openstack
/
neutron-fwaas
Code Issues Proposed changes
neutron-fwaas/neutron_fwaas/tests/unit/services/firewall/agents/l3reference/test_firewall_l3_agent_v2.py

457 lines
20 KiB
Python
Raw Blame History

# Copyright (c) 2016
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import mock
from neutron.agent.l3 import l3_agent_extension_api as l3_agent_api
from neutron.agent.l3 import router_info
from neutron.agent.linux import ip_lib
from neutron.conf.agent.l3 import config as l3_config
from neutron_lib import context
from oslo_config import cfg
from oslo_utils import uuidutils
from neutron_fwaas.common import fwaas_constants
from neutron_fwaas.services.firewall.agents import firewall_agent_api
from neutron_fwaas.services.firewall.agents.l3reference \
import firewall_l3_agent_v2
from neutron_fwaas.services.firewall.drivers.linux \
import iptables_fwaas_v2
from neutron_fwaas.tests import base
from neutron_fwaas.tests.unit.services.firewall.agents \
import test_firewall_agent_api
class FWaasHelper(object):
def __init__(self):
pass
class FWaasAgent(firewall_l3_agent_v2.L3WithFWaaS, FWaasHelper):
neutron_service_plugins = []
def add_router(self, context, data):
pass
def delete_router(self, context, data):
pass
def update_router(self, context, data):
pass
def _setup_test_agent_class(service_plugins):
class FWaasTestAgent(firewall_l3_agent_v2.L3WithFWaaS,
FWaasHelper):
neutron_service_plugins = service_plugins
def __init__(self, conf):
self.event_observers = mock.Mock()
self.conf = conf
firewall_agent_api._check_required_agent_extension = mock.Mock()
super(FWaasTestAgent, self).__init__(conf)
def delete_router(self, context, data):
pass
def update_router(self, context, data):
pass
return FWaasTestAgent
class TestFWaaSL3AgentExtension(base.BaseTestCase):
def setUp(self):
super(TestFWaaSL3AgentExtension, self).setUp()
self.conf = cfg.ConfigOpts()
self.conf.register_opts(l3_config.OPTS)
self.conf.register_opts(firewall_agent_api.FWaaSOpts, 'fwaas')
self.conf.host = 'myhost'
self.api = FWaasAgent(self.conf)
self.api.agent_api = mock.Mock()
self.api.fwaas_driver = test_firewall_agent_api.NoopFwaasDriverV2()
self.adminContext = context.get_admin_context()
self.context = mock.sentinel.context
self.router_id = uuidutils.generate_uuid()
self.agent_conf = mock.Mock()
self.ri_kwargs = {'router': {'id': self.router_id,
'project_id': uuidutils.generate_uuid()},
'agent_conf': self.agent_conf,
'interface_driver': mock.ANY,
'use_ipv6': mock.ANY
}
def test_fw_config_match(self):
test_agent_class = _setup_test_agent_class([fwaas_constants.FIREWALL])
cfg.CONF.set_override('enabled', True, 'fwaas')
with mock.patch('oslo_utils.importutils.import_object'):
test_agent_class(cfg.CONF)
def test_fw_config_mismatch_plugin_enabled_agent_disabled(self):
self.skipTest('this is broken')
test_agent_class = _setup_test_agent_class([fwaas_constants.FIREWALL])
cfg.CONF.set_override('enabled', False, 'fwaas')
self.assertRaises(SystemExit, test_agent_class, cfg.CONF)
def test_fw_plugin_list_unavailable(self):
test_agent_class = _setup_test_agent_class(None)
cfg.CONF.set_override('enabled', False, 'fwaas')
with mock.patch('oslo_utils.importutils.import_object'):
test_agent_class(cfg.CONF)
def test_create_firewall_group(self):
firewall_group = {'id': 0, 'project_id': 1,
'admin_state_up': True,
'add-port-ids': [1, 2]}
self.api.plugin_rpc = mock.Mock()
with mock.patch.object(self.api, '_get_firewall_group_ports'
) as mock_get_firewall_group_ports, \
mock.patch.object(self.api, '_get_in_ns_ports'
