]> review.fuel-infra Code Review - openstack-build/neutron-build.git/commitdiff
Code Review / openstack-build / neutron-build.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 00d638a)
NSX: fix router ports port_security_enabled=False
authorAaron Rosen <aaronorosen@gmail.com>
Fri, 18 Jul 2014 19:09:12 +0000 (12:09 -0700)
committerAaron Rosen <aaronorosen@gmail.com>
Mon, 21 Jul 2014 20:15:46 +0000 (13:15 -0700)
Previously there was a bug that resulted in a security group being
added to router ports which was not supported in NSX. Removing the
security group didn't actually completely solve the problem as we
never cleared the allowed_address_pairs on the router port. This
patch fixes this issue by disabling port_security_enabled on the
router port.

Change-Id: Ib61756e3bd5866318cbc3bb9856344571399d656
Closes-bug: 1344266
Related-bug: 1329043

neutron/plugins/vmware/plugins/base.py patch | blob | history
neutron/tests/unit/vmware/test_nsx_plugin.py patch | blob | history

diff --git a/neutron/plugins/vmware/plugins/base.py b/neutron/plugins/vmware/plugins/base.py
index d437828083e849fc667178faf079794a52cd252c..e1d8a2d89caf07e2e5ccdfd3ba7f3515466b071f 100644 (file)
--- a/neutron/plugins/vmware/plugins/base.py
+++ b/neutron/plugins/vmware/plugins/base.py
@@ -1718,10 +1718,11 @@ class NsxPluginV2(addr_pair_db.AllowedAddressPairsMixin,
         if port_id:
             port_data = self.get_port(context, port_id)
             # If security groups are present we need to remove them as
-            # this is a router port.
+            # this is a router port and disable port security.
             if port_data['security_groups']:
                 self.update_port(context, port_id,
-                                 {'port': {'security_groups': []}})
+                                 {'port': {'security_groups': [],
+                                           psec.PORTSECURITY: False}})
             nsx_switch_id, nsx_port_id = nsx_utils.get_nsx_switch_and_port_id(
                 context.session, self.cluster, port_id)
             # Unplug current attachment from lswitch port
diff --git a/neutron/tests/unit/vmware/test_nsx_plugin.py b/neutron/tests/unit/vmware/test_nsx_plugin.py
index 62f48842a88dfe4c1539d6fff5ecc0514eee97ae..d85c95baa4a1882a331016e639583386ef2f5ad8 100644 (file)
--- a/neutron/tests/unit/vmware/test_nsx_plugin.py
+++ b/neutron/tests/unit/vmware/test_nsx_plugin.py
@@ -1007,6 +1007,7 @@ class TestL3NatTestCase(L3NatTest,
                 # fetch port and confirm no security-group on it.
                 body = self._show('ports', p['port']['id'])
                 self.assertEqual(body['port']['security_groups'], [])
+                self.assertFalse(body['port']['port_security_enabled'])
                 # clean-up
                 self._router_interface_action('remove',
                                               r['router']['id'],