From 933873f36fa9321a3540dd5b6b8bf101a4e632f8 Mon Sep 17 00:00:00 2001 From: Georgy Dyuldin Date: Thu, 30 Mar 2017 12:06:16 +0300 Subject: [PATCH] Fix security group tests Change-Id: I13e05c0b73fe8faef2bf5dd5d54eadfac416dfe2 --- .../vapor/fixtures/contrail_resources.py | 4 +- .../vapor/vapor/helpers/connectivity.py | 23 ++++-- .../vapor/tests/common/test_security_group.py | 70 +++++++++---------- 3 files changed, 53 insertions(+), 44 deletions(-) diff --git a/plugin_test/vapor/vapor/fixtures/contrail_resources.py b/plugin_test/vapor/vapor/fixtures/contrail_resources.py index ac57be5ee..ad83bc9ba 100644 --- a/plugin_test/vapor/vapor/fixtures/contrail_resources.py +++ b/plugin_test/vapor/vapor/fixtures/contrail_resources.py @@ -40,7 +40,7 @@ def contrail_2_networks(create_network, create_subnet): def contrail_2_servers_different_networks( request, flavor, - security_group, + neutron_security_group, sorted_hypervisors, contrail_2_networks, server_steps): @@ -91,7 +91,7 @@ def contrail_2_servers_different_networks( networks=[network], keypair=keypair, availability_zone='nova:{}'.format(hypervisor.service['host']), - security_groups=[security_group], + security_groups=[neutron_security_group], username=username, password=password, check=False)[0] diff --git a/plugin_test/vapor/vapor/helpers/connectivity.py b/plugin_test/vapor/vapor/helpers/connectivity.py index fe721268a..b18b9f65a 100644 --- a/plugin_test/vapor/vapor/helpers/connectivity.py +++ b/plugin_test/vapor/vapor/helpers/connectivity.py @@ -13,7 +13,7 @@ import contextlib import time -from hamcrest import is_ +from hamcrest import assert_that, is_, greater_than, has_value from stepler.third_party import ping from stepler.third_party import tcpdump from stepler.third_party import waiter @@ -108,13 +108,14 @@ def start_port_listener(server_ssh, @contextlib.contextmanager -def calc_packets_count(os_faults_steps, nodes, iface, filters): +def calc_packets_count(os_faults_steps, nodes, iface, filters, + max_packets=10000): """CM to calc packages count on nodes' iface. Returns dict: fqdn -> captured packets count. """ tcpdump_base_path = os_faults_steps.start_tcpdump( - nodes, '-i {0} {1}'.format(iface, filters)) + nodes, '-i {0} {1} -c {2}'.format(iface, filters, max_packets)) result = {node.fqdn: 0 for node in nodes} yield result os_faults_steps.stop_tcpdump(nodes, tcpdump_base_path) @@ -138,8 +139,20 @@ def start_iperf_pair(client_ssh, server_ssh, ip, port, udp=False, timeout=10): server_ssh.background_call(server_cmd.format(proto=proto, port=port)) - if not udp: - time.sleep(10) + # if not udp: + time.sleep(10) client_ssh.background_call( client_cmd.format(proto=proto, ip=ip, port=port, time=timeout)) + + +def check_packets_on_iface(os_faults_steps, node, iface, filters, + should_be=True): + with calc_packets_count(os_faults_steps, node, iface, + filters) as tcp_counts: + time.sleep(1) + if should_be: + matcher = greater_than(0) + else: + matcher = is_(0) + assert_that(tcp_counts, has_value(matcher), 'Wrong packets count') diff --git a/plugin_test/vapor/vapor/tests/common/test_security_group.py b/plugin_test/vapor/vapor/tests/common/test_security_group.py index 955a345e6..7fe32499b 100644 --- a/plugin_test/vapor/vapor/tests/common/test_security_group.py +++ b/plugin_test/vapor/vapor/tests/common/test_security_group.py @@ -310,7 +310,7 @@ def