Merge "Avoid performing extra query for fetching port security binding"

This commit is contained in:
Jenkins 2013-07-31 23:29:34 +00:00 committed by Gerrit Code Review
commit 4e16ed91cd
6 changed files with 82 additions and 64 deletions

View File

@ -548,7 +548,6 @@ class Controller(object):
raise webob.exc.HTTPBadRequest(msg) raise webob.exc.HTTPBadRequest(msg)
Controller._populate_tenant_id(context, res_dict, is_create) Controller._populate_tenant_id(context, res_dict, is_create)
Controller._verify_attributes(res_dict, attr_info) Controller._verify_attributes(res_dict, attr_info)
if is_create: # POST if is_create: # POST

View File

@ -993,7 +993,7 @@ class NeutronDbPluginV2(neutron_plugin_base_v2.NeutronPluginBaseV2,
'status': constants.NET_STATUS_ACTIVE} 'status': constants.NET_STATUS_ACTIVE}
network = models_v2.Network(**args) network = models_v2.Network(**args)
context.session.add(network) context.session.add(network)
return self._make_network_dict(network) return self._make_network_dict(network, process_extensions=False)
def update_network(self, context, id, network): def update_network(self, context, id, network):
n = network['network'] n = network['network']

View File

@ -17,9 +17,13 @@
# @author: Aaron Rosen, Nicira, Inc # @author: Aaron Rosen, Nicira, Inc
import sqlalchemy as sa import sqlalchemy as sa
from sqlalchemy import orm
from sqlalchemy.orm import exc from sqlalchemy.orm import exc
from neutron.api.v2 import attributes as attrs
from neutron.db import db_base_plugin_v2
from neutron.db import model_base from neutron.db import model_base
from neutron.db import models_v2
from neutron.extensions import portsecurity as psec from neutron.extensions import portsecurity as psec
from neutron.openstack.common import log as logging from neutron.openstack.common import log as logging
@ -32,6 +36,13 @@ class PortSecurityBinding(model_base.BASEV2):
primary_key=True) primary_key=True)
port_security_enabled = sa.Column(sa.Boolean(), nullable=False) port_security_enabled = sa.Column(sa.Boolean(), nullable=False)
# Add a relationship to the Port model in order to be to able to
# instruct SQLAlchemy to eagerly load port security binding
port = orm.relationship(
models_v2.Port,
backref=orm.backref("port_security", uselist=False,
cascade='delete', lazy='joined'))
class NetworkSecurityBinding(model_base.BASEV2): class NetworkSecurityBinding(model_base.BASEV2):
network_id = sa.Column(sa.String(36), network_id = sa.Column(sa.String(36),
@ -39,25 +50,43 @@ class NetworkSecurityBinding(model_base.BASEV2):
primary_key=True) primary_key=True)
port_security_enabled = sa.Column(sa.Boolean(), nullable=False) port_security_enabled = sa.Column(sa.Boolean(), nullable=False)
# Add a relationship to the Port model in order to be able to instruct
# SQLAlchemy to eagerly load default port security setting for ports
# on this network
network = orm.relationship(
models_v2.Network,
backref=orm.backref("port_security", uselist=False,
cascade='delete', lazy='joined'))
class PortSecurityDbMixin(object): class PortSecurityDbMixin(object):
"""Mixin class to add port security.""" """Mixin class to add port security."""
def _process_network_create_port_security(self, context, network): def _process_network_port_security_create(
self, context, network_req, network_res):
with context.session.begin(subtransactions=True): with context.session.begin(subtransactions=True):
db = NetworkSecurityBinding( db = NetworkSecurityBinding(
network_id=network['id'], network_id=network_res['id'],
port_security_enabled=network[psec.PORTSECURITY]) port_security_enabled=network_req[psec.PORTSECURITY])
context.session.add(db) context.session.add(db)
network_res[psec.PORTSECURITY] = network_req[psec.PORTSECURITY]
return self._make_network_port_security_dict(db) return self._make_network_port_security_dict(db)
def _extend_network_port_security_dict(self, context, network): def _process_port_port_security_create(
network[psec.PORTSECURITY] = self._get_network_security_binding( self, context, port_req, port_res):
context, network['id']) with context.session.begin(subtransactions=True):
db = PortSecurityBinding(
port_id=port_res['id'],
port_security_enabled=port_req[psec.PORTSECURITY])
context.session.add(db)
port_res[psec.PORTSECURITY] = port_req[psec.PORTSECURITY]
return self._make_port_security_dict(db)
def _extend_port_port_security_dict(self, context, port): def _extend_port_security_dict(self, response_data, db_data):
