
if filters:
|
|
if filters.get('tenant_id'):
|
|
project_id = filters.get('tenant_id')
|
|
elif filters.get('project_id'):
|
|
project_id = filters.get('project_id')
|
|
else:
|
|
# we have specific filters on the request. If those are
|
|
# specific enough, we should not filter by project
|
|
if filters.get('id'):
|
|
return
|
|
if keys:
|
|
for key in keys:
|
|
if filters.get(key):
|
|
return
|
|
# If there are multiple tenants/projects being requested then
|
|
# we will not filter according to the plugin
|
|
if isinstance(project_id, list):
|
|
return
|
|
return self._get_plugin_from_project(context, project_id)
|
|
|
|
def get_networks(self, context, filters=None, fields=None,
|
|
sorts=None, limit=None, marker=None,
|
|
page_reverse=False):
|
|
# Read project plugin to filter relevant projects according to
|
|
# plugin
|
|
req_p = self._get_plugin_for_request(context, filters,
|
|
keys=['shared'])
|
|
filters = filters or {}
|
|
with db_api.context_manager.reader.using(context):
|
|
networks = (
|
|
super(NsxTVDPlugin, self).get_networks(
|
|
context, filters, fields, sorts,
|
|
limit, marker, page_reverse))
|
|
for net in networks[:]:
|
|
p = self._get_plugin_from_project(context, net['tenant_id'])
|
|
if p == req_p or req_p is None:
|
|
p._extend_get_network_dict_provider(context, net)
|
|
else:
|
|
networks.remove(net)
|
|
return (networks if not fields else
|
|
[db_utils.resource_fields(network,
|
|
fields) for network in networks])
|
|
|
|
def update_network(self, context, id, network):
|
|
p = self._get_plugin_from_net_id(context, id)
|
|
return p.update_network(context, id, network)
|
|
|
|
def create_port(self, context, port):
|
|
net_id = port['port']['network_id']
|
|
p = self._get_plugin_from_net_id(context, net_id)
|
|
self._validate_obj_extensions(
|
|
port['port'], p.plugin_type(), 'port')
|
|
new_port = p.create_port(context, port)
|
|
self._cleanup_obj_fields(
|
|
new_port, p.plugin_type(), 'port')
|
|
return new_port
|
|
|
|
def update_port(self, context, id, port):
|
|
db_port = self._get_port(context, id)
|
|
p = self._get_plugin_from_net_id(context, db_port['network_id'])
|
|
self._validate_obj_extensions(
|
|
port['port'], p.plugin_type(), 'port')
|
|
return p.update_port(context, id, port)
|
|
|
|
def delete_port(self, context, id, **kwargs):
|
|
db_port = self._get_port(context, id)
|
|
p = self._get_plugin_from_net_id(context, db_port['network_id'])
|
|
p.delete_port(context, id, **kwargs)
|
|
|
|
def get_port(self, context, id, fields=None):
|
|
db_port = self._get_port(context, id)
|
|
p = self._get_plugin_from_net_id(context, db_port['network_id'])
|
|
port = p.get_port(context, id, fields=fields)
|
|
self._cleanup_obj_fields(
|
|
port, p.plugin_type(), 'port')
|
|
return port
|
|
|
|
def get_ports(self, context, filters=None, fields=None,
|
|
sorts=None, limit=None, marker=None,
|
|
page_reverse=False):
|
|
# Read project plugin to filter relevant projects according to
|
|
# plugin
|
|
req_p = self._get_plugin_for_request(context, filters,
|
|
keys=['device_id'])
|
|
filters = filters or {}
|
|
with db_api.context_manager.reader.using(context):
|
|
ports = (
|
|
super(NsxTVDPlugin, self).get_ports(
|
|
context, filters, fields, sorts,
|
|
limit, marker, page_reverse))
|
|
# Add port extensions
|
|
for port in ports[:]:
|
|
port_model = None
|
|
if 'id' in port:
|
|
port_model = self._get_port(context, port['id'])
|
|
resource_extend.apply_funcs('ports', port, port_model)
|
|
p = self._get_plugin_from_net_id(context, port['network_id'])
|
|
if p == req_p or req_p is None:
|
|
if hasattr(p, '_extend_get_port_dict_qos_and_binding'):
