From 5706012434e16dd5f947caeebee9e9ed89a96ad9 Mon Sep 17 00:00:00 2001 From: Salvatore Orlando Date: Fri, 26 Nov 2021 13:36:22 -0800 Subject: [PATCH] [API Replay] Migrate RBAC policies Migrate RBAC policies, skipping those which have been implicitly created from shared or external networks. Change-Id: I0833a52993248857b1eb25491928ca86a720c04c --- vmware_nsx/api_replay/client.py | 35 +++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/vmware_nsx/api_replay/client.py b/vmware_nsx/api_replay/client.py index 1df7edf47b..80277297b6 100644 --- a/vmware_nsx/api_replay/client.py +++ b/vmware_nsx/api_replay/client.py @@ -183,6 +183,7 @@ class ApiReplayClient(utils.PrepareObjectForMigration): self.migrate_fwaas() if self.octavia: self.migrate_octavia(source_networks) + self.migrate_rbac() if self.n_errors: LOG.error("NSX migration is Done with %s errors:", self.n_errors) @@ -311,6 +312,40 @@ class ApiReplayClient(utils.PrepareObjectForMigration): {'q': quota, 'e': e}) self._log_elapsed(outer_start, "Quota migration", debug=False) + def migrate_rbac(self): + outer_start = datetime.now() + source_data = self.source_neutron.list_rbac_policies() + source_rbac = source_data['rbac_policies'] + for count, rbac_policy in enumerate(source_rbac, 1): + inner_start = datetime.now() + # Careful: for shared and external networks an auto generated RBAC + # policy might have been already added. Adding again the same rule + # will trigger an error + try: + new_rbac_policy = rbac_policy.copy() + new_rbac_policy.pop('id') + self.dest_neutron.create_rbac_policy( + {'rbac_policy': new_rbac_policy}) + LOG.info("Migrated RBAC policy %s for %s %s", + rbac_policy['action'], + rbac_policy['object_type'], + rbac_policy['object_id']) + self._log_elapsed( + inner_start, + "Migrate RBAC policy %s" % rbac_policy['id']) + except n_exc.Conflict as e: + LOG.info("Skipping RBAC policy %s due to %s", + rbac_policy['id'], e) + except Exception as e: + self.add_error( + "Failed to migrate RBAC policy %s for %s %si: %s" % ( + rbac_policy['action'], + rbac_policy['object_type'], + rbac_policy['object_id'], + e)) + + self._log_elapsed(outer_start, "Quota migration", debug=False) + def migrate_qos_rule(self, dest_policy, source_rule): """Add the QoS rule from the source to the QoS policy