Adding IPv6 provider security group tests
Change-Id: Id081ec0689c96466d93fe3596c71a7804138e992
This commit is contained in:
parent
44600b346f
commit
7dfa8984e6
|
@ -13,7 +13,6 @@
|
|||
from tempest import config
|
||||
from tempest.lib.common.utils import data_utils
|
||||
from tempest.lib import decorators
|
||||
from tempest.lib import exceptions
|
||||
|
||||
from vmware_nsx_tempest_plugin.lib import feature_manager
|
||||
CONF = config.CONF
|
||||
|
@ -49,28 +48,20 @@ class IPv6RoutersTest(feature_manager.FeatureManager):
|
|||
def resource_setup(cls):
|
||||
super(IPv6RoutersTest, cls).resource_setup()
|
||||
|
||||
def _create_ipv6_subnet(self, network, slaac=False):
|
||||
def _create_ipv6_subnet(self, network, cidr, slaac=False):
|
||||
subnet_client = self.cmgr_adm.subnets_client
|
||||
subnet_name = network['name'] + 'sub'
|
||||
address_cidr = CONF.network.project_network_v6_cidr
|
||||
address_prefixlen = CONF.network.project_network_v6_mask_bits
|
||||
if ((address_prefixlen >= 126)):
|
||||
msg = ("Subnet %s isn't large enough for the test" % address_cidr)
|
||||
raise exceptions.InvalidConfiguration(msg)
|
||||
allocation_pools = {'allocation_pools': [{
|
||||
'start': str(address_cidr).split('/')[0] + '2',
|
||||
'end':str(address_cidr).split('/')[0] + '70'}]}
|
||||
if slaac:
|
||||
subnet = self.create_topology_subnet(subnet_name, network,
|
||||
subnets_client=subnet_client,
|
||||
ip_version=6, ipv6_ra_mode='slaac',
|
||||
ipv6_address_mode='slaac',
|
||||
**allocation_pools)
|
||||
cidr=cidr)
|
||||
else:
|
||||
subnet = self.create_topology_subnet(subnet_name, network,
|
||||
subnets_client=subnet_client,
|
||||
ip_version=6, enable_dhcp=False,
|
||||
**allocation_pools)
|
||||
cidr=cidr)
|
||||
return subnet
|
||||
|
||||
@decorators.attr(type=['nsxv3', 'positive'])
|
||||
|
@ -83,7 +74,7 @@ class IPv6RoutersTest(feature_manager.FeatureManager):
|
|||
networks_client = self.cmgr_adm.networks_client
|
||||
network = self.create_topology_network(name,
|
||||
networks_client=networks_client)
|
||||
subnet = self._create_ipv6_subnet(network)
|
||||
subnet = self._create_ipv6_subnet(network, cidr="5200::/64")
|
||||
rtr_name = data_utils.rand_name("ipv6-rtr")
|
||||
router = self.create_topology_router(
|
||||
rtr_name, routers_client=self.cmgr_adm.routers_client)
|
||||
|
@ -107,7 +98,7 @@ class IPv6RoutersTest(feature_manager.FeatureManager):
|
|||
subnet_ipv4 = self.create_topology_subnet(subnet_name, network,
|
||||
subnets_client=subnet_client,
|
||||
cidr='20.20.0.0/16')
|
||||
subnet = self._create_ipv6_subnet(network)
|
||||
subnet = self._create_ipv6_subnet(network, cidr="5201::/64")
|
||||
rtr_name = data_utils.rand_name("ipv6-rtr")
|
||||
router = self.create_topology_router(
|
||||
rtr_name, routers_client=self.cmgr_adm.routers_client)
|
||||
|
@ -130,7 +121,8 @@ class IPv6RoutersTest(feature_manager.FeatureManager):
|
|||
networks_client = self.cmgr_adm.networks_client
|
||||
network = self.create_topology_network(name,
|
||||
networks_client=networks_client)
|
||||
subnet = self._create_ipv6_subnet(network, slaac=True)
|
||||
subnet = self._create_ipv6_subnet(network, cidr="4010::/64",
|
||||
slaac=True)
|
||||
rtr_name = data_utils.rand_name("ipv6-rtr")
|
||||
router = self.create_topology_router(
|
||||
rtr_name, routers_client=self.cmgr_adm.routers_client)
|
||||
|
@ -154,7 +146,8 @@ class IPv6RoutersTest(feature_manager.FeatureManager):
|
|||
subnet_ipv4 = self.create_topology_subnet(subnet_name, network,
|
||||
subnets_client=subnet_client,
|
||||
cidr='20.20.0.0/16')
|
||||
subnet = self._create_ipv6_subnet(network, slaac=True)
|
||||
subnet = self._create_ipv6_subnet(network, cidr="4011::/64",
|
||||
slaac=True)
|
||||
rtr_name = data_utils.rand_name("ipv6-rtr")
|
||||
router = self.create_topology_router(
|
||||
rtr_name, routers_client=self.cmgr_adm.routers_client)
