Browse Source

Merge "Sets MAC spoof if neutron port security groups enabled / disabled"

Zuul 1 year ago
parent
commit
272a18ecae

+ 5
- 3
networking_hyperv/neutron/agent/hnv_neutron_agent.py View File

@@ -71,7 +71,7 @@ class HNVAgent(hyperv_base.Layer2Agent):
71 71
         self._network_vswitch_map[net_uuid] = vswitch_map
72 72
 
73 73
     def _port_bound(self, port_id, network_id, network_type, physical_network,
74
-                    segmentation_id, set_port_sriov):
74
+                    segmentation_id, port_security_enabled, set_port_sriov):
75 75
         """Bind the port to the recived network."""
76 76
         super(HNVAgent, self)._port_bound(port_id, network_id, network_type,
77 77
                                           physical_network, segmentation_id,
@@ -95,10 +95,12 @@ class HNVAgent(hyperv_base.Layer2Agent):
95 95
     @_port_synchronized
96 96
     def _treat_vif_port(self, port_id, network_id, network_type,
97 97
                         physical_network, segmentation_id,
98
-                        admin_state_up, set_port_sriov=False):
98
+                        admin_state_up, port_security_enabled,
99
+                        set_port_sriov=False):
99 100
         if admin_state_up:
100 101
             self._port_bound(port_id, network_id, network_type,
101
-                             physical_network, segmentation_id, set_port_sriov)
102
+                             physical_network, segmentation_id,
103
+                             port_security_enabled, set_port_sriov)
102 104
         else:
103 105
             self._port_unbound(port_id)
104 106
 

+ 9
- 4
networking_hyperv/neutron/agent/hyperv_neutron_agent.py View File

@@ -185,11 +185,11 @@ class HyperVNeutronAgent(hyperv_base.Layer2Agent):
185 185
         self._network_vswitch_map[net_uuid] = vswitch_map
186 186
 
187 187
     def _port_bound(self, port_id, network_id, network_type, physical_network,
188
-                    segmentation_id, set_port_sriov):
188
+                    segmentation_id, port_security_enabled, set_port_sriov):
189 189
         """Bind the port to the recived network."""
190 190
         super(HyperVNeutronAgent, self)._port_bound(
191 191
             port_id, network_id, network_type, physical_network,
192
-            segmentation_id, set_port_sriov
192
+            segmentation_id, port_security_enabled, set_port_sriov
193 193
         )
194 194
         vswitch_map = self._network_vswitch_map[network_id]
195 195
 
@@ -209,6 +209,9 @@ class HyperVNeutronAgent(hyperv_base.Layer2Agent):
209 209
             self._utils.add_metrics_collection_acls(port_id)
210 210
             self._port_metric_retries[port_id] = self._metrics_max_retries
211 211
 
212
+        self._utils.set_vswitch_port_mac_spoofing(port_id,
213
+                                                  port_security_enabled)
214
+
212 215
     def _port_enable_control_metrics(self):
213 216
         if not self._enable_metrics_collection:
214 217
             return
@@ -236,10 +239,12 @@ class HyperVNeutronAgent(hyperv_base.Layer2Agent):
236 239
     @_port_synchronized
237 240
     def _treat_vif_port(self, port_id, network_id, network_type,
238 241
                         physical_network, segmentation_id,
239
-                        admin_state_up, set_port_sriov=False):
242
+                        admin_state_up, port_security_enabled,
243
+                        set_port_sriov=False):
240 244
         if admin_state_up:
241 245
             self._port_bound(port_id, network_id, network_type,
242
-                             physical_network, segmentation_id, set_port_sriov)
246
+                             physical_network, segmentation_id,
247
+                             port_security_enabled, set_port_sriov)
243 248
             # check if security groups is enabled.
244 249
             # if not, teardown the security group rules
245 250
             if self._enable_security_groups:

+ 5
- 2
networking_hyperv/neutron/agent/layer2.py View File

@@ -247,7 +247,7 @@ class Layer2Agent(base_agent.BaseAgent):
247 247
         del self._network_vswitch_map[net_uuid]
248 248
 
249 249
     def _port_bound(self, port_id, network_id, network_type, physical_network,
250
-                    segmentation_id, set_port_sriov):
250
+                    segmentation_id, port_security_enabled, set_port_sriov):
251 251
         """Bind the port to the recived network."""
252 252
         LOG.debug("Binding port %s", port_id)
253 253
 
@@ -296,6 +296,7 @@ class Layer2Agent(base_agent.BaseAgent):
296 296
             physical_network=device_details['physical_network'],
297 297
             segmentation_id=device_details['segmentation_id'],
298 298
             admin_state_up=device_details['admin_state_up'],
299
+            port_security_enabled=device_details['port_security_enabled'],
299 300
             set_port_sriov=set_port_sriov)
300 301
 
