Merge "Added hash of acl entries to acl object."

Juniper · Feb 4, 2017 · d6da0ed · d6da0ed
2 parents 2cc8780 + 8ad09f1
commit d6da0ed
Show file tree

Hide file tree

Showing 12 changed files with 71 additions and 53 deletions.
diff --git a/src/config/api-server/vnc_db.py b/src/config/api-server/vnc_db.py
@@ -957,7 +957,15 @@ def _dbe_resync(self, obj_type, obj_uuids):
                     if not device_owner and li_back_refs:
                         obj_dict['virtual_machine_interface_device_owner'] = 'PhysicalRouter'
                         self._object_db.object_update('virtual_machine_interface',
-                                                    obj_uuid, obj_dict)
+                                                      obj_uuid, obj_dict)
+                elif obj_type == 'access_control_list':
+                    if not obj_dict.get('access_control_list_hash'):
+                        rules = obj_dict.get('access_control_list_entries')
+                        if rules:
+                            rules_obj = AclEntriesType(params_dict=rules)
+                            obj_dict['access_control_list_hash'] = hash(rules_obj)
+                            self._object_db.object_update('access_control_list',
+                                                          obj_uuid, obj_dict)
 
                 # create new perms if upgrading
                 perms2 = obj_dict.get('perms2')

diff --git a/src/config/common/vnc_db.py b/src/config/common/vnc_db.py
@@ -268,8 +268,9 @@ def update_multiple_refs_with_attr(self, ref_type, obj):
     # end update_multiple_refs
 
     @classmethod
-    def read_obj(cls, uuid, obj_type=None):
-        ok, objs = cls._object_db.object_read(obj_type or cls.obj_type, [uuid])
+    def read_obj(cls, uuid, obj_type=None, fields=None):
+        ok, objs = cls._object_db.object_read(obj_type or cls.obj_type, [uuid],
+                                              field_names=fields)
         if not ok:
             cls._logger.error(
                 'Cannot read %s %s, error %s' % (obj_type, uuid, objs))
@@ -283,37 +284,38 @@ def vnc_obj_from_dict(cls, obj_type, obj_dict):
         return cls.from_dict(**obj_dict)
 
     @classmethod
-    def read_vnc_obj(cls, uuid=None, fq_name=None, obj_type=None):
+    def read_vnc_obj(cls, uuid=None, fq_name=None, obj_type=None, fields=None):
         if uuid is None and fq_name is None:
             raise NoIdError('')
         obj_type = obj_type or cls.obj_type
         if uuid is None:
             if isinstance(fq_name, basestring):
                 fq_name = fq_name.split(':')
             uuid = cls._object_db.fq_name_to_uuid(obj_type, fq_name)
-        obj_dict = cls.read_obj(uuid, obj_type)
+        obj_dict = cls.read_obj(uuid, obj_type, fields)
         obj = cls.vnc_obj_from_dict(obj_type, obj_dict)
         obj.clear_pending_updates()
         return obj
     # end read_vnc_obj
 
     @classmethod
-    def list_obj(cls, obj_type=None):
+    def list_obj(cls, obj_type=None, fields=None):
         obj_type = obj_type or cls.obj_type
         ok, result = cls._object_db.object_list(obj_type)
         if not ok:
             return []
         uuids = [uuid for _, uuid in result]
-        ok, objs = cls._object_db.object_read(obj_type, uuids)
+        ok, objs = cls._object_db.object_read(obj_type, uuids,
+                                              field_names=fields)
         if not ok:
             return []
         return objs
 
     @classmethod
-    def list_vnc_obj(cls, obj_type=None):
+    def list_vnc_obj(cls, obj_type=None, fields=None):
         obj_type = obj_type or cls.obj_type
         vnc_cls = obj_type_to_vnc_class(obj_type, __name__)
-        obj_dicts = cls.list_obj(obj_type)
+        obj_dicts = cls.list_obj(obj_type, fields)
         for obj_dict in obj_dicts:
             obj = vnc_cls.from_dict(**obj_dict)
             obj.clear_pending_updates()

diff --git a/src/config/schema-transformer/config_db.py b/src/config/schema-transformer/config_db.py
@@ -68,12 +68,14 @@ def _access_control_list_update(acl_obj, name, obj, entries):
                 pass
             return None
 
