Browse Source

Switch to neutron for security groups

Change-Id: Ic7f5f2d9d01c2de07555da3a7ccfb3bf535e9f59
Georgy Dyuldin 2 years ago
parent
commit
bce05180a8

+ 26
- 20
plugin_test/vapor/vapor/fixtures/different_tenants_resources.py View File

@@ -25,7 +25,8 @@ else:
25 25
 class ResourceManager(object):
26 26
     def __init__(self, stack, base_name, get_network_steps, get_subnet_steps,
27 27
                  port_steps, get_floating_ip_steps, get_server_steps,
28
-                 get_security_group_steps, public_network):
28
+                 get_neutron_security_group_steps,
29
+                 get_neutron_security_group_rule_steps, public_network):
29 30
         self.stack = stack
30 31
         self.base_name = base_name
31 32
         self.get_network_steps = get_network_steps
@@ -33,7 +34,10 @@ class ResourceManager(object):
33 34
         self.port_steps = port_steps
34 35
         self.get_floating_ip_steps = get_floating_ip_steps
35 36
         self.get_server_steps = get_server_steps
36
-        self.get_security_group_steps = get_security_group_steps
37
+        self.get_neutron_security_group_steps = (
38
+            get_neutron_security_group_steps)
39
+        self.get_neutron_security_group_rule_steps = (
40
+            get_neutron_security_group_rule_steps)
37 41
         self.public_network = public_network
38 42
 
39 43
     def _add_fin(self, steps_getter, fn_name, *args, **kwargs):
@@ -59,12 +63,12 @@ class ResourceManager(object):
59 63
 
60 64
     def _create_security_group(self):
61 65
         # Create security groups
62
-        security_group_steps = self.get_security_group_steps()
63
-        security_group = security_group_steps.create_group(self.base_name)
64
-        self._add_fin(self.get_security_group_steps, 'delete_group',
66
+        security_group_steps = self.get_neutron_security_group_steps()
67
+        security_group = security_group_steps.create(self.base_name)
68
+        self._add_fin(self.get_neutron_security_group_steps, 'delete',
65 69
                       security_group)
66
-        security_group_steps.add_group_rules(
67
-            security_group, stepler_config.SECURITY_GROUP_SSH_PING_RULES)
70
+        self.get_neutron_security_group_rule_steps().add_rules_to_group(
71
+            security_group['id'], stepler_config.SECURITY_GROUP_SSH_PING_RULES)
68 72
         return security_group
69 73
 
70 74
     def _create_server(self, image, flavor, nova_host, network, ip,
@@ -135,12 +139,12 @@ def project_2(create_user_with_project):
135 139
 
136 140
 
137 141
 @pytest.fixture
138
-def different_tenants_resources(request,
139
-        project_2, credentials, create_user_with_project, cirros_image,
140
-        sorted_hypervisors, get_network_steps, get_subnet_steps,
142
+def different_tenants_resources(
143
+        request, project_2, credentials, create_user_with_project,
144
+        cirros_image, sorted_hypervisors, get_network_steps, get_subnet_steps,
141 145
         get_server_steps, port_steps, get_floating_ip_steps, public_flavor,
142
-        public_network, get_security_group_steps,
143
-        nova_availability_zone_hosts):
146
+        public_network, get_neutron_security_group_steps,
147
+        get_neutron_security_group_rule_steps, nova_availability_zone_hosts):
144 148
     """Fixture to create network, subnet and server on each of 2 projects.
145 149
 
146 150
     Created subnets has same CIDR.
@@ -152,7 +156,9 @@ def different_tenants_resources(request,
152 156
     default_params = {
153 157
         'subnet_cidr': '10.0.0.0/24',
154 158
         'base_name': next(utils.generate_ids()),
155
-        'ips': ('10.0.0.11', '10.0.0.21',)
159
+        'ips': (
160
+            '10.0.0.11',
161
+            '10.0.0.21', )
156 162
     }
157 163
     default_params.update(getattr(request, 'param', {}))
158 164
 
@@ -168,10 +174,11 @@ def different_tenants_resources(request,
168 174
 
169 175
     with contextlib.ExitStack() as stack:
170 176
 
171
-        mrg = ResourceManager(stack, base_name, get_network_steps,
172
-                              get_subnet_steps, port_steps,
173
-                              get_floating_ip_steps, get_server_steps,
174
-                              get_security_group_steps, public_network)
177
+        mrg = ResourceManager(
178
+            stack, base_name, get_network_steps, get_subnet_steps, port_steps,
179
+            get_floating_ip_steps, get_server_steps,
180
+            get_neutron_security_group_steps,
181
+            get_neutron_security_group_rule_steps, public_network)
175 182
 
