def test_firewall_policy_audited_flag_when_referenced_rule_change(self):
fr_id = self._vnc_lib.firewall_rule_create(
FirewallRule(
'%s-fr' % self.id(),
parent_obj=self.project,
service=FirewallServiceType(),
), )
neutron_fp = self.create_resource(
'firewall_policy',
self.project_id,
extra_res_fields={
'audited': True,
'firewall_rules': [fr_id],
},
)
fp = self._vnc_lib.firewall_policy_read(id=neutron_fp['id'])
self.assertTrue(neutron_fp['audited'])
self.assertTrue(fp.get_id_perms().get_enable())
self.update_resource(
'firewall_rule',
fr_id,
self.project_id,
extra_res_fields={
'action': 'deny',
},
)
neutron_fp = self.read_resource('firewall_policy', neutron_fp['id'])
fp = self._vnc_lib.firewall_policy_read(id=neutron_fp['id'])
self.assertFalse(neutron_fp['audited'])
self.assertFalse(fp.get_id_perms().get_enable())
def test_firewall_policy_rule_association(self):
fr_ids = []
for i in range(4):
fr = FirewallRule('%s-fr%d' % (self.id(), i),
parent_obj=self.project,
service=FirewallServiceType())
fr_ids.append(self._vnc_lib.firewall_rule_create(fr))
neutron_fp = self.create_resource(
'firewall_policy',
self.project_id,
extra_res_fields={
'firewall_rules': fr_ids[1:3],
},
)
fp = self._vnc_lib.firewall_policy_read(id=neutron_fp['id'])
sorted_fr_refs = sorted(fp.get_firewall_rule_refs() or [],
key=lambda ref: float(ref['attr'].sequence))
self.assertEquals(len(sorted_fr_refs), 2)
for idx, fr_id in enumerate(fr_ids[1:3]):
self.assertEquals(sorted_fr_refs[idx]['uuid'], fr_id)
# insert at the begining
neutron_fp = self._insert_rule(
self.project_id,
neutron_fp['id'],
fr_ids[0],
)
fp = self._vnc_lib.firewall_policy_read(id=neutron_fp['id'])
sorted_fr_refs = sorted(fp.get_firewall_rule_refs() or [],
key=lambda ref: float(ref['attr'].sequence))
self.assertEquals(len(sorted_fr_refs), 3)
for idx, fr_id in enumerate(fr_ids[0:3]):
self.assertEquals(sorted_fr_refs[idx]['uuid'], fr_id)
# insert after
neutron_fp = self._insert_rule(self.project_id,
neutron_fp['id'],
fr_ids[3],
insert_after=fr_ids[2])
fp = self._vnc_lib.firewall_policy_read(id=neutron_fp['id'])
sorted_fr_refs = sorted(fp.get_firewall_rule_refs() or [],
key=lambda ref: float(ref['attr'].sequence))
self.assertEquals(len(sorted_fr_refs), 4)
for idx, fr_id in enumerate(fr_ids):
self.assertEquals(sorted_fr_refs[idx]['uuid'], fr_id)
# insert before
fr5 = FirewallRule('%s-fr5' % self.id(),
parent_obj=self.project,
service=FirewallServiceType())
before_id = fr_ids[2]
fr_ids.insert(fr_ids.index(before_id),
self._vnc_lib.firewall_rule_create(fr5))
neutron_fp = self._insert_rule(self.project_id,
neutron_fp['id'],
fr5.uuid,
insert_before=before_id)
fp = self._vnc_lib.firewall_policy_read(id=neutron_fp['id'])
sorted_fr_refs = sorted(fp.get_firewall_rule_refs() or [],
key=lambda ref: float(ref['attr'].sequence))
self.assertEquals(len(sorted_fr_refs), 5)
for idx, fr_id in enumerate(fr_ids):
self.assertEquals(sorted_fr_refs[idx]['uuid'], fr_id)
# remove
fr_ids.remove(fr5.uuid)
neutron_fp = self._remove_rule(self.project_id, neutron_fp['id'],
fr5.uuid)
fp = self._vnc_lib.firewall_policy_read(id=neutron_fp['id'])
sorted_fr_refs = sorted(fp.get_firewall_rule_refs() or [],
key=lambda ref: float(ref['attr'].sequence))
self.assertEquals(len(sorted_fr_refs), 4)
