use neutron-lib port security api-def
The port security API definition has been in neutron-lib for awhile. This patch consumes the definition from neutron-lib. NeutronLibImpact - Consumers using the public definitions from neutron.extensions.portsecurity must now switch over to the api-def in neutron-lib. See the changes herein for additional details. Change-Id: If43b65861efc536d01c43dc0d2bbcbcf062c1271
This commit is contained in:
Boden R
parent
90b01bb6ca
commit
2e56ba4526
@ -18,11 +18,12 @@ import contextlib
|
||||
|
||||
import six
|
||||
|
||||
from neutron_lib.api.definitions import port_security as psec
|
||||
from neutron_lib import constants as n_const
|
||||
|
||||
import neutron.common.constants as const
|
||||
from neutron.common import utils
|
||||
from neutron.extensions import portsecurity as psec
|
||||
|
||||
|
||||
INGRESS_DIRECTION = const.INGRESS_DIRECTION
|
||||
EGRESS_DIRECTION = const.EGRESS_DIRECTION
|
||||
|
||||
@ -12,6 +12,7 @@
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from neutron_lib.api.definitions import port_security as psec
|
||||
from neutron_lib.api import validators
|
||||
from neutron_lib.plugins import directory
|
||||
|
||||
@ -19,7 +20,6 @@ from neutron.api.v2 import attributes as attrs
|
||||
from neutron.common import utils
|
||||
from neutron.db import _resource_extend as resource_extend
|
||||
from neutron.db import portsecurity_db_common
|
||||
from neutron.extensions import portsecurity as psec
|
||||
|
||||
|
||||
@resource_extend.has_resource_extenders
|
||||
|
||||
@ -12,8 +12,9 @@
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from neutron_lib.api.definitions import port_security as psec
|
||||
|
||||
from neutron.db import _utils as db_utils
|
||||
from neutron.extensions import portsecurity as psec
|
||||
from neutron.objects import network
|
||||
from neutron.objects.port.extensions import port_security as p_ps
|
||||
|
||||
|
||||
@ -12,67 +12,10 @@
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from neutron_lib.api import converters
|
||||
from neutron_lib.api.definitions import port_security
|
||||
from neutron_lib.api import extensions
|
||||
from neutron_lib import constants
|
||||
from neutron_lib import exceptions as nexception
|
||||
|
||||
from neutron._i18n import _
|
||||
|
||||
|
||||
DEFAULT_PORT_SECURITY = True
|
||||
|
||||
|
||||
class PortSecurityPortHasSecurityGroup(nexception.InUse):
|
||||
message = _("Port has security group associated. Cannot disable port "
|
||||
"security or ip address until security group is removed")
|
||||
|
||||
|
||||
class PortSecurityAndIPRequiredForSecurityGroups(nexception.InvalidInput):
|
||||
message = _("Port security must be enabled and port must have an IP"
|
||||
" address in order to use security groups.")
|
||||
|
||||
|
||||
PORTSECURITY = 'port_security_enabled'
|
||||
EXTENDED_ATTRIBUTES_2_0 = {
|
||||
'networks': {
|
||||
PORTSECURITY: {'allow_post': True, 'allow_put': True,
|
||||
'convert_to': converters.convert_to_boolean,
|
||||
'enforce_policy': True,
|
||||
'default': DEFAULT_PORT_SECURITY,
|
||||
'is_visible': True},
|
||||
},
|
||||
'ports': {
|
||||
PORTSECURITY: {'allow_post': True, 'allow_put': True,
|
||||
'convert_to': converters.convert_to_boolean,
|
||||
'default': constants.ATTR_NOT_SPECIFIED,
|
||||
'enforce_policy': True,
|
||||
'is_visible': True},
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
class Portsecurity(extensions.ExtensionDescriptor):
|
||||
class Portsecurity(extensions.APIExtensionDescriptor):
|
||||
"""Extension class supporting port security."""
