From a5ccc2358dcc2cee5bc8db6a4448f58bae40b67b Mon Sep 17 00:00:00 2001 From: Aaron Rosen Date: Wed, 8 Jan 2014 13:10:54 -0800 Subject: [PATCH] Don't require passing in port_security=False if security_groups present If creating a port on a network that is marked as port_security_enabled=False and one passes in a security_group in the port_create request previously an error was raised saying they needed to also pass in port_security_enabled=False. This patch removes that requirement and instead sets port_security_enabled=True internally if a port has an ip_address and a security_group is passed in. This is more convient and does not break backwards compatibility. Closes-bug: #1267249 Change-Id: Ifb5a5511f016a5d8c5b5075c9fdc27279cdd9bb5 --- neutron/db/portsecurity_db.py | 7 ++++++ .../tests/unit/test_extension_portsecurity.py | 22 +++++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/neutron/db/portsecurity_db.py b/neutron/db/portsecurity_db.py index e5ad6b19d4..cefe85fb66 100644 --- a/neutron/db/portsecurity_db.py +++ b/neutron/db/portsecurity_db.py @@ -161,6 +161,13 @@ class PortSecurityDbMixin(object): if (psec.PORTSECURITY in port and isinstance(port[psec.PORTSECURITY], bool)): port_security_enabled = port[psec.PORTSECURITY] + + # If port has an ip and security_groups are passed in + # conveniently set port_security_enabled to true this way + # user doesn't also have to pass in port_security_enabled=True + # when creating ports. + elif (has_ip and attrs.is_attr_set('security_groups')): + port_security_enabled = True else: port_security_enabled = self._get_network_security_binding( context, port['network_id']) diff --git a/neutron/tests/unit/test_extension_portsecurity.py b/neutron/tests/unit/test_extension_portsecurity.py index cdee466859..a90e7a2cba 100644 --- a/neutron/tests/unit/test_extension_portsecurity.py +++ b/neutron/tests/unit/test_extension_portsecurity.py @@ -263,6 +263,28 @@ class TestPortSecurity(PortSecurityDBTestCase): self.assertEqual(len(port['port'][ext_sg.SECURITYGROUPS]), 1) self._delete('ports', port['port']['id']) + def test_create_port_with_security_group_and_net_sec_false(self): + # This tests that port_security_enabled is true when creating + # a port on a network that is marked as port_security_enabled=False + # that has a subnet and securiy_groups are passed it. + if self._skip_security_group: + self.skipTest("Plugin does not support security groups") + res = self._create_network('json', 'net1', True, + arg_list=('port_security_enabled',), + port_security_enabled=False) + net = self.deserialize('json', res) + self._create_subnet('json', net['network']['id'], '10.0.0.0/24') + security_group = self.deserialize( + 'json', self._create_security_group(self.fmt, 'asdf', 'asdf')) + security_group_id = security_group['security_group']['id'] + res = self._create_port('json', net['network']['id'], + arg_list=('security_groups',), + security_groups=[security_group_id]) + port = self.deserialize('json', res) + self.assertEqual(port['port'][psec.PORTSECURITY], True) + self.assertEqual(port['port']['security_groups'], [security_group_id]) + self._delete('ports', port['port']['id']) + def test_update_port_security_off_with_security_group(self): if self._skip_security_group: self.skipTest("Plugin does not support security groups")