openstack
/
nova
Code Issues Proposed changes

Add unit tests for nova.virt.firewall.IpTablesFirewallDriver (Part 1) 

There are no unit tests for the base IptablesFirewallDriver.
This patch contains a start of those unit tests.
(This is the first part of the abandoned commit
Ie5372b060da1621927a638af915e15f29e885a4c )

Co-Authored-By:
Jay Pipes <jaypipes@gmail.com>
(cherry picked from commit Ia9ef5ead95508cfb27b53b9899a9cfe97d150662)

Chen Li <shchenli@cn.ibm.com>
(Cherry picked from commit Ie2827051e1795c717f8a7762b932a49d182891cd

Change-Id: I993b27479e893e3fe8c459da0da96a310c6278ae
Partial-bug: #1295889
This commit is contained in:
Julian Sy 2016-05-23 20:50:04 +00:00
parent 53224cc383
commit 76f80babb7
1 changed files with 87 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
nova/tests/unit/virt/test_firewall.py Normal file
View File

@ -0,0 +1,87 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import mock
from nova import objects
from nova import test
from nova.virt import firewall
_IPT_DRIVER_CLS = firewall.IptablesFirewallDriver
class TestIptablesFirewallDriver(test.NoDBTestCase):
def setUp(self):
super(TestIptablesFirewallDriver, self).setUp()
self.driver = _IPT_DRIVER_CLS()
@mock.patch('nova.network.linux_net.iptables_manager')
def test_constructor(self, iptm_mock):
self.driver.__init__()
self.assertEqual({}, self.driver.instance_info)
self.assertEqual(False, self.driver.dhcp_create)
self.assertEqual(False, self.driver.dhcp_created)
self.assertEqual(iptm_mock, self.driver.iptables)
# NOTE(jaypipes): Here we are not testing the IptablesManager
# constructor. We are only testing the calls made against the
# IptablesManager singleton during initialization of the
# IptablesFirewallDriver.
expected = [
mock.call.add_chain('sg-fallback'),
mock.call.add_rule('sg-fallback', '-j DROP'),
]
iptm_mock.ipv4.__getitem__.return_value \
.assert_has_calls(expected)
iptm_mock.ipv6.__getitem__.return_value \
.assert_has_calls(expected)
def test_filter_defer_apply_on(self):
with mock.patch.object(self.driver.iptables,
'defer_apply_on') as dao_mock:
self.driver.filter_defer_apply_on()
dao_mock.assert_called_once_with()
def test_filter_defer_apply_off(self):
with mock.patch.object(self.driver.iptables,
'defer_apply_off') as dao_mock:
self.driver.filter_defer_apply_off()
dao_mock.assert_called_once_with()
@mock.patch.object(_IPT_DRIVER_CLS, 'remove_filters_for_instance')
def test_unfilter_instance_valid(self, rfii_mock):
with mock.patch.object(self.driver, 'instance_info') as ii_mock, \
mock.patch.object(self.driver, 'iptables') as ipt_mock:
fake_instance = objects.Instance(id=123)
ii_mock.pop.return_value = True
self.driver.unfilter_instance(fake_instance, 'fakenetinfo')
ii_mock.pop.assert_called_once_with(fake_instance.id, None)
rfii_mock.assert_called_once_with(fake_instance)
ipt_mock.apply.assert_called_once_with()
@mock.patch.object(_IPT_DRIVER_CLS, 'remove_filters_for_instance')
def test_unfilter_instance_invalid(self, rfii_mock):
with mock.patch.object(self.driver, 'instance_info') as ii_mock, \
mock.patch.object(self.driver, 'iptables') as ipt_mock:
fake_instance = objects.Instance(id=123)
ii_mock.pop.return_value = False
self.driver.unfilter_instance(fake_instance, 'fakenetinfo')
ii_mock.pop.assert_called_once_with(fake_instance.id, None)
self.assertFalse(rfii_mock.called)
self.assertFalse(ipt_mock.apply.called)