def setUp(self):
super(TestPolicyCommunicationMap, self).setUp()
self.entry1 = policy.CommunicationMapEntryDef(
'd1',
'cm1',
'en1',
sequence_number=12,
source_groups=["group1", "group2"],
dest_groups=["group1"],
service_ids=["service1"])
self.entry2 = policy.CommunicationMapEntryDef(
'd1',
'cm2',
'en2',
sequence_number=13,
source_groups=["group1", "group2"],
dest_groups=["group3"],
service_ids=["service2"])
self.expected_data1 = {
'id':
'en1',
'display_name':
None,
'description':
None,
'sequence_number':
12,
'action':
'ALLOW',
'scope': ['ANY'],
'source_groups': [
'/infra/domains/d1/groups/group1',
'/infra/domains/d1/groups/group2'
],
'destination_groups': ['/infra/domains/d1/groups/group1'],
'services': ['/infra/services/service1']
}
self.expected_data2 = {
'id':
'en2',
'display_name':
None,
'description':
None,
'sequence_number':
13,
'action':
'ALLOW',
'scope': ['ANY'],
'source_groups': [
'/infra/domains/d1/groups/group1',
'/infra/domains/d1/groups/group2'
],
'destination_groups': ['/infra/domains/d1/groups/group3'],
'services': ['/infra/services/service2']
}
def test_create_first_seqnum(self):
domain_id = '111'
map_id = '222'
name = 'cm1'
description = 'desc'
source_group = 'g1'
dest_group = 'g2'
service_id = 'c1'
category = 'Emergency'
get_return_value = {'communication_entries': []}
with mock.patch.object(self.policy_api,
"create_or_update") as api_call, \
mock.patch.object(self.resourceApi, "get",
return_value=get_return_value):
self.resourceApi.create_or_overwrite(name,
domain_id,
map_id=map_id,
description=description,
service_ids=[service_id],
source_groups=[source_group],
dest_groups=[dest_group],
category=category,
tenant=TEST_TENANT)
expected_def = policy_defs.CommunicationMapDef(
domain_id=domain_id,
map_id=map_id,
name=name,
description=description,
category=category,
precedence=0,
tenant=TEST_TENANT)
self.assert_called_with_def(api_call, expected_def)
expected_def = policy_defs.CommunicationMapEntryDef(
domain_id=domain_id,
map_id=map_id,
entry_id=map_id,
name=name,
description=description,
sequence_number=1,
service_ids=[service_id],
source_groups=[source_group],
dest_groups=[dest_group],
tenant=TEST_TENANT)
self.assert_called_with_def(api_call, expected_def, call_num=1)
def update(self, domain_id, map_id, name=None, description=None,
sequence_number=None, service_ids=None, action=None,
source_groups=None, dest_groups=None, precedence=None,
category=None,
tenant=policy_constants.POLICY_INFRA_TENANT):
# Get the current data of communication map & its' entry
comm_map = self.get(domain_id, map_id, tenant=tenant)
# update the communication map itself:
comm_def = policy_defs.CommunicationMapDef(
domain_id=domain_id, map_id=map_id, tenant=tenant)
if name is not None:
comm_map['display_name'] = name
if description is not None:
comm_map['description'] = description
if category is not None:
comm_map['category'] = category
if precedence is not None:
comm_map['precedence'] = precedence
if (comm_map.get('communication_entries') and
len(comm_map['communication_entries']) == 1):
# update the entry body
comm_entry = comm_map['communication_entries'][0]
entry_id = comm_entry['id']
entry_def = policy_defs.CommunicationMapEntryDef(
domain_id=domain_id, map_id=map_id, entry_id=entry_id,
tenant=tenant)
entry_def.update_attributes_in_body(
body=comm_entry, name=name,
description=description,
service_ids=service_ids,
source_groups=source_groups,
dest_groups=dest_groups,
sequence_number=sequence_number,
action=action)
else:
LOG.error("Cannot update communication map %s - expected 1 entry",
map_id)
comm_def.body = comm_map
self.policy_api.create_or_update(comm_def)
# re-read the map from the backend to return the current data
return self.get(domain_id, map_id, tenant=tenant)
def test_create_without_seqnum(self):
domain_id = '111'
name = 'cm1'
description = 'desc'
source_group = 'g1'
dest_group = 'g2'
service1_id = 'c1'
service2_id = 'c2'
with mock.patch.object(self.policy_api,
"create_with_parent") as api_call:
self.resourceApi.create_or_overwrite(
name,
domain_id,
description=description,
service_ids=[service1_id, service2_id],
source_groups=[source_group],
dest_groups=[dest_group],
tenant=TEST_TENANT)
expected_map_def = policy_defs.CommunicationMapDef(
domain_id=domain_id,
map_id=mock.ANY,
name=name,
description=description,
category=policy_constants.CATEGORY_DEFAULT,
precedence=0,
tenant=TEST_TENANT)
expected_entry_def = policy_defs.CommunicationMapEntryDef(
domain_id=domain_id,
map_id=mock.ANY,
entry_id=mock.ANY,
name=name,
description=description,
sequence_number=1,
service_ids=[service1_id, service2_id],
source_groups=[source_group],
dest_groups=[dest_group],
tenant=TEST_TENANT)
self.assert_called_with_defs(
api_call, [expected_map_def, expected_entry_def])
def create_or_overwrite(self, name, domain_id, map_id=None,
description=None, precedence=0,
category=policy_constants.CATEGORY_DEFAULT,
sequence_number=None, service_ids=None,
action=policy_constants.ACTION_ALLOW,
source_groups=None, dest_groups=None,
tenant=policy_constants.POLICY_INFRA_TENANT):
"""Create CommunicationMap & Entry.
source_groups/dest_groups should be a list of group ids belonging
to the domain.
NOTE: In multi-connection environment, it is recommended to execute
this call under lock to prevent race condition where two entries
end up with same sequence number.
"""
# Validate and convert inputs
if not service_ids:
# service-ids must be provided
err_msg = (_("Cannot create a communication map %(name)s without "
"services") % {'name': name})
raise exceptions.ManagerError(details=err_msg)
if map_id:
# get the next available sequence number
last_sequence = self._get_last_seq_num(domain_id, map_id,
tenant=tenant)
else:
map_id = self._init_obj_uuid(map_id)
last_sequence = -1
if not sequence_number:
if last_sequence < 0:
sequence_number = 1
else:
sequence_number = last_sequence + 1
# Build the communication entry. Since we currently support only one
# it will have the same id as its parent
entry_def = policy_defs.CommunicationMapEntryDef(
domain_id=domain_id,
map_id=map_id,
entry_id=map_id,
name=name,
description=description,
sequence_number=sequence_number,
source_groups=source_groups,
dest_groups=dest_groups,
service_ids=service_ids,
action=action,
tenant=tenant)
map_def = policy_defs.CommunicationMapDef(
domain_id=domain_id, map_id=map_id,
tenant=tenant, name=name, description=description,
precedence=precedence, category=category)
if last_sequence < 0:
# if communication map is absent, we need to create it
return self.policy_api.create_with_parent(map_def, entry_def)
# TODO(asarfaty) combine both calls together
self.policy_api.create_or_update(map_def)
self.policy_api.create_or_update(entry_def)
return self.get(domain_id, map_id, tenant=tenant)