Adds toggle port security on network create
Added a new property, 'port_security_enabled' which is a boolean to enable or disable port_secuirty during network creation. The default behavior will enable port security, security group and anti spoofing will act as before. When the attribute is set to False, security group and anti spoofing are disabled on the ports created on this network. Change-Id: If984a82ca5f6fb69ee644f4fa84333df09d7f8bc
This commit is contained in:
Rarm Nagalingam
parent
4b5754fd5a
commit
5b81959b32
@ -0,0 +1,9 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Added a new property, 'port_security_enabled' which is a boolean
|
||||||
|
to enable or disable port_secuirty during network creation. The
|
||||||
|
default behavior will enable port security, security group and
|
||||||
|
anti spoofing will act as before. When the attribute is set to
|
||||||
|
False, security group and anti spoofing are disabled on the ports
|
||||||
|
created on this network.
|
||||||
@ -3420,7 +3420,8 @@ class OpenStackCloud(
|
|||||||
|
|
||||||
def create_network(self, name, shared=False, admin_state_up=True,
|
def create_network(self, name, shared=False, admin_state_up=True,
|
||||||
external=False, provider=None, project_id=None,
|
external=False, provider=None, project_id=None,
|
||||||
availability_zone_hints=None):
|
availability_zone_hints=None,
|
||||||
|
port_security_enabled=None):
|
||||||
"""Create a network.
|
"""Create a network.
|
||||||
|
|
||||||
:param string name: Name of the network being created.
|
:param string name: Name of the network being created.
|
||||||
@ -3433,6 +3434,7 @@ class OpenStackCloud(
|
|||||||
:param string project_id: Specify the project ID this network
|
:param string project_id: Specify the project ID this network
|
||||||
will be created on (admin-only).
|
will be created on (admin-only).
|
||||||
:param list availability_zone_hints: A list of availability zone hints.
|
:param list availability_zone_hints: A list of availability zone hints.
|
||||||
|
:param bool port_security_enabled: Enable / Disable port security
|
||||||
|
|
||||||
:returns: The network object.
|
:returns: The network object.
|
||||||
:raises: OpenStackCloudException on operation error.
|
:raises: OpenStackCloudException on operation error.
|
||||||
@ -3475,6 +3477,12 @@ class OpenStackCloud(
|
|||||||
if external:
|
if external:
|
||||||
network['router:external'] = True
|
network['router:external'] = True
|
||||||
|
|
||||||
|
if port_security_enabled is not None:
|
||||||
|
if not isinstance(port_security_enabled, bool):
|
||||||
|
raise OpenStackCloudException(
|
||||||
|
"Parameter 'port_security_enabled' must be a bool")
|
||||||
|
network['port_security_enabled'] = port_security_enabled
|
||||||
|
|
||||||
data = self._network_client.post("/networks.json",
|
data = self._network_client.post("/networks.json",
|
||||||
json={'network': network})
|
json={'network': network})
|
||||||
|
|
||||||
|
|||||||
@ -49,6 +49,7 @@ class TestNetwork(base.BaseFunctionalTestCase):
|
|||||||
self.assertFalse(net1['shared'])
|
self.assertFalse(net1['shared'])
|
||||||
self.assertFalse(net1['router:external'])
|
self.assertFalse(net1['router:external'])
|
||||||
self.assertTrue(net1['admin_state_up'])
|
self.assertTrue(net1['admin_state_up'])
|
||||||
|
self.assertTrue(net1['port_security_enabled'])
|
||||||
|
|
||||||
def test_get_network_by_id(self):
|
def test_get_network_by_id(self):
|
||||||
net1 = self.operator_cloud.create_network(name=self.network_name)
|
net1 = self.operator_cloud.create_network(name=self.network_name)
|
||||||
@ -97,6 +98,18 @@ class TestNetwork(base.BaseFunctionalTestCase):
|
|||||||
self.assertEqual('public', net1['provider:physical_network'])
|
self.assertEqual('public', net1['provider:physical_network'])
|
||||||
self.assertIsNone(net1['provider:segmentation_id'])
|
self.assertIsNone(net1['provider:segmentation_id'])
|
||||||
|
|
||||||
|
def test_create_network_port_security_disabled(self):
|
||||||
|
net1 = self.operator_cloud.create_network(
|
||||||
|
name=self.network_name,
|
||||||
|
port_security_enabled=False,
|
||||||
|
)
|
||||||
|
self.assertIn('id', net1)
|
||||||
|
self.assertEqual(self.network_name, net1['name'])
|
||||||
|
self.assertTrue(net1['admin_state_up'])
|
||||||
|
self.assertFalse(net1['shared'])
|
||||||
|
self.assertFalse(net1['router:external'])
|
||||||
|
self.assertFalse(net1['port_security_enabled'])
|
||||||
|
|
||||||
def test_list_networks_filtered(self):
|
def test_list_networks_filtered(self):
|
||||||
net1 = self.operator_cloud.create_network(name=self.network_name)
|
net1 = self.operator_cloud.create_network(name=self.network_name)
|
||||||
self.assertIsNotNone(net1)
|
self.assertIsNotNone(net1)
|
||||||
|
|||||||
@ -228,6 +228,28 @@ class TestNetwork(base.RequestsMockTestCase):
|
|||||||
):
|
):
|
||||||
self.cloud.create_network("netname", provider=provider_opts)
|
self.cloud.create_network("netname", provider=provider_opts)
|
||||||
|
|
||||||
|
def test_create_network_port_security_disabled(self):
|
||||||
|
port_security_state = False
|
||||||
|
mock_new_network_rep = copy.copy(self.mock_new_network_rep)
|
||||||
|
mock_new_network_rep['port_security_enabled'] = port_security_state
|
||||||
|
self.register_uris([
|
||||||
|
dict(method='POST',
|
||||||
|
uri=self.get_mock_url(
|
||||||
|
'network', 'public', append=['v2.0', 'networks.json']),
|
||||||
|
json={'network': mock_new_network_rep},
|
||||||
|
validate=dict(
|
||||||
|
json={'network': {
|
||||||
|
'admin_state_up': True,
|
||||||
|
'name': 'netname',
|
||||||
|
'port_security_enabled': port_security_state}}))
|
||||||
|
])
|
||||||
|
network = self.cloud.create_network(
|
||||||
|
"netname",
|
||||||
|
port_security_enabled=port_security_state
|
||||||
|
)
|
||||||
|
self.assertEqual(mock_new_network_rep, network)
|
||||||
|
self.assert_calls()
|
||||||
|
|
||||||
def test_delete_network(self):
|
def test_delete_network(self):
|
||||||
network_id = "test-net-id"
|
network_id = "test-net-id"
|
||||||
network_name = "network"
|
network_name = "network"
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user