def test_purge_dict(self):
d1 = {'a': 1, 'b': 2, 'c': 3}
res = tools.purge_dict(d1, ())
self.assertEqual({'a': 1, 'b': 2, 'c': 3}, res)
res = tools.purge_dict(d1, ('b', 'c'))
self.assertEqual({'a': 1}, res)
self.assertEqual({'a': 1, 'b': 2, 'c': 3}, d1)
def check_response(response):
self.assertIn('vpc', response)
vpc = resp['vpc']
self.assertThat(fakes.EC2_VPC_1, matchers.DictMatches(vpc))
self.neutron.create_router.assert_called_with({'router': {}})
self.neutron.update_router.assert_called_once_with(
fakes.ID_OS_ROUTER_1,
{'router': {'name': fakes.EC2_VPC_1['vpcId']}})
self.db_api.add_item.assert_any_call(
mock.ANY, 'vpc',
tools.purge_dict(fakes.DB_VPC_1,
('id', 'vpc_id', 'route_table_id')),
project_id=None)
self.db_api.add_item.assert_any_call(
mock.ANY, 'rtb',
tools.purge_dict(fakes.DB_ROUTE_TABLE_1,
('id',)),
project_id=None)
self.db_api.update_item.assert_called_once_with(
mock.ANY,
fakes.DB_VPC_1)
self.neutron.reset_mock()
self.db_api.reset_mock()
self.db_api.update_item.reset_mock()
def check_response(resp):
self.assertThat(fakes.EC2_SUBNET_1,
matchers.DictMatches(resp['subnet']))
self.db_api.add_item.assert_called_once_with(
mock.ANY, 'subnet', tools.purge_dict(subnet_1, ('id', )))
self.neutron.create_network.assert_called_once_with(
{'network': {
'name': 'subnet-0'
}})
self.neutron.update_network.assert_called_once_with(
fakes.ID_OS_NETWORK_1,
{'network': {
'name': fakes.ID_EC2_SUBNET_1
}})
self.neutron.create_subnet.assert_called_once_with({
'subnet':
tools.purge_dict(fakes.OS_SUBNET_1,
('id', 'name', 'gateway_ip'))
})
self.neutron.update_subnet.assert_called_once_with(
fakes.ID_OS_SUBNET_1, {
'subnet': {
'name': fakes.ID_EC2_SUBNET_1,
'gateway_ip': None
}
})
self.neutron.add_interface_router.assert_called_once_with(
fakes.ID_OS_ROUTER_1, {'subnet_id': fakes.ID_OS_SUBNET_1})
self.vpn_gateway_api._start_vpn_in_subnet.assert_called_once_with(
mock.ANY, self.neutron, mock.ANY, subnet_1, fakes.DB_VPC_1,
fakes.DB_ROUTE_TABLE_1)
self.assertIsInstance(
self.vpn_gateway_api._start_vpn_in_subnet.call_args[0][2],
common.OnCrashCleaner)
def test_dissassociate_address_vpc(self):
self.set_mock_db_items(fakes.DB_ADDRESS_2)
self.neutron.show_floatingip.return_value = (
{'floatingip': fakes.OS_FLOATING_IP_2})
resp = self.execute('DisassociateAddress',
{'AssociationId': fakes.ID_EC2_ASSOCIATION_2})
self.assertEqual(True, resp['return'])
self.neutron.update_floatingip.assert_called_once_with(
fakes.ID_OS_FLOATING_IP_2,
{'floatingip': {'port_id': None}})
self.db_api.update_item.assert_called_once_with(
mock.ANY,
tools.purge_dict(fakes.DB_ADDRESS_2, ['network_interface_id',
'private_ip_address']))
self.neutron.update_floatingip.reset_mock()
self.db_api.update_item.reset_mock()
self.configure(disable_ec2_classic=True)
resp = self.execute('DisassociateAddress',
{'PublicIp': fakes.IP_ADDRESS_2})
self.assertEqual(True, resp['return'])
self.neutron.update_floatingip.assert_called_once_with(
fakes.ID_OS_FLOATING_IP_2,
{'floatingip': {'port_id': None}})
self.db_api.update_item.assert_called_once_with(
mock.ANY,
tools.purge_dict(fakes.DB_ADDRESS_2, ['network_interface_id',
'private_ip_address']))
def check_response(resp):
self.assertThat(fakes.EC2_SUBNET_1, matchers.DictMatches(
resp['subnet']))
self.db_api.add_item.assert_called_once_with(
mock.ANY, 'subnet',
tools.purge_dict(subnet_1, ('id',)))
self.neutron.create_network.assert_called_once_with(
{'network': {}})
self.neutron.update_network.assert_called_once_with(
fakes.ID_OS_NETWORK_1,
{'network': {'name': fakes.ID_EC2_SUBNET_1}})
self.neutron.create_subnet.assert_called_once_with(
{'subnet': tools.purge_dict(fakes.OS_SUBNET_1,
('id', 'name', 'gateway_ip'))})
self.neutron.update_subnet.assert_called_once_with(
fakes.ID_OS_SUBNET_1,
{'subnet': {'name': fakes.ID_EC2_SUBNET_1,
'gateway_ip': None}})
self.neutron.add_interface_router.assert_called_once_with(
fakes.ID_OS_ROUTER_1,
{'subnet_id': fakes.ID_OS_SUBNET_1})
self.vpn_gateway_api._start_vpn_in_subnet.assert_called_once_with(
mock.ANY, self.neutron, mock.ANY, subnet_1,
fakes.DB_VPC_1, fakes.DB_ROUTE_TABLE_1)
self.assertIsInstance(
self.vpn_gateway_api._start_vpn_in_subnet.call_args[0][2],
common.OnCrashCleaner)
def check_response(resp):
self.assertThat(fakes.EC2_SUBNET_1,
matchers.DictMatches(resp['subnet']))
self.db_api.add_item.assert_called_once_with(mock.ANY,
'subnet',
tools.purge_dict(
fakes.DB_SUBNET_1,
('id', )),
project_id=None)
self.neutron.create_network.assert_called_once_with(
{'network': {}})
self.neutron.update_network.assert_called_once_with(
fakes.ID_OS_NETWORK_1,
{'network': {
'name': fakes.ID_EC2_SUBNET_1
}})
self.neutron.create_subnet.assert_called_once_with({
'subnet':
tools.purge_dict(fakes.OS_SUBNET_1, ('id', 'name'))
})
self.neutron.update_subnet.assert_called_once_with(
fakes.ID_OS_SUBNET_1,
{'subnet': {
'name': fakes.ID_EC2_SUBNET_1
}})
self.neutron.add_interface_router.assert_called_once_with(
fakes.ID_OS_ROUTER_1, {'subnet_id': fakes.ID_OS_SUBNET_1})
def test_allocate_vpc_address(self):
address.address_engine = (address.AddressEngineNeutron())
self.configure(external_network=fakes.NAME_OS_PUBLIC_NETWORK)
self.neutron.list_networks.return_value = ({
'networks': [{
'id': fakes.ID_OS_PUBLIC_NETWORK
}]
})
self.neutron.create_floatingip.return_value = ({
'floatingip':
fakes.OS_FLOATING_IP_1
})
self.db_api.add_item.return_value = fakes.DB_ADDRESS_1
resp = self.execute('AllocateAddress', {'Domain': 'vpc'})
self.assertEqual(fakes.IP_ADDRESS_1, resp['publicIp'])
self.assertEqual('vpc', resp['domain'])
self.assertEqual(fakes.ID_EC2_ADDRESS_1, resp['allocationId'])
self.db_api.add_item.assert_called_once_with(
mock.ANY, 'eipalloc',
tools.purge_dict(fakes.DB_ADDRESS_1, ('id', 'vpc_id')))
self.neutron.create_floatingip.assert_called_once_with({
'floatingip': {
'floating_network_id': fakes.ID_OS_PUBLIC_NETWORK
}
})
self.neutron.list_networks.assert_called_once_with(
**{
'router:external': True,
'name': fakes.NAME_OS_PUBLIC_NETWORK
})
self.db_api.reset_mock()
self.neutron.create_floatingip.reset_mock()
self.neutron.list_networks.reset_mock()
self.configure(disable_ec2_classic=True)
resp = self.execute('AllocateAddress', {})
self.assertEqual(fakes.IP_ADDRESS_1, resp['publicIp'])
self.assertEqual('vpc', resp['domain'])
self.assertEqual(fakes.ID_EC2_ADDRESS_1, resp['allocationId'])
self.db_api.add_item.assert_called_once_with(
mock.ANY, 'eipalloc',
tools.purge_dict(fakes.DB_ADDRESS_1, ('id', 'vpc_id')))
self.neutron.create_floatingip.assert_called_once_with({
'floatingip': {
'floating_network_id': fakes.ID_OS_PUBLIC_NETWORK
}
})
self.neutron.list_networks.assert_called_once_with(
**{
'router:external': True,
'name': fakes.NAME_OS_PUBLIC_NETWORK
})
def test_create_vpn_connection(self, random_choice, reset_vpn_connections,
describe_vpn_connections):
self.set_mock_db_items(
fakes.DB_VPN_GATEWAY_1, fakes.DB_VPN_GATEWAY_2,
fakes.DB_CUSTOMER_GATEWAY_1, fakes.DB_CUSTOMER_GATEWAY_2,
fakes.DB_VPC_1)
self.neutron.create_ikepolicy.side_effect = (
tools.get_neutron_create('ikepolicy', fakes.ID_OS_IKEPOLICY_1))
self.neutron.create_ipsecpolicy.side_effect = (
tools.get_neutron_create('ipsecpolicy', fakes.ID_OS_IPSECPOLICY_1))
self.db_api.add_item.side_effect = (
tools.get_db_api_add_item(fakes.ID_EC2_VPN_CONNECTION_1))
random_choice.side_effect = iter(fakes.PRE_SHARED_KEY_1)
describe_vpn_connections.return_value = {
'vpnConnectionSet': [fakes.EC2_VPN_CONNECTION_1]}
resp = self.execute(
'CreateVpnConnection',
{'VpnGatewayId': fakes.ID_EC2_VPN_GATEWAY_1,
'CustomerGatewayId': fakes.ID_EC2_CUSTOMER_GATEWAY_1,
'Type': 'ipsec.1',
'Options.StaticRoutesOnly': 'True'})
self.assertThat(
resp,
matchers.DictMatches(
{'vpnConnection': fakes.EC2_VPN_CONNECTION_1}))
self.neutron.create_ikepolicy.assert_called_once_with(
{'ikepolicy': tools.purge_dict(fakes.OS_IKEPOLICY_1, ('id',))})
self.neutron.create_ipsecpolicy.assert_called_once_with(