|
||||
|
@ -177,8 +170,12 @@ class IPv6RoutersTest(feature_manager.FeatureManager):
|
|||
networks_client = self.cmgr_adm.networks_client
|
||||
network = self.create_topology_network(name,
|
||||
networks_client=networks_client)
|
||||
subnet = self._create_ipv6_subnet(network, slaac=True)
|
||||
subnet_1 = self._create_ipv6_subnet(network, slaac=True)
|
||||
subnet = self._create_ipv6_subnet(network, cidr="4012::/64",
|
||||
slaac=True)
|
||||
network_1 = self.create_topology_network(name,
|
||||
networks_client=networks_client)
|
||||
subnet_1 = self._create_ipv6_subnet(network_1, cidr="4013::/64",
|
||||
slaac=True)
|
||||
rtr_name = data_utils.rand_name("ipv6-rtr")
|
||||
router = self.create_topology_router(
|
||||
rtr_name, routers_client=self.cmgr_adm.routers_client)
|
||||
|
@ -194,15 +191,25 @@ class IPv6RoutersTest(feature_manager.FeatureManager):
|
|||
@decorators.attr(type=['nsxv3', 'positive'])
|
||||
@decorators.idempotent_id('3564b971-6033-43cc-a13a-93b467bca50d')
|
||||
def test_multiple_ipv6_downlink_interface_rtr(self):
|
||||
"""Test creating multiple ipv6 slaac subnets attached
|
||||
"""Test creating multiple ipv6 static subnets attached
|
||||
to router downlink interface
|
||||
"""
|
||||
name = data_utils.rand_name("ipv6-net")
|
||||
networks_client = self.cmgr_adm.networks_client
|
||||
network = self.create_topology_network(name,
|
||||
networks_client=networks_client)
|
||||
subnet = self._create_ipv6_subnet(network)
|
||||
subnet_1 = self._create_ipv6_subnet(network)
|
||||
subnet_client = self.cmgr_adm.subnets_client
|
||||
subnet_name = network['name'] + 'ipv4-sub'
|
||||
subnet_ipv4 = self.create_topology_subnet(subnet_name, network,
|
||||
subnets_client=subnet_client,
|
||||
cidr='20.21.0.0/16')
|
||||
subnet = self._create_ipv6_subnet(network, cidr="4200::/64")
|
||||
network_1 = self.create_topology_network(name,
|
||||
networks_client=networks_client)
|
||||
subnet_ipv4_1 = self.create_topology_subnet(subnet_name, network_1,
|
||||
subnets_client=subnet_client,
|
||||
cidr='20.22.0.0/16')
|
||||
subnet_1 = self._create_ipv6_subnet(network_1, cidr="4201::/64")
|
||||
rtr_name = data_utils.rand_name("ipv6-rtr")
|
||||
router = self.create_topology_router(
|
||||
rtr_name, routers_client=self.cmgr_adm.routers_client)
|
||||
|
@ -210,7 +217,59 @@ class IPv6RoutersTest(feature_manager.FeatureManager):
|
|||
router_client=self.cmgr_adm.routers_client,
|
||||
router_id=router['id'], subnet_id=subnet['id'])
|
||||
self.assertEqual(subnet['id'], interface['subnet_id'])
|
||||
interface = self.add_router_interface(
|
||||
router_client=self.cmgr_adm.routers_client,
|
||||
router_id=router['id'], subnet_id=subnet_ipv4['id'])
|
||||
self.assertEqual(subnet_ipv4['id'], interface['subnet_id'])
|
||||
interface = self.add_router_interface(
|
||||
router_client=self.cmgr_adm.routers_client,
|
||||
router_id=router['id'], subnet_id=subnet_1['id'])
|
||||
self.assertEqual(subnet_1['id'], interface['subnet_id'])
|
||||
interface = self.add_router_interface(
|
||||
router_client=self.cmgr_adm.routers_client,
|
||||
router_id=router['id'], subnet_id=subnet_ipv4_1['id'])
|
||||
self.assertEqual(subnet_ipv4_1['id'], interface['subnet_id'])
|
||||
|
||||
@decorators.attr(type=['nsxv3', 'positive'])
|
||||
@decorators.idempotent_id('151dd309-44a2-46ac-978a-f058492843c8')
|
||||
def test_slaac_multiple_ipv4_v6_downlink_interface_rtr(self):
|
||||
"""Test creating multiple ipv6 slaac subnets attached
|
||||
to router downlink interface
|
||||
"""
|
||||
name = data_utils.rand_name("dual-net")
|
||||
networks_client = self.cmgr_adm.networks_client
|
||||
network = self.create_topology_network(name,
|
||||
networks_client=networks_client)
|
||||
subnet_client = self.cmgr_adm.subnets_client
|
||||
subnet_name = network['name'] + 'ipv4-sub'
|
||||
