openstack/neutron
Code Issues Proposed changes

Merge "Rename source_(group_id/ip_prefix) to remote_(group_id/ip_prefix)"

Browse Source
This commit is contained in:
Jenkins 2013-03-05 22:04:35 +00:00 committed by Gerrit Code Review
commit e69dec3cad
10 changed files with 126 additions and 127 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
quantum/agent/firewall.py
View File

@ -37,17 +37,19 @@ class FirewallDriver(object):
the rule may contain security_group_id,
protocol, port_min, port_max
source_ip_prefix, source_port_min,
source_port_max, dest_ip_prefix,
source_port_max, dest_ip_prefix, and
remote_group_id
Note: source_group_ip in REST API should be converted by this rule
if direction is ingress:
source_group_ip will be a soruce_prefix_ip
remote_group_ip will be a source_ip_prefix
if direction is egress:
source_group_ip will be a dest_prefix_ip
Note: source_group_id in REST API should be converted by this rule
remote_group_ip will be a dest_ip_prefix
Note: remote_group_id in REST API should be converted by this rule
if direction is ingress:
source_group_id will be a list of soruce_prefix_ip
remote_group_id will be a list of source_ip_prefix
if direction is egress:
source_group_id will be a list of dest_prefix_ip
remote_group_id will be a list of dest_ip_prefix
remote_group_id will also remaining membership update management
"""
__metaclass__ = abc.ABCMeta

6
quantum/db/migration/alembic_migrations/versions/3cb5d900c5de_security_groups.py
View File

@ -61,7 +61,7 @@ def upgrade(active_plugin=None, options=None):
sa.Column('tenant_id', sa.String(length=255), nullable=True),
sa.Column('id', sa.String(length=36), nullable=False),
sa.Column('security_group_id', sa.String(length=36), nullable=False),
sa.Column('source_group_id', sa.String(length=36), nullable=True),
sa.Column('remote_group_id', sa.String(length=36), nullable=True),
sa.Column('direction',
sa.Enum('ingress', 'egress',
name='securitygrouprules_direction'),
@ -70,10 +70,10 @@ def upgrade(active_plugin=None, options=None):
sa.Column('protocol', sa.String(length=40), nullable=True),
sa.Column('port_range_min', sa.Integer(), nullable=True),
sa.Column('port_range_max', sa.Integer(), nullable=True),
sa.Column('source_ip_prefix', sa.String(length=255), nullable=True),
sa.Column('remote_ip_prefix', sa.String(length=255), nullable=True),
sa.ForeignKeyConstraint(['security_group_id'], ['securitygroups.id'],
ondelete='CASCADE'),
sa.ForeignKeyConstraint(['source_group_id'], ['securitygroups.id'],
sa.ForeignKeyConstraint(['remote_group_id'], ['securitygroups.id'],
ondelete='CASCADE'),
sa.PrimaryKeyConstraint('id')
)