port[psec.PORTSECURITY] = self._get_port_security_binding( if ('port-security' in
context, port['id']) getattr(self, 'supported_extension_aliases', [])):
psec_value = db_data['port_security'][psec.PORTSECURITY]
response_data[psec.PORTSECURITY] = psec_value
def _get_network_security_binding(self, context, network_id): def _get_network_security_binding(self, context, network_id):
try: try:
@ -77,25 +106,37 @@ class PortSecurityDbMixin(object):
raise psec.PortSecurityBindingNotFound() raise psec.PortSecurityBindingNotFound()
return binding[psec.PORTSECURITY] return binding[psec.PORTSECURITY]
def _update_port_security_binding(self, context, port_id, def _process_port_port_security_update(
port_security_enabled): self, context, port_req, port_res):
if psec.PORTSECURITY in port_req:
port_security_enabled = port_req[psec.PORTSECURITY]
else:
return
try: try:
query = self._model_query(context, PortSecurityBinding) query = self._model_query(context, PortSecurityBinding)
port_id = port_res['id']
binding = query.filter( binding = query.filter(
PortSecurityBinding.port_id == port_id).one() PortSecurityBinding.port_id == port_id).one()
binding.update({psec.PORTSECURITY: port_security_enabled}) binding.port_security_enabled = port_security_enabled
port_res[psec.PORTSECURITY] = port_security_enabled
except exc.NoResultFound: except exc.NoResultFound:
raise psec.PortSecurityBindingNotFound() raise psec.PortSecurityBindingNotFound()
def _update_network_security_binding(self, context, network_id, def _process_network_port_security_update(
port_security_enabled): self, context, network_req, network_res):
if psec.PORTSECURITY in network_req:
port_security_enabled = network_req[psec.PORTSECURITY]
else:
return
try: try:
query = self._model_query(context, NetworkSecurityBinding) query = self._model_query(context, NetworkSecurityBinding)
network_id = network_res['id']
binding = query.filter( binding = query.filter(
NetworkSecurityBinding.network_id == network_id).one() NetworkSecurityBinding.network_id == network_id).one()
binding.update({psec.PORTSECURITY: port_security_enabled}) binding.port_security_enabled = port_security_enabled
network_res[psec.PORTSECURITY] = port_security_enabled
except exc.NoResultFound: except exc.NoResultFound:
raise psec.PortSecurityBindingNotFound() raise psec.PortSecurityBindingNotFound()
@ -126,14 +167,6 @@ class PortSecurityDbMixin(object):
return (port_security_enabled, has_ip) return (port_security_enabled, has_ip)
def _process_port_security_create(self, context, port):
with context.session.begin(subtransactions=True):
port_security_binding = PortSecurityBinding(
port_id=port['id'],
port_security_enabled=port[psec.PORTSECURITY])
context.session.add(port_security_binding)
return self._make_port_security_dict(port_security_binding)
def _make_port_security_dict(self, port, fields=None): def _make_port_security_dict(self, port, fields=None):
res = {'port_id': port['port_id'], res = {'port_id': port['port_id'],
psec.PORTSECURITY: port[psec.PORTSECURITY]} psec.PORTSECURITY: port[psec.PORTSECURITY]}
@ -141,3 +174,9 @@ class PortSecurityDbMixin(object):
def _ip_on_port(self, port): def _ip_on_port(self, port):
return bool(port.get('fixed_ips')) return bool(port.get('fixed_ips'))
# Register dict extend functions for ports and networks
db_base_plugin_v2.NeutronDbPluginV2.register_dict_extend_funcs(
attrs.NETWORKS, [_extend_port_security_dict])
db_base_plugin_v2.NeutronDbPluginV2.register_dict_extend_funcs(
attrs.PORTS, [_extend_port_security_dict])

View File

@ -433,9 +433,9 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
context.session.delete(rule) context.session.delete(rule)
def _extend_port_dict_security_group(self, port_res, port_db): def _extend_port_dict_security_group(self, port_res, port_db):
# If port_db is provided, security groups will be accessed via # Security group bindings will be retrieved from the sqlalchemy
# sqlalchemy models. As they're loaded together with ports this # model. As they're loaded eagerly with ports because of the
# will not cause an extra query. # joined load they will not cause an extra query.
security_group_ids = [sec_group_mapping['security_group_id'] for security_group_ids = [sec_group_mapping['security_group_id'] for
sec_group_mapping in port_db.security_groups] sec_group_mapping in port_db.security_groups]
port_res[ext_sg.SECURITYGROUPS] = security_group_ids port_res[ext_sg.SECURITYGROUPS] = security_group_ids

