Expose port-security knob for all network ports (connection points)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tacker |
Fix Released
|
Medium
|
Sripriya |
Bug Description
Tacker currently automatically sets "port_security_
- ports that are marked as "management"
- ports with static IP address assigned
For other simple ports specifications the port_security_
Something like,
DataCP:
type: tosca.nodes.nfv.CP
properties:
anti_
Note from Sripriya:
looks like port-security-
http://
.. which changes the default value of all ports created in that neutron network. So a similar flag can be introduced in VirtualLink as well,
InternalVL:
type: tosca.nodes.nfv.VL
properties:
cidr: 10.10.1.0/24
gateway: 10.10.1.1
anti_
description: | updated |
If the property name matches the Heat property name exactly, it will be mapped through to the OS::Neutron::Port object by heat-translator with no additional translation required. If the property name does not match the Heat property name, it will need to be modified by Tacker either before or after the HOT template is created by heat-translator.
So it might be easier to just make the property name "port_security_ enabled" , though it does raise the larger issue of tying the TOSCA node definition too closely to Heat. On the other hand, using different names for properties just because they are different than what Heat uses doesn't make a lot of sense either. I'm not making the argument either way, just wanted to lay out the two scenarios.