[snaps.git] / snaps / openstack / tests / create_security_group_tests.py

# Copyright (c) 2017 Cable Television Laboratories, Inc. ("CableLabs")
#                    and others.  All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at:
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import unittest
import uuid

from snaps.openstack import create_security_group
from snaps.openstack.create_security_group import (
    SecurityGroupSettings, SecurityGroupRuleSettings, Direction, Ethertype,
    Protocol, SecurityGroupRuleSettingsError, SecurityGroupSettingsError)
from snaps.openstack.tests import validation_utils
from snaps.openstack.tests.os_source_file_test import OSIntegrationTestCase
from snaps.openstack.utils import neutron_utils

__author__ = 'spisarski'


class SecurityGroupRuleSettingsUnitTests(unittest.TestCase):
    """
    Tests the construction of the SecurityGroupRuleSettings class
    """

    def test_no_params(self):
        with self.assertRaises(SecurityGroupRuleSettingsError):
            SecurityGroupRuleSettings()

    def test_empty_config(self):
        with self.assertRaises(SecurityGroupRuleSettingsError):
            SecurityGroupRuleSettings(**dict())

    def test_name_only(self):
        with self.assertRaises(SecurityGroupRuleSettingsError):
            SecurityGroupRuleSettings(sec_grp_name='foo')

    def test_config_with_name_only(self):
        with self.assertRaises(SecurityGroupRuleSettingsError):
            SecurityGroupRuleSettings(**{'sec_grp_name': 'foo'})

    def test_name_and_direction(self):
        settings = SecurityGroupRuleSettings(sec_grp_name='foo',
                                             direction=Direction.ingress)
        self.assertEqual('foo', settings.sec_grp_name)
        self.assertEqual(Direction.ingress, settings.direction)

    def test_config_name_and_direction(self):
        settings = SecurityGroupRuleSettings(
            **{'sec_grp_name': 'foo', 'direction': 'ingress'})
        self.assertEqual('foo', settings.sec_grp_name)
        self.assertEqual(Direction.ingress, settings.direction)

    def test_all(self):
        settings = SecurityGroupRuleSettings(
            sec_grp_name='foo', description='fubar',
            direction=Direction.egress, remote_group_id='rgi',
            protocol=Protocol.icmp, ethertype=Ethertype.IPv6, port_range_min=1,
            port_range_max=2,
            remote_ip_prefix='prfx')
        self.assertEqual('foo', settings.sec_grp_name)
        self.assertEqual('fubar', settings.description)
        self.assertEqual(Direction.egress, settings.direction)
        self.assertEqual('rgi', settings.remote_group_id)
        self.assertEqual(Protocol.icmp, settings.protocol)
        self.assertEqual(Ethertype.IPv6, settings.ethertype)
        self.assertEqual(1, settings.port_range_min)
        self.assertEqual(2, settings.port_range_max)
        self.assertEqual('prfx', settings.remote_ip_prefix)

    def test_config_all(self):
        settings = SecurityGroupRuleSettings(
            **{'sec_grp_name': 'foo',
               'description': 'fubar',
               'direction': 'egress',
               'remote_group_id': 'rgi',
               'protocol': 'tcp',
               'ethertype': 'IPv6',
               'port_range_min': 1,
               'port_range_max': 2,
               'remote_ip_prefix': 'prfx'})
        self.assertEqual('foo', settings.sec_grp_name)
        self.assertEqual('fubar', settings.description)
        self.assertEqual(Direction.egress, settings.direction)
        self.assertEqual('rgi', settings.remote_group_id)
        self.assertEqual(Protocol.tcp, settings.protocol)
        self.assertEqual(Ethertype.IPv6, settings.ethertype)
        self.assertEqual(1, settings.port_range_min)
        self.assertEqual(2, settings.port_range_max)
        self.assertEqual('prfx', settings.remote_ip_prefix)


