diff options
20 files changed, 3394 insertions, 0 deletions
diff --git a/doc/source/cli/osc/v2/vpn-endpoint-group.rst b/doc/source/cli/osc/v2/vpn-endpoint-group.rst new file mode 100644 index 0000000..9581d8b --- /dev/null +++ b/doc/source/cli/osc/v2/vpn-endpoint-group.rst @@ -0,0 +1,11 @@ +================== +VPN Endpoint Group +================== + +The **Endpoint Group** is used to configure multiple local and remote subnets +in vpnservice object. + +Network v2 + +.. autoprogram-cliff:: openstack.neutronclient.v2 + :command: vpn endpoint group * diff --git a/doc/source/cli/osc/v2/vpn-ike-policy.rst b/doc/source/cli/osc/v2/vpn-ike-policy.rst new file mode 100644 index 0000000..3e38a5c --- /dev/null +++ b/doc/source/cli/osc/v2/vpn-ike-policy.rst @@ -0,0 +1,12 @@ +============== +VPN IKE Policy +============== + +The **IKE Policy** is used for phases one and two negotiation of the +VPN connection. You can specify both the authentication and encryption +algorithms for connections. + +Network v2 + +.. autoprogram-cliff:: openstack.neutronclient.v2 + :command: vpn ike policy * diff --git a/doc/source/cli/osc/v2/vpn-ipsec-policy.rst b/doc/source/cli/osc/v2/vpn-ipsec-policy.rst new file mode 100644 index 0000000..c8a5f3b --- /dev/null +++ b/doc/source/cli/osc/v2/vpn-ipsec-policy.rst @@ -0,0 +1,11 @@ +================ +VPN IPsec Policy +================ + +The **IPsec Policy** specifies the authentication and encryption algorithms +and encapsulation mode to use for the established VPN connection. + +Network v2 + +.. autoprogram-cliff:: openstack.neutronclient.v2 + :command: vpn ipsec policy * diff --git a/doc/source/cli/osc/v2/vpn-ipsec-site-connection.rst b/doc/source/cli/osc/v2/vpn-ipsec-site-connection.rst new file mode 100644 index 0000000..0244e73 --- /dev/null +++ b/doc/source/cli/osc/v2/vpn-ipsec-site-connection.rst @@ -0,0 +1,10 @@ +========================= +VPN IPsec Site Connection +========================= + +Creates a site-to-site **IPsec Site Connection** for a VPN service. + +Network v2 + +.. autoprogram-cliff:: openstack.neutronclient.v2 + :command: vpn ipsec site connection * diff --git a/doc/source/cli/osc/v2/vpn-service.rst b/doc/source/cli/osc/v2/vpn-service.rst new file mode 100644 index 0000000..b412555 --- /dev/null +++ b/doc/source/cli/osc/v2/vpn-service.rst @@ -0,0 +1,11 @@ +=========== +VPN Service +=========== + +The **VPN Service** is associated with a router. After you +create the service, it can contain multiple VPN connections. + +Network v2 + +.. autoprogram-cliff:: openstack.neutronclient.v2 + :command: vpn service * diff --git a/neutronclient/osc/v2/vpnaas/endpoint_group.py b/neutronclient/osc/v2/vpnaas/endpoint_group.py new file mode 100644 index 0000000..269da97 --- /dev/null +++ b/neutronclient/osc/v2/vpnaas/endpoint_group.py @@ -0,0 +1,216 @@ +# Copyright 2017 FUJITSU LIMITED +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +from osc_lib.command import command +from osc_lib import exceptions +from osc_lib import utils +from oslo_log import log as logging + +from neutronclient._i18n import _ +from neutronclient.osc import utils as osc_utils + + +LOG = logging.getLogger(__name__) + +_attr_map = ( + ('id', 'ID', osc_utils.LIST_BOTH), + ('name', 'Name', osc_utils.LIST_BOTH), + ('type', 'Type', osc_utils.LIST_BOTH), + ('endpoints', 'Endpoints', osc_utils.LIST_BOTH), + ('description', 'Description', osc_utils.LIST_LONG_ONLY), + ('tenant_id', 'Project', osc_utils.LIST_LONG_ONLY), +) + + +def _get_common_parser(parser): + parser.add_argument( + '--description', + metavar='<description>', + help=_('Description for the endpoint group')) + return parser + + +def _get_common_attrs(client_manager, parsed_args, is_create=True): + attrs = {} + if is_create: + if parsed_args.project is not None: + attrs['tenant_id'] = osc_utils.find_project( + client_manager.identity, + parsed_args.project, + parsed_args.project_domain, + ).id + if parsed_args.description: + attrs['description'] = parsed_args.description + return attrs + + +class CreateEndpointGroup(command.ShowOne): + _description = _("Create an endpoint group") + + def get_parser(self, prog_name): + parser = super(CreateEndpointGroup, self).get_parser(prog_name) + _get_common_parser(parser) + parser.add_argument( + 'name', + metavar='<name>', + help=_('Name for the endpoint group')) + parser.add_argument( + '--type', + required=True, + help=_('Type of endpoints in group (e.g. subnet, cidr)')) + parser.add_argument( + '--value', + action='append', + dest='endpoints', + required=True, + help=_('Endpoint(s) for the group. Must all be of the same type. ' + '(--value) option can be repeated')) + osc_utils.add_project_owner_option_to_parser(parser) + return parser + + def take_action(self, parsed_args): + client = self.app.client_manager.neutronclient + attrs = _get_common_attrs(self.app.client_manager, parsed_args) + if parsed_args.name: + attrs['name'] = str(parsed_args.name) + attrs['type'] = parsed_args.type + if parsed_args.type == 'subnet': + _subnet_ids = [client.find_resource( + 'subnet', + endpoint, + cmd_resource='subnet')['id'] + for endpoint in parsed_args.endpoints] + attrs['endpoints'] = _subnet_ids + else: + attrs['endpoints'] = parsed_args.endpoints + obj = client.create_endpoint_group( + {'endpoint_group': attrs})['endpoint_group'] + columns, display_columns = osc_utils.get_columns(obj, _attr_map) + data = utils.get_dict_properties(obj, columns) + return display_columns, data + + +class DeleteEndpointGroup(command.Command): + _description = _("Delete endpoint group(s)") + + def get_parser(self, prog_name): + parser = super(DeleteEndpointGroup, self).get_parser(prog_name) + parser.add_argument( + 'endpoint_group', + metavar='<endpoint-group>', + nargs='+', + help=_('Endpoint group(s) to delete (name or ID)')) + return parser + + def take_action(self, parsed_args): + client = self.app.client_manager.neutronclient + result = 0 + for endpoint in parsed_args.endpoint_group: + try: + endpoint_id = client.find_resource( + 'endpoint_group', + endpoint, + cmd_resource='endpoint_group')['id'] + client.delete_endpoint_group(endpoint_id) + except Exception as e: + result += 1 + LOG.error(_("Failed to delete endpoint group with " + "name or ID '%(endpoint_group)s': %(e)s"), + {'endpoint_group': endpoint, 'e': e}) + + if result > 0: + total = len(parsed_args.endpoint_group) + msg = (_("%(result)s of %(total)s endpoint group failed " + "to delete.") % {'result': result, 'total': total}) + raise exceptions.CommandError(msg) + + +class ListEndpointGroup(command.Lister): + _description = _("List endpoint groups that belong to a given project") + + def get_parser(self, prog_name): + parser = super(ListEndpointGroup, self).get_parser(prog_name) + parser.add_argument( + '--long', + action='store_true', + default=False, + help=_("List additional fields in output") + ) + return parser + + def take_action(self, parsed_args): + client = self.app.client_manager.neutronclient + obj = client.list_endpoint_groups()['endpoint_groups'] + headers, columns = osc_utils.get_column_definitions( + _attr_map, long_listing=parsed_args.long) + return (headers, (utils.get_dict_properties(s, columns) for s in obj)) + + +class SetEndpointGroup(command.Command): + _description = _("Set endpoint group properties") + + def get_parser(self, prog_name): + parser = super(SetEndpointGroup, self).get_parser(prog_name) + _get_common_parser(parser) + parser.add_argument( + '--name', + metavar='<name>', + help=_('Set a name for the endpoint group')) + parser.add_argument( + 'endpoint_group', + metavar='<endpoint-group>', + help=_('Endpoint group to set (name or ID)')) + return parser + + def take_action(self, parsed_args): + client = self.app.client_manager.neutronclient + attrs = _get_common_attrs(self.app.client_manager, + parsed_args, is_create=False) + if parsed_args.name: + attrs['name'] = str(parsed_args.name) + endpoint_id = client.find_resource( + 'endpoint_group', parsed_args.endpoint_group, + cmd_resource='endpoint_group')['id'] + try: + client.update_endpoint_group(endpoint_id, + {'endpoint_group': attrs}) + except Exception as e: + msg = (_("Failed to set endpoint group " + "%(endpoint_group)s: %(e)s") + % {'endpoint_group': parsed_args.endpoint_group, 'e': e}) + raise exceptions.CommandError(msg) + + +class ShowEndpointGroup(command.ShowOne): + _description = _("Display endpoint group details") + + def get_parser(self, prog_name): + parser = super(ShowEndpointGroup, self).get_parser(prog_name) + parser.add_argument( + 'endpoint_group', + metavar='<endpoint-group>', + help=_('Endpoint group to display (name or ID)')) + return parser + + def take_action(self, parsed_args): + client = self.app.client_manager.neutronclient + endpoint_id = client.find_resource( + 'endpoint_group', parsed_args.endpoint_group, + cmd_resource='endpoint_group')['id'] + obj = client.show_endpoint_group(endpoint_id)['endpoint_group'] + columns, display_columns = osc_utils.get_columns(obj, _attr_map) + data = utils.get_dict_properties(obj, columns) + return (display_columns, data) diff --git a/neutronclient/osc/v2/vpnaas/ikepolicy.py b/neutronclient/osc/v2/vpnaas/ikepolicy.py new file mode 100644 index 0000000..28e6f60 --- /dev/null +++ b/neutronclient/osc/v2/vpnaas/ikepolicy.py @@ -0,0 +1,243 @@ +# Copyright 2017 FUJITSU LIMITED +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +from osc_lib.command import command +from osc_lib import exceptions +from osc_lib import utils +from oslo_log import log as logging + +from neutronclient._i18n import _ +from neutronclient.common import utils as nc_utils +from neutronclient.osc import utils as osc_utils +from neutronclient.osc.v2.vpnaas import utils as vpn_utils + + +LOG = logging.getLogger(__name__) + +_attr_map = ( + ('id', 'ID', osc_utils.LIST_BOTH), + ('name', 'Name', osc_utils.LIST_BOTH), + ('auth_algorithm', 'Authentication Algorithm', osc_utils.LIST_BOTH), + ('encryption_algorithm', 'Encryption Algorithm', osc_utils.LIST_BOTH), + ('ike_version', 'IKE Version', osc_utils.LIST_BOTH), + ('pfs', 'Perfect Forward Secrecy (PFS)', osc_utils.LIST_BOTH), + ('description', 'Description', osc_utils.LIST_LONG_ONLY), + ('phase1_negotiation_mode', 'Phase1 Negotiation Mode', + osc_utils.LIST_LONG_ONLY), + ('tenant_id', 'Project', osc_utils.LIST_LONG_ONLY), + ('lifetime', 'Lifetime', osc_utils.LIST_LONG_ONLY), +) + + +def _convert_to_lowercase(string): + return string.lower() + + +def _get_common_parser(parser): + parser.add_argument( + '--description', + metavar='<description>', + help=_('Description of the IKE policy')) + parser.add_argument( + '--auth-algorithm', + choices=['sha1', 'sha256', 'sha384', 'sha512'], + type=_convert_to_lowercase, + help=_('Authentication algorithm')) + parser.add_argument( + '--encryption-algorithm', + choices=['aes-128', '3des', 'aes-192', 'aes-256'], + type=_convert_to_lowercase, + help=_('Encryption algorithm')) + parser.add_argument( + '--phase1-negotiation-mode', + choices=['main'], + type=_convert_to_lowercase, + help=_('IKE Phase1 negotiation mode')) + parser.add_argument( + '--ike-version', + choices=['v1', 'v2'], + type=_convert_to_lowercase, + help=_('IKE version for the policy')) + parser.add_argument( + '--pfs', + choices=['group5', 'group2', 'group14'], + type=_convert_to_lowercase, + help=_('Perfect Forward Secrecy')) + parser.add_argument( + '--lifetime', + metavar="units=UNITS,value=VALUE", + type=nc_utils.str2dict_type(optional_keys=['units', 'value']), + help=vpn_utils.lifetime_help("IKE")) + return parser + + +def _get_common_attrs(client_manager, parsed_args, is_create=True): + attrs = {} + if is_create: + if 'project' in parsed_args and parsed_args.project is not None: + attrs['tenant_id'] = osc_utils.find_project( + client_manager.identity, + parsed_args.project, + parsed_args.project_domain, + ).id + if parsed_args.description: + attrs['description'] = parsed_args.description + if parsed_args.auth_algorithm: + attrs['auth_algorithm'] = parsed_args.auth_algorithm + if parsed_args.encryption_algorithm: + attrs['encryption_algorithm'] = parsed_args.encryption_algorithm + if parsed_args.phase1_negotiation_mode: + attrs['phase1_negotiation_mode'] = parsed_args.phase1_negotiation_mode + if parsed_args.ike_version: + attrs['ike_version'] = parsed_args.ike_version + if parsed_args.pfs: + attrs['pfs'] = parsed_args.pfs + if parsed_args.lifetime: + vpn_utils.validate_lifetime_dict(parsed_args.lifetime) + attrs['lifetime'] = parsed_args.lifetime + return attrs + + +class CreateIKEPolicy(command.ShowOne): + _description = _("Create an IKE policy") + + def get_parser(self, prog_name): + parser = super(CreateIKEPolicy, self).get_parser(prog_name) + _get_common_parser(parser) + parser.add_argument( + 'name', + metavar='<name>', + help=_('Name of the IKE policy')) + osc_utils.add_project_owner_option_to_parser(parser) + return parser + + def take_action(self, parsed_args): + client = self.app.client_manager.neutronclient + attrs = _get_common_attrs(self.app.client_manager, parsed_args) + if parsed_args.name: + attrs['name'] = str(parsed_args.name) + obj = client.create_ikepolicy({'ikepolicy': attrs})['ikepolicy'] + columns, display_columns = osc_utils.get_columns(obj, _attr_map) + data = utils.get_dict_properties(obj, columns) + return display_columns, data + + +class DeleteIKEPolicy(command.Command): + _description = _("Delete IKE policy (policies)") + + def get_parser(self, prog_name): + parser = super(DeleteIKEPolicy, self).get_parser(prog_name) + parser.add_argument( + 'ikepolicy', + metavar='<ike-policy>', + nargs='+', + help=_('IKE policy to delete (name or ID)')) + return parser + + def take_action(self, parsed_args): + client = self.app.client_manager.neutronclient + result = 0 + for ike in parsed_args.ikepolicy: + try: + ike_id = client.find_resource( + 'ikepolicy', ike, cmd_resource='ikepolicy')['id'] + client.delete_ikepolicy(ike_id) + except Exception as e: + result += 1 + LOG.error(_("Failed to delete IKE policy with " + "name or ID '%(ikepolicy)s': %(e)s"), + {'ikepolicy': ike, 'e': e}) + + if result > 0: + total = len(parsed_args.ikepolicy) + msg = (_("%(result)s of %(total)s IKE policy failed " + "to delete.") % {'result': result, 'total': total}) + raise exceptions.CommandError(msg) + + +class ListIKEPolicy(command.Lister): + _description = _("List IKE policies that belong to a given project") + + def get_parser(self, prog_name): + parser = super(ListIKEPolicy, self).get_parser(prog_name) + parser.add_argument( + '--long', + action='store_true', + help=_("List additional fields in output") + ) + return parser + + def take_action(self, parsed_args): + client = self.app.client_manager.neutronclient + obj = client.list_ikepolicies()['ikepolicies'] + headers, columns = osc_utils.get_column_definitions( + _attr_map, long_listing=parsed_args.long) + return (headers, (utils.get_dict_properties(s, columns) for s in obj)) + + +class SetIKEPolicy(command.Command): + _description = _("Set IKE policy properties") + + def get_parser(self, prog_name): + parser = super(SetIKEPolicy, self).get_parser(prog_name) + _get_common_parser(parser) + parser.add_argument( + '--name', + metavar='<name>', + help=_('Name of the IKE policy')) + parser.add_argument( + 'ikepolicy', + metavar='<ike-policy>', + help=_('IKE policy to set (name or ID)')) + return parser + + def take_action(self, parsed_args): + client = self.app.client_manager.neutronclient + attrs = _get_common_attrs(self.app.client_manager, + parsed_args, is_create=False) + if parsed_args.name: + attrs['name'] = parsed_args.name + ike_id = client.find_resource( + 'ikepolicy', parsed_args.ikepolicy, + cmd_resource='ikepolicy')['id'] + try: + client.update_ikepolicy(ike_id, {'ikepolicy': attrs}) + except Exception as e: + msg = (_("Failed to set IKE policy '%(ike)s': %(e)s") + % {'ike': parsed_args.ikepolicy, 'e': e}) + raise exceptions.CommandError(msg) + + +class ShowIKEPolicy(command.ShowOne): + _description = _("Display IKE policy details") + + def get_parser(self, prog_name): + parser = super(ShowIKEPolicy, self).get_parser(prog_name) + parser.add_argument( + 'ikepolicy', + metavar='<ike-policy>', + help=_('IKE policy to display (name or ID)')) + return parser + + def take_action(self, parsed_args): + client = self.app.client_manager.neutronclient + ike_id = client.find_resource( + 'ikepolicy', parsed_args.ikepolicy, + cmd_resource='ikepolicy')['id'] + obj = client.show_ikepolicy(ike_id)['ikepolicy'] + columns, display_columns = osc_utils.get_columns(obj, _attr_map) + data = utils.get_dict_properties(obj, columns) + return (display_columns, data) diff --git a/neutronclient/osc/v2/vpnaas/ipsec_site_connection.py b/neutronclient/osc/v2/vpnaas/ipsec_site_connection.py new file mode 100644 index 0000000..8dd98a9 --- /dev/null +++ b/neutronclient/osc/v2/vpnaas/ipsec_site_connection.py @@ -0,0 +1,372 @@ +# Copyright 2017 FUJITSU LIMITED +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +from osc_lib.cli import format_columns +from osc_lib.command import command +from osc_lib import exceptions +from osc_lib import utils +from oslo_log import log as logging + +from neutronclient._i18n import _ +from neutronclient.common import utils as nc_utils +from neutronclient.osc import utils as osc_utils +from neutronclient.osc.v2.vpnaas import utils as vpn_utils + + +LOG = logging.getLogger(__name__) + + +_formatters = { + 'peer_cidrs': format_columns.ListColumn +} + + +_attr_map = ( + ('id', 'ID', osc_utils.LIST_BOTH), + ('name', 'Name', osc_utils.LIST_BOTH), + ('peer_address', 'Peer Address', osc_utils.LIST_BOTH), + ('auth_mode', 'Authentication Algorithm', osc_utils.LIST_BOTH), + ('status', 'Status', osc_utils.LIST_BOTH), + ('tenant_id', 'Project', osc_utils.LIST_LONG_ONLY), + ('peer_cidrs', 'Peer CIDRs', osc_utils.LIST_LONG_ONLY), + ('vpnservice_id', 'VPN Service', osc_utils.LIST_LONG_ONLY), + ('ipsecpolicy_id', 'IPSec Policy', osc_utils.LIST_LONG_ONLY), + ('ikepolicy_id', 'IKE Policy', osc_utils.LIST_LONG_ONLY), + ('mtu', 'MTU', osc_utils.LIST_LONG_ONLY), + ('initiator', 'Initiator', osc_utils.LIST_LONG_ONLY), + ('admin_state_up', 'State', osc_utils.LIST_LONG_ONLY), + ('description', 'Description', osc_utils.LIST_LONG_ONLY), + ('psk', 'Pre-shared Key', osc_utils.LIST_LONG_ONLY), + ('route_mode', 'Route Mode', osc_utils.LIST_LONG_ONLY), + ('local_id', 'Local ID', osc_utils.LIST_LONG_ONLY), + ('peer_id', 'Peer ID', osc_utils.LIST_LONG_ONLY), + ('local_ep_group_id', 'Local Endpoint Group ID', osc_utils.LIST_LONG_ONLY), + ('peer_ep_group_id', 'Peer Endpoint Group ID', osc_utils.LIST_LONG_ONLY), +) + + +def _convert_to_lowercase(string): + return string.lower() + + +def _get_common_parser(parser, is_create=True): + parser.add_argument( + '--description', + metavar='<description>', + help=_('Description for the connection')) + parser.add_argument( + '--dpd', + metavar="action=ACTION,interval=INTERVAL,timeout=TIMEOUT", + type=nc_utils.str2dict_type( + optional_keys=['action', 'interval', 'timeout']), + help=vpn_utils.dpd_help("IPsec connection")) + parser.add_argument( + '--mtu', + help=_('MTU size for the connection')) + parser.add_argument( + '--initiator', + choices=['bi-directional', 'response-only'], + type=_convert_to_lowercase, + help=_('Initiator state')) + peer_group = parser.add_mutually_exclusive_group() + peer_group.add_argument( + '--peer-cidr', + dest='peer_cidrs', + help=_('Remote subnet(s) in CIDR format. ' + 'Cannot be specified when using endpoint groups. Only ' + 'applicable, if subnet provided for VPN service.') + ) + peer_group.add_argument( + '--local-endpoint-group', + help=_('Local endpoint group (name or ID) with subnet(s) ' + 'for IPsec connection') + ) + parser.add_argument( + '--peer-endpoint-group', + help=_('Peer endpoint group (name or ID) with CIDR(s) for ' + 'IPSec connection')) + admin_group = parser.add_mutually_exclusive_group() + admin_group.add_argument( + '--enable', + action='store_true', + help=_("Enable IPSec site connection") + ) + admin_group.add_argument( + '--disable', + action='store_true', + help=_("Disable IPSec site connection") + ) + parser.add_argument( + '--local-id', + help=_('An ID to be used instead of the external IP ' + 'address for a virtual router')) + return parser + + +def _get_common_attrs(client_manager, parsed_args, is_create=True): + attrs = {} + if is_create: + if 'project' in parsed_args and parsed_args.project is not None: + attrs['tenant_id'] = osc_utils.find_project( + client_manager.identity, + parsed_args.project, + parsed_args.project_domain, + ).id + if parsed_args.description: + attrs['description'] = str(parsed_args.description) + if parsed_args.mtu: + attrs['mtu'] = parsed_args.mtu + if parsed_args.enable: + attrs['admin_state_up'] = True + if parsed_args.disable: + attrs['admin_state_up'] = False + if parsed_args.initiator: + attrs['initiator'] = parsed_args.initiator + if parsed_args.dpd: + vpn_utils.validate_dpd_dict(parsed_args.dpd) + attrs['dpd'] = parsed_args.dpd + if parsed_args.local_endpoint_group: + _local_epg = client_manager.neutronclient.find_resource( + 'endpoint_group', + parsed_args.local_endpoint_group, + cmd_resource='endpoint_group')['id'] + attrs['local_ep_group_id'] = _local_epg + if parsed_args.peer_endpoint_group: + _peer_epg = client_manager.neutronclient.find_resource( + 'endpoint_group', + parsed_args.peer_endpoint_group, + cmd_resource='endpoint_group')['id'] + attrs['peer_ep_group_id'] = _peer_epg + if parsed_args.peer_cidrs: + attrs['peer_cidrs'] = parsed_args.peer_cidrs + if parsed_args.local_id: + attrs['local_id'] = parsed_args.local_id + return attrs + + +class CreateIPsecSiteConnection(command.ShowOne): + _description = _("Create an IPsec site connection") + + def get_parser(self, prog_name): + parser = super(CreateIPsecSiteConnection, self).get_parser(prog_name) + _get_common_parser(parser) + parser.add_argument( + '--peer-id', + required=True, + help=_('Peer router identity for authentication. Can be ' + 'IPv4/IPv6 address, e-mail address, key id, or FQDN')) + parser.add_argument( + '--peer-address', + required=True, + help=_('Peer gateway public IPv4/IPv6 address or FQDN')) + parser.add_argument( + '--psk', + required=True, + help=_('Pre-shared key string.')) + parser.add_argument( + '--vpnservice', + metavar='VPNSERVICE', + required=True, + help=_('VPN service instance associated with this ' + 'connection (name or ID)')) + parser.add_argument( + '--ikepolicy', + metavar='IKEPOLICY', + required=True, + help=_('IKE policy associated with this connection (name or ID)')) + parser.add_argument( + '--ipsecpolicy', + metavar='IPSECPOLICY', + required=True, + help=_('IPsec policy associated with this connection ' + '(name or ID)')) + parser.add_argument( + 'name', + metavar='<name>', + help=_('Set friendly name for the connection')) + osc_utils.add_project_owner_option_to_parser(parser) + return parser + + def take_action(self, parsed_args): + client = self.app.client_manager.neutronclient + attrs = _get_common_attrs(self.app.client_manager, parsed_args) + if parsed_args.vpnservice: + _vpnservice_id = client.find_resource( + 'vpnservice', + parsed_args.vpnservice, + cmd_resource='vpnservice')['id'] + attrs['vpnservice_id'] = _vpnservice_id + if parsed_args.ikepolicy: + _ikepolicy_id = client.find_resource( + 'ikepolicy', + parsed_args.ikepolicy, + cmd_resource='ikepolicy')['id'] + attrs['ikepolicy_id'] = _ikepolicy_id + if parsed_args.ipsecpolicy: + _ipsecpolicy_id = client.find_resource( + 'ipsecpolicy', + parsed_args.ipsecpolicy, + cmd_resource='ipsecpolicy')['id'] + attrs['ipsecpolicy_id'] = _ipsecpolicy_id + if parsed_args.peer_id: + attrs['peer_id'] = parsed_args.peer_id + if parsed_args.peer_address: + attrs['peer_address'] = parsed_args.peer_address + if parsed_args.psk: + attrs['psk'] = parsed_args.psk + if parsed_args.name: + attrs['name'] = parsed_args.name + if (bool(parsed_args.local_endpoint_group) != + bool(parsed_args.peer_endpoint_group)): + message = _("You must specify both local and peer endpoint " + "groups") + raise exceptions.CommandError(message) + if not parsed_args.peer_cidrs and not parsed_args.local_endpoint_group: + message = _("You must specify endpoint groups or peer CIDR(s)") + raise exceptions.CommandError(message) + obj = client.create_ipsec_site_connection( + {'ipsec_site_connection': attrs})['ipsec_site_connection'] + columns, display_columns = osc_utils.get_columns(obj, _attr_map) + data = utils.get_dict_properties(obj, columns, formatters=_formatters) + return display_columns, data + + +class DeleteIPsecSiteConnection(command.Command): + _description = _("Delete IPsec site connection(s)") + + def get_parser(self, prog_name): + parser = super(DeleteIPsecSiteConnection, self).get_parser(prog_name) + parser.add_argument( + 'ipsec_site_connection', + metavar='<ipsec-site-connection>', + nargs='+', + help=_('IPsec site connection to delete (name or ID)')) + return parser + + def take_action(self, parsed_args): + client = self.app.client_manager.neutronclient + result = 0 + for ipsec_conn in parsed_args.ipsec_site_connection: + try: + ipsec_con_id = client.find_resource( + 'ipsec_site_connection', + ipsec_conn, + cmd_resource='ipsec_site_connection')['id'] + client.delete_ipsec_site_connection(ipsec_con_id) + except Exception as e: + result += 1 + LOG.error(_("Failed to delete IPsec site connection with " + "name or ID '%(ipsec_site_conn)s': %(e)s"), + {'ipsec_site_conn': ipsec_conn, 'e': e}) + + if result > 0: + total = len(parsed_args.ipsec_site_connection) + msg = (_("%(result)s of %(total)s IPsec site connection failed " + "to delete.") % {'result': result, 'total': total}) + raise exceptions.CommandError(msg) + + +class ListIPsecSiteConnection(command.Lister): + _description = _("List IPsec site connections " + "that belong to a given project") + + def get_parser(self, prog_name): + parser = super(ListIPsecSiteConnection, self).get_parser(prog_name) + parser.add_argument( + '--long', + action='store_true', + default=False, + help=_("List