301 302
     def process_added_port(self, device_details):
@@ -439,6 +440,7 @@ class Layer2Agent(base_agent.BaseAgent):
439 440
                 physical_network=physical_network,
440 441
                 segmentation_id=segmentation_id,
441 442
                 admin_state_up=port['admin_state_up'],
443
+                port_security_enabled=port['port_security_enabled'],
442 444
             )
443 445
         else:
444 446
             LOG.debug("No port %s defined on agent.", port['id'])
@@ -466,5 +468,6 @@ class Layer2Agent(base_agent.BaseAgent):
466 468
     @abc.abstractmethod
467 469
     def _treat_vif_port(self, port_id, network_id, network_type,
468 470
                         physical_network, segmentation_id,
469
-                        admin_state_up, set_port_sriov=False):
471
+                        admin_state_up, port_security_enabled,
472
+                        set_port_sriov=False):
470 473
         pass

+ 8
- 4
networking_hyperv/tests/unit/neutron/agent/test_hnv_neutron_agent.py View File

@@ -82,7 +82,8 @@ class TestHNVAgent(test_base.HyperVBaseTestCase):
82 82
         self.agent._port_bound(
83 83
             mock.sentinel.port_id, mock.sentinel.network_id,
84 84
             mock.sentinel.network_type, mock.sentinel.physical_network,
85
-            mock.sentinel.segmentation_id, mock.sentinel.set_port_sriov)
85
+            mock.sentinel.segmentation_id, mock.sentinel.port_security_enabled,
86
+            mock.sentinel.set_port_sriov)
86 87
 
87 88
         mock_super_port_bound.assert_called_once_with(
88 89
             mock.sentinel.port_id, mock.sentinel.network_id,
@@ -107,19 +108,22 @@ class TestHNVAgent(test_base.HyperVBaseTestCase):
107 108
         self.agent._treat_vif_port(
108 109
             mock.sentinel.port_id, mock.sentinel.network_id,
109 110
             mock.sentinel.network_type, mock.sentinel.physical_network,
110
-            mock.sentinel.segmentation_id, True)
111
+            mock.sentinel.segmentation_id, True,
112
+            mock.sentinel.port_security_enabled)
111 113
 
112 114
         mock_port_bound.assert_called_once_with(
113 115
             mock.sentinel.port_id, mock.sentinel.network_id,
114 116
             mock.sentinel.network_type, mock.sentinel.physical_network,
115
-            mock.sentinel.segmentation_id, False)
117
+            mock.sentinel.segmentation_id, mock.sentinel.port_security_enabled,
118
+            False)
116 119
 
117 120
     @mock.patch.object(hnv_agent.HNVAgent, '_port_unbound')
118 121
     def test_treat_vif_port_state_down(self, mock_port_unbound):
119 122
         self.agent._treat_vif_port(
120 123
             mock.sentinel.port_id, mock.sentinel.network_id,
121 124
             mock.sentinel.network_type, mock.sentinel.physical_network,
122
-            mock.sentinel.segmentation_id, False)
125
+            mock.sentinel.segmentation_id, False,
126
+            mock.sentinel.port_security_enabled)
123 127
 
124 128
         mock_port_unbound.assert_called_once_with(mock.sentinel.port_id)
125 129
 

+ 12
- 4
networking_hyperv/tests/unit/neutron/agent/test_hyperv_neutron_agent.py View File

@@ -244,12 +244,14 @@ class TestHyperVNeutronAgent(base.HyperVBaseTestCase):
244 244
                                'vlan',
245 245
                                mock.sentinel.physical_network,
246 246
                                mock.sentinel.segmentation_id,
247
+                               mock.sentinel.port_security_enabled,
247 248
                                False)
248 249
 
249 250
         mock_super_bound.assert_called_once_with(
250 251
             port, net_uuid, 'vlan',
251 252
             mock.sentinel.physical_network,
252
-            mock.sentinel.segmentation_id, False)
253
+            mock.sentinel.segmentation_id, mock.sentinel.port_security_enabled,
254
+            False)
253 255
         self.assertEqual(enable_metrics,
254 256
                          self.agent._utils.add_metrics_collection_acls.called)
255 257
 
@@ -274,6 +276,7 @@ class TestHyperVNeutronAgent(base.HyperVBaseTestCase):
274 276
         self.agent._port_bound(mock.sentinel.port_id, net_uuid, network_type,
275 277
                                mock.sentinel.physical_network,
276 278
                                mock.sentinel.segmentation_id,
279
+                               mock.sentinel.port_security_enabled,
277 280
                                mock.sentinel.set_port_sriov)
278 281
 
