TVD: Add service plugins to separate list results

Adding service plugins for QoS, VPNaaS and L2Gateway
and updating the BGP plugin
to prevent users from getting objects belonging to a different
plugin

Change-Id: I3545c3acefaf50ca6937a0b7a65c131c569317cd
This commit is contained in:
Adit Sarfaty 2018-02-20 10:14:43 +02:00
parent 8f513e2d9a
commit c6c155c1aa
9 changed files with 115 additions and 9 deletions

View File

@ -269,7 +269,7 @@ Add neutron-fwaas repo as an external repository and configure following flags i
[[local|localrc]]
enable_plugin neutron-fwaas https://git.openstack.org/openstack/neutron-fwaas
ENABLED_SERVICES+=,q-fwaas-v2
Q_SERVICE_PLUGIN_CLASSES=vmware_nsxtvd_fwaasv2
Q_SERVICE_PLUGIN_CLASSES+=,vmware_nsxtvd_fwaasv2
[[post-config|$NEUTRON_CONF]]
[fwaas]
@ -288,6 +288,11 @@ Add networking-l2gw repo as an external repository and configure following flags
ENABLED_SERVICES+=l2gw-plugin
NETWORKING_L2GW_SERVICE_DRIVER=L2GW:vmware-nsx-l2gw:vmware_nsx.services.l2gateway.nsx_tvd.driver.NsxTvdL2GatewayDriver:default
DEFAULT_BRIDGE_CLUSTER_UUID=
Q_SERVICE_PLUGIN_CLASSES+=,vmware_nsxtvd_l2gw
[[post-config|$NEUTRON_CONF]]
[DEFAULT]
api_extensions_path = $DEST/networking-l2gateway/networking_l2gw/extensions
QoS Driver
~~~~~~~~~~
@ -296,7 +301,7 @@ Enable the qos in ``local.conf``::
[[local|localrc]]
ENABLED_SERVICES+=,q-qos
Q_SERVICE_PLUGIN_CLASSES=neutron.services.qos.qos_plugin.QoSPlugin
Q_SERVICE_PLUGIN_CLASSES+=,vmware_nsxtvd_qos
Neutron dynamic routing plugin (bgp)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@ -320,3 +325,9 @@ Add neutron-vpnaas repo as an external repository and configure following flags
[[local|localrc]]
enable_plugin neutron-vpnaas https://git.openstack.org/openstack/neutron-vpnaas
NEUTRON_VPNAAS_SERVICE_PROVIDER=VPN:vmware:vmware_nsx.services.vpnaas.nsx_tvd.ipsec_driver.NSXIPsecVpnDriver:default
Q_SERVICE_PLUGIN_CLASSES+=,vmware_nsxtvd_vpnaas
[[post-config|$NEUTRON_CONF]]
[DEFAULT]
api_extensions_path = $DEST/neutron-vpnaas/neutron_vpnaas/extensions

View File

@ -46,6 +46,9 @@ neutron.service_plugins =
vmware_nsxtvd_lbaasv2 = vmware_nsx.services.lbaas.nsx.plugin:LoadBalancerTVPluginV2
vmware_nsxtvd_fwaasv1 = vmware_nsx.services.fwaas.nsx_tv.plugin_v1:FwaasTVPluginV1
vmware_nsxtvd_fwaasv2 = vmware_nsx.services.fwaas.nsx_tv.plugin_v2:FwaasTVPluginV2
vmware_nsxtvd_l2gw = vmware_nsx.services.l2gateway.nsx_tvd.plugin:L2GatewayPlugin
vmware_nsxtvd_qos = vmware_nsx.services.qos.nsx_tvd.plugin:QoSPlugin
vmware_nsxtvd_vpnaas = vmware_nsx.services.vpnaas.nsx_tvd.plugin:VPNPlugin
neutron.qos.notification_drivers =
vmware_nsxv3_message_queue = vmware_nsx.services.qos.nsx_v3.message_queue:NsxV3QosNotificationDriver
neutron.ipam_drivers =

View File

@ -58,19 +58,19 @@ def filter_plugins(cls):
def add_separate_plugin_hook(name):
orig_method = getattr(cls, name, None)
def filter_results_by_plugin(self, context, filters=None, fields=None):
def filter_results_by_plugin(self, context, **kwargs):
"""Run the original get-list method, and filter the results
by the project id of the context
"""
entries = orig_method(self, context, filters=filters,
fields=fields)
entries = orig_method(self, context, **kwargs)
