Split out Neutron security group rules client
Splitting out a security group rules client for Neutron. Partially implements blueprint consistent-service-method-names # Change-Id: I2cd6bef13a16672bf0dbf6aeab0c60f0221e1a49
This commit is contained in:
parent
5d8f21eddf
commit
456d9ae44f
|
@ -158,7 +158,9 @@ class SecurityGroupRulesTestJSON(base.BaseSecurityGroupsTest):
|
|||
to_port=to_port2)['security_group_rule']
|
||||
rule2_id = rule['id']
|
||||
# Delete the Security Group rule2 at the end of this method
|
||||
self.addCleanup(self.client.delete_security_group_rule, rule2_id)
|
||||
self.addCleanup(
|
||||
self.security_group_rules_client.delete_security_group_rule,
|
||||
rule2_id)
|
||||
|
||||
# Get rules of the created Security Group
|
||||
rules = self.security_groups_client.show_security_group(
|
||||
|
|
|
@ -76,6 +76,8 @@ class BaseNetworkTest(tempest.test.BaseTestCase):
|
|||
cls.quotas_client = cls.os.network_quotas_client
|
||||
cls.floating_ips_client = cls.os.floating_ips_client
|
||||
cls.security_groups_client = cls.os.security_groups_client
|
||||
cls.security_group_rules_client = (
|
||||
cls.os.security_group_rules_client)
|
||||
|
||||
@classmethod
|
||||
def resource_setup(cls):
|
||||
|
|
|
@ -40,10 +40,11 @@ class BaseSecGroupTest(base.BaseNetworkTest):
|
|||
self.assertNotIn(secgroup_id, secgroup_list)
|
||||
|
||||
def _delete_security_group_rule(self, rule_id):
|
||||
self.client.delete_security_group_rule(rule_id)
|
||||
self.security_group_rules_client.delete_security_group_rule(rule_id)
|
||||
# Asserting that the security group is not found in the list
|
||||
# after deletion
|
||||
list_body = self.client.list_security_group_rules()
|
||||
list_body = (
|
||||
self.security_group_rules_client.list_security_group_rules())
|
||||
rules_list = list()
|
||||
for rule in list_body['security_group_rules']:
|
||||
rules_list.append(rule['id'])
|
||||
|
|
|
@ -41,7 +41,8 @@ class SecGroupTest(base.BaseSecGroupTest):
|
|||
remote_ip_prefix=None):
|
||||
# Create Security Group rule with the input params and validate
|
||||
# that SG rule is created with the same parameters.
|
||||
rule_create_body = self.client.create_security_group_rule(
|
||||
sec_group_rules_client = self.security_group_rules_client
|
||||
rule_create_body = sec_group_rules_client.create_security_group_rule(
|
||||
security_group_id=sg_id,
|
||||
direction=direction,
|
||||
ethertype=ethertype,
|
||||
|
@ -116,8 +117,9 @@ class SecGroupTest(base.BaseSecGroupTest):
|
|||
|
||||
# Create rules for each protocol
|
||||
protocols = ['tcp', 'udp', 'icmp']
|
||||
client = self.security_group_rules_client
|
||||
for protocol in protocols:
|
||||
rule_create_body = self.client.create_security_group_rule(
|
||||
rule_create_body = client.create_security_group_rule(
|
||||
security_group_id=group_create_body['security_group']['id'],
|
||||
protocol=protocol,
|
||||
direction='ingress',
|
||||
|
@ -125,7 +127,7 @@ class SecGroupTest(base.BaseSecGroupTest):
|
|||
)
|
||||
|
||||
# Show details of the created security rule
|
||||
show_rule_body = self.client.show_security_group_rule(
|
||||
show_rule_body = client.show_security_group_rule(
|
||||
