def _load_rule_data(self, virtual_topology_data):
"""Loads rule data with a single rule """
# Load rule virtual topology data from file.
self._rule_data = virtual_topology_data['rules'][0].get('rule')
self._rule = Rule(self._api, self._context, self._rule_data,
self._chain)
self._rule.build()
def _load_rule_data(self, virtual_topology_data):
"""Loads rule data with a single rule """
# Load rule virtual topology data from file.
self._rule_data = virtual_topology_data['rules'][0].get('rule')
self._rule = Rule(self._api, self._context, self._rule_data,
self._chain)
self._rule.build()
class RuleTest(unittest.TestCase):
def setUp(self):
self._rule_data = None
self._rule = None
self._api = MagicMock()
self._context = MagicMock()
self._chain = MagicMock()
self._mn_rule = MagicMock()
# Mock Chain MidoNet Client resource.
self._chain.get_id.return_value = 'chain_0'
self._chain._mn_resource.add_rule.return_value = self._mn_rule
self._chain._mn_resource.get_id.return_value = 'mn_chain_0'
def _load_rule_data(self, virtual_topology_data):
"""Loads rule data with a single rule """
# Load rule virtual topology data from file.
self._rule_data = virtual_topology_data['rules'][0].get('rule')
self._rule = Rule(self._api, self._context, self._rule_data,
self._chain)
self._rule.build()
def test_load_simple_rule(self):
"""Tests if simple rule data can be correctly loaded from the yaml
format and corresponding resource creation / update operations are
performed.
"""
self._load_rule_data(yaml.load("""
rules:
- rule:
id: 101
position: 1
dl_type: 0x86DD
type: drop
"""))
self.assertNotEqual(None, self._rule)
self.assertEqual(101, self._rule.get_id())
self.assertEqual('chain_0', self._rule.get_chain_id())
self.assertEqual('drop', self._rule.get_type())
self._mn_rule.chain_id.assert_called_with('mn_chain_0')
self._mn_rule.position.assert_called_with(1)
self._mn_rule.dl_type.assert_called_with(34525) # '0x86DD'
self._mn_rule.type.assert_called_with('drop')
self._mn_rule.create.assert_called_with()
def test_load_nat_rule(self):
"""Tests if nat rule data can be correctly loaded from the yaml format
and corresponding resource creation / update operations are
performed.
"""
self._load_rule_data(yaml.load("""
rules:
- rule:
id: 101
position: 1
type: snat
flow_action: accept
nw_src_address: 172.16.1.1
nw_src_length: 24
nw_dst_address: 172.16.1.2
nw_dst_length: 24
out_ports:
- 3e7c31c5-64d9-4184-a27a-3f985d83a71b
- 01e436f4-d6be-4218-8fca-415207da604d
nat_targets:
- addressFrom: 200.11.11.11
addressTo: 200.11.11.12
portFrom: 8888
portTo: 9999
- addressFrom: 200.11.11.21
addressTo: 200.11.11.22
portFrom: 8888
portTo: 9999
"""))
self.assertNotEqual(None, self._rule)
self.assertEqual(101, self._rule.get_id())
self.assertEqual('chain_0', self._rule.get_chain_id())
self.assertEqual('snat', self._rule.get_type())
self._mn_rule.chain_id.assert_called_with('mn_chain_0')
self._mn_rule.position.assert_called_with(1)
self._mn_rule.type.assert_called_with('snat')
self._mn_rule.flow_action.assert_called_with('accept')
self._mn_rule.nw_src_address.assert_called_with('172.16.1.1')
self._mn_rule.nw_src_length.assert_called_with(24)
self._mn_rule.nw_dst_address.assert_called_with('172.16.1.2')
self._mn_rule.nw_dst_length.assert_called_with(24)
self._mn_rule.nat_targets.assert_called_with(
[{'addressFrom': '200.11.11.11',
'addressTo': '200.11.11.12',
'portFrom': 8888,
'portTo': 9999},
{'addressFrom': '200.11.11.21',
'addressTo': '200.11.11.22',
'portFrom': 8888,
'portTo': 9999}])
self._mn_rule.create.assert_called_with()
def test_out_port_resolution(self):
"""Tests if out port reference is registered to VTM correctly.
"""
self._load_rule_data(yaml.load("""
rules:
- rule:
id: 101
position: 1
type: snat
flow_action: accept
nw_src_address: 172.16.1.1
nw_src_length: 24
nw_dst_address: 172.16.1.2
nw_dst_length: 24
out_ports:
- device_name: bridge-000-001
port_id: 1
- 01e436f4-d6be-4218-8fca-415207da604d
nat_targets:
- addressFrom: 200.11.11.11
addressTo: 200.11.11.12
portFrom: 8888
portTo: 9999
- addressFrom: 200.11.11.21
addressTo: 200.11.11.22
portFrom: 8888
portTo: 9999
"""))
self._context.look_up_resource.assert_called_with(
self._mn_rule,
'out_ports',
[{'device_name': 'bridge-000-001', 'port_id': 1},
'01e436f4-d6be-4218-8fca-415207da604d'])
def test_in_port_resolution(self):
"""Tests if in port reference is registered to VTM correctly.
