Merge "Rename source_(group_id/ip_prefix) to remote_(group_id/ip_prefix)"
This commit is contained in:
commit
13c64ffbde
@ -37,17 +37,19 @@ class FirewallDriver(object):
|
||||
the rule may contain security_group_id,
|
||||
protocol, port_min, port_max
|
||||
source_ip_prefix, source_port_min,
|
||||
source_port_max, dest_ip_prefix,
|
||||
source_port_max, dest_ip_prefix, and
|
||||
remote_group_id
|
||||
Note: source_group_ip in REST API should be converted by this rule
|
||||
if direction is ingress:
|
||||
source_group_ip will be a soruce_prefix_ip
|
||||
remote_group_ip will be a source_ip_prefix
|
||||
if direction is egress:
|
||||
source_group_ip will be a dest_prefix_ip
|
||||
Note: source_group_id in REST API should be converted by this rule
|
||||
remote_group_ip will be a dest_ip_prefix
|
||||
Note: remote_group_id in REST API should be converted by this rule
|
||||
if direction is ingress:
|
||||
source_group_id will be a list of soruce_prefix_ip
|
||||
remote_group_id will be a list of source_ip_prefix
|
||||
if direction is egress:
|
||||
source_group_id will be a list of dest_prefix_ip
|
||||
remote_group_id will be a list of dest_ip_prefix
|
||||
remote_group_id will also remaining membership update management
|
||||
"""
|
||||
|
||||
__metaclass__ = abc.ABCMeta
|
||||
|
@ -61,7 +61,7 @@ def upgrade(active_plugin=None, options=None):
|
||||
sa.Column('tenant_id', sa.String(length=255), nullable=True),
|
||||
sa.Column('id', sa.String(length=36), nullable=False),
|
||||
sa.Column('security_group_id', sa.String(length=36), nullable=False),
|
||||
sa.Column('source_group_id', sa.String(length=36), nullable=True),
|
||||
sa.Column('remote_group_id', sa.String(length=36), nullable=True),
|
||||
sa.Column('direction',
|
||||
sa.Enum('ingress', 'egress',
|
||||
name='securitygrouprules_direction'),
|
||||
@ -70,10 +70,10 @@ def upgrade(active_plugin=None, options=None):
|
||||
sa.Column('protocol', sa.String(length=40), nullable=True),
|
||||
sa.Column('port_range_min', sa.Integer(), nullable=True),
|
||||
sa.Column('port_range_max', sa.Integer(), nullable=True),
|
||||
sa.Column('source_ip_prefix', sa.String(length=255), nullable=True),
|
||||
sa.Column('remote_ip_prefix', sa.String(length=255), nullable=True),
|
||||
sa.ForeignKeyConstraint(['security_group_id'], ['securitygroups.id'],
|
||||
ondelete='CASCADE'),
|
||||
sa.ForeignKeyConstraint(['source_group_id'], ['securitygroups.id'],
|
||||
sa.ForeignKeyConstraint(['remote_group_id'], ['securitygroups.id'],
|
||||
ondelete='CASCADE'),
|
||||
sa.PrimaryKeyConstraint('id')
|
||||
)
|
||||
|
@ -53,7 +53,7 @@ class SecurityGroupRule(model_base.BASEV2, models_v2.HasId,
|
||||
ondelete="CASCADE"),
|
||||
nullable=False)
|
||||
|
||||
source_group_id = sa.Column(sa.String(36),
|
||||
remote_group_id = sa.Column(sa.String(36),
|
||||
sa.ForeignKey("securitygroups.id",
|
||||
ondelete="CASCADE"),
|
||||
nullable=True)
|
||||
@ -64,7 +64,7 @@ class SecurityGroupRule(model_base.BASEV2, models_v2.HasId,
|
||||
protocol = sa.Column(sa.String(40))
|
||||
port_range_min = sa.Column(sa.Integer)
|
||||
port_range_max = sa.Column(sa.Integer)
|
||||
source_ip_prefix = sa.Column(sa.String(255))
|
||||
remote_ip_prefix = sa.Column(sa.String(255))
|
||||
security_group = orm.relationship(
|
||||
SecurityGroup,
|
||||
backref=orm.backref('rules', cascade='all,delete'),
|
||||
@ -72,7 +72,7 @@ class SecurityGroupRule(model_base.BASEV2, models_v2.HasId,
|
||||
source_group = orm.relationship(
|
||||
SecurityGroup,
|
||||
backref=orm.backref('source_rules', cascade='all,delete'),
|
||||
primaryjoin="SecurityGroup.id==SecurityGroupRule.source_group_id")
|
||||
primaryjoin="SecurityGroup.id==SecurityGroupRule.remote_group_id")
|
||||
|
||||
|
||||
class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
|
||||
@ -234,12 +234,12 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
|
||||
id=uuidutils.generate_uuid(), tenant_id=tenant_id,
|
||||
security_group_id=rule['security_group_id'],
|
||||
direction=rule['direction'],
|
||||
source_group_id=rule.get('source_group_id'),
|
||||
remote_group_id=rule.get('remote_group_id'),
|
||||
ethertype=rule['ethertype'],
|
||||
protocol=rule['protocol'],
|
||||
port_range_min=rule['port_range_min'],
|
||||
port_range_max=rule['port_range_max'],
|
||||
source_ip_prefix=rule.get('source_ip_prefix'))
|
||||
remote_ip_prefix=rule.get('remote_ip_prefix'))
|
||||
context.session.add(db)
|
||||
ret.append(self._make_security_group_rule_dict(db))
|
||||
return ret
|
||||
@ -251,7 +251,7 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
|
||||
|
||||
def _validate_security_group_rules(self, context, security_group_rule):
|
||||
"""Check that rules being installed all belong to the same security
|
||||
group, source_group_id/security_group_id belong to the same tenant,
|
||||
group, remote_group_id/security_group_id belong to the same tenant,
|
||||
and rules are valid.
