openstack/ironic
Code Issues Proposed changes

Use auth values from neutron conf when managing Neutron ports

Browse Source 
Using the auth values from the neutron section of the Ironic
configuration prevents issues where a non-admin user is not
allowed to manage Neutron ports.

Change-Id: I66cf1acba10a7b7b82f5a2a55453c3d5a29a086e
Story: #2006506
Task: #38789
This commit is contained in:
Tzu-Mainn Chen 2020-02-18 19:21:12 +00:00
parent b148cabdb2
commit d15d2f09fb
10 changed files with 318 additions and 127 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
ironic/common/neutron.py
View File

@ -12,6 +12,7 @@
import copy
from keystoneauth1 import loading as ks_loading
import netaddr
from neutronclient.common import exceptions as neutron_exceptions
from neutronclient.v2_0 import client as clientv20
@ -79,6 +80,49 @@ def get_client(token=None, context=None):
timeout=CONF.neutron.request_timeout)
def _get_conf_client(context):
"""Retrieve a neutron client connection using conf parameters.
:param context: request context,
instance of ironic.common.context.RequestContext
:returns: A neutron client.
"""
auth = ks_loading.load_auth_from_conf_options(CONF, 'neutron')
session = ks_loading.load_session_from_conf_options(
CONF,
'neutron',
auth=auth)
endpoint = keystone.get_endpoint('neutron', session=session,
auth=auth)
return clientv20.Client(session=session,
auth=auth,
endpoint_override=endpoint,
retries=CONF.neutron.retries,
global_request_id=context.global_id,
timeout=CONF.neutron.request_timeout)
def update_neutron_port(context, port_id, update_body, client=None):
"""Undate a neutron port
Uses neutron client from conf client to update a neutron client
an unbound state.
:param context: request context,
instance of ironic.common.context.RequestContext
:param port_id: Neutron port ID.
:param update_body: Body of update
:param client: Optional Neutron client
"""
if not client:
# verify that user can see the port before updating it
get_client(context=context).show_port(port_id)
client = _get_conf_client(context)
return client.update_port(port_id, update_body)
def unbind_neutron_port(port_id, client=None, context=None):
"""Unbind a neutron port
@ -92,20 +136,17 @@ def unbind_neutron_port(port_id, client=None, context=None):
:raises: NetworkError
"""
if not client:
client = get_client(context=context)
body_unbind = {'port': {'binding:host_id': '',
'binding:profile': {}}}
body_reset_mac = {'port': {'mac_address': None}}
try:
client.update_port(port_id, body_unbind)
update_neutron_port(context, port_id, body_unbind, client)
# NOTE(hjensas): We need to reset the mac address in a separate step.
# Exception PortBound will be raised by neutron as it refuses to
# update the mac address of a bound port if we attempt to unbind and
# reset the mac in the same call.
client.update_port(port_id, body_reset_mac)
update_neutron_port(context, port_id, body_reset_mac, client)
# NOTE(vsaienko): Ignore if port was deleted before calling vif detach.
except neutron_exceptions.PortNotFoundClient:
LOG.info('Port %s was not found while unbinding.', port_id)
@ -142,10 +183,10 @@ def update_port_address(port_id, address, context=None):
msg = (_("Failed to remove the current binding from "
"Neutron port %s, while updating its MAC "
"address.") % port_id)
unbind_neutron_port(port_id, client=client, context=context)
unbind_neutron_port(port_id, context=context)
msg = (_("Failed to update MAC address on Neutron port %s.") % port_id)
client.update_port(port_id, port_req_body)
update_neutron_port(context, port_id, port_req_body)
# Restore original binding:profile and host_id
if binding_host_id:
@ -154,7 +195,7 @@ def update_port_address(port_id, address, context=None):
port_req_body = {'port': {'binding:host_id': binding_host_id,
'binding:profile': binding_profile}}
client.update_port(port_id, port_req_body)
update_neutron_port(context, port_id, port_req_body)
except (neutron_exceptions.NeutronClientException, exception.NetworkError):
LOG.exception(msg)
raise exception.FailedToUpdateMacOnPort(port_id=port_id)
@ -193,7 +234,7 @@ def _verify_security_groups(security_groups, client):
raise exception.NetworkError(msg)
def _add_ip_addresses_for_ipv6_stateful(port, client):
def _add_ip_addresses_for_ipv6_stateful(context, port, client):
"""Add additional IP addresses to the ipv6 stateful neutron port
When network booting with DHCPv6-stateful we cannot control the CLID/IAID
@ -216,7 +257,7 @@ def _add_ip_addresses_for_ipv6_stateful(port, client):
fixed_ips.append({'subnet_id': subnet['id']})
body = {'port': {'fixed_ips': fixed_ips}}
client.update_port(port['port']['id'], body)
update_neutron_port(context, port['port']['id'], body)
def add_ports_to_network(task, network_uuid, security_groups=None):
@ -254,8 +295,13 @@ def add_ports_to_network(task, network_uuid, security_groups=None):
'network_id': network_uuid,
'admin_state_up': True,
'binding:vnic_type': VNIC_BAREMETAL,
'device_owner': 'baremetal:none',
}
}
# separate out fields that can only be updated by admins
update_body = {
'port': {
'binding:host_id': node.uuid,
'device_owner': 'baremetal:none',
}
}
if security_groups:
@ -283,14 +329,15 @@ def add_ports_to_network(task, network_uuid, security_groups=None):
for ironic_port in ports_to_create:
# Start with a clean state for each port
port_body = copy.deepcopy(body)
update_port_body = copy.deepcopy(update_body)
# Skip ports that are missing required information for deploy.
if not validate_port_info(node, ironic_port):
failures.append(ironic_port.uuid)
continue
port_body['port']['mac_address'] = ironic_port.address
update_port_body['port']['mac_address'] = ironic_port.address
binding_profile = {'local_link_information':
[portmap[ironic_port.uuid]]}
port_body['port']['binding:profile'] = binding_profile
update_port_body['port']['binding:profile'] = binding_profile
if not ironic_port.pxe_enabled:
LOG.debug("Adding port %(port)s to network %(net)s for "
@ -306,7 +353,7 @@ def add_ports_to_network(task, network_uuid, security_groups=None):
'port %(port_id)s, hostname %(hostname)s',
{'port_id': ironic_port.uuid,
'hostname': link_info['hostname']})
port_body['port']['binding:host_id'] = link_info['hostname']
update_port_body['port']['binding:host_id'] = link_info['hostname']
# TODO(hamdyk): use portbindings.VNIC_SMARTNIC from neutron-lib
port_body['port']['binding:vnic_type'] = VNIC_SMARTNIC
@ -319,11 +366,13 @@ def add_ports_to_network(task, network_uuid, security_groups=None):
port_body['port']['extra_dhcp_opts'] = extra_dhcp_opts
try:
if is_smart_nic:
wait_for_host_agent(client,
port_body['port']['binding:host_id'])
wait_for_host_agent(
client, update_port_body['port']['binding:host_id'])
port = client.create_port(port_body)
update_neutron_port(task.context, port['port']['id'],
update_port_body)
if CONF.neutron.dhcpv6_stateful_address_count > 1:
_add_ip_addresses_for_ipv6_stateful(port, client)
_add_ip_addresses_for_ipv6_stateful(task.context, port, client)
if is_smart_nic:
wait_for_port_status(client, port['port']['id'], 'ACTIVE')
except neutron_exceptions.NeutronClientException as e:

