x/vmware-nsx
Code Issues Proposed changes

Merge "NSXv: LBaaS default FW rule should be accept-any"

Browse Source
This commit is contained in:
Jenkins 2017-02-12 13:18:48 +00:00 committed by Gerrit Code Review
commit eaa2a0c88a
4 changed files with 26 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
vmware_nsx/plugins/nsx_v/vshield/vcns.py
View File

@ -324,6 +324,11 @@ class Vcns(object):
FIREWALL_RULE_RESOURCE)
return self.do_request(HTTP_POST, uri, fwr_req)
def update_firewall_default_policy(self, edge_id, fw_req):
uri = self._build_uri_path(
edge_id, FIREWALL_SERVICE, 'defaultpolicy')
return self.do_request(HTTP_PUT, uri, fw_req)
def get_firewall(self, edge_id):
uri = self._build_uri_path(edge_id, FIREWALL_SERVICE)
return self.do_request(HTTP_GET, uri, decode=True)

5
vmware_nsx/services/lbaas/nsx_v/lbaas_common.py
View File

@ -209,6 +209,11 @@ def extract_resource_id(location_uri):
return uri_elements[-1]
def set_lb_firewall_default_rule(vcns, edge_id, action):
with locking.LockManager.get_lock(edge_id):
vcns.update_firewall_default_policy(edge_id, {'action': action})
def add_vip_fw_rule(vcns, edge_id, vip_id, ip_address):
fw_rule = {
'firewallRules': [

9
vmware_nsx/services/lbaas/nsx_v/v2/loadbalancer_mgr.py
View File

@ -52,13 +52,15 @@ class EdgeLoadBalancerManager(base_mgr.EdgeLoadbalancerBaseManager):
raise n_exc.BadRequest(resource='edge-lbaas', msg=msg)
try:
if not nsxv_db.get_nsxv_lbaas_loadbalancer_binding_by_edge(
context.session, edge_id):
lb_common.enable_edge_acceleration(self.vcns, edge_id)
edge_fw_rule_id = lb_common.add_vip_fw_rule(
self.vcns, edge_id, lb.id, lb.vip_address)
# set LB default rule
lb_common.set_lb_firewall_default_rule(self.vcns, edge_id,
'accept')
nsxv_db.add_nsxv_lbaas_loadbalancer_binding(
context.session, lb.id, edge_id, edge_fw_rule_id,
lb.vip_address)
@ -90,6 +92,9 @@ class EdgeLoadBalancerManager(base_mgr.EdgeLoadbalancerBaseManager):
edge_binding = nsxv_db.get_nsxv_router_binding_by_edge(
context.session, binding['edge_id'])
# set LB default rule
lb_common.set_lb_firewall_default_rule(
self.vcns, binding['edge_id'], 'deny')
if edge_binding:
if edge_binding['router_id'].startswith('lbaas-'):
resource_id = lb_common.get_lb_resource_id(lb.id)

8
vmware_nsx/tests/unit/nsx_v/test_edge_loadbalancer_driver_v2.py
View File

@ -170,6 +170,8 @@ class TestEdgeLbaasV2Loadbalancer(BaseTestEdgeLbaasV2):
) as mock_get_edge, \
mock.patch.object(lb_common, 'add_vip_fw_rule'
) as mock_add_vip_fwr, \
mock.patch.object(lb_common, 'set_lb_firewall_default_rule'
) as mock_set_fw_rule, \
mock.patch.object(lb_common, 'enable_edge_acceleration'
) as mock_enable_edge_acceleration, \
mock.patch.object(nsxv_db,
@ -192,6 +194,8 @@ class TestEdgeLbaasV2Loadbalancer(BaseTestEdgeLbaasV2):
LB_EDGE_ID,
LB_VIP_FWR_ID,
LB_VIP)
mock_set_fw_rule.assert_called_with(
self.edge_driver.vcns, LB_EDGE_ID, 'accept')
mock_successful_completion = (
self.lbv2_driver.load_balancer.successful_completion)
mock_successful_completion.assert_called_with(self.context,
@ -215,6 +219,8 @@ class TestEdgeLbaasV2Loadbalancer(BaseTestEdgeLbaasV2):
mock.patch.object(lb_common, 'del_vip_fw_rule') as mock_del_fwr, \
mock.patch.object(lb_common, 'del_vip_as_secondary_ip'
) as mock_vip_sec_ip, \
mock.patch.object(lb_common, 'set_lb_firewall_default_rule'
) as mock_set_fw_rule, \
mock.patch.object(nsxv_db, 'del_nsxv_lbaas_loadbalancer_binding',
) as mock_del_binding, \
mock.patch.object(self.core_plugin, 'get_ports'
@ -234,6 +240,8 @@ class TestEdgeLbaasV2Loadbalancer(BaseTestEdgeLbaasV2):
LB_VIP)
mock_del_binding.assert_called_with(self.context.session,
LB_ID)
mock_set_fw_rule.assert_called_with(
self.edge_driver.vcns, LB_EDGE_ID, 'deny')
mock_successful_completion = (
self.lbv2_driver.load_balancer.successful_completion)
mock_successful_completion.assert_called_with(self.context,