"""
self._load_rule_data(yaml.load("""
rules:
- rule:
id: 101
position: 1
type: snat
flow_action: accept
nw_src_address: 172.16.1.1
nw_src_length: 24
nw_dst_address: 172.16.1.2
nw_dst_length: 24
in_ports:
- device_name: bridge-000-001
port_id: 1
- 01e436f4-d6be-4218-8fca-415207da604d
nat_targets:
- addressFrom: 200.11.11.11
addressTo: 200.11.11.12
portFrom: 8888
portTo: 9999
- addressFrom: 200.11.11.21
addressTo: 200.11.11.22
portFrom: 8888
portTo: 9999
"""))
self._context.look_up_resource.assert_called_with(
self._mn_rule,
'in_ports',
[{'device_name': 'bridge-000-001', 'port_id': 1},
'01e436f4-d6be-4218-8fca-415207da604d'])
def test_port_group_resolution(self):
"""Tests if port group reference is registered to VTM correctly.
"""
self._load_rule_data(yaml.load("""
rules:
- rule:
id: 101
position: 1
type: snat
flow_action: accept
port_group:
port_group_name: pg-1
"""))
self._context.look_up_resource.assert_called_with(
self._mn_rule, 'port_group', {'port_group_name': 'pg-1'})
def test_jump_chain_resolution(self):
"""Tests if a jump chain reference is registered to VTM correctly.
"""
self._load_rule_data(yaml.load("""
rules:
- rule:
id: 101
position: 1
type: snat
flow_action: accept
jump_chain_name: filter-001
"""))
self._context.look_up_resource.assert_called_with(
self._mn_rule,
'jump_chain_id', {'chain_name': 'filter-001'})
self._mn_rule.jump_chain_name.assert_called_with('filter-001')
def test_jump_chain_resolution_chain_id_present(self):
"""Tests that no resolution is registered if a chain ID is present.
"""
self._load_rule_data(yaml.load("""
rules:
- rule:
id: 101
position: 1
type: snat
flow_action: accept
jump_chain_id: 111
jump_chain_name: filter-001
"""))
self.assertEqual(0,
len(self._context.register_resource_reference.mock_calls))
self._mn_rule.jump_chain_id.assert_called_with(111)
self._mn_rule.jump_chain_name.assert_called_with('filter-001')
def add_rule(self, rule):
"""Adds a given rule to this chain. """
rule_obj = Rule(self._api, self._context, rule, self)
rule_obj.build()
self._rules[rule.get('id')] = rule_obj
class RuleTest(unittest.TestCase):
def setUp(self):
self._rule_data = None
self._rule = None
self._api = MagicMock()
self._context = MagicMock()
self._chain = MagicMock()
self._mn_rule = MagicMock()
# Mock Chain MidoNet Client resource.
self._chain.get_id.return_value = 'chain_0'
self._chain._mn_resource.add_rule.return_value = self._mn_rule
self._chain._mn_resource.get_id.return_value = 'mn_chain_0'
def _load_rule_data(self, virtual_topology_data):
"""Loads rule data with a single rule """
# Load rule virtual topology data from file.
self._rule_data = virtual_topology_data['rules'][0].get('rule')
self._rule = Rule(self._api, self._context, self._rule_data,
self._chain)
self._rule.build()
def test_load_simple_rule(self):
""" Tests if simple rule data can be correctly loaded from the yaml
format and corresponding resource creation / update operations are
performed.
"""
self._load_rule_data(
yaml.load("""
rules:
- rule:
id: 101
position: 1
dl_type: 0x86DD
type: drop
"""))
self.assertNotEqual(None, self._rule)
self.assertEqual(101, self._rule.get_id())
self.assertEqual('chain_0', self._rule.get_chain_id())
self.assertEqual('drop', self._rule.get_type())
self._mn_rule.chain_id.assert_called_with('mn_chain_0')
self._mn_rule.position.assert_called_with(1)
self._mn_rule.dl_type.assert_called_with(34525) # '0x86DD'
self._mn_rule.type.assert_called_with('drop')
self._mn_rule.create.assert_called_with()
def test_load_nat_rule(self):
""" Tests if nat rule data can be correctly loaded from the yaml format
and corresponding resource creation / update operations are
performed.
