Esempio n. 1
0
    def test_securitygroup_create_raise_securitygrouprule_create_failed(self):
        self.stubs.Set(self.manager.securitygroup_client,
                       "securitygroup_create", fake_securitygroup_create)
        self.mox.StubOutWithMock(
            self.manager.securitygrouprule_client, "securitygrouprule_create")
        self.manager.securitygrouprule_client.securitygrouprule_create(
            mox.IgnoreArg(),
            mox.IgnoreArg(),
            mox.IgnoreArg(),
            mox.IgnoreArg(),
            mox.IgnoreArg(),
            mox.IgnoreArg())\
            .AndRaise(exception.SecuritygroupCreateFailed())
        self.mox.StubOutWithMock(db, "securitygroup_update")
        values = {}
        values["status"] = "ERROR"
        values["neutron_securitygroup_id"] = fake_securitygroup_create(
            self.name)
        db.securitygroup_update(
            self.context, GID, self.securitygroup_id, values)
        self.mox.ReplayAll()

        self.manager.securitygroup_create(
            self.context, GID, self.securitygroup_id, self.name,
            self._securitygroups())
Esempio n. 2
0
    def test_securitygroup_create_raise_securitygroup_create_failed(self):
        self.mox.StubOutWithMock(
            self.manager.securitygroup_client, "securitygroup_create")
        self.manager.securitygroup_client.securitygroup_create(mox.IsA(str))\
            .AndRaise(exception.SecuritygroupCreateFailed())
        self.mox.StubOutWithMock(db, "securitygroup_update")
        db.securitygroup_update(
            self.context, GID, self.securitygroup_id, {"status": "ERROR"})
        self.mox.ReplayAll()

        self.manager.securitygroup_create(
            self.context, GID, self.securitygroup_id, self.name, [])
Esempio n. 3
0
    def test_create_raise_exception_by_scheduler_rpcapi(self):
        self.mox.StubOutWithMock(db, "securitygroup_update")
        db.securitygroup_update(IsA(context.RequestContext), IsA(unicode), IsA(unicode), IsA(dict))
        scheduler_rpcapi.SchedulerAPI.select_destinations(
            IsA(context.RequestContext), request_spec={}, filter_properties={}
        ).AndRaise(Exception())
        self.mox.ReplayAll()

        request_body = {"securitygroup": {"name": "test_securitygroup"}}

        url = get_base_url(GID)
        req = get_request(url, "POST", request_body)
        res = req.get_response(self.app)
        self.assertEqual(res.status_code, 500)
Esempio n. 4
0
    def test_securitygroup_create_no_securityrules(self):
        self.stubs.Set(self.manager.securitygroup_client,
                       "securitygroup_create", fake_securitygroup_create)
        self.mox.StubOutWithMock(db, "securitygroup_update")
        values = {}
        values["status"] = "ACTIVE"
        values["neutron_securitygroup_id"] = fake_securitygroup_create(
            self.name)
        db.securitygroup_update(
            self.context, GID, self.securitygroup_id, values)
        self.mox.ReplayAll()

        self.manager.securitygroup_create(
            self.context, GID, self.securitygroup_id, self.name, [])
Esempio n. 5
0
    def test_update_NotFound_db_securitygroup_create(self):
        self.mox.StubOutWithMock(db, "securitygroup_update")
        db.securitygroup_update(
            IsA(context.RequestContext),
            GID,
            SECURITYGROUP_ID,
            IsA(dict))\
            .AndRaise(exception.SecuritygroupNotFound(
                      securitygroup_id=SECURITYGROUP_ID))
        self.mox.ReplayAll()
        request_body = {"securitygroup": {"is_default": "true"}}

        url = get_base_url(GID) + "/" + SECURITYGROUP_ID
        req = get_request(url, 'PUT', request_body)
        res = req.get_response(self.app)

        self.assertEqual(res.status_code, 404)
Esempio n. 6
0
    def test_securitygroup_create_securitygroup_not_found(self):
        self.stubs.Set(self.manager.securitygroup_client,
                       "securitygroup_create", fake_securitygroup_create)
        self.mox.StubOutWithMock(db, "securitygroup_update")
        values = {}
        values["status"] = "ACTIVE"
        values["neutron_securitygroup_id"] = fake_securitygroup_create(
            self.name)
        db.securitygroup_update(self.context, GID, self.securitygroup_id,
                                values)\
            .AndRaise(exception.SecuritygroupNotFound(
                securitygroup_id=self.securitygroup_id))
        values["status"] = "ERROR"
        db.securitygroup_update(
            self.context, GID, self.securitygroup_id, values)
        self.mox.ReplayAll()

        self.manager.securitygroup_create(
            self.context, GID, self.securitygroup_id, self.name, [])
Esempio n. 7
0
 def test_securitygroup_update(self):
     gid = "12345678-1234-5678-9123-123456789012"
     self._create_group(gid)
     values_before = self._get_base_values(gid)
     securitygroup = db.securitygroup_create(self.user_ctxt, values_before)
     values = {
         "is_default": False,
         "status": "ACTIVE",
     }
     securitygroup_after = db.securitygroup_update(
         self.user_ctxt, gid, securitygroup["securitygroup_id"], values)
     self.assertEqual(securitygroup_after["is_default"], False)
     self.assertEqual(securitygroup_after["status"], "ACTIVE")
Esempio n. 8
0
    def test_create_raise_exception_by_operator_rpcapi(self):
        name = "test_securitygroup"
        request_body = {"securitygroup": {"name": name}}

        self.mox.StubOutWithMock(db, "securitygroup_update")
        db.securitygroup_update(IsA(context.RequestContext), GID, IsA(unicode), {"status": "ERROR"})
        scheduler_rpcapi.SchedulerAPI.select_destinations(
            IsA(context.RequestContext), request_spec={}, filter_properties={}
        ).AndReturn({"host": "fake_host"})
        operator_rpcapi.ResourceOperatorAPI.securitygroup_create(
            IsA(context.RequestContext),
            "fake_host",
            gid=GID,
            securitygroup_id=IsA(unicode),
            name=name,
            securitygrouprules=[],
        ).AndRaise(Exception())
        self.mox.ReplayAll()

        url = get_base_url(GID)
        req = get_request(url, "POST", request_body)
        res = req.get_response(self.app)
        self.assertEqual(res.status_code, 500)
Esempio n. 9
0
 def securitygroup_create(self, context, gid, securitygroup_id, name,
                          securitygrouprules):
     values = {}
     try:
         values["neutron_securitygroup_id"] =\
             self.securitygroup_client.securitygroup_create(name)
         for securitygrouprule in securitygrouprules:
             self.securitygrouprule_client.securitygrouprule_create(
                 neutron_securitygroup_id=values[
                     "neutron_securitygroup_id"],
                 protocol=securitygrouprule.get("protocol"),
                 port_range_min=securitygrouprule.get("port_range_min"),
                 port_range_max=securitygrouprule.get("port_range_max"),
                 remote_neutron_securitygroup_id=securitygrouprule.get(
                     "remote_neutron_securitygroup_id"),
                 remote_ip_prefix=securitygrouprule.get("remote_ip_prefix")
             )
         values["status"] = "ACTIVE"
         db.securitygroup_update(context, gid, securitygroup_id, values)
     except Exception as e:
         values["status"] = "ERROR"
         db.securitygroup_update(context, gid, securitygroup_id, values)
         LOG.exception(e)
Esempio n. 10
0
    def update(self, req, body, gid, securitygroup_id):

        def _validate(body, gid, securitygroup_id):
            if not self.is_valid_body(body, 'securitygroup'):
                msg = _("Invalid request body")
                raise exception.InvalidInput(reason=msg)

            values = body["securitygroup"]
            is_default = values.get("is_default")

            if not uuidutils.is_uuid_like(gid):
                raise exception.GroupNotFound(gid=gid)

            if not uuidutils.is_uuid_like(securitygroup_id):
                raise exception.SecuritygroupNotFound(
                    securitygroup_id=securitygroup_id)

            if is_default:
                try:
                    is_default = strutils.bool_from_string(
                        is_default, strict=True)
                except ValueError:
                    msg = _("is_default must be a boolean")
                    raise exception.InvalidInput(reason=msg)
            else:
                msg = _("SecurityGroup is_default is required")
                raise exception.InvalidInput(reason=msg)

            valid_values = {}
            valid_values["is_default"] = is_default
            return valid_values

        try:
            values = _validate(body, gid, securitygroup_id)
            context = req.environ['rack.context']
            securitygroup = db.securitygroup_update(
                context, gid, securitygroup_id, values)
        except exception.InvalidInput as exc:
            raise webob.exc.HTTPBadRequest(explanation=exc.format_message())
        except exception.NotFound as exc:
            raise webob.exc.HTTPNotFound(explanation=exc.format_message())

        return self._view_builder.update(securitygroup)
Esempio n. 11
0
    def create(self, req, body, gid):

        def _validate_securitygroup(gid, body):
            if not uuidutils.is_uuid_like(gid):
                raise exception.GroupNotFound(gid=gid)

            if not self.is_valid_body(body, 'securitygroup'):
                msg = _("Invalid request body")
                raise exception.InvalidInput(reason=msg)

            values = body["securitygroup"]
            name = values.get("name")
            is_default = values.get("is_default")

            if isinstance(name, six.string_types):
                name = name.strip()
                utils.check_string_length(name, 'name', min_length=1,
                                          max_length=255)

            if is_default:
                try:
                    is_default = strutils.bool_from_string(
                        is_default, strict=True)
                except ValueError:
                    msg = _("is_default must be a boolean")
                    raise exception.InvalidInput(reason=msg)
            else:
                is_default = False

            valid_values = {}
            valid_values["gid"] = gid
            valid_values["display_name"] = name
            valid_values["is_default"] = is_default
            return valid_values

        def _validate_securitygrouprules(securitygrouprules):

