def test_network_allowed_by_config(self):
net_id1 = uuidutils.generate_uuid()
net_id2 = uuidutils.generate_uuid()
net_id3 = uuidutils.generate_uuid()
valid_net_ids = ",".join((net_id1, net_id2))
self.conf.config(group="networking", valid_vip_networks=valid_net_ids)
validate.network_allowed_by_config(net_id1)
validate.network_allowed_by_config(net_id2)
self.assertRaises(exceptions.ValidationException,
validate.network_allowed_by_config, net_id3)
def test_network_allowed_by_config(self):
net_id1 = uuidutils.generate_uuid()
net_id2 = uuidutils.generate_uuid()
net_id3 = uuidutils.generate_uuid()
valid_net_ids = ",".join((net_id1, net_id2))
self.conf.config(group="networking", valid_vip_networks=valid_net_ids)
validate.network_allowed_by_config(net_id1)
validate.network_allowed_by_config(net_id2)
self.assertRaises(
exceptions.ValidationException,
validate.network_allowed_by_config, net_id3)
def _validate_vip_request_object(self, load_balancer):
allowed_network_objects = []
if CONF.networking.allow_vip_port_id:
allowed_network_objects.append('vip_port_id')
if CONF.networking.allow_vip_network_id:
allowed_network_objects.append('vip_network_id')
if CONF.networking.allow_vip_subnet_id:
allowed_network_objects.append('vip_subnet_id')
msg = _("use of %(object)s is disallowed by this deployment's "
"configuration.")
if (load_balancer.vip_port_id and
not CONF.networking.allow_vip_port_id):
raise exceptions.ValidationException(
detail=msg % {'object': 'vip_port_id'})
if (load_balancer.vip_network_id and
not CONF.networking.allow_vip_network_id):
raise exceptions.ValidationException(
detail=msg % {'object': 'vip_network_id'})
if (load_balancer.vip_subnet_id and
not CONF.networking.allow_vip_subnet_id):
raise exceptions.ValidationException(
detail=msg % {'object': 'vip_subnet_id'})
if not (load_balancer.vip_port_id or
load_balancer.vip_network_id or
load_balancer.vip_subnet_id):
raise exceptions.VIPValidationException(
objects=', '.join(allowed_network_objects))
# Validate the port id
if load_balancer.vip_port_id:
self._validate_port_and_fill_or_validate_subnet(load_balancer)
# If no port id, validate the network id (and subnet if provided)
elif load_balancer.vip_network_id:
self._validate_network_and_fill_or_validate_subnet(load_balancer)
# Validate just the subnet id
elif load_balancer.vip_subnet_id:
subnet = validate.subnet_exists(
subnet_id=load_balancer.vip_subnet_id)
load_balancer.vip_network_id = subnet.network_id
if load_balancer.vip_qos_policy_id:
validate.qos_policy_exists(
qos_policy_id=load_balancer.vip_qos_policy_id)
validate.network_allowed_by_config(load_balancer.vip_network_id)
def _validate_vip_request_object(self, load_balancer):
allowed_network_objects = []
if CONF.networking.allow_vip_port_id:
allowed_network_objects.append('vip_port_id')
if CONF.networking.allow_vip_network_id:
allowed_network_objects.append('vip_network_id')
if CONF.networking.allow_vip_subnet_id:
allowed_network_objects.append('vip_subnet_id')
msg = _("use of %(object)s is disallowed by this deployment's "
"configuration.")
if (load_balancer.vip_port_id and
not CONF.networking.allow_vip_port_id):
raise exceptions.ValidationException(
detail=msg % {'object': 'vip_port_id'})
if (load_balancer.vip_network_id and
not CONF.networking.allow_vip_network_id):
raise exceptions.ValidationException(
detail=msg % {'object': 'vip_network_id'})
if (load_balancer.vip_subnet_id and
not CONF.networking.allow_vip_subnet_id):
raise exceptions.ValidationException(
detail=msg % {'object': 'vip_subnet_id'})
if not (load_balancer.vip_port_id or
load_balancer.vip_network_id or
load_balancer.vip_subnet_id):
raise exceptions.VIPValidationException(
objects=', '.join(allowed_network_objects))
# Validate the port id
if load_balancer.vip_port_id:
self._validate_port_and_fill_or_validate_subnet(load_balancer)
# If no port id, validate the network id (and subnet if provided)
elif load_balancer.vip_network_id:
self._validate_network_and_fill_or_validate_subnet(load_balancer)
# Validate just the subnet id
elif load_balancer.vip_subnet_id:
subnet = validate.subnet_exists(
subnet_id=load_balancer.vip_subnet_id)
load_balancer.vip_network_id = subnet.network_id
if load_balancer.vip_qos_policy_id:
validate.qos_policy_exists(
qos_policy_id=load_balancer.vip_qos_policy_id)
validate.network_allowed_by_config(load_balancer.vip_network_id)
def post(self, load_balancer):
"""Creates a load balancer."""
