def test_multi_set(self): '''Test lifecycle of set with 3 rules having different dirs''' # Create rule set with 3 rules with self._mock_profile_create() as profile_create: rule1 = self._create_simple_policy_rule('in', 'tcp', '7887') rule2 = self._create_simple_policy_rule('out', 'udp', '8778') rule3 = self._create_simple_policy_rule('bi', 'tcp', '5060') rule_set = self.create_policy_rule_set( name='test', policy_rules=[rule1['id'], rule2['id'], rule3['id']])['policy_rule_set'] self.assertEqual(2, profile_create.call_count) profile_create._assert_profile_call( driver.append_in_dir('test'), driver.append_in_dir(rule_set['id']), [rule1['policy_classifier_id'], rule3['policy_classifier_id']]) profile_create._assert_profile_call( driver.append_out_dir('test'), driver.append_out_dir(rule_set['id']), [rule2['policy_classifier_id'], rule3['policy_classifier_id']]) # Replace rule3 with rule4 with self._mock_profile_create() as profile_update: rule4 = self._create_simple_policy_rule('out', 'tcp', '555:777') rule_set1 = self.update_policy_rule_set( rule_set['id'], policy_rules=[rule1['id'], rule2['id'], rule4['id']])['policy_rule_set'] self.assertEqual(rule_set['id'], rule_set1['id']) self.assertEqual(2, profile_create.call_count) profile_update._assert_profile_call( driver.append_in_dir('test'), driver.append_in_dir(rule_set['id']), [rule1['policy_classifier_id']]) profile_update._assert_profile_call( driver.append_out_dir('test'), driver.append_out_dir(rule_set['id']), [rule2['policy_classifier_id'], rule4['policy_classifier_id']]) # Delete rule1 from the rule set and verify ingress profile is # is deleted on backend with self._mock_profile_delete() as profile_delete: self.update_policy_rule_set( rule_set['id'], policy_rules=[rule2['id'], rule4['id']]) profile_delete.assert_called_once_with( driver.append_in_dir(rule_set['id'])) # Delete the rule set and verify egress profile is deleted with self._mock_profile_delete() as profile_delete: self.delete_policy_rule_set(rule_set['id']) profile_delete.assert_called_once_with( driver.append_out_dir(rule_set['id']))
def test_bidirectional(self): ''' Create and delete bidirectional rule set''' with self._mock_profile_create() as profile_create,\ self._mock_profile_delete() as profile_delete: rule = self._create_simple_policy_rule() rule_set = self.create_policy_rule_set( name='test', policy_rules=[rule['id']])['policy_rule_set'] calls = [ call(name=mock.ANY, description=mock.ANY, profile_id=driver.append_in_dir(rule_set['id']), services=[rule['policy_classifier_id']]), call(name=mock.ANY, description=mock.ANY, profile_id=driver.append_out_dir(rule_set['id']), services=[rule['policy_classifier_id']]) ] profile_create.assert_has_calls(calls) self.delete_policy_rule_set(rule_set['id']) calls = [ call(driver.append_in_dir(rule_set['id'])), call(driver.append_out_dir(rule_set['id'])) ] profile_delete.assert_has_calls(calls)
def ingress_map_call(self, prs_id, provider_ids, consumer_ids): return call(domain_id=TEST_PROJECT, profile_id=driver.append_in_dir(prs_id), map_id=mock.ANY, name=driver.append_in_dir(prs_id), description=mock.ANY, source_groups=consumer_ids, dest_groups=provider_ids)
def test_create_fail_connected(self): '''Verify integrity when backend fails on connectivity map creation This test creates a pair of groups. First group creation succeeds, while second fails on connectivity enforcement. Verify backend receives a group delete call for second group. Verify spawned neutron resources are cleaned up for second group. ''' policy_rule_set = self._prepare_rule_set() profile_ids = [ driver.append_in_dir(policy_rule_set['id']), driver.append_out_dir(policy_rule_set['id']) ] with self._mock_group_create(),\ self._mock_profile_list(profile_ids),\ self._mock_map_create_fails(),\ self._mock_group_delete() as group_delete: self.assertRaises(webob.exc.HTTPClientError, self._create_provider_consumer_ptgs, policy_rule_set['id']) group_delete.assert_called_with(self._tenant_id, mock.ANY) self.assert_neutron_resources(1, 1, 1)
