def test_disassociate(self): self.stubs.Set(db, 'instance_get', return_server) self.stubs.Set(db, 'instance_get_by_uuid', return_server_by_uuid) self.mox.StubOutWithMock(db, 'instance_remove_security_group') db.instance_remove_security_group(mox.IgnoreArg(), mox.IgnoreArg(), mox.IgnoreArg()) self.stubs.Set(db, 'security_group_get_by_name', return_security_group_by_name) self.mox.ReplayAll() body = dict(remove_security_group=dict(name="test")) req = fakes.HTTPRequestV3.blank('/servers/1/action') self.manager._remove_security_group(req, '1', body)
def test_multinic_base_filter_selection(self): fakefilter = NWFilterFakes() self.fw._conn.nwfilterDefineXML = fakefilter.filterDefineXMLMock self.fw._conn.nwfilterLookupByName = fakefilter.nwfilterLookupByName instance_ref = self._create_instance() inst_id = instance_ref['id'] inst_uuid = instance_ref['uuid'] self.security_group = self.setup_and_return_security_group() db.instance_add_security_group(self.context, inst_uuid, self.security_group['id']) instance = db.instance_get(self.context, inst_id) network_info = _fake_network_info(self.stubs, 2) network_info[0]['network']['subnets'][0]['meta']['dhcp_server'] = \ '1.1.1.1' self.fw.setup_basic_filtering(instance, network_info) def assert_filterref(instance, vif, expected=None): expected = expected or [] nic_id = vif['address'].replace(':', '') filter_name = self.fw._instance_filter_name(instance, nic_id) f = fakefilter.nwfilterLookupByName(filter_name) tree = etree.fromstring(f.xml) frefs = [fr.get('filter') for fr in tree.findall('filterref')] self.assertEqual(set(expected), set(frefs)) assert_filterref(instance, network_info[0], expected=['nova-base']) assert_filterref(instance, network_info[1], expected=['nova-nodhcp']) db.instance_remove_security_group(self.context, inst_uuid, self.security_group['id']) self.teardown_security_group() db.instance_destroy(context.get_admin_context(), instance_ref['uuid'])
def test_creates_base_rule_first(self): # These come pre-defined by libvirt self.defined_filters = [ 'no-mac-spoofing', 'no-ip-spoofing', 'no-arp-spoofing', 'allow-dhcp-server' ] self.recursive_depends = {} for f in self.defined_filters: self.recursive_depends[f] = [] def _filterDefineXMLMock(xml): dom = minidom.parseString(xml) name = dom.firstChild.getAttribute('name') self.recursive_depends[name] = [] for f in dom.getElementsByTagName('filterref'): ref = f.getAttribute('filter') self.assertTrue( ref in self.defined_filters, ('%s referenced filter that does ' + 'not yet exist: %s') % (name, ref)) dependencies = [ref] + self.recursive_depends[ref] self.recursive_depends[name] += dependencies self.defined_filters.append(name) return True self.fake_libvirt_connection.nwfilterDefineXML = _filterDefineXMLMock instance_ref = self._create_instance() inst_id = instance_ref['id'] inst_uuid = instance_ref['uuid'] def _ensure_all_called(mac, allow_dhcp): instance_filter = 'nova-instance-%s-%s' % ( instance_ref['name'], mac.translate({ord(':'): None})) requiredlist = [ 'no-arp-spoofing', 'no-ip-spoofing', 'no-mac-spoofing' ] required_not_list = [] if allow_dhcp: requiredlist.append('allow-dhcp-server') else: required_not_list.append('allow-dhcp-server') for required in requiredlist: self.assertTrue( required in self.recursive_depends[instance_filter], "Instance's filter does not include %s" % required) for required_not in required_not_list: self.assertFalse( required_not in self.recursive_depends[instance_filter], "Instance filter includes %s" % required_not) self.security_group = self.setup_and_return_security_group() db.instance_add_security_group(self.context, inst_uuid, self.security_group['id']) instance = db.instance_get(self.context, inst_id) network_info = _fake_network_info(self.stubs, 1) # since there is one (network_info) there is one vif # pass this vif's mac to _ensure_all_called() # to set the instance_filter properly mac = network_info[0]['address'] network_info[0]['network']['subnets'][0]['meta']['dhcp_server'] = \ '1.1.1.1' self.fw.setup_basic_filtering(instance, network_info) allow_dhcp = True _ensure_all_called(mac, allow_dhcp) network_info[0]['network']['subnets'][0]['meta']['dhcp_server'] = None self.fw.setup_basic_filtering(instance, network_info) allow_dhcp = False _ensure_all_called(mac, allow_dhcp) db.instance_remove_security_group(self.context, inst_uuid, self.security_group['id']) self.teardown_security_group() db.instance_destroy(context.get_admin_context(), instance_ref['uuid'])
def test_creates_base_rule_first(self): # These come pre-defined by libvirt self.defined_filters = ['no-mac-spoofing', 'no-ip-spoofing', 'no-arp-spoofing', 'allow-dhcp-server'] self.recursive_depends = {} for f in self.defined_filters: self.recursive_depends[f] = [] def _filterDefineXMLMock(xml): dom = minidom.parseString(xml) name = dom.firstChild.getAttribute('name') self.recursive_depends[name] = [] for f in dom.getElementsByTagName('filterref'): ref = f.getAttribute('filter') self.assertTrue(ref in self.defined_filters, ('%s referenced filter that does ' + 'not yet exist: %s') % (name, ref)) dependencies = [ref] + self.recursive_depends[ref] self.recursive_depends[name] += dependencies self.defined_filters.append(name) return True self.fake_libvirt_connection.nwfilterDefineXML = _filterDefineXMLMock instance_ref = self._create_instance() inst_id = instance_ref['id'] inst_uuid = instance_ref['uuid'] def _ensure_all_called(mac, allow_dhcp): instance_filter = 'nova-instance-%s-%s' % (instance_ref['name'], mac.translate({ord(':'): None})) requiredlist = ['no-arp-spoofing', 'no-ip-spoofing', 'no-mac-spoofing'] required_not_list = [] if allow_dhcp: requiredlist.append('allow-dhcp-server') else: required_not_list.append('allow-dhcp-server') for required in requiredlist: self.assertTrue(required in self.recursive_depends[instance_filter], "Instance's filter does not include %s" % required) for required_not in required_not_list: self.assertFalse(required_not in self.recursive_depends[instance_filter], "Instance filter includes %s" % required_not) self.security_group = self.setup_and_return_security_group() db.instance_add_security_group(self.context, inst_uuid, self.security_group['id']) instance = db.instance_get(self.context, inst_id) network_info = _fake_network_info(self.stubs, 1) # since there is one (network_info) there is one vif # pass this vif's mac to _ensure_all_called() # to set the instance_filter properly mac = network_info[0]['address'] network_info[0]['network']['subnets'][0]['meta']['dhcp_server'] = \ '1.1.1.1' self.fw.setup_basic_filtering(instance, network_info) allow_dhcp = True _ensure_all_called(mac, allow_dhcp) network_info[0]['network']['subnets'][0]['meta']['dhcp_server'] = None self.fw.setup_basic_filtering(instance, network_info) allow_dhcp = False _ensure_all_called(mac, allow_dhcp) db.instance_remove_security_group(self.context, inst_uuid, self.security_group['id']) self.teardown_security_group() db.instance_destroy(context.get_admin_context(), instance_ref['uuid'])