{'ipsecpolicy': tools.purge_dict(fakes.OS_IPSECPOLICY_1, ('id',))})
random_choice.assert_called_with(vpn_connection_api.SHARED_KEY_CHARS)
new_vpn_connection_1 = tools.update_dict(
fakes.DB_VPN_CONNECTION_1, {'cidrs': [],
'os_ipsec_site_connections': {}})
self.db_api.add_item.assert_called_once_with(
mock.ANY, 'vpn',
tools.purge_dict(new_vpn_connection_1, ('id', 'vpc_id', 'os_id')))
self.neutron.update_ikepolicy.assert_called_once_with(
fakes.ID_OS_IKEPOLICY_1,
{'ikepolicy': {'name': fakes.ID_EC2_VPN_CONNECTION_1}})
self.neutron.update_ipsecpolicy.assert_called_once_with(
fakes.ID_OS_IPSECPOLICY_1,
{'ipsecpolicy': {'name': fakes.ID_EC2_VPN_CONNECTION_1}})
reset_vpn_connections.assert_called_once_with(
mock.ANY, self.neutron, mock.ANY, fakes.DB_VPN_GATEWAY_1,
vpn_connections=[new_vpn_connection_1])
self.assertIsInstance(reset_vpn_connections.call_args[0][2],
common.OnCrashCleaner)
describe_vpn_connections.assert_called_once_with(
mock.ANY, vpn_connection_id=[fakes.ID_EC2_VPN_CONNECTION_1])
def test_create_vpn_connection(self, random_choice, reset_vpn_connections, describe_vpn_connections):
self.set_mock_db_items(
fakes.DB_VPN_GATEWAY_1,
fakes.DB_VPN_GATEWAY_2,
fakes.DB_CUSTOMER_GATEWAY_1,
fakes.DB_CUSTOMER_GATEWAY_2,
fakes.DB_VPC_1,
)
self.neutron.create_ikepolicy.side_effect = tools.get_neutron_create("ikepolicy", fakes.ID_OS_IKEPOLICY_1)
self.neutron.create_ipsecpolicy.side_effect = tools.get_neutron_create("ipsecpolicy", fakes.ID_OS_IPSECPOLICY_1)
self.db_api.add_item.side_effect = tools.get_db_api_add_item(fakes.ID_EC2_VPN_CONNECTION_1)
random_choice.side_effect = iter(fakes.PRE_SHARED_KEY_1)
describe_vpn_connections.return_value = {"vpnConnectionSet": [fakes.EC2_VPN_CONNECTION_1]}
resp = self.execute(
"CreateVpnConnection",
{
"VpnGatewayId": fakes.ID_EC2_VPN_GATEWAY_1,
"CustomerGatewayId": fakes.ID_EC2_CUSTOMER_GATEWAY_1,
"Type": "ipsec.1",
"Options.StaticRoutesOnly": "True",
},
)
self.assertThat(resp, matchers.DictMatches({"vpnConnection": fakes.EC2_VPN_CONNECTION_1}))
self.neutron.create_ikepolicy.assert_called_once_with(
{"ikepolicy": tools.purge_dict(fakes.OS_IKEPOLICY_1, ("id",))}
)
self.neutron.create_ipsecpolicy.assert_called_once_with(
{"ipsecpolicy": tools.purge_dict(fakes.OS_IPSECPOLICY_1, ("id",))}
)
random_choice.assert_called_with(vpn_connection_api.SHARED_KEY_CHARS)
new_vpn_connection_1 = tools.update_dict(
fakes.DB_VPN_CONNECTION_1, {"cidrs": [], "os_ipsec_site_connections": {}}
)
self.db_api.add_item.assert_called_once_with(
mock.ANY, "vpn", tools.purge_dict(new_vpn_connection_1, ("id", "vpc_id", "os_id"))
)
self.neutron.update_ikepolicy.assert_called_once_with(
fakes.ID_OS_IKEPOLICY_1, {"ikepolicy": {"name": fakes.ID_EC2_VPN_CONNECTION_1}}
)
self.neutron.update_ipsecpolicy.assert_called_once_with(
fakes.ID_OS_IPSECPOLICY_1, {"ipsecpolicy": {"name": fakes.ID_EC2_VPN_CONNECTION_1}}
)
reset_vpn_connections.assert_called_once_with(
mock.ANY, self.neutron, mock.ANY, fakes.DB_VPN_GATEWAY_1, vpn_connections=[new_vpn_connection_1]
)
self.assertIsInstance(reset_vpn_connections.call_args[0][2], common.OnCrashCleaner)
describe_vpn_connections.assert_called_once_with(mock.ANY, vpn_connection_id=[fakes.ID_EC2_VPN_CONNECTION_1])
def test_create_subnet_vpnservice(self):
self.neutron.create_vpnservice.side_effect = tools.get_neutron_create(
'vpnservice', fakes.ID_OS_VPNSERVICE_1)
context = base.create_context()
cleaner = common.OnCrashCleaner()
vpn_gateway_api._create_subnet_vpnservice(
context, self.neutron, cleaner,
copy.deepcopy(self.DB_SUBNET_1_NO_VPN), fakes.DB_VPC_1)
self.neutron.create_vpnservice.assert_called_once_with(
{'vpnservice': tools.purge_dict(fakes.OS_VPNSERVICE_1,
('id',))})
self.db_api.update_item.assert_called_once_with(
mock.ANY, fakes.DB_SUBNET_1)
try:
with common.OnCrashCleaner() as cleaner:
vpn_gateway_api._create_subnet_vpnservice(
context, self.neutron, cleaner,
copy.deepcopy(self.DB_SUBNET_1_NO_VPN), fakes.DB_VPC_1)
raise Exception('fake-exception')
except Exception as ex:
if str(ex) != 'fake-exception':
raise
self.db_api.update_item.assert_called_with(
mock.ANY, self.DB_SUBNET_1_NO_VPN)
self.neutron.delete_vpnservice.assert_called_once_with(
fakes.ID_OS_VPNSERVICE_1)
def test_create_security_group(self):
security_group.security_group_engine = (
security_group.SecurityGroupEngineNeutron())
self.set_mock_db_items(fakes.DB_VPC_1,
fakes.DB_SECURITY_GROUP_1)
self.neutron.list_security_groups.return_value = (
{'security_groups': [copy.deepcopy(fakes.OS_SECURITY_GROUP_1)]})
self.db_api.add_item.return_value = fakes.DB_SECURITY_GROUP_2
self.nova.security_groups.create.return_value = (
fakes.NovaSecurityGroup(fakes.OS_SECURITY_GROUP_2))
resp = self.execute(
'CreateSecurityGroup',
{'GroupName': 'groupname',
'GroupDescription': 'Group description'})
self.nova.security_groups.create.assert_called_once_with(
'groupname', 'Group description')
self.nova.security_groups.reset_mock()
resp = self.execute(
'CreateSecurityGroup',
{'VpcId': fakes.ID_EC2_VPC_1,
'GroupName': 'groupname',
'GroupDescription': 'Group description'})
self.assertEqual(fakes.ID_EC2_SECURITY_GROUP_2, resp['groupId'])
self.db_api.add_item.assert_called_once_with(
mock.ANY, 'sg',
tools.purge_dict(fakes.DB_SECURITY_GROUP_2, ('id',)),
project_id=None)
self.nova.security_groups.create.assert_called_once_with(
'groupname', 'Group description')
def _prepare_and_check(vpc=None, ec2_vpc=None, route_table=None):
self.neutron.create_router.side_effect = (tools.get_neutron_create(
'router', vpc['os_id']))
self.db_api.add_item.side_effect = (tools.get_db_api_add_item(
{'vpc': vpc['id']}))
self.db_api.set_mock_items(vpc)
create_route_table.return_value = route_table
resp = vpc_api._create_vpc(self.context, vpc['cidr_block'],
vpc['is_default'])
# Check creation of vpc
self.neutron.create_router.assert_called_with({'router': {}})
self.neutron.update_router.assert_called_once_with(
vpc['os_id'], {'router': {
'name': ec2_vpc['vpcId']
}})
self.db_api.add_item.assert_called_once_with(
mock.ANY, 'vpc',
tools.purge_dict(vpc, ('id', 'vpc_id', 'route_table_id')))
self.db_api.update_item.assert_called_once_with(mock.ANY, vpc)
create_route_table.assert_called_once_with(mock.ANY, vpc)
create_default_security_group.assert_called_once_with(
mock.ANY, vpc)
def test_delete_network_interface_with_public_ip(self):
detached_network_interface_2 = fakes.gen_db_network_interface(
fakes.ID_EC2_NETWORK_INTERFACE_2,
fakes.ID_OS_PORT_2,
fakes.ID_EC2_VPC_1,
fakes.ID_EC2_SUBNET_2,
fakes.IP_NETWORK_INTERFACE_2)
self.set_mock_db_items(detached_network_interface_2,
fakes.DB_ADDRESS_1, fakes.DB_ADDRESS_2)
resp = self.execute(
'DeleteNetworkInterface',
{'NetworkInterfaceId': fakes.ID_EC2_NETWORK_INTERFACE_2})
self.assertEqual(True, resp['return'])
self.db_api.get_item_by_id.assert_any_call(
mock.ANY,
fakes.ID_EC2_NETWORK_INTERFACE_2)
self.db_api.delete_item.assert_called_once_with(
mock.ANY,
fakes.ID_EC2_NETWORK_INTERFACE_2)
self.neutron.delete_port.assert_called_once_with(
fakes.ID_OS_PORT_2)
self.db_api.update_item.assert_called_once_with(
mock.ANY,
tools.purge_dict(fakes.DB_ADDRESS_2,
['network_interface_id',
'private_ip_address']))
def test_authorize_security_group_ingress_ip_ranges(self):
security_group.security_group_engine = (
security_group.SecurityGroupEngineNeutron())
self.set_mock_db_items(fakes.DB_SECURITY_GROUP_1,
fakes.DB_SECURITY_GROUP_2)
self.neutron.create_security_group_rule.return_value = (
{'security_group_rule': [fakes.OS_SECURITY_GROUP_RULE_1]})
self.execute(
'AuthorizeSecurityGroupIngress',
{'GroupId': fakes.ID_EC2_SECURITY_GROUP_2,
'IpPermissions.1.FromPort': '10',
'IpPermissions.1.ToPort': '10',
'IpPermissions.1.IpProtocol': 'tcp',
'IpPermissions.1.IpRanges.1.CidrIp': '192.168.1.0/24'})
self.neutron.create_security_group_rule.assert_called_once_with(
{'security_group_rule':
tools.purge_dict(fakes.OS_SECURITY_GROUP_RULE_1,
{'id', 'remote_group_id', 'tenant_id'})})
