Ejemplo n.º 1
0
def security_group_rule_create(context, **rule_dict):
    new_rule = models.SecurityGroupRule()
    new_rule.update(rule_dict)
    new_rule.group_id = rule_dict['security_group_id']
    new_rule.tenant_id = rule_dict['tenant_id']
    context.session.add(new_rule)
    return new_rule
Ejemplo n.º 2
0
    def _stubs(self):
        ports = [{"device_id": 1, "mac_address": 1}]
        vifs = ["1.1", "2.2", "3.3"]
        security_groups = [{"id": 1, "name": "test_group"}]

        with contextlib.nested(
                mock.patch("neutron.context.get_admin_context"),
                mock.patch("quark.db.api.security_group_rule_find"),
                mock.patch("quark.db.api.ports_with_security_groups_find"),
                mock.patch("%s._get_connection" %
                           TOOL_MOD)) as (get_admin_ctxt, rule_find,
                                          db_ports_groups, get_conn):
            connection_mock = mock.MagicMock()
            get_conn.return_value = connection_mock
            ports_with_groups_mock = mock.MagicMock()

            port_mods = []
            sg_mods = [models.SecurityGroup(**sg) for sg in security_groups]
            for port in ports:
                port_mod = models.Port(**port)
                port_mod.security_groups = sg_mods
                port_mods.append(port_mod)

            sg_rule = models.SecurityGroupRule()
            rule_find.return_value = [sg_rule]

            db_ports_groups.return_value = ports_with_groups_mock
            ctxt_mock = mock.MagicMock()
            get_admin_ctxt.return_value = ctxt_mock
            ports_with_groups_mock.all.return_value = port_mods
            connection_mock.vif_keys.return_value = vifs
            connection_mock.serialize_rules.return_value = "rules"
            yield (get_conn, connection_mock, db_ports_groups, ctxt_mock,
                   sg_rule)
Ejemplo n.º 3
0
 def test_create_security_rule_group_at_max(self):
     with self.assertRaises(exceptions.OverQuota):
         self._test_create_security_rule(
             group={
                 'id': 1,
                 'rules': [models.SecurityGroupRule()]
             })
Ejemplo n.º 4
0
 def _make_rules(rules):
     rule_mods = []
     for rule in rules:
         r = models.SecurityGroupRule()
         r.update(dict(id=rule))
         rule_mods.append(r)
     return rule_mods
Ejemplo n.º 5
0
    def test_update_security_group(self):
        v4_ethertype = protocols.ETHERTYPES["IPv4"]
        rule_dict = {
            "ethertype": v4_ethertype,
            "protocol": protocols.PROTOCOL_MAP[v4_ethertype]["tcp"]
        }
        rule = models.SecurityGroupRule()
        rule.update(rule_dict)
        group = {
            "name": "foo",
            "description": "bar",
            "tenant_id": self.context.tenant_id,
            "rules": [rule]
        }
        updated_group = group.copy()
        updated_group["name"] = "bar"

        with contextlib.nested(
                mock.patch("quark.db.api.security_group_find"),
                mock.patch("quark.db.api.security_group_update"),
        ) as (db_find, db_update):
            db_find.return_value = group
            db_update.return_value = updated_group
            update = dict(security_group=dict(name="bar"))
            resp = self.plugin.update_security_group(self.context, 1, update)
            self.assertEqual(resp["name"], updated_group["name"])
Ejemplo n.º 6
0
 def test_create_security_rule_group_at_max(self):
     with self.assertRaises(n_exc.OverQuota):
         self._test_create_security_rule(group={
             'id':
             1,
             'rules': [models.SecurityGroupRule()]
         },
                                         limit_raise=True)
Ejemplo n.º 7
0
    def test_update_security_group_rule(self):
        sg_dict = {"id": 0}
        sg = models.SecurityGroup()
        sg.update(sg_dict)

        rule_dict = {
            "id": 1,
            "direction": "ingress",
            "port_range_min": 80,
            "port_range_max": 100,
            "remote_ip_prefix": None,
            "ethertype": protocols.translate_ethertype("IPv4"),
            "tenant_id": "foo",
            "protocol": "UDP",
            "group_id": 1,
            "external_service_id": None,
            "external_service": None
        }
        rule = models.SecurityGroupRule()
        rule.update(rule_dict)

