def test_create_vpn_connection_rollback(self):
self.set_mock_db_items(fakes.DB_VPN_GATEWAY_1,
fakes.DB_CUSTOMER_GATEWAY_1)
self.neutron.create_ikepolicy.side_effect = (tools.get_neutron_create(
'ikepolicy', fakes.ID_OS_IKEPOLICY_1))
self.neutron.create_ipsecpolicy.side_effect = (
tools.get_neutron_create('ipsecpolicy', fakes.ID_OS_IPSECPOLICY_1))
self.db_api.add_item.side_effect = (tools.get_db_api_add_item(
fakes.ID_EC2_VPN_CONNECTION_1))
self.neutron.update_ikepolicy.side_effect = Exception()
self.assert_execution_error(
self.ANY_EXECUTE_ERROR, 'CreateVpnConnection', {
'VpnGatewayId': fakes.ID_EC2_VPN_GATEWAY_1,
'CustomerGatewayId': fakes.ID_EC2_CUSTOMER_GATEWAY_1,
'Type': 'ipsec.1',
'Options.StaticRoutesOnly': 'True'
})
self.db_api.delete_item.assert_called_once_with(
mock.ANY, fakes.ID_EC2_VPN_CONNECTION_1)
self.neutron.delete_ipsecpolicy.assert_called_once_with(
fakes.ID_OS_IPSECPOLICY_1)
self.neutron.delete_ikepolicy.assert_called_once_with(
fakes.ID_OS_IKEPOLICY_1)
def test_create_subnet(self):
self.set_mock_db_items(fakes.DB_VPC_1, fakes.DB_ROUTE_TABLE_1)
self.db_api.add_item.side_effect = (tools.get_db_api_add_item(
fakes.ID_EC2_SUBNET_1))
self.neutron.create_network.side_effect = (tools.get_neutron_create(
'network', fakes.ID_OS_NETWORK_1, {'status': 'available'}))
self.neutron.create_subnet.side_effect = (tools.get_neutron_create(
'subnet', fakes.ID_OS_SUBNET_1))
subnet_1 = tools.purge_dict(fakes.DB_SUBNET_1, ('os_vpnservice_id', ))
def check_response(resp):
self.assertThat(fakes.EC2_SUBNET_1,
matchers.DictMatches(resp['subnet']))
self.db_api.add_item.assert_called_once_with(
mock.ANY, 'subnet', tools.purge_dict(subnet_1, ('id', )))
self.neutron.create_network.assert_called_once_with(
{'network': {}})
self.neutron.update_network.assert_called_once_with(
fakes.ID_OS_NETWORK_1,
{'network': {
'name': fakes.ID_EC2_SUBNET_1
}})
self.neutron.create_subnet.assert_called_once_with({
'subnet':
tools.purge_dict(fakes.OS_SUBNET_1,
('id', 'name', 'gateway_ip'))
})
self.neutron.update_subnet.assert_called_once_with(
fakes.ID_OS_SUBNET_1, {
'subnet': {
'name': fakes.ID_EC2_SUBNET_1,
'gateway_ip': None
}
})
self.neutron.add_interface_router.assert_called_once_with(
fakes.ID_OS_ROUTER_1, {'subnet_id': fakes.ID_OS_SUBNET_1})
self.vpn_gateway_api._start_vpn_in_subnet.assert_called_once_with(
mock.ANY, self.neutron, mock.ANY, subnet_1, fakes.DB_VPC_1,
fakes.DB_ROUTE_TABLE_1)
self.assertIsInstance(
self.vpn_gateway_api._start_vpn_in_subnet.call_args[0][2],
common.OnCrashCleaner)
resp = self.execute('CreateSubnet', {
'VpcId': fakes.ID_EC2_VPC_1,
'CidrBlock': fakes.CIDR_SUBNET_1
})
check_response(resp)
self.neutron.reset_mock()
self.db_api.reset_mock()
self.vpn_gateway_api.reset_mock()
resp = self.execute(
'CreateSubnet', {
'VpcId': fakes.ID_EC2_VPC_1,
'CidrBlock': fakes.CIDR_SUBNET_1,
'AvailabilityZone': 'nova'
})
check_response(resp)
def test_create_subnet(self):
self.set_mock_db_items(fakes.DB_VPC_1, fakes.DB_ROUTE_TABLE_1)
self.db_api.add_item.side_effect = (tools.get_db_api_add_item(
fakes.ID_EC2_SUBNET_1))
self.neutron.create_network.side_effect = (tools.get_neutron_create(
'network', fakes.ID_OS_NETWORK_1, {'status': 'available'}))
self.neutron.create_subnet.side_effect = (tools.get_neutron_create(
'subnet', fakes.ID_OS_SUBNET_1))
def check_response(resp):
self.assertThat(fakes.EC2_SUBNET_1,
matchers.DictMatches(resp['subnet']))
self.db_api.add_item.assert_called_once_with(mock.ANY,
'subnet',
tools.purge_dict(
fakes.DB_SUBNET_1,
('id', )),
project_id=None)
self.neutron.create_network.assert_called_once_with(
{'network': {}})
self.neutron.update_network.assert_called_once_with(
fakes.ID_OS_NETWORK_1,
{'network': {
'name': fakes.ID_EC2_SUBNET_1
}})
self.neutron.create_subnet.assert_called_once_with({
'subnet':
tools.purge_dict(fakes.OS_SUBNET_1, ('id', 'name'))
})
self.neutron.update_subnet.assert_called_once_with(
fakes.ID_OS_SUBNET_1,
{'subnet': {
'name': fakes.ID_EC2_SUBNET_1
}})
self.neutron.add_interface_router.assert_called_once_with(
fakes.ID_OS_ROUTER_1, {'subnet_id': fakes.ID_OS_SUBNET_1})
resp = self.execute('CreateSubnet', {
'VpcId': fakes.ID_EC2_VPC_1,
'CidrBlock': fakes.CIDR_SUBNET_1
})
check_response(resp)
self.neutron.reset_mock()
self.db_api.reset_mock()
resp = self.execute(
'CreateSubnet', {
'VpcId': fakes.ID_EC2_VPC_1,
'CidrBlock': fakes.CIDR_SUBNET_1,
'AvailabilityZone': 'nova'
})
check_response(resp)
def test_create_subnet_overlapped(self):
self.set_mock_db_items(fakes.DB_VPC_1, fakes.DB_ROUTE_TABLE_1)
self.neutron.create_network.side_effect = (
tools.get_neutron_create('network', fakes.ID_OS_NETWORK_1,
{'status': 'available'}))
self.neutron.create_subnet.side_effect = (
tools.get_neutron_create('subnet', fakes.ID_OS_SUBNET_1))
self.neutron.add_interface_router.side_effect = (
neutron_exception.BadRequest())
self.assert_execution_error('InvalidSubnet.Conflict', 'CreateSubnet',
{'VpcId': fakes.ID_EC2_VPC_1,
'CidrBlock': fakes.CIDR_SUBNET_1})
def test_create_subnet_overlapped(self):
self.set_mock_db_items(fakes.DB_VPC_1, fakes.DB_ROUTE_TABLE_1)
self.neutron.create_network.side_effect = (tools.get_neutron_create(
'network', fakes.ID_OS_NETWORK_1, {'status': 'available'}))
self.neutron.create_subnet.side_effect = (tools.get_neutron_create(
'subnet', fakes.ID_OS_SUBNET_1))
self.neutron.add_interface_router.side_effect = (
