1719 lines
61 KiB
Python
1719 lines
61 KiB
Python
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||
|
# not use this file except in compliance with the License. You may obtain
|
||
|
# a copy of the License at
|
||
|
#
|
||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||
|
#
|
||
|
# Unless required by applicable law or agreed to in writing, software
|
||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||
|
# License for the specific language governing permissions and limitations
|
||
|
# under the License.
|
||
|
|
||
|
from copy import deepcopy
|
||
|
from unittest import mock
|
||
|
|
||
|
from openstack import exceptions
|
||
|
from openstack.network.v2.firewall_group import FirewallGroup
|
||
|
from openstack.network.v2.firewall_policy import FirewallPolicy
|
||
|
from openstack.network.v2.firewall_rule import FirewallRule
|
||
|
from openstack.tests.unit import base
|
||
|
|
||
|
|
||
|
class FirewallTestCase(base.TestCase):
|
||
|
def _make_mock_url(self, *args, **params):
|
||
|
params_list = ['='.join([k, v]) for k, v in params.items()]
|
||
|
return self.get_mock_url(
|
||
|
'network',
|
||
|
'public',
|
||
|
append=['v2.0', 'fwaas'] + list(args),
|
||
|
qs_elements=params_list or None,
|
||
|
)
|
||
|
|
||
|
|
||
|
class TestFirewallRule(FirewallTestCase):
|
||
|
firewall_rule_name = 'deny_ssh'
|
||
|
firewall_rule_id = 'd525a9b2-ab28-493d-b988-b824c8c033b1'
|
||
|
_mock_firewall_rule_attrs = {
|
||
|
'action': 'deny',
|
||
|
'description': 'Deny SSH access',
|
||
|
'destination_ip_address': None,
|
||
|
'destination_port': 22,
|
||
|
'enabled': True,
|
||
|
'id': firewall_rule_id,
|
||
|
'ip_version': 4,
|
||
|
'name': firewall_rule_name,
|
||
|
'project_id': 'ef44f1efcb9548d9a441cdc252a979a6',
|
||
|
'protocol': 'tcp',
|
||
|
'shared': False,
|
||
|
'source_ip_address': None,
|
||
|
'source_port': None,
|
||
|
}
|
||
|
mock_firewall_rule = None
|
||
|
|
||
|
def setUp(self, cloud_config_fixture='clouds.yaml'):
|
||
|
super(TestFirewallRule, self).setUp()
|
||
|
self.mock_firewall_rule = FirewallRule(
|
||
|
connection=self.cloud, **self._mock_firewall_rule_attrs
|
||
|
).to_dict()
|
||
|
|
||
|
def test_create_firewall_rule(self):
|
||
|
# attributes that are passed to the tested function
|
||
|
passed_attrs = self._mock_firewall_rule_attrs.copy()
|
||
|
del passed_attrs['id']
|
||
|
|
||
|
self.register_uris(
|
||
|
[
|
||
|
# no validate due to added location key
|
||
|
dict(
|
||
|
method='POST',
|
||
|
uri=self._make_mock_url('firewall_rules'),
|
||
|
json={'firewall_rule': self.mock_firewall_rule.copy()},
|
||
|
)
|
||
|
]
|
||
|
)
|
||
|
r = self.cloud.create_firewall_rule(**passed_attrs)
|
||
|
self.assertDictEqual(self.mock_firewall_rule, r.to_dict())
|
||
|
self.assert_calls()
|
||
|
|
||
|
def test_create_firewall_rule_bad_protocol(self):
|
||
|
bad_rule = self._mock_firewall_rule_attrs.copy()
|
||
|
del bad_rule['id'] # id not allowed
|
||
|
bad_rule['ip_version'] = 5
|
||
|
self.register_uris(
|
||
|
[
|
||
|
# no validate due to added location key
|
||
|
dict(
|
||
|
method='POST',
|
||
|
uri=self._make_mock_url('firewall_rules'),
|
||
|
status_code=400,
|
||
|
json={},
|
||
|
)
|
||
|
]
|
||
|
)
|
||
|
self.assertRaises(
|
||
|
exceptions.BadRequestException,
|
||
|
self.cloud.create_firewall_rule,
|
||
|
**bad_rule
|
||
|
)
|
||
|
self.assert_calls()
|
||
|
|
||
|
def test_delete_firewall_rule(self):
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET', # short-circuit
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_rules', self.firewall_rule_name
|
||
|
),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_rules', name=self.firewall_rule_name
|
||
|
),
|
||
|
json={'firewall_rules': [self.mock_firewall_rule]},
|
||
|
),
|
||
|
dict(
|
||
|
method='DELETE',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_rules', self.firewall_rule_id
|
||
|
),
|
||
|
json={},
|
||
|
status_code=204,
|
||
|
),
|
||
|
]
|
||
|
)
|
||
|
self.assertTrue(
|
||
|
self.cloud.delete_firewall_rule(self.firewall_rule_name)
|
||
|
)
|
||
|
self.assert_calls()
|
||
|
|
||
|
def test_delete_firewall_rule_filters(self):
|
||
|
filters = {'project_id': self.mock_firewall_rule['project_id']}
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET', # short-circuit
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_rules', self.firewall_rule_name, **filters
|
||
|
),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_rules',
|
||
|
name=self.firewall_rule_name,
|
||
|
**filters
|
||
|
),
|
||
|
json={'firewall_rules': [self.mock_firewall_rule]},
|
||
|
),
|
||
|
dict(
|
||
|
method='DELETE',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_rules', self.firewall_rule_id
|
||
|
),
|
||
|
json={},
|
||
|
status_code=204,
|
||
|
),
|
||
|
]
|
||
|
)
|
||
|
self.assertTrue(
|
||
|
self.cloud.delete_firewall_rule(self.firewall_rule_name, filters)
|
||
|
)
|
||
|
self.assert_calls()
|
||
|
|
||
|
def test_delete_firewall_rule_not_found(self):
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET', # short-circuit
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_rules', self.firewall_rule_name
|
||
|
),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url('firewall_rules'),
|
||
|
json={'firewall_rules': []},
|
||
|
),
|
||
|
]
|
||
|
)
|
||
|
|
||
|
with mock.patch.object(
|
||
|
self.cloud.network, 'delete_firewall_rule'
|
||
|
), mock.patch.object(self.cloud.log, 'debug'):
|
||
|
self.assertFalse(
|
||
|
self.cloud.delete_firewall_rule(self.firewall_rule_name)
|
||
|
)
|
||
|
|
||
|
self.cloud.network.delete_firewall_rule.assert_not_called()
|
||
|
self.cloud.log.debug.assert_called_once()
|
||
|
|
||
|
def test_delete_firewall_multiple_matches(self):
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET', # short-circuit
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_rules', self.firewall_rule_name
|
||
|
),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_rules', name=self.firewall_rule_name