3
ironic/dhcp/neutron.py
View File

@ -61,8 +61,7 @@ class NeutronDHCPApi(base.BaseDHCP):
port_id, dhcp_options, token=token, context=context)
port_req_body = {'port': {'extra_dhcp_opts': dhcp_options}}
try:
neutron.get_client(token=token, context=context).update_port(
port_id, port_req_body)
neutron.update_neutron_port(context, port_id, port_req_body)
except neutron_client_exc.NeutronClientException:
LOG.exception("Failed to update Neutron port %s.", port_id)
raise exception.FailedToUpdateDHCPOptOnPort(port_id=port_id)

2
ironic/drivers/modules/network/common.py
View File

@ -283,7 +283,7 @@ def plug_port_to_tenant_network(task, port_like_obj, client=None):
neutron.wait_for_host_agent(client, body['port']['binding:host_id'])
try:
client.update_port(vif_id, body)
neutron.update_neutron_port(task.context, vif_id, body)
if is_smart_nic:
neutron.wait_for_port_status(client, vif_id, 'ACTIVE')
except neutron_exceptions.ConnectionFailed as e:

4
ironic/drivers/modules/network/flat.py
View File

@ -55,7 +55,6 @@ class FlatNetwork(common.NeutronVIFPortIDMixin,
def _bind_flat_ports(self, task):
LOG.debug("Binding flat network ports")
client = neutron.get_client(context=task.context)
for port_like_obj in task.ports + task.portgroups:
vif_port_id = (
port_like_obj.internal_info.get(common.TENANT_VIF_KEY)
@ -71,7 +70,8 @@ class FlatNetwork(common.NeutronVIFPortIDMixin,
}
}
try:
client.update_port(vif_port_id, body)
neutron.update_neutron_port(task.context,
vif_port_id, body)
except neutron_exceptions.NeutronClientException as e:
msg = (_('Unable to set binding:host_id for '
'neutron port %(port_id)s. Error: '