# NOTE(Alex): Openstack extension, AWS-incompability
# IPv6 is not supported by Amazon.
self.execute(
'AuthorizeSecurityGroupIngress',
{'GroupId': fakes.ID_EC2_SECURITY_GROUP_2,
'IpPermissions.1.FromPort': '10',
'IpPermissions.1.ToPort': '10',
'IpPermissions.1.IpProtocol': 'tcp',
'IpPermissions.1.IpRanges.1.CidrIp': '::/0'})
self.neutron.create_security_group_rule.assert_called_with(
{'security_group_rule':
tools.patch_dict(
fakes.OS_SECURITY_GROUP_RULE_1, {'remote_ip_prefix': '::/0'},
{'id', 'remote_group_id', 'tenant_id'})})
def check_response(resp, auto_ips=False):
self.assertThat(fakes.EC2_NETWORK_INTERFACE_1,
matchers.DictMatches(resp['networkInterface']))
self.db_api.add_item.assert_called_once_with(
mock.ANY, 'eni',
tools.purge_dict(fakes.DB_NETWORK_INTERFACE_1, ('id',)))
if auto_ips:
self.neutron.create_port.assert_called_once_with(
{'port':
{'network_id': fakes.ID_OS_NETWORK_1,
'fixed_ips':
[{'subnet_id': fakes.ID_OS_SUBNET_1}],
'security_groups': [fakes.ID_OS_SECURITY_GROUP_1]}})
else:
self.neutron.create_port.assert_called_once_with(
{'port':
{'network_id': fakes.ID_OS_NETWORK_1,
'fixed_ips':
[{'ip_address': fakes.IP_NETWORK_INTERFACE_1}],
'security_groups': [fakes.ID_OS_SECURITY_GROUP_1]}})
self.neutron.update_port.assert_called_once_with(
fakes.ID_OS_PORT_1,
{'port': {'name':
fakes.ID_EC2_NETWORK_INTERFACE_1}})
self.neutron.reset_mock()
self.db_api.reset_mock()
self.neutron.list_security_groups.return_value = (
{'security_groups': [
copy.deepcopy(fakes.OS_SECURITY_GROUP_1)]})
def test_allocate_vpc_address(self):
address.address_engine = (
address.AddressEngineNeutron())
self.configure(external_network=fakes.NAME_OS_PUBLIC_NETWORK)
self.neutron.list_networks.return_value = (
{'networks': [{'id': fakes.ID_OS_PUBLIC_NETWORK}]})
self.neutron.create_floatingip.return_value = (
{'floatingip': fakes.OS_FLOATING_IP_1})
self.db_api.add_item.return_value = fakes.DB_ADDRESS_1
resp = self.execute('AllocateAddress', {'Domain': 'vpc'})
self.assertEqual(fakes.IP_ADDRESS_1, resp['publicIp'])
self.assertEqual('vpc', resp['domain'])
self.assertEqual(fakes.ID_EC2_ADDRESS_1,
resp['allocationId'])
self.db_api.add_item.assert_called_once_with(
mock.ANY, 'eipalloc',
tools.purge_dict(fakes.DB_ADDRESS_1,
('id', 'vpc_id')))
self.neutron.create_floatingip.assert_called_once_with(
{'floatingip': {
'floating_network_id':
fakes.ID_OS_PUBLIC_NETWORK}})
self.neutron.list_networks.assert_called_once_with(
**{'router:external': True,
'name': fakes.NAME_OS_PUBLIC_NETWORK})
def test_create_security_group(self):
security_group.security_group_engine = (
security_group.SecurityGroupEngineNeutron())
self.set_mock_db_items(fakes.DB_VPC_1, fakes.DB_SECURITY_GROUP_1)
self.neutron.list_security_groups.return_value = ({
'security_groups': [copy.deepcopy(fakes.OS_SECURITY_GROUP_1)]
})
self.db_api.add_item.return_value = fakes.DB_SECURITY_GROUP_2
self.nova.security_groups.create.return_value = (
fakes.NovaSecurityGroup(fakes.OS_SECURITY_GROUP_2))
resp = self.execute('CreateSecurityGroup', {
'GroupName': 'groupname',
'GroupDescription': 'Group description'
})
self.nova.security_groups.create.assert_called_once_with(
'groupname', 'Group description')
self.nova.security_groups.reset_mock()
resp = self.execute(
'CreateSecurityGroup', {
'VpcId': fakes.ID_EC2_VPC_1,
'GroupName': 'groupname',
'GroupDescription': 'Group description'
})
self.assertEqual(fakes.ID_EC2_SECURITY_GROUP_2, resp['groupId'])
self.db_api.add_item.assert_called_once_with(
mock.ANY,
'sg',
tools.purge_dict(fakes.DB_SECURITY_GROUP_2, ('id', )),
project_id=None)
self.nova.security_groups.create.assert_called_once_with(
'groupname', 'Group description')
def test_create_subnet(self):
self.set_mock_db_items(fakes.DB_VPC_1, fakes.DB_ROUTE_TABLE_1)
self.db_api.add_item.side_effect = (tools.get_db_api_add_item(
fakes.ID_EC2_SUBNET_1))
self.neutron.create_network.side_effect = (tools.get_neutron_create(
'network', fakes.ID_OS_NETWORK_1, {'status': 'available'}))
self.neutron.create_subnet.side_effect = (tools.get_neutron_create(
'subnet', fakes.ID_OS_SUBNET_1))
subnet_1 = tools.purge_dict(fakes.DB_SUBNET_1, ('os_vpnservice_id', ))
def check_response(resp):
self.assertThat(fakes.EC2_SUBNET_1,
matchers.DictMatches(resp['subnet']))
self.db_api.add_item.assert_called_once_with(
mock.ANY, 'subnet', tools.purge_dict(subnet_1, ('id', )))
self.neutron.create_network.assert_called_once_with(
{'network': {}})
self.neutron.update_network.assert_called_once_with(
fakes.ID_OS_NETWORK_1,
{'network': {
'name': fakes.ID_EC2_SUBNET_1
}})
self.neutron.create_subnet.assert_called_once_with({
'subnet':
tools.purge_dict(fakes.OS_SUBNET_1,
('id', 'name', 'gateway_ip'))
})
self.neutron.update_subnet.assert_called_once_with(
fakes.ID_OS_SUBNET_1, {
'subnet': {
'name': fakes.ID_EC2_SUBNET_1,
'gateway_ip': None
}
})
self.neutron.add_interface_router.assert_called_once_with(
fakes.ID_OS_ROUTER_1, {'subnet_id': fakes.ID_OS_SUBNET_1})
self.vpn_gateway_api._start_vpn_in_subnet.assert_called_once_with(
mock.ANY, self.neutron, mock.ANY, subnet_1, fakes.DB_VPC_1,
fakes.DB_ROUTE_TABLE_1)
self.assertIsInstance(
self.vpn_gateway_api._start_vpn_in_subnet.call_args[0][2],
common.OnCrashCleaner)
resp = self.execute('CreateSubnet', {
'VpcId': fakes.ID_EC2_VPC_1,
'CidrBlock': fakes.CIDR_SUBNET_1
})
check_response(resp)
self.neutron.reset_mock()
self.db_api.reset_mock()
self.vpn_gateway_api.reset_mock()
resp = self.execute(
'CreateSubnet', {
'VpcId': fakes.ID_EC2_VPC_1,
'CidrBlock': fakes.CIDR_SUBNET_1,
'AvailabilityZone': 'nova'
})
check_response(resp)
def test_create_volume_from_snapshot(self):
self.cinder.volumes.create.return_value = (fakes.OSVolume(
fakes.OS_VOLUME_3))
self.db_api.add_item.side_effect = (tools.get_db_api_add_item(
fakes.ID_EC2_VOLUME_3))
self.set_mock_db_items(fakes.DB_SNAPSHOT_1)
resp = self.execute(
'CreateVolume', {
'AvailabilityZone': fakes.NAME_AVAILABILITY_ZONE,
'SnapshotId': fakes.ID_EC2_SNAPSHOT_1
})
self.assertThat(fakes.EC2_VOLUME_3, matchers.DictMatches(resp))
self.db_api.add_item.assert_called_once_with(mock.ANY,
'vol',
tools.purge_dict(
fakes.DB_VOLUME_3,
('id', )),
project_id=None)
self.cinder.volumes.create.assert_called_once_with(
None,
snapshot_id=fakes.ID_OS_SNAPSHOT_1,
volume_type=None,
availability_zone=fakes.NAME_AVAILABILITY_ZONE)
def setUp(self):
super(VpnGatewayTestCase, self).setUp()
self.DB_VPN_GATEWAY_2_ATTACHED = tools.update_dict(
fakes.DB_VPN_GATEWAY_2, {'vpc_id': fakes.ID_EC2_VPC_2})
self.DB_VPN_GATEWAY_1_DETACHED = tools.update_dict(
fakes.DB_VPN_GATEWAY_1, {'vpc_id': None})
self.DB_SUBNET_1_NO_VPN = tools.purge_dict(
fakes.DB_SUBNET_1, ('os_vpnservice_id',))
def test_authorize_security_group_ingress_ip_ranges(self):
self.set_mock_db_items(fakes.DB_SECURITY_GROUP_1,
fakes.DB_SECURITY_GROUP_2)
self.neutron.create_security_group_rule.return_value = (
{'security_group_rule': [fakes.OS_SECURITY_GROUP_RULE_1]})
self.execute(
'AuthorizeSecurityGroupIngress',
{'GroupId': fakes.ID_EC2_SECURITY_GROUP_2,
'IpPermissions.1.FromPort': '10',
'IpPermissions.1.ToPort': '10',
'IpPermissions.1.IpProtocol': 'tcp',
'IpPermissions.1.IpRanges.1.CidrIp': '192.168.1.0/24'})
self.neutron.create_security_group_rule.assert_called_once_with(
{'security_group_rule':
tools.purge_dict(fakes.OS_SECURITY_GROUP_RULE_1,
{'id', 'remote_group_id', 'tenant_id'})})
