def act_filter(self, action):
try:
if action == 'create':
mgr.create(aim_ctx,
resource.Filter(tenant_name=tnt, name='noiro-ssh'))
if action == 'delete':
mgr.delete(aim_ctx,
resource.Filter(tenant_name=tnt, name='noiro-ssh'))
except Exception as e:
print '\nnoiro-ssh filter-create failed: ' + repr(e)
return 0
def _get_filter(self, filter_name, tenant_name, should_exist=True):
session = db_api.get_session()
aim_ctx = aim_context.AimContext(session)
filter = aim_resource.Filter(tenant_name=tenant_name,
name=filter_name)
filter = self.aim_mgr.get(aim_ctx, filter)
if should_exist:
self.assertIsNotNone(filter)
else:
self.assertIsNone(filter)
return filter
def _get_l3out_objects(self, l3out_name=None, l3out_display_name=None,
nat_vrf_name=None, vmm_domains=None,
phys_domains=None):
name = 'EXT-%s' % (l3out_name or 'o1')
d_name = 'EXT-%s' % (l3out_display_name or 'OUT')
nat_vrf = a_res.VRF(tenant_name='t1', name=name, display_name=d_name)
if vmm_domains is not None:
vmm_doms = vmm_domains
else:
vmm_doms = self.vmm_domains
if phys_domains is not None:
phys_doms = phys_domains
else:
phys_doms = self.phys_domains
return ([
a_res.Filter(tenant_name='t1', name=name,
display_name=d_name),
a_res.FilterEntry(tenant_name='t1', filter_name=name,
name='Any', display_name='Any'),
a_res.Contract(tenant_name='t1', name=name,
display_name=d_name),
a_res.ContractSubject(tenant_name='t1', contract_name=name,
name='Allow', display_name='Allow',
bi_filters=[name]),
a_res.BridgeDomain(tenant_name='t1', name=name,
display_name=d_name,
vrf_name=nat_vrf_name or name,
limit_ip_learn_to_subnets=True,
l3out_names=[l3out_name or 'o1']),
a_res.ApplicationProfile(tenant_name='t1', name='myapp',
display_name='myapp'),
a_res.EndpointGroup(tenant_name='t1', app_profile_name='myapp',
name=name, display_name=d_name,
bd_name=name,
provided_contract_names=[name],
consumed_contract_names=[name],
# NOTE(ivar): Need to keep both VMM
# representations since a GET on the EPG
# will also return the domain name list
# for backward compatibility
openstack_vmm_domain_names=[dom['name']
for dom in vmm_doms
if dom['type'] ==
'OpenStack'],
physical_domain_names=[dom['name']
for dom in phys_doms],
vmm_domains=vmm_doms,
physical_domains=phys_doms)] +
([nat_vrf] if nat_vrf_name is None else []))
def ensure_tenant(self, plugin_context, tenant_id):
LOG.debug("APIC AIM MD ensuring tenant_id: %s", tenant_id)
self.project_name_cache.ensure_project(tenant_id)
# TODO(rkukura): Move the following to calls made from
# precommit methods so AIM Tenants, ApplicationProfiles, and
# Filters are [re]created whenever needed.
session = plugin_context.session
with session.begin(subtransactions=True):
project_name = self.project_name_cache.get_project_name(tenant_id)
tenant_aname = self.name_mapper.tenant(session, tenant_id,
project_name)
LOG.debug(
"Mapped tenant_id %(id)s with name %(name)s to "
"%(aname)s", {
'id': tenant_id,
'name': project_name,
'aname': tenant_aname
})
aim_ctx = aim_context.AimContext(session)
tenant = aim_resource.Tenant(name=tenant_aname)
if not self.aim.get(aim_ctx, tenant):
self.aim.create(aim_ctx, tenant)
ap = aim_resource.ApplicationProfile(tenant_name=tenant_aname,
name=AP_NAME)
if not self.aim.get(aim_ctx, ap):
self.aim.create(aim_ctx, ap)
filter = aim_resource.Filter(tenant_name=tenant_aname,
name=ANY_FILTER_NAME,
display_name='Any Filter')
if not self.aim.get(aim_ctx, filter):
self.aim.create(aim_ctx, filter)
entry = aim_resource.FilterEntry(tenant_name=tenant_aname,
filter_name=ANY_FILTER_NAME,
name=ANY_FILTER_ENTRY_NAME,
display_name='Any FilterEntry')
if not self.aim.get(aim_ctx, entry):
self.aim.create(aim_ctx, entry)
def _get_nat_objects(self, ctx, l3out):
sani = aim_utils.sanitize_display_name
scope = self._scope_name_if_common
d_name = self._display_name(l3out)
filter_name = scope(l3out.tenant_name, 'EXT-%s' % l3out.name)
fltr = resource.Filter(tenant_name=l3out.tenant_name,
name=filter_name,
display_name=sani(
scope(l3out.tenant_name,
'EXT-%s' % d_name)))
entry = resource.FilterEntry(tenant_name=fltr.tenant_name,
filter_name=fltr.name,
name='Any',
display_name='Any')
contract = self._get_nat_contract(ctx, l3out)
subject = resource.ContractSubject(tenant_name=contract.tenant_name,
contract_name=contract.name,
name='Allow',
display_name='Allow')
subject_filter = resource.ContractSubjFilter(
tenant_name=contract.tenant_name,
contract_name=contract.name,
contract_subject_name='Allow',
filter_name=fltr.name)
bd = self._get_nat_bd(ctx, l3out)
bd.vrf_name = l3out.vrf_name
ap, epg = self._get_nat_ap_epg(ctx, l3out)
vm_doms = getattr(self, 'vmm_domains', [{
'type': d.type,
'name': d.name
} for d in self.mgr.find(ctx, resource.VMMDomain)])
phy_doms = getattr(self, 'physical_domains', [{
'name': d.name
} for d in self.mgr.find(ctx, resource.PhysicalDomain)])
epg.bd_name = bd.name
epg.provided_contract_names = [contract.name]
epg.consumed_contract_names = [contract.name]
epg.vmm_domains = vm_doms
epg.physical_domains = phy_doms
return [fltr, entry, contract, subject, subject_filter, bd, ap, epg]
def _aim_filter(self, session, pr, reverse_prefix=False):
# This returns a new AIM Filter resource
# TODO(Sumit): Use _aim_resource_by_name
tenant_id = pr['tenant_id']
tenant_name = self._aim_tenant_name(session, tenant_id)
id = pr['id']
name = pr['name']
display_name = self.aim_display_name(pr['name'])
if reverse_prefix:
filter_name = self.name_mapper.policy_rule(
session, id, resource_name=name, prefix=alib.REVERSE_PREFIX)
else:
filter_name = self.name_mapper.policy_rule(session, id,
resource_name=name)
LOG.debug("Mapped policy_rule_id %(id)s with name %(name)s to",
"%(apic_name)s",
{'id': id, 'name': name, 'apic_name': filter_name})
kwargs = {'tenant_name': str(tenant_name),
'name': str(filter_name),
'display_name': display_name}
aim_filter = aim_resource.Filter(**kwargs)
return aim_filter