From 9e9f0190bbe4318116c0f245a0b2f1af6ba4caaa Mon Sep 17 00:00:00 2001 From: Aaron Rosen Date: Mon, 4 Mar 2013 11:04:41 -0800 Subject: [PATCH] Rename source_(group_id/ip_prefix) to remote_(group_id/ip_prefix) Fixes bug 1144426 Change-Id: I8b62044b6e679d923fffef69a49f4fd55751f116 --- quantum/agent/firewall.py | 14 +-- .../versions/3cb5d900c5de_security_groups.py | 6 +- quantum/db/securitygroups_db.py | 32 +++---- quantum/db/securitygroups_rpc_base.py | 49 ++++++----- quantum/extensions/securitygroup.py | 12 +-- quantum/plugins/midonet/midonet_lib.py | 12 +-- .../common/securitygroups.py | 24 ++--- .../tests/unit/midonet/test_midonet_lib.py | 2 +- .../unit/test_extension_security_group.py | 88 +++++++++---------- .../tests/unit/test_security_groups_rpc.py | 14 +-- 10 files changed, 126 insertions(+), 127 deletions(-) diff --git a/quantum/agent/firewall.py b/quantum/agent/firewall.py index 71c2610fbf..029dd35b3d 100644 --- a/quantum/agent/firewall.py +++ b/quantum/agent/firewall.py @@ -37,17 +37,19 @@ class FirewallDriver(object): the rule may contain security_group_id, protocol, port_min, port_max source_ip_prefix, source_port_min, - source_port_max, dest_ip_prefix, + source_port_max, dest_ip_prefix, and + remote_group_id Note: source_group_ip in REST API should be converted by this rule if direction is ingress: - source_group_ip will be a soruce_prefix_ip + remote_group_ip will be a source_ip_prefix if direction is egress: - source_group_ip will be a dest_prefix_ip - Note: source_group_id in REST API should be converted by this rule + remote_group_ip will be a dest_ip_prefix + Note: remote_group_id in REST API should be converted by this rule if direction is ingress: - source_group_id will be a list of soruce_prefix_ip + remote_group_id will be a list of source_ip_prefix if direction is egress: - source_group_id will be a list of dest_prefix_ip + remote_group_id will be a list of dest_ip_prefix + remote_group_id will also remaining membership update management """ __metaclass__ = abc.ABCMeta diff --git a/quantum/db/migration/alembic_migrations/versions/3cb5d900c5de_security_groups.py b/quantum/db/migration/alembic_migrations/versions/3cb5d900c5de_security_groups.py index 95970c6f75..21aea463e2 100644 --- a/quantum/db/migration/alembic_migrations/versions/3cb5d900c5de_security_groups.py +++ b/quantum/db/migration/alembic_migrations/versions/3cb5d900c5de_security_groups.py @@ -61,7 +61,7 @@ def upgrade(active_plugin=None, options=None): sa.Column('tenant_id', sa.String(length=255), nullable=True), sa.Column('id', sa.String(length=36), nullable=False), sa.Column('security_group_id', sa.String(length=36), nullable=False), - sa.Column('source_group_id', sa.String(length=36), nullable=True), + sa.Column('remote_group_id', sa.String(length=36), nullable=True), sa.Column('direction', sa.Enum('ingress', 'egress', name='securitygrouprules_direction'), @@ -70,10 +70,10 @@ def upgrade(active_plugin=None, options=None): sa.Column('protocol', sa.String(length=40), nullable=True), sa.Column('port_range_min', sa.Integer(), nullable=True), sa.Column('port_range_max', sa.Integer(), nullable=True), - sa.Column('source_ip_prefix', sa.String(length=255), nullable=True), + sa.Column('remote_ip_prefix', sa.String(length=255), nullable=True), sa.ForeignKeyConstraint(['security_group_id'], ['securitygroups.id'], ondelete='CASCADE'), - sa.ForeignKeyConstraint(['source_group_id'], ['securitygroups.id'], + sa.ForeignKeyConstraint(['remote_group_id'], ['securitygroups.id'], ondelete='CASCADE'), sa.PrimaryKeyConstraint('id') ) diff --git a/quantum/db/securitygroups_db.py b/quantum/db/securitygroups_db.py index 604cde3c95..4c66a49774 100644 --- a/quantum/db/securitygroups_db.py +++ b/quantum/db/securitygroups_db.py @@ -53,7 +53,7 @@ class SecurityGroupRule(model_base.BASEV2, models_v2.HasId, ondelete="CASCADE"), nullable=False) - source_group_id = sa.Column(sa.String(36), + remote_group_id = sa.Column(sa.String(36), sa.ForeignKey("securitygroups.id", ondelete="CASCADE"), nullable=True) @@ -64,7 +64,7 @@ class SecurityGroupRule(model_base.BASEV2, models_v2.HasId, protocol = sa.Column(sa.String(40)) port_range_min = sa.Column(sa.Integer) port_range_max = sa.Column(sa.Integer) - source_ip_prefix = sa.Column(sa.String(255)) + remote_ip_prefix = sa.Column(sa.String(255)) security_group = orm.relationship( SecurityGroup, backref=orm.backref('rules', cascade='all,delete'), @@ -72,7 +72,7 @@ class SecurityGroupRule(model_base.BASEV2, models_v2.HasId, source_group = orm.relationship( SecurityGroup, backref=orm.backref('source_rules', cascade='all,delete'), - primaryjoin="SecurityGroup.id==SecurityGroupRule.source_group_id") + primaryjoin="SecurityGroup.id==SecurityGroupRule.remote_group_id") class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase): @@ -234,12 +234,12 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase): id=uuidutils.generate_uuid(), tenant_id=tenant_id, security_group_id=rule['security_group_id'], direction=rule['direction'], - source_group_id=rule.get('source_group_id'), + remote_group_id=rule.get('remote_group_id'), ethertype=rule['ethertype'], protocol=rule['protocol'], port_range_min=rule['port_range_min'], port_range_max=rule['port_range_max'], - source_ip_prefix=rule.get('source_ip_prefix')) + remote_ip_prefix=rule.get('remote_ip_prefix')) context.session.add(db) ret.append(self._make_security_group_rule_dict(db)) return ret @@ -251,7 +251,7 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase): def _validate_security_group_rules(self, context, security_group_rule): """Check that rules being installed all belong to the same security - group, source_group_id/security_group_id belong to the same tenant, + group, remote_group_id/security_group_id belong to the same tenant, and rules are valid. """ new_rules = set() @@ -271,15 +271,15 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase): else: raise ext_sg.SecurityGroupInvalidPortRange() - if rule['source_ip_prefix'] and rule['source_group_id']: - raise ext_sg.SecurityGroupSourceGroupAndIpPrefix() + if rule['remote_ip_prefix'] and rule['remote_group_id']: + raise ext_sg.SecurityGroupRemoteGroupAndRemoteIpPrefix() if rule['tenant_id'] not in tenant_ids: tenant_ids.add(rule['tenant_id']) - source_group_id = rule.get('source_group_id') - # Check that source_group_id exists for tenant - if source_group_id: - self.get_security_group(context, source_group_id, + remote_group_id = rule.get('remote_group_id') + # Check that remote_group_id exists for tenant + if remote_group_id: + self.get_security_group(context, remote_group_id, tenant_id=rule['tenant_id']) if len(new_rules) > 1: raise ext_sg.SecurityGroupNotSingleGroupRules() @@ -303,8 +303,8 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase): 'protocol': security_group_rule['protocol'], 'port_range_min': security_group_rule['port_range_min'], 'port_range_max': security_group_rule['port_range_max'], - 'source_ip_prefix': security_group_rule['source_ip_prefix'], - 'source_group_id': security_group_rule['source_group_id']} + 'remote_ip_prefix': security_group_rule['remote_ip_prefix'], + 'remote_group_id': security_group_rule['remote_group_id']} return self._fields(res, fields) @@ -315,8 +315,8 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase): 'direction': [sgr['direction']]} include_if_present = ['protocol', 'port_range_max', 'port_range_min', - 'ethertype', 'source_ip_prefix', - 'source_group_id'] + 'ethertype', 'remote_ip_prefix', + 'remote_group_id'] for key in include_if_present: value = sgr.get(key) if value: diff --git a/quantum/db/securitygroups_rpc_base.py b/quantum/db/securitygroups_rpc_base.py index 8d00a736c9..e41a24983a 100644 --- a/quantum/db/securitygroups_rpc_base.py +++ b/quantum/db/securitygroups_rpc_base.py @@ -111,8 +111,8 @@ class SecurityGroupServerRpcCallbackMixin(object): def security_group_rules_for_devices(self, context, **kwargs): """ return security