def _stubs(self):
ports = [{"device_id": 1, "mac_address": 1}]
vifs = ["1.1", "2.2", "3.3"]
security_groups = [{"id": 1, "name": "test_group"}]
with contextlib.nested(
mock.patch("neutron.context.get_admin_context"),
mock.patch("quark.db.api.security_group_rule_find"),
mock.patch("quark.db.api.ports_with_security_groups_find"),
mock.patch("%s._get_connection" %
TOOL_MOD)) as (get_admin_ctxt, rule_find,
db_ports_groups, get_conn):
connection_mock = mock.MagicMock()
get_conn.return_value = connection_mock
ports_with_groups_mock = mock.MagicMock()
port_mods = []
sg_mods = [models.SecurityGroup(**sg) for sg in security_groups]
for port in ports:
port_mod = models.Port(**port)
port_mod.security_groups = sg_mods
port_mods.append(port_mod)
sg_rule = models.SecurityGroupRule()
rule_find.return_value = [sg_rule]
db_ports_groups.return_value = ports_with_groups_mock
ctxt_mock = mock.MagicMock()
get_admin_ctxt.return_value = ctxt_mock
ports_with_groups_mock.all.return_value = port_mods
connection_mock.vif_keys.return_value = vifs
connection_mock.serialize_rules.return_value = "rules"
yield (get_conn, connection_mock, db_ports_groups, ctxt_mock,
sg_rule)
def _stubs(self, rule, group, limit_raise=False):
dbgroup = None
if group:
dbgroup = models.SecurityGroup()
dbgroup.update(group)
def _create_rule(context, **rule):
dbrule = models.SecurityGroupRule()
dbrule.update(rule)
dbrule["group_id"] = rule['security_group_id']
return dbrule
with contextlib.nested(
mock.patch("quark.db.api.security_group_find"),
mock.patch("quark.db.api.security_group_rule_find"),
mock.patch("quark.db.api.security_group_rule_create"),
mock.patch("quark.protocols.human_readable_protocol"),
mock.patch("neutron.quota.QuotaEngine.limit_check")) as (
group_find, rule_find, rule_create, human, limit_check):
group_find.return_value = dbgroup
rule_find.return_value.count.return_value = group.get(
'port_rules', None) if group else 0
rule_create.side_effect = _create_rule
human.return_value = rule["protocol"]
if limit_raise:
limit_check.side_effect = exceptions.OverQuota
yield rule_create
def _stubs(self, security_group, other=0):
dbgroup = models.SecurityGroup()
dbgroup.update(security_group)
with mock.patch("quark.db.api.security_group_find") as db_find, \
mock.patch("quark.db.api.security_group_create") as db_create:
db_find.return_value.count.return_value = other
db_create.return_value = dbgroup
yield db_create
def _stubs(self, security_group, other=0):
dbgroup = models.SecurityGroup()
dbgroup.update(security_group)
with contextlib.nested(
mock.patch("quark.db.api.security_group_find"),
mock.patch("quark.db.api.security_group_create"),
) as (db_find, db_create):
db_find.return_value.count.return_value = other
db_create.return_value = dbgroup
yield db_create
def _stubs(self, security_group=None):
dbgroup = None
if security_group:
dbgroup = models.SecurityGroup()
dbgroup.update(security_group)
with mock.patch("quark.db.api.security_group_find") as group_find, \
mock.patch("quark.db.api.security_group_delete") as \
db_group_delete:
group_find.return_value = dbgroup
db_group_delete.return_value = dbgroup
yield db_group_delete
def _stubs(self, security_group=None):
dbgroup = None
if security_group:
dbgroup = models.SecurityGroup()
dbgroup.update(security_group)
with contextlib.nested(
mock.patch("quark.db.api.security_group_find"),
mock.patch("quark.db.api.security_group_delete"),
) as (group_find, db_group_delete):
group_find.return_value = dbgroup
db_group_delete.return_value = dbgroup
yield db_group_delete
def _stubs(self, rule={}, group={'id': 1}):