32
quantum/db/securitygroups_db.py
View File

@ -53,7 +53,7 @@ class SecurityGroupRule(model_base.BASEV2, models_v2.HasId,
ondelete="CASCADE"),
nullable=False)
source_group_id = sa.Column(sa.String(36),
remote_group_id = sa.Column(sa.String(36),
sa.ForeignKey("securitygroups.id",
ondelete="CASCADE"),
nullable=True)
@ -64,7 +64,7 @@ class SecurityGroupRule(model_base.BASEV2, models_v2.HasId,
protocol = sa.Column(sa.String(40))
port_range_min = sa.Column(sa.Integer)
port_range_max = sa.Column(sa.Integer)
source_ip_prefix = sa.Column(sa.String(255))
remote_ip_prefix = sa.Column(sa.String(255))
security_group = orm.relationship(
SecurityGroup,
backref=orm.backref('rules', cascade='all,delete'),
@ -72,7 +72,7 @@ class SecurityGroupRule(model_base.BASEV2, models_v2.HasId,
source_group = orm.relationship(
SecurityGroup,
backref=orm.backref('source_rules', cascade='all,delete'),
primaryjoin="SecurityGroup.id==SecurityGroupRule.source_group_id")
primaryjoin="SecurityGroup.id==SecurityGroupRule.remote_group_id")
class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
@ -234,12 +234,12 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
id=uuidutils.generate_uuid(), tenant_id=tenant_id,
security_group_id=rule['security_group_id'],
direction=rule['direction'],
source_group_id=rule.get('source_group_id'),
remote_group_id=rule.get('remote_group_id'),
ethertype=rule['ethertype'],
protocol=rule['protocol'],
port_range_min=rule['port_range_min'],
port_range_max=rule['port_range_max'],
source_ip_prefix=rule.get('source_ip_prefix'))
remote_ip_prefix=rule.get('remote_ip_prefix'))
context.session.add(db)
ret.append(self._make_security_group_rule_dict(db))
return ret
@ -251,7 +251,7 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
def _validate_security_group_rules(self, context, security_group_rule):
"""Check that rules being installed all belong to the same security
group, source_group_id/security_group_id belong to the same tenant,
group, remote_group_id/security_group_id belong to the same tenant,
and rules are valid.
"""
new_rules = set()
@ -271,15 +271,15 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
else:
raise ext_sg.SecurityGroupInvalidPortRange()
if rule['source_ip_prefix'] and rule['source_group_id']:
raise ext_sg.SecurityGroupSourceGroupAndIpPrefix()
if rule['remote_ip_prefix'] and rule['remote_group_id']:
raise ext_sg.SecurityGroupRemoteGroupAndRemoteIpPrefix()
if rule['tenant_id'] not in tenant_ids:
tenant_ids.add(rule['tenant_id'])
source_group_id = rule.get('source_group_id')
# Check that source_group_id exists for tenant
if source_group_id:
self.get_security_group(context, source_group_id,
remote_group_id = rule.get('remote_group_id')
# Check that remote_group_id exists for tenant
if remote_group_id:
self.get_security_group(context, remote_group_id,
tenant_id=rule['tenant_id'])
if len(new_rules) > 1:
raise ext_sg.SecurityGroupNotSingleGroupRules()
@ -303,8 +303,8 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
'protocol': security_group_rule['protocol'],
'port_range_min': security_group_rule['port_range_min'],
'port_range_max': security_group_rule['port_range_max'],
'source_ip_prefix': security_group_rule['source_ip_prefix'],
'source_group_id': security_group_rule['source_group_id']}
'remote_ip_prefix': security_group_rule['remote_ip_prefix'],
'remote_group_id': security_group_rule['remote_group_id']}
return self._fields(res, fields)
@ -315,8 +315,8 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
'direction': [sgr['direction']]}
include_if_present = ['protocol', 'port_range_max', 'port_range_min',
'ethertype', 'source_ip_prefix',
'source_group_id']
'ethertype', 'remote_ip_prefix',
'remote_group_id']
for key in include_if_present:
value = sgr.get(key)
if value:

49
quantum/db/securitygroups_rpc_base.py
View File

@ -111,8 +111,8 @@ class SecurityGroupServerRpcCallbackMixin(object):
def security_group_rules_for_devices(self, context, **kwargs):
""" return security group rules for each port
also convert source_group_id rule
to source_ip_prefix rule
also convert remote_group_id rule
to source_ip_prefix and dest_ip_prefix rule
:params devices: list of devices
:returns: port correspond to the devices with security group rules
@ -144,12 +144,12 @@ class SecurityGroupServerRpcCallbackMixin(object):
query = query.filter(sg_binding_port.in_(ports.keys()))
return query.all()
def _select_ips_for_source_group(self, context, source_group_ids):
def _select_ips_for_remote_group(self, context, remote_group_ids):
ips_by_group = {}
if not source_group_ids:
if not remote_group_ids:
return ips_by_group
for source_group_id in source_group_ids:
ips_by_group[source_group_id] = []
for remote_group_id in remote_group_ids:
ips_by_group[remote_group_id] = []
ip_port = models_v2.IPAllocation.port_id
sg_binding_port = sg_db.SecurityGroupPortBinding.port_id
@ -159,20 +159,20 @@ class SecurityGroupServerRpcCallbackMixin(object):
models_v2.IPAllocation.ip_address)
query = query.join(models_v2.IPAllocation,
ip_port == sg_binding_port)
query = query.filter(sg_binding_sgid.in_(source_group_ids))
query = query.filter(sg_binding_sgid.in_(remote_group_ids))
ip_in_db = query.all()
for security_group_id, ip_address in ip_in_db:
ips_by_group[security_group_id].append(ip_address)
return ips_by_group
def _select_source_group_ids(self, ports):
source_group_ids = []
def _select_remote_group_ids(self, ports):
remote_group_ids = []
for port in ports.values():
for rule in port.get('security_group_rules'):
source_group_id = rule.get('source_group_id')
if source_group_id:
source_group_ids.append(source_group_id)
return source_group_ids
remote_group_id = rule.get('remote_group_id')
if remote_group_id:
remote_group_ids.append(remote_group_id)
return remote_group_ids
def _select_network_ids(self, ports):
return set((port['network_id'] for port in ports.values()))
@ -195,22 +195,22 @@ class SecurityGroupServerRpcCallbackMixin(object):
ips[port['network_id']].append(ip)
return ips
def _convert_source_group_id_to_ip_prefix(self, context, ports):
source_group_ids = self._select_source_group_ids(ports)
ips = self._select_ips_for_source_group(context, source_group_ids)
def _convert_remote_group_id_to_ip_prefix(self, context, ports):
remote_group_ids = self._select_remote_group_ids(ports)
ips = self._select_ips_for_remote_group(context, remote_group_ids)
for port in ports.values():
updated_rule = []
for rule in port.get('security_group_rules'):
source_group_id = rule.get('source_group_id')
remote_group_id = rule.get('remote_group_id')
direction = rule.get('direction')
direction_ip_prefix = DIRECTION_IP_PREFIX[direction]
if not source_group_id:
if not remote_group_id:
updated_rule.append(rule)
continue
port['security_group_source_groups'].append(source_group_id)
port['security_group_source_groups'].append(remote_group_id)
base_rule = rule
for ip in ips[source_group_id]:
for ip in ips[remote_group_id]:
if ip in port.get('fixed_ips', []):
continue
ip_rule = base_rule.copy()
@ -290,12 +290,13 @@ class SecurityGroupServerRpcCallbackMixin(object):
'ethertype': rule_in_db['ethertype'],
}
for key in ('protocol', 'port_range_min', 'port_range_max',
'source_ip_prefix', 'source_group_id'):
'remote_ip_prefix', 'remote_group_id'):
if rule_in_db.get(key):
if key == 'source_ip_prefix' and direction == 'egress':
rule_dict['dest_ip_prefix'] = rule_in_db[key]
if key == 'remote_ip_prefix':
direction_ip_prefix = DIRECTION_IP_PREFIX[direction]
rule_dict[direction_ip_prefix] = rule_in_db[key]
continue
rule_dict[key] = rule_in_db[key]
port['security_group_rules'].append(rule_dict)
self._apply_provider_rule(context, ports)
return self._convert_source_group_id_to_ip_prefix(context, ports)
return self._convert_remote_group_id_to_ip_prefix(context, ports)

