def _set_vmi_security_groups(self, vmi_obj, sec_group_list):
vmi_obj.set_security_group_list([])
# When there is no-security-group for a port,the internal
# no_rule group should be used.
if not sec_group_list:
sg_obj = res_handler.SGHandler(
self._vnc_lib).get_no_rule_security_group()
vmi_obj.add_security_group(sg_obj)
for sg_id in sec_group_list or []:
# TODO() optimize to not read sg (only uuid/fqn needed)
sg_obj = self._vnc_lib.security_group_read(id=sg_id)
vmi_obj.add_security_group(sg_obj)
def resource_list(self, context, filters=None, fields=None):
ret_list = []
contrail_extensions_enabled = self._kwargs.get(
'contrail_extensions_enabled', False)
# collect phase
self._ensure_default_security_group_exists(context['tenant'])
all_sgs = [] # all sgs in all projects
if context and not context['is_admin']:
project_sgs = self.resource_list_by_project(
self._project_id_neutron_to_vnc(context['tenant']),
filters=filters)
all_sgs.append(project_sgs)
else: # admin context
if filters and 'tenant_id' in filters:
project_ids = self._validate_project_ids(
context, filters['tenant_id'])
for p_id in project_ids:
project_sgs = self.resource_list_by_project(
p_id, filters=filters)
all_sgs.append(project_sgs)
else: # no tenant id filter
all_sgs.append(
self.resource_list_by_project(None, filters=filters))
# prune phase
no_rule = res_handler.SGHandler(
self._vnc_lib).get_no_rule_security_group(create=False)
for project_sgs in all_sgs:
for sg_obj in project_sgs:
if no_rule and sg_obj.uuid == no_rule.uuid:
continue
if not self._filters_is_present(
filters, 'name',
sg_obj.get_display_name() or sg_obj.name):
continue
if not self._filters_is_present(
filters, 'description',
sg_obj.get_id_perms().get_description()):
continue
sg_info = self._security_group_vnc_to_neutron(
sg_obj, contrail_extensions_enabled, fields=fields)
ret_list.append(sg_info)
return ret_list
def _vmi_to_neutron_port(self, vmi_obj, port_req_memo=None,
extensions_enabled=False, fields=None):
port_q_dict = {}
if not getattr(vmi_obj, 'display_name'):
# for ports created directly via vnc_api
port_q_dict['name'] = vmi_obj.get_fq_name()[-1]
else:
port_q_dict['name'] = vmi_obj.display_name
port_q_dict['id'] = vmi_obj.uuid
net_id = self.get_vmi_net_id(vmi_obj)
if not net_id:
# TODO() hack to force network_id on default port
# as neutron needs it
net_id = self._vnc_lib.obj_to_id(vnc_api.VirtualNetwork())
if port_req_memo is None:
# create a memo only for this port's conversion in this method
port_req_memo = {}
if 'networks' not in port_req_memo:
port_req_memo['networks'] = {}
if 'subnets' not in port_req_memo:
port_req_memo['subnets'] = {}
if 'virtual-machines' not in port_req_memo:
port_req_memo['virtual-machines'] = {}
try:
vn_obj = port_req_memo['networks'][net_id]
except KeyError:
vn_obj = self._vnc_lib.virtual_network_read(id=net_id)
port_req_memo['networks'][net_id] = vn_obj
subnets_info = (
subnet_handler.SubnetHandler.get_vn_subnets(vn_obj))
port_req_memo['subnets'][net_id] = subnets_info
if vmi_obj.parent_type != "project":
proj_id = self._project_id_vnc_to_neutron(vn_obj.parent_uuid)
else:
proj_id = self._project_id_vnc_to_neutron(vmi_obj.parent_uuid)
port_q_dict['tenant_id'] = proj_id
port_q_dict['network_id'] = net_id
# TODO() RHS below may need fixing
port_q_dict['mac_address'] = ''
mac_refs = vmi_obj.get_virtual_machine_interface_mac_addresses()
if mac_refs:
port_q_dict['mac_address'] = mac_refs.mac_address[0]
extra_dhcp_opts = self._get_extra_dhcp_opts(vmi_obj)
if extra_dhcp_opts:
port_q_dict['extra_dhcp_opts'] = extra_dhcp_opts
address_pairs = self._get_allowed_adress_pairs(vmi_obj)
if address_pairs:
port_q_dict['allowed_address_pairs'] = address_pairs
port_q_dict['fixed_ips'] = self.get_vmi_ip_dict(vmi_obj, vn_obj,
port_req_memo)
port_q_dict['security_groups'] = []
sg_refs = vmi_obj.get_security_group_refs()
# read the no rule sg
no_rule_sg = res_handler.SGHandler(
self._vnc_lib).get_no_rule_security_group()
for sg_ref in sg_refs or []:
if no_rule_sg and sg_ref['uuid'] == no_rule_sg.uuid:
# hide the internal sg
continue
port_q_dict['security_groups'].append(sg_ref['uuid'])
port_q_dict['admin_state_up'] = vmi_obj.get_id_perms().enable
device_id, device_owner = self._get_vmi_device_id_owner(vmi_obj,
port_req_memo)
port_q_dict['device_id'] = device_id
if device_owner is not None:
port_q_dict['device_owner'] = device_owner
else:
port_q_dict['device_owner'] = (
vmi_obj.get_virtual_machine_interface_device_owner() or '')
if port_q_dict['device_id']:
port_q_dict['status'] = constants.PORT_STATUS_ACTIVE
else:
port_q_dict['status'] = constants.PORT_STATUS_DOWN
if extensions_enabled:
extra_dict = {'contrail:fq_name': vmi_obj.get_fq_name()}
port_q_dict.update(extra_dict)
bindings_dict = self._get_port_bindings(vmi_obj)
for k,v in bindings_dict.items():
port_q_dict[k] = v
if fields:
port_q_dict = self._filter_res_dict(port_q_dict, fields)
return port_q_dict
