Make a security group rule that references another security group return ipPermission for each of tcp, udp, and icmp.

author: Soren Hansen <soren@linux2go.dk> 2011-09-05 09:32:14 +0200
committer: Soren Hansen <soren@linux2go.dk> 2011-09-05 09:32:14 +0200
commit: 7d923d28d673340af1e168f99e7178cd01ea3ac3 (patch)
tree: d75cff839d659a55c0834b7c26fb5bb744cc7a03 /nova/tests
parent: 077a6971016b112fa7133f2b00aaed5d922386e1 (diff)
1 files changed, 30 insertions, 0 deletions
diff --git a/nova/tests/test_cloud.py b/nova/tests/test_cloud.py
index 3fe6a9b42..f5a99fa2c 100644
--- a/nova/tests/test_cloud.py
+++ b/nova/tests/test_cloud.py
@@ -305,6 +305,36 @@ class CloudTestCase(test.TestCase):
                   'ip_protocol': u'tcp'}]}
         self.assertTrue(authz(self.context, group_name=sec['name'], **kwargs))
 
+    def test_describe_security_group_ingress_groups(self):
+        kwargs = {'project_id': self.context.project_id, 'name': 'test'}
+        sec = db.security_group_create(self.context,
+                                       {'project_id': 'someuser',
+                                        'name': 'somegroup1'})
+        sec = db.security_group_create(self.context,
+                                       {'project_id': 'someuser',
+                                        'name': 'othergroup2'})
+        sec = db.security_group_create(self.context, kwargs)
+        authz = self.cloud.authorize_security_group_ingress
+        kwargs = {'ip_permissions': [{
+                  'groups': {'1': {'user_id': u'someuser',
+                                   'group_name': u'somegroup1'},
+                             '2': {'user_id': u'someuser',
+                                   'group_name': u'othergroup2'}}}]}
+        self.assertTrue(authz(self.context, group_name=sec['name'], **kwargs))
+        describe = self.cloud.describe_security_groups
+        groups = describe(self.context, group_name=['test'])
+        self.assertEquals(len(groups['securityGroupInfo']), 1)
+        for proto, min_port, max_port in (('icmp', -1, -1),
+                                          ('udp', 1, 65536),
+                                          ('tcp', 1, 65535)):
+            rules = filter(lambda g:g['ipProtocol'] == proto,
+                           groups['securityGroupInfo'][0]['ipPermissions'])
+            self.assertEquals(len(rules), 2,
+                              "Expected 2 rules for protocol %s" % proto)
+            for rule in rules:
+                self.assertEquals(rule['fromPort'], min_port)
+                self.assertEquals(rule['toPort'], max_port)
+
     def test_revoke_security_group_ingress(self):
         kwargs = {'project_id': self.context.project_id, 'name': 'test'}
         sec = db.security_group_create(self.context, kwargs)
author	Soren Hansen <soren@linux2go.dk>	2011-09-05 09:32:14 +0200
committer	Soren Hansen <soren@linux2go.dk>	2011-09-05 09:32:14 +0200
commit	7d923d28d673340af1e168f99e7178cd01ea3ac3 (patch)
tree	d75cff839d659a55c0834b7c26fb5bb744cc7a03 /nova/tests
parent	077a6971016b112fa7133f2b00aaed5d922386e1 (diff)