x/vmware-nsx
Code Issues Proposed changes

Merge "Rename source_(group_id/ip_prefix) to remote_(group_id/ip_prefix)"

Browse Source
This commit is contained in:
Jenkins 2013-03-05 22:04:35 +00:00 committed by Gerrit Code Review
commit 13c64ffbde
10 changed files with 126 additions and 127 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
quantum/agent/firewall.py
View File

@ -37,17 +37,19 @@ class FirewallDriver(object):
the rule may contain security_group_id, the rule may contain security_group_id,
protocol, port_min, port_max protocol, port_min, port_max
source_ip_prefix, source_port_min, source_ip_prefix, source_port_min,
source_port_max, dest_ip_prefix, source_port_max, dest_ip_prefix, and
remote_group_id
Note: source_group_ip in REST API should be converted by this rule Note: source_group_ip in REST API should be converted by this rule
if direction is ingress: if direction is ingress:
source_group_ip will be a soruce_prefix_ip remote_group_ip will be a source_ip_prefix
if direction is egress: if direction is egress:
source_group_ip will be a dest_prefix_ip remote_group_ip will be a dest_ip_prefix
Note: source_group_id in REST API should be converted by this rule Note: remote_group_id in REST API should be converted by this rule
if direction is ingress: if direction is ingress:
source_group_id will be a list of soruce_prefix_ip remote_group_id will be a list of source_ip_prefix
if direction is egress: if direction is egress:
source_group_id will be a list of dest_prefix_ip remote_group_id will be a list of dest_ip_prefix
remote_group_id will also remaining membership update management
""" """
__metaclass__ = abc.ABCMeta __metaclass__ = abc.ABCMeta

6
quantum/db/migration/alembic_migrations/versions/3cb5d900c5de_security_groups.py
View File

@ -61,7 +61,7 @@ def upgrade(active_plugin=None, options=None):
sa.Column('tenant_id', sa.String(length=255), nullable=True), sa.Column('tenant_id', sa.String(length=255), nullable=True),
sa.Column('id', sa.String(length=36), nullable=False), sa.Column('id', sa.String(length=36), nullable=False),
sa.Column('security_group_id', sa.String(length=36), nullable=False), sa.Column('security_group_id', sa.String(length=36), nullable=False),
sa.Column('source_group_id', sa.String(length=36), nullable=True), sa.Column('remote_group_id', sa.String(length=36), nullable=True),
sa.Column('direction', sa.Column('direction',
sa.Enum('ingress', 'egress', sa.Enum('ingress', 'egress',
name='securitygrouprules_direction'), name='securitygrouprules_direction'),
@ -70,10 +70,10 @@ def upgrade(active_plugin=None, options=None):
sa.Column('protocol', sa.String(length=40), nullable=True), sa.Column('protocol', sa.String(length=40), nullable=True),
sa.Column('port_range_min', sa.Integer(), nullable=True), sa.Column('port_range_min', sa.Integer(), nullable=True),
sa.Column('port_range_max', sa.Integer(), nullable=True), sa.Column('port_range_max', sa.Integer(), nullable=True),
sa.Column('source_ip_prefix', sa.String(length=255), nullable=True), sa.Column('remote_ip_prefix', sa.String(length=255), nullable=True),
sa.ForeignKeyConstraint(['security_group_id'], ['securitygroups.id'], sa.ForeignKeyConstraint(['security_group_id'], ['securitygroups.id'],
ondelete='CASCADE'), ondelete='CASCADE'),
sa.ForeignKeyConstraint(['source_group_id'], ['securitygroups.id'], sa.ForeignKeyConstraint(['remote_group_id'], ['securitygroups.id'],
ondelete='CASCADE'), ondelete='CASCADE'),
sa.PrimaryKeyConstraint('id') sa.PrimaryKeyConstraint('id')
) )

