TVD: Add service plugins to separate list results
Adding service plugins for QoS, VPNaaS and L2Gateway and updating the BGP plugin to prevent users from getting objects belonging to a different plugin Change-Id: I3545c3acefaf50ca6937a0b7a65c131c569317cd
This commit is contained in:
parent
8f513e2d9a
commit
c6c155c1aa
@ -269,7 +269,7 @@ Add neutron-fwaas repo as an external repository and configure following flags i
|
|||||||
[[local|localrc]]
|
[[local|localrc]]
|
||||||
enable_plugin neutron-fwaas https://git.openstack.org/openstack/neutron-fwaas
|
enable_plugin neutron-fwaas https://git.openstack.org/openstack/neutron-fwaas
|
||||||
ENABLED_SERVICES+=,q-fwaas-v2
|
ENABLED_SERVICES+=,q-fwaas-v2
|
||||||
Q_SERVICE_PLUGIN_CLASSES=vmware_nsxtvd_fwaasv2
|
Q_SERVICE_PLUGIN_CLASSES+=,vmware_nsxtvd_fwaasv2
|
||||||
|
|
||||||
[[post-config|$NEUTRON_CONF]]
|
[[post-config|$NEUTRON_CONF]]
|
||||||
[fwaas]
|
[fwaas]
|
||||||
@ -288,6 +288,11 @@ Add networking-l2gw repo as an external repository and configure following flags
|
|||||||
ENABLED_SERVICES+=l2gw-plugin
|
ENABLED_SERVICES+=l2gw-plugin
|
||||||
NETWORKING_L2GW_SERVICE_DRIVER=L2GW:vmware-nsx-l2gw:vmware_nsx.services.l2gateway.nsx_tvd.driver.NsxTvdL2GatewayDriver:default
|
NETWORKING_L2GW_SERVICE_DRIVER=L2GW:vmware-nsx-l2gw:vmware_nsx.services.l2gateway.nsx_tvd.driver.NsxTvdL2GatewayDriver:default
|
||||||
DEFAULT_BRIDGE_CLUSTER_UUID=
|
DEFAULT_BRIDGE_CLUSTER_UUID=
|
||||||
|
Q_SERVICE_PLUGIN_CLASSES+=,vmware_nsxtvd_l2gw
|
||||||
|
|
||||||
|
[[post-config|$NEUTRON_CONF]]
|
||||||
|
[DEFAULT]
|
||||||
|
api_extensions_path = $DEST/networking-l2gateway/networking_l2gw/extensions
|
||||||
|
|
||||||
QoS Driver
|
QoS Driver
|
||||||
~~~~~~~~~~
|
~~~~~~~~~~
|
||||||
@ -296,7 +301,7 @@ Enable the qos in ``local.conf``::
|
|||||||
|
|
||||||
[[local|localrc]]
|
[[local|localrc]]
|
||||||
ENABLED_SERVICES+=,q-qos
|
ENABLED_SERVICES+=,q-qos
|
||||||
Q_SERVICE_PLUGIN_CLASSES=neutron.services.qos.qos_plugin.QoSPlugin
|
Q_SERVICE_PLUGIN_CLASSES+=,vmware_nsxtvd_qos
|
||||||
|
|
||||||
Neutron dynamic routing plugin (bgp)
|
Neutron dynamic routing plugin (bgp)
|
||||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
@ -320,3 +325,9 @@ Add neutron-vpnaas repo as an external repository and configure following flags
|
|||||||
[[local|localrc]]
|
[[local|localrc]]
|
||||||
enable_plugin neutron-vpnaas https://git.openstack.org/openstack/neutron-vpnaas
|
enable_plugin neutron-vpnaas https://git.openstack.org/openstack/neutron-vpnaas
|
||||||
NEUTRON_VPNAAS_SERVICE_PROVIDER=VPN:vmware:vmware_nsx.services.vpnaas.nsx_tvd.ipsec_driver.NSXIPsecVpnDriver:default
|
NEUTRON_VPNAAS_SERVICE_PROVIDER=VPN:vmware:vmware_nsx.services.vpnaas.nsx_tvd.ipsec_driver.NSXIPsecVpnDriver:default
|
||||||
|
Q_SERVICE_PLUGIN_CLASSES+=,vmware_nsxtvd_vpnaas
|
||||||
|
|
||||||
|
[[post-config|$NEUTRON_CONF]]
|
||||||
|
[DEFAULT]
|
||||||
|
api_extensions_path = $DEST/neutron-vpnaas/neutron_vpnaas/extensions
|
||||||
|
|
||||||
|
@ -46,6 +46,9 @@ neutron.service_plugins =
|
|||||||
vmware_nsxtvd_lbaasv2 = vmware_nsx.services.lbaas.nsx.plugin:LoadBalancerTVPluginV2
|
vmware_nsxtvd_lbaasv2 = vmware_nsx.services.lbaas.nsx.plugin:LoadBalancerTVPluginV2
|
||||||
vmware_nsxtvd_fwaasv1 = vmware_nsx.services.fwaas.nsx_tv.plugin_v1:FwaasTVPluginV1
|
