x/group-based-policy
Code Issues Proposed changes

Remove unused clean session context wrapper

Browse Source 
And all uses of clean_session flag.

Change-Id: Ia34ef573bfa3736552519e8423882bea9e4ee8b1
(cherry picked from commit 58fd84ddea)
This commit is contained in:
Sumit Naiksatam
2017-03-22 21:25:52 -07:00
parent b6ea03fd69
commit eaff07246e
7 changed files with 307 additions and 487 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
gbpservice/common/utils.py
View File

@@ -10,8 +10,6 @@
# License for the specific language governing permissions and limitations
# under the License.
import contextlib
from neutron._i18n import _
from neutron._i18n import _LE
from neutron import context as n_ctx
@@ -24,17 +22,6 @@ LOG = logging.getLogger(__name__)
cfg.CONF.import_group('keystone_authtoken', 'keystonemiddleware.auth_token')
@contextlib.contextmanager
def clean_session(session):
# TODO(tbachman): the expunge_all() calls before and after
# the yield have been removed in order to test that they are
# no longer needed. The yield was kept in place for now, which
# makes the clean_session a No-Op. Once testing has validated
# that these can be removed, then a subsequent patch is needed
# to remove this (now-unused) infrastructure.
yield
def get_resource_plural(resource):
if resource.endswith('y'):
resource_plural = resource.replace('y', 'ies')