test_security_group_rules_uuid_in_contrail_and_neutron(contrail_api_client, ids=['ubuntu']) def test_add_remove_security_group_with_active_flow( contrail_2_servers_diff_nets_with_floating, - security_group, + neutron_security_group, contrail_api_client, contrail_network_policy, set_network_policy, @@ -345,7 +345,8 @@ def test_add_remove_security_group_with_active_flow( set_network_policy(network, contrail_network_policy) # Add rule to group - contrail_sg = contrail_api_client.security_group_read(id=security_group.id) + contrail_sg = contrail_api_client.security_group_read( + id=neutron_security_group['id']) sg_entries = contrail_sg.security_group_entries rules = [ types.PolicyRuleType( @@ -401,6 +402,12 @@ def test_add_remove_security_group_with_active_flow( server2_ssh = enter(server_steps.get_server_ssh(server2)) # Start TCP and UDP traffic + connectivity.start_iperf_pair( + client_ssh=server2_ssh, + server_ssh=server1_ssh, + ip=ip1, + port=TCP_PORT, + timeout=60 * 1000) connectivity.start_iperf_pair( client_ssh=server1_ssh, server_ssh=server2_ssh, @@ -408,46 +415,35 @@ def test_add_remove_security_group_with_active_flow( port=UDP_PORT, udp=True, timeout=60 * 1000) - connectivity.start_iperf_pair( - client_ssh=server2_ssh, - server_ssh=server1_ssh, - ip=ip1, - port=TCP_PORT, - timeout=60 * 1000) # Check that some packets are captured - with connectivity.calc_packets_count(os_faults_steps, computes[0], - ifaces[0], - tcp_filter) as tcp_counts: - with connectivity.calc_packets_count(os_faults_steps, computes[1], - ifaces[1], - udp_filter) as udp_counts: - time.sleep(1) - assert_that(next(iter(tcp_counts.values())), greater_than(0)) - assert_that(next(iter(udp_counts.values())), greater_than(0)) + connectivity.check_packets_on_iface(os_faults_steps, computes[0], + ifaces[0], tcp_filter) + connectivity.check_packets_on_iface(os_faults_steps, computes[1], + ifaces[1], udp_filter) # Remove security group from server1 - server1.remove_security_group(security_group.id) + server1.remove_security_group(neutron_security_group['id']) - with connectivity.calc_packets_count(os_faults_steps, computes[0], - ifaces[0], - tcp_filter) as tcp_counts: - with connectivity.calc_packets_count(os_faults_steps, computes[1], - ifaces[1], - udp_filter) as udp_counts: - time.sleep(1) - assert_that(next(iter(tcp_counts.values())), equal_to(0)) - assert_that(next(iter(udp_counts.values())), equal_to(0)) + connectivity.check_packets_on_iface( + os_faults_steps, + computes[0], + ifaces[0], + tcp_filter, + should_be=False) + connectivity.check_packets_on_iface( + os_faults_steps, + computes[1], + ifaces[1], + udp_filter, + should_be=False) # Add security group from server1 - server1.add_security_group(security_group.id) + server1.add_security_group(neutron_security_group['id']) - with connectivity.calc_packets_count(os_faults_steps, computes[0], - ifaces[0], - tcp_filter) as tcp_counts: - with connectivity.calc_packets_count(os_faults_steps, computes[1], - ifaces[1], - udp_filter) as udp_counts: - time.sleep(1) - assert_that(next(iter(tcp_counts.values())), greater_than(0)) - assert_that(next(iter(udp_counts.values())), greater_than(0)) + time.sleep(10) + + connectivity.check_packets_on_iface(os_faults_steps, computes[0], + ifaces[0], tcp_filter) + connectivity.check_packets_on_iface(os_faults_steps, computes[1], + ifaces[1], udp_filter)