Inform a client if Quantum provides port filtering feature
Part of blueprint vif-plugging-improvements Quantum and Nova have duplicated functionality of packet filtering such as security groups and anti spoofing filters. By passing information whether Quantum supports the port filtering feature, Nova VIF driver can skip its own packet filtering setup. It is based on Daniel's advise in https://review.openstack.org/#/c/19436/ Change-Id: Ifd260cb61aa3990251510a4a3fe15454d8d584df
This commit is contained in:
parent
1af1475767
commit
0fa51abd49
@ -24,6 +24,12 @@ HOST_ID = 'binding:host_id'
|
|||||||
# on the specific host to pass and receive vif port specific information to
|
# on the specific host to pass and receive vif port specific information to
|
||||||
# the plugin.
|
# the plugin.
|
||||||
PROFILE = 'binding:profile'
|
PROFILE = 'binding:profile'
|
||||||
|
# The capabilities will be a dictionary that enables pass information about
|
||||||
|
# functionalies quantum provides. The following value should be provided.
|
||||||
|
# - port_filter : Boolean value indicating Quantum provides port filtering
|
||||||
|
# features such as security group and anti MAC/IP spoofing
|
||||||
|
CAPABILITIES = 'binding:capabilities'
|
||||||
|
CAP_PORT_FILTER = 'port_filter'
|
||||||
|
|
||||||
VIF_TYPE_OVS = 'ovs'
|
VIF_TYPE_OVS = 'ovs'
|
||||||
VIF_TYPE_BRIDGE = 'bridge'
|
VIF_TYPE_BRIDGE = 'bridge'
|
||||||
@ -41,7 +47,11 @@ EXTENDED_ATTRIBUTES_2_0 = {
|
|||||||
'is_visible': True},
|
'is_visible': True},
|
||||||
PROFILE: {'allow_post': True, 'allow_put': True,
|
PROFILE: {'allow_post': True, 'allow_put': True,
|
||||||
'default': attributes.ATTR_NOT_SPECIFIED,
|
'default': attributes.ATTR_NOT_SPECIFIED,
|
||||||
|
'validate': {'type:dict': None},
|
||||||
'is_visible': True},
|
'is_visible': True},
|
||||||
|
CAPABILITIES: {'allow_post': False, 'allow_put': False,
|
||||||
|
'default': attributes.ATTR_NOT_SPECIFIED,
|
||||||
|
'is_visible': True},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -431,6 +431,9 @@ class LinuxBridgePluginV2(db_base_plugin_v2.QuantumDbPluginV2,
|
|||||||
def _extend_port_dict_binding(self, context, port):
|
def _extend_port_dict_binding(self, context, port):
|
||||||
if self._check_view_auth(context, port, self.binding_view):
|
if self._check_view_auth(context, port, self.binding_view):
|
||||||
port[portbindings.VIF_TYPE] = portbindings.VIF_TYPE_BRIDGE
|
port[portbindings.VIF_TYPE] = portbindings.VIF_TYPE_BRIDGE
|
||||||
|
port[portbindings.CAPABILITIES] = {
|
||||||
|
portbindings.CAP_PORT_FILTER:
|
||||||
|
'security-group' in self.supported_extension_aliases}
|
||||||
return port
|
return port
|
||||||
|
|
||||||
def get_port(self, context, id, fields=None):
|
def get_port(self, context, id, fields=None):
|
||||||
|
@ -48,8 +48,10 @@ class TestLinuxBridgePortsV2(test_plugin.TestPortsV2,
|
|||||||
plugin = QuantumManager.get_plugin()
|
plugin = QuantumManager.get_plugin()
|
||||||
with self.port(name='name') as port:
|
with self.port(name='name') as port:
|
||||||
port_id = port['port']['id']
|
port_id = port['port']['id']
|
||||||
self.assertEqual(port['port']['binding:vif_type'],
|
self.assertEqual(port['port'][portbindings.VIF_TYPE],
|
||||||
portbindings.VIF_TYPE_BRIDGE)
|
portbindings.VIF_TYPE_BRIDGE)
|
||||||
|
port_cap = port['port'][portbindings.CAPABILITIES]
|
||||||
|
self.assertEqual(port_cap[portbindings.CAP_PORT_FILTER], True)
|
||||||
# By default user is admin - now test non admin user
|
# By default user is admin - now test non admin user
|
||||||
ctx = context.Context(user_id=None,
|
ctx = context.Context(user_id=None,
|
||||||
tenant_id=self._tenant_id,
|
tenant_id=self._tenant_id,
|
||||||
@ -57,7 +59,8 @@ class TestLinuxBridgePortsV2(test_plugin.TestPortsV2,
|
|||||||
read_deleted="no")
|
read_deleted="no")
|
||||||
non_admin_port = plugin.get_port(ctx, port_id)
|
non_admin_port = plugin.get_port(ctx, port_id)
|
||||||
self.assertTrue('status' in non_admin_port)
|
self.assertTrue('status' in non_admin_port)
|
||||||
self.assertFalse('binding:vif_type' in non_admin_port)
|
self.assertFalse(portbindings.VIF_TYPE in non_admin_port)
|
||||||
|
self.assertFalse(portbindings.CAPABILITIES in non_admin_port)
|
||||||
|
|
||||||
def test_ports_vif_details(self):
|
def test_ports_vif_details(self):
|
||||||
cfg.CONF.set_default('allow_overlapping_ips', True)
|
cfg.CONF.set_default('allow_overlapping_ips', True)
|
||||||
@ -67,8 +70,10 @@ class TestLinuxBridgePortsV2(test_plugin.TestPortsV2,
|
|||||||
ports = plugin.get_ports(ctx)
|
ports = plugin.get_ports(ctx)
|
||||||
self.assertEqual(len(ports), 2)
|
self.assertEqual(len(ports), 2)
|
||||||
for port in ports:
|
for port in ports:
|
||||||
self.assertEqual(port['binding:vif_type'],
|
self.assertEqual(port[portbindings.VIF_TYPE],
|
||||||
portbindings.VIF_TYPE_BRIDGE)
|
portbindings.VIF_TYPE_BRIDGE)
|
||||||
|
port_cap = port[portbindings.CAPABILITIES]
|
||||||
|
self.assertEqual(port_cap[portbindings.CAP_PORT_FILTER], True)
|
||||||
# By default user is admin - now test non admin user
|
# By default user is admin - now test non admin user
|
||||||
ctx = context.Context(user_id=None,
|
ctx = context.Context(user_id=None,
|
||||||
tenant_id=self._tenant_id,
|
tenant_id=self._tenant_id,
|
||||||
@ -78,7 +83,9 @@ class TestLinuxBridgePortsV2(test_plugin.TestPortsV2,
|
|||||||
self.assertEqual(len(ports), 2)
|
self.assertEqual(len(ports), 2)
|
||||||
for non_admin_port in ports:
|
for non_admin_port in ports:
|
||||||
self.assertTrue('status' in non_admin_port)
|
self.assertTrue('status' in non_admin_port)
|
||||||
self.assertFalse('binding:vif_type' in non_admin_port)
|
self.assertFalse(portbindings.VIF_TYPE in non_admin_port)
|
||||||
|
self.assertFalse(portbindings.CAP_PORT_FILTER
|
||||||
|
in non_admin_port)
|
||||||
|
|
||||||
|
|
||||||
class TestLinuxBridgeNetworksV2(test_plugin.TestNetworksV2,
|
class TestLinuxBridgeNetworksV2(test_plugin.TestNetworksV2,
|
||||||
|
Loading…
Reference in New Issue
Block a user