--- /dev/null
+# Copyright 2014 OpenStack Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+"""scrap_nsx_adv_svcs_models
+
+Revision ID: 57086602ca0a
+Revises: 28c0ffb8ebbd
+Create Date: 2014-12-17 22:33:30.465392
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = '57086602ca0a'
+down_revision = '28c0ffb8ebbd'
+
+from alembic import op
+import sqlalchemy as sa
+
+
+def upgrade():
+ op.drop_table('vcns_edge_pool_bindings')
+ op.drop_table('vcns_firewall_rule_bindings')
+ op.drop_table('vcns_edge_monitor_bindings')
+ op.drop_table('vcns_edge_vip_bindings')
+ op.drop_table(u'routerservicetypebindings')
+ op.drop_table(u'servicerouterbindings')
+
+
+def downgrade():
+ op.create_table(
+ 'servicerouterbindings',
+ sa.Column('resource_id', sa.String(length=36), nullable=False),
+ sa.Column('resource_type', sa.String(length=36), nullable=False),
+ sa.Column('router_id', sa.String(length=36), nullable=False),
+ sa.ForeignKeyConstraint(['router_id'], [u'routers.id'],
+ name='servicerouterbindings_ibfk_1'),
+ sa.PrimaryKeyConstraint('resource_id', 'resource_type'))
+ op.create_table(
+ 'routerservicetypebindings',
+ sa.Column('router_id', sa.String(length=36), nullable=False),
+ sa.Column('service_type_id', sa.String(length=36), nullable=False),
+ sa.ForeignKeyConstraint(['router_id'], ['routers.id'],
+ name='routerservicetypebindings_ibfk_1'),
+ sa.PrimaryKeyConstraint(u'router_id'))
+ op.create_table(
+ 'vcns_edge_vip_bindings',
+ sa.Column('vip_id', sa.String(length=36), nullable=False),
+ sa.Column('edge_id', sa.String(length=36), nullable=True),
+ sa.Column('vip_vseid', sa.String(length=36), nullable=True),
+ sa.Column('app_profileid', sa.String(length=36), nullable=True),
+ sa.ForeignKeyConstraint(['vip_id'], ['vips.id'],
+ name='vcns_edge_vip_bindings_ibfk_1'),
+ sa.PrimaryKeyConstraint('vip_id'))
+ op.create_table(
+ 'vcns_edge_monitor_bindings',
+ sa.Column('monitor_id', sa.String(length=36), nullable=False),
+ sa.Column('edge_id', sa.String(length=36), nullable=False),
+ sa.Column('monitor_vseid', sa.String(length=36), nullable=True),
+ sa.ForeignKeyConstraint(['monitor_id'], ['healthmonitors.id'],
+ name='vcns_edge_monitor_bindings_ibfk_1'),
+ sa.PrimaryKeyConstraint('monitor_id', 'edge_id'))
+ op.create_table(
+ 'vcns_firewall_rule_bindings',
+ sa.Column('rule_id', sa.String(length=36), nullable=False),
+ sa.Column('edge_id', sa.String(length=36), nullable=False),
+ sa.Column('rule_vseid', sa.String(length=36), nullable=True),
+ sa.ForeignKeyConstraint(['rule_id'], ['firewall_rules.id'],
+ name='vcns_firewall_rule_bindings_ibfk_1'),
+ sa.PrimaryKeyConstraint('rule_id', u'edge_id'))
+ op.create_table(
+ 'vcns_edge_pool_bindings',
+ sa.Column('pool_id', sa.String(length=36), nullable=False),
+ sa.Column('edge_id', sa.String(length=36), nullable=False),
+ sa.Column('pool_vseid', sa.String(length=36), nullable=True),
+ sa.ForeignKeyConstraint(['pool_id'], ['pools.id'],
+ name='vcns_edge_pool_bindings_ibfk_1'),
+ sa.PrimaryKeyConstraint('pool_id', 'edge_id'))
-28c0ffb8ebbd
\ No newline at end of file
+57086602ca0a
from neutron.db import portbindings_db # noqa
from neutron.db import portsecurity_db # noqa
from neutron.db import quota_db # noqa
-from neutron.db import routedserviceinsertion_db # noqa
-from neutron.db import routerservicetype_db # noqa
from neutron.db import securitygroups_db # noqa
from neutron.db import servicetype_db # noqa
from neutron.plugins.bigswitch.db import consistency_db # noqa
+++ /dev/null
-# Copyright 2013 VMware, Inc. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-import sqlalchemy as sa
-from sqlalchemy import event
-
-from neutron.common import exceptions as qexception
-from neutron.db import model_base
-from neutron.extensions import routedserviceinsertion as rsi
-
-
-class ServiceRouterBinding(model_base.BASEV2):
- resource_id = sa.Column(sa.String(36),
- primary_key=True)
- resource_type = sa.Column(sa.String(36),
- primary_key=True)
- router_id = sa.Column(sa.String(36),
- sa.ForeignKey('routers.id'),
- nullable=False)
-
-
-class AttributeException(qexception.NeutronException):
- message = _("Resource type '%(resource_type)s' is longer "
- "than %(maxlen)d characters")
-
-
-@event.listens_for(ServiceRouterBinding.resource_type, 'set', retval=True)
-def validate_resource_type(target, value, oldvalue, initiator):
- """Make sure the resource type fit the resource_type column."""
- maxlen = ServiceRouterBinding.resource_type.property.columns[0].type.length
- if len(value) > maxlen:
- raise AttributeException(resource_type=value, maxlen=maxlen)
- return value
-
-
-class RoutedServiceInsertionDbMixin(object):
- """Mixin class to add router service insertion."""
-
- def _process_create_resource_router_id(self, context, resource, model):
- with context.session.begin(subtransactions=True):
- db = ServiceRouterBinding(
- resource_id=resource['id'],
- resource_type=model.__tablename__,
- router_id=resource[rsi.ROUTER_ID])
- context.session.add(db)
- return self._make_resource_router_id_dict(db, model)
-
- def _extend_resource_router_id_dict(self, context, resource, model):
- binding = self._get_resource_router_id_binding(
- context, resource['resource_id'], model)
- resource[rsi.ROUTER_ID] = binding['router_id']
-
- def _get_resource_router_id_binding(self, context, model,
- resource_id=None,
- router_id=None):
- query = self._model_query(context, ServiceRouterBinding)
- query = query.filter(
- ServiceRouterBinding.resource_type == model.__tablename__)
- if resource_id:
- query = query.filter(
- ServiceRouterBinding.resource_id == resource_id)
- if router_id:
- query = query.filter(
- ServiceRouterBinding.router_id == router_id)
- return query.first()
-
- def _get_resource_router_id_bindings(self, context, model,
- resource_ids=None,
- router_ids=None):
- query = self._model_query(context, ServiceRouterBinding)
- query = query.filter(
- ServiceRouterBinding.resource_type == model.__tablename__)
- if resource_ids:
- query = query.filter(
- ServiceRouterBinding.resource_id.in_(resource_ids))
- if router_ids:
- query = query.filter(
- ServiceRouterBinding.router_id.in_(router_ids))
- return query.all()
-
- def _make_resource_router_id_dict(self, resource_router_binding, model,
- fields=None):
- resource = {'resource_id': resource_router_binding['resource_id'],
- 'resource_type': model.__tablename__,
- rsi.ROUTER_ID: resource_router_binding[rsi.ROUTER_ID]}
- return self._fields(resource, fields)
-
- def _delete_resource_router_id_binding(self, context, resource_id, model):
- with context.session.begin(subtransactions=True):
- binding = self._get_resource_router_id_binding(
- context, model, resource_id=resource_id)
- if binding:
- context.session.delete(binding)
+++ /dev/null
-# Copyright 2013 VMware, Inc. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-import sqlalchemy as sa
-
-from neutron.db import model_base
-from neutron.extensions import routerservicetype as rst
-
-
-class RouterServiceTypeBinding(model_base.BASEV2):
- router_id = sa.Column(sa.String(36),
- sa.ForeignKey('routers.id', ondelete="CASCADE"),
- primary_key=True)
- service_type_id = sa.Column(sa.String(36),
- nullable=False)
-
-
-class RouterServiceTypeDbMixin(object):
- """Mixin class to add router service type."""
-
- def _process_create_router_service_type_id(self, context, router):
- with context.session.begin(subtransactions=True):
- db = RouterServiceTypeBinding(
- router_id=router['id'],
- service_type_id=router[rst.SERVICE_TYPE_ID])
- context.session.add(db)
- return self._make_router_service_type_id_dict(db)
-
- def _extend_router_service_type_id_dict(self, context, router):
- rsbind = self._get_router_service_type_id_binding(
- context, router['id'])
- if rsbind:
- router[rst.SERVICE_TYPE_ID] = rsbind['service_type_id']
-
- def _get_router_service_type_id_binding(self, context, router_id):
- query = self._model_query(context, RouterServiceTypeBinding)
- query = query.filter(
- RouterServiceTypeBinding.router_id == router_id)
- return query.first()
-
- def _make_router_service_type_id_dict(self, router_service_type):
- res = {'router_id': router_service_type['router_id'],
- 'service_type_id': router_service_type[rst.SERVICE_TYPE_ID]}
- return self._fields(res, None)
+++ /dev/null
-# Copyright 2013 VMware, Inc. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-
-ROUTER_ID = 'router_id'
-EXTENDED_ATTRIBUTES_2_0 = {
- 'vips': {
- ROUTER_ID: {'allow_post': True, 'allow_put': False,
- 'validate': {'type:uuid_or_none': None},
- 'default': None, 'is_visible': True},
- },
- 'pools': {
- ROUTER_ID: {'allow_post': True, 'allow_put': False,
- 'validate': {'type:uuid_or_none': None},
- 'default': None, 'is_visible': True},
- },
- 'health_monitors': {
- ROUTER_ID: {'allow_post': True, 'allow_put': False,
- 'validate': {'type:uuid_or_none': None},
- 'default': None, 'is_visible': True},
- },
-
- 'firewalls': {
- ROUTER_ID: {'allow_post': True, 'allow_put': False,
- 'validate': {'type:uuid_or_none': None},
- 'default': None, 'is_visible': True},
- }
-}
-
-
-class Routedserviceinsertion(object):
- """Extension class supporting routed service type."""
-
- @classmethod
- def get_name(cls):
- return "Routed Service Insertion"
-
- @classmethod
- def get_alias(cls):
- return "routed-service-insertion"
-
- @classmethod
- def get_description(cls):
- return "Provides routed service type"
-
- @classmethod
- def get_namespace(cls):
- return ""
-
- @classmethod
- def get_updated(cls):
- return "2013-01-29T00:00:00-00:00"
-
- def get_extended_resources(self, version):
- if version == "2.0":
- return EXTENDED_ATTRIBUTES_2_0
- else:
- return {}
message = _("Quota exceeded for Vcns resource: %(overs)s: %(err_msg)s")
-class RouterInUseByLBService(n_exc.InUse):
- message = _("Router %(router_id)s is in use by Loadbalancer Service "
- "%(vip_id)s")
-
-
-class RouterInUseByFWService(n_exc.InUse):
- message = _("Router %(router_id)s is in use by firewall Service "
- "%(firewall_id)s")
-
-
-class VcnsDriverException(NsxPluginException):
- message = _("Error happened in NSX VCNS Driver: %(err_msg)s")
-
-
class ServiceClusterUnavailable(NsxPluginException):
message = _("Service cluster: '%(cluster_id)s' is unavailable. Please, "
"check NSX setup and/or configuration")
+++ /dev/null
-# Copyright 2013 VMware, Inc. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-#
-
-from neutron.db import l3_dvr_db
-from neutron.plugins.vmware.extensions import servicerouter
-
-
-class ServiceRouter_mixin(l3_dvr_db.L3_NAT_with_dvr_db_mixin):
- """Mixin class to enable service router support."""
-
- extra_attributes = (
- l3_dvr_db.L3_NAT_with_dvr_db_mixin.extra_attributes + [{
- 'name': servicerouter.SERVICE_ROUTER,
- 'default': False
- }])
# License for the specific language governing permissions and limitations
# under the License.
-from sqlalchemy.orm import exc
-
from neutron.openstack.common import log as logging
-from neutron.plugins.vmware.common import exceptions as nsx_exc
from neutron.plugins.vmware.dbexts import vcns_models
-from neutron.plugins.vmware.vshield.common import (
- exceptions as vcns_exc)
LOG = logging.getLogger(__name__)
binding = (session.query(vcns_models.VcnsRouterBinding).
filter_by(router_id=router_id).one())
session.delete(binding)
-
-
-#
-# Edge Firewall binding methods
-#
-def add_vcns_edge_firewallrule_binding(session, map_info):
- with session.begin(subtransactions=True):
- binding = vcns_models.VcnsEdgeFirewallRuleBinding(
- rule_id=map_info['rule_id'],
- rule_vseid=map_info['rule_vseid'],
- edge_id=map_info['edge_id'])
- session.add(binding)
- return binding
-
-
-def delete_vcns_edge_firewallrule_binding(session, id, edge_id):
- with session.begin(subtransactions=True):
- if not (session.query(vcns_models.VcnsEdgeFirewallRuleBinding).
- filter_by(rule_id=id, edge_id=edge_id).delete()):
- msg = _("Rule Resource binding with id:%s not found!") % id
- raise nsx_exc.NsxPluginException(err_msg=msg)
-
-
-def get_vcns_edge_firewallrule_binding(session, id, edge_id):
- with session.begin(subtransactions=True):
- return (session.query(vcns_models.VcnsEdgeFirewallRuleBinding).
- filter_by(rule_id=id, edge_id=edge_id).first())
-
-
-def get_vcns_edge_firewallrule_binding_by_vseid(
- session, edge_id, rule_vseid):
- with session.begin(subtransactions=True):
- try:
- return (session.query(vcns_models.VcnsEdgeFirewallRuleBinding).
- filter_by(edge_id=edge_id, rule_vseid=rule_vseid).one())
- except exc.NoResultFound:
- msg = _("Rule Resource binding not found!")
- raise nsx_exc.NsxPluginException(err_msg=msg)
-
-
-def cleanup_vcns_edge_firewallrule_binding(session, edge_id):
- with session.begin(subtransactions=True):
- session.query(
- vcns_models.VcnsEdgeFirewallRuleBinding).filter_by(
- edge_id=edge_id).delete()
-
-
-def add_vcns_edge_vip_binding(session, map_info):
- with session.begin(subtransactions=True):
- binding = vcns_models.VcnsEdgeVipBinding(
- vip_id=map_info['vip_id'],
- edge_id=map_info['edge_id'],
- vip_vseid=map_info['vip_vseid'],
- app_profileid=map_info['app_profileid'])
- session.add(binding)
-
- return binding
-
-
-def get_vcns_edge_vip_binding(session, id):
- with session.begin(subtransactions=True):
- try:
- qry = session.query(vcns_models.VcnsEdgeVipBinding)
- return qry.filter_by(vip_id=id).one()
- except exc.NoResultFound:
- msg = _("VIP Resource binding with id:%s not found!") % id
- LOG.exception(msg)
- raise vcns_exc.VcnsNotFound(
- resource='router_service_binding', msg=msg)
-
-
-def delete_vcns_edge_vip_binding(session, id):
- with session.begin(subtransactions=True):
- qry = session.query(vcns_models.VcnsEdgeVipBinding)
- if not qry.filter_by(vip_id=id).delete():
- msg = _("VIP Resource binding with id:%s not found!") % id
- LOG.exception(msg)
- raise nsx_exc.NsxPluginException(err_msg=msg)
-
-
-def add_vcns_edge_pool_binding(session, map_info):
- with session.begin(subtransactions=True):
- binding = vcns_models.VcnsEdgePoolBinding(
- pool_id=map_info['pool_id'],
- edge_id=map_info['edge_id'],
- pool_vseid=map_info['pool_vseid'])
- session.add(binding)
-
- return binding
-
-
-def get_vcns_edge_pool_binding(session, id, edge_id):
- with session.begin(subtransactions=True):
- return (session.query(vcns_models.VcnsEdgePoolBinding).
- filter_by(pool_id=id, edge_id=edge_id).first())
-
-
-def get_vcns_edge_pool_binding_by_vseid(session, edge_id, pool_vseid):
- with session.begin(subtransactions=True):
- try:
- qry = session.query(vcns_models.VcnsEdgePoolBinding)
- binding = qry.filter_by(edge_id=edge_id,
- pool_vseid=pool_vseid).one()
- except exc.NoResultFound:
- msg = (_("Pool Resource binding with edge_id:%(edge_id)s "
- "pool_vseid:%(pool_vseid)s not found!") %
- {'edge_id': edge_id, 'pool_vseid': pool_vseid})
- LOG.exception(msg)
- raise nsx_exc.NsxPluginException(err_msg=msg)
- return binding
-
-
-def delete_vcns_edge_pool_binding(session, id, edge_id):
- with session.begin(subtransactions=True):
- qry = session.query(vcns_models.VcnsEdgePoolBinding)
- if not qry.filter_by(pool_id=id, edge_id=edge_id).delete():
- msg = _("Pool Resource binding with id:%s not found!") % id
- LOG.exception(msg)
- raise nsx_exc.NsxPluginException(err_msg=msg)
-
-
-def add_vcns_edge_monitor_binding(session, map_info):
- with session.begin(subtransactions=True):
- binding = vcns_models.VcnsEdgeMonitorBinding(
- monitor_id=map_info['monitor_id'],
- edge_id=map_info['edge_id'],
- monitor_vseid=map_info['monitor_vseid'])
- session.add(binding)
-
- return binding
-
-
-def get_vcns_edge_monitor_binding(session, id, edge_id):
- with session.begin(subtransactions=True):
- return (session.query(vcns_models.VcnsEdgeMonitorBinding).
- filter_by(monitor_id=id, edge_id=edge_id).first())
-
-
-def delete_vcns_edge_monitor_binding(session, id, edge_id):
- with session.begin(subtransactions=True):
- qry = session.query(vcns_models.VcnsEdgeMonitorBinding)
- if not qry.filter_by(monitor_id=id, edge_id=edge_id).delete():
- msg = _("Monitor Resource binding with id:%s not found!") % id
- LOG.exception(msg)
- raise nsx_exc.NsxPluginException(err_msg=msg)
nullable=True)
lswitch_id = sa.Column(sa.String(36),
nullable=False)
-
-
-#
-# VCNS Edge FW mapping tables
-#
-class VcnsEdgeFirewallRuleBinding(model_base.BASEV2):
- """1:1 mapping between firewall rule and edge firewall rule_id."""
-
- __tablename__ = 'vcns_firewall_rule_bindings'
-
- rule_id = sa.Column(sa.String(36),
- # TODO(dougw) unbreak this link
- #sa.ForeignKey("firewall_rules.id"),
- primary_key=True)
- edge_id = sa.Column(sa.String(36), primary_key=True)
- rule_vseid = sa.Column(sa.String(36))
-
-
-class VcnsEdgePoolBinding(model_base.BASEV2):
- """Represents the mapping between neutron pool and Edge pool."""
-
- __tablename__ = 'vcns_edge_pool_bindings'
-
- pool_id = sa.Column(sa.String(36),
- # TODO(dougw) unbreak this link
- #sa.ForeignKey("pools.id", ondelete="CASCADE"),
- primary_key=True)
- edge_id = sa.Column(sa.String(36), primary_key=True)
- pool_vseid = sa.Column(sa.String(36))
-
-
-class VcnsEdgeVipBinding(model_base.BASEV2):
- """Represents the mapping between neutron vip and Edge vip."""
-
- __tablename__ = 'vcns_edge_vip_bindings'
-
- vip_id = sa.Column(sa.String(36),
- # TODO(dougw) unbreak this link
- #sa.ForeignKey("vips.id", ondelete="CASCADE"),
- primary_key=True)
- edge_id = sa.Column(sa.String(36))
- vip_vseid = sa.Column(sa.String(36))
- app_profileid = sa.Column(sa.String(36))
-
-
-class VcnsEdgeMonitorBinding(model_base.BASEV2):
- """Represents the mapping between neutron monitor and Edge monitor."""
-
- __tablename__ = 'vcns_edge_monitor_bindings'
-
- monitor_id = sa.Column(sa.String(36),
- # TODO(dougw) unbreak this link
- #sa.ForeignKey("healthmonitors.id",
- # ondelete="CASCADE"),
- primary_key=True)
- edge_id = sa.Column(sa.String(36), primary_key=True)
- monitor_vseid = sa.Column(sa.String(36))
+++ /dev/null
-# Copyright 2013 VMware, Inc. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-#
-
-from neutron.api import extensions
-from neutron.api.v2 import attributes
-
-
-SERVICE_ROUTER = 'service_router'
-EXTENDED_ATTRIBUTES_2_0 = {
- 'routers': {
- SERVICE_ROUTER: {'allow_post': True, 'allow_put': False,
- 'convert_to': attributes.convert_to_boolean,
- 'default': False, 'is_visible': True},
- }
-}
-
-
-class Servicerouter(extensions.ExtensionDescriptor):
- """Extension class supporting advanced service router."""
-
- @classmethod
- def get_name(cls):
- return "Service Router"
-
- @classmethod
- def get_alias(cls):
- return "service-router"
-
- @classmethod
- def get_description(cls):
- return "Provides service router."
-
- @classmethod
- def get_namespace(cls):
- return "http://docs.openstack.org/ext/service-router/api/v1.0"
-
- @classmethod
- def get_updated(cls):
- return "2013-08-08T00:00:00-00:00"
-
- def get_extended_resources(self, version):
- if version == "2.0":
- return EXTENDED_ATTRIBUTES_2_0
- else:
- return {}
#
from neutron.plugins.vmware.plugins import base
-from neutron.plugins.vmware.plugins import service
NsxPlugin = base.NsxPluginV2
-NsxServicePlugin = service.NsxAdvancedPlugin
+++ /dev/null
-# Copyright 2013 VMware, Inc.