279 282
         self.assertIn(mock.sentinel.port_id, fake_map['ports'])
@@ -283,6 +286,8 @@ class TestHyperVNeutronAgent(base.HyperVBaseTestCase):
283 286
         self.agent._utils.connect_vnic_to_vswitch.assert_called_once_with(
284 287
             vswitch_name=mock.sentinel.vswitch_name,
285 288
             switch_port_name=mock.sentinel.port_id)
289
+        self.agent._utils.set_vswitch_port_mac_spoofing(
290
+            mock.sentinel.port_id, mock.sentinel.port_security_enabled)
286 291
 
287 292
     def test_port_bound_vlan(self):
288 293
         self._check_port_bound_net_type(network_type=constants.TYPE_VLAN)
@@ -339,7 +344,8 @@ class TestHyperVNeutronAgent(base.HyperVBaseTestCase):
339 344
         self.agent._treat_vif_port(
340 345
             mock.sentinel.port_id, mock.sentinel.network_id,
341 346
             mock.sentinel.network_type, mock.sentinel.physical_network,
342
-            mock.sentinel.segmentation_id, False)
347
+            mock.sentinel.segmentation_id, False,
348
+            mock.sentinel.port_security_enabled)
343 349
 
344 350
         mock_port_unbound.assert_called_once_with(mock.sentinel.port_id)
345 351
         sg_agent = self.agent._sec_groups_agent
@@ -352,12 +358,14 @@ class TestHyperVNeutronAgent(base.HyperVBaseTestCase):
352 358
         self.agent._treat_vif_port(
353 359
             mock.sentinel.port_id, mock.sentinel.network_id,
354 360
             mock.sentinel.network_type, mock.sentinel.physical_network,
355
-            mock.sentinel.segmentation_id, True)
361
+            mock.sentinel.segmentation_id, True,
362
+            mock.sentinel.port_security_enabled)
356 363
 
357 364
         mock_port_bound.assert_called_once_with(
358 365
             mock.sentinel.port_id, mock.sentinel.network_id,
359 366
             mock.sentinel.network_type, mock.sentinel.physical_network,
360
-            mock.sentinel.segmentation_id, False)
367
+            mock.sentinel.segmentation_id, mock.sentinel.port_security_enabled,
368
+            False)
361 369
 
362 370
     def test_treat_vif_port_sg_enabled(self):
363 371
         self.agent._enable_security_groups = True

+ 7
- 4
networking_hyperv/tests/unit/neutron/agent/test_layer2.py View File

@@ -50,7 +50,7 @@ class _Layer2Agent(agent_base.Layer2Agent):
50 50
 
51 51
     def _treat_vif_port(self, port_id, network_id, network_type,
52 52
                         physical_network, segmentation_id,
53
-                        admin_state_up):
53
+                        admin_state_up, port_security_enabled):
54 54
         pass
55 55
 
56 56
 
@@ -96,7 +96,8 @@ class TestLayer2Agent(test_base.HyperVBaseTestCase):
96 96
             'network_type': mock.sentinel.network_type,
97 97
             'physical_network': mock.sentinel.physical_network,
98 98
             'segmentation_id': mock.sentinel.segmentation_id,
99
-            'admin_state_up': mock.sentinel.admin_state_up
99
+            'admin_state_up': mock.sentinel.admin_state_up,
100
+            'port_security_enabled': mock.sentinel.port_security_enabled,
100 101
         }
101 102
 
102 103
     @mock.patch.object(agent_base.Layer2Agent, '_process_removed_port_event',
@@ -430,7 +431,8 @@ class TestLayer2Agent(test_base.HyperVBaseTestCase):
430 431
         self._agent._port_bound(mock.sentinel.port_id,
431 432
                                 net_uuid, mock.sentinel.network_type,
432 433
                                 mock.sentinel.physical_network,
433
-                                mock.sentinel.segmentation_id, True)
434
+                                mock.sentinel.segmentation_id,
435
+                                mock.sentinel.port_security_enabled, True)
434 436
 
435 437
         self.assertIn(mock.sentinel.port_id, fake_map['ports'])
436 438
         mock_provision_network.assert_called_once_with(
@@ -634,7 +636,8 @@ class TestLayer2Agent(test_base.HyperVBaseTestCase):
634 636
         self._agent._utils.vnic_port_exists.return_value = True
635 637
         port = {'id': mock.sentinel.port_id,
636 638
                 'network_id': mock.sentinel.network_id,
637
-                'admin_state_up': mock.sentinel.admin_state_up}
639
+                'admin_state_up': mock.sentinel.admin_state_up,
640
+                'port_security_enabled': mock.sentinel.port_security_enabled}
638 641
 
639 642
         self._agent.port_update(self._agent._context, port,
640 643
                                 mock.sentinel.network_type,

Loading…
Cancel
Save