x
/
vmware-nsx
Code Issues Proposed changes

NSX|V3: Use any instead of ::/x for IPv6 SG rules 

Change-Id: I937fca45ec3d0209e00d9044cca76971f85771f6
This commit is contained in:
asarfaty 2021-01-12 17:12:11 +02:00
parent ef6cb79f46
commit ae43afa98c
1 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
vmware_nsx/plugins/nsx_v3/plugin.py
View File

@ -4788,6 +4788,19 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
ns_group, secgroup.get(provider_sg.PROVIDER)) ns_group, secgroup.get(provider_sg.PROVIDER))
return ns_group, firewall_section return ns_group, firewall_section
def _fix_sg_rule_dict_ips(self, sg_rule):
# 0.0.0.0/# and ::/ are not valid entries for local and remote so we
# need to change this to None
if (sg_rule.get('remote_ip_prefix') and
(sg_rule['remote_ip_prefix'].startswith('0.0.0.0/') or
sg_rule['remote_ip_prefix'].startswith('::/'))):
sg_rule['remote_ip_prefix'] = None
if (sg_rule.get('local_ip_prefix') and
validators.is_attr_set(sg_rule['local_ip_prefix']) and
(sg_rule['local_ip_prefix'].startswith('0.0.0.0/') or
sg_rule['local_ip_prefix'].startswith('::/'))):
sg_rule['local_ip_prefix'] = None
def _create_firewall_rules(self, context, section_id, nsgroup_id, def _create_firewall_rules(self, context, section_id, nsgroup_id,
logging_enabled, action, sg_rules): logging_enabled, action, sg_rules):
# since the nsxlib does not have access to the nsx db, # since the nsxlib does not have access to the nsx db,
@ -4804,14 +4817,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
remote_nsgroup_id = nsx_db.get_nsx_security_group_id( remote_nsgroup_id = nsx_db.get_nsx_security_group_id(
context.session, remote_group_id) context.session, remote_group_id)
ruleid_2_remote_nsgroup_map[sg_rule['id']] = remote_nsgroup_id ruleid_2_remote_nsgroup_map[sg_rule['id']] = remote_nsgroup_id
# 0.0.0.0/# is not a valid entry for local and remote so we need self._fix_sg_rule_dict_ips(sg_rule)
# to change this to None
if (sg_rule.get('remote_ip_prefix') and
sg_rule['remote_ip_prefix'].startswith('0.0.0.0/')):
sg_rule['remote_ip_prefix'] = None
if (sg_rule.get('local_ip_prefix') and
sg_rule['local_ip_prefix'].startswith('0.0.0.0/')):
sg_rule['local_ip_prefix'] = None
return self.nsxlib.firewall_section.create_rules( return self.nsxlib.firewall_section.create_rules(
context, section_id, nsgroup_id, context, section_id, nsgroup_id,