Add logging to help detect port security conflicts

Add logs that indicate if there are conflicting flags on a port for port security and security groups. Change-Id: I0eeadfcfaf2b90b7006b26ab59b61d9449ec37de
2018-02-08 14:26:55 -08:00 · 2018-02-08 14:26:55 -08:00 · a9003e29a7
commit a9003e29a7
parent bbaa593761
2 changed files with 10 additions and 0 deletions
--- a/vmware_nsx/plugins/nsx_v/plugin.py
+++ b/vmware_nsx/plugins/nsx_v/plugin.py
@ -1895,6 +1895,8 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
                (sgids, ssgids) = self._get_port_security_groups_lists(
                    context, port)
            elif (has_security_groups or provider_sg_specified):
+                LOG.error("Port has conflicting port security status and "
+                          "security groups")
                raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
            else:
                sgids = ssgids = []
@ -2205,11 +2207,15 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
            # then port has ip and port-security
            if not (has_ip and has_port_security):
                if has_security_groups or provider_sgs_specified:
+                    LOG.error("Port has conflicting port security status and "
+                              "security groups")
                    raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
                if ((not delete_security_groups
                     and original_port[ext_sg.SECURITYGROUPS]) or
                        (not delete_provider_sg and
                         original_port[provider_sg.PROVIDER_SECURITYGROUPS])):
+                    LOG.error("Port has conflicting port security status and "
+                              "security groups")
                    raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()

            if delete_security_groups or has_security_groups:
--- a/vmware_nsx/plugins/nsx_v3/plugin.py
+++ b/vmware_nsx/plugins/nsx_v3/plugin.py
@ -2057,6 +2057,8 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
        elif (self._check_update_has_security_groups({'port': port_data}) or
              self._provider_sgs_specified(port_data) or
              self._get_provider_security_groups_on_port(context, port)):
+            LOG.error("Port has conflicting port security status and "
+                      "security groups")
            raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
        else:
            sgids = psgids = []
@ -2730,6 +2732,8 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
        if (validate_port_sec and
            not (has_ip and updated_port[psec.PORTSECURITY])):
            if has_security_groups or provider_sgs_specified:
+                LOG.error("Port has conflicting port security status and "
+                          "security groups")
                raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
            # Update did not have security groups passed in. Check
            # that port does not have any security groups already on it.