def test_policy_remove_rule(self): policy = self.fw_policies.first() tenant_id = self.tenant.id rules = self.fw_rules.list() remove_rule_id = policy.firewall_rules[0] left_rule_id = policy.firewall_rules[1] data = {'firewall_rule_id': remove_rule_id} after_remove_policy_dict = {'id': 'abcdef-c3eb-4fee-9763-12de3338041e', 'tenant_id': '1', 'name': 'policy1', 'description': 'policy description', 'firewall_rules': [left_rule_id], 'audited': True, 'shared': True} after_remove_policy = api_fwaas.Policy(after_remove_policy_dict) api_fwaas.policy_get(IsA(http.HttpRequest), policy.id).AndReturn(policy) api_fwaas.rule_list_for_tenant( IsA(http.HttpRequest), tenant_id).AndReturn(rules) api_fwaas.rule_get( IsA(http.HttpRequest), remove_rule_id).AndReturn(rules[0]) api_fwaas.policy_remove_rule(IsA(http.HttpRequest), policy.id, **data)\ .AndReturn(after_remove_policy) self.mox.ReplayAll() res = self.client.post( reverse(self.REMOVERULE_PATH, args=(policy.id,)), data) self.assertNoFormErrors(res) self.assertRedirectsNoFollow(res, str(self.INDEX_URL))
def set_up_expect(self, fwaas_router_extension=True): # retrieve rules tenant_id = self.tenant.id api.neutron.is_extension_supported( IsA(http.HttpRequest), 'fwaasrouterinsertion' ).MultipleTimes().AndReturn(fwaas_router_extension) api_fwaas.rule_list_for_tenant( IsA(http.HttpRequest), tenant_id).AndReturn(self.fw_rules.list()) # retrieves policies policies = self.fw_policies.list() api_fwaas.policy_list_for_tenant( IsA(http.HttpRequest), tenant_id).AndReturn(policies) # retrieves firewalls firewalls = self.firewalls.list() api_fwaas.firewall_list_for_tenant( IsA(http.HttpRequest), tenant_id).AndReturn(firewalls) routers = self.routers.list() api.neutron.router_list( IsA(http.HttpRequest), tenant_id=tenant_id).AndReturn(routers) api_fwaas.firewall_unassociated_routers_list( IsA(http.HttpRequest), tenant_id).\ MultipleTimes().AndReturn(routers)
def test_policy_insert_rule(self): policy = self.fw_policies.first() tenant_id = self.tenant.id rules = self.fw_rules.list() new_rule_id = rules[2].id data = {'firewall_rule_id': new_rule_id, 'insert_before': rules[1].id, 'insert_after': rules[0].id} api_fwaas.policy_get(IsA(http.HttpRequest), policy.id).AndReturn(policy) policy.firewall_rules = [rules[0].id, new_rule_id, rules[1].id] api_fwaas.rule_list_for_tenant( IsA(http.HttpRequest), tenant_id).AndReturn(rules) api_fwaas.rule_get( IsA(http.HttpRequest), new_rule_id).AndReturn(rules[2]) api_fwaas.policy_insert_rule(IsA(http.HttpRequest), policy.id, **data)\ .AndReturn(policy) self.mox.ReplayAll() res = self.client.post( reverse(self.INSERTRULE_PATH, args=(policy.id,)), data) self.assertNoFormErrors(res) self.assertRedirectsNoFollow(res, str(self.INDEX_URL))
def set_up_expect_with_exception(self): tenant_id = self.tenant.id api.neutron.is_extension_supported(IsA( http.HttpRequest), 'fwaasrouterinsertion').AndReturn(True) api_fwaas.rule_list_for_tenant(IsA( http.HttpRequest), tenant_id).AndRaise(self.exceptions.neutron) api_fwaas.policy_list_for_tenant(IsA( http.HttpRequest), tenant_id).AndRaise(self.exceptions.neutron) api_fwaas.firewall_list_for_tenant(IsA( http.HttpRequest), tenant_id).AndRaise(self.exceptions.neutron)
def test_delete_rule(self): api.neutron.is_extension_supported(IsA( http.HttpRequest), 'fwaasrouterinsertion').AndReturn(True) rule = self.fw_rules.list()[2] api_fwaas.rule_list_for_tenant(IsA( http.HttpRequest), self.tenant.id).AndReturn(self.fw_rules.list()) api_fwaas.rule_delete(IsA(http.HttpRequest), rule.id) self.mox.ReplayAll() form_data = {"action": "rulestable__deleterule__%s" % rule.id} res = self.client.post(self.INDEX_URL, form_data) self.assertNoFormErrors(res)
def __init__(self, request, *args, **kwargs): super(RemoveRuleFromPolicy, self).__init__(request, *args, **kwargs) try: tenant_id = request.user.tenant_id all_rules = api_fwaas.rule_list_for_tenant(request, tenant_id) current_rules = [] for r in kwargs['initial']['firewall_rules']: r_obj = [rule for rule in all_rules if r == rule.id][0] current_rules.append(r_obj) current_choices = [(r.id, r.name_or_id) for r in current_rules] except Exception as e: LOG.error( 'Failed to retrieve current rules in policy %(id)s: ' '%(reason)s', { 'id': self.initial['policy_id'], 'reason': e }) msg = (_('Failed to retrieve current rules in policy %(name)s: ' '%(reason)s') % { 'name': self.initial['name'], 'reason': e }) redirect = reverse(self.failure_url) exceptions.handle(request, msg, redirect=redirect) self.fields['firewall_rule_id'].choices = current_choices
