dda5081883
In addition to binding:vif_type, the neutron core plugin needs to supply various information to nova's VIF driver, such as VIF security details and PCI details when SR-IOV is being used. This information is read-only, requires admin privileges, and is not intended for normal users. Rather than add separate mechanisms throughout the stack for each such requirement, the binding:capabilities port attibute, which is a dictionary and is not currently not used by nova, is renamed to binding:vif_details to serve as a general-purpose mechanism for supplying binding-specific details to the VIF driver. This patch does not remove or replace the CAP_PORT_FILTER boolean previously used in binding:capabilities. A separate patch should implement the specific key/value pairs carried by binding:vif_details to implement VIF security. Another patch will implement the key/value pairs needed for SR-IOV. The ML2 plugin now allows the bound mechanism driver to supply the binding:vif_details dictionary content, instead of just the CAP_PORT_FILTER boolean previously carried by the binding:capabilities attribute. DocImpact: Need to update portbinding extension API, but no impact on user or administrator documentation. Implements: blueprint vif-details Related-Bug: 1112912 Change-Id: I34be746fcfa73c70f72b4f9add8eff3ac88c723f
131 lines
4.8 KiB
Python
131 lines
4.8 KiB
Python
# Copyright (c) 2013 OpenStack Foundation
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from neutron.extensions import portbindings
|
|
from neutron.plugins.ml2 import driver_api as api
|
|
|
|
|
|
class TestMechanismDriver(api.MechanismDriver):
|
|
"""Test mechanism driver for testing mechanism driver api."""
|
|
|
|
def initialize(self):
|
|
pass
|
|
|
|
def _check_network_context(self, context, original_expected):
|
|
assert(isinstance(context, api.NetworkContext))
|
|
assert(isinstance(context.current, dict))
|
|
assert(context.current['id'] is not None)
|
|
if original_expected:
|
|
assert(isinstance(context.original, dict))
|
|
assert(context.current['id'] == context.original['id'])
|
|
else:
|
|
assert(not context.original)
|
|
assert(context.network_segments)
|
|
|
|
def create_network_precommit(self, context):
|
|
self._check_network_context(context, False)
|
|
|
|
def create_network_postcommit(self, context):
|
|
self._check_network_context(context, False)
|
|
|
|
def update_network_precommit(self, context):
|
|
self._check_network_context(context, True)
|
|
|
|
def update_network_postcommit(self, context):
|
|
self._check_network_context(context, True)
|
|
|
|
def delete_network_precommit(self, context):
|
|
self._check_network_context(context, False)
|
|
|
|
def delete_network_postcommit(self, context):
|
|
self._check_network_context(context, False)
|
|
|
|
def _check_subnet_context(self, context, original_expected):
|
|
assert(isinstance(context, api.SubnetContext))
|
|
assert(isinstance(context.current, dict))
|
|
assert(context.current['id'] is not None)
|
|
if original_expected:
|
|
assert(isinstance(context.original, dict))
|
|
assert(context.current['id'] == context.original['id'])
|
|
else:
|
|
assert(not context.original)
|
|
|
|
def create_subnet_precommit(self, context):
|
|
self._check_subnet_context(context, False)
|
|
|
|
def create_subnet_postcommit(self, context):
|
|
self._check_subnet_context(context, False)
|
|
|
|
def update_subnet_precommit(self, context):
|
|
self._check_subnet_context(context, True)
|
|
|
|
def update_subnet_postcommit(self, context):
|
|
self._check_subnet_context(context, True)
|
|
|
|
def delete_subnet_precommit(self, context):
|
|
self._check_subnet_context(context, False)
|
|
|
|
def delete_subnet_postcommit(self, context):
|
|
self._check_subnet_context(context, False)
|
|
|
|
def _check_port_context(self, context, original_expected):
|
|
assert(isinstance(context, api.PortContext))
|
|
assert(isinstance(context.current, dict))
|
|
assert(context.current['id'] is not None)
|
|
if original_expected:
|
|
assert(isinstance(context.original, dict))
|
|
assert(context.current['id'] == context.original['id'])
|
|
else:
|
|
assert(not context.original)
|
|
network_context = context.network
|
|
assert(isinstance(network_context, api.NetworkContext))
|
|
self._check_network_context(network_context, False)
|
|
|
|
def create_port_precommit(self, context):
|
|
self._check_port_context(context, False)
|
|
|
|
def create_port_postcommit(self, context):
|
|
self._check_port_context(context, False)
|
|
|
|
def update_port_precommit(self, context):
|
|
self._check_port_context(context, True)
|
|
|
|
def update_port_postcommit(self, context):
|
|
self._check_port_context(context, True)
|
|
|
|
def delete_port_precommit(self, context):
|
|
self._check_port_context(context, False)
|
|
|
|
def delete_port_postcommit(self, context):
|
|
self._check_port_context(context, False)
|
|
|
|
def bind_port(self, context):
|
|
self._check_port_context(context, False)
|
|
host = context.current.get(portbindings.HOST_ID, None)
|
|
segment = context.network.network_segments[0][api.ID]
|
|
if host == "host-ovs-no_filter":
|
|
context.set_binding(segment, portbindings.VIF_TYPE_OVS,
|
|
{portbindings.CAP_PORT_FILTER: False})
|
|
elif host == "host-bridge-filter":
|
|
context.set_binding(segment, portbindings.VIF_TYPE_BRIDGE,
|
|
{portbindings.CAP_PORT_FILTER: True})
|
|
|
|
def validate_port_binding(self, context):
|
|
self._check_port_context(context, False)
|
|
return True
|
|
|
|
def unbind_port(self, context):
|
|
self._check_port_context(context, False)
|