12
quantum/extensions/securitygroup.py
View File

@ -61,8 +61,8 @@ class SecurityGroupRulesNotSingleTenant(qexception.InvalidInput):
" not allowed")
class SecurityGroupSourceGroupAndIpPrefix(qexception.InvalidInput):
message = _("Only source_ip_prefix or source_group_id may "
class SecurityGroupRemoteGroupAndRemoteIpPrefix(qexception.InvalidInput):
message = _("Only remote_ip_prefix or remote_group_id may "
"be provided.")
@ -75,10 +75,6 @@ class SecurityGroupNotSingleGroupRules(qexception.InvalidInput):
"one security profile at a time")
class SecurityGroupSourceGroupNotFound(qexception.NotFound):
message = _("Source group id %(id)s does not exist")
class SecurityGroupNotFound(qexception.NotFound):
message = _("Security group %(id)s does not exist")
@ -171,7 +167,7 @@ RESOURCE_ATTRIBUTE_MAP = {
'primary_key': True},
'security_group_id': {'allow_post': True, 'allow_put': False,
'is_visible': True, 'required_by_policy': True},
'source_group_id': {'allow_post': True, 'allow_put': False,
'remote_group_id': {'allow_post': True, 'allow_put': False,
'default': None, 'is_visible': True},
'direction': {'allow_post': True, 'allow_put': True,
'is_visible': True,
@ -190,7 +186,7 @@ RESOURCE_ATTRIBUTE_MAP = {
'is_visible': True, 'default': 'IPv4',
'convert_to': convert_ethertype_to_case_insensitive,
'validate': {'type:values': sg_supported_ethertypes}},
'source_ip_prefix': {'allow_post': True, 'allow_put': False,
'remote_ip_prefix': {'allow_post': True, 'allow_put': False,
'default': None, 'is_visible': True},
'tenant_id': {'allow_post': True, 'allow_put': False,
'required_by_policy': True,

12
quantum/plugins/midonet/midonet_lib.py
View File

@ -220,8 +220,8 @@ class RuleManager:
rule_id = rule['id']
ethertype = rule['ethertype']
security_group_id = rule['security_group_id']
source_group_id = rule['source_group_id']
source_ip_prefix = rule['source_ip_prefix'] # watch out. not validated
remote_group_id = rule['remote_group_id']
remote_ip_prefix = rule['remote_ip_prefix'] # watch out. not validated
tenant_id = rule['tenant_id']
port_range_min = rule['port_range_min']
external_id = rule['external_id']
@ -234,10 +234,10 @@ class RuleManager:
port_group_id = None
# handle source
if not source_ip_prefix is None:
nw_src_address, nw_src_length = source_ip_prefix.split('/')
elif not source_group_id is None: # security group as a srouce
source_pg = self.pg_manager.get_for_sg(tenant_id, source_group_id)
if not remote_ip_prefix is None:
nw_src_address, nw_src_length = remote_ip_prefix.split('/')
elif not remote_group_id is None: # security group as a srouce
source_pg = self.pg_manager.get_for_sg(tenant_id, remote_group_id)
port_group_id = source_pg.get_id()
else:
raise Exception(_("Don't know what to do with rule=%r"), rule)

24
quantum/plugins/nicira/nicira_nvp_plugin/common/securitygroups.py
View File

@ -28,8 +28,8 @@ class NVPSecurityGroups(object):
def _convert_to_nvp_rule(self, rule, with_id=False):
"""Converts Quantum API security group rule to NVP API."""
nvp_rule = {}
params = ['source_ip_prefix', 'protocol',
'source_group_id', 'port_range_min',
params = ['remote_ip_prefix', 'protocol',
'remote_group_id', 'port_range_min',
'port_range_max', 'ethertype']
if with_id:
params.append('id')
@ -40,10 +40,10 @@ class NVPSecurityGroups(object):
nvp_rule[param] = value
elif not value:
pass
elif param == 'source_ip_prefix':
nvp_rule['ip_prefix'] = rule['source_ip_prefix']
elif param == 'source_group_id':
nvp_rule['profile_uuid'] = rule['source_group_id']
elif param == 'remote_ip_prefix':
nvp_rule['ip_prefix'] = rule['remote_ip_prefix']
elif param == 'remote_group_id':
nvp_rule['profile_uuid'] = rule['remote_group_id']
elif param == 'protocol':
nvp_rule['protocol'] = protocol_num_look_up[rule['protocol']]
else:
@ -65,7 +65,7 @@ class NVPSecurityGroups(object):
with_id=False):
"""Query quantum db for security group rules.
"""
fields = ['source_ip_prefix', 'source_group_id', 'protocol',
fields = ['remote_ip_prefix', 'remote_group_id', 'protocol',
'port_range_min', 'port_range_max', 'protocol', 'ethertype']
if with_id:
fields.append('id')
@ -80,11 +80,11 @@ class NVPSecurityGroups(object):
'logical_port_egress_rules': ingress_rules}
return self._convert_to_nvp_rules(rules, with_id)
def _get_profile_uuid(self, context, source_group_id):
def _get_profile_uuid(self, context, remote_group_id):
"""Return profile id from novas group id. """
security_group = self.get_security_group(context, source_group_id)
security_group = self.get_security_group(context, remote_group_id)
if not security_group:
raise ext_sg.SecurityGroupNotFound(id=source_group_id)
raise ext_sg.SecurityGroupNotFound(id=remote_group_id)
return security_group['id']
def _merge_security_group_rules_with_current(self, context, new_rules,
@ -95,8 +95,8 @@ class NVPSecurityGroups(object):
rule = new_rule['security_group_rule']
rule['security_group_id'] = security_group_id
if rule.get('souce_group_id'):
rule['source_group_id'] = self._get_profile_uuid(
context, rule['source_group_id'])
rule['remote_group_id'] = self._get_profile_uuid(
context, rule['remote_group_id'])
if rule['direction'] == 'ingress':
merged_rules['logical_port_egress_rules'].append(
self._convert_to_nvp_rule(rule))

