use neutron-lib port security api-def

The port security API definition has been in neutron-lib for awhile.
This patch consumes the definition from neutron-lib.
See If43b65861efc536d01c43dc0d2bbcbcf062c1271 for additional details.

Change-Id: I934db01ffe43d0cbd9d9bef00d48d4a8b9536e5c
This commit is contained in:
Boden R 2017-05-01 12:02:44 -06:00 committed by Adit Sarfaty
parent ed361ef6d4
commit d2a4845feb
5 changed files with 22 additions and 18 deletions

View File

@ -15,6 +15,8 @@
import uuid
from neutron_lib.api.definitions import port_security as psec
from neutron_lib.exceptions import port_security as psec_exc
from oslo_log import log as logging
from oslo_utils import excutils
@ -36,7 +38,6 @@ from neutron.db import securitygroups_db
from neutron.db import vlantransparent_db as vlan_ext_db
from neutron.extensions import allowedaddresspairs as addr_pair
from neutron.extensions import multiprovidernet as mpnet
from neutron.extensions import portsecurity as psec
from neutron.extensions import providernet
from neutron.extensions import securitygroup as ext_sg
from neutron.extensions import vlantransparent as vlan_ext
@ -355,7 +356,7 @@ class NsxDvsV2(addr_pair_db.AllowedAddressPairsMixin,
if has_ip:
self._ensure_default_security_group_on_port(context, port)
elif validators.is_attr_set(port_data.get(ext_sg.SECURITYGROUPS)):
raise psec.PortSecurityAndIPRequiredForSecurityGroups()
raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
port_data[ext_sg.SECURITYGROUPS] = (
self._get_security_groups_on_port(context, port))
self._process_port_create_security_group(

View File

@ -15,10 +15,12 @@
import uuid
from neutron_lib.api.definitions import port_security as psec
from neutron_lib.api import validators
from neutron_lib import constants
from neutron_lib import context as q_context
from neutron_lib import exceptions as n_exc
from neutron_lib.exceptions import port_security as psec_exc
from oslo_concurrency import lockutils
from oslo_config import cfg
from oslo_db import exception as db_exc
@ -60,7 +62,6 @@ from neutron.extensions import extra_dhcp_opt as edo_ext
from neutron.extensions import extraroute
from neutron.extensions import l3
from neutron.extensions import multiprovidernet as mpnet
from neutron.extensions import portsecurity as psec
from neutron.extensions import providernet
from neutron.extensions import securitygroup as ext_sg
from neutron.plugins.common import utils
@ -1145,7 +1146,7 @@ class NsxPluginV2(addr_pair_db.AllowedAddressPairsMixin,
self._ensure_default_security_group_on_port(context, port)
elif self._check_update_has_security_groups(
{'port': port_data}):
raise psec.PortSecurityAndIPRequiredForSecurityGroups()
raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
port_data[ext_sg.SECURITYGROUPS] = (
self._get_security_groups_on_port(context, port))
self._process_port_create_security_group(
@ -1250,7 +1251,7 @@ class NsxPluginV2(addr_pair_db.AllowedAddressPairsMixin,
# security groups, port security is set and port has ip
if not (has_ip and ret_port[psec.PORTSECURITY]):
if has_security_groups:
raise psec.PortSecurityAndIPRequiredForSecurityGroups()
raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
# Update did not have security groups passed in. Check
# that port does not have any security groups already on it.
filters = {'port_id': [id]}
@ -1259,7 +1260,7 @@ class NsxPluginV2(addr_pair_db.AllowedAddressPairsMixin,
context, filters)
)
if security_groups and not delete_security_groups:
raise psec.PortSecurityPortHasSecurityGroup()
raise psec_exc.PortSecurityPortHasSecurityGroup()
if (delete_security_groups or has_security_groups):
# delete the port binding and read it with the new rules.

