Kubernetes integration with OpenStack networking
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

test_namespace_security_groups.py 5.9KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167
  1. # Copyright (c) 2018 Red Hat, Inc.
  2. # All Rights Reserved.
  3. #
  4. # Licensed under the Apache License, Version 2.0 (the "License"); you may
  5. # not use this file except in compliance with the License. You may obtain
  6. # a copy of the License at
  7. #
  8. # http://www.apache.org/licenses/LICENSE-2.0
  9. #
  10. # Unless required by applicable law or agreed to in writing, software
  11. # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  12. # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
  13. # License for the specific language governing permissions and limitations
  14. # under the License.
  15. import mock
  16. from kuryr_kubernetes import constants
  17. from kuryr_kubernetes.controller.drivers import namespace_security_groups
  18. from kuryr_kubernetes.tests import base as test_base
  19. from kuryr_kubernetes.tests.unit import kuryr_fixtures as k_fix
  20. from neutronclient.common import exceptions as n_exc
  21. def get_pod_obj():
  22. return {
  23. 'status': {
  24. 'qosClass': 'BestEffort',
  25. 'hostIP': '192.168.1.2',
  26. },
  27. 'kind': 'Pod',
  28. 'spec': {
  29. 'schedulerName': 'default-scheduler',
  30. 'containers': [{
  31. 'name': 'busybox',
  32. 'image': 'busybox',
  33. 'resources': {}
  34. }],
  35. 'nodeName': 'kuryr-devstack'
  36. },
  37. 'metadata': {
  38. 'name': 'busybox-sleep1',
  39. 'namespace': 'default',
  40. 'resourceVersion': '53808',
  41. 'selfLink': '/api/v1/namespaces/default/pods/busybox-sleep1',
  42. 'uid': '452176db-4a85-11e7-80bd-fa163e29dbbb',
  43. 'annotations': {
  44. 'openstack.org/kuryr-vif': {}
  45. }
  46. }}
  47. def get_namespace_obj():
  48. return {
  49. 'metadata': {
  50. 'annotations': {
  51. constants.K8S_ANNOTATION_NET_CRD: 'net_crd_url_sample'
  52. }
  53. }
  54. }
  55. class TestNamespacePodSecurityGroupsDriver(test_base.TestCase):
  56. @mock.patch('kuryr_kubernetes.controller.drivers.'
  57. 'namespace_security_groups._get_net_crd')
  58. @mock.patch('kuryr_kubernetes.config.CONF')
  59. def test_get_security_groups(self, m_cfg, m_get_crd):
  60. cls = namespace_security_groups.NamespacePodSecurityGroupsDriver
  61. m_driver = mock.MagicMock(spec=cls)
  62. pod = get_pod_obj()
  63. project_id = mock.sentinel.project_id
  64. sg_list = [mock.sentinel.sg_id]
  65. m_cfg.neutron_defaults.pod_security_groups = sg_list
  66. sg_id = mock.sentinel.sg_id
  67. extra_sg = mock.sentinel.extra_sg
  68. net_crd = {
  69. 'spec': {
  70. 'sgId': sg_id
  71. }
  72. }
  73. m_get_crd.return_value = net_crd
  74. m_driver._get_extra_sg.return_value = [extra_sg]
  75. ret = cls.get_security_groups(m_driver, pod, project_id)
  76. expected_sg = [str(sg_id), str(extra_sg), sg_list[0]]
  77. self.assertEqual(ret, expected_sg)
  78. m_get_crd.assert_called_once_with(pod['metadata']['namespace'])
  79. def test_create_namespace_sg(self):
  80. cls = namespace_security_groups.NamespacePodSecurityGroupsDriver
  81. m_driver = mock.MagicMock(spec=cls)
  82. namespace = 'test'
  83. project_id = mock.sentinel.project_id
  84. sg = {'id': mock.sentinel.sg}
  85. subnet_cidr = mock.sentinel.subnet_cidr
  86. crd_spec = {
  87. 'subnetCIDR': subnet_cidr
  88. }
  89. neutron = self.useFixture(k_fix.MockNeutronClient()).client
  90. neutron.create_security_group.return_value = {'security_group': sg}
  91. create_sg_resp = cls.create_namespace_sg(m_driver, namespace,
  92. project_id, crd_spec)
  93. self.assertEqual(create_sg_resp, {'sgId': sg['id']})
  94. neutron.create_security_group.assert_called_once()
  95. neutron.create_security_group_rule.assert_called_once()
  96. def test_create_namespace_sg_exception(self):
  97. cls = namespace_security_groups.NamespacePodSecurityGroupsDriver
  98. m_driver = mock.MagicMock(spec=cls)
  99. namespace = 'test'
  100. project_id = mock.sentinel.project_id
  101. subnet_cidr = mock.sentinel.subnet_cidr
  102. crd_spec = {
  103. 'subnetCIDR': subnet_cidr
  104. }
  105. neutron = self.useFixture(k_fix.MockNeutronClient()).client
  106. neutron.create_security_group.side_effect = (
  107. n_exc.NeutronClientException)
  108. self.assertRaises(n_exc.NeutronClientException,
  109. cls.create_namespace_sg, m_driver,
  110. namespace, project_id, crd_spec)
  111. neutron.create_security_group.assert_called_once()
  112. neutron.create_security_group_rule.assert_not_called()
  113. def test_delete_sg(self):
  114. cls = namespace_security_groups.NamespacePodSecurityGroupsDriver
  115. m_driver = mock.MagicMock(spec=cls)
  116. neutron = self.useFixture(k_fix.MockNeutronClient()).client
  117. sg_id = mock.sentinel.sg_id
  118. cls.delete_sg(m_driver, sg_id)
  119. neutron.delete_security_group.assert_called_once_with(sg_id)
  120. def test_delete_sg_exception(self):
  121. cls = namespace_security_groups.NamespacePodSecurityGroupsDriver
  122. m_driver = mock.MagicMock(spec=cls)
  123. neutron = self.useFixture(k_fix.MockNeutronClient()).client
  124. sg_id = mock.sentinel.sg_id
  125. neutron.delete_security_group.side_effect = (
  126. n_exc.NeutronClientException)
  127. self.assertRaises(n_exc.NeutronClientException, cls.delete_sg,
  128. m_driver, sg_id)
  129. neutron.delete_security_group.assert_called_once_with(sg_id)
  130. def test_delete_sg_not_found(self):
  131. cls = namespace_security_groups.NamespacePodSecurityGroupsDriver
  132. m_driver = mock.MagicMock(spec=cls)
  133. neutron = self.useFixture(k_fix.MockNeutronClient()).client
  134. sg_id = mock.sentinel.sg_id
  135. neutron.delete_security_group.side_effect = n_exc.NotFound
  136. cls.delete_sg(m_driver, sg_id)
  137. neutron.delete_security_group.assert_called_once_with(sg_id)