From e9db12382e5cf3d231ab9a483ede0beb6546338a Mon Sep 17 00:00:00 2001 From: Kenji Ishii Date: Thu, 30 Mar 2017 02:43:49 +0000 Subject: [PATCH] Support security groups association per port This patch support operation for operators and project users to associate security groups to a port. The feature is mentioned at the neutron user feedback session in Barcelona summit [1]. This function UI is same as the function of security groups association per instance. To realize this, the way of implementation for 'Edit port' is changed, which move from a single modal to a workflow base. [1] https://etherpad.openstack.org/p/ocata-neutron-end-user-operator-feedback (L.35+) Also we need to display how security groups is associated at a port. At the moment, there is not way to be able to see it (only this function). It should be done as an another patch. Change-Id: I96e0fafdffbf05b8167ec1b85f7430176fdaab90 Closes-Bug: #1637444 Co-Authored-By: Akihiro Motoki --- openstack_dashboard/api/neutron.py | 6 +- .../dashboards/admin/networks/ports/tests.py | 44 +++++------ .../admin/networks/ports/workflows.py | 11 +-- .../networks/ports/_edit_port_help.html | 18 +++++ .../dashboards/project/instances/tests.py | 6 +- .../instances/workflows/update_instance.py | 76 ++++++++++++------- .../project/networks/ports/tables.py | 6 +- .../project/networks/ports/tests.py | 45 +++++------ .../project/networks/ports/views.py | 3 +- .../project/networks/ports/workflows.py | 52 +++++++++++-- .../networks/ports/_edit_port_help.html | 25 ++++++ .../test/test_data/neutron_data.py | 2 + ...p-associate-per-port-c81ca7beb7dca409.yaml | 6 ++ 13 files changed, 207 insertions(+), 93 deletions(-) create mode 100644 openstack_dashboard/dashboards/admin/networks/templates/networks/ports/_edit_port_help.html create mode 100644 openstack_dashboard/dashboards/project/networks/templates/networks/ports/_edit_port_help.html create mode 100644 releasenotes/notes/security-group-associate-per-port-c81ca7beb7dca409.yaml diff --git a/openstack_dashboard/api/neutron.py b/openstack_dashboard/api/neutron.py index a57350041e..4d331cae2b 100644 --- a/openstack_dashboard/api/neutron.py +++ b/openstack_dashboard/api/neutron.py @@ -331,8 +331,12 @@ class SecurityGroupManager(object): :returns: List of SecurityGroup objects """ + # This is to ensure tenant_id key is not populated + # if tenant_id=None is specified. tenant_id = params.pop('tenant_id', self.request.user.tenant_id) - return self._list(tenant_id=tenant_id, **params) + if tenant_id: + params['tenant_id'] = tenant_id + return self._list(**params) def _sg_name_dict(self, sg_id, rules): """Create a mapping dict from secgroup id to its name.""" diff --git a/openstack_dashboard/dashboards/admin/networks/ports/tests.py b/openstack_dashboard/dashboards/admin/networks/ports/tests.py index 248e2aba88..3c8d082f27 100644 --- a/openstack_dashboard/dashboards/admin/networks/ports/tests.py +++ b/openstack_dashboard/dashboards/admin/networks/ports/tests.py @@ -341,21 +341,18 @@ class NetworkPortTests(test.BaseAdminViewTests): redir_url = reverse(NETWORKS_DETAIL_URL, args=[port.network_id]) self.assertRedirectsNoFollow(res, redir_url) - @test.create_stubs({api.neutron: ('port_get', - 'is_extension_supported',)}) def test_port_update_get(self): self._test_port_update_get() - @test.create_stubs({api.neutron: ('port_get', - 'is_extension_supported',)}) def test_port_update_get_with_mac_learning(self): self._test_port_update_get(mac_learning=True) - @test.create_stubs({api.neutron: ('port_get', - 'is_extension_supported',)}) def test_port_update_get_with_port_security(self): self._test_port_update_get(port_security=True) + @test.create_stubs({api.neutron: ('port_get', + 'security_group_list', + 'is_extension_supported',)}) def _test_port_update_get(self, mac_learning=False, binding=False, port_security=False): port = self.ports.first() @@ -371,6 +368,9 @@ class NetworkPortTests(test.BaseAdminViewTests): api.neutron.is_extension_supported(IsA(http.HttpRequest), 'port-security')\ .AndReturn(port_security) + api.neutron.security_group_list(IsA(http.HttpRequest), + tenant_id=None)\ + .AndReturn(self.security_groups.list()) self.mox.ReplayAll() url = reverse('horizon:admin:networks:editport', @@ -379,24 +379,19 @@ class NetworkPortTests(test.BaseAdminViewTests): self.assertTemplateUsed(res, views.WorkflowView.template_name) - @test.create_stubs({api.neutron: ('port_get', - 'is_extension_supported', - 'port_update')}) def test_port_update_post(self): self._test_port_update_post() - @test.create_stubs({api.neutron: ('port_get', - 'is_extension_supported', - 'port_update')}) def test_port_update_post_with_mac_learning(self): self._test_port_update_post(mac_learning=True) - @test.create_stubs({api.neutron: ('port_get', - 'is_extension_supported', - 'port_update')}) def test_port_update_post_with_port_security(self): self._test_port_update_post(port_security=True) + @test.create_stubs({api.neutron: ('port_get', + 'is_extension_supported', + 'security_group_list', + 'port_update')}) def _test_port_update_post(self, mac_learning=False, binding=False, port_security=False): port = self.ports.first() @@ -411,6 +406,9 @@ class NetworkPortTests(test.BaseAdminViewTests): api.neutron.is_extension_supported(IsA(http.HttpRequest), 'port-security')\ .MultipleTimes().AndReturn(port_security) + api.neutron.security_group_list(IsA(http.HttpRequest), + tenant_id=None)\ + .AndReturn(self.security_groups.list()) extension_kwargs = {} if binding: extension_kwargs['binding__vnic_type'] = port.binding__vnic_type @@ -451,24 +449,19 @@ class NetworkPortTests(test.BaseAdminViewTests): redir_url = reverse(NETWORKS_DETAIL_URL, args=[port.network_id]) self.assertRedirectsNoFollow(res, redir_url) - @test.create_stubs({api.neutron: ('port_get', - 'is_extension_supported', - 'port_update')}) def test_port_update_post_exception(self): self._test_port_update_post_exception() - @test.create_stubs({api.neutron: ('port_get', - 'is_extension_supported', - 'port_update')}) def test_port_update_post_exception_with_mac_learning(self): self._test_port_update_post_exception(mac_learning=True, binding=False) - @test.create_stubs({api.neutron: ('port_get', - 'is_extension_supported', - 'port_update')}) def test_port_update_post_exception_with_port_security(self): self._test_port_update_post_exception(port_security=True) + @test.create_stubs({api.neutron: ('port_get', + 'is_extension_supported', + 'security_group_list', + 'port_update')}) def _test_port_update_post_exception(self, mac_learning=False, binding=False, port_security=False): @@ -484,6 +477,9 @@ class NetworkPortTests(test.BaseAdminViewTests): api.neutron.is_extension_supported(IsA(http.HttpRequest), 'port-security')\ .MultipleTimes().AndReturn(port_security) + api.neutron.security_group_list(IsA(http.HttpRequest), + tenant_id=None)\ + .AndReturn(self.security_groups.list()) extension_kwargs = {} if binding: extension_kwargs['binding__vnic_type'] = port.binding__vnic_type diff --git a/openstack_dashboard/dashboards/admin/networks/ports/workflows.py b/openstack_dashboard/dashboards/admin/networks/ports/workflows.py index c86b13aedf..dd70738a16 100644 --- a/openstack_dashboard/dashboards/admin/networks/ports/workflows.py +++ b/openstack_dashboard/dashboards/admin/networks/ports/workflows.py @@ -30,25 +30,20 @@ LOG = logging.getLogger(__name__) class UpdatePortInfoAction(project_workflow.UpdatePortInfoAction): device_id = forms.CharField( max_length=100, label=_("Device ID"), - help_text=_("Device ID attached to the port"), required=False) device_owner = forms.CharField( max_length=100, label=_("Device Owner"), - help_text=_("Device owner attached to the port"), required=False) binding__host_id = forms.CharField( label=_("Binding: Host"), - help_text=_("The ID of the host where the port is allocated. In some " - "cases, different implementations can run on different " - "hosts."), required=False) mac_address = forms.MACAddressField( label=_("MAC Address"), - required=False, - help_text=_("MAC address for the port")) + required=False) class Meta(object): name = _("Info") + help_text_template = 'admin/networks/ports/_edit_port_help.html' class UpdatePortInfo(project_workflow.UpdatePortInfo): @@ -60,7 +55,7 @@ class UpdatePortInfo(project_workflow.UpdatePortInfo): class UpdatePort(project_workflow.UpdatePort): - default_steps = (UpdatePortInfo, ) + default_steps = (UpdatePortInfo, project_workflow.UpdatePortSecurityGroup) def get_success_url(self): return reverse("horizon:admin:networks:detail", diff --git a/openstack_dashboard/dashboards/admin/networks/templates/networks/ports/_edit_port_help.html b/openstack_dashboard/dashboards/admin/networks/templates/networks/ports/_edit_port_help.html new file mode 100644 index 0000000000..6387c09b6f --- /dev/null +++ b/openstack_dashboard/dashboards/admin/networks/templates/networks/ports/_edit_port_help.html @@ -0,0 +1,18 @@ +{% extends 'project/networks/ports/_edit_port_help.html' %} +{% load i18n %} + +{% block admin_fields %} +
{% trans "Device ID" %}
+
{% blocktrans trimmed %}Device ID attached to the port. + {% endblocktrans %}
+
{% trans "Device Owner" %}
+
{% blocktrans trimmed %}Device owner attached to the port. + {% endblocktrans %}
+
{% trans "Binding: Host" %}
+
{% blocktrans trimmed %}The ID of the host where the port is allocated. + In some cases, different implementations can run on different hosts. + {% endblocktrans %}
+
{% trans "MAC Address" %}
+
{% blocktrans trimmed %}MAC address for the port. + {% endblocktrans %}
+{% endblock admin_fields %} diff --git a/openstack_dashboard/dashboards/project/instances/tests.py b/openstack_dashboard/dashboards/project/instances/tests.py index 9b57ef6b1b..eb16d90256 100644 --- a/openstack_dashboard/dashboards/project/instances/tests.py +++ b/openstack_dashboard/dashboards/project/instances/tests.py @@ -1509,7 +1509,8 @@ class InstanceTests(helpers.ResetImageAPIVersionMixin, helpers.TestCase): server = self.servers.first() api.nova.server_get(IsA(http.HttpRequest), server.id).AndReturn(server) - api.neutron.security_group_list(IsA(http.HttpRequest)) \ + api.neutron.security_group_list(IsA(http.HttpRequest), + tenant_id=None) \ .AndReturn([]) api.neutron.server_security_groups(IsA(http.HttpRequest), server.id).AndReturn([]) @@ -1561,7 +1562,8 @@ class InstanceTests(helpers.ResetImageAPIVersionMixin, helpers.TestCase): wanted_groups = [secgroups[1].id, secgroups[2].id] api.nova.server_get(IsA(http.HttpRequest), server.id).AndReturn(server) - api.neutron.security_group_list(IsA(http.HttpRequest)) \ + api.neutron.security_group_list(IsA(http.HttpRequest), + tenant_id=None) \ .AndReturn(secgroups) api.neutron.server_security_groups(IsA(http.HttpRequest), server.id).AndReturn(server_groups) diff --git a/openstack_dashboard/dashboards/project/instances/workflows/update_instance.py b/openstack_dashboard/dashboards/project/instances/workflows/update_instance.py index 7e748b906d..048b2e8f97 100644 --- a/openstack_dashboard/dashboards/project/instances/workflows/update_instance.py +++ b/openstack_dashboard/dashboards/project/instances/workflows/update_instance.py @@ -31,15 +31,14 @@ ADD_USER_URL = "horizon:projects:instances:create_user" INSTANCE_SEC_GROUP_SLUG = "update_security_groups" -class UpdateInstanceSecurityGroupsAction(workflows.MembershipAction): +class BaseSecurityGroupsAction(workflows.MembershipAction): def __init__(self, request, *args, **kwargs): - super(UpdateInstanceSecurityGroupsAction, self).__init__(request, - *args, - **kwargs) + super(BaseSecurityGroupsAction, self).