def test__create_sg_rules(self, m_get_pod_ip, m_match_selector, m_create_sg_rule_body, m_create_sg_rule): m_create_sg_rule_body.return_value = self._sg_rule_body sgr_id = mock.sentinel.sgr_id m_create_sg_rule.return_value = sgr_id crd = get_crd_obj_with_all_selectors() pod = get_match_crd_pod_obj() m_get_pod_ip.return_value = pod['status'].get('podIP') matched = False new_sg_rule = self._sg_rule_body policy = crd['spec']['networkpolicy_spec'] rule_list = policy.get('ingress', None) crd_rules = crd['spec'].get('ingressSgRules') pod_ns = pod['metadata']['namespace'] for rule_block in rule_list: for rule in rule_block.get('from', []): pod_selector = rule.get('podSelector') matched = network_policy_security_groups._create_sg_rules( crd, pod, pod_selector, rule_block, crd_rules, 'ingress', matched, pod_ns) new_sg_rule['namespace'] = pod_ns new_sg_rule['security_group_rule']['id'] = sgr_id m_match_selector.assert_called_once_with( pod_selector, pod['metadata']['labels']) m_get_pod_ip.assert_called_once_with(pod) m_create_sg_rule_body.assert_called_once() m_create_sg_rule.assert_called_once() self.assertEqual([new_sg_rule], crd_rules) self.assertEqual(matched, True)
def test__create_sg_rules_no_match(self, m_match_selector, m_get_pod_ip): crd = get_crd_obj_with_all_selectors() pod = self._pod2 policy = crd['spec']['networkpolicy_spec'] rule_list = policy.get('ingress', None) for rule_block in rule_list: for rule in rule_block.get('from', []): pod_selector = rule.get('podSelector') matched = network_policy_security_groups._create_sg_rules( crd, pod, pod_selector, rule_block, 'ingress', False) self.assertEqual(matched, False)
def test__create_sg_rules_no_match(self, m_match_selector): crd = self._crd_without_rules pod = self._pod2 policy = crd['spec']['networkpolicy_spec'] rule_list = policy.get('ingress', None) crd_rules = crd['spec'].get('ingressSgRules') for rule_block in rule_list: for rule in rule_block.get('from', []): pod_selector = rule.get('podSelector') matched = network_policy_security_groups._create_sg_rules( crd, pod, pod_selector, rule_block, crd_rules, 'ingress', False, self._namespace) self.assertEqual(matched, False)