예제 #1
0
    def test_create_group_with_one_simple_rule(self):
        """
        Tests the creation of an OpenStack Security Group with one simple
        custom rule.
        """
        # Create Security Group
        sec_grp_rule_settings = list()
        sec_grp_rule_settings.append(
            SecurityGroupRuleConfig(sec_grp_name=self.sec_grp_name,
                                    direction=Direction.ingress,
                                    description='test_rule_1'))
        sec_grp_settings = SecurityGroupConfig(
            name=self.sec_grp_name,
            description='hello group',
            rule_settings=sec_grp_rule_settings)
        self.sec_grp_creator = create_security_group.OpenStackSecurityGroup(
            self.os_creds, sec_grp_settings)
        self.sec_grp_creator.create()

        sec_grp = neutron_utils.get_security_group(
            self.neutron, self.keystone, sec_grp_settings=sec_grp_settings)
        validation_utils.objects_equivalent(
            self.sec_grp_creator.get_security_group(), sec_grp)
        rules = neutron_utils.get_rules_by_security_group(
            self.neutron, self.sec_grp_creator.get_security_group())
        self.assertEqual(len(self.sec_grp_creator.get_rules()), len(rules))
        validation_utils.objects_equivalent(self.sec_grp_creator.get_rules(),
                                            rules)

        self.assertTrue(
            validate_sec_grp(self.neutron, self.keystone,
                             self.sec_grp_creator.sec_grp_settings,
                             self.sec_grp_creator.get_security_group(), rules))
예제 #2
0
    def test_create_delete_group(self):
        """
        Tests the creation of an OpenStack Security Group without custom rules.
        """
        # Create Security Group
        sec_grp_settings = SecurityGroupConfig(name=self.sec_grp_name,
                                               description='hello group')
        self.sec_grp_creator = create_security_group.OpenStackSecurityGroup(
            self.os_creds, sec_grp_settings)
        created_sec_grp = self.sec_grp_creator.create()
        self.assertIsNotNone(created_sec_grp)

        self.assertTrue(
            validate_sec_grp(self.neutron, self.keystone,
                             self.sec_grp_creator.sec_grp_settings,
                             self.sec_grp_creator.get_security_group()))

        neutron_utils.delete_security_group(self.neutron, created_sec_grp)
        self.assertIsNone(
            neutron_utils.get_security_group(
                self.neutron,
                self.keystone,
                sec_grp_settings=self.sec_grp_creator.sec_grp_settings))

        self.sec_grp_creator.clean()
예제 #3
0
    def test_create_group_new_user_to_admin_project(self):
        """
        Tests the creation of an OpenStack Security Group without custom rules.
        """
        # Create Security Group
        sec_grp_settings = SecurityGroupConfig(
            name=self.sec_grp_name,
            description='hello group',
            project_name=self.os_creds.project_name)
        self.sec_grp_creator = create_security_group.OpenStackSecurityGroup(
            self.admin_os_creds, sec_grp_settings)
        self.sec_grp_creator.create()

        sec_grp = neutron_utils.get_security_group(
            self.neutron, self.keystone, sec_grp_settings=sec_grp_settings)
        self.assertIsNotNone(sec_grp)

        validation_utils.objects_equivalent(
            self.sec_grp_creator.get_security_group(), sec_grp)
        rules = neutron_utils.get_rules_by_security_group(
            self.neutron, self.sec_grp_creator.get_security_group())
        self.assertEqual(len(self.sec_grp_creator.get_rules()), len(rules))
        validation_utils.objects_equivalent(self.sec_grp_creator.get_rules(),
                                            rules)

        self.assertTrue(
            validate_sec_grp(self.neutron, self.keystone,
                             self.sec_grp_creator.sec_grp_settings,
                             self.sec_grp_creator.get_security_group(), rules))
예제 #4
0
    def tearDown(self):
        """
        Cleans the remote OpenStack objects
        """
        if self.project:
            neutron = neutron_utils.neutron_client(self.os_creds,
                                                   self.os_session)
            default_sec_grp = neutron_utils.get_security_group(
                neutron,
                self.keystone,
                sec_grp_name='default',
                project_name=self.os_creds.project_name)
            if default_sec_grp:
                try:
                    neutron_utils.delete_security_group(
                        neutron, default_sec_grp)
                except:
                    pass

            keystone_utils.delete_project(self.keystone, self.project)

        if self.user:
            keystone_utils.delete_user(self.keystone, self.user)

        if self.role:
            keystone_utils.delete_role(self.keystone, self.role)

        super(self.__class__, self).__clean__()
예제 #5
0
    def initialize(self):
        """
        Loads existing security group.
        :return: the security group domain object
        """
        super(self.__class__, self).initialize()

        self.__security_group = neutron_utils.get_security_group(
            self._neutron, self._keystone,
            sec_grp_settings=self.sec_grp_settings,
            project_name=self._os_creds.project_name)
        if self.__security_group:
            # Populate rules
            existing_rules = neutron_utils.get_rules_by_security_group(
                self._neutron, self.__security_group)

