From ac4baa5990c45a6a521a1786e680426ba617c65a Mon Sep 17 00:00:00 2001
From: Todd Willey <todd@ansolabs.com>
Date: Thu, 23 Jun 2011 14:13:27 -0400
Subject: Add test for listing provider firewall rules.

---
 nova/tests/test_adminapi.py | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'nova/tests')

diff --git a/nova/tests/test_adminapi.py b/nova/tests/test_adminapi.py
index 7ecaf1c09..2b90d49e9 100644
--- a/nova/tests/test_adminapi.py
+++ b/nova/tests/test_adminapi.py
@@ -87,3 +87,10 @@ class AdminApiTestCase(test.TestCase):
         result = self.api.block_external_addresses(self.context, '1.1.1.1/32')
         self.assertEqual('OK', result['status'])
         self.assertEqual('Added 3 rules', result['message'])
+
+    def test_list_blocked_ips(self):
+        """Make sure we can see the external blocks that exist."""
+        result = self.api.describe_external_address_blocks(self.context)
+        num = len(db.provider_fw_rule_get_all(self.context))
+        # we only list IP, not tcp/udp/icmp rules
+        self.assertEqual(num / 3, len(result['externalIpBlockInfo']))
-- 
cgit 


From 6e2ebfa1dc29e50f74f1b337d1b5349bc3c78cdc Mon Sep 17 00:00:00 2001
From: Todd Willey <todd@ansolabs.com>
Date: Thu, 23 Jun 2011 14:16:11 -0400
Subject: Make sure there are actually rules to test against.

---
 nova/tests/test_adminapi.py | 1 +
 1 file changed, 1 insertion(+)

(limited to 'nova/tests')

diff --git a/nova/tests/test_adminapi.py b/nova/tests/test_adminapi.py
index 2b90d49e9..4a96a3dd9 100644
--- a/nova/tests/test_adminapi.py
+++ b/nova/tests/test_adminapi.py
@@ -90,6 +90,7 @@ class AdminApiTestCase(test.TestCase):
 
     def test_list_blocked_ips(self):
         """Make sure we can see the external blocks that exist."""
+        self.api.block_external_addresses(self.context, '1.1.1.2/32')
         result = self.api.describe_external_address_blocks(self.context)
         num = len(db.provider_fw_rule_get_all(self.context))
         # we only list IP, not tcp/udp/icmp rules
-- 
cgit 


From 9a6e9a1af9359fb4a9261f59f57113f252f0d6e9 Mon Sep 17 00:00:00 2001
From: Todd Willey <todd@ansolabs.com>
Date: Thu, 23 Jun 2011 14:45:37 -0400
Subject: Make firewall rules tests idempotent, move IPy=>netaddr, add deltete
 test.

---
 nova/tests/test_adminapi.py | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'nova/tests')

diff --git a/nova/tests/test_adminapi.py b/nova/tests/test_adminapi.py
index 4a96a3dd9..ce826fd5b 100644
--- a/nova/tests/test_adminapi.py
+++ b/nova/tests/test_adminapi.py
@@ -85,6 +85,7 @@ class AdminApiTestCase(test.TestCase):
     def test_block_external_ips(self):
         """Make sure provider firewall rules are created."""
         result = self.api.block_external_addresses(self.context, '1.1.1.1/32')
+        self.api.remove_external_address_block(self.context, '1.1.1.1/32')
         self.assertEqual('OK', result['status'])
         self.assertEqual('Added 3 rules', result['message'])
 
@@ -93,5 +94,18 @@ class AdminApiTestCase(test.TestCase):
         self.api.block_external_addresses(self.context, '1.1.1.2/32')
         result = self.api.describe_external_address_blocks(self.context)
         num = len(db.provider_fw_rule_get_all(self.context))
+        self.api.remove_external_address_block(self.context, '1.1.1.2/32')
         # we only list IP, not tcp/udp/icmp rules
         self.assertEqual(num / 3, len(result['externalIpBlockInfo']))
+
+    def test_remove_ip_block(self):
+        """Remove ip blocks."""
+        result = self.api.block_external_addresses(self.context, '1.1.1.3/32')
+        self.assertEqual('OK', result['status'])
+        num0 = len(db.provider_fw_rule_get_all(self.context))
+        result = self.api.remove_external_address_block(self.context,
+                                                        '1.1.1.3/32')
+        self.assertEqual('OK', result['status'])
+        self.assertEqual('Deleted 3 rules', result['message'])
+        num1 = len(db.provider_fw_rule_get_all(self.context))
+        self.assert_(num1 < num0)
-- 
cgit 


From 51d93c5b1722bef9783cd7572c1464a084ece0aa Mon Sep 17 00:00:00 2001
From: Todd Willey <todd@ansolabs.com>
Date: Thu, 23 Jun 2011 14:52:58 -0400
Subject: libvirt test for deleting provider firewall rules.

---
 nova/tests/test_libvirt.py | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'nova/tests')

diff --git a/nova/tests/test_libvirt.py b/nova/tests/test_libvirt.py
index ee94d3c17..d12e21063 100644
--- a/nova/tests/test_libvirt.py
+++ b/nova/tests/test_libvirt.py
@@ -1115,6 +1115,13 @@ class IptablesFirewallTestCase(test.TestCase):
                 provjump_rules.append(rule)
         self.assertEqual(1, len(provjump_rules))
 
+        # remove a rule from the db, cast to compute to refresh rule
+        db.provider_fw_rule_destroy(admin_ctxt, provider_fw1['id'])
+        self.fw.refresh_provider_fw_rules()
+        rules = [rule for rule in self.fw.iptables.ipv4['filter'].rules
+                      if rule.chain == 'provider']
+        self.assertEqual(1, len(rules))
+
 
 class NWFilterTestCase(test.TestCase):
     def setUp(self):
-- 
cgit