fixtures: Add support for security groups
We're going to want to use this for realistic API samples. The samples we're using here were taken from a DevStack deployment based on pre-RC1 Train code so they should be fairly reflective of what you'd see in a real deployment. Note that this effectively undoes a lot of the changes first introduced in Ibbee7fd11c1aa254e399d302adbae69126e98262, particularly around the responses for instances in a down cell, where we previously changed things so a 'security_groups' field was present in the response. This is okay since we're not creating interfaces and therefore don't expect to have security groups present. Change-Id: I3c94b61fc323fefbd1c8790c4a2f60cada29e86f Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
This commit is contained in:
parent
b96b385a34
commit
ce84c7d014
|
@ -5,11 +5,6 @@
|
||||||
"id": "b6b0410f-b65f-4473-855e-5d82a71759e0",
|
"id": "b6b0410f-b65f-4473-855e-5d82a71759e0",
|
||||||
"status": "UNKNOWN",
|
"status": "UNKNOWN",
|
||||||
"tenant_id": "6f70656e737461636b20342065766572",
|
"tenant_id": "6f70656e737461636b20342065766572",
|
||||||
"security_groups": [
|
|
||||||
{
|
|
||||||
"name": "default"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"links": [
|
"links": [
|
||||||
{
|
{
|
||||||
"href": "http://openstack.example.com/v2.1/6f70656e737461636b20342065766572/servers/b6b0410f-b65f-4473-855e-5d82a71759e0",
|
"href": "http://openstack.example.com/v2.1/6f70656e737461636b20342065766572/servers/b6b0410f-b65f-4473-855e-5d82a71759e0",
|
||||||
|
|
|
@ -1246,7 +1246,7 @@ class NeutronFixture(fixtures.Fixture):
|
||||||
'availability_zones': [
|
'availability_zones': [
|
||||||
'nova'
|
'nova'
|
||||||
],
|
],
|
||||||
'port_security_enabled': False,
|
'port_security_enabled': True,
|
||||||
'ipv4_address_scope': None,
|
'ipv4_address_scope': None,
|
||||||
'ipv6_address_scope': None,
|
'ipv6_address_scope': None,
|
||||||
'provider:network_type': 'vxlan',
|
'provider:network_type': 'vxlan',
|
||||||
|
@ -1254,6 +1254,77 @@ class NeutronFixture(fixtures.Fixture):
|
||||||
'provider:segmentation_id': 24,
|
'provider:segmentation_id': 24,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
security_group = {
|
||||||
|
'id': 'aec9df91-db1f-4e04-8ac6-e761d8461c53',
|
||||||
|
'name': 'default',
|
||||||
|
'description': 'Default security group',
|
||||||
|
'tenant_id': tenant_id,
|
||||||
|
'project_id': tenant_id,
|
||||||
|
'security_group_rules': [], # setup later
|
||||||
|
}
|
||||||
|
security_group_rule_ip4_ingress = {
|
||||||
|
'id': 'e62268aa-1a17-4ff4-ae77-ab348bfe13a7',
|
||||||
|
'description': None,
|
||||||
|
'direction': 'ingress',
|
||||||
|
'ethertype': 'IPv4',
|
||||||
|
'protocol': None,
|
||||||
|
'port_range_min': None,
|
||||||
|
'port_range_max': None,
|
||||||
|
'remote_group_id': 'aec9df91-db1f-4e04-8ac6-e761d8461c53',
|
||||||
|
'remote_ip_prefix': None,
|
||||||
|
'security_group_id': 'aec9df91-db1f-4e04-8ac6-e761d8461c53',