group rules for each port - also convert source_group_id rule - to source_ip_prefix rule + also convert remote_group_id rule + to source_ip_prefix and dest_ip_prefix rule :params devices: list of devices :returns: port correspond to the devices with security group rules @@ -144,12 +144,12 @@ class SecurityGroupServerRpcCallbackMixin(object): query = query.filter(sg_binding_port.in_(ports.keys())) return query.all() - def _select_ips_for_source_group(self, context, source_group_ids): + def _select_ips_for_remote_group(self, context, remote_group_ids): ips_by_group = {} - if not source_group_ids: + if not remote_group_ids: return ips_by_group - for source_group_id in source_group_ids: - ips_by_group[source_group_id] = [] + for remote_group_id in remote_group_ids: + ips_by_group[remote_group_id] = [] ip_port = models_v2.IPAllocation.port_id sg_binding_port = sg_db.SecurityGroupPortBinding.port_id @@ -159,20 +159,20 @@ class SecurityGroupServerRpcCallbackMixin(object): models_v2.IPAllocation.ip_address) query = query.join(models_v2.IPAllocation, ip_port == sg_binding_port) - query = query.filter(sg_binding_sgid.in_(source_group_ids)) + query = query.filter(sg_binding_sgid.in_(remote_group_ids)) ip_in_db = query.all() for security_group_id, ip_address in ip_in_db: ips_by_group[security_group_id].append(ip_address) return ips_by_group - def _select_source_group_ids(self, ports): - source_group_ids = [] + def _select_remote_group_ids(self, ports): + remote_group_ids = [] for port in ports.values(): for rule in port.get('security_group_rules'): - source_group_id = rule.get('source_group_id') - if source_group_id: - source_group_ids.append(source_group_id) - return source_group_ids + remote_group_id = rule.get('remote_group_id') + if remote_group_id: + remote_group_ids.append(remote_group_id) + return remote_group_ids def _select_network_ids(self, ports): return set((port['network_id'] for port in ports.values())) @@ -195,22 +195,22 @@ class SecurityGroupServerRpcCallbackMixin(object): ips[port['network_id']].append(ip) return ips - def _convert_source_group_id_to_ip_prefix(self, context, ports): - source_group_ids = self._select_source_group_ids(ports) - ips = self._select_ips_for_source_group(context, source_group_ids) + def _convert_remote_group_id_to_ip_prefix(self, context, ports): + remote_group_ids = self._select_remote_group_ids(ports) + ips = self._select_ips_for_remote_group(context, remote_group_ids) for port in ports.values(): updated_rule = [] for rule in port.get('security_group_rules'): - source_group_id = rule.get('source_group_id') + remote_group_id = rule.get('remote_group_id') direction = rule.get('direction') direction_ip_prefix = DIRECTION_IP_PREFIX[direction] - if not source_group_id: + if not remote_group_id: updated_rule.append(rule) continue - port['security_group_source_groups'].append(source_group_id) + port['security_group_source_groups'].append(remote_group_id) base_rule = rule - for ip in ips[source_group_id]: + for ip in ips[remote_group_id]: if ip in port.get('fixed_ips', []): continue ip_rule = base_rule.copy() @@ -290,12 +290,13 @@ class SecurityGroupServerRpcCallbackMixin(object): 'ethertype': rule_in_db['ethertype'], } for key in ('protocol', 'port_range_min', 'port_range_max', - 'source_ip_prefix', 'source_group_id'): + 'remote_ip_prefix', 'remote_group_id'): if rule_in_db.get(key): - if key == 'source_ip_prefix' and direction == 'egress': - rule_dict['dest_ip_prefix'] = rule_in_db[key] + if key == 'remote_ip_prefix': + direction_ip_prefix = DIRECTION_IP_PREFIX[direction] + rule_dict[direction_ip_prefix] = rule_in_db[key] continue rule_dict[key] = rule_in_db[key] port['security_group_rules'].append(rule_dict) self._apply_provider_rule(context, ports) - return self._convert_source_group_id_to_ip_prefix(context, ports) + return self._convert_remote_group_id_to_ip_prefix(context, ports) diff --git a/quantum/extensions/securitygroup.py b/quantum/extensions/securitygroup.py