rehome is_port_trusted util function

This patch rehomes neutron.common.utils.is_port_trusted into neutron_lib.utils.net. UTs and a release note included as well. Change-Id: I0a32ccb3b80809f1df0a07aa0b4546bca16e1c2c
2017-04-03 13:17:55 -06:00
parent f65ae58226
commit 4d9101a60b
3 changed files with 33 additions and 0 deletions
--- a/neutron_lib/tests/unit/utils/test_net.py
+++ b/neutron_lib/tests/unit/utils/test_net.py
@@ -16,6 +16,7 @@ import socket

 import mock

+from neutron_lib import constants
 from neutron_lib.tests import _base as base
 from neutron_lib.utils import net

@@ -61,3 +62,15 @@ class TestGetRandomMac(base.BaseTestCase):
        self.assertEqual('a2:a2:a2:a2:a2:a2', mac)

        mock_rnd.assert_called_with(0x00, 0xff)
+
+
+class TestPortDeviceOwner(base.BaseTestCase):
+
+    def test_is_port_trusted(self):
+        self.assertTrue(net.is_port_trusted(
+            {'device_owner':
+             constants.DEVICE_OWNER_NETWORK_PREFIX + 'dev'}))
+
+    def test_is_port_not_trusted(self):
+        self.assertFalse(net.is_port_trusted(
+            {'device_owner': constants.DEVICE_OWNER_COMPUTE_PREFIX + 'dev'}))
--- a/neutron_lib/utils/net.py
+++ b/neutron_lib/utils/net.py
@@ -14,6 +14,8 @@
 import random
 import socket

+from neutron_lib import constants
+

 def get_hostname():
    """Get the hostname of the system.
@@ -36,3 +38,17 @@ def get_random_mac(base_mac):
        "{:02x}".format(random.randint(0x00, 0xff))if p == '00' else p
        for p in base_mac
    )
+
+
+def is_port_trusted(port):
+    """Used to determine if port can be trusted not to attack network.
+
+    Trust is currently based on the device_owner field starting with 'network:'
+    since we restrict who can use that in the default policy.json file.
+
+    :param port: The port dict to inspect the 'device_owner' for.
+    :returns: True if the port dict's 'device_owner' value starts with the
+    networking prefix. False otherwise.
+    """
+    return port['device_owner'].startswith(
+        constants.DEVICE_OWNER_NETWORK_PREFIX)
--- a/releasenotes/notes/rehome-port-dev-util-ea6f4a5c4da42f6c.yaml
+++ b/releasenotes/notes/rehome-port-dev-util-ea6f4a5c4da42f6c.yaml
@@ -0,0 +1,4 @@
+---
+features:
+  - The ``neutron.common.utils`` function ``is_port_trusted`` is now available
+    in ``neutron_lib.utils.net``.