Browse Source

Fix security group ping allow rules

Change-Id: I54b651a674de98345a3170b92ab74ee37a278207
changes/60/456660/1
Georgy Dyuldin 2 years ago
parent
commit
35c6eef7b8

+ 40
- 0
plugin_test/vapor/vapor/fixtures/security_groups.py View File

@@ -1,7 +1,21 @@
1
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
2
+# not use this file except in compliance with the License. You may obtain
3
+# a copy of the License at
4
+
5
+#     http://www.apache.org/licenses/LICENSE-2.0
6
+
7
+# Unless required by applicable law or agreed to in writing, software
8
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
9
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
10
+# License for the specific language governing permissions and limitations
11
+# under the License.
12
+
1 13
 import pycontrail.types as types
2 14
 import pytest
3 15
 from stepler.third_party import utils
4 16
 
17
+from vapor import settings
18
+
5 19
 
6 20
 @pytest.fixture
7 21
 def contrail_security_groups_cleanup(contrail_api_client):
@@ -44,3 +58,29 @@ def create_contrail_security_group(contrail_api_client,
44 58
 def contrail_security_group(create_contrail_security_group):
45 59
     """Fixture to create contrail security group."""
46 60
     return create_contrail_security_group()
61
+
62
+
63
+@pytest.fixture
64
+def neutron_security_group(neutron_create_security_group,
65
+                           neutron_security_group_rule_steps):
66
+    """Function fixture to create security group before test.
67
+
68
+    Can be called several times during test.
69
+    After the test it destroys all created security groups
70
+
71
+    Args:
72
+        neutron_create_security_group (function): function to create security
73
+            group with options
74
+        neutron_security_group_rule_steps (object): instantiated security
75
+            groups rules steps
76
+
77
+    Returns:
78
+        dict: security group
79
+    """
80
+    group_name = next(utils.generate_ids('security-group'))
81
+    group = neutron_create_security_group(group_name)
82
+
83
+    neutron_security_group_rule_steps.add_rules_to_group(
84
+        group['id'], settings.SECURITY_GROUP_SSH_PING_RULES)
85
+
86
+    return group

+ 24
- 0
plugin_test/vapor/vapor/settings.py View File

@@ -5,6 +5,9 @@ import sys
5 5
 import yaml
6 6
 import logbook
7 7
 
8
+from stepler import config as stepler_config
9
+
10
+
8 11
 LOG_FILENAME = './vapor.log'
9 12
 logger = logbook.Logger(__name__)
10 13
 logger.handlers.append(logbook.FileHandler(LOG_FILENAME,
@@ -193,3 +196,24 @@ DPDK_NEC_BIND_PATH = '/opt/contrail/bin/dpdk_nic_bind.py'
193 196
 
194 197
 # SR-IOV
195 198
 SRIOV_PHYSNET = 'physnet1'
199
+
200
+# Security groups
201
+INGRESS = 'ingress'
202
+EGRESS = 'egress'
203
+
204
+SECURITY_GROUP_PING_RULES = [
205
+    {
206
+        # ping IPv4
207
+        'direction': INGRESS,
208
+        'protocol': 'icmp',
209
+        # For ICMP neutron allows to set port range from 0 to 255.
210
+        # But in neutron this means ICMP type and ICMP code.
211
+        # So this values are valid only with contrail.
212
+        'port_range_min': 0,
213
+        'port_range_max': 255,
214
+        'remote_ip_prefix': '0.0.0.0/0',
215
+    }
216
+]
217
+
218
+SECURITY_GROUP_SSH_PING_RULES = (stepler_config.SECURITY_GROUP_SSH_RULES +
219
+                                 SECURITY_GROUP_PING_RULES)

Loading…
Cancel
Save