Merge pull request #346 from asadoughi/rm11520

Added environment capabilities and enforcement
2015-02-24 12:34:26 -06:00
parent cbeab5fa24 0814e9d747
commit 52e9b33a88
3 changed files with 113 additions and 6 deletions
--- a/quark/drivers/unmanaged.py
+++ b/quark/drivers/unmanaged.py
@@ -16,6 +16,7 @@
 from neutron.openstack.common import log as logging

 from quark.cache import security_groups_client as sg_client
+from quark import environment as env
 from quark import network_strategy


@@ -59,9 +60,8 @@ class UnmanagedDriver(object):
        bridge_name = STRATEGY.get_network(context, network_id)["bridge"]
        return {"uuid": port_id, "bridge": bridge_name}

-    def update_port(self, context, port_id, **kwargs):
-        LOG.info("update_port %s %s" % (context.tenant_id, port_id))
-
+    @env.has_capability(env.Capabilities.SECURITY_GROUPS)
+    def _update_port_security_groups(self, **kwargs):
        if "security_groups" in kwargs:
            client = sg_client.SecurityGroupsClient(use_master=True)
            if kwargs["security_groups"]:
@@ -72,17 +72,23 @@ class UnmanagedDriver(object):
                client.delete_vif_rules(kwargs["device_id"],
                                        kwargs["mac_address"])

+    def update_port(self, context, port_id, **kwargs):
+        LOG.info("update_port %s %s" % (context.tenant_id, port_id))
+        self._update_port_security_groups(**kwargs)
        return {"uuid": port_id}

-    def delete_port(self, context, port_id, **kwargs):
-        LOG.info("delete_port %s %s" % (context.tenant_id, port_id))
-
+    @env.has_capability(env.Capabilities.SECURITY_GROUPS)
+    def _delete_port_security_groups(self, **kwargs):
        # Contacting redis is cheaper than hitting the database to find out
        # if we have rules to delete, and deleting an absence of rules is a
        # NOOP, so this is a safe operation
        client = sg_client.SecurityGroupsClient(use_master=True)
        client.delete_vif(kwargs["device_id"], kwargs["mac_address"])

+    def delete_port(self, context, port_id, **kwargs):
+        LOG.info("delete_port %s %s" % (context.tenant_id, port_id))
+        self._delete_port_security_groups(**kwargs)
+
    def diag_port(self, context, network_id, **kwargs):
        LOG.info("diag_port %s" % network_id)
        return {}
--- a/quark/environment.py
+++ b/quark/environment.py
@@ -0,0 +1,45 @@
+# Copyright (c) 2015 OpenStack Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from neutron.i18n import _
+from oslo_config import cfg
+
+CONF = cfg.CONF
+
+
+class Capabilities(object):
+    SECURITY_GROUPS = "security_groups"
+
+
+quark_opts = [
+    cfg.ListOpt("environment_capabilities",
+                default=",".join([Capabilities.SECURITY_GROUPS]),
+                help=_("Capabilities supported by a given environment's"
+                       "deployment.")),
+]
+
+
+CONF.register_opts(quark_opts, "QUARK")
+
+
+class has_capability(object):
+    def __init__(self, capability):
+        self.capability = capability
+
+    def __call__(self, f):
+        def wrapped(*args, **kwargs):
+            if self.capability in CONF.QUARK.environment_capabilities:
+                return f(*args, **kwargs)
+        return wrapped
--- a/quark/tests/test_environment.py
+++ b/quark/tests/test_environment.py
@@ -0,0 +1,56 @@
+# Copyright (c) 2015 OpenStack Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import contextlib
+
+from oslo.config import cfg
+
+from quark import environment as env
+from quark.tests import test_base
+
+
+class TestEnvironment(test_base.TestBase):
+    def setUp(self):
+        super(TestEnvironment, self).setUp()
+        self.MAGIC_VALUE = "12345"
+
+    @contextlib.contextmanager
+    def _fixture(self, has_capability):
+        old_override = cfg.CONF.QUARK.environment_capabilities
+        if has_capability:
+            override = env.Capabilities.SECURITY_GROUPS
+        else:
+            override = ""
+
+        cfg.CONF.set_override("environment_capabilities",
+                              override,
+                              "QUARK")
+        yield
+
+        cfg.CONF.set_override("environment_capabilities",
+                              old_override,
+                              "QUARK")
+
+    @env.has_capability(env.Capabilities.SECURITY_GROUPS)
+    def foo(self):
+        return self.MAGIC_VALUE
+
+    def test_has_capability_True(self):
+        with self._fixture(True):
+            self.assertEqual(self.foo(), self.MAGIC_VALUE)
+
+    def test_has_capability_False(self):
+        with self._fixture(False):
+            self.assertIsNone(self.foo())