def test_policy_insert_rule(self):
policy = self.fw_policies_v2.first()
tenant_id = self.tenant.id
rules = self.fw_rules_v2.list()
new_rule_id = rules[2].id
data = {
'firewall_rule_id': new_rule_id,
'insert_before': rules[1].id,
'insert_after': rules[0].id
}
api_fwaas_v2.policy_get(IsA(http.HttpRequest),
policy.id).AndReturn(policy)
policy.firewall_rules = [rules[0].id, new_rule_id, rules[1].id]
api_fwaas_v2.rule_list_for_tenant(IsA(http.HttpRequest),
tenant_id).AndReturn(rules)
api_fwaas_v2.rule_get(IsA(http.HttpRequest),
new_rule_id).AndReturn(rules[2])
api_fwaas_v2.policy_insert_rule(IsA(http.HttpRequest), policy.id,
**data).AndReturn(policy)
self.mox.ReplayAll()
res = self.client.post(
reverse(self.INSERTRULE_PATH, args=(policy.id, )), data)
self.assertNoFormErrors(res)
self.assertRedirectsNoFollow(res, str(self.INDEX_URL))
def set_up_expect_with_exception(self):
tenant_id = self.tenant.id
api_fwaas_v2.rule_list_for_tenant(IsA(
http.HttpRequest), tenant_id).AndRaise(self.exceptions.neutron)
api_fwaas_v2.policy_list_for_tenant(IsA(
http.HttpRequest), tenant_id).AndRaise(self.exceptions.neutron)
api_fwaas_v2.firewall_list_for_tenant(IsA(
http.HttpRequest), tenant_id).AndRaise(self.exceptions.neutron)
def test_delete_rule(self):
rule = self.fw_rules_v2.list()[2]
api_fwaas_v2.rule_list_for_tenant(IsA(http.HttpRequest),
self.tenant.id).AndReturn(
self.fw_rules_v2.list())
api_fwaas_v2.rule_delete(IsA(http.HttpRequest), rule.id)
self.mox.ReplayAll()
form_data = {"action": "rulestable__deleterule__%s" % rule.id}
res = self.client.post(self.INDEX_URL, form_data)
self.assertNoFormErrors(res)
def __init__(self, request, *args, **kwargs):
super(InsertRuleToPolicy, self).__init__(request, *args, **kwargs)
try:
tenant_id = self.request.user.tenant_id
all_rules = api_fwaas_v2.rule_list_for_tenant(request, tenant_id)
all_rules = sorted(all_rules, key=attrgetter('name_or_id'))
available_rules = [r for r in all_rules]
current_rules = []
for x in kwargs['initial']['firewall_rules']:
r_obj = [rule for rule in all_rules if x == rule.id][0]
current_rules.append(r_obj)
available_choices = [(r.id, r.name_or_id) for r in available_rules]
current_choices = [(r.id, r.name_or_id) for r in current_rules]
except Exception as e:
msg = _('Failed to retrieve available rules: %s') % e
redirect = reverse(self.failure_url)
exceptions.handle(request, msg, redirect=redirect)
self.fields['firewall_rule_id'].choices = available_choices
self.fields['insert_before'].choices = [('', _('-'))] + current_choices
self.fields['insert_after'].choices = [('', _('-'))] + current_choices
def test_add_policy_post_with_error(self):
policy = self.fw_policies_v2.first()
rules = self.fw_rules_v2.list()
tenant_id = self.tenant.id
form_data = {
'description': policy.description,
'firewall_rules': None,
'shared': policy.shared,
'audited': policy.audited
}
api_fwaas_v2.rule_list_for_tenant(IsA(http.HttpRequest),
tenant_id).AndReturn(rules)
self.mox.ReplayAll()
res = self.client.post(reverse(self.ADDPOLICY_PATH), form_data)
self.assertFormErrors(res, 1)
def populate_rule_choices(self, request, context):
try:
tenant_id = self.request.user.tenant_id
rules = api_fwaas_v2.rule_list_for_tenant(request, tenant_id)
rules = sorted(rules, key=attrgetter('name_or_id'))
rule_list = [(rule.id, rule.name_or_id) for rule in rules]
except Exception as e:
rule_list = []
exceptions.handle(request, _('Unable to retrieve rules (%s).') % e)
return rule_list
def set_up_expect(self):
tenant_id = self.tenant.id
# retrieves firewallgroups
firewallgroups = self.firewall_groups_v2.list()
api_fwaas_v2.firewall_list_for_tenant(IsA(
http.HttpRequest), tenant_id).AndReturn(firewallgroups)
# retrieves policies
# TODO(amotoki): get_firewallgroupstable_data() also calls
# policy_list_for_tenant(). This needs to be clean up.
policies = self.fw_policies_v2.list()
api_fwaas_v2.policy_list_for_tenant(IsA(http.HttpRequest),
tenant_id).AndReturn(policies)
api_fwaas_v2.policy_list_for_tenant(IsA(http.HttpRequest),
tenant_id).AndReturn(policies)
# retrieve rules
api_fwaas_v2.rule_list_for_tenant(IsA(
http.HttpRequest), tenant_id).AndReturn(self.fw_rules_v2.list())
def get_rulestable_data(self):
try:
tenant_id = self.request.user.tenant_id
request = self.tab_group.request
rules = api_fwaas_v2.rule_list_for_tenant(request, tenant_id)
except Exception:
rules = []
exceptions.handle(self.tab_group.request,
_('Unable to retrieve rules list.'))
