openstack
/
ec2-api
Code Issues Proposed changes
ec2-api/ec2api/tests/test_security_group.py

205 lines
9.2 KiB
Python
Raw Blame History

# Copyright 2014
# The Cloudscaling Group, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import copy
import mock
from neutronclient.common import exceptions as neutron_exception
from ec2api.tests import base
from ec2api.tests import fakes
from ec2api.tests import matchers
from ec2api.tests import tools
class SecurityGroupTestCase(base.ApiTestCase):
def test_create_security_group(self):
self.db_api.get_item_by_id.return_value = fakes.DB_VPC_1
self.db_api.add_item.return_value = fakes.DB_SECURITY_GROUP_1
self.neutron.create_security_group.return_value = {
'security_group': fakes.OS_SECURITY_GROUP_1}
def check_response(resp, auto_ips=False):
self.assertEqual(200, resp['status'])
self.assertEqual(fakes.ID_EC2_SECURITY_GROUP_1, resp['groupId'])
self.db_api.add_item.assert_called_once_with(
mock.ANY, 'sg',
tools.purge_dict(fakes.DB_SECURITY_GROUP_1, ('id',)))
self.neutron.create_security_group.assert_called_once_with(
{'security_group':
{'name': 'groupname',
'description': 'Group description'}})
self.neutron.reset_mock()
self.db_api.reset_mock()
resp = self.execute(
'CreateSecurityGroup',
{'VpcId': fakes.ID_EC2_VPC_1,
'GroupName': 'groupname',
'GroupDescription': 'Group description'})
check_response(resp)
def test_create_security_group_rollback(self):
self.db_api.get_item_by_id.return_value = fakes.DB_VPC_1
self.neutron.create_security_group.return_value = {
'security_group': fakes.OS_SECURITY_GROUP_1}
self.db_api.add_item.side_effect = Exception()
resp = self.execute(
'CreateSecurityGroup',
{'VpcId': fakes.ID_EC2_VPC_1,
'GroupName': 'groupname',
'GroupDescription': 'Group description'})
self.neutron.delete_security_group.assert_called_once_with(
fakes.ID_OS_SECURITY_GROUP_1)
def test_delete_security_group(self):
self.db_api.get_item_by_id.return_value = fakes.DB_SECURITY_GROUP_1
self.db_api.get_items.return_value = []
resp = self.execute(
'DeleteSecurityGroup',
{'GroupId':
fakes.ID_EC2_SECURITY_GROUP_1})
self.assertEqual(200, resp['status'])
self.assertEqual(True, resp['return'])
self.db_api.get_item_by_id.assert_has_call(
mock.ANY,
fakes.ID_EC2_SECURITY_GROUP_1)
self.db_api.delete_item.assert_called_once_with(
mock.ANY,
fakes.ID_EC2_SECURITY_GROUP_1)
self.neutron.delete_security_group.assert_called_once_with(
fakes.ID_OS_SECURITY_GROUP_1)
def test_delete_security_group_no_security_group(self):
self.db_api.get_item_by_id.return_value = None
resp = self.execute(
'DeleteSecurityGroup',
{'GroupId':
fakes.ID_EC2_SECURITY_GROUP_1})
self.assertEqual(400, resp['status'])
self.assertEqual('InvalidGroup.NotFound',
resp['Error']['Code'])
self.assertEqual(0, self.neutron.delete_port.call_count)
def test_delete_security_group_is_in_use(self):
self.db_api.get_item_by_id.return_value = fakes.DB_SECURITY_GROUP_1
self.neutron.delete_security_group.side_effect = (
neutron_exception.Conflict())
resp = self.execute(
'DeleteSecurityGroup',
{'GroupId':
fakes.ID_EC2_SECURITY_GROUP_1})
self.assertEqual(400, resp['status'])
self.assertEqual('DependencyViolation', resp['Error']['Code'])
self.assertEqual(0, self.db_api.delete_item.call_count)
def test_describe_security_groups(self):
self.db_api.get_items.return_value = [fakes.DB_SECURITY_GROUP_1,
fakes.DB_SECURITY_GROUP_2]
self.neutron.list_security_groups.return_value = (
{'security_groups': [fakes.OS_SECURITY_GROUP_1,
fakes.OS_SECURITY_GROUP_2]})
resp = self.execute('DescribeSecurityGroups', {})
self.assertEqual(200, resp['status'])
self.assertThat(resp['securityGroupInfo'],