32
quantum/db/securitygroups_db.py
View File

@ -53,7 +53,7 @@ class SecurityGroupRule(model_base.BASEV2, models_v2.HasId,
ondelete="CASCADE"), ondelete="CASCADE"),
nullable=False) nullable=False)
source_group_id = sa.Column(sa.String(36), remote_group_id = sa.Column(sa.String(36),
sa.ForeignKey("securitygroups.id", sa.ForeignKey("securitygroups.id",
ondelete="CASCADE"), ondelete="CASCADE"),
nullable=True) nullable=True)
@ -64,7 +64,7 @@ class SecurityGroupRule(model_base.BASEV2, models_v2.HasId,
protocol = sa.Column(sa.String(40)) protocol = sa.Column(sa.String(40))
port_range_min = sa.Column(sa.Integer) port_range_min = sa.Column(sa.Integer)
port_range_max = sa.Column(sa.Integer) port_range_max = sa.Column(sa.Integer)
source_ip_prefix = sa.Column(sa.String(255)) remote_ip_prefix = sa.Column(sa.String(255))
security_group = orm.relationship( security_group = orm.relationship(
SecurityGroup, SecurityGroup,
backref=orm.backref('rules', cascade='all,delete'), backref=orm.backref('rules', cascade='all,delete'),
@ -72,7 +72,7 @@ class SecurityGroupRule(model_base.BASEV2, models_v2.HasId,
source_group = orm.relationship( source_group = orm.relationship(
SecurityGroup, SecurityGroup,
backref=orm.backref('source_rules', cascade='all,delete'), backref=orm.backref('source_rules', cascade='all,delete'),
primaryjoin="SecurityGroup.id==SecurityGroupRule.source_group_id") primaryjoin="SecurityGroup.id==SecurityGroupRule.remote_group_id")
class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase): class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
@ -234,12 +234,12 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
id=uuidutils.generate_uuid(), tenant_id=tenant_id, id=uuidutils.generate_uuid(), tenant_id=tenant_id,
security_group_id=rule['security_group_id'], security_group_id=rule['security_group_id'],
direction=rule['direction'], direction=rule['direction'],
source_group_id=rule.get('source_group_id'), remote_group_id=rule.get('remote_group_id'),
ethertype=rule['ethertype'], ethertype=rule['ethertype'],
protocol=rule['protocol'], protocol=rule['protocol'],
port_range_min=rule['port_range_min'], port_range_min=rule['port_range_min'],
port_range_max=rule['port_range_max'], port_range_max=rule['port_range_max'],
source_ip_prefix=rule.get('source_ip_prefix')) remote_ip_prefix=rule.get('remote_ip_prefix'))
context.session.add(db) context.session.add(db)
ret.append(self._make_security_group_rule_dict(db)) ret.append(self._make_security_group_rule_dict(db))
return ret return ret
@ -251,7 +251,7 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
def _validate_security_group_rules(self, context, security_group_rule): def _validate_security_group_rules(self, context, security_group_rule):
"""Check that rules being installed all belong to the same security """Check that rules being installed all belong to the same security
group, source_group_id/security_group_id belong to the same tenant, group, remote_group_id/security_group_id belong to the same tenant,
and rules are valid. and rules are valid.
""" """
new_rules = set() new_rules = set()
@ -271,15 +271,15 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
else: else:
raise ext_sg.SecurityGroupInvalidPortRange() raise ext_sg.SecurityGroupInvalidPortRange()
if rule['source_ip_prefix'] and rule['source_group_id']: if rule['remote_ip_prefix'] and rule['remote_group_id']:
raise ext_sg.SecurityGroupSourceGroupAndIpPrefix() raise ext_sg.SecurityGroupRemoteGroupAndRemoteIpPrefix()
if rule['tenant_id'] not in tenant_ids: if rule['tenant_id'] not in tenant_ids:
tenant_ids.add(rule['tenant_id']) tenant_ids.add(rule['tenant_id'])
source_group_id = rule.get('source_group_id') remote_group_id = rule.get('remote_group_id')
# Check that source_group_id exists for tenant # Check that remote_group_id exists for tenant
if source_group_id: if remote_group_id:
self.get_security_group(context, source_group_id, self.get_security_group(context, remote_group_id,
tenant_id=rule['tenant_id']) tenant_id=rule['tenant_id'])
if len(new_rules) > 1: if len(new_rules) > 1:
raise ext_sg.SecurityGroupNotSingleGroupRules() raise ext_sg.SecurityGroupNotSingleGroupRules()
@ -303,8 +303,8 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
'protocol': security_group_rule['protocol'], 'protocol': security_group_rule['protocol'],
'port_range_min': security_group_rule['port_range_min'], 'port_range_min': security_group_rule['port_range_min'],
'port_range_max': security_group_rule['port_range_max'], 'port_range_max': security_group_rule['port_range_max'],
'source_ip_prefix': security_group_rule['source_ip_prefix'], 'remote_ip_prefix': security_group_rule['remote_ip_prefix'],
'source_group_id': security_group_rule['source_group_id']} 'remote_group_id': security_group_rule['remote_group_id']}
return self._fields(res, fields) return self._fields(res, fields)
@ -315,8 +315,8 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
'direction': [sgr['direction']]} 'direction': [sgr['direction']]}
include_if_present = ['protocol', 'port_range_max', 'port_range_min', include_if_present = ['protocol', 'port_range_max', 'port_range_min',
'ethertype', 'source_ip_prefix', 'ethertype', 'remote_ip_prefix',
'source_group_id'] 'remote_group_id']
for key in include_if_present: for key in include_if_present:
value = sgr.get(key) value = sgr.get(key)
if value: if value:

49
quantum/db/securitygroups_rpc_base.py
View File

@ -111,8 +111,8 @@ class SecurityGroupServerRpcCallbackMixin(object):
def security_group_rules_for_devices(self, context, **kwargs): def security_group_rules_for_devices(self, context, **kwargs):
""" return security group rules for each port """ return security group rules for each port
also convert source_group_id rule also convert remote_group_id rule
to source_ip_prefix rule to source_ip_prefix and dest_ip_prefix rule
:params devices: list of devices :params devices: list of devices
:returns: port correspond to the devices with security group rules :returns: port correspond to the devices with security group rules
@ -144,12 +144,12 @@ class SecurityGroupServerRpcCallbackMixin(object):
query = query.filter(sg_binding_port.in_(ports.keys())) query = query.filter(sg_binding_port.in_(ports.keys()))
return query.all() return query.all()
def _select_ips_for_source_group(self, context, source_group_ids): def _select_ips_for_remote_group(self, context, remote_group_ids):
ips_by_group = {} ips_by_group = {}
if not source_group_ids: if not remote_group_ids:
return ips_by_group return ips_by_group
for source_group_id in source_group_ids: for remote_group_id in remote_group_ids:
ips_by_group[source_group_id] = [] ips_by_group[remote_group_id] = []
ip_port = models_v2.IPAllocation.port_id ip_port = models_v2.IPAllocation.port_id
sg_binding_port = sg_db.SecurityGroupPortBinding.port_id sg_binding_port = sg_db.SecurityGroupPortBinding.port_id
@ -159,20 +159,20 @@ class SecurityGroupServerRpcCallbackMixin(object):
models_v2.IPAllocation.ip_address) models_v2.IPAllocation.ip_address)
query = query.join(models_v2.IPAllocation, query = query.join(models_v2.IPAllocation,
ip_port == sg_binding_port) ip_port == sg_binding_port)
query = query.filter(sg_binding_sgid.in_(source_group_ids)) query = query.filter(sg_binding_sgid.in_(remote_group_ids))
ip_in_db = query.all() ip_in_db = query.all()
for security_group_id, ip_address in ip_in_db: for security_group_id, ip_address in ip_in_db:
ips_by_group[security_group_id].append(ip_address) ips_by_group[security_group_id].append(ip_address)
return ips_by_group return ips_by_group
def _select_source_group_ids(self, ports): def _select_remote_group_ids(self, ports):
source_group_ids = [] remote_group_ids = []
for port in ports.values(): for port in ports.values():
for rule in port.get('security_group_rules'): for rule in port.get('security_group_rules'):
source_group_id = rule.get('source_group_id') remote_group_id = rule.get('remote_group_id')
if source_group_id: if remote_group_id:
source_group_ids.append(source_group_id) remote_group_ids.append(remote_group_id)
return source_group_ids return remote_group_ids
def _select_network_ids(self, ports): def _select_network_ids(self, ports):
return set((port['network_id'] for port in ports.values())) return set((port['network_id'] for port in ports.values()))
@ -195,22 +195,22 @@ class SecurityGroupServerRpcCallbackMixin(object):
ips[port['network_id']].append(ip) ips[port['network_id']].append(ip)
return ips return ips
def _convert_source_group_id_to_ip_prefix(self, context, ports): def _convert_remote_group_id_to_ip_prefix(self, context, ports):
source_group_ids = self._select_source_group_ids(ports) remote_group_ids = self._select_remote_group_ids(ports)
ips = self._select_ips_for_source_group(context, source_group_ids) ips = self._select_ips_for_remote_group(context, remote_group_ids)
for port in ports.values(): for port in ports.values():
updated_rule = [] updated_rule = []
for rule in port.get('security_group_rules'): for rule in port.get('security_group_rules'):
source_group_id = rule.get('source_group_id') remote_group_id = rule.get('remote_group_id')
direction = rule.get('direction') direction = rule.get('direction')
direction_ip_prefix = DIRECTION_IP_PREFIX[direction] direction_ip_prefix = DIRECTION_IP_PREFIX[direction]
if not source_group_id: if not remote_group_id:
updated_rule.append(rule) updated_rule.append(rule)
continue continue
port['security_group_source_groups'].append(source_group_id) port['security_group_source_groups'].append(remote_group_id)
base_rule = rule base_rule = rule
for ip in ips[source_group_id]: for ip in ips[remote_group_id]:
if ip in port.get('fixed_ips', []): if ip in port.get('fixed_ips', []):
continue continue
ip_rule = base_rule.copy() ip_rule = base_rule.copy()
@ -290,12 +290,13 @@ class SecurityGroupServerRpcCallbackMixin(object):
'ethertype': rule_in_db['ethertype'], 'ethertype': rule_in_db['ethertype'],
} }
for key in ('protocol', 'port_range_min', 'port_range_max', for key in ('protocol', 'port_range_min', 'port_range_max',
'source_ip_prefix', 'source_group_id'): 'remote_ip_prefix', 'remote_group_id'):
if rule_in_db.get(key): if rule_in_db.get(key):
if key == 'source_ip_prefix' and direction == 'egress': if key == 'remote_ip_prefix':
rule_dict['dest_ip_prefix'] = rule_in_db[key] direction_ip_prefix = DIRECTION_IP_PREFIX[direction]
rule_dict[direction_ip_prefix] = rule_in_db[key]
continue continue
rule_dict[key] = rule_in_db[key] rule_dict[key] = rule_in_db[key]
port['security_group_rules'].append(rule_dict) port['security_group_rules'].append(rule_dict)
self._apply_provider_rule(context, ports) self._apply_provider_rule(context, ports)
return self._convert_source_group_id_to_ip_prefix(context, ports) return self._convert_remote_group_id_to_ip_prefix(context, ports)

12
quantum/extensions/securitygroup.py
View File

@ -61,8 +61,8 @@ class SecurityGroupRulesNotSingleTenant(qexception.InvalidInput):
" not allowed") " not allowed")
class SecurityGroupSourceGroupAndIpPrefix(qexception.InvalidInput): class SecurityGroupRemoteGroupAndRemoteIpPrefix(qexception.InvalidInput):
message = _("Only source_ip_prefix or source_group_id may " message = _("Only remote_ip_prefix or remote_group_id may "
"be provided.") "be provided.")
@ -75,10 +75,6 @@ class SecurityGroupNotSingleGroupRules(qexception.InvalidInput):
"one security profile at a time") "one security profile at a time")
class SecurityGroupSourceGroupNotFound(qexception.NotFound):
message = _("Source group id %(id)s does not exist")
class SecurityGroupNotFound(qexception.NotFound): class SecurityGroupNotFound(qexception.NotFound):
message = _("Security group %(id)s does not exist") message = _("Security group %(id)s does not exist")
@ -171,7 +167,7 @@ RESOURCE_ATTRIBUTE_MAP = {
'primary_key': True}, 'primary_key': True},
'security_group_id': {'allow_post': True, 'allow_put': False, 'security_group_id': {'allow_post': True, 'allow_put': False,
'is_visible': True, 'required_by_policy': True}, 'is_visible': True, 'required_by_policy': True},
'source_group_id': {'allow_post': True, 'allow_put': False, 'remote_group_id': {'allow_post': True, 'allow_put': False,
'default': None, 'is_visible': True}, 'default': None, 'is_visible': True},
'direction': {'allow_post': True, 'allow_put': True, 'direction': {'allow_post': True, 'allow_put': True,
'is_visible': True, 'is_visible': True,
@ -190,7 +186,7 @@ RESOURCE_ATTRIBUTE_MAP = {
'is_visible': True, 'default': 'IPv4', 'is_visible': True, 'default': 'IPv4',
'convert_to': convert_ethertype_to_case_insensitive, 'convert_to': convert_ethertype_to_case_insensitive,
'validate': {'type:values': sg_supported_ethertypes}}, 'validate': {'type:values': sg_supported_ethertypes}},
'source_ip_prefix': {'allow_post': True, 'allow_put': False, 'remote_ip_prefix': {'allow_post': True, 'allow_put': False,
'default': None, 'is_visible': True}, 'default': None, 'is_visible': True},
'tenant_id': {'allow_post': True, 'allow_put': False, 'tenant_id': {'allow_post': True, 'allow_put': False,
'required_by_policy': True, 'required_by_policy': True,

