Browse Source

NSX|V: Add condition for port update when using dup ip_address

Adding verification for port_update, when using same ip_address
for different ports in the same network.

Cherry-picked from: 1829355094
Change-Id: I0bba347e165147d42d71e1247feb76006fa4fdd1
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
changes/92/670492/1
Michal Kelner Mishali 2 months ago
parent
commit
1c8cb6b3be
1 changed files with 15 additions and 12 deletions
  1. 15
    12
      vmware_nsx/plugins/nsx_v/plugin.py

+ 15
- 12
vmware_nsx/plugins/nsx_v/plugin.py View File

@@ -1931,19 +1931,22 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
1931 1931
                         'supported at backend') % ip
1932 1932
                 raise n_exc.InvalidInput(error_message=msg)
1933 1933
 
1934
+    def _verify_cidr_defined(self, attrs):
1935
+        for ap in attrs[addr_apidef.ADDRESS_PAIRS]:
1936
+            # Check that the IP address is a subnet
1937
+            if len(ap['ip_address'].split('/')) > 1:
1938
+                msg = _('NSXv does not support CIDR as address pairs')
1939
+                raise n_exc.BadRequest(resource='address_pairs',
1940
+                                       msg=msg)
1941
+
1934 1942
     def _validate_address_pairs(self, context, attrs, db_port):
1935
-        self._validate_unique_address_pair_across_network(
1936
-            context, db_port, attrs[addr_apidef.ADDRESS_PAIRS])
1937
-        network_port_security = self._get_network_security_binding(
1938
-            context, db_port['network_id'])
1939
-        if (not cfg.CONF.nsxv.allow_multiple_ip_addresses and
1940
-                not network_port_security):
1941
-            for ap in attrs[addr_apidef.ADDRESS_PAIRS]:
1942
-                # Check that the IP address is a subnet
1943
-                    if len(ap['ip_address'].split('/')) > 1:
1944
-                        msg = _('NSXv does not support CIDR as address pairs')
1945
-                        raise n_exc.BadRequest(resource='address_pairs',
1946
-                                               msg=msg)
1943
+        # Ground rule - if spoofguard exists: all tests must take place.
1944
+        policy_id = nsxv_db.get_spoofguard_policy_id(context.session,
1945
+                                                     db_port['network_id'])
1946
+        if policy_id:
1947
+            self._validate_unique_address_pair_across_network(
1948
+                     context, db_port, attrs[addr_apidef.ADDRESS_PAIRS])
1949
+            self._verify_cidr_defined(attrs)
1947 1950
         # Check that the MAC address is the same as the port
1948 1951
         for ap in attrs[addr_apidef.ADDRESS_PAIRS]:
1949 1952
             if ('mac_address' in ap and

Loading…
Cancel
Save