176 183
         projects_resources = []
177 184
 
@@ -182,8 +189,7 @@ def different_tenants_resources(request,
182 189
 
183 190
         with credentials.change(project_2):
184 191
 
185
-            project_resources = mrg.create(subnet_cidr, ips[1],
186
-                                           cirros_image, public_flavor,
187
-                                           host)
192
+            project_resources = mrg.create(subnet_cidr, ips[1], cirros_image,
193
+                                           public_flavor, host)
188 194
             projects_resources.append(project_resources)
189 195
             yield projects_resources

+ 1
- 5
plugin_test/vapor/vapor/helpers/clients/contrail_agent.py View File

@@ -71,7 +71,6 @@ class ClientContrailVRouterAgentBase(object):
71 71
                     data = data[key[0]]
72 72
                     return_data = self.get_data(data)
73 73
                 elif data['@type'] == 'struct':
74
-                    return_list = []
75 74
                     data = self.del_unused_key(data)
76 75
                     if len(data) == 0:
77 76
                         return ''
@@ -141,7 +140,7 @@ class ClientContrailVRouterAgentBase(object):
141 140
                     old_data = data.copy()
142 141
                     path1 = data[keys[0]]['next_batch']['@link']
143 142
                     path2 = data[keys[0]]['next_batch']['#text']
144
-                    path = 'Snh_%s?x=%s' % (path1,path2)
143
+                    path = 'Snh_%s?x=%s' % (path1, path2)
145 144
                     data = self.get_resource(path)
146 145
                     old_list = self.find_ifmap_list(old_data)
147 146
                     self.merge_ifmap_list(data, old_list)
@@ -165,6 +164,3 @@ class ContrailVRouterAgentClient(ClientContrailVRouterAgentBase):
165 164
     def get_itf_by_name(self, interface_name):
166 165
         data = self.get_path_to_dict('Snh_ItfReq?x={}'.format(interface_name))
167 166
         return data
168
-
169
-
170
-

+ 0
- 1
plugin_test/vapor/vapor/helpers/clients/contrail_api.py View File

@@ -1,5 +1,4 @@
1 1
 from . import base
2
-import urllib
3 2
 
4 3
 
5 4
 class ContrailClient(base.ContrailBaseClient):

+ 3
- 4
plugin_test/vapor/vapor/tests/common/test_base.py View File

@@ -26,7 +26,6 @@ from vapor.helpers import agent_steps
26 26
 from vapor.helpers import asserts
27 27
 from vapor.helpers import contrail_status, policy, connectivity
28 28
 from vapor import settings
29
-from vapor.helpers import contrail_status, nodes_steps
30 29
 from vapor.settings import logger
31 30
 
32 31
 
@@ -501,7 +500,7 @@ def test_policy_between_vns_diff_proj(different_tenants_resources,
501 500
     """
502 501
     project1, project2 = different_tenants_resources
503 502
 
504
-    client, server = project1.server, project2.server
503
+    client = project1.server
505 504
     client_floating_ip = project1.floating_ip
506 505
     server_floating_ip = project2.floating_ip
507 506
 
@@ -529,7 +528,8 @@ def test_policy_between_vns_diff_proj(different_tenants_resources,
529 528
             timeout=settings.SECURITY_GROUP_APPLY_TIMEOUT)
530 529
 
531 530
         server_sg_entries.add_policy_rule(policy.POLICY_RULE_ALLOW_EGRESS_ICMP)
532
-        server_sg_entries.add_policy_rule(policy.POLICY_RULE_ALLOW_INGRESS_ICMP)
531
+        server_sg_entries.add_policy_rule(
532
+            policy.POLICY_RULE_ALLOW_INGRESS_ICMP)
533 533
         prj2_conrail_sg.security_group_entries = server_sg_entries
534 534
         contrail_api_client.security_group_update(prj2_conrail_sg)
535 535
 
@@ -627,4 +627,3 @@ def test_diff_proj_same_vn_vm_add_delete(different_tenants_resources,
627 627
                                                    s2_net_label))
628 628
 
629 629
     assert_that(s1_net_label, is_not(equal_to(s2_net_label)))
630
-

+ 35
- 27
plugin_test/vapor/vapor/tests/common/test_sg_policy.py View File

@@ -23,28 +23,32 @@ from vapor import settings
23 23
 
24 24
 SG_RULES = {
25 25
     'tcp_all': [{
26
-        'ip_protocol': 'tcp',
27
-        'from_port': 1,
28
-        'to_port': 65535,
29
-        'cidr': '0.0.0.0/0',
26
+        'direction': stepler_config.INGRESS,
27
+        'protocol': 'tcp',
28
+        'port_range_min': 1,
29
+        'port_range_max': 65535,
30
+        'remote_ip_prefix': '0.0.0.0/0',
30 31
     }],
31 32
     'tcp_ssh': [{
32
-        'ip_protocol': 'tcp',
33
-        'from_port': 22,
34
-        'to_port': 22,
35
-        'cidr': '0.0.0.0/0',
33
+        'direction': stepler_config.INGRESS,
34
+        'protocol': 'tcp',
35
+        'port_range_min': 22,
36
+        'port_range_max': 22,
37
+        'remote_ip_prefix': '0.0.0.0/0',
36 38
     }],
37 39
     'udp_all': [{
38
-        'ip_protocol': 'udp',
39
-        'from_port': 1,
40
-        'to_port': 65535,
41
-        'cidr': '0.0.0.0/0',
40
+        'direction': stepler_config.INGRESS,
41
+        'protocol': 'udp',
42
+        'port_range_min': 1,
43
+        'port_range_max': 65535,
44
+        'remote_ip_prefix': '0.0.0.0/0',
42 45
     }],
43 46
     'icmp_all': [{
44
-        'ip_protocol': 'icmp',
45
-        'from_port': -1,
46
-        'to_port': -1,
47
-        'cidr': '0.0.0.0/0',
47
+        'direction': stepler_config.INGRESS,
48
+        'protocol': 'icmp',
49
+        'port_range_min': None,
50
+        'port_range_max': None,
51
+        'remote_ip_prefix': '0.0.0.0/0',
48 52
     }]
49 53
 }
50 54
 
@@ -67,12 +71,15 @@ tcp_ssh_policy = policy.make_policy_entry(
67 71
 
68 72
 
69 73
 @pytest.fixture
70
-def security_group(create_security_group, security_group_steps):
74
+def security_group(neutron_create_security_group,
75
+                   neutron_security_group_rule_steps):
71 76
     """Fixture that returns security group with SSH allow rules."""
72 77
     group_name = next(utils.generate_ids('security-group'))
73
-    group = create_security_group(group_name)
78
+    group = neutron_create_security_group(group_name)
79
+
80
+    neutron_security_group_rule_steps.add_rules_to_group(group['id'],
81
+                                                         SG_RULES['tcp_ssh'])
74 82
 
75
-    security_group_steps.add_group_rules(group, SG_RULES['tcp_ssh'])
76 83
     return group
77 84
 
78 85
 
@@ -163,8 +170,8 @@ def connectivity_test_resources(
163 170
     ids=['tcp_ssh', 'tcp_all', 'tcp_udp_all'])
164 171
 def test_security_group_and_allow_all_policy(
165 172
         security_group, connectivity_test_resources, contrail_network_policy,
166
-        security_group_steps, server_steps, contrail_api_client, sg_rules,
167
-        checks):
173
+        neutron_security_group_rule_steps, server_steps, contrail_api_client,
174
+        sg_rules, checks):
168 175
     """Verify traffic restrictions by security group with policy.
169 176
 
170 177
     Steps:
@@ -183,7 +190,8 @@ def test_security_group_and_allow_all_policy(
183 190
     contrail_api_client.network_policy_update(contrail_network_policy)
184 191
 
185 192
     # Update security group
186
-    security_group_steps.add_group_rules(security_group, sg_rules)
193
+    neutron_security_group_rule_steps.add_rules_to_group(security_group['id'],
194
+                                                         sg_rules)
187 195
 
188 196
     server1_ip = server_steps.get_fixed_ip(connectivity_test_resources.server)
189 197
 
@@ -214,9 +222,9 @@ def test_security_group_and_allow_all_policy(
214 222
     ],
215 223
     ids=['tcp_all', 'tcp_port'])
216 224
 def test_allow_all_security_group_and_policies(
217
-        contrail_network_policy, security_group, security_group_steps,
218
-        connectivity_test_resources, server_steps, contrail_api_client,
219
-        policy_entries, checks):
225
+        contrail_network_policy, security_group,
226
+        neutron_security_group_rule_steps, connectivity_test_resources,
227
+        server_steps, contrail_api_client, policy_entries, checks):
220 228
     """Verify traffic restrictions by policy with security group.
221 229
 
222 230
     Steps:
@@ -233,8 +241,8 @@ def test_allow_all_security_group_and_policies(
233 241
     contrail_api_client.network_policy_update(contrail_network_policy)
234 242
 
235 243
     # Update security group
236
-    security_group_steps.add_group_rules(
237
-        security_group,
244
+    neutron_security_group_rule_steps.add_rules_to_group(
245
+        security_group['id'],
238 246
         SG_RULES['tcp_all'] + SG_RULES['udp_all'] + SG_RULES['icmp_all'])
239 247
 
240 248
     server1_ip = server_steps.get_fixed_ip(connectivity_test_resources.server)

+ 2
- 1
plugin_test/vapor/vapor/tests/test_heat.py View File

@@ -15,7 +15,8 @@ import pytest
15 15
 
16 16
 from vapor.helpers import heat_utils
17 17
 
18
-@pytest.mark.xfail(run=False) #Remove when contrail-heat wil be added
18
+
19
+@pytest.mark.xfail(run=False)  # Remove when contrail-heat wil be added
19 20
 @pytest.mark.parametrize('template_file', heat_utils.list_templates())
20 21
 def test_heat_templates(create_stack, template_file, contrail_current_project,
21 22
                         contrail_api_client):

Loading…
Cancel
Save