def setUp(self):
cfg.CONF.register_opts(sg_cfg.security_group_opts, 'SECURITYGROUP')
super(IptablesFirewallTestCase, self).setUp()
bridge = self.useFixture(net_helpers.LinuxBridgeFixture()).bridge
self.client, self.server = self.useFixture(
machine_fixtures.PeerMachines(bridge)).machines
self.firewall = iptables_firewall.IptablesFirewallDriver(
namespace=bridge.namespace)
self._set_src_mac(self.MAC_REAL)
client_br_port_name = net_helpers.VethFixture.get_peer_name(
self.client.port.name)
self.src_port_desc = {
'admin_state_up': True,
'device': client_br_port_name,
'device_owner': DEVICE_OWNER_COMPUTE,
'fixed_ips': [self.client.ip],
'mac_address': self.MAC_REAL,
'port_security_enabled': True,
'security_groups': [self.FAKE_SECURITY_GROUP_ID],
'status': 'ACTIVE'
}
def initialize_iptables(self):
cfg.CONF.set_override('enable_ipset', self.enable_ipset,
'SECURITYGROUP')
tester = self.useFixture(conn_testers.LinuxBridgeConnectionTester())
firewall_drv = iptables_firewall.IptablesFirewallDriver(
namespace=tester.bridge_namespace)
return tester, firewall_drv
def setUp(self):
cfg.CONF.register_opts(sg_cfg.security_group_opts, 'SECURITYGROUP')
super(IptablesFirewallTestCase, self).setUp()
self.bridge = self.create_bridge()
self.src_veth, self.src_br_veth = self.create_veth_pairs(
self.bridge.namespace)
self.bridge.addif(self.src_br_veth.name)
self._set_ip_up(self.src_veth, '%s/24' % self.SRC_ADDRESS)
self.src_br_veth.link.set_up()
self.dst_veth, self.dst_br_veth = self.create_veth_pairs(
self.bridge.namespace)
self.bridge.addif(self.dst_br_veth.name)
self._set_ip_up(self.dst_veth, '%s/24' % self.DST_ADDRESS)
self.dst_br_veth.link.set_up()
self.firewall = iptables_firewall.IptablesFirewallDriver(
namespace=self.bridge.namespace)
self._set_src_mac(self.MAC_REAL)
self.src_port = {
'admin_state_up': True,
'device': self.src_br_veth.name,
'device_owner': 'compute:None',
'fixed_ips': [self.SRC_ADDRESS],
'mac_address': self.MAC_REAL,
'port_security_enabled': True,
'security_groups': [self.FAKE_SECURITY_GROUP_ID],
'status': 'ACTIVE'
}
def initialize_iptables(self):
cfg.CONF.set_override('enable_ipset', self.enable_ipset,
'SECURITYGROUP')
br_name = ('brq' + self.net_id)[:n_const.LINUX_DEV_LEN]
tester = self.useFixture(
conn_testers.LinuxBridgeConnectionTester(self.ip_cidr,
bridge_name=br_name))
firewall_drv = iptables_firewall.IptablesFirewallDriver(
namespace=tester.bridge_namespace)
return tester, firewall_drv
def setUp(self):
cfg.CONF.register_opts(sg_cfg.security_group_opts, 'SECURITYGROUP')
super(IptablesFirewallTestCase, self).setUp()
bridge = self.useFixture(net_helpers.LinuxBridgeFixture()).bridge
# FIXME(cbrandily): temporary, will be replaced by fake machines
self.src_ip_wrapper = self.useFixture(
net_helpers.NamespaceFixture()).ip_wrapper
src_port_fixture = self.useFixture(
net_helpers.LinuxBridgePortFixture(bridge,
self.src_ip_wrapper.namespace))
self.src_port = src_port_fixture.port
self._set_ip_up(self.src_port, '%s/24' % self.SRC_ADDRESS)
self.dst_ip_wrapper = self.useFixture(
net_helpers.NamespaceFixture()).ip_wrapper
self.dst_port = self.useFixture(
net_helpers.LinuxBridgePortFixture(
bridge, self.dst_ip_wrapper.namespace)).port
self._set_ip_up(self.dst_port, '%s/24' % self.DST_ADDRESS)
self.firewall = iptables_firewall.IptablesFirewallDriver(
namespace=bridge.namespace)
self._set_src_mac(self.MAC_REAL)
self.src_port_desc = {
'admin_state_up': True,
'device': src_port_fixture.br_port.name,
'device_owner': 'compute:None',
'fixed_ips': [self.SRC_ADDRESS],
'mac_address': self.MAC_REAL,
'port_security_enabled': True,
'security_groups': [self.FAKE_SECURITY_GROUP_ID],
'status': 'ACTIVE'
}
def create_iptables_firewall(self):
cfg.CONF.set_override('enable_ipset', self.enable_ipset,
'SECURITYGROUP')
return iptables_firewall.IptablesFirewallDriver(
namespace=self.tester.bridge_namespace)
