def get_security_group_rules_nsx_format(session, cluster,
security_group_rules, with_id=False):
"""Convert neutron security group rules into NSX format.
This routine splits Neutron security group rules into two lists, one
for ingress rules and the other for egress rules.
"""
def fields(rule):
_fields = ['remote_ip_prefix', 'remote_group_id', 'protocol',
'port_range_min', 'port_range_max', 'protocol', 'ethertype']
if with_id:
_fields.append('id')
return dict((k, v) for k, v in rule.iteritems() if k in _fields)
ingress_rules = []
egress_rules = []
for rule in security_group_rules:
if rule.get('souce_group_id'):
rule['remote_group_id'] = nsx_utils.get_nsx_security_group_id(
session, cluster, rule['remote_group_id'])
if rule['direction'] == 'ingress':
ingress_rules.append(fields(rule))
elif rule['direction'] == 'egress':
egress_rules.append(fields(rule))
rules = {'logical_port_ingress_rules': egress_rules,
'logical_port_egress_rules': ingress_rules}
return _convert_to_nsx_rules(session, cluster, rules, with_id)
def _convert_to_nsx_rule(session, cluster, rule, with_id=False):
"""Converts a Neutron security group rule to the NSX format.
This routine also replaces Neutron IDs with NSX UUIDs.
"""
nsx_rule = {}
params = ['remote_ip_prefix', 'protocol',
'remote_group_id', 'port_range_min',
'port_range_max', 'ethertype']
if with_id:
params.append('id')
for param in params:
value = rule.get(param)
if param not in rule:
nsx_rule[param] = value
elif not value:
pass
elif param == 'remote_ip_prefix':
nsx_rule['ip_prefix'] = rule['remote_ip_prefix']
elif param == 'remote_group_id':
nsx_rule['profile_uuid'] = nsx_utils.get_nsx_security_group_id(
session, cluster, rule['remote_group_id'])
elif param == 'protocol':
try:
nsx_rule['protocol'] = int(rule['protocol'])
except (ValueError, TypeError):
nsx_rule['protocol'] = (
protocol_num_look_up[rule['protocol']])
else:
nsx_rule[param] = value
return nsx_rule
def _convert_to_nsx_secgroup_ids(self, context, security_groups):
return [
nsx_utils.get_nsx_security_group_id(
context._plugin_context.session,
self.cluster,
neutron_sg_id)
for neutron_sg_id in security_groups
]
def _verify_get_nsx_sec_profile_id(self, exp_sec_prof_uuid):
# The nsxlib and db calls are mocked, therefore the cluster
# and the neutron_id parameters can be set to None
sec_prof_uuid = nsx_utils.get_nsx_security_group_id(
db_api.get_session(), None, None)
self.assertEqual(exp_sec_prof_uuid, sec_prof_uuid)
def _verify_get_nsx_sec_profile_id(self, exp_sec_prof_uuid):
# The nvplib and db calls are mocked, therefore the cluster
# and the neutron_id parameters can be set to None
sec_prof_uuid = nsx_utils.get_nsx_security_group_id(
db_api.get_session(), None, None)
self.assertEqual(exp_sec_prof_uuid, sec_prof_uuid)
