Support LBAccessListControl for NSX 3.0.0
Updated lb_defs and lb_resources to handle Access List Control introduced to L4 Virtual Servers for policy API in NSX 3.0.0 Change-Id: I783b13d2b6a51035e2219f1da5c385983628b92b
This commit is contained in:
Shawn Wang
Adit Sarfaty
parent
bf0fd45d9d
commit
41373b68f4
|
|
@ -867,6 +867,8 @@ class TestPolicyLBVirtualServer(test_resources.NsxPolicyLibTestCase):
|
|||
profile_id=waf_profile_id, tenant=TEST_TENANT)
|
||||
waf_profile_binding = lb_defs.WAFProfileBindingDef(
|
||||
waf_profile_path=waf_profile_path)
|
||||
lb_acl = self.resourceApi.build_access_list_control(
|
||||
constants.ACTION_ALLOW, 'fake_group_path', True)
|
||||
with mock.patch.object(self.policy_api,
|
||||
"create_or_update") as api_call:
|
||||
result = self.resourceApi.create_or_overwrite(
|
||||
|
|
@ -874,10 +876,13 @@ class TestPolicyLBVirtualServer(test_resources.NsxPolicyLibTestCase):
|
|||
virtual_server_id=obj_id,
|
||||
waf_profile_binding=waf_profile_binding,
|
||||
description=description,
|
||||
access_list_control=lb_acl,
|
||||
tenant=TEST_TENANT)
|
||||
expected_def = lb_defs.LBVirtualServerDef(
|
||||
nsx_version=self.policy_lib.get_version(),
|
||||
virtual_server_id=obj_id, name=name, description=description,
|
||||
waf_profile_binding=waf_profile_binding,
|
||||
access_list_control=lb_acl.get_obj_dict(),
|
||||
tenant=TEST_TENANT)
|
||||
self.assert_called_with_def(api_call, expected_def)
|
||||
self.assertEqual(obj_id, result)
|
||||
|
|
@ -1137,6 +1142,16 @@ class TestPolicyLBVirtualServer(test_resources.NsxPolicyLibTestCase):
|
|||
rules=[{'display_name': 'yy'}])
|
||||
self.assert_called_with_def(update_call, expected_def)
|
||||
|
||||
def test_build_access_list_control(self):
|
||||
lb_acl = self.resourceApi.build_access_list_control(
|
||||
constants.ACTION_ALLOW, 'fake_group_path', True)
|
||||
expected_acl_dict = {
|
||||
'action': constants.ACTION_ALLOW,
|
||||
'enabled': True,
|
||||
'group_path': 'fake_group_path'
|
||||
}
|
||||
self.assertDictEqual(lb_acl.get_obj_dict(), expected_acl_dict)
|
||||
|
||||
def test_wait_until_realized_fail(self):
|
||||
vs_id = 'test_vs'
|
||||
info = {'state': constants.STATE_UNREALIZED,
|
||||
|
|
|
|||
|
|
@ -294,8 +294,26 @@ class LBVirtualServerDef(ResourceDef):
|
|||
lb_pool_id=lb_pool_id, tenant=self.get_tenant())
|
||||
path = lb_pool_def.get_resource_full_path()
|
||||
body['pool_path'] = path
|
||||
if self.has_attr('access_list_control'):
|
||||
lb_alc = self.get_attr('access_list_control')
|
||||
if isinstance(lb_alc, LBAccessListControlDef):
|
||||
self.attrs['access_list_control'] = lb_alc.get_obj_dict()
|
||||
self._set_attrs_if_supported(body, ['access_list_control'])
|
||||
return body
|
||||
|
||||
def _version_dependant_attr_supported(self, attr):
|
||||
if (version.LooseVersion(self.nsx_version) >=
|
||||
version.LooseVersion(nsx_constants.NSX_VERSION_3_0_0)):
|
||||
if attr == 'access_list_control':
|
||||
return True
|
||||
|
||||
LOG.warning(
|
||||
