def test_create_security_group(self): security_group.security_group_engine = ( security_group.SecurityGroupEngineNeutron()) self.set_mock_db_items(fakes.DB_VPC_1, fakes.DB_SECURITY_GROUP_1) self.neutron.list_security_groups.return_value = ({ 'security_groups': [copy.deepcopy(fakes.OS_SECURITY_GROUP_1)] }) self.db_api.add_item.return_value = fakes.DB_SECURITY_GROUP_2 self.nova.security_groups.create.return_value = ( fakes.NovaSecurityGroup(fakes.OS_SECURITY_GROUP_2)) resp = self.execute('CreateSecurityGroup', { 'GroupName': 'groupname', 'GroupDescription': 'Group description' }) self.nova.security_groups.create.assert_called_once_with( 'groupname', 'Group description') self.nova.security_groups.reset_mock() resp = self.execute( 'CreateSecurityGroup', { 'VpcId': fakes.ID_EC2_VPC_1, 'GroupName': 'groupname', 'GroupDescription': 'Group description' }) self.assertEqual(fakes.ID_EC2_SECURITY_GROUP_2, resp['groupId']) self.db_api.add_item.assert_called_once_with( mock.ANY, 'sg', tools.purge_dict(fakes.DB_SECURITY_GROUP_2, ('id', )), project_id=None) self.nova.security_groups.create.assert_called_once_with( 'groupname', 'Group description')
def test_describe_security_groups(self): security_group.security_group_engine = ( security_group.SecurityGroupEngineNeutron()) self.set_mock_db_items(fakes.DB_SECURITY_GROUP_1, fakes.DB_SECURITY_GROUP_2) self.neutron.list_security_groups.return_value = ({ 'security_groups': [ copy.deepcopy(fakes.OS_SECURITY_GROUP_1), fakes.OS_SECURITY_GROUP_2, fakes.OS_SECURITY_GROUP_3 ] }) resp = self.execute('DescribeSecurityGroups', {}) self.assertThat( resp['securityGroupInfo'], matchers.ListMatches([ fakes.EC2_SECURITY_GROUP_1, fakes.EC2_SECURITY_GROUP_2, fakes.EC2_SECURITY_GROUP_3 ], orderless_lists=True)) resp = self.execute('DescribeSecurityGroups', {'GroupName.1': 'groupname2'}) self.assertThat( resp['securityGroupInfo'], matchers.ListMatches([fakes.EC2_SECURITY_GROUP_2], orderless_lists=True)) self.db_api.get_items_by_ids = tools.CopyingMock( return_value=[fakes.DB_SECURITY_GROUP_2]) resp = self.execute('DescribeSecurityGroups', {'GroupId.1': fakes.ID_EC2_SECURITY_GROUP_2}) self.assertThat( resp['securityGroupInfo'], matchers.ListMatches([fakes.EC2_SECURITY_GROUP_2], orderless_lists=True)) self.db_api.get_items_by_ids.assert_called_once_with( mock.ANY, set([fakes.ID_EC2_SECURITY_GROUP_2])) self.check_filtering( 'DescribeSecurityGroups', 'securityGroupInfo', [ ('vpc-id', fakes.ID_EC2_VPC_1), ('group-name', fakes.NAME_DEFAULT_OS_SECURITY_GROUP), ('group-id', fakes.ID_EC2_SECURITY_GROUP_1), ('description', fakes.EC2_SECURITY_GROUP_1['groupDescription']), ('ip-permission.protocol', 'tcp'), ('ip-permission.to-port', 10), ('ip-permission.from-port', 10), ('ip-permission.cidr', '192.168.1.0/24'), # TODO(andrey-mp): declare this data in fakes # ('ip-permission.group-id', fakes.ID_EC2_SECURITY_GROUP_1), # ('ip-permission.group-name', 'default'), # ('ip-permission.user-id', fakes.ID_OS_PROJECT), ('owner-id', fakes.ID_OS_PROJECT) ]) self.check_tag_support('DescribeSecurityGroups', 'securityGroupInfo', fakes.ID_EC2_SECURITY_GROUP_2, 'groupId')
def test_delete_security_group_is_in_use(self): security_group.security_group_engine = ( security_group.SecurityGroupEngineNeutron()) self.set_mock_db_items(fakes.DB_SECURITY_GROUP_1) self.neutron.delete_security_group.side_effect = ( neutron_exception.Conflict()) self.assert_execution_error('DependencyViolation', 'DeleteSecurityGroup', {'GroupId': fakes.ID_EC2_SECURITY_GROUP_1}) self.assertEqual(0, self.db_api.delete_item.call_count)