|
||
|
),
|
||
|
json={
|
||
|
'firewall_rules': [
|
||
|
self.mock_firewall_rule,
|
||
|
self.mock_firewall_rule,
|
||
|
]
|
||
|
},
|
||
|
),
|
||
|
]
|
||
|
)
|
||
|
self.assertRaises(
|
||
|
exceptions.DuplicateResource,
|
||
|
self.cloud.delete_firewall_rule,
|
||
|
self.firewall_rule_name,
|
||
|
)
|
||
|
self.assert_calls()
|
||
|
|
||
|
def test_get_firewall_rule(self):
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET', # short-circuit
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_rules', self.firewall_rule_name
|
||
|
),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_rules', name=self.firewall_rule_name
|
||
|
),
|
||
|
json={'firewall_rules': [self.mock_firewall_rule]},
|
||
|
),
|
||
|
]
|
||
|
)
|
||
|
r = self.cloud.get_firewall_rule(self.firewall_rule_name)
|
||
|
self.assertDictEqual(self.mock_firewall_rule, r)
|
||
|
self.assert_calls()
|
||
|
|
||
|
def test_get_firewall_rule_not_found(self):
|
||
|
name = 'not_found'
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET', # short-circuit
|
||
|
uri=self._make_mock_url('firewall_rules', name),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url('firewall_rules', name=name),
|
||
|
json={'firewall_rules': []},
|
||
|
),
|
||
|
]
|
||
|
)
|
||
|
self.assertIsNone(self.cloud.get_firewall_rule(name))
|
||
|
self.assert_calls()
|
||
|
|
||
|
def test_list_firewall_rules(self):
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url('firewall_rules'),
|
||
|
json={'firewall_rules': [self.mock_firewall_rule]},
|
||
|
)
|
||
|
]
|
||
|
)
|
||
|
self.assertDictEqual(
|
||
|
self.mock_firewall_rule, self.cloud.list_firewall_rules()[0]
|
||
|
)
|
||
|
self.assert_calls()
|
||
|
|
||
|
def test_update_firewall_rule(self):
|
||
|
params = {'description': 'UpdatedDescription'}
|
||
|
updated = self.mock_firewall_rule.copy()
|
||
|
updated.update(params)
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET', # short-circuit
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_rules', self.firewall_rule_name
|
||
|
),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_rules', name=self.firewall_rule_name
|
||
|
),
|
||
|
json={'firewall_rules': [self.mock_firewall_rule]},
|
||
|
),
|
||
|
dict(
|
||
|
method='PUT',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_rules', self.firewall_rule_id
|
||
|
),
|
||
|
json={'firewall_rule': updated},
|
||
|
validate=dict(json={'firewall_rule': params}),
|
||
|
),
|
||
|
]
|
||
|
)
|
||
|
self.assertDictEqual(
|
||
|
updated,
|
||
|
self.cloud.update_firewall_rule(self.firewall_rule_name, **params),
|
||
|
)
|
||
|
self.assert_calls()
|
||
|
|
||
|
def test_update_firewall_rule_filters(self):
|
||
|
params = {'description': 'Updated!'}
|
||
|
filters = {'project_id': self.mock_firewall_rule['project_id']}
|
||
|
updated = self.mock_firewall_rule.copy()
|
||
|
updated.update(params)
|
||
|
updated_dict = self._mock_firewall_rule_attrs.copy()
|
||
|
updated_dict.update(params)
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_rules', self.firewall_rule_name, **filters
|
||
|
),
|
||
|
json={'firewall_rule': self._mock_firewall_rule_attrs},
|
||
|
),
|
||
|
dict(
|
||
|
method='PUT',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_rules', self.firewall_rule_id
|
||
|
),
|
||
|
json={'firewall_rule': updated_dict},
|
||
|
validate={
|
||
|
'json': {'firewall_rule': params},
|
||
|
},
|
||
|
),
|
||
|
]
|
||
|
)
|
||
|
updated_rule = self.cloud.update_firewall_rule(
|
||
|
self.firewall_rule_name, filters, **params
|
||
|
)
|
||
|
self.assertDictEqual(updated, updated_rule)
|
||
|
self.assert_calls()
|
||
|
|
||
|
|
||
|
class TestFirewallPolicy(FirewallTestCase):
|
||
|
firewall_policy_id = '78d05d20-d406-41ec-819d-06b65c2684e4'
|
||
|
firewall_policy_name = 'block_popular_services'
|
||
|
_mock_firewall_policy_attrs = {
|
||
|
'audited': True,
|
||
|
'description': 'block ports of well-known services',
|
||
|
'firewall_rules': ['deny_ssh'],
|
||
|
'id': firewall_policy_id,
|
||
|
'name': firewall_policy_name,
|
||
|
'project_id': 'b64238cb-a25d-41af-9ee1-42deb4587d20',
|
||
|
'shared': False,
|
||
|
}
|
||
|
mock_firewall_policy = None
|
||
|
|
||
|
def setUp(self, cloud_config_fixture='clouds.yaml'):
|
||
|
super(TestFirewallPolicy, self).setUp()
|
||
|
self.mock_firewall_policy = FirewallPolicy(
|
||
|
connection=self.cloud, **self._mock_firewall_policy_attrs
|
||
|
).to_dict()
|
||
|
|
||
|
def test_create_firewall_policy(self):
|
||
|
# attributes that are passed to the tested method
|
||
|
passed_attrs = deepcopy(self._mock_firewall_policy_attrs)
|
||
|
del passed_attrs['id']
|
||
|
|
||
|
# policy that is returned by the POST request
|
||
|
created_attrs = deepcopy(self._mock_firewall_policy_attrs)
|
||
|
created_attrs['firewall_rules'][0] = TestFirewallRule.firewall_rule_id
|
||
|
created_policy = FirewallPolicy(connection=self.cloud, **created_attrs)
|
||
|
|
||
|
# attributes used to validate the request inside register_uris()
|
||
|
validate_attrs = deepcopy(created_attrs)
|
||
|
del validate_attrs['id']
|
||
|
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET', # short-circuit
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_rules', TestFirewallRule.firewall_rule_name
|
||
|
),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_rules',
|
||
|
name=TestFirewallRule.firewall_rule_name,
|
||
|
),
|
||
|
json={
|
||
|
'firewall_rules': [
|
||
|
TestFirewallRule._mock_firewall_rule_attrs
|
||
|
]
|
||
|
},
|
||
|
),
|
||
|
dict(
|
||
|
method='POST',
|
||
|
uri=self._make_mock_url('firewall_policies'),
|
||
|
json={'firewall_policy': created_attrs},
|
||
|
validate=dict(json={'firewall_policy': validate_attrs}),
|
||
|
),
|
||
|
]
|
||
|
)
|
||
|
res = self.cloud.create_firewall_policy(**passed_attrs)
|
||
|
self.assertDictEqual(created_policy, res.to_dict())
|
||
|
self.assert_calls()
|
||
|
|
||
|
def test_create_firewall_policy_rule_not_found(self):
