1
# Copyright 2014 OpenStack Foundation.
4
# Licensed under the Apache License, Version 2.0 (the "License"); you may
5
# not use this file except in compliance with the License. You may obtain
6
# a copy of the License at
8
# http://www.apache.org/licenses/LICENSE-2.0
10
# Unless required by applicable law or agreed to in writing, software
11
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13
# License for the specific language governing permissions and limitations
20
from oslo.config import cfg
22
from neutron.agent.common import config as agent_config
23
from neutron.agent.l3 import config as l3_config
24
from neutron.agent.metadata import driver as metadata_driver
25
from neutron.openstack.common import uuidutils
26
from neutron.tests import base
29
_uuid = uuidutils.generate_uuid
32
class TestMetadataDriver(base.BaseTestCase):
38
super(TestMetadataDriver, self).setUp()
39
cfg.CONF.register_opts(l3_config.OPTS)
40
cfg.CONF.register_opts(metadata_driver.MetadataDriver.OPTS)
41
agent_config.register_root_helper(cfg.CONF)
43
def test_metadata_nat_rules(self):
44
rules = ('PREROUTING', '-s 0.0.0.0/0 -d 169.254.169.254/32 '
45
'-p tcp -m tcp --dport 80 -j REDIRECT --to-port 8775')
48
metadata_driver.MetadataDriver.metadata_nat_rules(8775))
50
def test_metadata_filter_rules(self):
51
rules = [('INPUT', '-m mark --mark 0x1 -j ACCEPT'),
52
('INPUT', '-s 0.0.0.0/0 -p tcp -m tcp --dport 8775 -j DROP')]
55
metadata_driver.MetadataDriver.metadata_filter_rules(8775, '0x1'))
57
def test_metadata_mangle_rules(self):
58
rule = ('PREROUTING', '-s 0.0.0.0/0 -d 169.254.169.254/32 '
59
'-p tcp -m tcp --dport 80 '
60
'-j MARK --set-xmark 0x1/%s' %
61
metadata_driver.METADATA_ACCESS_MARK_MASK)
64
metadata_driver.MetadataDriver.metadata_mangle_rules('0x1'))
66
def _test_spawn_metadata_proxy(self, expected_user, expected_group,
69
router_ns = 'qrouter-%s' % router_id
71
ip_class_path = 'neutron.agent.linux.ip_lib.IPWrapper'
73
cfg.CONF.set_override('metadata_port', metadata_port)
74
cfg.CONF.set_override('metadata_proxy_user', user)
75
cfg.CONF.set_override('metadata_proxy_group', group)
76
cfg.CONF.set_override('log_file', 'test.log')
77
cfg.CONF.set_override('debug', True)
79
driver = metadata_driver.MetadataDriver
80
with contextlib.nested(
81
mock.patch('os.geteuid', return_value=self.EUID),
82
mock.patch('os.getegid', return_value=self.EGID),
83
mock.patch(ip_class_path)) as (geteuid, getegid, ip_mock):
84
driver._spawn_metadata_proxy(router_id, router_ns, cfg.CONF)
85
ip_mock.assert_has_calls([
86
mock.call('sudo', router_ns),
87
mock.call().netns.execute([
88
'neutron-ns-metadata-proxy',
91
'--router_id=%s' % router_id,
93
'--metadata_port=%s' % metadata_port,
94
'--metadata_proxy_user=%s' % expected_user,
95
'--metadata_proxy_group=%s' % expected_group,
98
'--log-file=neutron-ns-metadata-proxy-%s.log' %
103
def test_spawn_metadata_proxy_with_user(self):
104
self._test_spawn_metadata_proxy('user', self.EGID, user='user')
106
def test_spawn_metadata_proxy_with_uid(self):
107
self._test_spawn_metadata_proxy('321', self.EGID, user='321')
109
def test_spawn_metadata_proxy_with_group(self):
110
self._test_spawn_metadata_proxy(self.EUID, 'group', group='group')
112
def test_spawn_metadata_proxy_with_gid(self):
113
self._test_spawn_metadata_proxy(self.EUID, '654', group='654')
115
def test_spawn_metadata_proxy(self):
116
self._test_spawn_metadata_proxy(self.EUID, self.EGID)