def test_is_attr_set(self):
mock_obj = attributes.ATTR_NOT_SPECIFIED
mock_none = None
mock_str = "I'm set"
self.assertIs(attributes.is_attr_set(mock_obj), False)
self.assertIs(attributes.is_attr_set(mock_none), False)
self.assertIs(attributes.is_attr_set(mock_str), True)
def create_port(self, context, port):
if attr.is_attr_set(port['port'][psec.PORTSECURITY]):
self._enforce_set_auth(context, port,
self.port_security_enabled_create)
p = port['port']
with context.session.begin(subtransactions=True):
p[ext_sg.SECURITYGROUPS] = self._get_security_groups_on_port(
context, port)
quantum_db = super(PortSecurityTestPlugin, self).create_port(
context, port)
p.update(quantum_db)
(port_security, has_ip) = self._determine_port_security_and_has_ip(
context, p)
p[psec.PORTSECURITY] = port_security
self._process_port_security_create(context, p)
if (attr.is_attr_set(p.get(ext_sg.SECURITYGROUPS)) and
not (port_security and has_ip)):
raise psec.PortSecurityAndIPRequiredForSecurityGroups()
# Port requires ip and port_security enabled for security group
if has_ip and port_security:
self._ensure_default_security_group_on_port(context, port)
if (p.get(ext_sg.SECURITYGROUPS) and p[psec.PORTSECURITY]):
self._process_port_create_security_group(
context, p['id'], p[ext_sg.SECURITYGROUPS])
self._extend_port_dict_security_group(context, p)
self._extend_port_port_security_dict(context, p)
return port['port']
def _process_provider_create(self, context, attrs):
network_type = attrs.get(provider.NETWORK_TYPE)
physical_network = attrs.get(provider.PHYSICAL_NETWORK)
segmentation_id = attrs.get(provider.SEGMENTATION_ID)
network_type_set = attributes.is_attr_set(network_type)
physical_network_set = attributes.is_attr_set(physical_network)
segmentation_id_set = attributes.is_attr_set(segmentation_id)
if not (network_type_set or physical_network_set or
segmentation_id_set):
return (None, None, None)
if not network_type_set:
msg = _("provider:network_type required")
raise q_exc.InvalidInput(error_message=msg)
elif network_type == constants.TYPE_FLAT:
if segmentation_id_set:
msg = _("provider:segmentation_id specified for flat network")
raise q_exc.InvalidInput(error_message=msg)
else:
segmentation_id = constants.FLAT_VLAN_ID
elif network_type == constants.TYPE_VLAN:
if not segmentation_id_set:
msg = _("provider:segmentation_id required")
raise q_exc.InvalidInput(error_message=msg)
if segmentation_id < 1 or segmentation_id > 4094:
msg = _("provider:segmentation_id out of range "
"(1 through 4094)")
raise q_exc.InvalidInput(error_message=msg)
elif network_type == constants.TYPE_LOCAL:
if physical_network_set:
msg = _("provider:physical_network specified for local "
"network")
raise q_exc.InvalidInput(error_message=msg)
else:
physical_network = None
if segmentation_id_set:
msg = _("provider:segmentation_id specified for local "
"network")
raise q_exc.InvalidInput(error_message=msg)
else:
segmentation_id = constants.LOCAL_VLAN_ID
else:
msg = _("provider:network_type %s not supported") % network_type
raise q_exc.InvalidInput(error_message=msg)
if network_type in [constants.TYPE_VLAN, constants.TYPE_FLAT]:
if physical_network_set:
if physical_network not in self.network_vlan_ranges:
msg = (_("Unknown provider:physical_network %s") %
physical_network)
raise q_exc.InvalidInput(error_message=msg)
elif 'default' in self.network_vlan_ranges:
physical_network = 'default'
else:
msg = _("provider:physical_network required")
raise q_exc.InvalidInput(error_message=msg)
return (network_type, physical_network, segmentation_id)
def test_is_attr_set(self):
data = attributes.ATTR_NOT_SPECIFIED
self.assertIs(attributes.is_attr_set(data), False)
data = None
self.assertIs(attributes.is_attr_set(data), False)
data = "I'm set"
self.assertIs(attributes.is_attr_set(data), True)
def create_network(self, session, attrs):
segmentation_id = attrs.get(provider.SEGMENTATION_ID)
if attributes.is_attr_set(segmentation_id):
physical_network = attrs.get(provider.PHYSICAL_NETWORK)
if not attributes.is_attr_set(physical_network):
msg = _("physical_network not provided")
raise q_exc.InvalidInput(error_message=msg)
self._db.reserve_specific_vlan(session, physical_network, segmentation_id)
else:
(physical_network, segmentation_id) = self._db.reserve_vlan(session)
attrs[provider.SEGMENTATION_ID] = segmentation_id
attrs[provider.PHYSICAL_NETWORK] = physical_network
