TVD: Add service plugins to separate list results

Adding service plugins for QoS, VPNaaS and L2Gateway
and updating the BGP plugin
to prevent users from getting objects belonging to a different
plugin

Change-Id: I3545c3acefaf50ca6937a0b7a65c131c569317cd

doc/source/devstack.rst

@@ -269,7 +269,7 @@ Add neutron-fwaas repo as an external repository and configure following flags i
     [[local|localrc]]
     enable_plugin neutron-fwaas https://git.openstack.org/openstack/neutron-fwaas
     ENABLED_SERVICES+=,q-fwaas-v2
-    Q_SERVICE_PLUGIN_CLASSES=vmware_nsxtvd_fwaasv2
+    Q_SERVICE_PLUGIN_CLASSES+=,vmware_nsxtvd_fwaasv2
 
     [[post-config|$NEUTRON_CONF]]
     [fwaas]
@@ -288,6 +288,11 @@ Add networking-l2gw repo as an external repository and configure following flags
      ENABLED_SERVICES+=l2gw-plugin
      NETWORKING_L2GW_SERVICE_DRIVER=L2GW:vmware-nsx-l2gw:vmware_nsx.services.l2gateway.nsx_tvd.driver.NsxTvdL2GatewayDriver:default
      DEFAULT_BRIDGE_CLUSTER_UUID=
+     Q_SERVICE_PLUGIN_CLASSES+=,vmware_nsxtvd_l2gw
+
+    [[post-config|$NEUTRON_CONF]]
+    [DEFAULT]
+    api_extensions_path = $DEST/networking-l2gateway/networking_l2gw/extensions
 
