def test_create_delete_security_group(self):
secgroup = objects.SecGroupTestObj(self.neutron, self.nb_api)
self.addCleanup(secgroup.close)
sg_id = secgroup.create()
self.assertTrue(secgroup.exists())
secgroup_obj = secgroups.SecurityGroup(id=sg_id)
version1 = self.nb_api.get(secgroup_obj).version
secgroup.update()
self.assertTrue(secgroup.exists())
secgroup_obj = secgroups.SecurityGroup(id=sg_id)
version2 = self.nb_api.get(secgroup_obj).version
self.assertNotEqual(version1, version2)
secgroup.close()
self.assertFalse(secgroup.exists())
def _get_another_security_group(self, is_ipv6=False):
fake_security_group = secgroups.SecurityGroup(
name="fake_security_group",
topic="fake_tenant1",
version=5,
unique_key=2,
id="fake_security_group_id2",
rules=[
secgroups.SecurityGroupRule(
direction="egress",
security_group_id="fake_security_group_id2",
ethertype=self._get_ether_type(is_ipv6),
topic="fake_tenant1",
protocol="tcp",
port_range_max=None,
port_range_min=None,
remote_group_id=None,
remote_ip_prefix=self._get_ip_prefix(is_ipv6),
id="fake_security_group_rule_5"),
secgroups.SecurityGroupRule(
direction="ingress",
security_group_id="fake_security_group_id2",
ethertype=self._get_ether_type(is_ipv6),
topic="fake_tenant1",
port_range_max=None,
port_range_min=None,
protocol=None,
remote_group_id="fake_security_group_id2",
remote_ip_prefix=None,
id="fake_security_group_rule_6")
])
return fake_security_group
def rule_exists(self, secrule_id):
sg_obj = secgroups.SecurityGroup(id=self.secgroup_id)
secgroup = self.nb_api.get(sg_obj)
if secgroup:
for rule in secgroup.rules:
if rule.id == secrule_id:
return True
return False
def security_group_from_neutron_obj(secgroup):
sg_name = secgroup.get('name', df_const.DF_SG_DEFAULT_NAME)
rules = secgroup.get('security_group_rules', [])
rules_mdls = [security_group_rule_from_neutron_obj(rule) for rule in rules]
return secgroups.SecurityGroup(id=secgroup['id'],
topic=secgroup['tenant_id'],
name=sg_name,
rules=rules_mdls,
version=secgroup['revision_number'])
def security_group_from_neutron_obj(secgroup):
sg_name = secgroup.get('name')
rules = secgroup.get('security_group_rules', [])
rules_mdls = [security_group_rule_from_neutron_obj(rule) for rule in rules]
topic = df_utils.get_obj_topic(secgroup)
return secgroups.SecurityGroup(
id=secgroup['id'],
topic=topic,
name=sg_name,
rules=rules_mdls,
version=secgroup['revision_number'])
def test_sg_version(self):
secgroup = objects.SecGroupTestObj(self.neutron, self.nb_api)
self.addCleanup(secgroup.close)
sg_id = secgroup.create()
self.assertTrue(secgroup.exists())
sg_obj = secgroups.SecurityGroup(id=sg_id)
version = self.nb_api.get(sg_obj).version
secrule_id = secgroup.rule_create()
self.assertTrue(secgroup.rule_exists(secrule_id))
sg_obj = secgroups.SecurityGroup(id=sg_id)
new_version = self.nb_api.get(sg_obj).version
self.assertGreater(new_version, version)
secgroup.rule_delete(secrule_id)
self.assertFalse(secgroup.rule_exists(secrule_id))
version = new_version
sg_obj = secgroups.SecurityGroup(id=sg_id)
new_version = self.nb_api.get(sg_obj).version
self.assertGreater(new_version, version)
secgroup.close()
self.assertFalse(secgroup.exists())
def delete_security_group(self, resource, event, trigger, **kwargs):
sg = kwargs['security_group']
sg_obj = secgroups.SecurityGroup(id=sg['id'], topic=sg['tenant_id'])
self.nb_api.delete(sg_obj)
LOG.info("DFMechDriver: delete security group %s", sg['id'])
fake_security_group = secgroups.SecurityGroup(
name="fake_security_group",
topic="fake_tenant1",
version=5,
unique_key=1,
id="fake_security_group_id1",
rules=[
secgroups.SecurityGroupRule(
direction="egress",
security_group_id="fake_security_group_id1",
ethertype=n_const.IPv4,
topic="fake_tenant1",
port_range_max=53,
port_range_min=53,
protocol=n_const.PROTO_NUM_UDP,
remote_group_id=None,
remote_ip_prefix="192.168.180.0/28",
id="fake_security_group_rule_1"),
secgroups.SecurityGroupRule(
direction="ingress",
security_group_id="fake_security_group_id1",
ethertype="IPv4",
topic="fake_tenant1",
port_range_max=None,
port_range_min=None,
protocol=None,
remote_group_id="fake_security_group_id1",
remote_ip_prefix=None,
id="fake_security_group_rule_2"),
secgroups.SecurityGroupRule(
direction="egress",
security_group_id="fake_security_group_id1",
ethertype=n_const.IPv6,
topic="fake_tenant1",
port_range_max=53,
port_range_min=53,
protocol=n_const.PROTO_NUM_UDP,
remote_group_id=None,
remote_ip_prefix="1111::/64",
id="fake_security_group_rule_3"),
secgroups.SecurityGroupRule(
direction="ingress",
security_group_id="fake_security_group_id1",
ethertype=n_const.IPv6,
topic="fake_tenant1",
port_range_max=None,
port_range_min=None,
protocol=None,
remote_group_id="fake_security_group_id1",
remote_ip_prefix=None,
id="fake_security_group_rule_4")
])
def test_delete_security_group(self):
sg = self._test_create_security_group_revision()
self.driver.delete_security_group(self.context, sg['id'])
self.nb_api.delete.assert_called_with(
secgroups.SecurityGroup(id=sg['id'], topic=sg['project_id']))
def exists(self):
sg_obj = secgroups.SecurityGroup(id=self.secgroup_id)
secgroup = self.nb_api.get(sg_obj)
if secgroup:
return True
return False
def delete_security_group(self, resource, event, trigger, payload=None):
sg = payload.latest_state
topic = df_utils.get_obj_topic(sg)
sg_obj = secgroups.SecurityGroup(id=sg['id'], topic=topic)
self.nb_api.delete(sg_obj)
LOG.info("DFMechDriver: delete security group %s", sg['id'])
def delete_security_group(self, resource, event, trigger, **kwargs):
sg = kwargs['security_group']
topic = df_utils.get_obj_topic(sg)
sg_obj = secgroups.SecurityGroup(id=sg['id'], topic=topic)
self.nb_api.delete(sg_obj)
LOG.info("DFMechDriver: delete security group %s", sg['id'])
