vmware-nsx/vmware_nsx/db/extended_security_group_rule.py
Gary Kotton 01d33ffa65 Integration with new neutron code
1. Use new enginefacade + l3_db breakage
Use reader and writer for db operations.
Partially-Implements blueprint: enginefacade-switch

2. Fix the callback pass for _prevent_l3_port_delete_callback
which was changed in commit Ia8ac4f510c003667cac95f76dea0e9ae55159878

3. QoS driver integration
Commit I5f747635be3fd66b70326d9f94c85a6736286bd2 removes the qos
notification driver.
Fixing the nsx-v and nsx-v3 to work only with the regular driver

4. _get_extra_routes_dict_by_router_id was removed by
Ia815d6c597730bd5cb49455e7409ca747a4cc22c

5. Floating IP association without subnet gateway IP
not supported by our plugins.
Added in commit If212c36d918ed57400a53f4b5fa1925b3d1fa6fd

Co-Authored-by: Adit Sarfaty <asarfaty@vmware.com>
Change-Id: I277ec5c38c5895337011019f71d586b254bfafde
2017-04-18 18:56:05 +03:00

93 lines
3.6 KiB
Python

# Copyright 2016 VMware, Inc.
# All Rights Reserved
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from neutron_lib.db import model_base
import sqlalchemy as sa
from sqlalchemy import orm
from neutron.db import api as db_api
from neutron.db import db_base_plugin_v2
from neutron.db.models import securitygroup
from neutron.extensions import securitygroup as ext_sg
from neutron_lib.api import validators
from neutron_lib import exceptions as nexception
from vmware_nsx._i18n import _
from vmware_nsx.extensions import secgroup_rule_local_ip_prefix as ext_local_ip
class NotIngressRule(nexception.BadRequest):
message = _("Specifying local_ip_prefix is supported "
"with ingress rules only.")
class NsxExtendedSecurityGroupRuleProperties(model_base.BASEV2):
"""Persist security group rule properties for the
extended-security-group-rule extension.
"""
__tablename__ = 'nsx_extended_security_group_rule_properties'
rule_id = sa.Column(sa.String(36),
sa.ForeignKey('securitygrouprules.id',
ondelete='CASCADE'),
primary_key=True,
nullable=False)
local_ip_prefix = sa.Column(sa.String(255), nullable=False)
rule = orm.relationship(
securitygroup.SecurityGroupRule,
backref=orm.backref('ext_properties', lazy='joined',
uselist=False, cascade='delete'))
class ExtendedSecurityGroupRuleMixin(object):
def _check_local_ip_prefix(self, context, rule):
rule_specify_local_ip_prefix = validators.is_attr_set(
rule.get(ext_local_ip.LOCAL_IP_PREFIX))
if rule_specify_local_ip_prefix and rule['direction'] != 'ingress':
raise NotIngressRule()
if not rule_specify_local_ip_prefix:
# remove ATTR_NOT_SPECIFIED
rule[ext_local_ip.LOCAL_IP_PREFIX] = None
return rule_specify_local_ip_prefix
def _process_security_group_rule_properties(self, context,
rule_res, rule_req):
rule_res[ext_local_ip.LOCAL_IP_PREFIX] = None
if not validators.is_attr_set(
rule_req.get(ext_local_ip.LOCAL_IP_PREFIX)):
return
with db_api.context_manager.writer.using(context):
properties = NsxExtendedSecurityGroupRuleProperties(
rule_id=rule_res['id'],
local_ip_prefix=rule_req[ext_local_ip.LOCAL_IP_PREFIX])
context.session.add(properties)
rule_res[ext_local_ip.LOCAL_IP_PREFIX] = (
rule_req[ext_local_ip.LOCAL_IP_PREFIX])
db_base_plugin_v2.NeutronDbPluginV2.register_dict_extend_funcs(
ext_sg.SECURITYGROUPRULES, ['_extend_security_group_rule_with_params'])
def _extend_security_group_rule_with_params(self, sg_rule_res, sg_rule_db):
if sg_rule_db.ext_properties:
sg_rule_res[ext_local_ip.LOCAL_IP_PREFIX] = (
sg_rule_db.ext_properties.local_ip_prefix)
else:
sg_rule_res[ext_local_ip.LOCAL_IP_PREFIX] = None