Bug 138
* Support enabling/disabling port security feature on VDU
* Openstack changes to support port enabling/disabling
Fix by: Hashir Mohammed <hashir.mohammed@riftio.com>
Signed-off-by: Philip Joseph <philip.joseph@riftio.com>
diff --git a/models/plugins/yang/vnfd.yang b/models/plugins/yang/vnfd.yang
index 1c36433..0806bf1 100644
--- a/models/plugins/yang/vnfd.yang
+++ b/models/plugins/yang/vnfd.yang
@@ -67,6 +67,11 @@
description "Type of the connection point.";
type manotypes:connection-point-type;
}
+ leaf port-security-enabled {
+ description "Enables the port security for the port";
+ type boolean;
+ default true;
+ }
}
grouping virtual-interface {
diff --git a/rwcal/plugins/vala/rwcal_openstack/rift/rwcal/openstack/openstack_drv.py b/rwcal/plugins/vala/rwcal_openstack/rift/rwcal/openstack/openstack_drv.py
index 798d41d..a88013a 100644
--- a/rwcal/plugins/vala/rwcal_openstack/rift/rwcal/openstack/openstack_drv.py
+++ b/rwcal/plugins/vala/rwcal_openstack/rift/rwcal/openstack/openstack_drv.py
@@ -1436,7 +1436,8 @@
"name" : kwargs['name'],
"network_id" : kwargs['network_id'],
"fixed_ips" : [ {"subnet_id": kwargs['subnet_id']}],
- "binding:vnic_type" : kwargs['port_type']}}
+ "binding:vnic_type" : kwargs['port_type'],
+ "port_security_enabled" : kwargs['port_security_enabled']}}
ntconn = self._get_neutron_connection()
try:
diff --git a/rwcal/plugins/vala/rwcal_openstack/rwcal_openstack.py b/rwcal/plugins/vala/rwcal_openstack/rwcal_openstack.py
index 8a4c337..7cdc240 100644
--- a/rwcal/plugins/vala/rwcal_openstack/rwcal_openstack.py
+++ b/rwcal/plugins/vala/rwcal_openstack/rwcal_openstack.py
@@ -1500,6 +1500,12 @@
else:
raise NotImplementedError("Port Type: %s not supported" %(c_point.type_yang))
+ # By default port gets created with post_security enaled as True
+ if c_point.port_security_enabled is not None and c_point.port_security_enabled == False:
+ kwargs['port_security_enabled'] = False
+ else:
+ kwargs['port_security_enabled'] = True
+
with self._use_driver(account) as drv:
if c_point.has_field('security_group'):
group = drv.neutron_security_group_by_name(c_point.security_group)
diff --git a/rwcal/plugins/yang/rwcal.yang b/rwcal/plugins/yang/rwcal.yang
index 872375d..c04462f 100644
--- a/rwcal/plugins/yang/rwcal.yang
+++ b/rwcal/plugins/yang/rwcal.yang
@@ -982,6 +982,10 @@
description "Name of the security group";
type string;
}
+ leaf port-security-enabled {
+ description "Enables the port security";
+ type boolean;
+ }
uses connection-point-type;
}
@@ -1061,6 +1065,10 @@
type boolean;
default false;
}
+ leaf port-security-enabled {
+ description "Enables the port security";
+ type boolean;
+ }
uses connection-point-type;
}
diff --git a/rwlaunchpad/plugins/rwnsm/rift/tasklets/rwnsmtasklet/rwnsmtasklet.py b/rwlaunchpad/plugins/rwnsm/rift/tasklets/rwnsmtasklet/rwnsmtasklet.py
index 16431be..dce9ebe 100755
--- a/rwlaunchpad/plugins/rwnsm/rift/tasklets/rwnsmtasklet/rwnsmtasklet.py
