Example #1
0
 def _load_rule_data(self, virtual_topology_data):
     """Loads rule data with a single rule """
     # Load rule virtual topology data from file.
     self._rule_data = virtual_topology_data['rules'][0].get('rule')
     self._rule = Rule(self._api, self._context, self._rule_data,
                       self._chain)
     self._rule.build()
Example #2
0
 def _load_rule_data(self, virtual_topology_data):
     """Loads rule data with a single rule """
     # Load rule virtual topology data from file.
     self._rule_data = virtual_topology_data['rules'][0].get('rule')
     self._rule = Rule(self._api, self._context, self._rule_data,
                       self._chain)
     self._rule.build()
Example #3
0
class RuleTest(unittest.TestCase):

    def setUp(self):
        self._rule_data = None
        self._rule = None

        self._api = MagicMock()
        self._context = MagicMock()
        self._chain = MagicMock()

        self._mn_rule = MagicMock()

        # Mock Chain MidoNet Client resource.
        self._chain.get_id.return_value = 'chain_0'
        self._chain._mn_resource.add_rule.return_value = self._mn_rule
        self._chain._mn_resource.get_id.return_value = 'mn_chain_0'

    def _load_rule_data(self, virtual_topology_data):
        """Loads rule data with a single rule """
        # Load rule virtual topology data from file.
        self._rule_data = virtual_topology_data['rules'][0].get('rule')
        self._rule = Rule(self._api, self._context, self._rule_data,
                          self._chain)
        self._rule.build()

    def test_load_simple_rule(self):
        """Tests if simple rule data can be correctly loaded from the yaml
           format and corresponding resource creation / update operations are
           performed.
        """
        self._load_rule_data(yaml.load("""
            rules:
              - rule:
                  id: 101
                  position: 1
                  dl_type: 0x86DD
                  type: drop
            """))

        self.assertNotEqual(None, self._rule)
        self.assertEqual(101, self._rule.get_id())
        self.assertEqual('chain_0', self._rule.get_chain_id())
        self.assertEqual('drop', self._rule.get_type())

        self._mn_rule.chain_id.assert_called_with('mn_chain_0')
        self._mn_rule.position.assert_called_with(1)
        self._mn_rule.dl_type.assert_called_with(34525)  # '0x86DD'
        self._mn_rule.type.assert_called_with('drop')
        self._mn_rule.create.assert_called_with()

    def test_load_nat_rule(self):
        """Tests if nat rule data can be correctly loaded from the yaml format
           and corresponding resource creation / update operations are
           performed.
        """
        self._load_rule_data(yaml.load("""
            rules:
              - rule:
                  id: 101
                  position: 1
                  type: snat
                  flow_action: accept
                  nw_src_address: 172.16.1.1
                  nw_src_length: 24
                  nw_dst_address: 172.16.1.2
                  nw_dst_length: 24
                  out_ports:
                    - 3e7c31c5-64d9-4184-a27a-3f985d83a71b
                    - 01e436f4-d6be-4218-8fca-415207da604d
                  nat_targets:
                    - addressFrom: 200.11.11.11
                      addressTo: 200.11.11.12
                      portFrom: 8888
                      portTo: 9999
                    - addressFrom: 200.11.11.21
                      addressTo: 200.11.11.22
                      portFrom: 8888
                      portTo: 9999
            """))

        self.assertNotEqual(None, self._rule)
        self.assertEqual(101, self._rule.get_id())
        self.assertEqual('chain_0', self._rule.get_chain_id())
        self.assertEqual('snat', self._rule.get_type())

        self._mn_rule.chain_id.assert_called_with('mn_chain_0')
        self._mn_rule.position.assert_called_with(1)
        self._mn_rule.type.assert_called_with('snat')
        self._mn_rule.flow_action.assert_called_with('accept')
        self._mn_rule.nw_src_address.assert_called_with('172.16.1.1')
        self._mn_rule.nw_src_length.assert_called_with(24)
        self._mn_rule.nw_dst_address.assert_called_with('172.16.1.2')
        self._mn_rule.nw_dst_length.assert_called_with(24)
        self._mn_rule.nat_targets.assert_called_with(
                 [{'addressFrom': '200.11.11.11',
                   'addressTo': '200.11.11.12',
                   'portFrom': 8888,
                   'portTo': 9999},
                  {'addressFrom': '200.11.11.21',
                   'addressTo': '200.11.11.22',
                   'portFrom': 8888,
                   'portTo': 9999}])
        self._mn_rule.create.assert_called_with()