__init__(request, + *args, + **kwargs) err_msg = _('Unable to retrieve security group list. ' 'Please try again later.') context = args[0] - instance_id = context.get('instance_id', '') default_role_name = self.get_default_role_field_name() self.fields[default_role_name] = forms.CharField(required=False) @@ -48,22 +47,55 @@ class UpdateInstanceSecurityGroupsAction(workflows.MembershipAction): # Get list of available security groups all_groups = [] try: - all_groups = api.neutron.security_group_list(request) + # target_tenant_id is required when the form is used as admin. + # Owner of security group and port should match. + tenant_id = context.get('target_tenant_id') + all_groups = api.neutron.security_group_list(request, + tenant_id=tenant_id) except Exception: exceptions.handle(request, err_msg) groups_list = [(group.id, group.name) for group in all_groups] - instance_groups = [] - try: - instance_groups = api.neutron.server_security_groups(request, - instance_id) - except Exception: - exceptions.handle(request, err_msg) field_name = self.get_member_field_name('member') self.fields[field_name] = forms.MultipleChoiceField(required=False) self.fields[field_name].choices = groups_list - self.fields[field_name].initial = [group.id - for group in instance_groups] + sec_groups = [] + try: + sec_groups = self._get_initial_security_groups(context) + except Exception: + exceptions.handle(request, err_msg) + self.fields[field_name].initial = sec_groups + + def _get_initial_security_groups(self, context): + # This depends on each cases + pass + + def handle(self, request, data): + # This depends on each cases + pass + + +class BaseSecurityGroups(workflows.UpdateMembersStep): + available_list_title = _("All Security Groups") + no_available_text = _("No security groups found.") + no_members_text = _("No security groups enabled.") + show_roles = False + contributes = ("wanted_groups",) + + def contribute(self, data, context): + request = self.workflow.request + if data: + field_name = self.get_member_field_name('member') + context["wanted_groups"] = request.POST.getlist(field_name) + return context + + +class UpdateInstanceSecurityGroupsAction(BaseSecurityGroupsAction): + def _get_initial_security_groups(self, context): + instance_id = context.get('instance_id', '') + sec_groups = api.neutron.server_security_groups(self.request, + instance_id) + return [group.id for group in sec_groups] def handle(self, request, data): instance_id = data['instance_id'] @@ -81,28 +113,16 @@ class UpdateInstanceSecurityGroupsAction(workflows.MembershipAction): slug = INSTANCE_SEC_GROUP_SLUG -class UpdateInstanceSecurityGroups(workflows.UpdateMembersStep): +class UpdateInstanceSecurityGroups(BaseSecurityGroups): action_class = UpdateInstanceSecurityGroupsAction + members_list_title = _("Instance Security Groups") help_text = _("Add and remove security groups to this instance " "from the list of available security groups.") - available_list_title = _("All Security Groups") - members_list_title = _("Instance Security Groups") - no_available_text = _("No security groups found.") - no_members_text = _("No security groups enabled.") - show_roles = False depends_on = ("instance_id",) - contributes = ("wanted_groups",) def allowed(self, request): return api.base.is_service_enabled(request, 'network') - def contribute(self, data, context): - request = self.workflow.request - if data: - field_name = self.get_member_field_name('member') - context["wanted_groups"] = request.POST.getlist(field_name) - return context - class UpdateInstanceInfoAction(workflows.Action): name = forms.CharField(label=_("Name"), diff --git a/openstack_dashboard/dashboards/project/networks/ports/tables.py b/openstack_dashboard/dashboards/project/networks/ports/tables.py index aa13d464c2..7c6453e860 100644 --- a/openstack_dashboard/dashboards/project/networks/ports/tables.py +++ b/openstack_dashboard/dashboards/project/networks/ports/tables.py @@ -16,6 +16,7 @@ import logging from django.core.urlresolvers import reverse from django import template +from django.utils.http import urlencode from django.utils.translation import pgettext_lazy from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ungettext_lazy @@ -55,7 +56,10 @@ class UpdatePort(policy.PolicyTargetMixin, tables.LinkAction): def get_link_url(self, port): network_id = self.table.kwargs['network_id'] - return reverse(self.url, args=(network_id, port.id)) + base_url = reverse(self.url, args=(network_id, port.id)) + params = {'step': 'update_info'} + param = urlencode(params) + return '?'