-# All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-#
-
-import netaddr
-from oslo.config import cfg
-from oslo.utils import excutils
-
-from neutron.common import constants
-from neutron.common import exceptions as n_exc
-try:
- from neutron_fwaas.db.firewall import firewall_db
-except Exception:
- print("WARNING: missing neutron-fwaas package")
-from neutron.db import l3_db
-try:
- from neutron_lbaas.db.loadbalancer import loadbalancer_db
-except Exception:
- print("WARNING: missing neutron-lbaas package")
-from neutron.db import routedserviceinsertion_db as rsi_db
-try:
- from neutron_vpnaas.db.vpn import vpn_db
-except Exception:
- print("WARNING: missing neutron-vpnaas package")
-from neutron.extensions import firewall as fw_ext
-from neutron.extensions import l3
-from neutron.extensions import routedserviceinsertion as rsi
-from neutron.extensions import vpnaas as vpn_ext
-from neutron.i18n import _LE, _LW
-from neutron.openstack.common import log as logging
-from neutron.plugins.common import constants as service_constants
-from neutron.plugins.vmware.api_client import exception as api_exc
-from neutron.plugins.vmware.common import config # noqa
-from neutron.plugins.vmware.common import exceptions as nsx_exc
-from neutron.plugins.vmware.common import utils
-from neutron.plugins.vmware.dbexts import servicerouter as sr_db
-from neutron.plugins.vmware.dbexts import vcns_db
-from neutron.plugins.vmware.dbexts import vcns_models
-from neutron.plugins.vmware.extensions import servicerouter as sr
-from neutron.plugins.vmware.nsxlib import router as routerlib
-from neutron.plugins.vmware.nsxlib import switch as switchlib
-from neutron.plugins.vmware.plugins import base
-from neutron.plugins.vmware.vshield.common import constants as vcns_const
-from neutron.plugins.vmware.vshield.common import exceptions
-from neutron.plugins.vmware.vshield.tasks import constants as tasks_const
-from neutron.plugins.vmware.vshield import vcns_driver
-from sqlalchemy.orm import exc as sa_exc
-
-LOG = logging.getLogger(__name__)
-
-ROUTER_TYPE_BASIC = 1
-ROUTER_TYPE_ADVANCED = 2
-
-ROUTER_STATUS = [
- service_constants.ACTIVE,
- service_constants.DOWN,
- service_constants.PENDING_CREATE,
- service_constants.PENDING_DELETE,
- service_constants.ERROR
-]
-
-ROUTER_STATUS_LEVEL = {
- service_constants.ACTIVE: vcns_const.RouterStatus.ROUTER_STATUS_ACTIVE,
- service_constants.DOWN: vcns_const.RouterStatus.ROUTER_STATUS_DOWN,
- service_constants.PENDING_CREATE: (
- vcns_const.RouterStatus.ROUTER_STATUS_PENDING_CREATE
- ),
- service_constants.PENDING_DELETE: (
- vcns_const.RouterStatus.ROUTER_STATUS_PENDING_DELETE
- ),
- service_constants.ERROR: vcns_const.RouterStatus.ROUTER_STATUS_ERROR
-}
-
-
-class NsxAdvancedPlugin(sr_db.ServiceRouter_mixin,
- base.NsxPluginV2,
- rsi_db.RoutedServiceInsertionDbMixin,
- firewall_db.Firewall_db_mixin,
- loadbalancer_db.LoadBalancerPluginDb,
- vpn_db.VPNPluginDb
- ):
-
- supported_extension_aliases = (
- base.NsxPluginV2.supported_extension_aliases + [
- "service-router",
- "routed-service-insertion",
- "fwaas",
- "lbaas",
- "vpnaas"
- ])
- # The service plugin cannot currently support pagination
- __native_pagination_support = False
- __native_sorting_support = False
-
- def __init__(self):
- super(NsxAdvancedPlugin, self).__init__()
-
- self._super_create_ext_gw_port = (
- self._port_drivers['create'][l3_db.DEVICE_OWNER_ROUTER_GW])
- self._super_delete_ext_gw_port = (
- self._port_drivers['delete'][l3_db.DEVICE_OWNER_ROUTER_GW])
-
- self._port_drivers['create'][l3_db.DEVICE_OWNER_ROUTER_GW] = (
- self._vcns_create_ext_gw_port)
- self._port_drivers['delete'][l3_db.DEVICE_OWNER_ROUTER_GW] = (
- self._vcns_delete_ext_gw_port)
-
- # cache router type based on router id
- self._router_type = {}
- self.callbacks = VcnsCallbacks(self.safe_reference)
-
- # load the vCNS driver
- self._load_vcns_drivers()
-
- # switchlib's create_lswitch needs to be replaced in order to proxy
- # logical switch create requests to vcns
- self._set_create_lswitch_proxy()
-
- def _set_create_lswitch_proxy(self):
- base.switchlib.create_lswitch = self._proxy_create_lswitch
-
- def _proxy_create_lswitch(self, *args, **kwargs):
- name, tz_config, tags = (
- _process_base_create_lswitch_args(*args, **kwargs)
- )
- return self.vcns_driver.create_lswitch(
- name, tz_config, tags=tags,
- port_isolation=None, replication_mode=None)
-
- def _load_vcns_drivers(self):
- self.vcns_driver = vcns_driver.VcnsDriver(self.callbacks)
-
- def _set_router_type(self, router_id, router_type):
- self._router_type[router_id] = router_type
-
- def _get_router_type(self, context=None, router_id=None, router=None):
- if not router:
- if router_id in self._router_type:
- return self._router_type[router_id]
- router = self._get_router(context, router_id)
-
- LOG.debug("EDGE: router = %s", router)
- if router['extra_attributes']['service_router']:
- router_type = ROUTER_TYPE_ADVANCED
- else:
- router_type = ROUTER_TYPE_BASIC
- self._set_router_type(router['id'], router_type)
- return router_type
-
- def _find_router_type(self, router):
- is_service_router = router.get(sr.SERVICE_ROUTER, False)
- if is_service_router:
- return ROUTER_TYPE_ADVANCED
- else:
- return ROUTER_TYPE_BASIC
-
- def _is_advanced_service_router(self, context=None, router_id=None,
- router=None):
- if router:
- router_type = self._get_router_type(router=router)
- else:
- router_type = self._get_router_type(context, router_id)
- return (router_type == ROUTER_TYPE_ADVANCED)
-
- def _vcns_create_ext_gw_port(self, context, port_data):
- router_id = port_data['device_id']
- if not self._is_advanced_service_router(context, router_id):
- self._super_create_ext_gw_port(context, port_data)
- return
-
- # NOP for Edge because currently the port will be create internally
- # by VSM
- LOG.debug("EDGE: _vcns_create_ext_gw_port")
-
- def _vcns_delete_ext_gw_port(self, context, port_data):
- router_id = port_data['device_id']
- if not self._is_advanced_service_router(context, router_id):
- self._super_delete_ext_gw_port(context, port_data)
- return
-
- # NOP for Edge
- LOG.debug("EDGE: _vcns_delete_ext_gw_port")
-
- def _get_external_attachment_info(self, context, router):
- gw_port = router.gw_port
- ipaddress = None
- netmask = None
- nexthop = None
-
- if gw_port:
- # gw_port may have multiple IPs, only configure the first one
- if gw_port.get('fixed_ips'):
- ipaddress = gw_port['fixed_ips'][0]['ip_address']
-
- network_id = gw_port.get('network_id')
- if network_id:
- ext_net = self._get_network(context, network_id)
- if not ext_net.external:
- msg = (_("Network '%s' is not a valid external "
- "network") % network_id)
- raise n_exc.BadRequest(resource='router', msg=msg)
- if ext_net.subnets:
- ext_subnet = ext_net.subnets[0]
- netmask = str(netaddr.IPNetwork(ext_subnet.cidr).netmask)
- nexthop = ext_subnet.gateway_ip
-
- return (ipaddress, netmask, nexthop)
-
- def _get_external_gateway_address(self, context, router):
- ipaddress, netmask, nexthop = self._get_external_attachment_info(
- context, router)
- return nexthop
-
- def _vcns_update_static_routes(self, context, **kwargs):
- router = kwargs.get('router')
- if router is None:
- router = self._get_router(context, kwargs['router_id'])
-
- edge_id = kwargs.get('edge_id')
- if edge_id is None:
- binding = vcns_db.get_vcns_router_binding(context.session,
- router['id'])
- edge_id = binding['edge_id']
-
- skippable = True
- if 'nexthop' in kwargs:
- nexthop = kwargs['nexthop']
- # The default gateway and vnic config has dependencies, if we
- # explicitly specify nexthop to change, tell the driver not to
- # skip this route update
- skippable = False
- else:
- nexthop = self._get_external_gateway_address(context,
- router)
-
- if 'subnets' in kwargs:
- subnets = kwargs['subnets']
- else:
- subnets = self._find_router_subnets_cidrs(context.elevated(),
- router['id'])
-
- routes = []
- for subnet in subnets:
- routes.append({
- 'cidr': subnet,
- 'nexthop': vcns_const.INTEGRATION_LR_IPADDRESS.split('/')[0]
- })
- self.vcns_driver.update_routes(router['id'], edge_id, nexthop, routes,
- skippable)
-
- def _get_nat_rules(self, context, router):
- fip_qry = context.session.query(l3_db.FloatingIP)
- fip_db = fip_qry.filter_by(router_id=router['id']).all()
-
- dnat = []
- snat = []
- for fip in fip_db:
- if fip.fixed_port_id:
- dnat.append({
- 'dst': fip.floating_ip_address,
- 'translated': fip.fixed_ip_address
- })
-
- gw_port = router.gw_port
- if gw_port and router.enable_snat:
- if gw_port.get('fixed_ips'):
- snat_ip = gw_port['fixed_ips'][0]['ip_address']
- subnets = self._find_router_subnets_cidrs(context.elevated(),
- router['id'])
- for subnet in subnets:
- snat.append({
- 'src': subnet,
- 'translated': snat_ip
- })
-
- return (snat, dnat)
-
- def _update_nat_rules(self, context, router):
- snat, dnat = self._get_nat_rules(context, router)
- binding = vcns_db.get_vcns_router_binding(context.session,
- router['id'])
- self.vcns_driver.update_nat_rules(router['id'],
- binding['edge_id'],
- snat, dnat)
-
- def _update_interface(self, context, router, sync=False):
- addr, mask, nexthop = self._get_external_attachment_info(
- context, router)
-
- secondary = []
- fip_qry = context.session.query(l3_db.FloatingIP)
- fip_db = fip_qry.filter_by(router_id=router['id']).all()
- for fip in fip_db:
- if fip.fixed_port_id:
- secondary.append(fip.floating_ip_address)
- #Add all vip addresses bound on the router
- vip_addrs = self._get_all_vip_addrs_by_router_id(context,
- router['id'])
- secondary.extend(vip_addrs)
-
- binding = vcns_db.get_vcns_router_binding(context.session,
- router['id'])
- task = self.vcns_driver.update_interface(
- router['id'], binding['edge_id'],
- vcns_const.EXTERNAL_VNIC_INDEX,
- self.vcns_driver.external_network,
- addr, mask, secondary=secondary)
- if sync:
- task.wait(tasks_const.TaskState.RESULT)
-
- def _update_router_gw_info(self, context, router_id, info):
- if not self._is_advanced_service_router(context, router_id):
- super(NsxAdvancedPlugin, self)._update_router_gw_info(
- context, router_id, info)
- return
-
- # get original gw_port config
- router = self._get_router(context, router_id)
- org_ext_net_id = router.gw_port_id and router.gw_port.network_id
- org_enable_snat = router.enable_snat
- orgaddr, orgmask, orgnexthop = self._get_external_attachment_info(
- context, router)
-
- super(base.NsxPluginV2, self)._update_router_gw_info(
- context, router_id, info, router=router)
-
- new_ext_net_id = router.gw_port_id and router.gw_port.network_id
- new_enable_snat = router.enable_snat
- newaddr, newmask, newnexthop = self._get_external_attachment_info(
- context, router)
-
- binding = vcns_db.get_vcns_router_binding(context.session, router_id)
-
- if new_ext_net_id != org_ext_net_id and orgnexthop:
- # network changed, need to remove default gateway before vnic
- # can be configured
- LOG.debug("VCNS: delete default gateway %s", orgnexthop)
- self._vcns_update_static_routes(context,
- router=router,
- edge_id=binding['edge_id'],
- nexthop=None)
-
- if orgaddr != newaddr or orgmask != newmask:
- self.vcns_driver.update_interface(
- router_id, binding['edge_id'],
- vcns_const.EXTERNAL_VNIC_INDEX,
- self.vcns_driver.external_network,
- newaddr, newmask)
-
- if orgnexthop != newnexthop:
- self._vcns_update_static_routes(context,
- router=router,
- edge_id=binding['edge_id'],
- nexthop=newnexthop)
-
- if (new_ext_net_id == org_ext_net_id and
- org_enable_snat == new_enable_snat):
- return
-
- self._update_nat_rules(context, router)
-
- def _add_subnet_snat_rule(self, context, router, subnet):
- # NOP for service router
- if not self._is_advanced_service_router(router=router):
- super(NsxAdvancedPlugin, self)._add_subnet_snat_rule(
- context, router, subnet)
-
- def _delete_subnet_snat_rule(self, context, router, subnet):
- # NOP for service router
- if not self._is_advanced_service_router(router=router):
- super(NsxAdvancedPlugin, self)._delete_subnet_snat_rule(
- context, router, subnet)
-
- def _remove_floatingip_address(self, context, fip_db):
- # NOP for service router
- router_id = fip_db.router_id
- if not self._is_advanced_service_router(context, router_id):
- super(NsxAdvancedPlugin, self)._remove_floatingip_address(
- context, fip_db)
-
- def _create_advanced_service_router(self, context, neutron_router_id,
- name, lrouter, lswitch):
-
- # store binding
- binding = vcns_db.add_vcns_router_binding(
- context.session, neutron_router_id, None, lswitch['uuid'],
- service_constants.PENDING_CREATE)
-
- # deploy edge
- jobdata = {
- 'neutron_router_id': neutron_router_id,
- 'lrouter': lrouter,
- 'lswitch': lswitch,
- 'context': context
- }
-
- # deploy and wait until the deploy requeste has been requested
- # so we will have edge_id ready. The wait here should be fine
- # as we're not in a database transaction now
- self.vcns_driver.deploy_edge(
- lrouter['uuid'], name, lswitch['uuid'], jobdata=jobdata,
- wait_for_exec=True)
-
- return binding
-
- def _create_integration_lswitch(self, tenant_id, name):
- # use defautl transport zone
- transport_zone_config = [{
- "zone_uuid": self.cluster.default_tz_uuid,
- "transport_type": cfg.CONF.NSX.default_transport_type
- }]
- return self.vcns_driver.create_lswitch(name, transport_zone_config)
-
- def _add_router_integration_interface(self, tenant_id, name,
- lrouter, lswitch):
- # create logic switch port
- try:
- ls_port = switchlib.create_lport(
- self.cluster, lswitch['uuid'], tenant_id,
- '', '', lrouter['uuid'], True)
- except api_exc.NsxApiException:
- msg = (_("An exception occurred while creating a port "
- "on lswitch %s") % lswitch['uuid'])
- LOG.exception(msg)
- raise n_exc.NeutronException(message=msg)
-
- # create logic router port
- try:
- neutron_port_id = ''
- pname = name[:36] + '-lp'
- admin_status_enabled = True
- lr_port = routerlib.create_router_lport(
- self.cluster, lrouter['uuid'], tenant_id,
- neutron_port_id, pname, admin_status_enabled,
- [vcns_const.INTEGRATION_LR_IPADDRESS])
- except api_exc.NsxApiException:
- msg = (_("Unable to create port on NSX logical router %s") % name)
- LOG.exception(msg)
- switchlib.delete_port(
- self.cluster, lswitch['uuid'], ls_port['uuid'])
- raise n_exc.NeutronException(message=msg)
-
- # attach logic router port to switch port
- try:
- self._update_router_port_attachment(
- self.cluster, None, lrouter['uuid'], {}, lr_port['uuid'],
- 'PatchAttachment', ls_port['uuid'], None)
- except api_exc.NsxApiException as e:
- # lr_port should have been deleted
- switchlib.delete_port(
- self.cluster, lswitch['uuid'], ls_port['uuid'])
- raise e
-
- def _create_lrouter(self, context, router, nexthop):
- lrouter = super(NsxAdvancedPlugin, self)._create_lrouter(
- context, router, vcns_const.INTEGRATION_EDGE_IPADDRESS)
-
- router_type = self._find_router_type(router)
- self._set_router_type(lrouter['uuid'], router_type)
- if router_type == ROUTER_TYPE_BASIC:
- return lrouter
-
- tenant_id = self._get_tenant_id_for_create(context, router)
- name = router['name']
- try:
- lsname = name[:36] + '-ls'
- lswitch = self._create_integration_lswitch(
- tenant_id, lsname)
- except Exception:
- msg = _("Unable to create integration logic switch "
- "for router %s") % name
- LOG.exception(msg)
- routerlib.delete_lrouter(self.cluster, lrouter['uuid'])
- raise n_exc.NeutronException(message=msg)
-
- try:
- self._add_router_integration_interface(tenant_id, name,
- lrouter, lswitch)
- except Exception:
- msg = _("Unable to add router interface to integration lswitch "
- "for router %s") % name
- LOG.exception(msg)
- routerlib.delete_lrouter(self.cluster, lrouter['uuid'])
- raise n_exc.NeutronException(message=msg)
-
- try:
- self._create_advanced_service_router(
- context, router['id'], name, lrouter, lswitch)
- except Exception:
- msg = (_("Unable to create advance service router for %s") % name)
- LOG.exception(msg)
- self.vcns_driver.delete_lswitch(lswitch('uuid'))
- routerlib.delete_lrouter(self.cluster, lrouter['uuid'])
- raise n_exc.NeutronException(message=msg)
-
- lrouter['status'] = service_constants.PENDING_CREATE
- return lrouter
-
- def check_router_in_use(self, context, router_id):
- router_filter = {'router_id': [router_id]}
- vpnservices = self.get_vpnservices(
- context, filters={'router_id': [router_id]})
- if vpnservices:
- raise vpn_ext.RouterInUseByVPNService(
- router_id=router_id,
- vpnservice_id=vpnservices[0]['id'])
- vips = self.get_vips(
- context, filters=router_filter)
- if vips:
- raise nsx_exc.RouterInUseByLBService(
- router_id=router_id,
- vip_id=vips[0]['id'])
- firewalls = self.get_firewalls(
- context, filters=router_filter)
- if firewalls:
- raise nsx_exc.RouterInUseByFWService(
- router_id=router_id,
- firewall_id=firewalls[0]['id'])
-
- def _delete_lrouter(self, context, router_id, nsx_router_id):
- binding = vcns_db.get_vcns_router_binding(context.session, router_id)
- if not binding:
- super(NsxAdvancedPlugin, self)._delete_lrouter(
- context, router_id, nsx_router_id)
- else:
- #Check whether router has an advanced service inserted.
- self.check_router_in_use(context, router_id)
- vcns_db.update_vcns_router_binding(
- context.session, router_id,
- status=service_constants.PENDING_DELETE)
-
- lswitch_id = binding['lswitch_id']
- edge_id = binding['edge_id']
-
- # delete lswitch
- try:
- self.vcns_driver.delete_lswitch(lswitch_id)
- except exceptions.ResourceNotFound:
- LOG.warning(_LW("Did not found lswitch %s in NSX"), lswitch_id)
-
- # delete edge
- jobdata = {
- 'context': context
- }
- self.vcns_driver.delete_edge(router_id, edge_id, jobdata=jobdata)
-
- # delete NSX logical router
- routerlib.delete_lrouter(self.cluster, nsx_router_id)
-
- if id in self._router_type:
- del self._router_type[router_id]
-
- def _update_lrouter(self, context, router_id, name, nexthop, routes=None):
- if not self._is_advanced_service_router(context, router_id):
- return super(NsxAdvancedPlugin, self)._update_lrouter(
- context, router_id, name, nexthop, routes=routes)
-
- previous_routes = super(NsxAdvancedPlugin, self)._update_lrouter(
- context, router_id, name,
- vcns_const.INTEGRATION_EDGE_IPADDRESS, routes=routes)
-
- # TODO(fank): Theoretically users can specify extra routes for
- # physical network, and routes for phyiscal network needs to be
- # configured on Edge. This can be done by checking if nexthop is in
- # external network. But for now we only handle routes for logic
- # space and leave it for future enhancement.
-
- # Let _update_router_gw_info handle nexthop change
- #self._vcns_update_static_routes(context, router_id=router_id)
-
- return previous_routes
-
- def _retrieve_and_delete_nat_rules(self, context, floating_ip_address,
- internal_ip, router_id,
- min_num_rules_expected=0):
- # NOP for advanced service router
- if not self._is_advanced_service_router(context, router_id):
- super(NsxAdvancedPlugin, self)._retrieve_and_delete_nat_rules(
- context, floating_ip_address, internal_ip, router_id,
- min_num_rules_expected=min_num_rules_expected)
-
- def _update_fip_assoc(self, context, fip, floatingip_db, external_port):
- # Update DB model only for advanced service router
- router_id = self._get_fip_assoc_data(context, fip, floatingip_db)[2]
- if (router_id and
- not self._is_advanced_service_router(context, router_id)):
- super(NsxAdvancedPlugin, self)._update_fip_assoc(
- context, fip, floatingip_db, external_port)
- else:
- super(base.NsxPluginV2, self)._update_fip_assoc(
- context, fip, floatingip_db, external_port)
-
- def _get_nsx_lrouter_status(self, id):
- try:
- lrouter = routerlib.get_lrouter(self.cluster, id)
- lr_status = lrouter["_relations"]["LogicalRouterStatus"]
- if lr_status["fabric_status"]:
- nsx_status = vcns_const.RouterStatus.ROUTER_STATUS_ACTIVE
- else:
- nsx_status = vcns_const.RouterStatus.ROUTER_STATUS_DOWN
- except n_exc.NotFound:
- nsx_status = vcns_const.RouterStatus.ROUTER_STATUS_ERROR
-
- return nsx_status
-
- def _get_vse_status(self, context, id):
- binding = vcns_db.get_vcns_router_binding(context.session, id)
- edge_status_level = self.vcns_driver.get_edge_status(
- binding['edge_id'])
- edge_db_status_level = ROUTER_STATUS_LEVEL[binding.status]
-
- if edge_status_level > edge_db_status_level:
- return edge_status_level
- else:
- return edge_db_status_level
-
- def _get_all_nsx_lrouters_statuses(self, tenant_id, fields):
- # get nsx lrouters status
- nsx_lrouters = routerlib.get_lrouters(self.cluster,
- tenant_id,
- fields)
-
- nsx_status = {}
- for nsx_lrouter in nsx_lrouters:
- if (nsx_lrouter["_relations"]["LogicalRouterStatus"]
- ["fabric_status"]):
- nsx_status[nsx_lrouter['uuid']] = (
- vcns_const.RouterStatus.ROUTER_STATUS_ACTIVE
- )
- else:
- nsx_status[nsx_lrouter['uuid']] = (
- vcns_const.RouterStatus.ROUTER_STATUS_DOWN
- )
-
- return nsx_status
-
- def _get_all_vse_statuses(self, context):
- bindings = self._model_query(
- context, vcns_models.VcnsRouterBinding)
-
- vse_db_status_level = {}
- edge_id_to_router_id = {}
- router_ids = []
- for binding in bindings:
- if not binding['edge_id']:
- continue
- router_id = binding['router_id']
- router_ids.append(router_id)
- edge_id_to_router_id[binding['edge_id']] = router_id
- vse_db_status_level[router_id] = (
- ROUTER_STATUS_LEVEL[binding['status']])
-
- if not vse_db_status_level:
- # no advanced service router, no need to query
- return {}
-
- vse_status_level = {}
- edges_status_level = self.vcns_driver.get_edges_statuses()
- for edge_id, status_level in edges_status_level.iteritems():
- if edge_id in edge_id_to_router_id:
- router_id = edge_id_to_router_id[edge_id]
- db_status_level = vse_db_status_level[router_id]
- if status_level > db_status_level:
- vse_status_level[router_id] = status_level
- else:
- vse_status_level[router_id] = db_status_level
-
- return vse_status_level
-
- def get_router(self, context, id, fields=None):
- if fields and 'status' not in fields:
- return super(NsxAdvancedPlugin, self).get_router(
- context, id, fields=fields)
-
- router = super(NsxAdvancedPlugin, self).get_router(context, id)
-
- router_type = self._find_router_type(router)
- if router_type == ROUTER_TYPE_ADVANCED:
- vse_status_level = self._get_vse_status(context, id)
- if vse_status_level > ROUTER_STATUS_LEVEL[router['status']]:
- router['status'] = ROUTER_STATUS[vse_status_level]
-
- return self._fields(router, fields)
-
- def get_routers(self, context, filters=None, fields=None, **kwargs):
- routers = super(NsxAdvancedPlugin, self).get_routers(
- context, filters=filters, **kwargs)
-
- if fields and 'status' not in fields:
- # no status checking, just return regular get_routers
- return [self._fields(router, fields) for router in routers]
-
- for router in routers:
- router_type = self._find_router_type(router)
- if router_type == ROUTER_TYPE_ADVANCED:
- break
- else:
- # no advanced service router, return here
- return [self._fields(router, fields) for router in routers]
-
- vse_status_all = self._get_all_vse_statuses(context)
- for router in routers:
- router_type = self._find_router_type(router)
- if router_type == ROUTER_TYPE_ADVANCED:
- vse_status_level = vse_status_all.get(router['id'])
- if vse_status_level is None:
- vse_status_level = (
- vcns_const.RouterStatus.ROUTER_STATUS_ERROR)
- if vse_status_level > ROUTER_STATUS_LEVEL[router['status']]:
- router['status'] = ROUTER_STATUS[vse_status_level]
-
- return [self._fields(router, fields) for router in routers]
-
- def add_router_interface(self, context, router_id, interface_info):
- info = super(NsxAdvancedPlugin, self).add_router_interface(
- context, router_id, interface_info)
- if self._is_advanced_service_router(context, router_id):
- router = self._get_router(context, router_id)
- if router.enable_snat:
- self._update_nat_rules(context, router)
- # TODO(fank): do rollback on error, or have a dedicated thread
- # do sync work (rollback, re-configure, or make router down)
- self._vcns_update_static_routes(context, router=router)
- return info
-
- def remove_router_interface(self, context, router_id, interface_info):
- info = super(NsxAdvancedPlugin, self).remove_router_interface(
- context, router_id, interface_info)
- if self._is_advanced_service_router(context, router_id):
- router = self._get_router(context, router_id)
- if router.enable_snat:
- self._update_nat_rules(context, router)
- # TODO(fank): do rollback on error, or have a dedicated thread
- # do sync work (rollback, re-configure, or make router down)
- self._vcns_update_static_routes(context, router=router)
- return info
-
- def create_floatingip(self, context, floatingip):
- fip = super(NsxAdvancedPlugin, self).create_floatingip(
- context, floatingip)
- router_id = fip.get('router_id')
- if router_id and self._is_advanced_service_router(context, router_id):
- router = self._get_router(context, router_id)
- # TODO(fank): do rollback on error, or have a dedicated thread
- # do sync work (rollback, re-configure, or make router down)
- self._update_nat_rules(context, router)
- self._update_interface(context, router)
- return fip
-
- def update_floatingip(self, context, id, floatingip):
- fip = super(NsxAdvancedPlugin, self).update_floatingip(
- context, id, floatingip)
- router_id = fip.get('router_id')
- if router_id and self._is_advanced_service_router(context, router_id):
- router = self._get_router(context, router_id)
- # TODO(fank): do rollback on error, or have a dedicated thread
- # do sync work (rollback, re-configure, or make router down)
- self._update_nat_rules(context, router)
- self._update_interface(context, router)
- elif not router_id:
- # The floating IP has been disassociated and should be set to DOWN
- self.update_floatingip_status(context, fip['id'],
- constants.FLOATINGIP_STATUS_DOWN)
- return fip
-
- def delete_floatingip(self, context, id):
- fip_db = self._get_floatingip(context, id)
- router_id = None
- if fip_db.fixed_port_id:
- router_id = fip_db.router_id
- super(NsxAdvancedPlugin, self).delete_floatingip(context, id)
- if router_id and self._is_advanced_service_router(context, router_id):
- router = self._get_router(context, router_id)
- # TODO(fank): do rollback on error, or have a dedicated thread
- # do sync work (rollback, re-configure, or make router down)
- self._update_interface(context, router)
- self._update_nat_rules(context, router)
-
- def disassociate_floatingips(self, context, port_id):
- routers = set()
-
- try:
- fip_qry = context.session.query(l3_db.FloatingIP)
- fip_dbs = fip_qry.filter_by(fixed_port_id=port_id)
- for fip_db in fip_dbs:
- routers.add(fip_db.router_id)
- except sa_exc.NoResultFound:
- pass
- super(NsxAdvancedPlugin, self).disassociate_floatingips(context,
- port_id)
-
- for router_id in routers:
- if self._is_advanced_service_router(context, router_id):
- router = self._get_router(context, router_id)
- # TODO(fank): do rollback on error, or have a dedicated thread
- # do sync work (rollback, re-configure, or make router down)
- self._update_interface(context, router)
- self._update_nat_rules(context, router)
-
- #
- # FWaaS plugin implementation
- #
- def _firewall_set_status(
- self, context, firewall_id, status, firewall=None):
- with context.session.begin(subtransactions=True):
- fw_db = self._get_firewall(context, firewall_id)
- if status == service_constants.PENDING_UPDATE and (
- fw_db.status == service_constants.PENDING_DELETE):
- raise fw_ext.FirewallInPendingState(
- firewall_id=firewall_id, pending_state=status)
- else:
- fw_db.status = status
- if firewall:
- firewall['status'] = status
-
- def _ensure_firewall_update_allowed(self, context, firewall_id):
- fwall = self.get_firewall(context, firewall_id)
- if fwall['status'] in [service_constants.PENDING_CREATE,
- service_constants.PENDING_UPDATE,
- service_constants.PENDING_DELETE]:
- raise fw_ext.FirewallInPendingState(firewall_id=firewall_id,
- pending_state=fwall['status'])
-
- def _ensure_firewall_policy_update_allowed(
- self, context, firewall_policy_id):
- firewall_policy = self.get_firewall_policy(context, firewall_policy_id)
- for firewall_id in firewall_policy.get('firewall_list', []):
- self._ensure_firewall_update_allowed(context, firewall_id)
-
- def _ensure_update_or_delete_firewall_rule(
- self, context, firewall_rule_id):
- fw_rule = self.get_firewall_rule(context, firewall_rule_id)
- if fw_rule.get('firewall_policy_id'):
- self._ensure_firewall_policy_update_allowed(
- context, fw_rule['firewall_policy_id'])
-
- def _make_firewall_rule_list_by_policy_id(self, context, fw_policy_id):
- if not fw_policy_id:
- return []
- firewall_policy_db = self._get_firewall_policy(context, fw_policy_id)
- return [
- self._make_firewall_rule_dict(fw_rule_db)
- for fw_rule_db in firewall_policy_db['firewall_rules']
- ]
-
- def _get_edge_id_by_vcns_edge_binding(self, context,
- router_id):
- #Get vcns_router_binding mapping between router and edge
- router_binding = vcns_db.get_vcns_router_binding(
- context.session, router_id)
- return router_binding.edge_id
-
- def _get_firewall_list_from_firewall_policy(self, context, policy_id):
- firewall_policy_db = self._get_firewall_policy(context, policy_id)
- return [
- self._make_firewall_dict(fw_db)
- for fw_db in firewall_policy_db['firewalls']
- ]
-
- def _get_firewall_list_from_firewall_rule(self, context, rule_id):
- rule = self._get_firewall_rule(context, rule_id)
- if not rule.firewall_policy_id:
- # The firewall rule is not associated with firewall policy yet
- return None
-
- return self._get_firewall_list_from_firewall_policy(
- context, rule.firewall_policy_id)
-
- def _vcns_update_firewall(self, context, fw, router_id=None, **kwargs):
- edge_id = kwargs.get('edge_id')
- if not edge_id:
- edge_id = self._get_edge_id_by_vcns_edge_binding(
- context, router_id)
- firewall_rule_list = kwargs.get('firewall_rule_list')
- if not firewall_rule_list:
- firewall_rule_list = self._make_firewall_rule_list_by_policy_id(
- context, fw['firewall_policy_id'])
- fw_with_rules = fw
- fw_with_rules['firewall_rule_list'] = firewall_rule_list
- try:
- self.vcns_driver.update_firewall(context, edge_id, fw_with_rules)
- except exceptions.VcnsApiException as e:
- self._firewall_set_status(
- context, fw['id'], service_constants.ERROR)
- LOG.exception(_LE("Failed to create firewall on vShield Edge "
- "bound on router %s"), router_id)
- raise e
-
- except exceptions.VcnsBadRequest as e:
- self._firewall_set_status(
- context, fw['id'], service_constants.ERROR)
- LOG.exception(_LE("Bad Firewall request Input"))
- raise e
-
- def _vcns_delete_firewall(self, context, router_id=None, **kwargs):
- edge_id = kwargs.get('edge_id')
- if not edge_id:
- edge_id = self._get_edge_id_by_vcns_edge_binding(
- context, router_id)
- #TODO(linb):do rollback on error
- self.vcns_driver.delete_firewall(context, edge_id)
-
- def create_firewall(self, context, firewall):
- LOG.debug("create_firewall() called")
- router_id = firewall['firewall'].get(vcns_const.ROUTER_ID)
- if not router_id:
- msg = _("router_id is not provided!")
