From 8b91fd814d014300abd409d05beedc17ee70a2d5 Mon Sep 17 00:00:00 2001 From: Gary Kotton Date: Wed, 24 Jan 2018 01:11:36 -0800 Subject: [PATCH] NSX_V3: add flag to indicate if ENS networks can be created Enable admin to control if ENS networks can be used. In nsx_v3 section a new flag ens_support is added. Change-Id: I99b885072964870fe61a26a5bab71c7ed0790c87 --- releasenotes/notes/ens_support-49dbc626ba1b16be.yaml | 8 ++++++++ vmware_nsx/common/config.py | 5 ++++- vmware_nsx/plugins/nsx_v3/plugin.py | 2 ++ vmware_nsx/tests/unit/nsx_v3/test_plugin.py | 3 +++ 4 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/ens_support-49dbc626ba1b16be.yaml diff --git a/releasenotes/notes/ens_support-49dbc626ba1b16be.yaml b/releasenotes/notes/ens_support-49dbc626ba1b16be.yaml new file mode 100644 index 0000000000..9068771af1 --- /dev/null +++ b/releasenotes/notes/ens_support-49dbc626ba1b16be.yaml @@ -0,0 +1,8 @@ +--- +prelude: > + Add a configuration variable indicating that ENS transport zones can be + used. +features: + - | + Add a new configuration variable ``ens_support`` to the ``nsx_v3`` section. + This indicates if a tenant or admin can create ENS networks. diff --git a/vmware_nsx/common/config.py b/vmware_nsx/common/config.py index 24d0b0907f..0e2fa124a2 100644 --- a/vmware_nsx/common/config.py +++ b/vmware_nsx/common/config.py @@ -434,7 +434,10 @@ nsx_v3_opts = [ help=_("Optional parameter defining a list switching profiles " "uuids that will be attached to all neutron created " "nsx ports.")), - + cfg.BoolOpt('ens_support', + default=False, + help=_("(Optional) Indicates whether ENS transport zones can " + "be used")), ] DEFAULT_STATUS_CHECK_INTERVAL = 2000 diff --git a/vmware_nsx/plugins/nsx_v3/plugin.py b/vmware_nsx/plugins/nsx_v3/plugin.py index 5a0dcd3aeb..8660f0777e 100644 --- a/vmware_nsx/plugins/nsx_v3/plugin.py +++ b/vmware_nsx/plugins/nsx_v3/plugin.py @@ -911,6 +911,8 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin, if (provider_data['switch_mode'] == self.nsxlib.transport_zone.HOST_SWITCH_MODE_ENS): + if not cfg.CONF.nsx_v3.ens_support: + raise NotImplementedError(_("ENS support is disabled")) if net_data.get(psec.PORTSECURITY): raise nsx_exc.NsxENSPortSecurity() # set the default port security to False diff --git a/vmware_nsx/tests/unit/nsx_v3/test_plugin.py b/vmware_nsx/tests/unit/nsx_v3/test_plugin.py index 8e747c6eaf..c0719f8bbb 100644 --- a/vmware_nsx/tests/unit/nsx_v3/test_plugin.py +++ b/vmware_nsx/tests/unit/nsx_v3/test_plugin.py @@ -465,6 +465,7 @@ class TestNetworksV2(test_plugin.TestNetworksV2, NsxV3PluginTestCaseMixin): self.assertEqual('InvalidInput', data['NeutronError']['type']) def test_create_ens_network_with_no_port_sec(self): + cfg.CONF.set_override('ens_support', True, 'nsx_v3') providernet_args = {psec.PORTSECURITY: False} with mock.patch("vmware_nsxlib.v3.core_resources.NsxLibTransportZone." "get_host_switch_mode", return_value="ENS"),\ @@ -481,6 +482,7 @@ class TestNetworksV2(test_plugin.TestNetworksV2, NsxV3PluginTestCaseMixin): self.assertFalse(res['network']['port_security_enabled']) def test_create_ens_network_with_port_sec(self): + cfg.CONF.set_override('ens_support', True, 'nsx_v3') providernet_args = {psec.PORTSECURITY: True} with mock.patch("vmware_nsxlib.v3.core_resources.NsxLibTransportZone." "get_host_switch_mode", return_value="ENS"),\ @@ -497,6 +499,7 @@ class TestNetworksV2(test_plugin.TestNetworksV2, NsxV3PluginTestCaseMixin): res['NeutronError']['type']) def test_update_ens_network(self): + cfg.CONF.set_override('ens_support', True, 'nsx_v3') providernet_args = {psec.PORTSECURITY: False} with mock.patch("vmware_nsxlib.v3.core_resources.NsxLibTransportZone." "get_host_switch_mode", return_value="ENS"),\