diff --git a/etc/policy.json b/etc/policy.json index 41b19c503..751ad71fa 100644 --- a/etc/policy.json +++ b/etc/policy.json @@ -44,5 +44,20 @@ "create_network_service_policy": "", "create_network_service_policy:shared": "rule:admin_only", "get_network_service_policy": "rule:admin_or_owner or rule:gbp_shared", - "update_network_service_policy:shared": "rule:admin_only" + "update_network_service_policy:shared": "rule:admin_only", + + "create_external_segment": "", + "create_external_segment:shared": "rule:admin_only", + "get_external_segment": "rule:admin_or_owner or rule:gbp_shared", + "update_external_segment:shared": "rule:admin_only", + + "create_external_policy": "", + "create_external_policy:shared": "rule:admin_only", + "get_external_policy": "rule:admin_or_owner or rule:gbp_shared", + "update_external_policy:shared": "rule:admin_only", + + "create_nat_pool": "", + "create_nat_pool:shared": "rule:admin_only", + "get_nat_pool": "rule:admin_or_owner or rule:gbp_shared", + "update_nat_pool:shared": "rule:admin_only" } diff --git a/etc/test-policy.json b/etc/test-policy.json new file mode 100644 index 000000000..9549a065b --- /dev/null +++ b/etc/test-policy.json @@ -0,0 +1,41 @@ +{ + "context_is_admin": "role:admin", + "admin_or_owner": "rule:context_is_admin or tenant_id:%(tenant_id)s", + "admin_only": "rule:context_is_admin", + "regular_user": "", + "default": "rule:admin_or_owner", + "gbp_shared": "field:policy_target_groups:shared=True", + + "create_policy_target_group": "", + "get_policy_target_group": "rule:admin_or_owner or rule:gbp_shared", + + "create_l2_policy": "", + "get_l2_policy": "rule:admin_or_owner or rule:gbp_shared", + + "create_l3_policy": "", + "get_l3_policy": "rule:admin_or_owner or rule:gbp_shared", + + "create_policy_classifier": "", + "get_policy_classifier": "rule:admin_or_owner or rule:gbp_shared", + + "create_policy_action": "", + "get_policy_action": "rule:admin_or_owner or rule:gbp_shared", + + "create_policy_rule": "", + "get_policy_rule": "rule:admin_or_owner or rule:gbp_shared", + + "create_policy_rule_set": "", + "get_policy_rule_set": "rule:admin_or_owner or rule:gbp_shared", + + "create_network_service_policy": "", + "get_network_service_policy": "rule:admin_or_owner or rule:gbp_shared", + + "create_external_segment": "", + "get_external_segment": "rule:admin_or_owner or rule:gbp_shared", + + "create_external_policy": "", + "get_external_policy": "rule:admin_or_owner or rule:gbp_shared", + + "create_nat_pool": "", + "get_nat_pool": "rule:admin_or_owner or rule:gbp_shared" +} diff --git a/gbp/neutron/services/grouppolicy/drivers/cisco/apic/apic_mapping.py b/gbp/neutron/services/grouppolicy/drivers/cisco/apic/apic_mapping.py index 3fad2ad12..1d1cd0915 100644 --- a/gbp/neutron/services/grouppolicy/drivers/cisco/apic/apic_mapping.py +++ b/gbp/neutron/services/grouppolicy/drivers/cisco/apic/apic_mapping.py @@ -224,9 +224,11 @@ class ApicMappingDriver(api.ResourceMappingDriver): with self.apic_manager.apic.transaction(None) as trs: self.apic_manager.create_contract( contract, owner=tenant, transaction=trs) + rules = self.gbp_plugin.get_policy_rules( + context._plugin_context, + {'id': context.current['policy_rules']}) self._apply_policy_rule_set_rules( - context, context.current, context.current['policy_rules'], - transaction=trs) + context, context.current, rules, transaction=trs) def create_policy_target_postcommit(self, context): # The path needs to be created at bind time, this will be taken @@ -655,9 +657,7 @@ class ApicMappingDriver(api.ResourceMappingDriver): context.current['id']) in_dir = [g_const.GP_DIRECTION_BI, g_const.GP_DIRECTION_IN] out_dir = [g_const.GP_DIRECTION_BI, g_const.GP_DIRECTION_OUT] - filters = {'id': policy_rules} - for rule in context._plugin.get_policy_rules( - context._plugin_context, filters=filters): + for rule in policy_rules: policy_rule = self.name_mapper.policy_rule(context, rule['id']) rule_owner = self._tenant_by_sharing_policy(rule) classifier = context._plugin.get_policy_classifier( diff --git a/gbp/neutron/services/grouppolicy/drivers/resource_mapping.py b/gbp/neutron/services/grouppolicy/drivers/resource_mapping.py index a49a3995c..8e5a6d003 100644 --- a/gbp/neutron/services/grouppolicy/drivers/resource_mapping.py +++ b/gbp/neutron/services/grouppolicy/drivers/resource_mapping.py @@ -360,6 +360,9 @@ class ResourceMappingDriver(api.PolicyDriver): self._update_sgs_on_ptg(context, ptg_id, removed_provided_prs, removed_consumed_prs, "DISASSOCIATE") + subnets = context.original['subnets'] + self._unset_sg_rules_for_subnets( + context, subnets, removed_provided_prs, removed_consumed_prs) # Deal with new added subnets for default SG # Subnet removal not possible for now new_subnets = list(set(context.current['subnets']) - @@ -509,7 +512,7 @@ class ResourceMappingDriver(api.PolicyDriver): pr_sets = context._plugin._get_policy_rule_policy_rule_sets( context._plugin_context, pr_id) self._update_policy_rule_sg_rules(context, pr_sets, - policy_rule, None, context.original, context.current) + policy_rule, context.original, context.current) @log.log def delete_policy_classifier_precommit(self, context): @@ -568,13 +571,17 @@ class ResourceMappingDriver(api.PolicyDriver): new_classifier_id = context.current['policy_classifier_id'] old_action_set = set(context.current['policy_actions']) new_action_set = set(context.original['policy_actions']) - if old_classifier_id != new_classifier_id or \ - old_action_set != new_action_set: - policy_rule_sets =\ + if (old_classifier_id != new_classifier_id or + old_action_set != new_action_set): + policy_rule_sets = ( context._plugin._get_policy_rule_policy_rule_sets( - context._plugin_context, context.current['id']) - self._update_policy_rule_sg_rules(context, policy_rule_sets, - context.original, context.current) + context._plugin_context, context.current['id'])) + for prs in context._plugin.get_policy_rule_sets( + context._plugin_context, filters={'id': policy_rule_sets}): + self._remove_policy_rule_set_rules(context, prs, + [context.original]) + self._apply_policy_rule_set_rules(context, prs, + [context.current]) @log.log def delete_policy_rule_precommit(self, context): @@ -586,16 +593,10 @@ class ResourceMappingDriver(api.PolicyDriver): @log.log def delete_policy_rule_postcommit(self, context): - for policy_rule_set_id in context._rmd_policy_rule_sets_temp: - policy_rule_set = context._plugin.get_policy_rule_set( - context._plugin_context, policy_rule_set_id) - policy_rule_set_sg_mappings = self._get_policy_rule_set_sg_mapping( - context._plugin_context.session, policy_rule_set['id']) - cidr_mapping = self._get_ptg_cidrs_mapping( - context, policy_rule_set) - self._add_or_remove_policy_rule_set_rule( - context, context.current, policy_rule_set_sg_mappings, - cidr_mapping, unset=True) + for prs in context._plugin.get_policy_rule_sets( + context._plugin_context, + filters={'id': context.current['policy_rule_sets']}): + self._remove_policy_rule_set_rules(context, prs, [context.current]) @log.log def create_policy_rule_set_precommit(self, context): @@ -612,8 +613,10 @@ class ResourceMappingDriver(api.PolicyDriver): self._set_policy_rule_set_sg_mapping( context._plugin_context.session, policy_rule_set_id, consumed_sg_id, provided_sg_id) - self._apply_policy_rule_set_rules( - context, context.current, context.current['policy_rules']) + rules = context._plugin.get_policy_rules( + context._plugin_context, + {'id': context.current['policy_rules']}) + self._apply_policy_rule_set_rules(context, context.current, rules) @log.log def update_policy_rule_set_precommit(self, context): @@ -624,8 +627,10 @@ class ResourceMappingDriver(api.PolicyDriver): # Update policy_rule_set rules old_rules = set(context.original['policy_rules']) new_rules = set(context.current['policy_rules']) - to_add = new_rules - old_rules - to_remove = old_rules - new_rules + to_add = context._plugin.get_policy_rules( + context._plugin_context, {'id': new_rules - old_rules}) + to_remove = context._plugin.get_policy_rules( + context._plugin_context, {'id': old_rules - new_rules}) self._remove_policy_rule_set_rules(context, context.current, to_remove) self._apply_policy_rule_set_rules(context, context.current, to_add) # Update children contraint @@ -1012,7 +1017,14 @@ class ResourceMappingDriver(api.PolicyDriver): 'name': sg_name_prefix + '_' + context.current['name'], 'description': '', 'security_group_rules': ''} - return self._create_sg(context._plugin_context, attrs) + sg = self._create_sg(context._plugin_context, attrs) + # Cleanup default rules + for rule in self._core_plugin.get_security_group_rules( + context._plugin_context, + filters={'security_group_id': [sg['id']]}): + self._core_plugin.delete_security_group_rule( + context._plugin_context, rule['id']) + return sg def _handle_policy_rule_sets(self, context): # This method handles policy_rule_set => SG mapping @@ -1039,29 +1051,22 @@ class ResourceMappingDriver(api.PolicyDriver): # updates sg rules corresponding to a policy rule def _update_policy_rule_sg_rules(self, context, policy_rule_sets, - old_policy_rule, new_policy_rule, - old_classifier=None, new_classifier=None): + policy_rule, old_classifier=None, + new_classifier=None): policy_rule_set_list = context._plugin.get_policy_rule_sets( context._plugin_context, filters={'id': policy_rule_sets}) for policy_rule_set in policy_rule_set_list: policy_rule_set_sg_mappings = self._get_policy_rule_set_sg_mapping( context._plugin_context.session, policy_rule_set['id']) - cidr_mapping = self._get_ptg_cidrs_mapping( + cidr_mapping = self._get_cidrs_mapping( context, policy_rule_set) - if old_classifier: - self._add_or_remove_policy_rule_set_rule( - context, old_policy_rule, policy_rule_set_sg_mappings, - cidr_mapping, unset=True, classifier=old_classifier) - self._add_or_remove_policy_rule_set_rule( - context, old_policy_rule, policy_rule_set_sg_mappings, - cidr_mapping, classifier=new_classifier) - else: - self._add_or_remove_policy_rule_set_rule( - context, old_policy_rule, policy_rule_set_sg_mappings, - cidr_mapping, unset=True) - self._add_or_remove_policy_rule_set_rule( - context, new_policy_rule, policy_rule_set_sg_mappings, - cidr_mapping) + self._add_or_remove_policy_rule_set_rule( + context, policy_rule, policy_rule_set_sg_mappings, + cidr_mapping, unset=True, unset_egress=True, + classifier=old_classifier) + self._add_or_remove_policy_rule_set_rule( + context, policy_rule, policy_rule_set_sg_mappings, + cidr_mapping, classifier=new_classifier) def _set_policy_ipaddress_mapping(self, session, service_policy_id, policy_target_group, ipaddress): @@ -1617,10 +1622,9 @@ class ResourceMappingDriver(api.PolicyDriver): else: self._disassoc_sgs_from_pt(context, pt_id, sg_list) - # context should be PTG - def _set_sg_rules_for_subnets( + def _set_or_unset_rules_for_subnets( self, context, subnets, provided_policy_rule_sets, - consumed_policy_rule_sets): + consumed_policy_rule_sets, unset=False): if not provided_policy_rule_sets and not consumed_policy_rule_sets: return @@ -1630,9 +1634,24 @@ class ResourceMappingDriver(api.PolicyDriver): subnet_id) cidr = subnet['cidr'] cidr_list.append(cidr) - self._set_sg_rules_for_cidrs(context, cidr_list, - provided_policy_rule_sets, - consumed_policy_rule_sets) + self._set_or_unset_rules_for_cidrs( + context, cidr_list, provided_policy_rule_sets, + consumed_policy_rule_sets, unset=unset) + + # context should be PTG + def _set_sg_rules_for_subnets( + self, context, subnets, provided_policy_rule_sets, + consumed_policy_rule_sets): + self._set_or_unset_rules_for_subnets( + context, subnets, provided_policy_rule_sets, + consumed_policy_rule_sets) + + def _unset_sg_rules_for_subnets( + self, context, subnets, provided_policy_rule_sets, + consumed_policy_rule_sets): + self._set_or_unset_rules_for_subnets( + context, subnets, provided_policy_rule_sets, + consumed_policy_rule_sets, unset=True) def _set_sg_rules_for_cidrs(self, context, cidr_list, provided_policy_rule_sets, @@ -1671,35 +1690,22 @@ class ResourceMappingDriver(api.PolicyDriver): cidr_mapping, unset=unset) def _manage_policy_rule_set_rules(self, context, policy_rule_set, - policy_rules, unset=False): + policy_rules, unset=False, + unset_egress=False): policy_rule_set_sg_mappings = self._get_policy_rule_set_sg_mapping( context._plugin_context.session, policy_rule_set['id']) policy_rule_set = context._plugin.get_policy_rule_set( context._plugin_context, policy_rule_set['id']) - cidr_mapping = self._get_ptg_cidrs_mapping(context, policy_rule_set) - providing_eps = policy_rule_set['providing_external_policies'] - providing_eps = context._plugin.get_external_policies( - context._plugin_context, filters={'id': providing_eps}) - for ep in providing_eps: - cidr_mapping['providing_cidrs'].extend( - self._get_processed_ep_cidr_list(context, ep)) - consuming_eps = policy_rule_set['consuming_external_policies'] - consuming_eps = context._plugin.get_external_policies( - context._plugin_context, filters={'id': consuming_eps}) - for ep in consuming_eps: - cidr_mapping['consuming_cidrs'].extend( - self._get_processed_ep_cidr_list(context, ep)) - for policy_rule_id in policy_rules: - policy_rule = context._plugin.get_policy_rule( - context._plugin_context, policy_rule_id) - + cidr_mapping = self._get_cidrs_mapping(context, policy_rule_set) + for policy_rule in policy_rules: self._add_or_remove_policy_rule_set_rule( context, policy_rule, policy_rule_set_sg_mappings, - cidr_mapping, unset=unset) + cidr_mapping, unset=unset, unset_egress=unset_egress) def _add_or_remove_policy_rule_set_rule(self, context, policy_rule, policy_rule_set_sg_mappings, cidr_mapping, unset=False, + unset_egress=False, classifier=None): in_out = [gconst.GP_DIRECTION_IN, gconst.GP_DIRECTION_OUT] prov_cons = [policy_rule_set_sg_mappings['provided_sg_id'], @@ -1723,15 +1729,17 @@ class ResourceMappingDriver(api.PolicyDriver): cidr, unset=unset) if classifier['direction'] in [gconst.GP_DIRECTION_BI, in_out[pos - 1]]: + # TODO(ivar): IPv6 support self._sg_egress_rule(context, sg, protocol, port_range, - '0.0.0.0/0', unset=unset) + '0.0.0.0/0', unset=unset_egress) def _apply_policy_rule_set_rules(self, context, policy_rule_set, policy_rules): if policy_rule_set['parent_id']: parent = context._plugin.get_policy_rule_set( context._plugin_context, policy_rule_set['parent_id']) - policy_rules = policy_rules & set(parent['policy_rules']) + policy_rules = [x for x in policy_rules + if x['if'] in set(parent['policy_rules'])] # Don't add rules unallowed by the parent self._manage_policy_rule_set_rules( context, policy_rule_set, policy_rules) @@ -1739,7 +1747,8 @@ class ResourceMappingDriver(api.PolicyDriver): def _remove_policy_rule_set_rules(self, context, policy_rule_set, policy_rules): self._manage_policy_rule_set_rules( - context, policy_rule_set, policy_rules, unset=True) + context, policy_rule_set, policy_rules, unset=True, + unset_egress=True) def _recompute_policy_rule_sets(self, context, children): # Rules in child but not in parent shall be removed @@ -1752,9 +1761,13 @@ class ResourceMappingDriver(api.PolicyDriver): parent = context._plugin.get_policy_rule_set( context._plugin_context, child['parent_id']) parent_rules = set(parent['policy_rules']) - self._remove_policy_rule_set_rules( - context, child, child_rules - parent_rules) + delta_rules = context._plugin.get_policy_rules( + context._plugin_context, + filters={'id': child_rules - parent_rules}) + self._remove_policy_rule_set_rules(context, child, delta_rules) # Old parent may have filtered some rules, need to add them again + child_rules = context._plugin.get_policy_rules( + context._plugin_context, filters={'id': child_rules}) self._apply_policy_rule_set_rules(context, child, child_rules) def _get_default_security_group(self, plugin_context, ptg_id, @@ -1808,12 +1821,26 @@ class ResourceMappingDriver(api.PolicyDriver): context._plugin_context, x)['cidr'] for x in ptg['subnets']]) return cidrs - def _get_ptg_cidrs_mapping(self, context, policy_rule_set): + def _get_ep_cidrs(self, context, eps): + cidrs = [] + eps = context._plugin.get_external_policies( + context._plugin_context, filters={'id': eps}) + for ep in eps: + cidrs.extend(self._get_processed_ep_cidr_list(context, ep)) + return cidrs + + def _get_cidrs_mapping(self, context, policy_rule_set): + providing_eps = policy_rule_set['providing_external_policies'] + consuming_eps = policy_rule_set['consuming_external_policies'] + providing_ptgs = policy_rule_set['providing_policy_target_groups'] + consuming_ptgs = policy_rule_set['consuming_policy_target_groups'] return { 'providing_cidrs': self._get_ptg_cidrs( - context, policy_rule_set['providing_policy_target_groups']), + context, providing_ptgs) + self._get_ep_cidrs(context, + providing_eps), 'consuming_cidrs': self._get_ptg_cidrs( - context, policy_rule_set['consuming_policy_target_groups'])} + context, consuming_ptgs) + self._get_ep_cidrs(context, + consuming_eps)} def _set_ptg_servicechain_instance_mapping(self, session, provider_ptg_id, consumer_ptg_id, @@ -1937,7 +1964,10 @@ class ResourceMappingDriver(api.PolicyDriver): routes = [] for es in es_list: routes += es['external_routes'] - self._update_router(context._plugin_context, + # NOTE(ivar): the context needs to be elevated because the external + # gateway port is created by Neutron without any tenant_id! Which makes + # it visible only from an admin context. + self._update_router(context._plugin_context.elevated(), context.current['routers'][0], {'routes': [x for x in routes if x['nexthop']]}) diff --git a/gbp/neutron/services/grouppolicy/plugin.py b/gbp/neutron/services/grouppolicy/plugin.py index 69ac22285..b0836e773 100644 --- a/gbp/neutron/services/grouppolicy/plugin.py +++ b/gbp/neutron/services/grouppolicy/plugin.py @@ -91,6 +91,8 @@ class GroupPolicyPlugin(group_policy_mapping_db.GroupPolicyMappingDbPlugin): return self._plurals def _validate_shared_create(self, context, obj, identity): + # Need admin context to check sharing constraints + context = context.elevated() if not obj.get('shared'): return links = self.usage_graph.get(identity, {}) @@ -110,6 +112,8 @@ class GroupPolicyPlugin(group_policy_mapping_db.GroupPolicyMappingDbPlugin): ref_type=ref_type, ref_id=linked['id']) def _validate_shared_update(self, context, original, updated, identity): + # Need admin context to check sharing constraints + context = context.elevated() if updated.get('shared'): # Even though the shared attribute may not be changed, the objects # it is referring to might. For this reson we run the reference diff --git a/gbp/neutron/tests/unit/common.py b/gbp/neutron/tests/unit/common.py new file mode 100644 index 000000000..4f3bb2b5e --- /dev/null +++ b/gbp/neutron/tests/unit/common.py @@ -0,0 +1,302 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from neutron.openstack.common import uuidutils + +_uuid = uuidutils.generate_uuid + + +def gbp_attributes(func): + def inner(**kwargs): + attrs = func() + attrs.update(kwargs) + return attrs + return inner + + +@gbp_attributes +def get_create_policy_target_default_attrs(): + return {'name': '', 'description': '', 'policy_target_group_id': None} + + +@gbp_attributes +def get_create_policy_target_attrs(): + return {'name': 'ep1', 'policy_target_group_id': _uuid(), + 'tenant_id': _uuid(), 'description': 'test policy_target'} + + +@gbp_attributes +def get_update_policy_target_attrs(): + return {'name': 'new_name'} + + +@gbp_attributes +def get_create_policy_target_group_default_attrs(): + return {'name': '', 'description': '', 'l2_policy_id': None, + 'provided_policy_rule_sets': {}, + 'consumed_policy_rule_sets': {}, + 'network_service_policy_id': None, 'shared': False} + + +@gbp_attributes +def get_create_policy_target_group_attrs(): + return {'name': 'ptg1', 'tenant_id': _uuid(), + 'description': 'test policy_target group', + 'l2_policy_id': _uuid(), + 'provided_policy_rule_sets': {_uuid(): None}, + 'consumed_policy_rule_sets': {_uuid(): None}, + 'network_service_policy_id': _uuid(), + 'shared': False} + + +@gbp_attributes +def get_update_policy_target_group_attrs(): + return {'name': 'new_name'} + + +@gbp_attributes +def get_create_l2_policy_default_attrs(): + return {'name': '', 'description': '', 'shared': False} + + +@gbp_attributes +def get_create_l2_policy_attrs(): + return {'name': 'l2p1', 'tenant_id': _uuid(), + 'description': 'test L2 policy', 'l3_policy_id': _uuid(), + 'shared': False} + + +@gbp_attributes +def get_update_l2_policy_attrs(): + return {'name': 'new_name'} + + +@gbp_attributes +def get_create_l3_policy_default_attrs(): + return {'name': '', 'description': '', 'ip_version': 4, + 'ip_pool': '10.0.0.0/8', 'subnet_prefix_length': 24, + 'external_segments': {}, 'shared': False} + + +@gbp_attributes +def get_create_l3_policy_attrs(): + return {'name': 'l3p1', 'tenant_id': _uuid(), + 'description': 'test L3 policy', 'ip_version': 6, + 'ip_pool': 'fd01:2345:6789::/48', + 'external_segments': {_uuid(): ['192.168.0.3']}, + 'subnet_prefix_length': 64, 'shared': False} + + +@gbp_attributes +def get_update_l3_policy_attrs(): + return {'name': 'new_name'} + + +@gbp_attributes +def get_create_policy_action_default_attrs(): + return {'name': '', + 'description': '', + 'action_type': 'allow', + 'action_value': None, + 'shared': False} + + +@gbp_attributes +def get_create_policy_action_attrs(): + return {'name': 'pa1', + 'tenant_id': _uuid(), + 'description': 'test policy action', + 'action_type': 'redirect', + 'action_value': _uuid(), + 'shared': False} + + +@gbp_attributes +def get_update_policy_action_attrs(): + return {'name': 'new_name'} + + +@gbp_attributes +def get_create_policy_classifier_default_attrs(): + return {'name': '', + 'description': '', + 'protocol': None, + 'port_range': None, + 'direction': None, + 'shared': False} + + +@gbp_attributes +def get_create_policy_classifier_attrs(): + return {'name': 'pc1', + 'description': 'test policy classifier', + 'tenant_id': _uuid(), + 'protocol': 'tcp', + 'port_range': '100:200', + 'direction': 'in', + 'shared': False} + + +@gbp_attributes +def get_update_policy_classifier_attrs(): + return {'name': 'new_name'} + + +@gbp_attributes +def get_create_policy_rule_default_attrs(): + return {'name': '', + 'description': '', + 'enabled': True, + 'policy_actions': [], + 'shared': False} + + +@gbp_attributes +def get_create_policy_rule_attrs(): + return {'name': 'pr1', + 'description': 'test policy rule', + 'tenant_id': _uuid(), + 'enabled': True, + 'policy_classifier_id': _uuid(), + 'policy_actions': [_uuid()], + 'shared': False} + + +@gbp_attributes +def get_update_policy_rule_attrs(): + return {'name': 'new_name'} + + +@gbp_attributes +def get_create_policy_rule_set_default_attrs(): + return {'name': '', + 'description': '', + 'child_policy_rule_sets': [], + 'policy_rules': [], + 'shared': False} + + +@gbp_attributes +def get_create_policy_rule_set_attrs(): + return {'name': 'policy_rule_set1', + 'description': 'test policy_rule_set', + 'tenant_id': _uuid(), + 'child_policy_rule_sets': [_uuid()], + 'policy_rules': [_uuid()], + 'shared': False} + + +@gbp_attributes +def get_update_policy_rule_set_attrs(): + return {'name': 'new_name'} + + +@gbp_attributes +def get_create_network_service_policy_default_attrs(): + return {'name': '', 'description': '', + 'network_service_params': [], 'shared': False} + + +@gbp_attributes +def get_create_network_service_policy_attrs(): + return {'name': 'nsp1', 'tenant_id': _uuid(), + 'shared': False, + 'description': 'test Net Svc Policy', + 'network_service_params': [{'type': 'ip_single', 'name': 'vip', + 'value': 'self_subnet'}]} + + +@gbp_attributes +def get_update_network_service_policy_attrs(): + return {'name': 'new_name'} + + +@gbp_attributes +def get_create_external_policy_default_attrs(): + return {'name': '', 'description': '', + 'external_segments': [], + 'provided_policy_rule_sets': {}, + 'consumed_policy_rule_sets': {}, + 'shared': False} + + +@gbp_attributes +def get_create_external_policy_attrs(): + return {'name': 'ep1', 'tenant_id': _uuid(), + 'description': 'test ep', + 'external_segments': [_uuid()], + 'provided_policy_rule_sets': {_uuid(): None}, + 'consumed_policy_rule_sets': {_uuid(): None}, + 'shared': False} + + +@gbp_attributes +def get_update_external_policy_attrs(): + return {'name': 'new_name'} + + +@gbp_attributes +def get_create_external_segment_default_attrs(): + return {'name': '', 'description': '', + 'external_routes': [], + 'ip_version': 4, + 'cidr': '172.16.0.0/12', + 'port_address_translation': False, + 'shared': False} + + +@gbp_attributes +def get_create_external_segment_attrs(): + return {'name': 'es1', 'tenant_id': _uuid(), + 'description': 'test ep', + 'external_routes': [{'destination': '0.0.0.0/0', + 'nexthop': '192.168.0.1'}], + 'cidr': '192.168.0.0/24', + 'ip_version': 4, 'port_address_translation': True, + 'shared': False} + + +@gbp_attributes +def get_update_external_segment_attrs(): + return {'name': 'new_name'} + + +@gbp_attributes +def get_create_nat_pool_default_attrs(): + return {'name': '', 'description': '', + 'external_segment_id': None, 'ip_version': 4, + 'ip_pool': '172.16.0.0/16', + 'shared': False} + + +@gbp_attributes +def get_create_nat_pool_attrs(): + return {'name': 'es1', 'tenant_id': _uuid(), + 'description': 'test ep', + 'ip_version': 4, + 'ip_pool': '172.16.0.0/16', + 'external_segment_id': _uuid(), + 'shared': False} + + +@gbp_attributes +def get_update_nat_pool_attrs(): + return {'name': 'new_name'} + + +def get_resource_plural(resource): + if resource.endswith('y'): + resource_plural = resource.replace('y', 'ies') + else: + resource_plural = resource + 's' + + return resource_plural \ No newline at end of file diff --git a/gbp/neutron/tests/unit/db/grouppolicy/test_group_policy_db.py b/gbp/neutron/tests/unit/db/grouppolicy/test_group_policy_db.py index ad6869cb4..1904588a9 100644 --- a/gbp/neutron/tests/unit/db/grouppolicy/test_group_policy_db.py +++ b/gbp/neutron/tests/unit/db/grouppolicy/test_group_policy_db.py @@ -22,10 +22,12 @@ from neutron.openstack.common import uuidutils from neutron.plugins.common import constants from neutron.tests.unit import test_db_plugin from neutron.tests.unit import test_extensions +from oslo.config import cfg from gbp.neutron.db.grouppolicy import group_policy_db as gpdb import gbp.neutron.extensions from gbp.neutron.extensions import group_policy as gpolicy +from gbp.neutron.tests.unit import common as cm JSON_FORMAT = 'json' @@ -40,18 +42,41 @@ class GroupPolicyDBTestBase(object): fmt = JSON_FORMAT - def _get_resource_plural(self, resource): - if resource.endswith('y'): - resource_plural = resource.replace('y', 'ies') - else: - resource_plural = resource + 's' + def __getattr__(self, item): + # Verify is an update of a proper GBP object + def _is_gbp_resource(plural): + return plural in gpolicy.RESOURCE_ATTRIBUTE_MAP + # Update Method + if item.startswith('update_'): + resource = item[len('update_'):] + plural = cm.get_resource_plural(resource) + if _is_gbp_resource(plural): + def update_wrapper(id, **kwargs): + return self._update_gbp_resource(id, resource, **kwargs) + return update_wrapper + # Show Method + if item.startswith('show_'): + resource = item[len('show_'):] + plural = cm.get_resource_plural(resource) + if _is_gbp_resource(plural): + def show_wrapper(id): + return self._show_gbp_resource(id, plural) + return show_wrapper + # Create Method + if item.startswith('create_'): + resource = item[len('create_'):] + plural = cm.get_resource_plural(resource) + if _is_gbp_resource(plural): + def create_wrapper(**kwargs): + return self._create_gbp_resource(resource, **kwargs) + return create_wrapper - return resource_plural + raise AttributeError def _test_list_resources(self, resource, items, neutron_context=None, query_params=None): - resource_plural = self._get_resource_plural(resource) + resource_plural = cm.get_resource_plural(resource) res = self._list(resource_plural, neutron_context=neutron_context, @@ -60,382 +85,54 @@ class GroupPolicyDBTestBase(object): self.assertEqual(sorted([i['id'] for i in res[resource_plural]]), sorted([i[resource]['id'] for i in items])) - def _get_test_policy_target_attrs( - self, name='pt1', description='test pt', policy_target_group_id=None): - attrs = {'name': name, 'description': description, - 'policy_target_group_id': policy_target_group_id, - 'tenant_id': self._tenant_id} - - return attrs - - def _get_test_policy_target_group_attrs(self, name='ptg1', - description='test ptg', - l2_policy_id=None, - provided_policy_rule_sets=None, - consumed_policy_rule_sets=None): - pprs_ids = cprs_ids = [] - if provided_policy_rule_sets: - pprs_ids = [pprs_id for pprs_id in provided_policy_rule_sets] - if consumed_policy_rule_sets: - cprs_ids = [cc_id for cc_id in consumed_policy_rule_sets] - attrs = {'name': name, 'description': description, - 'tenant_id': self._tenant_id, 'l2_policy_id': l2_policy_id, - 'provided_policy_rule_sets': pprs_ids, - 'consumed_policy_rule_sets': cprs_ids} - - return attrs - - def _get_test_l2_policy_attrs(self, name='l2p1', - description='test l2_policy', - l3_policy_id=None): - attrs = {'name': name, 'description': description, - 'tenant_id': self._tenant_id, 'l3_policy_id': l3_policy_id} - - return attrs - - def _get_test_l3_policy_attrs(self, name='l3p1', - description='test l3_policy', - ip_version=4, ip_pool='10.0.0.0/8', - subnet_prefix_length=24, - external_segments=None): - external_segments = external_segments or {} - attrs = {'name': name, 'description': description, - 'tenant_id': self._tenant_id, 'ip_version': ip_version, - 'ip_pool': ip_pool, - 'subnet_prefix_length': subnet_prefix_length, - 'external_segments': external_segments} - - return attrs - - def _get_test_network_service_policy_attrs( - self, name='nsp1', description='test network_service_policy', - network_service_policy_id=None, network_service_params=None): - if not network_service_params: - network_service_params = [] - attrs = {'name': name, 'description': description, - 'tenant_id': self._tenant_id, - 'network_service_params': network_service_params} - - return attrs - - def _get_test_policy_classifier_attrs(self, name='pc1', - description='test pc', - protocol=None, port_range=None, - direction=None): - attrs = {'name': name, 'description': description, - 'protocol': protocol, 'port_range': port_range, - 'direction': direction, 'tenant_id': self._tenant_id} - - return attrs - - def _get_test_policy_action_attrs(self, name='pa1', - description='test pa', - action_type='allow', - action_value=None): - attrs = {'name': name, 'description': description, - 'action_type': action_type, 'action_value': action_value, - 'tenant_id': self._tenant_id} - - return attrs - - def _get_test_policy_rule_attrs(self, policy_classifier_id, name='pr1', - description='test pr', policy_actions=None, - enabled=True): - if not policy_actions: - policy_actions = [] - attrs = {'name': name, 'description': description, - 'tenant_id': self._tenant_id, - 'policy_classifier_id': policy_classifier_id, - 'policy_actions': policy_actions, 'enabled': enabled} - - return attrs - - def _get_test_prs_attrs(self, name='policy_rule_set1', - description='test policy_rule_set', - child_policy_rule_sets=None, - policy_rules=None): - if not child_policy_rule_sets: - child_policy_rule_sets = [] - if not policy_rules: - policy_rules = [] - attrs = {'name': name, 'description': description, - 'tenant_id': self._tenant_id, - 'child_policy_rule_sets': child_policy_rule_sets, - 'policy_rules': policy_rules} - - return attrs - - def _get_test_ep_attrs(self, name='ep_1', description='test ep', - external_segments=None, - provided_policy_rule_sets=None, - consumed_policy_rule_sets=None): - pprs_ids = cprs_ids = es_ids = [] - if provided_policy_rule_sets: - pprs_ids = [pprs_id for pprs_id in provided_policy_rule_sets] - if consumed_policy_rule_sets: - cprs_ids = [cc_id for cc_id in consumed_policy_rule_sets] - if external_segments: - es_ids = [es_id for es_id in external_segments] - attrs = {'name': name, 'description': description, - 'tenant_id': self._tenant_id, - 'external_segments': es_ids, - 'provided_policy_rule_sets': pprs_ids, - 'consumed_policy_rule_sets': cprs_ids} - return attrs - - def _get_test_es_attrs(self, name='es_1', description='test es', - ip_version=4, cidr='172.0.0.0/8', - external_routes=None, - port_address_translation=False): - ear = external_routes or [] - attrs = {'name': name, 'description': description, - 'ip_version': ip_version, - 'tenant_id': self._tenant_id, 'cidr': cidr, - 'external_routes': ear, - 'port_address_translation': port_address_translation} - return attrs - - def _get_test_np_attrs(self, name='es_1', description='test es', - ip_version=4, ip_pool='10.160.0.0/16', - external_segment_id=None): - attrs = {'name': name, 'description': description, - 'ip_version': ip_version, - 'tenant_id': self._tenant_id, 'ip_pool': ip_pool, - 'external_segment_id': external_segment_id} - return attrs - - def create_policy_target(self, policy_target_group_id=None, - expected_res_status=None, **kwargs): - defaults = {'name': 'pt1', 'description': 'test pt'} + def _create_gbp_resource(self, type, expected_res_status=None, + is_admin_context=False, **kwargs): + plural = cm.get_resource_plural(type) + defaults = getattr(cm, + 'get_create_%s_default_attrs' % type)() defaults.update(kwargs) - data = {'policy_target': - {'policy_target_group_id': policy_target_group_id, - 'tenant_id': self._tenant_id}} - data['policy_target'].update(defaults) + data = {type: {'tenant_id': self._tenant_id}} + data[type].update(defaults) - pt_req = self.new_create_request('policy_targets', data, self.fmt) - pt_res = pt_req.get_response(self.ext_api) - - if expected_res_status: - self.assertEqual(pt_res.status_int, expected_res_status) - elif pt_res.status_int >= webob.exc.HTTPClientError.code: - raise webob.exc.HTTPClientError(code=pt_res.status_int) - - pt = self.deserialize(self.fmt, pt_res) - - return pt - - def create_policy_target_group(self, l2_policy_id=None, - expected_res_status=None, **kwargs): - defaults = {'name': 'ptg1', 'description': 'test ptg', - 'provided_policy_rule_sets': {}, - 'consumed_policy_rule_sets': {}} - defaults.update(kwargs) - - data = {'policy_target_group': {'tenant_id': self._tenant_id, - 'l2_policy_id': l2_policy_id}} - data['policy_target_group'].update(defaults) - - ptg_req = self.new_create_request( - 'policy_target_groups', data, self.fmt) - ptg_res = ptg_req.get_response(self.ext_api) - - if expected_res_status: - self.assertEqual(ptg_res.status_int, expected_res_status) - elif ptg_res.status_int >= webob.exc.HTTPClientError.code: - raise webob.exc.HTTPClientError(code=ptg_res.status_int) - - ptg = self.deserialize(self.fmt, ptg_res) - - return ptg - - def create_l2_policy(self, l3_policy_id=None, expected_res_status=None, - **kwargs): - defaults = {'name': 'l2p1', 'description': 'test l2_policy'} - defaults.update(kwargs) - - data = {'l2_policy': {'l3_policy_id': l3_policy_id, - 'tenant_id': self._tenant_id}} - data['l2_policy'].update(defaults) - - l2p_req = self.new_create_request('l2_policies', data, self.fmt) - l2p_res = l2p_req.get_response(self.ext_api) - - if expected_res_status: - self.assertEqual(l2p_res.status_int, expected_res_status) - elif l2p_res.status_int >= webob.exc.HTTPClientError.code: - raise webob.exc.HTTPClientError(code=l2p_res.status_int) - - l2p = self.deserialize(self.fmt, l2p_res) - - return l2p - - def create_l3_policy(self, expected_res_status=None, **kwargs): - defaults = {'name': 'l3p1', 'description': 'test l3_policy', - 'ip_version': 4, 'ip_pool': '10.0.0.0/8', - 'subnet_prefix_length': 24, 'external_segments': {}} - defaults.update(kwargs) - - data = {'l3_policy': {'tenant_id': self._tenant_id}} - data['l3_policy'].update(defaults) - - l3p_req = self.new_create_request('l3_policies', data, self.fmt) - l3p_res = l3p_req.get_response(self.ext_api) - - if expected_res_status: - self.assertEqual(l3p_res.status_int, expected_res_status) - elif l3p_res.status_int >= webob.exc.HTTPClientError.code: - raise webob.exc.HTTPClientError(code=l3p_res.status_int) - - l3p = self.deserialize(self.fmt, l3p_res) - - return l3p - - def create_network_service_policy( - self, expected_res_status=None, **kwargs): - defaults = {'name': 'nsp1', - 'description': 'test network_service_policy', - 'network_service_params': []} - defaults.update(kwargs) - - data = {'network_service_policy': {'tenant_id': self._tenant_id}} - data['network_service_policy'].update(defaults) - - nsp_req = self.new_create_request('network_service_policies', - data, self.fmt) - nsp_res = nsp_req.get_response(self.ext_api) - - if expected_res_status: - self.assertEqual(expected_res_status, nsp_res.status_int) - elif nsp_res.status_int >= webob.exc.HTTPClientError.code: - raise webob.exc.HTTPClientError(code=nsp_res.status_int) - - nsp = self.deserialize(self.fmt, nsp_res) - - return nsp - - def create_policy_classifier(self, expected_res_status=None, **kwargs): - defaults = {'name': 'pc1', 'description': 'test pc', 'protocol': None, - 'port_range': None, 'direction': None} - defaults.update(kwargs) - kwargs = defaults - - data = {'policy_classifier': {'tenant_id': self._tenant_id}} - data['policy_classifier'].update(kwargs) - - pc_req = self.new_create_request('policy_classifiers', data, self.fmt) - pc_res = pc_req.get_response(self.ext_api) - - if