rule_create_body['security_group_rule']['id']
|
||||
)
|
||||
create_dict = rule_create_body['security_group_rule']
|
||||
|
@ -135,7 +137,8 @@ class SecGroupTest(base.BaseSecGroupTest):
|
|||
"%s does not match." % key)
|
||||
|
||||
# List rules and verify created rule is in response
|
||||
rule_list_body = self.client.list_security_group_rules()
|
||||
rule_list_body = (
|
||||
self.security_group_rules_client.list_security_group_rules())
|
||||
rule_list = [rule['id']
|
||||
for rule in rule_list_body['security_group_rules']]
|
||||
self.assertIn(rule_create_body['security_group_rule']['id'],
|
||||
|
@ -223,7 +226,8 @@ class SecGroupTest(base.BaseSecGroupTest):
|
|||
direction = 'ingress'
|
||||
protocol = 17
|
||||
security_group_id = group_create_body['security_group']['id']
|
||||
rule_create_body = self.client.create_security_group_rule(
|
||||
client = self.security_group_rules_client
|
||||
rule_create_body = client.create_security_group_rule(
|
||||
security_group_id=security_group_id,
|
||||
direction=direction,
|
||||
protocol=protocol
|
||||
|
|
|
@ -46,9 +46,10 @@ class NegativeSecGroupTest(base.BaseSecGroupTest):
|
|||
@test.idempotent_id('4c094c09-000b-4e41-8100-9617600c02a6')
|
||||
def test_show_non_existent_security_group_rule(self):
|
||||
non_exist_id = str(uuid.uuid4())
|
||||
self.assertRaises(lib_exc.NotFound,
|
||||
self.client.show_security_group_rule,
|
||||
non_exist_id)
|
||||
self.assertRaises(
|
||||
lib_exc.NotFound,
|
||||
self.security_group_rules_client.show_security_group_rule,
|
||||
non_exist_id)
|
||||
|
||||
@test.attr(type=['negative'])
|
||||
@test.idempotent_id('1f1bb89d-5664-4956-9fcd-83ee0fa603df')
|
||||
|
@ -67,7 +68,8 @@ class NegativeSecGroupTest(base.BaseSecGroupTest):
|
|||
# Create rule with bad protocol name
|
||||
pname = 'bad_protocol_name'
|
||||
self.assertRaises(
|
||||
lib_exc.BadRequest, self.client.create_security_group_rule,
|
||||
lib_exc.BadRequest,
|
||||
self.security_group_rules_client.create_security_group_rule,
|
||||
security_group_id=group_create_body['security_group']['id'],
|
||||
protocol=pname, direction='ingress', ethertype=self.ethertype)
|
||||
|
||||
|
@ -80,7 +82,8 @@ class NegativeSecGroupTest(base.BaseSecGroupTest):
|
|||
prefix = ['192.168.1./24', '192.168.1.1/33', 'bad_prefix', '256']
|
||||
for remote_ip_prefix in prefix:
|
||||
self.assertRaises(
|
||||
lib_exc.BadRequest, self.client.create_security_group_rule,
|
||||
lib_exc.BadRequest,
|
||||
self.security_group_rules_client.create_security_group_rule,
|
||||
security_group_id=group_create_body['security_group']['id'],
|
||||
protocol='tcp', direction='ingress', ethertype=self.ethertype,
|
||||
remote_ip_prefix=remote_ip_prefix)
|
||||
|
@ -95,7 +98,8 @@ class NegativeSecGroupTest(base.BaseSecGroupTest):
|
|||
group_ids = ['bad_group_id', non_exist_id]
|
||||
for remote_group_id in group_ids:
|
||||
self.assertRaises(
|
||||
lib_exc.NotFound, self.client.create_security_group_rule,
|
||||
lib_exc.NotFound,
|
||||
self.security_group_rules_client.create_security_group_rule,
|
||||
security_group_id=group_create_body['security_group']['id'],
|
||||
protocol='tcp', direction='ingress', ethertype=self.ethertype,
|
||||