def test_delete_security_group(self): security_group.security_group_engine = ( security_group.SecurityGroupEngineNeutron()) self.set_mock_db_items(fakes.DB_SECURITY_GROUP_1) resp = self.execute('DeleteSecurityGroup', {'GroupId': fakes.ID_EC2_SECURITY_GROUP_1}) self.assertEqual(True, resp['return']) self.db_api.get_item_by_id.assert_any_call( mock.ANY, fakes.ID_EC2_SECURITY_GROUP_1) self.db_api.delete_item.assert_called_once_with( mock.ANY, fakes.ID_EC2_SECURITY_GROUP_1) self.neutron.delete_security_group.assert_called_once_with( fakes.ID_OS_SECURITY_GROUP_1) self.db_api.delete_item.reset_mock() self.neutron.delete_security_group.reset_mock() self.configure(disable_ec2_classic=True) self.add_mock_db_items(fakes.DB_VPC_DEFAULT, fakes.DB_SECURITY_GROUP_DEFAULT, fakes.DB_SECURITY_GROUP_2, fakes.DB_SECURITY_GROUP_6) self.neutron.list_security_groups.return_value = ({ 'security_groups': [ copy.deepcopy(fakes.OS_SECURITY_GROUP_1), fakes.OS_SECURITY_GROUP_2, fakes.OS_SECURITY_GROUP_4, fakes.OS_SECURITY_GROUP_DEFAULT ] }) self.assert_execution_error('InvalidGroup.NotFound', 'DeleteSecurityGroup', {'GroupName': 'groupname2'}) self.db_api.delete_item.reset_mock() self.neutron.delete_security_group.reset_mock() self.add_mock_db_items(fakes.DB_SECURITY_GROUP_5) self.neutron.list_security_groups.return_value = ({ 'security_groups': [ copy.deepcopy(fakes.OS_SECURITY_GROUP_1), fakes.OS_SECURITY_GROUP_2, fakes.OS_SECURITY_GROUP_4, fakes.OS_SECURITY_GROUP_5, fakes.OS_SECURITY_GROUP_DEFAULT ] }) resp = self.execute('DeleteSecurityGroup', {'GroupName': 'groupname2'}) self.assertEqual(True, resp['return']) self.db_api.get_item_by_id.assert_any_call( mock.ANY, fakes.ID_EC2_SECURITY_GROUP_5) self.db_api.delete_item.assert_called_with( mock.ANY, fakes.ID_EC2_SECURITY_GROUP_5) self.neutron.delete_security_group.assert_called_once_with( fakes.ID_OS_SECURITY_GROUP_5)
def test_create_security_group_over_quota(self): security_group.security_group_engine = ( security_group.SecurityGroupEngineNeutron()) self.nova.security_groups.create.side_effect = ( nova_exception.OverLimit(413)) self.assert_execution_error( 'ResourceLimitExceeded', 'CreateSecurityGroup', { 'VpcId': fakes.ID_EC2_VPC_1, 'GroupName': 'groupname', 'GroupDescription': 'Group description' }) self.nova.security_groups.create.assert_called_once_with( 'groupname', 'Group description')
def test_delete_security_group(self): security_group.security_group_engine = ( security_group.SecurityGroupEngineNeutron()) self.set_mock_db_items(fakes.DB_SECURITY_GROUP_1) resp = self.execute('DeleteSecurityGroup', {'GroupId': fakes.ID_EC2_SECURITY_GROUP_1}) self.assertEqual(True, resp['return']) self.db_api.get_item_by_id.assert_any_call( mock.ANY, fakes.ID_EC2_SECURITY_GROUP_1) self.db_api.delete_item.assert_called_once_with( mock.ANY, fakes.ID_EC2_SECURITY_GROUP_1) self.neutron.delete_security_group.assert_called_once_with( fakes.ID_OS_SECURITY_GROUP_1)
def test_repair_default_security_group(self): security_group.security_group_engine = ( security_group.SecurityGroupEngineNeutron()) self.db_api.add_item.return_value = fakes.DB_SECURITY_GROUP_1 self.nova.security_groups.create.return_value = ( fakes.NovaSecurityGroup(fakes.OS_SECURITY_GROUP_1)) self.set_mock_db_items(fakes.DB_VPC_1, fakes.DB_SECURITY_GROUP_1, fakes.DB_SECURITY_GROUP_2) self.neutron.list_security_groups.return_value = ({ 'security_groups': [fakes.OS_SECURITY_GROUP_2] }) resp = self.execute('DescribeSecurityGroups', {}) self.db_api.add_item.assert_called_once_with( mock.ANY, 'sg', tools.purge_dict(fakes.DB_SECURITY_GROUP_1, ('id', ))) self.nova.security_groups.create.assert_called_once_with( fakes.ID_EC2_VPC_1, 'Default VPC security group')
