199
199
req = fakes.HTTPRequest.blank('/v2/fake/servers/1/action')
200
200
self.manager._addSecurityGroup(req, '1', body)
202
def test_associate_port_security_enabled_true(self):
203
sg = self._create_sg_template().get('security_group')
204
net = self._create_network()
206
network_id=net['network']['id'], security_groups=[sg['id']],
207
port_security_enabled=True,
208
device_id=test_security_groups.FAKE_UUID1)
210
self.stubs.Set(nova.db, 'instance_get',
211
test_security_groups.return_server)
212
body = dict(addSecurityGroup=dict(name="test"))
214
req = fakes.HTTPRequest.blank('/v2/fake/servers/1/action')
215
self.manager._addSecurityGroup(req, '1', body)
217
def test_associate_port_security_enabled_false(self):
218
self._create_sg_template().get('security_group')
219
net = self._create_network()
221
network_id=net['network']['id'], port_security_enabled=False,
222
device_id=test_security_groups.FAKE_UUID1)
224
self.stubs.Set(nova.db, 'instance_get',
225
test_security_groups.return_server)
226
body = dict(addSecurityGroup=dict(name="test"))
228
req = fakes.HTTPRequest.blank('/v2/fake/servers/1/action')
229
self.assertRaises(webob.exc.HTTPBadRequest,
230
self.manager._addSecurityGroup,
202
233
def test_disassociate_by_non_existing_security_group_name(self):
203
234
self.stubs.Set(nova.db, 'instance_get',
204
235
test_security_groups.return_server)
277
308
context.get_admin_context(), test_security_groups.FAKE_UUID1)
278
309
self.assertEquals(sgs, expected)
311
def test_create_port_with_sg_and_port_security_enabled_true(self):
312
sg1 = self._create_sg_template(name='test1').get('security_group')
313
net = self._create_network()
315
network_id=net['network']['id'], security_groups=[sg1['id']],
316
port_security_enabled=True,
317
device_id=test_security_groups.FAKE_UUID1)
318
security_group_api = self.controller.security_group_api
319
sgs = security_group_api.get_instance_security_groups(
320
context.get_admin_context(), test_security_groups.FAKE_UUID1)
321
self.assertEquals(sgs, [{'name': 'test1'}])
323
def test_create_port_with_sg_and_port_security_enabled_false(self):
324
sg1 = self._create_sg_template(name='test1').get('security_group')
325
net = self._create_network()
326
self.assertRaises(exception.SecurityGroupCannotBeApplied,
328
network_id=net['network']['id'],
329
security_groups=[sg1['id']],
330
port_security_enabled=False,
331
device_id=test_security_groups.FAKE_UUID1)
281
334
class TestQuantumSecurityGroupRulesTestCase(TestQuantumSecurityGroupsTestCase):
549
602
ret = {'status': 'ACTIVE', 'subnets': [], 'name': n.get('name'),
550
603
'admin_state_up': n.get('admin_state_up', True),
551
604
'tenant_id': 'fake_tenant',
552
'port_security_enabled': n.get('port_security_enabled', True),
553
605
'id': str(uuid.uuid4())}
606
if 'port_security_enabled' in n:
607
ret['port_security_enabled'] = n['port_security_enabled']
554
608
self._fake_networks[ret['id']] = ret
555
609
return {'network': ret}
573
627
p = body.get('port')
574
628
ret = {'status': 'ACTIVE', 'id': str(uuid.uuid4()),
575
629
'mac_address': p.get('mac_address', 'fa:16:3e:b8:f5:fb'),
576
'port_security_enabled': p.get('port_security_enabled'),
577
630
'device_id': p.get('device_id', str(uuid.uuid4())),
578
'security_groups': p.get('security_groups', [])}
580
fields = ['network_id', 'security_groups', 'admin_state_up']
582
ret[field] = p.get(field)
631
'admin_state_up': p.get('admin_state_up', True),
632
'security_groups': p.get('security_groups', []),
633
'network_id': p.get('network_id')}
584
635
network = self._fake_networks[p['network_id']]
585
if not ret['port_security_enabled']:
636
if 'port_security_enabled' in p:
637
ret['port_security_enabled'] = p['port_security_enabled']
638
elif 'port_security_enabled' in network:
586
639
ret['port_security_enabled'] = network['port_security_enabled']
641
port_security = ret.get('port_security_enabled', True)
642
# port_security must be True if security groups are present
643
if not port_security and ret['security_groups']:
644
raise exception.SecurityGroupCannotBeApplied()
587
646
if network['subnets']:
588
647
ret['fixed_ips'] = [{'subnet_id': network['subnets'][0],
589
648
'ip_address': '10.0.0.1'}]
590
if not ret['security_groups']:
649
if not ret['security_groups'] and (port_security is None or
650
port_security is True):
591
651
for security_group in self._fake_security_groups.values():
592
652
if security_group['name'] == 'default':
593
653
ret['security_groups'] = [security_group['id']]