# NOTE(Alex): Openstack extension, AWS-incompability
# IPv6 is not supported by Amazon.
self.execute(
'AuthorizeSecurityGroupIngress',
{'GroupId': fakes.ID_EC2_SECURITY_GROUP_2,
'IpPermissions.1.FromPort': '10',
'IpPermissions.1.ToPort': '10',
'IpPermissions.1.IpProtocol': 'tcp',
'IpPermissions.1.IpRanges.1.CidrIp': '::/0'})
self.neutron.create_security_group_rule.assert_called_with(
{'security_group_rule':
tools.patch_dict(
fakes.OS_SECURITY_GROUP_RULE_1, {'remote_ip_prefix': '::/0'},
{'id', 'remote_group_id', 'tenant_id'})})
self.configure(disable_ec2_classic=True)
self.add_mock_db_items(fakes.DB_VPC_DEFAULT,
fakes.DB_SECURITY_GROUP_4,
fakes.DB_SECURITY_GROUP_5,
fakes.DB_SECURITY_GROUP_6)
self.neutron.list_security_groups.return_value = (
{'security_groups': [fakes.OS_SECURITY_GROUP_4,
fakes.OS_SECURITY_GROUP_5]})
self.execute(
'AuthorizeSecurityGroupIngress',
{'GroupName': 'groupname2',
'IpPermissions.1.FromPort': '10',
'IpPermissions.1.ToPort': '10',
'IpPermissions.1.IpProtocol': 'tcp',
'IpPermissions.1.IpRanges.1.CidrIp': '::/0'})
security_group_rule = {
'direction': 'ingress',
'ethertype': 'IPv4',
'port_range_min': 10,
'port_range_max': 10,
'protocol': 'tcp',
'remote_ip_prefix': '::/0',
'security_group_id': fakes.ID_OS_SECURITY_GROUP_5}
self.neutron.create_security_group_rule.assert_called_with(
{'security_group_rule': security_group_rule})
def test_replace_route_table_association_invalid_parameters(self):
def do_check(params, error_code):
self.assert_execution_error(error_code,
'ReplaceRouteTableAssociation', params)
self.set_mock_db_items()
do_check(
{
'AssociationId': fakes.ID_EC2_ROUTE_TABLE_ASSOCIATION_1,
'RouteTableId': fakes.ID_EC2_ROUTE_TABLE_1
}, 'InvalidRouteTableID.NotFound')
# NOTE(ft): association with vpc is obsolete
self.set_mock_db_items(fakes.DB_ROUTE_TABLE_1)
do_check(
{
'AssociationId': fakes.ID_EC2_ROUTE_TABLE_ASSOCIATION_1,
'RouteTableId': fakes.ID_EC2_ROUTE_TABLE_1
}, 'InvalidAssociationID.NotFound')
# NOTE(ft): association with subnet is obsolete (no subnet)
self.set_mock_db_items(fakes.DB_ROUTE_TABLE_3)
do_check(
{
'AssociationId': fakes.ID_EC2_ROUTE_TABLE_ASSOCIATION_3,
'RouteTableId': fakes.ID_EC2_ROUTE_TABLE_3
}, 'InvalidAssociationID.NotFound')
# NOTE(ft): association with subnet is obsolete (subnet is
# disassociated)
self.set_mock_db_items(
fakes.DB_ROUTE_TABLE_3,
tools.purge_dict(fakes.DB_SUBNET_2, ['route_table_id']))
do_check(
{
'AssociationId': fakes.ID_EC2_ROUTE_TABLE_ASSOCIATION_3,
'RouteTableId': fakes.ID_EC2_ROUTE_TABLE_3
}, 'InvalidAssociationID.NotFound')
# NOTE(ft): association belongs to different vpc
id_ec2_subnet_vpc_2 = fakes.random_ec2_id('subnet')
db_subnet_vpc_2 = {
'id': id_ec2_subnet_vpc_2,
'os_id': fakes.random_os_id(),
'vpc_id': fakes.ID_EC2_VPC_2,
'route_table_id': fakes.random_ec2_id('rtb')
}
self.set_mock_db_items(fakes.DB_ROUTE_TABLE_2, db_subnet_vpc_2)
do_check(
{
'AssociationId':
ec2utils.change_ec2_id_kind(id_ec2_subnet_vpc_2, 'rtbassoc'),
'RouteTableId':
fakes.ID_EC2_ROUTE_TABLE_2
}, 'InvalidParameterValue')
def check(ec2_fake, db_fake):
self.db_api.add_item.return_value = db_fake
resp = self.execute('CreateDhcpOptions',
gen_ec2_param_dhcp_options(ec2_fake))
self.assertThat(
ec2_fake,
matchers.DictMatches(resp['dhcpOptions'],
orderless_lists=True))
self.assert_any_call(self.db_api.add_item, mock.ANY, 'dopt',
tools.purge_dict(db_fake, ('id', )))
self.db_api.reset_mock()
def check(ec2_fake, db_fake):
self.db_api.add_item.return_value = db_fake
resp = self.execute(
'CreateDhcpOptions',
gen_ec2_param_dhcp_options(ec2_fake))
self.assertThat(ec2_fake, matchers.DictMatches(
resp['dhcpOptions'], orderless_lists=True))
self.assert_any_call(self.db_api.add_item,
mock.ANY, 'dopt',
tools.purge_dict(db_fake, ('id',)))
self.db_api.reset_mock()
def test_create_volume(self):
self.cinder.volumes.create.return_value = fakes.OSVolume(fakes.OS_VOLUME_1)
self.db_api.add_item.side_effect = tools.get_db_api_add_item(fakes.ID_EC2_VOLUME_1)
resp = self.execute("CreateVolume", {"AvailabilityZone": fakes.NAME_AVAILABILITY_ZONE})
self.assertThat(fakes.EC2_VOLUME_1, matchers.DictMatches(resp))
self.db_api.add_item.assert_called_once_with(mock.ANY, "vol", tools.purge_dict(fakes.DB_VOLUME_1, ("id",)))
self.cinder.volumes.create.assert_called_once_with(
None, snapshot_id=None, volume_type=None, availability_zone=fakes.NAME_AVAILABILITY_ZONE
)
def test_import_key_pair(self):
self.nova.keypairs.create.return_value = (
fakes.NovaKeyPair(fakes.OS_KEY_PAIR))
resp = self.execute('ImportKeyPair',
{'KeyName': fakes.NAME_KEY_PAIR,
'PublicKeyMaterial': base64.b64encode(
fakes.PUBLIC_KEY_KEY_PAIR)})
self.assertThat(
tools.purge_dict(fakes.EC2_KEY_PAIR, {'keyMaterial'}),
matchers.DictMatches(resp))
self.nova.keypairs.create.assert_called_once_with(
fakes.NAME_KEY_PAIR, fakes.PUBLIC_KEY_KEY_PAIR)
def check_response(resp):
self.assertThat(fakes.EC2_SUBNET_1, matchers.DictMatches(
resp['subnet']))
self.db_api.add_item.assert_called_once_with(
mock.ANY, 'subnet',
tools.purge_dict(fakes.DB_SUBNET_1, ('id',)),
project_id=None)
self.neutron.create_network.assert_called_once_with(
{'network': {}})
self.neutron.update_network.assert_called_once_with(
fakes.ID_OS_NETWORK_1,
{'network': {'name': fakes.ID_EC2_SUBNET_1}})
self.neutron.create_subnet.assert_called_once_with(
{'subnet': tools.purge_dict(fakes.OS_SUBNET_1,
('id', 'name'))})
self.neutron.update_subnet.assert_called_once_with(
fakes.ID_OS_SUBNET_1,
{'subnet': {'name': fakes.ID_EC2_SUBNET_1}})
self.neutron.add_interface_router.assert_called_once_with(
fakes.ID_OS_ROUTER_1,
{'subnet_id': fakes.ID_OS_SUBNET_1})
def test_import_key_pair(self):
self.nova.keypairs.create.return_value = (fakes.NovaKeyPair(
fakes.OS_KEY_PAIR))
resp = self.execute(
'ImportKeyPair', {
'KeyName': fakes.NAME_KEY_PAIR,
'PublicKeyMaterial': base64.b64encode(
fakes.PUBLIC_KEY_KEY_PAIR)
})
self.assertThat(tools.purge_dict(fakes.EC2_KEY_PAIR, {'keyMaterial'}),
matchers.DictMatches(resp))
self.nova.keypairs.create.assert_called_once_with(
fakes.NAME_KEY_PAIR, fakes.PUBLIC_KEY_KEY_PAIR)
def test_create_subnet(self):
self.set_mock_db_items(fakes.DB_VPC_1, fakes.DB_ROUTE_TABLE_1)
self.db_api.add_item.side_effect = (
tools.get_db_api_add_item(fakes.ID_EC2_SUBNET_1))
self.neutron.create_network.side_effect = (
tools.get_neutron_create('network', fakes.ID_OS_NETWORK_1,
{'status': 'available'}))
self.neutron.create_subnet.side_effect = (
tools.get_neutron_create('subnet', fakes.ID_OS_SUBNET_1))
subnet_1 = tools.purge_dict(fakes.DB_SUBNET_1, ('os_vpnservice_id',))
def check_response(resp):
self.assertThat(fakes.EC2_SUBNET_1, matchers.DictMatches(
resp['subnet']))
self.db_api.add_item.assert_called_once_with(
mock.ANY, 'subnet',
tools.purge_dict(subnet_1, ('id',)))
self.neutron.create_network.assert_called_once_with(
{'network': {}})
self.neutron.update_network.assert_called_once_with(
fakes.ID_OS_NETWORK_1,
{'network': {'name': fakes.ID_EC2_SUBNET_1}})
self.neutron.create_subnet.assert_called_once_with(
{'subnet': tools.purge_dict(fakes.OS_SUBNET_1,
('id', 'name', 'gateway_ip'))})
self.neutron.update_subnet.assert_called_once_with(
fakes.ID_OS_SUBNET_1,
{'subnet': {'name': fakes.ID_EC2_SUBNET_1,
'gateway_ip': None}})
self.neutron.add_interface_router.assert_called_once_with(
fakes.ID_OS_ROUTER_1,
{'subnet_id': fakes.ID_OS_SUBNET_1})
self.vpn_gateway_api._start_vpn_in_subnet.assert_called_once_with(
mock.ANY, self.neutron, mock.ANY, subnet_1,
