From cc92b426e8034ec659e090241862e5ff66469b41 Mon Sep 17 00:00:00 2001
From: Itzik Brown <itzikb@redhat.com>
Date: Mon, 31 Oct 2016 12:25:04 +0000
Subject: [PATCH] Using a new security group in scenario tests

Instead of using the default security group - creating and
using a new security group in setup_network_and_server.
This should help when two tests are in the same class and have the
same tenant which can cause problems when one test is changing the
security group, adding rules etc.

Also adding resource cleanup in API tests base for security groups.

Change-Id: I4997bb48edf05402aa8135e3fd70e4c16cafb114
---
 neutron/tests/tempest/api/base.py            |  6 +++
 neutron/tests/tempest/scenario/base.py       | 45 +++++++++++++++++---
 neutron/tests/tempest/scenario/test_qos.py   |  4 +-
 neutron/tests/tempest/scenario/test_trunk.py | 14 ++++--
 4 files changed, 60 insertions(+), 9 deletions(-)

diff --git a/neutron/tests/tempest/api/base.py b/neutron/tests/tempest/api/base.py
index b308a313e0b..3321ad43c2c 100644
--- a/neutron/tests/tempest/api/base.py
+++ b/neutron/tests/tempest/api/base.py
@@ -109,6 +109,7 @@ class BaseNetworkTest(test.BaseTestCase):
         cls.admin_address_scopes = []
         cls.subnetpools = []
         cls.admin_subnetpools = []
+        cls.security_groups = []
 
     @classmethod
     def resource_cleanup(cls):
@@ -167,6 +168,11 @@ class BaseNetworkTest(test.BaseTestCase):
                 cls._try_delete_resource(cls.admin_client.delete_network,
                                          network['id'])
 
+            # Clean up security groups
+            for secgroup in cls.security_groups:
+                cls._try_delete_resource(cls.client.delete_security_group,
+                                         secgroup['id'])
+
             for subnetpool in cls.subnetpools:
                 cls._try_delete_resource(cls.client.delete_subnetpool,
                                          subnetpool['id'])
diff --git a/neutron/tests/tempest/scenario/base.py b/neutron/tests/tempest/scenario/base.py
index 8c45f4b097e..4072a1fadd5 100644
--- a/neutron/tests/tempest/scenario/base.py
+++ b/neutron/tests/tempest/scenario/base.py
@@ -47,13 +47,37 @@ class BaseTempestTestCase(base_api.BaseNetworkTest):
 
     @classmethod
     def create_server(cls, flavor_ref, image_ref, key_name, networks,
-                      name=None):
+                      name=None, security_groups=None):
+        """Create a server using tempest lib
+        All the parameters are the ones used in Compute API
+
+        Args:
+           flavor_ref(str): The flavor of the server to be provisioned.
+           image_ref(str):  The image of the server to be provisioned.
+           key_name(str): SSH key to to be used to connect to the
+                            provisioned server.
+           networks(list): List of dictionaries where each represent
+               an interface to be attached to the server. For network
+               it should be {'uuid': network_uuid} and for port it should
+               be {'port': port_uuid}
+           name(str): Name of the server to be provisioned.
+           security_groups(list): List of dictionaries where
+                the keys is 'name' and the value is the name of
+                the security group. If it's not passed the default
+                security group will be used.
+        """
+
         name = name or data_utils.rand_name('server-test')
+        if not security_groups:
+            security_groups = [{'name': 'default'}]
+
         server = cls.manager.servers_client.create_server(
-            name=name, flavorRef=flavor_ref,
+            name=name,
+            flavorRef=flavor_ref,
             imageRef=image_ref,
             key_name=key_name,
-            networks=networks)
+            networks=networks,
+            security_groups=security_groups)
         cls.servers.append(server['server']['id'])
         return server
 
@@ -123,17 +147,28 @@ class BaseTempestTestCase(base_api.BaseNetworkTest):
 
