x/vmware-nsx
Code Issues Proposed changes

Merge "NSX|V3: enforce provider rules not being set when not port sec"

Browse Source
This commit is contained in:
Jenkins 2017-08-24 17:11:10 +00:00 committed by Gerrit Code Review
commit 36de1f3cf9
1 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
vmware_nsx/plugins/nsx_v3/plugin.py
View File

@ -1733,6 +1733,14 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
if not utils.is_ipv4_ip_address(ip): if not utils.is_ipv4_ip_address(ip):
raise nsx_exc.InvalidIPAddress(ip_address=ip) raise nsx_exc.InvalidIPAddress(ip_address=ip)
def _provider_sgs_specified(self, port_data):
# checks if security groups were updated adding/modifying
# security groups, port security is set and port has ip
provider_sgs_specified = (validators.is_attr_set(
port_data.get(provider_sg.PROVIDER_SECURITYGROUPS)) and
port_data.get(provider_sg.PROVIDER_SECURITYGROUPS) != [])
return provider_sgs_specified
def _create_port_preprocess_security( def _create_port_preprocess_security(
self, context, port, port_data, neutron_db): self, context, port, port_data, neutron_db):
(port_security, has_ip) = self._determine_port_security_and_has_ip( (port_security, has_ip) = self._determine_port_security_and_has_ip(
@ -1758,10 +1766,8 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
self._ensure_default_security_group_on_port(context, port) self._ensure_default_security_group_on_port(context, port)
(sgids, psgids) = self._get_port_security_groups_lists( (sgids, psgids) = self._get_port_security_groups_lists(
context, port) context, port)
# FIXME(roeyc): Also raise when provider security-groups specified but elif (self._check_update_has_security_groups({'port': port_data}) or
# port-security is disabled. self._provider_sgs_specified(port_data)):
elif self._check_update_has_security_groups(
{'port': port_data}):
raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups() raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
else: else:
sgids = psgids = [] sgids = psgids = []
@ -2352,9 +2358,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
# checks if security groups were updated adding/modifying # checks if security groups were updated adding/modifying
# security groups, port security is set and port has ip # security groups, port security is set and port has ip
provider_sgs_specified = (validators.is_attr_set( provider_sgs_specified = self._provider_sgs_specified(port_data)
port_data.get(provider_sg.PROVIDER_SECURITYGROUPS)) and
port['port'][provider_sg.PROVIDER_SECURITYGROUPS] != [])
if (validate_port_sec and if (validate_port_sec and
not (has_ip and updated_port[psec.PORTSECURITY])): not (has_ip and updated_port[psec.PORTSECURITY])):
if has_security_groups or provider_sgs_specified: if has_security_groups or provider_sgs_specified: