Change legacy security group rule check

A neutron change, https://review.opendev.org/#/c/453346/
is standardizing the protocol name for IPv6 ICMP in security
group rules to be 'ipv6-icmp', even if 'icmp' or 'icmpv6'
was passed during creation.  Change the API test to check
against a list of possible values so it covers both old and
new behaviors.

Change-Id: I0ca8d743ca56f7d67ef8c1ae45ca518bd6e6dc35
Partial-Bug: #1582500
This commit is contained in:
Brian Haley 2019-05-20 15:56:58 -04:00
parent 1a987ecb4d
commit 8d2557c632
2 changed files with 35 additions and 7 deletions

View File

@ -47,8 +47,6 @@ V4_PROTOCOL_INTS = {v
for k, v in constants.IP_PROTOCOL_MAP.items() for k, v in constants.IP_PROTOCOL_MAP.items()
if k in V4_PROTOCOL_NAMES} if k in V4_PROTOCOL_NAMES}
V6_PROTOCOL_LEGACY = {constants.PROTO_NAME_IPV6_ICMP_LEGACY}
V6_PROTOCOL_NAMES = { V6_PROTOCOL_NAMES = {
'ipv6-encap', 'ipv6-encap',
'ipv6-frag', 'ipv6-frag',
@ -60,4 +58,4 @@ V6_PROTOCOL_NAMES = {
V6_PROTOCOL_INTS = {v V6_PROTOCOL_INTS = {v
for k, v in constants.IP_PROTOCOL_MAP.items() for k, v in constants.IP_PROTOCOL_MAP.items()
if k in (V6_PROTOCOL_NAMES | V6_PROTOCOL_LEGACY)} if k in V6_PROTOCOL_NAMES}

View File

@ -109,12 +109,42 @@ class SecGroupProtocolIPv6Test(SecGroupProtocolTest):
_ip_version = constants.IP_VERSION_6 _ip_version = constants.IP_VERSION_6
protocol_names = base_security_groups.V6_PROTOCOL_NAMES protocol_names = base_security_groups.V6_PROTOCOL_NAMES
protocol_ints = base_security_groups.V6_PROTOCOL_INTS protocol_ints = base_security_groups.V6_PROTOCOL_INTS
protocol_legacy_names = base_security_groups.V6_PROTOCOL_LEGACY
@decorators.idempotent_id('c7d17b41-3b4e-4add-bb3b-6af59baaaffa') @decorators.idempotent_id('c7d17b41-3b4e-4add-bb3b-6af59baaaffa')
def test_security_group_rule_protocol_legacy_names(self): def test_security_group_rule_protocol_legacy_icmpv6(self):
self._test_security_group_rule_protocols( # These legacy protocols can be used to create security groups,
protocols=self.protocol_legacy_names) # but they could be shown either with their passed protocol name,
# or a canonical-ized version, depending on the neutron version.
# So we check against a list of possible values.
# TODO(haleyb): Remove once these legacy names are deprecated
protocols = {constants.PROTO_NAME_IPV6_ICMP_LEGACY:
constants.PROTO_NAME_IPV6_ICMP,
constants.PROTO_NAME_ICMP:
constants.PROTO_NAME_IPV6_ICMP}
for key, value in protocols.items():
self._test_security_group_rule_legacy(
protocol_list=[str(key), str(value)],
protocol=str(key),
direction=constants.INGRESS_DIRECTION,
ethertype=self.ethertype)
def _test_security_group_rule_legacy(self, protocol_list, **kwargs):
security_group = self.create_security_group()
security_group_rule = self.create_security_group_rule(
security_group=security_group, **kwargs)
observed_security_group_rule = self.client.show_security_group_rule(
security_group_rule['id'])['security_group_rule']
for key, value in kwargs.items():
if key == 'protocol':
self.assertIn(security_group_rule[key], protocol_list,
"{!r} does not match.".format(key))
self.assertIn(observed_security_group_rule[key], protocol_list,
"{!r} does not match.".format(key))
else:
self.assertEqual(value, security_group_rule[key],
"{!r} does not match.".format(key))
self.assertEqual(value, observed_security_group_rule[key],
"{!r} does not match.".format(key))
class RbacSharedSecurityGroupTest(base.BaseAdminNetworkTest): class RbacSharedSecurityGroupTest(base.BaseAdminNetworkTest):