subnet_ipv4 = self.create_topology_subnet(subnet_name, network,
|
||||
subnets_client=subnet_client,
|
||||
cidr='20.21.0.0/16')
|
||||
subnet = self._create_ipv6_subnet(network, cidr="4012::/64",
|
||||
slaac=True)
|
||||
network_1 = self.create_topology_network(name,
|
||||
networks_client=networks_client)
|
||||
subnet_ipv4_1 = self.create_topology_subnet(subnet_name, network_1,
|
||||
subnets_client=subnet_client,
|
||||
cidr='20.22.0.0/16')
|
||||
subnet_1 = self._create_ipv6_subnet(network_1, cidr="4013::/64",
|
||||
slaac=True)
|
||||
rtr_name = data_utils.rand_name("ipv6-rtr")
|
||||
router = self.create_topology_router(
|
||||
rtr_name, routers_client=self.cmgr_adm.routers_client)
|
||||
interface = self.add_router_interface(
|
||||
router_client=self.cmgr_adm.routers_client,
|
||||
router_id=router['id'], subnet_id=subnet['id'])
|
||||
self.assertEqual(subnet['id'], interface['subnet_id'])
|
||||
interface = self.add_router_interface(
|
||||
router_client=self.cmgr_adm.routers_client,
|
||||
router_id=router['id'], subnet_id=subnet_ipv4['id'])
|
||||
self.assertEqual(subnet_ipv4['id'], interface['subnet_id'])
|
||||
interface = self.add_router_interface(
|
||||
router_client=self.cmgr_adm.routers_client,
|
||||
router_id=router['id'], subnet_id=subnet_1['id'])
|
||||
self.assertEqual(subnet_1['id'], interface['subnet_id'])
|
||||
interface = self.add_router_interface(
|
||||
router_client=self.cmgr_adm.routers_client,
|
||||
router_id=router['id'], subnet_id=subnet_ipv4_1['id'])
|
||||
self.assertEqual(subnet_ipv4_1['id'], interface['subnet_id'])
|
||||
|
|
|
@ -18,6 +18,7 @@ from oslo_log import log as logging
|
|||
|
||||
from tempest import config
|
||||
from tempest.lib.common.utils import data_utils
|
||||
from tempest.lib.common.utils import test_utils
|
||||
from tempest.lib import decorators
|
||||
from tempest import test
|
||||
|
||||
|
@ -76,6 +77,53 @@ class TestMultiHVNetworkOps(manager.NetworkScenarioTest):
|
|||
self.kvm_image = CONF.compute.image_ref_alt
|
||||
self.config_drive = CONF.compute_feature_enabled.config_drive
|
||||
|
||||
def _create_router(self, router_name=None, admin_state_up=True,
|
||||
external_network_id=None, enable_snat=None,
|
||||
**kwargs):
|
||||
ext_gw_info = {}
|
||||
if external_network_id:
|
||||
ext_gw_info['network_id'] = external_network_id
|
||||
if enable_snat is not None:
|
||||
ext_gw_info['enable_snat'] = enable_snat
|
||||
body = self.routers_client.create_router(
|
||||
name=router_name, external_gateway_info=ext_gw_info,
|
||||
admin_state_up=admin_state_up, **kwargs)
|
||||
router = body.get('router', body)
|
||||
self.addCleanup(self._delete_router, router)
|
||||
return router
|
||||
|
||||
def _delete_router(self, router):
|
||||
body = self.ports_client.list_ports(device_id=router['id'])
|
||||
interfaces = body['ports']
|
||||
for i in interfaces:
|
||||
test_utils.call_and_ignore_notfound_exc(
|
||||
self.routers_client.remove_router_interface, router['id'],
|
||||
subnet_id=i['fixed_ips'][0]['subnet_id'])
|
||||
self.routers_client.delete_router(router['id'])
|
||||
|
||||
def _create_subnet(self, network, cidr, subnets_client=None, **kwargs):
|
||||
client = subnets_client or self.subnets_client
|
||||
body = client.create_subnet(
|
||||
name=data_utils.rand_name('subnet-default1'),
|
||||
network_id=network['id'], tenant_id=network['tenant_id'],
|
||||
cidr=cidr, ip_version=4, **kwargs)
|
||||
subnet = body.get('subnet', body)
|
||||
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
|
||||
client.delete_subnet, subnet['id'])
|
||||
return subnet
|
||||
|
||||
def _create_subnet_v6(self, network, cidr, subnets_client=None, **kwargs):
|
||||
client = subnets_client or self.subnets_client
|
||||
body = client.create_subnet(
|
||||
name=data_utils.rand_name('ipv6_subnet-default1'),
|
||||
