NSX|V3: ensure Mac learning has port security disabled

Ensure that the port secuciryt is disabled when using mac learning Change-Id: I5bcde9c383692aaf364d431da9d1ace61ab03946
2016-09-18 01:50:26 -07:00 · 2016-09-18 01:50:26 -07:00 · 25912d7614
commit 25912d7614
parent 24be12ff27
1 changed files with 9 additions and 1 deletions
--- a/vmware_nsx/plugins/nsx_v3/plugin.py
+++ b/vmware_nsx/plugins/nsx_v3/plugin.py
@ -1644,6 +1644,10 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
                sgids |= set(provider_groups)
            self._extend_port_dict_binding(context, port_data)
            if validators.is_attr_set(port_data.get(mac_ext.MAC_LEARNING)):
+                if is_psec_on:
+                    msg = _('Mac learning requires that port security be '
+                            'disabled')
+                    raise n_exc.InvalidInput(error_message=msg)
                self._create_mac_learning_state(context, port_data)
            elif mac_ext.MAC_LEARNING in port_data:
                # This is due to the fact that the default is
@ -1945,7 +1949,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,

        with context.session.begin(subtransactions=True):
            original_port = super(NsxV3Plugin, self).get_port(context, id)
-            _, nsx_lport_id = nsx_db.get_nsx_switch_and_port_id(
+            nsx_lswitch_id, nsx_lport_id = nsx_db.get_nsx_switch_and_port_id(
                context.session, id)
            is_external_net = self._network_is_external(
                context, original_port['network_id'])
@ -1983,6 +1987,10 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
            new_mac_learning_state = updated_port.get(mac_ext.MAC_LEARNING)
            if (new_mac_learning_state is not None and
                old_mac_learning_state != new_mac_learning_state):
+                if port_security and new_mac_learning_state:
+                    msg = _('Mac learning requires that port security be '
+                            'disabled')
+                    raise n_exc.InvalidInput(error_message=msg)
                self._update_mac_learning_state(context, id,
                                                new_mac_learning_state)