dbrule = None
dbgroup = None
if group:
dbgroup = models.SecurityGroup()
dbgroup.update(group)
if rule:
dbrule = models.SecurityGroupRule()
dbrule.update(dict(rule, group=dbgroup))
with contextlib.nested(
mock.patch("quark.db.api.security_group_find"),
mock.patch("quark.db.api.security_group_rule_find"),
mock.patch("quark.db.api.security_group_rule_delete"),
) as (group_find, rule_find, db_group_delete):
group_find.return_value = dbgroup
rule_find.return_value = dbrule
yield db_group_delete
def test_update_security_group_rule(self):
sg_dict = {"id": 0}
sg = models.SecurityGroup()
sg.update(sg_dict)
rule_dict = {
"id": 1,
"direction": "ingress",
"port_range_min": 80,
"port_range_max": 100,
"remote_ip_prefix": None,
"ethertype": protocols.translate_ethertype("IPv4"),
"tenant_id": "foo",
"protocol": "UDP",
"group_id": 1,
"external_service_id": None,
"external_service": None
}
rule = models.SecurityGroupRule()
rule.update(rule_dict)
updated_part = {
'external_service_id': 'aaa',
'external_service': 'bbb'
}
with mock.patch('quark.db.api.security_group_rule_find') as db_find, \
mock.patch('quark.db.api.security_group_rule_update') \
as db_update, \
mock.patch('quark.db.api.security_group_find') as sg_find:
db_find.return_value = rule
rule_dict.update(updated_part)
new_rule = models.SecurityGroupRule()
new_rule.update(rule_dict)
db_update.return_value = new_rule
sg_find.return_value = sg
update = dict(security_group_rule=updated_part)
resp = self.plugin.update_security_group_rule(
self.context, 1, update)
self.assertEqual(resp['external_service_id'],
updated_part['external_service_id'])
self.assertEqual(resp['external_service'],
updated_part['external_service'])
def _stubs(self, rule, group):
dbrule = models.SecurityGroupRule()
dbrule.update(rule)
dbrule.group_id = rule['security_group_id']
dbgroup = None
if group:
dbgroup = models.SecurityGroup()
dbgroup.update(group)
with contextlib.nested(
mock.patch("quark.db.api.security_group_find"),
mock.patch("quark.db.api.security_group_rule_find"),
mock.patch("quark.db.api.security_group_rule_create")) as (
group_find, rule_find, rule_create):
group_find.return_value = dbgroup
rule_find.return_value.count.return_value = group.get(
'port_rules', None) if group else 0
rule_create.return_value = dbrule
yield rule_create
def test_serialize_filters_dest_v4_net(self, strict_redis, conn_pool):
rule_dict = {"ethertype": 0x800, "protocol": 1, "direction": "egress",
"remote_ip_prefix": "192.168.0.0/0"}
client = sg_client.SecurityGroupsClient()
group = models.SecurityGroup()
rule = models.SecurityGroupRule()
rule.update(rule_dict)
group.rules.append(rule)
payload = client.serialize_groups([group])
rule = payload[0]
self.assertEqual(0x800, rule["ethertype"])
self.assertEqual(1, rule["protocol"])
self.assertEqual(None, rule["icmp type"])
self.assertEqual(None, rule["icmp code"])
self.assertEqual("allow", rule["action"])
self.assertEqual("egress", rule["direction"])
self.assertEqual("", rule["source network"])
self.assertEqual("", rule["destination network"])
def test_serialize_group_with_rules(self, strict_redis, conn_pool):
rule_dict = {"ethertype": 0x800, "protocol": 6, "port_range_min": 80,
"port_range_max": 443, "direction": "ingress"}
client = sg_client.SecurityGroupsClient()
group = models.SecurityGroup()
rule = models.SecurityGroupRule()
rule.update(rule_dict)
group.rules.append(rule)
payload = client.serialize_groups([group])
rule = payload[0]
self.assertEqual(0x800, rule["ethertype"])
self.assertEqual(6, rule["protocol"])
