Support shared resource on APIC driver
Closes-bug: 1402428 Change-Id: Ic3bd7da911eaaafe112bf769fab390248b1f219f
This commit is contained in:
Ivar Lazzaro
@@ -71,6 +71,11 @@ class PATNotSupportedByApicDriver(gpexc.GroupPolicyBadRequest):
|
|||||||
message = _("Port address translation is not supported by APIC driver.")
|
message = _("Port address translation is not supported by APIC driver.")
|
||||||
|
|
||||||
|
|
||||||
|
class SharedAttributeUpdateNotSupportedOnApic(gpexc.GroupPolicyBadRequest):
|
||||||
|
message = _("Resource shared attribute update not supported on APIC "
|
||||||
|
"GBP driver for resource of type %(type)s")
|
||||||
|
|
||||||
|
|
||||||
class ApicMappingDriver(api.ResourceMappingDriver):
|
class ApicMappingDriver(api.ResourceMappingDriver):
|
||||||
"""Apic Mapping driver for Group Policy plugin.
|
"""Apic Mapping driver for Group Policy plugin.
|
||||||
|
|
||||||
@@ -145,7 +150,9 @@ class ApicMappingDriver(api.ResourceMappingDriver):
|
|||||||
'network_type': network[pn.NETWORK_TYPE],
|
'network_type': network[pn.NETWORK_TYPE],
|
||||||
'l2_policy_id': ptg['l2_policy_id'],
|
'l2_policy_id': ptg['l2_policy_id'],
|
||||||
'tenant_id': port['tenant_id'],
|
'tenant_id': port['tenant_id'],
|
||||||
'host': port['binding:host_id']
|
'host': port['binding:host_id'],
|
||||||
|
'ptg_apic_tentant': (ptg['tenant_id'] if not ptg['shared'] else
|
||||||
|
apic_manager.TENANT_COMMON)
|
||||||
}
|
}
|
||||||
|
|
||||||
def create_dhcp_policy_target_if_needed(self, plugin_context, port):
|
def create_dhcp_policy_target_if_needed(self, plugin_context, port):
|
||||||
@@ -200,8 +207,7 @@ class ApicMappingDriver(api.ResourceMappingDriver):
|
|||||||
if port_min and port_max:
|
if port_min and port_max:
|
||||||
attrs['dToPort'] = port_max
|
attrs['dToPort'] = port_max
|
||||||
attrs['dFromPort'] = port_min
|
attrs['dFromPort'] = port_min
|
||||||
tenant = self.name_mapper.tenant(context,
|
tenant = self._tenant_by_sharing_policy(context.current)
|
||||||
context.current['tenant_id'])
|
|
||||||
policy_rule = self.name_mapper.policy_rule(context,
|
policy_rule = self.name_mapper.policy_rule(context,
|
||||||
context.current['id'])
|
context.current['id'])
|
||||||
self.apic_manager.create_tenant_filter(policy_rule, owner=tenant,
|
self.apic_manager.create_tenant_filter(policy_rule, owner=tenant,
|
||||||
@@ -211,8 +217,8 @@ class ApicMappingDriver(api.ResourceMappingDriver):
|
|||||||
pass
|
pass
|
||||||
|
|
||||||
def create_policy_rule_set_postcommit(self, context):
|
def create_policy_rule_set_postcommit(self, context):
|
||||||
# Create APIC contract
|
# Create APIC policy_rule_set
|
||||||
tenant = self.name_mapper.tenant(context, context.current['tenant_id'])
|
tenant = self._tenant_by_sharing_policy(context.current)
|
||||||
contract = self.name_mapper.policy_rule_set(context,
|
contract = self.name_mapper.policy_rule_set(context,
|
||||||
context.current['id'])
|
context.current['id'])
|
||||||
with self.apic_manager.apic.transaction(None) as trs:
|
with self.apic_manager.apic.transaction(None) as trs:
|
||||||
@@ -235,14 +241,17 @@ class ApicMappingDriver(api.ResourceMappingDriver):
|
|||||||
def create_policy_target_group_postcommit(self, context):
|
def create_policy_target_group_postcommit(self, context):
|
||||||
super(ApicMappingDriver, self).create_policy_target_group_postcommit(
|
super(ApicMappingDriver, self).create_policy_target_group_postcommit(
|
||||||
context)
|
context)
|
||||||