.join([base_url, param]) DISPLAY_CHOICES = ( diff --git a/openstack_dashboard/dashboards/project/networks/ports/tests.py b/openstack_dashboard/dashboards/project/networks/ports/tests.py index 198b9f2be9..8806db3ff0 100644 --- a/openstack_dashboard/dashboards/project/networks/ports/tests.py +++ b/openstack_dashboard/dashboards/project/networks/ports/tests.py @@ -81,16 +81,15 @@ class NetworkPortTests(test.TestCase): self.assertRedirectsNoFollow(res, NETWORKS_INDEX_URL) - @test.create_stubs({api.neutron: ('port_get', - 'is_extension_supported',)}) def test_port_update_get(self): self._test_port_update_get() - @test.create_stubs({api.neutron: ('port_get', - 'is_extension_supported',)}) def test_port_update_get_with_mac_learning(self): self._test_port_update_get(mac_learning=True) + @test.create_stubs({api.neutron: ('port_get', + 'security_group_list', + 'is_extension_supported',)}) def _test_port_update_get(self, mac_learning=False, binding=False): port = self.ports.first() api.neutron.port_get(IsA(http.HttpRequest), port.id) \ @@ -101,6 +100,9 @@ class NetworkPortTests(test.TestCase): api.neutron.is_extension_supported(IsA(http.HttpRequest), 'mac-learning')\ .MultipleTimes().AndReturn(mac_learning) + api.neutron.security_group_list(IsA(http.HttpRequest), + tenant_id=None)\ + .AndReturn(self.security_groups.list()) self.mox.ReplayAll() url = reverse('horizon:project:networks:editport', @@ -109,27 +111,23 @@ class NetworkPortTests(test.TestCase): self.assertTemplateUsed(res, views.WorkflowView.template_name) - @test.create_stubs({api.neutron: ('port_get', - 'is_extension_supported', - 'port_update')}) def test_port_update_post(self): self._test_port_update_post() - @test.create_stubs({api.neutron: ('port_get', - 'is_extension_supported', - 'port_update')}) def test_port_update_post_with_mac_learning(self): self._test_port_update_post(mac_learning=True) - @test.create_stubs({api.neutron: ('port_get', - 'is_extension_supported', - 'port_update')}) def test_port_update_post_with_port_security(self): self._test_port_update_post(port_security=True) + @test.create_stubs({api.neutron: ('port_get', + 'is_extension_supported', + 'security_group_list', + 'port_update')}) def _test_port_update_post(self, mac_learning=False, binding=False, port_security=False): port = self.ports.first() + security_groups = self.security_groups.list() api.neutron.port_get(IsA(http.HttpRequest), port.id)\ .AndReturn(port) api.neutron.is_extension_supported(IsA(http.HttpRequest), @@ -141,6 +139,9 @@ class NetworkPortTests(test.TestCase): api.neutron.is_extension_supported(IsA(http.HttpRequest), 'port-security')\ .MultipleTimes().AndReturn(port_security) + api.neutron.security_group_list(IsA(http.HttpRequest), + tenant_id=None)\ + .AndReturn(self.security_groups.list()) extension_kwargs = {} if binding: extension_kwargs['binding__vnic_type'] = port.binding__vnic_type @@ -148,6 +149,7 @@ class NetworkPortTests(test.TestCase): extension_kwargs['mac_learning_enabled'] = True if port_security: extension_kwargs['port_security_enabled'] = True + extension_kwargs['wanted_groups'] = security_groups api.neutron.port_update(IsA(http.HttpRequest), port.id, name=port.name, admin_state_up=port.admin_state_up, @@ -165,6 +167,7 @@ class NetworkPortTests(test.TestCase): form_data['mac_state'] = True if port_security: form_data['port_security_enabled'] = True + form_data['wanted_groups'] = security_groups url = reverse('horizon:project:networks:editport', args=[port.network_id, port.id]) res = self.client.post(url, form_data) @@ -172,24 +175,19 @@ class NetworkPortTests(test.TestCase): redir_url = reverse(NETWORKS_DETAIL_URL, args=[port.network_id]) self.assertRedirectsNoFollow(res, redir_url) - @test.create_stubs({api.neutron: ('port_get', - 'is_extension_supported', - 'port_update')}) def test_port_update_post_exception(self): self._test_port_update_post_exception() - @test.create_stubs({api.neutron: ('port_get', - 'is_extension_supported', - 'port_update')}) def test_port_update_post_exception_with_mac_learning(self): self._test_port_update_post_exception(mac_learning=True) - @test.create_stubs({api.neutron: ('port_get', - 