+        entries_hash = hash(entries)
         # if entries did not change, just return the object
-        if acl_obj.get_access_control_list_entries() == entries:
+        if acl_obj.get_access_control_list_hash() == entries_hash:
             return acl_obj
 
         # Set new value of entries on the ACL
         acl_obj.set_access_control_list_entries(entries)
+        acl_obj.set_access_control_list_hash(entries_hash)
         try:
             DBBaseST._vnc_lib.access_control_list_update(acl_obj)
         except HttpError as he:
@@ -248,13 +250,15 @@ def __init__(self, name, obj=None, acl_dict=None):
         self.bgpvpns = set()
         self.acl = None
         self.dynamic_acl = None
+        self.acl_rule_count = 0
         self.multi_policy_service_chains_enabled = None
         for acl in self.obj.get_access_control_lists() or []:
             if acl_dict:
                 acl_obj = acl_dict[acl['uuid']]
             else:
                 acl_obj = self.read_vnc_obj(acl['uuid'],
-                                            obj_type='access_control_list')
+                                            obj_type='access_control_list',
+                                            fields=['access_control_list_hash'])
             if acl_obj.name == self.obj.name:
                 self.acl = acl_obj
             elif acl_obj.name == 'dynamic':
@@ -842,9 +846,7 @@ def uve_send(self, deleted=False):
             vn_msg.send(sandesh=self._sandesh)
             return
 
-        if self.acl:
-            vn_trace.total_acl_rules += len(
-                self.acl.get_access_control_list_entries().get_acl_rule())
+        vn_trace.total_acl_rules = self.acl_rule_count
         for ri_name in self.routing_instances:
             vn_trace.routing_instance_list.append(ri_name)
         for rhs in self.expand_connections():
@@ -1220,6 +1222,7 @@ def evaluate(self):
                 acl = AclRuleType(match, action)
                 acl_list.append(acl)
                 acl_list.update_acl_entries(static_acl_entries)
+            self.acl_rule_count = len(static_acl_entries.get_acl_rule())
 
 
         self.acl = _access_control_list_update(self.acl, self.obj.name,

diff --git a/src/config/schema-transformer/to_bgp.py b/src/config/schema-transformer/to_bgp.py
@@ -229,7 +229,7 @@ def reinit(self):
         sg_id_list = [sg.uuid for sg in sg_list]
         sg_acl_dict = {}
         vn_acl_dict = {}
-        for acl in DBBaseST.list_vnc_obj('access_control_list'):
+        for acl in DBBaseST.list_vnc_obj('access_control_list', fields=['access_control_list_hash']):
             delete = False
             if acl.parent_type == 'virtual-network':
                 if acl.parent_uuid in vn_id_list:

diff --git a/src/config/svc-monitor/svc_monitor/tests/test_common_utils.py b/src/config/svc-monitor/svc_monitor/tests/test_common_utils.py
@@ -275,7 +275,7 @@ def test_get_instance_name(si, inst_count):
     instance_name = "__".join(si.fq_name[:-1] + [name])
     return instance_name
 
-def vm_db_read(obj_type, vm_id):
+def vm_db_read(obj_type, vm_id, **kwargs):
     class SI(object):
         def __init__(self, name, fq_name):
             self.name = name
@@ -291,27 +291,27 @@ def __init__(self, name, fq_name):
     vm_obj['display_name'] = instance_name + '__' + 'vrouter-instance'
     return True, [vm_obj]
 
-def vr_db_read(obj_type, vr_id):
+def vr_db_read(obj_type, vr_id, **kwargs):
     vr_obj = {}
     vr_obj['uuid'] = 'fake-vr-uuid'
     vr_obj['fq_name'] = ['fake-vr-uuid']
     return True, [vr_obj]
 
