complete api-ref for addr pairs and port security

The API reference for the allowed address pairs and port security
extensions were only partially implemented. This patch finishes up
the API ref for them and makes some additional clean-ups in the existing
api-ref that was in place for them.

Change-Id: If0d56e848fd45fc5b7d6665cf423985ffde71129
Closes-Bug: #1453667

api-ref/source/v2/networks.inc

@@ -69,6 +69,19 @@ The ``dns_domain`` of a network in conjunction with the ``dns_name`` attribute
 of its ports will be published in an external DNS service when Neutron is
 configured to integrate with such a service.
 
+Port security
+=============
+
+The ``port-security`` extension adds the ``port_security_enabled`` boolean
+attribute to networks. At the network level, ``port_security_enabled``
+defines the default value for new ports attached to the network; they will
+inherit the value of their network's ``port_security_enabled`` unless
+explicitly set on the port itself. While the default value for
+``port_security_enabled`` is ``true``, this can be changed by updating the
+respective network. Note that changing a value of ``port_security_enabled``
+on a network, does not cascade the value to ports attached to the network.
+
+
 Show network details
 ====================
 

api-ref/source/v2/parameters.yaml

@@ -572,27 +572,25 @@ alias:
   type: string
 allowed_address_pairs:
   description: |
-    A set of zero or more allowed address pairs.
-    An address pair consists of an IP address range and MAC address
-    with the format of
-    ``{"ip_address": "<IP address or CIDR>", "mac_address": "<MAC address>"}``.
-    A server connected to the port can send a packet with source address
-    which matches one of the specified allowed address pairs.
+    A set of zero or more allowed address pair objects each where address pair
+    object contains an ``ip_address`` and ``mac_address``. While the
+    ``ip_address`` is required, the ``mac_address`` will be taken from the
+    port if not specified. The value of ``ip_address`` can be an IP Address
+    or a CIDR (if supported by the underlying extension plugin).
+    A server connected to the port can send a packet with source address which
+    matches one of the specified allowed address pairs.
   in: body
   required: true
   type: array
 allowed_address_pairs-request:
   description: |
-    A set of zero or more allowed address pairs.
-    An address pair consists of an IP address range and MAC address
-    with the format of
-    ``{"ip_address": "<IP address or CIDR>", "mac_address": "<MAC address>"}``.
-    A server connected to the port can send a packet with source address
-    which matches one of the specified allowed address pairs.
-    The default is an empty list.
-    For each address pair, ``ip_address`` is required and IP address or
-    CIDR can be specified. ``mac_address`` is optional and if unspecified
-    the MAC address of the port is used as default.
+    A set of zero or more allowed address pair objects each where address pair
+    object contains an ``ip_address`` and ``mac_address``. While the
+    ``ip_address`` is required, the ``mac_address`` will be taken from the
+    port if not specified. The value of ``ip_address`` can be an IP Address
+    or a CIDR (if supported by the underlying extension plugin).
+    A server connected to the port can send a packet with source address which
+    matches one of the specified allowed address pairs.
   in: body
   required: false
   type: array

api-ref/source/v2/ports.inc

@@ -15,8 +15,6 @@ The extension defines several attributes whose names have a prefix
 ``binding:`` including ``binding:host_id``, ``binding:vnic_type``,
 ``binding:vif_type``, ``binding:vif_details``, and ``binding:profile``.
 
-|
-
 Data plane status extension
 ===========================
 
@@ -46,6 +44,25 @@ extension must be used in conjunction with the ``dns-integration`` extension.
 When enabled and set, a port level ``dns_domain`` take precedence over a
 ``dns_domain`` specified in the port's network allowing per-port DNS domains.
 
+Port security
+=============
+
+The ``port-security`` extension adds the ``port_security_enabled`` boolean
+attribute to ports. If a ``port-security`` value is not specified during
+port creation, a port will inherit the ``port_security_enabled`` from the
+network its connected to.
+
+Allowed address pairs
+=====================
+
+The ``allowed-address-pairs`` extension adds an ``allowed_address_pairs``
+attribute to ports. The value of ``allowed_address_pairs`` is an array of
+allowed address pair objects, each having an ``ip_address`` and a
+``mac_address``. The set of allowed address pairs defines IP and MAC address
+that the port can use when sending packets if ``port_security_enabled`` is
+``true`` (see the ``port-security`` extension). Note that while the
+``ip_address`` is required in each allowed address pair, the ``mac_address``
+is optional and will be taken from the port if not specified.
 