def create_network(self, session, attrs):
network_type = attrs.get(provider.NETWORK_TYPE)
segmentation_id = attrs.get(provider.SEGMENTATION_ID)
if attributes.is_attr_set(segmentation_id):
msg = _("segmentation_id specified " "for %s network") % network_type
raise q_exc.InvalidInput(error_message=msg)
attrs[provider.SEGMENTATION_ID] = None
physical_network = attrs.get(provider.PHYSICAL_NETWORK)
if attributes.is_attr_set(physical_network):
msg = _("physical_network specified " "for %s network") % network_type
raise q_exc.InvalidInput(error_message=msg)
attrs[provider.PHYSICAL_NETWORK] = None
def _check_provider_update(self, context, attrs):
network_type = attrs.get(provider.NETWORK_TYPE)
physical_network = attrs.get(provider.PHYSICAL_NETWORK)
segmentation_id = attrs.get(provider.SEGMENTATION_ID)
network_type_set = attributes.is_attr_set(network_type)
physical_network_set = attributes.is_attr_set(physical_network)
segmentation_id_set = attributes.is_attr_set(segmentation_id)
if not (network_type_set or physical_network_set or segmentation_id_set):
return
msg = _("Plugin does not support updating provider attributes")
raise q_exc.InvalidInput(error_message=msg)
def _process_provider_create(self, context, attrs):
network_type = attrs.get('provider:network_type')
physical_network = attrs.get('provider:physical_network')
vlan_id = attrs.get('provider:vlan_id')
network_type_set = attributes.is_attr_set(network_type)
physical_network_set = attributes.is_attr_set(physical_network)
vlan_id_set = attributes.is_attr_set(vlan_id)
if not (network_type_set or physical_network_set or vlan_id_set):
return (None, None, None)
# Authorize before exposing plugin details to client
self._enforce_provider_set_auth(context, attrs)
if not network_type_set:
msg = _("provider:network_type required")
raise q_exc.InvalidInput(error_message=msg)
elif network_type == 'flat':
msg = _("plugin does not support flat networks")
raise q_exc.InvalidInput(error_message=msg)
# REVISIT(rkukura) to be enabled in phase 3
# if vlan_id_set:
# msg = _("provider:vlan_id specified for flat network")
# raise q_exc.InvalidInput(error_message=msg)
# else:
# vlan_id = db.FLAT_VLAN_ID
elif network_type == 'vlan':
if not vlan_id_set:
msg = _("provider:vlan_id required")
raise q_exc.InvalidInput(error_message=msg)
else:
msg = _("invalid provider:network_type %s" % network_type)
raise q_exc.InvalidInput(error_message=msg)
if physical_network_set:
msg = _("plugin does not support specifying physical_network")
raise q_exc.InvalidInput(error_message=msg)
# REVISIT(rkukura) to be enabled in phase 3
# if physical_network not in self.physical_networks:
# msg = _("unknown provider:physical_network %s" %
# physical_network)
# raise q_exc.InvalidInput(error_message=msg)
#elif 'default' in self.physical_networks:
# physical_network = 'default'
#else:
# msg = _("provider:physical_network required")
# raise q_exc.InvalidInput(error_message=msg)
return (network_type, physical_network, vlan_id)
def _process_provider_create(self, context, attrs):
network_type = attrs.get(provider.NETWORK_TYPE)
physical_network = attrs.get(provider.PHYSICAL_NETWORK)
segmentation_id = attrs.get(provider.SEGMENTATION_ID)
network_type_set = attributes.is_attr_set(network_type)
physical_network_set = attributes.is_attr_set(physical_network)
segmentation_id_set = attributes.is_attr_set(segmentation_id)
if not (network_type_set or physical_network_set or
segmentation_id_set):
return (None, None, None)
# Authorize before exposing plugin details to client
self._enforce_provider_set_auth(context, attrs)
if not network_type_set:
msg = _("provider:network_type required")
raise q_exc.InvalidInput(error_message=msg)
elif network_type == constants.TYPE_FLAT:
if segmentation_id_set:
msg = _("provider:segmentation_id specified for flat network")
raise q_exc.InvalidInput(error_message=msg)
else:
segmentation_id = constants.FLAT_VLAN_ID
elif network_type == constants.TYPE_VLAN:
if not segmentation_id_set:
msg = _("provider:segmentation_id required")
raise q_exc.InvalidInput(error_message=msg)
if segmentation_id < 1 or segmentation_id > 4094:
msg = _("provider:segmentation_id out of range "
"(1 through 4094)")
raise q_exc.InvalidInput(error_message=msg)
else:
msg = _("invalid provider:network_type %s" % network_type)
raise q_exc.InvalidInput(error_message=msg)
