def _stubs(self): ports = [{"device_id": 1, "mac_address": 1}] vifs = ["1.1", "2.2", "3.3"] security_groups = [{"id": 1, "name": "test_group"}] with contextlib.nested( mock.patch("neutron.context.get_admin_context"), mock.patch("quark.db.api.security_group_rule_find"), mock.patch("quark.db.api.ports_with_security_groups_find"), mock.patch("%s._get_connection" % TOOL_MOD)) as (get_admin_ctxt, rule_find, db_ports_groups, get_conn): connection_mock = mock.MagicMock() get_conn.return_value = connection_mock ports_with_groups_mock = mock.MagicMock() port_mods = [] sg_mods = [models.SecurityGroup(**sg) for sg in security_groups] for port in ports: port_mod = models.Port(**port) port_mod.security_groups = sg_mods port_mods.append(port_mod) sg_rule = models.SecurityGroupRule() rule_find.return_value = [sg_rule] db_ports_groups.return_value = ports_with_groups_mock ctxt_mock = mock.MagicMock() get_admin_ctxt.return_value = ctxt_mock ports_with_groups_mock.all.return_value = port_mods connection_mock.vif_keys.return_value = vifs connection_mock.serialize_rules.return_value = "rules" yield (get_conn, connection_mock, db_ports_groups, ctxt_mock, sg_rule)
def _stubs(self, rule, group, limit_raise=False): dbgroup = None if group: dbgroup = models.SecurityGroup() dbgroup.update(group) def _create_rule(context, **rule): dbrule = models.SecurityGroupRule() dbrule.update(rule) dbrule["group_id"] = rule['security_group_id'] return dbrule with contextlib.nested( mock.patch("quark.db.api.security_group_find"), mock.patch("quark.db.api.security_group_rule_find"), mock.patch("quark.db.api.security_group_rule_create"), mock.patch("quark.protocols.human_readable_protocol"), mock.patch("neutron.quota.QuotaEngine.limit_check")) as ( group_find, rule_find, rule_create, human, limit_check): group_find.return_value = dbgroup rule_find.return_value.count.return_value = group.get( 'port_rules', None) if group else 0 rule_create.side_effect = _create_rule human.return_value = rule["protocol"] if limit_raise: limit_check.side_effect = exceptions.OverQuota yield rule_create
def _stubs(self, security_group, other=0): dbgroup = models.SecurityGroup() dbgroup.update(security_group) with mock.patch("quark.db.api.security_group_find") as db_find, \ mock.patch("quark.db.api.security_group_create") as db_create: db_find.return_value.count.return_value = other db_create.return_value = dbgroup yield db_create
def _stubs(self, security_group, other=0): dbgroup = models.SecurityGroup() dbgroup.update(security_group) with contextlib.nested( mock.patch("quark.db.api.security_group_find"), mock.patch("quark.db.api.security_group_create"), ) as (db_find, db_create): db_find.return_value.count.return_value = other db_create.return_value = dbgroup yield db_create
def _stubs(self, security_group=None): dbgroup = None if security_group: dbgroup = models.SecurityGroup() dbgroup.update(security_group) with mock.patch("quark.db.api.security_group_find") as group_find, \ mock.patch("quark.db.api.security_group_delete") as \ db_group_delete: group_find.return_value = dbgroup db_group_delete.return_value = dbgroup yield db_group_delete
def _stubs(self, security_group=None): dbgroup = None if security_group: dbgroup = models.SecurityGroup() dbgroup.update(security_group) with contextlib.nested( mock.patch("quark.db.api.security_group_find"), mock.patch("quark.db.api.security_group_delete"), ) as (group_find, db_group_delete): group_find.return_value = dbgroup db_group_delete.return_value = dbgroup yield db_group_delete
def _stubs(self, rule={}, group={'id': 1}): dbrule = None dbgroup = None if group: dbgroup = models.SecurityGroup() dbgroup.update(group) if rule: dbrule = models.SecurityGroupRule() dbrule.update(dict(rule, group=dbgroup)) with contextlib.nested( mock.patch("quark.db.api.security_group_find"), mock.patch("quark.db.api.security_group_rule_find"), mock.patch("quark.db.api.security_group_rule_delete"), ) as (group_find, rule_find, db_group_delete): group_find.return_value = dbgroup rule_find.return_value = dbrule yield db_group_delete
def test_update_security_group_rule(self): sg_dict = {"id": 0} sg = models.SecurityGroup() sg.update(sg_dict) rule_dict = { "id": 1, "direction": "ingress", "port_range_min": 80, "port_range_max": 100, "remote_ip_prefix": None, "ethertype": protocols.translate_ethertype("IPv4"), "tenant_id": "foo", "protocol": "UDP", "group_id": 1, "external_service_id": None, "external_service": None } rule = models.SecurityGroupRule() rule.update(rule_dict) updated_part = { 'external_service_id': 'aaa', 'external_service': 'bbb' } with mock.patch('quark.db.api.security_group_rule_find') as db_find, \ mock.patch('quark.db.api.security_group_rule_update') \ as db_update, \ mock.patch('quark.db.api.security_group_find') as sg_find: db_find.return_value = rule rule_dict.update(updated_part) new_rule = models.SecurityGroupRule() new_rule.update(rule_dict) db_update.return_value = new_rule sg_find.return_value = sg update = dict(security_group_rule=updated_part) resp = self.plugin.update_security_group_rule( self.context, 1, update) self.assertEqual(resp['external_service_id'], updated_part['external_service_id']) self.assertEqual(resp['external_service'], updated_part['external_service'])
def _stubs(self, rule, group): dbrule = models.SecurityGroupRule() dbrule.update(rule) dbrule.group_id = rule['security_group_id'] dbgroup = None if group: dbgroup = models.SecurityGroup() dbgroup.update(group) with contextlib.nested( mock.patch("quark.db.api.security_group_find"), mock.patch("quark.db.api.security_group_rule_find"), mock.patch("quark.db.api.security_group_rule_create")) as ( group_find, rule_find, rule_create): group_find.return_value = dbgroup rule_find.return_value.count.return_value = group.get( 'port_rules', None) if group else 0 rule_create.return_value = dbrule yield rule_create
def test_serialize_filters_dest_v4_net(self, strict_redis, conn_pool): rule_dict = {"ethertype": 0x800, "protocol": 1, "direction": "egress", "remote_ip_prefix": "192.168.0.0/0"} client = sg_client.SecurityGroupsClient() group = models.SecurityGroup() rule = models.SecurityGroupRule() rule.update(rule_dict) group.rules.append(rule) payload = client.serialize_groups([group]) rule = payload[0] self.assertEqual(0x800, rule["ethertype"]) self.assertEqual(1, rule["protocol"]) self.assertEqual(None, rule["icmp type"]) self.assertEqual(None, rule["icmp code"]) self.assertEqual("allow", rule["action"]) self.assertEqual("egress", rule["direction"]) self.assertEqual("", rule["source network"]) self.assertEqual("", rule["destination network"])
def test_serialize_group_with_rules(self, strict_redis, conn_pool): rule_dict = {"ethertype": 0x800, "protocol": 6, "port_range_min": 80, "port_range_max": 443, "direction": "ingress"} client = sg_client.SecurityGroupsClient() group = models.SecurityGroup() rule = models.SecurityGroupRule() rule.update(rule_dict) group.rules.append(rule) payload = client.serialize_groups([group]) rule = payload[0] self.assertEqual(0x800, rule["ethertype"]) self.assertEqual(6, rule["protocol"]) self.assertEqual(80, rule["port start"]) self.assertEqual(443, rule["port end"]) self.assertEqual("allow", rule["action"]) self.assertEqual("ingress", rule["direction"]) self.assertEqual("", rule["source network"]) self.assertEqual("", rule["destination network"])
def test_serialize_group_with_rules_and_remote_network(self, redis): rule_dict = {"ethertype": 0x800, "protocol": 1, "direction": "ingress", "remote_ip_prefix": "192.168.0.0/24"} client = redis_client.Client() group = models.SecurityGroup() rule = models.SecurityGroupRule() rule.update(rule_dict) group.rules.append(rule) payload = client.serialize([group]) self.assertTrue(payload.get("id") is not None) rule = payload["rules"][0] self.assertEqual(0x800, rule["ethertype"]) self.assertEqual(1, rule["protocol"]) self.assertEqual(None, rule["port start"]) self.assertEqual(None, rule["port end"]) self.assertEqual("allow", rule["action"]) self.assertEqual("ingress", rule["direction"]) self.assertEqual("::ffff:192.168.0.0/120", rule["source network"]) self.assertEqual("", rule["destination network"])
def test_create_port_security_groups(self, groups=[1]): network = dict(id=1) mac = dict(address="aa:bb:cc:dd:ee:ff") port_name = "foobar" ip = dict() group = models.SecurityGroup() group.update({ 'id': 1, 'tenant_id': self.context.tenant_id, 'name': 'foo', 'description': 'bar' }) port = dict(port=dict(mac_address=mac["address"], network_id=1, tenant_id=self.context.tenant_id, device_id=2, name=port_name, security_groups=[group])) expected = { 'status': "ACTIVE", 'name': port_name, 'device_owner': None, 'mac_address': mac["address"], 'network_id': network["id"], 'tenant_id': self.context.tenant_id, 'admin_state_up': None, 'fixed_ips': [], 'security_groups': groups, 'device_id': 2 } with self._stubs(port=port["port"], network=network, addr=ip, mac=mac) as port_create: with mock.patch("quark.db.api.security_group_find") as group_find: group_find.return_value = (groups and group) port["port"]["security_groups"] = groups or [1] result = self.plugin.create_port(self.context, port) self.assertTrue(port_create.called) for key in expected.keys(): self.assertEqual(result[key], expected[key])
def test_serialize_filters_source_v6_net(self, strict_redis): rule_dict = { "ethertype": 0x86DD, "protocol": 58, "direction": "ingress", "remote_ip_prefix": "feed::/0" } client = sg_client.SecurityGroupsClient() group = models.SecurityGroup() rule = models.SecurityGroupRule() rule.update(rule_dict) group.rules.append(rule) payload = client.serialize_groups([group]) rule = payload[0] self.assertEqual(0x86DD, rule["ethertype"]) self.assertEqual(58, rule["protocol"]) self.assertEqual(None, rule["icmp type"]) self.assertEqual(None, rule["icmp code"]) self.assertEqual("allow", rule["action"]) self.assertEqual("ingress", rule["direction"]) self.assertEqual("", rule["source network"]) self.assertEqual("", rule["destination network"])
def security_group_create(context, **sec_group_dict): new_group = models.SecurityGroup() new_group.update(sec_group_dict) new_group["tenant_id"] = context.tenant_id context.session.add(new_group) return new_group
def test_serialize_group_no_rules(self, redis): client = redis_client.Client() group = models.SecurityGroup() payload = client.serialize([group]) self.assertTrue(payload.get("id") is not None) self.assertEqual([], payload.get("rules"))
def test_serialize_group_no_rules(self, strict_redis, conn_pool): client = sg_client.SecurityGroupsClient() group = models.SecurityGroup() payload = client.serialize_groups([group]) self.assertEqual([], payload)