OpenStack Networking (Neutron)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 

68 lines
2.8 KiB

  1. # Copyright 2013 VMware, Inc. All rights reserved.
  2. #
  3. # Licensed under the Apache License, Version 2.0 (the "License"); you may
  4. # not use this file except in compliance with the License. You may obtain
  5. # a copy of the License at
  6. #
  7. # http://www.apache.org/licenses/LICENSE-2.0
  8. #
  9. # Unless required by applicable law or agreed to in writing, software
  10. # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  11. # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
  12. # License for the specific language governing permissions and limitations
  13. # under the License.
  14. from neutron_lib.api.definitions import network as net_def
  15. from neutron_lib.api.definitions import port as port_def
  16. from neutron_lib.api.definitions import port_security as psec
  17. from neutron_lib.api import validators
  18. from neutron_lib.db import resource_extend
  19. from neutron_lib.plugins import directory
  20. from neutron_lib.utils import net
  21. from neutron.db import portsecurity_db_common
  22. @resource_extend.has_resource_extenders
  23. class PortSecurityDbMixin(portsecurity_db_common.PortSecurityDbCommon):
  24. @staticmethod
  25. @resource_extend.extends([net_def.COLLECTION_NAME,
  26. port_def.COLLECTION_NAME])
  27. def _extend_port_security_dict(response_data, db_data):
  28. plugin = directory.get_plugin()
  29. if ('port-security' in
  30. getattr(plugin, 'supported_extension_aliases', [])):
  31. super(PortSecurityDbMixin, plugin)._extend_port_security_dict(
  32. response_data, db_data)
  33. def _determine_port_security_and_has_ip(self, context, port):
  34. """Returns a tuple of booleans (port_security_enabled, has_ip).
  35. Port_security is the value associated with the port if one is present
  36. otherwise the value associated with the network is returned. has_ip is
  37. if the port is associated with an ip or not.
  38. """
  39. has_ip = self._ip_on_port(port)
  40. # we don't apply security groups for dhcp, router
  41. if port.get('device_owner') and net.is_port_trusted(port):
  42. return (False, has_ip)
  43. if validators.is_attr_set(port.get(psec.PORTSECURITY)):
  44. port_security_enabled = port[psec.PORTSECURITY]
  45. # If port has an ip and security_groups are passed in
  46. # conveniently set port_security_enabled to true this way
  47. # user doesn't also have to pass in port_security_enabled=True
  48. # when creating ports.
  49. elif has_ip and validators.is_attr_set(port.get('security_groups')):
  50. port_security_enabled = True
  51. else:
  52. port_security_enabled = self._get_network_security_binding(
  53. context, port['network_id'])
  54. return (port_security_enabled, has_ip)
  55. def _ip_on_port(self, port):
  56. return bool(port.get('fixed_ips'))