205 lines
9.2 KiB
Python
205 lines
9.2 KiB
Python
# Copyright 2014
|
|
# The Cloudscaling Group, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
|
|
import copy
|
|
|
|
import mock
|
|
from neutronclient.common import exceptions as neutron_exception
|
|
|
|
from ec2api.tests import base
|
|
from ec2api.tests import fakes
|
|
from ec2api.tests import matchers
|
|
from ec2api.tests import tools
|
|
|
|
|
|
class SecurityGroupTestCase(base.ApiTestCase):
|
|
|
|
def test_create_security_group(self):
|
|
self.db_api.get_item_by_id.return_value = fakes.DB_VPC_1
|
|
self.db_api.add_item.return_value = fakes.DB_SECURITY_GROUP_1
|
|
self.neutron.create_security_group.return_value = {
|
|
'security_group': fakes.OS_SECURITY_GROUP_1}
|
|
|
|
def check_response(resp, auto_ips=False):
|
|
self.assertEqual(200, resp['status'])
|
|
self.assertEqual(fakes.ID_EC2_SECURITY_GROUP_1, resp['groupId'])
|
|
self.db_api.add_item.assert_called_once_with(
|
|
mock.ANY, 'sg',
|
|
tools.purge_dict(fakes.DB_SECURITY_GROUP_1, ('id',)))
|
|
self.neutron.create_security_group.assert_called_once_with(
|
|
{'security_group':
|
|
{'name': 'groupname',
|
|
'description': 'Group description'}})
|
|
self.neutron.reset_mock()
|
|
self.db_api.reset_mock()
|
|
|
|
resp = self.execute(
|
|
'CreateSecurityGroup',
|
|
{'VpcId': fakes.ID_EC2_VPC_1,
|
|
'GroupName': 'groupname',
|
|
'GroupDescription': 'Group description'})
|
|
check_response(resp)
|
|
|
|
def test_create_security_group_rollback(self):
|
|
self.db_api.get_item_by_id.return_value = fakes.DB_VPC_1
|
|
self.neutron.create_security_group.return_value = {
|
|
'security_group': fakes.OS_SECURITY_GROUP_1}
|
|
self.db_api.add_item.side_effect = Exception()
|
|
resp = self.execute(
|
|
'CreateSecurityGroup',
|
|
{'VpcId': fakes.ID_EC2_VPC_1,
|
|
'GroupName': 'groupname',
|
|
'GroupDescription': 'Group description'})
|
|
self.neutron.delete_security_group.assert_called_once_with(
|
|
fakes.ID_OS_SECURITY_GROUP_1)
|
|
|
|
def test_delete_security_group(self):
|
|
self.db_api.get_item_by_id.return_value = fakes.DB_SECURITY_GROUP_1
|
|
self.db_api.get_items.return_value = []
|
|
resp = self.execute(
|
|
'DeleteSecurityGroup',
|
|
{'GroupId':
|
|
fakes.ID_EC2_SECURITY_GROUP_1})
|
|
self.assertEqual(200, resp['status'])
|
|
self.assertEqual(True, resp['return'])
|
|
self.db_api.get_item_by_id.assert_has_call(
|
|
mock.ANY,
|
|
fakes.ID_EC2_SECURITY_GROUP_1)
|
|
self.db_api.delete_item.assert_called_once_with(
|
|
mock.ANY,
|
|
fakes.ID_EC2_SECURITY_GROUP_1)
|
|
self.neutron.delete_security_group.assert_called_once_with(
|
|
fakes.ID_OS_SECURITY_GROUP_1)
|
|
|
|
def test_delete_security_group_no_security_group(self):
|
|
self.db_api.get_item_by_id.return_value = None
|
|
resp = self.execute(
|
|
'DeleteSecurityGroup',
|
|
{'GroupId':
|
|
fakes.ID_EC2_SECURITY_GROUP_1})
|
|
self.assertEqual(400, resp['status'])
|
|
self.assertEqual('InvalidGroup.NotFound',
|
|
resp['Error']['Code'])
|
|
self.assertEqual(0, self.neutron.delete_port.call_count)
|
|
|
|
def test_delete_security_group_is_in_use(self):
|
|
self.db_api.get_item_by_id.return_value = fakes.DB_SECURITY_GROUP_1
|
|
self.neutron.delete_security_group.side_effect = (
|
|
neutron_exception.Conflict())
|
|
resp = self.execute(
|
|
'DeleteSecurityGroup',
|
|
{'GroupId':
|
|
fakes.ID_EC2_SECURITY_GROUP_1})
|
|
self.assertEqual(400, resp['status'])
|
|
self.assertEqual('DependencyViolation', resp['Error']['Code'])
|
|
self.assertEqual(0, self.db_api.delete_item.call_count)
|
|
|
|
def test_describe_security_groups(self):
|
|
self.db_api.get_items.return_value = [fakes.DB_SECURITY_GROUP_1,
|
|
fakes.DB_SECURITY_GROUP_2]
|
|
self.neutron.list_security_groups.return_value = (
|
|
{'security_groups': [fakes.OS_SECURITY_GROUP_1,
|
|
fakes.OS_SECURITY_GROUP_2]})
|
|
|
|
resp = self.execute('DescribeSecurityGroups', {})
|
|
self.assertEqual(200, resp['status'])
|
|
self.assertThat(resp['securityGroupInfo'],
