From 2d1118050034ecd38f73298498b72c2af7c3cc20 Mon Sep 17 00:00:00 2001 From: Shobhi Jain Date: Wed, 14 Mar 2018 11:53:06 +0000 Subject: Replace neutron create security group rule with shade. Rename create_secgroup_rule with create_security_group_rule. Function create_security_group_rule now uses shade client. JIRA: YARDSTICK-890 Change-Id: Ie0ebac67a281e55dc95c0e3e33ba43de80aba9ec Signed-off-by: Shobhi Jain --- yardstick/common/openstack_utils.py | 89 +++++++++++++--------- .../tests/unit/common/test_openstack_utils.py | 25 ++++++ 2 files changed, 76 insertions(+), 38 deletions(-) diff --git a/yardstick/common/openstack_utils.py b/yardstick/common/openstack_utils.py index a6b53a607..2785230c0 100644 --- a/yardstick/common/openstack_utils.py +++ b/yardstick/common/openstack_utils.py @@ -658,44 +658,57 @@ def create_security_group(neutron_client, sg_name, return None -def create_secgroup_rule(neutron_client, sg_id, direction, protocol, - port_range_min=None, port_range_max=None, - **json_body): # pragma: no cover - # We create a security group in 2 steps - # 1 - we check the format and set the json body accordingly - # 2 - we call neturon client to create the security group - - # Format check - json_body.update({'security_group_rule': {'direction': direction, - 'security_group_id': sg_id, 'protocol': protocol}}) - # parameters may be - # - both None => we do nothing - # - both Not None => we add them to the json description - # but one cannot be None is the other is not None - if (port_range_min is not None and port_range_max is not None): - # add port_range in json description - json_body['security_group_rule']['port_range_min'] = port_range_min - json_body['security_group_rule']['port_range_max'] = port_range_max - log.debug("Security_group format set (port range included)") - else: - # either both port range are set to None => do nothing - # or one is set but not the other => log it and return False - if port_range_min is None and port_range_max is None: - log.debug("Security_group format set (no port range mentioned)") - else: - log.error("Bad security group format." - "One of the port range is not properly set:" - "range min: %s, range max: %s", port_range_min, - port_range_max) - return False +def create_security_group_rule(shade_client, secgroup_name_or_id, + port_range_min=None, port_range_max=None, + protocol=None, remote_ip_prefix=None, + remote_group_id=None, direction='ingress', + ethertype='IPv4', project_id=None): + """Create a new security group rule + + :param secgroup_name_or_id:(string) The security group name or ID to + associate with this security group rule. If a + non-unique group name is given, an exception is + raised. + :param port_range_min:(int) The minimum port number in the range that is + matched by the security group rule. If the protocol + is TCP or UDP, this value must be less than or equal + to the port_range_max attribute value. If nova is + used by the cloud provider for security groups, then + a value of None will be transformed to -1. + :param port_range_max:(int) The maximum port number in the range that is + matched by the security group rule. The + port_range_min attribute constrains the + port_range_max attribute. If nova is used by the + cloud provider for security groups, then a value of + None will be transformed to -1. + :param protocol:(string) The protocol that is matched by the security group + rule. Valid values are None, tcp, udp, and icmp. + :param remote_ip_prefix:(string) The remote IP prefix to be associated with + this security group rule. This attribute matches + the specified IP prefix as the source IP address of + the IP packet. + :param remote_group_id:(string) The remote group ID to be associated with + this security group rule. + :param direction:(string) Ingress or egress: The direction in which the + security group rule is applied. + :param ethertype:(string) Must be IPv4 or IPv6, and addresses represented + in CIDR must match the ingress or egress rules. + :param project_id:(string) Specify the project ID this security group will + be created on (admin-only). + + :returns: True on success. + """ - # Create security group using neutron client try: - neutron_client.create_security_group_rule(json_body) + shade_client.create_security_group_rule( + secgroup_name_or_id, port_range_min=port_range_min, + port_range_max=port_range_max, protocol=protocol, + remote_ip_prefix=remote_ip_prefix, remote_group_id=remote_group_id, + direction=direction, ethertype=ethertype, project_id=project_id) return True - except Exception: # pylint: disable=broad-except - log.exception("Impossible to create_security_group_rule," - "security group rule probably already exists") + except exc.OpenStackCloudException as op_exc: + log.error("Failed to create_security_group_rule(shade_client). " + "Exception message: %s", op_exc.orig_message) return False @@ -719,18 +732,18 @@ def create_security_group_full(neutron_client, sg_name, SECGROUP['name'], sg_id) log.debug("Adding ICMP rules in security group '%s'...", sg_name) - if not create_secgroup_rule(neutron_client, sg_id, + if not create_security_group_rule(neutron_client, sg_id, 'ingress', 'icmp'): log.error("Failed to create the security group rule...") return None log.debug("Adding SSH rules in security group '%s'...", sg_name) - if not create_secgroup_rule( + if not create_security_group_rule( neutron_client, sg_id, 'ingress', 'tcp', '22', '22'): log.error("Failed to create the security group rule...") return None - if not create_secgroup_rule( + if not create_security_group_rule( neutron_client, sg_id, 'egress', 'tcp', '22', '22'): log.error("Failed to create the security group rule...") return None diff --git a/yardstick/tests/unit/common/test_openstack_utils.py b/yardstick/tests/unit/common/test_openstack_utils.py index b8f85c083..3b7e8eaa1 100644 --- a/yardstick/tests/unit/common/test_openstack_utils.py +++ b/yardstick/tests/unit/common/test_openstack_utils.py @@ -239,3 +239,28 @@ class DeleteFloatingIpTestCase(unittest.TestCase): 'floating_ip_id') mock_logger.error.assert_called_once() self.assertFalse(output) + + +class CreateSecurityGroupRuleTestCase(unittest.TestCase): + + def setUp(self): + self.mock_shade_client = mock.Mock() + self.secgroup_name_or_id = 'sg_name_id' + self.mock_shade_client.create_security_group_rule = mock.Mock() + + def test_create_security_group_rule(self): + self.mock_shade_client.create_security_group_rule.return_value = ( + {'security_group_rule'}) + output = openstack_utils.create_security_group_rule( + self.mock_shade_client, self.secgroup_name_or_id) + self.assertTrue(output) + + @mock.patch.object(openstack_utils, 'log') + def test_create_security_group_rule_exception(self, mock_logger): + self.mock_shade_client.create_security_group_rule.side_effect = ( + exc.OpenStackCloudException('error message')) + + output = openstack_utils.create_security_group_rule( + self.mock_shade_client, self.secgroup_name_or_id) + mock_logger.error.assert_called_once() + self.assertFalse(output) -- cgit 1.2.3-korg