def test_env_caps_off_sg_async_update(self):
"""This test ensures that envcaps off works as designed."""
env_set = [
env.Capabilities.SECURITY_GROUPS,
env.Capabilities.TENANT_NETWORK_SG,
env.Capabilities.EGRESS,
]
override = ','.join(env_set)
old_override = cfg.CONF.QUARK.environment_capabilities
cfg.CONF.set_override("environment_capabilities", override, "QUARK")
cidr = "192.168.1.0/24"
network = dict(id='1',
name="public",
tenant_id="make",
network_plugin="BASE",
ipam_strategy="ANY")
network = {"network": network}
subnet_v4 = dict(id='1', ip_version=4, cidr=cidr, tenant_id="fake")
subnet_v4_info = {"subnet": subnet_v4}
try:
with self._stubs(network, subnet_v4_info) as (net, sub_v4, update):
port1 = port_api.create_port(self.context,
self._make_body(net))
self.assertIsNotNone(port1)
sg_body = dict(tenant_id="derp",
name="test sg",
description="none")
sg_body = dict(security_group=sg_body)
sg = sg_api.create_security_group(self.context, sg_body)
self.assertIsNotNone(sg)
sgid = sg['id']
self.assertIsNotNone(sgid)
port_body = {'security_groups': [sgid]}
port_body = dict(port=port_body)
port1 = port_api.update_port(self.context, port1['id'],
port_body)
self.assertIsNotNone(port1)
sgr_body = {
'protocol': 'tcp',
'security_group_id': sgid,
'tenant_id': "derp",
'direction': 'ingress'
}
sgr_body = dict(security_group_rule=sgr_body)
sgr = sg_api.create_security_group_rule(self.context, sgr_body)
self.assertIsNotNone(sgr)
self.assertFalse(update.called)
finally:
cfg.CONF.set_override("environment_capabilities", old_override,
"QUARK")
def test_env_caps_on_sg_async_update(self):
"""This test ensures that envcaps on works as designed."""
env_set = [
env.Capabilities.SECURITY_GROUPS,
env.Capabilities.TENANT_NETWORK_SG,
env.Capabilities.EGRESS,
env.Capabilities.SG_UPDATE_ASYNC
]
override = ','.join(env_set)
old_override = cfg.CONF.QUARK.environment_capabilities
cfg.CONF.set_override("environment_capabilities",
override,
"QUARK")
cidr = "192.168.1.0/24"
network = dict(id='1', name="public", tenant_id="make",
network_plugin="BASE",
ipam_strategy="ANY")
network = {"network": network}
subnet_v4 = dict(id='1', ip_version=4, cidr=cidr,
tenant_id="fake")
subnet_v4_info = {"subnet": subnet_v4}
try:
with self._stubs(network, subnet_v4_info) as (net, sub_v4, update):
port1 = port_api.create_port(
self.context, self._make_body(net))
self.assertIsNotNone(port1)
sg_body = dict(tenant_id="derp", name="test sg",
description="none")
sg_body = dict(security_group=sg_body)
sg = sg_api.create_security_group(self.context, sg_body)
self.assertIsNotNone(sg)
sgid = sg['id']
self.assertIsNotNone(sgid)
port_body = {'security_groups': [sgid]}
port_body = dict(port=port_body)
port1 = port_api.update_port(self.context, port1['id'],
port_body)
sgr_body = {'protocol': 'tcp', 'security_group_id': sgid,
'tenant_id': "derp",
'direction': 'ingress'}
sgr_body = dict(security_group_rule=sgr_body)
sgr = sg_api.create_security_group_rule(self.context, sgr_body)
self.assertIsNotNone(sgr)
self.assertTrue(update.called)
finally:
cfg.CONF.set_override("environment_capabilities",
old_override,
"QUARK")
def test_gather_sg_ports(self):
"""Checking if gather ports works as designed. """
cidr = "192.168.1.0/24"
network = dict(id='1',
name="public",
tenant_id="make",
network_plugin="BASE",
ipam_strategy="ANY")
network = {"network": network}
subnet_v4 = dict(id='1', ip_version=4, cidr=cidr, tenant_id="fake")
subnet_v4_info = {"subnet": subnet_v4}