|
|
p._extend_get_port_dict_qos_and_binding(context, port)
|
|
else:
|
|
if not port_model:
|
|
port_model = port
|
|
p._extend_port_dict_binding(port, port_model)
|
|
if hasattr(p,
|
|
'_remove_provider_security_groups_from_list'):
|
|
p._remove_provider_security_groups_from_list(port)
|
|
self._cleanup_obj_fields(
|
|
port, p.plugin_type(), 'port')
|
|
else:
|
|
ports.remove(port)
|
|
return (ports if not fields else
|
|
[db_utils.resource_fields(port, fields) for port in ports])
|
|
|
|
def _get_subnet_plugin_by_id(self, context, subnet_id):
|
|
db_subnet = self._get_subnet(context, subnet_id)
|
|
return self._get_plugin_from_net_id(context, db_subnet['network_id'])
|
|
|
|
def get_subnet(self, context, id, fields=None):
|
|
p = self._get_subnet_plugin_by_id(context, id)
|
|
return p.get_subnet(context, id, fields=fields)
|
|
|
|
def get_subnets(self, context, filters=None, fields=None, sorts=None,
|
|
limit=None, marker=None, page_reverse=False):
|
|
# Check if we need to invoke metadata search. Here we are unable to
|
|
# filter according to projects as this is from the nova api service
|
|
# so we invoke on all plugins that support this extension
|
|
if ((fields and as_providers.ADV_SERVICE_PROVIDERS in fields)
|
|
or (filters and filters.get(as_providers.ADV_SERVICE_PROVIDERS))):
|
|
for plugin in self.as_providers.values():
|
|
subnets = plugin.get_subnets(context, filters=filters,
|
|
fields=fields, sorts=sorts,
|
|
limit=limit, marker=marker,
|
|
page_reverse=page_reverse)
|
|
if subnets:
|
|
return subnets
|
|
return []
|
|
else:
|
|
# Read project plugin to filter relevant projects according to
|
|
# plugin
|
|
req_p = self._get_plugin_for_request(context, filters)
|
|
filters = filters or {}
|
|
subnets = super(NsxTVDPlugin, self).get_subnets(
|
|
context, filters=filters, fields=fields, sorts=sorts,
|
|
limit=limit, marker=marker, page_reverse=page_reverse)
|
|
for subnet in subnets[:]:
|
|
p = self._get_plugin_from_project(context, subnet['tenant_id'])
|
|
if req_p and p != req_p:
|
|
subnets.remove(subnet)
|
|
return subnets
|
|
|
|
def delete_subnet(self, context, id):
|
|
p = self._get_subnet_plugin_by_id(context, id)
|
|
p.delete_subnet(context, id)
|
|
|
|
def _get_subnet_plugin(self, context, subnet_data):
|
|
# get the plugin of the associated network
|
|
net_id = subnet_data['network_id']
|
|
net_plugin = self._get_plugin_from_net_id(context, net_id)
|
|
# make sure it matches the plugin of the current tenant
|
|
tenant_id = subnet_data['tenant_id']
|
|
tenant_plugin = self._get_plugin_from_project(context, tenant_id)
|
|
if tenant_plugin.plugin_type() != net_plugin.plugin_type():
|
|
err_msg = (_('Subnet should belong to the %s plugin '
|
|
'as the network') % net_plugin.plugin_type())
|
|
raise n_exc.InvalidInput(error_message=err_msg)
|
|
return net_plugin
|
|
|
|
def create_subnet(self, context, subnet):
|
|
p = self._get_subnet_plugin(context, subnet['subnet'])
|
|
return p.create_subnet(context, subnet)
|
|
|
|
def create_subnet_bulk(self, context, subnets):
|
|
# look at the first subnet to find out the project & plugin
|
|
items = subnets['subnets']
|
|
p = self._get_subnet_plugin(context, items[0]['subnet'])
|
|
return p.create_subnet_bulk(context, subnets)
|
|
|
|
def update_subnet(self, context, id, subnet):
|
|
p = self._get_subnet_plugin_by_id(context, id)
|
|
return p.update_subnet(context, id, subnet)
|
|
|
|
def get_router_availability_zones(self, router):
|
|
ctx = n_context.get_admin_context()
|
|
p = self._get_plugin_from_project(ctx, router['tenant_id'])
|
|
return p.get_router_availability_zones(router)
