Merge "Fullstack SG test for LinuxBridge agent"

2017-01-18 20:53:59 +00:00 · 2017-01-18 20:53:59 +00:00 · 645561e3f8
commit 645561e3f8
parent 75f0f3433c 45e047f843
2 changed files with 53 additions and 37 deletions
--- a/neutron/tests/fullstack/resources/config.py
+++ b/neutron/tests/fullstack/resources/config.py
@ -228,6 +228,9 @@ class LinuxBridgeConfigFixture(ConfigFixture):
                'enable_vxlan': str(self.env_desc.tunneling_enabled),
                'local_ip': local_ip,
                'l2_population': str(self.env_desc.l2_pop),
+            },
+            'securitygroup': {
+                'firewall_driver': host_desc.firewall_driver,
            }
        })
        if env_desc.qos:
--- a/neutron/tests/fullstack/test_securitygroup.py
+++ b/neutron/tests/fullstack/test_securitygroup.py
@ -74,18 +74,26 @@ class BaseSecurityGroupsSameNetworkTest(base.BaseFullStackTestCase):

 class TestSecurityGroupsSameNetwork(BaseSecurityGroupsSameNetworkTest):

-    l2_agent_type = constants.AGENT_TYPE_OVS
    network_type = 'vxlan'
    scenarios = [
-        ('hybrid', {'firewall_driver': 'iptables_hybrid',
+        ('ovs-hybrid', {
+            'firewall_driver': 'iptables_hybrid',
            'of_interface': 'native',
-                    'ovsdb_interface': 'native'}),
-        ('openflow-cli_ovsdb-cli', {'firewall_driver': 'openvswitch',
+            'ovsdb_interface': 'native',
+            'l2_agent_type': constants.AGENT_TYPE_OVS}),
+        ('ovs-openflow-cli_ovsdb-cli', {
+            'firewall_driver': 'openvswitch',
            'of_interface': 'ovs-ofctl',
-                                    'ovsdb_interface': 'vsctl'}),
-        ('openflow-native_ovsdb-native', {'firewall_driver': 'openvswitch',
+            'ovsdb_interface': 'vsctl',
+            'l2_agent_type': constants.AGENT_TYPE_OVS}),
+        ('ovs-openflow-native_ovsdb-native', {
+            'firewall_driver': 'openvswitch',
            'of_interface': 'native',
-                                          'ovsdb_interface': 'native'})]
+            'ovsdb_interface': 'native',
+            'l2_agent_type': constants.AGENT_TYPE_OVS}),
+        ('linuxbridge-iptables', {
+            'firewall_driver': 'iptables',
+            'l2_agent_type': constants.AGENT_TYPE_LINUXBRIDGE})]

    # NOTE(toshii): As a firewall_driver can interfere with others,
    # the recommended way to add test is to expand this method, not
@ -183,6 +191,13 @@ class TestSecurityGroupsSameNetwork(BaseSecurityGroupsSameNetworkTest):
            vms[2].namespace, vms[0].namespace, vms[0].ip, 3355,
            net_helpers.NetcatTester.TCP)

+        # NOTE(slaweq) iptables driver currently contains a bug
+        # https://bugs.launchpad.net/neutron/+bug/1657260
+        # where established connections are not dropped after security group
+        # rule is removed.  Remove this workaround once bug #1657260 is fixed.
+        if self.firewall_driver != 'iptables':
+            # 6. check if an established connection stops by deleting
+            #    the supporting SG rule.
            index_to_host.append(index_to_host[2])
            index_to_sg.append(1)
            ports.append(
@ -209,8 +224,6 @@ class TestSecurityGroupsSameNetwork(BaseSecurityGroupsSameNetworkTest):
            self.addCleanup(netcat.stop_processes)
            self.assertTrue(netcat.test_connectivity())

-        # 6. check if an established connection stops by deleting
-        #    the supporting SG rule.
            self.client.delete_security_group_rule(rule2['id'])
            common_utils.wait_until_true(lambda: netcat.test_no_connectivity(),
                                         sleep=8)