|
||||
"""
|
||||
new_rules = set()
|
||||
@ -271,15 +271,15 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
|
||||
else:
|
||||
raise ext_sg.SecurityGroupInvalidPortRange()
|
||||
|
||||
if rule['source_ip_prefix'] and rule['source_group_id']:
|
||||
raise ext_sg.SecurityGroupSourceGroupAndIpPrefix()
|
||||
if rule['remote_ip_prefix'] and rule['remote_group_id']:
|
||||
raise ext_sg.SecurityGroupRemoteGroupAndRemoteIpPrefix()
|
||||
|
||||
if rule['tenant_id'] not in tenant_ids:
|
||||
tenant_ids.add(rule['tenant_id'])
|
||||
source_group_id = rule.get('source_group_id')
|
||||
# Check that source_group_id exists for tenant
|
||||
if source_group_id:
|
||||
self.get_security_group(context, source_group_id,
|
||||
remote_group_id = rule.get('remote_group_id')
|
||||
# Check that remote_group_id exists for tenant
|
||||
if remote_group_id:
|
||||
self.get_security_group(context, remote_group_id,
|
||||
tenant_id=rule['tenant_id'])
|
||||
if len(new_rules) > 1:
|
||||
raise ext_sg.SecurityGroupNotSingleGroupRules()
|
||||
@ -303,8 +303,8 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
|
||||
'protocol': security_group_rule['protocol'],
|
||||
'port_range_min': security_group_rule['port_range_min'],
|
||||
'port_range_max': security_group_rule['port_range_max'],
|
||||
'source_ip_prefix': security_group_rule['source_ip_prefix'],
|
||||
'source_group_id': security_group_rule['source_group_id']}
|
||||
'remote_ip_prefix': security_group_rule['remote_ip_prefix'],
|
||||
'remote_group_id': security_group_rule['remote_group_id']}
|
||||
|
||||
return self._fields(res, fields)
|
||||
|
||||
@ -315,8 +315,8 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
|
||||
'direction': [sgr['direction']]}
|
||||
|
||||
include_if_present = ['protocol', 'port_range_max', 'port_range_min',
|
||||
'ethertype', 'source_ip_prefix',
|
||||
'source_group_id']
|
||||
'ethertype', 'remote_ip_prefix',
|
||||
'remote_group_id']
|
||||
for key in include_if_present:
|
||||
value = sgr.get(key)
|
||||
if value:
|
||||
|
@ -111,8 +111,8 @@ class SecurityGroupServerRpcCallbackMixin(object):
|
||||
def security_group_rules_for_devices(self, context, **kwargs):
|
||||
""" return security group rules for each port
|
||||
|
||||
also convert source_group_id rule
|
||||
to source_ip_prefix rule
|
||||
also convert remote_group_id rule
|
||||
to source_ip_prefix and dest_ip_prefix rule
|
||||
|
||||
:params devices: list of devices
|
||||
:returns: port correspond to the devices with security group rules
|
||||
@ -144,12 +144,12 @@ class SecurityGroupServerRpcCallbackMixin(object):
|
||||
query = query.filter(sg_binding_port.in_(ports.keys()))
|
||||
return query.all()
|
||||
|
||||
def _select_ips_for_source_group(self, context, source_group_ids):
|
||||
def _select_ips_for_remote_group(self, context, remote_group_ids):
|
||||
ips_by_group = {}
|
||||
if not source_group_ids:
|
||||
if not remote_group_ids:
|
||||
return ips_by_group
|
||||
for source_group_id in source_group_ids:
|
||||
ips_by_group[source_group_id] = []
|
||||
for remote_group_id in remote_group_ids:
|
||||
ips_by_group[remote_group_id] = []
|
||||
|
||||
ip_port = models_v2.IPAllocation.port_id
|
||||
sg_binding_port = sg_db.SecurityGroupPortBinding.port_id
|
||||
@ -159,20 +159,20 @@ class SecurityGroupServerRpcCallbackMixin(object):
|
||||
models_v2.IPAllocation.ip_address)
|
||||
query = query.join(models_v2.IPAllocation,
|
||||
ip_port == sg_binding_port)
|
||||
query = query.filter(sg_binding_sgid.in_(source_group_ids))
|
||||
