def _delete_firewall_rule(self, context, fwp_tenant_id, **fwr): """ :param obj: :param context: :param kwargs: dictionary, firewall rule firewall_rule: {'source_ip_address': u'192.176.10.0/24',... } :return: """ # need to consider shared firewall rules LOG.debug("# _delete_firewall_rule() called") namespace = fortinet_db.Fortinet_ML2_Namespace.query_one( context, tenant_id=fwp_tenant_id) if not namespace: return None fwp_assed = fortinet_db.Fortinet_FW_Rule_Association.query_all( context, fwr_id=fwr['id']) for fwp in fwp_assed: fortinet_db.delete_record( context, fortinet_db.Fortinet_FW_Rule_Association, fwr_id=fwp.fwr_id, fortinet_pid=fwp.fortinet_pid) utils.delete_fwpolicy( self, context, id=fwp.fortinet_pid, vdom=namespace.vdom) if fwr.get('source_ip_address', None): srcaddr = constants.PREFIX['source_ip_address'] + fwr['id'] utils.delete_fwaddress( self, context, vdom=namespace.vdom, name=srcaddr) if fwr.get('destination_ip_address', None): dstaddr = constants.PREFIX['destination_ip_address'] + fwr['id'] utils.delete_fwaddress( self, context, vdom=namespace.vdom, name=dstaddr) self._delete_fwr_service(context, namespace.vdom, **fwr)
def remove_router_interface(self, context, router_id, interface_info): """Deletes vlink, default router from Fortinet device.""" LOG.debug("FortinetL3ServicePlugin.remove_router_interface called: " "router_id=%(router_id)s " "interface_info=%(interface_info)r", {'router_id': router_id, 'interface_info': interface_info}) with context.session.begin(subtransactions=True): # TODO(jerryz): move this out of transaction. setattr(context, 'GUARD_TRANSACTION', False) info = (super(FortinetL3ServicePlugin, self). remove_router_interface(context, router_id, interface_info)) try: subnet = self._core_plugin._get_subnet(context, info['subnet_id']) tenant_id = subnet['tenant_id'] network_id = subnet['network_id'] vlan_inf = utils.get_intf(context, network_id) db_namespace = fortinet_db.query_record(context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=tenant_id) utils.delete_fwpolicy(self, context, vdom=db_namespace.vdom, srcintf=vlan_inf) except Exception: with excutils.save_and_reraise_exception(): LOG.error(_LE("Fail remove of interface from Fortigate " "router interface. info=%(info)s, " "router_id=%(router_id)s"), {"info": info, "router_id": router_id}) return info
def _disassociate_floatingip(self, context, id): l3db_fip = self._get_floatingip(context, id) db_namespace = fortinet_db.query_record(context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=l3db_fip.tenant_id) db_fip = fortinet_db.query_record(context, fortinet_db.Fortinet_FloatingIP_Allocation, floating_ip_address=l3db_fip.floating_ip_address, allocated=True) int_intf, ext_intf = utils.get_vlink_intf(self, context, vdom=db_namespace.vdom) db_ip = fortinet_db.query_record(context, models_v2.IPAllocation, port_id=l3db_fip.fixed_port_id) vlan_inf = utils.get_intf(context, db_ip.network_id) mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0) utils.delete_fwpolicy(self, context, vdom=db_namespace.vdom, srcintf=vlan_inf, srcaddr=l3db_fip.fixed_ip_address, dstintf=int_intf, poolname=mappedip) utils.delete_fwaddress(self, context, name=l3db_fip.fixed_ip_address, vdom=db_namespace.vdom) utils.delete_fwpolicy(self, context, vdom=db_namespace.vdom, dstaddr=db_fip.floating_ip_address) utils.delete_vip(self, context, vdom=db_namespace.vdom, name=db_fip.floating_ip_address)
def delete_port_postcommit(self, mech_context): LOG.debug("delete_port_postcommit: called") port = mech_context.current context = mech_context._plugin_context try: port_id = port['id'] subnet_id = port['fixed_ips'][0]['subnet_id'] db_subnet = fortinet_db.query_record( context, fortinet_db.Fortinet_ML2_Subnet, subnet_id=subnet_id) db_subnetv2 = fortinet_db.query_record(context, models_v2.Subnet, id=subnet_id) if port['device_owner'] in ['network:router_gateway']: if fortinet_db.query_record(context, ext_db.ExternalNetwork, network_id=port['network_id']): #delete ippool and its related firewall policy utils.clr_ext_gw(self, context, port) elif port['device_owner'] in ['compute:nova', 'compute:None', '']: # delete dhcp related functions utils.delete_reservedip(self, context, port_id=port_id) elif port['device_owner'] in ['network:router_interface']: # add firewall address and address group name = const.PREFIX['addrgrp'] + db_subnet.vdom member = str(netaddr.IPNetwork(db_subnetv2.cidr).network) utils.delete_fwpolicy(self, context, vdom=db_subnet.vdom, srcintf='any', srcaddr=name, dstintf='any', dstaddr=name, nat='disable') utils.delete_addrgrp(self, context, name=name, vdom=db_subnet.vdom, members=member.split(' ')) utils.delete_fwaddress(self, context, vdom=db_subnet.vdom, name=member) except Exception as e: resources.Exinfo(e) raise ml2_exc.MechanismDriverError( method=sys._getframe().f_code.co_name)
