diff --git a/neutron/agent/firewall.py b/neutron/agent/firewall.py index 1c194558bfa..6c2912b390d 100644 --- a/neutron/agent/firewall.py +++ b/neutron/agent/firewall.py @@ -18,11 +18,12 @@ import contextlib import six +from neutron_lib.api.definitions import port_security as psec from neutron_lib import constants as n_const import neutron.common.constants as const from neutron.common import utils -from neutron.extensions import portsecurity as psec + INGRESS_DIRECTION = const.INGRESS_DIRECTION EGRESS_DIRECTION = const.EGRESS_DIRECTION diff --git a/neutron/db/portsecurity_db.py b/neutron/db/portsecurity_db.py index 0129b8573e1..9370d2816fe 100644 --- a/neutron/db/portsecurity_db.py +++ b/neutron/db/portsecurity_db.py @@ -12,6 +12,7 @@ # License for the specific language governing permissions and limitations # under the License. +from neutron_lib.api.definitions import port_security as psec from neutron_lib.api import validators from neutron_lib.plugins import directory @@ -19,7 +20,6 @@ from neutron.api.v2 import attributes as attrs from neutron.common import utils from neutron.db import _resource_extend as resource_extend from neutron.db import portsecurity_db_common -from neutron.extensions import portsecurity as psec @resource_extend.has_resource_extenders diff --git a/neutron/db/portsecurity_db_common.py b/neutron/db/portsecurity_db_common.py index 566f254be6c..e5717f6b93a 100644 --- a/neutron/db/portsecurity_db_common.py +++ b/neutron/db/portsecurity_db_common.py @@ -12,8 +12,9 @@ # License for the specific language governing permissions and limitations # under the License. +from neutron_lib.api.definitions import port_security as psec + from neutron.db import _utils as db_utils -from neutron.extensions import portsecurity as psec from neutron.objects import network from neutron.objects.port.extensions import port_security as p_ps diff --git a/neutron/extensions/portsecurity.py b/neutron/extensions/portsecurity.py index 96ea1e4756f..13c511e3a7e 100644 --- a/neutron/extensions/portsecurity.py +++ b/neutron/extensions/portsecurity.py @@ -12,67 +12,10 @@ # License for the specific language governing permissions and limitations # under the License. -from neutron_lib.api import converters +from neutron_lib.api.definitions import port_security from neutron_lib.api import extensions -from neutron_lib import constants -from neutron_lib import exceptions as nexception - -from neutron._i18n import _ -DEFAULT_PORT_SECURITY = True - - -class PortSecurityPortHasSecurityGroup(nexception.InUse): - message = _("Port has security group associated. Cannot disable port " - "security or ip address until security group is removed") - - -class PortSecurityAndIPRequiredForSecurityGroups(nexception.InvalidInput): - message = _("Port security must be enabled and port must have an IP" - " address in order to use security groups.") - - -PORTSECURITY = 'port_security_enabled' -EXTENDED_ATTRIBUTES_2_0 = { - 'networks': { - PORTSECURITY: {'allow_post': True, 'allow_put': True, - 'convert_to': converters.convert_to_boolean, - 'enforce_policy': True, - 'default': DEFAULT_PORT_SECURITY, - 'is_visible': True}, - }, - 'ports': { - PORTSECURITY: {'allow_post': True, 'allow_put': True, - 'convert_to': converters.convert_to_boolean, - 'default': constants.ATTR_NOT_SPECIFIED, - 'enforce_policy': True, - 'is_visible': True}, - } -} - - -class Portsecurity(extensions.ExtensionDescriptor): +class Portsecurity(extensions.APIExtensionDescriptor): """Extension class supporting port security.""" - - @classmethod - def get_name(cls): - return "Port Security" - - @classmethod - def get_alias(cls): - return "port-security" - - @classmethod - def get_description(cls): - return "Provides port security" - - @classmethod - def get_updated(cls): - return "2012-07-23T10:00:00-00:00" - - def get_extended_resources(self, version): - if version == "2.0": - return EXTENDED_ATTRIBUTES_2_0 - else: - return {} + api_definition = port_security diff --git a/neutron/objects/extensions/port_security.py b/neutron/objects/extensions/port_security.py index d9207b1d1ce..0202921721f 100644 --- a/neutron/objects/extensions/port_security.py +++ b/neutron/objects/extensions/port_security.py @@ -10,9 +10,9 @@ # License for the specific language governing permissions and limitations # under the License. +from neutron_lib.api.definitions import port_security from oslo_versionedobjects import fields as obj_fields -from neutron.extensions import portsecurity from neutron.objects import base from neutron.objects import common_types @@ -21,7 +21,7 @@ class _PortSecurity(base.NeutronDbObject): fields = { 'id': common_types.UUIDField(), 'port_security_enabled': obj_fields.BooleanField( - default=portsecurity.DEFAULT_PORT_SECURITY), + default=port_security.DEFAULT_PORT_SECURITY), } foreign_keys = { diff --git