            valid_securitygrouprules = []
            for securitygroup in securitygrouprules:
                protocol = securitygroup.get("protocol")
                port_range_max = securitygroup.get("port_range_max")
                port_range_min = securitygroup.get("port_range_min")
                remote_securitygroup_id = securitygroup.get(
                    "remote_securitygroup_id")
                remote_ip_prefix = securitygroup.get("remote_ip_prefix")

                if not protocol:
                    msg = _("SecurityGroupRule protocol is required")
                    raise exception.InvalidInput(reason=msg)
                elif not utils.is_valid_protocol(protocol):
                    msg = _(
                        "SecurityGroupRule protocol should be tcp or udp or "
                        "icmp")
                    raise exception.InvalidInput(reason=msg)

                if not remote_securitygroup_id and not remote_ip_prefix:
                    msg = _(
                        "SecurityGroupRule either remote_securitygroup_id or "
                        "remote_ip_prefix is required")
                    raise exception.InvalidInput(reason=msg)
                elif remote_securitygroup_id and remote_ip_prefix:
                    msg = _(
                        "SecurityGroupRule either remote_securitygroup_id or "
                        "remote_ip_prefix is required")
                    raise exception.InvalidInput(reason=msg)
                elif remote_securitygroup_id is not None:
                    if not uuidutils.is_uuid_like(remote_securitygroup_id):
                        raise exception.SecuritygroupNotFound(
                            securitygroup_id=remote_securitygroup_id)
                elif remote_ip_prefix is not None:
                    if not utils.is_valid_cidr(remote_ip_prefix):
                        msg = _(
                            "SecurityGroupRule remote_ip_prefix should be "
                            "cidr format")
                        raise exception.InvalidInput(reason=msg)

                if protocol in ["tcp", "udp"]:
                    if port_range_max is None:
                        msg = _("SecurityGroupRule port_range_max is "
                                "required")
                        raise exception.InvalidInput(reason=msg)
                    utils.validate_integer(
                        port_range_max, 'port_range_max', min_value=1,
                        max_value=65535)
                    if port_range_min:
                        utils.validate_integer(
                            port_range_min, 'port_range_min', min_value=1,
                            max_value=65535)
                        if port_range_min > port_range_max:
                            msg = _(
                                "SecurityGroupRule port_range_min should be "
                                "lower than port_range_max")
                            raise exception.InvalidInput(reason=msg)
                elif protocol == "icmp":
                    port_range_max = None
                    port_range_min = None

                valid_securitygrouprules.append({
                    "protocol": protocol,
                    "port_range_max": port_range_max,
                    "port_range_min": port_range_min,
                    "remote_securitygroup_id": remote_securitygroup_id,
                    "remote_ip_prefix": unicode(netaddr
                                                .IPNetwork(remote_ip_prefix))
                    if remote_ip_prefix else remote_ip_prefix
                })
            return valid_securitygrouprules

        try:
            context = req.environ['rack.context']
            values = _validate_securitygroup(gid, body)
            if(body["securitygroup"].get("securitygrouprules")):
                securitygrouprules = _validate_securitygrouprules(
                    body["securitygroup"].get("securitygrouprules"))
            else:
                securitygrouprules = []
        except exception.InvalidInput as exc:
            raise webob.exc.HTTPBadRequest(explanation=exc.format_message())
        except exception.NotFound as exc:
            raise webob.exc.HTTPNotFound(explanation=exc.format_message())

        values["deleted"] = 0
        values["status"] = "BUILDING"
        values["securitygroup_id"] = unicode(uuid.uuid4())
        values["user_id"] = context.user_id
        values["project_id"] = context.project_id
        values["display_name"] = values[
            "display_name"] or "sec-" + values["securitygroup_id"]

        try:
            for i in range(len(securitygrouprules)):
                if securitygrouprules[i]["remote_securitygroup_id"]:
                    securitygroup = db\
                        .securitygroup_get_by_securitygroup_id(
                            context, gid,
                            securitygrouprules[i]["remote_securitygroup_id"])
                    remote_neutron_securitygroup_id = securitygroup.get(
                        "neutron_securitygroup_id")
                    securitygrouprules[i][
                        "remote_neutron_securitygroup_id"] =\
                        remote_neutron_securitygroup_id
            db.group_get_by_gid(context, gid)
            securitygroup = db.securitygroup_create(context, values)
        except exception.NotFound as exc:
            raise webob.exc.HTTPNotFound(explanation=exc.format_message())

        try:
            host = self.scheduler_rpcapi.select_destinations(
                context,
                request_spec={},
                filter_properties={})
            self.operator_rpcapi.securitygroup_create(
                context,
                host["host"],
                gid=gid,
                securitygroup_id=values["securitygroup_id"],
                name=values["display_name"],
                securitygrouprules=securitygrouprules)
        except Exception:
            securitygroup_id = values["securitygroup_id"]
            db.securitygroup_update(
                context, gid, securitygroup_id, {"status": "ERROR"})
            raise exception.SecuritygroupCreateFailed()

        return self._view_builder.create(securitygroup)