     @classmethod
     def setup_network_and_server(cls):
+        """Creating network resources and a server.
+
+        Creating a network, subnet, router, keypair, security group
+        and a server.
+        """
         cls.network = cls.create_network()
         cls.subnet = cls.create_subnet(cls.network)
 
+        secgroup = cls.manager.network_client.create_security_group(
+            name=data_utils.rand_name('secgroup-'))
+        cls.security_groups.append(secgroup['security_group'])
+
         cls.create_router_and_interface(cls.subnet['id'])
         cls.keypair = cls.create_keypair()
-        cls.create_loginable_secgroup_rule()
+        cls.create_loginable_secgroup_rule(
+            secgroup_id=secgroup['security_group']['id'])
         cls.server = cls.create_server(
             flavor_ref=CONF.compute.flavor_ref,
             image_ref=CONF.compute.image_ref,
             key_name=cls.keypair['name'],
-            networks=[{'uuid': cls.network['id']}])
+            networks=[{'uuid': cls.network['id']}],
+            security_groups=[{'name': secgroup['security_group']['name']}])
         waiters.wait_for_server_status(cls.manager.servers_client,
                                        cls.server['server']['id'],
                                        constants.SERVER_STATUS_ACTIVE)
diff --git a/neutron/tests/tempest/scenario/test_qos.py b/neutron/tests/tempest/scenario/test_qos.py
index 89b31a7e08c..a58b6e470a4 100644
--- a/neutron/tests/tempest/scenario/test_qos.py
+++ b/neutron/tests/tempest/scenario/test_qos.py
@@ -158,7 +158,9 @@ class QoSTest(base.BaseTempestTestCase):
                      'port_range_min': NC_PORT,
                      'port_range_max': NC_PORT,
                      'remote_ip_prefix': '0.0.0.0/0'}]
-        self.create_secgroup_rules(rulesets)
+        self.create_secgroup_rules(rulesets,
+                                   self.security_groups[-1]['id'])
+
         ssh_client = ssh.Client(self.fip['floating_ip_address'],
                                 CONF.validation.image_ssh_user,
                                 pkey=self.keypair['private_key'])
diff --git a/neutron/tests/tempest/scenario/test_trunk.py b/neutron/tests/tempest/scenario/test_trunk.py
index 30d602285aa..b3503924942 100644
--- a/neutron/tests/tempest/scenario/test_trunk.py
+++ b/neutron/tests/tempest/scenario/test_trunk.py
@@ -14,6 +14,7 @@
 
 from oslo_log import log as logging
 from tempest.common import waiters
+from tempest.lib.common.utils import data_utils
 from tempest import test
 
 from neutron.common import utils
@@ -38,17 +39,24 @@ class TrunkTest(base.BaseTempestTestCase):
         cls.subnet = cls.create_subnet(cls.network)
         cls.create_router_and_interface(cls.subnet['id'])
         cls.keypair = cls.create_keypair()
-        cls.create_loginable_secgroup_rule()
+        cls.secgroup = cls.manager.network_client.create_security_group(
+            name=data_utils.rand_name('secgroup-'))
+        cls.security_groups.append(cls.secgroup['security_group'])
+        cls.create_loginable_secgroup_rule(
+            secgroup_id=cls.secgroup['security_group']['id'])
 
     def _create_server_with_trunk_port(self):
-        port = self.create_port(self.network)
+        port = self.create_port(self.network, security_groups=[
+            self.secgroup['security_group']['id']])
         trunk = self.client.create_trunk(port['id'], subports=[])['trunk']
         fip = self.create_and_associate_floatingip(port['id'])
         server = self.create_server(
             flavor_ref=CONF.compute.flavor_ref,
             image_ref=CONF.compute.image_ref,
             key_name=self.keypair['name'],
-            networks=[{'port': port['id']}])['server']
+            networks=[{'port': port['id']}],
+            security_groups=[{'name': self.secgroup[
+                'security_group']['name']}])['server']
         self.addCleanup(self._detach_and_delete_trunk, server, trunk)
         return {'port': port, 'trunk': trunk, 'fip': fip,
                 'server': server}