Beispiel #1
0
    def test_edit_rules_add_rule_cidr_and_source_group(self):
        sec_group = self.security_groups.first()
        sec_group_other = self.security_groups.get(id=2)
        sec_group_list = self.security_groups.list()
        rule = self.security_group_rules.first()

        self.mox.StubOutWithMock(api, 'security_group_get')
        self.mox.StubOutWithMock(api, 'security_group_list')
        api.security_group_get(IsA(http.HttpRequest),
                               sec_group.id).AndReturn(sec_group)
        api.security_group_list(IsA(
            http.HttpRequest)).AndReturn(sec_group_list)
        self.mox.ReplayAll()

        formData = {
            'method': 'AddRule',
            'security_group_id': sec_group.id,
            'from_port': rule.from_port,
            'to_port': rule.to_port,
            'ip_protocol': rule.ip_protocol,
            'cidr': "127.0.0.1/32",
            'source_group': sec_group_other.id
        }
        res = self.client.post(self.edit_url, formData)
        self.assertNoMessages()
        msg = 'Either CIDR or Source Group may be specified, but not both.'
        self.assertFormErrors(res, count=1, message=msg)
Beispiel #2
0
    def test_edit_rules_invalid_port_range(self):
        sec_group = self.security_groups.first()
        sec_group_list = self.security_groups.list()
        rule = self.security_group_rules.first()

        self.mox.StubOutWithMock(api, 'security_group_get')
        api.security_group_get(IsA(http.HttpRequest),
                               sec_group.id).AndReturn(sec_group)
        self.mox.StubOutWithMock(api, 'security_group_list')
        api.security_group_list(IsA(
            http.HttpRequest)).AndReturn(sec_group_list)
        self.mox.ReplayAll()

        formData = {
            'method': 'AddRule',
            'security_group_id': sec_group.id,
            'from_port': rule.from_port,
            'to_port': int(rule.from_port) - 1,
            'ip_protocol': rule.ip_protocol,
            'cidr': rule.ip_range['cidr'],
            'source_group': ''
        }
        res = self.client.post(self.edit_url, formData)
        self.assertNoMessages()
        self.assertContains(res, "greater than or equal to")
Beispiel #3
0
    def test_edit_rules_add_rule_cidr_and_source_group(self):
        sec_group = self.security_groups.first()
        sec_group_other = self.security_groups.get(id=2)
        sec_group_list = self.security_groups.list()
        rule = self.security_group_rules.first()

        self.mox.StubOutWithMock(api, 'security_group_get')
        self.mox.StubOutWithMock(api, 'security_group_list')
        api.security_group_get(IsA(http.HttpRequest),
                               sec_group.id).AndReturn(sec_group)
        api.security_group_list(
                        IsA(http.HttpRequest)).AndReturn(sec_group_list)
        self.mox.ReplayAll()

        formData = {'method': 'AddRule',
                    'security_group_id': sec_group.id,
                    'from_port': rule.from_port,
                    'to_port': rule.to_port,
                    'ip_protocol': rule.ip_protocol,
                    'cidr': "127.0.0.1/32",
                    'source_group': sec_group_other.id}
        res = self.client.post(self.edit_url, formData)
        self.assertNoMessages()
        msg = 'Either CIDR or Source Group may be specified, but not both.'
        self.assertFormErrors(res, count=1, message=msg)
Beispiel #4
0
    def test_edit_rules_get_exception(self):
        sec_group = self.security_groups.first()

        self.mox.StubOutWithMock(api, 'security_group_get')
        self.mox.StubOutWithMock(api, 'security_group_list')

        api.security_group_get(IsA(http.HttpRequest),
                               sec_group.id).AndRaise(self.exceptions.nova)
        self.mox.ReplayAll()

        res = self.client.get(self.edit_url)
        self.assertRedirectsNoFollow(res, INDEX_URL)
Beispiel #5
0
    def test_edit_rules_get_exception(self):
        sec_group = self.security_groups.first()

        self.mox.StubOutWithMock(api, 'security_group_get')
        self.mox.StubOutWithMock(api, 'security_group_list')

        api.security_group_get(IsA(http.HttpRequest),
                               sec_group.id).AndRaise(self.exceptions.nova)
        self.mox.ReplayAll()

        res = self.client.get(self.edit_url)
        self.assertRedirectsNoFollow(res, INDEX_URL)
Beispiel #6
0
    def test_edit_rules_get(self):
        sec_group = self.security_groups.first()
        sec_group_list = self.security_groups.list()

