def update_port(self, context, id, port):
delete_addr_pairs = self._check_update_deletes_allowed_address_pairs(
port)
has_addr_pairs = self._check_update_has_allowed_address_pairs(port)
with db_api.CONTEXT_WRITER.using(context):
ret_port = super(NsxDvsV2, self).update_port(context, id, port)
# Save current mac learning state to check whether it's
# being updated or not
# copy values over - except fixed_ips as
# they've already been processed
port['port'].pop('fixed_ips', None)
ret_port.update(port['port'])
# populate port_security setting, ignoring vlan network ports.
network_type = self._dvs_get_network(
context, ret_port['network_id'])['provider:network_type']
if (psec.PORTSECURITY not in port['port']
and network_type != 'vlan'):
ret_port[psec.PORTSECURITY] = self._get_port_security_binding(
context, id)
# validate port security and allowed address pairs
if not ret_port[psec.PORTSECURITY]:
# has address pairs in request
if has_addr_pairs:
raise addr_exc.AddressPairAndPortSecurityRequired()
elif not delete_addr_pairs:
# check if address pairs are in db
ret_port[addr_apidef.ADDRESS_PAIRS] = (
self.get_allowed_address_pairs(context, id))
if ret_port[addr_apidef.ADDRESS_PAIRS]:
raise addr_exc.AddressPairAndPortSecurityRequired()
if delete_addr_pairs or has_addr_pairs:
# delete address pairs and read them in
self._delete_allowed_address_pairs(context, id)
self._process_create_allowed_address_pairs(
context, ret_port, ret_port[addr_apidef.ADDRESS_PAIRS])
if psec.PORTSECURITY in port['port']:
if network_type != 'vlan':
self._process_port_port_security_update(
context, port['port'], ret_port)
else:
ret_port[psec.PORTSECURITY] = False
self._process_vnic_type(context, port['port'], id)
LOG.debug("Updating port: %s", port)
self._extension_manager.process_update_port(
context, port['port'], ret_port)
self._process_portbindings_create_and_update(
context, port['port'], ret_port)
return ret_port
def create_port(self, context, port):
# If PORTSECURITY is not the default value ATTR_NOT_SPECIFIED
# then we pass the port to the policy engine. The reason why we don't
# pass the value to the policy engine when the port is
# ATTR_NOT_SPECIFIED is for the case where a port is created on a
# shared network that is not owned by the tenant.
port_data = port['port']
with db_api.CONTEXT_WRITER.using(context):
# First we allocate port in neutron database
neutron_db = super(NsxDvsV2, self).create_port(context, port)
self._extension_manager.process_create_port(
context, port_data, neutron_db)
port_security = self._get_network_security_binding(
context, neutron_db['network_id'])
port_data[psec.PORTSECURITY] = port_security
self._process_port_port_security_create(context, port_data,
neutron_db)
# Update fields obtained from neutron db (eg: MAC address)
port["port"].update(neutron_db)
has_ip = self._ip_on_port(neutron_db)
# security group extension checks
if has_ip:
self._ensure_default_security_group_on_port(context, port)
elif validators.is_attr_set(port_data.get(ext_sg.SECURITYGROUPS)):
raise psec_exc.PortSecurityAndIPRequiredForSecurityGroups()
port_data[ext_sg.SECURITYGROUPS] = (
self._get_security_groups_on_port(context, port))
self._process_port_create_security_group(
context, port_data, port_data[ext_sg.SECURITYGROUPS])
self._process_portbindings_create_and_update(
context, port['port'], port_data)
# allowed address pair checks
if validators.is_attr_set(port_data.get(
addr_apidef.ADDRESS_PAIRS)):
if not port_security:
raise addr_exc.AddressPairAndPortSecurityRequired()
else:
self._process_create_allowed_address_pairs(
context, neutron_db,
port_data[addr_apidef.ADDRESS_PAIRS])
else:
# remove ATTR_NOT_SPECIFIED
port_data[addr_apidef.ADDRESS_PAIRS] = []
self._process_portbindings_create_and_update(
context, port['port'], port_data)
self._process_vnic_type(context, port_data, neutron_db['id'])
LOG.debug(
"create_port completed on NSX for tenant "
"%(tenant_id)s: (%(id)s)", port_data)
# DB Operation is complete, perform DVS operation
port_data = port['port']
# this extra lookup is necessary to get the
# latest db model for the extension functions
port_model = self._get_port(context, port_data['id'])
resource_extend.apply_funcs('ports', port_data, port_model)
self._extend_port_dict_binding(port_data, port_model)
self.handle_port_dhcp_access(context, port_data, action='create_port')
return port_data