"""
self._load_rule_data(
yaml.load("""
rules:
- rule:
id: 101
position: 1
type: snat
flow_action: accept
nw_src_address: 172.16.1.1
nw_src_length: 24
nw_dst_address: 172.16.1.2
nw_dst_length: 24
out_ports:
- 3e7c31c5-64d9-4184-a27a-3f985d83a71b
- 01e436f4-d6be-4218-8fca-415207da604d
nat_targets:
- addressFrom: 200.11.11.11
addressTo: 200.11.11.12
portFrom: 8888
portTo: 9999
- addressFrom: 200.11.11.21
addressTo: 200.11.11.22
portFrom: 8888
portTo: 9999
"""))
self.assertNotEqual(None, self._rule)
self.assertEqual(101, self._rule.get_id())
self.assertEqual('chain_0', self._rule.get_chain_id())
self.assertEqual('snat', self._rule.get_type())
self._mn_rule.chain_id.assert_called_with('mn_chain_0')
self._mn_rule.position.assert_called_with(1)
self._mn_rule.type.assert_called_with('snat')
self._mn_rule.flow_action.assert_called_with('accept')
self._mn_rule.nw_src_address.assert_called_with('172.16.1.1')
self._mn_rule.nw_src_length.assert_called_with(24)
self._mn_rule.nw_dst_address.assert_called_with('172.16.1.2')
self._mn_rule.nw_dst_length.assert_called_with(24)
self._mn_rule.nat_targets.assert_called_with([{
'addressFrom': '200.11.11.11',
'addressTo': '200.11.11.12',
'portFrom': 8888,
'portTo': 9999
}, {
'addressFrom': '200.11.11.21',
'addressTo': '200.11.11.22',
'portFrom': 8888,
'portTo': 9999
}])
self._mn_rule.create.assert_called_with()
def test_out_port_resolution(self):
"""Tests if out port reference is registered to VTM correctly.
"""
self._load_rule_data(
yaml.load("""
rules:
- rule:
id: 101
position: 1
type: snat
flow_action: accept
nw_src_address: 172.16.1.1
nw_src_length: 24
nw_dst_address: 172.16.1.2
nw_dst_length: 24
out_ports:
- device_name: bridge-000-001
port_id: 1
- 01e436f4-d6be-4218-8fca-415207da604d
nat_targets:
- addressFrom: 200.11.11.11
addressTo: 200.11.11.12
portFrom: 8888
portTo: 9999
- addressFrom: 200.11.11.21
addressTo: 200.11.11.22
portFrom: 8888
portTo: 9999
"""))
self._context.look_up_resource.assert_called_with(
self._mn_rule, 'out_ports', [{
'device_name': 'bridge-000-001',
'port_id': 1
}, '01e436f4-d6be-4218-8fca-415207da604d'])
def test_in_port_resolution(self):
"""Tests if in port reference is registered to VTM correctly.
"""
self._load_rule_data(
yaml.load("""
rules:
- rule:
id: 101
position: 1
type: snat
flow_action: accept
nw_src_address: 172.16.1.1
nw_src_length: 24
nw_dst_address: 172.16.1.2
nw_dst_length: 24
in_ports:
- device_name: bridge-000-001
port_id: 1
- 01e436f4-d6be-4218-8fca-415207da604d
nat_targets:
- addressFrom: 200.11.11.11
addressTo: 200.11.11.12
portFrom: 8888
portTo: 9999
- addressFrom: 200.11.11.21
addressTo: 200.11.11.22
portFrom: 8888
portTo: 9999
"""))
self._context.look_up_resource.assert_called_with(
self._mn_rule, 'in_ports', [{
'device_name': 'bridge-000-001',
'port_id': 1
}, '01e436f4-d6be-4218-8fca-415207da604d'])
def test_port_group_resolution(self):
"""Tests if port group reference is registered to VTM correctly.
"""
self._load_rule_data(
yaml.load("""
rules:
- rule:
id: 101
position: 1
type: snat
flow_action: accept
port_group:
port_group_name: pg-1
"""))
self._context.look_up_resource.assert_called_with(
self._mn_rule, 'port_group', {'port_group_name': 'pg-1'})
def test_jump_chain_resolution(self):
"""Tests if a jump chain reference is registered to VTM correctly.
"""
self._load_rule_data(
yaml.load("""
rules:
- rule:
id: 101
position: 1
type: snat
flow_action: accept
jump_chain_name: filter-001
"""))
self._context.look_up_resource.assert_called_with(
self._mn_rule, 'jump_chain_id', {'chain_name': 'filter-001'})
self._mn_rule.jump_chain_name.assert_called_with('filter-001')
def test_jump_chain_resolution_chain_id_present(self):
"""Tests that no resolution is registered if a chain ID is present.
"""
self._load_rule_data(
yaml.load("""
rules:
- rule:
id: 101
position: 1
type: snat
flow_action: accept
jump_chain_id: 111
jump_chain_name: filter-001
"""))
self.assertEqual(
0, len(self._context.register_resource_reference.mock_calls))
self._mn_rule.jump_chain_id.assert_called_with(111)
self._mn_rule.jump_chain_name.assert_called_with('filter-001')
def add_rule(self, rule):
""" Adds a given rule to this chain. """
rule_obj = Rule(self._api, self._context, rule, self)
rule_obj.build()
self._rules[rule.get('id')] = rule_obj