additional fields in output") + ) + return parser + + def take_action(self, parsed_args): + client = self.app.client_manager.neutronclient + obj = client.list_ipsec_site_connections()['ipsec_site_connections'] + headers, columns = osc_utils.get_column_definitions( + _attr_map, long_listing=parsed_args.long) + return (headers, (utils.get_dict_properties( + s, columns, formatters=_formatters) for s in obj)) + + +class SetIPsecSiteConnection(command.Command): + _description = _("Set IPsec site connection properties") + + def get_parser(self, prog_name): + parser = super(SetIPsecSiteConnection, self).get_parser(prog_name) + _get_common_parser(parser) + parser.add_argument( + '--peer-id', + help=_('Peer router identity for authentication. Can be ' + 'IPv4/IPv6 address, e-mail address, key id, or FQDN')) + parser.add_argument( + '--peer-address', + help=_('Peer gateway public IPv4/IPv6 address or FQDN')) + parser.add_argument( + '--name', + metavar='<name>', + help=_('Set friendly name for the connection')) + parser.add_argument( + 'ipsec_site_connection', + metavar='<ipsec-site-connection>', + help=_('IPsec site connection to set (name or ID)')) + return parser + + def take_action(self, parsed_args): + client = self.app.client_manager.neutronclient + attrs = _get_common_attrs(self.app.client_manager, + parsed_args, is_create=False) + if parsed_args.peer_id: + attrs['peer_id'] = parsed_args.peer_id + if parsed_args.peer_address: + attrs['peer_address'] = parsed_args.peer_address + if parsed_args.name: + attrs['name'] = parsed_args.name + ipsec_conn_id = client.find_resource( + 'ipsec_site_connection', parsed_args.ipsec_site_connection, + cmd_resource='ipsec_site_connection')['id'] + try: + client.update_ipsec_site_connection( + ipsec_conn_id, + {'ipsec_site_connection': attrs}) + except Exception as e: + msg = (_("Failed to set IPsec site " + "connection '%(ipsec_conn)s': %(e)s") + % {'ipsec_conn': parsed_args.ipsec_site_connection, 'e': e}) + raise exceptions.CommandError(msg) + + +class ShowIPsecSiteConnection(command.ShowOne): + _description = _("Show information of a given IPsec site connection") + + def get_parser(self, prog_name): + parser = super(ShowIPsecSiteConnection, self).get_parser(prog_name) + parser.add_argument( + 'ipsec_site_connection', + metavar='<ipsec-site-connection>', + help=_('IPsec site connection to display (name or ID)')) + return parser + + def take_action(self, parsed_args): + client = self.app.client_manager.neutronclient + ipsec_site_id = client.find_resource( + 'ipsec_site_connection', parsed_args.ipsec_site_connection, + cmd_resource='ipsec_site_connection')['id'] + obj = client.show_ipsec_site_connection( + ipsec_site_id)['ipsec_site_connection'] + columns, display_columns = osc_utils.get_columns(obj, _attr_map) + data = utils.get_dict_properties(obj, columns, formatters=_formatters) + return (display_columns, data) diff --git a/neutronclient/osc/v2/vpnaas/ipsecpolicy.py b/neutronclient/osc/v2/vpnaas/ipsecpolicy.py new file mode 100644 index 0000000..43599f3 --- /dev/null +++ b/neutronclient/osc/v2/vpnaas/ipsecpolicy.py @@ -0,0 +1,242 @@ +# Copyright 2017 FUJITSU LIMITED +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +from osc_lib.command import command +from osc_lib import exceptions +from osc_lib import utils +from oslo_log import log as logging + +from neutronclient._i18n import _ +from neutronclient.common import utils as nc_utils +from neutronclient.osc import utils as osc_utils +from neutronclient.osc.v2.vpnaas import utils as vpn_utils + + +LOG = logging.getLogger(__name__) + +_attr_map = ( + ('id', 'ID', osc_utils.LIST_BOTH), + ('name', 'Name', osc_utils.LIST_BOTH), + ('auth_algorithm', 'Authentication Algorithm', osc_utils.LIST_BOTH), + ('encapsulation_mode', 'Encapsulation Mode', osc_utils.LIST_BOTH), + ('transform_protocol', 'Transform Protocol', osc_utils.LIST_BOTH), + ('encryption_algorithm', 'Encryption Algorithm', osc_utils.LIST_BOTH), + ('pfs', 'Perfect Forward Secrecy (PFS)', osc_utils.LIST_LONG_ONLY), + ('description', 'Description', osc_utils.LIST_LONG_ONLY), + ('tenant_id', 'Project', osc_utils.LIST_LONG_ONLY), + ('lifetime', 'Lifetime', osc_utils.LIST_LONG_ONLY), +) + + +def _convert_to_lowercase(string): + return string.lower() + + +def _get_common_parser(parser): + parser.add_argument( + '--description', + metavar='<description>', + help=_('Description of the IPsec policy')) + parser.add_argument( + '--auth-algorithm', + choices=['sha1', 'sha256', 'sha384', 'sha512'], + type=_convert_to_lowercase, + help=_('Authentication algorithm for IPsec policy')) + parser.add_argument( + '--encapsulation-mode', + choices=['tunnel', 'transport'], + type=_convert_to_lowercase, + help=_('Encapsulation mode for IPsec policy')) + parser.add_argument( + '--encryption-algorithm', + choices=['3des', 'aes-128', 'aes-192', 'aes-256'], + type=_convert_to_lowercase, + help=_('Encryption algorithm for IPsec policy')) + parser.add_argument( + '--lifetime', + metavar="units=UNITS,value=VALUE", + type=nc_utils.str2dict_type(optional_keys=['units', 'value']), + help=vpn_utils.lifetime_help("IPsec")) + parser.add_argument( + '--pfs', + choices=['group2', 'group5', 'group14'], + type=_convert_to_lowercase, + help=_('Perfect Forward Secrecy for IPsec policy')) + parser.add_argument( + '--transform-protocol', + type=_convert_to_lowercase, + choices=['esp', 'ah', 'ah-esp'], + help=_('Transform protocol for IPsec policy')) + + +def _get_common_attrs(client_manager, parsed_args, is_create=True): + attrs = {} + if is_create: + if 'project' in parsed_args and parsed_args.project is not None: + attrs['tenant_id'] = osc_utils.find_project( + client_manager.identity, + parsed_args.project, + parsed_args.project_domain, + ).id + if parsed_args.description: + attrs['description'] = str(parsed_args.description) + if parsed_args.auth_algorithm: + attrs['auth_algorithm'] = parsed_args.auth_algorithm + if parsed_args.encapsulation_mode: + attrs['encapsulation_mode'] = parsed_args.encapsulation_mode + if parsed_args.transform_protocol: + attrs['transform_protocol'] = parsed_args.transform_protocol + if parsed_args.encryption_algorithm: + attrs['encryption_algorithm'] = parsed_args.encryption_algorithm + if parsed_args.pfs: + attrs['pfs'] = parsed_args.pfs + if parsed_args.lifetime: + vpn_utils.validate_lifetime_dict(parsed_args.lifetime) + attrs['lifetime'] = parsed_args.lifetime + return attrs + + +class CreateIPsecPolicy(command.ShowOne): + _description = _("Create an IPsec policy") + + def get_parser(self, prog_name): + parser = super(CreateIPsecPolicy, self).get_parser(prog_name) + _get_common_parser(parser) + parser.add_argument( + 'name', + metavar='<name>', + help=_('Name of the IPsec policy')) + osc_utils.add_project_owner_option_to_parser(parser) + return parser + + def take_action(self, parsed_args): + client = self.app.client_manager.neutronclient + attrs = _get_common_attrs(self.app.client_manager, parsed_args) + if parsed_args.name: + attrs['name'] = str(parsed_args.name) + obj = client.create_ipsecpolicy({'ipsecpolicy': attrs})['ipsecpolicy'] + columns, display_columns = osc_utils.get_columns(obj, _attr_map) + data = utils.get_dict_properties(obj, columns) + return display_columns, data + + +class DeleteIPsecPolicy(command.Command): + _description = _("Delete IPsec policy(policies)") + + def get_parser(self, prog_name): + parser = super(DeleteIPsecPolicy, self).get_parser(prog_name) + parser.add_argument( + 'ipsecpolicy', + metavar='<ipsec-policy>', + nargs='+', + help=_('ipsec policy to delete (name or ID)')) + return parser + + def take_action(self, parsed_args): + client = self.app.client_manager.neutronclient + result = 0 + for ipsec in parsed_args.ipsecpolicy: + try: + ipsec_id = client.find_resource( + 'ipsecpolicy', ipsec, cmd_resource='ipsecpolicy')['id'] + client.delete_ipsecpolicy(ipsec_id) + except Exception as e: + result += 1 + LOG.error(_("Failed to delete IPsec policy with " + "name or ID '%(ipsecpolicy)s': %(e)s"), + {'ipsecpolicy': ipsec, 'e': e}) + + if result > 0: + total = len(parsed_args.ipsecpolicy) + msg = (_("%(result)s of %(total)s IPsec policy failed " + "to delete.") % {'result': result, 'total': total}) + raise exceptions.CommandError(msg) + + +class ListIPsecPolicy(command.Lister): + _description = _("List IPsec policies that belong to a given project") + + def get_parser(self, prog_name): + parser = super(ListIPsecPolicy, self).get_parser(prog_name) + parser.add_argument( + '--long', + action='store_true', + default=False, + help=_("List additional fields in output") + ) + return parser + + def take_action(self, parsed_args): + client = self.app.client_manager.neutronclient + obj = client.list_ipsecpolicies()['ipsecpolicies'] + headers, columns = osc_utils.get_column_definitions( + _attr_map, long_listing=parsed_args.long) + return (headers, (utils.get_dict_properties(s, columns) for s in obj)) + + +class SetIPsecPolicy(command.Command): + _description = _("Set IPsec policy properties") + + def get_parser(self, prog_name): + parser = super(SetIPsecPolicy, self).get_parser(prog_name) + _get_common_parser(parser) + parser.add_argument( + '--name', + metavar='<name>', + help=_('Name of the IPsec policy')) + parser.add_argument( + 'ipsecpolicy', + metavar='<ipsec-policy>', + help=_('IPsec policy to set (name or ID)')) + return parser + + def take_action(self, parsed_args): + client = self.app.client_manager.neutronclient + attrs = _get_common_attrs(self.app.client_manager, + parsed_args, is_create=False) + if parsed_args.name: + attrs['name'] = str(parsed_args.name) + ipsec_id = client.find_resource( + 'ipsecpolicy', parsed_args.ipsecpolicy, + cmd_resource='ipsecpolicy')['id'] + try: + client.update_ipsecpolicy(ipsec_id, {'ipsecpolicy': attrs}) + except Exception as e: + msg = (_("Failed to set IPsec policy '%(ipsec)s': %(e)s") + % {'ipsec': parsed_args.ipsecpolicy, 'e': e}) + raise exceptions.CommandError(msg) + + +class ShowIPsecPolicy(command.ShowOne): + _description = _("Display IPsec policy details") + + def get_parser(self, prog_name): + parser = super(ShowIPsecPolicy, self).get_parser(prog_name) + parser.add_argument( + 'ipsecpolicy', + metavar='<ipsec-policy>', + help=_('IPsec policy to display (name or ID)')) + return parser + + def take_action(self, parsed_args): + client = self.app.client_manager.neutronclient + ipsec_id = client.find_resource( + 'ipsecpolicy', parsed_args.ipsecpolicy, + cmd_resource='ipsecpolicy')['id'] + obj = client.show_ipsecpolicy(ipsec_id)['ipsecpolicy'] + columns, display_columns = osc_utils.get_columns(obj, _attr_map) + data = utils.get_dict_properties(obj, columns) + return (display_columns, data) diff --git a/neutronclient/osc/v2/vpnaas/utils.py b/neutronclient/osc/v2/vpnaas/utils.py new file mode 100644 index 0000000..2de5cc3 --- /dev/null +++ b/neutronclient/osc/v2/vpnaas/utils.py @@ -0,0 +1,112 @@ +# Copyright 2017 FUJITSU LIMITED +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + + +"""VPN Utilities and helper functions.""" + + +from neutronclient._i18n import _ +from neutronclient.common import exceptions + +DPD_SUPPORTED_ACTIONS = ['hold', 'clear', 'restart', + 'restart-by-peer', 'disabled'] +DPD_SUPPORTED_KEYS = ['action', 'interval', 'timeout'] + +lifetime_keys = ['units', 'value'] +lifetime_units = ['seconds'] + + +def validate_dpd_dict(dpd_dict): + for key, value in dpd_dict.items(): + if key not in DPD_SUPPORTED_KEYS: + message = _( + "DPD Dictionary KeyError: " + "Reason-Invalid DPD key : " + "'%(key)s' not in %(supported_key)s") % { + 'key': key, 'supported_key': DPD_SUPPORTED_KEYS} + raise exceptions.CommandError(message) + if key == 'action' and value not in DPD_SUPPORTED_ACTIONS: + message = _( + "DPD Dictionary ValueError: " + "Reason-Invalid DPD action : " + "'%(key_value)s' not in %(supported_action)s") % { + 'key_value': value, + 'supported_action': DPD_SUPPORTED_ACTIONS} + raise exceptions.CommandError(message) + if key in ('interval', 'timeout'): + try: + if int(value) <= 0: + raise ValueError() + except ValueError: + message = _( + "DPD Dictionary ValueError: " + "Reason-Invalid positive integer value: " + "'%(key)s' = %(value)s") % { + 'key': key, 'value': value} + raise exceptions.CommandError(message) + else: + dpd_dict[key] = int(value) + return + + +def validate_lifetime_dict(lifetime_dict): + + for key, value in lifetime_dict.items(): + if key not in lifetime_keys: + message = _( + "Lifetime Dictionary KeyError: " + "Reason-Invalid unit key : " + "'%(key)s' not in %(supported_key)s") % { + 'key': key, 'supported_key': lifetime_keys} + raise exceptions.CommandError(message) + if key == 'units' and value not in lifetime_units: + message = _( + "Lifetime Dictionary ValueError: " + "Reason-Invalid units : " + "'%(key_value)s' not in %(supported_units)s") % { + 'key_value': key, 'supported_units': lifetime_units} + raise exceptions.CommandError(message) + if