[aim-mapping] Implement policy classifier update

When a policy classifier is updated, and if the update is made to the port-range and/or direction and/or protocol, the following needs to be done: * the old filter_entries need to be replaced with new ones corresponding to the new classifier attributes * if the new classifier does not need a reverse filter, the older reverse filter, if present, needs to be deleted and removed from the contract_subjects that reference it * if the direction has changed, the contract_subjects which reference the filter (and possibly the reverse filter) neeed to be updated by putting the filter (and possibly the reverse filter) in the relevant direction's list (i.e. in and/or out) of the contract_subjects Change-Id: I8c276d58cea371c17d5ae9cff621031b3a6a159b
2017-01-25 02:46:43 -08:00
parent f2e1482a61
commit 16b3205f0a
3 changed files with 374 additions and 203 deletions
--- a/gbpservice/neutron/services/grouppolicy/drivers/cisco/apic/apic_mapping_lib.py
+++ b/gbpservice/neutron/services/grouppolicy/drivers/cisco/apic/apic_mapping_lib.py
@@ -59,6 +59,48 @@ class OnlyOneAddressIsAllowedPerExternalSegment(gpexc.GroupPolicyBadRequest):
                "APIC GBP driver.")


+def get_filter_entries_for_policy_classifier(classifier):
+    # forward_rules and reverse_rules is each a dict of filter_entries
+    # with each entry in the dict having the filter_entry name as the
+    # key and the filter_entry attributes as the value
+    entries = {'forward_rules': None, 'reverse_rules': None}
+    x = 0
+    port_min, port_max = (
+        gpdb.GroupPolicyMappingDbPlugin._get_min_max_ports_from_range(
+            classifier['port_range']))
+    f_attrs = {'etherT': 'unspecified'}
+    if classifier['protocol']:
+        f_attrs['etherT'] = 'ip'
+        f_attrs['prot'] = classifier['protocol'].lower()
+    if port_min and port_max:
+        f_attrs['dToPort'] = port_max
+        f_attrs['dFromPort'] = port_min
+    entries['forward_rules'] = {_get_filter_entry_name(x): f_attrs}
+    # Also create reverse rule
+    if f_attrs.get('prot') in REVERSIBLE_PROTOCOLS:
+        r_entries = {}
+        r_attrs = copy.deepcopy(f_attrs)
+        if r_attrs.get('dToPort') and r_attrs.get('dFromPort'):
+            r_attrs.pop('dToPort')
+            r_attrs.pop('dFromPort')
+            r_attrs['sToPort'] = port_max
+            r_attrs['sFromPort'] = port_min
+        if r_attrs['prot'] == n_constants.PROTO_NAME_TCP.lower():
+            # Only match on established sessions
+            r_attrs['tcpRules'] = 'est'
+        r_entries[_get_filter_entry_name(x)] = r_attrs
+        if r_attrs['prot'] == n_constants.PROTO_NAME_ICMP.lower():
+            r_entries = {}
+            # create more entries:
+            for reply_type in ICMP_REPLY_TYPES:
+                x += 1
+                r_entry = copy.deepcopy(r_attrs)
+                r_entry['icmpv4T'] = reply_type
+                r_entries[_get_filter_entry_name(x)] = r_entry
+        entries['reverse_rules'] = r_entries
+    return entries
+
+
 def get_filter_entries_for_policy_rule(context):
    # forward_rules and reverse_rules is each a dict of filter_entries
    # with each entry in the dict having the filter_entry name as the
@@ -69,41 +111,8 @@ def get_filter_entries_for_policy_rule(context):
    classifier = context._plugin.get_policy_classifier(
        context._plugin_context,
        context.current['policy_classifier_id'])
-    x = 0
    if action['action_type'] in ALLOWING_ACTIONS:
-        port_min, port_max = (
-            gpdb.GroupPolicyMappingDbPlugin._get_min_max_ports_from_range(
-                classifier['port_range']))
-        f_attrs = {'etherT': 'unspecified'}
-        if classifier['protocol']:
-            f_attrs['etherT'] = 'ip'
-            f_attrs['prot'] = classifier['protocol'].lower()
-        if port_min and port_max:
-            f_attrs['dToPort'] = port_max
-            f_attrs['dFromPort'] = port_min
-        entries['forward_rules'] = {_get_filter_entry_name(x): f_attrs}
-        # Also create reverse rule
-        if f_attrs.get('prot') in REVERSIBLE_PROTOCOLS:
-            r_entries = {}
-            r_attrs = copy.deepcopy(f_attrs)
-            if r_attrs.get('dToPort') and r_attrs.get('dFromPort'):
-                r_attrs.pop('dToPort')
-                r_attrs.pop('dFromPort')
-                r_attrs['sToPort'] = port_max
-                r_attrs['sFromPort'] = port_min
-            if r_attrs['prot'] == n_constants.PROTO_NAME_TCP.lower():
-                # Only match on established sessions
-                r_attrs['tcpRules'] = 'est'
-            r_entries[_get_filter_entry_name(x)] = r_attrs
-            if r_attrs['prot'] == n_constants.PROTO_NAME_ICMP.lower():
-                r_entries = {}
-                # create more entries:
-                for reply_type in ICMP_REPLY_TYPES:
-                    x += 1
-                    r_entry = copy.deepcopy(r_attrs)
-                    r_entry['icmpv4T'] = reply_type
-                    r_entries[_get_filter_entry_name(x)] = r_entry
-            entries['reverse_rules'] = r_entries
+        entries = get_filter_entries_for_policy_classifier(classifier)
    return entries