Google Git
Sign in
android / platform / external / chromium-trace / be1f909 / . / catapult / third_party / gsutil / third_party / boto / tests / unit / vpc / test_networkacl.py
blob: d399b22d43cef47d5a98341171da0b03444d8dd5 [file] [log] [blame]
from tests.unit import unittest
from tests.unit import AWSMockServiceTestCase
from boto.vpc import VPCConnection
class TestDescribeNetworkAcls(AWSMockServiceTestCase):
connection_class = VPCConnection
def default_body(self):
return b"""
<DescribeNetworkAclsResponse xmlns="http://ec2.amazonaws.com/doc/2013-10-01/">
<requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId>
<networkAclSet>
<item>
<networkAclId>acl-5566953c</networkAclId>
<vpcId>vpc-5266953b</vpcId>
<default>true</default>
<entrySet>
<item>
<ruleNumber>100</ruleNumber>
<protocol>all</protocol>
<ruleAction>allow</ruleAction>
<egress>true</egress>
<cidrBlock>0.0.0.0/0</cidrBlock>
</item>
<item>
<ruleNumber>32767</ruleNumber>
<protocol>all</protocol>
<ruleAction>deny</ruleAction>
<egress>true</egress>
<cidrBlock>0.0.0.0/0</cidrBlock>
</item>
<item>
<ruleNumber>100</ruleNumber>
<protocol>all</protocol>
<ruleAction>allow</ruleAction>
<egress>false</egress>
<cidrBlock>0.0.0.0/0</cidrBlock>
</item>
<item>
<ruleNumber>32767</ruleNumber>
<protocol>all</protocol>
<ruleAction>deny</ruleAction>
<egress>false</egress>
<cidrBlock>0.0.0.0/0</cidrBlock>
</item>
</entrySet>
<associationSet/>
<tagSet/>
</item>
<item>
<networkAclId>acl-5d659634</networkAclId>
<vpcId>vpc-5266953b</vpcId>
<default>false</default>
<entrySet>
<item>
<ruleNumber>110</ruleNumber>
<protocol>6</protocol>
<ruleAction>allow</ruleAction>
<egress>true</egress>
<cidrBlock>0.0.0.0/0</cidrBlock>
<portRange>
<from>49152</from>
<to>65535</to>
</portRange>
</item>
<item>
<ruleNumber>32767</ruleNumber>
<protocol>all</protocol>
<ruleAction>deny</ruleAction>
<egress>true</egress>
<cidrBlock>0.0.0.0/0</cidrBlock>
</item>
<item>
<ruleNumber>110</ruleNumber>
<protocol>6</protocol>
<ruleAction>allow</ruleAction>
<egress>false</egress>
<cidrBlock>0.0.0.0/0</cidrBlock>
<portRange>
<from>80</from>
<to>80</to>
</portRange>
</item>
<item>
<ruleNumber>120</ruleNumber>
<protocol>6</protocol>
<ruleAction>allow</ruleAction>
<egress>false</egress>
<cidrBlock>0.0.0.0/0</cidrBlock>
<portRange>
<from>443</from>
<to>443</to>
</portRange>
</item>
<item>
<ruleNumber>32767</ruleNumber>
<protocol>all</protocol>
<ruleAction>deny</ruleAction>
<egress>false</egress>
<cidrBlock>0.0.0.0/0</cidrBlock>
</item>
</entrySet>
<associationSet>
<item>
<networkAclAssociationId>aclassoc-5c659635</networkAclAssociationId>
<networkAclId>acl-5d659634</networkAclId>
<subnetId>subnet-ff669596</subnetId>
</item>
<item>
<networkAclAssociationId>aclassoc-c26596ab</networkAclAssociationId>
<networkAclId>acl-5d659634</networkAclId>
<subnetId>subnet-f0669599</subnetId>
</item>
</associationSet>
<tagSet/>
</item>
</networkAclSet>
</DescribeNetworkAclsResponse>
"""
def test_get_all_network_acls(self):
self.set_http_response(status_code=200)
response = self.service_connection.get_all_network_acls(['acl-5566953c', 'acl-5d659634'],
[('vpc-id', 'vpc-5266953b')])
self.assert_request_parameters({
'Action': 'DescribeNetworkAcls',
'NetworkAclId.1': 'acl-5566953c',
'NetworkAclId.2': 'acl-5d659634',
'Filter.1.Name': 'vpc-id',
'Filter.1.Value.1': 'vpc-5266953b'},
ignore_params_values=['AWSAccessKeyId', 'SignatureMethod',
'SignatureVersion', 'Timestamp',
'Version'])
self.assertEqual(len(response), 2)
