1from tests.unit import unittest 2from tests.unit import AWSMockServiceTestCase 3 4from boto.vpc import VPCConnection 5 6 7class TestDescribeNetworkAcls(AWSMockServiceTestCase): 8 9 connection_class = VPCConnection 10 11 def default_body(self): 12 return b""" 13 <DescribeNetworkAclsResponse xmlns="http://ec2.amazonaws.com/doc/2013-10-01/"> 14 <requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId> 15 <networkAclSet> 16 <item> 17 <networkAclId>acl-5566953c</networkAclId> 18 <vpcId>vpc-5266953b</vpcId> 19 <default>true</default> 20 <entrySet> 21 <item> 22 <ruleNumber>100</ruleNumber> 23 <protocol>all</protocol> 24 <ruleAction>allow</ruleAction> 25 <egress>true</egress> 26 <cidrBlock>0.0.0.0/0</cidrBlock> 27 </item> 28 <item> 29 <ruleNumber>32767</ruleNumber> 30 <protocol>all</protocol> 31 <ruleAction>deny</ruleAction> 32 <egress>true</egress> 33 <cidrBlock>0.0.0.0/0</cidrBlock> 34 </item> 35 <item> 36 <ruleNumber>100</ruleNumber> 37 <protocol>all</protocol> 38 <ruleAction>allow</ruleAction> 39 <egress>false</egress> 40 <cidrBlock>0.0.0.0/0</cidrBlock> 41 </item> 42 <item> 43 <ruleNumber>32767</ruleNumber> 44 <protocol>all</protocol> 45 <ruleAction>deny</ruleAction> 46 <egress>false</egress> 47 <cidrBlock>0.0.0.0/0</cidrBlock> 48 </item> 49 </entrySet> 50 <associationSet/> 51 <tagSet/> 52 </item> 53 <item> 54 <networkAclId>acl-5d659634</networkAclId> 55 <vpcId>vpc-5266953b</vpcId> 56 <default>false</default> 57 <entrySet> 58 <item> 59 <ruleNumber>110</ruleNumber> 60 <protocol>6</protocol> 61 <ruleAction>allow</ruleAction> 62 <egress>true</egress> 63 <cidrBlock>0.0.0.0/0</cidrBlock> 64 <portRange> 65 <from>49152</from> 66 <to>65535</to> 67 </portRange> 68 </item> 69 <item> 70 <ruleNumber>32767</ruleNumber> 71 <protocol>all</protocol> 72 <ruleAction>deny</ruleAction> 73 <egress>true</egress> 74 <cidrBlock>0.0.0.0/0</cidrBlock> 75 </item> 76 <item> 77 <ruleNumber>110</ruleNumber> 78 <protocol>6</protocol> 79 <ruleAction>allow</ruleAction> 80 <egress>false</egress> 81 <cidrBlock>0.0.0.0/0</cidrBlock> 82 <portRange> 83 <from>80</from> 84 <to>80</to> 85 </portRange> 86 </item> 87 <item> 88 <ruleNumber>120</ruleNumber> 89 <protocol>6</protocol> 90 <ruleAction>allow</ruleAction> 91 <egress>false</egress> 92 <cidrBlock>0.0.0.0/0</cidrBlock> 93 <portRange> 94 <from>443</from> 95 <to>443</to> 96 </portRange> 97 </item> 98 <item> 99 <ruleNumber>32767</ruleNumber> 100 <protocol>all</protocol> 101 <ruleAction>deny</ruleAction> 102 <egress>false</egress> 103 <cidrBlock>0.0.0.0/0</cidrBlock> 104 </item> 105 </entrySet> 106 <associationSet> 107 <item> 108 <networkAclAssociationId>aclassoc-5c659635</networkAclAssociationId> 109 <networkAclId>acl-5d659634</networkAclId> 110 <subnetId>subnet-ff669596</subnetId> 111 </item> 112 <item> 113 <networkAclAssociationId>aclassoc-c26596ab</networkAclAssociationId> 114 <networkAclId>acl-5d659634</networkAclId> 115 <subnetId>subnet-f0669599</subnetId> 116 </item> 117 </associationSet> 118 <tagSet/> 119 </item> 120 </networkAclSet> 121 </DescribeNetworkAclsResponse> 122 """ 123 124 def test_get_all_network_acls(self): 125 self.set_http_response(status_code=200) 126 response = self.service_connection.get_all_network_acls(['acl-5566953c', 'acl-5d659634'], 127 [('vpc-id', 'vpc-5266953b')]) 128 self.assert_request_parameters({ 129 'Action': 'DescribeNetworkAcls', 130 'NetworkAclId.1': 'acl-5566953c', 131 'NetworkAclId.2': 'acl-5d659634', 132 'Filter.1.Name': 'vpc-id', 133 'Filter.1.Value.1': 'vpc-5266953b'}, 134 ignore_params_values=['AWSAccessKeyId', 'SignatureMethod', 135 'SignatureVersion', 'Timestamp', 136 'Version']) 137 self.assertEqual(len(response), 2) 138 139 140class TestReplaceNetworkAclAssociation(AWSMockServiceTestCase): 141 142 connection_class = VPCConnection 143 144 get_all_network_acls_vpc_body = b""" 145 <DescribeNetworkAclsResponse xmlns="http://ec2.amazonaws.com/doc/2013-10-01/"> 146 <requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId> 147 <networkAclSet> 148 <item> 149 <networkAclId>acl-5566953c</networkAclId> 150 <vpcId>vpc-5266953b</vpcId> 151 <default>true</default> 152 <entrySet> 153 <item> 154 <ruleNumber>100</ruleNumber> 155 <protocol>all</protocol> 156 <ruleAction>allow</ruleAction> 157 <egress>true</egress> 158 <cidrBlock>0.0.0.0/0</cidrBlock> 159 </item> 160 <item> 161 <ruleNumber>32767</ruleNumber> 162 <protocol>all</protocol> 163 <ruleAction>deny</ruleAction> 164 <egress>true</egress> 165 <cidrBlock>0.0.0.0/0</cidrBlock> 166 </item> 167 <item> 168 <ruleNumber>100</ruleNumber> 169 <protocol>all</protocol> 170 <ruleAction>allow</ruleAction> 171 <egress>false</egress> 172 <cidrBlock>0.0.0.0/0</cidrBlock> 173 </item> 174 <item> 175 <ruleNumber>32767</ruleNumber> 176 <protocol>all</protocol> 177 <ruleAction>deny</ruleAction> 178 <egress>false</egress> 179 <cidrBlock>0.0.0.0/0</cidrBlock> 180 </item> 181 </entrySet> 182 <associationSet/> 183 <tagSet/> 184 </item> 185 186 </networkAclSet> 187 </DescribeNetworkAclsResponse> 188 """ 189 190 get_all_network_acls_subnet_body = b""" 191 <DescribeNetworkAclsResponse xmlns="http://ec2.amazonaws.com/doc/2013-10-01/"> 192 <requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId> 193 <networkAclSet> 194 <item> 195 <networkAclId>acl-5d659634</networkAclId> 196 <vpcId>vpc-5266953b</vpcId> 197 <default>false</default> 198 <entrySet> 199 <item> 200 <ruleNumber>110</ruleNumber> 201 <protocol>6</protocol> 202 <ruleAction>allow</ruleAction> 203 <egress>true</egress> 204 <cidrBlock>0.0.0.0/0</cidrBlock> 205 <portRange> 206 <from>49152</from> 207 <to>65535</to> 208 </portRange> 209 </item> 210 </entrySet> 211 <associationSet> 212 <item> 213 <networkAclAssociationId>aclassoc-c26596ab</networkAclAssociationId> 214 <networkAclId>acl-5d659634</networkAclId> 215 <subnetId>subnet-f0669599</subnetId> 216 </item> 217 <item> 218 <networkAclAssociationId>aclassoc-5c659635</networkAclAssociationId> 219 <networkAclId>acl-5d659634</networkAclId> 220 <subnetId>subnet-ff669596</subnetId> 221 </item> 222 </associationSet> 223 <tagSet/> 224 </item> 225 </networkAclSet> 226 </DescribeNetworkAclsResponse> 227 """ 228 229 def default_body(self): 230 return b""" 231 <ReplaceNetworkAclAssociationResponse xmlns="http://ec2.amazonaws.com/doc/2013-10-01/"> 232 <requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId> 233 <newAssociationId>aclassoc-17b85d7e</newAssociationId> 