Split out Neutron security group rules client

Splitting out a security group rules client for Neutron. Partially implements blueprint consistent-service-method-names # Change-Id: I2cd6bef13a16672bf0dbf6aeab0c60f0221e1a49
2016-01-12 15:36:33 -05:00 · 2016-01-12 15:36:33 -05:00 · 456d9ae44f
parent 5d8f21eddf
commit 456d9ae44f
10 changed files with 121 additions and 61 deletions
--- a/tempest/api/compute/security_groups/test_security_group_rules.py
+++ b/tempest/api/compute/security_groups/test_security_group_rules.py
@ -158,7 +158,9 @@ class SecurityGroupRulesTestJSON(base.BaseSecurityGroupsTest):
            to_port=to_port2)['security_group_rule']
        rule2_id = rule['id']
        # Delete the Security Group rule2 at the end of this method
-        self.addCleanup(self.client.delete_security_group_rule, rule2_id)
+        self.addCleanup(
+            self.security_group_rules_client.delete_security_group_rule,
+            rule2_id)

        # Get rules of the created Security Group
        rules = self.security_groups_client.show_security_group(
--- a/tempest/api/network/base.py
+++ b/tempest/api/network/base.py
@ -76,6 +76,8 @@ class BaseNetworkTest(tempest.test.BaseTestCase):
        cls.quotas_client = cls.os.network_quotas_client
        cls.floating_ips_client = cls.os.floating_ips_client
        cls.security_groups_client = cls.os.security_groups_client
+        cls.security_group_rules_client = (
+            cls.os.security_group_rules_client)

    @classmethod
    def resource_setup(cls):
--- a/tempest/api/network/base_security_groups.py
+++ b/tempest/api/network/base_security_groups.py
@ -40,10 +40,11 @@ class BaseSecGroupTest(base.BaseNetworkTest):
        self.assertNotIn(secgroup_id, secgroup_list)

    def _delete_security_group_rule(self, rule_id):
-        self.client.delete_security_group_rule(rule_id)
+        self.security_group_rules_client.delete_security_group_rule(rule_id)
        # Asserting that the security group is not found in the list
        # after deletion
-        list_body = self.client.list_security_group_rules()
+        list_body = (
+            self.security_group_rules_client.list_security_group_rules())
        rules_list = list()
        for rule in list_body['security_group_rules']:
            rules_list.append(rule['id'])
--- a/tempest/api/network/test_security_groups.py
+++ b/tempest/api/network/test_security_groups.py
@ -41,7 +41,8 @@ class SecGroupTest(base.BaseSecGroupTest):
                                           remote_ip_prefix=None):
        # Create Security Group rule with the input params and validate
        # that SG rule is created with the same parameters.
-        rule_create_body = self.client.create_security_group_rule(
+        sec_group_rules_client = self.security_group_rules_client
+        rule_create_body = sec_group_rules_client.create_security_group_rule(
            security_group_id=sg_id,
            direction=direction,
            ethertype=ethertype,
@ -116,8 +117,9 @@ class SecGroupTest(base.BaseSecGroupTest):

        # Create rules for each protocol
        protocols = ['tcp', 'udp', 'icmp']
+        client = self.security_group_rules_client
        for protocol in protocols:
-            rule_create_body = self.client.create_security_group_rule(
+            rule_create_body = client.create_security_group_rule(
                security_group_id=group_create_body['security_group']['id'],
                protocol=protocol,
                direction='ingress',
@ -125,7 +127,7 @@ class SecGroupTest(base.BaseSecGroupTest):
            )

            # Show details of the created security rule
-            show_rule_body = self.client.show_security_group_rule(
+            show_rule_body = client.show_security_group_rule(
                rule_create_body['security_group_rule']['id']
            )
            create_dict = rule_create_body['security_group_rule']
@ -135,7 +137,8 @@ class SecGroupTest(base.BaseSecGroupTest):
                                 "%s does not match." % key)