class SecurityGroupSettingsUnitTests(unittest.TestCase):
    """
    Tests the construction of the SecurityGroupSettings class
    """

    def test_no_params(self):
        with self.assertRaises(SecurityGroupSettingsError):
            SecurityGroupSettings()

    def test_empty_config(self):
        with self.assertRaises(SecurityGroupSettingsError):
            SecurityGroupSettings(**dict())

    def test_name_only(self):
        settings = SecurityGroupSettings(name='foo')
        self.assertEqual('foo', settings.name)

    def test_config_with_name_only(self):
        settings = SecurityGroupSettings(**{'name': 'foo'})
        self.assertEqual('foo', settings.name)

    def test_invalid_rule(self):
        rule_setting = SecurityGroupRuleSettings(sec_grp_name='bar',
                                                 direction=Direction.ingress)
        with self.assertRaises(SecurityGroupSettingsError):
            SecurityGroupSettings(name='foo', rule_settings=[rule_setting])

    def test_all(self):
        rule_settings = list()
        rule_settings.append(SecurityGroupRuleSettings(
            sec_grp_name='bar', direction=Direction.egress))
        rule_settings.append(SecurityGroupRuleSettings(
            sec_grp_name='bar', direction=Direction.ingress))
        settings = SecurityGroupSettings(
            name='bar', description='fubar', project_name='foo',
            rule_settings=rule_settings)

        self.assertEqual('bar', settings.name)
        self.assertEqual('fubar', settings.description)
        self.assertEqual('foo', settings.project_name)
        self.assertEqual(rule_settings[0], settings.rule_settings[0])
        self.assertEqual(rule_settings[1], settings.rule_settings[1])

    def test_config_all(self):
        settings = SecurityGroupSettings(
            **{'name': 'bar',
               'description': 'fubar',
               'project_name': 'foo',
               'rules': [
                   {'sec_grp_name': 'bar', 'direction': 'ingress'}]})

        self.assertEqual('bar', settings.name)
        self.assertEqual('fubar', settings.description)
        self.assertEqual('foo', settings.project_name)
        self.assertEqual(1, len(settings.rule_settings))
        self.assertEqual('bar', settings.rule_settings[0].sec_grp_name)
        self.assertEqual(Direction.ingress,
                         settings.rule_settings[0].direction)


class CreateSecurityGroupTests(OSIntegrationTestCase):
    """
    Test for the CreateSecurityGroup class defined in create_security_group.py
    """

    def setUp(self):
        """
        Instantiates the CreateSecurityGroup object that is responsible for
        downloading and creating an OS image file within OpenStack
        """
        super(self.__class__, self).__start__()

        guid = self.__class__.__name__ + '-' + str(uuid.uuid4())
        self.sec_grp_name = guid + 'name'
        self.neutron = neutron_utils.neutron_client(self.os_creds)

        # Initialize for cleanup
        self.sec_grp_creator = None

    def tearDown(self):
        """
        Cleans the image and downloaded image file
        """
        if self.sec_grp_creator:
            self.sec_grp_creator.clean()

        super(self.__class__, self).__clean__()

    def test_create_group_without_rules(self):
        """
        Tests the creation of an OpenStack Security Group without custom rules.
        """
        # Create Image
        sec_grp_settings = SecurityGroupSettings(name=self.sec_grp_name,
                                                 description='hello group')
        self.sec_grp_creator = create_security_group.OpenStackSecurityGroup(
            self.os_creds, sec_grp_settings)
        self.sec_grp_creator.create()

        sec_grp = neutron_utils.get_security_group(self.neutron,
                                                   self.sec_grp_name)
        self.assertIsNotNone(sec_grp)

        validation_utils.objects_equivalent(
            self.sec_grp_creator.get_security_group(), sec_grp)
        rules = neutron_utils.get_rules_by_security_group(
            self.neutron, self.sec_grp_creator.get_security_group())
        self.assertEqual(len(self.sec_grp_creator.get_rules()), len(rules))
        validation_utils.objects_equivalent(self.sec_grp_creator.get_rules(),
                                            rules)