View File

@ -910,7 +910,8 @@ class NvpPluginV2(db_base_plugin_v2.NeutronDbPluginV2,
# Ensure there's an id in net_data # Ensure there's an id in net_data
net_data['id'] = new_net['id'] net_data['id'] = new_net['id']
# Process port security extension # Process port security extension
self._process_network_create_port_security(context, net_data) self._process_network_port_security_create(
context, net_data, new_net)
# DB Operations for setting the network as external # DB Operations for setting the network as external
self._process_l3_create(context, new_net, net_data) self._process_l3_create(context, new_net, net_data)
# Process QoS queue extension # Process QoS queue extension
@ -929,7 +930,6 @@ class NvpPluginV2(db_base_plugin_v2.NeutronDbPluginV2,
net_data.get(pnet.SEGMENTATION_ID, 0)) net_data.get(pnet.SEGMENTATION_ID, 0))
self._extend_network_dict_provider(context, new_net, self._extend_network_dict_provider(context, new_net,
net_binding) net_binding)
self._extend_network_port_security_dict(context, new_net)
self.schedule_network(context, new_net) self.schedule_network(context, new_net)
return new_net return new_net
@ -1018,9 +1018,8 @@ class NvpPluginV2(db_base_plugin_v2.NeutronDbPluginV2,
raise nvp_exc.NvpPluginException(err_msg=err_msg) raise nvp_exc.NvpPluginException(err_msg=err_msg)
# Don't do field selection here otherwise we won't be able # Don't do field selection here otherwise we won't be able
# to add provider networks fields # to add provider networks fields
net_result = self._make_network_dict(network, None) net_result = self._make_network_dict(network)
self._extend_network_dict_provider(context, net_result) self._extend_network_dict_provider(context, net_result)
self._extend_network_port_security_dict(context, net_result)
self._extend_network_qos_queue(context, net_result) self._extend_network_qos_queue(context, net_result)
return self._fields(net_result, fields) return self._fields(net_result, fields)
@ -1032,7 +1031,6 @@ class NvpPluginV2(db_base_plugin_v2.NeutronDbPluginV2,
super(NvpPluginV2, self).get_networks(context, filters)) super(NvpPluginV2, self).get_networks(context, filters))
for net in neutron_lswitches: for net in neutron_lswitches:
self._extend_network_dict_provider(context, net) self._extend_network_dict_provider(context, net)
self._extend_network_port_security_dict(context, net)
self._extend_network_qos_queue(context, net) self._extend_network_qos_queue(context, net)
tenant_ids = filters and filters.get('tenant_id') or None tenant_ids = filters and filters.get('tenant_id') or None
@ -1069,7 +1067,6 @@ class NvpPluginV2(db_base_plugin_v2.NeutronDbPluginV2,
nvp_lswitches = dict( nvp_lswitches = dict(
(uuid, ls) for (uuid, ls) in nvp_lswitches.iteritems() (uuid, ls) for (uuid, ls) in nvp_lswitches.iteritems()
if uuid in set(filters['id'])) if uuid in set(filters['id']))
for neutron_lswitch in neutron_lswitches: for neutron_lswitch in neutron_lswitches:
# Skip external networks as they do not exist in NVP # Skip external networks as they do not exist in NVP
if neutron_lswitch[l3.EXTERNAL]: if neutron_lswitch[l3.EXTERNAL]:
@ -1105,7 +1102,6 @@ class NvpPluginV2(db_base_plugin_v2.NeutronDbPluginV2,
row[field] = neutron_lswitch[field] row[field] = neutron_lswitch[field]
ret_fields.append(row) ret_fields.append(row)
return ret_fields return ret_fields
return neutron_lswitches return neutron_lswitches
def update_network(self, context, id, network): def update_network(self, context, id, network):
@ -1118,13 +1114,12 @@ class NvpPluginV2(db_base_plugin_v2.NeutronDbPluginV2,
with context.session.begin(subtransactions=True): with context.session.begin(subtransactions=True):
net = super(NvpPluginV2, self).update_network(context, id, network) net = super(NvpPluginV2, self).update_network(context, id, network)
if psec.PORTSECURITY in network['network']: if psec.PORTSECURITY in network['network']:
self._update_network_security_binding( self._process_network_port_security_update(
context, id, network['network'][psec.PORTSECURITY]) context, network['network'], net)
if network['network'].get(ext_qos.QUEUE): if network['network'].get(ext_qos.QUEUE):
net[ext_qos.QUEUE] = network['network'][ext_qos.QUEUE] net[ext_qos.QUEUE] = network['network'][ext_qos.QUEUE]
self._delete_network_queue_mapping(context, id) self._delete_network_queue_mapping(context, id)
self._process_network_queue_mapping(context, net) self._process_network_queue_mapping(context, net)
self._extend_network_port_security_dict(context, net)
self._process_l3_update(context, net, network['network']) self._process_l3_update(context, net, network['network'])