fakes.DB_VPC_1, fakes.DB_ROUTE_TABLE_1)
self.assertIsInstance(
self.vpn_gateway_api._start_vpn_in_subnet.call_args[0][2],
common.OnCrashCleaner)
resp = self.execute('CreateSubnet', {'VpcId': fakes.ID_EC2_VPC_1,
'CidrBlock': fakes.CIDR_SUBNET_1})
check_response(resp)
self.neutron.reset_mock()
self.db_api.reset_mock()
self.vpn_gateway_api.reset_mock()
resp = self.execute('CreateSubnet', {'VpcId': fakes.ID_EC2_VPC_1,
'CidrBlock': fakes.CIDR_SUBNET_1,
'AvailabilityZone': 'nova'})
check_response(resp)
def check_response(response):
self.assertIn('vpc', response)
vpc = resp['vpc']
self.assertThat(fakes.EC2_VPC_1, matchers.DictMatches(vpc))
self.neutron.create_router.assert_called_with({'router': {}})
self.neutron.update_router.assert_called_once_with(
fakes.ID_OS_ROUTER_1,
{'router': {'name': fakes.EC2_VPC_1['vpcId']}})
self.db_api.add_item.assert_any_call(
mock.ANY, 'vpc',
tools.purge_dict(fakes.DB_VPC_1,
('id', 'vpc_id', 'route_table_id')))
self.db_api.add_item.assert_any_call(
mock.ANY, 'rtb',
tools.purge_dict(fakes.DB_ROUTE_TABLE_1,
('id',)))
self.db_api.update_item.assert_called_once_with(
mock.ANY,
fakes.DB_VPC_1)
self.neutron.reset_mock()
self.db_api.reset_mock()
self.db_api.update_item.reset_mock()
def test_describe_key_pairs(self):
self.nova.keypairs.list.return_value = [
fakes.NovaKeyPair(fakes.OS_KEY_PAIR)
]
resp = self.execute('DescribeKeyPairs', {})
self.assertThat(
resp['keySet'],
matchers.ListMatches(
[tools.purge_dict(fakes.EC2_KEY_PAIR, {'keyMaterial'})]))
self.nova.keypairs.list.assert_called_once_with()
self.check_filtering('DescribeKeyPairs', 'keySet',
[('fingerprint', fakes.FINGERPRINT_KEY_PAIR),
('key-name', fakes.NAME_KEY_PAIR)])
def test_describe_key_pairs(self):
self.nova.keypairs.list.return_value = [fakes.NovaKeyPair(
fakes.OS_KEY_PAIR)]
resp = self.execute('DescribeKeyPairs', {})
self.assertThat(resp['keySet'],
matchers.ListMatches([
tools.purge_dict(fakes.EC2_KEY_PAIR,
{'keyMaterial'})]))
self.nova.keypairs.list.assert_called_once_with()
self.check_filtering(
'DescribeKeyPairs', 'keySet',
[('fingerprint', fakes.FINGERPRINT_KEY_PAIR),
('key-name', fakes.NAME_KEY_PAIR)])
def test_dissassociate_address_vpc(self):
address.address_engine = (address.AddressEngineNeutron())
self.set_mock_db_items(fakes.DB_ADDRESS_2)
self.neutron.show_floatingip.return_value = ({
'floatingip':
fakes.OS_FLOATING_IP_2
})
resp = self.execute('DisassociateAddress',
{'AssociationId': fakes.ID_EC2_ASSOCIATION_2})
self.assertEqual(True, resp['return'])
self.neutron.update_floatingip.assert_called_once_with(
fakes.ID_OS_FLOATING_IP_2, {'floatingip': {
'port_id': None
}})
self.db_api.update_item.assert_called_once_with(
mock.ANY,
tools.purge_dict(fakes.DB_ADDRESS_2,
['network_interface_id', 'private_ip_address']))
self.neutron.update_floatingip.reset_mock()
self.db_api.update_item.reset_mock()
self.configure(disable_ec2_classic=True)
resp = self.execute('DisassociateAddress',
{'PublicIp': fakes.IP_ADDRESS_2})
self.assertEqual(True, resp['return'])
self.neutron.update_floatingip.assert_called_once_with(
fakes.ID_OS_FLOATING_IP_2, {'floatingip': {
'port_id': None
}})
self.db_api.update_item.assert_called_once_with(
mock.ANY,
tools.purge_dict(fakes.DB_ADDRESS_2,
['network_interface_id', 'private_ip_address']))
def test_disassociate_route_table(self, routes_updater):
self.set_mock_db_items(fakes.DB_ROUTE_TABLE_1, fakes.DB_ROUTE_TABLE_3,
fakes.DB_SUBNET_2, fakes.DB_VPC_1)
resp = self.execute(
'DisassociateRouteTable',
{'AssociationId': fakes.ID_EC2_ROUTE_TABLE_ASSOCIATION_3})
self.assertEqual(True, resp['return'])
subnet = tools.purge_dict(fakes.DB_SUBNET_2, ('route_table_id', ))
self.db_api.update_item.assert_called_once_with(mock.ANY, subnet)
routes_updater.assert_called_once_with(
mock.ANY,
subnet,
fakes.DB_ROUTE_TABLE_1,
cleaner=mock.ANY,
rollback_route_table_object=fakes.DB_ROUTE_TABLE_3)
def test_create_snapshot_from_volume(self):
self.cinder.volume_snapshots.create.return_value = fakes.OSSnapshot(fakes.OS_SNAPSHOT_1)
self.db_api.add_item.side_effect = tools.get_db_api_add_item(fakes.ID_EC2_SNAPSHOT_1)
self.set_mock_db_items(fakes.DB_VOLUME_2)
self.cinder.volumes.get.side_effect = lambda vol_id: (
fakes.OSVolume(fakes.OS_VOLUME_2) if vol_id == fakes.ID_OS_VOLUME_2 else None
)
resp = self.execute("CreateSnapshot", {"VolumeId": fakes.ID_EC2_VOLUME_2})
self.assertThat(fakes.EC2_SNAPSHOT_1, matchers.DictMatches(resp))
self.db_api.add_item.assert_called_once_with(mock.ANY, "snap", tools.purge_dict(fakes.DB_SNAPSHOT_1, ("id",)))
self.cinder.volume_snapshots.create.assert_called_once_with(
fakes.ID_OS_VOLUME_2, force=True, display_description=None
)
def test_authorize_security_group_egress_groups(self):
self.set_mock_db_items(fakes.DB_SECURITY_GROUP_1,
fakes.DB_SECURITY_GROUP_2)
self.neutron.create_security_group_rule.return_value = (
{'security_group_rule': [fakes.OS_SECURITY_GROUP_RULE_1]})
self.execute(
'AuthorizeSecurityGroupEgress',
{'GroupId': fakes.ID_EC2_SECURITY_GROUP_2,
'IpPermissions.1.FromPort': '10',
'IpPermissions.1.IpProtocol': '100',
'IpPermissions.1.Groups.1.GroupId':
fakes.ID_EC2_SECURITY_GROUP_1})
self.neutron.create_security_group_rule.assert_called_once_with(
{'security_group_rule':
tools.purge_dict(fakes.OS_SECURITY_GROUP_RULE_2,
{'id', 'remote_ip_prefix', 'tenant_id',
'port_range_max'})})
def test_disassociate_route_table_invalid_parameter(self):
def do_check(params, error_code):
self.assert_execution_error(error_code, 'DisassociateRouteTable',
params)
self.set_mock_db_items()
do_check({'AssociationId': fakes.ID_EC2_ROUTE_TABLE_ASSOCIATION_1},
'InvalidAssociationID.NotFound')
self.set_mock_db_items(
tools.purge_dict(fakes.DB_SUBNET_1, ['route_table_id']))
do_check({'AssociationId': fakes.ID_EC2_ROUTE_TABLE_ASSOCIATION_2},
'InvalidAssociationID.NotFound')
self.set_mock_db_items(fakes.DB_VPC_1)
do_check({'AssociationId': fakes.ID_EC2_ROUTE_TABLE_ASSOCIATION_1},
'InvalidParameterValue')
def test_create_snapshot_from_volume(self):
self.cinder.volume_snapshots.create.return_value = (fakes.OSSnapshot(
fakes.OS_SNAPSHOT_1))
self.db_api.add_item.side_effect = (tools.get_db_api_add_item(
fakes.ID_EC2_SNAPSHOT_1))
self.set_mock_db_items(fakes.DB_VOLUME_2)
self.cinder.volumes.get.side_effect = (
lambda vol_id: (fakes.OSVolume(fakes.OS_VOLUME_2)
if vol_id == fakes.ID_OS_VOLUME_2 else None))
resp = self.execute('CreateSnapshot',
{'VolumeId': fakes.ID_EC2_VOLUME_2})
self.assertThat(fakes.EC2_SNAPSHOT_1, matchers.DictMatches(resp))
self.db_api.add_item.assert_called_once_with(
mock.ANY, 'snap', tools.purge_dict(fakes.DB_SNAPSHOT_1, ('id', )))
self.cinder.volume_snapshots.create.assert_called_once_with(
fakes.ID_OS_VOLUME_2, force=True)
def check_response(resp):
self.assertThat(created_ec2_network_interface,
matchers.DictMatches(resp['networkInterface']))
self.db_api.add_item.assert_called_once_with(
mock.ANY, 'eni',
tools.purge_dict(fakes.DB_NETWORK_INTERFACE_2,
('id', 'device_index', 'instance_id',
'delete_on_termination', 'attach_time')))
self.neutron.update_port.assert_called_once_with(
fakes.ID_OS_PORT_2,
{'port': {
'name': fakes.ID_EC2_NETWORK_INTERFACE_2
}})
self.neutron.reset_mock()
self.db_api.reset_mock()
self.neutron.list_security_groups.return_value = ({
'security_groups': [copy.deepcopy(fakes.OS_SECURITY_GROUP_1)]
})
def test_repair_default_security_group(self):
security_group.security_group_engine = (
security_group.SecurityGroupEngineNeutron())