    def test_create_group_admin_user_to_new_project(self):
        """
        Tests the creation of an OpenStack Security Group without custom rules.
        """
        # Create Image
        sec_grp_settings = SecurityGroupSettings(
            name=self.sec_grp_name, description='hello group',
            project_name=self.admin_os_creds.project_name)
        self.sec_grp_creator = create_security_group.OpenStackSecurityGroup(
            self.os_creds, sec_grp_settings)
        self.sec_grp_creator.create()

        sec_grp = neutron_utils.get_security_group(self.neutron,
                                                   self.sec_grp_name)
        self.assertIsNotNone(sec_grp)

        validation_utils.objects_equivalent(
            self.sec_grp_creator.get_security_group(), sec_grp)
        rules = neutron_utils.get_rules_by_security_group(
            self.neutron, self.sec_grp_creator.get_security_group())
        self.assertEqual(len(self.sec_grp_creator.get_rules()), len(rules))
        validation_utils.objects_equivalent(self.sec_grp_creator.get_rules(),
                                            rules)

    def test_create_group_new_user_to_admin_project(self):
        """
        Tests the creation of an OpenStack Security Group without custom rules.
        """
        # Create Image
        sec_grp_settings = SecurityGroupSettings(
            name=self.sec_grp_name, description='hello group',
            project_name=self.os_creds.project_name)
        self.sec_grp_creator = create_security_group.OpenStackSecurityGroup(
            self.admin_os_creds, sec_grp_settings)
        self.sec_grp_creator.create()

        sec_grp = neutron_utils.get_security_group(self.neutron,
                                                   self.sec_grp_name)
        self.assertIsNotNone(sec_grp)

        validation_utils.objects_equivalent(
            self.sec_grp_creator.get_security_group(), sec_grp)
        rules = neutron_utils.get_rules_by_security_group(
            self.neutron, self.sec_grp_creator.get_security_group())
        self.assertEqual(len(self.sec_grp_creator.get_rules()), len(rules))
        validation_utils.objects_equivalent(self.sec_grp_creator.get_rules(),
                                            rules)

    def test_create_delete_group(self):
        """
        Tests the creation of an OpenStack Security Group without custom rules.
        """
        # Create Image
        sec_grp_settings = SecurityGroupSettings(name=self.sec_grp_name,
                                                 description='hello group')
        self.sec_grp_creator = create_security_group.OpenStackSecurityGroup(
            self.os_creds, sec_grp_settings)
        created_sec_grp = self.sec_grp_creator.create()
        self.assertIsNotNone(created_sec_grp)

        neutron_utils.delete_security_group(self.neutron, created_sec_grp)
        self.assertIsNone(neutron_utils.get_security_group(
            self.neutron, self.sec_grp_creator.sec_grp_settings.name))

        self.sec_grp_creator.clean()

    def test_create_group_with_one_simple_rule(self):
        """
        Tests the creation of an OpenStack Security Group with one simple
        custom rule.
        """
        # Create Image
        sec_grp_rule_settings = list()
        sec_grp_rule_settings.append(
            SecurityGroupRuleSettings(sec_grp_name=self.sec_grp_name,
                                      direction=Direction.ingress))
        sec_grp_settings = SecurityGroupSettings(
            name=self.sec_grp_name, description='hello group',
            rule_settings=sec_grp_rule_settings)
        self.sec_grp_creator = create_security_group.OpenStackSecurityGroup(
            self.os_creds, sec_grp_settings)
        self.sec_grp_creator.create()

        sec_grp = neutron_utils.get_security_group(self.neutron,
                                                   self.sec_grp_name)
        validation_utils.objects_equivalent(
            self.sec_grp_creator.get_security_group(), sec_grp)
        rules = neutron_utils.get_rules_by_security_group(
            self.neutron, self.sec_grp_creator.get_security_group())
        self.assertEqual(len(self.sec_grp_creator.get_rules()), len(rules))
        validation_utils.objects_equivalent(self.sec_grp_creator.get_rules(),
                                            rules)