def delete_port_postcommit(self, mech_context): LOG.debug("delete_port_postcommit: called") port = mech_context.current context = mech_context._plugin_context try: port_id = port['id'] subnet_id = port['fixed_ips'][0]['subnet_id'] db_subnet = fortinet_db.query_record(context, fortinet_db.Fortinet_ML2_Subnet, subnet_id=subnet_id) db_subnetv2 = fortinet_db.query_record(context, models_v2.Subnet, id=subnet_id) if port['device_owner'] in ['network:router_gateway']: if fortinet_db.query_record(context, ext_db.ExternalNetwork, network_id=port['network_id']): #delete ippool and its related firewall policy utils.clr_ext_gw(self, context, port) elif port['device_owner'] in ['compute:nova', 'compute:None', '']: # delete dhcp related functions utils.delete_reservedip(self, context, port_id=port_id) elif port['device_owner'] in ['network:router_interface']: # add firewall address and address group name = const.PREFIX['addrgrp'] + db_subnet.vdom member = str(netaddr.IPNetwork(db_subnetv2.cidr).network) utils.delete_fwpolicy(self, context, vdom=db_subnet.vdom, srcintf='any', srcaddr=name, dstintf='any', dstaddr=name, nat='disable') utils.delete_addrgrp(self, context, name=name, vdom=db_subnet.vdom, members=member.split(' ')) utils.delete_fwaddress(self, context, vdom=db_subnet.vdom, name=member) except Exception as e: resources.Exinfo(e) raise ml2_exc.MechanismDriverError( method=sys._getframe().f_code.co_name)
def _disassociate_floatingip(self, context, id): l3db_fip = self._get_floatingip(context, id) db_namespace = fortinet_db.query_record( context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=l3db_fip.tenant_id) db_fip = fortinet_db.query_record( context, fortinet_db.Fortinet_FloatingIP_Allocation, floating_ip_address=l3db_fip.floating_ip_address, allocated=True) int_intf, ext_intf = utils.get_vlink_intf(self, context, vdom=db_namespace.vdom) db_ip = fortinet_db.query_record(context, models_v2.IPAllocation, port_id=l3db_fip.fixed_port_id) vlan_inf = utils.get_intf(context, db_ip.network_id) mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0) utils.delete_fwpolicy(self, context, vdom=db_namespace.vdom, srcintf=vlan_inf, srcaddr=l3db_fip.fixed_ip_address, dstintf=int_intf, poolname=mappedip) utils.delete_fwaddress(self, context, name=l3db_fip.fixed_ip_address, vdom=db_namespace.vdom) utils.delete_fwpolicy(self, context, vdom=db_namespace.vdom, dstaddr=db_fip.floating_ip_address) utils.delete_vip(self, context, vdom=db_namespace.vdom, name=db_fip.floating_ip_address)
def remove_router_interface(self, context, router_id, interface_info): """Deletes vlink, default router from Fortinet device.""" LOG.debug( "FortinetL3ServicePlugin.remove_router_interface called: " "router_id=%(router_id)s " "interface_info=%(interface_info)r", { 'router_id': router_id, 'interface_info': interface_info }) with context.session.begin(subtransactions=True): # TODO(jerryz): move this out of transaction. setattr(context, 'GUARD_TRANSACTION', False) info = (super(FortinetL3ServicePlugin, self).remove_router_interface( context, router_id, interface_info)) try: subnet = self._core_plugin._get_subnet(context, info['subnet_id']) tenant_id = subnet['tenant_id'] network_id = subnet['network_id'] vlan_inf = utils.get_intf(context, network_id) db_namespace = fortinet_db.query_record( context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=tenant_id) utils.delete_fwpolicy(self, context, vdom=db_namespace.vdom, srcintf=vlan_inf) except Exception: with excutils.save_and_reraise_exception(): LOG.error( _LE("Fail remove of interface from Fortigate " "router interface. info=%(info)s, " "router_id=%(router_id)s"), { "info": info, "router_id": router_id }) return info
