diff --git a/quantum/extensions/portbindings.py b/quantum/extensions/portbindings.py index e3276c86f7..5368985114 100644 --- a/quantum/extensions/portbindings.py +++ b/quantum/extensions/portbindings.py @@ -24,6 +24,12 @@ HOST_ID = 'binding:host_id' # on the specific host to pass and receive vif port specific information to # the plugin. PROFILE = 'binding:profile' +# The capabilities will be a dictionary that enables pass information about +# functionalies quantum provides. The following value should be provided. +# - port_filter : Boolean value indicating Quantum provides port filtering +# features such as security group and anti MAC/IP spoofing +CAPABILITIES = 'binding:capabilities' +CAP_PORT_FILTER = 'port_filter' VIF_TYPE_OVS = 'ovs' VIF_TYPE_BRIDGE = 'bridge' @@ -41,7 +47,11 @@ EXTENDED_ATTRIBUTES_2_0 = { 'is_visible': True}, PROFILE: {'allow_post': True, 'allow_put': True, 'default': attributes.ATTR_NOT_SPECIFIED, + 'validate': {'type:dict': None}, 'is_visible': True}, + CAPABILITIES: {'allow_post': False, 'allow_put': False, + 'default': attributes.ATTR_NOT_SPECIFIED, + 'is_visible': True}, } } diff --git a/quantum/plugins/linuxbridge/lb_quantum_plugin.py b/quantum/plugins/linuxbridge/lb_quantum_plugin.py index 4267d9ac01..995dbb9101 100644 --- a/quantum/plugins/linuxbridge/lb_quantum_plugin.py +++ b/quantum/plugins/linuxbridge/lb_quantum_plugin.py @@ -431,6 +431,9 @@ class LinuxBridgePluginV2(db_base_plugin_v2.QuantumDbPluginV2, def _extend_port_dict_binding(self, context, port): if self._check_view_auth(context, port, self.binding_view): port[portbindings.VIF_TYPE] = portbindings.VIF_TYPE_BRIDGE + port[portbindings.CAPABILITIES] = { + portbindings.CAP_PORT_FILTER: + 'security-group' in self.supported_extension_aliases} return port def get_port(self, context, id, fields=None): diff --git a/quantum/tests/unit/linuxbridge/test_linuxbridge_plugin.py b/quantum/tests/unit/linuxbridge/test_linuxbridge_plugin.py index c27a2098fc..3eed40fde4 100644 --- a/quantum/tests/unit/linuxbridge/test_linuxbridge_plugin.py +++ b/quantum/tests/unit/linuxbridge/test_linuxbridge_plugin.py @@ -48,8 +48,10 @@ class TestLinuxBridgePortsV2(test_plugin.TestPortsV2, plugin = QuantumManager.get_plugin() with self.port(name='name') as port: port_id = port['port']['id'] - self.assertEqual(port['port']['binding:vif_type'], + self.assertEqual(port['port'][portbindings.VIF_TYPE], portbindings.VIF_TYPE_BRIDGE) + port_cap = port['port'][portbindings.CAPABILITIES] + self.assertEqual(port_cap[portbindings.CAP_PORT_FILTER], True) # By default user is admin - now test non admin user ctx = context.Context(user_id=None, tenant_id=self._tenant_id, @@ -57,7 +59,8 @@ class TestLinuxBridgePortsV2(test_plugin.TestPortsV2, read_deleted="no") non_admin_port = plugin.get_port(ctx, port_id) self.assertTrue('status' in non_admin_port) - self.assertFalse('binding:vif_type' in non_admin_port) + self.assertFalse(portbindings.VIF_TYPE in non_admin_port) + self.assertFalse(portbindings.CAPABILITIES in non_admin_port) def test_ports_vif_details(self): cfg.CONF.set_default('allow_overlapping_ips', True) @@ -67,8 +70,10 @@ class TestLinuxBridgePortsV2(test_plugin.TestPortsV2, ports = plugin.get_ports(ctx) self.assertEqual(len(ports), 2) for port in ports: - self.assertEqual(port['binding:vif_type'], + self.assertEqual(port[portbindings.VIF_TYPE], portbindings.VIF_TYPE_BRIDGE) + port_cap = port[portbindings.CAPABILITIES] + self.assertEqual(port_cap[portbindings.CAP_PORT_FILTER], True) # By default user is admin - now test non admin user ctx = context.Context(user_id=None, tenant_id=self._tenant_id, @@ -78,7 +83,9 @@ class TestLinuxBridgePortsV2(test_plugin.TestPortsV2, self.assertEqual(len(ports), 2) for non_admin_port in ports: self.assertTrue('status' in non_admin_port) - self.assertFalse('binding:vif_type' in non_admin_port) + self.assertFalse(portbindings.VIF_TYPE in non_admin_port) + self.assertFalse(portbindings.CAP_PORT_FILTER + in non_admin_port) class TestLinuxBridgeNetworksV2(test_plugin.TestNetworksV2,