openstack/neutron-tempest-plugin
Code Issues Proposed changes

[Stateless SG] Add test for port security and stateless SGs

Browse Source 
This patch modifies exisitng port_security_removed_added to be run
for both stateful and stateless SGs.

Change-Id: Idb49963618c45dbe5976e32d5db466f35ed534c8
This commit is contained in:
Slawek Kaplonski 2024-03-14 11:15:59 +01:00
parent ec162e0f56
commit ad4ddcbaa1
2 changed files with 30 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
neutron_tempest_plugin/scenario/base.py
View File

@ -285,7 +285,8 @@ class BaseTempestTestCase(base_api.BaseNetworkTest):
client.delete_interface(server_id, port_id=port_id)
def setup_network_and_server(self, router=None, server_name=None,
network=None, **kwargs):
network=None, use_stateless_sg=False,
**kwargs):
"""Create network resources and a server.
Creating a network, subnet, router, keypair, security group
@ -296,8 +297,13 @@ class BaseTempestTestCase(base_api.BaseNetworkTest):
self.subnet = self.create_subnet(self.network)
LOG.debug("Created subnet %s", self.subnet['id'])
sg_args = {
'name': data_utils.rand_name('secgroup')
}
if use_stateless_sg:
sg_args['stateful'] = False
secgroup = self.os_primary.network_client.create_security_group(
name=data_utils.rand_name('secgroup'))
**sg_args)
LOG.debug("Created security group %s",
secgroup['security_group']['name'])
self.security_groups.append(secgroup['security_group'])
@ -307,6 +313,9 @@ class BaseTempestTestCase(base_api.BaseNetworkTest):
self.keypair = self.create_keypair()
self.create_loginable_secgroup_rule(
secgroup_id=secgroup['security_group']['id'])
if use_stateless_sg:
self.create_ingress_metadata_secgroup_rule(
secgroup_id=secgroup['security_group']['id'])
server_kwargs = {
'flavor_ref': CONF.compute.flavor_ref,

22
neutron_tempest_plugin/scenario/test_portsecurity.py
View File

@ -11,7 +11,9 @@
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import testtools
from tempest.common import utils
from tempest.lib import decorators
from neutron_tempest_plugin import config
@ -24,15 +26,14 @@ class PortSecurityTest(base.BaseTempestTestCase):
credentials = ['primary', 'admin']
required_extensions = ['port-security']
@decorators.idempotent_id('61ab176e-d48b-42b7-b38a-1ba571ecc033')
def test_port_security_removed_added(self):
def _test_port_security_removed_added(self, use_stateless_sg):
"""Test connection works after port security has been removed
Initial test that vm is accessible. Then port security is removed,
checked connectivity. Port security is added back and checked
connectivity again.
"""
self.setup_network_and_server()
self.setup_network_and_server(use_stateless_sg=use_stateless_sg)
self.check_connectivity(self.fip['floating_ip_address'],
CONF.validation.image_ssh_user,
self.keypair['private_key'])
@ -51,3 +52,18 @@ class PortSecurityTest(base.BaseTempestTestCase):
self.check_connectivity(self.fip['floating_ip_address'],
CONF.validation.image_ssh_user,
self.keypair['private_key'])
@decorators.idempotent_id('61ab176e-d48b-42b7-b38a-1ba571ecc033')
def test_port_security_removed_added_stateful_sg(self):
self._test_port_security_removed_added(use_stateless_sg=False)
@decorators.idempotent_id('2f4005e1-cee1-40e5-adbd-b3e3cf218065')
@testtools.skipUnless(
utils.is_extension_enabled('stateful-security-group', 'network'),
"'stateful-security-group' API extension not available")
@testtools.skipIf(
CONF.neutron_plugin_options.firewall_driver in ['openvswitch', 'None'],
"Firewall driver other than 'openvswitch' is required to use "
"stateless security groups.")
def test_port_security_removed_added_stateless_sg(self):
self._test_port_security_removed_added(use_stateless_sg=True)