TVD: ensure that can return specific tenant/project requests

A service tenant may do a request for a speicific tenants data,
for example, ports (as in the case with a nova boot). So we need
to ensure that the filters requested by the tenant are met.

Change-Id: Ic7ff59a813347f943e6c84478d9f036c90473c9e
This commit is contained in:
Gary Kotton 2018-01-15 05:48:45 -08:00 committed by Adit Sarfaty
parent 3caac5a518
commit ab86e8deaf
2 changed files with 54 additions and 24 deletions

View File

@ -252,8 +252,10 @@ class NsxTVDPlugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
del data[field]
def _list_availability_zones(self, context, filters=None):
p = self._get_plugin_from_project(context, context.project_id)
return p._list_availability_zones(context, filters=filters)
p = self._get_plugin_for_request(context, filters)
if p:
return p._list_availability_zones(context, filters=filters)
return []
def validate_availability_zones(self, context, resource_type,
availability_zones):
@ -311,12 +313,29 @@ class NsxTVDPlugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
p = self._get_plugin_from_net_id(context, id)
return p.get_network(context, id, fields=fields)
def _get_plugin_for_request(self, context, filters):
project_id = context.project_id
if filters:
if filters.get('tenant_id'):
project_id = filters.get('tenant_id')
elif filters.get('project_id'):
project_id = filters.get('project_id')
else:
# A specific filter request is made. So here we
# will not filter according to the plugin.
return
# If there are multiple tenants/prijects being requested then
# we will not filter according to the plugin
if isinstance(project_id, list):
return
return self._get_plugin_from_project(context, project_id)
def get_networks(self, context, filters=None, fields=None,
sorts=None, limit=None, marker=None,
page_reverse=False):
# Read project plugin to filter relevant projects according to
# plugin
req_p = self._get_plugin_from_project(context, context.project_id)
req_p = self._get_plugin_for_request(context, filters)
filters = filters or {}
with db_api.context_manager.reader.using(context):
networks = (
@ -325,7 +344,7 @@ class NsxTVDPlugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
limit, marker, page_reverse))
for net in networks[:]:
p = self._get_plugin_from_project(context, net['tenant_id'])
if p == req_p:
if p == req_p or req_p is None:
p._extend_get_network_dict_provider(context, net)
else:
networks.remove(net)
@ -372,7 +391,7 @@ class NsxTVDPlugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
page_reverse=False):
# Read project plugin to filter relevant projects according to
# plugin
req_p = self._get_plugin_from_project(context, context.project_id)
req_p = self._get_plugin_for_request(context, filters)
filters = filters or {}
with db_api.context_manager.reader.using(context):
ports = (
@ -385,7 +404,7 @@ class NsxTVDPlugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
port_model = self._get_port(context, port['id'])
resource_extend.apply_funcs('ports', port, port_model)
p = self._get_plugin_from_net_id(context, port['network_id'])
if p == req_p:
if p == req_p or req_p is None:
if hasattr(p, '_extend_get_port_dict_qos_and_binding'):
p._extend_get_port_dict_qos_and_binding(context, port)
if hasattr(p,
@ -421,14 +440,14 @@ class NsxTVDPlugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
else:
# Read project plugin to filter relevant projects according to
# plugin
req_p = self._get_plugin_from_project(context, context.project_id)
req_p = self._get_plugin_for_request(context, filters)
filters = filters or {}
subnets = super(NsxTVDPlugin, self).get_subnets(
context, filters=filters, fields=fields, sorts=sorts,
limit=limit, marker=marker, page_reverse=page_reverse)
for subnet in subnets[:]:
p = self._get_plugin_from_project(context, subnet['tenant_id'])
if p != req_p:
if req_p and p != req_p:
subnets.remove(subnet)
return subnets
@ -545,13 +564,13 @@ class NsxTVDPlugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
page_reverse=False):
# Read project plugin to filter relevant projects according to
# plugin
req_p = self._get_plugin_from_project(context, context.project_id)
req_p = self._get_plugin_for_request(context, filters)
routers = super(NsxTVDPlugin, self).get_routers(
context, filters=filters, fields=fields, sorts=sorts,
limit=limit, marker=marker, page_reverse=page_reverse)
for router in routers[:]:
p = self._get_plugin_from_project(context, router['tenant_id'])
if p != req_p:
if req_p and p != req_p:
routers.remove(router)
return routers
@ -585,14 +604,14 @@ class NsxTVDPlugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