load_balancer = load_balancer.loadbalancer
context = pecan_request.context.get('octavia_context')
if not load_balancer.project_id and context.project_id:
load_balancer.project_id = context.project_id
if not load_balancer.project_id:
raise exceptions.ValidationException(detail=_(
"Missing project ID in request where one is required. "
"An administrator should check the keystone settings "
"in the Octavia configuration."))
self._auth_validate_action(context, load_balancer.project_id,
constants.RBAC_POST)
self._validate_vip_request_object(load_balancer, context=context)
self._validate_flavor(context.session, load_balancer)
self._validate_availability_zone(context.session, load_balancer)
provider = self._get_provider(context.session, load_balancer)
# Load the driver early as it also provides validation
driver = driver_factory.get_driver(provider)
lock_session = db_api.get_session(autocommit=False)
try:
if self.repositories.check_quota_met(
context.session,
lock_session,
data_models.LoadBalancer,
load_balancer.project_id):
raise exceptions.QuotaException(
resource=data_models.LoadBalancer._name())
db_lb, db_pools, db_lists = None, None, None
lb_dict = db_prepare.create_load_balancer(load_balancer.to_dict(
render_unsets=False
))
vip_dict = lb_dict.pop('vip', {})
# Make sure we store the right provider in the DB
lb_dict['provider'] = driver.name
# NoneType can be weird here, have to force type a second time
listeners = lb_dict.pop('listeners', []) or []
pools = lb_dict.pop('pools', []) or []
flavor_dict = self._apply_flavor_to_lb_dict(lock_session, driver,
lb_dict)
az_dict = self._validate_and_return_az_dict(lock_session, driver,
lb_dict)
# Validate the network as soon as we have the AZ data
validate.network_allowed_by_config(
load_balancer.vip_network_id,
valid_networks=az_dict.get(constants.VALID_VIP_NETWORKS))
db_lb = self.repositories.create_load_balancer_and_vip(
lock_session, lb_dict, vip_dict)
# Pass the flavor dictionary through for the provider drivers
# This is a "virtual" lb_dict item that includes the expanded
# flavor dict instead of just the flavor_id we store in the DB.
lb_dict['flavor'] = flavor_dict
# Do the same with the availability_zone dict
lb_dict['availability_zone'] = az_dict
# See if the provider driver wants to manage the VIP port
# This will still be called if the user provided a port to
# allow drivers to collect any required information about the
# VIP port.
octavia_owned = False
try:
provider_vip_dict = driver_utils.vip_dict_to_provider_dict(
vip_dict)
vip_dict = driver_utils.call_provider(
driver.name, driver.create_vip_port, db_lb.id,
db_lb.project_id, provider_vip_dict)
vip = driver_utils.provider_vip_dict_to_vip_obj(vip_dict)
except exceptions.ProviderNotImplementedError:
# create vip port if not exist, driver didn't want to create
# the VIP port
vip = self._create_vip_port_if_not_exist(db_lb)
LOG.info('Created VIP port %s for provider %s.',
vip.port_id, driver.name)
# If a port_id wasn't passed in and we made it this far
# we created the VIP
if 'port_id' not in vip_dict or not vip_dict['port_id']:
octavia_owned = True
# Check if the driver claims octavia owns the VIP port.
if vip.octavia_owned:
octavia_owned = True
self.repositories.vip.update(
lock_session, db_lb.id, ip_address=vip.ip_address,
port_id=vip.port_id, network_id=vip.network_id,
subnet_id=vip.subnet_id, octavia_owned=octavia_owned)
if listeners or pools:
db_pools, db_lists = self._graph_create(
context.session, lock_session, db_lb, listeners, pools)
# Prepare the data for the driver data model
driver_lb_dict = driver_utils.lb_dict_to_provider_dict(
lb_dict, vip, db_pools, db_lists)
# Dispatch to the driver
LOG.info("Sending create Load Balancer %s to provider %s",
db_lb.id, driver.name)
driver_utils.call_provider(
driver.name, driver.loadbalancer_create,
driver_dm.LoadBalancer.from_dict(driver_lb_dict))
lock_session.commit()
except odb_exceptions.DBDuplicateEntry:
lock_session.rollback()
raise exceptions.IDAlreadyExists()
except Exception:
with excutils.save_and_reraise_exception():
lock_session.rollback()
db_lb = self._get_db_lb(context.session, db_lb.id)
result = self._convert_db_to_type(
db_lb, lb_types.LoadBalancerFullResponse)
return lb_types.LoadBalancerFullRootResponse(loadbalancer=result)
