From c6c155c1aa9427b9d9c7c23d3a493218d42b7c54 Mon Sep 17 00:00:00 2001 From: Adit Sarfaty Date: Tue, 20 Feb 2018 10:14:43 +0200 Subject: [PATCH] TVD: Add service plugins to separate list results Adding service plugins for QoS, VPNaaS and L2Gateway and updating the BGP plugin to prevent users from getting objects belonging to a different plugin Change-Id: I3545c3acefaf50ca6937a0b7a65c131c569317cd --- doc/source/devstack.rst | 15 +++++++-- setup.cfg | 3 ++ vmware_nsx/plugins/nsx/utils.py | 12 +++---- .../services/dynamic_routing/bgp_plugin.py | 7 ++++- .../services/l2gateway/nsx_tvd/plugin.py | 28 +++++++++++++++++ .../services/l2gateway/nsx_v3/driver.py | 1 + vmware_nsx/services/qos/nsx_tvd/__init__.py | 0 vmware_nsx/services/qos/nsx_tvd/plugin.py | 27 ++++++++++++++++ vmware_nsx/services/vpnaas/nsx_tvd/plugin.py | 31 +++++++++++++++++++ 9 files changed, 115 insertions(+), 9 deletions(-) create mode 100644 vmware_nsx/services/l2gateway/nsx_tvd/plugin.py create mode 100644 vmware_nsx/services/qos/nsx_tvd/__init__.py create mode 100644 vmware_nsx/services/qos/nsx_tvd/plugin.py create mode 100644 vmware_nsx/services/vpnaas/nsx_tvd/plugin.py diff --git a/doc/source/devstack.rst b/doc/source/devstack.rst index b119a83340..5ada57874a 100644 --- a/doc/source/devstack.rst +++ b/doc/source/devstack.rst @@ -269,7 +269,7 @@ Add neutron-fwaas repo as an external repository and configure following flags i [[local|localrc]] enable_plugin neutron-fwaas https://git.openstack.org/openstack/neutron-fwaas ENABLED_SERVICES+=,q-fwaas-v2 - Q_SERVICE_PLUGIN_CLASSES=vmware_nsxtvd_fwaasv2 + Q_SERVICE_PLUGIN_CLASSES+=,vmware_nsxtvd_fwaasv2 [[post-config|$NEUTRON_CONF]] [fwaas] @@ -288,6 +288,11 @@ Add networking-l2gw repo as an external repository and configure following flags ENABLED_SERVICES+=l2gw-plugin NETWORKING_L2GW_SERVICE_DRIVER=L2GW:vmware-nsx-l2gw:vmware_nsx.services.l2gateway.nsx_tvd.driver.NsxTvdL2GatewayDriver:default DEFAULT_BRIDGE_CLUSTER_UUID= + Q_SERVICE_PLUGIN_CLASSES+=,vmware_nsxtvd_l2gw + + [[post-config|$NEUTRON_CONF]] + [DEFAULT] + api_extensions_path = $DEST/networking-l2gateway/networking_l2gw/extensions QoS Driver ~~~~~~~~~~ @@ -296,7 +301,7 @@ Enable the qos in ``local.conf``:: [[local|localrc]] ENABLED_SERVICES+=,q-qos - Q_SERVICE_PLUGIN_CLASSES=neutron.services.qos.qos_plugin.QoSPlugin + Q_SERVICE_PLUGIN_CLASSES+=,vmware_nsxtvd_qos Neutron dynamic routing plugin (bgp) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -320,3 +325,9 @@ Add neutron-vpnaas repo as an external repository and configure following flags [[local|localrc]] enable_plugin neutron-vpnaas https://git.openstack.org/openstack/neutron-vpnaas NEUTRON_VPNAAS_SERVICE_PROVIDER=VPN:vmware:vmware_nsx.services.vpnaas.nsx_tvd.ipsec_driver.NSXIPsecVpnDriver:default + Q_SERVICE_PLUGIN_CLASSES+=,vmware_nsxtvd_vpnaas + + [[post-config|$NEUTRON_CONF]] + [DEFAULT] + api_extensions_path = $DEST/neutron-vpnaas/neutron_vpnaas/extensions + diff --git a/setup.cfg b/setup.cfg index f7ef3a5ce9..fef15dae6d 100644 --- a/setup.cfg +++ b/setup.cfg @@ -46,6 +46,9 @@ neutron.service_plugins = vmware_nsxtvd_lbaasv2 = vmware_nsx.services.lbaas.nsx.plugin:LoadBalancerTVPluginV2 vmware_nsxtvd_fwaasv1 = vmware_nsx.services.fwaas.nsx_tv.plugin_v1:FwaasTVPluginV1 vmware_nsxtvd_fwaasv2 = vmware_nsx.services.fwaas.nsx_tv.plugin_v2:FwaasTVPluginV2 + vmware_nsxtvd_l2gw = vmware_nsx.services.l2gateway.nsx_tvd.plugin:L2GatewayPlugin + vmware_nsxtvd_qos = vmware_nsx.services.qos.nsx_tvd.plugin:QoSPlugin + vmware_nsxtvd_vpnaas = vmware_nsx.services.vpnaas.nsx_tvd.plugin:VPNPlugin neutron.qos.notification_drivers = vmware_nsxv3_message_queue = vmware_nsx.services.qos.nsx_v3.message_queue:NsxV3QosNotificationDriver neutron.ipam_drivers = diff --git a/vmware_nsx/plugins/nsx/utils.py b/vmware_nsx/plugins/nsx/utils.py index 91ff30251e..6cde964964 100644 --- a/vmware_nsx/plugins/nsx/utils.py +++ b/vmware_nsx/plugins/nsx/utils.py @@ -58,19 +58,19 @@ def filter_plugins(cls): def add_separate_plugin_hook(name): orig_method = getattr(cls, name, None) - def filter_results_by_plugin(self, context, filters=None, fields=None): + def filter_results_by_plugin(self, context, **kwargs): """Run the original get-list method, and filter the results by the project id of the context """ - entries = orig_method(self, context, filters=filters, - fields=fields) + entries = orig_method(self, context, **kwargs) if not context.project_id: return entries req_p = get_project_mapping(context, context.project_id) for entry in entries[:]: - p = get_project_mapping(context, entry['tenant_id']) - if p != req_p: - entries.remove(entry) + if entry.get('tenant_id'): + p = get_project_mapping(context, entry['tenant_id']) + if p != req_p: + entries.remove(entry) return entries diff --git a/vmware_nsx/services/dynamic_routing/bgp_plugin.py b/vmware_nsx/services/dynamic_routing/bgp_plugin.py index ebb4e1deef..74c51c4bf2 100644 --- a/vmware_nsx/services/dynamic_routing/bgp_plugin.py +++ b/vmware_nsx/services/dynamic_routing/bgp_plugin.py @@ -30,21 +30,26 @@ from vmware_nsx.common import nsxv_constants from vmware_nsx.db import nsxv_db from vmware_nsx.extensions import edge_service_gateway_bgp_peer as ext_esg from vmware_nsx.extensions import projectpluginmap +from vmware_nsx.plugins.nsx import utils as tvd_utils from vmware_nsx.services.dynamic_routing.nsx_v import driver as nsxv_driver LOG = logging.getLogger(__name__) PLUGIN_NAME = bgp_ext.BGP_EXT_ALIAS + '_nsx_svc_plugin' +@tvd_utils.filter_plugins class NSXBgpPlugin(service_base.ServicePluginBase, bgp_db.BgpDbMixin): """BGP service plugin for NSX-V as well as TVD plugins. - Currently only the nsx-v is supported. other plugins will be refused. + Currently only the nsx-v is supported. other plugins will be refused. """ supported_extension_aliases = [bgp_ext.BGP_EXT_ALIAS, ext_esg.ESG_BGP_PEER_EXT_ALIAS] + methods_to_separate = ['get_bgp_speakers', + 'get_bgp_peers'] + def __init__(self): super(NSXBgpPlugin, self).