Merge "Add test for negative security group range scenario"
This commit is contained in:
Zuul
Gerrit Code Review
commit
4fae31b0c9
@ -62,6 +62,34 @@ class NetworkDefaultSecGroupTest(base.BaseTempestTestCase):
|
|||||||
pkey=self.keypair['private_key']))
|
pkey=self.keypair['private_key']))
|
||||||
return server_ssh_clients, fips, servers
|
return server_ssh_clients, fips, servers
|
||||||
|
|
||||||
|
def _test_ip_prefix(self, rule_list, should_succeed):
|
||||||
|
# Add specific remote prefix to VMs and check connectivity
|
||||||
|
ssh_secgrp_name = data_utils.rand_name('ssh_secgrp')
|
||||||
|
icmp_secgrp_name = data_utils.rand_name('icmp_secgrp_with_cidr')
|
||||||
|
ssh_secgrp = self.os_primary.network_client.create_security_group(
|
||||||
|
name=ssh_secgrp_name)
|
||||||
|
self.create_loginable_secgroup_rule(
|
||||||
|
secgroup_id=ssh_secgrp['security_group']['id'])
|
||||||
|
icmp_secgrp = self.os_primary.network_client.create_security_group(
|
||||||
|
name=icmp_secgrp_name)
|
||||||
|
self.create_secgroup_rules(
|
||||||
|
rule_list, secgroup_id=icmp_secgrp['security_group']['id'])
|
||||||
|
for sec_grp in (ssh_secgrp, icmp_secgrp):
|
||||||
|
self.security_groups.append(sec_grp['security_group'])
|
||||||
|
security_groups_list = [{'name': ssh_secgrp_name},
|
||||||
|
{'name': icmp_secgrp_name}]
|
||||||
|
server_ssh_clients, fips, servers = self.create_vm_testing_sec_grp(
|
||||||
|
security_groups=security_groups_list)
|
||||||
|
|
||||||
|
# make sure ssh connectivity works
|
||||||
|
self.check_connectivity(fips[0]['floating_ip_address'],
|
||||||
|
CONF.validation.image_ssh_user,
|
||||||
|
self.keypair['private_key'])
|
||||||
|
|
||||||
|
# make sure ICMP connectivity works
|
||||||
|
self.check_remote_connectivity(server_ssh_clients[0], fips[1][
|
||||||
|
'fixed_ip_address'], should_succeed=should_succeed)
|
||||||
|
|
||||||
@decorators.idempotent_id('3d73ec1a-2ec6-45a9-b0f8-04a283d9d764')
|
@decorators.idempotent_id('3d73ec1a-2ec6-45a9-b0f8-04a283d9d764')
|
||||||
def test_default_sec_grp_scenarios(self):
|
def test_default_sec_grp_scenarios(self):
|
||||||
server_ssh_clients, fips, _ = self.create_vm_testing_sec_grp()
|
server_ssh_clients, fips, _ = self.create_vm_testing_sec_grp()
|
||||||
@ -167,34 +195,18 @@ class NetworkDefaultSecGroupTest(base.BaseTempestTestCase):
|
|||||||
|
|
||||||
@decorators.idempotent_id('3d73ec1a-2ec6-45a9-b0f8-04a283d9d664')
|
@decorators.idempotent_id('3d73ec1a-2ec6-45a9-b0f8-04a283d9d664')
|
||||||
def test_ip_prefix(self):
|
def test_ip_prefix(self):
|
||||||
# Add specific remote prefix to VMs and check connectivity
|
|
||||||
ssh_secgrp_name = data_utils.rand_name('ssh_secgrp')
|
|
||||||
icmp_secgrp_name = data_utils.rand_name('icmp_secgrp_with_cidr')
|
|
||||||
cidr = self.subnet['cidr']
|
cidr = self.subnet['cidr']
|
||||||
ssh_secgrp = self.os_primary.network_client.create_security_group(
|
|
||||||
name=ssh_secgrp_name)
|
|
||||||
self.create_loginable_secgroup_rule(
|
|
||||||
secgroup_id=ssh_secgrp['security_group']['id'])
|
|
||||||
|
|
||||||
rule_list = [{'protocol': constants.PROTO_NUM_ICMP,
|
rule_list = [{'protocol': constants.PROTO_NUM_ICMP,
|
||||||
'direction': constants.INGRESS_DIRECTION,
|
'direction': constants.INGRESS_DIRECTION,
|
||||||
'remote_ip_prefix': cidr}]
|
'remote_ip_prefix': cidr}]
|
||||||
icmp_secgrp = self.os_primary.network_client.create_security_group(
|
self._test_ip_prefix(rule_list, should_succeed=True)
|
||||||
name=icmp_secgrp_name)
|
|
||||||
self.create_secgroup_rules(
|
|
||||||
rule_list, secgroup_id=icmp_secgrp['security_group']['id'])
|
|
||||||
for sec_grp in (ssh_secgrp, icmp_secgrp):
|
|
||||||
self.security_groups.append(sec_grp['security_group'])
|
|
||||||
security_groups_list = [{'name': ssh_secgrp_name},
|
|
||||||
{'name': icmp_secgrp_name}]
|
|
||||||
server_ssh_clients, fips, servers = self.create_vm_testing_sec_grp(
|
|
||||||
security_groups=security_groups_list)
|
|
||||||
|
|
||||||
# make sure ssh connectivity works
|
@decorators.attr(type='negative')
|
||||||
self.check_connectivity(fips[0]['floating_ip_address'],
|
@decorators.idempotent_id('a01cd2ef-3cfc-4614-8aac-9d1333ea21dd')
|
||||||
CONF.validation.image_ssh_user,
|
def test_ip_prefix_negative(self):
|
||||||
self.keypair['private_key'])
|
# define bad CIDR
|
||||||
|
cidr = '10.100.0.254/32'
|
||||||
# make sure ICMP connectivity works
|
rule_list = [{'protocol': constants.PROTO_NUM_ICMP,
|
||||||
self.check_remote_connectivity(server_ssh_clients[0], fips[1][
|
'direction': constants.INGRESS_DIRECTION,
|
||||||
'fixed_ip_address'])
|
'remote_ip_prefix': cidr}]
|
||||||
|
self._test_ip_prefix(rule_list, should_succeed=False)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user