- LOG.error(msg)
- raise n_exc.BadRequest(resource='router', msg=msg)
- if not self._is_advanced_service_router(context, router_id):
- msg = _("router_id:%s is not an advanced router!") % router_id
- LOG.error(msg)
- raise n_exc.BadRequest(resource='router', msg=msg)
- if self._get_resource_router_id_binding(
- context, firewall_db.Firewall, router_id=router_id):
- msg = _("A firewall is already associated with the router")
- LOG.error(msg)
- raise nsx_exc.ServiceOverQuota(
- overs='firewall', err_msg=msg)
-
- fw = super(NsxAdvancedPlugin, self).create_firewall(context, firewall)
- #Add router service insertion binding with firewall object
- res = {
- 'id': fw['id'],
- 'router_id': router_id
- }
- self._process_create_resource_router_id(
- context, res, firewall_db.Firewall)
- # Since there is only one firewall per edge,
- # here would be bulk configuration operation on firewall
- self._vcns_update_firewall(context, fw, router_id)
- self._firewall_set_status(
- context, fw['id'], service_constants.ACTIVE, fw)
- fw[rsi.ROUTER_ID] = router_id
- return fw
-
- def update_firewall(self, context, id, firewall):
- LOG.debug("update_firewall() called")
- self._ensure_firewall_update_allowed(context, id)
- service_router_binding = self._get_resource_router_id_binding(
- context, firewall_db.Firewall, resource_id=id)
- rule_list_pre = self._make_firewall_rule_list_by_policy_id(
- context,
- self.get_firewall(context, id)['firewall_policy_id'])
- firewall['firewall']['status'] = service_constants.PENDING_UPDATE
- fw = super(NsxAdvancedPlugin, self).update_firewall(
- context, id, firewall)
- fw[rsi.ROUTER_ID] = service_router_binding['router_id']
- rule_list_new = self._make_firewall_rule_list_by_policy_id(
- context, fw['firewall_policy_id'])
- if rule_list_pre == rule_list_new:
- self._firewall_set_status(
- context, fw['id'], service_constants.ACTIVE, fw)
- return fw
- else:
- self._vcns_update_firewall(
- context, fw, service_router_binding.router_id,
- firewall_rule_list=rule_list_new)
- self._firewall_set_status(
- context, fw['id'], service_constants.ACTIVE, fw)
- return fw
-
- def delete_firewall(self, context, id):
- LOG.debug("delete_firewall() called")
- self._firewall_set_status(
- context, id, service_constants.PENDING_DELETE)
- service_router_binding = self._get_resource_router_id_binding(
- context, firewall_db.Firewall, resource_id=id)
- self._vcns_delete_firewall(context, service_router_binding.router_id)
- super(NsxAdvancedPlugin, self).delete_firewall(context, id)
- self._delete_resource_router_id_binding(
- context, id, firewall_db.Firewall)
-
- def get_firewall(self, context, id, fields=None):
- fw = super(NsxAdvancedPlugin, self).get_firewall(
- context, id, fields)
- if fields and rsi.ROUTER_ID not in fields:
- return fw
-
- service_router_binding = self._get_resource_router_id_binding(
- context, firewall_db.Firewall, resource_id=fw['id'])
- fw[rsi.ROUTER_ID] = service_router_binding['router_id']
- return fw
-
- def get_firewalls(self, context, filters=None, fields=None):
- fws = super(NsxAdvancedPlugin, self).get_firewalls(
- context, filters, fields)
- if fields and rsi.ROUTER_ID not in fields:
- return fws
- service_router_bindings = self._get_resource_router_id_bindings(
- context, firewall_db.Firewall,
- resource_ids=[fw['id'] for fw in fws])
- mapping = dict([(binding['resource_id'], binding['router_id'])
- for binding in service_router_bindings])
- for fw in fws:
- fw[rsi.ROUTER_ID] = mapping[fw['id']]
- return fws
-
- def update_firewall_rule(self, context, id, firewall_rule):
- LOG.debug("update_firewall_rule() called")
- self._ensure_update_or_delete_firewall_rule(context, id)
- fwr_pre = self.get_firewall_rule(context, id)
- fwr = super(NsxAdvancedPlugin, self).update_firewall_rule(
- context, id, firewall_rule)
- if fwr_pre == fwr:
- return fwr
-
- # check if this rule is associated with firewall
- fw_list = self._get_firewall_list_from_firewall_rule(context, id)
- if not fw_list:
- return fwr
-
- for fw in fw_list:
- # get router service insertion binding with firewall id
- service_router_binding = self._get_resource_router_id_binding(
- context, firewall_db.Firewall, resource_id=fw['id'])
- edge_id = self._get_edge_id_by_vcns_edge_binding(
- context, service_router_binding.router_id)
-
- #TODO(linb): do rollback on error
- self.vcns_driver.update_firewall_rule(context, id, edge_id, fwr)
-
- return fwr
-
- def update_firewall_policy(self, context, id, firewall_policy):
- LOG.debug("update_firewall_policy() called")
- self._ensure_firewall_policy_update_allowed(context, id)
- firewall_rules_pre = self._make_firewall_rule_list_by_policy_id(
- context, id)
- fwp = super(NsxAdvancedPlugin, self).update_firewall_policy(
- context, id, firewall_policy)
- firewall_rules = self._make_firewall_rule_list_by_policy_id(
- context, id)
- if firewall_rules_pre == firewall_rules:
- return fwp
-
- # check if this policy is associated with firewall
- fw_list = self._get_firewall_list_from_firewall_policy(context, id)
- if not fw_list:
- return fwp
-
- for fw in fw_list:
- # Get the router_service insertion binding with firewall id
- # TODO(fank): optimized by using _get_resource_router_id_bindings
- service_router_binding = self._get_resource_router_id_binding(
- context, firewall_db.Firewall, resource_id=fw['id'])
- self._vcns_update_firewall(
- context, fw, service_router_binding.router_id,
- firewall_rule_list=firewall_rules)
- return fwp
-
- def insert_rule(self, context, id, rule_info):
- LOG.debug("insert_rule() called")
- self._ensure_firewall_policy_update_allowed(context, id)
- fwp = super(NsxAdvancedPlugin, self).insert_rule(
- context, id, rule_info)
- fwr = super(NsxAdvancedPlugin, self).get_firewall_rule(
- context, rule_info['firewall_rule_id'])
-
- # check if this policy is associated with firewall
- fw_list = self._get_firewall_list_from_firewall_policy(context, id)
- if not fw_list:
- return fwp
- for fw in fw_list:
- # TODO(fank): optimized by using _get_resource_router_id_bindings
- service_router_binding = self._get_resource_router_id_binding(
- context, firewall_db.Firewall, resource_id=fw['id'])
- edge_id = self._get_edge_id_by_vcns_edge_binding(
- context, service_router_binding.router_id)
-
- if rule_info.get('insert_before') or rule_info.get('insert_after'):
- #if insert_before or insert_after is set, we would call
- #VCNS insert_rule API
- #TODO(linb): do rollback on error
- self.vcns_driver.insert_rule(context, rule_info, edge_id, fwr)
- else:
- #Else we would call bulk configuration on the firewall
- self._vcns_update_firewall(context, fw, edge_id=edge_id)
- return fwp
-
- def remove_rule(self, context, id, rule_info):
- LOG.debug("remove_rule() called")
- self._ensure_firewall_policy_update_allowed(context, id)
- fwp = super(NsxAdvancedPlugin, self).remove_rule(
- context, id, rule_info)
- fwr = super(NsxAdvancedPlugin, self).get_firewall_rule(
- context, rule_info['firewall_rule_id'])
-
- # check if this policy is associated with firewall
- fw_list = self._get_firewall_list_from_firewall_policy(context, id)
- if not fw_list:
- return fwp
- for fw in fw_list:
- # TODO(fank): optimized by using _get_resource_router_id_bindings
- service_router_binding = self._get_resource_router_id_binding(
- context, firewall_db.Firewall, resource_id=fw['id'])
- edge_id = self._get_edge_id_by_vcns_edge_binding(
- context, service_router_binding.router_id)
- #TODO(linb): do rollback on error
- self.vcns_driver.delete_firewall_rule(
- context, fwr['id'], edge_id)
- return fwp
-
- #
- # LBAAS service plugin implementation
- #
- def _get_edge_id_by_vip_id(self, context, vip_id):
- try:
- service_router_binding = self._get_resource_router_id_binding(
- context, loadbalancer_db.Vip, resource_id=vip_id)
- except Exception:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to find the edge with "
- "vip_id: %s"), vip_id)
- return self._get_edge_id_by_vcns_edge_binding(
- context, service_router_binding.router_id)
-
- def _get_all_vip_addrs_by_router_id(
- self, context, router_id):
- vip_bindings = self._get_resource_router_id_bindings(
- context, loadbalancer_db.Vip, router_ids=[router_id])
- vip_addrs = []
- for vip_binding in vip_bindings:
- vip = self.get_vip(context, vip_binding.resource_id)
- vip_addrs.append(vip.get('address'))
- return vip_addrs
-
- def _add_router_service_insertion_binding(self, context, resource_id,
- router_id,
- model):
- res = {
- 'id': resource_id,
- 'router_id': router_id
- }
- self._process_create_resource_router_id(context, res,
- model)
-
- def _resource_set_status(self, context, model, id, status, obj=None,
- pool_id=None):
- with context.session.begin(subtransactions=True):
- try:
- qry = context.session.query(model)
- if issubclass(model, loadbalancer_db.PoolMonitorAssociation):
- res = qry.filter_by(monitor_id=id,
- pool_id=pool_id).one()
- else:
- res = qry.filter_by(id=id).one()
- if status == service_constants.PENDING_UPDATE and (
- res.get('status') == service_constants.PENDING_DELETE):
- msg = (_("Operation can't be performed, Since resource "
- "%(model)s : %(id)s is in DELETEing status!") %
- {'model': model,
- 'id': id})
- LOG.error(msg)
- raise nsx_exc.NsxPluginException(err_msg=msg)
- else:
- res.status = status
- except sa_exc.NoResultFound:
- msg = (_("Resource %(model)s : %(id)s not found!") %
- {'model': model,
- 'id': id})
- LOG.exception(msg)
- raise nsx_exc.NsxPluginException(err_msg=msg)
- if obj:
- obj['status'] = status
-
- def _vcns_create_pool_and_monitors(self, context, pool_id, **kwargs):
- pool = self.get_pool(context, pool_id)
- edge_id = kwargs.get('edge_id')
- if not edge_id:
- edge_id = self._get_edge_id_by_vip_id(
- context, pool['vip_id'])
- #Check wheter the pool is already created on the router
- #in case of future's M:N relation between Pool and Vip
-
- #Check associated HealthMonitors and then create them
- for monitor_id in pool.get('health_monitors'):
- hm = self.get_health_monitor(context, monitor_id)
- try:
- self.vcns_driver.create_health_monitor(
- context, edge_id, hm)
- except Exception:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to create healthmonitor "
- "associated with pool id: %s!"), pool_id)
- for monitor_ide in pool.get('health_monitors'):
- if monitor_ide == monitor_id:
- break
- self.vcns_driver.delete_health_monitor(
- context, monitor_ide, edge_id)
- #Create the pool on the edge
- members = [
- super(NsxAdvancedPlugin, self).get_member(
- context, member_id)
- for member_id in pool.get('members')
- ]
- try:
- self.vcns_driver.create_pool(context, edge_id, pool, members)
- except Exception:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to create pool on vshield edge"))
- self.vcns_driver.delete_pool(
- context, pool_id, edge_id)
- for monitor_id in pool.get('health_monitors'):
- self.vcns_driver.delete_health_monitor(
- context, monitor_id, edge_id)
-
- def _vcns_update_pool(self, context, pool, **kwargs):
- edge_id = self._get_edge_id_by_vip_id(context, pool['vip_id'])
- members = kwargs.get('members')
- if not members:
- members = [
- super(NsxAdvancedPlugin, self).get_member(
- context, member_id)
- for member_id in pool.get('members')
- ]
- self.vcns_driver.update_pool(context, edge_id, pool, members)
-
- def create_vip(self, context, vip):
- LOG.debug("create_vip() called")
- router_id = vip['vip'].get(vcns_const.ROUTER_ID)
- if not router_id:
- msg = _("router_id is not provided!")
- LOG.error(msg)
- raise n_exc.BadRequest(resource='router', msg=msg)
-
- if not self._is_advanced_service_router(context, router_id):
- msg = _("router_id: %s is not an advanced router!") % router_id
- LOG.error(msg)
- raise nsx_exc.NsxPluginException(err_msg=msg)
-
- #Check whether the vip port is an external port
- subnet_id = vip['vip']['subnet_id']
- network_id = self.get_subnet(context, subnet_id)['network_id']
- ext_net = self._get_network(context, network_id)
- if not ext_net.external:
- msg = (_("Network '%s' is not a valid external "
- "network") % network_id)
- raise nsx_exc.NsxPluginException(err_msg=msg)
-
- v = super(NsxAdvancedPlugin, self).create_vip(context, vip)
- #Get edge_id for the resource
- router_binding = vcns_db.get_vcns_router_binding(
- context.session,
- router_id)
- edge_id = router_binding.edge_id
- #Add vip_router binding
- self._add_router_service_insertion_binding(context, v['id'],
- router_id,
- loadbalancer_db.Vip)
- #Create the vip port on vShield Edge
- router = self._get_router(context, router_id)
- self._update_interface(context, router, sync=True)
- #Create the vip and associated pool/monitor on the corresponding edge
- try:
- self._vcns_create_pool_and_monitors(
- context, v['pool_id'], edge_id=edge_id)
- self.vcns_driver.create_vip(context, edge_id, v)
- except Exception:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to create vip!"))
- self._delete_resource_router_id_binding(
- context, v['id'], loadbalancer_db.Vip)
- super(NsxAdvancedPlugin, self).delete_vip(context, v['id'])
- self._resource_set_status(context, loadbalancer_db.Vip,
- v['id'], service_constants.ACTIVE, v)
- v[rsi.ROUTER_ID] = router_id
-
- return v
-
- def update_vip(self, context, id, vip):
- edge_id = self._get_edge_id_by_vip_id(context, id)
- old_vip = self.get_vip(context, id)
- session_persistence_update = bool(
- vip['vip'].get('session_persistence'))
- vip['vip']['status'] = service_constants.PENDING_UPDATE
- v = super(NsxAdvancedPlugin, self).update_vip(context, id, vip)
- v[rsi.ROUTER_ID] = self._get_resource_router_id_binding(
- context, loadbalancer_db.Vip, resource_id=id)['router_id']
- if old_vip['pool_id'] != v['pool_id']:
- self.vcns_driver.delete_vip(context, id)
- #Delete old pool/monitor on the edge
- #TODO(linb): Factor out procedure for removing pool and health
- #separate method
- old_pool = self.get_pool(context, old_vip['pool_id'])
- self.vcns_driver.delete_pool(
- context, old_vip['pool_id'], edge_id)
- for monitor_id in old_pool.get('health_monitors'):
- self.vcns_driver.delete_health_monitor(
- context, monitor_id, edge_id)
- #Create new pool/monitor object on the edge
- #TODO(linb): add exception handle if error
- self._vcns_create_pool_and_monitors(
- context, v['pool_id'], edge_id=edge_id)
- self.vcns_driver.create_vip(context, edge_id, v)
- return v
- try:
- self.vcns_driver.update_vip(context, v, session_persistence_update)
- except Exception:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to update vip with id: %s!"), id)
- self._resource_set_status(context, loadbalancer_db.Vip,
- id, service_constants.ERROR, v)
-
- self._resource_set_status(context, loadbalancer_db.Vip,
- v['id'], service_constants.ACTIVE, v)
- return v
-
- def delete_vip(self, context, id):
- v = self.get_vip(context, id)
- self._resource_set_status(
- context, loadbalancer_db.Vip,
- id, service_constants.PENDING_DELETE)
- try:
- self.vcns_driver.delete_vip(context, id)
- except Exception:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to delete vip with id: %s!"), id)
- self._resource_set_status(context, loadbalancer_db.Vip,
- id, service_constants.ERROR)
- edge_id = self._get_edge_id_by_vip_id(context, id)
- #Check associated HealthMonitors and then delete them
- pool = self.get_pool(context, v['pool_id'])
- self.vcns_driver.delete_pool(context, v['pool_id'], edge_id)
- for monitor_id in pool.get('health_monitors'):
- #TODO(linb): do exception handle if error
- self.vcns_driver.delete_health_monitor(
- context, monitor_id, edge_id)
-
- router_binding = self._get_resource_router_id_binding(
- context, loadbalancer_db.Vip, resource_id=id)
- router = self._get_router(context, router_binding.router_id)
- self._delete_resource_router_id_binding(
- context, id, loadbalancer_db.Vip)
- super(NsxAdvancedPlugin, self).delete_vip(context, id)
- self._update_interface(context, router, sync=True)
-
- def get_vip(self, context, id, fields=None):
- vip = super(NsxAdvancedPlugin, self).get_vip(context, id, fields)
- if fields and rsi.ROUTER_ID not in fields:
- return vip
-
- service_router_binding = self._get_resource_router_id_binding(
- context, loadbalancer_db.Vip, resource_id=vip['id'])
- vip[rsi.ROUTER_ID] = service_router_binding['router_id']
- return vip
-
- def get_vips(self, context, filters=None, fields=None):
- vips = super(NsxAdvancedPlugin, self).get_vips(
- context, filters, fields)
- if fields and rsi.ROUTER_ID not in fields:
- return vips
- service_router_bindings = self._get_resource_router_id_bindings(
- context, loadbalancer_db.Vip,
- resource_ids=[vip['id'] for vip in vips])
- mapping = dict([(binding['resource_id'], binding['router_id'])
- for binding in service_router_bindings])
- for vip in vips:
- vip[rsi.ROUTER_ID] = mapping[vip['id']]
- return vips
-
- def update_pool(self, context, id, pool):
- pool['pool']['status'] = service_constants.PENDING_UPDATE
- p = super(NsxAdvancedPlugin, self).update_pool(context, id, pool)
- #Check whether the pool is already associated with the vip
- if not p.get('vip_id'):
- self._resource_set_status(context, loadbalancer_db.Pool,
- p['id'], service_constants.ACTIVE, p)
- return p
- try:
- self._vcns_update_pool(context, p)
- except Exception:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to update pool with id: %s!"), id)
- self._resource_set_status(context, loadbalancer_db.Pool,
- p['id'], service_constants.ERROR, p)
- self._resource_set_status(context, loadbalancer_db.Pool,
- p['id'], service_constants.ACTIVE, p)
- return p
-
- def create_member(self, context, member):
- m = super(NsxAdvancedPlugin, self).create_member(context, member)
- pool_id = m.get('pool_id')
- pool = self.get_pool(context, pool_id)
- if not pool.get('vip_id'):
- self._resource_set_status(context, loadbalancer_db.Member,
- m['id'], service_constants.ACTIVE, m)
- return m
- self._resource_set_status(context, loadbalancer_db.Pool,
- pool_id,
- service_constants.PENDING_UPDATE)
- try:
- self._vcns_update_pool(context, pool)
- except Exception:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to update pool with the member"))
- super(NsxAdvancedPlugin, self).delete_member(context, m['id'])
-
- self._resource_set_status(context, loadbalancer_db.Pool,
- pool_id, service_constants.ACTIVE)
- self._resource_set_status(context, loadbalancer_db.Member,
- m['id'], service_constants.ACTIVE, m)
- return m
-
- def update_member(self, context, id, member):
- member['member']['status'] = service_constants.PENDING_UPDATE
- old_member = self.get_member(context, id)
- m = super(NsxAdvancedPlugin, self).update_member(
- context, id, member)
-
- if m['pool_id'] != old_member['pool_id']:
- old_pool_id = old_member['pool_id']
- old_pool = self.get_pool(context, old_pool_id)
- if old_pool.get('vip_id'):
- self._resource_set_status(
- context, loadbalancer_db.Pool,
- old_pool_id, service_constants.PENDING_UPDATE)
- try:
- self._vcns_update_pool(context, old_pool)
- except Exception:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to update old pool "
- "with the member"))
- super(NsxAdvancedPlugin, self).delete_member(
- context, m['id'])
- self._resource_set_status(
- context, loadbalancer_db.Pool,
- old_pool_id, service_constants.ACTIVE)
-
- pool_id = m['pool_id']
- pool = self.get_pool(context, pool_id)
- if not pool.get('vip_id'):
- self._resource_set_status(context, loadbalancer_db.Member,
- m['id'], service_constants.ACTIVE, m)
- return m
- self._resource_set_status(context, loadbalancer_db.Pool,
- pool_id,
- service_constants.PENDING_UPDATE)
- try:
- self._vcns_update_pool(context, pool)
- except Exception:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to update pool with the member"))
- super(NsxAdvancedPlugin, self).delete_member(
- context, m['id'])
-
- self._resource_set_status(context, loadbalancer_db.Pool,
- pool_id, service_constants.ACTIVE)
- self._resource_set_status(context, loadbalancer_db.Member,
- m['id'], service_constants.ACTIVE, m)
- return m
-
- def delete_member(self, context, id):
- m = self.get_member(context, id)
- super(NsxAdvancedPlugin, self).delete_member(context, id)
- pool_id = m['pool_id']
- pool = self.get_pool(context, pool_id)
- if not pool.get('vip_id'):
- return
- self._resource_set_status(context, loadbalancer_db.Pool,
- pool_id, service_constants.PENDING_UPDATE)
- try:
- self._vcns_update_pool(context, pool)
- except Exception:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to update pool with the member"))
- self._resource_set_status(context, loadbalancer_db.Pool,
- pool_id, service_constants.ACTIVE)
-
- def update_health_monitor(self, context, id, health_monitor):
- old_hm = super(NsxAdvancedPlugin, self).get_health_monitor(
- context, id)
- hm = super(NsxAdvancedPlugin, self).update_health_monitor(
- context, id, health_monitor)
- for hm_pool in hm.get('pools'):
- pool_id = hm_pool['pool_id']
- pool = self.get_pool(context, pool_id)
- if pool.get('vip_id'):
- edge_id = self._get_edge_id_by_vip_id(
- context, pool['vip_id'])
- try:
- self.vcns_driver.update_health_monitor(
- context, edge_id, old_hm, hm)
- except Exception:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to update monitor "
- "with id: %s!"), id)
- return hm
-
- def create_pool_health_monitor(self, context,
- health_monitor, pool_id):
- monitor_id = health_monitor['health_monitor']['id']
- pool = self.get_pool(context, pool_id)
- monitors = pool.get('health_monitors')
- if len(monitors) > 0:
- msg = _("Vcns right now can only support "
- "one monitor per pool")
- LOG.error(msg)
- raise nsx_exc.NsxPluginException(err_msg=msg)
- #Check whether the pool is already associated with the vip
- if not pool.get('vip_id'):
- res = super(NsxAdvancedPlugin,
- self).create_pool_health_monitor(context,
- health_monitor,
- pool_id)
- return res
- #Get the edge_id
- edge_id = self._get_edge_id_by_vip_id(context, pool['vip_id'])
- res = super(NsxAdvancedPlugin,
- self).create_pool_health_monitor(context,
- health_monitor,
- pool_id)
- monitor = self.get_health_monitor(context, monitor_id)
- #TODO(linb)Add Exception handle if error
- self.vcns_driver.create_health_monitor(context, edge_id, monitor)
- #Get updated pool
- pool['health_monitors'].append(monitor['id'])
- self._resource_set_status(
- context, loadbalancer_db.Pool,
- pool_id, service_constants.PENDING_UPDATE)
- try:
- self._vcns_update_pool(context, pool)
- except Exception:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to associate monitor with pool!"))
- self._resource_set_status(
- context, loadbalancer_db.Pool,
- pool_id, service_constants.ERROR)
- super(NsxAdvancedPlugin, self).delete_pool_health_monitor(
- context, monitor_id, pool_id)
- self._resource_set_status(
- context, loadbalancer_db.Pool,
- pool_id, service_constants.ACTIVE)
- self._resource_set_status(
- context, loadbalancer_db.PoolMonitorAssociation,
- monitor_id, service_constants.ACTIVE, res,
- pool_id=pool_id)
- return res
-
- def delete_pool_health_monitor(self, context, id, pool_id):
- super(NsxAdvancedPlugin, self).delete_pool_health_monitor(
- context, id, pool_id)
- pool = self.get_pool(context, pool_id)
- #Check whether the pool is already associated with the vip
- if pool.get('vip_id'):
- #Delete the monitor on vshield edge
- edge_id = self._get_edge_id_by_vip_id(context, pool['vip_id'])
- self._resource_set_status(
- context, loadbalancer_db.Pool,
- pool_id, service_constants.PENDING_UPDATE)
- try:
- self._vcns_update_pool(context, pool)
- except Exception:
- with excutils.save_and_reraise_exception():
- LOG.exception(
- _LE("Failed to update pool with pool_monitor!"))
- self._resource_set_status(
- context, loadbalancer_db.Pool,
- pool_id, service_constants.ERROR)
- #TODO(linb): Add exception handle if error
- self.vcns_driver.delete_health_monitor(context, id, edge_id)
- self._resource_set_status(
- context, loadbalancer_db.Pool,
- pool_id, service_constants.ACTIVE)
-
- def _vcns_update_ipsec_config(
- self, context, vpnservice_id, removed_ipsec_conn_id=None):
- sites = []
- vpn_service = self._get_vpnservice(context, vpnservice_id)
- edge_id = self._get_edge_id_by_vcns_edge_binding(
- context, vpn_service.router_id)
- if not vpn_service.router.gw_port:
- msg = _("Failed to update ipsec vpn configuration on edge, since "
- "the router: %s does not have a gateway yet!"
- ) % vpn_service.router_id
- LOG.error(msg)
- raise exceptions.VcnsBadRequest(resource='router', msg=msg)
-
- external_ip = vpn_service.router.gw_port['fixed_ips'][0]['ip_address']
- subnet = self._make_subnet_dict(vpn_service.subnet)
- for ipsec_site_conn in vpn_service.ipsec_site_connections:
- if ipsec_site_conn.id != removed_ipsec_conn_id:
- site = self._make_ipsec_site_connection_dict(ipsec_site_conn)
- ikepolicy = self._make_ikepolicy_dict(
- ipsec_site_conn.ikepolicy)
- ipsecpolicy = self._make_ipsecpolicy_dict(
- ipsec_site_conn.ipsecpolicy)
- sites.append({'site': site,
- 'ikepolicy': ikepolicy,
- 'ipsecpolicy': ipsecpolicy,
- 'subnet': subnet,
- 'external_ip': external_ip})
- try:
- self.vcns_driver.update_ipsec_config(
- edge_id, sites, enabled=vpn_service.admin_state_up)
- except exceptions.VcnsBadRequest:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Bad or unsupported Input request!"))
- except exceptions.VcnsApiException:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to update ipsec VPN configuration "
- "with vpnservice: %(vpnservice_id)s on "
- "vShield Edge: %(edge_id)s"),
- {'vpnservice_id': vpnservice_id,
- 'edge_id': edge_id})
-
- def create_vpnservice(self, context, vpnservice):
- LOG.debug("create_vpnservice() called")
- router_id = vpnservice['vpnservice'].get('router_id')
- if not self._is_advanced_service_router(context, router_id):
- msg = _("router_id:%s is not an advanced router!") % router_id
- LOG.warning(msg)
- raise exceptions.VcnsBadRequest(resource='router', msg=msg)
-
- if self.get_vpnservices(context, filters={'router_id': [router_id]}):
- msg = _("a vpnservice is already associated with the router: %s"
- ) % router_id
- LOG.warning(msg)
- raise nsx_exc.ServiceOverQuota(
- overs='vpnservice', err_msg=msg)
-
- service = super(NsxAdvancedPlugin, self).create_vpnservice(
- context, vpnservice)
- self._resource_set_status(
- context, vpn_db.VPNService,
- service['id'], service_constants.ACTIVE, service)
- return service
-
- def update_vpnservice(self, context, vpnservice_id, vpnservice):
- vpnservice['vpnservice']['status'] = service_constants.PENDING_UPDATE
- service = super(NsxAdvancedPlugin, self).update_vpnservice(
- context, vpnservice_id, vpnservice)
- # Only admin_state_up attribute is configurable on Edge.
- if vpnservice['vpnservice'].get('admin_state_up') is None:
- self._resource_set_status(
- context, vpn_db.VPNService,
- service['id'], service_constants.ACTIVE, service)
- return service
- # Test whether there is one ipsec site connection attached to
- # the vpnservice. If not, just return without updating ipsec
- # config on edge side.
- vpn_service_db = self._get_vpnservice(context, vpnservice_id)
- if not vpn_service_db.ipsec_site_connections:
- self._resource_set_status(
- context, vpn_db.VPNService,
- service['id'], service_constants.ACTIVE, service)
- return service
- try:
- self._vcns_update_ipsec_config(context, service['id'])
- except Exception:
- with excutils.save_and_reraise_exception():
- self._resource_set_status(
- context, vpn_db.VPNService,
- service['id'], service_constants.ERROR, service)
- self._resource_set_status(
- context, vpn_db.VPNService,
- service['id'], service_constants.ACTIVE, service)
- return service
-
- def create_ipsec_site_connection(self, context, ipsec_site_connection):
- ipsec_site_conn = super(
- NsxAdvancedPlugin, self).create_ipsec_site_connection(
- context, ipsec_site_connection)
- try:
- self._vcns_update_ipsec_config(
- context, ipsec_site_conn['vpnservice_id'])
- except Exception:
- with excutils.save_and_reraise_exception():
- super(NsxAdvancedPlugin, self).delete_ipsec_site_connection(
- context, ipsec_site_conn['id'])
- self._resource_set_status(
- context, vpn_db.IPsecSiteConnection,
- ipsec_site_conn['id'], service_constants.ACTIVE, ipsec_site_conn)
- return ipsec_site_conn
-
- def update_ipsec_site_connection(self, context, ipsec_site_connection_id,
- ipsec_site_connection):
- ipsec_site_connection['ipsec_site_connection']['status'] = (
- service_constants.PENDING_UPDATE)
- ipsec_site_conn = super(
- NsxAdvancedPlugin, self).update_ipsec_site_connection(
- context, ipsec_site_connection_id, ipsec_site_connection)
- try:
- self._vcns_update_ipsec_config(
- context, ipsec_site_conn['vpnservice_id'])
- except Exception:
- with excutils.save_and_reraise_exception():
- self._resource_set_status(
- context, vpn_db.IPsecSiteConnection, ipsec_site_conn['id'],
- service_constants.ERROR, ipsec_site_conn)
- self._resource_set_status(
- context, vpn_db.IPsecSiteConnection,
- ipsec_site_conn['id'], service_constants.ACTIVE, ipsec_site_conn)
- return ipsec_site_conn
-
- def delete_ipsec_site_connection(self, context, ipsec_site_conn_id):
- self._resource_set_status(
- context, vpn_db.IPsecSiteConnection,
- ipsec_site_conn_id, service_constants.PENDING_DELETE)
- vpnservice_id = self.get_ipsec_site_connection(
- context, ipsec_site_conn_id)['vpnservice_id']
- try:
- self._vcns_update_ipsec_config(
- context, vpnservice_id, ipsec_site_conn_id)
- except Exception:
- with excutils.save_and_reraise_exception():
- self._resource_set_status(
- context, vpn_db.IPsecSiteConnection, ipsec_site_conn_id,
- service_constants.ERROR)
- super(NsxAdvancedPlugin, self).delete_ipsec_site_connection(
- context, ipsec_site_conn_id)
-
-
-class VcnsCallbacks(object):
- """Edge callback implementation Callback functions for
- asynchronous tasks.