neutron_exception.BadRequest())
self.assert_execution_error('InvalidSubnet.Conflict', 'CreateSubnet', {
'VpcId': fakes.ID_EC2_VPC_1,
'CidrBlock': fakes.CIDR_SUBNET_1
})
def test_create_subnet(self):
self.set_mock_db_items(fakes.DB_VPC_1, fakes.DB_ROUTE_TABLE_1)
self.db_api.add_item.side_effect = (
tools.get_db_api_add_item(fakes.ID_EC2_SUBNET_1))
self.neutron.create_network.side_effect = (
tools.get_neutron_create('network', fakes.ID_OS_NETWORK_1,
{'status': 'available'}))
self.neutron.create_subnet.side_effect = (
tools.get_neutron_create('subnet', fakes.ID_OS_SUBNET_1))
subnet_1 = tools.purge_dict(fakes.DB_SUBNET_1, ('os_vpnservice_id',))
def check_response(resp):
self.assertThat(fakes.EC2_SUBNET_1, matchers.DictMatches(
resp['subnet']))
self.db_api.add_item.assert_called_once_with(
mock.ANY, 'subnet',
tools.purge_dict(subnet_1, ('id',)))
self.neutron.create_network.assert_called_once_with(
{'network': {}})
self.neutron.update_network.assert_called_once_with(
fakes.ID_OS_NETWORK_1,
{'network': {'name': fakes.ID_EC2_SUBNET_1}})
self.neutron.create_subnet.assert_called_once_with(
{'subnet': tools.purge_dict(fakes.OS_SUBNET_1,
('id', 'name', 'gateway_ip'))})
self.neutron.update_subnet.assert_called_once_with(
fakes.ID_OS_SUBNET_1,
{'subnet': {'name': fakes.ID_EC2_SUBNET_1,
'gateway_ip': None}})
self.neutron.add_interface_router.assert_called_once_with(
fakes.ID_OS_ROUTER_1,
{'subnet_id': fakes.ID_OS_SUBNET_1})
self.vpn_gateway_api._start_vpn_in_subnet.assert_called_once_with(
mock.ANY, self.neutron, mock.ANY, subnet_1,
fakes.DB_VPC_1, fakes.DB_ROUTE_TABLE_1)
self.assertIsInstance(
self.vpn_gateway_api._start_vpn_in_subnet.call_args[0][2],
common.OnCrashCleaner)
resp = self.execute('CreateSubnet', {'VpcId': fakes.ID_EC2_VPC_1,
'CidrBlock': fakes.CIDR_SUBNET_1})
check_response(resp)
self.neutron.reset_mock()
self.db_api.reset_mock()
self.vpn_gateway_api.reset_mock()
resp = self.execute('CreateSubnet', {'VpcId': fakes.ID_EC2_VPC_1,
'CidrBlock': fakes.CIDR_SUBNET_1,
'AvailabilityZone': 'nova'})
check_response(resp)
def test_create_vpn_connection(self, random_choice, reset_vpn_connections,
describe_vpn_connections):
self.set_mock_db_items(
fakes.DB_VPN_GATEWAY_1, fakes.DB_VPN_GATEWAY_2,
fakes.DB_CUSTOMER_GATEWAY_1, fakes.DB_CUSTOMER_GATEWAY_2,
fakes.DB_VPC_1)
self.neutron.create_ikepolicy.side_effect = (
tools.get_neutron_create('ikepolicy', fakes.ID_OS_IKEPOLICY_1))
self.neutron.create_ipsecpolicy.side_effect = (
tools.get_neutron_create('ipsecpolicy', fakes.ID_OS_IPSECPOLICY_1))
self.db_api.add_item.side_effect = (
tools.get_db_api_add_item(fakes.ID_EC2_VPN_CONNECTION_1))
random_choice.side_effect = iter(fakes.PRE_SHARED_KEY_1)
describe_vpn_connections.return_value = {
'vpnConnectionSet': [fakes.EC2_VPN_CONNECTION_1]}
resp = self.execute(
'CreateVpnConnection',
{'VpnGatewayId': fakes.ID_EC2_VPN_GATEWAY_1,
'CustomerGatewayId': fakes.ID_EC2_CUSTOMER_GATEWAY_1,
'Type': 'ipsec.1',
'Options.StaticRoutesOnly': 'True'})
self.assertThat(
resp,
matchers.DictMatches(
{'vpnConnection': fakes.EC2_VPN_CONNECTION_1}))
self.neutron.create_ikepolicy.assert_called_once_with(
{'ikepolicy': tools.purge_dict(fakes.OS_IKEPOLICY_1, ('id',))})
self.neutron.create_ipsecpolicy.assert_called_once_with(
{'ipsecpolicy': tools.purge_dict(fakes.OS_IPSECPOLICY_1, ('id',))})
random_choice.assert_called_with(vpn_connection_api.SHARED_KEY_CHARS)
new_vpn_connection_1 = tools.update_dict(
fakes.DB_VPN_CONNECTION_1, {'cidrs': [],
'os_ipsec_site_connections': {}})
self.db_api.add_item.assert_called_once_with(
mock.ANY, 'vpn',
tools.purge_dict(new_vpn_connection_1, ('id', 'vpc_id', 'os_id')))
self.neutron.update_ikepolicy.assert_called_once_with(
fakes.ID_OS_IKEPOLICY_1,
{'ikepolicy': {'name': fakes.ID_EC2_VPN_CONNECTION_1}})
self.neutron.update_ipsecpolicy.assert_called_once_with(
fakes.ID_OS_IPSECPOLICY_1,
{'ipsecpolicy': {'name': fakes.ID_EC2_VPN_CONNECTION_1}})
reset_vpn_connections.assert_called_once_with(
mock.ANY, self.neutron, mock.ANY, fakes.DB_VPN_GATEWAY_1,
vpn_connections=[new_vpn_connection_1])
self.assertIsInstance(reset_vpn_connections.call_args[0][2],
common.OnCrashCleaner)
describe_vpn_connections.assert_called_once_with(
mock.ANY, vpn_connection_id=[fakes.ID_EC2_VPN_CONNECTION_1])
def test_create_vpn_connection(self, random_choice, reset_vpn_connections, describe_vpn_connections):
self.set_mock_db_items(
fakes.DB_VPN_GATEWAY_1,
fakes.DB_VPN_GATEWAY_2,
fakes.DB_CUSTOMER_GATEWAY_1,
fakes.DB_CUSTOMER_GATEWAY_2,
fakes.DB_VPC_1,
)
self.neutron.create_ikepolicy.side_effect = tools.get_neutron_create("ikepolicy", fakes.ID_OS_IKEPOLICY_1)
self.neutron.create_ipsecpolicy.side_effect = tools.get_neutron_create("ipsecpolicy", fakes.ID_OS_IPSECPOLICY_1)
self.db_api.add_item.side_effect = tools.get_db_api_add_item(fakes.ID_EC2_VPN_CONNECTION_1)
random_choice.side_effect = iter(fakes.PRE_SHARED_KEY_1)
describe_vpn_connections.return_value = {"vpnConnectionSet": [fakes.EC2_VPN_CONNECTION_1]}
resp = self.execute(
"CreateVpnConnection",
{
"VpnGatewayId": fakes.ID_EC2_VPN_GATEWAY_1,
"CustomerGatewayId": fakes.ID_EC2_CUSTOMER_GATEWAY_1,
"Type": "ipsec.1",
"Options.StaticRoutesOnly": "True",
},
)
self.assertThat(resp, matchers.DictMatches({"vpnConnection": fakes.EC2_VPN_CONNECTION_1}))
self.neutron.create_ikepolicy.assert_called_once_with(
{"ikepolicy": tools.purge_dict(fakes.OS_IKEPOLICY_1, ("id",))}
