Merge "Handle CIDR IP address in allowed address pairs" into stable/ocata
This commit is contained in:
commit
66839cff26
|
@ -112,7 +112,7 @@ class OFPort(object):
|
|||
def _get_allowed_pairs(port_dict, version):
|
||||
aap_dict = port_dict.get('allowed_address_pairs', set())
|
||||
return {(aap['mac_address'], aap['ip_address']) for aap in aap_dict
|
||||
if netaddr.IPAddress(aap['ip_address']).version == version}
|
||||
if netaddr.IPNetwork(aap['ip_address']).version == version}
|
||||
|
||||
@property
|
||||
def ipv4_addresses(self):
|
||||
|
|
|
@ -398,7 +398,7 @@ class FirewallTestCase(BaseFirewallTestCase):
|
|||
not_allowed_ip = "%s/24" % (allowed_ip + 1)
|
||||
self.src_port_desc['allowed_address_pairs'] = [
|
||||
{'mac_address': port_mac,
|
||||
'ip_address': allowed_ip}]
|
||||
'ip_address': "%s/32" % allowed_ip}]
|
||||
allowed_ip = "%s/24" % allowed_ip
|
||||
|
||||
self.firewall.update_port_filter(self.src_port_desc)
|
||||
|
|
|
@ -100,11 +100,13 @@ class TestOFPort(base.BaseTestCase):
|
|||
'allowed_address_pairs': [
|
||||
{'mac_address': 'foo', 'ip_address': '10.0.0.1'},
|
||||
{'mac_address': 'bar', 'ip_address': '192.168.0.1'},
|
||||
{'mac_address': 'qux', 'ip_address': '169.254.0.0/16'},
|
||||
{'mac_address': 'baz', 'ip_address': '2003::f'},
|
||||
]}
|
||||
allowed_pairs_v4 = ovsfw.OFPort._get_allowed_pairs(port, version=4)
|
||||
allowed_pairs_v6 = ovsfw.OFPort._get_allowed_pairs(port, version=6)
|
||||
expected_aap_v4 = {('foo', '10.0.0.1'), ('bar', '192.168.0.1')}
|
||||
expected_aap_v4 = {('foo', '10.0.0.1'), ('bar', '192.168.0.1'),
|
||||
('qux', '169.254.0.0/16')}
|
||||
expected_aap_v6 = {('baz', '2003::f')}
|
||||
self.assertEqual(expected_aap_v4, allowed_pairs_v4)
|
||||
self.assertEqual(expected_aap_v6, allowed_pairs_v6)
|
||||
|
|
Loading…
Reference in New Issue