From 37c383826b20a7af80d255eceaf7b798f1cf1290 Mon Sep 17 00:00:00 2001 From: asarfaty Date: Wed, 10 Mar 2021 06:52:39 +0200 Subject: [PATCH] V2T migration: Validate direct vnic ports security disabled Change-Id: I66a8b2efe6d882c5247fdf9b2d118b0212ab31a7 --- vmware_nsx/shell/admin/plugins/nsxv/resources/migration.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/vmware_nsx/shell/admin/plugins/nsxv/resources/migration.py b/vmware_nsx/shell/admin/plugins/nsxv/resources/migration.py index f97d7cfd1e..f844844a9a 100644 --- a/vmware_nsx/shell/admin/plugins/nsxv/resources/migration.py +++ b/vmware_nsx/shell/admin/plugins/nsxv/resources/migration.py @@ -21,6 +21,7 @@ from oslo_utils import uuidutils from networking_l2gw.db.l2gateway import l2gateway_models from neutron.services.qos import qos_plugin from neutron_lib.api.definitions import allowedaddresspairs as addr_apidef +from neutron_lib.api.definitions import port_security as psec from neutron_lib.api.definitions import portbindings as pbin from neutron_lib.api.definitions import provider_net as pnet from neutron_lib.api import validators @@ -111,7 +112,8 @@ def _validate_ports(plugin, admin_context): log_error("Compute port %s on external network %s is " "not allowed." % (port['id'], net_id)) - # direct vnic ports are allowed only with vlan networks + # direct vnic ports are allowed only with vlan networks, and port + # security must be disabled vnic = port.get(pbin.VNIC_TYPE) if vnic in portbinding.VNIC_TYPES_DIRECT_PASSTHROUGH: net = plugin.get_network(admin_context, port['network_id']) @@ -120,6 +122,9 @@ def _validate_ports(plugin, admin_context): log_error("Port %s vnic type %s is not supported " "with network type %s." % (port['id'], vnic, net_type)) + elif port.get(psec.PORTSECURITY): + log_error("Security features are not supported for port %s " + "with vnic type %s." % (port['id'], vnic)) def _validate_networks(plugin, admin_context, transit_networks):