        updated_part = {
            'external_service_id': 'aaa',
            'external_service': 'bbb'
        }

        with mock.patch('quark.db.api.security_group_rule_find') as db_find, \
                mock.patch('quark.db.api.security_group_rule_update') \
                as db_update, \
                mock.patch('quark.db.api.security_group_find') as sg_find:
            db_find.return_value = rule
            rule_dict.update(updated_part)
            new_rule = models.SecurityGroupRule()
            new_rule.update(rule_dict)
            db_update.return_value = new_rule
            sg_find.return_value = sg

            update = dict(security_group_rule=updated_part)
            resp = self.plugin.update_security_group_rule(
                self.context, 1, update)
            self.assertEqual(resp['external_service_id'],
                             updated_part['external_service_id'])
            self.assertEqual(resp['external_service'],
                             updated_part['external_service'])
Ejemplo n.º 8
0
    def _stubs(self, rule={}, group={'id': 1}):
        dbrule = None
        dbgroup = None
        if group:
            dbgroup = models.SecurityGroup()
            dbgroup.update(group)
        if rule:
            dbrule = models.SecurityGroupRule()
            dbrule.update(dict(rule, group=dbgroup))

        with contextlib.nested(
                mock.patch("quark.db.api.security_group_find"),
                mock.patch("quark.db.api.security_group_rule_find"),
                mock.patch("quark.db.api.security_group_rule_delete"),
        ) as (group_find, rule_find, db_group_delete):
            group_find.return_value = dbgroup
            rule_find.return_value = dbrule
            yield db_group_delete
Ejemplo n.º 9
0
 def _stubs(self, finds_rule=True):
     with contextlib.nested(
         mock.patch("quark.db.api.security_group_find"),
         mock.patch("quark.db.api.security_group_rule_find"),
         mock.patch("neutron.extensions.securitygroup."
                    "SecurityGroupNotFound.__init__"),
         mock.patch("neutron.extensions.securitygroup."
                    "SecurityGroupRuleNotFound.__init__"),
         mock.patch("quark.plugin_modules.security_groups."
                    "_validate_security_group_rule")
     ) as (group_find, rule_find, group_exc, rule_exc, validate):
         group_find.return_value = None
         rule_find.return_value = None
         if finds_rule:
             rule_find.return_value = models.SecurityGroupRule()
         group_exc.return_value = None
         rule_exc.return_value = None
         yield group_exc, rule_exc
Ejemplo n.º 10
0
    def _stubs(self, rule, group):
        dbrule = models.SecurityGroupRule()
        dbrule.update(rule)
        dbrule.group_id = rule['security_group_id']
        dbgroup = None
        if group:
            dbgroup = models.SecurityGroup()
            dbgroup.update(group)

        with contextlib.nested(
                mock.patch("quark.db.api.security_group_find"),
                mock.patch("quark.db.api.security_group_rule_find"),
                mock.patch("quark.db.api.security_group_rule_create")) as (
                    group_find, rule_find, rule_create):
            group_find.return_value = dbgroup
            rule_find.return_value.count.return_value = group.get(
                'port_rules', None) if group else 0
            rule_create.return_value = dbrule
            yield rule_create
Ejemplo n.º 11
0
    def test_serialize_filters_dest_v4_net(self, strict_redis, conn_pool):
        rule_dict = {"ethertype": 0x800, "protocol": 1, "direction": "egress",
                     "remote_ip_prefix": "192.168.0.0/0"}
        client = sg_client.SecurityGroupsClient()
        group = models.SecurityGroup()
        rule = models.SecurityGroupRule()
        rule.update(rule_dict)
        group.rules.append(rule)

