Fixed audit notifications for dhcp-agent-network

dhcp-agent-network-add and dhcp-agent-network-remove do not generate audit notifications which are used for security compliance. CRUD operations of core network resources are handled by neutron/api/v2/base.py. In base.py, each of create(), update(), delete() methods makes calls to oslo.messaging.Notifier.info() to generate these notifications. In the proposed fix, it is fixed in a similar fashion in extensions/dhcpagentscheduler.py inside create() and delete() methods by introducing info() method calls inside them. Change-Id: Ia23b981b2fbe739d22ebaa7bb0975fb9e39f881b Closes-Bug: 1317008
2014-06-06 01:30:51 -07:00 · 2014-06-06 01:30:51 -07:00 · 1fcd774efe
commit 1fcd774efe
parent 7124422a4f
2 changed files with 30 additions and 6 deletions
--- a/neutron/extensions/dhcpagentscheduler.py
+++ b/neutron/extensions/dhcpagentscheduler.py
@ -20,6 +20,7 @@ from neutron.api.v2 import base
 from neutron.api.v2 import resource
 from neutron.common import constants
 from neutron.common import exceptions
+from neutron.common import rpc as n_rpc
 from neutron.extensions import agent
 from neutron import manager
 from neutron import policy
@ -45,16 +46,23 @@ class NetworkSchedulerController(wsgi.Controller):
        policy.enforce(request.context,
                       "create_%s" % DHCP_NET,
                       {})
-        return plugin.add_network_to_dhcp_agent(
-            request.context, kwargs['agent_id'], body['network_id'])
+        agent_id = kwargs['agent_id']
+        network_id = body['network_id']
+        result = plugin.add_network_to_dhcp_agent(request.context, agent_id,
+                                                  network_id)
+        notify(request.context, 'dhcp_agent.network.add', network_id, agent_id)
+        return result

    def delete(self, request, id, **kwargs):
        plugin = manager.NeutronManager.get_plugin()
        policy.enforce(request.context,
                       "delete_%s" % DHCP_NET,
                       {})
-        return plugin.remove_network_from_dhcp_agent(
-            request.context, kwargs['agent_id'], id)
+        agent_id = kwargs['agent_id']
+        result = plugin.remove_network_from_dhcp_agent(request.context,
+                                                       agent_id, id)
+        notify(request.context, 'dhcp_agent.network.remove', id, agent_id)
+        return result


 class DhcpAgentsHostingNetworkController(wsgi.Controller):
@ -150,3 +158,9 @@ class DhcpAgentSchedulerPluginBase(object):
    @abc.abstractmethod
    def list_dhcp_agents_hosting_network(self, context, network_id):
        pass
+
+
+def notify(context, action, network_id, agent_id):
+    info = {'id': agent_id, 'network_id': network_id}
+    notifier = n_rpc.get_notifier('network')
+    notifier.info(context, action, {'agent': info})
--- a/neutron/tests/unit/openvswitch/test_agent_scheduler.py
+++ b/neutron/tests/unit/openvswitch/test_agent_scheduler.py
@ -228,9 +228,12 @@ class OvsAgentSchedulerTestCaseBase(test_l3_plugin.L3NatTestCaseMixin,
        self.l3agentscheduler_dbMinxin = (
            manager.NeutronManager.get_service_plugins().get(
                service_constants.L3_ROUTER_NAT))
-        self.notify_p = mock.patch(
+        self.l3_notify_p = mock.patch(
            'neutron.extensions.l3agentscheduler.notify')
-        self.patched_notify = self.notify_p.start()
+        self.patched_l3_notify = self.l3_notify_p.start()
+        self.dhcp_notify_p = mock.patch(
+            'neutron.extensions.dhcpagentscheduler.notify')
+        self.patched_dhcp_notify = self.dhcp_notify_p.start()

    def restore_attribute_map(self):
        # Restore the original RESOURCE_ATTRIBUTE_MAP
@ -1048,6 +1051,7 @@ class OvsDhcpAgentNotifierTestCase(test_l3_plugin.L3NatTestCaseMixin,
        attributes.RESOURCE_ATTRIBUTE_MAP.update(
            agent.RESOURCE_ATTRIBUTE_MAP)
        self.addCleanup(self.restore_attribute_map)
+        fake_notifier.reset()

    def restore_attribute_map(self):
        # Restore the original RESOURCE_ATTRIBUTE_MAP
@ -1067,6 +1071,9 @@ class OvsDhcpAgentNotifierTestCase(test_l3_plugin.L3NatTestCaseMixin,
                'network_create_end',
                payload={'network': {'id': network_id}}),
            topic='dhcp_agent.' + DHCP_HOSTA)
+        notifications = fake_notifier.NOTIFICATIONS
+        expected_event_type = 'dhcp_agent.network.add'
+        self._assert_notify(notifications, expected_event_type)

    def test_network_remove_from_dhcp_agent_notification(self):
        with self.network(do_delete=False) as net1:
@ -1085,6 +1092,9 @@ class OvsDhcpAgentNotifierTestCase(test_l3_plugin.L3NatTestCaseMixin,
                'network_delete_end',
                payload={'network_id': network_id}),
            topic='dhcp_agent.' + DHCP_HOSTA)
+        notifications = fake_notifier.NOTIFICATIONS
+        expected_event_type = 'dhcp_agent.network.remove'
+        self._assert_notify(notifications, expected_event_type)

    def test_agent_updated_dhcp_agent_notification(self):
        self._register_agent_states()