use neutron-lib port security api-def

The port security API definition has been in neutron-lib for awhile. This patch consumes the definition from neutron-lib. See If43b65861efc536d01c43dc0d2bbcbcf062c1271 for additional details. Change-Id: I934db01ffe43d0cbd9d9bef00d48d4a8b9536e5c
2017-05-01 12:02:44 -06:00 · 2017-05-01 12:02:44 -06:00 · d2a4845feb
commit d2a4845feb
parent ed361ef6d4
5 changed files with 22 additions and 18 deletions
--- a/vmware_nsx/plugins/dvs/plugin.py
+++ b/vmware_nsx/plugins/dvs/plugin.py
@ -15,6 +15,8 @@

 import uuid

+from neutron_lib.api.definitions import port_security as psec
+from neutron_lib.exceptions import port_security as psec_exc
 from oslo_log import log as logging
 from oslo_utils import excutils

@ -36,7 +38,6 @@ from neutron.db import securitygroups_db
 from neutron.db import vlantransparent_db as vlan_ext_db
 from neutron.extensions import allowedaddresspairs as addr_pair
 from neutron.extensions import multiprovidernet as mpnet
-from neutron.extensions import portsecurity as psec
 from neutron.extensions import providernet
 from neutron.extensions import securitygroup as ext_sg
 from neutron.extensions import vlantransparent as vlan_ext
@ -355,7 +356,7 @@ class NsxDvsV2(addr_pair_db.AllowedAddressPairsMixin,
            if has_ip:
                self._ensure_default_security_group_on_port(context, port)
            elif validators.is_attr_set(port_data.get(ext_sg.SECURITYGROUPS)):
-                raise psec.PortSecurityAndIPRequiredForSecurityGroups()
+                raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
            port_data[ext_sg.SECURITYGROUPS] = (
                self._get_security_groups_on_port(context, port))
            self._process_port_create_security_group(
--- a/vmware_nsx/plugins/nsx_mh/plugin.py
+++ b/vmware_nsx/plugins/nsx_mh/plugin.py
@ -15,10 +15,12 @@

 import uuid

+from neutron_lib.api.definitions import port_security as psec
 from neutron_lib.api import validators
 from neutron_lib import constants
 from neutron_lib import context as q_context
 from neutron_lib import exceptions as n_exc
+from neutron_lib.exceptions import port_security as psec_exc
 from oslo_concurrency import lockutils
 from oslo_config import cfg
 from oslo_db import exception as db_exc
@ -60,7 +62,6 @@ from neutron.extensions import extra_dhcp_opt as edo_ext
 from neutron.extensions import extraroute
 from neutron.extensions import l3
 from neutron.extensions import multiprovidernet as mpnet
-from neutron.extensions import portsecurity as psec
 from neutron.extensions import providernet
 from neutron.extensions import securitygroup as ext_sg
 from neutron.plugins.common import utils
@ -1145,7 +1146,7 @@ class NsxPluginV2(addr_pair_db.AllowedAddressPairsMixin,
                self._ensure_default_security_group_on_port(context, port)
            elif self._check_update_has_security_groups(
                 {'port': port_data}):
-                raise psec.PortSecurityAndIPRequiredForSecurityGroups()
+                raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
            port_data[ext_sg.SECURITYGROUPS] = (
                self._get_security_groups_on_port(context, port))
            self._process_port_create_security_group(
@ -1250,7 +1251,7 @@ class NsxPluginV2(addr_pair_db.AllowedAddressPairsMixin,
            # security groups, port security is set and port has ip
            if not (has_ip and ret_port[psec.PORTSECURITY]):
                if has_security_groups:
-                    raise psec.PortSecurityAndIPRequiredForSecurityGroups()
+                    raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
                # Update did not have security groups passed in. Check
                # that port does not have any security groups already on it.
                filters = {'port_id': [id]}
@ -1259,7 +1260,7 @@ class NsxPluginV2(addr_pair_db.AllowedAddressPairsMixin,
                        context, filters)
                )
                if security_groups and not delete_security_groups:
-                    raise psec.PortSecurityPortHasSecurityGroup()
+                    raise psec_exc.PortSecurityPortHasSecurityGroup()

            if (delete_security_groups or has_security_groups):
                # delete the port binding and read it with the new rules.
--- a/vmware_nsx/plugins/nsx_v/plugin.py
+++ b/vmware_nsx/plugins/nsx_v/plugin.py
@ -18,12 +18,14 @@ import six
 import uuid

