def check_creation_validation(self, rule):
fake_client = self.generate_client()
with mock.patch("vcloud_plugin_common.VcloudAirClient.get", mock.MagicMock(return_value=fake_client)):
fake_ctx = self.generate_node_context(
properties={"vcloud_config": {"edge_gateway": "some_edge_gateway", "vdc": "vdc_name"}, "rules": [rule]}
)
security_group.creation_validation(ctx=fake_ctx)
def check_creation_validation(self, rule):
fake_client = self.generate_client()
with mock.patch('vcloud_plugin_common.VcloudAirClient.get',
mock.MagicMock(return_value=fake_client)):
fake_ctx = self.generate_node_context(
properties={
'vcloud_config': {
'edge_gateway': 'some_edge_gateway',
'vdc': 'vdc_name'
},
'rules': [rule]
})
security_group.creation_validation(ctx=fake_ctx)
def test_validation(self):
self.ctx.node.properties.update(
{'floatingip': self.test_config['floatingip']})
with mock.patch('network_plugin.floatingip.ctx', self.ctx):
floatingip.creation_validation()
self.ctx.node.properties.update(
{'floatingip': self.test_config['floatingip_auto']})
with mock.patch('network_plugin.floatingip.ctx', self.ctx):
floatingip.creation_validation()
self.ctx.node.properties.update(
{'private_key_path': os.path.realpath(__file__)})
with mock.patch('network_plugin.keypair.ctx', self.ctx):
keypair.creation_validation()
self.ctx.node.properties.update({
"resource_id":
self.test_config['network']['name'],
"network":
self.test_config['network'],
"use_external_resource":
False
})
with mock.patch('network_plugin.network.ctx', self.ctx):
network.creation_validation()
self.ctx.node.properties.update({
'port': {
'network': self.test_config['management_network'],
'ip_allocation_mode': 'dhcp',
'primary_interface': True
}
})
with mock.patch('network_plugin.port.ctx', self.ctx):
port.creation_validation()
self.ctx.node.properties.update({
"nat":
self.test_config['public_nat']['nat'],
"rules":
self.test_config['public_nat']['rules_net']
})
with mock.patch('network_plugin.public_nat.ctx', self.ctx):
public_nat.creation_validation()
self.ctx.node.properties.update(self.test_config['security_group'])
with mock.patch('network_plugin.security_group.ctx', self.ctx):
security_group.creation_validation()
def check_creation_validation(self, rule):
fake_client = self.generate_client()
with mock.patch(
'vcloud_plugin_common.VcloudAirClient.get',
mock.MagicMock(return_value=fake_client)
):
fake_ctx = self.generate_node_context(
properties={
'vcloud_config': {
'edge_gateway': 'some_edge_gateway',
'vdc': 'vdc_name'
},
'rules': [rule]
}
)
security_group.creation_validation(ctx=fake_ctx)
def test_validation(self):
self.ctx.node.properties.update(
{'floatingip': self.test_config['floatingip']})
with mock.patch('network_plugin.floatingip.ctx', self.ctx):
floatingip.creation_validation()
self.ctx.node.properties.update(
{'floatingip': self.test_config['floatingip_auto']})
with mock.patch('network_plugin.floatingip.ctx', self.ctx):
floatingip.creation_validation()
self.ctx.node.properties.update(
{'private_key_path': os.path.realpath(__file__)})
with mock.patch('network_plugin.keypair.ctx', self.ctx):
keypair.creation_validation()
self.ctx.node.properties.update(
{"resource_id": self.test_config['network']['name'],
"network": self.test_config['network'],
"use_external_resource": False})
with mock.patch('network_plugin.network.ctx', self.ctx):
network.creation_validation()
self.ctx.node.properties.update(
{'port': {
'network': self.test_config['management_network'],
'ip_allocation_mode': 'dhcp',
'primary_interface': True}})
with mock.patch('network_plugin.port.ctx', self.ctx):
port.creation_validation()
self.ctx.node.properties.update(
{"nat": self.test_config['public_nat']['nat'],
"rules": self.test_config['public_nat']['rules_net']})
with mock.patch('network_plugin.public_nat.ctx', self.ctx):
public_nat.creation_validation()
self.ctx.node.properties.update(self.test_config['security_group'])
with mock.patch('network_plugin.security_group.ctx', self.ctx):
security_group.creation_validation()
def test_creation_validation(self):
fake_client = self.generate_client()
with mock.patch(
'vcloud_plugin_common.VcloudAirClient.get',
mock.MagicMock(return_value=fake_client)
):
fake_ctx = self.generate_node_context(
properties={
'vcloud_config': {
'edge_gateway': 'some_edge_gateway',
'vdc': 'vdc_name'
}
}
)
fake_client._vdc_gateway.is_fw_enabled = mock.MagicMock(
return_value=False
)
# Gateway firewall is disabled
with self.assertRaises(cfy_exc.NonRecoverableError):
security_group.creation_validation(ctx=fake_ctx)
fake_client._vdc_gateway.is_fw_enabled = mock.MagicMock(
return_value=True
)
# no rules
with self.assertRaises(cfy_exc.NonRecoverableError):