            # List rules and verify created rule is in response
-            rule_list_body = self.client.list_security_group_rules()
+            rule_list_body = (
+                self.security_group_rules_client.list_security_group_rules())
            rule_list = [rule['id']
                         for rule in rule_list_body['security_group_rules']]
            self.assertIn(rule_create_body['security_group_rule']['id'],
@ -223,7 +226,8 @@ class SecGroupTest(base.BaseSecGroupTest):
        direction = 'ingress'
        protocol = 17
        security_group_id = group_create_body['security_group']['id']
-        rule_create_body = self.client.create_security_group_rule(
+        client = self.security_group_rules_client
+        rule_create_body = client.create_security_group_rule(
            security_group_id=security_group_id,
            direction=direction,
            protocol=protocol
--- a/tempest/api/network/test_security_groups_negative.py
+++ b/tempest/api/network/test_security_groups_negative.py
@ -46,9 +46,10 @@ class NegativeSecGroupTest(base.BaseSecGroupTest):
    @test.idempotent_id('4c094c09-000b-4e41-8100-9617600c02a6')
    def test_show_non_existent_security_group_rule(self):
        non_exist_id = str(uuid.uuid4())
-        self.assertRaises(lib_exc.NotFound,
-                          self.client.show_security_group_rule,
-                          non_exist_id)
+        self.assertRaises(
+            lib_exc.NotFound,
+            self.security_group_rules_client.show_security_group_rule,
+            non_exist_id)

    @test.attr(type=['negative'])
    @test.idempotent_id('1f1bb89d-5664-4956-9fcd-83ee0fa603df')
@ -67,7 +68,8 @@ class NegativeSecGroupTest(base.BaseSecGroupTest):
        # Create rule with bad protocol name
        pname = 'bad_protocol_name'
        self.assertRaises(
-            lib_exc.BadRequest, self.client.create_security_group_rule,
+            lib_exc.BadRequest,
+            self.security_group_rules_client.create_security_group_rule,
            security_group_id=group_create_body['security_group']['id'],
            protocol=pname, direction='ingress', ethertype=self.ethertype)

@ -80,7 +82,8 @@ class NegativeSecGroupTest(base.BaseSecGroupTest):
        prefix = ['192.168.1./24', '192.168.1.1/33', 'bad_prefix', '256']
        for remote_ip_prefix in prefix:
            self.assertRaises(
-                lib_exc.BadRequest, self.client.create_security_group_rule,
+                lib_exc.BadRequest,
+                self.security_group_rules_client.create_security_group_rule,
                security_group_id=group_create_body['security_group']['id'],
                protocol='tcp', direction='ingress', ethertype=self.ethertype,
                remote_ip_prefix=remote_ip_prefix)
@ -95,7 +98,8 @@ class NegativeSecGroupTest(base.BaseSecGroupTest):
        group_ids = ['bad_group_id', non_exist_id]
        for remote_group_id in group_ids:
            self.assertRaises(
-                lib_exc.NotFound, self.client.create_security_group_rule,
+                lib_exc.NotFound,
+                self.security_group_rules_client.create_security_group_rule,
                security_group_id=group_create_body['security_group']['id'],
                protocol='tcp', direction='ingress', ethertype=self.ethertype,
                remote_group_id=remote_group_id)
@ -109,7 +113,8 @@ class NegativeSecGroupTest(base.BaseSecGroupTest):
        # Create rule specifying both remote_ip_prefix and remote_group_id
        prefix = self._tenant_network_cidr
        self.assertRaises(
-            lib_exc.BadRequest, self.client.create_security_group_rule,
+            lib_exc.BadRequest,
+            self.security_group_rules_client.create_security_group_rule,
            security_group_id=sg1_body['security_group']['id'],
            protocol='tcp', direction='ingress',
            ethertype=self.ethertype, remote_ip_prefix=prefix,
@ -123,7 +128,8 @@ class NegativeSecGroupTest(base.BaseSecGroupTest):
        # Create rule with bad ethertype
        ethertype = 'bad_ethertype'
        self.assertRaises(
-            lib_exc.BadRequest, self.client.create_security_group_rule,
+            lib_exc.BadRequest,
+            self.security_group_rules_client.create_security_group_rule,
            security_group_id=group_create_body['security_group']['id'],
            protocol='udp', direction='ingress', ethertype=ethertype)