|
|
|
|
def _validate_router_gw_plugin(self, context, router_plugin,
|
|
gw_info):
|
|
if gw_info and gw_info.get('network_id'):
|
|
net_plugin = self._get_plugin_from_net_id(
|
|
context, gw_info['network_id'])
|
|
if net_plugin.plugin_type() != router_plugin.plugin_type():
|
|
err_msg = (_('Router gateway should belong to the %s plugin '
|
|
'as the router') % router_plugin.plugin_type())
|
|
raise n_exc.InvalidInput(error_message=err_msg)
|
|
|
|
def _validate_router_interface_plugin(self, context, router_plugin,
|
|
interface_info):
|
|
is_port, is_sub = self._validate_interface_info(interface_info)
|
|
if is_port:
|
|
net_id = self._get_port(
|
|
context, interface_info['port_id'])['network_id']
|
|
elif is_sub:
|
|
net_id = self._get_subnet(
|
|
context, interface_info['subnet_id'])['network_id']
|
|
net_plugin = self._get_plugin_from_net_id(context, net_id)
|
|
if net_plugin.plugin_type() != router_plugin.plugin_type():
|
|
err_msg = (_('Router interface should belong to the %s plugin '
|
|
'as the router') % router_plugin.plugin_type())
|
|
raise n_exc.InvalidInput(error_message=err_msg)
|
|
|
|
def _get_plugin_from_router_id(self, context, router_id):
|
|
# get the router using the super plugin - here we use the
|
|
# _get_router (so as not to call the make dict method)
|
|
router = self._get_router(context, router_id)
|
|
return self._get_plugin_from_project(context, router['tenant_id'])
|
|
|
|
def create_router(self, context, router):
|
|
tenant_id = router['router']['tenant_id']
|
|
self._ensure_default_security_group(context, tenant_id)
|
|
p = self._get_plugin_from_project(context, tenant_id)
|
|
self._validate_router_gw_plugin(context, p, router['router'].get(
|
|
'external_gateway_info'))
|
|
self._validate_obj_extensions(
|
|
router['router'], p.plugin_type(), 'router')
|
|
new_router = p.create_router(context, router)
|
|
self._cleanup_obj_fields(
|
|
new_router, p.plugin_type(), 'router')
|
|
return new_router
|
|
|
|
def update_router(self, context, router_id, router):
|
|
p = self._get_plugin_from_router_id(context, router_id)
|
|
self._validate_router_gw_plugin(context, p, router['router'].get(
|
|
'external_gateway_info'))
|
|
self._validate_obj_extensions(
|
|
router['router'], p.plugin_type(), 'router')
|
|
return p.update_router(context, router_id, router)
|
|
|
|
def get_router(self, context, id, fields=None):
|
|
p = self._get_plugin_from_router_id(context, id)
|
|
router = p.get_router(context, id, fields=fields)
|
|
self._cleanup_obj_fields(router, p.plugin_type(), 'router')
|
|
return router
|
|
|
|
def delete_router(self, context, id):
|
|
p = self._get_plugin_from_router_id(context, id)
|
|
p.delete_router(context, id)
|
|
|
|
def add_router_interface(self, context, router_id, interface_info):
|
|
p = self._get_plugin_from_router_id(context, router_id)
|
|
self._validate_router_interface_plugin(context, p, interface_info)
|
|
return p.add_router_interface(context, router_id, interface_info)
|
|
|
|
def remove_router_interface(self, context, router_id, interface_info):
|
|
p = self._get_plugin_from_router_id(context, router_id)
|
|
return p.remove_router_interface(context, router_id, interface_info)
|
|
|
|
def _validate_fip_router_plugin(self, context, fip_plugin, fip_data):
|
|
if 'router_id' in fip_data:
|
|
router_plugin = self._get_plugin_from_router_id(
|
|
context, fip_data['router_id'])
|
|
if router_plugin.plugin_type() != fip_plugin.plugin_type():
|
|
err_msg = (_('Floatingip router should belong to the %s '
|
|
'plugin as the floatingip') %
|
|
fip_plugin.plugin_type())
|
|
