| author | Drew Fisher <drew.fisher@oracle.com> |
| Wed, 11 Jun 2014 17:13:12 -0700 | |
| changeset 1944 | 56ac2df1785b |
| permissions | -rw-r--r-- |
|
1944
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
1 |
This upstream patch addresses CVE-2014-0187 and is tracked under |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
2 |
Launchpad bug 1300785. It is addressed in Icehouse 2014.1.2 and Havana |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
3 |
2013.2.4. |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
4 |
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
5 |
commit 03eed8cd34cd4fb043c11fc99f6bb0b4fbd5728d |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
6 |
Author: marios <[email protected]> |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
7 |
Date: Fri Nov 29 18:23:54 2013 +0200 |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
8 |
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
9 |
Validate CIDR given as ip-prefix in security-group-rule-create |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
10 |
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
11 |
There was no validation for the provided ip prefix. This just adds |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
12 |
a simple parse using netaddr and explodes with appropriate message. |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
13 |
Also makes sure ip prefix _is_ cidr (192.168.1.1-->192.168.1.1/32). |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
14 |
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
15 |
Validation occurs at the attribute level (API model) as well as at |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
16 |
the db level, where the ethertype is validated against the ip_prefix |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
17 |
address type. |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
18 |
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
19 |
Unit test cases added - bad prefix, unmasked prefix and incorrect |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
20 |
ethertype. Also adds attribute test cases for the added |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
21 |
convert_ip_prefix_to_cidr method |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
22 |
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
23 |
Closes-Bug: 1255338 |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
24 |
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
25 |
Conflicts: |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
26 |
neutron/tests/unit/test_security_groups_rpc.py |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
27 |
neutron/tests/unit/test_extension_security_group.py |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
28 |
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
29 |
Change-Id: I71fb8c887963a122a5bd8cfdda800026c1cd3954 |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
30 |
(cherry picked from commit 65aa92b0348b7ab8413f359b00825610cdf66607) |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
31 |
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
32 |
diff --git a/neutron/common/exceptions.py b/neutron/common/exceptions.py |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
33 |
index 88fa6e4..80a75d1 100644 |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
34 |
--- a/neutron/common/exceptions.py |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
35 |
+++ b/neutron/common/exceptions.py |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
36 |
@@ -306,3 +306,7 @@ class NetworkVxlanPortRangeError(object): |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
37 |
class DeviceIDNotOwnedByTenant(Conflict): |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
38 |
message = _("The following device_id %(device_id)s is not owned by your "
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
39 |
"tenant or matches another tenants router.") |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
40 |
+ |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
41 |
+ |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
42 |
+class InvalidCIDR(BadRequest): |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
43 |
+ message = _("Invalid CIDR %(input)s given as IP prefix")
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
44 |
diff --git a/neutron/db/securitygroups_db.py b/neutron/db/securitygroups_db.py |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
45 |
index 2a7d2ef..8868546 100644 |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
46 |
--- a/neutron/db/securitygroups_db.py |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
47 |
+++ b/neutron/db/securitygroups_db.py |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
48 |
@@ -16,6 +16,7 @@ |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
49 |
# |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
50 |
# @author: Aaron Rosen, Nicira, Inc |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
51 |
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
52 |
+import netaddr |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
53 |
import sqlalchemy as sa |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
54 |
from sqlalchemy import orm |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
55 |
from sqlalchemy.orm import exc |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
56 |
@@ -331,6 +332,7 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase): |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
57 |
new_rules.add(rule['security_group_id']) |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
58 |
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
59 |
self._validate_port_range(rule) |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
60 |
+ self._validate_ip_prefix(rule) |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
61 |
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
62 |
if rule['remote_ip_prefix'] and rule['remote_group_id']: |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
63 |
raise ext_sg.SecurityGroupRemoteGroupAndRemoteIpPrefix() |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
64 |
@@ -411,6 +413,24 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase): |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
65 |
if (i['security_group_rule'] == db_rule): |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
66 |
raise ext_sg.SecurityGroupRuleExists(id=id) |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
67 |
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
68 |
+ def _validate_ip_prefix(self, rule): |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
69 |
+ """Check that a valid cidr was specified as remote_ip_prefix |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
70 |
+ |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
71 |
+ No need to check that it is in fact an IP address as this is already |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
72 |
+ validated by attribute validators. |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
73 |
+ Check that rule ethertype is consistent with remote_ip_prefix ip type. |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
74 |
+ Add mask to ip_prefix if absent (192.168.1.10 -> 192.168.1.10/32). |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
75 |
+ """ |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
76 |
+ input_prefix = rule['remote_ip_prefix'] |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
77 |
+ if input_prefix: |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
78 |
+ addr = netaddr.IPNetwork(input_prefix) |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
79 |
+ # set input_prefix to always include the netmask: |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
80 |
+ rule['remote_ip_prefix'] = str(addr) |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
81 |
+ # check consistency of ethertype with addr version |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
82 |
+ if rule['ethertype'] != "IPv%d" % (addr.version): |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
83 |
+ raise ext_sg.SecurityGroupRuleParameterConflict( |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
84 |
+ ethertype=rule['ethertype'], cidr=input_prefix) |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
85 |
+ |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
86 |
def get_security_group_rules(self, context, filters=None, fields=None, |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
87 |
sorts=None, limit=None, marker=None, |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
88 |
page_reverse=False): |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
89 |
diff --git a/neutron/extensions/securitygroup.py b/neutron/extensions/securitygroup.py |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
90 |
index 85d499a..3d10b5a 100644 |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
91 |
--- a/neutron/extensions/securitygroup.py |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
92 |
+++ b/neutron/extensions/securitygroup.py |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
93 |
@@ -17,6 +17,7 @@ |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
94 |
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
95 |
from abc import ABCMeta |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
96 |
from abc import abstractmethod |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
97 |
+import netaddr |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
98 |
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
99 |
from oslo.config import cfg |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
100 |
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
101 |
@@ -102,6 +103,10 @@ class SecurityGroupRuleExists(qexception.InUse): |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
102 |
message = _("Security group rule already exists. Group id is %(id)s.")
