예제 #1
0
    def test_attach_vpn_gateway(self):
        self.configure(external_network=fakes.NAME_OS_PUBLIC_NETWORK)
        subnet_2 = tools.patch_dict(fakes.DB_SUBNET_2,
                                    {'vpc_id': fakes.ID_EC2_VPC_2},
                                    ('os_vpnservice_id',))
        self.set_mock_db_items(
            fakes.DB_VPN_GATEWAY_1, fakes.DB_VPN_GATEWAY_2,
            fakes.DB_VPC_2, fakes.DB_IGW_1, fakes.DB_IGW_2,
            fakes.DB_SUBNET_1, subnet_2)
        subnet_2_updated = tools.update_dict(
            subnet_2, {'os_vpnservice_id': fakes.ID_OS_VPNSERVICE_2})
        os_vpnservice_2 = tools.patch_dict(fakes.OS_VPNSERVICE_2,
                                           {'router_id': fakes.ID_OS_ROUTER_2},
                                           ('id',))
        self.neutron.list_networks.return_value = (
            {'networks': [{'id': fakes.ID_OS_PUBLIC_NETWORK}]})
        self.neutron.create_vpnservice.side_effect = tools.get_neutron_create(
            'vpnservice', fakes.ID_OS_VPNSERVICE_2)

        def do_check():
            resp = self.execute('AttachVpnGateway',
                                {'VpcId': fakes.ID_EC2_VPC_2,
                                 'VpnGatewayId': fakes.ID_EC2_VPN_GATEWAY_2})
            self.assertEqual({'attachment': {'state': 'attached',
                                             'vpcId': fakes.ID_EC2_VPC_2}},
                             resp)
            self.assertEqual(2, self.db_api.update_item.call_count)
            self.db_api.update_item.assert_has_calls(
                [mock.call(mock.ANY, self.DB_VPN_GATEWAY_2_ATTACHED),
                 mock.call(mock.ANY, subnet_2_updated)])
            self.neutron.create_vpnservice.assert_called_once_with(
                {'vpnservice': os_vpnservice_2})

        do_check()
        self.neutron.add_gateway_router.assert_called_once_with(
            fakes.ID_OS_ROUTER_2,
            {'network_id': fakes.ID_OS_PUBLIC_NETWORK})
        self.neutron.list_networks.assert_called_once_with(
            **{'router:external': True,
               'name': fakes.NAME_OS_PUBLIC_NETWORK})

        # Internet gateway is already attached
        self.db_api.reset_mock()
        self.neutron.reset_mock()
        igw_2 = tools.update_dict(fakes.DB_IGW_2,
                                  {'vpc_id': fakes.ID_EC2_VPC_2})
        self.add_mock_db_items(igw_2)

