Merge "Enable port security on default tenant network"

2021-12-14 15:41:47 +00:00 · 2021-12-14 15:41:47 +00:00 · 35058b22d3
parent 4868078e14 5d528176d9
commit 35058b22d3
4 changed files with 14 additions and 11 deletions
--- a/tobiko/openstack/stacks/_neutron.py
+++ b/tobiko/openstack/stacks/_neutron.py
@ -115,8 +115,8 @@ class NetworkStackFixture(heat.HeatStackFixture):
    #: Heat template file
    template = _hot.heat_template_file('neutron/network.yaml')

-    #: Disable port security by default for new network ports
-    port_security_enabled = False
+    #: Enable port security by default for new network ports
+    port_security_enabled = True

    @property
    def has_ipv4(self):
--- a/tobiko/openstack/stacks/_nova.py
+++ b/tobiko/openstack/stacks/_nova.py
@ -143,11 +143,15 @@ class ServerStackFixture(heat.HeatStackFixture, abc.ABC):
        """Flavor for Nova server instance"""
        return self.flavor_stack.flavor_id

-    #: Whenever port security on internal network is enable
-    port_security_enabled = False
+    @property
+    def port_security_enabled(self) -> bool:
+        """Whenever port security on internal network is enabled"""
+        return bool(self.security_groups)

-    #: Security groups to be associated to network ports
-    security_groups: typing.List[str] = []
+    @property
+    def security_groups(self) -> typing.List[str]:
+        """Security groups to be associated to network ports"""
+        return []

    @property
    def key_name(self) -> str:
--- a/tobiko/openstack/stacks/nova/server.yaml
+++ b/tobiko/openstack/stacks/nova/server.yaml
@ -34,7 +34,7 @@ parameters:
  port_security_enabled:
    type: boolean
    description: Whenever port security is enabled on server port
-    default: false
+    default: true

  security_groups:
    type: comma_delimited_list
--- a/tobiko/tests/scenario/neutron/test_floating_ip.py
+++ b/tobiko/tests/scenario/neutron/test_floating_ip.py
@ -14,6 +14,8 @@
 #    under the License.
 from __future__ import absolute_import

+import typing
+
 from oslo_log import log
 import testtools

@ -127,11 +129,8 @@ class FloatingIPWithPortSecurityFixture(stacks.CirrosServerStackFixture):
    security_groups_stack = tobiko.required_setup_fixture(
        stacks.SecurityGroupsFixture)

-    #: Enable port security on internal network
-    port_security_enabled = True
-
    @property
-    def security_groups(self):
+    def security_groups(self) -> typing.List[str]:
        """List with ICMP security group"""
        return [self.security_groups_stack.ssh_security_group_id]