Add tempest scenario tests

Closes-Bug: #1507522
Change-Id: I8f894cd11a789013d5b94c58cdccbf6a6b846112
This commit is contained in:
YAMAMOTO Takashi 2015-10-19 15:12:15 +09:00
parent dc1d000ec3
commit a8bcc8f05a
9 changed files with 296 additions and 0 deletions

View File

@ -0,0 +1,36 @@
# Copyright (c) 2015 Midokura SARL
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import os
from tempest.test_discover import plugins
class NeutronFWaaSPlugin(plugins.TempestPlugin):
def get_opt_lists(self):
return []
def load_tests(self):
this_dir = os.path.dirname(os.path.abspath(__file__))
# top_level_dir = $(this_dir)/../../..
d = os.path.split(this_dir)[0]
d = os.path.split(d)[0]
top_level_dir = os.path.split(d)[0]
test_dir = os.path.join(top_level_dir,
'neutron_fwaas/tests/tempest_plugin/tests/scenario')
return (test_dir, top_level_dir)
def register_opts(self):
return

View File

@ -0,0 +1,94 @@
# Copyright (c) 2015 Midokura SARL
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from tempest.services.network.json import base
class FirewallsClient(base.BaseNetworkClient):
def create_firewall(self, **kwargs):
uri = '/fw/firewalls'
post_data = {'firewall': kwargs}
return self.create_resource(uri, post_data)
def update_firewall(self, firewall_id, **kwargs):
uri = '/fw/firewalls/%s' % firewall_id
post_data = {'firewall': kwargs}
return self.update_resource(uri, post_data)
def show_firewall(self, firewall_id, **fields):
uri = '/fw/firewalls/%s' % firewall_id
return self.show_resource(uri, **fields)
def delete_firewall(self, firewall_id):
uri = '/fw/firewalls/%s' % firewall_id
return self.delete_resource(uri)
def list_firewalls(self, **filters):
uri = '/fw/firewalls'
return self.list_resources(uri, **filters)
class FirewallRulesClient(base.BaseNetworkClient):
def create_firewall_rule(self, **kwargs):
uri = '/fw/firewall_rules'
post_data = {'firewall_rule': kwargs}
return self.create_resource(uri, post_data)
def update_firewall_rule(self, firewall_rule_id, **kwargs):
uri = '/fw/firewall_rules/%s' % firewall_rule_id
post_data = {'firewall_rule': kwargs}
return self.update_resource(uri, post_data)
def show_firewall_rule(self, firewall_rule_id, **fields):
uri = '/fw/firewall_rules/%s' % firewall_rule_id
return self.show_resource(uri, **fields)
def delete_firewall_rule(self, firewall_rule_id):
uri = '/fw/firewall_rules/%s' % firewall_rule_id
return self.delete_resource(uri)
def list_firewall_rules(self, **filters):
uri = '/fw/firewall_rules'
return self.list_resources(uri, **filters)
class FirewallPoliciesClient(base.BaseNetworkClient):
def create_firewall_policy(self, **kwargs):
uri = '/fw/firewall_policies'
post_data = {'firewall_policy': kwargs}
return self.create_resource(uri, post_data)
def update_firewall_policy(self, firewall_policy_id, **kwargs):
uri = '/fw/firewall_policies/%s' % firewall_policy_id
post_data = {'firewall_policy': kwargs}
return self.update_resource(uri, post_data)
def show_firewall_policy(self, firewall_policy_id, **fields):
uri = '/fw/firewall_policies/%s' % firewall_policy_id
return self.show_resource(uri, **fields)
def delete_firewall_policy(self, firewall_policy_id):
uri = '/fw/firewall_policies/%s' % firewall_policy_id
return self.delete_resource(uri)
def list_firewall_policies(self, **filters):
uri = '/fw/firewall_policies'
return self.list_resources(uri, **filters)
# TODO(yamamoto): insert_rule
# TODO(yamamoto): remove_rule