- """
- def __init__(self, plugin):
- self.plugin = plugin
-
- def edge_deploy_started(self, task):
- """callback when deployment task started."""
- jobdata = task.userdata['jobdata']
- context = jobdata['context']
- edge_id = task.userdata.get('edge_id')
- neutron_router_id = jobdata['neutron_router_id']
- name = task.userdata['router_name']
- if edge_id:
- LOG.debug("Start deploying %(edge_id)s for router %(name)s", {
- 'edge_id': edge_id,
- 'name': name})
- vcns_db.update_vcns_router_binding(
- context.session, neutron_router_id, edge_id=edge_id)
- else:
- LOG.debug("Failed to deploy Edge for router %s", name)
- vcns_db.update_vcns_router_binding(
- context.session, neutron_router_id,
- status=service_constants.ERROR)
-
- def edge_deploy_result(self, task):
- """callback when deployment task finished."""
- jobdata = task.userdata['jobdata']
- lrouter = jobdata['lrouter']
- context = jobdata['context']
- name = task.userdata['router_name']
- neutron_router_id = jobdata['neutron_router_id']
- router_db = None
- try:
- router_db = self.plugin._get_router(
- context, neutron_router_id)
- except l3.RouterNotFound:
- # Router might have been deleted before deploy finished
- LOG.exception(_LE("Router %s not found"), lrouter['uuid'])
-
- if task.status == tasks_const.TaskStatus.COMPLETED:
- LOG.debug("Successfully deployed %(edge_id)s for "
- "router %(name)s", {
- 'edge_id': task.userdata['edge_id'],
- 'name': name})
- if (router_db and
- router_db['status'] == service_constants.PENDING_CREATE):
- router_db['status'] = service_constants.ACTIVE
-
- binding = vcns_db.get_vcns_router_binding(
- context.session, neutron_router_id)
- # only update status to active if its status is pending create
- if binding['status'] == service_constants.PENDING_CREATE:
- vcns_db.update_vcns_router_binding(
- context.session, neutron_router_id,
- status=service_constants.ACTIVE)
- else:
- LOG.debug("Failed to deploy Edge for router %s", name)
- if router_db:
- router_db['status'] = service_constants.ERROR
- vcns_db.update_vcns_router_binding(
- context.session, neutron_router_id,
- status=service_constants.ERROR)
-
- def edge_delete_result(self, task):
- jobdata = task.userdata['jobdata']
- router_id = task.userdata['router_id']
- context = jobdata['context']
- if task.status == tasks_const.TaskStatus.COMPLETED:
- vcns_db.delete_vcns_router_binding(context.session,
- router_id)
-
- def interface_update_result(self, task):
- LOG.debug("interface_update_result %d", task.status)
-
- def snat_create_result(self, task):
- LOG.debug("snat_create_result %d", task.status)
-
- def snat_delete_result(self, task):
- LOG.debug("snat_delete_result %d", task.status)
-
- def dnat_create_result(self, task):
- LOG.debug("dnat_create_result %d", task.status)
-
- def dnat_delete_result(self, task):
- LOG.debug("dnat_delete_result %d", task.status)
-
- def routes_update_result(self, task):
- LOG.debug("routes_update_result %d", task.status)
-
- def nat_update_result(self, task):
- LOG.debug("nat_update_result %d", task.status)
-
-
-def _process_base_create_lswitch_args(*args, **kwargs):
- tags = utils.get_tags()
- tags.append({"tag": args[1],
- "scope": "quantum_net_id"})
- if args[2]:
- tags.append({"tag": args[2], "scope": "os_tid"})
- switch_name = args[3]
- tz_config = args[4]
- if kwargs.get("shared", False) or len(args) >= 6:
- tags.append({"tag": "true", "scope": "shared"})
- if kwargs.get("tags"):
- tags.extend(kwargs["tags"])
- return switch_name, tz_config, tags
+++ /dev/null
-# Copyright 2013 VMware, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from oslo.utils import excutils
-
-from neutron.db import db_base_plugin_v2
-from neutron.i18n import _LE
-from neutron.openstack.common import log as logging
-from neutron.plugins.common import constants
-from neutron.plugins.vmware.dbexts import vcns_db
-from neutron.plugins.vmware.vshield.common import (
- exceptions as vcns_exc)
-
-LOG = logging.getLogger(__name__)
-
-VSE_FWAAS_ALLOW = "accept"
-VSE_FWAAS_DENY = "deny"
-
-
-class EdgeFirewallDriver(db_base_plugin_v2.NeutronDbPluginV2):
- """Implementation of driver APIs for
- Edge Firewall feature configuration
- """
- def _convert_firewall_action(self, action):
- if action == constants.FWAAS_ALLOW:
- return VSE_FWAAS_ALLOW
- elif action == constants.FWAAS_DENY:
- return VSE_FWAAS_DENY
- else:
- msg = _("Invalid action value %s in a firewall rule") % action
- raise vcns_exc.VcnsBadRequest(resource='firewall_rule', msg=msg)
-
- def _restore_firewall_action(self, action):
- if action == VSE_FWAAS_ALLOW:
- return constants.FWAAS_ALLOW
- elif action == VSE_FWAAS_DENY:
- return constants.FWAAS_DENY
- else:
- msg = (_("Invalid action value %s in "
- "a vshield firewall rule") % action)
- raise vcns_exc.VcnsBadRequest(resource='firewall_rule', msg=msg)
-
- def _get_port_range_from_min_max_ports(self, min_port, max_port):
- if not min_port:
- return None
- if min_port == max_port:
- return str(min_port)
- else:
- return '%d:%d' % (min_port, max_port)
-
- def _get_min_max_ports_from_range(self, port_range):
- if not port_range:
- return [None, None]
- min_port, sep, max_port = port_range.partition(":")
- if not max_port:
- max_port = min_port
- return [int(min_port), int(max_port)]
-
- def _convert_firewall_rule(self, context, rule, index=None):
- vcns_rule = {
- "name": rule['name'],
- "description": rule['description'],
- "action": self._convert_firewall_action(rule['action']),
- "enabled": rule['enabled']}
- if rule.get('source_ip_address'):
- vcns_rule['source'] = {
- "ipAddress": [rule['source_ip_address']]
- }
- if rule.get('destination_ip_address'):
- vcns_rule['destination'] = {
- "ipAddress": [rule['destination_ip_address']]
- }
- service = {}
- if rule.get('source_port'):
- min_port, max_port = self._get_min_max_ports_from_range(
- rule['source_port'])
- service['sourcePort'] = [i for i in range(min_port, max_port + 1)]
- if rule.get('destination_port'):
- min_port, max_port = self._get_min_max_ports_from_range(
- rule['destination_port'])
- service['port'] = [i for i in range(min_port, max_port + 1)]
- if rule.get('protocol'):
- service['protocol'] = rule['protocol']
- if service:
- vcns_rule['application'] = {
- 'service': [service]
- }
- if index:
- vcns_rule['ruleTag'] = index
- return vcns_rule
-
- def _restore_firewall_rule(self, context, edge_id, response):
- rule = response
- rule_binding = vcns_db.get_vcns_edge_firewallrule_binding_by_vseid(
- context.session, edge_id, rule['ruleId'])
- service = rule['application']['service'][0]
- src_port_range = self._get_port_range_from_min_max_ports(
- service['sourcePort'][0], service['sourcePort'][-1])
- dst_port_range = self._get_port_range_from_min_max_ports(
- service['port'][0], service['port'][-1])
- return {
- 'firewall_rule': {
- 'name': rule['name'],
- 'id': rule_binding['rule_id'],
- 'description': rule['description'],
- 'source_ip_address': rule['source']['ipAddress'][0],
- 'destination_ip_address': rule['destination']['ipAddress'][0],
- 'protocol': service['protocol'],
- 'destination_port': dst_port_range,
- 'source_port': src_port_range,
- 'action': self._restore_firewall_action(rule['action']),
- 'enabled': rule['enabled']}}
-
- def _convert_firewall(self, context, firewall):
- #bulk configuration on firewall and rescheduling the rule binding
- ruleTag = 1
- vcns_rules = []
- for rule in firewall['firewall_rule_list']:
- vcns_rule = self._convert_firewall_rule(context, rule, ruleTag)
- vcns_rules.append(vcns_rule)
- ruleTag += 1
- return {
- 'featureType': "firewall_4.0",
- 'firewallRules': {
- 'firewallRules': vcns_rules}}
-
- def _restore_firewall(self, context, edge_id, response):
- res = {}
- res['firewall_rule_list'] = []
- for rule in response['firewallRules']['firewallRules']:
- rule_binding = (
- vcns_db.get_vcns_edge_firewallrule_binding_by_vseid(
- context.session, edge_id, rule['ruleId']))
- if rule_binding is None:
- continue
- service = rule['application']['service'][0]
- src_port_range = self._get_port_range_from_min_max_ports(
- service['sourcePort'][0], service['sourcePort'][-1])
- dst_port_range = self._get_port_range_from_min_max_ports(
- service['port'][0], service['port'][-1])
- item = {
- 'firewall_rule': {
- 'name': rule['name'],
- 'id': rule_binding['rule_id'],
- 'description': rule['description'],
- 'source_ip_address': rule['source']['ipAddress'][0],
- 'destination_ip_address': rule[
- 'destination']['ipAddress'][0],
- 'protocol': service['protocol'],
- 'destination_port': dst_port_range,
- 'source_port': src_port_range,
- 'action': self._restore_firewall_action(rule['action']),
- 'enabled': rule['enabled']}}
- res['firewall_rule_list'].append(item)
- return res
-
- def _create_rule_id_mapping(
- self, context, edge_id, firewall, vcns_fw):
- for rule in vcns_fw['firewallRules']['firewallRules']:
- index = rule['ruleTag'] - 1
- #TODO(linb):a simple filter of the retrived rules which may be
- #created by other operations unintentionally
- if index < len(firewall['firewall_rule_list']):
- rule_vseid = rule['ruleId']
- rule_id = firewall['firewall_rule_list'][index]['id']
- map_info = {
- 'rule_id': rule_id,
- 'rule_vseid': rule_vseid,
- 'edge_id': edge_id
- }
- vcns_db.add_vcns_edge_firewallrule_binding(
- context.session, map_info)
-
- def _get_firewall(self, context, edge_id):
- try:
- return self.vcns.get_firewall(edge_id)[1]
- except vcns_exc.VcnsApiException:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to get firewall with edge "
- "id: %s"), edge_id)
-
- def _get_firewall_rule_next(self, context, edge_id, rule_vseid):
- # Return the firewall rule below 'rule_vseid'
- fw_cfg = self._get_firewall(context, edge_id)
- for i in range(len(fw_cfg['firewallRules']['firewallRules'])):
- rule_cur = fw_cfg['firewallRules']['firewallRules'][i]
- if str(rule_cur['ruleId']) == rule_vseid:
- if (i + 1) == len(fw_cfg['firewallRules']['firewallRules']):
- return None
- else:
- return fw_cfg['firewallRules']['firewallRules'][i + 1]
-
- def get_firewall_rule(self, context, id, edge_id):
- rule_map = vcns_db.get_vcns_edge_firewallrule_binding(
- context.session, id, edge_id)
- if rule_map is None:
- msg = _("No rule id:%s found in the edge_firewall_binding") % id
- LOG.error(msg)
- raise vcns_exc.VcnsNotFound(
- resource='vcns_firewall_rule_bindings', msg=msg)
- vcns_rule_id = rule_map.rule_vseid
- try:
- response = self.vcns.get_firewall_rule(
- edge_id, vcns_rule_id)[1]
- except vcns_exc.VcnsApiException:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to get firewall rule: %(rule_id)s "
- "with edge_id: %(edge_id)s"), {
- 'rule_id': id,
- 'edge_id': edge_id})
- return self._restore_firewall_rule(context, edge_id, response)
-
- def get_firewall(self, context, edge_id):
- response = self._get_firewall(context, edge_id)
- return self._restore_firewall(context, edge_id, response)
-
- def update_firewall(self, context, edge_id, firewall):
- fw_req = self._convert_firewall(context, firewall)
- try:
- self.vcns.update_firewall(edge_id, fw_req)
- except vcns_exc.VcnsApiException:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to update firewall "
- "with edge_id: %s"), edge_id)
- fw_res = self._get_firewall(context, edge_id)
- vcns_db.cleanup_vcns_edge_firewallrule_binding(
- context.session, edge_id)
- self._create_rule_id_mapping(context, edge_id, firewall, fw_res)
-
- def delete_firewall(self, context, edge_id):
- try:
- self.vcns.delete_firewall(edge_id)
- except vcns_exc.VcnsApiException:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to delete firewall "
- "with edge_id:%s"), edge_id)
- vcns_db.cleanup_vcns_edge_firewallrule_binding(
- context.session, edge_id)
-
- def update_firewall_rule(self, context, id, edge_id, firewall_rule):
- rule_map = vcns_db.get_vcns_edge_firewallrule_binding(
- context.session, id, edge_id)
- vcns_rule_id = rule_map.rule_vseid
- fwr_req = self._convert_firewall_rule(context, firewall_rule)
- try:
- self.vcns.update_firewall_rule(edge_id, vcns_rule_id, fwr_req)
- except vcns_exc.VcnsApiException:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to update firewall rule: "
- "%(rule_id)s with edge_id: %(edge_id)s"),
- {'rule_id': id,
- 'edge_id': edge_id})
-
- def delete_firewall_rule(self, context, id, edge_id):
- rule_map = vcns_db.get_vcns_edge_firewallrule_binding(
- context.session, id, edge_id)
- vcns_rule_id = rule_map.rule_vseid
- try:
- self.vcns.delete_firewall_rule(edge_id, vcns_rule_id)
- except vcns_exc.VcnsApiException:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to delete firewall rule: "
- "%(rule_id)s with edge_id: %(edge_id)s"),
- {'rule_id': id,
- 'edge_id': edge_id})
- vcns_db.delete_vcns_edge_firewallrule_binding(
- context.session, id, edge_id)
-
- def _add_rule_above(self, context, ref_rule_id, edge_id, firewall_rule):
- rule_map = vcns_db.get_vcns_edge_firewallrule_binding(
- context.session, ref_rule_id, edge_id)
- ref_vcns_rule_id = rule_map.rule_vseid
- fwr_req = self._convert_firewall_rule(context, firewall_rule)
- try:
- header = self.vcns.add_firewall_rule_above(
- edge_id, ref_vcns_rule_id, fwr_req)[0]
- except vcns_exc.VcnsApiException:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to add firewall rule above: "
- "%(rule_id)s with edge_id: %(edge_id)s"),
- {'rule_id': ref_vcns_rule_id,
- 'edge_id': edge_id})
-
- objuri = header['location']
- fwr_vseid = objuri[objuri.rfind("/") + 1:]
- map_info = {
- 'rule_id': firewall_rule['id'],
- 'rule_vseid': fwr_vseid,
- 'edge_id': edge_id}
- vcns_db.add_vcns_edge_firewallrule_binding(
- context.session, map_info)
-
- def _add_rule_below(self, context, ref_rule_id, edge_id, firewall_rule):
- rule_map = vcns_db.get_vcns_edge_firewallrule_binding(
- context.session, ref_rule_id, edge_id)
- ref_vcns_rule_id = rule_map.rule_vseid
- fwr_vse_next = self._get_firewall_rule_next(
- context, edge_id, ref_vcns_rule_id)
- fwr_req = self._convert_firewall_rule(context, firewall_rule)
- if fwr_vse_next:
- ref_vcns_rule_id = fwr_vse_next['ruleId']
- try:
- header = self.vcns.add_firewall_rule_above(
- edge_id, int(ref_vcns_rule_id), fwr_req)[0]
- except vcns_exc.VcnsApiException:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to add firewall rule above: "
- "%(rule_id)s with edge_id: %(edge_id)s"),
- {'rule_id': ref_vcns_rule_id,
- 'edge_id': edge_id})
- else:
- # append the rule at the bottom
- try:
- header = self.vcns.add_firewall_rule(
- edge_id, fwr_req)[0]
- except vcns_exc.VcnsApiException:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to append a firewall rule"
- "with edge_id: %s"), edge_id)
-
- objuri = header['location']
- fwr_vseid = objuri[objuri.rfind("/") + 1:]
- map_info = {
- 'rule_id': firewall_rule['id'],
- 'rule_vseid': fwr_vseid,
- 'edge_id': edge_id
- }
- vcns_db.add_vcns_edge_firewallrule_binding(
- context.session, map_info)
-
- def insert_rule(self, context, rule_info, edge_id, fwr):
- if rule_info.get('insert_before'):
- self._add_rule_above(
- context, rule_info['insert_before'], edge_id, fwr)
- elif rule_info.get('insert_after'):
- self._add_rule_below(
- context, rule_info['insert_after'], edge_id, fwr)
- else:
- msg = _("Can't execute insert rule operation "
- "without reference rule_id")
- raise vcns_exc.VcnsBadRequest(resource='firewall_rule', msg=msg)
+++ /dev/null
-# Copyright 2014 VMware, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from oslo.utils import excutils
-
-from neutron.i18n import _LE, _LW
-from neutron.openstack.common import log as logging
-from neutron.plugins.vmware.vshield.common import (
- exceptions as vcns_exc)
-
-LOG = logging.getLogger(__name__)
-
-ENCRYPTION_ALGORITHM_MAP = {
- '3des': '3des',
- 'aes-128': 'aes',
- 'aes-256': 'aes256'
-}
-
-PFS_MAP = {
- 'group2': 'dh2',
- 'group5': 'dh5'}
-
-TRANSFORM_PROTOCOL_ALLOWED = ('esp',)
-
-ENCAPSULATION_MODE_ALLOWED = ('tunnel',)
-
-
-class EdgeIPsecVpnDriver():
-
- """Driver APIs for Edge IPsec VPN bulk configuration."""
-
- def _check_ikepolicy_ipsecpolicy_allowed(self, ikepolicy, ipsecpolicy):
- """Check whether ikepolicy and ipsecpolicy are allowed on vshield edge.
-
- Some IPsec VPN configurations and features are configured by default or
- not supported on vshield edge.
-
- """
- # Check validation of IKEPolicy.
- if ikepolicy['ike_version'] != 'v1':
- msg = _("Unsupported ike_version: %s! Only 'v1' ike version is "
- "supported on vshield Edge!"
- ) % ikepolicy['ike_version']
- LOG.warning(msg)
- raise vcns_exc.VcnsBadRequest(resource='ikepolicy',
- msg=msg)
-
- # In VSE, Phase 1 and Phase 2 share the same encryption_algorithm
- # and authentication algorithms setting. At present, just record the
- # discrepancy error in log and take ipsecpolicy to do configuration.
- if (ikepolicy['auth_algorithm'] != ipsecpolicy['auth_algorithm'] or
- ikepolicy['encryption_algorithm'] != ipsecpolicy[
- 'encryption_algorithm'] or
- ikepolicy['pfs'] != ipsecpolicy['pfs']):
- LOG.warning(_LW(
- "IKEPolicy and IPsecPolicy should have consistent "
- "auth_algorithm, encryption_algorithm and pfs for VSE!"))
-
- # Check whether encryption_algorithm is allowed.
- encryption_algorithm = ENCRYPTION_ALGORITHM_MAP.get(
- ipsecpolicy.get('encryption_algorithm'), None)
- if not encryption_algorithm:
- msg = _("Unsupported encryption_algorithm: %s! '3des', "
- "'aes-128' and 'aes-256' are supported on VSE right now."
- ) % ipsecpolicy['encryption_algorithm']
- LOG.warning(msg)
- raise vcns_exc.VcnsBadRequest(resource='ipsecpolicy',
- msg=msg)
-
- # Check whether pfs is allowed.
- if not PFS_MAP.get(ipsecpolicy['pfs']):
- msg = _("Unsupported pfs: %s! 'group2' and 'group5' "
- "are supported on VSE right now.") % ipsecpolicy['pfs']
- LOG.warning(msg)
- raise vcns_exc.VcnsBadRequest(resource='ipsecpolicy',
- msg=msg)
-
- # Check whether transform protocol is allowed.
- if ipsecpolicy['transform_protocol'] not in TRANSFORM_PROTOCOL_ALLOWED:
- msg = _("Unsupported transform protocol: %s! 'esp' is supported "
- "by default on VSE right now."
- ) % ipsecpolicy['transform_protocol']
- LOG.warning(msg)
- raise vcns_exc.VcnsBadRequest(resource='ipsecpolicy',
- msg=msg)
-
- # Check whether encapsulation mode is allowed.
- if ipsecpolicy['encapsulation_mode'] not in ENCAPSULATION_MODE_ALLOWED:
- msg = _("Unsupported encapsulation mode: %s! 'tunnel' is "
- "supported by default on VSE right now."
- ) % ipsecpolicy['encapsulation_mode']
- LOG.warning(msg)
- raise vcns_exc.VcnsBadRequest(resource='ipsecpolicy',
- msg=msg)
-
- def _convert_ipsec_site(self, site, enablePfs=True):
- self._check_ikepolicy_ipsecpolicy_allowed(
- site['ikepolicy'], site['ipsecpolicy'])
- return {
- 'enabled': site['site'].get('admin_state_up'),
- 'enablePfs': enablePfs,
- 'dhGroup': PFS_MAP.get(site['ipsecpolicy']['pfs']),
- 'name': site['site'].get('name'),
- 'description': site['site'].get('description'),
- 'localId': site['external_ip'],
- 'localIp': site['external_ip'],
- 'peerId': site['site'].get('peer_id'),
- 'peerIp': site['site'].get('peer_address'),
- 'localSubnets': {
- 'subnets': [site['subnet'].get('cidr')]},
- 'peerSubnets': {
- 'subnets': site['site'].get('peer_cidrs')},
- 'authenticationMode': site['site'].get('auth_mode'),
- 'psk': site['site'].get('psk'),
- 'encryptionAlgorithm': ENCRYPTION_ALGORITHM_MAP.get(
- site['ipsecpolicy'].get('encryption_algorithm'))}
-
- def update_ipsec_config(self, edge_id, sites, enabled=True):
- ipsec_config = {'featureType': "ipsec_4.0",
- 'enabled': enabled}
- vse_sites = [self._convert_ipsec_site(site) for site in sites]
- ipsec_config['sites'] = {'sites': vse_sites}
- try:
- self.vcns.update_ipsec_config(edge_id, ipsec_config)
- except vcns_exc.VcnsApiException:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to update ipsec vpn "
- "configuration with edge_id: %s"),
- edge_id)
-
- def delete_ipsec_config(self, edge_id):
- try:
- self.vcns.delete_ipsec_config(edge_id)
- except vcns_exc.ResourceNotFound:
- LOG.warning(_LW("IPsec config not found on edge: %s"), edge_id)
- except vcns_exc.VcnsApiException:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to delete ipsec vpn configuration "
- "with edge_id: %s"), edge_id)
-
- def get_ipsec_config(self, edge_id):
- return self.vcns.get_ipsec_config(edge_id)
+++ /dev/null
-# Copyright 2013 VMware, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from oslo.utils import excutils
-
-from neutron.i18n import _LE
-from neutron.openstack.common import log as logging
-from neutron.plugins.vmware.dbexts import vcns_db
-from neutron.plugins.vmware.vshield.common import (
- constants as vcns_const)
-from neutron.plugins.vmware.vshield.common import (
- exceptions as vcns_exc)
-try:
- from neutron_lbaas.services.loadbalancer import constants as lb_constants
-except Exception:
- print("WARNING: missing neutron-lbaas package")
-
-LOG = logging.getLogger(__name__)
-
-BALANCE_MAP = {
- lb_constants.LB_METHOD_ROUND_ROBIN: 'round-robin',
- lb_constants.LB_METHOD_LEAST_CONNECTIONS: 'leastconn',
- lb_constants.LB_METHOD_SOURCE_IP: 'source'
-}
-PROTOCOL_MAP = {
- lb_constants.PROTOCOL_TCP: 'tcp',
- lb_constants.PROTOCOL_HTTP: 'http',
- lb_constants.PROTOCOL_HTTPS: 'tcp'
-}
-SESSION_PERSISTENCE_METHOD_MAP = {
- lb_constants.SESSION_PERSISTENCE_SOURCE_IP: 'sourceip',
- lb_constants.SESSION_PERSISTENCE_APP_COOKIE: 'cookie',
- lb_constants.SESSION_PERSISTENCE_HTTP_COOKIE: 'cookie'}
-SESSION_PERSISTENCE_COOKIE_MAP = {
- lb_constants.SESSION_PERSISTENCE_APP_COOKIE: 'app',
- lb_constants.SESSION_PERSISTENCE_HTTP_COOKIE: 'insert'}
-
-
-class EdgeLbDriver():
- """Implementation of driver APIs for
- Edge Loadbalancer feature configuration
- """
-
- def _convert_lb_vip(self, context, edge_id, vip, app_profileid):
- pool_id = vip.get('pool_id')
- poolid_map = vcns_db.get_vcns_edge_pool_binding(
- context.session, pool_id, edge_id)
- pool_vseid = poolid_map['pool_vseid']
- return {
- 'name': vip.get(
- 'name', '') + vip['id'][-vcns_const.SUFFIX_LENGTH:],
- 'description': vip.get('description'),
- 'ipAddress': vip.get('address'),
- 'protocol': vip.get('protocol'),
- 'port': vip.get('protocol_port'),
- 'connectionLimit': max(0, vip.get('connection_limit')),
- 'defaultPoolId': pool_vseid,
- 'applicationProfileId': app_profileid
- }
-
- def _restore_lb_vip(self, context, edge_id, vip_vse):
- pool_binding = vcns_db.get_vcns_edge_pool_binding_by_vseid(
- context.session,
- edge_id,
- vip_vse['defaultPoolId'])
-
- return {
- 'name': vip_vse['name'][:-vcns_const.SUFFIX_LENGTH],
- 'address': vip_vse['ipAddress'],
- 'protocol': vip_vse['protocol'],
- 'protocol_port': vip_vse['port'],
- 'pool_id': pool_binding['pool_id']
- }
-
- def _convert_lb_pool(self, context, edge_id, pool, members):
- vsepool = {
- 'name': pool.get(
- 'name', '') + pool['id'][-vcns_const.SUFFIX_LENGTH:],
- 'description': pool.get('description'),
- 'algorithm': BALANCE_MAP.get(
- pool.get('lb_method'),
- 'round-robin'),
- 'transparent': True,
- 'member': [],
- 'monitorId': []
- }
- for member in members:
- vsepool['member'].append({
- 'ipAddress': member['address'],
- 'weight': member['weight'],
- 'port': member['protocol_port']
- })
- ##TODO(linb) right now, vse only accept at most one monitor per pool
- monitors = pool.get('health_monitors')
- if not monitors:
- return vsepool
- monitorid_map = vcns_db.get_vcns_edge_monitor_binding(
- context.session,
- monitors[0],
- edge_id)
- vsepool['monitorId'].append(monitorid_map['monitor_vseid'])
- return vsepool
-
- def _restore_lb_pool(self, context, edge_id, pool_vse):
- #TODO(linb): Get more usefule info
- return {
- 'name': pool_vse['name'][:-vcns_const.SUFFIX_LENGTH],
- }
-
- def _convert_lb_monitor(self, context, monitor):
- return {
- 'type': PROTOCOL_MAP.get(
- monitor.get('type'), 'http'),
- 'interval': monitor.get('delay'),
- 'timeout': monitor.get('timeout'),
- 'maxRetries': monitor.get('max_retries'),
- 'name': monitor.get('id')
- }
-
- def _restore_lb_monitor(self, context, edge_id, monitor_vse):
- return {
- 'delay': monitor_vse['interval'],
- 'timeout': monitor_vse['timeout'],
- 'max_retries': monitor_vse['maxRetries'],
- 'id': monitor_vse['name']
- }
-
- def _convert_app_profile(self, name, sess_persist, protocol):
- vcns_app_profile = {
- 'insertXForwardedFor': False,
- 'name': name,
- 'serverSslEnabled': False,
- 'sslPassthrough': False,
- 'template': protocol,
- }
- # Since SSL Termination is not supported right now, so just use
- # sslPassthrough mehtod if the protocol is HTTPS.