        payload = client.serialize_groups([group])
        rule = payload[0]
        self.assertEqual(0x800, rule["ethertype"])
        self.assertEqual(1, rule["protocol"])
        self.assertEqual(None, rule["icmp type"])
        self.assertEqual(None, rule["icmp code"])
        self.assertEqual("allow", rule["action"])
        self.assertEqual("egress", rule["direction"])
        self.assertEqual("", rule["source network"])
        self.assertEqual("", rule["destination network"])
Ejemplo n.º 12
0
    def test_serialize_group_with_rules(self, strict_redis, conn_pool):
        rule_dict = {"ethertype": 0x800, "protocol": 6, "port_range_min": 80,
                     "port_range_max": 443, "direction": "ingress"}
        client = sg_client.SecurityGroupsClient()
        group = models.SecurityGroup()
        rule = models.SecurityGroupRule()
        rule.update(rule_dict)
        group.rules.append(rule)

        payload = client.serialize_groups([group])
        rule = payload[0]
        self.assertEqual(0x800, rule["ethertype"])
        self.assertEqual(6, rule["protocol"])
        self.assertEqual(80, rule["port start"])
        self.assertEqual(443, rule["port end"])
        self.assertEqual("allow", rule["action"])
        self.assertEqual("ingress", rule["direction"])
        self.assertEqual("", rule["source network"])
        self.assertEqual("", rule["destination network"])
Ejemplo n.º 13
0
    def test_serialize_group_with_rules_and_remote_network(self, redis):
        rule_dict = {"ethertype": 0x800, "protocol": 1, "direction": "ingress",
                     "remote_ip_prefix": "192.168.0.0/24"}
        client = redis_client.Client()
        group = models.SecurityGroup()
        rule = models.SecurityGroupRule()
        rule.update(rule_dict)
        group.rules.append(rule)

        payload = client.serialize([group])
        self.assertTrue(payload.get("id") is not None)
        rule = payload["rules"][0]
        self.assertEqual(0x800, rule["ethertype"])
        self.assertEqual(1, rule["protocol"])
        self.assertEqual(None, rule["port start"])
        self.assertEqual(None, rule["port end"])
        self.assertEqual("allow", rule["action"])
        self.assertEqual("ingress", rule["direction"])
        self.assertEqual("::ffff:192.168.0.0/120", rule["source network"])
        self.assertEqual("", rule["destination network"])
Ejemplo n.º 14
0
    def test_update_security_group(self):
        rule = models.SecurityGroupRule()
        rule.update(dict(id=1))
        group = {
            "name": "foo",
            "description": "bar",
            "tenant_id": self.context.tenant_id,
            "rules": [rule]
        }
        updated_group = group.copy()
        updated_group["name"] = "bar"

        with contextlib.nested(
                mock.patch("quark.db.api.security_group_find"),
                mock.patch("quark.db.api.security_group_update"),
        ) as (db_find, db_update):
            db_find.return_value = group
            db_update.return_value = updated_group
            update = dict(security_group=dict(name="bar"))
            resp = self.plugin.update_security_group(self.context, 1, update)
            self.assertEqual(resp["name"], updated_group["name"])
Ejemplo n.º 15
0
    def test_serialize_filters_source_v6_net(self, strict_redis):
        rule_dict = {
            "ethertype": 0x86DD,
            "protocol": 58,
            "direction": "ingress",
            "remote_ip_prefix": "feed::/0"
        }
        client = sg_client.SecurityGroupsClient()
        group = models.SecurityGroup()
        rule = models.SecurityGroupRule()
        rule.update(rule_dict)
        group.rules.append(rule)

        payload = client.serialize_groups([group])
        rule = payload[0]
        self.assertEqual(0x86DD, rule["ethertype"])
        self.assertEqual(58, rule["protocol"])
        self.assertEqual(None, rule["icmp type"])
        self.assertEqual(None, rule["icmp code"])
        self.assertEqual("allow", rule["action"])
        self.assertEqual("ingress", rule["direction"])
        self.assertEqual("", rule["source network"])
        self.assertEqual("", rule["destination network"])
Ejemplo n.º 16
0
 def _create_rule(context, **rule):
     dbrule = models.SecurityGroupRule()
     dbrule.update(rule)
     dbrule["group_id"] = rule['security_group_id']
     return dbrule