tenant = self.name_mapper.tenant(context, context.current['tenant_id'])
|
tenant = self._tenant_by_sharing_policy(context.current)
|
||||||
l2_policy = self.name_mapper.l2_policy(context,
|
l2_policy = self.name_mapper.l2_policy(context,
|
||||||
context.current['l2_policy_id'])
|
context.current['l2_policy_id'])
|
||||||
ptg = self.name_mapper.policy_target_group(context,
|
epg = self.name_mapper.policy_target_group(context,
|
||||||
context.current['id'])
|
context.current['id'])
|
||||||
|
l2_policy_object = context._plugin.get_l2_policy(
|
||||||
|
context._plugin_context, context.current['l2_policy_id'])
|
||||||
|
bd_owner = self._tenant_by_sharing_policy(l2_policy_object)
|
||||||
with self.apic_manager.apic.transaction(None) as trs:
|
with self.apic_manager.apic.transaction(None) as trs:
|
||||||
self.apic_manager.ensure_epg_created(tenant, ptg,
|
self.apic_manager.ensure_epg_created(tenant, epg,
|
||||||
|
bd_owner=bd_owner,
|
||||||
bd_name=l2_policy)
|
bd_name=l2_policy)
|
||||||
subnets = self._subnet_ids_to_objects(context._plugin_context,
|
subnets = self._subnet_ids_to_objects(context._plugin_context,
|
||||||
context.current['subnets'])
|
context.current['subnets'])
|
||||||
@@ -262,25 +271,27 @@ class ApicMappingDriver(api.ResourceMappingDriver):
|
|||||||
|
|
||||||
def update_l2_policy_precommit(self, context):
|
def update_l2_policy_precommit(self, context):
|
||||||
self._reject_non_shared_net_on_shared_l2p(context)
|
self._reject_non_shared_net_on_shared_l2p(context)
|
||||||
|
self._reject_shared_update(context, 'l2_policy')
|
||||||
|
|
||||||
def create_l2_policy_postcommit(self, context):
|
def create_l2_policy_postcommit(self, context):
|
||||||
super(ApicMappingDriver, self).create_l2_policy_postcommit(context)
|
super(ApicMappingDriver, self).create_l2_policy_postcommit(context)
|
||||||
tenant = self.name_mapper.tenant(context, context.current['tenant_id'])
|
tenant = self._tenant_by_sharing_policy(context.current)
|
||||||
l3_policy = self.name_mapper.l3_policy(context,
|
l3_policy = self.name_mapper.l3_policy(context,
|
||||||
context.current['l3_policy_id'])
|
context.current['l3_policy_id'])
|
||||||
l2_policy = self.name_mapper.l2_policy(context, context.current['id'])
|
l2_policy = self.name_mapper.l2_policy(context, context.current['id'])
|
||||||
|
l3_policy_object = context._plugin.get_l3_policy(
|
||||||
|
context._plugin_context, context.current['l3_policy_id'])
|
||||||
|
ctx_owner = self._tenant_by_sharing_policy(l3_policy_object)
|
||||||
self.apic_manager.ensure_bd_created_on_apic(tenant, l2_policy,
|
self.apic_manager.ensure_bd_created_on_apic(tenant, l2_policy,
|
||||||
ctx_owner=tenant,
|
ctx_owner=ctx_owner,
|
||||||
ctx_name=l3_policy)
|
ctx_name=l3_policy)
|
||||||
|
|
||||||
def create_l3_policy_precommit(self, context):
|
def create_l3_policy_precommit(self, context):
|
||||||
self._check_l3p_es(context)
|
self._check_l3p_es(context)
|
||||||
|
|
||||||
def create_l3_policy_postcommit(self, context):
|
def create_l3_policy_postcommit(self, context):
|
||||||
tenant = self.name_mapper.tenant(context, context.current['tenant_id'])
|
tenant = self._tenant_by_sharing_policy(context.current)
|
||||||
l3_policy = self.name_mapper.l3_policy(context, context.current['id'])
|
l3_policy = self.name_mapper.l3_policy(context, context.current['id'])
|
||||||
|
|
||||||
self.apic_manager.ensure_context_enforced(tenant, l3_policy)
|
self.apic_manager.ensure_context_enforced(tenant, l3_policy)
|
||||||
