use neutron-lib port security api-def

The port security API definition has been in neutron-lib for awhile.
This patch consumes the definition from neutron-lib.

NeutronLibImpact
- Consumers using the public definitions from
neutron.extensions.portsecurity must now switch over to the api-def in
neutron-lib. See the changes herein for additional details.

Change-Id: If43b65861efc536d01c43dc0d2bbcbcf062c1271

neutron/agent/firewall.py

@@ -18,11 +18,12 @@ import contextlib
 
 import six
 
+from neutron_lib.api.definitions import port_security as psec
 from neutron_lib import constants as n_const
 
 import neutron.common.constants as const
 from neutron.common import utils
-from neutron.extensions import portsecurity as psec
+
 
 INGRESS_DIRECTION = const.INGRESS_DIRECTION
 EGRESS_DIRECTION = const.EGRESS_DIRECTION

neutron/db/portsecurity_db.py

@@ -12,6 +12,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from neutron_lib.api.definitions import port_security as psec
 from neutron_lib.api import validators
 from neutron_lib.plugins import directory
 
@@ -19,7 +20,6 @@ from neutron.api.v2 import attributes as attrs
 from neutron.common import utils
 from neutron.db import _resource_extend as resource_extend
 from neutron.db import portsecurity_db_common
-from neutron.extensions import portsecurity as psec
 
 
 @resource_extend.has_resource_extenders

neutron/db/portsecurity_db_common.py

@@ -12,8 +12,9 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from neutron_lib.api.definitions import port_security as psec
+
 from neutron.db import _utils as db_utils
-from neutron.extensions import portsecurity as psec
 from neutron.objects import network
 from neutron.objects.port.extensions import port_security as p_ps
 

neutron/extensions/portsecurity.py

@@ -12,67 +12,10 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
-from neutron_lib.api import converters
+from neutron_lib.api.definitions import port_security
 from neutron_lib.api import extensions
-from neutron_lib import constants
-from neutron_lib import exceptions as nexception
 
-from neutron._i18n import _
 
-
-DEFAULT_PORT_SECURITY = True
-
-
-class PortSecurityPortHasSecurityGroup(nexception.InUse):
-    message = _("Port has security group associated. Cannot disable port "
-                "security or ip address until security group is removed")
-
-
-class PortSecurityAndIPRequiredForSecurityGroups(nexception.InvalidInput):
-    message = _("Port security must be enabled and port must have an IP"
-                " address in order to use security groups.")
-
-
-PORTSECURITY = 'port_security_enabled'
-EXTENDED_ATTRIBUTES_2_0 = {
-    'networks': {
-        PORTSECURITY: {'allow_post': True, 'allow_put': True,
-                       'convert_to': converters.convert_to_boolean,
-                       'enforce_policy': True,
-                       'default': DEFAULT_PORT_SECURITY,
-                       'is_visible': True},
-    },
-    'ports': {
-        PORTSECURITY: {'allow_post': True, 'allow_put': True,
-                       'convert_to': converters.convert_to_boolean,
-                       'default': constants.ATTR_NOT_SPECIFIED,
-                       'enforce_policy': True,
-                       'is_visible': True},
-    }
-}
-
-
-class Portsecurity(extensions.ExtensionDescriptor):
+class Portsecurity(extensions.APIExtensionDescriptor):
     """Extension class supporting port security."""
-
-    @classmethod
-    def get_name(cls):
-        return "Port Security"
-
-    @classmethod
-    def get_alias(cls):
-        return "port-security"
-
-    @classmethod
-    def get_description(cls):
-        return "Provides port security"
-
-    @classmethod
-    def get_updated(cls):
-        return "2012-07-23T10:00:00-00:00"
-
-    def get_extended_resources(self, version):
-        if version == "2.0":
-            return EXTENDED_ATTRIBUTES_2_0
-        else:
-            return {}
+    api_definition = port_security

neutron/objects/extensions/port_security.py

@@ -10,9 +10,9 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from neutron_lib.api.definitions import port_security
 from oslo_versionedobjects import fields as obj_fields
 
-from neutron.extensions import portsecurity
 from neutron.objects import base
 from neutron.objects import common_types
 
