added firewall rule creation under policy (#1471)

Author: ujwalbendale

f5/bigip/tm/security/firewall.py

@@ -124,13 +124,13 @@ def __init__(self, rule_lists):
 
 class Rules_s(Collection):
     """BIG-IP® AFM® Rules sub-collection."""
-    def __init__(self, rule_list):
-        super(Rules_s, self).__init__(rule_list)
+    def __init__(self, policy):
+        super(Rules_s, self).__init__(policy)
         self._meta_data['required_json_kind'] = \
-            'tm:security:firewall:rule-list:rules:rulescollectionstate'
+            'tm:security:firewall:policy:rules:rulescollectionstate'
         self._meta_data['allowed_lazy_attributes'] = [Rule]
         self._meta_data['attribute_registry'] = \
-            {'tm:security:firewall:rule-list:rules:rulesstate':
+            {'tm:security:firewall:policy:rules:rulesstate':
                 Rule}
 
 
@@ -148,7 +148,7 @@ class Rule(Resource, CheckExistenceMixin):
     def __init__(self, rules_s):
         super(Rule, self).__init__(rules_s)
         self._meta_data['required_json_kind'] = \
-            'tm:security:firewall:rule-list:rules:rulesstate'
+            'tm:security:firewall:policy:rules:rulesstate'
         self._meta_data['required_creation_parameters'].update(('action',))
         self._meta_data['exclusive_attributes'].append(
             ('place-after', 'place-before'))
@@ -223,7 +223,7 @@ def __init__(self, policy_s):
         self._meta_data['required_load_parameters'].update(('partition',))
         self._meta_data['allowed_lazy_attributes'] = [Rules_s]
         self._meta_data['attribute_registry'] = \
-            {'tm:security:firewall:rule-list:rules:rulescollectionstate':
+            {'tm:security:firewall:policy:rules:rulescollectionstate':
                 Rules_s}
 
 

f5/bigip/tm/security/test/functional/test_firewall.py

@@ -55,15 +55,6 @@ def rulelst(mgmt_root):
     r1.delete()
 
 
-@pytest.fixture(scope='function')
-def rule(rulelst):
-    param_set = {'name': 'fake_rule', 'place-after': 'first',
-                 'action': 'reject'}
-    r1 = rulelst.rules_s.rule.create(**param_set)
-    yield r1
-    r1.delete()
-
-
 @pytest.fixture(scope='function')
 def policy(mgmt_root):
     p1 = mgmt_root.tm.security.firewall.policy_s.policy.create(
@@ -72,6 +63,15 @@ def policy(mgmt_root):
     p1.delete()
 
 
+@pytest.fixture(scope='function')
+def rule(policy):
+    param_set = {'name': 'fake_rule', 'place-after': 'first',
+                 'action': 'reject'}
+    r1 = policy.rules_s.rule.create(**param_set)
+    yield r1
+    r1.delete()
+
+
 @pytest.fixture(scope='function')
 def dsnresolver(mgmt_root):
     d1 = mgmt_root.tm.net.dns_resolvers.dns_resolver.create(
@@ -352,43 +352,43 @@ def test_portlist_collection(self, mgmt_root):
 
 
 class TestRules(object):
-    def test_mutually_exclusive_raises(self, rulelst):
+    def test_mutually_exclusive_raises(self, policy):
         param_set = {'name': 'fake_rule', 'place-after': 'first',
                      'action': 'reject', 'place-before': 'last'}
         ERR = 'Mutually exclusive arguments submitted. The following arguments cannot be set together: "place-after, place-before".'
         with pytest.raises(ExclusiveAttributesPresent) as err:
-            rulelst.rules_s.rule.create(**param_set)
+            policy.rules_s.rule.create(**param_set)
         assert str(err.value) == ERR
 
-    def test_mandatory_attribute_missing(self, rulelst):
+    def test_mandatory_attribute_missing(self, policy):
         param_set = {'name': 'fake_rule', 'action': 'reject'}
         ERR = "This resource requires at least one of the mandatory additional parameters to be provided: place-after, place-before"
         with pytest.raises(MissingRequiredCreationParameter) as err:
-            rulelst.rules_s.rule.create(**param_set)
+            policy.rules_s.rule.create(**param_set)
         assert str(err.value) == ERR
 
     def test_create_req_arg(self, rule):
         r1 = rule
         URI = 'https://localhost/mgmt/tm/security/' \
-              'firewall/rule-list/~Common~fake_rule_list/rules/fake_rule'
+              'firewall/policy/~Common~fake_policy/rules/fake_rule'
         assert r1.name == 'fake_rule'
         assert r1.selfLink.startswith(URI)
         assert not hasattr(r1, 'description')
 
-    def test_create_optional_args(self, rulelst):
+    def test_create_optional_args(self, policy):
         param_set = {'name': 'fake_rule', 'place-after': 'first',
                      'action': 'reject', 'description': DESC}
-        r1 = rulelst.rules_s.rule.create(**param_set)
+        r1 = policy.rules_s.rule.create(**param_set)
         URI = 'https://localhost/mgmt/tm/security/' \
-              'firewall/rule-list/~Common~fake_rule_list/rules/fake_rule'
+              'firewall/policy/~Common~fake_policy/rules/fake_rule'
         assert r1.name == 'fake_rule'
         assert r1.selfLink.startswith(URI)
         assert hasattr(r1, 'description')
         assert r1.description == DESC
 
