Enable Extended CIDR Associations on VPC (#1511)

* Enable Extended CIDR Associations on VPC * Ooops missed the utils, try to be more flakey?, remove unnecessary part in tests * try to be even more flakey
2018-03-22 02:10:38 +10:00 · 2018-03-22 02:10:38 +10:00 · 4b3469292a
commit 4b3469292a
parent b7ae704ad2
5 changed files with 453 additions and 53 deletions
--- a/tests/test_ec2/test_vpcs.py
+++ b/tests/test_ec2/test_vpcs.py
@ -2,6 +2,8 @@ from __future__ import unicode_literals
 # Ensure 'assert_raises' context manager support for Python 2.6
 import tests.backport_assert_raises  # flake8: noqa
 from nose.tools import assert_raises
+from moto.ec2.exceptions import EC2ClientError
+from botocore.exceptions import ClientError

 import boto3
 import boto
@ -275,8 +277,8 @@ def test_default_vpc():
 def test_non_default_vpc():
    ec2 = boto3.resource('ec2', region_name='us-west-1')

-    # Create the default VPC
-    ec2.create_vpc(CidrBlock='172.31.0.0/16')
+    # Create the default VPC - this already exists when backend instantiated!
+    #ec2.create_vpc(CidrBlock='172.31.0.0/16')

    # Create the non default VPC
    vpc = ec2.create_vpc(CidrBlock='10.0.0.0/16')
@ -295,6 +297,12 @@ def test_non_default_vpc():
    attr = response.get('EnableDnsHostnames')
    attr.get('Value').shouldnt.be.ok

+    # Check Primary CIDR Block Associations
+    cidr_block_association_set = next(iter(vpc.cidr_block_association_set), None)
+    cidr_block_association_set['CidrBlockState']['State'].should.equal('associated')
+    cidr_block_association_set['CidrBlock'].should.equal(vpc.cidr_block)
+    cidr_block_association_set['AssociationId'].should.contain('vpc-cidr-assoc')
+

@mock_ec2
 def test_vpc_dedicated_tenancy():
@ -340,7 +348,6 @@ def test_vpc_modify_enable_dns_hostnames():
    ec2.create_vpc(CidrBlock='172.31.0.0/16')

    vpc = ec2.create_vpc(CidrBlock='10.0.0.0/16')
-
    # Test default values for VPC attributes
    response = vpc.describe_attribute(Attribute='enableDnsHostnames')
    attr = response.get('EnableDnsHostnames')
@ -364,3 +371,171 @@ def test_vpc_associate_dhcp_options():