12
quantum/plugins/midonet/midonet_lib.py
View File

@ -220,8 +220,8 @@ class RuleManager:
rule_id = rule['id'] rule_id = rule['id']
ethertype = rule['ethertype'] ethertype = rule['ethertype']
security_group_id = rule['security_group_id'] security_group_id = rule['security_group_id']
source_group_id = rule['source_group_id'] remote_group_id = rule['remote_group_id']
source_ip_prefix = rule['source_ip_prefix'] # watch out. not validated remote_ip_prefix = rule['remote_ip_prefix'] # watch out. not validated
tenant_id = rule['tenant_id'] tenant_id = rule['tenant_id']
port_range_min = rule['port_range_min'] port_range_min = rule['port_range_min']
external_id = rule['external_id'] external_id = rule['external_id']
@ -234,10 +234,10 @@ class RuleManager:
port_group_id = None port_group_id = None
# handle source # handle source
if not source_ip_prefix is None: if not remote_ip_prefix is None:
nw_src_address, nw_src_length = source_ip_prefix.split('/') nw_src_address, nw_src_length = remote_ip_prefix.split('/')
elif not source_group_id is None: # security group as a srouce elif not remote_group_id is None: # security group as a srouce
source_pg = self.pg_manager.get_for_sg(tenant_id, source_group_id) source_pg = self.pg_manager.get_for_sg(tenant_id, remote_group_id)
port_group_id = source_pg.get_id() port_group_id = source_pg.get_id()
else: else:
raise Exception(_("Don't know what to do with rule=%r"), rule) raise Exception(_("Don't know what to do with rule=%r"), rule)

24
quantum/plugins/nicira/nicira_nvp_plugin/common/securitygroups.py
View File

@ -28,8 +28,8 @@ class NVPSecurityGroups(object):
def _convert_to_nvp_rule(self, rule, with_id=False): def _convert_to_nvp_rule(self, rule, with_id=False):
"""Converts Quantum API security group rule to NVP API.""" """Converts Quantum API security group rule to NVP API."""
nvp_rule = {} nvp_rule = {}
params = ['source_ip_prefix', 'protocol', params = ['remote_ip_prefix', 'protocol',
'source_group_id', 'port_range_min', 'remote_group_id', 'port_range_min',
'port_range_max', 'ethertype'] 'port_range_max', 'ethertype']
if with_id: if with_id:
params.append('id') params.append('id')
@ -40,10 +40,10 @@ class NVPSecurityGroups(object):
nvp_rule[param] = value nvp_rule[param] = value
elif not value: elif not value:
pass pass
elif param == 'source_ip_prefix': elif param == 'remote_ip_prefix':
nvp_rule['ip_prefix'] = rule['source_ip_prefix'] nvp_rule['ip_prefix'] = rule['remote_ip_prefix']
elif param == 'source_group_id': elif param == 'remote_group_id':
nvp_rule['profile_uuid'] = rule['source_group_id'] nvp_rule['profile_uuid'] = rule['remote_group_id']
elif param == 'protocol': elif param == 'protocol':
nvp_rule['protocol'] = protocol_num_look_up[rule['protocol']] nvp_rule['protocol'] = protocol_num_look_up[rule['protocol']]
else: else:
@ -65,7 +65,7 @@ class NVPSecurityGroups(object):
with_id=False): with_id=False):
"""Query quantum db for security group rules. """Query quantum db for security group rules.
""" """
fields = ['source_ip_prefix', 'source_group_id', 'protocol', fields = ['remote_ip_prefix', 'remote_group_id', 'protocol',
'port_range_min', 'port_range_max', 'protocol', 'ethertype'] 'port_range_min', 'port_range_max', 'protocol', 'ethertype']
if with_id: if with_id:
fields.append('id') fields.append('id')
@ -80,11 +80,11 @@ class NVPSecurityGroups(object):
'logical_port_egress_rules': ingress_rules} 'logical_port_egress_rules': ingress_rules}
return self._convert_to_nvp_rules(rules, with_id) return self._convert_to_nvp_rules(rules, with_id)
def _get_profile_uuid(self, context, source_group_id): def _get_profile_uuid(self, context, remote_group_id):
"""Return profile id from novas group id. """ """Return profile id from novas group id. """
security_group = self.get_security_group(context, source_group_id) security_group = self.get_security_group(context, remote_group_id)
if not security_group: if not security_group:
raise ext_sg.SecurityGroupNotFound(id=source_group_id) raise ext_sg.SecurityGroupNotFound(id=remote_group_id)
return security_group['id'] return security_group['id']
def _merge_security_group_rules_with_current(self, context, new_rules, def _merge_security_group_rules_with_current(self, context, new_rules,
@ -95,8 +95,8 @@ class NVPSecurityGroups(object):
rule = new_rule['security_group_rule'] rule = new_rule['security_group_rule']
rule['security_group_id'] = security_group_id rule['security_group_id'] = security_group_id
if rule.get('souce_group_id'): if rule.get('souce_group_id'):
rule['source_group_id'] = self._get_profile_uuid( rule['remote_group_id'] = self._get_profile_uuid(
context, rule['source_group_id']) context, rule['remote_group_id'])
if rule['direction'] == 'ingress': if rule['direction'] == 'ingress':
merged_rules['logical_port_egress_rules'].append( merged_rules['logical_port_egress_rules'].append(
self._convert_to_nvp_rule(rule)) self._convert_to_nvp_rule(rule))

