From 8b91fd814d014300abd409d05beedc17ee70a2d5 Mon Sep 17 00:00:00 2001
From: Gary Kotton <gkotton@vmware.com>
Date: Wed, 24 Jan 2018 01:11:36 -0800
Subject: [PATCH] NSX_V3: add flag to indicate if ENS networks can be created
Enable admin to control if ENS networks can be used.
In nsx_v3 section a new flag ens_support is added.
Change-Id: I99b885072964870fe61a26a5bab71c7ed0790c87
---
releasenotes/notes/ens_support-49dbc626ba1b16be.yaml | 8 ++++++++
vmware_nsx/common/config.py | 5 ++++-
vmware_nsx/plugins/nsx_v3/plugin.py | 2 ++
vmware_nsx/tests/unit/nsx_v3/test_plugin.py | 3 +++
4 files changed, 17 insertions(+), 1 deletion(-)
create mode 100644 releasenotes/notes/ens_support-49dbc626ba1b16be.yaml
diff --git a/releasenotes/notes/ens_support-49dbc626ba1b16be.yaml b/releasenotes/notes/ens_support-49dbc626ba1b16be.yaml
new file mode 100644
index 0000000000..9068771af1
--- /dev/null
+++ b/releasenotes/notes/ens_support-49dbc626ba1b16be.yaml
@@ -0,0 +1,8 @@
+---
+prelude: >
+ Add a configuration variable indicating that ENS transport zones can be
+ used.
+features:
+ - |
+ Add a new configuration variable ``ens_support`` to the ``nsx_v3`` section.
+ This indicates if a tenant or admin can create ENS networks.
diff --git a/vmware_nsx/common/config.py b/vmware_nsx/common/config.py
index 24d0b0907f..0e2fa124a2 100644
--- a/vmware_nsx/common/config.py
+++ b/vmware_nsx/common/config.py
@@ -434,7 +434,10 @@ nsx_v3_opts = [
help=_("Optional parameter defining a list switching profiles "
"uuids that will be attached to all neutron created "
"nsx ports.")),
-
+ cfg.BoolOpt('ens_support',
+ default=False,
+ help=_("(Optional) Indicates whether ENS transport zones can "
+ "be used")),
]
DEFAULT_STATUS_CHECK_INTERVAL = 2000
diff --git a/vmware_nsx/plugins/nsx_v3/plugin.py b/vmware_nsx/plugins/nsx_v3/plugin.py
index 5a0dcd3aeb..8660f0777e 100644
--- a/vmware_nsx/plugins/nsx_v3/plugin.py
+++ b/vmware_nsx/plugins/nsx_v3/plugin.py
@@ -911,6 +911,8 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
if (provider_data['switch_mode'] ==
self.nsxlib.transport_zone.HOST_SWITCH_MODE_ENS):
+ if not cfg.CONF.nsx_v3.ens_support:
+ raise NotImplementedError(_("ENS support is disabled"))
if net_data.get(psec.PORTSECURITY):
raise nsx_exc.NsxENSPortSecurity()
# set the default port security to False
diff --git a/vmware_nsx/tests/unit/nsx_v3/test_plugin.py b/vmware_nsx/tests/unit/nsx_v3/test_plugin.py
index 8e747c6eaf..c0719f8bbb 100644
--- a/vmware_nsx/tests/unit/nsx_v3/test_plugin.py
+++ b/vmware_nsx/tests/unit/nsx_v3/test_plugin.py
@@ -465,6 +465,7 @@ class TestNetworksV2(test_plugin.TestNetworksV2, NsxV3PluginTestCaseMixin):
self.assertEqual('InvalidInput', data['NeutronError']['type'])
def test_create_ens_network_with_no_port_sec(self):
+ cfg.CONF.set_override('ens_support', True, 'nsx_v3')
providernet_args = {psec.PORTSECURITY: False}
with mock.patch("vmware_nsxlib.v3.core_resources.NsxLibTransportZone."
"get_host_switch_mode", return_value="ENS"),\
@@ -481,6 +482,7 @@ class TestNetworksV2(test_plugin.TestNetworksV2, NsxV3PluginTestCaseMixin):
self.assertFalse(res['network']['port_security_enabled'])
def test_create_ens_network_with_port_sec(self):
+ cfg.CONF.set_override('ens_support', True, 'nsx_v3')
providernet_args = {psec.PORTSECURITY: True}
with mock.patch("vmware_nsxlib.v3.core_resources.NsxLibTransportZone."
"get_host_switch_mode", return_value="ENS"),\
@@ -497,6 +499,7 @@ class TestNetworksV2(test_plugin.TestNetworksV2, NsxV3PluginTestCaseMixin):
res['NeutronError']['type'])
def test_update_ens_network(self):
+ cfg.CONF.set_override('ens_support', True, 'nsx_v3')
providernet_args = {psec.PORTSECURITY: False}
with mock.patch("vmware_nsxlib.v3.core_resources.NsxLibTransportZone."
"get_host_switch_mode", return_value="ENS"),\