@@ -21,7 +21,7 @@ class _PortSecurity(base.NeutronDbObject):
     fields = {
         'id': common_types.UUIDField(),
         'port_security_enabled': obj_fields.BooleanField(
-            default=portsecurity.DEFAULT_PORT_SECURITY),
+            default=port_security.DEFAULT_PORT_SECURITY),
     }
 
     foreign_keys = {

neutron/plugins/ml2/extensions/port_security.py

@@ -13,6 +13,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from neutron_lib.api.definitions import port_security as psec
 from neutron_lib.api import validators
 from oslo_log import log as logging
 
@@ -20,7 +21,6 @@ from neutron._i18n import _LI
 from neutron.common import utils
 from neutron.db import common_db_mixin
 from neutron.db import portsecurity_db_common as ps_db_common
-from neutron.extensions import portsecurity as psec
 from neutron.plugins.ml2 import driver_api as api
 
 LOG = logging.getLogger(__name__)

neutron/plugins/ml2/plugin.py

@@ -16,6 +16,7 @@
 import copy
 
 from eventlet import greenthread
+from neutron_lib.api.definitions import port_security as psec
 from neutron_lib.api.definitions import portbindings
 from neutron_lib.api.definitions import provider_net
 from neutron_lib.api import validators
@@ -25,6 +26,7 @@ from neutron_lib.callbacks import registry
 from neutron_lib.callbacks import resources
 from neutron_lib import constants as const
 from neutron_lib import exceptions as exc
+from neutron_lib.exceptions import port_security as psec_exc
 from neutron_lib.plugins import directory
 from oslo_config import cfg
 from oslo_db import exception as os_db_exception
@@ -74,7 +76,6 @@ from neutron.extensions import allowedaddresspairs as addr_pair
 from neutron.extensions import availability_zone as az_ext
 from neutron.extensions import extra_dhcp_opt as edo_ext
 from neutron.extensions import multiprovidernet as mpnet
-from neutron.extensions import portsecurity as psec
 from neutron.extensions import providernet as provider
 from neutron.extensions import vlantransparent
 from neutron.plugins.ml2.common import exceptions as ml2_exc
@@ -1074,7 +1075,7 @@ class Ml2Plugin(db_base_plugin_v2.NeutronDbPluginV2,
         if port_security:
             self._ensure_default_security_group_on_port(context, port)
         elif self._check_update_has_security_groups(port):
-            raise psec.PortSecurityAndIPRequiredForSecurityGroups()
+            raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
 
     def _setup_dhcp_agent_provisioning_component(self, context, port):
         subnet_ids = [f['subnet_id'] for f in port['fixed_ips']]
@@ -1201,7 +1202,7 @@ class Ml2Plugin(db_base_plugin_v2.NeutronDbPluginV2,
         # checks if security groups were updated adding/modifying
         # security groups, port security is set
         if self._check_update_has_security_groups(port):
-            raise psec.PortSecurityAndIPRequiredForSecurityGroups()
+            raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
         elif (not
           self._check_update_deletes_security_groups(port)):
             # Update did not have security groups passed in. Check
@@ -1212,7 +1213,7 @@ class Ml2Plugin(db_base_plugin_v2.NeutronDbPluginV2,
                         context, filters)
                      )
             if security_groups:
-                raise psec.PortSecurityPortHasSecurityGroup()
+                raise psec_exc.PortSecurityPortHasSecurityGroup()
 
     @utils.transaction_guard
     @db_api.retry_if_session_inactive()

neutron/plugins/ml2/rpc.py

@@ -13,6 +13,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from neutron_lib.api.definitions import port_security as psec
 from neutron_lib.api.definitions import portbindings
 from neutron_lib.callbacks import resources
 from neutron_lib import constants as n_const
@@ -29,7 +30,6 @@ from neutron.common import rpc as n_rpc
 from neutron.common import topics
 from neutron.db import l3_hamode_db
 from neutron.db import provisioning_blocks
-from neutron.extensions import portsecurity as psec
 from neutron.plugins.ml2 import db as ml2_db
 from neutron.plugins.ml2 import driver_api as api
 from neutron.plugins.ml2.drivers import type_tunnel

neutron/tests/unit/db/test_allowedaddresspairs_db.py

@@ -13,6 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+from neutron_lib.api.definitions import port_security as psec
 from neutron_lib.api import validators
 from neutron_lib.plugins import directory
 from oslo_config import cfg
@@ -22,7 +23,6 @@ from neutron.db import allowedaddresspairs_db as addr_pair_db
 from neutron.db import db_base_plugin_v2
 from neutron.db import portsecurity_db
 from neutron.extensions import allowedaddresspairs as addr_pair
-from neutron.extensions import portsecurity as psec
 from neutron.extensions import securitygroup as secgroup
 from neutron.tests.unit.db import test_db_base_plugin_v2
 

neutron/tests/unit/db/test_portsecurity_db_common.py

@@ -11,10 +11,10 @@
 #    under the License.
 
