openstack
/
neutron
Code Issues Proposed changes

Merge "Handle CIDR IP address in allowed address pairs" into stable/ocata

This commit is contained in:
Jenkins 2017-05-19 01:50:00 +00:00 committed by Gerrit Code Review
parent dbc91498cc c290233507
commit 66839cff26
3 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
neutron/agent/linux/openvswitch_firewall/firewall.py
View File

@ -112,7 +112,7 @@ class OFPort(object):
def _get_allowed_pairs(port_dict, version):
aap_dict = port_dict.get('allowed_address_pairs', set())
return {(aap['mac_address'], aap['ip_address']) for aap in aap_dict
if netaddr.IPAddress(aap['ip_address']).version == version}
if netaddr.IPNetwork(aap['ip_address']).version == version}
@property
def ipv4_addresses(self):

2
neutron/tests/functional/agent/test_firewall.py
View File

@ -398,7 +398,7 @@ class FirewallTestCase(BaseFirewallTestCase):
not_allowed_ip = "%s/24" % (allowed_ip + 1)
self.src_port_desc['allowed_address_pairs'] = [
{'mac_address': port_mac,
'ip_address': allowed_ip}]
'ip_address': "%s/32" % allowed_ip}]
allowed_ip = "%s/24" % allowed_ip
self.firewall.update_port_filter(self.src_port_desc)

4
neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py
View File

@ -100,11 +100,13 @@ class TestOFPort(base.BaseTestCase):
'allowed_address_pairs': [
{'mac_address': 'foo', 'ip_address': '10.0.0.1'},
{'mac_address': 'bar', 'ip_address': '192.168.0.1'},
{'mac_address': 'qux', 'ip_address': '169.254.0.0/16'},
{'mac_address': 'baz', 'ip_address': '2003::f'},
]}
allowed_pairs_v4 = ovsfw.OFPort._get_allowed_pairs(port, version=4)
allowed_pairs_v6 = ovsfw.OFPort._get_allowed_pairs(port, version=6)
expected_aap_v4 = {('foo', '10.0.0.1'), ('bar', '192.168.0.1')}
expected_aap_v4 = {('foo', '10.0.0.1'), ('bar', '192.168.0.1'),
('qux', '169.254.0.0/16')}
expected_aap_v6 = {('baz', '2003::f')}
self.assertEqual(expected_aap_v4, allowed_pairs_v4)
self.assertEqual(expected_aap_v6, allowed_pairs_v6)