2
quantum/tests/unit/midonet/test_midonet_lib.py
View File

@ -194,7 +194,7 @@ class MidonetRuleManagerTestCase(MidonetLibTestCase):
return {"tenant_id": tenant_id, "security_group_id": sg_id, return {"tenant_id": tenant_id, "security_group_id": sg_id,
"rule_id": rule_id, "direction": direction, "rule_id": rule_id, "direction": direction,
"protocol": protocol, "protocol": protocol,
"source_ip_prefix": src_ip, "source_group_id": src_group_id, "remote_ip_prefix": src_ip, "remote_group_id": src_group_id,
"port_range_min": port_min, "port_range_max": port_max, "port_range_min": port_min, "port_range_max": port_max,
"ethertype": ethertype, "id": rule_id, "external_id": None} "ethertype": ethertype, "id": rule_id, "external_id": None}

88
quantum/tests/unit/test_extension_security_group.py
View File

@ -68,7 +68,7 @@ class SecurityGroupsTestCase(test_db_plugin.QuantumDbPluginV2TestCase):
def _build_security_group_rule(self, security_group_id, direction, def _build_security_group_rule(self, security_group_id, direction,
protocol, port_range_min, port_range_max, protocol, port_range_min, port_range_max,
source_ip_prefix=None, source_group_id=None, remote_ip_prefix=None, remote_group_id=None,
tenant_id='test_tenant', tenant_id='test_tenant',
ethertype='IPv4'): ethertype='IPv4'):
@ -80,11 +80,11 @@ class SecurityGroupsTestCase(test_db_plugin.QuantumDbPluginV2TestCase):
'port_range_max': port_range_max, 'port_range_max': port_range_max,
'tenant_id': tenant_id, 'tenant_id': tenant_id,
'ethertype': ethertype}} 'ethertype': ethertype}}
if source_ip_prefix: if remote_ip_prefix:
data['security_group_rule']['source_ip_prefix'] = source_ip_prefix data['security_group_rule']['remote_ip_prefix'] = remote_ip_prefix
if source_group_id: if remote_group_id:
data['security_group_rule']['source_group_id'] = source_group_id data['security_group_rule']['remote_group_id'] = remote_group_id
return data return data
@ -129,7 +129,7 @@ class SecurityGroupsTestCase(test_db_plugin.QuantumDbPluginV2TestCase):
'd1db38eb087', 'd1db38eb087',
direction='ingress', protocol='tcp', direction='ingress', protocol='tcp',
port_range_min='22', port_range_max='22', port_range_min='22', port_range_max='22',
source_ip_prefix=None, source_group_id=None, remote_ip_prefix=None, remote_group_id=None,
fmt=None, no_delete=False, ethertype='IPv4'): fmt=None, no_delete=False, ethertype='IPv4'):
if not fmt: if not fmt:
fmt = self.fmt fmt = self.fmt
@ -137,8 +137,8 @@ class SecurityGroupsTestCase(test_db_plugin.QuantumDbPluginV2TestCase):
direction, direction,
protocol, port_range_min, protocol, port_range_min,
port_range_max, port_range_max,
source_ip_prefix, remote_ip_prefix,
source_group_id, remote_group_id,
ethertype=ethertype) ethertype=ethertype)
security_group_rule = self._make_security_group_rule(self.fmt, rule) security_group_rule = self._make_security_group_rule(self.fmt, rule)
try: try:
@ -327,7 +327,7 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
with self.security_group(name, description) as sg: with self.security_group(name, description) as sg:
security_group_id = sg['security_group']['id'] security_group_id = sg['security_group']['id']
direction = "ingress" direction = "ingress"
source_ip_prefix = "10.0.0.0/24" remote_ip_prefix = "10.0.0.0/24"
protocol = 'TCP' protocol = 'TCP'
port_range_min = 22 port_range_min = 22
port_range_max = 22 port_range_max = 22
@ -335,7 +335,7 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
with self.security_group_rule(security_group_id, direction, with self.security_group_rule(security_group_id, direction,
protocol, port_range_min, protocol, port_range_min,
port_range_max, port_range_max,
source_ip_prefix, remote_ip_prefix,
ethertype=ethertype) as rule: ethertype=ethertype) as rule:
# the lower case value will be return # the lower case value will be return
@ -348,15 +348,15 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
name = 'webservers' name = 'webservers'
description = 'my webservers' description = 'my webservers'
with self.security_group(name, description) as sg: with self.security_group(name, description) as sg:
source_group_id = sg['security_group']['id'] remote_group_id = sg['security_group']['id']
res = self.new_show_request('security-groups', source_group_id) res = self.new_show_request('security-groups', remote_group_id)
security_group_id = sg['security_group']['id'] security_group_id = sg['security_group']['id']
direction = "ingress" direction = "ingress"
source_ip_prefix = "10.0.0.0/24" remote_ip_prefix = "10.0.0.0/24"
protocol = 'tcp' protocol = 'tcp'
port_range_min = 22 port_range_min = 22
port_range_max = 22 port_range_max = 22
keys = [('source_ip_prefix', source_ip_prefix), keys = [('remote_ip_prefix', remote_ip_prefix),
('security_group_id', security_group_id), ('security_group_id', security_group_id),
('direction', direction), ('direction', direction),
('protocol', protocol), ('protocol', protocol),
@ -365,13 +365,13 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
with self.security_group_rule(security_group_id, direction, with self.security_group_rule(security_group_id, direction,
protocol, port_range_min, protocol, port_range_min,
port_range_max, port_range_max,
source_ip_prefix): remote_ip_prefix):
group = self.deserialize( group = self.deserialize(
self.fmt, res.get_response(self.ext_api)) self.fmt, res.get_response(self.ext_api))
sg_rule = group['security_group']['security_group_rules'] sg_rule = group['security_group']['security_group_rules']
