octavia 15.0.0__py3-none-any.whl → 16.0.0.0rc1__py3-none-any.whl

octavia/db/repositories.py

@@ -115,10 +115,19 @@ class BaseRepository:
         session.query(self.model_class).filter_by(
             id=id).update(model_kwargs)
 
-    def get(self, session, **filters):
+    def get(self, session, limited_graph=False, **filters):
         """Retrieves an entity from the database.
 
         :param session: A Sql Alchemy database session.
+        :param limited_graph: Option controls number of processed nodes
+                              in the graph. Default (with False) behaviour
+                              is recursion iteration through all nodes
+                              in the graph via to_data_model. With True value
+                              recursion will stop at the first child node.
+                              It means, that only limited number of nodes be
+                              converted. This logic could be used for specific
+                              cases, where information about full graph
+                              is unnecessary.
         :param filters: Filters to decide which entity should be retrieved.
         :returns: octavia.common.data_model
         """
@@ -138,16 +147,26 @@ class BaseRepository:
         if not model:
             return None
 
-        return model.to_data_model()
+        recursion_depth = 0 if limited_graph else None
+        return model.to_data_model(recursion_depth=recursion_depth)
 
     def get_all(self, session, pagination_helper=None,
-                query_options=None, **filters):
+                query_options=None, limited_graph=False, **filters):
 
         """Retrieves a list of entities from the database.
 
         :param session: A Sql Alchemy database session.
         :param pagination_helper: Helper to apply pagination and sorting.
         :param query_options: Optional query options to apply.
+        :param limited_graph: Option controls number of processed nodes
+                              in the graph. Default (with False) behaviour
+                              is recursion iteration through all nodes
+                              in the graph via to_data_model. With True value
+                              recursion will stop at the first child node.
+                              It means, that only limited number of nodes be
+                              converted. This logic could be used for specific
+                              cases, where information about full graph
+                              is unnecessary.
         :param filters: Filters to decide which entities should be retrieved.
         :returns: [octavia.common.data_model]
         """
@@ -170,8 +189,11 @@ class BaseRepository:
         else:
             links = None
             model_list = query.all()
-
-        data_model_list = [model.to_data_model() for model in model_list]
+        recursion_depth = 1 if limited_graph else None
+        data_model_list = [
+            model.to_data_model(recursion_depth=recursion_depth)
+            for model in model_list
+        ]
         return data_model_list, links
 
     def exists(self, session, id):
@@ -234,6 +256,7 @@ class Repositories:
         self.flavor_profile = FlavorProfileRepository()
         self.availability_zone = AvailabilityZoneRepository()
         self.availability_zone_profile = AvailabilityZoneProfileRepository()
+        self.amphora_member_port = AmphoraMemberPortRepository()
 
     def create_load_balancer_and_vip(self, session, lb_dict, vip_dict,
                                      additional_vip_dicts=None):
@@ -253,9 +276,17 @@ class Repositories:
             lb_dict['id'] = uuidutils.generate_uuid()
         lb = models.LoadBalancer(**lb_dict)
         session.add(lb)
+        vip_sg_ids = vip_dict.pop(consts.SG_IDS, [])
         vip_dict['load_balancer_id'] = lb_dict['id']
         vip = models.Vip(**vip_dict)
         session.add(vip)
+        if vip_sg_ids:
+            vip_dict[consts.SG_IDS] = vip_sg_ids
+            for vip_sg_id in vip_sg_ids:
+                vip_sg = models.VipSecurityGroup(
+                    load_balancer_id=lb_dict['id'],
+                    sg_id=vip_sg_id)
+                session.add(vip_sg)
         for add_vip_dict in additional_vip_dicts:
             add_vip_dict['load_balancer_id'] = lb_dict['id']
             add_vip_dict['network_id'] = vip_dict.get('network_id')
@@ -712,6 +743,8 @@ class LoadBalancerRepository(BaseRepository):
         query_options = (
             subqueryload(models.LoadBalancer.vip),
             subqueryload(models.LoadBalancer.additional_vips),
+            (subqueryload(models.LoadBalancer.vip).
+             subqueryload(models.Vip.sgs)),
             subqueryload(models.LoadBalancer.amphorae),
             subqueryload(models.LoadBalancer.pools),
             subqueryload(models.LoadBalancer.listeners),
@@ -789,8 +822,24 @@ class VipRepository(BaseRepository):
 