raise n_exc.InvalidInput(error_message=err_msg)
|
|
|
|
def get_routers(self, context, filters=None, fields=None,
|
|
sorts=None, limit=None, marker=None,
|
|
page_reverse=False):
|
|
# Read project plugin to filter relevant projects according to
|
|
# plugin
|
|
req_p = self._get_plugin_for_request(context, filters)
|
|
routers = super(NsxTVDPlugin, self).get_routers(
|
|
context, filters=filters, fields=fields, sorts=sorts,
|
|
limit=limit, marker=marker, page_reverse=page_reverse)
|
|
for router in routers[:]:
|
|
p = self._get_plugin_from_project(context, router['tenant_id'])
|
|
if req_p and p != req_p:
|
|
routers.remove(router)
|
|
return routers
|
|
|
|
def create_floatingip(self, context, floatingip):
|
|
net_id = floatingip['floatingip']['floating_network_id']
|
|
p = self._get_plugin_from_net_id(context, net_id)
|
|
self._validate_fip_router_plugin(context, p, floatingip['floatingip'])
|
|
return p.create_floatingip(context, floatingip)
|
|
|
|
def update_floatingip(self, context, id, floatingip):
|
|
fip = self._get_floatingip(context, id)
|
|
net_id = fip['floating_network_id']
|
|
p = self._get_plugin_from_net_id(context, net_id)
|
|
self._validate_fip_router_plugin(context, p, floatingip['floatingip'])
|
|
return p.update_floatingip(context, id, floatingip)
|
|
|
|
def delete_floatingip(self, context, id):
|
|
fip = self._get_floatingip(context, id)
|
|
net_id = fip['floating_network_id']
|
|
p = self._get_plugin_from_net_id(context, net_id)
|
|
return p.delete_floatingip(context, id)
|
|
|
|
def get_floatingip(self, context, id, fields=None):
|
|
fip = self._get_floatingip(context, id)
|
|
net_id = fip['floating_network_id']
|
|
p = self._get_plugin_from_net_id(context, net_id)
|
|
return p.get_floatingip(context, id, fields=fields)
|
|
|
|
def get_floatingips(self, context, filters=None, fields=None,
|
|
sorts=None, limit=None, marker=None,
|
|
page_reverse=False):
|
|
# Read project plugin to filter relevant projects according to
|
|
# plugin
|
|
req_p = self._get_plugin_for_request(context, filters,
|
|
keys=['port_id'])
|
|
fips = super(NsxTVDPlugin, self).get_floatingips(
|
|
context, filters=filters, fields=fields, sorts=sorts,
|
|
limit=limit, marker=marker, page_reverse=page_reverse)
|
|
for fip in fips[:]:
|
|
p = self._get_plugin_from_project(context,
|
|
fip['tenant_id'])
|
|
if req_p and p != req_p:
|
|
fips.remove(fip)
|
|
return fips
|
|
|
|
def disassociate_floatingips(self, context, port_id):
|
|
db_port = self._get_port(context, port_id)
|
|
p = self._get_plugin_from_net_id(context, db_port['network_id'])
|
|
return p.disassociate_floatingips(context, port_id)
|
|
|
|
def _get_plugin_from_sg_id(self, context, sg_id):
|
|
sg = self._get_security_group(context, sg_id)
|
|
return self._get_plugin_from_project(context, sg['tenant_id'])
|
|
|
|
def create_security_group(self, context, security_group,
|
|
default_sg=False):
|
|
if not default_sg:
|
|
secgroup = security_group['security_group']
|
|
tenant_id = secgroup['tenant_id']
|
|
self._ensure_default_security_group(context, tenant_id)
|
|
|
|
p = self._get_plugin_from_project(context, context.project_id)
|
|
self._validate_obj_extensions(
|
|
security_group['security_group'], p.plugin_type(),
|
|
'security_group')
|
|
|
|
new_sg = p.create_security_group(context, security_group,
|
|
default_sg=default_sg)
|
|
self._cleanup_obj_fields(
|
|
new_sg, p.plugin_type(), 'security_group')
|
|
return new_sg
|
|
|
|
def delete_security_group(self, context, id):
|
|
p = self._get_plugin_from_sg_id(context, id)
|
|
p.delete_security_group(context, id)
|
|
|
|