self.assertEqual(group['security_group']['id'], self.assertEqual(group['security_group']['id'],
source_group_id) remote_group_id)
self.assertEqual(len(sg_rule), 1) self.assertEqual(len(sg_rule), 1)
for k, v, in keys: for k, v, in keys:
self.assertEqual(sg_rule[0][k], v) self.assertEqual(sg_rule[0][k], v)
@ -380,8 +380,8 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
name = 'webservers' name = 'webservers'
description = 'my webservers' description = 'my webservers'
with self.security_group(name, description, no_delete=True) as sg: with self.security_group(name, description, no_delete=True) as sg:
source_group_id = sg['security_group']['id'] remote_group_id = sg['security_group']['id']
self._delete('security-groups', source_group_id, 204) self._delete('security-groups', remote_group_id, 204)
def test_delete_default_security_group_fail(self): def test_delete_default_security_group_fail(self):
with self.network(): with self.network():
@ -405,17 +405,17 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
self.assertEqual(rule['port_range_min'], None) self.assertEqual(rule['port_range_min'], None)
self.assertEqual(rule['protocol'], None) self.assertEqual(rule['protocol'], None)
def test_create_security_group_rule_source_ip_prefix(self): def test_create_security_group_rule_remote_ip_prefix(self):
name = 'webservers' name = 'webservers'
description = 'my webservers' description = 'my webservers'
with self.security_group(name, description) as sg: with self.security_group(name, description) as sg:
security_group_id = sg['security_group']['id'] security_group_id = sg['security_group']['id']
direction = "ingress" direction = "ingress"
source_ip_prefix = "10.0.0.0/24" remote_ip_prefix = "10.0.0.0/24"
protocol = 'tcp' protocol = 'tcp'
port_range_min = 22 port_range_min = 22
port_range_max = 22 port_range_max = 22
keys = [('source_ip_prefix', source_ip_prefix), keys = [('remote_ip_prefix', remote_ip_prefix),
('security_group_id', security_group_id), ('security_group_id', security_group_id),
('direction', direction), ('direction', direction),
('protocol', protocol), ('protocol', protocol),
@ -424,7 +424,7 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
with self.security_group_rule(security_group_id, direction, with self.security_group_rule(security_group_id, direction,
protocol, port_range_min, protocol, port_range_min,
port_range_max, port_range_max,
source_ip_prefix) as rule: remote_ip_prefix) as rule:
for k, v, in keys: for k, v, in keys:
self.assertEqual(rule['security_group_rule'][k], v) self.assertEqual(rule['security_group_rule'][k], v)
@ -435,11 +435,11 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
with self.security_group(name, description) as sg2: with self.security_group(name, description) as sg2:
security_group_id = sg['security_group']['id'] security_group_id = sg['security_group']['id']
direction = "ingress" direction = "ingress"
source_group_id = sg2['security_group']['id'] remote_group_id = sg2['security_group']['id']
protocol = 'tcp' protocol = 'tcp'
port_range_min = 22 port_range_min = 22
port_range_max = 22 port_range_max = 22
keys = [('source_group_id', source_group_id), keys = [('remote_group_id', remote_group_id),
('security_group_id', security_group_id), ('security_group_id', security_group_id),
('direction', direction), ('direction', direction),
('protocol', protocol), ('protocol', protocol),
@ -448,7 +448,7 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
with self.security_group_rule(security_group_id, direction, with self.security_group_rule(security_group_id, direction,
protocol, port_range_min, protocol, port_range_min,
port_range_max, port_range_max,
source_group_id=source_group_id remote_group_id=remote_group_id
) as rule: ) as rule:
for k, v, in keys: for k, v, in keys:
self.assertEqual(rule['security_group_rule'][k], v) self.assertEqual(rule['security_group_rule'][k], v)
@ -456,16 +456,16 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
def test_create_security_group_source_group_ip_and_ip_prefix(self): def test_create_security_group_source_group_ip_and_ip_prefix(self):
security_group_id = "4cd70774-cc67-4a87-9b39-7d1db38eb087" security_group_id = "4cd70774-cc67-4a87-9b39-7d1db38eb087"
direction = "ingress" direction = "ingress"
source_ip_prefix = "10.0.0.0/24" remote_ip_prefix = "10.0.0.0/24"
protocol = 'tcp' protocol = 'tcp'
port_range_min = 22 port_range_min = 22
port_range_max = 22 port_range_max = 22
source_group_id = "9cd70774-cc67-4a87-9b39-7d1db38eb087" remote_group_id = "9cd70774-cc67-4a87-9b39-7d1db38eb087"
rule = self._build_security_group_rule(security_group_id, direction, rule = self._build_security_group_rule(security_group_id, direction,
protocol, port_range_min, protocol, port_range_min,
port_range_max, port_range_max,
source_ip_prefix, remote_ip_prefix,
source_group_id) remote_group_id)
res = self._create_security_group_rule(self.fmt, rule) res = self._create_security_group_rule(self.fmt, rule)
self.deserialize(self.fmt, res) self.deserialize(self.fmt, res)
self.assertEqual(res.status_int, 400) self.assertEqual(res.status_int, 400)
@ -473,14 +473,14 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
def test_create_security_group_rule_bad_security_group_id(self): def test_create_security_group_rule_bad_security_group_id(self):
security_group_id = "4cd70774-cc67-4a87-9b39-7d1db38eb087" security_group_id = "4cd70774-cc67-4a87-9b39-7d1db38eb087"
direction = "ingress" direction = "ingress"
source_ip_prefix = "10.0.0.0/24" remote_ip_prefix = "10.0.0.0/24"