     def update(self, session, load_balancer_id, **model_kwargs):
         """Updates a vip entity in the database by load_balancer_id."""
-        session.query(self.model_class).filter_by(
-            load_balancer_id=load_balancer_id).update(model_kwargs)
+        sg_ids = model_kwargs.pop(consts.SG_IDS, None)
+
+        vip = session.query(self.model_class).filter_by(
+            load_balancer_id=load_balancer_id)
+        if model_kwargs:
+            vip.update(model_kwargs)
+
+        # NOTE(gthiemonge) the vip must be updated when sg_ids is []
+        # (removal of current sg_ids)
+        if sg_ids is not None:
+            vip = vip.first()
+            vip.sgs = [
+                models.VipSecurityGroup(
+                    load_balancer_id=load_balancer_id,
+                    sg_id=sg_id)
+                for sg_id in sg_ids]
+
+        session.flush()
 
 
 class AdditionalVipRepository(BaseRepository):
@@ -916,7 +965,8 @@ class PoolRepository(BaseRepository):
 class MemberRepository(BaseRepository):
     model_class = models.Member
 
-    def get_all_API_list(self, session, pagination_helper=None, **filters):
+    def get_all_API_list(self, session, pagination_helper=None,
+                         limited_graph=False, **filters):
         """Get a list of members for the API list call.
 
         This get_all returns a data set that is only one level deep
@@ -925,6 +975,8 @@ class MemberRepository(BaseRepository):
 
         :param session: A Sql Alchemy database session.
         :param pagination_helper: Helper to apply pagination and sorting.
+        :param limited_graph: Option to avoid recursion iteration through all
+                              nodes in the graph via to_data_model
         :param filters: Filters to decide which entities should be retrieved.
         :returns: [octavia.common.data_model]
         """
@@ -938,7 +990,8 @@ class MemberRepository(BaseRepository):
 
         return super().get_all(
             session, pagination_helper=pagination_helper,
-            query_options=query_options, **filters)
+            query_options=query_options, limited_graph=limited_graph,
+            **filters)
 
     def delete_members(self, session, member_ids):
         """Batch deletes members from a pool."""
@@ -1402,6 +1455,20 @@ class AmphoraRepository(BaseRepository):
         amp.status = consts.PENDING_DELETE
         lock_session.flush()
 
+    def get_amphorae_ids_on_lb(self, session, lb_id):
+        """Returns a list of amphora IDs associated with the load balancer
+
+        :param session: A Sql Alchemy database session.
+        :param lb_id: A load balancer ID.
+        :returns: A list of amphora IDs
+        """
+        return session.scalars(
+            select(
+                self.model_class.id
+            ).where(
+                self.model_class.load_balancer_id == lb_id
+            )).all()
+
 
 class AmphoraBuildReqRepository(BaseRepository):
     model_class = models.AmphoraBuildRequest
@@ -2081,3 +2148,15 @@ class AvailabilityZoneRepository(_GetALLExceptDELETEDIdMixin, BaseRepository):
 class AvailabilityZoneProfileRepository(_GetALLExceptDELETEDIdMixin,
                                         BaseRepository):
     model_class = models.AvailabilityZoneProfile
+
+
+class AmphoraMemberPortRepository(BaseRepository):
+    model_class = models.AmphoraMemberPort
+
+    def get_port_ids(self, session, amphora_id):
+        return session.scalars(
+            select(
+                self.model_class.port_id
+            ).where(
+                self.model_class.amphora_id == amphora_id
+            )).all()

octavia/network/base.py

@@ -13,10 +13,16 @@
 #    under the License.
 
 import abc
+import typing
 
 from octavia.common import constants
+from octavia.common import data_models
 from octavia.common import exceptions
 