) as mock_get_in_ns_ports, \
mock.patch.object(self.api.fwaas_driver,
'create_firewall_group'
) as mock_driver_create_firewall_group, \
mock.patch.object(self.api.fwplugin_rpc,
'set_firewall_group_status'
) as mock_set_firewall_group_status:
mock_driver_create_firewall_group.return_value = True
self.api.create_firewall_group(self.context, firewall_group,
host='host')
mock_get_firewall_group_ports.assert_called_once_with(self.context,
firewall_group)
mock_get_in_ns_ports.assert_called
assert mock_get_in_ns_ports
mock_set_firewall_group_status.assert_called_once_with(
self.context, firewall_group['id'], 'ACTIVE')
def test_update_firewall_group_with_ports_added_and_deleted(self):
firewall_group = {'id': 0, 'project_id': 1,
'admin_state_up': True,
'ports': [1, 2, 3, 4],
'add-port-ids': [1, 2],
'del-port-ids': [3, 4],
'router_ids': [],
'last-port': False}
self.api.plugin_rpc = mock.Mock()
with mock.patch.object(self.api, '_get_firewall_group_ports'
) as mock_get_firewall_group_ports, \
mock.patch.object(self.api, '_get_in_ns_ports'
) as mock_get_in_ns_ports, \
mock.patch.object(self.api.fwaas_driver,
'update_firewall_group'
) as mock_driver_update_firewall_group, \
mock.patch.object(self.api.fwaas_driver,
'delete_firewall_group'
) as mock_driver_delete_firewall_group, \
mock.patch.object(self.api.fwplugin_rpc,
'set_firewall_group_status'
) as mock_set_firewall_group_status:
mock_driver_delete_firewall_group.return_value = True
mock_driver_update_firewall_group.return_value = True
calls = [mock.call(self.context, firewall_group, to_delete=True,
require_new_plugin=True),
mock.call(self.context, firewall_group)]
self.api.update_firewall_group(self.context, firewall_group,
host='host')
self.assertEqual(mock_get_firewall_group_ports.call_args_list,
calls)
mock_get_in_ns_ports.assert_called
mock_set_firewall_group_status.assert_called_once_with(
self.context, firewall_group['id'], 'ACTIVE')
def test_update_firewall_group_with_ports_added_and_admin_state_down(self):
firewall_group = {'id': 0, 'project_id': 1,
'admin_state_up': False,
'ports': [1, 2],
'add-port-ids': [1, 2],
'del-port-ids': [],
'router_ids': [],
'last-port': False}
self.api.plugin_rpc = mock.Mock()
with mock.patch.object(self.api, '_get_firewall_group_ports'
) as mock_get_firewall_group_ports, \
mock.patch.object(self.api, '_get_in_ns_ports'
) as mock_get_in_ns_ports, \
mock.patch.object(self.api.fwaas_driver,
'update_firewall_group'
) as mock_driver_update_firewall_group, \
mock.patch.object(self.api.fwplugin_rpc,
'set_firewall_group_status'
) as mock_set_firewall_group_status:
mock_driver_update_firewall_group.return_value = True
self.api.update_firewall_group(self.context, firewall_group,
host='host')
mock_get_firewall_group_ports.assert_called
mock_get_in_ns_ports.assert_called
mock_set_firewall_group_status.assert_called_once_with(
self.context, firewall_group['id'], 'DOWN')
def test_update_firewall_group_with_all_ports_deleted(self):
firewall_group = {'id': 0, 'project_id': 1,
'admin_state_up': True,
'ports': [3, 4],
'add-port-ids': [],
'del-port-ids': [3, 4],
'last-port': True}
self.api.plugin_rpc = mock.Mock()
with mock.patch.object(self.api, '_get_firewall_group_ports'
) as mock_get_firewall_group_ports, \
mock.patch.object(self.api, '_get_in_ns_ports'
) as mock_get_in_ns_ports, \
mock.patch.object(self.api.fwaas_driver,
'delete_firewall_group'
) as mock_driver_delete_firewall_group, \
mock.patch.object(self.api.fwplugin_rpc,
'set_firewall_group_status'