@ -140,7 +146,8 @@ class NegativeSecGroupTest(base.BaseSecGroupTest):
                  (-16, 65536, 'Invalid value for port')]
        for pmin, pmax, msg in states:
            ex = self.assertRaises(
-                lib_exc.BadRequest, self.client.create_security_group_rule,
+                lib_exc.BadRequest,
+                self.security_group_rules_client.create_security_group_rule,
                security_group_id=group_create_body['security_group']['id'],
                protocol='tcp', port_range_min=pmin, port_range_max=pmax,
                direction='ingress', ethertype=self.ethertype)
@ -152,7 +159,8 @@ class NegativeSecGroupTest(base.BaseSecGroupTest):
                  (300, 1, 'Invalid value for ICMP type')]
        for pmin, pmax, msg in states:
            ex = self.assertRaises(
-                lib_exc.BadRequest, self.client.create_security_group_rule,
+                lib_exc.BadRequest,
+                self.security_group_rules_client.create_security_group_rule,
                security_group_id=group_create_body['security_group']['id'],
                protocol='icmp', port_range_min=pmin, port_range_max=pmax,
                direction='ingress', ethertype=self.ethertype)
@ -176,7 +184,7 @@ class NegativeSecGroupTest(base.BaseSecGroupTest):
        min_port = 66
        max_port = 67
        # Create a rule with valid params
-        self.client.create_security_group_rule(
+        self.security_group_rules_client.create_security_group_rule(
            security_group_id=body['security_group']['id'],
            direction='ingress',
            ethertype=self.ethertype,
@ -187,7 +195,8 @@ class NegativeSecGroupTest(base.BaseSecGroupTest):

        # Try creating the same security group rule, it should fail
        self.assertRaises(
-            lib_exc.Conflict, self.client.create_security_group_rule,
+            lib_exc.Conflict,
+            self.security_group_rules_client.create_security_group_rule,
            security_group_id=body['security_group']['id'],
            protocol='tcp', direction='ingress', ethertype=self.ethertype,
            port_range_min=min_port, port_range_max=max_port)
@ -197,10 +206,11 @@ class NegativeSecGroupTest(base.BaseSecGroupTest):
    def test_create_security_group_rule_with_non_existent_security_group(self):
        # Create security group rules with not existing security group.
        non_existent_sg = str(uuid.uuid4())
-        self.assertRaises(lib_exc.NotFound,
-                          self.client.create_security_group_rule,
-                          security_group_id=non_existent_sg,
-                          direction='ingress', ethertype=self.ethertype)
+        self.assertRaises(
+            lib_exc.NotFound,
+            self.security_group_rules_client.create_security_group_rule,
+            security_group_id=non_existent_sg,
+            direction='ingress', ethertype=self.ethertype)


 class NegativeSecGroupIPv6Test(NegativeSecGroupTest):
@ -221,7 +231,7 @@ class NegativeSecGroupIPv6Test(NegativeSecGroupTest):
            self.assertRaisesRegexp(
                lib_exc.BadRequest,
                "Conflicting value ethertype",
-                self.client.create_security_group_rule,
+                self.security_group_rules_client.create_security_group_rule,
                security_group_id=group_create_body['security_group']['id'],
                protocol='tcp', direction='ingress',
                ethertype=pair['ethertype'],
--- a/tempest/clients.py
+++ b/tempest/clients.py
@ -123,6 +123,8 @@ from tempest.services.network.json.networks_client import NetworksClient
 from tempest.services.network.json.ports_client import PortsClient
 from tempest.services.network.json.quotas_client import QuotasClient \
    as NetworkQuotasClient
+from tempest.services.network.json.security_group_rules_client import \
+    SecurityGroupRulesClient
 from tempest.services.network.json.security_groups_client import \
    SecurityGroupsClient
 from tempest.services.network.json.subnetpools_client import SubnetpoolsClient
@ -310,6 +312,14 @@ class Manager(manager.Manager):
            build_interval=CONF.network.build_interval,
            build_timeout=CONF.network.build_timeout,
            **self.default_params)
+        self.security_group_rules_client = SecurityGroupRulesClient(
+            self.auth_provider,
+            CONF.network.catalog_type,
+            CONF.network.region or CONF.identity.region,
+            endpoint_type=CONF.network.endpoint_type,
+            build_interval=CONF.network.build_interval,
+            build_timeout=CONF.network.build_timeout,
+            **self.default_params)
        self.security_groups_client = SecurityGroupsClient(
            self.auth_provider,
            CONF.network.catalog_type,
--- a/tempest/scenario/manager.py
+++ b/tempest/scenario/manager.py
@ -69,6 +69,8 @@ class ScenarioTest(tempest.test.BaseTestCase):
        cls.subnets_client = cls.manager.subnets_client
        cls.floating_ips_client = cls.manager.floating_ips_client
        cls.security_groups_client = cls.manager.security_groups_client
+        cls.security_group_rules_client = (
+            cls.manager.security_group_rules_client)
        # Heat client
        cls.orchestration_client = cls.manager.orchestration_client

