190 lines
7.5 KiB
Python
190 lines
7.5 KiB
Python
# Copyright 2012 OpenStack Foundation
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from tempest.api.compute.security_groups import base
|
|
from tempest.common import utils
|
|
from tempest.lib import decorators
|
|
|
|
|
|
class SecurityGroupRulesTestJSON(base.BaseSecurityGroupsTest):
|
|
|
|
@classmethod
|
|
def setup_clients(cls):
|
|
super(SecurityGroupRulesTestJSON, cls).setup_clients()
|
|
cls.client = cls.security_group_rules_client
|
|
|
|
@classmethod
|
|
def resource_setup(cls):
|
|
super(SecurityGroupRulesTestJSON, cls).resource_setup()
|
|
cls.ip_protocol = 'tcp'
|
|
cls.from_port = 22
|
|
cls.to_port = 22
|
|
|
|
def setUp(cls):
|
|
super(SecurityGroupRulesTestJSON, cls).setUp()
|
|
|
|
from_port = cls.from_port
|
|
to_port = cls.to_port
|
|
group = {}
|
|
ip_range = {}
|
|
cls.expected = {
|
|
'parent_group_id': None,
|
|
'ip_protocol': cls.ip_protocol,
|
|
'from_port': from_port,
|
|
'to_port': to_port,
|
|
'ip_range': ip_range,
|
|
'group': group
|
|
}
|
|
|
|
def _check_expected_response(self, actual_rule):
|
|
for key in self.expected:
|
|
self.assertEqual(self.expected[key], actual_rule[key],
|
|
"Miss-matched key is %s" % key)
|
|
|
|
@decorators.attr(type='smoke')
|
|
@decorators.idempotent_id('850795d7-d4d3-4e55-b527-a774c0123d3a')
|
|
@utils.services('network')
|
|
def test_security_group_rules_create(self):
|
|
# Positive test: Creation of Security Group rule
|
|
# should be successful
|
|
# Creating a Security Group to add rules to it
|
|
security_group = self.create_security_group()
|
|
securitygroup_id = security_group['id']
|
|
# Adding rules to the created Security Group
|
|
rule = self.client.create_security_group_rule(
|
|
parent_group_id=securitygroup_id,
|
|
ip_protocol=self.ip_protocol,
|
|
from_port=self.from_port,
|
|
to_port=self.to_port)['security_group_rule']
|
|
self.expected['parent_group_id'] = securitygroup_id
|
|
self.expected['ip_range'] = {'cidr': '0.0.0.0/0'}
|
|
self._check_expected_response(rule)
|
|
|
|
@decorators.idempotent_id('7a01873e-3c38-4f30-80be-31a043cfe2fd')
|
|
@utils.services('network')
|
|
def test_security_group_rules_create_with_optional_cidr(self):
|
|
# Positive test: Creation of Security Group rule
|
|
# with optional argument cidr
|
|
# should be successful
|
|
|
|
# Creating a Security Group to add rules to it
|
|
security_group = self.create_security_group()
|
|
parent_group_id = security_group['id']
|
|
|
|
# Adding rules to the created Security Group with optional cidr
|
|
cidr = '10.2.3.124/24'
|
|
rule = self.client.create_security_group_rule(
|
|
parent_group_id=parent_group_id,
|
|
ip_protocol=self.ip_protocol,
|
|
from_port=self.from_port,
|
|
to_port=self.to_port,
|
|
cidr=cidr)['security_group_rule']
|
|
self.expected['parent_group_id'] = parent_group_id
|
|
self.expected['ip_range'] = {'cidr': cidr}
|
|
self._check_expected_response(rule)
|
|
|
|
@decorators.idempotent_id('7f5d2899-7705-4d4b-8458-4505188ffab6')
|
|
@utils.services('network')
|
|
def test_security_group_rules_create_with_optional_group_id(self):
|
|
# Positive test: Creation of Security Group rule
|
|
# with optional argument group_id
|
|
# should be successful
|
|
|
|
# Creating a Security Group to add rules to it
|
|