index db4a238b1f..108f5d9e7f 100644 --- a/quantum/extensions/securitygroup.py +++ b/quantum/extensions/securitygroup.py @@ -61,8 +61,8 @@ class SecurityGroupRulesNotSingleTenant(qexception.InvalidInput): " not allowed") -class SecurityGroupSourceGroupAndIpPrefix(qexception.InvalidInput): - message = _("Only source_ip_prefix or source_group_id may " +class SecurityGroupRemoteGroupAndRemoteIpPrefix(qexception.InvalidInput): + message = _("Only remote_ip_prefix or remote_group_id may " "be provided.") @@ -75,10 +75,6 @@ class SecurityGroupNotSingleGroupRules(qexception.InvalidInput): "one security profile at a time") -class SecurityGroupSourceGroupNotFound(qexception.NotFound): - message = _("Source group id %(id)s does not exist") - - class SecurityGroupNotFound(qexception.NotFound): message = _("Security group %(id)s does not exist") @@ -171,7 +167,7 @@ RESOURCE_ATTRIBUTE_MAP = { 'primary_key': True}, 'security_group_id': {'allow_post': True, 'allow_put': False, 'is_visible': True, 'required_by_policy': True}, - 'source_group_id': {'allow_post': True, 'allow_put': False, + 'remote_group_id': {'allow_post': True, 'allow_put': False, 'default': None, 'is_visible': True}, 'direction': {'allow_post': True, 'allow_put': True, 'is_visible': True, @@ -190,7 +186,7 @@ RESOURCE_ATTRIBUTE_MAP = { 'is_visible': True, 'default': 'IPv4', 'convert_to': convert_ethertype_to_case_insensitive, 'validate': {'type:values': sg_supported_ethertypes}}, - 'source_ip_prefix': {'allow_post': True, 'allow_put': False, + 'remote_ip_prefix': {'allow_post': True, 'allow_put': False, 'default': None, 'is_visible': True}, 'tenant_id': {'allow_post': True, 'allow_put': False, 'required_by_policy': True, diff --git a/quantum/plugins/midonet/midonet_lib.py b/quantum/plugins/midonet/midonet_lib.py index 4f227ac3ba..6d7adb11c2 100644 --- a/quantum/plugins/midonet/midonet_lib.py +++ b/quantum/plugins/midonet/midonet_lib.py @@ -220,8 +220,8 @@ class RuleManager: rule_id = rule['id'] ethertype = rule['ethertype'] security_group_id = rule['security_group_id'] - source_group_id = rule['source_group_id'] - source_ip_prefix = rule['source_ip_prefix'] # watch out. not validated + remote_group_id = rule['remote_group_id'] + remote_ip_prefix = rule['remote_ip_prefix'] # watch out. not validated tenant_id = rule['tenant_id'] port_range_min = rule['port_range_min'] external_id = rule['external_id'] @@ -234,10 +234,10 @@ class RuleManager: port_group_id = None # handle source - if not source_ip_prefix is None: - nw_src_address, nw_src_length = source_ip_prefix.split('/') - elif not source_group_id is None: # security group as a srouce - source_pg = self.pg_manager.get_for_sg(tenant_id, source_group_id) + if not remote_ip_prefix is None: + nw_src_address, nw_src_length = remote_ip_prefix.split('/') + elif not remote_group_id is None: # security group as a srouce + source_pg = self.pg_manager.get_for_sg(tenant_id, remote_group_id) port_group_id = source_pg.get_id() else: raise Exception(_("Don't know what to do with rule=%r"), rule) diff --git a/quantum/plugins/nicira/nicira_nvp_plugin/common/securitygroups.py b/quantum/plugins/nicira/nicira_nvp_plugin/common/securitygroups.py index e28a0ccb93..fd5d65abd0 100644 --- a/quantum/plugins/nicira/nicira_nvp_plugin/common/securitygroups.py +++ b/quantum/plugins/nicira/nicira_nvp_plugin/common/securitygroups.py @@ -28,8 +28,8 @@ class NVPSecurityGroups(object): def _convert_to_nvp_rule(self, rule, with_id=False): """Converts Quantum API security group rule to NVP API.""" nvp_rule = {} - params = ['source_ip_prefix', 'protocol', - 'source_group_id', 'port_range_min', + params = ['remote_ip_prefix', 'protocol', + 'remote_group_id', 'port_range_min', 'port_range_max', 'ethertype'] if with_id: params.append('id') @@ -40,10 +40,10 @@ class NVPSecurityGroups(object): nvp_rule[param] = value elif not value: pass - elif param == 'source_ip_prefix': - nvp_rule['ip_prefix'] = rule['source_ip_prefix'] - elif