Allow AZ to override valid_vip_networks config

Different AZs may have access to different vip networks. Change-Id: I7169b34d93bc8a265fc74fedcbba67e980285a7e
2019-12-17 16:45:43 -08:00
parent 741397f1a9
commit 4a360bfda7
9 changed files with 50 additions and 10 deletions
--- a/doc/source/admin/flavors.rst
+++ b/doc/source/admin/flavors.rst
@@ -22,14 +22,14 @@ balancing capabilities to their users. An Octavia flavor is a predefined
 set of provider configuration options that are created by the operator.
 When an user requests a load balancer they can request the load balancer
 be built with one of the defined flavors. Flavors are defined per provider
-driver and expose the unique capabilites of each provider.
+driver and expose the unique capabilities of each provider.
 This document is intended to explain the flavors capability for operators
 that wish to create flavors for their users.
 There are three steps to creating a new Octavia flavor:
-#. Decide on the provider flavor capabilites that will be configured in the
+#. Decide on the provider flavor capabilities that will be configured in the
   flavor.
 #. Create the flavor profile with the flavor capabilities.
 #. Create the user facing flavor.
@@ -132,8 +132,8 @@ The output of the command above is::
  | name              | standalone-lb                        |
  | flavor_profile_id | 72b53ac2-b191-48eb-8f73-ed012caca23a |
  | enabled           | True                                 |
-  | description       | A non-high availability load b       |
+  | description       | A non-high availability load         |
-  |                   | alancer for testing.                 |
+  |                   | balancer for testing.                |
  +-------------------+--------------------------------------+
 At this point, the flavor is available for use by users creating new load
--- a/doc/source/contributor/guides/providers.rst
+++ b/doc/source/contributor/guides/providers.rst
@@ -1770,7 +1770,8 @@ description. For example:
 .. code-block:: python
    {"compute_zone": "The compute availability zone to use for this loadbalancer.",
-     "management_network": "The management network ID for the loadbalancer."}
+     "management_network": "The management network ID for the loadbalancer.",
     "valid_vip_networks": "List of network IDs that are allowed for VIP use. This overrides/replaces the list of allowed networks configured in `octavia.conf`."}
 validate_availability_zone
 ^^^^^^^^^^^^^^^^^^^^^^^^^^
--- a/octavia/api/drivers/amphora_driver/availability_zone_schema.py
+++ b/octavia/api/drivers/amphora_driver/availability_zone_schema.py
@@ -42,6 +42,12 @@ SUPPORTED_AVAILABILITY_ZONE_SCHEMA = {
        consts.MANAGEMENT_NETWORK: {
            "type": "string",
            "description": "The management network ID for the amphora."
        },
        consts.VALID_VIP_NETWORKS: {
            "type": "array",
            "description": "List of network IDs that are allowed for VIP use. "
                           "This overrides/replaces the list of allowed "
                           "networks configured in `octavia.conf`."
        }
    }
 }
--- a/octavia/api/drivers/amphora_driver/v2/driver.py
+++ b/octavia/api/drivers/amphora_driver/v2/driver.py
@@ -464,3 +464,16 @@ class AmphoraProviderDriver(driver_base.ProviderDriver):
            # TODO(johnsom) Fix this to raise a NotFound error
            # when the octavia-lib supports it.
            compute_driver.validate_availability_zone(compute_zone)
        check_nets = availability_zone_dict.get(
            consts.VALID_VIP_NETWORKS, [])
        management_net = availability_zone_dict.get(
            consts.MANAGEMENT_NETWORK, None)
        if management_net:
            check_nets.append(management_net)
        for check_net in check_nets:
            network_driver = utils.get_network_driver()
            # TODO(johnsom) Fix this to raise a NotFound error
            # when the octavia-lib supports it.
            network_driver.get_network(check_net)
--- a/octavia/api/v2/controllers/load_balancer.py
+++ b/octavia/api/v2/controllers/load_balancer.py
@@ -246,7 +246,6 @@ class LoadBalancersController(base.BaseController):
        if load_balancer.vip_qos_policy_id:
            validate.qos_policy_exists(
                qos_policy_id=load_balancer.vip_qos_policy_id)
        validate.network_allowed_by_config(load_balancer.vip_network_id)
    def _create_vip_port_if_not_exist(self, load_balancer_db):
        """Create vip port."""
@@ -427,6 +426,10 @@ class LoadBalancersController(base.BaseController):
            az_dict = self._validate_and_return_az_dict(lock_session, driver,
                                                        lb_dict)
            # Validate the network as soon as we have the AZ data
            validate.network_allowed_by_config(
                load_balancer.vip_network_id,
                valid_networks=az_dict.get(constants.VALID_VIP_NETWORKS))
            db_lb = self.repositories.create_load_balancer_and_vip(
                lock_session, lb_dict, vip_dict)
--- a/octavia/common/constants.py
+++ b/octavia/common/constants.py
@@ -404,6 +404,7 @@ TOPOLOGY = 'topology'
 TOTAL_CONNECTIONS = 'total_connections'
 UPDATED_AT = 'updated_at'
 UPDATE_DICT = 'update_dict'
 VALID_VIP_NETWORKS = 'valid_vip_networks'
 VIP = 'vip'
 VIP_ADDRESS = 'vip_address'
 VIP_NETWORK = 'vip_network'
--- a/octavia/common/validate.py
+++ b/octavia/common/validate.py
@@ -376,10 +376,12 @@ def network_exists_optionally_contains_subnet(network_id, subnet_id=None):
    return network
-def network_allowed_by_config(network_id):
+def network_allowed_by_config(network_id, valid_networks=None):
-    if CONF.networking.valid_vip_networks:
+    if CONF.networking.valid_vip_networks and not valid_networks:
-        valid_networks = map(str.lower, CONF.networking.valid_vip_networks)
+        valid_networks = CONF.networking.valid_vip_networks
-        if network_id not in valid_networks:
+    if valid_networks:
        valid_networks = map(str.lower, valid_networks)
        if network_id.lower() not in valid_networks:
            raise exceptions.ValidationException(detail=_(
                'Supplied VIP network_id is not allowed by the configuration '
                'of this deployment.'))
--- a/octavia/tests/unit/api/drivers/amphora_driver/v2/test_amphora_driver.py
+++ b/octavia/tests/unit/api/drivers/amphora_driver/v2/test_amphora_driver.py
@@ -685,9 +685,18 @@ class TestAmphoraDriver(base.TestRpc):
                self.amp_driver.get_supported_availability_zone_metadata)
    def test_validate_availability_zone(self):
        # Test compute zone
        ref_dict = {consts.COMPUTE_ZONE: 'my_compute_zone'}
        self.amp_driver.validate_availability_zone(ref_dict)
        # Test vip networks
        ref_dict = {consts.VALID_VIP_NETWORKS: ['my_vip_net']}
        self.amp_driver.validate_availability_zone(ref_dict)
        # Test management network
        ref_dict = {consts.MANAGEMENT_NETWORK: 'my_management_net'}
        self.amp_driver.validate_availability_zone(ref_dict)
        # Test bad availability zone metadata key
        ref_dict = {'bogus': 'bogus'}
        self.assertRaises(exceptions.UnsupportedOptionError,
--- a/releasenotes/notes/availability-zones-can-override-valid-vip-networks-5566aa4769c158dc.yaml
+++ b/releasenotes/notes/availability-zones-can-override-valid-vip-networks-5566aa4769c158dc.yaml
@@ -0,0 +1,5 @@
 ---
 features:
  - |
    Availability zone profiles can now override the ``valid_vip_networks``
    configuration option.