def test_create_delete_security_group(self): secgroup = objects.SecGroupTestObj(self.neutron, self.nb_api) self.addCleanup(secgroup.close) sg_id = secgroup.create() self.assertTrue(secgroup.exists()) secgroup_obj = secgroups.SecurityGroup(id=sg_id) version1 = self.nb_api.get(secgroup_obj).version secgroup.update() self.assertTrue(secgroup.exists()) secgroup_obj = secgroups.SecurityGroup(id=sg_id) version2 = self.nb_api.get(secgroup_obj).version self.assertNotEqual(version1, version2) secgroup.close() self.assertFalse(secgroup.exists())
def _get_another_security_group(self, is_ipv6=False): fake_security_group = secgroups.SecurityGroup( name="fake_security_group", topic="fake_tenant1", version=5, unique_key=2, id="fake_security_group_id2", rules=[ secgroups.SecurityGroupRule( direction="egress", security_group_id="fake_security_group_id2", ethertype=self._get_ether_type(is_ipv6), topic="fake_tenant1", protocol="tcp", port_range_max=None, port_range_min=None, remote_group_id=None, remote_ip_prefix=self._get_ip_prefix(is_ipv6), id="fake_security_group_rule_5"), secgroups.SecurityGroupRule( direction="ingress", security_group_id="fake_security_group_id2", ethertype=self._get_ether_type(is_ipv6), topic="fake_tenant1", port_range_max=None, port_range_min=None, protocol=None, remote_group_id="fake_security_group_id2", remote_ip_prefix=None, id="fake_security_group_rule_6") ]) return fake_security_group
def rule_exists(self, secrule_id): sg_obj = secgroups.SecurityGroup(id=self.secgroup_id) secgroup = self.nb_api.get(sg_obj) if secgroup: for rule in secgroup.rules: if rule.id == secrule_id: return True return False
def security_group_from_neutron_obj(secgroup): sg_name = secgroup.get('name', df_const.DF_SG_DEFAULT_NAME) rules = secgroup.get('security_group_rules', []) rules_mdls = [security_group_rule_from_neutron_obj(rule) for rule in rules] return secgroups.SecurityGroup(id=secgroup['id'], topic=secgroup['tenant_id'], name=sg_name, rules=rules_mdls, version=secgroup['revision_number'])
def security_group_from_neutron_obj(secgroup): sg_name = secgroup.get('name') rules = secgroup.get('security_group_rules', []) rules_mdls = [security_group_rule_from_neutron_obj(rule) for rule in rules] topic = df_utils.get_obj_topic(secgroup) return secgroups.SecurityGroup( id=secgroup['id'], topic=topic, name=sg_name, rules=rules_mdls, version=secgroup['revision_number'])
def test_sg_version(self): secgroup = objects.SecGroupTestObj(self.neutron, self.nb_api) self.addCleanup(secgroup.close) sg_id = secgroup.create() self.assertTrue(secgroup.exists()) sg_obj = secgroups.SecurityGroup(id=sg_id) version = self.nb_api.get(sg_obj).version secrule_id = secgroup.rule_create() self.assertTrue(secgroup.rule_exists(secrule_id)) sg_obj = secgroups.SecurityGroup(id=sg_id) new_version = self.nb_api.get(sg_obj).version self.assertGreater(new_version, version) secgroup.rule_delete(secrule_id) self.assertFalse(secgroup.rule_exists(secrule_id)) version = new_version sg_obj = secgroups.SecurityGroup(id=sg_id) new_version = self.nb_api.get(sg_obj).version self.assertGreater(new_version, version) secgroup.close() self.assertFalse(secgroup.exists())
def delete_security_group(self, resource, event, trigger, **kwargs): sg = kwargs['security_group'] sg_obj = secgroups.SecurityGroup(id=sg['id'], topic=sg['tenant_id']) self.nb_api.delete(sg_obj) LOG.info("DFMechDriver: delete security group %s", sg['id'])
fake_security_group = secgroups.SecurityGroup( name="fake_security_group", topic="fake_tenant1", version=5, unique_key=1, id="fake_security_group_id1", rules=[ secgroups.SecurityGroupRule( direction="egress", security_group_id="fake_security_group_id1", ethertype=n_const.IPv4, topic="fake_tenant1", port_range_max=53, port_range_min=53, protocol=n_const.PROTO_NUM_UDP, remote_group_id=None, remote_ip_prefix="192.168.180.0/28", id="fake_security_group_rule_1"), secgroups.SecurityGroupRule( direction="ingress", security_group_id="fake_security_group_id1", ethertype="IPv4", topic="fake_tenant1", port_range_max=None, port_range_min=None, protocol=None, remote_group_id="fake_security_group_id1", remote_ip_prefix=None, id="fake_security_group_rule_2"), secgroups.SecurityGroupRule( direction="egress", security_group_id="fake_security_group_id1", ethertype=n_const.IPv6, topic="fake_tenant1", port_range_max=53, port_range_min=53, protocol=n_const.PROTO_NUM_UDP, remote_group_id=None, remote_ip_prefix="1111::/64", id="fake_security_group_rule_3"), secgroups.SecurityGroupRule( direction="ingress", security_group_id="fake_security_group_id1", ethertype=n_const.IPv6, topic="fake_tenant1", port_range_max=None, port_range_min=None, protocol=None, remote_group_id="fake_security_group_id1", remote_ip_prefix=None, id="fake_security_group_rule_4") ])
def test_delete_security_group(self): sg = self._test_create_security_group_revision() self.driver.delete_security_group(self.context, sg['id']) self.nb_api.delete.assert_called_with( secgroups.SecurityGroup(id=sg['id'], topic=sg['project_id']))
def exists(self): sg_obj = secgroups.SecurityGroup(id=self.secgroup_id) secgroup = self.nb_api.get(sg_obj) if secgroup: return True return False
def delete_security_group(self, resource, event, trigger, payload=None): sg = payload.latest_state topic = df_utils.get_obj_topic(sg) sg_obj = secgroups.SecurityGroup(id=sg['id'], topic=topic) self.nb_api.delete(sg_obj) LOG.info("DFMechDriver: delete security group %s", sg['id'])
def delete_security_group(self, resource, event, trigger, **kwargs): sg = kwargs['security_group'] topic = df_utils.get_obj_topic(sg) sg_obj = secgroups.SecurityGroup(id=sg['id'], topic=topic) self.nb_api.delete(sg_obj) LOG.info("DFMechDriver: delete security group %s", sg['id'])