|
|
matchers.ListMatches(
|
|
[fakes.EC2_SECURITY_GROUP_1,
|
|
fakes.EC2_SECURITY_GROUP_2]))
|
|
|
|
def test_authorize_security_group_ingress_ip_ranges(self):
|
|
self.db_api.get_item_by_id.side_effect = copy.deepcopy(
|
|
fakes.get_db_api_get_item_by_id({
|
|
fakes.ID_EC2_SECURITY_GROUP_1: fakes.DB_SECURITY_GROUP_1,
|
|
fakes.ID_EC2_SECURITY_GROUP_2: fakes.DB_SECURITY_GROUP_2}))
|
|
self.neutron.create_security_group_rule.return_value = (
|
|
{'security_group_rule': [fakes.OS_SECURITY_GROUP_RULE_1]})
|
|
resp = self.execute(
|
|
'AuthorizeSecurityGroupIngress',
|
|
{'GroupId': fakes.ID_EC2_SECURITY_GROUP_2,
|
|
'IpPermissions.1.FromPort': '10',
|
|
'IpPermissions.1.ToPort': '10',
|
|
'IpPermissions.1.IpProtocol': 'tcp',
|
|
'IpPermissions.1.IpRanges.1.CidrIp': '192.168.1.0/24'})
|
|
self.assertEqual(200, resp['status'])
|
|
self.neutron.create_security_group_rule.assert_called_once_with(
|
|
{'security_group_rule':
|
|
tools.purge_dict(fakes.OS_SECURITY_GROUP_RULE_1,
|
|
{'id', 'remote_group_id', 'tenant_id'})})
|
|
|
|
def test_authorize_security_group_egress_groups(self):
|
|
self.db_api.get_item_by_id.side_effect = copy.deepcopy(
|
|
fakes.get_db_api_get_item_by_id({
|
|
fakes.ID_EC2_SECURITY_GROUP_1: fakes.DB_SECURITY_GROUP_1,
|
|
fakes.ID_EC2_SECURITY_GROUP_2: fakes.DB_SECURITY_GROUP_2}))
|
|
self.neutron.create_security_group_rule.return_value = (
|
|
{'security_group_rule': [fakes.OS_SECURITY_GROUP_RULE_1]})
|
|
resp = self.execute(
|
|
'AuthorizeSecurityGroupEgress',
|
|
{'GroupId': fakes.ID_EC2_SECURITY_GROUP_2,
|
|
'IpPermissions.1.FromPort': '10',
|
|
'IpPermissions.1.IpProtocol': '100',
|
|
'IpPermissions.1.Groups.1.GroupId':
|
|
fakes.ID_EC2_SECURITY_GROUP_1})
|
|
self.assertEqual(200, resp['status'])
|
|
self.neutron.create_security_group_rule.assert_called_once_with(
|
|
{'security_group_rule':
|
|
tools.purge_dict(fakes.OS_SECURITY_GROUP_RULE_2,
|
|
{'id', 'remote_ip_prefix', 'tenant_id',
|
|
'port_range_max'})})
|
|
|
|
def test_revoke_security_group_ingress_ip_ranges(self):
|
|
self.db_api.get_item_by_id.side_effect = copy.deepcopy(
|
|
fakes.get_db_api_get_item_by_id({
|
|
fakes.ID_EC2_SECURITY_GROUP_1: fakes.DB_SECURITY_GROUP_1,
|
|
fakes.ID_EC2_SECURITY_GROUP_2: fakes.DB_SECURITY_GROUP_2}))
|
|
self.neutron.show_security_group.return_value = {
|
|
'security_group': fakes.OS_SECURITY_GROUP_2}
|
|
self.neutron.delete_security_group_rule.return_value = True
|
|
resp = self.execute(
|
|
'RevokeSecurityGroupIngress',
|
|
{'GroupId': fakes.ID_EC2_SECURITY_GROUP_2,
|
|
'IpPermissions.1.FromPort': '10',
|
|
'IpPermissions.1.ToPort': '10',
|
|
'IpPermissions.1.IpProtocol': 'tcp',
|
|
'IpPermissions.1.IpRanges.1.CidrIp': '192.168.1.0/24'})
|
|
self.assertEqual(200, resp['status'])
|
|
self.neutron.show_security_group.assert_called_once_with(
|
|
fakes.ID_OS_SECURITY_GROUP_2)
|
|
self.neutron.delete_security_group_rule.assert_called_once_with(
|
|
fakes.OS_SECURITY_GROUP_RULE_1['id'])
|
|
|
|
def test_revoke_security_group_egress_groups(self):
|
|
self.db_api.get_item_by_id.side_effect = copy.deepcopy(
|
|
fakes.get_db_api_get_item_by_id({
|
|
fakes.ID_EC2_SECURITY_GROUP_1: fakes.DB_SECURITY_GROUP_1,
|
|
fakes.ID_EC2_SECURITY_GROUP_2: fakes.DB_SECURITY_GROUP_2}))
|
|
self.neutron.show_security_group.return_value = {
|
|
'security_group': fakes.OS_SECURITY_GROUP_2}
|
|
self.neutron.delete_security_group_rule.return_value = True
|
|
resp = self.execute(
|
|
'RevokeSecurityGroupEgress',
|
|
{'GroupId': fakes.ID_EC2_SECURITY_GROUP_2,
|
|
'IpPermissions.1.FromPort': '10',
|
|
'IpPermissions.1.IpProtocol': '100',
|
|
'IpPermissions.1.Groups.1.GroupId':
|
|
fakes.ID_EC2_SECURITY_GROUP_1})
|
|
self.assertEqual(200, resp['status'])
|
|
self.neutron.show_security_group.assert_called_once_with(
|
|
fakes.ID_OS_SECURITY_GROUP_2)
|
|
self.neutron.delete_security_group_rule.assert_called_once_with(
|
|
fakes.OS_SECURITY_GROUP_RULE_2['id'])
|