- if protocol == lb_constants.PROTOCOL_HTTPS:
- vcns_app_profile['sslPassthrough'] = True
-
- if sess_persist.get('type'):
- # If protocol is not HTTP, only sourceip is supported
- if (protocol != lb_constants.PROTOCOL_HTTP and
- sess_persist['type'] != (
- lb_constants.SESSION_PERSISTENCE_SOURCE_IP)):
- msg = (_("Invalid %(protocol)s persistence method: %(type)s") %
- {'protocol': protocol,
- 'type': sess_persist['type']})
- raise vcns_exc.VcnsBadRequest(resource='sess_persist', msg=msg)
- persistence = {
- 'method': SESSION_PERSISTENCE_METHOD_MAP.get(
- sess_persist['type'])}
- if sess_persist['type'] in SESSION_PERSISTENCE_COOKIE_MAP:
- if sess_persist.get('cookie_name'):
- persistence['cookieName'] = sess_persist['cookie_name']
- else:
- persistence['cookieName'] = 'default_cookie_name'
- persistence['cookieMode'] = SESSION_PERSISTENCE_COOKIE_MAP.get(
- sess_persist['type'])
- vcns_app_profile['persistence'] = persistence
- return vcns_app_profile
-
- def create_vip(self, context, edge_id, vip):
- app_profile = self._convert_app_profile(
- vip['name'], (vip.get('session_persistence') or {}),
- vip.get('protocol'))
- try:
- header, response = self.vcns.create_app_profile(
- edge_id, app_profile)
- except vcns_exc.VcnsApiException:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to create app profile on edge: %s"),
- edge_id)
- objuri = header['location']
- app_profileid = objuri[objuri.rfind("/") + 1:]
-
- vip_new = self._convert_lb_vip(context, edge_id, vip, app_profileid)
- try:
- header, response = self.vcns.create_vip(
- edge_id, vip_new)
- except vcns_exc.VcnsApiException:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to create vip on vshield edge: %s"),
- edge_id)
- self.vcns.delete_app_profile(edge_id, app_profileid)
- objuri = header['location']
- vip_vseid = objuri[objuri.rfind("/") + 1:]
-
- # Add the vip mapping
- map_info = {
- "vip_id": vip['id'],
- "vip_vseid": vip_vseid,
- "edge_id": edge_id,
- "app_profileid": app_profileid
- }
- vcns_db.add_vcns_edge_vip_binding(context.session, map_info)
-
- def _get_vip_binding(self, session, id):
- vip_binding = vcns_db.get_vcns_edge_vip_binding(session, id)
- if not vip_binding:
- msg = (_("vip_binding not found with id: %(id)s "
- "edge_id: %(edge_id)s") % {
- 'id': id,
- 'edge_id': vip_binding[vcns_const.EDGE_ID]})
- LOG.error(msg)
- raise vcns_exc.VcnsNotFound(
- resource='router_service_binding', msg=msg)
- return vip_binding
-
- def get_vip(self, context, id):
- vip_binding = vcns_db.get_vcns_edge_vip_binding(context.session, id)
- edge_id = vip_binding[vcns_const.EDGE_ID]
- vip_vseid = vip_binding['vip_vseid']
- try:
- response = self.vcns.get_vip(edge_id, vip_vseid)[1]
- except vcns_exc.VcnsApiException:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to get vip on edge"))
- return self._restore_lb_vip(context, edge_id, response)
-
- def update_vip(self, context, vip, session_persistence_update=True):
- vip_binding = self._get_vip_binding(context.session, vip['id'])
- edge_id = vip_binding[vcns_const.EDGE_ID]
- vip_vseid = vip_binding.get('vip_vseid')
- if session_persistence_update:
- app_profileid = vip_binding.get('app_profileid')
- app_profile = self._convert_app_profile(
- vip['name'], vip.get('session_persistence', {}),
- vip.get('protocol'))
- try:
- self.vcns.update_app_profile(
- edge_id, app_profileid, app_profile)
- except vcns_exc.VcnsApiException:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to update app profile on "
- "edge: %s"), edge_id)
-
- vip_new = self._convert_lb_vip(context, edge_id, vip, app_profileid)
- try:
- self.vcns.update_vip(edge_id, vip_vseid, vip_new)
- except vcns_exc.VcnsApiException:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to update vip on edge: %s"), edge_id)
-
- def delete_vip(self, context, id):
- vip_binding = self._get_vip_binding(context.session, id)
- edge_id = vip_binding[vcns_const.EDGE_ID]
- vip_vseid = vip_binding['vip_vseid']
- app_profileid = vip_binding['app_profileid']
-
- try:
- self.vcns.delete_vip(edge_id, vip_vseid)
- except vcns_exc.ResourceNotFound:
- LOG.exception(_LE("vip not found on edge: %s"), edge_id)
- except vcns_exc.VcnsApiException:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to delete vip on edge: %s"), edge_id)
-
- try:
- self.vcns.delete_app_profile(edge_id, app_profileid)
- except vcns_exc.ResourceNotFound:
- LOG.exception(_LE("app profile not found on edge: %s"), edge_id)
- except vcns_exc.VcnsApiException:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to delete app profile on edge: %s"),
- edge_id)
-
- vcns_db.delete_vcns_edge_vip_binding(context.session, id)
-
- def create_pool(self, context, edge_id, pool, members):
- pool_new = self._convert_lb_pool(context, edge_id, pool, members)
- try:
- header = self.vcns.create_pool(edge_id, pool_new)[0]
- except vcns_exc.VcnsApiException:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to create pool"))
-
- objuri = header['location']
- pool_vseid = objuri[objuri.rfind("/") + 1:]
-
- # update the pool mapping table
- map_info = {
- "pool_id": pool['id'],
- "pool_vseid": pool_vseid,
- "edge_id": edge_id
- }
- vcns_db.add_vcns_edge_pool_binding(context.session, map_info)
-
- def get_pool(self, context, id, edge_id):
- pool_binding = vcns_db.get_vcns_edge_pool_binding(
- context.session, id, edge_id)
- if not pool_binding:
- msg = (_("pool_binding not found with id: %(id)s "
- "edge_id: %(edge_id)s") % {'id': id, 'edge_id': edge_id})
- LOG.error(msg)
- raise vcns_exc.VcnsNotFound(
- resource='router_service_binding', msg=msg)
- pool_vseid = pool_binding['pool_vseid']
- try:
- response = self.vcns.get_pool(edge_id, pool_vseid)[1]
- except vcns_exc.VcnsApiException:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to get pool on edge"))
- return self._restore_lb_pool(context, edge_id, response)
-
- def update_pool(self, context, edge_id, pool, members):
- pool_binding = vcns_db.get_vcns_edge_pool_binding(
- context.session, pool['id'], edge_id)
- pool_vseid = pool_binding['pool_vseid']
- pool_new = self._convert_lb_pool(context, edge_id, pool, members)
- try:
- self.vcns.update_pool(edge_id, pool_vseid, pool_new)
- except vcns_exc.VcnsApiException:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to update pool"))
-
- def delete_pool(self, context, id, edge_id):
- pool_binding = vcns_db.get_vcns_edge_pool_binding(
- context.session, id, edge_id)
- pool_vseid = pool_binding['pool_vseid']
- try:
- self.vcns.delete_pool(edge_id, pool_vseid)
- except vcns_exc.VcnsApiException:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to delete pool"))
- vcns_db.delete_vcns_edge_pool_binding(
- context.session, id, edge_id)
-
- def create_health_monitor(self, context, edge_id, health_monitor):
- monitor_new = self._convert_lb_monitor(context, health_monitor)
- try:
- header = self.vcns.create_health_monitor(edge_id, monitor_new)[0]
- except vcns_exc.VcnsApiException:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to create monitor on edge: %s"),
- edge_id)
-
- objuri = header['location']
- monitor_vseid = objuri[objuri.rfind("/") + 1:]
-
- # update the health_monitor mapping table
- map_info = {
- "monitor_id": health_monitor['id'],
- "monitor_vseid": monitor_vseid,
- "edge_id": edge_id
- }
- vcns_db.add_vcns_edge_monitor_binding(context.session, map_info)
-
- def get_health_monitor(self, context, id, edge_id):
- monitor_binding = vcns_db.get_vcns_edge_monitor_binding(
- context.session, id, edge_id)
- if not monitor_binding:
- msg = (_("monitor_binding not found with id: %(id)s "
- "edge_id: %(edge_id)s") % {'id': id, 'edge_id': edge_id})
- LOG.error(msg)
- raise vcns_exc.VcnsNotFound(
- resource='router_service_binding', msg=msg)
- monitor_vseid = monitor_binding['monitor_vseid']
- try:
- response = self.vcns.get_health_monitor(edge_id, monitor_vseid)[1]
- except vcns_exc.VcnsApiException as e:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to get monitor on edge: %s"),
- e.response)
- return self._restore_lb_monitor(context, edge_id, response)
-
- def update_health_monitor(self, context, edge_id,
- old_health_monitor, health_monitor):
- monitor_binding = vcns_db.get_vcns_edge_monitor_binding(
- context.session,
- old_health_monitor['id'], edge_id)
- monitor_vseid = monitor_binding['monitor_vseid']
- monitor_new = self._convert_lb_monitor(
- context, health_monitor)
- try:
- self.vcns.update_health_monitor(
- edge_id, monitor_vseid, monitor_new)
- except vcns_exc.VcnsApiException:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to update monitor on edge: %s"),
- edge_id)
-
- def delete_health_monitor(self, context, id, edge_id):
- monitor_binding = vcns_db.get_vcns_edge_monitor_binding(
- context.session, id, edge_id)
- monitor_vseid = monitor_binding['monitor_vseid']
- try:
- self.vcns.delete_health_monitor(edge_id, monitor_vseid)
- except vcns_exc.VcnsApiException:
- with excutils.save_and_reraise_exception():
- LOG.exception(_LE("Failed to delete monitor"))
- vcns_db.delete_vcns_edge_monitor_binding(
- context.session, id, edge_id)
from neutron.openstack.common import log as logging
from neutron.plugins.vmware.common import config # noqa
from neutron.plugins.vmware.vshield import edge_appliance_driver
-from neutron.plugins.vmware.vshield import edge_firewall_driver
-from neutron.plugins.vmware.vshield import edge_ipsecvpn_driver
-from neutron.plugins.vmware.vshield import edge_loadbalancer_driver
from neutron.plugins.vmware.vshield.tasks import tasks
from neutron.plugins.vmware.vshield import vcns
LOG = logging.getLogger(__name__)
-class VcnsDriver(edge_appliance_driver.EdgeApplianceDriver,
- edge_firewall_driver.EdgeFirewallDriver,
- edge_loadbalancer_driver.EdgeLbDriver,
- edge_ipsecvpn_driver.EdgeIPsecVpnDriver):
+class VcnsDriver(edge_appliance_driver.EdgeApplianceDriver):
def __init__(self, callbacks):
super(VcnsDriver, self).__init__()
EXTERNAL_TABLES = (EXTERNAL_FWAAS_TABLES + EXTERNAL_LBAAS_TABLES +
EXTERNAL_VPNAAS_TABLES)
-# TODO(akamyshnikova): Temporarily skip checking FKs on these tables.
-TABLES_WITH_EXTERNAL_FK = ['vcns_edge_monitor_bindings',
- 'vcns_edge_pool_bindings', 'vcns_edge_vip_bindings',
- 'vcns_firewall_rule_bindings']
-
class _TestModelsMigrations(test_migrations.ModelsMigrationsSync):
'''Test for checking of equality models state and migrations.
if col in insp.get_pk_constraint(
table_name)['constrained_columns']:
return False
- # TODO(akamyshnikova): Remove this skip once the logic for
- # vcns_*_bindings is fixed. (Part of advanced services split.)
- elif ((element[0] == 'remove_fk'
- and element[1].parent.name in TABLES_WITH_EXTERNAL_FK)
- or (element[0] == 'drop_key'
- and element[2] in TABLES_WITH_EXTERNAL_FK)):
- return False
-
else:
for modified, _, table, column, _, _, new in element:
if modified == 'modify_default' and dialect == 'mysql':
+++ /dev/null
-# Copyright 2013 OpenStack Foundation.
-#
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-import os
-
-from neutron.plugins.vmware.api_client import client as nsx_client
-from neutron.plugins.vmware.api_client import eventlet_client
-from neutron.plugins.vmware import extensions
-import neutron.plugins.vmware.plugin as neutron_plugin
-from neutron.plugins.vmware.vshield.common import VcnsApiClient as vcnsapi
-from neutron.plugins.vmware.vshield import vcns
-import neutron.plugins.vmware.vshield.vcns_driver as vcnsdriver
-
-
-plugin = neutron_plugin.NsxPlugin
-service_plugin = neutron_plugin.NsxServicePlugin
-api_client = nsx_client.NsxApiClient
-evt_client = eventlet_client.EventletApiClient
-vcns_class = vcns.Vcns
-vcns_driver = vcnsdriver.VcnsDriver
-vcns_api_helper = vcnsapi.VcnsApiHelper
-
-STUBS_PATH = os.path.join(os.path.dirname(__file__), 'etc')
-NSXEXT_PATH = os.path.dirname(extensions.__file__)
-NSXAPI_NAME = '%s.%s' % (api_client.__module__, api_client.__name__)
-PLUGIN_NAME = '%s.%s' % (plugin.__module__, plugin.__name__)
-SERVICE_PLUGIN_NAME = '%s.%s' % (service_plugin.__module__,
- service_plugin.__name__)
-CLIENT_NAME = '%s.%s' % (evt_client.__module__, evt_client.__name__)
-VCNS_NAME = '%s.%s' % (vcns_class.__module__, vcns_class.__name__)
-VCNS_DRIVER_NAME = '%s.%s' % (vcns_driver.__module__, vcns_driver.__name__)
-VCNSAPI_NAME = '%s.%s' % (vcns_api_helper.__module__, vcns_api_helper.__name__)
-
-
-def get_fake_conf(filename):
- return os.path.join(STUBS_PATH, filename)
-
-
-def nsx_method(method_name, module_name='nsxlib'):
- return '%s.%s.%s' % ('neutron.plugins.vmware', module_name, method_name)
+++ /dev/null
-# Copyright (c) 2013 OpenStack Foundation.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-import copy
-
-from eventlet import greenthread
-import mock
-from oslo.config import cfg
-
-from neutron.api.v2 import attributes
-from neutron.common import constants
-from neutron import context
-from neutron.extensions import l3
-from neutron import manager as n_manager
-from neutron.openstack.common import uuidutils
-from neutron.plugins.vmware.common import utils
-from neutron.plugins.vmware.plugins import service as nsp
-from neutron.tests import base
-from neutron.tests.unit import test_l3_plugin
-from neutron.tests.unit import vmware
-from neutron.tests.unit.vmware import test_nsx_plugin
-from neutron.tests.unit.vmware.vshield import fake_vcns
-
-_uuid = uuidutils.generate_uuid
-
-
-class ServiceRouterTestExtensionManager(object):
-
- def get_resources(self):
- # If l3 resources have been loaded and updated by main API
- # router, update the map in the l3 extension so it will load
- # the same attributes as the API router
- l3_attr_map = copy.deepcopy(l3.RESOURCE_ATTRIBUTE_MAP)
- for res in l3.RESOURCE_ATTRIBUTE_MAP.keys():
- attr_info = attributes.RESOURCE_ATTRIBUTE_MAP.get(res)
- if attr_info:
- l3.RESOURCE_ATTRIBUTE_MAP[res] = attr_info
- resources = l3.L3.get_resources()
- # restore the original resources once the controllers are created
- l3.RESOURCE_ATTRIBUTE_MAP = l3_attr_map
-
- return resources
-
- def get_actions(self):
- return []
-
- def get_request_extensions(self):
- return []
-
-
-class ServiceRouterTest(test_nsx_plugin.L3NatTest,
- test_l3_plugin.L3NatTestCaseMixin):
-
- def vcns_patch(self):
- instance = self.mock_vcns.start()
- self.vcns_instance = instance
- instance.return_value.deploy_edge.side_effect = self.fc2.deploy_edge
- instance.return_value.get_edge_id.side_effect = self.fc2.get_edge_id
- instance.return_value.get_edge_deploy_status.side_effect = (
- self.fc2.get_edge_deploy_status)
- instance.return_value.delete_edge.side_effect = self.fc2.delete_edge
- instance.return_value.update_interface.side_effect = (
- self.fc2.update_interface)
- instance.return_value.get_nat_config.side_effect = (
- self.fc2.get_nat_config)
- instance.return_value.update_nat_config.side_effect = (
- self.fc2.update_nat_config)
- instance.return_value.delete_nat_rule.side_effect = (
- self.fc2.delete_nat_rule)
- instance.return_value.get_edge_status.side_effect = (
- self.fc2.get_edge_status)
- instance.return_value.get_edges.side_effect = self.fc2.get_edges
- instance.return_value.update_routes.side_effect = (
- self.fc2.update_routes)
- instance.return_value.create_lswitch.side_effect = (
- self.fc2.create_lswitch)
- instance.return_value.delete_lswitch.side_effect = (
- self.fc2.delete_lswitch)
- instance.return_value.get_loadbalancer_config.side_effect = (
- self.fc2.get_loadbalancer_config)
- instance.return_value.enable_service_loadbalancer.side_effect = (
- self.fc2.enable_service_loadbalancer)
-
- def setUp(self, ext_mgr=None, service_plugins=None):
- cfg.CONF.set_override('api_extensions_path', vmware.NSXEXT_PATH)
- cfg.CONF.set_override('task_status_check_interval', 200, group="vcns")
-
- # vcns does not support duplicated router name, ignore router name
- # validation for unit-test cases
- self.fc2 = fake_vcns.FakeVcns(unique_router_name=False)
- self.mock_vcns = mock.patch(vmware.VCNS_NAME, autospec=True)
- self.vcns_patch()
- mock_proxy = mock.patch(
- "%s.%s" % (vmware.SERVICE_PLUGIN_NAME,
- '_set_create_lswitch_proxy'))
- mock_proxy.start()
-
- ext_mgr = ext_mgr or ServiceRouterTestExtensionManager()
- super(ServiceRouterTest, self).setUp(
- plugin=vmware.SERVICE_PLUGIN_NAME,
- service_plugins=service_plugins,
- ext_mgr=ext_mgr)
-
- self.fc2.set_fake_nsx_api(self.fc)
- self.addCleanup(self.fc2.reset_all)
-
- def tearDown(self):
- plugin = n_manager.NeutronManager.get_plugin()
- manager = plugin.vcns_driver.task_manager
- # wait max ~10 seconds for all tasks to be finished
- for i in range(100):
- if not manager.has_pending_task():
- break
- greenthread.sleep(0.1)
- if manager.has_pending_task():
- manager.show_pending_tasks()
- raise Exception(_("Tasks not completed"))
- manager.stop()
- # Ensure the manager thread has been stopped
- self.assertIsNone(manager._thread)
- super(ServiceRouterTest, self).tearDown()
-
- def _create_router(self, fmt, tenant_id, name=None,
- admin_state_up=None, set_context=False,
- arg_list=None, **kwargs):
- data = {'router': {'tenant_id': tenant_id}}
- if name:
- data['router']['name'] = name
- if admin_state_up:
- data['router']['admin_state_up'] = admin_state_up
- for arg in (('admin_state_up', 'tenant_id') + (arg_list or ())):
- # Arg must be present and not empty
- if arg in kwargs and kwargs[arg]:
- data['router'][arg] = kwargs[arg]
- data['router']['service_router'] = True
- router_req = self.new_create_request('routers', data, fmt)
- if set_context and tenant_id:
- # create a specific auth context for this request
- router_req.environ['neutron.context'] = context.Context(
- '', tenant_id)
-
- return router_req.get_response(self.ext_api)
-
-
-class ServiceRouterTestCase(ServiceRouterTest,
- test_nsx_plugin.TestL3NatTestCase):
-
- def test_router_create(self):
- name = 'router1'
- tenant_id = _uuid()
- expected_value = [('name', name), ('tenant_id', tenant_id),
- ('admin_state_up', True),
- ('external_gateway_info', None),
- ('service_router', True)]
- with self.router(name=name, admin_state_up=True,
- tenant_id=tenant_id) as router:
- expected_value_1 = expected_value + [('status', 'PENDING_CREATE')]
- for k, v in expected_value_1:
- self.assertEqual(router['router'][k], v)
-
- # wait max ~10 seconds for router status update
- for i in range(20):
- greenthread.sleep(0.5)
- res = self._show('routers', router['router']['id'])
- if res['router']['status'] == 'ACTIVE':
- break
- expected_value_2 = expected_value + [('status', 'ACTIVE')]
- for k, v in expected_value_2:
- self.assertEqual(res['router'][k], v)
-
- # check an integration lswitch is created
- lswitch_name = "%s-ls" % name
- for lswitch_id, lswitch in self.fc2._lswitches.iteritems():
- if lswitch['display_name'] == lswitch_name:
- break
- else:
- self.fail("Integration lswitch not found")
-
- # check an integration lswitch is deleted
- lswitch_name = "%s-ls" % name
- for lswitch_id, lswitch in self.fc2._lswitches.iteritems():
- if lswitch['display_name'] == lswitch_name:
- self.fail("Integration switch is not deleted")
-
- def test_router_delete_after_plugin_restart(self):
- name = 'router1'
- tenant_id = _uuid()
- with self.router(name=name, admin_state_up=True,
- tenant_id=tenant_id):
- # clear router type cache to mimic plugin restart
- plugin = n_manager.NeutronManager.get_plugin()
- plugin._router_type = {}
-
- # check an integration lswitch is deleted
- lswitch_name = "%s-ls" % name
- for lswitch_id, lswitch in self.fc2._lswitches.iteritems():
- if lswitch['display_name'] == lswitch_name:
- self.fail("Integration switch is not deleted")
-
- def test_router_show(self):
- name = 'router1'
- tenant_id = _uuid()
- expected_value = [('name', name), ('tenant_id', tenant_id),
- ('admin_state_up', True),
- ('status', 'PENDING_CREATE'),
- ('external_gateway_info', None),
- ('service_router', True)]
- with self.router(name='router1', admin_state_up=True,
- tenant_id=tenant_id) as router:
- res = self._show('routers', router['router']['id'])
- for k, v in expected_value:
- self.assertEqual(res['router'][k], v)
-
- def _test_router_create_with_gwinfo_and_l3_ext_net(self, vlan_id=None):
- super(ServiceRouterTestCase,
- self)._test_router_create_with_gwinfo_and_l3_ext_net(
- vlan_id, validate_ext_gw=False)
-
- def _test_router_update_gateway_on_l3_ext_net(self, vlan_id=None):
- super(ServiceRouterTestCase,
- self)._test_router_update_gateway_on_l3_ext_net(
- vlan_id, validate_ext_gw=False)
-
- def test_floatingip_update(self):
- self._test_floatingip_update(constants.FLOATINGIP_STATUS_ACTIVE)
-
-
-class TestProxyCreateLswitch(base.BaseTestCase):
- def setUp(self):
- super(TestProxyCreateLswitch, self).setUp()
- self.tenant_id = "foo_tenant"
- self.display_name = "foo_network"
- self.tz_config = [
- {'zone_uuid': 'foo_zone',
- 'transport_type': 'stt'}
- ]
- self.tags = utils.get_tags(quantum_net_id='foo_id',
- os_tid=self.tenant_id)
- self.cluster = None
-
- def test_create_lswitch_with_basic_args(self):
- result = nsp._process_base_create_lswitch_args(self.cluster,
- 'foo_id',
- self.tenant_id,
- self.display_name,
- self.tz_config)
- self.assertEqual(self.display_name, result[0])
- self.assertEqual(self.tz_config, result[1])
- self.assertEqual(sorted(self.tags), sorted(result[2]))
-
- def test_create_lswitch_with_shared_as_kwarg(self):
- result = nsp._process_base_create_lswitch_args(self.cluster,
- 'foo_id',
- self.tenant_id,
- self.display_name,
- self.tz_config,
- shared=True)
- expected = self.tags + [{'scope': 'shared', 'tag': 'true'}]
- self.assertEqual(sorted(expected), sorted(result[2]))
-
- def test_create_lswitch_with_shared_as_arg(self):
- result = nsp._process_base_create_lswitch_args(self.cluster,
- 'foo_id',
- self.tenant_id,
- self.display_name,
- self.tz_config,
- True)
- additional_tags = [{'scope': 'shared', 'tag': 'true'}]
- expected = self.tags + additional_tags
- self.assertEqual(sorted(expected), sorted(result[2]))
-
- def test_create_lswitch_with_additional_tags(self):
- more_tags = [{'scope': 'foo_scope', 'tag': 'foo_tag'}]
- result = nsp._process_base_create_lswitch_args(self.cluster,
- 'foo_id',
- self.tenant_id,
- self.display_name,
- self.tz_config,
- tags=more_tags)
- expected = self.tags + more_tags
- self.assertEqual(sorted(expected), sorted(result[2]))
+++ /dev/null
-# Copyright 2013 VMware, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-#
-
-import contextlib
-import mock
-import webob.exc
-
-from neutron import context
-from neutron.db.firewall import firewall_db
-from neutron.openstack.common import uuidutils
-from neutron.plugins.vmware.vshield.common import exceptions as vcns_exc
-from neutron.plugins.vmware.vshield import vcns_driver
-from neutron.tests.unit.db.firewall import test_db_firewall
-from neutron.tests.unit import vmware
-from neutron.tests.unit.vmware.vshield import fake_vcns
-
-
-_uuid = uuidutils.generate_uuid
-
-VSE_ID = 'edge-1'
-ROUTER_ID = '42f95450-5cc9-44e4-a744-1320e592a9d5'
-
-VCNS_CONFIG_FILE = vmware.get_fake_conf("vcns.ini.test")
-
-
-class VcnsDriverTestCase(test_db_firewall.FirewallPluginDbTestCase,
- firewall_db.Firewall_db_mixin):
-
- def vcns_firewall_patch(self):
- instance = self.mock_vcns.start()
- instance.return_value.update_firewall.side_effect = (
- self.fc2.update_firewall)
- instance.return_value.delete_firewall.side_effect = (
- self.fc2.delete_firewall)
- instance.return_value.update_firewall_rule.side_effect = (
- self.fc2.update_firewall_rule)
- instance.return_value.delete_firewall_rule.side_effect = (
- self.fc2.delete_firewall_rule)
- instance.return_value.add_firewall_rule_above.side_effect = (
- self.fc2.add_firewall_rule_above)
- instance.return_value.add_firewall_rule.side_effect = (
- self.fc2.add_firewall_rule)
- instance.return_value.get_firewall.side_effect = (
- self.fc2.get_firewall)
- instance.return_value.get_firewall_rule.side_effect = (
- self.fc2.get_firewall_rule)
-
- def setUp(self):
-
- self.config_parse(args=['--config-file', VCNS_CONFIG_FILE])
- # mock vcns
- self.fc2 = fake_vcns.FakeVcns(unique_router_name=False)
- self.mock_vcns = mock.patch(vmware.VCNS_NAME, autospec=True)
- self.vcns_firewall_patch()
-
- self.driver = vcns_driver.VcnsDriver(mock.Mock())
-
- super(VcnsDriverTestCase, self).setUp()
- self.addCleanup(self.fc2.reset_all)
- self.addCleanup(self.mock_vcns.stop)
-
- self.tenant_id = _uuid()
- self.subnet_id = _uuid()
-
-
-class TestEdgeFwDriver(VcnsDriverTestCase):
-
- def _make_firewall_dict_with_rules(self, context, firewall_id):
- fw = self.get_firewall(context, firewall_id)