    vpc.update()
    dhcp_options.id.should.equal(vpc.dhcp_options_id)
+
+
+@mock_ec2
+def test_associate_vpc_ipv4_cidr_block():
+    ec2 = boto3.resource('ec2', region_name='us-west-1')
+
+    vpc = ec2.create_vpc(CidrBlock='10.10.42.0/24')
+
+    # Associate/Extend vpc CIDR range up to 5 ciders
+    for i in range(43, 47):
+        response = ec2.meta.client.associate_vpc_cidr_block(VpcId=vpc.id, CidrBlock='10.10.{}.0/24'.format(i))
+        response['CidrBlockAssociation']['CidrBlockState']['State'].should.equal('associating')
+        response['CidrBlockAssociation']['CidrBlock'].should.equal('10.10.{}.0/24'.format(i))
+        response['CidrBlockAssociation']['AssociationId'].should.contain('vpc-cidr-assoc')
+
+    # Check all associations exist
+    vpc = ec2.Vpc(vpc.id)
+    vpc.cidr_block_association_set.should.have.length_of(5)
+    vpc.cidr_block_association_set[2]['CidrBlockState']['State'].should.equal('associated')
+    vpc.cidr_block_association_set[4]['CidrBlockState']['State'].should.equal('associated')
+
+    # Check error on adding 6th association.
+    with assert_raises(ClientError) as ex:
+        response = ec2.meta.client.associate_vpc_cidr_block(VpcId=vpc.id, CidrBlock='10.10.50.0/22')
+    str(ex.exception).should.equal(
+        "An error occurred (CidrLimitExceeded) when calling the AssociateVpcCidrBlock "
+        "operation: This network '{}' has met its maximum number of allowed CIDRs: 5".format(vpc.id))
+
+@mock_ec2
+def test_disassociate_vpc_ipv4_cidr_block():
+    ec2 = boto3.resource('ec2', region_name='us-west-1')
+
+    vpc = ec2.create_vpc(CidrBlock='10.10.42.0/24')
+    ec2.meta.client.associate_vpc_cidr_block(VpcId=vpc.id, CidrBlock='10.10.43.0/24')
+
+    # Remove an extended cidr block
+    vpc = ec2.Vpc(vpc.id)
+    non_default_assoc_cidr_block = next(iter([x for x in vpc.cidr_block_association_set if vpc.cidr_block != x['CidrBlock']]), None)
+    response = ec2.meta.client.disassociate_vpc_cidr_block(AssociationId=non_default_assoc_cidr_block['AssociationId'])
+    response['CidrBlockAssociation']['CidrBlockState']['State'].should.equal('disassociating')
+    response['CidrBlockAssociation']['CidrBlock'].should.equal(non_default_assoc_cidr_block['CidrBlock'])
+    response['CidrBlockAssociation']['AssociationId'].should.equal(non_default_assoc_cidr_block['AssociationId'])
+
+    # Error attempting to delete a non-existent CIDR_BLOCK association
+    with assert_raises(ClientError) as ex:
+        response = ec2.meta.client.disassociate_vpc_cidr_block(AssociationId='vpc-cidr-assoc-BORING123')
+    str(ex.exception).should.equal(
+        "An error occurred (InvalidVpcCidrBlockAssociationIdError.NotFound) when calling the "
+        "DisassociateVpcCidrBlock operation: The vpc CIDR block association ID "
+        "'vpc-cidr-assoc-BORING123' does not exist")
+
+    # Error attempting to delete Primary CIDR BLOCK association
+    vpc_base_cidr_assoc_id = next(iter([x for x in vpc.cidr_block_association_set
+                                        if vpc.cidr_block == x['CidrBlock']]), {})['AssociationId']
+
+    with assert_raises(ClientError) as ex:
+        response = ec2.meta.client.disassociate_vpc_cidr_block(AssociationId=vpc_base_cidr_assoc_id)
+    str(ex.exception).should.equal(
+        "An error occurred (OperationNotPermitted) when calling the DisassociateVpcCidrBlock operation: "
+        "The vpc CIDR block with association ID {} may not be disassociated. It is the primary "
+        "IPv4 CIDR block of the VPC".format(vpc_base_cidr_assoc_id))
+
+@mock_ec2
+def test_cidr_block_association_filters():
+    ec2 = boto3.resource('ec2', region_name='us-west-1')
+    vpc1 = ec2.create_vpc(CidrBlock='10.90.0.0/16')
+    vpc2 = ec2.create_vpc(CidrBlock='10.91.0.0/16')
+    ec2.meta.client.associate_vpc_cidr_block(VpcId=vpc2.id, CidrBlock='10.10.0.0/19')
+    vpc3 = ec2.create_vpc(CidrBlock='10.92.0.0/24')
+    ec2.meta.client.associate_vpc_cidr_block(VpcId=vpc3.id, CidrBlock='10.92.1.0/24')
+    ec2.meta.client.associate_vpc_cidr_block(VpcId=vpc3.id, CidrBlock='10.92.2.0/24')
+    vpc3_assoc_response = ec2.meta.client.associate_vpc_cidr_block(VpcId=vpc3.id, CidrBlock='10.92.3.0/24')
+
+    # Test filters for a cidr-block in all VPCs cidr-block-associations
+    filtered_vpcs = list(ec2.vpcs.filter(Filters=[{'Name': 'cidr-block-association.cidr-block',
+                                                   'Values': ['10.10.0.0/19']}]))
+    filtered_vpcs.should.be.length_of(1)
+    filtered_vpcs[0].id.should.equal(vpc2.id)
+
+    # Test filter for association id in VPCs
+    association_id = vpc3_assoc_response['CidrBlockAssociation']['AssociationId']
+    filtered_vpcs = list(ec2.vpcs.filter(Filters=[{'Name': 'cidr-block-association.association-id',
+                                                   'Values': [association_id]}]))