__init__() self._core_plugin = directory.get_plugin() diff --git a/vmware_nsx/services/l2gateway/nsx_tvd/plugin.py b/vmware_nsx/services/l2gateway/nsx_tvd/plugin.py new file mode 100644 index 0000000000..f7a2ed181c --- /dev/null +++ b/vmware_nsx/services/l2gateway/nsx_tvd/plugin.py @@ -0,0 +1,28 @@ +# Copyright 2018 VMware, Inc. +# All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from networking_l2gw.services.l2gateway import plugin + +from vmware_nsx.plugins.nsx import utils as tvd_utils + + +@tvd_utils.filter_plugins +class L2GatewayPlugin(plugin.L2GatewayPlugin): + """NSX-TV plugin for L2GW. + + This plugin adds separation between T/V instances + """ + methods_to_separate = ['get_l2_gateways', + 'get_l2_gateway_connections'] diff --git a/vmware_nsx/services/l2gateway/nsx_v3/driver.py b/vmware_nsx/services/l2gateway/nsx_v3/driver.py index cf29c8fe0a..ad0b4699f5 100644 --- a/vmware_nsx/services/l2gateway/nsx_v3/driver.py +++ b/vmware_nsx/services/l2gateway/nsx_v3/driver.py @@ -98,6 +98,7 @@ class NsxV3Driver(l2gateway_db.L2GatewayMixin): # Optimistically create the default L2 gateway in neutron DB device = {'device_name': def_l2gw_uuid, 'interfaces': [{'name': 'default-bridge-cluster'}]} + # TODO(asarfaty): Add a default v3 tenant-id to allow TVD filtering def_l2gw = {'name': 'default-l2gw', 'devices': [device]} l2gw_dict = {self.gateway_resource: def_l2gw} diff --git a/vmware_nsx/services/qos/nsx_tvd/__init__.py b/vmware_nsx/services/qos/nsx_tvd/__init__.py new file mode 100644 index 0000000000..e69de29bb2 diff --git a/vmware_nsx/services/qos/nsx_tvd/plugin.py b/vmware_nsx/services/qos/nsx_tvd/plugin.py new file mode 100644 index 0000000000..3732c95d18 --- /dev/null +++ b/vmware_nsx/services/qos/nsx_tvd/plugin.py @@ -0,0 +1,27 @@ +# Copyright 2018 VMware, Inc. +# All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from neutron.services.qos import qos_plugin + +from vmware_nsx.plugins.nsx import utils as tvd_utils + + +@tvd_utils.filter_plugins +class QoSPlugin(qos_plugin.QoSPlugin): + """NSX-TV plugin for QoS. + + This plugin adds separation between T/V instances + """ + methods_to_separate = ['get_policies'] diff --git a/vmware_nsx/services/vpnaas/nsx_tvd/plugin.py b/vmware_nsx/services/vpnaas/nsx_tvd/plugin.py new file mode 100644 index 0000000000..448009b9a4 --- /dev/null +++ b/vmware_nsx/services/vpnaas/nsx_tvd/plugin.py @@ -0,0 +1,31 @@ +# Copyright 2018 VMware, Inc. +# All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from neutron_vpnaas.services.vpn import plugin + +from vmware_nsx.plugins.nsx import utils as tvd_utils + + +@tvd_utils.filter_plugins +class VPNPlugin(plugin.VPNDriverPlugin): + """NSX-TV plugin for QoS. + + This plugin adds separation between T/V instances + """ + methods_to_separate = ['get_ipsec_site_connections', + 'get_ikepolicies', + 'get_ipsecpolicies', + 'get_vpnservices', + 'get_endpoint_groups']