openstack/neutron-lib
Code Issues Proposed changes

rehome is_port_trusted util function

Browse Source 
This patch rehomes neutron.common.utils.is_port_trusted into
neutron_lib.utils.net. UTs and a release note included as well.

Change-Id: I0a32ccb3b80809f1df0a07aa0b4546bca16e1c2c
This commit is contained in:
Boden R
2017-04-03 13:17:55 -06:00
parent f65ae58226
commit 4d9101a60b
3 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
neutron_lib/tests/unit/utils/test_net.py
View File

@@ -16,6 +16,7 @@ import socket
import mock import mock
from neutron_lib import constants
from neutron_lib.tests import _base as base from neutron_lib.tests import _base as base
from neutron_lib.utils import net from neutron_lib.utils import net
@@ -61,3 +62,15 @@ class TestGetRandomMac(base.BaseTestCase):
self.assertEqual('a2:a2:a2:a2:a2:a2', mac) self.assertEqual('a2:a2:a2:a2:a2:a2', mac)
mock_rnd.assert_called_with(0x00, 0xff) mock_rnd.assert_called_with(0x00, 0xff)
class TestPortDeviceOwner(base.BaseTestCase):
def test_is_port_trusted(self):
self.assertTrue(net.is_port_trusted(
{'device_owner':
constants.DEVICE_OWNER_NETWORK_PREFIX + 'dev'}))
def test_is_port_not_trusted(self):
self.assertFalse(net.is_port_trusted(
{'device_owner': constants.DEVICE_OWNER_COMPUTE_PREFIX + 'dev'}))

16
neutron_lib/utils/net.py
View File

@@ -14,6 +14,8 @@
import random import random
import socket import socket
from neutron_lib import constants
def get_hostname(): def get_hostname():
"""Get the hostname of the system. """Get the hostname of the system.
@@ -36,3 +38,17 @@ def get_random_mac(base_mac):
"{:02x}".format(random.randint(0x00, 0xff))if p == '00' else p "{:02x}".format(random.randint(0x00, 0xff))if p == '00' else p
for p in base_mac for p in base_mac
) )
def is_port_trusted(port):
"""Used to determine if port can be trusted not to attack network.
Trust is currently based on the device_owner field starting with 'network:'
since we restrict who can use that in the default policy.json file.
:param port: The port dict to inspect the 'device_owner' for.
:returns: True if the port dict's 'device_owner' value starts with the
networking prefix. False otherwise.
"""
return port['device_owner'].startswith(
constants.DEVICE_OWNER_NETWORK_PREFIX)

4
releasenotes/notes/rehome-port-dev-util-ea6f4a5c4da42f6c.yaml Normal file
View File

@@ -0,0 +1,4 @@
---
features:
- The ``neutron.common.utils`` function ``is_port_trusted`` is now available
in ``neutron_lib.utils.net``.