def __init__(self, request, *args, **kwargs): super(InsertRuleToPolicy, self).__init__(request, *args, **kwargs) try: tenant_id = self.request.user.tenant_id all_rules = api_fwaas.rule_list_for_tenant(request, tenant_id) all_rules = sorted(all_rules, key=lambda rule: rule.name_or_id) available_rules = [ r for r in all_rules if not r.firewall_policy_id ] current_rules = [] for r in kwargs['initial']['firewall_rules']: r_obj = [rule for rule in all_rules if r == rule.id][0] current_rules.append(r_obj) available_choices = [(r.id, r.name_or_id) for r in available_rules] current_choices = [(r.id, r.name_or_id) for r in current_rules] except Exception as e: LOG.error('Failed to retrieve available rules: %s', e) msg = _('Failed to retrieve available rules: %s') % e redirect = reverse(self.failure_url) exceptions.handle(request, msg, redirect=redirect) self.fields['firewall_rule_id'].choices = available_choices self.fields['insert_before'].choices = [('', '')] + current_choices self.fields['insert_after'].choices = [('', '')] + current_choices
def test_add_policy_post_with_error(self): policy = self.fw_policies.first() rules = self.fw_rules.list() tenant_id = self.tenant.id form_data = {'description': policy.description, 'firewall_rules': None, 'shared': policy.shared, 'audited': policy.audited } api_fwaas.rule_list_for_tenant( IsA(http.HttpRequest), tenant_id).AndReturn(rules) self.mox.ReplayAll() res = self.client.post(reverse(self.ADDPOLICY_PATH), form_data) self.assertFormErrors(res, 1)
def get_rulestable_data(self): try: tenant_id = self.request.user.tenant_id request = self.tab_group.request rules = api_fwaas.rule_list_for_tenant(request, tenant_id) except Exception: rules = [] exceptions.handle(self.tab_group.request, _('Unable to retrieve rules list.')) return rules
def populate_rule_choices(self, request, context): try: tenant_id = self.request.user.tenant_id rules = api_fwaas.rule_list_for_tenant(request, tenant_id) rules = sorted(rules, key=lambda rule: rule.name_or_id) rule_list = [(rule.id, rule.name_or_id) for rule in rules if not rule.firewall_policy_id] except Exception as e: rule_list = [] exceptions.handle( request, _('Unable to retrieve rules (%(error)s).') % {'error': str(e)}) return rule_list
def test_add_policy_post(self): policy = self.fw_policies.first() rules = self.fw_rules.list() tenant_id = self.tenant.id form_data = { 'name': policy.name, 'description': policy.description, 'firewall_rules': policy.firewall_rules, 'shared': policy.shared, 'audited': policy.audited } post_data = { 'name': policy.name, 'description': policy.description, 'rule': policy.firewall_rules, 'shared': policy.shared, 'audited': policy.audited } # NOTE: SelectRulesAction.populate_rule_choices() lists rule not # associated with any policy. We need to ensure that rules specified # in policy.firewall_rules in post_data (above) are not associated # with any policy. Test data in neutron_data is data in a stable state, # so we need to modify here. for rule in rules: if rule.id in policy.firewall_rules: rule.firewall_policy_id = rule.policy = None api_fwaas.rule_list_for_tenant(IsA(http.HttpRequest), tenant_id).AndReturn(rules) api_fwaas.policy_create(IsA(http.HttpRequest), **form_data).AndReturn(policy) self.mox.ReplayAll() res = self.client.post(reverse(self.ADDPOLICY_PATH), post_data) self.assertNoFormErrors(res) self.assertRedirectsNoFollow(res, str(self.INDEX_URL))
def test_rule_list_for_tenant(self): tenant_id = self.request.user.project_id exp_rules = self.fw_rules.list() api_rules = {'firewall_rules': self.api_fw_rules.list()} api_policies = {'firewall_policies': self.api_fw_policies.list()} neutronclient.list_firewall_rules(tenant_id=tenant_id, shared=False).AndReturn( {'firewall_rules': []}) neutronclient.list_firewall_rules(shared=True) \ .AndReturn(api_rules) neutronclient.list_firewall_policies().AndReturn(api_policies) self.mox.ReplayAll() ret_val = api_fwaas.rule_list_for_tenant(self.request, tenant_id) for (v, d) in zip(ret_val, exp_rules): self._assert_rule_return_value(v, d)
def test_rule_list_for_tenant(self): tenant_id = self.request.user.project_id exp_rules = self.fw_rules.list() api_rules = {'firewall_rules': self.api_fw_rules.list()} api_policies = {'firewall_policies': self.api_fw_policies.list()} self.mock_list_firewall_rules.side_effect = [ {'firewall_rules': []}, api_rules, ] self.mock_list_firewall_policies.return_value = api_policies ret_val = api_fwaas.rule_list_for_tenant(self.request, tenant_id) for (v, d) in zip(ret_val, exp_rules): self._assert_rule_return_value(v, d) self.assertEqual(2, self.mock_list_firewall_rules.call_count) self.mock_list_firewall_rules.assert_has_calls([ mock.call(tenant_id=tenant_id, shared=False), mock.call(shared=True), ]) self.mock_list_firewall_policies.assert_called_once_with()