+if typing.TYPE_CHECKING:
+    from octavia.common import context
+    import octavia.network.data_models as n_data_models
+
 
 class NetworkException(exceptions.OctaviaException):
     pass
@@ -94,7 +100,8 @@ class AbstractNetworkDriver(metaclass=abc.ABCMeta):
     """
 
     @abc.abstractmethod
-    def allocate_vip(self, load_balancer):
+    def allocate_vip(self, load_balancer: data_models.LoadBalancer) -> (
+            tuple[data_models.Vip, list[data_models.AdditionalVip]]):
         """Allocates a virtual ip.
 
         Reserves it for later use as the frontend connection of a load
@@ -156,16 +163,6 @@ class AbstractNetworkDriver(metaclass=abc.ABCMeta):
         :raises: UnplugVIPException, PluggedVIPNotFound
         """
 
-    @abc.abstractmethod
-    def plug_network(self, compute_id, network_id):
-        """Connects an existing amphora to an existing network.
-
-        :param compute_id: id of an amphora in the compute service
-        :param network_id: id of a network
-        :return: octavia.network.data_models.Interface instance
-        :raises: PlugNetworkException, AmphoraNotFound, NetworkNotFound
-        """
-
     @abc.abstractmethod
     def unplug_network(self, compute_id, network_id):
         """Disconnects an existing amphora from an existing network.
@@ -294,13 +291,25 @@ class AbstractNetworkDriver(metaclass=abc.ABCMeta):
 
     @abc.abstractmethod
     def get_security_group(self, sg_name):
-        """Retrieves the security group by it's name.
+        """Retrieves the security group by its name.
 
         :param sg_name: The security group name.
         :return: octavia.network.data_models.SecurityGroup, None if not enabled
         :raises: NetworkException, SecurityGroupNotFound
         """
 
+    @abc.abstractmethod
+    def get_security_group_by_id(self, sg_id: str,
+                                 context: 'context.RequestContext' = None) -> (
+            'n_data_models.SecurityGroup'):
+        """Retrieves the security group by its id.
+
+        :param sg_id: The security group ID.
+        :param context: A request context
+        :return: octavia.network.data_models.SecurityGroup, None if not enabled
+        :raises: NetworkException, SecurityGroupNotFound
+        """
+
     @abc.abstractmethod
     def failover_preparation(self, amphora):
         """Prepare an amphora for failover.
@@ -349,6 +358,14 @@ class AbstractNetworkDriver(metaclass=abc.ABCMeta):
         :param vip: The VIP to plug
         """
 
+    @abc.abstractmethod
+    def update_aap_port_sg(self, load_balancer: data_models.LoadBalancer,
+                           amphora: data_models.Amphora,
+                           vip: data_models.Vip):
+        """Updates the security group of the AAP port of an amphora
+
+        """
+
     @abc.abstractmethod
     def plug_aap_port(self, load_balancer, vip, amphora, subnet):
         """Plugs the AAP port to the amp

octavia/network/data_models.py

@@ -19,12 +19,13 @@ from octavia.common import data_models
 class Interface(data_models.BaseDataModel):
 
     def __init__(self, id=None, compute_id=None, network_id=None,
-                 fixed_ips=None, port_id=None):
+                 fixed_ips=None, port_id=None, vnic_type=None):
         self.id = id
         self.compute_id = compute_id
         self.network_id = network_id
         self.port_id = port_id
         self.fixed_ips = fixed_ips
+        self.vnic_type = vnic_type
 
 
 class Delta(data_models.BaseDataModel):

octavia/network/drivers/neutron/allowed_address_pairs.py

@@ -80,7 +80,7 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
                 return interface
         return None
 