|
||
|
posted_policy = deepcopy(self._mock_firewall_policy_attrs)
|
||
|
del posted_policy['id']
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET', # short-circuit
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_rules', posted_policy['firewall_rules'][0]
|
||
|
),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_rules',
|
||
|
name=posted_policy['firewall_rules'][0],
|
||
|
),
|
||
|
json={'firewall_rules': []},
|
||
|
),
|
||
|
]
|
||
|
)
|
||
|
|
||
|
with mock.patch.object(self.cloud.network, 'create_firewall_policy'):
|
||
|
self.assertRaises(
|
||
|
exceptions.ResourceNotFound,
|
||
|
self.cloud.create_firewall_policy,
|
||
|
**posted_policy
|
||
|
)
|
||
|
self.cloud.network.create_firewall_policy.assert_not_called()
|
||
|
self.assert_calls()
|
||
|
|
||
|
def test_delete_firewall_policy(self):
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET', # short-circuit
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies', self.firewall_policy_name
|
||
|
),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies', name=self.firewall_policy_name
|
||
|
),
|
||
|
json={'firewall_policies': [self.mock_firewall_policy]},
|
||
|
),
|
||
|
dict(
|
||
|
method='DELETE',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies', self.firewall_policy_id
|
||
|
),
|
||
|
json={},
|
||
|
status_code=204,
|
||
|
),
|
||
|
]
|
||
|
)
|
||
|
|
||
|
with mock.patch.object(self.cloud.log, 'debug'):
|
||
|
self.assertTrue(
|
||
|
self.cloud.delete_firewall_policy(self.firewall_policy_name)
|
||
|
)
|
||
|
self.assert_calls()
|
||
|
self.cloud.log.debug.assert_not_called()
|
||
|
|
||
|
def test_delete_firewall_policy_filters(self):
|
||
|
filters = {'project_id': self.mock_firewall_policy['project_id']}
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='DELETE',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies', self.firewall_policy_id
|
||
|
),
|
||
|
json={},
|
||
|
status_code=204,
|
||
|
)
|
||
|
]
|
||
|
)
|
||
|
|
||
|
with mock.patch.object(
|
||
|
self.cloud.network,
|
||
|
'find_firewall_policy',
|
||
|
return_value=self.mock_firewall_policy,
|
||
|
), mock.patch.object(self.cloud.log, 'debug'):
|
||
|
self.assertTrue(
|
||
|
self.cloud.delete_firewall_policy(
|
||
|
self.firewall_policy_name, filters
|
||
|
)
|
||
|
)
|
||
|
self.assert_calls()
|
||
|
self.cloud.network.find_firewall_policy.assert_called_once_with(
|
||
|
self.firewall_policy_name, ignore_missing=False, **filters
|
||
|
)
|
||
|
self.cloud.log.debug.assert_not_called()
|
||
|
|
||
|
def test_delete_firewall_policy_not_found(self):
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET', # short-circuit
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies', self.firewall_policy_name
|
||
|
),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies', name=self.firewall_policy_name
|
||
|
),
|
||
|
json={'firewall_policies': []},
|
||
|
),
|
||
|
]
|
||
|
)
|
||
|
|
||
|
with mock.patch.object(self.cloud.log, 'debug'):
|
||
|
self.assertFalse(
|
||
|
self.cloud.delete_firewall_policy(self.firewall_policy_name)
|
||
|
)
|
||
|
self.assert_calls()
|
||
|
self.cloud.log.debug.assert_called_once()
|
||
|
|
||
|
def test_get_firewall_policy(self):
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET', # short-circuit
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies', self.firewall_policy_name
|
||
|
),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies', name=self.firewall_policy_name
|
||
|
),
|
||
|
json={'firewall_policies': [self.mock_firewall_policy]},
|
||
|
),
|
||
|
]
|
||
|
)
|
||
|
self.assertDictEqual(
|
||
|
self.mock_firewall_policy,
|
||
|
self.cloud.get_firewall_policy(self.firewall_policy_name),
|
||
|
)
|
||
|
self.assert_calls()
|
||
|
|
||
|
def test_get_firewall_policy_not_found(self):
|
||
|
name = 'not_found'
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET', # short-circuit
|
||
|
uri=self._make_mock_url('firewall_policies', name),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url('firewall_policies', name=name),
|
||
|
json={'firewall_policies': []},
|
||
|
),
|
||
|
]
|
||
|
)
|
||
|
self.assertIsNone(self.cloud.get_firewall_policy(name))
|
||
|
self.assert_calls()
|
||
|
|
||
|
def test_list_firewall_policies(self):
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url('firewall_policies'),
|
||
|
json={
|
||
|
'firewall_policies': [
|
||
|
self.mock_firewall_policy.copy(),
|
||
|
self.mock_firewall_policy.copy(),
|
||
|
]
|
||
|
},
|
||
|
)
|
||
|
]
|
||
|
)
|
||
|
policy = FirewallPolicy(
|
||
|
connection=self.cloud, **self.mock_firewall_policy
|
||
|
)
|
||
|
self.assertListEqual(
|
||
|
self.cloud.list_firewall_policies(), [policy, policy]
|
||
|
)
|
||
|
self.assert_calls()
|
||
|
|
||
|
def test_list_firewall_policies_filters(self):
|
||
|
filters = {'project_id': self.mock_firewall_policy['project_id']}
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url('firewall_policies', **filters),
|
||
|
json={'firewall_policies': [self.mock_firewall_policy]},
|
||
|
)
|
||
|
]
|
||
|
)
|
||
|
self.assertListEqual(
|
||
|
self.cloud.list_firewall_policies(filters),
|
||
|
[
|
||
|
FirewallPolicy(
|
||
|
connection=self.cloud, **self.mock_firewall_policy
|
||
|
)
|
||
|
],
|
||
|
)
|
||
|
self.assert_calls()
|
||
|
|
||
|
def test_update_firewall_policy(self):
|
||
|
lookup_rule = FirewallRule(
|
||
|
connection=self.cloud, **TestFirewallRule._mock_firewall_rule_attrs
|
||
|
).to_dict()
|
||
|
params = {
|
||
|
'firewall_rules': [lookup_rule['id']],
|
||
|
'description': 'updated!',
|
||
|
}
|
||
|
retrieved_policy = deepcopy(self.mock_firewall_policy)
|
||
|
del retrieved_policy['firewall_rules'][0]
|
||
|
updated_policy = deepcopy(self.mock_firewall_policy)
|
||
|
updated_policy.update(params)
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET', # short-circuit
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies', self.firewall_policy_name
|
||
|