-def vmi_db_read(obj_type, vmi_id):
+def vmi_db_read(obj_type, vmi_id, **kwargs):
     vmi_obj = {}
     vmi_obj['uuid'] = vmi_id
     vmi_obj['fq_name'] = ['fake-vmi-uuid']
     vmi_obj['parent_type'] = 'project'
     vmi_obj['parent_uuid'] = 'fake-project'
     return True, [vmi_obj]
 
-def iip_db_read(obj_type, iip_id):
+def iip_db_read(obj_type, iip_id, **kwargs):
     iip_obj = {}
     iip_obj['uuid'] = iip_id
     iip_obj['fq_name'] = ['fake-iip-uuid']
     return True, [iip_obj]
 
-def si_db_read(obj_type, si_id):
+def si_db_read(obj_type, si_id, **kwargs):
     name = si_id[0]
     si = ServiceInstanceSM.get(name)
     si_obj = {}
@@ -328,13 +328,13 @@ def si_db_read(obj_type, si_id):
     si_obj['parent_type'] = 'project'
     return True, [si_obj]
 
-def vn_db_read(obj_type, vn_id):
+def vn_db_read(obj_type, vn_id, **kwargs):
     vn_obj = {}
     vn_obj['uuid'] = 'fake-vn-uuid'
     vn_obj['fq_name'] = ['fake-domain', 'fake-project', 'fake-vn-uuid']
     return True, [vn_obj]
 
-def irt_db_read(obj_type, irt_id):
+def irt_db_read(obj_type, irt_id, **kwargs):
     irt_obj = {}
     irt_obj['uuid'] = 'fake-irt-uuid'
     irt_obj['fq_name'] = ['fake-domain', 'fake-project', 'fake-irt-uuid']

diff --git a/src/config/svc-monitor/svc_monitor/tests/test_dep_track.py b/src/config/svc-monitor/svc_monitor/tests/test_dep_track.py
@@ -174,7 +174,7 @@ def delete(cls, uuid):
 
 
 class DepTrackTester(unittest.TestCase):
-    def green_read(self, obj_type, uuid):
+    def green_read(self, obj_type, uuid, **kwargs):
         green_obj = {}
         green_obj['uuid'] = uuid[0]
         green_obj['fq_name'] = ['fake-green-' + uuid[0]]
@@ -183,7 +183,7 @@ def green_read(self, obj_type, uuid):
         return True, [green_obj]
     # end green_read
 
-    def white_read(self, obj_type, uuid):
+    def white_read(self, obj_type, uuid, **kwargs):
         white_obj = {}
         white_obj['uuid'] = uuid[0]
         white_obj['fq_name'] = ['fake-white-' + uuid[0]]
@@ -192,7 +192,7 @@ def white_read(self, obj_type, uuid):
         return True, [white_obj]
     # end white_read
 
-    def purple_read(self, obj_type, uuid):
+    def purple_read(self, obj_type, uuid, **kwargs):
         purple_obj = {}
         purple_obj['uuid'] = uuid[0]
         purple_obj['fq_name'] = ['fake-purple-' + uuid[0]]
@@ -201,7 +201,7 @@ def purple_read(self, obj_type, uuid):
         return True, [purple_obj]
     # end purple_read
 
-    def green_read_with_refs(self, obj_type, uuid):
+    def green_read_with_refs(self, obj_type, uuid, **kwargs):
         green_obj = {}
         green_obj['uuid'] = 'fake-green-uuid'
         green_obj['fq_name'] = ['fake-green-uuid']
@@ -211,7 +211,7 @@ def green_read_with_refs(self, obj_type, uuid):
         return True, [green_obj]
     # end green_read_with_refs
 
-    def green_read_with_update_refs(self, obj_type, uuid):
+    def green_read_with_update_refs(self, obj_type, uuid, **kwargs):
         green_obj = {}
         green_obj['uuid'] = 'fake-green-uuid'
         green_obj['fq_name'] = ['fake-green-uuid']
@@ -221,7 +221,7 @@ def green_read_with_update_refs(self, obj_type, uuid):
         return True, [green_obj]
     # end green_read_with_update_refs
 