- fw_policy_id = fw['firewall_policy_id']
- if fw_policy_id:
- firewall_policy_db = self._get_firewall_policy(
- context, fw_policy_id)
- fw['firewall_rule_list'] = [
- self._make_firewall_rule_dict(fw_rule_db)
- for fw_rule_db in firewall_policy_db['firewall_rules']
- ]
-
- return fw
-
- def _compare_firewall_rule_lists(self, firewall_policy_id,
- list1, list2):
- for r1, r2 in zip(list1, list2):
- rule = r1['firewall_rule']
- rule['firewall_policy_id'] = firewall_policy_id
- for k in rule:
- self.assertEqual(rule[k], r2[k])
-
- def test_create_and_get_firewall(self):
- ctx = context.get_admin_context()
- name = 'firewall'
- with contextlib.nested(self.firewall_rule(name='fwr1',
- do_delete=False),
- self.firewall_rule(name='fwr2',
- do_delete=False),
- self.firewall_rule(name='fwr3',
- do_delete=False)) as fr:
- fw_rule_ids = [r['firewall_rule']['id'] for r in fr]
- with self.firewall_policy(firewall_rules=fw_rule_ids,
- do_delete=False) as fwp:
- fwp_id = fwp['firewall_policy']['id']
- with self.firewall(name=name,
- firewall_policy_id=fwp_id) as firewall:
- fw_create = firewall['firewall']
- fw_expect = self._make_firewall_dict_with_rules(
- ctx, fw_create['id'])
- self.driver.update_firewall(ctx, VSE_ID, fw_expect)
- fw_get = self.driver.get_firewall(ctx, VSE_ID)
- self._compare_firewall_rule_lists(
- fwp_id, fw_get['firewall_rule_list'],
- fw_expect['firewall_rule_list'])
-
- def test_update_firewall_with_rules(self):
- ctx = context.get_admin_context()
- name = 'new_firewall'
- with contextlib.nested(self.firewall_rule(name='fwr1',
- do_delete=False),
- self.firewall_rule(name='fwr2',
- do_delete=False),
- self.firewall_rule(name='fwr3',
- do_delete=False)) as fr:
- fw_rule_ids = [r['firewall_rule']['id'] for r in fr]
- with self.firewall_policy(firewall_rules=fw_rule_ids,
- do_delete=False) as fwp:
- fwp_id = fwp['firewall_policy']['id']
- with self.firewall(name=name,
- firewall_policy_id=fwp_id) as firewall:
- fw_create = firewall['firewall']
- fw_create = self._make_firewall_dict_with_rules(
- ctx, fw_create['id'])
- self.driver.update_firewall(ctx, VSE_ID, fw_create)
-
- data = {'firewall_rule': {'name': name,
- 'source_port': '10:20',
- 'destination_port': '30:40'}}
- self.new_update_request('firewall_rules', data,
- fr[0]['firewall_rule']['id'])
- fw_expect = self._make_firewall_dict_with_rules(
- ctx, fw_create['id'])
- self.driver.update_firewall(ctx, VSE_ID, fw_expect)
-
- fw_get = self.driver.get_firewall(
- ctx, VSE_ID)
- self._compare_firewall_rule_lists(
- fwp_id, fw_get['firewall_rule_list'],
- fw_expect['firewall_rule_list'])
-
- def test_delete_firewall(self):
- ctx = context.get_admin_context()
- name = 'firewall'
- with contextlib.nested(self.firewall_rule(name='fwr1',
- do_delete=False),
- self.firewall_rule(name='fwr2',
- do_delete=False),
- self.firewall_rule(name='fwr3',
- do_delete=False)) as fr:
- fw_rule_ids = [r['firewall_rule']['id'] for r in fr]
- with self.firewall_policy(firewall_rules=fw_rule_ids,
- do_delete=False) as fwp:
- fwp_id = fwp['firewall_policy']['id']
- with self.firewall(name=name,
- firewall_policy_id=fwp_id) as firewall:
- fw_create = firewall['firewall']
- fw_expect = self._make_firewall_dict_with_rules(
- ctx, fw_create['id'])
- self.driver.update_firewall(ctx, VSE_ID, fw_expect)
- self.driver.delete_firewall(ctx, VSE_ID)
- fw_get = self.driver.get_firewall(
- ctx, VSE_ID)
- self.assertFalse(fw_get['firewall_rule_list'])
-
- def test_update_firewall_rule(self):
- ctx = context.get_admin_context()
- name = 'new_firewall'
- with contextlib.nested(self.firewall_rule(name='fwr1',
- do_delete=False)) as fr:
- fw_rule_ids = [r['firewall_rule']['id'] for r in fr]
- with self.firewall_policy(firewall_rules=fw_rule_ids,
- do_delete=False) as fwp:
- fwp_id = fwp['firewall_policy']['id']
- with self.firewall(name=name,
- firewall_policy_id=fwp_id) as firewall:
- fw_create = firewall['firewall']
- fw_create = self._make_firewall_dict_with_rules(
- ctx, fw_create['id'])
- self.driver.update_firewall(ctx, VSE_ID, fw_create)
-
- data = {'firewall_rule': {'name': name,
- 'source_port': '10:20',
- 'destination_port': '30:40'}}
- req = self.new_update_request(
- 'firewall_rules', data,
- fr[0]['firewall_rule']['id'])
- res = self.deserialize(self.fmt,
- req.get_response(self.ext_api))
- rule_expect = res['firewall_rule']
- rule_expect['edge_id'] = VSE_ID
- self.driver.update_firewall_rule(
- ctx, rule_expect['id'], VSE_ID, rule_expect)
- rule_get = self.driver.get_firewall_rule(
- ctx, rule_expect['id'], VSE_ID)
- for k, v in rule_get['firewall_rule'].items():
- self.assertEqual(rule_expect[k], v)
-
- def test_delete_firewall_rule(self):
- ctx = context.get_admin_context()
- name = 'new_firewall'
- with contextlib.nested(self.firewall_rule(name='fwr1',
- do_delete=False),
- self.firewall_rule(name='fwr2',
- do_delete=False)) as fr:
- fw_rule_ids = [r['firewall_rule']['id'] for r in fr]
- with self.firewall_policy(firewall_rules=fw_rule_ids,
- do_delete=False) as fwp:
- fwp_id = fwp['firewall_policy']['id']
- with self.firewall(name=name,
- firewall_policy_id=fwp_id) as firewall:
- fw_create = firewall['firewall']
- fw_create = self._make_firewall_dict_with_rules(
- ctx, fw_create['id'])
- self.driver.update_firewall(ctx, VSE_ID, fw_create)
-
- fr[0]['firewall_rule']['edge_id'] = VSE_ID
- self.driver.delete_firewall_rule(
- ctx, fr[0]['firewall_rule']['id'],
- VSE_ID)
- self.assertRaises(vcns_exc.VcnsNotFound,
- self.driver.get_firewall_rule,
- ctx, fr[0]['firewall_rule']['id'],
- VSE_ID)
-
- def test_insert_rule(self):
- ctx = context.get_admin_context()
- with self.firewall_policy() as fwp:
- fwp_id = fwp['firewall_policy']['id']
- with self.firewall(firewall_policy_id=fwp_id) as firewall:
- fw_create = firewall['firewall']
- fw_create = self._make_firewall_dict_with_rules(
- ctx, fw_create['id'])
- self.driver.update_firewall(ctx, VSE_ID, fw_create)
- with contextlib.nested(self.firewall_rule(name='fwr0',
- do_delete=False),
- self.firewall_rule(name='fwr1',
- do_delete=False),
- self.firewall_rule(name='fwr2',
- do_delete=False),
- self.firewall_rule(name='fwr3',
- do_delete=False),
- self.firewall_rule(name='fwr4',
- do_delete=False),
- self.firewall_rule(name='fwr5',
- do_delete=False),
- self.firewall_rule(
- name='fwr6',
- do_delete=False)) as fwr:
- # test insert when rule list is empty
- fwr0_id = fwr[0]['firewall_rule']['id']
- self._rule_action('insert', fwp_id, fwr0_id,
- insert_before=None,
- insert_after=None,
- expected_code=webob.exc.HTTPOk.code)
- fw_update = self._make_firewall_dict_with_rules(
- ctx, fw_create['id'])
- self.driver.update_firewall(ctx, VSE_ID, fw_update)
- # test insert at top of list above existing rule
- fwr1_id = fwr[1]['firewall_rule']['id']
- self._rule_action('insert', fwp_id, fwr1_id,
- insert_before=fwr0_id,
- insert_after=None,
- expected_code=webob.exc.HTTPOk.code)
-
- fw_expect = self._make_firewall_dict_with_rules(
- ctx, fw_create['id'])
-
- rule_info = {'firewall_rule_id': fwr1_id,
- 'insert_before': fwr0_id,
- 'insert_after': None}
- rule = fwr[1]['firewall_rule']
- self.driver.insert_rule(ctx, rule_info, VSE_ID, rule)
- fw_get = self.driver.get_firewall(
- ctx, VSE_ID)
- self._compare_firewall_rule_lists(
- fwp_id, fw_get['firewall_rule_list'],
- fw_expect['firewall_rule_list'])
- # test insert at bottom of list
- fwr2_id = fwr[2]['firewall_rule']['id']
- self._rule_action('insert', fwp_id, fwr2_id,
- insert_before=None,
- insert_after=fwr0_id,
- expected_code=webob.exc.HTTPOk.code)
- fw_expect = self._make_firewall_dict_with_rules(
- ctx, fw_create['id'])
-
- rule_info = {'firewall_rule_id': fwr2_id,
- 'insert_before': None,
- 'insert_after': fwr0_id}
- rule = fwr[2]['firewall_rule']
- self.driver.insert_rule(ctx, rule_info, VSE_ID, rule)
- fw_get = self.driver.get_firewall(
- ctx, VSE_ID)
- self._compare_firewall_rule_lists(
- fwp_id, fw_get['firewall_rule_list'],
- fw_expect['firewall_rule_list'])
- # test insert in the middle of the list using
- # insert_before
- fwr3_id = fwr[3]['firewall_rule']['id']
- self._rule_action('insert', fwp_id, fwr3_id,
- insert_before=fwr2_id,
- insert_after=None,
- expected_code=webob.exc.HTTPOk.code)
- fw_expect = self._make_firewall_dict_with_rules(
- ctx, fw_create['id'])
-
- rule_info = {'firewall_rule_id': fwr3_id,
- 'insert_before': fwr2_id,
- 'insert_after': None}
- rule = fwr[3]['firewall_rule']
- self.driver.insert_rule(ctx, rule_info, VSE_ID, rule)
- fw_get = self.driver.get_firewall(
- ctx, VSE_ID)
- self._compare_firewall_rule_lists(
- fwp_id, fw_get['firewall_rule_list'],
- fw_expect['firewall_rule_list'])
- # test insert in the middle of the list using
- # insert_after
- fwr4_id = fwr[4]['firewall_rule']['id']
- self._rule_action('insert', fwp_id, fwr4_id,
- insert_before=None,
- insert_after=fwr3_id,
- expected_code=webob.exc.HTTPOk.code)
- fw_expect = self._make_firewall_dict_with_rules(
- ctx, fw_create['id'])
-
- rule_info = {'firewall_rule_id': fwr4_id,
- 'insert_before': None,
- 'insert_after': fwr3_id}
- rule = fwr[4]['firewall_rule']
- self.driver.insert_rule(ctx, rule_info, VSE_ID, rule)
- fw_get = self.driver.get_firewall(
- ctx, VSE_ID)
- self._compare_firewall_rule_lists(
- fwp_id, fw_get['firewall_rule_list'],
- fw_expect['firewall_rule_list'])
- # test insert when both insert_before and
- # insert_after are set
- fwr5_id = fwr[5]['firewall_rule']['id']
- self._rule_action('insert', fwp_id, fwr5_id,
- insert_before=fwr4_id,
- insert_after=fwr4_id,
- expected_code=webob.exc.HTTPOk.code)
- fw_expect = self._make_firewall_dict_with_rules(
- ctx, fw_create['id'])
-
- rule_info = {'firewall_rule_id': fwr5_id,
- 'insert_before': fwr4_id,
- 'insert_after': fwr4_id}
- rule = fwr[5]['firewall_rule']
- self.driver.insert_rule(ctx, rule_info, VSE_ID, rule)
- fw_get = self.driver.get_firewall(
- ctx, VSE_ID)
- self._compare_firewall_rule_lists(
- fwp_id, fw_get['firewall_rule_list'],
- fw_expect['firewall_rule_list'])
+++ /dev/null
-# Copyright 2013 VMware, Inc
-# All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-#
-
-import contextlib
-import copy
-import webob.exc
-
-from neutron.api.v2 import attributes
-from neutron import context
-from neutron.extensions import firewall
-from neutron import manager
-from neutron.openstack.common import uuidutils
-from neutron.plugins.common import constants as const
-from neutron.tests.unit.db.firewall import test_db_firewall
-from neutron.tests.unit.vmware.vshield import test_edge_router
-
-_uuid = uuidutils.generate_uuid
-
-FW_PLUGIN_CLASS = "neutron.plugins.vmware.plugin.NsxServicePlugin"
-
-
-class FirewallTestExtensionManager(
- test_edge_router.ServiceRouterTestExtensionManager):
-
- def get_resources(self):
- # If l3 resources have been loaded and updated by main API
- # router, update the map in the l3 extension so it will load
- # the same attributes as the API router
- resources = super(FirewallTestExtensionManager, self).get_resources()
- firewall_attr_map = copy.deepcopy(firewall.RESOURCE_ATTRIBUTE_MAP)
- for res in firewall.RESOURCE_ATTRIBUTE_MAP.keys():
- attr_info = attributes.RESOURCE_ATTRIBUTE_MAP.get(res)
- if attr_info:
- firewall.RESOURCE_ATTRIBUTE_MAP[res] = attr_info
- fw_resources = firewall.Firewall.get_resources()
- # restore the original resources once the controllers are created
- firewall.RESOURCE_ATTRIBUTE_MAP = firewall_attr_map
-
- resources.extend(fw_resources)
-
- return resources
-
- def get_actions(self):
- return []
-
- def get_request_extensions(self):
- return []
-
-
-class FirewallPluginTestCase(test_db_firewall.FirewallPluginDbTestCase,
- test_edge_router.ServiceRouterTest):
-
- def vcns_firewall_patch(self):
- self.vcns_instance.return_value.update_firewall.side_effect = (
- self.fc2.update_firewall)
- self.vcns_instance.return_value.delete_firewall.side_effect = (
- self.fc2.delete_firewall)
- self.vcns_instance.return_value.update_firewall_rule.side_effect = (
- self.fc2.update_firewall_rule)
- self.vcns_instance.return_value.delete_firewall_rule.side_effect = (
- self.fc2.delete_firewall_rule)
- self.vcns_instance.return_value.add_firewall_rule_above.side_effect = (
- self.fc2.add_firewall_rule_above)
- self.vcns_instance.return_value.add_firewall_rule.side_effect = (
- self.fc2.add_firewall_rule)
- self.vcns_instance.return_value.get_firewall.side_effect = (
- self.fc2.get_firewall)
- self.vcns_instance.return_value.get_firewall_rule.side_effect = (
- self.fc2.get_firewall_rule)
-
- def setUp(self):
- # Save the global RESOURCE_ATTRIBUTE_MAP
- self.saved_attr_map = {}
- for resource, attrs in attributes.RESOURCE_ATTRIBUTE_MAP.iteritems():
- self.saved_attr_map[resource] = attrs.copy()
-
- super(FirewallPluginTestCase, self).setUp(
- ext_mgr=FirewallTestExtensionManager(),
- fw_plugin=FW_PLUGIN_CLASS)
- self.vcns_firewall_patch()
- self.plugin = manager.NeutronManager.get_plugin()
-
- def tearDown(self):
- super(FirewallPluginTestCase, self).tearDown()
- # Restore the global RESOURCE_ATTRIBUTE_MAP
- attributes.RESOURCE_ATTRIBUTE_MAP = self.saved_attr_map
- self.ext_api = None
- self.plugin = None
-
- def _create_and_get_router(self):
- req = self._create_router(self.fmt, self._tenant_id)
- res = self.deserialize(self.fmt, req)
- return res['router']['id']
-
- def _create_firewall(self, fmt, name, description, firewall_policy_id,
- admin_state_up=True, expected_res_status=None,
- **kwargs):
- data = {'firewall': {'name': name,
- 'description': description,
- 'firewall_policy_id': firewall_policy_id,
- 'router_id': kwargs.get('router_id'),
- 'admin_state_up': admin_state_up,
- 'tenant_id': self._tenant_id}}
-
- firewall_req = self.new_create_request('firewalls', data, fmt)
- firewall_res = firewall_req.get_response(self.ext_api)
- if expected_res_status:
- self.assertEqual(firewall_res.status_int, expected_res_status)
-
- return firewall_res
-
- def test_create_firewall(self):
- name = "new_fw"
- attrs = self._get_test_firewall_attrs(name)
-
- with self.firewall_policy() as fwp:
- fwp_id = fwp['firewall_policy']['id']
- attrs['firewall_policy_id'] = fwp_id
- attrs['router_id'] = self._create_and_get_router()
- with self.firewall(
- name=name,
- firewall_policy_id=fwp_id,
- router_id=attrs['router_id'],
- admin_state_up=test_db_firewall.ADMIN_STATE_UP,
- expected_res_status=201
- ) as fw:
- attrs = self._replace_firewall_status(
- attrs, const.PENDING_CREATE, const.ACTIVE)
- for k, v in attrs.iteritems():
- self.assertEqual(fw['firewall'][k], v)
-
- def test_create_firewall_without_policy(self):
- name = "new_fw"
- attrs = self._get_test_firewall_attrs(name)
- attrs['router_id'] = self._create_and_get_router()
-
- with self.firewall(
- name=name,
- router_id=attrs['router_id'],
- admin_state_up=test_db_firewall.ADMIN_STATE_UP,
- expected_res_status=201
- ) as fw:
- attrs = self._replace_firewall_status(
- attrs, const.PENDING_CREATE, const.ACTIVE)
- for k, v in attrs.iteritems():
- self.assertEqual(fw['firewall'][k], v)
-
- def test_update_firewall(self):
- name = "new_fw"
- attrs = self._get_test_firewall_attrs(name)
- attrs['router_id'] = self._create_and_get_router()
-
- with self.firewall_policy() as fwp:
- fwp_id = fwp['firewall_policy']['id']
- attrs['firewall_policy_id'] = fwp_id
- with self.firewall(
- firewall_policy_id=fwp_id, router_id=attrs['router_id'],
- admin_state_up=test_db_firewall.ADMIN_STATE_UP) as fw:
- fw_id = fw['firewall']['id']
- new_data = {'firewall': {'name': name}}
- req = self.new_update_request('firewalls', new_data, fw_id)
- res = req.get_response(self.ext_api)
- self.assertEqual(res.status_int, 200)
- res_json = self.deserialize(
- self.fmt, res)
- attrs = self._replace_firewall_status(
- attrs, const.PENDING_CREATE, const.ACTIVE)
- for k, v in attrs.iteritems():
- self.assertEqual(res_json['firewall'][k], v)
-
- def test_delete_firewall(self):
- ctx = context.get_admin_context()
- with self.firewall_policy() as fwp:
- fwp_id = fwp['firewall_policy']['id']
- with self.firewall(
- firewall_policy_id=fwp_id,
- router_id=self._create_and_get_router(),
- admin_state_up=test_db_firewall.ADMIN_STATE_UP,
- do_delete=False) as fw:
- fw_id = fw['firewall']['id']
- with ctx.session.begin(subtransactions=True):
- req = self.new_delete_request('firewalls', fw_id)
- res = req.get_response(self.ext_api)
- self.assertEqual(res.status_int, 204)
- self.assertRaises(
- firewall.FirewallNotFound,
- self.plugin.get_firewall, ctx, fw_id)
-
- def test_delete_router_in_use_by_fwservice(self):
- router_id = self._create_and_get_router()
- with self.firewall_policy() as fwp:
- fwp_id = fwp['firewall_policy']['id']
- with self.firewall(
- name='fw',
- firewall_policy_id=fwp_id,
- router_id=router_id,
- admin_state_up=test_db_firewall.ADMIN_STATE_UP,
- expected_res_status=201
- ):
- self._delete('routers', router_id,
- expected_code=webob.exc.HTTPConflict.code)
-
- def test_show_firewall(self):
- name = "firewall1"
- attrs = self._get_test_firewall_attrs(name)
- attrs['router_id'] = self._create_and_get_router()
-
- with self.firewall_policy() as fwp:
- fwp_id = fwp['firewall_policy']['id']
- attrs['firewall_policy_id'] = fwp_id
- with self.firewall(
- name=name,
- firewall_policy_id=fwp_id, router_id=attrs['router_id'],
- admin_state_up=test_db_firewall.ADMIN_STATE_UP) as firewall:
-
- req = self.new_show_request('firewalls',
- firewall['firewall']['id'],
- fmt=self.fmt)
- res = self.deserialize(self.fmt,
- req.get_response(self.ext_api))
- attrs = self._replace_firewall_status(
- attrs, const.PENDING_CREATE, const.ACTIVE)
- for k, v in attrs.iteritems():
- self.assertEqual(res['firewall'][k], v)
-
- def test_list_firewalls(self):
- keys_list = []
- for i in range(3):
- keys_list.append({'name': "fw" + str(i),
- 'router_id': self._create_and_get_router(),
- 'admin_state_up': True,
- 'status': "ACTIVE"})
-
- with contextlib.nested(
- self.firewall(
- name='fw0', router_id=keys_list[0]['router_id'],
- admin_state_up=True, description='fw'),
- self.firewall(
- name='fw1', router_id=keys_list[1]['router_id'],
- admin_state_up=True, description='fw'),
- self.firewall(
- name='fw2', router_id=keys_list[2]['router_id'],
- admin_state_up=True, description='fw'),
- ) as (fw1, fw2, fw3):
- self._test_list_resources(
- 'firewall', (fw1, fw2, fw3),
- query_params='description=fw')
-
- req = self.new_list_request('firewalls')
- res = self.deserialize(
- self.fmt, req.get_response(self.ext_api))
- self.assertEqual(len(res['firewalls']), 3)
- for index in range(len(res['firewalls'])):
- for k, v in keys_list[index].items():
- self.assertEqual(res['firewalls'][index][k], v)
-
- def test_create_firewall_with_rules(self):
- ctx = context.get_admin_context()
- with contextlib.nested(self.firewall_rule(name='fwr1'),
- self.firewall_rule(name='fwr2'),
- self.firewall_rule(name='fwr3')) as fr:
- with self.firewall_policy() as fwp:
- fwp_id = fwp['firewall_policy']['id']
- fw_rule_ids = [r['firewall_rule']['id'] for r in fr]
- data = {'firewall_policy':
- {'firewall_rules': fw_rule_ids}}
- req = self.new_update_request(
- 'firewall_policies', data, fwp_id)
- req.get_response(self.ext_api)
- attrs = self._get_test_firewall_attrs()
- attrs['firewall_policy_id'] = fwp_id
- with self.firewall(
- firewall_policy_id=fwp_id,
- router_id=self._create_and_get_router(),
- admin_state_up=test_db_firewall.ADMIN_STATE_UP) as fw:
- rule_list = (
- self.plugin._make_firewall_rule_list_by_policy_id(
- ctx, fw['firewall']['firewall_policy_id']))
- self._compare_firewall_rule_lists(
- fwp_id, fr, rule_list)
-
- def test_update_firewall_policy_with_no_firewall(self):
- name = "new_firewall_policy1"
- attrs = self._get_test_firewall_policy_attrs(name, audited=False)
-
- with self.firewall_policy(shared=test_db_firewall.SHARED,
- firewall_rules=None,
- audited=test_db_firewall.AUDITED) as fwp:
- data = {'firewall_policy': {'name': name}}
- req = self.new_update_request('firewall_policies', data,
- fwp['firewall_policy']['id'])
- res = self.deserialize(self.fmt, req.get_response(self.ext_api))
- for k, v in attrs.iteritems():
- self.assertEqual(res['firewall_policy'][k], v)
-
- def test_update_firewall_policy_with_firewall(self):
- name = "new_firewall_policy1"
- attrs = self._get_test_firewall_policy_attrs(name, audited=False)
-
- with self.firewall_policy(shared=test_db_firewall.SHARED,
- firewall_rules=None,
- audited=test_db_firewall.AUDITED) as fwp:
- fwp_id = fwp['firewall_policy']['id']
- with self.firewall(
- firewall_policy_id=fwp_id,
- router_id=self._create_and_get_router(),
- admin_state_up=test_db_firewall.ADMIN_STATE_UP
- ):
- data = {'firewall_policy': {'name': name}}
- req = self.new_update_request(
- 'firewall_policies', data, fwp['firewall_policy']['id'])
- res = self.deserialize(
- self.fmt, req.get_response(self.ext_api))
- for k, v in attrs.iteritems():
- self.assertEqual(res['firewall_policy'][k], v)
-
- def test_update_firewall_rule_with_no_firewall(self):
- name = "new_firewall_rule1"
- attrs = self._get_test_firewall_rule_attrs(name)
-
- attrs['source_port'] = '10:20'
- attrs['destination_port'] = '30:40'
- with self.firewall_rule() as fwr:
- data = {'firewall_rule': {'name': name,
- 'source_port': '10:20',
- 'destination_port': '30:40'}}
- req = self.new_update_request(
- 'firewall_rules', data, fwr['firewall_rule']['id'])
- res = self.deserialize(
- self.fmt, req.get_response(self.ext_api))
- for k, v in attrs.iteritems():
- self.assertEqual(res['firewall_rule'][k], v)
-
- attrs['source_port'] = '10000'
- attrs['destination_port'] = '80'
- with self.firewall_rule() as fwr:
- data = {'firewall_rule': {'name': name,
- 'source_port': 10000,
- 'destination_port': 80}}
- req = self.new_update_request('firewall_rules', data,
- fwr['firewall_rule']['id'])
- res = self.deserialize(self.fmt, req.get_response(self.ext_api))
- for k, v in attrs.iteritems():
- self.assertEqual(res['firewall_rule'][k], v)
-
- attrs['source_port'] = None
- attrs['destination_port'] = None
- with self.firewall_rule() as fwr:
- data = {'firewall_rule': {'name': name,
- 'source_port': None,
- 'destination_port': None}}
- req = self.new_update_request(
- 'firewall_rules', data, fwr['firewall_rule']['id'])
- res = self.deserialize(
- self.fmt, req.get_response(self.ext_api))
- for k, v in attrs.iteritems():
- self.assertEqual(res['firewall_rule'][k], v)
-
- def test_update_firewall_rule_with_firewall(self):
- name = "new_firewall_rule1"
- attrs = self._get_test_firewall_rule_attrs(name)
- with self.firewall_rule() as fwr:
- with self.firewall_policy() as fwp:
- fwp_id = fwp['firewall_policy']['id']
- attrs['firewall_policy_id'] = fwp_id
- with self.firewall(
- firewall_policy_id=fwp_id,
- router_id=self._create_and_get_router(),
- admin_state_up=test_db_firewall.ADMIN_STATE_UP
- ):
- fwr_id = fwr['firewall_rule']['id']
- data = {'firewall_policy': {'firewall_rules': [fwr_id]}}
- req = self.new_update_request(
- 'firewall_policies', data,
- fwp['firewall_policy']['id'])
- req.get_response(self.ext_api)
- data = {'firewall_rule': {'name': name}}
- req = self.new_update_request(
- 'firewall_rules', data,
- fwr['firewall_rule']['id'])
- res = self.deserialize(
- self.fmt, req.get_response(self.ext_api))
- attrs['firewall_policy_id'] = fwp_id
- for k, v in attrs.iteritems():
- self.assertEqual(res['firewall_rule'][k], v)
-
- def test_insert_rule_with_no_firewall(self):
- attrs = self._get_test_firewall_policy_attrs()
- attrs['audited'] = False
- attrs['firewall_list'] = []
- with contextlib.nested(self.firewall_rule(name='fwr0'),
- self.firewall_rule(name='fwr1'),
- self.firewall_rule(name='fwr2'),
- self.firewall_rule(name='fwr3'),
- self.firewall_rule(name='fwr4'),
- self.firewall_rule(name='fwr5'),
- self.firewall_rule(name='fwr6')) as fwr:
- with self.firewall_policy() as fwp:
- fwp_id = fwp['firewall_policy']['id']
- attrs['id'] = fwp_id
- # test insert when rule list is empty
- fwr0_id = fwr[0]['firewall_rule']['id']
- attrs['firewall_rules'].insert(0, fwr0_id)
- self._rule_action('insert', fwp_id, fwr0_id,
- insert_before=None,
- insert_after=None,
- expected_code=webob.exc.HTTPOk.code,
- expected_body=attrs)
- # test insert at top of rule list, insert_before and
- # insert_after not provided
- fwr1_id = fwr[1]['firewall_rule']['id']
- attrs['firewall_rules'].insert(0, fwr1_id)
- insert_data = {'firewall_rule_id': fwr1_id}
- self._rule_action('insert', fwp_id, fwr0_id,
- expected_code=webob.exc.HTTPOk.code,
- expected_body=attrs, body_data=insert_data)
- # test insert at top of list above existing rule