View File

@ -0,0 +1,85 @@
# Copyright (c) 2015 Midokura SARL
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from tempest_lib.common.utils import data_utils
from tempest import config
from tempest.scenario import manager
from neutron_fwaas.tests.tempest_plugin.services import client
CONF = config.CONF
class FWaaSScenarioTest(manager.NetworkScenarioTest):
@classmethod
def resource_setup(cls):
super(FWaaSScenarioTest, cls).resource_setup()
manager = cls.manager
cls.firewalls_client = client.FirewallsClient(
manager.auth_provider,
CONF.network.catalog_type,
CONF.network.region or CONF.identity.region,
endpoint_type=CONF.network.endpoint_type,
build_interval=CONF.network.build_interval,
build_timeout=CONF.network.build_timeout,
**manager.default_params)
cls.firewall_policies_client = client.FirewallPoliciesClient(
manager.auth_provider,
CONF.network.catalog_type,
CONF.network.region or CONF.identity.region,
endpoint_type=CONF.network.endpoint_type,
build_interval=CONF.network.build_interval,
build_timeout=CONF.network.build_timeout,
**manager.default_params)
cls.firewall_rules_client = client.FirewallRulesClient(
manager.auth_provider,
CONF.network.catalog_type,
CONF.network.region or CONF.identity.region,
endpoint_type=CONF.network.endpoint_type,
build_interval=CONF.network.build_interval,
build_timeout=CONF.network.build_timeout,
**manager.default_params)
def create_firewall_rule(self, **kwargs):
body = self.firewall_rules_client.create_firewall_rule(
name=data_utils.rand_name("fw-rule"),
**kwargs)
fw_rule = body['firewall_rule']
self.addCleanup(self.delete_wrapper,
self.firewall_rules_client.delete_firewall_rule,
fw_rule['id'])
return fw_rule
def create_firewall_policy(self, **kwargs):
body = self.firewall_policies_client.create_firewall_policy(
name=data_utils.rand_name("fw-policy"),
**kwargs)
fw_policy = body['firewall_policy']
self.addCleanup(self.delete_wrapper,
self.firewall_policies_client.delete_firewall_policy,
fw_policy['id'])
return fw_policy
def create_firewall(self, **kwargs):
body = self.firewalls_client.create_firewall(
name=data_utils.rand_name("fw"),
**kwargs)
fw = body['firewall']
self.addCleanup(self.delete_wrapper,
self.firewalls_client.delete_firewall,
fw['id'])
return fw

View File

@ -0,0 +1,79 @@
# Copyright (c) 2015 Midokura SARL
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from tempest import config
from tempest import test
from neutron_fwaas.tests.tempest_plugin.tests.scenario import base
CONF = config.CONF
class TestFWaaS(base.FWaaSScenarioTest):
@classmethod
def resource_setup(cls):
super(TestFWaaS, cls).resource_setup()
for ext in ['fwaas', 'security-group', 'router']:
if not test.is_extension_enabled(ext, 'network'):
msg = "%s Extension not enabled." % ext
raise cls.skipException(msg)
def _create_server(self, network, security_group=None):
keys = self.create_keypair()
kwargs = {
'networks': [
{'uuid': network['id']},
],
'key_name': keys['name'],
}
if security_group is not None:
kwargs['security_groups'] = [{'name': security_group['name']}]
server = self.create_server(create_kwargs=kwargs)
return server, keys
@test.idempotent_id('f970f6b3-6541-47ac-a9ea-f769be1e21a8')
def test_firewall_basic(self):
ssh_login = CONF.compute.image_ssh_user
public_network_id = CONF.network.public_network_id
network1, subnet1, router1 = self.create_networks()
security_group = self._create_security_group()
server1, keys1 = self._create_server(network1,
security_group=security_group)
private_key = keys1['private_key']
server1_floating_ip = self.create_floating_ip(server1,
public_network_id)
server1_ip = server1_floating_ip.floating_ip_address
self.check_vm_connectivity(server1_ip, username=ssh_login,
private_key=private_key,
should_connect=True)
# Create a firewall to block traffic.
fw_rule = self.create_firewall_rule(
source_ip_address=server1_ip,
action="deny")
fw_policy = self.create_firewall_policy(firewall_rules=[fw_rule['id']])
fw = self.create_firewall(firewall_policy_id=fw_policy['id'])
self.check_vm_connectivity(server1_ip, username=ssh_login,
private_key=private_key,
should_connect=False)
# Remove the firewall so that the VM is reachable again.
self.firewalls_client.delete_firewall(fw['id'])
self.check_vm_connectivity(server1_ip, username=ssh_login,
private_key=private_key,
should_connect=True)

View File

@ -35,6 +35,8 @@ firewall_drivers =
neutron.services.firewall.drivers.varmour.varmour_fwaas.vArmourFwaasDriver = neutron_fwaas.services.firewall.drivers.varmour.varmour_fwaas:vArmourFwaasDriver
neutron.db.alembic_migrations =
neutron-fwaas = neutron_fwaas.db.migration:alembic_migrations
tempest.test_plugins =
neutron-fwaas = neutron_fwaas.tests.tempest_plugin.plugin:NeutronFWaaSPlugin
[build_sphinx]
all_files = 1