-    def white_read_with_refs(self, obj_type, uuid):
+    def white_read_with_refs(self, obj_type, uuid, **kwargs):
         white_obj = {}
         white_obj['uuid'] = 'fake-white-uuid'
         white_obj['fq_name'] = ['fake-white-uuid']
@@ -232,14 +232,14 @@ def white_read_with_refs(self, obj_type, uuid):
     # end white_read_with_refs
 
 
-    def red_read(self, obj_type, uuid):
+    def red_read(self, obj_type, uuid, **kwargs):
         red_obj = {}
         red_obj['uuid'] = 'fake-red-uuid'
         red_obj['fq_name'] = ['fake-red-uuid']
         return True, [red_obj]
     # end red_read
 
-    def red_read_with_child(self, obj_type, uuid):
+    def red_read_with_child(self, obj_type, uuid, **kwargs):
         red_obj = {}
         red_obj['uuid'] = 'fake-red-uuid'
         red_obj['fq_name'] = ['fake-red-uuid']
@@ -248,7 +248,7 @@ def red_read_with_child(self, obj_type, uuid):
         return True, [red_obj]
     # end red_read_with_child
 
-    def blue_read(self, obj_type, uuid):
+    def blue_read(self, obj_type, uuid, **kwargs):
         blue_obj = {}
         blue_obj['uuid'] = uuid[0]
         blue_obj['fq_name'] = ['fake-blue-' + uuid[0]]
@@ -257,7 +257,7 @@ def blue_read(self, obj_type, uuid):
         return True, [blue_obj]
     # end blue_read
 
-    def blue_read_with_refs(self, obj_type, uuid):
+    def blue_read_with_refs(self, obj_type, uuid, **kwargs):
         blue_obj = {}
         blue_obj['uuid'] = 'fake-blue-uuid'
         blue_obj['fq_name'] = ['fake-blue-uuid']
@@ -267,7 +267,7 @@ def blue_read_with_refs(self, obj_type, uuid):
         return True, [blue_obj]
     # end blue_read_with_refs
 
-    def blue_read_with_multi_refs(self, obj_type, uuid):
+    def blue_read_with_multi_refs(self, obj_type, uuid, **kwargs):
         blue_obj = {}
         blue_obj['uuid'] = 'fake-blue-uuid'
         blue_obj['fq_name'] = ['fake-blue-uuid']
@@ -277,7 +277,7 @@ def blue_read_with_multi_refs(self, obj_type, uuid):
         return True, [blue_obj]
     # end blue_read_with_multi_refs
 
-    def blue_read_with_new_refs(self, obj_type, uuid):
+    def blue_read_with_new_refs(self, obj_type, uuid, **kwargs):
         blue_obj = {}
         blue_obj['uuid'] = 'fake-blue-uuid'
         blue_obj['fq_name'] = ['fake-blue-uuid']
@@ -287,7 +287,7 @@ def blue_read_with_new_refs(self, obj_type, uuid):
         return True, [blue_obj]
     # end blue_read_with_new_refs
 
-    def purple_read_with_multi_refs(self, obj_type, uuid):
+    def purple_read_with_multi_refs(self, obj_type, uuid, **kwargs):
         purple_obj = {}
         purple_obj['uuid'] = 'fake-purple-uuid'
         purple_obj['fq_name'] = ['fake-purple-uuid']

diff --git a/src/config/svc-monitor/svc_monitor/tests/test_f5_lb.py b/src/config/svc-monitor/svc_monitor/tests/test_f5_lb.py
@@ -55,7 +55,7 @@ def remove_db(id, data=None):
         self._args, remaining_argv = conf_parser.parse_known_args()
         self._args.config_sections = config
 
