def test_nsg_destination_port_range_and_ranges_both_present(self):
mock_nsg_dict = {
'security_rules': [
{
'destination_port_range': '22',
'destination_port_ranges': ['3389', '8000-8080'],
}
]
}
# We do not expect both 'destination_port_range' and
# 'destination_port_ranges' to be present in the same security
# rule but we are making sure here that even if they were to be
# present, we are able to handle it in a sensible manner.
mock_nsg = mock.Mock()
mock_nsg.as_dict.return_value = mock_nsg_dict
m = self._MockNetworkManagementClient
m().network_security_groups.list_all.return_value = [mock_nsg]
records = list(azcloud.AzCloud('', '', '').read())
records = [
r for r in records
if r['com']['record_type'] == 'firewall_rule'
]
self.assertEqual(records[0]['com']['destination_ports'],
['22', '3389', '8000-8080'])
def test_nsg_source_address_prefix_and_prefixes_both_present(self):
mock_nsg_dict = {
'security_rules': [
{
'source_address_prefix': '40.0.0.0/8',
'source_address_prefixes': ['41.0.0.0/8', '42.0.0.0/8'],
}
]
}
# We do not expect both 'source_address_prefix' and
# 'source_address_prefixes' to be present in the same security
# rule but we are making sure here that even if they were to be
# present, we are able to handle it in a sensible manner.
mock_nsg = mock.Mock()
mock_nsg.as_dict.return_value = mock_nsg_dict
m = self._MockNetworkManagementClient
m().network_security_groups.list_all.return_value = [mock_nsg]
records = list(azcloud.AzCloud('', '', '').read())
records = [
r for r in records
if r['com']['record_type'] == 'firewall_rule'
]
self.assertEqual(records[0]['com']['source_addresses'],
['40.0.0.0/8', '41.0.0.0/8', '42.0.0.0/8'])
def test_nsg_destination_port_range_number_normalization(self):
mock_nsg_dict = {'security_rules': [{'destination_port_range': '22'}]}
mock_nsg = SimpleMock(mock_nsg_dict)
m = self._MockNetworkManagementClient
m().network_security_groups.list_all.return_value = [mock_nsg]
records = list(azcloud.AzCloud('', '', '').read())
records = [
r for r in records if r['com']['record_type'] == 'firewall_rule'
]
self.assertEqual(records[0]['com']['destination_ports'], ['22'])
def test_nsg_multiple_security_rules(self):
mock_nsg_dict = {'security_rules': [{}, {}]}
mock_nsg = SimpleMock(mock_nsg_dict)
m = self._MockNetworkManagementClient
m().network_security_groups.list_all.return_value = [mock_nsg]
records = list(azcloud.AzCloud('', '', '').read())
records = [
r for r in records if r['com']['record_type'] == 'firewall_rule'
]
self.assertEqual(len(records), 2)
def test_nsg_protocol_asterisk_normalization(self):
mock_nsg_dict = {'security_rules': [{'protocol': '*'}]}
mock_nsg = SimpleMock(mock_nsg_dict)
m = self._MockNetworkManagementClient
m().network_security_groups.list_all.return_value = [mock_nsg]
records = list(azcloud.AzCloud('', '', '').read())
records = [
r for r in records if r['com']['record_type'] == 'firewall_rule'
]
self.assertEqual(records[0]['com']['protocol'], 'all')
def test_firewall_rule_provisioning_state_other_normalization(self):
mock_nsg_dict = {'security_rules': [{'provisioning_state': 'Failed'}]}
mock_nsg = SimpleMock(mock_nsg_dict)
m = self._MockNetworkManagementClient
m().network_security_groups.list_all.return_value = [mock_nsg]
records = list(azcloud.AzCloud('', '', '').read())
records = [
r for r in records if r['com']['record_type'] == 'firewall_rule'
]
self.assertFalse(records[0]['com']['enabled'])
def test_firewall_rule_reference_has_security_rule_id(self):
mock_nsg_dict = {'security_rules': [{'id': 'mock_id'}]}
mock_nsg = SimpleMock(mock_nsg_dict)
m = self._MockNetworkManagementClient
m().network_security_groups.list_all.return_value = [mock_nsg]
records = list(azcloud.AzCloud('', '', '').read())
records = [
r for r in records if r['com']['record_type'] == 'firewall_rule'
]
self.assertEqual(records[0]['com']['reference'], 'mock_id')
def test_nsg_missing_security_rules(self):
mock_nsg_dict = {}
mock_nsg = mock.Mock()
mock_nsg.as_dict.return_value = mock_nsg_dict
m = self._MockNetworkManagementClient
m().network_security_groups.list_all.return_value = [mock_nsg]
records = list(azcloud.AzCloud('', '', '').read())
records = [
r for r in records if r['com']['record_type'] == 'firewall_rule'
]
self.assertEqual(len(records), 0)
def test_nsg_source_address_prefix_asterisk_normalization(self):
mock_nsg_dict = {'security_rules': [{'source_address_prefix': '*'}]}
mock_nsg = mock.Mock()
mock_nsg.as_dict.return_value = mock_nsg_dict
m = self._MockNetworkManagementClient
m().network_security_groups.list_all.return_value = [mock_nsg]
records = list(azcloud.AzCloud('', '', '').read())
records = [
r for r in records if r['com']['record_type'] == 'firewall_rule'
]
self.assertEqual(records[0]['com']['source_addresses'], ['0.0.0.0/0'])
def test_nsg_access_other_normalization(self):
mock_nsg_dict = {'security_rules': [{'access': 'FoO'}]}
mock_nsg = mock.Mock()
mock_nsg.as_dict.return_value = mock_nsg_dict
m = self._MockNetworkManagementClient
m().network_security_groups.list_all.return_value = [mock_nsg]
records = list(azcloud.AzCloud('', '', '').read())
records = [
r for r in records if r['com']['record_type'] == 'firewall_rule'
]
self.assertEqual(records[0]['com']['access'], 'foo')
def test_mysql_server_record(self):
mock_mysql_server_dict = {
'id': 'azure_mysql_server_id',
'ssl_enforcement': 'Enabled',
}
mock_mysql_server = SimpleMock(mock_mysql_server_dict)
m = self._MockMySQLManagementClient
m().servers.list.return_value = [mock_mysql_server, mock_mysql_server]
records = list(azcloud.AzCloud('', '', '').read())
records = [
r for r in records if r['ext']['record_type'] == 'mysql_server'
]
self.assertEqual(records[0]['com']['tls_enforced'], True)
self.assertEqual(records[0]['ext']['reference'],
'azure_mysql_server_id')
self.assertEqual(records[0]['com']['reference'],
'azure_mysql_server_id')
self.assertEqual(records[0]['com']['record_type'], 'rdbms')
def test_nsg_single_security_rule(self):
mock_nsg_dict = {'security_rules': [{}]}
mock_nsg = SimpleMock(mock_nsg_dict)
# Note that the 'security_rules' list in the above mock NSG
# record has only item: an empty dict. This tests the robustness
# of AzCloud plugin when keys are missing from a security
# rule dict. AzCloud plugin should work gracefully even if
# all keys are missing. The only thing we care about is that for
# every security rule dict in the raw/mock NSG record, a
# firewall_rule record is generated. This pattern is used in
# other tests too in this test module.
m = self._MockNetworkManagementClient
m().network_security_groups.list_all.return_value = [mock_nsg]
records = list(azcloud.AzCloud('', '', '').read())
records = [
r for r in records if r['com']['record_type'] == 'firewall_rule'
]
self.assertEqual(len(records), 1)