        self.mox.StubOutWithMock(api, 'security_group_get')
        api.security_group_get(IsA(http.HttpRequest),
                               sec_group.id).AndReturn(sec_group)
        self.mox.StubOutWithMock(api, 'security_group_list')
        api.security_group_list(IsA(
            http.HttpRequest)).AndReturn(sec_group_list)
        self.mox.ReplayAll()

        res = self.client.get(self.edit_url)
        self.assertTemplateUsed(
            res, 'project/access_and_security/security_groups/edit_rules.html')
        self.assertItemsEqual(res.context['security_group'].name,
                              sec_group.name)
Beispiel #7
0
    def test_edit_rules_get(self):
        sec_group = self.security_groups.first()
        sec_group_list = self.security_groups.list()

        self.mox.StubOutWithMock(api, 'security_group_get')
        api.security_group_get(IsA(http.HttpRequest),
                               sec_group.id).AndReturn(sec_group)
        self.mox.StubOutWithMock(api, 'security_group_list')
        api.security_group_list(
                        IsA(http.HttpRequest)).AndReturn(sec_group_list)
        self.mox.ReplayAll()

        res = self.client.get(self.edit_url)
        self.assertTemplateUsed(res,
                'project/access_and_security/security_groups/edit_rules.html')
        self.assertItemsEqual(res.context['security_group'].name,
                              sec_group.name)
Beispiel #8
0
 def get_data(self):
     security_group_id = int(self.kwargs['security_group_id'])
     try:
         self.object = api.security_group_get(self.request,
                                              security_group_id)
         rules = [api.nova.SecurityGroupRule(rule) for
                  rule in self.object.rules]
     except:
         self.object = None
         rules = []
         exceptions.handle(self.request,
                           _('Unable to retrieve security group.'))
     return rules
Beispiel #9
0
    def test_edit_rules_invalid_port_range(self):
        sec_group = self.security_groups.first()
        sec_group_list = self.security_groups.list()
        rule = self.security_group_rules.first()

        self.mox.StubOutWithMock(api, 'security_group_get')
        api.security_group_get(IsA(http.HttpRequest),
                               sec_group.id).AndReturn(sec_group)
        self.mox.StubOutWithMock(api, 'security_group_list')
        api.security_group_list(
                        IsA(http.HttpRequest)).AndReturn(sec_group_list)
        self.mox.ReplayAll()

        formData = {'method': 'AddRule',
                    'security_group_id': sec_group.id,
                    'from_port': rule.from_port,
                    'to_port': int(rule.from_port) - 1,
                    'ip_protocol': rule.ip_protocol,
                    'cidr': rule.ip_range['cidr'],
                    'source_group': ''}
        res = self.client.post(self.edit_url, formData)
        self.assertNoMessages()
        self.assertContains(res, "greater than or equal to")
def edit_rules(request, tenant_id, security_group_id):
    add_form, handled = AddRule.maybe_handle(request,
                              initial={ 'tenant_id': tenant_id,
                                        'security_group_id': security_group_id })
    if handled:
        return handled

    delete_form, handled = DeleteRule.maybe_handle(request,
                              initial={ 'tenant_id': tenant_id,
                                        'security_group_id': security_group_id })
    if handled:
        return handled

    try:
        security_group = api.security_group_get(request, security_group_id)
    except api_exceptions.ApiException, e:
        LOG.error("ApiException in security_groups rules edit", exc_info=True)
        messages.error(request, 'Error fetching security_group: %s' % e.message)
        return shortcuts.redirect(topbar + '/security_groups', tenant_id)
Beispiel #11
0
    def test_edit_rules_invalid_icmp_rule(self):
        sec_group = self.security_groups.first()
        sec_group_list = self.security_groups.list()
        icmp_rule = self.security_group_rules.list()[1]

        api.security_group_get(IsA(http.HttpRequest),
                               sec_group.id).AndReturn(sec_group)
        api.security_group_list(IsA(
            http.HttpRequest)).AndReturn(sec_group_list)
        api.security_group_get(IsA(http.HttpRequest),
                               sec_group.id).AndReturn(sec_group)
        api.security_group_list(IsA(
            http.HttpRequest)).AndReturn(sec_group_list)
        api.security_group_get(IsA(http.HttpRequest),
                               sec_group.id).AndReturn(sec_group)
        api.security_group_list(IsA(
            http.HttpRequest)).AndReturn(sec_group_list)
        api.security_group_get(IsA(http.HttpRequest),
                               sec_group.id).AndReturn(sec_group)
        api.security_group_list(IsA(
            http.HttpRequest)).AndReturn(sec_group_list)
        self.mox.ReplayAll()

