diff --git a/vmware_nsx/plugins/dvs/plugin.py b/vmware_nsx/plugins/dvs/plugin.py index 16c0d888d5..582ea4dbf1 100644 --- a/vmware_nsx/plugins/dvs/plugin.py +++ b/vmware_nsx/plugins/dvs/plugin.py @@ -15,6 +15,8 @@ import uuid +from neutron_lib.api.definitions import port_security as psec +from neutron_lib.exceptions import port_security as psec_exc from oslo_log import log as logging from oslo_utils import excutils @@ -36,7 +38,6 @@ from neutron.db import securitygroups_db from neutron.db import vlantransparent_db as vlan_ext_db from neutron.extensions import allowedaddresspairs as addr_pair from neutron.extensions import multiprovidernet as mpnet -from neutron.extensions import portsecurity as psec from neutron.extensions import providernet from neutron.extensions import securitygroup as ext_sg from neutron.extensions import vlantransparent as vlan_ext @@ -355,7 +356,7 @@ class NsxDvsV2(addr_pair_db.AllowedAddressPairsMixin, if has_ip: self._ensure_default_security_group_on_port(context, port) elif validators.is_attr_set(port_data.get(ext_sg.SECURITYGROUPS)): - raise psec.PortSecurityAndIPRequiredForSecurityGroups() + raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups() port_data[ext_sg.SECURITYGROUPS] = ( self._get_security_groups_on_port(context, port)) self._process_port_create_security_group( diff --git a/vmware_nsx/plugins/nsx_mh/plugin.py b/vmware_nsx/plugins/nsx_mh/plugin.py index 93df588e14..388e9d280c 100644 --- a/vmware_nsx/plugins/nsx_mh/plugin.py +++ b/vmware_nsx/plugins/nsx_mh/plugin.py @@ -15,10 +15,12 @@ import uuid +from neutron_lib.api.definitions import port_security as psec from neutron_lib.api import validators from neutron_lib import constants from neutron_lib import context as q_context from neutron_lib import exceptions as n_exc +from neutron_lib.exceptions import port_security as psec_exc from oslo_concurrency import lockutils from oslo_config import cfg from oslo_db import exception as db_exc @@ -60,7 +62,6 @@ from neutron.extensions import extra_dhcp_opt as edo_ext from neutron.extensions import extraroute from neutron.extensions import l3 from neutron.extensions import multiprovidernet as mpnet -from neutron.extensions import portsecurity as psec from neutron.extensions import providernet from neutron.extensions import securitygroup as ext_sg from neutron.plugins.common import utils @@ -1145,7 +1146,7 @@ class NsxPluginV2(addr_pair_db.AllowedAddressPairsMixin, self._ensure_default_security_group_on_port(context, port) elif self._check_update_has_security_groups( {'port': port_data}): - raise psec.PortSecurityAndIPRequiredForSecurityGroups() + raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups() port_data[ext_sg.SECURITYGROUPS] = ( self._get_security_groups_on_port(context, port)) self._process_port_create_security_group( @@ -1250,7 +1251,7 @@ class NsxPluginV2(addr_pair_db.AllowedAddressPairsMixin, # security groups, port security is set and port has ip if not (has_ip and ret_port[psec.PORTSECURITY]): if has_security_groups: - raise psec.PortSecurityAndIPRequiredForSecurityGroups() + raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups() # Update did not have security groups passed in. Check # that port does not have any security groups already on it. filters = {'port_id': [id]} @@ -1259,7 +1260,7 @@ class NsxPluginV2(addr_pair_db.AllowedAddressPairsMixin, context, filters) ) if security_groups and not delete_security_groups: - raise psec.PortSecurityPortHasSecurityGroup() + raise psec_exc.PortSecurityPortHasSecurityGroup() if (delete_security_groups or has_security_groups): # delete the port binding and read it with the new rules. diff --git a/vmware_nsx/plugins/nsx_v/plugin.py b/vmware_nsx/plugins/nsx_v/plugin.py index 4a307962a2..76e503fa43 100644 --- a/vmware_nsx/plugins/nsx_v/plugin.py +++ b/vmware_nsx/plugins/nsx_v/plugin.py @@ -18,12 +18,14 @@ import six import uuid import netaddr +from neutron_lib.api.definitions import port_security as psec from neutron_lib.api.definitions import provider_net as pnet from neutron_lib.api import validators from neutron_lib import constants from neutron_lib import context as n_context from neutron_lib.db import constants as db_const from neutron_lib import exceptions as n_exc +from neutron_lib.exceptions import port_security as psec_exc from neutron_lib.plugins import constants as plugin_const from neutron_lib.plugins import directory from oslo_config import cfg @@ -70,7 +72,6 @@ from