remote_group_id=remote_group_id)
|
||||
|
@ -109,7 +113,8 @@ class NegativeSecGroupTest(base.BaseSecGroupTest):
|
|||
# Create rule specifying both remote_ip_prefix and remote_group_id
|
||||
prefix = self._tenant_network_cidr
|
||||
self.assertRaises(
|
||||
lib_exc.BadRequest, self.client.create_security_group_rule,
|
||||
lib_exc.BadRequest,
|
||||
self.security_group_rules_client.create_security_group_rule,
|
||||
security_group_id=sg1_body['security_group']['id'],
|
||||
protocol='tcp', direction='ingress',
|
||||
ethertype=self.ethertype, remote_ip_prefix=prefix,
|
||||
|
@ -123,7 +128,8 @@ class NegativeSecGroupTest(base.BaseSecGroupTest):
|
|||
# Create rule with bad ethertype
|
||||
ethertype = 'bad_ethertype'
|
||||
self.assertRaises(
|
||||
lib_exc.BadRequest, self.client.create_security_group_rule,
|
||||
lib_exc.BadRequest,
|
||||
self.security_group_rules_client.create_security_group_rule,
|
||||
security_group_id=group_create_body['security_group']['id'],
|
||||
protocol='udp', direction='ingress', ethertype=ethertype)
|
||||
|
||||
|
@ -140,7 +146,8 @@ class NegativeSecGroupTest(base.BaseSecGroupTest):
|
|||
(-16, 65536, 'Invalid value for port')]
|
||||
for pmin, pmax, msg in states:
|
||||
ex = self.assertRaises(
|
||||
lib_exc.BadRequest, self.client.create_security_group_rule,
|
||||
lib_exc.BadRequest,
|
||||
self.security_group_rules_client.create_security_group_rule,
|
||||
security_group_id=group_create_body['security_group']['id'],
|
||||
protocol='tcp', port_range_min=pmin, port_range_max=pmax,
|
||||
direction='ingress', ethertype=self.ethertype)
|
||||
|
@ -152,7 +159,8 @@ class NegativeSecGroupTest(base.BaseSecGroupTest):
|
|||
(300, 1, 'Invalid value for ICMP type')]
|
||||
for pmin, pmax, msg in states:
|
||||
ex = self.assertRaises(
|
||||
lib_exc.BadRequest, self.client.create_security_group_rule,
|
||||
lib_exc.BadRequest,
|
||||
self.security_group_rules_client.create_security_group_rule,
|
||||
security_group_id=group_create_body['security_group']['id'],
|
||||
protocol='icmp', port_range_min=pmin, port_range_max=pmax,
|
||||
direction='ingress', ethertype=self.ethertype)
|
||||
|
@ -176,7 +184,7 @@ class NegativeSecGroupTest(base.BaseSecGroupTest):
|
|||
min_port = 66
|
||||
max_port = 67
|
||||
# Create a rule with valid params
|
||||
self.client.create_security_group_rule(
|
||||
self.security_group_rules_client.create_security_group_rule(
|
||||
security_group_id=body['security_group']['id'],
|
||||
direction='ingress',
|
||||
ethertype=self.ethertype,
|
||||
|
@ -187,7 +195,8 @@ class NegativeSecGroupTest(base.BaseSecGroupTest):
|
|||
|
||||
# Try creating the same security group rule, it should fail
|
||||
self.assertRaises(
|
||||
lib_exc.Conflict, self.client.create_security_group_rule,
|
||||
lib_exc.Conflict,
|
||||
self.security_group_rules_client.create_security_group_rule,
|
||||
security_group_id=body['security_group']['id'],
|
||||
protocol='tcp', direction='ingress', ethertype=self.ethertype,
|
||||
port_range_min=min_port, port_range_max=max_port)
|
||||
|
@ -197,10 +206,11 @@ class NegativeSecGroupTest(base.BaseSecGroupTest):
|
|||
def test_create_security_group_rule_with_non_existent_security_group(self):