452
gbpservice/network/neutronv2/local_api.py
View File

@@ -27,7 +27,6 @@ from oslo_config import cfg
from oslo_log import log as logging
from oslo_utils import excutils
from gbpservice.common import utils
from gbpservice.neutron.extensions import group_policy as gp_ext
from gbpservice.neutron.extensions import servicechain as sc_ext
from gbpservice.neutron.services.grouppolicy.common import exceptions as exc
@@ -88,15 +87,6 @@ def discard_notifications_after_rollback(session):
session.notification_queue.pop(session.transaction, None)
class dummy_context_mgr(object):
def __enter__(self):
return None
def __exit__(self, exc_type, exc_value, traceback):
return False
class LocalAPI(object):
"""API for interacting with the neutron Plugins directly."""
@@ -177,87 +167,75 @@ class LocalAPI(object):
'notify', args)
def _create_resource(self, plugin, context, resource, attrs,
do_notify=True, clean_session=True):
do_notify=True):
# REVISIT(rkukura): Do create.start notification?
# REVISIT(rkukura): Check authorization?
with utils.clean_session(context.session) if clean_session else (
dummy_context_mgr()):
reservation = None
if plugin in [self._group_policy_plugin,
self._servicechain_plugin]:
reservation = quota.QUOTAS.make_reservation(
context, context.tenant_id, {resource: 1}, plugin)
action = 'create_' + resource
obj_creator = getattr(plugin, action)
try:
obj = obj_creator(context, {resource: attrs})
except Exception:
# In case of failure the plugin will always raise an
# exception. Cancel the reservation
with excutils.save_and_reraise_exception():
if reservation:
quota.QUOTAS.cancel_reservation(
context, reservation.reservation_id)
if reservation:
quota.QUOTAS.commit_reservation(
context, reservation.reservation_id)
# At this point the implicit resource creation is successfull,
# so we should be calling:
# resource_registry.set_resources_dirty(context)
# to appropriately notify the quota engine. However, the above
# call begins a new transaction and we want to avoid that.
# Moreover, it can be safely assumed that any implicit resource
# creation via this local_api is always in response to an
# explicit resource creation request, and hence the above
# method will be invoked in the API layer.
if do_notify:
self._process_notifications(context, action, resource, obj)
reservation = None
if plugin in [self._group_policy_plugin,
self._servicechain_plugin]:
reservation = quota.QUOTAS.make_reservation(
context, context.tenant_id, {resource: 1}, plugin)
action = 'create_' + resource
obj_creator = getattr(plugin, action)
try:
obj = obj_creator(context, {resource: attrs})
except Exception:
# In case of failure the plugin will always raise an
# exception. Cancel the reservation
with excutils.save_and_reraise_exception():
if reservation:
quota.QUOTAS.cancel_reservation(
context, reservation.reservation_id)
if reservation:
quota.QUOTAS.commit_reservation(
context, reservation.reservation_id)
# At this point the implicit resource creation is successfull,
# so we should be calling:
# resource_registry.set_resources_dirty(context)
# to appropriately notify the quota engine. However, the above
# call begins a new transaction and we want to avoid that.
# Moreover, it can be safely assumed that any implicit resource
# creation via this local_api is always in response to an
# explicit resource creation request, and hence the above
# method will be invoked in the API layer.
if do_notify:
self._process_notifications(context, action, resource, obj)
return obj
def _update_resource(self, plugin, context, resource, resource_id, attrs,
do_notify=True, clean_session=True):
do_notify=True):
# REVISIT(rkukura): Do update.start notification?
# REVISIT(rkukura): Check authorization?
with utils.clean_session(context.session) if clean_session else (
dummy_context_mgr()):
obj_getter = getattr(plugin, 'get_' + resource)
orig_obj = obj_getter(context, resource_id)
action = 'update_' + resource
obj_updater = getattr(plugin, action)
obj = obj_updater(context, resource_id, {resource: attrs})
if do_notify:
self._process_notifications(context, action, resource, obj,
orig_obj)
obj_getter = getattr(plugin, 'get_' + resource)
orig_obj = obj_getter(context, resource_id)
action = 'update_' + resource
obj_updater = getattr(plugin, action)
obj = obj_updater(context, resource_id, {resource: attrs})
if do_notify:
self._process_notifications(context, action, resource, obj,
orig_obj)
return obj
def _delete_resource(self, plugin, context, resource, resource_id,
do_notify=True, clean_session=True):
do_notify=True):
# REVISIT(rkukura): Do delete.start notification?
# REVISIT(rkukura): Check authorization?
with utils.clean_session(context.session) if clean_session else (
dummy_context_mgr()):
obj_getter = getattr(plugin, 'get_' + resource)
obj = obj_getter(context, resource_id)
action = 'delete_' + resource
obj_deleter = getattr(plugin, action)
obj_deleter(context, resource_id)
if do_notify:
self._process_notifications(context, action, resource, obj)
obj_getter = getattr(plugin, 'get_' + resource)
obj = obj_getter(context, resource_id)
action = 'delete_' + resource
obj_deleter = getattr(plugin, action)
obj_deleter(context, resource_id)
if do_notify:
self._process_notifications(context, action, resource, obj)
def _get_resource(self, plugin, context, resource, resource_id,
clean_session=True):
with utils.clean_session(context.session) if clean_session else (
dummy_context_mgr()):
obj_getter = getattr(plugin, 'get_' + resource)
obj = obj_getter(context, resource_id)
def _get_resource(self, plugin, context, resource, resource_id):
obj_getter = getattr(plugin, 'get_' + resource)
obj = obj_getter(context, resource_id)
return obj
def _get_resources(self, plugin, context, resource_plural, filters=None,
clean_session=True):
with utils.clean_session(context.session) if clean_session else (
dummy_context_mgr()):
obj_getter = getattr(plugin, 'get_' + resource_plural)
obj = obj_getter(context, filters)
def _get_resources(self, plugin, context, resource_plural, filters=None):
obj_getter = getattr(plugin, 'get_' + resource_plural)
obj = obj_getter(context, filters)
return obj
# The following methods perform the necessary subset of
@@ -267,121 +245,107 @@ class LocalAPI(object):
# neutronclient is also a possibility, but presents significant
# issues to unit testing as well as overhead and failure modes.
def _get_port(self, plugin_context, port_id, clean_session=True):
def _get_port(self, plugin_context, port_id):
return self._get_resource(self._core_plugin, plugin_context, 'port',
port_id, clean_session=clean_session)
port_id)
def _get_ports(self, plugin_context, filters=None, clean_session=True):
def _get_ports(self, plugin_context, filters=None):
filters = filters or {}
return self._get_resources(self._core_plugin, plugin_context, 'ports',
filters, clean_session=clean_session)
filters)
def _create_port(self, plugin_context, attrs, clean_session=True):
def _create_port(self, plugin_context, attrs):
return self._create_resource(self._core_plugin, plugin_context, 'port',
attrs, clean_session=clean_session)
attrs)
def _update_port(self, plugin_context, port_id, attrs, clean_session=True):
def _update_port(self, plugin_context, port_id, attrs):
return self._update_resource(self._core_plugin, plugin_context, 'port',
port_id, attrs,
clean_session=clean_session)
port_id, attrs)
def _delete_port(self, plugin_context, port_id, clean_session=True):
def _delete_port(self, plugin_context, port_id):
try:
self._delete_resource(self._core_plugin,
plugin_context, 'port', port_id,
clean_session=clean_session)
plugin_context, 'port', port_id)
except n_exc.PortNotFound:
LOG.warning(_LW('Port %s already deleted'), port_id)
def _get_subnet(self, plugin_context, subnet_id, clean_session=True):
def _get_subnet(self, plugin_context, subnet_id):
return self._get_resource(self._core_plugin, plugin_context, 'subnet',
subnet_id, clean_session=clean_session)
subnet_id)
def _get_subnets(self, plugin_context, filters=None, clean_session=True):
def _get_subnets(self, plugin_context, filters=None):
filters = filters or {}
return self._get_resources(self._core_plugin, plugin_context,
'subnets', filters,
clean_session=clean_session)
'subnets', filters)
def _create_subnet(self, plugin_context, attrs, clean_session=True):
def _create_subnet(self, plugin_context, attrs):
return self._create_resource(self._core_plugin, plugin_context,
'subnet', attrs,
clean_session=clean_session)
'subnet', attrs)
def _update_subnet(self, plugin_context, subnet_id, attrs,
clean_session=True):
def _update_subnet(self, plugin_context, subnet_id, attrs):
return self._update_resource(self._core_plugin, plugin_context,
'subnet', subnet_id, attrs,
clean_session=clean_session)
'subnet', subnet_id, attrs)
def _delete_subnet(self, plugin_context, subnet_id, clean_session=True):
def _delete_subnet(self, plugin_context, subnet_id):
try:
self._delete_resource(self._core_plugin, plugin_context, 'subnet',
subnet_id, clean_session=clean_session)
subnet_id)
except n_exc.SubnetNotFound:
LOG.warning(_LW('Subnet %s already deleted'), subnet_id)
def _get_network(self, plugin_context, network_id, clean_session=True):
def _get_network(self, plugin_context, network_id):
return self._get_resource(self._core_plugin, plugin_context, 'network',
network_id, clean_session=clean_session)
network_id)
def _get_networks(self, plugin_context, filters=None, clean_session=True):
def _get_networks(self, plugin_context, filters=None):
filters = filters or {}
return self._get_resources(
self._core_plugin, plugin_context, 'networks', filters,
clean_session=clean_session)
self._core_plugin, plugin_context, 'networks', filters)
def _create_network(self, plugin_context, attrs, clean_session=True):
def _create_network(self, plugin_context, attrs):
return self._create_resource(self._core_plugin, plugin_context,
'network', attrs, True,
clean_session=clean_session)
'network', attrs, True)
def _update_network(self, plugin_context, network_id, attrs,
clean_session=True):
def _update_network(self, plugin_context, network_id, attrs):
return self._update_resource(self._core_plugin, plugin_context,
'network', network_id, attrs,
clean_session=clean_session)
'network', network_id, attrs)
def _delete_network(self, plugin_context, network_id, clean_session=True):
def _delete_network(self, plugin_context, network_id):
try:
self._delete_resource(self._core_plugin, plugin_context,
'network', network_id,
clean_session=clean_session)
'network', network_id)
except n_exc.NetworkNotFound:
LOG.warning(_LW('Network %s already deleted'), network_id)
def _get_router(self, plugin_context, router_id, clean_session=True):
def _get_router(self, plugin_context, router_id):
return self._get_resource(self._l3_plugin, plugin_context, 'router',
router_id, clean_session=clean_session)
router_id)
def _get_routers(self, plugin_context, filters=None, clean_session=True):
def _get_routers(self, plugin_context, filters=None):
filters = filters or {}
return self._get_resources(self._l3_plugin, plugin_context, 'routers',
filters, clean_session=clean_session)
filters)
def _create_router(self, plugin_context, attrs, clean_session=True):
def _create_router(self, plugin_context, attrs):
return self._create_resource(self._l3_plugin, plugin_context, 'router',
attrs, clean_session=clean_session)
attrs)
def _update_router(self, plugin_context, router_id, attrs,
clean_session=True):
def _update_router(self, plugin_context, router_id, attrs):
return self._update_resource(self._l3_plugin, plugin_context, 'router',
router_id, attrs,
clean_session=clean_session)
router_id, attrs)
def _add_router_interface(self, plugin_context, router_id, interface_info):
self._l3_plugin.add_router_interface(plugin_context,
router_id, interface_info)
def _remove_router_interface(self, plugin_context, router_id,
interface_info, clean_session=True):
interface_info):
# To detach Router interface either port ID or Subnet ID is mandatory
key = 'port_id' if 'port_id' in interface_info else 'subnet_id'
fixed_ips_filter = {key: [interface_info.get(key)]}
filters = {'device_id': [router_id],
'fixed_ips': fixed_ips_filter}
ports = self._get_ports(plugin_context, filters=filters,
clean_session=clean_session)
ports = self._get_ports(plugin_context, filters=filters)
try:
self._l3_plugin.remove_router_interface(plugin_context, router_id,
@@ -399,85 +363,75 @@ class LocalAPI(object):
{'port': ports[0]},
'port' + '.delete.end')
def _add_router_gw_interface(self, plugin_context, router_id, gw_info,
clean_session=True):
def _add_router_gw_interface(self, plugin_context, router_id, gw_info):
return self._l3_plugin.update_router(
plugin_context, router_id,
{'router': {'external_gateway_info': gw_info}})
def _remove_router_gw_interface(self, plugin_context, router_id,
interface_info, clean_session=True):
interface_info):
self._l3_plugin.update_router(
plugin_context, router_id,
{'router': {'external_gateway_info': None}})
def _delete_router(self, plugin_context, router_id, clean_session=True):
def _delete_router(self, plugin_context, router_id):
try:
self._delete_resource(self._l3_plugin, plugin_context, 'router',
router_id, clean_session=clean_session)
router_id)