if physical_network_set:
if physical_network not in self.network_vlan_ranges:
msg = _("unknown provider:physical_network %s" %
physical_network)
raise q_exc.InvalidInput(error_message=msg)
elif 'default' in self.network_vlan_ranges:
physical_network = 'default'
else:
msg = _("provider:physical_network required")
raise q_exc.InvalidInput(error_message=msg)
return (network_type, physical_network, segmentation_id)
def create_network(self, session, attrs):
network_type = attrs.get(provider.NETWORK_TYPE)
segmentation_id = attrs.get(provider.SEGMENTATION_ID)
if attributes.is_attr_set(segmentation_id):
msg = _("segmentation_id specified " "for %s network") % network_type
raise q_exc.InvalidInput(error_message=msg)
segmentation_id = constants.FLAT_VLAN_ID
attrs[provider.SEGMENTATION_ID] = segmentation_id
physical_network = attrs.get(provider.PHYSICAL_NETWORK)
if not attributes.is_attr_set(physical_network):
physical_network = self._db.reserve_flat_net(session)
attrs[provider.PHYSICAL_NETWORK] = physical_network
else:
self._db.reserve_specific_flat_net(session, physical_network)
def _process_l3_update(self, context, net_data, net_id):
new_value = net_data.get(l3.EXTERNAL)
if not attributes.is_attr_set(new_value):
return
self._enforce_l3_set_auth(context, net_data)
existing_value = self._network_is_external(context, net_id)
if existing_value == new_value:
return
if new_value:
context.session.add(ExternalNetwork(network_id=net_id))
else:
# must make sure we do not have any external gateway ports
# (and thus, possible floating IPs) on this network before
# allow it to be update to external=False
port = context.session.query(models_v2.Port).filter_by(
device_owner=DEVICE_OWNER_ROUTER_GW,
network_id=net_id).first()
if port:
raise l3.ExternalNetworkInUse(net_id=net_id)
context.session.query(ExternalNetwork).filter_by(
network_id=net_id).delete()
def create_network(self, session, attrs):
network_type = attrs.get(provider.NETWORK_TYPE)
segmentation_id = attrs.get(provider.SEGMENTATION_ID)
if attributes.is_attr_set(segmentation_id):
msg = _("segmentation_id specified "
"for %s network") % network_type
raise q_exc.InvalidInput(error_message=msg)
segmentation_id = constants.FLAT_VLAN_ID
attrs[provider.SEGMENTATION_ID] = segmentation_id
physical_network = attrs.get(provider.PHYSICAL_NETWORK)
if not attributes.is_attr_set(physical_network):
physical_network = self._db.reserve_flat_net(session)
attrs[provider.PHYSICAL_NETWORK] = physical_network
else:
self._db.reserve_specific_flat_net(session, physical_network)
def _process_port_create_security_group(self, context, port_id,
security_group_id):
if not attr.is_attr_set(security_group_id):
return
for security_group_id in security_group_id:
self._create_port_security_group_binding(context, port_id,
security_group_id)
def _process_l3_update(self, context, net_data, net_id):
new_value = net_data.get(l3.EXTERNAL)
if not attributes.is_attr_set(new_value):
return
self._enforce_l3_set_auth(context, net_data)
existing_value = self._network_is_external(context, net_id)
if existing_value == new_value:
return
if new_value:
context.session.add(ExternalNetwork(network_id=net_id))
else:
# must make sure we do not have any external gateway ports
# (and thus, possible floating IPs) on this network before
# allow it to be update to external=False
port = context.session.query(
models_v2.Port).filter_by(device_owner=DEVICE_OWNER_ROUTER_GW,
network_id=net_id).first()
if port:
raise l3.ExternalNetworkInUse(net_id=net_id)
context.session.query(ExternalNetwork).filter_by(
network_id=net_id).delete()
def _process_port_create_security_group(self, context, port_id,
security_group_id):
if not attr.is_attr_set(security_group_id):
return
for security_group_id in security_group_id:
self._create_port_security_group_binding(context, port_id,
security_group_id)
def _check_update_deletes_security_groups(self, port):
"""Return True if port has as a security group and it's value
is either [] or not is_attr_set, otherwise return False"""
if (ext_sg.SECURITYGROUPS in port['port']
and not (attr.is_attr_set(port['port'][ext_sg.SECURITYGROUPS])
and port['port'][ext_sg.SECURITYGROUPS] != [])):
return True
return False
def _check_update_has_security_groups(self, port):
"""Return True if port has as a security group and False if the
security_group field is is_attr_set or []."""
