def test_securitygroup_create_raise_securitygrouprule_create_failed(self): self.stubs.Set(self.manager.securitygroup_client, "securitygroup_create", fake_securitygroup_create) self.mox.StubOutWithMock( self.manager.securitygrouprule_client, "securitygrouprule_create") self.manager.securitygrouprule_client.securitygrouprule_create( mox.IgnoreArg(), mox.IgnoreArg(), mox.IgnoreArg(), mox.IgnoreArg(), mox.IgnoreArg(), mox.IgnoreArg())\ .AndRaise(exception.SecuritygroupCreateFailed()) self.mox.StubOutWithMock(db, "securitygroup_update") values = {} values["status"] = "ERROR" values["neutron_securitygroup_id"] = fake_securitygroup_create( self.name) db.securitygroup_update( self.context, GID, self.securitygroup_id, values) self.mox.ReplayAll() self.manager.securitygroup_create( self.context, GID, self.securitygroup_id, self.name, self._securitygroups())
def test_securitygroup_create_raise_securitygroup_create_failed(self): self.mox.StubOutWithMock( self.manager.securitygroup_client, "securitygroup_create") self.manager.securitygroup_client.securitygroup_create(mox.IsA(str))\ .AndRaise(exception.SecuritygroupCreateFailed()) self.mox.StubOutWithMock(db, "securitygroup_update") db.securitygroup_update( self.context, GID, self.securitygroup_id, {"status": "ERROR"}) self.mox.ReplayAll() self.manager.securitygroup_create( self.context, GID, self.securitygroup_id, self.name, [])
def test_create_raise_exception_by_scheduler_rpcapi(self): self.mox.StubOutWithMock(db, "securitygroup_update") db.securitygroup_update(IsA(context.RequestContext), IsA(unicode), IsA(unicode), IsA(dict)) scheduler_rpcapi.SchedulerAPI.select_destinations( IsA(context.RequestContext), request_spec={}, filter_properties={} ).AndRaise(Exception()) self.mox.ReplayAll() request_body = {"securitygroup": {"name": "test_securitygroup"}} url = get_base_url(GID) req = get_request(url, "POST", request_body) res = req.get_response(self.app) self.assertEqual(res.status_code, 500)
def test_securitygroup_create_no_securityrules(self): self.stubs.Set(self.manager.securitygroup_client, "securitygroup_create", fake_securitygroup_create) self.mox.StubOutWithMock(db, "securitygroup_update") values = {} values["status"] = "ACTIVE" values["neutron_securitygroup_id"] = fake_securitygroup_create( self.name) db.securitygroup_update( self.context, GID, self.securitygroup_id, values) self.mox.ReplayAll() self.manager.securitygroup_create( self.context, GID, self.securitygroup_id, self.name, [])
def test_update_NotFound_db_securitygroup_create(self): self.mox.StubOutWithMock(db, "securitygroup_update") db.securitygroup_update( IsA(context.RequestContext), GID, SECURITYGROUP_ID, IsA(dict))\ .AndRaise(exception.SecuritygroupNotFound( securitygroup_id=SECURITYGROUP_ID)) self.mox.ReplayAll() request_body = {"securitygroup": {"is_default": "true"}} url = get_base_url(GID) + "/" + SECURITYGROUP_ID req = get_request(url, 'PUT', request_body) res = req.get_response(self.app) self.assertEqual(res.status_code, 404)
def test_securitygroup_create_securitygroup_not_found(self): self.stubs.Set(self.manager.securitygroup_client, "securitygroup_create", fake_securitygroup_create) self.mox.StubOutWithMock(db, "securitygroup_update") values = {} values["status"] = "ACTIVE" values["neutron_securitygroup_id"] = fake_securitygroup_create( self.name) db.securitygroup_update(self.context, GID, self.securitygroup_id, values)\ .AndRaise(exception.SecuritygroupNotFound( securitygroup_id=self.securitygroup_id)) values["status"] = "ERROR" db.securitygroup_update( self.context, GID, self.securitygroup_id, values) self.mox.ReplayAll() self.manager.securitygroup_create( self.context, GID, self.securitygroup_id, self.name, [])
def test_securitygroup_update(self): gid = "12345678-1234-5678-9123-123456789012" self._create_group(gid) values_before = self._get_base_values(gid) securitygroup = db.securitygroup_create(self.user_ctxt, values_before) values = { "is_default": False, "status": "ACTIVE", } securitygroup_after = db.securitygroup_update( self.user_ctxt, gid, securitygroup["securitygroup_id"], values) self.assertEqual(securitygroup_after["is_default"], False) self.assertEqual(securitygroup_after["status"], "ACTIVE")
