renamed priv method arg_to_dict since it's not just used for revoke. modified to conform to latest AWS EC2 API spec for authorize & revoke ingress params using the IpPermissions data structure, which nests lists of CIDR blocks (IpRanges) as well as lists of Group data

author: John Tran <jtran@attinteractive.com> 2011-07-15 22:56:16 +0000
committer: John Tran <jtran@attinteractive.com> 2011-07-15 22:56:16 +0000
commit: 7498fa608def9613552cf0e26dcb03fddf7b298d (patch)
tree: 07a9e7dc437c87c8f0890c0de5448384504bb347 /nova/tests
parent: 3a11738f517999ed1fd3a2c0a7ca452c7191b50f (diff)
1 files changed, 41 insertions, 6 deletions
diff --git a/nova/tests/test_cloud.py b/nova/tests/test_cloud.py
index d71a03aff..7becf1963 100644
--- a/nova/tests/test_cloud.py
+++ b/nova/tests/test_cloud.py
@@ -239,25 +239,60 @@ class CloudTestCase(test.TestCase):
         delete = self.cloud.delete_security_group
         self.assertRaises(exception.ApiError, delete, self.context)
 
-    def test_authorize_revoke_security_group_ingress(self):
+    def test_authorize_security_group_ingress(self):
         kwargs = {'project_id': self.context.project_id, 'name': 'test'}
         sec = db.security_group_create(self.context, kwargs)
         authz = self.cloud.authorize_security_group_ingress
         kwargs = {'to_port': '999', 'from_port': '999', 'ip_protocol': 'tcp'}
-        authz(self.context, group_name=sec['name'], **kwargs)
+        self.assertTrue(authz(self.context, group_name=sec['name'], **kwargs))
+
+    def test_authorize_security_group_ingress_ip_permissions_ip_ranges(self):
+        kwargs = {'project_id': self.context.project_id, 'name': 'test'}
+        sec = db.security_group_create(self.context, kwargs)
+        authz = self.cloud.authorize_security_group_ingress
+        kwargs = {'ip_permissions': [{'to_port': 81, 'from_port': 81,
+                                      'ip_ranges': {'1': {'cidr_ip': u'0.0.0.0/0'},
+                                                   '2': {'cidr_ip': u'10.10.10.10/32'}},
+                                      'ip_protocol': u'tcp'}]}
+        self.assertTrue(authz(self.context, group_name=sec['name'], **kwargs))
+
+    def test_authorize_security_group_ingress_ip_permissions_groups(self):
+        kwargs = {'project_id': self.context.project_id, 'name': 'test'}
+        sec = db.security_group_create(self.context, kwargs)
+        authz = self.cloud.authorize_security_group_ingress
+        kwargs = {'ip_permissions': [{'to_port': 81, 'from_port': 81,
+                  'ip_ranges': {'1': {'cidr_ip': u'0.0.0.0/0'}, '2': {'cidr_ip': u'10.10.10.10/32'}},
+                  'groups': {'1': {'user_id': u'someuser', 'group_name': u'somegroup1'},
+                             '2': {'user_id': u'someuser', 'group_name': u'othergroup2'}},
+                  'ip_protocol': u'tcp'}]}
+        self.assertTrue(authz(self.context, group_name=sec['name'], **kwargs))
+
+    def test_revoke_security_group_ingress(self):
+        kwargs = {'project_id': self.context.project_id, 'name': 'test'}
+        sec = db.security_group_create(self.context, kwargs)
+        authz = self.cloud.authorize_security_group_ingress
+        kwargs = {'to_port': '999', 'from_port': '999', 'ip_protocol': 'tcp'}
+        authz(self.context, group_id=sec['id'], **kwargs)
         revoke = self.cloud.revoke_security_group_ingress
         self.assertTrue(revoke(self.context, group_name=sec['name'], **kwargs))
 
-    def test_authorize_revoke_security_group_ingress_by_id(self):
-        sec = db.security_group_create(self.context,
-                                       {'project_id': self.context.project_id,
-                                        'name': 'test'})
+    def test_revoke_security_group_ingress_by_id(self):
+        kwargs = {'project_id': self.context.project_id, 'name': 'test'}
+        sec = db.security_group_create(self.context, kwargs)
         authz = self.cloud.authorize_security_group_ingress
         kwargs = {'to_port': '999', 'from_port': '999', 'ip_protocol': 'tcp'}
         authz(self.context, group_id=sec['id'], **kwargs)
         revoke = self.cloud.revoke_security_group_ingress
         self.assertTrue(revoke(self.context, group_id=sec['id'], **kwargs))
 
+    def test_authorize_security_group_ingress_by_id(self):
+        sec = db.security_group_create(self.context,
+                                       {'project_id': self.context.project_id,
+                                        'name': 'test'})
+        authz = self.cloud.authorize_security_group_ingress
+        kwargs = {'to_port': '999', 'from_port': '999', 'ip_protocol': 'tcp'}
+        self.assertTrue(authz(self.context, group_id=sec['id'], **kwargs))
+
     def test_authorize_security_group_ingress_missing_protocol_params(self):
         sec = db.security_group_create(self.context,
                                        {'project_id': self.context.project_id,
author	John Tran <jtran@attinteractive.com>	2011-07-15 22:56:16 +0000
committer	John Tran <jtran@attinteractive.com>	2011-07-15 22:56:16 +0000
commit	7498fa608def9613552cf0e26dcb03fddf7b298d (patch)
tree	07a9e7dc437c87c8f0890c0de5448384504bb347 /nova/tests
parent	3a11738f517999ed1fd3a2c0a7ca452c7191b50f (diff)