) as mock_set_firewall_group_status:
mock_driver_delete_firewall_group.return_value = True
self.api.update_firewall_group(self.context, firewall_group,
host='host')
calls = [
mock.call._get_firewall_group_ports(
self.context, firewall_group, require_new_plugin=True,
to_delete=True),
mock.call._get_firewall_group_ports(
self.context, firewall_group)
]
mock_get_firewall_group_ports.assert_has_calls(calls)
mock_get_in_ns_ports.assert_called
mock_set_firewall_group_status.assert_called_once_with(
self.context, firewall_group['id'], 'INACTIVE')
def test_update_firewall_group_with_no_ports_added_or_deleted(self):
firewall_group = {'id': 0, 'project_id': 1,
'admin_state_up': True,
'ports': [],
'add-port-ids': [],
'del-port-ids': [],
'router_ids': []}
self.api.plugin_rpc = mock.Mock()
with mock.patch.object(self.api.fwaas_driver, 'update_firewall_group'
) as mock_driver_update_firewall_group, \
mock.patch.object(self.api.fwplugin_rpc,
'set_firewall_group_status'
) as mock_set_firewall_group_status:
mock_driver_update_firewall_group.return_value = True
self.api.update_firewall_group(self.context, firewall_group,
host='host')
mock_set_firewall_group_status.assert_called_once_with(
self.context, firewall_group['id'], 'INACTIVE')
def test_update_firewall_group_with_only_ports_added(self):
# This test is for bug/1634114
firewall_group = {'id': 0, 'project_id': 1,
'admin_state_up': True,
'ports': [1, 2],
'add-port-ids': ['1', '2'],
'del-port-ids': [],
'last-port': False
}
self.api.update_firewall_group(self.context, firewall_group,
host='host')
def test_delete_firewall_group(self):
firewall_group = {'id': 0, 'project_id': 1,
'admin_state_up': True,
'ports': [3, 4],
'add-port-ids': [],
'del-port-ids': [3, 4],
'last-port': False}
self.api.plugin_rpc = mock.Mock()
with mock.patch.object(self.api, '_get_firewall_group_ports'
) as mock_get_firewall_group_ports, \
mock.patch.object(self.api, '_get_in_ns_ports'
) as mock_get_in_ns_ports, \
mock.patch.object(self.api.fwaas_driver,
'delete_firewall_group'
) as mock_driver_delete_firewall_group, \
mock.patch.object(self.api.fwplugin_rpc,
'firewall_group_deleted'
) as mock_firewall_group_deleted:
mock_driver_delete_firewall_group.return_value = True
self.api.delete_firewall_group(self.context, firewall_group,
host='host')
mock_get_firewall_group_ports.assert_called_once_with(
self.context, firewall_group, to_delete=True)
mock_get_in_ns_ports.assert_called
mock_firewall_group_deleted.assert_called_once_with(self.context,
firewall_group['id'])
def _prepare_router_data(self):
return router_info.RouterInfo(self.api,
self.router_id,
**self.ri_kwargs)
def test_get_in_ns_ports_for_non_ns_fw(self):
port_ids = [1, 2]
ports = [{'id': pid} for pid in port_ids]
ri = self._prepare_router_data()
ri.internal_ports = ports
router_info = {ri.router_id: ri}
api_object = l3_agent_api.L3AgentExtensionAPI(router_info)
self.api.consume_api(api_object)
fw_port_ids = port_ids
with mock.patch.object(ip_lib,
'list_network_namespaces') as mock_list_netns:
mock_list_netns.return_value = []
ports_for_fw_list = self.api._get_in_ns_ports(fw_port_ids)
mock_list_netns.assert_called_with()
self.assertFalse(ports_for_fw_list)
def test_get_in_ns_ports_for_fw(self):
port_ids = [1, 2]
ports = [{'id': pid} for pid in port_ids]
ri = self._prepare_router_data()
ri.internal_ports = ports
router_info = {}
router_info[ri.router_id] = ri
api_object = l3_agent_api.L3AgentExtensionAPI(router_info)
self.api.consume_api(api_object)
fw_port_ids = port_ids