def test_create_raise_exception_by_operator_rpcapi(self): name = "test_securitygroup" request_body = {"securitygroup": {"name": name}} self.mox.StubOutWithMock(db, "securitygroup_update") db.securitygroup_update(IsA(context.RequestContext), GID, IsA(unicode), {"status": "ERROR"}) scheduler_rpcapi.SchedulerAPI.select_destinations( IsA(context.RequestContext), request_spec={}, filter_properties={} ).AndReturn({"host": "fake_host"}) operator_rpcapi.ResourceOperatorAPI.securitygroup_create( IsA(context.RequestContext), "fake_host", gid=GID, securitygroup_id=IsA(unicode), name=name, securitygrouprules=[], ).AndRaise(Exception()) self.mox.ReplayAll() url = get_base_url(GID) req = get_request(url, "POST", request_body) res = req.get_response(self.app) self.assertEqual(res.status_code, 500)
def securitygroup_create(self, context, gid, securitygroup_id, name, securitygrouprules): values = {} try: values["neutron_securitygroup_id"] =\ self.securitygroup_client.securitygroup_create(name) for securitygrouprule in securitygrouprules: self.securitygrouprule_client.securitygrouprule_create( neutron_securitygroup_id=values[ "neutron_securitygroup_id"], protocol=securitygrouprule.get("protocol"), port_range_min=securitygrouprule.get("port_range_min"), port_range_max=securitygrouprule.get("port_range_max"), remote_neutron_securitygroup_id=securitygrouprule.get( "remote_neutron_securitygroup_id"), remote_ip_prefix=securitygrouprule.get("remote_ip_prefix") ) values["status"] = "ACTIVE" db.securitygroup_update(context, gid, securitygroup_id, values) except Exception as e: values["status"] = "ERROR" db.securitygroup_update(context, gid, securitygroup_id, values) LOG.exception(e)
def update(self, req, body, gid, securitygroup_id): def _validate(body, gid, securitygroup_id): if not self.is_valid_body(body, 'securitygroup'): msg = _("Invalid request body") raise exception.InvalidInput(reason=msg) values = body["securitygroup"] is_default = values.get("is_default") if not uuidutils.is_uuid_like(gid): raise exception.GroupNotFound(gid=gid) if not uuidutils.is_uuid_like(securitygroup_id): raise exception.SecuritygroupNotFound( securitygroup_id=securitygroup_id) if is_default: try: is_default = strutils.bool_from_string( is_default, strict=True) except ValueError: msg = _("is_default must be a boolean") raise exception.InvalidInput(reason=msg) else: msg = _("SecurityGroup is_default is required") raise exception.InvalidInput(reason=msg) valid_values = {} valid_values["is_default"] = is_default return valid_values try: values = _validate(body, gid, securitygroup_id) context = req.environ['rack.context'] securitygroup = db.securitygroup_update( context, gid, securitygroup_id, values) except exception.InvalidInput as exc: raise webob.exc.HTTPBadRequest(explanation=exc.format_message()) except exception.NotFound as exc: raise webob.exc.HTTPNotFound(explanation=exc.format_message()) return self._view_builder.update(securitygroup)
def create(self, req, body, gid): def _validate_securitygroup(gid, body): if not uuidutils.is_uuid_like(gid): raise exception.GroupNotFound(gid=gid) if not self.is_valid_body(body, 'securitygroup'): msg = _("Invalid request body") raise exception.InvalidInput(reason=msg) values = body["securitygroup"] name = values.get("name") is_default = values.get("is_default") if isinstance(name, six.string_types): name = name.strip() utils.check_string_length(name, 'name', min_length=1, max_length=255) if is_default: try: is_default = strutils.bool_from_string( is_default, strict=True) except ValueError: msg = _("is_default must be a boolean") raise exception.InvalidInput(reason=msg) else: is_default = False valid_values = {} valid_values["gid"] = gid valid_values["display_name"] = name valid_values["is_default"] = is_default return valid_values def _validate_securitygrouprules(securitygrouprules): valid_securitygrouprules = [] for securitygroup in