        do_check()
        self.neutron.add_gateway_router.assert_not_called()
예제 #2
0
 def test_authorize_security_group_ingress_ip_ranges(self):
     security_group.security_group_engine = (
         security_group.SecurityGroupEngineNeutron())
     self.set_mock_db_items(fakes.DB_SECURITY_GROUP_1,
                            fakes.DB_SECURITY_GROUP_2)
     self.neutron.create_security_group_rule.return_value = (
         {'security_group_rule': [fakes.OS_SECURITY_GROUP_RULE_1]})
     self.execute(
         'AuthorizeSecurityGroupIngress',
         {'GroupId': fakes.ID_EC2_SECURITY_GROUP_2,
          'IpPermissions.1.FromPort': '10',
          'IpPermissions.1.ToPort': '10',
          'IpPermissions.1.IpProtocol': 'tcp',
          'IpPermissions.1.IpRanges.1.CidrIp': '192.168.1.0/24'})
     self.neutron.create_security_group_rule.assert_called_once_with(
         {'security_group_rule':
          tools.purge_dict(fakes.OS_SECURITY_GROUP_RULE_1,
                           {'id', 'remote_group_id', 'tenant_id'})})
     # NOTE(Alex): Openstack extension, AWS-incompability
     # IPv6 is not supported by Amazon.
     self.execute(
         'AuthorizeSecurityGroupIngress',
         {'GroupId': fakes.ID_EC2_SECURITY_GROUP_2,
          'IpPermissions.1.FromPort': '10',
          'IpPermissions.1.ToPort': '10',
          'IpPermissions.1.IpProtocol': 'tcp',
          'IpPermissions.1.IpRanges.1.CidrIp': '::/0'})
     self.neutron.create_security_group_rule.assert_called_with(
         {'security_group_rule':
          tools.patch_dict(
              fakes.OS_SECURITY_GROUP_RULE_1, {'remote_ip_prefix': '::/0'},
              {'id', 'remote_group_id', 'tenant_id'})})
예제 #3
0
    def test_authorize_security_group_ingress_ip_ranges(self):
        self.set_mock_db_items(fakes.DB_SECURITY_GROUP_1,
                               fakes.DB_SECURITY_GROUP_2)
        self.neutron.create_security_group_rule.return_value = (
            {'security_group_rule': [fakes.OS_SECURITY_GROUP_RULE_1]})
        self.execute(
            'AuthorizeSecurityGroupIngress',
            {'GroupId': fakes.ID_EC2_SECURITY_GROUP_2,
             'IpPermissions.1.FromPort': '10',
             'IpPermissions.1.ToPort': '10',
             'IpPermissions.1.IpProtocol': 'tcp',
             'IpPermissions.1.IpRanges.1.CidrIp': '192.168.1.0/24'})
        self.neutron.create_security_group_rule.assert_called_once_with(
            {'security_group_rule':
             tools.purge_dict(fakes.OS_SECURITY_GROUP_RULE_1,
                              {'id', 'remote_group_id', 'tenant_id'})})
        # NOTE(Alex): Openstack extension, AWS-incompability
        # IPv6 is not supported by Amazon.
        self.execute(
            'AuthorizeSecurityGroupIngress',
            {'GroupId': fakes.ID_EC2_SECURITY_GROUP_2,
             'IpPermissions.1.FromPort': '10',
             'IpPermissions.1.ToPort': '10',
             'IpPermissions.1.IpProtocol': 'tcp',
             'IpPermissions.1.IpRanges.1.CidrIp': '::/0'})
        self.neutron.create_security_group_rule.assert_called_with(
            {'security_group_rule':
             tools.patch_dict(
                 fakes.OS_SECURITY_GROUP_RULE_1, {'remote_ip_prefix': '::/0'},
                 {'id', 'remote_group_id', 'tenant_id'})})

        self.configure(disable_ec2_classic=True)
        self.add_mock_db_items(fakes.DB_VPC_DEFAULT,
                               fakes.DB_SECURITY_GROUP_4,
                               fakes.DB_SECURITY_GROUP_5,
                               fakes.DB_SECURITY_GROUP_6)
        self.neutron.list_security_groups.return_value = (
            {'security_groups': [fakes.OS_SECURITY_GROUP_4,
                                 fakes.OS_SECURITY_GROUP_5]})