 QoS Driver
 ~~~~~~~~~~
@@ -296,7 +301,7 @@ Enable the qos in ``local.conf``::
 
     [[local|localrc]]
     ENABLED_SERVICES+=,q-qos
-    Q_SERVICE_PLUGIN_CLASSES=neutron.services.qos.qos_plugin.QoSPlugin
+    Q_SERVICE_PLUGIN_CLASSES+=,vmware_nsxtvd_qos
 
 Neutron dynamic routing plugin (bgp)
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -320,3 +325,9 @@ Add neutron-vpnaas repo as an external repository and configure following flags
     [[local|localrc]]
     enable_plugin neutron-vpnaas https://git.openstack.org/openstack/neutron-vpnaas
     NEUTRON_VPNAAS_SERVICE_PROVIDER=VPN:vmware:vmware_nsx.services.vpnaas.nsx_tvd.ipsec_driver.NSXIPsecVpnDriver:default
+    Q_SERVICE_PLUGIN_CLASSES+=,vmware_nsxtvd_vpnaas
+
+    [[post-config|$NEUTRON_CONF]]
+    [DEFAULT]
+    api_extensions_path = $DEST/neutron-vpnaas/neutron_vpnaas/extensions
+

setup.cfg

@@ -46,6 +46,9 @@ neutron.service_plugins =
     vmware_nsxtvd_lbaasv2 = vmware_nsx.services.lbaas.nsx.plugin:LoadBalancerTVPluginV2
     vmware_nsxtvd_fwaasv1 = vmware_nsx.services.fwaas.nsx_tv.plugin_v1:FwaasTVPluginV1
     vmware_nsxtvd_fwaasv2 = vmware_nsx.services.fwaas.nsx_tv.plugin_v2:FwaasTVPluginV2
+    vmware_nsxtvd_l2gw = vmware_nsx.services.l2gateway.nsx_tvd.plugin:L2GatewayPlugin
+    vmware_nsxtvd_qos = vmware_nsx.services.qos.nsx_tvd.plugin:QoSPlugin
+    vmware_nsxtvd_vpnaas = vmware_nsx.services.vpnaas.nsx_tvd.plugin:VPNPlugin
 neutron.qos.notification_drivers =
     vmware_nsxv3_message_queue = vmware_nsx.services.qos.nsx_v3.message_queue:NsxV3QosNotificationDriver
 neutron.ipam_drivers =

vmware_nsx/plugins/nsx/utils.py

@@ -58,19 +58,19 @@ def filter_plugins(cls):
     def add_separate_plugin_hook(name):
         orig_method = getattr(cls, name, None)
 
-        def filter_results_by_plugin(self, context, filters=None, fields=None):
+        def filter_results_by_plugin(self, context, **kwargs):
             """Run the original get-list method, and filter the results
             by the project id of the context
             """
-            entries = orig_method(self, context, filters=filters,
-                                  fields=fields)
+            entries = orig_method(self, context, **kwargs)
             if not context.project_id:
                 return entries
             req_p = get_project_mapping(context, context.project_id)
             for entry in entries[:]:
-                p = get_project_mapping(context, entry['tenant_id'])
-                if p != req_p:
-                    entries.remove(entry)
+                if entry.get('tenant_id'):
+                    p = get_project_mapping(context, entry['tenant_id'])
+                    if p != req_p:
+                        entries.remove(entry)
 
             return entries
 

vmware_nsx/services/dynamic_routing/bgp_plugin.py

@@ -30,21 +30,26 @@ from vmware_nsx.common import nsxv_constants
 from vmware_nsx.db import nsxv_db
 from vmware_nsx.extensions import edge_service_gateway_bgp_peer as ext_esg
 from vmware_nsx.extensions import projectpluginmap
+from vmware_nsx.plugins.nsx import utils as tvd_utils
 from vmware_nsx.services.dynamic_routing.nsx_v import driver as nsxv_driver
 
 LOG = logging.getLogger(__name__)
 PLUGIN_NAME = bgp_ext.BGP_EXT_ALIAS + '_nsx_svc_plugin'
 
 
+@tvd_utils.filter_plugins
 class NSXBgpPlugin(service_base.ServicePluginBase, bgp_db.BgpDbMixin):
     """BGP service plugin for NSX-V as well as TVD plugins.
 
-    Currently only the nsx-v is supported. other plugins  will be refused.
+    Currently only the nsx-v is supported. other plugins will be refused.
     """
 
     supported_extension_aliases = [bgp_ext.BGP_EXT_ALIAS,
                                    ext_esg.ESG_BGP_PEER_EXT_ALIAS]
 
+    methods_to_separate = ['get_bgp_speakers',
+                           'get_bgp_peers']
+
     def __init__(self):
         super(NSXBgpPlugin, self).__init__()
         self._core_plugin = directory.get_plugin()

vmware_nsx/services/l2gateway/nsx_tvd/plugin.py

@@ -0,0 +1,28 @@
+# Copyright 2018 VMware, Inc.
+# All Rights Reserved
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from networking_l2gw.services.l2gateway import plugin
+
+from vmware_nsx.plugins.nsx import utils as tvd_utils
+
+
+@tvd_utils.filter_plugins
+class L2GatewayPlugin(plugin.L2GatewayPlugin):
+    """NSX-TV plugin for L2GW.
+
+    This plugin adds separation between T/V instances
+    """
+    methods_to_separate = ['get_l2_gateways',
+                           'get_l2_gateway_connections']

vmware_nsx/services/l2gateway/nsx_v3/driver.py

@@ -98,6 +98,7 @@ class NsxV3Driver(l2gateway_db.L2GatewayMixin):
         # Optimistically create the default L2 gateway in neutron DB
         device = {'device_name': def_l2gw_uuid,
                   'interfaces': [{'name': 'default-bridge-cluster'}]}
+        # TODO(asarfaty): Add a default v3 tenant-id to allow TVD filtering
         def_l2gw = {'name': 'default-l2gw',
                     'devices': [device]}
         l2gw_dict = {self.gateway_resource: def_l2gw}

vmware_nsx/services/qos/nsx_tvd/plugin.py

@@ -0,0 +1,27 @@
+# Copyright 2018 VMware, Inc.
+# All Rights Reserved
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from neutron.services.qos import qos_plugin
+
+from vmware_nsx.plugins.nsx import utils as tvd_utils
+
+
+@tvd_utils.filter_plugins
+class QoSPlugin(qos_plugin.QoSPlugin):
+    """NSX-TV plugin for QoS.
+
+    This plugin adds separation between T/V instances
+    """
+    methods_to_separate = ['get_policies']

vmware_nsx/services/vpnaas/nsx_tvd/plugin.py

@@ -0,0 +1,31 @@
+# Copyright 2018 VMware, Inc.
+# All Rights Reserved
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from neutron_vpnaas.services.vpn import plugin
+
+from vmware_nsx.plugins.nsx import utils as tvd_utils
+
+
+@tvd_utils.filter_plugins
+class VPNPlugin(plugin.VPNDriverPlugin):
+    """NSX-TV plugin for QoS.
+
+    This plugin adds separation between T/V instances
+    """
+    methods_to_separate = ['get_ipsec_site_connections',
+                           'get_ikepolicies',
+                           'get_ipsecpolicies',
+                           'get_vpnservices',
+                           'get_endpoint_groups']