Add CLI tests for security group logging

Various tests to validate CLI commands for security group logging.

Change-Id: I59d0489bf0fac554de7a00e2229d2e3da6f1fa75
This commit is contained in:
Maor Blaustein 2021-09-05 21:44:30 +03:00 committed by Federico Ressi
parent 8566e877d7
commit 28c09f3e6c
3 changed files with 171 additions and 3 deletions

View File

@ -22,6 +22,7 @@ from tobiko.openstack.openstackclient import _port
from tobiko.openstack.openstackclient import _security_group from tobiko.openstack.openstackclient import _security_group
from tobiko.openstack.openstackclient import _security_group_rule from tobiko.openstack.openstackclient import _security_group_rule
from tobiko.openstack.openstackclient import _subnet from tobiko.openstack.openstackclient import _subnet
from tobiko.openstack.openstackclient import _log
OSPCliError = _exception.OSPCliAuthError OSPCliError = _exception.OSPCliAuthError
@ -61,3 +62,9 @@ subnet_create = _subnet.subnet_create
subnet_delete = _subnet.subnet_delete subnet_delete = _subnet.subnet_delete
subnet_set = _subnet.subnet_set subnet_set = _subnet.subnet_set
subnet_unset = _subnet.subnet_unset subnet_unset = _subnet.subnet_unset
network_loggable_resources_list = _log.network_loggable_resources_list
network_log_create = _log.network_log_create
network_log_show = _log.network_log_show
network_log_list = _log.network_log_list
network_log_delete = _log.network_log_delete

View File

@ -0,0 +1,47 @@
# Copyright (c) 2021 Red Hat, Inc.
#
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from __future__ import absolute_import
from tobiko.openstack.openstackclient import _client
def network_loggable_resources_list(*args, **kwargs):
cmd = 'openstack network loggable resources list {params}'
kwargs['format'] = 'json'
return _client.execute(cmd, *args, **kwargs)
def network_log_create(log_name, *args, **kwargs):
cmd = f'openstack network log create {{params}} {log_name}'
kwargs['format'] = 'json'
return _client.execute(cmd, *args, **kwargs)
def network_log_show(log_name, *args, **kwargs):
cmd = f'openstack network log show {{params}} {log_name}'
kwargs['format'] = 'json'
return _client.execute(cmd, *args, **kwargs)
def network_log_list(*args, **kwargs):
cmd = 'openstack network log list {params}'
kwargs['format'] = 'json'
return _client.execute(cmd, *args, **kwargs)
def network_log_delete(log_names, *args, **kwargs):
cmd = f'openstack network log delete {{params}} {" ".join(log_names)}'
return _client.execute(cmd, *args, **kwargs)

View File

@ -19,8 +19,11 @@ import random
import testtools import testtools
from oslo_log import log from oslo_log import log
import tobiko
from tobiko.openstack import neutron from tobiko.openstack import neutron
from tobiko.openstack import openstackclient from tobiko.openstack import openstackclient
from tobiko.openstack import stacks
from tobiko.openstack import topology
LOG = log.getLogger(__name__) LOG = log.getLogger(__name__)
@ -62,6 +65,16 @@ class BaseCliTest(testtools.TestCase):
self.api.delete_port(port_name) self.api.delete_port(port_name)
break break
def api_network_log_delete(self, log_name):
logs = self.api.list_network_logs()['logs']
for _log in logs:
if _log['name'] == log_name:
self.api.delete_network_log(_log['id'])
break
if _log['id'] == log_name:
self.api.delete_network_log(_log['id'])
break
def api_random_port_create(self): def api_random_port_create(self):
net_name = self.random_name() net_name = self.random_name()
port_name = self.random_name() port_name = self.random_name()
@ -91,13 +104,114 @@ class BaseCliTest(testtools.TestCase):
self.addCleanup(self.api_network_delete, name) self.addCleanup(self.api_network_delete, name)
return name return name
def api_random_network_log_create(self, sec_group_id=None):
name = self.random_name()
api_args = {'log': {'name': name,
'resource_type': 'security_group'}}
if sec_group_id:
api_args['log']['resource_id'] = sec_group_id
self.api.create_network_log(api_args)
self.addCleanup(self.api_network_log_delete, name)
return name
def random_name(self, length=16): def random_name(self, length=16):
letters = 'abcdefghijklmnopqrstuvwxyz' letters = 'abcdefghijklmnopqrstuvwxyz'
random_string = ''.join(random.choice(letters) for i in range(length)) random_string = ''.join(random.choice(letters) for i in range(length))
return f'{self.__class__.__name__}-{random_string}' return f'{self.__class__.__name__}-{random_string}'
class NeutronCliNetwork(BaseCliTest): @neutron.skip_unless_is_ovs()
@topology.skip_unless_osp_version('16.1', higher=True)
@neutron.skip_if_missing_networking_extensions('logging')
class NeutronOvsLogCliTest(BaseCliTest):
LOGS_AMOUNT = 2
sec_groups_stack = tobiko.required_setup_fixture(
stacks.SecurityGroupsFixture)
def _get_icmp_sec_group_id(self):
"""Returns the uuid of a security group with ICMP allowed."""
sec_group_obj = self.sec_groups_stack.icmp_security_group_id
if hasattr(sec_group_obj, '__iter__'):
return sec_group_obj
return sec_group_obj[0]
def test_network_loggable_resources_list(self):
response = openstackclient.network_loggable_resources_list()
self.assertIn('security_group', response[0]['Supported types'],
"Security group logging isn't supported.")
def test_network_log_create(self):
log_name = self.random_name()
test_sec_group_id = self._get_icmp_sec_group_id()
response = openstackclient.network_log_create(
log_name, **{'resource-type': 'security_group',
'resource': test_sec_group_id,
'event': 'ALL'})
self.addCleanup(self.api_network_log_delete, log_name)
err_msg = 'Creation of log for security group using CLI failed.'
# pylint: disable=E1126
self.assertEqual(response['Enabled'], True, err_msg)
self.assertEqual(response['Type'], 'security_group', err_msg)
self.assertEqual(response['Event'], 'ALL', err_msg)
def test_network_log_show(self):
test_sec_group_id = self._get_icmp_sec_group_id()
log_name = self.api_random_network_log_create(test_sec_group_id)
_log = openstackclient.network_log_show(log_name)
err_msg = 'Details show of log for security group using CLI failed.'
# pylint: disable=E1126
self.assertEqual(_log['Name'], log_name, err_msg)
def test_network_log_create_all(self):
log_name = self.random_name()
response = openstackclient.network_log_create(
log_name, **{'resource-type': 'security_group',
'event': 'ALL'})
self.addCleanup(self.api_network_log_delete, log_name)
err_msg = 'Creation of log for security group using CLI failed.'
# pylint: disable=E1126
self.assertEqual(response['Enabled'], True, err_msg)
self.assertEqual(response['Type'], 'security_group', err_msg)
self.assertEqual(response['Event'], 'ALL', err_msg)
def test_network_log_list(self):
test_sec_group_id = self._get_icmp_sec_group_id()
log_names = [self.api_random_network_log_create(test_sec_group_id)
for i in range(self.LOGS_AMOUNT)]
for log_name in log_names:
self.addCleanup(self.api_network_log_delete, log_name)
logs = openstackclient.network_log_list()
found_count = 0
for _log in logs:
if _log['Name'] in log_names:
found_count += 1
err_msg = (f'Listing {self.LOGS_AMOUNT} logs for security groups '
'using CLI failed.')
# pylint: disable=E1126
self.assertEqual(found_count, self.LOGS_AMOUNT, err_msg)
def test_network_log_delete(self):
test_sec_group_id = self._get_icmp_sec_group_id()
log_names = [self.api_random_network_log_create(test_sec_group_id)
for i in range(self.LOGS_AMOUNT)]
openstackclient.network_log_delete(log_names)
logs = self.api.list_network_logs()['logs']
err_msg = 'Deletion of logs for security group using CLI failed.'
for log_name in log_names:
for _log in logs:
self.assertNotEqual(_log['name'], log_name, err_msg)
@neutron.skip_unless_is_ovn()
@topology.skip_unless_osp_version('16.2', higher=True)
@neutron.skip_if_missing_networking_extensions('logging')
class NeutronOvnLogCliTest(NeutronOvsLogCliTest):
pass
class NeutronNetworkCliTest(BaseCliTest):
def test_network_creation(self): def test_network_creation(self):
net_name = self.random_name() net_name = self.random_name()
@ -131,7 +245,7 @@ class NeutronCliNetwork(BaseCliTest):
self.assertEqual(net['name'], net_name) # pylint: disable=E1126 self.assertEqual(net['name'], net_name) # pylint: disable=E1126
class NeutronCliSubnet(BaseCliTest): class NeutronSubnetCliTest(BaseCliTest):
def test_subnet_creation(self): def test_subnet_creation(self):
subnet_name = self.random_name() subnet_name = self.random_name()
@ -165,7 +279,7 @@ class NeutronCliSubnet(BaseCliTest):
self.assertEqual(subnet['name'], subnet_name) # pylint: disable=E1126 self.assertEqual(subnet['name'], subnet_name) # pylint: disable=E1126
class NeutronCliPort(BaseCliTest): class NeutronPortCliTest(BaseCliTest):
def test_port_creation(self): def test_port_creation(self):
port_name = self.random_name() port_name = self.random_name()