        formData = {
            'method': 'AddRule',
            'security_group_id': sec_group.id,
            'from_port': 256,
            'to_port': icmp_rule.to_port,
            'ip_protocol': icmp_rule.ip_protocol,
            'cidr': icmp_rule.ip_range['cidr'],
            'source_group': ''
        }
        res = self.client.post(self.edit_url, formData)
        self.assertNoMessages()
        self.assertContains(res, "The ICMP type not in range (-1, 255)")

        formData = {
            'method': 'AddRule',
            'security_group_id': sec_group.id,
            'from_port': icmp_rule.from_port,
            'to_port': 256,
            'ip_protocol': icmp_rule.ip_protocol,
            'cidr': icmp_rule.ip_range['cidr'],
            'source_group': ''
        }
        res = self.client.post(self.edit_url, formData)
        self.assertNoMessages()
        self.assertContains(res, "The ICMP code not in range (-1, 255)")

        formData = {
            'method': 'AddRule',
            'security_group_id': sec_group.id,
            'from_port': icmp_rule.from_port,
            'to_port': None,
            'ip_protocol': icmp_rule.ip_protocol,
            'cidr': icmp_rule.ip_range['cidr'],
            'source_group': ''
        }
        res = self.client.post(self.edit_url, formData)
        self.assertNoMessages()
        self.assertContains(res, "The ICMP code is invalid")

        formData = {
            'method': 'AddRule',
            'security_group_id': sec_group.id,
            'from_port': None,
            'to_port': icmp_rule.to_port,
            'ip_protocol': icmp_rule.ip_protocol,
            'cidr': icmp_rule.ip_range['cidr'],
            'source_group': ''
        }
        res = self.client.post(self.edit_url, formData)
        self.assertNoMessages()
        self.assertContains(res, "The ICMP type is invalid")
Beispiel #12
0
    def test_edit_rules_invalid_icmp_rule(self):
        sec_group = self.security_groups.first()
        sec_group_list = self.security_groups.list()
        icmp_rule = self.security_group_rules.list()[1]

        api.security_group_get(IsA(http.HttpRequest),
                               sec_group.id).AndReturn(sec_group)
        api.security_group_list(
                        IsA(http.HttpRequest)).AndReturn(sec_group_list)
        api.security_group_get(IsA(http.HttpRequest),
                               sec_group.id).AndReturn(sec_group)
        api.security_group_list(
                        IsA(http.HttpRequest)).AndReturn(sec_group_list)
        api.security_group_get(IsA(http.HttpRequest),
                               sec_group.id).AndReturn(sec_group)
        api.security_group_list(
                        IsA(http.HttpRequest)).AndReturn(sec_group_list)
        api.security_group_get(IsA(http.HttpRequest),
                               sec_group.id).AndReturn(sec_group)
        api.security_group_list(
                        IsA(http.HttpRequest)).AndReturn(sec_group_list)
        self.mox.ReplayAll()

        formData = {'method': 'AddRule',
                    'security_group_id': sec_group.id,
                    'from_port': 256,
                    'to_port': icmp_rule.to_port,
                    'ip_protocol': icmp_rule.ip_protocol,
                    'cidr': icmp_rule.ip_range['cidr'],
                    'source_group': ''}
        res = self.client.post(self.edit_url, formData)
        self.assertNoMessages()
        self.assertContains(res, "The ICMP type not in range (-1, 255)")

        formData = {'method': 'AddRule',
                    'security_group_id': sec_group.id,
                    'from_port': icmp_rule.from_port,
                    'to_port': 256,
                    'ip_protocol': icmp_rule.ip_protocol,
                    'cidr': icmp_rule.ip_range['cidr'],
                    'source_group': ''}
        res = self.client.post(self.edit_url, formData)
        self.assertNoMessages()
        self.assertContains(res, "The ICMP code not in range (-1, 255)")

        formData = {'method': 'AddRule',
                    'security_group_id': sec_group.id,
                    'from_port': icmp_rule.from_port,
                    'to_port': None,
                    'ip_protocol': icmp_rule.ip_protocol,
                    'cidr': icmp_rule.ip_range['cidr'],
                    'source_group': ''}
        res = self.client.post(self.edit_url, formData)
        self.assertNoMessages()
        self.assertContains(res, "The ICMP code is invalid")

        formData = {'method': 'AddRule',
                    'security_group_id': sec_group.id,
                    'from_port': None,
                    'to_port': icmp_rule.to_port,
                    'ip_protocol': icmp_rule.ip_protocol,
                    'cidr': icmp_rule.ip_range['cidr'],
                    'source_group': ''}
        res = self.client.post(self.edit_url, formData)
        self.assertNoMessages()
        self.assertContains(res, "The ICMP type is invalid")