def _get_another_security_group(self, is_ipv6=False):
fake_security_group = secgroups.SecurityGroup(
name="fake_security_group",
topic="fake_tenant1",
version=5,
unique_key=2,
id="fake_security_group_id2",
rules=[
secgroups.SecurityGroupRule(
direction="egress",
security_group_id="fake_security_group_id2",
ethertype=self._get_ether_type(is_ipv6),
topic="fake_tenant1",
protocol="tcp",
port_range_max=None,
port_range_min=None,
remote_group_id=None,
remote_ip_prefix=self._get_ip_prefix(is_ipv6),
id="fake_security_group_rule_5"),
secgroups.SecurityGroupRule(
direction="ingress",
security_group_id="fake_security_group_id2",
ethertype=self._get_ether_type(is_ipv6),
topic="fake_tenant1",
port_range_max=None,
port_range_min=None,
protocol=None,
remote_group_id="fake_security_group_id2",
remote_ip_prefix=None,
id="fake_security_group_rule_6")
])
return fake_security_group
def test_add_del_security_group_rule(self):
# create another fake security group
security_group = self._get_another_security_group()
security_group_version = security_group.version
self.controller.update(security_group)
# add local port
fake_local_lport = self._get_another_local_lport()
fake_local_lport.security_groups = ['fake_security_group_id2']
self.controller.update(fake_local_lport)
self.mock_mod_flow.reset_mock()
self.mock_execute.reset_mock()
# add a security group rule
security_group = self._get_another_security_group()
security_group.rules.append(
secgroups.SecurityGroupRule(
direction="egress",
security_group_id="fake_security_group_id2",
ethertype=n_const.IPv4,
topic="fake_tenant1",
protocol='udp',
port_range_max=None,
port_range_min=None,
remote_group_id=None,
remote_ip_prefix=None,
id="fake_security_group_rule_7"))
security_group_version += 1
security_group.version = security_group_version
self.controller.update(security_group)
# add flows:
# 1. a egress rule flow in egress secgroup table
self.assertEqual(1, self._get_call_count_of_add_flow())
self.mock_mod_flow.reset_mock()
# remove a security group rule
security_group = self._get_another_security_group()
security_group_version += 1
security_group.version = security_group_version
self.controller.update(security_group)
# remove flows:
# 1. a egress rule flow in egress secgroup table
self.assertEqual(1, self._get_call_count_of_del_flow())
self.mock_mod_flow.reset_mock()
expected_conntrack_cmd1 = self._get_expected_conntrack_cmd(
ethertype=n_const.IPv4,
protocol='udp',
nw_src='10.0.0.10',
nw_dst=None,
zone=1)
self.mock_execute.assert_has_calls([expected_conntrack_cmd1],
any_order=True)
self.mock_execute.reset_mock()
# remove local ports
self.controller.delete(fake_local_lport)
self.mock_mod_flow.reset_mock()
# delete fake security group
self.controller.delete(security_group)
def security_group_rule_from_neutron_obj(secrule):
kwargs = copy.copy(secrule)
kwargs.pop('tenant_id', None)
kwargs.pop('updated_at', None)
kwargs.pop('created_at', None)
kwargs.pop('description', None)
topic = kwargs.pop('project_id', None)
if topic is not None:
kwargs['topic'] = topic
version = kwargs.pop('revision_number', None)
if version is not None:
kwargs['version'] = version
return secgroups.SecurityGroupRule(**kwargs)
lrouter='fake_router_id',
)
fake_security_group = secgroups.SecurityGroup(
name="fake_security_group",
topic="fake_tenant1",
version=5,
unique_key=1,
id="fake_security_group_id1",
rules=[
secgroups.SecurityGroupRule(
direction="egress",
security_group_id="fake_security_group_id1",
ethertype=n_const.IPv4,
topic="fake_tenant1",
port_range_max=53,
port_range_min=53,
protocol=n_const.PROTO_NUM_UDP,
remote_group_id=None,
remote_ip_prefix="192.168.180.0/28",
id="fake_security_group_rule_1"),
secgroups.SecurityGroupRule(
direction="ingress",
security_group_id="fake_security_group_id1",
ethertype="IPv4",
topic="fake_tenant1",
port_range_max=None,
port_range_min=None,
protocol=None,
remote_group_id="fake_security_group_id1",
remote_ip_prefix=None,