"Ignoring %s for %s %s: this feature is not supported. "
|
||||
"Current NSX version: %s. Minimum supported version: %s",
|
||||
attr, self.resource_type, self.attrs.get('name', ''),
|
||||
self.nsx_version, nsx_constants.NSX_VERSION_3_0_0)
|
||||
return False
|
||||
|
||||
|
||||
class ClientSSLProfileBindingDef(object):
|
||||
def __init__(self, default_certificate_path, sni_certificate_paths=None,
|
||||
|
|
@ -516,3 +534,19 @@ class LBTcpMonitorProfileDef(LBMonitorProfileBaseDef):
|
|||
@staticmethod
|
||||
def resource_type():
|
||||
return "LBTcpMonitorProfile"
|
||||
|
||||
|
||||
class LBAccessListControlDef(object):
|
||||
def __init__(self, action, group_path, enabled=None):
|
||||
self.action = action
|
||||
self.group_path = group_path
|
||||
self.enabled = enabled
|
||||
|
||||
def get_obj_dict(self):
|
||||
access_list_control = {
|
||||
'action': self.action,
|
||||
'group_path': self.group_path
|
||||
}
|
||||
if self.enabled is not None:
|
||||
access_list_control['enabled'] = self.enabled
|
||||
return access_list_control
|
||||
|
|
|
|||
|
|
@ -700,6 +700,7 @@ class NsxPolicyLoadBalancerVirtualServerAPI(NsxPolicyResourceBase):
|
|||
server_ssl_profile_binding=IGNORE,
|
||||
waf_profile_binding=IGNORE,
|
||||
max_concurrent_connections=IGNORE,
|
||||
access_list_control=IGNORE,
|
||||
tenant=constants.POLICY_INFRA_TENANT,
|
||||
tags=IGNORE):
|
||||
virtual_server_id = self._init_obj_uuid(virtual_server_id)
|
||||
|
|
@ -719,6 +720,7 @@ class NsxPolicyLoadBalancerVirtualServerAPI(NsxPolicyResourceBase):
|
|||
server_ssl_profile_binding=server_ssl_profile_binding,
|
||||
waf_profile_binding=waf_profile_binding,
|
||||
max_concurrent_connections=max_concurrent_connections,
|
||||
access_list_control=access_list_control,
|
||||
tags=tags
|
||||
)
|
||||
self._create_or_store(lbvs_def)
|
||||
|
|
@ -750,6 +752,7 @@ class NsxPolicyLoadBalancerVirtualServerAPI(NsxPolicyResourceBase):
|
|||
server_ssl_profile_binding=IGNORE,
|
||||
waf_profile_binding=IGNORE,
|
||||
max_concurrent_connections=IGNORE,
|
||||
access_list_control=IGNORE,
|
||||
tags=IGNORE,
|
||||
tenant=constants.POLICY_INFRA_TENANT):
|
||||
|
||||
|
|
@ -773,6 +776,7 @@ class NsxPolicyLoadBalancerVirtualServerAPI(NsxPolicyResourceBase):
|
|||
server_ssl_profile_binding=server_ssl_profile_binding,
|
||||
waf_profile_binding=waf_profile_binding,
|
||||
max_concurrent_connections=max_concurrent_connections,
|
||||
access_list_control=access_list_control,
|
||||
tags=tags)
|
||||
|
||||
_update()
|
||||
|
|
@ -912,6 +916,9 @@ class NsxPolicyLoadBalancerVirtualServerAPI(NsxPolicyResourceBase):
|
|||
virtual_server_id=virtual_server_id, vs_data=body,
|
||||
rules=lb_rules, tenant=tenant)
|
||||
|
||||
def build_access_list_control(self, action, group_path, enabled=None):
|
||||
return lb_defs.LBAccessListControlDef(action, group_path, enabled)
|
||||
|
||||
def get_path(self, virtual_server_id,
|
||||
tenant=constants.POLICY_INFRA_TENANT):
|
||||
profile_def = self.entry_def(
|
||||
|
|
|
|||
Loading…
Reference in New Issue