x
/
vmware-nsx
Code Issues Proposed changes

NSX|V: prevent the deletion of Lb interface ports 

Make sure the user cannot delete those internal lb ports

Change-Id: If2be64b69c43f5ef6814abb3caffdfe554f7a3a1
This commit is contained in:
Adit Sarfaty 2019-05-26 16:08:50 +03:00
parent 4b3d0e9446
commit 7ccd2f2e84
3 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
vmware_nsx/plugins/nsx_v/plugin.py
View File

@ -160,6 +160,7 @@ from vmware_nsx.services.lbaas.nsx_v.implementation import listener_mgr
from vmware_nsx.services.lbaas.nsx_v.implementation import loadbalancer_mgr
from vmware_nsx.services.lbaas.nsx_v.implementation import member_mgr
from vmware_nsx.services.lbaas.nsx_v.implementation import pool_mgr
from vmware_nsx.services.lbaas.nsx_v import lbaas_common as lb_common
from vmware_nsx.services.lbaas.octavia import constants as oct_const
from vmware_nsx.services.lbaas.octavia import octavia_listener
@ -2708,7 +2709,8 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
def delete_port(self, context, id, l3_port_check=True,
nw_gw_port_check=True, force_delete_dhcp=False,
allow_delete_internal=False):
allow_delete_internal=False,
allow_delete_lb_if=False):
# Send delete port notification to any interested service plugin
registry.publish(resources.PORT, events.BEFORE_DELETE, self,
payload=events.DBEventPayload(
@ -2721,6 +2723,11 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
if not allow_delete_internal:
self._validate_internal_network(
context, neutron_db_port['network_id'])
if (not allow_delete_lb_if and
neutron_db_port.get('device_owner') and
neutron_db_port['device_owner'] == lb_common.LBAAS_DEVICE_OWNER):
msg = _("Cannot delete LB interface port")
raise n_exc.InvalidInput(error_message=msg)
if is_compute_port and device_id:
# Lock on the device ID to make sure we do not change/delete

5
vmware_nsx/services/lbaas/nsx_v/implementation/loadbalancer_mgr.py
View File

@ -115,11 +115,12 @@ class EdgeLoadBalancerManagerFromDict(base_mgr.EdgeLoadbalancerBaseManager):
# Discard any ports which are associated with LB
filters = {
'device_id': [lb['id'], oct_const.DEVICE_ID_PREFIX + lb['id']],
'device_owner': [constants.DEVICE_OWNER_NEUTRON_PREFIX + 'LB']}
'device_owner': [lb_common.LBAAS_DEVICE_OWNER]}
lb_ports = self.core_plugin.get_ports(context.elevated(),
filters=filters)
for lb_port in lb_ports:
self.core_plugin.delete_port(context.elevated(), lb_port['id'])
self.core_plugin.delete_port(context.elevated(), lb_port['id'],
allow_delete_lb_if=True)
binding = nsxv_db.get_nsxv_lbaas_loadbalancer_binding(
context.session, lb['id'])

7
vmware_nsx/services/lbaas/nsx_v/lbaas_common.py
View File

@ -32,6 +32,7 @@ LOG = logging.getLogger(__name__)
MEMBER_ID_PFX = 'member-'
RESOURCE_ID_PFX = 'lbaas-'
LBAAS_FW_SECTION_NAME = 'LBaaS FW Rules'
LBAAS_DEVICE_OWNER = constants.DEVICE_OWNER_NEUTRON_PREFIX + 'LB'
def get_member_id(member_id):
@ -82,7 +83,7 @@ def get_lb_edge_name(context, lb_id):
def get_lb_interface(context, plugin, lb_id, subnet_id):
filters = {'fixed_ips': {'subnet_id': [subnet_id]},
'device_id': [lb_id],
'device_owner': [constants.DEVICE_OWNER_NEUTRON_PREFIX + 'LB']}
'device_owner': [LBAAS_DEVICE_OWNER]}
lb_ports = plugin.get_ports(context.elevated(), filters=filters)
return lb_ports
@ -99,7 +100,7 @@ def create_lb_interface(context, plugin, lb_id, subnet_id, tenant_id,
'network_id': network_id,
'tenant_id': tenant_id,
'fixed_ips': [{'subnet_id': subnet['id']}],
'device_owner': constants.DEVICE_OWNER_NEUTRON_PREFIX + 'LB',
'device_owner': LBAAS_DEVICE_OWNER,
'device_id': lb_id,
'mac_address': constants.ATTR_NOT_SPECIFIED
}
@ -127,7 +128,7 @@ def delete_lb_interface(context, plugin, lb_id, subnet_id):
network_id = subnet.get('network_id')
lb_ports = get_lb_interface(context, plugin, lb_id, subnet_id)
for lb_port in lb_ports:
plugin.delete_port(context, lb_port['id'])
plugin.delete_port(context, lb_port['id'], allow_delete_lb_if=True)
edge_utils.delete_interface(plugin.nsx_v, context, resource_id, network_id,
dist=False)