Allow configuration of IP address filter regexs

Trove filters what IP addresses are exposed on the Trove API. This change allows the configuration of the Trove regular expressions to be used for filtering. There is a network label, black list and white list regular expressions that can be specified. The default is set to expose all addresses. Change-Id: I89aad1d7d38d3a96728c31241e8cf1fc483aba81
2017-10-30 14:12:16 -05:00 · 2017-10-30 14:12:16 -05:00 · 7a6e01d177
parent 3413824166
commit 7a6e01d177
3 changed files with 49 additions and 0 deletions
--- a/src/config.yaml
+++ b/src/config.yaml
@ -77,3 +77,18 @@ options:
    description: |
        Nova config drive will be used with cloud-init to inject parameters and
        files into the database instances.
+  trove-network-label-regex:
+    default: ".*"
+    type: string
+    description: Regular expression to match neutron network labels to determine
+        what IP addresses will be displayed by Trove.
+  trove-ip-regex:
+    default:
+    type: string
+    description: Regular expression to match individual IP addresses to determine
+        if it will be displayed by Trove.
+  trove-black-list-regex:
+    default:
+    type: string
+    description: Regular expression to match individual IP addresses to determine
+        if it should not be displayed by Trove.
--- a/src/templates/mitaka/trove.conf
+++ b/src/templates/mitaka/trove.conf
@ -58,6 +58,23 @@ os_region_name = {{ options.region }}
 # Service type to use when searching catalog.
 #neutron_service_type = network

+# Config option for showing the IP address that nova doles out
+# For nova-network, set this to the appropriate network label defined in nova
+# For neutron, set this to .* since users can specify custom network labels
+# You can also optionally specify regex'es to match the actual IP addresses
+# ip_regex (white-list) is applied before black_list_regex in the filter chain
+#network_label_regex = ^private$
+#with neutron enabled
+network_label_regex = {{ options.trove_network_label_regex }}
+#ip_regex = ^(15.|123.)
+{% if options.trove_ip_regex  %}
+ip_regex = {{ options.trove_ip_regex }}
+{% endif %}
+#black_list_regex = ^10.0.0.
+{% if options.trove_black_list_regex  %}
+black_list_regex = {{ options.trove_black_list_regex }}
+{% endif %}
+
 # Config options for enabling volume service
 trove_volume_support = {{ options.trove_volume_support }}
 #block_device_mapping = vdb
--- a/src/templates/newton/trove.conf
+++ b/src/templates/newton/trove.conf
@ -55,6 +55,23 @@ os_region_name = {{ options.region }}
 # Service type to use when searching catalog.
 #neutron_service_type = network

+# Config option for showing the IP address that nova doles out
+# For nova-network, set this to the appropriate network label defined in nova
+# For neutron, set this to .* since users can specify custom network labels
+# You can also optionally specify regex'es to match the actual IP addresses
+# ip_regex (white-list) is applied before black_list_regex in the filter chain
+#network_label_regex = ^private$
+#with neutron enabled
+network_label_regex = {{ options.trove_network_label_regex }}
+#ip_regex = ^(15.|123.)
+{% if options.trove_ip_regex  %}
+ip_regex = {{ options.trove_ip_regex }}
+{% endif %}
+#black_list_regex = ^10.0.0.
+{% if options.trove_black_list_regex  %}
+black_list_regex = {{ options.trove_black_list_regex }}
+{% endif %}
+
 # Config options for enabling volume service
 trove_volume_support = {{ options.trove_volume_support }}
 #block_device_mapping = vdb