def test_remove_security_service(self):
security_dict1 = {'id': 'fake security service id1',
'project_id': self.fake_context.project_id,
'type': 'fake type'}
db_api.share_network_create(self.fake_context, self.share_nw_dict)
db_api.security_service_create(self.fake_context, security_dict1)
db_api.share_network_add_security_service(self.fake_context,
self.share_nw_dict['id'],
security_dict1['id'])
db_api.share_network_remove_security_service(self.fake_context,
self.share_nw_dict['id'],
security_dict1['id'])
result = sqlalchemy_api.model_query(
self.fake_context,
models.ShareNetworkSecurityServiceAssociation).\
filter_by(security_service_id=security_dict1['id']).\
filter_by(share_network_id=self.share_nw_dict['id']).first()
self.assertTrue(result is None)
share_nw_ref = db_api.share_network_get(self.fake_context,
self.share_nw_dict['id'])
self.assertEqual(len(share_nw_ref['security_services']), 0)
def test_remove_security_service(self):
security_dict1 = {
'id': 'fake security service id1',
'project_id': self.fake_context.project_id,
'type': 'fake type'
}
db_api.share_network_create(self.fake_context, self.share_nw_dict)
db_api.security_service_create(self.fake_context, security_dict1)
db_api.share_network_add_security_service(self.fake_context,
self.share_nw_dict['id'],
security_dict1['id'])
db_api.share_network_remove_security_service(self.fake_context,
self.share_nw_dict['id'],
security_dict1['id'])
result = sqlalchemy_api.model_query(
self.fake_context,
models.ShareNetworkSecurityServiceAssociation).\
filter_by(security_service_id=security_dict1['id']).\
filter_by(share_network_id=self.share_nw_dict['id']).first()
self.assertTrue(result is None)
share_nw_ref = db_api.share_network_get(self.fake_context,
self.share_nw_dict['id'])
self.assertEqual(len(share_nw_ref['security_services']), 0)
def test_get_with_two_security_services(self):
security_dict1 = {
'id': 'fake security service id1',
'project_id': self.fake_context.project_id,
'type': 'fake type'
}
security_dict2 = {
'id': 'fake security service id2',
'project_id': self.fake_context.project_id,
'type': 'fake type'
}
db_api.share_network_create(self.fake_context, self.share_nw_dict)
db_api.security_service_create(self.fake_context, security_dict1)
db_api.security_service_create(self.fake_context, security_dict2)
db_api.share_network_add_security_service(self.fake_context,
self.share_nw_dict['id'],
security_dict1['id'])
db_api.share_network_add_security_service(self.fake_context,
self.share_nw_dict['id'],
security_dict2['id'])
result = db_api.share_network_get(self.fake_context,
self.share_nw_dict['id'])
self.assertEqual(len(result['security_services']), 2)
def test_get_with_one_security_service(self):
security_dict1 = {
"id": "fake security service id1",
"project_id": self.fake_context.project_id,
"type": "fake type",
}
db_api.share_network_create(self.fake_context, self.share_nw_dict)
db_api.security_service_create(self.fake_context, security_dict1)
db_api.share_network_add_security_service(self.fake_context, self.share_nw_dict["id"], security_dict1["id"])
result = db_api.share_network_get(self.fake_context, self.share_nw_dict["id"])
self.assertEqual(len(result["security_services"]), 1)
self._check_fields(expected=security_dict1, actual=result["security_services"][0])
def _add_security_service(self, req, id, data):
"""Associate share network with a given security service."""
context = req.environ['manila.context']
policy.check_policy(context, RESOURCE_NAME, 'add_security_service')
share_network = db_api.share_network_get(context, id)
if share_network['share_servers']:
msg = _("Cannot add security services. Share network is used.")
