V2T migration: Validate direct vnic ports security disabled

Change-Id: I66a8b2efe6d882c5247fdf9b2d118b0212ab31a7
This commit is contained in:
asarfaty 2021-03-10 06:52:39 +02:00 committed by Adit Sarfaty
parent a2de3aa2d9
commit 37c383826b
1 changed files with 6 additions and 1 deletions

View File

@ -21,6 +21,7 @@ from oslo_utils import uuidutils
from networking_l2gw.db.l2gateway import l2gateway_models from networking_l2gw.db.l2gateway import l2gateway_models
from neutron.services.qos import qos_plugin from neutron.services.qos import qos_plugin
from neutron_lib.api.definitions import allowedaddresspairs as addr_apidef from neutron_lib.api.definitions import allowedaddresspairs as addr_apidef
from neutron_lib.api.definitions import port_security as psec
from neutron_lib.api.definitions import portbindings as pbin from neutron_lib.api.definitions import portbindings as pbin
from neutron_lib.api.definitions import provider_net as pnet from neutron_lib.api.definitions import provider_net as pnet
from neutron_lib.api import validators from neutron_lib.api import validators
@ -111,7 +112,8 @@ def _validate_ports(plugin, admin_context):
log_error("Compute port %s on external network %s is " log_error("Compute port %s on external network %s is "
"not allowed." % (port['id'], net_id)) "not allowed." % (port['id'], net_id))
# direct vnic ports are allowed only with vlan networks # direct vnic ports are allowed only with vlan networks, and port
# security must be disabled
vnic = port.get(pbin.VNIC_TYPE) vnic = port.get(pbin.VNIC_TYPE)
if vnic in portbinding.VNIC_TYPES_DIRECT_PASSTHROUGH: if vnic in portbinding.VNIC_TYPES_DIRECT_PASSTHROUGH:
net = plugin.get_network(admin_context, port['network_id']) net = plugin.get_network(admin_context, port['network_id'])
@ -120,6 +122,9 @@ def _validate_ports(plugin, admin_context):
log_error("Port %s vnic type %s is not supported " log_error("Port %s vnic type %s is not supported "
"with network type %s." % (port['id'], "with network type %s." % (port['id'],
vnic, net_type)) vnic, net_type))
elif port.get(psec.PORTSECURITY):
log_error("Security features are not supported for port %s "
"with vnic type %s." % (port['id'], vnic))
def _validate_networks(plugin, admin_context, transit_networks): def _validate_networks(plugin, admin_context, transit_networks):