From 18dfd363c320ba67567fd55a2d47ffa6ea6c7bd2 Mon Sep 17 00:00:00 2001 From: Maruti Date: Sat, 7 Jun 2014 05:42:45 -0700 Subject: [PATCH] Fixed audit notifications for l3-agent-router ops l3-agent-router-add and l3-agent-router-remove do not generate audit notifications which are used for security compliance. CRUD operations of core network resources are handled by neutron/api/v2/base.py. In base.py, each of create(), update(), delete() methods makes calls to oslo.messaging.Notifier.info() to generate these notifications. In the proposed fix, it is fixed in a similar fashion in extensions/l3agentscheduler.py inside create() and delete() methods by introducing info() method calls inside them. Change-Id: I1354e51e4af24eda128c042926765683018b320b Closes-Bug: 1317000 --- neutron/extensions/l3agentscheduler.py | 24 ++++++++++++++----- .../unit/openvswitch/test_agent_scheduler.py | 15 ++++++++++++ 2 files changed, 33 insertions(+), 6 deletions(-) diff --git a/neutron/extensions/l3agentscheduler.py b/neutron/extensions/l3agentscheduler.py index 689cc9ba9..8e110e10e 100644 --- a/neutron/extensions/l3agentscheduler.py +++ b/neutron/extensions/l3agentscheduler.py @@ -22,6 +22,7 @@ from neutron.api.v2 import base from neutron.api.v2 import resource from neutron.common import constants from neutron.common import exceptions +from neutron.common import rpc as n_rpc from neutron.extensions import agent from neutron import manager from neutron.openstack.common import log as logging @@ -63,18 +64,23 @@ class RouterSchedulerController(wsgi.Controller): policy.enforce(request.context, "create_%s" % L3_ROUTER, {}) - return plugin.add_router_to_l3_agent( - request.context, - kwargs['agent_id'], - body['router_id']) + agent_id = kwargs['agent_id'] + router_id = body['router_id'] + result = plugin.add_router_to_l3_agent(request.context, agent_id, + router_id) + notify(request.context, 'l3_agent.router.add', router_id, agent_id) + return result def delete(self, request, id, **kwargs): plugin = self.get_plugin() policy.enforce(request.context, "delete_%s" % L3_ROUTER, {}) - return plugin.remove_router_from_l3_agent( - request.context, kwargs['agent_id'], id) + agent_id = kwargs['agent_id'] + result = plugin.remove_router_from_l3_agent(request.context, agent_id, + id) + notify(request.context, 'l3_agent.router.remove', id, agent_id) + return result class L3AgentsHostingRouterController(wsgi.Controller): @@ -192,3 +198,9 @@ class L3AgentSchedulerPluginBase(object): @abc.abstractmethod def list_l3_agents_hosting_router(self, context, router_id): pass + + +def notify(context, action, router_id, agent_id): + info = {'id': agent_id, 'router_id': router_id} + notifier = n_rpc.get_notifier('router') + notifier.info(context, action, {'agent': info}) diff --git a/neutron/tests/unit/openvswitch/test_agent_scheduler.py b/neutron/tests/unit/openvswitch/test_agent_scheduler.py index 04ef593b5..5da6c4708 100644 --- a/neutron/tests/unit/openvswitch/test_agent_scheduler.py +++ b/neutron/tests/unit/openvswitch/test_agent_scheduler.py @@ -35,6 +35,7 @@ from neutron import manager from neutron.openstack.common import timeutils from neutron.openstack.common import uuidutils from neutron.plugins.common import constants as service_constants +from neutron.tests import fake_notifier from neutron.tests.unit import test_agent_ext_plugin from neutron.tests.unit import test_db_plugin as test_plugin from neutron.tests.unit import test_extensions @@ -170,6 +171,10 @@ class AgentSchedulerTestMixIn(object): res = req.get_response(self.ext_api) self.assertEqual(res.status_int, expected_code) + def _assert_notify(self, notifications, expected_event_type): + event_types = [event['event_type'] for event in notifications] + self.assertIn(expected_event_type, event_types) + def _register_one_agent_state(self, agent_state): callback = agents_db.AgentExtRpcCallback() callback.report_state(self.adminContext, @@ -223,6 +228,9 @@ class OvsAgentSchedulerTestCaseBase(test_l3_plugin.L3NatTestCaseMixin, self.l3agentscheduler_dbMinxin = ( manager.NeutronManager.get_service_plugins().get( service_constants.L3_ROUTER_NAT)) + self.notify_p = mock.patch( + 'neutron.extensions.l3agentscheduler.notify') + self.patched_notify = self.notify_p.start() def restore_attribute_map(self): # Restore the original RESOURCE_ATTRIBUTE_MAP @@ -1186,6 +1194,7 @@ class OvsL3AgentNotifierTestCase(test_l3_plugin.L3NatTestCaseMixin, attributes.RESOURCE_ATTRIBUTE_MAP.update( agent.RESOURCE_ATTRIBUTE_MAP) self.addCleanup(self.restore_attribute_map) + fake_notifier.reset() def restore_attribute_map(self): # Restore the original RESOURCE_ATTRIBUTE_MAP @@ -1208,6 +1217,9 @@ class OvsL3AgentNotifierTestCase(test_l3_plugin.L3NatTestCaseMixin, 'router_added_to_agent', payload=routers), topic='l3_agent.hosta') + notifications = fake_notifier.NOTIFICATIONS + expected_event_type = 'l3_agent.router.add' + self._assert_notify(notifications, expected_event_type) def test_router_remove_from_l3_agent_notification(self): plugin = manager.NeutronManager.get_plugin() @@ -1226,6 +1238,9 @@ class OvsL3AgentNotifierTestCase(test_l3_plugin.L3NatTestCaseMixin, 'router_removed_from_agent', payload={'router_id': router1['router']['id']}), topic='l3_agent.hosta') + notifications = fake_notifier.NOTIFICATIONS + expected_event_type = 'l3_agent.router.remove' + self._assert_notify(notifications, expected_event_type) def test_agent_updated_l3_agent_notification(self): plugin = manager.NeutronManager.get_plugin() -- 2.45.2