if (ext_sg.SECURITYGROUPS in port['port']
and (attr.is_attr_set(port['port'][ext_sg.SECURITYGROUPS])
and port['port'][ext_sg.SECURITYGROUPS] != [])):
return True
return False
def _check_update_deletes_security_groups(self, port):
"""Return True if port has as a security group and it's value
is either [] or not is_attr_set, otherwise return False"""
if (ext_sg.SECURITYGROUPS in port['port'] and
not (attr.is_attr_set(port['port'][ext_sg.SECURITYGROUPS])
and port['port'][ext_sg.SECURITYGROUPS] != [])):
return True
return False
def _process_provider_create(self, context, attrs):
network_type = self._get_attribute(attrs, provider.NETWORK_TYPE)
physical_network = self._get_attribute(attrs,
provider.PHYSICAL_NETWORK)
segmentation_id = self._get_attribute(attrs, provider.SEGMENTATION_ID)
if attributes.is_attr_set(network_type):
segment = {api.NETWORK_TYPE: network_type,
api.PHYSICAL_NETWORK: physical_network,
api.SEGMENTATION_ID: segmentation_id}
return self.type_manager.validate_provider_segment(segment)
if (attributes.is_attr_set(attrs.get(provider.PHYSICAL_NETWORK)) or
attributes.is_attr_set(attrs.get(provider.SEGMENTATION_ID))):
msg = _("network_type required if other provider attributes "
"specified")
raise exc.InvalidInput(error_message=msg)
def _check_update_has_security_groups(self, port):
"""Return True if port has as a security group and False if the
security_group field is is_attr_set or []."""
if (ext_sg.SECURITYGROUPS in port['port'] and
(attr.is_attr_set(port['port'][ext_sg.SECURITYGROUPS]) and
port['port'][ext_sg.SECURITYGROUPS] != [])):
return True
return False
def _check_provider_update(self, context, attrs):
network_type = attrs.get('provider:network_type')
physical_network = attrs.get('provider:physical_network')
vlan_id = attrs.get('provider:vlan_id')
network_type_set = attributes.is_attr_set(network_type)
physical_network_set = attributes.is_attr_set(physical_network)
vlan_id_set = attributes.is_attr_set(vlan_id)
if not (network_type_set or physical_network_set or vlan_id_set):
return
# Authorize before exposing plugin details to client
self._enforce_provider_set_auth(context, attrs)
msg = _("plugin does not support updating provider attributes")
raise q_exc.InvalidInput(error_message=msg)
def _check_provider_update(self, context, attrs):
network_type = attrs.get(provider.NETWORK_TYPE)
physical_network = attrs.get(provider.PHYSICAL_NETWORK)
segmentation_id = attrs.get(provider.SEGMENTATION_ID)
network_type_set = attributes.is_attr_set(network_type)
physical_network_set = attributes.is_attr_set(physical_network)
segmentation_id_set = attributes.is_attr_set(segmentation_id)
if not (network_type_set or physical_network_set or
segmentation_id_set):
return
# Authorize before exposing plugin details to client
self._enforce_set_auth(context, attrs, self.network_set)
msg = _("plugin does not support updating provider attributes")
raise q_exc.InvalidInput(error_message=msg)
def _check_provider_update(self, context, attrs):
network_type = attrs.get(provider.NETWORK_TYPE)
physical_network = attrs.get(provider.PHYSICAL_NETWORK)
segmentation_id = attrs.get(provider.SEGMENTATION_ID)
network_type_set = attributes.is_attr_set(network_type)
physical_network_set = attributes.is_attr_set(physical_network)
segmentation_id_set = attributes.is_attr_set(segmentation_id)
if not (network_type_set or physical_network_set
or segmentation_id_set):
return
# Authorize before exposing plugin details to client
self._enforce_provider_set_auth(context, attrs)
msg = _("plugin does not support updating provider attributes")
raise q_exc.InvalidInput(error_message=msg)
def _process_provider_create(self, context, attrs):
network_type = attrs.get('provider:network_type')
physical_network = attrs.get('provider:physical_network')
vlan_id = attrs.get('provider:vlan_id')
network_type_set = attributes.is_attr_set(network_type)
physical_network_set = attributes.is_attr_set(physical_network)
vlan_id_set = attributes.is_attr_set(vlan_id)
if not (network_type_set or physical_network_set or vlan_id_set):
return (None, None, None)
# Authorize before exposing plugin details to client
self._enforce_provider_set_auth(context, attrs)
if not network_type_set:
msg = _("provider:network_type required")
raise q_exc.InvalidInput(error_message=msg)
elif network_type == 'flat':
if vlan_id_set:
msg = _("provider:vlan_id specified for flat network")
raise q_exc.InvalidInput(error_message=msg)
else:
vlan_id = lconst.FLAT_VLAN_ID
elif network_type == 'vlan':
if not vlan_id_set:
msg = _("provider:vlan_id required")
raise q_exc.InvalidInput(error_message=msg)
else:
msg = _("invalid provider:network_type %s" % network_type)
raise q_exc.InvalidInput(error_message=msg)
if physical_network_set:
if physical_network not in self.network_vlan_ranges:
msg = _("unknown provider:physical_network %s" %
physical_network)
raise q_exc.InvalidInput(error_message=msg)
elif 'default' in self.network_vlan_ranges:
physical_network = 'default'
else:
msg = _("provider:physical_network required")
raise q_exc.InvalidInput(error_message=msg)
return (network_type, physical_network, vlan_id)
def _process_l3_create(self, context, net_data, net_id):
external = net_data.get(l3.EXTERNAL)
external_set = attributes.is_attr_set(external)
if not external_set:
return
if external:
# expects to be called within a plugin's session
context.session.add(ExternalNetwork(network_id=net_id))
def _handle_provider_create(self, context, attrs):
