e91518a472
In case the NSX-V3 does not support router-firewall, but the service plugin is enabled, a warning will be logged at init, and all firewall actions will issue a driver error (meaning the firewall will be in ERROR state) Change-Id: Ia4adc4d6433d16e0de7d7ad0439017acbe836d96
48 lines
1.8 KiB
Python
48 lines
1.8 KiB
Python
# Copyright 2017 VMware, Inc.
|
|
# All Rights Reserved
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from oslo_log import log as logging
|
|
|
|
from vmware_nsx.services.fwaas.common import fwaas_callbacks as com_callbacks
|
|
|
|
LOG = logging.getLogger(__name__)
|
|
|
|
|
|
class Nsxv3FwaasCallbacks(com_callbacks.NsxFwaasCallbacks):
|
|
"""NSX-V3 RPC callbacks for Firewall As A Service - V1."""
|
|
|
|
def __init__(self, nsxlib):
|
|
super(Nsxv3FwaasCallbacks, self).__init__()
|
|
|
|
def should_apply_firewall_to_router(self, context, router_id):
|
|
"""Return True if the FWaaS rules should be added to this router."""
|
|
if not super(Nsxv3FwaasCallbacks,
|
|
self).should_apply_firewall_to_router(context,
|
|
router_id):
|
|
return False
|
|
|
|
# get all the relevant router info
|
|
ctx_elevated = context.elevated()
|
|
router_data = self.core_plugin.get_router(ctx_elevated, router_id)
|
|
if not router_data:
|
|
LOG.error("Couldn't read router %s data", router_id)
|
|
return False
|
|
|
|
# Check if the FWaaS driver supports this router
|
|
if not self.fwaas_driver.should_apply_firewall_to_router(router_data):
|
|
return False
|
|
|
|
return True
|