openstack
/
neutron-tempest-plugin
Code Issues Proposed changes

Run security group api tests against stateless security groups too 

With this patch most of the API tests related to Security groups will be
run for the default (stateful) security groups and also for stateless
security groups by passing "stateful=False" to the
create_security_group() function.

Change-Id: I66af24513ba126c1cd00ca896bbd56a448faf726
This commit is contained in:
Slawek Kaplonski 2022-12-12 14:37:07 +01:00
parent f8eda8fdac
commit 4dee1c2727
2 changed files with 137 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

166
neutron_tempest_plugin/api/test_security_groups.py
View File

@ -29,13 +29,15 @@ from oslo_log import log
LOG = log.getLogger(__name__)
class SecGroupTest(base.BaseAdminNetworkTest):
class BaseSecGroupTest(base.BaseAdminNetworkTest):
required_extensions = ['security-group']
@decorators.idempotent_id('bfd128e5-3c92-44b6-9d66-7fe29d22c802')
def test_create_list_update_show_delete_security_group(self):
security_group = self.create_security_group()
def _test_create_list_update_show_delete_security_group(self):
sg_kwargs = {}
if self.stateless_sg:
sg_kwargs['stateful'] = False
security_group = self.create_security_group(**sg_kwargs)
# List security groups and verify if created group is there in response
security_groups = self.client.list_security_groups()['security_groups']
@ -61,9 +63,11 @@ class SecGroupTest(base.BaseAdminNetworkTest):
self.assertEqual(observed_security_group['description'],
new_description)
@decorators.idempotent_id('1fff0d57-bb6c-4528-9c1d-2326dce1c087')
def test_show_security_group_contains_all_rules(self):
security_group = self.create_security_group()
def _test_show_security_group_contains_all_rules(self):
sg_kwargs = {}
if self.stateless_sg:
sg_kwargs['stateful'] = False
security_group = self.create_security_group(**sg_kwargs)
protocol = random.choice(list(base_security_groups.V4_PROTOCOL_NAMES))
security_group_rule = self.create_security_group_rule(
security_group=security_group,
@ -80,14 +84,16 @@ class SecGroupTest(base.BaseAdminNetworkTest):
self.assertIn(
security_group_rule['id'], observerd_security_group_rules_ids)
@decorators.idempotent_id('b5923b1a-4d33-44e1-af25-088dcb55b02b')
def test_list_security_group_rules_contains_all_rules(self):
def _test_list_security_group_rules_contains_all_rules(self):
"""Test list security group rules.
This test checks if all SG rules which belongs to the tenant OR
which belongs to the tenant's security group are listed.
"""
security_group = self.create_security_group()
sg_kwargs = {}
if self.stateless_sg:
sg_kwargs['stateful'] = False
security_group = self.create_security_group(**sg_kwargs)
protocol = random.choice(list(base_security_groups.V4_PROTOCOL_NAMES))
security_group_rule = self.create_security_group_rule(
security_group=security_group,
@ -98,9 +104,13 @@ class SecGroupTest(base.BaseAdminNetworkTest):
# Create also other SG with some custom rule to check that regular user
# can't see this rule
admin_security_group = self.create_security_group(
project={'id': self.admin_client.tenant_id},
client=self.admin_client)
sg_kwargs = {
'project': {'id': self.admin_client.tenant_id},
'client': self.admin_client
}
if self.stateless_sg:
sg_kwargs['stateful'] = False
admin_security_group = self.create_security_group(**sg_kwargs)
admin_security_group_rule = self.create_security_group_rule(
security_group=admin_security_group,
project={'id': self.admin_client.tenant_id},
@ -113,12 +123,12 @@ class SecGroupTest(base.BaseAdminNetworkTest):
self.assertIn(security_group_rule['id'], rules_ids)
self.assertNotIn(admin_security_group_rule['id'], rules_ids)
@decorators.idempotent_id('7c0ecb10-b2db-11e6-9b14-000c29248b0d')
def test_create_bulk_sec_groups(self):
def _test_create_bulk_sec_groups(self):
# Creates 2 sec-groups in one request
sec_nm = [data_utils.rand_name('secgroup'),
data_utils.rand_name('secgroup')]
body = self.client.create_bulk_security_groups(sec_nm)
body = self.client.create_bulk_security_groups(
sec_nm, stateless=self.stateless_sg)
created_sec_grps = body['security_groups']
self.assertEqual(2, len(created_sec_grps))
for secgrp in created_sec_grps:
@ -127,13 +137,16 @@ class SecGroupTest(base.BaseAdminNetworkTest):
self.assertIn(secgrp['name'], sec_nm)
self.assertIsNotNone(secgrp['id'])
@decorators.idempotent_id('e93f33d8-57ea-11eb-b69b-74e5f9e2a801')
def test_create_sec_groups_with_the_same_name(self):
def _test_create_sec_groups_with_the_same_name(self):
same_name_sg_number = 5
sg_name = 'sg_zahlabut'
sg_names = [sg_name] * same_name_sg_number
sg_kwargs = {}
if self.stateless_sg:
sg_kwargs['stateful'] = False
for name in sg_names:
self.create_security_group(name=name)
sg_kwargs['name'] = name
self.create_security_group(**sg_kwargs)
sec_groups = [item['id'] for item in
self.client.list_security_groups(
name=sg_name)['security_groups']]
@ -143,9 +156,55 @@ class SecGroupTest(base.BaseAdminNetworkTest):
' is: {}'.format(same_name_sg_number))
class StatelessSecGroupTest(base.BaseAdminNetworkTest):
class StatefulSecGroupTest(BaseSecGroupTest):
stateless_sg = False
@decorators.idempotent_id('bfd128e5-3c92-44b6-9d66-7fe29d22c802')
def test_create_list_update_show_delete_security_group(self):
self._test_create_list_update_show_delete_security_group()
@decorators.idempotent_id('1fff0d57-bb6c-4528-9c1d-2326dce1c087')
def test_show_security_group_contains_all_rules(self):
self._test_show_security_group_contains_all_rules()
@decorators.idempotent_id('b5923b1a-4d33-44e1-af25-088dcb55b02b')
def test_list_security_group_rules_contains_all_rules(self):
self._test_list_security_group_rules_contains_all_rules()
@decorators.idempotent_id('7c0ecb10-b2db-11e6-9b14-000c29248b0d')
def test_create_bulk_sec_groups(self):
self._test_create_bulk_sec_groups()
@decorators.idempotent_id('e93f33d8-57ea-11eb-b69b-74e5f9e2a801')
def test_create_sec_groups_with_the_same_name(self):
self._test_create_sec_groups_with_the_same_name()
class StatelessSecGroupTest(BaseSecGroupTest):
required_extensions = ['security-group', 'stateful-security-group']
stateless_sg = True
@decorators.idempotent_id('0214d58a-2177-47e1-af83-dcd45c024829')
def test_create_list_update_show_delete_security_group(self):
self._test_create_list_update_show_delete_security_group()
@decorators.idempotent_id('ddbc0e4c-840f-44ab-8718-0b95b7c7b575')
def test_show_security_group_contains_all_rules(self):
self._test_show_security_group_contains_all_rules()
@decorators.idempotent_id('cdf3a63a-08fe-4091-bab4-62180847990f')
def test_list_security_group_rules_contains_all_rules(self):
self._test_list_security_group_rules_contains_all_rules()
@decorators.idempotent_id('b33e612e-65f0-467b-9bf2-b5b2ce67f72f')
def test_create_bulk_sec_groups(self):
self._test_create_bulk_sec_groups()
@decorators.idempotent_id('a6896935-db18-413d-95f5-4f465e0e2209')
def test_create_sec_groups_with_the_same_name(self):
self._test_create_sec_groups_with_the_same_name()
@decorators.idempotent_id('0a6c1476-3d1a-11ec-b0ec-0800277ac3d9')
def test_stateless_security_group_update(self):
@ -380,21 +439,16 @@ class SecGroupRulesQuotaTest(BaseSecGroupRulesQuota):
self.assertEqual(self._get_sg_rules_quota(), new_quota)
class SecGroupProtocolTest(base.BaseNetworkTest):
class BaseSecGroupProtocolTest(base.BaseNetworkTest):
protocol_names = base_security_groups.V4_PROTOCOL_NAMES
protocol_ints = base_security_groups.V4_PROTOCOL_INTS
@decorators.idempotent_id('282e3681-aa6e-42a7-b05c-c341aa1e3cdf')
def test_security_group_rule_protocol_names(self):
self._test_security_group_rule_protocols(protocols=self.protocol_names)
@decorators.idempotent_id('66e47f1f-20b6-4417-8839-3cc671c7afa3')
def test_security_group_rule_protocol_ints(self):
self._test_security_group_rule_protocols(protocols=self.protocol_ints)
def _test_security_group_rule_protocols(self, protocols):
security_group = self.create_security_group()
sg_kwargs = {}
if self.stateless_sg:
sg_kwargs['stateful'] = False
security_group = self.create_security_group(**sg_kwargs)
for protocol in protocols:
self._test_security_group_rule(
security_group=security_group,
@ -414,14 +468,38 @@ class SecGroupProtocolTest(base.BaseNetworkTest):
"{!r} does not match.".format(key))
class SecGroupProtocolIPv6Test(SecGroupProtocolTest):
class StatefulSecGroupProtocolTest(BaseSecGroupProtocolTest):
stateless_sg = False
@decorators.idempotent_id('282e3681-aa6e-42a7-b05c-c341aa1e3cdf')
def test_security_group_rule_protocol_names(self):
self._test_security_group_rule_protocols(protocols=self.protocol_names)
@decorators.idempotent_id('66e47f1f-20b6-4417-8839-3cc671c7afa3')
def test_security_group_rule_protocol_ints(self):
self._test_security_group_rule_protocols(protocols=self.protocol_ints)
class StatelessSecGroupProtocolTest(BaseSecGroupProtocolTest):
required_extensions = ['security-group', 'stateful-security-group']
stateless_sg = True
@decorators.idempotent_id('3a065cdd-99bd-409f-a08e-385c6674bec2')
def test_security_group_rule_protocol_names(self):
self._test_security_group_rule_protocols(protocols=self.protocol_names)
@decorators.idempotent_id('b0332b5d-6fac-49d5-a79d-ae4fe62600f7')
def test_security_group_rule_protocol_ints(self):
self._test_security_group_rule_protocols(protocols=self.protocol_ints)
class BaseSecGroupProtocolIPv6Test(BaseSecGroupProtocolTest):
_ip_version = constants.IP_VERSION_6
protocol_names = base_security_groups.V6_PROTOCOL_NAMES
protocol_ints = base_security_groups.V6_PROTOCOL_INTS
@decorators.idempotent_id('c7d17b41-3b4e-4add-bb3b-6af59baaaffa')
def test_security_group_rule_protocol_legacy_icmpv6(self):
def _test_security_group_rule_protocol_legacy_icmpv6(self):
# These legacy protocols can be used to create security groups,
# but they could be shown either with their passed protocol name,
# or a canonical-ized version, depending on the neutron version.
@ -439,7 +517,10 @@ class SecGroupProtocolIPv6Test(SecGroupProtocolTest):
ethertype=self.ethertype)
def _test_security_group_rule_legacy(self, protocol_list, **kwargs):
security_group = self.create_security_group()
sg_kwargs = {}
if self.stateless_sg:
sg_kwargs['stateful'] = False
security_group = self.create_security_group(**sg_kwargs)
security_group_rule = self.create_security_group_rule(
security_group=security_group, **kwargs)
observed_security_group_rule = self.client.show_security_group_rule(
@ -457,6 +538,23 @@ class SecGroupProtocolIPv6Test(SecGroupProtocolTest):
"{!r} does not match.".format(key))
class StatefulSecGroupProtocolIPv6Test(BaseSecGroupProtocolIPv6Test):
stateless_sg = False
@decorators.idempotent_id('c7d17b41-3b4e-4add-bb3b-6af59baaaffa')
def test_security_group_rule_protocol_legacy_icmpv6(self):
self._test_security_group_rule_protocol_legacy_icmpv6()
class StatelessSecGroupProtocolIPv6Test(BaseSecGroupProtocolIPv6Test):
required_extensions = ['security-group', 'stateful-security-group']
stateless_sg = True
@decorators.idempotent_id('a034814e-0fa5-4437-8e6f-0d2eebd668b3')
def test_security_group_rule_protocol_legacy_icmpv6(self):
self._test_security_group_rule_protocol_legacy_icmpv6()
class RbacSharedSecurityGroupTest(base.BaseAdminNetworkTest):
force_tenant_isolation = True

6
neutron_tempest_plugin/services/network/json/network_client.py
View File

@ -273,9 +273,13 @@ class NetworkClientJSON(service_client.RestClient):
self.expected_success(201, resp.status)
return service_client.ResponseBody(resp, body)
def create_bulk_security_groups(self, security_group_list):
def create_bulk_security_groups(self, security_group_list,
stateless=False):
group_list = [{'security_group': {'name': name}}
for name in security_group_list]
if stateless:
for group in group_list:
group['security_group']['stateful'] = False
post_data = {'security_groups': group_list}
body = self.serialize_list(post_data, 'security_groups',
'security_group')