From b63002c3e5a9d2c48878d19412f88e94d3a8533e Mon Sep 17 00:00:00 2001
From: Kobi Samoray <ksamoray@vmware.com>
Date: Thu, 11 Apr 2019 14:01:46 +0300
Subject: [PATCH] NSXP: protect router when it hosts a loadbalancer

Change-Id: I2a64a5ec532b216c26bcfd5083332f18b927cf38
---
 .../services/lbaas/nsx_p/v2/lb_driver_v2.py   | 19 +++++++++++++++++--
 vmware_nsx/tests/unit/nsx_p/test_plugin.py    | 11 +++++++++++
 2 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/vmware_nsx/services/lbaas/nsx_p/v2/lb_driver_v2.py b/vmware_nsx/services/lbaas/nsx_p/v2/lb_driver_v2.py
index 023f8f3b27..7f207a7279 100644
--- a/vmware_nsx/services/lbaas/nsx_p/v2/lb_driver_v2.py
+++ b/vmware_nsx/services/lbaas/nsx_p/v2/lb_driver_v2.py
@@ -17,6 +17,7 @@ from neutron_lib.callbacks import events
 from neutron_lib.callbacks import registry
 from neutron_lib.callbacks import resources
 from neutron_lib import constants as n_consts
+from neutron_lib import exceptions as n_exc
 from oslo_log import helpers as log_helpers
 from oslo_log import log as logging
 
@@ -135,9 +136,23 @@ class EdgeLoadbalancerDriverV2(base_mgr.LoadbalancerBaseManager):
     def _check_lb_service_on_router(self, resource, event, trigger,
                                     payload=None):
         """Prevent removing a router GW or deleting a router used by LB"""
-        pass
+        router_id = payload.resource_id
+        if self.loadbalancer.core_plugin.service_router_has_loadbalancers(
+                router_id):
+            msg = _('Cannot delete a %s as it still has lb service '
+                    'attachment') % resource
+            raise n_exc.BadRequest(resource='lbaas-lb', msg=msg)
 
     def _check_lb_service_on_router_interface(
             self, resource, event, trigger, payload=None):
         # Prevent removing the interface of an LB subnet from a router
-        pass
+        router_id = payload.resource_id
+        subnet_id = payload.metadata.get('subnet_id')
+        if not router_id or not subnet_id:
+            return
+
+        # get LB ports and check if any loadbalancer is using this subnet
+        if self._get_lb_ports(payload.context.elevated(), [subnet_id]):
+            msg = _('Cannot delete a router interface as it used by a '
+                    'loadbalancer')
+            raise n_exc.BadRequest(resource='lbaas-lb', msg=msg)
diff --git a/vmware_nsx/tests/unit/nsx_p/test_plugin.py b/vmware_nsx/tests/unit/nsx_p/test_plugin.py
index 55d5d3a7dd..542596cd7d 100644
--- a/vmware_nsx/tests/unit/nsx_p/test_plugin.py
+++ b/vmware_nsx/tests/unit/nsx_p/test_plugin.py
@@ -47,6 +47,7 @@ from neutron_lib.plugins import directory
 from vmware_nsx.common import utils
 from vmware_nsx.extensions import providersecuritygroup as provider_sg
 from vmware_nsx.plugins.nsx_p import plugin as nsx_plugin
+
 from vmware_nsx.tests import unit as vmware
 from vmware_nsx.tests.unit.common_plugin import common_v3
 from vmware_nsxlib.v3 import exceptions as nsxlib_exc
@@ -1327,6 +1328,16 @@ class NsxPTestL3NatTest(common_v3.FixExternalNetBaseTest,
         kwargs['ext_mgr'] = (kwargs.get('ext_mgr') or
                              NsxPTestL3ExtensionManager())
 
+        # Make sure the LB callback is not called on router deletion
+        self.lb_mock1 = mock.patch(
+            "vmware_nsx.services.lbaas.nsx_p.v2.lb_driver_v2."
+            "EdgeLoadbalancerDriverV2._check_lb_service_on_router")
+        self.lb_mock1.start()
+        self.lb_mock2 = mock.patch(
+            "vmware_nsx.services.lbaas.nsx_p.v2.lb_driver_v2."
+            "EdgeLoadbalancerDriverV2._check_lb_service_on_router_interface")
+        self.lb_mock2.start()
+
         super(NsxPTestL3NatTest, self).setUp(*args, **kwargs)
         self.original_subnet = self.subnet
         self.original_network = self.network