self.assertEqual(80, rule["port start"])
self.assertEqual(443, rule["port end"])
self.assertEqual("allow", rule["action"])
self.assertEqual("ingress", rule["direction"])
self.assertEqual("", rule["source network"])
self.assertEqual("", rule["destination network"])
def test_serialize_group_with_rules_and_remote_network(self, redis):
rule_dict = {"ethertype": 0x800, "protocol": 1, "direction": "ingress",
"remote_ip_prefix": "192.168.0.0/24"}
client = redis_client.Client()
group = models.SecurityGroup()
rule = models.SecurityGroupRule()
rule.update(rule_dict)
group.rules.append(rule)
payload = client.serialize([group])
self.assertTrue(payload.get("id") is not None)
rule = payload["rules"][0]
self.assertEqual(0x800, rule["ethertype"])
self.assertEqual(1, rule["protocol"])
self.assertEqual(None, rule["port start"])
self.assertEqual(None, rule["port end"])
self.assertEqual("allow", rule["action"])
self.assertEqual("ingress", rule["direction"])
self.assertEqual("::ffff:192.168.0.0/120", rule["source network"])
self.assertEqual("", rule["destination network"])
def test_create_port_security_groups(self, groups=[1]):
network = dict(id=1)
mac = dict(address="aa:bb:cc:dd:ee:ff")
port_name = "foobar"
ip = dict()
group = models.SecurityGroup()
group.update({
'id': 1,
'tenant_id': self.context.tenant_id,
'name': 'foo',
'description': 'bar'
})
port = dict(port=dict(mac_address=mac["address"],
network_id=1,
tenant_id=self.context.tenant_id,
device_id=2,
name=port_name,
security_groups=[group]))
expected = {
'status': "ACTIVE",
'name': port_name,
'device_owner': None,
'mac_address': mac["address"],
'network_id': network["id"],
'tenant_id': self.context.tenant_id,
'admin_state_up': None,
'fixed_ips': [],
'security_groups': groups,
'device_id': 2
}
with self._stubs(port=port["port"], network=network, addr=ip,
mac=mac) as port_create:
with mock.patch("quark.db.api.security_group_find") as group_find:
group_find.return_value = (groups and group)
port["port"]["security_groups"] = groups or [1]
result = self.plugin.create_port(self.context, port)
self.assertTrue(port_create.called)
for key in expected.keys():
self.assertEqual(result[key], expected[key])
def test_serialize_filters_source_v6_net(self, strict_redis):
rule_dict = {
"ethertype": 0x86DD,
"protocol": 58,
"direction": "ingress",
"remote_ip_prefix": "feed::/0"
}
client = sg_client.SecurityGroupsClient()
group = models.SecurityGroup()
rule = models.SecurityGroupRule()
rule.update(rule_dict)
group.rules.append(rule)
payload = client.serialize_groups([group])
rule = payload[0]
self.assertEqual(0x86DD, rule["ethertype"])
self.assertEqual(58, rule["protocol"])
self.assertEqual(None, rule["icmp type"])
self.assertEqual(None, rule["icmp code"])
self.assertEqual("allow", rule["action"])
self.assertEqual("ingress", rule["direction"])
self.assertEqual("", rule["source network"])
self.assertEqual("", rule["destination network"])
def security_group_create(context, **sec_group_dict):
new_group = models.SecurityGroup()
new_group.update(sec_group_dict)
new_group["tenant_id"] = context.tenant_id
context.session.add(new_group)
return new_group
def test_serialize_group_no_rules(self, redis):
client = redis_client.Client()
group = models.SecurityGroup()
payload = client.serialize([group])
self.assertTrue(payload.get("id") is not None)
self.assertEqual([], payload.get("rules"))
def test_serialize_group_no_rules(self, strict_redis, conn_pool):
client = sg_client.SecurityGroupsClient()
group = models.SecurityGroup()
payload = client.serialize_groups([group])
self.assertEqual([], payload)