page_reverse=False):
# Read project plugin to filter relevant projects according to
# plugin
req_p = self._get_plugin_from_project(context, context.project_id)
req_p = self._get_plugin_for_request(context, filters)
fips = super(NsxTVDPlugin, self).get_floatingips(
context, filters=filters, fields=fields, sorts=sorts,
limit=limit, marker=marker, page_reverse=page_reverse)
for fip in fips[:]:
p = self._get_plugin_from_project(context,
fip['tenant_id'])
if p != req_p:
if req_p and p != req_p:
fips.remove(fip)
return fips
@ -633,14 +652,14 @@ class NsxTVDPlugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
marker=None, page_reverse=False, default_sg=False):
# Read project plugin to filter relevant projects according to
# plugin
req_p = self._get_plugin_from_project(context, context.project_id)
req_p = self._get_plugin_for_request(context, filters)
sgs = super(NsxTVDPlugin, self).get_security_groups(
context, filters=filters, fields=fields, sorts=sorts,
limit=limit, marker=marker, page_reverse=page_reverse,
default_sg=default_sg)
for sg in sgs[:]:
p = self._get_plugin_from_project(context, sg['tenant_id'])
if p != req_p:
if req_p and p != req_p:
sgs.remove(sg)
return sgs
@ -664,13 +683,13 @@ class NsxTVDPlugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
page_reverse=False):
# Read project plugin to filter relevant projects according to
# plugin
req_p = self._get_plugin_from_project(context, context.project_id)
req_p = self._get_plugin_for_request(context, filters)
rules = super(NsxTVDPlugin, self).get_security_group_rules(
context, filters=filters, fields=fields, sorts=sorts,
limit=limit, marker=marker, page_reverse=page_reverse)
for rule in rules[:]:
p = self._get_plugin_from_project(context, rule['tenant_id'])
if p != req_p:
if req_p and p != req_p:
rules.remove(rule)
return rules
@ -810,8 +829,8 @@ class NsxTVDPlugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
def get_housekeepers(self, context, filters=None, fields=None, sorts=None,
limit=None, marker=None, page_reverse=False):
p = self._get_plugin_from_project(context, context.project_id)
if hasattr(p, 'housekeeper'):
p = self._get_plugin_for_request(context, filters)
if p and hasattr(p, 'housekeeper'):
return p.housekeeper.list()
return []
@ -826,14 +845,14 @@ class NsxTVDPlugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
page_reverse=False):
# Read project plugin to filter relevant projects according to
# plugin
req_p = self._get_plugin_from_project(context, context.project_id)
req_p = self._get_plugin_for_request(context, filters)
address_scopes = super(NsxTVDPlugin, self).get_address_scopes(
context, filters=filters, fields=fields, sorts=sorts,
limit=limit, marker=marker, page_reverse=page_reverse)
for address_scope in address_scopes[:]:
p = self._get_plugin_from_project(context,
address_scope['tenant_id'])
if p != req_p:
if req_p and p != req_p:
address_scopes.remove(address_scope)
return address_scopes
@ -842,13 +861,13 @@ class NsxTVDPlugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
page_reverse=False):
# Read project plugin to filter relevant projects according to
# plugin
req_p = self._get_plugin_from_project(context, context.project_id)
req_p = self._get_plugin_for_request(context, filters)
pools = super(NsxTVDPlugin, self).get_subnetpools(
context, filters=filters, fields=fields, sorts=sorts,
limit=limit, marker=marker, page_reverse=page_reverse)
for pool in pools[:]:
p = self._get_plugin_from_project(context,
pool['tenant_id'])
if p != req_p:
if req_p and p != req_p:
pools.remove(pool)
return pools

View File

@ -19,7 +19,18 @@ from vmware_nsx.db import db as nsx_db
class LoadBalancerTVDPluginv2(plugin.LoadBalancerPluginv2):
def _get_project_mapping(self, context, project_id):
def _get_project_mapping(self, context, filters):
project_id = context.project_id
if filters:
if filters.get('tenant_id'):
project_id = filters.get('tenant_id')
elif filters.get('project_id'):
project_id = filters.get('project_id')
# If multiple are requested then we revert to
# the context's project id
if isinstance(project_id, list):
project_id = context.project_id
mapping = nsx_db.get_project_plugin_mapping(
context.session, project_id)
if mapping:
@ -28,7 +39,7 @@ class LoadBalancerTVDPluginv2(plugin.LoadBalancerPluginv2):
raise exceptions.ObjectNotFound(id=project_id)
def _filter_entries(self, method, context, filters=None, fields=None):
req_p = self._get_project_mapping(context, context.project_id)
req_p = self._get_project_mapping(context, filters)
entries = method(context, filters=filters, fields=fields)
for entry in entries[:]:
p = self._get_project_mapping(context,