def setUp(self):
"""Set up."""
self.gce_service = mock.Mock()
self.gce_service.networks().list().execute.return_value = (
constants.SAMPLE_TEST_NETWORK_SELFLINK)
self.project = constants.TEST_PROJECT
self.policy = json.loads(constants.RAW_EXPECTED_JSON_POLICY)
self.enforcer = project_enforcer.ProjectEnforcer(self.project,
dry_run=True)
self.mock_time = mock.patch.object(project_enforcer.datelib,
'Timestamp').start()
self.mock_time.now().AsMicroTimestamp.return_value = MOCK_TIMESTAMP
self.expected_proto = enforcer_log_pb2.ProjectResult(
timestamp_sec=MOCK_TIMESTAMP,
project_id=self.project,
)
self.expected_rules = copy.deepcopy(
constants.EXPECTED_FIREWALL_RULES.values())
response_403 = httplib2.Response({
'status': '403',
'content-type': 'application/json'
})
response_403.reason = 'Failed'
self.error_403 = project_enforcer.errors.HttpError(
response_403, '', '')
self.addCleanup(mock.patch.stopall)
def _enforce_project(self, project_id, firewall_policy,
prechange_callback):
"""Enforces the policy on the project.
Args:
project_id: The project id to enforce.
firewall_policy: A list of rules which are used to construct a
fe.FirewallRules object of expected rules to enforce.
prechange_callback: See docstring for self.Run().
Returns:
A GceEnforcerResult proto
"""
enforcer = project_enforcer.ProjectEnforcer(
project_id,
dry_run=self._dry_run,
project_sema=self._project_sema,
max_running_operations=self._max_running_operations)
result = enforcer.enforce_firewall_policy(
firewall_policy,
compute_service=self.compute.service,
prechange_callback=prechange_callback)
return result
def _enforce_project(self,
project_id,
firewall_policy,
prechange_callback=None,
add_rule_callback=None):
"""Enforces the policy on the project.
Args:
project_id (str): The project id to enforce.
firewall_policy (list): A list of rules which are used to construct a
fe.FirewallRules object of expected rules to enforce.
prechange_callback (Callable): See docstring for self.Run().
add_rule_callback (Callable): See docstring for self.Run().
Returns:
enforcer_log_pb2.GceFirewallEnforcementResult: The result proto.
"""
enforcer = project_enforcer.ProjectEnforcer(
project_id,
global_configs=self.global_configs,
compute_service=self.compute_client.service,
dry_run=self._dry_run,
project_sema=self._project_sema,
max_running_operations=self._max_running_operations)
result = enforcer.enforce_firewall_policy(
firewall_policy,
prechange_callback=prechange_callback,
add_rule_callback=add_rule_callback)
return result