Tenant network sg toggle

JIRA:NCP-1734 Conflicts: quark/plugin_modules/ports.py
2015-10-14 13:19:46 -05:00
parent acd5c0b673
commit e497a55a14
3 changed files with 10 additions and 3 deletions
--- a/quark/environment.py
+++ b/quark/environment.py
@@ -22,6 +22,7 @@ CONF = cfg.CONF
 class Capabilities(object):
    SECURITY_GROUPS = "security_groups"
    EGRESS = "egress"
+    TENANT_NETWORK_SG = "tenant_network_sg"


 quark_opts = [
--- a/quark/exceptions.py
+++ b/quark/exceptions.py
@@ -121,6 +121,11 @@ class SecurityGroupsNotImplemented(exceptions.InvalidInput):
                "create")


+class TenantNetworkSecurityGroupRulesNotEnabled(exceptions.InvalidInput):
+    message = _("Tenant network security group rules are not currently "
+                "allowed by environment_capabilities configuration.")
+
+
 class EgressSecurityGroupRulesNotEnabled(exceptions.InvalidInput):
    message = _("Egress security group rules are not currently allowed "
                "by environment_capabilities configuration.")
--- a/quark/plugin_modules/ports.py
+++ b/quark/plugin_modules/ports.py
@@ -297,10 +297,11 @@ def update_port(context, id, port):
                                 fixed_ips_per_port=len(fixed_ips))

    new_security_groups = utils.pop_param(port_dict, "security_groups")
-    if Capabilities.SECURITY_GROUPS not in CONF.QUARK.environment_capabilities:
-        if new_security_groups is not None:
+    if new_security_groups is not None:
+        if (Capabilities.TENANT_NETWORK_SG not in
+                CONF.QUARK.environment_capabilities):
            if not STRATEGY.is_provider_network(port_db["network_id"]):
-                raise q_exc.TenantNetworkSecurityGroupsNotImplemented()
+                raise q_exc.TenantNetworkSecurityGroupRulesNotEnabled()

    if new_security_groups is not None and not port_db["device_id"]:
        raise q_exc.SecurityGroupsRequireDevice()