query = query.filter(sg_binding_sgid.in_(remote_group_ids))
|
||||
ip_in_db = query.all()
|
||||
for security_group_id, ip_address in ip_in_db:
|
||||
ips_by_group[security_group_id].append(ip_address)
|
||||
return ips_by_group
|
||||
|
||||
def _select_source_group_ids(self, ports):
|
||||
source_group_ids = []
|
||||
def _select_remote_group_ids(self, ports):
|
||||
remote_group_ids = []
|
||||
for port in ports.values():
|
||||
for rule in port.get('security_group_rules'):
|
||||
source_group_id = rule.get('source_group_id')
|
||||
if source_group_id:
|
||||
source_group_ids.append(source_group_id)
|
||||
return source_group_ids
|
||||
remote_group_id = rule.get('remote_group_id')
|
||||
if remote_group_id:
|
||||
remote_group_ids.append(remote_group_id)
|
||||
return remote_group_ids
|
||||
|
||||
def _select_network_ids(self, ports):
|
||||
return set((port['network_id'] for port in ports.values()))
|
||||
@ -195,22 +195,22 @@ class SecurityGroupServerRpcCallbackMixin(object):
|
||||
ips[port['network_id']].append(ip)
|
||||
return ips
|
||||
|
||||
def _convert_source_group_id_to_ip_prefix(self, context, ports):
|
||||
source_group_ids = self._select_source_group_ids(ports)
|
||||
ips = self._select_ips_for_source_group(context, source_group_ids)
|
||||
def _convert_remote_group_id_to_ip_prefix(self, context, ports):
|
||||
remote_group_ids = self._select_remote_group_ids(ports)
|
||||
ips = self._select_ips_for_remote_group(context, remote_group_ids)
|
||||
for port in ports.values():
|
||||
updated_rule = []
|
||||
for rule in port.get('security_group_rules'):
|
||||
source_group_id = rule.get('source_group_id')
|
||||
remote_group_id = rule.get('remote_group_id')
|
||||
direction = rule.get('direction')
|
||||
direction_ip_prefix = DIRECTION_IP_PREFIX[direction]
|
||||
if not source_group_id:
|
||||
if not remote_group_id:
|
||||
updated_rule.append(rule)
|
||||
continue
|
||||
|
||||
port['security_group_source_groups'].append(source_group_id)
|
||||
port['security_group_source_groups'].append(remote_group_id)
|
||||
base_rule = rule
|
||||
for ip in ips[source_group_id]:
|
||||
for ip in ips[remote_group_id]:
|
||||
if ip in port.get('fixed_ips', []):
|
||||
continue
|
||||
ip_rule = base_rule.copy()
|
||||
@ -290,12 +290,13 @@ class SecurityGroupServerRpcCallbackMixin(object):
|
||||
'ethertype': rule_in_db['ethertype'],
|
||||
}
|
||||
for key in ('protocol', 'port_range_min', 'port_range_max',
|
||||
'source_ip_prefix', 'source_group_id'):
|
||||
'remote_ip_prefix', 'remote_group_id'):
|
||||
if rule_in_db.get(key):
|
||||
if key == 'source_ip_prefix' and direction == 'egress':
|
||||
rule_dict['dest_ip_prefix'] = rule_in_db[key]
|
||||
if key == 'remote_ip_prefix':
|
||||
direction_ip_prefix = DIRECTION_IP_PREFIX[direction]
|
||||
rule_dict[direction_ip_prefix] = rule_in_db[key]
|
||||
continue
|
||||
rule_dict[key] = rule_in_db[key]
|
||||
port['security_group_rules'].append(rule_dict)
|
||||
self._apply_provider_rule(context, ports)
|
||||
return self._convert_source_group_id_to_ip_prefix(context, ports)
|
||||
return self._convert_remote_group_id_to_ip_prefix(context, ports)
|
||||
|
@ -61,8 +61,8 @@ class SecurityGroupRulesNotSingleTenant(qexception.InvalidInput):
|
||||
" not allowed")
|
||||
|
||||
|
||||
class SecurityGroupSourceGroupAndIpPrefix(qexception.InvalidInput):
|
||||
message = _("Only source_ip_prefix or source_group_id may "
|
||||
class SecurityGroupRemoteGroupAndRemoteIpPrefix(qexception.InvalidInput):
|
||||
message = _("Only remote_ip_prefix or remote_group_id may "
|
||||
"be provided.")