),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies', name=self.firewall_policy_name
|
||
|
),
|
||
|
json={'firewall_policies': [retrieved_policy]},
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_rules', lookup_rule['id']
|
||
|
),
|
||
|
json={'firewall_rule': lookup_rule},
|
||
|
),
|
||
|
dict(
|
||
|
method='PUT',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies', self.firewall_policy_id
|
||
|
),
|
||
|
json={'firewall_policy': updated_policy},
|
||
|
validate=dict(json={'firewall_policy': params}),
|
||
|
),
|
||
|
]
|
||
|
)
|
||
|
self.assertDictEqual(
|
||
|
updated_policy,
|
||
|
self.cloud.update_firewall_policy(
|
||
|
self.firewall_policy_name, **params
|
||
|
),
|
||
|
)
|
||
|
self.assert_calls()
|
||
|
|
||
|
def test_update_firewall_policy_no_rules(self):
|
||
|
params = {'description': 'updated!'}
|
||
|
updated_policy = deepcopy(self.mock_firewall_policy)
|
||
|
updated_policy.update(params)
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET', # short-circuit
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies', self.firewall_policy_name
|
||
|
),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies', name=self.firewall_policy_name
|
||
|
),
|
||
|
json={
|
||
|
'firewall_policies': [
|
||
|
deepcopy(self.mock_firewall_policy)
|
||
|
]
|
||
|
},
|
||
|
),
|
||
|
dict(
|
||
|
method='PUT',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies', self.firewall_policy_id
|
||
|
),
|
||
|
json={'firewall_policy': updated_policy},
|
||
|
validate=dict(json={'firewall_policy': params}),
|
||
|
),
|
||
|
]
|
||
|
)
|
||
|
self.assertDictEqual(
|
||
|
updated_policy,
|
||
|
self.cloud.update_firewall_policy(
|
||
|
self.firewall_policy_name, **params
|
||
|
),
|
||
|
)
|
||
|
self.assert_calls()
|
||
|
|
||
|
def test_update_firewall_policy_filters(self):
|
||
|
filters = {'project_id': self.mock_firewall_policy['project_id']}
|
||
|
params = {'description': 'updated!'}
|
||
|
updated_policy = deepcopy(self.mock_firewall_policy)
|
||
|
updated_policy.update(params)
|
||
|
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='PUT',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies', self.firewall_policy_id
|
||
|
),
|
||
|
json={'firewall_policy': updated_policy},
|
||
|
validate=dict(json={'firewall_policy': params}),
|
||
|
),
|
||
|
]
|
||
|
)
|
||
|
|
||
|
with mock.patch.object(
|
||
|
self.cloud.network,
|
||
|
'find_firewall_policy',
|
||
|
return_value=deepcopy(self.mock_firewall_policy),
|
||
|
):
|
||
|
self.assertDictEqual(
|
||
|
updated_policy,
|
||
|
self.cloud.update_firewall_policy(
|
||
|
self.firewall_policy_name, filters, **params
|
||
|
),
|
||
|
)
|
||
|
self.assert_calls()
|
||
|
self.cloud.network.find_firewall_policy.assert_called_once_with(
|
||
|
self.firewall_policy_name, ignore_missing=False, **filters
|
||
|
)
|
||
|
|
||
|
def test_insert_rule_into_policy(self):
|
||
|
rule0 = FirewallRule(
|
||
|
connection=self.cloud, **TestFirewallRule._mock_firewall_rule_attrs
|
||
|
)
|
||
|
|
||
|
_rule1_attrs = deepcopy(TestFirewallRule._mock_firewall_rule_attrs)
|
||
|
_rule1_attrs.update(
|
||
|
id='8068fc06-0e72-43f2-a76f-a51a33b46e08', name='after_rule'
|
||
|
)
|
||
|
rule1 = FirewallRule(**_rule1_attrs)
|
||
|
|
||
|
_rule2_attrs = deepcopy(TestFirewallRule._mock_firewall_rule_attrs)
|
||
|
_rule2_attrs.update(
|
||
|
id='c716382d-183b-475d-b500-dcc762f45ce3', name='before_rule'
|
||
|
)
|
||
|
rule2 = FirewallRule(**_rule2_attrs)
|
||
|
retrieved_policy = deepcopy(self.mock_firewall_policy)
|
||
|
retrieved_policy['firewall_rules'] = [rule1['id'], rule2['id']]
|
||
|
updated_policy = deepcopy(self.mock_firewall_policy)
|
||
|
updated_policy['firewall_rules'] = [
|
||
|
rule0['id'],
|
||
|
rule1['id'],
|
||
|
rule2['id'],
|
||
|
]
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET', # short-circuit
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies', self.firewall_policy_name
|
||
|
),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET', # get policy
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies', name=self.firewall_policy_name
|
||
|
),
|
||
|
json={'firewall_policies': [retrieved_policy]},
|
||
|
),
|
||
|
dict(
|
||
|
method='GET', # short-circuit
|
||
|
uri=self._make_mock_url('firewall_rules', rule0['name']),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET', # get rule to add
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_rules', name=rule0['name']
|
||
|
),
|
||
|
json={'firewall_rules': [rule0]},
|
||
|
),
|
||
|
dict(
|
||
|
method='GET', # short-circuit
|
||
|
uri=self._make_mock_url('firewall_rules', rule1['name']),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET', # get after rule
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_rules', name=rule1['name']
|
||
|
),
|
||
|
json={'firewall_rules': [rule1]},
|
||
|
),
|
||
|
dict(
|
||
|
method='GET', # short-circuit
|
||
|
uri=self._make_mock_url('firewall_rules', rule2['name']),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET', # get before rule
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_rules', name=rule2['name']
|
||
|
),
|
||
|
json={'firewall_rules': [rule2]},
|
||
|
),
|
||
|
dict(
|
||
|
method='PUT', # add rule
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies',
|
||
|
self.firewall_policy_id,
|
||
|
'insert_rule',
|
||
|
),
|
||
|
json=updated_policy,
|
||
|
validate=dict(
|
||
|
json={
|
||
|
'firewall_rule_id': rule0['id'],
|
||
|
'insert_after': rule1['id'],
|
||
|
'insert_before': rule2['id'],
|
||
|
}
|
||
|
),
|
||
|
),
|
||
|
]
|
||
|
)
|
||
|
r = self.cloud.insert_rule_into_policy(
|
||
|
name_or_id=self.firewall_policy_name,
|
||
|
rule_name_or_id=rule0['name'],
|
||
|
insert_after=rule1['name'],
|
||
|
insert_before=rule2['name'],
|
||
|
)
|
||
|
self.assertDictEqual(updated_policy, r.to_dict())
|
||
|
self.assert_calls()
|
||
|
|
||
|
def test_insert_rule_into_policy_compact(self):
|
||
|
"""
|
||
|