external_segments = context.current['external_segments']
|
external_segments = context.current['external_segments']
|
||||||
if external_segments:
|
if external_segments:
|
||||||
@@ -293,7 +304,7 @@ class ApicMappingDriver(api.ResourceMappingDriver):
|
|||||||
|
|
||||||
def delete_policy_rule_postcommit(self, context):
|
def delete_policy_rule_postcommit(self, context):
|
||||||
# TODO(ivar): delete Contract subject entries to avoid reference leak
|
# TODO(ivar): delete Contract subject entries to avoid reference leak
|
||||||
tenant = self.name_mapper.tenant(context, context.current['tenant_id'])
|
tenant = self._tenant_by_sharing_policy(context.current)
|
||||||
policy_rule = self.name_mapper.policy_rule(context,
|
policy_rule = self.name_mapper.policy_rule(context,
|
||||||
context.current['id'])
|
context.current['id'])
|
||||||
self.apic_manager.delete_tenant_filter(policy_rule, owner=tenant)
|
self.apic_manager.delete_tenant_filter(policy_rule, owner=tenant)
|
||||||
@@ -303,11 +314,11 @@ class ApicMappingDriver(api.ResourceMappingDriver):
|
|||||||
pass
|
pass
|
||||||
|
|
||||||
def delete_policy_rule_set_postcommit(self, context):
|
def delete_policy_rule_set_postcommit(self, context):
|
||||||
# TODO(ivar): disassociate EPGs to avoid reference leak
|
# TODO(ivar): disassociate PTGs to avoid reference leak
|
||||||
tenant = self.name_mapper.tenant(context, context.current['tenant_id'])
|
tenant = self._tenant_by_sharing_policy(context.current)
|
||||||
policy_rule_set = self.name_mapper.policy_rule_set(
|
contract = self.name_mapper.policy_rule_set(context,
|
||||||
context, context.current['id'])
|
context.current['id'])
|
||||||
self.apic_manager.delete_contract(policy_rule_set, owner=tenant)
|
self.apic_manager.delete_contract(contract, owner=tenant)
|
||||||
|
|
||||||
def delete_policy_target_postcommit(self, context):
|
def delete_policy_target_postcommit(self, context):
|
||||||
port = self._core_plugin.get_port(context._plugin_context,
|
port = self._core_plugin.get_port(context._plugin_context,
|
||||||
@@ -326,7 +337,7 @@ class ApicMappingDriver(api.ResourceMappingDriver):
|
|||||||
[], subnets)
|
[], subnets)
|
||||||
for subnet_id in context.current['subnets']:
|
for subnet_id in context.current['subnets']:
|
||||||
self._cleanup_subnet(context._plugin_context, subnet_id, None)
|
self._cleanup_subnet(context._plugin_context, subnet_id, None)
|
||||||
tenant = self.name_mapper.tenant(context, context.current['tenant_id'])
|
tenant = self._tenant_by_sharing_policy(context.current)
|
||||||
ptg = self.name_mapper.policy_target_group(context,
|
ptg = self.name_mapper.policy_target_group(context,
|
||||||
context.current['id'])
|
context.current['id'])
|
||||||
|
|
||||||
@@ -334,13 +345,13 @@ class ApicMappingDriver(api.ResourceMappingDriver):
|
|||||||
|
|
||||||
def delete_l2_policy_postcommit(self, context):
|
def delete_l2_policy_postcommit(self, context):
|
||||||
super(ApicMappingDriver, self).delete_l2_policy_postcommit(context)
|
super(ApicMappingDriver, self).delete_l2_policy_postcommit(context)
|
||||||
tenant = self.name_mapper.tenant(context, context.current['tenant_id'])
|
tenant = self._tenant_by_sharing_policy(context.current)
|
||||||
l2_policy = self.name_mapper.l2_policy(context, context.current['id'])
|
l2_policy = self.name_mapper.l2_policy(context, context.current['id'])
|
||||||
|
|
||||||
self.apic_manager.delete_bd_on_apic(tenant, l2_policy)
|
self.apic_manager.delete_bd_on_apic(tenant, l2_policy)
|
||||||
|
|