        self.execute(
            'AuthorizeSecurityGroupIngress',
            {'GroupName': 'groupname2',
             'IpPermissions.1.FromPort': '10',
             'IpPermissions.1.ToPort': '10',
             'IpPermissions.1.IpProtocol': 'tcp',
             'IpPermissions.1.IpRanges.1.CidrIp': '::/0'})
        security_group_rule = {
            'direction': 'ingress',
            'ethertype': 'IPv4',
            'port_range_min': 10,
            'port_range_max': 10,
            'protocol': 'tcp',
            'remote_ip_prefix': '::/0',
            'security_group_id': fakes.ID_OS_SECURITY_GROUP_5}
        self.neutron.create_security_group_rule.assert_called_with(
            {'security_group_rule': security_group_rule})
예제 #4
0
 def test_format_vpn_connection(self):
     db_vpn_connection_1 = tools.update_dict(fakes.DB_VPN_CONNECTION_1, {"cidrs": []})
     ec2_vpn_connection_1 = tools.patch_dict(
         fakes.EC2_VPN_CONNECTION_1, {"routes": [], "vgwTelemetry": []}, ("customerGatewayConfiguration",)
     )
     formatted = vpn_connection_api._format_vpn_connection(
         db_vpn_connection_1, {fakes.ID_EC2_CUSTOMER_GATEWAY_1: fakes.DB_CUSTOMER_GATEWAY_1}, {}, {}, {}, {}
     )
     formatted.pop("customerGatewayConfiguration")
     self.assertThat(ec2_vpn_connection_1, matchers.DictMatches(formatted))
예제 #5
0
 def test_format_vpn_connection(self):
     db_vpn_connection_1 = tools.update_dict(fakes.DB_VPN_CONNECTION_1,
                                             {'cidrs': []})
     ec2_vpn_connection_1 = tools.patch_dict(fakes.EC2_VPN_CONNECTION_1, {
         'routes': [],
         'vgwTelemetry': []
     }, ('customerGatewayConfiguration', ))
     formatted = vpn_connection_api._format_vpn_connection(
         db_vpn_connection_1,
         {fakes.ID_EC2_CUSTOMER_GATEWAY_1: fakes.DB_CUSTOMER_GATEWAY_1}, {},
         {}, {}, {})
     formatted.pop('customerGatewayConfiguration')
     self.assertThat(ec2_vpn_connection_1, matchers.DictMatches(formatted))
예제 #6
0
    def test_attach_vpn_gateway_rollback(self):
        self.configure(external_network=fakes.NAME_OS_PUBLIC_NETWORK)
        subnet_2 = tools.patch_dict(fakes.DB_SUBNET_2,
                                    {'vpc_id': fakes.ID_EC2_VPC_2},
                                    ('os_vpnservice_id',))
        self.set_mock_db_items(fakes.DB_VPN_GATEWAY_2, fakes.DB_VPC_2,
                               subnet_2)
        self.neutron.list_networks.return_value = (
            {'networks': [{'id': fakes.ID_OS_PUBLIC_NETWORK}]})
        self.neutron.create_vpnservice.side_effect = Exception()

        self.assert_execution_error(
            self.ANY_EXECUTE_ERROR, 'AttachVpnGateway',
            {'VpcId': fakes.ID_EC2_VPC_2,
             'VpnGatewayId': fakes.ID_EC2_VPN_GATEWAY_2})

        self.db_api.update_item.assert_any_call(
            mock.ANY, fakes.DB_VPN_GATEWAY_2)
        self.neutron.remove_gateway_router.assert_called_once_with(
            fakes.ID_OS_ROUTER_2)
예제 #7
0
 def test_authorize_security_group_ingress_ip_ranges(self):
     security_group.security_group_engine = (
         security_group.SecurityGroupEngineNeutron())
     self.set_mock_db_items(fakes.DB_SECURITY_GROUP_1,
                            fakes.DB_SECURITY_GROUP_2)
     self.neutron.create_security_group_rule.return_value = ({
         'security_group_rule': [fakes.OS_SECURITY_GROUP_RULE_1]
     })
     self.execute(
         'AuthorizeSecurityGroupIngress', {
             'GroupId': fakes.ID_EC2_SECURITY_GROUP_2,
             'IpPermissions.1.FromPort': '10',
             'IpPermissions.1.ToPort': '10',
             'IpPermissions.1.IpProtocol': 'tcp',
             'IpPermissions.1.IpRanges.1.CidrIp': '192.168.1.0/24'
         })
     self.neutron.create_security_group_rule.assert_called_once_with({
         'security_group_rule':
         tools.purge_dict(fakes.OS_SECURITY_GROUP_RULE_1,
                          {'id', 'remote_group_id', 'tenant_id'})
     })
     # NOTE(Alex): Openstack extension, AWS-incompability
     # IPv6 is not supported by Amazon.
     self.execute(
         'AuthorizeSecurityGroupIngress', {
             'GroupId': fakes.ID_EC2_SECURITY_GROUP_2,
             'IpPermissions.1.FromPort': '10',
             'IpPermissions.1.ToPort': '10',
             'IpPermissions.1.IpProtocol': 'tcp',
             'IpPermissions.1.IpRanges.1.CidrIp': '::/0'
         })
     self.neutron.create_security_group_rule.assert_called_with({
         'security_group_rule':
         tools.patch_dict(fakes.OS_SECURITY_GROUP_RULE_1,
                          {'remote_ip_prefix': '::/0'},
                          {'id', 'remote_group_id', 'tenant_id'})
     })
예제 #8
0
    def test_create_network_interface_multiple_ips(self):
        self.set_mock_db_items(fakes.DB_SUBNET_2, fakes.DB_VPC_1,
                               fakes.DB_SECURITY_GROUP_1)
        self.db_api.add_item.return_value = fakes.DB_NETWORK_INTERFACE_2
        self.neutron.show_subnet.return_value = {'subnet': fakes.OS_SUBNET_2}
        self.neutron.create_port.return_value = {'port': fakes.OS_PORT_2}
        self.neutron.list_security_groups.return_value = ({
            'security_groups': [copy.deepcopy(fakes.OS_SECURITY_GROUP_1)]
        })
        created_ec2_network_interface = tools.patch_dict(
            fakes.EC2_NETWORK_INTERFACE_2, {
                'privateIpAddressesSet': [
                    tools.purge_dict(s, ['association']) for s in
                    fakes.EC2_NETWORK_INTERFACE_2['privateIpAddressesSet']
                ]
            }, ['association'])