            for existing_rule in existing_rules:
                # For Custom Rules
                rule_setting = self.__get_setting_from_rule(existing_rule)
                self.__rules[rule_setting] = existing_rule

            self.__security_group = neutron_utils.get_security_group_by_id(
                self._neutron, self.__security_group.id)

        return self.__security_group
예제 #6
0
    def test_remove_rule_by_setting(self):
        """
        Tests the creation of an OpenStack Security Group with two simple
        custom rules then removes one by the rule setting object
        """
        # Create Security Group
        sec_grp_rule_settings = list()
        sec_grp_rule_settings.append(
            SecurityGroupRuleConfig(sec_grp_name=self.sec_grp_name,
                                    direction=Direction.ingress,
                                    description='test_rule_1'))
        sec_grp_rule_settings.append(
            SecurityGroupRuleConfig(sec_grp_name=self.sec_grp_name,
                                    direction=Direction.egress,
                                    protocol=Protocol.udp,
                                    ethertype=Ethertype.IPv6,
                                    description='test_rule_2'))
        sec_grp_rule_settings.append(
            SecurityGroupRuleConfig(sec_grp_name=self.sec_grp_name,
                                    direction=Direction.egress,
                                    protocol=Protocol.udp,
                                    ethertype=Ethertype.IPv4,
                                    port_range_min=10,
                                    port_range_max=20,
                                    description='test_rule_3'))
        sec_grp_settings = SecurityGroupConfig(
            name=self.sec_grp_name,
            description='hello group',
            rule_settings=sec_grp_rule_settings)
        self.sec_grp_creator = create_security_group.OpenStackSecurityGroup(
            self.os_creds, sec_grp_settings)
        self.sec_grp_creator.create()

        sec_grp = neutron_utils.get_security_group(
            self.neutron, self.keystone, sec_grp_settings=sec_grp_settings)
        validation_utils.objects_equivalent(
            self.sec_grp_creator.get_security_group(), sec_grp)

        rules = neutron_utils.get_rules_by_security_group(
            self.neutron, self.sec_grp_creator.get_security_group())
        self.assertEqual(len(self.sec_grp_creator.get_rules()), len(rules))
        validation_utils.objects_equivalent(self.sec_grp_creator.get_rules(),
                                            rules)

        self.assertTrue(
            validate_sec_grp(self.neutron, self.keystone,
                             self.sec_grp_creator.sec_grp_settings,
                             self.sec_grp_creator.get_security_group(), rules))

        self.sec_grp_creator.remove_rule(rule_setting=sec_grp_rule_settings[0])
        rules_after_del = neutron_utils.get_rules_by_security_group(
            self.neutron, self.sec_grp_creator.get_security_group())
        self.assertEqual(len(rules) - 1, len(rules_after_del))
예제 #7
0
def validate_sec_grp_rules(neutron, keystone, rule_settings, rules):
    """
    Returns True is the settings on a security group rule are properly
    contained on the SNAPS SecurityGroupRule domain object.
    This function will only operate on rules that contain a description as
    this is the only means to tell if the rule is custom or defaulted by
    OpenStack
    :param neutron: the neutron client
    :param keystone: the keystone client
    :param rule_settings: collection of SecurityGroupRuleConfig objects
    :param rules: a collection of SecurityGroupRule domain objects
    :return: T/F
    """

    for rule_setting in rule_settings:
        if rule_setting.description:
            match = False
            for rule in rules:
                sec_grp = neutron_utils.get_security_group(
                    neutron, keystone, sec_grp_name=rule_setting.sec_grp_name)

                setting_eth_type = create_security_group.Ethertype.IPv4
                if rule_setting.ethertype:
                    setting_eth_type = rule_setting.ethertype

                if not sec_grp:
                    return False

                proto_str = 'null'
                if rule.protocol:
                    proto_str = rule.protocol

                if (rule.description == rule_setting.description
                        and rule.direction == rule_setting.direction.name
                        and rule.ethertype == setting_eth_type.name
                        and rule.port_range_max == rule_setting.port_range_max
                        and rule.port_range_min == rule_setting.port_range_min
                        and proto_str == str(rule_setting.protocol.value) and
                        rule.remote_group_id == rule_setting.remote_group_id
                        and rule.remote_ip_prefix
                        == rule_setting.remote_ip_prefix
                        and rule.security_group_id == sec_grp.id):
                    match = True
                    break

            if not match:
                return False

    return True
예제 #8
0
    def clean(self):
        """
        Cleanse environment of all artifacts
        :return: void
        """
        if self.__project:
            # Delete security group 'default' if exists
            neutron = neutron_utils.neutron_client(self._os_creds,
                                                   self._os_session)
            try:
                default_sec_grp = neutron_utils.get_security_group(
                    neutron,
                    self._keystone,
                    sec_grp_name='default',
                    project_name=self.__project.name)
                if default_sec_grp:
                    try:
                        neutron_utils.delete_security_group(
                            neutron, default_sec_grp)
                    except:
                        pass
            finally:
                neutron.httpclient.session.session.close()