key == 'value': + try: + if int(value) < 60: + raise ValueError() + except ValueError: + message = _( + "Lifetime Dictionary ValueError: " + "Reason-Invalid value should be at least 60:" + "'%(key_value)s' = %(value)s") % { + 'key_value': key, 'value': value} + raise exceptions.CommandError(message) + else: + lifetime_dict['value'] = int(value) + return + + +def lifetime_help(policy): + lifetime = _("%s lifetime attributes. " + "'units'-seconds, default:seconds. " + "'value'-non negative integer, default:3600.") % policy + return lifetime + + +def dpd_help(policy): + dpd = _(" %s Dead Peer Detection attributes." + " 'action'-hold,clear,disabled,restart,restart-by-peer." + " 'interval' and 'timeout' are non negative integers. " + " 'interval' should be less than 'timeout' value. " + " 'action', default:hold 'interval', default:30, " + " 'timeout', default:120.") % policy.capitalize() + return dpd diff --git a/neutronclient/osc/v2/vpnaas/vpnservice.py b/neutronclient/osc/v2/vpnaas/vpnservice.py new file mode 100644 index 0000000..2120a14 --- /dev/null +++ b/neutronclient/osc/v2/vpnaas/vpnservice.py @@ -0,0 +1,235 @@ +# Copyright 2017 FUJITSU LIMITED +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +from osc_lib.command import command +from osc_lib import exceptions +from osc_lib import utils +from oslo_log import log as logging + +from neutronclient._i18n import _ +from neutronclient.osc import utils as osc_utils + + +LOG = logging.getLogger(__name__) + +_attr_map = ( + ('id', 'ID', osc_utils.LIST_BOTH), + ('name', 'Name', osc_utils.LIST_BOTH), + ('router_id', 'Router', osc_utils.LIST_BOTH), + ('subnet_id', 'Subnet', osc_utils.LIST_BOTH), + ('flavor_id', 'Flavor', osc_utils.LIST_BOTH), + ('admin_state_up', 'State', osc_utils.LIST_BOTH), + ('status', 'Status', osc_utils.LIST_BOTH), + ('description', 'Description', osc_utils.LIST_LONG_ONLY), + ('tenant_id', 'Project', osc_utils.LIST_LONG_ONLY), +) + + +def _get_common_parser(parser): + parser.add_argument( + '--description', + metavar='<description>', + help=_('Description for the VPN service')) + parser.add_argument( + '--subnet', + metavar='<subnet>', + help=_('Local private subnet (name or ID)')) + parser.add_argument( + '--flavor', + metavar='<flavor>', + help=_('Flavor for the VPN service (name or ID)')) + admin_group = parser.add_mutually_exclusive_group() + admin_group.add_argument( + '--enable', + action='store_true', + help=_("Enable VPN service") + ) + admin_group.add_argument( + '--disable', + action='store_true', + help=_("Disable VPN service") + ) + return parser + + +def _get_common_attrs(client_manager, parsed_args, is_create=True): + attrs = {} + if is_create: + if 'project' in parsed_args and parsed_args.project is not None: + attrs['tenant_id'] = osc_utils.find_project( + client_manager.identity, + parsed_args.project, + parsed_args.project_domain, + ).id + if parsed_args.description: + attrs['description'] = str(parsed_args.description) + if parsed_args.subnet: + _subnet_id = client_manager.network.find_subnet( + parsed_args.subnet).id + attrs['subnet_id'] = _subnet_id + if parsed_args.flavor: + _flavor_id = client_manager.network.find_flavor( + parsed_args.flavor, + ignore_missing=False + ).id + attrs['flavor_id'] = _flavor_id + if parsed_args.enable: + attrs['admin_state_up'] = True + if parsed_args.disable: + attrs['admin_state_up'] = False + return attrs + + +class CreateVPNService(command.ShowOne): + _description = _("Create an VPN service") + + def get_parser(self, prog_name): + parser = super(CreateVPNService, self).get_parser(prog_name) + _get_common_parser(parser) + parser.add_argument( + 'name', + metavar='<name>', + help=_('Name for the VPN service')) + parser.add_argument( + '--router', + metavar='ROUTER', + required=True, + help=_('Router for the VPN service (name or ID)')) + osc_utils.add_project_owner_option_to_parser(parser) + return parser + + def take_action(self, parsed_args): + client = self.app.client_manager.neutronclient + attrs = _get_common_attrs(self.app.client_manager, parsed_args) + if parsed_args.name: + attrs['name'] = str(parsed_args.name) + if parsed_args.router: + _router_id = self.app.client_manager.network.find_router( + parsed_args.router).id + attrs['router_id'] = _router_id + obj = client.create_vpnservice({'vpnservice': attrs})['vpnservice'] + columns, display_columns = osc_utils.get_columns(obj, _attr_map) + data = utils.get_dict_properties(obj, columns) + return display_columns, data + + +class DeleteVPNService(command.Command): + _description = _("Delete VPN service(s)") + + def get_parser(self, prog_name): + parser = super(DeleteVPNService, self).get_parser(prog_name) + parser.add_argument( + 'vpnservice', + metavar='<vpn-service>', + nargs='+', + help=_('VPN service to delete (name or ID)')) + return parser + + def take_action(self, parsed_args): + client = self.app.client_manager.neutronclient + result = 0 + for vpn in parsed_args.vpnservice: + try: + vpn_id = client.find_resource( + 'vpnservice', vpn, cmd_resource='vpnservice')['id'] + client.delete_vpnservice(vpn_id) + except Exception as e: + result += 1 + LOG.error(_("Failed to delete VPN service with " + "name or ID '%(vpnservice)s': %(e)s"), + {'vpnservice': vpn, 'e': e}) + + if result > 0: + total = len(parsed_args.vpnservice) + msg = (_("%(result)s of %(total)s vpn service failed " + "to delete.") % {'result': result, 'total': total}) + raise exceptions.CommandError(msg) + + +class ListVPNService(command.Lister): + _description = _("List VPN services that belong to a given project") + + def get_parser(self, prog_name): + parser = super(ListVPNService, self).get_parser(prog_name) + parser.add_argument( + '--long', + action='store_true', + default=False, + help=_("List additional fields in output") + ) + return parser + + def take_action(self, parsed_args): + client = self.app.client_manager.neutronclient + obj = client.list_vpnservices()['vpnservices'] + headers, columns = osc_utils.get_column_definitions( + _attr_map, long_listing=parsed_args.long) + return (headers, (utils.get_dict_properties(s, columns) for s in obj)) + + +class SetVPNSercice(command.Command): + _description = _("Set VPN service properties") + + def get_parser(self, prog_name): + parser = super(SetVPNSercice, self).get_parser(prog_name) + _get_common_parser(parser) + parser.add_argument( + '--name', + metavar='<name>', + help=_('Name for the VPN service')) + parser.add_argument( + 'vpnservice', + metavar='<vpn-service>', + help=_('VPN service to modify (name or ID)')) + return parser + + def take_action(self, parsed_args): + client = self.app.client_manager.neutronclient + attrs = _get_common_attrs(self.app.client_manager, + parsed_args, is_create=False) + if parsed_args.name: + attrs['name'] = str(parsed_args.name) + vpn_id = client.find_resource( + 'vpnservice', parsed_args.vpnservice, + cmd_resource='vpnservice')['id'] + try: + client.update_vpnservice(vpn_id, {'vpnservice': attrs}) + except Exception as e: + msg = (_("Failed to set vpn service '%(vpn)s': %(e)s") + % {'vpn': parsed_args.vpnservice, 'e': e}) + raise exceptions.CommandError(msg) + + +class ShowVPNService(command.ShowOne): + _description = _("Display VPN service details") + + def get_parser(self, prog_name): + parser = super(ShowVPNService, self).get_parser(prog_name) + parser.add_argument( + 'vpnservice', + metavar='<vpn-service>', + help=_('VPN service to display (name or ID)')) + return parser + + def take_action(self, parsed_args): + client = self.app.client_manager.neutronclient + vpn_id = client.find_resource( + 'vpnservice', parsed_args.vpnservice, + cmd_resource='vpnservice')['id'] + obj = client.show_vpnservice(vpn_id)['vpnservice'] + columns, display_columns = osc_utils.get_columns(obj, _attr_map) + data = utils.get_dict_properties(obj, columns) + return (display_columns, data) diff --git a/neutronclient/tests/unit/osc/v2/vpnaas/common.py b/neutronclient/tests/unit/osc/v2/vpnaas/common.py new file mode 100644 index 0000000..4edee8b --- /dev/null +++ b/neutronclient/tests/unit/osc/v2/vpnaas/common.py @@ -0,0 +1,157 @@ +# Copyright 2017 FUJITSU LIMITED +# All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +import testtools + +from osc_lib import exceptions + +from neutronclient.tests.unit.osc.v2 import fakes as test_fakes + + +class TestCreateVPNaaS(test_fakes.TestNeutronClientOSCV2): + pass + + +class TestDeleteVPNaaS(test_fakes.TestNeutronClientOSCV2): + + def test_delete_with_one_resource(self): + target = self.resource['id'] + arglist = [target] + verifylist = [(self.res, [target])] + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + result = self.cmd.take_action(parsed_args) + + self.mocked.assert_called_once_with(target) + self.assertIsNone(result) + + def test_delete_with_multiple_resources(self): + + def _mock_vpnaas(*args, **kwargs): + self.assertEqual(self.res, args[0]) + self.assertIsNotNone(args[1]) + self.assertEqual({'cmd_resource': self.res}, kwargs) + return {'id': args[1]} + + self.neutronclient.find_resource.side_effect = _mock_vpnaas + + target1 = 'target1' + target2 = 'target2' + arglist = [target1, target2] + verifylist = [(self.res, [target1, target2])] + + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + result = self.cmd.take_action(parsed_args) + self.assertIsNone(result) + + self.assertEqual(2, self.mocked.call_count) + for idx, reference in enumerate([target1, target2]): + actual = ''.join(self.mocked.call_args_list[idx][0]) + self.assertEqual(reference, actual) + + def test_delete_multiple_with_exception(self): + target1 = 'target' + arglist = [target1] + verifylist = [(self.res, [target1])] + + self.neutronclient.find_resource.side_effect = [ + target1, exceptions.CommandError + ] + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + resource_name = self.res.replace('_', ' ') + msg = "1 of 2 %s(s) failed to delete." % resource_name + with testtools.ExpectedException(exceptions.CommandError) as e: + self.cmd.take_action(parsed_args) + self.assertEqual(msg, str(e)) + + +class TestListVPNaaS(test_fakes.TestNeutronClientOSCV2): + + def test_list_with_no_option(self): + arglist = [] + verifylist = [] + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + headers, data = self.cmd.take_action(parsed_args) + + self.mocked.assert_called_once_with() + self.assertEqual(list(self.list_headers), headers) + self.assertEqual([self.list_data], list(data)) + + def test_list_with_long_option(self): + arglist = ['--long'] + verifylist = [('long', True)] + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + headers, data = self.cmd.take_action(parsed_args) + + self.mocked.assert_called_once_with() + self.assertEqual(list(self.headers), headers) + self.assertEqual([self.data], list(data)) + + +class TestSetVPNaaS(test_fakes.TestNeutronClientOSCV2): + + def test_set_name(self): + target = self.resource['id'] + update = 'change' + arglist = [target, '--name', update] + verifylist = [ + (self.res, target), + ('name', update), + ] + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + result = self.cmd.take_action(parsed_args) + + self.mocked.assert_called_once_with( + target, {self.res: {'name': update}}) + self.assertIsNone(result) + + def test_set_description(self): + target = self.resource['id'] + update = 'change-desc' + arglist = [target, '--description', update] + verifylist = [ + (self.res, target), + ('description', update), + ] + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + result = self.cmd.take_action(parsed_args) + + self.mocked.assert_called_once_with( + target, {self.res: {'description': update}}) + self.assertIsNone(result) + + +class TestShowVPNaaS(test_fakes.TestNeutronClientOSCV2): + + def test_show_filtered_by_id_or_name(self): + target = self.resource['id'] + + def _mock_vpnaas(*args, **kwargs): + if self.neutronclient.find_resource.call_count == 1: + self.assertEqual(self.res, args[0]) + self.assertEqual(self.resource['id'], args[1]) + self.assertEqual({'cmd_resource': self.res}, kwargs) + return {'id': args[1]} + + self.neutronclient.find_resource.side_effect = _mock_vpnaas + + arglist = [target] + verifylist = [(self.res, target)] + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + headers, data = self.cmd.take_action(parsed_args) + + self.mocked.assert_called_once_with(target) + self.assertEqual(self.ordered_headers, headers) + self.assertItemEqual(self.ordered_data, data) diff --git a/neutronclient/tests/unit/osc/v2/vpnaas/fakes.py b/neutronclient/tests/unit/osc/v2/vpnaas/fakes.py new file mode 100644 index 0000000..7ee7c5d --- /dev/null +++ b/neutronclient/tests/unit/osc/v2/vpnaas/fakes.py @@ -0,0 +1,178 @@ +# Copyright 2017 FUJITSU LIMITED +# All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +import collections +import copy +import uuid + +import mock + + +class FakeVPNaaS(object): + + def create(self, attrs={}): + """Create a fake vpnaas resources + + :param Dictionary attrs: + A dictionary with all attributes + :return: + A OrderedDict faking the vpnaas resource + """ + self.ordered.update(attrs) + return copy.deepcopy(self.ordered) + + def bulk_create(self, attrs=None, count=2): + """Create multiple fake vpnaas resources + + :param Dictionary attrs: + A dictionary with all attributes + :param int count: + The number of vpnaas resources to fake + :return: + A list of dictionaries faking the vpnaas resources + """ + return [self.create(attrs=attrs) for i in range(0, count)] + + def get(self, attrs=None, count=2): + """Get multiple fake vpnaas resources + + :param Dictionary attrs: + A dictionary with all attributes + :param int count: + The number of vpnaas resources to fake + :return: + A list of dictionaries faking the vpnaas resource + """ + if attrs is None: + self.attrs = self.bulk_create(count=count) + return mock.Mock(side_effect=attrs) + + +class IKEPolicy(FakeVPNaaS): + """Fake one or more IKE policies""" + + def __init__(self): + super(IKEPolicy, self).