@ -939,11 +941,12 @@ class NetworkScenarioTest(ScenarioTest):
                                            CONF.validation.ping_timeout,
                                            1)

-    def _create_security_group(self, client=None, tenant_id=None,
+    def _create_security_group(self, security_group_rules_client=None,
+                               tenant_id=None,
                               namestart='secgroup-smoke',
                               security_groups_client=None):
-        if client is None:
-            client = self.network_client
+        if security_group_rules_client is None:
+            security_group_rules_client = self.security_group_rules_client
        if security_groups_client is None:
            security_groups_client = self.security_groups_client
        if tenant_id is None:
@ -954,7 +957,8 @@ class NetworkScenarioTest(ScenarioTest):

        # Add rules to the security group
        rules = self._create_loginable_secgroup_rule(
-            client=client, secgroup=secgroup,
+            security_group_rules_client=security_group_rules_client,
+            secgroup=secgroup,
            security_groups_client=security_groups_client)
        for rule in rules:
            self.assertEqual(tenant_id, rule.tenant_id)
@ -1010,7 +1014,8 @@ class NetworkScenarioTest(ScenarioTest):
        return net_resources.DeletableSecurityGroup(client=client,
                                                    **sgs[0])

-    def _create_security_group_rule(self, secgroup=None, client=None,
+    def _create_security_group_rule(self, secgroup=None,
+                                    sec_group_rules_client=None,
                                    tenant_id=None,
                                    security_groups_client=None, **kwargs):
        """Create a rule from a dictionary of rule parameters.
@ -1030,8 +1035,8 @@ class NetworkScenarioTest(ScenarioTest):
                    port_range_max: 22
                    }
        """
-        if client is None:
-            client = self.network_client
+        if sec_group_rules_client is None:
+            sec_group_rules_client = self.security_group_rules_client
        if security_groups_client is None:
            security_groups_client = self.security_groups_client
        if not tenant_id:
@ -1044,9 +1049,9 @@ class NetworkScenarioTest(ScenarioTest):
                       tenant_id=secgroup.tenant_id)
        ruleset.update(kwargs)

-        sg_rule = client.create_security_group_rule(**ruleset)
+        sg_rule = sec_group_rules_client.create_security_group_rule(**ruleset)
        sg_rule = net_resources.DeletableSecurityGroupRule(
-            client=client,
+            client=sec_group_rules_client,
            **sg_rule['security_group_rule']
        )
        self.addCleanup(self.delete_wrapper, sg_rule.delete)
@ -1055,7 +1060,8 @@ class NetworkScenarioTest(ScenarioTest):

        return sg_rule

-    def _create_loginable_secgroup_rule(self, client=None, secgroup=None,
+    def _create_loginable_secgroup_rule(self, security_group_rules_client=None,
+                                        secgroup=None,
                                        security_groups_client=None):
        """Create loginable security group rule

@ -1065,8 +1071,8 @@ class NetworkScenarioTest(ScenarioTest):
        belonging to the same security group.
        """

-        if client is None:
-            client = self.network_client
+        if security_group_rules_client is None:
+            security_group_rules_client = self.security_group_rules_client
        if security_groups_client is None:
            security_groups_client = self.security_groups_client
        rules = []
@ -1087,12 +1093,14 @@ class NetworkScenarioTest(ScenarioTest):
                ethertype='IPv6',
            )
        ]
+        sec_group_rules_client = security_group_rules_client
        for ruleset in rulesets:
            for r_direction in ['ingress', 'egress']:
                ruleset['direction'] = r_direction
                try:
                    sg_rule = self._create_security_group_rule(
-                        client=client, secgroup=secgroup,
+                        sec_group_rules_client=sec_group_rules_client,
+                        secgroup=secgroup,
                        security_groups_client=security_groups_client,
                        **ruleset)
                except lib_exc.Conflict as ex:
--- a/tempest/scenario/test_security_groups_basic_ops.py
+++ b/tempest/scenario/test_security_groups_basic_ops.py
@ -191,9 +191,11 @@ class TestSecurityGroupsBasicOps(manager.NetworkScenarioTest):
            port_range_max=22,
            direction='ingress',
        )
-        self._create_security_group_rule(secgroup=access_sg,
-                                         client=tenant.manager.network_client,
-                                         **ssh_rule)
+        sec_group_rules_client = tenant.manager.security_group_rules_client
+        self._create_security_group_rule(
+            secgroup=access_sg,
+            sec_group_rules_client=sec_group_rules_client,
+            **ssh_rule)