    def test_create_group_with_several_rules(self):
        """
        Tests the creation of an OpenStack Security Group with one simple
        custom rule.
        """
        # Create Image
        sec_grp_rule_settings = list()
        sec_grp_rule_settings.append(
            SecurityGroupRuleSettings(sec_grp_name=self.sec_grp_name,
                                      direction=Direction.ingress))
        sec_grp_rule_settings.append(
            SecurityGroupRuleSettings(sec_grp_name=self.sec_grp_name,
                                      direction=Direction.egress,
                                      protocol=Protocol.udp,
                                      ethertype=Ethertype.IPv6))
        sec_grp_rule_settings.append(
            SecurityGroupRuleSettings(sec_grp_name=self.sec_grp_name,
                                      direction=Direction.egress,
                                      protocol=Protocol.udp,
                                      ethertype=Ethertype.IPv4,
                                      port_range_min=10,
                                      port_range_max=20))
        sec_grp_settings = SecurityGroupSettings(
            name=self.sec_grp_name, description='hello group',
            rule_settings=sec_grp_rule_settings)
        self.sec_grp_creator = create_security_group.OpenStackSecurityGroup(
            self.os_creds, sec_grp_settings)
        self.sec_grp_creator.create()

        sec_grp = neutron_utils.get_security_group(self.neutron,
                                                   self.sec_grp_name)
        validation_utils.objects_equivalent(
            self.sec_grp_creator.get_security_group(), sec_grp)
        rules = neutron_utils.get_rules_by_security_group(
            self.neutron, self.sec_grp_creator.get_security_group())
        self.assertEqual(len(self.sec_grp_creator.get_rules()), len(rules))
        validation_utils.objects_equivalent(self.sec_grp_creator.get_rules(),
                                            rules)

    def test_add_rule(self):
        """
        Tests the creation of an OpenStack Security Group with one simple
        custom rule then adds one after creation.
        """
        # Create Image
        sec_grp_rule_settings = list()
        sec_grp_rule_settings.append(
            SecurityGroupRuleSettings(sec_grp_name=self.sec_grp_name,
                                      direction=Direction.ingress))
        sec_grp_settings = SecurityGroupSettings(
            name=self.sec_grp_name, description='hello group',
            rule_settings=sec_grp_rule_settings)
        self.sec_grp_creator = create_security_group.OpenStackSecurityGroup(
            self.os_creds, sec_grp_settings)
        self.sec_grp_creator.create()

        sec_grp = neutron_utils.get_security_group(self.neutron,
                                                   self.sec_grp_name)
        validation_utils.objects_equivalent(
            self.sec_grp_creator.get_security_group(), sec_grp)
        rules = neutron_utils.get_rules_by_security_group(
            self.neutron, self.sec_grp_creator.get_security_group())
        self.assertEqual(len(self.sec_grp_creator.get_rules()), len(rules))
        validation_utils.objects_equivalent(self.sec_grp_creator.get_rules(),
                                            rules)

        self.sec_grp_creator.add_rule(SecurityGroupRuleSettings(
            sec_grp_name=self.sec_grp_creator.sec_grp_settings.name,
            direction=Direction.egress, protocol=Protocol.icmp))
        rules2 = neutron_utils.get_rules_by_security_group(
            self.neutron, self.sec_grp_creator.get_security_group())
        self.assertEqual(len(rules) + 1, len(rules2))

