Fix security group ping allow rules
Change-Id: I54b651a674de98345a3170b92ab74ee37a278207
This commit is contained in:
parent
ecda54cc96
commit
35c6eef7b8
|
@ -1,7 +1,21 @@
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
import pycontrail.types as types
|
import pycontrail.types as types
|
||||||
import pytest
|
import pytest
|
||||||
from stepler.third_party import utils
|
from stepler.third_party import utils
|
||||||
|
|
||||||
|
from vapor import settings
|
||||||
|
|
||||||
|
|
||||||
@pytest.fixture
|
@pytest.fixture
|
||||||
def contrail_security_groups_cleanup(contrail_api_client):
|
def contrail_security_groups_cleanup(contrail_api_client):
|
||||||
|
@ -44,3 +58,29 @@ def create_contrail_security_group(contrail_api_client,
|
||||||
def contrail_security_group(create_contrail_security_group):
|
def contrail_security_group(create_contrail_security_group):
|
||||||
"""Fixture to create contrail security group."""
|
"""Fixture to create contrail security group."""
|
||||||
return create_contrail_security_group()
|
return create_contrail_security_group()
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.fixture
|
||||||
|
def neutron_security_group(neutron_create_security_group,
|
||||||
|
neutron_security_group_rule_steps):
|
||||||
|
"""Function fixture to create security group before test.
|
||||||
|
|
||||||
|
Can be called several times during test.
|
||||||
|
After the test it destroys all created security groups
|
||||||
|
|
||||||
|
Args:
|
||||||
|
neutron_create_security_group (function): function to create security
|
||||||
|
group with options
|
||||||
|
neutron_security_group_rule_steps (object): instantiated security
|
||||||
|
groups rules steps
|
||||||
|
|
||||||
|
Returns:
|
||||||
|
dict: security group
|
||||||
|
"""
|
||||||
|
group_name = next(utils.generate_ids('security-group'))
|
||||||
|
group = neutron_create_security_group(group_name)
|
||||||
|
|
||||||
|
neutron_security_group_rule_steps.add_rules_to_group(
|
||||||
|
group['id'], settings.SECURITY_GROUP_SSH_PING_RULES)
|
||||||
|
|
||||||
|
return group
|
||||||
|
|
|
@ -5,6 +5,9 @@ import sys
|
||||||
import yaml
|
import yaml
|
||||||
import logbook
|
import logbook
|
||||||
|
|
||||||
|
from stepler import config as stepler_config
|
||||||
|
|
||||||
|
|
||||||
LOG_FILENAME = './vapor.log'
|
LOG_FILENAME = './vapor.log'
|
||||||
logger = logbook.Logger(__name__)
|
logger = logbook.Logger(__name__)
|
||||||
logger.handlers.append(logbook.FileHandler(LOG_FILENAME,
|
logger.handlers.append(logbook.FileHandler(LOG_FILENAME,
|
||||||
|
@ -193,3 +196,24 @@ DPDK_NEC_BIND_PATH = '/opt/contrail/bin/dpdk_nic_bind.py'
|
||||||
|
|
||||||
# SR-IOV
|
# SR-IOV
|
||||||
SRIOV_PHYSNET = 'physnet1'
|
SRIOV_PHYSNET = 'physnet1'
|
||||||
|
|
||||||
|
# Security groups
|
||||||
|
INGRESS = 'ingress'
|
||||||
|
EGRESS = 'egress'
|
||||||
|
|
||||||
|
SECURITY_GROUP_PING_RULES = [
|
||||||
|
{
|
||||||
|
# ping IPv4
|
||||||
|
'direction': INGRESS,
|
||||||
|
'protocol': 'icmp',
|
||||||
|
# For ICMP neutron allows to set port range from 0 to 255.
|
||||||
|
# But in neutron this means ICMP type and ICMP code.
|
||||||
|
# So this values are valid only with contrail.
|
||||||
|
'port_range_min': 0,
|
||||||
|
'port_range_max': 255,
|
||||||
|
'remote_ip_prefix': '0.0.0.0/0',
|
||||||
|
}
|
||||||
|
]
|
||||||
|
|
||||||
|
SECURITY_GROUP_SSH_PING_RULES = (stepler_config.SECURITY_GROUP_SSH_RULES +
|
||||||
|
SECURITY_GROUP_PING_RULES)
|
||||||
|
|
Loading…
Reference in New Issue