224 lines
9.6 KiB
Python
224 lines
9.6 KiB
Python
|
|
# (c) Copyright 2013 Hewlett-Packard Development Company, L.P.
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from neutron.db import servicetype_db as st_db
|
|
from neutron.services import provider_configuration as pconf
|
|
from neutron.services import service_base
|
|
from neutron_lib import context as ncontext
|
|
from neutron_lib import exceptions as lib_exc
|
|
from neutron_lib.exceptions import flavors as flav_exc
|
|
from neutron_lib.plugins import constants
|
|
from neutron_lib.plugins import directory
|
|
from oslo_log import log as logging
|
|
|
|
from neutron_vpnaas.db.vpn import vpn_db
|
|
from neutron_vpnaas.extensions import vpn_flavors
|
|
|
|
LOG = logging.getLogger(__name__)
|
|
|
|
|
|
def add_provider_configuration(type_manager, service_type):
|
|
type_manager.add_provider_configuration(
|
|
service_type,
|
|
pconf.ProviderConfiguration('neutron_vpnaas'))
|
|
|
|
|
|
class VPNPlugin(vpn_db.VPNPluginDb):
|
|
|
|
"""Implementation of the VPN Service Plugin.
|
|
|
|
This class manages the workflow of VPNaaS request/response.
|
|
Most DB related works are implemented in class
|
|
vpn_db.VPNPluginDb.
|
|
"""
|
|
supported_extension_aliases = ["vpnaas",
|
|
"vpn-endpoint-groups",
|
|
"service-type",
|
|
"vpn-flavors"]
|
|
path_prefix = "/vpn"
|
|
|
|
|
|
class VPNDriverPlugin(VPNPlugin, vpn_db.VPNPluginRpcDbMixin):
|
|
"""VpnPlugin which supports VPN Service Drivers."""
|
|
#TODO(nati) handle ikepolicy and ipsecpolicy update usecase
|
|
def __init__(self):
|
|
super(VPNDriverPlugin, self).__init__()
|
|
self.service_type_manager = st_db.ServiceTypeManager.get_instance()
|
|
add_provider_configuration(self.service_type_manager, constants.VPN)
|
|
# Load the service driver from neutron.conf.
|
|
self.drivers, self.default_provider = service_base.load_drivers(
|
|
constants.VPN, self)
|
|
self._check_orphan_vpnservice_associations()
|
|
# Associate driver names to driver objects
|
|
for driver_name, driver in self.drivers.items():
|
|
driver.name = driver_name
|
|
LOG.info(("VPN plugin using service drivers: %(service_drivers)s, "
|
|
"default: %(default_driver)s"),
|
|
{'service_drivers': self.drivers.keys(),
|
|
'default_driver': self.default_provider})
|
|
vpn_db.subscribe()
|
|
|
|
@property
|
|
def _flavors_plugin(self):
|
|
return directory.get_plugin(constants.FLAVORS)
|
|
|
|
def _check_orphan_vpnservice_associations(self):
|
|
context = ncontext.get_admin_context()
|
|
vpnservices = self.get_vpnservices(context)
|
|
vpnservice_ids = [vpnservice['id'] for vpnservice in vpnservices]
|
|
|
|
stm = self.service_type_manager
|
|
provider_names = stm.get_provider_names_by_resource_ids(
|
|
context, vpnservice_ids)
|
|
|
|
lost_providers = set()
|
|
lost_vpnservices = []
|
|
for vpnservice_id, provider in provider_names.items():
|
|
if provider not in self.drivers:
|
|
lost_providers.add(provider)
|
|
lost_vpnservices.append(vpnservice_id)
|
|
if lost_providers or lost_vpnservices:
|
|
# Provider are kept internally, we need to inform users about
|
|
# the related VPN services.
|
|
msg = (
|
|
"Delete associated vpnservices %(vpnservices)s before "
|
|
"removing providers %(providers)s."
|
|
) % {'vpnservices': lost_vpnservices,
|
|
'providers': list(lost_providers)}
|
|
LOG.exception(msg)
|
|
raise SystemExit(msg)
