diff --git a/.coveragerc b/.coveragerc index 891f4a66..ffc0bf19 100644 --- a/.coveragerc +++ b/.coveragerc @@ -1,9 +1,7 @@ [run] branch = True source = vmware_nsxlib -omit = vmware_nsxlib/tests/* +omit = vmware_nsxlib/tests/*,vmware_nsxlib/v3/token*,vmware_nsxlib/version* [report] ignore_errors = True -[report] -ignore_errors = True diff --git a/.zuul.yaml b/.zuul.yaml index 145d7470..8d47b8f4 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -3,3 +3,4 @@ - openstack-lower-constraints-jobs - openstack-python3-ussuri-jobs - check-requirements + - openstack-cover-jobs diff --git a/tox.ini b/tox.ini index d9fce799..ba11f73e 100644 --- a/tox.ini +++ b/tox.ini @@ -68,9 +68,17 @@ deps = -c{env:UPPER_CONSTRAINTS_FILE:https://opendev.org/openstack/requirements/ commands = bandit -r vmware_nsxlib -n 5 -ll [testenv:cover] +envdir = {toxworkdir}/shared +setenv = {[testenv]setenv} + PYTHON=coverage run --source vmware_nsxlib --parallel-mode commands = - python setup.py test --coverage --coverage-package-name=vmware_nsxlib --testr-args='{posargs}' - coverage report + coverage erase + stestr run {posargs} + stestr slowest + coverage combine + coverage report --skip-covered + coverage html -d cover + coverage xml -o cover/coverage.xml [testenv:venv] commands = {posargs} diff --git a/vmware_nsxlib/tests/unit/v3/policy/test_resources.py b/vmware_nsxlib/tests/unit/v3/policy/test_resources.py index 66031700..29b2b462 100644 --- a/vmware_nsxlib/tests/unit/v3/policy/test_resources.py +++ b/vmware_nsxlib/tests/unit/v3/policy/test_resources.py @@ -4161,6 +4161,42 @@ class TestPolicySegment(NsxPolicyLibTestCase): self.assertEqual(gateway_address, subnet.gateway_address) self.assertEqual(dhcp_ranges, subnet.dhcp_ranges) + def test_get_tz_id(self): + segment_id = '111' + tz_id = '222' + tz_path = 'dummy-path/%s' % tz_id + with mock.patch.object( + self.policy_api, "get", + return_value={'id': segment_id, + 'transport_zone_path': tz_path}) as api_get: + result = self.resourceApi.get_transport_zone_id( + segment_id, tenant=TEST_TENANT) + api_get.assert_called_once() + self.assertEqual(tz_id, result) + + def test_set_admin_state(self): + # NSX version 3 & up + segment_id = '111' + with mock.patch.object(self.policy_api.client, "patch") as api_patch: + self.resourceApi.set_admin_state( + segment_id, False, tenant=TEST_TENANT) + api_patch.assert_called_once_with( + '%s/segments/%s' % (TEST_TENANT, segment_id), + {'id': segment_id, 'admin_state': 'DOWN', + 'resource_type': 'Segment'}, + headers={'nsx-enable-partial-patch': 'true'}) + + def test_set_admin_state_old(self): + # NSX version before 3 + segment_id = '111' + with mock.patch.object(self.resourceApi, 'version', '2.5.0'),\ + mock.patch.object(self.resourceApi, 'wait_until_realized'),\ + mock.patch.object(self.resourceApi.nsx_api.logical_switch, + "update") as ls_update: + self.resourceApi.set_admin_state( + segment_id, True, tenant=TEST_TENANT) + ls_update.assert_called_once_with(mock.ANY, admin_state=True) + class TestPolicyIpPool(NsxPolicyLibTestCase): @@ -4729,6 +4765,32 @@ class TestPolicySegmentPort(NsxPolicyLibTestCase): "%s/segments/%s/ports/%s" % (TEST_TENANT, segment_id, port_id), {'attachment': {'id': vif_id}, 'tags': tags}) + def test_set_admin_state(self): + # NSX version 3 & up + segment_id = '111' + port_id = '222' + with mock.patch.object(self.policy_api.client, "patch") as api_patch: + self.resourceApi.set_admin_state( + segment_id, port_id, False, tenant=TEST_TENANT) + api_patch.assert_called_once_with( + '%s/segments/%s/ports/%s' % (TEST_TENANT, segment_id, port_id), + {'resource_type': 'SegmentPort', 'id': port_id, + 'admin_state': 'DOWN'}, + headers={'nsx-enable-partial-patch': 'true'}) + + def test_set_admin_state_old(self): + # NSX version before 3 + segment_id = '111' + port_id = '222' + with mock.patch.object(self.resourceApi, 'version', '2.5.0'),\ + mock.patch.object(self.resourceApi, 