 Show port details
 =================

api-ref/source/v2/samples/networks/network-multi-create-response.json

@@ -6,6 +6,7 @@
         "admin_state_up": true,
         "dns_domain": "",
         "mtu": 1500,
+        "port_security_enabled": true,
         "project_id": "9bacb3c5d39d41a79512987f338cf177",
         "tenant_id": "9bacb3c5d39d41a79512987f338cf177",
         "qos_policy_id": "6a8454ade84346f59e8d40665f878b2e",

api-ref/source/v2/samples/networks/network-provider-create-response.json

@@ -17,6 +17,7 @@
         "shared": false,
         "id": "4e8e5957-649f-477b-9e5b-f1f75b21c03c",
         "provider:segmentation_id": 2,
-        "description": ""
+        "description": "",
+        "port_security_enabled": true
     }
 }

api-ref/source/v2/samples/networks/networks-bulk-create-response.json

@@ -21,7 +21,8 @@
             "tenant_id": "4fd44f30292945e481c7b8a0c8908869",
             "updated_at": "2016-03-08T20:19:41",
             "vlan_transparent": false,
-            "description": ""
+            "description": "",
+            "port_security_enabled": true
         },
         {
             "admin_state_up": true,
@@ -44,7 +45,8 @@
             "tenant_id": "4fd44f30292945e481c7b8a0c8908869",
             "updated_at": "2016-03-08T20:19:41",
             "vlan_transparent": false,
-            "description": ""
+            "description": "",
+            "port_security_enabled": true
         }
     ]
 }

api-ref/source/v2/samples/ports/port-bind-create-response.json

@@ -1,7 +1,12 @@
 {
     "port": {
         "admin_state_up": true,
-        "allowed_address_pairs": [],
+        "allowed_address_pairs": [
+            {
+                "ip_address": "12.12.11.12",
+                "mac_address": "fa:14:2a:b3:cb:f0"
+            }
+        ],
         "binding:host_id": "4df8d9ff-6f6f-438f-90a1-ef660d4586ad",
         "binding:profile": {
             "local_link_information": [
@@ -42,6 +47,7 @@
             "f0ac4394-7e4a-4409-9701-ba8be283dbc3"
         ],
         "status": "DOWN",
-        "tenant_id": "d6700c0c9ffa4f1cb322cd4a1f3906fa"
+        "tenant_id": "d6700c0c9ffa4f1cb322cd4a1f3906fa",
+        "port_security_enabled": true
     }
 }

api-ref/source/v2/samples/ports/port-bind-update-response.json

@@ -35,6 +35,7 @@
             "ce0179d6-8a94-4f7c-91c2-f3038e2acbd0"
         ],
         "status": "DOWN",
-        "tenant_id": "522eda8d23124b25bf03fe44f1986b74"
+        "tenant_id": "522eda8d23124b25bf03fe44f1986b74",
+        "port_security_enabled": false
     }
 }

api-ref/source/v2/samples/ports/port-create-request.json

@@ -4,6 +4,13 @@
         "dns_domain": "my-domain.org.",
         "dns_name": "myport",
         "name": "private-port",
-        "network_id": "a87cc70a-3e15-4acf-8205-9b711a3531b7"
+        "network_id": "a87cc70a-3e15-4acf-8205-9b711a3531b7",
+        "port_security_enabled": true,
+        "allowed_address_pairs": [
+            {
+                "ip_address": "12.12.11.12",
+                "mac_address": "fa:14:2a:b3:cb:f0"
+            }
+        ]
     }
 }

api-ref/source/v2/samples/ports/port-create-response.json

@@ -1,7 +1,12 @@
 {
     "port": {
         "admin_state_up": true,
-        "allowed_address_pairs": [],
+        "allowed_address_pairs": [
+            {
+                "ip_address": "12.12.11.12",
+                "mac_address": "fa:14:2a:b3:cb:f0"
+            }
+        ],
         "created_at": "2016-03-08T20:19:41",
         "data_plane_status": null,
         "description": "",

api-ref/source/v2/samples/ports/port-update-response.json

@@ -35,6 +35,7 @@
             "ce0179d6-8a94-4f7c-91c2-f3038e2acbd0"
         ],
         "status": "DOWN",
-        "tenant_id": "522eda8d23124b25bf03fe44f1986b74"
+        "tenant_id": "522eda8d23124b25bf03fe44f1986b74",
+        "port_security_enabled": false
     }
 }

api-ref/source/v2/samples/ports/ports-bulk-create-response.json

@@ -25,7 +25,8 @@
                 "f0ac4394-7e4a-4409-9701-ba8be283dbc3"
             ],
             "status": "DOWN",
-            "tenant_id": "d6700c0c9ffa4f1cb322cd4a1f3906fa"
+            "tenant_id": "d6700c0c9ffa4f1cb322cd4a1f3906fa",
+            "port_security_enabled": false
         },
         {
             "admin_state_up": false,
@@ -53,7 +54,8 @@
                 "f0ac4394-7e4a-4409-9701-ba8be283dbc3"
             ],
             "status": "DOWN",
-            "tenant_id": "d6700c0c9ffa4f1cb322cd4a1f3906fa"
+            "tenant_id": "d6700c0c9ffa4f1cb322cd4a1f3906fa",
+            "port_security_enabled": false
         }
     ]
 }

api-ref/source/v2/samples/ports/ports-list-response.json

@@ -29,7 +29,8 @@
             "revision_number": 1,
             "security_groups": [],
             "status": "ACTIVE",
-            "tenant_id": ""
+            "tenant_id": "",
+            "port_security_enabled": false
         },
         {
             "admin_state_up": true,
@@ -60,7 +61,8 @@
             "revision_number": 1,
             "security_groups": [],
             "status": "ACTIVE",
-            "tenant_id": "d397de8a63f341818f198abb0966f6f3"
+            "tenant_id": "d397de8a63f341818f198abb0966f6f3",
+            "port_security_enabled": false
         }
     ]
 }