|
||||||
|
'tenant_id': tenant_id,
|
||||||
|
'project_id': tenant_id,
|
||||||
|
}
|
||||||
|
security_group_rule_ip4_egress = {
|
||||||
|
'id': 'adf54daf-2ff9-4462-a0b0-f226abd1db28',
|
||||||
|
'description': None,
|
||||||
|
'direction': 'egress',
|
||||||
|
'ethertype': 'IPv4',
|
||||||
|
'protocol': None,
|
||||||
|
'port_range_min': None,
|
||||||
|
'port_range_max': None,
|
||||||
|
'remote_group_id': None,
|
||||||
|
'remote_ip_prefix': None,
|
||||||
|
'security_group_id': 'aec9df91-db1f-4e04-8ac6-e761d8461c53',
|
||||||
|
'tenant_id': tenant_id,
|
||||||
|
'project_id': tenant_id,
|
||||||
|
}
|
||||||
|
security_group_rule_ip6_ingress = {
|
||||||
|
'id': 'c4194b5c-3b50-4d35-9247-7850766aee2b',
|
||||||
|
'description': None,
|
||||||
|
'direction': 'ingress',
|
||||||
|
'ethertype': 'IPv6',
|
||||||
|
'protocol': None,
|
||||||
|
'port_range_min': None,
|
||||||
|
'port_range_max': None,
|
||||||
|
'remote_group_id': 'aec9df91-db1f-4e04-8ac6-e761d8461c53',
|
||||||
|
'remote_ip_prefix': None,
|
||||||
|
'security_group_id': 'aec9df91-db1f-4e04-8ac6-e761d8461c53',
|
||||||
|
'tenant_id': tenant_id,
|
||||||
|
'project_id': tenant_id,
|
||||||
|
}
|
||||||
|
security_group_rule_ip6_egress = {
|
||||||
|
'id': '16ce6a83-a1db-4d66-a10d-9481d493b072',
|
||||||
|
'description': None,
|
||||||
|
'direction': 'egress',
|
||||||
|
'ethertype': 'IPv6',
|
||||||
|
'protocol': None,
|
||||||
|
'port_range_min': None,
|
||||||
|
'port_range_max': None,
|
||||||
|
'remote_group_id': None,
|
||||||
|
'remote_ip_prefix': None,
|
||||||
|
'security_group_id': 'aec9df91-db1f-4e04-8ac6-e761d8461c53',
|
||||||
|
'tenant_id': tenant_id,
|
||||||
|
'project_id': tenant_id,
|
||||||
|
}
|
||||||
|
security_group['security_group_rules'] = [
|
||||||
|
security_group_rule_ip4_ingress['id'],
|
||||||
|
security_group_rule_ip4_egress['id'],
|
||||||
|
security_group_rule_ip6_ingress['id'],
|
||||||
|
security_group_rule_ip6_egress['id'],
|
||||||
|
]
|
||||||
|
|
||||||
subnet_1 = {
|
subnet_1 = {
|
||||||
'id': 'f8a6e8f8-c2ec-497c-9f23-da9616de54ef',
|
'id': 'f8a6e8f8-c2ec-497c-9f23-da9616de54ef',
|
||||||
'name': 'private-subnet',
|
'name': 'private-subnet',
|
||||||
|
@ -1321,8 +1392,9 @@ class NeutronFixture(fixtures.Fixture):
|
||||||
'device_id': '',
|
'device_id': '',
|
||||||
'binding:vnic_type': 'normal',
|
'binding:vnic_type': 'normal',
|
||||||
'binding:vif_type': 'ovs',
|
'binding:vif_type': 'ovs',
|
||||||
'port_security_enabled': False,
|
'port_security_enabled': True,
|
||||||
'security_groups': [
|
'security_groups': [
|
||||||
|
security_group['id'],
|
||||||
],
|
],
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1345,8 +1417,9 @@ class NeutronFixture(fixtures.Fixture):
|
||||||
'device_id': '',
|
'device_id': '',
|
||||||
'binding:vnic_type': 'normal',
|
'binding:vnic_type': 'normal',
|
||||||
'binding:vif_type': 'ovs',
|
'binding:vif_type': 'ovs',
|
||||||