class TestReplaceNetworkAclAssociation(AWSMockServiceTestCase):
connection_class = VPCConnection
get_all_network_acls_vpc_body = b"""
<DescribeNetworkAclsResponse xmlns="http://ec2.amazonaws.com/doc/2013-10-01/">
<requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId>
<networkAclSet>
<item>
<networkAclId>acl-5566953c</networkAclId>
<vpcId>vpc-5266953b</vpcId>
<default>true</default>
<entrySet>
<item>
<ruleNumber>100</ruleNumber>
<protocol>all</protocol>
<ruleAction>allow</ruleAction>
<egress>true</egress>
<cidrBlock>0.0.0.0/0</cidrBlock>
</item>
<item>
<ruleNumber>32767</ruleNumber>
<protocol>all</protocol>
<ruleAction>deny</ruleAction>
<egress>true</egress>
<cidrBlock>0.0.0.0/0</cidrBlock>
</item>
<item>
<ruleNumber>100</ruleNumber>
<protocol>all</protocol>
<ruleAction>allow</ruleAction>
<egress>false</egress>
<cidrBlock>0.0.0.0/0</cidrBlock>
</item>
<item>
<ruleNumber>32767</ruleNumber>
<protocol>all</protocol>
<ruleAction>deny</ruleAction>
<egress>false</egress>
<cidrBlock>0.0.0.0/0</cidrBlock>
</item>
</entrySet>
<associationSet/>
<tagSet/>
</item>
</networkAclSet>
</DescribeNetworkAclsResponse>
"""
get_all_network_acls_subnet_body = b"""
<DescribeNetworkAclsResponse xmlns="http://ec2.amazonaws.com/doc/2013-10-01/">
<requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId>
<networkAclSet>
<item>
<networkAclId>acl-5d659634</networkAclId>
<vpcId>vpc-5266953b</vpcId>
<default>false</default>
<entrySet>
<item>
<ruleNumber>110</ruleNumber>
<protocol>6</protocol>
<ruleAction>allow</ruleAction>
<egress>true</egress>
<cidrBlock>0.0.0.0/0</cidrBlock>
<portRange>
<from>49152</from>
<to>65535</to>
</portRange>
</item>
</entrySet>
<associationSet>
<item>
<networkAclAssociationId>aclassoc-c26596ab</networkAclAssociationId>
<networkAclId>acl-5d659634</networkAclId>
<subnetId>subnet-f0669599</subnetId>
</item>
<item>
<networkAclAssociationId>aclassoc-5c659635</networkAclAssociationId>
<networkAclId>acl-5d659634</networkAclId>
<subnetId>subnet-ff669596</subnetId>
</item>
</associationSet>
<tagSet/>
</item>
</networkAclSet>
</DescribeNetworkAclsResponse>
"""
def default_body(self):
return b"""
<ReplaceNetworkAclAssociationResponse xmlns="http://ec2.amazonaws.com/doc/2013-10-01/">
<requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId>
<newAssociationId>aclassoc-17b85d7e</newAssociationId>
</ReplaceNetworkAclAssociationResponse>
"""
def test_associate_network_acl(self):
self.https_connection.getresponse.side_effect = [
self.create_response(status_code=200, body=self.get_all_network_acls_subnet_body),
self.create_response(status_code=200)
]
response = self.service_connection.associate_network_acl('acl-5fb85d36', 'subnet-ff669596')
# Note: Not testing proper call to get_all_network_acls!
self.assert_request_parameters({
'Action': 'ReplaceNetworkAclAssociation',
'NetworkAclId': 'acl-5fb85d36',
'AssociationId': 'aclassoc-5c659635'},
ignore_params_values=['AWSAccessKeyId', 'SignatureMethod',
'SignatureVersion', 'Timestamp',
'Version'])
self.assertEqual(response, 'aclassoc-17b85d7e')
def test_disassociate_network_acl(self):
self.https_connection.getresponse.side_effect = [
self.create_response(status_code=200, body=self.get_all_network_acls_vpc_body),
self.create_response(status_code=200, body=self.get_all_network_acls_subnet_body),
self.create_response(status_code=200)
]
response = self.service_connection.disassociate_network_acl('subnet-ff669596',
'vpc-5266953b')
# Note: Not testing proper call to either call to get_all_network_acls!
self.assert_request_parameters({
'Action': 'ReplaceNetworkAclAssociation',
'NetworkAclId': 'acl-5566953c',
'AssociationId': 'aclassoc-5c659635'},
ignore_params_values=['AWSAccessKeyId', 'SignatureMethod',
'SignatureVersion', 'Timestamp',
'Version'])
self.assertEqual(response, 'aclassoc-17b85d7e')
class TestCreateNetworkAcl(AWSMockServiceTestCase):
connection_class = VPCConnection
def default_body(self):
return b"""
<CreateNetworkAclResponse xmlns="http://ec2.amazonaws.com/doc/2013-10-01/">
<requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId>
<networkAcl>
<networkAclId>acl-5fb85d36</networkAclId>
<vpcId>vpc-11ad4878</vpcId>
<default>false</default>
<entrySet>
<item>
<ruleNumber>32767</ruleNumber>
<protocol>all</protocol>
<ruleAction>deny</ruleAction>
<egress>true</egress>
<cidrBlock>0.0.0.0/0</cidrBlock>
</item>
<item>
<ruleNumber>32767</ruleNumber>
<protocol>all</protocol>
<ruleAction>deny</ruleAction>
<egress>false</egress>
<cidrBlock>0.0.0.0/0</cidrBlock>
</item>
</entrySet>
<associationSet/>
<tagSet/>
</networkAcl>
</CreateNetworkAclResponse>
"""
def test_create_network_acl(self):
self.set_http_response(status_code=200)
response = self.service_connection.create_network_acl('vpc-11ad4878')
self.assert_request_parameters({
'Action': 'CreateNetworkAcl',
'VpcId': 'vpc-11ad4878'},
ignore_params_values=['AWSAccessKeyId', 'SignatureMethod',
'SignatureVersion', 'Timestamp',
'Version'])
self.assertEqual(response.id, 'acl-5fb85d36')
class DeleteCreateNetworkAcl(AWSMockServiceTestCase):
connection_class = VPCConnection
def default_body(self):
return b"""
<DeleteNetworkAclResponse xmlns="http://ec2.amazonaws.com/doc/2013-10-01/">
<requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId>
<return>true</return>
</DeleteNetworkAclResponse>
"""
def test_delete_network_acl(self):
self.set_http_response(status_code=200)
response = self.service_connection.delete_network_acl('acl-2cb85d45')
self.assert_request_parameters({
'Action': 'DeleteNetworkAcl',
'NetworkAclId': 'acl-2cb85d45'},
ignore_params_values=['AWSAccessKeyId', 'SignatureMethod',
'SignatureVersion', 'Timestamp',
'Version'])
self.assertEqual(response, True)
class TestCreateNetworkAclEntry(AWSMockServiceTestCase):
connection_class = VPCConnection
def default_body(self):
return b"""
<CreateNetworkAclEntryResponse xmlns="http://ec2.amazonaws.com/doc/2013-10-01/">
<requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId>
<return>true</return>
</CreateNetworkAclEntryResponse>
"""
def test_create_network_acl(self):
self.set_http_response(status_code=200)
response = self.service_connection.create_network_acl_entry(
'acl-2cb85d45', 110, 'udp', 'allow', '0.0.0.0/0', egress=False,
port_range_from=53, port_range_to=53)
self.assert_request_parameters({
'Action': 'CreateNetworkAclEntry',
'NetworkAclId': 'acl-2cb85d45',
'RuleNumber': 110,
'Protocol': 'udp',
'RuleAction': 'allow',
'Egress': 'false',
'CidrBlock': '0.0.0.0/0',
'PortRange.From': 53,
'PortRange.To': 53},
ignore_params_values=['AWSAccessKeyId', 'SignatureMethod',
'SignatureVersion', 'Timestamp',
'Version'])
self.assertEqual(response, True)
def test_create_network_acl_icmp(self):
self.set_http_response(status_code=200)
response = self.service_connection.create_network_acl_entry(
'acl-2cb85d45', 110, 'udp', 'allow', '0.0.0.0/0', egress='true',
icmp_code=-1, icmp_type=8)
self.assert_request_parameters({
'Action': 'CreateNetworkAclEntry',
'NetworkAclId': 'acl-2cb85d45',
'RuleNumber': 110,
'Protocol': 'udp',
'RuleAction': 'allow',
'Egress': 'true',
'CidrBlock': '0.0.0.0/0',
'Icmp.Code': -1,
'Icmp.Type': 8},
