use neutron-lib port security api-def
The port security API definition has been in neutron-lib for awhile. This patch consumes the definition from neutron-lib. NeutronLibImpact - Consumers using the public definitions from neutron.extensions.portsecurity must now switch over to the api-def in neutron-lib. See the changes herein for additional details. Change-Id: If43b65861efc536d01c43dc0d2bbcbcf062c1271
This commit is contained in:
parent
90b01bb6ca
commit
2e56ba4526
|
@ -18,11 +18,12 @@ import contextlib
|
||||||
|
|
||||||
import six
|
import six
|
||||||
|
|
||||||
|
from neutron_lib.api.definitions import port_security as psec
|
||||||
from neutron_lib import constants as n_const
|
from neutron_lib import constants as n_const
|
||||||
|
|
||||||
import neutron.common.constants as const
|
import neutron.common.constants as const
|
||||||
from neutron.common import utils
|
from neutron.common import utils
|
||||||
from neutron.extensions import portsecurity as psec
|
|
||||||
|
|
||||||
INGRESS_DIRECTION = const.INGRESS_DIRECTION
|
INGRESS_DIRECTION = const.INGRESS_DIRECTION
|
||||||
EGRESS_DIRECTION = const.EGRESS_DIRECTION
|
EGRESS_DIRECTION = const.EGRESS_DIRECTION
|
||||||
|
|
|
@ -12,6 +12,7 @@
|
||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
|
from neutron_lib.api.definitions import port_security as psec
|
||||||
from neutron_lib.api import validators
|
from neutron_lib.api import validators
|
||||||
from neutron_lib.plugins import directory
|
from neutron_lib.plugins import directory
|
||||||
|
|
||||||
|
@ -19,7 +20,6 @@ from neutron.api.v2 import attributes as attrs
|
||||||
from neutron.common import utils
|
from neutron.common import utils
|
||||||
from neutron.db import _resource_extend as resource_extend
|
from neutron.db import _resource_extend as resource_extend
|
||||||
from neutron.db import portsecurity_db_common
|
from neutron.db import portsecurity_db_common
|
||||||
from neutron.extensions import portsecurity as psec
|
|
||||||
|
|
||||||
|
|
||||||
@resource_extend.has_resource_extenders
|
@resource_extend.has_resource_extenders
|
||||||
|
|
|
@ -12,8 +12,9 @@
|
||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
|
from neutron_lib.api.definitions import port_security as psec
|
||||||
|
|
||||||
from neutron.db import _utils as db_utils
|
from neutron.db import _utils as db_utils
|
||||||
from neutron.extensions import portsecurity as psec
|
|
||||||
from neutron.objects import network
|
from neutron.objects import network
|
||||||
from neutron.objects.port.extensions import port_security as p_ps
|
from neutron.objects.port.extensions import port_security as p_ps
|
||||||
|
|
||||||
|
|
|
@ -12,67 +12,10 @@
|
||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
from neutron_lib.api import converters
|
from neutron_lib.api.definitions import port_security
|
||||||
from neutron_lib.api import extensions
|
from neutron_lib.api import extensions
|
||||||
from neutron_lib import constants
|
|
||||||
from neutron_lib import exceptions as nexception
|
|
||||||
|
|
||||||
from neutron._i18n import _
|
|
||||||
|
|
||||||
|
|
||||||
DEFAULT_PORT_SECURITY = True
|
class Portsecurity(extensions.APIExtensionDescriptor):
|
||||||
|
|
||||||
|
|
||||||
class PortSecurityPortHasSecurityGroup(nexception.InUse):
|
|
||||||
message = _("Port has security group associated. Cannot disable port "
|
|
||||||
"security or ip address until security group is removed")
|
|
||||||
|
|
||||||
|
|
||||||
class PortSecurityAndIPRequiredForSecurityGroups(nexception.InvalidInput):
|
|
||||||
message = _("Port security must be enabled and port must have an IP"
|
|
||||||
" address in order to use security groups.")