'port_security_enabled': False,
|
'port_security_enabled': True,
|
||||||
'security_groups': [
|
'security_groups': [
|
||||||
|
security_group['id'],
|
||||||
],
|
],
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1375,11 +1448,14 @@ class NeutronFixture(fixtures.Fixture):
|
||||||
orc.NET_BW_EGR_KILOBIT_PER_SEC: 1000},
|
orc.NET_BW_EGR_KILOBIT_PER_SEC: 1000},
|
||||||
"required": ["CUSTOM_PHYSNET2", "CUSTOM_VNIC_TYPE_NORMAL"]
|
"required": ["CUSTOM_PHYSNET2", "CUSTOM_VNIC_TYPE_NORMAL"]
|
||||||
},
|
},
|
||||||
'port_security_enabled': False,
|
'port_security_enabled': True,
|
||||||
'security_groups': [
|
'security_groups': [
|
||||||
|
security_group['id'],
|
||||||
],
|
],
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# network_2 does not have security groups enabled - that's okay since most
|
||||||
|
# of these ports are SR-IOV'y anyway
|
||||||
network_2 = {
|
network_2 = {
|
||||||
'id': '1b70879f-fd00-411e-8ea9-143e7820e61d',
|
'id': '1b70879f-fd00-411e-8ea9-143e7820e61d',
|
||||||
# TODO(stephenfin): This would be more useful name due to things like
|
# TODO(stephenfin): This would be more useful name due to things like
|
||||||
|
@ -1574,17 +1650,18 @@ class NeutronFixture(fixtures.Fixture):
|
||||||
copy.deepcopy(self.port_with_resource_request)
|
copy.deepcopy(self.port_with_resource_request)
|
||||||
}
|
}
|
||||||
|
|
||||||
# The fixture does not allow network update so we don't have to
|
# The fixture does not allow network, subnet or security group updates
|
||||||
# deepcopy here
|
# so we don't have to deepcopy here
|
||||||
self._networks = {
|
self._networks = {
|
||||||
self.network_1['id']: self.network_1
|
self.network_1['id']: self.network_1
|
||||||
}
|
}
|
||||||
# The fixture does not allow network update so we don't have to
|
|
||||||
# deepcopy here
|
|
||||||
self._subnets = {
|
self._subnets = {
|
||||||
self.subnet_1['id']: self.subnet_1,
|
self.subnet_1['id']: self.subnet_1,
|
||||||
self.subnet_ipv6_1['id']: self.subnet_ipv6_1,
|
self.subnet_ipv6_1['id']: self.subnet_ipv6_1,
|
||||||
}
|
}
|
||||||
|
self._security_groups = {
|
||||||
|
self.security_group['id']: self.security_group,
|
||||||
|
}
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(NeutronFixture, self).setUp()
|
super(NeutronFixture, self).setUp()
|
||||||
|
@ -1603,12 +1680,6 @@ class NeutronFixture(fixtures.Fixture):
|
||||||
'nova.network.neutronv2.api.API.remove_fixed_ip_from_instance',
|
'nova.network.neutronv2.api.API.remove_fixed_ip_from_instance',
|
||||||
lambda *args, **kwargs: network_model.NetworkInfo.hydrate(
|
lambda *args, **kwargs: network_model.NetworkInfo.hydrate(
|
||||||
self.nw_info))
|
self.nw_info))
|
||||||
# TODO(stephenfin): This is a rubbish mock. We should instead mock the
|
|
||||||
# methods for the neutron client, like 'list_security_groups'
|
|
||||||
self.test.stub_out(
|
|
||||||
'nova.network.security_group.neutron_driver.SecurityGroupAPI.'