253
ironic/tests/unit/common/test_neutron.py
View File

@ -145,6 +145,104 @@ class TestNeutronClient(base.TestCase):
self.assertEqual(0, mock_sauth.call_count)
class TestNeutronConfClient(base.TestCase):
def setUp(self):
super(TestNeutronConfClient, self).setUp()
# NOTE(pas-ha) register keystoneauth dynamic options manually
plugin = kaloading.get_plugin_loader('password')
opts = kaloading.get_auth_plugin_conf_options(plugin)
self.cfg_fixture.register_opts(opts, group='neutron')
self.config(retries=2,
group='neutron')
self.config(username='test-admin-user',
project_name='test-admin-tenant',
password='test-admin-password',
auth_url='test-auth-uri',
auth_type='password',
interface='internal',
service_type='network',
timeout=10,
group='neutron')
# force-reset the global session object
neutron._NEUTRON_SESSION = None
self.context = context.RequestContext(global_request_id='global')
@mock.patch('keystoneauth1.loading.load_auth_from_conf_options',
autospec=True, return_value=mock.sentinel.auth)
@mock.patch('keystoneauth1.loading.load_session_from_conf_options',
autospec=True, return_value=mock.sentinel.session)
@mock.patch('ironic.common.keystone.get_endpoint', autospec=True,
return_value='neutron_url')
@mock.patch.object(client.Client, "__init__", return_value=None,
autospec=True)
def test_get_neutron_conf_client(self, mock_client, mock_get_endpoint,
mock_session, mock_auth):
neutron._get_conf_client(self.context)
mock_client.assert_called_once_with(mock.ANY, # this is 'self'
session=mock.sentinel.session,
auth=mock.sentinel.auth, retries=2,
endpoint_override='neutron_url',
global_request_id='global',
timeout=45)
class TestUpdateNeutronPort(base.TestCase):
def setUp(self):
super(TestUpdateNeutronPort, self).setUp()
self.uuid = uuidutils.generate_uuid()
self.context = context.RequestContext()
self.update_body = {'port': {}}
@mock.patch.object(neutron, 'get_client', autospec=True)
@mock.patch.object(neutron, '_get_conf_client', autospec=True)
def test_update_neutron_port(self, conf_client_mock, client_mock):
client_mock.return_value.show_port.return_value = {'port': {}}
conf_client_mock.return_value.update_port.return_value = {'port': {}}
neutron.update_neutron_port(self.context, self.uuid, self.update_body)
client_mock.assert_called_once_with(context=self.context)
client_mock.return_value.show_port.assert_called_once_with(self.uuid)
conf_client_mock.assert_called_once_with(self.context)
conf_client_mock.return_value.update_port.assert_called_once_with(
self.uuid, self.update_body)
@mock.patch.object(neutron, 'get_client', autospec=True)
@mock.patch.object(neutron, '_get_conf_client', autospec=True)
def test_update_neutron_port_with_client(self, conf_client_mock,
client_mock):
client_mock.return_value.show_port.return_value = {'port': {}}
conf_client_mock.return_value.update_port.return_value = {'port': {}}
client = mock.Mock()
client.update_port.return_value = {'port': {}}
neutron.update_neutron_port(self.context, self.uuid, self.update_body,
client)
self.assertFalse(client_mock.called)
self.assertFalse(conf_client_mock.called)
client.update_port.assert_called_once_with(self.uuid, self.update_body)
@mock.patch.object(neutron, 'get_client', autospec=True)
@mock.patch.object(neutron, '_get_conf_client', autospec=True)
def test_update_neutron_port_with_exception(self, conf_client_mock,
client_mock):
client_mock.return_value.show_port.side_effect = \
neutron_client_exc.NeutronClientException
conf_client_mock.return_value.update_port.return_value = {'port': {}}
self.assertRaises(
neutron_client_exc.NeutronClientException,
neutron.update_neutron_port,
self.context, self.uuid, self.update_body)
client_mock.assert_called_once_with(context=self.context)
client_mock.return_value.show_port.assert_called_once_with(self.uuid)
self.assertFalse(conf_client_mock.called)
class TestNeutronNetworkActions(db_base.DbTestCase):
_CLIENT_ID = (
@ -172,7 +270,8 @@ class TestNeutronNetworkActions(db_base.DbTestCase):
patcher.start()
self.addCleanup(patcher.stop)
def _test_add_ports_to_network(self, is_client_id,
@mock.patch.object(neutron, 'update_neutron_port', autospec=True)
def _test_add_ports_to_network(self, update_mock, is_client_id,
security_groups=None,
add_all_ports=False):
# Ports will be created only if pxe_enabled is True
@ -192,14 +291,18 @@ class TestNeutronNetworkActions(db_base.DbTestCase):
extra['client-id'] = self._CLIENT_ID
port.extra = extra
port.save()
expected_body = {
expected_create_body = {
'port': {
'network_id': self.network_uuid,
'admin_state_up': True,
'binding:vnic_type': 'baremetal',
'device_id': self.node.uuid,
}
}
expected_update_body = {
'port': {
'device_owner': 'baremetal:none',
'binding:host_id': self.node.uuid,
'device_id': self.node.uuid,
'mac_address': port.address,
'binding:profile': {
'local_link_information': [port.local_link_connection]
@ -207,16 +310,17 @@ class TestNeutronNetworkActions(db_base.DbTestCase):
}
}
if security_groups:
expected_body['port']['security_groups'] = security_groups
expected_create_body['port']['security_groups'] = security_groups
if is_client_id:
expected_body['port']['extra_dhcp_opts'] = (
expected_create_body['port']['extra_dhcp_opts'] = (
[{'opt_name': '61', 'opt_value': self._CLIENT_ID}])
if add_all_ports:
expected_body2 = copy.deepcopy(expected_body)
expected_body2['port']['mac_address'] = port2.address
expected_body2['fixed_ips'] = []
expected_create_body2 = copy.deepcopy(expected_create_body)
expected_update_body2 = copy.deepcopy(expected_update_body)
expected_update_body2['port']['mac_address'] = port2.address
expected_create_body2['fixed_ips'] = []
neutron_port2 = {'id': '132f871f-eaec-4fed-9475-0d54465e0f01',
'mac_address': port2.address,
'fixed_ips': []}
@ -237,12 +341,21 @@ class TestNeutronNetworkActions(db_base.DbTestCase):
task, self.network_uuid, security_groups=security_groups)
self.assertEqual(expected, ports)
if add_all_ports:
calls = [mock.call(expected_body),
mock.call(expected_body2)]