# NOTE(salvatore-orlando): This method has been borrowed from
# the OpenvSwtich plugin, altough changed to match NVP specifics.
network_type = attrs.get(pnet.NETWORK_TYPE)
physical_network = attrs.get(pnet.PHYSICAL_NETWORK)
segmentation_id = attrs.get(pnet.SEGMENTATION_ID)
network_type_set = attributes.is_attr_set(network_type)
physical_network_set = attributes.is_attr_set(physical_network)
segmentation_id_set = attributes.is_attr_set(segmentation_id)
if not (network_type_set or physical_network_set or
segmentation_id_set):
return
# Authorize before exposing plugin details to client
self._enforce_provider_set_auth(context, attrs)
err_msg = None
if not network_type_set:
err_msg = _("%s required") % pnet.NETWORK_TYPE
elif network_type in (NetworkTypes.GRE, NetworkTypes.STT,
NetworkTypes.FLAT):
if segmentation_id_set:
err_msg = _("Segmentation ID cannot be specified with "
"flat network type")
elif network_type == NetworkTypes.VLAN:
if not segmentation_id_set:
err_msg = _("Segmentation ID must be specified with "
"vlan network type")
elif (segmentation_id_set and
(segmentation_id < 1 or segmentation_id > 4094)):
err_msg = _("%s out of range (1 to 4094)") % segmentation_id
else:
# Verify segment is not already allocated
binding = nicira_db.get_network_binding_by_vlanid(
context.session, segmentation_id)
if binding:
raise q_exc.VlanIdInUse(vlan_id=segmentation_id,
physical_network=physical_network)
else:
err_msg = _("%(net_type_param)s %(net_type_value)s not "
"supported") % {'net_type_param': pnet.NETWORK_TYPE,
'net_type_value': network_type}
if err_msg:
raise q_exc.InvalidInput(error_message=err_msg)
def _process_port_create_security_group(self, context, port,
security_group_ids):
if attr.is_attr_set(security_group_ids):
for security_group_id in security_group_ids:
self._create_port_security_group_binding(context, port['id'],
security_group_id)
# Convert to list as a set might be passed here and
# this has to be serialized
port[ext_sg.SECURITYGROUPS] = (security_group_ids and
list(security_group_ids) or [])
def _process_l3_create(self, context, net_data, net_id):
external = net_data.get(l3.EXTERNAL)
external_set = attributes.is_attr_set(external)
if not external_set:
return
if external:
# expects to be called within a plugin's session
context.session.add(ExternalNetwork(network_id=net_id))
def _process_port_create_security_group(self, context, port,
security_group_ids):
if attr.is_attr_set(security_group_ids):
for security_group_id in security_group_ids:
self._create_port_security_group_binding(
context, port['id'], security_group_id)
# Convert to list as a set might be passed here and
# this has to be serialized
port[ext_sg.SECURITYGROUPS] = (security_group_ids
and list(security_group_ids) or [])
def put_port_hostid(context, port_id, host_id):
if not attributes.is_attr_set(host_id):
LOG.warning(_("No host_id in port request to track port location."))
return
if port_id == '':
LOG.warning(_("Received an empty port ID for host '%s'"), host_id)
return
with context.session.begin(subtransactions=True):
location = PortLocation(port_id=port_id, host_id=host_id)
context.session.add(location)
def _raise_if_updates_provider_attributes(attrs):
"""Raise exception if provider attributes are present.
This method is used for plugins that do not support
updating provider networks.