Tests without insert_after and insert_before
|
||
|
"""
|
||
|
rule = FirewallRule(**TestFirewallRule._mock_firewall_rule_attrs)
|
||
|
retrieved_policy = deepcopy(self.mock_firewall_policy)
|
||
|
retrieved_policy['firewall_rules'] = []
|
||
|
updated_policy = deepcopy(retrieved_policy)
|
||
|
updated_policy['firewall_rules'].append(rule['id'])
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET', # short-circuit
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies', self.firewall_policy_name
|
||
|
),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies', name=self.firewall_policy_name
|
||
|
),
|
||
|
json={'firewall_policies': [retrieved_policy]},
|
||
|
),
|
||
|
dict(
|
||
|
method='GET', # short-circuit
|
||
|
uri=self._make_mock_url('firewall_rules', rule['name']),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_rules', name=rule['name']
|
||
|
),
|
||
|
json={'firewall_rules': [rule]},
|
||
|
),
|
||
|
dict(
|
||
|
method='PUT',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies',
|
||
|
retrieved_policy['id'],
|
||
|
'insert_rule',
|
||
|
),
|
||
|
json=updated_policy,
|
||
|
validate=dict(
|
||
|
json={
|
||
|
'firewall_rule_id': rule['id'],
|
||
|
'insert_after': None,
|
||
|
'insert_before': None,
|
||
|
}
|
||
|
),
|
||
|
),
|
||
|
]
|
||
|
)
|
||
|
r = self.cloud.insert_rule_into_policy(
|
||
|
self.firewall_policy_name, rule['name']
|
||
|
)
|
||
|
self.assertDictEqual(updated_policy, r.to_dict())
|
||
|
self.assert_calls()
|
||
|
|
||
|
def test_insert_rule_into_policy_not_found(self):
|
||
|
policy_name = 'bogus_policy'
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET', # short-circuit
|
||
|
uri=self._make_mock_url('firewall_policies', policy_name),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies', name=policy_name
|
||
|
),
|
||
|
json={'firewall_policies': []},
|
||
|
),
|
||
|
]
|
||
|
)
|
||
|
|
||
|
with mock.patch.object(self.cloud.network, 'find_firewall_rule'):
|
||
|
self.assertRaises(
|
||
|
exceptions.ResourceNotFound,
|
||
|
self.cloud.insert_rule_into_policy,
|
||
|
policy_name,
|
||
|
'bogus_rule',
|
||
|
)
|
||
|
self.assert_calls()
|
||
|
self.cloud.network.find_firewall_rule.assert_not_called()
|
||
|
|
||
|
def test_insert_rule_into_policy_rule_not_found(self):
|
||
|
rule_name = 'unknown_rule'
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies', self.firewall_policy_id
|
||
|
),
|
||
|
json={'firewall_policy': self.mock_firewall_policy},
|
||
|
),
|
||
|
dict(
|
||
|
method='GET', # short-circuit
|
||
|
uri=self._make_mock_url('firewall_rules', rule_name),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url('firewall_rules', name=rule_name),
|
||
|
json={'firewall_rules': []},
|
||
|
),
|
||
|
]
|
||
|
)
|
||
|
self.assertRaises(
|
||
|
exceptions.ResourceNotFound,
|
||
|
self.cloud.insert_rule_into_policy,
|
||
|
self.firewall_policy_id,
|
||
|
rule_name,
|
||
|
)
|
||
|
self.assert_calls()
|
||
|
|
||
|
def test_insert_rule_into_policy_already_associated(self):
|
||
|
rule = FirewallRule(
|
||
|
**TestFirewallRule._mock_firewall_rule_attrs
|
||
|
).to_dict()
|
||
|
policy = deepcopy(self.mock_firewall_policy)
|
||
|
policy['firewall_rules'] = [rule['id']]
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies', self.firewall_policy_id
|
||
|
),
|
||
|
json={'firewall_policy': policy},
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url('firewall_rules', rule['id']),
|
||
|
json={'firewall_rule': rule},
|
||
|
),
|
||
|
]
|
||
|
)
|
||
|
|
||
|
with mock.patch.object(self.cloud.log, 'debug'):
|
||
|
r = self.cloud.insert_rule_into_policy(policy['id'], rule['id'])
|
||
|
self.assertDictEqual(policy, r.to_dict())
|
||
|
self.assert_calls()
|
||
|
self.cloud.log.debug.assert_called()
|
||
|
|
||
|
def test_remove_rule_from_policy(self):
|
||
|
policy_name = self.firewall_policy_name
|
||
|
rule = FirewallRule(**TestFirewallRule._mock_firewall_rule_attrs)
|
||
|
|
||
|
retrieved_policy = deepcopy(self.mock_firewall_policy)
|
||
|
retrieved_policy['firewall_rules'][0] = rule['id']
|
||
|
|
||
|
updated_policy = deepcopy(self.mock_firewall_policy)
|
||
|
del updated_policy['firewall_rules'][0]
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET', # short-circuit
|
||
|
uri=self._make_mock_url('firewall_policies', policy_name),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies', name=policy_name
|
||
|
),
|
||
|
json={'firewall_policies': [retrieved_policy]},
|
||
|
),
|
||
|
dict(
|
||
|
method='GET', # short-circuit
|
||
|
uri=self._make_mock_url('firewall_rules', rule['name']),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_rules', name=rule['name']
|
||
|
),
|
||
|
json={'firewall_rules': [rule]},
|
||
|
),
|
||
|
dict(
|
||
|
method='PUT',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies',
|
||
|
self.firewall_policy_id,
|
||
|
'remove_rule',
|
||
|
),
|
||
|
json=updated_policy,
|
||
|
validate=dict(json={'firewall_rule_id': rule['id']}),
|
||
|
),
|
||
|
]
|
||
|
)
|
||
|
r = self.cloud.remove_rule_from_policy(policy_name, rule['name'])
|
||
|
self.assertDictEqual(updated_policy, r.to_dict())
|
||
|
self.assert_calls()
|
||
|
|
||
|
def test_remove_rule_from_policy_not_found(self):
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET', # short-circuit
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies', self.firewall_policy_name
|
||
|
),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies', name=self.firewall_policy_name
|
||
|
),
|
||
|
json={'firewall_policies': []},
|
||
|
),
|
||
|
]
|
||
|
)
|
||
|
|
||
|
with mock.patch.object(self.cloud.network, 'find_firewall_rule'):
|
||
|
self.assertRaises(
|
||
|
exceptions.ResourceNotFound,
|
||
|
self.cloud.remove_rule_from_policy,
|
||
|
self.firewall_policy_name,
|
||
|
TestFirewallRule.firewall_rule_name,
|
||
|
)
|
||
|
self.assert_calls()
|
||
|
self.cloud.network.find_firewall_rule.assert_not_called()
|
||
|
|
||
|
def test_remove_rule_from_policy_rule_not_found(self):
