def act_filter_entry(self, action):
try:
if action == 'create':
mgr.create(
aim_ctx,
resource.FilterEntry(tenant_name=tnt,
filter_name='noiro-ssh',
name='ssh',
ether_type='ip',
ip_protocol='tcp',
source_from_port=22,
source_to_port=22))
mgr.create(
aim_ctx,
resource.FilterEntry(tenant_name=tnt,
filter_name='noiro-ssh',
name='rev-ssh',
ether_type='ip',
ip_protocol='tcp',
dest_from_port=22,
dest_to_port=22))
if action == 'delete':
for name in ['ssh', 'rev-ssh']:
mgr.delete(
aim_ctx,
resource.FilterEntry(tenant_name=tnt,
filter_name='noiro-ssh',
name=name))
except Exception as e:
print '\n Filter-Entry ssh %s failed: ' % (action) + repr(e)
return 0
def _get_filter_entry(self, entry_name, filter_name, tenant_name,
should_exist=True):
session = db_api.get_session()
aim_ctx = aim_context.AimContext(session)
entry = aim_resource.FilterEntry(tenant_name=tenant_name,
filter_name=filter_name,
name=entry_name)
entry = self.aim_mgr.get(aim_ctx, entry)
if should_exist:
self.assertIsNotNone(entry)
else:
self.assertIsNone(entry)
return entry
def _get_l3out_objects(self, l3out_name=None, l3out_display_name=None,
nat_vrf_name=None, vmm_domains=None,
phys_domains=None):
name = 'EXT-%s' % (l3out_name or 'o1')
d_name = 'EXT-%s' % (l3out_display_name or 'OUT')
nat_vrf = a_res.VRF(tenant_name='t1', name=name, display_name=d_name)
if vmm_domains is not None:
vmm_doms = vmm_domains
else:
vmm_doms = self.vmm_domains
if phys_domains is not None:
phys_doms = phys_domains
else:
phys_doms = self.phys_domains
return ([
a_res.Filter(tenant_name='t1', name=name,
display_name=d_name),
a_res.FilterEntry(tenant_name='t1', filter_name=name,
name='Any', display_name='Any'),
a_res.Contract(tenant_name='t1', name=name,
display_name=d_name),
a_res.ContractSubject(tenant_name='t1', contract_name=name,
name='Allow', display_name='Allow',
bi_filters=[name]),
a_res.BridgeDomain(tenant_name='t1', name=name,
display_name=d_name,
vrf_name=nat_vrf_name or name,
limit_ip_learn_to_subnets=True,
l3out_names=[l3out_name or 'o1']),
a_res.ApplicationProfile(tenant_name='t1', name='myapp',
display_name='myapp'),
a_res.EndpointGroup(tenant_name='t1', app_profile_name='myapp',
name=name, display_name=d_name,
bd_name=name,
provided_contract_names=[name],
consumed_contract_names=[name],
# NOTE(ivar): Need to keep both VMM
# representations since a GET on the EPG
# will also return the domain name list
# for backward compatibility
openstack_vmm_domain_names=[dom['name']
for dom in vmm_doms
if dom['type'] ==
'OpenStack'],
physical_domain_names=[dom['name']
for dom in phys_doms],
vmm_domains=vmm_doms,
physical_domains=phys_doms)] +
([nat_vrf] if nat_vrf_name is None else []))
def _aim_filter_entry(self, session, aim_filter, filter_entry_name,
filter_entry_attrs):
# This returns a new AIM FilterEntry resource
# TODO(Sumit): Use _aim_resource_by_name
tenant_name = aim_filter.tenant_name
filter_name = aim_filter.name
display_name = self.aim_display_name(filter_name)
kwargs = {'tenant_name': tenant_name,
'filter_name': filter_name,
'name': filter_entry_name,
'display_name': display_name}
kwargs.update(filter_entry_attrs)
aim_filter_entry = aim_resource.FilterEntry(**kwargs)
return aim_filter_entry
def ensure_tenant(self, plugin_context, tenant_id):
LOG.debug("APIC AIM MD ensuring tenant_id: %s", tenant_id)
self.project_name_cache.ensure_project(tenant_id)
# TODO(rkukura): Move the following to calls made from
# precommit methods so AIM Tenants, ApplicationProfiles, and
# Filters are [re]created whenever needed.
session = plugin_context.session
with session.begin(subtransactions=True):
project_name = self.project_name_cache.get_project_name(tenant_id)
tenant_aname = self.name_mapper.tenant(session, tenant_id,
project_name)
LOG.debug(
"Mapped tenant_id %(id)s with name %(name)s to "
"%(aname)s", {
'id': tenant_id,
'name': project_name,
'aname': tenant_aname
})
aim_ctx = aim_context.AimContext(session)
tenant = aim_resource.Tenant(name=tenant_aname)
if not self.aim.get(aim_ctx, tenant):
self.aim.create(aim_ctx, tenant)
ap = aim_resource.ApplicationProfile(tenant_name=tenant_aname,
name=AP_NAME)
if not self.aim.get(aim_ctx, ap):
self.aim.create(aim_ctx, ap)
filter = aim_resource.Filter(tenant_name=tenant_aname,
name=ANY_FILTER_NAME,
display_name='Any Filter')
if not self.aim.get(aim_ctx, filter):
self.aim.create(aim_ctx, filter)
entry = aim_resource.FilterEntry(tenant_name=tenant_aname,
filter_name=ANY_FILTER_NAME,
name=ANY_FILTER_ENTRY_NAME,
display_name='Any FilterEntry')
if not self.aim.get(aim_ctx, entry):
self.aim.create(aim_ctx, entry)
def _get_nat_objects(self, ctx, l3out):
sani = aim_utils.sanitize_display_name
scope = self._scope_name_if_common
d_name = self._display_name(l3out)
filter_name = scope(l3out.tenant_name, 'EXT-%s' % l3out.name)
fltr = resource.Filter(tenant_name=l3out.tenant_name,
name=filter_name,
display_name=sani(
scope(l3out.tenant_name,
'EXT-%s' % d_name)))
entry = resource.FilterEntry(tenant_name=fltr.tenant_name,
filter_name=fltr.name,
name='Any',
display_name='Any')
contract = self._get_nat_contract(ctx, l3out)
subject = resource.ContractSubject(tenant_name=contract.tenant_name,
contract_name=contract.name,
name='Allow',
display_name='Allow')
subject_filter = resource.ContractSubjFilter(
tenant_name=contract.tenant_name,
contract_name=contract.name,
contract_subject_name='Allow',
filter_name=fltr.name)
bd = self._get_nat_bd(ctx, l3out)
bd.vrf_name = l3out.vrf_name
ap, epg = self._get_nat_ap_epg(ctx, l3out)
vm_doms = getattr(self, 'vmm_domains', [{
'type': d.type,
'name': d.name
} for d in self.mgr.find(ctx, resource.VMMDomain)])
phy_doms = getattr(self, 'physical_domains', [{
'name': d.name
} for d in self.mgr.find(ctx, resource.PhysicalDomain)])
epg.bd_name = bd.name
epg.provided_contract_names = [contract.name]
epg.consumed_contract_names = [contract.name]
epg.vmm_domains = vm_doms
epg.physical_domains = phy_doms
return [fltr, entry, contract, subject, subject_filter, bd, ap, epg]