||||||
def delete_l3_policy_postcommit(self, context):
|
def delete_l3_policy_postcommit(self, context):
|
||||||
tenant = self.name_mapper.tenant(context, context.current['tenant_id'])
|
tenant = self._tenant_by_sharing_policy(context.current)
|
||||||
l3_policy = self.name_mapper.l3_policy(context, context.current['id'])
|
l3_policy = self.name_mapper.l3_policy(context, context.current['id'])
|
||||||
|
|
||||||
self.apic_manager.ensure_context_deleted(tenant, l3_policy)
|
self.apic_manager.ensure_context_deleted(tenant, l3_policy)
|
||||||
@@ -353,11 +364,11 @@ class ApicMappingDriver(api.ResourceMappingDriver):
|
|||||||
for es in ess:
|
for es in ess:
|
||||||
self._unplug_l3p_from_es(context, es)
|
self._unplug_l3p_from_es(context, es)
|
||||||
|
|
||||||
def update_policy_target_precommit(self, context):
|
def update_policy_rule_set_precommit(self, context):
|
||||||
pass
|
self._reject_shared_update(context, 'policy_rule_set')
|
||||||
|
|
||||||
def update_policy_target_postcommit(self, context):
|
def update_policy_target_postcommit(self, context):
|
||||||
# TODO(ivar): redo binding procedure if the EPG is modified,
|
# TODO(ivar): redo binding procedure if the PTG is modified,
|
||||||
# not doable unless driver extension framework is in place
|
# not doable unless driver extension framework is in place
|
||||||
pass
|
pass
|
||||||
|
|
||||||
@@ -368,6 +379,7 @@ class ApicMappingDriver(api.ResourceMappingDriver):
|
|||||||
def update_policy_target_group_precommit(self, context):
|
def update_policy_target_group_precommit(self, context):
|
||||||
if set(context.original['subnets']) - set(context.current['subnets']):
|
if set(context.original['subnets']) - set(context.current['subnets']):
|
||||||
raise gpexc.PolicyTargetGroupSubnetRemovalNotSupported()
|
raise gpexc.PolicyTargetGroupSubnetRemovalNotSupported()
|
||||||
|
self._reject_shared_update(context, 'policy_target_group')
|
||||||
|
|
||||||
def update_policy_target_group_postcommit(self, context):
|
def update_policy_target_group_postcommit(self, context):
|
||||||
# TODO(ivar): refactor parent to avoid code duplication
|
# TODO(ivar): refactor parent to avoid code duplication
|
||||||
@@ -417,6 +429,7 @@ class ApicMappingDriver(api.ResourceMappingDriver):
|
|||||||
context.current['tenant_id'], subnets=new_subnets)
|
context.current['tenant_id'], subnets=new_subnets)
|
||||||
|
|
||||||
def update_l3_policy_precommit(self, context):
|
def update_l3_policy_precommit(self, context):
|
||||||
|
self._reject_shared_update(context, 'l3_policy')
|
||||||
self._check_l3p_es(context)
|
self._check_l3p_es(context)
|
||||||
|
|
||||||
def update_l3_policy_postcommit(self, context):
|
def update_l3_policy_postcommit(self, context):
|
||||||
@@ -495,8 +508,7 @@ class ApicMappingDriver(api.ResourceMappingDriver):
|
|||||||
default_gateway = ext_info['gateway_ip']
|
default_gateway = ext_info['gateway_ip']
|
||||||
es_name = self.name_mapper.external_segment(
|
es_name = self.name_mapper.external_segment(
|
||||||
context, context.current['id'])
|
context, context.current['id'])
|
||||||
es_tenant = self.name_mapper.tenant(
|
es_tenant = self._tenant_by_sharing_policy(context.current)
|
||||||
context, context.current['tenant_id'])
|
|
||||||
ep_names = [self.name_mapper.external_policy(context, x)
|
ep_names = [self.name_mapper.external_policy(context, x)
|
||||||
for x in context.current['external_policies']]
|
for x in context.current['external_policies']]
|
||||||
|
|
||||||
