x
/
vmware-nsx
Code Issues Proposed changes

NSX-V3: Do not add mac learning profiles for ENS port 

Commit I944021cbb6dfc950cff353e0ac908fa2b9c29bfe added a code to
avoid adding the mac learning + no security profiles for ENS ports
upon creation.
This patch does the same for the port update action

Change-Id: I287ccbc85c1a8ec201650b1d7b9ce9e603044815
This commit is contained in:
Adit Sarfaty 2018-04-10 09:53:43 +03:00
parent 2ffa65f5b9
commit f836b5fa90
1 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
vmware_nsx/plugins/nsx_v3/plugin.py
View File

@ -2944,7 +2944,8 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
super(NsxV3Plugin, self).delete_port(context, port_id)
def _update_port_preprocess_security(
self, context, port, id, updated_port, validate_port_sec=True):
self, context, port, id, updated_port, is_ens_tz_port,
validate_port_sec=True):
delete_addr_pairs = self._check_update_deletes_allowed_address_pairs(
port)
has_addr_pairs = self._check_update_has_allowed_address_pairs(port)
@ -2981,8 +2982,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
# No port security is allowed if the port belongs to an ENS TZ
if (updated_port[psec.PORTSECURITY] and
psec.PORTSECURITY in port_data and
self._is_ens_tz_port(context, updated_port)):
psec.PORTSECURITY in port_data and is_ens_tz_port):
raise nsx_exc.NsxENSPortSecurity()
# checks if security groups were updated adding/modifying
@ -3026,7 +3026,8 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
def _update_port_on_backend(self, context, lport_id,
original_port, updated_port,
address_bindings,
switch_profile_ids):
switch_profile_ids,
is_ens_tz_port):
original_device_owner = original_port.get('device_owner')
original_device_id = original_port.get('device_id')
updated_device_owner = updated_port.get('device_owner')
@ -3145,7 +3146,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
validators.is_attr_set(address_pairs) and address_pairs and
psec_is_on)
# Add mac_learning profile if it exists and is configured
if (self._mac_learning_profile and
if (not is_ens_tz_port and self._mac_learning_profile and
(mac_learning_profile_set or
updated_port.get(mac_ext.MAC_LEARNING) is True)):
switch_profile_ids.append(self._mac_learning_profile)
@ -3253,7 +3254,8 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
updated_port.update(port_data)
updated_port = self._update_port_preprocess_security(
context, port, id, updated_port, validate_port_sec)
context, port, id, updated_port, is_ens_tz_port,
validate_port_sec=validate_port_sec)
self._update_extra_dhcp_opts_on_port(context, id, port,
updated_port)
@ -3270,8 +3272,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
self._extend_nsx_port_dict_binding(context, updated_port)
mac_learning_state = updated_port.get(mac_ext.MAC_LEARNING)
if mac_learning_state is not None:
if (not mac_learning_state and
self._is_ens_tz_port(context, updated_port)):
if (not mac_learning_state and is_ens_tz_port):
msg = _('Mac learning cannot be disabled with ENS TZ')
LOG.error(msg)
raise n_exc.InvalidInput(error_message=msg)
@ -3298,7 +3299,8 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
self._update_port_on_backend(context, nsx_lport_id,
original_port, updated_port,
address_bindings,
switch_profile_ids)
switch_profile_ids,
is_ens_tz_port)
except (nsx_lib_exc.ManagerError,
nsx_lib_exc.SecurityGroupMaximumCapacityReached) as e:
# In case if there is a failure on NSX-v3 backend, rollback the