protocol = 'tcp' protocol = 'tcp'
port_range_min = 22 port_range_min = 22
port_range_max = 22 port_range_max = 22
rule = self._build_security_group_rule(security_group_id, direction, rule = self._build_security_group_rule(security_group_id, direction,
protocol, port_range_min, protocol, port_range_min,
port_range_max, port_range_max,
source_ip_prefix) remote_ip_prefix)
res = self._create_security_group_rule(self.fmt, rule) res = self._create_security_group_rule(self.fmt, rule)
self.deserialize(self.fmt, res) self.deserialize(self.fmt, res)
self.assertEqual(res.status_int, 404) self.assertEqual(res.status_int, 404)
@ -499,7 +499,7 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
self.deserialize(self.fmt, res) self.deserialize(self.fmt, res)
self.assertEqual(res.status_int, 404) self.assertEqual(res.status_int, 404)
def test_create_security_group_rule_bad_tenant_source_group_id(self): def test_create_security_group_rule_bad_tenant_remote_group_id(self):
with self.security_group() as sg: with self.security_group() as sg:
res = self._create_security_group(self.fmt, 'webservers', res = self._create_security_group(self.fmt, 'webservers',
'webservers', 'webservers',
@ -512,7 +512,7 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
'port_range_min': '22', 'port_range_min': '22',
'port_range_max': '22', 'port_range_max': '22',
'tenant_id': 'bad_tenant', 'tenant_id': 'bad_tenant',
'source_group_id': sg['security_group']['id']}} 'remote_group_id': sg['security_group']['id']}}
res = self._create_security_group_rule(self.fmt, rule, res = self._create_security_group_rule(self.fmt, rule,
tenant_id='bad_tenant', tenant_id='bad_tenant',
@ -540,12 +540,12 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
self.deserialize(self.fmt, res) self.deserialize(self.fmt, res)
self.assertEqual(res.status_int, 404) self.assertEqual(res.status_int, 404)
def test_create_security_group_rule_bad_source_group_id(self): def test_create_security_group_rule_bad_remote_group_id(self):
name = 'webservers' name = 'webservers'
description = 'my webservers' description = 'my webservers'
with self.security_group(name, description) as sg: with self.security_group(name, description) as sg:
security_group_id = sg['security_group']['id'] security_group_id = sg['security_group']['id']
source_group_id = "4cd70774-cc67-4a87-9b39-7d1db38eb087" remote_group_id = "4cd70774-cc67-4a87-9b39-7d1db38eb087"
direction = "ingress" direction = "ingress"
protocol = 'tcp' protocol = 'tcp'
port_range_min = 22 port_range_min = 22
@ -553,7 +553,7 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
rule = self._build_security_group_rule(security_group_id, direction, rule = self._build_security_group_rule(security_group_id, direction,
protocol, port_range_min, protocol, port_range_min,
port_range_max, port_range_max,
source_group_id=source_group_id) remote_group_id=remote_group_id)
res = self._create_security_group_rule(self.fmt, rule) res = self._create_security_group_rule(self.fmt, rule)
self.deserialize(self.fmt, res) self.deserialize(self.fmt, res)
self.assertEqual(res.status_int, 404) self.assertEqual(res.status_int, 404)
@ -941,16 +941,16 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
def test_create_security_group_rule_with_invalid_ethertype(self): def test_create_security_group_rule_with_invalid_ethertype(self):
security_group_id = "4cd70774-cc67-4a87-9b39-7d1db38eb087" security_group_id = "4cd70774-cc67-4a87-9b39-7d1db38eb087"
direction = "ingress" direction = "ingress"
source_ip_prefix = "10.0.0.0/24" remote_ip_prefix = "10.0.0.0/24"
protocol = 'tcp' protocol = 'tcp'
port_range_min = 22 port_range_min = 22
port_range_max = 22 port_range_max = 22
source_group_id = "9cd70774-cc67-4a87-9b39-7d1db38eb087" remote_group_id = "9cd70774-cc67-4a87-9b39-7d1db38eb087"
rule = self._build_security_group_rule(security_group_id, direction, rule = self._build_security_group_rule(security_group_id, direction,
protocol, port_range_min, protocol, port_range_min,
port_range_max, port_range_max,
source_ip_prefix, remote_ip_prefix,
source_group_id, remote_group_id,
ethertype='IPv5') ethertype='IPv5')
res = self._create_security_group_rule(self.fmt, rule) res = self._create_security_group_rule(self.fmt, rule)
self.deserialize(self.fmt, res) self.deserialize(self.fmt, res)
@ -959,16 +959,16 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
def test_create_security_group_rule_with_invalid_protocol(self): def test_create_security_group_rule_with_invalid_protocol(self):
security_group_id = "4cd70774-cc67-4a87-9b39-7d1db38eb087" security_group_id = "4cd70774-cc67-4a87-9b39-7d1db38eb087"
direction = "ingress" direction = "ingress"
source_ip_prefix = "10.0.0.0/24" remote_ip_prefix = "10.0.0.0/24"
protocol = 'tcp/ip' protocol = 'tcp/ip'
port_range_min = 22 port_range_min = 22
port_range_max = 22 port_range_max = 22
source_group_id = "9cd70774-cc67-4a87-9b39-7d1db38eb087" remote_group_id = "9cd70774-cc67-4a87-9b39-7d1db38eb087"
rule = self._build_security_group_rule(security_group_id, direction, rule = self._build_security_group_rule(security_group_id, direction,
protocol, port_range_min, protocol, port_range_min,
port_range_max, port_range_max,
source_ip_prefix, remote_ip_prefix,
source_group_id) remote_group_id)
res = self._create_security_group_rule(self.fmt, rule) res = self._create_security_group_rule(self.fmt, rule)
self.deserialize(self.fmt, res) self.deserialize(self.fmt, res)
self.assertEqual(res.status_int, 400) self.assertEqual(res.status_int, 400)

