From: Akihiro MOTOKI <motoki@da.jp.nec.com>
Date: Sat, 12 Jan 2013 12:42:32 +0000 (+0900)
Subject: Inform a client if Quantum provides port filtering feature
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=01f3b1f438a5a52fbc812a2c83e8d19e5fbbc928;p=openstack-build%2Fneutron-build.git

Inform a client if Quantum provides port filtering feature

Part of blueprint vif-plugging-improvements

Quantum and Nova have duplicated functionality of packet filtering
such as security groups and anti spoofing filters.
By passing information whether Quantum supports the port filtering feature,
Nova VIF driver can skip its own packet filtering setup.

It is based on Daniel's advise in https://review.openstack.org/#/c/19436/

Change-Id: Ifd260cb61aa3990251510a4a3fe15454d8d584df
---

diff --git a/quantum/extensions/portbindings.py b/quantum/extensions/portbindings.py
index e3276c86f..536898511 100644
--- a/quantum/extensions/portbindings.py
+++ b/quantum/extensions/portbindings.py
@@ -24,6 +24,12 @@ HOST_ID = 'binding:host_id'
 # on the specific host to pass and receive vif port specific information to
 # the plugin.
 PROFILE = 'binding:profile'
+# The capabilities will be a dictionary that enables pass information about
+# functionalies quantum provides. The following value should be provided.
+#  - port_filter : Boolean value indicating Quantum provides port filtering
+#                  features such as security group and anti MAC/IP spoofing
+CAPABILITIES = 'binding:capabilities'
+CAP_PORT_FILTER = 'port_filter'
 
 VIF_TYPE_OVS = 'ovs'
 VIF_TYPE_BRIDGE = 'bridge'
@@ -41,7 +47,11 @@ EXTENDED_ATTRIBUTES_2_0 = {
                   'is_visible': True},
         PROFILE: {'allow_post': True, 'allow_put': True,
                   'default': attributes.ATTR_NOT_SPECIFIED,
+                  'validate': {'type:dict': None},
                   'is_visible': True},
+        CAPABILITIES: {'allow_post': False, 'allow_put': False,
+                       'default': attributes.ATTR_NOT_SPECIFIED,
+                       'is_visible': True},
     }
 }
 
diff --git a/quantum/plugins/linuxbridge/lb_quantum_plugin.py b/quantum/plugins/linuxbridge/lb_quantum_plugin.py
index 4267d9ac0..995dbb910 100644
--- a/quantum/plugins/linuxbridge/lb_quantum_plugin.py
+++ b/quantum/plugins/linuxbridge/lb_quantum_plugin.py
@@ -431,6 +431,9 @@ class LinuxBridgePluginV2(db_base_plugin_v2.QuantumDbPluginV2,
     def _extend_port_dict_binding(self, context, port):
         if self._check_view_auth(context, port, self.binding_view):
             port[portbindings.VIF_TYPE] = portbindings.VIF_TYPE_BRIDGE
+            port[portbindings.CAPABILITIES] = {
+                portbindings.CAP_PORT_FILTER:
+                'security-group' in self.supported_extension_aliases}
         return port
 
     def get_port(self, context, id, fields=None):
diff --git a/quantum/tests/unit/linuxbridge/test_linuxbridge_plugin.py b/quantum/tests/unit/linuxbridge/test_linuxbridge_plugin.py
index c27a2098f..3eed40fde 100644
--- a/quantum/tests/unit/linuxbridge/test_linuxbridge_plugin.py
+++ b/quantum/tests/unit/linuxbridge/test_linuxbridge_plugin.py
@@ -48,8 +48,10 @@ class TestLinuxBridgePortsV2(test_plugin.TestPortsV2,
         plugin = QuantumManager.get_plugin()
         with self.port(name='name') as port:
             port_id = port['port']['id']
-            self.assertEqual(port['port']['binding:vif_type'],
+            self.assertEqual(port['port'][portbindings.VIF_TYPE],
                              portbindings.VIF_TYPE_BRIDGE)
+            port_cap = port['port'][portbindings.CAPABILITIES]
+            self.assertEqual(port_cap[portbindings.CAP_PORT_FILTER], True)
             # By default user is admin - now test non admin user
             ctx = context.Context(user_id=None,
                                   tenant_id=self._tenant_id,
@@ -57,7 +59,8 @@ class TestLinuxBridgePortsV2(test_plugin.TestPortsV2,
                                   read_deleted="no")
             non_admin_port = plugin.get_port(ctx, port_id)
             self.assertTrue('status' in non_admin_port)
-            self.assertFalse('binding:vif_type' in non_admin_port)
+            self.assertFalse(portbindings.VIF_TYPE in non_admin_port)
+            self.assertFalse(portbindings.CAPABILITIES in non_admin_port)
 
     def test_ports_vif_details(self):
         cfg.CONF.set_default('allow_overlapping_ips', True)
@@ -67,8 +70,10 @@ class TestLinuxBridgePortsV2(test_plugin.TestPortsV2,
             ports = plugin.get_ports(ctx)
             self.assertEqual(len(ports), 2)
             for port in ports:
-                self.assertEqual(port['binding:vif_type'],
+                self.assertEqual(port[portbindings.VIF_TYPE],
                                  portbindings.VIF_TYPE_BRIDGE)
+                port_cap = port[portbindings.CAPABILITIES]
+                self.assertEqual(port_cap[portbindings.CAP_PORT_FILTER], True)
             # By default user is admin - now test non admin user
             ctx = context.Context(user_id=None,
                                   tenant_id=self._tenant_id,
@@ -78,7 +83,9 @@ class TestLinuxBridgePortsV2(test_plugin.TestPortsV2,
             self.assertEqual(len(ports), 2)
             for non_admin_port in ports:
                 self.assertTrue('status' in non_admin_port)
-                self.assertFalse('binding:vif_type' in non_admin_port)
+                self.assertFalse(portbindings.VIF_TYPE in non_admin_port)
+                self.assertFalse(portbindings.CAP_PORT_FILTER
+                                 in non_admin_port)
 
 
 class TestLinuxBridgeNetworksV2(test_plugin.TestNetworksV2,