expected_res_status: - self.assertEqual(pc_res.status_int, expected_res_status) - elif pc_res.status_int >= webob.exc.HTTPClientError.code: - raise webob.exc.HTTPClientError(code=pc_res.status_int) - - pc = self.deserialize(self.fmt, pc_res) - - return pc - - def create_policy_action(self, expected_res_status=None, **kwargs): - defaults = {'name': 'pa1', 'description': 'test pa', - 'action_type': 'allow', 'action_value': None} - defaults.update(kwargs) - kwargs = defaults - - data = {'policy_action': {'tenant_id': self._tenant_id}} - data['policy_action'].update(kwargs) - - pa_req = self.new_create_request('policy_actions', data, self.fmt) - pa_res = pa_req.get_response(self.ext_api) - - if expected_res_status: - self.assertEqual(pa_res.status_int, expected_res_status) - elif pa_res.status_int >= webob.exc.HTTPClientError.code: - raise webob.exc.HTTPClientError(code=pa_res.status_int) - - pa = self.deserialize(self.fmt, pa_res) - - return pa - - def create_policy_rule(self, policy_classifier_id, - expected_res_status=None, **kwargs): - defaults = {'name': 'pr1', 'description': 'test pr', - 'policy_classifier_id': policy_classifier_id, - 'policy_actions': None, 'enabled': True} - defaults.update(kwargs) - kwargs = defaults - - data = {'policy_rule': {'tenant_id': self._tenant_id}} - data['policy_rule'].update(kwargs) - - pr_req = self.new_create_request('policy_rules', data, self.fmt) - pr_res = pr_req.get_response(self.ext_api) - - if expected_res_status: - self.assertEqual(pr_res.status_int, expected_res_status) - elif pr_res.status_int >= webob.exc.HTTPClientError.code: - raise webob.exc.HTTPClientError(code=pr_res.status_int) - - pr = self.deserialize(self.fmt, pr_res) - - return pr - - def create_policy_rule_set(self, expected_res_status=None, **kwargs): - defaults = {'name': 'policy_rule_set1', - 'description': 'test policy_rule_set', - 'child_policy_rule_sets': [], 'policy_rules': []} - defaults.update(kwargs) - kwargs = defaults - - data = {'policy_rule_set': {'tenant_id': self._tenant_id}} - data['policy_rule_set'].update(kwargs) - - prs_req = self.new_create_request('policy_rule_sets', data, self.fmt) - prs_res = prs_req.get_response(self.ext_api) - - if expected_res_status: - self.assertEqual(prs_res.status_int, expected_res_status) - elif prs_res.status_int >= webob.exc.HTTPClientError.code: - raise webob.exc.HTTPClientError(code=prs_res.status_int) - - prs = self.deserialize(self.fmt, prs_res) - - return prs - - def _create_gbp_resource(self, type, expected_res_status, body): - plural = self._get_resource_plural(type) - data = {type: body} req = self.new_create_request(plural, data, self.fmt) + req.environ['neutron.context'] = context.Context( + '', kwargs.get('tenant_id', self._tenant_id) if not + is_admin_context else self._tenant_id, is_admin_context) res = req.get_response(self.ext_api) if expected_res_status: self.assertEqual(res.status_int, expected_res_status) elif res.status_int >= webob.exc.HTTPClientError.code: raise webob.exc.HTTPClientError(code=res.status_int) - prs = self.deserialize(self.fmt, res) - return prs - def create_external_policy(self, expected_res_status=None, **kwargs): - defaults = {'name': 'ptg1', 'description': 'test ptg', - 'provided_policy_rule_sets': {}, - 'consumed_policy_rule_sets': {}, - 'tenant_id': self._tenant_id, - 'external_segments': []} - defaults.update(kwargs) - return self._create_gbp_resource( - 'external_policy', expected_res_status, defaults) + return self.deserialize(self.fmt, res) - def create_external_segment(self, expected_res_status=None, **kwargs): - body = self._get_test_es_attrs() - body.update(kwargs) - return self._create_gbp_resource( - 'external_segment', expected_res_status, body) + def _update_gbp_resource( + self, id, type, expected_res_status=None, is_admin_context=False, + **kwargs): + plural = cm.get_resource_plural(type) + data = {type: kwargs} + tenant_id = kwargs.pop('tenant_id', self._tenant_id) + # Create PT with bound port + req = self.new_update_request(plural, data, id, self.fmt) + req.environ['neutron.context'] = context.Context( + '', tenant_id if not is_admin_context else self._tenant_id, + is_admin_context) + res = req.get_response(self.ext_api) - def create_nat_pool(self, expected_res_status=None, **kwargs): - body = self._get_test_np_attrs() - body.update(kwargs) - return self._create_gbp_resource( - 'nat_pool', expected_res_status, body) + if expected_res_status: + self.assertEqual(res.status_int, expected_res_status) + elif res.status_int >= webob.exc.HTTPClientError.code: + raise webob.exc.HTTPClientError(code=res.status_int) + return self.deserialize(self.fmt, res) + + def _show_gbp_resource(self, id, plural, is_admin_context=False, + tenant_id=None): + req = self.new_show_request(plural, id, fmt=self.fmt) + req.environ['neutron.context'] = context.Context( + '', tenant_id or self._tenant_id, is_admin_context) + return self.deserialize(self.fmt, req.get_response(self.ext_api)) class GroupPolicyDBTestPlugin(gpdb.GroupPolicyDbPlugin): @@ -467,12 +164,13 @@ class GroupPolicyDbTestCase(GroupPolicyDBTestBase, if not ext_mgr: ext_mgr = extensions.PluginAwareExtensionManager.get_instance() self.ext_api = test_extensions.setup_extensions_middleware(ext_mgr) + cfg.CONF.set_override('policy_file', 'test-policy.json') class TestGroupResources(GroupPolicyDbTestCase): def _test_show_resource(self, resource, resource_id, attrs): - resource_plural = self._get_resource_plural(resource) + resource_plural = cm.get_resource_plural(resource) req = self.new_show_request(resource_plural, resource_id, fmt=self.fmt) res = self.deserialize(self.fmt, @@ -483,7 +181,7 @@ class TestGroupResources(GroupPolicyDbTestCase): def test_create_and_show_policy_target(self): ptg_id = self.create_policy_target_group()['policy_target_group']['id'] - attrs = self._get_test_policy_target_attrs( + attrs = cm.get_create_policy_target_default_attrs( policy_target_group_id=ptg_id) pt = self.create_policy_target(policy_target_group_id=ptg_id) @@ -511,8 +209,8 @@ class TestGroupResources(GroupPolicyDbTestCase): def test_update_policy_target(self): name = 'new_policy_target' description = 'new desc' - attrs = self._get_test_policy_target_attrs(name=name, - description=description) + attrs = cm.get_create_policy_target_default_attrs(name=name, + description=description) pt = self.create_policy_target() @@ -552,8 +250,8 @@ class TestGroupResources(GroupPolicyDbTestCase): self.create_policy_rule_set()['policy_rule_set']['id']) consumed_prs_id = ( self.create_policy_rule_set()['policy_rule_set']['id']) - attrs = self._get_test_policy_target_group_attrs( - name, l2_policy_id=l2p_id, + attrs = cm.get_create_policy_target_group_default_attrs( + name=name, l2_policy_id=l2p_id, provided_policy_rule_sets=[provided_prs_id], consumed_policy_rule_sets=[consumed_prs_id]) @@ -581,7 +279,7 @@ class TestGroupResources(GroupPolicyDbTestCase): description = 'new desc' l3p_id = self.create_l3_policy()['l3_policy']['id'] l2p_id = self.create_l2_policy(l3_policy_id=l3p_id)['l2_policy']['id'] - attrs = self._get_test_policy_target_group_attrs( + attrs = cm.get_create_policy_target_group_default_attrs( name=name, description=description, l2_policy_id=l2p_id) ct1_id = self.create_policy_rule_set( name='policy_rule_set1')['policy_rule_set']['id'] @@ -625,7 +323,7 @@ class TestGroupResources(GroupPolicyDbTestCase): def test_create_and_show_l2_policy(self): l3p_id = self.create_l3_policy()['l3_policy']['id'] - attrs = self._get_test_l2_policy_attrs(l3_policy_id=l3p_id) + attrs = cm.get_create_l2_policy_default_attrs(l3_policy_id=l3p_id) l2p = self.create_l2_policy(l3_policy_id=l3p_id) for k, v in attrs.iteritems(): @@ -644,7 +342,7 @@ class TestGroupResources(GroupPolicyDbTestCase): name = "new_l2_policy" description = 'new desc' l3p_id = self.create_l3_policy()['l3_policy']['id'] - attrs = self._get_test_l2_policy_attrs(name=name, + attrs = cm.get_create_l2_policy_default_attrs(name=name, description=description, l3_policy_id=l3p_id) @@ -674,8 +372,8 @@ class TestGroupResources(GroupPolicyDbTestCase): def test_create_and_show_l3_policy(self): es = self.create_external_segment()['external_segment'] - es_dict = {es['id']: ['172.0.0.2', '172.0.0.3']} - attrs = self._get_test_l3_policy_attrs( + es_dict = {es['id']: ['172.16.0.2', '172.16.0.3']} + attrs = cm.get_create_l3_policy_default_attrs( external_segments=es_dict) l3p = self.create_l3_policy(external_segments=es_dict) @@ -713,8 +411,8 @@ class TestGroupResources(GroupPolicyDbTestCase): description = 'new desc' prefix_length = 26 es = self.create_external_segment()['external_segment'] - es_dict = {es['id']: ['172.0.0.2', '172.0.0.3']} - attrs = self._get_test_l3_policy_attrs( + es_dict = {es['id']: ['172.16.0.2', '172.16.0.3']} + attrs = cm.get_create_l3_policy_default_attrs( name=name, description=description, subnet_prefix_length=prefix_length, external_segments=es_dict) @@ -766,7 +464,7 @@ class TestGroupResources(GroupPolicyDbTestCase): def test_create_and_show_network_service_policy(self): params = [{'type': 'ip_single', 'name': 'vip', 'value': 'self_subnet'}] - attrs = self._get_test_network_service_policy_attrs( + attrs = cm.get_create_network_service_policy_default_attrs( network_service_params=params) nsp = self.create_network_service_policy(network_service_params=params) @@ -788,7 +486,7 @@ class TestGroupResources(GroupPolicyDbTestCase): def test_update_network_service_policy(self): name = "new_network_service_policy" description = 'new desc' - attrs = self._get_test_network_service_policy_attrs( + attrs = cm.get_create_network_service_policy_default_attrs( name=name, description=description) nsp = self.create_network_service_policy() @@ -819,7 +517,7 @@ class TestGroupResources(GroupPolicyDbTestCase): def test_create_and_show_policy_classifier(self): name = "pc1" - attrs = self._get_test_policy_classifier_attrs(name=name) + attrs = cm.get_create_policy_classifier_default_attrs(name=name) pc = self.create_policy_classifier(name=name) @@ -851,7 +549,7 @@ class TestGroupResources(GroupPolicyDbTestCase): protocol = 'tcp' port_range = '100:200' direction = 'in' - attrs = self._get_test_policy_classifier_attrs( + attrs = cm.get_create_policy_classifier_default_attrs( name=name, description=description, protocol=protocol, port_range=port_range, direction=direction) @@ -884,7 +582,7 @@ class TestGroupResources(GroupPolicyDbTestCase): def test_create_and_show_policy_action(self): name = "pa1" - attrs = self._get_test_policy_action_attrs(name=name) + attrs = cm.get_create_policy_action_default_attrs(name=name) pa = self.create_policy_action(name=name) @@ -914,7 +612,7 @@ class TestGroupResources(GroupPolicyDbTestCase): name = "new_policy_action" description = 'new desc' action_value = _uuid() - attrs = self._get_test_policy_action_attrs( + attrs = cm.get_create_policy_action_default_attrs( name=name, description=description, action_value=action_value) pa = self.create_policy_action() @@ -947,7 +645,7 @@ class TestGroupResources(GroupPolicyDbTestCase): name = "pr1" pc = self.create_policy_classifier() pc_id = pc['policy_classifier']['id'] - attrs = self._get_test_policy_rule_attrs( + attrs = cm.get_create_policy_rule_default_attrs( name=name, policy_classifier_id=pc_id) pr = self.create_policy_rule( @@ -988,7 +686,7 @@ class TestGroupResources(GroupPolicyDbTestCase): pc_id = pc['policy_classifier']['id'] pa = self.create_policy_action() pa_id = pa['policy_action']['id'] - attrs = self._get_test_policy_rule_attrs( + attrs = cm.get_create_policy_rule_default_attrs( name=name, description=description, policy_classifier_id=pc_id, policy_actions=[pa_id], enabled=enabled) @@ -1022,7 +720,7 @@ class TestGroupResources(GroupPolicyDbTestCase): def test_create_and_show_policy_rule_set(self): name = "policy_rule_set1" - attrs = self._get_test_prs_attrs(name=name) + attrs = cm.get_create_policy_rule_set_default_attrs(name=name) prs = self.create_policy_rule_set(name=name) @@ -1053,7 +751,7 @@ class TestGroupResources(GroupPolicyDbTestCase): child_policy_rule_sets = sorted( [self.create_policy_rule_set()['policy_rule_set']['id'], self.create_policy_rule_set()['policy_rule_set']['id']]) - attrs = self._get_test_prs_attrs( + attrs = cm.get_create_policy_rule_set_default_attrs( policy_rules=policy_rules, child_policy_rule_sets=child_policy_rule_sets) prs = self.create_policy_rule_set( @@ -1112,7 +810,7 @@ class TestGroupResources(GroupPolicyDbTestCase): self.create_policy_rule_set()['policy_rule_set']['id']] policy_rules = [self.create_policy_rule( policy_classifier_id=pc_id)['policy_rule']['id']] - attrs = self._get_test_prs_attrs( + attrs = cm.get_create_policy_rule_set_default_attrs( name=name, description=description, policy_rules=policy_rules, child_policy_rule_sets=child_policy_rule_sets) data = {'policy_rule_set': @@ -1168,8 +866,8 @@ class TestGroupResources(GroupPolicyDbTestCase): self.assertEqual(res.status_int, webob.exc.HTTPBadRequest.code) def _test_create_and_show(self, type, attrs, expected=None): - plural = self._get_resource_plural(type) - res = self._create_gbp_resource(type, None, attrs) + plural = cm.get_resource_plural(type) + res = self._create_gbp_resource(type, None, False, **attrs) expected = expected or attrs for k, v in expected.iteritems(): self.assertEqual(v, res[type][k]) @@ -1186,7 +884,7 @@ class TestGroupResources(GroupPolicyDbTestCase): attrs = {'external_segments': [es['id']], 'provided_policy_rule_sets': {prs['id']: None}, 'consumed_policy_rule_sets': {prs['id']: None}} - body = self._get_test_ep_attrs() + body = cm.get_create_external_policy_default_attrs() body.update(attrs) expected = copy.deepcopy(body) expected['provided_policy_rule_sets'] = [prs['id']] @@ -1195,13 +893,15 @@ class TestGroupResources(GroupPolicyDbTestCase): expected=expected) def test_create_and_show_es(self): - route = {'destination': '0.0.0.0/0', 'nexthop': '172.0.0.1'} - attrs = self._get_test_es_attrs(external_routes=[route]) + route = {'destination': '0.0.0.0/0', 'nexthop': '172.16.0.1'} + attrs = cm.get_create_external_segment_default_attrs( + external_routes=[route]) self._test_create_and_show('external_segment', attrs) def test_create_and_show_np(self): es = self.create_external_segment()['external_segment'] - attrs = self._get_test_np_attrs(external_segment_id=es['id']) + attrs = cm.get_create_nat_pool_default_attrs( + external_segment_id=es['id']) self._test_create_and_show('nat_pool', attrs) def test_list_ep(self): @@ -1227,33 +927,31 @@ class TestGroupResources(GroupPolicyDbTestCase): description = 'new desc' es = self.create_external_segment()['external_segment'] prs = self.create_policy_rule_set()['policy_rule_set'] - attrs = self._get_test_ep_attrs( + cm.get_create_external_policy_default_attrs( name=name, description=description, external_segments=[es['id']], provided_policy_rule_sets={prs['id']: None}, consumed_policy_rule_sets={prs['id']: None}) ep = self.create_external_policy()['external_policy'] data = {'external_policy': { - 'name': name, 'description': description, - 'external_segments': [es['id']], - 'provided_policy_rule_sets': {prs['id']: None}, - 'consumed_policy_rule_sets': {prs['id']: None}}} + 'name': name, 'description': description}} req = self.new_update_request('external_policies', data, ep['id']) res = self.deserialize(self.fmt, req.get_response(self.ext_api)) res = res['external_policy'] - for k, v in attrs.iteritems(): + for k, v in data['external_policy'].iteritems(): self.assertEqual(v, res[k]) - self._test_show_resource('external_policy', ep['id'], attrs) + self._test_show_resource('external_policy', ep['id'], + data['external_policy']) def test_update_external_segment(self): name = 'new_es' description = 'new desc' - route = {'destination': '0.0.0.0/0', 'nexthop': '172.0.0.1'} - attrs = self._get_test_es_attrs(name=name, description=description, - external_routes=[route]) + route = {'destination': '0.0.0.0/0', 'nexthop': '172.16.0.1'} + attrs = cm.get_create_external_segment_default_attrs( + name=name, description=description, external_routes=[route]) es = self.create_external_segment()['external_segment'] data = {'external_segment': { 'name': name, 'description': description, @@ -1273,8 +971,8 @@ class TestGroupResources(GroupPolicyDbTestCase): description = 'new desc' es = self.create_external_segment()['external_segment'] - attrs = self._get_test_np_attrs(name=name, description=description, - external_segment_id=es['id']) + attrs = cm.get_create_nat_pool_default_attrs( + name=name, description=description, external_segment_id=es['id']) np = self.create_nat_pool()['nat_pool'] data = {'nat_pool': { 'name': name, 'description': description, diff --git a/gbp/neutron/tests/unit/db/grouppolicy/test_group_policy_mapping_db.py b/gbp/neutron/tests/unit/db/grouppolicy/test_group_policy_mapping_db.py index 06721ab33..b97362fb3 100644 --- a/gbp/neutron/tests/unit/db/grouppolicy/test_group_policy_mapping_db.py +++ b/gbp/neutron/tests/unit/db/grouppolicy/test_group_policy_mapping_db.py @@ -50,49 +50,6 @@ class GroupPolicyMappingDbTestCase(tgpdb.GroupPolicyDbTestCase, service_plugins=service_plugins ) - def _get_test_policy_target_attrs(self, name='pt1', - description='test pt', - policy_target_group_id=None, - port_id=None): - attrs = (super(GroupPolicyMappingDbTestCase, self). - _get_test_policy_target_attrs(name, description, - policy_target_group_id)) - attrs.update({'port_id': port_id}) - return attrs - - def _get_test_policy_target_group_attrs(self, name='ptg1', - description='test ptg', - l2_policy_id=None, - provided_policy_rule_sets=None, - consumed_policy_rule_sets=None, - subnets=None): - attrs = (super(GroupPolicyMappingDbTestCase, self). - _get_test_policy_target_group_attrs( - name, description, l2_policy_id, - provided_policy_rule_sets, consumed_policy_rule_sets)) - attrs.update({'subnets': subnets or []}) - return attrs - - def _get_test_l2_policy_attrs(self, name='l2p1', - description='test l2_policy', - l3_policy_id=None, network_id=None): - attrs = (super(GroupPolicyMappingDbTestCase, self). - _get_test_l2_policy_attrs(name, description, l3_policy_id)) - attrs.update({'network_id': network_id}) - return attrs - - def _get_test_l3_policy_attrs(self, name='l3p1', - description='test l3_policy', - ip_version=4, ip_pool='10.0.0.0/8', - subnet_prefix_length=24, routers=None, - external_segments=None): - attrs = (super(GroupPolicyMappingDbTestCase, self). - _get_test_l3_policy_attrs(name, description, ip_version, - ip_pool, subnet_prefix_length, - external_segments)) - attrs.update({'routers': routers or []}) - return attrs - class TestMappedGroupResources(GroupPolicyMappingDbTestCase, tgpdb.TestGroupResources): diff --git a/gbp/neutron/tests/unit/services/grouppolicy/test_apic_mapping.py b/gbp/neutron/tests/unit/services/grouppolicy/test_apic_mapping.py index d679e77af..cf55c10fc 100644 --- a/gbp/neutron/tests/unit/services/grouppolicy/test_apic_mapping.py +++ b/gbp/neutron/tests/unit/services/grouppolicy/test_apic_mapping.py @@ -129,7 +129,8 @@ class TestPolicyTarget(ApicMappingTestCase): subnet = self._get_object('subnets', ptg['subnets'][0], self.api) with self.port(subnet=subnet) as port: self._bind_port_to_host(port['port']['id'], 'h1') - self.create_policy_target(ptg['id'], port_id=port['port']['id']) + self.create_policy_target(policy_target_group_id=ptg['id'], + port_id=port['port']['id']) mgr = self.driver.apic_manager self.assertEqual(mgr.ensure_path_created_for_port.call_count, 1) @@ -152,7 +153,7 @@ class TestPolicyTarget(ApicMappingTestCase): with self.port(subnet=subnet) as port: self._bind_port_to_host(port['port']['id'], 'h1') pt = self.create_policy_target( - ptg['id'], port_id=port['port']['id']) + policy_target_group_id=ptg['id'], port_id=port['port']['id']) self.new_delete_request( 'policy_targets', pt['policy_target']['id'], self.fmt).get_response(self.ext_api) @@ -165,7 +166,8 @@ class TestPolicyTarget(ApicMappingTestCase): with self.port(subnet=subnet) as port: # Create EP with bound port port = self._bind_port_to_host(port['port']['id'], 'h1') - self.create_policy_target(ptg['id'], port_id=port['port']['id']) + self.create_policy_target(policy_target_group_id=ptg['id'], + port_id=port['port']['id']) # Change port binding and notify driver port_up = self._bind_port_to_host(port['port']['id'], 'h2') @@ -469,9 +471,8 @@ class TestL3Policy(ApicMappingTestCase): res['NeutronError']['type']) # Verify existing L3P updated to use used ES fails sneaky_l3p = self.create_l3_policy()['l3_policy'] - res = self._update_gbp_resource_full_response( - sneaky_l3p['id'], 'l3_policy', 'l3_policies', - expected_res_status=400, + res = self.update_l3_policy( + sneaky_l3p['id'], expected_res_status=400, external_segments={es['id']: ['192.168.0.3']}) self.assertEqual('OnlyOneL3PolicyIsAllowedPerExternalSegment', res['NeutronError']['type']) @@ -495,9 +496,8 @@ class TestL3Policy(ApicMappingTestCase): sneaky_l3p = self.create_l3_policy( external_segments={es['id']: ['192.168.0.2']}, expected_res_status=201)['l3_policy'] - res = self._update_gbp_resource_full_response( - sneaky_l3p['id'], 'l3_policy', 'l3_policies', - expected_res_status=400, + res = self.update_l3_policy( + sneaky_l3p['id'], expected_res_status=400, external_segments={es['id']: ['192.168.0.2', '192.168.0.3']}) self.assertEqual('OnlyOneAddressIsAllowedPerExternalSegment', res['NeutronError']['type']) @@ -571,9 +571,9 @@ class TestL3Policy(ApicMappingTestCase): expected_res_status=201, tenant_id=es['tenant_id'] if not shared_es else 'another_tenant', shared=shared_l3p)['l3_policy'] - l3p = self._update_gbp_resource( - l3p['id'], 'l3_policy', 'l3_policies', expected_res_status=200, - external_segments={es['id']: ['192.168.0.3']}) + l3p = self.update_l3_policy( + l3p['id'], tenant_id=l3p['tenant_id'], expected_res_status=200, + external_segments={es['id']: ['192.168.0.3']})['l3_policy'] mgr = self.driver.apic_manager owner = self.common_tenant if shared_es else es['tenant_id'] @@ -693,9 +693,9 @@ class TestL3Policy(ApicMappingTestCase): mgr.ensure_logical_node_profile_created.reset_mock() mgr.ensure_static_route_created.reset_mock() - l3p = self._update_gbp_resource( - l3p['id'], 'l3_policy', 'l3_policies', expected_res_status=200, - external_segments={es2['id']: ['192.168.1.3']}) + l3p = self.update_l3_policy( + l3p['id'], tenant_id=l3p['tenant_id'], expected_res_status=200, + external_segments={es2['id']: ['192.168.1.3']})['l3_policy'] mgr.delete_external_routed_network.assert_called_once_with( es1['id'], owner=owner) @@ -710,13 +710,13 @@ class TestL3Policy(ApicMappingTestCase): self.assertFalse(mgr.ensure_static_route_created.called) mgr.delete_external_routed_network.reset_mock() - self._update_gbp_resource( - l3p['id'], 'l3_policy', 'l3_policies', expected_res_status=200, + self.update_l3_policy( + l3p['id'], expected_res_status=200, tenant_id=l3p['tenant_id'], external_segments={es1['id']: ['192.168.0.3'], es2['id']: ['192.168.1.3']}) - self._update_gbp_resource( - l3p['id'], 'l3_policy', 'l3_policies', expected_res_status=200, - external_segments={}) + self.update_l3_policy( + l3p['id'], tenant_id=l3p['tenant_id'], + expected_res_status=200, external_segments={}) expected_delete_calls = [ mock.call(es1['id'], owner=owner), mock.call(es2['id'], owner=owner)] @@ -766,17 +766,17 @@ class TestL3Policy(ApicMappingTestCase): expected_res_status=201)['l3_policy'] self.assertEqual(['192.168.0.2'], l3p['external_segments'][es1['id']]) - l3p = self._update_gbp_resource(l3p['id'], 'l3_policy', 'l3_policies', - expected_res_status=200, - external_segments={es1['id']: [], - es2['id']: []}) + l3p = self.update_l3_policy( + l3p['id'], expected_res_status=200, + external_segments={es1['id']: [], es2['id']: []})['l3_policy'] self.assertEqual(['192.168.0.2'], l3p['external_segments'][es1['id']]) self.assertEqual(['192.168.1.2'], l3p['external_segments'][es2['id']]) # Address IP changed - l3p = self._update_gbp_resource( - l3p['id'], 'l3_policy', 'l3_policies', expected_res_status=200, - external_segments={es1['id']: ['192.168.0.3'], es2['id']: []}) + l3p = self.update_l3_policy( + l3p['id'], expected_res_status=200, + external_segments={es1['id']: ['192.168.0.3'], + es2['id']: []})['l3_policy'] self.assertEqual(['192.168.0.3'], l3p['external_segments'][es1['id']]) self.assertEqual(['192.168.1.2'], l3p['external_segments'][es2['id']]) @@ -927,7 +927,8 @@ class TestPolicyRuleSet(ApicMappingTestCase): rules = [] for classifier in cls: rules.append(self.create_policy_rule( - classifier['id'], policy_actions=[a1['id']], + policy_classifier_id=classifier['id'], + policy_actions=[a1['id']], shared=shared)['policy_rule']) return rules @@ -955,7 +956,8 @@ class TestPolicyRule(ApicMappingTestCase): cls = self.create_policy_classifier(direction='in', protocol='udp', port_range=80)['policy_classifier'] - self.create_policy_rule(cls['id'], expected_res_status=400, + self.create_policy_rule(policy_classifier_id=cls['id'], + expected_res_status=400, policy_actions=actions) def _test_policy_rule_deleted_on_apic(self, shared=False): @@ -983,7 +985,7 @@ class TestPolicyRule(ApicMappingTestCase): action = self.create_policy_action( action_type='allow', shared=shared)['policy_action'] return self.create_policy_rule( - cls['id'], policy_actions=[action['id']], + policy_classifier_id=cls['id'], policy_actions=[action['id']], shared=shared)['policy_rule'] @@ -1002,9 +1004,8 @@ class TestExternalSegment(ApicMappingTestCase): es = self.create_external_segment( name='supported', expected_res_status=201, port_address_translation=False)['external_segment'] - res = self._update_gbp_resource_full_response( - es['id'], 'external_segment', 'external_segments', - expected_res_status=400, port_address_translation=True) + res = self.update_external_segment( + es['id'], expected_res_status=400, port_address_translation=True) self.assertEqual('PATNotSupportedByApicDriver', res['NeutronError']['type']) @@ -1029,9 +1030,8 @@ class TestExternalSegment(ApicMappingTestCase): 'nexthop': None}], expected_res_status=201)['external_segment'] - self._update_gbp_resource(es['id'], 'external_segment', - 'external_segments', expected_res_status=200, - external_routes=[]) + self.update_external_segment(es['id'], expected_res_status=200, + external_routes=[]) mgr = self.driver.apic_manager self.assertFalse(mgr.ensure_static_route_deleted.called) @@ -1061,11 +1061,10 @@ class TestExternalSegment(ApicMappingTestCase): owner = es['tenant_id'] if not shared_es else self.common_tenant mgr.ensure_external_epg_created.reset_mock() # Remove route completely - self._update_gbp_resource(es['id'], 'external_segment', - 'external_segments', expected_res_status=200, - external_routes=[ - {'destination': '0.0.0.0/0', - 'nexthop': '192.168.0.254'}]) + self.update_external_segment(es['id'], expected_res_status=200, + external_routes=[ + {'destination': '0.0.0.0/0', + 'nexthop': '192.168.0.254'}]) mgr = self.driver.apic_manager mgr.ensure_static_route_deleted.assert_called_with( es['id'], mocked.APIC_EXT_SWITCH, '128.0.0.0/16', @@ -1087,11 +1086,10 @@ class TestExternalSegment(ApicMappingTestCase): mgr.ensure_static_route_deleted.reset_mock() mgr.ensure_external_epg_routes_deleted.reset_mock() - self._update_gbp_resource(es['id'], 'external_segment', - 'external_segments', expected_res_status=200, - external_routes=[ - {'destination': '0.0.0.0/0', - 'nexthop': None}]) + self.update_external_segment(es['id'], expected_res_status=200, + external_routes=[ + {'destination': '0.0.0.0/0', + 'nexthop': None}]) mgr.ensure_next_hop_deleted.assert_called_with( es['id'], mocked.APIC_EXT_SWITCH, '0.0.0.0/0', '192.168.0.254', owner=owner, transaction=mock.ANY) @@ -1138,11 +1136,10 @@ class TestExternalSegment(ApicMappingTestCase): mgr = self.driver.apic_manager mgr.ensure_external_epg_created.reset_mock() owner = es['tenant_id'] if not shared_es else self.common_tenant - self._update_gbp_resource(es['id'], 'external_segment', - 'external_segments', expected_res_status=200, - external_routes=[ - {'destination': '128.0.0.0/16', - 'nexthop': '192.168.0.254'}]) + self.update_external_segment(es['id'], expected_res_status=200, + external_routes=[ + {'destination': '128.0.0.0/16', + 'nexthop': '192.168.0.254'}]) mgr.ensure_static_route_created.assert_called_with( es['id'], mocked.APIC_EXT_SWITCH, '192.168.0.254', @@ -1164,13 +1161,12 @@ class TestExternalSegment(ApicMappingTestCase): mgr.ensure_external_epg_created.reset_mock() # Verify Route added with default gateway - self._update_gbp_resource(es['id'], 'external_segment', - 'external_segments', expected_res_status=200, - external_routes=[ - {'destination': '128.0.0.0/16', - 'nexthop': '192.168.0.254'}, - {'destination': '0.0.0.0/0', - 'nexthop': None}]) + self.update_external_segment(es['id'], expected_res_status=200, + external_routes=[ + {'destination': '128.0.0.0/16', + 'nexthop': '192.168.0.254'}, + {'destination': '0.0.0.0/0', + 'nexthop': None}]) mgr.ensure_static_route_created.assert_called_with( es['id'], mocked.APIC_EXT_SWITCH, '192.168.0.1', @@ -1278,10 +1274,9 @@ class TestExternalPolicy(ApicMappingTestCase): ep = self.create_external_policy( tenant_id=es_list[0]['tenant_id'] if not shared_es else 'another', shared=shared_ep, expected_res_status=201)['external_policy'] - ep = self._update_gbp_resource( - ep['id'], 'external_policy', 'external_policies', - expected_res_status=200, - external_segments=[x['id'] for x in es_list]) + ep = self.update_external_policy( + ep['id'], expected_res_status=200, tenant_id=ep['tenant_id'], + external_segments=[x['id'] for x in es_list])['external_policy'] mgr = self.driver.apic_manager owner = (es_list[0]['tenant_id'] if not shared_es else self.common_tenant) @@ -1293,9 +1288,9 @@ class TestExternalPolicy(ApicMappingTestCase): self._check_call_list(expected_create_calls, mgr.ensure_external_epg_created.call_args_list) - ep = self._update_gbp_resource( - ep['id'], 'external_policy', 'external_policies', - expected_res_status=200, external_segments=[]) + ep = self.update_external_policy( + ep['id'], expected_res_status=200, tenant_id=ep['tenant_id'], + external_segments=[])['external_policy'] mgr = self.driver.apic_manager expected_create_calls = [] for es in es_list: @@ -1316,10 +1311,6 @@ class TestExternalPolicy(ApicMappingTestCase): self._test_update_no_prs(shared_ep=False, shared_es=False) def _test_create_with_prs(self, shared_es, shared_ep, shared_prs): - prov = self._create_policy_rule_set_on_shared( - shared=shared_prs) - cons = self._create_policy_rule_set_on_shared( - shared=shared_prs) self._mock_external_dict([('supported', '192.168.0.2/24')]) es_list = [ self.create_external_segment( @@ -1329,6 +1320,14 @@ class TestExternalPolicy(ApicMappingTestCase): 'destination': '128.0.0.0/16', 'nexthop': '192.168.0.254'}])['external_segment'] for x in range(3)] + prov = self._create_policy_rule_set_on_shared( + shared=shared_prs, + tenant_id=es_list[0]['tenant_id'] if not ( + shared_es | shared_prs) else 'another') + cons = self._create_policy_rule_set_on_shared( + shared=shared_prs, + tenant_id=es_list[0]['tenant_id'] if not ( + shared_es | shared_prs) else 'another') ep = self.create_external_policy( provided_policy_rule_sets={prov['id']: ''}, consumed_policy_rule_sets={cons['id']: ''}, shared=shared_ep, @@ -1374,10 +1373,6 @@ class TestExternalPolicy(ApicMappingTestCase): shared_prs=True) def _test_update_add_prs(self, shared_es, shared_ep, shared_prs): - prov = self._create_policy_rule_set_on_shared( - shared=shared_prs) - cons = self._create_policy_rule_set_on_shared( - shared=shared_prs) self._mock_external_dict([('supported', '192.168.0.2/24')]) es_list = [ self.create_external_segment( @@ -1387,15 +1382,20 @@ class TestExternalPolicy(ApicMappingTestCase): 'destination': '128.0.0.0/16', 'nexthop': '192.168.0.254'}])['external_segment'] for x in range(3)] + prov = self._create_policy_rule_set_on_shared( + shared=shared_prs, tenant_id=es_list[0]['tenant_id'] if not ( + shared_es | shared_prs) else 'another') + cons = self._create_policy_rule_set_on_shared( + shared=shared_prs, tenant_id=es_list[0]['tenant_id'] if not ( + shared_es | shared_prs) else 'another') ep = self.create_external_policy( external_segments=[x['id'] for x in es_list], shared=shared_ep, tenant_id=es_list[0]['tenant_id'] if not shared_es else 'another', expected_res_status=201)['external_policy'] - ep = self._update_gbp_resource( - ep['id'], 'external_policy', 'external_policies', - expected_res_status=200, + ep = self.update_external_policy( + ep['id'], expected_res_status=200, tenant_id=ep['tenant_id'], provided_policy_rule_sets={prov['id']: ''}, - consumed_policy_rule_sets={cons['id']: ''}) + consumed_policy_rule_sets={cons['id']: ''})['external_policy'] mgr = self.driver.apic_manager owner = (es_list[0]['tenant_id'] if not shared_es else self.common_tenant) @@ -1410,10 +1410,10 @@ class TestExternalPolicy(ApicMappingTestCase): self._check_call_list(expected_calls, mgr.set_contract_for_external_epg.call_args_list) - ep = self._update_gbp_resource( - ep['id'], 'external_policy', 'external_policies', - expected_res_status=200, provided_policy_rule_sets={}, - consumed_policy_rule_sets={}) + ep = self.update_external_policy( + ep['id'], expected_res_status=200, provided_policy_rule_sets={}, + consumed_policy_rule_sets={}, + tenant_id=ep['tenant_id'])['external_policy'] expected_calls = [] for es in es_list: expected_calls.append( diff --git a/gbp/neutron/tests/unit/services/grouppolicy/test_extension_driver_api.py b/gbp/neutron/tests/unit/services/grouppolicy/test_extension_driver_api.py index 9f516c06a..38a41fdbc 100644 --- a/gbp/neutron/tests/unit/services/grouppolicy/test_extension_driver_api.py +++ b/gbp/neutron/tests/unit/services/grouppolicy/test_extension_driver_api.py @@ -18,6 +18,7 @@ from neutron.db import model_base from gbp.neutron.services.grouppolicy import config from gbp.neutron.services.grouppolicy import group_policy_driver_api as api +from gbp.neutron.tests.unit import common as cm from gbp.neutron.tests.unit.services.grouppolicy import extensions as test_ext from gbp.neutron.tests.unit.services.grouppolicy import test_grouppolicy_plugin @@ -385,7 +386,7 @@ class ExtensionDriverTestCase( def _test_attr(self, type): # Test create with default value. acronim = _acronim(type) - plural = self._get_resource_plural(type) + plural = cm.get_resource_plural(type) obj = getattr(self, 'create_%s' % type)() id = obj[type]['id'] val = obj[type][acronim + '_extension'] diff --git a/gbp/neutron/tests/unit/services/grouppolicy/test_grouppolicy_plugin.py b/gbp/neutron/tests/unit/services/grouppolicy/test_grouppolicy_plugin.py index 09d8c5fe7..0d267739d 100644 --- a/gbp/neutron/tests/unit/services/grouppolicy/test_grouppolicy_plugin.py +++ b/gbp/neutron/tests/unit/services/grouppolicy/test_grouppolicy_plugin.py @@ -14,7 +14,6 @@ import mock from neutron import context from oslo.config import cfg -import webob import gbp.neutron.tests.unit.db.grouppolicy.test_group_policy_db as tgpdb import gbp.neutron.tests.unit.db.grouppolicy.test_group_policy_mapping_db as \ @@ -73,7 +72,7 @@ class GroupPolicyPluginTestCase(tgpmdb.GroupPolicyMappingDbTestCase): def _create_ptg_on_shared(self, **kwargs): l2p = self._create_l2_policy_on_shared(shared=True) return self.create_policy_target_group(l2_policy_id=l2p['id'], - **kwargs) + **kwargs) def _create_rule_on_shared(self, **kwargs): pa = self.create_policy_action(action_type='allow', @@ -83,12 +82,13 @@ class GroupPolicyPluginTestCase(tgpmdb.GroupPolicyMappingDbTestCase): shared=True, **cl_attr)['policy_classifier'] return self.create_policy_rule( - pc['id'], policy_actions=[pa['id']], **kwargs)['policy_rule'] + policy_classifier_id=pc['id'], + policy_actions=[pa['id']], **kwargs)['policy_rule'] def _create_policy_rule_set_on_shared(self, **kwargs): pr = self._create_rule_on_shared(shared=True) return self.create_policy_rule_set(policy_rules=[pr['id']], - **kwargs)['policy_rule_set'] + **kwargs)['policy_rule_set'] def _create_external_policy_on_shared(self, **kwargs): es = self.create_external_segment(shared=True) @@ -102,25 +102,6 @@ class GroupPolicyPluginTestCase(tgpmdb.GroupPolicyMappingDbTestCase): external_segment_id=es['external_segment']['id'], **kwargs)['nat_pool'] - def _update_gbp_resource_full_response( - self, id, type, plural, expected_res_status=None, **kwargs): - data = {type: kwargs} - # Create PT with bound port - req = self.new_update_request(plural, data, id, self.fmt) - res = req.get_response(self.ext_api) - - if expected_res_status: - self.assertEqual(res.status_int, expected_res_status) - elif res.status_int >= webob.exc.HTTPClientError.code: - raise webob.exc.HTTPClientError(code=res.status_int) - return self.deserialize(self.fmt, res) - - def _update_gbp_resource(self, id, type, plural, expected_res_status=None, - **kwargs): - return self._update_gbp_resource_full_response( - id, type, plural, expected_res_status=expected_res_status, - **kwargs).get(type) - class TestL3Policy(GroupPolicyPluginTestCase): @@ -155,48 +136,43 @@ class TestL3Policy(GroupPolicyPluginTestCase): es = self.create_external_segment(cidr='172.0.0.0/8') es_dict = self._get_es_dict(es, ['172.0.0.2', '172.0.0.3']) res = self.create_l3_policy(external_segments=es_dict, - shared=True, expected_res_status=400) + shared=True, + expected_res_status=400) self.assertEqual('SharedResourceReferenceError', res['NeutronError']['type']) def