From 69d87b94ce8e37272b7e311ca91cda9a4bd04907 Mon Sep 17 00:00:00 2001 From: Gary Kotton Date: Sun, 14 Jan 2018 22:02:15 -0800 Subject: [PATCH] TVD: support lbaasv2 'provider' filtering The patch ensures that only a V tenant can see v resources and the same for a T tenant/project. NOTES: 1. In the neutron configuration file a new service plugin is created. So we need the following: [DEFAULT] service_plugins = vmware_nsxtvd_lbaasv2 2. The extensions path needs to be updated so that the default LBaaS extensions can be loaded. So for example in the devstack case we need to configure: [DEFAULT] api_extensions_path = /opt/stack/neutron-lbaas/neutron_lbaas/extensions Change-Id: Iea497cbb150048bedf712a195c7854e4836ad4a5 --- setup.cfg | 1 + vmware_nsx/services/lbaas/nsx/plugin.py | 63 +++++++++++++++++++++++++ 2 files changed, 64 insertions(+) create mode 100644 vmware_nsx/services/lbaas/nsx/plugin.py diff --git a/setup.cfg b/setup.cfg index ebc909569a..ba5bcbcdf9 100644 --- a/setup.cfg +++ b/setup.cfg @@ -43,6 +43,7 @@ firewall_drivers = vmware_nsxtvd_edge_v2 = vmware_nsx.services.fwaas.nsx_tv.edge_fwaas_driver_v2:EdgeFwaasTVDriverV2 neutron.service_plugins = vmware_nsxv_qos = vmware_nsx.services.qos.nsx_v.plugin:NsxVQosPlugin + vmware_nsxtvd_lbaasv2 = vmware_nsx.services.lbaas.nsx.plugin:LoadBalancerTVDPluginv2 neutron.qos.notification_drivers = vmware_nsxv3_message_queue = vmware_nsx.services.qos.nsx_v3.message_queue:NsxV3QosNotificationDriver neutron.ipam_drivers = diff --git a/vmware_nsx/services/lbaas/nsx/plugin.py b/vmware_nsx/services/lbaas/nsx/plugin.py new file mode 100644 index 0000000000..bef5065e53 --- /dev/null +++ b/vmware_nsx/services/lbaas/nsx/plugin.py @@ -0,0 +1,63 @@ +# Copyright 2017 VMware, Inc. +# All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +from neutron_lib import exceptions + +from neutron_lbaas.services.loadbalancer import plugin +from vmware_nsx.db import db as nsx_db + + +class LoadBalancerTVDPluginv2(plugin.LoadBalancerPluginv2): + def _get_project_mapping(self, context, project_id): + mapping = nsx_db.get_project_plugin_mapping( + context.session, project_id) + if mapping: + return mapping['plugin'] + else: + raise exceptions.ObjectNotFound(id=project_id) + + def _filter_entries(self, method, context, filters=None, fields=None): + req_p = self._get_project_mapping(context, context.project_id) + entries = method(context, filters=filters, fields=fields) + for entry in entries[:]: + p = self._get_project_mapping(context, + entry['tenant_id']) + if p != req_p: + entries.remove(entry) + return entries + + def get_loadbalancers(self, context, filters=None, fields=None): + return self._filter_entries( + super(LoadBalancerTVDPluginv2, self).get_loadbalancers, + context, filters=filters, fields=fields) + + def get_listeners(self, context, filters=None, fields=None): + return self._filter_entries( + super(LoadBalancerTVDPluginv2, self).get_listeners, + context, filters=filters, fields=fields) + + def get_pools(self, context, filters=None, fields=None): + return self._filter_entries( + super(LoadBalancerTVDPluginv2, self).get_pools, + context, filters=filters, fields=fields) + + def get_healthmonitors(self, context, filters=None, fields=None): + return self._filter_entries( + super(LoadBalancerTVDPluginv2, self).get_healthmonitors, + context, filters=filters, fields=fields) + + def get_l7policies(self, context, filters=None, fields=None): + return self._filter_entries( + super(LoadBalancerTVDPluginv2, self).get_l7policies, + context, filters=filters, fields=fields)