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
103 |
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
104 |
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
105 |
+class SecurityGroupRuleParameterConflict(qexception.InvalidInput): |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
106 |
+ message = _("Conflicting value ethertype %(ethertype)s for CIDR %(cidr)s")
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
107 |
+ |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
108 |
+ |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
109 |
def convert_protocol(value): |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
110 |
if value is None: |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
111 |
return |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
112 |
@@ -152,6 +157,16 @@ def convert_to_uuid_list_or_none(value_list): |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
113 |
return value_list |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
114 |
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
115 |
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
116 |
+def convert_ip_prefix_to_cidr(ip_prefix): |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
117 |
+ if not ip_prefix: |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
118 |
+ return |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
119 |
+ try: |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
120 |
+ cidr = netaddr.IPNetwork(ip_prefix) |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
121 |
+ return str(cidr) |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
122 |
+ except (TypeError, netaddr.AddrFormatError): |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
123 |
+ raise qexception.InvalidCIDR(input=ip_prefix) |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
124 |
+ |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
125 |
+ |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
126 |
def _validate_name_not_default(data, valid_values=None): |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
127 |
if data == "default": |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
128 |
raise SecurityGroupDefaultAlreadyExists() |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
129 |
@@ -207,7 +222,8 @@ RESOURCE_ATTRIBUTE_MAP = {
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
130 |
'convert_to': convert_ethertype_to_case_insensitive, |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
131 |
'validate': {'type:values': sg_supported_ethertypes}},
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
132 |
'remote_ip_prefix': {'allow_post': True, 'allow_put': False,
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
133 |
- 'default': None, 'is_visible': True}, |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
134 |
+ 'default': None, 'is_visible': True, |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
135 |
+ 'convert_to': convert_ip_prefix_to_cidr}, |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
136 |
'tenant_id': {'allow_post': True, 'allow_put': False,
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
137 |
'required_by_policy': True, |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
138 |
'is_visible': True}, |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
139 |
diff --git a/neutron/tests/unit/test_extension_security_group.py b/neutron/tests/unit/test_extension_security_group.py |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
140 |
index d53e140..f0b1636 100644 |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
141 |
--- a/neutron/tests/unit/test_extension_security_group.py |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
142 |
+++ b/neutron/tests/unit/test_extension_security_group.py |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
143 |
@@ -21,11 +21,13 @@ import webob.exc |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
144 |
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
145 |
from neutron.api.v2 import attributes as attr |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
146 |
from neutron.common import constants as const |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
147 |
+from neutron.common import exceptions as n_exc |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
148 |
from neutron.common.test_lib import test_config |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
149 |
from neutron import context |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
150 |
from neutron.db import db_base_plugin_v2 |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
151 |
from neutron.db import securitygroups_db |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
152 |
from neutron.extensions import securitygroup as ext_sg |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
153 |
+from neutron.tests import base |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
154 |
from neutron.tests.unit import test_db_plugin |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
155 |
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
156 |
DB_PLUGIN_KLASS = ('neutron.tests.unit.test_extension_security_group.'