|
|
||||||
|
|
||||||
|
|
||||||
PORTSECURITY = 'port_security_enabled'
|
|
||||||
EXTENDED_ATTRIBUTES_2_0 = {
|
|
||||||
'networks': {
|
|
||||||
PORTSECURITY: {'allow_post': True, 'allow_put': True,
|
|
||||||
'convert_to': converters.convert_to_boolean,
|
|
||||||
'enforce_policy': True,
|
|
||||||
'default': DEFAULT_PORT_SECURITY,
|
|
||||||
'is_visible': True},
|
|
||||||
},
|
|
||||||
'ports': {
|
|
||||||
PORTSECURITY: {'allow_post': True, 'allow_put': True,
|
|
||||||
'convert_to': converters.convert_to_boolean,
|
|
||||||
'default': constants.ATTR_NOT_SPECIFIED,
|
|
||||||
'enforce_policy': True,
|
|
||||||
'is_visible': True},
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
class Portsecurity(extensions.ExtensionDescriptor):
|
|
||||||
"""Extension class supporting port security."""
|
"""Extension class supporting port security."""
|
||||||
|
api_definition = port_security
|
||||||
@classmethod
|
|
||||||
def get_name(cls):
|
|
||||||
return "Port Security"
|
|
||||||
|
|
||||||
@classmethod
|
|
||||||
def get_alias(cls):
|
|
||||||
return "port-security"
|
|
||||||
|
|
||||||
@classmethod
|
|
||||||
def get_description(cls):
|
|
||||||
return "Provides port security"
|
|
||||||
|
|
||||||
@classmethod
|
|
||||||
def get_updated(cls):
|
|
||||||
return "2012-07-23T10:00:00-00:00"
|
|
||||||
|
|
||||||
def get_extended_resources(self, version):
|
|
||||||
if version == "2.0":
|
|
||||||
return EXTENDED_ATTRIBUTES_2_0
|
|
||||||
else:
|
|
||||||
return {}
|
|
||||||
|
|
|
@ -10,9 +10,9 @@
|
||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
|
from neutron_lib.api.definitions import port_security
|
||||||
from oslo_versionedobjects import fields as obj_fields
|
from oslo_versionedobjects import fields as obj_fields
|
||||||
|
|
||||||
from neutron.extensions import portsecurity
|
|
||||||
from neutron.objects import base
|
from neutron.objects import base
|
||||||
from neutron.objects import common_types
|
from neutron.objects import common_types
|
||||||
|
|
||||||
|
@ -21,7 +21,7 @@ class _PortSecurity(base.NeutronDbObject):
|
||||||
fields = {
|
fields = {
|
||||||
'id': common_types.UUIDField(),
|
'id': common_types.UUIDField(),
|
||||||
'port_security_enabled': obj_fields.BooleanField(
|
'port_security_enabled': obj_fields.BooleanField(
|
||||||
default=portsecurity.DEFAULT_PORT_SECURITY),
|
default=port_security.DEFAULT_PORT_SECURITY),
|
||||||
}
|
}
|
||||||
|
|
||||||
foreign_keys = {
|
foreign_keys = {
|
||||||
|
|
|
@ -13,6 +13,7 @@
|
||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
|
from neutron_lib.api.definitions import port_security as psec
|
||||||
from neutron_lib.api import validators
|
from neutron_lib.api import validators
|
||||||
from oslo_log import log as logging
|
from oslo_log import log as logging
|
||||||
|
|
||||||
|
@ -20,7 +21,6 @@ from neutron._i18n import _LI
|
||||||
from neutron.common import utils
|
from neutron.common import utils
|
||||||
from neutron.db import common_db_mixin
|
from neutron.db import common_db_mixin
|
||||||
from neutron.db import portsecurity_db_common as ps_db_common
|
from neutron.db import portsecurity_db_common as ps_db_common
|
||||||
from neutron.extensions import portsecurity as psec
|
|
||||||
from neutron.plugins.ml2 import driver_api as api
|
from neutron.plugins.ml2 import driver_api as api
|
||||||
|
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
|
@ -16,6 +16,7 @@
|
||||||
import copy
|
import copy
|
||||||
|
|
||||||
from eventlet import greenthread
|
from eventlet import greenthread
|
||||||
|
from neutron_lib.api.definitions import port_security as psec
|
||||||
from neutron_lib.api.definitions import portbindings
|
from neutron_lib.api.definitions import portbindings
|
||||||
from neutron_lib.api.definitions import provider_net
|
from neutron_lib.api.definitions import provider_net
|
||||||
from neutron_lib.api import validators
|
from neutron_lib.api import validators
|
||||||
|