@@ -638,30 +650,31 @@ class ApicMappingDriver(api.ResourceMappingDriver):
|
|||||||
transaction=None):
|
transaction=None):
|
||||||
# REVISIT(ivar): figure out what should be moved in apicapi instead
|
# REVISIT(ivar): figure out what should be moved in apicapi instead
|
||||||
if policy_rules:
|
if policy_rules:
|
||||||
tenant = self.name_mapper.tenant(context,
|
tenant = self._tenant_by_sharing_policy(policy_rule_set)
|
||||||
context.current['tenant_id'])
|
contract = self.name_mapper.policy_rule_set(context,
|
||||||
policy_rule_set = self.name_mapper.policy_rule_set(
|
context.current['id'])
|
||||||
context, context.current['id'])
|
|
||||||
in_dir = [g_const.GP_DIRECTION_BI, g_const.GP_DIRECTION_IN]
|
in_dir = [g_const.GP_DIRECTION_BI, g_const.GP_DIRECTION_IN]
|
||||||
out_dir = [g_const.GP_DIRECTION_BI, g_const.GP_DIRECTION_OUT]
|
out_dir = [g_const.GP_DIRECTION_BI, g_const.GP_DIRECTION_OUT]
|
||||||
filters = {'id': policy_rules}
|
filters = {'id': policy_rules}
|
||||||
for rule in context._plugin.get_policy_rules(
|
for rule in context._plugin.get_policy_rules(
|
||||||
context._plugin_context, filters=filters):
|
context._plugin_context, filters=filters):
|
||||||
policy_rule = self.name_mapper.policy_rule(context, rule['id'])
|
policy_rule = self.name_mapper.policy_rule(context, rule['id'])
|
||||||
|
rule_owner = self._tenant_by_sharing_policy(rule)
|
||||||
classifier = context._plugin.get_policy_classifier(
|
classifier = context._plugin.get_policy_classifier(
|
||||||
context._plugin_context, rule['policy_classifier_id'])
|
context._plugin_context, rule['policy_classifier_id'])
|
||||||
with self.apic_manager.apic.transaction(transaction) as trs:
|
with self.apic_manager.apic.transaction(transaction) as trs:
|
||||||
mgr = self.apic_manager
|
|
||||||
if classifier['direction'] in in_dir:
|
if classifier['direction'] in in_dir:
|
||||||
# Contract and subject are the same thing in this case
|
# PRS and subject are the same thing in this case
|
||||||
mgr.manage_contract_subject_in_filter(
|
self.apic_manager.manage_contract_subject_in_filter(
|
||||||
policy_rule_set, policy_rule_set, policy_rule,
|
contract, contract, policy_rule, owner=tenant,
|
||||||
owner=tenant, transaction=trs, unset=unset)
|
transaction=trs, unset=unset,
|
||||||
|
rule_owner=rule_owner)
|
||||||
if classifier['direction'] in out_dir:
|
if classifier['direction'] in out_dir:
|
||||||
# Contract and subject are the same thing in this case
|
# PRS and subject are the same thing in this case
|
||||||
mgr.manage_contract_subject_out_filter(
|
self.apic_manager.manage_contract_subject_out_filter(
|
||||||
policy_rule_set, policy_rule_set, policy_rule,
|
contract, contract, policy_rule, owner=tenant,
|
||||||
owner=tenant, transaction=trs, unset=unset)
|
transaction=trs, unset=unset,
|
||||||
|
rule_owner=rule_owner)
|
||||||
|
|
||||||
@lockutils.synchronized('apic-portlock')
|
@lockutils.synchronized('apic-portlock')
|
||||||
def _manage_policy_target_port(self, plugin_context, pt):
|
def _manage_policy_target_port(self, plugin_context, pt):
|
||||||
@@ -674,9 +687,10 @@ class ApicMappingDriver(api.ResourceMappingDriver):
|
|||||||
# TODO(ivar): change APICAPI to not expect a resource context
|
# TODO(ivar): change APICAPI to not expect a resource context
|
||||||
plugin_context._plugin = self.gbp_plugin
|
plugin_context._plugin = self.gbp_plugin
|
||||||
plugin_context._plugin_context = plugin_context
|
plugin_context._plugin_context = plugin_context