matchers.ListMatches(
[fakes.EC2_SECURITY_GROUP_1,
fakes.EC2_SECURITY_GROUP_2]))
def test_authorize_security_group_ingress_ip_ranges(self):
self.db_api.get_item_by_id.side_effect = copy.deepcopy(
fakes.get_db_api_get_item_by_id({
fakes.ID_EC2_SECURITY_GROUP_1: fakes.DB_SECURITY_GROUP_1,
fakes.ID_EC2_SECURITY_GROUP_2: fakes.DB_SECURITY_GROUP_2}))
self.neutron.create_security_group_rule.return_value = (
{'security_group_rule': [fakes.OS_SECURITY_GROUP_RULE_1]})
resp = self.execute(
'AuthorizeSecurityGroupIngress',
{'GroupId': fakes.ID_EC2_SECURITY_GROUP_2,
'IpPermissions.1.FromPort': '10',
'IpPermissions.1.ToPort': '10',
'IpPermissions.1.IpProtocol': 'tcp',
'IpPermissions.1.IpRanges.1.CidrIp': '192.168.1.0/24'})
self.assertEqual(200, resp['status'])
self.neutron.create_security_group_rule.assert_called_once_with(
{'security_group_rule':
tools.purge_dict(fakes.OS_SECURITY_GROUP_RULE_1,
{'id', 'remote_group_id', 'tenant_id'})})
def test_authorize_security_group_egress_groups(self):
self.db_api.get_item_by_id.side_effect = copy.deepcopy(
fakes.get_db_api_get_item_by_id({
fakes.ID_EC2_SECURITY_GROUP_1: fakes.DB_SECURITY_GROUP_1,
fakes.ID_EC2_SECURITY_GROUP_2: fakes.DB_SECURITY_GROUP_2}))
self.neutron.create_security_group_rule.return_value = (
{'security_group_rule': [fakes.OS_SECURITY_GROUP_RULE_1]})
resp = self.execute(
'AuthorizeSecurityGroupEgress',
{'GroupId': fakes.ID_EC2_SECURITY_GROUP_2,
'IpPermissions.1.FromPort': '10',
'IpPermissions.1.IpProtocol': '100',
'IpPermissions.1.Groups.1.GroupId':
fakes.ID_EC2_SECURITY_GROUP_1})
self.assertEqual(200, resp['status'])
self.neutron.create_security_group_rule.assert_called_once_with(
{'security_group_rule':
tools.purge_dict(fakes.OS_SECURITY_GROUP_RULE_2,
{'id', 'remote_ip_prefix', 'tenant_id',
'port_range_max'})})
def test_revoke_security_group_ingress_ip_ranges(self):
self.db_api.get_item_by_id.side_effect = copy.deepcopy(
fakes.get_db_api_get_item_by_id({
fakes.ID_EC2_SECURITY_GROUP_1: fakes.DB_SECURITY_GROUP_1,
fakes.ID_EC2_SECURITY_GROUP_2: fakes.DB_SECURITY_GROUP_2}))
self.neutron.show_security_group.return_value = {
'security_group': fakes.OS_SECURITY_GROUP_2}
self.neutron.delete_security_group_rule.return_value = True
resp = self.execute(
'RevokeSecurityGroupIngress',
{'GroupId': fakes.ID_EC2_SECURITY_GROUP_2,
'IpPermissions.1.FromPort': '10',
'IpPermissions.1.ToPort': '10',
'IpPermissions.1.IpProtocol': 'tcp',
'IpPermissions.1.IpRanges.1.CidrIp': '192.168.1.0/24'})
self.assertEqual(200, resp['status'])
self.neutron.show_security_group.assert_called_once_with(
fakes.ID_OS_SECURITY_GROUP_2)
self.neutron.delete_security_group_rule.assert_called_once_with(
fakes.OS_SECURITY_GROUP_RULE_1['id'])
def test_revoke_security_group_egress_groups(self):
self.db_api.get_item_by_id.side_effect = copy.deepcopy(
fakes.get_db_api_get_item_by_id({
fakes.ID_EC2_SECURITY_GROUP_1: fakes.DB_SECURITY_GROUP_1,
fakes.ID_EC2_SECURITY_GROUP_2: fakes.DB_SECURITY_GROUP_2}))
self.neutron.show_security_group.return_value = {
'security_group': fakes.OS_SECURITY_GROUP_2}
self.neutron.delete_security_group_rule.return_value = True
resp = self.execute(
'RevokeSecurityGroupEgress',
{'GroupId': fakes.ID_EC2_SECURITY_GROUP_2,
'IpPermissions.1.FromPort': '10',
'IpPermissions.1.IpProtocol': '100',
'IpPermissions.1.Groups.1.GroupId':
fakes.ID_EC2_SECURITY_GROUP_1})
self.assertEqual(200, resp['status'])
self.neutron.show_security_group.assert_called_once_with(
fakes.ID_OS_SECURITY_GROUP_2)
self.neutron.delete_security_group_rule.assert_called_once_with(
fakes.OS_SECURITY_GROUP_RULE_2['id'])
View Git Blame Copy Permalink