vmware_nsxtvd_fwaasv1 = vmware_nsx.services.fwaas.nsx_tv.plugin_v1:FwaasTVPluginV1
|
||||||
vmware_nsxtvd_fwaasv2 = vmware_nsx.services.fwaas.nsx_tv.plugin_v2:FwaasTVPluginV2
|
vmware_nsxtvd_fwaasv2 = vmware_nsx.services.fwaas.nsx_tv.plugin_v2:FwaasTVPluginV2
|
||||||
|
vmware_nsxtvd_l2gw = vmware_nsx.services.l2gateway.nsx_tvd.plugin:L2GatewayPlugin
|
||||||
|
vmware_nsxtvd_qos = vmware_nsx.services.qos.nsx_tvd.plugin:QoSPlugin
|
||||||
|
vmware_nsxtvd_vpnaas = vmware_nsx.services.vpnaas.nsx_tvd.plugin:VPNPlugin
|
||||||
neutron.qos.notification_drivers =
|
neutron.qos.notification_drivers =
|
||||||
vmware_nsxv3_message_queue = vmware_nsx.services.qos.nsx_v3.message_queue:NsxV3QosNotificationDriver
|
vmware_nsxv3_message_queue = vmware_nsx.services.qos.nsx_v3.message_queue:NsxV3QosNotificationDriver
|
||||||
neutron.ipam_drivers =
|
neutron.ipam_drivers =
|
||||||
|
@ -58,16 +58,16 @@ def filter_plugins(cls):
|
|||||||
def add_separate_plugin_hook(name):
|
def add_separate_plugin_hook(name):
|
||||||
orig_method = getattr(cls, name, None)
|
orig_method = getattr(cls, name, None)
|
||||||
|
|
||||||
def filter_results_by_plugin(self, context, filters=None, fields=None):
|
def filter_results_by_plugin(self, context, **kwargs):
|
||||||
"""Run the original get-list method, and filter the results
|
"""Run the original get-list method, and filter the results
|
||||||
by the project id of the context
|
by the project id of the context
|
||||||
"""
|
"""
|
||||||
entries = orig_method(self, context, filters=filters,
|
entries = orig_method(self, context, **kwargs)
|
||||||
fields=fields)
|
|
||||||
if not context.project_id:
|
if not context.project_id:
|
||||||
return entries
|
return entries
|
||||||
req_p = get_project_mapping(context, context.project_id)
|
req_p = get_project_mapping(context, context.project_id)
|
||||||
for entry in entries[:]:
|
for entry in entries[:]:
|
||||||
|
if entry.get('tenant_id'):
|
||||||
p = get_project_mapping(context, entry['tenant_id'])
|
p = get_project_mapping(context, entry['tenant_id'])
|
||||||
if p != req_p:
|
if p != req_p:
|
||||||
entries.remove(entry)
|
entries.remove(entry)
|
||||||
|
@ -30,12 +30,14 @@ from vmware_nsx.common import nsxv_constants
|
|||||||
from vmware_nsx.db import nsxv_db
|
from vmware_nsx.db import nsxv_db
|
||||||
from vmware_nsx.extensions import edge_service_gateway_bgp_peer as ext_esg
|
from vmware_nsx.extensions import edge_service_gateway_bgp_peer as ext_esg
|
||||||
from vmware_nsx.extensions import projectpluginmap
|
from vmware_nsx.extensions import projectpluginmap
|
||||||
|
from vmware_nsx.plugins.nsx import utils as tvd_utils
|
||||||
from vmware_nsx.services.dynamic_routing.nsx_v import driver as nsxv_driver
|
from vmware_nsx.services.dynamic_routing.nsx_v import driver as nsxv_driver
|
||||||
|
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
PLUGIN_NAME = bgp_ext.BGP_EXT_ALIAS + '_nsx_svc_plugin'
|
PLUGIN_NAME = bgp_ext.BGP_EXT_ALIAS + '_nsx_svc_plugin'
|
||||||
|
|
||||||
|
|
||||||
|
@tvd_utils.filter_plugins
|
||||||
class NSXBgpPlugin(service_base.ServicePluginBase, bgp_db.BgpDbMixin):
|
class NSXBgpPlugin(service_base.ServicePluginBase, bgp_db.BgpDbMixin):
|
||||||
"""BGP service plugin for NSX-V as well as TVD plugins.
|
"""BGP service plugin for NSX-V as well as TVD plugins.