"""
immutable = (NETWORK_TYPE, PHYSICAL_NETWORK, SEGMENTATION_ID)
if any(attributes.is_attr_set(attrs.get(a)) for a in immutable):
msg = _("plugin does not support updating provider attributes")
raise q_exc.InvalidInput(error_message=msg)
def _ensure_default_security_group_on_port(self, context, port):
# we don't apply security groups for dhcp, router
if port["port"].get("device_owner") and port["port"]["device_owner"].startswith("network:"):
return
tenant_id = self._get_tenant_id_for_create(context, port["port"])
default_sg = self._ensure_default_security_group(context, tenant_id)
if attr.is_attr_set(port["port"].get(ext_sg.SECURITYGROUPS)):
sgids = port["port"].get(ext_sg.SECURITYGROUPS)
else:
sgids = [default_sg]
port["port"][ext_sg.SECURITYGROUPS] = sgids
def create_port(self, context, port):
tenant_id = self._get_tenant_id_for_create(context, port["port"])
default_sg = self._ensure_default_security_group(context, tenant_id)
if not attr.is_attr_set(port["port"].get(ext_sg.SECURITYGROUPS)):
port["port"][ext_sg.SECURITYGROUPS] = [default_sg]
session = context.session
with session.begin(subtransactions=True):
sgids = self._get_security_groups_on_port(context, port)
port = super(SecurityGroupTestPlugin, self).create_port(context, port)
self._process_port_create_security_group(context, port["id"], sgids)
self._extend_port_dict_security_group(context, port)
return port
def _ensure_default_security_group_on_port(self, context, port):
# we don't apply security groups for dhcp, router
if (port['port'].get('device_owner')
and port['port']['device_owner'].startswith('network:')):
return
tenant_id = self._get_tenant_id_for_create(context, port['port'])
default_sg = self._ensure_default_security_group(context, tenant_id)
if attr.is_attr_set(port['port'].get(ext_sg.SECURITYGROUPS)):
sgids = port['port'].get(ext_sg.SECURITYGROUPS)
else:
sgids = [default_sg]
port['port'][ext_sg.SECURITYGROUPS] = sgids
def _process_l3_create(self, context, net_data, net_id):
external = net_data.get('router:external')
external_set = attributes.is_attr_set(external)
if not external_set:
return
self._enforce_l3_set_auth(context, net_data)
if external:
# expects to be called within a plugin's session
context.session.add(ExternalNetwork(network_id=net_id))
def _process_l3_create(self, context, net_data, net_id):
external = net_data.get('router:external')
external_set = attributes.is_attr_set(external)
if not external_set:
return
self._enforce_l3_set_auth(context, net_data)
if external:
# expects to be called within a plugin's session
context.session.add(ExternalNetwork(network_id=net_id))
def _ensure_default_security_group_on_port(self, context, port):
# we don't apply security groups for dhcp, router
if (port['port'].get('device_owner') and
port['port']['device_owner'].startswith('network:')):
return
tenant_id = self._get_tenant_id_for_create(context,
port['port'])
default_sg = self._ensure_default_security_group(context, tenant_id)
if attr.is_attr_set(port['port'].get(ext_sg.SECURITYGROUP)):
sgids = port['port'].get(ext_sg.SECURITYGROUP)
else:
sgids = [default_sg]
port['port'][ext_sg.SECURITYGROUP] = sgids
def _process_provider_create(self, context, attrs):
network_type = attrs.get(provider.NETWORK_TYPE)
physical_network = attrs.get(provider.PHYSICAL_NETWORK)
segmentation_id = attrs.get(provider.SEGMENTATION_ID)
network_type_set = attributes.is_attr_set(network_type)
physical_network_set = attributes.is_attr_set(physical_network)
segmentation_id_set = attributes.is_attr_set(segmentation_id)
if not (network_type_set or physical_network_set or
segmentation_id_set):
return (None, None, None)
# Authorize before exposing plugin details to client
self._enforce_set_auth(context, attrs, self.network_set)
if not network_type_set:
msg = _("provider:network_type required")
raise q_exc.InvalidInput(error_message=msg)
elif network_type == constants.TYPE_FLAT:
self._process_flat_net(segmentation_id_set)
segmentation_id = constants.FLAT_VLAN_ID
elif network_type in [constants.TYPE_VLAN, constants.TYPE_IB]:
self._process_vlan_net(segmentation_id, segmentation_id_set)
elif network_type == constants.TYPE_LOCAL:
self._process_local_net(physical_network_set,
segmentation_id_set)
segmentation_id = constants.LOCAL_VLAN_ID
physical_network = None
else:
msg = _("provider:network_type %s not supported") % network_type
raise q_exc.InvalidInput(error_message=msg)
physical_network = self._process_net_type(network_type,
physical_network,
physical_network_set)
return (network_type, physical_network, segmentation_id)
def _validate_security_groups_on_port(self, context, port):
p = port['port']
if not attr.is_attr_set(p.get(ext_sg.SECURITYGROUP)):
return
if p.get('device_owner') and p['device_owner'].startswith('network:'):
raise ext_sg.SecurityGroupInvalidDeviceOwner()
valid_groups = self.get_security_groups(context, fields={'id': None})
valid_groups_set = set([x['id'] for x in valid_groups])
req_sg_set = set(p[ext_sg.SECURITYGROUP])
invalid_sg_set = req_sg_set - valid_groups_set
if invalid_sg_set:
msg = ' '.join(str(x) for x in invalid_sg_set)
raise ext_sg.SecurityGroupNotFound(id=msg)
def _nvp_lqueue(self, queue):
"""Convert fields to nvp fields."""