 import mock
+from neutron_lib.api.definitions import port_security as psec
 
 from neutron.db import common_db_mixin
 from neutron.db import portsecurity_db_common as pdc
-from neutron.extensions import portsecurity as psec
 from neutron.objects import base as objects_base
 from neutron.objects import network
 from neutron.objects.port.extensions import port_security as p_ps

neutron/tests/unit/extensions/test_portsecurity.py

@@ -13,8 +13,10 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+from neutron_lib.api.definitions import port_security as psec
 from neutron_lib.api import validators
 from neutron_lib import context
+from neutron_lib.exceptions import port_security as psec_exc
 from neutron_lib.plugins import directory
 from webob import exc
 
@@ -23,7 +25,6 @@ from neutron.db import api as db_api
 from neutron.db import db_base_plugin_v2
 from neutron.db import portsecurity_db
 from neutron.db import securitygroups_db
-from neutron.extensions import portsecurity as psec
 from neutron.extensions import securitygroup as ext_sg
 from neutron.tests.unit.db import test_db_base_plugin_v2
 from neutron.tests.unit.extensions import test_securitygroup
@@ -98,7 +99,7 @@ class PortSecurityTestPlugin(db_base_plugin_v2.NeutronDbPluginV2,
 
         if (validators.is_attr_set(p.get(ext_sg.SECURITYGROUPS)) and
             not (port_security and has_ip)):
-            raise psec.PortSecurityAndIPRequiredForSecurityGroups()
+            raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
 
         # Port requires ip and port_security enabled for security group
         if has_ip and port_security:
@@ -130,13 +131,13 @@ class PortSecurityTestPlugin(db_base_plugin_v2.NeutronDbPluginV2,
             # security groups, port security is set and port has ip
             if (has_security_groups and (not ret_port[psec.PORTSECURITY]
                                          or not has_ip)):
-                raise psec.PortSecurityAndIPRequiredForSecurityGroups()
+                raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
 
             # Port security/IP was updated off. Need to check that no security
             # groups are on port.
             if ret_port[psec.PORTSECURITY] is not True or not has_ip:
                 if has_security_groups:
-                    raise psec.PortSecurityAndIPRequiredForSecurityGroups()
+                    raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
 
                 # get security groups on port
                 filters = {'port_id': [id]}
@@ -144,7 +145,7 @@ class PortSecurityTestPlugin(db_base_plugin_v2.NeutronDbPluginV2,
                                    _get_port_security_group_bindings(
                                        context, filters))
                 if security_groups and not delete_security_groups:
-                    raise psec.PortSecurityPortHasSecurityGroup()
+                    raise psec_exc.PortSecurityPortHasSecurityGroup()
 
             if (delete_security_groups or has_security_groups):
                 # delete the port binding and read it with the new rules.

neutron/tests/unit/plugins/ml2/extensions/test_port_security.py

@@ -14,8 +14,8 @@
 #    under the License.
 
 import mock
+from neutron_lib.api.definitions import port_security as psec
 
-from neutron.extensions import portsecurity as psec
 from neutron.plugins.ml2.extensions import port_security
 from neutron.tests.unit.plugins.ml2 import test_plugin
 

neutron/tests/unit/plugins/ml2/test_ext_portsecurity.py

@@ -13,10 +13,10 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from neutron_lib.api.definitions import port_security as psec
 from neutron_lib import context
 from neutron_lib.plugins import directory
 
-from neutron.extensions import portsecurity as psec
 from neutron.plugins.ml2 import config
 from neutron.tests.unit.extensions import test_portsecurity as test_psec
 from neutron.tests.unit.plugins.ml2 import test_plugin