From 8eb788af07ed88166db7b8a58ce1fecacd7a29b1 Mon Sep 17 00:00:00 2001 From: Rarm Nagalingam Date: Thu, 8 Mar 2018 10:39:27 +1100 Subject: [PATCH] Adds toggle port security on network create Added a new property, 'port_security_enabled' which is a boolean to enable or disable port_secuirty during network creation. The default behavior will enable port security, security group and anti spoofing will act as before. When the attribute is set to False, security group and anti spoofing are disabled on the ports created on this network. Change-Id: If984a82ca5f6fb69ee644f4fa84333df09d7f8bc --- openstack/cloud/openstackcloud.py | 10 ++++++++- .../tests/functional/cloud/test_network.py | 13 +++++++++++ openstack/tests/unit/cloud/test_network.py | 22 +++++++++++++++++++ ...toggle-port-security-f5bc606e82141feb.yaml | 9 ++++++++ 4 files changed, 53 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/toggle-port-security-f5bc606e82141feb.yaml diff --git a/openstack/cloud/openstackcloud.py b/openstack/cloud/openstackcloud.py index 7a8e2c234..4e8aa106d 100755 --- a/openstack/cloud/openstackcloud.py +++ b/openstack/cloud/openstackcloud.py @@ -3335,7 +3335,8 @@ class OpenStackCloud(_normalize.Normalizer): def create_network(self, name, shared=False, admin_state_up=True, external=False, provider=None, project_id=None, - availability_zone_hints=None): + availability_zone_hints=None, + port_security_enabled=None): """Create a network. :param string name: Name of the network being created. @@ -3349,6 +3350,7 @@ class OpenStackCloud(_normalize.Normalizer): will be created on (admin-only). :param types.ListType availability_zone_hints: A list of availability zone hints. + :param bool port_security_enabled: Enable / Disable port security :returns: The network object. :raises: OpenStackCloudException on operation error. @@ -3391,6 +3393,12 @@ class OpenStackCloud(_normalize.Normalizer): if external: network['router:external'] = True + if port_security_enabled is not None: + if not isinstance(port_security_enabled, bool): + raise exc.OpenStackCloudException( + "Parameter 'port_security_enabled' must be a bool") + network['port_security_enabled'] = port_security_enabled + data = self._network_client.post("/networks.json", json={'network': network}) diff --git a/openstack/tests/functional/cloud/test_network.py b/openstack/tests/functional/cloud/test_network.py index 48395bd8d..a4911b9e4 100644 --- a/openstack/tests/functional/cloud/test_network.py +++ b/openstack/tests/functional/cloud/test_network.py @@ -49,6 +49,7 @@ class TestNetwork(base.BaseFunctionalTestCase): self.assertFalse(net1['shared']) self.assertFalse(net1['router:external']) self.assertTrue(net1['admin_state_up']) + self.assertTrue(net1['port_security_enabled']) def test_get_network_by_id(self): net1 = self.operator_cloud.create_network(name=self.network_name) @@ -97,6 +98,18 @@ class TestNetwork(base.BaseFunctionalTestCase): self.assertEqual('public', net1['provider:physical_network']) self.assertIsNone(net1['provider:segmentation_id']) + def test_create_network_port_security_disabled(self): + net1 = self.operator_cloud.create_network( + name=self.network_name, + port_security_enabled=False, + ) + self.assertIn('id', net1) + self.assertEqual(self.network_name, net1['name']) + self.assertTrue(net1['admin_state_up']) + self.assertFalse(net1['shared']) + self.assertFalse(net1['router:external']) + self.assertFalse(net1['port_security_enabled']) + def test_list_networks_filtered(self): net1 = self.operator_cloud.create_network(name=self.network_name) self.assertIsNotNone(net1) diff --git a/openstack/tests/unit/cloud/test_network.py b/openstack/tests/unit/cloud/test_network.py index 6d061d49c..5075b87a7 100644 --- a/openstack/tests/unit/cloud/test_network.py +++ b/openstack/tests/unit/cloud/test_network.py @@ -229,6 +229,28 @@ class TestNetwork(base.TestCase): ): self.cloud.create_network("netname", provider=provider_opts) + def test_create_network_port_security_disabled(self): + port_security_state = False + mock_new_network_rep = copy.copy(self.mock_new_network_rep) + mock_new_network_rep['port_security_enabled'] = port_security_state + self.register_uris([ + dict(method='POST', + uri=self.get_mock_url( + 'network', 'public', append=['v2.0', 'networks.json']), + json={'network': mock_new_network_rep}, + validate=dict( + json={'network': { + 'admin_state_up': True, + 'name': 'netname', + 'port_security_enabled': port_security_state}})) + ]) + network = self.cloud.create_network( + "netname", + port_security_enabled=port_security_state + ) + self.assertEqual(mock_new_network_rep, network) + self.assert_calls() + def test_delete_network(self): network_id = "test-net-id" network_name = "network" diff --git a/releasenotes/notes/toggle-port-security-f5bc606e82141feb.yaml b/releasenotes/notes/toggle-port-security-f5bc606e82141feb.yaml new file mode 100644 index 000000000..821a20fb6 --- /dev/null +++ b/releasenotes/notes/toggle-port-security-f5bc606e82141feb.yaml @@ -0,0 +1,9 @@ +--- +features: + - | + Added a new property, 'port_security_enabled' which is a boolean + to enable or disable port_secuirty during network creation. The + default behavior will enable port security, security group and + anti spoofing will act as before. When the attribute is set to + False, security group and anti spoofing are disabled on the ports + created on this network.