- fwr2_id = fwr[2]['firewall_rule']['id']
- attrs['firewall_rules'].insert(0, fwr2_id)
- self._rule_action('insert', fwp_id, fwr2_id,
- insert_before=fwr1_id,
- insert_after=None,
- expected_code=webob.exc.HTTPOk.code,
- expected_body=attrs)
- # test insert at bottom of list
- fwr3_id = fwr[3]['firewall_rule']['id']
- attrs['firewall_rules'].append(fwr3_id)
- self._rule_action('insert', fwp_id, fwr3_id,
- insert_before=None,
- insert_after=fwr0_id,
- expected_code=webob.exc.HTTPOk.code,
- expected_body=attrs)
- # test insert in the middle of the list using
- # insert_before
- fwr4_id = fwr[4]['firewall_rule']['id']
- attrs['firewall_rules'].insert(1, fwr4_id)
- self._rule_action('insert', fwp_id, fwr4_id,
- insert_before=fwr1_id,
- insert_after=None,
- expected_code=webob.exc.HTTPOk.code,
- expected_body=attrs)
- # test insert in the middle of the list using
- # insert_after
- fwr5_id = fwr[5]['firewall_rule']['id']
- attrs['firewall_rules'].insert(1, fwr5_id)
- self._rule_action('insert', fwp_id, fwr5_id,
- insert_before=None,
- insert_after=fwr2_id,
- expected_code=webob.exc.HTTPOk.code,
- expected_body=attrs)
- # test insert when both insert_before and
- # insert_after are set
- fwr6_id = fwr[6]['firewall_rule']['id']
- attrs['firewall_rules'].insert(1, fwr6_id)
- self._rule_action('insert', fwp_id, fwr6_id,
- insert_before=fwr5_id,
- insert_after=fwr5_id,
- expected_code=webob.exc.HTTPOk.code,
- expected_body=attrs)
-
- def test_insert_rule_with_firewall(self):
- attrs = self._get_test_firewall_policy_attrs()
- attrs['audited'] = False
- attrs['firewall_list'] = []
- with contextlib.nested(self.firewall_rule(name='fwr0'),
- self.firewall_rule(name='fwr1'),
- self.firewall_rule(name='fwr2'),
- self.firewall_rule(name='fwr3'),
- self.firewall_rule(name='fwr4'),
- self.firewall_rule(name='fwr5'),
- self.firewall_rule(name='fwr6')) as fwr:
- with self.firewall_policy() as fwp:
- fwp_id = fwp['firewall_policy']['id']
- attrs['id'] = fwp_id
- with self.firewall(router_id=self._create_and_get_router(),
- firewall_policy_id=fwp_id) as fw:
- # test insert when rule list is empty
- fwr0_id = fwr[0]['firewall_rule']['id']
- attrs['firewall_rules'].insert(0, fwr0_id)
- attrs['firewall_list'].insert(0, fw['firewall']['id'])
- self._rule_action('insert', fwp_id, fwr0_id,
- insert_before=None,
- insert_after=None,
- expected_code=webob.exc.HTTPOk.code,
- expected_body=attrs)
- # test insert at top of rule list, insert_before and
- # insert_after not provided
- fwr1_id = fwr[1]['firewall_rule']['id']
- attrs['firewall_rules'].insert(0, fwr1_id)
- insert_data = {'firewall_rule_id': fwr1_id}
- self._rule_action(
- 'insert', fwp_id, fwr0_id,
- expected_code=webob.exc.HTTPOk.code,
- expected_body=attrs, body_data=insert_data)
- # test insert at top of list above existing rule
- fwr2_id = fwr[2]['firewall_rule']['id']
- attrs['firewall_rules'].insert(0, fwr2_id)
- self._rule_action('insert', fwp_id, fwr2_id,
- insert_before=fwr1_id,
- insert_after=None,
- expected_code=webob.exc.HTTPOk.code,
- expected_body=attrs)
- # test insert at bottom of list
- fwr3_id = fwr[3]['firewall_rule']['id']
- attrs['firewall_rules'].append(fwr3_id)
- self._rule_action('insert', fwp_id, fwr3_id,
- insert_before=None,
- insert_after=fwr0_id,
- expected_code=webob.exc.HTTPOk.code,
- expected_body=attrs)
- # test insert in the middle of the list using
- # insert_before
- fwr4_id = fwr[4]['firewall_rule']['id']
- attrs['firewall_rules'].insert(1, fwr4_id)
- self._rule_action('insert', fwp_id, fwr4_id,
- insert_before=fwr1_id,
- insert_after=None,
- expected_code=webob.exc.HTTPOk.code,
- expected_body=attrs)
- # test insert in the middle of the list using
- # insert_after
- fwr5_id = fwr[5]['firewall_rule']['id']
- attrs['firewall_rules'].insert(1, fwr5_id)
- self._rule_action('insert', fwp_id, fwr5_id,
- insert_before=None,
- insert_after=fwr2_id,
- expected_code=webob.exc.HTTPOk.code,
- expected_body=attrs)
- # test insert when both insert_before and
- # insert_after are set
- fwr6_id = fwr[6]['firewall_rule']['id']
- attrs['firewall_rules'].insert(1, fwr6_id)
- self._rule_action('insert', fwp_id, fwr6_id,
- insert_before=fwr5_id,
- insert_after=fwr5_id,
- expected_code=webob.exc.HTTPOk.code,
- expected_body=attrs)
-
- def test_remove_rule_with_no_firewall(self):
- attrs = self._get_test_firewall_policy_attrs()
- attrs['audited'] = False
- attrs['firewall_list'] = []
- with self.firewall_policy() as fwp:
- fwp_id = fwp['firewall_policy']['id']
- attrs['id'] = fwp_id
- with contextlib.nested(self.firewall_rule(name='fwr1'),
- self.firewall_rule(name='fwr2'),
- self.firewall_rule(name='fwr3')) as fr1:
- fw_rule_ids = [r['firewall_rule']['id'] for r in fr1]
- attrs['firewall_rules'] = fw_rule_ids[:]
- data = {'firewall_policy':
- {'firewall_rules': fw_rule_ids}}
- req = self.new_update_request('firewall_policies', data,
- fwp_id)
- req.get_response(self.ext_api)
- # test removing a rule from a policy that does not exist
- self._rule_action('remove', '123', fw_rule_ids[1],
- expected_code=webob.exc.HTTPNotFound.code,
- expected_body=None)
- # test removing a rule in the middle of the list
- attrs['firewall_rules'].remove(fw_rule_ids[1])
- self._rule_action('remove', fwp_id, fw_rule_ids[1],
- expected_body=attrs)
- # test removing a rule at the top of the list
- attrs['firewall_rules'].remove(fw_rule_ids[0])
- self._rule_action('remove', fwp_id, fw_rule_ids[0],
- expected_body=attrs)
- # test removing remaining rule in the list
- attrs['firewall_rules'].remove(fw_rule_ids[2])
- self._rule_action('remove', fwp_id, fw_rule_ids[2],
- expected_body=attrs)
- # test removing rule that is not associated with the policy
- self._rule_action('remove', fwp_id, fw_rule_ids[2],
- expected_code=webob.exc.HTTPBadRequest.code,
- expected_body=None)
-
- def test_remove_rule_with_firewall(self):
- attrs = self._get_test_firewall_policy_attrs()
- attrs['audited'] = False
- attrs['firewall_list'] = []
- with self.firewall_policy() as fwp:
- fwp_id = fwp['firewall_policy']['id']
- attrs['id'] = fwp_id
- with self.firewall(router_id=self._create_and_get_router(),
- firewall_policy_id=fwp_id) as fw:
- attrs['firewall_list'].insert(0, fw['firewall']['id'])
- with contextlib.nested(self.firewall_rule(name='fwr1'),
- self.firewall_rule(name='fwr2'),
- self.firewall_rule(name='fwr3')) as fr1:
- fw_rule_ids = [r['firewall_rule']['id'] for r in fr1]
- attrs['firewall_rules'] = fw_rule_ids[:]
- data = {'firewall_policy':
- {'firewall_rules': fw_rule_ids}}
- req = self.new_update_request(
- 'firewall_policies', data, fwp_id)
- req.get_response(self.ext_api)
- # test removing a rule from a policy that does not exist
- self._rule_action(
- 'remove', '123',
- fw_rule_ids[1],
- expected_code=webob.exc.HTTPNotFound.code,
- expected_body=None)
- # test removing a rule in the middle of the list
- attrs['firewall_rules'].remove(fw_rule_ids[1])
- self._rule_action('remove', fwp_id, fw_rule_ids[1],
- expected_body=attrs)
- # test removing a rule at the top of the list
- attrs['firewall_rules'].remove(fw_rule_ids[0])
- self._rule_action('remove', fwp_id, fw_rule_ids[0],
- expected_body=attrs)
- # test removing remaining rule in the list
- attrs['firewall_rules'].remove(fw_rule_ids[2])
- self._rule_action('remove', fwp_id, fw_rule_ids[2],
- expected_body=attrs)
- # test removing rule that is not
- #associated with the policy
- self._rule_action(
- 'remove', fwp_id, fw_rule_ids[2],
- expected_code=webob.exc.HTTPBadRequest.code,
- expected_body=None)
-
- def test_remove_rule_with_firewalls(self):
- attrs = self._get_test_firewall_policy_attrs()
- attrs['audited'] = False
- attrs['firewall_list'] = []
- with self.firewall_policy() as fwp:
- fwp_id = fwp['firewall_policy']['id']
- attrs['id'] = fwp_id
- with contextlib.nested(
- self.firewall(router_id=self._create_and_get_router(),
- firewall_policy_id=fwp_id),
- self.firewall(router_id=self._create_and_get_router(),
- firewall_policy_id=fwp_id)) as (fw1, fw2):
- attrs['firewall_list'].insert(0, fw1['firewall']['id'])
- attrs['firewall_list'].insert(1, fw2['firewall']['id'])
- with contextlib.nested(self.firewall_rule(name='fwr1'),
- self.firewall_rule(name='fwr2'),
- self.firewall_rule(name='fwr3')) as fr1:
- fw_rule_ids = [r['firewall_rule']['id'] for r in fr1]
- attrs['firewall_rules'] = fw_rule_ids[:]
- data = {'firewall_policy':
- {'firewall_rules': fw_rule_ids}}
- req = self.new_update_request(
- 'firewall_policies', data, fwp_id)
- req.get_response(self.ext_api)
- # test removing a rule from a policy that does not exist
- self._rule_action(
- 'remove', '123',
- fw_rule_ids[1],
- expected_code=webob.exc.HTTPNotFound.code,
- expected_body=None)
- # test removing a rule in the middle of the list
- attrs['firewall_rules'].remove(fw_rule_ids[1])
- self._rule_action('remove', fwp_id, fw_rule_ids[1],
- expected_body=attrs)
- # test removing a rule at the top of the list
- attrs['firewall_rules'].remove(fw_rule_ids[0])
- self._rule_action('remove', fwp_id, fw_rule_ids[0],
- expected_body=attrs)
- # test removing remaining rule in the list
- attrs['firewall_rules'].remove(fw_rule_ids[2])
- self._rule_action('remove', fwp_id, fw_rule_ids[2],
- expected_body=attrs)
- # test removing rule that is not
- #associated with the policy
- self._rule_action(
- 'remove', fwp_id, fw_rule_ids[2],
- expected_code=webob.exc.HTTPBadRequest.code,
- expected_body=None)
+++ /dev/null
-# Copyright 2013 VMware, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-#
-
-import contextlib
-
-import testtools
-from webob import exc as web_exc
-
-from neutron.api.v2 import attributes
-from neutron import context
-from neutron.extensions import loadbalancer as lb
-from neutron import manager
-from neutron.openstack.common import uuidutils
-from neutron.tests.unit.db.loadbalancer import test_db_loadbalancer
-from neutron.tests.unit.vmware.vshield import test_edge_router
-
-_uuid = uuidutils.generate_uuid
-
-LBAAS_PLUGIN_CLASS = "neutron.plugins.vmware.plugin.NsxServicePlugin"
-
-
-class LoadBalancerTestExtensionManager(
- test_edge_router.ServiceRouterTestExtensionManager):
-
- def get_resources(self):
- # If l3 resources have been loaded and updated by main API
- # router, update the map in the l3 extension so it will load
- # the same attributes as the API router
- resources = super(LoadBalancerTestExtensionManager,
- self).get_resources()
- lb_attr_map = lb.RESOURCE_ATTRIBUTE_MAP.copy()
- for res in lb.RESOURCE_ATTRIBUTE_MAP.keys():
- attr_info = attributes.RESOURCE_ATTRIBUTE_MAP.get(res)
- if attr_info:
- lb.RESOURCE_ATTRIBUTE_MAP[res] = attr_info
- lb_resources = lb.Loadbalancer.get_resources()
- # restore the original resources once the controllers are created
- lb.RESOURCE_ATTRIBUTE_MAP = lb_attr_map
- resources.extend(lb_resources)
- return resources
-
-
-class TestLoadbalancerPlugin(
- test_db_loadbalancer.LoadBalancerPluginDbTestCase,
- test_edge_router.ServiceRouterTest):
-
- def vcns_loadbalancer_patch(self):
- instance = self.vcns_instance
- instance.return_value.create_vip.side_effect = (
- self.fc2.create_vip)
- instance.return_value.get_vip.side_effect = (
- self.fc2.get_vip)
- instance.return_value.update_vip.side_effect = (
- self.fc2.update_vip)
- instance.return_value.delete_vip.side_effect = (
- self.fc2.delete_vip)
- instance.return_value.create_pool.side_effect = (
- self.fc2.create_pool)
- instance.return_value.get_pool.side_effect = (
- self.fc2.get_pool)
- instance.return_value.update_pool.side_effect = (
- self.fc2.update_pool)
- instance.return_value.delete_pool.side_effect = (
- self.fc2.delete_pool)
- instance.return_value.create_health_monitor.side_effect = (
- self.fc2.create_health_monitor)
- instance.return_value.get_health_monitor.side_effect = (
- self.fc2.get_health_monitor)
- instance.return_value.update_health_monitor.side_effect = (
- self.fc2.update_health_monitor)
- instance.return_value.delete_health_monitor.side_effect = (
- self.fc2.delete_health_monitor)
- instance.return_value.create_app_profile.side_effect = (
- self.fc2.create_app_profile)
- instance.return_value.update_app_profile.side_effect = (
- self.fc2.update_app_profile)
- instance.return_value.delete_app_profile.side_effect = (
- self.fc2.delete_app_profile)
-
- def setUp(self):
- # Save the global RESOURCE_ATTRIBUTE_MAP
- self.saved_attr_map = {}
- for resource, attrs in attributes.RESOURCE_ATTRIBUTE_MAP.iteritems():
- self.saved_attr_map[resource] = attrs.copy()
-
- super(TestLoadbalancerPlugin, self).setUp(
- ext_mgr=LoadBalancerTestExtensionManager(),
- lb_plugin=LBAAS_PLUGIN_CLASS)
- self.vcns_loadbalancer_patch()
- self.plugin = manager.NeutronManager.get_plugin()
-
- def tearDown(self):
- super(TestLoadbalancerPlugin, self).tearDown()
- # Restore the global RESOURCE_ATTRIBUTE_MAP
- attributes.RESOURCE_ATTRIBUTE_MAP = self.saved_attr_map
- self.ext_api = None
- self.plugin = None
-
- def _create_and_get_router(self):
- req = self._create_router(self.fmt, self._tenant_id)
- res = self.deserialize(self.fmt, req)
- return res['router']['id']
-
- def _get_vip_optional_args(self):
- args = super(TestLoadbalancerPlugin, self)._get_vip_optional_args()
- return args + ('router_id',)
-
- def test_update_healthmonitor(self):
- keys = [('type', "TCP"),
- ('tenant_id', self._tenant_id),
- ('delay', 20),
- ('timeout', 20),
- ('max_retries', 2),
- ('admin_state_up', False)]
-
- with contextlib.nested(
- self.subnet(),
- self.health_monitor(),
- self.pool()
- ) as (subnet, health_mon, pool):
- net_id = subnet['subnet']['network_id']
- self._set_net_external(net_id)
- with self.vip(
- router_id=self._create_and_get_router(),
- pool=pool, subnet=subnet):
- self.plugin.create_pool_health_monitor(
- context.get_admin_context(),
- health_mon, pool['pool']['id']
- )
- data = {'health_monitor': {'delay': 20,
- 'timeout': 20,
- 'max_retries': 2,
- 'admin_state_up': False}}
- req = self.new_update_request(
- "health_monitors",
- data,
- health_mon['health_monitor']['id'])
- res = self.deserialize(
- self.fmt, req.get_response(self.ext_api))
- for k, v in keys:
- self.assertEqual(res['health_monitor'][k], v)
-
- def test_create_vip(self, **extras):
- expected = {
- 'name': 'vip1',
- 'description': '',
- 'protocol_port': 80,
- 'protocol': 'HTTP',
- 'connection_limit': -1,
- 'admin_state_up': True,
- 'status': 'ACTIVE',
- 'router_id': self._create_and_get_router(),
- 'tenant_id': self._tenant_id,
- }
-
- expected.update(extras)
-
- name = expected['name']
-
- with contextlib.nested(
- self.subnet(),
- self.health_monitor(),
- self.pool()
- ) as (subnet, monitor, pool):
- net_id = subnet['subnet']['network_id']
- self._set_net_external(net_id)
- expected['pool_id'] = pool['pool']['id']
- self.plugin.create_pool_health_monitor(
- context.get_admin_context(),
- monitor, pool['pool']['id']
- )
- with self.vip(
- router_id=expected['router_id'], name=name,
- pool=pool, subnet=subnet, **extras) as vip:
- for k in ('id', 'address', 'port_id', 'pool_id'):
- self.assertTrue(vip['vip'].get(k, None))
- self.assertEqual(
- dict((k, v)
- for k, v in vip['vip'].items() if k in expected),
- expected
- )
-
- def test_create_vip_with_session_persistence(self):
- self.test_create_vip(session_persistence={'type': 'HTTP_COOKIE'})
-
- def test_create_vip_with_invalid_persistence_method(self):
- with testtools.ExpectedException(web_exc.HTTPClientError):
- self.test_create_vip(
- protocol='TCP',
- session_persistence={'type': 'HTTP_COOKIE'})
-
- def test_create_vips_with_same_names(self):
- new_router_id = self._create_and_get_router()
- with self.subnet() as subnet:
- net_id = subnet['subnet']['network_id']
- self._set_net_external(net_id)
- with contextlib.nested(
- self.vip(
- name='vip',
- router_id=new_router_id,
- subnet=subnet, protocol_port=80),
- self.vip(
- name='vip',
- router_id=new_router_id,
- subnet=subnet, protocol_port=81),
- self.vip(
- name='vip',
- router_id=new_router_id,
- subnet=subnet, protocol_port=82),
- ) as (vip1, vip2, vip3):
- req = self.new_list_request('vips')
- res = self.deserialize(
- self.fmt, req.get_response(self.ext_api))
- for index in range(len(res['vips'])):
- self.assertEqual(res['vips'][index]['name'], 'vip')
-
- def test_update_vip(self):
- name = 'new_vip'
- router_id = self._create_and_get_router()
- keys = [('router_id', router_id),
- ('name', name),
- ('address', "10.0.0.2"),
- ('protocol_port', 80),
- ('connection_limit', 100),
- ('admin_state_up', False),
- ('status', 'ACTIVE')]
-
- with contextlib.nested(
- self.subnet(),
- self.health_monitor(),
- self.pool()
- ) as (subnet, monitor, pool):
- net_id = subnet['subnet']['network_id']
- self._set_net_external(net_id)
- self.plugin.create_pool_health_monitor(
- context.get_admin_context(),
- monitor, pool['pool']['id']
- )
- with self.vip(
- router_id=router_id, name=name,
- pool=pool, subnet=subnet) as vip:
- keys.append(('subnet_id', vip['vip']['subnet_id']))
- data = {'vip': {'name': name,
- 'connection_limit': 100,
- 'session_persistence':
- {'type': "APP_COOKIE",
- 'cookie_name': "jesssionId"},
- 'admin_state_up': False}}
- req = self.new_update_request(
- 'vips', data, vip['vip']['id'])
- res = self.deserialize(self.fmt,
- req.get_response(self.ext_api))
- for k, v in keys:
- self.assertEqual(res['vip'][k], v)
-
- def test_delete_vip(self):
- with contextlib.nested(
- self.subnet(),
- self.health_monitor(),
- self.pool()
- ) as (subnet, monitor, pool):
- net_id = subnet['subnet']['network_id']
- self._set_net_external(net_id)
- self.plugin.create_pool_health_monitor(
- context.get_admin_context(),
- monitor, pool['pool']['id']
- )
- with self.vip(
- router_id=self._create_and_get_router(),
- pool=pool, subnet=subnet, do_delete=False) as vip:
- req = self.new_delete_request('vips', vip['vip']['id'])
- res = req.get_response(self.ext_api)
- self.assertEqual(res.status_int, 204)
-
- def test_delete_router_in_use_by_lbservice(self):
- router_id = self._create_and_get_router()
- with contextlib.nested(
- self.subnet(),
- self.health_monitor(),
- self.pool()
- ) as (subnet, monitor, pool):
- net_id = subnet['subnet']['network_id']
- self._set_net_external(net_id)
- self.plugin.create_pool_health_monitor(
- context.get_admin_context(),
- monitor, pool['pool']['id']
- )
- with self.vip(
- router_id=router_id,
- pool=pool, subnet=subnet):
- self._delete('routers', router_id,
- expected_code=web_exc.HTTPConflict.code)
-
- def test_show_vip(self):
- router_id = self._create_and_get_router()
- name = "vip_show"
- keys = [('name', name),
- ('protocol_port', 80),
- ('protocol', 'HTTP'),
- ('connection_limit', -1),
- ('admin_state_up', True),
- ('status', 'ACTIVE'),
- ('router_id', router_id)]
-
- with contextlib.nested(
- self.subnet(),
- self.health_monitor(),
- self.pool()
- ) as (subnet, monitor, pool):
- net_id = subnet['subnet']['network_id']
- self._set_net_external(net_id)
- self.plugin.create_pool_health_monitor(
- context.get_admin_context(),
- monitor, pool['pool']['id']
- )
- with self.vip(
- router_id=router_id, name=name,
- pool=pool, subnet=subnet) as vip:
- req = self.new_show_request('vips',
- vip['vip']['id'])
- res = self.deserialize(
- self.fmt, req.get_response(self.ext_api))
- for k, v in keys:
- self.assertEqual(res['vip'][k], v)
-
- def test_list_vips(self):
- keys_list = []
- for i in range(3):
- keys_list.append({'name': "vip" + str(i),
- 'router_id': self._create_and_get_router(),
- 'protocol_port': 80 + i,
- 'protocol': "HTTP",
- 'status': "ACTIVE",
- 'admin_state_up': True})
-
- with self.subnet() as subnet:
- net_id = subnet['subnet']['network_id']
- self._set_net_external(net_id)
- with contextlib.nested(
- self.vip(
- router_id=keys_list[0]['router_id'], name='vip0',
- subnet=subnet, protocol_port=80),
- self.vip(
- router_id=keys_list[1]['router_id'], name='vip1',
- subnet=subnet, protocol_port=81),
- self.vip(
- router_id=keys_list[2]['router_id'], name='vip2',
- subnet=subnet, protocol_port=82),
- ) as (vip1, vip2, vip3):
- self._test_list_with_sort(
- 'vip',
- (vip1, vip2, vip3),
- [('protocol_port', 'asc'), ('name', 'desc')]
- )
- req = self.new_list_request('vips')
- res = self.deserialize(
- self.fmt, req.get_response(self.ext_api))
- self.assertEqual(len(res['vips']), 3)
- for index in range(len(res['vips'])):
- for k, v in keys_list[index].items():
- self.assertEqual(res['vips'][index][k], v)
-
- def test_update_pool(self):
- data = {'pool': {'name': "new_pool",
- 'admin_state_up': False}}
- with contextlib.nested(
- self.subnet(),
- self.health_monitor(),
- self.pool()
- ) as (subnet, monitor, pool):
- net_id = subnet['subnet']['network_id']
- self._set_net_external(net_id)
- self.plugin.create_pool_health_monitor(
- context.get_admin_context(),
- monitor, pool['pool']['id']
- )
- with self.vip(
- router_id=self._create_and_get_router(),
- pool=pool, subnet=subnet):
- req = self.new_update_request(
- 'pools', data, pool['pool']['id'])
- res = self.deserialize(self.fmt,
- req.get_response(self.ext_api))
- for k, v in data['pool'].items():
- self.assertEqual(res['pool'][k], v)
-
- def test_create_member(self):
- router_id = self._create_and_get_router()
- with contextlib.nested(
- self.subnet(),
- self.health_monitor(),
- self.pool()
- ) as (subnet, monitor, pool):
- pool_id = pool['pool']['id']
- net_id = subnet['subnet']['network_id']
- self._set_net_external(net_id)
- self.plugin.create_pool_health_monitor(
- context.get_admin_context(),
- monitor, pool['pool']['id']
- )
- with self.vip(
- router_id=router_id,
- pool=pool, subnet=subnet):
- with contextlib.nested(
- self.member(address='192.168.1.100',
- protocol_port=80,
- pool_id=pool_id),
- self.member(router_id=router_id,
- address='192.168.1.101',
- protocol_port=80,
- pool_id=pool_id)) as (member1, member2):
- req = self.new_show_request('pools',
- pool_id,
- fmt=self.fmt)
- pool_update = self.deserialize(
- self.fmt,
- req.get_response(self.ext_api)
- )
- self.assertIn(member1['member']['id'],
- pool_update['pool']['members'])
- self.assertIn(member2['member']['id'],
- pool_update['pool']['members'])
-
- def _show_pool(self, pool_id):
- req = self.new_show_request('pools', pool_id, fmt=self.fmt)
- res = req.get_response(self.ext_api)
- self.assertEqual(web_exc.HTTPOk.code, res.status_int)
- return self.deserialize(self.fmt, res)
-
- def test_update_member(self):
- with contextlib.nested(
- self.subnet(),
- self.health_monitor(),
- self.pool(name="pool1"),
- self.pool(name="pool2")
- ) as (subnet, monitor, pool1, pool2):
- net_id = subnet['subnet']['network_id']
- self._set_net_external(net_id)
- self.plugin.create_pool_health_monitor(
- context.get_admin_context(),
- monitor, pool1['pool']['id']
- )
- self.plugin.create_pool_health_monitor(
- context.get_admin_context(),
- monitor, pool2['pool']['id']
- )
- with self.vip(
- router_id=self._create_and_get_router(),
- pool=pool1, subnet=subnet):
- keys = [('address', "192.168.1.100"),
- ('tenant_id', self._tenant_id),
- ('protocol_port', 80),
- ('weight', 10),
- ('pool_id', pool2['pool']['id']),
- ('admin_state_up', False),
- ('status', 'ACTIVE')]
- with self.member(
- pool_id=pool1['pool']['id']) as member:
-
- pool1_update = self._show_pool(pool1['pool']['id'])
- self.assertEqual(len(pool1_update['pool']['members']), 1)
- pool2_update = self._show_pool(pool2['pool']['id'])
- self.assertEqual(len(pool1_update['pool']['members']), 1)
- self.assertFalse(pool2_update['pool']['members'])
-
- data = {'member': {'pool_id': pool2['pool']['id'],
- 'weight': 10,
- 'admin_state_up': False}}
- req = self.new_update_request('members',
- data,
- member['member']['id'])
- raw_res = req.get_response(self.ext_api)
- self.assertEqual(web_exc.HTTPOk.code, raw_res.status_int)
- res = self.deserialize(self.fmt, raw_res)
- for k, v in keys:
- self.assertEqual(res['member'][k], v)
- pool1_update = self._show_pool(pool1['pool']['id'])
- pool2_update = self._show_pool(pool2['pool']['id'])
- self.assertEqual(len(pool2_update['pool']['members']), 1)
- self.assertFalse(pool1_update['pool']['members'])
-
- def test_delete_member(self):
- with contextlib.nested(
- self.subnet(),
- self.health_monitor(),
- self.pool()
- ) as (subnet, monitor, pool):
- pool_id = pool['pool']['id']
- net_id = subnet['subnet']['network_id']
- self._set_net_external(net_id)
- self.plugin.create_pool_health_monitor(
- context.get_admin_context(),
- monitor, pool['pool']['id']
- )
- with self.vip(
- router_id=self._create_and_get_router(),
- pool=pool, subnet=subnet):
- with self.member(pool_id=pool_id,