except l3.RouterNotFound:
LOG.warning(_LW('Router %s already deleted'), router_id)
def _get_sg(self, plugin_context, sg_id, clean_session=True):
def _get_sg(self, plugin_context, sg_id):
return self._get_resource(
self._core_plugin, plugin_context, 'security_group', sg_id,
clean_session=clean_session)
self._core_plugin, plugin_context, 'security_group', sg_id)
def _get_sgs(self, plugin_context, filters=None, clean_session=True):
def _get_sgs(self, plugin_context, filters=None):
filters = filters or {}
return self._get_resources(
self._core_plugin, plugin_context, 'security_groups', filters,
clean_session=clean_session)
self._core_plugin, plugin_context, 'security_groups', filters)
def _create_sg(self, plugin_context, attrs, clean_session=True):
def _create_sg(self, plugin_context, attrs):
return self._create_resource(self._core_plugin, plugin_context,
'security_group', attrs,
clean_session=clean_session)
'security_group', attrs)
def _update_sg(self, plugin_context, sg_id, attrs, clean_session=True):
def _update_sg(self, plugin_context, sg_id, attrs):
return self._update_resource(self._core_plugin, plugin_context,
'security_group', sg_id, attrs,
clean_session=clean_session)
'security_group', sg_id, attrs)
def _delete_sg(self, plugin_context, sg_id, clean_session=True):
def _delete_sg(self, plugin_context, sg_id):
try:
self._delete_resource(self._core_plugin, plugin_context,
'security_group', sg_id,
clean_session=clean_session)
'security_group', sg_id)
except ext_sg.SecurityGroupNotFound:
LOG.warning(_LW('Security Group %s already deleted'), sg_id)
def _get_sg_rule(self, plugin_context, sg_rule_id, clean_session=True):
def _get_sg_rule(self, plugin_context, sg_rule_id):
return self._get_resource(
self._core_plugin, plugin_context, 'security_group_rule',
sg_rule_id, clean_session=clean_session)
sg_rule_id)
def _get_sg_rules(self, plugin_context, filters=None, clean_session=True):
def _get_sg_rules(self, plugin_context, filters=None):
filters = filters or {}
return self._get_resources(
self._core_plugin, plugin_context, 'security_group_rules', filters,
clean_session=clean_session)
self._core_plugin, plugin_context, 'security_group_rules', filters)
def _create_sg_rule(self, plugin_context, attrs, clean_session=True):
def _create_sg_rule(self, plugin_context, attrs):
try:
return self._create_resource(self._core_plugin, plugin_context,
'security_group_rule', attrs,
clean_session=clean_session)
'security_group_rule', attrs)
except ext_sg.SecurityGroupRuleExists as ex:
LOG.warning(_LW('Security Group already exists %s'), ex.message)
return
def _update_sg_rule(self, plugin_context, sg_rule_id, attrs,
clean_session=True):
def _update_sg_rule(self, plugin_context, sg_rule_id, attrs):
return self._update_resource(self._core_plugin, plugin_context,
'security_group_rule', sg_rule_id,
attrs, clean_session=clean_session)
attrs)
def _delete_sg_rule(self, plugin_context, sg_rule_id, clean_session=True):
def _delete_sg_rule(self, plugin_context, sg_rule_id):
try:
self._delete_resource(self._core_plugin, plugin_context,
'security_group_rule', sg_rule_id,
clean_session=clean_session)
'security_group_rule', sg_rule_id)
except ext_sg.SecurityGroupRuleNotFound:
LOG.warning(_LW('Security Group Rule %s already deleted'),
sg_rule_id)
@@ -506,134 +460,100 @@ class LocalAPI(object):
except l3.FloatingIPNotFound:
LOG.warning(_LW('Floating IP %s Already deleted'), fip_id)
def _get_address_scope(self, plugin_context, address_scope_id,
clean_session=True):
def _get_address_scope(self, plugin_context, address_scope_id):
return self._get_resource(self._core_plugin, plugin_context,
'address_scope', address_scope_id,
clean_session=clean_session)
'address_scope', address_scope_id)
def _get_address_scopes(self, plugin_context, filters=None,
clean_session=True):
def _get_address_scopes(self, plugin_context, filters=None):
filters = filters or {}
return self._get_resources(self._core_plugin, plugin_context,
'address_scopes', filters,
clean_session=clean_session)
'address_scopes', filters)
def _create_address_scope(self, plugin_context, attrs,
clean_session=True):
def _create_address_scope(self, plugin_context, attrs):
return self._create_resource(self._core_plugin, plugin_context,
'address_scope', attrs,
clean_session=clean_session)
'address_scope', attrs)
def _update_address_scope(self, plugin_context, address_scope_id, attrs,
clean_session=True):
def _update_address_scope(self, plugin_context, address_scope_id, attrs):
return self._update_resource(self._core_plugin, plugin_context,
'address_scope', address_scope_id, attrs,
clean_session=clean_session)
'address_scope', address_scope_id, attrs)
def _delete_address_scope(self, plugin_context, address_scope_id,
clean_session=True):
def _delete_address_scope(self, plugin_context, address_scope_id):
try:
self._delete_resource(self._core_plugin, plugin_context,
'address_scope', address_scope_id,
clean_session=clean_session)
'address_scope', address_scope_id)
except address_scope.AddressScopeNotFound:
LOG.warning(_LW('Address Scope %s already deleted'),
address_scope_id)
def _get_subnetpool(self, plugin_context, subnetpool_id,
clean_session=True):
def _get_subnetpool(self, plugin_context, subnetpool_id):
return self._get_resource(self._core_plugin, plugin_context,
'subnetpool', subnetpool_id,
clean_session=clean_session)
'subnetpool', subnetpool_id)
def _get_subnetpools(self, plugin_context, filters=None,
clean_session=True):
def _get_subnetpools(self, plugin_context, filters=None):
filters = filters or {}
return self._get_resources(self._core_plugin, plugin_context,
'subnetpools', filters,
clean_session=clean_session)
'subnetpools', filters)
def _create_subnetpool(self, plugin_context, attrs,
clean_session=True):
def _create_subnetpool(self, plugin_context, attrs):
return self._create_resource(self._core_plugin, plugin_context,
'subnetpool', attrs,
clean_session=clean_session)
'subnetpool', attrs)
def _update_subnetpool(self, plugin_context, subnetpool_id, attrs,
clean_session=True):
def _update_subnetpool(self, plugin_context, subnetpool_id, attrs):
return self._update_resource(self._core_plugin, plugin_context,
'subnetpool', subnetpool_id, attrs,
clean_session=clean_session)
'subnetpool', subnetpool_id, attrs)
def _delete_subnetpool(self, plugin_context, subnetpool_id,
clean_session=True):
def _delete_subnetpool(self, plugin_context, subnetpool_id):
try:
self._delete_resource(self._core_plugin, plugin_context,
'subnetpool', subnetpool_id,
clean_session=clean_session)
'subnetpool', subnetpool_id)
except n_exc.SubnetpoolNotFound:
LOG.warning(_LW('Subnetpool %s already deleted'), subnetpool_id)
def _get_l2_policy(self, plugin_context, l2p_id, clean_session=True):
def _get_l2_policy(self, plugin_context, l2p_id):
return self._get_resource(self._group_policy_plugin, plugin_context,
'l2_policy', l2p_id,
clean_session=clean_session)
'l2_policy', l2p_id)
def _get_l2_policies(self, plugin_context, filters=None,
clean_session=True):
def _get_l2_policies(self, plugin_context, filters=None):
filters = filters or {}
return self._get_resources(self._group_policy_plugin, plugin_context,
'l2_policies', filters,
clean_session=clean_session)
'l2_policies', filters)
def _create_l2_policy(self, plugin_context, attrs, clean_session=True):
def _create_l2_policy(self, plugin_context, attrs):
return self._create_resource(self._group_policy_plugin, plugin_context,
'l2_policy', attrs, False,
clean_session=clean_session)
'l2_policy', attrs, False)
def _update_l2_policy(self, plugin_context, l2p_id, attrs,
clean_session=True):
def _update_l2_policy(self, plugin_context, l2p_id, attrs):
return self._update_resource(self._group_policy_plugin, plugin_context,
'l2_policy', l2p_id, attrs, False,
clean_session=clean_session)
'l2_policy', l2p_id, attrs, False)
def _delete_l2_policy(self, plugin_context, l2p_id, clean_session=True):
def _delete_l2_policy(self, plugin_context, l2p_id):
try:
self._delete_resource(self._group_policy_plugin,
plugin_context, 'l2_policy', l2p_id, False,
clean_session=clean_session)
plugin_context, 'l2_policy', l2p_id, False)
except gp_ext.L2PolicyNotFound:
LOG.warning(_LW('L2 Policy %s already deleted'), l2p_id)
def _get_l3_policy(self, plugin_context, l3p_id, clean_session=True):
def _get_l3_policy(self, plugin_context, l3p_id):
return self._get_resource(self._group_policy_plugin, plugin_context,
'l3_policy', l3p_id,
clean_session=clean_session)
'l3_policy', l3p_id)
def _get_l3_policies(self, plugin_context, filters=None,
clean_session=True):
def _get_l3_policies(self, plugin_context, filters=None):
filters = filters or {}
return self._get_resources(self._group_policy_plugin, plugin_context,
'l3_policies', filters,
clean_session=clean_session)
'l3_policies', filters)
def _create_l3_policy(self, plugin_context, attrs, clean_session=True):
def _create_l3_policy(self, plugin_context, attrs):
return self._create_resource(self._group_policy_plugin, plugin_context,
'l3_policy', attrs, False,
clean_session=clean_session)
'l3_policy', attrs, False)
def _update_l3_policy(self, plugin_context, l3p_id, attrs,
clean_session=True):
def _update_l3_policy(self, plugin_context, l3p_id, attrs):
return self._update_resource(self._group_policy_plugin, plugin_context,
'l3_policy', l3p_id, attrs, False,
clean_session=clean_session)
'l3_policy', l3p_id, attrs, False)
def _delete_l3_policy(self, plugin_context, l3p_id, clean_session=True):
def _delete_l3_policy(self, plugin_context, l3p_id):
try:
self._delete_resource(self._group_policy_plugin,
plugin_context, 'l3_policy', l3p_id, False,
clean_session=clean_session)
plugin_context, 'l3_policy', l3p_id, False)
except gp_ext.L3PolicyNotFound:
LOG.warning(_LW('L3 Policy %s already deleted'), l3p_id)
@@ -758,67 +678,51 @@ class LocalAPI(object):
except sc_ext.ServiceChainSpecNotFound:
LOG.warning(_LW("servicechain spec %s already deleted"), scs_id)
def _get_policy_target(self, plugin_context, pt_id, clean_session=True):
def _get_policy_target(self, plugin_context, pt_id):
return self._get_resource(self._group_policy_plugin, plugin_context,
'policy_target', pt_id,
clean_session=clean_session)
'policy_target', pt_id)
def _get_policy_targets(self, plugin_context, filters=None,
clean_session=True):
def _get_policy_targets(self, plugin_context, filters=None):
filters = filters or {}
return self._get_resources(self._group_policy_plugin, plugin_context,
'policy_targets', filters,
clean_session=clean_session)
'policy_targets', filters)
def _create_policy_target(self, plugin_context, attrs, clean_session=True):
def _create_policy_target(self, plugin_context, attrs):
return self._create_resource(self._group_policy_plugin, plugin_context,
'policy_target', attrs, False,
clean_session=clean_session)
'policy_target', attrs, False)
def _update_policy_target(self, plugin_context, pt_id, attrs,
clean_session=True):
def _update_policy_target(self, plugin_context, pt_id, attrs):
return self._update_resource(self._group_policy_plugin, plugin_context,
'policy_target', pt_id, attrs, False,
clean_session=clean_session)
'policy_target', pt_id, attrs, False)
def _delete_policy_target(self, plugin_context, pt_id, clean_session=True):
def _delete_policy_target(self, plugin_context, pt_id):
try:
self._delete_resource(self._group_policy_plugin, plugin_context,
'policy_target', pt_id, False,
clean_session=clean_session)
'policy_target', pt_id, False)
except gp_ext.PolicyTargetNotFound:
LOG.warning(_LW('Policy Rule Set %s already deleted'), pt_id)
def _get_policy_target_group(self, plugin_context, ptg_id,
clean_session=True):
def _get_policy_target_group(self, plugin_context, ptg_id):
return self._get_resource(self._group_policy_plugin, plugin_context,
'policy_target_group', ptg_id,
clean_session=clean_session)
'policy_target_group', ptg_id)
def _get_policy_target_groups(self, plugin_context, filters=None,
clean_session=True):
def _get_policy_target_groups(self, plugin_context, filters=None):
filters = filters or {}
return self._get_resources(self._group_policy_plugin, plugin_context,
'policy_target_groups', filters,
clean_session=clean_session)
'policy_target_groups', filters)
def _create_policy_target_group(self, plugin_context, attrs,
clean_session=True):
def _create_policy_target_group(self, plugin_context, attrs):
return self._create_resource(self._group_policy_plugin, plugin_context,
'policy_target_group', attrs, False,
clean_session=clean_session)
'policy_target_group', attrs, False)
def _update_policy_target_group(self, plugin_context, ptg_id, attrs,
clean_session=True):
def _update_policy_target_group(self, plugin_context, ptg_id, attrs):
return self._update_resource(self._group_policy_plugin, plugin_context,
'policy_target_group', ptg_id, attrs,
False, clean_session=clean_session)
False)
def _delete_policy_target_group(self, plugin_context, ptg_id,
clean_session=True):
def _delete_policy_target_group(self, plugin_context, ptg_id):
try:
self._delete_resource(self._group_policy_plugin, plugin_context,
'policy_target_group', ptg_id,
clean_session=clean_session)
'policy_target_group', ptg_id)
except sc_ext.ServiceChainSpecNotFound:
LOG.warning(_LW("Policy Target Group %s already deleted"), ptg_id)