|
||||
|
||||
|
||||
@ -75,10 +75,6 @@ class SecurityGroupNotSingleGroupRules(qexception.InvalidInput):
|
||||
"one security profile at a time")
|
||||
|
||||
|
||||
class SecurityGroupSourceGroupNotFound(qexception.NotFound):
|
||||
message = _("Source group id %(id)s does not exist")
|
||||
|
||||
|
||||
class SecurityGroupNotFound(qexception.NotFound):
|
||||
message = _("Security group %(id)s does not exist")
|
||||
|
||||
@ -171,7 +167,7 @@ RESOURCE_ATTRIBUTE_MAP = {
|
||||
'primary_key': True},
|
||||
'security_group_id': {'allow_post': True, 'allow_put': False,
|
||||
'is_visible': True, 'required_by_policy': True},
|
||||
'source_group_id': {'allow_post': True, 'allow_put': False,
|
||||
'remote_group_id': {'allow_post': True, 'allow_put': False,
|
||||
'default': None, 'is_visible': True},
|
||||
'direction': {'allow_post': True, 'allow_put': True,
|
||||
'is_visible': True,
|
||||
@ -190,7 +186,7 @@ RESOURCE_ATTRIBUTE_MAP = {
|
||||
'is_visible': True, 'default': 'IPv4',
|
||||
'convert_to': convert_ethertype_to_case_insensitive,
|
||||
'validate': {'type:values': sg_supported_ethertypes}},
|
||||
'source_ip_prefix': {'allow_post': True, 'allow_put': False,
|
||||
'remote_ip_prefix': {'allow_post': True, 'allow_put': False,
|
||||
'default': None, 'is_visible': True},
|
||||
'tenant_id': {'allow_post': True, 'allow_put': False,
|
||||
'required_by_policy': True,
|
||||
|
@ -220,8 +220,8 @@ class RuleManager:
|
||||
rule_id = rule['id']
|
||||
ethertype = rule['ethertype']
|
||||
security_group_id = rule['security_group_id']
|
||||
source_group_id = rule['source_group_id']
|
||||
source_ip_prefix = rule['source_ip_prefix'] # watch out. not validated
|
||||
remote_group_id = rule['remote_group_id']
|
||||
remote_ip_prefix = rule['remote_ip_prefix'] # watch out. not validated
|
||||
tenant_id = rule['tenant_id']
|
||||
port_range_min = rule['port_range_min']
|
||||
external_id = rule['external_id']
|
||||
@ -234,10 +234,10 @@ class RuleManager:
|
||||
port_group_id = None
|
||||
|
||||
# handle source
|
||||
if not source_ip_prefix is None:
|
||||
nw_src_address, nw_src_length = source_ip_prefix.split('/')
|
||||
elif not source_group_id is None: # security group as a srouce
|
||||
source_pg = self.pg_manager.get_for_sg(tenant_id, source_group_id)
|
||||
if not remote_ip_prefix is None:
|
||||
nw_src_address, nw_src_length = remote_ip_prefix.split('/')
|
||||
elif not remote_group_id is None: # security group as a srouce
|
||||
source_pg = self.pg_manager.get_for_sg(tenant_id, remote_group_id)
|
||||
port_group_id = source_pg.get_id()
|
||||
else:
|
||||
raise Exception(_("Don't know what to do with rule=%r"), rule)
|
||||
|
@ -28,8 +28,8 @@ class NVPSecurityGroups(object):
|
||||
def _convert_to_nvp_rule(self, rule, with_id=False):
|
||||
"""Converts Quantum API security group rule to NVP API."""
|
||||
nvp_rule = {}
|
||||
params = ['source_ip_prefix', 'protocol',
|
||||
'source_group_id', 'port_range_min',
|
||||
params = ['remote_ip_prefix', 'protocol',
|
||||
'remote_group_id', 'port_range_min',
|
||||
'port_range_max', 'ethertype']
|
||||
if with_id:
|
||||
params.append('id')
|
||||
@ -40,10 +40,10 @@ class NVPSecurityGroups(object):
|
||||
nvp_rule[param] = value
|
||||
elif not value:
|
||||
pass
|
||||
elif param == 'source_ip_prefix':
|
||||
nvp_rule['ip_prefix'] = rule['source_ip_prefix']
|
||||
elif param == 'source_group_id':
|
||||
nvp_rule['profile_uuid'] = rule['source_group_id']
|
||||
elif param == 'remote_ip_prefix':
|
||||
nvp_rule['ip_prefix'] = rule['remote_ip_prefix']
|
||||
elif param == 'remote_group_id':
|
||||
nvp_rule['profile_uuid'] = rule['remote_group_id']
|
||||
elif param == 'protocol':
|
||||
nvp_rule['protocol'] = protocol_num_look_up[rule['protocol']]
|
||||
else:
|
||||
@ -65,7 +65,7 @@ class NVPSecurityGroups(object):
|
||||
with_id=False):
|
||||
"""Query quantum db for security group rules.