2
quantum/tests/unit/midonet/test_midonet_lib.py
View File

@ -194,7 +194,7 @@ class MidonetRuleManagerTestCase(MidonetLibTestCase):
return {"tenant_id": tenant_id, "security_group_id": sg_id,
"rule_id": rule_id, "direction": direction,
"protocol": protocol,
"source_ip_prefix": src_ip, "source_group_id": src_group_id,
"remote_ip_prefix": src_ip, "remote_group_id": src_group_id,
"port_range_min": port_min, "port_range_max": port_max,
"ethertype": ethertype, "id": rule_id, "external_id": None}

88
quantum/tests/unit/test_extension_security_group.py
View File

@ -68,7 +68,7 @@ class SecurityGroupsTestCase(test_db_plugin.QuantumDbPluginV2TestCase):
def _build_security_group_rule(self, security_group_id, direction,
protocol, port_range_min, port_range_max,
source_ip_prefix=None, source_group_id=None,
remote_ip_prefix=None, remote_group_id=None,
tenant_id='test_tenant',
ethertype='IPv4'):
@ -80,11 +80,11 @@ class SecurityGroupsTestCase(test_db_plugin.QuantumDbPluginV2TestCase):
'port_range_max': port_range_max,
'tenant_id': tenant_id,
'ethertype': ethertype}}
if source_ip_prefix:
data['security_group_rule']['source_ip_prefix'] = source_ip_prefix
if remote_ip_prefix:
data['security_group_rule']['remote_ip_prefix'] = remote_ip_prefix
if source_group_id:
data['security_group_rule']['source_group_id'] = source_group_id
if remote_group_id:
data['security_group_rule']['remote_group_id'] = remote_group_id
return data
@ -129,7 +129,7 @@ class SecurityGroupsTestCase(test_db_plugin.QuantumDbPluginV2TestCase):
'd1db38eb087',
direction='ingress', protocol='tcp',
port_range_min='22', port_range_max='22',
source_ip_prefix=None, source_group_id=None,
remote_ip_prefix=None, remote_group_id=None,
fmt=None, no_delete=False, ethertype='IPv4'):
if not fmt:
fmt = self.fmt
@ -137,8 +137,8 @@ class SecurityGroupsTestCase(test_db_plugin.QuantumDbPluginV2TestCase):
direction,
protocol, port_range_min,
port_range_max,
source_ip_prefix,
source_group_id,
remote_ip_prefix,
remote_group_id,
ethertype=ethertype)
security_group_rule = self._make_security_group_rule(self.fmt, rule)
try:
@ -327,7 +327,7 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
with self.security_group(name, description) as sg:
security_group_id = sg['security_group']['id']
direction = "ingress"
source_ip_prefix = "10.0.0.0/24"
remote_ip_prefix = "10.0.0.0/24"
protocol = 'TCP'
port_range_min = 22
port_range_max = 22
@ -335,7 +335,7 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
with self.security_group_rule(security_group_id, direction,
protocol, port_range_min,
port_range_max,
source_ip_prefix,
remote_ip_prefix,
ethertype=ethertype) as rule:
# the lower case value will be return
@ -348,15 +348,15 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
name = 'webservers'
description = 'my webservers'
with self.security_group(name, description) as sg:
source_group_id = sg['security_group']['id']
res = self.new_show_request('security-groups', source_group_id)
remote_group_id = sg['security_group']['id']
res = self.new_show_request('security-groups', remote_group_id)
security_group_id = sg['security_group']['id']
direction = "ingress"
source_ip_prefix = "10.0.0.0/24"
remote_ip_prefix = "10.0.0.0/24"
protocol = 'tcp'
port_range_min = 22
port_range_max = 22
keys = [('source_ip_prefix', source_ip_prefix),
keys = [('remote_ip_prefix', remote_ip_prefix),
('security_group_id', security_group_id),
('direction', direction),
('protocol', protocol),
@ -365,13 +365,13 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
with self.security_group_rule(security_group_id, direction,
protocol, port_range_min,
port_range_max,
