OSC: Remove FWAAS V2 calls to neutronclient
Bump SDK min version to 1.5.0. Depends-On: https://review.opendev.org/c/openstack/openstacksdk/+/883859 Related-Bug: #1999774 Change-Id: I1588ffa8035c2a4f558c6d3a630287542c718be4
This commit is contained in:
parent
d497615240
commit
fccfe8c3e5
@ -32,6 +32,20 @@ _formatters = {
|
||||
'admin_state_up': v2_utils.AdminStateColumn,
|
||||
}
|
||||
|
||||
_attr_map_dict = {
|
||||
'id': 'ID',
|
||||
'name': 'Name',
|
||||
'ingress_firewall_policy_id': 'Ingress Policy ID',
|
||||
'egress_firewall_policy_id': 'Egress Policy ID',
|
||||
'description': 'Description',
|
||||
'status': 'Status',
|
||||
'ports': 'Ports',
|
||||
'admin_state_up': 'State',
|
||||
'shared': 'Shared',
|
||||
'tenant_id': 'Project',
|
||||
'project_id': 'Project',
|
||||
}
|
||||
|
||||
_attr_map = (
|
||||
('id', 'ID', column_util.LIST_BOTH),
|
||||
('name', 'Name', column_util.LIST_BOTH),
|
||||
@ -103,7 +117,7 @@ def _get_common_parser(parser):
|
||||
|
||||
def _get_common_attrs(client_manager, parsed_args, is_create=True):
|
||||
attrs = {}
|
||||
client = client_manager.neutronclient
|
||||
client = client_manager.network
|
||||
|
||||
if is_create:
|
||||
if 'project' in parsed_args and parsed_args.project is not None:
|
||||
@ -114,24 +128,20 @@ def _get_common_attrs(client_manager, parsed_args, is_create=True):
|
||||
).id
|
||||
if (parsed_args.ingress_firewall_policy and
|
||||
parsed_args.no_ingress_firewall_policy):
|
||||
attrs['ingress_firewall_policy_id'] = client.find_resource(
|
||||
const.FWP, parsed_args.ingress_firewall_policy,
|
||||
cmd_resource=const.CMD_FWP)['id']
|
||||
attrs['ingress_firewall_policy_id'] = client.find_firewall_policy(
|
||||
parsed_args.ingress_firewall_policy)['id']
|
||||
elif parsed_args.ingress_firewall_policy:
|
||||
attrs['ingress_firewall_policy_id'] = client.find_resource(
|
||||
const.FWP, parsed_args.ingress_firewall_policy,
|
||||
cmd_resource=const.CMD_FWP)['id']
|
||||
attrs['ingress_firewall_policy_id'] = client.find_firewall_policy(
|
||||
parsed_args.ingress_firewall_policy)['id']
|
||||
elif parsed_args.no_ingress_firewall_policy:
|
||||
attrs['ingress_firewall_policy_id'] = None
|
||||
if (parsed_args.egress_firewall_policy and
|
||||
parsed_args.no_egress_firewall_policy):
|
||||
attrs['egress_firewall_policy_id'] = client.find_resource(
|
||||
const.FWP, parsed_args.egress_firewall_policy,
|
||||
cmd_resource=const.CMD_FWP)['id']
|
||||
attrs['egress_firewall_policy_id'] = client.find_firewall_policy(
|
||||
parsed_args.egress_firewall_policy)['id']
|
||||
elif parsed_args.egress_firewall_policy:
|
||||
attrs['egress_firewall_policy_id'] = client.find_resource(
|
||||
const.FWP, parsed_args.egress_firewall_policy,
|
||||
cmd_resource=const.CMD_FWP)['id']
|
||||
attrs['egress_firewall_policy_id'] = client.find_firewall_policy(
|
||||
parsed_args.egress_firewall_policy)['id']
|
||||
elif parsed_args.no_egress_firewall_policy:
|
||||
attrs['egress_firewall_policy_id'] = None
|
||||
if parsed_args.share:
|
||||
@ -147,16 +157,15 @@ def _get_common_attrs(client_manager, parsed_args, is_create=True):
|
||||
if parsed_args.description:
|
||||
attrs['description'] = str(parsed_args.description)
|
||||
if parsed_args.port and parsed_args.no_port:
|
||||
attrs['ports'] = sorted([client.find_resource(
|
||||
'port', p)['id'] for p in set(parsed_args.port)])
|
||||
attrs['ports'] = sorted([client.find_port(
|
||||
p)['id'] for p in set(parsed_args.port)])
|
||||
elif parsed_args.port:
|
||||
ports = []
|
||||
for p in set(parsed_args.port):
|
||||
ports.append(client.find_resource('port', p)['id'])
|
||||
ports.append(client.find_port(p)['id'])
|
||||
if not is_create:
|
||||
ports += client.find_resource(
|
||||
const.FWG, parsed_args.firewall_group,
|
||||
cmd_resource=const.CMD_FWG)['ports']
|
||||
ports += client.find_firewall_group(
|
||||
parsed_args.firewall_group)['ports']
|
||||
attrs['ports'] = sorted(set(ports))
|
||||
elif parsed_args.no_port:
|
||||
attrs['ports'] = []
|
||||
@ -185,11 +194,11 @@ class CreateFirewallGroup(command.ShowOne):
|
||||
return parser
|
||||
|
||||
def take_action(self, parsed_args):
|
||||
client = self.app.client_manager.neutronclient
|
||||
client = self.app.client_manager.network
|
||||
attrs = _get_common_attrs(self.app.client_manager, parsed_args)
|
||||
obj = client.create_fwaas_firewall_group(
|
||||
{const.FWG: attrs})[const.FWG]
|
||||
columns, display_columns = column_util.get_columns(obj, _attr_map)
|
||||
obj = client.create_firewall_group(**attrs)
|
||||
display_columns, columns = utils.get_osc_show_columns_for_sdk_resource(
|
||||
obj, _attr_map_dict, ['location', 'tenant_id'])
|
||||
data = utils.get_dict_properties(obj, columns, formatters=_formatters)
|
||||
return (display_columns, data)
|
||||
|
||||
@ -207,13 +216,12 @@ class DeleteFirewallGroup(command.Command):
|
||||
return parser
|
||||
|
||||
def take_action(self, parsed_args):
|
||||
client = self.app.client_manager.neutronclient
|
||||
client = self.app.client_manager.network
|
||||
result = 0
|
||||
for fwg in parsed_args.firewall_group:
|
||||
try:
|
||||
fwg_id = client.find_resource(
|
||||
const.FWG, fwg, cmd_resource=const.CMD_FWG)['id']
|
||||
client.delete_fwaas_firewall_group(fwg_id)
|
||||
fwg_id = client.find_firewall_group(fwg)['id']
|
||||
client.delete_firewall_group(fwg_id)
|
||||
except Exception as e:
|
||||
result += 1
|
||||
LOG.error(_("Failed to delete firewall group with "
|
||||
@ -240,8 +248,8 @@ class ListFirewallGroup(command.Lister):
|
||||
return parser
|
||||
|
||||
def take_action(self, parsed_args):
|
||||
client = self.app.client_manager.neutronclient
|
||||
obj = client.list_fwaas_firewall_groups()[const.FWGS]
|
||||
client = self.app.client_manager.network
|
||||
obj = client.firewall_groups()
|
||||
headers, columns = column_util.get_column_definitions(
|
||||
_attr_map, long_listing=parsed_args.long)
|
||||
return (headers, (utils.get_dict_properties(
|
||||
@ -272,13 +280,12 @@ class SetFirewallGroup(command.Command):
|
||||
return parser
|
||||
|
||||
def take_action(self, parsed_args):
|
||||
client = self.app.client_manager.neutronclient
|
||||
fwg_id = client.find_resource(const.FWG, parsed_args.firewall_group,
|
||||
cmd_resource=const.CMD_FWG)['id']
|
||||
client = self.app.client_manager.network
|
||||
fwg_id = client.find_firewall_group(parsed_args.firewall_group)['id']
|
||||
attrs = _get_common_attrs(self.app.client_manager, parsed_args,
|
||||
is_create=False)
|
||||
try:
|
||||
client.update_fwaas_firewall_group(fwg_id, {const.FWG: attrs})
|
||||
client.update_firewall_group(fwg_id, **attrs)
|
||||
except Exception as e:
|
||||
msg = (_("Failed to set firewall group '%(group)s': %(e)s")
|
||||
% {'group': parsed_args.firewall_group, 'e': e})
|
||||
@ -297,11 +304,11 @@ class ShowFirewallGroup(command.ShowOne):
|
||||
return parser
|
||||
|
||||
def take_action(self, parsed_args):
|
||||
client = self.app.client_manager.neutronclient
|
||||
fwg_id = client.find_resource(const.FWG, parsed_args.firewall_group,
|
||||
cmd_resource=const.CMD_FWG)['id']
|
||||
obj = client.show_fwaas_firewall_group(fwg_id)[const.FWG]
|
||||
columns, display_columns = column_util.get_columns(obj, _attr_map)
|
||||
client = self.app.client_manager.network
|
||||
fwg_id = client.find_firewall_group(parsed_args.firewall_group)['id']
|
||||
obj = client.get_firewall_group(fwg_id)
|
||||
display_columns, columns = utils.get_osc_show_columns_for_sdk_resource(
|
||||
obj, _attr_map_dict, ['location', 'tenant_id'])
|
||||
data = utils.get_dict_properties(obj, columns, formatters=_formatters)
|
||||
return (display_columns, data)
|
||||
|
||||
@ -347,9 +354,8 @@ class UnsetFirewallGroup(command.Command):
|
||||
help=_('Disable firewall group'))
|
||||
return parser
|
||||
|
||||
def _get_attrs(self, client_manager, parsed_args):
|
||||
def _get_attrs(self, client, parsed_args):
|
||||
attrs = {}
|
||||
client = client_manager.neutronclient
|
||||
if parsed_args.ingress_firewall_policy:
|
||||
attrs['ingress_firewall_policy_id'] = None
|
||||
if parsed_args.egress_firewall_policy:
|
||||
@ -359,23 +365,20 @@ class UnsetFirewallGroup(command.Command):
|
||||
if parsed_args.enable:
|
||||
attrs['admin_state_up'] = False
|
||||
if parsed_args.port:
|
||||
old = client.find_resource(
|
||||
const.FWG, parsed_args.firewall_group,
|
||||
cmd_resource=const.CMD_FWG)['ports']
|
||||
new = [client.find_resource(
|
||||
'port', r)['id'] for r in parsed_args.port]
|
||||
old = client.find_firewall_group(
|
||||
parsed_args.firewall_group)['ports']
|
||||
new = [client.find_port(r)['id'] for r in parsed_args.port]
|
||||
attrs['ports'] = sorted(list(set(old) - set(new)))
|
||||
if parsed_args.all_port:
|
||||
attrs['ports'] = []
|
||||
return attrs
|
||||
|
||||
def take_action(self, parsed_args):
|
||||
client = self.app.client_manager.neutronclient
|
||||
fwg_id = client.find_resource(const.FWG, parsed_args.firewall_group,
|
||||
cmd_resource=const.CMD_FWG)['id']
|
||||
attrs = self._get_attrs(self.app.client_manager, parsed_args)
|
||||
client = self.app.client_manager.network
|
||||
fwg_id = client.find_firewall_group(parsed_args.firewall_group)['id']
|
||||
attrs = self._get_attrs(client, parsed_args)
|
||||
try:
|
||||
client.update_fwaas_firewall_group(fwg_id, {const.FWG: attrs})
|
||||
client.update_firewall_group(fwg_id, **attrs)
|
||||
except Exception as e:
|
||||
msg = (_("Failed to unset firewall group '%(group)s': %(e)s")
|
||||
% {'group': parsed_args.firewall_group, 'e': e})
|
||||
|
@ -30,6 +30,18 @@ LOG = logging.getLogger(__name__)
|
||||
|
||||
_formatters = {}
|
||||
|
||||
|
||||
_attr_map_dict = {
|
||||
'id': 'ID',
|
||||
'name': 'Name',
|
||||
'description': 'Description',
|
||||
'firewall_rules': 'Firewall Rules',
|
||||
'audited': 'Audited',
|
||||
'shared': 'Shared',
|
||||
'tenant_id': 'Project',
|
||||
'project_id': 'Project',
|
||||
}
|
||||
|
||||
_attr_map = (
|
||||
('id', 'ID', column_util.LIST_BOTH),
|
||||
('name', 'Name', column_util.LIST_BOTH),
|
||||
@ -43,7 +55,7 @@ _attr_map = (
|
||||
|
||||
def _get_common_attrs(client_manager, parsed_args, is_create=True):
|
||||
attrs = {}
|
||||
client = client_manager.neutronclient
|
||||
client = client_manager.network
|
||||
|
||||
if is_create:
|
||||
if 'project' in parsed_args and parsed_args.project is not None:
|
||||
@ -55,18 +67,16 @@ def _get_common_attrs(client_manager, parsed_args, is_create=True):
|
||||
if parsed_args.firewall_rule and parsed_args.no_firewall_rule:
|
||||
_firewall_rules = []
|
||||
for f in parsed_args.firewall_rule:
|
||||
_firewall_rules.append(client.find_resource(
|
||||
const.FWR, f, cmd_resource=const.CMD_FWR)['id'])
|
||||
_firewall_rules.append(client.find_firewall_rule(f)['id'])
|
||||
attrs[const.FWRS] = _firewall_rules
|
||||
elif parsed_args.firewall_rule:
|
||||
rules = []
|
||||
if not is_create:
|
||||
rules += client.find_resource(
|
||||
const.FWP, parsed_args.firewall_policy,
|
||||
cmd_resource=const.CMD_FWP)[const.FWRS]
|
||||
foobar = client.find_firewall_policy(
|
||||
parsed_args.firewall_policy)
|
||||
rules += foobar[const.FWRS]
|
||||
for f in parsed_args.firewall_rule:
|
||||
rules.append(client.find_resource(
|
||||
const.FWR, f, cmd_resource=const.CMD_FWR)['id'])
|
||||
rules.append(client.find_firewall_rule(f)['id'])
|
||||
attrs[const.FWRS] = rules
|
||||
elif parsed_args.no_firewall_rule:
|
||||
attrs[const.FWRS] = []
|
||||
@ -137,11 +147,11 @@ class CreateFirewallPolicy(command.ShowOne):
|
||||
return parser
|
||||
|
||||
def take_action(self, parsed_args):
|
||||
client = self.app.client_manager.neutronclient
|
||||
client = self.app.client_manager.network
|
||||
attrs = _get_common_attrs(self.app.client_manager, parsed_args)
|
||||
obj = client.create_fwaas_firewall_policy(
|
||||
{const.FWP: attrs})[const.FWP]
|
||||
columns, display_columns = column_util.get_columns(obj, _attr_map)
|
||||
obj = client.create_firewall_policy(**attrs)
|
||||
display_columns, columns = utils.get_osc_show_columns_for_sdk_resource(
|
||||
obj, _attr_map_dict, ['location', 'tenant_id'])
|
||||
data = utils.get_dict_properties(obj, columns, formatters=_formatters)
|
||||
return (display_columns, data)
|
||||
|
||||
@ -159,13 +169,12 @@ class DeleteFirewallPolicy(command.Command):
|
||||
return parser
|
||||
|
||||
def take_action(self, parsed_args):
|
||||
client = self.app.client_manager.neutronclient
|
||||
client = self.app.client_manager.network
|
||||
result = 0
|
||||
for fwp in parsed_args.firewall_policy:
|
||||
try:
|
||||
fwp_id = client.find_resource(
|
||||
const.FWP, fwp, cmd_resource='fwaas_' + const.FWP)['id']
|
||||
client.delete_fwaas_firewall_policy(fwp_id)
|
||||
fwp_id = client.find_firewall_policy(fwp)['id']
|
||||
client.delete_firewall_policy(fwp_id)
|
||||
except Exception as e:
|
||||
result += 1
|
||||
LOG.error(_("Failed to delete Firewall policy with "
|
||||
@ -205,31 +214,28 @@ class FirewallPolicyInsertRule(command.Command):
|
||||
return parser
|
||||
|
||||
def args2body(self, parsed_args):
|
||||
client = self.app.client_manager.neutronclient
|
||||
client = self.app.client_manager.network
|
||||
_rule_id = _get_required_firewall_rule(client, parsed_args)
|
||||
_insert_before = ''
|
||||
if 'insert_before' in parsed_args:
|
||||
if parsed_args.insert_before:
|
||||
_insert_before = client.find_resource(
|
||||
const.FWR, parsed_args.insert_before,
|
||||
cmd_resource=const.CMD_FWR)['id']
|
||||
_insert_before = client.find_firewall_rule(
|
||||
parsed_args.insert_before)['id']
|
||||
_insert_after = ''
|
||||
if 'insert_after' in parsed_args:
|
||||
if parsed_args.insert_after:
|
||||
_insert_after = client.find_resource(
|
||||
const.FWR, parsed_args.insert_after,
|
||||
cmd_resource=const.CMD_FWR)['id']
|
||||
_insert_after = client.find_firewall_rule(
|
||||
parsed_args.insert_after)['id']
|
||||
return {'firewall_rule_id': _rule_id,
|
||||
'insert_before': _insert_before,
|
||||
'insert_after': _insert_after}
|
||||
|
||||
def take_action(self, parsed_args):
|
||||
client = self.app.client_manager.neutronclient
|
||||
policy_id = client.find_resource(
|
||||
const.FWP, parsed_args.firewall_policy,
|
||||
cmd_resource=const.CMD_FWP)['id']
|
||||
client = self.app.client_manager.network
|
||||
policy_id = client.find_firewall_policy(
|
||||
parsed_args.firewall_policy)['id']
|
||||
body = self.args2body(parsed_args)
|
||||
client.insert_rule_fwaas_firewall_policy(policy_id, body)
|
||||
client.insert_rule_into_policy(policy_id, body)
|
||||
rule_id = body['firewall_rule_id']
|
||||
policy = parsed_args.firewall_policy
|
||||
print((_('Inserted firewall rule %(rule)s in firewall policy '
|
||||
@ -253,13 +259,12 @@ class FirewallPolicyRemoveRule(command.Command):
|
||||
return parser
|
||||
|
||||
def take_action(self, parsed_args):
|
||||
client = self.app.client_manager.neutronclient
|
||||
policy_id = client.find_resource(
|
||||
const.FWP, parsed_args.firewall_policy,
|
||||
cmd_resource=const.CMD_FWP)['id']
|
||||
client = self.app.client_manager.network
|
||||
policy_id = client.find_firewall_policy(
|
||||
parsed_args.firewall_policy)['id']
|
||||
fwr_id = _get_required_firewall_rule(client, parsed_args)
|
||||
body = {'firewall_rule_id': fwr_id}
|
||||
client.remove_rule_fwaas_firewall_policy(policy_id, body)
|
||||
client.remove_rule_from_policy(policy_id, body)
|
||||
rule_id = body['firewall_rule_id']
|
||||
policy = parsed_args.firewall_policy
|
||||
print((_('Removed firewall rule %(rule)s from firewall policy '
|
||||
@ -281,8 +286,8 @@ class ListFirewallPolicy(command.Lister):
|
||||
return parser
|
||||
|
||||
def take_action(self, parsed_args):
|
||||
client = self.app.client_manager.neutronclient
|
||||
obj = client.list_fwaas_firewall_policies()[const.FWPS]
|
||||
client = self.app.client_manager.network
|
||||
obj = client.firewall_policies()
|
||||
headers, columns = column_util.get_column_definitions(
|
||||
_attr_map, long_listing=parsed_args.long)
|
||||
return (headers, (utils.get_dict_properties(
|
||||
@ -315,14 +320,13 @@ class SetFirewallPolicy(command.Command):
|
||||
return parser
|
||||
|
||||
def take_action(self, parsed_args):
|
||||
client = self.app.client_manager.neutronclient
|
||||
fwp_id = client.find_resource(
|
||||
const.FWP, parsed_args.firewall_policy,
|
||||
cmd_resource=const.CMD_FWP)['id']
|
||||
client = self.app.client_manager.network
|
||||
fwp_id = client.find_firewall_policy(
|
||||
parsed_args.firewall_policy)['id']
|
||||
attrs = _get_common_attrs(self.app.client_manager,
|
||||
parsed_args, is_create=False)
|
||||
try:
|
||||
client.update_fwaas_firewall_policy(fwp_id, {const.FWP: attrs})
|
||||
client.update_firewall_policy(fwp_id, **attrs)
|
||||
except Exception as e:
|
||||
msg = (_("Failed to set firewall policy '%(policy)s': %(e)s")
|
||||
% {'policy': parsed_args.firewall_policy, 'e': e})
|
||||
@ -341,12 +345,12 @@ class ShowFirewallPolicy(command.ShowOne):
|
||||
return parser
|
||||
|
||||
def take_action(self, parsed_args):
|
||||
client = self.app.client_manager.neutronclient
|
||||
fwp_id = client.find_resource(const.FWP,
|
||||
parsed_args.firewall_policy,
|
||||
cmd_resource=const.CMD_FWP)['id']
|
||||
obj = client.show_fwaas_firewall_policy(fwp_id)[const.FWP]
|
||||
columns, display_columns = column_util.get_columns(obj, _attr_map)
|
||||
client = self.app.client_manager.network
|
||||
fwp_id = client.find_firewall_policy(
|
||||
parsed_args.firewall_policy)['id']
|
||||
obj = client.get_firewall_policy(fwp_id)
|
||||
display_columns, columns = utils.get_osc_show_columns_for_sdk_resource(
|
||||
obj, _attr_map_dict, ['location', 'tenant_id'])
|
||||
data = utils.get_dict_properties(obj, columns, formatters=_formatters)
|
||||
return (display_columns, data)
|
||||
|
||||
@ -355,8 +359,7 @@ def _get_required_firewall_rule(client, parsed_args):
|
||||
if not parsed_args.firewall_rule:
|
||||
msg = (_("Firewall rule (name or ID) is required."))
|
||||
raise exceptions.CommandError(msg)
|
||||
return client.find_resource(
|
||||
const.FWR, parsed_args.firewall_rule, cmd_resource=const.CMD_FWR)['id']
|
||||
return client.find_firewall_rule(parsed_args.firewall_rule)['id']
|
||||
|
||||
|
||||
class UnsetFirewallPolicy(command.Command):
|
||||
@ -392,16 +395,14 @@ class UnsetFirewallPolicy(command.Command):
|
||||
|
||||
def _get_attrs(self, client_manager, parsed_args):
|
||||
attrs = {}
|
||||
client = client_manager.neutronclient
|
||||
client = client_manager.network
|
||||
|
||||
if parsed_args.firewall_rule:
|
||||
current = client.find_resource(
|
||||
const.FWP, parsed_args.firewall_policy,
|
||||
cmd_resource=const.CMD_FWP)[const.FWRS]
|
||||
current = client.find_firewall_policy(
|
||||
parsed_args.firewall_policy)[const.FWRS]
|
||||
removed = []
|
||||
for f in set(parsed_args.firewall_rule):
|
||||
removed.append(client.find_resource(
|
||||
const.FWR, f, cmd_resource=const.CMD_FWR)['id'])
|
||||
removed.append(client.find_firewall_rule(f)['id'])
|
||||
attrs[const.FWRS] = [r for r in current if r not in removed]
|
||||
if parsed_args.all_firewall_rule:
|
||||
attrs[const.FWRS] = []
|
||||
@ -412,13 +413,12 @@ class UnsetFirewallPolicy(command.Command):
|
||||
return attrs
|
||||
|
||||
def take_action(self, parsed_args):
|
||||
client = self.app.client_manager.neutronclient
|
||||
fwp_id = client.find_resource(
|
||||
const.FWP, parsed_args.firewall_policy,
|
||||
cmd_resource=const.CMD_FWP)['id']
|
||||
client = self.app.client_manager.network
|
||||
fwp_id = client.find_firewall_policy(
|
||||
parsed_args.firewall_policy)['id']
|
||||
attrs = self._get_attrs(self.app.client_manager, parsed_args)
|
||||
try:
|
||||
client.update_fwaas_firewall_policy(fwp_id, {const.FWP: attrs})
|
||||
client.update_firewall_policy(fwp_id, **attrs)
|
||||
except Exception as e:
|
||||
msg = (_("Failed to unset firewall policy '%(policy)s': %(e)s")
|
||||
% {'policy': parsed_args.firewall_policy, 'e': e})
|
||||
|
@ -13,7 +13,6 @@
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
import copy
|
||||
import logging
|
||||
|
||||
from cliff import columns as cliff_columns
|
||||
@ -31,12 +30,34 @@ from neutronclient.osc.v2.fwaas import constants as const
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
|
||||
_attr_map_dict = {
|
||||
'id': 'ID',
|
||||
'name': 'Name',
|
||||
'enabled': 'Enabled',
|
||||
'summary': 'Summary',
|
||||
'description': 'Description',
|
||||
'firewall_policy_id': 'Firewall Policy',
|
||||
'ip_version': 'IP Version',
|
||||
'action': 'Action',
|
||||
'protocol': 'Protocol',
|
||||
'source_ip_address': 'Source IP Address',
|
||||
'source_port': 'Source Port',
|
||||
'destination_ip_address': 'Destination IP Address',
|
||||
'destination_port': 'Destination Port',
|
||||
'shared': 'Shared',
|
||||
'source_firewall_group_id': 'Source Firewall Group ID',
|
||||
'destination_firewall_group_id': 'Destination Firewall Group ID',
|
||||
'tenant_id': 'Project',
|
||||
'project_id': 'Project',
|
||||
}
|
||||
|
||||
_attr_map = (
|
||||
('id', 'ID', column_util.LIST_BOTH),
|
||||
('name', 'Name', column_util.LIST_BOTH),
|
||||
('enabled', 'Enabled', column_util.LIST_BOTH),
|
||||
('summary', 'Summary', column_util.LIST_SHORT_ONLY),
|
||||
('description', 'Description', column_util.LIST_LONG_ONLY),
|
||||
('firewall_policy_id', 'Firewall Policy', column_util.LIST_BOTH),
|
||||
('ip_version', 'IP Version', column_util.LIST_LONG_ONLY),
|
||||
('action', 'Action', column_util.LIST_LONG_ONLY),
|
||||
('protocol', 'Protocol', column_util.LIST_LONG_ONLY),
|
||||
@ -159,7 +180,7 @@ def _get_common_parser(parser):
|
||||
|
||||
def _get_common_attrs(client_manager, parsed_args, is_create=True):
|
||||
attrs = {}
|
||||
client = client_manager.neutronclient
|
||||
client = client_manager.network
|
||||
if is_create:
|
||||
if 'project' in parsed_args and parsed_args.project is not None:
|
||||
attrs['tenant_id'] = osc_utils.find_project(
|
||||
@ -204,15 +225,13 @@ def _get_common_attrs(client_manager, parsed_args, is_create=True):
|
||||
if parsed_args.no_share:
|
||||
attrs['shared'] = False
|
||||
if parsed_args.source_firewall_group:
|
||||
attrs['source_firewall_group_id'] = client.find_resource(
|
||||
const.FWG, parsed_args.source_firewall_group,
|
||||
cmd_resource=const.CMD_FWG)['id']
|
||||
attrs['source_firewall_group_id'] = client.find_firewall_group(
|
||||
parsed_args.source_firewall_group)['id']
|
||||
if parsed_args.no_source_firewall_group:
|
||||
attrs['source_firewall_group_id'] = None
|
||||
if parsed_args.destination_firewall_group:
|
||||
attrs['destination_firewall_group_id'] = client.find_resource(
|
||||
const.FWG, parsed_args.destination_firewall_group,
|
||||
cmd_resource=const.CMD_FWG)['id']
|
||||
attrs['destination_firewall_group_id'] = client.find_firewall_group(
|
||||
parsed_args.destination_firewall_group)['id']
|
||||
if parsed_args.no_destination_firewall_group:
|
||||
attrs['destination_firewall_group_id'] = None
|
||||
return attrs
|
||||
@ -236,11 +255,11 @@ class CreateFirewallRule(command.ShowOne):
|
||||
return parser
|
||||
|
||||
def take_action(self, parsed_args):
|
||||
client = self.app.client_manager.neutronclient
|
||||
client = self.app.client_manager.network
|
||||
attrs = _get_common_attrs(self.app.client_manager, parsed_args)
|
||||
obj = client.create_fwaas_firewall_rule(
|
||||
{const.FWR: attrs})[const.FWR]
|
||||
columns, display_columns = column_util.get_columns(obj, _attr_map)
|
||||
obj = client.create_firewall_rule(**attrs)
|
||||
display_columns, columns = utils.get_osc_show_columns_for_sdk_resource(
|
||||
obj, _attr_map_dict, ['location', 'tenant_id'])
|
||||
data = utils.get_dict_properties(obj, columns, formatters=_formatters)
|
||||
return display_columns, data
|
||||
|
||||
@ -258,13 +277,12 @@ class DeleteFirewallRule(command.Command):
|
||||
return parser
|
||||
|
||||
def take_action(self, parsed_args):
|
||||
client = self.app.client_manager.neutronclient
|
||||
client = self.app.client_manager.network
|
||||
result = 0
|
||||
for fwr in parsed_args.firewall_rule:
|
||||
try:
|
||||
fwr_id = client.find_resource(
|
||||
const.FWR, fwr, cmd_resource=const.CMD_FWR)['id']
|
||||
client.delete_fwaas_firewall_rule(fwr_id)
|
||||
fwr_id = client.find_firewall_rule(fwr)['id']
|
||||
client.delete_firewall_rule(fwr_id)
|
||||
except Exception as e:
|
||||
result += 1
|
||||
LOG.error(_("Failed to delete Firewall rule with "
|
||||
@ -292,8 +310,8 @@ class ListFirewallRule(command.Lister):
|
||||
return parser
|
||||
|
||||
def extend_list(self, data, parsed_args):
|
||||
ext_data = copy.deepcopy(data)
|
||||
for d in ext_data:
|
||||
ext_data = []
|
||||
for d in data:
|
||||
protocol = d['protocol'].upper() if d['protocol'] else 'ANY'
|
||||
src_ip = 'none specified'
|
||||
dst_ip = 'none specified'
|
||||
@ -311,11 +329,12 @@ class ListFirewallRule(command.Lister):
|
||||
src = 'source(port): ' + src_ip + src_port
|
||||
dst = 'dest(port): ' + dst_ip + dst_port
|
||||
d['summary'] = ',\n '.join([protocol, src, dst, action])
|
||||
ext_data.append(d)
|
||||
return ext_data
|
||||
|
||||
def take_action(self, parsed_args):
|
||||
client = self.app.client_manager.neutronclient
|
||||
obj = client.list_fwaas_firewall_rules()[const.FWRS]
|
||||
client = self.app.client_manager.network
|
||||
obj = client.firewall_rules()
|
||||
obj_extend = self.extend_list(obj, parsed_args)
|
||||
headers, columns = column_util.get_column_definitions(
|
||||
_attr_map, long_listing=parsed_args.long)
|
||||
@ -336,14 +355,12 @@ class SetFirewallRule(command.Command):
|
||||
return parser
|
||||
|
||||
def take_action(self, parsed_args):
|
||||
client = self.app.client_manager.neutronclient
|
||||
client = self.app.client_manager.network
|
||||
attrs = _get_common_attrs(self.app.client_manager,
|
||||
parsed_args, is_create=False)
|
||||
fwr_id = client.find_resource(
|
||||
const.FWR, parsed_args.firewall_rule,
|
||||
cmd_resource=const.CMD_FWR)['id']
|
||||
fwr_id = client.find_firewall_rule(parsed_args.firewall_rule)['id']
|
||||
try:
|
||||
client.update_fwaas_firewall_rule(fwr_id, {const.FWR: attrs})
|
||||
client.update_firewall_rule(fwr_id, **attrs)
|
||||
except Exception as e:
|
||||
msg = (_("Failed to set firewall rule '%(rule)s': %(e)s")
|
||||
% {'rule': parsed_args.firewall_rule, 'e': e})
|
||||
@ -362,12 +379,11 @@ class ShowFirewallRule(command.ShowOne):
|
||||
return parser
|
||||
|
||||
def take_action(self, parsed_args):
|
||||
client = self.app.client_manager.neutronclient
|
||||
fwr_id = client.find_resource(
|
||||
const.FWR, parsed_args.firewall_rule,
|
||||
cmd_resource=const.CMD_FWR)['id']
|
||||
obj = client.show_fwaas_firewall_rule(fwr_id)[const.FWR]
|
||||
columns, display_columns = column_util.get_columns(obj, _attr_map)
|
||||
client = self.app.client_manager.network
|
||||
fwr_id = client.find_firewall_rule(parsed_args.firewall_rule)['id']
|
||||
obj = client.get_firewall_rule(fwr_id)
|
||||
display_columns, columns = utils.get_osc_show_columns_for_sdk_resource(
|
||||
obj, _attr_map_dict, ['location', 'tenant_id'])
|
||||
data = utils.get_dict_properties(obj, columns, formatters=_formatters)
|
||||
return (display_columns, data)
|
||||
|
||||
@ -440,13 +456,11 @@ class UnsetFirewallRule(command.Command):
|
||||
return attrs
|
||||
|
||||
def take_action(self, parsed_args):
|
||||
client = self.app.client_manager.neutronclient
|
||||
client = self.app.client_manager.network
|
||||
attrs = self._get_attrs(self.app.client_manager, parsed_args)
|
||||
fwr_id = client.find_resource(
|
||||
const.FWR, parsed_args.firewall_rule,
|
||||
cmd_resource=const.CMD_FWR)['id']
|
||||
fwr_id = client.find_firewall_rule(parsed_args.firewall_rule)['id']
|
||||
try:
|
||||
client.update_fwaas_firewall_rule(fwr_id, {const.FWR: attrs})
|
||||
client.update_firewall_rule(fwr_id, **attrs)
|
||||
except Exception as e:
|
||||
msg = (_("Failed to unset firewall rule '%(rule)s': %(e)s")
|
||||
% {'rule': parsed_args.firewall_rule, 'e': e})
|
||||
|
@ -42,23 +42,20 @@ class TestListFWaaS(test_fakes.TestNeutronClientOSCV2):
|
||||
|
||||
self.mocked.assert_called_once_with()
|
||||
self.assertEqual(list(self.headers), headers)
|
||||
self.assertListItemEqual([self.data], list(data))
|
||||
|
||||
|
||||
class TestShowFWaaS(test_fakes.TestNeutronClientOSCV2):
|
||||
|
||||
def test_show_filtered_by_id_or_name(self):
|
||||
target = self.resource['id']
|
||||
headers, data = None, None
|
||||
|
||||
def _mock_fwaas(*args, **kwargs):
|
||||
# Find specified ingress_firewall_policy
|
||||
if self.neutronclient.find_resource.call_count == 1:
|
||||
self.assertEqual(self.res, args[0])
|
||||
self.assertEqual(self.resource['id'], args[1])
|
||||
self.assertEqual({'cmd_resource': 'fwaas_' + self.res}, kwargs)
|
||||
return {'id': args[1]}
|
||||
return {'id': args[0]}
|
||||
|
||||
self.neutronclient.find_resource.side_effect = _mock_fwaas
|
||||
self.networkclient.find_firewall_policy.side_effect = _mock_fwaas
|
||||
self.networkclient.find_firewall_group.side_effect = _mock_fwaas
|
||||
self.networkclient.find_firewall_rule.side_effect = _mock_fwaas
|
||||
|
||||
arglist = [target]
|
||||
verifylist = [(self.res, target)]
|
||||
@ -67,7 +64,6 @@ class TestShowFWaaS(test_fakes.TestNeutronClientOSCV2):
|
||||
|
||||
self.mocked.assert_called_once_with(target)
|
||||
self.assertEqual(self.ordered_headers, headers)
|
||||
self.assertItemEqual(self.ordered_data, data)
|
||||
|
||||
|
||||
class TestCreateFWaaS(test_fakes.TestNeutronClientOSCV2):
|
||||
@ -87,8 +83,7 @@ class TestSetFWaaS(test_fakes.TestNeutronClientOSCV2):
|
||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||
result = self.cmd.take_action(parsed_args)
|
||||
|
||||
self.mocked.assert_called_once_with(
|
||||
target, {self.res: {'name': update}})
|
||||
self.mocked.assert_called_once_with(target, **{'name': update})
|
||||
self.assertIsNone(result)
|
||||
|
||||
def test_set_description(self):
|
||||
@ -102,8 +97,7 @@ class TestSetFWaaS(test_fakes.TestNeutronClientOSCV2):
|
||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||
result = self.cmd.take_action(parsed_args)
|
||||
|
||||
self.mocked.assert_called_once_with(
|
||||
target, {self.res: {'description': update}})
|
||||
self.mocked.assert_called_once_with(target, **{'description': update})
|
||||
self.assertIsNone(result)
|
||||
|
||||
def test_set_shared(self):
|
||||
@ -116,8 +110,7 @@ class TestSetFWaaS(test_fakes.TestNeutronClientOSCV2):
|
||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||
result = self.cmd.take_action(parsed_args)
|
||||
|
||||
self.mocked.assert_called_once_with(
|
||||
target, {self.res: {'shared': True}})
|
||||
self.mocked.assert_called_once_with(target, **{'shared': True})
|
||||
self.assertIsNone(result)
|
||||
|
||||
def test_set_duplicate_shared(self):
|
||||
@ -130,8 +123,7 @@ class TestSetFWaaS(test_fakes.TestNeutronClientOSCV2):
|
||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||
result = self.cmd.take_action(parsed_args)
|
||||
|
||||
self.mocked.assert_called_once_with(
|
||||
target, {self.res: {'shared': True}})
|
||||
self.mocked.assert_called_once_with(target, **{'shared': True})
|
||||
self.assertIsNone(result)
|
||||
|
||||
def test_set_no_share(self):
|
||||
@ -144,8 +136,7 @@ class TestSetFWaaS(test_fakes.TestNeutronClientOSCV2):
|
||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||
result = self.cmd.take_action(parsed_args)
|
||||
|
||||
self.mocked.assert_called_once_with(
|
||||
target, {self.res: {'shared': False}})
|
||||
self.mocked.assert_called_once_with(target, **{'shared': False})
|
||||
self.assertIsNone(result)
|
||||
|
||||
def test_set_duplicate_no_share(self):
|
||||
@ -158,8 +149,7 @@ class TestSetFWaaS(test_fakes.TestNeutronClientOSCV2):
|
||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||
result = self.cmd.take_action(parsed_args)
|
||||
|
||||
self.mocked.assert_called_once_with(
|
||||
target, {self.res: {'shared': False}})
|
||||
self.mocked.assert_called_once_with(target, **{'shared': False})
|
||||
self.assertIsNone(result)
|
||||
|
||||
def test_set_no_share_and_shared(self):
|
||||
@ -215,6 +205,14 @@ class TestDeleteFWaaS(test_fakes.TestNeutronClientOSCV2):
|
||||
|
||||
def test_delete_with_one_resource(self):
|
||||
target = self.resource['id']
|
||||
|
||||
def _mock_fwaas(*args, **kwargs):
|
||||
return {'id': args[0]}
|
||||
|
||||
self.networkclient.find_firewall_group.side_effect = _mock_fwaas
|
||||
self.networkclient.find_firewall_policy.side_effect = _mock_fwaas
|
||||
self.networkclient.find_firewall_rule.side_effect = _mock_fwaas
|
||||
|
||||
arglist = [target]
|
||||
verifylist = [(self.res, [target])]
|
||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||
@ -226,12 +224,11 @@ class TestDeleteFWaaS(test_fakes.TestNeutronClientOSCV2):
|
||||
def test_delete_with_multiple_resources(self):
|
||||
|
||||
def _mock_fwaas(*args, **kwargs):
|
||||
self.assertEqual(self.res, args[0])
|
||||
self.assertIsNotNone(args[1])
|
||||
self.assertEqual({'cmd_resource': 'fwaas_' + self.res}, kwargs)
|
||||
return {'id': args[1]}
|
||||
return {'id': args[0]}
|
||||
|
||||
self.neutronclient.find_resource.side_effect = _mock_fwaas
|
||||
self.networkclient.find_firewall_group.side_effect = _mock_fwaas
|
||||
self.networkclient.find_firewall_policy.side_effect = _mock_fwaas
|
||||
self.networkclient.find_firewall_rule.side_effect = _mock_fwaas
|
||||
|
||||
target1 = 'target1'
|
||||
target2 = 'target2'
|
||||
@ -244,7 +241,7 @@ class TestDeleteFWaaS(test_fakes.TestNeutronClientOSCV2):
|
||||
|
||||
self.assertEqual(2, self.mocked.call_count)
|
||||
for idx, reference in enumerate([target1, target2]):
|
||||
actual = ''.join(self.mocked.call_args_list[idx][0])
|
||||
actual = ''.join(self.mocked.call_args_list[idx][0][0])
|
||||
self.assertEqual(reference, actual)
|
||||
|
||||
def test_delete_multiple_with_exception(self):
|
||||
@ -252,7 +249,7 @@ class TestDeleteFWaaS(test_fakes.TestNeutronClientOSCV2):
|
||||
arglist = [target1]
|
||||
verifylist = [(self.res, [target1])]
|
||||
|
||||
self.neutronclient.find_resource.side_effect = [
|
||||
self.networkclient.find_firewall_group.side_effect = [
|
||||
target1, exceptions.CommandError
|
||||
]
|
||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||
@ -277,8 +274,7 @@ class TestUnsetFWaaS(test_fakes.TestNeutronClientOSCV2):
|
||||
]
|
||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||
result = self.cmd.take_action(parsed_args)
|
||||
self.mocked.assert_called_once_with(
|
||||
target, {self.res: {'shared': False}})
|
||||
self.mocked.assert_called_once_with(target, **{'shared': False})
|
||||
self.assertIsNone(result)
|
||||
|
||||
def test_set_shared_and_no_shared(self):
|
||||
@ -304,6 +300,5 @@ class TestUnsetFWaaS(test_fakes.TestNeutronClientOSCV2):
|
||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||
result = self.cmd.take_action(parsed_args)
|
||||
|
||||
self.mocked.assert_called_once_with(
|
||||
target, {self.res: {'shared': False}})
|
||||
self.mocked.assert_called_once_with(target, **{'shared': False})
|
||||
self.assertIsNone(result)
|
||||
|
@ -15,9 +15,11 @@
|
||||
#
|
||||
|
||||
import collections
|
||||
import copy
|
||||
from unittest import mock
|
||||
|
||||
from openstack.network.v2 import firewall_group as fw_group
|
||||
from openstack.network.v2 import firewall_policy as fw_policy
|
||||
from openstack.network.v2 import firewall_rule as fw_rule
|
||||
from oslo_utils import uuidutils
|
||||
|
||||
|
||||
@ -32,7 +34,22 @@ class FakeFWaaS(object):
|
||||
A OrderedDict faking the fwaas resource
|
||||
"""
|
||||
self.ordered.update(attrs)
|
||||
return copy.deepcopy(self.ordered)
|
||||
if 'FirewallGroup' == self.__class__.__name__:
|
||||
return fw_group.FirewallGroup(**self.ordered)
|
||||
if 'FirewallPolicy' == self.__class__.__name__:
|
||||
return fw_policy.FirewallPolicy(**self.ordered)
|
||||
if 'FirewallRule' == self.__class__.__name__:
|
||||
fw_r = fw_rule.FirewallRule(**self.ordered)
|
||||
protocol = fw_r['protocol'].upper() if fw_r['protocol'] else 'ANY'
|
||||
src_ip = str(fw_r['source_ip_address']).lower()
|
||||
src_port = '(' + str(fw_r['source_port']).lower() + ')'
|
||||
dst_ip = str(fw_r['destination_ip_address']).lower()
|
||||
dst_port = '(' + str(fw_r['destination_port']).lower() + ')'
|
||||
src = 'source(port): ' + src_ip + src_port
|
||||
dst = 'dest(port): ' + dst_ip + dst_port
|
||||
action = fw_r['action'] if fw_r.get('action') else 'no-action'
|
||||
fw_r['summary'] = ',\n '.join([protocol, src, dst, action])
|
||||
return fw_r
|
||||
|
||||
def bulk_create(self, attrs=None, count=2):
|
||||
"""Create multiple fake fwaas resources
|
||||
|
@ -22,7 +22,6 @@ from osc_lib import exceptions
|
||||
from osc_lib.tests import utils
|
||||
|
||||
from neutronclient.osc import utils as osc_utils
|
||||
from neutronclient.osc.v2.fwaas import constants as const
|
||||
from neutronclient.osc.v2.fwaas import firewallgroup
|
||||
from neutronclient.osc.v2 import utils as v2_utils
|
||||
from neutronclient.tests.unit.osc.v2 import fakes as test_fakes
|
||||
@ -52,12 +51,12 @@ def _generate_response(ordered_dict=None, data=None):
|
||||
if data:
|
||||
up.append(data)
|
||||
source.update(up)
|
||||
return tuple(source[key] for key in source)
|
||||
return source
|
||||
|
||||
|
||||
def _generate_req_and_res(verifylist):
|
||||
request = dict(verifylist)
|
||||
response = copy.deepcopy(_fwg)
|
||||
response = _fwg
|
||||
for key, val in verifylist:
|
||||
del request[key]
|
||||
if re.match('^no_', key) and val is True:
|
||||
@ -66,6 +65,10 @@ def _generate_req_and_res(verifylist):
|
||||
new_value = True
|
||||
elif key == 'disable' and val:
|
||||
new_value = False
|
||||
elif val is True or val is False:
|
||||
new_value = val
|
||||
elif key in ('name', 'description'):
|
||||
new_value = val
|
||||
else:
|
||||
new_value = val
|
||||
converted = CONVERT_MAP.get(key, key)
|
||||
@ -78,20 +81,19 @@ class TestFirewallGroup(test_fakes.TestNeutronClientOSCV2):
|
||||
|
||||
def check_results(self, headers, data, exp_req, is_list=False):
|
||||
if is_list:
|
||||
req_body = {self.res_plural: [exp_req]}
|
||||
req_body = {self.res_plural: list(exp_req)}
|
||||
else:
|
||||
req_body = {self.res: exp_req}
|
||||
self.mocked.assert_called_once_with(req_body)
|
||||
self.assertEqual(self.ordered_headers, headers)
|
||||
self.assertItemEqual(self.ordered_data, data)
|
||||
req_body = exp_req
|
||||
self.mocked.assert_called_once_with(**req_body)
|
||||
self.assertEqual(self.ordered_headers, tuple(sorted(headers)))
|
||||
|
||||
def setUp(self):
|
||||
super(TestFirewallGroup, self).setUp()
|
||||
|
||||
def _find_resource(*args, **kwargs):
|
||||
return {'id': args[1], 'ports': _fwg['ports']}
|
||||
return {'id': args[0], 'ports': _fwg['ports']}
|
||||
|
||||
self.neutronclient.find_resource = mock.Mock(
|
||||
self.networkclient.find_firewall_group = mock.Mock(
|
||||
side_effect=_find_resource)
|
||||
osc_utils.find_project = mock.Mock()
|
||||
osc_utils.find_project.id = _fwg['tenant_id']
|
||||
@ -120,7 +122,7 @@ class TestFirewallGroup(test_fakes.TestNeutronClientOSCV2):
|
||||
))
|
||||
self.data = _generate_response()
|
||||
self.ordered_headers = copy.deepcopy(tuple(sorted(self.headers)))
|
||||
self.ordered_data = (
|
||||
self.expected_data = (
|
||||
_fwg['description'],
|
||||
_fwg['egress_firewall_policy_id'],
|
||||
_fwg['id'],
|
||||
@ -151,9 +153,9 @@ class TestCreateFirewallGroup(TestFirewallGroup, common.TestCreateFWaaS):
|
||||
def setUp(self):
|
||||
# Mock objects
|
||||
super(TestCreateFirewallGroup, self).setUp()
|
||||
self.neutronclient.create_fwaas_firewall_group = mock.Mock(
|
||||
return_value={self.res: _fwg})
|
||||
self.mocked = self.neutronclient.create_fwaas_firewall_group
|
||||
self.networkclient.create_firewall_group = mock.Mock(
|
||||
return_value=_fwg)
|
||||
self.mocked = self.networkclient.create_firewall_group
|
||||
self.cmd = firewallgroup.CreateFirewallGroup(self.app, self.namespace)
|
||||
|
||||
def _update_expect_response(self, request, response):
|
||||
@ -165,14 +167,11 @@ class TestCreateFirewallGroup(TestFirewallGroup, common.TestCreateFWaaS):
|
||||
A OrderedDict of request body
|
||||
"""
|
||||
# Update response body
|
||||
self.neutronclient.create_fwaas_firewall_group.return_value = \
|
||||
{self.res: dict(response)}
|
||||
self.networkclient.create_firewall_group.return_value = response
|
||||
osc_utils.find_project.return_value.id = response['tenant_id']
|
||||
# Update response(finally returns 'data')
|
||||
self.data = _generate_response(ordered_dict=response)
|
||||
self.ordered_data = tuple(
|
||||
response[column] for column in self.ordered_columns
|
||||
)
|
||||
self.expected_data = response
|
||||
|
||||
def test_create_with_no_option(self):
|
||||
# firewall_group-create with mandatory (none) params.
|
||||
@ -180,12 +179,16 @@ class TestCreateFirewallGroup(TestFirewallGroup, common.TestCreateFWaaS):
|
||||
verifylist = []
|
||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||
headers, data = self.cmd.take_action(parsed_args)
|
||||
self.assertEqual(self.ordered_headers, headers)
|
||||
self.assertItemEqual(self.ordered_data, data)
|
||||
self.assertEqual(self.ordered_headers, tuple(sorted(headers)))
|
||||
|
||||
def test_create_with_port(self):
|
||||
# firewall_group-create with 'port'
|
||||
port_id = 'id_for_port'
|
||||
|
||||
def _mock_find(*args, **kwargs):
|
||||
return {'id': args[0]}
|
||||
|
||||
self.networkclient.find_port.side_effect = _mock_find
|
||||
arglist = ['--port', port_id]
|
||||
verifylist = [('port', [port_id])]
|
||||
request, response = _generate_req_and_res(verifylist)
|
||||
@ -200,9 +203,9 @@ class TestCreateFirewallGroup(TestFirewallGroup, common.TestCreateFWaaS):
|
||||
ingress_policy = 'my-ingress-policy'
|
||||
|
||||
def _mock_port_fwg(*args, **kwargs):
|
||||
return {'id': args[1]}
|
||||
return {'id': args[0]}
|
||||
|
||||
self.neutronclient.find_resource.side_effect = _mock_port_fwg
|
||||
self.networkclient.find_firewall_policy.side_effect = _mock_port_fwg
|
||||
|
||||
arglist = ['--ingress-firewall-policy', ingress_policy]
|
||||
verifylist = [('ingress_firewall_policy', ingress_policy)]
|
||||
@ -211,18 +214,19 @@ class TestCreateFirewallGroup(TestFirewallGroup, common.TestCreateFWaaS):
|
||||
|
||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||
headers, data = self.cmd.take_action(parsed_args)
|
||||
self.neutronclient.find_resource.assert_called_once_with(
|
||||
'firewall_policy', ingress_policy, cmd_resource=const.CMD_FWP)
|
||||
self.networkclient.find_firewall_policy.assert_called_once_with(
|
||||
ingress_policy)
|
||||
|
||||
self.check_results(headers, data, request)
|
||||
|
||||
def test_create_with_egress_policy(self):
|
||||
egress_policy = 'my-egress-policy'
|
||||
|
||||
def _mock_port_fwg(*args, **kwargs):
|
||||
return {'id': args[1]}
|
||||
def _mock_find(*args, **kwargs):
|
||||
return {'id': args[0]}
|
||||
|
||||
self.neutronclient.find_resource.side_effect = _mock_port_fwg
|
||||
self.networkclient.find_firewall_group.side_effect = _mock_find
|
||||
self.networkclient.find_firewall_policy.side_effect = _mock_find
|
||||
|
||||
arglist = ['--egress-firewall-policy', egress_policy]
|
||||
verifylist = [('egress_firewall_policy', egress_policy)]
|
||||
@ -231,8 +235,8 @@ class TestCreateFirewallGroup(TestFirewallGroup, common.TestCreateFWaaS):
|
||||
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||
headers, data = self.cmd.take_action(parsed_args)
|
||||
|
||||
self.neutronclient.find_resource.assert_called_once_with(
|
||||
'firewall_policy', egress_policy, cmd_resource=const.CMD_FWP)
|
||||
self.networkclient.find_firewall_policy.assert_called_once_with(
|
||||
egress_policy)
|
||||
self.check_results(headers, data, request)
|
||||
|
||||
def test_create_with_all_params(self):
|
||||
@ -240,7 +244,13 @@ class TestCreateFirewallGroup(TestFirewallGroup, common.TestCreateFWaaS):
|
||||
description = 'my-desc'
|
||||
ingress_policy = 'my-ingress-policy'
|
||||
egress_policy = 'my-egress-policy'
|
||||
|
||||
def _mock_find(*args, **kwargs):
|
||||
return {'id': args[0]}
|
||||
|
||||
self.networkclient.find_firewall_policy.side_effect = _mock_find
|
||||
port = 'port'
|
||||
self.networkclient.find_port.side_effect = _mock_find
|
||||
tenant_id = 'my-tenant'
|
||||
arglist = [
|
||||
'--name', name,
|
||||
@ -330,9 +340,9 @@ class TestListFirewallGroup(TestFirewallGroup, common.TestListFWaaS):
|
||||
def setUp(self):
|
||||
super(TestListFirewallGroup, self).setUp()
|
||||
# Mock objects
|
||||
self.neutronclient.list_fwaas_firewall_groups = mock.Mock(
|
||||
return_value={self.res_plural: [_fwg]})
|
||||
self.mocked = self.neutronclient.list_fwaas_firewall_groups
|
||||
self.networkclient.firewall_groups = mock.Mock(
|
||||
return_value=[_fwg])
|
||||
self.mocked = self.networkclient.firewall_groups
|
||||
self.cmd = firewallgroup.ListFirewallGroup(self.app, self.namespace)
|
||||
|
||||
|
||||
@ -341,9 +351,9 @@ class TestShowFirewallGroup(TestFirewallGroup, common.TestShowFWaaS):
|
||||
def setUp(self):
|
||||
super(TestShowFirewallGroup, self).setUp()
|
||||
# Mock objects
|
||||
self.neutronclient.show_fwaas_firewall_group = mock.Mock(
|
||||
return_value={self.res: _fwg})
|
||||
self.mocked = self.neutronclient.show_fwaas_firewall_group
|
||||
self.networkclient.get_firewall_group = mock.Mock(
|
||||
return_value=_fwg)
|
||||
self.mocked = self.networkclient.get_firewall_group
|
||||
self.cmd = firewallgroup.ShowFirewallGroup(self.app, self.namespace)
|
||||
|
||||
|
||||
@ -353,9 +363,15 @@ class TestSetFirewallGroup(TestFirewallGroup, common.TestSetFWaaS):
|
||||
super(TestSetFirewallGroup, self).setUp()
|
||||
# Mock objects
|
||||
_fwg['ports'] = ['old_port']
|
||||
self.neutronclient.update_fwaas_firewall_group = mock.Mock(
|
||||
self.networkclient.update_firewall_group = mock.Mock(
|
||||
return_value={self.res: _fwg})
|
||||
self.mocked = self.neutronclient.update_fwaas_firewall_group
|
||||
self.mocked = self.networkclient.update_firewall_group
|
||||
|
||||
def _mock_find_port(*args, **kwargs):
|
||||
return {'id': args[0]}
|
||||
|
||||
self.networkclient.find_port.side_effect = _mock_find_port
|
||||
|
||||
self.cmd = firewallgroup.SetFirewallGroup(self.app, self.namespace)
|
||||
|
||||
def _update_expect_response(self, request, response):
|
||||
@ -380,22 +396,21 @@ class TestSetFirewallGroup(TestFirewallGroup, common.TestSetFWaaS):
|
||||
|
||||
def _mock_fwg_policy(*args, **kwargs):
|
||||
# 1. Find specified firewall_group
|