    def test_out_port_resolution(self):
        """Tests if out port reference is registered to VTM correctly.
        """
        self._load_rule_data(yaml.load("""
            rules:
              - rule:
                  id: 101
                  position: 1
                  type: snat
                  flow_action: accept
                  nw_src_address: 172.16.1.1
                  nw_src_length: 24
                  nw_dst_address: 172.16.1.2
                  nw_dst_length: 24
                  out_ports:
                    - device_name: bridge-000-001
                      port_id: 1
                    - 01e436f4-d6be-4218-8fca-415207da604d
                  nat_targets:
                    - addressFrom: 200.11.11.11
                      addressTo: 200.11.11.12
                      portFrom: 8888
                      portTo: 9999
                    - addressFrom: 200.11.11.21
                      addressTo: 200.11.11.22
                      portFrom: 8888
                      portTo: 9999
            """))

        self._context.look_up_resource.assert_called_with(
                self._mn_rule,
                'out_ports',
                [{'device_name': 'bridge-000-001', 'port_id': 1},
                 '01e436f4-d6be-4218-8fca-415207da604d'])

    def test_in_port_resolution(self):
        """Tests if in port reference is registered to VTM correctly.
        """
        self._load_rule_data(yaml.load("""
            rules:
              - rule:
                  id: 101
                  position: 1
                  type: snat
                  flow_action: accept
                  nw_src_address: 172.16.1.1
                  nw_src_length: 24
                  nw_dst_address: 172.16.1.2
                  nw_dst_length: 24
                  in_ports:
                    - device_name: bridge-000-001
                      port_id: 1
                    - 01e436f4-d6be-4218-8fca-415207da604d
                  nat_targets:
                    - addressFrom: 200.11.11.11
                      addressTo: 200.11.11.12
                      portFrom: 8888
                      portTo: 9999
                    - addressFrom: 200.11.11.21
                      addressTo: 200.11.11.22
                      portFrom: 8888
                      portTo: 9999
            """))

        self._context.look_up_resource.assert_called_with(
                self._mn_rule,
                'in_ports',
                [{'device_name': 'bridge-000-001', 'port_id': 1},
                 '01e436f4-d6be-4218-8fca-415207da604d'])

    def test_port_group_resolution(self):
        """Tests if port group reference is registered to VTM correctly.
        """
        self._load_rule_data(yaml.load("""
            rules:
              - rule:
                  id: 101
                  position: 1
                  type: snat
                  flow_action: accept
                  port_group:
                    port_group_name: pg-1
            """))
        self._context.look_up_resource.assert_called_with(
                self._mn_rule, 'port_group', {'port_group_name': 'pg-1'})

    def test_jump_chain_resolution(self):
        """Tests if a jump chain reference is registered to VTM correctly.
        """
        self._load_rule_data(yaml.load("""
            rules:
              - rule:
                  id: 101
                  position: 1
                  type: snat
                  flow_action: accept
                  jump_chain_name: filter-001
            """))
        self._context.look_up_resource.assert_called_with(
                self._mn_rule,
                'jump_chain_id', {'chain_name': 'filter-001'})
        self._mn_rule.jump_chain_name.assert_called_with('filter-001')

    def test_jump_chain_resolution_chain_id_present(self):
        """Tests that no resolution is registered  if a chain ID is present.
        """
        self._load_rule_data(yaml.load("""
            rules:
              - rule:
                  id: 101
                  position: 1
                  type: snat
                  flow_action: accept
                  jump_chain_id: 111
                  jump_chain_name: filter-001
            """))

        self.assertEqual(0,
                len(self._context.register_resource_reference.mock_calls))
        self._mn_rule.jump_chain_id.assert_called_with(111)
        self._mn_rule.jump_chain_name.assert_called_with('filter-001')
Example #4
0
 def add_rule(self, rule):
     """Adds a given rule to this chain. """
     rule_obj = Rule(self._api, self._context, rule, self)
     rule_obj.build()
     self._rules[rule.get('id')] = rule_obj
Example #5
0
class RuleTest(unittest.TestCase):
    def setUp(self):
        self._rule_data = None
        self._rule = None

        self._api = MagicMock()
        self._context = MagicMock()
        self._chain = MagicMock()

        self._mn_rule = MagicMock()