ports_for_fw_expected = [(ri, port_ids)]
with mock.patch.object(ip_lib,
'list_network_namespaces') as mock_list_netns:
mock_list_netns.return_value = [ri.ns_name]
ports_for_fw_actual = self.api._get_in_ns_ports(fw_port_ids)
self.assertEqual(ports_for_fw_expected, ports_for_fw_actual)
def test_add_router_for_check_input(self):
fw_agent = _setup_test_agent_class([fwaas_constants.FIREWALL])
cfg.CONF.set_override('enabled', True, 'fwaas')
updated_router = {
'_interfaces': [{
'device_owner': 'network: router_interface',
'id': '1',
'tenant_id': 'demo_tenant_id',
}],
'tenant_id': 'demo_tenant_id',
'id': '0b109a4e-d228-479d-ad43-08bf3245adbb',
'name': 'demo_router'
}
fwg = {
'status': 'ACTIVE',
'admin_state_up': True,
'tenant_id': 'demo_tenant_id',
'ports': [1],
'del-port-ids': [],
'add-port-ids': ['1'],
'id': '2932b3d9-3a7b-48a1-a16c-bf9f7b2751a5'
}
with mock.patch('oslo_utils.importutils.import_object'):
agent = fw_agent(cfg.CONF)
agent.agent_api = mock.Mock()
agent.fwplugin_rpc = mock.Mock()
agent.conf.agent_mode = mock.Mock()
agent.fwaas_driver = iptables_fwaas_v2.IptablesFwaasDriver()
with mock.patch.object(agent.fwplugin_rpc,
'get_firewall_groups_for_project'
) as mock_get_firewall_groups_for_project, \
mock.patch.object(agent.agent_api,
'get_router_hosting_port'
) as mock_get_router_hosting_port, \
mock.patch.object(agent.fwaas_driver,
'_get_ipt_mgrs_with_if_prefix'
) as mock_get_ipt_mgrs_with_if_prefix:
mock_get_firewall_groups_for_project.return_value = [fwg]
mock_get_router_hosting_port.return_value = mock.Mock()
agent.add_router(self.context, updated_router)
mock_get_ipt_mgrs_with_if_prefix.assert_any_call(
agent.conf.agent_mode, mock.ANY)
@mock.patch('oslo_utils.importutils.import_object')
def test_add_router_with_several_ports(self, mock_import_object):
fw_agent = _setup_test_agent_class([fwaas_constants.FIREWALL])
cfg.CONF.set_override('enabled', True, 'fwaas')
updated_router = {
'_interfaces': [
{'device_owner': 'network: router_interface',
'id': '1',
'tenant_id': 'demo_tenant_id'},
{'device_owner': 'network: router_interface',
'id': '2',
'tenant_id': 'demo_tenant_id'},
{'device_owner': 'network: router_interface',
'id': '3',
'tenant_id': 'demo_tenant_id'}],
'tenant_id': 'demo_tenant_id',
'id': '0b109a4e-d228-479d-ad43-08bf3245adbb',
'name': 'demo_router'
}
fwg1 = {
'status': 'ACTIVE',
'admin_state_up': True,
'tenant_id': 'demo_tenant_id',
'del-port-ids': [],
'add-port-ids': ['1', '3'],
'id': '2932b3d9-3a7b-48a1-a16c-bf9f7b2751a5'
}
fwg2 = {
'status': 'ACTIVE',
'admin_state_up': True,
'tenant_id': 'demo_tenant_id',
'del-port-ids': [],
'add-port-ids': ['2', '3'],
'id': '2932b3d9-3a7b-48a1-a16c-bf9f7b2751a5'
}
agent = fw_agent(cfg.CONF)
agent.agent_api = mock.Mock()
agent.fwplugin_rpc = mock.Mock()
agent.conf.agent_mode = mock.Mock()
agent.fwaas_driver = iptables_fwaas_v2.IptablesFwaasDriver()
patch_project = mock.patch.object(
agent.fwplugin_rpc, 'get_firewall_groups_for_project')
patch_invoke = mock.patch.object(
agent, '_invoke_driver_for_sync_from_plugin')
with patch_project as mock_get_firewall_groups, \
patch_invoke as mock_invoke_driver:
mock_get_firewall_groups.return_value = [fwg1, fwg2]
agent.add_router(self.context, updated_router)
# Check that mock_invoke_driver was called exactly twice with
# correct arguments.
self.assertEqual([
mock.call(mock.ANY, {'1', '3'}, fwg1),
mock.call(mock.ANY, {'2'}, fwg2),
], mock_invoke_driver.call_args_list)
#TODO(Margaret) Add test for add_router method.
View Git Blame Copy Permalink