Browse Source

Merge "add test_policy_between_vns_diff_proj"

Jenkins 2 years ago
parent
commit
12a59fb333
1 changed files with 54 additions and 1 deletions
  1. 54
    1
      plugin_test/vapor/vapor/tests/common/test_base.py

+ 54
- 1
plugin_test/vapor/vapor/tests/common/test_base.py View File

@@ -24,7 +24,7 @@ import pytest
24 24
 
25 25
 from vapor.helpers import agent_steps
26 26
 from vapor.helpers import asserts
27
-from vapor.helpers import contrail_status
27
+from vapor.helpers import contrail_status, policy, connectivity
28 28
 from vapor import settings
29 29
 
30 30
 
@@ -482,3 +482,56 @@ def test_network_in_agent_with_server_add_delete(
482 482
             agent_networks.append(agent_network)
483 483
 
484 484
     assert_that(agent_networks, empty())
485
+
486
+
487
+def test_policy_between_vns_diff_proj(different_tenants_resources,
488
+                                      server_steps,
489
+                                      contrail_api_client,
490
+                                      create_contrail_security_group):
491
+    """Test to validate that policy to deny and pass under different
492
+    projects should behave accordingly.
493
+
494
+    Test steps:
495
+        1. Create 2 different projects.
496
+        2. Launch 2 VNs and 2 VMs.
497
+        3. Configure a policy to allow ICMP in one of the projects, while
498
+        in the other configure a policy to deny ICMP between the projects.
499
+    """
500
+    project1, project2 = different_tenants_resources
501
+
502
+    client, server = project1.server, project2.server
503
+    client_floating_ip = project1.floating_ip
504
+    server_floating_ip = project2.floating_ip
505
+
506
+    prj1_conrail_sg = contrail_api_client.security_group_read(
507
+        id=project1.security_group.id)
508
+    prj2_conrail_sg = contrail_api_client.security_group_read(
509
+        id=project2.security_group.id)
510
+
511
+    client_sg_entries = prj1_conrail_sg.security_group_entries
512
+    server_sg_entries = prj2_conrail_sg.security_group_entries
513
+
514
+    # Add allow policy
515
+    client_sg_entries.add_policy_rule(policy.POLICY_RULE_ALLOW_EGRESS_ICMP)
516
+    client_sg_entries.add_policy_rule(policy.POLICY_RULE_ALLOW_INGRESS_ICMP)
517
+    prj1_conrail_sg.security_group_entries = client_sg_entries
518
+    contrail_api_client.security_group_update(prj1_conrail_sg)
519
+
520
+    with server_steps.get_server_ssh(
521
+            client,
522
+            ip=client_floating_ip['floating_ip_address']) as server_ssh:
523
+        connectivity.check_icmp_connection_status(
524
+            server_floating_ip['floating_ip_address'],
525
+            server_ssh,
526
+            must_available=False,
527
+            timeout=settings.SECURITY_GROUP_APPLY_TIMEOUT)
528
+
529
+        server_sg_entries.add_policy_rule(policy.POLICY_RULE_ALLOW_EGRESS_ICMP)
530
+        server_sg_entries.add_policy_rule(policy.POLICY_RULE_ALLOW_INGRESS_ICMP)
531
+        prj2_conrail_sg.security_group_entries = server_sg_entries
532
+        contrail_api_client.security_group_update(prj2_conrail_sg)
533
+
534
+        connectivity.check_icmp_connection_status(
535
+            server_floating_ip['floating_ip_address'],
536
+            server_ssh,
537
+            timeout=settings.SECURITY_GROUP_APPLY_TIMEOUT)

Loading…
Cancel
Save