def test_user_can_remove_rule_from_security_group(self): rule_to_remain = factories.SecurityGroupRuleFactory( security_group=self.security_group) rule_to_delete = factories.SecurityGroupRuleFactory( security_group=self.security_group) self.client.force_authenticate(self.fixture.admin) response = self.client.post(self.url, data=[{'id': rule_to_remain.id}]) self.assertEqual(response.status_code, status.HTTP_202_ACCEPTED) exist_rules = self.security_group.rules.all() self.assertIn(rule_to_remain, exist_rules) self.assertNotIn(rule_to_delete, exist_rules)
def test_security_group_rules_are_updated_when_one_more_rule_is_added( self): openstack_security_group = openstack_factories.SecurityGroupFactory( tenant=self.tenant, state=StateMixin.States.UPDATING) openstack_factories.SecurityGroupRuleFactory( security_group=openstack_security_group) security_group = factories.SecurityGroupFactory( settings=self.service_settings, backend_id=openstack_security_group.backend_id, ) openstack_security_group.set_ok() openstack_security_group.save() self.assertEqual(security_group.rules.count(), 1, 'Security group rule has not been added') self.assertEqual( security_group.rules.first().protocol, openstack_security_group.rules.first().protocol, ) self.assertEqual( security_group.rules.first().from_port, openstack_security_group.rules.first().from_port, ) self.assertEqual( security_group.rules.first().to_port, openstack_security_group.rules.first().to_port, )
def test_security_group_create(self): openstack_security_group = openstack_factories.SecurityGroupFactory( tenant=self.tenant, state=StateMixin.States.CREATING) openstack_security_rule = openstack_factories.SecurityGroupRuleFactory( security_group=openstack_security_group) self.assertEqual(models.SecurityGroup.objects.count(), 0) openstack_security_group.set_ok() openstack_security_group.save() self.assertEqual(models.SecurityGroup.objects.count(), 1) self.assertTrue( models.SecurityGroup.objects.filter( settings=self.service_settings, backend_id=openstack_security_group.backend_id, ).exists()) security_group_property = models.SecurityGroup.objects.get( settings=self.service_settings, backend_id=openstack_security_group.backend_id, ) self.assertTrue( security_group_property.rules.filter( backend_id=openstack_security_rule.backend_id).exists())
def test_pending_security_groups_are_not_duplicated(self): original_security_group = factories.SecurityGroupFactory(tenant=self.tenant) factories.SecurityGroupRuleFactory(security_group=original_security_group) security_group_in_progress = factories.SecurityGroupFactory( state=models.SecurityGroup.States.UPDATING, tenant=self.tenant ) factories.SecurityGroupRuleFactory(security_group=security_group_in_progress) security_groups = [original_security_group, security_group_in_progress] self.mocked_neutron().list_security_groups.return_value = self._form_backend_security_groups( security_groups ) self.backend.pull_tenant_security_groups(self.tenant) backend_ids = [sg.backend_id for sg in security_groups] actual_security_groups_count = models.SecurityGroup.objects.filter( backend_id__in=backend_ids ).count() self.assertEqual(actual_security_groups_count, len(security_groups))
def test_rule_without_backend_id_is_skipped_when_group_is_imported(self): group1 = openstack_factories.SecurityGroupFactory(tenant=self.tenant) group2 = openstack_factories.SecurityGroupFactory(tenant=self.tenant) rule = openstack_factories.SecurityGroupRuleFactory( security_group=group1, remote_group=group2, backend_id='') self.assertFalse( models.SecurityGroupRule.objects.filter( backend_id=rule.backend_id, security_group__backend_id=group1.backend_id, remote_group__backend_id=group2.backend_id, ).exists())
def test_when_group_is_imported_remote_group_is_imported_too(self): group1 = openstack_factories.SecurityGroupFactory(tenant=self.tenant) group2 = openstack_factories.SecurityGroupFactory(tenant=self.tenant) rule = openstack_factories.SecurityGroupRuleFactory( security_group=group1, remote_group=group2) self.assertTrue( models.SecurityGroupRule.objects.filter( backend_id=rule.backend_id, security_group__backend_id=group1.backend_id, remote_group__backend_id=group2.backend_id, ).exists())
def test_when_rule_is_updated_remote_group_is_synced(self): group1 = openstack_factories.SecurityGroupFactory(tenant=self.tenant) group2 = openstack_factories.SecurityGroupFactory(tenant=self.tenant) rule = openstack_factories.SecurityGroupRuleFactory( security_group=group1) rule.remote_group = group2 rule.save(update_fields=['remote_group']) self.assertTrue( models.SecurityGroupRule.objects.filter( backend_id=rule.backend_id, security_group__backend_id=group1.backend_id, remote_group__backend_id=group2.backend_id, ).exists())
