Address pairs not allowed with no port security

Config: Address pairs should not be allowed when port security is not enabled Fix: raising 400 error from cfg_api and catching it in vnc_openstack to raise 'AddressPairAndPortSecurityRequired' neutron exception. Change-Id: I230779b93225ed5279b789b7a0d169bc2535d33c Closes-Bug: 1685030
Juniper · May 2, 2017 · 4409392 · 4409392
1 parent 1f6543f
commit 4409392
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 4 deletions.
diff --git a/src/config/api-server/tests/test_crud_basic.py b/src/config/api-server/tests/test_crud_basic.py
@@ -685,7 +685,7 @@ def test_port_security_and_allowed_address_pairs(self):
         # updating a port with allowed address pair should throw an exception
         # when port security enabled is set to false
         port_obj.virtual_machine_interface_allowed_address_pairs = addr_pair
-        with ExpectedException(RefsExistError) as e:
+        with ExpectedException(BadRequest) as e:
             self._vnc_lib.virtual_machine_interface_update(port_obj)
     # end test_port_security_and_allowed_address_pairs
 # end class TestCrud

diff --git a/src/config/api-server/vnc_cfg_types.py b/src/config/api-server/vnc_cfg_types.py
@@ -854,7 +854,7 @@ def _check_port_security_and_address_pairs(cls, obj_dict, db_dict={}):
         if not port_security and address_pairs is not None:
             msg = "Allowed address pairs are not allowed when port "\
                   "security is disabled"
-            return (False, (409, msg))
+            return (False, (400, msg))
 
         return True, ""
 

diff --git a/src/config/vnc_openstack/vnc_openstack/neutron_plugin_db.py b/src/config/vnc_openstack/vnc_openstack/neutron_plugin_db.py
@@ -3836,7 +3836,18 @@ def port_create(self, context, port_q):
 
         # always request for v4 and v6 ip object and handle the failure
         # create the object
-        port_id = self._resource_create('virtual_machine_interface', port_obj)
+        try:
+            port_id = self._resource_create('virtual_machine_interface', port_obj)
+        except BadRequest as e:
+            msg = "Allowed address pairs are not allowed when port "\
+                  "security is disabled"
+            if msg == str(e):
+                self._raise_contrail_exception(
+                   'AddressPairAndPortSecurityRequired')
+            else:
+                self._raise_contrail_exception(
+                   'BadRequest', resource='port', msg=str(e))
+
         self._vnc_lib.chown(port_id, tenant_id)
         # add support, nova boot --nic subnet-id=subnet_uuid
         subnet_id = port_q.get('subnet_id')
@@ -3932,7 +3943,18 @@ def port_update(self, port_id, port_q):
         port_obj = self._port_neutron_to_vnc(port_q, None, UPDATE)
         net_id = port_obj.get_virtual_network_refs()[0]['uuid']
         net_obj = self._network_read(net_id)
-        self._virtual_machine_interface_update(port_obj)
+        try:
+            self._virtual_machine_interface_update(port_obj)
+        except BadRequest as e:
+            msg = "Allowed address pairs are not allowed when port "\
+                  "security is disabled"
+            if msg == str(e):
+                self._raise_contrail_exception(
+                   'AddressPairAndPortSecurityRequired')
+            else:
+                self._raise_contrail_exception(
+                   'BadRequest', resource='port', msg=str(e))
+
         port_obj = self._virtual_machine_interface_read(port_id=port_id)
         ret_port_q = self._port_vnc_to_neutron(port_obj)