self._extend_network_dict_provider(context, net) self._extend_network_dict_provider(context, net)
self._extend_network_qos_queue(context, net) self._extend_network_qos_queue(context, net)
@ -1136,7 +1131,6 @@ class NvpPluginV2(db_base_plugin_v2.NeutronDbPluginV2,
neutron_lports = super(NvpPluginV2, self).get_ports( neutron_lports = super(NvpPluginV2, self).get_ports(
context, filters) context, filters)
for neutron_lport in neutron_lports: for neutron_lport in neutron_lports:
self._extend_port_port_security_dict(context, neutron_lport)
self._extend_port_mac_learning_state(context, neutron_lport) self._extend_port_mac_learning_state(context, neutron_lport)
if (filters.get('network_id') and len(filters.get('network_id')) and if (filters.get('network_id') and len(filters.get('network_id')) and
self._network_is_external(context, filters['network_id'][0])): self._network_is_external(context, filters['network_id'][0])):
@ -1261,7 +1255,8 @@ class NvpPluginV2(db_base_plugin_v2.NeutronDbPluginV2,
(port_security, has_ip) = self._determine_port_security_and_has_ip( (port_security, has_ip) = self._determine_port_security_and_has_ip(
context, port_data) context, port_data)
port_data[psec.PORTSECURITY] = port_security port_data[psec.PORTSECURITY] = port_security
self._process_port_security_create(context, port_data) self._process_port_port_security_create(
context, port_data, neutron_db)
# security group extension checks # security group extension checks
if port_security and has_ip: if port_security and has_ip:
self._ensure_default_security_group_on_port(context, port) self._ensure_default_security_group_on_port(context, port)
@ -1285,7 +1280,6 @@ class NvpPluginV2(db_base_plugin_v2.NeutronDbPluginV2,
# remove since it will be added in extend based on policy # remove since it will be added in extend based on policy
del port_data[ext_qos.QUEUE] del port_data[ext_qos.QUEUE]
self._extend_port_port_security_dict(context, port_data)
self._extend_port_qos_queue(context, port_data) self._extend_port_qos_queue(context, port_data)
self._process_portbindings_create_and_update(context, self._process_portbindings_create_and_update(context,
port, port_data) port, port_data)
@ -1335,10 +1329,6 @@ class NvpPluginV2(db_base_plugin_v2.NeutronDbPluginV2,
port['port'].pop('fixed_ips', None) port['port'].pop('fixed_ips', None)
ret_port.update(port['port']) ret_port.update(port['port'])
tenant_id = self._get_tenant_id_for_create(context, ret_port) tenant_id = self._get_tenant_id_for_create(context, ret_port)
# populate port_security setting
if psec.PORTSECURITY not in port['port']:
ret_port[psec.PORTSECURITY] = self._get_port_security_binding(
context, id)
has_ip = self._ip_on_port(ret_port) has_ip = self._ip_on_port(ret_port)
# checks if security groups were updated adding/modifying # checks if security groups were updated adding/modifying
@ -1364,8 +1354,8 @@ class NvpPluginV2(db_base_plugin_v2.NeutronDbPluginV2,
sgids) sgids)
if psec.PORTSECURITY in port['port']: if psec.PORTSECURITY in port['port']:
self._update_port_security_binding( self._process_port_port_security_update(
context, id, ret_port[psec.PORTSECURITY]) context, port['port'], ret_port)
ret_port[ext_qos.QUEUE] = self._check_for_queue_and_create( ret_port[ext_qos.QUEUE] = self._check_for_queue_and_create(
context, ret_port) context, ret_port)
@ -1382,7 +1372,6 @@ class NvpPluginV2(db_base_plugin_v2.NeutronDbPluginV2,
ret_port[mac_ext.MAC_LEARNING] = old_mac_learning_state ret_port[mac_ext.MAC_LEARNING] = old_mac_learning_state
self._delete_port_queue_mapping(context, ret_port['id']) self._delete_port_queue_mapping(context, ret_port['id'])
self._process_port_queue_mapping(context, ret_port) self._process_port_queue_mapping(context, ret_port)
self._extend_port_port_security_dict(context, ret_port)
LOG.warn(_("Update port request: %s"), port) LOG.warn(_("Update port request: %s"), port)
nvp_port_id = self._nvp_get_port_id( nvp_port_id = self._nvp_get_port_id(
context, self.cluster, ret_port) context, self.cluster, ret_port)
@ -1473,7 +1462,6 @@ class NvpPluginV2(db_base_plugin_v2.NeutronDbPluginV2,
with context.session.begin(subtransactions=True): with context.session.begin(subtransactions=True):
neutron_db_port = super(NvpPluginV2, self).get_port(context, neutron_db_port = super(NvpPluginV2, self).get_port(context,
id, fields) id, fields)
self._extend_port_port_security_dict(context, neutron_db_port)
self._extend_port_qos_queue(context, neutron_db_port) self._extend_port_qos_queue(context, neutron_db_port)
self._extend_port_mac_learning_state(context, neutron_db_port) self._extend_port_mac_learning_state(context, neutron_db_port)

