diff --git a/doc/source/command-objects/port.rst b/doc/source/command-objects/port.rst index fe256d0940..3fa24b2976 100644 --- a/doc/source/command-objects/port.rst +++ b/doc/source/command-objects/port.rst @@ -28,6 +28,7 @@ Create new port [--mac-address ] [--security-group | --no-security-group] [--project [--project-domain ]] + [--enable-port-security | --disable-port-security] .. option:: --network @@ -94,6 +95,14 @@ Create new port Domain the project belongs to (name or ID). This can be used in case collisions between project names exist. +.. option:: --enable-port-security + + Enable port security for this port (Default) + +.. option:: --disable-port-security + + Disable port security for this port + .. _port_create-name: .. describe:: @@ -171,6 +180,7 @@ Set port properties [--name ] [--security-group ] [--no-security-group] + [--enable-port-security | --disable-port-security] .. option:: --fixed-ip subnet=,ip-address= @@ -236,6 +246,14 @@ Set port properties Clear existing security groups associated with this port +.. option:: --enable-port-security + + Enable port security for this port + +.. option:: --disable-port-security + + Disable port security for this port + .. _port_set-port: .. describe:: diff --git a/openstackclient/network/v2/port.py b/openstackclient/network/v2/port.py index 86174d535a..784adf19cb 100644 --- a/openstackclient/network/v2/port.py +++ b/openstackclient/network/v2/port.py @@ -146,6 +146,12 @@ def _get_attrs(client_manager, parsed_args): ).id attrs['tenant_id'] = project_id + if parsed_args.disable_port_security: + attrs['port_security_enabled'] = False + + if parsed_args.enable_port_security: + attrs['port_security_enabled'] = True + return attrs @@ -297,6 +303,17 @@ class CreatePort(command.ShowOne): action='store_true', help=_("Associate no security groups with this port") ) + port_security = parser.add_mutually_exclusive_group() + port_security.add_argument( + '--enable-port-security', + action='store_true', + help=_("Enable port security for this port (Default)") + ) + port_security.add_argument( + '--disable-port-security', + action='store_true', + help=_("Disable port security for this port") + ) return parser @@ -512,6 +529,17 @@ class SetPort(command.Command): action='store_true', help=_("Clear existing security groups associated with this port") ) + port_security = parser.add_mutually_exclusive_group() + port_security.add_argument( + '--enable-port-security', + action='store_true', + help=_("Enable port security for this port") + ) + port_security.add_argument( + '--disable-port-security', + action='store_true', + help=_("Disable port security for this port") + ) return parser diff --git a/openstackclient/tests/unit/network/v2/test_port.py b/openstackclient/tests/unit/network/v2/test_port.py index 4ff278a994..955df4dcf9 100644 --- a/openstackclient/tests/unit/network/v2/test_port.py +++ b/openstackclient/tests/unit/network/v2/test_port.py @@ -315,6 +315,54 @@ class TestCreatePort(TestPort): self.assertEqual(ref_columns, columns) self.assertEqual(ref_data, data) + def test_create_port_security_enabled(self): + arglist = [ + '--network', self._port.network_id, + '--enable-port-security', + 'test-port', + ] + verifylist = [ + ('network', self._port.network_id,), + ('enable', True), + ('enable_port_security', True), + ('name', 'test-port'), + ] + + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + + self.cmd.take_action(parsed_args) + + self.network.create_port.assert_called_once_with(**{ + 'admin_state_up': True, + 'network_id': self._port.network_id, + 'port_security_enabled': True, + 'name': 'test-port', + }) + + def test_create_port_security_disabled(self): + arglist = [ + '--network', self._port.network_id, + '--disable-port-security', + 'test-port', + ] + verifylist = [ + ('network', self._port.network_id,), + ('enable', True), + ('disable_port_security', True), + ('name', 'test-port'), + ] + + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + + self.cmd.take_action(parsed_args) + + self.network.create_port.assert_called_once_with(**{ + 'admin_state_up': True, + 'network_id': self._port.network_id, + 'port_security_enabled': False, + 'name': 'test-port', + }) + class TestDeletePort(TestPort): @@ -868,6 +916,42 @@ class TestSetPort(TestPort): self.network.update_port.assert_called_once_with(_testport, **attrs) self.assertIsNone(result) + def test_port_security_enabled(self): + arglist = [ + '--enable-port-security', + self._port.id, + ] + verifylist = [ + ('enable_port_security', True), + ('port', self._port.id,) + ] + + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + + self.cmd.take_action(parsed_args) + + self.network.update_port.assert_called_once_with(self._port, **{ + 'port_security_enabled': True, + }) + + def test_port_security_disabled(self): + arglist = [ + '--disable-port-security', + self._port.id, + ] + verifylist = [ + ('disable_port_security', True), + ('port', self._port.id,) + ] + + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + + self.cmd.take_action(parsed_args) + + self.network.update_port.assert_called_once_with(self._port, **{ + 'port_security_enabled': False, + }) + class TestShowPort(TestPort): diff --git a/releasenotes/notes/add-port-security-enabled-to-port-set-82b801d21d45e715.yaml b/releasenotes/notes/add-port-security-enabled-to-port-set-82b801d21d45e715.yaml new file mode 100644 index 0000000000..5bc3952139 --- /dev/null +++ b/releasenotes/notes/add-port-security-enabled-to-port-set-82b801d21d45e715.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Added ``--enable-port-security`` and ``--disable-port-security`` + options to ``port set`` and ``port create`` commands. + [Blueprint :oscbp:`network-commands-options`]