def security_group_rule_create(context, **rule_dict): new_rule = models.SecurityGroupRule() new_rule.update(rule_dict) new_rule.group_id = rule_dict['security_group_id'] new_rule.tenant_id = rule_dict['tenant_id'] context.session.add(new_rule) return new_rule
def _stubs(self): ports = [{"device_id": 1, "mac_address": 1}] vifs = ["1.1", "2.2", "3.3"] security_groups = [{"id": 1, "name": "test_group"}] with contextlib.nested( mock.patch("neutron.context.get_admin_context"), mock.patch("quark.db.api.security_group_rule_find"), mock.patch("quark.db.api.ports_with_security_groups_find"), mock.patch("%s._get_connection" % TOOL_MOD)) as (get_admin_ctxt, rule_find, db_ports_groups, get_conn): connection_mock = mock.MagicMock() get_conn.return_value = connection_mock ports_with_groups_mock = mock.MagicMock() port_mods = [] sg_mods = [models.SecurityGroup(**sg) for sg in security_groups] for port in ports: port_mod = models.Port(**port) port_mod.security_groups = sg_mods port_mods.append(port_mod) sg_rule = models.SecurityGroupRule() rule_find.return_value = [sg_rule] db_ports_groups.return_value = ports_with_groups_mock ctxt_mock = mock.MagicMock() get_admin_ctxt.return_value = ctxt_mock ports_with_groups_mock.all.return_value = port_mods connection_mock.vif_keys.return_value = vifs connection_mock.serialize_rules.return_value = "rules" yield (get_conn, connection_mock, db_ports_groups, ctxt_mock, sg_rule)
def test_create_security_rule_group_at_max(self): with self.assertRaises(exceptions.OverQuota): self._test_create_security_rule( group={ 'id': 1, 'rules': [models.SecurityGroupRule()] })
def _make_rules(rules): rule_mods = [] for rule in rules: r = models.SecurityGroupRule() r.update(dict(id=rule)) rule_mods.append(r) return rule_mods
def test_update_security_group(self): v4_ethertype = protocols.ETHERTYPES["IPv4"] rule_dict = { "ethertype": v4_ethertype, "protocol": protocols.PROTOCOL_MAP[v4_ethertype]["tcp"] } rule = models.SecurityGroupRule() rule.update(rule_dict) group = { "name": "foo", "description": "bar", "tenant_id": self.context.tenant_id, "rules": [rule] } updated_group = group.copy() updated_group["name"] = "bar" with contextlib.nested( mock.patch("quark.db.api.security_group_find"), mock.patch("quark.db.api.security_group_update"), ) as (db_find, db_update): db_find.return_value = group db_update.return_value = updated_group update = dict(security_group=dict(name="bar")) resp = self.plugin.update_security_group(self.context, 1, update) self.assertEqual(resp["name"], updated_group["name"])
def test_create_security_rule_group_at_max(self): with self.assertRaises(n_exc.OverQuota): self._test_create_security_rule(group={ 'id': 1, 'rules': [models.SecurityGroupRule()] }, limit_raise=True)
def test_update_security_group_rule(self): sg_dict = {"id": 0} sg = models.SecurityGroup() sg.update(sg_dict) rule_dict = { "id": 1, "direction": "ingress", "port_range_min": 80, "port_range_max": 100, "remote_ip_prefix": None, "ethertype": protocols.translate_ethertype("IPv4"), "tenant_id": "foo", "protocol": "UDP", "group_id": 1, "external_service_id": None, "external_service": None } rule = models.SecurityGroupRule() rule.update(rule_dict) updated_part = { 'external_service_id': 'aaa', 'external_service': 'bbb' } with mock.patch('quark.db.api.security_group_rule_find') as db_find, \ mock.patch('quark.db.api.security_group_rule_update') \ as db_update, \ mock.patch('quark.db.api.security_group_find') as sg_find: db_find.return_value = rule rule_dict.update(updated_part) new_rule = models.SecurityGroupRule() new_rule.update(rule_dict) db_update.return_value = new_rule sg_find.return_value = sg update = dict(security_group_rule=updated_part) resp = self.plugin.update_security_group_rule( self.context, 1, update) self.assertEqual(resp['external_service_id'], updated_part['external_service_id']) self.assertEqual(resp['external_service'], updated_part['external_service'])
def _stubs(self, rule={}, group={'id': 1}): dbrule = None dbgroup = None if group: dbgroup = models.SecurityGroup() dbgroup.update(group) if rule: dbrule = models.SecurityGroupRule() dbrule.update(dict(rule, group=dbgroup)) with contextlib.nested( mock.patch("quark.db.api.security_group_find"), mock.patch("quark.db.api.security_group_rule_find"), mock.patch("quark.db.api.security_group_rule_delete"), ) as (group_find, rule_find, db_group_delete): group_find.return_value = dbgroup rule_find.return_value = dbrule yield db_group_delete
def _stubs(self, finds_rule=True): with contextlib.nested( mock.patch("quark.db.api.security_group_find"), mock.patch("quark.db.api.security_group_rule_find"), mock.patch("neutron.extensions.securitygroup." "SecurityGroupNotFound.__init__"), mock.patch("neutron.extensions.securitygroup." "SecurityGroupRuleNotFound.__init__"), mock.patch("quark.plugin_modules.security_groups." "_validate_security_group_rule") ) as (group_find, rule_find, group_exc, rule_exc, validate): group_find.return_value = None rule_find.return_value = None if finds_rule: rule_find.return_value = models.SecurityGroupRule() group_exc.return_value = None rule_exc.return_value = None yield group_exc, rule_exc
def _stubs(self, rule, group): dbrule = models.SecurityGroupRule() dbrule.update(rule) dbrule.group_id = rule['security_group_id'] dbgroup = None if group: dbgroup = models.SecurityGroup() dbgroup.update(group) with contextlib.nested( mock.patch("quark.db.api.security_group_find"), mock.patch("quark.db.api.security_group_rule_find"), mock.patch("quark.db.api.security_group_rule_create")) as ( group_find, rule_find, rule_create): group_find.return_value = dbgroup rule_find.return_value.count.return_value = group.get( 'port_rules', None) if group else 0 rule_create.return_value = dbrule yield rule_create
def test_serialize_filters_dest_v4_net(self, strict_redis, conn_pool): rule_dict = {"ethertype": 0x800, "protocol": 1, "direction": "egress", "remote_ip_prefix": "192.168.0.0/0"} client = sg_client.SecurityGroupsClient() group = models.SecurityGroup() rule = models.SecurityGroupRule() rule.update(rule_dict) group.rules.append(rule) payload = client.serialize_groups([group]) rule = payload[0] self.assertEqual(0x800, rule["ethertype"]) self.assertEqual(1, rule["protocol"]) self.assertEqual(None, rule["icmp type"]) self.assertEqual(None, rule["icmp code"]) self.assertEqual("allow", rule["action"]) self.assertEqual("egress", rule["direction"]) self.assertEqual("", rule["source network"]) self.assertEqual("", rule["destination network"])
def test_serialize_group_with_rules(self, strict_redis, conn_pool): rule_dict = {"ethertype": 0x800, "protocol": 6, "port_range_min": 80, "port_range_max": 443, "direction": "ingress"} client = sg_client.SecurityGroupsClient() group = models.SecurityGroup() rule = models.SecurityGroupRule() rule.update(rule_dict) group.rules.append(rule) payload = client.serialize_groups([group]) rule = payload[0] self.assertEqual(0x800, rule["ethertype"]) self.assertEqual(6, rule["protocol"]) self.assertEqual(80, rule["port start"]) self.assertEqual(443, rule["port end"]) self.assertEqual("allow", rule["action"]) self.assertEqual("ingress", rule["direction"]) self.assertEqual("", rule["source network"]) self.assertEqual("", rule["destination network"])
def test_serialize_group_with_rules_and_remote_network(self, redis): rule_dict = {"ethertype": 0x800, "protocol": 1, "direction": "ingress", "remote_ip_prefix": "192.168.0.0/24"} client = redis_client.Client() group = models.SecurityGroup() rule = models.SecurityGroupRule() rule.update(rule_dict) group.rules.append(rule) payload = client.serialize([group]) self.assertTrue(payload.get("id") is not None) rule = payload["rules"][0] self.assertEqual(0x800, rule["ethertype"]) self.assertEqual(1, rule["protocol"]) self.assertEqual(None, rule["port start"]) self.assertEqual(None, rule["port end"]) self.assertEqual("allow", rule["action"]) self.assertEqual("ingress", rule["direction"]) self.assertEqual("::ffff:192.168.0.0/120", rule["source network"]) self.assertEqual("", rule["destination network"])
def test_update_security_group(self): rule = models.SecurityGroupRule() rule.update(dict(id=1)) group = { "name": "foo", "description": "bar", "tenant_id": self.context.tenant_id, "rules": [rule] } updated_group = group.copy() updated_group["name"] = "bar" with contextlib.nested( mock.patch("quark.db.api.security_group_find"), mock.patch("quark.db.api.security_group_update"), ) as (db_find, db_update): db_find.return_value = group db_update.return_value = updated_group update = dict(security_group=dict(name="bar")) resp = self.plugin.update_security_group(self.context, 1, update) self.assertEqual(resp["name"], updated_group["name"])
def test_serialize_filters_source_v6_net(self, strict_redis): rule_dict = { "ethertype": 0x86DD, "protocol": 58, "direction": "ingress", "remote_ip_prefix": "feed::/0" } client = sg_client.SecurityGroupsClient() group = models.SecurityGroup() rule = models.SecurityGroupRule() rule.update(rule_dict) group.rules.append(rule) payload = client.serialize_groups([group]) rule = payload[0] self.assertEqual(0x86DD, rule["ethertype"]) self.assertEqual(58, rule["protocol"]) self.assertEqual(None, rule["icmp type"]) self.assertEqual(None, rule["icmp code"]) self.assertEqual("allow", rule["action"]) self.assertEqual("ingress", rule["direction"]) self.assertEqual("", rule["source network"]) self.assertEqual("", rule["destination network"])
def _create_rule(context, **rule): dbrule = models.SecurityGroupRule() dbrule.update(rule) dbrule["group_id"] = rule['security_group_id'] return dbrule