|
||||||
tenant_id = self.name_mapper.tenant(plugin_context,
|
ptg_object = self.gbp_plugin.get_policy_target_group(
|
||||||
port['tenant_id'])
|
plugin_context, port_details['ptg_id'])
|
||||||
ptg = self.name_mapper.policy_target_group(
|
tenant_id = self._tenant_by_sharing_policy(ptg_object)
|
||||||
|
epg = self.name_mapper.policy_target_group(
|
||||||
plugin_context, port_details['ptg_id'])
|
plugin_context, port_details['ptg_id'])
|
||||||
bd = self.name_mapper.l2_policy(
|
bd = self.name_mapper.l2_policy(
|
||||||
plugin_context, port_details['l2_policy_id'])
|
plugin_context, port_details['l2_policy_id'])
|
||||||
@@ -684,7 +698,7 @@ class ApicMappingDriver(api.ResourceMappingDriver):
|
|||||||
# Create a static path attachment for the host/epg/switchport
|
# Create a static path attachment for the host/epg/switchport
|
||||||
with self.apic_manager.apic.transaction() as trs:
|
with self.apic_manager.apic.transaction() as trs:
|
||||||
self.apic_manager.ensure_path_created_for_port(
|
self.apic_manager.ensure_path_created_for_port(
|
||||||
tenant_id, ptg, port['binding:host_id'], seg,
|
tenant_id, epg, port['binding:host_id'], seg,
|
||||||
bd_name=bd,
|
bd_name=bd,
|
||||||
transaction=trs)
|
transaction=trs)
|
||||||
|
|
||||||
@@ -694,33 +708,37 @@ class ApicMappingDriver(api.ResourceMappingDriver):
|
|||||||
# TODO(ivar): change APICAPI to not expect a resource context
|
# TODO(ivar): change APICAPI to not expect a resource context
|
||||||
plugin_context._plugin = self.gbp_plugin
|
plugin_context._plugin = self.gbp_plugin
|
||||||
plugin_context._plugin_context = plugin_context
|
plugin_context._plugin_context = plugin_context
|
||||||
mapped_tenant = self.name_mapper.tenant(plugin_context,
|
mapped_tenant = self._tenant_by_sharing_policy(ptg)
|
||||||
ptg['tenant_id'])
|
|
||||||
mapped_ptg = self.name_mapper.policy_target_group(plugin_context,
|
mapped_ptg = self.name_mapper.policy_target_group(plugin_context,
|
||||||
ptg['id'])
|
ptg['id'])
|
||||||
provided = [added_provided, removed_provided]
|
provided = [added_provided, removed_provided]
|
||||||
consumed = [added_consumed, removed_consumed]
|
consumed = [added_consumed, removed_consumed]
|
||||||
methods = [self.apic_manager.set_contract_for_epg,
|
methods = [self.apic_manager.set_contract_for_epg,
|
||||||
self.apic_manager.unset_contract_for_epg]
|
self.apic_manager.unset_contract_for_epg]
|
||||||
with self.apic_manager.apic.transaction(transaction) as trs:
|
with self.apic_manager.apic.transaction(transaction) as trs:
|
||||||
for x in xrange(len(provided)):
|
for x in xrange(len(provided)):
|
||||||
for c in provided[x]:
|
for c in self.gbp_plugin.get_policy_rule_sets(
|
||||||
c = self.name_mapper.policy_rule_set(plugin_context, c)
|
plugin_context, filters={'id': provided[x]}):
|
||||||
|
c_owner = self._tenant_by_sharing_policy(c)
|
||||||
|
c = self.name_mapper.policy_rule_set(plugin_context,
|
||||||
|
c['id'])
|
||||||
methods[x](mapped_tenant, mapped_ptg, c, provider=True,
|
methods[x](mapped_tenant, mapped_ptg, c, provider=True,
|
||||||
transaction=trs)
|
contract_owner=c_owner, transaction=trs)
|
||||||
for x in xrange(len(consumed)):
|
for x in xrange(len(consumed)):
|
||||||
for c in consumed[x]:
|
for c in self.gbp_plugin.get_policy_rule_sets(
|
||||||
c = self.name_mapper.policy_rule_set(plugin_context, c)
|
plugin_context, filters={'id': consumed[x]}):
|
||||||
|
c_owner = self._tenant_by_sharing_policy(c)
|
||||||
|