-    def _plug_amphora_vip(self, amphora, subnet):
+    def _plug_amphora_vip(self, amphora, subnet, vip: data_models.Vip):
         # We need a vip port owned by Octavia for Act/Stby and failover
         try:
             port = {
@@ -89,7 +89,9 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
                 constants.FIXED_IPS: [{'subnet_id': subnet.id}],
                 constants.ADMIN_STATE_UP: True,
                 constants.DEVICE_OWNER: constants.OCTAVIA_OWNER,
+                constants.SECURITY_GROUP_IDS: vip.sg_ids
             }
+
             new_port = self.network_proxy.create_port(**port)
             new_port = utils.convert_port_to_model(new_port)
 
@@ -149,7 +151,12 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
         net = ipaddress.ip_network(cidr)
         return 'IPv6' if net.version == 6 else 'IPv4'
 
-    def _update_security_group_rules(self, load_balancer, sec_grp_id):
+    def _update_security_group_rules(self,
+                                     load_balancer: data_models.LoadBalancer,
+                                     sec_grp_id):
+        # Skip adding listener rules if sgs is not None or not empty
+        skip_listener_rules = load_balancer.vip.sg_ids
+
         rules = tuple(self.network_proxy.security_group_rules(
             security_group_id=sec_grp_id))
 
@@ -160,19 +167,20 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
                                                  constants.DELETED]):
                 continue
 
-            protocol = constants.PROTOCOL_TCP.lower()
-            if listener.protocol == constants.PROTOCOL_UDP:
-                protocol = constants.PROTOCOL_UDP.lower()
-            elif listener.protocol == lib_consts.PROTOCOL_SCTP:
-                protocol = lib_consts.PROTOCOL_SCTP.lower()
-
-            if listener.allowed_cidrs:
-                for ac in listener.allowed_cidrs:
-                    port = (listener.protocol_port, protocol, ac.cidr)
+            if not skip_listener_rules:
+                protocol = constants.PROTOCOL_TCP.lower()
+                if listener.protocol == constants.PROTOCOL_UDP:
+                    protocol = constants.PROTOCOL_UDP.lower()
+                elif listener.protocol == lib_consts.PROTOCOL_SCTP:
+                    protocol = lib_consts.PROTOCOL_SCTP.lower()
+
+                if listener.allowed_cidrs:
+                    for ac in listener.allowed_cidrs:
+                        port = (listener.protocol_port, protocol, ac.cidr)
+                        updated_ports.append(port)
+                else:
+                    port = (listener.protocol_port, protocol, None)
                     updated_ports.append(port)
-            else:
-                port = (listener.protocol_port, protocol, None)
-                updated_ports.append(port)
 
             listener_peer_ports.append(listener.peer_port)
 
@@ -194,12 +202,13 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
             # Don't remove egress rules and don't confuse other protocols with
             # None ports with the egress rules.  VRRP uses protocol 51 and 112
             if (rule.get('direction') == 'egress' or
-                    rule.get('protocol').upper() not in
+                    rule.get('protocol') is None or
+                    rule['protocol'].upper() not in
                     [constants.PROTOCOL_TCP, constants.PROTOCOL_UDP,
                      lib_consts.PROTOCOL_SCTP]):
                 continue
             old_ports.append((rule.get('port_range_max'),
-                              rule.get('protocol').lower(),
+                              rule['protocol'].lower(),
                               rule.get('remote_ip_prefix')))
 
         add_ports = set(updated_ports) - set(old_ports)
@@ -262,12 +271,15 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
                 raise base.PlugVIPException(str(e))
 
     def _add_vip_security_group_to_port(self, load_balancer_id, port_id,
-                                        sec_grp_id=None):
-        sec_grp_id = (sec_grp_id or
-                      self._get_lb_security_group(load_balancer_id).get(
-                          constants.ID))
+                                        sec_grp_id: str = None,
+                                        vip_sg_ids: list[str] = None):
+        sec_grp_ids = [sec_grp_id or
+                       self._get_lb_security_group(load_balancer_id).get(
+                           constants.ID)]
+        if vip_sg_ids:
+            sec_grp_ids += vip_sg_ids
         try:
-            self._add_security_group_to_port(sec_grp_id, port_id)
+            self._update_security_groups(sec_grp_ids, port_id)
         except base.PortNotFound:
             raise
         except base.NetworkException as e:
@@ -409,15 +421,28 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
             self._update_security_group_rules(load_balancer,
                                               sec_grp.get(constants.ID))
             self._add_vip_security_group_to_port(load_balancer.id, vip.port_id,
-                                                 sec_grp.get(constants.ID))
+                                                 sec_grp.get(constants.ID),
+                                                 vip_sg_ids=vip.sg_ids)
             return sec_grp.get(constants.ID)
         return None
 