-    def test_refresh(self, rulelst, rule):
+    def test_refresh(self, policy, rule):
         r1 = rule
-        r2 = rulelst.rules_s.rule.load(name='fake_rule')
+        r2 = policy.rules_s.rule.load(name='fake_rule')
         assert r1.name == r2.name
         assert r1.selfLink == r2.selfLink
         assert r1.kind == r2.kind
@@ -409,13 +409,13 @@ def test_refresh(self, rulelst, rule):
         ) == LooseVersion('11.6.0'),
         reason='This test will fail on 11.6.0 due to a known bug.'
     )
-    def test_delete(self, rulelst):
+    def test_delete(self, policy):
         param_set = {'name': 'delete_me', 'place-after': 'first',
                      'action': 'reject'}
-        r1 = rulelst.rules_s.rule.create(**param_set)
+        r1 = policy.rules_s.rule.create(**param_set)
         r1.delete()
         with pytest.raises(HTTPError) as err:
-            rulelst.rules_s.rule.load(name='delete_me')
+            policy.rules_s.rule.load(name='delete_me')
         assert err.value.response.status_code == 404
 
     @pytest.mark.skipif(
@@ -424,9 +424,9 @@ def test_delete(self, rulelst):
         ) == LooseVersion('11.6.0'),
         reason='This test will fail on 11.6.0 due to a known bug.'
     )
-    def test_load_no_object(self, rulelst):
+    def test_load_no_object(self, policy):
         with pytest.raises(HTTPError) as err:
-            rulelst.rules_s.rule.load(name='not_exist')
+            policy.rules_s.rule.load(name='not_exist')
         assert err.value.response.status_code == 404
 
     @pytest.mark.skipif(
@@ -435,13 +435,13 @@ def test_load_no_object(self, rulelst):
         ) != LooseVersion('11.6.0'),
         reason='This test is for 11.6.0 TMOS only, due to a known bug.'
     )
-    def test_delete_11_6_0(self, rulelst):
+    def test_delete_11_6_0(self, policy):
         param_set = {'name': 'delete_me', 'place-after': 'first',
                      'action': 'reject'}
-        r1 = rulelst.rules_s.rule.create(**param_set)
+        r1 = policy.rules_s.rule.create(**param_set)
         r1.delete()
         try:
-            rulelst.rules_s.rule.load(name='delete_me')
+            policy.rules_s.rule.load(name='delete_me')
 
         except NonExtantFirewallRule as err:
             msg = 'The application resource named, delete_me, ' \
@@ -455,42 +455,42 @@ def test_delete_11_6_0(self, rulelst):
         ) != LooseVersion('11.6.0'),
         reason='This test is for 11.6.0 TMOS only, due to a known bug.'
     )
-    def test_load_no_object_11_6_0(self, rulelst):
+    def test_load_no_object_11_6_0(self, policy):
         try:
-            rulelst.rules_s.rule.load(name='not_exist')
+            policy.rules_s.rule.load(name='not_exist')
 
         except NonExtantFirewallRule as err:
             msg = 'The application resource named, not_exist, ' \
                   'does not exist on the device.'
 
             assert err.message == msg
 
-    def test_load_and_update(self, rulelst, rule):
+    def test_load_and_update(self, policy, rule):
         r1 = rule
         URI = 'https://localhost/mgmt/tm/security/' \
-              'firewall/rule-list/~Common~fake_rule_list/rules/fake_rule'
+              'firewall/policy/~Common~fake_policy/rules/fake_rule'
         assert r1.name == 'fake_rule'
         assert r1.selfLink.startswith(URI)
         assert not hasattr(r1, 'description')
         r1.description = DESC
         r1.update()
         assert hasattr(r1, 'description')
         assert r1.description == DESC
-        r2 = rulelst.rules_s.rule.load(name='fake_rule')
+        r2 = policy.rules_s.rule.load(name='fake_rule')
         assert r1.name == r2.name
         assert r1.selfLink == r2.selfLink
         assert hasattr(r2, 'description')
         assert r1.description == r2.description
 
-    def test_rules_subcollection(self, rulelst, rule):
+    def test_rules_subcollection(self, policy, rule):
         r1 = rule
         URI = 'https://localhost/mgmt/tm/security/' \
-              'firewall/rule-list/~Common~fake_rule_list/rules/fake_rule'
+              'firewall/policy/~Common~fake_policy/rules/fake_rule'
         assert r1.name == 'fake_rule'
         assert r1.selfLink.startswith(URI)
         assert not hasattr(r1, 'description')
 
-        rc = rulelst.rules_s.get_collection()
+        rc = policy.rules_s.get_collection()
         assert isinstance(rc, list)
         assert len(rc)
         assert isinstance(rc[0], Rule)

f5/bigip/tm/security/test/unit/test_firewall.py

@@ -142,7 +142,7 @@ def test_create_no_args(self, FakeRuleLst):
 class TestRulesSubcollection(object):
     def test_rule_subcollection(self, fakeicontrolsession):
         pc = Rules_s(Makerulelist(fakeicontrolsession))
-        kind = 'tm:security:firewall:rule-list:rules:rulesstate'
+        kind = 'tm:security:firewall:policy:rules:rulesstate'
         test_meta = pc._meta_data['attribute_registry']
         test_meta2 = pc._meta_data['allowed_lazy_attributes']
         assert isinstance(pc, Rules_s)
@@ -177,7 +177,7 @@ def test_create_no_args(self, FakePolicy):
 class TestPolicyRuleSubCollection(object):
     def test_policy_rule_subcollection(self, fakeicontrolsession):
         pc = Rules_s(MakePolicyRules(fakeicontrolsession))
-        kind = 'tm:security:firewall:rule-list:rules:rulesstate'
+        kind = 'tm:security:firewall:policy:rules:rulesstate'
         test_meta = pc._meta_data['attribute_registry']
         test_meta2 = pc._meta_data['allowed_lazy_attributes']
         assert isinstance(pc, Rules_s)