Merge "Add logging to help detect port security conflicts"

2018-02-09 19:07:52 +00:00 · 2018-02-09 19:07:52 +00:00 · 6030d61b1d
commit 6030d61b1d
parent 82dc407f58 a9003e29a7
2 changed files with 10 additions and 0 deletions
--- a/vmware_nsx/plugins/nsx_v/plugin.py
+++ b/vmware_nsx/plugins/nsx_v/plugin.py
@ -1914,6 +1914,8 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
                (sgids, ssgids) = self._get_port_security_groups_lists(
                    context, port)
            elif (has_security_groups or provider_sg_specified):
+                LOG.error("Port has conflicting port security status and "
+                          "security groups")
                raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
            else:
                sgids = ssgids = []
@ -2224,11 +2226,15 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
            # then port has ip and port-security
            if not (has_ip and has_port_security):
                if has_security_groups or provider_sgs_specified:
+                    LOG.error("Port has conflicting port security status and "
+                              "security groups")
                    raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
                if ((not delete_security_groups
                     and original_port[ext_sg.SECURITYGROUPS]) or
                        (not delete_provider_sg and
                         original_port[provider_sg.PROVIDER_SECURITYGROUPS])):
+                    LOG.error("Port has conflicting port security status and "
+                              "security groups")
                    raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()

            if delete_security_groups or has_security_groups:
--- a/vmware_nsx/plugins/nsx_v3/plugin.py
+++ b/vmware_nsx/plugins/nsx_v3/plugin.py
@ -2064,6 +2064,8 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
        elif (self._check_update_has_security_groups({'port': port_data}) or
              self._provider_sgs_specified(port_data) or
              self._get_provider_security_groups_on_port(context, port)):
+            LOG.error("Port has conflicting port security status and "
+                      "security groups")
            raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
        else:
            sgids = psgids = []
@ -2737,6 +2739,8 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
        if (validate_port_sec and
            not (has_ip and updated_port[psec.PORTSECURITY])):
            if has_security_groups or provider_sgs_specified:
+                LOG.error("Port has conflicting port security status and "
+                          "security groups")
                raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
            # Update did not have security groups passed in. Check
            # that port does not have any security groups already on it.