|
||||
|
||||
@classmethod
|
||||
def get_name(cls):
|
||||
return "Port Security"
|
||||
|
||||
@classmethod
|
||||
def get_alias(cls):
|
||||
return "port-security"
|
||||
|
||||
@classmethod
|
||||
def get_description(cls):
|
||||
return "Provides port security"
|
||||
|
||||
@classmethod
|
||||
def get_updated(cls):
|
||||
return "2012-07-23T10:00:00-00:00"
|
||||
|
||||
def get_extended_resources(self, version):
|
||||
if version == "2.0":
|
||||
return EXTENDED_ATTRIBUTES_2_0
|
||||
else:
|
||||
return {}
|
||||
api_definition = port_security
|
||||
|
||||
@ -10,9 +10,9 @@
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from neutron_lib.api.definitions import port_security
|
||||
from oslo_versionedobjects import fields as obj_fields
|
||||
|
||||
from neutron.extensions import portsecurity
|
||||
from neutron.objects import base
|
||||
from neutron.objects import common_types
|
||||
|
||||
@ -21,7 +21,7 @@ class _PortSecurity(base.NeutronDbObject):
|
||||
fields = {
|
||||
'id': common_types.UUIDField(),
|
||||
'port_security_enabled': obj_fields.BooleanField(
|
||||
default=portsecurity.DEFAULT_PORT_SECURITY),
|
||||
default=port_security.DEFAULT_PORT_SECURITY),
|
||||
}
|
||||
|
||||
foreign_keys = {
|
||||
|
||||
@ -13,6 +13,7 @@
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from neutron_lib.api.definitions import port_security as psec
|
||||
from neutron_lib.api import validators
|
||||
from oslo_log import log as logging
|
||||
|
||||
@ -20,7 +21,6 @@ from neutron._i18n import _LI
|
||||
from neutron.common import utils
|
||||
from neutron.db import common_db_mixin
|
||||
from neutron.db import portsecurity_db_common as ps_db_common
|
||||
from neutron.extensions import portsecurity as psec
|
||||
from neutron.plugins.ml2 import driver_api as api
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
@ -16,6 +16,7 @@
|
||||
import copy
|
||||
|
||||
from eventlet import greenthread
|
||||
from neutron_lib.api.definitions import port_security as psec
|
||||
from neutron_lib.api.definitions import portbindings
|
||||
from neutron_lib.api.definitions import provider_net
|
||||
from neutron_lib.api import validators
|
||||
@ -25,6 +26,7 @@ from neutron_lib.callbacks import registry
|
||||
from neutron_lib.callbacks import resources
|
||||
from neutron_lib import constants as const
|
||||
from neutron_lib import exceptions as exc
|
||||
from neutron_lib.exceptions import port_security as psec_exc
|
||||
from neutron_lib.plugins import directory
|
||||
from oslo_config import cfg
|
||||
from oslo_db import exception as os_db_exception
|
||||
@ -74,7 +76,6 @@ from neutron.extensions import allowedaddresspairs as addr_pair
|
||||
from neutron.extensions import availability_zone as az_ext
|
||||
from neutron.extensions import extra_dhcp_opt as edo_ext
|
||||
from neutron.extensions import multiprovidernet as mpnet
|
||||
from neutron.extensions import portsecurity as psec
|
||||
from neutron.extensions import providernet as provider
|
||||
from neutron.extensions import vlantransparent
|
||||
from neutron.plugins.ml2.common import exceptions as ml2_exc
|
||||
@ -1074,7 +1075,7 @@ class Ml2Plugin(db_base_plugin_v2.NeutronDbPluginV2,
|
||||
if port_security:
|
||||
self._ensure_default_security_group_on_port(context, port)
|
||||
elif self._check_update_has_security_groups(port):
|
||||
raise psec.PortSecurityAndIPRequiredForSecurityGroups()
|
||||
raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
|
||||
|
||||
def _setup_dhcp_agent_provisioning_component(self, context, port):
|
||||
subnet_ids = [f['subnet_id'] for f in port['fixed_ips']]
|
||||
@ -1201,7 +1202,7 @@ class Ml2Plugin(db_base_plugin_v2.NeutronDbPluginV2,
|
||||
# checks if security groups were updated adding/modifying
|
||||
# security groups, port security is set
|
||||
if self._check_update_has_security_groups(port):
|
||||
raise psec.PortSecurityAndIPRequiredForSecurityGroups()
|
||||
raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
|
||||
elif (not
|
||||
self._check_update_deletes_security_groups(port)):
|
||||
# Update did not have security groups passed in. Check
|
||||
@ -1212,7 +1213,7 @@ class Ml2Plugin(db_base_plugin_v2.NeutronDbPluginV2,
|
||||
context, filters)
|
||||
)
|
||||
if security_groups:
|
||||
raise psec.PortSecurityPortHasSecurityGroup()
|
||||
raise psec_exc.PortSecurityPortHasSecurityGroup()
|
||||
|
||||
@utils.transaction_guard
|
||||
@db_api.retry_if_session_inactive()
|
||||
|
||||
@ -13,6 +13,7 @@
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from neutron_lib.api.definitions import port_security as psec
