From c0aee4c0d7620a32f5314ca938e4aca10c27adda Mon Sep 17 00:00:00 2001 From: spisarski Date: Wed, 10 Jan 2018 12:13:56 -0700 Subject: [PATCH] Added port security flag support to ports. Change-Id: Ib66607b7656093c5f0cd0e2cb4c0aa9c3b9c661a Signed-off-by: spisarski --- snaps/config/network.py | 24 +++++++++++++++++++++++- snaps/config/tests/network_tests.py | 7 ++++++- snaps/openstack/create_router.py | 29 +++++++++++++++-------------- snaps/openstack/utils/neutron_utils.py | 3 ++- 4 files changed, 46 insertions(+), 17 deletions(-) diff --git a/snaps/config/network.py b/snaps/config/network.py index f48cd27..39a4254 100644 --- a/snaps/config/network.py +++ b/snaps/config/network.py @@ -352,6 +352,9 @@ class PortConfig(object): self.fixed_ips. These values will be directly translated into the fixed_ips dict (optional) :param security_groups: One or more security group IDs. + :param port_security_enabled: When True, security groups will be + applied to the port else not + (default - True) :param allowed_address_pairs: A dictionary containing a set of zero or more allowed address pairs. An address pair contains an IP address and MAC @@ -362,6 +365,7 @@ class PortConfig(object): For example, a DHCP agent (optional) :param device_id: The ID of the device that uses this port. For example, a virtual server (optional) + :param extra_dhcp_opts: k/v of options to use with your DHCP (optional) :return: """ if 'port' in kwargs: @@ -379,11 +383,19 @@ class PortConfig(object): self.mac_address = kwargs.get('mac_address') self.ip_addrs = kwargs.get('ip_addrs') self.security_groups = kwargs.get('security_groups') + + if kwargs.get('port_security_enabled') is not None: + self.port_security_enabled = str2bool( + str(kwargs['port_security_enabled'])) + else: + self.port_security_enabled = None + self.allowed_address_pairs = kwargs.get('allowed_address_pairs') self.opt_value = kwargs.get('opt_value') self.opt_name = kwargs.get('opt_name') self.device_owner = kwargs.get('device_owner') self.device_id = kwargs.get('device_id') + self.extra_dhcp_opts = kwargs.get('extra_dhcp_opts') if not self.network_name: raise PortConfigError( @@ -461,7 +473,15 @@ class PortConfig(object): out['fixed_ips'] = fixed_ips if self.security_groups: - out['security_groups'] = self.security_groups + sec_grp_ids = list() + for sec_grp_name in self.security_groups: + sec_grp = neutron_utils.get_security_group( + neutron, sec_grp_name=sec_grp_name) + if sec_grp: + sec_grp_ids.append(sec_grp.id) + out['security_groups'] = sec_grp_ids + if self.port_security_enabled is not None: + out['port_security_enabled'] = self.port_security_enabled if self.allowed_address_pairs and len(self.allowed_address_pairs) > 0: out['allowed_address_pairs'] = self.allowed_address_pairs if self.opt_value: @@ -472,6 +492,8 @@ class PortConfig(object): out['device_owner'] = self.device_owner if self.device_id: out['device_id'] = self.device_id + if self.extra_dhcp_opts: + out['extra_dhcp_opts'] = self.extra_dhcp_opts return {'port': out} def __eq__(self, other): diff --git a/snaps/config/tests/network_tests.py b/snaps/config/tests/network_tests.py index 1fe1bb0..43b69c7 100644 --- a/snaps/config/tests/network_tests.py +++ b/snaps/config/tests/network_tests.py @@ -274,6 +274,7 @@ class PortConfigUnitTests(unittest.TestCase): self.assertIsNone(settings.mac_address) self.assertIsNone(settings.ip_addrs) self.assertIsNone(settings.security_groups) + self.assertIsNone(settings.port_security_enabled) self.assertIsNone(settings.allowed_address_pairs) self.assertIsNone(settings.opt_value) self.assertIsNone(settings.opt_name) @@ -287,7 +288,7 @@ class PortConfigUnitTests(unittest.TestCase): settings = PortConfig( name='foo', network_name='bar', admin_state_up=False, project_name='foo-project', mac_address='1234', ip_addrs=ip_addrs, - security_groups=['foo_grp_id'], + security_groups=['foo_grp_id'], port_security_enabled=False, allowed_address_pairs=allowed_address_pairs, opt_value='opt value', opt_name='opt name', device_owner='owner', device_id='device number') @@ -298,7 +299,9 @@ class PortConfigUnitTests(unittest.TestCase): self.assertEqual('1234', settings.mac_address) self.assertEqual(ip_addrs, settings.ip_addrs) self.assertEqual(1, len(settings.security_groups)) + self.assertFalse(settings.port_security_enabled) self.assertEqual('foo_grp_id', settings.security_groups[0]) + self.assertFalse(settings.port_security_enabled) self.assertEqual(allowed_address_pairs, settings.allowed_address_pairs) self.assertEqual('opt value', settings.opt_value) self.assertEqual('opt name', settings.opt_name) @@ -313,6 +316,7 @@ class PortConfigUnitTests(unittest.TestCase): **{'name': 'foo', 'network_name': 'bar', 'admin_state_up': False, 'project_name': 'foo-project', 'mac_address': '1234', 'ip_addrs': ip_addrs, 'security_groups': ['foo_grp_id'], + 'port_security_enabled': 'false', 'allowed_address_pairs': allowed_address_pairs, 'opt_value': 'opt value', 'opt_name': 'opt name', 'device_owner': 'owner', 'device_id': 'device number'}) @@ -323,6 +327,7 @@ class PortConfigUnitTests(unittest.TestCase): self.assertEqual('1234', settings.mac_address) self.assertEqual(ip_addrs, settings.ip_addrs) self.assertEqual(1, len(settings.security_groups)) + self.assertFalse(settings.port_security_enabled) self.assertEqual('foo_grp_id', settings.security_groups[0]) self.assertEqual(allowed_address_pairs, settings.allowed_address_pairs) self.assertEqual('opt value', settings.opt_value) diff --git a/snaps/openstack/create_router.py b/snaps/openstack/create_router.py index bf68347..4f95c3b 100644 --- a/snaps/openstack/create_router.py +++ b/snaps/openstack/create_router.py @@ -64,20 +64,21 @@ class OpenStackRouter(OpenStackNetworkObject): self.__router = neutron_utils.get_router( self._neutron, router_settings=self.router_settings) - for internal_subnet_name in self.router_settings.internal_subnets: - internal_subnet = neutron_utils.get_subnet( - self._neutron, subnet_name=internal_subnet_name) - if internal_subnet: - self.__internal_subnets.append(internal_subnet) - else: - raise RouterCreationError( - 'Subnet not found with name ' + internal_subnet_name) - - for port_setting in self.router_settings.port_settings: - port = neutron_utils.get_port( - self._neutron, port_settings=port_setting) - if port: - self.__ports.append(port) + if self.__router: + for internal_subnet_name in self.router_settings.internal_subnets: + internal_subnet = neutron_utils.get_subnet( + self._neutron, subnet_name=internal_subnet_name) + if internal_subnet: + self.__internal_subnets.append(internal_subnet) + else: + raise RouterCreationError( + 'Subnet not found with name ' + internal_subnet_name) + + for port_setting in self.router_settings.port_settings: + port = neutron_utils.get_port( + self._neutron, port_settings=port_setting) + if port: + self.__ports.append(port) return self.__router diff --git a/snaps/openstack/utils/neutron_utils.py b/snaps/openstack/utils/neutron_utils.py index 9b6379a..e94a40e 100644 --- a/snaps/openstack/utils/neutron_utils.py +++ b/snaps/openstack/utils/neutron_utils.py @@ -499,7 +499,8 @@ def get_port(neutron, port_settings=None, port_name=None): if port_settings.network_name: network = get_network(neutron, network_name=port_settings.network_name) - port_filter['network_id'] = network.id + if network: + port_filter['network_id'] = network.id elif port_name: port_filter['name'] = port_name -- 2.16.6