Merge "Added test for reattached security groups"
This commit is contained in:
commit
d41ea13670
|
@ -136,3 +136,74 @@ def spawn_http_server(ssh_client, port, message):
|
||||||
def call_url_remote(ssh_client, url):
|
def call_url_remote(ssh_client, url):
|
||||||
cmd = "curl %s --retry 3 --connect-timeout 2" % url
|
cmd = "curl %s --retry 3 --connect-timeout 2" % url
|
||||||
return ssh_client.exec_command(cmd)
|
return ssh_client.exec_command(cmd)
|
||||||
|
|
||||||
|
|
||||||
|
class StatefulConnection:
|
||||||
|
"""Class to test connection that should remain opened
|
||||||
|
|
||||||
|
Can be used to perform some actions while the initiated connection
|
||||||
|
remain opened
|
||||||
|
"""
|
||||||
|
|
||||||
|
def __init__(self, client_ssh, server_ssh, target_ip, target_port):
|
||||||
|
self.client_ssh = client_ssh
|
||||||
|
self.server_ssh = server_ssh
|
||||||
|
self.ip = target_ip
|
||||||
|
self.port = target_port
|
||||||
|
self.connection_started = False
|
||||||
|
self.test_attempt = 0
|
||||||
|
|
||||||
|
def __enter__(self):
|
||||||
|
return self
|
||||||
|
|
||||||
|
@property
|
||||||
|
def test_str(self):
|
||||||
|
return 'attempt_{}'.format(str(self.test_attempt).zfill(3))
|
||||||
|
|
||||||
|
def _start_connection(self):
|
||||||
|
self.server_ssh.exec_command(
|
||||||
|
'echo "{}" > input.txt'.format(self.test_str))
|
||||||
|
self.server_ssh.exec_command('tail -f input.txt | nc -lp '
|
||||||
|
'{} &> output.txt &'.format(self.port))
|
||||||
|
self.client_ssh.exec_command(
|
||||||
|
'echo "{}" > input.txt'.format(self.test_str))
|
||||||
|
self.client_ssh.exec_command('tail -f input.txt | nc {} {} &>'
|
||||||
|
'output.txt &'.format(self.ip, self.port))
|
||||||
|
|
||||||
|
def _test_connection(self):
|
||||||
|
if not self.connection_started:
|
||||||
|
self._start_connection()
|
||||||
|
else:
|
||||||
|
self.server_ssh.exec_command(
|
||||||
|
'echo "{}" >> input.txt'.format(self.test_str))
|
||||||
|
self.client_ssh.exec_command(
|
||||||
|
'echo "{}" >> input.txt & sleep 1'.format(self.test_str))
|
||||||
|
try:
|
||||||
|
self.server_ssh.exec_command(
|
||||||
|
'grep {} output.txt'.format(self.test_str))
|
||||||
|
self.client_ssh.exec_command(
|
||||||
|
'grep {} output.txt'.format(self.test_str))
|
||||||
|
if not self.should_pass:
|
||||||
|
return False
|
||||||
|
else:
|
||||||
|
if not self.connection_started:
|
||||||
|
self.connection_started = True
|
||||||
|
return True
|
||||||
|
except exceptions.SSHExecCommandFailed:
|
||||||
|
if self.should_pass:
|
||||||
|
return False
|
||||||
|
else:
|
||||||
|
return True
|
||||||
|
finally:
|
||||||
|
self.test_attempt += 1
|
||||||
|
|
||||||
|
def test_connection(self, should_pass=True, timeout=10, sleep_timer=1):
|
||||||
|
self.should_pass = should_pass
|
||||||
|
wait_until_true(
|
||||||
|
self._test_connection, timeout=timeout, sleep=sleep_timer)
|
||||||
|
|
||||||
|
def __exit__(self, type, value, traceback):
|
||||||
|
self.server_ssh.exec_command('sudo killall nc || killall nc')
|
||||||
|
self.server_ssh.exec_command('sudo killall tail || killall tail')
|
||||||
|
self.client_ssh.exec_command('sudo killall nc || killall nc')
|
||||||
|
self.client_ssh.exec_command('sudo killall tail || killall tail')
|
||||||
|
|
|
@ -277,6 +277,50 @@ class NetworkSecGroupTest(base.BaseTempestTestCase):
|
||||||
'remote_ip_prefix': cidr}]
|
'remote_ip_prefix': cidr}]
|
||||||
self._test_ip_prefix(rule_list, should_succeed=False)
|
self._test_ip_prefix(rule_list, should_succeed=False)
|
||||||
|
|
||||||
|
@decorators.idempotent_id('01f0ddca-b049-47eb-befd-82acb502c9ec')