    def test_remove_rule_by_id(self):
        """
        Tests the creation of an OpenStack Security Group with two simple
        custom rules then removes one by the rule ID.
        """
        # Create Image
        sec_grp_rule_settings = list()
        sec_grp_rule_settings.append(
            SecurityGroupRuleSettings(sec_grp_name=self.sec_grp_name,
                                      direction=Direction.ingress))
        sec_grp_rule_settings.append(
            SecurityGroupRuleSettings(sec_grp_name=self.sec_grp_name,
                                      direction=Direction.egress,
                                      protocol=Protocol.udp,
                                      ethertype=Ethertype.IPv6))
        sec_grp_rule_settings.append(
            SecurityGroupRuleSettings(sec_grp_name=self.sec_grp_name,
                                      direction=Direction.egress,
                                      protocol=Protocol.udp,
                                      ethertype=Ethertype.IPv4,
                                      port_range_min=10,
                                      port_range_max=20))
        sec_grp_settings = SecurityGroupSettings(
            name=self.sec_grp_name, description='hello group',
            rule_settings=sec_grp_rule_settings)
        self.sec_grp_creator = create_security_group.OpenStackSecurityGroup(
            self.os_creds, sec_grp_settings)
        self.sec_grp_creator.create()

        sec_grp = neutron_utils.get_security_group(self.neutron,
                                                   self.sec_grp_name)
        validation_utils.objects_equivalent(
            self.sec_grp_creator.get_security_group(), sec_grp)
        rules = neutron_utils.get_rules_by_security_group(
            self.neutron, self.sec_grp_creator.get_security_group())
        self.assertEqual(len(self.sec_grp_creator.get_rules()), len(rules))
        validation_utils.objects_equivalent(self.sec_grp_creator.get_rules(),
                                            rules)

        self.sec_grp_creator.remove_rule(
            rule_id=rules[0].id)
        rules_after_del = neutron_utils.get_rules_by_security_group(
            self.neutron,
            self.sec_grp_creator.get_security_group())
        self.assertEqual(len(rules) - 1, len(rules_after_del))

    def test_remove_rule_by_setting(self):
        """
        Tests the creation of an OpenStack Security Group with two simple
        custom rules then removes one by the rule setting object
        """
        # Create Image
        sec_grp_rule_settings = list()
        sec_grp_rule_settings.append(
            SecurityGroupRuleSettings(sec_grp_name=self.sec_grp_name,
                                      direction=Direction.ingress))
        sec_grp_rule_settings.append(
            SecurityGroupRuleSettings(sec_grp_name=self.sec_grp_name,
                                      direction=Direction.egress,
                                      protocol=Protocol.udp,
                                      ethertype=Ethertype.IPv6))
        sec_grp_rule_settings.append(
            SecurityGroupRuleSettings(sec_grp_name=self.sec_grp_name,
                                      direction=Direction.egress,
                                      protocol=Protocol.udp,
                                      ethertype=Ethertype.IPv4,
                                      port_range_min=10,
                                      port_range_max=20))
        sec_grp_settings = SecurityGroupSettings(
            name=self.sec_grp_name, description='hello group',
            rule_settings=sec_grp_rule_settings)
        self.sec_grp_creator = create_security_group.OpenStackSecurityGroup(
            self.os_creds, sec_grp_settings)
        self.sec_grp_creator.create()

        sec_grp = neutron_utils.get_security_group(self.neutron,
                                                   self.sec_grp_name)
        validation_utils.objects_equivalent(
            self.sec_grp_creator.get_security_group(), sec_grp)
        rules = neutron_utils.get_rules_by_security_group(
            self.neutron, self.sec_grp_creator.get_security_group())
        self.assertEqual(len(self.sec_grp_creator.get_rules()), len(rules))
        validation_utils.objects_equivalent(self.sec_grp_creator.get_rules(),
                                            rules)

        self.sec_grp_creator.remove_rule(rule_setting=sec_grp_rule_settings[0])
        rules_after_del = neutron_utils.get_rules_by_security_group(
            self.neutron,
            self.sec_grp_creator.get_security_group())
        self.assertEqual(len(rules) - 1, len(rules_after_del))

# TODO - Add more tests with different rules. Rule creation parameters can be
# somewhat complex