From 25912d7614abf4281727dc6d7b5f104e23c8da33 Mon Sep 17 00:00:00 2001 From: Gary Kotton Date: Sun, 18 Sep 2016 01:50:26 -0700 Subject: [PATCH] NSX|V3: ensure Mac learning has port security disabled Ensure that the port secuciryt is disabled when using mac learning Change-Id: I5bcde9c383692aaf364d431da9d1ace61ab03946 --- vmware_nsx/plugins/nsx_v3/plugin.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/vmware_nsx/plugins/nsx_v3/plugin.py b/vmware_nsx/plugins/nsx_v3/plugin.py index 03c9d49f50..6385dad943 100644 --- a/vmware_nsx/plugins/nsx_v3/plugin.py +++ b/vmware_nsx/plugins/nsx_v3/plugin.py @@ -1644,6 +1644,10 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin, sgids |= set(provider_groups) self._extend_port_dict_binding(context, port_data) if validators.is_attr_set(port_data.get(mac_ext.MAC_LEARNING)): + if is_psec_on: + msg = _('Mac learning requires that port security be ' + 'disabled') + raise n_exc.InvalidInput(error_message=msg) self._create_mac_learning_state(context, port_data) elif mac_ext.MAC_LEARNING in port_data: # This is due to the fact that the default is @@ -1945,7 +1949,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin, with context.session.begin(subtransactions=True): original_port = super(NsxV3Plugin, self).get_port(context, id) - _, nsx_lport_id = nsx_db.get_nsx_switch_and_port_id( + nsx_lswitch_id, nsx_lport_id = nsx_db.get_nsx_switch_and_port_id( context.session, id) is_external_net = self._network_is_external( context, original_port['network_id']) @@ -1983,6 +1987,10 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin, new_mac_learning_state = updated_port.get(mac_ext.MAC_LEARNING) if (new_mac_learning_state is not None and old_mac_learning_state != new_mac_learning_state): + if port_security and new_mac_learning_state: + msg = _('Mac learning requires that port security be ' + 'disabled') + raise n_exc.InvalidInput(error_message=msg) self._update_mac_learning_state(context, id, new_mac_learning_state)