def check_creation_validation(self, rule):
fake_client = self.generate_client()
with mock.patch("vcloud_plugin_common.VcloudAirClient.get", mock.MagicMock(return_value=fake_client)):
fake_ctx = self.generate_node_context(
properties={"vcloud_config": {"edge_gateway": "some_edge_gateway", "vdc": "vdc_name"}, "rules": [rule]}
)
security_group.creation_validation(ctx=fake_ctx)
def check_creation_validation(self, rule):
fake_client = self.generate_client()
with mock.patch(
'vcloud_plugin_common.VcloudAirClient.get',
mock.MagicMock(return_value=fake_client)
):
fake_ctx = self.generate_node_context(
properties={
'vcloud_config': {
'edge_gateway': 'some_edge_gateway',
'vdc': 'vdc_name'
},
'rules': [rule]
}
)
security_group.creation_validation(ctx=fake_ctx)
def check_creation_validation(self, rule):
fake_client = self.generate_client()
with mock.patch(
'vcloud_plugin_common.VcloudAirClient.get',
mock.MagicMock(return_value=fake_client)
):
fake_ctx = self.generate_node_context(
properties={
'vcloud_config': {
'edge_gateway': 'some_edge_gateway',
'vdc': 'vdc_name'
},
'rules': [rule]
}
)
security_group.creation_validation(ctx=fake_ctx)
def test_creation_validation(self):
fake_client = self.generate_client()
with mock.patch(
'vcloud_plugin_common.VcloudAirClient.get',
mock.MagicMock(return_value=fake_client)
):
fake_ctx = self.generate_node_context(
properties={
'vcloud_config': {
'edge_gateway': 'some_edge_gateway',
'vdc': 'vdc_name'
}
}
)
fake_client._vdc_gateway.is_fw_enabled = mock.MagicMock(
return_value=False
)
# Gateway firewall is disabled
with self.assertRaises(cfy_exc.NonRecoverableError):
security_group.creation_validation(ctx=fake_ctx)
fake_client._vdc_gateway.is_fw_enabled = mock.MagicMock(
return_value=True
)
# no rules
with self.assertRaises(cfy_exc.NonRecoverableError):
security_group.creation_validation(ctx=fake_ctx)
# wrong description
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 10
})
# wrong source
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 'a',
"source": 11
})
with self.assertRaises(cfy_exc.NonRecoverableError):
security_group.creation_validation(ctx=fake_ctx)
# wrong ip
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.1111'
})
# wrong port
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.11',
"source_port": 1234
})
# wrong destination
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.11',
"source_port": 1234,
"destination": 123
})
# wrong destination ip
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.11',
"source_port": 1234,
"destination": "123.1"
})
# wrong destination_port
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.11',
"source_port": 1234,
"destination": "123.12.1.1",
'destination_port': 1111111
})
# wrong protocol
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.11',
"source_port": 1234,
"destination": "123.12.1.1",
'destination_port': 1111,
"protocol": 'someone'
})
# wrong action
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.11',
"source_port": 1234,
"destination": "123.12.1.1",
'destination_port': 1111,
"protocol": 'any',
"action": 'some'
})
# wrong action
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.11',
"source_port": 1234,
"destination": "123.12.1.1",
'destination_port': 1111,
"protocol": 'any',
"action": 'allow',
'log_traffic': 'somevalue'
})
# correct
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.11',
"source_port": 1234,
"destination": "123.12.1.1",
'destination_port': 1111,
"protocol": 'any',
"action": 'allow',
'log_traffic': True
})
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.11',
"source_port": 1234,
"destination": "123.12.1.1",
'destination_port': 1111,
"protocol": 'any',
"action": 'allow',
'log_traffic': False
})
self.check_creation_validation({
"action": 'allow'
})
def test_creation_validation(self):
fake_client = self.generate_client()
with mock.patch(
'vcloud_plugin_common.VcloudAirClient.get',
mock.MagicMock(return_value=fake_client)
):
fake_ctx = self.generate_node_context(
properties={
'vcloud_config': {
'edge_gateway': 'some_edge_gateway',
'vdc': 'vdc_name'
}
}
)
fake_client._vdc_gateway.is_fw_enabled = mock.MagicMock(
return_value=False
)
# Gateway firewall is disabled
with self.assertRaises(cfy_exc.NonRecoverableError):
security_group.creation_validation(ctx=fake_ctx)
fake_client._vdc_gateway.is_fw_enabled = mock.MagicMock(
return_value=True
)
# no rules
with self.assertRaises(cfy_exc.NonRecoverableError):
security_group.creation_validation(ctx=fake_ctx)
# wrong description
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 10
})
# wrong source
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 'a',
"source": 11
})
with self.assertRaises(cfy_exc.NonRecoverableError):
security_group.creation_validation(ctx=fake_ctx)
# wrong ip
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.1111'
})
# wrong port
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.11',
"source_port": 1234
})
# wrong destination
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.11',
"source_port": 1234,
"destination": 123
})
# wrong destination ip
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.11',
"source_port": 1234,
"destination": "123.1"
})
# wrong destination_port
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.11',
"source_port": 1234,
"destination": "123.12.1.1",
'destination_port': 1111111
})
# wrong protocol
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.11',
"source_port": 1234,
"destination": "123.12.1.1",
'destination_port': 1111,
"protocol": 'someone'
})
# wrong action
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.11',
"source_port": 1234,
"destination": "123.12.1.1",
'destination_port': 1111,
"protocol": 'any',
"action": 'some'
})
# wrong action
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.11',
"source_port": 1234,
"destination": "123.12.1.1",
'destination_port': 1111,
"protocol": 'any',
"action": 'allow',
'log_traffic': 'somevalue'
})
# correct
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.11',
"source_port": 1234,
"destination": "123.12.1.1",
'destination_port': 1111,
"protocol": 'any',
"action": 'allow',
'log_traffic': True
})
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.11',
"source_port": 1234,
"destination": "123.12.1.1",
'destination_port': 1111,
"protocol": 'any',
"action": 'allow',
'log_traffic': False
})
self.check_creation_validation({
"action": 'allow'
})