|
||||
# Create security group rules with not existing security group.
|
||||
non_existent_sg = str(uuid.uuid4())
|
||||
self.assertRaises(lib_exc.NotFound,
|
||||
self.client.create_security_group_rule,
|
||||
security_group_id=non_existent_sg,
|
||||
direction='ingress', ethertype=self.ethertype)
|
||||
self.assertRaises(
|
||||
lib_exc.NotFound,
|
||||
self.security_group_rules_client.create_security_group_rule,
|
||||
security_group_id=non_existent_sg,
|
||||
direction='ingress', ethertype=self.ethertype)
|
||||
|
||||
|
||||
class NegativeSecGroupIPv6Test(NegativeSecGroupTest):
|
||||
|
@ -221,7 +231,7 @@ class NegativeSecGroupIPv6Test(NegativeSecGroupTest):
|
|||
self.assertRaisesRegexp(
|
||||
lib_exc.BadRequest,
|
||||
"Conflicting value ethertype",
|
||||
self.client.create_security_group_rule,
|
||||
self.security_group_rules_client.create_security_group_rule,
|
||||
security_group_id=group_create_body['security_group']['id'],
|
||||
protocol='tcp', direction='ingress',
|
||||
ethertype=pair['ethertype'],
|
||||
|
|
|
@ -123,6 +123,8 @@ from tempest.services.network.json.networks_client import NetworksClient
|
|||
from tempest.services.network.json.ports_client import PortsClient
|
||||
from tempest.services.network.json.quotas_client import QuotasClient \
|
||||
as NetworkQuotasClient
|
||||
from tempest.services.network.json.security_group_rules_client import \
|
||||
SecurityGroupRulesClient
|
||||
from tempest.services.network.json.security_groups_client import \
|
||||
SecurityGroupsClient
|
||||
from tempest.services.network.json.subnetpools_client import SubnetpoolsClient
|
||||
|
@ -310,6 +312,14 @@ class Manager(manager.Manager):
|
|||
build_interval=CONF.network.build_interval,
|
||||
build_timeout=CONF.network.build_timeout,
|
||||
**self.default_params)
|
||||
self.security_group_rules_client = SecurityGroupRulesClient(
|
||||
self.auth_provider,
|
||||
CONF.network.catalog_type,
|
||||
CONF.network.region or CONF.identity.region,
|
||||
endpoint_type=CONF.network.endpoint_type,
|
||||
build_interval=CONF.network.build_interval,
|
||||
build_timeout=CONF.network.build_timeout,
|
||||
**self.default_params)
|
||||
self.security_groups_client = SecurityGroupsClient(
|
||||
self.auth_provider,
|
||||
CONF.network.catalog_type,
|
||||
|
|
|
@ -69,6 +69,8 @@ class ScenarioTest(tempest.test.BaseTestCase):
|
|||
cls.subnets_client = cls.manager.subnets_client
|
||||
cls.floating_ips_client = cls.manager.floating_ips_client
|
||||
cls.security_groups_client = cls.manager.security_groups_client
|
||||
cls.security_group_rules_client = (
|
||||
cls.manager.security_group_rules_client)
|
||||
# Heat client
|
||||
cls.orchestration_client = cls.manager.orchestration_client
|
||||
|
||||
|
@ -939,11 +941,12 @@ class NetworkScenarioTest(ScenarioTest):
|
|||
CONF.validation.ping_timeout,
|
||||
1)
|
||||
|
||||
def _create_security_group(self, client=None, tenant_id=None,
|
||||
def _create_security_group(self, security_group_rules_client=None,
|
||||
tenant_id=None,
|
||||
namestart='secgroup-smoke',
|
||||
security_groups_client=None):
|
||||
if client is None:
|
||||
client = self.network_client
|
||||
if security_group_rules_client is None:
|
||||
security_group_rules_client = self.security_group_rules_client
|
||||
if security_groups_client is None:
|
||||
security_groups_client = self.security_groups_client
|
||||
if tenant_id is None:
|
||||
|
@ -954,7 +957,8 @@ class NetworkScenarioTest(ScenarioTest):
|
|||
|
||||
# Add rules to the security group
|
||||
rules = self._create_loginable_secgroup_rule(
|
||||
client=client, secgroup=secgroup,
|
||||
security_group_rules_client=security_group_rules_client,
|
||||
secgroup=secgroup,
|
||||
security_groups_client=security_groups_client)
|
||||
for rule in rules:
|
||||
self.assertEqual(tenant_id, rule.tenant_id)
|
||||
|
@ -1010,7 +1014,8 @@ class NetworkScenarioTest(ScenarioTest):
|
|||
return net_resources.DeletableSecurityGroup(client=client,
|
||||
**sgs[0])
|
||||
|
||||
def _create_security_group_rule(self, secgroup=None, client=None,
|
||||
def _create_security_group_rule(self, secgroup=None,
|
||||
sec_group_rules_client=None,
|
||||
tenant_id=None,
|
||||
security_groups_client=None, **kwargs):
|
||||
"""Create a rule from a dictionary of rule parameters.