234 </ReplaceNetworkAclAssociationResponse> 235 """ 236 237 def test_associate_network_acl(self): 238 self.https_connection.getresponse.side_effect = [ 239 self.create_response(status_code=200, body=self.get_all_network_acls_subnet_body), 240 self.create_response(status_code=200) 241 ] 242 response = self.service_connection.associate_network_acl('acl-5fb85d36', 'subnet-ff669596') 243 # Note: Not testing proper call to get_all_network_acls! 244 self.assert_request_parameters({ 245 'Action': 'ReplaceNetworkAclAssociation', 246 'NetworkAclId': 'acl-5fb85d36', 247 'AssociationId': 'aclassoc-5c659635'}, 248 ignore_params_values=['AWSAccessKeyId', 'SignatureMethod', 249 'SignatureVersion', 'Timestamp', 250 'Version']) 251 self.assertEqual(response, 'aclassoc-17b85d7e') 252 253 def test_disassociate_network_acl(self): 254 self.https_connection.getresponse.side_effect = [ 255 self.create_response(status_code=200, body=self.get_all_network_acls_vpc_body), 256 self.create_response(status_code=200, body=self.get_all_network_acls_subnet_body), 257 self.create_response(status_code=200) 258 ] 259 response = self.service_connection.disassociate_network_acl('subnet-ff669596', 260 'vpc-5266953b') 261 # Note: Not testing proper call to either call to get_all_network_acls! 262 self.assert_request_parameters({ 263 'Action': 'ReplaceNetworkAclAssociation', 264 'NetworkAclId': 'acl-5566953c', 265 'AssociationId': 'aclassoc-5c659635'}, 266 ignore_params_values=['AWSAccessKeyId', 'SignatureMethod', 267 'SignatureVersion', 'Timestamp', 268 'Version']) 269 self.assertEqual(response, 'aclassoc-17b85d7e') 270 271 272class TestCreateNetworkAcl(AWSMockServiceTestCase): 273 274 connection_class = VPCConnection 275 276 def default_body(self): 277 return b""" 278 <CreateNetworkAclResponse xmlns="http://ec2.amazonaws.com/doc/2013-10-01/"> 279 <requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId> 280 <networkAcl> 281 <networkAclId>acl-5fb85d36</networkAclId> 282 <vpcId>vpc-11ad4878</vpcId> 283 <default>false</default> 284 <entrySet> 285 <item> 286 <ruleNumber>32767</ruleNumber> 287 <protocol>all</protocol> 288 <ruleAction>deny</ruleAction> 289 <egress>true</egress> 290 <cidrBlock>0.0.0.0/0</cidrBlock> 291 </item> 292 <item> 293 <ruleNumber>32767</ruleNumber> 294 <protocol>all</protocol> 295 <ruleAction>deny</ruleAction> 296 <egress>false</egress> 297 <cidrBlock>0.0.0.0/0</cidrBlock> 298 </item> 299 </entrySet> 300 <associationSet/> 301 <tagSet/> 302 </networkAcl> 303 </CreateNetworkAclResponse> 304 """ 305 306 def test_create_network_acl(self): 307 self.set_http_response(status_code=200) 308 response = self.service_connection.create_network_acl('vpc-11ad4878') 309 self.assert_request_parameters({ 310 'Action': 'CreateNetworkAcl', 311 'VpcId': 'vpc-11ad4878'}, 312 ignore_params_values=['AWSAccessKeyId', 'SignatureMethod', 313 'SignatureVersion', 'Timestamp', 314 'Version']) 315 self.assertEqual(response.id, 'acl-5fb85d36') 316 317 318class DeleteCreateNetworkAcl(AWSMockServiceTestCase): 319 320 connection_class = VPCConnection 321 322 def default_body(self): 323 return b""" 324 <DeleteNetworkAclResponse xmlns="http://ec2.amazonaws.com/doc/2013-10-01/"> 