network_id=network['id'], tenant_id=network['tenant_id'],
|
||||
cidr=cidr, ip_version=6, ipv6_ra_mode='slaac',
|
||||
ipv6_address_mode='slaac', **kwargs)
|
||||
subnet = body.get('subnet', body)
|
||||
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
|
||||
client.delete_subnet, subnet['id'])
|
||||
return subnet
|
||||
|
||||
def _setup_l2_topo(self, **kwargs):
|
||||
self.security_group = self._create_security_group()
|
||||
self.network, self.subnet, self.router = self.create_networks(**kwargs)
|
||||
|
@ -90,6 +138,111 @@ class TestMultiHVNetworkOps(manager.NetworkScenarioTest):
|
|||
floating_ip = self.create_floating_ip(esx_server)
|
||||
self.floating_ip_tuple = Floating_IP_tuple(floating_ip, esx_server)
|
||||
|
||||
def _setup_l2_ipv6_topo(self):
|
||||
self.security_group = self._create_security_group()
|
||||
self.network = self._create_network()
|
||||
rulesets = [
|
||||
dict(
|
||||
direction='ingress',
|
||||
protocol='icmpv6',
|
||||
ethertype='IPv6',
|
||||
),
|
||||
dict(
|
||||
direction='egress',
|
||||
protocol='icmpv6',
|
||||
ethertype='IPv6',
|
||||
)
|
||||
]
|
||||
rules = []
|
||||
for ruleset in rulesets:
|
||||
rules.append(
|
||||
self._create_security_group_rule(
|
||||
tenant_id=self.network['tenant_id'],
|
||||
secgroup=self.security_group,
|
||||
**ruleset))
|
||||
self.subnet = self._create_subnet(self.network,
|
||||
cidr='14.168.1.0/24')
|
||||
self.subnet_v6 = self._create_subnet_v6(self.network,
|
||||
cidr='3010::/64')
|
||||
self.router = self._create_router(
|
||||
router_name=data_utils.rand_name('router-default1'),
|
||||
external_network_id=CONF.network.public_network_id)
|
||||
self.routers_client.add_router_interface(
|
||||
self.router['id'], subnet_id=self.subnet['id'])
|
||||
self.routers_client.add_router_interface(
|
||||
self.router['id'], subnet_id=self.subnet_v6['id'])
|
||||
self.addCleanup(self.routers_client.remove_router_interface,
|
||||
self.router['id'], subnet_id=self.subnet['id'])
|
||||
self.addCleanup(self.routers_client.remove_router_interface,
|
||||
self.router['id'], subnet_id=self.subnet_v6['id'])
|
||||
esx_server_name = data_utils.rand_name('server-esx')
|
||||
kvm_server_name = data_utils.rand_name('server-kvm')
|
||||
# Create a VM on ESX hypervisor
|
||||
esx_server = self._create_server(esx_server_name, self.network,
|
||||
image_id=self.esx_image)
|
||||
# Create a VM on KVM hypervisor
|
||||
self._create_server(kvm_server_name, self.network,
|
||||
image_id=self.kvm_image)
|
||||
floating_ip = self.create_floating_ip(esx_server)
|
||||
self.floating_ip_tuple = Floating_IP_tuple(floating_ip, esx_server)
|
||||
|
||||
def _setup_l3_ipv6_topo(self):
|
||||
self.security_group = self._create_security_group()
|
||||
self.network = self._create_network()
|
||||
rulesets = [
|
||||
dict(
|
||||
direction='ingress',
|
||||
protocol='icmpv6',
|
||||
ethertype='IPv6',
|
||||
),
|
||||
dict(
|
||||
direction='egress',
|
||||
protocol='icmpv6',
|
||||
ethertype='IPv6',
|
||||
)
|
||||
]
|
||||
rules = []
|
||||
for ruleset in rulesets:
|
||||
rules.append(
|
||||
self._create_security_group_rule(
|
||||
tenant_id=self.network['tenant_id'],
|
||||
secgroup=self.security_group,
|
||||
**ruleset))
|
||||
self.subnet = self._create_subnet(self.network,
|
||||
cidr='14.168.1.0/24')
|
||||
self.subnet_v6 = self._create_subnet_v6(self.network,
|
||||
cidr='3010::/64')
|
||||
self.network_1 = self._create_network()
|
||||
self.subnet_1 = self._create_subnet(self.network_1,
|
||||
cidr='14.169.1.0/24')
|
||||
self.subnet_v6_1 = self._create_subnet_v6(self.network_1,
|
||||
cidr='3110::/64')
|
||||
self.router = self._create_router(
|
||||
router_name=data_utils.rand_name('router-default1'),
|
||||
external_network_id=CONF.network.public_network_id)
|
||||
self.routers_client.add_router_interface(
|
||||
self.router['id'], subnet_id=self.subnet['id'])
|
||||
self.routers_client.add_router_interface(
|
||||
self.router['id'], subnet_id=self.subnet_v6['id'])
|
||||
self.routers_client.add_router_interface(
|
||||
self.router['id'], subnet_id=self.subnet_1['id'])
|
||||
self.routers_client.add_router_interface(
|
||||
self.router['id'], subnet_id=self.subnet_v6_1['id'])
|
||||
self.addCleanup(self.routers_client.remove_router_interface,
|
||||
self.router['id'], subnet_id=self.subnet_1['id'])
|
||||
self.addCleanup(self.routers_client.remove_router_interface,
|
||||
self.router['id'], subnet_id=self.subnet_v6_1['id'])
|
||||
esx_server_name = data_utils.rand_name('server-esx')
|
||||
kvm_server_name = data_utils.rand_name('server-kvm')
|
||||
# Create a VM on ESX hypervisor
|
||||
esx_server = self._create_server(esx_server_name, self.network,
|
||||
image_id=self.esx_image)
|
||||
# Create a VM on KVM hypervisor
|
||||
self._create_server(kvm_server_name, self.network_1,
|
||||
image_id=self.kvm_image)
|
||||
floating_ip = self.create_floating_ip(esx_server)
|
||||
self.floating_ip_tuple = Floating_IP_tuple(floating_ip, esx_server)
|
||||
|
||||
def _create_server(self, name, network, image_id=None):
|
||||
keypair = self.create_keypair()
|
||||
self.keypairs[keypair['name']] = keypair
|
||||
|
@ -113,6 +266,14 @@ class TestMultiHVNetworkOps(manager.NetworkScenarioTest):
|
|||
*args, **kwargs)
|
||||
return ports_list['ports']
|
||||
|
||||
def get_internal_ipv6_ips(self, server, network, device="compute"):
|
||||
internal_ips = [p['fixed_ips'][1]['ip_address'] for p in
|
||||
self.admin_manager.ports_client.list_ports(
|
||||
tenant_id=server['tenant_id'],
|
||||
network_id=network['id'])['ports'] if
|
||||
p['device_owner'].startswith(device)]
|
||||
return internal_ips
|
||||
|
||||
def _check_network_internal_connectivity(self, network,
|
||||
should_connect=True):
|
||||
floating_ip, server = self.floating_ip_tuple
|
||||
|
@ -125,6 +286,15 @@ class TestMultiHVNetworkOps(manager.NetworkScenarioTest):
|
|||
network_ips,
|
||||
should_connect)
|
||||
|
||||
def _check_network_vm_ipv6_connectivity(self, network,
|
||||
should_connect=True):
|
||||
floating_ip, server = self.floating_ip_tuple
|
||||
# test internal connectivity to the other VM on the same network
|
||||
compute_ips = self.get_internal_ipv6_ips(server, network)
|
||||
self._check_server_connectivity(floating_ip,
|
||||
compute_ips,
|
||||
should_connect)
|
||||
|
||||
def _check_network_vm_connectivity(self, network,
|
||||
should_connect=True):
|
||||
floating_ip, server = self.floating_ip_tuple
|
||||
|
@ -171,3 +341,31 @@ class TestMultiHVNetworkOps(manager.NetworkScenarioTest):
|
|||
self._setup_l2_topo()
|
||||
self._check_network_internal_connectivity(network=self.network)
|
||||
self._check_network_vm_connectivity(network=self.network)
|
||||
|
||||
@decorators.attr(type='nsxv3')
|
||||
@decorators.idempotent_id('b6ed294d-8557-4fab-b7dc-c1088213f873')
|
||||
def test_multi_hv_network_ipv6_l2_ops(self):
|
||||
"""Test connectivity between ESX VM and KVM VM on same network
|
||||
|
||||
Boot VM on the same network with both ESX and KVM images and test
|
||||
L2 network connectivity if they are on the same L2 IPv6 network.
|
||||
|
||||
"""
|
||||
self._setup_l2_ipv6_topo()
|
||||
self._check_network_internal_connectivity(network=self.network)
|
||||
self._check_network_vm_connectivity(network=self.network)
|
||||
self._check_network_vm_ipv6_connectivity(network=self.network)
|
||||
|
||||
@decorators.attr(type='nsxv3')
|
||||
@decorators.idempotent_id('b6ed294d-8557-4fab-b7dc-c1088213f873')
|
||||
def test_multi_hv_network_ipv6_l3_ops(self):
|
||||
"""Test connectivity between ESX VM and KVM VM on diff network
|
||||
|
||||
Boot VM on the same network with both ESX and KVM images and test
|
||||
L3 network connectivity if they are on the diff IPv6 networks.
