Merge "Allow to request metadata proxy only from internal interfaces"

2015-03-20 01:44:19 +00:00 · 2015-03-20 01:44:19 +00:00 · 366820a9ab
parent 81ce60ea7b b049971c56
commit 366820a9ab
2 changed files with 6 additions and 2 deletions
--- a/neutron/agent/metadata/driver.py
+++ b/neutron/agent/metadata/driver.py
@ -19,6 +19,7 @@ from oslo_config import cfg
 from oslo_log import log as logging

 from neutron.agent.common import config
+from neutron.agent.l3 import namespaces
 from neutron.agent.linux import external_process
 from neutron.common import exceptions
 from neutron.services import advanced_service
@ -104,8 +105,11 @@ class MetadataDriver(advanced_service.AdvancedService):
    @classmethod
    def metadata_nat_rules(cls, port):
        return [('PREROUTING', '-d 169.254.169.254/32 '
+                 '-i %(interface_name)s '
                 '-p tcp -m tcp --dport 80 -j REDIRECT '
-                 '--to-port %s' % port)]
+                 '--to-port %(port)s' %
+                 {'interface_name': namespaces.INTERNAL_DEV_PREFIX + '+',
+                  'port': port})]

    @classmethod
    def _get_metadata_proxy_user_group(cls, conf):
--- a/neutron/tests/unit/agent/metadata/test_driver.py
+++ b/neutron/tests/unit/agent/metadata/test_driver.py
@ -33,7 +33,7 @@ _uuid = uuidutils.generate_uuid
 class TestMetadataDriverRules(base.BaseTestCase):

    def test_metadata_nat_rules(self):
-        rules = ('PREROUTING', '-d 169.254.169.254/32 '
+        rules = ('PREROUTING', '-d 169.254.169.254/32 -i qr-+ '
                 '-p tcp -m tcp --dport 80 -j REDIRECT --to-port 8775')
        self.assertEqual(
            [rules],