From 7bf1b2870317934d6d6b7789262ae0de894c8472 Mon Sep 17 00:00:00 2001
From: Lingxian Kong <anlin.kong@gmail.com>
Date: Sat, 16 Feb 2019 23:48:47 +1300
Subject: [PATCH] Skip IP addresses from management networks

When management networks(`default_neutron_networks`) is configured, the
management interface information should be invisible to the end users.

Change-Id: I2d10e5ff9760c75ae2739a5add7542baf9881207
---
 trove/common/neutron.py                       | 49 +++++++++++++++++++
 trove/instance/models.py                      | 17 +++++--
 .../instance/test_instance_models.py          | 24 +++++++++
 3 files changed, 86 insertions(+), 4 deletions(-)
 create mode 100644 trove/common/neutron.py

diff --git a/trove/common/neutron.py b/trove/common/neutron.py
new file mode 100644
index 0000000000..a7bd2c9a35
--- /dev/null
+++ b/trove/common/neutron.py
@@ -0,0 +1,49 @@
+# Copyright 2019 Catalyst Cloud Ltd.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+
+from trove.common import cfg
+from trove.common import remote
+
+CONF = cfg.CONF
+MGMT_NETWORKS = None
+
+
+def get_management_networks(context):
+    """Cache the management network names.
+
+    When CONF.default_neutron_networks is changed, the Trove service needs to
+    restart so the global cache will be refreshed.
+    """
+    global MGMT_NETWORKS
+
+    if MGMT_NETWORKS is not None:
+        return MGMT_NETWORKS
+
+    MGMT_NETWORKS = []
+    if len(CONF.default_neutron_networks) > 0:
+        neutron_client = remote.create_neutron_client(context)
+
+        for net_id in CONF.default_neutron_networks:
+            MGMT_NETWORKS.append(
+                neutron_client.show_network(net_id)['network']['name']
+            )
+
+    return MGMT_NETWORKS
+
+
+def reset_management_networks():
+    """This method is only for testing purpose."""
+    global MGMT_NETWORKS
+
+    MGMT_NETWORKS = None
diff --git a/trove/instance/models.py b/trove/instance/models.py
index 0a03d2d823..137fb61051 100644
--- a/trove/instance/models.py
+++ b/trove/instance/models.py
@@ -32,6 +32,7 @@ from trove.common import exception
 from trove.common.glance_remote import create_glance_client
 from trove.common.i18n import _
 import trove.common.instance as tr_instance
+from trove.common import neutron
 from trove.common.notification import StartNotification
 from trove.common.remote import create_cinder_client
 from trove.common.remote import create_dns_client
@@ -226,15 +227,23 @@ class SimpleInstance(object):
         """Returns IPs that will be visible to the user."""
         if self.addresses is None:
             return None
+
         IPs = []
+        mgmt_networks = neutron.get_management_networks(self.context)
+
         for label in self.addresses:
-            if (re.search(CONF.network_label_regex, label) and
-                    len(self.addresses[label]) > 0):
-                IPs.extend([addr.get('addr')
-                            for addr in self.addresses[label]])
+            if label in mgmt_networks:
+                continue
+            if (CONF.network_label_regex and
+                    not re.search(CONF.network_label_regex, label)):
+                continue
+
+            IPs.extend([addr.get('addr') for addr in self.addresses[label]])
+
         # Includes ip addresses that match the regexp pattern
         if CONF.ip_regex and CONF.black_list_regex:
             IPs = filter_ips(IPs, CONF.ip_regex, CONF.black_list_regex)
+
         return IPs
 
     @property
diff --git a/trove/tests/unittests/instance/test_instance_models.py b/trove/tests/unittests/instance/test_instance_models.py
index e1151fe68a..8a102914aa 100644
--- a/trove/tests/unittests/instance/test_instance_models.py
+++ b/trove/tests/unittests/instance/test_instance_models.py
@@ -19,6 +19,7 @@ from trove.backup import models as backup_models
 from trove.common import cfg
 from trove.common import exception
 from trove.common.instance import ServiceStatuses
+from trove.common import neutron
 from trove.datastore import models as datastore_models
 from trove.instance import models
 from trove.instance.models import DBInstance
@@ -60,6 +61,11 @@ class SimpleInstanceTest(trove_testtools.TestCase):
         super(SimpleInstanceTest, self).tearDown()
         CONF.network_label_regex = self.orig_conf
         CONF.ip_start = None
+        CONF.default_neutron_networks = []
+        CONF.ip_regex = self.orig_ip_regex
+        CONF.black_list_regex = self.orig_black_list_regex
+
+        neutron.reset_management_networks()
 
     def test_get_root_on_create(self):
         root_on_create_val = Instance.get_root_on_create(
@@ -107,6 +113,24 @@ class SimpleInstanceTest(trove_testtools.TestCase):
         self.assertIn('123.123.123.123', ip)
         self.assertIn('15.123.123.123', ip)
 
+    @patch('trove.common.remote.create_neutron_client')
+    def test_filter_management_ip_addresses(self, mock_neutron_client):
+        CONF.network_label_regex = ''
+        CONF.default_neutron_networks = ['fake-net-id']
+
+        neutron_client = Mock()
+        neutron_client.show_network.return_value = {
+            'network': {'name': 'public'}
+        }
+        mock_neutron_client.return_value = neutron_client
+
+        ip = self.instance.get_visible_ip_addresses()
+
+        neutron_client.show_network.assert_called_once_with('fake-net-id')
+        self.assertEqual(2, len(ip))
+        self.assertIn('123.123.123.123', ip)
+        self.assertIn('10.123.123.123', ip)
+
     def test_locality(self):
         self.assertEqual('affinity', self.instance.locality)