-        def sas_read_side_effect(obj_type, uuids):
+        def sas_read_side_effect(obj_type, uuids, **kwargs):
             if obj_type == 'service_appliance_set':
                 return (True, [{
                  'fq_name': ['default-global-system-config', 'opencontrail'],

diff --git a/src/config/svc-monitor/svc_monitor/tests/test_ha_proxy.py b/src/config/svc-monitor/svc_monitor/tests/test_ha_proxy.py
@@ -30,7 +30,7 @@ def no_id_side_effect(fq_name):
             mock.Mock(side_effect=no_id_side_effect)
 
         self._store_si = {}
-        def read_si(obj_type, uuid):
+        def read_si(obj_type, uuid, **kwargs):
             return (True, [self.obj_to_dict(self._store_si[uuid[0]])])
 
         def store_si_create(obj):
@@ -50,7 +50,7 @@ def update_si_side_effect(obj):
             mock.Mock(side_effect=update_si_side_effect)
 
         self._db = {}
-        def read_db(id):
+        def read_db(id, **kwargs):
             if id in self._db:
                 return self._db[id]
 
@@ -92,7 +92,7 @@ def validate_pool_update(obj_type, obj_uuid, ref_type, ref_uuid,
         self._args, remaining_argv = conf_parser.parse_known_args()
         self._args.config_sections = config
 
-        def sas_read_side_effect(obj_type, uuids):
+        def sas_read_side_effect(obj_type, uuids, **kwargs):
             if obj_type == 'service_appliance_set':
                 return (True, [{
                  'fq_name': ['default-global-system-config', 'opencontrail'],

diff --git a/src/config/svc-monitor/svc_monitor/tests/test_loadbalancer_agent.py b/src/config/svc-monitor/svc_monitor/tests/test_loadbalancer_agent.py
@@ -75,7 +75,7 @@ def no_id_side_effect(fq_name):
         self._args, remaining_argv = conf_parser.parse_known_args()
         self._args.config_sections = config
 
-        def sas_read_side_effect(obj_type, uuids):
+        def sas_read_side_effect(obj_type, uuids, **kwargs):
             if obj_type == 'service_appliance_set':
                 return (True, [{
                    'fq_name': ['default-global-system-config', 'opencontrail'],

diff --git a/src/config/svc-monitor/svc_monitor/tests/test_snat_agent.py b/src/config/svc-monitor/svc_monitor/tests/test_snat_agent.py
@@ -195,7 +195,7 @@ def test_upgrade(self):
         rt_obj.parent_type = 'project'
         self.vnc_lib.route_table_read = mock.Mock(return_value=rt_obj)
 
-        def db_read_side_effect(obj_type, uuids):
+        def db_read_side_effect(obj_type, uuids, **kwargs):
             if obj_type != 'virtual_network' and obj_type != 'route_table':
                 return (False, None)
 
@@ -263,7 +263,7 @@ def test_gateway_set(self):
 
         # will return the private virtual network, and will return
         # an error when trying to read the service snat VN
-        def db_read_side_effect(obj_type, uuids):
+        def db_read_side_effect(obj_type, uuids, **kwargs):
             if obj_type != 'virtual_network':
                 return (False, None)
             if 'private1-uuid' in uuids:
@@ -374,7 +374,7 @@ def no_id_side_effect(type, fq_name):
         rt_dict = self.obj_to_dict(rt_obj)
         rt_dict['logical_router_back_refs'] = [{'uuid': '8e9b4859-d4c2-4ed5-9468-4809b1a926f3'}]
 
-        def db_read_side_effect(obj_type, uuids):
+        def db_read_side_effect(obj_type, uuids, **kwargs):
             if obj_type == 'route_table':
                 return (True, [rt_dict])
             if 'private1-uuid' in uuids:
@@ -436,7 +436,7 @@ def no_id_side_effect(type, fq_name):
         rt_obj = self.vnc_lib.route_table_create.mock_calls[0][1][0]
         rt_dict = self.obj_to_dict(rt_obj)
 
-        def db_read_side_effect(obj_type, uuids):
+        def db_read_side_effect(obj_type, uuids, **kwargs):
             if obj_type == 'route_table':
                 return (True, [rt_dict])
             if 'private2-uuid' in uuids:
@@ -524,7 +524,7 @@ def test_add_snat_errors(self):
         # reads from database.
         #
         # Return failure/false for all other reads.
-        def db_read_side_effect(obj_type, uuids):
+        def db_read_side_effect(obj_type, uuids, **kwargs):
             if obj_type != 'virtual_network':
                 return (False, None)
             if 'private1-uuid' in uuids: