add firewall functionality

Author: Elias Nygren

test/conftest.py

@@ -15,16 +15,19 @@ class Mock():
 
 	@staticmethod
 	def read_from_file(filename):
-		
+
 		filename = filename.replace("/", "_")
 
 		cwd = os.path.dirname(__file__)
 		f = open(cwd + '/json_data/'+filename, 'r')
 		return f.read()
 
 	@staticmethod
-	def mock_get(target):
-		data = Mock.read_from_file(target + '.json')
+	def mock_get(target, response_file=None):
+		if not response_file:
+			response_file = target + '.json'
+
+		data = Mock.read_from_file(response_file)
 		responses.add(responses.GET, Mock.base_url + '/' + target,
 						body=data,
 						status=200,
@@ -35,11 +38,10 @@ def mock_get(target):
 	def __put_post_callback(request, target, data):
 		data_field = target.split("/")[0]
 		payload = json.loads(request.body)
-		
+
 		for field in data[data_field]:
 			if field in payload[data_field]:
 				data[data_field][field] = payload[data_field][field]
-		print(data)
 		return(200, {}, json.dumps(data))
 
 	@staticmethod
@@ -76,7 +78,7 @@ def mock_server_operation(target):
 		targetfile = "/".join( targetsplit[:2] )
 
 		data = json.loads( Mock.read_from_file(targetfile + '.json') )
-		
+
 		# API will always respond state: "started", see: Server.stop, Server.start, Server,restart
 		data["server"]["state"] = "started"
 

test/json_data/firewall_rule.json

@@ -0,0 +1,17 @@
+{
+    "firewall_rule" : {
+        "protocol" : "tcp",
+        "destination_port_end" : "22",
+        "source_address_start" : "192.168.1.0",
+        "source_address_end" : "192.168.1.255",
+        "position" : "1",
+        "source_port_end" : "",
+        "source_port_start" : "",
+        "destination_address_start" : "",
+        "direction" : "in",
+        "action" : "accept",
+        "icmp_type" : "",
+        "destination_port_start" : "22",
+        "destination_address_end" : ""
+    }
+}

test/json_data/firewall_rules.json

@@ -0,0 +1,86 @@
+{
+    "firewall_rules": {
+        "firewall_rule" : [
+            {
+                "action" : "accept",
+                "destination_address_end" : "",
+                "destination_address_start" : "",
+                "destination_port_end" : "80",
+                "destination_port_start" : "80",
+                "direction" : "in",
+                "family" : "IPv4",
+                "icmp_type" : "",
+                "position" : "1",
+                "protocol" : "",
+                "source_address_end" : "",
+                "source_address_start" : "",
+                "source_port_end" : "",
+                "source_port_start" : ""
+            },
+            {
+                "action" : "accept",
+                "destination_address_end" : "",
+                "destination_address_start" : "",
+                "destination_port_end" : "22",
+                "destination_port_start" : "22",
+                "direction" : "in",
+                "family" : "IPv4",
+                "icmp_type" : "",
+                "position" : "2",
+                "protocol" : "tcp",
+                "source_address_end" : "192.168.1.255",
+                "source_address_start" : "192.168.1.1",
+                "source_port_end" : "",
+                "source_port_start" : ""
+            },
+            {
+                "action" : "accept",
+                "destination_address_end" : "",
+                "destination_address_start" : "",
+                "destination_port_end" : "22",
+                "destination_port_start" : "22",
+                "direction" : "in",
+                "family" : "IPv6",
+                "icmp_type" : "",
+                "position" : "3",
+                "protocol" : "tcp",
+                "source_address_end" : "2a04:3540:1000:aaaa:bbbb:cccc:d001",
+                "source_address_start" : "2a04:3540:1000:aaaa:bbbb:cccc:d001",
+                "source_port_end" : "",
+                "source_port_start" : ""
+            },
+            {
+                "action" : "accept",
+                "destination_address_end" : "",
+                "destination_address_start" : "",
+                "destination_port_end" : "",
+                "destination_port_start" : "",
+                "direction" : "in",
+                "family" : "IPv4",
+                "icmp_type" : "8",
+                "position" : "4",
+                "protocol" : "icmp",
+                "source_address_end" : "",
+                "source_address_start" : "",
+                "source_port_end" : "",
+                "source_port_start" : ""
+            },
+            {
+                "action" : "drop",
+                "destination_address_end" : "",
+                "destination_address_start" : "",
+                "destination_port_end" : "",
+                "destination_port_start" : "",
+                "direction" : "in",
+                "family" : "",
+                "icmp_type" : "",
+                "position" : "5",
+                "protocol" : "",
+                "source_address_end" : "",
+                "source_address_start" : "",
+                "source_port_end" : "",
+                "source_port_start" : ""
+            }
+        ]
+    }
+}

test/test_server.py

@@ -2,6 +2,7 @@
 import json
 from conftest import Mock
 import pytest
+from upcloud import FirewallRule
 
 class TestServer():
 	@responses.activate
@@ -36,7 +37,7 @@ def test_start_server(self, manager):
 		server = manager.get_server("009d64ef-31d1-4684-a26b-c86c955cbf46")
 
 		assert server.state == "stopped"
-		
+
 		data = Mock.mock_server_operation("server/009d64ef-31d1-4684-a26b-c86c955cbf46/start")
 		server.start()
 
@@ -48,7 +49,7 @@ def test_stop_server(self, manager):
 		server = manager.get_server("00798b85-efdc-41ca-8021-f6ef457b8531")
 
 		assert server.state == "started"
-		
+
 		data = Mock.mock_server_operation("server/00798b85-efdc-41ca-8021-f6ef457b8531/stop")
 		server.stop()
 
@@ -60,7 +61,7 @@ def test_restart_server(self, manager):
 		server = manager.get_server("00798b85-efdc-41ca-8021-f6ef457b8531")
 
 		assert server.state == "started"
-		
+
 		data = Mock.mock_server_operation("server/00798b85-efdc-41ca-8021-f6ef457b8531/restart")
 		server.restart()
 
@@ -71,17 +72,17 @@ def test_attach_and_detach_IP(self, manager):
 		data = Mock.mock_get("server/00798b85-efdc-41ca-8021-f6ef457b8531")
 		server = manager.get_server("00798b85-efdc-41ca-8021-f6ef457b8531")
 		assert len(server.ip_addresses) == 2
-		
+
 		data = Mock.mock_post("ip_address")
 		server.add_IP()
 		assert len(server.ip_addresses) == 3
-		
+
 		Mock.mock_delete("ip_address/"+server.ip_addresses[2].address)
 		server.remove_IP(server.ip_addresses[2])
 		assert len(server.ip_addresses) == 2
 
 	@responses.activate
-	def test_attach_and_detach_storage(self, manager):		
+	def test_attach_and_detach_storage(self, manager):
 		data = Mock.mock_get("server/00798b85-efdc-41ca-8021-f6ef457b8531")
 		server = manager.get_server("00798b85-efdc-41ca-8021-f6ef457b8531")
 		assert len(server.storage_devices) == 1
@@ -90,9 +91,9 @@ def test_attach_and_detach_storage(self, manager):
 		data = Mock.mock_get("storage/01d4fcd4-e446-433b-8a9c-551a1284952e")
 		storage = manager.get_storage("01d4fcd4-e446-433b-8a9c-551a1284952e")
 
-		
+
 		responses.add(
-			responses.POST, 
+			responses.POST,
 			Mock.base_url + "/server/00798b85-efdc-41ca-8021-f6ef457b8531/storage/attach",
 			body = Mock.read_from_file("storage_attach.json"),
 			status = 200,
@@ -104,7 +105,7 @@ def test_attach_and_detach_storage(self, manager):
 		assert server.storage_devices[1].title == "Operating system disk"
 
 		responses.add(
-			responses.POST, 
+			responses.POST,
 			Mock.base_url + "/server/00798b85-efdc-41ca-8021-f6ef457b8531/storage/detach",
 			body = Mock.read_from_file("storage_attach.json"),
 			status = 200,
@@ -136,8 +137,101 @@ def test_update_server_oop(self, manager):
 	def test_update_server_non_updateable_fields(self, manager):
 		data = Mock.mock_get("server/00798b85-efdc-41ca-8021-f6ef457b8531")
 		server = manager.get_server("00798b85-efdc-41ca-8021-f6ef457b8531")
-		
+
 		with pytest.raises(Exception) as excinfo:
-			server.state = "rekt"	
+			server.state = "rekt"
 		assert "'state' is a readonly field" in str(excinfo.value)
 