for idx, fr_id in enumerate(fr_ids):
self.assertEquals(sorted_fr_refs[idx]['uuid'], fr_id)
# insert_after ignored if insert_before is set
before_id = fr_ids[2]
after_id = fr_ids[fr_ids.index(before_id) + 1]
fr_ids.insert(fr_ids.index(before_id), fr5.uuid)
neutron_fp = self._insert_rule(self.project_id,
neutron_fp['id'],
fr5.uuid,
insert_before=before_id,
insert_after=after_id)
fp = self._vnc_lib.firewall_policy_read(id=neutron_fp['id'])
sorted_fr_refs = sorted(fp.get_firewall_rule_refs() or [],
key=lambda ref: float(ref['attr'].sequence))
self.assertEquals(len(sorted_fr_refs), 5)
for idx, fr_id in enumerate(fr_ids):
self.assertEquals(sorted_fr_refs[idx]['uuid'], fr_id)
# move existing rule in the list
fr_ids.remove(fr5.uuid)
before_id = fr_ids[1]
fr_ids.insert(fr_ids.index(before_id), fr5.uuid)
neutron_fp = self._insert_rule(self.project_id,
neutron_fp['id'],
fr5.uuid,
insert_before=before_id)
fp = self._vnc_lib.firewall_policy_read(id=neutron_fp['id'])
sorted_fr_refs = sorted(fp.get_firewall_rule_refs() or [],
key=lambda ref: float(ref['attr'].sequence))
self.assertEquals(len(sorted_fr_refs), 5)
for idx, fr_id in enumerate(fr_ids):
self.assertEquals(sorted_fr_refs[idx]['uuid'], fr_id)
def test_firewall_policy_audited_flag(self):
neutron_fp = self.create_resource('firewall_policy', self.project_id)
fp = self._vnc_lib.firewall_policy_read(id=neutron_fp['id'])
self.assertFalse(neutron_fp['audited'])
self.assertFalse(fp.get_id_perms().get_enable())
neutron_fp = self.update_resource(
'firewall_policy',
neutron_fp['id'],
self.project_id,
extra_res_fields={
'audited': True,
},
)
fp = self._vnc_lib.firewall_policy_read(id=neutron_fp['id'])
self.assertTrue(neutron_fp['audited'])
self.assertTrue(fp.get_id_perms().get_enable())
fr_ids = []
for i in range(4):
fr = FirewallRule('%s-fr%d' % (self.id(), i),
parent_obj=self.project,
service=FirewallServiceType())
fr_ids.append(self._vnc_lib.firewall_rule_create(fr))
neutron_fp = self.update_resource(
'firewall_policy',
neutron_fp['id'],
self.project_id,
extra_res_fields={
'firewall_rules': [fr_ids[0]],
},
)
fp = self._vnc_lib.firewall_policy_read(id=neutron_fp['id'])
self.assertFalse(neutron_fp['audited'])
self.assertFalse(fp.get_id_perms().get_enable())
neutron_fp = self.update_resource(
'firewall_policy',
neutron_fp['id'],
self.project_id,
extra_res_fields={
'audited': True,
},
)
fp = self._vnc_lib.firewall_policy_read(id=neutron_fp['id'])
self.assertTrue(neutron_fp['audited'])
self.assertTrue(fp.get_id_perms().get_enable())
neutron_fp = self._insert_rule(
self.project_id,
neutron_fp['id'],
fr_ids[1],
)
fp = self._vnc_lib.firewall_policy_read(id=neutron_fp['id'])
self.assertFalse(neutron_fp['audited'])
self.assertFalse(fp.get_id_perms().get_enable())
neutron_fp = self.update_resource(
'firewall_policy',
neutron_fp['id'],
self.project_id,
extra_res_fields={
'audited': True,
},
)
fp = self._vnc_lib.firewall_policy_read(id=neutron_fp['id'])
self.assertTrue(neutron_fp['audited'])
self.assertTrue(fp.get_id_perms().get_enable())
neutron_fp = self._remove_rule(
self.project_id,
neutron_fp['id'],
fr_ids[1],
)
fp = self._vnc_lib.firewall_policy_read(id=neutron_fp['id'])
self.assertFalse(neutron_fp['audited'])
self.assertFalse(fp.get_id_perms().get_enable())