__init__() + self.ordered = collections.OrderedDict(( + ('id', 'ikepolicy-id-' + uuid.uuid4().hex), + ('name', 'my-ikepolicy-' + uuid.uuid4().hex), + ('auth_algorithm', 'sha1'), + ('encryption_algorithm', 'aes-128'), + ('ike_version', 'v1'), + ('pfs', 'group5'), + ('description', 'my-desc-' + uuid.uuid4().hex), + ('phase1_negotiation_mode', 'main'), + ('tenant_id', 'tenant-id-' + uuid.uuid4().hex), + ('lifetime', {'units': 'seconds', 'value': 3600}), + )) + + +class IPSecPolicy(FakeVPNaaS): + """Fake one or more IPsec policies""" + + def __init__(self): + super(IPSecPolicy, self).__init__() + self.ordered = collections.OrderedDict(( + ('id', 'ikepolicy-id-' + uuid.uuid4().hex), + ('name', 'my-ikepolicy-' + uuid.uuid4().hex), + ('auth_algorithm', 'sha1'), + ('encapsulation_mode', 'tunnel'), + ('transform_protocol', 'esp'), + ('encryption_algorithm', 'aes-128'), + ('pfs', 'group5'), + ('description', 'my-desc-' + uuid.uuid4().hex), + ('tenant_id', 'tenant-id-' + uuid.uuid4().hex), + ('lifetime', {'units': 'seconds', 'value': 3600}), + )) + + +class VPNService(FakeVPNaaS): + """Fake one or more VPN services""" + + def __init__(self): + super(VPNService, self).__init__() + self.ordered = collections.OrderedDict(( + ('id', 'vpnservice-id-' + uuid.uuid4().hex), + ('name', 'my-vpnservice-' + uuid.uuid4().hex), + ('router_id', 'router-id-' + uuid.uuid4().hex), + ('subnet_id', 'subnet-id-' + uuid.uuid4().hex), + ('flavor_id', 'flavor-id-' + uuid.uuid4().hex), + ('admin_state_up', True), + ('status', 'ACTIVE'), + ('description', 'my-desc-' + uuid.uuid4().hex), + ('tenant_id', 'tenant-id-' + uuid.uuid4().hex), + )) + + +class EndpointGroup(FakeVPNaaS): + """Fake one or more Endpoint Groups""" + + def __init__(self): + super(EndpointGroup, self).__init__() + self.ordered = collections.OrderedDict(( + ('id', 'ep-group-id-' + uuid.uuid4().hex), + ('name', 'my-ep-group-' + uuid.uuid4().hex), + ('type', 'cidr'), + ('endpoints', ['10.0.0.0/24', '20.0.0.0/24']), + ('description', 'my-desc-' + uuid.uuid4().hex), + ('tenant_id', 'tenant-id-' + uuid.uuid4().hex), + )) + + +class IPsecSiteConnection(object): + """Fake one or more IPsec site connections""" + @staticmethod + def create_conn(attrs=None): + """Create a fake IPsec conn. + + :param Dictionary attrs: + A dictionary with all attributes + :return: + A Dictionary with id, name, peer_address, auth_mode, status, + tenant_id, peer_cidrs, vpnservice_id, ipsecpolicy_id, + ikepolicy_id, mtu, initiator, admin_state_up, description, + psk, route_mode, local_id, peer_id, local_ep_group_id, + peer_ep_group_id + """ + attrs = attrs or {} + + # Set default attributes. + conn_attrs = { + 'id': 'ipsec-site-conn-id-' + uuid.uuid4().hex, + 'name': 'my-ipsec-site-conn-' + uuid.uuid4().hex, + 'peer_address': '192.168.2.10', + 'auth_mode': '', + 'status': '', + 'tenant_id': 'tenant-id-' + uuid.uuid4().hex, + 'peer_cidrs': [], + 'vpnservice_id': 'vpnservice-id-' + uuid.uuid4().hex, + 'ipsecpolicy_id': 'ipsecpolicy-id-' + uuid.uuid4().hex, + 'ikepolicy_id': 'ikepolicy-id-' + uuid.uuid4().hex, + 'mtu': 1500, + 'initiator': 'bi-directional', + 'admin_state_up': True, + 'description': 'my-vpn-connection', + 'psk': 'abcd', + 'route_mode': '', + 'local_id': '', + 'peer_id': '192.168.2.10', + 'local_ep_group_id': 'local-ep-group-id-' + uuid.uuid4().hex, + 'peer_ep_group_id': 'peer-ep-group-id-' + uuid.uuid4().hex, + } + + # Overwrite default attributes. + conn_attrs.update(attrs) + return copy.deepcopy(conn_attrs) diff --git a/neutronclient/tests/unit/osc/v2/vpnaas/test_endpoint_group.py b/neutronclient/tests/unit/osc/v2/vpnaas/test_endpoint_group.py new file mode 100644 index 0000000..cc597e7 --- /dev/null +++ b/neutronclient/tests/unit/osc/v2/vpnaas/test_endpoint_group.py @@ -0,0 +1,257 @@ +# Copyright 2017 FUJITSU LIMITED +# All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +import copy + +import mock +from osc_lib.tests import utils as tests_utils + +from neutronclient.osc import utils as osc_utils +from neutronclient.osc.v2.vpnaas import endpoint_group +from neutronclient.tests.unit.osc.v2 import fakes as test_fakes +from neutronclient.tests.unit.osc.v2.vpnaas import common +from neutronclient.tests.unit.osc.v2.vpnaas import fakes + + +_endpoint_group = fakes.EndpointGroup().create() +CONVERT_MAP = { + 'project': 'tenant_id', +} + + +def _generate_data(ordered_dict=None, data=None): + source = ordered_dict if ordered_dict else _endpoint_group + if data: + source.update(data) + return tuple(source[key] for key in source) + + +def _generate_req_and_res(verifylist): + request = dict(verifylist) + response = copy.deepcopy(_endpoint_group) + for key, val in verifylist: + converted = CONVERT_MAP.get(key, key) + del request[key] + new_value = val + request[converted] = new_value + response[converted] = new_value + return request, response + + +class TestEndpointGroup(test_fakes.TestNeutronClientOSCV2): + + def check_results(self, headers, data, exp_req, is_list=False): + if is_list: + req_body = {self.res_plural: [exp_req]} + else: + req_body = {self.res: exp_req} + self.mocked.assert_called_once_with(req_body) + self.assertEqual(self.ordered_headers, headers) + self.assertEqual(self.ordered_data, data) + + def setUp(self): + super(TestEndpointGroup, self).setUp() + + def _mock_endpoint_group(*args, **kwargs): + self.neutronclient.find_resource.assert_called_once_with( + self.res, self.resource['id'], cmd_resource='endpoint_group') + return {'id': args[1]} + + self.neutronclient.find_resource.side_effect = mock.Mock( + side_effect=_mock_endpoint_group) + osc_utils.find_project = mock.Mock() + osc_utils.find_project.id = _endpoint_group['tenant_id'] + self.res = 'endpoint_group' + self.res_plural = 'endpoint_groups' + self.resource = _endpoint_group + self.headers = ( + 'ID', + 'Name', + 'Type', + 'Endpoints', + 'Description', + 'Project', + ) + self.data = _generate_data() + self.ordered_headers = ( + 'Description', + 'Endpoints', + 'ID', + 'Name', + 'Project', + 'Type', + ) + self.ordered_data = ( + _endpoint_group['description'], + _endpoint_group['endpoints'], + _endpoint_group['id'], + _endpoint_group['name'], + _endpoint_group['tenant_id'], + _endpoint_group['type'], + ) + self.ordered_columns = ( + 'description', + 'endpoints', + 'id', + 'name', + 'tenant_id', + 'type', + ) + + +class TestCreateEndpointGroup(TestEndpointGroup, common.TestCreateVPNaaS): + + def setUp(self): + super(TestCreateEndpointGroup, self).setUp() + self.neutronclient.create_endpoint_group = mock.Mock( + return_value={self.res: _endpoint_group}) + self.mocked = self.neutronclient.create_endpoint_group + self.cmd = endpoint_group.CreateEndpointGroup(self.app, self.namespace) + + def _update_expect_response(self, request, response): + """Set expected request and response + + :param request + A dictionary of request body(dict of verifylist) + :param response + A OrderedDict of request body + """ + # Update response body + self.neutronclient.create_endpoint_group.return_value = \ + {self.res: dict(response)} + osc_utils.find_project.return_value.id = response['tenant_id'] + # Update response(finally returns 'data') + self.data = _generate_data(ordered_dict=response) + self.ordered_data = tuple( + response[column] for column in self.ordered_columns + ) + + def _set_all_params_cidr(self, args={}): + name = args.get('name') or 'my-name' + description = args.get('description') or 'my-desc' + endpoint_type = args.get('type') or 'cidr' + endpoints = args.get('endpoints') or ['10.0.0.0/24', '20.0.0.0/24'] + tenant_id = args.get('tenant_id') or 'my-tenant' + arglist = [ + '--description', description, + '--type', endpoint_type, + '--value', '10.0.0.0/24', + '--value', '20.0.0.0/24', + '--project', tenant_id, + name, + ] + verifylist = [ + ('description', description), + ('type', endpoint_type), + ('endpoints', endpoints), + ('project', tenant_id), + ('name', name), + ] + return arglist, verifylist + + def _test_create_with_all_params_cidr(self, args={}): + arglist, verifylist = self._set_all_params_cidr(args) + request, response = _generate_req_and_res(verifylist) + self._update_expect_response(request, response) + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + headers, data = self.cmd.take_action(parsed_args) + + self.check_results(headers, data, request) + + def test_create_with_no_options(self): + arglist = [] + verifylist = [] + + self.assertRaises(tests_utils.ParserException, self.check_parser, + self.cmd, arglist, verifylist) + + def test_create_with_all_params_cidr(self): + self._test_create_with_all_params_cidr() + + +class TestDeleteEndpointGroup(TestEndpointGroup, common.TestDeleteVPNaaS): + + def setUp(self): + super(TestDeleteEndpointGroup, self).setUp() + self.neutronclient.delete_endpoint_group = mock.Mock( + return_value={self.res: _endpoint_group}) + self.mocked = self.neutronclient.delete_endpoint_group + self.cmd = endpoint_group.DeleteEndpointGroup(self.app, self.namespace) + + +class TestListEndpointGroup(TestEndpointGroup): + + def setUp(self): + super(TestListEndpointGroup, self).setUp() + self.cmd = endpoint_group.ListEndpointGroup(self.app, self.namespace) + + self.short_header = ( + 'ID', + 'Name', + 'Type', + 'Endpoints', + ) + + self.short_data = ( + _endpoint_group['id'], + _endpoint_group['name'], + _endpoint_group['type'], + _endpoint_group['endpoints'], + ) + + self.neutronclient.list_endpoint_groups = mock.Mock( + return_value={self.res_plural: [_endpoint_group]}) + self.mocked = self.neutronclient.list_endpoint_groups + + def test_list_with_long_option(self): + arglist = ['--long'] + verifylist = [('long', True)] + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + headers, data = self.cmd.take_action(parsed_args) + + self.mocked.assert_called_once_with() + self.assertEqual(list(self.headers), headers) + self.assertEqual([self.data], list(data)) + + def test_list_with_no_option(self): + arglist = [] + verifylist = [] + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + headers, data = self.cmd.take_action(parsed_args) + + self.mocked.assert_called_once_with() + self.assertEqual(list(self.short_header), headers) + self.assertEqual([self.short_data], list(data)) + + +class TestSetEndpointGroup(TestEndpointGroup, common.TestSetVPNaaS): + + def setUp(self): + super(TestSetEndpointGroup, self).setUp() + self.neutronclient.update_endpoint_group = mock.Mock( + return_value={self.res: _endpoint_group}) + self.mocked = self.neutronclient.update_endpoint_group + self.cmd = endpoint_group.SetEndpointGroup(self.app, self.namespace) + + +class TestShowEndpointGroup(TestEndpointGroup, common.TestShowVPNaaS): + + def setUp(self): + super(TestShowEndpointGroup, self).setUp() + self.neutronclient.show_endpoint_group = mock.Mock( + return_value={self.res: _endpoint_group}) + self.mocked = self.neutronclient.show_endpoint_group + self.cmd = endpoint_group.ShowEndpointGroup(self.app, self.namespace) diff --git a/neutronclient/tests/unit/osc/v2/vpnaas/test_ikepolicy.py b/neutronclient/tests/unit/osc/v2/vpnaas/test_ikepolicy.py new file mode 100644 index 0000000..24663d6 --- /dev/null +++ b/neutronclient/tests/unit/osc/v2/vpnaas/test_ikepolicy.py @@ -0,0 +1,303 @@ +# Copyright 2017 FUJITSU LIMITED +# All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +import copy + +import mock +from osc_lib.tests import utils as tests_utils + +from neutronclient.osc import utils as osc_utils +from neutronclient.osc.v2.vpnaas import ikepolicy +from neutronclient.tests.unit.osc.v2 import fakes as test_fakes +from neutronclient.tests.unit.osc.v2.vpnaas import common +from neutronclient.tests.unit.osc.v2.vpnaas import fakes + + +_ikepolicy = fakes.IKEPolicy().create() +CONVERT_MAP = { + 'project': 'tenant_id', +} + + +def _generate_data(ordered_dict=None, data=None): + source = ordered_dict if ordered_dict else _ikepolicy + if data: + source.update(data) + return tuple(source[key] for key in source) + + +def _generate_req_and_res(verifylist): + request = dict(verifylist) + response = copy.deepcopy(_ikepolicy) + for key, val