)
self.neutron.create_ipsecpolicy.assert_called_once_with(
{"ipsecpolicy": tools.purge_dict(fakes.OS_IPSECPOLICY_1, ("id",))}
)
random_choice.assert_called_with(vpn_connection_api.SHARED_KEY_CHARS)
new_vpn_connection_1 = tools.update_dict(
fakes.DB_VPN_CONNECTION_1, {"cidrs": [], "os_ipsec_site_connections": {}}
)
self.db_api.add_item.assert_called_once_with(
mock.ANY, "vpn", tools.purge_dict(new_vpn_connection_1, ("id", "vpc_id", "os_id"))
)
self.neutron.update_ikepolicy.assert_called_once_with(
fakes.ID_OS_IKEPOLICY_1, {"ikepolicy": {"name": fakes.ID_EC2_VPN_CONNECTION_1}}
)
self.neutron.update_ipsecpolicy.assert_called_once_with(
fakes.ID_OS_IPSECPOLICY_1, {"ipsecpolicy": {"name": fakes.ID_EC2_VPN_CONNECTION_1}}
)
reset_vpn_connections.assert_called_once_with(
mock.ANY, self.neutron, mock.ANY, fakes.DB_VPN_GATEWAY_1, vpn_connections=[new_vpn_connection_1]
)
self.assertIsInstance(reset_vpn_connections.call_args[0][2], common.OnCrashCleaner)
describe_vpn_connections.assert_called_once_with(mock.ANY, vpn_connection_id=[fakes.ID_EC2_VPN_CONNECTION_1])
def test_create_subnet_vpnservice(self):
self.neutron.create_vpnservice.side_effect = tools.get_neutron_create(
'vpnservice', fakes.ID_OS_VPNSERVICE_1)
context = base.create_context()
cleaner = common.OnCrashCleaner()
vpn_gateway_api._create_subnet_vpnservice(
context, self.neutron, cleaner,
copy.deepcopy(self.DB_SUBNET_1_NO_VPN), fakes.DB_VPC_1)
self.neutron.create_vpnservice.assert_called_once_with(
{'vpnservice': tools.purge_dict(fakes.OS_VPNSERVICE_1,
('id',))})
self.db_api.update_item.assert_called_once_with(
mock.ANY, fakes.DB_SUBNET_1)
try:
with common.OnCrashCleaner() as cleaner:
vpn_gateway_api._create_subnet_vpnservice(
context, self.neutron, cleaner,
copy.deepcopy(self.DB_SUBNET_1_NO_VPN), fakes.DB_VPC_1)
raise Exception('fake-exception')
except Exception as ex:
if str(ex) != 'fake-exception':
raise
self.db_api.update_item.assert_called_with(
mock.ANY, self.DB_SUBNET_1_NO_VPN)
self.neutron.delete_vpnservice.assert_called_once_with(
fakes.ID_OS_VPNSERVICE_1)
def _prepare_and_check(vpc=None, ec2_vpc=None, route_table=None):
self.neutron.create_router.side_effect = (tools.get_neutron_create(
'router', vpc['os_id']))
self.db_api.add_item.side_effect = (tools.get_db_api_add_item(
{'vpc': vpc['id']}))
self.db_api.set_mock_items(vpc)
create_route_table.return_value = route_table
resp = vpc_api._create_vpc(self.context, vpc['cidr_block'],
vpc['is_default'])
# Check creation of vpc
self.neutron.create_router.assert_called_with({'router': {}})
self.neutron.update_router.assert_called_once_with(
vpc['os_id'], {'router': {
'name': ec2_vpc['vpcId']
}})
self.db_api.add_item.assert_called_once_with(
mock.ANY, 'vpc',
tools.purge_dict(vpc, ('id', 'vpc_id', 'route_table_id')))
self.db_api.update_item.assert_called_once_with(mock.ANY, vpc)
create_route_table.assert_called_once_with(mock.ANY, vpc)
create_default_security_group.assert_called_once_with(
mock.ANY, vpc)
def test_create_subnet(self):
self.set_mock_db_items(fakes.DB_VPC_1, fakes.DB_ROUTE_TABLE_1)
self.db_api.add_item.side_effect = (
tools.get_db_api_add_item(fakes.ID_EC2_SUBNET_1))
self.neutron.create_network.side_effect = (
tools.get_neutron_create('network', fakes.ID_OS_NETWORK_1,
{'status': 'available'}))
self.neutron.create_subnet.side_effect = (
tools.get_neutron_create('subnet', fakes.ID_OS_SUBNET_1))
def check_response(resp):
self.assertThat(fakes.EC2_SUBNET_1, matchers.DictMatches(
resp['subnet']))
self.db_api.add_item.assert_called_once_with(
mock.ANY, 'subnet',
tools.purge_dict(fakes.DB_SUBNET_1, ('id',)),
project_id=None)
self.neutron.create_network.assert_called_once_with(
{'network': {}})
self.neutron.update_network.assert_called_once_with(
fakes.ID_OS_NETWORK_1,
{'network': {'name': fakes.ID_EC2_SUBNET_1}})
self.neutron.create_subnet.assert_called_once_with(
{'subnet': tools.purge_dict(fakes.OS_SUBNET_1,
('id', 'name'))})
self.neutron.update_subnet.assert_called_once_with(
fakes.ID_OS_SUBNET_1,
{'subnet': {'name': fakes.ID_EC2_SUBNET_1}})
self.neutron.add_interface_router.assert_called_once_with(
fakes.ID_OS_ROUTER_1,
{'subnet_id': fakes.ID_OS_SUBNET_1})
resp = self.execute('CreateSubnet', {'VpcId': fakes.ID_EC2_VPC_1,
'CidrBlock': fakes.CIDR_SUBNET_1})
check_response(resp)
self.neutron.reset_mock()
self.db_api.reset_mock()
resp = self.execute('CreateSubnet', {'VpcId': fakes.ID_EC2_VPC_1,
'CidrBlock': fakes.CIDR_SUBNET_1,
'AvailabilityZone': 'nova'})
check_response(resp)
def test_create_subnet_overlimit(self):
self.set_mock_db_items(fakes.DB_VPC_1, fakes.DB_ROUTE_TABLE_1)
self.neutron.create_network.side_effect = (
tools.get_neutron_create('network', fakes.ID_OS_NETWORK_1,
{'status': 'available'}))
self.neutron.create_subnet.side_effect = (
tools.get_neutron_create('subnet', fakes.ID_OS_SUBNET_1))
def test_overlimit(func):
self.neutron.reset_mock()
saved_side_effect = func.side_effect
func.side_effect = neutron_exception.OverQuotaClient
self.assert_execution_error('SubnetLimitExceeded', 'CreateSubnet',
{'VpcId': fakes.ID_EC2_VPC_1,
'CidrBlock': fakes.CIDR_SUBNET_1})
func.side_effect = saved_side_effect
test_overlimit(self.neutron.create_network)
test_overlimit(self.neutron.create_subnet)
def test_create_subnet_overlimit(self):
self.set_mock_db_items(fakes.DB_VPC_1, fakes.DB_ROUTE_TABLE_1)