|
||||
"""
|
||||
fields = ['source_ip_prefix', 'source_group_id', 'protocol',
|
||||
fields = ['remote_ip_prefix', 'remote_group_id', 'protocol',
|
||||
'port_range_min', 'port_range_max', 'protocol', 'ethertype']
|
||||
if with_id:
|
||||
fields.append('id')
|
||||
@ -80,11 +80,11 @@ class NVPSecurityGroups(object):
|
||||
'logical_port_egress_rules': ingress_rules}
|
||||
return self._convert_to_nvp_rules(rules, with_id)
|
||||
|
||||
def _get_profile_uuid(self, context, source_group_id):
|
||||
def _get_profile_uuid(self, context, remote_group_id):
|
||||
"""Return profile id from novas group id. """
|
||||
security_group = self.get_security_group(context, source_group_id)
|
||||
security_group = self.get_security_group(context, remote_group_id)
|
||||
if not security_group:
|
||||
raise ext_sg.SecurityGroupNotFound(id=source_group_id)
|
||||
raise ext_sg.SecurityGroupNotFound(id=remote_group_id)
|
||||
return security_group['id']
|
||||
|
||||
def _merge_security_group_rules_with_current(self, context, new_rules,
|
||||
@ -95,8 +95,8 @@ class NVPSecurityGroups(object):
|
||||
rule = new_rule['security_group_rule']
|
||||
rule['security_group_id'] = security_group_id
|
||||
if rule.get('souce_group_id'):
|
||||
rule['source_group_id'] = self._get_profile_uuid(
|
||||
context, rule['source_group_id'])
|
||||
rule['remote_group_id'] = self._get_profile_uuid(
|
||||
context, rule['remote_group_id'])
|
||||
if rule['direction'] == 'ingress':
|
||||
merged_rules['logical_port_egress_rules'].append(
|
||||
self._convert_to_nvp_rule(rule))
|
||||
|
@ -194,7 +194,7 @@ class MidonetRuleManagerTestCase(MidonetLibTestCase):
|
||||
return {"tenant_id": tenant_id, "security_group_id": sg_id,
|
||||
"rule_id": rule_id, "direction": direction,
|
||||
"protocol": protocol,
|
||||
"source_ip_prefix": src_ip, "source_group_id": src_group_id,
|
||||
"remote_ip_prefix": src_ip, "remote_group_id": src_group_id,
|
||||
"port_range_min": port_min, "port_range_max": port_max,
|
||||
"ethertype": ethertype, "id": rule_id, "external_id": None}
|
||||
|
||||
|
@ -68,7 +68,7 @@ class SecurityGroupsTestCase(test_db_plugin.QuantumDbPluginV2TestCase):
|
||||
|
||||
def _build_security_group_rule(self, security_group_id, direction,
|
||||
protocol, port_range_min, port_range_max,
|
||||
source_ip_prefix=None, source_group_id=None,
|
||||
remote_ip_prefix=None, remote_group_id=None,
|
||||
tenant_id='test_tenant',
|
||||
ethertype='IPv4'):
|
||||
|
||||
@ -80,11 +80,11 @@ class SecurityGroupsTestCase(test_db_plugin.QuantumDbPluginV2TestCase):
|
||||
'port_range_max': port_range_max,
|
||||
'tenant_id': tenant_id,
|
||||
'ethertype': ethertype}}
|
||||
if source_ip_prefix:
|
||||
data['security_group_rule']['source_ip_prefix'] = source_ip_prefix
|
||||
if remote_ip_prefix:
|
||||
data['security_group_rule']['remote_ip_prefix'] = remote_ip_prefix
|
||||
|
||||
if source_group_id:
|
||||
data['security_group_rule']['source_group_id'] = source_group_id
|
||||
if remote_group_id:
|
||||
data['security_group_rule']['remote_group_id'] = remote_group_id
|
||||
|
||||
return data
|
||||
|
||||
@ -129,7 +129,7 @@ class SecurityGroupsTestCase(test_db_plugin.QuantumDbPluginV2TestCase):
|
||||
'd1db38eb087',
|
||||
direction='ingress', protocol='tcp',
|
||||
port_range_min='22', port_range_max='22',
|
||||
source_ip_prefix=None, source_group_id=None,
|
||||
remote_ip_prefix=None, remote_group_id=None,
|
||||
fmt=None, no_delete=False, ethertype='IPv4'):
|
||||
if not fmt:
|
||||
fmt = self.fmt
|
||||
@ -137,8 +137,8 @@ class SecurityGroupsTestCase(test_db_plugin.QuantumDbPluginV2TestCase):
|
||||
direction,
|
||||
protocol, port_range_min,
|
||||
port_range_max,
|
||||
source_ip_prefix,
|
||||
source_group_id,
|
||||
remote_ip_prefix,
|
||||
remote_group_id,
|
||||
ethertype=ethertype)
|
||||
security_group_rule = self._make_security_group_rule(self.fmt, rule)
|
||||
try:
|
||||
@ -327,7 +327,7 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
|
||||
with self.security_group(name, description) as sg:
|
||||
security_group_id = sg['security_group']['id']
|
||||
direction = "ingress"
|
||||
source_ip_prefix = "10.0.0.0/24"
|
||||
remote_ip_prefix = "10.0.0.0/24"
|
||||
protocol = 'TCP'
|
||||
port_range_min = 22
|
||||
port_range_max = 22
|