self.client_mock.create_port.assert_has_calls(calls)
create_calls = [mock.call(expected_create_body),
mock.call(expected_create_body2)]
update_calls = [
mock.call(self.context, self.neutron_port['id'],
expected_update_body),
mock.call(self.context, neutron_port2['id'],
expected_update_body2)]
self.client_mock.create_port.assert_has_calls(create_calls)
update_mock.assert_has_calls(update_calls)
else:
self.client_mock.create_port.assert_called_once_with(
expected_body)
expected_create_body)
update_mock.assert_called_once_with(
self.context, self.neutron_port['id'],
expected_update_body)
def test_add_ports_to_network(self):
self._test_add_ports_to_network(is_client_id=False,
@ -261,7 +374,8 @@ class TestNeutronNetworkActions(db_base.DbTestCase):
self._test_add_ports_to_network(is_client_id=False,
security_groups=sg_ids)
def test__add_ip_addresses_for_ipv6_stateful(self):
@mock.patch.object(neutron, 'update_neutron_port', autospec=True)
def test__add_ip_addresses_for_ipv6_stateful(self, mock_update):
subnet_id = uuidutils.generate_uuid()
self.client_mock.show_subnet.return_value = {
'subnet': {
@ -285,11 +399,12 @@ class TestNeutronNetworkActions(db_base.DbTestCase):
}
neutron._add_ip_addresses_for_ipv6_stateful(
self.context,
{'port': self.neutron_port},
self.client_mock
)
self.client_mock.update_port.assert_called_once_with(
self.neutron_port['id'], expected_body)
mock_update.assert_called_once_with(
self.context, self.neutron_port['id'], expected_body)
def test_verify_sec_groups(self):
sg_ids = []
@ -371,20 +486,25 @@ class TestNeutronNetworkActions(db_base.DbTestCase):
def test_add_ports_with_client_id_to_network(self):
self._test_add_ports_to_network(is_client_id=True)
@mock.patch.object(neutron, 'update_neutron_port', autospec=True)
@mock.patch.object(neutron, 'validate_port_info', autospec=True)
def test_add_ports_to_network_instance_uuid(self, vpi_mock):
def test_add_ports_to_network_instance_uuid(self, vpi_mock, update_mock):
self.node.instance_uuid = uuidutils.generate_uuid()
self.node.network_interface = 'neutron'
self.node.save()
port = self.ports[0]
expected_body = {
expected_create_body = {
'port': {
'network_id': self.network_uuid,
'admin_state_up': True,
'binding:vnic_type': 'baremetal',
'device_id': self.node.instance_uuid,
}
}
expected_update_body = {
'port': {
'device_owner': 'baremetal:none',
'binding:host_id': self.node.uuid,
'device_id': self.node.instance_uuid,
'mac_address': port.address,
'binding:profile': {
'local_link_information': [port.local_link_connection]
@ -398,7 +518,11 @@ class TestNeutronNetworkActions(db_base.DbTestCase):
with task_manager.acquire(self.context, self.node.uuid) as task:
ports = neutron.add_ports_to_network(task, self.network_uuid)
self.assertEqual(expected, ports)
self.client_mock.create_port.assert_called_once_with(expected_body)
self.client_mock.create_port.assert_called_once_with(
expected_create_body)
update_mock.assert_called_once_with(self.context,
self.neutron_port['id'],
expected_update_body)
self.assertTrue(vpi_mock.called)
@mock.patch.object(neutron, 'rollback_ports', autospec=True)
@ -413,8 +537,9 @@ class TestNeutronNetworkActions(db_base.DbTestCase):
self.network_uuid)
rollback_mock.assert_called_once_with(task, self.network_uuid)
@mock.patch.object(neutron, 'update_neutron_port', autospec=True)
@mock.patch.object(neutron, 'LOG', autospec=True)
def test_add_network_create_some_ports_fail(self, log_mock):
def test_add_network_create_some_ports_fail(self, log_mock, update_mock):
object_utils.create_test_port(
self.context, node_id=self.node.id,
uuid=uuidutils.generate_uuid(),
@ -788,10 +913,11 @@ class TestNeutronNetworkActions(db_base.DbTestCase):
neutron.wait_for_port_status,
self.client_mock, 'port_id', 'DOWN')
@mock.patch.object(neutron, 'update_neutron_port', autospec=True)
@mock.patch.object(neutron, 'wait_for_host_agent', autospec=True)
@mock.patch.object(neutron, 'wait_for_port_status', autospec=True)
def test_add_smartnic_port_to_network(
self, wait_port_mock, wait_agent_mock):
self, wait_port_mock, wait_agent_mock, update_mock):
# Ports will be created only if pxe_enabled is True
self.node.network_interface = 'neutron'
self.node.save()
@ -809,14 +935,18 @@ class TestNeutronNetworkActions(db_base.DbTestCase):
port.is_smartnic = True
port.save()
expected_body = {
expected_create_body = {
'port': {
'network_id': self.network_uuid,
'admin_state_up': True,
'binding:vnic_type': 'smart-nic',
'device_id': self.node.uuid,
}
}
expected_update_body = {
'port': {
'device_owner': 'baremetal:none',
'binding:host_id': port.local_link_connection['hostname'],
'device_id': self.node.uuid,
'mac_address': port.address,
'binding:profile': {
'local_link_information': [port.local_link_connection]
@ -832,7 +962,9 @@ class TestNeutronNetworkActions(db_base.DbTestCase):
ports = neutron.add_ports_to_network(task, self.network_uuid)
self.assertEqual(expected, ports)
self.client_mock.create_port.assert_called_once_with(
expected_body)
expected_create_body)
update_mock.assert_called_once_with(
self.context, self.neutron_port['id'], expected_update_body)
wait_agent_mock.assert_called_once_with(
self.client_mock, 'hostname')
wait_port_mock.assert_called_once_with(
@ -935,18 +1067,20 @@ class TestUpdatePortAddress(base.TestCase):
super(TestUpdatePortAddress, self).setUp()
self.context = context.RequestContext()
def test_update_port_address(self, mock_client):
@mock.patch.object(neutron, 'update_neutron_port', autospec=True)
def test_update_port_address(self, mock_unp, mock_client):
address = 'fe:54:00:77:07:d9'
port_id = 'fake-port-id'
expected = {'port': {'mac_address': address}}
mock_client.return_value.show_port.return_value = {}
neutron.update_port_address(port_id, address, context=self.context)
mock_client.return_value.update_port.assert_called_once_with(port_id,
expected)
mock_unp.assert_called_once_with(self.context, port_id, expected)
@mock.patch.object(neutron, 'update_neutron_port', autospec=True)