|
|
|
|
# Deal with upgrade. Associate existing VPN services to default
|
|
# provider.
|
|
unasso_vpnservices = [
|
|
vpnservice_id for vpnservice_id in vpnservice_ids
|
|
if vpnservice_id not in provider_names]
|
|
if unasso_vpnservices:
|
|
LOG.info(
|
|
("Associating VPN services %(unasso_vpnservices)s to "
|
|
"default provider %(default_provider)s."),
|
|
{'unasso_vpnservices': unasso_vpnservices,
|
|
'default_provider': self.default_provider})
|
|
for vpnservice_id in unasso_vpnservices:
|
|
stm.add_resource_association(
|
|
context, constants.VPN,
|
|
self.default_provider, vpnservice_id)
|
|
|
|
def _get_provider_for_flavor(self, context, flavor_id):
|
|
if flavor_id:
|
|
if self._flavors_plugin is None:
|
|
raise vpn_flavors.FlavorsPluginNotLoaded()
|
|
|
|
fl_db = self._flavors_plugin.get_flavor(context, flavor_id)
|
|
if fl_db['service_type'] != constants.VPN:
|
|
raise lib_exc.InvalidServiceType(
|
|
service_type=fl_db['service_type'])
|
|
if not fl_db['enabled']:
|
|
raise flav_exc.FlavorDisabled()
|
|
providers = self._flavors_plugin.get_flavor_next_provider(
|
|
context, fl_db['id'])
|
|
provider = providers[0].get('provider')
|
|
if provider not in self.drivers:
|
|
raise vpn_flavors.NoProviderFoundForFlavor(flavor_id=flavor_id)
|
|
else:
|
|
# Use default provider
|
|
provider = self.default_provider
|
|
|
|
LOG.debug("Selected provider %s", provider)
|
|
return provider
|
|
|
|
def _get_driver_for_vpnservice(self, context, vpnservice):
|
|
stm = self.service_type_manager
|
|
provider_names = stm.get_provider_names_by_resource_ids(
|
|
context, [vpnservice['id']])
|
|
provider = provider_names.get(vpnservice['id'])
|
|
return self.drivers[provider]
|
|
|
|
def _get_driver_for_ipsec_site_connection(self, context,
|
|
ipsec_site_connection):
|
|
# Only vpnservice_id is required as the vpnservice should be already
|
|
# associated with a provider after its creation.
|
|
vpnservice = {'id': ipsec_site_connection['vpnservice_id']}
|
|
return self._get_driver_for_vpnservice(context, vpnservice)
|
|
|
|
def create_ipsec_site_connection(self, context, ipsec_site_connection):
|
|
driver = self._get_driver_for_ipsec_site_connection(
|
|
context, ipsec_site_connection['ipsec_site_connection'])
|
|
driver.validator.validate_ipsec_site_connection(
|
|
context,
|
|
ipsec_site_connection['ipsec_site_connection'])
|
|
ipsec_site_connection = super(
|
|
VPNDriverPlugin, self).create_ipsec_site_connection(
|
|
context, ipsec_site_connection)
|
|
driver.create_ipsec_site_connection(context, ipsec_site_connection)
|
|
return ipsec_site_connection
|
|
|
|
def delete_ipsec_site_connection(self, context, ipsec_conn_id):
|
|
ipsec_site_connection = self.get_ipsec_site_connection(
|
|
context, ipsec_conn_id)
|
|
super(VPNDriverPlugin, self).delete_ipsec_site_connection(
|
|
context, ipsec_conn_id)
|
|
driver = self._get_driver_for_ipsec_site_connection(
|
|
context, ipsec_site_connection)
|
|
driver.delete_ipsec_site_connection(context, ipsec_site_connection)
|
|
|
|
def update_ipsec_site_connection(
|
|
self, context,
|
|
ipsec_conn_id, ipsec_site_connection):
|
|
old_ipsec_site_connection = self.get_ipsec_site_connection(
|
|
context, ipsec_conn_id)
|
|
driver = self._get_driver_for_ipsec_site_connection(
|
|
context, old_ipsec_site_connection)
|
|
driver.validator.validate_ipsec_site_connection(
|
|
context,
|
|
ipsec_site_connection['ipsec_site_connection'])
|
|
ipsec_site_connection = super(
|
|
VPNDriverPlugin, self).update_ipsec_site_connection(
|
|
context,
|
|
ipsec_conn_id,
|
|
ipsec_site_connection)
|
|
driver.update_ipsec_site_connection(
|
|
context, old_ipsec_site_connection, ipsec_site_connection)
|
|
return ipsec_site_connection
|
|
|
|
def create_vpnservice(self, context, vpnservice):
|
|
provider = self._get_provider_for_flavor(
|
|
context, vpnservice['vpnservice'].get('flavor_id'))
|
|
vpnservice = super(
|
|
VPNDriverPlugin, self).create_vpnservice(context, vpnservice)
|
|
self.service_type_manager.add_resource_association(
|
|
context, constants.VPN, provider, vpnservice['id'])
|
|
driver = self.drivers[provider]
|
|
driver.create_vpnservice(context, vpnservice)
|
|
return vpnservice
|
|
|
|
def update_vpnservice(self, context, vpnservice_id, vpnservice):
|
|
old_vpn_service = self.get_vpnservice(context, vpnservice_id)
|
|
new_vpn_service = super(
|
|
VPNDriverPlugin, self).update_vpnservice(context, vpnservice_id,
|
|
vpnservice)
|
|
driver = self._get_driver_for_vpnservice(context, old_vpn_service)
|
|
driver.update_vpnservice(context, old_vpn_service, new_vpn_service)
|
|
return new_vpn_service
|
|
|
|
def delete_vpnservice(self, context, vpnservice_id):
|
|
vpnservice = self._get_vpnservice(context, vpnservice_id)
|
|
super(VPNDriverPlugin, self).delete_vpnservice(context, vpnservice_id)
|
|
driver = self._get_driver_for_vpnservice(context, vpnservice)
|
|
self.service_type_manager.del_resource_associations(
|
|
context, [vpnservice_id])
|
|
driver.delete_vpnservice(context, vpnservice)
|