@ -25,6 +26,7 @@ from neutron_lib.callbacks import registry
|
||||||
from neutron_lib.callbacks import resources
|
from neutron_lib.callbacks import resources
|
||||||
from neutron_lib import constants as const
|
from neutron_lib import constants as const
|
||||||
from neutron_lib import exceptions as exc
|
from neutron_lib import exceptions as exc
|
||||||
|
from neutron_lib.exceptions import port_security as psec_exc
|
||||||
from neutron_lib.plugins import directory
|
from neutron_lib.plugins import directory
|
||||||
from oslo_config import cfg
|
from oslo_config import cfg
|
||||||
from oslo_db import exception as os_db_exception
|
from oslo_db import exception as os_db_exception
|
||||||
|
@ -74,7 +76,6 @@ from neutron.extensions import allowedaddresspairs as addr_pair
|
||||||
from neutron.extensions import availability_zone as az_ext
|
from neutron.extensions import availability_zone as az_ext
|
||||||
from neutron.extensions import extra_dhcp_opt as edo_ext
|
from neutron.extensions import extra_dhcp_opt as edo_ext
|
||||||
from neutron.extensions import multiprovidernet as mpnet
|
from neutron.extensions import multiprovidernet as mpnet
|
||||||
from neutron.extensions import portsecurity as psec
|
|
||||||
from neutron.extensions import providernet as provider
|
from neutron.extensions import providernet as provider
|
||||||
from neutron.extensions import vlantransparent
|
from neutron.extensions import vlantransparent
|
||||||
from neutron.plugins.ml2.common import exceptions as ml2_exc
|
from neutron.plugins.ml2.common import exceptions as ml2_exc
|
||||||
|
@ -1074,7 +1075,7 @@ class Ml2Plugin(db_base_plugin_v2.NeutronDbPluginV2,
|
||||||
if port_security:
|
if port_security:
|
||||||
self._ensure_default_security_group_on_port(context, port)
|
self._ensure_default_security_group_on_port(context, port)
|
||||||
elif self._check_update_has_security_groups(port):
|
elif self._check_update_has_security_groups(port):
|
||||||
raise psec.PortSecurityAndIPRequiredForSecurityGroups()
|
raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
|
||||||
|
|
||||||
def _setup_dhcp_agent_provisioning_component(self, context, port):
|
def _setup_dhcp_agent_provisioning_component(self, context, port):
|
||||||
subnet_ids = [f['subnet_id'] for f in port['fixed_ips']]
|
subnet_ids = [f['subnet_id'] for f in port['fixed_ips']]
|
||||||
|
@ -1201,7 +1202,7 @@ class Ml2Plugin(db_base_plugin_v2.NeutronDbPluginV2,
|
||||||
# checks if security groups were updated adding/modifying
|
# checks if security groups were updated adding/modifying
|
||||||
# security groups, port security is set
|
# security groups, port security is set
|
||||||
if self._check_update_has_security_groups(port):
|
if self._check_update_has_security_groups(port):
|
||||||
raise psec.PortSecurityAndIPRequiredForSecurityGroups()
|
raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
|
||||||
elif (not
|
elif (not
|
||||||
self._check_update_deletes_security_groups(port)):
|
self._check_update_deletes_security_groups(port)):
|
||||||
# Update did not have security groups passed in. Check
|
# Update did not have security groups passed in. Check
|
||||||
|
@ -1212,7 +1213,7 @@ class Ml2Plugin(db_base_plugin_v2.NeutronDbPluginV2,
|
||||||
context, filters)
|
context, filters)
|
||||||
)
|
)
|
||||||
if security_groups:
|
if security_groups:
|
||||||
raise psec.PortSecurityPortHasSecurityGroup()
|
raise psec_exc.PortSecurityPortHasSecurityGroup()
|
||||||
|
|
||||||
@utils.transaction_guard
|
@utils.transaction_guard
|
||||||
@db_api.retry_if_session_inactive()
|
@db_api.retry_if_session_inactive()
|
||||||
|
|
|
@ -13,6 +13,7 @@
|
||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
|
from neutron_lib.api.definitions import port_security as psec
|
||||||
from neutron_lib.api.definitions import portbindings
|
from neutron_lib.api.definitions import portbindings
|
||||||
from neutron_lib.callbacks import resources
|
from neutron_lib.callbacks import resources
|
