x/group-based-policy
Code Issues Proposed changes

Nsx policy: Follow naming convention

Browse Source 
Nsx objects created by openstack should be named according to
convention name_uuid[5:]..uuid[:5].

Change-Id: Ieb248a3a7a8b8627502126b07f585980b0d1f8b1
This commit is contained in:
Anna Khmelnitsky 2017-08-01 17:22:30 -07:00
parent d5077ccaec
commit 0d2885bf64
2 changed files with 91 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
gbpservice/neutron/services/grouppolicy/drivers/vmware/nsx_policy/nsx_policy_mapping.py
View File

@ -76,14 +76,26 @@ class ProtocolNotSupported(gpexc.GroupPolicyBadRequest):
"supported with %s" % DRIVER_NAME)
def in_name(name):
def append_in_dir(name):
return name + '_I'
def out_name(name):
def append_out_dir(name):
return name + '_O'
def generate_nsx_name(uuid, name, tag=None, maxlen=80):
short_uuid = '_' + uuid[:5] + '...' + uuid[-5:]
maxlen = maxlen - len(short_uuid)
if not name:
name = ''
if tag:
maxlen = maxlen - len(tag) - 1
return name[:maxlen] + '_' + tag + short_uuid
else:
return name[:maxlen] + short_uuid
class NsxPolicyMappingDriver(api.ResourceMappingDriver):
"""Nsx Policy Mapping driver for Group Policy plugin.
@ -159,15 +171,10 @@ class NsxPolicyMappingDriver(api.ResourceMappingDriver):
password=nsx_manager_password,
thumbprint=nsx_manager_thumbprint)
def _generate_nsx_name(self, object_id, object_name):
if object_name:
return object_name + '_' + object_id
return object_id
def _create_domain(self, context):
project_id = context.current['project_id']
tenant_name = context._plugin_context.tenant_name
domain_name = self._generate_nsx_name(project_id, tenant_name)
domain_name = generate_nsx_name(project_id, tenant_name)
LOG.info('Creating domain %(domain)s for project %(project)s',
{'domain': domain_name,
@ -205,7 +212,7 @@ class NsxPolicyMappingDriver(api.ResourceMappingDriver):
for rule in rules]
self.nsx_policy.comm_profile.create_or_overwrite(
name=name,
name=generate_nsx_name(profile_id, name),
profile_id=profile_id,
description=description,
services=services)
@ -249,21 +256,25 @@ class NsxPolicyMappingDriver(api.ResourceMappingDriver):
if in_rules:
self._create_or_update_communication_profile(
in_name(rule_set_id),
in_name(context.current['name']),
append_in_dir(rule_set_id),
generate_nsx_name(rule_set_id,
context.current['name'],
'_IN'),
context.current['description'] + '(ingress)',
in_rules)
elif update_flow:
self._delete_comm_profile(in_name(rule_set_id))
self._delete_comm_profile(append_in_dir(rule_set_id))
if out_rules:
self._create_or_update_communication_profile(
out_name(rule_set_id),
out_name(context.current['name']),
append_out_dir(rule_set_id),
generate_nsx_name(rule_set_id,
context.current['name'],
'_OUT'),
context.current['description'] + '(egress)',
out_rules)
elif update_flow:
self._delete_comm_profile(out_name(rule_set_id))
self._delete_comm_profile(append_out_dir(rule_set_id))
def _filter_ptgs_by_ruleset(self, ptgs, ruleset_id):
providing_ptgs = [ptg['id'] for ptg in ptgs
@ -278,8 +289,8 @@ class NsxPolicyMappingDriver(api.ResourceMappingDriver):
providing_ptgs, consuming_ptgs = self._filter_ptgs_by_ruleset(
ptgs, ruleset_id)
ruleset_in = in_name(ruleset_id)
ruleset_out = out_name(ruleset_id)
ruleset_in = append_in_dir(ruleset_id)
ruleset_out = append_out_dir(ruleset_id)
if not consuming_ptgs or not providing_ptgs:
if not delete_flow:
return
@ -297,7 +308,7 @@ class NsxPolicyMappingDriver(api.ResourceMappingDriver):
if ruleset_in in profiles:
self.nsx_policy.comm_map.create_or_overwrite(
name = ruleset_in,
name=ruleset_in,
domain_id=project_id,
map_id=ruleset_in,
description="GBP ruleset ingress",
@ -392,7 +403,7 @@ class NsxPolicyMappingDriver(api.ResourceMappingDriver):
# service entry in nsx policy has single direction
# directions will be enforced on communication profile level
self.nsx_policy.service.create_or_overwrite(