def test_revoke_security_group_egress_groups(self): security_group.security_group_engine = ( security_group.SecurityGroupEngineNeutron()) self.set_mock_db_items(fakes.DB_SECURITY_GROUP_1, fakes.DB_SECURITY_GROUP_2) self.neutron.show_security_group.return_value = { 'security_group': fakes.OS_SECURITY_GROUP_2 } self.neutron.delete_security_group_rule.return_value = True self.execute( 'RevokeSecurityGroupEgress', { 'GroupId': fakes.ID_EC2_SECURITY_GROUP_2, 'IpPermissions.1.FromPort': '10', 'IpPermissions.1.IpProtocol': '100', 'IpPermissions.1.Groups.1.GroupId': fakes.ID_EC2_SECURITY_GROUP_1 }) self.neutron.show_security_group.assert_called_once_with( fakes.ID_OS_SECURITY_GROUP_2) self.neutron.delete_security_group_rule.assert_called_once_with( fakes.OS_SECURITY_GROUP_RULE_2['id'])
def test_describe_security_groups_no_default_vpc(self, check_and_create): self.configure(disable_ec2_classic=True) security_group.security_group_engine = ( security_group.SecurityGroupEngineNeutron()) def mock_check_and_create(context): self.set_mock_db_items(fakes.DB_VPC_DEFAULT, fakes.DB_SECURITY_GROUP_DEFAULT) self.neutron.list_security_groups.return_value = ({ 'security_groups': [fakes.OS_SECURITY_GROUP_DEFAULT] }) check_and_create.side_effect = mock_check_and_create resp = self.execute('DescribeSecurityGroups', {}) self.assertThat( resp['securityGroupInfo'], matchers.ListMatches([fakes.EC2_SECURITY_GROUP_DEFAULT], orderless_lists=True)) check_and_create.assert_called_once_with(mock.ANY)
def test_delete_security_group_invalid(self): security_group.security_group_engine = ( security_group.SecurityGroupEngineNeutron()) self.set_mock_db_items(fakes.DB_SECURITY_GROUP_1, fakes.DB_VPC_1) self.neutron.show_security_group.return_value = ({ 'security_group': fakes.OS_SECURITY_GROUP_1 }) self.assert_execution_error('CannotDelete', 'DeleteSecurityGroup', {'GroupId': fakes.ID_EC2_SECURITY_GROUP_1}) self.assert_execution_error('InvalidGroup.NotFound', 'DeleteSecurityGroup', {'GroupId': fakes.ID_EC2_SECURITY_GROUP_2}) self.assertEqual(0, self.neutron.delete_port.call_count) self.assert_execution_error('InvalidGroup.NotFound', 'DeleteSecurityGroup', {'GroupName': 'badname'}) self.assertEqual(0, self.neutron.delete_port.call_count) self.assert_execution_error('MissingParameter', 'DeleteSecurityGroup', {}) self.assertEqual(0, self.neutron.delete_port.call_count)
def test_authorize_security_group_egress_groups(self): security_group.security_group_engine = ( security_group.SecurityGroupEngineNeutron()) self.set_mock_db_items(fakes.DB_SECURITY_GROUP_1, fakes.DB_SECURITY_GROUP_2) self.neutron.create_security_group_rule.return_value = ({ 'security_group_rule': [fakes.OS_SECURITY_GROUP_RULE_1] }) self.execute( 'AuthorizeSecurityGroupEgress', { 'GroupId': fakes.ID_EC2_SECURITY_GROUP_2, 'IpPermissions.1.FromPort': '10', 'IpPermissions.1.IpProtocol': '100', 'IpPermissions.1.Groups.1.GroupId': fakes.ID_EC2_SECURITY_GROUP_1 }) self.neutron.create_security_group_rule.assert_called_once_with({ 'security_group_rule': tools.purge_dict( fakes.OS_SECURITY_GROUP_RULE_2, {'id', 'remote_ip_prefix', 'tenant_id', 'port_range_max'}) })