||||||
from neutron_lib import constants as n_const
|
from neutron_lib import constants as n_const
|
||||||
|
@ -29,7 +30,6 @@ from neutron.common import rpc as n_rpc
|
||||||
from neutron.common import topics
|
from neutron.common import topics
|
||||||
from neutron.db import l3_hamode_db
|
from neutron.db import l3_hamode_db
|
||||||
from neutron.db import provisioning_blocks
|
from neutron.db import provisioning_blocks
|
||||||
from neutron.extensions import portsecurity as psec
|
|
||||||
from neutron.plugins.ml2 import db as ml2_db
|
from neutron.plugins.ml2 import db as ml2_db
|
||||||
from neutron.plugins.ml2 import driver_api as api
|
from neutron.plugins.ml2 import driver_api as api
|
||||||
from neutron.plugins.ml2.drivers import type_tunnel
|
from neutron.plugins.ml2.drivers import type_tunnel
|
||||||
|
|
|
@ -13,6 +13,7 @@
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
|
from neutron_lib.api.definitions import port_security as psec
|
||||||
from neutron_lib.api import validators
|
from neutron_lib.api import validators
|
||||||
from neutron_lib.plugins import directory
|
from neutron_lib.plugins import directory
|
||||||
from oslo_config import cfg
|
from oslo_config import cfg
|
||||||
|
@ -22,7 +23,6 @@ from neutron.db import allowedaddresspairs_db as addr_pair_db
|
||||||
from neutron.db import db_base_plugin_v2
|
from neutron.db import db_base_plugin_v2
|
||||||
from neutron.db import portsecurity_db
|
from neutron.db import portsecurity_db
|
||||||
from neutron.extensions import allowedaddresspairs as addr_pair
|
from neutron.extensions import allowedaddresspairs as addr_pair
|
||||||
from neutron.extensions import portsecurity as psec
|
|
||||||
from neutron.extensions import securitygroup as secgroup
|
from neutron.extensions import securitygroup as secgroup
|
||||||
from neutron.tests.unit.db import test_db_base_plugin_v2
|
from neutron.tests.unit.db import test_db_base_plugin_v2
|
||||||
|
|
||||||
|
|
|
@ -11,10 +11,10 @@
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
import mock
|
import mock
|
||||||
|
from neutron_lib.api.definitions import port_security as psec
|
||||||
|
|
||||||
from neutron.db import common_db_mixin
|
from neutron.db import common_db_mixin
|
||||||
from neutron.db import portsecurity_db_common as pdc
|
from neutron.db import portsecurity_db_common as pdc
|
||||||
from neutron.extensions import portsecurity as psec
|
|
||||||
from neutron.objects import base as objects_base
|
from neutron.objects import base as objects_base
|
||||||
from neutron.objects import network
|
from neutron.objects import network
|
||||||
from neutron.objects.port.extensions import port_security as p_ps
|
from neutron.objects.port.extensions import port_security as p_ps
|
||||||
|
|
|
@ -13,8 +13,10 @@
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
|
from neutron_lib.api.definitions import port_security as psec
|
||||||
from neutron_lib.api import validators
|
from neutron_lib.api import validators
|
||||||
from neutron_lib import context
|
from neutron_lib import context
|
||||||
|
from neutron_lib.exceptions import port_security as psec_exc
|
||||||
from neutron_lib.plugins import directory
|
from neutron_lib.plugins import directory
|
||||||
from webob import exc
|
from webob import exc
|
||||||
|
|
||||||
|
@ -23,7 +25,6 @@ from neutron.db import api as db_api
|
||||||
from neutron.db import db_base_plugin_v2
|
from neutron.db import db_base_plugin_v2
|
||||||
from neutron.db import portsecurity_db
|
from neutron.db import portsecurity_db
|
||||||
from neutron.db import securitygroups_db
|
from neutron.db import securitygroups_db
|
||||||
from neutron.extensions import portsecurity as psec
|
|
||||||
from neutron.extensions import securitygroup as ext_sg
|
from neutron.extensions import securitygroup as ext_sg
|
||||||
from neutron.tests.unit.db import test_db_base_plugin_v2
|
from neutron.tests.unit.db import test_db_base_plugin_v2
|
||||||