name=classifier['name'],
name=generate_nsx_name(classifier['id'], classifier['name']),
service_id=classifier['id'],
description=classifier['description'],
protocol=classifier['protocol'],
@ -461,7 +472,7 @@ class NsxPolicyMappingDriver(api.ResourceMappingDriver):
self._create_domain(context)
self.nsx_policy.group.create_or_overwrite(
name=context.current['name'],
name=generate_nsx_name(group_id, context.current['name']),
domain_id=project_id,
group_id=group_id,
description=context.current['description'],
@ -510,10 +521,10 @@ class NsxPolicyMappingDriver(api.ResourceMappingDriver):
in_rules, out_rules = self._split_rules_by_direction(context, rules)
if in_rules:
self._delete_comm_profile(in_name(ruleset_id))
self._delete_comm_profile(append_in_dir(ruleset_id))
if out_rules:
self._delete_comm_profile(out_name(ruleset_id))
self._delete_comm_profile(append_out_dir(ruleset_id))
def delete_policy_target_postcommit(self, context):
# This is inherited behavior without:

115
gbpservice/neutron/tests/unit/services/grouppolicy/test_nsx_policy_mapping_driver.py
View File

@ -176,7 +176,7 @@ class TestPolicyClassifier(NsxPolicyMappingTestCase):
# verify API call to create the service
service_create_call.assert_called_with(
name='test',
name=mock.ANY,
description=mock.ANY,
protocol='tcp',
dest_ports=['80'],
@ -191,7 +191,7 @@ class TestPolicyClassifier(NsxPolicyMappingTestCase):
direction='in')['policy_classifier']
service_create_call.assert_called_with(
name='test',
name=mock.ANY,
description=mock.ANY,
protocol='tcp',
dest_ports=['443'],
@ -212,7 +212,7 @@ class TestPolicyClassifier(NsxPolicyMappingTestCase):
port_list = [str(p) for p in range(777, 889)]
service_create_call.assert_called_with(
name='test',
name=mock.ANY,
description=mock.ANY,
protocol='udp',
dest_ports=port_list,
@ -228,10 +228,7 @@ class TestPolicyClassifier(NsxPolicyMappingTestCase):
direction='bi')['policy_classifier']
# verify API call to create the service
service_create_call.assert_called_with(
name='test',
description=mock.ANY,
service_id=mock.ANY)
service_create_call.assert_called()
self.delete_policy_classifier(cl['id'])
@ -284,25 +281,25 @@ class TestPolicyTargetGroup(NsxPolicyMappingTestCase):
def group_call(self, name, group_id):
return call(domain_id=TEST_PROJECT,
name=name,
name=driver.generate_nsx_name(group_id, name),
description=mock.ANY,
cond_val=group_id,
group_id=group_id)
def ingress_map_call(self, prs_id, provider_ids, consumer_ids):
return call(domain_id=TEST_PROJECT,
profile_id=driver.in_name(prs_id),
profile_id=driver.append_in_dir(prs_id),
map_id=mock.ANY,
name=driver.in_name(prs_id),
name=driver.append_in_dir(prs_id),
description=mock.ANY,
source_groups=consumer_ids,
dest_groups=provider_ids)
def egress_map_call(self, prs_id, provider_ids, consumer_ids):
return call(domain_id=TEST_PROJECT,
profile_id=driver.out_name(prs_id),
profile_id=driver.append_out_dir(prs_id),
map_id=mock.ANY,
name=driver.out_name(prs_id),
name=driver.append_out_dir(prs_id),
description=mock.ANY,
source_groups=provider_ids,
dest_groups=consumer_ids)
@ -318,7 +315,7 @@ class TestPolicyTargetGroup(NsxPolicyMappingTestCase):
name='test')['policy_target_group']
domain_create.assert_called_with(domain_id=TEST_PROJECT,
name=TEST_PROJECT,
name=mock.ANY,
description=mock.ANY)
group_create.assert_has_calls([self.group_call('test', ptg['id'])])
map_create.assert_not_called()
@ -333,8 +330,8 @@ class TestPolicyTargetGroup(NsxPolicyMappingTestCase):
'''
policy_rule_set = self._prepare_rule_set()
profile_in = driver.in_name(policy_rule_set['id'])
profile_out = driver.out_name(policy_rule_set['id'])
profile_in = driver.append_in_dir(policy_rule_set['id'])
profile_out = driver.append_out_dir(policy_rule_set['id'])
profile_ids = []
if direction_in:
profile_ids.append(profile_in)
@ -381,11 +378,13 @@ class TestPolicyTargetGroup(NsxPolicyMappingTestCase):
# verify communication map delete on backend
calls = []
if direction_in:
calls.append(call(TEST_PROJECT,
driver.in_name(policy_rule_set['id'])))
calls.append(call(
TEST_PROJECT,
driver.append_in_dir(policy_rule_set['id'])))
if direction_out:
calls.append(call(TEST_PROJECT,
driver.out_name(policy_rule_set['id'])))
calls.append(call(
TEST_PROJECT,
driver.append_out_dir(policy_rule_set['id'])))
map_delete.assert_has_calls(calls)
@ -457,8 +456,8 @@ class TestPolicyTargetGroup(NsxPolicyMappingTestCase):
'''
policy_rule_set = self._prepare_rule_set()
profile_ids = [driver.in_name(policy_rule_set['id']),
driver.out_name(policy_rule_set['id'])]
profile_ids = [driver.append_in_dir(policy_rule_set['id']),
driver.append_out_dir(policy_rule_set['id'])]
with self._mock_group_create(),\
self._mock_profile_list(profile_ids),\
@ -486,9 +485,9 @@ class TestPolicyTargetGroup(NsxPolicyMappingTestCase):
prs1 = self._prepare_rule_set()['id']
prs2 = self._prepare_rule_set()['id']
prs3 = self._prepare_rule_set()['id']
profile_ids = [driver.in_name(prs1), driver.out_name(prs1),
driver.in_name(prs2), driver.out_name(prs2),
driver.in_name(prs3), driver.out_name(prs3)]
profile_ids = [driver.append_in_dir(prs1), driver.append_out_dir(prs1),
driver.append_in_dir(prs2), driver.append_out_dir(prs2),
driver.append_in_dir(prs3), driver.append_out_dir(prs3)]
# Create a and c
with self._mock_group_create(),\
@ -526,11 +525,12 @@ class TestPolicyTargetGroup(NsxPolicyMappingTestCase):
map_create.assert_has_calls(map_create_calls, any_order=True)
map_delete_calls = [call(TEST_PROJECT, driver.in_name(prs1)),
call(TEST_PROJECT, driver.out_name(prs1)),
call(TEST_PROJECT, driver.in_name(prs2)),
call(TEST_PROJECT, driver.out_name(prs2)),
call(TEST_PROJECT, driver.in_name(prs3))]
map_delete_calls = [
call(TEST_PROJECT, driver.append_in_dir(prs1)),
call(TEST_PROJECT, driver.append_out_dir(prs1)),
call(TEST_PROJECT, driver.append_in_dir(prs2)),
call(TEST_PROJECT, driver.append_out_dir(prs2)),
call(TEST_PROJECT, driver.append_in_dir(prs3))]
map_delete.assert_has_calls(map_delete_calls, any_order=True)
@ -548,10 +548,10 @@ class TestPolicyTargetGroup(NsxPolicyMappingTestCase):
prs2 = self._prepare_rule_set()['id']
prs3 = self._prepare_rule_set()['id']
profile_ids = [driver.in_name(prs1),
driver.out_name(prs2),
driver.in_name(prs3),
driver.out_name(prs3)]
profile_ids = [driver.append_in_dir(prs1),
driver.append_out_dir(prs2),
driver.append_in_dir(prs3),
driver.append_out_dir(prs3)]
with self._mock_domain_create(),\
self._mock_group_create() as group_create,\
@ -584,7 +584,7 @@ class TestPolicyTargetGroup(NsxPolicyMappingTestCase):
for i in range(0, ring_size):
prs_ids.append(self._prepare_rule_set()['id'])
profile_ids = [driver.in_name(prs_id) for prs_id in prs_ids]
profile_ids = [driver.append_in_dir(prs_id) for prs_id in prs_ids]
# Create ring topology
with self._mock_domain_create(),\
@ -633,8 +633,8 @@ class TestPolicyTargetGroup(NsxPolicyMappingTestCase):
ptg_id = ptg_ids[2]
self.delete_policy_target_group(ptg_id)
map_calls = [call(TEST_PROJECT, driver.in_name(prs_ids[2])),
call(TEST_PROJECT, driver.in_name(prs_ids[3]))]
map_calls = [call(TEST_PROJECT, driver.append_in_dir(prs_ids[2])),
call(TEST_PROJECT, driver.append_in_dir(prs_ids[3]))]
map_delete.assert_has_calls(map_calls)
map_create.assert_not_called()
@ -650,7 +650,7 @@ class TestPolicyTargetGroup(NsxPolicyMappingTestCase):
self.update_policy_target_group(
ptg_id, provided_policy_rule_sets={})
map_calls = [call(TEST_PROJECT, driver.in_name(prs_ids[5]))]
map_calls = [call(TEST_PROJECT, driver.append_in_dir(prs_ids[5]))]
map_delete.assert_has_calls(map_calls)
map_create.assert_not_called()
group_delete.assert_not_called()