- do_delete=False) as member:
- req = self.new_delete_request('members',
- member['member']['id'])
- res = req.get_response(self.ext_api)
- self.assertEqual(res.status_int, 204)
- pool_update = self._show_pool(pool['pool']['id'])
- self.assertFalse(pool_update['pool']['members'])
+++ /dev/null
-# Copyright 2013 VMware, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-import mock
-
-from neutron import context
-from neutron.openstack.common import uuidutils
-from neutron.plugins.vmware.dbexts import vcns_db
-from neutron.plugins.vmware.vshield.common import exceptions as vcns_exc
-from neutron.plugins.vmware.vshield import vcns_driver
-from neutron.tests.unit import vmware
-from neutron.tests.unit.vmware.vshield import fake_vcns
-from neutron_lbaas.services.loadbalancer import constants as lb_constants
-from neutron_lbaas.tests.unit.db.loadbalancer import test_db_loadbalancer
-
-_uuid = uuidutils.generate_uuid
-
-VSE_ID = 'edge-1'
-POOL_MAP_INFO = {
- 'pool_id': None,
- 'edge_id': VSE_ID,
- 'pool_vseid': 'pool-1'}
-
-VCNS_CONFIG_FILE = vmware.get_fake_conf("vcns.ini.test")
-
-
-class VcnsDriverTestCase(test_db_loadbalancer.LoadBalancerPluginDbTestCase):
-
- def vcns_loadbalancer_patch(self):
- instance = self.mock_vcns.start()
- instance.return_value.create_vip.side_effect = (
- self.fc2.create_vip)
- instance.return_value.get_vip.side_effect = (
- self.fc2.get_vip)
- instance.return_value.update_vip.side_effect = (
- self.fc2.update_vip)
- instance.return_value.delete_vip.side_effect = (
- self.fc2.delete_vip)
- instance.return_value.create_pool.side_effect = (
- self.fc2.create_pool)
- instance.return_value.get_pool.side_effect = (
- self.fc2.get_pool)
- instance.return_value.update_pool.side_effect = (
- self.fc2.update_pool)
- instance.return_value.delete_pool.side_effect = (
- self.fc2.delete_pool)
- instance.return_value.create_health_monitor.side_effect = (
- self.fc2.create_health_monitor)
- instance.return_value.get_health_monitor.side_effect = (
- self.fc2.get_health_monitor)
- instance.return_value.update_health_monitor.side_effect = (
- self.fc2.update_health_monitor)
- instance.return_value.delete_health_monitor.side_effect = (
- self.fc2.delete_health_monitor)
- instance.return_value.create_app_profile.side_effect = (
- self.fc2.create_app_profile)
- instance.return_value.update_app_profile.side_effect = (
- self.fc2.update_app_profile)
- instance.return_value.delete_app_profile.side_effect = (
- self.fc2.delete_app_profile)
- self.pool_id = None
- self.vip_id = None
-
- def setUp(self):
-
- self.config_parse(args=['--config-file', VCNS_CONFIG_FILE])
- # mock vcns
- self.fc2 = fake_vcns.FakeVcns(unique_router_name=False)
- self.mock_vcns = mock.patch(vmware.VCNS_NAME, autospec=True)
- self.vcns_loadbalancer_patch()
-
- self.driver = vcns_driver.VcnsDriver(mock.Mock())
-
- super(VcnsDriverTestCase, self).setUp()
- self.addCleanup(self.fc2.reset_all)
- self.addCleanup(self.mock_vcns.stop)
-
- def tearDown(self):
- super(VcnsDriverTestCase, self).tearDown()
-
-
-class TestEdgeLbDriver(VcnsDriverTestCase):
-
- def test_create_and_get_vip(self):
- ctx = context.get_admin_context()
- with self.pool(do_delete=False) as pool:
- self.pool_id = pool['pool']['id']
- POOL_MAP_INFO['pool_id'] = pool['pool']['id']
- vcns_db.add_vcns_edge_pool_binding(ctx.session, POOL_MAP_INFO)
- with self.vip(pool=pool) as res:
- vip_create = res['vip']
- self.driver.create_vip(ctx, VSE_ID, vip_create)
- vip_get = self.driver.get_vip(ctx, vip_create['id'])
- for k, v in vip_get.iteritems():
- self.assertEqual(vip_create[k], v)
-
- def test_create_two_vips_with_same_name(self):
- ctx = context.get_admin_context()
- with self.pool(do_delete=False) as pool:
- self.pool_id = pool['pool']['id']
- POOL_MAP_INFO['pool_id'] = pool['pool']['id']
- vcns_db.add_vcns_edge_pool_binding(ctx.session, POOL_MAP_INFO)
- with self.vip(pool=pool) as res:
- vip_create = res['vip']
- self.driver.create_vip(ctx, VSE_ID, vip_create)
- self.assertRaises(vcns_exc.Forbidden,
- self.driver.create_vip,
- ctx, VSE_ID, vip_create)
-
- def test_convert_app_profile(self):
- app_profile_name = 'app_profile_name'
- sess_persist1 = {'type': "SOURCE_IP"}
- sess_persist2 = {'type': "HTTP_COOKIE"}
- sess_persist3 = {'type': "APP_COOKIE",
- 'cookie_name': "app_cookie_name"}
- # protocol is HTTP and type is SOURCE_IP
- expect_vcns_app_profile1 = {
- 'insertXForwardedFor': False,
- 'name': app_profile_name,
- 'serverSslEnabled': False,
- 'sslPassthrough': False,
- 'template': lb_constants.PROTOCOL_HTTP,
- 'persistence': {'method': 'sourceip'}}
- vcns_app_profile = self.driver._convert_app_profile(
- app_profile_name, sess_persist1, lb_constants.PROTOCOL_HTTP)
- for k, v in expect_vcns_app_profile1.iteritems():
- self.assertEqual(vcns_app_profile[k], v)
- # protocol is HTTP and type is HTTP_COOKIE and APP_COOKIE
- expect_vcns_app_profile2 = {
- 'insertXForwardedFor': False,
- 'name': app_profile_name,
- 'serverSslEnabled': False,
- 'sslPassthrough': False,
- 'template': lb_constants.PROTOCOL_HTTP,
- 'persistence': {'method': 'cookie',
- 'cookieName': 'default_cookie_name',
- 'cookieMode': 'insert'}}
- vcns_app_profile = self.driver._convert_app_profile(
- app_profile_name, sess_persist2, lb_constants.PROTOCOL_HTTP)
- for k, v in expect_vcns_app_profile2.iteritems():
- self.assertEqual(vcns_app_profile[k], v)
- expect_vcns_app_profile3 = {
- 'insertXForwardedFor': False,
- 'name': app_profile_name,
- 'serverSslEnabled': False,
- 'sslPassthrough': False,
- 'template': lb_constants.PROTOCOL_HTTP,
- 'persistence': {'method': 'cookie',
- 'cookieName': sess_persist3['cookie_name'],
- 'cookieMode': 'app'}}
- vcns_app_profile = self.driver._convert_app_profile(
- app_profile_name, sess_persist3, lb_constants.PROTOCOL_HTTP)
- for k, v in expect_vcns_app_profile3.iteritems():
- self.assertEqual(vcns_app_profile[k], v)
- # protocol is HTTPS and type is SOURCE_IP
- expect_vcns_app_profile1 = {
- 'insertXForwardedFor': False,
- 'name': app_profile_name,
- 'serverSslEnabled': False,
- 'sslPassthrough': True,
- 'template': lb_constants.PROTOCOL_HTTPS,
- 'persistence': {'method': 'sourceip'}}
- vcns_app_profile = self.driver._convert_app_profile(
- app_profile_name, sess_persist1, lb_constants.PROTOCOL_HTTPS)
- for k, v in expect_vcns_app_profile1.iteritems():
- self.assertEqual(vcns_app_profile[k], v)
- # protocol is HTTPS, and type isn't SOURCE_IP
- self.assertRaises(vcns_exc.VcnsBadRequest,
- self.driver._convert_app_profile,
- app_profile_name,
- sess_persist2, lb_constants.PROTOCOL_HTTPS)
- self.assertRaises(vcns_exc.VcnsBadRequest,
- self.driver._convert_app_profile,
- app_profile_name,
- sess_persist3, lb_constants.PROTOCOL_HTTPS)
- # protocol is TCP and type is SOURCE_IP
- expect_vcns_app_profile1 = {
- 'insertXForwardedFor': False,
- 'name': app_profile_name,
- 'serverSslEnabled': False,
- 'sslPassthrough': False,
- 'template': lb_constants.PROTOCOL_TCP,
- 'persistence': {'method': 'sourceip'}}
- vcns_app_profile = self.driver._convert_app_profile(
- app_profile_name, sess_persist1, lb_constants.PROTOCOL_TCP)
- for k, v in expect_vcns_app_profile1.iteritems():
- self.assertEqual(vcns_app_profile[k], v)
- # protocol is TCP, and type isn't SOURCE_IP
- self.assertRaises(vcns_exc.VcnsBadRequest,
- self.driver._convert_app_profile,
- app_profile_name,
- sess_persist2, lb_constants.PROTOCOL_TCP)
- self.assertRaises(vcns_exc.VcnsBadRequest,
- self.driver._convert_app_profile,
- app_profile_name,
- sess_persist3, lb_constants.PROTOCOL_TCP)
-
- def test_update_vip(self):
- ctx = context.get_admin_context()
- with self.pool(do_delete=False) as pool:
- self.pool_id = pool['pool']['id']
- POOL_MAP_INFO['pool_id'] = pool['pool']['id']
- vcns_db.add_vcns_edge_pool_binding(ctx.session, POOL_MAP_INFO)
- with self.vip(pool=pool) as res:
- vip_create = res['vip']
- self.driver.create_vip(ctx, VSE_ID, vip_create)
- vip_update = {'id': vip_create['id'],
- 'pool_id': pool['pool']['id'],
- 'name': 'update_name',
- 'description': 'description',
- 'address': 'update_address',
- 'port_id': 'update_port_id',
- 'protocol_port': 'protocol_port',
- 'protocol': 'update_protocol'}
- self.driver.update_vip(ctx, vip_update)
- vip_get = self.driver.get_vip(ctx, vip_create['id'])
- for k, v in vip_get.iteritems():
- if k in vip_update:
- self.assertEqual(vip_update[k], v)
-
- def test_delete_vip(self):
- ctx = context.get_admin_context()
- with self.pool(do_delete=False) as pool:
- self.pool_id = pool['pool']['id']
- POOL_MAP_INFO['pool_id'] = pool['pool']['id']
- vcns_db.add_vcns_edge_pool_binding(ctx.session, POOL_MAP_INFO)
- with self.vip(pool=pool) as res:
- vip_create = res['vip']
- self.driver.create_vip(ctx, VSE_ID, vip_create)
- self.driver.delete_vip(ctx, vip_create['id'])
- self.assertRaises(vcns_exc.VcnsNotFound,
- self.driver.get_vip,
- ctx,
- vip_create['id'])
-
- #Test Pool Operation
- def test_create_and_get_pool(self):
- ctx = context.get_admin_context()
- with self.pool(do_delete=False) as p:
- self.pool_id = p['pool']['id']
- pool_create = p['pool']
- self.driver.create_pool(ctx, VSE_ID, pool_create, [])
- pool_get = self.driver.get_pool(ctx, pool_create['id'], VSE_ID)
- for k, v in pool_get.iteritems():
- self.assertEqual(pool_create[k], v)
-
- def test_create_two_pools_with_same_name(self):
- ctx = context.get_admin_context()
- with self.pool(do_delete=False) as p:
- self.pool_id = p['pool']['id']
- pool_create = p['pool']
- self.driver.create_pool(ctx, VSE_ID, pool_create, [])
- self.assertRaises(vcns_exc.Forbidden,
- self.driver.create_pool,
- ctx, VSE_ID, pool_create, [])
-
- def test_update_pool(self):
- ctx = context.get_admin_context()
- with self.pool(do_delete=False) as p:
- self.pool_id = p['pool']['id']
- pool_create = p['pool']
- self.driver.create_pool(ctx, VSE_ID, pool_create, [])
- pool_update = {'id': pool_create['id'],
- 'lb_method': 'lb_method',
- 'name': 'update_name',
- 'members': [],
- 'health_monitors': []}
- self.driver.update_pool(ctx, VSE_ID, pool_update, [])
- pool_get = self.driver.get_pool(ctx, pool_create['id'], VSE_ID)
- for k, v in pool_get.iteritems():
- if k in pool_update:
- self.assertEqual(pool_update[k], v)
-
- def test_delete_pool(self):
- ctx = context.get_admin_context()
- with self.pool(do_delete=False) as p:
- self.pool_id = p['pool']['id']
- pool_create = p['pool']
- self.driver.create_pool(ctx, VSE_ID, pool_create, [])
- self.driver.delete_pool(ctx, pool_create['id'], VSE_ID)
- self.assertRaises(vcns_exc.VcnsNotFound,
- self.driver.get_pool,
- ctx,
- pool_create['id'],
- VSE_ID)
-
- def test_create_and_get_monitor(self):
- ctx = context.get_admin_context()
- with self.health_monitor(do_delete=False) as m:
- monitor_create = m['health_monitor']
- self.driver.create_health_monitor(ctx, VSE_ID, monitor_create)
- monitor_get = self.driver.get_health_monitor(
- ctx, monitor_create['id'], VSE_ID)
- for k, v in monitor_get.iteritems():
- self.assertEqual(monitor_create[k], v)
-
- def test_update_health_monitor(self):
- ctx = context.get_admin_context()
- with self.health_monitor(do_delete=False) as m:
- monitor_create = m['health_monitor']
- self.driver.create_health_monitor(
- ctx, VSE_ID, monitor_create)
- monitor_update = {'id': monitor_create['id'],
- 'delay': 'new_delay',
- 'timeout': "new_timeout",
- 'type': 'type',
- 'max_retries': "max_retries"}
- self.driver.update_health_monitor(
- ctx, VSE_ID, monitor_create, monitor_update)
- monitor_get = self.driver.get_health_monitor(
- ctx, monitor_create['id'], VSE_ID)
- for k, v in monitor_get.iteritems():
- if k in monitor_update:
- self.assertEqual(monitor_update[k], v)
-
- def test_delete_health_monitor(self):
- ctx = context.get_admin_context()
- with self.health_monitor(do_delete=False) as m:
- monitor_create = m['health_monitor']
- self.driver.create_health_monitor(ctx, VSE_ID, monitor_create)
- self.driver.delete_health_monitor(
- ctx, monitor_create['id'], VSE_ID)
- self.assertRaises(vcns_exc.VcnsNotFound,
- self.driver.get_health_monitor,
- ctx,
- monitor_create['id'],
- VSE_ID)
+++ /dev/null
-# Copyright 2014 VMware, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-import contextlib
-import copy
-
-import webob.exc
-
-from neutron.api.v2 import attributes
-from neutron.db.vpn import vpn_db
-from neutron.extensions import vpnaas
-from neutron import manager
-from neutron.openstack.common import uuidutils
-from neutron.tests.unit.db.vpn import test_db_vpnaas
-from neutron.tests.unit.vmware.vshield import test_edge_router
-
-_uuid = uuidutils.generate_uuid
-
-
-class VPNTestExtensionManager(
- test_edge_router.ServiceRouterTestExtensionManager):
-
- def get_resources(self):
- # If l3 resources have been loaded and updated by main API
- # router, update the map in the l3 extension so it will load
- # the same attributes as the API router
- resources = super(VPNTestExtensionManager, self).get_resources()
- vpn_attr_map = copy.deepcopy(vpnaas.RESOURCE_ATTRIBUTE_MAP)
- for res in vpnaas.RESOURCE_ATTRIBUTE_MAP.keys():
- attr_info = attributes.RESOURCE_ATTRIBUTE_MAP.get(res)
- if attr_info:
- vpnaas.RESOURCE_ATTRIBUTE_MAP[res] = attr_info
- vpn_resources = vpnaas.Vpnaas.get_resources()
- # restore the original resources once the controllers are created
- vpnaas.RESOURCE_ATTRIBUTE_MAP = vpn_attr_map
- resources.extend(vpn_resources)
- return resources
-
-
-class TestVpnPlugin(test_db_vpnaas.VPNTestMixin,
- test_edge_router.ServiceRouterTest):
-
- def vcns_vpn_patch(self):
- instance = self.vcns_instance
- instance.return_value.update_ipsec_config.side_effect = (
- self.fc2.update_ipsec_config)
- instance.return_value.get_ipsec_config.side_effect = (
- self.fc2.get_ipsec_config)
- instance.return_value.delete_ipsec_config.side_effect = (
- self.fc2.delete_ipsec_config)
-
- def setUp(self):
- # Save the global RESOURCE_ATTRIBUTE_MAP
- self.saved_attr_map = {}
- for resource, attrs in attributes.RESOURCE_ATTRIBUTE_MAP.items():
- self.saved_attr_map[resource] = attrs.copy()
-
- super(TestVpnPlugin, self).setUp(ext_mgr=VPNTestExtensionManager())
- self.vcns_vpn_patch()
- self.plugin = manager.NeutronManager.get_plugin()
- self.router_id = None
-
- def tearDown(self):
- super(TestVpnPlugin, self).tearDown()
- # Restore the global RESOURCE_ATTRIBUTE_MAP
- attributes.RESOURCE_ATTRIBUTE_MAP = self.saved_attr_map
- self.ext_api = None
- self.plugin = None
-
- @contextlib.contextmanager
- def router(self, vlan_id=None):
- with self._create_l3_ext_network(vlan_id) as net:
- with self.subnet(cidr='100.0.0.0/24', network=net) as s:
- data = {'router': {'tenant_id': self._tenant_id}}
- data['router']['service_router'] = True
- router_req = self.new_create_request('routers', data, self.fmt)
-
- res = router_req.get_response(self.ext_api)
- router = self.deserialize(self.fmt, res)
- self._add_external_gateway_to_router(
- router['router']['id'],
- s['subnet']['network_id'])
- router = self._show('routers', router['router']['id'])
- yield router
-
- self._delete('routers', router['router']['id'])
-
- def test_create_vpnservice(self, **extras):
- """Test case to create a vpnservice."""
- description = 'my-vpn-service'
- expected = {'name': 'vpnservice1',
- 'description': 'my-vpn-service',
- 'admin_state_up': True,
- 'status': 'ACTIVE',
- 'tenant_id': self._tenant_id, }
-
- expected.update(extras)
- with self.subnet(cidr='10.2.0.0/24') as subnet:
- with self.router() as router:
- expected['router_id'] = router['router']['id']
- expected['subnet_id'] = subnet['subnet']['id']
- name = expected['name']
- with self.vpnservice(name=name,
- subnet=subnet,
- router=router,
- description=description,
- **extras) as vpnservice:
- self.assertEqual(dict((k, v) for k, v in
- vpnservice['vpnservice'].items()
- if k in expected),
- expected)
-
- def test_create_vpnservices_with_same_router(self, **extras):
- """Test case to create two vpnservices with same router."""
- with self.subnet(cidr='10.2.0.0/24') as subnet:
- with self.router() as router:
- with self.vpnservice(name='vpnservice1',
- subnet=subnet,
- router=router):
- res = self._create_vpnservice(
- 'json', 'vpnservice2', True,
- router_id=(router['router']['id']),
- subnet_id=(subnet['subnet']['id']))
- self.assertEqual(
- res.status_int, webob.exc.HTTPConflict.code)
-
- def test_update_vpnservice(self):
- """Test case to update a vpnservice."""
- name = 'new_vpnservice1'
- expected = [('name', name)]
- with contextlib.nested(
- self.subnet(cidr='10.2.0.0/24'),
- self.router()) as (subnet, router):
- with self.vpnservice(name=name,
- subnet=subnet,
- router=router) as vpnservice:
- expected.append(('subnet_id',
- vpnservice['vpnservice']['subnet_id']))
- expected.append(('router_id',
- vpnservice['vpnservice']['router_id']))
- data = {'vpnservice': {'name': name,
- 'admin_state_up': False}}
- expected.append(('admin_state_up', False))
- self._set_active(vpn_db.VPNService,
- vpnservice['vpnservice']['id'])
- req = self.new_update_request(
- 'vpnservices',
- data,
- vpnservice['vpnservice']['id'])
- res = self.deserialize(self.fmt,
- req.get_response(self.ext_api))
- for k, v in expected:
- self.assertEqual(res['vpnservice'][k], v)
-
- def test_delete_vpnservice(self):
- """Test case to delete a vpnservice."""
- with self.subnet(cidr='10.2.0.0/24') as subnet:
- with self.router() as router:
- with self.vpnservice(name='vpnservice',
- subnet=subnet,
- router=router,
- do_delete=False) as vpnservice:
- req = self.new_delete_request(
- 'vpnservices', vpnservice['vpnservice']['id'])
- res = req.get_response(self.ext_api)
- self.assertEqual(res.status_int, 204)
-
- def test_delete_router_in_use_by_vpnservice(self):
- """Test delete router in use by vpn service."""
- with self.subnet(cidr='10.2.0.0/24') as subnet:
- with self.router() as router:
- with self.vpnservice(subnet=subnet,
- router=router):
- self._delete('routers', router['router']['id'],
- expected_code=webob.exc.HTTPConflict.code)
-
- def _test_create_ipsec_site_connection(self, key_overrides=None,
- ike_key_overrides=None,
- ipsec_key_overrides=None,
- setup_overrides=None,
- expected_status_int=200):
- """Create ipsec_site_connection and check results."""
- params = {'ikename': 'ikepolicy1',
- 'ipsecname': 'ipsecpolicy1',
- 'vpnsname': 'vpnservice1',
- 'subnet_cidr': '10.2.0.0/24',
- 'subnet_version': 4}
- if setup_overrides:
- params.update(setup_overrides)
- expected = {'name': 'connection1',
- 'description': 'my-ipsec-connection',
- 'peer_address': '192.168.1.10',
- 'peer_id': '192.168.1.10',
- 'peer_cidrs': ['192.168.2.0/24', '192.168.3.0/24'],
- 'initiator': 'bi-directional',
- 'mtu': 1500,
- 'tenant_id': self._tenant_id,
- 'psk': 'abcd',
- 'status': 'ACTIVE',
- 'admin_state_up': True}
- if key_overrides:
- expected.update(key_overrides)
-
- ike_expected = {'name': params['ikename'],
- 'auth_algorithm': 'sha1',
- 'encryption_algorithm': 'aes-128',
- 'ike_version': 'v1',
- 'pfs': 'group5'}
- if ike_key_overrides:
- ike_expected.update(ike_key_overrides)
-
- ipsec_expected = {'name': params['ipsecname'],
- 'auth_algorithm': 'sha1',
- 'encryption_algorithm': 'aes-128',
- 'pfs': 'group5'}
- if ipsec_key_overrides:
- ipsec_expected.update(ipsec_key_overrides)
-
- dpd = {'action': 'hold',
- 'interval': 40,
- 'timeout': 120}
- with contextlib.nested(
- self.ikepolicy(self.fmt, ike_expected['name'],
- ike_expected['auth_algorithm'],
- ike_expected['encryption_algorithm'],
- ike_version=ike_expected['ike_version'],
- pfs=ike_expected['pfs']),
- self.ipsecpolicy(self.fmt, ipsec_expected['name'],
- ipsec_expected['auth_algorithm'],
- ipsec_expected['encryption_algorithm'],
- pfs=ipsec_expected['pfs']),
- self.subnet(cidr=params['subnet_cidr'],
- ip_version=params['subnet_version']),
- self.router()) as (
- ikepolicy, ipsecpolicy, subnet, router):
- with self.vpnservice(name=params['vpnsname'], subnet=subnet,
- router=router) as vpnservice1:
- expected['ikepolicy_id'] = ikepolicy['ikepolicy']['id']
- expected['ipsecpolicy_id'] = (
- ipsecpolicy['ipsecpolicy']['id']
- )
- expected['vpnservice_id'] = (
- vpnservice1['vpnservice']['id']
- )
- try:
- with self.ipsec_site_connection(
- self.fmt,
- expected['name'],
- expected['peer_address'],
- expected['peer_id'],
- expected['peer_cidrs'],
- expected['mtu'],
- expected['psk'],
- expected['initiator'],
- dpd['action'],
- dpd['interval'],
- dpd['timeout'],
- vpnservice1,
- ikepolicy,
- ipsecpolicy,
- expected['admin_state_up'],
- description=expected['description']
- ) as ipsec_site_connection:
- if expected_status_int != 200:
- self.fail("Expected failure on create")
- self._check_ipsec_site_connection(
- ipsec_site_connection['ipsec_site_connection'],
- expected,
- dpd)
- except webob.exc.HTTPClientError as ce:
- self.assertEqual(ce.code, expected_status_int)
-
- def test_create_ipsec_site_connection(self, **extras):
- """Test case to create an ipsec_site_connection."""
- self._test_create_ipsec_site_connection(key_overrides=extras)
-
- def test_create_ipsec_site_connection_invalid_ikepolicy(self):
- self._test_create_ipsec_site_connection(
- ike_key_overrides={'ike_version': 'v2'},
- expected_status_int=400)
-
- def test_create_ipsec_site_connection_invalid_ipsecpolicy(self):
- self._test_create_ipsec_site_connection(
- ipsec_key_overrides={'encryption_algorithm': 'aes-192'},
- expected_status_int=400)
- self._test_create_ipsec_site_connection(
- ipsec_key_overrides={'pfs': 'group14'},
- expected_status_int=400)
-
- def _test_update_ipsec_site_connection(self,
- update={'name': 'new name'},
- overrides=None,
- expected_status_int=200):
- """Creates and then updates ipsec_site_connection."""
- expected = {'name': 'new_ipsec_site_connection',
- 'ikename': 'ikepolicy1',
- 'ipsecname': 'ipsecpolicy1',
- 'vpnsname': 'vpnservice1',
- 'description': 'my-ipsec-connection',
- 'peer_address': '192.168.1.10',
- 'peer_id': '192.168.1.10',
- 'peer_cidrs': ['192.168.2.0/24', '192.168.3.0/24'],
- 'initiator': 'bi-directional',
- 'mtu': 1500,
- 'tenant_id': self._tenant_id,
- 'psk': 'abcd',
- 'status': 'ACTIVE',
- 'admin_state_up': True,
- 'action': 'hold',
- 'interval': 40,
- 'timeout': 120,
- 'subnet_cidr': '10.2.0.0/24',
- 'subnet_version': 4,
- 'make_active': True}
- if overrides:
- expected.update(overrides)
-
- with contextlib.nested(
- self.ikepolicy(name=expected['ikename']),
- self.ipsecpolicy(name=expected['ipsecname']),
- self.subnet(cidr=expected['subnet_cidr'],
- ip_version=expected['subnet_version']),
- self.router()
- ) as (ikepolicy, ipsecpolicy, subnet, router):
- with self.vpnservice(name=expected['vpnsname'], subnet=subnet,
- router=router) as vpnservice1:
- expected['vpnservice_id'] = vpnservice1['vpnservice']['id']
- expected['ikepolicy_id'] = ikepolicy['ikepolicy']['id']
- expected['ipsecpolicy_id'] = ipsecpolicy['ipsecpolicy']['id']
- with self.ipsec_site_connection(
- self.fmt,
- expected['name'],
- expected['peer_address'],
- expected['peer_id'],
- expected['peer_cidrs'],
- expected['mtu'],
- expected['psk'],
- expected['initiator'],
- expected['action'],
- expected['interval'],
- expected['timeout'],
- vpnservice1,
- ikepolicy,
- ipsecpolicy,
- expected['admin_state_up'],
- description=expected['description']
- ) as ipsec_site_connection:
- data = {'ipsec_site_connection': update}
- if expected.get('make_active'):
- self._set_active(
- vpn_db.IPsecSiteConnection,
- (ipsec_site_connection['ipsec_site_connection']
- ['id']))
- req = self.new_update_request(
- 'ipsec-site-connections',
- data,
- ipsec_site_connection['ipsec_site_connection']['id'])
- res = req.get_response(self.ext_api)
- self.assertEqual(expected_status_int, res.status_int)
- if expected_status_int == 200:
- res_dict = self.deserialize(self.fmt, res)
- for k, v in update.items():
- self.assertEqual(
- res_dict['ipsec_site_connection'][k], v)
-
- def test_update_ipsec_site_connection(self):
- """Test case for valid updates to IPSec site connection."""
- dpd = {'action': 'hold',
- 'interval': 40,
- 'timeout': 120}
- self._test_update_ipsec_site_connection(update={'dpd': dpd})
- self._test_update_ipsec_site_connection(update={'mtu': 2000})
-
- def test_delete_ipsec_site_connection(self):
- """Test case to delete a ipsec_site_connection."""
- with self.ipsec_site_connection(
- do_delete=False) as ipsec_site_connection:
- req = self.new_delete_request(
- 'ipsec-site-connections',
- ipsec_site_connection['ipsec_site_connection']['id']
- )
- res = req.get_response(self.ext_api)
- self.assertEqual(res.status_int, 204)
Code Review / openstack-build / neutron-build.git / commitdiff