118
gbpservice/neutron/services/grouppolicy/drivers/cisco/apic/aim_mapping.py
View File

@@ -245,7 +245,7 @@ class AIMMappingDriver(nrd.CommonNeutronBase, aim_rpc.AIMMappingRPCMixin):
if not l3p[ascp]:
# REVISIT: For dual stack.
# This logic assumes either 4 or 6 but not both
self._use_implicit_address_scope(context, clean_session=False)
self._use_implicit_address_scope(context)
l3p_db[ascp] = l3p[ascp]
else:
# TODO(Sumit): check that l3p['ip_pool'] does not overlap with an
@@ -256,7 +256,7 @@ class AIMMappingDriver(nrd.CommonNeutronBase, aim_rpc.AIMMappingRPCMixin):
# In the case of explicitly provided address_scope, set shared
# flag of L3P to that of the explicit address_scope
ascp_db = self._get_address_scope(
context._plugin_context, l3p[ascp], clean_session=False)
context._plugin_context, l3p[ascp])
l3p_db['shared'] = ascp_db['shared']
context.current['shared'] = l3p_db['shared']
@@ -267,14 +267,14 @@ class AIMMappingDriver(nrd.CommonNeutronBase, aim_rpc.AIMMappingRPCMixin):
# This logic assumes either 4 or 6 but not both
self._use_implicit_subnetpool(
context, address_scope_id=l3p_db[ascp],
ip_version=l3p_db['ip_version'], clean_session=False)
ip_version=l3p_db['ip_version'])
else:
self._configure_l3p_for_multiple_subnetpools(context, l3p_db)
# In the case of explicitly provided subnetpool(s) set shared
# flag of L3P to that of the address_scope associated with the
# subnetpool(s)
ascp_db = self._get_address_scope(
context._plugin_context, l3p_db[ascp], clean_session=False)
context._plugin_context, l3p_db[ascp])
l3p_db['shared'] = ascp_db['shared']
context.current['shared'] = l3p_db['shared']
@@ -286,9 +286,9 @@ class AIMMappingDriver(nrd.CommonNeutronBase, aim_rpc.AIMMappingRPCMixin):
# AIM driver, and since the AIM driver is the only
# driver inheriting from this driver, we are okay
# without the check.
self._reject_invalid_router_access(context, clean_session=False)
self._reject_invalid_router_access(context)
if not l3p['routers']:
self._use_implicit_router(context, clean_session=False)
self._use_implicit_router(context)
if not context.current['external_segments']:
self._use_implicit_external_segment(context)
external_segments = context.current['external_segments']
@@ -308,7 +308,7 @@ class AIMMappingDriver(nrd.CommonNeutronBase, aim_rpc.AIMMappingRPCMixin):
raise exc.L3PolicyRoutersUpdateNotSupported()
# Currently there is no support for router update in l3p update.
# Added this check just in case it is supported in future.
self._reject_invalid_router_access(context, clean_session=False)
self._reject_invalid_router_access(context)
self._validate_in_use_by_nsp(context)
@@ -331,8 +331,7 @@ class AIMMappingDriver(nrd.CommonNeutronBase, aim_rpc.AIMMappingRPCMixin):
subnetpool_id=sp_id, l3p_id=context.current['id'])
# If an implicitly created subnetpool is being disassocaited
# we try to delete it
self._cleanup_subnetpool(context._plugin_context, sp_id,
clean_session=False)
self._cleanup_subnetpool(context._plugin_context, sp_id)
# TODO(Sumit): For extra safety add validation for address_scope change
self._check_l3policy_ext_segment(context, context.current)
@@ -369,19 +368,16 @@ class AIMMappingDriver(nrd.CommonNeutronBase, aim_rpc.AIMMappingRPCMixin):
context._plugin)._remove_subnetpool_from_l3_policy(
context._plugin_context, l3p_db['id'], sp_id,
ip_version=k)
self._cleanup_subnetpool(context._plugin_context, sp_id,
clean_session=False)
self._cleanup_subnetpool(context._plugin_context, sp_id)
for ascp in ADDR_SCOPE_KEYS:
if l3p_db[ascp]:
ascp_id = l3p_db[ascp]
l3p_db.update({ascp: None})
self._cleanup_address_scope(context._plugin_context, ascp_id,
clean_session=False)
self._cleanup_address_scope(context._plugin_context, ascp_id)
for router_id in context.current['routers']:
self._db_plugin(context._plugin)._remove_router_from_l3_policy(
context._plugin_context, l3p_db['id'], router_id)
self._cleanup_router(context._plugin_context, router_id,
clean_session=False)
self._cleanup_router(context._plugin_context, router_id)
@log.log_method_call
def get_l3_policy_status(self, context):
@@ -400,7 +396,7 @@ class AIMMappingDriver(nrd.CommonNeutronBase, aim_rpc.AIMMappingRPCMixin):
if l3p_db[ascp]:
ascp_id = l3p_db[ascp]
ascope = self._get_address_scope(
context._plugin_context, ascp_id, clean_session=False)
context._plugin_context, ascp_id)
vrf_dn = ascope['apic:distinguished_names']['VRF']
aim_vrf = self._get_vrf_by_dn(context, vrf_dn)
mapped_aim_resources.append(aim_vrf)
@@ -411,8 +407,7 @@ class AIMMappingDriver(nrd.CommonNeutronBase, aim_rpc.AIMMappingRPCMixin):
# shared L3P cases wherein the call to get_l3_policy might be
# made in the context of a different tenant
router = self._get_router(
context._plugin_context.elevated(), router_id,
clean_session=False)
context._plugin_context.elevated(), router_id)
mapped_status.append(
{'status': self._map_ml2plus_status(router)})
@@ -427,20 +422,18 @@ class AIMMappingDriver(nrd.CommonNeutronBase, aim_rpc.AIMMappingRPCMixin):
l2p_db = context._plugin._get_l2_policy(
context._plugin_context, context.current['id'])
if not context.current['l3_policy_id']:
self._create_implicit_l3_policy(context, clean_session=False)
self._create_implicit_l3_policy(context)
l2p_db['l3_policy_id'] = context.current['l3_policy_id']
l3p_db = context._plugin._get_l3_policy(
context._plugin_context, l2p_db['l3_policy_id'])
if not context.current['network_id']:
self._use_implicit_network(
context, address_scope_v4=l3p_db['address_scope_v4_id'],
address_scope_v6=l3p_db['address_scope_v6_id'],
clean_session=False)
address_scope_v6=l3p_db['address_scope_v6_id'])
l2p_db['network_id'] = context.current['network_id']
l2p = context.current
net = self._get_network(context._plugin_context,
l2p['network_id'],
clean_session=False)
l2p['network_id'])
default_epg_dn = net['apic:distinguished_names']['EndpointGroup']
# get_l2_policies_count returns a count including shared resources,
# hence we need to filter on the tenant_id
@@ -474,7 +467,7 @@ class AIMMappingDriver(nrd.CommonNeutronBase, aim_rpc.AIMMappingRPCMixin):
self._map_policy_enforcement_pref(default_epg),
}
self._create_policy_target_group(
context._plugin_context, data, clean_session=False)
context._plugin_context, data)
@log.log_method_call
def delete_l2_policy_precommit(self, context):
@@ -482,8 +475,7 @@ class AIMMappingDriver(nrd.CommonNeutronBase, aim_rpc.AIMMappingRPCMixin):
l2p_db = context._plugin._get_l2_policy(
context._plugin_context, l2p_id)
net = self._get_network(context._plugin_context,
l2p_db['network_id'],
clean_session=False)
l2p_db['network_id'])
default_epg_dn = net['apic:distinguished_names']['EndpointGroup']
auto_ptg_id = self._get_auto_ptg_id(l2p_id)
try:
@@ -520,8 +512,7 @@ class AIMMappingDriver(nrd.CommonNeutronBase, aim_rpc.AIMMappingRPCMixin):
l2p_db = context._plugin._get_l2_policy(
context._plugin_context, context.current['id'])
net = self._get_network(context._plugin_context,
l2p_db['network_id'],
clean_session=False)
l2p_db['network_id'])
if net:
context.current['status'] = net['status']
@@ -559,7 +550,7 @@ class AIMMappingDriver(nrd.CommonNeutronBase, aim_rpc.AIMMappingRPCMixin):
raise alib.ExplicitSubnetAssociationNotSupported()
if not context.current['l2_policy_id']:
self._create_implicit_l2_policy(context, clean_session=False)
self._create_implicit_l2_policy(context)
ptg_db = context._plugin._get_policy_target_group(
context._plugin_context, context.current['id'])
ptg_db['l2_policy_id'] = l2p_id = context.current['l2_policy_id']
@@ -570,8 +561,7 @@ class AIMMappingDriver(nrd.CommonNeutronBase, aim_rpc.AIMMappingRPCMixin):
context._plugin_context, l2p_id)
net = self._get_network(
context._plugin_context, l2p_db['network_id'],
clean_session=False)
context._plugin_context, l2p_db['network_id'])
self._use_implicit_subnet(context)
@@ -687,7 +677,7 @@ class AIMMappingDriver(nrd.CommonNeutronBase, aim_rpc.AIMMappingRPCMixin):
if not l2p_db['policy_target_groups'] or (
(len(l2p_db['policy_target_groups']) == 1) and (
self._is_auto_ptg(l2p_db['policy_target_groups'][0]))):
self._cleanup_l2_policy(context, l2p_id, clean_session=False)
self._cleanup_l2_policy(context, l2p_id)
if ptg_db['network_service_policy_id']:
ptg_db.update({'network_service_policy_id': None})
@@ -735,16 +725,13 @@ class AIMMappingDriver(nrd.CommonNeutronBase, aim_rpc.AIMMappingRPCMixin):
@log.log_method_call
def create_policy_target_precommit(self, context):
ptg = self._get_policy_target_group(
context._plugin_context, context.current['policy_target_group_id'],