|
||||
|
||||
"""
|
||||
self._setup_l3_ipv6_topo()
|
||||
self._check_network_internal_connectivity(network=self.network)
|
||||
self._check_network_vm_connectivity(network=self.network)
|
||||
self._check_network_vm_ipv6_connectivity(network=self.network_1)
|
||||
|
|
|
@ -125,6 +125,18 @@ class TestProviderSecurityGroup(manager.NetworkScenarioTest):
|
|||
client.delete_subnet, subnet['id'])
|
||||
return subnet
|
||||
|
||||
def _create_subnet_v6(self, network, cidr, subnets_client=None, **kwargs):
|
||||
client = subnets_client or self.subnets_client
|
||||
body = client.create_subnet(
|
||||
name=data_utils.rand_name('ipv6-subnet-psg'),
|
||||
network_id=network['id'], tenant_id=network['tenant_id'],
|
||||
cidr=cidr, ip_version=6, ipv6_ra_mode='slaac',
|
||||
ipv6_address_mode='slaac', **kwargs)
|
||||
subnet = body.get('subnet', body)
|
||||
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
|
||||
client.delete_subnet, subnet['id'])
|
||||
return subnet
|
||||
|
||||
def _list_ports(self, *args, **kwargs):
|
||||
"""List ports using admin creds """
|
||||
ports_list = self.admin_manager.ports_client.list_ports(
|
||||
|
@ -180,6 +192,19 @@ class TestProviderSecurityGroup(manager.NetworkScenarioTest):
|
|||
sgr = sgr_client.create_security_group_rule(**sgr_dict)
|
||||
return sgr.get('security_group_rule', sgr)
|
||||
|
||||
def create_security_group_ipv6_rule(self, security_group_id,
|
||||
cmgr=None, project_id=None,
|
||||
protocol=None):
|
||||
cmgr = cmgr or self.cmgr_adm
|
||||
sgr_client = cmgr.security_group_rules_client
|
||||
sgr_dict = dict(security_group_id=security_group_id,
|
||||
direction='ingress', ethertype='IPv6',
|
||||
protocol=protocol)
|
||||
if project_id:
|
||||
sgr_dict['tenant_id'] = project_id
|
||||
sgr = sgr_client.create_security_group_rule(**sgr_dict)
|
||||
return sgr.get('security_group_rule', sgr)
|
||||
|
||||
def create_network_topo(self):
|
||||
self.security_group = self._create_security_group()
|
||||
self.network = self._create_network()
|
||||
|
@ -197,6 +222,108 @@ class TestProviderSecurityGroup(manager.NetworkScenarioTest):
|
|||
subnet=self.subnet, router=self.router)
|
||||
return networks
|
||||
|
||||
def create_network_ipv6_topo(self):
|
||||
self.security_group = self._create_security_group()
|
||||
self.network = self._create_network()
|
||||
rulesets = [
|
||||
dict(
|
||||
direction='ingress',
|
||||
protocol='icmpv6',
|
||||
ethertype='IPv6',
|
||||
),
|
||||
dict(
|
||||
direction='egress',
|
||||
protocol='icmpv6',
|
||||
ethertype='IPv6',
|
||||
)
|
||||
]
|
||||
rules = []
|
||||
for ruleset in rulesets:
|
||||
rules.append(
|
||||
self._create_security_group_rule(
|
||||
tenant_id=self.network['tenant_id'],
|
||||
secgroup=self.security_group,
|
||||
**ruleset))
|
||||
self.subnet = self._create_subnet(self.network,
|
||||
cidr='10.168.1.0/24')
|
||||
self.subnet_v6 = self._create_subnet_v6(self.network,
|
||||
cidr='2020::/64')
|
||||
self.router = self._create_router(
|
||||
router_name=data_utils.rand_name('router-psg'),
|
||||
external_network_id=CONF.network.public_network_id)
|
||||
self.routers_client.add_router_interface(
|
||||
self.router['id'], subnet_id=self.subnet['id'])
|
||||
self.routers_client.add_router_interface(
|
||||
self.router['id'], subnet_id=self.subnet_v6['id'])
|
||||
self.addCleanup(self.routers_client.remove_router_interface,
|
||||
self.router['id'], subnet_id=self.subnet['id'])
|
||||
self.addCleanup(self.routers_client.remove_router_interface,
|
||||
self.router['id'], subnet_id=self.subnet_v6['id'])
|
||||
networks = dict(security_group=self.security_group,
|
||||
network=self.network,
|
||||
subnet=self.subnet,
|
||||
subnet_v6=self.subnet_v6,
|
||||
router=self.router)
|
||||
return networks
|
||||
|
||||
def create_multi_network_ipv6_topo(self):
|
||||
self.security_group = self._create_security_group()
|
||||
self.network = self._create_network(namestart="net-psg")
|
||||
rulesets = [
|
||||
dict(
|
||||
direction='ingress',
|
||||
protocol='icmpv6',
|
||||
ethertype='IPv6',
|
||||
),
|
||||
dict(
|
||||
direction='egress',
|
||||
protocol='icmpv6',
|
||||
ethertype='IPv6',
|
||||
)
|
||||
]
|
||||
rules = []
|
||||
for ruleset in rulesets:
|
||||
rules.append(
|
||||
self._create_security_group_rule(
|