+    def update_aap_port_sg(self,
+                           load_balancer: data_models.LoadBalancer,
+                           amphora: data_models.Amphora,
+                           vip: data_models.Vip):
+        if self.sec_grp_enabled:
+            sec_grp = self._get_lb_security_group(load_balancer.id)
+            if sec_grp:
+                self._add_vip_security_group_to_port(load_balancer.id,
+                                                     amphora.vrrp_port_id,
+                                                     sec_grp.get(constants.ID),
+                                                     vip_sg_ids=vip.sg_ids)
+
     def plug_aap_port(self, load_balancer, vip, amphora, subnet):
         interface = self._get_plugged_interface(
             amphora.compute_id, subnet.network_id, amphora.lb_network_ip)
         if not interface:
-            interface = self._plug_amphora_vip(amphora, subnet)
+            interface = self._plug_amphora_vip(amphora, subnet, vip)
 
         aap_address_list = [vip.ip_address]
         for add_vip in load_balancer.additional_vips:
@@ -426,7 +451,8 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
 
         if self.sec_grp_enabled:
             self._add_vip_security_group_to_port(load_balancer.id,
-                                                 interface.port_id)
+                                                 interface.port_id,
+                                                 vip_sg_ids=vip.sg_ids)
         vrrp_ip = None
         for fixed_ip in interface.fixed_ips:
             is_correct_subnet = fixed_ip.subnet_id == subnet.id
@@ -466,7 +492,7 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
             list_of_dicts.append(fixed_ip.to_dict())
         return list_of_dicts
 
-    def allocate_vip(self, load_balancer):
+    def allocate_vip(self, load_balancer: data_models.LoadBalancer):
         """Allocates a virtual ip.
 
         Reserves the IP for later use as the frontend connection of a load
@@ -558,6 +584,9 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
             constants.DEVICE_OWNER: constants.OCTAVIA_OWNER,
             project_id_key: load_balancer.project_id}
 
+        if load_balancer.vip.sg_ids:
+            port[constants.SECURITY_GROUP_IDS] = load_balancer.vip.sg_ids
+
         if fixed_ips:
             port[constants.FIXED_IPS] = fixed_ips
         try:
@@ -626,26 +655,6 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
                 load_balancer.amphorae):
             self.unplug_aap_port(vip, amphora, subnet)
 
-    def plug_network(self, compute_id, network_id):
-        try:
-            interface = self.compute.attach_network_or_port(
-                compute_id=compute_id, network_id=network_id)
-        except exceptions.NotFound as e:
-            if 'Instance' in str(e):
-                raise base.AmphoraNotFound(str(e))
-            if 'Network' in str(e):
-                raise base.NetworkNotFound(str(e))
-            raise base.PlugNetworkException(str(e))
-        except Exception as e:
-            message = _('Error plugging amphora (compute_id: {compute_id}) '
-                        'into network {network_id}.').format(
-                compute_id=compute_id,
-                network_id=network_id)
-            LOG.exception(message)
-            raise base.PlugNetworkException(message) from e
-
-        return self._nova_interface_to_octavia_interface(compute_id, interface)
-
     def unplug_network(self, compute_id, network_id):
         interfaces = self.get_plugged_networks(compute_id)
         if not interfaces:
@@ -876,7 +885,7 @@ class AllowedAddressPairsDriver(neutron_base.BaseNeutronDriver):
             raise base.CreatePortException(message)
 
     def get_security_group(self, sg_name):
-        """Retrieves the security group by it's name.
+        """Retrieves the security group by its name.
 