            # Delete Project
            try:
                keystone_utils.delete_project(self._keystone, self.__project)
            except NotFound:
                pass
            self.__project = None

        if self.__role:
            try:
                keystone_utils.delete_role(self._keystone, self.__role)
            except NotFound:
                pass
            self.__project = None

        # Final role check in case init was done from an existing instance
        role = keystone_utils.get_role_by_name(self._keystone,
                                               self.__role_name)
        if role:
            keystone_utils.delete_role(self._keystone, role)

        super(self.__class__, self).clean()
예제 #9
0
    def dict_for_neutron(self, neutron, keystone, project_name):
        """
        Returns a dictionary object representing this object.
        This is meant to be converted into JSON designed for use by the Neutron
        API
        :param neutron: the neutron client for performing lookups
        :param keystone: the keystone client for performing lookups
        :param project_name: the name of the project associated with the group
        :return: the dictionary object
        """
        out = dict()

        if self.description:
            out['description'] = self.description
        if self.direction:
            out['direction'] = self.direction.name
        if self.port_range_min:
            out['port_range_min'] = self.port_range_min
        if self.port_range_max:
            out['port_range_max'] = self.port_range_max
        if self.ethertype:
            out['ethertype'] = self.ethertype.name
        if self.protocol and self.protocol.value != 'null':
            out['protocol'] = self.protocol.value
        if self.sec_grp_name:
            sec_grp = neutron_utils.get_security_group(
                neutron, keystone, sec_grp_name=self.sec_grp_name,
                project_name=project_name)
            if sec_grp:
                out['security_group_id'] = sec_grp.id
            else:
                raise SecurityGroupRuleConfigError(
                    'Cannot locate security group with name - ' +
                    self.sec_grp_name)
        if self.remote_group_id:
            out['remote_group_id'] = self.remote_group_id
        if self.remote_ip_prefix:
            out['remote_ip_prefix'] = self.remote_ip_prefix

        return {'security_group_rule': out}
예제 #10
0
파일: network.py 프로젝트: opnfv/snaps
    def dict_for_neutron(self, neutron, os_creds):
        """
        Returns a dictionary object representing this object.
        This is meant to be converted into JSON designed for use by the Neutron
        API

        TODO - expand automated testing to exercise all parameters
        :param neutron: the Neutron client
        :param os_creds: the OpenStack credentials
        :return: the dictionary object
        """
        out = dict()
        session = keystone_utils.keystone_session(os_creds)
        keystone = keystone_utils.keystone_client(os_creds, session)

        project_name = os_creds.project_name
        if self.project_name:
            project_name = project_name
        try:
            network = neutron_utils.get_network(neutron,
                                                keystone,
                                                network_name=self.network_name)
            if network and not (network.shared or network.external):
                network = neutron_utils.get_network(
                    neutron,
                    keystone,
                    network_name=self.network_name,
                    project_name=project_name)
        finally:
            if session:
                keystone_utils.close_session(session)

        if not network:
            raise PortConfigError('Cannot locate network with name - ' +
                                  self.network_name + ' in project - ' +
                                  str(project_name))

        out['network_id'] = network.id

        if self.admin_state_up is not None:
            out['admin_state_up'] = self.admin_state_up
        if self.name:
            out['name'] = self.name
        if self.project_name:
            project = keystone_utils.get_project(
                keystone=keystone, project_name=self.project_name)
            project_id = None
            if project:
                project_id = project.id
            if project_id:
                out['tenant_id'] = project_id
            else:
                raise PortConfigError(
                    'Could not find project ID for project named - ' +
                    self.project_name)
        if self.mac_address:
            out['mac_address'] = self.mac_address

        fixed_ips = self.__get_fixed_ips(neutron, network)
        if fixed_ips and len(fixed_ips) > 0:
            out['fixed_ips'] = fixed_ips

        if self.security_groups:
            sec_grp_ids = list()
            for sec_grp_name in self.security_groups:
                sec_grp = neutron_utils.get_security_group(
                    neutron,
                    keystone,
                    sec_grp_name=sec_grp_name,
                    project_name=self.project_name)
                if sec_grp:
                    sec_grp_ids.append(sec_grp.id)
            out['security_groups'] = sec_grp_ids
        if self.port_security_enabled is not None:
            out['port_security_enabled'] = self.port_security_enabled
        if self.allowed_address_pairs and len(self.allowed_address_pairs) > 0:
            out['allowed_address_pairs'] = self.allowed_address_pairs
        if self.opt_value:
            out['opt_value'] = self.opt_value
        if self.opt_name:
            out['opt_name'] = self.opt_name
        if self.device_owner:
            out['device_owner'] = self.device_owner
        if self.device_id:
            out['device_id'] = self.device_id
        if self.extra_dhcp_opts:
            out['extra_dhcp_opts'] = self.extra_dhcp_opts
        return {'port': out}