with self._stubs(network, subnet_v4_info) as (net, sub_v4, update):
port1 = port_api.create_port(self.context, self._make_body(net))
self.assertIsNotNone(port1)
port2 = port_api.create_port(self.context, self._make_body(net))
self.assertIsNotNone(port2)
sg_body = dict(tenant_id="derp",
name="test sg",
description="none")
sg_body = dict(security_group=sg_body)
sg = sg_api.create_security_group(self.context, sg_body)
self.assertIsNotNone(sg)
sgid = sg['id']
self.assertIsNotNone(sgid)
assoc_ports = self._get_assoc_ports(sgid)
self.assertEqual(0, len(assoc_ports))
port_body = {'security_groups': [sgid]}
port_body = dict(port=port_body)
port1 = port_api.update_port(self.context, port1['id'], port_body)
self.assertIsNotNone(port1)
assoc_ports = self._get_assoc_ports(sgid)
self.assertEqual(1, len(assoc_ports))
# NOTE: this is duplicated because update_port modifies the params
port_body = {'security_groups': [sgid]}
port_body = dict(port=port_body)
port2 = port_api.update_port(self.context, port2['id'], port_body)
self.assertIsNotNone(port2)
assoc_ports = self._get_assoc_ports(sgid)
self.assertEqual(2, len(assoc_ports))
def test_gather_sg_ports(self):
"""Checking if gather ports works as designed. """
cidr = "192.168.1.0/24"
network = dict(id='1', name="public", tenant_id="make",
network_plugin="BASE",
ipam_strategy="ANY")
network = {"network": network}
subnet_v4 = dict(id='1', ip_version=4, cidr=cidr,
tenant_id="fake")
subnet_v4_info = {"subnet": subnet_v4}
with self._stubs(network, subnet_v4_info) as (net, sub_v4, update):
port1 = port_api.create_port(self.context, self._make_body(net))
self.assertIsNotNone(port1)
port2 = port_api.create_port(self.context, self._make_body(net))
self.assertIsNotNone(port2)
sg_body = dict(tenant_id="derp", name="test sg",
description="none")
sg_body = dict(security_group=sg_body)
sg = sg_api.create_security_group(self.context, sg_body)
self.assertIsNotNone(sg)
sgid = sg['id']
self.assertIsNotNone(sgid)
assoc_ports = self._get_assoc_ports(sgid)
self.assertEqual(0, len(assoc_ports))
port_body = {'security_groups': [sgid]}
port_body = dict(port=port_body)
port1 = port_api.update_port(self.context, port1['id'], port_body)
self.assertIsNotNone(port1)
assoc_ports = self._get_assoc_ports(sgid)
self.assertEqual(1, len(assoc_ports))
# NOTE: this is duplicated because update_port modifies the params
port_body = {'security_groups': [sgid]}
port_body = dict(port=port_body)
port2 = port_api.update_port(self.context, port2['id'], port_body)
self.assertIsNotNone(port2)
assoc_ports = self._get_assoc_ports(sgid)
self.assertEqual(2, len(assoc_ports))
def create_security_group(self, context, security_group):
self._fix_missing_tenant_id(context, security_group["security_group"])
return security_groups.create_security_group(context, security_group)
def create_security_group(self, context, security_group, net_driver):
return security_groups.create_security_group(context, security_group,
net_driver)
def create_security_group(self, context, security_group):
self._fix_missing_tenant_id(context, security_group["security_group"])
return security_groups.create_security_group(context, security_group)
def create_security_group(self, context, security_group):
return security_groups.create_security_group(context, security_group)
def create_security_group(self, context, security_group):
return security_groups.create_security_group(context, security_group)