View File

@ -18,12 +18,14 @@ import six
import uuid
import netaddr
from neutron_lib.api.definitions import port_security as psec
from neutron_lib.api.definitions import provider_net as pnet
from neutron_lib.api import validators
from neutron_lib import constants
from neutron_lib import context as n_context
from neutron_lib.db import constants as db_const
from neutron_lib import exceptions as n_exc
from neutron_lib.exceptions import port_security as psec_exc
from neutron_lib.plugins import constants as plugin_const
from neutron_lib.plugins import directory
from oslo_config import cfg
@ -70,7 +72,6 @@ from neutron.extensions import extra_dhcp_opt as ext_edo
from neutron.extensions import flavors
from neutron.extensions import l3
from neutron.extensions import multiprovidernet as mpnet
from neutron.extensions import portsecurity as psec
from neutron.extensions import providernet
from neutron.extensions import securitygroup as ext_sg
from neutron.extensions import vlantransparent as ext_vlan
@ -1709,7 +1710,7 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
if has_ip:
self._ensure_default_security_group_on_port(context, port)
elif (has_security_groups or provider_sg_specified):
raise psec.PortSecurityAndIPRequiredForSecurityGroups()
raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
else:
port_data[provider_sg.PROVIDER_SECURITYGROUPS] = []
@ -1948,13 +1949,13 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
# checks that if update adds/modify security groups,
# then port has ip
if not has_ip:
if (has_security_groups or provider_sgs_specified):
raise psec.PortSecurityAndIPRequiredForSecurityGroups()
if has_security_groups or provider_sgs_specified:
raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
if ((not delete_security_groups
and original_port[ext_sg.SECURITYGROUPS]) or
(not delete_provider_sg and
original_port[provider_sg.PROVIDER_SECURITYGROUPS])):
raise psec.PortSecurityAndIPRequiredForSecurityGroups()
(not delete_provider_sg and
original_port[provider_sg.PROVIDER_SECURITYGROUPS])):
raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
if delete_security_groups or has_security_groups:
self.update_security_group_on_port(context, id, port,

View File

@ -14,6 +14,8 @@
# under the License.
import netaddr
from neutron_lib.api.definitions import port_security as psec
from neutron_lib.exceptions import port_security as psec_exc
import six
from neutron.api.rpc.agentnotifiers import dhcp_rpc_agent_api
@ -48,7 +50,6 @@ from neutron.extensions import availability_zone as az_ext
from neutron.extensions import external_net as ext_net_extn
from neutron.extensions import extra_dhcp_opt as ext_edo
from neutron.extensions import l3
from neutron.extensions import portsecurity as psec
from neutron.extensions import providernet
from neutron.extensions import securitygroup as ext_sg
from neutron.plugins.common import utils as n_utils
@ -1674,7 +1675,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
self._ensure_default_security_group_on_port(context, port)
elif self._check_update_has_security_groups(
{'port': port_data}):
raise psec.PortSecurityAndIPRequiredForSecurityGroups()
raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
port_data[ext_sg.SECURITYGROUPS] = (
self._get_security_groups_on_port(context, port))
return port_security, has_ip
@ -2216,7 +2217,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
if (validate_port_sec and
not (has_ip and updated_port[psec.PORTSECURITY])):
if has_security_groups:
raise psec.PortSecurityAndIPRequiredForSecurityGroups()
raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
# Update did not have security groups passed in. Check
# that port does not have any security groups already on it.
filters = {'port_id': [id]}
@ -2225,7 +2226,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
context, filters)
)
if security_groups and not delete_security_groups:
raise psec.PortSecurityPortHasSecurityGroup()
raise psec_exc.PortSecurityPortHasSecurityGroup()
if delete_security_groups or has_security_groups:
# delete the port binding and read it with the new rules.

View File

@ -12,10 +12,10 @@
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from neutron_lib.api.definitions import port_security as psec
from oslo_config import cfg
from neutron.extensions import allowedaddresspairs as addr_pair
from neutron.extensions import portsecurity as psec
from neutron.tests.unit.db import test_allowedaddresspairs_db as ext_pairs
from vmware_nsx.tests.unit.nsx_mh import test_plugin as test_nsx_plugin