         :param sg_name: The security group name.
         :return: octavia.network.data_models.SecurityGroup, None if not enabled

octavia/network/drivers/neutron/base.py

@@ -12,6 +12,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+import typing
+
 from openstack.connection import Connection
 import openstack.exceptions as os_exceptions
 from openstack.network.v2._proxy import Proxy
@@ -25,6 +27,9 @@ from octavia.network import base
 from octavia.network import data_models as network_models
 from octavia.network.drivers.neutron import utils
 
+if typing.TYPE_CHECKING:
+    from octavia.common import context
+
 LOG = logging.getLogger(__name__)
 DNS_INT_EXT_ALIAS = 'dns-integration'
 SEC_GRP_EXT_ALIAS = 'security-group'
@@ -76,21 +81,22 @@ class BaseNeutronDriver(base.AbstractNetworkDriver):
                 fixed_ip = port_fixed_ip
             else:
                 additional_ips.append(port_fixed_ip)
+        kwargs = {
+            'ip_address': None,
+            'subnet_id': None
+        }
         if fixed_ip:
-            primary_vip = data_models.Vip(ip_address=fixed_ip.ip_address,
-                                          subnet_id=fixed_ip.subnet_id,
-                                          network_id=port.network_id,
-                                          port_id=port.id,
-                                          load_balancer=load_balancer,
-                                          load_balancer_id=load_balancer.id,
-                                          octavia_owned=octavia_owned)
-        else:
-            primary_vip = data_models.Vip(ip_address=None, subnet_id=None,
-                                          network_id=port.network_id,
-                                          port_id=port.id,
-                                          load_balancer=load_balancer,
-                                          load_balancer_id=load_balancer.id,
-                                          octavia_owned=octavia_owned)
+            kwargs['ip_address'] = fixed_ip.ip_address
+            kwargs['subnet_id'] = fixed_ip.subnet_id
+
+        primary_vip = data_models.Vip(
+            network_id=port.network_id,
+            port_id=port.id,
+            load_balancer=load_balancer,
+            load_balancer_id=load_balancer.id,
+            octavia_owned=octavia_owned,
+            sg_ids=load_balancer.vip.sg_ids,
+            **kwargs)
         additional_vips = [
             data_models.AdditionalVip(
                 ip_address=add_fixed_ip.ip_address,
@@ -123,11 +129,12 @@ class BaseNeutronDriver(base.AbstractNetworkDriver):
         self.network_proxy.update_port(port_id,
                                        allowed_address_pairs=aap)
 
-    def _add_security_group_to_port(self, sec_grp_id, port_id):
+    def _update_security_groups(self, sec_grp_ids: list[str],
+                                port_id: str):
         # Note: Neutron accepts the SG even if it already exists
         try:
             self.network_proxy.update_port(
-                port_id, security_groups=[sec_grp_id])
+                port_id, security_groups=sec_grp_ids)
         except os_exceptions.NotFoundException as e:
             raise base.PortNotFound(str(e))
         except Exception as e:
@@ -252,6 +259,11 @@ class BaseNeutronDriver(base.AbstractNetworkDriver):
     def get_port(self, port_id, context=None):
         return self._get_resource('port', port_id, context=context)
 
+    def get_security_group_by_id(self, sg_id: str,
+                                 context: 'context.RequestContext' = None) -> (
+            'network_models.SecurityGroup'):
+        return self._get_resource('security_group', sg_id, context=context)
+
     def get_network_by_name(self, network_name):
         return self._get_resources_by_filters(
             'network', unique_item=True, name=network_name)

octavia/network/drivers/neutron/utils.py

@@ -12,7 +12,6 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
-
 from openstack.network.v2.network_ip_availability import NetworkIPAvailability
 
 from octavia.network import data_models as network_models
@@ -52,7 +51,8 @@ def convert_port_to_model(port):
         admin_state_up=port.is_admin_state_up,
         fixed_ips=fixed_ips,
         qos_policy_id=port.qos_policy_id,
-        security_group_ids=port.security_group_ids
+        security_group_ids=port.security_group_ids,
+        vnic_type=port.binding_vnic_type
     )