c = self.name_mapper.policy_rule_set(plugin_context,
|
||||||
|
c['id'])
|
||||||
methods[x](mapped_tenant, mapped_ptg, c, provider=False,
|
methods[x](mapped_tenant, mapped_ptg, c, provider=False,
|
||||||
transaction=trs)
|
contract_owner=c_owner, transaction=trs)
|
||||||
|
|
||||||
def _manage_ep_policy_rule_sets(
|
def _manage_ep_policy_rule_sets(
|
||||||
self, plugin_context, es, ep, added_provided, added_consumed,
|
self, plugin_context, es, ep, added_provided, added_consumed,
|
||||||
removed_provided, removed_consumed, transaction=None):
|
removed_provided, removed_consumed, transaction=None):
|
||||||
plugin_context._plugin = self.gbp_plugin
|
plugin_context._plugin = self.gbp_plugin
|
||||||
plugin_context._plugin_context = plugin_context
|
plugin_context._plugin_context = plugin_context
|
||||||
mapped_tenant = self.name_mapper.tenant(plugin_context,
|
mapped_tenant = self._tenant_by_sharing_policy(es)
|
||||||
es['tenant_id'])
|
|
||||||
mapped_es = self.name_mapper.external_segment(plugin_context, es['id'])
|
mapped_es = self.name_mapper.external_segment(plugin_context, es['id'])
|
||||||
|
|
||||||
mapped_ep = self.name_mapper.external_policy(plugin_context,
|
mapped_ep = self.name_mapper.external_policy(plugin_context,
|
||||||
@@ -748,8 +766,9 @@ class ApicMappingDriver(api.ResourceMappingDriver):
|
|||||||
# TODO(ivar): change APICAPI to not expect a resource context
|
# TODO(ivar): change APICAPI to not expect a resource context
|
||||||
plugin_context._plugin = self.gbp_plugin
|
plugin_context._plugin = self.gbp_plugin
|
||||||
plugin_context._plugin_context = plugin_context
|
plugin_context._plugin_context = plugin_context
|
||||||
mapped_tenant = self.name_mapper.tenant(plugin_context,
|
l2_policy_object = self.gbp_plugin.get_l2_policy(
|
||||||
ptg['tenant_id'])
|
plugin_context, ptg['l2_policy_id'])
|
||||||
|
mapped_tenant = self._tenant_by_sharing_policy(l2_policy_object)
|
||||||
mapped_l2p = self.name_mapper.l2_policy(plugin_context,
|
mapped_l2p = self.name_mapper.l2_policy(plugin_context,
|
||||||
ptg['l2_policy_id'])
|
ptg['l2_policy_id'])
|
||||||
subnets = [added_subnets, removed_subnets]
|
subnets = [added_subnets, removed_subnets]
|
||||||
@@ -779,11 +798,12 @@ class ApicMappingDriver(api.ResourceMappingDriver):
|
|||||||
# TODO(ivar): change APICAPI to not expect a resource context
|
# TODO(ivar): change APICAPI to not expect a resource context
|
||||||
context._plugin = self.gbp_plugin
|
context._plugin = self.gbp_plugin
|
||||||
context._plugin_context = context
|
context._plugin_context = context
|
||||||
atenant_id = self.name_mapper.tenant(context,
|
ptg_object = self.gbp_plugin.get_policy_target_group(
|
||||||
port_info['tenant_id'])
|
context, port_info['ptg_id'])
|
||||||
ptg = self.name_mapper.policy_target_group(context,
|
atenant_id = self._tenant_by_sharing_policy(ptg_object)
|
||||||
|
epg = self.name_mapper.policy_target_group(context,
|
||||||
port_info['ptg_id'])
|
port_info['ptg_id'])
|
||||||
self._delete_port_path(context, atenant_id, ptg, port_info)
|
self._delete_port_path(context, atenant_id, epg, port_info)
|
||||||
|
|
||||||
def _get_default_security_group(self, context, ptg_id, tenant_id):
|
def _get_default_security_group(self, context, ptg_id, tenant_id):
|
||||||
# Default SG in APIC mapping is per tenant, and allows all the traffic
|
# Default SG in APIC mapping is per tenant, and allows all the traffic
|
||||||
@@ -886,8 +906,7 @@ class ApicMappingDriver(api.ResourceMappingDriver):
|