        def check_response(resp):
            self.assertThat(created_ec2_network_interface,
                            matchers.DictMatches(resp['networkInterface']))
            self.db_api.add_item.assert_called_once_with(
                mock.ANY, 'eni',
                tools.purge_dict(fakes.DB_NETWORK_INTERFACE_2,
                                 ('id', 'device_index', 'instance_id',
                                  'delete_on_termination', 'attach_time')))
            self.neutron.update_port.assert_called_once_with(
                fakes.ID_OS_PORT_2,
                {'port': {
                    'name': fakes.ID_EC2_NETWORK_INTERFACE_2
                }})
            self.neutron.reset_mock()
            self.db_api.reset_mock()
            self.neutron.list_security_groups.return_value = ({
                'security_groups': [copy.deepcopy(fakes.OS_SECURITY_GROUP_1)]
            })

        resp = self.execute(
            'CreateNetworkInterface', {
                'SubnetId': fakes.ID_EC2_SUBNET_2,
                'SecondaryPrivateIpAddressCount': '3',
                'Description': fakes.DESCRIPTION_NETWORK_INTERFACE_2
            })
        self.neutron.create_port.assert_called_once_with({
            'port': {
                'network_id':
                fakes.ID_OS_NETWORK_2,
                'fixed_ips': [{
                    'subnet_id': fakes.ID_OS_SUBNET_2
                }, {
                    'subnet_id': fakes.ID_OS_SUBNET_2
                }, {
                    'subnet_id': fakes.ID_OS_SUBNET_2
                }],
                'security_groups': [fakes.ID_OS_SECURITY_GROUP_1]
            }
        })
        check_response(resp)

        resp = self.execute(
            'CreateNetworkInterface', {
                'SubnetId':
                fakes.ID_EC2_SUBNET_2,
                'PrivateIpAddress':
                fakes.IPS_NETWORK_INTERFACE_2[0],
                'PrivateIpAddresses.1.PrivateIpAddress':
                fakes.IPS_NETWORK_INTERFACE_2[1],
                'PrivateIpAddresses.1.Primary':
                False,
                'PrivateIpAddresses.2.PrivateIpAddress':
                fakes.IPS_NETWORK_INTERFACE_2[2],
                'PrivateIpAddresses.2.Primary':
                False,
                'Description':
                fakes.DESCRIPTION_NETWORK_INTERFACE_2
            })
        self.neutron.create_port.assert_called_once_with({
            'port': {
                'network_id':
                fakes.ID_OS_NETWORK_2,
                'fixed_ips': [{
                    'ip_address': fakes.IPS_NETWORK_INTERFACE_2[0]
                }, {
                    'ip_address': fakes.IPS_NETWORK_INTERFACE_2[1]
                }, {
                    'ip_address': fakes.IPS_NETWORK_INTERFACE_2[2]
                }],
                'security_groups': [fakes.ID_OS_SECURITY_GROUP_1]
            }
        })
        check_response(resp)

