def __init__(self,
project_id,
global_configs=None,
dry_run=False,
project_sema=None,
max_running_operations=0):
"""Initialize.
Args:
project_id: The project id for the project to enforce.
global_configs (dict): Global configurations.
dry_run: Set to true to ensure no actual changes are made to the
project. EnforcePolicy will still return a ProjectResult proto
showing the changes that would have been made.
project_sema: An optional semaphore object, used to limit the number
of concurrent projects getting written to.
max_running_operations: Used to limit the number of concurrent running
operations on an API.
"""
self.project_id = project_id
self.global_configs = global_configs
self.result = enforcer_log_pb2.ProjectResult()
self.result.project_id = self.project_id
self._dry_run = dry_run
self._project_sema = project_sema
if max_running_operations:
self._operation_sema = threading.BoundedSemaphore(
value=max_running_operations)
else:
self._operation_sema = None
def setUp(self):
"""Set up."""
self.gce_service = mock.Mock()
self.gce_service.networks().list().execute.return_value = (
constants.SAMPLE_TEST_NETWORK_SELFLINK)
self.project = constants.TEST_PROJECT
self.policy = json.loads(constants.RAW_EXPECTED_JSON_POLICY)
self.enforcer = project_enforcer.ProjectEnforcer(self.project,
dry_run=True)
self.mock_time = mock.patch.object(project_enforcer.datelib,
'Timestamp').start()
self.mock_time.now().AsMicroTimestamp.return_value = MOCK_TIMESTAMP
self.expected_proto = enforcer_log_pb2.ProjectResult(
timestamp_sec=MOCK_TIMESTAMP,
project_id=self.project,
)
self.expected_rules = copy.deepcopy(
constants.EXPECTED_FIREWALL_RULES.values())
response_403 = httplib2.Response({
'status': '403',
'content-type': 'application/json'
})
response_403.reason = 'Failed'
self.error_403 = project_enforcer.errors.HttpError(
response_403, '', '')
self.addCleanup(mock.patch.stopall)
def __init__(self,
project_id,
global_configs=None,
compute_service=None,
dry_run=False,
project_sema=None,
max_running_operations=0):
"""Initialize.
Args:
project_id (str): The project id for the project to enforce.
global_configs (dict): Global configurations.
compute_service (discovery.Resource): A Compute API service object.
If not provided, one will be created using the default
credentials.
dry_run (bool): Set to true to ensure no actual changes are made to
the project. EnforcePolicy will still return a ProjectResult
proto showing the changes that would have been made.
project_sema (threading.BoundedSemaphore): An optional semaphore
object, used to limit the number of concurrent projects getting
written to.
max_running_operations (int): Used to limit the number of concurrent
running operations on an API.
"""
self.project_id = project_id
if not compute_service:
gce_api = compute.ComputeClient(global_configs)
compute_service = gce_api.service
self.firewall_api = fe.ComputeFirewallAPI(compute_service,
dry_run=dry_run)
self.result = enforcer_log_pb2.ProjectResult()
self.result.status = STATUS_UNSPECIFIED
self.result.project_id = self.project_id
self.result.timestamp_sec = datelib.Timestamp.now().AsMicroTimestamp()
self._dry_run = dry_run
self._project_sema = project_sema
if max_running_operations:
self._operation_sema = threading.BoundedSemaphore(
value=max_running_operations)
else:
self._operation_sema = None
def test_enforce_single_project(self):
"""Verifies enforce_single_project returns the correct results.
Setup:
* Set API calls to return the different firewall rules from the new
policy on the first call, and the expected new firewall rules on the
second call.
* Load a mock policy file.
* Create a temporary directory for writing the dremel recordio table out
to.
* Send the policy and project to EnforceSingleProject.
Expected Results:
* The results proto returned matches the expected results.
"""
self.gce_service.firewalls().list().execute.side_effect = [
constants.DEFAULT_FIREWALL_API_RESPONSE,
constants.EXPECTED_FIREWALL_API_RESPONSE
]
policy_filename = get_datafile_path(__file__, 'sample_policy.json')
results = enforcer.enforce_single_project(self.enforcer, self.project,
policy_filename)
self.expected_summary.projects_total = 1
self.expected_summary.projects_success = 1
self.expected_summary.projects_changed = 1
self.expected_summary.projects_unchanged = 0
self.assertEqual(self.expected_summary, results.summary)
expected_results = enforcer_log_pb2.ProjectResult()
text_format.Merge(constants.SAMPLE_ENFORCER_PROJECTRESULTS_ASCIIPB,
expected_results)
expected_results.run_context = enforcer_log_pb2.ENFORCER_ONE_PROJECT
expected_results.gce_firewall_enforcement.policy_path = policy_filename
project_result = results.results[0]
self.assertEqual(expected_results, project_result)
def result_callback(result):
expected_result = enforcer_log_pb2.ProjectResult()
text_format.Merge(constants.SAMPLE_ENFORCER_PROJECTRESULTS_ASCIIPB,
expected_result)
self.assertEqual(expected_result, result)
callback_called[0] += 1
