use neutron-lib port security api-def

The port security API definition has been in neutron-lib for awhile.
This patch consumes the definition from neutron-lib.
See If43b65861efc536d01c43dc0d2bbcbcf062c1271 for additional details.

Change-Id: I934db01ffe43d0cbd9d9bef00d48d4a8b9536e5c

vmware_nsx/plugins/dvs/plugin.py

@@ -15,6 +15,8 @@
 
 import uuid
 
+from neutron_lib.api.definitions import port_security as psec
+from neutron_lib.exceptions import port_security as psec_exc
 from oslo_log import log as logging
 from oslo_utils import excutils
 
@@ -36,7 +38,6 @@ from neutron.db import securitygroups_db
 from neutron.db import vlantransparent_db as vlan_ext_db
 from neutron.extensions import allowedaddresspairs as addr_pair
 from neutron.extensions import multiprovidernet as mpnet
-from neutron.extensions import portsecurity as psec
 from neutron.extensions import providernet
 from neutron.extensions import securitygroup as ext_sg
 from neutron.extensions import vlantransparent as vlan_ext
@@ -355,7 +356,7 @@ class NsxDvsV2(addr_pair_db.AllowedAddressPairsMixin,
             if has_ip:
                 self._ensure_default_security_group_on_port(context, port)
             elif validators.is_attr_set(port_data.get(ext_sg.SECURITYGROUPS)):
-                raise psec.PortSecurityAndIPRequiredForSecurityGroups()
+                raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
             port_data[ext_sg.SECURITYGROUPS] = (
                 self._get_security_groups_on_port(context, port))
             self._process_port_create_security_group(

vmware_nsx/plugins/nsx_mh/plugin.py

@@ -15,10 +15,12 @@
 
 import uuid
 
+from neutron_lib.api.definitions import port_security as psec
 from neutron_lib.api import validators
 from neutron_lib import constants
 from neutron_lib import context as q_context
 from neutron_lib import exceptions as n_exc
+from neutron_lib.exceptions import port_security as psec_exc
 from oslo_concurrency import lockutils
 from oslo_config import cfg
 from oslo_db import exception as db_exc
@@ -60,7 +62,6 @@ from neutron.extensions import extra_dhcp_opt as edo_ext
 from neutron.extensions import extraroute
 from neutron.extensions import l3
 from neutron.extensions import multiprovidernet as mpnet
-from neutron.extensions import portsecurity as psec
 from neutron.extensions import providernet
 from neutron.extensions import securitygroup as ext_sg
 from neutron.plugins.common import utils
@@ -1145,7 +1146,7 @@ class NsxPluginV2(addr_pair_db.AllowedAddressPairsMixin,
                 self._ensure_default_security_group_on_port(context, port)
             elif self._check_update_has_security_groups(
                  {'port': port_data}):
-                raise psec.PortSecurityAndIPRequiredForSecurityGroups()
+                raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
             port_data[ext_sg.SECURITYGROUPS] = (
                 self._get_security_groups_on_port(context, port))
             self._process_port_create_security_group(
@@ -1250,7 +1251,7 @@ class NsxPluginV2(addr_pair_db.AllowedAddressPairsMixin,
             # security groups, port security is set and port has ip
             if not (has_ip and ret_port[psec.PORTSECURITY]):
                 if has_security_groups:
-                    raise psec.PortSecurityAndIPRequiredForSecurityGroups()
+                    raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
                 # Update did not have security groups passed in. Check
                 # that port does not have any security groups already on it.
                 filters = {'port_id': [id]}
@@ -1259,7 +1260,7 @@ class NsxPluginV2(addr_pair_db.AllowedAddressPairsMixin,
                         context, filters)
                 )
                 if security_groups and not delete_security_groups:
-                    raise psec.PortSecurityPortHasSecurityGroup()
+                    raise psec_exc.PortSecurityPortHasSecurityGroup()
 
             if (delete_security_groups or has_security_groups):
                 # delete the port binding and read it with the new rules.