@mock.patch.object(neutron, 'unbind_neutron_port', autospec=True)
def test_update_port_address_with_binding(self, mock_unp, mock_client):
def test_update_port_address_with_binding(self, mock_unp, mock_update,
mock_client):
address = 'fe:54:00:77:07:d9'
port_id = 'fake-port-id'
@ -954,19 +1088,22 @@ class TestUpdatePortAddress(base.TestCase):
'port': {'binding:host_id': 'host',
'binding:profile': 'foo'}}
calls = [mock.call(port_id, {'port': {'mac_address': address}}),
mock.call(port_id, {'port': {'binding:host_id': 'host',
calls = [mock.call(self.context, port_id,
{'port': {'mac_address': address}}),
mock.call(self.context, port_id,
{'port': {'binding:host_id': 'host',
'binding:profile': 'foo'}})]
neutron.update_port_address(port_id, address, context=self.context)
mock_unp.assert_called_once_with(
port_id,
client=mock_client(context=self.context),
context=self.context)
mock_client.return_value.update_port.assert_has_calls(calls)
mock_update.assert_has_calls(calls)
@mock.patch.object(neutron, 'update_neutron_port', autospec=True)
@mock.patch.object(neutron, 'unbind_neutron_port', autospec=True)
def test_update_port_address_without_binding(self, mock_unp, mock_client):
def test_update_port_address_without_binding(self, mock_unp, mock_update,
mock_client):
address = 'fe:54:00:77:07:d9'
port_id = 'fake-port-id'
expected = {'port': {'mac_address': address}}
@ -975,7 +1112,7 @@ class TestUpdatePortAddress(base.TestCase):
neutron.update_port_address(port_id, address, context=self.context)
self.assertFalse(mock_unp.called)
mock_client.return_value.update_port.assert_any_call(port_id, expected)
mock_update.assert_any_call(self.context, port_id, expected)
def test_update_port_address_show_failed(self, mock_client):
address = 'fe:54:00:77:07:d9'
@ -1002,17 +1139,18 @@ class TestUpdatePortAddress(base.TestCase):
port_id, address, context=self.context)
mock_unp.assert_called_once_with(
port_id,
client=mock_client(context=self.context),
context=self.context)
self.assertFalse(mock_client.return_value.update_port.called)
@mock.patch.object(neutron, 'update_neutron_port', autospec=True)
@mock.patch.object(neutron, 'unbind_neutron_port', autospec=True)
def test_update_port_address_with_exception(self, mock_unp,
mock_update,
mock_client):
address = 'fe:54:00:77:07:d9'
port_id = 'fake-port-id'
mock_client.return_value.show_port.return_value = {}
mock_client.return_value.update_port.side_effect = (
mock_update.side_effect = (
neutron_client_exc.NeutronClientException())
self.assertRaises(exception.FailedToUpdateMacOnPort,
@ -1020,14 +1158,14 @@ class TestUpdatePortAddress(base.TestCase):
port_id, address, context=self.context)
@mock.patch.object(neutron, 'get_client', autospec=True)
@mock.patch.object(neutron, 'update_neutron_port', autospec=True)
class TestUnbindPort(base.TestCase):
def setUp(self):
super(TestUnbindPort, self).setUp()
self.context = context.RequestContext()
def test_unbind_neutron_port_client_passed(self, mock_client):
def test_unbind_neutron_port_client_passed(self, mock_unp):
port_id = 'fake-port-id'
body_unbind = {
'port': {
@ -1040,20 +1178,18 @@ class TestUnbindPort(base.TestCase):
'mac_address': None
}
}
client = mock.MagicMock()
update_calls = [
mock.call(port_id, body_unbind),
mock.call(port_id, body_reset_mac)
mock.call(self.context, port_id, body_unbind, client),
mock.call(self.context, port_id, body_reset_mac, client)
]
neutron.unbind_neutron_port(port_id,
mock_client(context=self.context),
context=self.context)
self.assertEqual(1, mock_client.call_count)
mock_client.return_value.update_port.assert_has_calls(update_calls)
neutron.unbind_neutron_port(port_id, client, context=self.context)
self.assertEqual(2, mock_unp.call_count)
mock_unp.assert_has_calls(update_calls)
@mock.patch.object(neutron, 'LOG', autospec=True)
def test_unbind_neutron_port_failure(self, mock_log, mock_client):
mock_client.return_value.update_port.side_effect = (
neutron_client_exc.NeutronClientException())
def test_unbind_neutron_port_failure(self, mock_log, mock_unp):
mock_unp.side_effect = (neutron_client_exc.NeutronClientException())
body = {
'port': {
'binding:host_id': '',
@ -1063,12 +1199,10 @@ class TestUnbindPort(base.TestCase):
port_id = 'fake-port-id'
self.assertRaises(exception.NetworkError, neutron.unbind_neutron_port,
port_id, context=self.context)
mock_client.assert_called_once_with(context=self.context)
mock_client.return_value.update_port.assert_called_once_with(port_id,
body)
mock_unp.assert_called_once_with(self.context, port_id, body, None)
mock_log.exception.assert_called_once()
def test_unbind_neutron_port(self, mock_client):
def test_unbind_neutron_port(self, mock_unp):
port_id = 'fake-port-id'
body_unbind = {
'port': {
@ -1082,17 +1216,16 @@ class TestUnbindPort(base.TestCase):
}
}
update_calls = [
mock.call(port_id, body_unbind),
mock.call(port_id, body_reset_mac)
mock.call(self.context, port_id, body_unbind, None),
mock.call(self.context, port_id, body_reset_mac, None)
]
neutron.unbind_neutron_port(port_id, context=self.context)
mock_client.assert_called_once_with(context=self.context)
mock_client.return_value.update_port.assert_has_calls(update_calls)
mock_unp.assert_has_calls(update_calls)
@mock.patch.object(neutron, 'LOG', autospec=True)
def test_unbind_neutron_port_not_found(self, mock_log, mock_client):
def test_unbind_neutron_port_not_found(self, mock_log, mock_unp):
port_id = 'fake-port-id'
mock_client.return_value.update_port.side_effect = (
mock_unp.side_effect = (
neutron_client_exc.PortNotFoundClient())
body = {
'port': {
@ -1101,9 +1234,7 @@ class TestUnbindPort(base.TestCase):
}
}
neutron.unbind_neutron_port(port_id, context=self.context)
mock_client.assert_called_once_with(context=self.context)
mock_client.return_value.update_port.assert_called_once_with(port_id,
body)
mock_unp.assert_called_once_with(self.context, port_id, body, None)
mock_log.info.assert_called_once_with('Port %s was not found while '
'unbinding.', port_id)