||||
tenant_id=self.network['tenant_id'],
|
||||
secgroup=self.security_group,
|
||||
**ruleset))
|
||||
self.subnet = self._create_subnet(self.network,
|
||||
cidr='10.168.1.0/24')
|
||||
self.subnet_v6 = self._create_subnet_v6(self.network,
|
||||
cidr='2020::/64')
|
||||
self.network_2 = self._create_network()
|
||||
self.subnet_2 = self._create_subnet(self.network_2,
|
||||
cidr='10.168.2.0/24')
|
||||
self.subnet_2_v6 = self._create_subnet_v6(self.network_2,
|
||||
cidr='2021::/64')
|
||||
self.router = self._create_router(
|
||||
router_name=data_utils.rand_name('router-psg'),
|
||||
external_network_id=CONF.network.public_network_id)
|
||||
self.routers_client.add_router_interface(
|
||||
self.router['id'], subnet_id=self.subnet['id'])
|
||||
self.routers_client.add_router_interface(
|
||||
self.router['id'], subnet_id=self.subnet_v6['id'])
|
||||
self.addCleanup(self.routers_client.remove_router_interface,
|
||||
self.router['id'], subnet_id=self.subnet['id'])
|
||||
self.addCleanup(self.routers_client.remove_router_interface,
|
||||
self.router['id'], subnet_id=self.subnet_v6['id'])
|
||||
self.routers_client.add_router_interface(
|
||||
self.router['id'], subnet_id=self.subnet_2['id'])
|
||||
self.routers_client.add_router_interface(
|
||||
self.router['id'], subnet_id=self.subnet_2_v6['id'])
|
||||
self.addCleanup(self.routers_client.remove_router_interface,
|
||||
self.router['id'], subnet_id=self.subnet_2['id'])
|
||||
self.addCleanup(self.routers_client.remove_router_interface,
|
||||
self.router['id'], subnet_id=self.subnet_2_v6['id'])
|
||||
networks_topo = dict(security_group=self.security_group,
|
||||
network=self.network,
|
||||
subnet=self.subnet, subnet_v6=self.subnet_v6,
|
||||
router=self.router,
|
||||
network2=self.network_2, subnet2=self.subnet_2,
|
||||
subnet_2_v6=self.subnet_2_v6)
|
||||
return networks_topo
|
||||
|
||||
def create_multi_network_topo(self):
|
||||
self.security_group = self._create_security_group()
|
||||
self.network = self._create_network(namestart="net-psg")
|
||||
|
@ -230,7 +357,8 @@ class TestProviderSecurityGroup(manager.NetworkScenarioTest):
|
|||
msg = "ip address %s is reachable" % remote_ip
|
||||
try:
|
||||
self.assertTrue(self._check_remote_connectivity
|
||||
(ssh_source, remote_ip, should_connect),
|
||||
(ssh_source, remote_ip,
|
||||
should_connect),
|
||||
msg)
|
||||
except Exception:
|
||||
LOG.exception("Unable to access {dest} via ssh to "
|
||||
|
@ -326,6 +454,36 @@ class TestProviderSecurityGroup(manager.NetworkScenarioTest):
|
|||
private_key_default_vm,
|
||||
should_connect=False)
|
||||
|
||||
def _test_v6_connectivity_between_default_psg_server(self, network_topo):
|
||||
server_name_default = \
|
||||
data_utils.rand_name('server-default-sec-group')
|
||||
network = network_topo['network']
|
||||
server_default = self._create_server(server_name_default, network)
|
||||
project_id = network['tenant_id']
|
||||
sg = self.create_security_provider_group(provider=True,
|
||||
project_id=project_id)
|
||||
sg_id = sg.get('id')
|
||||
server_name_psg = data_utils.rand_name('server-psg-sec-group')
|
||||
server_psg = self._create_server(server_name_psg, network)
|
||||
floating_ip_default = self.create_floating_ip(server_default)
|
||||
self.create_floating_ip(server_psg)
|
||||
for addr in server_psg['addresses']:
|
||||
for ip in server_psg['addresses'][addr]:
|
||||
if ip['version'] == 6:
|
||||
private_ip_address_psg_vm = ip['addr']
|
||||
ip_address_default_vm = floating_ip_default['floating_ip_address']
|
||||
private_key_default_vm = self._get_server_key(server_default)
|
||||
self._check_server_connectivity(ip_address_default_vm,
|
||||
private_ip_address_psg_vm,
|
||||
private_key_default_vm)
|
||||
self.create_security_group_ipv6_rule(sg_id, cmgr=self.cmgr_adm,
|
||||
protocol='icmpv6')
|
||||
time.sleep(constants.NSX_BACKEND_TIME_INTERVAL)
|
||||
self._check_server_connectivity(ip_address_default_vm,
|
||||
private_ip_address_psg_vm,
|
||||
private_key_default_vm,
|
||||
should_connect=False)
|
||||
|
||||
def _test_ping_when_psg_enabled_disbaled_on_port(self, network_topo):
|
||||
server_name_default = data_utils.rand_name('server-default-sec-group')
|
||||
network = network_topo['network']
|
||||
|