test_shared_l3_policy_update(self): l3p = self.create_l3_policy()['l3_policy'] # Accept share if nothing referenced - self._update_gbp_resource(l3p['id'], 'l3_policy', 'l3_policies', - expected_res_status=200, shared=True) + self.update_l3_policy(l3p['id'], expected_res_status=200, shared=True) # Verify unshare when referenced by private L2P self.create_l2_policy(l3_policy_id=l3p['id']) - self._update_gbp_resource(l3p['id'], 'l3_policy', 'l3_policies', - expected_res_status=200, shared=False) + self.update_l3_policy(l3p['id'], expected_res_status=200, shared=False) es = self.create_external_segment(cidr='172.0.0.0/8') es_dict = self._get_es_dict(es, ['172.0.0.2', '172.0.0.3']) # Set ES - l3p = self._update_gbp_resource(l3p['id'], 'l3_policy', 'l3_policies', - expected_res_status=200, - external_segments=es_dict) + l3p = self.update_l3_policy(l3p['id'], expected_res_status=200, + external_segments=es_dict)['l3_policy'] self.assertEqual(es_dict, l3p['external_segments']) # Share ES - self._update_gbp_resource( - es['external_segment']['id'], 'external_segment', - 'external_segments', expected_res_status=200, shared=True) + self.update_external_segment( + es['external_segment']['id'], expected_res_status=200, shared=True) # Verify sharing/unsharing successful for shared in [True, False]: - self._update_gbp_resource(l3p['id'], 'l3_policy', 'l3_policies', - expected_res_status=200, shared=shared) + self.update_l3_policy(l3p['id'], + expected_res_status=200, shared=shared) # Remove ES - l3p = self._update_gbp_resource(l3p['id'], 'l3_policy', 'l3_policies', - expected_res_status=200, - external_segments={}) + l3p = self.update_l3_policy(l3p['id'], expected_res_status=200, + external_segments={})['l3_policy'] self.assertEqual({}, l3p['external_segments']) # Verify ES update with sharing successful - l3p = self._update_gbp_resource(l3p['id'], 'l3_policy', 'l3_policies', - expected_res_status=200, - external_segments=es_dict, - shared=True) + l3p = self.update_l3_policy( + l3p['id'], expected_res_status=200, external_segments=es_dict, + shared=True)['l3_policy'] # Verify ES correctly set self.assertEqual(es_dict, l3p['external_segments']) @@ -204,21 +180,19 @@ class TestL3Policy(GroupPolicyPluginTestCase): l3p = self.create_l3_policy(shared=True)['l3_policy'] self.create_l2_policy(l3_policy_id=l3p['id'], shared=True) # Unshare not possible when reference by shared resource - self._update_gbp_resource(l3p['id'], 'l3_policy', 'l3_policies', - expected_res_status=400, shared=False) + self.update_l3_policy(l3p['id'], expected_res_status=400, shared=False) l3p = self.create_l3_policy(shared=True)['l3_policy'] self.create_l2_policy(l3_policy_id=l3p['id'], shared=False, tenant_id='other') # Unshare not possible when referenced by other tenant's # private resource - self._update_gbp_resource(l3p['id'], 'l3_policy', 'l3_policies', - expected_res_status=400, shared=False) + self.update_l3_policy(l3p['id'], expected_res_status=400, shared=False) es = self.create_external_segment(cidr='172.0.0.0/8') es_dict = self._get_es_dict(es, ['172.0.0.2', '172.0.0.3']) - res = self._update_gbp_resource_full_response( - l3p['id'], 'l3_policy', 'l3_policies', expected_res_status=400, + res = self.update_l3_policy( + l3p['id'], expected_res_status=400, external_segments=es_dict, shared=True) self.assertEqual('SharedResourceReferenceError', res['NeutronError']['type']) @@ -255,26 +229,23 @@ class TestL3Policy(GroupPolicyPluginTestCase): # Overlapping pool l3p = self.create_l3_policy(ip_pool='172.1.1.0/20')['l3_policy'] attrs = {'external_segments': {es['id']: ['172.1.1.2']}} - res = self._update_gbp_resource_full_response( - l3p['id'], 'l3_policy', 'l3_policies', expected_res_status=400, - **attrs) + res = self.update_l3_policy( + l3p['id'], expected_res_status=400, **attrs) self.assertEqual('ExternalSegmentSubnetOverlapsWithL3PIpPool', res['NeutronError']['type']) # Overlapping route l3p = self.create_l3_policy(ip_pool='10.160.1.0/24')['l3_policy'] - res = self._update_gbp_resource_full_response( - l3p['id'], 'l3_policy', 'l3_policies', expected_res_status=400, - **attrs) + res = self.update_l3_policy( + l3p['id'], expected_res_status=400, **attrs) self.assertEqual('ExternalRouteOverlapsWithL3PIpPool', res['NeutronError']['type']) # Allocated address not in pool l3p = self.create_l3_policy(ip_pool='192.168.0.0/24')['l3_policy'] attrs = {'external_segments': {es['id']: ['172.1.2.2']}} - res = self._update_gbp_resource_full_response( - l3p['id'], 'l3_policy', 'l3_policies', expected_res_status=400, - **attrs) + res = self.update_l3_policy( + l3p['id'], expected_res_status=400, **attrs) self.assertEqual('InvalidL3PExternalIPAddress', res['NeutronError']['type']) @@ -292,19 +263,18 @@ class TestL2Policy(GroupPolicyPluginTestCase): def test_shared_l2_policy_update(self): l2p = self._create_l2_policy_on_shared() - self._update_gbp_resource(l2p['id'], 'l2_policy', 'l2_policies', - expected_res_status=200, shared=True) + self.update_l2_policy(l2p['id'], expected_res_status=200, shared=True) self.create_policy_target_group(l2_policy_id=l2p['id']) - self._update_gbp_resource(l2p['id'], 'l2_policy', 'l2_policies', - expected_res_status=200, shared=False) + self.update_l2_policy(l2p['id'], expected_res_status=200, shared=False) # Verify l2p can be moved across shared l3p - l2p = self._create_l2_policy_on_shared(shared=True) - l3p = self.create_l3_policy(shared=True)['l3_policy'] - self._update_gbp_resource(l2p['id'], 'l2_policy', 'l2_policies', - expected_res_status=200, - l3_policy_id=l3p['id']) + l2p = self._create_l2_policy_on_shared( + shared=True) + l3p = self.create_l3_policy( + shared=True)['l3_policy'] + self.update_l2_policy(l2p['id'], expected_res_status=200, + l3_policy_id=l3p['id']) def test_shared_l2_policy_create_negative(self): l3p = self.create_l3_policy()['l3_policy'] @@ -314,21 +284,18 @@ class TestL2Policy(GroupPolicyPluginTestCase): # Verify shared L2p can't be moved to a non shared L3p l2p = self._create_l2_policy_on_shared(shared=True) l3p = self.create_l3_policy()['l3_policy'] - self._update_gbp_resource(l2p['id'], 'l2_policy', 'l2_policies', - expected_res_status=400, - l3_policy_id=l3p['id']) + self.update_l2_policy(l2p['id'], expected_res_status=400, + l3_policy_id=l3p['id']) def test_shared_l2_policy_update_negative(self): l2p = self._create_l2_policy_on_shared(shared=True) self.create_policy_target_group(l2_policy_id=l2p['id'], shared=True) - self._update_gbp_resource(l2p['id'], 'l2_policy', 'l2_policies', - expected_res_status=400, shared=False) + self.update_l2_policy(l2p['id'], expected_res_status=400, shared=False) l2p = self._create_l2_policy_on_shared(shared=True) - self.create_policy_target_group(l2_policy_id=l2p['id'], shared=False, - tenant_id='other') - self._update_gbp_resource(l2p['id'], 'l2_policy', 'l2_policies', - expected_res_status=400, shared=False) + self.create_policy_target_group( + l2_policy_id=l2p['id'], shared=False, tenant_id='other') + self.update_l2_policy(l2p['id'], expected_res_status=400, shared=False) def test_l2p_create_among_tenants(self): # L2P on shared L3P: @@ -350,15 +317,13 @@ class TestPolicyRuleSet(GroupPolicyPluginTestCase): def test_shared_policy_rule_set_update(self): prs = self._create_policy_rule_set_on_shared() - self._update_gbp_resource(prs['id'], 'policy_rule_set', - 'policy_rule_sets', - expected_res_status=200, shared=True) + self.update_policy_rule_set(prs['id'], + expected_res_status=200, shared=True) self.create_policy_target_group( provided_policy_rule_sets={prs['id']: None}) - self._update_gbp_resource(prs['id'], 'policy_rule_set', - 'policy_rule_sets', - expected_res_status=200, shared=False) + self.update_policy_rule_set( + prs['id'], expected_res_status=200, shared=False) def test_shared_policy_rule_set_create_negative(self): # Verify shared policy_rule_set fails with non shared rules @@ -372,23 +337,19 @@ class TestPolicyRuleSet(GroupPolicyPluginTestCase): prs = self._create_policy_rule_set_on_shared(shared=True) self.create_policy_target_group( provided_policy_rule_sets={prs['id']: None}, shared=True) - self._update_gbp_resource(prs['id'], 'policy_rule_set', - 'policy_rule_sets', - expected_res_status=400, shared=False) + self.update_policy_rule_set( + prs['id'], expected_res_status=400, shared=False) prs = self._create_policy_rule_set_on_shared(shared=True) self.create_policy_target_group( provided_policy_rule_sets={prs['id']: None}, shared=False, tenant_id='other') - self._update_gbp_resource(prs['id'], 'policy_rule_set', - 'policy_rule_sets', - expected_res_status=400, shared=False) + self.update_policy_rule_set( + prs['id'], expected_res_status=400, shared=False) # Verify non shared rules can't be set on non shared prs nsr = self._create_rule_on_shared() - self._update_gbp_resource(prs['id'], 'policy_rule_set', - 'policy_rule_sets', - expected_res_status=400, - policy_rules=[nsr['id']]) + self.update_policy_rule_set(prs['id'], expected_res_status=400, + policy_rules=[nsr['id']]) def test_policy_rule_set_create_among_tenants(self): self._create_policy_rule_set_on_shared(tenant_id='other', @@ -409,12 +370,11 @@ class TestPolicyRule(GroupPolicyPluginTestCase): def test_shared_rule_update(self): pr = self._create_rule_on_shared() - self._update_gbp_resource(pr['id'], 'policy_rule', 'policy_rules', - expected_res_status=200, shared=True) + self.update_policy_rule(pr['id'], expected_res_status=200, shared=True) self.create_policy_rule_set(policy_rules=[pr['id']]) - self._update_gbp_resource(pr['id'], 'policy_rule', 'policy_rules', - expected_res_status=200, shared=False) + self.update_policy_rule( + pr['id'], expected_res_status=200, shared=False) def test_shared_rule_create_negative(self): # Verify shared rule fails with non shared classifier @@ -423,26 +383,29 @@ class TestPolicyRule(GroupPolicyPluginTestCase): pcns = self.create_policy_classifier( direction='in', **cl_attr)['policy_classifier'] pc = self.create_policy_classifier( - direction='in', shared=True, **cl_attr)['policy_classifier'] + direction='in', shared=True, + **cl_attr)['policy_classifier'] self.create_policy_rule( - pcns['id'], expected_res_status=400, shared=True) + policy_classifier_id=pcns['id'], expected_res_status=400, + shared=True) #Verify shared rule fails with non shared action self.create_policy_rule( - pc['id'], policy_actions=[pans['id']], + policy_classifier_id=pc['id'], policy_actions=[pans['id']], expected_res_status=400, shared=True) def test_shared_rule_update_negative(self): pr = self._create_rule_on_shared(shared=True) - self.create_policy_rule_set(policy_rules=[pr['id']], shared=True) - self._update_gbp_resource(pr['id'], 'policy_rule', 'policy_rules', - expected_res_status=400, shared=False) + self.create_policy_rule_set(policy_rules=[pr['id']], shared=True, + tenant_id='another') + self.update_policy_rule(pr['id'], + expected_res_status=400, shared=False) pr = self._create_rule_on_shared(shared=True) self.create_policy_rule_set(policy_rules=[pr['id']], shared=False, - tenant_id='other') - self._update_gbp_resource(pr['id'], 'policy_rule', 'policy_rules', - expected_res_status=400, shared=False) + tenant_id='other') + self.update_policy_rule(pr['id'], + expected_res_status=400, shared=False) def test_rule_create_among_tenants(self): self._create_rule_on_shared(tenant_id='other', @@ -454,34 +417,31 @@ class TestPolicyClassifier(GroupPolicyPluginTestCase): cl_attr = {'protocol': 'tcp', 'port_range': 80} pc = self.create_policy_classifier(**cl_attr)['policy_classifier'] pa = self.create_policy_action(action_type='allow')['policy_action'] - self._update_gbp_resource(pc['id'], 'policy_classifier', - 'policy_classifiers', - expected_res_status=200, shared=True) + self.update_policy_classifier( + pc['id'], expected_res_status=200, shared=True) self.create_policy_rule(policy_classifier_id=pc['id'], policy_actions=[pa['id']]) - self._update_gbp_resource(pc['id'], 'policy_classifier', - 'policy_classifiers', - expected_res_status=200, shared=False) + self.update_policy_classifier(pc['id'], + expected_res_status=200, shared=False) def test_shared_policy_classifier_update_negative(self): cl_attr = {'protocol': 'tcp', 'port_range': 80} pc = self.create_policy_classifier(shared=True, **cl_attr)['policy_classifier'] - pa = self.create_policy_action(action_type='allow', - shared=True)['policy_action'] - self.create_policy_rule(policy_classifier_id=pc['id'], - policy_actions=[pa['id']], shared=True) - self._update_gbp_resource(pc['id'], 'policy_classifier', - 'policy_classifiers', - expected_res_status=400, shared=False) + pa = self.create_policy_action( + action_type='allow', shared=True)['policy_action'] + self.create_policy_rule( + policy_classifier_id=pc['id'], policy_actions=[pa['id']], + shared=True) + self.update_policy_classifier(pc['id'], + expected_res_status=400, shared=False) self.create_policy_rule(policy_classifier_id=pc['id'], policy_actions=[pa['id']], shared=False, tenant_id='other') - self._update_gbp_resource(pc['id'], 'policy_classifier', - 'policy_classifiers', - expected_res_status=400, shared=False) + self.update_policy_classifier(pc['id'], + expected_res_status=400, shared=False) class TestPolicyTargetGroup(GroupPolicyPluginTestCase): @@ -495,10 +455,12 @@ class TestPolicyTargetGroup(GroupPolicyPluginTestCase): self.assertEqual(res.status_int, 400) def test_shared_ptg_create(self): - l2p = self._create_l2_policy_on_shared(shared=True) + l2p = self._create_l2_policy_on_shared( + shared=True) l2pns = self._create_l2_policy_on_shared() - prs = self._create_policy_rule_set_on_shared(shared=True) + prs = self._create_policy_rule_set_on_shared( + shared=True) ctns = self._create_policy_rule_set_on_shared() nsp = self.create_network_service_policy( @@ -542,14 +504,12 @@ class TestPolicyTargetGroup(GroupPolicyPluginTestCase): def test_shared_ptg_update(self): ptg = self._create_ptg_on_shared()['policy_target_group'] - self._update_gbp_resource( - ptg['id'], 'policy_target_group', 'policy_target_groups', - expected_res_status=200, shared=True) + self.update_policy_target_group( + ptg['id'], expected_res_status=200, shared=True) self.create_policy_target(policy_target_group_id=ptg['id']) - self._update_gbp_resource( - ptg['id'], 'policy_target_group', 'policy_target_groups', - expected_res_status=200, shared=False) + self.update_policy_target_group( + ptg['id'], expected_res_status=200, shared=False) def test_shared_ptg_create_negative(self): l2pns = self._create_l2_policy_on_shared() @@ -561,45 +521,46 @@ class TestPolicyTargetGroup(GroupPolicyPluginTestCase): # Verify shared PTG fails to provide/consume non shared # policy_rule_sets self._create_ptg_on_shared( - shared=True, provided_policy_rule_sets={ctns['id']: ''}, + shared=True, + provided_policy_rule_sets={ctns['id']: ''}, consumed_policy_rule_sets={ctns['id']: ''}, expected_res_status=400) def test_shared_ptg_update_negative(self): - ptg = self._create_ptg_on_shared(shared=True)['policy_target_group'] + ptg = self._create_ptg_on_shared( + shared=True)['policy_target_group'] self.create_policy_target(policy_target_group_id=ptg['id'], tenant_id='other') - self._update_gbp_resource( - ptg['id'], 'policy_target_group', 'policy_target_groups', - expected_res_status=400, shared=False) + self.update_policy_target_group( + ptg['id'], expected_res_status=400, shared=False) # Verify update to non shared L2p fails l2p = self.create_l2_policy()['l2_policy'] - self._update_gbp_resource( - ptg['id'], 'policy_target_group', 'policy_target_groups', - expected_res_status=400, l2_policy_id=l2p['id']) + self.update_policy_target_group( + ptg['id'], expected_res_status=400, + l2_policy_id=l2p['id']) # Verify update to non shared NSP fails nsp = self.create_network_service_policy()['network_service_policy'] - self._update_gbp_resource( - ptg['id'], 'policy_target_group', 'policy_target_groups', - expected_res_status=400, network_service_policy_id=nsp['id']) + self.update_policy_target_group( + ptg['id'], expected_res_status=400, + network_service_policy_id=nsp['id']) # Verify update to non shared provided PRS fails pts = self._create_policy_rule_set_on_shared() - self._update_gbp_resource( - ptg['id'], 'policy_target_group', 'policy_target_groups', - expected_res_status=400, + self.update_policy_target_group( + ptg['id'], expected_res_status=400, provided_policy_rule_sets={pts['id']: ''}) # Verify update to non shared consumed PRS fails - self._update_gbp_resource( - ptg['id'], 'policy_target_group', 'policy_target_groups', - expected_res_status=400, + self.update_policy_target_group( + ptg['id'], expected_res_status=400, consumed_policy_rule_sets={pts['id']: ''}) def test_complex_ptg_create_among_tenant(self): - ctp = self._create_policy_rule_set_on_shared(shared=True) - ctc = self._create_policy_rule_set_on_shared(shared=True) + ctp = self._create_policy_rule_set_on_shared( + shared=True) + ctc = self._create_policy_rule_set_on_shared( + shared=True) nsp = self.create_network_service_policy( shared=True)['network_service_policy'] self._create_ptg_on_shared( @@ -625,9 +586,8 @@ class TestExternalSegment(GroupPolicyPluginTestCase): def test_shared_es_update(self): es = self.create_external_segment()['external_segment'] for shared in [True, False]: - self._update_gbp_resource( - es['id'], 'external_segment', - 'external_segments', expected_res_status=200, + self.update_external_segment( + es['id'], expected_res_status=200, shared=shared) def test_create_routes(self): @@ -653,9 +613,8 @@ class TestExternalSegment(GroupPolicyPluginTestCase): # Verify refused because overlapping with L3P attrs = {'external_routes': [{'destination': '192.168.2.0/0', 'nexthop': '172.1.1.1'}]} - res = self._update_gbp_resource_full_response( - es['id'], 'external_segment', 'external_segments', - expected_res_status=400, **attrs) + res = self.update_external_segment( + es['id'], expected_res_status=400, **attrs) self.assertEqual('ExternalRouteOverlapsWithL3PIpPool', res['NeutronError']['type']) @@ -702,12 +661,10 @@ class TestExternalPolicy(GroupPolicyPluginTestCase): def test_shared_ep_update(self): ep = self._create_external_policy_on_shared() - self._update_gbp_resource( - ep['id'], 'external_policy', 'external_policies', - expected_res_status=200, shared=True) - self._update_gbp_resource( - ep['id'], 'external_policy', 'external_policies', - expected_res_status=200, shared=False) + self.update_external_policy( + ep['id'], expected_res_status=200, shared=True) + self.update_external_policy( + ep['id'], expected_res_status=200, shared=False) def test_shared_ep_create_negative(self): es = self.create_external_segment()['external_segment'] @@ -721,7 +678,8 @@ class TestExternalPolicy(GroupPolicyPluginTestCase): # Verify shared EP fails to provide/consume non shared # policy_rule_sets res = self.create_external_policy( - shared=True, provided_policy_rule_sets={prs['id']: ''}, + shared=True, + provided_policy_rule_sets={prs['id']: ''}, consumed_policy_rule_sets={prs['id']: ''}, expected_res_status=400) self.assertEqual('SharedResourceReferenceError', @@ -731,20 +689,17 @@ class TestExternalPolicy(GroupPolicyPluginTestCase): ep = self._create_external_policy_on_shared(shared=True) # Verify update to non shared ES fails es = self.create_external_segment()['external_segment'] - self._update_gbp_resource( - ep['id'], 'external_policy', 'external_policies', - expected_res_status=400, external_segments=[es['id']]) + self.update_external_policy( + ep['id'], expected_res_status=400, external_segments=[es['id']]) # Verify update to non shared provided PRS fails prs = self._create_policy_rule_set_on_shared() - self._update_gbp_resource( - ep['id'], 'external_policy', 'external_policies', - expected_res_status=400, + self.update_external_policy( + ep['id'], expected_res_status=400, provided_policy_rule_sets={prs['id']: ''}) # Verify update to non shared consumed PRS fails - self._update_gbp_resource( - ep['id'], 'external_policy', 'external_policies', - expected_res_status=400, + self.update_external_policy( + ep['id'], expected_res_status=400, consumed_policy_rule_sets={prs['id']: ''}) @@ -758,14 +713,16 @@ class TestNatPool(GroupPolicyPluginTestCase): for shared in allowed: es = self.create_external_segment( shared=shared['es'])['external_segment'] - self.create_nat_pool(external_segment_id=es['id'], - shared=shared['np'], expected_res_status=201) + self.create_nat_pool( + external_segment_id=es['id'], shared=shared['np'], + expected_res_status=201) def test_nat_pool_shared_create_negative(self): es = self.create_external_segment( shared=False)['external_segment'] - res = self.create_nat_pool(external_segment_id=es['id'], - shared=True, expected_res_status=400) + res = self.create_nat_pool( + external_segment_id=es['id'], shared=True, + expected_res_status=400) self.assertEqual('SharedResourceReferenceError', res['NeutronError']['type']) @@ -774,20 +731,19 @@ class TestNatPool(GroupPolicyPluginTestCase): for shared in [False, True]: es = self.create_external_segment( shared=shared)['external_segment'] - self._update_gbp_resource( - np['id'], 'nat_pool', 'nat_pools', expected_res_status=200, + self.update_nat_pool( + np['id'], expected_res_status=200, external_segment_id=es['id']) np = self.create_nat_pool(shared=True)['nat_pool'] es = self.create_external_segment( shared=True)['external_segment'] # Verify shared NP on shared ES - self._update_gbp_resource( - np['id'], 'nat_pool', 'nat_pools', expected_res_status=200, + self.update_nat_pool( + np['id'], expected_res_status=200, external_segment_id=es['id']) # Verify unshare NP - self._update_gbp_resource( - np['id'], 'nat_pool', 'nat_pools', expected_res_status=200, - shared=False) + self.update_nat_pool( + np['id'], expected_res_status=200, shared=False) class TestGroupPolicyPluginGroupResources( diff --git a/gbp/neutron/tests/unit/services/grouppolicy/test_implicit_policy.py b/gbp/neutron/tests/unit/services/grouppolicy/test_implicit_policy.py index a49cc29ff..2025f5ab6 100644 --- a/gbp/neutron/tests/unit/services/grouppolicy/test_implicit_policy.py +++ b/gbp/neutron/tests/unit/services/grouppolicy/test_implicit_policy.py @@ -336,17 +336,15 @@ class TestImplicitExternalSegment(ImplicitPolicyTestCase): self.assertEqual(es['id'], ep['external_segments'][0]) # Verify update - ep = self._update_gbp_resource( - ep['id'], 'external_policy', 'external_policies', - expected_res_status=200, - external_segments=[ndes['id']]) + ep = self.update_external_policy( + ep['id'], expected_res_status=200, + external_segments=[ndes['id']])['external_policy'] self.assertEqual(ndes['id'], ep['external_segments'][0]) self.assertEqual(1, len(ep['external_segments'])) # Remove all the ESs and verify default is once again set - ep = self._update_gbp_resource( - ep['id'], 'external_policy', 'external_policies', - expected_res_status=200, - external_segments=[]) + ep = self.update_external_policy( + ep['id'], expected_res_status=200, + external_segments=[])['external_policy'] self.assertEqual(es['id'], ep['external_segments'][0]) self.assertEqual(1, len(ep['external_segments'])) @@ -361,17 +359,15 @@ class TestImplicitExternalSegment(ImplicitPolicyTestCase): self.assertEqual(es['id'], l3p['external_segments'].keys()[0]) # Verify update - l3p = self._update_gbp_resource( - l3p['id'], 'l3_policy', 'l3_policies', - expected_res_status=200, - external_segments={ndes['id']: []}) + l3p = self.update_l3_policy( + l3p['id'], expected_res_status=200, + external_segments={ndes['id']: []})['l3_policy'] self.assertEqual(ndes['id'], l3p['external_segments'].keys()[0]) self.assertEqual(1, len(l3p['external_segments'])) # Remove all the ESs and verify default is once again set - l3p = self._update_gbp_resource( - l3p['id'], 'l3_policy', 'l3_policies', - expected_res_status=200, - external_segments={}) + l3p = self.update_l3_policy( + l3p['id'], expected_res_status=200, + external_segments={})['l3_policy'] self.assertEqual(es['id'], l3p['external_segments'].keys()[0]) self.assertEqual(1, len(l3p['external_segments'])) diff --git a/gbp/neutron/tests/unit/services/grouppolicy/test_resource_mapping.py b/gbp/neutron/tests/unit/services/grouppolicy/test_resource_mapping.py index d68ec517b..2ff55dda1 100644 --- a/gbp/neutron/tests/unit/services/grouppolicy/test_resource_mapping.py +++ b/gbp/neutron/tests/unit/services/grouppolicy/test_resource_mapping.py @@ -24,14 +24,17 @@ from neutron.extensions import securitygroup as ext_sg from neutron import manager from neutron.notifiers import nova from neutron.openstack.common import uuidutils +from neutron.plugins.common import constants as pconst from neutron.tests.unit import test_extension_security_group from neutron.tests.unit import test_l3_plugin import webob.exc +from gbp.neutron.db.grouppolicy import group_policy_db as gpdb from gbp.neutron.db import servicechain_db from gbp.neutron.services.grouppolicy.common import constants as gconst from gbp.neutron.services.grouppolicy import config from gbp.neutron.services.grouppolicy.drivers import resource_mapping +from gbp.neutron.services.servicechain import config as sc_cfg from gbp.neutron.tests.unit.services.grouppolicy import test_grouppolicy_plugin SERVICECHAIN_NODES = 'servicechain/servicechain_nodes' @@ -57,7 +60,7 @@ class ResourceMappingTestCase( config.cfg.CONF.set_override('policy_drivers', ['implicit_policy', 'resource_mapping'], group='group_policy') - config.cfg.CONF.set_override('servicechain_drivers', + sc_cfg.cfg.CONF.set_override('servicechain_drivers', ['dummy'], group='servicechain') config.cfg.CONF.set_override('allow_overlapping_ips', True) @@ -65,11 +68,13 @@ class ResourceMappingTestCase( res = mock.patch('neutron.db.l3_db.L3_NAT_dbonly_mixin.' '_check_router_needs_rescheduling').start() res.return_value = None - self.__plugin = manager.NeutronManager.get_plugin() - self.__context = nctx.get_admin_context() + self._plugin = manager.NeutronManager.get_plugin() + self._context = nctx.get_admin_context() + plugins = manager.NeutronManager.get_service_plugins() + self._gbp_plugin = plugins.get(pconst.GROUP_POLICY) def get_plugin_context(self): - return self.__plugin, self.__context + return self._plugin, self._context def _create_network(self, fmt, name, admin_state_up, **kwargs): """Override the routine for allowing the router:external attribute.""" @@ -120,6 +125,149 @@ class ResourceMappingTestCase( return set(str(x) for x in result.iter_cidrs()) + def _get_cidrs_from_ptgs(self, ptgs): + subnet_ids = [] + for ptg in ptgs: + subnet_ids += self.show_policy_target_group( + ptg)['policy_target_group']['subnets'] + cidrs = set() + for sid in subnet_ids: + req = self.new_show_request('subnets', sid, fmt=self.fmt) + res = self.deserialize(self.fmt, req.get_response(self.api)) + cidrs.add(res['subnet']['cidr']) + return cidrs + + def _get_cidrs_from_ep(self, eps, l3ps): + es_ids = [] + for ep in eps: + es_ids += self.show_external_policy( + ep)['external_policy']['external_segments'] + cidrs = set() + for es_id in es_ids: + cidrs |= self._calculate_expected_external_cidrs( + self.show_external_segment(es_id)['external_segment'], l3ps) + return cidrs + + def _get_tenant_l3ps(self, ptg): + res = self._list('l3_policies', + query_params='tenant_id=' + ptg['tenant_id']) + return res['l3_policies'] + + def _generate_expected_sg_rules(self, prs): + """Returns a list of expected provider sg rules given a PTG.""" + # Get all the needed cidrs: + prs = self._gbp_plugin.get_policy_rule_set(self._context, prs) + + providing_ptg_cidrs = self._get_cidrs_from_ptgs( + prs['providing_policy_target_groups']) + if len(prs['providing_policy_target_groups']): + self.assertTrue(len(providing_ptg_cidrs)) + + consuming_ptg_cidrs = self._get_cidrs_from_ptgs( + prs['consuming_policy_target_groups']) + if len(prs['consuming_policy_target_groups']): + self.assertTrue(len(consuming_ptg_cidrs)) + + l3p_cidrs = self._get_tenant_l3ps(prs) + + providing_ep_cidrs = self._get_cidrs_from_ep( + prs['providing_external_policies'], l3p_cidrs) + if len(prs['providing_external_policies']): + self.assertTrue(len(providing_ep_cidrs)) + + consuming_ep_cidrs = self._get_cidrs_from_ep( + prs['consuming_external_policies'], l3p_cidrs) + if len(prs['consuming_external_policies']): + self.assertTrue(len(consuming_ep_cidrs)) + + consumers = consuming_ep_cidrs | consuming_ptg_cidrs + providers = providing_ptg_cidrs | providing_ep_cidrs + + mapping = self._get_prs_mapping(prs['id']) + provided_sg = mapping.provided_sg_id + consumed_sg = mapping.consumed_sg_id + # IN: from consumer to provider + # OUT: from provider to consumer + # Egress rules are always generic (to 0.0.0.0/0) + # Igress rules are filtered by subnet + # Only allow rules are verified + prules = [self.show_policy_rule(x)['policy_rule'] + for x in prs['policy_rules']] + if len(prs['policy_rules']): + self.assertTrue(len(prules)) + + expected_rules = [] + in_bi = [gconst.GP_DIRECTION_IN, gconst.GP_DIRECTION_BI] + out_bi = [gconst.GP_DIRECTION_OUT, gconst.GP_DIRECTION_BI] + for pr in prules: + if any(self.show_policy_action(x)['policy_action']['action_type'] + == 'allow' for x in pr['policy_actions']): + classifier = self.show_policy_classifier( + pr['policy_classifier_id'])['policy_classifier'] + protocol = classifier['protocol'] + if classifier['port_range']: + port_min, port_max = ( + gpdb.GroupPolicyDbPlugin._get_min_max_ports_from_range( + classifier['port_range'])) + else: + port_min, port_max = None, None + if classifier['direction'] in in_bi: + # If direction IN/BI, consumer cidrs go into provider SG + for cidr in consumers: + attrs = {'security_group_id': [provided_sg], + 'direction': ['ingress'], + 'protocol': [protocol], + 'port_range_min': [port_min], + 'port_range_max': [port_max], + 'remote_ip_prefix': [cidr]} + expected_rules.append(attrs) + # And consumer SG have egress allowed + # TODO(ivar): IPv6 support + attrs = {'security_group_id': [consumed_sg], + 'direction': ['egress'], + 'protocol': [protocol], + 'port_range_min': [port_min], + 'port_range_max': [port_max], + 'remote_ip_prefix': ['0.0.0.0/0']} + expected_rules.append(attrs) + if classifier['direction'] in out_bi: + # If direction OUT/BI, provider CIDRs go into consumer SG + for cidr in providers: + attrs = {'security_group_id': [consumed_sg], + 'direction': ['ingress'], + 'protocol': [protocol], + 'port_range_min': [port_min], + 'port_range_max': [port_max], + 'remote_ip_prefix': [cidr]} + expected_rules.append(attrs) + # And provider SG have egress allowed + attrs = {'security_group_id': [provided_sg], + 'direction': ['egress'], + 'protocol': [protocol], + 'port_range_min': [port_min], + 'port_range_max': [port_max], + 'remote_ip_prefix': ['0.0.0.0/0']} + expected_rules.append(attrs) + return expected_rules + + def _verify_prs_rules(self, prs): + # Refresh prs + expected = self._generate_expected_sg_rules(prs) + mapping = self._get_prs_mapping(prs) + existing = [ + x for x in self._get_sg_rule( + security_group_id=[mapping.provided_sg_id, + mapping.consumed_sg_id])] + for rule in expected: + # Verify the rule exists + r = self._get_sg_rule(**rule) + self.assertTrue(len(r) == 1, + "Rule not found, expected:\n%s" % rule) + existing.remove(r[0]) + self.assertTrue(len(existing) == 0, + "Some rules still exist:\n%s" % str(existing)) + return expected + class TestPolicyTarget(ResourceMappingTestCase): @@ -139,8 +287,9 @@ class TestPolicyTarget(ResourceMappingTestCase): l3p = self.create_l3_policy(shared=True, ip_pool='11.0.0.0/8') l2p = self.create_l2_policy(l3_policy_id=l3p['l3_policy']['id'], shared=True) - s_ptg = self.create_policy_target_group(name="s_ptg", shared=True, - l2_policy_id=l2p['l2_policy']['id']) + s_ptg = self.create_policy_target_group( + name="s_ptg", shared=True, + l2_policy_id=l2p['l2_policy']['id']) s_ptg_id = s_ptg['policy_target_group']['id'] pt = self.create_policy_target(name="ep1", policy_target_group_id=s_ptg_id) @@ -206,6 +355,7 @@ class TestPolicyTarget(ResourceMappingTestCase): def test_missing_ptg_rejected(self): data = self.create_policy_target( + policy_target_group_id=None, name="pt1", expected_res_status=webob.exc.HTTPBadRequest.code) self.assertEqual('PolicyTargetRequiresPolicyTargetGroup', data['NeutronError']['type']) @@ -277,8 +427,9 @@ class TestPolicyTargetGroup(ResourceMappingTestCase): l2p_id = l2p['l2_policy']['id'] # Create policy_target group with implicit subnet. - ptg = self.create_policy_target_group(name="ptg1", l2_policy_id=l2p_id, - shared=shared) + ptg = self.create_policy_target_group( + name="ptg1", l2_policy_id=l2p_id, + shared=shared) ptg_id = ptg['policy_target_group']['id'] subnets = ptg['policy_target_group']['subnets'] self.assertIsNotNone(subnets) @@ -391,9 +542,8 @@ class TestPolicyTargetGroup(ResourceMappingTestCase): ptg = self.create_policy_target_group( l2_policy_id=l2p['id'], expected_res_status=201)['policy_target_group'] - res = self._update_gbp_resource_full_response( - ptg['id'], 'policy_target_group', 'policy_target_groups', - expected_res_status=400, + res = self.update_policy_target_group( + ptg['id'], expected_res_status=400, subnets=ptg['subnets'] + [sub['subnet']['id']]) self.assertEqual('InvalidSubnetForPTG', res['NeutronError']['type']) @@ -463,7 +613,8 @@ class TestPolicyTargetGroup(ResourceMappingTestCase): subnet = self.deserialize(self.fmt, req.get_response(self.api))['subnet'] #Create PT and retrieve port - pt = self.create_policy_target(ptg['id'])['policy_target'] + pt = self.create_policy_target( + policy_target_group_id=ptg['id'])['policy_target'] req = self.new_show_request('ports', pt['port_id'], fmt=self.fmt) port = self.deserialize(self.fmt, req.get_response(self.api))['port'] @@ -504,7 +655,8 @@ class TestPolicyTargetGroup(ResourceMappingTestCase): self.fmt, req.get_response( self.ext_api))['policy_target_group'] #Create PT and retrieve port - pt = self.create_policy_target(ptg['id'])['policy_target'] + pt = self.create_policy_target( + policy_target_group_id=ptg['id'])['policy_target'] req = self.new_show_request('ports', pt['port_id'], fmt=self.fmt) port = self.deserialize(self.fmt, req.get_response(self.api))['port'] @@ -534,6 +686,25 @@ class TestPolicyTargetGroup(ResourceMappingTestCase): 'CrossTenantPolicyTargetGroupL2PolicyNotSupported', res['NeutronError']['type']) + def test_cross_tenant_prs_fails(self): + prs = self.create_policy_rule_set(tenant_id='admin_tenant', + expected_res_status=201) + res = self.create_policy_target_group( + provided_policy_rule_sets={prs['policy_rule_set']['id']: ''}, + tenant_id='anothertenant', expected_res_status=404) + self.assertEqual( + 'PolicyRuleSetNotFound', res['NeutronError']['type']) + + # Verify Update + ptg = self.create_policy_target_group( + tenant_id='anothertenant', expected_res_status=201) + res = self.update_policy_target_group( + ptg['policy_target_group']['id'], tenant_id='anothertenant', + provided_policy_rule_sets={prs['policy_rule_set']['id']: ''}, + expected_res_status=404) + self.assertEqual( + 'PolicyRuleSetNotFound', res['NeutronError']['type']) + # TODO(rkukura): Test ip_pool exhaustion. @@ -594,14 +765,16 @@ class TestL2Policy(ResourceMappingTestCase): for shared in [True, False]: res = self.create_l2_policy(name="l2p1", tenant_id='other', l3_policy_id=l3p['l3_policy']['id'], - shared=shared, expected_res_status=400) + shared=shared, + expected_res_status=400) self.assertEqual('CrossTenantL2PolicyL3PolicyNotSupported', res['NeutronError']['type']) with self.network() as network: network_id = network['network']['id'] res = self.create_l2_policy(name="l2p1", network_id=network_id, - shared=True, expected_res_status=400) + shared=True, + expected_res_status=400) self.assertEqual('NonSharedNetworkOnSharedL2PolicyNotSupported', res['NeutronError']['type']) @@ -732,15 +905,13 @@ class TestL3Policy(ResourceMappingTestCase): l3p = self.create_l3_policy( ip_pool='192.168.0.0/16')['l3_policy'] for external_segments in [{es1['id']: []}, {es2['id']: []}]: - self._update_gbp_resource( - l3p['id'], 'l3_policy', 'l3_policies', - expected_res_status=200, + self.update_l3_policy( + l3p['id'], expected_res_status=200, external_segments=external_segments) # es2 to [es1, es2] external_segments = {es2['id']: [], es1['id']: []} - res = self._update_gbp_resource_full_response( - l3p['id'], 'l3_policy', 'l3_policies', - expected_res_status=400, + res = self.update_l3_policy( + l3p['id'], expected_res_status=400, external_segments=external_segments) self.assertEqual('MultipleESPerL3PolicyNotSupported', res['NeutronError']['type']) @@ -772,9 +943,9 @@ class TestL3Policy(ResourceMappingTestCase): res['external_gateway_info']['network_id']) # Verify auto assigned addresses propagated to L3P es_dict = {es2['id']: []} - l3p = self._update_gbp_resource( - l3p['id'], 'l3_policy', 'l3_policies', - external_segments=es_dict, expected_res_status=200) + l3p = self.update_l3_policy( + l3p['id'], external_segments=es_dict, + expected_res_status=200)['l3_policy'] req = self.new_show_request('routers', l3p['routers'][0], fmt=self.fmt) res = self.deserialize(self.fmt, req.get_response( @@ -826,9 +997,8 @@ class TestL3Policy(ResourceMappingTestCase): req.get_response(self.ext_api)) self.assertEqual(routes1, res['router']['routes']) es_dict = {es2['id']: []} - self._update_gbp_resource( - l3p['id'], 'l3_policy', 'l3_policies', - external_segments=es_dict, expected_res_status=200) + self.update_l3_policy(l3p['id'], external_segments=es_dict, + expected_res_status=200) req = self.new_show_request('routers', l3p['routers'][0], fmt=self.fmt) res = self.deserialize(self.fmt, @@ -912,6 +1082,7 @@ class TestPolicyRuleSet(ResourceMappingTestCase): port = self.deserialize(self.fmt, res.get_response(self.api)) security_groups = port['port'][ext_sg.SECURITYGROUPS] self.assertEqual(len(security_groups), 2) + self._verify_prs_rules(policy_rule_set_id) # TODO(ivar): we also need to verify that those security groups have the # right rules @@ -945,6 +1116,7 @@ class TestPolicyRuleSet(ResourceMappingTestCase): port = self.deserialize(self.fmt, res.get_response(self.api)) security_groups = port['port'][ext_sg.SECURITYGROUPS] self.assertEqual(len(security_groups), 2) + self._verify_prs_rules(policy_rule_set_id) # Test update and delete of PTG, how it affects SG mapping def test_policy_target_group_update(self): @@ -992,6 +1164,8 @@ class TestPolicyRuleSet(ResourceMappingTestCase): port = self.deserialize(self.fmt, res.get_response(self.api)) security_groups = port['port'][ext_sg.SECURITYGROUPS] self.assertEqual(len(security_groups), 2) + self._verify_prs_rules(policy_rule_set1_id) + self._verify_prs_rules(policy_rule_set2_id) # now add a policy_rule_set to PTG # First we update policy_rule_set2 to be provided by consumed_ptg @@ -1013,6 +1187,18 @@ class TestPolicyRuleSet(ResourceMappingTestCase): port = self.deserialize(self.fmt, res.get_response(self.api)) security_groups = port['port'][ext_sg.SECURITYGROUPS] self.assertEqual(len(security_groups), 3) + self._verify_prs_rules(policy_rule_set1_id) + self._verify_prs_rules(policy_rule_set2_id) + + # Now verify all rules are removed correctly when PRS are disassociated + self.update_policy_target_group(ptg1_id, provided_policy_rule_sets={}, + consumed_policy_rule_sets={}, + expected_res_status=200) + self.update_policy_target_group(ptg2_id, provided_policy_rule_sets={}, + consumed_policy_rule_sets={}, + expected_res_status=200) + self._verify_prs_rules(policy_rule_set1_id) + self._verify_prs_rules(policy_rule_set2_id) # Test update of policy rules def test_policy_rule_update(self): @@ -1061,6 +1247,7 @@ class TestPolicyRuleSet(ResourceMappingTestCase): udp_rule = udp_rules[0] self.assertEqual(udp_rule['port_range_min'], 30) self.assertEqual(udp_rule['port_range_max'], 100) + self._verify_prs_rules(policy_rule_set_id) # Test update of policy classifier def test_policy_classifier_update(self): @@ -1106,6 +1293,7 @@ class TestPolicyRuleSet(ResourceMappingTestCase): udp_rule = udp_rules[0] self.assertEqual(udp_rule['port_range_min'], 50) self.assertEqual(udp_rule['port_range_max'], 150) + self._verify_prs_rules(policy_rule_set_id) def test_redirect_to_chain(self): data = {'servicechain_node': {'service_type': "LOADBALANCER", @@ -1241,7 +1429,8 @@ class TestPolicyRuleSet(ResourceMappingTestCase): self.assertEqual(len(sc_instances['servicechain_instances']), 0) def test_shared_policy_rule_set_create_negative(self): - self.create_policy_rule_set(shared=True, expected_res_status=400) + self.create_policy_rule_set(shared=True, + expected_res_status=400) def test_external_rules_set(self): # Define the routes @@ -1254,57 +1443,30 @@ class TestPolicyRuleSet(ResourceMappingTestCase): es = self.create_external_segment( subnet_id=sub['subnet']['id'], external_routes=routes)['external_segment'] - l3p = self.create_l3_policy( + self.create_l3_policy( ip_pool='192.168.0.0/16', - external_segments={es['id']: []})['l3_policy'] + external_segments={es['id']: []}) self.create_external_policy( external_segments=[es['id']], provided_policy_rule_sets={prs['id']: ''}) - expected_cidrs = [str(x) for x in ( - netaddr.IPSet(['0.0.0.0/0']) - - netaddr.IPSet([l3p['ip_pool']])).iter_cidrs()] - mapping = self._get_prs_mapping(prs['id']) # Since EP provides, the consumed SG will have ingress rules # based on the difference between the L3P and the external # world - attrs = {'security_group_id': [mapping.consumed_sg_id], - 'direction': ['ingress'], - 'protocol': ['tcp'], - 'port_range_min': [22], - 'port_range_max': [22], - 'remote_ip_prefix': None} - for cidr in expected_cidrs: - attrs['remote_ip_prefix'] = [cidr] - self.assertTrue(self._get_sg_rule(**attrs)) + self._verify_prs_rules(prs['id']) # Add one rule to the PRS pr2 = self._create_http_allow_rule() - self._update_gbp_resource( - prs['id'], 'policy_rule_set', 'policy_rule_sets', - expected_res_status=200, - policy_rules=[pr['id'], pr2['id']]) + self.update_policy_rule_set(prs['id'], expected_res_status=200, + policy_rules=[pr['id'], pr2['id']]) # Verify new rules correctly set - attrs = {'security_group_id': [mapping.consumed_sg_id], - 'direction': ['ingress'], - 'protocol': ['tcp'], - 'port_range_min': [80], - 'port_range_max': [80], - 'remote_ip_prefix': None} - for cidr in expected_cidrs: - attrs['remote_ip_prefix'] = [cidr] - self.assertTrue(self._get_sg_rule(**attrs)) + current_rules = self._verify_prs_rules(prs['id']) + # Remove all the rules, verify that none exist any more - self._update_gbp_resource(prs['id'], 'policy_rule_set', - 'policy_rule_sets', - expected_res_status=200, - policy_rules=[]) - attrs = {'security_group_id': [mapping.consumed_sg_id], - 'direction': ['ingress'], - 'protocol': ['tcp'], - 'port_range_min': [80, 22], - 'port_range_max': [80, 22], - 'remote_ip_prefix': expected_cidrs} - self.assertFalse(self._get_sg_rule(**attrs)) + self.update_policy_rule_set( + prs['id'], expected_res_status=200, policy_rules=[]) + self.assertTrue(len(current_rules) > 0) + for rule in current_rules: + self.assertFalse(self._get_sg_rule(**rule)) class TestExternalSegment(ResourceMappingTestCase): @@ -1336,16 +1498,15 @@ class TestExternalSegment(ResourceMappingTestCase): es = self.create_external_segment( subnet_id=sub['subnet']['id'])['external_segment'] for k, v in changes.iteritems(): - res = self._update_gbp_resource_full_response( - es['id'], 'external_segment', - 'external_segments', expected_res_status=400, **{k: v}) + res = self.update_external_segment( + es['id'], expected_res_status=400, **{k: v}) self.assertEqual('InvalidAttributeUpdateForES', res['NeutronError']['type']) # Verify route updated correctly route = {'destination': '0.0.0.0/0', 'nexthop': None} - self._update_gbp_resource( - es['id'], 'external_segment', 'external_segments', - expected_res_status=200, external_routes=[route]) + self.update_external_segment( + es['id'], expected_res_status=200, + external_routes=[route]) pr = self._create_ssh_allow_rule() prs = self.create_policy_rule_set( policy_rules=[pr['id']])['policy_rule_set'] @@ -1359,6 +1520,10 @@ class TestExternalSegment(ResourceMappingTestCase): expected_cidrs = self._calculate_expected_external_cidrs( es, [l3p1, l3p2]) mapping = self._get_prs_mapping(prs['id']) + + # Not using _verify_prs_rules here because it's testing that + # some specific delta rules are applied/removed instead of + # the whole PRS state. attrs = {'security_group_id': [mapping.consumed_sg_id], 'direction': ['ingress'], 'protocol': ['tcp'], @@ -1368,11 +1533,12 @@ class TestExternalSegment(ResourceMappingTestCase): for cidr in expected_cidrs: attrs['remote_ip_prefix'] = [cidr] self.assertTrue(self._get_sg_rule(**attrs)) + self._verify_prs_rules(prs['id']) # Update the route and verify the SG rules changed route = {'destination': '172.0.0.0/8', 'nexthop': None} - es = self._update_gbp_resource( - es['id'], 'external_segment', 'external_segments', - expected_res_status=200, external_routes=[route]) + es = self.update_external_segment( + es['id'], expected_res_status=200, + external_routes=[route])['external_segment'] # Verify the old rules have been deleted new_cidrs = self._calculate_expected_external_cidrs( @@ -1472,9 +1638,9 @@ class TestExternalPolicy(ResourceMappingTestCase): external_segments=[es1['id']], expected_res_status=201) ep = ep['external_policy'] # ES update rejectes - res = self._update_gbp_resource_full_response( - ep['id'], 'external_policy', 'external_policies', - external_segments=[es2['id']], expected_res_status=400) + res = self.update_external_policy( + ep['id'], external_segments=[es2['id']], + expected_res_status=400) self.assertEqual('ESUpdateNotSupportedForEP', res['NeutronError']['type']) # Rules changed when changing PRS @@ -1486,67 +1652,40 @@ class TestExternalPolicy(ResourceMappingTestCase): prs_http = self.create_policy_rule_set( policy_rules=[pr_http['id']])['policy_rule_set'] - self._update_gbp_resource( - ep['id'], 'external_policy', 'external_policies', - provided_policy_rule_sets={prs_ssh['id']: ''}, + self.update_external_policy( + ep['id'], provided_policy_rule_sets={prs_ssh['id']: ''}, consumed_policy_rule_sets={prs_ssh['id']: ''}, expected_res_status=200) expected_cidrs = self._calculate_expected_external_cidrs( es1, []) self.assertTrue(len(expected_cidrs) > 0) - mapping = self._get_prs_mapping(prs_ssh['id']) - ssh_attrs = {'security_group_id': None, - 'direction': ['ingress'], - 'protocol': ['tcp'], - 'port_range_min': [22], - 'port_range_max': [22], - 'remote_ip_prefix': None} - for sg in [mapping.consumed_sg_id, mapping.provided_sg_id]: - for cidr in expected_cidrs: - ssh_attrs['security_group_id'] = [sg] - ssh_attrs['remote_ip_prefix'] = [cidr] - self.assertTrue(self._get_sg_rule(**ssh_attrs)) + current_ssh_rules = self._verify_prs_rules(prs_ssh['id']) + self._verify_prs_rules(prs_http['id']) # Now swap the contract - self._update_gbp_resource( - ep['id'], 'external_policy', 'external_policies', - provided_policy_rule_sets={prs_http['id']: ''}, + self.update_external_policy( + ep['id'], provided_policy_rule_sets={prs_http['id']: ''}, consumed_policy_rule_sets={prs_http['id']: ''}, expected_res_status=200) # SSH rules removed - for sg in [mapping.consumed_sg_id, mapping.provided_sg_id]: - for cidr in expected_cidrs: - ssh_attrs['security_group_id'] = [sg] - ssh_attrs['remote_ip_prefix'] = [cidr] - self.assertFalse(self._get_sg_rule(**ssh_attrs)) + for rule in current_ssh_rules: + if not (rule['direction'] == ['egress'] + and rule['remote_ip_prefix'] == ['0.0.0.0/0']): + self.assertFalse(self._get_sg_rule(**rule)) # HTTP Added - mapping = self._get_prs_mapping(prs_http['id']) - http_attrs = {'security_group_id': None, - 'direction': ['ingress'], - 'protocol': ['tcp'], - 'port_range_min': [80], - 'port_range_max': [80], - 'remote_ip_prefix': None} - for sg in [mapping.consumed_sg_id, mapping.provided_sg_id]: - for cidr in expected_cidrs: - http_attrs['security_group_id'] = [sg] - http_attrs['remote_ip_prefix'] = [cidr] - self.assertTrue(self._get_sg_rule(**http_attrs)) + current_http_rules = self._verify_prs_rules(prs_http['id']) # All removed - self._update_gbp_resource( - ep['id'], 'external_policy', 'external_policies', - provided_policy_rule_sets={}, - consumed_policy_rule_sets={}, - expected_res_status=200) - for sg in [mapping.consumed_sg_id, mapping.provided_sg_id]: - for cidr in expected_cidrs: - ssh_attrs['security_group_id'] = [sg] - ssh_attrs['remote_ip_prefix'] = [cidr] - self.assertFalse(self._get_sg_rule(**http_attrs)) + self.update_external_policy( + ep['id'], provided_policy_rule_sets={}, + consumed_policy_rule_sets={}, expected_res_status=200) + for rule in current_http_rules: + if not (rule['direction'] == ['egress'] + and rule['remote_ip_prefix'] == ['0.0.0.0/0']): + self.assertFalse(self._get_sg_rule(**rule)) class TestPolicyAction(ResourceMappingTestCase): diff --git a/gbp/neutron/tests/unit/test_extension_group_policy.py b/gbp/neutron/tests/unit/test_extension_group_policy.py index 88f83c7ae..57a5e33c2 100644 --- a/gbp/neutron/tests/unit/test_extension_group_policy.py +++ b/gbp/neutron/tests/unit/test_extension_group_policy.py @@ -11,6 +11,7 @@ # under the License. import copy +import re import mock from neutron.openstack.common import uuidutils @@ -21,6 +22,7 @@ from neutron.tests.unit import test_api_v2_extension from webob import exc from gbp.neutron.extensions import group_policy as gp +from gbp.neutron.tests.unit import common as cm _uuid = uuidutils.generate_uuid _get_path = test_api_v2._get_path @@ -61,6 +63,18 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase): plural_mappings=plural_mappings) self.instance = self.plugin.return_value + def __getattr__(self, item): + # Verify is an update of a proper GBP object + def _is_gbp_resource(plural): + return plural in gp.RESOURCE_ATTRIBUTE_MAP + # Update Method + if re.match("^get_(create|update).+(default|)_attrs$", item): + resource = re.sub("^get_(create|update)_", "", item) + resource = re.sub("(_default|)_attrs$", "", resource) + if _is_gbp_resource(cm.get_resource_plural(resource)): + return getattr(cm, item) + raise AttributeError + def _test_create_policy_target(self, data, expected_value, default_data=None): if not default_data: @@ -76,21 +90,11 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase): self.assertIn('policy_target', res) self.assertEqual(expected_value, res['policy_target']) - def _get_create_policy_target_default_attrs(self): - return {'name': '', 'description': ''} - - def _get_create_policy_target_attrs(self): - return {'name': 'ep1', 'policy_target_group_id': _uuid(), - 'tenant_id': _uuid(), 'description': 'test policy_target'} - - def _get_update_policy_target_attrs(self): - return {'name': 'new_name'} - def test_create_policy_target_with_defaults(self): policy_target_id = _uuid() data = {'policy_target': {'policy_target_group_id': _uuid(), 'tenant_id': _uuid()}} - default_attrs = self._get_create_policy_target_default_attrs() + default_attrs = self.get_create_policy_target_default_attrs() default_data = copy.copy(data) default_data['policy_target'].update(default_attrs) expected_value = dict(default_data['policy_target']) @@ -100,7 +104,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase): def test_create_policy_target(self): policy_target_id = _uuid() - data = {'policy_target': self._get_create_policy_target_attrs()} + data = {'policy_target': self.get_create_policy_target_attrs()} expected_value = dict(data['policy_target']) expected_value['id'] = policy_target_id @@ -139,7 +143,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase): def test_update_policy_target(self): policy_target_id = _uuid() - update_data = {'policy_target': self._get_update_policy_target_attrs()} + update_data = {'policy_target': self.get_update_policy_target_attrs()} expected_value = {'tenant_id': _uuid(), 'id': policy_target_id} self.instance.update_policy_target.return_value = expected_value @@ -174,28 +178,10 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase): self.assertIn('policy_target_group', res) self.assertEqual(expected_value, res['policy_target_group']) - def _get_create_policy_target_group_default_attrs(self): - return {'name': '', 'description': '', 'l2_policy_id': None, - 'provided_policy_rule_sets': {}, - 'consumed_policy_rule_sets': {}, - 'network_service_policy_id': None, 'shared': False} - - def _get_create_policy_target_group_attrs(self): - return {'name': 'ptg1', 'tenant_id': _uuid(), - 'description': 'test policy_target group', - 'l2_policy_id': _uuid(), - 'provided_policy_rule_sets': {_uuid(): None}, - 'consumed_policy_rule_sets': {_uuid(): None}, - 'network_service_policy_id': _uuid(), - 'shared': False} - - def _get_update_policy_target_group_attrs(self): - return {'name': 'new_name'} - def test_create_policy_target_group_with_defaults(self): policy_target_group_id = _uuid() data = {'policy_target_group': {'tenant_id': _uuid()}} - default_attrs = self._get_create_policy_target_group_default_attrs() + default_attrs = self.get_create_policy_target_group_default_attrs() default_data = copy.copy(data) default_data['policy_target_group'].update(default_attrs) expected_value = copy.deepcopy(default_data['policy_target_group']) @@ -207,7 +193,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase): def test_create_policy_target_group(self): policy_target_group_id = _uuid() data = {'policy_target_group': - self._get_create_policy_target_group_attrs()} + self.get_create_policy_target_group_attrs()} expected_value = copy.deepcopy(data['policy_target_group']) expected_value['id'] = policy_target_group_id @@ -248,7 +234,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase): def test_update_policy_target_group(self): policy_target_group_id = _uuid() update_data = {'policy_target_group': - self._get_update_policy_target_group_attrs()} + self.get_update_policy_target_group_attrs()} expected_value = {'tenant_id': _uuid(), 'id': policy_target_group_id} self.instance.update_policy_target_group.return_value = expected_value @@ -281,21 +267,10 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase): self.assertIn('l2_policy', res) self.assertEqual(expected_value, res['l2_policy']) - def _get_create_l2_policy_default_attrs(self): - return {'name': '', 'description': '', 'shared': False} - - def _get_create_l2_policy_attrs(self): - return {'name': 'l2p1', 'tenant_id': _uuid(), - 'description': 'test L2 policy', 'l3_policy_id': _uuid(), - 'shared': False} - - def _get_update_l2_policy_attrs(self): - return {'name': 'new_name'} - def test_create_l2_policy_with_defaults(self): l2_policy_id = _uuid() data = {'l2_policy': {'tenant_id': _uuid(), 'l3_policy_id': _uuid()}} - default_attrs = self._get_create_l2_policy_default_attrs() + default_attrs = self.get_create_l2_policy_default_attrs() default_data = copy.copy(data) default_data['l2_policy'].update(default_attrs) expected_value = dict(default_data['l2_policy']) @@ -305,7 +280,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase): def test_create_l2_policy(self): l2_policy_id = _uuid() - data = {'l2_policy': self._get_create_l2_policy_attrs()} + data = {'l2_policy': self.get_create_l2_policy_attrs()} expected_value = dict(data['l2_policy']) expected_value['id'] = l2_policy_id @@ -344,7 +319,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase): def test_update_l2_policy(self): l2_policy_id = _uuid() - update_data = {'l2_policy': self._get_update_l2_policy_attrs()} + update_data = {'l2_policy': self.get_update_l2_policy_attrs()} expected_value = {'tenant_id': _uuid(), 'id': l2_policy_id} self.instance.update_l2_policy.return_value = expected_value @@ -377,25 +352,10 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase): self.assertIn('l3_policy', res) self.assertEqual(res['l3_policy'], expected_value) - def _get_create_l3_policy_default_attrs(self): - return {'name': '', 'description': '', 'ip_version': 4, - 'ip_pool': '10.0.0.0/8', 'subnet_prefix_length': 24, - 'external_segments': {}, 'shared': False} - - def _get_create_l3_policy_attrs(self): - return {'name': 'l3p1', 'tenant_id': _uuid(), - 'description': 'test L3 policy', 'ip_version': 6, - 'ip_pool': 'fd01:2345:6789::/48', - 'external_segments': {_uuid(): ['192.168.0.3']}, - 