neutron.extensions import extra_dhcp_opt as ext_edo from neutron.extensions import flavors from neutron.extensions import l3 from neutron.extensions import multiprovidernet as mpnet -from neutron.extensions import portsecurity as psec from neutron.extensions import providernet from neutron.extensions import securitygroup as ext_sg from neutron.extensions import vlantransparent as ext_vlan @@ -1709,7 +1710,7 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin, if has_ip: self._ensure_default_security_group_on_port(context, port) elif (has_security_groups or provider_sg_specified): - raise psec.PortSecurityAndIPRequiredForSecurityGroups() + raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups() else: port_data[provider_sg.PROVIDER_SECURITYGROUPS] = [] @@ -1948,13 +1949,13 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin, # checks that if update adds/modify security groups, # then port has ip if not has_ip: - if (has_security_groups or provider_sgs_specified): - raise psec.PortSecurityAndIPRequiredForSecurityGroups() + if has_security_groups or provider_sgs_specified: + raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups() if ((not delete_security_groups and original_port[ext_sg.SECURITYGROUPS]) or - (not delete_provider_sg and - original_port[provider_sg.PROVIDER_SECURITYGROUPS])): - raise psec.PortSecurityAndIPRequiredForSecurityGroups() + (not delete_provider_sg and + original_port[provider_sg.PROVIDER_SECURITYGROUPS])): + raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups() if delete_security_groups or has_security_groups: self.update_security_group_on_port(context, id, port, diff --git a/vmware_nsx/plugins/nsx_v3/plugin.py b/vmware_nsx/plugins/nsx_v3/plugin.py index 0c59946196..c8eacc14aa 100644 --- a/vmware_nsx/plugins/nsx_v3/plugin.py +++ b/vmware_nsx/plugins/nsx_v3/plugin.py @@ -14,6 +14,8 @@ # under the License. import netaddr +from neutron_lib.api.definitions import port_security as psec +from neutron_lib.exceptions import port_security as psec_exc import six from neutron.api.rpc.agentnotifiers import dhcp_rpc_agent_api @@ -48,7 +50,6 @@ from neutron.extensions import availability_zone as az_ext from neutron.extensions import external_net as ext_net_extn from neutron.extensions import extra_dhcp_opt as ext_edo from neutron.extensions import l3 -from neutron.extensions import portsecurity as psec from neutron.extensions import providernet from neutron.extensions import securitygroup as ext_sg from neutron.plugins.common import utils as n_utils @@ -1674,7 +1675,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin, self._ensure_default_security_group_on_port(context, port) elif self._check_update_has_security_groups( {'port': port_data}): - raise psec.PortSecurityAndIPRequiredForSecurityGroups() + raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups() port_data[ext_sg.SECURITYGROUPS] = ( self._get_security_groups_on_port(context, port)) return port_security, has_ip @@ -2216,7 +2217,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin, if (validate_port_sec and not (has_ip and updated_port[psec.PORTSECURITY])): if has_security_groups: - raise psec.PortSecurityAndIPRequiredForSecurityGroups() + raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups() # Update did not have security groups passed in. Check # that port does not have any security groups already on it. filters = {'port_id': [id]} @@ -2225,7 +2226,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin, context, filters) ) if security_groups and not delete_security_groups: - raise psec.PortSecurityPortHasSecurityGroup() + raise psec_exc.PortSecurityPortHasSecurityGroup() if delete_security_groups or has_security_groups: # delete the port binding and read it with the new rules. diff --git a/vmware_nsx/tests/unit/extensions/test_addresspairs.py b/vmware_nsx/tests/unit/extensions/test_addresspairs.py index f9ef933d93..30e9c28099 100644 --- a/vmware_nsx/tests/unit/extensions/test_addresspairs.py +++ b/vmware_nsx/tests/unit/extensions/test_addresspairs.py @@ -12,10 +12,10 @@ # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. +from neutron_lib.api.definitions import port_security as psec from oslo_config import cfg from neutron.extensions import allowedaddresspairs as addr_pair -from neutron.extensions import portsecurity as psec from neutron.tests.unit.db import test_allowedaddresspairs_db as ext_pairs from vmware_nsx.tests.unit.nsx_mh import test_plugin as test_nsx_plugin