 import netaddr
+from neutron_lib.api.definitions import port_security as psec
 from neutron_lib.api.definitions import provider_net as pnet
 from neutron_lib.api import validators
 from neutron_lib import constants
 from neutron_lib import context as n_context
 from neutron_lib.db import constants as db_const
 from neutron_lib import exceptions as n_exc
+from neutron_lib.exceptions import port_security as psec_exc
 from neutron_lib.plugins import constants as plugin_const
 from neutron_lib.plugins import directory
 from oslo_config import cfg
@ -70,7 +72,6 @@ from neutron.extensions import extra_dhcp_opt as ext_edo
 from neutron.extensions import flavors
 from neutron.extensions import l3
 from neutron.extensions import multiprovidernet as mpnet
-from neutron.extensions import portsecurity as psec
 from neutron.extensions import providernet
 from neutron.extensions import securitygroup as ext_sg
 from neutron.extensions import vlantransparent as ext_vlan
@ -1709,7 +1710,7 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
            if has_ip:
                self._ensure_default_security_group_on_port(context, port)
            elif (has_security_groups or provider_sg_specified):
-                raise psec.PortSecurityAndIPRequiredForSecurityGroups()
+                raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
            else:
                port_data[provider_sg.PROVIDER_SECURITYGROUPS] = []

@ -1948,13 +1949,13 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
            # checks that if update adds/modify security groups,
            # then port has ip
            if not has_ip:
-                if (has_security_groups or provider_sgs_specified):
-                        raise psec.PortSecurityAndIPRequiredForSecurityGroups()
+                if has_security_groups or provider_sgs_specified:
+                    raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
                if ((not delete_security_groups
                     and original_port[ext_sg.SECURITYGROUPS]) or
-                    (not delete_provider_sg and
-                     original_port[provider_sg.PROVIDER_SECURITYGROUPS])):
-                        raise psec.PortSecurityAndIPRequiredForSecurityGroups()
+                        (not delete_provider_sg and
+                         original_port[provider_sg.PROVIDER_SECURITYGROUPS])):
+                    raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()

            if delete_security_groups or has_security_groups:
                self.update_security_group_on_port(context, id, port,
--- a/vmware_nsx/plugins/nsx_v3/plugin.py
+++ b/vmware_nsx/plugins/nsx_v3/plugin.py
@ -14,6 +14,8 @@
 #    under the License.

 import netaddr
+from neutron_lib.api.definitions import port_security as psec
+from neutron_lib.exceptions import port_security as psec_exc
 import six

 from neutron.api.rpc.agentnotifiers import dhcp_rpc_agent_api
@ -48,7 +50,6 @@ from neutron.extensions import availability_zone as az_ext
 from neutron.extensions import external_net as ext_net_extn
 from neutron.extensions import extra_dhcp_opt as ext_edo
 from neutron.extensions import l3
-from neutron.extensions import portsecurity as psec
 from neutron.extensions import providernet
 from neutron.extensions import securitygroup as ext_sg
 from neutron.plugins.common import utils as n_utils
@ -1674,7 +1675,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
            self._ensure_default_security_group_on_port(context, port)
        elif self._check_update_has_security_groups(
                {'port': port_data}):
-            raise psec.PortSecurityAndIPRequiredForSecurityGroups()
+            raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
        port_data[ext_sg.SECURITYGROUPS] = (
            self._get_security_groups_on_port(context, port))
        return port_security, has_ip
@ -2216,7 +2217,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
        if (validate_port_sec and
            not (has_ip and updated_port[psec.PORTSECURITY])):
            if has_security_groups:
-                raise psec.PortSecurityAndIPRequiredForSecurityGroups()
+                raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
            # Update did not have security groups passed in. Check
            # that port does not have any security groups already on it.
            filters = {'port_id': [id]}
@ -2225,7 +2226,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
                    context, filters)
            )
            if security_groups and not delete_security_groups:
-                raise psec.PortSecurityPortHasSecurityGroup()
+                raise psec_exc.PortSecurityPortHasSecurityGroup()

        if delete_security_groups or has_security_groups:
            # delete the port binding and read it with the new rules.
--- a/vmware_nsx/tests/unit/extensions/test_addresspairs.py
+++ b/vmware_nsx/tests/unit/extensions/test_addresspairs.py
@ -12,10 +12,10 @@
 #    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 #    License for the specific language governing permissions and limitations
 #    under the License.
+from neutron_lib.api.definitions import port_security as psec
 from oslo_config import cfg

 from neutron.extensions import allowedaddresspairs as addr_pair
-from neutron.extensions import portsecurity as psec
 from neutron.tests.unit.db import test_allowedaddresspairs_db as ext_pairs

 from vmware_nsx.tests.unit.nsx_mh import test_plugin as test_nsx_plugin