'subnet_prefix_length': 64, 'shared': False} - - def _get_update_l3_policy_attrs(self): - return {'name': 'new_name'} - def test_create_l3_policy_with_defaults(self): l3_policy_id = _uuid() data = {'l3_policy': {'tenant_id': _uuid()}} - default_attrs = self._get_create_l3_policy_default_attrs() + default_attrs = self.get_create_l3_policy_default_attrs() default_data = copy.copy(data) default_data['l3_policy'].update(default_attrs) expected_value = dict(default_data['l3_policy']) @@ -405,7 +365,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase): def test_create_l3_policy(self): l3_policy_id = _uuid() - data = {'l3_policy': self._get_create_l3_policy_attrs()} + data = {'l3_policy': self.get_create_l3_policy_attrs()} expected_value = dict(data['l3_policy']) expected_value.update({'id': l3_policy_id}) @@ -444,7 +404,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase): def test_update_l3_policy(self): l3_policy_id = _uuid() - update_data = {'l3_policy': self._get_update_l3_policy_attrs()} + update_data = {'l3_policy': self.get_update_l3_policy_attrs()} expected_value = {'tenant_id': _uuid(), 'id': l3_policy_id} self.instance.update_l3_policy.return_value = expected_value @@ -479,28 +439,10 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase): self.assertIn('policy_action', res) self.assertEqual(expected_value, res['policy_action']) - def _get_create_policy_action_default_attrs(self): - return {'name': '', - 'description': '', - 'action_type': 'allow', - 'action_value': None, - 'shared': False} - - def _get_create_policy_action_attrs(self): - return {'name': 'pa1', - 'tenant_id': _uuid(), - 'description': 'test policy action', - 'action_type': 'redirect', - 'action_value': _uuid(), - 'shared': False} - - def _get_update_policy_action_attrs(self): - return {'name': 'new_name'} - def test_create_policy_action_with_defaults(self): policy_action_id = _uuid() data = {'policy_action': {'tenant_id': _uuid()}} - default_attrs = self._get_create_policy_action_default_attrs() + default_attrs = self.get_create_policy_action_default_attrs() default_data = copy.copy(data) default_data['policy_action'].update(default_attrs) expected_value = dict(default_data['policy_action']) @@ -510,7 +452,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase): def test_create_policy_action(self): policy_action_id = _uuid() - data = {'policy_action': self._get_create_policy_action_attrs()} + data = {'policy_action': self.get_create_policy_action_attrs()} expected_value = dict(data['policy_action']) expected_value['id'] = policy_action_id @@ -553,7 +495,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase): def test_update_policy_action(self): policy_action_id = _uuid() update_data = {'policy_action': - self._get_update_policy_action_attrs()} + self.get_update_policy_action_attrs()} expected_value = {'tenant_id': _uuid(), 'id': policy_action_id} @@ -591,30 +533,10 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase): self.assertIn('policy_classifier', res) self.assertEqual(expected_value, res['policy_classifier']) - def _get_create_policy_classifier_default_attrs(self): - return {'name': '', - 'description': '', - 'protocol': None, - 'port_range': None, - 'direction': None, - 'shared': False} - - def _get_create_policy_classifier_attrs(self): - return {'name': 'pc1', - 'description': 'test policy classifier', - 'tenant_id': _uuid(), - 'protocol': 'tcp', - 'port_range': '100:200', - 'direction': 'in', - 'shared': False} - - def _get_update_policy_classifier_attrs(self): - return {'name': 'new_name'} - def test_create_policy_classifier_with_defaults(self): policy_classifier_id = _uuid() data = {'policy_classifier': {'tenant_id': _uuid()}} - default_attrs = self._get_create_policy_classifier_default_attrs() + default_attrs = self.get_create_policy_classifier_default_attrs() default_data = copy.copy(data) default_data['policy_classifier'].update(default_attrs) expected_value = dict(default_data['policy_classifier']) @@ -625,7 +547,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase): def test_create_policy_classifier(self): policy_classifier_id = _uuid() data = {'policy_classifier': - self._get_create_policy_classifier_attrs()} + self.get_create_policy_classifier_attrs()} expected_value = dict(data['policy_classifier']) expected_value['id'] = policy_classifier_id @@ -666,7 +588,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase): def test_update_policy_classifier(self): policy_classifier_id = _uuid() update_data = {'policy_classifier': - self._get_update_policy_classifier_attrs()} + self.get_update_policy_classifier_attrs()} expected_value = {'tenant_id': _uuid(), 'id': policy_classifier_id} @@ -704,30 +626,11 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase): self.assertIn('policy_rule', res) self.assertEqual(expected_value, res['policy_rule']) - def _get_create_policy_rule_default_attrs(self): - return {'name': '', - 'description': '', - 'enabled': True, - 'policy_actions': [], - 'shared': False} - - def _get_create_policy_rule_attrs(self): - return {'name': 'pr1', - 'description': 'test policy rule', - 'tenant_id': _uuid(), - 'enabled': True, - 'policy_classifier_id': _uuid(), - 'policy_actions': [_uuid()], - 'shared': False} - - def _get_update_policy_rule_attrs(self): - return {'name': 'new_name'} - def test_create_policy_rule_with_defaults(self): policy_rule_id = _uuid() data = {'policy_rule': {'tenant_id': _uuid(), 'policy_classifier_id': _uuid()}} - default_attrs = self._get_create_policy_rule_default_attrs() + default_attrs = self.get_create_policy_rule_default_attrs() default_data = copy.copy(data) default_data['policy_rule'].update(default_attrs) expected_value = dict(default_data['policy_rule']) @@ -738,7 +641,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase): def test_create_policy_rule(self): policy_rule_id = _uuid() data = {'policy_rule': - self._get_create_policy_rule_attrs()} + self.get_create_policy_rule_attrs()} expected_value = dict(data['policy_rule']) expected_value['id'] = policy_rule_id @@ -780,7 +683,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase): def test_update_policy_rule(self): policy_rule_id = _uuid() update_data = {'policy_rule': - self._get_update_policy_rule_attrs()} + self.get_update_policy_rule_attrs()} expected_value = {'tenant_id': _uuid(), 'id': policy_rule_id} @@ -818,28 +721,10 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase): self.assertIn('policy_rule_set', res) self.assertEqual(expected_value, res['policy_rule_set']) - def _get_create_policy_rule_set_default_attrs(self): - return {'name': '', - 'description': '', - 'child_policy_rule_sets': [], - 'policy_rules': [], - 'shared': False} - - def _get_create_policy_rule_set_attrs(self): - return {'name': 'policy_rule_set1', - 'description': 'test policy_rule_set', - 'tenant_id': _uuid(), - 'child_policy_rule_sets': [_uuid()], - 'policy_rules': [_uuid()], - 'shared': False} - - def _get_update_policy_rule_set_attrs(self): - return {'name': 'new_name'} - def test_create_policy_rule_set_with_defaults(self): policy_rule_set_id = _uuid() data = {'policy_rule_set': {'tenant_id': _uuid()}} - default_attrs = self._get_create_policy_rule_set_default_attrs() + default_attrs = self.get_create_policy_rule_set_default_attrs() default_data = copy.copy(data) default_data['policy_rule_set'].update(default_attrs) expected_value = dict(default_data['policy_rule_set']) @@ -850,7 +735,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase): def test_create_policy_rule_set(self): policy_rule_set_id = _uuid() data = {'policy_rule_set': - self._get_create_policy_rule_set_attrs()} + self.get_create_policy_rule_set_attrs()} expected_value = dict(data['policy_rule_set']) expected_value['id'] = policy_rule_set_id @@ -891,7 +776,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase): def test_update_policy_rule_set(self): policy_rule_set_id = _uuid() update_data = {'policy_rule_set': - self._get_update_policy_rule_set_attrs()} + self.get_update_policy_rule_set_attrs()} expected_value = {'tenant_id': _uuid(), 'id': policy_rule_set_id} @@ -929,24 +814,10 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase): self.assertIn('network_service_policy', res) self.assertEqual(expected_value, res['network_service_policy']) - def _get_create_network_service_policy_default_attrs(self): - return {'name': '', 'description': '', - 'network_service_params': [], 'shared': False} - - def _get_create_network_service_policy_attrs(self): - return {'name': 'nsp1', 'tenant_id': _uuid(), - 'shared': False, - 'description': 'test Net Svc Policy', - 'network_service_params': [{'type': 'ip_single', 'name': 'vip', - 'value': 'self_subnet'}]} - - def _get_update_network_service_policy_attrs(self): - return {'name': 'new_name'} - def test_create_network_service_policy_with_defaults(self): network_service_policy_id = _uuid() data = {'network_service_policy': {'tenant_id': _uuid()}} - default_attrs = self._get_create_network_service_policy_default_attrs() + default_attrs = self.get_create_network_service_policy_default_attrs() default_data = copy.copy(data) default_data['network_service_policy'].update(default_attrs) expected_value = dict(default_data['network_service_policy']) @@ -958,7 +829,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase): def test_create_network_service_policy(self): network_service_policy_id = _uuid() data = {'network_service_policy': - self._get_create_network_service_policy_attrs()} + self.get_create_network_service_policy_attrs()} expected_value = copy.deepcopy(data['network_service_policy']) expected_value['id'] = network_service_policy_id @@ -1002,7 +873,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase): def test_update_network_service_policy(self): network_service_policy_id = _uuid() update_data = {'network_service_policy': - self._get_update_network_service_policy_attrs()} + self.get_update_network_service_policy_attrs()} expected_value = {'tenant_id': _uuid(), 'id': network_service_policy_id} @@ -1105,31 +976,13 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase): self.assertIn(entity, res) self.assertEqual(expected_value, res[entity]) - def _get_create_external_policy_default_attrs(self): - return {'name': '', 'description': '', - 'external_segments': [], - 'provided_policy_rule_sets': {}, - 'consumed_policy_rule_sets': {}, - 'shared': False} - - def _get_create_external_policy_attrs(self): - return {'name': 'ep1', 'tenant_id': _uuid(), - 'description': 'test ep', - 'external_segments': [_uuid()], - 'provided_policy_rule_sets': {_uuid(): None}, - 'consumed_policy_rule_sets': {_uuid(): None}, - 'shared': False} - - def _get_update_external_policy_attrs(self): - return {'name': 'new_name'} - def test_create_external_policy_with_defaults(self): - default_attrs = self._get_create_external_policy_default_attrs() + default_attrs = self.get_create_external_policy_default_attrs() self._test_create_entity_with_defaults('external_policy', default_attrs) def test_create_external_policy(self): - attrs = self._get_create_external_policy_attrs() + attrs = self.get_create_external_policy_attrs() self._test_create_entity_with_attrs('external_policy', attrs) def test_list_external_policies(self): @@ -1139,40 +992,20 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase): self._test_get_entity('external_policy') def test_update_external_policy(self): - update_data = self._get_update_external_policy_attrs() + update_data = self.get_update_external_policy_attrs() self._test_update_entity('external_policy', update_data) def test_delete_external_policy_(self): self._test_entity_delete('external_policy') - def _get_create_external_segment_default_attrs(self): - return {'name': '', 'description': '', - 'external_routes': [], - 'ip_version': 4, - 'cidr': '172.16.0.0/12', - 'port_address_translation': False, - 'shared': False} - - def _get_create_external_segment_attrs(self): - return {'name': 'es1', 'tenant_id': _uuid(), - 'description': 'test ep', - 'external_routes': [{'destination': '0.0.0.0/0', - 'nexthop': '192.168.0.1'}], - 'cidr': '192.168.0.0/24', - 'ip_version': 4, 'port_address_translation': True, - 'shared': False} - - def _get_update_external_segment_attrs(self): - return {'name': 'new_name'} - def test_create_external_segment_with_defaults(self): default_attrs = ( - self._get_create_external_segment_default_attrs()) + self.get_create_external_segment_default_attrs()) self._test_create_entity_with_defaults('external_segment', default_attrs) def test_create_external_segment(self): - attrs = self._get_create_external_segment_attrs() + attrs = self.get_create_external_segment_attrs() self._test_create_entity_with_attrs('external_segment', attrs) def test_list_external_segments(self): @@ -1182,37 +1015,20 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase): self._test_get_entity('external_segment') def test_update_external_segment(self): - update_data = self._get_update_external_segment_attrs() + update_data = self.get_update_external_segment_attrs() self._test_update_entity('external_segment', update_data) def test_delete_external_segment_(self): self._test_entity_delete('external_segment') - def _get_create_nat_pool_default_attrs(self): - return {'name': '', 'description': '', - 'external_segment_id': None, 'ip_version': 4, - 'ip_pool': '172.16.0.0/16', - 'shared': False} - - def _get_create_nat_pool_attrs(self): - return {'name': 'es1', 'tenant_id': _uuid(), - 'description': 'test ep', - 'ip_version': 4, - 'ip_pool': '172.16.0.0/16', - 'external_segment_id': _uuid(), - 'shared': False} - - def _get_update_nat_pool_attrs(self): - return {'name': 'new_name'} - def test_create_nat_pool_with_defaults(self): default_attrs = ( - self._get_create_nat_pool_default_attrs()) + self.get_create_nat_pool_default_attrs()) self._test_create_entity_with_defaults('nat_pool', default_attrs) def test_create_nat_pool(self): - attrs = self._get_create_nat_pool_attrs() + attrs = self.get_create_nat_pool_attrs() self._test_create_entity_with_attrs('nat_pool', attrs) def test_list_nat_pools(self): @@ -1222,7 +1038,7 @@ class GroupPolicyExtensionTestCase(test_api_v2_extension.ExtensionTestCase): self._test_get_entity('nat_pool') def test_update_nat_pool(self): - update_data = self._get_update_nat_pool_attrs() + update_data = self.get_update_nat_pool_attrs() self._test_update_entity('nat_pool', update_data) def test_delete_nat_pool_(self): diff --git a/gbp/neutron/tests/unit/test_extension_group_policy_mapping.py b/gbp/neutron/tests/unit/test_extension_group_policy_mapping.py index 7f1da0eda..cb228c064 100644 --- a/gbp/neutron/tests/unit/test_extension_group_policy_mapping.py +++ b/gbp/neutron/tests/unit/test_extension_group_policy_mapping.py @@ -14,6 +14,7 @@ from neutron.plugins.common import constants from gbp.neutron.extensions import group_policy as gp from gbp.neutron.extensions import group_policy_mapping as gpm +from gbp.neutron.tests.unit import common as cm from gbp.neutron.tests.unit import test_extension_group_policy as tgp @@ -52,74 +53,62 @@ class GroupPolicyMappingExtTestCase(tgp.GroupPolicyExtensionTestCase): def _restore_gp_attr_map(self): gp.RESOURCE_ATTRIBUTE_MAP = self._saved_gp_attr_map - def _get_create_policy_target_default_attrs(self): - attrs = (super(GroupPolicyMappingExtTestCase, self). - _get_create_policy_target_default_attrs()) + def get_create_policy_target_default_attrs(self): + attrs = cm.get_create_policy_target_default_attrs() attrs.update({'port_id': None}) return attrs - def _get_create_policy_target_attrs(self): - attrs = (super(GroupPolicyMappingExtTestCase, self). - _get_create_policy_target_attrs()) + def get_create_policy_target_attrs(self): + attrs = cm.get_create_policy_target_attrs() attrs.update({'port_id': tgp._uuid()}) return attrs - def _get_create_policy_target_group_default_attrs(self): - attrs = (super(GroupPolicyMappingExtTestCase, self). - _get_create_policy_target_group_default_attrs()) + def get_create_policy_target_group_default_attrs(self): + attrs = cm.get_create_policy_target_group_default_attrs() attrs.update({'subnets': []}) return attrs - def _get_create_policy_target_group_attrs(self): - attrs = (super(GroupPolicyMappingExtTestCase, self). - _get_create_policy_target_group_attrs()) + def get_create_policy_target_group_attrs(self): + attrs = cm.get_create_policy_target_group_attrs() attrs.update({'subnets': [tgp._uuid()]}) return attrs - def _get_update_policy_target_group_attrs(self): - attrs = (super(GroupPolicyMappingExtTestCase, self). - _get_update_policy_target_group_attrs()) + def get_update_policy_target_group_attrs(self): + attrs = cm.get_update_policy_target_group_attrs() attrs.update({'subnets': [tgp._uuid()]}) return attrs - def _get_create_l2_policy_default_attrs(self): - attrs = (super(GroupPolicyMappingExtTestCase, self). - _get_create_l2_policy_default_attrs()) + def get_create_l2_policy_default_attrs(self): + attrs = cm.get_create_l2_policy_default_attrs() attrs.update({'network_id': None}) return attrs - def _get_create_l2_policy_attrs(self): - attrs = (super(GroupPolicyMappingExtTestCase, self). - _get_create_l2_policy_attrs()) + def get_create_l2_policy_attrs(self): + attrs = cm.get_create_l2_policy_attrs() attrs.update({'network_id': tgp._uuid()}) return attrs - def _get_create_l3_policy_default_attrs(self): - attrs = (super(GroupPolicyMappingExtTestCase, self). - _get_create_l3_policy_default_attrs()) + def get_create_l3_policy_default_attrs(self): + attrs = cm.get_create_l3_policy_default_attrs() attrs.update({'routers': []}) return attrs - def _get_create_l3_policy_attrs(self): - attrs = (super(GroupPolicyMappingExtTestCase, self). - _get_create_l3_policy_attrs()) + def get_create_l3_policy_attrs(self): + attrs = cm.get_create_l3_policy_attrs() attrs.update({'routers': [tgp._uuid(), tgp._uuid()]}) return attrs - def _get_update_l3_policy_attrs(self): - attrs = (super(GroupPolicyMappingExtTestCase, self). - _get_update_l3_policy_attrs()) + def get_update_l3_policy_attrs(self): + attrs = cm.get_update_l3_policy_attrs() attrs.update({'routers': [tgp._uuid(), tgp._uuid()]}) return attrs - def _get_create_external_segment_default_attrs(self): - attrs = (super(GroupPolicyMappingExtTestCase, self). - _get_create_external_segment_default_attrs()) + def get_create_external_segment_default_attrs(self): + attrs = cm.get_create_external_segment_default_attrs() attrs.update({'subnet_id': None}) return attrs - def _get_create_external_segment_attrs(self): - attrs = (super(GroupPolicyMappingExtTestCase, self). - _get_create_external_segment_attrs()) + def get_create_external_segment_attrs(self): + attrs = cm.get_create_external_segment_attrs() attrs.update({'subnet_id': tgp._uuid()}) return attrs