def update_security_group(self, context, id, security_group):
|
|
p = self._get_plugin_from_sg_id(context, id)
|
|
self._validate_obj_extensions(
|
|
security_group['security_group'], p.plugin_type(),
|
|
'security_group')
|
|
return p.update_security_group(context, id, security_group)
|
|
|
|
def get_security_group(self, context, id, fields=None):
|
|
p = self._get_plugin_from_sg_id(context, id)
|
|
sg = p.get_security_group(context, id, fields=fields)
|
|
self._cleanup_obj_fields(
|
|
sg, p.plugin_type(), 'security_group')
|
|
return sg
|
|
|
|
def get_security_groups(self, context, filters=None, fields=None,
|
|
sorts=None, limit=None,
|
|
marker=None, page_reverse=False, default_sg=False):
|
|
# Read project plugin to filter relevant projects according to
|
|
# plugin
|
|
req_p = self._get_plugin_for_request(context, filters)
|
|
sgs = super(NsxTVDPlugin, self).get_security_groups(
|
|
context, filters=filters, fields=fields, sorts=sorts,
|
|
limit=limit, marker=marker, page_reverse=page_reverse,
|
|
default_sg=default_sg)
|
|
for sg in sgs[:]:
|
|
p = self._get_plugin_from_project(context, sg['tenant_id'])
|
|
if req_p and p != req_p:
|
|
sgs.remove(sg)
|
|
return sgs
|
|
|
|
def create_security_group_rule_bulk(self, context, security_group_rules):
|
|
p = self._get_plugin_from_project(context, context.project_id)
|
|
return p.create_security_group_rule_bulk(context,
|
|
security_group_rules)
|
|
|
|
def create_security_group_rule(self, context, security_group_rule):
|
|
p = self._get_plugin_from_project(context, context.project_id)
|
|
return p.create_security_group_rule(context, security_group_rule)
|
|
|
|
def delete_security_group_rule(self, context, id):
|
|
rule_db = self._get_security_group_rule(context, id)
|
|
sg_id = rule_db['security_group_id']
|
|
p = self._get_plugin_from_sg_id(context, sg_id)
|
|
p.delete_security_group_rule(context, id)
|
|
|
|
def get_security_group_rules(self, context, filters=None, fields=None,
|
|
sorts=None, limit=None, marker=None,
|
|
page_reverse=False):
|
|
# Read project plugin to filter relevant projects according to
|
|
# plugin
|
|
req_p = self._get_plugin_for_request(context, filters)
|
|
rules = super(NsxTVDPlugin, self).get_security_group_rules(
|
|
context, filters=filters, fields=fields, sorts=sorts,
|
|
limit=limit, marker=marker, page_reverse=page_reverse)
|
|
for rule in rules[:]:
|
|
p = self._get_plugin_from_project(context, rule['tenant_id'])
|
|
if req_p and p != req_p:
|
|
rules.remove(rule)
|
|
return rules
|
|
|
|
@staticmethod
|
|
@resource_extend.extends([net_def.COLLECTION_NAME])
|
|
def _ext_extend_network_dict(result, netdb):
|
|
ctx = n_context.get_admin_context()
|
|
# get the core plugin as this is a static method with no 'self'
|
|
plugin = directory.get_plugin()
|
|
p = plugin._get_plugin_from_project(ctx, netdb['tenant_id'])
|
|
with db_api.context_manager.writer.using(ctx):
|
|
p._extension_manager.extend_network_dict(
|
|
ctx.session, netdb, result)
|
|
|
|
@staticmethod
|
|
@resource_extend.extends([port_def.COLLECTION_NAME])
|
|
def _ext_extend_port_dict(result, portdb):
|
|
ctx = n_context.get_admin_context()
|
|
# get the core plugin as this is a static method with no 'self'
|
|
plugin = directory.get_plugin()
|
|
p = plugin._get_plugin_from_project(ctx, portdb['tenant_id'])
|
|
with db_api.context_manager.writer.using(ctx):
|
|
p._extension_manager.extend_port_dict(
|
|
ctx.session, portdb, result)
|
|
|
|
@staticmethod
|
|
@resource_extend.extends([subnet_def.COLLECTION_NAME])
|
|
def _ext_extend_subnet_dict(result, subnetdb):
|
|
ctx = n_context.get_admin_context()
|
|