raise exc.HTTPForbidden(explanation=msg)
security_service = db_api.security_service_get(
context, data['security_service_id'])
for attached_service in share_network['security_services']:
if attached_service['type'] == security_service['type']:
msg = _("Cannot add security service to share network. "
"Security service with '%(ss_type)s' type already "
"added to '%(sn_id)s' share network") % {
'ss_type': security_service['type'],
'sn_id': share_network['id']}
raise exc.HTTPConflict(explanation=msg)
try:
share_network = db_api.share_network_add_security_service(
context,
id,
data['security_service_id'])
except KeyError:
msg = "Malformed request body"
raise exc.HTTPBadRequest(explanation=msg)
except exception.NotFound as e:
raise exc.HTTPNotFound(explanation=six.text_type(e))
except exception.ShareNetworkSecurityServiceAssociationError as e:
raise exc.HTTPBadRequest(explanation=six.text_type(e))
return self._view_builder.build_share_network(share_network)
def test_add_security_service_association_error_already_associated(self):
security_dict1 = {
'id': 'fake security service id1',
'project_id': self.fake_context.project_id,
'type': 'fake type'
}
db_api.share_network_create(self.fake_context, self.share_nw_dict)
db_api.security_service_create(self.fake_context, security_dict1)
db_api.share_network_add_security_service(self.fake_context,
self.share_nw_dict['id'],
security_dict1['id'])
self.assertRaises(
exception.ShareNetworkSecurityServiceAssociationError,
db_api.share_network_add_security_service, self.fake_context,
self.share_nw_dict['id'], security_dict1['id'])
def test_get_with_one_security_service(self):
security_dict1 = {'id': 'fake security service id1',
'project_id': self.fake_context.project_id,
'type': 'fake type'}
db_api.share_network_create(self.fake_context, self.share_nw_dict)
db_api.security_service_create(self.fake_context, security_dict1)
db_api.share_network_add_security_service(self.fake_context,
self.share_nw_dict['id'],
security_dict1['id'])
result = db_api.share_network_get(self.fake_context,
self.share_nw_dict['id'])
self.assertEqual(len(result['security_services']), 1)
self._check_fields(expected=security_dict1,
actual=result['security_services'][0])
def test_add_security_service_association_error_already_associated(self):
security_dict1 = {'id': 'fake security service id1',
'project_id': self.fake_context.project_id,
'type': 'fake type'}
db_api.share_network_create(self.fake_context, self.share_nw_dict)
db_api.security_service_create(self.fake_context, security_dict1)
db_api.share_network_add_security_service(self.fake_context,
self.share_nw_dict['id'],
security_dict1['id'])
self.assertRaises(
exception.ShareNetworkSecurityServiceAssociationError,
db_api.share_network_add_security_service,
self.fake_context,
self.share_nw_dict['id'],
security_dict1['id'])
def test_get_with_one_security_service(self):
security_dict1 = {'id': 'fake security service id1',
'project_id': self.fake_context.project_id,
'type': 'fake type'}
db_api.share_network_create(self.fake_context, self.share_nw_dict)
db_api.security_service_create(self.fake_context, security_dict1)
db_api.share_network_add_security_service(self.fake_context,
self.share_nw_dict['id'],
security_dict1['id'])
result = db_api.share_network_get(self.fake_context,
self.share_nw_dict['id'])
self.assertEqual(len(result['security_services']), 1)
self._check_fields(expected=security_dict1,
actual=result['security_services'][0])
def test_add_security_service_association_error_already_associated(self):
security_dict1 = {
"id": "fake security service id1",
"project_id": self.fake_context.project_id,
"type": "fake type",
}
db_api.share_network_create(self.fake_context, self.share_nw_dict)
db_api.security_service_create(self.fake_context, security_dict1)
db_api.share_network_add_security_service(self.fake_context, self.share_nw_dict["id"], security_dict1["id"])
self.assertRaises(
exception.ShareNetworkSecurityServiceAssociationError,
db_api.share_network_add_security_service,
self.fake_context,
self.share_nw_dict["id"],
security_dict1["id"],
)
def test_add_security_service(self):
security_dict1 = {
"id": "fake security service id1",
"project_id": self.fake_context.project_id,
"type": "fake type",
}
db_api.share_network_create(self.fake_context, self.share_nw_dict)
db_api.security_service_create(self.fake_context, security_dict1)
db_api.share_network_add_security_service(self.fake_context, self.share_nw_dict["id"], security_dict1["id"])
result = (
sqlalchemy_api.model_query(self.fake_context, models.ShareNetworkSecurityServiceAssociation)
.filter_by(security_service_id=security_dict1["id"])
.filter_by(share_network_id=self.share_nw_dict["id"])
.first()
)
self.assertTrue(result is not None)
def test_get_with_two_security_services(self):
security_dict1 = {
"id": "fake security service id1",
"project_id": self.fake_context.project_id,
"type": "fake type",
}
security_dict2 = {
"id": "fake security service id2",
"project_id": self.fake_context.project_id,
"type": "fake type",
}
db_api.share_network_create(self.fake_context, self.share_nw_dict)
db_api.security_service_create(self.fake_context, security_dict1)
db_api.security_service_create(self.fake_context, security_dict2)
db_api.share_network_add_security_service(self.fake_context, self.share_nw_dict["id"], security_dict1["id"])
db_api.share_network_add_security_service(self.fake_context, self.share_nw_dict["id"], security_dict2["id"])
result = db_api.share_network_get(self.fake_context, self.share_nw_dict["id"])
self.assertEqual(len(result["security_services"]), 2)
def test_get_with_two_security_services(self):
security_dict1 = {'id': 'fake security service id1',
'project_id': self.fake_context.project_id,
'type': 'fake type'}
security_dict2 = {'id': 'fake security service id2',
'project_id': self.fake_context.project_id,
'type': 'fake type'}
db_api.share_network_create(self.fake_context, self.share_nw_dict)
db_api.security_service_create(self.fake_context, security_dict1)
db_api.security_service_create(self.fake_context, security_dict2)
db_api.share_network_add_security_service(self.fake_context,
self.share_nw_dict['id'],
security_dict1['id'])
db_api.share_network_add_security_service(self.fake_context,
self.share_nw_dict['id'],
security_dict2['id'])
result = db_api.share_network_get(self.fake_context,
self.share_nw_dict['id'])
self.assertEqual(len(result['security_services']), 2)
def add_security_service(self, req, id, body):
"""Associate share network with a given security service."""