param == 'source_group_id': - nvp_rule['profile_uuid'] = rule['source_group_id'] + elif param == 'remote_ip_prefix': + nvp_rule['ip_prefix'] = rule['remote_ip_prefix'] + elif param == 'remote_group_id': + nvp_rule['profile_uuid'] = rule['remote_group_id'] elif param == 'protocol': nvp_rule['protocol'] = protocol_num_look_up[rule['protocol']] else: @@ -65,7 +65,7 @@ class NVPSecurityGroups(object): with_id=False): """Query quantum db for security group rules. """ - fields = ['source_ip_prefix', 'source_group_id', 'protocol', + fields = ['remote_ip_prefix', 'remote_group_id', 'protocol', 'port_range_min', 'port_range_max', 'protocol', 'ethertype'] if with_id: fields.append('id') @@ -80,11 +80,11 @@ class NVPSecurityGroups(object): 'logical_port_egress_rules': ingress_rules} return self._convert_to_nvp_rules(rules, with_id) - def _get_profile_uuid(self, context, source_group_id): + def _get_profile_uuid(self, context, remote_group_id): """Return profile id from novas group id. """ - security_group = self.get_security_group(context, source_group_id) + security_group = self.get_security_group(context, remote_group_id) if not security_group: - raise ext_sg.SecurityGroupNotFound(id=source_group_id) + raise ext_sg.SecurityGroupNotFound(id=remote_group_id) return security_group['id'] def _merge_security_group_rules_with_current(self, context, new_rules, @@ -95,8 +95,8 @@ class NVPSecurityGroups(object): rule = new_rule['security_group_rule'] rule['security_group_id'] = security_group_id if rule.get('souce_group_id'): - rule['source_group_id'] = self._get_profile_uuid( - context, rule['source_group_id']) + rule['remote_group_id'] = self._get_profile_uuid( + context, rule['remote_group_id']) if rule['direction'] == 'ingress': merged_rules['logical_port_egress_rules'].append( self._convert_to_nvp_rule(rule)) diff --git a/quantum/tests/unit/midonet/test_midonet_lib.py b/quantum/tests/unit/midonet/test_midonet_lib.py index 6774a16365..2eabdfef9a 100644 --- a/quantum/tests/unit/midonet/test_midonet_lib.py +++ b/quantum/tests/unit/midonet/test_midonet_lib.py @@ -194,7 +194,7 @@ class MidonetRuleManagerTestCase(MidonetLibTestCase): return {"tenant_id": tenant_id, "security_group_id": sg_id, "rule_id": rule_id, "direction": direction, "protocol": protocol, - "source_ip_prefix": src_ip, "source_group_id": src_group_id, + "remote_ip_prefix": src_ip, "remote_group_id": src_group_id, "port_range_min": port_min, "port_range_max": port_max, "ethertype": ethertype, "id": rule_id, "external_id": None} diff --git a/quantum/tests/unit/test_extension_security_group.py b/quantum/tests/unit/test_extension_security_group.py index fa126439c9..547c063c8c 100644 --- a/quantum/tests/unit/test_extension_security_group.py +++ b/quantum/tests/unit/test_extension_security_group.py @@ -68,7 +68,7 @@ class SecurityGroupsTestCase(test_db_plugin.QuantumDbPluginV2TestCase): def _build_security_group_rule(self, security_group_id, direction, protocol, port_range_min, port_range_max, - source_ip_prefix=None, source_group_id=None, + remote_ip_prefix=None, remote_group_id=None, tenant_id='test_tenant', ethertype='IPv4'): @@ -80,11 +80,11 @@ class SecurityGroupsTestCase(test_db_plugin.QuantumDbPluginV2TestCase): 'port_range_max': port_range_max, 'tenant_id': tenant_id, 'ethertype': ethertype}} - if source_ip_prefix: - data['security_group_rule']['source_ip_prefix'] = source_ip_prefix + if remote_ip_prefix: + data['security_group_rule']['remote_ip_prefix'] = remote_ip_prefix - if source_group_id: - data['security_group_rule']['source_group_id'] = source_group_id + if remote_group_id: + data['security_group_rule']['remote_group_id'] = remote_group_id return data @@ -129,7 +129,7 @@ class SecurityGroupsTestCase(test_db_plugin.QuantumDbPluginV2TestCase): 'd1db38eb087', direction='ingress', protocol='tcp', port_range_min='22', port_range_max='22', - source_ip_prefix=None, source_group_id=None, + remote_ip_prefix=None, remote_group_id=None, fmt=None, no_delete=False, ethertype='IPv4'): if