# get the core plugin as this is a static method with no 'self'
|
|
plugin = directory.get_plugin()
|
|
p = plugin._get_plugin_from_project(ctx, subnetdb['tenant_id'])
|
|
with db_api.context_manager.writer.using(ctx):
|
|
p._extension_manager.extend_subnet_dict(
|
|
ctx.session, subnetdb, result)
|
|
|
|
def _get_project_plugin_dict(self, data):
|
|
return {'id': data['project'],
|
|
'project': data['project'],
|
|
'plugin': data['plugin'],
|
|
'tenant_id': data['project']}
|
|
|
|
def create_project_plugin_map(self, context, project_plugin_map,
|
|
internal=False):
|
|
data = project_plugin_map['project_plugin_map']
|
|
|
|
# validations:
|
|
# 1. validate it doesn't already exist
|
|
if nsx_db.get_project_plugin_mapping(
|
|
context.session, data['project']):
|
|
raise projectpluginmap.ProjectPluginAlreadyExists(
|
|
project_id=data['project'])
|
|
if not internal:
|
|
# 2. only admin user is allowed
|
|
if not context.is_admin:
|
|
raise projectpluginmap.ProjectPluginAdminOnly()
|
|
# 3. Validate the project id
|
|
# TODO(asarfaty): Validate project id exists in keystone
|
|
if not uuidutils.is_uuid_like(data['project']):
|
|
raise projectpluginmap.ProjectPluginIllegalId(
|
|
project_id=data['project'])
|
|
# 4. Check that plugin is available
|
|
if data['plugin'] not in self.plugins:
|
|
raise projectpluginmap.ProjectPluginNotAvailable(
|
|
plugin=data['plugin'])
|
|
|
|
# Add the entry to the DB and return it
|
|
LOG.info("Adding mapping between project %(project)s and plugin "
|
|
"%(plugin)s", {'project': data['project'],
|
|
'plugin': data['plugin']})
|
|
nsx_db.add_project_plugin_mapping(context.session,
|
|
data['project'],
|
|
data['plugin'])
|
|
return self._get_project_plugin_dict(data)
|
|
|
|
def get_project_plugin_map(self, context, id, fields=None):
|
|
data = nsx_db.get_project_plugin_mapping(context.session, id)
|
|
if data:
|
|
return self._get_project_plugin_dict(data)
|
|
else:
|
|
raise n_exc.ObjectNotFound(id=id)
|
|
|
|
def get_project_plugin_maps(self, context, filters=None, fields=None,
|
|
sorts=None, limit=None, marker=None,
|
|
page_reverse=False):
|
|
# TODO(asarfaty) filter the results
|
|
mappings = nsx_db.get_project_plugin_mappings(context.session)
|
|
return [self._get_project_plugin_dict(data) for data in mappings]
|
|
|
|
def get_plugin_type_from_project(self, context, project_id):
|
|
"""Get the correct plugin type for this project.
|
|
|
|
Look for the project in the DB.
|
|
If not there - add an entry with the default plugin
|
|
"""
|
|
plugin_type = self.default_plugin
|
|
if not project_id:
|
|
# if the project_id is empty - return the default one and do not
|
|
# add to db (used by admin context to get actions)
|
|
return plugin_type
|
|
|
|
mapping = nsx_db.get_project_plugin_mapping(
|
|
context.session, project_id)
|
|
if mapping:
|
|
plugin_type = mapping['plugin']
|
|
else:
|
|
# add a new entry with the default plugin
|
|
try:
|
|
self.create_project_plugin_map(
|
|
context,
|
|
{'project_plugin_map': {'plugin': plugin_type,
|
|
'project': project_id}},
|
|
internal=True)
|
|
except projectpluginmap.ProjectPluginAlreadyExists:
|
|
# Maybe added by another thread
|
|
pass
|
|
if not self.plugins.get(plugin_type):
|
|
msg = (_("Cannot use unsupported plugin %(plugin)s for project "
|
|
"%(project)s") % {'plugin': plugin_type,
|
|
'project': project_id})
|
|
raise nsx_exc.NsxPluginException(err_msg=msg)
|
|
|
|
LOG.debug("Using %s plugin for project %s", plugin_type, project_id)
|
|
return plugin_type
|
|
|
|
def _get_plugin_from_project(self, context, project_id):
|
|
"""Get the correct plugin for this project.