        # Mock Chain MidoNet Client resource.
        self._chain.get_id.return_value = 'chain_0'
        self._chain._mn_resource.add_rule.return_value = self._mn_rule
        self._chain._mn_resource.get_id.return_value = 'mn_chain_0'

    def _load_rule_data(self, virtual_topology_data):
        """Loads rule data with a single rule """
        # Load rule virtual topology data from file.
        self._rule_data = virtual_topology_data['rules'][0].get('rule')
        self._rule = Rule(self._api, self._context, self._rule_data,
                          self._chain)
        self._rule.build()

    def test_load_simple_rule(self):
        """ Tests if simple rule data can be correctly loaded from the yaml
            format and corresponding resource creation / update operations are
            performed.
        """
        self._load_rule_data(
            yaml.load("""
            rules:
              - rule:
                  id: 101
                  position: 1
                  dl_type: 0x86DD
                  type: drop
            """))

        self.assertNotEqual(None, self._rule)
        self.assertEqual(101, self._rule.get_id())
        self.assertEqual('chain_0', self._rule.get_chain_id())
        self.assertEqual('drop', self._rule.get_type())

        self._mn_rule.chain_id.assert_called_with('mn_chain_0')
        self._mn_rule.position.assert_called_with(1)
        self._mn_rule.dl_type.assert_called_with(34525)  # '0x86DD'
        self._mn_rule.type.assert_called_with('drop')
        self._mn_rule.create.assert_called_with()

    def test_load_nat_rule(self):
        """ Tests if nat rule data can be correctly loaded from the yaml format
            and corresponding resource creation / update operations are
            performed.
        """
        self._load_rule_data(
            yaml.load("""
            rules:
              - rule:
                  id: 101
                  position: 1
                  type: snat
                  flow_action: accept
                  nw_src_address: 172.16.1.1
                  nw_src_length: 24
                  nw_dst_address: 172.16.1.2
                  nw_dst_length: 24
                  out_ports:
                    - 3e7c31c5-64d9-4184-a27a-3f985d83a71b
                    - 01e436f4-d6be-4218-8fca-415207da604d
                  nat_targets:
                    - addressFrom: 200.11.11.11
                      addressTo: 200.11.11.12
                      portFrom: 8888
                      portTo: 9999
                    - addressFrom: 200.11.11.21
                      addressTo: 200.11.11.22
                      portFrom: 8888
                      portTo: 9999
            """))

        self.assertNotEqual(None, self._rule)
        self.assertEqual(101, self._rule.get_id())
        self.assertEqual('chain_0', self._rule.get_chain_id())
        self.assertEqual('snat', self._rule.get_type())

        self._mn_rule.chain_id.assert_called_with('mn_chain_0')
        self._mn_rule.position.assert_called_with(1)
        self._mn_rule.type.assert_called_with('snat')
        self._mn_rule.flow_action.assert_called_with('accept')
        self._mn_rule.nw_src_address.assert_called_with('172.16.1.1')
        self._mn_rule.nw_src_length.assert_called_with(24)
        self._mn_rule.nw_dst_address.assert_called_with('172.16.1.2')
        self._mn_rule.nw_dst_length.assert_called_with(24)
        self._mn_rule.nat_targets.assert_called_with([{
            'addressFrom': '200.11.11.11',
            'addressTo': '200.11.11.12',
            'portFrom': 8888,
            'portTo': 9999
        }, {
            'addressFrom': '200.11.11.21',
            'addressTo': '200.11.11.22',
            'portFrom': 8888,
            'portTo': 9999
        }])
        self._mn_rule.create.assert_called_with()