ignore_params_values=['AWSAccessKeyId', 'SignatureMethod',
'SignatureVersion', 'Timestamp',
'Version'])
self.assertEqual(response, True)
class TestReplaceNetworkAclEntry(AWSMockServiceTestCase):
connection_class = VPCConnection
def default_body(self):
return b"""
<ReplaceNetworkAclEntryResponse xmlns="http://ec2.amazonaws.com/doc/2013-10-01/">
<requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId>
<return>true</return>
</ReplaceNetworkAclEntryResponse>
"""
def test_replace_network_acl(self):
self.set_http_response(status_code=200)
response = self.service_connection.replace_network_acl_entry(
'acl-2cb85d45', 110, 'tcp', 'deny', '0.0.0.0/0', egress=False,
port_range_from=139, port_range_to=139)
self.assert_request_parameters({
'Action': 'ReplaceNetworkAclEntry',
'NetworkAclId': 'acl-2cb85d45',
'RuleNumber': 110,
'Protocol': 'tcp',
'RuleAction': 'deny',
'Egress': 'false',
'CidrBlock': '0.0.0.0/0',
'PortRange.From': 139,
'PortRange.To': 139},
ignore_params_values=['AWSAccessKeyId', 'SignatureMethod',
'SignatureVersion', 'Timestamp',
'Version'])
self.assertEqual(response, True)
def test_replace_network_acl_icmp(self):
self.set_http_response(status_code=200)
response = self.service_connection.replace_network_acl_entry(
'acl-2cb85d45', 110, 'tcp', 'deny', '0.0.0.0/0',
icmp_code=-1, icmp_type=8)
self.assert_request_parameters({
'Action': 'ReplaceNetworkAclEntry',
'NetworkAclId': 'acl-2cb85d45',
'RuleNumber': 110,
'Protocol': 'tcp',
'RuleAction': 'deny',
'CidrBlock': '0.0.0.0/0',
'Icmp.Code': -1,
'Icmp.Type': 8},
ignore_params_values=['AWSAccessKeyId', 'SignatureMethod',
'SignatureVersion', 'Timestamp',
'Version'])
self.assertEqual(response, True)
class TestDeleteNetworkAclEntry(AWSMockServiceTestCase):
connection_class = VPCConnection
def default_body(self):
return b"""
<DeleteNetworkAclEntryResponse xmlns="http://ec2.amazonaws.com/doc/2013-10-01/">
<requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId>
<return>true</return>
</DeleteNetworkAclEntryResponse>
"""
def test_delete_network_acl(self):
self.set_http_response(status_code=200)
response = self.service_connection.delete_network_acl_entry('acl-2cb85d45', 100,
egress=False)
self.assert_request_parameters({
'Action': 'DeleteNetworkAclEntry',
'NetworkAclId': 'acl-2cb85d45',
'RuleNumber': 100,
'Egress': 'false'},
ignore_params_values=['AWSAccessKeyId', 'SignatureMethod',
'SignatureVersion', 'Timestamp',
'Version'])
self.assertEqual(response, True)
class TestGetNetworkAclAssociations(AWSMockServiceTestCase):
connection_class = VPCConnection
def default_body(self):
return b"""
<DescribeNetworkAclsResponse xmlns="http://ec2.amazonaws.com/doc/2013-10-01/">
<requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId>
<networkAclSet>
<item>
<networkAclId>acl-5d659634</networkAclId>
<vpcId>vpc-5266953b</vpcId>
<default>false</default>
<entrySet>
<item>
<ruleNumber>110</ruleNumber>
<protocol>6</protocol>
<ruleAction>allow</ruleAction>
<egress>true</egress>
<cidrBlock>0.0.0.0/0</cidrBlock>
<portRange>
<from>49152</from>
<to>65535</to>
</portRange>
</item>
</entrySet>
<associationSet>
<item>
<networkAclAssociationId>aclassoc-c26596ab</networkAclAssociationId>
<networkAclId>acl-5d659634</networkAclId>
<subnetId>subnet-f0669599</subnetId>
</item>
</associationSet>
<tagSet/>
</item>
</networkAclSet>
</DescribeNetworkAclsResponse>
"""
def test_get_network_acl_associations(self):
self.set_http_response(status_code=200)
api_response = self.service_connection.get_all_network_acls()
association = api_response[0].associations[0]
self.assertEqual(association.network_acl_id, 'acl-5d659634')
if __name__ == '__main__':
unittest.main()