self.db_api.add_item.return_value = fakes.DB_SECURITY_GROUP_1
self.nova.security_groups.create.return_value = (
fakes.NovaSecurityGroup(fakes.OS_SECURITY_GROUP_1))
self.set_mock_db_items(fakes.DB_VPC_1,
fakes.DB_SECURITY_GROUP_1,
fakes.DB_SECURITY_GROUP_2)
self.neutron.list_security_groups.return_value = (
{'security_groups': [fakes.OS_SECURITY_GROUP_2]})
resp = self.execute('DescribeSecurityGroups', {})
self.db_api.add_item.assert_called_once_with(
mock.ANY, 'sg',
tools.purge_dict(fakes.DB_SECURITY_GROUP_1, ('id',)))
self.nova.security_groups.create.assert_called_once_with(
fakes.ID_EC2_VPC_1, 'Default VPC security group')
def test_repair_default_security_group(self):
security_group.security_group_engine = (
security_group.SecurityGroupEngineNeutron())
self.db_api.add_item.return_value = fakes.DB_SECURITY_GROUP_1
self.nova.security_groups.create.return_value = (
fakes.NovaSecurityGroup(fakes.OS_SECURITY_GROUP_1))
self.set_mock_db_items(fakes.DB_VPC_1, fakes.DB_SECURITY_GROUP_1,
fakes.DB_SECURITY_GROUP_2)
self.neutron.list_security_groups.return_value = ({
'security_groups': [fakes.OS_SECURITY_GROUP_2]
})
resp = self.execute('DescribeSecurityGroups', {})
self.db_api.add_item.assert_called_once_with(
mock.ANY, 'sg',
tools.purge_dict(fakes.DB_SECURITY_GROUP_1, ('id', )))
self.nova.security_groups.create.assert_called_once_with(
fakes.ID_EC2_VPC_1, 'Default VPC security group')
def check_response(resp):
self.assertThat(created_ec2_network_interface,
matchers.DictMatches(resp['networkInterface']))
self.db_api.add_item.assert_called_once_with(
mock.ANY, 'eni',
tools.purge_dict(fakes.DB_NETWORK_INTERFACE_2,
('id',
'device_index',
'instance_id',
'delete_on_termination',
'attach_time')))
self.neutron.update_port.assert_called_once_with(
fakes.ID_OS_PORT_2,
{'port': {'name':
fakes.ID_EC2_NETWORK_INTERFACE_2}})
self.neutron.reset_mock()
self.db_api.reset_mock()
self.neutron.list_security_groups.return_value = (
{'security_groups': [
copy.deepcopy(fakes.OS_SECURITY_GROUP_1)]})
def test_authorize_security_group_egress_groups(self):
self.set_mock_db_items(fakes.DB_SECURITY_GROUP_1,
fakes.DB_SECURITY_GROUP_2)
self.neutron.create_security_group_rule.return_value = ({
'security_group_rule': [fakes.OS_SECURITY_GROUP_RULE_1]
})
self.execute(
'AuthorizeSecurityGroupEgress', {
'GroupId': fakes.ID_EC2_SECURITY_GROUP_2,
'IpPermissions.1.FromPort': '10',
'IpPermissions.1.IpProtocol': '100',
'IpPermissions.1.Groups.1.GroupId':
fakes.ID_EC2_SECURITY_GROUP_1
})
self.neutron.create_security_group_rule.assert_called_once_with({
'security_group_rule':
tools.purge_dict(
fakes.OS_SECURITY_GROUP_RULE_2,
{'id', 'remote_ip_prefix', 'tenant_id', 'port_range_max'})
})
def test_delete_network_interface_with_public_ip(self):
detached_network_interface_2 = fakes.gen_db_network_interface(
fakes.ID_EC2_NETWORK_INTERFACE_2, fakes.ID_OS_PORT_2,
fakes.ID_EC2_VPC_1, fakes.ID_EC2_SUBNET_2,
fakes.IP_NETWORK_INTERFACE_2)
self.set_mock_db_items(detached_network_interface_2,
fakes.DB_ADDRESS_1, fakes.DB_ADDRESS_2)
resp = self.execute(
'DeleteNetworkInterface',
{'NetworkInterfaceId': fakes.ID_EC2_NETWORK_INTERFACE_2})
self.assertEqual(True, resp['return'])
self.db_api.get_item_by_id.assert_any_call(
mock.ANY, fakes.ID_EC2_NETWORK_INTERFACE_2)
self.db_api.delete_item.assert_called_once_with(
mock.ANY, fakes.ID_EC2_NETWORK_INTERFACE_2)
self.neutron.delete_port.assert_called_once_with(fakes.ID_OS_PORT_2)
self.db_api.update_item.assert_called_once_with(
mock.ANY,
tools.purge_dict(fakes.DB_ADDRESS_2,
['network_interface_id', 'private_ip_address']))
def test_create_snapshot_from_volume(self):
self.cinder.volume_snapshots.create.return_value = (
fakes.OSSnapshot(fakes.OS_SNAPSHOT_1))
self.db_api.add_item.side_effect = (
tools.get_db_api_add_item(fakes.ID_EC2_SNAPSHOT_1))
self.set_mock_db_items(fakes.DB_VOLUME_2)
self.cinder.volumes.get.side_effect = (
lambda vol_id: (
fakes.OSVolume(fakes.OS_VOLUME_2)
if vol_id == fakes.ID_OS_VOLUME_2
else None))
resp = self.execute(
'CreateSnapshot',
{'VolumeId': fakes.ID_EC2_VOLUME_2})
self.assertThat(fakes.EC2_SNAPSHOT_1, matchers.DictMatches(resp))
self.db_api.add_item.assert_called_once_with(
mock.ANY, 'snap',
tools.purge_dict(fakes.DB_SNAPSHOT_1, ('id',)))
self.cinder.volume_snapshots.create.assert_called_once_with(
fakes.ID_OS_VOLUME_2, force=True)
def test_detach_network_interface(self):
network_interface = tools.update_dict(fakes.DB_NETWORK_INTERFACE_2,
{'device_index': 1})
self.set_mock_db_items(network_interface)
self.neutron.show_port.return_value = (
{'port': fakes.OS_PORT_2})
self.execute(
'DetachNetworkInterface',
{'AttachmentId': ec2utils.change_ec2_id_kind(
fakes.ID_EC2_NETWORK_INTERFACE_2, 'eni-attach')})
self.neutron.update_port.assert_called_once_with(
fakes.ID_OS_PORT_2,
{'port': {'device_id': '',
'device_owner': ''}}
)
self.db_api.update_item.assert_called_once_with(
mock.ANY,
tools.purge_dict(fakes.DB_NETWORK_INTERFACE_2,
{'device_index',
'instance_id',
'delete_on_termination',
'attach_time'}))
def check_response(resp, auto_ips=False):
self.assertThat(fakes.EC2_NETWORK_INTERFACE_1,
matchers.DictMatches(resp['networkInterface']))
self.db_api.add_item.assert_called_once_with(
mock.ANY,
'eni',
tools.purge_dict(fakes.DB_NETWORK_INTERFACE_1, ('id', )),
project_id=None)
if auto_ips:
self.neutron.create_port.assert_called_once_with({
'port': {
'network_id': fakes.ID_OS_NETWORK_1,
'fixed_ips': [{
'subnet_id': fakes.ID_OS_SUBNET_1
}],
'security_groups': [fakes.ID_OS_SECURITY_GROUP_1]
}
})
else:
self.neutron.create_port.assert_called_once_with({
'port': {
'network_id': fakes.ID_OS_NETWORK_1,
'fixed_ips': [{
'ip_address':
fakes.IP_NETWORK_INTERFACE_1
}],
'security_groups': [fakes.ID_OS_SECURITY_GROUP_1]
}
})
self.neutron.update_port.assert_called_once_with(
fakes.ID_OS_PORT_1,
{'port': {
'name': fakes.ID_EC2_NETWORK_INTERFACE_1
}})
self.neutron.reset_mock()
self.db_api.reset_mock()
self.neutron.list_security_groups.return_value = ({
'security_groups': [copy.deepcopy(fakes.OS_SECURITY_GROUP_1)]
})
def test_route_table_create(self):
self.set_mock_db_items(fakes.DB_VPC_1)
self.db_api.add_item.side_effect = (tools.get_db_api_add_item(
fakes.ID_EC2_ROUTE_TABLE_1))
resp = self.execute('CreateRouteTable', {'VpcId': fakes.ID_EC2_VPC_1})
self.assertThat(
resp['routeTable'],
matchers.DictMatches(
tools.purge_dict(fakes.EC2_ROUTE_TABLE_1,
('associationSet', ))))
self.db_api.add_item.assert_called_once_with(
mock.ANY,
'rtb', {
'vpc_id':
fakes.ID_EC2_VPC_1,
'routes': [{
'destination_cidr_block': fakes.CIDR_VPC_1,
'gateway_id': None
}]
},
project_id=None)
self.db_api.get_item_by_id.assert_called_once_with(
mock.ANY, fakes.ID_EC2_VPC_1)
def test_authorize_security_group_ingress_ip_ranges(self):
security_group.security_group_engine = (
security_group.SecurityGroupEngineNeutron())
self.set_mock_db_items(fakes.DB_SECURITY_GROUP_1,
fakes.DB_SECURITY_GROUP_2)
self.neutron.create_security_group_rule.return_value = ({
'security_group_rule': [fakes.OS_SECURITY_GROUP_RULE_1]
})
self.execute(
'AuthorizeSecurityGroupIngress', {
'GroupId': fakes.ID_EC2_SECURITY_GROUP_2,
'IpPermissions.1.FromPort': '10',
'IpPermissions.1.ToPort': '10',
'IpPermissions.1.IpProtocol': 'tcp',
'IpPermissions.1.IpRanges.1.CidrIp': '192.168.1.0/24'
})
self.neutron.create_security_group_rule.assert_called_once_with({
'security_group_rule':
tools.purge_dict(fakes.OS_SECURITY_GROUP_RULE_1,
{'id', 'remote_group_id', 'tenant_id'})
})