325 <requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId> 326 <return>true</return> 327 </DeleteNetworkAclResponse> 328 """ 329 330 def test_delete_network_acl(self): 331 self.set_http_response(status_code=200) 332 response = self.service_connection.delete_network_acl('acl-2cb85d45') 333 self.assert_request_parameters({ 334 'Action': 'DeleteNetworkAcl', 335 'NetworkAclId': 'acl-2cb85d45'}, 336 ignore_params_values=['AWSAccessKeyId', 'SignatureMethod', 337 'SignatureVersion', 'Timestamp', 338 'Version']) 339 self.assertEqual(response, True) 340 341 342class TestCreateNetworkAclEntry(AWSMockServiceTestCase): 343 344 connection_class = VPCConnection 345 346 def default_body(self): 347 return b""" 348 <CreateNetworkAclEntryResponse xmlns="http://ec2.amazonaws.com/doc/2013-10-01/"> 349 <requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId> 350 <return>true</return> 351 </CreateNetworkAclEntryResponse> 352 """ 353 354 def test_create_network_acl(self): 355 self.set_http_response(status_code=200) 356 response = self.service_connection.create_network_acl_entry( 357 'acl-2cb85d45', 110, 'udp', 'allow', '0.0.0.0/0', egress=False, 358 port_range_from=53, port_range_to=53) 359 self.assert_request_parameters({ 360 'Action': 'CreateNetworkAclEntry', 361 'NetworkAclId': 'acl-2cb85d45', 362 'RuleNumber': 110, 363 'Protocol': 'udp', 364 'RuleAction': 'allow', 365 'Egress': 'false', 366 'CidrBlock': '0.0.0.0/0', 367 'PortRange.From': 53, 368 'PortRange.To': 53}, 369 ignore_params_values=['AWSAccessKeyId', 'SignatureMethod', 370 'SignatureVersion', 'Timestamp', 371 'Version']) 372 self.assertEqual(response, True) 373 374 def test_create_network_acl_icmp(self): 375 self.set_http_response(status_code=200) 376 response = self.service_connection.create_network_acl_entry( 377 'acl-2cb85d45', 110, 'udp', 'allow', '0.0.0.0/0', egress='true', 378 icmp_code=-1, icmp_type=8) 379 self.assert_request_parameters({ 380 'Action': 'CreateNetworkAclEntry', 381 'NetworkAclId': 'acl-2cb85d45', 382 'RuleNumber': 110, 383 'Protocol': 'udp', 384 'RuleAction': 'allow', 385 'Egress': 'true', 386 'CidrBlock': '0.0.0.0/0', 387 'Icmp.Code': -1, 388 'Icmp.Type': 8}, 389 ignore_params_values=['AWSAccessKeyId', 'SignatureMethod', 390 'SignatureVersion', 'Timestamp', 391 'Version']) 392 self.assertEqual(response, True) 393 394 395class TestReplaceNetworkAclEntry(AWSMockServiceTestCase): 396 397 connection_class = VPCConnection 398 399 def default_body(self): 400 return b""" 401 <ReplaceNetworkAclEntryResponse xmlns="http://ec2.amazonaws.com/doc/2013-10-01/"> 402 <requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId> 403 <return>true</return> 404 </ReplaceNetworkAclEntryResponse> 405 """ 406 407 def test_replace_network_acl(self): 408 self.set_http_response(status_code=200) 409 response = self.service_connection.replace_network_acl_entry( 410 'acl-2cb85d45', 110, 'tcp', 'deny', '0.0.0.0/0', egress=False, 411 port_range_from=139, port_range_to=139) 412 self.assert_request_parameters({ 413 'Action': 'ReplaceNetworkAclEntry', 414 'NetworkAclId': 'acl-2cb85d45', 415 'RuleNumber': 110, 416 'Protocol': 'tcp', 417 'RuleAction': 'deny', 418 