OSC: Remove FWAAS V2 calls to neutronclient

Bump SDK min version to 1.5.0.

Depends-On: https://review.opendev.org/c/openstack/openstacksdk/+/883859
Related-Bug: #1999774
Change-Id: I1588ffa8035c2a4f558c6d3a630287542c718be4
This commit is contained in:
elajkat 2023-04-17 13:19:31 +02:00
parent d497615240
commit fccfe8c3e5
9 changed files with 525 additions and 513 deletions

View File

@ -32,6 +32,20 @@ _formatters = {
'admin_state_up': v2_utils.AdminStateColumn,
}
_attr_map_dict = {
'id': 'ID',
'name': 'Name',
'ingress_firewall_policy_id': 'Ingress Policy ID',
'egress_firewall_policy_id': 'Egress Policy ID',
'description': 'Description',
'status': 'Status',
'ports': 'Ports',
'admin_state_up': 'State',
'shared': 'Shared',
'tenant_id': 'Project',
'project_id': 'Project',
}
_attr_map = (
('id', 'ID', column_util.LIST_BOTH),
('name', 'Name', column_util.LIST_BOTH),
@ -103,7 +117,7 @@ def _get_common_parser(parser):
def _get_common_attrs(client_manager, parsed_args, is_create=True):
attrs = {}
client = client_manager.neutronclient
client = client_manager.network
if is_create:
if 'project' in parsed_args and parsed_args.project is not None:
@ -114,24 +128,20 @@ def _get_common_attrs(client_manager, parsed_args, is_create=True):
).id
if (parsed_args.ingress_firewall_policy and
parsed_args.no_ingress_firewall_policy):
attrs['ingress_firewall_policy_id'] = client.find_resource(
const.FWP, parsed_args.ingress_firewall_policy,
cmd_resource=const.CMD_FWP)['id']
attrs['ingress_firewall_policy_id'] = client.find_firewall_policy(
parsed_args.ingress_firewall_policy)['id']
elif parsed_args.ingress_firewall_policy:
attrs['ingress_firewall_policy_id'] = client.find_resource(
const.FWP, parsed_args.ingress_firewall_policy,
cmd_resource=const.CMD_FWP)['id']
attrs['ingress_firewall_policy_id'] = client.find_firewall_policy(
parsed_args.ingress_firewall_policy)['id']
elif parsed_args.no_ingress_firewall_policy:
attrs['ingress_firewall_policy_id'] = None
if (parsed_args.egress_firewall_policy and
parsed_args.no_egress_firewall_policy):
attrs['egress_firewall_policy_id'] = client.find_resource(
const.FWP, parsed_args.egress_firewall_policy,
cmd_resource=const.CMD_FWP)['id']
attrs['egress_firewall_policy_id'] = client.find_firewall_policy(
parsed_args.egress_firewall_policy)['id']
elif parsed_args.egress_firewall_policy:
attrs['egress_firewall_policy_id'] = client.find_resource(
const.FWP, parsed_args.egress_firewall_policy,
cmd_resource=const.CMD_FWP)['id']
attrs['egress_firewall_policy_id'] = client.find_firewall_policy(
parsed_args.egress_firewall_policy)['id']
elif parsed_args.no_egress_firewall_policy:
attrs['egress_firewall_policy_id'] = None
if parsed_args.share:
@ -147,16 +157,15 @@ def _get_common_attrs(client_manager, parsed_args, is_create=True):
if parsed_args.description:
attrs['description'] = str(parsed_args.description)
if parsed_args.port and parsed_args.no_port:
attrs['ports'] = sorted([client.find_resource(
'port', p)['id'] for p in set(parsed_args.port)])
attrs['ports'] = sorted([client.find_port(
p)['id'] for p in set(parsed_args.port)])
elif parsed_args.port:
ports = []
for p in set(parsed_args.port):
ports.append(client.find_resource('port', p)['id'])
ports.append(client.find_port(p)['id'])
if not is_create:
ports += client.find_resource(
const.FWG, parsed_args.firewall_group,
cmd_resource=const.CMD_FWG)['ports']
ports += client.find_firewall_group(
parsed_args.firewall_group)['ports']
attrs['ports'] = sorted(set(ports))
elif parsed_args.no_port:
attrs['ports'] = []
@ -185,11 +194,11 @@ class CreateFirewallGroup(command.ShowOne):
return parser
def take_action(self, parsed_args):
client = self.app.client_manager.neutronclient
client = self.app.client_manager.network
attrs = _get_common_attrs(self.app.client_manager, parsed_args)
obj = client.create_fwaas_firewall_group(
{const.FWG: attrs})[const.FWG]
columns, display_columns = column_util.get_columns(obj, _attr_map)
obj = client.create_firewall_group(**attrs)
display_columns, columns = utils.get_osc_show_columns_for_sdk_resource(
obj, _attr_map_dict, ['location', 'tenant_id'])
data = utils.get_dict_properties(obj, columns, formatters=_formatters)
return (display_columns, data)
@ -207,13 +216,12 @@ class DeleteFirewallGroup(command.Command):
return parser
def take_action(self, parsed_args):
client = self.app.client_manager.neutronclient
client = self.app.client_manager.network
result = 0
for fwg in parsed_args.firewall_group:
try:
fwg_id = client.find_resource(
const.FWG, fwg, cmd_resource=const.CMD_FWG)['id']
client.delete_fwaas_firewall_group(fwg_id)
fwg_id = client.find_firewall_group(fwg)['id']
client.delete_firewall_group(fwg_id)
except Exception as e:
result += 1
LOG.error(_("Failed to delete firewall group with "
@ -240,8 +248,8 @@ class ListFirewallGroup(command.Lister):
return parser
def take_action(self, parsed_args):
client = self.app.client_manager.neutronclient
obj = client.list_fwaas_firewall_groups()[const.FWGS]
client = self.app.client_manager.network
obj = client.firewall_groups()
headers, columns = column_util.get_column_definitions(
_attr_map, long_listing=parsed_args.long)
return (headers, (utils.get_dict_properties(
@ -272,13 +280,12 @@ class SetFirewallGroup(command.Command):
return parser
def take_action(self, parsed_args):
client = self.app.client_manager.neutronclient
fwg_id = client.find_resource(const.FWG, parsed_args.firewall_group,
cmd_resource=const.CMD_FWG)['id']
client = self.app.client_manager.network
fwg_id = client.find_firewall_group(parsed_args.firewall_group)['id']
attrs = _get_common_attrs(self.app.client_manager, parsed_args,
is_create=False)
try:
client.update_fwaas_firewall_group(fwg_id, {const.FWG: attrs})
client.update_firewall_group(fwg_id, **attrs)
except Exception as e:
msg = (_("Failed to set firewall group '%(group)s': %(e)s")
% {'group': parsed_args.firewall_group, 'e': e})
@ -297,11 +304,11 @@ class ShowFirewallGroup(command.ShowOne):
return parser
def take_action(self, parsed_args):
client = self.app.client_manager.neutronclient
fwg_id = client.find_resource(const.FWG, parsed_args.firewall_group,
cmd_resource=const.CMD_FWG)['id']
obj = client.show_fwaas_firewall_group(fwg_id)[const.FWG]
columns, display_columns = column_util.get_columns(obj, _attr_map)
client = self.app.client_manager.network
fwg_id = client.find_firewall_group(parsed_args.firewall_group)['id']
obj = client.get_firewall_group(fwg_id)
display_columns, columns = utils.get_osc_show_columns_for_sdk_resource(
obj, _attr_map_dict, ['location', 'tenant_id'])
data = utils.get_dict_properties(obj, columns, formatters=_formatters)
return (display_columns, data)
@ -347,9 +354,8 @@ class UnsetFirewallGroup(command.Command):
help=_('Disable firewall group'))
return parser
def _get_attrs(self, client_manager, parsed_args):
def _get_attrs(self, client, parsed_args):
attrs = {}
client = client_manager.neutronclient
if parsed_args.ingress_firewall_policy:
attrs['ingress_firewall_policy_id'] = None
if parsed_args.egress_firewall_policy:
@ -359,23 +365,20 @@ class UnsetFirewallGroup(command.Command):
if parsed_args.enable:
attrs['admin_state_up'] = False
if parsed_args.port:
old = client.find_resource(
const.FWG, parsed_args.firewall_group,
cmd_resource=const.CMD_FWG)['ports']
new = [client.find_resource(
'port', r)['id'] for r in parsed_args.port]
old = client.find_firewall_group(
parsed_args.firewall_group)['ports']
new = [client.find_port(r)['id'] for r in parsed_args.port]
attrs['ports'] = sorted(list(set(old) - set(new)))
if parsed_args.all_port:
attrs['ports'] = []
return attrs
def take_action(self, parsed_args):
client = self.app.client_manager.neutronclient
fwg_id = client.find_resource(const.FWG, parsed_args.firewall_group,
cmd_resource=const.CMD_FWG)['id']
attrs = self._get_attrs(self.app.client_manager, parsed_args)
client = self.app.client_manager.network
fwg_id = client.find_firewall_group(parsed_args.firewall_group)['id']
attrs = self._get_attrs(client, parsed_args)
try:
client.update_fwaas_firewall_group(fwg_id, {const.FWG: attrs})
client.update_firewall_group(fwg_id, **attrs)
except Exception as e:
msg = (_("Failed to unset firewall group '%(group)s': %(e)s")
% {'group': parsed_args.firewall_group, 'e': e})

View File

@ -30,6 +30,18 @@ LOG = logging.getLogger(__name__)
_formatters = {}
_attr_map_dict = {
'id': 'ID',
'name': 'Name',
'description': 'Description',
'firewall_rules': 'Firewall Rules',
'audited': 'Audited',
'shared': 'Shared',
'tenant_id': 'Project',
'project_id': 'Project',
}
_attr_map = (
('id', 'ID', column_util.LIST_BOTH),
('name', 'Name', column_util.LIST_BOTH),
@ -43,7 +55,7 @@ _attr_map = (
def _get_common_attrs(client_manager, parsed_args, is_create=True):
attrs = {}
client = client_manager.neutronclient
client = client_manager.network
if is_create:
if 'project' in parsed_args and parsed_args.project is not None:
@ -55,18 +67,16 @@ def _get_common_attrs(client_manager, parsed_args, is_create=True):
if parsed_args.firewall_rule and parsed_args.no_firewall_rule:
_firewall_rules = []
for f in parsed_args.firewall_rule:
_firewall_rules.append(client.find_resource(
const.FWR, f, cmd_resource=const.CMD_FWR)['id'])
_firewall_rules.append(client.find_firewall_rule(f)['id'])
attrs[const.FWRS] = _firewall_rules
elif parsed_args.firewall_rule:
rules = []
if not is_create:
rules += client.find_resource(
const.FWP, parsed_args.firewall_policy,
cmd_resource=const.CMD_FWP)[const.FWRS]
foobar = client.find_firewall_policy(
parsed_args.firewall_policy)
rules += foobar[const.FWRS]
for f in parsed_args.firewall_rule:
rules.append(client.find_resource(
const.FWR, f, cmd_resource=const.CMD_FWR)['id'])
rules.append(client.find_firewall_rule(f)['id'])
attrs[const.FWRS] = rules
elif parsed_args.no_firewall_rule:
attrs[const.FWRS] = []
@ -137,11 +147,11 @@ class CreateFirewallPolicy(command.ShowOne):
return parser
def take_action(self, parsed_args):
client = self.app.client_manager.neutronclient
client = self.app.client_manager.network
attrs = _get_common_attrs(self.app.client_manager, parsed_args)
obj = client.create_fwaas_firewall_policy(
{const.FWP: attrs})[const.FWP]
columns, display_columns = column_util.get_columns(obj, _attr_map)
obj = client.create_firewall_policy(**attrs)
display_columns, columns = utils.get_osc_show_columns_for_sdk_resource(
obj, _attr_map_dict, ['location', 'tenant_id'])
data = utils.get_dict_properties(obj, columns, formatters=_formatters)
return (display_columns, data)
@ -159,13 +169,12 @@ class DeleteFirewallPolicy(command.Command):
return parser
def take_action(self, parsed_args):
client = self.app.client_manager.neutronclient
client = self.app.client_manager.network
result = 0
for fwp in parsed_args.firewall_policy:
try:
fwp_id = client.find_resource(
const.FWP, fwp, cmd_resource='fwaas_' + const.FWP)['id']
client.delete_fwaas_firewall_policy(fwp_id)
fwp_id = client.find_firewall_policy(fwp)['id']
client.delete_firewall_policy(fwp_id)
except Exception as e:
result += 1
LOG.error(_("Failed to delete Firewall policy with "
@ -205,31 +214,28 @@ class FirewallPolicyInsertRule(command.Command):
return parser
def args2body(self, parsed_args):
client = self.app.client_manager.neutronclient
client = self.app.client_manager.network
_rule_id = _get_required_firewall_rule(client, parsed_args)
_insert_before = ''
if 'insert_before' in parsed_args:
if parsed_args.insert_before:
_insert_before = client.find_resource(
const.FWR, parsed_args.insert_before,
cmd_resource=const.CMD_FWR)['id']
_insert_before = client.find_firewall_rule(
parsed_args.insert_before)['id']
_insert_after = ''
if 'insert_after' in parsed_args:
if parsed_args.insert_after:
_insert_after = client.find_resource(
const.FWR, parsed_args.insert_after,
cmd_resource=const.CMD_FWR)['id']
_insert_after = client.find_firewall_rule(
parsed_args.insert_after)['id']
return {'firewall_rule_id': _rule_id,
'insert_before': _insert_before,
'insert_after': _insert_after}
def take_action(self, parsed_args):
client = self.app.client_manager.neutronclient
policy_id = client.find_resource(
const.FWP, parsed_args.firewall_policy,
cmd_resource=const.CMD_FWP)['id']
client = self.app.client_manager.network
policy_id = client.find_firewall_policy(
parsed_args.firewall_policy)['id']
body = self.args2body(parsed_args)
client.insert_rule_fwaas_firewall_policy(policy_id, body)
client.insert_rule_into_policy(policy_id, body)
rule_id = body['firewall_rule_id']
policy = parsed_args.firewall_policy
print((_('Inserted firewall rule %(rule)s in firewall policy '
@ -253,13 +259,12 @@ class FirewallPolicyRemoveRule(command.Command):
return parser
def take_action(self, parsed_args):
client = self.app.client_manager.neutronclient
policy_id = client.find_resource(
const.FWP, parsed_args.firewall_policy,
cmd_resource=const.CMD_FWP)['id']
client = self.app.client_manager.network
policy_id = client.find_firewall_policy(
parsed_args.firewall_policy)['id']
fwr_id = _get_required_firewall_rule(client, parsed_args)
body = {'firewall_rule_id': fwr_id}
client.remove_rule_fwaas_firewall_policy(policy_id, body)
client.remove_rule_from_policy(policy_id, body)
rule_id = body['firewall_rule_id']
policy = parsed_args.firewall_policy
print((_('Removed firewall rule %(rule)s from firewall policy '
@ -281,8 +286,8 @@ class ListFirewallPolicy(command.Lister):
return parser
def take_action(self, parsed_args):
client = self.app.client_manager.neutronclient
obj = client.list_fwaas_firewall_policies()[const.FWPS]
client = self.app.client_manager.network
obj = client.firewall_policies()
headers, columns = column_util.get_column_definitions(
_attr_map, long_listing=parsed_args.long)
return (headers, (utils.get_dict_properties(
@ -315,14 +320,13 @@ class SetFirewallPolicy(command.Command):
return parser
def take_action(self, parsed_args):
client = self.app.client_manager.neutronclient
fwp_id = client.find_resource(
const.FWP, parsed_args.firewall_policy,
cmd_resource=const.CMD_FWP)['id']
client = self.app.client_manager.network
fwp_id = client.find_firewall_policy(
parsed_args.firewall_policy)['id']
attrs = _get_common_attrs(self.app.client_manager,
parsed_args, is_create=False)
try:
client.update_fwaas_firewall_policy(fwp_id, {const.FWP: attrs})
client.update_firewall_policy(fwp_id, **attrs)
except Exception as e:
msg = (_("Failed to set firewall policy '%(policy)s': %(e)s")
% {'policy': parsed_args.firewall_policy, 'e': e})
@ -341,12 +345,12 @@ class ShowFirewallPolicy(command.ShowOne):
return parser
def take_action(self, parsed_args):
client = self.app.client_manager.neutronclient
fwp_id = client.find_resource(const.FWP,
parsed_args.firewall_policy,
cmd_resource=const.CMD_FWP)['id']
obj = client.show_fwaas_firewall_policy(fwp_id)[const.FWP]
columns, display_columns = column_util.get_columns(obj, _attr_map)
client = self.app.client_manager.network
fwp_id = client.find_firewall_policy(
parsed_args.firewall_policy)['id']
obj = client.get_firewall_policy(fwp_id)
display_columns, columns = utils.get_osc_show_columns_for_sdk_resource(
obj, _attr_map_dict, ['location', 'tenant_id'])
data = utils.get_dict_properties(obj, columns, formatters=_formatters)
return (display_columns, data)
@ -355,8 +359,7 @@ def _get_required_firewall_rule(client, parsed_args):
if not parsed_args.firewall_rule:
msg = (_("Firewall rule (name or ID) is required."))
raise exceptions.CommandError(msg)
return client.find_resource(
const.FWR, parsed_args.firewall_rule, cmd_resource=const.CMD_FWR)['id']
return client.find_firewall_rule(parsed_args.firewall_rule)['id']
class UnsetFirewallPolicy(command.Command):
@ -392,16 +395,14 @@ class UnsetFirewallPolicy(command.Command):
def _get_attrs(self, client_manager, parsed_args):
attrs = {}
client = client_manager.neutronclient
client = client_manager.network
if parsed_args.firewall_rule:
current = client.find_resource(
const.FWP, parsed_args.firewall_policy,
cmd_resource=const.CMD_FWP)[const.FWRS]
current = client.find_firewall_policy(
parsed_args.firewall_policy)[const.FWRS]
removed = []
for f in set(parsed_args.firewall_rule):
removed.append(client.find_resource(
const.FWR, f, cmd_resource=const.CMD_FWR)['id'])
removed.append(client.find_firewall_rule(f)['id'])
attrs[const.FWRS] = [r for r in current if r not in removed]
if parsed_args.all_firewall_rule:
attrs[const.FWRS] = []
@ -412,13 +413,12 @@ class UnsetFirewallPolicy(command.Command):
return attrs
def take_action(self, parsed_args):
client = self.app.client_manager.neutronclient
fwp_id = client.find_resource(
const.FWP, parsed_args.firewall_policy,
cmd_resource=const.CMD_FWP)['id']
client = self.app.client_manager.network
fwp_id = client.find_firewall_policy(
parsed_args.firewall_policy)['id']
attrs = self._get_attrs(self.app.client_manager, parsed_args)
try:
client.update_fwaas_firewall_policy(fwp_id, {const.FWP: attrs})
client.update_firewall_policy(fwp_id, **attrs)
except Exception as e:
msg = (_("Failed to unset firewall policy '%(policy)s': %(e)s")
% {'policy': parsed_args.firewall_policy, 'e': e})

View File

@ -13,7 +13,6 @@
# License for the specific language governing permissions and limitations
# under the License.
#
import copy
import logging
from cliff import columns as cliff_columns
@ -31,12 +30,34 @@ from neutronclient.osc.v2.fwaas import constants as const
LOG = logging.getLogger(__name__)
_attr_map_dict = {
'id': 'ID',
'name': 'Name',
'enabled': 'Enabled',
'summary': 'Summary',
'description': 'Description',
'firewall_policy_id': 'Firewall Policy',
'ip_version': 'IP Version',
'action': 'Action',
'protocol': 'Protocol',
'source_ip_address': 'Source IP Address',
'source_port': 'Source Port',
'destination_ip_address': 'Destination IP Address',
'destination_port': 'Destination Port',
'shared': 'Shared',
'source_firewall_group_id': 'Source Firewall Group ID',
'destination_firewall_group_id': 'Destination Firewall Group ID',
'tenant_id': 'Project',
'project_id': 'Project',
}
_attr_map = (
('id', 'ID', column_util.LIST_BOTH),
('name', 'Name', column_util.LIST_BOTH),
('enabled', 'Enabled', column_util.LIST_BOTH),
('summary', 'Summary', column_util.LIST_SHORT_ONLY),
('description', 'Description', column_util.LIST_LONG_ONLY),
('firewall_policy_id', 'Firewall Policy', column_util.LIST_BOTH),
('ip_version', 'IP Version', column_util.LIST_LONG_ONLY),
('action', 'Action', column_util.LIST_LONG_ONLY),
('protocol', 'Protocol', column_util.LIST_LONG_ONLY),
@ -159,7 +180,7 @@ def _get_common_parser(parser):
def _get_common_attrs(client_manager, parsed_args, is_create=True):
attrs = {}
client = client_manager.neutronclient
client = client_manager.network
if is_create:
if 'project' in parsed_args and parsed_args.project is not None:
attrs['tenant_id'] = osc_utils.find_project(
@ -204,15 +225,13 @@ def _get_common_attrs(client_manager, parsed_args, is_create=True):
if parsed_args.no_share:
attrs['shared'] = False
if parsed_args.source_firewall_group:
attrs['source_firewall_group_id'] = client.find_resource(
const.FWG, parsed_args.source_firewall_group,
cmd_resource=const.CMD_FWG)['id']
attrs['source_firewall_group_id'] = client.find_firewall_group(
parsed_args.source_firewall_group)['id']
if parsed_args.no_source_firewall_group:
attrs['source_firewall_group_id'] = None
if parsed_args.destination_firewall_group:
attrs['destination_firewall_group_id'] = client.find_resource(
const.FWG, parsed_args.destination_firewall_group,
cmd_resource=const.CMD_FWG)['id']
attrs['destination_firewall_group_id'] = client.find_firewall_group(
parsed_args.destination_firewall_group)['id']
if parsed_args.no_destination_firewall_group:
attrs['destination_firewall_group_id'] = None
return attrs
@ -236,11 +255,11 @@ class CreateFirewallRule(command.ShowOne):
return parser
def take_action(self, parsed_args):
client = self.app.client_manager.neutronclient
client = self.app.client_manager.network
attrs = _get_common_attrs(self.app.client_manager, parsed_args)
obj = client.create_fwaas_firewall_rule(
{const.FWR: attrs})[const.FWR]
columns, display_columns = column_util.get_columns(obj, _attr_map)
obj = client.create_firewall_rule(**attrs)
display_columns, columns = utils.get_osc_show_columns_for_sdk_resource(
obj, _attr_map_dict, ['location', 'tenant_id'])
data = utils.get_dict_properties(obj, columns, formatters=_formatters)
return display_columns, data
@ -258,13 +277,12 @@ class DeleteFirewallRule(command.Command):
return parser
def take_action(self, parsed_args):
client = self.app.client_manager.neutronclient
client = self.app.client_manager.network
result = 0
for fwr in parsed_args.firewall_rule:
try:
fwr_id = client.find_resource(
const.FWR, fwr, cmd_resource=const.CMD_FWR)['id']
client.delete_fwaas_firewall_rule(fwr_id)
fwr_id = client.find_firewall_rule(fwr)['id']
client.delete_firewall_rule(fwr_id)
except Exception as e:
result += 1
LOG.error(_("Failed to delete Firewall rule with "
@ -292,8 +310,8 @@ class ListFirewallRule(command.Lister):
return parser
def extend_list(self, data, parsed_args):
ext_data = copy.deepcopy(data)
for d in ext_data:
ext_data = []
for d in data:
protocol = d['protocol'].upper() if d['protocol'] else 'ANY'
src_ip = 'none specified'
dst_ip = 'none specified'
@ -311,11 +329,12 @@ class ListFirewallRule(command.Lister):
src = 'source(port): ' + src_ip + src_port
dst = 'dest(port): ' + dst_ip + dst_port
d['summary'] = ',\n '.join([protocol, src, dst, action])
ext_data.append(d)
return ext_data
def take_action(self, parsed_args):
client = self.app.client_manager.neutronclient
obj = client.list_fwaas_firewall_rules()[const.FWRS]
client = self.app.client_manager.network
obj = client.firewall_rules()
obj_extend = self.extend_list(obj, parsed_args)
headers, columns = column_util.get_column_definitions(
_attr_map, long_listing=parsed_args.long)
@ -336,14 +355,12 @@ class SetFirewallRule(command.Command):
return parser
def take_action(self, parsed_args):
client = self.app.client_manager.neutronclient
client = self.app.client_manager.network
attrs = _get_common_attrs(self.app.client_manager,
parsed_args, is_create=False)
fwr_id = client.find_resource(
const.FWR, parsed_args.firewall_rule,
cmd_resource=const.CMD_FWR)['id']
fwr_id = client.find_firewall_rule(parsed_args.firewall_rule)['id']
try:
client.update_fwaas_firewall_rule(fwr_id, {const.FWR: attrs})
client.update_firewall_rule(fwr_id, **attrs)
except Exception as e:
msg = (_("Failed to set firewall rule '%(rule)s': %(e)s")
% {'rule': parsed_args.firewall_rule, 'e': e})
@ -362,12 +379,11 @@ class ShowFirewallRule(command.ShowOne):
return parser
def take_action(self, parsed_args):
client = self.app.client_manager.neutronclient
fwr_id = client.find_resource(
const.FWR, parsed_args.firewall_rule,
cmd_resource=const.CMD_FWR)['id']
obj = client.show_fwaas_firewall_rule(fwr_id)[const.FWR]
columns, display_columns = column_util.get_columns(obj, _attr_map)
client = self.app.client_manager.network
fwr_id = client.find_firewall_rule(parsed_args.firewall_rule)['id']
