From 17f00ca8b0cc4a75879683f7c51eaf187de96f8d Mon Sep 17 00:00:00 2001 From: Ellen Batbouta Date: Thu, 29 Mar 2018 16:57:07 -0400 Subject: [PATCH] Allow port security to be disabled Allow Murano application packages to specify whether port security should be disabled for a network. With this change, Murano will now propagate to Heat the application's desire to disable port security if the application sets a new flag, port_security_disable, to true in the Neutron network object. Change-Id: Iab25b4901010c24aef42213a7a9082b7594a5a16 Closes-Bug: 1759914 --- .../Classes/resources/NeutronNetworkBase.yaml | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/meta/io.murano/Classes/resources/NeutronNetworkBase.yaml b/meta/io.murano/Classes/resources/NeutronNetworkBase.yaml index 6d390aefa..d317f41aa 100644 --- a/meta/io.murano/Classes/resources/NeutronNetworkBase.yaml +++ b/meta/io.murano/Classes/resources/NeutronNetworkBase.yaml @@ -17,6 +17,10 @@ Namespaces: Name: NeutronNetworkBase +Properties: + port_security_disable: + Contract: $.bool() + Extends: Network Methods: @@ -82,7 +86,7 @@ Methods: - subnet: $subnetRef - $patchTemplate: $patchTemplate.mergeWith($template) - - If: $securityGroupsEnabled + - If: $securityGroupsEnabled and not $.port_security_disable Then: - If: len($securityGroups) > 0 and $securityGroups[0] != "" Then: @@ -107,6 +111,16 @@ Methods: - get_resource: $securityGroupName - $patchTemplate: $patchTemplate.mergeWith($template) + - If: $.port_security_disable + Then: + - $template: + resources: + $portName: + properties: + port_security_enabled: false + + - $patchTemplate: $patchTemplate.mergeWith($template) + - $instanceResources: [$portName] - $instanceOutputs: [$addressesOutputName]