source_ip_prefix):
remote_ip_prefix):
group = self.deserialize(
self.fmt, res.get_response(self.ext_api))
sg_rule = group['security_group']['security_group_rules']
self.assertEqual(group['security_group']['id'],
source_group_id)
remote_group_id)
self.assertEqual(len(sg_rule), 1)
for k, v, in keys:
self.assertEqual(sg_rule[0][k], v)
@ -380,8 +380,8 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
name = 'webservers'
description = 'my webservers'
with self.security_group(name, description, no_delete=True) as sg:
source_group_id = sg['security_group']['id']
self._delete('security-groups', source_group_id, 204)
remote_group_id = sg['security_group']['id']
self._delete('security-groups', remote_group_id, 204)
def test_delete_default_security_group_fail(self):
with self.network():
@ -405,17 +405,17 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
self.assertEqual(rule['port_range_min'], None)
self.assertEqual(rule['protocol'], None)
def test_create_security_group_rule_source_ip_prefix(self):
def test_create_security_group_rule_remote_ip_prefix(self):
name = 'webservers'
description = 'my webservers'
with self.security_group(name, description) as sg:
security_group_id = sg['security_group']['id']
direction = "ingress"
source_ip_prefix = "10.0.0.0/24"
remote_ip_prefix = "10.0.0.0/24"
protocol = 'tcp'
port_range_min = 22
port_range_max = 22
keys = [('source_ip_prefix', source_ip_prefix),
keys = [('remote_ip_prefix', remote_ip_prefix),
('security_group_id', security_group_id),
('direction', direction),
('protocol', protocol),
@ -424,7 +424,7 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
with self.security_group_rule(security_group_id, direction,
protocol, port_range_min,
port_range_max,
source_ip_prefix) as rule:
remote_ip_prefix) as rule:
for k, v, in keys:
self.assertEqual(rule['security_group_rule'][k], v)
@ -435,11 +435,11 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
with self.security_group(name, description) as sg2:
security_group_id = sg['security_group']['id']
direction = "ingress"
source_group_id = sg2['security_group']['id']
remote_group_id = sg2['security_group']['id']
protocol = 'tcp'
port_range_min = 22
port_range_max = 22
keys = [('source_group_id', source_group_id),
keys = [('remote_group_id', remote_group_id),
('security_group_id', security_group_id),
('direction', direction),
('protocol', protocol),
@ -448,7 +448,7 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
with self.security_group_rule(security_group_id, direction,
protocol, port_range_min,
port_range_max,
source_group_id=source_group_id
remote_group_id=remote_group_id
) as rule:
for k, v, in keys:
self.assertEqual(rule['security_group_rule'][k], v)
@ -456,16 +456,16 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
def test_create_security_group_source_group_ip_and_ip_prefix(self):
security_group_id = "4cd70774-cc67-4a87-9b39-7d1db38eb087"
direction = "ingress"
source_ip_prefix = "10.0.0.0/24"
remote_ip_prefix = "10.0.0.0/24"
protocol = 'tcp'
port_range_min = 22
port_range_max = 22
source_group_id = "9cd70774-cc67-4a87-9b39-7d1db38eb087"
remote_group_id = "9cd70774-cc67-4a87-9b39-7d1db38eb087"
rule = self._build_security_group_rule(security_group_id, direction,
protocol, port_range_min,
port_range_max,
source_ip_prefix,
source_group_id)
remote_ip_prefix,
remote_group_id)
res = self._create_security_group_rule(self.fmt, rule)
self.deserialize(self.fmt, res)
self.assertEqual(res.status_int, 400)
@ -473,14 +473,14 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
def test_create_security_group_rule_bad_security_group_id(self):