not fmt: fmt = self.fmt @@ -137,8 +137,8 @@ class SecurityGroupsTestCase(test_db_plugin.QuantumDbPluginV2TestCase): direction, protocol, port_range_min, port_range_max, - source_ip_prefix, - source_group_id, + remote_ip_prefix, + remote_group_id, ethertype=ethertype) security_group_rule = self._make_security_group_rule(self.fmt, rule) try: @@ -327,7 +327,7 @@ class TestSecurityGroups(SecurityGroupDBTestCase): with self.security_group(name, description) as sg: security_group_id = sg['security_group']['id'] direction = "ingress" - source_ip_prefix = "10.0.0.0/24" + remote_ip_prefix = "10.0.0.0/24" protocol = 'TCP' port_range_min = 22 port_range_max = 22 @@ -335,7 +335,7 @@ class TestSecurityGroups(SecurityGroupDBTestCase): with self.security_group_rule(security_group_id, direction, protocol, port_range_min, port_range_max, - source_ip_prefix, + remote_ip_prefix, ethertype=ethertype) as rule: # the lower case value will be return @@ -348,15 +348,15 @@ class TestSecurityGroups(SecurityGroupDBTestCase): name = 'webservers' description = 'my webservers' with self.security_group(name, description) as sg: - source_group_id = sg['security_group']['id'] - res = self.new_show_request('security-groups', source_group_id) + remote_group_id = sg['security_group']['id'] + res = self.new_show_request('security-groups', remote_group_id) security_group_id = sg['security_group']['id'] direction = "ingress" - source_ip_prefix = "10.0.0.0/24" + remote_ip_prefix = "10.0.0.0/24" protocol = 'tcp' port_range_min = 22 port_range_max = 22 - keys = [('source_ip_prefix', source_ip_prefix), + keys = [('remote_ip_prefix', remote_ip_prefix), ('security_group_id', security_group_id), ('direction', direction), ('protocol', protocol), @@ -365,13 +365,13 @@ class TestSecurityGroups(SecurityGroupDBTestCase): with self.security_group_rule(security_group_id, direction, protocol, port_range_min, port_range_max, - source_ip_prefix): + remote_ip_prefix): group = self.deserialize( self.fmt, res.get_response(self.ext_api)) sg_rule = group['security_group']['security_group_rules'] self.assertEqual(group['security_group']['id'], - source_group_id) + remote_group_id) self.assertEqual(len(sg_rule), 1) for k, v, in keys: self.assertEqual(sg_rule[0][k], v) @@ -380,8 +380,8 @@ class TestSecurityGroups(SecurityGroupDBTestCase): name = 'webservers' description = 'my webservers' with self.security_group(name, description, no_delete=True) as sg: - source_group_id = sg['security_group']['id'] - self._delete('security-groups', source_group_id, 204) + remote_group_id = sg['security_group']['id'] + self._delete('security-groups', remote_group_id, 204) def test_delete_default_security_group_fail(self): with self.network(): @@ -405,17 +405,17 @@ class TestSecurityGroups(SecurityGroupDBTestCase): self.assertEqual(rule['port_range_min'], None) self.assertEqual(rule['protocol'], None) - def test_create_security_group_rule_source_ip_prefix(self): + def test_create_security_group_rule_remote_ip_prefix(self): name = 'webservers' description = 'my webservers' with self.security_group(name, description) as sg: security_group_id = sg['security_group']['id'] direction = "ingress" - source_ip_prefix = "10.0.0.0/24" + remote_ip_prefix = "10.0.0.0/24" protocol = 'tcp' port_range_min = 22 port_range_max = 22 - keys = [('source_ip_prefix', source_ip_prefix), + keys = [('remote_ip_prefix', remote_ip_prefix), ('security_group_id', security_group_id), ('direction', direction), ('protocol', protocol), @@ -424,7 +424,7 @@ class TestSecurityGroups(SecurityGroupDBTestCase): with self.security_group_rule(security_group_id, direction, protocol, port_range_min, port_range_max, - source_ip_prefix) as rule: + remote_ip_prefix) as rule: for k, v, in keys: self.assertEqual(rule['security_group_rule'][k], v) @@ -435,11 +435,11 @@ class TestSecurityGroups(SecurityGroupDBTestCase): with self.security_group(name, description) as sg2: security_group_id = sg['security_group']['id'] direction = "ingress" - source_group_id = sg2['security_group']['id'] + remote_group_id = sg2['security_group']['id'] protocol = 'tcp' port_range_min = 22 port_range_max = 22 - keys = [('source_group_id', source_group_id), + keys = [('remote_group_id', remote_group_id), ('security_group_id', security_group_id), ('direction', direction), ('protocol', protocol), @@ -448,7 +448,7 @@ class TestSecurityGroups(SecurityGroupDBTestCase): with self.security_group_rule(security_group_id, direction, protocol, port_range_min, port_range_max, - source_group_id=source_group_id + remote_group_id=remote_group_id ) as rule: for k, v, in keys: self.assertEqual(rule['security_group_rule'][k], v) @@ -456,16 +456,16 @@ class TestSecurityGroups(SecurityGroupDBTestCase): def test_create_security_group_source_group_ip_and_ip_prefix(self): security_group_id = "4cd70774-cc67-4a87-9b39-7d1db38eb087" direction = "ingress" - source_ip_prefix = "10.0.0.0/24" + remote_ip_prefix = "10.0.0.0/24" protocol = 'tcp' port_range_min = 22 port_range_max = 22 - source_group_id = "9cd70774-cc67-4a87-9b39-7d1db38eb087" + remote_group_id = "9cd70774-cc67-4a87-9b39-7d1db38eb087" rule = self._build_security_group_rule(security_group_id, direction, protocol, port_range_min, port_range_max, - source_ip_prefix, - source_group_id) + remote_ip_prefix, + remote_group_id) res = self._create_security_group_rule(self.fmt, rule) self.deserialize(self.fmt, res) self.assertEqual(res.status_int, 400) @@ -473,14 +473,14 @@ class TestSecurityGroups(SecurityGroupDBTestCase): def test_create_security_group_rule_bad_security_group_id(self): security_group_id = "4cd70774-cc67-4a87-9b39-7d1db38eb087" direction = "ingress" - source_ip_prefix = "10.0.0.0/24" + remote_ip_prefix = "10.0.0.0/24" protocol = 'tcp' port_range_min = 22 port_range_max = 22 rule = self._build_security_group_rule(security_group_id, direction, protocol, port_range_min, port_range_max, - source_ip_prefix) + remote_ip_prefix) res = self._create_security_group_rule(self.fmt, rule) self.deserialize(self.fmt, res) self.assertEqual(res.status_int, 404) @@ -499,7 +499,7 @@ class TestSecurityGroups(SecurityGroupDBTestCase): self.deserialize(self.fmt, res) self.assertEqual(res.status_int, 404) - def test_create_security_group_rule_bad_tenant_source_group_id(self): + def test_create_security_group_rule_bad_tenant_remote_group_id(self): with self.security_group() as sg: res = self._create_security_group(self.fmt, 'webservers', 'webservers', @@ -512,7 +512,7 @@ class TestSecurityGroups(SecurityGroupDBTestCase): 'port_range_min': '22', 'port_range_max': '22', 'tenant_id': 'bad_tenant', - 'source_group_id': sg['security_group']['id']}} + 'remote_group_id': sg['security_group']['id']}} res = self._create_security_group_rule(self.fmt, rule, tenant_id='bad_tenant', @@ -540,12 +540,12 @@ class TestSecurityGroups(SecurityGroupDBTestCase): self.deserialize(self.fmt, res) self.assertEqual(res.status_int, 404) - def test_create_security_group_rule_bad_source_group_id(self): + def test_create_security_group_rule_bad_remote_group_id(self): name = 'webservers' description = 'my webservers' with self.security_group(name, description) as sg: security_group_id = sg['security_group']['id'] - source_group_id = "4cd70774-cc67-4a87-9b39-7d1db38eb087" + remote_group_id = "4cd70774-cc67-4a87-9b39-7d1db38eb087" direction = "ingress" protocol = 'tcp' port_range_min = 22 @@ -553,7 +553,7 @@ class TestSecurityGroups(SecurityGroupDBTestCase): rule = self._build_security_group_rule(security_group_id, direction, protocol, port_range_min, port_range_max, - source_group_id=source_group_id) + remote_group_id=remote_group_id) res = self._create_security_group_rule(self.fmt, rule) self.deserialize(self.fmt, res) self.assertEqual(res.status_int, 404) @@ -941,16 +941,16 @@ class TestSecurityGroups(SecurityGroupDBTestCase): def test_create_security_group_rule_with_invalid_ethertype(self): security_group_id = "4cd70774-cc67-4a87-9b39-7d1db38eb087" direction = "ingress" - source_ip_prefix = "10.0.0.0/24" + remote_ip_prefix = "10.0.0.0/24" protocol = 'tcp' port_range_min = 22 port_range_max = 22 - source_group_id = "9cd70774-cc67-4a87-9b39-7d1db38eb087" + remote_group_id = "9cd70774-cc67-4a87-9b39-7d1db38eb087" rule = self._build_security_group_rule(security_group_id, direction, protocol, port_range_min, port_range_max, - source_ip_prefix, - source_group_id, + remote_ip_prefix, + remote_group_id, ethertype='IPv5') res = self._create_security_group_rule(self.fmt, rule) self.deserialize(self.fmt, res) @@ -959,16 +959,16 @@ class TestSecurityGroups(SecurityGroupDBTestCase): def test_create_security_group_rule_with_invalid_protocol(self): security_group_id = "4cd70774-cc67-4a87-9b39-7d1db38eb087" direction = "ingress" - source_ip_prefix = "10.0.0.0/24" + remote_ip_prefix = "10.0.0.0/24" protocol = 'tcp/ip' port_range_min = 22 port_range_max = 22 - source_group_id = "9cd70774-cc67-4a87-9b39-7d1db38eb087" + remote_group_id = "9cd70774-cc67-4a87-9b39-7d1db38eb087" rule = self._build_security_group_rule(security_group_id, direction, protocol, port_range_min, port_range_max, - source_ip_prefix, - source_group_id) + remote_ip_prefix, + remote_group_id) res = self._create_security_group_rule(self.fmt, rule) self.deserialize(self.fmt, res) self.assertEqual(res.status_int, 400) diff --git a/quantum/tests/unit/test_security_groups_rpc.py b/quantum/tests/unit/test_security_groups_rpc.py index 1cb0b22abc..68a8288c87 100644 --- a/quantum/tests/unit/test_security_groups_rpc.py +++ b/quantum/tests/unit/test_security_groups_rpc.py @@ -161,7 +161,7 @@ class SGServerRpcCallBackMixinTestCase(test_sg.SecurityGroupDBTestCase): rule1 = self._build_security_group_rule( sg1_id, 'ingress', 'tcp', '24', - '25', source_group_id=sg2['security_group']['id']) + '25', remote_group_id=sg2['security_group']['id']) rules = { 'security_group_rules': [rule1['security_group_rule']]} res = self._create_security_group_rule(self.fmt, rules) @@ -190,7 +190,7 @@ class SGServerRpcCallBackMixinTestCase(test_sg.SecurityGroupDBTestCase): 'source_ip_prefix': u'10.0.0.3/32', 'protocol': u'tcp', 'ethertype': u'IPv4', 'port_range_max': 25, 'port_range_min': 24, - 'source_group_id': sg2_id, + 'remote_group_id': sg2_id, 'security_group_id': sg1_id}, {'ethertype': 'IPv4', 'direction': 'egress'}, ] @@ -324,7 +324,7 @@ class SGServerRpcCallBackMixinTestCase(test_sg.SecurityGroupDBTestCase): 'ingress', 'tcp', '24', '25', ethertype='IPv6', - source_group_id=sg2['security_group']['id']) + remote_group_id=sg2['security_group']['id']) rules = { 'security_group_rules': [rule1['security_group_rule']]} res = self._create_security_group_rule(self.fmt, rules) @@ -356,7 +356,7 @@ class SGServerRpcCallBackMixinTestCase(test_sg.SecurityGroupDBTestCase): 'source_ip_prefix': 'fe80::3/128', 'protocol': 'tcp', 'ethertype': 'IPv6', 'port_range_max': 25, 'port_range_min': 24, - 'source_group_id': sg2_id, + 'remote_group_id': sg2_id, 'security_group_id': sg1_id}, {'ethertype': 'IPv6', 'direction': 'egress'}, ] @@ -414,7 +414,7 @@ class SecurityGroupAgentRpcTestCase(testtools.TestCase): 'security_group_source_groups': ['fake_sgid2'], 'security_group_rules': [{'security_group_id': 'fake_sgid1', - 'source_group_id': + 'remote_group_id': 'fake_sgid2'}]} fake_devices = {'fake_device': self.fake_device} self.firewall.ports = fake_devices @@ -1126,14 +1126,14 @@ class SGNotificationTestMixin(): with self.security_group(name, description) as sg2: security_group_id = sg['security_group']['id'] direction = "ingress" - source_group_id = sg2['security_group']['id'] + remote_group_id = sg2['security_group']['id'] protocol = 'tcp' port_range_min = 88 port_range_max = 88 with self.security_group_rule(security_group_id, direction, protocol, port_range_min, port_range_max, - source_group_id=source_group_id + remote_group_id=remote_group_id ): pass self.notifier.assert_has_calls(