From 4d9101a60b3c0d99b900982a0d442e9ddfcec8d6 Mon Sep 17 00:00:00 2001 From: Boden R Date: Mon, 3 Apr 2017 13:17:55 -0600 Subject: [PATCH] rehome is_port_trusted util function This patch rehomes neutron.common.utils.is_port_trusted into neutron_lib.utils.net. UTs and a release note included as well. Change-Id: I0a32ccb3b80809f1df0a07aa0b4546bca16e1c2c --- neutron_lib/tests/unit/utils/test_net.py | 13 +++++++++++++ neutron_lib/utils/net.py | 16 ++++++++++++++++ .../rehome-port-dev-util-ea6f4a5c4da42f6c.yaml | 4 ++++ 3 files changed, 33 insertions(+) create mode 100644 releasenotes/notes/rehome-port-dev-util-ea6f4a5c4da42f6c.yaml diff --git a/neutron_lib/tests/unit/utils/test_net.py b/neutron_lib/tests/unit/utils/test_net.py index bf83efe72..a61304b46 100644 --- a/neutron_lib/tests/unit/utils/test_net.py +++ b/neutron_lib/tests/unit/utils/test_net.py @@ -16,6 +16,7 @@ import socket import mock +from neutron_lib import constants from neutron_lib.tests import _base as base from neutron_lib.utils import net @@ -61,3 +62,15 @@ class TestGetRandomMac(base.BaseTestCase): self.assertEqual('a2:a2:a2:a2:a2:a2', mac) mock_rnd.assert_called_with(0x00, 0xff) + + +class TestPortDeviceOwner(base.BaseTestCase): + + def test_is_port_trusted(self): + self.assertTrue(net.is_port_trusted( + {'device_owner': + constants.DEVICE_OWNER_NETWORK_PREFIX + 'dev'})) + + def test_is_port_not_trusted(self): + self.assertFalse(net.is_port_trusted( + {'device_owner': constants.DEVICE_OWNER_COMPUTE_PREFIX + 'dev'})) diff --git a/neutron_lib/utils/net.py b/neutron_lib/utils/net.py index 55996cf8e..319adfd53 100644 --- a/neutron_lib/utils/net.py +++ b/neutron_lib/utils/net.py @@ -14,6 +14,8 @@ import random import socket +from neutron_lib import constants + def get_hostname(): """Get the hostname of the system. @@ -36,3 +38,17 @@ def get_random_mac(base_mac): "{:02x}".format(random.randint(0x00, 0xff))if p == '00' else p for p in base_mac ) + + +def is_port_trusted(port): + """Used to determine if port can be trusted not to attack network. + + Trust is currently based on the device_owner field starting with 'network:' + since we restrict who can use that in the default policy.json file. + + :param port: The port dict to inspect the 'device_owner' for. + :returns: True if the port dict's 'device_owner' value starts with the + networking prefix. False otherwise. + """ + return port['device_owner'].startswith( + constants.DEVICE_OWNER_NETWORK_PREFIX) diff --git a/releasenotes/notes/rehome-port-dev-util-ea6f4a5c4da42f6c.yaml b/releasenotes/notes/rehome-port-dev-util-ea6f4a5c4da42f6c.yaml new file mode 100644 index 000000000..857ee1473 --- /dev/null +++ b/releasenotes/notes/rehome-port-dev-util-ea6f4a5c4da42f6c.yaml @@ -0,0 +1,4 @@ +--- +features: + - The ``neutron.common.utils`` function ``is_port_trusted`` is now available + in ``neutron_lib.utils.net``.