From ce3d2eab55ac5d8085fa836c8029a8662dd34a87 Mon Sep 17 00:00:00 2001
From: Boden R <bodenvmw@gmail.com>
Date: Thu, 2 Feb 2017 15:28:52 -0700
Subject: [PATCH] rehome port security api-def

This patch rehomes neutron's port security api-def
into neutron-lib as well as it's associated exceptions.

Change-Id: I0ba12f6eef06c22973024573deaecd80c6b248de
---
 neutron_lib/api/definitions/port_security.py  | 87 +++++++++++++++++++
 neutron_lib/exceptions/port_security.py       | 26 ++++++
 .../api/definitions/test_port_security.py     | 20 +++++
 .../rehome-psec-apidef-bd9344ec1e6066b4.yaml  |  6 ++
 4 files changed, 139 insertions(+)
 create mode 100644 neutron_lib/api/definitions/port_security.py
 create mode 100644 neutron_lib/exceptions/port_security.py
 create mode 100644 neutron_lib/tests/unit/api/definitions/test_port_security.py
 create mode 100644 releasenotes/notes/rehome-psec-apidef-bd9344ec1e6066b4.yaml

diff --git a/neutron_lib/api/definitions/port_security.py b/neutron_lib/api/definitions/port_security.py
new file mode 100644
index 000000000..4e1dffd44
--- /dev/null
+++ b/neutron_lib/api/definitions/port_security.py
@@ -0,0 +1,87 @@
+# All rights reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from neutron_lib.api import converters
+from neutron_lib import constants
+
+
+DEFAULT_PORT_SECURITY = True
+
+PORTSECURITY = 'port_security_enabled'
+
+# The alias of the extension.
+ALIAS = 'port-security'
+
+# The label to lookup the plugin in the plugin directory. It can match the
+# alias, as required.
+LABEL = 'port-security'
+
+# Whether or not this extension is simply signaling behavior to the user
+# or it actively modifies the attribute map.
+IS_SHIM_EXTENSION = False
+
+# Whether the extension is marking the adoption of standardattr model for
+# legacy resources, or introducing new standardattr attributes. False or
+# None if the standardattr model is adopted since the introduction of
+# resource extension.
+# If this is True, the alias for the extension should be prefixed with
+# 'standard-attr-'.
+IS_STANDARD_ATTR_EXTENSION = False
+
+# The name of the extension.
+NAME = 'Port Security'
+
+# A prefix for API resources. An empty prefix means that the API is going
+# to be exposed at the v2/ level as any other core resource.
+API_PREFIX = ''
+
+# The description of the extension.
+DESCRIPTION = "Provides port security"
+
+# A timestamp of when the extension was introduced.
+UPDATED_TIMESTAMP = "2012-07-23T10:00:00-00:00"
+
+
+RESOURCE_ATTRIBUTE_MAP = {
+    'networks': {
+        PORTSECURITY: {'allow_post': True, 'allow_put': True,
+                       'convert_to': converters.convert_to_boolean,
+                       'enforce_policy': True,
+                       'default': DEFAULT_PORT_SECURITY,
+                       'is_visible': True},
+    },
+    'ports': {
+        PORTSECURITY: {'allow_post': True, 'allow_put': True,
+                       'convert_to': converters.convert_to_boolean,
+                       'default': constants.ATTR_NOT_SPECIFIED,
+                       'enforce_policy': True,
+                       'is_visible': True},
+    }
+}
+
+# The subresource attribute map for the extension. It adds child resources
+# to main extension's resource. The subresource map must have a parent and
+# a parameters entry. If an extension does not need such a map, None can
+# be specified (mandatory).
+SUB_RESOURCE_ATTRIBUTE_MAP = {}
+
+# The action map: it associates verbs with methods to be performed on
+# the API resource.
+ACTION_MAP = {}
+
+# The list of required extensions.
+REQUIRED_EXTENSIONS = []
+
+# The list of optional extensions.
+OPTIONAL_EXTENSIONS = []
diff --git a/neutron_lib/exceptions/port_security.py b/neutron_lib/exceptions/port_security.py
new file mode 100644
index 000000000..5ced5aec1
--- /dev/null
+++ b/neutron_lib/exceptions/port_security.py
@@ -0,0 +1,26 @@
+# All rights reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from neutron_lib._i18n import _
+from neutron_lib import exceptions
+
+
+class PortSecurityPortHasSecurityGroup(exceptions.InUse):
+    message = _("Port has security group associated. Cannot disable port "
+                "security or IP address until security group is removed.")
+
+
+class PortSecurityAndIPRequiredForSecurityGroups(exceptions.InvalidInput):
+    message = _("Port security must be enabled and port must have an IP "
+                "address in order to use security groups.")
diff --git a/neutron_lib/tests/unit/api/definitions/test_port_security.py b/neutron_lib/tests/unit/api/definitions/test_port_security.py
new file mode 100644
index 000000000..1c8e1dd5a
--- /dev/null
+++ b/neutron_lib/tests/unit/api/definitions/test_port_security.py
@@ -0,0 +1,20 @@
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from neutron_lib.api.definitions import port_security
+from neutron_lib.tests.unit.api.definitions import base
+
+
+class PortSecurityDefinitionTestCase(base.DefinitionBaseTestCase):
+    extension_module = port_security
+    extension_resources = ('networks', 'ports')
+    extension_attributes = ('port_security_enabled',)
diff --git a/releasenotes/notes/rehome-psec-apidef-bd9344ec1e6066b4.yaml b/releasenotes/notes/rehome-psec-apidef-bd9344ec1e6066b4.yaml
new file mode 100644
index 000000000..509d209ec
--- /dev/null
+++ b/releasenotes/notes/rehome-psec-apidef-bd9344ec1e6066b4.yaml
@@ -0,0 +1,6 @@
+---
+features:
+  - The ``port security`` extension API definition has been rehomed from
+    ``neutron`` to ``neutron_lib.api.definitions.port_security``. The
+    related exceptions can be found in the
+    ``neutron_lib.exceptions.port_security`` module.