openstack
/
neutron
Code Issues Proposed changes
neutron/neutron/tests/tempest/api/test_extension_driver_port_...

151 lines
6.7 KiB
Python
Raw Blame History

# Copyright 2015 OpenStack Foundation
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import ddt
from tempest.common import utils
from tempest.lib import decorators
from tempest.lib import exceptions as lib_exc
from neutron.tests.tempest.api import base
from neutron.tests.tempest.api import base_security_groups as base_security
FAKE_IP = '10.0.0.1'
FAKE_MAC = '00:25:64:e8:19:dd'
@ddt.ddt
class PortSecTest(base_security.BaseSecGroupTest,
base.BaseNetworkTest):
@decorators.idempotent_id('7c338ddf-e64e-4118-bd33-e49a1f2f1495')
@utils.requires_ext(extension='port-security', service='network')
def test_port_sec_default_value(self):
# Default port-sec value is True, and the attr of the port will inherit
# from the port-sec of the network when it not be specified in API
network = self.create_network()
self.assertTrue(network['port_security_enabled'])
self.create_subnet(network)
port = self.create_port(network)
self.assertTrue(port['port_security_enabled'])
@decorators.idempotent_id('e60eafd2-31de-4c38-8106-55447d033b57')
@utils.requires_ext(extension='port-security', service='network')
@ddt.unpack
@ddt.data({'port_sec_net': False, 'port_sec_port': True, 'expected': True},
{'port_sec_net': True, 'port_sec_port': False,
'expected': False})
def test_port_sec_specific_value(self, port_sec_net, port_sec_port,
expected):
network = self.create_network(port_security_enabled=port_sec_net)
self.create_subnet(network)
port = self.create_port(network, port_security_enabled=port_sec_port)
self.assertEqual(network['port_security_enabled'], port_sec_net)
self.assertEqual(port['port_security_enabled'], expected)
@decorators.idempotent_id('fe7c27b9-f320-4daf-b977-b1547c43daf6')
@utils.requires_ext(extension='port-security', service='network')
def test_create_port_sec_with_security_group(self):
network = self.create_network(port_security_enabled=True)
self.create_subnet(network)
port = self.create_port(network, security_groups=[])
self.assertTrue(port['port_security_enabled'])
self.client.delete_port(port['id'])
port = self.create_port(network, security_groups=[],
port_security_enabled=False)
self.assertFalse(port['port_security_enabled'])
self.assertEmpty(port['security_groups'])
@decorators.attr(type='negative')
@decorators.idempotent_id('ff11226c-a5ff-4ad4-8480-0840e36e47a9')
@utils.requires_ext(extension='port-security', service='network')
def test_port_sec_update_port_failed(self):
network = self.create_network()
self.create_subnet(network)
sec_group_body, _ = self._create_security_group()
port = self.create_port(network)
# Exception when set port-sec to False with sec-group defined
self.assertRaises(lib_exc.Conflict, self.update_port, port,
port_security_enabled=False)
port = self.update_port(port, security_groups=[],
port_security_enabled=False)
self.assertEmpty(port['security_groups'])
self.assertFalse(port['port_security_enabled'])
port = self.update_port(
port, security_groups=[sec_group_body['security_group']['id']],
port_security_enabled=True)
self.assertNotEmpty(port['security_groups'])
self.assertTrue(port['port_security_enabled'])
# Remove security group from port before deletion on resource_cleanup
self.update_port(port, security_groups=[])
@decorators.idempotent_id('05642059-1bfc-4581-9bc9-aaa5db08dd60')
@utils.requires_ext(extension='port-security', service='network')
def test_port_sec_update_pass(self):
network = self.create_network()
self.create_subnet(network)
sec_group, _ = self._create_security_group()
sec_group_id = sec_group['security_group']['id']
port = self.create_port(network, security_groups=[sec_group_id],
port_security_enabled=True)
self.assertNotEmpty(port['security_groups'])
self.assertTrue(port['port_security_enabled'])
port = self.update_port(port, security_groups=[])
self.assertEmpty(port['security_groups'])
self.assertTrue(port['port_security_enabled'])
port = self.update_port(port, security_groups=[sec_group_id])
self.assertNotEmpty(port['security_groups'])
port = self.update_port(port, security_groups=[],
port_security_enabled=False)
self.assertEmpty(port['security_groups'])
self.assertFalse(port['port_security_enabled'])
@decorators.idempotent_id('2df6114b-b8c3-48a1-96e8-47f08159d35c')
@utils.requires_ext(extension='port-security', service='network')
def test_delete_with_port_sec(self):
network = self.create_network(port_security_enabled=True)
port = self.create_port(network=network,
port_security_enabled=True)
self.client.delete_port(port['id'])
self.assertTrue(self.client.is_resource_deleted('port', port['id']))
self.client.delete_network(network['id'])
self.assertTrue(
self.client.is_resource_deleted('network', network['id']))
@decorators.attr(type='negative')
@decorators.idempotent_id('ed93e453-3f8d-495e-8e7e-b0e268c2ebd9')
@utils.requires_ext(extension='port-security', service='network')
@utils.requires_ext(extension='allowed-address-pairs', service='network')
def test_allowed_address_pairs(self):
network = self.create_network()
self.create_subnet(network)
port = self.create_port(network=network, port_security_enabled=False)
allowed_address_pairs = [{'ip_address': FAKE_IP,
'mac_address': FAKE_MAC}]
# Exception when set address-pairs with port-sec is False
self.assertRaises(lib_exc.Conflict,
self.update_port, port,
allowed_address_pairs=allowed_address_pairs)
View Git Blame Copy Permalink