|
||||
|
@ -1030,8 +1035,8 @@ class NetworkScenarioTest(ScenarioTest):
|
|||
port_range_max: 22
|
||||
}
|
||||
"""
|
||||
if client is None:
|
||||
client = self.network_client
|
||||
if sec_group_rules_client is None:
|
||||
sec_group_rules_client = self.security_group_rules_client
|
||||
if security_groups_client is None:
|
||||
security_groups_client = self.security_groups_client
|
||||
if not tenant_id:
|
||||
|
@ -1044,9 +1049,9 @@ class NetworkScenarioTest(ScenarioTest):
|
|||
tenant_id=secgroup.tenant_id)
|
||||
ruleset.update(kwargs)
|
||||
|
||||
sg_rule = client.create_security_group_rule(**ruleset)
|
||||
sg_rule = sec_group_rules_client.create_security_group_rule(**ruleset)
|
||||
sg_rule = net_resources.DeletableSecurityGroupRule(
|
||||
client=client,
|
||||
client=sec_group_rules_client,
|
||||
**sg_rule['security_group_rule']
|
||||
)
|
||||
self.addCleanup(self.delete_wrapper, sg_rule.delete)
|
||||
|
@ -1055,7 +1060,8 @@ class NetworkScenarioTest(ScenarioTest):
|
|||
|
||||
return sg_rule
|
||||
|
||||
def _create_loginable_secgroup_rule(self, client=None, secgroup=None,
|
||||
def _create_loginable_secgroup_rule(self, security_group_rules_client=None,
|
||||
secgroup=None,
|
||||
security_groups_client=None):
|
||||
"""Create loginable security group rule
|
||||
|
||||
|
@ -1065,8 +1071,8 @@ class NetworkScenarioTest(ScenarioTest):
|
|||
belonging to the same security group.
|
||||
"""
|
||||
|
||||
if client is None:
|
||||
client = self.network_client
|
||||
if security_group_rules_client is None:
|
||||
security_group_rules_client = self.security_group_rules_client
|
||||
if security_groups_client is None:
|
||||
security_groups_client = self.security_groups_client
|
||||
rules = []
|
||||
|
@ -1087,12 +1093,14 @@ class NetworkScenarioTest(ScenarioTest):
|
|||
ethertype='IPv6',
|
||||
)
|
||||
]
|
||||
sec_group_rules_client = security_group_rules_client
|
||||
for ruleset in rulesets:
|
||||
for r_direction in ['ingress', 'egress']:
|
||||
ruleset['direction'] = r_direction
|
||||
try:
|
||||
sg_rule = self._create_security_group_rule(
|
||||
client=client, secgroup=secgroup,
|
||||
sec_group_rules_client=sec_group_rules_client,
|
||||
secgroup=secgroup,
|
||||
security_groups_client=security_groups_client,
|
||||
**ruleset)
|
||||
except lib_exc.Conflict as ex:
|
||||
|
|
|
@ -191,9 +191,11 @@ class TestSecurityGroupsBasicOps(manager.NetworkScenarioTest):
|
|||
port_range_max=22,
|
||||
direction='ingress',
|
||||
)
|
||||
self._create_security_group_rule(secgroup=access_sg,
|
||||
client=tenant.manager.network_client,
|
||||
**ssh_rule)
|
||||
sec_group_rules_client = tenant.manager.security_group_rules_client
|
||||
self._create_security_group_rule(
|
||||
secgroup=access_sg,
|
||||
sec_group_rules_client=sec_group_rules_client,
|
||||
**ssh_rule)
|
||||
|
||||
def _verify_network_details(self, tenant):
|
||||
# Checks that we see the newly created network/subnet/router via
|
||||
|
@ -371,9 +373,11 @@ class TestSecurityGroupsBasicOps(manager.NetworkScenarioTest):
|
|||
protocol='icmp',
|
||||
direction='ingress'
|
||||
)
|
||||
sec_group_rules_client = (
|
||||
dest_tenant.manager.security_group_rules_client)
|
||||
self._create_security_group_rule(