security_group = self.create_security_group()
|
|
parent_group_id = security_group['id']
|
|
|
|
# Creating a Security Group so as to assign group_id to the rule
|
|
security_group = self.create_security_group()
|
|
group_id = security_group['id']
|
|
group_name = security_group['name']
|
|
|
|
# Adding rules to the created Security Group with optional group_id
|
|
rule = self.client.create_security_group_rule(
|
|
parent_group_id=parent_group_id,
|
|
ip_protocol=self.ip_protocol,
|
|
from_port=self.from_port,
|
|
to_port=self.to_port,
|
|
group_id=group_id)['security_group_rule']
|
|
self.expected['parent_group_id'] = parent_group_id
|
|
self.expected['group'] = {'tenant_id': self.client.tenant_id,
|
|
'name': group_name}
|
|
self._check_expected_response(rule)
|
|
|
|
@decorators.attr(type='smoke')
|
|
@decorators.idempotent_id('a6154130-5a55-4850-8be4-5e9e796dbf17')
|
|
@utils.services('network')
|
|
def test_security_group_rules_list(self):
|
|
# Positive test: Created Security Group rules should be
|
|
# in the list of all rules
|
|
# Creating a Security Group to add rules to it
|
|
security_group = self.create_security_group()
|
|
securitygroup_id = security_group['id']
|
|
|
|
# Add a first rule to the created Security Group
|
|
rule = self.client.create_security_group_rule(
|
|
parent_group_id=securitygroup_id,
|
|
ip_protocol=self.ip_protocol,
|
|
from_port=self.from_port,
|
|
to_port=self.to_port)['security_group_rule']
|
|
rule1_id = rule['id']
|
|
|
|
# Add a second rule to the created Security Group
|
|
ip_protocol2 = 'icmp'
|
|
from_port2 = -1
|
|
to_port2 = -1
|
|
rule = self.client.create_security_group_rule(
|
|
parent_group_id=securitygroup_id,
|
|
ip_protocol=ip_protocol2,
|
|
from_port=from_port2,
|
|
to_port=to_port2)['security_group_rule']
|
|
rule2_id = rule['id']
|
|
# Delete the Security Group rule2 at the end of this method
|
|
self.addCleanup(
|
|
self.security_group_rules_client.delete_security_group_rule,
|
|
rule2_id)
|
|
|
|
# Get rules of the created Security Group
|
|
rules = self.security_groups_client.show_security_group(
|
|
securitygroup_id)['security_group']['rules']
|
|
self.assertNotEmpty([i for i in rules if i['id'] == rule1_id])
|
|
self.assertNotEmpty([i for i in rules if i['id'] == rule2_id])
|
|
|
|
@decorators.idempotent_id('fc5c5acf-2091-43a6-a6ae-e42760e9ffaf')
|
|
@utils.services('network')
|
|
def test_security_group_rules_delete_when_peer_group_deleted(self):
|
|
# Positive test:rule will delete when peer group deleting
|
|
# Creating a Security Group to add rules to it
|
|
security_group = self.create_security_group()
|
|
sg1_id = security_group['id']
|
|
# Creating other Security Group to access to group1
|
|
security_group = self.create_security_group()
|
|
sg2_id = security_group['id']
|
|
# Adding rules to the Group1
|
|
self.client.create_security_group_rule(
|
|
parent_group_id=sg1_id,
|
|
ip_protocol=self.ip_protocol,
|
|
from_port=self.from_port,
|
|
to_port=self.to_port,
|
|
group_id=sg2_id)
|
|
|
|
# Delete group2
|
|
self.security_groups_client.delete_security_group(sg2_id)
|
|
# Get rules of the Group1
|
|
rules = (self.security_groups_client.show_security_group(sg1_id)
|
|
['security_group']['rules'])
|
|
# The group1 has no rules because group2 has deleted
|
|
self.assertEmpty(rules)
|