obj = client.get_firewall_rule(fwr_id)
display_columns, columns = utils.get_osc_show_columns_for_sdk_resource(
obj, _attr_map_dict, ['location', 'tenant_id'])
data = utils.get_dict_properties(obj, columns, formatters=_formatters)
return (display_columns, data)
@ -440,13 +456,11 @@ class UnsetFirewallRule(command.Command):
return attrs
def take_action(self, parsed_args):
client = self.app.client_manager.neutronclient
client = self.app.client_manager.network
attrs = self._get_attrs(self.app.client_manager, parsed_args)
fwr_id = client.find_resource(
const.FWR, parsed_args.firewall_rule,
cmd_resource=const.CMD_FWR)['id']
fwr_id = client.find_firewall_rule(parsed_args.firewall_rule)['id']
try:
client.update_fwaas_firewall_rule(fwr_id, {const.FWR: attrs})
client.update_firewall_rule(fwr_id, **attrs)
except Exception as e:
msg = (_("Failed to unset firewall rule '%(rule)s': %(e)s")
% {'rule': parsed_args.firewall_rule, 'e': e})

View File

@ -42,23 +42,20 @@ class TestListFWaaS(test_fakes.TestNeutronClientOSCV2):
self.mocked.assert_called_once_with()
self.assertEqual(list(self.headers), headers)
self.assertListItemEqual([self.data], list(data))
class TestShowFWaaS(test_fakes.TestNeutronClientOSCV2):
def test_show_filtered_by_id_or_name(self):
target = self.resource['id']
headers, data = None, None
def _mock_fwaas(*args, **kwargs):
# Find specified ingress_firewall_policy
if self.neutronclient.find_resource.call_count == 1:
self.assertEqual(self.res, args[0])
self.assertEqual(self.resource['id'], args[1])
self.assertEqual({'cmd_resource': 'fwaas_' + self.res}, kwargs)
return {'id': args[1]}
return {'id': args[0]}
self.neutronclient.find_resource.side_effect = _mock_fwaas
self.networkclient.find_firewall_policy.side_effect = _mock_fwaas
self.networkclient.find_firewall_group.side_effect = _mock_fwaas
self.networkclient.find_firewall_rule.side_effect = _mock_fwaas
arglist = [target]
verifylist = [(self.res, target)]
@ -67,7 +64,6 @@ class TestShowFWaaS(test_fakes.TestNeutronClientOSCV2):
self.mocked.assert_called_once_with(target)
self.assertEqual(self.ordered_headers, headers)
self.assertItemEqual(self.ordered_data, data)
class TestCreateFWaaS(test_fakes.TestNeutronClientOSCV2):
@ -87,8 +83,7 @@ class TestSetFWaaS(test_fakes.TestNeutronClientOSCV2):
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
result = self.cmd.take_action(parsed_args)
self.mocked.assert_called_once_with(
target, {self.res: {'name': update}})
self.mocked.assert_called_once_with(target, **{'name': update})
self.assertIsNone(result)
def test_set_description(self):
@ -102,8 +97,7 @@ class TestSetFWaaS(test_fakes.TestNeutronClientOSCV2):
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
result = self.cmd.take_action(parsed_args)
self.mocked.assert_called_once_with(
target, {self.res: {'description': update}})
self.mocked.assert_called_once_with(target, **{'description': update})
self.assertIsNone(result)
def test_set_shared(self):
@ -116,8 +110,7 @@ class TestSetFWaaS(test_fakes.TestNeutronClientOSCV2):
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
result = self.cmd.take_action(parsed_args)
self.mocked.assert_called_once_with(
target, {self.res: {'shared': True}})
self.mocked.assert_called_once_with(target, **{'shared': True})
self.assertIsNone(result)
def test_set_duplicate_shared(self):
@ -130,8 +123,7 @@ class TestSetFWaaS(test_fakes.TestNeutronClientOSCV2):
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
result = self.cmd.take_action(parsed_args)
self.mocked.assert_called_once_with(
target, {self.res: {'shared': True}})
self.mocked.assert_called_once_with(target, **{'shared': True})
self.assertIsNone(result)
def test_set_no_share(self):
@ -144,8 +136,7 @@ class TestSetFWaaS(test_fakes.TestNeutronClientOSCV2):
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
result = self.cmd.take_action(parsed_args)
self.mocked.assert_called_once_with(
target, {self.res: {'shared': False}})
self.mocked.assert_called_once_with(target, **{'shared': False})
self.assertIsNone(result)
def test_set_duplicate_no_share(self):
@ -158,8 +149,7 @@ class TestSetFWaaS(test_fakes.TestNeutronClientOSCV2):
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
result = self.cmd.take_action(parsed_args)
self.mocked.assert_called_once_with(
target, {self.res: {'shared': False}})
self.mocked.assert_called_once_with(target, **{'shared': False})
self.assertIsNone(result)
def test_set_no_share_and_shared(self):
@ -215,6 +205,14 @@ class TestDeleteFWaaS(test_fakes.TestNeutronClientOSCV2):
def test_delete_with_one_resource(self):
target = self.resource['id']
def _mock_fwaas(*args, **kwargs):
return {'id': args[0]}
self.networkclient.find_firewall_group.side_effect = _mock_fwaas
self.networkclient.find_firewall_policy.side_effect = _mock_fwaas
self.networkclient.find_firewall_rule.side_effect = _mock_fwaas
arglist = [target]
verifylist = [(self.res, [target])]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -226,12 +224,11 @@ class TestDeleteFWaaS(test_fakes.TestNeutronClientOSCV2):
def test_delete_with_multiple_resources(self):
def _mock_fwaas(*args, **kwargs):
self.assertEqual(self.res, args[0])
self.assertIsNotNone(args[1])
self.assertEqual({'cmd_resource': 'fwaas_' + self.res}, kwargs)
return {'id': args[1]}
return {'id': args[0]}
self.neutronclient.find_resource.side_effect = _mock_fwaas
self.networkclient.find_firewall_group.side_effect = _mock_fwaas
self.networkclient.find_firewall_policy.side_effect = _mock_fwaas
self.networkclient.find_firewall_rule.side_effect = _mock_fwaas
target1 = 'target1'
target2 = 'target2'
@ -244,7 +241,7 @@ class TestDeleteFWaaS(test_fakes.TestNeutronClientOSCV2):
self.assertEqual(2, self.mocked.call_count)
for idx, reference in enumerate([target1, target2]):
actual = ''.join(self.mocked.call_args_list[idx][0])
actual = ''.join(self.mocked.call_args_list[idx][0][0])