||||
@ -335,7 +335,7 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
|
||||
with self.security_group_rule(security_group_id, direction,
|
||||
protocol, port_range_min,
|
||||
port_range_max,
|
||||
source_ip_prefix,
|
||||
remote_ip_prefix,
|
||||
ethertype=ethertype) as rule:
|
||||
|
||||
# the lower case value will be return
|
||||
@ -348,15 +348,15 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
|
||||
name = 'webservers'
|
||||
description = 'my webservers'
|
||||
with self.security_group(name, description) as sg:
|
||||
source_group_id = sg['security_group']['id']
|
||||
res = self.new_show_request('security-groups', source_group_id)
|
||||
remote_group_id = sg['security_group']['id']
|
||||
res = self.new_show_request('security-groups', remote_group_id)
|
||||
security_group_id = sg['security_group']['id']
|
||||
direction = "ingress"
|
||||
source_ip_prefix = "10.0.0.0/24"
|
||||
remote_ip_prefix = "10.0.0.0/24"
|
||||
protocol = 'tcp'
|
||||
port_range_min = 22
|
||||
port_range_max = 22
|
||||
keys = [('source_ip_prefix', source_ip_prefix),
|
||||
keys = [('remote_ip_prefix', remote_ip_prefix),
|
||||
('security_group_id', security_group_id),
|
||||
('direction', direction),
|
||||
('protocol', protocol),
|
||||
@ -365,13 +365,13 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
|
||||
with self.security_group_rule(security_group_id, direction,
|
||||
protocol, port_range_min,
|
||||
port_range_max,
|
||||
source_ip_prefix):
|
||||
remote_ip_prefix):
|
||||
|
||||
group = self.deserialize(
|
||||
self.fmt, res.get_response(self.ext_api))
|
||||
sg_rule = group['security_group']['security_group_rules']
|
||||
self.assertEqual(group['security_group']['id'],
|
||||
source_group_id)
|
||||
remote_group_id)
|
||||
self.assertEqual(len(sg_rule), 1)
|
||||
for k, v, in keys:
|
||||
self.assertEqual(sg_rule[0][k], v)
|
||||
@ -380,8 +380,8 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
|
||||
name = 'webservers'
|
||||
description = 'my webservers'
|
||||
with self.security_group(name, description, no_delete=True) as sg:
|
||||
source_group_id = sg['security_group']['id']
|
||||
self._delete('security-groups', source_group_id, 204)
|
||||
remote_group_id = sg['security_group']['id']
|
||||
self._delete('security-groups', remote_group_id, 204)
|
||||
|
||||
def test_delete_default_security_group_fail(self):
|
||||
with self.network():
|
||||
@ -405,17 +405,17 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
|
||||
self.assertEqual(rule['port_range_min'], None)
|
||||
self.assertEqual(rule['protocol'], None)
|
||||
|
||||
def test_create_security_group_rule_source_ip_prefix(self):
|
||||
def test_create_security_group_rule_remote_ip_prefix(self):
|
||||
name = 'webservers'
|
||||
description = 'my webservers'
|
||||
with self.security_group(name, description) as sg:
|
||||
security_group_id = sg['security_group']['id']
|
||||
direction = "ingress"
|
||||
source_ip_prefix = "10.0.0.0/24"
|
||||
remote_ip_prefix = "10.0.0.0/24"
|
||||
protocol = 'tcp'
|
||||
port_range_min = 22
|
||||
port_range_max = 22
|
||||
keys = [('source_ip_prefix', source_ip_prefix),
|
||||
keys = [('remote_ip_prefix', remote_ip_prefix),
|
||||
('security_group_id', security_group_id),
|
||||
('direction', direction),
|
||||
('protocol', protocol),
|
||||
@ -424,7 +424,7 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
|
||||
with self.security_group_rule(security_group_id, direction,
|
||||
protocol, port_range_min,
|
||||
port_range_max,
|
||||
source_ip_prefix) as rule:
|
||||
remote_ip_prefix) as rule:
|
||||
for k, v, in keys:
|
||||
self.assertEqual(rule['security_group_rule'][k], v)
|
||||
|
||||
@ -435,11 +435,11 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
|
||||
with self.security_group(name, description) as sg2:
|
||||
security_group_id = sg['security_group']['id']
|
||||
direction = "ingress"
|
||||
source_group_id = sg2['security_group']['id']
|
||||
remote_group_id = sg2['security_group']['id']
|
||||
protocol = 'tcp'
|
||||
port_range_min = 22
|
||||
port_range_max = 22
|
||||
keys = [('source_group_id', source_group_id),
|
||||
keys = [('remote_group_id', remote_group_id),
|
||||
('security_group_id', security_group_id),
|
||||
('direction', direction),
|
||||
('protocol', protocol),