|
||||||
|
|
||||||
@ -45,6 +47,9 @@ class NSXBgpPlugin(service_base.ServicePluginBase, bgp_db.BgpDbMixin):
|
|||||||
supported_extension_aliases = [bgp_ext.BGP_EXT_ALIAS,
|
supported_extension_aliases = [bgp_ext.BGP_EXT_ALIAS,
|
||||||
ext_esg.ESG_BGP_PEER_EXT_ALIAS]
|
ext_esg.ESG_BGP_PEER_EXT_ALIAS]
|
||||||
|
|
||||||
|
methods_to_separate = ['get_bgp_speakers',
|
||||||
|
'get_bgp_peers']
|
||||||
|
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
super(NSXBgpPlugin, self).__init__()
|
super(NSXBgpPlugin, self).__init__()
|
||||||
self._core_plugin = directory.get_plugin()
|
self._core_plugin = directory.get_plugin()
|
||||||
|
28
vmware_nsx/services/l2gateway/nsx_tvd/plugin.py
Normal file
28
vmware_nsx/services/l2gateway/nsx_tvd/plugin.py
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
# Copyright 2018 VMware, Inc.
|
||||||
|
# All Rights Reserved
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
from networking_l2gw.services.l2gateway import plugin
|
||||||
|
|
||||||
|
from vmware_nsx.plugins.nsx import utils as tvd_utils
|
||||||
|
|
||||||
|
|
||||||
|
@tvd_utils.filter_plugins
|
||||||
|
class L2GatewayPlugin(plugin.L2GatewayPlugin):
|
||||||
|
"""NSX-TV plugin for L2GW.
|
||||||
|
|
||||||
|
This plugin adds separation between T/V instances
|
||||||
|
"""
|
||||||
|
methods_to_separate = ['get_l2_gateways',
|
||||||
|
'get_l2_gateway_connections']
|
@ -98,6 +98,7 @@ class NsxV3Driver(l2gateway_db.L2GatewayMixin):
|
|||||||
# Optimistically create the default L2 gateway in neutron DB
|
# Optimistically create the default L2 gateway in neutron DB
|
||||||
device = {'device_name': def_l2gw_uuid,
|
device = {'device_name': def_l2gw_uuid,
|
||||||
'interfaces': [{'name': 'default-bridge-cluster'}]}
|
'interfaces': [{'name': 'default-bridge-cluster'}]}
|
||||||
|
# TODO(asarfaty): Add a default v3 tenant-id to allow TVD filtering
|
||||||
def_l2gw = {'name': 'default-l2gw',
|
def_l2gw = {'name': 'default-l2gw',
|
||||||
'devices': [device]}
|
'devices': [device]}
|
||||||
l2gw_dict = {self.gateway_resource: def_l2gw}
|
l2gw_dict = {self.gateway_resource: def_l2gw}
|
||||||
|
0
vmware_nsx/services/qos/nsx_tvd/__init__.py
Normal file
0
vmware_nsx/services/qos/nsx_tvd/__init__.py
Normal file
27
vmware_nsx/services/qos/nsx_tvd/plugin.py
Normal file
27
vmware_nsx/services/qos/nsx_tvd/plugin.py
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
# Copyright 2018 VMware, Inc.
|
||||||
|
# All Rights Reserved
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
from neutron.services.qos import qos_plugin
|
||||||
|
|
||||||
|
from vmware_nsx.plugins.nsx import utils as tvd_utils
|
||||||
|
|
||||||
|
|
||||||
|
@tvd_utils.filter_plugins
|
||||||
|
class QoSPlugin(qos_plugin.QoSPlugin):
|
||||||
|
"""NSX-TV plugin for QoS.
|
||||||
|
|
||||||
|
This plugin adds separation between T/V instances
|
||||||
|
"""
|
||||||
|
methods_to_separate = ['get_policies']
|
31
vmware_nsx/services/vpnaas/nsx_tvd/plugin.py
Normal file
31
vmware_nsx/services/vpnaas/nsx_tvd/plugin.py
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
# Copyright 2018 VMware, Inc.
|
||||||
|
# All Rights Reserved
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
from neutron_vpnaas.services.vpn import plugin
|
||||||
|
|
||||||
|
from vmware_nsx.plugins.nsx import utils as tvd_utils
|
||||||
|
|
||||||
|
|
||||||
|
@tvd_utils.filter_plugins
|
||||||
|
class VPNPlugin(plugin.VPNDriverPlugin):
|
||||||
|
"""NSX-TV plugin for QoS.
|
||||||
|
|
||||||
|
This plugin adds separation between T/V instances
|
||||||
|
"""
|
||||||
|
methods_to_separate = ['get_ipsec_site_connections',
|
||||||
|
'get_ikepolicies',
|
||||||
|
'get_ipsecpolicies',
|
||||||
|
'get_vpnservices',
|
||||||
|
'get_endpoint_groups']
|
Loading…
x
Reference in New Issue
Block a user