Allow port security to be disabled

Allow Murano application packages to specify whether port security
should be disabled for a network.  With this change, Murano will now
propagate to Heat the application's desire to disable port security
if the application sets a new flag, port_security_disable, to true
in the Neutron network object.

Change-Id: Iab25b4901010c24aef42213a7a9082b7594a5a16
Closes-Bug: 1759914
This commit is contained in:
Ellen Batbouta 2018-03-29 16:57:07 -04:00
parent 2670b434a7
commit 17f00ca8b0
1 changed files with 15 additions and 1 deletions

View File

@ -17,6 +17,10 @@ Namespaces:
Name: NeutronNetworkBase
Properties:
port_security_disable:
Contract: $.bool()
Extends: Network
Methods:
@ -82,7 +86,7 @@ Methods:
- subnet: $subnetRef
- $patchTemplate: $patchTemplate.mergeWith($template)
- If: $securityGroupsEnabled
- If: $securityGroupsEnabled and not $.port_security_disable
Then:
- If: len($securityGroups) > 0 and $securityGroups[0] != ""
Then:
@ -107,6 +111,16 @@ Methods:
- get_resource: $securityGroupName
- $patchTemplate: $patchTemplate.mergeWith($template)
- If: $.port_security_disable
Then:
- $template:
resources:
$portName:
properties:
port_security_enabled: false
- $patchTemplate: $patchTemplate.mergeWith($template)
- $instanceResources: [$portName]
- $instanceOutputs: [$addressesOutputName]