# Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. from tempest import config from tempest.lib import decorators from tempest.lib import exceptions from vmware_nsx_tempest_plugin.lib import feature_manager CONF = config.CONF class IPv6SecurityGroupsTest(feature_manager.FeatureManager): """Test the following operations for security groups: port create port delete port list port show port update """ @classmethod def skip_checks(cls): super(IPv6SecurityGroupsTest, cls).skip_checks() if not (CONF.network_feature_enabled.ipv6 and CONF.network_feature_enabled.ipv6_subnet_attributes): raise cls.skipException('IPv6 or its attributes not supported') if not (CONF.network.project_networks_reachable or CONF.network.public_network_id): msg = ('Either project_networks_reachable must be "true", or ' 'public_network_id must be defined.') raise cls.skipException(msg) @classmethod def setup_clients(cls): super(IPv6SecurityGroupsTest, cls).setup_clients() cls.cmgr_adm = cls.get_client_manager('admin') @classmethod def resource_setup(cls): super(IPv6SecurityGroupsTest, cls).resource_setup() def _create_ipv6_topology(self): name = "ipv6-network" networks_client = self.cmgr_adm.networks_client network = self.create_topology_network(name, networks_client=networks_client) address_cidr = CONF.network.project_network_v6_cidr address_prefixlen = CONF.network.project_network_v6_mask_bits if ((address_prefixlen >= 126)): msg = ("Subnet %s isn't large enough for the test" % address_cidr) raise exceptions.InvalidConfiguration(msg) allocation_pools = {'allocation_pools': [{ 'start': str(address_cidr).split('/')[0] + '2', 'end':str(address_cidr).split('/')[0] + '70'}]} subnet_client = self.cmgr_adm.subnets_client subnet_name = network['name'] + 'sub' self.create_topology_subnet(subnet_name, network, subnets_client=subnet_client, ip_version=6, enable_dhcp=False, **allocation_pools) return network def _create_ipv4_v6_topology(self): name = "ipv4-v6-network" networks_client = self.cmgr_adm.networks_client network = self.create_topology_network(name, networks_client=networks_client) address_cidr = CONF.network.project_network_v6_cidr address_prefixlen = CONF.network.project_network_v6_mask_bits if ((address_prefixlen >= 126)): msg = ("Subnet %s isn't large enough for the test" % address_cidr) raise exceptions.InvalidConfiguration(msg) allocation_pools = {'allocation_pools': [{ 'start': str(address_cidr).split('/')[0] + '2', 'end':str(address_cidr).split('/')[0] + '70'}]} subnet_client = self.cmgr_adm.subnets_client subnet_name = network['name'] + 'ipv6-sub' self.create_topology_subnet(subnet_name, network, subnets_client=subnet_client, ip_version=6, enable_dhcp=False, **allocation_pools) subnet_name = network['name'] + 'ipv4-sub' self.create_topology_subnet(subnet_name, network, subnets_client=subnet_client) return network @decorators.attr(type=['nsxv3', 'positive']) @decorators.idempotent_id('a8dfdba6-7dcf-4082-9669-0fbaa4b0fb2c') def test_create_security_group_rules_with_v4_v6_prefix(self): """ Test create security group with ipv4 and ipv6 remote ip prefix rules """ sg = self.create_topology_security_group() ipv4_prefix = "192.168.1.0/24" ipv6_prefix = "2010:1:10::/64" sg_ipv4_rule = self.add_security_group_rule( security_group=sg, protocol='tcp', ethertype='IPv4', direction='ingress', remote_ip_prefix=ipv4_prefix) self.assertEqual(sg_ipv4_rule['remote_ip_prefix'], ipv4_prefix) sg_ipv6_rule = self.add_security_group_rule( security_group=sg, protocol='tcp', ethertype='IPv6', direction='egress', remote_ip_prefix=ipv6_prefix) self.assertEqual(sg_ipv6_rule['remote_ip_prefix'], ipv6_prefix) @decorators.attr(type=['nsxv3', 'positive']) @decorators.idempotent_id('037413a8-0db7-411a-a389-0ecc9007b6ef') def test_create_security_group_with_ipv6_port(self): """ Test create security group with ipv6 rule and attach to port with ipv6 address """ sec_client = self.cmgr_adm.security_groups_client sec_rule_client = self.cmgr_adm.security_group_rules_client network = self._create_ipv6_topology() sec_group = self._create_empty_security_group( namestart="tempest-ipv6-", client=sec_client) rule = dict( direction='ingress', ethertype='IPv6', protocol='udp', remote_ip_prefix='2010:1:10::/64') self._create_security_group_rule( sec_group_rules_client=sec_rule_client, security_groups_client=sec_client, secgroup=sec_group, **rule) port_client = self.cmgr_adm.ports_client body = self.create_topology_port(network=network, ports_client=port_client, security_groups=[sec_group['id']]) port = body['port'] for sg in port["security_groups"]: self.assertEqual(sg, sec_group['id']) @decorators.attr(type=['nsxv3', 'positive']) @decorators.idempotent_id('0604fee9-011e-4b5e-886a-620669a8c2f5') def test_create_security_group_with_ipv4_v6_port(self): """ Test create security group with ipv6 rule and attach to port with ipv6 address """ sec_client = self.cmgr_adm.security_groups_client sec_rule_client = self.cmgr_adm.security_group_rules_client network = self._create_ipv4_v6_topology() sec_group = self._create_empty_security_group( namestart="tempest-ipv6-", client=sec_client) rule = dict( direction='ingress', ethertype='IPv6', protocol='tcp') self._create_security_group_rule( sec_group_rules_client=sec_rule_client, security_groups_client=sec_client, secgroup=sec_group, **rule) port_client = self.cmgr_adm.ports_client body = self.create_topology_port(network=network, ports_client=port_client, security_groups=[sec_group['id']]) port = body['port'] for sg in port["security_groups"]: self.assertEqual(sg, sec_group['id'])