Merge "Allow port security updates even without security-groups enabled"

This commit is contained in:
Jenkins 2017-05-26 01:05:05 +00:00 committed by Gerrit Code Review
commit fb825f2b9c
2 changed files with 24 additions and 0 deletions

View File

@ -1199,6 +1199,8 @@ class Ml2Plugin(db_base_plugin_v2.NeutronDbPluginV2,
raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
elif (not
self._check_update_deletes_security_groups(port)):
if not utils.is_extension_supported(self, 'security-group'):
return
# Update did not have security groups passed in. Check
# that port does not have any security groups already on it.
filters = {'port_id': [id]}

View File

@ -2099,6 +2099,28 @@ class TestMl2AllowedAddressPairs(Ml2PluginV2TestCase,
plugin=PLUGIN_NAME)
class TestMl2PortSecurity(Ml2PluginV2TestCase):
def setUp(self):
config.cfg.CONF.set_override('extension_drivers',
['port_security'],
group='ml2')
config.cfg.CONF.set_override('enable_security_group',
False,
group='SECURITYGROUP')
super(TestMl2PortSecurity, self).setUp()
def test_port_update_without_security_groups(self):
with self.port() as port:
plugin = directory.get_plugin()
ctx = context.get_admin_context()
self.assertTrue(port['port']['port_security_enabled'])
updated_port = plugin.update_port(
ctx, port['port']['id'],
{'port': {'port_security_enabled': False}})
self.assertFalse(updated_port['port_security_enabled'])
class TestMl2HostsNetworkAccess(Ml2PluginV2TestCase):
_mechanism_drivers = ['openvswitch', 'logger']