14
ironic/tests/unit/dhcp/test_neutron.py
View File

@ -48,8 +48,8 @@ class TestNeutron(db_base.DbTestCase):
dhcp_factory.DHCPFactory._dhcp_provider = None
@mock.patch('ironic.common.neutron.get_client', autospec=True)
def test_update_port_dhcp_opts(self, client_mock):
@mock.patch('ironic.common.neutron.update_neutron_port', autospec=True)
def test_update_port_dhcp_opts(self, update_mock):
opts = [{'opt_name': 'bootfile-name',
'opt_value': 'pxelinux.0'},
{'opt_name': 'tftp-server',
@ -63,14 +63,14 @@ class TestNeutron(db_base.DbTestCase):
with task_manager.acquire(self.context, self.node.uuid) as task:
api.provider.update_port_dhcp_opts(port_id, opts,
context=task.context)
client_mock.return_value.update_port.assert_called_once_with(
port_id, expected)
update_mock.assert_called_once_with(
task.context, port_id, expected)
@mock.patch('ironic.common.neutron.get_client', autospec=True)
def test_update_port_dhcp_opts_with_exception(self, client_mock):
@mock.patch('ironic.common.neutron.update_neutron_port', autospec=True)
def test_update_port_dhcp_opts_with_exception(self, update_mock):
opts = [{}]
port_id = 'fake-port-id'
client_mock.return_value.update_port.side_effect = (
update_mock.side_effect = (
neutron_client_exc.NeutronClientException())
api = dhcp_factory.DHCPFactory()