from neutron.tests.unit.extensions import test_securitygroup
|
from neutron.tests.unit.extensions import test_securitygroup
|
||||||
|
@ -98,7 +99,7 @@ class PortSecurityTestPlugin(db_base_plugin_v2.NeutronDbPluginV2,
|
||||||
|
|
||||||
if (validators.is_attr_set(p.get(ext_sg.SECURITYGROUPS)) and
|
if (validators.is_attr_set(p.get(ext_sg.SECURITYGROUPS)) and
|
||||||
not (port_security and has_ip)):
|
not (port_security and has_ip)):
|
||||||
raise psec.PortSecurityAndIPRequiredForSecurityGroups()
|
raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
|
||||||
|
|
||||||
# Port requires ip and port_security enabled for security group
|
# Port requires ip and port_security enabled for security group
|
||||||
if has_ip and port_security:
|
if has_ip and port_security:
|
||||||
|
@ -130,13 +131,13 @@ class PortSecurityTestPlugin(db_base_plugin_v2.NeutronDbPluginV2,
|
||||||
# security groups, port security is set and port has ip
|
# security groups, port security is set and port has ip
|
||||||
if (has_security_groups and (not ret_port[psec.PORTSECURITY]
|
if (has_security_groups and (not ret_port[psec.PORTSECURITY]
|
||||||
or not has_ip)):
|
or not has_ip)):
|
||||||
raise psec.PortSecurityAndIPRequiredForSecurityGroups()
|
raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
|
||||||
|
|
||||||
# Port security/IP was updated off. Need to check that no security
|
# Port security/IP was updated off. Need to check that no security
|
||||||
# groups are on port.
|
# groups are on port.
|
||||||
if ret_port[psec.PORTSECURITY] is not True or not has_ip:
|
if ret_port[psec.PORTSECURITY] is not True or not has_ip:
|
||||||
if has_security_groups:
|
if has_security_groups:
|
||||||
raise psec.PortSecurityAndIPRequiredForSecurityGroups()
|
raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
|
||||||
|
|
||||||
# get security groups on port
|
# get security groups on port
|
||||||
filters = {'port_id': [id]}
|
filters = {'port_id': [id]}
|
||||||
|
@ -144,7 +145,7 @@ class PortSecurityTestPlugin(db_base_plugin_v2.NeutronDbPluginV2,
|
||||||
_get_port_security_group_bindings(
|
_get_port_security_group_bindings(
|
||||||
context, filters))
|
context, filters))
|
||||||
if security_groups and not delete_security_groups:
|
if security_groups and not delete_security_groups:
|
||||||
raise psec.PortSecurityPortHasSecurityGroup()
|
raise psec_exc.PortSecurityPortHasSecurityGroup()
|
||||||
|
|
||||||
if (delete_security_groups or has_security_groups):
|
if (delete_security_groups or has_security_groups):
|
||||||
# delete the port binding and read it with the new rules.
|
# delete the port binding and read it with the new rules.
|
||||||
|
|
|
@ -14,8 +14,8 @@
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
import mock
|
import mock
|
||||||
|
from neutron_lib.api.definitions import port_security as psec
|
||||||
|
|
||||||
from neutron.extensions import portsecurity as psec
|
|
||||||
from neutron.plugins.ml2.extensions import port_security
|
from neutron.plugins.ml2.extensions import port_security
|
||||||
from neutron.tests.unit.plugins.ml2 import test_plugin
|
from neutron.tests.unit.plugins.ml2 import test_plugin
|
||||||
|
|
||||||
|
|
|
@ -13,10 +13,10 @@
|
||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
|
from neutron_lib.api.definitions import port_security as psec
|
||||||
from neutron_lib import context
|
from neutron_lib import context
|
||||||
from neutron_lib.plugins import directory
|
from neutron_lib.plugins import directory
|
||||||
|
|
||||||
from neutron.extensions import portsecurity as psec
|
|
||||||
from neutron.plugins.ml2 import config
|
from neutron.plugins.ml2 import config
|
||||||
from neutron.tests.unit.extensions import test_portsecurity as test_psec
|
from neutron.tests.unit.extensions import test_portsecurity as test_psec
|
||||||
from neutron.tests.unit.plugins.ml2 import test_plugin
|
from neutron.tests.unit.plugins.ml2 import test_plugin
|
||||||
|
|
Loading…
Reference in New Issue