'wait_until_realized'),\ + mock.patch.object(self.resourceApi.nsx_api.logical_port, + "update") as lp_update: + self.resourceApi.set_admin_state( + segment_id, port_id, True, tenant=TEST_TENANT) + lp_update.assert_called_once_with( + mock.ANY, False, admin_state=True) + class TestPolicySegmentProfileBase(NsxPolicyLibTestCase): diff --git a/vmware_nsxlib/tests/unit/v3/test_security.py b/vmware_nsxlib/tests/unit/v3/test_security.py index f869e537..4144a91a 100644 --- a/vmware_nsxlib/tests/unit/v3/test_security.py +++ b/vmware_nsxlib/tests/unit/v3/test_security.py @@ -283,11 +283,47 @@ class TestNsxLibFirewallSection(nsxlib_testcase.NsxLibTestCase): '&action=create_with_rules' create.assert_called_with(resource, expected_body, headers=None) + def test_set_rule_logging(self): + section_id = '111' + rule_id = 1 + orig_rule = {'id': rule_id, 'logged': False} + with mock.patch.object(self.nsxlib.firewall_section, 'get_rules', + return_value={'results': [orig_rule]}),\ + mock.patch.object(self.nsxlib.client, 'get', return_value={}),\ + mock.patch.object(self.nsxlib.client, 'create') as update: + self.nsxlib.firewall_section.set_rule_logging(section_id, True) + update.assert_called_once_with( + 'firewall/sections/111?action=update_with_rules', + {'rules': [{'id': 1, 'logged': True}]}, headers=None) + def test_get_excludelist(self): with mock.patch.object(self.nsxlib.client, 'list') as clist: self.nsxlib.firewall_section.get_excludelist() clist.assert_called_with('firewall/excludelist') + def test_add_to_excludelist(self): + target_id = '111' + target_type = const.NSGROUP + with mock.patch.object(self.nsxlib.client, 'create') as create: + self.nsxlib.firewall_section.add_member_to_fw_exclude_list( + target_id, target_type) + create.assert_called_once_with( + 'firewall/excludelist?action=add_member', + {'target_id': target_id, 'target_type': target_type}, + headers=None) + + def test_del_from_excludelist(self): + target_id = '111' + target_type = const.NSGROUP + with mock.patch.object(self.nsxlib.client, 'create') as create: + self.nsxlib.firewall_section.remove_member_from_fw_exclude_list( + target_id, target_type) + create.assert_called_once_with( + 'firewall/excludelist?action=remove_member&' + 'object_id=%s' % target_id, + None, + headers=None) + def test_update(self): fws_tags = [{"scope": "name", "tag": "new_name"}] with mock.patch.object(self.nsxlib.client, 'update') as update: @@ -478,6 +514,26 @@ class TestNsxLibNSGroup(nsxlib_testcase.NsxClientTestCase): # getting the rules, and get before each update self.assertEqual(3, get_mock.call_count) + def test_update_on_backend(self): + security_group = { + 'name': 'name', + 'id': uuidutils.generate_uuid(), + 'description': None, + 'logging': False} + nsgroup_id = uuidutils.generate_uuid() + section_id = uuidutils.generate_uuid() + log_sg_allowed_traffic = True + + with mock.patch.object(self.nsxlib.client, 'update') as update_mock,\ + mock.patch.object(self.nsxlib.client, 'get') as get_mock: + self.nsxlib.ns_group.update_on_backend( + None, security_group, nsgroup_id, section_id, + log_sg_allowed_traffic) + # updating the nsgroup and the section + self.assertEqual(2, update_mock.call_count) + # getting the rules, and get before each update + self.assertEqual(3, get_mock.call_count) + def test_update_lport_nsgroups(self): nsgroup_id1 = uuidutils.generate_uuid() nsgroup_id2 = uuidutils.generate_uuid() diff --git a/vmware_nsxlib/v3/security.py b/vmware_nsxlib/v3/security.py index 99508e5d..c6db3f0b 100644 --- a/vmware_nsxlib/v3/security.py +++ b/vmware_nsxlib/v3/security.py @@ -82,6 +82,7 @@ class NsxLibNsGroup(utils.NsxLibApiBase): return '%(name)s - %(id)s' % security_group def get_lport_tags(self, secgroups): + # TODO(asarfaty): This api should move to vmware_nsx if len(secgroups) > utils.MAX_NSGROUPS_CRITERIA_TAGS: raise exceptions.NumberOfNsgroupCriteriaTagsReached( max_num=utils.MAX_NSGROUPS_CRITERIA_TAGS)