Support remote-address-group in SG rules

Add support for using remote-address-group in security group rules. Change-Id: Ib1972244d484839943bc3cda07519a6c6d4b945a Implements: blueprint address-groups-in-sg-rules Depends-On: https://review.opendev.org/755644
author: Hang Yang <hangyang@verizonmedia.com> 2020-10-14 11:35:22 -0500
committer: Hang Yang <hangyang@verizonmedia.com> 2021-01-12 10:55:24 -0600
commit: e01e59caeb56cb7bf4f38403b82d0a265b163098 (patch)
tree: 515555cca02a4fa22a10e50be9e445145238e66c /openstackclient/tests/unit/network
parent: d6646d714b959d350b976defef00547c4da8d320 (diff)
download: python-openstackclient-e01e59caeb56cb7bf4f38403b82d0a265b163098.tar.gz
2 files changed, 44 insertions, 0 deletions
diff --git a/openstackclient/tests/unit/network/v2/fakes.py b/openstackclient/tests/unit/network/v2/fakes.py
index 798cfd96..d6906690 100644
--- a/openstackclient/tests/unit/network/v2/fakes.py
+++ b/openstackclient/tests/unit/network/v2/fakes.py
@@ -1382,6 +1382,7 @@ class FakeSecurityGroupRule(object):
             'port_range_min': None,
             'protocol': None,
             'remote_group_id': None,
+            'remote_address_group_id': None,
             'remote_ip_prefix': '0.0.0.0/0',
             'security_group_id': 'security-group-id-' + uuid.uuid4().hex,
             'tenant_id': 'project-id-' + uuid.uuid4().hex,
diff --git a/openstackclient/tests/unit/network/v2/test_security_group_rule_network.py b/openstackclient/tests/unit/network/v2/test_security_group_rule_network.py
index 01411611..bcdb0c26 100644
--- a/openstackclient/tests/unit/network/v2/test_security_group_rule_network.py
+++ b/openstackclient/tests/unit/network/v2/test_security_group_rule_network.py
@@ -46,6 +46,9 @@ class TestCreateSecurityGroupRuleNetwork(TestSecurityGroupRuleNetwork):
     _security_group = \
         network_fakes.FakeSecurityGroup.create_one_security_group()
 
+    # The address group to be used in security group rules
+    _address_group = network_fakes.FakeAddressGroup.create_one_address_group()
+
     expected_columns = (
         'description',
         'direction',
@@ -55,6 +58,7 @@ class TestCreateSecurityGroupRuleNetwork(TestSecurityGroupRuleNetwork):
         'port_range_min',
         'project_id',
         'protocol',
+        'remote_address_group_id',
         'remote_group_id',
         'remote_ip_prefix',
         'security_group_id',
@@ -77,6 +81,7 @@ class TestCreateSecurityGroupRuleNetwork(TestSecurityGroupRuleNetwork):
             self._security_group_rule.port_range_min,
             self._security_group_rule.project_id,
             self._security_group_rule.protocol,
+            self._security_group_rule.remote_address_group_id,
             self._security_group_rule.remote_group_id,
             self._security_group_rule.remote_ip_prefix,
             self._security_group_rule.security_group_id,
@@ -88,6 +93,9 @@ class TestCreateSecurityGroupRuleNetwork(TestSecurityGroupRuleNetwork):
         self.network.find_security_group = mock.Mock(
             return_value=self._security_group)
 
+        self.network.find_address_group = mock.Mock(
+            return_value=self._address_group)
+
         self.projects_mock.get.return_value = self.project
         self.domains_mock.get.return_value = self.domain
 
@@ -103,6 +111,7 @@ class TestCreateSecurityGroupRuleNetwork(TestSecurityGroupRuleNetwork):
         arglist = [
             '--remote-ip', '10.10.0.0/24',
             '--remote-group', self._security_group.id,
+            '--remote-address-group', self._address_group.id,
             self._security_group.id,
         ]
         self.assertRaises(tests_utils.ParserException,
@@ -258,6 +267,34 @@ class TestCreateSecurityGroupRuleNetwork(TestSecurityGroupRuleNetwork):
         self.assertEqual(self.expected_columns, columns)
         self.assertEqual(self.expected_data, data)
 
+    def test_create_remote_address_group(self):
+        self._setup_security_group_rule({
+            'protocol': 'icmp',
+            'remote_address_group_id': self._address_group.id,
+        })
+        arglist = [
+            '--protocol', 'icmp',
+            '--remote-address-group', self._address_group.name,
+            self._security_group.id,
+        ]
+        verifylist = [
+            ('remote_address_group', self._address_group.name),
+            ('group', self._security_group.id),
+        ]
+        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+        columns, data = self.cmd.take_action(parsed_args)
+
+        self.network.create_security_group_rule.assert_called_once_with(**{
+            'direction': self._security_group_rule.direction,
+            'ethertype': self._security_group_rule.ether_type,
+            'protocol': self._security_group_rule.protocol,
+            'remote_address_group_id': self._address_group.id,
+            'security_group_id': self._security_group.id,
+        })
+        self.assertEqual(self.expected_columns, columns)
+        self.assertEqual(self.expected_data, data)
+
     def test_create_remote_group(self):
         self._setup_security_group_rule({
             'protocol': 'tcp',
@@ -878,6 +915,7 @@ class TestListSecurityGroupRuleNetwork(TestSecurityGroupRuleNetwork):
         'Port Range',
         'Direction',
         'Remote Security Group',
+        'Remote Address Group',
     )
     expected_columns_no_group = (
         'ID',
@@ -887,6 +925,7 @@ class TestListSecurityGroupRuleNetwork(TestSecurityGroupRuleNetwork):
         'Port Range',
         'Direction',
         'Remote Security Group',
+        'Remote Address Group',
         'Security Group',
     )
 
@@ -902,6 +941,7 @@ class TestListSecurityGroupRuleNetwork(TestSecurityGroupRuleNetwork):
                 _security_group_rule),
             _security_group_rule.direction,
             _security_group_rule.remote_group_id,
+            _security_group_rule.remote_address_group_id,
         ))
         expected_data_no_group.append((
             _security_group_rule.id,
@@ -912,6 +952,7 @@ class TestListSecurityGroupRuleNetwork(TestSecurityGroupRuleNetwork):
                 _security_group_rule),
             _security_group_rule.direction,
             _security_group_rule.remote_group_id,
+            _security_group_rule.remote_address_group_id,
             _security_group_rule.security_group_id,
         ))
 
@@ -1041,6 +1082,7 @@ class TestShowSecurityGroupRuleNetwork(TestSecurityGroupRuleNetwork):
         'port_range_min',
         'project_id',
         'protocol',
+        'remote_address_group_id',
         'remote_group_id',
         'remote_ip_prefix',
         'security_group_id',
@@ -1055,6 +1097,7 @@ class TestShowSecurityGroupRuleNetwork(TestSecurityGroupRuleNetwork):
         _security_group_rule.port_range_min,
         _security_group_rule.project_id,
         _security_group_rule.protocol,
+        _security_group_rule.remote_address_group_id,
         _security_group_rule.remote_group_id,
         _security_group_rule.remote_ip_prefix,
         _security_group_rule.security_group_id,
author	Hang Yang <hangyang@verizonmedia.com>	2020-10-14 11:35:22 -0500
committer	Hang Yang <hangyang@verizonmedia.com>	2021-01-12 10:55:24 -0600
commit	e01e59caeb56cb7bf4f38403b82d0a265b163098 (patch)
tree	515555cca02a4fa22a10e50be9e445145238e66c /openstackclient/tests/unit/network
parent	d6646d714b959d350b976defef00547c4da8d320 (diff)
download	python-openstackclient-e01e59caeb56cb7bf4f38403b82d0a265b163098.tar.gz