vmware_nsx/plugins/nsx_v/plugin.py

@@ -18,12 +18,14 @@ import six
 import uuid
 
 import netaddr
+from neutron_lib.api.definitions import port_security as psec
 from neutron_lib.api.definitions import provider_net as pnet
 from neutron_lib.api import validators
 from neutron_lib import constants
 from neutron_lib import context as n_context
 from neutron_lib.db import constants as db_const
 from neutron_lib import exceptions as n_exc
+from neutron_lib.exceptions import port_security as psec_exc
 from neutron_lib.plugins import constants as plugin_const
 from neutron_lib.plugins import directory
 from oslo_config import cfg
@@ -70,7 +72,6 @@ from neutron.extensions import extra_dhcp_opt as ext_edo
 from neutron.extensions import flavors
 from neutron.extensions import l3
 from neutron.extensions import multiprovidernet as mpnet
-from neutron.extensions import portsecurity as psec
 from neutron.extensions import providernet
 from neutron.extensions import securitygroup as ext_sg
 from neutron.extensions import vlantransparent as ext_vlan
@@ -1709,7 +1710,7 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
             if has_ip:
                 self._ensure_default_security_group_on_port(context, port)
             elif (has_security_groups or provider_sg_specified):
-                raise psec.PortSecurityAndIPRequiredForSecurityGroups()
+                raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
             else:
                 port_data[provider_sg.PROVIDER_SECURITYGROUPS] = []
 
@@ -1948,13 +1949,13 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
             # checks that if update adds/modify security groups,
             # then port has ip
             if not has_ip:
-                if (has_security_groups or provider_sgs_specified):
+                if has_security_groups or provider_sgs_specified:
-                        raise psec.PortSecurityAndIPRequiredForSecurityGroups()
+                    raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
                 if ((not delete_security_groups
                      and original_port[ext_sg.SECURITYGROUPS]) or
                         (not delete_provider_sg and
                          original_port[provider_sg.PROVIDER_SECURITYGROUPS])):
-                        raise psec.PortSecurityAndIPRequiredForSecurityGroups()
+                    raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
 
             if delete_security_groups or has_security_groups:
                 self.update_security_group_on_port(context, id, port,

vmware_nsx/plugins/nsx_v3/plugin.py

@@ -14,6 +14,8 @@
 #    under the License.
 
 import netaddr
+from neutron_lib.api.definitions import port_security as psec
+from neutron_lib.exceptions import port_security as psec_exc
 import six
 
 from neutron.api.rpc.agentnotifiers import dhcp_rpc_agent_api
@@ -48,7 +50,6 @@ from neutron.extensions import availability_zone as az_ext
 from neutron.extensions import external_net as ext_net_extn
 from neutron.extensions import extra_dhcp_opt as ext_edo
 from neutron.extensions import l3
-from neutron.extensions import portsecurity as psec
 from neutron.extensions import providernet
 from neutron.extensions import securitygroup as ext_sg
 from neutron.plugins.common import utils as n_utils
@@ -1674,7 +1675,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
             self._ensure_default_security_group_on_port(context, port)
         elif self._check_update_has_security_groups(
                 {'port': port_data}):
-            raise psec.PortSecurityAndIPRequiredForSecurityGroups()
+            raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
         port_data[ext_sg.SECURITYGROUPS] = (
             self._get_security_groups_on_port(context, port))
         return port_security, has_ip
@@ -2216,7 +2217,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
         if (validate_port_sec and
             not (has_ip and updated_port[psec.PORTSECURITY])):
             if has_security_groups:
-                raise psec.PortSecurityAndIPRequiredForSecurityGroups()
+                raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
             # Update did not have security groups passed in. Check
             # that port does not have any security groups already on it.
             filters = {'port_id': [id]}
@@ -2225,7 +2226,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
                     context, filters)
             )
             if security_groups and not delete_security_groups:
-                raise psec.PortSecurityPortHasSecurityGroup()
+                raise psec_exc.PortSecurityPortHasSecurityGroup()
 
         if delete_security_groups or has_security_groups:
             # delete the port binding and read it with the new rules.

vmware_nsx/tests/unit/extensions/test_addresspairs.py

@@ -12,10 +12,10 @@
 #    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 #    License for the specific language governing permissions and limitations
 #    under the License.
+from neutron_lib.api.definitions import port_security as psec
 from oslo_config import cfg
 
 from neutron.extensions import allowedaddresspairs as addr_pair
-from neutron.extensions import portsecurity as psec
 from neutron.tests.unit.db import test_allowedaddresspairs_db as ext_pairs
 
 from vmware_nsx.tests.unit.nsx_mh import test_plugin as test_nsx_plugin