clean_session=False)
context._plugin_context, context.current['policy_target_group_id'])
policy.enforce(context._plugin_context, 'get_policy_target_group',
ptg, pluralized='policy_target_groups')
if not context.current['port_id']:
subnets = self._get_subnets(
context._plugin_context, {'id': ptg['subnets']},
clean_session=False)
self._use_implicit_port(context, subnets=subnets,
clean_session=False)
context._plugin_context, {'id': ptg['subnets']})
self._use_implicit_port(context, subnets=subnets)
self._associate_fip_to_pt(context)
@log.log_method_call
@@ -993,8 +980,7 @@ class AIMMappingDriver(nrd.CommonNeutronBase, aim_rpc.AIMMappingRPCMixin):
for x in context.current['external_routes']])
self._update_network(context._plugin_context,
subnet['network_id'],
{cisco_apic.EXTERNAL_CIDRS: cidrs},
clean_session=False)
{cisco_apic.EXTERNAL_CIDRS: cidrs})
@log.log_method_call
def update_external_segment_precommit(self, context):
@@ -1013,8 +999,7 @@ class AIMMappingDriver(nrd.CommonNeutronBase, aim_rpc.AIMMappingRPCMixin):
context.current['subnet_id'])
self._update_network(context._plugin_context,
subnet['network_id'],
{cisco_apic.EXTERNAL_CIDRS: new_cidrs},
clean_session=False)
{cisco_apic.EXTERNAL_CIDRS: new_cidrs})
@log.log_method_call
def delete_external_segment_precommit(self, context):
@@ -1022,8 +1007,7 @@ class AIMMappingDriver(nrd.CommonNeutronBase, aim_rpc.AIMMappingRPCMixin):
context.current['subnet_id'])
self._update_network(context._plugin_context,
subnet['network_id'],
{cisco_apic.EXTERNAL_CIDRS: ['0.0.0.0/0']},
clean_session=False)
{cisco_apic.EXTERNAL_CIDRS: ['0.0.0.0/0']})
@log.log_method_call
def create_external_policy_precommit(self, context):
@@ -1133,7 +1117,7 @@ class AIMMappingDriver(nrd.CommonNeutronBase, aim_rpc.AIMMappingRPCMixin):
sp_id = l3p_db[subpool][0]['subnetpool_id']
# admin context to retrieve subnetpools from a different tenant
sp = self._get_subnetpool(
context._plugin_context.elevated(), sp_id, clean_session=False)
context._plugin_context.elevated(), sp_id)
if not sp['address_scope_id']:
raise NoAddressScopeForSubnetpool()
if len(sp['prefixes']) == 1:
@@ -1149,8 +1133,7 @@ class AIMMappingDriver(nrd.CommonNeutronBase, aim_rpc.AIMMappingRPCMixin):
sp = self._get_subnetpool(
# admin context to retrieve subnetpools from
# other tenants
context._plugin_context.elevated(), sp_id,
clean_session=False)
context._plugin_context.elevated(), sp_id)
if not sp['address_scope_id']:
raise NoAddressScopeForSubnetpool()
if not sp_ascp:
@@ -1588,7 +1571,7 @@ class AIMMappingDriver(nrd.CommonNeutronBase, aim_rpc.AIMMappingRPCMixin):
display_name=display_name)
return bd
def _get_l2p_subnets(self, context, l2p_id, clean_session=False):
def _get_l2p_subnets(self, context, l2p_id):
plugin_context = context._plugin_context
l2p = context._plugin.get_l2_policy(plugin_context, l2p_id)
# REVISIT: The following should be a get_subnets call via local API
@@ -1612,8 +1595,7 @@ class AIMMappingDriver(nrd.CommonNeutronBase, aim_rpc.AIMMappingRPCMixin):
except gpolicy.PolicyTargetGroupNotFound as e:
LOG.warning(e)
def _use_implicit_subnet(self, context, force_add=False,
clean_session=False):
def _use_implicit_subnet(self, context, force_add=False):
"""Implicit subnet for AIM.
The first PTG in a L2P will allocate a new subnet from the L3P.
@@ -1633,8 +1615,7 @@ class AIMMappingDriver(nrd.CommonNeutronBase, aim_rpc.AIMMappingRPCMixin):
added = super(
AIMMappingDriver,
self)._use_implicit_subnet_from_subnetpool(
context, subnet_specifics={'name': name},
clean_session=clean_session)
context, subnet_specifics={'name': name})
context.add_subnets(subs - set(context.current['subnets']))
if added:
self._sync_ptg_subnets(context, l2p)
@@ -1839,8 +1820,7 @@ class AIMMappingDriver(nrd.CommonNeutronBase, aim_rpc.AIMMappingRPCMixin):
with session.begin(nested=True):
self._detach_router_from_subnets(
plugin_context, router_id, [subnet_id])
self._cleanup_subnet(plugin_context, subnet_id,
clean_session=False)
self._cleanup_subnet(plugin_context, subnet_id)
def _map_aim_status(self, session, aim_resource_obj):
# Note that this implementation assumes that this driver
@@ -2244,8 +2224,7 @@ class AIMMappingDriver(nrd.CommonNeutronBase, aim_rpc.AIMMappingRPCMixin):
self._detach_router_from_subnets(plugin_context, r['id'],
router_subs)
context.remove_router(r['id'])
self._cleanup_router(plugin_context, r['id'],
clean_session=False)
self._cleanup_router(plugin_context, r['id'])
def _get_router_interface_subnets(self, plugin_context, router_id):
router_ports = self._get_ports(plugin_context,
@@ -2259,8 +2238,7 @@ class AIMMappingDriver(nrd.CommonNeutronBase, aim_rpc.AIMMappingRPCMixin):
router_ports = self._get_ports(plugin_context,
filters={'device_owner': [n_constants.DEVICE_OWNER_ROUTER_INTF],
'device_id': [router_id],
'fixed_ips': {'subnet_id': [subnet_id]}},
clean_session=False)
'fixed_ips': {'subnet_id': [subnet_id]}})
return (router_ports or [None])[0]
def _attach_router_to_subnets(self, plugin_context, router_id, subs):
@@ -2285,8 +2263,7 @@ class AIMMappingDriver(nrd.CommonNeutronBase, aim_rpc.AIMMappingRPCMixin):
'name': '%s-%s' % (router_id, subnet['id']),
'admin_state_up': True}
try:
intf_port = self._create_port(plugin_context, attrs,
clean_session=False)
intf_port = self._create_port(plugin_context, attrs)
except n_exc.NeutronException:
with excutils.save_and_reraise_exception():
LOG.exception(_LE('Failed to create explicit router '
@@ -2298,8 +2275,7 @@ class AIMMappingDriver(nrd.CommonNeutronBase, aim_rpc.AIMMappingRPCMixin):
self._add_router_interface(plugin_context, router_id,
interface_info)
except n_exc.BadRequest:
self._delete_port(plugin_context, intf_port['id'],
clean_session=False)
self._delete_port(plugin_context, intf_port['id'])
with excutils.save_and_reraise_exception():
LOG.exception(_LE('Attaching router %(router)s to '
'%(subnet)s with explicit port '
@@ -2317,8 +2293,7 @@ class AIMMappingDriver(nrd.CommonNeutronBase, aim_rpc.AIMMappingRPCMixin):
# different tenants
self._remove_router_interface(plugin_context.elevated(),
router_id,
{'subnet_id': subnet_id},
clean_session=False)
{'subnet_id': subnet_id})
def _set_router_ext_contracts(self, context, router_id, ext_policy):
session = context._plugin_context.session
@@ -2331,8 +2306,7 @@ class AIMMappingDriver(nrd.CommonNeutronBase, aim_rpc.AIMMappingRPCMixin):
ext_policy['consumed_policy_rule_sets'])
attr = {cisco_apic_l3.EXTERNAL_PROVIDED_CONTRACTS: prov,
cisco_apic_l3.EXTERNAL_CONSUMED_CONTRACTS: cons}
self._update_router(context._plugin_context, router_id, attr,
clean_session=False)
self._update_router(context._plugin_context, router_id, attr)
def _get_ext_policy_routers(self, context, ext_policy, ext_seg_ids):
plugin_context = context._plugin_context
@@ -2399,8 +2373,7 @@ class AIMMappingDriver(nrd.CommonNeutronBase, aim_rpc.AIMMappingRPCMixin):
id=ptg_db['l2_policy_id']).first()
network_id = l2p_db['network_id']
admin_context = self._get_admin_context_reuse_session(session)
net = self._get_network(admin_context, network_id,
clean_session=False)
net = self._get_network(admin_context, network_id)
default_epg_dn = net['apic:distinguished_names']['EndpointGroup']
default_epg_name = self._get_epg_name_from_dn(
admin_context, default_epg_dn)
@@ -2416,10 +2389,9 @@ class AIMMappingDriver(nrd.CommonNeutronBase, aim_rpc.AIMMappingRPCMixin):
return self.aim_mech_driver.ap_name
def _get_default_security_group(self, plugin_context, ptg_id,
tenant_id, clean_session=True):
tenant_id):
filters = {'name': [DEFAULT_SG_NAME], 'tenant_id': [tenant_id]}
default_group = self._get_sgs(plugin_context, filters,
clean_session=clean_session)
default_group = self._get_sgs(plugin_context, filters)
return default_group[0]['id'] if default_group else None
def _create_default_security_group(self, plugin_context, tenant_id):
@@ -2438,11 +2410,11 @@ class AIMMappingDriver(nrd.CommonNeutronBase, aim_rpc.AIMMappingRPCMixin):
self._sg_rule(plugin_context, tenant_id, sg_id,
'egress', cidr=g, ethertype=v)
def _use_implicit_port(self, context, subnets=None, clean_session=True):
def _use_implicit_port(self, context, subnets=None):
self._create_default_security_group(context._plugin_context,
context.current['tenant_id'])
super(AIMMappingDriver, self)._use_implicit_port(
context, subnets=subnets, clean_session=clean_session)
context, subnets=subnets)
def _handle_create_network_service_policy(self, context):
self._validate_nat_pool_for_nsp(context)

3
gbpservice/neutron/services/grouppolicy/drivers/cisco/apic/apic_mapping.py
View File

@@ -3679,8 +3679,7 @@ class ApicMappingDriver(api.ResourceMappingDriver,
self.apic_manager.create_tenant_filter(
rule_name, owner=tenant, transaction=trs, entry=k, **v)
def _get_l3p_allocated_subnets(self, context, l3p_id,
clean_session=True):
def _get_l3p_allocated_subnets(self, context, l3p_id):
l2ps = self._get_l2_policies(context._plugin_context,
{'l3_policy_id': [l3p_id]})
subnets = [x['cidr'] for x in

22
gbpservice/neutron/services/grouppolicy/drivers/implicit_policy.py
View File

@@ -96,12 +96,11 @@ class ImplicitPolicyBase(api.PolicyDriver, local_api.LocalAPI):
gpproxy.default_proxy_subnet_prefix_length)
self._default_es_name = gpip.default_external_segment_name
def _create_implicit_l3_policy(self, context, clean_session=True):
def _create_implicit_l3_policy(self, context):
tenant_id = context.current['tenant_id']
filter = {'tenant_id': [tenant_id],
'name': [self._default_l3p_name]}
l3ps = self._get_l3_policies(context._plugin_context, filter,
clean_session)
l3ps = self._get_l3_policies(context._plugin_context, filter)
l3p = l3ps and l3ps[0]
if not l3p:
attrs = {'tenant_id': tenant_id,
@@ -118,8 +117,7 @@ class ImplicitPolicyBase(api.PolicyDriver, local_api.LocalAPI):
attrs['proxy_subnet_prefix_length'] = (
self._default_proxy_subnet_prefix_length)
try:
l3p = self._create_l3_policy(context._plugin_context, attrs,
clean_session)
l3p = self._create_l3_policy(context._plugin_context, attrs)
self._mark_l3_policy_owned(context._plugin_context.session,
l3p['id'])
except exc.DefaultL3PolicyAlreadyExists:
@@ -128,7 +126,7 @@ class ImplicitPolicyBase(api.PolicyDriver, local_api.LocalAPI):
LOG.debug("Possible concurrent creation of default L3 "
"policy for tenant %s", tenant_id)
l3ps = self._get_l3_policies(context._plugin_context,
filter, clean_session)
filter)
l3p = l3ps and l3ps[0]
if not l3p:
LOG.warning(_LW(
@@ -148,7 +146,7 @@ class ImplicitPolicyBase(api.PolicyDriver, local_api.LocalAPI):
self._create_implicit_l3_policy(context)
context.set_l3_policy_id(context.current['l3_policy_id'])
def _create_implicit_l2_policy(self, context, clean_session=True):
def _create_implicit_l2_policy(self, context):
attrs = {'tenant_id': context.current['tenant_id'],
'name': context.current['name'],
'description': _("Implicitly created L2 policy"),
@@ -163,8 +161,7 @@ class ImplicitPolicyBase(api.PolicyDriver, local_api.LocalAPI):
context._plugin_context, group['l2_policy_id'])
attrs['l3_policy_id'] = l2p['l3_policy_id']
l2p = self._create_l2_policy(context._plugin_context, attrs,
clean_session)
l2p = self._create_l2_policy(context._plugin_context, attrs)
context.current['l2_policy_id'] = l2p['id']
self._mark_l2_policy_owned(context._plugin_context.session, l2p['id'])
@@ -194,18 +191,17 @@ class ImplicitPolicyBase(api.PolicyDriver, local_api.LocalAPI):
filter_by(l3_policy_id=l3p_id).
first() is not None)
def _cleanup_l3_policy(self, context, l3p_id, clean_session=True):
def _cleanup_l3_policy(self, context, l3p_id):
if self._l3_policy_is_owned(context._plugin_context.session, l3p_id):
# REVISIT(rkukura): Add check_unused parameter to
# local_api._delete_l3_policy()?
context._plugin.delete_l3_policy(context._plugin_context, l3p_id,
check_unused=True)
def _cleanup_l2_policy(self, context, l2p_id, clean_session=True):
def _cleanup_l2_policy(self, context, l2p_id):
if self._l2_policy_is_owned(context._plugin_context.session, l2p_id):
try:
self._delete_l2_policy(context._plugin_context, l2p_id,
clean_session)
self._delete_l2_policy(context._plugin_context, l2p_id)
except gbp_ext.L2PolicyInUse:
LOG.info(_LI(
"Cannot delete implicit L2 Policy %s because it's "

10
gbpservice/neutron/services/grouppolicy/drivers/neutron_resources.py
View File

@@ -53,15 +53,14 @@ class CommonNeutronBase(ipd.ImplicitPolicyBase, rmd.OwnedResourcesOperations,
l2p_db = context._plugin._get_l2_policy(
context._plugin_context, context.current['id'])
if not context.current['l3_policy_id']:
self._create_implicit_l3_policy(context, clean_session=False)
self._create_implicit_l3_policy(context)
l2p_db['l3_policy_id'] = context.current['l3_policy_id']
l3p_db = context._plugin._get_l3_policy(
context._plugin_context, l2p_db['l3_policy_id'])
if not context.current['network_id']:
self._use_implicit_network(
context, address_scope_v4=l3p_db['address_scope_v4_id'],
address_scope_v6=l3p_db['address_scope_v6_id'],
clean_session=False)
address_scope_v6=l3p_db['address_scope_v6_id'])
l2p_db['network_id'] = context.current['network_id']
@log.log_method_call
@@ -80,12 +79,11 @@ class CommonNeutronBase(ipd.ImplicitPolicyBase, rmd.OwnedResourcesOperations,
if l2p_db['network_id']:
network_id = l2p_db['network_id']
l2p_db.update({'network_id': None})
self._cleanup_network(context._plugin_context, network_id,
clean_session=False)
self._cleanup_network(context._plugin_context, network_id)
if l2p_db['l3_policy_id']:
l3p_id = l2p_db['l3_policy_id']
l2p_db.update({'l3_policy_id': None})
self._cleanup_l3_policy(context, l3p_id, clean_session=False)
self._cleanup_l3_policy(context, l3p_id)
def _port_id_to_pt(self, plugin_context, port_id):
pts = self.gbp_plugin.get_policy_targets(