def test_authorize_security_group_ingress_ip_ranges(self): security_group.security_group_engine = ( security_group.SecurityGroupEngineNeutron()) self.set_mock_db_items(fakes.DB_SECURITY_GROUP_1, fakes.DB_SECURITY_GROUP_2) self.neutron.create_security_group_rule.return_value = ({ 'security_group_rule': [fakes.OS_SECURITY_GROUP_RULE_1] }) self.execute( 'AuthorizeSecurityGroupIngress', { 'GroupId': fakes.ID_EC2_SECURITY_GROUP_2, 'IpPermissions.1.FromPort': '10', 'IpPermissions.1.ToPort': '10', 'IpPermissions.1.IpProtocol': 'tcp', 'IpPermissions.1.IpRanges.1.CidrIp': '192.168.1.0/24' }) self.neutron.create_security_group_rule.assert_called_once_with({ 'security_group_rule': tools.purge_dict(fakes.OS_SECURITY_GROUP_RULE_1, {'id', 'remote_group_id', 'tenant_id'}) }) # NOTE(Alex): Openstack extension, AWS-incompability # IPv6 is not supported by Amazon. self.execute( 'AuthorizeSecurityGroupIngress', { 'GroupId': fakes.ID_EC2_SECURITY_GROUP_2, 'IpPermissions.1.FromPort': '10', 'IpPermissions.1.ToPort': '10', 'IpPermissions.1.IpProtocol': 'tcp', 'IpPermissions.1.IpRanges.1.CidrIp': '::/0' }) self.neutron.create_security_group_rule.assert_called_with({ 'security_group_rule': tools.patch_dict(fakes.OS_SECURITY_GROUP_RULE_1, {'remote_ip_prefix': '::/0'}, {'id', 'remote_group_id', 'tenant_id'}) })
def test_authorize_security_group_ingress_ip_ranges(self): security_group.security_group_engine = ( security_group.SecurityGroupEngineNeutron()) self.set_mock_db_items(fakes.DB_SECURITY_GROUP_1, fakes.DB_SECURITY_GROUP_2) self.neutron.create_security_group_rule.return_value = ({ 'security_group_rule': [fakes.OS_SECURITY_GROUP_RULE_1] }) self.execute( 'AuthorizeSecurityGroupIngress', { 'GroupId': fakes.ID_EC2_SECURITY_GROUP_2, 'IpPermissions.1.FromPort': '10', 'IpPermissions.1.ToPort': '10', 'IpPermissions.1.IpProtocol': 'tcp', 'IpPermissions.1.IpRanges.1.CidrIp': '192.168.1.0/24' }) self.neutron.create_security_group_rule.assert_called_once_with({ 'security_group_rule': tools.purge_dict(fakes.OS_SECURITY_GROUP_RULE_1, {'id', 'remote_group_id', 'tenant_id'}) }) # NOTE(Alex): Openstack extension, AWS-incompability # IPv6 is not supported by Amazon. self.execute( 'AuthorizeSecurityGroupIngress', { 'GroupId': fakes.ID_EC2_SECURITY_GROUP_2, 'IpPermissions.1.FromPort': '10', 'IpPermissions.1.ToPort': '10', 'IpPermissions.1.IpProtocol': 'tcp', 'IpPermissions.1.IpRanges.1.CidrIp': '::/0' }) self.neutron.create_security_group_rule.assert_called_with({ 'security_group_rule': tools.patch_dict(fakes.OS_SECURITY_GROUP_RULE_1, {'remote_ip_prefix': '::/0'}, {'id', 'remote_group_id', 'tenant_id'}) }) self.configure(disable_ec2_classic=True) self.add_mock_db_items(fakes.DB_VPC_DEFAULT, fakes.DB_SECURITY_GROUP_4, fakes.DB_SECURITY_GROUP_5, fakes.DB_SECURITY_GROUP_6) self.neutron.list_security_groups.return_value = ({ 'security_groups': [fakes.OS_SECURITY_GROUP_4, fakes.OS_SECURITY_GROUP_5] }) self.execute( 'AuthorizeSecurityGroupIngress', { 'GroupName': 'groupname2', 'IpPermissions.1.FromPort': '10', 'IpPermissions.1.ToPort': '10', 'IpPermissions.1.IpProtocol': 'tcp', 'IpPermissions.1.IpRanges.1.CidrIp': '::/0' }) security_group_rule = { 'direction': 'ingress', 'ethertype': 'IPv4', 'port_range_min': 10, 'port_range_max': 10, 'protocol': 'tcp', 'remote_ip_prefix': '::/0', 'security_group_id': fakes.ID_OS_SECURITY_GROUP_5 } self.neutron.create_security_group_rule.assert_called_with( {'security_group_rule': security_group_rule})