context = req.environ['manila.context']
share_network = db_api.share_network_get(context, id)
policy.check_policy(context, RESOURCE_NAME, 'add_security_service',
target_obj=share_network)
try:
data = body['add_security_service']
security_service = db_api.security_service_get(
context, data['security_service_id'])
except KeyError:
msg = "Malformed request body"
raise exc.HTTPBadRequest(explanation=msg)
contain_share_servers = (
self._share_network_subnets_contain_share_servers(share_network))
support_adding_to_in_use_networks = (
req.api_version_request >= api_version.APIVersionRequest("2.63"))
if contain_share_servers:
if not support_adding_to_in_use_networks:
msg = _("Cannot add security services. Share network is used.")
raise exc.HTTPForbidden(explanation=msg)
try:
self.share_api.update_share_network_security_service(
context, share_network, security_service)
except exception.ServiceIsDown as e:
raise exc.HTTPConflict(explanation=e.msg)
except exception.InvalidShareNetwork as e:
raise exc.HTTPBadRequest(explanation=e.msg)
except exception.InvalidSecurityService as e:
raise exc.HTTPConflict(explanation=e.msg)
try:
share_network = db_api.share_network_add_security_service(
context,
id,
data['security_service_id'])
except exception.NotFound as e:
raise exc.HTTPNotFound(explanation=e.msg)
except exception.ShareNetworkSecurityServiceAssociationError as e:
raise exc.HTTPBadRequest(explanation=e.msg)
return self._view_builder.build_share_network(req, share_network)
def _add_security_service(self, req, id, data):
"""Associate share network with a given security service."""
context = req.environ["manila.context"]
policy.check_policy(context, RESOURCE_NAME, "add_security_service")
try:
share_network = db_api.share_network_add_security_service(context, id, data["security_service_id"])
except KeyError:
msg = "Malformed request body"
raise exc.HTTPBadRequest(explanation=msg)
except exception.NotFound as e:
msg = "%s" % e
raise exc.HTTPNotFound(explanation=msg)
except exception.ShareNetworkSecurityServiceAssociationError as e:
msg = "%s" % e
raise exc.HTTPBadRequest(explanation=msg)
return self._view_builder.build_share_network(share_network)
def _add_security_service(self, req, id, data):
"""Associate share network with a given security service."""
context = req.environ['manila.context']
policy.check_policy(context, RESOURCE_NAME, 'add_security_service')
share_network = db_api.share_network_get(context, id)
if share_network['share_servers']:
msg = _("Cannot add security services. Share network is used.")
raise exc.HTTPForbidden(explanation=msg)
try:
share_network = db_api.share_network_add_security_service(
context, id, data['security_service_id'])
except KeyError:
msg = "Malformed request body"
raise exc.HTTPBadRequest(explanation=msg)
except exception.NotFound as e:
msg = "%s" % e
raise exc.HTTPNotFound(explanation=msg)
except exception.ShareNetworkSecurityServiceAssociationError as e:
msg = "%s" % e
raise exc.HTTPBadRequest(explanation=msg)
return self._view_builder.build_share_network(share_network)
def _add_security_service(self, req, id, data):
"""Associate share network with a given security service."""
context = req.environ['manila.context']
policy.check_policy(context, RESOURCE_NAME, 'add_security_service')
share_network = db_api.share_network_get(context, id)
if share_network['share_servers']:
msg = _("Cannot add security services. Share network is used.")
raise exc.HTTPForbidden(explanation=msg)
try:
share_network = db_api.share_network_add_security_service(
context,
id,
data['security_service_id'])
except KeyError:
msg = "Malformed request body"
raise exc.HTTPBadRequest(explanation=msg)
except exception.NotFound as e:
msg = "%s" % e
raise exc.HTTPNotFound(explanation=msg)
except exception.ShareNetworkSecurityServiceAssociationError as e:
msg = "%s" % e
raise exc.HTTPBadRequest(explanation=msg)
return self._view_builder.build_share_network(share_network)
