def test_port_security_and_allowed_address_pairs(self):
project = Project('%s-project' % self.id())
self.api.project_create(project)
vn = VirtualNetwork('vn-%s' % self.id(), parent_obj=project)
self.api.virtual_network_create(vn)
addr_pair = AllowedAddressPairs(allowed_address_pair=[
AllowedAddressPair(ip=SubnetType('1.1.1.0', 24),
mac='02:ce:1b:d7:a6:e7')
])
msg = (r"^Allowed address pairs are not allowed when port security is "
"disabled$")
vmi = VirtualMachineInterface(
'vmi-%s' % self.id(),
parent_obj=project,
port_security_enabled=False,
virtual_machine_interface_allowed_address_pairs=addr_pair)
vmi.set_virtual_network(vn)
with self.assertRaisesRegexp(BadRequest, msg):
self.api.virtual_machine_interface_create(vmi)
vmi = VirtualMachineInterface('vmi-%s' % self.id(),
parent_obj=project,
port_security_enabled=False)
vmi.set_virtual_network(vn)
self.api.virtual_machine_interface_create(vmi)
# updating a port with allowed address pair should throw an exception
# when port security enabled is set to false
vmi.virtual_machine_interface_allowed_address_pairs = addr_pair
with self.assertRaisesRegexp(BadRequest, msg):
self.api.virtual_machine_interface_update(vmi)
def test_disable_port_security_with_empty_allowed_address_pair_list(self):
project = Project('%s-project' % self.id())
self.api.project_create(project)
vn = VirtualNetwork('vn-%s' % self.id(), parent_obj=project)
self.api.virtual_network_create(vn)
addr_pair = AllowedAddressPairs()
vmi1 = VirtualMachineInterface(
'vmi1-%s' % self.id(),
parent_obj=project,
port_security_enabled=False,
virtual_machine_interface_allowed_address_pairs=addr_pair)
vmi1.set_virtual_network(vn)
self.api.virtual_machine_interface_create(vmi1)
addr_pair = AllowedAddressPairs(allowed_address_pair=[
AllowedAddressPair(ip=SubnetType('1.1.1.0', 24),
mac='02:ce:1b:d7:a6:e7')
])
vmi2 = VirtualMachineInterface(
'vmi2-%s' % self.id(),
parent_obj=project,
port_security_enabled=True,
virtual_machine_interface_allowed_address_pairs=addr_pair)
vmi2.set_virtual_network(vn)
self.api.virtual_machine_interface_create(vmi2)
addr_pair = AllowedAddressPairs()
vmi2.set_virtual_machine_interface_allowed_address_pairs(addr_pair)
self.api.virtual_machine_interface_update(vmi2)
vmi2.set_port_security_enabled(False)
self.api.virtual_machine_interface_update(vmi2)
def test_subnet_type_validation(self):
test_suite = [
(SubnetType('0', 0), ('0.0.0.0', 0)),
(SubnetType('1.1.1.1'), BadRequest),
(SubnetType('1.1.1.1', 24), ('1.1.1.0', 24)),
(SubnetType('1.1.1.1', '24'), ('1.1.1.0', 24)),
(SubnetType('1.1.1.1', 32), ('1.1.1.1', 32)),
(SubnetType('1.1.1.e', 32), BadRequest),
(SubnetType('1.1.1.1', '32e'), BadRequest),
(SubnetType('1.1.1.0,2.2.2.0', 24), BadRequest),
(SubnetType(''), BadRequest),
(SubnetType('', 30), BadRequest),
(SubnetType('::', 0), ('::', 0)),
(SubnetType('::'), BadRequest),
(SubnetType('dead::beef', 128), ('dead::beef', 128)),
(SubnetType('dead::beef', '128'), ('dead::beef', 128)),
(SubnetType('dead::beef', 96), ('dead::', 96)),
(SubnetType('dead::beez', 96), BadRequest),
(SubnetType('dead::beef', '96e'), BadRequest),
(SubnetType('dead::,beef::', 64), BadRequest),
]
project = Project('%s-project' % self.id())
self.api.project_create(project)
vn = VirtualNetwork('vn-%s' % self.id(), parent_obj=project)
self.api.virtual_network_create(vn)
vmi = VirtualMachineInterface('vmi-%s' % self.id(), parent_obj=project)
vmi.set_virtual_network(vn)
self.api.virtual_machine_interface_create(vmi)
for subnet, expected_result in test_suite:
aaps = AllowedAddressPairs(
allowed_address_pair=[AllowedAddressPair(ip=subnet)])
vmi.set_virtual_machine_interface_allowed_address_pairs(aaps)
if (type(expected_result) == type and
issubclass(expected_result, Exception)):
self.assertRaises(
expected_result,
self.api.virtual_machine_interface_update,
vmi)
else:
self.api.virtual_machine_interface_update(vmi)
vmi = self.api.virtual_machine_interface_read(id=vmi.uuid)
returned_apps = vmi.\
get_virtual_machine_interface_allowed_address_pairs().\
get_allowed_address_pair()
self.assertEqual(len(returned_apps), 1)
returned_subnet = returned_apps[0].get_ip()
self.assertEqual(returned_subnet.ip_prefix,
expected_result[0])
self.assertEqual(returned_subnet.ip_prefix_len,
expected_result[1])