security_group_id = "4cd70774-cc67-4a87-9b39-7d1db38eb087"
direction = "ingress"
source_ip_prefix = "10.0.0.0/24"
remote_ip_prefix = "10.0.0.0/24"
protocol = 'tcp'
port_range_min = 22
port_range_max = 22
rule = self._build_security_group_rule(security_group_id, direction,
protocol, port_range_min,
port_range_max,
source_ip_prefix)
remote_ip_prefix)
res = self._create_security_group_rule(self.fmt, rule)
self.deserialize(self.fmt, res)
self.assertEqual(res.status_int, 404)
@ -499,7 +499,7 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
self.deserialize(self.fmt, res)
self.assertEqual(res.status_int, 404)
def test_create_security_group_rule_bad_tenant_source_group_id(self):
def test_create_security_group_rule_bad_tenant_remote_group_id(self):
with self.security_group() as sg:
res = self._create_security_group(self.fmt, 'webservers',
'webservers',
@ -512,7 +512,7 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
'port_range_min': '22',
'port_range_max': '22',
'tenant_id': 'bad_tenant',
'source_group_id': sg['security_group']['id']}}
'remote_group_id': sg['security_group']['id']}}
res = self._create_security_group_rule(self.fmt, rule,
tenant_id='bad_tenant',
@ -540,12 +540,12 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
self.deserialize(self.fmt, res)
self.assertEqual(res.status_int, 404)
def test_create_security_group_rule_bad_source_group_id(self):
def test_create_security_group_rule_bad_remote_group_id(self):
name = 'webservers'
description = 'my webservers'
with self.security_group(name, description) as sg:
security_group_id = sg['security_group']['id']
source_group_id = "4cd70774-cc67-4a87-9b39-7d1db38eb087"
remote_group_id = "4cd70774-cc67-4a87-9b39-7d1db38eb087"
direction = "ingress"
protocol = 'tcp'
port_range_min = 22
@ -553,7 +553,7 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
rule = self._build_security_group_rule(security_group_id, direction,
protocol, port_range_min,
port_range_max,
source_group_id=source_group_id)
remote_group_id=remote_group_id)
res = self._create_security_group_rule(self.fmt, rule)
self.deserialize(self.fmt, res)
self.assertEqual(res.status_int, 404)
@ -941,16 +941,16 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
def test_create_security_group_rule_with_invalid_ethertype(self):
security_group_id = "4cd70774-cc67-4a87-9b39-7d1db38eb087"
direction = "ingress"
source_ip_prefix = "10.0.0.0/24"
remote_ip_prefix = "10.0.0.0/24"
protocol = 'tcp'
port_range_min = 22
port_range_max = 22
source_group_id = "9cd70774-cc67-4a87-9b39-7d1db38eb087"
remote_group_id = "9cd70774-cc67-4a87-9b39-7d1db38eb087"
rule = self._build_security_group_rule(security_group_id, direction,
protocol, port_range_min,
port_range_max,
source_ip_prefix,
source_group_id,
remote_ip_prefix,
remote_group_id,
ethertype='IPv5')
res = self._create_security_group_rule(self.fmt, rule)
self.deserialize(self.fmt, res)
@ -959,16 +959,16 @@ class TestSecurityGroups(SecurityGroupDBTestCase):
def test_create_security_group_rule_with_invalid_protocol(self):
security_group_id = "4cd70774-cc67-4a87-9b39-7d1db38eb087"
direction = "ingress"
source_ip_prefix = "10.0.0.0/24"
remote_ip_prefix = "10.0.0.0/24"
protocol = 'tcp/ip'
port_range_min = 22
port_range_max = 22
source_group_id = "9cd70774-cc67-4a87-9b39-7d1db38eb087"
remote_group_id = "9cd70774-cc67-4a87-9b39-7d1db38eb087"
rule = self._build_security_group_rule(security_group_id, direction,
protocol, port_range_min,
port_range_max,
source_ip_prefix,
source_group_id)
remote_ip_prefix,
remote_group_id)
res = self._create_security_group_rule(self.fmt, rule)
self.deserialize(self.fmt, res)
self.assertEqual(res.status_int, 400)

