x/group-based-policy
Code Issues Proposed changes

UTs refactor

Browse Source 
- Easier update resource API;
- Easier show resources API;
- User context used by utility methods;
- General cleanup
- PRS rules on security groups verification framework;

Closes-Bug: 1397721
Closes-Bug: 1403256
Closes-Bug: 1403258

Change-Id: Ife80c21ae61fe432130c7c5265c8b79a2b693563
This commit is contained in:
Ivar Lazzaro 2014-12-08 18:10:17 -08:00
parent 5a777a656b
commit 3521b8869f
15 changed files with 1151 additions and 1207 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
etc/policy.json
View File

@ -44,5 +44,20 @@
"create_network_service_policy": "",
"create_network_service_policy:shared": "rule:admin_only",
"get_network_service_policy": "rule:admin_or_owner or rule:gbp_shared",
"update_network_service_policy:shared": "rule:admin_only"
"update_network_service_policy:shared": "rule:admin_only",
"create_external_segment": "",
"create_external_segment:shared": "rule:admin_only",
"get_external_segment": "rule:admin_or_owner or rule:gbp_shared",
"update_external_segment:shared": "rule:admin_only",
"create_external_policy": "",
"create_external_policy:shared": "rule:admin_only",
"get_external_policy": "rule:admin_or_owner or rule:gbp_shared",
"update_external_policy:shared": "rule:admin_only",
"create_nat_pool": "",
"create_nat_pool:shared": "rule:admin_only",
"get_nat_pool": "rule:admin_or_owner or rule:gbp_shared",
"update_nat_pool:shared": "rule:admin_only"
}

41
etc/test-policy.json Normal file
View File

@ -0,0 +1,41 @@
{
"context_is_admin": "role:admin",
"admin_or_owner": "rule:context_is_admin or tenant_id:%(tenant_id)s",
"admin_only": "rule:context_is_admin",
"regular_user": "",
"default": "rule:admin_or_owner",
"gbp_shared": "field:policy_target_groups:shared=True",
"create_policy_target_group": "",
"get_policy_target_group": "rule:admin_or_owner or rule:gbp_shared",
"create_l2_policy": "",
"get_l2_policy": "rule:admin_or_owner or rule:gbp_shared",
"create_l3_policy": "",
"get_l3_policy": "rule:admin_or_owner or rule:gbp_shared",
"create_policy_classifier": "",
"get_policy_classifier": "rule:admin_or_owner or rule:gbp_shared",
"create_policy_action": "",
"get_policy_action": "rule:admin_or_owner or rule:gbp_shared",
"create_policy_rule": "",
"get_policy_rule": "rule:admin_or_owner or rule:gbp_shared",
"create_policy_rule_set": "",
"get_policy_rule_set": "rule:admin_or_owner or rule:gbp_shared",
"create_network_service_policy": "",
"get_network_service_policy": "rule:admin_or_owner or rule:gbp_shared",
"create_external_segment": "",
"get_external_segment": "rule:admin_or_owner or rule:gbp_shared",
"create_external_policy": "",
"get_external_policy": "rule:admin_or_owner or rule:gbp_shared",
"create_nat_pool": "",
"get_nat_pool": "rule:admin_or_owner or rule:gbp_shared"
}

10
gbp/neutron/services/grouppolicy/drivers/cisco/apic/apic_mapping.py
View File

@ -224,9 +224,11 @@ class ApicMappingDriver(api.ResourceMappingDriver):
with self.apic_manager.apic.transaction(None) as trs:
self.apic_manager.create_contract(
contract, owner=tenant, transaction=trs)
rules = self.gbp_plugin.get_policy_rules(
context._plugin_context,
{'id': context.current['policy_rules']})
self._apply_policy_rule_set_rules(
context, context.current, context.current['policy_rules'],
transaction=trs)
context, context.current, rules, transaction=trs)
def create_policy_target_postcommit(self, context):
# The path needs to be created at bind time, this will be taken
@ -655,9 +657,7 @@ class ApicMappingDriver(api.ResourceMappingDriver):
context.current['id'])
in_dir = [g_const.GP_DIRECTION_BI, g_const.GP_DIRECTION_IN]
out_dir = [g_const.GP_DIRECTION_BI, g_const.GP_DIRECTION_OUT]
filters = {'id': policy_rules}
for rule in context._plugin.get_policy_rules(
context._plugin_context, filters=filters):
for rule in policy_rules:
policy_rule = self.name_mapper.policy_rule(context, rule['id'])
rule_owner = self._tenant_by_sharing_policy(rule)
classifier = context._plugin.get_policy_classifier(

176
gbp/neutron/services/grouppolicy/drivers/resource_mapping.py
View File

@ -360,6 +360,9 @@ class ResourceMappingDriver(api.PolicyDriver):
self._update_sgs_on_ptg(context, ptg_id,
removed_provided_prs,
removed_consumed_prs, "DISASSOCIATE")
subnets = context.original['subnets']
self._unset_sg_rules_for_subnets(
context, subnets, removed_provided_prs, removed_consumed_prs)
# Deal with new added subnets for default SG
# Subnet removal not possible for now
new_subnets = list(set(context.current['subnets']) -
@ -509,7 +512,7 @@ class ResourceMappingDriver(api.PolicyDriver):
pr_sets = context._plugin._get_policy_rule_policy_rule_sets(
context._plugin_context, pr_id)
self._update_policy_rule_sg_rules(context, pr_sets,
policy_rule, None, context.original, context.current)
policy_rule, context.original, context.current)
@log.log
def delete_policy_classifier_precommit(self, context):
@ -568,13 +571,17 @@ class ResourceMappingDriver(api.PolicyDriver):
new_classifier_id = context.current['policy_classifier_id']
old_action_set = set(context.current['policy_actions'])
new_action_set = set(context.original['policy_actions'])
if old_classifier_id != new_classifier_id or \
old_action_set != new_action_set:
policy_rule_sets =\
if (old_classifier_id != new_classifier_id or
old_action_set != new_action_set):
policy_rule_sets = (
context._plugin._get_policy_rule_policy_rule_sets(
context._plugin_context, context.current['id'])
self._update_policy_rule_sg_rules(context, policy_rule_sets,
context.original, context.current)
context._plugin_context, context.current['id']))
for prs in context._plugin.get_policy_rule_sets(
context._plugin_context, filters={'id': policy_rule_sets}):
self._remove_policy_rule_set_rules(context, prs,
[context.original])
self._apply_policy_rule_set_rules(context, prs,
[context.current])
@log.log
def delete_policy_rule_precommit(self, context):
@ -586,16 +593,10 @@ class ResourceMappingDriver(api.PolicyDriver):
@log.log
def delete_policy_rule_postcommit(self, context):
for policy_rule_set_id in context._rmd_policy_rule_sets_temp:
policy_rule_set = context._plugin.get_policy_rule_set(
context._plugin_context, policy_rule_set_id)
policy_rule_set_sg_mappings = self._get_policy_rule_set_sg_mapping(
context._plugin_context.session, policy_rule_set['id'])
cidr_mapping = self._get_ptg_cidrs_mapping(
context, policy_rule_set)
self._add_or_remove_policy_rule_set_rule(
context, context.current, policy_rule_set_sg_mappings,
cidr_mapping, unset=True)
for prs in context._plugin.get_policy_rule_sets(
context._plugin_context,
filters={'id': context.current['policy_rule_sets']}):
self._remove_policy_rule_set_rules(context, prs, [context.current])
@log.log
def create_policy_rule_set_precommit(self, context):
@ -612,8 +613,10 @@ class ResourceMappingDriver(api.PolicyDriver):
self._set_policy_rule_set_sg_mapping(
context._plugin_context.session, policy_rule_set_id,
consumed_sg_id, provided_sg_id)
self._apply_policy_rule_set_rules(
context, context.current, context.current['policy_rules'])
rules = context._plugin.get_policy_rules(
context._plugin_context,
{'id': context.current['policy_rules']})
self._apply_policy_rule_set_rules(context, context.current, rules)
@log.log
def update_policy_rule_set_precommit(self, context):
@ -624,8 +627,10 @@ class ResourceMappingDriver(api.PolicyDriver):
# Update policy_rule_set rules
old_rules = set(context.original['policy_rules'])
new_rules = set(context.current['policy_rules'])
to_add = new_rules - old_rules
to_remove = old_rules - new_rules
to_add = context._plugin.get_policy_rules(
context._plugin_context, {'id': new_rules - old_rules})
to_remove = context._plugin.get_policy_rules(
context._plugin_context, {'id': old_rules - new_rules})
self._remove_policy_rule_set_rules(context, context.current, to_remove)
self._apply_policy_rule_set_rules(context, context.current, to_add)
# Update children contraint
@ -1012,7 +1017,14 @@ class ResourceMappingDriver(api.PolicyDriver):
'name': sg_name_prefix + '_' + context.current['name'],
'description': '',
'security_group_rules': ''}
return self._create_sg(context._plugin_context, attrs)
sg = self._create_sg(context._plugin_context, attrs)
# Cleanup default rules
for rule in self._core_plugin.get_security_group_rules(
context._plugin_context,
filters={'security_group_id': [sg['id']]}):
self._core_plugin.delete_security_group_rule(
context._plugin_context, rule['id'])
return sg
def _handle_policy_rule_sets(self, context):
# This method handles policy_rule_set => SG mapping
@ -1039,29 +1051,22 @@ class ResourceMappingDriver(api.PolicyDriver):
# updates sg rules corresponding to a policy rule
def _update_policy_rule_sg_rules(self, context, policy_rule_sets,
old_policy_rule, new_policy_rule,
old_classifier=None, new_classifier=None):
policy_rule, old_classifier=None,
new_classifier=None):
policy_rule_set_list = context._plugin.get_policy_rule_sets(
context._plugin_context, filters={'id': policy_rule_sets})
for policy_rule_set in policy_rule_set_list:
policy_rule_set_sg_mappings = self._get_policy_rule_set_sg_mapping(
context._plugin_context.session, policy_rule_set['id'])
cidr_mapping = self._get_ptg_cidrs_mapping(
cidr_mapping = self._get_cidrs_mapping(
context, policy_rule_set)
if old_classifier:
self._add_or_remove_policy_rule_set_rule(
context, old_policy_rule, policy_rule_set_sg_mappings,
cidr_mapping, unset=True, classifier=old_classifier)
self._add_or_remove_policy_rule_set_rule(
context, old_policy_rule, policy_rule_set_sg_mappings,
cidr_mapping, classifier=new_classifier)
else:
self._add_or_remove_policy_rule_set_rule(
context, old_policy_rule, policy_rule_set_sg_mappings,
cidr_mapping, unset=True)
self._add_or_remove_policy_rule_set_rule(
context, new_policy_rule, policy_rule_set_sg_mappings,
cidr_mapping)
self._add_or_remove_policy_rule_set_rule(
context, policy_rule, policy_rule_set_sg_mappings,
cidr_mapping, unset=True, unset_egress=True,
classifier=old_classifier)
self._add_or_remove_policy_rule_set_rule(
context, policy_rule, policy_rule_set_sg_mappings,
cidr_mapping, classifier=new_classifier)
def _set_policy_ipaddress_mapping(self, session, service_policy_id,
policy_target_group, ipaddress):
@ -1617,10 +1622,9 @@ class ResourceMappingDriver(api.PolicyDriver):
else:
self._disassoc_sgs_from_pt(context, pt_id, sg_list)
# context should be PTG
def _set_sg_rules_for_subnets(
def _set_or_unset_rules_for_subnets(
self, context, subnets, provided_policy_rule_sets,
consumed_policy_rule_sets):
consumed_policy_rule_sets, unset=False):
if not provided_policy_rule_sets and not consumed_policy_rule_sets:
return
@ -1630,9 +1634,24 @@ class ResourceMappingDriver(api.PolicyDriver):
subnet_id)
cidr = subnet['cidr']
cidr_list.append(cidr)
self._set_sg_rules_for_cidrs(context, cidr_list,
provided_policy_rule_sets,
consumed_policy_rule_sets)
self._set_or_unset_rules_for_cidrs(
context, cidr_list, provided_policy_rule_sets,
consumed_policy_rule_sets, unset=unset)
# context should be PTG
def _set_sg_rules_for_subnets(
self, context, subnets, provided_policy_rule_sets,
consumed_policy_rule_sets):
self._set_or_unset_rules_for_subnets(
context, subnets, provided_policy_rule_sets,
consumed_policy_rule_sets)
def _unset_sg_rules_for_subnets(
self, context, subnets, provided_policy_rule_sets,
consumed_policy_rule_sets):
self._set_or_unset_rules_for_subnets(
context, subnets, provided_policy_rule_sets,
consumed_policy_rule_sets, unset=True)
def _set_sg_rules_for_cidrs(self, context, cidr_list,
provided_policy_rule_sets,
@ -1671,35 +1690,22 @@ class ResourceMappingDriver(api.PolicyDriver):
cidr_mapping, unset=unset)
def _manage_policy_rule_set_rules(self, context, policy_rule_set,
policy_rules, unset=False):
policy_rules, unset=False,
unset_egress=False):
policy_rule_set_sg_mappings = self._get_policy_rule_set_sg_mapping(
context._plugin_context.session, policy_rule_set['id'])
policy_rule_set = context._plugin.get_policy_rule_set(
context._plugin_context, policy_rule_set['id'])
cidr_mapping = self._get_ptg_cidrs_mapping(context, policy_rule_set)
providing_eps = policy_rule_set['providing_external_policies']
providing_eps = context._plugin.get_external_policies(
context._plugin_context, filters={'id': providing_eps})
for ep in providing_eps:
cidr_mapping['providing_cidrs'].extend(
self._get_processed_ep_cidr_list(context, ep))
consuming_eps = policy_rule_set['consuming_external_policies']
consuming_eps = context._plugin.get_external_policies(
context._plugin_context, filters={'id': consuming_eps})
for ep in consuming_eps:
cidr_mapping['consuming_cidrs'].extend(
self._get_processed_ep_cidr_list(context, ep))
for policy_rule_id in policy_rules:
policy_rule = context._plugin.get_policy_rule(
context._plugin_context, policy_rule_id)
cidr_mapping = self._get_cidrs_mapping(context, policy_rule_set)
for policy_rule in policy_rules:
self._add_or_remove_policy_rule_set_rule(
context, policy_rule, policy_rule_set_sg_mappings,
cidr_mapping, unset=unset)
cidr_mapping, unset=unset, unset_egress=unset_egress)
def _add_or_remove_policy_rule_set_rule(self, context, policy_rule,
policy_rule_set_sg_mappings,
cidr_mapping, unset=False,
unset_egress=False,
classifier=None):
in_out = [gconst.GP_DIRECTION_IN, gconst.GP_DIRECTION_OUT]
prov_cons = [policy_rule_set_sg_mappings['provided_sg_id'],
@ -1723,15 +1729,17 @@ class ResourceMappingDriver(api.PolicyDriver):
cidr, unset=unset)
if classifier['direction'] in [gconst.GP_DIRECTION_BI,
in_out[pos - 1]]:
# TODO(ivar): IPv6 support
self._sg_egress_rule(context, sg, protocol, port_range,
'0.0.0.0/0', unset=unset)
'0.0.0.0/0', unset=unset_egress)
def _apply_policy_rule_set_rules(self, context, policy_rule_set,
policy_rules):
if policy_rule_set['parent_id']:
parent = context._plugin.get_policy_rule_set(
context._plugin_context, policy_rule_set['parent_id'])
policy_rules = policy_rules & set(parent['policy_rules'])
policy_rules = [x for x in policy_rules
if x['if'] in set(parent['policy_rules'])]
# Don't add rules unallowed by the parent
self._manage_policy_rule_set_rules(
context, policy_rule_set, policy_rules)
@ -1739,7 +1747,8 @@ class ResourceMappingDriver(api.PolicyDriver):
def _remove_policy_rule_set_rules(self, context, policy_rule_set,
policy_rules):
self._manage_policy_rule_set_rules(
context, policy_rule_set, policy_rules, unset=True)
context, policy_rule_set, policy_rules, unset=True,
unset_egress=True)
def _recompute_policy_rule_sets(self, context, children):
# Rules in child but not in parent shall be removed
@ -1752,9 +1761,13 @@ class ResourceMappingDriver(api.PolicyDriver):
parent = context._plugin.get_policy_rule_set(
context._plugin_context, child['parent_id'])
parent_rules = set(parent['policy_rules'])
self._remove_policy_rule_set_rules(
context, child, child_rules - parent_rules)
delta_rules = context._plugin.get_policy_rules(
context._plugin_context,
filters={'id': child_rules - parent_rules})
self._remove_policy_rule_set_rules(context, child, delta_rules)
# Old parent may have filtered some rules, need to add them again
child_rules = context._plugin.get_policy_rules(
context._plugin_context, filters={'id': child_rules})
self._apply_policy_rule_set_rules(context, child, child_rules)
def _get_default_security_group(self, plugin_context, ptg_id,
@ -1808,12 +1821,26 @@ class ResourceMappingDriver(api.PolicyDriver):
context._plugin_context, x)['cidr'] for x in ptg['subnets']])
return cidrs
def _get_ptg_cidrs_mapping(self, context, policy_rule_set):
def _get_ep_cidrs(self, context, eps):
cidrs = []
eps = context._plugin.get_external_policies(
context._plugin_context, filters={'id': eps})
for ep in eps:
cidrs.extend(self._get_processed_ep_cidr_list(context, ep))
return cidrs
def _get_cidrs_mapping(self, context, policy_rule_set):
providing_eps = policy_rule_set['providing_external_policies']
consuming_eps = policy_rule_set['consuming_external_policies']
providing_ptgs = policy_rule_set['providing_policy_target_groups']
consuming_ptgs = policy_rule_set['consuming_policy_target_groups']
return {
'providing_cidrs': self._get_ptg_cidrs(
context, policy_rule_set['providing_policy_target_groups']),
context, providing_ptgs) + self._get_ep_cidrs(context,
providing_eps),
'consuming_cidrs': self._get_ptg_cidrs(
context, policy_rule_set['consuming_policy_target_groups'])}
context, consuming_ptgs) + self._get_ep_cidrs(context,
consuming_eps)}
def _set_ptg_servicechain_instance_mapping(self, session, provider_ptg_id,
consumer_ptg_id,
@ -1937,7 +1964,10 @@ class ResourceMappingDriver(api.PolicyDriver):
routes = []
for es in es_list:
routes += es['external_routes']
self._update_router(context._plugin_context,
# NOTE(ivar): the context needs to be elevated because the external
# gateway port is created by Neutron without any tenant_id! Which makes
# it visible only from an admin context.
self._update_router(context._plugin_context.elevated(),
context.current['routers'][0],
{'routes': [x for x in routes if x['nexthop']]})

4
gbp/neutron/services/grouppolicy/plugin.py
View File

@ -91,6 +91,8 @@ class GroupPolicyPlugin(group_policy_mapping_db.GroupPolicyMappingDbPlugin):
return self._plurals
def _validate_shared_create(self, context, obj, identity):
# Need admin context to check sharing constraints
context = context.elevated()
if not obj.get('shared'):
return
links = self.usage_graph.get(identity, {})
@ -110,6 +112,8 @@ class GroupPolicyPlugin(group_policy_mapping_db.GroupPolicyMappingDbPlugin):
ref_type=ref_type, ref_id=linked['id'])
def _validate_shared_update(self, context, original, updated, identity):
# Need admin context to check sharing constraints
context = context.elevated()
if updated.get('shared'):
# Even though the shared attribute may not be changed, the objects
# it is referring to might. For this reson we run the reference

302
gbp/neutron/tests/unit/common.py Normal file
View File

@ -0,0 +1,302 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from neutron.openstack.common import uuidutils
_uuid = uuidutils.generate_uuid
def gbp_attributes(func):
def inner(**kwargs):
attrs = func()
attrs.update(kwargs)
return attrs
return inner
@gbp_attributes
def get_create_policy_target_default_attrs():
return {'name': '', 'description': '', 'policy_target_group_id': None}
@gbp_attributes
def get_create_policy_target_attrs():
return {'name': 'ep1', 'policy_target_group_id': _uuid(),
'tenant_id': _uuid(), 'description': 'test policy_target'}
@gbp_attributes
def get_update_policy_target_attrs():
return {'name': 'new_name'}
@gbp_attributes
def get_create_policy_target_group_default_attrs():
return {'name': '', 'description': '', 'l2_policy_id': None,
'provided_policy_rule_sets': {},
'consumed_policy_rule_sets': {},
'network_service_policy_id': None, 'shared': False}
@gbp_attributes
def get_create_policy_target_group_attrs():
return {'name': 'ptg1', 'tenant_id': _uuid(),
'description': 'test policy_target group',
'l2_policy_id': _uuid(),
'provided_policy_rule_sets': {_uuid(): None},
'consumed_policy_rule_sets': {_uuid(): None},
'network_service_policy_id': _uuid(),
'shared': False}
@gbp_attributes
def get_update_policy_target_group_attrs():
return {'name': 'new_name'}
@gbp_attributes
def get_create_l2_policy_default_attrs():
return {'name': '', 'description': '', 'shared': False}
@gbp_attributes
def get_create_l2_policy_attrs():
return {'name': 'l2p1', 'tenant_id': _uuid(),
'description': 'test L2 policy', 'l3_policy_id': _uuid(),
'shared': False}
@gbp_attributes
def get_update_l2_policy_attrs():
return {'name': 'new_name'}
@gbp_attributes
def get_create_l3_policy_default_attrs():
return {'name': '', 'description': '', 'ip_version': 4,
'ip_pool': '10.0.0.0/8', 'subnet_prefix_length': 24,
'external_segments': {}, 'shared': False}
@gbp_attributes
def get_create_l3_policy_attrs():
return {'name': 'l3p1', 'tenant_id': _uuid(),
'description': 'test L3 policy', 'ip_version': 6,
'ip_pool': 'fd01:2345:6789::/48',
'external_segments': {_uuid(): ['192.168.0.3']},
'subnet_prefix_length': 64, 'shared': False}
@gbp_attributes
def get_update_l3_policy_attrs():
return {'name': 'new_name'}
@gbp_attributes
def get_create_policy_action_default_attrs():
return {'name': '',
'description': '',
'action_type': 'allow',
'action_value': None,
'shared': False}
@gbp_attributes
def get_create_policy_action_attrs():
return {'name': 'pa1',
'tenant_id': _uuid(),
'description': 'test policy action',
'action_type': 'redirect',
'action_value': _uuid(),
'shared': False}
@gbp_attributes
def get_update_policy_action_attrs():
return {'name': 'new_name'}
@gbp_attributes
def get_create_policy_classifier_default_attrs():
return {'name': '',
'description': '',
'protocol': None,
'port_range': None,
'direction': None,
'shared': False}
@gbp_attributes
def get_create_policy_classifier_attrs():
return {'name': 'pc1',
'description': 'test policy classifier',
'tenant_id': _uuid(),
'protocol': 'tcp',
'port_range': '100:200',
'direction': 'in',
'shared': False}
@gbp_attributes
def get_update_policy_classifier_attrs():
return {'name': 'new_name'}
@gbp_attributes
def get_create_policy_rule_default_attrs():
return {'name': '',
'description': '',
'enabled': True,
'policy_actions': [],
'shared': False}
@gbp_attributes
def get_create_policy_rule_attrs():
return {'name': 'pr1',
'description': 'test policy rule',
'tenant_id': _uuid(),
'enabled': True,
'policy_classifier_id': _uuid(),
'policy_actions': [_uuid()],
'shared': False}
@gbp_attributes
def get_update_policy_rule_attrs():
return {'name': 'new_name'}
@gbp_attributes
def get_create_policy_rule_set_default_attrs():
return {'name': '',
'description': '',
'child_policy_rule_sets': [],
'policy_rules': [],
'shared': False}
@gbp_attributes
def get_create_policy_rule_set_attrs():
return {'name': 'policy_rule_set1',
'description': 'test policy_rule_set',
'tenant_id': _uuid(),
'child_policy_rule_sets': [_uuid()],
'policy_rules': [_uuid()],
'shared': False}
@gbp_attributes
def get_update_policy_rule_set_attrs():
return {'name': 'new_name'}
@gbp_attributes
def get_create_network_service_policy_default_attrs():
return {'name': '', 'description': '',
'network_service_params': [], 'shared': False}
@gbp_attributes
def get_create_network_service_policy_attrs():
return {'name': 'nsp1', 'tenant_id': _uuid(),
'shared': False,
'description': 'test Net Svc Policy',
'network_service_params': [{'type': 'ip_single', 'name': 'vip',
'value': 'self_subnet'}]}
@gbp_attributes
def get_update_network_service_policy_attrs():
return {'name': 'new_name'}
@gbp_attributes
def get_create_external_policy_default_attrs():
return {'name': '', 'description': '',
'external_segments': [],
'provided_policy_rule_sets': {},
'consumed_policy_rule_sets': {},
'shared': False}
@gbp_attributes
def get_create_external_policy_attrs():
return {'name': 'ep1', 'tenant_id': _uuid(),
'description': 'test ep',
'external_segments': [_uuid()],
'provided_policy_rule_sets': {_uuid(): None},
'consumed_policy_rule_sets': {_uuid(): None},
'shared': False}
@gbp_attributes
def get_update_external_policy_attrs():
return {'name': 'new_name'}
@gbp_attributes
def get_create_external_segment_default_attrs():
return {'name': '', 'description': '',
'external_routes': [],
'ip_version': 4,
'cidr': '172.16.0.0/12',
'port_address_translation': False,
'shared': False}
@gbp_attributes
def get_create_external_segment_attrs():
return {'name': 'es1', 'tenant_id': _uuid(),
'description': 'test ep',
'external_routes': [{'destination': '0.0.0.0/0',
'nexthop': '192.168.0.1'}],
'cidr': '192.168.0.0/24',
'ip_version': 4, 'port_address_translation': True,
'shared': False}
@gbp_attributes
def get_update_external_segment_attrs():
return {'name': 'new_name'}
@gbp_attributes
def get_create_nat_pool_default_attrs():
return {'name': '', 'description': '',
'external_segment_id': None, 'ip_version': 4,
'ip_pool': '172.16.0.0/16',
'shared': False}
@gbp_attributes
def get_create_nat_pool_attrs():
return {'name': 'es1', 'tenant_id': _uuid(),
'description': 'test ep',
'ip_version': 4,
'ip_pool': '172.16.0.0/16',
'external_segment_id': _uuid(),
'shared': False}
@gbp_attributes
def get_update_nat_pool_attrs():
return {'name': 'new_name'}
def get_resource_plural(resource):
if resource.endswith('y'):
resource_plural = resource.replace('y', 'ies')
else:
resource_plural = resource + 's'
return resource_plural

522
gbp/neutron/tests/unit/db/grouppolicy/test_group_policy_db.py
View File

@ -22,10 +22,12 @@ from neutron.openstack.common import uuidutils
from neutron.plugins.common import constants
from neutron.tests.unit import test_db_plugin
from neutron.tests.unit import test_extensions
from oslo.config import cfg
from gbp.neutron.db.grouppolicy import group_policy_db as gpdb
import gbp.neutron.extensions
from gbp.neutron.extensions import group_policy as gpolicy
from gbp.neutron.tests.unit import common as cm
JSON_FORMAT = 'json'
@ -40,18 +42,41 @@ class GroupPolicyDBTestBase(object):
fmt = JSON_FORMAT
def _get_resource_plural(self, resource):
if resource.endswith('y'):
resource_plural = resource.replace('y', 'ies')
else:
resource_plural = resource + 's'
def __getattr__(self, item):
# Verify is an update of a proper GBP object
def _is_gbp_resource(plural):
return plural in gpolicy.RESOURCE_ATTRIBUTE_MAP
# Update Method
if item.startswith('update_'):
resource = item[len('update_'):]
plural = cm.get_resource_plural(resource)
if _is_gbp_resource(plural):
def update_wrapper(id, **kwargs):
return self._update_gbp_resource(id, resource, **kwargs)
return update_wrapper
# Show Method
if item.startswith('show_'):
resource = item[len('show_'):]
plural = cm.get_resource_plural(resource)
if _is_gbp_resource(plural):
def show_wrapper(id):
return self._show_gbp_resource(id, plural)
return show_wrapper
# Create Method
if item.startswith('create_'):
resource = item[len('create_'):]
plural = cm.get_resource_plural(resource)
if _is_gbp_resource(plural):
def create_wrapper(**kwargs):
return self._create_gbp_resource(resource, **kwargs)
return create_wrapper
return resource_plural
raise AttributeError
def _test_list_resources(self, resource, items,
neutron_context=None,
query_params=None):
resource_plural = self._get_resource_plural(resource)
resource_plural = cm.get_resource_plural(resource)
res = self._list(resource_plural,
neutron_context=neutron_context,
@ -60,382 +85,54 @@ class GroupPolicyDBTestBase(object):
self.assertEqual(sorted([i['id'] for i in res[resource_plural]]),
sorted([i[resource]['id'] for i in items]))
def _get_test_policy_target_attrs(
self, name='pt1', description='test pt', policy_target_group_id=None):
attrs = {'name': name, 'description': description,
'policy_target_group_id': policy_target_group_id,
'tenant_id': self._tenant_id}
return attrs
def _get_test_policy_target_group_attrs(self, name='ptg1',
description='test ptg',
l2_policy_id=None,
provided_policy_rule_sets=None,
consumed_policy_rule_sets=None):
pprs_ids = cprs_ids = []
if provided_policy_rule_sets:
pprs_ids = [pprs_id for pprs_id in provided_policy_rule_sets]
if consumed_policy_rule_sets:
cprs_ids = [cc_id for cc_id in consumed_policy_rule_sets]
attrs = {'name': name, 'description': description,
'tenant_id': self._tenant_id, 'l2_policy_id': l2_policy_id,
'provided_policy_rule_sets': pprs_ids,
'consumed_policy_rule_sets': cprs_ids}
return attrs
def _get_test_l2_policy_attrs(self, name='l2p1',
description='test l2_policy',
l3_policy_id=None):
attrs = {'name': name, 'description': description,
'tenant_id': self._tenant_id, 'l3_policy_id': l3_policy_id}
return attrs
def _get_test_l3_policy_attrs(self, name='l3p1',
description='test l3_policy',
ip_version=4, ip_pool='10.0.0.0/8',
subnet_prefix_length=24,
external_segments=None):
external_segments = external_segments or {}
attrs = {'name': name, 'description': description,
'tenant_id': self._tenant_id, 'ip_version': ip_version,
'ip_pool': ip_pool,
'subnet_prefix_length': subnet_prefix_length,
'external_segments': external_segments}
return attrs
def _get_test_network_service_policy_attrs(
self, name='nsp1', description='test network_service_policy',
network_service_policy_id=None, network_service_params=None):
if not network_service_params:
network_service_params = []
attrs = {'name': name, 'description': description,
'tenant_id': self._tenant_id,
'network_service_params': network_service_params}
return attrs
def _get_test_policy_classifier_attrs(self, name='pc1',
description='test pc',
protocol=None, port_range=None,
direction=None):
attrs = {'name': name, 'description': description,
'protocol': protocol, 'port_range': port_range,
'direction': direction, 'tenant_id': self._tenant_id}
return attrs
def _get_test_policy_action_attrs(self, name='pa1',
description='test pa',
action_type='allow',
action_value=None):
attrs = {'name': name, 'description': description,
'action_type': action_type, 'action_value': action_value,
'tenant_id': self._tenant_id}
return attrs
def _get_test_policy_rule_attrs(self, policy_classifier_id, name='pr1',
description='test pr', policy_actions=None,
enabled=True):
if not policy_actions:
policy_actions = []
attrs = {'name': name, 'description': description,
'tenant_id': self._tenant_id,
'policy_classifier_id': policy_classifier_id,
'policy_actions': policy_actions, 'enabled': enabled}
return attrs
def _get_test_prs_attrs(self, name='policy_rule_set1',
description='test policy_rule_set',
child_policy_rule_sets=None,
policy_rules=None):
if not child_policy_rule_sets:
child_policy_rule_sets = []
if not policy_rules:
policy_rules = []
attrs = {'name': name, 'description': description,
'tenant_id': self._tenant_id,
'child_policy_rule_sets': child_policy_rule_sets,
'policy_rules': policy_rules}
return attrs
def _get_test_ep_attrs(self, name='ep_1', description='test ep',
external_segments=None,
provided_policy_rule_sets=None,
consumed_policy_rule_sets=None):
pprs_ids = cprs_ids = es_ids = []
if provided_policy_rule_sets:
pprs_ids = [pprs_id for pprs_id in provided_policy_rule_sets]
if consumed_policy_rule_sets:
cprs_ids = [cc_id for cc_id in consumed_policy_rule_sets]
if external_segments:
es_ids = [es_id for es_id in external_segments]
attrs = {'name': name, 'description': description,
'tenant_id': self._tenant_id,
'external_segments': es_ids,
'provided_policy_rule_sets': pprs_ids,
'consumed_policy_rule_sets': cprs_ids}
return attrs
def _get_test_es_attrs(self, name='es_1', description='test es',
ip_version=4, cidr='172.0.0.0/8',
external_routes=None,
port_address_translation=False):
ear = external_routes or []
attrs = {'name': name, 'description': description,
'ip_version': ip_version,
'tenant_id': self._tenant_id, 'cidr': cidr,
'external_routes': ear,
'port_address_translation': port_address_translation}
return attrs
def _get_test_np_attrs(self, name='es_1', description='test es',
ip_version=4, ip_pool='10.160.0.0/16',
external_segment_id=None):
attrs = {'name': name, 'description': description,
'ip_version': ip_version,
'tenant_id': self._tenant_id, 'ip_pool': ip_pool,
'external_segment_id': external_segment_id}
return attrs
def create_policy_target(self, policy_target_group_id=None,
expected_res_status=None, **kwargs):
defaults = {'name': 'pt1', 'description': 'test pt'}
def _create_gbp_resource(self, type, expected_res_status=None,
is_admin_context=False, **kwargs):
plural = cm.get_resource_plural(type)
defaults = getattr(cm,
'get_create_%s_default_attrs' % type)()
defaults.update(kwargs)
data = {'policy_target':
{'policy_target_group_id': policy_target_group_id,
'tenant_id': self._tenant_id}}
data['policy_target'].update(defaults)
data = {type: {'tenant_id': self._tenant_id}}
data[type].update(defaults)
pt_req = self.new_create_request('policy_targets', data, self.fmt)
pt_res = pt_req.get_response(self.ext_api)
if expected_res_status:
self.assertEqual(pt_res.status_int, expected_res_status)
elif pt_res.status_int >= webob.exc.HTTPClientError.code:
raise webob.exc.HTTPClientError(code=pt_res.status_int)
pt = self.deserialize(self.fmt, pt_res)
return pt
def create_policy_target_group(self, l2_policy_id=None,
expected_res_status=None, **kwargs):
defaults = {'name': 'ptg1', 'description': 'test ptg',
'provided_policy_rule_sets': {},
'consumed_policy_rule_sets': {}}
defaults.update(kwargs)
data = {'policy_target_group': {'tenant_id': self._tenant_id,
'l2_policy_id': l2_policy_id}}
data['policy_target_group'].update(defaults)
ptg_req = self.new_create_request(
'policy_target_groups', data, self.fmt)
ptg_res = ptg_req.get_response(self.ext_api)
if expected_res_status:
self.assertEqual(ptg_res.status_int, expected_res_status)
elif ptg_res.status_int >= webob.exc.HTTPClientError.code:
raise webob.exc.HTTPClientError(code=ptg_res.status_int)
ptg = self.deserialize(self.fmt, ptg_res)
return ptg
def create_l2_policy(self, l3_policy_id=None, expected_res_status=None,
**kwargs):
defaults = {'name': 'l2p1', 'description': 'test l2_policy'}
defaults.update(kwargs)
data = {'l2_policy': {'l3_policy_id': l3_policy_id,
'tenant_id': self._tenant_id}}
data['l2_policy'].update(defaults)
l2p_req = self.new_create_request('l2_policies', data, self.fmt)
l2p_res = l2p_req.get_response(self.ext_api)
if expected_res_status:
self.assertEqual(l2p_res.status_int, expected_res_status)
elif l2p_res.status_int >= webob.exc.HTTPClientError.code:
raise webob.exc.HTTPClientError(code=l2p_res.status_int)
l2p = self.deserialize(self.fmt, l2p_res)
return l2p
def create_l3_policy(self, expected_res_status=None, **kwargs):
defaults = {'name': 'l3p1', 'description': 'test l3_policy',
'ip_version': 4, 'ip_pool': '10.0.0.0/8',
'subnet_prefix_length': 24, 'external_segments': {}}
defaults.update(kwargs)
data = {'l3_policy': {'tenant_id': self._tenant_id}}
data['l3_policy'].update(defaults)
l3p_req = self.new_create_request('l3_policies', data, self.fmt)
l3p_res = l3p_req.get_response(self.ext_api)
if expected_res_status:
self.assertEqual(l3p_res.status_int, expected_res_status)
elif l3p_res.status_int >= webob.exc.HTTPClientError.code:
raise webob.exc.HTTPClientError(code=l3p_res.status_int)
l3p = self.deserialize(self.fmt, l3p_res)
return l3p
def create_network_service_policy(
self, expected_res_status=None, **kwargs):
defaults = {'name': 'nsp1',
'description': 'test network_service_policy',
'network_service_params': []}
defaults.update(kwargs)
data = {'network_service_policy': {'tenant_id': self._tenant_id}}
data['network_service_policy'].update(defaults)
nsp_req = self.new_create_request('network_service_policies',
data, self.fmt)
nsp_res = nsp_req.get_response(self.ext_api)
if expected_res_status:
self.assertEqual(expected_res_status, nsp_res.status_int)
elif nsp_res.status_int >= webob.exc.HTTPClientError.code:
raise webob.exc.HTTPClientError(code=nsp_res.status_int)
nsp = self.deserialize(self.fmt, nsp_res)
return nsp
def create_policy_classifier(self, expected_res_status=None, **kwargs):
defaults = {'name': 'pc1', 'description': 'test pc', 'protocol': None,
'port_range': None, 'direction': None}
defaults.update(kwargs)
kwargs = defaults
data = {'policy_classifier': {'tenant_id': self._tenant_id}}
data['policy_classifier'].update(kwargs)
pc_req = self.new_create_request('policy_classifiers', data, self.fmt)
pc_res = pc_req.get_response(self.ext_api)
if expected_res_status:
self.assertEqual(pc_res.status_int, expected_res_status)
elif pc_res.status_int >= webob.exc.HTTPClientError.code:
raise webob.exc.HTTPClientError(code=pc_res.status_int)
pc = self.deserialize(self.fmt, pc_res)
return pc
def create_policy_action(self, expected_res_status=None, **kwargs):
defaults = {'name': 'pa1', 'description': 'test pa',
'action_type': 'allow', 'action_value': None}
defaults.update(kwargs)
kwargs = defaults
data = {'policy_action': {'tenant_id': self._tenant_id}}
data['policy_action'].update(kwargs)
pa_req = self.new_create_request('policy_actions', data, self.fmt)
pa_res = pa_req.get_response(self.ext_api)
if expected_res_status:
self.assertEqual(pa_res.status_int, expected_res_status)
elif pa_res.status_int >= webob.exc.HTTPClientError.code:
raise webob.exc.HTTPClientError(code=pa_res.status_int)
pa = self.deserialize(self.fmt, pa_res)
return pa
def create_policy_rule(self, policy_classifier_id,
expected_res_status=None, **kwargs):
defaults = {'name': 'pr1', 'description': 'test pr',
'policy_classifier_id': policy_classifier_id,
'policy_actions': None, 'enabled': True}
defaults.update(kwargs)
kwargs = defaults
data = {'policy_rule': {'tenant_id': self._tenant_id}}
data['policy_rule'].update(kwargs)
pr_req = self.new_create_request('policy_rules', data, self.fmt)
pr_res = pr_req.get_response(self.ext_api)
if expected_res_status:
self.assertEqual(pr_res.status_int, expected_res_status)
elif pr_res.status_int >= webob.exc.HTTPClientError.code:
raise webob.exc.HTTPClientError(code=pr_res.status_int)
pr = self.deserialize(self.fmt, pr_res)
return pr
def create_policy_rule_set(self, expected_res_status=None, **kwargs):
defaults = {'name': 'policy_rule_set1',
'description': 'test policy_rule_set',
'child_policy_rule_sets': [], 'policy_rules': []}
defaults.update(kwargs)
kwargs = defaults
data = {'policy_rule_set': {'tenant_id': self._tenant_id}}
data['policy_rule_set'].update(kwargs)
prs_req = self.new_create_request('policy_rule_sets', data, self.fmt)
prs_res = prs_req.get_response(self.ext_api)
if expected_res_status:
self.assertEqual(prs_res.status_int, expected_res_status)
elif prs_res.status_int >= webob.exc.HTTPClientError.code:
raise webob.exc.HTTPClientError(code=prs_res.status_int)
prs = self.deserialize(self.fmt, prs_res)
return prs
def _create_gbp_resource(self, type, expected_res_status, body):
plural = self._get_resource_plural(type)
data = {type: body}
req = self.new_create_request(plural, data, self.fmt)
req.environ['neutron.context'] = context.Context(
'', kwargs.get('tenant_id', self._tenant_id) if not
is_admin_context else self._tenant_id, is_admin_context)
res = req.get_response(self.ext_api)
if expected_res_status:
self.assertEqual(res.status_int, expected_res_status)
elif res.status_int >= webob.exc.HTTPClientError.code:
raise webob.exc.HTTPClientError(code=res.status_int)
prs = self.deserialize(self.fmt, res)
return prs
def create_external_policy(self, expected_res_status=None, **kwargs):
defaults = {'name': 'ptg1', 'description': 'test ptg',
'provided_policy_rule_sets': {},
'consumed_policy_rule_sets': {},
'tenant_id': self._tenant_id,
'external_segments': []}
defaults.update(kwargs)
return self._create_gbp_resource(
'external_policy', expected_res_status, defaults)
return self.deserialize(self.fmt, res)
def create_external_segment(self, expected_res_status=None, **kwargs):
body = self._get_test_es_attrs()
body.update(kwargs)
return self._create_gbp_resource(
'external_segment', expected_res_status, body)
def _update_gbp_resource(
self, id, type, expected_res_status=None, is_admin_context=False,
**kwargs):
plural = cm.get_resource_plural(type)
data = {type: kwargs}
tenant_id = kwargs.pop('tenant_id', self._tenant_id)
# Create PT with bound port
req = self.new_update_request(plural, data, id, self.fmt)
req.environ['neutron.context'] = context.Context(
'', tenant_id if not is_admin_context else self._tenant_id,
is_admin_context)
res = req.get_response(self.ext_api)
def create_nat_pool(self, expected_res_status=None, **kwargs):
body = self._get_test_np_attrs()
body.update(kwargs)
return self._create_gbp_resource(
'nat_pool', expected_res_status, body)
if expected_res_status:
self.assertEqual(res.status_int, expected_res_status)
elif res.status_int >= webob.exc.HTTPClientError.code:
raise webob.exc.HTTPClientError(code=res.status_int)
return self.deserialize(self.fmt, res)
def _show_gbp_resource(self, id, plural, is_admin_context=False,
tenant_id=None):
req = self.new_show_request(plural, id, fmt=self.fmt)
req.environ['neutron.context'] = context.Context(
'', tenant_id or self._tenant_id, is_admin_context)
return self.deserialize(self.fmt, req.get_response(self.ext_api))
class GroupPolicyDBTestPlugin(gpdb.GroupPolicyDbPlugin):
@ -467,12 +164,13 @@ class GroupPolicyDbTestCase(GroupPolicyDBTestBase,
if not ext_mgr:
ext_mgr = extensions.PluginAwareExtensionManager.get_instance()
self.ext_api = test_extensions.setup_extensions_middleware(ext_mgr)
cfg.CONF.set_override('policy_file', 'test-policy.json')
class TestGroupResources(GroupPolicyDbTestCase):
def _test_show_resource(self, resource, resource_id, attrs):
resource_plural = self._get_resource_plural(resource)
resource_plural = cm.get_resource_plural(resource)
req = self.new_show_request(resource_plural, resource_id,
fmt=self.fmt)
res = self.deserialize(self.fmt,
@ -483,7 +181,7 @@ class TestGroupResources(GroupPolicyDbTestCase):
def test_create_and_show_policy_target(self):
ptg_id = self.create_policy_target_group()['policy_target_group']['id']
attrs = self._get_test_policy_target_attrs(
attrs = cm.get_create_policy_target_default_attrs(
policy_target_group_id=ptg_id)
pt = self.create_policy_target(policy_target_group_id=ptg_id)
@ -511,8 +209,8 @@ class TestGroupResources(GroupPolicyDbTestCase):
def test_update_policy_target(self):
name = 'new_policy_target'
description = 'new desc'
attrs = self._get_test_policy_target_attrs(name=name,
description=description)
attrs = cm.get_create_policy_target_default_attrs(name=name,
description=description)
pt = self.create_policy_target()
@ -552,8 +250,8 @@ class TestGroupResources(GroupPolicyDbTestCase):
self.create_policy_rule_set()['policy_rule_set']['id'])
consumed_prs_id = (
self.create_policy_rule_set()['policy_rule_set']['id'])
attrs = self._get_test_policy_target_group_attrs(
name, l2_policy_id=l2p_id,
attrs = cm.get_create_policy_target_group_default_attrs(
name=name, l2_policy_id=l2p_id,
provided_policy_rule_sets=[provided_prs_id],
consumed_policy_rule_sets=[consumed_prs_id])
@ -581,7 +279,7 @@ class TestGroupResources(GroupPolicyDbTestCase):
description = 'new desc'
l3p_id = self.create_l3_policy()['l3_policy']['id']
l2p_id = self.create_l2_policy(l3_policy_id=l3p_id)['l2_policy']['id']
attrs = self._get_test_policy_target_group_attrs(
attrs = cm.get_create_policy_target_group_default_attrs(
name=name, description=description, l2_policy_id=l2p_id)
ct1_id = self.create_policy_rule_set(
name='policy_rule_set1')['policy_rule_set']['id']
@ -625,7 +323,7 @@ class TestGroupResources(GroupPolicyDbTestCase):
def test_create_and_show_l2_policy(self):
l3p_id = self.create_l3_policy()['l3_policy']['id']
attrs = self._get_test_l2_policy_attrs(l3_policy_id=l3p_id)
attrs = cm.get_create_l2_policy_default_attrs(l3_policy_id=l3p_id)
l2p = self.create_l2_policy(l3_policy_id=l3p_id)
for k, v in attrs.iteritems():
@ -644,7 +342,7 @@ class TestGroupResources(GroupPolicyDbTestCase):
name = "new_l2_policy"
description = 'new desc'
l3p_id = self.create_l3_policy()['l3_policy']['id']
attrs = self._get_test_l2_policy_attrs(name=name,
attrs = cm.get_create_l2_policy_default_attrs(name=name,
description=description,
l3_policy_id=l3p_id)
@ -674,8 +372,8 @@ class TestGroupResources(GroupPolicyDbTestCase):
def test_create_and_show_l3_policy(self):
es = self.create_external_segment()['external_segment']
es_dict = {es['id']: ['172.0.0.2', '172.0.0.3']}
attrs = self._get_test_l3_policy_attrs(
es_dict = {es['id']: ['172.16.0.2', '172.16.0.3']}
attrs = cm.get_create_l3_policy_default_attrs(
external_segments=es_dict)
l3p = self.create_l3_policy(external_segments=es_dict)
@ -713,8 +411,8 @@ class TestGroupResources(GroupPolicyDbTestCase):
description = 'new desc'
prefix_length = 26
es = self.create_external_segment()['external_segment']
es_dict = {es['id']: ['172.0.0.2', '172.0.0.3']}
attrs = self._get_test_l3_policy_attrs(
es_dict = {es['id']: ['172.16.0.2', '172.16.0.3']}
attrs = cm.get_create_l3_policy_default_attrs(
name=name, description=description,
subnet_prefix_length=prefix_length,
external_segments=es_dict)
@ -766,7 +464,7 @@ class TestGroupResources(GroupPolicyDbTestCase):
def test_create_and_show_network_service_policy(self):
params = [{'type': 'ip_single', 'name': 'vip', 'value': 'self_subnet'}]
attrs = self._get_test_network_service_policy_attrs(
attrs = cm.get_create_network_service_policy_default_attrs(
network_service_params=params)
nsp = self.create_network_service_policy(network_service_params=params)
@ -788,7 +486,7 @@ class TestGroupResources(GroupPolicyDbTestCase):
def test_update_network_service_policy(self):
name = "new_network_service_policy"
description = 'new desc'
attrs = self._get_test_network_service_policy_attrs(
attrs = cm.get_create_network_service_policy_default_attrs(
name=name, description=description)
nsp = self.create_network_service_policy()
@ -819,7 +517,7 @@ class TestGroupResources(GroupPolicyDbTestCase):
def test_create_and_show_policy_classifier(self):
name = "pc1"
attrs = self._get_test_policy_classifier_attrs(name=name)
attrs = cm.get_create_policy_classifier_default_attrs(name=name)
pc = self.create_policy_classifier(name=name)
@ -851,7 +549,7 @@ class TestGroupResources(GroupPolicyDbTestCase):
protocol = 'tcp'
port_range = '100:200'
direction = 'in'
attrs = self._get_test_policy_classifier_attrs(
attrs = cm.get_create_policy_classifier_default_attrs(
name=name, description=description, protocol=protocol,
port_range=port_range, direction=direction)
@ -884,7 +582,7 @@ class TestGroupResources(GroupPolicyDbTestCase):
def test_create_and_show_policy_action(self):
name = "pa1"
attrs = self._get_test_policy_action_attrs(name=name)
attrs = cm.get_create_policy_action_default_attrs(name=name)
pa = self.create_policy_action(name=name)
@ -914,7 +612,7 @@ class TestGroupResources(GroupPolicyDbTestCase):
name = "new_policy_action"
description = 'new desc'
action_value = _uuid()
attrs = self._get_test_policy_action_attrs(
attrs = cm.get_create_policy_action_default_attrs(
name=name, description=description, action_value=action_value)
pa = self.create_policy_action()
@ -947,7 +645,7 @@ class TestGroupResources(GroupPolicyDbTestCase):
name = "pr1"
pc = self.create_policy_classifier()
pc_id = pc['policy_classifier']['id']
attrs = self._get_test_policy_rule_attrs(
attrs = cm.get_create_policy_rule_default_attrs(
name=name, policy_classifier_id=pc_id)
pr = self.create_policy_rule(
@ -988,7 +686,7 @@ class TestGroupResources(GroupPolicyDbTestCase):
pc_id = pc['policy_classifier']['id']
pa = self.create_policy_action()
pa_id = pa['policy_action']['id']
attrs = self._get_test_policy_rule_attrs(
attrs = cm.get_create_policy_rule_default_attrs(
name=name, description=description, policy_classifier_id=pc_id,
policy_actions=[pa_id], enabled=enabled)
@ -1022,7 +720,7 @@ class TestGroupResources(GroupPolicyDbTestCase):
def test_create_and_show_policy_rule_set(self):
name = "policy_rule_set1"
attrs = self._get_test_prs_attrs(name=name)
attrs = cm.get_create_policy_rule_set_default_attrs(name=name)
prs = self.create_policy_rule_set(name=name)
@ -1053,7 +751,7 @@ class TestGroupResources(GroupPolicyDbTestCase):
child_policy_rule_sets = sorted(
[self.create_policy_rule_set()['policy_rule_set']['id'],
self.create_policy_rule_set()['policy_rule_set']['id']])
attrs = self._get_test_prs_attrs(
attrs = cm.get_create_policy_rule_set_default_attrs(
policy_rules=policy_rules,
child_policy_rule_sets=child_policy_rule_sets)
prs = self.create_policy_rule_set(
@ -1112,7 +810,7 @@ class TestGroupResources(GroupPolicyDbTestCase):
self.create_policy_rule_set()['policy_rule_set']['id']]
policy_rules = [self.create_policy_rule(
policy_classifier_id=pc_id)['policy_rule']['id']]
attrs = self._get_test_prs_attrs(
attrs = cm.get_create_policy_rule_set_default_attrs(
name=name, description=description, policy_rules=policy_rules,
child_policy_rule_sets=child_policy_rule_sets)
data = {'policy_rule_set':
@ -1168,8 +866,8 @@ class TestGroupResources(GroupPolicyDbTestCase):
self.assertEqual(res.status_int, webob.exc.HTTPBadRequest.code)
def _test_create_and_show(self, type, attrs, expected=None):
plural = self._get_resource_plural(type)
res = self._create_gbp_resource(type, None, attrs)
plural = cm.get_resource_plural(type)
res = self._create_gbp_resource(type, None, False, **attrs)
expected = expected or attrs
for k, v in expected.iteritems():
self.assertEqual(v, res[type][k])
@ -1186,7 +884,7 @@ class TestGroupResources(GroupPolicyDbTestCase):
attrs = {'external_segments': [es['id']],
'provided_policy_rule_sets': {prs['id']: None},
'consumed_policy_rule_sets': {prs['id']: None}}
body = self._get_test_ep_attrs()
body = cm.get_create_external_policy_default_attrs()
body.update(attrs)
expected = copy.deepcopy(body)
expected['provided_policy_rule_sets'] = [prs['id']]
@ -1195,13 +893,15 @@ class TestGroupResources(GroupPolicyDbTestCase):
expected=expected)
def test_create_and_show_es(self):
route = {'destination': '0.0.0.0/0', 'nexthop': '172.0.0.1'}
attrs = self._get_test_es_attrs(external_routes=[route])
route = {'destination': '0.0.0.0/0', 'nexthop': '172.16.0.1'}
attrs = cm.get_create_external_segment_default_attrs(
external_routes=[route])
self._test_create_and_show('external_segment', attrs)
def test_create_and_show_np(self):
es = self.create_external_segment()['external_segment']
attrs = self._get_test_np_attrs(external_segment_id=es['id'])
attrs = cm.get_create_nat_pool_default_attrs(
external_segment_id=es['id'])
self._test_create_and_show('nat_pool', attrs)
def test_list_ep(self):
@ -1227,33 +927,31 @@ class TestGroupResources(GroupPolicyDbTestCase):
description = 'new desc'
es = self.create_external_segment()['external_segment']
prs = self.create_policy_rule_set()['policy_rule_set']
attrs = self._get_test_ep_attrs(
cm.get_create_external_policy_default_attrs(
name=name, description=description,
external_segments=[es['id']],
provided_policy_rule_sets={prs['id']: None},
consumed_policy_rule_sets={prs['id']: None})
ep = self.create_external_policy()['external_policy']
data = {'external_policy': {
'name': name, 'description': description,
'external_segments': [es['id']],
'provided_policy_rule_sets': {prs['id']: None},
'consumed_policy_rule_sets': {prs['id']: None}}}
'name': name, 'description': description}}
req = self.new_update_request('external_policies', data,
ep['id'])
res = self.deserialize(self.fmt, req.get_response(self.ext_api))
res = res['external_policy']
for k, v in attrs.iteritems():
for k, v in data['external_policy'].iteritems():
self.assertEqual(v, res[k])
self._test_show_resource('external_policy', ep['id'], attrs)
self._test_show_resource('external_policy', ep['id'],
data['external_policy'])
def test_update_external_segment(self):
name = 'new_es'
description = 'new desc'
route = {'destination': '0.0.0.0/0', 'nexthop': '172.0.0.1'}
attrs = self._get_test_es_attrs(name=name, description=description,
external_routes=[route])
route = {'destination': '0.0.0.0/0', 'nexthop': '172.16.0.1'}
attrs = cm.get_create_external_segment_default_attrs(
name=name, description=description, external_routes=[route])
es = self.create_external_segment()['external_segment']
data = {'external_segment': {
'name': name, 'description': description,
@ -1273,8 +971,8 @@ class TestGroupResources(GroupPolicyDbTestCase):
description = 'new desc'
es = self.create_external_segment()['external_segment']
attrs = self._get_test_np_attrs(name=name, description=description,
external_segment_id=es['id'])
attrs = cm.get_create_nat_pool_default_attrs(
name=name, description=description, external_segment_id=es['id'])
np = self.create_nat_pool()['nat_pool']
data = {'nat_pool': {
'name': name, 'description': description,

43
gbp/neutron/tests/unit/db/grouppolicy/test_group_policy_mapping_db.py
View File

@ -50,49 +50,6 @@ class GroupPolicyMappingDbTestCase(tgpdb.GroupPolicyDbTestCase,
service_plugins=service_plugins
)
def _get_test_policy_target_attrs(self, name='pt1',
description='test pt',
policy_target_group_id=None,
port_id=None):
attrs = (super(GroupPolicyMappingDbTestCase, self).
_get_test_policy_target_attrs(name, description,
policy_target_group_id))
attrs.update({'port_id': port_id})
return attrs
def _get_test_policy_target_group_attrs(self, name='ptg1',
description='test ptg',
l2_policy_id=None,
provided_policy_rule_sets=None,
consumed_policy_rule_sets=None,
subnets=None):
attrs = (super(GroupPolicyMappingDbTestCase, self).
_get_test_policy_target_group_attrs(
name, description, l2_policy_id,
provided_policy_rule_sets, consumed_policy_rule_sets))
attrs.update({'subnets': subnets or []})
return attrs
def _get_test_l2_policy_attrs(self, name='l2p1',
description='test l2_policy',
l3_policy_id=None, network_id=None):
attrs = (super(GroupPolicyMappingDbTestCase, self).
_get_test_l2_policy_attrs(name, description, l3_policy_id))
attrs.update({'network_id': network_id})
return attrs
def _get_test_l3_policy_attrs(self, name='l3p1',
description='test l3_policy',
ip_version=4, ip_pool='10.0.0.0/8',
subnet_prefix_length=24, routers=None,
external_segments=None):
attrs = (super(GroupPolicyMappingDbTestCase, self).
_get_test_l3_policy_attrs(name, description, ip_version,
ip_pool, subnet_prefix_length,
external_segments))
attrs.update({'routers': routers or []})
return attrs
class TestMappedGroupResources(GroupPolicyMappingDbTestCase,
tgpdb.TestGroupResources):

162
gbp/neutron/tests/unit/services/grouppolicy/test_apic_mapping.py
View File

@ -129,7 +129,8 @@ class TestPolicyTarget(ApicMappingTestCase):
subnet = self._get_object('subnets', ptg['subnets'][0], self.api)
with self.port(subnet=subnet) as port:
self._bind_port_to_host(port['port']['id'], 'h1')
self.create_policy_target(ptg['id'], port_id=port['port']['id'])
self.create_policy_target(policy_target_group_id=ptg['id'],
port_id=port['port']['id'])
mgr = self.driver.apic_manager
self.assertEqual(mgr.ensure_path_created_for_port.call_count, 1)
@ -152,7 +153,7 @@ class TestPolicyTarget(ApicMappingTestCase):
with self.port(subnet=subnet) as port:
self._bind_port_to_host(port['port']['id'], 'h1')
pt = self.create_policy_target(
ptg['id'], port_id=port['port']['id'])
policy_target_group_id=ptg['id'], port_id=port['port']['id'])
self.new_delete_request(
'policy_targets', pt['policy_target']['id'],
self.fmt).get_response(self.ext_api)
@ -165,7 +166,8 @@ class TestPolicyTarget(ApicMappingTestCase):
with self.port(subnet=subnet) as port:
# Create EP with bound port
port = self._bind_port_to_host(port['port']['id'], 'h1')
self.create_policy_target(ptg['id'], port_id=port['port']['id'])
self.create_policy_target(policy_target_group_id=ptg['id'],
port_id=port['port']['id'])
# Change port binding and notify driver
port_up = self._bind_port_to_host(port['port']['id'], 'h2')
@ -469,9 +471,8 @@ class TestL3Policy(ApicMappingTestCase):
res['NeutronError']['type'])
# Verify existing L3P updated to use used ES fails
sneaky_l3p = self.create_l3_policy()['l3_policy']
res = self._update_gbp_resource_full_response(
sneaky_l3p['id'], 'l3_policy', 'l3_policies',
expected_res_status=400,
res = self.update_l3_policy(
sneaky_l3p['id'], expected_res_status=400,
external_segments={es['id']: ['192.168.0.3']})
self.assertEqual('OnlyOneL3PolicyIsAllowedPerExternalSegment',
res['NeutronError']['type'])
@ -495,9 +496,8 @@ class TestL3Policy(ApicMappingTestCase):
sneaky_l3p = self.create_l3_policy(
external_segments={es['id']: ['192.168.0.2']},
expected_res_status=201)['l3_policy']
res = self._update_gbp_resource_full_response(
sneaky_l3p['id'], 'l3_policy', 'l3_policies',
expected_res_status=400,
res = self.update_l3_policy(
sneaky_l3p['id'], expected_res_status=400,
external_segments={es['id']: ['192.168.0.2', '192.168.0.3']})
self.assertEqual('OnlyOneAddressIsAllowedPerExternalSegment',
res['NeutronError']['type'])
@ -571,9 +571,9 @@ class TestL3Policy(ApicMappingTestCase):
expected_res_status=201,
tenant_id=es['tenant_id'] if not shared_es else 'another_tenant',
shared=shared_l3p)['l3_policy']
l3p = self._update_gbp_resource(
l3p['id'], 'l3_policy', 'l3_policies', expected_res_status=200,
external_segments={es['id']: ['192.168.0.3']})
l3p = self.update_l3_policy(
l3p['id'], tenant_id=l3p['tenant_id'], expected_res_status=200,
external_segments={es['id']: ['192.168.0.3']})['l3_policy']
mgr = self.driver.apic_manager
owner = self.common_tenant if shared_es else es['tenant_id']
@ -693,9 +693,9 @@ class TestL3Policy(ApicMappingTestCase):
mgr.ensure_logical_node_profile_created.reset_mock()
mgr.ensure_static_route_created.reset_mock()
l3p = self._update_gbp_resource(
l3p['id'], 'l3_policy', 'l3_policies', expected_res_status=200,
external_segments={es2['id']: ['192.168.1.3']})
l3p = self.update_l3_policy(
l3p['id'], tenant_id=l3p['tenant_id'], expected_res_status=200,
external_segments={es2['id']: ['192.168.1.3']})['l3_policy']
mgr.delete_external_routed_network.assert_called_once_with(
es1['id'], owner=owner)
@ -710,13 +710,13 @@ class TestL3Policy(ApicMappingTestCase):
self.assertFalse(mgr.ensure_static_route_created.called)
mgr.delete_external_routed_network.reset_mock()
self._update_gbp_resource(
l3p['id'], 'l3_policy', 'l3_policies', expected_res_status=200,
self.update_l3_policy(
l3p['id'], expected_res_status=200, tenant_id=l3p['tenant_id'],
external_segments={es1['id']: ['192.168.0.3'],
es2['id']: ['192.168.1.3']})
self._update_gbp_resource(
l3p['id'], 'l3_policy', 'l3_policies', expected_res_status=200,
external_segments={})
self.update_l3_policy(
l3p['id'], tenant_id=l3p['tenant_id'],
expected_res_status=200, external_segments={})
expected_delete_calls = [
mock.call(es1['id'], owner=owner),
mock.call(es2['id'], owner=owner)]
@ -766,17 +766,17 @@ class TestL3Policy(ApicMappingTestCase):
expected_res_status=201)['l3_policy']
self.assertEqual(['192.168.0.2'], l3p['external_segments'][es1['id']])
l3p = self._update_gbp_resource(l3p['id'], 'l3_policy', 'l3_policies',
expected_res_status=200,
external_segments={es1['id']: [],
es2['id']: []})
l3p = self.update_l3_policy(
l3p['id'], expected_res_status=200,
external_segments={es1['id']: [], es2['id']: []})['l3_policy']
self.assertEqual(['192.168.0.2'], l3p['external_segments'][es1['id']])
self.assertEqual(['192.168.1.2'], l3p['external_segments'][es2['id']])
# Address IP changed
l3p = self._update_gbp_resource(
l3p['id'], 'l3_policy', 'l3_policies', expected_res_status=200,
external_segments={es1['id']: ['192.168.0.3'], es2['id']: []})
l3p = self.update_l3_policy(
l3p['id'], expected_res_status=200,
external_segments={es1['id']: ['192.168.0.3'],
es2['id']: []})['l3_policy']
self.assertEqual(['192.168.0.3'], l3p['external_segments'][es1['id']])
self.assertEqual(['192.168.1.2'], l3p['external_segments'][es2['id']])
@ -927,7 +927,8 @@ class TestPolicyRuleSet(ApicMappingTestCase):
rules = []
for classifier in cls:
rules.append(self.create_policy_rule(
classifier['id'], policy_actions=[a1['id']],
policy_classifier_id=classifier['id'],
policy_actions=[a1['id']],
shared=shared)['policy_rule'])
return rules
@ -955,7 +956,8 @@ class TestPolicyRule(ApicMappingTestCase):
cls = self.create_policy_classifier(direction='in', protocol='udp',
port_range=80)['policy_classifier']
self.create_policy_rule(cls['id'], expected_res_status=400,
self.create_policy_rule(policy_classifier_id=cls['id'],
expected_res_status=400,
policy_actions=actions)
def _test_policy_rule_deleted_on_apic(self, shared=False):
@ -983,7 +985,7 @@ class TestPolicyRule(ApicMappingTestCase):
action = self.create_policy_action(
action_type='allow', shared=shared)['policy_action']
return self.create_policy_rule(
cls['id'], policy_actions=[action['id']],
policy_classifier_id=cls['id'], policy_actions=[action['id']],
shared=shared)['policy_rule']
@ -1002,9 +1004,8 @@ class TestExternalSegment(ApicMappingTestCase):
es = self.create_external_segment(
name='supported', expected_res_status=201,
port_address_translation=False)['external_segment']
res = self._update_gbp_resource_full_response(
es['id'], 'external_segment', 'external_segments',
expected_res_status=400, port_address_translation=True)
res = self.update_external_segment(
es['id'], expected_res_status=400, port_address_translation=True)
self.assertEqual('PATNotSupportedByApicDriver',
res['NeutronError']['type'])
@ -1029,9 +1030,8 @@ class TestExternalSegment(ApicMappingTestCase):
'nexthop': None}],
expected_res_status=201)['external_segment']
self._update_gbp_resource(es['id'], 'external_segment',
'external_segments', expected_res_status=200,
external_routes=[])
self.update_external_segment(es['id'], expected_res_status=200,
external_routes=[])
mgr = self.driver.apic_manager
self.assertFalse(mgr.ensure_static_route_deleted.called)
@ -1061,11 +1061,10 @@ class TestExternalSegment(ApicMappingTestCase):
owner = es['tenant_id'] if not shared_es else self.common_tenant
mgr.ensure_external_epg_created.reset_mock()
# Remove route completely
self._update_gbp_resource(es['id'], 'external_segment',
'external_segments', expected_res_status=200,
external_routes=[
{'destination': '0.0.0.0/0',
'nexthop': '192.168.0.254'}])
self.update_external_segment(es['id'], expected_res_status=200,
external_routes=[
{'destination': '0.0.0.0/0',
'nexthop': '192.168.0.254'}])
mgr = self.driver.apic_manager
mgr.ensure_static_route_deleted.assert_called_with(
es['id'], mocked.APIC_EXT_SWITCH, '128.0.0.0/16',
@ -1087,11 +1086,10 @@ class TestExternalSegment(ApicMappingTestCase):
mgr.ensure_static_route_deleted.reset_mock()
mgr.ensure_external_epg_routes_deleted.reset_mock()
self._update_gbp_resource(es['id'], 'external_segment',
'external_segments', expected_res_status=200,
external_routes=[
{'destination': '0.0.0.0/0',
'nexthop': None}])
self.update_external_segment(es['id'], expected_res_status=200,
external_routes=[
{'destination': '0.0.0.0/0',
'nexthop': None}])
mgr.ensure_next_hop_deleted.assert_called_with(
es['id'], mocked.APIC_EXT_SWITCH, '0.0.0.0/0', '192.168.0.254',
owner=owner, transaction=mock.ANY)
@ -1138,11 +1136,10 @@ class TestExternalSegment(ApicMappingTestCase):
mgr = self.driver.apic_manager
mgr.ensure_external_epg_created.reset_mock()
owner = es['tenant_id'] if not shared_es else self.common_tenant
self._update_gbp_resource(es['id'], 'external_segment',
'external_segments', expected_res_status=200,
external_routes=[
{'destination': '128.0.0.0/16',
'nexthop': '192.168.0.254'}])
self.update_external_segment(es['id'], expected_res_status=200,
external_routes=[
{'destination': '128.0.0.0/16',
'nexthop': '192.168.0.254'}])
mgr.ensure_static_route_created.assert_called_with(
es['id'], mocked.APIC_EXT_SWITCH, '192.168.0.254',
@ -1164,13 +1161,12 @@ class TestExternalSegment(ApicMappingTestCase):
mgr.ensure_external_epg_created.reset_mock()
# Verify Route added with default gateway
self._update_gbp_resource(es['id'], 'external_segment',
'external_segments', expected_res_status=200,
external_routes=[
{'destination': '128.0.0.0/16',
'nexthop': '192.168.0.254'},
{'destination': '0.0.0.0/0',
'nexthop': None}])
self.update_external_segment(es['id'], expected_res_status=200,
external_routes=[
{'destination': '128.0.0.0/16',
'nexthop': '192.168.0.254'},
{'destination': '0.0.0.0/0',
'nexthop': None}])
mgr.ensure_static_route_created.assert_called_with(
es['id'], mocked.APIC_EXT_SWITCH, '192.168.0.1',
@ -1278,10 +1274,9 @@ class TestExternalPolicy(ApicMappingTestCase):
ep = self.create_external_policy(
tenant_id=es_list[0]['tenant_id'] if not shared_es else 'another',
shared=shared_ep, expected_res_status=201)['external_policy']
ep = self._update_gbp_resource(
ep['id'], 'external_policy', 'external_policies',
expected_res_status=200,
external_segments=[x['id'] for x in es_list])
ep = self.update_external_policy(
ep['id'], expected_res_status=200, tenant_id=ep['tenant_id'],
external_segments=[x['id'] for x in es_list])['external_policy']
mgr = self.driver.apic_manager
owner = (es_list[0]['tenant_id'] if not shared_es
else self.common_tenant)
@ -1293,9 +1288,9 @@ class TestExternalPolicy(ApicMappingTestCase):
self._check_call_list(expected_create_calls,
mgr.ensure_external_epg_created.call_args_list)
ep = self._update_gbp_resource(
ep['id'], 'external_policy', 'external_policies',
expected_res_status=200, external_segments=[])
ep = self.update_external_policy(
ep['id'], expected_res_status=200, tenant_id=ep['tenant_id'],
external_segments=[])['external_policy']
mgr = self.driver.apic_manager
expected_create_calls = []
for es in es_list:
@ -1316,10 +1311,6 @@ class TestExternalPolicy(ApicMappingTestCase):
self._test_update_no_prs(shared_ep=False, shared_es=False)
def _test_create_with_prs(self, shared_es, shared_ep, shared_prs):
prov = self._create_policy_rule_set_on_shared(
shared=shared_prs)
cons = self._create_policy_rule_set_on_shared(
shared=shared_prs)
self._mock_external_dict([('supported', '192.168.0.2/24')])
es_list = [
self.create_external_segment(
@ -1329,6 +1320,14 @@ class TestExternalPolicy(ApicMappingTestCase):
'destination': '128.0.0.0/16',
'nexthop': '192.168.0.254'}])['external_segment']
for x in range(3)]
prov = self._create_policy_rule_set_on_shared(
shared=shared_prs,
tenant_id=es_list[0]['tenant_id'] if not (
shared_es | shared_prs) else 'another')
cons = self._create_policy_rule_set_on_shared(
shared=shared_prs,
tenant_id=es_list[0]['tenant_id'] if not (
shared_es | shared_prs) else 'another')
ep = self.create_external_policy(
provided_policy_rule_sets={prov['id']: ''},
consumed_policy_rule_sets={cons['id']: ''}, shared=shared_ep,
@ -1374,10 +1373,6 @@ class TestExternalPolicy(ApicMappingTestCase):
shared_prs=True)
def _test_update_add_prs(self, shared_es, shared_ep, shared_prs):
prov = self._create_policy_rule_set_on_shared(
shared=shared_prs)
cons = self._create_policy_rule_set_on_shared(
shared=shared_prs)
self._mock_external_dict([('supported', '192.168.0.2/24')])
es_list = [
self.create_external_segment(
@ -1387,15 +1382,20 @@ class TestExternalPolicy(ApicMappingTestCase):
'destination': '128.0.0.0/16',
'nexthop': '192.168.0.254'}])['external_segment']
for x in range(3)]
prov = self._create_policy_rule_set_on_shared(
shared=shared_prs, tenant_id=es_list[0]['tenant_id'] if not (
shared_es | shared_prs) else 'another')
cons = self._create_policy_rule_set_on_shared(
shared=shared_prs, tenant_id=es_list[0]['tenant_id'] if not (
shared_es | shared_prs) else 'another')
ep = self.create_external_policy(
external_segments=[x['id'] for x in es_list], shared=shared_ep,
tenant_id=es_list[0]['tenant_id'] if not shared_es else 'another',
expected_res_status=201)['external_policy']
ep = self._update_gbp_resource(
ep['id'], 'external_policy', 'external_policies',
expected_res_status=200,
ep = self.update_external_policy(
ep['id'], expected_res_status=200, tenant_id=ep['tenant_id'],
provided_policy_rule_sets={prov['id']: ''},
consumed_policy_rule_sets={cons['id']: ''})
consumed_policy_rule_sets={cons['id']: ''})['external_policy']
mgr = self.driver.apic_manager
owner = (es_list[0]['tenant_id'] if not shared_es
else self.common_tenant)
@ -1410,10 +1410,10 @@ class TestExternalPolicy(ApicMappingTestCase):
self._check_call_list(expected_calls,
mgr.set_contract_for_external_epg.call_args_list)
ep = self._update_gbp_resource(
ep['id'], 'external_policy', 'external_policies',
expected_res_status=200, provided_policy_rule_sets={},
consumed_policy_rule_sets={})
ep = self.update_external_policy(
ep['id'], expected_res_status=200, provided_policy_rule_sets={},
consumed_policy_rule_sets={},
tenant_id=ep['tenant_id'])['external_policy']
expected_calls = []
for es in es_list:
expected_calls.append(

3
gbp/neutron/tests/unit/services/grouppolicy/test_extension_driver_api.py
View File

@ -18,6 +18,7 @@ from neutron.db import model_base
from gbp.neutron.services.grouppolicy import config
from gbp.neutron.services.grouppolicy import group_policy_driver_api as api
from gbp.neutron.tests.unit import common as cm
from gbp.neutron.tests.unit.services.grouppolicy import extensions as test_ext
from gbp.neutron.tests.unit.services.grouppolicy import test_grouppolicy_plugin
@ -385,7 +386,7 @@ class ExtensionDriverTestCase(
def _test_attr(self, type):
# Test create with default value.
acronim = _acronim(type)
plural = self._get_resource_plural(type)
plural = cm.get_resource_plural(type)
obj = getattr(self, 'create_%s' % type)()
id = obj[type]['id']
val = obj[type][acronim + '_extension']

318
gbp/neutron/tests/unit/services/grouppolicy/test_grouppolicy_plugin.py
View File

@ -14,7 +14,6 @@
import mock
from neutron import context
from oslo.config import cfg
import webob
import gbp.neutron.tests.unit.db.grouppolicy.test_group_policy_db as tgpdb
import gbp.neutron.tests.unit.db.grouppolicy.test_group_policy_mapping_db as \
@ -73,7 +72,7 @@ class GroupPolicyPluginTestCase(tgpmdb.GroupPolicyMappingDbTestCase):
def _create_ptg_on_shared(self, **kwargs):
l2p = self._create_l2_policy_on_shared(shared=True)
return self.create_policy_target_group(l2_policy_id=l2p['id'],
**kwargs)
**kwargs)
def _create_rule_on_shared(self, **kwargs):
pa = self.create_policy_action(action_type='allow',
@ -83,12 +82,13 @@ class GroupPolicyPluginTestCase(tgpmdb.GroupPolicyMappingDbTestCase):
shared=True,
**cl_attr)['policy_classifier']
return self.create_policy_rule(
pc['id'], policy_actions=[pa['id']], **kwargs)['policy_rule']
policy_classifier_id=pc['id'],
policy_actions=[pa['id']], **kwargs)['policy_rule']
def _create_policy_rule_set_on_shared(self, **kwargs):
pr = self._create_rule_on_shared(shared=True)
return self.create_policy_rule_set(policy_rules=[pr['id']],
**kwargs)['policy_rule_set']
**kwargs)['policy_rule_set']
def _create_external_policy_on_shared(self, **kwargs):
es = self.create_external_segment(shared=True)
@ -102,25 +102,6 @@ class GroupPolicyPluginTestCase(tgpmdb.GroupPolicyMappingDbTestCase):
external_segment_id=es['external_segment']['id'],
**kwargs)['nat_pool']
def _update_gbp_resource_full_response(
self, id, type, plural, expected_res_status=None, **kwargs):
data = {type: kwargs}
# Create PT with bound port
req = self.new_update_request(plural, data, id, self.fmt)
res = req.get_response(self.ext_api)
if expected_res_status:
self.assertEqual(res.status_int, expected_res_status)
elif res.status_int >= webob.exc.HTTPClientError.code:
raise webob.exc.HTTPClientError(code=res.status_int)
return self.deserialize(self.fmt, res)
def _update_gbp_resource(self, id, type, plural, expected_res_status=None,
**kwargs):
return self._update_gbp_resource_full_response(
id, type, plural, expected_res_status=expected_res_status,
**kwargs).get(type)
class TestL3Policy(GroupPolicyPluginTestCase):
@ -155,48 +136,43 @@ class TestL3Policy(GroupPolicyPluginTestCase):
es = self.create_external_segment(cidr='172.0.0.0/8')
es_dict = self._get_es_dict(es, ['172.0.0.2', '172.0.0.3'])
res = self.create_l3_policy(external_segments=es_dict,
shared=True, expected_res_status=400)
shared=True,
expected_res_status=400)
self.assertEqual('SharedResourceReferenceError',
res['NeutronError']['type'])
def test_shared_l3_policy_update(self):
l3p = self.create_l3_policy()['l3_policy']
# Accept share if nothing referenced
self._update_gbp_resource(l3p['id'], 'l3_policy', 'l3_policies',
expected_res_status=200, shared=True)
self.update_l3_policy(l3p['id'], expected_res_status=200, shared=True)
# Verify unshare when referenced by private L2P
self.create_l2_policy(l3_policy_id=l3p['id'])
self._update_gbp_resource(l3p['id'], 'l3_policy', 'l3_policies',
expected_res_status=200, shared=False)
self.update_l3_policy(l3p['id'], expected_res_status=200, shared=False)
es = self.create_external_segment(cidr='172.0.0.0/8')
es_dict = self._get_es_dict(es, ['172.0.0.2', '172.0.0.3'])
# Set ES
l3p = self._update_gbp_resource(l3p['id'], 'l3_policy', 'l3_policies',
expected_res_status=200,
external_segments=es_dict)
l3p = self.update_l3_policy(l3p['id'], expected_res_status=200,
external_segments=es_dict)['l3_policy']
self.assertEqual(es_dict, l3p['external_segments'])
# Share ES
self._update_gbp_resource(
es['external_segment']['id'], 'external_segment',
'external_segments', expected_res_status=200, shared=True)
self.update_external_segment(
es['external_segment']['id'], expected_res_status=200, shared=True)
# Verify sharing/unsharing successful
for shared in [True, False]:
self._update_gbp_resource(l3p['id'], 'l3_policy', 'l3_policies',
expected_res_status=200, shared=shared)
self.update_l3_policy(l3p['id'],
expected_res_status=200, shared=shared)
# Remove ES
l3p = self._update_gbp_resource(l3p['id'], 'l3_policy', 'l3_policies',
expected_res_status=200,
external_segments={})
l3p = self.update_l3_policy(l3p['id'], expected_res_status=200,
external_segments={})['l3_policy']
self.assertEqual({}, l3p['external_segments'])
# Verify ES update with sharing successful
l3p = self._update_gbp_resource(l3p['id'], 'l3_policy', 'l3_policies',
expected_res_status=200,
external_segments=es_dict,
shared=True)
l3p = self.update_l3_policy(
l3p['id'], expected_res_status=200, external_segments=es_dict,
shared=True)['l3_policy']
# Verify ES correctly set
self.assertEqual(es_dict, l3p['external_segments'])
@ -204,21 +180,19 @@ class TestL3Policy(GroupPolicyPluginTestCase):
l3p = self.create_l3_policy(shared=True)['l3_policy']
self.create_l2_policy(l3_policy_id=l3p['id'], shared=True)
# Unshare not possible when reference by shared resource
self._update_gbp_resource(l3p['id'], 'l3_policy', 'l3_policies',
expected_res_status=400, shared=False)
self.update_l3_policy(l3p['id'], expected_res_status=400, shared=False)
l3p = self.create_l3_policy(shared=True)['l3_policy']
self.create_l2_policy(l3_policy_id=l3p['id'], shared=False,
tenant_id='other')
# Unshare not possible when referenced by other tenant's
# private resource
self._update_gbp_resource(l3p['id'], 'l3_policy', 'l3_policies',
expected_res_status=400, shared=False)
self.update_l3_policy(l3p['id'], expected_res_status=400, shared=False)
es = self.create_external_segment(cidr='172.0.0.0/8')
es_dict = self._get_es_dict(es, ['172.0.0.2', '172.0.0.3'])
res = self._update_gbp_resource_full_response(
l3p['id'], 'l3_policy', 'l3_policies', expected_res_status=400,
res = self.update_l3_policy(
l3p['id'], expected_res_status=400,
external_segments=es_dict, shared=True)
self.assertEqual('SharedResourceReferenceError',
res['NeutronError']['type'])
@ -255,26 +229,23 @@ class TestL3Policy(GroupPolicyPluginTestCase):
# Overlapping pool
l3p = self.create_l3_policy(ip_pool='172.1.1.0/20')['l3_policy']
attrs = {'external_segments': {es['id']: ['172.1.1.2']}}
res = self._update_gbp_resource_full_response(
l3p['id'], 'l3_policy', 'l3_policies', expected_res_status=400,
**attrs)
res = self.update_l3_policy(
l3p['id'], expected_res_status=400, **attrs)
self.assertEqual('ExternalSegmentSubnetOverlapsWithL3PIpPool',
res['NeutronError']['type'])
# Overlapping route
l3p = self.create_l3_policy(ip_pool='10.160.1.0/24')['l3_policy']
res = self._update_gbp_resource_full_response(
l3p['id'], 'l3_policy', 'l3_policies', expected_res_status=400,
**attrs)
res = self.update_l3_policy(
l3p['id'], expected_res_status=400, **attrs)
self.assertEqual('ExternalRouteOverlapsWithL3PIpPool',
res['NeutronError']['type'])
# Allocated address not in pool
l3p = self.create_l3_policy(ip_pool='192.168.0.0/24')['l3_policy']
attrs = {'external_segments': {es['id']: ['172.1.2.2']}}
res = self._update_gbp_resource_full_response(
l3p['id'], 'l3_policy', 'l3_policies', expected_res_status=400,
**attrs)
res = self.update_l3_policy(
l3p['id'], expected_res_status=400, **attrs)
self.assertEqual('InvalidL3PExternalIPAddress',
res['NeutronError']['type'])
@ -292,19 +263,18 @@ class TestL2Policy(GroupPolicyPluginTestCase):
def test_shared_l2_policy_update(self):
l2p = self._create_l2_policy_on_shared()
self._update_gbp_resource(l2p['id'], 'l2_policy', 'l2_policies',
expected_res_status=200, shared=True)
self.update_l2_policy(l2p['id'], expected_res_status=200, shared=True)
self.create_policy_target_group(l2_policy_id=l2p['id'])
self._update_gbp_resource(l2p['id'], 'l2_policy', 'l2_policies',
expected_res_status=200, shared=False)
self.update_l2_policy(l2p['id'], expected_res_status=200, shared=False)
# Verify l2p can be moved across shared l3p
l2p = self._create_l2_policy_on_shared(shared=True)
l3p = self.create_l3_policy(shared=True)['l3_policy']
self._update_gbp_resource(l2p['id'], 'l2_policy', 'l2_policies',
expected_res_status=200,
l3_policy_id=l3p['id'])
l2p = self._create_l2_policy_on_shared(
shared=True)
l3p = self.create_l3_policy(
shared=True)['l3_policy']
self.update_l2_policy(l2p['id'], expected_res_status=200,
l3_policy_id=l3p['id'])
def test_shared_l2_policy_create_negative(self):
l3p = self.create_l3_policy()['l3_policy']
@ -314,21 +284,18 @@ class TestL2Policy(GroupPolicyPluginTestCase):
# Verify shared L2p can't be moved to a non shared L3p
l2p = self._create_l2_policy_on_shared(shared=True)
l3p = self.create_l3_policy()['l3_policy']
self._update_gbp_resource(l2p['id'], 'l2_policy', 'l2_policies',
expected_res_status=400,
l3_policy_id=l3p['id'])
self.update_l2_policy(l2p['id'], expected_res_status=400,
l3_policy_id=l3p['id'])
def test_shared_l2_policy_update_negative(self):
l2p = self._create_l2_policy_on_shared(shared=True)
self.create_policy_target_group(l2_policy_id=l2p['id'], shared=True)
self._update_gbp_resource(l2p['id'], 'l2_policy', 'l2_policies',
expected_res_status=400, shared=False)
self.update_l2_policy(l2p['id'], expected_res_status=400, shared=False)
l2p = self._create_l2_policy_on_shared(shared=True)
self.create_policy_target_group(l2_policy_id=l2p['id'], shared=False,
tenant_id='other')
self._update_gbp_resource(l2p['id'], 'l2_policy', 'l2_policies',
expected_res_status=400, shared=False)
self.create_policy_target_group(
l2_policy_id=l2p['id'], shared=False, tenant_id='other')
self.update_l2_policy(l2p['id'], expected_res_status=400, shared=False)
def test_l2p_create_among_tenants(self):
# L2P on shared L3P:
@ -350,15 +317,13 @@ class TestPolicyRuleSet(GroupPolicyPluginTestCase):
def test_shared_policy_rule_set_update(self):
prs = self._create_policy_rule_set_on_shared()
self._update_gbp_resource(prs['id'], 'policy_rule_set',
'policy_rule_sets',
expected_res_status=200, shared=True)
self.update_policy_rule_set(prs['id'],
expected_res_status=200, shared=True)
self.create_policy_target_group(
provided_policy_rule_sets={prs['id']: None})
self._update_gbp_resource(prs['id'], 'policy_rule_set',
'policy_rule_sets',
expected_res_status=200, shared=False)
self.update_policy_rule_set(
prs['id'], expected_res_status=200, shared=False)
def test_shared_policy_rule_set_create_negative(self):
# Verify shared policy_rule_set fails with non shared rules
@ -372,23 +337,19 @@ class TestPolicyRuleSet(GroupPolicyPluginTestCase):
prs = self._create_policy_rule_set_on_shared(shared=True)
self.create_policy_target_group(
provided_policy_rule_sets={prs['id']: None}, shared=True)
self._update_gbp_resource(prs['id'], 'policy_rule_set',
'policy_rule_sets',
expected_res_status=400, shared=False)
self.update_policy_rule_set(
prs['id'], expected_res_status=400, shared=False)
prs = self._create_policy_rule_set_on_shared(shared=True)
self.create_policy_target_group(
provided_policy_rule_sets={prs['id']: None},
shared=False, tenant_id='other')
self._update_gbp_resource(prs['id'], 'policy_rule_set',
'policy_rule_sets',
expected_res_status=400, shared=False)
self.update_policy_rule_set(
prs['id'], expected_res_status=400, shared=False)
# Verify non shared rules can't be set on non shared prs
nsr = self._create_rule_on_shared()
self._update_gbp_resource(prs['id'], 'policy_rule_set',
'policy_rule_sets',
expected_res_status=400,
policy_rules=[nsr['id']])
self.update_policy_rule_set(prs['id'], expected_res_status=400,
policy_rules=[nsr['id']])
def test_policy_rule_set_create_among_tenants(self):
self._create_policy_rule_set_on_shared(tenant_id='other',
@ -409,12 +370,11 @@ class TestPolicyRule(GroupPolicyPluginTestCase):
def test_shared_rule_update(self):
pr = self._create_rule_on_shared()
self._update_gbp_resource(pr['id'], 'policy_rule', 'policy_rules',
expected_res_status=200, shared=True)
self.update_policy_rule(pr['id'], expected_res_status=200, shared=True)
self.create_policy_rule_set(policy_rules=[pr['id']])
self._update_gbp_resource(pr['id'], 'policy_rule', 'policy_rules',
expected_res_status=200, shared=False)
self.update_policy_rule(
pr['id'], expected_res_status=200, shared=False)
def test_shared_rule_create_negative(self):
# Verify shared rule fails with non shared classifier
@ -423,26 +383,29 @@ class TestPolicyRule(GroupPolicyPluginTestCase):
pcns = self.create_policy_classifier(
direction='in', **cl_attr)['policy_classifier']
pc = self.create_policy_classifier(
direction='in', shared=True, **cl_attr)['policy_classifier']
direction='in', shared=True,
**cl_attr)['policy_classifier']
self.create_policy_rule(
pcns['id'], expected_res_status=400, shared=True)
policy_classifier_id=pcns['id'], expected_res_status=400,
shared=True)
#Verify shared rule fails with non shared action
self.create_policy_rule(
pc['id'], policy_actions=[pans['id']],
policy_classifier_id=pc['id'], policy_actions=[pans['id']],
expected_res_status=400, shared=True)
def test_shared_rule_update_negative(self):
pr = self._create_rule_on_shared(shared=True)
self.create_policy_rule_set(policy_rules=[pr['id']], shared=True)
self._update_gbp_resource(pr['id'], 'policy_rule', 'policy_rules',
expected_res_status=400, shared=False)
self.create_policy_rule_set(policy_rules=[pr['id']], shared=True,
tenant_id='another')
self.update_policy_rule(pr['id'],
expected_res_status=400, shared=False)
pr = self._create_rule_on_shared(shared=True)
self.create_policy_rule_set(policy_rules=[pr['id']], shared=False,
tenant_id='other')
self._update_gbp_resource(pr['id'], 'policy_rule', 'policy_rules',
expected_res_status=400, shared=False)
tenant_id='other')
self.update_policy_rule(pr['id'],
expected_res_status=400, shared=False)
def test_rule_create_among_tenants(self):
self._create_rule_on_shared(tenant_id='other',
@ -454,34 +417,31 @@ class TestPolicyClassifier(GroupPolicyPluginTestCase):
cl_attr = {'protocol': 'tcp', 'port_range': 80}
pc = self.create_policy_classifier(**cl_attr)['policy_classifier']
pa = self.create_policy_action(action_type='allow')['policy_action']
self._update_gbp_resource(pc['id'], 'policy_classifier',
'policy_classifiers',
expected_res_status=200, shared=True)
self.update_policy_classifier(
pc['id'], expected_res_status=200, shared=True)
self.create_policy_rule(policy_classifier_id=pc['id'],
policy_actions=[pa['id']])
self._update_gbp_resource(pc['id'], 'policy_classifier',
'policy_classifiers',
expected_res_status=200, shared=False)
self.update_policy_classifier(pc['id'],
expected_res_status=200, shared=False)
def test_shared_policy_classifier_update_negative(self):
cl_attr = {'protocol': 'tcp', 'port_range': 80}
pc = self.create_policy_classifier(shared=True,
**cl_attr)['policy_classifier']
pa = self.create_policy_action(action_type='allow',
shared=True)['policy_action']
self.create_policy_rule(policy_classifier_id=pc['id'],
policy_actions=[pa['id']], shared=True)
self._update_gbp_resource(pc['id'], 'policy_classifier',
'policy_classifiers',
expected_res_status=400, shared=False)
pa = self.create_policy_action(
action_type='allow', shared=True)['policy_action']
self.create_policy_rule(
policy_classifier_id=pc['id'], policy_actions=[pa['id']],
shared=True)
self.update_policy_classifier(pc['id'],
expected_res_status=400, shared=False)
self.create_policy_rule(policy_classifier_id=pc['id'],
policy_actions=[pa['id']], shared=False,
tenant_id='other')
self._update_gbp_resource(pc['id'], 'policy_classifier',
'policy_classifiers',
expected_res_status=400, shared=False)
self.update_policy_classifier(pc['id'],
expected_res_status=400, shared=False)
class TestPolicyTargetGroup(GroupPolicyPluginTestCase):
@ -495,10 +455,12 @@ class TestPolicyTargetGroup(GroupPolicyPluginTestCase):
self.assertEqual(res.status_int, 400)
def test_shared_ptg_create(self):
l2p = self._create_l2_policy_on_shared(shared=True)
l2p = self._create_l2_policy_on_shared(
shared=True)
l2pns = self._create_l2_policy_on_shared()
prs = self._create_policy_rule_set_on_shared(shared=True)
prs = self._create_policy_rule_set_on_shared(
shared=True)
ctns = self._create_policy_rule_set_on_shared()
nsp = self.create_network_service_policy(
@ -542,14 +504,12 @@ class TestPolicyTargetGroup(GroupPolicyPluginTestCase):
def test_shared_ptg_update(self):
ptg = self._create_ptg_on_shared()['policy_target_group']
self._update_gbp_resource(
ptg['id'], 'policy_target_group', 'policy_target_groups',
expected_res_status=200, shared=True)
self.update_policy_target_group(
ptg['id'], expected_res_status=200, shared=True)
self.create_policy_target(policy_target_group_id=ptg['id'])
self._update_gbp_resource(
ptg['id'], 'policy_target_group', 'policy_target_groups',
expected_res_status=200, shared=False)
self.update_policy_target_group(
ptg['id'], expected_res_status=200, shared=False)
def test_shared_ptg_create_negative(self):
l2pns = self._create_l2_policy_on_shared()
@ -561,45 +521,46 @@ class TestPolicyTargetGroup(GroupPolicyPluginTestCase):
# Verify shared PTG fails to provide/consume non shared
# policy_rule_sets
self._create_ptg_on_shared(
shared=True, provided_policy_rule_sets={ctns['id']: ''},
shared=True,
provided_policy_rule_sets={ctns['id']: ''},
consumed_policy_rule_sets={ctns['id']: ''},
expected_res_status=400)
def test_shared_ptg_update_negative(self):
ptg = self._create_ptg_on_shared(shared=True)['policy_target_group']
ptg = self._create_ptg_on_shared(
shared=True)['policy_target_group']
self.create_policy_target(policy_target_group_id=ptg['id'],
tenant_id='other')
self._update_gbp_resource(
ptg['id'], 'policy_target_group', 'policy_target_groups',
expected_res_status=400, shared=False)
self.update_policy_target_group(
ptg['id'], expected_res_status=400, shared=False)
# Verify update to non shared L2p fails
l2p = self.create_l2_policy()['l2_policy']
self._update_gbp_resource(
ptg['id'], 'policy_target_group', 'policy_target_groups',
expected_res_status=400, l2_policy_id=l2p['id'])
self.update_policy_target_group(
ptg['id'], expected_res_status=400,
l2_policy_id=l2p['id'])
# Verify update to non shared NSP fails
nsp = self.create_network_service_policy()['network_service_policy']
self._update_gbp_resource(
ptg['id'], 'policy_target_group', 'policy_target_groups',
expected_res_status=400, network_service_policy_id=nsp['id'])
self.update_policy_target_group(
ptg['id'], expected_res_status=400,
network_service_policy_id=nsp['id'])
# Verify update to non shared provided PRS fails
pts = self._create_policy_rule_set_on_shared()
self._update_gbp_resource(
ptg['id'], 'policy_target_group', 'policy_target_groups',
expected_res_status=400,
self.update_policy_target_group(
ptg['id'], expected_res_status=400,
provided_policy_rule_sets={pts['id']: ''})
# Verify update to non shared consumed PRS fails
self._update_gbp_resource(
ptg['id'], 'policy_target_group', 'policy_target_groups',
expected_res_status=400,
self.update_policy_target_group(
ptg['id'], expected_res_status=400,
consumed_policy_rule_sets={pts['id']: ''})
def test_complex_ptg_create_among_tenant(self):
ctp = self._create_policy_rule_set_on_shared(shared=True)
ctc = self._create_policy_rule_set_on_shared(shared=True)
ctp = self._create_policy_rule_set_on_shared(
shared=True)
ctc = self._create_policy_rule_set_on_shared(
shared=True)
nsp = self.create_network_service_policy(
shared=True)['network_service_policy']
self._create_ptg_on_shared(
@ -625,9 +586,8 @@ class TestExternalSegment(GroupPolicyPluginTestCase):
def test_shared_es_update(self):
es = self.create_external_segment()['external_segment']
for shared in [True, False]:
self._update_gbp_resource(
es['id'], 'external_segment',
'external_segments', expected_res_status=200,
self.update_external_segment(
es['id'], expected_res_status=200,
shared=shared)
def test_create_routes(self):
@ -653,9 +613,8 @@ class TestExternalSegment(GroupPolicyPluginTestCase):
# Verify refused because overlapping with L3P
attrs = {'external_routes': [{'destination': '192.168.2.0/0',
'nexthop': '172.1.1.1'}]}
res = self._update_gbp_resource_full_response(
es['id'], 'external_segment', 'external_segments',
expected_res_status=400, **attrs)
res = self.update_external_segment(
es['id'], expected_res_status=400, **attrs)
self.assertEqual('ExternalRouteOverlapsWithL3PIpPool',
res['NeutronError']['type'])
@ -702,12 +661,10 @@ class TestExternalPolicy(GroupPolicyPluginTestCase):
def test_shared_ep_update(self):
ep = self._create_external_policy_on_shared()
self._update_gbp_resource(
ep['id'], 'external_policy', 'external_policies',
expected_res_status=200, shared=True)
self._update_gbp_resource(
ep['id'], 'external_policy', 'external_policies',
expected_res_status=200, shared=False)
self.update_external_policy(
ep['id'], expected_res_status=200, shared=True)
self.update_external_policy(
ep['id'], expected_res_status=200, shared=False)
def test_shared_ep_create_negative(self):
es = self.create_external_segment()['external_segment']
@ -721,7 +678,8 @@ class TestExternalPolicy(GroupPolicyPluginTestCase):
# Verify shared EP fails to provide/consume non shared
# policy_rule_sets
res = self.create_external_policy(
shared=True, provided_policy_rule_sets={prs['id']: ''},
shared=True,
provided_policy_rule_sets={prs['id']: ''},
consumed_policy_rule_sets={prs['id']: ''},
expected_res_status=400)
self.assertEqual('SharedResourceReferenceError',
@ -731,20 +689,17 @@ class TestExternalPolicy(GroupPolicyPluginTestCase):
ep = self._create_external_policy_on_shared(shared=True)
# Verify update to non shared ES fails
es = self.create_external_segment()['external_segment']
self._update_gbp_resource(
ep['id'], 'external_policy', 'external_policies',
expected_res_status=400, external_segments=[es['id']])
self.update_external_policy(
ep['id'], expected_res_status=400, external_segments=[es['id']])
# Verify update to non shared provided PRS fails
prs = self._create_policy_rule_set_on_shared()
self._update_gbp_resource(
ep['id'], 'external_policy', 'external_policies',
expected_res_status=400,
self.update_external_policy(
ep['id'], expected_res_status=400,
provided_policy_rule_sets={prs['id']: ''})
# Verify update to non shared consumed PRS fails
self._update_gbp_resource(
ep['id'], 'external_policy', 'external_policies',
expected_res_status=400,
self.update_external_policy(
ep['id'], expected_res_status=400,
consumed_policy_rule_sets={prs['id']: ''})
@ -758,14 +713,16 @@ class TestNatPool(GroupPolicyPluginTestCase):
for shared in allowed:
es = self.create_external_segment(
shared=shared['es'])['external_segment']
self.create_nat_pool(external_segment_id=es['id'],
shared=shared['np'], expected_res_status=201)
self.create_nat_pool(
external_segment_id=es['id'], shared=shared['np'],
expected_res_status=201)
def test_nat_pool_shared_create_negative(self):
es = self.create_external_segment(
shared=False)['external_segment']
res = self.create_nat_pool(external_segment_id=es['id'],
shared=True, expected_res_status=400)
res = self.create_nat_pool(
external_segment_id=es['id'], shared=True,
expected_res_status=400)
self.assertEqual('SharedResourceReferenceError',
res['NeutronError']['type'])
@ -774,20 +731,19 @@ class TestNatPool(GroupPolicyPluginTestCase):
for shared in [False, True]:
es = self.create_external_segment(
shared=shared)['external_segment']
self._update_gbp_resource(
np['id'], 'nat_pool', 'nat_pools', expected_res_status=200,
self.update_nat_pool(
np['id'], expected_res_status=200,
external_segment_id=es['id'])
np = self.create_nat_pool(shared=True)['nat_pool']
es = self.create_external_segment(
shared=True)['external_segment']
# Verify shared NP on shared ES
self._update_gbp_resource(
np['id'], 'nat_pool', 'nat_pools', expected_res_status=200,
self.update_nat_pool(
np['id'], expected_res_status=200,
external_segment_id=es['id'])
# Verify unshare NP
self._update_gbp_resource(
np['id'], 'nat_pool', 'nat_pools', expected_res_status=200,
shared=False)
self.update_nat_pool(
np['id'], expected_res_status=200, shared=False)
class TestGroupPolicyPluginGroupResources(

28
gbp/neutron/tests/unit/services/grouppolicy/test_implicit_policy.py
View File

@ -336,17 +336,15 @@ class TestImplicitExternalSegment(ImplicitPolicyTestCase):
self.assertEqual(es['id'], ep['external_segments'][0])
# Verify update
ep = self._update_gbp_resource(
ep['id'], 'external_policy', 'external_policies',
expected_res_status=200,
external_segments=[ndes['id']])
ep = self.update_external_policy(
ep['id'], expected_res_status=200,
external_segments=[ndes['id']])['external_policy']
self.assertEqual(ndes['id'], ep['external_segments'][0])
self.assertEqual(1, len(ep['external_segments']))
# Remove all the ESs and verify default is once again set
ep = self._update_gbp_resource(
ep['id'], 'external_policy', 'external_policies',
expected_res_status=200,
external_segments=[])
ep = self.update_external_policy(
ep['id'], expected_res_status=200,
external_segments=[])['external_policy']
self.assertEqual(es['id'], ep['external_segments'][0])
self.assertEqual(1, len(ep['external_segments']))
@ -361,17 +359,15 @@ class TestImplicitExternalSegment(ImplicitPolicyTestCase):
self.assertEqual(es['id'], l3p['external_segments'].keys()[0])
# Verify update
l3p = self._update_gbp_resource(
l3p['id'], 'l3_policy', 'l3_policies',
expected_res_status=200,
external_segments={ndes['id']: []})
l3p = self.update_l3_policy(
l3p['id'], expected_res_status=200,
external_segments={ndes['id']: []})['l3_policy']
self.assertEqual(ndes['id'], l3p['external_segments'].keys()[0])
self.assertEqual(1, len(l3p['external_segments']))
# Remove all the ESs and verify default is once again set
l3p = self._update_gbp_resource(
l3p['id'], 'l3_policy', 'l3_policies',
expected_res_status=200,
external_segments={})
l3p = self.update_l3_policy(
l3p['id'], expected_res_status=200,
external_segments={})['l3_policy']
self.assertEqual(es['id'], l3p['external_segments'].keys()[0])
self.assertEqual(1, len(l3p['external_segments']))

387
gbp/neutron/tests/unit/services/grouppolicy/test_resource_mapping.py
View File

@ -24,14 +24,17 @@ from neutron.extensions import securitygroup as ext_sg
from neutron import manager
from neutron.notifiers import nova
from neutron.openstack.common import uuidutils
from neutron.plugins.common import constants as pconst
from neutron.tests.unit import test_extension_security_group
from neutron.tests.unit import test_l3_plugin
import webob.exc
from gbp.neutron.db.grouppolicy import group_policy_db as gpdb
from gbp.neutron.db import servicechain_db
from gbp.neutron.services.grouppolicy.common import constants as gconst
from gbp.neutron.services.grouppolicy import config
from gbp.neutron.services.grouppolicy.drivers import resource_mapping
from gbp.neutron.services.servicechain import config as sc_cfg
from gbp.neutron.tests.unit.services.grouppolicy import test_grouppolicy_plugin
SERVICECHAIN_NODES = 'servicechain/servicechain_nodes'
@ -57,7 +60,7 @@ class ResourceMappingTestCase(
config.cfg.CONF.set_override('policy_drivers',
['implicit_policy', 'resource_mapping'],
group='group_policy')
config.cfg.CONF.set_override('servicechain_drivers',
sc_cfg.cfg.CONF.set_override('servicechain_drivers',
['dummy'],
group='servicechain')
config.cfg.CONF.set_override('allow_overlapping_ips', True)
@ -65,11 +68,13 @@ class ResourceMappingTestCase(
res = mock.patch('neutron.db.l3_db.L3_NAT_dbonly_mixin.'
'_check_router_needs_rescheduling').start()
res.return_value = None
self.__plugin = manager.NeutronManager.get_plugin()
self.__context = nctx.get_admin_context()
self._plugin = manager.NeutronManager.get_plugin()
self._context = nctx.get_admin_context()
plugins = manager.NeutronManager.get_service_plugins()
self._gbp_plugin = plugins.get(pconst.GROUP_POLICY)
def get_plugin_context(self):
return self.__plugin, self.__context
return self._plugin, self._context
def _create_network(self, fmt, name, admin_state_up, **kwargs):
"""Override the routine for allowing the router:external attribute."""
@ -120,6 +125,149 @@ class ResourceMappingTestCase(
return set(str(x) for x in result.iter_cidrs())
def _get_cidrs_from_ptgs(self, ptgs):
subnet_ids = []
for ptg in ptgs:
subnet_ids += self.show_policy_target_group(
ptg)['policy_target_group']['subnets']
cidrs = set()
for sid in subnet_ids:
req = self.new_show_request('subnets', sid, fmt=self.fmt)
res = self.deserialize(self.fmt, req.get_response(self.api))
cidrs.add(res['subnet']['cidr'])
return cidrs
def _get_cidrs_from_ep(self, eps, l3ps):
es_ids = []
for ep in eps:
es_ids += self.show_external_policy(
ep)['external_policy']['external_segments']
cidrs = set()
for es_id in es_ids:
cidrs |= self._calculate_expected_external_cidrs(
self.show_external_segment(es_id)['external_segment'], l3ps)
return cidrs
def _get_tenant_l3ps(self, ptg):
res = self._list('l3_policies',
query_params='tenant_id=' + ptg['tenant_id'])
return res['l3_policies']
def _generate_expected_sg_rules(self, prs):
"""Returns a list of expected provider sg rules given a PTG."""
# Get all the needed cidrs:
prs = self._gbp_plugin.get_policy_rule_set(self._context, prs)
providing_ptg_cidrs = self._get_cidrs_from_ptgs(
prs['providing_policy_target_groups'])
if len(prs['providing_policy_target_groups']):
self.assertTrue(len(providing_ptg_cidrs))
consuming_ptg_cidrs = self._get_cidrs_from_ptgs(
prs['consuming_policy_target_groups'])
if len(prs['consuming_policy_target_groups']):
self.assertTrue(len(consuming_ptg_cidrs))
l3p_cidrs = self._get_tenant_l3ps(prs)
providing_ep_cidrs = self._get_cidrs_from_ep(
prs['providing_external_policies'], l3p_cidrs)
if len(prs['providing_external_policies']):
self.assertTrue(len(providing_ep_cidrs))
consuming_ep_cidrs = self._get_cidrs_from_ep(
prs['consuming_external_policies'], l3p_cidrs)
if len(prs['consuming_external_policies']):
self.assertTrue(len(consuming_ep_cidrs))
consumers = consuming_ep_cidrs | consuming_ptg_cidrs
providers = providing_ptg_cidrs | providing_ep_cidrs
mapping = self._get_prs_mapping(prs['id'])
provided_sg = mapping.provided_sg_id
consumed_sg = mapping.consumed_sg_id
# IN: from consumer to provider
# OUT: from provider to consumer
# Egress rules are always generic (to 0.0.0.0/0)
# Igress rules are filtered by subnet
# Only allow rules are verified
prules = [self.show_policy_rule(x)['policy_rule']
for x in prs['policy_rules']]
if len(prs['policy_rules']):
self.assertTrue(len(prules))
expected_rules = []
in_bi = [gconst.GP_DIRECTION_IN, gconst.GP_DIRECTION_BI]
out_bi = [gconst.GP_DIRECTION_OUT, gconst.GP_DIRECTION_BI]
for pr in prules:
if any(self.show_policy_action(x)['policy_action']['action_type']
== 'allow' for x in pr['policy_actions']):
classifier = self.show_policy_classifier(
pr['policy_classifier_id'])['policy_classifier']
protocol = classifier['protocol']
if classifier['port_range']:
port_min, port_max = (
gpdb.GroupPolicyDbPlugin._get_min_max_ports_from_range(
classifier['port_range']))
else:
port_min, port_max = None, None
if classifier['direction'] in in_bi:
# If direction IN/BI, consumer cidrs go into provider SG
for cidr in consumers:
attrs = {'security_group_id': [provided_sg],
'direction': ['ingress'],
'protocol': [protocol],
'port_range_min': [port_min],
'port_range_max': [port_max],
'remote_ip_prefix': [cidr]}
expected_rules.append(attrs)
# And consumer SG have egress allowed
# TODO(ivar): IPv6 support
attrs = {'security_group_id': [consumed_sg],
'direction': ['egress'],
'protocol': [protocol],
'port_range_min': [port_min],
'port_range_max': [port_max],
'remote_ip_prefix': ['0.0.0.0/0']}
expected_rules.append(attrs)
if classifier['direction'] in out_bi:
# If direction OUT/BI, provider CIDRs go into consumer SG
for cidr in providers:
attrs = {'security_group_id': [consumed_sg],
'direction': ['ingress'],
'protocol': [protocol],
'port_range_min': [port_min],
'port_range_max': [port_max],
'remote_ip_prefix': [cidr]}
expected_rules.append(attrs)
# And provider SG have egress allowed
attrs = {'security_group_id': [provided_sg],
'direction': ['egress'],
'protocol': [protocol],
'port_range_min': [port_min],
'port_range_max': [port_max],
'remote_ip_prefix': ['0.0.0.0/0']}
expected_rules.append(attrs)
return expected_rules
def _verify_prs_rules(self, prs):
# Refresh prs
expected = self._generate_expected_sg_rules(prs)
mapping = self._get_prs_mapping(prs)
existing = [
x for x in self._get_sg_rule(
security_group_id=[mapping.provided_sg_id,
mapping.consumed_sg_id])]
for rule in expected:
# Verify the rule exists
r = self._get_sg_rule(**rule)
self.assertTrue(len(r) == 1,
"Rule not found, expected:\n%s" % rule)
existing.remove(r[0])
self.assertTrue(len(existing) == 0,
"Some rules still exist:\n%s" % str(existing))
return expected
class TestPolicyTarget(ResourceMappingTestCase):
@ -139,8 +287,9 @@ class TestPolicyTarget(ResourceMappingTestCase):
l3p = self.create_l3_policy(shared=True, ip_pool='11.0.0.0/8')
l2p = self.create_l2_policy(l3_policy_id=l3p['l3_policy']['id'],
shared=True)
s_ptg = self.create_policy_target_group(name="s_ptg", shared=True,
l2_policy_id=l2p['l2_policy']['id'])
s_ptg = self.create_policy_target_group(
name="s_ptg", shared=True,
l2_policy_id=l2p['l2_policy']['id'])
s_ptg_id = s_ptg['policy_target_group']['id']
pt = self.create_policy_target(name="ep1",
policy_target_group_id=s_ptg_id)
@ -206,6 +355,7 @@ class TestPolicyTarget(ResourceMappingTestCase):
def test_missing_ptg_rejected(self):
data = self.create_policy_target(
policy_target_group_id=None,
name="pt1", expected_res_status=webob.exc.HTTPBadRequest.code)
self.assertEqual('PolicyTargetRequiresPolicyTargetGroup',
data['NeutronError']['type'])
@ -277,8 +427,9 @@ class TestPolicyTargetGroup(ResourceMappingTestCase):
l2p_id = l2p['l2_policy']['id']
# Create policy_target group with implicit subnet.
ptg = self.create_policy_target_group(name="ptg1", l2_policy_id=l2p_id,
shared=shared)
ptg = self.create_policy_target_group(
name="ptg1", l2_policy_id=l2p_id,
shared=shared)
ptg_id = ptg['policy_target_group']['id']
subnets = ptg['policy_target_group']['subnets']
self.assertIsNotNone(subnets)
@ -391,9 +542,8 @@ class TestPolicyTargetGroup(ResourceMappingTestCase):
ptg = self.create_policy_target_group(
l2_policy_id=l2p['id'],
expected_res_status=201)['policy_target_group']
res = self._update_gbp_resource_full_response(
ptg['id'], 'policy_target_group', 'policy_target_groups',
expected_res_status=400,
res = self.update_policy_target_group(
ptg['id'], expected_res_status=400,
subnets=ptg['subnets'] + [sub['subnet']['id']])
self.assertEqual('InvalidSubnetForPTG',
res['NeutronError']['type'])
@ -463,7 +613,8 @@ class TestPolicyTargetGroup(ResourceMappingTestCase):
subnet = self.deserialize(self.fmt,
req.get_response(self.api))['subnet']
#Create PT and retrieve port
pt = self.create_policy_target(ptg['id'])['policy_target']
pt = self.create_policy_target(
policy_target_group_id=ptg['id'])['policy_target']
req = self.new_show_request('ports', pt['port_id'], fmt=self.fmt)
port = self.deserialize(self.fmt, req.get_response(self.api))['port']
@ -504,7 +655,8 @@ class TestPolicyTargetGroup(ResourceMappingTestCase):
self.fmt, req.get_response(
self.ext_api))['policy_target_group']
#Create PT and retrieve port
pt = self.create_policy_target(ptg['id'])['policy_target']
pt = self.create_policy_target(
policy_target_group_id=ptg['id'])['policy_target']
req = self.new_show_request('ports', pt['port_id'], fmt=self.fmt)
port = self.deserialize(self.fmt,
req.get_response(self.api))['port']
@ -534,6 +686,25 @@ class TestPolicyTargetGroup(ResourceMappingTestCase):
'CrossTenantPolicyTargetGroupL2PolicyNotSupported',
res['NeutronError']['type'])
def test_cross_tenant_prs_fails(self):
prs = self.create_policy_rule_set(tenant_id='admin_tenant',
expected_res_status=201)
res = self.create_policy_target_group(
provided_policy_rule_sets={prs['policy_rule_set']['id']: ''},
tenant_id='anothertenant', expected_res_status=404)
self.assertEqual(
'PolicyRuleSetNotFound', res['NeutronError']['type'])
# Verify Update
ptg = self.create_policy_target_group(
tenant_id='anothertenant', expected_res_status=201)
res = self.update_policy_target_group(
ptg['policy_target_group']['id'], tenant_id='anothertenant',
provided_policy_rule_sets={prs['policy_rule_set']['id']: ''},
expected_res_status=404)
self.assertEqual(
'PolicyRuleSetNotFound', res['NeutronError']['type'])
# TODO(rkukura): Test ip_pool exhaustion.
@ -594,14 +765,16 @@ class TestL2Policy(ResourceMappingTestCase):
for shared in [True, False]:
res = self.create_l2_policy(name="l2p1", tenant_id='other',
l3_policy_id=l3p['l3_policy']['id'],
shared=shared, expected_res_status=400)
shared=shared,
expected_res_status=400)
self.assertEqual('CrossTenantL2PolicyL3PolicyNotSupported',
res['NeutronError']['type'])
with self.network() as network:
network_id = network['network']['id']
res = self.create_l2_policy(name="l2p1", network_id=network_id,
shared=True, expected_res_status=400)
shared=True,
expected_res_status=400)
self.assertEqual('NonSharedNetworkOnSharedL2PolicyNotSupported',
res['NeutronError']['type'])
@ -732,15 +905,13 @@ class TestL3Policy(ResourceMappingTestCase):
l3p = self.create_l3_policy(
ip_pool='192.168.0.0/16')['l3_policy']
for external_segments in [{es1['id']: []}, {es2['id']: []}]:
self._update_gbp_resource(
l3p['id'], 'l3_policy', 'l3_policies',
expected_res_status=200,
self.update_l3_policy(
l3p['id'], expected_res_status=200,
external_segments=external_segments)
# es2 to [es1, es2]
external_segments = {es2['id']: [], es1['id']: []}
res = self._update_gbp_resource_full_response(
l3p['id'], 'l3_policy', 'l3_policies',
expected_res_status=400,
res = self.update_l3_policy(
l3p['id'], expected_res_status=400,
external_segments=external_segments)
self.assertEqual('MultipleESPerL3PolicyNotSupported',
res['NeutronError']['type'])
@ -772,9 +943,9 @@ class TestL3Policy(ResourceMappingTestCase):
res['external_gateway_info']['network_id'])
# Verify auto assigned addresses propagated to L3P
es_dict = {es2['id']: []}
l3p = self._update_gbp_resource(
l3p['id'], 'l3_policy', 'l3_policies',
external_segments=es_dict, expected_res_status=200)
l3p = self.update_l3_policy(
l3p['id'], external_segments=es_dict,
expected_res_status=200)['l3_policy']
req = self.new_show_request('routers', l3p['routers'][0],
fmt=self.fmt)
res = self.deserialize(self.fmt, req.get_response(
@ -826,9 +997,8 @@ class TestL3Policy(ResourceMappingTestCase):
req.get_response(self.ext_api))
self.assertEqual(routes1, res['router']['routes'])
es_dict = {es2['id']: []}
self._update_gbp_resource(
l3p['id'], 'l3_policy', 'l3_policies',
external_segments=es_dict, expected_res_status=200)
self.update_l3_policy(l3p['id'], external_segments=es_dict,
expected_res_status=200)
req = self.new_show_request('routers', l3p['routers'][0],
fmt=self.fmt)
res = self.deserialize(self.fmt,
@ -912,6 +1082,7 @@ class TestPolicyRuleSet(ResourceMappingTestCase):
port = self.deserialize(self.fmt, res.get_response(self.api))
security_groups = port['port'][ext_sg.SECURITYGROUPS]
self.assertEqual(len(security_groups), 2)
self._verify_prs_rules(policy_rule_set_id)
# TODO(ivar): we also need to verify that those security groups have the
# right rules
@ -945,6 +1116,7 @@ class TestPolicyRuleSet(ResourceMappingTestCase):
port = self.deserialize(self.fmt, res.get_response(self.api))
security_groups = port['port'][ext_sg.SECURITYGROUPS]
self.assertEqual(len(security_groups), 2)
self._verify_prs_rules(policy_rule_set_id)
# Test update and delete of PTG, how it affects SG mapping
def test_policy_target_group_update(self):
@ -992,6 +1164,8 @@ class TestPolicyRuleSet(ResourceMappingTestCase):
port = self.deserialize(self.fmt, res.get_response(self.api))
security_groups = port['port'][ext_sg.SECURITYGROUPS]
self.assertEqual(len(security_groups), 2)
self._verify_prs_rules(policy_rule_set1_id)
self._verify_prs_rules(policy_rule_set2_id)
# now add a policy_rule_set to PTG
# First we update policy_rule_set2 to be provided by consumed_ptg
@ -1013,6 +1187,18 @@ class TestPolicyRuleSet(ResourceMappingTestCase):
port = self.deserialize(self.fmt, res.get_response(self.api))
security_groups = port['port'][ext_sg.SECURITYGROUPS]
self.assertEqual(len(security_groups), 3)
self._verify_prs_rules(policy_rule_set1_id)
self._verify_prs_rules(policy_rule_set2_id)
# Now verify all rules are removed correctly when PRS are disassociated
self.update_policy_target_group(ptg1_id, provided_policy_rule_sets={},
consumed_policy_rule_sets={},
expected_res_status=200)
self.update_policy_target_group(ptg2_id, provided_policy_rule_sets={},
consumed_policy_rule_sets={},
expected_res_status=200)
self._verify_prs_rules(policy_rule_set1_id)
self._verify_prs_rules(policy_rule_set2_id)
# Test update of policy rules
def test_policy_rule_update(self):
@ -1061,6 +1247,7 @@ class TestPolicyRuleSet(ResourceMappingTestCase):
udp_rule = udp_rules[0]
self.assertEqual(udp_rule['port_range_min'], 30)
self.assertEqual(udp_rule['port_range_max'], 100)
self._verify_prs_rules(policy_rule_set_id)
# Test update of policy classifier
def test_policy_classifier_update(self):
@ -1106,6 +1293,7 @@ class TestPolicyRuleSet(ResourceMappingTestCase):
udp_rule = udp_rules[0]
self.assertEqual(udp_rule['port_range_min'], 50)
self.assertEqual(udp_rule['port_range_max'], 150)
self._verify_prs_rules(policy_rule_set_id)
def test_redirect_to_chain(self):
data = {'servicechain_node': {'service_type': "LOADBALANCER",
@ -1241,7 +1429,8 @@ class TestPolicyRuleSet(ResourceMappingTestCase):
self.assertEqual(len(sc_instances['servicechain_instances']), 0)
def test_shared_policy_rule_set_create_negative(self):
self.create_policy_rule_set(shared=True, expected_res_status=400)
self.create_policy_rule_set(shared=True,
expected_res_status=400)
def test_external_rules_set(self):
# Define the routes
@ -1254,57 +1443,30 @@ class TestPolicyRuleSet(ResourceMappingTestCase):
es = self.create_external_segment(
subnet_id=sub['subnet']['id'],
external_routes=routes)['external_segment']
l3p = self.create_l3_policy(
self.create_l3_policy(
ip_pool='192.168.0.0/16',
external_segments={es['id']: []})['l3_policy']
external_segments={es['id']: []})
self.create_external_policy(
external_segments=[es['id']],
provided_policy_rule_sets={prs['id']: ''})
expected_cidrs = [str(x) for x in (
netaddr.IPSet(['0.0.0.0/0']) -
netaddr.IPSet([l3p['ip_pool']])).iter_cidrs()]
mapping = self._get_prs_mapping(prs['id'])
# Since EP provides, the consumed SG will have ingress rules
# based on the difference between the L3P and the external
# world
attrs = {'security_group_id': [mapping.consumed_sg_id],
'direction': ['ingress'],
'protocol': ['tcp'],
'port_range_min': [22],
'port_range_max': [22],
'remote_ip_prefix': None}
for cidr in expected_cidrs:
attrs['remote_ip_prefix'] = [cidr]
self.assertTrue(self._get_sg_rule(**attrs))
self._verify_prs_rules(prs['id'])
# Add one rule to the PRS
pr2 = self._create_http_allow_rule()
self._update_gbp_resource(
prs['id'], 'policy_rule_set', 'policy_rule_sets',
expected_res_status=200,
policy_rules=[pr['id'], pr2['id']])
self.update_policy_rule_set(prs['id'], expected_res_status=200,
policy_rules=[pr['id'], pr2['id']])
# Verify new rules correctly set
attrs = {'security_group_id': [mapping.consumed_sg_id],
'direction': ['ingress'],
'protocol': ['tcp'],
'port_range_min': [80],
'port_range_max': [80],
'remote_ip_prefix': None}
for cidr in expected_cidrs:
attrs['remote_ip_prefix'] = [cidr]
self.assertTrue(self._get_sg_rule(**attrs))
current_rules = self._verify_prs_rules(prs['id'])
# Remove all the rules, verify that none exist any more
self._update_gbp_resource(prs['id'], 'policy_rule_set',
'policy_rule_sets',
expected_res_status=200,
policy_rules=[])
attrs = {'security_group_id': [mapping.consumed_sg_id],
'direction': ['ingress'],
'protocol': ['tcp'],
'port_range_min': [80, 22],
'port_range_max': [80, 22],
'remote_ip_prefix': expected_cidrs}
self.assertFalse(self._get_sg_rule(**attrs))
self.update_policy_rule_set(
prs['id'], expected_res_status=200, policy_rules=[])
self.assertTrue(len(current_rules) > 0)
for rule in current_rules:
self.assertFalse(self._get_sg_rule(**rule))
class TestExternalSegment(ResourceMappingTestCase):
@ -1336,16 +1498,15 @@ class TestExternalSegment(ResourceMappingTestCase):
es = self.create_external_segment(
subnet_id=sub['subnet']['id'])['external_segment']
for k, v in changes.iteritems():
res = self._update_gbp_resource_full_response(
es['id'], 'external_segment',
'external_segments', expected_res_status=400, **{k: v})
res = self.update_external_segment(
es['id'], expected_res_status=400, **{k: v})
self.assertEqual('InvalidAttributeUpdateForES',
res['NeutronError']['type'])
# Verify route updated correctly
route = {'destination': '0.0.0.0/0', 'nexthop': None}
self._update_gbp_resource(
es['id'], 'external_segment', 'external_segments',
expected_res_status=200, external_routes=[route])
self.update_external_segment(
es['id'], expected_res_status=200,
external_routes=[route])
pr = self._create_ssh_allow_rule()
prs = self.create_policy_rule_set(
policy_rules=[pr['id']])['policy_rule_set']
@ -1359,6 +1520,10 @@ class TestExternalSegment(ResourceMappingTestCase):
expected_cidrs = self._calculate_expected_external_cidrs(
es, [l3p1, l3p2])
mapping = self._get_prs_mapping(prs['id'])
# Not using _verify_prs_rules here because it's testing that
# some specific delta rules are applied/removed instead of
# the whole PRS state.
attrs = {'security_group_id': [mapping.consumed_sg_id],
'direction': ['ingress'],
'protocol': ['tcp'],
@ -1368,11 +1533,12 @@ class TestExternalSegment(ResourceMappingTestCase):
for cidr in expected_cidrs:
attrs['remote_ip_prefix'] = [cidr]
self.assertTrue(self._get_sg_rule(**attrs))
self._verify_prs_rules(prs['id'])
# Update the route and verify the SG rules changed
route = {'destination': '172.0.0.0/8', 'nexthop': None}
es = self._update_gbp_resource(
es['id'], 'external_segment', 'external_segments',
expected_res_status=200, external_routes=[route])
es = self.update_external_segment(
es['id'], expected_res_status=200,
external_routes=[route])['external_segment']
# Verify the old rules have been deleted
new_cidrs = self._calculate_expected_external_cidrs(
@ -1472,9 +1638,9 @@ class TestExternalPolicy(ResourceMappingTestCase):
external_segments=[es1['id']], expected_res_status=201)
ep = ep['external_policy']
# ES update rejectes
res = self._update_gbp_resource_full_response(
ep['id'], 'external_policy', 'external_policies',
external_segments=[es2['id']], expected_res_status=400)
res = self.update_external_policy(
ep['id'], external_segments=[es2['id']],
expected_res_status=400)
self.assertEqual('ESUpdateNotSupportedForEP',
res['NeutronError']['type'])
# Rules changed when changing PRS
@ -1486,67 +1652,40 @@ class TestExternalPolicy(ResourceMappingTestCase):
prs_http = self.create_policy_rule_set(
policy_rules=[pr_http['id']])['policy_rule_set']
self._update_gbp_resource(
ep['id'], 'external_policy', 'external_policies',
provided_policy_rule_sets={prs_ssh['id']: ''},
self.update_external_policy(
ep['id'], provided_policy_rule_sets={prs_ssh['id']: ''},
consumed_policy_rule_sets={prs_ssh['id']: ''},
expected_res_status=200)
expected_cidrs = self._calculate_expected_external_cidrs(
es1, [])
self.assertTrue(len(expected_cidrs) > 0)
mapping = self._get_prs_mapping(prs_ssh['id'])
ssh_attrs = {'security_group_id': None,
'direction': ['ingress'],
'protocol': ['tcp'],
'port_range_min': [22],
'port_range_max': [22],
'remote_ip_prefix': None}
for sg in [mapping.consumed_sg_id, mapping.provided_sg_id]:
for cidr in expected_cidrs:
ssh_attrs['security_group_id'] = [sg]
ssh_attrs['remote_ip_prefix'] = [cidr]
self.assertTrue(self._get_sg_rule(**ssh_attrs))
current_ssh_rules = self._verify_prs_rules(prs_ssh['id'])
self._verify_prs_rules(prs_http['id'])
# Now swap the contract
self._update_gbp_resource(
ep['id'], 'external_policy', 'external_policies',
provided_policy_rule_sets={prs_http['id']: ''},
self.update_external_policy(
ep['id'], provided_policy_rule_sets={prs_http['id']: ''},
consumed_policy_rule_sets={prs_http['id']: ''},
expected_res_status=200)
# SSH rules removed
for sg in [mapping.consumed_sg_id, mapping.provided_sg_id]:
for cidr in expected_cidrs:
ssh_attrs['security_group_id'] = [sg]
ssh_attrs['remote_ip_prefix'] = [cidr]
self.assertFalse(self._get_sg_rule(**ssh_attrs))
for rule in current_ssh_rules:
if not (rule['direction'] == ['egress']
and rule['remote_ip_prefix'] == ['0.0.0.0/0']):
self.assertFalse(self._get_sg_rule(**rule))
# HTTP Added
mapping = self._get_prs_mapping(prs_http['id'])
http_attrs = {'security_group_id': None,
'direction': ['ingress'],
'protocol': ['tcp'],
'port_range_min': [80],
'port_range_max': [80],
'remote_ip_prefix': None}
for sg in [mapping.consumed_sg_id, mapping.provided_sg_id]:
for cidr in expected_cidrs:
http_attrs['security_group_id'] = [sg]
http_attrs['remote_ip_prefix'] = [cidr]
self.assertTrue(self._get_sg_rule(**http_attrs))
current_http_rules = self._verify_prs_rules(prs_http['id'])
# All removed
self._update_gbp_resource(
ep['id'], 'external_policy', 'external_policies',
provided_policy_rule_sets={},
consumed_policy_rule_sets={},
expected_res_status=200)
for sg in [mapping.consumed_sg_id, mapping.provided_sg_id]:
for cidr in expected_cidrs:
ssh_attrs['security_group_id'] = [sg]
ssh_attrs['remote_ip_prefix'] = [cidr]
self.assertFalse(self._get_sg_rule(**http_attrs))
self.update_external_policy(
ep['id'], provided_policy_rule_sets={},
consumed_policy_rule_sets={}, expected_res_status=200)
for rule in current_http_rules:
if not (rule['direction'] == ['egress']
and rule['remote_ip_prefix'] == ['0.0.0.0/0']):
self.assertFalse(self._get_sg_rule(**rule))
class TestPolicyAction(ResourceMappingTestCase):

284
gbp/neutron/tests/unit/test_extension_group_policy.py
View File

@ -11,6 +11,7 @@
# under the License.
import copy
import re
import mock
from neutron.openstack.common import uuidutils
@ -21,6 +22,7 @@ from neutron.tests.unit import test_api_v2_extension
from webob import exc
from gbp.neutron.extensions import group_policy as gp
from gbp.neutron.tests.unit import common as cm
_uuid = uuidutils.generate_uuid
_get_path = test_api_v2._get_path
@ -61,6 +63,18 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
plural_mappings=plural_mappings)
self.instance = self.plugin.return_value
def __getattr__(self, item):
# Verify is an update of a proper GBP object
def _is_gbp_resource(plural):
return plural in gp.RESOURCE_ATTRIBUTE_MAP
# Update Method
if re.match("^get_(create|update).+(default|)_attrs$", item):
resource = re.sub("^get_(create|update)_", "", item)
resource = re.sub("(_default|)_attrs$", "", resource)
if _is_gbp_resource(cm.get_resource_plural(resource)):
return getattr(cm, item)
raise AttributeError
def _test_create_policy_target(self, data, expected_value,
default_data=None):
if not default_data:
@ -76,21 +90,11 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
self.assertIn('policy_target', res)
self.assertEqual(expected_value, res['policy_target'])
def _get_create_policy_target_default_attrs(self):
return {'name': '', 'description': ''}
def _get_create_policy_target_attrs(self):
return {'name': 'ep1', 'policy_target_group_id': _uuid(),
'tenant_id': _uuid(), 'description': 'test policy_target'}
def _get_update_policy_target_attrs(self):
return {'name': 'new_name'}
def test_create_policy_target_with_defaults(self):
policy_target_id = _uuid()
data = {'policy_target': {'policy_target_group_id': _uuid(),
'tenant_id': _uuid()}}
default_attrs = self._get_create_policy_target_default_attrs()
default_attrs = self.get_create_policy_target_default_attrs()
default_data = copy.copy(data)
default_data['policy_target'].update(default_attrs)
expected_value = dict(default_data['policy_target'])
@ -100,7 +104,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
def test_create_policy_target(self):
policy_target_id = _uuid()
data = {'policy_target': self._get_create_policy_target_attrs()}
data = {'policy_target': self.get_create_policy_target_attrs()}
expected_value = dict(data['policy_target'])
expected_value['id'] = policy_target_id
@ -139,7 +143,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
def test_update_policy_target(self):
policy_target_id = _uuid()
update_data = {'policy_target': self._get_update_policy_target_attrs()}
update_data = {'policy_target': self.get_update_policy_target_attrs()}
expected_value = {'tenant_id': _uuid(), 'id': policy_target_id}
self.instance.update_policy_target.return_value = expected_value
@ -174,28 +178,10 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
self.assertIn('policy_target_group', res)
self.assertEqual(expected_value, res['policy_target_group'])
def _get_create_policy_target_group_default_attrs(self):
return {'name': '', 'description': '', 'l2_policy_id': None,
'provided_policy_rule_sets': {},
'consumed_policy_rule_sets': {},
'network_service_policy_id': None, 'shared': False}
def _get_create_policy_target_group_attrs(self):
return {'name': 'ptg1', 'tenant_id': _uuid(),
'description': 'test policy_target group',
'l2_policy_id': _uuid(),
'provided_policy_rule_sets': {_uuid(): None},
'consumed_policy_rule_sets': {_uuid(): None},
'network_service_policy_id': _uuid(),
'shared': False}
def _get_update_policy_target_group_attrs(self):
return {'name': 'new_name'}
def test_create_policy_target_group_with_defaults(self):
policy_target_group_id = _uuid()
data = {'policy_target_group': {'tenant_id': _uuid()}}
default_attrs = self._get_create_policy_target_group_default_attrs()
default_attrs = self.get_create_policy_target_group_default_attrs()
default_data = copy.copy(data)
default_data['policy_target_group'].update(default_attrs)
expected_value = copy.deepcopy(default_data['policy_target_group'])
@ -207,7 +193,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
def test_create_policy_target_group(self):
policy_target_group_id = _uuid()
data = {'policy_target_group':
self._get_create_policy_target_group_attrs()}
self.get_create_policy_target_group_attrs()}
expected_value = copy.deepcopy(data['policy_target_group'])
expected_value['id'] = policy_target_group_id
@ -248,7 +234,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
def test_update_policy_target_group(self):
policy_target_group_id = _uuid()
update_data = {'policy_target_group':
self._get_update_policy_target_group_attrs()}
self.get_update_policy_target_group_attrs()}
expected_value = {'tenant_id': _uuid(), 'id': policy_target_group_id}
self.instance.update_policy_target_group.return_value = expected_value
@ -281,21 +267,10 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
self.assertIn('l2_policy', res)
self.assertEqual(expected_value, res['l2_policy'])
def _get_create_l2_policy_default_attrs(self):
return {'name': '', 'description': '', 'shared': False}
def _get_create_l2_policy_attrs(self):
return {'name': 'l2p1', 'tenant_id': _uuid(),
'description': 'test L2 policy', 'l3_policy_id': _uuid(),
'shared': False}
def _get_update_l2_policy_attrs(self):
return {'name': 'new_name'}
def test_create_l2_policy_with_defaults(self):
l2_policy_id = _uuid()
data = {'l2_policy': {'tenant_id': _uuid(), 'l3_policy_id': _uuid()}}
default_attrs = self._get_create_l2_policy_default_attrs()
default_attrs = self.get_create_l2_policy_default_attrs()
default_data = copy.copy(data)
default_data['l2_policy'].update(default_attrs)
expected_value = dict(default_data['l2_policy'])
@ -305,7 +280,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
def test_create_l2_policy(self):
l2_policy_id = _uuid()
data = {'l2_policy': self._get_create_l2_policy_attrs()}
data = {'l2_policy': self.get_create_l2_policy_attrs()}
expected_value = dict(data['l2_policy'])
expected_value['id'] = l2_policy_id
@ -344,7 +319,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
def test_update_l2_policy(self):
l2_policy_id = _uuid()
update_data = {'l2_policy': self._get_update_l2_policy_attrs()}
update_data = {'l2_policy': self.get_update_l2_policy_attrs()}
expected_value = {'tenant_id': _uuid(), 'id': l2_policy_id}
self.instance.update_l2_policy.return_value = expected_value
@ -377,25 +352,10 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
self.assertIn('l3_policy', res)
self.assertEqual(res['l3_policy'], expected_value)
def _get_create_l3_policy_default_attrs(self):
return {'name': '', 'description': '', 'ip_version': 4,
'ip_pool': '10.0.0.0/8', 'subnet_prefix_length': 24,
'external_segments': {}, 'shared': False}
def _get_create_l3_policy_attrs(self):
return {'name': 'l3p1', 'tenant_id': _uuid(),
'description': 'test L3 policy', 'ip_version': 6,
'ip_pool': 'fd01:2345:6789::/48',
'external_segments': {_uuid(): ['192.168.0.3']},
'subnet_prefix_length': 64, 'shared': False}
def _get_update_l3_policy_attrs(self):
return {'name': 'new_name'}
def test_create_l3_policy_with_defaults(self):
l3_policy_id = _uuid()
data = {'l3_policy': {'tenant_id': _uuid()}}
default_attrs = self._get_create_l3_policy_default_attrs()
default_attrs = self.get_create_l3_policy_default_attrs()
default_data = copy.copy(data)
default_data['l3_policy'].update(default_attrs)
expected_value = dict(default_data['l3_policy'])
@ -405,7 +365,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
def test_create_l3_policy(self):
l3_policy_id = _uuid()
data = {'l3_policy': self._get_create_l3_policy_attrs()}
data = {'l3_policy': self.get_create_l3_policy_attrs()}
expected_value = dict(data['l3_policy'])
expected_value.update({'id': l3_policy_id})
@ -444,7 +404,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
def test_update_l3_policy(self):
l3_policy_id = _uuid()
update_data = {'l3_policy': self._get_update_l3_policy_attrs()}
update_data = {'l3_policy': self.get_update_l3_policy_attrs()}
expected_value = {'tenant_id': _uuid(), 'id': l3_policy_id}
self.instance.update_l3_policy.return_value = expected_value
@ -479,28 +439,10 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
self.assertIn('policy_action', res)
self.assertEqual(expected_value, res['policy_action'])
def _get_create_policy_action_default_attrs(self):
return {'name': '',
'description': '',
'action_type': 'allow',
'action_value': None,
'shared': False}
def _get_create_policy_action_attrs(self):
return {'name': 'pa1',
'tenant_id': _uuid(),
'description': 'test policy action',
'action_type': 'redirect',
'action_value': _uuid(),
'shared': False}
def _get_update_policy_action_attrs(self):
return {'name': 'new_name'}
def test_create_policy_action_with_defaults(self):
policy_action_id = _uuid()
data = {'policy_action': {'tenant_id': _uuid()}}
default_attrs = self._get_create_policy_action_default_attrs()
default_attrs = self.get_create_policy_action_default_attrs()
default_data = copy.copy(data)
default_data['policy_action'].update(default_attrs)
expected_value = dict(default_data['policy_action'])
@ -510,7 +452,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
def test_create_policy_action(self):
policy_action_id = _uuid()
data = {'policy_action': self._get_create_policy_action_attrs()}
data = {'policy_action': self.get_create_policy_action_attrs()}
expected_value = dict(data['policy_action'])
expected_value['id'] = policy_action_id
@ -553,7 +495,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
def test_update_policy_action(self):
policy_action_id = _uuid()
update_data = {'policy_action':
self._get_update_policy_action_attrs()}
self.get_update_policy_action_attrs()}
expected_value = {'tenant_id': _uuid(),
'id': policy_action_id}
@ -591,30 +533,10 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
self.assertIn('policy_classifier', res)
self.assertEqual(expected_value, res['policy_classifier'])
def _get_create_policy_classifier_default_attrs(self):
return {'name': '',
'description': '',
'protocol': None,
'port_range': None,
'direction': None,
'shared': False}
def _get_create_policy_classifier_attrs(self):
return {'name': 'pc1',
'description': 'test policy classifier',
'tenant_id': _uuid(),
'protocol': 'tcp',
'port_range': '100:200',
'direction': 'in',
'shared': False}
def _get_update_policy_classifier_attrs(self):
return {'name': 'new_name'}
def test_create_policy_classifier_with_defaults(self):
policy_classifier_id = _uuid()
data = {'policy_classifier': {'tenant_id': _uuid()}}
default_attrs = self._get_create_policy_classifier_default_attrs()
default_attrs = self.get_create_policy_classifier_default_attrs()
default_data = copy.copy(data)
default_data['policy_classifier'].update(default_attrs)
expected_value = dict(default_data['policy_classifier'])
@ -625,7 +547,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
def test_create_policy_classifier(self):
policy_classifier_id = _uuid()
data = {'policy_classifier':
self._get_create_policy_classifier_attrs()}
self.get_create_policy_classifier_attrs()}
expected_value = dict(data['policy_classifier'])
expected_value['id'] = policy_classifier_id
@ -666,7 +588,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
def test_update_policy_classifier(self):
policy_classifier_id = _uuid()
update_data = {'policy_classifier':
self._get_update_policy_classifier_attrs()}
self.get_update_policy_classifier_attrs()}
expected_value = {'tenant_id': _uuid(),
'id': policy_classifier_id}
@ -704,30 +626,11 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
self.assertIn('policy_rule', res)
self.assertEqual(expected_value, res['policy_rule'])
def _get_create_policy_rule_default_attrs(self):
return {'name': '',
'description': '',
'enabled': True,
'policy_actions': [],
'shared': False}
def _get_create_policy_rule_attrs(self):
return {'name': 'pr1',
'description': 'test policy rule',
'tenant_id': _uuid(),
'enabled': True,
'policy_classifier_id': _uuid(),
'policy_actions': [_uuid()],
'shared': False}
def _get_update_policy_rule_attrs(self):
return {'name': 'new_name'}
def test_create_policy_rule_with_defaults(self):
policy_rule_id = _uuid()
data = {'policy_rule': {'tenant_id': _uuid(), 'policy_classifier_id':
_uuid()}}
default_attrs = self._get_create_policy_rule_default_attrs()
default_attrs = self.get_create_policy_rule_default_attrs()
default_data = copy.copy(data)
default_data['policy_rule'].update(default_attrs)
expected_value = dict(default_data['policy_rule'])
@ -738,7 +641,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
def test_create_policy_rule(self):
policy_rule_id = _uuid()
data = {'policy_rule':
self._get_create_policy_rule_attrs()}
self.get_create_policy_rule_attrs()}
expected_value = dict(data['policy_rule'])
expected_value['id'] = policy_rule_id
@ -780,7 +683,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
def test_update_policy_rule(self):
policy_rule_id = _uuid()
update_data = {'policy_rule':
self._get_update_policy_rule_attrs()}
self.get_update_policy_rule_attrs()}
expected_value = {'tenant_id': _uuid(),
'id': policy_rule_id}
@ -818,28 +721,10 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
self.assertIn('policy_rule_set', res)
self.assertEqual(expected_value, res['policy_rule_set'])
def _get_create_policy_rule_set_default_attrs(self):
return {'name': '',
'description': '',
'child_policy_rule_sets': [],
'policy_rules': [],
'shared': False}
def _get_create_policy_rule_set_attrs(self):
return {'name': 'policy_rule_set1',
'description': 'test policy_rule_set',
'tenant_id': _uuid(),
'child_policy_rule_sets': [_uuid()],
'policy_rules': [_uuid()],
'shared': False}
def _get_update_policy_rule_set_attrs(self):
return {'name': 'new_name'}
def test_create_policy_rule_set_with_defaults(self):
policy_rule_set_id = _uuid()
data = {'policy_rule_set': {'tenant_id': _uuid()}}
default_attrs = self._get_create_policy_rule_set_default_attrs()
default_attrs = self.get_create_policy_rule_set_default_attrs()
default_data = copy.copy(data)
default_data['policy_rule_set'].update(default_attrs)
expected_value = dict(default_data['policy_rule_set'])
@ -850,7 +735,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
def test_create_policy_rule_set(self):
policy_rule_set_id = _uuid()
data = {'policy_rule_set':
self._get_create_policy_rule_set_attrs()}
self.get_create_policy_rule_set_attrs()}
expected_value = dict(data['policy_rule_set'])
expected_value['id'] = policy_rule_set_id
@ -891,7 +776,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
def test_update_policy_rule_set(self):
policy_rule_set_id = _uuid()
update_data = {'policy_rule_set':
self._get_update_policy_rule_set_attrs()}
self.get_update_policy_rule_set_attrs()}
expected_value = {'tenant_id': _uuid(),
'id': policy_rule_set_id}
@ -929,24 +814,10 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
self.assertIn('network_service_policy', res)
self.assertEqual(expected_value, res['network_service_policy'])
def _get_create_network_service_policy_default_attrs(self):
return {'name': '', 'description': '',
'network_service_params': [], 'shared': False}
def _get_create_network_service_policy_attrs(self):
return {'name': 'nsp1', 'tenant_id': _uuid(),
'shared': False,
'description': 'test Net Svc Policy',
'network_service_params': [{'type': 'ip_single', 'name': 'vip',
'value': 'self_subnet'}]}
def _get_update_network_service_policy_attrs(self):
return {'name': 'new_name'}
def test_create_network_service_policy_with_defaults(self):
network_service_policy_id = _uuid()
data = {'network_service_policy': {'tenant_id': _uuid()}}
default_attrs = self._get_create_network_service_policy_default_attrs()
default_attrs = self.get_create_network_service_policy_default_attrs()
default_data = copy.copy(data)
default_data['network_service_policy'].update(default_attrs)
expected_value = dict(default_data['network_service_policy'])
@ -958,7 +829,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
def test_create_network_service_policy(self):
network_service_policy_id = _uuid()
data = {'network_service_policy':
self._get_create_network_service_policy_attrs()}
self.get_create_network_service_policy_attrs()}
expected_value = copy.deepcopy(data['network_service_policy'])
expected_value['id'] = network_service_policy_id
@ -1002,7 +873,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
def test_update_network_service_policy(self):
network_service_policy_id = _uuid()
update_data = {'network_service_policy':
self._get_update_network_service_policy_attrs()}
self.get_update_network_service_policy_attrs()}
expected_value = {'tenant_id': _uuid(),
'id': network_service_policy_id}
@ -1105,31 +976,13 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
self.assertIn(entity, res)
self.assertEqual(expected_value, res[entity])
def _get_create_external_policy_default_attrs(self):
return {'name': '', 'description': '',
'external_segments': [],
'provided_policy_rule_sets': {},
'consumed_policy_rule_sets': {},
'shared': False}
def _get_create_external_policy_attrs(self):
return {'name': 'ep1', 'tenant_id': _uuid(),
'description': 'test ep',
'external_segments': [_uuid()],
'provided_policy_rule_sets': {_uuid(): None},
'consumed_policy_rule_sets': {_uuid(): None},
'shared': False}
def _get_update_external_policy_attrs(self):
return {'name': 'new_name'}
def test_create_external_policy_with_defaults(self):
default_attrs = self._get_create_external_policy_default_attrs()
default_attrs = self.get_create_external_policy_default_attrs()
self._test_create_entity_with_defaults('external_policy',
default_attrs)
def test_create_external_policy(self):
attrs = self._get_create_external_policy_attrs()
attrs = self.get_create_external_policy_attrs()
self._test_create_entity_with_attrs('external_policy', attrs)
def test_list_external_policies(self):
@ -1139,40 +992,20 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
self._test_get_entity('external_policy')
def test_update_external_policy(self):
update_data = self._get_update_external_policy_attrs()
update_data = self.get_update_external_policy_attrs()
self._test_update_entity('external_policy', update_data)
def test_delete_external_policy_(self):
self._test_entity_delete('external_policy')
def _get_create_external_segment_default_attrs(self):
return {'name': '', 'description': '',
'external_routes': [],
'ip_version': 4,
'cidr': '172.16.0.0/12',
'port_address_translation': False,
'shared': False}
def _get_create_external_segment_attrs(self):
return {'name': 'es1', 'tenant_id': _uuid(),
'description': 'test ep',
'external_routes': [{'destination': '0.0.0.0/0',
'nexthop': '192.168.0.1'}],
'cidr': '192.168.0.0/24',
'ip_version': 4, 'port_address_translation': True,
'shared': False}
def _get_update_external_segment_attrs(self):
return {'name': 'new_name'}
def test_create_external_segment_with_defaults(self):
default_attrs = (
self._get_create_external_segment_default_attrs())
self.get_create_external_segment_default_attrs())
self._test_create_entity_with_defaults('external_segment',
default_attrs)
def test_create_external_segment(self):
attrs = self._get_create_external_segment_attrs()
attrs = self.get_create_external_segment_attrs()
self._test_create_entity_with_attrs('external_segment', attrs)
def test_list_external_segments(self):
@ -1182,37 +1015,20 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
self._test_get_entity('external_segment')
def test_update_external_segment(self):
update_data = self._get_update_external_segment_attrs()
update_data = self.get_update_external_segment_attrs()
self._test_update_entity('external_segment', update_data)
def test_delete_external_segment_(self):
self._test_entity_delete('external_segment')
def _get_create_nat_pool_default_attrs(self):
return {'name': '', 'description': '',
'external_segment_id': None, 'ip_version': 4,
'ip_pool': '172.16.0.0/16',
'shared': False}
def _get_create_nat_pool_attrs(self):
return {'name': 'es1', 'tenant_id': _uuid(),
'description': 'test ep',
'ip_version': 4,
'ip_pool': '172.16.0.0/16',
'external_segment_id': _uuid(),
'shared': False}
def _get_update_nat_pool_attrs(self):
return {'name': 'new_name'}
def test_create_nat_pool_with_defaults(self):
default_attrs = (
self._get_create_nat_pool_default_attrs())
self.get_create_nat_pool_default_attrs())
self._test_create_entity_with_defaults('nat_pool',
default_attrs)
def test_create_nat_pool(self):
attrs = self._get_create_nat_pool_attrs()
attrs = self.get_create_nat_pool_attrs()
self._test_create_entity_with_attrs('nat_pool', attrs)
def test_list_nat_pools(self):
@ -1222,7 +1038,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase):
self._test_get_entity('nat_pool')
def test_update_nat_pool(self):
update_data = self._get_update_nat_pool_attrs()
update_data = self.get_update_nat_pool_attrs()
self._test_update_entity('nat_pool', update_data)
def test_delete_nat_pool_(self):

61
gbp/neutron/tests/unit/test_extension_group_policy_mapping.py
View File

@ -14,6 +14,7 @@ from neutron.plugins.common import constants
from gbp.neutron.extensions import group_policy as gp
from gbp.neutron.extensions import group_policy_mapping as gpm
from gbp.neutron.tests.unit import common as cm
from gbp.neutron.tests.unit import test_extension_group_policy as tgp
@ -52,74 +53,62 @@ class GroupPolicyMappingExtTestCase(tgp.GroupPolicyExtensionTestCase):
def _restore_gp_attr_map(self):
gp.RESOURCE_ATTRIBUTE_MAP = self._saved_gp_attr_map
def _get_create_policy_target_default_attrs(self):
attrs = (super(GroupPolicyMappingExtTestCase, self).
_get_create_policy_target_default_attrs())
def get_create_policy_target_default_attrs(self):
attrs = cm.get_create_policy_target_default_attrs()
attrs.update({'port_id': None})
return attrs
def _get_create_policy_target_attrs(self):
attrs = (super(GroupPolicyMappingExtTestCase, self).
_get_create_policy_target_attrs())
def get_create_policy_target_attrs(self):
attrs = cm.get_create_policy_target_attrs()
attrs.update({'port_id': tgp._uuid()})
return attrs
def _get_create_policy_target_group_default_attrs(self):
attrs = (super(GroupPolicyMappingExtTestCase, self).
_get_create_policy_target_group_default_attrs())
def get_create_policy_target_group_default_attrs(self):
attrs = cm.get_create_policy_target_group_default_attrs()
attrs.update({'subnets': []})
return attrs
def _get_create_policy_target_group_attrs(self):
attrs = (super(GroupPolicyMappingExtTestCase, self).
_get_create_policy_target_group_attrs())
def get_create_policy_target_group_attrs(self):
attrs = cm.get_create_policy_target_group_attrs()
attrs.update({'subnets': [tgp._uuid()]})
return attrs
def _get_update_policy_target_group_attrs(self):
attrs = (super(GroupPolicyMappingExtTestCase, self).
_get_update_policy_target_group_attrs())
def get_update_policy_target_group_attrs(self):
attrs = cm.get_update_policy_target_group_attrs()
attrs.update({'subnets': [tgp._uuid()]})
return attrs
def _get_create_l2_policy_default_attrs(self):
attrs = (super(GroupPolicyMappingExtTestCase, self).
_get_create_l2_policy_default_attrs())
def get_create_l2_policy_default_attrs(self):
attrs = cm.get_create_l2_policy_default_attrs()
attrs.update({'network_id': None})
return attrs
def _get_create_l2_policy_attrs(self):
attrs = (super(GroupPolicyMappingExtTestCase, self).
_get_create_l2_policy_attrs())
def get_create_l2_policy_attrs(self):
attrs = cm.get_create_l2_policy_attrs()
attrs.update({'network_id': tgp._uuid()})
return attrs
def _get_create_l3_policy_default_attrs(self):
attrs = (super(GroupPolicyMappingExtTestCase, self).
_get_create_l3_policy_default_attrs())
def get_create_l3_policy_default_attrs(self):
attrs = cm.get_create_l3_policy_default_attrs()
attrs.update({'routers': []})
return attrs
def _get_create_l3_policy_attrs(self):
attrs = (super(GroupPolicyMappingExtTestCase, self).
_get_create_l3_policy_attrs())
def get_create_l3_policy_attrs(self):
attrs = cm.get_create_l3_policy_attrs()
attrs.update({'routers': [tgp._uuid(), tgp._uuid()]})
return attrs
def _get_update_l3_policy_attrs(self):
attrs = (super(GroupPolicyMappingExtTestCase, self).
_get_update_l3_policy_attrs())
def get_update_l3_policy_attrs(self):
attrs = cm.get_update_l3_policy_attrs()
attrs.update({'routers': [tgp._uuid(), tgp._uuid()]})
return attrs
def _get_create_external_segment_default_attrs(self):
attrs = (super(GroupPolicyMappingExtTestCase, self).
_get_create_external_segment_default_attrs())
def get_create_external_segment_default_attrs(self):
attrs = cm.get_create_external_segment_default_attrs()
attrs.update({'subnet_id': None})
return attrs
def _get_create_external_segment_attrs(self):
attrs = (super(GroupPolicyMappingExtTestCase, self).
_get_create_external_segment_attrs())
def get_create_external_segment_attrs(self):
attrs = cm.get_create_external_segment_attrs()
attrs.update({'subnet_id': tgp._uuid()})
return attrs