        resp = self.execute(
            'CreateNetworkInterface', {
                'SubnetId':
                fakes.ID_EC2_SUBNET_2,
                'PrivateIpAddresses.1.PrivateIpAddress':
                fakes.IPS_NETWORK_INTERFACE_2[0],
                'PrivateIpAddresses.1.Primary':
                True,
                'PrivateIpAddresses.2.PrivateIpAddress':
                fakes.IPS_NETWORK_INTERFACE_2[1],
                'PrivateIpAddresses.2.Primary':
                False,
                'PrivateIpAddresses.3.PrivateIpAddress':
                fakes.IPS_NETWORK_INTERFACE_2[2],
                'PrivateIpAddresses.3.Primary':
                False,
                'Description':
                fakes.DESCRIPTION_NETWORK_INTERFACE_2
            })
        self.neutron.create_port.assert_called_once_with({
            'port': {
                'network_id':
                fakes.ID_OS_NETWORK_2,
                'fixed_ips': [{
                    'ip_address': fakes.IPS_NETWORK_INTERFACE_2[0]
                }, {
                    'ip_address': fakes.IPS_NETWORK_INTERFACE_2[1]
                }, {
                    'ip_address': fakes.IPS_NETWORK_INTERFACE_2[2]
                }],
                'security_groups': [fakes.ID_OS_SECURITY_GROUP_1]
            }
        })
        check_response(resp)

        resp = self.execute(
            'CreateNetworkInterface', {
                'SubnetId':
                fakes.ID_EC2_SUBNET_2,
                'PrivateIpAddress':
                fakes.IPS_NETWORK_INTERFACE_2[0],
                'PrivateIpAddresses.1.PrivateIpAddress':
                fakes.IPS_NETWORK_INTERFACE_2[1],
                'PrivateIpAddresses.1.Primary':
                False,
                'SecondaryPrivateIpAddressCount':
                '1',
                'Description':
                fakes.DESCRIPTION_NETWORK_INTERFACE_2
            })
        self.neutron.create_port.assert_called_once_with({
            'port': {
                'network_id':
                fakes.ID_OS_NETWORK_2,
                'fixed_ips': [{
                    'ip_address': fakes.IPS_NETWORK_INTERFACE_2[0]
                }, {
                    'ip_address': fakes.IPS_NETWORK_INTERFACE_2[1]
                }, {
                    'subnet_id': fakes.ID_OS_SUBNET_2
                }],
                'security_groups': [fakes.ID_OS_SECURITY_GROUP_1]
            }
        })
        check_response(resp)
예제 #9
0
    def test_authorize_security_group_ingress_ip_ranges(self):
        self.set_mock_db_items(fakes.DB_SECURITY_GROUP_1,
                               fakes.DB_SECURITY_GROUP_2)
        self.neutron.create_security_group_rule.return_value = ({
            'security_group_rule': [fakes.OS_SECURITY_GROUP_RULE_1]
        })
        self.execute(
            'AuthorizeSecurityGroupIngress', {
                'GroupId': fakes.ID_EC2_SECURITY_GROUP_2,
                'IpPermissions.1.FromPort': '10',
                'IpPermissions.1.ToPort': '10',
                'IpPermissions.1.IpProtocol': 'tcp',
                'IpPermissions.1.IpRanges.1.CidrIp': '192.168.1.0/24'
            })
        self.neutron.create_security_group_rule.assert_called_once_with({
            'security_group_rule':
            tools.purge_dict(fakes.OS_SECURITY_GROUP_RULE_1,
                             {'id', 'remote_group_id', 'tenant_id'})
        })
        # NOTE(Alex): Openstack extension, AWS-incompability
        # IPv6 is not supported by Amazon.
        self.execute(
            'AuthorizeSecurityGroupIngress', {
                'GroupId': fakes.ID_EC2_SECURITY_GROUP_2,
                'IpPermissions.1.FromPort': '10',
                'IpPermissions.1.ToPort': '10',
                'IpPermissions.1.IpProtocol': 'tcp',
                'IpPermissions.1.IpRanges.1.CidrIp': '::/0'
            })
        self.neutron.create_security_group_rule.assert_called_with({
            'security_group_rule':
            tools.patch_dict(fakes.OS_SECURITY_GROUP_RULE_1,
                             {'remote_ip_prefix': '::/0'},
                             {'id', 'remote_group_id', 'tenant_id'})
        })

