Fixed audit notifications for dhcp-agent-network

dhcp-agent-network-add and dhcp-agent-network-remove do not
generate audit notifications which are used for security
compliance.
CRUD operations of core network resources are handled by
neutron/api/v2/base.py. In base.py, each of create(), update(),
delete() methods makes calls to oslo.messaging.Notifier.info()
to generate these notifications.
In the proposed fix, it is fixed in a similar fashion in
extensions/dhcpagentscheduler.py inside create() and delete()
methods by introducing info() method calls inside them.

Change-Id: Ia23b981b2fbe739d22ebaa7bb0975fb9e39f881b
Closes-Bug: 1317008

diff --git a/neutron/extensions/dhcpagentscheduler.py b/neutron/extensions/dhcpagentscheduler.py
index d86ba614f908e9d9e7b51e858c0bfbb57c418bee..42817cd1fb1723ed08595eb31124923f97d2e3e6 100644 (file)
--- a/neutron/extensions/dhcpagentscheduler.py
+++ b/neutron/extensions/dhcpagentscheduler.py
@@ -20,6 +20,7 @@ from neutron.api.v2 import base
 from neutron.api.v2 import resource
 from neutron.common import constants
 from neutron.common import exceptions
+from neutron.common import rpc as n_rpc
 from neutron.extensions import agent
 from neutron import manager
 from neutron import policy
@@ -45,16 +46,23 @@ class NetworkSchedulerController(wsgi.Controller):
         policy.enforce(request.context,
                        "create_%s" % DHCP_NET,
                        {})
-        return plugin.add_network_to_dhcp_agent(
-            request.context, kwargs['agent_id'], body['network_id'])
+        agent_id = kwargs['agent_id']
+        network_id = body['network_id']
+        result = plugin.add_network_to_dhcp_agent(request.context, agent_id,
+                                                  network_id)
+        notify(request.context, 'dhcp_agent.network.add', network_id, agent_id)
+        return result
 
     def delete(self, request, id, **kwargs):
         plugin = manager.NeutronManager.get_plugin()
         policy.enforce(request.context,
                        "delete_%s" % DHCP_NET,
                        {})
-        return plugin.remove_network_from_dhcp_agent(
-            request.context, kwargs['agent_id'], id)
+        agent_id = kwargs['agent_id']
+        result = plugin.remove_network_from_dhcp_agent(request.context,
+                                                       agent_id, id)
+        notify(request.context, 'dhcp_agent.network.remove', id, agent_id)
+        return result
 
 
 class DhcpAgentsHostingNetworkController(wsgi.Controller):
@@ -150,3 +158,9 @@ class DhcpAgentSchedulerPluginBase(object):
     @abc.abstractmethod
     def list_dhcp_agents_hosting_network(self, context, network_id):
         pass
+
+
+def notify(context, action, network_id, agent_id):
+    info = {'id': agent_id, 'network_id': network_id}
+    notifier = n_rpc.get_notifier('network')
+    notifier.info(context, action, {'agent': info})

diff --git a/neutron/tests/unit/openvswitch/test_agent_scheduler.py b/neutron/tests/unit/openvswitch/test_agent_scheduler.py
index f094daabc9c5702261bc666c734e3da580534589..798188d714dbc8989d7405699e8852492fe6d325 100644 (file)
--- a/neutron/tests/unit/openvswitch/test_agent_scheduler.py
+++ b/neutron/tests/unit/openvswitch/test_agent_scheduler.py
@@ -228,9 +228,12 @@ class OvsAgentSchedulerTestCaseBase(test_l3_plugin.L3NatTestCaseMixin,
         self.l3agentscheduler_dbMinxin = (
             manager.NeutronManager.get_service_plugins().get(
                 service_constants.L3_ROUTER_NAT))
-        self.notify_p = mock.patch(
+        self.l3_notify_p = mock.patch(
             'neutron.extensions.l3agentscheduler.notify')
-        self.patched_notify = self.notify_p.start()
+        self.patched_l3_notify = self.l3_notify_p.start()
+        self.dhcp_notify_p = mock.patch(
+            'neutron.extensions.dhcpagentscheduler.notify')
+        self.patched_dhcp_notify = self.dhcp_notify_p.start()
 
     def restore_attribute_map(self):
         # Restore the original RESOURCE_ATTRIBUTE_MAP
@@ -1048,6 +1051,7 @@ class OvsDhcpAgentNotifierTestCase(test_l3_plugin.L3NatTestCaseMixin,
         attributes.RESOURCE_ATTRIBUTE_MAP.update(
             agent.RESOURCE_ATTRIBUTE_MAP)
         self.addCleanup(self.restore_attribute_map)
+        fake_notifier.reset()
 
     def restore_attribute_map(self):
         # Restore the original RESOURCE_ATTRIBUTE_MAP
@@ -1067,6 +1071,9 @@ class OvsDhcpAgentNotifierTestCase(test_l3_plugin.L3NatTestCaseMixin,
                 'network_create_end',
                 payload={'network': {'id': network_id}}),
             topic='dhcp_agent.' + DHCP_HOSTA)
+        notifications = fake_notifier.NOTIFICATIONS
+        expected_event_type = 'dhcp_agent.network.add'
+        self._assert_notify(notifications, expected_event_type)
 
     def test_network_remove_from_dhcp_agent_notification(self):
         with self.network(do_delete=False) as net1:
@@ -1085,6 +1092,9 @@ class OvsDhcpAgentNotifierTestCase(test_l3_plugin.L3NatTestCaseMixin,
                 'network_delete_end',
                 payload={'network_id': network_id}),
             topic='dhcp_agent.' + DHCP_HOSTA)
+        notifications = fake_notifier.NOTIFICATIONS
+        expected_event_type = 'dhcp_agent.network.remove'
+        self._assert_notify(notifications, expected_event_type)
 
     def test_agent_updated_dhcp_agent_notification(self):
         self._register_agent_states()