NSX_V3: add flag to indicate if ENS networks can be created

Enable admin to control if ENS networks can be used.
In nsx_v3 section a new flag ens_support is added.

Change-Id: I99b885072964870fe61a26a5bab71c7ed0790c87
This commit is contained in:
Gary Kotton 2018-01-24 01:11:36 -08:00
parent 28582356bb
commit 8b91fd814d
4 changed files with 17 additions and 1 deletions
releasenotes/notes
vmware_nsx
common
plugins/nsx_v3
tests/unit/nsx_v3

@ -0,0 +1,8 @@
---
prelude: >
Add a configuration variable indicating that ENS transport zones can be
used.
features:
- |
Add a new configuration variable ``ens_support`` to the ``nsx_v3`` section.
This indicates if a tenant or admin can create ENS networks.

@ -434,7 +434,10 @@ nsx_v3_opts = [
help=_("Optional parameter defining a list switching profiles " help=_("Optional parameter defining a list switching profiles "
"uuids that will be attached to all neutron created " "uuids that will be attached to all neutron created "
"nsx ports.")), "nsx ports.")),
cfg.BoolOpt('ens_support',
default=False,
help=_("(Optional) Indicates whether ENS transport zones can "
"be used")),
] ]
DEFAULT_STATUS_CHECK_INTERVAL = 2000 DEFAULT_STATUS_CHECK_INTERVAL = 2000

@ -911,6 +911,8 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
if (provider_data['switch_mode'] == if (provider_data['switch_mode'] ==
self.nsxlib.transport_zone.HOST_SWITCH_MODE_ENS): self.nsxlib.transport_zone.HOST_SWITCH_MODE_ENS):
if not cfg.CONF.nsx_v3.ens_support:
raise NotImplementedError(_("ENS support is disabled"))
if net_data.get(psec.PORTSECURITY): if net_data.get(psec.PORTSECURITY):
raise nsx_exc.NsxENSPortSecurity() raise nsx_exc.NsxENSPortSecurity()
# set the default port security to False # set the default port security to False

@ -465,6 +465,7 @@ class TestNetworksV2(test_plugin.TestNetworksV2, NsxV3PluginTestCaseMixin):
self.assertEqual('InvalidInput', data['NeutronError']['type']) self.assertEqual('InvalidInput', data['NeutronError']['type'])
def test_create_ens_network_with_no_port_sec(self): def test_create_ens_network_with_no_port_sec(self):
cfg.CONF.set_override('ens_support', True, 'nsx_v3')
providernet_args = {psec.PORTSECURITY: False} providernet_args = {psec.PORTSECURITY: False}
with mock.patch("vmware_nsxlib.v3.core_resources.NsxLibTransportZone." with mock.patch("vmware_nsxlib.v3.core_resources.NsxLibTransportZone."
"get_host_switch_mode", return_value="ENS"),\ "get_host_switch_mode", return_value="ENS"),\
@ -481,6 +482,7 @@ class TestNetworksV2(test_plugin.TestNetworksV2, NsxV3PluginTestCaseMixin):
self.assertFalse(res['network']['port_security_enabled']) self.assertFalse(res['network']['port_security_enabled'])
def test_create_ens_network_with_port_sec(self): def test_create_ens_network_with_port_sec(self):
cfg.CONF.set_override('ens_support', True, 'nsx_v3')
providernet_args = {psec.PORTSECURITY: True} providernet_args = {psec.PORTSECURITY: True}
with mock.patch("vmware_nsxlib.v3.core_resources.NsxLibTransportZone." with mock.patch("vmware_nsxlib.v3.core_resources.NsxLibTransportZone."
"get_host_switch_mode", return_value="ENS"),\ "get_host_switch_mode", return_value="ENS"),\
@ -497,6 +499,7 @@ class TestNetworksV2(test_plugin.TestNetworksV2, NsxV3PluginTestCaseMixin):
res['NeutronError']['type']) res['NeutronError']['type'])
def test_update_ens_network(self): def test_update_ens_network(self):
cfg.CONF.set_override('ens_support', True, 'nsx_v3')
providernet_args = {psec.PORTSECURITY: False} providernet_args = {psec.PORTSECURITY: False}
with mock.patch("vmware_nsxlib.v3.core_resources.NsxLibTransportZone." with mock.patch("vmware_nsxlib.v3.core_resources.NsxLibTransportZone."
"get_host_switch_mode", return_value="ENS"),\ "get_host_switch_mode", return_value="ENS"),\