@ -416,6 +574,69 @@ class TestProviderSecurityGroup(manager.NetworkScenarioTest):
|
|||
private_ip_address_default_vm_2,
|
||||
private_key_default_vm_1)
|
||||
|
||||
def _test_build_up_topology_and_check_v6_connectivity(self, network_topo):
|
||||
server_name_default_1 =\
|
||||
data_utils.rand_name('server-default-sec-group-1')
|
||||
server_name_default_2 =\
|
||||
data_utils.rand_name('server-default-sec-group-2')
|
||||
network = network_topo['network']
|
||||
if 'network2' in network_topo:
|
||||
network2 = network_topo['network2']
|
||||
else:
|
||||
network2 = network
|
||||
server_default_1 = self._create_server(server_name_default_1, network)
|
||||
server_default_2 = self._create_server(server_name_default_2,
|
||||
network2)
|
||||
project_id = network['tenant_id']
|
||||
sg = self.create_security_provider_group(provider=True,
|
||||
project_id=project_id)
|
||||
sg_id = sg.get('id')
|
||||
server_name_psg_1 = data_utils.rand_name('server-psg-sec-group1')
|
||||
server_psg_1 = self._create_server(server_name_psg_1, network)
|
||||
server_name_psg_2 = data_utils.rand_name('server-psg-sec-group2')
|
||||
server_psg_2 = self._create_server(server_name_psg_2, network2)
|
||||
floating_ip_default_1 = self.create_floating_ip(server_default_1)
|
||||
self.create_floating_ip(server_psg_1)
|
||||
ip_address_default_vm_1 = floating_ip_default_1['floating_ip_address']
|
||||
for addr in server_psg_1['addresses']:
|
||||
for ip in server_psg_1['addresses'][addr]:
|
||||
if ip['version'] == 6:
|
||||
private_ip_address_psg_vm_1 = ip['addr']
|
||||
private_key_default_vm_1 = self._get_server_key(server_default_1)
|
||||
self.create_floating_ip(server_default_2)
|
||||
self.create_floating_ip(server_psg_2)
|
||||
for addr in server_psg_2['addresses']:
|
||||
for ip in server_psg_2['addresses'][addr]:
|
||||
if ip['version'] == 6:
|
||||
private_ip_address_psg_vm_2 = ip['addr']
|
||||
for addr in server_default_2['addresses']:
|
||||
for ip in server_default_2['addresses'][addr]:
|
||||
if ip['version'] == 6:
|
||||
private_ip_address_default_vm_2 = ip['addr']
|
||||
self._check_server_connectivity(ip_address_default_vm_1,
|
||||
private_ip_address_psg_vm_1,
|
||||
private_key_default_vm_1)
|
||||
self._check_server_connectivity(ip_address_default_vm_1,
|
||||
private_ip_address_psg_vm_2,
|
||||
private_key_default_vm_1)
|
||||
self._check_server_connectivity(ip_address_default_vm_1,
|
||||
private_ip_address_default_vm_2,
|
||||
private_key_default_vm_1)
|
||||
self.create_security_group_ipv6_rule(sg_id, cmgr=self.cmgr_adm,
|
||||
protocol='icmpv6')
|
||||
time.sleep(constants.NSX_BACKEND_TIME_INTERVAL)
|
||||
self._check_server_connectivity(ip_address_default_vm_1,
|
||||
private_ip_address_psg_vm_1,
|
||||
private_key_default_vm_1,
|
||||
should_connect=False)
|
||||
self._check_server_connectivity(ip_address_default_vm_1,
|
||||
private_ip_address_psg_vm_2,
|
||||
private_key_default_vm_1,
|
||||
should_connect=False)
|
||||
self._check_server_connectivity(ip_address_default_vm_1,
|
||||
private_ip_address_default_vm_2,
|
||||
private_key_default_vm_1)
|
||||
|
||||
@decorators.attr(type='nsxv3')
|
||||
@decorators.idempotent_id('9d4192e9-b1b7-48c9-af04-67a82637c715')
|
||||
def test_connectivity_between_default_psg_server(self):
|
||||
|
@ -447,3 +668,18 @@ class TestProviderSecurityGroup(manager.NetworkScenarioTest):
|
|||
def test_ping_when_psg_enabled_disbaled_on_port(self):
|
||||
self.network_topo = self.create_multi_network_topo()
|
||||
self._test_ping_when_psg_enabled_disbaled_on_port(self.network_topo)
|
||||
|
||||
@decorators.attr(type='nsxv3')
|
||||
@decorators.idempotent_id('086456fd-db2e-4151-ab72-04f62a8a95fc')
|
||||
def test_ipv6_connectivity_between_default_psg_server(self):
|
||||
self.network_topo = self.create_network_ipv6_topo()
|
||||
self._test_v6_connectivity_between_default_psg_server(
|
||||
self.network_topo)
|
||||
|
||||
@decorators.attr(type='nsxv3')
|
||||
@decorators.idempotent_id('8426ae72-c6ce-4af5-9ac5-b3c74686353f')
|
||||
def test_ipv6_connectivity_between_default_psg_server_with_multi_networks(
|
||||
self):
|
||||
self.network_topo = self.create_multi_network_ipv6_topo()
|
||||
self._test_build_up_topology_and_check_v6_connectivity(
|
||||
self.network_topo)
|
||||
|
|
Loading…
Reference in New Issue