Fill device_info with port_security_enabled data
Firewall drivers check if port security is enabled. After ovo is sent over the wire, the port_security_enabled is part of 'security' field. The patch translates the RPC call from agent to server so the payload containing port_security_enabled is at the same place. We may consider implementing change of OVO field to contain boolean directly. Change-Id: I647343e84b41da63d7ffcc5a87f3dfa2036adc56 Closes-bug: #1605654
This commit is contained in:
parent
5d5ebd0bd9
commit
03c100b959
|
@ -342,6 +342,8 @@ class SecurityGroupServerAPIShim(sg_rpc_base.SecurityGroupInfoAPIMixin):
|
||||||
# will be required for linux bridge and others that don't have the
|
# will be required for linux bridge and others that don't have the
|
||||||
# full port UUID
|
# full port UUID
|
||||||
port['device'] = port['id']
|
port['device'] = port['id']
|
||||||
|
port['port_security_enabled'] = getattr(
|
||||||
|
ovo.security, 'port_security_enabled', True)
|
||||||
result[device] = port
|
result[device] = port
|
||||||
return result
|
return result
|
||||||
|
|
||||||
|
|
|
@ -20,6 +20,7 @@ from neutron.agent import resource_cache
|
||||||
from neutron.api.rpc.callbacks import resources
|
from neutron.api.rpc.callbacks import resources
|
||||||
from neutron.api.rpc.handlers import securitygroups_rpc
|
from neutron.api.rpc.handlers import securitygroups_rpc
|
||||||
from neutron import objects
|
from neutron import objects
|
||||||
|
from neutron.objects.port.extensions import port_security as psec
|
||||||
from neutron.objects import ports
|
from neutron.objects import ports
|
||||||
from neutron.objects import securitygroup
|
from neutron.objects import securitygroup
|
||||||
from neutron.tests import base
|
from neutron.tests import base
|
||||||
|
@ -131,9 +132,13 @@ class SecurityGroupServerAPIShimTestCase(base.BaseTestCase):
|
||||||
def test_security_group_info_for_devices(self):
|
def test_security_group_info_for_devices(self):
|
||||||
s1 = self._make_security_group_ovo()
|
s1 = self._make_security_group_ovo()
|
||||||
p1 = self._make_port_ovo(ip='1.1.1.1', security_group_ids={s1.id})
|
p1 = self._make_port_ovo(ip='1.1.1.1', security_group_ids={s1.id})
|
||||||
p2 = self._make_port_ovo(ip='2.2.2.2', security_group_ids={s1.id})
|
p2 = self._make_port_ovo(
|
||||||
|
ip='2.2.2.2',
|
||||||
|
security_group_ids={s1.id},
|
||||||
|
security=psec.PortSecurity(port_security_enabled=False))
|
||||||
p3 = self._make_port_ovo(ip='3.3.3.3', security_group_ids={s1.id},
|
p3 = self._make_port_ovo(ip='3.3.3.3', security_group_ids={s1.id},
|
||||||
device_owner='network:dhcp')
|
device_owner='network:dhcp')
|
||||||
|
|
||||||
ids = [p1.id, p2.id, p3.id]
|
ids = [p1.id, p2.id, p3.id]
|
||||||
info = self.shim.security_group_info_for_devices(self.ctx, ids)
|
info = self.shim.security_group_info_for_devices(self.ctx, ids)
|
||||||
self.assertIn('1.1.1.1', info['sg_member_ips'][s1.id]['IPv4'])
|
self.assertIn('1.1.1.1', info['sg_member_ips'][s1.id]['IPv4'])
|
||||||
|
@ -144,6 +149,8 @@ class SecurityGroupServerAPIShimTestCase(base.BaseTestCase):
|
||||||
# P3 is a trusted port so it doesn't have rules
|
# P3 is a trusted port so it doesn't have rules
|
||||||
self.assertNotIn(p3.id, info['devices'].keys())
|
self.assertNotIn(p3.id, info['devices'].keys())
|
||||||
self.assertEqual([s1.id], list(info['security_groups'].keys()))
|
self.assertEqual([s1.id], list(info['security_groups'].keys()))
|
||||||
|
self.assertTrue(info['devices'][p1.id]['port_security_enabled'])
|
||||||
|
self.assertFalse(info['devices'][p2.id]['port_security_enabled'])
|
||||||
|
|
||||||
def test_sg_member_update_events(self):
|
def test_sg_member_update_events(self):
|
||||||
s1 = self._make_security_group_ovo()
|
s1 = self._make_security_group_ovo()
|
||||||
|
|
Loading…
Reference in New Issue