self.neutron.create_network.side_effect = (tools.get_neutron_create(
'network', fakes.ID_OS_NETWORK_1, {'status': 'available'}))
self.neutron.create_subnet.side_effect = (tools.get_neutron_create(
'subnet', fakes.ID_OS_SUBNET_1))
def test_overlimit(func):
self.neutron.reset_mock()
saved_side_effect = func.side_effect
func.side_effect = neutron_exception.OverQuotaClient
self.assert_execution_error('SubnetLimitExceeded', 'CreateSubnet',
{
'VpcId': fakes.ID_EC2_VPC_1,
'CidrBlock': fakes.CIDR_SUBNET_1
})
func.side_effect = saved_side_effect
test_overlimit(self.neutron.create_network)
test_overlimit(self.neutron.create_subnet)
def test_create_vpn_connection_rollback(self):
self.set_mock_db_items(fakes.DB_VPN_GATEWAY_1, fakes.DB_CUSTOMER_GATEWAY_1)
self.neutron.create_ikepolicy.side_effect = tools.get_neutron_create("ikepolicy", fakes.ID_OS_IKEPOLICY_1)
self.neutron.create_ipsecpolicy.side_effect = tools.get_neutron_create("ipsecpolicy", fakes.ID_OS_IPSECPOLICY_1)
self.db_api.add_item.side_effect = tools.get_db_api_add_item(fakes.ID_EC2_VPN_CONNECTION_1)
self.neutron.update_ikepolicy.side_effect = Exception()
self.assert_execution_error(
self.ANY_EXECUTE_ERROR,
"CreateVpnConnection",
{
"VpnGatewayId": fakes.ID_EC2_VPN_GATEWAY_1,
"CustomerGatewayId": fakes.ID_EC2_CUSTOMER_GATEWAY_1,
"Type": "ipsec.1",
"Options.StaticRoutesOnly": "True",
},
)
self.db_api.delete_item.assert_called_once_with(mock.ANY, fakes.ID_EC2_VPN_CONNECTION_1)
self.neutron.delete_ipsecpolicy.assert_called_once_with(fakes.ID_OS_IPSECPOLICY_1)
self.neutron.delete_ikepolicy.assert_called_once_with(fakes.ID_OS_IKEPOLICY_1)
def test_create_subnet_rollback(self):
self.set_mock_db_items(fakes.DB_VPC_1, fakes.DB_ROUTE_TABLE_1)
self.db_api.add_item.side_effect = (
tools.get_db_api_add_item(fakes.ID_EC2_SUBNET_1))
self.neutron.create_network.side_effect = (
tools.get_neutron_create('network', fakes.ID_OS_NETWORK_1,
{'status': 'available'}))
self.neutron.create_subnet.side_effect = (
tools.get_neutron_create('subnet', fakes.ID_OS_SUBNET_1))
self.neutron.update_network.side_effect = Exception()
self.assert_execution_error(self.ANY_EXECUTE_ERROR, 'CreateSubnet',
{'VpcId': fakes.ID_EC2_VPC_1,
'CidrBlock': fakes.CIDR_SUBNET_1})
self.neutron.assert_has_calls([
mock.call.remove_interface_router(
fakes.ID_OS_ROUTER_1, {'subnet_id': fakes.ID_OS_SUBNET_1}),
mock.call.delete_subnet(fakes.ID_OS_SUBNET_1),
mock.call.delete_network(fakes.ID_OS_NETWORK_1)])
self.db_api.delete_item.assert_called_once_with(
mock.ANY, fakes.ID_EC2_SUBNET_1)
def test_create_vpc_rollback(self, create_route_table,
create_default_security_group,
create_internet_gateway,
attach_internet_gateway, create_subnet,
create_route, detach_internet_gateway):
self.configure(disable_ec2_classic=True)
self.neutron.create_router.side_effect = (tools.get_neutron_create(
'router', fakes.ID_OS_ROUTER_DEFAULT))
self.db_api.add_item.side_effect = (tools.get_db_api_add_item(
{'vpc': fakes.ID_EC2_VPC_DEFAULT}))
DB_IGW_DEFAULT_DETACHED = ({
'id': fakes.ID_EC2_IGW_DEFAULT,
'os_id': None,
'vpc_id': None
})
self.db_api.get_item_by_id.side_effect = (
tools.get_db_api_get_item_by_id(fakes.DB_VPC_DEFAULT,
fakes.DB_SUBNET_DEFAULT,
fakes.DB_SECURITY_GROUP_DEFAULT,
DB_IGW_DEFAULT_DETACHED))
create_route_table.return_value = fakes.DB_ROUTE_TABLE_DEFAULT
create_internet_gateway.return_value = {
'internetGateway': fakes.EC2_IGW_DEFAULT
}
create_subnet.return_value = {'subnet': fakes.EC2_SUBNET_DEFAULT}
create_default_security_group.return_value = (
fakes.ID_EC2_SECURITY_GROUP_DEFAULT)
# exception during attaching internet gateway
create_route.side_effect = Exception()
vpc_api._check_and_create_default_vpc(self.context)
detach_internet_gateway.assert_any_call(mock.ANY,
fakes.ID_EC2_IGW_DEFAULT,
fakes.ID_EC2_VPC_DEFAULT)
self.db_api.delete_item.assert_any_call(mock.ANY,
fakes.ID_EC2_SUBNET_DEFAULT)
self.db_api.delete_item.assert_any_call(mock.ANY,
fakes.ID_EC2_IGW_DEFAULT)
self.neutron.delete_security_group.assert_any_call(
fakes.ID_OS_SECURITY_GROUP_DEFAULT)
self.db_api.delete_item.assert_any_call(
mock.ANY, fakes.ID_EC2_ROUTE_TABLE_DEFAULT)
self.db_api.delete_item.assert_any_call(mock.ANY,
fakes.ID_EC2_VPC_DEFAULT)
self.neutron.delete_router.assert_called_once_with(
fakes.ID_OS_ROUTER_DEFAULT)
def test_create_subnet_rollback(self):
self.set_mock_db_items(fakes.DB_VPC_1, fakes.DB_ROUTE_TABLE_1)
self.db_api.add_item.side_effect = (tools.get_db_api_add_item(
fakes.ID_EC2_SUBNET_1))
self.neutron.create_network.side_effect = (tools.get_neutron_create(
'network', fakes.ID_OS_NETWORK_1, {'status': 'available'}))
self.neutron.create_subnet.side_effect = (tools.get_neutron_create(
'subnet', fakes.ID_OS_SUBNET_1))
self.neutron.update_network.side_effect = Exception()
self.assert_execution_error(self.ANY_EXECUTE_ERROR, 'CreateSubnet', {
'VpcId': fakes.ID_EC2_VPC_1,
'CidrBlock': fakes.CIDR_SUBNET_1
})
self.neutron.assert_has_calls([
mock.call.remove_interface_router(
fakes.ID_OS_ROUTER_1, {'subnet_id': fakes.ID_OS_SUBNET_1}),
mock.call.delete_subnet(fakes.ID_OS_SUBNET_1),
mock.call.delete_network(fakes.ID_OS_NETWORK_1)
])
self.db_api.delete_item.assert_called_once_with(
mock.ANY, fakes.ID_EC2_SUBNET_1)
def test_attach_vpn_gateway(self):
self.configure(external_network=fakes.NAME_OS_PUBLIC_NETWORK)
subnet_2 = tools.patch_dict(fakes.DB_SUBNET_2,
{'vpc_id': fakes.ID_EC2_VPC_2},
('os_vpnservice_id',))