14
quantum/tests/unit/test_security_groups_rpc.py
View File

@ -161,7 +161,7 @@ class SGServerRpcCallBackMixinTestCase(test_sg.SecurityGroupDBTestCase):
rule1 = self._build_security_group_rule( rule1 = self._build_security_group_rule(
sg1_id, sg1_id,
'ingress', 'tcp', '24', 'ingress', 'tcp', '24',
'25', source_group_id=sg2['security_group']['id']) '25', remote_group_id=sg2['security_group']['id'])
rules = { rules = {
'security_group_rules': [rule1['security_group_rule']]} 'security_group_rules': [rule1['security_group_rule']]}
res = self._create_security_group_rule(self.fmt, rules) res = self._create_security_group_rule(self.fmt, rules)
@ -190,7 +190,7 @@ class SGServerRpcCallBackMixinTestCase(test_sg.SecurityGroupDBTestCase):
'source_ip_prefix': u'10.0.0.3/32', 'source_ip_prefix': u'10.0.0.3/32',
'protocol': u'tcp', 'ethertype': u'IPv4', 'protocol': u'tcp', 'ethertype': u'IPv4',
'port_range_max': 25, 'port_range_min': 24, 'port_range_max': 25, 'port_range_min': 24,
'source_group_id': sg2_id, 'remote_group_id': sg2_id,
'security_group_id': sg1_id}, 'security_group_id': sg1_id},
{'ethertype': 'IPv4', 'direction': 'egress'}, {'ethertype': 'IPv4', 'direction': 'egress'},
] ]
@ -324,7 +324,7 @@ class SGServerRpcCallBackMixinTestCase(test_sg.SecurityGroupDBTestCase):
'ingress', 'tcp', '24', 'ingress', 'tcp', '24',
'25', '25',
ethertype='IPv6', ethertype='IPv6',
source_group_id=sg2['security_group']['id']) remote_group_id=sg2['security_group']['id'])
rules = { rules = {
'security_group_rules': [rule1['security_group_rule']]} 'security_group_rules': [rule1['security_group_rule']]}
res = self._create_security_group_rule(self.fmt, rules) res = self._create_security_group_rule(self.fmt, rules)
@ -356,7 +356,7 @@ class SGServerRpcCallBackMixinTestCase(test_sg.SecurityGroupDBTestCase):
'source_ip_prefix': 'fe80::3/128', 'source_ip_prefix': 'fe80::3/128',
'protocol': 'tcp', 'ethertype': 'IPv6', 'protocol': 'tcp', 'ethertype': 'IPv6',
'port_range_max': 25, 'port_range_min': 24, 'port_range_max': 25, 'port_range_min': 24,
'source_group_id': sg2_id, 'remote_group_id': sg2_id,
'security_group_id': sg1_id}, 'security_group_id': sg1_id},
{'ethertype': 'IPv6', 'direction': 'egress'}, {'ethertype': 'IPv6', 'direction': 'egress'},
] ]
@ -414,7 +414,7 @@ class SecurityGroupAgentRpcTestCase(testtools.TestCase):
'security_group_source_groups': ['fake_sgid2'], 'security_group_source_groups': ['fake_sgid2'],
'security_group_rules': [{'security_group_id': 'security_group_rules': [{'security_group_id':
'fake_sgid1', 'fake_sgid1',
'source_group_id': 'remote_group_id':
'fake_sgid2'}]} 'fake_sgid2'}]}
fake_devices = {'fake_device': self.fake_device} fake_devices = {'fake_device': self.fake_device}
self.firewall.ports = fake_devices self.firewall.ports = fake_devices
@ -1126,14 +1126,14 @@ class SGNotificationTestMixin():
with self.security_group(name, description) as sg2: with self.security_group(name, description) as sg2:
security_group_id = sg['security_group']['id'] security_group_id = sg['security_group']['id']
direction = "ingress" direction = "ingress"
source_group_id = sg2['security_group']['id'] remote_group_id = sg2['security_group']['id']
protocol = 'tcp' protocol = 'tcp'
port_range_min = 88 port_range_min = 88
port_range_max = 88 port_range_max = 88
with self.security_group_rule(security_group_id, direction, with self.security_group_rule(security_group_id, direction,
protocol, port_range_min, protocol, port_range_min,
port_range_max, port_range_max,
source_group_id=source_group_id remote_group_id=remote_group_id
): ):
pass pass
self.notifier.assert_has_calls( self.notifier.assert_has_calls(