|
|
||||||
'get_instances_security_groups_bindings',
|
|
||||||
self.fake_get_instance_security_group_bindings)
|
|
||||||
|
|
||||||
# Stub out port binding APIs which go through a KSA client Adapter
|
# Stub out port binding APIs which go through a KSA client Adapter
|
||||||
# rather than python-neutronclient.
|
# rather than python-neutronclient.
|
||||||
|
@ -1715,6 +1786,10 @@ class NeutronFixture(fixtures.Fixture):
|
||||||
def list_floatingips(self, retrieve_all=True, **_params):
|
def list_floatingips(self, retrieve_all=True, **_params):
|
||||||
return {'floatingips': []}
|
return {'floatingips': []}
|
||||||
|
|
||||||
|
def list_security_groups(self, retrieve_all=True, **_params):
|
||||||
|
return {'security_groups': self._list_resource(
|
||||||
|
self._security_groups, retrieve_all, **_params)}
|
||||||
|
|
||||||
def create_port(self, body=None):
|
def create_port(self, body=None):
|
||||||
body = body or {'port': {}}
|
body = body or {'port': {}}
|
||||||
# Note(gibi): Some of the test expects that a pre-defined port is
|
# Note(gibi): Some of the test expects that a pre-defined port is
|
||||||
|
|
|
@ -5,11 +5,6 @@
|
||||||
"id": "%(uuid)s",
|
"id": "%(uuid)s",
|
||||||
"status": "UNKNOWN",
|
"status": "UNKNOWN",
|
||||||
"tenant_id": "6f70656e737461636b20342065766572",
|
"tenant_id": "6f70656e737461636b20342065766572",
|
||||||
"security_groups": [
|
|
||||||
{
|
|
||||||
"name": "default"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"links": [
|
"links": [
|
||||||
{
|
{
|
||||||
"href": "%(versioned_compute_endpoint)s/servers/%(uuid)s",
|
"href": "%(versioned_compute_endpoint)s/servers/%(uuid)s",
|
||||||
|
|
|
@ -1261,9 +1261,11 @@ class ServerTestV269(ServersTestBase):
|
||||||
# server is in the down cell.
|
# server is in the down cell.
|
||||||
self.assertEqual('UNKNOWN', server['status'])
|
self.assertEqual('UNKNOWN', server['status'])
|
||||||
self.assertIn(server['id'], self.down_cell_insts)
|
self.assertIn(server['id'], self.down_cell_insts)
|
||||||
# the partial construct will have only 6 keys:
|
# the partial construct will only have 5 keys: created,
|
||||||
# created, tenant_id, security_groups, status, id and links.
|
# tenant_id, status, id and links. security_groups should be
|
||||||
self.assertEqual(6, len(server))
|
# present too but isn't since we haven't created a network
|
||||||
|
# interface
|
||||||
|
self.assertEqual(5, len(server))
|
||||||
else:
|
else:
|
||||||
# server in up cell
|
# server in up cell
|
||||||
self.assertIn(server['id'], self.up_cell_insts)
|
self.assertIn(server['id'], self.up_cell_insts)
|
||||||
|
@ -1366,9 +1368,11 @@ class ServerTestV269(ServersTestBase):
|
||||||
self.assertEqual('UNKNOWN', server['status'])
|
self.assertEqual('UNKNOWN', server['status'])
|
||||||
if server['tenant_id'] != 'faker':
|
if server['tenant_id'] != 'faker':
|
||||||
self.assertIn(server['id'], self.down_cell_insts)
|
self.assertIn(server['id'], self.down_cell_insts)
|
||||||
# the partial construct will have only 5 keys:
|
# the partial construct will only have 5 keys: created,
|
||||||
# created, tenant_id, security_groups, status, id and links
|
# tenant_id, status, id and links. security_groups should be
|
||||||
self.assertEqual(6, len(server))
|
# present too but isn't since we haven't created a network
|
||||||
|
# interface
|
||||||
|
self.assertEqual(5, len(server))
|
||||||
else:
|
else:
|
||||||
# server in up cell
|
# server in up cell
|
||||||
if server['tenant_id'] != 'faker':
|
if server['tenant_id'] != 'faker':
|
||||||
|
|
Loading…
Reference in New Issue