self.set_mock_db_items(
fakes.DB_VPN_GATEWAY_1, fakes.DB_VPN_GATEWAY_2,
fakes.DB_VPC_2, fakes.DB_IGW_1, fakes.DB_IGW_2,
fakes.DB_SUBNET_1, subnet_2)
subnet_2_updated = tools.update_dict(
subnet_2, {'os_vpnservice_id': fakes.ID_OS_VPNSERVICE_2})
os_vpnservice_2 = tools.patch_dict(fakes.OS_VPNSERVICE_2,
{'router_id': fakes.ID_OS_ROUTER_2},
('id',))
self.neutron.list_networks.return_value = (
{'networks': [{'id': fakes.ID_OS_PUBLIC_NETWORK}]})
self.neutron.create_vpnservice.side_effect = tools.get_neutron_create(
'vpnservice', fakes.ID_OS_VPNSERVICE_2)
def do_check():
resp = self.execute('AttachVpnGateway',
{'VpcId': fakes.ID_EC2_VPC_2,
'VpnGatewayId': fakes.ID_EC2_VPN_GATEWAY_2})
self.assertEqual({'attachment': {'state': 'attached',
'vpcId': fakes.ID_EC2_VPC_2}},
resp)
self.assertEqual(2, self.db_api.update_item.call_count)
self.db_api.update_item.assert_has_calls(
[mock.call(mock.ANY, self.DB_VPN_GATEWAY_2_ATTACHED),
mock.call(mock.ANY, subnet_2_updated)])
self.neutron.create_vpnservice.assert_called_once_with(
{'vpnservice': os_vpnservice_2})
do_check()
self.neutron.add_gateway_router.assert_called_once_with(
fakes.ID_OS_ROUTER_2,
{'network_id': fakes.ID_OS_PUBLIC_NETWORK})
self.neutron.list_networks.assert_called_once_with(
**{'router:external': True,
'name': fakes.NAME_OS_PUBLIC_NETWORK})
# Internet gateway is already attached
self.db_api.reset_mock()
self.neutron.reset_mock()
igw_2 = tools.update_dict(fakes.DB_IGW_2,
{'vpc_id': fakes.ID_EC2_VPC_2})
self.add_mock_db_items(igw_2)
do_check()
self.neutron.add_gateway_router.assert_not_called()
def test_create_vpc_invalid_cidr(self):
self.neutron.create_router.side_effect = (
tools.get_neutron_create('router', fakes.ID_OS_ROUTER_1))
self.db_api.add_item.side_effect = tools.get_db_api_add_item(
fakes.ID_EC2_VPC_1)
def do_check(args, error_code):
self.assert_execution_error(error_code, 'CreateVpc', args)
self.assertEqual(0, self.neutron.create_router.call_count)
self.neutron.reset_mock()
self.db_api.reset_mock()
do_check({'CidrBlock': 'bad_cidr'}, 'InvalidParameterValue')
do_check({'CidrBlock': '10.0.0.0/8'}, 'InvalidVpc.Range')
def test_create_vpc_invalid_cidr(self):
self.neutron.create_router.side_effect = (tools.get_neutron_create(
'router', fakes.ID_OS_ROUTER_1))
self.db_api.add_item.side_effect = tools.get_db_api_add_item(
fakes.ID_EC2_VPC_1)
def do_check(args, error_code):
self.assert_execution_error(error_code, 'CreateVpc', args)
self.assertEqual(0, self.neutron.create_router.call_count)
self.neutron.reset_mock()
self.db_api.reset_mock()
do_check({'CidrBlock': 'bad_cidr'}, 'InvalidParameterValue')
do_check({'CidrBlock': '10.0.0.0/8'}, 'InvalidVpc.Range')
def test_create_vpn_connection_rollback(self):
self.set_mock_db_items(fakes.DB_VPN_GATEWAY_1,
fakes.DB_CUSTOMER_GATEWAY_1)
self.neutron.create_ikepolicy.side_effect = (
tools.get_neutron_create('ikepolicy', fakes.ID_OS_IKEPOLICY_1))
self.neutron.create_ipsecpolicy.side_effect = (
tools.get_neutron_create('ipsecpolicy', fakes.ID_OS_IPSECPOLICY_1))
self.db_api.add_item.side_effect = (
tools.get_db_api_add_item(fakes.ID_EC2_VPN_CONNECTION_1))
self.neutron.update_ikepolicy.side_effect = Exception()
self.assert_execution_error(
self.ANY_EXECUTE_ERROR, 'CreateVpnConnection',
{'VpnGatewayId': fakes.ID_EC2_VPN_GATEWAY_1,
'CustomerGatewayId': fakes.ID_EC2_CUSTOMER_GATEWAY_1,
'Type': 'ipsec.1',
'Options.StaticRoutesOnly': 'True'})
self.db_api.delete_item.assert_called_once_with(
mock.ANY, fakes.ID_EC2_VPN_CONNECTION_1)
self.neutron.delete_ipsecpolicy.assert_called_once_with(
fakes.ID_OS_IPSECPOLICY_1)
self.neutron.delete_ikepolicy.assert_called_once_with(
fakes.ID_OS_IKEPOLICY_1)
def test_create_vpc_rollback(self):
self.neutron.create_router.side_effect = (
tools.get_neutron_create('router', fakes.ID_OS_ROUTER_1))
self.db_api.add_item.side_effect = (
tools.get_db_api_add_item({
'vpc': fakes.ID_EC2_VPC_1,
'rtb': fakes.ID_EC2_ROUTE_TABLE_1}))
self.neutron.update_router.side_effect = Exception()
self.assert_execution_error(self.ANY_EXECUTE_ERROR, 'CreateVpc',
{'CidrBlock': fakes.CIDR_VPC_1})
self.neutron.delete_router.assert_called_once_with(
fakes.ID_OS_ROUTER_1)
self.db_api.delete_item.assert_any_call(mock.ANY, fakes.ID_EC2_VPC_1)
self.db_api.delete_item.assert_any_call(mock.ANY,
fakes.ID_EC2_ROUTE_TABLE_1)
def test_create_vpc_rollback(self):
self.neutron.create_router.side_effect = (
tools.get_neutron_create('router', fakes.ID_OS_ROUTER_1))
self.db_api.add_item.side_effect = (
tools.get_db_api_add_item({
'vpc': fakes.ID_EC2_VPC_1,
'rtb': fakes.ID_EC2_ROUTE_TABLE_1}))
self.neutron.update_router.side_effect = Exception()
self.assert_execution_error(self.ANY_EXECUTE_ERROR, 'CreateVpc',
{'CidrBlock': fakes.CIDR_VPC_1})
self.neutron.delete_router.assert_called_once_with(
fakes.ID_OS_ROUTER_1)
self.db_api.delete_item.assert_any_call(mock.ANY, fakes.ID_EC2_VPC_1)
self.db_api.delete_item.assert_any_call(mock.ANY,
fakes.ID_EC2_ROUTE_TABLE_1)
def test_create_vpc(self):
self.neutron.create_router.side_effect = (
tools.get_neutron_create('router', fakes.ID_OS_ROUTER_1))
self.db_api.add_item.side_effect = (
tools.get_db_api_add_item({
'vpc': fakes.ID_EC2_VPC_1,
'rtb': fakes.ID_EC2_ROUTE_TABLE_1,
'sg': fakes.ID_EC2_SECURITY_GROUP_1}))
self.set_mock_db_items(fakes.DB_VPC_1)
self.nova.security_groups.create.return_value = (