|
||
|
retrieved_policy = deepcopy(self.mock_firewall_policy)
|
||
|
rule = FirewallRule(**TestFirewallRule._mock_firewall_rule_attrs)
|
||
|
retrieved_policy['firewall_rules'][0] = rule['id']
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies', self.firewall_policy_id
|
||
|
),
|
||
|
json={'firewall_policy': retrieved_policy},
|
||
|
),
|
||
|
dict(
|
||
|
method='GET', # short-circuit
|
||
|
uri=self._make_mock_url('firewall_rules', rule['name']),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_rules', name=rule['name']
|
||
|
),
|
||
|
json={'firewall_rules': []},
|
||
|
),
|
||
|
]
|
||
|
)
|
||
|
r = self.cloud.remove_rule_from_policy(
|
||
|
self.firewall_policy_id, rule['name']
|
||
|
)
|
||
|
self.assertDictEqual(retrieved_policy, r.to_dict())
|
||
|
self.assert_calls()
|
||
|
|
||
|
def test_remove_rule_from_policy_not_associated(self):
|
||
|
rule = FirewallRule(
|
||
|
**TestFirewallRule._mock_firewall_rule_attrs
|
||
|
).to_dict()
|
||
|
policy = deepcopy(self.mock_firewall_policy)
|
||
|
del policy['firewall_rules'][0]
|
||
|
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url('firewall_policies', policy['id']),
|
||
|
json={'firewall_policy': policy},
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url('firewall_rules', rule['id']),
|
||
|
json={'firewall_rule': rule},
|
||
|
),
|
||
|
]
|
||
|
)
|
||
|
|
||
|
with mock.patch.object(
|
||
|
self.cloud.network, 'remove_rule_from_policy'
|
||
|
), mock.patch.object(self.cloud.log, 'debug'):
|
||
|
r = self.cloud.remove_rule_from_policy(policy['id'], rule['id'])
|
||
|
self.assertDictEqual(policy, r.to_dict())
|
||
|
self.assert_calls()
|
||
|
self.cloud.log.debug.assert_called_once()
|
||
|
self.cloud.network.remove_rule_from_policy.assert_not_called()
|
||
|
|
||
|
|
||
|
class TestFirewallGroup(FirewallTestCase):
|
||
|
firewall_group_id = '700eed7a-b979-4b80-a06d-14f000d0f645'
|
||
|
firewall_group_name = 'max_security_group'
|
||
|
mock_port = {
|
||
|
'name': 'mock_port',
|
||
|
'id': '7d90977c-45ec-467e-a16d-dcaed772a161',
|
||
|
}
|
||
|
_mock_egress_policy_attrs = {
|
||
|
'id': '34335e5b-44af-4ffd-9dcf-518133f897c7',
|
||
|
'name': 'safe_outgoing_data',
|
||
|
}
|
||
|
_mock_ingress_policy_attrs = {
|
||
|
'id': 'cd28fb50-85d0-4f36-89af-50fac08ac174',
|
||
|
'name': 'bad_incoming_data',
|
||
|
}
|
||
|
_mock_firewall_group_attrs = {
|
||
|
'admin_state_up': True,
|
||
|
'description': 'Providing max security!',
|
||
|
'egress_firewall_policy': _mock_egress_policy_attrs['name'],
|
||
|
'ingress_firewall_policy': _mock_ingress_policy_attrs['name'],
|
||
|
'id': firewall_group_id,
|
||
|
'name': firewall_group_name,
|
||
|
'ports': [mock_port['name']],
|
||
|
'project_id': 'da347b09-0b4f-4994-a3ef-05d13eaecb2c',
|
||
|
'shared': False,
|
||
|
}
|
||
|
_mock_returned_firewall_group_attrs = {
|
||
|
'admin_state_up': True,
|
||
|
'description': 'Providing max security!',
|
||
|
'egress_firewall_policy': _mock_egress_policy_attrs['name'],
|
||
|
'egress_firewall_policy_id': _mock_egress_policy_attrs['id'],
|
||
|
'ingress_firewall_policy': _mock_ingress_policy_attrs['name'],
|
||
|
'ingress_firewall_policy_id': _mock_ingress_policy_attrs['id'],
|
||
|
'id': firewall_group_id,
|
||
|
'name': firewall_group_name,
|
||
|
'ports': [mock_port['id']],
|
||
|
'project_id': 'da347b09-0b4f-4994-a3ef-05d13eaecb2c',
|
||
|
'shared': False,
|
||
|
}
|
||
|
mock_egress_policy = None
|
||
|
mock_ingress_policy = None
|
||
|
mock_firewall_rule = None
|
||
|
mock_returned_firewall_rule = None
|
||
|
|
||
|
def setUp(self, cloud_config_fixture='clouds.yaml'):
|
||
|
super(TestFirewallGroup, self).setUp()
|
||
|
self.mock_egress_policy = FirewallPolicy(
|
||
|
connection=self.cloud, **self._mock_egress_policy_attrs
|
||
|
).to_dict()
|
||
|
self.mock_ingress_policy = FirewallPolicy(
|
||
|
connection=self.cloud, **self._mock_ingress_policy_attrs
|
||
|
).to_dict()
|
||
|
self.mock_firewall_group = FirewallGroup(
|
||
|
connection=self.cloud, **self._mock_firewall_group_attrs
|
||
|
).to_dict()
|
||
|
self.mock_returned_firewall_group = FirewallGroup(
|
||
|
connection=self.cloud, **self._mock_returned_firewall_group_attrs
|
||
|
).to_dict()
|
||
|
|
||
|
def test_create_firewall_group(self):
|
||
|
create_group_attrs = self._mock_firewall_group_attrs.copy()
|
||
|
del create_group_attrs['id']
|
||
|
posted_group_attrs = self._mock_returned_firewall_group_attrs.copy()
|
||
|
del posted_group_attrs['egress_firewall_policy']
|
||
|
del posted_group_attrs['ingress_firewall_policy']
|
||
|
del posted_group_attrs['id']
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET', # short-circuit
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies', self.mock_egress_policy['name']
|
||
|
),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies',
|
||
|
name=self.mock_egress_policy['name'],
|
||
|
),
|
||
|
json={'firewall_policies': [self.mock_egress_policy]},
|
||
|
),
|
||
|
dict(
|
||
|
method='GET', # short-circuit
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies', self.mock_ingress_policy['name']
|
||
|
),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies',
|
||
|
name=self.mock_ingress_policy['name'],
|
||
|
),
|
||
|
json={'firewall_policies': [self.mock_ingress_policy]},
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self.get_mock_url(
|
||
|
'network',
|
||
|
'public',
|
||
|
append=['v2.0', 'ports', self.mock_port['name']],
|
||
|
),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self.get_mock_url(
|
||
|
'network',
|
||
|
'public',
|
||
|
append=['v2.0', 'ports'],
|
||
|
qs_elements=['name=%s' % self.mock_port['name']],
|
||
|
),
|
||
|
json={'ports': [self.mock_port]},
|
||
|
),
|
||
|
dict(
|
||
|
method='POST',
|
||
|
uri=self._make_mock_url('firewall_groups'),
|
||
|
json={
|
||
|
'firewall_group': deepcopy(
|
||
|
self.mock_returned_firewall_group
|
||
|
)
|
||
|
},
|
||
|
validate=dict(json={'firewall_group': posted_group_attrs}),