nvp_queue = {}
params = {'name': 'display_name',
'qos_marking': 'qos_marking',
'min': 'min_bandwidth_rate',
'max': 'max_bandwidth_rate',
'dscp': 'dscp'}
nvp_queue = dict(
(nvp_name, queue.get(api_name))
for api_name, nvp_name in params.iteritems()
if attr.is_attr_set(queue.get(api_name))
)
return nvp_queue
def _process_provider_create(self, context, session, attrs):
network_type = attrs.get(provider.NETWORK_TYPE)
network_type_set = attributes.is_attr_set(network_type)
if not network_type_set:
if self._tenant_network_type == constants.TYPE_NONE:
raise q_exc.TenantNetworksDisabled()
network_type = self._tenant_network_type
attrs[provider.NETWORK_TYPE] = network_type
if network_type not in self._network_providers_map:
msg = _("Network type %s not supported") % network_type
raise q_exc.InvalidInput(error_message=msg)
p = self._network_providers_map[network_type]
# Provider specific network creation
p.create_network(session, attrs)
def _process_port_binding_create(self, context, attrs):
binding_profile = attrs.get(portbindings.PROFILE)
binding_profile_set = attributes.is_attr_set(binding_profile)
if not binding_profile_set:
return self.vnic_type
if constants.VNIC_TYPE in binding_profile:
req_vnic_type = binding_profile[constants.VNIC_TYPE]
if req_vnic_type in (constants.VIF_TYPE_DIRECT,
constants.VIF_TYPE_HOSTDEV):
return req_vnic_type
else:
msg = _("invalid vnic_type on port_create")
else:
msg = _("vnic_type is not defined in port profile")
raise q_exc.InvalidInput(error_message=msg)
def _process_portbindings_create_and_update(self, context, port_data,
port):
host = port_data.get(portbindings.HOST_ID)
host_set = attributes.is_attr_set(host)
if not host_set:
_extend_port_dict_binding_host(self, port, None)
return
with context.session.begin(subtransactions=True):
bind_port = context.session.query(PortBindingPort).filter_by(
port_id=port['id']).first()
if not bind_port:
context.session.add(
PortBindingPort(port_id=port['id'], host=host))
else:
bind_port.host = host
_extend_port_dict_binding_host(self, port, host)
def _nvp_lqueue(self, queue):
"""Convert fields to nvp fields."""
nvp_queue = {}
params = {
'name': 'display_name',
'qos_marking': 'qos_marking',
'min': 'min_bandwidth_rate',
'max': 'max_bandwidth_rate',
'dscp': 'dscp'
}
nvp_queue = dict((nvp_name, queue.get(api_name))
for api_name, nvp_name in params.iteritems()
if attr.is_attr_set(queue.get(api_name)))
if 'display_name' in nvp_queue:
nvp_queue['display_name'] = nvplib._check_and_truncate_name(
nvp_queue['display_name'])
return nvp_queue
def _get_security_groups_on_port(self, context, port):
"""Check that all security groups on port belong to tenant.
:returns: all security groups IDs on port belonging to tenant.
"""
p = port['port']
if not attr.is_attr_set(p.get(ext_sg.SECURITYGROUPS)):
return
if p.get('device_owner') and p['device_owner'].startswith('network:'):
return
valid_groups = self.get_security_groups(context, fields=['id'])
valid_group_map = dict((g['id'], g['id']) for g in valid_groups)
try:
return set([
valid_group_map[sg_id]
for sg_id in p.get(ext_sg.SECURITYGROUPS, [])
])
except KeyError as e:
raise ext_sg.SecurityGroupNotFound(id=str(e))
def _process_provider_create(self, context, attrs):
network_type = attrs.get(provider.NETWORK_TYPE)
physical_network = attrs.get(provider.PHYSICAL_NETWORK)
segmentation_id = attrs.get(provider.SEGMENTATION_ID)
network_type_set = attributes.is_attr_set(network_type)
physical_network_set = attributes.is_attr_set(physical_network)
segmentation_id_set = attributes.is_attr_set(segmentation_id)
if not (network_type_set or physical_network_set
or segmentation_id_set):
return (None, None, None)
# Authorize before exposing plugin details to client
self._enforce_provider_set_auth(context, attrs)
if not network_type_set:
msg = _("provider:network_type required")
raise q_exc.InvalidInput(error_message=msg)
elif network_type == constants.TYPE_FLAT:
if segmentation_id_set:
msg = _("provider:segmentation_id specified for flat network")
raise q_exc.InvalidInput(error_message=msg)
else:
segmentation_id = constants.FLAT_VLAN_ID
elif network_type == constants.TYPE_VLAN:
if not segmentation_id_set:
msg = _("provider:segmentation_id required")
raise q_exc.InvalidInput(error_message=msg)
if segmentation_id < 1 or segmentation_id > 4094:
msg = _("provider:segmentation_id out of range "
"(1 through 4094)")
raise q_exc.InvalidInput(error_message=msg)