fakes.NovaSecurityGroup(fakes.NOVA_SECURITY_GROUP_1))
def check_response(response):
self.assertIn('vpc', response)
vpc = resp['vpc']
self.assertThat(fakes.EC2_VPC_1, matchers.DictMatches(vpc))
self.neutron.create_router.assert_called_with({'router': {}})
self.neutron.update_router.assert_called_once_with(
fakes.ID_OS_ROUTER_1,
{'router': {'name': fakes.EC2_VPC_1['vpcId']}})
self.db_api.add_item.assert_any_call(
mock.ANY, 'vpc',
tools.purge_dict(fakes.DB_VPC_1,
('id', 'vpc_id', 'route_table_id')),
project_id=None)
self.db_api.add_item.assert_any_call(
mock.ANY, 'rtb',
tools.purge_dict(fakes.DB_ROUTE_TABLE_1,
('id',)),
project_id=None)
self.db_api.update_item.assert_called_once_with(
mock.ANY,
fakes.DB_VPC_1)
self.neutron.reset_mock()
self.db_api.reset_mock()
self.db_api.update_item.reset_mock()
resp = self.execute('CreateVpc', {'CidrBlock': fakes.CIDR_VPC_1})
check_response(resp)
resp = self.execute('CreateVpc', {'CidrBlock': fakes.CIDR_VPC_1,
'instanceTenancy': 'default'})
check_response(resp)
def test_create_vpc(self):
self.neutron.create_router.side_effect = (
tools.get_neutron_create('router', fakes.ID_OS_ROUTER_1))
self.db_api.add_item.side_effect = (
tools.get_db_api_add_item({
'vpc': fakes.ID_EC2_VPC_1,
'rtb': fakes.ID_EC2_ROUTE_TABLE_1,
'sg': fakes.ID_EC2_SECURITY_GROUP_1}))
self.set_mock_db_items(fakes.DB_VPC_1)
self.nova.security_groups.create.return_value = (
fakes.NovaSecurityGroup(fakes.NOVA_SECURITY_GROUP_1))
def check_response(response):
self.assertIn('vpc', response)
vpc = resp['vpc']
self.assertThat(fakes.EC2_VPC_1, matchers.DictMatches(vpc))
self.neutron.create_router.assert_called_with({'router': {}})
self.neutron.update_router.assert_called_once_with(
fakes.ID_OS_ROUTER_1,
{'router': {'name': fakes.EC2_VPC_1['vpcId']}})
self.db_api.add_item.assert_any_call(
mock.ANY, 'vpc',
tools.purge_dict(fakes.DB_VPC_1,
('id', 'vpc_id', 'route_table_id')))
self.db_api.add_item.assert_any_call(
mock.ANY, 'rtb',
tools.purge_dict(fakes.DB_ROUTE_TABLE_1,
('id',)))
self.db_api.update_item.assert_called_once_with(
mock.ANY,
fakes.DB_VPC_1)
self.neutron.reset_mock()
self.db_api.reset_mock()
self.db_api.update_item.reset_mock()
resp = self.execute('CreateVpc', {'CidrBlock': fakes.CIDR_VPC_1})
check_response(resp)
resp = self.execute('CreateVpc', {'CidrBlock': fakes.CIDR_VPC_1,
'instanceTenancy': 'default'})
check_response(resp)
def test_set_subnet_vpn(self):
context = base.create_context()
cleaner = common.OnCrashCleaner()
cidrs = [fakes.CIDR_VPN_1_STATIC, fakes.CIDR_VPN_1_PROPAGATED_1]
# create ipsec site connection case
id_os_connection = fakes.random_os_id()
os_connection = {
'vpnservice_id': fakes.ID_OS_VPNSERVICE_1,
'ikepolicy_id': fakes.ID_OS_IKEPOLICY_1,
'ipsecpolicy_id': fakes.ID_OS_IPSECPOLICY_1,
'peer_address': fakes.IP_CUSTOMER_GATEWAY_ADDRESS_1,
'peer_cidrs': cidrs,
'psk': fakes.PRE_SHARED_KEY_1,
'name': (fakes.ID_EC2_VPN_CONNECTION_1 + '/' +
fakes.ID_EC2_SUBNET_1),
'peer_id': fakes.IP_CUSTOMER_GATEWAY_ADDRESS_1,
'mtu': 1427,
'initiator': 'response-only',
}
self.neutron.create_ipsec_site_connection.side_effect = (
tools.get_neutron_create('ipsec_site_connection',
id_os_connection))
vpn_connection_api._set_subnet_vpn(
context, self.neutron, cleaner, fakes.DB_SUBNET_1,
copy.deepcopy(fakes.DB_VPN_CONNECTION_1),
fakes.DB_CUSTOMER_GATEWAY_1, cidrs)
self.neutron.create_ipsec_site_connection.assert_called_once_with(
{'ipsec_site_connection': os_connection})
vpn_connection_1 = copy.deepcopy(fakes.DB_VPN_CONNECTION_1)
(vpn_connection_1['os_ipsec_site_connections']
[fakes.ID_EC2_SUBNET_1]) = id_os_connection
self.db_api.update_item.assert_called_once_with(
context, vpn_connection_1)
# update ipsec site connection case
self.db_api.reset_mock()
self.neutron.reset_mock()
vpn_connection_api._set_subnet_vpn(
context, self.neutron, cleaner, fakes.DB_SUBNET_2,
fakes.DB_VPN_CONNECTION_1, fakes.DB_CUSTOMER_GATEWAY_1, cidrs)
self.neutron.update_ipsec_site_connection.assert_called_once_with(
fakes.ID_OS_IPSEC_SITE_CONNECTION_2,
{'ipsec_site_connection': {'peer_cidrs': cidrs}})
self.assertFalse(self.neutron.create_ipsec_site_connection.called)
self.assertFalse(self.db_api.update_item.called)
# rollback creating of ipsec site connection case
self.db_api.reset_mock()
self.neutron.reset_mock()
try:
with common.OnCrashCleaner() as cleaner:
vpn_connection_api._set_subnet_vpn(
context, self.neutron, cleaner, fakes.DB_SUBNET_1,
copy.deepcopy(fakes.DB_VPN_CONNECTION_1),
fakes.DB_CUSTOMER_GATEWAY_1, cidrs)
raise Exception('fake-exception')
except Exception as ex:
if str(ex) != 'fake-exception':
raise
self.neutron.delete_ipsec_site_connection.assert_called_once_with(
id_os_connection)
self.db_api.update_item.assert_called_with(
mock.ANY, fakes.DB_VPN_CONNECTION_1)
# rollback updating of ipsec site connection case
self.db_api.reset_mock()
self.neutron.reset_mock()
try:
with common.OnCrashCleaner() as cleaner:
vpn_connection_api._set_subnet_vpn(
context, self.neutron, cleaner, fakes.DB_SUBNET_2,
fakes.DB_VPN_CONNECTION_1, fakes.DB_CUSTOMER_GATEWAY_1,
cidrs)
raise Exception('fake-exception')
except Exception as ex:
if str(ex) != 'fake-exception':
raise
self.assertFalse(self.neutron.delete_ipsec_site_connection.called)
self.assertFalse(self.db_api.update_item.called)
def test_create_vpn_connection(self, random_choice, reset_vpn_connections,
describe_vpn_connections):