|
||
|
),
|
||
|
]
|
||
|
)
|
||
|
r = self.cloud.create_firewall_group(**create_group_attrs)
|
||
|
self.assertDictEqual(self.mock_returned_firewall_group, r.to_dict())
|
||
|
self.assert_calls()
|
||
|
|
||
|
def test_create_firewall_group_compact(self):
|
||
|
"""
|
||
|
Tests firewall group creation without policies or ports
|
||
|
"""
|
||
|
firewall_group = deepcopy(self._mock_firewall_group_attrs)
|
||
|
del firewall_group['ports']
|
||
|
del firewall_group['egress_firewall_policy']
|
||
|
del firewall_group['ingress_firewall_policy']
|
||
|
created_firewall = deepcopy(firewall_group)
|
||
|
created_firewall.update(
|
||
|
egress_firewall_policy_id=None,
|
||
|
ingress_firewall_policy_id=None,
|
||
|
ports=[],
|
||
|
)
|
||
|
del firewall_group['id']
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='POST',
|
||
|
uri=self._make_mock_url('firewall_groups'),
|
||
|
json={'firewall_group': created_firewall},
|
||
|
validate=dict(json={'firewall_group': firewall_group}),
|
||
|
)
|
||
|
]
|
||
|
)
|
||
|
r = self.cloud.create_firewall_group(**firewall_group)
|
||
|
self.assertDictEqual(
|
||
|
FirewallGroup(connection=self.cloud, **created_firewall).to_dict(),
|
||
|
r.to_dict(),
|
||
|
)
|
||
|
self.assert_calls()
|
||
|
|
||
|
def test_delete_firewall_group(self):
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET', # short-circuit
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_groups', self.firewall_group_name
|
||
|
),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_groups', name=self.firewall_group_name
|
||
|
),
|
||
|
json={
|
||
|
'firewall_groups': [
|
||
|
deepcopy(self.mock_returned_firewall_group)
|
||
|
]
|
||
|
},
|
||
|
),
|
||
|
dict(
|
||
|
method='DELETE',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_groups', self.firewall_group_id
|
||
|
),
|
||
|
status_code=204,
|
||
|
),
|
||
|
]
|
||
|
)
|
||
|
self.assertTrue(
|
||
|
self.cloud.delete_firewall_group(self.firewall_group_name)
|
||
|
)
|
||
|
self.assert_calls()
|
||
|
|
||
|
def test_delete_firewall_group_filters(self):
|
||
|
filters = {'project_id': self.mock_firewall_group['project_id']}
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='DELETE',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_groups', self.firewall_group_id
|
||
|
),
|
||
|
status_code=204,
|
||
|
)
|
||
|
]
|
||
|
)
|
||
|
|
||
|
with mock.patch.object(
|
||
|
self.cloud.network,
|
||
|
'find_firewall_group',
|
||
|
return_value=deepcopy(self.mock_firewall_group),
|
||
|
):
|
||
|
self.assertTrue(
|
||
|
self.cloud.delete_firewall_group(
|
||
|
self.firewall_group_name, filters
|
||
|
)
|
||
|
)
|
||
|
self.assert_calls()
|
||
|
self.cloud.network.find_firewall_group.assert_called_once_with(
|
||
|
self.firewall_group_name, ignore_missing=False, **filters
|
||
|
)
|
||
|
|
||
|
def test_delete_firewall_group_not_found(self):
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET', # short-circuit
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_groups', self.firewall_group_name
|
||
|
),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_groups', name=self.firewall_group_name
|
||
|
),
|
||
|
json={'firewall_groups': []},
|
||
|
),
|
||
|
]
|
||
|
)
|
||
|
|
||
|
with mock.patch.object(self.cloud.log, 'debug'):
|
||
|
self.assertFalse(
|
||
|
self.cloud.delete_firewall_group(self.firewall_group_name)
|
||
|
)
|
||
|
self.assert_calls()
|
||
|
self.cloud.log.debug.assert_called_once()
|
||
|
|
||
|
def test_get_firewall_group(self):
|
||
|
returned_group = deepcopy(self.mock_returned_firewall_group)
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET', # short-circuit
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_groups', self.firewall_group_name
|
||
|
),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_groups', name=self.firewall_group_name
|
||
|
),
|
||
|
json={'firewall_groups': [returned_group]},
|
||
|
),
|
||
|
]
|
||
|
)
|
||
|
self.assertDictEqual(
|
||
|
returned_group,
|
||
|
self.cloud.get_firewall_group(self.firewall_group_name),
|
||
|
)
|
||
|
self.assert_calls()
|
||
|
|
||
|
def test_get_firewall_group_not_found(self):
|
||
|
name = 'not_found'
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET', # short-circuit
|
||
|
uri=self._make_mock_url('firewall_groups', name),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url('firewall_groups', name=name),
|
||
|
json={'firewall_groups': []},
|
||
|
),
|
||
|
]
|
||
|
)
|
||
|
self.assertIsNone(self.cloud.get_firewall_group(name))
|
||
|
self.assert_calls()
|
||
|
|
||
|
def test_get_firewall_group_by_id(self):
|
||
|
returned_group = deepcopy(self.mock_returned_firewall_group)
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_groups', self.firewall_group_id
|
||
|
),
|
||
|
json={'firewall_group': returned_group},
|
||
|
)
|
||
|
]
|
||
|
)
|
||
|
r = self.cloud.get_firewall_group(self.firewall_group_id)
|
||
|
self.assertDictEqual(returned_group, r.to_dict())
|
||
|
self.assert_calls()
|
||
|
|
||
|
def test_list_firewall_groups(self):
|
||
|
returned_attrs = deepcopy(self.mock_returned_firewall_group)
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url('firewall_groups'),
|
||
|
json={'firewall_groups': [returned_attrs, returned_attrs]},
|
||
|
)
|
||
|
]
|
||
|
)
|
||
|
group = FirewallGroup(connection=self.cloud, **returned_attrs)
|
||
|
self.assertListEqual([group, group], self.cloud.list_firewall_groups())
|
||
|
self.assert_calls()
|
||
|
|
||
|
def test_update_firewall_group(self):
|
||
|
params = {
|
||
|
'description': 'updated!',
|
||
|
'egress_firewall_policy': self.mock_egress_policy['name'],
|
||
|
'ingress_firewall_policy': self.mock_ingress_policy['name'],
|
||
|
'ports': [self.mock_port['name']],
|
||
|
}
|
||
|
updated_group = deepcopy(self.mock_returned_firewall_group)
|
||
|
updated_group['description'] = params['description']
|
||
|
|
||
|
returned_group = deepcopy(self.mock_returned_firewall_group)