|
||||
secgroup=dest_tenant.security_groups['default'],
|
||||
client=dest_tenant.manager.network_client,
|
||||
sec_group_rules_client=sec_group_rules_client,
|
||||
**ruleset
|
||||
)
|
||||
access_point_ssh = self._connect_to_access_point(source_tenant)
|
||||
|
@ -385,9 +389,11 @@ class TestSecurityGroupsBasicOps(manager.NetworkScenarioTest):
|
|||
self._test_cross_tenant_block(dest_tenant, source_tenant)
|
||||
|
||||
# allow reverse traffic and check
|
||||
sec_group_rules_client = (
|
||||
source_tenant.manager.security_group_rules_client)
|
||||
self._create_security_group_rule(
|
||||
secgroup=source_tenant.security_groups['default'],
|
||||
client=source_tenant.manager.network_client,
|
||||
sec_group_rules_client=sec_group_rules_client,
|
||||
**ruleset
|
||||
)
|
||||
|
||||
|
@ -468,9 +474,10 @@ class TestSecurityGroupsBasicOps(manager.NetworkScenarioTest):
|
|||
protocol='icmp',
|
||||
direction='ingress',
|
||||
)
|
||||
sec_group_rules_client = new_tenant.manager.security_group_rules_client
|
||||
self._create_security_group_rule(
|
||||
secgroup=new_sg,
|
||||
client=new_tenant.manager.network_client,
|
||||
sec_group_rules_client=sec_group_rules_client,
|
||||
**icmp_rule)
|
||||
new_tenant.security_groups.update(new_sg=new_sg)
|
||||
|
||||
|
|
|
@ -35,23 +35,6 @@ class NetworkClient(base.BaseNetworkClient):
|
|||
quotas
|
||||
"""
|
||||
|
||||
def create_security_group_rule(self, **kwargs):
|
||||
uri = '/security-group-rules'
|
||||
post_data = {'security_group_rule': kwargs}
|
||||
return self.create_resource(uri, post_data)
|
||||
|
||||
def show_security_group_rule(self, security_group_rule_id, **fields):
|
||||
uri = '/security-group-rules/%s' % security_group_rule_id
|
||||
return self.show_resource(uri, **fields)
|
||||
|
||||
def delete_security_group_rule(self, security_group_rule_id):
|
||||
uri = '/security-group-rules/%s' % security_group_rule_id
|
||||
return self.delete_resource(uri)
|
||||
|
||||
def list_security_group_rules(self, **filters):
|
||||
uri = '/security-group-rules'
|
||||
return self.list_resources(uri, **filters)
|
||||
|
||||
def show_extension(self, ext_alias, **fields):
|
||||
uri = '/extensions/%s' % ext_alias
|
||||
return self.show_resource(uri, **fields)
|
||||
|
|
|
@ -0,0 +1,33 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from tempest.services.network.json import base
|
||||
|
||||
|
||||
class SecurityGroupRulesClient(base.BaseNetworkClient):
|
||||
|
||||
def create_security_group_rule(self, **kwargs):
|
||||
uri = '/security-group-rules'
|
||||
post_data = {'security_group_rule': kwargs}
|
||||
return self.create_resource(uri, post_data)
|
||||
|
||||
def show_security_group_rule(self, security_group_rule_id, **fields):
|
||||
uri = '/security-group-rules/%s' % security_group_rule_id
|
||||
return self.show_resource(uri, **fields)
|
||||
|
||||
def delete_security_group_rule(self, security_group_rule_id):
|
||||
uri = '/security-group-rules/%s' % security_group_rule_id
|
||||
return self.delete_resource(uri)
|
||||
|
||||
def list_security_group_rules(self, **filters):
|
||||
uri = '/security-group-rules'
|
||||
return self.list_resources(uri, **filters)
|
Loading…
Reference in New Issue