self.set_mock_db_items(fakes.DB_VPN_GATEWAY_1, fakes.DB_VPN_GATEWAY_2,
fakes.DB_CUSTOMER_GATEWAY_1,
fakes.DB_CUSTOMER_GATEWAY_2, fakes.DB_VPC_1)
self.neutron.create_ikepolicy.side_effect = (tools.get_neutron_create(
'ikepolicy', fakes.ID_OS_IKEPOLICY_1))
self.neutron.create_ipsecpolicy.side_effect = (
tools.get_neutron_create('ipsecpolicy', fakes.ID_OS_IPSECPOLICY_1))
self.db_api.add_item.side_effect = (tools.get_db_api_add_item(
fakes.ID_EC2_VPN_CONNECTION_1))
random_choice.side_effect = iter(fakes.PRE_SHARED_KEY_1)
describe_vpn_connections.return_value = {
'vpnConnectionSet': [fakes.EC2_VPN_CONNECTION_1]
}
resp = self.execute(
'CreateVpnConnection', {
'VpnGatewayId': fakes.ID_EC2_VPN_GATEWAY_1,
'CustomerGatewayId': fakes.ID_EC2_CUSTOMER_GATEWAY_1,
'Type': 'ipsec.1',
'Options.StaticRoutesOnly': 'True'
})
self.assertThat(
resp,
matchers.DictMatches({'vpnConnection':
fakes.EC2_VPN_CONNECTION_1}))
self.neutron.create_ikepolicy.assert_called_once_with(
{'ikepolicy': tools.purge_dict(fakes.OS_IKEPOLICY_1, ('id', ))})
self.neutron.create_ipsecpolicy.assert_called_once_with({
'ipsecpolicy':
tools.purge_dict(fakes.OS_IPSECPOLICY_1, ('id', ))
})
random_choice.assert_called_with(vpn_connection_api.SHARED_KEY_CHARS)
new_vpn_connection_1 = tools.update_dict(fakes.DB_VPN_CONNECTION_1, {
'cidrs': [],
'os_ipsec_site_connections': {}
})
self.db_api.add_item.assert_called_once_with(
mock.ANY, 'vpn',
tools.purge_dict(new_vpn_connection_1, ('id', 'vpc_id', 'os_id')))
self.neutron.update_ikepolicy.assert_called_once_with(
fakes.ID_OS_IKEPOLICY_1,
{'ikepolicy': {
'name': fakes.ID_EC2_VPN_CONNECTION_1
}})
self.neutron.update_ipsecpolicy.assert_called_once_with(
fakes.ID_OS_IPSECPOLICY_1,
{'ipsecpolicy': {
'name': fakes.ID_EC2_VPN_CONNECTION_1
}})
reset_vpn_connections.assert_called_once_with(
mock.ANY,
self.neutron,
mock.ANY,
fakes.DB_VPN_GATEWAY_1,
vpn_connections=[new_vpn_connection_1])
self.assertIsInstance(reset_vpn_connections.call_args[0][2],
common.OnCrashCleaner)
describe_vpn_connections.assert_called_once_with(
mock.ANY, vpn_connection_id=[fakes.ID_EC2_VPN_CONNECTION_1])
def test_attach_vpn_gateway(self, create_vpnservice,
reset_vpn_connections):
create_vpnservice_calls = []
create_vpnservice.side_effect = (
tools.deepcopy_call_args_saver(create_vpnservice_calls))
mock_manager = mock.Mock()
mock_manager.attach_mock(create_vpnservice, 'create_vpnservice')
mock_manager.attach_mock(reset_vpn_connections,
'reset_vpn_connections')
self.configure(external_network=fakes.NAME_OS_PUBLIC_NETWORK)
subnet_2 = tools.patch_dict(fakes.DB_SUBNET_2,
{'vpc_id': fakes.ID_EC2_VPC_2},
('os_vpnservice_id',))
self.set_mock_db_items(
fakes.DB_VPN_GATEWAY_1, fakes.DB_VPN_GATEWAY_2,
fakes.DB_VPC_2, fakes.DB_IGW_1, fakes.DB_IGW_2,
fakes.DB_SUBNET_1, subnet_2)
subnet_2_updated = tools.update_dict(
subnet_2, {'os_vpnservice_id': fakes.ID_OS_VPNSERVICE_2})
os_vpnservice_2 = tools.patch_dict(fakes.OS_VPNSERVICE_2,
{'router_id': fakes.ID_OS_ROUTER_2},
('id',))
self.neutron.list_networks.return_value = (
{'networks': [{'id': fakes.ID_OS_PUBLIC_NETWORK}]})
self.neutron.create_vpnservice.side_effect = tools.get_neutron_create(
'vpnservice', fakes.ID_OS_VPNSERVICE_2)
def do_check():
resp = self.execute('AttachVpnGateway',
{'VpcId': fakes.ID_EC2_VPC_2,
'VpnGatewayId': fakes.ID_EC2_VPN_GATEWAY_2})
self.assertEqual({'attachment': {'state': 'attached',
'vpcId': fakes.ID_EC2_VPC_2}},
resp)
self.assertEqual(2, self.db_api.update_item.call_count)
self.db_api.update_item.assert_has_calls(
[mock.call(mock.ANY, self.DB_VPN_GATEWAY_2_ATTACHED),
mock.call(mock.ANY, subnet_2_updated)])
self.neutron.create_vpnservice.assert_called_once_with(
{'vpnservice': os_vpnservice_2})
self.assertEqual(1, len(create_vpnservice_calls))
self.assertEqual(
mock.call(mock.ANY, self.neutron, mock.ANY, subnet_2,
fakes.DB_VPC_2),
create_vpnservice_calls[0])
self.assertIsInstance(create_vpnservice_calls[0][1][2],
common.OnCrashCleaner)
reset_vpn_connections.assert_called_once_with(
mock.ANY, self.neutron, mock.ANY,
self.DB_VPN_GATEWAY_2_ATTACHED, subnets=[subnet_2_updated])
self.assertIsInstance(reset_vpn_connections.call_args[0][2],
common.OnCrashCleaner)
mock_manager.assert_has_calls([
mock.call.create_vpnservice(
*(mock.ANY for _x in range(5))),
mock.call.reset_vpn_connections(
subnets=mock.ANY, *(mock.ANY for _x in range(4)))])
do_check()
self.neutron.add_gateway_router.assert_called_once_with(
fakes.ID_OS_ROUTER_2,
{'network_id': fakes.ID_OS_PUBLIC_NETWORK})
self.neutron.list_networks.assert_called_once_with(
**{'router:external': True,
'name': fakes.NAME_OS_PUBLIC_NETWORK})
# Internet gateway is already attached
self.db_api.reset_mock()
self.neutron.reset_mock()
del create_vpnservice_calls[:]
reset_vpn_connections.reset_mock()
mock_manager.reset_mock()
igw_2 = tools.update_dict(fakes.DB_IGW_2,
{'vpc_id': fakes.ID_EC2_VPC_2})
self.add_mock_db_items(igw_2)
do_check()
self.assertFalse(self.neutron.add_gateway_router.called)
def test_set_subnet_vpn(self):
context = base.create_context()
cleaner = common.OnCrashCleaner()
cidrs = [fakes.CIDR_VPN_1_STATIC, fakes.CIDR_VPN_1_PROPAGATED_1]
# create ipsec site connection case
id_os_connection = fakes.random_os_id()
os_connection = {
'vpnservice_id': fakes.ID_OS_VPNSERVICE_1,
'ikepolicy_id': fakes.ID_OS_IKEPOLICY_1,
'ipsecpolicy_id': fakes.ID_OS_IPSECPOLICY_1,
'peer_address': fakes.IP_CUSTOMER_GATEWAY_ADDRESS_1,
