Change legacy security group rule check
A neutron change, https://review.opendev.org/#/c/453346/ is standardizing the protocol name for IPv6 ICMP in security group rules to be 'ipv6-icmp', even if 'icmp' or 'icmpv6' was passed during creation. Change the API test to check against a list of possible values so it covers both old and new behaviors. Change-Id: I0ca8d743ca56f7d67ef8c1ae45ca518bd6e6dc35 Partial-Bug: #1582500
This commit is contained in:
parent
1a987ecb4d
commit
8d2557c632
@ -47,8 +47,6 @@ V4_PROTOCOL_INTS = {v
|
|||||||
for k, v in constants.IP_PROTOCOL_MAP.items()
|
for k, v in constants.IP_PROTOCOL_MAP.items()
|
||||||
if k in V4_PROTOCOL_NAMES}
|
if k in V4_PROTOCOL_NAMES}
|
||||||
|
|
||||||
V6_PROTOCOL_LEGACY = {constants.PROTO_NAME_IPV6_ICMP_LEGACY}
|
|
||||||
|
|
||||||
V6_PROTOCOL_NAMES = {
|
V6_PROTOCOL_NAMES = {
|
||||||
'ipv6-encap',
|
'ipv6-encap',
|
||||||
'ipv6-frag',
|
'ipv6-frag',
|
||||||
@ -60,4 +58,4 @@ V6_PROTOCOL_NAMES = {
|
|||||||
|
|
||||||
V6_PROTOCOL_INTS = {v
|
V6_PROTOCOL_INTS = {v
|
||||||
for k, v in constants.IP_PROTOCOL_MAP.items()
|
for k, v in constants.IP_PROTOCOL_MAP.items()
|
||||||
if k in (V6_PROTOCOL_NAMES | V6_PROTOCOL_LEGACY)}
|
if k in V6_PROTOCOL_NAMES}
|
||||||
|
@ -109,12 +109,42 @@ class SecGroupProtocolIPv6Test(SecGroupProtocolTest):
|
|||||||
_ip_version = constants.IP_VERSION_6
|
_ip_version = constants.IP_VERSION_6
|
||||||
protocol_names = base_security_groups.V6_PROTOCOL_NAMES
|
protocol_names = base_security_groups.V6_PROTOCOL_NAMES
|
||||||
protocol_ints = base_security_groups.V6_PROTOCOL_INTS
|
protocol_ints = base_security_groups.V6_PROTOCOL_INTS
|
||||||
protocol_legacy_names = base_security_groups.V6_PROTOCOL_LEGACY
|
|
||||||
|
|
||||||
@decorators.idempotent_id('c7d17b41-3b4e-4add-bb3b-6af59baaaffa')
|
@decorators.idempotent_id('c7d17b41-3b4e-4add-bb3b-6af59baaaffa')
|
||||||
def test_security_group_rule_protocol_legacy_names(self):
|
def test_security_group_rule_protocol_legacy_icmpv6(self):
|
||||||
self._test_security_group_rule_protocols(
|
# These legacy protocols can be used to create security groups,
|
||||||
protocols=self.protocol_legacy_names)
|
# but they could be shown either with their passed protocol name,
|
||||||
|
# or a canonical-ized version, depending on the neutron version.
|
||||||
|
# So we check against a list of possible values.
|
||||||
|
# TODO(haleyb): Remove once these legacy names are deprecated
|
||||||
|
protocols = {constants.PROTO_NAME_IPV6_ICMP_LEGACY:
|
||||||
|
constants.PROTO_NAME_IPV6_ICMP,
|
||||||
|
constants.PROTO_NAME_ICMP:
|
||||||
|
constants.PROTO_NAME_IPV6_ICMP}
|
||||||
|
for key, value in protocols.items():
|
||||||
|
self._test_security_group_rule_legacy(
|
||||||
|
protocol_list=[str(key), str(value)],
|
||||||
|
protocol=str(key),
|
||||||
|
direction=constants.INGRESS_DIRECTION,
|
||||||
|
ethertype=self.ethertype)
|
||||||
|
|
||||||
|
def _test_security_group_rule_legacy(self, protocol_list, **kwargs):
|
||||||
|
security_group = self.create_security_group()
|
||||||
|
security_group_rule = self.create_security_group_rule(
|
||||||
|
security_group=security_group, **kwargs)
|
||||||
|
observed_security_group_rule = self.client.show_security_group_rule(
|
||||||
|
security_group_rule['id'])['security_group_rule']
|
||||||
|
for key, value in kwargs.items():
|
||||||
|
if key == 'protocol':
|
||||||
|
self.assertIn(security_group_rule[key], protocol_list,
|
||||||
|
"{!r} does not match.".format(key))
|
||||||
|
self.assertIn(observed_security_group_rule[key], protocol_list,
|
||||||
|
"{!r} does not match.".format(key))
|
||||||
|
else:
|
||||||
|
self.assertEqual(value, security_group_rule[key],
|
||||||
|
"{!r} does not match.".format(key))
|
||||||
|
self.assertEqual(value, observed_security_group_rule[key],
|
||||||
|
"{!r} does not match.".format(key))
|
||||||
|
|
||||||
|
|
||||||
class RbacSharedSecurityGroupTest(base.BaseAdminNetworkTest):
|
class RbacSharedSecurityGroupTest(base.BaseAdminNetworkTest):
|
||||||
|
Loading…
Reference in New Issue
Block a user