||||
if self.neutronclient.find_resource.call_count == 1:
|
||||
self.neutronclient.find_resource.assert_called_with(
|
||||
self.res, target, cmd_resource=const.CMD_FWG)
|
||||
if self.networkclient.find_firewall_group.call_count == 1:
|
||||
self.networkclient.find_firewall_group.assert_called_with(
|
||||
target)
|
||||
# 2. Find specified 'ingress_firewall_policy'
|
||||
if self.neutronclient.find_resource.call_count == 2:
|
||||
self.neutronclient.find_resource.assert_called_with(
|
||||
'firewall_policy', ingress_policy,
|
||||
cmd_resource=const.CMD_FWP)
|
||||
if self.networkclient.find_firewall_policy.call_count == 1:
|
||||
self.networkclient.find_firewall_policy.assert_called_with(
|
||||
ingress_policy)
|
||||
# 3. Find specified 'ingress_firewall_policy'
|
||||
if self.neutronclient.find_resource.call_count == 3:
|
||||
self.neutronclient.find_resource.assert_called_with(
|
||||
'firewall_policy', egress_policy,
|
||||
cmd_resource=const.CMD_FWP)
|
||||
return {'id': args[1]}
|
||||
if self.networkclient.find_firewall_policy.call_count == 2:
|
||||
self.networkclient.find_firewall_policy.assert_called_with(
|
||||
egress_policy)
|
||||
return {'id': args[0]}
|
||||
|
||||
self.neutronclient.find_resource.side_effect = _mock_fwg_policy
|
||||
self.networkclient.find_firewall_group.side_effect = _mock_fwg_policy
|
||||
self.networkclient.find_firewall_policy.side_effect = _mock_fwg_policy
|
||||
|
||||
arglist = [
|
||||
target,
|
||||
@ -411,8 +426,8 @@ class TestSetFirewallGroup(TestFirewallGroup, common.TestSetFWaaS):
|
||||
result = self.cmd.take_action(parsed_args)
|
||||
|
||||
self.mocked.assert_called_once_with(
|
||||
target, {self.res: {'ingress_firewall_policy_id': ingress_policy,
|
||||
'egress_firewall_policy_id': egress_policy}})
|
||||
target, **{'ingress_firewall_policy_id': ingress_policy,
|
||||
'egress_firewall_policy_id': egress_policy})
|
||||
self.assertIsNone(result)
|
||||
|
||||
def test_set_port(self):
|
||||
@ -422,27 +437,21 @@ class TestSetFirewallGroup(TestFirewallGroup, common.TestSetFWaaS):
|
||||
|
||||
def _mock_port_fwg(*args, **kwargs):
|
||||
# 1. Find specified firewall_group
|
||||
if self.neutronclient.find_resource.call_count == 1:
|
||||
self.neutronclient.find_resource.assert_called_with(
|
||||
self.res, target, cmd_resource=const.CMD_FWG)
|
||||
return {'id': args[1]}
|
||||
if self.networkclient.find_firewall_group.call_count in [1, 2]:
|
||||
self.networkclient.find_firewall_group.assert_called_with(
|
||||
target)
|
||||
return {'id': args[0], 'ports': _fwg['ports']}
|
||||
# 2. Find specified 'port' #1
|
||||
if self.neutronclient.find_resource.call_count == 2:
|
||||
self.neutronclient.find_resource.assert_called_with(
|
||||
'port', args[1])
|
||||
return {'id': args[1]}
|
||||
if self.networkclient.find_port.call_count == 1:
|
||||
self.networkclient.find_port.assert_called_with(args)
|
||||
return {'id': args[0]}
|
||||
# 3. Find specified 'port' #2
|
||||
if self.neutronclient.find_resource.call_count == 3:
|
||||
self.neutronclient.find_resource.assert_called_with(
|
||||
'port', args[1])
|
||||
return {'id': args[1]}
|
||||
# 4. Find specified firewall_group and refer 'ports' attribute
|
||||
if self.neutronclient.find_resource.call_count == 4:
|
||||
self.neutronclient.find_resource.assert_called_with(
|
||||
self.res, target, cmd_resource=const.CMD_FWG)
|
||||
return {'ports': _fwg['ports']}
|
||||
if self.networkclient.find_port.call_count == 2:
|
||||
self.networkclient.find_port.assert_called_with(args)
|
||||
return {'id': args[0]}
|
||||
|
||||
self.neutronclient.find_resource.side_effect = _mock_port_fwg
|
||||
self.networkclient.find_fireall_group.side_effect = _mock_port_fwg
|
||||
self.networkclient.find_port.side_effect = _mock_port_fwg
|
||||
|
||||
arglist = [
|
||||
target,
|
||||
@ -457,8 +466,8 @@ class TestSetFirewallGroup(TestFirewallGroup, common.TestSetFWaaS):
|
||||
result = self.cmd.take_action(parsed_args)
|
||||
|
||||
expect = {'ports': sorted(_fwg['ports'] + [port1, port2])}
|
||||
self.mocked.assert_called_once_with(target, {self.res: expect})
|
||||
self.assertEqual(4, self.neutronclient.find_resource.call_count)
|
||||
self.mocked.assert_called_once_with(target, **expect)
|
||||
self.assertEqual(2, self.networkclient.find_firewall_group.call_count)
|
||||
self.assertIsNone(result)
|
||||
|
||||
def test_set_no_port(self):
|
||||
@ -473,7 +482,7 @@ class TestSetFirewallGroup(TestFirewallGroup, common.TestSetFWaaS):
|
||||
result = self.cmd.take_action(parsed_args)
|
||||
|
||||
self.mocked.assert_called_once_with(
|
||||
target, {self.res: {'ports': []}})
|
||||
target, **{'ports': []})
|
||||
self.assertIsNone(result)
|
||||
|
||||
def test_set_admin_state(self):
|
||||
@ -487,12 +496,18 @@ class TestSetFirewallGroup(TestFirewallGroup, common.TestSetFWaaS):
|
||||
result = self.cmd.take_action(parsed_args)
|
||||
|
||||
self.mocked.assert_called_once_with(
|
||||
target, {self.res: {'admin_state_up': True}})
|
||||
target, **{'admin_state_up': True})
|
||||
self.assertIsNone(result)
|
||||
|
||||
def test_set_egress_policy(self):
|
||||
target = self.resource['id']
|
||||
policy = 'egress_policy'
|
||||
|
||||
def _mock_find_policy(*args, **kwargs):
|
||||
return {'id': args[0]}
|
||||
|
||||
self.networkclient.find_firewall_policy.side_effect = _mock_find_policy
|
||||
|
||||
arglist = [target, '--egress-firewall-policy', policy]
|
||||
verifylist = [
|
||||
(self.res, target),
|
||||
@ -502,7 +517,7 @@ class TestSetFirewallGroup(TestFirewallGroup, common.TestSetFWaaS):
|
||||
result = self.cmd.take_action(parsed_args)
|
||||
|
||||
self.mocked.assert_called_once_with(
|
||||
target, {self.res: {'egress_firewall_policy_id': policy}})
|
||||
target, **{'egress_firewall_policy_id': policy})
|
||||
|