8548f110ac
Commit I5b804e09e630d88d551271d9731cc1f65c065259 changed/removed some of the methods in CommonDbMixin. As a result the way the plugins register the different extend-dict methods has changed, and now uses a decorator. Also those extend-dict callbacks are static methods which do not receive 'self', and this caused some additional changes. Change-Id: If99da0ea1e37792bd531ef92b0bbb880d2b05b8a Depends-on: I5b804e09e630d88d551271d9731cc1f65c065259
93 lines
3.5 KiB
Python
93 lines
3.5 KiB
Python
# Copyright 2016 VMware, Inc.
|
|
# All Rights Reserved
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from neutron_lib.db import model_base
|
|
import sqlalchemy as sa
|
|
from sqlalchemy import orm
|
|
|
|
from neutron.db import _resource_extend as resource_extend
|
|
from neutron.db import api as db_api
|
|
from neutron.db.models import securitygroup
|
|
from neutron.extensions import securitygroup as ext_sg
|
|
from neutron_lib.api import validators
|
|
from neutron_lib import exceptions as nexception
|
|
from vmware_nsx._i18n import _
|
|
from vmware_nsx.extensions import secgroup_rule_local_ip_prefix as ext_local_ip
|
|
|
|
|
|
class NotIngressRule(nexception.BadRequest):
|
|
message = _("Specifying local_ip_prefix is supported "
|
|
"with ingress rules only.")
|
|
|
|
|
|
class NsxExtendedSecurityGroupRuleProperties(model_base.BASEV2):
|
|
"""Persist security group rule properties for the
|
|
extended-security-group-rule extension.
|
|
"""
|
|
|
|
__tablename__ = 'nsx_extended_security_group_rule_properties'
|
|
|
|
rule_id = sa.Column(sa.String(36),
|
|
sa.ForeignKey('securitygrouprules.id',
|
|
ondelete='CASCADE'),
|
|
primary_key=True,
|
|
nullable=False)
|
|
local_ip_prefix = sa.Column(sa.String(255), nullable=False)
|
|
|
|
rule = orm.relationship(
|
|
securitygroup.SecurityGroupRule,
|
|
backref=orm.backref('ext_properties', lazy='joined',
|
|
uselist=False, cascade='delete'))
|
|
|
|
|
|
@resource_extend.has_resource_extenders
|
|
class ExtendedSecurityGroupRuleMixin(object):
|
|
|
|
def _check_local_ip_prefix(self, context, rule):
|
|
rule_specify_local_ip_prefix = validators.is_attr_set(
|
|
rule.get(ext_local_ip.LOCAL_IP_PREFIX))
|
|
|
|
if rule_specify_local_ip_prefix and rule['direction'] != 'ingress':
|
|
raise NotIngressRule()
|
|
|
|
if not rule_specify_local_ip_prefix:
|
|
# remove ATTR_NOT_SPECIFIED
|
|
rule[ext_local_ip.LOCAL_IP_PREFIX] = None
|
|
return rule_specify_local_ip_prefix
|
|
|
|
def _process_security_group_rule_properties(self, context,
|
|
rule_res, rule_req):
|
|
rule_res[ext_local_ip.LOCAL_IP_PREFIX] = None
|
|
if not validators.is_attr_set(
|
|
rule_req.get(ext_local_ip.LOCAL_IP_PREFIX)):
|
|
return
|
|
|
|
with db_api.context_manager.writer.using(context):
|
|
properties = NsxExtendedSecurityGroupRuleProperties(
|
|
rule_id=rule_res['id'],
|
|
local_ip_prefix=rule_req[ext_local_ip.LOCAL_IP_PREFIX])
|
|
context.session.add(properties)
|
|
rule_res[ext_local_ip.LOCAL_IP_PREFIX] = (
|
|
rule_req[ext_local_ip.LOCAL_IP_PREFIX])
|
|
|
|
@staticmethod
|
|
@resource_extend.extends([ext_sg.SECURITYGROUPRULES])
|
|
def _extend_security_group_rule_with_params(sg_rule_res, sg_rule_db):
|
|
if sg_rule_db.ext_properties:
|
|
sg_rule_res[ext_local_ip.LOCAL_IP_PREFIX] = (
|
|
sg_rule_db.ext_properties.local_ip_prefix)
|
|
else:
|
|
sg_rule_res[ext_local_ip.LOCAL_IP_PREFIX] = None
|