+    filtered_vpcs.should.be.length_of(1)
+    filtered_vpcs[0].id.should.equal(vpc3.id)
+
+    # Test filter for association state in VPC - this will never show anything in this test
+    filtered_vpcs = list(ec2.vpcs.filter(Filters=[{'Name': 'cidr-block-association.association-id',
+                                                   'Values': ['failing']}]))
+    filtered_vpcs.should.be.length_of(0)
+
+@mock_ec2
+def test_vpc_associate_ipv6_cidr_block():
+    ec2 = boto3.resource('ec2', region_name='us-west-1')
+
+    # Test create VPC with IPV6 cidr range
+    vpc = ec2.create_vpc(CidrBlock='10.10.42.0/24', AmazonProvidedIpv6CidrBlock=True)
+    ipv6_cidr_block_association_set = next(iter(vpc.ipv6_cidr_block_association_set), None)
+    ipv6_cidr_block_association_set['Ipv6CidrBlockState']['State'].should.equal('associated')
+    ipv6_cidr_block_association_set['Ipv6CidrBlock'].should.contain('::/56')
+    ipv6_cidr_block_association_set['AssociationId'].should.contain('vpc-cidr-assoc')
+
+    # Test Fail on adding 2nd IPV6 association - AWS only allows 1 at this time!
+    with assert_raises(ClientError) as ex:
+        response = ec2.meta.client.associate_vpc_cidr_block(VpcId=vpc.id, AmazonProvidedIpv6CidrBlock=True)
+    str(ex.exception).should.equal(
+        "An error occurred (CidrLimitExceeded) when calling the AssociateVpcCidrBlock "
+        "operation: This network '{}' has met its maximum number of allowed CIDRs: 1".format(vpc.id))
+
+    # Test associate ipv6 cidr block after vpc created
+    vpc = ec2.create_vpc(CidrBlock='10.10.50.0/24')
+    response = ec2.meta.client.associate_vpc_cidr_block(VpcId=vpc.id, AmazonProvidedIpv6CidrBlock=True)
+    response['Ipv6CidrBlockAssociation']['Ipv6CidrBlockState']['State'].should.equal('associating')
+    response['Ipv6CidrBlockAssociation']['Ipv6CidrBlock'].should.contain('::/56')
+    response['Ipv6CidrBlockAssociation']['AssociationId'].should.contain('vpc-cidr-assoc-')
+
+    # Check on describe vpc that has ipv6 cidr block association
+    vpc = ec2.Vpc(vpc.id)
+    vpc.ipv6_cidr_block_association_set.should.be.length_of(1)
+
+
+@mock_ec2
+def test_vpc_disassociate_ipv6_cidr_block():
+    ec2 = boto3.resource('ec2', region_name='us-west-1')
+
+    # Test create VPC with IPV6 cidr range
+    vpc = ec2.create_vpc(CidrBlock='10.10.42.0/24', AmazonProvidedIpv6CidrBlock=True)
+    # Test disassociating the only IPV6
+    assoc_id = vpc.ipv6_cidr_block_association_set[0]['AssociationId']
+    response = ec2.meta.client.disassociate_vpc_cidr_block(AssociationId=assoc_id)
+    response['Ipv6CidrBlockAssociation']['Ipv6CidrBlockState']['State'].should.equal('disassociating')
+    response['Ipv6CidrBlockAssociation']['Ipv6CidrBlock'].should.contain('::/56')
+    response['Ipv6CidrBlockAssociation']['AssociationId'].should.equal(assoc_id)
+
+
+@mock_ec2
+def test_ipv6_cidr_block_association_filters():
+    ec2 = boto3.resource('ec2', region_name='us-west-1')
+    vpc1 = ec2.create_vpc(CidrBlock='10.90.0.0/16')
+
+    vpc2 = ec2.create_vpc(CidrBlock='10.91.0.0/16', AmazonProvidedIpv6CidrBlock=True)
+    vpc2_assoc_ipv6_assoc_id = vpc2.ipv6_cidr_block_association_set[0]['AssociationId']
+    ec2.meta.client.associate_vpc_cidr_block(VpcId=vpc2.id, CidrBlock='10.10.0.0/19')
+
+    vpc3 = ec2.create_vpc(CidrBlock='10.92.0.0/24')
+    ec2.meta.client.associate_vpc_cidr_block(VpcId=vpc3.id, CidrBlock='10.92.1.0/24')
+    ec2.meta.client.associate_vpc_cidr_block(VpcId=vpc3.id, CidrBlock='10.92.2.0/24')
+    response = ec2.meta.client.associate_vpc_cidr_block(VpcId=vpc3.id, AmazonProvidedIpv6CidrBlock=True)
+    vpc3_ipv6_cidr_block = response['Ipv6CidrBlockAssociation']['Ipv6CidrBlock']
+
+    vpc4 = ec2.create_vpc(CidrBlock='10.95.0.0/16')  # Here for its looks
+
+    # Test filters for an ipv6 cidr-block in all VPCs cidr-block-associations
+    filtered_vpcs = list(ec2.vpcs.filter(Filters=[{'Name': 'ipv6-cidr-block-association.ipv6-cidr-block',
+                                                   'Values': [vpc3_ipv6_cidr_block]}]))
+    filtered_vpcs.should.be.length_of(1)
+    filtered_vpcs[0].id.should.equal(vpc3.id)
+
+    # Test filter for association id in VPCs
+    filtered_vpcs = list(ec2.vpcs.filter(Filters=[{'Name': 'ipv6-cidr-block-association.association-id',
+                                                   'Values': [vpc2_assoc_ipv6_assoc_id]}]))
+    filtered_vpcs.should.be.length_of(1)
+    filtered_vpcs[0].id.should.equal(vpc2.id)
+
+    # Test filter for association state in VPC - this will never show anything in this test
+    filtered_vpcs = list(ec2.vpcs.filter(Filters=[{'Name': 'ipv6-cidr-block-association.state',
+                                                   'Values': ['associated']}]))
+    filtered_vpcs.should.be.length_of(2)   # 2 of 4 VPCs