|
||||
@ -448,7 +448,7 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
|
||||
with self.security_group_rule(security_group_id, direction,
|
||||
protocol, port_range_min,
|
||||
port_range_max,
|
||||
source_group_id=source_group_id
|
||||
remote_group_id=remote_group_id
|
||||
) as rule:
|
||||
for k, v, in keys:
|
||||
self.assertEqual(rule['security_group_rule'][k], v)
|
||||
@ -456,16 +456,16 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
|
||||
def test_create_security_group_source_group_ip_and_ip_prefix(self):
|
||||
security_group_id = "4cd70774-cc67-4a87-9b39-7d1db38eb087"
|
||||
direction = "ingress"
|
||||
source_ip_prefix = "10.0.0.0/24"
|
||||
remote_ip_prefix = "10.0.0.0/24"
|
||||
protocol = 'tcp'
|
||||
port_range_min = 22
|
||||
port_range_max = 22
|
||||
source_group_id = "9cd70774-cc67-4a87-9b39-7d1db38eb087"
|
||||
remote_group_id = "9cd70774-cc67-4a87-9b39-7d1db38eb087"
|
||||
rule = self._build_security_group_rule(security_group_id, direction,
|
||||
protocol, port_range_min,
|
||||
port_range_max,
|
||||
source_ip_prefix,
|
||||
source_group_id)
|
||||
remote_ip_prefix,
|
||||
remote_group_id)
|
||||
res = self._create_security_group_rule(self.fmt, rule)
|
||||
self.deserialize(self.fmt, res)
|
||||
self.assertEqual(res.status_int, 400)
|
||||
@ -473,14 +473,14 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
|
||||
def test_create_security_group_rule_bad_security_group_id(self):
|
||||
security_group_id = "4cd70774-cc67-4a87-9b39-7d1db38eb087"
|
||||
direction = "ingress"
|
||||
source_ip_prefix = "10.0.0.0/24"
|
||||
remote_ip_prefix = "10.0.0.0/24"
|
||||
protocol = 'tcp'
|
||||
port_range_min = 22
|
||||
port_range_max = 22
|
||||
rule = self._build_security_group_rule(security_group_id, direction,
|
||||
protocol, port_range_min,
|
||||
port_range_max,
|
||||
source_ip_prefix)
|
||||
remote_ip_prefix)
|
||||
res = self._create_security_group_rule(self.fmt, rule)
|
||||
self.deserialize(self.fmt, res)
|
||||
self.assertEqual(res.status_int, 404)
|
||||
@ -499,7 +499,7 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
|
||||
self.deserialize(self.fmt, res)
|
||||
self.assertEqual(res.status_int, 404)
|
||||
|
||||
def test_create_security_group_rule_bad_tenant_source_group_id(self):
|
||||
def test_create_security_group_rule_bad_tenant_remote_group_id(self):
|
||||
with self.security_group() as sg:
|
||||
res = self._create_security_group(self.fmt, 'webservers',
|
||||
'webservers',
|
||||
@ -512,7 +512,7 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
|
||||
'port_range_min': '22',
|
||||
'port_range_max': '22',
|
||||
'tenant_id': 'bad_tenant',
|
||||
'source_group_id': sg['security_group']['id']}}
|
||||
'remote_group_id': sg['security_group']['id']}}
|
||||
|
||||
res = self._create_security_group_rule(self.fmt, rule,
|
||||
tenant_id='bad_tenant',
|
||||
@ -540,12 +540,12 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
|
||||
self.deserialize(self.fmt, res)
|
||||
self.assertEqual(res.status_int, 404)
|
||||
|
||||
def test_create_security_group_rule_bad_source_group_id(self):
|
||||
def test_create_security_group_rule_bad_remote_group_id(self):
|
||||
name = 'webservers'
|
||||
description = 'my webservers'
|
||||
with self.security_group(name, description) as sg:
|
||||
security_group_id = sg['security_group']['id']
|
||||
source_group_id = "4cd70774-cc67-4a87-9b39-7d1db38eb087"
|
||||
remote_group_id = "4cd70774-cc67-4a87-9b39-7d1db38eb087"
|
||||
direction = "ingress"
|
||||
protocol = 'tcp'
|
||||
port_range_min = 22
|
||||
@ -553,7 +553,7 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
|
||||
rule = self._build_security_group_rule(security_group_id, direction,
|
||||
protocol, port_range_min,
|
||||
port_range_max,
|
||||
source_group_id=source_group_id)
|
||||
remote_group_id=remote_group_id)
|
||||
res = self._create_security_group_rule(self.fmt, rule)
|
||||
self.deserialize(self.fmt, res)
|
||||
self.assertEqual(res.status_int, 404)
|
||||
@ -941,16 +941,16 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
|
||||
def test_create_security_group_rule_with_invalid_ethertype(self):
|
||||
security_group_id = "4cd70774-cc67-4a87-9b39-7d1db38eb087"
|
||||
direction = "ingress"
|
||||
source_ip_prefix = "10.0.0.0/24"
|