|||||||
default_gateway = ext_info['gateway_ip']
|
default_gateway = ext_info['gateway_ip']
|
||||||
es_name = self.name_mapper.external_segment(
|
es_name = self.name_mapper.external_segment(
|
||||||
context, es['id'])
|
context, es['id'])
|
||||||
es_tenant = self.name_mapper.tenant(
|
es_tenant = self._tenant_by_sharing_policy(es)
|
||||||
context, es['tenant_id'])
|
|
||||||
with self.apic_manager.apic.transaction() as trs:
|
with self.apic_manager.apic.transaction() as trs:
|
||||||
# Create External Routed Network connected to the proper
|
# Create External Routed Network connected to the proper
|
||||||
# L3 Context
|
# L3 Context
|
||||||
@@ -906,7 +925,7 @@ class ApicMappingDriver(api.ResourceMappingDriver):
|
|||||||
|
|
||||||
def _unplug_l3p_from_es(self, context, es):
|
def _unplug_l3p_from_es(self, context, es):
|
||||||
es_name = self.name_mapper.external_segment(context, es['id'])
|
es_name = self.name_mapper.external_segment(context, es['id'])
|
||||||
es_tenant = self.name_mapper.tenant(context, es['tenant_id'])
|
es_tenant = self._tenant_by_sharing_policy(es)
|
||||||
self.apic_manager.delete_external_routed_network(
|
self.apic_manager.delete_external_routed_network(
|
||||||
es_name, owner=es_tenant)
|
es_name, owner=es_tenant)
|
||||||
|
|
||||||
@@ -932,7 +951,7 @@ class ApicMappingDriver(api.ResourceMappingDriver):
|
|||||||
"mapping driver.") % es['id'])
|
"mapping driver.") % es['id'])
|
||||||
continue
|
continue
|
||||||
es_name = self.name_mapper.external_segment(context, es['id'])
|
es_name = self.name_mapper.external_segment(context, es['id'])
|
||||||
es_tenant = self.name_mapper.tenant(context, es['tenant_id'])
|
es_tenant = self._tenant_by_sharing_policy(es)
|
||||||
with self.apic_manager.apic.transaction() as trs:
|
with self.apic_manager.apic.transaction() as trs:
|
||||||
# Create External EPG
|
# Create External EPG
|
||||||
subnets = set(x['destination'] for
|
subnets = set(x['destination'] for
|
||||||
@@ -959,7 +978,7 @@ class ApicMappingDriver(api.ResourceMappingDriver):
|
|||||||
"mapping driver.") % es['id'])
|
"mapping driver.") % es['id'])
|
||||||
continue
|
continue
|
||||||
es_name = self.name_mapper.external_segment(context, es['id'])
|
es_name = self.name_mapper.external_segment(context, es['id'])
|
||||||
es_tenant = self.name_mapper.tenant(context, es['tenant_id'])
|
es_tenant = self._tenant_by_sharing_policy(es)
|
||||||
self.apic_manager.ensure_external_epg_deleted(
|
self.apic_manager.ensure_external_epg_deleted(
|
||||||
es_name, external_epg=ep_name, owner=es_tenant)
|
es_name, external_epg=ep_name, owner=es_tenant)
|
||||||
|
|
||||||
@@ -983,3 +1002,13 @@ class ApicMappingDriver(api.ResourceMappingDriver):
|
|||||||
if ptgass:
|
if ptgass:
|
||||||
return self.gbp_plugin.get_policy_target_group(
|
return self.gbp_plugin.get_policy_target_group(
|
||||||
plugin_context, ptgass['policy_target_group_id'])
|
plugin_context, ptgass['policy_target_group_id'])
|
||||||
|
|
||||||
|
def _reject_shared_update(self, context, type):
|
||||||
|
if context.original.get('shared') != context.current.get('shared'):
|
||||||
|
raise SharedAttributeUpdateNotSupportedOnApic(type=type)
|
||||||
|
|
||||||
|
def _tenant_by_sharing_policy(self, object):
|
||||||
|
if not object.get('shared'):
|
||||||
|
return self.name_mapper.tenant(None, object['tenant_id'])
|
||||||
|
else:
|
||||||
|
return apic_manager.TENANT_COMMON
|
||||||
|
|||||||
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user