openstack/neutron
Code Issues Proposed changes

Merge "Include port_security check in fullstack tests"

Browse Source
This commit is contained in:
Jenkins 2017-02-03 12:34:36 +00:00 committed by Gerrit Code Review
commit f39a212230
2 changed files with 26 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
neutron/tests/fullstack/resources/config.py
View File

@ -139,9 +139,10 @@ class ML2ConfigFixture(ConfigFixture):
}, },
}) })
extension_drivers = ['port_security']
if env_desc.qos: if env_desc.qos:
self.config['ml2']['extension_drivers'] =\ extension_drivers.append(qos_ext.QOS_EXT_DRIVER_ALIAS)
qos_ext.QOS_EXT_DRIVER_ALIAS self.config['ml2']['extension_drivers'] = ','.join(extension_drivers)
class OVSConfigFixture(ConfigFixture): class OVSConfigFixture(ConfigFixture):

26
neutron/tests/fullstack/test_securitygroup.py
View File

@ -102,7 +102,8 @@ class TestSecurityGroupsSameNetwork(BaseSecurityGroupsSameNetworkTest):
# adding another. # adding another.
def test_securitygroup(self): def test_securitygroup(self):
"""Tests if a security group rules are working, by confirming """Tests if a security group rules are working, by confirming
that 1. connection from allowed security group is allowed, that 0. traffic is allowed when port security is disabled,
1. connection from allowed security group is allowed,
2. connection from elsewhere is blocked, 2. connection from elsewhere is blocked,
3. traffic not explicitly allowed (eg. ICMP) is blocked, 3. traffic not explicitly allowed (eg. ICMP) is blocked,
4. a security group update takes effect, 4. a security group update takes effect,
@ -128,8 +129,9 @@ class TestSecurityGroupsSameNetwork(BaseSecurityGroupsSameNetworkTest):
ports = [ ports = [
self.safe_client.create_port(tenant_uuid, network['id'], self.safe_client.create_port(tenant_uuid, network['id'],
self.environment.hosts[host].hostname, self.environment.hosts[host].hostname,
security_groups=[sgs[sg]['id']]) security_groups=[],
for host, sg in zip(index_to_host, index_to_sg)] port_security_enabled=False)
for host in index_to_host]
self.safe_client.create_security_group_rule( self.safe_client.create_security_group_rule(
tenant_uuid, sgs[0]['id'], tenant_uuid, sgs[0]['id'],
@ -151,6 +153,24 @@ class TestSecurityGroupsSameNetwork(BaseSecurityGroupsSameNetworkTest):
for vm in vms: for vm in vms:
vm.block_until_boot() vm.block_until_boot()
# 0. check that traffic is allowed when port security is disabled
self.assert_connection(
vms[1].namespace, vms[0].namespace, vms[0].ip, 3333,
net_helpers.NetcatTester.TCP)
self.assert_connection(
vms[2].namespace, vms[0].namespace, vms[0].ip, 3333,
net_helpers.NetcatTester.TCP)
net_helpers.assert_ping(vms[0].namespace, vms[1].ip)
net_helpers.assert_ping(vms[0].namespace, vms[2].ip)
net_helpers.assert_ping(vms[1].namespace, vms[2].ip)
# Apply security groups to the ports
for port, sg in zip(ports, index_to_sg):
self.safe_client.client.update_port(
port['id'],
body={'port': {'port_security_enabled': True,
'security_groups': [sgs[sg]['id']]}})
# 1. check if connection from allowed security group is allowed # 1. check if connection from allowed security group is allowed
self.assert_connection( self.assert_connection(
vms[1].namespace, vms[0].namespace, vms[0].ip, 3333, vms[1].namespace, vms[0].namespace, vms[0].ip, 3333,