||||
remote_ip_prefix = "10.0.0.0/24"
|
||||
protocol = 'tcp'
|
||||
port_range_min = 22
|
||||
port_range_max = 22
|
||||
source_group_id = "9cd70774-cc67-4a87-9b39-7d1db38eb087"
|
||||
remote_group_id = "9cd70774-cc67-4a87-9b39-7d1db38eb087"
|
||||
rule = self._build_security_group_rule(security_group_id, direction,
|
||||
protocol, port_range_min,
|
||||
port_range_max,
|
||||
source_ip_prefix,
|
||||
source_group_id,
|
||||
remote_ip_prefix,
|
||||
remote_group_id,
|
||||
ethertype='IPv5')
|
||||
res = self._create_security_group_rule(self.fmt, rule)
|
||||
self.deserialize(self.fmt, res)
|
||||
@ -959,16 +959,16 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
|
||||
def test_create_security_group_rule_with_invalid_protocol(self):
|
||||
security_group_id = "4cd70774-cc67-4a87-9b39-7d1db38eb087"
|
||||
direction = "ingress"
|
||||
source_ip_prefix = "10.0.0.0/24"
|
||||
remote_ip_prefix = "10.0.0.0/24"
|
||||
protocol = 'tcp/ip'
|
||||
port_range_min = 22
|
||||
port_range_max = 22
|
||||
source_group_id = "9cd70774-cc67-4a87-9b39-7d1db38eb087"
|
||||
remote_group_id = "9cd70774-cc67-4a87-9b39-7d1db38eb087"
|
||||
rule = self._build_security_group_rule(security_group_id, direction,
|
||||
protocol, port_range_min,
|
||||
port_range_max,
|
||||
source_ip_prefix,
|
||||
source_group_id)
|
||||
remote_ip_prefix,
|
||||
remote_group_id)
|
||||
res = self._create_security_group_rule(self.fmt, rule)
|
||||
self.deserialize(self.fmt, res)
|
||||
self.assertEqual(res.status_int, 400)
|
||||
|
@ -161,7 +161,7 @@ class SGServerRpcCallBackMixinTestCase(test_sg.SecurityGroupDBTestCase):
|
||||
rule1 = self._build_security_group_rule(
|
||||
sg1_id,
|
||||
'ingress', 'tcp', '24',
|
||||
'25', source_group_id=sg2['security_group']['id'])
|
||||
'25', remote_group_id=sg2['security_group']['id'])
|
||||
rules = {
|
||||
'security_group_rules': [rule1['security_group_rule']]}
|
||||
res = self._create_security_group_rule(self.fmt, rules)
|
||||
@ -190,7 +190,7 @@ class SGServerRpcCallBackMixinTestCase(test_sg.SecurityGroupDBTestCase):
|
||||
'source_ip_prefix': u'10.0.0.3/32',
|
||||
'protocol': u'tcp', 'ethertype': u'IPv4',
|
||||
'port_range_max': 25, 'port_range_min': 24,
|
||||
'source_group_id': sg2_id,
|
||||
'remote_group_id': sg2_id,
|
||||
'security_group_id': sg1_id},
|
||||
{'ethertype': 'IPv4', 'direction': 'egress'},
|
||||
]
|
||||
@ -324,7 +324,7 @@ class SGServerRpcCallBackMixinTestCase(test_sg.SecurityGroupDBTestCase):
|
||||
'ingress', 'tcp', '24',
|
||||
'25',
|
||||
ethertype='IPv6',
|
||||
source_group_id=sg2['security_group']['id'])
|
||||
remote_group_id=sg2['security_group']['id'])
|
||||
rules = {
|
||||
'security_group_rules': [rule1['security_group_rule']]}
|
||||
res = self._create_security_group_rule(self.fmt, rules)
|
||||
@ -356,7 +356,7 @@ class SGServerRpcCallBackMixinTestCase(test_sg.SecurityGroupDBTestCase):
|
||||
'source_ip_prefix': 'fe80::3/128',
|
||||
'protocol': 'tcp', 'ethertype': 'IPv6',
|
||||
'port_range_max': 25, 'port_range_min': 24,
|
||||
'source_group_id': sg2_id,
|
||||
'remote_group_id': sg2_id,
|
||||
'security_group_id': sg1_id},
|
||||
{'ethertype': 'IPv6', 'direction': 'egress'},
|
||||
]
|
||||
@ -414,7 +414,7 @@ class SecurityGroupAgentRpcTestCase(testtools.TestCase):
|
||||
'security_group_source_groups': ['fake_sgid2'],
|
||||
'security_group_rules': [{'security_group_id':
|
||||
'fake_sgid1',
|
||||
'source_group_id':
|
||||
'remote_group_id':
|
||||
'fake_sgid2'}]}
|
||||
fake_devices = {'fake_device': self.fake_device}
|
||||
self.firewall.ports = fake_devices
|
||||
@ -1126,14 +1126,14 @@ class SGNotificationTestMixin():
|
||||
with self.security_group(name, description) as sg2:
|
||||
security_group_id = sg['security_group']['id']
|
||||
direction = "ingress"
|
||||
source_group_id = sg2['security_group']['id']
|
||||
remote_group_id = sg2['security_group']['id']
|
||||
protocol = 'tcp'
|
||||
port_range_min = 88
|
||||
port_range_max = 88
|
||||
with self.security_group_rule(security_group_id, direction,
|
||||
protocol, port_range_min,
|
||||
port_range_max,
|
||||
source_group_id=source_group_id
|
||||
remote_group_id=remote_group_id
|
||||
):
|
||||
pass
|
||||
self.notifier.assert_has_calls(
|
||||
|
Loading…
Reference in New Issue
Block a user