|
||||||
|
def test_established_tcp_session_after_re_attachinging_sg(self):
|
||||||
|
"""Test existing connection remain open after sg has been re-attached
|
||||||
|
|
||||||
|
Verifies that new packets can pass over the existing connection when
|
||||||
|
the security group has been removed from the server and then added
|
||||||
|
back
|
||||||
|
"""
|
||||||
|
|
||||||
|
ssh_sg = self.create_security_group()
|
||||||
|
self.create_loginable_secgroup_rule(secgroup_id=ssh_sg['id'])
|
||||||
|
vm_ssh, fips, vms = self.create_vm_testing_sec_grp(
|
||||||
|
security_groups=[{'name': ssh_sg['name']}])
|
||||||
|
sg = self.create_security_group()
|
||||||
|
nc_rule = [{'protocol': constants.PROTO_NUM_TCP,
|
||||||
|
'direction': constants.INGRESS_DIRECTION,
|
||||||
|
'port_range_min': 6666,
|
||||||
|
'port_range_max': 6666}]
|
||||||
|
self.create_secgroup_rules(nc_rule, secgroup_id=sg['id'])
|
||||||
|
srv_port = self.client.list_ports(network_id=self.network['id'],
|
||||||
|
device_id=vms[1]['server']['id'])['ports'][0]
|
||||||
|
srv_ip = srv_port['fixed_ips'][0]['ip_address']
|
||||||
|
with utils.StatefulConnection(
|
||||||
|
vm_ssh[0], vm_ssh[1], srv_ip, 6666) as con:
|
||||||
|
self.client.update_port(srv_port['id'],
|
||||||
|
security_groups=[ssh_sg['id'], sg['id']])
|
||||||
|
con.test_connection()
|
||||||
|
with utils.StatefulConnection(
|
||||||
|
vm_ssh[0], vm_ssh[1], srv_ip, 6666) as con:
|
||||||
|
self.client.update_port(
|
||||||
|
srv_port['id'], security_groups=[ssh_sg['id']])
|
||||||
|
con.test_connection(should_pass=False)
|
||||||
|
with utils.StatefulConnection(
|
||||||
|
vm_ssh[0], vm_ssh[1], srv_ip, 6666) as con:
|
||||||
|
self.client.update_port(srv_port['id'],
|
||||||
|
security_groups=[ssh_sg['id'], sg['id']])
|
||||||
|
con.test_connection()
|
||||||
|
self.client.update_port(srv_port['id'],
|
||||||
|
security_groups=[ssh_sg['id']])
|
||||||
|
con.test_connection(should_pass=False)
|
||||||
|
self.client.update_port(srv_port['id'],
|
||||||
|
security_groups=[ssh_sg['id'], sg['id']])
|
||||||
|
con.test_connection()
|
||||||
|
|
||||||
@decorators.idempotent_id('7ed39b86-006d-40fb-887a-ae46693dabc9')
|
@decorators.idempotent_id('7ed39b86-006d-40fb-887a-ae46693dabc9')
|
||||||
def test_remote_group(self):
|
def test_remote_group(self):
|
||||||
# create a new sec group
|
# create a new sec group
|
||||||
|
|
|
@ -220,7 +220,11 @@
|
||||||
network_available_features: *available_features
|
network_available_features: *available_features
|
||||||
# TODO(slaweq): remove trunks subport_connectivity test from blacklist
|
# TODO(slaweq): remove trunks subport_connectivity test from blacklist
|
||||||
# when bug https://bugs.launchpad.net/neutron/+bug/1838760 will be fixed
|
# when bug https://bugs.launchpad.net/neutron/+bug/1838760 will be fixed
|
||||||
tempest_exclude_regex: "(^neutron_tempest_plugin.scenario.test_trunk.TrunkTest.test_subport_connectivity)"
|
# TODO(akatz): remove established tcp session verification test when the
|
||||||
|
# bug https://bugzilla.redhat.com/show_bug.cgi?id=1965036 will be fixed
|
||||||
|
tempest_exclude_regex: "\
|
||||||
|
(^neutron_tempest_plugin.scenario.test_trunk.TrunkTest.test_subport_connectivity)|\
|
||||||
|
(^neutron_tempest_plugin.scenario.test_security_groups.NetworkSecGroupTest.test_established_tcp_session_after_re_attachinging_sg)"
|
||||||
devstack_localrc:
|
devstack_localrc:
|
||||||
Q_AGENT: openvswitch
|
Q_AGENT: openvswitch
|
||||||
Q_ML2_TENANT_NETWORK_TYPE: vxlan
|
Q_ML2_TENANT_NETWORK_TYPE: vxlan
|
||||||
|
|
Loading…
Reference in New Issue