def _release_floatingip(self, context, id): """ :param context: :param id: the floatingip id in neutron.db.l3_db.FloatingIP. { tenant_id=u'3998b33381fb48f694369689065a3760', id=u'25e1588a-5ec5-4fbc-bdef-eff8713da8f8', floating_ip_address=u'10.160.37.111', floating_network_id=u'1c1dbecc-9dac-4311-a346-f147a04c8dc8', floating_port_id=u'4b4120d4-77f9-4f82-b823-05876929a1c4', fixed_port_id=None, fixed_ip_address=None, router_id=None, last_known_router_id=None, status=u'DOWN' } :return: """ with context.session.begin(subtransactions=True): l3db_fip = self._get_floatingip(context, id) tenant_id = l3db_fip.tenant_id db_namespace = fortinet_db.query_record(context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=tenant_id) db_fip = fortinet_db.query_record(context, fortinet_db.Fortinet_FloatingIP_Allocation, floating_ip_address=l3db_fip.floating_ip_address, allocated=True) if not db_fip or not db_namespace: return int_intf, ext_intf = utils.get_vlink_intf(self, context, vdom=db_namespace.vdom) mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0) utils.delete_fwippool(self, context, name=mappedip, vdom=db_namespace.vdom, startip=mappedip) utils.delete_fwpolicy(self, context, vdom=const.EXT_VDOM, srcintf=ext_intf, srcaddr=mappedip, dstintf=self._fortigate['ext_interface'], poolname=db_fip.floating_ip_address) utils.delete_fwaddress(self, context, name=mappedip, vdom=const.EXT_VDOM, subnet="%s 255.255.255.255" % mappedip) utils.delete_fwippool(self, context, name=db_fip.floating_ip_address, vdom=const.EXT_VDOM, startip=db_fip.floating_ip_address) utils.delete_routerstatic(self, context, vdom=const.EXT_VDOM, dst="%s 255.255.255.255" % mappedip, device=ext_intf, gateway=const.DEF_GW) utils.delete_fwpolicy(self, context, vdom=const.EXT_VDOM, dstintf=ext_intf, dstaddr=l3db_fip.floating_ip_address) utils.delete_vip(self, context, vdom=const.EXT_VDOM, name=db_fip.vip_name, extip=db_fip.floating_ip_address, extintf='any', mappedip=mappedip) fortinet_db.delete_record(context, fortinet_db.Fortinet_FloatingIP_Allocation, vdom=db_namespace.vdom, floating_ip_address=db_fip.floating_ip_address, vip_name=db_fip.floating_ip_address) # TODO(jerryz): move this out of transaction. setattr(context, 'GUARD_TRANSACTION', False) super(FortinetL3ServicePlugin, self).delete_floatingip(context, id) utils.delete_vlink(self, context, tenant_id) utils.delete_vdom(self, context, tenant_id=tenant_id)
def _release_floatingip(self, context, id): """ :param context: :param id: the floatingip id in neutron.db.l3_db.FloatingIP. { tenant_id=u'3998b33381fb48f694369689065a3760', id=u'25e1588a-5ec5-4fbc-bdef-eff8713da8f8', floating_ip_address=u'10.160.37.111', floating_network_id=u'1c1dbecc-9dac-4311-a346-f147a04c8dc8', floating_port_id=u'4b4120d4-77f9-4f82-b823-05876929a1c4', fixed_port_id=None, fixed_ip_address=None, router_id=None, last_known_router_id=None, status=u'DOWN' } :return: """ with context.session.begin(subtransactions=True): l3db_fip = self._get_floatingip(context, id) tenant_id = l3db_fip.tenant_id db_namespace = fortinet_db.query_record( context, fortinet_db.Fortinet_ML2_Namespace, tenant_id=tenant_id) db_fip = fortinet_db.query_record( context, fortinet_db.Fortinet_FloatingIP_Allocation, floating_ip_address=l3db_fip.floating_ip_address, allocated=True) if not db_fip or not db_namespace: return int_intf, ext_intf = utils.get_vlink_intf(self, context, vdom=db_namespace.vdom) mappedip = utils.get_ipaddr(db_fip.ip_subnet, 0) utils.delete_fwippool(self, context, name=mappedip, vdom=db_namespace.vdom, startip=mappedip) utils.delete_fwpolicy(self, context, vdom=const.EXT_VDOM, srcintf=ext_intf, srcaddr=mappedip, dstintf=self._fortigate['ext_interface'], poolname=db_fip.floating_ip_address) utils.delete_fwaddress(self, context, name=mappedip, vdom=const.EXT_VDOM, subnet="%s 255.255.255.255" % mappedip) utils.delete_fwippool(self, context, name=db_fip.floating_ip_address, vdom=const.EXT_VDOM, startip=db_fip.floating_ip_address) utils.delete_routerstatic(self, context, vdom=const.EXT_VDOM, dst="%s 255.255.255.255" % mappedip, device=ext_intf, gateway=const.DEF_GW) utils.delete_fwpolicy(self, context, vdom=const.EXT_VDOM, dstintf=ext_intf, dstaddr=l3db_fip.floating_ip_address) utils.delete_vip(self, context, vdom=const.EXT_VDOM, name=db_fip.vip_name, extip=db_fip.floating_ip_address, extintf='any', mappedip=mappedip) fortinet_db.delete_record( context, fortinet_db.Fortinet_FloatingIP_Allocation, vdom=db_namespace.vdom, floating_ip_address=db_fip.floating_ip_address, vip_name=db_fip.floating_ip_address) # TODO(jerryz): move this out of transaction. setattr(context, 'GUARD_TRANSACTION', False) super(FortinetL3ServicePlugin, self).delete_floatingip(context, id) utils.delete_vlink(self, context, tenant_id) utils.delete_vdom(self, context, tenant_id=tenant_id)