self.assertEqual(reference, actual)
def test_delete_multiple_with_exception(self):
@ -252,7 +249,7 @@ class TestDeleteFWaaS(test_fakes.TestNeutronClientOSCV2):
arglist = [target1]
verifylist = [(self.res, [target1])]
self.neutronclient.find_resource.side_effect = [
self.networkclient.find_firewall_group.side_effect = [
target1, exceptions.CommandError
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
@ -277,8 +274,7 @@ class TestUnsetFWaaS(test_fakes.TestNeutronClientOSCV2):
]
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
result = self.cmd.take_action(parsed_args)
self.mocked.assert_called_once_with(
target, {self.res: {'shared': False}})
self.mocked.assert_called_once_with(target, **{'shared': False})
self.assertIsNone(result)
def test_set_shared_and_no_shared(self):
@ -304,6 +300,5 @@ class TestUnsetFWaaS(test_fakes.TestNeutronClientOSCV2):
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
result = self.cmd.take_action(parsed_args)
self.mocked.assert_called_once_with(
target, {self.res: {'shared': False}})
self.mocked.assert_called_once_with(target, **{'shared': False})
self.assertIsNone(result)

View File

@ -15,9 +15,11 @@
#
import collections
import copy
from unittest import mock
from openstack.network.v2 import firewall_group as fw_group
from openstack.network.v2 import firewall_policy as fw_policy
from openstack.network.v2 import firewall_rule as fw_rule
from oslo_utils import uuidutils
@ -32,7 +34,22 @@ class FakeFWaaS(object):
A OrderedDict faking the fwaas resource
"""
self.ordered.update(attrs)
return copy.deepcopy(self.ordered)
if 'FirewallGroup' == self.__class__.__name__:
return fw_group.FirewallGroup(**self.ordered)
if 'FirewallPolicy' == self.__class__.__name__:
return fw_policy.FirewallPolicy(**self.ordered)
if 'FirewallRule' == self.__class__.__name__:
fw_r = fw_rule.FirewallRule(**self.ordered)
protocol = fw_r['protocol'].upper() if fw_r['protocol'] else 'ANY'
src_ip = str(fw_r['source_ip_address']).lower()
src_port = '(' + str(fw_r['source_port']).lower() + ')'
dst_ip = str(fw_r['destination_ip_address']).lower()
dst_port = '(' + str(fw_r['destination_port']).lower() + ')'
src = 'source(port): ' + src_ip + src_port
dst = 'dest(port): ' + dst_ip + dst_port
action = fw_r['action'] if fw_r.get('action') else 'no-action'
fw_r['summary'] = ',\n '.join([protocol, src, dst, action])
return fw_r
def bulk_create(self, attrs=None, count=2):
"""Create multiple fake fwaas resources

View File

@ -22,7 +22,6 @@ from osc_lib import exceptions
from osc_lib.tests import utils
from neutronclient.osc import utils as osc_utils
from neutronclient.osc.v2.fwaas import constants as const
from neutronclient.osc.v2.fwaas import firewallgroup
from neutronclient.osc.v2 import utils as v2_utils
from neutronclient.tests.unit.osc.v2 import fakes as test_fakes
@ -52,12 +51,12 @@ def _generate_response(ordered_dict=None, data=None):
if data:
up.append(data)
source.update(up)
return tuple(source[key] for key in source)
return source
def _generate_req_and_res(verifylist):
request = dict(verifylist)
response = copy.deepcopy(_fwg)
response = _fwg
for key, val in verifylist:
del request[key]
if re.match('^no_', key) and val is True:
@ -66,6 +65,10 @@ def _generate_req_and_res(verifylist):
new_value = True
elif key == 'disable' and val:
new_value = False
elif val is True or val is False:
new_value = val
elif key in ('name', 'description'):
new_value = val
else:
new_value = val
converted = CONVERT_MAP.get(key, key)
@ -78,20 +81,19 @@ class TestFirewallGroup(test_fakes.TestNeutronClientOSCV2):
def check_results(self, headers, data, exp_req, is_list=False):
if is_list:
req_body = {self.res_plural: [exp_req]}
req_body = {self.res_plural: list(exp_req)}
else:
req_body = {self.res: exp_req}
self.mocked.assert_called_once_with(req_body)
self.assertEqual(self.ordered_headers, headers)
self.assertItemEqual(self.ordered_data, data)
req_body = exp_req
self.mocked.assert_called_once_with(**req_body)
self.assertEqual(self.ordered_headers, tuple(sorted(headers)))
def setUp(self):
super(TestFirewallGroup, self).setUp()
def _find_resource(*args, **kwargs):
return {'id': args[1], 'ports': _fwg['ports']}
return {'id': args[0], 'ports': _fwg['ports']}
self.neutronclient.find_resource = mock.Mock(
self.networkclient.find_firewall_group = mock.Mock(
side_effect=_find_resource)
osc_utils.find_project = mock.Mock()
osc_utils.find_project.id = _fwg['tenant_id']
@ -120,7 +122,7 @@ class TestFirewallGroup(test_fakes.TestNeutronClientOSCV2):
))
self.data = _generate_response()
self.ordered_headers = copy.deepcopy(tuple(sorted(self.headers)))
self.ordered_data = (
self.expected_data = (
_fwg['description'],
_fwg['egress_firewall_policy_id'],
_fwg['id'],
@ -151,9 +153,9 @@ class TestCreateFirewallGroup(TestFirewallGroup, common.TestCreateFWaaS):
def setUp(self):
# Mock objects
super(TestCreateFirewallGroup, self).setUp()
self.neutronclient.create_fwaas_firewall_group = mock.Mock(
return_value={self.res: _fwg})
self.mocked = self.neutronclient.create_fwaas_firewall_group
self.networkclient.create_firewall_group = mock.Mock(
return_value=_fwg)
self.mocked = self.networkclient.create_firewall_group
self.cmd = firewallgroup.CreateFirewallGroup(self.app, self.namespace)
def _update_expect_response(self, request, response):
@ -165,14 +167,11 @@ class TestCreateFirewallGroup(TestFirewallGroup, common.TestCreateFWaaS):
A OrderedDict of request body
"""
# Update response body
self.neutronclient.create_fwaas_firewall_group.return_value = \
{self.res: dict(response)}
self.networkclient.create_firewall_group.return_value = response
osc_utils.find_project.return_value.id = response['tenant_id']
# Update response(finally returns 'data')
self.data = _generate_response(ordered_dict=response)
self.ordered_data = tuple(
response[column] for column in self.ordered_columns
)
self.expected_data = response
def test_create_with_no_option(self):
