104cbf9e60
This patch adds implementation of the "port_trusted_vif" API extension as ml2 extension. With this extension enabled, it is now possible for ADMIN users to set port as trusted without modifying directly 'binding:profile' field which is supposed to be just for machine to machine communication. Value set in the 'trusted' attribute of the port is included in the port's binding:profile so that it is still in the same place where e.g. Nova expects it. For now setting this flag directly in the port's binding:profile field is not forbidden and only warning is generated in such case but in future releases it should be forbiden and only allowed to be done using this new attribute of the port resource. This patch implements also definition of the new API extension directly in Neutron. It is temporary and will be removed once patch [1] in neutron-lib will be merged and released. [1] https://review.opendev.org/c/openstack/neutron-lib/+/923860 Closes-Bug: #2060916 Change-Id: I69785c5d72a5dc659c5a2f27e043c686790b4d2b
18 lines
829 B
YAML
18 lines
829 B
YAML
---
|
|
features:
|
|
- |
|
|
New ML2 plugin extension ``port_trusted`` is now available. This extension
|
|
implements the ``port_trusted_vif`` API extension which adds to the port resource
|
|
a new boolean field called ``trusted``. This field should be used by admin users
|
|
to set the port as trusted what was previously possible only through the port's
|
|
``binding:profile`` dictionary. Value of the ``trusted`` field is still visible
|
|
in the port's ``binding:profile`` dictionary so that for example Nova still has
|
|
it where it is expected to be.
|
|
|
|
deprecations:
|
|
- |
|
|
Setting ``trusted`` key directly in the port's ``binding:profile`` is
|
|
deprecated and will be forbidden in future releases. Dedicated port's
|
|
attribute ``trusted``, added by the API extension ``port_trusted_vif``
|
|
should be used instead.
|