'is_extension_supported', - 'port_update')}) def test_port_update_post_exception_with_port_security(self): self._test_port_update_post_exception(port_security=True) + @test.create_stubs({api.neutron: ('port_get', + 'is_extension_supported', + 'security_group_list', + 'port_update')}) def _test_port_update_post_exception(self, mac_learning=False, binding=False, port_security=False): @@ -206,6 +204,9 @@ class NetworkPortTests(test.TestCase): api.neutron.is_extension_supported(IsA(http.HttpRequest), 'port-security')\ .MultipleTimes().AndReturn(port_security) + api.neutron.security_group_list(IsA(http.HttpRequest), + tenant_id=None)\ + .AndReturn(self.security_groups.list()) extension_kwargs = {} if binding: extension_kwargs['binding__vnic_type'] = port.binding__vnic_type diff --git a/openstack_dashboard/dashboards/project/networks/ports/views.py b/openstack_dashboard/dashboards/project/networks/ports/views.py index 603290f285..3000fbdfdb 100644 --- a/openstack_dashboard/dashboards/project/networks/ports/views.py +++ b/openstack_dashboard/dashboards/project/networks/ports/views.py @@ -187,7 +187,8 @@ class UpdateView(workflows.WorkflowView): 'tenant_id': port['tenant_id'], 'name': port['name'], 'admin_state': port['admin_state_up'], - 'mac_address': port['mac_address']} + 'mac_address': port['mac_address'], + 'target_tenant_id': port['tenant_id']} if port.get('binding__vnic_type'): initial['binding__vnic_type'] = port['binding__vnic_type'] try: diff --git a/openstack_dashboard/dashboards/project/networks/ports/workflows.py b/openstack_dashboard/dashboards/project/networks/ports/workflows.py index 133939a8a2..4966b922e9 100644 --- a/openstack_dashboard/dashboards/project/networks/ports/workflows.py +++ b/openstack_dashboard/dashboards/project/networks/ports/workflows.py @@ -24,6 +24,9 @@ from horizon import forms from horizon import workflows from openstack_dashboard import api +from openstack_dashboard.dashboards.project.instances.workflows import \ + update_instance as base_sec_group +from openstack_dashboard.utils import filters LOG = logging.getLogger(__name__) @@ -55,8 +58,6 @@ class UpdatePortInfoAction(workflows.Action): self.fields['binding__vnic_type'] = forms.ChoiceField( choices=vnic_type_choices, label=_("Binding: VNIC Type"), - help_text=_( - "The VNIC type that is bound to the neutron port"), required=False) except Exception: msg = _("Unable to verify the VNIC types extension in Neutron") @@ -75,8 +76,13 @@ class UpdatePortInfoAction(workflows.Action): if api.neutron.is_extension_supported(request, 'port-security'): self.fields['port_security_enabled'] = forms.BooleanField( label=_("Port Security"), - help_text=_("Enable anti-spoofing rules for the port"), - required=False + required=False, + widget=forms.CheckboxInput(attrs={ + 'class': 'switchable', + 'data-slug': 'port_security_enabled', + 'data-hide-tab': 'update_port__update_security_groups', + 'data-hide-on-checked': 'false' + }) ) except Exception: msg = _("Unable to retrieve port security state") @@ -84,6 +90,8 @@ class UpdatePortInfoAction(workflows.Action): class Meta(object): name = _("Info") + slug = 'update_info' + help_text_template = 'project/networks/ports/_edit_port_help.html' class UpdatePortInfo(workflows.Step): @@ -91,7 +99,25 @@ class UpdatePortInfo(workflows.Step): depends_on = ("network_id", "port_id") contributes = ["name", "admin_state", "binding__vnic_type", "mac_state", "port_security_enabled"] - help_text = _("You can update the editable properties of your port here.") + + +class UpdatePortSecurityGroupAction(base_sec_group.BaseSecurityGroupsAction): + def _get_initial_security_groups(self, context): + port_id = context.get('port_id', '') + port = api.neutron.port_get(self.request, port_id) + return port.security_groups + + class Meta(object): + name = _("Security Groups") + slug = "update_security_groups" + + +class UpdatePortSecurityGroup(base_sec_group.BaseSecurityGroups): + action_class = UpdatePortSecurityGroupAction + members_list_title = _("Port Security Groups") + help_text = _("Add or