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
157 |
@@ -413,6 +415,70 @@ class TestSecurityGroups(SecurityGroupDBTestCase): |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
158 |
self.deserialize(self.fmt, res) |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
159 |
self.assertEqual(res.status_int, webob.exc.HTTPBadRequest.code) |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
160 |
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
161 |
+ def test_create_security_group_rule_invalid_ip_prefix(self): |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
162 |
+ name = 'webservers' |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
163 |
+ description = 'my webservers' |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
164 |
+ for bad_prefix in ['bad_ip', 256, "2001:db8:a::123/129", '172.30./24']: |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
165 |
+ with self.security_group(name, description) as sg: |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
166 |
+ sg_id = sg['security_group']['id'] |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
167 |
+ remote_ip_prefix = bad_prefix |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
168 |
+ rule = self._build_security_group_rule( |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
169 |
+ sg_id, |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
170 |
+ 'ingress', |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
171 |
+ const.PROTO_NAME_TCP, |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
172 |
+ '22', '22', |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
173 |
+ remote_ip_prefix) |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
174 |
+ res = self._create_security_group_rule(self.fmt, rule) |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
175 |
+ self.assertEqual(res.status_int, webob.exc.HTTPBadRequest.code) |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
176 |
+ |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
177 |
+ def test_create_security_group_rule_invalid_ethertype_for_prefix(self): |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
178 |
+ name = 'webservers' |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
179 |
+ description = 'my webservers' |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
180 |
+ test_addr = {'192.168.1.1/24': 'ipv4', '192.168.1.1/24': 'IPv6',
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
181 |
+ '2001:db8:1234::/48': 'ipv6', |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
182 |
+ '2001:db8:1234::/48': 'IPv4'} |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
183 |
+ for prefix, ether in test_addr.iteritems(): |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
184 |
+ with self.security_group(name, description) as sg: |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
185 |
+ sg_id = sg['security_group']['id'] |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
186 |
+ ethertype = ether |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
187 |
+ remote_ip_prefix = prefix |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
188 |
+ rule = self._build_security_group_rule( |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
189 |
+ sg_id, |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
190 |
+ 'ingress', |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
191 |
+ const.PROTO_NAME_TCP, |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
192 |
+ '22', '22', |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
193 |
+ remote_ip_prefix, |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
194 |
+ None, |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
195 |
+ None, |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
196 |
+ ethertype) |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
197 |
+ res = self._create_security_group_rule(self.fmt, rule) |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
198 |
+ self.assertEqual(res.status_int, webob.exc.HTTPBadRequest.code) |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
199 |
+ |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
200 |
+ def test_create_security_group_rule_with_unmasked_prefix(self): |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
201 |
+ name = 'webservers' |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
202 |
+ description = 'my webservers' |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
203 |
+ addr = {'10.1.2.3': {'mask': '32', 'ethertype': 'IPv4'},
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
204 |
+ 'fe80::2677:3ff:fe7d:4c': {'mask': '128', 'ethertype': 'IPv6'}}
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
205 |
+ for ip in addr: |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
206 |
+ with self.security_group(name, description) as sg: |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
207 |
+ sg_id = sg['security_group']['id'] |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
208 |
+ ethertype = addr[ip]['ethertype'] |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
209 |
+ remote_ip_prefix = ip |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
210 |
+ rule = self._build_security_group_rule( |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
211 |
+ sg_id, |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
212 |
+ 'ingress', |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
213 |
+ const.PROTO_NAME_TCP, |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
214 |
+ '22', '22', |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
215 |
+ remote_ip_prefix, |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
216 |
+ None, |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
217 |
+ None, |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
218 |
+ ethertype) |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
219 |
+ res = self._create_security_group_rule(self.fmt, rule) |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
220 |
+ self.assertEqual(res.status_int, 201) |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
221 |
+ res_sg = self.deserialize(self.fmt, res) |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
222 |
+ prefix = res_sg['security_group_rule']['remote_ip_prefix'] |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
223 |
+ self.assertEqual(prefix, '%s/%s' % (ip, addr[ip]['mask'])) |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
224 |
+ |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
225 |
def test_create_security_group_rule_tcp_protocol_as_number(self): |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
226 |
name = 'webservers' |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
227 |
description = 'my webservers' |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
228 |
@@ -1348,5 +1414,25 @@ class TestSecurityGroups(SecurityGroupDBTestCase): |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
229 |
self.assertEqual(res.status_int, webob.exc.HTTPBadRequest.code) |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
230 |
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
231 |
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
232 |
+class TestConvertIPPrefixToCIDR(base.BaseTestCase): |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
233 |
+ |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
234 |
+ def test_convert_bad_ip_prefix_to_cidr(self): |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
235 |
+ for val in ['bad_ip', 256, "2001:db8:a::123/129"]: |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
236 |
+ self.assertRaises(n_exc.InvalidCIDR, |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
237 |
+ ext_sg.convert_ip_prefix_to_cidr, val) |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
238 |
+ self.assertIsNone(ext_sg.convert_ip_prefix_to_cidr(None)) |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
239 |
+ |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
240 |
+ def test_convert_ip_prefix_no_netmask_to_cidr(self): |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
241 |
+ addr = {'10.1.2.3': '32', 'fe80::2677:3ff:fe7d:4c': '128'}
|
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
242 |
+ for k, v in addr.iteritems(): |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
243 |
+ self.assertEqual(ext_sg.convert_ip_prefix_to_cidr(k), |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
244 |
+ '%s/%s' % (k, v)) |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
245 |
+ |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
246 |
+ def test_convert_ip_prefix_with_netmask_to_cidr(self): |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
247 |
+ addresses = ['10.1.0.0/16', '10.1.2.3/32', '2001:db8:1234::/48'] |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
248 |
+ for addr in addresses: |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
249 |
+ self.assertEqual(ext_sg.convert_ip_prefix_to_cidr(addr), addr) |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
250 |
+ |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
251 |
+ |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
252 |
class TestSecurityGroupsXML(TestSecurityGroups): |
|
56ac2df1785b
PSARC/2014/207 OpenStack Glance Update to Havana
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
253 |
fmt = 'xml' |