NSX|V: Add condition for port update when using dup ip_address

Adding verification for port_update, when using same ip_address for different ports in the same network. Cherry-picked from: 1829355094 Change-Id: I0bba347e165147d42d71e1247feb76006fa4fdd1 Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
2019-07-09 13:39:27 +03:00 · 2019-07-09 13:39:27 +03:00 · 1c8cb6b3be
parent 32de032928
commit 1c8cb6b3be
1 changed files with 15 additions and 12 deletions
--- a/vmware_nsx/plugins/nsx_v/plugin.py
+++ b/vmware_nsx/plugins/nsx_v/plugin.py
@ -1931,19 +1931,22 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
                        'supported at backend') % ip
                raise n_exc.InvalidInput(error_message=msg)

+    def _verify_cidr_defined(self, attrs):
+        for ap in attrs[addr_apidef.ADDRESS_PAIRS]:
+            # Check that the IP address is a subnet
+            if len(ap['ip_address'].split('/')) > 1:
+                msg = _('NSXv does not support CIDR as address pairs')
+                raise n_exc.BadRequest(resource='address_pairs',
+                                       msg=msg)
+
    def _validate_address_pairs(self, context, attrs, db_port):
-        self._validate_unique_address_pair_across_network(
-            context, db_port, attrs[addr_apidef.ADDRESS_PAIRS])
-        network_port_security = self._get_network_security_binding(
-            context, db_port['network_id'])
-        if (not cfg.CONF.nsxv.allow_multiple_ip_addresses and
-                not network_port_security):
-            for ap in attrs[addr_apidef.ADDRESS_PAIRS]:
-                # Check that the IP address is a subnet
-                    if len(ap['ip_address'].split('/')) > 1:
-                        msg = _('NSXv does not support CIDR as address pairs')
-                        raise n_exc.BadRequest(resource='address_pairs',
-                                               msg=msg)
+        # Ground rule - if spoofguard exists: all tests must take place.
+        policy_id = nsxv_db.get_spoofguard_policy_id(context.session,
+                                                     db_port['network_id'])
+        if policy_id:
+            self._validate_unique_address_pair_across_network(
+                     context, db_port, attrs[addr_apidef.ADDRESS_PAIRS])
+            self._verify_cidr_defined(attrs)
        # Check that the MAC address is the same as the port
        for ap in attrs[addr_apidef.ADDRESS_PAIRS]:
            if ('mac_address' in ap and