# firewall_group-create with mandatory (none) params.
@ -180,12 +179,16 @@ class TestCreateFirewallGroup(TestFirewallGroup, common.TestCreateFWaaS):
verifylist = []
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
headers, data = self.cmd.take_action(parsed_args)
self.assertEqual(self.ordered_headers, headers)
self.assertItemEqual(self.ordered_data, data)
self.assertEqual(self.ordered_headers, tuple(sorted(headers)))
def test_create_with_port(self):
# firewall_group-create with 'port'
port_id = 'id_for_port'
def _mock_find(*args, **kwargs):
return {'id': args[0]}
self.networkclient.find_port.side_effect = _mock_find
arglist = ['--port', port_id]
verifylist = [('port', [port_id])]
request, response = _generate_req_and_res(verifylist)
@ -200,9 +203,9 @@ class TestCreateFirewallGroup(TestFirewallGroup, common.TestCreateFWaaS):
ingress_policy = 'my-ingress-policy'
def _mock_port_fwg(*args, **kwargs):
return {'id': args[1]}
return {'id': args[0]}
self.neutronclient.find_resource.side_effect = _mock_port_fwg
self.networkclient.find_firewall_policy.side_effect = _mock_port_fwg
arglist = ['--ingress-firewall-policy', ingress_policy]
verifylist = [('ingress_firewall_policy', ingress_policy)]
@ -211,18 +214,19 @@ class TestCreateFirewallGroup(TestFirewallGroup, common.TestCreateFWaaS):
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
headers, data = self.cmd.take_action(parsed_args)
self.neutronclient.find_resource.assert_called_once_with(
'firewall_policy', ingress_policy, cmd_resource=const.CMD_FWP)
self.networkclient.find_firewall_policy.assert_called_once_with(
ingress_policy)
self.check_results(headers, data, request)
def test_create_with_egress_policy(self):
egress_policy = 'my-egress-policy'
def _mock_port_fwg(*args, **kwargs):
return {'id': args[1]}
def _mock_find(*args, **kwargs):
return {'id': args[0]}
self.neutronclient.find_resource.side_effect = _mock_port_fwg
self.networkclient.find_firewall_group.side_effect = _mock_find
self.networkclient.find_firewall_policy.side_effect = _mock_find
arglist = ['--egress-firewall-policy', egress_policy]
verifylist = [('egress_firewall_policy', egress_policy)]
@ -231,8 +235,8 @@ class TestCreateFirewallGroup(TestFirewallGroup, common.TestCreateFWaaS):
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
headers, data = self.cmd.take_action(parsed_args)
self.neutronclient.find_resource.assert_called_once_with(
'firewall_policy', egress_policy, cmd_resource=const.CMD_FWP)
self.networkclient.find_firewall_policy.assert_called_once_with(
egress_policy)
self.check_results(headers, data, request)
def test_create_with_all_params(self):
@ -240,7 +244,13 @@ class TestCreateFirewallGroup(TestFirewallGroup, common.TestCreateFWaaS):
description = 'my-desc'
ingress_policy = 'my-ingress-policy'
egress_policy = 'my-egress-policy'
def _mock_find(*args, **kwargs):
return {'id': args[0]}
self.networkclient.find_firewall_policy.side_effect = _mock_find
port = 'port'
self.networkclient.find_port.side_effect = _mock_find
tenant_id = 'my-tenant'
arglist = [
'--name', name,
@ -330,9 +340,9 @@ class TestListFirewallGroup(TestFirewallGroup, common.TestListFWaaS):
def setUp(self):
super(TestListFirewallGroup, self).setUp()
# Mock objects
self.neutronclient.list_fwaas_firewall_groups = mock.Mock(
return_value={self.res_plural: [_fwg]})
self.mocked = self.neutronclient.list_fwaas_firewall_groups
self.networkclient.firewall_groups = mock.Mock(
return_value=[_fwg])
self.mocked = self.networkclient.firewall_groups
self.cmd = firewallgroup.ListFirewallGroup(self.app, self.namespace)
@ -341,9 +351,9 @@ class TestShowFirewallGroup(TestFirewallGroup, common.TestShowFWaaS):
def setUp(self):
super(TestShowFirewallGroup, self).setUp()
# Mock objects
self.neutronclient.show_fwaas_firewall_group = mock.Mock(
return_value={self.res: _fwg})
self.mocked = self.neutronclient.show_fwaas_firewall_group
self.networkclient.get_firewall_group = mock.Mock(
return_value=_fwg)
self.mocked = self.networkclient.get_firewall_group
self.cmd = firewallgroup.ShowFirewallGroup(self.app, self.namespace)
@ -353,9 +363,15 @@ class TestSetFirewallGroup(TestFirewallGroup, common.TestSetFWaaS):
super(TestSetFirewallGroup, self).setUp()
# Mock objects
_fwg['ports'] = ['old_port']
self.neutronclient.update_fwaas_firewall_group = mock.Mock(
self.networkclient.update_firewall_group = mock.Mock(
return_value={self.res: _fwg})
self.mocked = self.neutronclient.update_fwaas_firewall_group
self.mocked = self.networkclient.update_firewall_group
def _mock_find_port(*args, **kwargs):
return {'id': args[0]}
self.networkclient.find_port.side_effect = _mock_find_port
self.cmd = firewallgroup.SetFirewallGroup(self.app, self.namespace)
def _update_expect_response(self, request, response):
@ -380,22 +396,21 @@ class TestSetFirewallGroup(TestFirewallGroup, common.TestSetFWaaS):
def _mock_fwg_policy(*args, **kwargs):