# NOTE(Alex): Openstack extension, AWS-incompability
# IPv6 is not supported by Amazon.
self.execute(
'AuthorizeSecurityGroupIngress', {
'GroupId': fakes.ID_EC2_SECURITY_GROUP_2,
'IpPermissions.1.FromPort': '10',
'IpPermissions.1.ToPort': '10',
'IpPermissions.1.IpProtocol': 'tcp',
'IpPermissions.1.IpRanges.1.CidrIp': '::/0'
})
self.neutron.create_security_group_rule.assert_called_with({
'security_group_rule':
tools.patch_dict(fakes.OS_SECURITY_GROUP_RULE_1,
{'remote_ip_prefix': '::/0'},
{'id', 'remote_group_id', 'tenant_id'})
})
def test_detach_network_interface(self):
network_interface = tools.update_dict(fakes.DB_NETWORK_INTERFACE_2,
{'device_index': 1})
self.set_mock_db_items(network_interface)
self.neutron.show_port.return_value = ({'port': fakes.OS_PORT_2})
self.execute(
'DetachNetworkInterface', {
'AttachmentId':
ec2utils.change_ec2_id_kind(fakes.ID_EC2_NETWORK_INTERFACE_2,
'eni-attach')
})
self.neutron.update_port.assert_called_once_with(
fakes.ID_OS_PORT_2,
{'port': {
'device_id': '',
'device_owner': ''
}})
self.db_api.update_item.assert_called_once_with(
mock.ANY,
tools.purge_dict(
fakes.DB_NETWORK_INTERFACE_2, {
'device_index', 'instance_id', 'delete_on_termination',
'attach_time'
}))
def test_create_security_group(self):
self.set_mock_db_items(fakes.DB_VPC_1,
fakes.DB_SECURITY_GROUP_1)
self.neutron.list_security_groups.return_value = (
{'security_groups': [copy.deepcopy(fakes.OS_SECURITY_GROUP_1)]})
self.db_api.add_item.return_value = fakes.DB_SECURITY_GROUP_2
self.neutron.create_security_group.return_value = (
{'security_group': copy.deepcopy(fakes.OS_SECURITY_GROUP_2)})
resp = self.execute(
'CreateSecurityGroup',
{'GroupName': 'groupname',
'GroupDescription': 'Group description'})
secgroup_body = (
{'security_group': {'name': 'groupname',
'description': 'Group description'}})
self.neutron.create_security_group.assert_called_once_with(
secgroup_body)
db_group = tools.purge_dict(fakes.DB_SECURITY_GROUP_2, ('id',))
db_group['vpc_id'] = None
self.db_api.add_item.assert_called_once_with(mock.ANY, 'sg', db_group)
self.neutron.create_security_group.reset_mock()
self.db_api.add_item.reset_mock()
self.neutron.list_security_groups.return_value = (
{'security_groups': [copy.deepcopy(fakes.OS_SECURITY_GROUP_1)]})
resp = self.execute(
'CreateSecurityGroup',
{'VpcId': fakes.ID_EC2_VPC_1,
'GroupName': 'groupname',
'GroupDescription': 'Group description'})
self.assertEqual(fakes.ID_EC2_SECURITY_GROUP_2, resp['groupId'])
self.db_api.add_item.assert_called_once_with(
mock.ANY, 'sg',
tools.purge_dict(fakes.DB_SECURITY_GROUP_2, ('id',)))
self.neutron.create_security_group.assert_called_once_with(
secgroup_body)
self.neutron.create_security_group.reset_mock()
self.db_api.add_item.reset_mock()
self.configure(disable_ec2_classic=True)
self.add_mock_db_items(fakes.DB_VPC_DEFAULT,
fakes.DB_SECURITY_GROUP_DEFAULT)
self.neutron.create_security_group.return_value = (
{'security_group': copy.deepcopy(fakes.OS_SECURITY_GROUP_5)})
self.neutron.list_security_groups.return_value = (
{'security_groups': [copy.deepcopy(fakes.OS_SECURITY_GROUP_1),
fakes.OS_SECURITY_GROUP_DEFAULT]})
self.db_api.add_item.return_value = fakes.DB_SECURITY_GROUP_5
resp = self.execute(
'CreateSecurityGroup',
{'GroupName': 'groupname2',
'GroupDescription': 'Group description'})
self.assertEqual(fakes.ID_EC2_SECURITY_GROUP_5, resp['groupId'])
self.db_api.add_item.assert_called_once_with(
mock.ANY, 'sg',
tools.purge_dict(fakes.DB_SECURITY_GROUP_5, ('id',)))
secgroup_body = (
{'security_group': {'name': 'groupname2',
'description': 'Group description'}})
self.neutron.create_security_group.assert_called_once_with(
secgroup_body)
def test_create_network_interface_multiple_ips(self):
self.set_mock_db_items(fakes.DB_SUBNET_2, fakes.DB_VPC_1,
fakes.DB_SECURITY_GROUP_1)
self.db_api.add_item.return_value = fakes.DB_NETWORK_INTERFACE_2
self.neutron.show_subnet.return_value = {'subnet': fakes.OS_SUBNET_2}
self.neutron.create_port.return_value = {'port': fakes.OS_PORT_2}
self.neutron.list_security_groups.return_value = ({
'security_groups': [copy.deepcopy(fakes.OS_SECURITY_GROUP_1)]
})
created_ec2_network_interface = tools.patch_dict(
fakes.EC2_NETWORK_INTERFACE_2, {
'privateIpAddressesSet': [
tools.purge_dict(s, ['association']) for s in
fakes.EC2_NETWORK_INTERFACE_2['privateIpAddressesSet']
]
}, ['association'])
def check_response(resp):
self.assertThat(created_ec2_network_interface,
matchers.DictMatches(resp['networkInterface']))
self.db_api.add_item.assert_called_once_with(
mock.ANY, 'eni',
tools.purge_dict(fakes.DB_NETWORK_INTERFACE_2,
('id', 'device_index', 'instance_id',
'delete_on_termination', 'attach_time')))
self.neutron.update_port.assert_called_once_with(
fakes.ID_OS_PORT_2,
{'port': {
'name': fakes.ID_EC2_NETWORK_INTERFACE_2
}})
self.neutron.reset_mock()
self.db_api.reset_mock()
self.neutron.list_security_groups.return_value = ({
'security_groups': [copy.deepcopy(fakes.OS_SECURITY_GROUP_1)]
})
resp = self.execute(
'CreateNetworkInterface', {
'SubnetId': fakes.ID_EC2_SUBNET_2,
'SecondaryPrivateIpAddressCount': '3',
'Description': fakes.DESCRIPTION_NETWORK_INTERFACE_2
})
self.neutron.create_port.assert_called_once_with({
'port': {
'network_id':
fakes.ID_OS_NETWORK_2,
'fixed_ips': [{
'subnet_id': fakes.ID_OS_SUBNET_2
}, {
'subnet_id': fakes.ID_OS_SUBNET_2
}, {
'subnet_id': fakes.ID_OS_SUBNET_2
}],
'security_groups': [fakes.ID_OS_SECURITY_GROUP_1]
}
})
check_response(resp)
resp = self.execute(
'CreateNetworkInterface', {
'SubnetId':
fakes.ID_EC2_SUBNET_2,
'PrivateIpAddress':
fakes.IPS_NETWORK_INTERFACE_2[0],
'PrivateIpAddresses.1.PrivateIpAddress':
fakes.IPS_NETWORK_INTERFACE_2[1],
'PrivateIpAddresses.1.Primary':
False,
'PrivateIpAddresses.2.PrivateIpAddress':
fakes.IPS_NETWORK_INTERFACE_2[2],
'PrivateIpAddresses.2.Primary':
False,
'Description':
fakes.DESCRIPTION_NETWORK_INTERFACE_2
})
self.neutron.create_port.assert_called_once_with({
'port': {
'network_id':
fakes.ID_OS_NETWORK_2,
'fixed_ips': [{
'ip_address': fakes.IPS_NETWORK_INTERFACE_2[0]
}, {
'ip_address': fakes.IPS_NETWORK_INTERFACE_2[1]
}, {
'ip_address': fakes.IPS_NETWORK_INTERFACE_2[2]
}],
'security_groups': [fakes.ID_OS_SECURITY_GROUP_1]
}
})
check_response(resp)
resp = self.execute(
'CreateNetworkInterface', {
'SubnetId':
fakes.ID_EC2_SUBNET_2,
'PrivateIpAddresses.1.PrivateIpAddress':
fakes.IPS_NETWORK_INTERFACE_2[0],
'PrivateIpAddresses.1.Primary':
True,
'PrivateIpAddresses.2.PrivateIpAddress':
fakes.IPS_NETWORK_INTERFACE_2[1],
'PrivateIpAddresses.2.Primary':
False,
'PrivateIpAddresses.3.PrivateIpAddress':
fakes.IPS_NETWORK_INTERFACE_2[2],
'PrivateIpAddresses.3.Primary':
False,
'Description':
fakes.DESCRIPTION_NETWORK_INTERFACE_2
})
self.neutron.create_port.assert_called_once_with({
'port': {
'network_id':
fakes.ID_OS_NETWORK_2,
'fixed_ips': [{
'ip_address': fakes.IPS_NETWORK_INTERFACE_2[0]
}, {
'ip_address': fakes.IPS_NETWORK_INTERFACE_2[1]
}, {
'ip_address': fakes.IPS_NETWORK_INTERFACE_2[2]
}],
'security_groups': [fakes.ID_OS_SECURITY_GROUP_1]
}
})
check_response(resp)
resp = self.execute(
'CreateNetworkInterface', {
'SubnetId':
fakes.ID_EC2_SUBNET_2,
'PrivateIpAddress':
fakes.IPS_NETWORK_INTERFACE_2[0],
'PrivateIpAddresses.1.PrivateIpAddress':
fakes.IPS_NETWORK_INTERFACE_2[1],
'PrivateIpAddresses.1.Primary':
False,
'SecondaryPrivateIpAddressCount':
'1',
'Description':
fakes.DESCRIPTION_NETWORK_INTERFACE_2
})
self.neutron.create_port.assert_called_once_with({
'port': {
'network_id':
fakes.ID_OS_NETWORK_2,
'fixed_ips': [{
'ip_address': fakes.IPS_NETWORK_INTERFACE_2[0]
}, {
'ip_address': fakes.IPS_NETWORK_INTERFACE_2[1]
}, {
'subnet_id': fakes.ID_OS_SUBNET_2
}],
'security_groups': [fakes.ID_OS_SECURITY_GROUP_1]
}
})
check_response(resp)
def test_create_security_group(self):
self.set_mock_db_items(fakes.DB_VPC_1, fakes.DB_SECURITY_GROUP_1)
self.neutron.list_security_groups.return_value = ({
'security_groups': [copy.deepcopy(fakes.OS_SECURITY_GROUP_1)]
})
self.db_api.add_item.return_value = fakes.DB_SECURITY_GROUP_2
self.neutron.create_security_group.return_value = ({
'security_group':
copy.deepcopy(fakes.OS_SECURITY_GROUP_2)
})
resp = self.execute('CreateSecurityGroup', {
'GroupName': 'groupname',
'GroupDescription': 'Group description'
})
secgroup_body = ({
'security_group': {
'name': 'groupname',
'description': 'Group description'
}
})
self.neutron.create_security_group.assert_called_once_with(
secgroup_body)
db_group = tools.purge_dict(fakes.DB_SECURITY_GROUP_2, ('id', ))
db_group['vpc_id'] = None
self.db_api.add_item.assert_called_once_with(mock.ANY, 'sg', db_group)
self.neutron.create_security_group.reset_mock()
self.db_api.add_item.reset_mock()
self.neutron.list_security_groups.return_value = ({
'security_groups': [copy.deepcopy(fakes.OS_SECURITY_GROUP_1)]
})
resp = self.execute(
'CreateSecurityGroup', {
'VpcId': fakes.ID_EC2_VPC_1,
'GroupName': 'groupname',
'GroupDescription': 'Group description'
})
self.assertEqual(fakes.ID_EC2_SECURITY_GROUP_2, resp['groupId'])
self.db_api.add_item.assert_called_once_with(
mock.ANY, 'sg',
tools.purge_dict(fakes.DB_SECURITY_GROUP_2, ('id', )))
self.neutron.create_security_group.assert_called_once_with(
secgroup_body)
self.neutron.create_security_group.reset_mock()
self.db_api.add_item.reset_mock()
self.configure(disable_ec2_classic=True)
self.add_mock_db_items(fakes.DB_VPC_DEFAULT,
fakes.DB_SECURITY_GROUP_DEFAULT)
self.neutron.create_security_group.return_value = ({
'security_group':
copy.deepcopy(fakes.OS_SECURITY_GROUP_5)
})
self.neutron.list_security_groups.return_value = ({
'security_groups': [
copy.deepcopy(fakes.OS_SECURITY_GROUP_1),
fakes.OS_SECURITY_GROUP_DEFAULT
]
})
self.db_api.add_item.return_value = fakes.DB_SECURITY_GROUP_5
resp = self.execute('CreateSecurityGroup', {
'GroupName': 'groupname2',
'GroupDescription': 'Group description'
})
self.assertEqual(fakes.ID_EC2_SECURITY_GROUP_5, resp['groupId'])
self.db_api.add_item.assert_called_once_with(
mock.ANY, 'sg',
tools.purge_dict(fakes.DB_SECURITY_GROUP_5, ('id', )))
secgroup_body = ({
'security_group': {
'name': 'groupname2',
'description': 'Group description'
}
})
self.neutron.create_security_group.assert_called_once_with(
secgroup_body)
def test_create_network_interface_multiple_ips(self):
self.set_mock_db_items(fakes.DB_SUBNET_2, fakes.DB_VPC_1,
fakes.DB_SECURITY_GROUP_1)
self.db_api.add_item.return_value = fakes.DB_NETWORK_INTERFACE_2
self.neutron.show_subnet.return_value = {'subnet': fakes.OS_SUBNET_2}
self.neutron.create_port.return_value = {'port': fakes.OS_PORT_2}
self.neutron.list_security_groups.return_value = (
{'security_groups': [copy.deepcopy(fakes.OS_SECURITY_GROUP_1)]})
created_ec2_network_interface = tools.patch_dict(
fakes.EC2_NETWORK_INTERFACE_2,
{'privateIpAddressesSet': [
tools.purge_dict(s, ['association'])
for s in fakes.EC2_NETWORK_INTERFACE_2[
'privateIpAddressesSet']]},
['association'])
def check_response(resp):
self.assertThat(created_ec2_network_interface,
matchers.DictMatches(resp['networkInterface']))
self.db_api.add_item.assert_called_once_with(
mock.ANY, 'eni',
tools.purge_dict(fakes.DB_NETWORK_INTERFACE_2,
('id',
'device_index',
'instance_id',
'delete_on_termination',
'attach_time')))
self.neutron.update_port.assert_called_once_with(
fakes.ID_OS_PORT_2,
{'port': {'name':
fakes.ID_EC2_NETWORK_INTERFACE_2}})
self.neutron.reset_mock()
self.db_api.reset_mock()
self.neutron.list_security_groups.return_value = (
{'security_groups': [
copy.deepcopy(fakes.OS_SECURITY_GROUP_1)]})
resp = self.execute(
'CreateNetworkInterface',
{'SubnetId': fakes.ID_EC2_SUBNET_2,
'SecondaryPrivateIpAddressCount': '3',
'Description': fakes.DESCRIPTION_NETWORK_INTERFACE_2})
self.neutron.create_port.assert_called_once_with(
{'port': {'network_id': fakes.ID_OS_NETWORK_2,
'fixed_ips': [{'subnet_id': fakes.ID_OS_SUBNET_2},
{'subnet_id': fakes.ID_OS_SUBNET_2},
{'subnet_id': fakes.ID_OS_SUBNET_2}],
'security_groups': [fakes.ID_OS_SECURITY_GROUP_1]}})
check_response(resp)
resp = self.execute(
'CreateNetworkInterface',
{'SubnetId': fakes.ID_EC2_SUBNET_2,
'PrivateIpAddress': fakes.IPS_NETWORK_INTERFACE_2[0],
'PrivateIpAddresses.1.PrivateIpAddress':
fakes.IPS_NETWORK_INTERFACE_2[1],
'PrivateIpAddresses.1.Primary': False,
'PrivateIpAddresses.2.PrivateIpAddress':
fakes.IPS_NETWORK_INTERFACE_2[2],
'PrivateIpAddresses.2.Primary': False,
'Description': fakes.DESCRIPTION_NETWORK_INTERFACE_2})
self.neutron.create_port.assert_called_once_with(
{'port':
{'network_id': fakes.ID_OS_NETWORK_2,
'fixed_ips': [
{'ip_address': fakes.IPS_NETWORK_INTERFACE_2[0]},
{'ip_address': fakes.IPS_NETWORK_INTERFACE_2[1]},
{'ip_address': fakes.IPS_NETWORK_INTERFACE_2[2]}],
'security_groups': [fakes.ID_OS_SECURITY_GROUP_1]}})
check_response(resp)
resp = self.execute(
'CreateNetworkInterface',
{'SubnetId': fakes.ID_EC2_SUBNET_2,
'PrivateIpAddresses.1.PrivateIpAddress':
fakes.IPS_NETWORK_INTERFACE_2[0],
'PrivateIpAddresses.1.Primary': True,
'PrivateIpAddresses.2.PrivateIpAddress':
fakes.IPS_NETWORK_INTERFACE_2[1],
'PrivateIpAddresses.2.Primary': False,
'PrivateIpAddresses.3.PrivateIpAddress':
fakes.IPS_NETWORK_INTERFACE_2[2],
'PrivateIpAddresses.3.Primary': False,
'Description': fakes.DESCRIPTION_NETWORK_INTERFACE_2})
self.neutron.create_port.assert_called_once_with(
{'port':
{'network_id': fakes.ID_OS_NETWORK_2,
'fixed_ips': [
{'ip_address': fakes.IPS_NETWORK_INTERFACE_2[0]},
{'ip_address': fakes.IPS_NETWORK_INTERFACE_2[1]},
{'ip_address': fakes.IPS_NETWORK_INTERFACE_2[2]}],
'security_groups': [fakes.ID_OS_SECURITY_GROUP_1]}})
check_response(resp)
resp = self.execute(
'CreateNetworkInterface',
{'SubnetId': fakes.ID_EC2_SUBNET_2,
'PrivateIpAddress': fakes.IPS_NETWORK_INTERFACE_2[0],
'PrivateIpAddresses.1.PrivateIpAddress':
fakes.IPS_NETWORK_INTERFACE_2[1],
'PrivateIpAddresses.1.Primary': False,
'SecondaryPrivateIpAddressCount': '1',
'Description': fakes.DESCRIPTION_NETWORK_INTERFACE_2})
self.neutron.create_port.assert_called_once_with(
{'port':
{'network_id': fakes.ID_OS_NETWORK_2,
'fixed_ips': [
{'ip_address': fakes.IPS_NETWORK_INTERFACE_2[0]},
{'ip_address': fakes.IPS_NETWORK_INTERFACE_2[1]},
{'subnet_id': fakes.ID_OS_SUBNET_2}],
'security_groups': [fakes.ID_OS_SECURITY_GROUP_1]}})
check_response(resp)
def test_authorize_security_group_ingress_ip_ranges(self):
self.set_mock_db_items(fakes.DB_SECURITY_GROUP_1,
fakes.DB_SECURITY_GROUP_2)
self.neutron.create_security_group_rule.return_value = ({
'security_group_rule': [fakes.OS_SECURITY_GROUP_RULE_1]
})
self.execute(
'AuthorizeSecurityGroupIngress', {
'GroupId': fakes.ID_EC2_SECURITY_GROUP_2,
'IpPermissions.1.FromPort': '10',
'IpPermissions.1.ToPort': '10',
'IpPermissions.1.IpProtocol': 'tcp',
'IpPermissions.1.IpRanges.1.CidrIp': '192.168.1.0/24'
})
self.neutron.create_security_group_rule.assert_called_once_with({
'security_group_rule':
tools.purge_dict(fakes.OS_SECURITY_GROUP_RULE_1,
{'id', 'remote_group_id', 'tenant_id'})
})
# NOTE(Alex): Openstack extension, AWS-incompability
# IPv6 is not supported by Amazon.
self.execute(
'AuthorizeSecurityGroupIngress', {
'GroupId': fakes.ID_EC2_SECURITY_GROUP_2,
'IpPermissions.1.FromPort': '10',
'IpPermissions.1.ToPort': '10',
'IpPermissions.1.IpProtocol': 'tcp',
'IpPermissions.1.IpRanges.1.CidrIp': '::/0'
})
self.neutron.create_security_group_rule.assert_called_with({
'security_group_rule':
tools.patch_dict(fakes.OS_SECURITY_GROUP_RULE_1,
{'remote_ip_prefix': '::/0'},
{'id', 'remote_group_id', 'tenant_id'})
})
self.configure(disable_ec2_classic=True)
self.add_mock_db_items(fakes.DB_VPC_DEFAULT, fakes.DB_SECURITY_GROUP_4,
fakes.DB_SECURITY_GROUP_5,
fakes.DB_SECURITY_GROUP_6)
self.neutron.list_security_groups.return_value = ({
'security_groups':
[fakes.OS_SECURITY_GROUP_4, fakes.OS_SECURITY_GROUP_5]
})
self.execute(
'AuthorizeSecurityGroupIngress', {
'GroupName': 'groupname2',
'IpPermissions.1.FromPort': '10',
'IpPermissions.1.ToPort': '10',
'IpPermissions.1.IpProtocol': 'tcp',
'IpPermissions.1.IpRanges.1.CidrIp': '::/0'
})
security_group_rule = {
'direction': 'ingress',
'ethertype': 'IPv4',
'port_range_min': 10,
'port_range_max': 10,
'protocol': 'tcp',
'remote_ip_prefix': '::/0',
'security_group_id': fakes.ID_OS_SECURITY_GROUP_5
}
self.neutron.create_security_group_rule.assert_called_with(
{'security_group_rule': security_group_rule})