View File

@ -60,9 +60,8 @@ class PortSecurityTestPlugin(db_base_plugin_v2.NeutronDbPluginV2,
neutron_db = super(PortSecurityTestPlugin, self).create_network( neutron_db = super(PortSecurityTestPlugin, self).create_network(
context, network) context, network)
neutron_db.update(network['network']) neutron_db.update(network['network'])
self._process_network_create_port_security( self._process_network_port_security_create(
context, neutron_db) context, network['network'], neutron_db)
self._extend_network_port_security_dict(context, neutron_db)
return neutron_db return neutron_db
def update_network(self, context, id, network): def update_network(self, context, id, network):
@ -70,17 +69,14 @@ class PortSecurityTestPlugin(db_base_plugin_v2.NeutronDbPluginV2,
neutron_db = super(PortSecurityTestPlugin, self).update_network( neutron_db = super(PortSecurityTestPlugin, self).update_network(
context, id, network) context, id, network)
if psec.PORTSECURITY in network['network']: if psec.PORTSECURITY in network['network']:
self._update_network_security_binding( self._process_network_port_security_update(
context, id, network['network'][psec.PORTSECURITY]) context, network['network'], neutron_db)
self._extend_network_port_security_dict(
context, neutron_db)
return neutron_db return neutron_db
def get_network(self, context, id, fields=None): def get_network(self, context, id, fields=None):
with context.session.begin(subtransactions=True): with context.session.begin(subtransactions=True):
net = super(PortSecurityTestPlugin, self).get_network( net = super(PortSecurityTestPlugin, self).get_network(
context, id) context, id)
self._extend_network_port_security_dict(context, net)
return self._fields(net, fields) return self._fields(net, fields)
def create_port(self, context, port): def create_port(self, context, port):
@ -95,7 +91,7 @@ class PortSecurityTestPlugin(db_base_plugin_v2.NeutronDbPluginV2,
(port_security, has_ip) = self._determine_port_security_and_has_ip( (port_security, has_ip) = self._determine_port_security_and_has_ip(
context, p) context, p)
p[psec.PORTSECURITY] = port_security p[psec.PORTSECURITY] = port_security
self._process_port_security_create(context, p) self._process_port_port_security_create(context, p, neutron_db)
if (attr.is_attr_set(p.get(ext_sg.SECURITYGROUPS)) and if (attr.is_attr_set(p.get(ext_sg.SECURITYGROUPS)) and
not (port_security and has_ip)): not (port_security and has_ip)):
@ -109,8 +105,6 @@ class PortSecurityTestPlugin(db_base_plugin_v2.NeutronDbPluginV2,
self._process_port_create_security_group( self._process_port_create_security_group(
context, p, p[ext_sg.SECURITYGROUPS]) context, p, p[ext_sg.SECURITYGROUPS])
self._extend_port_port_security_dict(context, p)
return port['port'] return port['port']
def update_port(self, context, id, port): def update_port(self, context, id, port):
@ -159,10 +153,8 @@ class PortSecurityTestPlugin(db_base_plugin_v2.NeutronDbPluginV2,
ret_port, sgids) ret_port, sgids)
if psec.PORTSECURITY in port['port']: if psec.PORTSECURITY in port['port']:
self._update_port_security_binding( self._process_port_port_security_update(
context, id, ret_port[psec.PORTSECURITY]) context, port['port'], ret_port)
self._extend_port_port_security_dict(context, ret_port)
return ret_port return ret_port