elif network_type == constants.TYPE_GRE:
if not self.enable_tunneling:
msg = _("GRE networks are not enabled")
raise q_exc.InvalidInput(error_message=msg)
if physical_network_set:
msg = _("provider:physical_network specified for GRE "
"network")
raise q_exc.InvalidInput(error_message=msg)
else:
physical_network = None
if not segmentation_id_set:
msg = _("provider:segmentation_id required")
raise q_exc.InvalidInput(error_message=msg)
elif network_type == constants.TYPE_LOCAL:
if physical_network_set:
msg = _("provider:physical_network specified for local "
"network")
raise q_exc.InvalidInput(error_message=msg)
else:
physical_network = None
if segmentation_id_set:
msg = _("provider:segmentation_id specified for local "
"network")
raise q_exc.InvalidInput(error_message=msg)
else:
segmentation_id = None
else:
msg = _("provider:network_type %s not supported" % network_type)
raise q_exc.InvalidInput(error_message=msg)
if network_type in [constants.TYPE_VLAN, constants.TYPE_FLAT]:
if physical_network_set:
if physical_network not in self.network_vlan_ranges:
msg = _("unknown provider:physical_network %s" %
physical_network)
raise q_exc.InvalidInput(error_message=msg)
elif 'default' in self.network_vlan_ranges:
physical_network = 'default'
else:
msg = _("provider:physical_network required")
raise q_exc.InvalidInput(error_message=msg)
return (network_type, physical_network, segmentation_id)
def _process_provider_create(self, context, attrs):
network_type = attrs.get(provider.NETWORK_TYPE)
physical_network = attrs.get(provider.PHYSICAL_NETWORK)
segmentation_id = attrs.get(provider.SEGMENTATION_ID)
network_type_set = attributes.is_attr_set(network_type)
physical_network_set = attributes.is_attr_set(physical_network)
segmentation_id_set = attributes.is_attr_set(segmentation_id)
if not (network_type_set or physical_network_set
or segmentation_id_set):
return (None, None, None)
if not network_type_set:
msg = _("provider:network_type required")
raise q_exc.InvalidInput(error_message=msg)
elif network_type == constants.TYPE_FLAT:
if segmentation_id_set:
msg = _("provider:segmentation_id specified for flat network")
raise q_exc.InvalidInput(error_message=msg)
else:
segmentation_id = constants.FLAT_VLAN_ID
elif network_type == constants.TYPE_VLAN:
if not segmentation_id_set:
msg = _("provider:segmentation_id required")
raise q_exc.InvalidInput(error_message=msg)
if not utils.is_valid_vlan_tag(segmentation_id):
msg = (_("provider:segmentation_id out of range "
"(%(min_id)s through %(max_id)s)") % {
'min_id': q_const.MIN_VLAN_TAG,
'max_id': q_const.MAX_VLAN_TAG
})
raise q_exc.InvalidInput(error_message=msg)
elif network_type == constants.TYPE_GRE:
if not self.enable_tunneling:
msg = _("GRE networks are not enabled")
raise q_exc.InvalidInput(error_message=msg)
if physical_network_set:
msg = _("provider:physical_network specified for GRE "
"network")
raise q_exc.InvalidInput(error_message=msg)
else:
physical_network = None
if not segmentation_id_set:
msg = _("provider:segmentation_id required")
raise q_exc.InvalidInput(error_message=msg)
elif network_type == constants.TYPE_LOCAL:
if physical_network_set:
msg = _("provider:physical_network specified for local "
"network")
raise q_exc.InvalidInput(error_message=msg)
else:
physical_network = None
if segmentation_id_set:
msg = _("provider:segmentation_id specified for local "
"network")
raise q_exc.InvalidInput(error_message=msg)
else:
segmentation_id = None
else:
msg = _("provider:network_type %s not supported") % network_type
raise q_exc.InvalidInput(error_message=msg)
if network_type in [constants.TYPE_VLAN, constants.TYPE_FLAT]:
if physical_network_set:
if physical_network not in self.network_vlan_ranges:
msg = _("Unknown provider:physical_network "
"%s") % physical_network
raise q_exc.InvalidInput(error_message=msg)
elif 'default' in self.network_vlan_ranges:
physical_network = 'default'
else:
msg = _("provider:physical_network required")
raise q_exc.InvalidInput(error_message=msg)
return (network_type, physical_network, segmentation_id)
def _check_provider_update(self, context, attrs):
if (attributes.is_attr_set(attrs.get(provider.NETWORK_TYPE)) or
attributes.is_attr_set(attrs.get(provider.PHYSICAL_NETWORK)) or
attributes.is_attr_set(attrs.get(provider.SEGMENTATION_ID))):
msg = _("Plugin does not support updating provider attributes")
raise exc.InvalidInput(error_message=msg)