a/neutron/plugins/ml2/extensions/port_security.py b/neutron/plugins/ml2/extensions/port_security.py index 7634d6d1c0c..08bda53c204 100644 --- a/neutron/plugins/ml2/extensions/port_security.py +++ b/neutron/plugins/ml2/extensions/port_security.py @@ -13,6 +13,7 @@ # License for the specific language governing permissions and limitations # under the License. +from neutron_lib.api.definitions import port_security as psec from neutron_lib.api import validators from oslo_log import log as logging @@ -20,7 +21,6 @@ from neutron._i18n import _LI from neutron.common import utils from neutron.db import common_db_mixin from neutron.db import portsecurity_db_common as ps_db_common -from neutron.extensions import portsecurity as psec from neutron.plugins.ml2 import driver_api as api LOG = logging.getLogger(__name__) diff --git a/neutron/plugins/ml2/plugin.py b/neutron/plugins/ml2/plugin.py index 258c1df0458..86ccced44a8 100644 --- a/neutron/plugins/ml2/plugin.py +++ b/neutron/plugins/ml2/plugin.py @@ -16,6 +16,7 @@ import copy from eventlet import greenthread +from neutron_lib.api.definitions import port_security as psec from neutron_lib.api.definitions import portbindings from neutron_lib.api.definitions import provider_net from neutron_lib.api import validators @@ -25,6 +26,7 @@ from neutron_lib.callbacks import registry from neutron_lib.callbacks import resources from neutron_lib import constants as const from neutron_lib import exceptions as exc +from neutron_lib.exceptions import port_security as psec_exc from neutron_lib.plugins import directory from oslo_config import cfg from oslo_db import exception as os_db_exception @@ -74,7 +76,6 @@ from neutron.extensions import allowedaddresspairs as addr_pair from neutron.extensions import availability_zone as az_ext from neutron.extensions import extra_dhcp_opt as edo_ext from neutron.extensions import multiprovidernet as mpnet -from neutron.extensions import portsecurity as psec from neutron.extensions import providernet as provider from neutron.extensions import vlantransparent from neutron.plugins.ml2.common import exceptions as ml2_exc @@ -1074,7 +1075,7 @@ class Ml2Plugin(db_base_plugin_v2.NeutronDbPluginV2, if port_security: self._ensure_default_security_group_on_port(context, port) elif self._check_update_has_security_groups(port): - raise psec.PortSecurityAndIPRequiredForSecurityGroups() + raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups() def _setup_dhcp_agent_provisioning_component(self, context, port): subnet_ids = [f['subnet_id'] for f in port['fixed_ips']] @@ -1201,7 +1202,7 @@ class Ml2Plugin(db_base_plugin_v2.NeutronDbPluginV2, # checks if security groups were updated adding/modifying # security groups, port security is set if self._check_update_has_security_groups(port): - raise psec.PortSecurityAndIPRequiredForSecurityGroups() + raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups() elif (not self._check_update_deletes_security_groups(port)): # Update did not have security groups passed in. Check @@ -1212,7 +1213,7 @@ class Ml2Plugin(db_base_plugin_v2.NeutronDbPluginV2, context, filters) ) if security_groups: - raise psec.PortSecurityPortHasSecurityGroup() + raise psec_exc.PortSecurityPortHasSecurityGroup() @utils.transaction_guard @db_api.retry_if_session_inactive() diff --git a/neutron/plugins/ml2/rpc.py b/neutron/plugins/ml2/rpc.py index 959329e6c81..192bb9d44fb 100644 --- a/neutron/plugins/ml2/rpc.py +++ b/neutron/plugins/ml2/rpc.py @@ -13,6 +13,7 @@ # License for the specific language governing permissions and limitations # under the License. +from neutron_lib.api.definitions import port_security as psec from neutron_lib.api.definitions import portbindings from neutron_lib.callbacks import resources from neutron_lib import constants as n_const @@ -29,7 +30,6 @@ from neutron.common import rpc as n_rpc from neutron.common import topics from neutron.db import l3_hamode_db from neutron.db import provisioning_blocks -from neutron.extensions import portsecurity as psec from neutron.plugins.ml2 import db as ml2_db from neutron.plugins.ml2 import driver_api as api from neutron.plugins.ml2.drivers import type_tunnel diff --git a/neutron/tests/unit/db/test_allowedaddresspairs_db.py b/neutron/tests/unit/db/test_allowedaddresspairs_db.py index 04b005e5720..569af7e888d 100644 --- a/neutron/tests/unit/db/test_allowedaddresspairs_db.py +++ b/neutron/tests/unit/db/test_allowedaddresspairs_db.py @@ -13,6 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +from neutron_lib.api.definitions import port_security as psec from neutron_lib.api import validators from neutron_lib.plugins import directory from oslo_config import cfg @@ -22,7 +23,6 @@ from neutron.db import allowedaddresspairs_db as addr_pair_db from neutron.db import db_base_plugin_v2 from neutron.db import portsecurity_db