TVD project plugin mappings validations

Only admin user will be able to create a mapping, and the project id should have the uuid format Change-Id: Ia87b8fd024d0b9c6fe2d3317134f54526b328b11
2018-01-08 10:56:43 +02:00 · 2018-01-08 10:56:43 +02:00 · 13232a5145
commit 13232a5145
parent 1c0b3c2b8a
4 changed files with 33 additions and 20 deletions
--- a/vmware_nsx/extensions/projectpluginmap.py
+++ b/vmware_nsx/extensions/projectpluginmap.py
@ -107,6 +107,14 @@ class ProjectPluginAlreadyExists(nexception.Conflict):
                "%(project_id)s.")


+class ProjectPluginAdminOnly(nexception.NotAuthorized):
+    message = _("Project Plugin map can be added only by an admin user.")
+
+
+class ProjectPluginIllegalId(nexception.Conflict):
+    message = _("Project ID %(project_id)s is illegal.")
+
+
 class ProjectPluginMapPluginBase(object):

    @abc.abstractmethod
--- a/vmware_nsx/plugins/nsx/plugin.py
+++ b/vmware_nsx/plugins/nsx/plugin.py
@ -25,6 +25,7 @@ from neutron_lib.plugins import directory
 from oslo_config import cfg
 from oslo_log import log as logging
 from oslo_utils import excutils
+from oslo_utils import uuidutils

 from neutron.db import _resource_extend as resource_extend
 from neutron.db import _utils as db_utils
@ -708,13 +709,27 @@ class NsxTVDPlugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
                'plugin': data['plugin'],
                'tenant_id': data['project']}

-    def create_project_plugin_map(self, context, project_plugin_map):
-        # TODO(asarfaty): Validate project id exists
+    def create_project_plugin_map(self, context, project_plugin_map,
+                                  internal=False):
        data = project_plugin_map['project_plugin_map']
+
+        # validations:
+        # 1. validate it doesn't already exist
        if nsx_db.get_project_plugin_mapping(
            context.session, data['project']):
            raise projectpluginmap.ProjectPluginAlreadyExists(
                project_id=data['project'])
+        if not internal:
+            # 2. only admin user is allowed
+            if not context.is_admin:
+                raise projectpluginmap.ProjectPluginAdminOnly()
+            # 3. Validate the project id
+            # TODO(asarfaty): Validate project id exists in keystone
+            if not uuidutils.is_uuid_like(data['project']):
+                raise projectpluginmap.ProjectPluginIllegalId(
+                    project_id=data['project'])
+
+        # Add the entry to the DB and return it
        LOG.info("Adding mapping between project %(project)s and plugin "
                 "%(plugin)s", {'project': data['project'],
                                'plugin': data['plugin']})
@ -756,11 +771,11 @@ class NsxTVDPlugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
        else:
            # add a new entry with the default plugin
            try:
-                # TODO(asarfaty) we get timeout here when called under
-                # _ext_extend_network_dict of the first create_network
-                self.create_project_plugin_map(context,
+                self.create_project_plugin_map(
+                    context,
                    {'project_plugin_map': {'plugin': plugin_type,
-                                            'project': project_id}})
+                                            'project': project_id}},
+                    internal=True)
            except projectpluginmap.ProjectPluginAlreadyExists:
                # Maybe added by another thread
                pass
--- a/vmware_nsx/plugins/nsx_v/md_proxy.py
+++ b/vmware_nsx/plugins/nsx_v/md_proxy.py
@ -128,7 +128,8 @@ class NsxVMetadataProxyHandler(object):
                        context,
                        {'project_plugin_map':
                            {'plugin': projectpluginmap.NsxPlugins.NSX_V,
-                             'project': nsxv_constants.INTERNAL_TENANT_ID}})
+                             'project': nsxv_constants.INTERNAL_TENANT_ID}},
+                        internal=True)
                except projectpluginmap.ProjectPluginAlreadyExists:
                    pass
            self.internal_net, self.internal_subnet = (
--- a/vmware_nsx/tests/unit/nsx_tvd/test_plugin.py
+++ b/vmware_nsx/tests/unit/nsx_tvd/test_plugin.py
@ -47,7 +47,7 @@ class NsxTVDPluginTestCase(v_tests.NsxVPluginV2TestCase,
        super(NsxTVDPluginTestCase, self).setUp(
            plugin=plugin,
            ext_mgr=ext_mgr)
-
+        self._project_id = _uuid()
        self.core_plugin = directory.get_plugin()

        # create a context with this tenant
@ -62,7 +62,7 @@ class NsxTVDPluginTestCase(v_tests.NsxVPluginV2TestCase,

    @property
    def project_id(self):
-        pass
+        return self._project_id

    @property
    def plugin_type(self):
@ -186,9 +186,6 @@ class NsxTVDPluginTestCase(v_tests.NsxVPluginV2TestCase,

 class TestPluginWithDefaultPlugin(NsxTVDPluginTestCase):
    """Test TVD plugin with the NSX-T (default) sub plugin"""
-    @property
-    def project_id(self):
-        return 'project_t'

    @property
    def plugin_type(self):
@ -372,10 +369,6 @@ class TestPluginWithDefaultPlugin(NsxTVDPluginTestCase):
 class TestPluginWithNsxv(TestPluginWithDefaultPlugin):
    """Test TVD plugin with the NSX-V sub plugin"""

-    @property
-    def project_id(self):
-        return 'project_v'
-
    @property
    def plugin_type(self):
        return 'nsx-v'
@ -398,10 +391,6 @@ class TestPluginWithNsxv(TestPluginWithDefaultPlugin):
 class TestPluginWithDvs(TestPluginWithDefaultPlugin):
    """Test TVD plugin with the DVS sub plugin"""

-    @property
-    def project_id(self):
-        return 'project_dvs'
-
    @property
    def plugin_type(self):
        return 'dvs'