        self.configure(disable_ec2_classic=True)
        self.add_mock_db_items(fakes.DB_VPC_DEFAULT, fakes.DB_SECURITY_GROUP_4,
                               fakes.DB_SECURITY_GROUP_5,
                               fakes.DB_SECURITY_GROUP_6)
        self.neutron.list_security_groups.return_value = ({
            'security_groups':
            [fakes.OS_SECURITY_GROUP_4, fakes.OS_SECURITY_GROUP_5]
        })

        self.execute(
            'AuthorizeSecurityGroupIngress', {
                'GroupName': 'groupname2',
                'IpPermissions.1.FromPort': '10',
                'IpPermissions.1.ToPort': '10',
                'IpPermissions.1.IpProtocol': 'tcp',
                'IpPermissions.1.IpRanges.1.CidrIp': '::/0'
            })
        security_group_rule = {
            'direction': 'ingress',
            'ethertype': 'IPv4',
            'port_range_min': 10,
            'port_range_max': 10,
            'protocol': 'tcp',
            'remote_ip_prefix': '::/0',
            'security_group_id': fakes.ID_OS_SECURITY_GROUP_5
        }
        self.neutron.create_security_group_rule.assert_called_with(
            {'security_group_rule': security_group_rule})
예제 #10
0
 def test_patch_dict(self):
     d1 = {'a': 1, 'b': 2, 'c': 3}
     d2 = {'c': 33, 'd': 44, 'e': 55}
     res = tools.patch_dict(d1, d2, ('b', 'e'))
     self.assertEqual({'a': 1, 'c': 33, 'd': 44}, res)
     self.assertEqual({'a': 1, 'b': 2, 'c': 3}, d1)
예제 #11
0
    def test_create_network_interface_multiple_ips(self):
        self.set_mock_db_items(fakes.DB_SUBNET_2, fakes.DB_VPC_1,
                               fakes.DB_SECURITY_GROUP_1)
        self.db_api.add_item.return_value = fakes.DB_NETWORK_INTERFACE_2
        self.neutron.show_subnet.return_value = {'subnet': fakes.OS_SUBNET_2}
        self.neutron.create_port.return_value = {'port': fakes.OS_PORT_2}
        self.neutron.list_security_groups.return_value = (
            {'security_groups': [copy.deepcopy(fakes.OS_SECURITY_GROUP_1)]})
        created_ec2_network_interface = tools.patch_dict(
            fakes.EC2_NETWORK_INTERFACE_2,
            {'privateIpAddressesSet': [
                tools.purge_dict(s, ['association'])
                for s in fakes.EC2_NETWORK_INTERFACE_2[
                    'privateIpAddressesSet']]},
            ['association'])

        def check_response(resp):
            self.assertThat(created_ec2_network_interface,
                            matchers.DictMatches(resp['networkInterface']))
            self.db_api.add_item.assert_called_once_with(
                mock.ANY, 'eni',
                tools.purge_dict(fakes.DB_NETWORK_INTERFACE_2,
                                 ('id',
                                  'device_index',
                                  'instance_id',
                                  'delete_on_termination',
                                  'attach_time')))
            self.neutron.update_port.assert_called_once_with(
                fakes.ID_OS_PORT_2,
                {'port': {'name':
                          fakes.ID_EC2_NETWORK_INTERFACE_2}})
            self.neutron.reset_mock()
            self.db_api.reset_mock()
            self.neutron.list_security_groups.return_value = (
                {'security_groups': [
                    copy.deepcopy(fakes.OS_SECURITY_GROUP_1)]})

        resp = self.execute(
            'CreateNetworkInterface',
            {'SubnetId': fakes.ID_EC2_SUBNET_2,
             'SecondaryPrivateIpAddressCount': '3',
             'Description': fakes.DESCRIPTION_NETWORK_INTERFACE_2})
        self.neutron.create_port.assert_called_once_with(
            {'port': {'network_id': fakes.ID_OS_NETWORK_2,
                      'fixed_ips': [{'subnet_id': fakes.ID_OS_SUBNET_2},
                                    {'subnet_id': fakes.ID_OS_SUBNET_2},
                                    {'subnet_id': fakes.ID_OS_SUBNET_2}],
                      'security_groups': [fakes.ID_OS_SECURITY_GROUP_1]}})
        check_response(resp)