+++ b/rwlaunchpad/plugins/rwnsm/rift/tasklets/rwnsmtasklet/rwnsmtasklet.py
@@ -963,7 +963,8 @@
vnfr = RwVnfrYang.YangData_Vnfr_VnfrCatalog_Vnfr.from_dict(vnfr_dict)
- vnfr.vnfd = VnfrYang.YangData_Vnfr_VnfrCatalog_Vnfr_Vnfd.from_dict(self.vnfd.as_dict())
+ vnfr.vnfd = VnfrYang.YangData_Vnfr_VnfrCatalog_Vnfr_Vnfd.from_dict(self.vnfd.as_dict(),
+ ignore_missing_keys=True)
vnfr.member_vnf_index_ref = self.member_vnf_index
vnfr.vnf_configuration.from_dict(self._vnfd.vnf_configuration.as_dict())
@@ -1120,6 +1121,7 @@
cpr = VnfrYang.YangData_Vnfr_VnfrCatalog_Vnfr_ConnectionPoint()
cpr.name = conn_p.name
cpr.type_yang = conn_p.type_yang
+ cpr.port_security_enabled = conn_p.port_security_enabled
vlr_ref = find_vlr_for_cp(conn_p)
if vlr_ref is None:
msg = "Failed to find VLR for cp = %s" % conn_p.name
diff --git a/rwlaunchpad/plugins/rwvnfm/rift/tasklets/rwvnfmtasklet/rwvnfmtasklet.py b/rwlaunchpad/plugins/rwvnfm/rift/tasklets/rwvnfmtasklet/rwvnfmtasklet.py
index 87f497d..f456b16 100755
--- a/rwlaunchpad/plugins/rwvnfm/rift/tasklets/rwvnfmtasklet/rwvnfmtasklet.py
+++ b/rwlaunchpad/plugins/rwvnfm/rift/tasklets/rwvnfmtasklet/rwvnfmtasklet.py
@@ -466,13 +466,13 @@
ei_list = []
for intf, cp, vlr in self._ext_intf:
- ei_list.append({"name": cp,
- "vnfd_connection_point_ref": cp,
+ ei_list.append({"name": cp.name,
+ "vnfd_connection_point_ref": cp.name,
"virtual_interface": {}})
- self._vnfr.update_cp(cp,
- self.cp_ip_addr(cp),
- self.cp_mac_addr(cp),
- self.cp_id(cp))
+ self._vnfr.update_cp(cp.name,
+ self.cp_ip_addr(cp.name),
+ self.cp_mac_addr(cp.name),
+ self.cp_id(cp.name))
vdur_dict["external_interface"] = ei_list
@@ -633,9 +633,10 @@
cp_list = []
for intf, cp, vlr in self._ext_intf:
- cp_info = {"name": cp,
+ cp_info = {"name": cp.name,
"virtual_link_id": vlr.network_id,
- "type_yang": intf.virtual_interface.type_yang}
+ "type_yang": intf.virtual_interface.type_yang,
+ "port_security_enabled": cp.port_security_enabled}
if (intf.virtual_interface.has_field('vpci') and
intf.virtual_interface.vpci is not None):
@@ -656,7 +657,8 @@
else:
cp_list.append({"name": cp,
"virtual_link_id": vlr.network_id,
- "type_yang": intf.virtual_interface.type_yang})
+ "type_yang": intf.virtual_interface.type_yang,
+ "port_security_enabled": cp.port_security_enabled})
vm_create_msg_dict["connection_points"] = cp_list
vm_create_msg_dict.update(vdu_copy_dict)
@@ -781,7 +783,7 @@
vlr = vnfr.ext_vlr_by_id(cp.vlr_ref)
- etuple = (ext_intf, cp.name, vlr)
+ etuple = (ext_intf, cp, vlr)
self._ext_intf.append(etuple)
self._log.debug("Created external interface tuple : %s", etuple)
@@ -1809,7 +1811,7 @@
def cpr_from_cp(cp):
""" Creates a record level connection point from the desciptor cp"""
- cp_fields = ["name", "image", "vm-flavor"]
+ cp_fields = ["name", "image", "vm-flavor", "port_security_enabled"]
cp_copy_dict = {k: v for k, v in cp.as_dict().items() if k in cp_fields}
cpr_dict = {}
cpr_dict.update(cp_copy_dict)