TVD: support lbaasv2 'provider' filtering

The patch ensures that only a V tenant can see v resources and the
same for a T tenant/project.

NOTES:
1. In the neutron configuration file a new service plugin is created.
   So we need the following:
[DEFAULT]
service_plugins = vmware_nsxtvd_lbaasv2

2. The extensions path needs to be updated so that the default LBaaS
   extensions can be loaded.

So for example in the devstack case we need to configure:
[DEFAULT]
api_extensions_path = /opt/stack/neutron-lbaas/neutron_lbaas/extensions

Change-Id: Iea497cbb150048bedf712a195c7854e4836ad4a5

setup.cfg

@@ -43,6 +43,7 @@ firewall_drivers =
     vmware_nsxtvd_edge_v2 = vmware_nsx.services.fwaas.nsx_tv.edge_fwaas_driver_v2:EdgeFwaasTVDriverV2
 neutron.service_plugins =
     vmware_nsxv_qos = vmware_nsx.services.qos.nsx_v.plugin:NsxVQosPlugin
+    vmware_nsxtvd_lbaasv2 = vmware_nsx.services.lbaas.nsx.plugin:LoadBalancerTVDPluginv2
 neutron.qos.notification_drivers =
     vmware_nsxv3_message_queue = vmware_nsx.services.qos.nsx_v3.message_queue:NsxV3QosNotificationDriver
 neutron.ipam_drivers =

vmware_nsx/services/lbaas/nsx/plugin.py

@@ -0,0 +1,63 @@
+# Copyright 2017 VMware, Inc.
+# All Rights Reserved
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+from neutron_lib import exceptions
+
+from neutron_lbaas.services.loadbalancer import plugin
+from vmware_nsx.db import db as nsx_db
+
+
+class LoadBalancerTVDPluginv2(plugin.LoadBalancerPluginv2):
+    def _get_project_mapping(self, context, project_id):
+        mapping = nsx_db.get_project_plugin_mapping(
+                context.session, project_id)
+        if mapping:
+            return mapping['plugin']
+        else:
+            raise exceptions.ObjectNotFound(id=project_id)
+
+    def _filter_entries(self, method, context, filters=None, fields=None):
+        req_p = self._get_project_mapping(context, context.project_id)
+        entries = method(context, filters=filters, fields=fields)
+        for entry in entries[:]:
+            p = self._get_project_mapping(context,
+                                          entry['tenant_id'])
+            if p != req_p:
+                entries.remove(entry)
+        return entries
+
+    def get_loadbalancers(self, context, filters=None, fields=None):
+        return self._filter_entries(
+            super(LoadBalancerTVDPluginv2, self).get_loadbalancers,
+            context, filters=filters, fields=fields)
+
+    def get_listeners(self, context, filters=None, fields=None):
+        return self._filter_entries(
+            super(LoadBalancerTVDPluginv2, self).get_listeners,
+            context, filters=filters, fields=fields)
+
+    def get_pools(self, context, filters=None, fields=None):
+        return self._filter_entries(
+            super(LoadBalancerTVDPluginv2, self).get_pools,
+            context, filters=filters, fields=fields)
+
+    def get_healthmonitors(self, context, filters=None, fields=None):
+        return self._filter_entries(
+            super(LoadBalancerTVDPluginv2, self).get_healthmonitors,
+            context, filters=filters, fields=fields)
+
+    def get_l7policies(self, context, filters=None, fields=None):
+        return self._filter_entries(
+            super(LoadBalancerTVDPluginv2, self).get_l7policies,
+            context, filters=filters, fields=fields)