return rules
def test_add_policy_post(self):
policy = self.fw_policies_v2.first()
rules = self.fw_rules_v2.list()
tenant_id = self.tenant.id
form_data = {
'name': policy.name,
'description': policy.description,
'firewall_rules': policy.firewall_rules,
'shared': policy.shared,
'audited': policy.audited
}
post_data = {
'name': policy.name,
'description': policy.description,
'rule': policy.firewall_rules,
'shared': policy.shared,
'audited': policy.audited
}
# NOTE: SelectRulesAction.populate_rule_choices() lists rule not
# associated with any policy. We need to ensure that rules specified
# in policy.firewall_rules in post_data (above) are not associated
# with any policy. Test data in neutron_data is data in a stable state,
# so we need to modify here.
for rule in rules:
if rule.id in policy.firewall_rules:
rule.firewall_policy_id = rule.policy = None
api_fwaas_v2.rule_list_for_tenant(IsA(http.HttpRequest),
tenant_id).AndReturn(rules)
api_fwaas_v2.policy_create(IsA(http.HttpRequest),
**form_data).AndReturn(policy)
self.mox.ReplayAll()
res = self.client.post(reverse(self.ADDPOLICY_PATH), post_data)
self.assertNoFormErrors(res)
self.assertRedirectsNoFollow(res, str(self.INDEX_URL))
def test_policy_remove_rule(self):
policy = self.fw_policies_v2.first()
tenant_id = self.tenant.id
rules = self.fw_rules_v2.list()
remove_rule_id = policy.firewall_rules[0]
left_rule_id = policy.firewall_rules[1]
data = {'firewall_rule_id': remove_rule_id}
after_remove_policy_dict = {
'id': 'abcdef-c3eb-4fee-9763-12de3338041e',
'tenant_id': '1',
'name': 'policy1',
'description': 'policy description',
'firewall_rules': [left_rule_id],
'audited': True,
'shared': True
}
after_remove_policy = api_fwaas_v2.Policy(after_remove_policy_dict)
api_fwaas_v2.policy_get(IsA(http.HttpRequest),
policy.id).AndReturn(policy)
api_fwaas_v2.rule_list_for_tenant(IsA(http.HttpRequest),
tenant_id).AndReturn(rules)
api_fwaas_v2.rule_get(IsA(http.HttpRequest),
remove_rule_id).AndReturn(rules[0])
api_fwaas_v2.policy_remove_rule(IsA(http.HttpRequest), policy.id, **data)\
.AndReturn(after_remove_policy)
self.mox.ReplayAll()
res = self.client.post(
reverse(self.REMOVERULE_PATH, args=(policy.id, )), data)
self.assertNoFormErrors(res)
self.assertRedirectsNoFollow(res, str(self.INDEX_URL))
def test_rule_list_for_tenant(self):
tenant_id = self.request.user.project_id
exp_rules = self.fw_rules_v2.list()
api_rules = {'firewall_rules': self.api_fw_rules_v2.list()}
neutronclient.list_fwaas_firewall_rules(tenant_id=tenant_id,
shared=False).AndReturn(
{'firewall_rules': []})
neutronclient.list_fwaas_firewall_rules(shared=True) \
.AndReturn(api_rules)
self.mox.ReplayAll()
ret_val = api_fwaas_v2.rule_list_for_tenant(self.request, tenant_id)
for (v, d) in zip(ret_val, exp_rules):
self._assert_rule_return_value(v, d)
def test_rule_list_for_tenant(self):
tenant_id = self.request.user.project_id
exp_rules = self.fw_rules_v2.list()
api_rules = {'firewall_rules': self.api_fw_rules_v2.list()}
self.mock_list_fwaas_firewall_rules.side_effect = [
{
'firewall_rules': []
},
api_rules,
]
ret_val = api_fwaas_v2.rule_list_for_tenant(self.request, tenant_id)
for (v, d) in zip(ret_val, exp_rules):
self._assert_rule_return_value(v, d)
self.assertEqual(2, self.mock_list_fwaas_firewall_rules.call_count)
self.mock_list_fwaas_firewall_rules.assert_has_calls([
mock.call(tenant_id=tenant_id, shared=False),
mock.call(shared=True),
])
def __init__(self, request, *args, **kwargs):
super(RemoveRuleFromPolicy, self).__init__(request, *args, **kwargs)
try:
tenant_id = request.user.tenant_id
all_rules = api_fwaas_v2.rule_list_for_tenant(request, tenant_id)
current_rules = []
for r in kwargs['initial']['firewall_rules']:
r_obj = [rule for rule in all_rules if r == rule.id][0]
current_rules.append(r_obj)
current_choices = [(r.id, r.name_or_id) for r in current_rules]
except Exception as e:
msg = (_('Failed to retrieve current rules in policy %(name)s: '
'%(reason)s') %
{'name': self.initial['name'], 'reason': e})
redirect = reverse(self.failure_url)
exceptions.handle(request, msg, redirect=redirect)
self.fields['firewall_rule_id'].choices = current_choices
