remove unused nwfilter methods and tests.
remove unused methods and classes in nova/virt/libvirt/firewall.py and releative function tests. now,nova use nwfilter offered by libvirt only for anti ARP and IP spoofing.other security policy use iptables. Change-Id: Ib9866802ef64668e2feba09124bdf7c7fee92f92
This commit is contained in:
Yaguang Tang
1
Authors
1
Authors
@@ -168,6 +168,7 @@ Vladimir Popovski <vladimir@zadarastorage.com>
|
|||||||
William Henry <whenry@redhat.com>
|
William Henry <whenry@redhat.com>
|
||||||
William Kelly <william.kelly@rackspace.com>
|
William Kelly <william.kelly@rackspace.com>
|
||||||
William Wolf <throughnothing@gmail.com>
|
William Wolf <throughnothing@gmail.com>
|
||||||
|
Yaguang Tang <heut2008@gmail.com>
|
||||||
Yoshiaki Tamura <yoshi@midokura.jp>
|
Yoshiaki Tamura <yoshi@midokura.jp>
|
||||||
Youcef Laribi <Youcef.Laribi@eu.citrix.com>
|
Youcef Laribi <Youcef.Laribi@eu.citrix.com>
|
||||||
Yun Mao <yunmao@gmail.com>
|
Yun Mao <yunmao@gmail.com>
|
||||||
|
|||||||
@@ -1631,28 +1631,6 @@ class NWFilterTestCase(test.TestCase):
|
|||||||
security_group = db.security_group_get_by_name(self.context,
|
security_group = db.security_group_get_by_name(self.context,
|
||||||
'fake',
|
'fake',
|
||||||
'testgroup')
|
'testgroup')
|
||||||
|
|
||||||
xml = self.fw.security_group_to_nwfilter_xml(security_group.id)
|
|
||||||
|
|
||||||
dom = xml_to_dom(xml)
|
|
||||||
self.assertEqual(dom.firstChild.tagName, 'filter')
|
|
||||||
|
|
||||||
rules = dom.getElementsByTagName('rule')
|
|
||||||
self.assertEqual(len(rules), 1)
|
|
||||||
|
|
||||||
# It's supposed to allow inbound traffic.
|
|
||||||
self.assertEqual(rules[0].getAttribute('action'), 'accept')
|
|
||||||
self.assertEqual(rules[0].getAttribute('direction'), 'in')
|
|
||||||
|
|
||||||
# Must be lower priority than the base filter (which blocks everything)
|
|
||||||
self.assertTrue(int(rules[0].getAttribute('priority')) < 1000)
|
|
||||||
|
|
||||||
ip_conditions = rules[0].getElementsByTagName('tcp')
|
|
||||||
self.assertEqual(len(ip_conditions), 1)
|
|
||||||
self.assertEqual(ip_conditions[0].getAttribute('srcipaddr'), '0.0.0.0')
|
|
||||||
self.assertEqual(ip_conditions[0].getAttribute('srcipmask'), '0.0.0.0')
|
|
||||||
self.assertEqual(ip_conditions[0].getAttribute('dstportstart'), '80')
|
|
||||||
self.assertEqual(ip_conditions[0].getAttribute('dstportend'), '81')
|
|
||||||
self.teardown_security_group()
|
self.teardown_security_group()
|
||||||
|
|
||||||
def teardown_security_group(self):
|
def teardown_security_group(self):
|
||||||
@@ -1732,8 +1710,7 @@ class NWFilterTestCase(test.TestCase):
|
|||||||
def _ensure_all_called(mac):
|
def _ensure_all_called(mac):
|
||||||
instance_filter = 'nova-instance-%s-%s' % (instance_ref['name'],
|
instance_filter = 'nova-instance-%s-%s' % (instance_ref['name'],
|
||||||
mac.translate(None, ':'))
|
mac.translate(None, ':'))
|
||||||
secgroup_filter = 'nova-secgroup-%s' % self.security_group['id']
|
for required in ['allow-dhcp-server',
|
||||||
for required in [secgroup_filter, 'allow-dhcp-server',
|
|
||||||
'no-arp-spoofing', 'no-ip-spoofing',
|
'no-arp-spoofing', 'no-ip-spoofing',
|
||||||
'no-mac-spoofing']:
|
'no-mac-spoofing']:
|
||||||
self.assertTrue(required in
|
self.assertTrue(required in
|
||||||
@@ -1754,20 +1731,10 @@ class NWFilterTestCase(test.TestCase):
|
|||||||
mac = network_info[0][1]['mac']
|
mac = network_info[0][1]['mac']
|
||||||
|
|
||||||
self.fw.setup_basic_filtering(instance, network_info)
|
self.fw.setup_basic_filtering(instance, network_info)
|
||||||
self.fw.prepare_instance_filter(instance, network_info)
|
|
||||||
self.fw.apply_instance_filter(instance, network_info)
|
|
||||||
_ensure_all_called(mac)
|
_ensure_all_called(mac)
|
||||||
self.teardown_security_group()
|
self.teardown_security_group()
|
||||||
db.instance_destroy(context.get_admin_context(), instance_ref['id'])
|
db.instance_destroy(context.get_admin_context(), instance_ref['id'])
|
||||||
|
|
||||||
def test_create_network_filters(self):
|
|
||||||
instance_ref = self._create_instance()
|
|
||||||
network_info = _fake_network_info(self.stubs, 3)
|
|
||||||
result = self.fw._create_network_filters(instance_ref,
|
|
||||||
network_info,
|
|
||||||
"fake")
|
|
||||||
self.assertEquals(len(result), 3)
|
|
||||||
|
|
||||||
def test_unfilter_instance_undefines_nwfilters(self):
|
def test_unfilter_instance_undefines_nwfilters(self):
|
||||||
admin_ctxt = context.get_admin_context()
|
admin_ctxt = context.get_admin_context()
|
||||||
|
|
||||||
@@ -1788,13 +1755,9 @@ class NWFilterTestCase(test.TestCase):
|
|||||||
|
|
||||||
network_info = _fake_network_info(self.stubs, 1)
|
network_info = _fake_network_info(self.stubs, 1)
|
||||||
self.fw.setup_basic_filtering(instance, network_info)
|
self.fw.setup_basic_filtering(instance, network_info)
|
||||||
self.fw.prepare_instance_filter(instance, network_info)
|
|
||||||
self.fw.apply_instance_filter(instance, network_info)
|
|
||||||
original_filter_count = len(fakefilter.filters)
|
original_filter_count = len(fakefilter.filters)
|
||||||
self.fw.unfilter_instance(instance, network_info)
|
self.fw.unfilter_instance(instance, network_info)
|
||||||
|
self.assertEqual(original_filter_count - len(fakefilter.filters), 1)
|
||||||
# should undefine 2 filters: instance and instance-secgroup
|
|
||||||
self.assertEqual(original_filter_count - len(fakefilter.filters), 2)
|
|
||||||
|
|
||||||
db.instance_destroy(admin_ctxt, instance_ref['id'])
|
db.instance_destroy(admin_ctxt, instance_ref['id'])
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user