def test_update_security_profile_rules_noingress(self):
sec_prof = secgrouplib.create_security_profile(self.fake_cluster,
'pippo',
{'name': 'test'})
hidden_ingress_rule = {
'ethertype': 'IPv4',
'ip_prefix': '127.0.0.1/32'
}
egress_rule = {'ethertype': 'IPv4', 'profile_uuid': 'xyz'}
new_rules = {
'logical_port_egress_rules': [egress_rule],
'logical_port_ingress_rules': []
}
secgrouplib.update_security_group_rules(self.fake_cluster,
sec_prof['uuid'], new_rules)
sec_prof_res = nsx_utils.do_request(nsx_utils.HTTP_GET,
nsx_utils._build_uri_path(
'security-profile',
resource_id=sec_prof['uuid']),
cluster=self.fake_cluster)
self.assertEqual(sec_prof['uuid'], sec_prof_res['uuid'])
# Check for builtin rules
self.assertEqual(len(sec_prof_res['logical_port_egress_rules']), 2)
self.assertIn(egress_rule, sec_prof_res['logical_port_egress_rules'])
self.assertEqual(len(sec_prof_res['logical_port_ingress_rules']), 1)
self.assertIn(hidden_ingress_rule,
sec_prof_res['logical_port_ingress_rules'])
def test_delete_security_profile(self):
sec_prof = secgrouplib.create_security_profile(self.fake_cluster,
'pippo',
{'name': 'test'})
secgrouplib.delete_security_profile(self.fake_cluster,
sec_prof['uuid'])
self.assertRaises(exceptions.NotFound,
nvplib.do_request,
nvplib.HTTP_GET,
nvplib._build_uri_path('security-profile',
resource_id=sec_prof['uuid']),
cluster=self.fake_cluster)
def test_create_and_get_default_security_profile(self):
sec_prof = secgrouplib.create_security_profile(
self.fake_cluster, 'pippo', {'name': 'default'})
sec_prof_res = nvplib.do_request(
nvplib.HTTP_GET,
nvplib._build_uri_path('security-profile',
resource_id=sec_prof['uuid']),
cluster=self.fake_cluster)
self.assertEqual(sec_prof['uuid'], sec_prof_res['uuid'])
# Check for builtin rules
self.assertEqual(len(sec_prof_res['logical_port_egress_rules']), 3)
self.assertEqual(len(sec_prof_res['logical_port_ingress_rules']), 2)
def test_delete_security_profile(self):
sec_prof = secgrouplib.create_security_profile(
self.fake_cluster, 'pippo', {'name': 'test'})
secgrouplib.delete_security_profile(
self.fake_cluster, sec_prof['uuid'])
self.assertRaises(exceptions.NotFound,
nvplib.do_request,
nvplib.HTTP_GET,
nvplib._build_uri_path(
'security-profile',
resource_id=sec_prof['uuid']),
cluster=self.fake_cluster)
def test_create_and_get_default_security_profile(self):
sec_prof = secgrouplib.create_security_profile(self.fake_cluster,
'pippo',
{'name': 'default'})
sec_prof_res = nsx_utils.do_request(secgrouplib.HTTP_GET,
nsx_utils._build_uri_path(
'security-profile',
resource_id=sec_prof['uuid']),
cluster=self.fake_cluster)
self.assertEqual(sec_prof['uuid'], sec_prof_res['uuid'])
# Check for builtin rules
self.assertEqual(len(sec_prof_res['logical_port_egress_rules']), 3)
self.assertEqual(len(sec_prof_res['logical_port_ingress_rules']), 2)
def test_update_security_profile_rules(self):
sec_prof = secgrouplib.create_security_profile(
self.fake_cluster, 'pippo', {'name': 'test'})
ingress_rule = {'ethertype': 'IPv4'}
egress_rule = {'ethertype': 'IPv4', 'profile_uuid': 'xyz'}
new_rules = {'logical_port_egress_rules': [egress_rule],
'logical_port_ingress_rules': [ingress_rule]}
secgrouplib.update_security_group_rules(
self.fake_cluster, sec_prof['uuid'], new_rules)
sec_prof_res = nvplib.do_request(
nvplib.HTTP_GET,
nvplib._build_uri_path('security-profile',
resource_id=sec_prof['uuid']),
cluster=self.fake_cluster)
self.assertEqual(sec_prof['uuid'], sec_prof_res['uuid'])
# Check for builtin rules
self.assertEqual(len(sec_prof_res['logical_port_egress_rules']), 2)
self.assertIn(egress_rule,
sec_prof_res['logical_port_egress_rules'])
self.assertEqual(len(sec_prof_res['logical_port_ingress_rules']), 1)
self.assertIn(ingress_rule,
sec_prof_res['logical_port_ingress_rules'])