Skip IP addresses from management networks

When management networks(`default_neutron_networks`) is configured, the management interface information should be invisible to the end users. Change-Id: I2d10e5ff9760c75ae2739a5add7542baf9881207
2019-02-16 23:48:47 +13:00 · 2019-02-16 23:48:47 +13:00 · 7bf1b28703
parent 795f2bde88
commit 7bf1b28703
3 changed files with 86 additions and 4 deletions
--- a/trove/common/neutron.py
+++ b/trove/common/neutron.py
@ -0,0 +1,49 @@
+# Copyright 2019 Catalyst Cloud Ltd.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+
+from trove.common import cfg
+from trove.common import remote
+
+CONF = cfg.CONF
+MGMT_NETWORKS = None
+
+
+def get_management_networks(context):
+    """Cache the management network names.
+
+    When CONF.default_neutron_networks is changed, the Trove service needs to
+    restart so the global cache will be refreshed.
+    """
+    global MGMT_NETWORKS
+
+    if MGMT_NETWORKS is not None:
+        return MGMT_NETWORKS
+
+    MGMT_NETWORKS = []
+    if len(CONF.default_neutron_networks) > 0:
+        neutron_client = remote.create_neutron_client(context)
+
+        for net_id in CONF.default_neutron_networks:
+            MGMT_NETWORKS.append(
+                neutron_client.show_network(net_id)['network']['name']
+            )
+
+    return MGMT_NETWORKS
+
+
+def reset_management_networks():
+    """This method is only for testing purpose."""
+    global MGMT_NETWORKS
+
+    MGMT_NETWORKS = None
--- a/trove/instance/models.py
+++ b/trove/instance/models.py
@ -32,6 +32,7 @@ from trove.common import exception
 from trove.common.glance_remote import create_glance_client
 from trove.common.i18n import _
 import trove.common.instance as tr_instance
+from trove.common import neutron
 from trove.common.notification import StartNotification
 from trove.common.remote import create_cinder_client
 from trove.common.remote import create_dns_client
@ -226,15 +227,23 @@ class SimpleInstance(object):
        """Returns IPs that will be visible to the user."""
        if self.addresses is None:
            return None
+
        IPs = []
+        mgmt_networks = neutron.get_management_networks(self.context)
+
        for label in self.addresses:
-            if (re.search(CONF.network_label_regex, label) and
-                    len(self.addresses[label]) > 0):
-                IPs.extend([addr.get('addr')
-                            for addr in self.addresses[label]])
+            if label in mgmt_networks:
+                continue
+            if (CONF.network_label_regex and
+                    not re.search(CONF.network_label_regex, label)):
+                continue
+
+            IPs.extend([addr.get('addr') for addr in self.addresses[label]])
+
        # Includes ip addresses that match the regexp pattern
        if CONF.ip_regex and CONF.black_list_regex:
            IPs = filter_ips(IPs, CONF.ip_regex, CONF.black_list_regex)
+
        return IPs

    @property
--- a/trove/tests/unittests/instance/test_instance_models.py
+++ b/trove/tests/unittests/instance/test_instance_models.py
@ -19,6 +19,7 @@ from trove.backup import models as backup_models
 from trove.common import cfg
 from trove.common import exception
 from trove.common.instance import ServiceStatuses
+from trove.common import neutron
 from trove.datastore import models as datastore_models
 from trove.instance import models
 from trove.instance.models import DBInstance
@ -60,6 +61,11 @@ class SimpleInstanceTest(trove_testtools.TestCase):
        super(SimpleInstanceTest, self).tearDown()
        CONF.network_label_regex = self.orig_conf
        CONF.ip_start = None
+        CONF.default_neutron_networks = []
+        CONF.ip_regex = self.orig_ip_regex
+        CONF.black_list_regex = self.orig_black_list_regex
+
+        neutron.reset_management_networks()

    def test_get_root_on_create(self):
        root_on_create_val = Instance.get_root_on_create(
@ -107,6 +113,24 @@ class SimpleInstanceTest(trove_testtools.TestCase):
        self.assertIn('123.123.123.123', ip)
        self.assertIn('15.123.123.123', ip)

+    @patch('trove.common.remote.create_neutron_client')
+    def test_filter_management_ip_addresses(self, mock_neutron_client):
+        CONF.network_label_regex = ''
+        CONF.default_neutron_networks = ['fake-net-id']
+
+        neutron_client = Mock()
+        neutron_client.show_network.return_value = {
+            'network': {'name': 'public'}
+        }
+        mock_neutron_client.return_value = neutron_client
+
+        ip = self.instance.get_visible_ip_addresses()
+
+        neutron_client.show_network.assert_called_once_with('fake-net-id')
+        self.assertEqual(2, len(ip))
+        self.assertIn('123.123.123.123', ip)
+        self.assertIn('10.123.123.123', ip)
+
    def test_locality(self):
        self.assertEqual('affinity', self.instance.locality)