'Egress': 'false', 419 'CidrBlock': '0.0.0.0/0', 420 'PortRange.From': 139, 421 'PortRange.To': 139}, 422 ignore_params_values=['AWSAccessKeyId', 'SignatureMethod', 423 'SignatureVersion', 'Timestamp', 424 'Version']) 425 self.assertEqual(response, True) 426 427 def test_replace_network_acl_icmp(self): 428 self.set_http_response(status_code=200) 429 response = self.service_connection.replace_network_acl_entry( 430 'acl-2cb85d45', 110, 'tcp', 'deny', '0.0.0.0/0', 431 icmp_code=-1, icmp_type=8) 432 self.assert_request_parameters({ 433 'Action': 'ReplaceNetworkAclEntry', 434 'NetworkAclId': 'acl-2cb85d45', 435 'RuleNumber': 110, 436 'Protocol': 'tcp', 437 'RuleAction': 'deny', 438 'CidrBlock': '0.0.0.0/0', 439 'Icmp.Code': -1, 440 'Icmp.Type': 8}, 441 ignore_params_values=['AWSAccessKeyId', 'SignatureMethod', 442 'SignatureVersion', 'Timestamp', 443 'Version']) 444 self.assertEqual(response, True) 445 446 447class TestDeleteNetworkAclEntry(AWSMockServiceTestCase): 448 449 connection_class = VPCConnection 450 451 def default_body(self): 452 return b""" 453 <DeleteNetworkAclEntryResponse xmlns="http://ec2.amazonaws.com/doc/2013-10-01/"> 454 <requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId> 455 <return>true</return> 456 </DeleteNetworkAclEntryResponse> 457 """ 458 459 def test_delete_network_acl(self): 460 self.set_http_response(status_code=200) 461 response = self.service_connection.delete_network_acl_entry('acl-2cb85d45', 100, 462 egress=False) 463 self.assert_request_parameters({ 464 'Action': 'DeleteNetworkAclEntry', 465 'NetworkAclId': 'acl-2cb85d45', 466 'RuleNumber': 100, 467 'Egress': 'false'}, 468 ignore_params_values=['AWSAccessKeyId', 'SignatureMethod', 469 'SignatureVersion', 'Timestamp', 470 'Version']) 471 self.assertEqual(response, True) 472 473 474class TestGetNetworkAclAssociations(AWSMockServiceTestCase): 475 476 connection_class = VPCConnection 477 478 def default_body(self): 479 return b""" 480 <DescribeNetworkAclsResponse xmlns="http://ec2.amazonaws.com/doc/2013-10-01/"> 481 <requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId> 482 <networkAclSet> 483 <item> 484 <networkAclId>acl-5d659634</networkAclId> 485 <vpcId>vpc-5266953b</vpcId> 486 <default>false</default> 487 <entrySet> 488 <item> 489 <ruleNumber>110</ruleNumber> 490 <protocol>6</protocol> 491 <ruleAction>allow</ruleAction> 492 <egress>true</egress> 493 <cidrBlock>0.0.0.0/0</cidrBlock> 494 <portRange> 495 <from>49152</from> 496 <to>65535</to> 497 </portRange> 498 </item> 499 </entrySet> 500 <associationSet> 501 <item> 502 <networkAclAssociationId>aclassoc-c26596ab</networkAclAssociationId> 503 <networkAclId>acl-5d659634</networkAclId> 504 <subnetId>subnet-f0669599</subnetId> 505 </item> 506 </associationSet> 507 <tagSet/> 508 </item> 509 </networkAclSet> 510 </DescribeNetworkAclsResponse> 511 """ 512 513 def test_get_network_acl_associations(self): 514 self.set_http_response(status_code=200) 515 api_response = self.service_connection.get_all_network_acls() 516 association = api_response[0].associations[0] 517 self.assertEqual(association.network_acl_id, 'acl-5d659634') 518 519 520if __name__ == '__main__': 521 unittest.main() 522