if not context.project_id:
return entries
req_p = get_project_mapping(context, context.project_id)
for entry in entries[:]:
p = get_project_mapping(context, entry['tenant_id'])
if p != req_p:
entries.remove(entry)
if entry.get('tenant_id'):
p = get_project_mapping(context, entry['tenant_id'])
if p != req_p:
entries.remove(entry)
return entries

View File

@ -30,21 +30,26 @@ from vmware_nsx.common import nsxv_constants
from vmware_nsx.db import nsxv_db
from vmware_nsx.extensions import edge_service_gateway_bgp_peer as ext_esg
from vmware_nsx.extensions import projectpluginmap
from vmware_nsx.plugins.nsx import utils as tvd_utils
from vmware_nsx.services.dynamic_routing.nsx_v import driver as nsxv_driver
LOG = logging.getLogger(__name__)
PLUGIN_NAME = bgp_ext.BGP_EXT_ALIAS + '_nsx_svc_plugin'
@tvd_utils.filter_plugins
class NSXBgpPlugin(service_base.ServicePluginBase, bgp_db.BgpDbMixin):
"""BGP service plugin for NSX-V as well as TVD plugins.
Currently only the nsx-v is supported. other plugins will be refused.
Currently only the nsx-v is supported. other plugins will be refused.
"""
supported_extension_aliases = [bgp_ext.BGP_EXT_ALIAS,
ext_esg.ESG_BGP_PEER_EXT_ALIAS]
methods_to_separate = ['get_bgp_speakers',
'get_bgp_peers']
def __init__(self):
super(NSXBgpPlugin, self).__init__()
self._core_plugin = directory.get_plugin()

View File

@ -0,0 +1,28 @@
# Copyright 2018 VMware, Inc.
# All Rights Reserved
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from networking_l2gw.services.l2gateway import plugin
from vmware_nsx.plugins.nsx import utils as tvd_utils
@tvd_utils.filter_plugins
class L2GatewayPlugin(plugin.L2GatewayPlugin):
"""NSX-TV plugin for L2GW.
This plugin adds separation between T/V instances
"""
methods_to_separate = ['get_l2_gateways',
'get_l2_gateway_connections']

View File

@ -98,6 +98,7 @@ class NsxV3Driver(l2gateway_db.L2GatewayMixin):
# Optimistically create the default L2 gateway in neutron DB
device = {'device_name': def_l2gw_uuid,
'interfaces': [{'name': 'default-bridge-cluster'}]}
# TODO(asarfaty): Add a default v3 tenant-id to allow TVD filtering
def_l2gw = {'name': 'default-l2gw',
'devices': [device]}
l2gw_dict = {self.gateway_resource: def_l2gw}

View File

@ -0,0 +1,27 @@
# Copyright 2018 VMware, Inc.
# All Rights Reserved
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from neutron.services.qos import qos_plugin
from vmware_nsx.plugins.nsx import utils as tvd_utils
@tvd_utils.filter_plugins
class QoSPlugin(qos_plugin.QoSPlugin):
"""NSX-TV plugin for QoS.
This plugin adds separation between T/V instances
"""
methods_to_separate = ['get_policies']

View File

@ -0,0 +1,31 @@
# Copyright 2018 VMware, Inc.
# All Rights Reserved
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from neutron_vpnaas.services.vpn import plugin
from vmware_nsx.plugins.nsx import utils as tvd_utils
@tvd_utils.filter_plugins
class VPNPlugin(plugin.VPNDriverPlugin):
"""NSX-TV plugin for QoS.
This plugin adds separation between T/V instances
"""
methods_to_separate = ['get_ipsec_site_connections',
'get_ikepolicies',
'get_ipsecpolicies',
'get_vpnservices',
'get_endpoint_groups']