12
ironic/tests/unit/drivers/modules/network/test_common.py
View File

@ -400,22 +400,26 @@ class TestCommonFunctions(db_base.DbTestCase):
common.get_free_port_like_object,
task, self.vif_id, {'physnet2'})
@mock.patch.object(neutron_common, 'update_neutron_port', autospec=True)
@mock.patch.object(neutron_common, 'get_client', autospec=True)
def test_plug_port_to_tenant_network_client(self, mock_gc):
def test_plug_port_to_tenant_network_client(self, mock_gc, mock_update):
self.port.internal_info = {common.TENANT_VIF_KEY: self.vif_id}
self.port.save()
with task_manager.acquire(self.context, self.node.id) as task:
common.plug_port_to_tenant_network(task, self.port,
client=mock.MagicMock())
self.assertFalse(mock_gc.called)
self.assertTrue(mock_update.called)
@mock.patch.object(neutron_common, 'update_neutron_port', autospec=True)
@mock.patch.object(neutron_common, 'get_client', autospec=True)
def test_plug_port_to_tenant_network_no_client(self, mock_gc):
def test_plug_port_to_tenant_network_no_client(self, mock_gc, mock_update):
self.port.internal_info = {common.TENANT_VIF_KEY: self.vif_id}
self.port.save()
with task_manager.acquire(self.context, self.node.id) as task:
common.plug_port_to_tenant_network(task, self.port)
self.assertTrue(mock_gc.called)
self.assertTrue(mock_update.called)
@mock.patch.object(neutron_common, 'get_client', autospec=True)
def test_plug_port_to_tenant_network_no_tenant_vif(self, mock_gc):
@ -432,9 +436,10 @@ class TestCommonFunctions(db_base.DbTestCase):
@mock.patch.object(neutron_common, 'wait_for_host_agent', autospec=True)
@mock.patch.object(neutron_common, 'wait_for_port_status', autospec=True)
@mock.patch.object(neutron_common, 'update_neutron_port', autospec=True)
@mock.patch.object(neutron_common, 'get_client', autospec=True)
def test_plug_port_to_tenant_network_smartnic_port(
self, mock_gc, wait_port_mock, wait_agent_mock):
self, mock_gc, mock_update, wait_port_mock, wait_agent_mock):
nclient = mock.MagicMock()
mock_gc.return_value = nclient
local_link_connection = self.port.local_link_connection
@ -449,6 +454,7 @@ class TestCommonFunctions(db_base.DbTestCase):
nclient, 'hostname')
wait_port_mock.assert_called_once_with(
nclient, self.vif_id, 'ACTIVE')
self.assertTrue(mock_update.called)
class TestVifPortIDMixin(db_base.DbTestCase):

26
ironic/tests/unit/drivers/modules/network/test_flat.py
View File

@ -170,10 +170,8 @@ class TestFlatInterface(db_base.DbTestCase):
self.port.refresh()
self.assertNotIn('cleaning_vif_port_id', self.port.internal_info)
@mock.patch.object(neutron, 'get_client')
def test__bind_flat_ports_set_binding_host_id(self, client_mock):
upd_mock = mock.Mock()
client_mock.return_value.update_port = upd_mock
@mock.patch.object(neutron, 'update_neutron_port')
def test__bind_flat_ports_set_binding_host_id(self, update_mock):
extra = {'vif_port_id': 'foo'}
utils.create_test_port(self.context, node_id=self.node.id,
address='52:54:00:cf:2d:33', extra=extra,
@ -183,12 +181,10 @@ class TestFlatInterface(db_base.DbTestCase):
'mac_address': '52:54:00:cf:2d:33'}}
with task_manager.acquire(self.context, self.node.id) as task:
self.interface._bind_flat_ports(task)
upd_mock.assert_called_once_with('foo', exp_body)
update_mock.assert_called_once_with(self.context, 'foo', exp_body)
@mock.patch.object(neutron, 'get_client')
def test__bind_flat_ports_set_binding_host_id_portgroup(self, client_mock):
upd_mock = mock.Mock()
client_mock.return_value.update_port = upd_mock
@mock.patch.object(neutron, 'update_neutron_port')
def test__bind_flat_ports_set_binding_host_id_portgroup(self, update_mock):
internal_info = {'tenant_vif_port_id': 'foo'}
utils.create_test_portgroup(
self.context, node_id=self.node.id, internal_info=internal_info,
@ -204,8 +200,9 @@ class TestFlatInterface(db_base.DbTestCase):
'mac_address': '52:54:00:cf:2d:31'}}
with task_manager.acquire(self.context, self.node.id) as task:
self.interface._bind_flat_ports(task)
upd_mock.assert_has_calls([
mock.call('bar', exp_body1), mock.call('foo', exp_body2)])
update_mock.assert_has_calls([
mock.call(self.context, 'bar', exp_body1),
mock.call(self.context, 'foo', exp_body2)])
@mock.patch.object(neutron, 'unbind_neutron_port')
def test__unbind_flat_ports(self, unbind_neutron_port_mock):
@ -234,10 +231,9 @@ class TestFlatInterface(db_base.DbTestCase):
[mock.call('foo', context=self.context),
mock.call('bar', context=self.context)])
@mock.patch.object(neutron, 'get_client')
def test__bind_flat_ports_set_binding_host_id_raise(self, client_mock):
client_mock.return_value.update_port.side_effect = \
(neutron_exceptions.ConnectionFailed())
@mock.patch.object(neutron, 'update_neutron_port')
def test__bind_flat_ports_set_binding_host_id_raise(self, update_mock):
update_mock.side_effect = (neutron_exceptions.ConnectionFailed())
extra = {'vif_port_id': 'foo'}
utils.create_test_port(self.context, node_id=self.node.id,
address='52:54:00:cf:2d:33', extra=extra,