176
gbpservice/neutron/services/grouppolicy/drivers/resource_mapping.py
View File

@@ -255,27 +255,25 @@ class ImplicitResourceOperations(local_api.LocalAPI,
self._delete_sg_rule(plugin_context, rule['id'])
return sg
def _create_implicit_address_scope(self, context, clean_session=True,
**kwargs):
def _create_implicit_address_scope(self, context, **kwargs):
attrs = {'tenant_id': context.current['tenant_id'],
'name': context.current['name'], 'ip_version':
context.current['ip_version'],
'shared': context.current.get('shared', False)}
attrs.update(**kwargs)
address_scope = self._create_address_scope(
context._plugin_context, attrs, clean_session)
context._plugin_context, attrs)
as_id = address_scope['id']
self._mark_address_scope_owned(context._plugin_context.session, as_id)
return address_scope
def _use_implicit_address_scope(self, context, clean_session=True):
def _use_implicit_address_scope(self, context):
address_scope = self._create_implicit_address_scope(
context, clean_session, name='l3p_' + context.current['name'])
context, name='l3p_' + context.current['name'])
context.set_address_scope_id(address_scope['id'],
context.current['ip_version'])
def _cleanup_address_scope(self, plugin_context, address_scope_id,
clean_session=True):
def _cleanup_address_scope(self, plugin_context, address_scope_id):
if self._address_scope_is_owned(plugin_context.session,
address_scope_id):
subpools = self._get_subnetpools(plugin_context,
@@ -287,11 +285,9 @@ class ImplicitResourceOperations(local_api.LocalAPI,
"associated subnetpools: %(pools)s"),
{'id': address_scope_id, 'pools': subpools})
else:
self._delete_address_scope(plugin_context, address_scope_id,
clean_session)
self._delete_address_scope(plugin_context, address_scope_id)
def _create_implicit_subnetpool(self, context, clean_session=True,
**kwargs):
def _create_implicit_subnetpool(self, context, **kwargs):
attrs = {'tenant_id': context.current['tenant_id'],
'name': context.current['name'], 'ip_version':
context.current['ip_version'],
@@ -303,21 +299,19 @@ class ImplicitResourceOperations(local_api.LocalAPI,
'is_default': False}
attrs.update(**kwargs)
subnetpool = self._create_subnetpool(
context._plugin_context, attrs, clean_session)
context._plugin_context, attrs)
sp_id = subnetpool['id']
self._mark_subnetpool_owned(context._plugin_context.session, sp_id)
return subnetpool
def _use_implicit_subnetpool(self, context, address_scope_id, ip_version,
clean_session=True):
def _use_implicit_subnetpool(self, context, address_scope_id, ip_version):
subnetpool = self._create_implicit_subnetpool(
context, clean_session, name='l3p_' + context.current['name'],
context, name='l3p_' + context.current['name'],
address_scope_id=address_scope_id)
context.add_subnetpool(subnetpool_id=subnetpool['id'],
ip_version=ip_version)
def _cleanup_subnetpool(self, plugin_context, subnetpool_id,
clean_session=True):
def _cleanup_subnetpool(self, plugin_context, subnetpool_id):
if self._subnetpool_is_owned(plugin_context.session,
subnetpool_id):
subnets = self._get_subnets(plugin_context,
@@ -329,34 +323,32 @@ class ImplicitResourceOperations(local_api.LocalAPI,
"associated subnets: %(subnets)s"),
{'id': subnetpool_id, 'subnets': subnets})
else:
self._delete_subnetpool(plugin_context, subnetpool_id,
clean_session)
self._delete_subnetpool(plugin_context, subnetpool_id)
def _create_implicit_network(self, context, clean_session=True, **kwargs):
def _create_implicit_network(self, context, **kwargs):
attrs = {'tenant_id': context.current['tenant_id'],
'name': context.current['name'], 'admin_state_up': True,
'shared': context.current.get('shared', False)}
attrs.update(**kwargs)
network = self._create_network(context._plugin_context, attrs,
clean_session)
network = self._create_network(context._plugin_context, attrs)
network_id = network['id']
self._mark_network_owned(context._plugin_context.session, network_id)
return network
def _use_implicit_network(self, context, address_scope_v4=None,
address_scope_v6=None, clean_session=True):
address_scope_v6=None):
network = self._create_implicit_network(
context, clean_session, name='l2p_' + context.current['name'],
context, name='l2p_' + context.current['name'],
ipv4_address_scope=address_scope_v4,
ipv6_address_scope=address_scope_v6)
context.set_network_id(network['id'])
def _cleanup_network(self, plugin_context, network_id, clean_session=True):
def _cleanup_network(self, plugin_context, network_id):
if self._network_is_owned(plugin_context.session, network_id):
self._delete_network(plugin_context, network_id, clean_session)
self._delete_network(plugin_context, network_id)
def _generate_subnets_from_cidrs(self, context, l2p, l3p, cidrs,
subnet_specifics, clean_session=True):
subnet_specifics):
for usable_cidr in cidrs:
try:
attrs = {'tenant_id': context.current['tenant_id'],
@@ -373,8 +365,7 @@ class ImplicitResourceOperations(local_api.LocalAPI,
'host_routes': attributes.ATTR_NOT_SPECIFIED}
attrs.update(subnet_specifics)
subnet = self._create_subnet(
context._plugin_context, attrs,
clean_session=clean_session)
context._plugin_context, attrs)
yield subnet
except n_exc.BadRequest:
# This is expected (CIDR overlap within network) until
@@ -382,8 +373,7 @@ class ImplicitResourceOperations(local_api.LocalAPI,
# ignore the exception and repeat with the next CIDR.
pass
def _get_ptg_cidrs(self, context, ptgs, ptg_dicts=None,
clean_session=True):
def _get_ptg_cidrs(self, context, ptgs, ptg_dicts=None):
cidrs = []
if ptg_dicts:
ptgs = ptg_dicts
@@ -396,8 +386,7 @@ class ImplicitResourceOperations(local_api.LocalAPI,
if subnets:
cidrs = [x['cidr'] for x in self._get_subnets(
context._plugin_context.elevated(), {'id': subnets},
clean_session=clean_session)]
context._plugin_context.elevated(), {'id': subnets})]
return cidrs
def _get_subnet(self, context, subnet_id):
@@ -405,50 +394,43 @@ class ImplicitResourceOperations(local_api.LocalAPI,
return super(ImplicitResourceOperations, self)._get_subnet(
context, subnet_id)
def _get_l3p_allocated_subnets(self, context, l3p_id, clean_session=True):
def _get_l3p_allocated_subnets(self, context, l3p_id):
ptgs = context._plugin._get_l3p_ptgs(
context._plugin_context.elevated(), l3p_id)
return self._get_ptg_cidrs(context, None, ptg_dicts=ptgs,
clean_session=clean_session)
return self._get_ptg_cidrs(context, None, ptg_dicts=ptgs)
def _validate_and_add_subnet(self, context, subnet, l3p_id,
clean_session=True):
def _validate_and_add_subnet(self, context, subnet, l3p_id):
subnet_id = subnet['id']
session = context._plugin_context.session
with utils.clean_session(session) if clean_session else (
local_api.dummy_context_mgr()):
with session.begin(subtransactions=True):
LOG.debug("starting validate_and_add_subnet transaction for "
"subnet %s", subnet_id)
ptgs = context._plugin._get_l3p_ptgs(
context._plugin_context.elevated(), l3p_id)
allocated = netaddr.IPSet(
iterable=self._get_ptg_cidrs(context, None,
ptg_dicts=ptgs,
clean_session=clean_session))
cidr = subnet['cidr']
if cidr in allocated:
LOG.debug("CIDR %s in-use for L3P %s, allocated: %s",
cidr, l3p_id, allocated)
raise CidrInUse(cidr=cidr, l3p_id=l3p_id)
context.add_subnet(subnet_id)
LOG.debug("ending validate_and_add_subnet transaction for "
"subnet %s", subnet_id)
with session.begin(subtransactions=True):
LOG.debug("starting validate_and_add_subnet transaction for "
"subnet %s", subnet_id)
ptgs = context._plugin._get_l3p_ptgs(
context._plugin_context.elevated(), l3p_id)
allocated = netaddr.IPSet(
iterable=self._get_ptg_cidrs(context, None,
ptg_dicts=ptgs))
cidr = subnet['cidr']
if cidr in allocated:
LOG.debug("CIDR %s in-use for L3P %s, allocated: %s",
cidr, l3p_id, allocated)
raise CidrInUse(cidr=cidr, l3p_id=l3p_id)
context.add_subnet(subnet_id)
LOG.debug("ending validate_and_add_subnet transaction for "
"subnet %s", subnet_id)
def _use_l2_proxy_implicit_subnets(self, context,
subnet_specifics, l2p, l3p,
clean_session=True):
subnet_specifics, l2p, l3p):
LOG.debug("allocate subnets for L2 Proxy %s",
context.current['id'])
proxied = context._plugin.get_policy_target_group(
context._plugin_context, context.current['proxied_group_id'])
subnets = self._get_subnets(context._plugin_context,
{'id': proxied['subnets']},
