def test_get_logs_bound_sg(self):
with self.network() as network, \
self.subnet(network=network) as subnet, \
self.port(subnet=subnet) as p1, \
self.port(subnet=subnet, security_groups=[self.sg_id]) as p2:
log = _create_log(self.context, self._tenant_id)
log_sg = _create_log(self.context, self._tenant_id,
resource_id=self.sg_id)
log_port_no_sg = _create_log(self.context, self._tenant_id,
target_id=p1['port']['id'])
log_port_sg = _create_log(self.context, self._tenant_id,
target_id=p2['port']['id'])
self.assertEqual(
[log, log_sg, log_port_sg],
db_api.get_logs_bound_sg(self.context, sg_id=self.sg_id,
project_id=self._tenant_id))
self.assertEqual(
[log_sg, log_port_sg],
db_api.get_logs_bound_sg(self.context, sg_id=self.sg_id,
project_id=self._tenant_id,
exclusive=True))
self.assertEqual(
[log_port_no_sg],
db_api.get_logs_bound_sg(
self.context, project_id=self._tenant_id,
port_id=p1['port']['id']))
self.assertEqual(
[log_port_sg],
db_api.get_logs_bound_sg(
self.context, project_id=self._tenant_id,
port_id=p2['port']['id']))
def test_get_logs_not_bound_sg(self):
with self.network() as network, \
self.subnet(network), \
self.security_group() as sg:
sg2_id = sg['security_group']['id']
res = self._create_port(self.fmt,
network['network']['id'],
security_groups=[sg2_id])
port2_id = self.deserialize(self.fmt, res)['port']['id']
log = _create_log(self.context,
self._tenant_id,
target_id=port2_id)
with mock.patch.object(log_object.Log,
'get_objects',
return_value=[log]):
self.assertEqual([],
db_api.get_logs_bound_sg(
self.context,
self.sg_id,
project_id=self._tenant_id))
# Test get log objects with required resource type
calls = [
mock.call(self.context,
project_id=self._tenant_id,
resource_type=log_const.SECURITY_GROUP,
enabled=True)
]
log_object.Log.get_objects.assert_has_calls(calls)
def _clean_security_group_logs(self, resource, event, trigger, payload):
context = payload.context.elevated()
sg_id = payload.resource_id
with db_api.CONTEXT_WRITER.using(context):
sg_logs = log_db_api.get_logs_bound_sg(context, sg_id)
for log in sg_logs:
self.delete_log(context, log['id'])
def test_get_logs_bound_sg(self):
log = _create_log(resource_id=self.sg_id, tenant_id=self.tenant_id)
with mock.patch.object(log_object.Log,
'get_objects',
return_value=[log]):
self.assertEqual([log],
db_api.get_logs_bound_sg(self.context,
self.sg_id))
def test_get_logs_bound_sg(self):
log = _create_log(resource_id=self.sg_id, tenant_id=self.tenant_id)
with mock.patch.object(log_object.Log, 'get_objects',
return_value=[log]):
self.assertEqual(
[log], db_api.get_logs_bound_sg(self.context, self.sg_id))
# Test get log objects with required resource type
calls = [mock.call(self.context, project_id=self.tenant_id,
resource_type=log_const.SECURITY_GROUP,
enabled=True)]
log_object.Log.get_objects.assert_has_calls(calls)
def test_get_logs_bound_sg(self):
log = _create_log(resource_id=self.sg_id, tenant_id=self.tenant_id)
with mock.patch.object(log_object.Log, 'get_objects',
return_value=[log]):
self.assertEqual(
[log], db_api.get_logs_bound_sg(self.context, self.sg_id))
# Test get log objects with required resource type
calls = [mock.call(self.context, project_id=self.tenant_id,
resource_type=log_const.SECURITY_GROUP,
enabled=True)]
log_object.Log.get_objects.assert_has_calls(calls)
def handle_event(self, resource, event, trigger, **kwargs):
context = kwargs.get("context")
sg_rule = kwargs.get('security_group_rule')
if sg_rule:
sg_id = sg_rule.get('security_group_id')
else:
sg_id = kwargs.get('security_group_id')
log_resources = db_api.get_logs_bound_sg(context, sg_id)
if log_resources:
self.resource_push_api(log_const.RESOURCE_UPDATE, context,
log_resources)
def handle_event(self, resource, event, trigger, **kwargs):
context = kwargs.get("context")
sg_rule = kwargs.get('security_group_rule')
if sg_rule:
sg_id = sg_rule.get('security_group_id')
else:
sg_id = kwargs.get('security_group_id')
log_resources = db_api.get_logs_bound_sg(context, sg_id)
if log_resources:
self.resource_push_api(
log_const.RESOURCE_UPDATE, context, log_resources)
def handle_event(self, resource, event, trigger, payload):
context = payload.context
sg_rule = payload.latest_state
if sg_rule:
sg_id = sg_rule.get('security_group_id')
else:
sg_id = payload.resource_id
log_resources = db_api.get_logs_bound_sg(context, sg_id)
if log_resources:
self.resource_push_api(
log_const.RESOURCE_UPDATE, context, log_resources)
def test_get_logs_not_bound_sg(self):
with self.network() as network, \
self.subnet(network), \
self.security_group() as sg:
sg2_id = sg['security_group']['id']
res = self._create_port(
self.fmt, network['network']['id'],
security_groups=[sg2_id])
port2_id = self.deserialize(self.fmt, res)['port']['id']
log = _create_log(target_id=port2_id, tenant_id=self.tenant_id)
with mock.patch.object(log_object.Log, 'get_objects',
return_value=[log]):
self.assertEqual(
[], db_api.get_logs_bound_sg(self.context, self.sg_id))
def test_get_logs_not_bound_sg(self):
with self.network() as network, \
self.subnet(network), \
self.security_group() as sg:
sg2_id = sg['security_group']['id']
res = self._create_port(self.fmt,
network['network']['id'],
security_groups=[sg2_id])
port2_id = self.deserialize(self.fmt, res)['port']['id']
log = _create_log(target_id=port2_id, tenant_id=self.tenant_id)
with mock.patch.object(log_object.Log,
'get_objects',
return_value=[log]):
self.assertEqual([],
db_api.get_logs_bound_sg(
self.context, self.sg_id))
def _handle_sg_rule_callback(self, resource, event, trigger, **kwargs):
"""Handle sg_rule create/delete events
This method handles sg_rule events, if sg_rule bound by log_resources,
it should tell to agent to update log_drivers.
"""
context = kwargs['context']
sg_rules = kwargs.get('security_group_rule')
if sg_rules:
sg_id = sg_rules.get('security_group_id')
else:
sg_id = kwargs.get('security_group_id')
log_resources = db_api.get_logs_bound_sg(context, sg_id)
if log_resources:
self.call(log_const.RESOURCE_UPDATE, context, log_resources)
def _handle_sg_rule_callback(self, resource, event, trigger, **kwargs):
"""Handle sg_rule create/delete events
This method handles sg_rule events, if sg_rule bound by log_resources,
it should tell to agent to update log_drivers.
"""
context = kwargs['context']
sg_rules = kwargs.get('security_group_rule')
if sg_rules:
sg_id = sg_rules.get('security_group_id')
else:
sg_id = kwargs.get('security_group_id')
log_resources = db_api.get_logs_bound_sg(context, sg_id)
if log_resources:
self.call(
log_const.RESOURCE_UPDATE, context, log_resources)
def test_get_logs_not_bound_sg(self):
with self.network() as network, \
self.subnet(network), \
self.security_group() as sg:
sg2_id = sg['security_group']['id']
res = self._create_port(
self.fmt, network['network']['id'],
security_groups=[sg2_id])
port2_id = self.deserialize(self.fmt, res)['port']['id']
log = _create_log(target_id=port2_id, tenant_id=self.tenant_id)
with mock.patch.object(log_object.Log, 'get_objects',
return_value=[log]):
self.assertEqual(
[], db_api.get_logs_bound_sg(self.context, self.sg_id))
# Test get log objects with required resource type
calls = [mock.call(self.context, project_id=self.tenant_id,
resource_type=log_const.SECURITY_GROUP,
enabled=True)]
log_object.Log.get_objects.assert_has_calls(calls)
def test_get_logs_bound_sg(self):
log = _create_log(resource_id=self.sg_id, tenant_id=self.tenant_id)
with mock.patch.object(log_object.Log, 'get_objects',
return_value=[log]):
self.assertEqual(
[log], db_api.get_logs_bound_sg(self.context, self.sg_id))
def _clean_logs(self, context, sg_id=None, port_id=None):
with db_api.CONTEXT_WRITER.using(context):
sg_logs = log_db_api.get_logs_bound_sg(
context, sg_id=sg_id, port_id=port_id, exclusive=True)
for log in sg_logs:
self.delete_log(context, log['id'])