    def test_out_port_resolution(self):
        """Tests if out port reference is registered to VTM correctly.
        """
        self._load_rule_data(
            yaml.load("""
            rules:
              - rule:
                  id: 101
                  position: 1
                  type: snat
                  flow_action: accept
                  nw_src_address: 172.16.1.1
                  nw_src_length: 24
                  nw_dst_address: 172.16.1.2
                  nw_dst_length: 24
                  out_ports:
                    - device_name: bridge-000-001
                      port_id: 1
                    - 01e436f4-d6be-4218-8fca-415207da604d
                  nat_targets:
                    - addressFrom: 200.11.11.11
                      addressTo: 200.11.11.12
                      portFrom: 8888
                      portTo: 9999
                    - addressFrom: 200.11.11.21
                      addressTo: 200.11.11.22
                      portFrom: 8888
                      portTo: 9999
            """))

        self._context.look_up_resource.assert_called_with(
            self._mn_rule, 'out_ports', [{
                'device_name': 'bridge-000-001',
                'port_id': 1
            }, '01e436f4-d6be-4218-8fca-415207da604d'])

    def test_in_port_resolution(self):
        """Tests if in port reference is registered to VTM correctly.
        """
        self._load_rule_data(
            yaml.load("""
            rules:
              - rule:
                  id: 101
                  position: 1
                  type: snat
                  flow_action: accept
                  nw_src_address: 172.16.1.1
                  nw_src_length: 24
                  nw_dst_address: 172.16.1.2
                  nw_dst_length: 24
                  in_ports:
                    - device_name: bridge-000-001
                      port_id: 1
                    - 01e436f4-d6be-4218-8fca-415207da604d
                  nat_targets:
                    - addressFrom: 200.11.11.11
                      addressTo: 200.11.11.12
                      portFrom: 8888
                      portTo: 9999
                    - addressFrom: 200.11.11.21
                      addressTo: 200.11.11.22
                      portFrom: 8888
                      portTo: 9999
            """))

        self._context.look_up_resource.assert_called_with(
            self._mn_rule, 'in_ports', [{
                'device_name': 'bridge-000-001',
                'port_id': 1
            }, '01e436f4-d6be-4218-8fca-415207da604d'])

    def test_port_group_resolution(self):
        """Tests if port group reference is registered to VTM correctly.
        """
        self._load_rule_data(
            yaml.load("""
            rules:
              - rule:
                  id: 101
                  position: 1
                  type: snat
                  flow_action: accept
                  port_group:
                    port_group_name: pg-1
            """))
        self._context.look_up_resource.assert_called_with(
            self._mn_rule, 'port_group', {'port_group_name': 'pg-1'})

    def test_jump_chain_resolution(self):
        """Tests if a jump chain reference is registered to VTM correctly.
        """
        self._load_rule_data(
            yaml.load("""
            rules:
              - rule:
                  id: 101
                  position: 1
                  type: snat
                  flow_action: accept
                  jump_chain_name: filter-001
            """))
        self._context.look_up_resource.assert_called_with(
            self._mn_rule, 'jump_chain_id', {'chain_name': 'filter-001'})
        self._mn_rule.jump_chain_name.assert_called_with('filter-001')

    def test_jump_chain_resolution_chain_id_present(self):
        """Tests that no resolution is registered  if a chain ID is present.
        """
        self._load_rule_data(
            yaml.load("""
            rules:
              - rule:
                  id: 101
                  position: 1
                  type: snat
                  flow_action: accept
                  jump_chain_id: 111
                  jump_chain_name: filter-001
            """))

        self.assertEqual(
            0, len(self._context.register_resource_reference.mock_calls))
        self._mn_rule.jump_chain_id.assert_called_with(111)
        self._mn_rule.jump_chain_name.assert_called_with('filter-001')
Example #6
0
 def add_rule(self, rule):
     """ Adds a given rule to this chain. """
     rule_obj = Rule(self._api, self._context, rule, self)
     rule_obj.build()
     self._rules[rule.get('id')] = rule_obj