def _get_another_security_group(self, is_ipv6=False): fake_security_group = secgroups.SecurityGroup( name="fake_security_group", topic="fake_tenant1", version=5, unique_key=2, id="fake_security_group_id2", rules=[ secgroups.SecurityGroupRule( direction="egress", security_group_id="fake_security_group_id2", ethertype=self._get_ether_type(is_ipv6), topic="fake_tenant1", protocol="tcp", port_range_max=None, port_range_min=None, remote_group_id=None, remote_ip_prefix=self._get_ip_prefix(is_ipv6), id="fake_security_group_rule_5"), secgroups.SecurityGroupRule( direction="ingress", security_group_id="fake_security_group_id2", ethertype=self._get_ether_type(is_ipv6), topic="fake_tenant1", port_range_max=None, port_range_min=None, protocol=None, remote_group_id="fake_security_group_id2", remote_ip_prefix=None, id="fake_security_group_rule_6") ]) return fake_security_group
def test_add_del_security_group_rule(self): # create another fake security group security_group = self._get_another_security_group() security_group_version = security_group.version self.controller.update(security_group) # add local port fake_local_lport = self._get_another_local_lport() fake_local_lport.security_groups = ['fake_security_group_id2'] self.controller.update(fake_local_lport) self.mock_mod_flow.reset_mock() self.mock_execute.reset_mock() # add a security group rule security_group = self._get_another_security_group() security_group.rules.append( secgroups.SecurityGroupRule( direction="egress", security_group_id="fake_security_group_id2", ethertype=n_const.IPv4, topic="fake_tenant1", protocol='udp', port_range_max=None, port_range_min=None, remote_group_id=None, remote_ip_prefix=None, id="fake_security_group_rule_7")) security_group_version += 1 security_group.version = security_group_version self.controller.update(security_group) # add flows: # 1. a egress rule flow in egress secgroup table self.assertEqual(1, self._get_call_count_of_add_flow()) self.mock_mod_flow.reset_mock() # remove a security group rule security_group = self._get_another_security_group() security_group_version += 1 security_group.version = security_group_version self.controller.update(security_group) # remove flows: # 1. a egress rule flow in egress secgroup table self.assertEqual(1, self._get_call_count_of_del_flow()) self.mock_mod_flow.reset_mock() expected_conntrack_cmd1 = self._get_expected_conntrack_cmd( ethertype=n_const.IPv4, protocol='udp', nw_src='10.0.0.10', nw_dst=None, zone=1) self.mock_execute.assert_has_calls([expected_conntrack_cmd1], any_order=True) self.mock_execute.reset_mock() # remove local ports self.controller.delete(fake_local_lport) self.mock_mod_flow.reset_mock() # delete fake security group self.controller.delete(security_group)
def security_group_rule_from_neutron_obj(secrule): kwargs = copy.copy(secrule) kwargs.pop('tenant_id', None) kwargs.pop('updated_at', None) kwargs.pop('created_at', None) kwargs.pop('description', None) topic = kwargs.pop('project_id', None) if topic is not None: kwargs['topic'] = topic version = kwargs.pop('revision_number', None) if version is not None: kwargs['version'] = version return secgroups.SecurityGroupRule(**kwargs)
lrouter='fake_router_id', ) fake_security_group = secgroups.SecurityGroup( name="fake_security_group", topic="fake_tenant1", version=5, unique_key=1, id="fake_security_group_id1", rules=[ secgroups.SecurityGroupRule( direction="egress", security_group_id="fake_security_group_id1", ethertype=n_const.IPv4, topic="fake_tenant1", port_range_max=53, port_range_min=53, protocol=n_const.PROTO_NUM_UDP, remote_group_id=None, remote_ip_prefix="192.168.180.0/28", id="fake_security_group_rule_1"), secgroups.SecurityGroupRule( direction="ingress", security_group_id="fake_security_group_id1", ethertype="IPv4", topic="fake_tenant1", port_range_max=None, port_range_min=None, protocol=None, remote_group_id="fake_security_group_id1", remote_ip_prefix=None,