'peer_cidrs': cidrs,
'psk': fakes.PRE_SHARED_KEY_1,
'name':
(fakes.ID_EC2_VPN_CONNECTION_1 + '/' + fakes.ID_EC2_SUBNET_1),
'peer_id': fakes.IP_CUSTOMER_GATEWAY_ADDRESS_1,
'mtu': 1427,
'initiator': 'response-only',
}
self.neutron.create_ipsec_site_connection.side_effect = (
tools.get_neutron_create('ipsec_site_connection',
id_os_connection))
vpn_connection_api._set_subnet_vpn(
context, self.neutron, cleaner, fakes.DB_SUBNET_1,
copy.deepcopy(fakes.DB_VPN_CONNECTION_1),
fakes.DB_CUSTOMER_GATEWAY_1, cidrs)
self.neutron.create_ipsec_site_connection.assert_called_once_with(
{'ipsec_site_connection': os_connection})
vpn_connection_1 = copy.deepcopy(fakes.DB_VPN_CONNECTION_1)
(vpn_connection_1['os_ipsec_site_connections'][fakes.ID_EC2_SUBNET_1]
) = id_os_connection
self.db_api.update_item.assert_called_once_with(
context, vpn_connection_1)
# update ipsec site connection case
self.db_api.reset_mock()
self.neutron.reset_mock()
vpn_connection_api._set_subnet_vpn(context, self.neutron, cleaner,
fakes.DB_SUBNET_2,
fakes.DB_VPN_CONNECTION_1,
fakes.DB_CUSTOMER_GATEWAY_1, cidrs)
self.neutron.update_ipsec_site_connection.assert_called_once_with(
fakes.ID_OS_IPSEC_SITE_CONNECTION_2,
{'ipsec_site_connection': {
'peer_cidrs': cidrs
}})
self.assertFalse(self.neutron.create_ipsec_site_connection.called)
self.assertFalse(self.db_api.update_item.called)
# rollback creating of ipsec site connection case
self.db_api.reset_mock()
self.neutron.reset_mock()
try:
with common.OnCrashCleaner() as cleaner:
vpn_connection_api._set_subnet_vpn(
context, self.neutron, cleaner, fakes.DB_SUBNET_1,
copy.deepcopy(fakes.DB_VPN_CONNECTION_1),
fakes.DB_CUSTOMER_GATEWAY_1, cidrs)
raise Exception('fake-exception')
except Exception as ex:
if ex.message != 'fake-exception':
raise
self.neutron.delete_ipsec_site_connection.assert_called_once_with(
id_os_connection)
self.db_api.update_item.assert_called_with(mock.ANY,
fakes.DB_VPN_CONNECTION_1)
# rollback updating of ipsec site connection case
self.db_api.reset_mock()
self.neutron.reset_mock()
try:
with common.OnCrashCleaner() as cleaner:
vpn_connection_api._set_subnet_vpn(context, self.neutron,
cleaner, fakes.DB_SUBNET_2,
fakes.DB_VPN_CONNECTION_1,
fakes.DB_CUSTOMER_GATEWAY_1,
cidrs)
raise Exception('fake-exception')
except Exception as ex:
if ex.message != 'fake-exception':
raise
self.assertFalse(self.neutron.delete_ipsec_site_connection.called)
self.assertFalse(self.db_api.update_item.called)
def test_set_subnet_vpn(self):
context = base.create_context()
cleaner = common.OnCrashCleaner()
cidrs = [fakes.CIDR_VPN_1_STATIC, fakes.CIDR_VPN_1_PROPAGATED_1]
# create ipsec site connection case
id_os_connection = fakes.random_os_id()
os_connection = {
"vpnservice_id": fakes.ID_OS_VPNSERVICE_1,
"ikepolicy_id": fakes.ID_OS_IKEPOLICY_1,
"ipsecpolicy_id": fakes.ID_OS_IPSECPOLICY_1,
"peer_address": fakes.IP_CUSTOMER_GATEWAY_ADDRESS_1,
"peer_cidrs": cidrs,
"psk": fakes.PRE_SHARED_KEY_1,
"name": (fakes.ID_EC2_VPN_CONNECTION_1 + "/" + fakes.ID_EC2_SUBNET_1),
"peer_id": fakes.IP_CUSTOMER_GATEWAY_ADDRESS_1,
"mtu": 1427,
"initiator": "response-only",
}
self.neutron.create_ipsec_site_connection.side_effect = tools.get_neutron_create(
"ipsec_site_connection", id_os_connection
)
vpn_connection_api._set_subnet_vpn(
context,
self.neutron,
cleaner,
fakes.DB_SUBNET_1,
copy.deepcopy(fakes.DB_VPN_CONNECTION_1),
fakes.DB_CUSTOMER_GATEWAY_1,
cidrs,
)
self.neutron.create_ipsec_site_connection.assert_called_once_with({"ipsec_site_connection": os_connection})
vpn_connection_1 = copy.deepcopy(fakes.DB_VPN_CONNECTION_1)
(vpn_connection_1["os_ipsec_site_connections"][fakes.ID_EC2_SUBNET_1]) = id_os_connection
self.db_api.update_item.assert_called_once_with(context, vpn_connection_1)
# update ipsec site connection case
self.db_api.reset_mock()
self.neutron.reset_mock()
vpn_connection_api._set_subnet_vpn(
context,
self.neutron,
cleaner,
fakes.DB_SUBNET_2,
fakes.DB_VPN_CONNECTION_1,
fakes.DB_CUSTOMER_GATEWAY_1,
cidrs,
)
self.neutron.update_ipsec_site_connection.assert_called_once_with(
fakes.ID_OS_IPSEC_SITE_CONNECTION_2, {"ipsec_site_connection": {"peer_cidrs": cidrs}}
)
self.assertFalse(self.neutron.create_ipsec_site_connection.called)
self.assertFalse(self.db_api.update_item.called)
# rollback creating of ipsec site connection case
self.db_api.reset_mock()
self.neutron.reset_mock()
try:
with common.OnCrashCleaner() as cleaner:
vpn_connection_api._set_subnet_vpn(
context,
self.neutron,
cleaner,
fakes.DB_SUBNET_1,
copy.deepcopy(fakes.DB_VPN_CONNECTION_1),
fakes.DB_CUSTOMER_GATEWAY_1,
cidrs,
)
raise Exception("fake-exception")
except Exception as ex:
if ex.message != "fake-exception":
raise
self.neutron.delete_ipsec_site_connection.assert_called_once_with(id_os_connection)
self.db_api.update_item.assert_called_with(mock.ANY, fakes.DB_VPN_CONNECTION_1)
# rollback updating of ipsec site connection case
self.db_api.reset_mock()
self.neutron.reset_mock()
try:
with common.OnCrashCleaner() as cleaner:
vpn_connection_api._set_subnet_vpn(
context,
self.neutron,
cleaner,
fakes.DB_SUBNET_2,
fakes.DB_VPN_CONNECTION_1,
fakes.DB_CUSTOMER_GATEWAY_1,
cidrs,
)
raise Exception("fake-exception")
except Exception as ex:
if ex.message != "fake-exception":
raise
self.assertFalse(self.neutron.delete_ipsec_site_connection.called)
self.assertFalse(self.db_api.update_item.called)