from neutron.extensions import allowedaddresspairs as addr_pair -from neutron.extensions import portsecurity as psec from neutron.extensions import securitygroup as secgroup from neutron.tests.unit.db import test_db_base_plugin_v2 diff --git a/neutron/tests/unit/db/test_portsecurity_db_common.py b/neutron/tests/unit/db/test_portsecurity_db_common.py index aec67c92274..1fd38f36cf7 100644 --- a/neutron/tests/unit/db/test_portsecurity_db_common.py +++ b/neutron/tests/unit/db/test_portsecurity_db_common.py @@ -11,10 +11,10 @@ # under the License. import mock +from neutron_lib.api.definitions import port_security as psec from neutron.db import common_db_mixin from neutron.db import portsecurity_db_common as pdc -from neutron.extensions import portsecurity as psec from neutron.objects import base as objects_base from neutron.objects import network from neutron.objects.port.extensions import port_security as p_ps diff --git a/neutron/tests/unit/extensions/test_portsecurity.py b/neutron/tests/unit/extensions/test_portsecurity.py index ea17b53ace7..5d45c0b224a 100644 --- a/neutron/tests/unit/extensions/test_portsecurity.py +++ b/neutron/tests/unit/extensions/test_portsecurity.py @@ -13,8 +13,10 @@ # See the License for the specific language governing permissions and # limitations under the License. +from neutron_lib.api.definitions import port_security as psec from neutron_lib.api import validators from neutron_lib import context +from neutron_lib.exceptions import port_security as psec_exc from neutron_lib.plugins import directory from webob import exc @@ -23,7 +25,6 @@ from neutron.db import api as db_api from neutron.db import db_base_plugin_v2 from neutron.db import portsecurity_db from neutron.db import securitygroups_db -from neutron.extensions import portsecurity as psec from neutron.extensions import securitygroup as ext_sg from neutron.tests.unit.db import test_db_base_plugin_v2 from neutron.tests.unit.extensions import test_securitygroup @@ -98,7 +99,7 @@ class PortSecurityTestPlugin(db_base_plugin_v2.NeutronDbPluginV2, if (validators.is_attr_set(p.get(ext_sg.SECURITYGROUPS)) and not (port_security and has_ip)): - raise psec.PortSecurityAndIPRequiredForSecurityGroups() + raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups() # Port requires ip and port_security enabled for security group if has_ip and port_security: @@ -130,13 +131,13 @@ class PortSecurityTestPlugin(db_base_plugin_v2.NeutronDbPluginV2, # security groups, port security is set and port has ip if (has_security_groups and (not ret_port[psec.PORTSECURITY] or not has_ip)): - raise psec.PortSecurityAndIPRequiredForSecurityGroups() + raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups() # Port security/IP was updated off. Need to check that no security # groups are on port. if ret_port[psec.PORTSECURITY] is not True or not has_ip: if has_security_groups: - raise psec.PortSecurityAndIPRequiredForSecurityGroups() + raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups() # get security groups on port filters = {'port_id': [id]} @@ -144,7 +145,7 @@ class PortSecurityTestPlugin(db_base_plugin_v2.NeutronDbPluginV2, _get_port_security_group_bindings( context, filters)) if security_groups and not delete_security_groups: - raise psec.PortSecurityPortHasSecurityGroup() + raise psec_exc.PortSecurityPortHasSecurityGroup() if (delete_security_groups or has_security_groups): # delete the port binding and read it with the new rules. diff --git a/neutron/tests/unit/plugins/ml2/extensions/test_port_security.py b/neutron/tests/unit/plugins/ml2/extensions/test_port_security.py index 2f81d71445e..a3adae57f22 100644 --- a/neutron/tests/unit/plugins/ml2/extensions/test_port_security.py +++ b/neutron/tests/unit/plugins/ml2/extensions/test_port_security.py @@ -14,8 +14,8 @@ # under the License. import mock +from neutron_lib.api.definitions import port_security as psec -from neutron.extensions import portsecurity as psec from neutron.plugins.ml2.extensions import port_security from neutron.tests.unit.plugins.ml2 import test_plugin diff --git a/neutron/tests/unit/plugins/ml2/test_ext_portsecurity.py b/neutron/tests/unit/plugins/ml2/test_ext_portsecurity.py index b25353a1e14..a4ad16462ed 100644 --- a/neutron/tests/unit/plugins/ml2/test_ext_portsecurity.py +++ b/neutron/tests/unit/plugins/ml2/test_ext_portsecurity.py @@ -13,10 +13,10 @@ # License for the specific language governing permissions and limitations # under the License. +from neutron_lib.api.definitions import port_security as psec from neutron_lib import context from neutron_lib.plugins import directory -from neutron.extensions import portsecurity as psec from neutron.plugins.ml2 import config from neutron.tests.unit.extensions import test_portsecurity as test_psec from neutron.tests.unit.plugins.ml2 import test_plugin