+	@responses.activate
+	def test_add_firewall_rule(self, manager):
+		Mock.mock_get("server/00798b85-efdc-41ca-8021-f6ef457b8531")
+		server = manager.get_server("00798b85-efdc-41ca-8021-f6ef457b8531")
+
+		def callback(request):
+			required_fields = [
+				'position', 'direction', 'family', 'protocol',
+				'source_address_start', 'source_address_end',
+				'destination_port_start', 'destination_port_end',
+				'action'
+			]
+
+			request_body = json.loads(request.body)
+
+			for field in required_fields:
+				if field not in request_body:
+					raise Exception('missing required field: {0}'.format(field))
+
+			return(201, {}, json.dumps({ 'firewall_rule': request_body }))
+
+
+		responses.add_callback(
+			responses.POST,
+			Mock.base_url + "/server/00798b85-efdc-41ca-8021-f6ef457b8531/firewall_rule",
+			content_type='application/json',
+			callback=callback
+		)
+
+		returned_firewall = server.add_firewall_rule(FirewallRule(
+			position = "1",
+            direction = "in",
+            family = "IPv4",
+            protocol = "tcp",
+            source_address_start = "192.168.1.1",
+            source_address_end = "192.168.1.255",
+            destination_port_start = "22",
+            destination_port_end = "22",
+            action = "accept"
+		))
+
+		# everything should run without errors, returned created object
+		assert returned_firewall.position == "1"
+		assert returned_firewall.direction == "in"
+		assert returned_firewall.source_address_end == "192.168.1.255"
+
+
+	@responses.activate
+	def test_remove_firewall_rule(self, manager):
+		Mock.mock_get("server/00798b85-efdc-41ca-8021-f6ef457b8531")
+		server = manager.get_server("00798b85-efdc-41ca-8021-f6ef457b8531")
+
+		target = "server/00798b85-efdc-41ca-8021-f6ef457b8531/firewall_rule"
+		Mock.mock_get(target, "firewall_rules.json")
+		firewall_rules = server.get_firewall_rules()
+
+		Mock.mock_delete("server/00798b85-efdc-41ca-8021-f6ef457b8531/firewall_rule/1")
+		res = firewall_rules[0].destroy()
+
+		Mock.mock_delete("server/00798b85-efdc-41ca-8021-f6ef457b8531/firewall_rule/1")
+		res = server.remove_firewall_rule(firewall_rules[0])
+
+		assert res == {}
+
+	@responses.activate
+	def test_list_and_get_firewall_rules(self, manager):
+		Mock.mock_get("server/00798b85-efdc-41ca-8021-f6ef457b8531")
+		server = manager.get_server("00798b85-efdc-41ca-8021-f6ef457b8531")
+
+		target = "server/00798b85-efdc-41ca-8021-f6ef457b8531/firewall_rule"
+		Mock.mock_get(target, "firewall_rules.json")
+		firewall_rules = server.get_firewall_rules()
+
+		assert firewall_rules[0].position == "1"
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+

upcloud/__init__.py

@@ -13,6 +13,7 @@
 from .storage import Storage
 from .ip_address import IP_address
 from .firewall import Firewall
+from .firewall import FirewallRule
 from .cloud_manager import CloudManager
 from .tools import OperatingSystems
 from .tools import ZONE

upcloud/cloud_manager/cloud_manager.py

@@ -4,13 +4,14 @@
 from .server_mixin import ServerManager
 from .ip_address_mixin import IPManager
 from .storage_mixin import StorageManager
+from .firewall_mixin import FirewallManager
 
 import base64
 
 
-class CloudManager(BaseAPI, ServerManager, IPManager, StorageManager):
+class CloudManager(BaseAPI, ServerManager, IPManager, StorageManager, FirewallManager):
 	"""
-	CloudManager contains the core functionality of the upcloud API library. 
+	CloudManager contains the core functionality of the upcloud API library.
 	All other managers are mixed in so code can be organized in corresponding submanager classes.
 	"""
 
@@ -21,8 +22,8 @@ def authenticate(self):
 		return self.get_account()
 
 	def get_account(self):
-		return self.get_request("/account")		
-		
+		return self.get_request("/account")
+
 	def get_zones(self):
 		return self.get_request("/zone")
 
@@ -34,4 +35,4 @@ def get_prices(self):
 
 	def get_server_sizes(self):
 		return self.get_request("/server_size")
-	
+