|
|
|
|
Look for the project in the DB.
|
|
If not there - add an entry with the default plugin
|
|
"""
|
|
plugin_type = self.get_plugin_type_from_project(context, project_id)
|
|
return self.plugins[plugin_type]
|
|
|
|
def get_housekeeper(self, context, name, fields=None):
|
|
p = self._get_plugin_from_project(context, context.project_id)
|
|
if hasattr(p, 'housekeeper'):
|
|
return p.housekeeper.get(name)
|
|
msg = _("Housekeeper %s not found") % name
|
|
raise nsx_exc.NsxPluginException(err_msg=msg)
|
|
|
|
def get_housekeepers(self, context, filters=None, fields=None, sorts=None,
|
|
limit=None, marker=None, page_reverse=False):
|
|
p = self._get_plugin_for_request(context, filters)
|
|
if p and hasattr(p, 'housekeeper'):
|
|
return p.housekeeper.list()
|
|
return []
|
|
|
|
def update_housekeeper(self, context, name, housekeeper):
|
|
p = self._get_plugin_from_project(context, context.project_id)
|
|
if hasattr(p, 'housekeeper'):
|
|
p.housekeeper.run(context, name)
|
|
return p.housekeeper.get(name)
|
|
|
|
def get_address_scopes(self, context, filters=None, fields=None,
|
|
sorts=None, limit=None, marker=None,
|
|
page_reverse=False):
|
|
# Read project plugin to filter relevant projects according to
|
|
# plugin
|
|
req_p = self._get_plugin_for_request(context, filters)
|
|
address_scopes = super(NsxTVDPlugin, self).get_address_scopes(
|
|
context, filters=filters, fields=fields, sorts=sorts,
|
|
limit=limit, marker=marker, page_reverse=page_reverse)
|
|
for address_scope in address_scopes[:]:
|
|
p = self._get_plugin_from_project(context,
|
|
address_scope['tenant_id'])
|
|
if req_p and p != req_p:
|
|
address_scopes.remove(address_scope)
|
|
return address_scopes
|
|
|
|
def get_subnetpools(self, context, filters=None, fields=None,
|
|
sorts=None, limit=None, marker=None,
|
|
page_reverse=False):
|
|
# Read project plugin to filter relevant projects according to
|
|
# plugin
|
|
req_p = self._get_plugin_for_request(context, filters)
|
|
pools = super(NsxTVDPlugin, self).get_subnetpools(
|
|
context, filters=filters, fields=fields, sorts=sorts,
|
|
limit=limit, marker=marker, page_reverse=page_reverse)
|
|
for pool in pools[:]:
|
|
p = self._get_plugin_from_project(context,
|
|
pool['tenant_id'])
|
|
if req_p and p != req_p:
|
|
pools.remove(pool)
|
|
return pools
|
|
|
|
def get_nsx_policy(self, context, id, fields=None):
|
|
# Extension supported only by the nsxv plugin
|
|
p = self._get_plugin_from_project(context, context.project_id)
|
|
if p.plugin_type() != v.NsxVPluginV2.plugin_type():
|
|
err_msg = (_('Can not support %(field)s extension for '
|
|
'%(p)s plugin') % {
|
|
'field': 'nsx-policy',
|
|
'p': p.plugin_type()})
|
|
raise n_exc.InvalidInput(error_message=err_msg)
|
|
|
|
return p.get_nsx_policy(context, id, fields=fields)
|
|
|
|
def get_nsx_policies(self, context, filters=None, fields=None,
|
|
sorts=None, limit=None, marker=None,
|
|
page_reverse=False):
|
|
# Extension supported only by the nsxv plugin
|
|
p = self._get_plugin_from_project(context, context.project_id)
|
|
if p.plugin_type() != v.NsxVPluginV2.plugin_type():
|
|
return []
|
|
return p.get_nsx_policies(context, filters=filters, fields=fields,
|
|
sorts=sorts, limit=limit, marker=marker,
|
|
page_reverse=page_reverse)
|