        resp = self.execute(
            'CreateNetworkInterface',
            {'SubnetId': fakes.ID_EC2_SUBNET_2,
             'PrivateIpAddress': fakes.IPS_NETWORK_INTERFACE_2[0],
             'PrivateIpAddresses.1.PrivateIpAddress':
                 fakes.IPS_NETWORK_INTERFACE_2[1],
             'PrivateIpAddresses.1.Primary': False,
             'PrivateIpAddresses.2.PrivateIpAddress':
                 fakes.IPS_NETWORK_INTERFACE_2[2],
             'PrivateIpAddresses.2.Primary': False,
             'Description': fakes.DESCRIPTION_NETWORK_INTERFACE_2})
        self.neutron.create_port.assert_called_once_with(
            {'port':
             {'network_id': fakes.ID_OS_NETWORK_2,
              'fixed_ips': [
                  {'ip_address': fakes.IPS_NETWORK_INTERFACE_2[0]},
                  {'ip_address': fakes.IPS_NETWORK_INTERFACE_2[1]},
                  {'ip_address': fakes.IPS_NETWORK_INTERFACE_2[2]}],
              'security_groups': [fakes.ID_OS_SECURITY_GROUP_1]}})
        check_response(resp)

        resp = self.execute(
            'CreateNetworkInterface',
            {'SubnetId': fakes.ID_EC2_SUBNET_2,
             'PrivateIpAddresses.1.PrivateIpAddress':
                 fakes.IPS_NETWORK_INTERFACE_2[0],
             'PrivateIpAddresses.1.Primary': True,
             'PrivateIpAddresses.2.PrivateIpAddress':
                 fakes.IPS_NETWORK_INTERFACE_2[1],
             'PrivateIpAddresses.2.Primary': False,
             'PrivateIpAddresses.3.PrivateIpAddress':
                 fakes.IPS_NETWORK_INTERFACE_2[2],
             'PrivateIpAddresses.3.Primary': False,
             'Description': fakes.DESCRIPTION_NETWORK_INTERFACE_2})
        self.neutron.create_port.assert_called_once_with(
            {'port':
             {'network_id': fakes.ID_OS_NETWORK_2,
              'fixed_ips': [
                  {'ip_address': fakes.IPS_NETWORK_INTERFACE_2[0]},
                  {'ip_address': fakes.IPS_NETWORK_INTERFACE_2[1]},
                  {'ip_address': fakes.IPS_NETWORK_INTERFACE_2[2]}],
              'security_groups': [fakes.ID_OS_SECURITY_GROUP_1]}})
        check_response(resp)