40
ironic/tests/unit/drivers/modules/network/test_neutron.py
View File

@ -572,10 +572,11 @@ class NeutronInterfaceTestCase(db_base.DbTestCase):
log_mock.error.call_args[0][0])
@mock.patch.object(neutron_common, 'wait_for_host_agent', autospec=True)
@mock.patch.object(neutron_common, 'update_neutron_port')
@mock.patch.object(neutron_common, 'get_client')
@mock.patch.object(neutron, 'LOG')
def test_configure_tenant_networks_multiple_ports_one_vif_id(
self, log_mock, client_mock, wait_agent_mock):
self, log_mock, client_mock, update_mock, wait_agent_mock):
expected_body = {
'port': {
'binding:vnic_type': 'baremetal',
@ -585,20 +586,20 @@ class NeutronInterfaceTestCase(db_base.DbTestCase):
'mac_address': '52:54:00:cf:2d:32'
}
}
upd_mock = mock.Mock()
client_mock.return_value.update_port = upd_mock
with task_manager.acquire(self.context, self.node.id) as task:
self.interface.configure_tenant_networks(task)
client_mock.assert_called_once_with(context=task.context)
upd_mock.assert_called_once_with(self.port.extra['vif_port_id'],
expected_body)
update_mock.assert_called_once_with(self.context,
self.port.extra['vif_port_id'],
expected_body)
@mock.patch.object(neutron_common, 'wait_for_host_agent', autospec=True)
@mock.patch.object(neutron_common, 'update_neutron_port')
@mock.patch.object(neutron_common, 'get_client')
def test_configure_tenant_networks_update_fail(self, client_mock,
update_mock,
wait_agent_mock):
client = client_mock.return_value
client.update_port.side_effect = neutron_exceptions.ConnectionFailed(
update_mock.side_effect = neutron_exceptions.ConnectionFailed(
reason='meow')
with task_manager.acquire(self.context, self.node.id) as task:
self.assertRaisesRegex(
@ -607,12 +608,12 @@ class NeutronInterfaceTestCase(db_base.DbTestCase):
client_mock.assert_called_once_with(context=task.context)
@mock.patch.object(neutron_common, 'wait_for_host_agent', autospec=True)
@mock.patch.object(neutron_common, 'update_neutron_port')
@mock.patch.object(neutron_common, 'get_client')
def _test_configure_tenant_networks(self, client_mock, wait_agent_mock,
def _test_configure_tenant_networks(self, client_mock, update_mock,
wait_agent_mock,
is_client_id=False,
vif_int_info=False):
upd_mock = mock.Mock()
client_mock.return_value.update_port = upd_mock
if vif_int_info:
kwargs = {'internal_info': {
'tenant_vif_port_id': uuidutils.generate_uuid()}}
@ -668,9 +669,9 @@ class NeutronInterfaceTestCase(db_base.DbTestCase):
else:
portid1 = self.port.extra['vif_port_id']
portid2 = second_port.extra['vif_port_id']
upd_mock.assert_has_calls(
[mock.call(portid1, port1_body),
mock.call(portid2, port2_body)],
update_mock.assert_has_calls(
[mock.call(self.context, portid1, port1_body),
mock.call(self.context, portid2, port2_body)],
any_order=True
)
@ -693,11 +694,12 @@ class NeutronInterfaceTestCase(db_base.DbTestCase):
self._test_configure_tenant_networks(is_client_id=True)
@mock.patch.object(neutron_common, 'wait_for_host_agent', autospec=True)
@mock.patch.object(neutron_common, 'update_neutron_port', autospec=True)
@mock.patch.object(neutron_common, 'get_client', autospec=True)
@mock.patch.object(neutron_common, 'get_local_group_information',
autospec=True)
def test_configure_tenant_networks_with_portgroups(
self, glgi_mock, client_mock, wait_agent_mock):
self, glgi_mock, client_mock, update_mock, wait_agent_mock):
pg = utils.create_test_portgroup(
self.context, node_id=self.node.id, address='ff:54:00:cf:2d:32',
extra={'vif_port_id': uuidutils.generate_uuid()})
@ -717,8 +719,6 @@ class NeutronInterfaceTestCase(db_base.DbTestCase):
'port_id': 'Ethernet1/2',
'switch_info': 'switch2'}
)
upd_mock = mock.Mock()
client_mock.return_value.update_port = upd_mock
local_group_info = {'a': 'b'}
glgi_mock.return_value = local_group_info
expected_body = {
@ -747,9 +747,11 @@ class NeutronInterfaceTestCase(db_base.DbTestCase):
self.interface.configure_tenant_networks(task)
client_mock.assert_called_once_with(context=task.context)
glgi_mock.assert_called_once_with(task, pg)
upd_mock.assert_has_calls(
[mock.call(self.port.extra['vif_port_id'], call1_body),
mock.call(pg.extra['vif_port_id'], call2_body)]
update_mock.assert_has_calls(
[mock.call(self.context, self.port.extra['vif_port_id'],
call1_body),
mock.call(self.context, pg.extra['vif_port_id'],
call2_body)]
)
def test_need_power_on_true(self):

8
releasenotes/notes/neutron-port-update-598183909d44396c.yaml Normal file
View File

@ -0,0 +1,8 @@
---
features:
- |
Changes neutron port updates to use auth values from Ironic's neutron
conf, preventing issues that can arise when a non-admin user manages
Ironic nodes. A check is added to the port update function to verify that
the user can actually see the port. This adds an additional Neutron
request call to all port updates.