in verifylist: + converted = CONVERT_MAP.get(key, key) + del request[key] + new_value = val + request[converted] = new_value + response[converted] = new_value + return request, response + + +class TestIKEPolicy(test_fakes.TestNeutronClientOSCV2): + + def check_results(self, headers, data, exp_req, is_list=False): + if is_list: + req_body = {self.res_plural: [exp_req]} + else: + req_body = {self.res: exp_req} + self.mocked.assert_called_once_with(req_body) + self.assertEqual(self.ordered_headers, headers) + self.assertEqual(self.ordered_data, data) + + def setUp(self): + super(TestIKEPolicy, self).setUp() + + def _mock_ikepolicy(*args, **kwargs): + self.neutronclient.find_resource.assert_called_once_with( + self.res, self.resource['id'], cmd_resource='ikepolicy') + return {'id': args[1]} + + self.neutronclient.find_resource.side_effect = mock.Mock( + side_effect=_mock_ikepolicy) + osc_utils.find_project = mock.Mock() + osc_utils.find_project.id = _ikepolicy['tenant_id'] + self.res = 'ikepolicy' + self.res_plural = 'ikepolicies' + self.resource = _ikepolicy + self.headers = ( + 'ID', + 'Name', + 'Authentication Algorithm', + 'Encryption Algorithm', + 'IKE Version', + 'Perfect Forward Secrecy (PFS)', + 'Description', + 'Phase1 Negotiation Mode', + 'Project', + 'Lifetime', + ) + self.data = _generate_data() + self.ordered_headers = ( + 'Authentication Algorithm', + 'Description', + 'Encryption Algorithm', + 'ID', + 'IKE Version', + 'Lifetime', + 'Name', + 'Perfect Forward Secrecy (PFS)', + 'Phase1 Negotiation Mode', + 'Project', + ) + self.ordered_data = ( + _ikepolicy['auth_algorithm'], + _ikepolicy['description'], + _ikepolicy['encryption_algorithm'], + _ikepolicy['id'], + _ikepolicy['ike_version'], + _ikepolicy['lifetime'], + _ikepolicy['name'], + _ikepolicy['pfs'], + _ikepolicy['phase1_negotiation_mode'], + _ikepolicy['tenant_id'], + ) + self.ordered_columns = ( + 'auth_algorithm', + 'description', + 'encryption_algorithm', + 'id', + 'ike_version', + 'lifetime', + 'name', + 'pfs', + 'phase1_negotiation_mode', + 'tenant_id', + ) + + +class TestCreateIKEPolicy(TestIKEPolicy, common.TestCreateVPNaaS): + + def setUp(self): + super(TestCreateIKEPolicy, self).setUp() + self.neutronclient.create_ikepolicy = mock.Mock( + return_value={self.res: _ikepolicy}) + self.mocked = self.neutronclient.create_ikepolicy + self.cmd = ikepolicy.CreateIKEPolicy(self.app, self.namespace) + + def _update_expect_response(self, request, response): + """Set expected request and response + + :param request + A dictionary of request body(dict of verifylist) + :param response + A OrderedDict of request body + """ + # Update response body + self.neutronclient.create_ikepolicy.return_value = \ + {self.res: dict(response)} + osc_utils.find_project.return_value.id = response['tenant_id'] + # Update response(finally returns 'data') + self.data = _generate_data(ordered_dict=response) + self.ordered_data = tuple( + response[column] for column in self.ordered_columns + ) + + def _set_all_params(self, args={}): + name = args.get('name') or 'my-name' + description = args.get('description') or 'my-desc' + auth_algorithm = args.get('auth_algorithm') or 'sha1' + encryption_algorithm = args.get('encryption_algorithm') or 'aes-128' + phase1_negotiation_mode = args.get('phase1_negotiation_mode') or 'main' + ike_version = args.get('ike_version') or 'v1' + pfs = args.get('pfs') or 'group5' + tenant_id = args.get('tenant_id') or 'my-tenant' + arglist = [ + '--description', description, + '--auth-algorithm', auth_algorithm, + '--encryption-algorithm', encryption_algorithm, + '--phase1-negotiation-mode', phase1_negotiation_mode, + '--ike-version', ike_version, + '--pfs', pfs, + '--project', tenant_id, + name, + ] + verifylist = [ + ('description', description), + ('auth_algorithm', auth_algorithm), + ('encryption_algorithm', encryption_algorithm), + ('phase1_negotiation_mode', phase1_negotiation_mode), + ('ike_version', ike_version), + ('pfs', pfs), + ('project', tenant_id), + ('name', name), + ] + return arglist, verifylist + + def _test_create_with_all_params(self, args={}): + arglist, verifylist = self._set_all_params(args) + request, response = _generate_req_and_res(verifylist) + self._update_expect_response(request, response) + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + headers, data = self.cmd.take_action(parsed_args) + + self.check_results(headers, data, request) + + def test_create_with_no_options(self): + arglist = [] + verifylist = [] + + self.assertRaises(tests_utils.ParserException, self.check_parser, + self.cmd, arglist, verifylist) + + def test_create_with_all_params(self): + self._test_create_with_all_params() + + def test_create_with_all_params_name(self): + self._test_create_with_all_params({'name': 'new_ikepolicy'}) + + +class TestDeleteIKEPolicy(TestIKEPolicy, common.TestDeleteVPNaaS): + + def setUp(self): + super(TestDeleteIKEPolicy, self).setUp() + self.neutronclient.delete_ikepolicy = mock.Mock( + return_value={self.res: _ikepolicy}) + self.mocked = self.neutronclient.delete_ikepolicy + self.cmd = ikepolicy.DeleteIKEPolicy(self.app, self.namespace) + + +class TestListIKEPolicy(TestIKEPolicy): + + def setUp(self): + super(TestListIKEPolicy, self).setUp() + self.cmd = ikepolicy.ListIKEPolicy(self.app, self.namespace) + + self.short_header = ( + 'ID', + 'Name', + 'Authentication Algorithm', + 'Encryption Algorithm', + 'IKE Version', + 'Perfect Forward Secrecy (PFS)', + ) + + self.short_data = ( + _ikepolicy['id'], + _ikepolicy['name'], + _ikepolicy['auth_algorithm'], + _ikepolicy['encryption_algorithm'], + _ikepolicy['ike_version'], + _ikepolicy['pfs'], + ) + + self.neutronclient.list_ikepolicies = mock.Mock( + return_value={self.res_plural: [_ikepolicy]}) + self.mocked = self.neutronclient.list_ikepolicies + + def test_list_with_long_option(self): + arglist = ['--long'] + verifylist = [('long', True)] + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + headers, data = self.cmd.take_action(parsed_args) + + self.mocked.assert_called_once_with() + self.assertEqual(list(self.headers), headers) + self.assertEqual([self.data], list(data)) + + def test_list_with_no_option(self): + arglist = [] + verifylist = [] + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + headers, data = self.cmd.take_action(parsed_args) + + self.mocked.assert_called_once_with() + self.assertEqual(list(self.short_header), headers) + self.assertEqual([self.short_data], list(data)) + + +class TestSetIKEPolicy(TestIKEPolicy, common.TestSetVPNaaS): + + def setUp(self): + super(TestSetIKEPolicy, self).setUp() + self.neutronclient.update_ikepolicy = mock.Mock( + return_value={self.res: _ikepolicy}) + self.mocked = self.neutronclient.update_ikepolicy + self.cmd = ikepolicy.SetIKEPolicy(self.app, self.namespace) + + def test_set_auth_algorithm_with_sha256(self): + target = self.resource['id'] + auth_algorithm = 'sha256' + arglist = [target, '--auth-algorithm', auth_algorithm] + verifylist = [ + (self.res, target), + ('auth_algorithm', auth_algorithm), + ] + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + result = self.cmd.take_action(parsed_args) + + self.mocked.assert_called_once_with( + target, {self.res: {'auth_algorithm': 'sha256'}}) + self.assertIsNone(result) + + +class TestShowIKEPolicy(TestIKEPolicy, common.TestShowVPNaaS): + + def setUp(self): + super(TestShowIKEPolicy, self).setUp() + self.neutronclient.show_ikepolicy = mock.Mock( + return_value={self.res: _ikepolicy}) + self.mocked = self.neutronclient.show_ikepolicy + self.cmd = ikepolicy.ShowIKEPolicy(self.app, self.namespace) diff --git a/neutronclient/tests/unit/osc/v2/vpnaas/test_ipsec_site_connection.py b/neutronclient/tests/unit/osc/v2/vpnaas/test_ipsec_site_connection.py new file mode 100644 index 0000000..4d04b64 --- /dev/null +++ b/neutronclient/tests/unit/osc/v2/vpnaas/test_ipsec_site_connection.py @@ -0,0 +1,381 @@ +# Copyright 2017 FUJITSU LIMITED +# All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +import copy + +import mock +from osc_lib.cli import format_columns +from osc_lib.tests import utils as tests_utils + +from neutronclient.osc import utils as osc_utils +from neutronclient.osc.v2.vpnaas import ipsec_site_connection +from neutronclient.tests.unit.osc.v2 import fakes as test_fakes +from neutronclient.tests.unit.osc.v2.vpnaas import common +from neutronclient.tests.unit.osc.v2.vpnaas import fakes + + +_ipsec_site_conn = fakes.IPsecSiteConnection().create_conn() +CONVERT_MAP = { + 'project': 'tenant_id', + 'ikepolicy': 'ikepolicy_id', + 'ipsecpolicy': 'ipsecpolicy_id', + 'vpnservice': 'vpnservice_id', + 'peer_endpoint_group': 'peer_ep_group_id', + 'local_endpoint_group': 'local_ep_group_id', +} + + +def _generate_data(ordered_dict=None, data=None): + source = ordered_dict if ordered_dict else _ipsec_site_conn + if data: + source.update(data) + return ( + _ipsec_site_conn['id'], + _ipsec_site_conn['name'], + _ipsec_site_conn['peer_address'], + _ipsec_site_conn['auth_mode'], + _ipsec_site_conn['status'], + _ipsec_site_conn['tenant_id'], + format_columns.ListColumn(_ipsec_site_conn['peer_cidrs']), + _ipsec_site_conn['vpnservice_id'], + _ipsec_site_conn['ipsecpolicy_id'], + _ipsec_site_conn['ikepolicy_id'], + _ipsec_site_conn['mtu'], + _ipsec_site_conn['initiator'], + _ipsec_site_conn['admin_state_up'], + _ipsec_site_conn['description'], + _ipsec_site_conn['psk'], + _ipsec_site_conn['route_mode'], + _ipsec_site_conn['local_id'], + _ipsec_site_conn['peer_id'], + _ipsec_site_conn['local_ep_group_id'], + _ipsec_site_conn['peer_ep_group_id'], + ) + + +def _generate_req_and_res(verifylist): + request = dict(verifylist) + response = copy.deepcopy(_ipsec_site_conn) + for key, val in verifylist: + converted = CONVERT_MAP.get(key, key) + del request[key] + new_value = val + request[converted] = new_value + response[converted] = new_value + return request, response + + +class TestIPsecSiteConn(test_fakes.TestNeutronClientOSCV2): + + def check_results(self, headers, data, exp_req, is_list=False): + if is_list: + req_body = {self.res_plural: [exp_req]} + else: + req_body = {self.res: exp_req} + self.mocked.assert_called_once_with(req_body) + self.assertEqual(self.ordered_headers, headers) + self.assertItemEqual(self.ordered_data, data) + + def setUp(self): + super(TestIPsecSiteConn, self).setUp() + + def _mock_ipsec_site_conn(*args, **kwargs): + return {'id': args[1]} + + self.neutronclient.find_resource.side_effect = mock.Mock( + side_effect=_mock_ipsec_site_conn) + osc_utils.find_project = mock.Mock() + osc_utils.find_project.id = _ipsec_site_conn['tenant_id'] + self.res = 'ipsec_site_connection' + self.res_plural = 'ipsec_site_connections' + self.resource = _ipsec_site_conn + self.headers = ( + 'ID', + 'Name', + 'Peer Address', + 'Authentication Algorithm', + 'Status', + 'Project', + 'Peer CIDRs', + 'VPN Service', + 'IPSec Policy', + 'IKE Policy', + 'MTU', + 'Initiator', + 'State', + 'Description', + 'Pre-shared Key', + 'Route Mode', + 'Local ID', + 'Peer ID', + 'Local Endpoint Group ID', + 'Peer Endpoint Group ID' + ) + self.data = _generate_data() + self.ordered_headers = ( + 'Authentication Algorithm', + 'Description', + 'ID', + 'IKE Policy', + 'IPSec Policy', + 'Initiator', + 'Local Endpoint Group ID', + 'Local ID', + 'MTU', + 'Name', + 'Peer Address', + 'Peer CIDRs', + 'Peer Endpoint Group ID', + 'Peer ID', + 'Pre-shared Key', + 'Project', + 'Route Mode', + 'State', + 'Status', + 'VPN Service', + ) + self.ordered_data = ( + _ipsec_site_conn['auth_mode'], + _ipsec_site_conn['description'], + _ipsec_site_conn['id'], + _ipsec_site_conn['ikepolicy_id'], + _ipsec_site_conn['ipsecpolicy_id'], + _ipsec_site_conn['initiator'], + _ipsec_site_conn['local_ep_group_id'], + _ipsec_site_conn['local_id'], + _ipsec_site_conn['mtu'], + _ipsec_site_conn['name'], + _ipsec_site_conn['peer_address'], + format_columns.ListColumn(_ipsec_site_conn['peer_cidrs']), + _ipsec_site_conn['peer_ep_group_id'], + _ipsec_site_conn['peer_id'], + _ipsec_site_conn['psk'], + _ipsec_site_conn['tenant_id'], + _ipsec_site_conn['route_mode'], + _ipsec_site_conn['admin_state_up'], + _ipsec_site_conn['status'], + _ipsec_site_conn['vpnservice_id'], + ) + + +class TestCreateIPsecSiteConn(TestIPsecSiteConn, common.TestCreateVPNaaS): + + def setUp(self): + super(TestCreateIPsecSiteConn, self).setUp() + self.neutronclient.create_ipsec_site_connection = mock.Mock( + return_value={self.res: _ipsec_site_conn}) + self.mocked = self.neutronclient.create_ipsec_site_connection + self.cmd = ipsec_site_connection.CreateIPsecSiteConnection( + self.app, self.namespace) + + def _update_expect_response(self, request, response): + """Set expected request and response + + :param request + A dictionary of request body(dict of verifylist) + :param response + A OrderedDict of request body + """ + # Update response body + self.neutronclient.create_ipsec_site_connection.return_value = \ + {self.res: dict(response)} + osc_utils.find_project.return_value.id = response['tenant_id'] + # Update response(finally returns 'data') + self.data = _generate_data(ordered_dict=response) + self.ordered_data = ( + response['auth_mode'], + response['description'], + response['id'], + response['ikepolicy_id'], + response['ipsecpolicy_id'], + response['initiator'], + response['local_ep_group_id'], + response['local_id'], + response['mtu'], + response['name'], + response['peer_address'], + format_columns.ListColumn(response['peer_cidrs']), + response['peer_ep_group_id'], + response['peer_id'], + response['psk'], + response['tenant_id'], + response['route_mode'], + response['admin_state_up'], + response['status'], + response['vpnservice_id'], + ) + + def _set_all_params(self, args={}): + tenant_id = args.get('tenant_id') or 'my-tenant' + name = args.get('name') or 'connection1' + peer_address = args.get('peer_address') or '192.168.2.10' + peer_id = args.get('peer_id') or '192.168.2.10' + psk = args.get('psk') or 'abcd' + mtu = args.get('mtu') or '1500' + initiator = args.get('initiator') or 'bi-directional' + vpnservice_id = args.get('vpnservice') or 'vpnservice_id' + ikepolicy_id = args.get('ikepolicy') or 'ikepolicy_id' + ipsecpolicy_id = args.get('ipsecpolicy') or 'ipsecpolicy_id' + local_ep_group = args.get('local_ep_group_id') or 'local-epg' + peer_ep_group = args.get('peer_ep_group_id') or 'peer-epg' + description = args.get('description') or 'my-vpn-connection' + + arglist = [ + '--project', tenant_id, + '--peer-address', peer_address, + '--peer-id', peer_id, + '--psk', psk, + '--initiator', initiator, + '--vpnservice', vpnservice_id, + '--ikepolicy', ikepolicy_id, + '--ipsecpolicy', ipsecpolicy_id, + '--mtu', mtu, + '--description', description, + '--local-endpoint-group', local_ep_group, + '--peer-endpoint-group', peer_ep_group, + name, + ] + verifylist = [ + ('project', tenant_id), + ('peer_address', peer_address), + ('peer_id', peer_id), + ('psk', psk), + ('initiator', initiator), + ('vpnservice', vpnservice_id), + ('ikepolicy', ikepolicy_id), + ('ipsecpolicy', ipsecpolicy_id), + ('mtu', mtu), + ('description', description), + ('local_endpoint_group', local_ep_group), + ('peer_endpoint_group', peer_ep_group), + ('name', name), + ] + return arglist, verifylist + + def _test_create_with_all_params(self, args={}): + arglist, verifylist = self._set_all_params(args) + request, response = _generate_req_and_res(verifylist) + self._update_expect_response(request, response) + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + headers, data = self.cmd.take_action(parsed_args) + + self.check_results(headers, data, request) + + def test_create_with_no_options(self): + arglist = [] + verifylist = [] + + self.assertRaises(tests_utils.ParserException, self.check_parser, + self.cmd, arglist, verifylist) + + def test_create_with_all_params(self): + self._test_create_with_all_params() + + +class TestDeleteIPsecSiteConn(TestIPsecSiteConn, common.TestDeleteVPNaaS): + + def setUp(self): + super(TestDeleteIPsecSiteConn, self).setUp() + self.neutronclient.delete_ipsec_site_connection = mock.Mock( + return_value={self.res: _ipsec_site_conn}) + self.mocked = self.neutronclient.delete_ipsec_site_connection + self.cmd = ipsec_site_connection.DeleteIPsecSiteConnection( + self.app, self.namespace) + + +class TestListIPsecSiteConn(TestIPsecSiteConn): + + def setUp(self): + super(TestListIPsecSiteConn, self).setUp() + self.cmd = ipsec_site_connection.ListIPsecSiteConnection( + self.app, self.namespace) + + self.short_header = ( + 'ID', + 'Name', + 'Peer Address', + 'Authentication Algorithm', + 'Status', + ) + + self.short_data = ( + _ipsec_site_conn['id'], + _ipsec_site_conn['name'], + _ipsec_site_conn['peer_address'], + _ipsec_site_conn['auth_mode'], + _ipsec_site_conn['status'], + ) + + self.neutronclient.list_ipsec_site_connections = mock.Mock( + return_value={self.res_plural: [_ipsec_site_conn]}) + self.mocked = self.neutronclient.list_ipsec_site_connections + + def test_list_with_long_option(self): + arglist = ['--long'] + verifylist = [('long', True)] + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + headers, data = self.cmd.take_action(parsed_args) + + self.mocked.assert_called_once_with() + self.assertEqual(list(self.headers), headers) + self.assertListItemEqual([self.data], list(data)) + + def test_list_with_no_option(self): + arglist = [] + verifylist = [] + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + headers, data = self.cmd.take_action(parsed_args) + + self.mocked.assert_called_once_with() + self.assertEqual(list(self.short_header), headers) + self.assertEqual([self.short_data], list(data)) + + +class TestSetIPsecSiteConn(TestIPsecSiteConn, common.TestSetVPNaaS): + + def setUp(self): + super(TestSetIPsecSiteConn, self).setUp() + self.neutronclient.update_ipsec_site_connection = mock.Mock( + return_value={self.res: _ipsec_site_conn}) + self.mocked = self.neutronclient.update_ipsec_site_connection + self.cmd = ipsec_site_connection.SetIPsecSiteConnection( + self.app, self.namespace) + + def test_set_ipsec_site_conn_with_peer_id(self): + target = self.resource['id'] + peer_id = '192.168.3.10' + arglist = [target, '--peer-id', peer_id] + verifylist = [ + (self.res, target), + ('peer_id', peer_id), + ] + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + result = self.cmd.take_action(parsed_args) + + self.mocked.assert_called_once_with( + target, {self.res: {'peer_id': peer_id}}) + self.assertIsNone(result) + + +class TestShowIPsecSiteConn(TestIPsecSiteConn, common.TestShowVPNaaS): + + def setUp(self): + super(TestShowIPsecSiteConn, self).setUp() + self.neutronclient.show_ipsec_site_connection = mock.Mock( + return_value={self.res: _ipsec_site_conn}) + self.mocked = self.neutronclient.show_ipsec_site_connection + self.cmd = ipsec_site_connection.ShowIPsecSiteConnection( + self.app, self.namespace) diff --git a/neutronclient/tests/unit/osc/v2/vpnaas/test_ipsecpolicy.py b/neutronclient/tests/unit/osc/v2/vpnaas/test_ipsecpolicy.py new file mode 100644 index 0000000..8e56cf3 --- /dev/null +++ b/neutronclient/tests/unit/osc/v2/vpnaas/test_ipsecpolicy.py @@ -0,0 +1,303 @@ +# Copyright 2017 FUJITSU LIMITED +# All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +import copy + +import mock +from osc_lib.tests import utils as tests_utils + +from neutronclient.osc import utils as osc_utils +from neutronclient.osc.v2.vpnaas import ipsecpolicy +from neutronclient.tests.unit.osc.v2 import fakes as test_fakes +from neutronclient.tests.unit.osc.v2.vpnaas import common +from neutronclient.tests.unit.osc.v2.vpnaas import fakes + + +_ipsecpolicy = fakes.IPSecPolicy().create() +CONVERT_MAP = { + 'project': 'tenant_id', +} + + +def _generate_data(ordered_dict=None, data=None): + source = ordered_dict if ordered_dict else _ipsecpolicy + if data: + source.update(data) + return tuple(source[key] for key in source) + + +def _generate_req_and_res(verifylist): + request = dict(verifylist) + response = copy.deepcopy(_ipsecpolicy) + for key, val in verifylist: + converted = CONVERT_MAP.get(key, key) + del request[key] + new_value = val + request[converted] = new_value + response[converted] = new_value + return request, response + + +class TestIPSecPolicy(test_fakes.TestNeutronClientOSCV2): + + def check_results(self, headers, data, exp_req, is_list=False): + if is_list: + req_body = {self.res_plural: [exp_req]} + else: + req_body = {self.res: exp_req} + self.mocked.assert_called_once_with(req_body) + self.assertEqual(self.ordered_headers, headers) + self.assertEqual(self.ordered_data, data) + + def setUp(self): + super(TestIPSecPolicy, self).setUp() + + def _mock_ipsecpolicy(*args, **kwargs): + self.neutronclient.find_resource.assert_called_once_with( + self.res, self.resource['id'], cmd_resource='ipsecpolicy') + return {'id': args[1]} + + self.neutronclient.find_resource.side_effect = mock.Mock( + side_effect=_mock_ipsecpolicy) + osc_utils.find_project = mock.Mock() + osc_utils.find_project.id = _ipsecpolicy['tenant_id'] + self.res = 'ipsecpolicy' + self.res_plural = 'ipsecpolicies' + self.resource = _ipsecpolicy + self.headers = ( + 'ID', + 'Name', + 'Authentication Algorithm', + 'Encapsulation Mode', + 'Transform Protocol', + 'Encryption Algorithm', + 'Perfect Forward Secrecy (PFS)', + 'Description', + 'Project', + 'Lifetime', + ) + self.data = _generate_data() + self.ordered_headers = ( + 'Authentication Algorithm', + 'Description', + 'Encapsulation Mode', + 'Encryption Algorithm', + 'ID', + 'Lifetime', + 'Name', + 'Perfect Forward Secrecy (PFS)', + 'Project', + 'Transform Protocol', + ) + self.ordered_data = ( + _ipsecpolicy['auth_algorithm'], + _ipsecpolicy['description'], + _ipsecpolicy['encapsulation_mode'], + _ipsecpolicy['encryption_algorithm'], + _ipsecpolicy['id'], + _ipsecpolicy['lifetime'], + _ipsecpolicy['name'], + _ipsecpolicy['pfs'], + _ipsecpolicy['tenant_id'], + _ipsecpolicy['transform_protocol'], + ) + self.ordered_columns = ( + 'auth_algorithm', + 'description', + 'encapsulation_mode', + 'encryption_algorithm', + 'id', + 'lifetime', + 'name', + 'pfs', + 'tenant_id', + 'transform_protocol', + ) + + +class TestCreateIPSecPolicy(TestIPSecPolicy, common.TestCreateVPNaaS): + + def setUp(self): + super(TestCreateIPSecPolicy, self).setUp() + self.neutronclient.create_ipsecpolicy = mock.Mock( + return_value={self.res: _ipsecpolicy}) + self.mocked = self.neutronclient.create_ipsecpolicy + self.cmd = ipsecpolicy.CreateIPsecPolicy(self.app, self.namespace) + + def _update_expect_response(self, request, response): + """Set expected request and response + + :param request + A dictionary of request body(dict of verifylist) + :param response + A OrderedDict of request body + """ + # Update response body + self.neutronclient.create_ipsecpolicy.return_value = \ + {self.res: dict(response)} + osc_utils.find_project.return_value.id = response['tenant_id'] + # Update response(finally returns 'data') + self.data = _generate_data(ordered_dict=response) + self.ordered_data = tuple( + response[column] for column in self.ordered_columns + ) + + def _set_all_params(self, args={}): + name = args.get('name') or 'my-name' + auth_algorithm = args.get('auth_algorithm') or 'sha1' + encapsulation_mode = args.get('encapsulation_mode') or 'tunnel' + transform_protocol = args.get('transform_protocol') or 'esp' + encryption_algorithm = args.get('encryption_algorithm') or 'aes-128' + pfs = args.get('pfs') or 'group5' + description = args.get('description') or 'my-desc' + tenant_id = args.get('tenant_id') or 'my-tenant' + arglist = [ + name, + '--auth-algorithm', auth_algorithm, + '--encapsulation-mode', encapsulation_mode, + '--transform-protocol', transform_protocol, + '--encryption-algorithm', encryption_algorithm, + '--pfs', pfs, + '--description', description, + '--project', tenant_id, + ] + verifylist = [ + ('name', name), + ('auth_algorithm', auth_algorithm), + ('encapsulation_mode', encapsulation_mode), + ('transform_protocol', transform_protocol), + ('encryption_algorithm', encryption_algorithm), + ('pfs', pfs), + ('description', description), + ('project', tenant_id), + ] + return arglist, verifylist + + def _test_create_with_all_params(self, args={}): + arglist, verifylist = self._set_all_params(args) + request, response = _generate_req_and_res(verifylist) + self._update_expect_response(request, response) + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + headers, data = self.cmd.take_action(parsed_args) + + self.check_results(headers, data, request) + + def test_create_with_no_options(self): + arglist = [] + verifylist = [] + + self.assertRaises(tests_utils.ParserException, self.check_parser, + self.cmd, arglist, verifylist) + + def test_create_with_all_params(self): + self._test_create_with_all_params() + + def test_create_with_all_params_name(self): + self._test_create_with_all_params({'name': 'new_ipsecpolicy'}) + + +class TestDeleteIPSecPolicy(TestIPSecPolicy, common.TestDeleteVPNaaS): + + def setUp(self): + super(TestDeleteIPSecPolicy, self).setUp() + self.neutronclient.delete_ipsecpolicy = mock.Mock( + return_value={self.res: _ipsecpolicy}) + self.mocked = self.neutronclient.delete_ipsecpolicy + self.cmd = ipsecpolicy.DeleteIPsecPolicy(self.app, self.namespace) + + +class TestListIPSecPolicy(TestIPSecPolicy): + + def setUp(self): + super(TestListIPSecPolicy, self).setUp() + self.cmd = ipsecpolicy.ListIPsecPolicy(self.app, self.namespace) + + self.short_header = ( + 'ID', + 'Name', + 'Authentication Algorithm', + 'Encapsulation Mode', + 'Transform Protocol', + 'Encryption Algorithm', + ) + + self.short_data = ( + _ipsecpolicy['id'], + _ipsecpolicy['name'], + _ipsecpolicy['auth_algorithm'], + _ipsecpolicy['encapsulation_mode'], + _ipsecpolicy['transform_protocol'], + _ipsecpolicy['encryption_algorithm'], + ) + + self.neutronclient.list_ipsecpolicies = mock.Mock( + return_value={self.res_plural: [_ipsecpolicy]}) + self.mocked = self.neutronclient.list_ipsecpolicies + + def test_list_with_long_option(self): + arglist = ['--long'] + verifylist = [('long', True)] + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + headers, data = self.cmd.take_action(parsed_args) + + self.mocked.assert_called_once_with() + self.assertEqual(list(self.headers), headers) + self.assertEqual([self.data], list(data)) + + def test_list_with_no_option(self): + arglist = [] + verifylist = [] + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + headers, data = self.cmd.take_action(parsed_args) + + self.mocked.assert_called_once_with() + self.assertEqual(list(self.short_header), headers) + self.assertEqual([self.short_data], list(data)) + + +class TestSetIPSecPolicy(TestIPSecPolicy, common.TestSetVPNaaS): + + def setUp(self): + super(TestSetIPSecPolicy, self).setUp() + self.neutronclient.update_ipsecpolicy = mock.Mock( + return_value={self.res: _ipsecpolicy}) + self.mocked = self.neutronclient.update_ipsecpolicy + self.cmd = ipsecpolicy.SetIPsecPolicy(self.app, self.namespace) + + def test_set_auth_algorithm_with_sha256(self): + target = self.resource['id'] + auth_algorithm = 'sha256' + arglist = [target, '--auth-algorithm', auth_algorithm] + verifylist = [ + (self.res, target), + ('auth_algorithm', auth_algorithm), + ] + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + result = self.cmd.take_action(parsed_args) + + self.mocked.assert_called_once_with( + target, {self.res: {'auth_algorithm': 'sha256'}}) + self.assertIsNone(result) + + +class TestShowIPSecPolicy(TestIPSecPolicy, common.TestShowVPNaaS): + + def setUp(self): + super(TestShowIPSecPolicy, self).setUp() + self.neutronclient.show_ipsecpolicy = mock.Mock( + return_value={self.res: _ipsecpolicy}) + self.mocked = self.neutronclient.show_ipsecpolicy + self.cmd = ipsecpolicy.ShowIPsecPolicy(self.app, self.namespace) diff --git a/neutronclient/tests/unit/osc/v2/vpnaas/test_vpnservice.py b/neutronclient/tests/unit/osc/v2/vpnaas/test_vpnservice.py new file mode 100644 index 0000000..a9c208e --- /dev/null +++ b/neutronclient/tests/unit/osc/v2/vpnaas/test_vpnservice.py @@ -0,0 +1,305 @@ +# Copyright 2017 FUJITSU LIMITED +# All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +import copy +import uuid + +import mock + +from neutronclient.osc import utils as osc_utils +from neutronclient.osc.v2.vpnaas import vpnservice +from neutronclient.tests.unit.osc.v2 import fakes as test_fakes +from neutronclient.tests.unit.osc.v2.vpnaas import common +from neutronclient.tests.unit.osc.v2.vpnaas import fakes + + +_vpnservice = fakes.VPNService().create() +CONVERT_MAP = { + 'project': 'tenant_id', + 'router': 'router_id', + 'subnet': 'subnet_id' +} + + +def _generate_data(ordered_dict=None, data=None): + source = ordered_dict if ordered_dict else _vpnservice + if data: + source.update(data) + return tuple(source[key] for key in source) + + +def _generate_req_and_res(verifylist): + request = dict(verifylist) + response = copy.deepcopy(_vpnservice) + for key, val in verifylist: + converted = CONVERT_MAP.get(key, key) + del request[key] + new_value = val + request[converted] = new_value + response[converted] = new_value + return request, response + + +class TestVPNService(test_fakes.TestNeutronClientOSCV2): + + def _check_results(self, headers, data, exp_req, is_list=False): + if is_list: + req_body = {self.res_plural: [exp_req]} + else: + req_body = {self.res: exp_req} + self.mocked.assert_called_once_with(req_body) + self.assertEqual(self.ordered_headers, headers) + self.assertEqual(self.ordered_data, data) + + def setUp(self): + super(TestVPNService, self).setUp() + + def _mock_vpnservice(*args, **kwargs): + self.neutronclient.find_resource.assert_called_once_with( + self.res, self.resource['id'], cmd_resource='vpnservice') + return {'id': args[1]} + + self.app.client_manager.network = mock.Mock() + self.app.client_manager.network.find_router = mock.Mock() + self.app.client_manager.network.find_subnet = mock.Mock() + self.fake_router = mock.Mock() + self.fake_subnet = mock.Mock() + self.app.client_manager.network.find_router.return_value = \ + self.fake_router + self.app.client_manager.network.find_subnet.return_value = \ + self.fake_subnet + self.args = { + 'name': 'my-name', + 'description': 'my-desc', + 'tenant_id': 'tenant-id-' + uuid.uuid4().hex, + 'router_id': 'router-id-' + uuid.uuid4().hex, + 'subnet_id': 'subnet-id-' + uuid.uuid4().hex, + + } + self.fake_subnet.id = self.args['subnet_id'] + self.fake_router.id = self.args['router_id'] + + self.neutronclient.find_resource.side_effect = mock.Mock( + side_effect=_mock_vpnservice) + osc_utils.find_project = mock.Mock() + osc_utils.find_project.id = _vpnservice['tenant_id'] + + self.res = 'vpnservice' + self.res_plural = 'vpnservices' + self.resource = _vpnservice + self.headers = ( + 'ID', + 'Name', + 'Router', + 'Subnet', + 'Flavor', + 'State', + 'Status', + 'Description', + 'Project', + ) + self.data = _generate_data() + self.ordered_headers = ( + 'Description', + 'Flavor', + 'ID', + 'Name', + 'Project', + 'Router', + 'State', + 'Status', + 'Subnet', + ) + self.ordered_data = ( + _vpnservice['description'], + _vpnservice['flavor_id'], + _vpnservice['id'], + _vpnservice['name'], + _vpnservice['tenant_id'], + _vpnservice['router_id'], + _vpnservice['admin_state_up'], + _vpnservice['status'], + _vpnservice['subnet_id'], + ) + self.ordered_columns = ( + 'description', + 'flavor_id', + 'id', + 'name', + 'tenant_id', + 'router_id', + 'admin_state_up', + 'status', + 'subnet_id', + ) + + +class TestCreateVPNService(TestVPNService, common.TestCreateVPNaaS): + + def setUp(self): + super(TestCreateVPNService, self).setUp() + self.neutronclient.create_vpnservice = mock.Mock( + return_value={self.res: _vpnservice}) + self.mocked = self.neutronclient.create_vpnservice + self.cmd = vpnservice.CreateVPNService(self.app, self.namespace) + + def _update_expect_response(self, request, response): + """Set expected request and response + + :param request + A dictionary of request body(dict of verifylist) + :param response + A OrderedDict of request body + """ + # Update response body + self.neutronclient.create_vpnservice.return_value = \ + {self.res: dict(response)} + osc_utils.find_project.return_value.id = response['tenant_id'] + # Update response(finally returns 'data') + self.data = _generate_data(ordered_dict=response) + self.ordered_data = tuple( + response[column] for column in self.ordered_columns + ) + + def _set_all_params(self): + name = self.args.get('name') + description = self.args.get('description') + router_id = self.args.get('router_id') + subnet_id = self.args.get('subnet_id') + tenant_id = self.args.get('tenant_id') + arglist = [ + '--description', description, + '--project', tenant_id, + '--subnet', subnet_id, + '--router', router_id, + name, + ] + verifylist = [ + ('description', description), + ('project', tenant_id), + ('subnet', subnet_id), + ('router', router_id), + ('name', name), + ] + return arglist, verifylist + + def _test_create_with_all_params(self): + arglist, verifylist = self._set_all_params() + request, response = _generate_req_and_res(verifylist) + self._update_expect_response(request, response) + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + headers, data = self.cmd.take_action(parsed_args) + + self._check_results(headers, data, request) + + def test_create_with_all_params(self): + self._test_create_with_all_params() + + +class TestDeleteVPNService(TestVPNService, common.TestDeleteVPNaaS): + + def setUp(self): + super(TestDeleteVPNService, self).setUp() + self.neutronclient.delete_vpnservice = mock.Mock( + return_value={self.res: _vpnservice}) + self.mocked = self.neutronclient.delete_vpnservice + self.cmd = vpnservice.DeleteVPNService(self.app, self.namespace) + + +class TestListVPNService(TestVPNService): + + def setUp(self): + super(TestListVPNService, self).setUp() + self.cmd = vpnservice.ListVPNService(self.app, self.namespace) + + self.short_header = ( + 'ID', + 'Name', + 'Router', + 'Subnet', + 'Flavor', + 'State', + 'Status', + ) + + self.short_data = ( + _vpnservice['id'], + _vpnservice['name'], + _vpnservice['router_id'], + _vpnservice['subnet_id'], + _vpnservice['flavor_id'], + _vpnservice['admin_state_up'], + _vpnservice['status'], + ) + + self.neutronclient.list_vpnservices = mock.Mock( + return_value={self.res_plural: [_vpnservice]}) + self.mocked = self.neutronclient.list_vpnservices + + def test_list_with_long_option(self): + arglist = ['--long'] + verifylist = [('long', True)] + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + headers, data = self.cmd.take_action(parsed_args) + + self.mocked.assert_called_once_with() + self.assertEqual(list(self.headers), headers) + self.assertEqual([self.data], list(data)) + + def test_list_with_no_option(self): + arglist = [] + verifylist = [] + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + headers, data = self.cmd.take_action(parsed_args) + + self.mocked.assert_called_once_with() + self.assertEqual(list(self.short_header), headers) + self.assertEqual([self.short_data], list(data)) + + +class TestSetVPNService(TestVPNService, common.TestSetVPNaaS): + + def setUp(self): + super(TestSetVPNService, self).setUp() + self.neutronclient.update_vpnservice = mock.Mock( + return_value={self.res: _vpnservice}) + self.mocked = self.neutronclient.update_vpnservice + self.cmd = vpnservice.SetVPNSercice(self.app, self.namespace) + + def test_set_name(self): + target = self.resource['id'] + update = 'change' + arglist = [target, '--name', update] + verifylist = [ + (self.res, target), + ('name', update), + ] + parsed_args = self.check_parser(self.cmd, arglist, verifylist) + result = self.cmd.take_action(parsed_args) + + self.mocked.assert_called_once_with( + target, {self.res: {'name': update}}) + self.assertIsNone(result) + + +class TestShowVPNService(TestVPNService, common.TestShowVPNaaS): + + def setUp(self): + super(TestShowVPNService, self).setUp() + self.neutronclient.show_vpnservice = mock.Mock( + return_value={self.res: _vpnservice}) + self.mocked = self.neutronclient.show_vpnservice + self.cmd = vpnservice.ShowVPNService(self.app, self.namespace) diff --git a/releasenotes/notes/support-vpnaas-cli-9478fb7cfe603e26.yaml b/releasenotes/notes/support-vpnaas-cli-9478fb7cfe603e26.yaml new file mode 100644 index 0000000..3b5e6e4 --- /dev/null +++ b/releasenotes/notes/support-vpnaas-cli-9478fb7cfe603e26.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + CLI support for the "VPN as a Service" feature, which is enhanced + VPNaaS functionality, as OSC plugin commands. @@ -132,6 +132,36 @@ openstack.neutronclient.v2 = network_log_set = neutronclient.osc.v2.logging.network_log:SetNetworkLog network_log_show = neutronclient.osc.v2.logging.network_log:ShowNetworkLog + vpn_endpoint_group_create = neutronclient.osc.v2.vpnaas.endpoint_group:CreateEndpointGroup + vpn_endpoint_group_delete = neutronclient.osc.v2.vpnaas.endpoint_group:DeleteEndpointGroup + vpn_endpoint_group_list = neutronclient.osc.v2.vpnaas.endpoint_group:ListEndpointGroup + vpn_endpoint_group_set = neutronclient.osc.v2.vpnaas.endpoint_group:SetEndpointGroup + vpn_endpoint_group_show = neutronclient.osc.v2.vpnaas.endpoint_group:ShowEndpointGroup + + vpn_ike_policy_create = neutronclient.osc.v2.vpnaas.ikepolicy:CreateIKEPolicy + vpn_ike_policy_delete = neutronclient.osc.v2.vpnaas.ikepolicy:DeleteIKEPolicy + vpn_ike_policy_list = neutronclient.osc.v2.vpnaas.ikepolicy:ListIKEPolicy + vpn_ike_policy_set = neutronclient.osc.v2.vpnaas.ikepolicy:SetIKEPolicy + vpn_ike_policy_show = neutronclient.osc.v2.vpnaas.ikepolicy:ShowIKEPolicy + + vpn_ipsec_policy_create = neutronclient.osc.v2.vpnaas.ipsecpolicy:CreateIPsecPolicy + vpn_ipsec_policy_delete = neutronclient.osc.v2.vpnaas.ipsecpolicy:DeleteIPsecPolicy + vpn_ipsec_policy_list = neutronclient.osc.v2.vpnaas.ipsecpolicy:ListIPsecPolicy + vpn_ipsec_policy_set = neutronclient.osc.v2.vpnaas.ipsecpolicy:SetIPsecPolicy + vpn_ipsec_policy_show = neutronclient.osc.v2.vpnaas.ipsecpolicy:ShowIPsecPolicy + + vpn_service_create = neutronclient.osc.v2.vpnaas.vpnservice:CreateVPNService + vpn_service_delete = neutronclient.osc.v2.vpnaas.vpnservice:DeleteVPNService + vpn_service_list = neutronclient.osc.v2.vpnaas.vpnservice:ListVPNService + vpn_service_set = neutronclient.osc.v2.vpnaas.vpnservice:SetVPNSercice + vpn_service_show = neutronclient.osc.v2.vpnaas.vpnservice:ShowVPNService + + vpn_ipsec_site_connection_create = neutronclient.osc.v2.vpnaas.ipsec_site_connection:CreateIPsecSiteConnection + vpn_ipsec_site_connection_delete = neutronclient.osc.v2.vpnaas.ipsec_site_connection:DeleteIPsecSiteConnection + vpn_ipsec_site_connection_list = neutronclient.osc.v2.vpnaas.ipsec_site_connection:ListIPsecSiteConnection + vpn_ipsec_site_connection_set = neutronclient.osc.v2.vpnaas.ipsec_site_connection:SetIPsecSiteConnection + vpn_ipsec_site_connection_show = neutronclient.osc.v2.vpnaas.ipsec_site_connection:ShowIPsecSiteConnection + neutron.cli.v2 = bash-completion = neutronclient.shell:BashCompletionCommand |