|
||
|
# unset attributes that will be updated!
|
||
|
returned_group.update(
|
||
|
ingress_firewall_policy_id=None,
|
||
|
egress_firewall_policy_id=None,
|
||
|
ports=[],
|
||
|
)
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET', # short-circuit
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_groups', self.firewall_group_name
|
||
|
),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_groups', name=self.firewall_group_name
|
||
|
),
|
||
|
json={'firewall_groups': [returned_group]},
|
||
|
),
|
||
|
dict(
|
||
|
method='GET', # short-circuit
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies', self.mock_egress_policy['name']
|
||
|
),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies',
|
||
|
name=self.mock_egress_policy['name'],
|
||
|
),
|
||
|
json={
|
||
|
'firewall_policies': [
|
||
|
deepcopy(self.mock_egress_policy)
|
||
|
]
|
||
|
},
|
||
|
),
|
||
|
dict(
|
||
|
method='GET', # short-circuit
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies', self.mock_ingress_policy['name']
|
||
|
),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_policies',
|
||
|
name=self.mock_ingress_policy['name'],
|
||
|
),
|
||
|
json={
|
||
|
'firewall_policies': [
|
||
|
deepcopy(self.mock_ingress_policy)
|
||
|
]
|
||
|
},
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self.get_mock_url(
|
||
|
'network',
|
||
|
'public',
|
||
|
append=['v2.0', 'ports', self.mock_port['name']],
|
||
|
),
|
||
|
status_code=404,
|
||
|
),
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self.get_mock_url(
|
||
|
'network',
|
||
|
'public',
|
||
|
append=['v2.0', 'ports'],
|
||
|
qs_elements=['name=%s' % self.mock_port['name']],
|
||
|
),
|
||
|
json={'ports': [self.mock_port]},
|
||
|
),
|
||
|
dict(
|
||
|
method='PUT',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_groups', self.firewall_group_id
|
||
|
),
|
||
|
json={'firewall_group': updated_group},
|
||
|
validate=dict(
|
||
|
json={
|
||
|
'firewall_group': {
|
||
|
'description': params['description'],
|
||
|
'egress_firewall_policy_id': self.mock_egress_policy[ # noqa: E501
|
||
|
'id'
|
||
|
],
|
||
|
'ingress_firewall_policy_id': self.mock_ingress_policy[ # noqa: E501
|
||
|
'id'
|
||
|
],
|
||
|
'ports': [self.mock_port['id']],
|
||
|
}
|
||
|
}
|
||
|
),
|
||
|
),
|
||
|
]
|
||
|
)
|
||
|
self.assertDictEqual(
|
||
|
updated_group,
|
||
|
self.cloud.update_firewall_group(
|
||
|
self.firewall_group_name, **params
|
||
|
),
|
||
|
)
|
||
|
self.assert_calls()
|
||
|
|
||
|
def test_update_firewall_group_compact(self):
|
||
|
params = {'description': 'updated again!'}
|
||
|
updated_group = deepcopy(self.mock_returned_firewall_group)
|
||
|
updated_group.update(params)
|
||
|
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_groups', self.firewall_group_id
|
||
|
),
|
||
|
json={
|
||
|
'firewall_group': deepcopy(
|
||
|
self.mock_returned_firewall_group
|
||
|
)
|
||
|
},
|
||
|
),
|
||
|
dict(
|
||
|
method='PUT',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_groups', self.firewall_group_id
|
||
|
),
|
||
|
json={'firewall_group': updated_group},
|
||
|
validate=dict(json={'firewall_group': params}),
|
||
|
),
|
||
|
]
|
||
|
)
|
||
|
self.assertDictEqual(
|
||
|
updated_group,
|
||
|
self.cloud.update_firewall_group(self.firewall_group_id, **params),
|
||
|
)
|
||
|
self.assert_calls()
|
||
|
|
||
|
def test_update_firewall_group_filters(self):
|
||
|
filters = {'project_id': self.mock_firewall_group['project_id']}
|
||
|
params = {'description': 'updated again!'}
|
||
|
updated_group = deepcopy(self.mock_returned_firewall_group)
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='PUT',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_groups', self.firewall_group_id
|
||
|
),
|
||
|
json={'firewall_group': updated_group},
|
||
|
validate=dict(json={'firewall_group': params}),
|
||
|
)
|
||
|
]
|
||
|
)
|
||
|
|
||
|
with mock.patch.object(
|
||
|
self.cloud.network,
|
||
|
'find_firewall_group',
|
||
|
return_value=deepcopy(self.mock_firewall_group),
|
||
|
):
|
||
|
r = self.cloud.update_firewall_group(
|
||
|
self.firewall_group_name, filters, **params
|
||
|
)
|
||
|
self.assertDictEqual(updated_group, r.to_dict())
|
||
|
self.assert_calls()
|
||
|
self.cloud.network.find_firewall_group.assert_called_once_with(
|
||
|
self.firewall_group_name, ignore_missing=False, **filters
|
||
|
)
|
||
|
|
||
|
def test_update_firewall_group_unset_policies(self):
|
||
|
transformed_params = {
|
||
|
'ingress_firewall_policy_id': None,
|
||
|
'egress_firewall_policy_id': None,
|
||
|
}
|
||
|
updated_group = deepcopy(self.mock_returned_firewall_group)
|
||
|
updated_group.update(**transformed_params)
|
||
|
returned_group = deepcopy(self.mock_returned_firewall_group)
|
||
|
self.register_uris(
|
||
|
[
|
||
|
dict(
|
||
|
method='GET',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_groups', self.firewall_group_id
|
||
|
),
|
||
|
json={'firewall_group': returned_group},
|
||
|
),
|
||
|
dict(
|
||
|
method='PUT',
|
||
|
uri=self._make_mock_url(
|
||
|
'firewall_groups', self.firewall_group_id
|
||
|
),
|
||
|
json={'firewall_group': updated_group},
|
||
|
validate=dict(json={'firewall_group': transformed_params}),
|
||
|
),
|
||
|
]
|
||
|
)
|
||
|
self.assertDictEqual(
|
||
|
updated_group,
|
||
|
self.cloud.update_firewall_group(
|
||
|
self.firewall_group_id,
|
||
|
ingress_firewall_policy=None,
|
||
|
egress_firewall_policy=None,
|
||
|
),
|
||
|
)
|
||
|
self.assert_calls()
|