x/vmware-nsx
Code Issues Proposed changes

Fixed audit notifications for dhcp-agent-network

Browse Source 
dhcp-agent-network-add and dhcp-agent-network-remove do not
generate audit notifications which are used for security
compliance.
CRUD operations of core network resources are handled by
neutron/api/v2/base.py. In base.py, each of create(), update(),
delete() methods makes calls to oslo.messaging.Notifier.info()
to generate these notifications.
In the proposed fix, it is fixed in a similar fashion in
extensions/dhcpagentscheduler.py inside create() and delete()
methods by introducing info() method calls inside them.

Change-Id: Ia23b981b2fbe739d22ebaa7bb0975fb9e39f881b
Closes-Bug: 1317008
This commit is contained in:
Maruti 2014-06-06 01:30:51 -07:00
parent 7124422a4f
commit 1fcd774efe
2 changed files with 30 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
neutron/extensions/dhcpagentscheduler.py
View File

@ -20,6 +20,7 @@ from neutron.api.v2 import base
from neutron.api.v2 import resource from neutron.api.v2 import resource
from neutron.common import constants from neutron.common import constants
from neutron.common import exceptions from neutron.common import exceptions
from neutron.common import rpc as n_rpc
from neutron.extensions import agent from neutron.extensions import agent
from neutron import manager from neutron import manager
from neutron import policy from neutron import policy
@ -45,16 +46,23 @@ class NetworkSchedulerController(wsgi.Controller):
policy.enforce(request.context, policy.enforce(request.context,
"create_%s" % DHCP_NET, "create_%s" % DHCP_NET,
{}) {})
return plugin.add_network_to_dhcp_agent( agent_id = kwargs['agent_id']
request.context, kwargs['agent_id'], body['network_id']) network_id = body['network_id']
result = plugin.add_network_to_dhcp_agent(request.context, agent_id,
network_id)
notify(request.context, 'dhcp_agent.network.add', network_id, agent_id)
return result
def delete(self, request, id, **kwargs): def delete(self, request, id, **kwargs):
plugin = manager.NeutronManager.get_plugin() plugin = manager.NeutronManager.get_plugin()
policy.enforce(request.context, policy.enforce(request.context,
"delete_%s" % DHCP_NET, "delete_%s" % DHCP_NET,
{}) {})
return plugin.remove_network_from_dhcp_agent( agent_id = kwargs['agent_id']
request.context, kwargs['agent_id'], id) result = plugin.remove_network_from_dhcp_agent(request.context,
agent_id, id)
notify(request.context, 'dhcp_agent.network.remove', id, agent_id)
return result
class DhcpAgentsHostingNetworkController(wsgi.Controller): class DhcpAgentsHostingNetworkController(wsgi.Controller):
@ -150,3 +158,9 @@ class DhcpAgentSchedulerPluginBase(object):
@abc.abstractmethod @abc.abstractmethod
def list_dhcp_agents_hosting_network(self, context, network_id): def list_dhcp_agents_hosting_network(self, context, network_id):
pass pass
def notify(context, action, network_id, agent_id):
info = {'id': agent_id, 'network_id': network_id}
notifier = n_rpc.get_notifier('network')
notifier.info(context, action, {'agent': info})

14
neutron/tests/unit/openvswitch/test_agent_scheduler.py
View File

@ -228,9 +228,12 @@ class OvsAgentSchedulerTestCaseBase(test_l3_plugin.L3NatTestCaseMixin,
self.l3agentscheduler_dbMinxin = ( self.l3agentscheduler_dbMinxin = (
manager.NeutronManager.get_service_plugins().get( manager.NeutronManager.get_service_plugins().get(
service_constants.L3_ROUTER_NAT)) service_constants.L3_ROUTER_NAT))
self.notify_p = mock.patch( self.l3_notify_p = mock.patch(
'neutron.extensions.l3agentscheduler.notify') 'neutron.extensions.l3agentscheduler.notify')
self.patched_notify = self.notify_p.start() self.patched_l3_notify = self.l3_notify_p.start()
self.dhcp_notify_p = mock.patch(
'neutron.extensions.dhcpagentscheduler.notify')
self.patched_dhcp_notify = self.dhcp_notify_p.start()
def restore_attribute_map(self): def restore_attribute_map(self):
# Restore the original RESOURCE_ATTRIBUTE_MAP # Restore the original RESOURCE_ATTRIBUTE_MAP
@ -1048,6 +1051,7 @@ class OvsDhcpAgentNotifierTestCase(test_l3_plugin.L3NatTestCaseMixin,
attributes.RESOURCE_ATTRIBUTE_MAP.update( attributes.RESOURCE_ATTRIBUTE_MAP.update(
agent.RESOURCE_ATTRIBUTE_MAP) agent.RESOURCE_ATTRIBUTE_MAP)
self.addCleanup(self.restore_attribute_map) self.addCleanup(self.restore_attribute_map)
fake_notifier.reset()
def restore_attribute_map(self): def restore_attribute_map(self):
# Restore the original RESOURCE_ATTRIBUTE_MAP # Restore the original RESOURCE_ATTRIBUTE_MAP
@ -1067,6 +1071,9 @@ class OvsDhcpAgentNotifierTestCase(test_l3_plugin.L3NatTestCaseMixin,
'network_create_end', 'network_create_end',
payload={'network': {'id': network_id}}), payload={'network': {'id': network_id}}),
topic='dhcp_agent.' + DHCP_HOSTA) topic='dhcp_agent.' + DHCP_HOSTA)
notifications = fake_notifier.NOTIFICATIONS
expected_event_type = 'dhcp_agent.network.add'
self._assert_notify(notifications, expected_event_type)
def test_network_remove_from_dhcp_agent_notification(self): def test_network_remove_from_dhcp_agent_notification(self):
with self.network(do_delete=False) as net1: with self.network(do_delete=False) as net1:
@ -1085,6 +1092,9 @@ class OvsDhcpAgentNotifierTestCase(test_l3_plugin.L3NatTestCaseMixin,
'network_delete_end', 'network_delete_end',
payload={'network_id': network_id}), payload={'network_id': network_id}),
topic='dhcp_agent.' + DHCP_HOSTA) topic='dhcp_agent.' + DHCP_HOSTA)
notifications = fake_notifier.NOTIFICATIONS
expected_event_type = 'dhcp_agent.network.remove'
self._assert_notify(notifications, expected_event_type)
def test_agent_updated_dhcp_agent_notification(self): def test_agent_updated_dhcp_agent_notification(self):
self._register_agent_states() self._register_agent_states()