|
||||
from neutron_lib.api.definitions import portbindings
|
||||
from neutron_lib.callbacks import resources
|
||||
from neutron_lib import constants as n_const
|
||||
@ -29,7 +30,6 @@ from neutron.common import rpc as n_rpc
|
||||
from neutron.common import topics
|
||||
from neutron.db import l3_hamode_db
|
||||
from neutron.db import provisioning_blocks
|
||||
from neutron.extensions import portsecurity as psec
|
||||
from neutron.plugins.ml2 import db as ml2_db
|
||||
from neutron.plugins.ml2 import driver_api as api
|
||||
from neutron.plugins.ml2.drivers import type_tunnel
|
||||
|
||||
@ -13,6 +13,7 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
from neutron_lib.api.definitions import port_security as psec
|
||||
from neutron_lib.api import validators
|
||||
from neutron_lib.plugins import directory
|
||||
from oslo_config import cfg
|
||||
@ -22,7 +23,6 @@ from neutron.db import allowedaddresspairs_db as addr_pair_db
|
||||
from neutron.db import db_base_plugin_v2
|
||||
from neutron.db import portsecurity_db
|
||||
from neutron.extensions import allowedaddresspairs as addr_pair
|
||||
from neutron.extensions import portsecurity as psec
|
||||
from neutron.extensions import securitygroup as secgroup
|
||||
from neutron.tests.unit.db import test_db_base_plugin_v2
|
||||
|
||||
|
||||
@ -11,10 +11,10 @@
|
||||
# under the License.
|
||||
|
||||
import mock
|
||||
from neutron_lib.api.definitions import port_security as psec
|
||||
|
||||
from neutron.db import common_db_mixin
|
||||
from neutron.db import portsecurity_db_common as pdc
|
||||
from neutron.extensions import portsecurity as psec
|
||||
from neutron.objects import base as objects_base
|
||||
from neutron.objects import network
|
||||
from neutron.objects.port.extensions import port_security as p_ps
|
||||
|
||||
@ -13,8 +13,10 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
from neutron_lib.api.definitions import port_security as psec
|
||||
from neutron_lib.api import validators
|
||||
from neutron_lib import context
|
||||
from neutron_lib.exceptions import port_security as psec_exc
|
||||
from neutron_lib.plugins import directory
|
||||
from webob import exc
|
||||
|
||||
@ -23,7 +25,6 @@ from neutron.db import api as db_api
|
||||
from neutron.db import db_base_plugin_v2
|
||||
from neutron.db import portsecurity_db
|
||||
from neutron.db import securitygroups_db
|
||||
from neutron.extensions import portsecurity as psec
|
||||
from neutron.extensions import securitygroup as ext_sg
|
||||
from neutron.tests.unit.db import test_db_base_plugin_v2
|
||||
from neutron.tests.unit.extensions import test_securitygroup
|
||||
@ -98,7 +99,7 @@ class PortSecurityTestPlugin(db_base_plugin_v2.NeutronDbPluginV2,
|
||||
|
||||
if (validators.is_attr_set(p.get(ext_sg.SECURITYGROUPS)) and
|
||||
not (port_security and has_ip)):
|
||||
raise psec.PortSecurityAndIPRequiredForSecurityGroups()
|
||||
raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
|
||||
|
||||
# Port requires ip and port_security enabled for security group
|
||||
if has_ip and port_security:
|
||||
@ -130,13 +131,13 @@ class PortSecurityTestPlugin(db_base_plugin_v2.NeutronDbPluginV2,
|
||||
# security groups, port security is set and port has ip
|
||||
if (has_security_groups and (not ret_port[psec.PORTSECURITY]
|
||||
or not has_ip)):
|
||||
raise psec.PortSecurityAndIPRequiredForSecurityGroups()
|
||||
raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
|
||||
|
||||
# Port security/IP was updated off. Need to check that no security
|
||||
# groups are on port.
|
||||
if ret_port[psec.PORTSECURITY] is not True or not has_ip:
|
||||
if has_security_groups:
|
||||
raise psec.PortSecurityAndIPRequiredForSecurityGroups()
|
||||
raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
|
||||
|
||||
# get security groups on port
|
||||
filters = {'port_id': [id]}
|
||||
@ -144,7 +145,7 @@ class PortSecurityTestPlugin(db_base_plugin_v2.NeutronDbPluginV2,
|
||||
_get_port_security_group_bindings(
|
||||
context, filters))
|
||||
if security_groups and not delete_security_groups:
|
||||
raise psec.PortSecurityPortHasSecurityGroup()
|
||||
raise psec_exc.PortSecurityPortHasSecurityGroup()
|
||||
|
||||
if (delete_security_groups or has_security_groups):
|
||||
# delete the port binding and read it with the new rules.
|
||||
|
||||
@ -14,8 +14,8 @@
|
||||
# under the License.
|
||||
|
||||
import mock
|
||||
from neutron_lib.api.definitions import port_security as psec
|
||||
|
||||
from neutron.extensions import portsecurity as psec
|
||||
from neutron.plugins.ml2.extensions import port_security
|
||||
from neutron.tests.unit.plugins.ml2 import test_plugin
|
||||
|
||||
|
||||
@ -13,10 +13,10 @@
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from neutron_lib.api.definitions import port_security as psec
|
||||
from neutron_lib import context
|
||||
from neutron_lib.plugins import directory
|
||||
|
||||
from neutron.extensions import portsecurity as psec
|
||||
from neutron.plugins.ml2 import config
|
||||
from neutron.tests.unit.extensions import test_portsecurity as test_psec
|
||||
from neutron.tests.unit.plugins.ml2 import test_plugin
|
||||
|
||||
Loading…
Reference in New Issue
Block a user