security_group.creation_validation(ctx=fake_ctx)
# wrong description
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 10
})
# wrong source
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 'a',
"source": 11
})
with self.assertRaises(cfy_exc.NonRecoverableError):
security_group.creation_validation(ctx=fake_ctx)
# wrong ip
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.1111'
})
# wrong port
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.11',
"source_port": 1234
})
# wrong destination
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.11',
"source_port": 1234,
"destination": 123
})
# wrong destination ip
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.11',
"source_port": 1234,
"destination": "123.1"
})
# wrong destination_port
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.11',
"source_port": 1234,
"destination": "123.12.1.1",
'destination_port': 1111111
})
# wrong protocol
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.11',
"source_port": 1234,
"destination": "123.12.1.1",
'destination_port': 1111,
"protocol": 'someone'
})
# wrong action
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.11',
"source_port": 1234,
"destination": "123.12.1.1",
'destination_port': 1111,
"protocol": 'any',
"action": 'some'
})
# wrong action
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.11',
"source_port": 1234,
"destination": "123.12.1.1",
'destination_port': 1111,
"protocol": 'any',
"action": 'allow',
'log_traffic': 'somevalue'
})
# correct
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.11',
"source_port": 1234,
"destination": "123.12.1.1",
'destination_port': 1111,
"protocol": 'any',
"action": 'allow',
'log_traffic': True
})
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.11',
"source_port": 1234,
"destination": "123.12.1.1",
'destination_port': 1111,
"protocol": 'any',
"action": 'allow',
'log_traffic': False
})
self.check_creation_validation({
"action": 'allow'
})
def test_creation_validation(self):
fake_client = self.generate_client()
with mock.patch('vcloud_plugin_common.VcloudAirClient.get',
mock.MagicMock(return_value=fake_client)):
fake_ctx = self.generate_node_context(
properties={
'vcloud_config': {
'edge_gateway': 'some_edge_gateway',
'vdc': 'vdc_name'
}
})
fake_client._vdc_gateway.is_fw_enabled = mock.MagicMock(
return_value=False)
# Gateway firewall is disabled
with self.assertRaises(cfy_exc.NonRecoverableError):
security_group.creation_validation(ctx=fake_ctx)
fake_client._vdc_gateway.is_fw_enabled = mock.MagicMock(
return_value=True)
# no rules
with self.assertRaises(cfy_exc.NonRecoverableError):
security_group.creation_validation(ctx=fake_ctx)
# wrong description
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({"description": 10})
# wrong source
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 'a',
"source": 11
})
with self.assertRaises(cfy_exc.NonRecoverableError):
security_group.creation_validation(ctx=fake_ctx)
# wrong ip
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.1111'
})
# wrong port
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.11',
"source_port": 1234
})
# wrong destination
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.11',
"source_port": 1234,
"destination": 123
})
# wrong destination ip
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.11',
"source_port": 1234,
"destination": "123.1"
})
# wrong destination_port
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.11',
"source_port": 1234,
"destination": "123.12.1.1",
'destination_port': 1111111
})
# wrong protocol
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.11',
"source_port": 1234,
"destination": "123.12.1.1",
'destination_port': 1111,
"protocol": 'someone'
})
# wrong action
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.11',
"source_port": 1234,
"destination": "123.12.1.1",
'destination_port': 1111,
"protocol": 'any',
"action": 'some'
})
# wrong action
with self.assertRaises(cfy_exc.NonRecoverableError):
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.11',
"source_port": 1234,
"destination": "123.12.1.1",
'destination_port': 1111,
"protocol": 'any',
"action": 'allow',
'log_traffic': 'somevalue'
})
# correct
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.11',
"source_port": 1234,
"destination": "123.12.1.1",
'destination_port': 1111,
"protocol": 'any',
"action": 'allow',
'log_traffic': True
})
self.check_creation_validation({
"description": 'a',
"source": '1.2.3.11',
"source_port": 1234,
"destination": "123.12.1.1",
'destination_port': 1111,
"protocol": 'any',
"action": 'allow',
'log_traffic': False
})
self.check_creation_validation({"action": 'allow'})
