diff options
| author | Jenkins <jenkins@review.openstack.org> | 2011-11-12 17:45:33 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2011-11-12 17:45:33 +0000 |
| commit | 165cbc3942c5fac4d969e8a094dc4b5e555f6110 (patch) | |
| tree | 5b256e48f408d9aba958761bad141a853e92334e /nova/tests | |
| parent | 31b5f88a187a4a724cf2f5dc8985f37f081aac12 (diff) | |
| parent | 1a12349c056b52b488591abb1671ad94a6db6526 (diff) | |
Merge "Verify security group parameters"
Diffstat (limited to 'nova/tests')
| -rw-r--r-- | nova/tests/api/openstack/contrib/test_security_groups.py | 41 | ||||
| -rw-r--r-- | nova/tests/test_api.py | 48 |
2 files changed, 88 insertions, 1 deletions
diff --git a/nova/tests/api/openstack/contrib/test_security_groups.py b/nova/tests/api/openstack/contrib/test_security_groups.py index f55ce4a55..b3e1507e0 100644 --- a/nova/tests/api/openstack/contrib/test_security_groups.py +++ b/nova/tests/api/openstack/contrib/test_security_groups.py @@ -532,6 +532,47 @@ class TestSecurityGroupRules(test.TestCase): self.assertNotEquals(security_group_rule['id'], 0) self.assertEquals(security_group_rule['parent_group_id'], 2) + def test_create_by_invalid_cidr_json(self): + rules = { + "security_group_rule": { + "ip_protocol": "tcp", + "from_port": "22", + "to_port": "22", + "parent_group_id": 2, + "cidr": "10.2.3.124/2433"}} + rule = security_group_rule_template( + ip_protocol="tcp", + from_port=22, + to_port=22, + parent_group_id=2, + cidr="10.2.3.124/2433") + req = fakes.HTTPRequest.blank('/v1.1/123/os-security-group-rules') + self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create, + req, {'security_group_rule': rule}) + + def test_create_by_invalid_tcp_port_json(self): + rule = security_group_rule_template( + ip_protocol="tcp", + from_port=75534, + to_port=22, + parent_group_id=2, + cidr="10.2.3.124/24") + + req = fakes.HTTPRequest.blank('/v1.1/123/os-security-group-rules') + self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create, + req, {'security_group_rule': rule}) + + def test_create_by_invalid_icmp_port_json(self): + rule = security_group_rule_template( + ip_protocol="icmp", + from_port=1, + to_port=256, + parent_group_id=2, + cidr="10.2.3.124/24") + req = fakes.HTTPRequest.blank('/v1.1/123/os-security-group-rules') + self.assertRaises(webob.exc.HTTPBadRequest, self.controller.create, + req, {'security_group_rule': rule}) + def test_create_add_existing_rules(self): rule = security_group_rule_template(cidr='10.0.0.0/24') diff --git a/nova/tests/test_api.py b/nova/tests/test_api.py index e9f1145dd..2d3d4b604 100644 --- a/nova/tests/test_api.py +++ b/nova/tests/test_api.py @@ -386,6 +386,50 @@ class ApiEc2TestCase(test.TestCase): group.connection = self.ec2 group.authorize('tcp', 80, 81, '0.0.0.0/0') + group.authorize('icmp', -1, -1, '0.0.0.0/0') + group.authorize('udp', 80, 81, '0.0.0.0/0') + # Invalid CIDR address + self.assertRaises(Exception, + group.authorize, 'tcp', 80, 81, '0.0.0.0/0444') + # Missing ports + self.assertRaises(Exception, + group.authorize, 'tcp', '0.0.0.0/0') + # from port cannot be greater than to port + self.assertRaises(Exception, + group.authorize, 'tcp', 100, 1, '0.0.0.0/0') + # For tcp, negative values are not allowed + self.assertRaises(Exception, + group.authorize, 'tcp', -1, 1, '0.0.0.0/0') + # For tcp, valid port range 1-65535 + self.assertRaises(Exception, + group.authorize, 'tcp', 1, 65599, '0.0.0.0/0') + # For icmp, only -1:-1 is allowed for type:code + self.assertRaises(Exception, + group.authorize, 'icmp', -1, 0, '0.0.0.0/0') + # Non valid type:code + self.assertRaises(Exception, + group.authorize, 'icmp', 0, 3, '0.0.0.0/0') + # Invalid Cidr for ICMP type + self.assertRaises(Exception, + group.authorize, 'icmp', -1, -1, '0.0.444.0/4') + # Invalid protocol + self.assertRaises(Exception, + group.authorize, 'xyz', 1, 14, '0.0.0.0/0') + # Invalid port + self.assertRaises(Exception, + group.authorize, 'tcp', " ", "81", '0.0.0.0/0') + # Invalid icmp port + self.assertRaises(Exception, + group.authorize, 'icmp', " ", "81", '0.0.0.0/0') + # Invalid CIDR Address + self.assertRaises(Exception, + group.authorize, 'icmp', -1, -1, '0.0.0.0') + # Invalid CIDR Address + self.assertRaises(Exception, + group.authorize, 'icmp', -1, -1, '0.0.0.0/') + # Invalid Cidr ports + self.assertRaises(Exception, + group.authorize, 'icmp', 1, 256, '0.0.0.0/0') self.expect_http() self.mox.ReplayAll() @@ -394,7 +438,7 @@ class ApiEc2TestCase(test.TestCase): group = [grp for grp in rv if grp.name == security_group_name][0] - self.assertEquals(len(group.rules), 1) + self.assertEquals(len(group.rules), 3) self.assertEquals(int(group.rules[0].from_port), 80) self.assertEquals(int(group.rules[0].to_port), 81) self.assertEquals(len(group.rules[0].grants), 1) @@ -405,6 +449,8 @@ class ApiEc2TestCase(test.TestCase): group.connection = self.ec2 group.revoke('tcp', 80, 81, '0.0.0.0/0') + group.revoke('icmp', -1, -1, '0.0.0.0/0') + group.revoke('udp', 80, 81, '0.0.0.0/0') self.expect_http() self.mox.ReplayAll() |