@ -661,7 +661,7 @@ class TestPolicyTargetGroup(NsxPolicyMappingTestCase):
star_size = 10
policy_rule_set = self._prepare_rule_set()
prs_id = policy_rule_set['id']
profile_ids = [driver.in_name(prs_id)]
profile_ids = [driver.append_in_dir(prs_id)]
# Create topology
with self._mock_domain_create(),\
@ -731,7 +731,8 @@ class TestPolicyTargetGroup(NsxPolicyMappingTestCase):
self.delete_policy_target_group(provider_id)
map_create.assert_not_called()
map_delete.assert_called_with(TEST_PROJECT, driver.in_name(prs_id))
map_delete.assert_called_with(TEST_PROJECT,
driver.append_in_dir(prs_id))
star_size -= 1
group_delete.assert_called_with(TEST_PROJECT, provider_id)
@ -749,21 +750,21 @@ class TestPolicyRuleSet(NsxPolicyMappingTestCase):
rule_set = self.create_policy_rule_set(
name='test', policy_rules=[rule['id']])['policy_rule_set']
calls = [call(name=driver.in_name('test'),
calls = [call(name=mock.ANY,
description=mock.ANY,
profile_id=driver.in_name(rule_set['id']),
profile_id=driver.append_in_dir(rule_set['id']),
services=[rule['policy_classifier_id']]),
call(name=driver.out_name('test'),
call(name=mock.ANY,
description=mock.ANY,
profile_id=driver.out_name(rule_set['id']),
profile_id=driver.append_out_dir(rule_set['id']),
services=[rule['policy_classifier_id']])]
profile_create.assert_has_calls(calls)
self.delete_policy_rule_set(rule_set['id'])
calls = [call(driver.in_name(rule_set['id'])),
call(driver.out_name(rule_set['id']))]
calls = [call(driver.append_in_dir(rule_set['id'])),
call(driver.append_out_dir(rule_set['id']))]
profile_delete.assert_has_calls(calls)
def test_empty(self):
@ -787,11 +788,11 @@ class TestPolicyRuleSet(NsxPolicyMappingTestCase):
policy_rules=[rule['id']])
# Two create calls expected
calls = [call(name=driver.in_name('test'),
calls = [call(name=mock.ANY,
description=mock.ANY,
profile_id=mock.ANY,
services=[rule['policy_classifier_id']]),
call(name=driver.out_name('test'),
call(name=mock.ANY,
description=mock.ANY,
profile_id=mock.ANY,
services=[rule['policy_classifier_id']])]
@ -832,12 +833,12 @@ class TestPolicyRuleSet(NsxPolicyMappingTestCase):
self.assertEqual(2, profile_create.call_count)
profile_create._assert_profile_call(
driver.in_name('test'),
driver.in_name(rule_set['id']),
driver.append_in_dir('test'),
driver.append_in_dir(rule_set['id']),
[rule1['policy_classifier_id'], rule3['policy_classifier_id']])
profile_create._assert_profile_call(
driver.out_name('test'),
driver.out_name(rule_set['id']),
driver.append_out_dir('test'),
driver.append_out_dir(rule_set['id']),
[rule2['policy_classifier_id'], rule3['policy_classifier_id']])
# Replace rule3 with rule4
@ -852,12 +853,12 @@ class TestPolicyRuleSet(NsxPolicyMappingTestCase):
self.assertEqual(rule_set['id'], rule_set1['id'])
self.assertEqual(2, profile_create.call_count)
profile_update._assert_profile_call(
driver.in_name('test'),
driver.in_name(rule_set['id']),
driver.append_in_dir('test'),
driver.append_in_dir(rule_set['id']),
[rule1['policy_classifier_id']])
profile_update._assert_profile_call(
driver.out_name('test'),
driver.out_name(rule_set['id']),
driver.append_out_dir('test'),
driver.append_out_dir(rule_set['id']),
[rule2['policy_classifier_id'], rule4['policy_classifier_id']])
# Delete rule1 from the rule set and verify ingress profile is
@ -868,14 +869,14 @@ class TestPolicyRuleSet(NsxPolicyMappingTestCase):
rule4['id']])
profile_delete.assert_called_once_with(
driver.in_name(rule_set['id']))
driver.append_in_dir(rule_set['id']))
# Delete the rule set and verify egress profile is deleted
with self._mock_profile_delete() as profile_delete:
self.delete_policy_rule_set(rule_set['id'])
profile_delete.assert_called_once_with(
driver.out_name(rule_set['id']))
driver.append_out_dir(rule_set['id']))
class TestPolicyTargetTag(NsxPolicyMappingTestCase):