clean_session=clean_session)
{'id': proxied['subnets']})
# Use the same subnets as the Proxied PTG
generator = self._generate_subnets_from_cidrs(
context, l2p, l3p, [x['cidr'] for x in subnets],
subnet_specifics, clean_session=clean_session)
subnet_specifics)
# Unroll the generator
subnets = [x for x in generator]
subnet_ids = [x['id'] for x in subnets]
@@ -459,8 +441,7 @@ class ImplicitResourceOperations(local_api.LocalAPI,
return subnets
def _use_normal_implicit_subnet(self, context, is_proxy, prefix_len,
subnet_specifics, l2p, l3p,
clean_session=True):
subnet_specifics, l2p, l3p):
LOG.debug("allocate subnets for L3 Proxy or normal PTG %s",
context.current['id'])
@@ -477,7 +458,7 @@ class ImplicitResourceOperations(local_api.LocalAPI,
l3p_id = l3p['id']
allocated = netaddr.IPSet(
iterable=self._get_l3p_allocated_subnets(
context, l3p_id, clean_session=clean_session))
context, l3p_id))
available = pool - allocated
available.compact()
@@ -490,7 +471,7 @@ class ImplicitResourceOperations(local_api.LocalAPI,
break
generator = self._generate_subnets_from_cidrs(
context, l2p, l3p, cidr.subnet(prefixlen),
subnet_specifics, clean_session=clean_session)
subnet_specifics)
for subnet in generator:
LOG.debug("Trying subnet %s for PTG %s", subnet,
context.current['id'])
@@ -498,8 +479,7 @@ class ImplicitResourceOperations(local_api.LocalAPI,
try:
self._mark_subnet_owned(context._plugin_context.session,
subnet_id)
self._validate_and_add_subnet(context, subnet, l3p_id,
clean_session=clean_session)
self._validate_and_add_subnet(context, subnet, l3p_id)
LOG.debug("Using subnet %s for PTG %s", subnet,
context.current['id'])
return [subnet]
@@ -510,20 +490,18 @@ class ImplicitResourceOperations(local_api.LocalAPI,
# available CIDR. We delete the subnet and try the
# next available CIDR.
self._delete_subnet(context._plugin_context,
subnet['id'],
clean_session=clean_session)
subnet['id'])
except n_exc.InvalidInput:
# This exception is not expected. We catch this
# here so that it isn't caught below and handled
# as if the CIDR is already in use.
self._delete_subnet(context._plugin_context,
subnet['id'],
clean_session=clean_session)
subnet['id'])
raise exc.GroupPolicyInternalError()
raise exc.NoSubnetAvailable()
def _use_implicit_subnet(self, context, is_proxy=False, prefix_len=None,
subnet_specifics=None, clean_session=True):
subnet_specifics=None):
subnet_specifics = subnet_specifics or {}
l2p_id = context.current['l2_policy_id']
l2p = context._plugin.get_l2_policy(context._plugin_context, l2p_id)
@@ -533,16 +511,14 @@ class ImplicitResourceOperations(local_api.LocalAPI,
context.current['proxy_type'] == proxy_ext.PROXY_TYPE_L2):
# In case of L2 proxy
return self._use_l2_proxy_implicit_subnets(
context, subnet_specifics, l2p, l3p,
clean_session=clean_session)
context, subnet_specifics, l2p, l3p)
else:
# In case of non proxy PTG or L3 Proxy
return self._use_normal_implicit_subnet(
context, is_proxy, prefix_len, subnet_specifics, l2p, l3p,
clean_session=clean_session)
context, is_proxy, prefix_len, subnet_specifics, l2p, l3p)
def _use_implicit_subnet_from_subnetpool(
self, context, subnet_specifics=None, clean_session=True):
self, context, subnet_specifics=None):
# If a subnet needs to be created with a prefix_length other than
# the subnet_prefix_length set for the l3_policy, a 'prefixlen' can be
# passed explicitly in the subnet_specifics dict.
@@ -603,8 +579,7 @@ class ImplicitResourceOperations(local_api.LocalAPI,
subnet_specifics['ipv6_address_mode'] = (
attributes.ATTR_NOT_SPECIFIED)
attrs.update(subnet_specifics)
subnet = self._create_subnet(context._plugin_context, attrs,
clean_session=clean_session)
subnet = self._create_subnet(context._plugin_context, attrs)
self._mark_subnet_owned(context._plugin_context.session,
subnet['id'])
LOG.debug("Allocated subnet %(sub)s from subnetpool: %(sp)s.",
@@ -629,42 +604,36 @@ class ImplicitResourceOperations(local_api.LocalAPI,
# a generic exception.
raise last
def _cleanup_subnet(self, plugin_context, subnet_id, router_id=None,
clean_session=True):
def _cleanup_subnet(self, plugin_context, subnet_id, router_id=None):
interface_info = {'subnet_id': subnet_id}
if router_id:
try:
self._remove_router_interface(plugin_context, router_id,
interface_info,
clean_session=clean_session)
interface_info)
except ext_l3.RouterInterfaceNotFoundForSubnet:
LOG.debug("Ignoring RouterInterfaceNotFoundForSubnet cleaning "
"up subnet: %s", subnet_id)
if self._subnet_is_owned(plugin_context.session, subnet_id):
self._delete_subnet(plugin_context, subnet_id,
clean_session=clean_session)
self._delete_subnet(plugin_context, subnet_id)
def _get_default_security_group(self, plugin_context, ptg_id,
tenant_id, clean_session=True):
tenant_id):
port_name = DEFAULT_SG_PREFIX % ptg_id
filters = {'name': [port_name], 'tenant_id': [tenant_id]}
default_group = self._get_sgs(plugin_context, filters,
clean_session=clean_session)
default_group = self._get_sgs(plugin_context, filters)
return default_group[0]['id'] if default_group else None
def _use_implicit_port(self, context, subnets=None, clean_session=True):
def _use_implicit_port(self, context, subnets=None):
ptg_id = context.current['policy_target_group_id']
ptg = context._plugin.get_policy_target_group(
context._plugin_context, ptg_id)
l2p_id = ptg['l2_policy_id']
l2p = context._plugin.get_l2_policy(context._plugin_context, l2p_id)
sg_id = self._get_default_security_group(
context._plugin_context, ptg_id, context.current['tenant_id'],
clean_session=clean_session)
context._plugin_context, ptg_id, context.current['tenant_id'])
last = exc.NoSubnetAvailable()
subnets = subnets or self._get_subnets(context._plugin_context,
{'id': ptg['subnets']},
clean_session=clean_session)
{'id': ptg['subnets']})
for subnet in subnets:
try:
attrs = {'tenant_id': context.current['tenant_id'],
@@ -679,8 +648,7 @@ class ImplicitResourceOperations(local_api.LocalAPI,
if context.current.get('group_default_gateway'):
attrs['fixed_ips'][0]['ip_address'] = subnet['gateway_ip']
attrs.update(context.current.get('port_attributes', {}))
port = self._create_port(context._plugin_context, attrs,
clean_session=clean_session)
port = self._create_port(context._plugin_context, attrs)
port_id = port['id']
self._mark_port_owned(context._plugin_context.session, port_id)
context.set_port_id(port_id)
@@ -698,15 +666,14 @@ class ImplicitResourceOperations(local_api.LocalAPI,
except n_exc.PortNotFound:
LOG.warning(_LW("Port %s is missing") % port_id)
def _reject_invalid_router_access(self, context, clean_session=True):
def _reject_invalid_router_access(self, context):
# Validate if the explicit router(s) belong to the tenant.
# Are routers shared across tenants ??
# How to check if admin and if admin can access all routers ??
for router_id in context.current['routers']:
router = None
try:
router = self._get_router(context._plugin_context, router_id,
clean_session=clean_session)
router = self._get_router(context._plugin_context, router_id)
except n_exc.NotFound:
raise exc.InvalidRouterAccess(
msg="Can't access other tenants router",
@@ -722,23 +689,20 @@ class ImplicitResourceOperations(local_api.LocalAPI,
router_id=router_id,
tenant_id=context.current['tenant_id'])
def _use_implicit_router(self, context, router_name=None,
clean_session=True):
def _use_implicit_router(self, context, router_name=None):
attrs = {'tenant_id': context.current['tenant_id'],
'name': router_name or ('l3p_' + context.current['name']),
'external_gateway_info': None,
'admin_state_up': True}
router = self._create_router(context._plugin_context, attrs,
clean_session=clean_session)
router = self._create_router(context._plugin_context, attrs)
router_id = router['id']
self._mark_router_owned(context._plugin_context.session, router_id)
context.add_router(router_id)
return router_id
def _cleanup_router(self, plugin_context, router_id, clean_session=True):
def _cleanup_router(self, plugin_context, router_id):
if self._router_is_owned(plugin_context.session, router_id):
self._delete_router(plugin_context, router_id,
clean_session=clean_session)
self._delete_router(plugin_context, router_id)
def _plug_router_to_subnet(self, plugin_context, subnet_id, router_id):
interface_info = {'subnet_id': subnet_id}