def test_authorize_security_group_invalid(self): security_group.security_group_engine = ( security_group.SecurityGroupEngineNeutron()) def check_response(error_code, protocol, from_port, to_port, cidr, group_id=fakes.ID_EC2_SECURITY_GROUP_2): params = { 'IpPermissions.1.FromPort': str(from_port), 'IpPermissions.1.ToPort': str(to_port), 'IpPermissions.1.IpProtocol': protocol } if group_id is not None: params['GroupId'] = group_id if cidr is not None: params['IpPermissions.1.IpRanges.1.CidrIp'] = cidr self.assert_execution_error(error_code, 'AuthorizeSecurityGroupIngress', params) self.neutron.reset_mock() self.db_api.reset_mock() self.execute( 'AuthorizeSecurityGroupIngress', { 'GroupId': fakes.ID_EC2_SECURITY_GROUP_2, 'IpPermissions.1.FromPort': '-1', 'IpPermissions.1.ToPort': '-1', 'IpPermissions.1.IpProtocol': 'icmp', 'IpPermissions.1.IpRanges.1.CidrIp': '0.0.0.0/0' }) # Duplicate rule self.set_mock_db_items(fakes.DB_SECURITY_GROUP_1, fakes.DB_SECURITY_GROUP_2) self.neutron.create_security_group_rule.side_effect = ( neutron_exception.Conflict) check_response('InvalidPermission.Duplicate', 'icmp', -1, -1, '0.0.0.0/0') # Over quota self.neutron.create_security_group_rule.side_effect = ( neutron_exception.OverQuotaClient) check_response('RulesPerSecurityGroupLimitExceeded', 'icmp', -1, -1, '0.0.0.0/0') # Invalid CIDR address check_response('InvalidParameterValue', 'tcp', 80, 81, '0.0.0.0/0444') # Missing ports check_response('InvalidParameterValue', 'tcp', -1, -1, '0.0.0.0/0') # from port cannot be greater than to port check_response('InvalidParameterValue', 'tcp', 100, 1, '0.0.0.0/0') # For tcp, negative values are not allowed check_response('InvalidParameterValue', 'tcp', -1, 1, '0.0.0.0/0') # For tcp, valid port range 1-65535 check_response('InvalidParameterValue', 'tcp', 1, 65599, '0.0.0.0/0') # Invalid protocol check_response('InvalidParameterValue', 'xyz', 1, 14, '0.0.0.0/0') # Invalid port check_response('InvalidParameterValue', 'tcp', " ", "gg", '0.0.0.0/0') # Invalid icmp port check_response('InvalidParameterValue', 'icmp', " ", "gg", '0.0.0.0/0') # Invalid CIDR Address check_response('InvalidParameterValue', 'icmp', -1, -1, '0.0.0.0') # Invalid CIDR Address check_response('InvalidParameterValue', 'icmp', 5, 10, '0.0.0.0/') # Invalid Cidr ports check_response('InvalidParameterValue', 'icmp', 1, 256, '0.0.0.0/0') # Missing group check_response('MissingParameter', 'tcp', 1, 255, '0.0.0.0/0', None) # Missing cidr check_response('MissingParameter', 'tcp', 1, 255, None) # Invalid remote group self.assert_execution_error( 'InvalidGroup.NotFound', 'AuthorizeSecurityGroupIngress', { 'GroupId': fakes.ID_EC2_SECURITY_GROUP_2, 'IpPermissions.1.IpProtocol': 'icmp', 'IpPermissions.1.Groups.1.GroupName': 'somegroup', 'IpPermissions.1.Groups.1.UserId': 'i-99999999' })
def test_create_security_group(self): security_group.security_group_engine = ( security_group.SecurityGroupEngineNeutron()) self.set_mock_db_items(fakes.DB_VPC_1, fakes.DB_SECURITY_GROUP_1) self.neutron.list_security_groups.return_value = ({ 'security_groups': [copy.deepcopy(fakes.OS_SECURITY_GROUP_1)] }) self.db_api.add_item.return_value = fakes.DB_SECURITY_GROUP_2 self.nova.security_groups.create.return_value = ( fakes.NovaSecurityGroup(fakes.OS_SECURITY_GROUP_2)) resp = self.execute('CreateSecurityGroup', { 'GroupName': 'groupname', 'GroupDescription': 'Group description' }) self.nova.security_groups.create.assert_called_once_with( 'groupname', 'Group description') db_group = tools.purge_dict(fakes.DB_SECURITY_GROUP_2, ('id', )) db_group['vpc_id'] = None self.db_api.add_item.assert_called_once_with(mock.ANY, 'sg', db_group) self.nova.security_groups.reset_mock() self.db_api.add_item.reset_mock() self.neutron.list_security_groups.return_value = ({ 'security_groups': [copy.deepcopy(fakes.OS_SECURITY_GROUP_1)] }) resp = self.execute( 'CreateSecurityGroup', { 'VpcId': fakes.ID_EC2_VPC_1, 'GroupName': 'groupname', 'GroupDescription': 'Group description' }) self.assertEqual(fakes.ID_EC2_SECURITY_GROUP_2, resp['groupId']) self.db_api.add_item.assert_called_once_with( mock.ANY, 'sg', tools.purge_dict(fakes.DB_SECURITY_GROUP_2, ('id', ))) self.nova.security_groups.create.assert_called_once_with( 'groupname', 'Group description') self.nova.security_groups.reset_mock() self.db_api.add_item.reset_mock() self.configure(disable_ec2_classic=True) self.add_mock_db_items(fakes.DB_VPC_DEFAULT, fakes.DB_SECURITY_GROUP_DEFAULT) self.nova.security_groups.create.return_value = ( fakes.NovaSecurityGroup(fakes.OS_SECURITY_GROUP_5)) self.neutron.list_security_groups.return_value = ({ 'security_groups': [ copy.deepcopy(fakes.OS_SECURITY_GROUP_1), fakes.OS_SECURITY_GROUP_DEFAULT ] }) self.db_api.add_item.return_value = fakes.DB_SECURITY_GROUP_5 resp = self.execute('CreateSecurityGroup', { 'GroupName': 'groupname2', 'GroupDescription': 'Group description' }) self.assertEqual(fakes.ID_EC2_SECURITY_GROUP_5, resp['groupId']) self.db_api.add_item.assert_called_once_with( mock.ANY, 'sg', tools.purge_dict(fakes.DB_SECURITY_GROUP_5, ('id', ))) self.nova.security_groups.create.assert_called_once_with( 'groupname2', 'Group description')
def _reset_engine(self): security_group.security_group_engine = ( security_group.SecurityGroupEngineNeutron())
def test_create_security_group_invalid(self): security_group.security_group_engine = ( security_group.SecurityGroupEngineNeutron()) def do_check(args, error_code): self.neutron.reset_mock() self.db_api.reset_mock() self.assert_execution_error(error_code, 'CreateSecurityGroup', args) self.set_mock_db_items() do_check( { 'VpcId': fakes.ID_EC2_VPC_1, 'GroupName': 'groupname', 'GroupDescription': 'Group description' }, 'InvalidVpcID.NotFound') self.db_api.get_item_by_id.assert_called_once_with( mock.ANY, fakes.ID_EC2_VPC_1) do_check( { 'VpcId': fakes.ID_EC2_VPC_1, 'GroupName': 'aa #^% -=99', 'GroupDescription': 'Group description' }, 'ValidationError') do_check( { 'VpcId': fakes.ID_EC2_VPC_1, 'GroupName': 'groupname', 'GroupDescription': 'aa #^% -=99' }, 'ValidationError') do_check( { 'GroupName': 'aa \t\x01\x02\x7f', 'GroupDescription': 'Group description' }, 'ValidationError') do_check( { 'GroupName': 'groupname', 'GroupDescription': 'aa \t\x01\x02\x7f' }, 'ValidationError') do_check( { 'GroupName': 'x' * 256, 'GroupDescription': 'Group description' }, 'ValidationError') do_check({ 'GroupName': 'groupname', 'GroupDescription': 'x' * 256 }, 'ValidationError') do_check({'GroupName': 'groupname'}, 'MissingParameter') do_check({'GroupDescription': 'description'}, 'MissingParameter') self.set_mock_db_items(fakes.DB_SECURITY_GROUP_2, fakes.DB_VPC_1) self.neutron.list_security_groups.return_value = ({ 'security_groups': [fakes.OS_SECURITY_GROUP_2] }) do_check( { 'VpcId': fakes.ID_EC2_VPC_1, 'GroupName': fakes.OS_SECURITY_GROUP_2['name'], 'GroupDescription': 'description' }, 'InvalidGroup.Duplicate')