diff options
| author | Yaguang Tang <heut2008@gmail.com> | 2012-02-14 10:43:39 +0800 |
|---|---|---|
| committer | Yaguang Tang <heut2008@gmail.com> | 2012-02-15 12:17:55 +0800 |
| commit | b4fae4821fd2d4f31c0c03bdf2e65c984f42e01d (patch) | |
| tree | e8e694e6a717dfce12244e398871731824ffd55f /nova/tests | |
| parent | cc12819adef88983ef78e9bfb18745df9c39b561 (diff) | |
remove unused nwfilter methods and tests.
remove unused methods and classes in nova/virt/libvirt/firewall.py
and releative function tests. now,nova use nwfilter offered by
libvirt only for anti ARP and IP spoofing.other security policy use
iptables.
Change-Id: Ib9866802ef64668e2feba09124bdf7c7fee92f92
Diffstat (limited to 'nova/tests')
| -rw-r--r-- | nova/tests/test_libvirt.py | 41 |
1 files changed, 2 insertions, 39 deletions
diff --git a/nova/tests/test_libvirt.py b/nova/tests/test_libvirt.py index 2eede7ed5..2b1e5eed8 100644 --- a/nova/tests/test_libvirt.py +++ b/nova/tests/test_libvirt.py @@ -1631,28 +1631,6 @@ class NWFilterTestCase(test.TestCase): security_group = db.security_group_get_by_name(self.context, 'fake', 'testgroup') - - xml = self.fw.security_group_to_nwfilter_xml(security_group.id) - - dom = xml_to_dom(xml) - self.assertEqual(dom.firstChild.tagName, 'filter') - - rules = dom.getElementsByTagName('rule') - self.assertEqual(len(rules), 1) - - # It's supposed to allow inbound traffic. - self.assertEqual(rules[0].getAttribute('action'), 'accept') - self.assertEqual(rules[0].getAttribute('direction'), 'in') - - # Must be lower priority than the base filter (which blocks everything) - self.assertTrue(int(rules[0].getAttribute('priority')) < 1000) - - ip_conditions = rules[0].getElementsByTagName('tcp') - self.assertEqual(len(ip_conditions), 1) - self.assertEqual(ip_conditions[0].getAttribute('srcipaddr'), '0.0.0.0') - self.assertEqual(ip_conditions[0].getAttribute('srcipmask'), '0.0.0.0') - self.assertEqual(ip_conditions[0].getAttribute('dstportstart'), '80') - self.assertEqual(ip_conditions[0].getAttribute('dstportend'), '81') self.teardown_security_group() def teardown_security_group(self): @@ -1732,8 +1710,7 @@ class NWFilterTestCase(test.TestCase): def _ensure_all_called(mac): instance_filter = 'nova-instance-%s-%s' % (instance_ref['name'], mac.translate(None, ':')) - secgroup_filter = 'nova-secgroup-%s' % self.security_group['id'] - for required in [secgroup_filter, 'allow-dhcp-server', + for required in ['allow-dhcp-server', 'no-arp-spoofing', 'no-ip-spoofing', 'no-mac-spoofing']: self.assertTrue(required in @@ -1754,20 +1731,10 @@ class NWFilterTestCase(test.TestCase): mac = network_info[0][1]['mac'] self.fw.setup_basic_filtering(instance, network_info) - self.fw.prepare_instance_filter(instance, network_info) - self.fw.apply_instance_filter(instance, network_info) _ensure_all_called(mac) self.teardown_security_group() db.instance_destroy(context.get_admin_context(), instance_ref['id']) - def test_create_network_filters(self): - instance_ref = self._create_instance() - network_info = _fake_network_info(self.stubs, 3) - result = self.fw._create_network_filters(instance_ref, - network_info, - "fake") - self.assertEquals(len(result), 3) - def test_unfilter_instance_undefines_nwfilters(self): admin_ctxt = context.get_admin_context() @@ -1788,13 +1755,9 @@ class NWFilterTestCase(test.TestCase): network_info = _fake_network_info(self.stubs, 1) self.fw.setup_basic_filtering(instance, network_info) - self.fw.prepare_instance_filter(instance, network_info) - self.fw.apply_instance_filter(instance, network_info) original_filter_count = len(fakefilter.filters) self.fw.unfilter_instance(instance, network_info) - - # should undefine 2 filters: instance and instance-secgroup - self.assertEqual(original_filter_count - len(fakefilter.filters), 2) + self.assertEqual(original_filter_count - len(fakefilter.filters), 1) db.instance_destroy(admin_ctxt, instance_ref['id']) |