Merge "NSXP: protect router when it hosts a loadbalancer"

2019-04-17 17:47:56 +00:00 · 2019-04-17 17:47:56 +00:00 · e871f7d2e9
parent ac2ad801fc b63002c3e5
commit e871f7d2e9
2 changed files with 28 additions and 2 deletions
--- a/vmware_nsx/services/lbaas/nsx_p/v2/lb_driver_v2.py
+++ b/vmware_nsx/services/lbaas/nsx_p/v2/lb_driver_v2.py
@ -17,6 +17,7 @@ from neutron_lib.callbacks import events
 from neutron_lib.callbacks import registry
 from neutron_lib.callbacks import resources
 from neutron_lib import constants as n_consts
+from neutron_lib import exceptions as n_exc
 from oslo_log import helpers as log_helpers
 from oslo_log import log as logging

@ -135,9 +136,23 @@ class EdgeLoadbalancerDriverV2(base_mgr.LoadbalancerBaseManager):
    def _check_lb_service_on_router(self, resource, event, trigger,
                                    payload=None):
        """Prevent removing a router GW or deleting a router used by LB"""
-        pass
+        router_id = payload.resource_id
+        if self.loadbalancer.core_plugin.service_router_has_loadbalancers(
+                router_id):
+            msg = _('Cannot delete a %s as it still has lb service '
+                    'attachment') % resource
+            raise n_exc.BadRequest(resource='lbaas-lb', msg=msg)

    def _check_lb_service_on_router_interface(
            self, resource, event, trigger, payload=None):
        # Prevent removing the interface of an LB subnet from a router
-        pass
+        router_id = payload.resource_id
+        subnet_id = payload.metadata.get('subnet_id')
+        if not router_id or not subnet_id:
+            return
+
+        # get LB ports and check if any loadbalancer is using this subnet
+        if self._get_lb_ports(payload.context.elevated(), [subnet_id]):
+            msg = _('Cannot delete a router interface as it used by a '
+                    'loadbalancer')
+            raise n_exc.BadRequest(resource='lbaas-lb', msg=msg)
--- a/vmware_nsx/tests/unit/nsx_p/test_plugin.py
+++ b/vmware_nsx/tests/unit/nsx_p/test_plugin.py
@ -48,6 +48,7 @@ from vmware_nsx.common import utils
 from vmware_nsx.extensions import providersecuritygroup as provider_sg
 from vmware_nsx.plugins.common import plugin as com_plugin
 from vmware_nsx.plugins.nsx_p import plugin as nsx_plugin
+
 from vmware_nsx.tests import unit as vmware
 from vmware_nsx.tests.unit.common_plugin import common_v3
 from vmware_nsxlib.v3 import exceptions as nsxlib_exc
@ -1363,6 +1364,16 @@ class NsxPTestL3NatTest(common_v3.FixExternalNetBaseTest,
        kwargs['ext_mgr'] = (kwargs.get('ext_mgr') or
                             NsxPTestL3ExtensionManager())

+        # Make sure the LB callback is not called on router deletion
+        self.lb_mock1 = mock.patch(
+            "vmware_nsx.services.lbaas.nsx_p.v2.lb_driver_v2."
+            "EdgeLoadbalancerDriverV2._check_lb_service_on_router")
+        self.lb_mock1.start()
+        self.lb_mock2 = mock.patch(
+            "vmware_nsx.services.lbaas.nsx_p.v2.lb_driver_v2."
+            "EdgeLoadbalancerDriverV2._check_lb_service_on_router_interface")
+        self.lb_mock2.start()
+
        super(NsxPTestL3NatTest, self).setUp(*args, **kwargs)
        self.original_subnet = self.subnet
        self.original_network = self.network