def test_create_ptg_pair_multi_rule_set(self): '''Create ptg pair based on 3 rule sets First rule set is simulated to have only ingress connectivity, second - only egress connectivity, and third - both ''' prs1 = self._prepare_rule_set()['id'] prs2 = self._prepare_rule_set()['id'] prs3 = self._prepare_rule_set()['id'] profile_ids = [ driver.append_in_dir(prs1), driver.append_out_dir(prs2), driver.append_in_dir(prs3), driver.append_out_dir(prs3) ] with self._mock_domain_create(),\ self._mock_group_create() as group_create,\ self._mock_profile_list(profile_ids),\ self._mock_map_create() as map_create: rule_set_dict = {prs1: None, prs2: None, prs3: None} provider_ptg = self.create_policy_target_group( name='ptg1', provided_policy_rule_sets=rule_set_dict) provider_id = provider_ptg['policy_target_group']['id'] consumer_ptg = self.create_policy_target_group( name='ptg2', consumed_policy_rule_sets=rule_set_dict) consumer_id = consumer_ptg['policy_target_group']['id'] group_create.assert_has_calls([ self.group_call('ptg1', provider_id), self.group_call('ptg2', consumer_id) ]) map_calls = [ self.ingress_map_call(prs1, [provider_id], [consumer_id]), self.egress_map_call(prs2, [provider_id], [consumer_id]), self.ingress_map_call(prs3, [provider_id], [consumer_id]), self.egress_map_call(prs3, [provider_id], [consumer_id]) ] map_create.assert_has_calls(map_calls, any_order=True)
def test_update_rule_set(self): '''Under consumer and producer group pair with single rule lifecycle, Update rule set and verify backend gets updated ''' rule_set = self._prepare_rule_set(direction='in') # Create group pair with self._mock_group_create(), \ self._mock_map_create(), \ self._mock_domain_create(): provider_ptg, consumer_ptg = self._create_provider_consumer_ptgs( rule_set['id']) # Add another rule to the rule set with self._mock_service_create(),\ self._mock_map_create() as map_update: rule = self._create_simple_policy_rule(direction='in') self.rules.append(rule) rules = [rule['id'] for rule in self.rules] self.update_policy_rule_set(rule_set['id'], policy_rules=rules) classifier_ids = sorted( [rule['policy_classifier_id'] for rule in self.rules]) map_update.assert_has_calls([ self.ingress_map_call(rule_set['id'], [provider_ptg], [consumer_ptg], classifier_ids) ]) # Delete all rules from rule set, leaving the rule set with self._mock_map_delete() as map_delete: self.update_policy_rule_set(rule_set['id'], policy_rules=[]) # verify communication map delete on backend map_delete.assert_any_call(TEST_PROJECT, driver.append_in_dir(rule_set['id']))
def test_create_ptg_star(self): '''Star-like topology (single producer and N consumers) lifecycle''' star_size = 10 policy_rule_set = self._prepare_rule_set() prs_id = policy_rule_set['id'] profile_ids = [driver.append_in_dir(prs_id)] # Create topology with self._mock_domain_create(),\ self._mock_profile_list(profile_ids),\ self._mock_group_create() as group_create,\ self._mock_map_create() as map_create: policy_rule_set_dict = {prs_id: None} provider_ptg = self.create_policy_target_group( name='producer', provided_policy_rule_sets=policy_rule_set_dict) provider_id = provider_ptg['policy_target_group']['id'] group_calls = [self.group_call('producer', provider_id)] map_calls = [] consumer_ids = [] for i in range(0, star_size): name = 'consumer_%d' % i consumer_ptg = self.create_policy_target_group( name=name, consumed_policy_rule_sets=policy_rule_set_dict) consumer_id = consumer_ptg['policy_target_group']['id'] consumer_ids.append(consumer_id) group_calls.append(self.group_call(name, consumer_id)) map_calls.append( self.ingress_map_call(prs_id, [provider_id], consumer_ids[:])) group_create.assert_has_calls(group_calls) map_create.assert_has_calls(map_calls) star_size += 1 