Skip to content
Permalink
Browse files
Add security group tests
  • Loading branch information
imduffy15 committed Feb 27, 2014
1 parent ef09d83 commit fdb30a13759b47d14b2143a01a62bd64d833a3a9
Show file tree
Hide file tree
Showing 28 changed files with 718 additions and 96 deletions.
@@ -7,6 +7,7 @@


class Ec2stackError(Exception):

def __init__(self, code, error, message):
self.code = code
self.error = error
@@ -15,9 +15,6 @@ def describe_item(args, keyname, not_found, prefix):


def _describe_specific_item(args, keyname, not_found, prefix):
if args is None:
args = {}

keys = helpers.get_request_parameter_keys(prefix)

response = {}
@@ -43,16 +40,9 @@ def describe_item_request(args, keyname, not_found):

for item in request:
if 'id' in args and args['id'] == item['id']:
print "##### FOUND BY ID"
print item
return item
elif 'name' in args and args['name'] == item['name']:
print "#### FOUND BY NAME"
print item
return item
else:
print "#######"
print "NOT SEARCHING"

return not_found()

@@ -51,9 +51,6 @@ def make_request_async(args, poll_period=2, timeout=3600):
args['command'] = 'queryAsyncJobResult'
args['jobid'] = response[responsekey]['jobid']

time.sleep(poll_period)
timeout = timeout - poll_period

response = make_request(args)

response = response['queryasyncjobresultresponse']
@@ -62,6 +59,8 @@ def make_request_async(args, poll_period=2, timeout=3600):
if job_status in [1, 2]:
return response['jobresult']
elif job_status == 0:
time.sleep(poll_period)
timeout = timeout - poll_period
return make_request_async(args, poll_period=poll_period,
timeout=timeout)
else:
@@ -96,14 +96,16 @@ def _describe_images_response(response):

@helpers.authentication_required
def authenticate_security_group_ingress():
response = _authenticate_security_group_request('ingress')
return _authenticate_security_group_response(response)
rule_type = 'ingress'
response = _authenticate_security_group_request(rule_type)
return _authenticate_security_group_response(response, rule_type)


@helpers.authentication_required
def authenticate_security_group_egress():
response = _authenticate_security_group_request('egress')
return _authenticate_security_group_response(response)
rule_type = 'egress'
response = _authenticate_security_group_request(rule_type)
return _authenticate_security_group_response(response, rule_type)


def _authenticate_security_group_request(rule_type):
@@ -119,7 +121,7 @@ def _authenticate_security_group_request(rule_type):
return response


def _authenticate_security_group_response(response):
def _authenticate_security_group_response(response, rule_type):
if 'errortext' in response:
if 'Failed to authorize security group' in response['errortext']:
cidrlist = str(helpers.get('CidrIp'))
@@ -138,23 +140,30 @@ def _authenticate_security_group_response(response):

errors.invalid_paramater_value(response['errortext'])
else:
if rule_type == 'ingress':
rule_type = 'AuthorizeSecurityGroupIngressResponse'
elif rule_type == 'egress':
rule_type = 'AuthorizeSecurityGroupEgressResponse'

return {
'template_name_or_list': 'status.xml',
'response_type': 'AuthorizeSecurityGroupIngressResponse',
'response_type': rule_type,
'return': 'true'
}


@helpers.authentication_required
def revoke_security_group_ingress():
response = _revoke_security_group_request('ingress')
return _authenticate_security_group_response(response)
rule_type = 'ingress'
response = _revoke_security_group_request(rule_type)
return _revoke_security_group_response(response, rule_type)


@helpers.authentication_required
def revoke_security_group_egress():
response = _revoke_security_group_request('egress')
return _authenticate_security_group_response(response)
rule_type = 'egress'
response = _revoke_security_group_request(rule_type)
return _revoke_security_group_response(response, rule_type)


def _revoke_security_group_request(rule_type):
@@ -174,15 +183,16 @@ def _revoke_security_group_request(rule_type):
return response


def _revoke_security_group_response(response):
if 'errortext' in response:
errors.invalid_paramater_value(response['errortext'])
else:
return {
'template_name_or_list': 'status.xml',
'response_type': 'AuthorizeSecurityGroupIngressResponse',
'return': 'true'
}
def _revoke_security_group_response(response, rule_type):
if rule_type == 'ingress':
rule_type = 'RevokeSecurityGroupIngressResponse'
elif rule_type == 'egress':
rule_type = 'RevokeSecurityGroupEgressResponse'
return {
'template_name_or_list': 'status.xml',
'response_type': rule_type,
'return': 'true'
}


def _find_rule(rule, rule_type):
@@ -224,6 +234,7 @@ def _get_security_group(args):
response = cloudstack.describe_item_request(
args, 'securitygroup', errors.invalid_security_group
)

return response


@@ -240,30 +251,22 @@ def _parse_security_group_request(args=None):
args['securityGroupId'] = helpers.get('GroupId')
args['id'] = helpers.get('GroupId')

if helpers.contains_parameter_with_keyword('IpPermissions'):
raise Ec2stackError(
'400',
'InvalidParameterCombination',
'The parameter \'ipPermissions\' may not'
'be used in combination with \'ipProtocol\''
)
else:
helpers.require_parameters(['IpProtocol'])
helpers.require_parameters(['IpProtocol'])

args['protocol'] = helpers.get('IpProtocol')
args['protocol'] = helpers.get('IpProtocol')

helpers.require_parameters(['FromPort', 'ToPort', 'CidrIp'])
helpers.require_parameters(['FromPort', 'ToPort'])

if args['protocol'] in ['icmp']:
args['icmptype'] = helpers.get('FromPort')
args['icmpcode'] = helpers.get('ToPort')
else:
args['startport'] = helpers.get('FromPort')
args['endport'] = helpers.get('ToPort')
if args['protocol'] in ['icmp']:
args['icmptype'] = helpers.get('FromPort')
args['icmpcode'] = helpers.get('ToPort')
else:
args['startport'] = helpers.get('FromPort')
args['endport'] = helpers.get('ToPort')

if helpers.get('CidrIp') is None:
args['cidrlist'] = '0.0.0.0/0'
else:
args['cidrlist'] = helpers.get('CidrIp')
if helpers.get('CidrIp') is None:
args['cidrlist'] = '0.0.0.0/0'
else:
args['cidrlist'] = helpers.get('CidrIp')

return args
return args
@@ -30,6 +30,29 @@
</item>
{% endfor %}
</ipPermissions>
<ipPermissionsEgress>
{% for rule in securitygroup.egressrule %}
<item>
<ipProtocol>{{ rule.protocol }}</ipProtocol>
{% if rule.startport %}
<fromPort>{{ rule.startport }}</fromPort>
{% elif 'icmptype' in rule %}
<fromPort>{{ rule.icmptype }}</fromPort>
{% endif %}

{% if 'endport' in rule %}
<toPort>{{ rule.endport }}</toPort>
{% elif 'icmpcode' in rule %}
<toPort>{{ rule.icmpcode }}</toPort>
{% endif %}
<ipRanges>
<item>
<cidrIp>{{ rule.cidr }}</cidrIp>
</item>
</ipRanges>
</item>
{% endfor %}
</ipPermissionsEgress>
</item>
{% endfor %}
</securityGroupInfo>
BIN +2.51 MB profile.out
Binary file not shown.
@@ -3,7 +3,7 @@

from unittest import TestCase

import settings
from . import settings
from ec2stack.core import DB
from ec2stack import create_app
from .factories import UserFactory
@@ -15,6 +15,7 @@ class Ec2StackTestCase(TestCase):


class Ec2StackAppTestCase(FlaskTestCaseMixin, Ec2StackTestCase):

def _create_app(self):
return create_app(settings=settings)