    def _verify_network_details(self, tenant):
        # Checks that we see the newly created network/subnet/router via
@ -371,9 +373,11 @@ class TestSecurityGroupsBasicOps(manager.NetworkScenarioTest):
            protocol='icmp',
            direction='ingress'
        )
+        sec_group_rules_client = (
+            dest_tenant.manager.security_group_rules_client)
        self._create_security_group_rule(
            secgroup=dest_tenant.security_groups['default'],
-            client=dest_tenant.manager.network_client,
+            sec_group_rules_client=sec_group_rules_client,
            **ruleset
        )
        access_point_ssh = self._connect_to_access_point(source_tenant)
@ -385,9 +389,11 @@ class TestSecurityGroupsBasicOps(manager.NetworkScenarioTest):
        self._test_cross_tenant_block(dest_tenant, source_tenant)

        # allow reverse traffic and check
+        sec_group_rules_client = (
+            source_tenant.manager.security_group_rules_client)
        self._create_security_group_rule(
            secgroup=source_tenant.security_groups['default'],
-            client=source_tenant.manager.network_client,
+            sec_group_rules_client=sec_group_rules_client,
            **ruleset
        )

@ -468,9 +474,10 @@ class TestSecurityGroupsBasicOps(manager.NetworkScenarioTest):
            protocol='icmp',
            direction='ingress',
        )
+        sec_group_rules_client = new_tenant.manager.security_group_rules_client
        self._create_security_group_rule(
            secgroup=new_sg,
-            client=new_tenant.manager.network_client,
+            sec_group_rules_client=sec_group_rules_client,
            **icmp_rule)
        new_tenant.security_groups.update(new_sg=new_sg)

--- a/tempest/services/network/json/network_client.py
+++ b/tempest/services/network/json/network_client.py
@ -35,23 +35,6 @@ class NetworkClient(base.BaseNetworkClient):
    quotas
    """

-    def create_security_group_rule(self, **kwargs):
-        uri = '/security-group-rules'
-        post_data = {'security_group_rule': kwargs}
-        return self.create_resource(uri, post_data)
-
-    def show_security_group_rule(self, security_group_rule_id, **fields):
-        uri = '/security-group-rules/%s' % security_group_rule_id
-        return self.show_resource(uri, **fields)
-
-    def delete_security_group_rule(self, security_group_rule_id):
-        uri = '/security-group-rules/%s' % security_group_rule_id
-        return self.delete_resource(uri)
-
-    def list_security_group_rules(self, **filters):
-        uri = '/security-group-rules'
-        return self.list_resources(uri, **filters)
-
    def show_extension(self, ext_alias, **fields):
        uri = '/extensions/%s' % ext_alias
        return self.show_resource(uri, **fields)
--- a/tempest/services/network/json/security_group_rules_client.py
+++ b/tempest/services/network/json/security_group_rules_client.py
@ -0,0 +1,33 @@
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from tempest.services.network.json import base
+
+
+class SecurityGroupRulesClient(base.BaseNetworkClient):
+
+    def create_security_group_rule(self, **kwargs):
+        uri = '/security-group-rules'
+        post_data = {'security_group_rule': kwargs}
+        return self.create_resource(uri, post_data)
+
+    def show_security_group_rule(self, security_group_rule_id, **fields):
+        uri = '/security-group-rules/%s' % security_group_rule_id
+        return self.show_resource(uri, **fields)
+
+    def delete_security_group_rule(self, security_group_rule_id):
+        uri = '/security-group-rules/%s' % security_group_rule_id
+        return self.delete_resource(uri)
+
+    def list_security_group_rules(self, **filters):
+        uri = '/security-group-rules'
+        return self.list_resources(uri, **filters)