# 1. Find specified firewall_group
if self.neutronclient.find_resource.call_count == 1:
self.neutronclient.find_resource.assert_called_with(
self.res, target, cmd_resource=const.CMD_FWG)
if self.networkclient.find_firewall_group.call_count == 1:
self.networkclient.find_firewall_group.assert_called_with(
target)
# 2. Find specified 'ingress_firewall_policy'
if self.neutronclient.find_resource.call_count == 2:
self.neutronclient.find_resource.assert_called_with(
'firewall_policy', ingress_policy,
cmd_resource=const.CMD_FWP)
if self.networkclient.find_firewall_policy.call_count == 1:
self.networkclient.find_firewall_policy.assert_called_with(
ingress_policy)
# 3. Find specified 'ingress_firewall_policy'
if self.neutronclient.find_resource.call_count == 3:
self.neutronclient.find_resource.assert_called_with(
'firewall_policy', egress_policy,
cmd_resource=const.CMD_FWP)
return {'id': args[1]}
if self.networkclient.find_firewall_policy.call_count == 2:
self.networkclient.find_firewall_policy.assert_called_with(
egress_policy)
return {'id': args[0]}
self.neutronclient.find_resource.side_effect = _mock_fwg_policy
self.networkclient.find_firewall_group.side_effect = _mock_fwg_policy
self.networkclient.find_firewall_policy.side_effect = _mock_fwg_policy
arglist = [
target,
@ -411,8 +426,8 @@ class TestSetFirewallGroup(TestFirewallGroup, common.TestSetFWaaS):
result = self.cmd.take_action(parsed_args)
self.mocked.assert_called_once_with(
target, {self.res: {'ingress_firewall_policy_id': ingress_policy,
'egress_firewall_policy_id': egress_policy}})
target, **{'ingress_firewall_policy_id': ingress_policy,
'egress_firewall_policy_id': egress_policy})
self.assertIsNone(result)
def test_set_port(self):
@ -422,27 +437,21 @@ class TestSetFirewallGroup(TestFirewallGroup, common.TestSetFWaaS):
def _mock_port_fwg(*args, **kwargs):
# 1. Find specified firewall_group
if self.neutronclient.find_resource.call_count == 1:
self.neutronclient.find_resource.assert_called_with(
self.res, target, cmd_resource=const.CMD_FWG)
return {'id': args[1]}
if self.networkclient.find_firewall_group.call_count in [1, 2]:
self.networkclient.find_firewall_group.assert_called_with(
target)
return {'id': args[0], 'ports': _fwg['ports']}
# 2. Find specified 'port' #1
if self.neutronclient.find_resource.call_count == 2:
self.neutronclient.find_resource.assert_called_with(
'port', args[1])
return {'id': args[1]}
if self.networkclient.find_port.call_count == 1:
self.networkclient.find_port.assert_called_with(args)
return {'id': args[0]}
# 3. Find specified 'port' #2
if self.neutronclient.find_resource.call_count == 3:
self.neutronclient.find_resource.assert_called_with(
'port', args[1])
return {'id': args[1]}
# 4. Find specified firewall_group and refer 'ports' attribute
if self.neutronclient.find_resource.call_count == 4:
self.neutronclient.find_resource.assert_called_with(
self.res, target, cmd_resource=const.CMD_FWG)
return {'ports': _fwg['ports']}
if self.networkclient.find_port.call_count == 2:
self.networkclient.find_port.assert_called_with(args)
return {'id': args[0]}
self.neutronclient.find_resource.side_effect = _mock_port_fwg
self.networkclient.find_fireall_group.side_effect = _mock_port_fwg
self.networkclient.find_port.side_effect = _mock_port_fwg
arglist = [
target,
@ -457,8 +466,8 @@ class TestSetFirewallGroup(TestFirewallGroup, common.TestSetFWaaS):
result = self.cmd.take_action(parsed_args)
expect = {'ports': sorted(_fwg['ports'] + [port1, port2])}
self.mocked.assert_called_once_with(target, {self.res: expect})
self.assertEqual(4, self.neutronclient.find_resource.call_count)
self.mocked.assert_called_once_with(target, **expect)
self.assertEqual(2, self.networkclient.find_firewall_group.call_count)
self.assertIsNone(result)
def test_set_no_port(self):
@ -473,7 +482,7 @@ class TestSetFirewallGroup(TestFirewallGroup, common.TestSetFWaaS):
result = self.cmd.take_action(parsed_args)
self.mocked.assert_called_once_with(
target, {self.res: {'ports': []}})
target, **{'ports': []})
self.assertIsNone(result)
def test_set_admin_state(self):
@ -487,12 +496,18 @@ class TestSetFirewallGroup(TestFirewallGroup, common.TestSetFWaaS):
result = self.cmd.take_action(parsed_args)
self.mocked.assert_called_once_with(
target, {self.res: {'admin_state_up': True}})
target, **{'admin_state_up': True})
self.assertIsNone(result)
def test_set_egress_policy(self):
target = self.resource['id']
policy = 'egress_policy'
def _mock_find_policy(*args, **kwargs):
return {'id': args[0]}
self.networkclient.find_firewall_policy.side_effect = _mock_find_policy
arglist = [target, '--egress-firewall-policy', policy]
verifylist = [
(self.res, target),
@ -502,7 +517,7 @@ class TestSetFirewallGroup(TestFirewallGroup, common.TestSetFWaaS):
result = self.cmd.take_action(parsed_args)
self.mocked.assert_called_once_with(
target, {self.res: {'egress_firewall_policy_id': policy}})
target, **{'egress_firewall_policy_id': policy})