@@ -8,6 +8,7 @@


class ControllerTestCase(Ec2StackAppTestCase):

def test_invalid_action(self):
data = self.get_example_data()
data['Action'] = 'InvalidAction'
@@ -161,7 +162,7 @@ def test_bad_request_on_provider_error(self):
data['Signature'] = generate_signature(data, 'POST', 'localhost')

get = mock.Mock()
status_code = get.return_value.status_code = 401
get.return_value.status_code = 401

with mock.patch('requests.get', get):
response = self.post(
@@ -0,0 +1 @@
{ "queryasyncjobresultresponse" : {"accountid":"2edb0c28-95e4-11e3-b2e4-d19c9d3e5e1d","userid":"2edb33ec-95e4-11e3-b2e4-d19c9d3e5e1d","cmd":"org.apache.cloudstack.api.command.user.securitygroup.AuthorizeSecurityGroupEgressCmd","jobstatus":1,"jobprocstatus":0,"jobresultcode":0,"jobresulttype":"object","jobresult":{"securitygroup":{"id":"01104a6a-bd3c-4804-86fd-1ca6231f128d","name":"test5","description":"test5","account":"test","domainid":"2edae3e4-95e4-11e3-b2e4-d19c9d3e5e1d","domain":"ROOT","ingressrule":[],"egressrule":[{"ruleid":"1ff7ed29-d75a-47ad-a82a-da57da8d679e","protocol":"tcp","startport":1000,"endport":1024,"cidr":"0.0.0.0/0"}],"tags":[]}},"created":"2014-02-26T23:22:50+0000","jobid":"c72d64f5-062e-48ca-8ea5-8fe71987673a"} }
@@ -0,0 +1 @@
{ "queryasyncjobresultresponse" : {"accountid":"2edb0c28-95e4-11e3-b2e4-d19c9d3e5e1d","userid":"2edb33ec-95e4-11e3-b2e4-d19c9d3e5e1d","cmd":"org.apache.cloudstack.api.command.user.securitygroup.AuthorizeSecurityGroupIngressCmd","jobstatus":1,"jobprocstatus":0,"jobresultcode":0,"jobresulttype":"object","jobresult":{"securitygroup":{"id":"01104a6a-bd3c-4804-86fd-1ca6231f128d","name":"test5","description":"test5","account":"test","domainid":"2edae3e4-95e4-11e3-b2e4-d19c9d3e5e1d","domain":"ROOT","ingressrule":[{"ruleid":"739f53a3-ce50-4790-a86d-1051f77dd3d2","protocol":"tcp","startport":1000,"endport":1024,"cidr":"0.0.0.0/0"}],"egressrule":[],"tags":[]}},"created":"2014-02-26T23:05:55+0000","jobid":"ed5d7cc6-776a-4fda-b4c4-b71421b56c82"} }
@@ -0,0 +1 @@
{ "queryasyncjobresultresponse" : {"accountid":"2edb0c28-95e4-11e3-b2e4-d19c9d3e5e1d","userid":"2edb33ec-95e4-11e3-b2e4-d19c9d3e5e1d","cmd":"org.apache.cloudstack.api.command.user.securitygroup.AuthorizeSecurityGroupEgressCmd","jobstatus":2,"jobprocstatus":0,"jobresultcode":530,"jobresulttype":"object","jobresult":{"errorcode":530,"errortext":"Failed to authorize security group egress rule(s)"},"created":"2014-02-26T23:23:37+0000","jobid":"44f44afd-b6dd-4205-9d81-7251bf49326e"} }
@@ -0,0 +1 @@
{ "queryasyncjobresultresponse" : {"accountid":"2edb0c28-95e4-11e3-b2e4-d19c9d3e5e1d","userid":"2edb33ec-95e4-11e3-b2e4-d19c9d3e5e1d","cmd":"org.apache.cloudstack.api.command.user.securitygroup.AuthorizeSecurityGroupIngressCmd","jobstatus":2,"jobprocstatus":0,"jobresultcode":530,"jobresulttype":"object","jobresult":{"errorcode":530,"errortext":"Failed to authorize security group ingress rule(s)"},"created":"2014-02-26T23:07:47+0000","jobid":"342882ec-fdfa-44fa-9ea0-b14b0285b875"} }
@@ -0,0 +1,5 @@
{
"listsecuritygroupsresponse": {
"securitygroup": {}
}
}
@@ -0,0 +1 @@
{ "queryasyncjobresultresponse" : {"accountid":"2edb0c28-95e4-11e3-b2e4-d19c9d3e5e1d","userid":"2edb33ec-95e4-11e3-b2e4-d19c9d3e5e1d","cmd":"org.apache.cloudstack.api.command.user.securitygroup.AuthorizeSecurityGroupEgressCmd","jobstatus":2,"jobprocstatus":0,"jobresultcode":530,"jobresulttype":"object","jobresult":{"errorcode":530,"errortext":"Invalid port numbers 1000:99999"},"created":"2014-02-26T23:34:47+0000","jobid":"b9f4f55d-bfe4-40e3-9268-c24830b022c8"} }
@@ -0,0 +1 @@
{ "queryasyncjobresultresponse" : {"accountid":"2edb0c28-95e4-11e3-b2e4-d19c9d3e5e1d","userid":"2edb33ec-95e4-11e3-b2e4-d19c9d3e5e1d","cmd":"org.apache.cloudstack.api.command.user.securitygroup.AuthorizeSecurityGroupIngressCmd","jobstatus":2,"jobprocstatus":0,"jobresultcode":530,"jobresulttype":"object","jobresult":{"errorcode":530,"errortext":"Invalid port numbers 1000:99999"},"created":"2014-02-26T23:34:47+0000","jobid":"b9f4f55d-bfe4-40e3-9268-c24830b022c8"} }
@@ -0,0 +1,7 @@
{
"authorizesecuritygroupingressresponse": {
"errorcode": 431,
"uuidlist": [],
"errortext": "Unable to find security group 3b637c2e-b0a8-40ae-a7a3-cccccccccccccc for account id=451"
}
}
@@ -0,0 +1,16 @@
{
"queryasyncjobresultresponse": {
"jobprocstatus": 0,
"created": "2014-02-27T01:13:47+0100",
"cmd": "com.cloud.api.commands.RevokeSecurityGroupEgressCmd",
"userid": "c0315f92-d5d9-4685-b5c2-a2980b625f98",
"jobstatus": 1,
"jobid": "de9d555c-f183-4304-9de1-5aec7f99460d",
"jobresultcode": 0,
"jobresulttype": "object",
"jobresult": {
"success": true
},
"accountid": "a6f3f83f-fc5c-4a08-91fa-a4181af5c122"
}
}
@@ -0,0 +1,16 @@
{
"queryasyncjobresultresponse": {
"jobprocstatus": 0,
"created": "2014-02-27T01:13:47+0100",
"cmd": "com.cloud.api.commands.RevokeSecurityGroupIngressCmd",
"userid": "c0315f92-d5d9-4685-b5c2-a2980b625f98",
"jobstatus": 1,
"jobid": "de9d555c-f183-4304-9de1-5aec7f99460d",
"jobresultcode": 0,
"jobresulttype": "object",
"jobresult": {
"success": true
},
"accountid": "a6f3f83f-fc5c-4a08-91fa-a4181af5c122"
}
}
@@ -0,0 +1,27 @@
{
"egressrule": [
{
"protocol": "icmp",
"cidr": "192.168.0.0/24",
"icmpcode": -1,
"icmptype": -1,
"ruleid": "c2e446a1-3778-40cf-a5ff-50ec66a395b6"
}
],
"account": "example-account",
"domainid": "66d69e46-a95b-437b-ac6c-bcaa5331999d",
"description": "test",
"tags": [],
"domain": "example-domain",
"ingressrule": [
{
"protocol": "tcp",
"cidr": "192.168.0.0/24",
"startport": 1000,
"endport": 1024,
"ruleid": "c2e446a1-3778-40cf-a5ff-50ec66a395b6"
}
],
"id": "7ae5b92f-3a0d-4977-bc33-f1aaecee5776",
"name": "test"
}
@@ -0,0 +1,27 @@
{
"egressrule": [
{
"protocol": "icmp",
"cidr": "192.168.0.0/24",
"icmpcode": -1,
"icmptype": -1,
"ruleid": "c2e446a1-3778-40cf-a5ff-50ec66a395b6"
}
],
"account": "example-account",
"domainid": "66d69e46-a95b-437b-ac6c-bcaa5331999d",
"description": "test",
"tags": [],
"domain": "example-domain",
"ingressrule": [
{
"protocol": "tcp",
"cidr": "192.168.0.0/24",
"startport": 1000,
"endport": 1024,
"ruleid": "c2e446a1-3778-40cf-a5ff-50ec66a395b6"
}
],
"id": "7ae5b92f-3a0d-4977-bc33-f1aaecee5776",
"name": "test"
}

0 comments on commit fdb30a1

Please sign in to comment.