def check_creation_validation(self, rule): fake_client = self.generate_client() with mock.patch("vcloud_plugin_common.VcloudAirClient.get", mock.MagicMock(return_value=fake_client)): fake_ctx = self.generate_node_context( properties={"vcloud_config": {"edge_gateway": "some_edge_gateway", "vdc": "vdc_name"}, "rules": [rule]} ) security_group.creation_validation(ctx=fake_ctx)
def check_creation_validation(self, rule): fake_client = self.generate_client() with mock.patch( 'vcloud_plugin_common.VcloudAirClient.get', mock.MagicMock(return_value=fake_client) ): fake_ctx = self.generate_node_context( properties={ 'vcloud_config': { 'edge_gateway': 'some_edge_gateway', 'vdc': 'vdc_name' }, 'rules': [rule] } ) security_group.creation_validation(ctx=fake_ctx)
def test_creation_validation(self): fake_client = self.generate_client() with mock.patch( 'vcloud_plugin_common.VcloudAirClient.get', mock.MagicMock(return_value=fake_client) ): fake_ctx = self.generate_node_context( properties={ 'vcloud_config': { 'edge_gateway': 'some_edge_gateway', 'vdc': 'vdc_name' } } ) fake_client._vdc_gateway.is_fw_enabled = mock.MagicMock( return_value=False ) # Gateway firewall is disabled with self.assertRaises(cfy_exc.NonRecoverableError): security_group.creation_validation(ctx=fake_ctx) fake_client._vdc_gateway.is_fw_enabled = mock.MagicMock( return_value=True ) # no rules with self.assertRaises(cfy_exc.NonRecoverableError): security_group.creation_validation(ctx=fake_ctx) # wrong description with self.assertRaises(cfy_exc.NonRecoverableError): self.check_creation_validation({ "description": 10 }) # wrong source with self.assertRaises(cfy_exc.NonRecoverableError): self.check_creation_validation({ "description": 'a', "source": 11 }) with self.assertRaises(cfy_exc.NonRecoverableError): security_group.creation_validation(ctx=fake_ctx) # wrong ip with self.assertRaises(cfy_exc.NonRecoverableError): self.check_creation_validation({ "description": 'a', "source": '1.2.3.1111' }) # wrong port with self.assertRaises(cfy_exc.NonRecoverableError): self.check_creation_validation({ "description": 'a', "source": '1.2.3.11', "source_port": 1234 }) # wrong destination with self.assertRaises(cfy_exc.NonRecoverableError): self.check_creation_validation({ "description": 'a', "source": '1.2.3.11', "source_port": 1234, "destination": 123 }) # wrong destination ip with self.assertRaises(cfy_exc.NonRecoverableError): self.check_creation_validation({ "description": 'a', "source": '1.2.3.11', "source_port": 1234, "destination": "123.1" }) # wrong destination_port with self.assertRaises(cfy_exc.NonRecoverableError): self.check_creation_validation({ "description": 'a', "source": '1.2.3.11', "source_port": 1234, "destination": "123.12.1.1", 'destination_port': 1111111 }) # wrong protocol with self.assertRaises(cfy_exc.NonRecoverableError): self.check_creation_validation({ "description": 'a', "source": '1.2.3.11', "source_port": 1234, "destination": "123.12.1.1", 'destination_port': 1111, "protocol": 'someone' }) # wrong action with self.assertRaises(cfy_exc.NonRecoverableError): self.check_creation_validation({ "description": 'a', "source": '1.2.3.11', "source_port": 1234, "destination": "123.12.1.1", 'destination_port': 1111, "protocol": 'any', "action": 'some' }) # wrong action with self.assertRaises(cfy_exc.NonRecoverableError): self.check_creation_validation({ "description": 'a', "source": '1.2.3.11', "source_port": 1234, "destination": "123.12.1.1", 'destination_port': 1111, "protocol": 'any', "action": 'allow', 'log_traffic': 'somevalue' }) # correct self.check_creation_validation({ "description": 'a', "source": '1.2.3.11', "source_port": 1234, "destination": "123.12.1.1", 'destination_port': 1111, "protocol": 'any', "action": 'allow', 'log_traffic': True }) self.check_creation_validation({ "description": 'a', "source": '1.2.3.11', "source_port": 1234, "destination": "123.12.1.1", 'destination_port': 1111, "protocol": 'any', "action": 'allow', 'log_traffic': False }) self.check_creation_validation({ "action": 'allow' })