remove security groups to this port " + "from the list of available security groups.") + depends_on = ("port_id", 'target_tenant_id') class UpdatePort(workflows.Workflow): @@ -100,7 +126,7 @@ class UpdatePort(workflows.Workflow): finalize_button_name = _("Update") success_message = _('Port %s was successfully updated.') failure_message = _('Failed to update port "%s".') - default_steps = (UpdatePortInfo,) + default_steps = (UpdatePortInfo, UpdatePortSecurityGroup) def get_success_url(self): return reverse("horizon:project:networks:detail", @@ -136,4 +162,18 @@ class UpdatePort(workflows.Workflow): if data['port_security_enabled'] is not None: params['port_security_enabled'] = data['port_security_enabled'] + # If port_security_enabled is set to False, security groups on the port + # must be cleared. We will clear the current security groups + # in this case. + if ('port_security_enabled' in params + and not params['port_security_enabled']): + params['security_groups'] = [] + # In case of UpdatePortSecurityGroup registered, 'wanted_groups' + # exists in data. + elif 'wanted_groups' in data: + # If data has that key, we need to set its value + # even if its value is empty to clear sec group setting. + groups = map(filters.get_int_or_uuid, data['wanted_groups']) + params['security_groups'] = groups + return params diff --git a/openstack_dashboard/dashboards/project/networks/templates/networks/ports/_edit_port_help.html b/openstack_dashboard/dashboards/project/networks/templates/networks/ports/_edit_port_help.html new file mode 100644 index 0000000000..1b249f8e30 --- /dev/null +++ b/openstack_dashboard/dashboards/project/networks/templates/networks/ports/_edit_port_help.html @@ -0,0 +1,25 @@ +{% load i18n %} + +

{% trans "You can edit the properties of your port here." %}

+
+
{% trans "Enable Admin State" %}
+
{% blocktrans trimmed %}When the admin state of the port is enabled, the + networking service forward packets on the port. Otherwise, it does not + forward any packets on the port.{% endblocktrans %}
+ {% block admin_fields %}{% endblock %} +
{% trans "Binding: VNIC Type" %}
+
{% blocktrans trimmed %}It specified the VNIC type bound to the + networking port.{% endblocktrans %}
+
{% trans "Port Security" %}
+
{% blocktrans trimmed %} + Enables anti-spoofing rules for the port if enabled. In addition, + if port security is disabled, security groups + on the port will be automatically cleared. When you enable port security + of the port, you may want to associate some security groups on + the port.{% endblocktrans %}
+
{% trans "Security Groups" %}
+
{% blocktrans trimmed %}You can add or remove security groups + associated with the port in the next tab (if the port security is + enabled for the port). + {% endblocktrans %}
+
diff --git a/openstack_dashboard/test/test_data/neutron_data.py b/openstack_dashboard/test/test_data/neutron_data.py index 25928b55f9..876b01a6cc 100644 --- a/openstack_dashboard/test/test_data/neutron_data.py +++ b/openstack_dashboard/test/test_data/neutron_data.py @@ -120,6 +120,7 @@ def data(TEST): {'ip_address': '174.0.0.201', 'mac_address': 'fa:16:3e:7a:7b:18'} ], + 'port_security_enabled': True, 'security_groups': [], } @@ -140,6 +141,7 @@ def data(TEST): 'tenant_id': network_dict['tenant_id'], 'binding:vnic_type': 'normal', 'binding:host_id': 'host', + 'port_security_enabled': True, 'security_groups': [ # sec_group_1 ID below 'faad7c80-3b62-4440-967c-13808c37131d', diff --git a/releasenotes/notes/security-group-associate-per-port-c81ca7beb7dca409.yaml b/releasenotes/notes/security-group-associate-per-port-c81ca7beb7dca409.yaml new file mode 100644 index 0000000000..c4f939846f --- /dev/null +++ b/releasenotes/notes/security-group-associate-per-port-c81ca7beb7dca409.yaml @@ -0,0 +1,6 @@ +--- +features: + - Support security groups association per network port for operators + and users. Note that the current implementation only supports to edit + security groups of neutron port from the port tables in the network + detail page (Further improvement is planned).