self.assert_neutron_resources(star_size, star_size, star_size) # Delete one consumer group with self._mock_map_delete() as map_delete,\ self._mock_map_create() as map_create,\ self._mock_profile_list(profile_ids),\ self._mock_group_delete() as group_delete: consumer_id = consumer_ids.pop(0) self.delete_policy_target_group(consumer_id) map_create.assert_has_calls( [self.ingress_map_call(prs_id, [provider_id], consumer_ids)]) map_delete.assert_not_called() group_delete.assert_called_with(TEST_PROJECT, consumer_id) star_size -= 1 self.assert_neutron_resources(star_size, star_size, star_size) # Delete provider group with self._mock_map_delete() as map_delete,\ self._mock_map_create() as map_create,\ self._mock_profile_list(profile_ids),\ self._mock_group_delete() as group_delete: self.delete_policy_target_group(provider_id) map_create.assert_not_called() map_delete.assert_called_with(TEST_PROJECT, driver.append_in_dir(prs_id)) star_size -= 1 group_delete.assert_called_with(TEST_PROJECT, provider_id)
def test_create_ptg_ring(self): ring_size = 10 prs_ids = [] for i in range(0, ring_size): prs_ids.append(self._prepare_rule_set()['id']) profile_ids = [driver.append_in_dir(prs_id) for prs_id in prs_ids] # Create ring topology with self._mock_domain_create(),\ self._mock_profile_list(profile_ids),\ self._mock_group_create() as group_create,\ self._mock_map_create() as map_create: group_calls = [] map_calls = [] ptg_ids = [] for i in range(0, ring_size): provided_rule_set_dict = {prs_ids[i]: None} next_i = (i + 1) % ring_size consumed_rule_set_dict = {prs_ids[next_i]: None} name = 'ptg_%d' % i ptg = self.create_policy_target_group( name=name, provided_policy_rule_sets=provided_rule_set_dict, consumed_policy_rule_sets=consumed_rule_set_dict) ptg_id = ptg['policy_target_group']['id'] ptg_ids.append(ptg_id) group_calls.append(self.group_call(name, ptg_id)) if i > 0: map_calls.append( self.ingress_map_call(prs_ids[i], [ptg_id], [ptg_ids[i - 1]])) map_calls.append( self.ingress_map_call(prs_ids[0], [ptg_ids[0]], [ptg_id])) group_create.assert_has_calls(group_calls) map_create.assert_has_calls(map_calls, any_order=True) self.assert_neutron_resources(ring_size, ring_size, ring_size) # Delete single group and verify connectors are deleted with self._mock_map_delete() as map_delete,\ self._mock_map_create() as map_create,\ self._mock_profile_list(profile_ids),\ self._mock_group_delete() as group_delete: ptg_id = ptg_ids[2] self.delete_policy_target_group(ptg_id) map_calls = [ call(TEST_PROJECT, driver.append_in_dir(prs_ids[2])), call(TEST_PROJECT, driver.append_in_dir(prs_ids[3])) ] map_delete.assert_has_calls(map_calls) map_create.assert_not_called() group_delete.assert_called_with(TEST_PROJECT, ptg_id) # Remove connectors from single group with self._mock_map_delete() as map_delete,\ self._mock_map_create() as map_create,\ self._mock_profile_list(profile_ids),\ self._mock_group_delete() as group_delete: ptg_id = ptg_ids[5] self.update_policy_target_group(ptg_id, provided_policy_rule_sets={}) map_calls = [call(TEST_PROJECT, driver.append_in_dir(prs_ids[5]))] map_delete.assert_has_calls(map_calls) map_create.assert_not_called() group_delete.assert_not_called()
def test_create_fail_multi_connected(self): '''Verify integrity when backend fails on connectivity map creation This test creates three groups a<-->b<==>c B is created last, and creation fails on its last connectivity enforcement. Verify all maps are deleted in cleanup. Verify spawned neutron resources are cleaned up for third group. ''' prs1 = self._prepare_rule_set()['id'] prs2 = self._prepare_rule_set()['id'] prs3 = self._prepare_rule_set()['id'] profile_ids = [ driver.append_in_dir(prs1), driver.append_out_dir(prs1), driver.append_in_dir(prs2), driver.append_out_dir(prs2), driver.append_in_dir(prs3), driver.append_out_dir(prs3) ] # Create a and c with self._mock_group_create(),\ self._mock_profile_list(profile_ids),\ self._mock_map_create(): ab_dict = {prs1: None} bc_dict = {prs2: None, prs3: None} a = self.create_policy_target_group( name='a', provided_policy_rule_sets=ab_dict)['policy_target_group']['id'] c = self.create_policy_target_group( name='c', consumed_policy_rule_sets=bc_dict)['policy_target_group']['id'] with self._mock_group_create(),\ self._mock_profile_list(profile_ids),\ self._mock_nth_map_create_fails(n=6) as map_create,\ self._mock_map_delete() as map_delete,\ self._mock_group_delete() as group_delete: self.assertRaises(webob.exc.HTTPClientError, self.create_policy_target_group, name='c', consumed_policy_rule_sets=ab_dict, provided_policy_rule_sets=bc_dict) b = mock.ANY map_create_calls = [ self.ingress_map_call(prs1, [a], [b]), self.egress_map_call(prs1, [a], [b]), self.ingress_map_call(prs2, [b], [c]), self.egress_map_call(prs2, [b], [c]), self.ingress_map_call(prs3, [b], [c]), self.egress_map_call(prs3, [b], [c]) ] map_create.assert_has_calls(map_create_calls, any_order=True) map_delete_calls = [ call(TEST_PROJECT, driver.append_in_dir(prs1)), call(TEST_PROJECT, driver.append_out_dir(prs1)), call(TEST_PROJECT, driver.append_in_dir(prs2)), call(TEST_PROJECT, driver.append_out_dir(prs2)), call(TEST_PROJECT, driver.append_in_dir(prs3)) ] map_delete.assert_has_calls(map_delete_calls, any_order=True) group_delete.assert_called_with(TEST_PROJECT, mock.ANY) self.assert_neutron_resources(2, 2, 2)
def _test_ptg_pair_with_single_rule(self, direction_in=True, direction_out=True): '''Test consumer and producer group pair with single rule lifecycle. Verify backend group and rule creation calls. Verify spawned neutron resources. ''' policy_rule_set = self._prepare_rule_set() profile_in = driver.append_in_dir(policy_rule_set['id']) profile_out = driver.append_out_dir(policy_rule_set['id']) profile_ids = [] if direction_in: profile_ids.append(profile_in) if direction_out: profile_ids.append(profile_out) # Create group pair with self._mock_group_create() as group_create,\ self._mock_profile_list(profile_ids),\ self._mock_map_create() as map_create,\ self._mock_domain_create(): provider_ptg, consumer_ptg = self._create_provider_consumer_ptgs( policy_rule_set['id']) # validate group creation on backend calls = [ self.group_call('ptg1', provider_ptg), self.group_call('ptg2', consumer_ptg) ] group_create.assert_has_calls(calls) # validate communication map creation on backend calls = [] if direction_in: calls.append( self.ingress_map_call(policy_rule_set['id'], [provider_ptg], [consumer_ptg])) if direction_out: calls.append( self.egress_map_call(policy_rule_set['id'], [provider_ptg], [consumer_ptg])) map_create.assert_has_calls(calls) # validate neutron resources self.assert_neutron_resources(2, 2, 2) # Delete producer with self._mock_map_delete() as map_delete,\ self._mock_profile_list(profile_ids),\ self._mock_group_delete() as group_delete,\ self._mock_domain_delete() as domain_delete: self.delete_policy_target_group(provider_ptg) # verify communication map delete on backend calls = [] if direction_in: calls.append( call(TEST_PROJECT, driver.append_in_dir(policy_rule_set['id']))) if direction_out: calls.append( call(TEST_PROJECT, driver.append_out_dir(policy_rule_set['id']))) map_delete.assert_has_calls(calls) # verify group delete call group_delete.assert_called_with(TEST_PROJECT, provider_ptg) # verify domain not deleted yet domain_delete.assert_not_called() # Delete consumer with self._mock_map_delete() as map_delete,\ self._mock_profile_list(profile_ids),\ self._mock_group_delete() as group_delete,\ self._mock_domain_delete() as domain_delete: self.delete_policy_target_group(consumer_ptg) # no deletions on communication map are expected map_delete.assert_not_called() # verify group delete call group_delete.assert_called_with(TEST_PROJECT, consumer_ptg) # last group is deleted, domain should go as well domain_delete.assert_called_with(TEST_PROJECT)