def test_rule_without_backend_id_is_synced_when_backend_id_is_assigned( self): group1 = openstack_factories.SecurityGroupFactory(tenant=self.tenant) group2 = openstack_factories.SecurityGroupFactory(tenant=self.tenant) rule = openstack_factories.SecurityGroupRuleFactory( security_group=group1, remote_group=group2, backend_id='') rule.backend_id = 'valid_backend_id' rule.save() self.assertTrue( models.SecurityGroupRule.objects.filter( backend_id=rule.backend_id, security_group__backend_id=group1.backend_id, remote_group__backend_id=group2.backend_id, ).exists())
def test_rule_is_not_updated_if_port_range_is_invalid(self): rule = factories.SecurityGroupRuleFactory( security_group=self.security_group, from_port=2222, to_port=2222) self.client.force_authenticate(self.fixture.admin) data = [{ 'protocol': rule.protocol, 'from_port': 125, 'to_port': 25, 'cidr': rule.cidr, }] response = self.client.post(self.url, data=data) self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) rule.refresh_from_db() self.assertEqual(rule.from_port, 2222) self.assertEqual(rule.to_port, 2222)
def test_when_security_group_is_created_remote_group_is_filled(self): group1 = openstack_factories.SecurityGroupFactory( tenant=self.tenant, state=StateMixin.States.CREATING) group2 = openstack_factories.SecurityGroupFactory(tenant=self.tenant) openstack_security_rule = openstack_factories.SecurityGroupRuleFactory( security_group=group1, remote_group=group2) group1.set_ok() group1.save() self.assertTrue( models.SecurityGroupRule.objects.filter( backend_id=openstack_security_rule.backend_id, security_group__backend_id=group1.backend_id, remote_group__backend_id=group2.backend_id, ).exists())
def test_security_group_rules_are_deleted(self): # Arrange openstack_security_group = openstack_factories.SecurityGroupFactory( tenant=self.tenant, state=StateMixin.States.UPDATING) rule = openstack_factories.SecurityGroupRuleFactory( security_group=openstack_security_group) security_group = factories.SecurityGroupFactory( settings=self.service_settings, backend_id=openstack_security_group.backend_id, ) # Act openstack_security_group.set_ok() openstack_security_group.save() rule.delete() # Assert self.assertEqual(security_group.rules.count(), 0, 'Security group rule has not been deleted')
def test_user_can_add_new_security_group_rule_and_leave_existing(self): exist_rule = factories.SecurityGroupRuleFactory( security_group=self.security_group) self.client.force_authenticate(self.fixture.admin) new_rule_data = { 'protocol': 'udp', 'from_port': 100, 'to_port': 8001, 'cidr': '11.11.1.2/24', } response = self.client.post(self.url, data=[{ 'id': exist_rule.id }, new_rule_data]) self.assertEqual(response.status_code, status.HTTP_202_ACCEPTED) self.assertEqual(self.security_group.rules.count(), 2) self.assertTrue( self.security_group.rules.filter(id=exist_rule.id).exists()) self.assertTrue( self.security_group.rules.filter(**new_rule_data).exists())
def test_egress_rules_are_not_modified(self): security_group = self.fixture.security_group rule = factories.SecurityGroupRuleFactory(security_group=security_group) INGRESS_RULE_ID = 'c0b09f00-1d49-4e64-a0a7-8a186d928138' self.mocked_neutron().show_security_group.return_value = { 'security_group': { 'security_group_rules': [ { "direction": "egress", "ethertype": "IPv4", "id": "93aa42e5-80db-4581-9391-3a608bd0e448", "port_range_max": None, "port_range_min": None, "protocol": None, "remote_group_id": None, "remote_ip_prefix": None, "security_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5", "project_id": "e4f50856753b4dc6afee5fa6b9b6c550", "revision_number": 1, "created_at": "2018-03-19T19:16:56Z", "updated_at": "2018-03-19T19:16:56Z", "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550", "description": "", }, { "direction": "ingress", "ethertype": "IPv6", "id": INGRESS_RULE_ID, "port_range_max": None, "port_range_min": None, "protocol": None, "remote_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5", "remote_ip_prefix": None, "security_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5", "project_id": "e4f50856753b4dc6afee5fa6b9b6c550", "revision_number": 2, "created_at": "2018-03-19T19:16:56Z", "updated_at": "2018-03-19T19:16:56Z", "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550", "description": "", }, ] } } self.backend.push_security_group_rules(security_group) self.mocked_neutron().delete_security_group_rule.assert_called_once_with( INGRESS_RULE_ID ) self.mocked_neutron().create_security_group_rule.assert_called_once_with( { 'security_group_rule': { 'security_group_id': security_group.backend_id, 'direction': 'ingress', 'protocol': rule.protocol, 'port_range_min': rule.from_port, 'port_range_max': rule.to_port, 'remote_ip_prefix': rule.cidr, } } )