securitygrouprules: protocol = securitygroup.get("protocol") port_range_max = securitygroup.get("port_range_max") port_range_min = securitygroup.get("port_range_min") remote_securitygroup_id = securitygroup.get( "remote_securitygroup_id") remote_ip_prefix = securitygroup.get("remote_ip_prefix") if not protocol: msg = _("SecurityGroupRule protocol is required") raise exception.InvalidInput(reason=msg) elif not utils.is_valid_protocol(protocol): msg = _( "SecurityGroupRule protocol should be tcp or udp or " "icmp") raise exception.InvalidInput(reason=msg) if not remote_securitygroup_id and not remote_ip_prefix: msg = _( "SecurityGroupRule either remote_securitygroup_id or " "remote_ip_prefix is required") raise exception.InvalidInput(reason=msg) elif remote_securitygroup_id and remote_ip_prefix: msg = _( "SecurityGroupRule either remote_securitygroup_id or " "remote_ip_prefix is required") raise exception.InvalidInput(reason=msg) elif remote_securitygroup_id is not None: if not uuidutils.is_uuid_like(remote_securitygroup_id): raise exception.SecuritygroupNotFound( securitygroup_id=remote_securitygroup_id) elif remote_ip_prefix is not None: if not utils.is_valid_cidr(remote_ip_prefix): msg = _( "SecurityGroupRule remote_ip_prefix should be " "cidr format") raise exception.InvalidInput(reason=msg) if protocol in ["tcp", "udp"]: if port_range_max is None: msg = _("SecurityGroupRule port_range_max is " "required") raise exception.InvalidInput(reason=msg) utils.validate_integer( port_range_max, 'port_range_max', min_value=1, max_value=65535) if port_range_min: utils.validate_integer( port_range_min, 'port_range_min', min_value=1, max_value=65535) if port_range_min > port_range_max: msg = _( "SecurityGroupRule port_range_min should be " "lower than port_range_max") raise exception.InvalidInput(reason=msg) elif protocol == "icmp": port_range_max = None port_range_min = None valid_securitygrouprules.append({ "protocol": protocol, "port_range_max": port_range_max, "port_range_min": port_range_min, "remote_securitygroup_id": remote_securitygroup_id, "remote_ip_prefix": unicode(netaddr .IPNetwork(remote_ip_prefix)) if remote_ip_prefix else remote_ip_prefix }) return valid_securitygrouprules try: context = req.environ['rack.context'] values = _validate_securitygroup(gid, body) if(body["securitygroup"].get("securitygrouprules")): securitygrouprules = _validate_securitygrouprules( body["securitygroup"].get("securitygrouprules")) else: securitygrouprules = [] except exception.InvalidInput as exc: raise webob.exc.HTTPBadRequest(explanation=exc.format_message()) except exception.NotFound as exc: raise webob.exc.HTTPNotFound(explanation=exc.format_message()) values["deleted"] = 0 values["status"] = "BUILDING" values["securitygroup_id"] = unicode(uuid.uuid4()) values["user_id"] = context.user_id values["project_id"] = context.project_id values["display_name"] = values[ "display_name"] or "sec-" + values["securitygroup_id"] try: for i in range(len(securitygrouprules)): if securitygrouprules[i]["remote_securitygroup_id"]: securitygroup = db\ .securitygroup_get_by_securitygroup_id( context, gid, securitygrouprules[i]["remote_securitygroup_id"]) remote_neutron_securitygroup_id = securitygroup.get( "neutron_securitygroup_id") securitygrouprules[i][ "remote_neutron_securitygroup_id"] =\ remote_neutron_securitygroup_id db.group_get_by_gid(context, gid) securitygroup = db.securitygroup_create(context, values) except exception.NotFound as exc: raise webob.exc.HTTPNotFound(explanation=exc.format_message()) try: host = self.scheduler_rpcapi.select_destinations( context, request_spec={}, filter_properties={}) self.operator_rpcapi.securitygroup_create( context, host["host"], gid=gid, securitygroup_id=values["securitygroup_id"], name=values["display_name"], securitygrouprules=securitygrouprules) except Exception: securitygroup_id = values["securitygroup_id"] db.securitygroup_update( context, gid, securitygroup_id, {"status": "ERROR"}) raise exception.SecuritygroupCreateFailed() return self._view_builder.create(securitygroup)