14
quantum/tests/unit/test_security_groups_rpc.py
View File

@ -161,7 +161,7 @@ class SGServerRpcCallBackMixinTestCase(test_sg.SecurityGroupDBTestCase):
rule1 = self._build_security_group_rule(
sg1_id,
'ingress', 'tcp', '24',
'25', source_group_id=sg2['security_group']['id'])
'25', remote_group_id=sg2['security_group']['id'])
rules = {
'security_group_rules': [rule1['security_group_rule']]}
res = self._create_security_group_rule(self.fmt, rules)
@ -190,7 +190,7 @@ class SGServerRpcCallBackMixinTestCase(test_sg.SecurityGroupDBTestCase):
'source_ip_prefix': u'10.0.0.3/32',
'protocol': u'tcp', 'ethertype': u'IPv4',
'port_range_max': 25, 'port_range_min': 24,
'source_group_id': sg2_id,
'remote_group_id': sg2_id,
'security_group_id': sg1_id},
{'ethertype': 'IPv4', 'direction': 'egress'},
]
@ -324,7 +324,7 @@ class SGServerRpcCallBackMixinTestCase(test_sg.SecurityGroupDBTestCase):
'ingress', 'tcp', '24',
'25',
ethertype='IPv6',
source_group_id=sg2['security_group']['id'])
remote_group_id=sg2['security_group']['id'])
rules = {
'security_group_rules': [rule1['security_group_rule']]}
res = self._create_security_group_rule(self.fmt, rules)
@ -356,7 +356,7 @@ class SGServerRpcCallBackMixinTestCase(test_sg.SecurityGroupDBTestCase):
'source_ip_prefix': 'fe80::3/128',
'protocol': 'tcp', 'ethertype': 'IPv6',
'port_range_max': 25, 'port_range_min': 24,
'source_group_id': sg2_id,
'remote_group_id': sg2_id,
'security_group_id': sg1_id},
{'ethertype': 'IPv6', 'direction': 'egress'},
]
@ -414,7 +414,7 @@ class SecurityGroupAgentRpcTestCase(testtools.TestCase):
'security_group_source_groups': ['fake_sgid2'],
'security_group_rules': [{'security_group_id':
'fake_sgid1',
'source_group_id':
'remote_group_id':
'fake_sgid2'}]}
fake_devices = {'fake_device': self.fake_device}
self.firewall.ports = fake_devices
@ -1126,14 +1126,14 @@ class SGNotificationTestMixin():
with self.security_group(name, description) as sg2:
security_group_id = sg['security_group']['id']
direction = "ingress"
source_group_id = sg2['security_group']['id']
remote_group_id = sg2['security_group']['id']
protocol = 'tcp'
port_range_min = 88
port_range_max = 88
with self.security_group_rule(security_group_id, direction,
protocol, port_range_min,
port_range_max,
source_group_id=source_group_id
remote_group_id=remote_group_id
):
pass
self.notifier.assert_has_calls(