x/quark
Code Issues Proposed changes

Merge pull request #325 from Cerberus98/rm11364

Browse Source 
Rm11364
This commit is contained in:
Trey Morris
2015-02-09 13:27:45 -06:00
parent 10f84625c4 21b80022bf
commit 1ff9bdb086
2 changed files with 110 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
quark/cache/security_groups_client.py vendored
View File

@@ -30,8 +30,20 @@ SECURITY_GROUP_VERSION_UUID_KEY = "id"
SECURITY_GROUP_RULE_KEY = "rules"
SECURITY_GROUP_HASH_ATTR = "security group rules"
ALL_V4 = netaddr.IPNetwork("::ffff:0.0.0.0/96")
ALL_V6 = netaddr.IPNetwork("::/0")
class SecurityGroupsClient(redis_base.ClientBase):
def _convert_remote_network(self, remote_ip_prefix):
# NOTE(mdietz): RM11364 - While a /0 is valid and should be supported,
# it breaks OVS to apply a /0 as the source or
# destination network.
net = netaddr.IPNetwork(remote_ip_prefix).ipv6()
if net.cidr == ALL_V4 or net.cidr == ALL_V6:
return ''
return str(net)
def serialize_rules(self, rules):
"""Creates a payload for the redis server."""
# TODO(mdietz): If/when we support other rule types, this comment
@@ -46,14 +58,12 @@ class SecurityGroupsClient(redis_base.ClientBase):
direction = rule["direction"]
source = ''
destination = ''
if rule["remote_ip_prefix"]:
if rule.get("remote_ip_prefix"):
prefix = rule["remote_ip_prefix"]
if direction == "ingress":
source = netaddr.IPNetwork(rule["remote_ip_prefix"])
source = str(source.ipv6())
source = self._convert_remote_network(prefix)
else:
destination = netaddr.IPNetwork(
rule["remote_ip_prefix"])
destination = str(destination.ipv6())
destination = self._convert_remote_network(prefix)
optional_fields = {}

94
quark/tests/cache/test_security_groups_client.py vendored
View File

@@ -175,6 +175,100 @@ class TestRedisSecurityGroupsClient(test_base.TestBase):
self.assertEqual("::ffff:192.168.0.0/120", rule["destination network"])
self.assertEqual("", rule["source network"])
@mock.patch("redis.ConnectionPool")
@mock.patch(
"quark.cache.security_groups_client.redis_base.redis.StrictRedis")
def test_serialize_filters_source_v4_net(self, strict_redis, conn_pool):
rule_dict = {"ethertype": 0x800, "protocol": 1, "direction": "ingress",
"remote_ip_prefix": "192.168.0.0/0"}
client = sg_client.SecurityGroupsClient()
group = models.SecurityGroup()
rule = models.SecurityGroupRule()
rule.update(rule_dict)
group.rules.append(rule)
payload = client.serialize_groups([group])
rule = payload[0]
self.assertEqual(0x800, rule["ethertype"])
self.assertEqual(1, rule["protocol"])
self.assertEqual(None, rule["icmp type"])
self.assertEqual(None, rule["icmp code"])
self.assertEqual("allow", rule["action"])
self.assertEqual("ingress", rule["direction"])
self.assertEqual("", rule["source network"])
self.assertEqual("", rule["destination network"])
@mock.patch("redis.ConnectionPool")
@mock.patch(
"quark.cache.security_groups_client.redis_base.redis.StrictRedis")
def test_serialize_filters_source_v6_net(self, strict_redis, conn_pool):
rule_dict = {"ethertype": 0x86DD, "protocol": 1,
"direction": "ingress",
"remote_ip_prefix": "feed::/0"}
client = sg_client.SecurityGroupsClient()
group = models.SecurityGroup()
rule = models.SecurityGroupRule()
rule.update(rule_dict)
group.rules.append(rule)
payload = client.serialize_groups([group])
rule = payload[0]
self.assertEqual(0x86DD, rule["ethertype"])
self.assertEqual(1, rule["protocol"])
self.assertEqual(None, rule["icmp type"])
self.assertEqual(None, rule["icmp code"])
self.assertEqual("allow", rule["action"])
self.assertEqual("ingress", rule["direction"])
self.assertEqual("", rule["source network"])
self.assertEqual("", rule["destination network"])
@mock.patch("redis.ConnectionPool")
@mock.patch(
"quark.cache.security_groups_client.redis_base.redis.StrictRedis")
def test_serialize_filters_dest_v4_net(self, strict_redis, conn_pool):
rule_dict = {"ethertype": 0x800, "protocol": 1, "direction": "egress",
"remote_ip_prefix": "192.168.0.0/0"}
client = sg_client.SecurityGroupsClient()
group = models.SecurityGroup()
rule = models.SecurityGroupRule()
rule.update(rule_dict)
group.rules.append(rule)
payload = client.serialize_groups([group])
rule = payload[0]
self.assertEqual(0x800, rule["ethertype"])
self.assertEqual(1, rule["protocol"])
self.assertEqual(None, rule["icmp type"])
self.assertEqual(None, rule["icmp code"])
self.assertEqual("allow", rule["action"])
self.assertEqual("ingress", rule["direction"])
self.assertEqual("", rule["source network"])
self.assertEqual("", rule["destination network"])
@mock.patch("redis.ConnectionPool")
@mock.patch(
"quark.cache.security_groups_client.redis_base.redis.StrictRedis")
def test_serialize_filters_dest_v6_net(self, strict_redis, conn_pool):
rule_dict = {"ethertype": 0x86DD, "protocol": 1,
"direction": "egress",
"remote_ip_prefix": "feed::/0"}
client = sg_client.SecurityGroupsClient()
group = models.SecurityGroup()
rule = models.SecurityGroupRule()
rule.update(rule_dict)
group.rules.append(rule)
payload = client.serialize_groups([group])
rule = payload[0]
self.assertEqual(0x86DD, rule["ethertype"])
self.assertEqual(1, rule["protocol"])
self.assertEqual(None, rule["icmp type"])
self.assertEqual(None, rule["icmp code"])
self.assertEqual("allow", rule["action"])
self.assertEqual("ingress", rule["direction"])
self.assertEqual("", rule["source network"])
self.assertEqual("", rule["destination network"])
class TestRedisForAgent(test_base.TestBase):
def setUp(self):