        resp = self.execute(
            'CreateNetworkInterface',
            {'SubnetId': fakes.ID_EC2_SUBNET_2,
             'PrivateIpAddress': fakes.IPS_NETWORK_INTERFACE_2[0],
             'PrivateIpAddresses.1.PrivateIpAddress':
                 fakes.IPS_NETWORK_INTERFACE_2[1],
             'PrivateIpAddresses.1.Primary': False,
             'SecondaryPrivateIpAddressCount': '1',
             'Description': fakes.DESCRIPTION_NETWORK_INTERFACE_2})
        self.neutron.create_port.assert_called_once_with(
            {'port':
             {'network_id': fakes.ID_OS_NETWORK_2,
              'fixed_ips': [
                  {'ip_address': fakes.IPS_NETWORK_INTERFACE_2[0]},
                  {'ip_address': fakes.IPS_NETWORK_INTERFACE_2[1]},
                  {'subnet_id': fakes.ID_OS_SUBNET_2}],
              'security_groups': [fakes.ID_OS_SECURITY_GROUP_1]}})
        check_response(resp)
예제 #12
0
    def test_attach_vpn_gateway(self, create_vpnservice,
                                reset_vpn_connections):
        create_vpnservice_calls = []
        create_vpnservice.side_effect = (
            tools.deepcopy_call_args_saver(create_vpnservice_calls))
        mock_manager = mock.Mock()
        mock_manager.attach_mock(create_vpnservice, 'create_vpnservice')
        mock_manager.attach_mock(reset_vpn_connections,
                                 'reset_vpn_connections')
        self.configure(external_network=fakes.NAME_OS_PUBLIC_NETWORK)
        subnet_2 = tools.patch_dict(fakes.DB_SUBNET_2,
                                    {'vpc_id': fakes.ID_EC2_VPC_2},
                                    ('os_vpnservice_id',))
        self.set_mock_db_items(
            fakes.DB_VPN_GATEWAY_1, fakes.DB_VPN_GATEWAY_2,
            fakes.DB_VPC_2, fakes.DB_IGW_1, fakes.DB_IGW_2,
            fakes.DB_SUBNET_1, subnet_2)
        subnet_2_updated = tools.update_dict(
            subnet_2, {'os_vpnservice_id': fakes.ID_OS_VPNSERVICE_2})
        os_vpnservice_2 = tools.patch_dict(fakes.OS_VPNSERVICE_2,
                                           {'router_id': fakes.ID_OS_ROUTER_2},
                                           ('id',))
        self.neutron.list_networks.return_value = (
            {'networks': [{'id': fakes.ID_OS_PUBLIC_NETWORK}]})
        self.neutron.create_vpnservice.side_effect = tools.get_neutron_create(
            'vpnservice', fakes.ID_OS_VPNSERVICE_2)

        def do_check():
            resp = self.execute('AttachVpnGateway',
                                {'VpcId': fakes.ID_EC2_VPC_2,
                                 'VpnGatewayId': fakes.ID_EC2_VPN_GATEWAY_2})
            self.assertEqual({'attachment': {'state': 'attached',
                                             'vpcId': fakes.ID_EC2_VPC_2}},
                             resp)
            self.assertEqual(2, self.db_api.update_item.call_count)
            self.db_api.update_item.assert_has_calls(
                [mock.call(mock.ANY, self.DB_VPN_GATEWAY_2_ATTACHED),
                 mock.call(mock.ANY, subnet_2_updated)])
            self.neutron.create_vpnservice.assert_called_once_with(
                {'vpnservice': os_vpnservice_2})
            self.assertEqual(1, len(create_vpnservice_calls))
            self.assertEqual(
                mock.call(mock.ANY, self.neutron, mock.ANY, subnet_2,
                          fakes.DB_VPC_2),
                create_vpnservice_calls[0])
            self.assertIsInstance(create_vpnservice_calls[0][1][2],
                                  common.OnCrashCleaner)
            reset_vpn_connections.assert_called_once_with(
                mock.ANY, self.neutron, mock.ANY,
                self.DB_VPN_GATEWAY_2_ATTACHED, subnets=[subnet_2_updated])
            self.assertIsInstance(reset_vpn_connections.call_args[0][2],
                                  common.OnCrashCleaner)
            mock_manager.assert_has_calls([
                mock.call.create_vpnservice(
                    *(mock.ANY for _x in range(5))),
                mock.call.reset_vpn_connections(
                    subnets=mock.ANY, *(mock.ANY for _x in range(4)))])

        do_check()
        self.neutron.add_gateway_router.assert_called_once_with(
            fakes.ID_OS_ROUTER_2,
            {'network_id': fakes.ID_OS_PUBLIC_NETWORK})
        self.neutron.list_networks.assert_called_once_with(
            **{'router:external': True,
               'name': fakes.NAME_OS_PUBLIC_NETWORK})

        # Internet gateway is already attached
        self.db_api.reset_mock()
        self.neutron.reset_mock()
        del create_vpnservice_calls[:]
        reset_vpn_connections.reset_mock()
        mock_manager.reset_mock()
        igw_2 = tools.update_dict(fakes.DB_IGW_2,
                                  {'vpc_id': fakes.ID_EC2_VPC_2})
        self.add_mock_db_items(igw_2)
        do_check()
        self.assertFalse(self.neutron.add_gateway_router.called)