openstack
/
neutron-tempest-plugin
Code Issues Proposed changes

Use different CIDRs for private and public subnets 

In test "test_connectivity_dvr_and_no_dvr_routers_in_same_subnet", as
reported in the bug, the public IP (floating IP) and the private IP
are in the same CIDR. This breaks the isolation between networks.

Co-Authored-By: Rodolfo Alonso Hernandez <ralonsoh@redhat.com>

Closes-Bug: #1861282

Change-Id: I39ca6474068d2e169dff1b81d2a0c71a8361c01f
This commit is contained in:
ccamposr 2020-01-29 11:10:05 +01:00 committed by Rodolfo Alonso Hernandez
parent 92959e5412
commit 3e1921b48a
2 changed files with 38 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
neutron_tempest_plugin/common/ip.py
View File

@ -348,3 +348,24 @@ class ARPregister(collections.namedtuple(
return '%s %s %s %s %s %s' % (self.ip_address, self.hw_type,
self.flags, self.mac_address, self.mask,
self.device)
def find_valid_cidr(valid_cidr='10.0.0.0/8', used_cidr=None):
total_ips = netaddr.IPSet(netaddr.IPNetwork(valid_cidr))
if used_cidr:
used_network = netaddr.IPNetwork(used_cidr)
netmask = used_network.netmask.netmask_bits()
valid_ips = total_ips.difference(netaddr.IPSet(used_network))
else:
valid_ips = total_ips
netmask = 24
for ip in valid_ips:
valid_network = netaddr.IPNetwork('%s/%s' % (ip, netmask))
if valid_network in valid_ips:
return valid_network.cidr
exception_str = 'No valid CIDR found in %s' % valid_cidr
if used_cidr:
exception_str += ', used CIDR %s' % used_cidr
raise Exception(exception_str)

26
neutron_tempest_plugin/scenario/test_connectivity.py
View File

@ -13,11 +13,14 @@
# License for the specific language governing permissions and limitations
# under the License.
import netaddr
from tempest.common import compute
from tempest.common import utils
from tempest.lib.common.utils import data_utils
from tempest.lib import decorators
from neutron_tempest_plugin.common import ip as ip_utils
from neutron_tempest_plugin.common import ssh
from neutron_tempest_plugin import config
from neutron_tempest_plugin.scenario import base
@ -161,14 +164,14 @@ class NetworkConnectivityTest(base.BaseTempestTestCase):
Subnet is connected to dvr and non-dvr routers in the same time, test
ensures that connectivity from VM to both routers is working.
Test scenario:
Test scenario: (NOTE: 10.1.0.0/24 private CIDR is used as an example)
+----------------+ +------------+
| Non-dvr router | | DVR router |
| | | |
| 10.0.0.1 | | 10.0.0.x |
| 10.1.0.1 | | 10.1.0.x |
+-------+--------+ +-----+------+
| |
| 10.0.0.0/24 |
| 10.1.0.0/24 |
+----------------+----------------+
|
+-+-+
@ -176,16 +179,22 @@ class NetworkConnectivityTest(base.BaseTempestTestCase):
+---+
where:
10.0.0.1 - is subnet's gateway IP address,
10.0.0.x - is any other IP address taken from subnet's range
10.1.0.1 - is subnet's gateway IP address,
10.1.0.x - is any other IP address taken from subnet's range
Test ensures that both 10.0.0.1 and 10.0.0.x IP addresses are
Test ensures that both 10.1.0.1 and 10.1.0.x IP addresses are
reachable from VM.
"""
ext_network = self.safe_client.show_network(self.external_network_id)
ext_subnet_id = ext_network['network']['subnets'][0]['id']
ext_subnet = self.safe_client.show_subnet(ext_subnet_id)
ext_cidr = ext_subnet['subnet']['cidr']
subnet_cidr = ip_utils.find_valid_cidr(used_cidr=ext_cidr)
gw_ip = netaddr.IPAddress(subnet_cidr.first + 1)
network = self.create_network()
subnet = self.create_subnet(
network, cidr="10.0.0.0/24", gateway="10.0.0.1")
network, cidr=str(subnet_cidr), gateway=str(gw_ip))
non_dvr_router = self.create_router_by_client(
tenant_id=self.client.tenant_id,
@ -221,8 +230,7 @@ class NetworkConnectivityTest(base.BaseTempestTestCase):
fip['floating_ip_address'], CONF.validation.image_ssh_user,
pkey=self.keypair['private_key'])
self.check_remote_connectivity(
sshclient, '10.0.0.1', ping_count=10)
self.check_remote_connectivity(sshclient, str(gw_ip), ping_count=10)
self.check_remote_connectivity(
sshclient, dvr_router_port['fixed_ips'][0]['ip_address'],
ping_count=10)