summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--yardstick/common/openstack_utils.py89
-rw-r--r--yardstick/tests/unit/common/test_openstack_utils.py25
2 files changed, 76 insertions, 38 deletions
diff --git a/yardstick/common/openstack_utils.py b/yardstick/common/openstack_utils.py
index a6b53a607..2785230c0 100644
--- a/yardstick/common/openstack_utils.py
+++ b/yardstick/common/openstack_utils.py
@@ -658,44 +658,57 @@ def create_security_group(neutron_client, sg_name,
return None
-def create_secgroup_rule(neutron_client, sg_id, direction, protocol,
- port_range_min=None, port_range_max=None,
- **json_body): # pragma: no cover
- # We create a security group in 2 steps
- # 1 - we check the format and set the json body accordingly
- # 2 - we call neturon client to create the security group
-
- # Format check
- json_body.update({'security_group_rule': {'direction': direction,
- 'security_group_id': sg_id, 'protocol': protocol}})
- # parameters may be
- # - both None => we do nothing
- # - both Not None => we add them to the json description
- # but one cannot be None is the other is not None
- if (port_range_min is not None and port_range_max is not None):
- # add port_range in json description
- json_body['security_group_rule']['port_range_min'] = port_range_min
- json_body['security_group_rule']['port_range_max'] = port_range_max
- log.debug("Security_group format set (port range included)")
- else:
- # either both port range are set to None => do nothing
- # or one is set but not the other => log it and return False
- if port_range_min is None and port_range_max is None:
- log.debug("Security_group format set (no port range mentioned)")
- else:
- log.error("Bad security group format."
- "One of the port range is not properly set:"
- "range min: %s, range max: %s", port_range_min,
- port_range_max)
- return False
+def create_security_group_rule(shade_client, secgroup_name_or_id,
+ port_range_min=None, port_range_max=None,
+ protocol=None, remote_ip_prefix=None,
+ remote_group_id=None, direction='ingress',
+ ethertype='IPv4', project_id=None):
+ """Create a new security group rule
+
+ :param secgroup_name_or_id:(string) The security group name or ID to
+ associate with this security group rule. If a
+ non-unique group name is given, an exception is
+ raised.
+ :param port_range_min:(int) The minimum port number in the range that is
+ matched by the security group rule. If the protocol
+ is TCP or UDP, this value must be less than or equal
+ to the port_range_max attribute value. If nova is
+ used by the cloud provider for security groups, then
+ a value of None will be transformed to -1.
+ :param port_range_max:(int) The maximum port number in the range that is
+ matched by the security group rule. The
+ port_range_min attribute constrains the
+ port_range_max attribute. If nova is used by the
+ cloud provider for security groups, then a value of
+ None will be transformed to -1.
+ :param protocol:(string) The protocol that is matched by the security group
+ rule. Valid values are None, tcp, udp, and icmp.
+ :param remote_ip_prefix:(string) The remote IP prefix to be associated with
+ this security group rule. This attribute matches
+ the specified IP prefix as the source IP address of
+ the IP packet.
+ :param remote_group_id:(string) The remote group ID to be associated with
+ this security group rule.
+ :param direction:(string) Ingress or egress: The direction in which the
+ security group rule is applied.
+ :param ethertype:(string) Must be IPv4 or IPv6, and addresses represented
+ in CIDR must match the ingress or egress rules.
+ :param project_id:(string) Specify the project ID this security group will
+ be created on (admin-only).
+
+ :returns: True on success.
+ """
- # Create security group using neutron client
try:
- neutron_client.create_security_group_rule(json_body)
+ shade_client.create_security_group_rule(
+ secgroup_name_or_id, port_range_min=port_range_min,
+ port_range_max=port_range_max, protocol=protocol,
+ remote_ip_prefix=remote_ip_prefix, remote_group_id=remote_group_id,
+ direction=direction, ethertype=ethertype, project_id=project_id)
return True
- except Exception: # pylint: disable=broad-except
- log.exception("Impossible to create_security_group_rule,"
- "security group rule probably already exists")
+ except exc.OpenStackCloudException as op_exc:
+ log.error("Failed to create_security_group_rule(shade_client). "
+ "Exception message: %s", op_exc.orig_message)
return False
@@ -719,18 +732,18 @@ def create_security_group_full(neutron_client, sg_name,
SECGROUP['name'], sg_id)
log.debug("Adding ICMP rules in security group '%s'...", sg_name)
- if not create_secgroup_rule(neutron_client, sg_id,
+ if not create_security_group_rule(neutron_client, sg_id,
'ingress', 'icmp'):
log.error("Failed to create the security group rule...")
return None
log.debug("Adding SSH rules in security group '%s'...", sg_name)
- if not create_secgroup_rule(
+ if not create_security_group_rule(
neutron_client, sg_id, 'ingress', 'tcp', '22', '22'):
log.error("Failed to create the security group rule...")
return None
- if not create_secgroup_rule(
+ if not create_security_group_rule(
neutron_client, sg_id, 'egress', 'tcp', '22', '22'):
log.error("Failed to create the security group rule...")
return None
diff --git a/yardstick/tests/unit/common/test_openstack_utils.py b/yardstick/tests/unit/common/test_openstack_utils.py
index b8f85c083..3b7e8eaa1 100644
--- a/yardstick/tests/unit/common/test_openstack_utils.py
+++ b/yardstick/tests/unit/common/test_openstack_utils.py
@@ -239,3 +239,28 @@ class DeleteFloatingIpTestCase(unittest.TestCase):
'floating_ip_id')
mock_logger.error.assert_called_once()
self.assertFalse(output)
+
+
+class CreateSecurityGroupRuleTestCase(unittest.TestCase):
+
+ def setUp(self):
+ self.mock_shade_client = mock.Mock()
+ self.secgroup_name_or_id = 'sg_name_id'
+ self.mock_shade_client.create_security_group_rule = mock.Mock()
+
+ def test_create_security_group_rule(self):
+ self.mock_shade_client.create_security_group_rule.return_value = (
+ {'security_group_rule'})
+ output = openstack_utils.create_security_group_rule(
+ self.mock_shade_client, self.secgroup_name_or_id)
+ self.assertTrue(output)
+
+ @mock.patch.object(openstack_utils, 'log')
+ def test_create_security_group_rule_exception(self, mock_logger):
+ self.mock_shade_client.create_security_group_rule.side_effect = (
+ exc.OpenStackCloudException('error message'))
+
+ output = openstack_utils.create_security_group_rule(
+ self.mock_shade_client, self.secgroup_name_or_id)
+ mock_logger.error.assert_called_once()
+ self.assertFalse(output)