Gitiles
Code Review Sign In
spfactory.storpool.com / tempest / 01472ff2ab26e2d14cd68dcb94f17b140a845efe / . / tempest / api / network / test_fwaas_extensions.py
blob: e2b6ff1c95fa00fc3559cf9ef2f44ae2b31e010a [file] [log] [blame]
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]1# Copyright 2014 NEC Corporation. All rights reserved.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
Matthew Treinish01472ff2015-02-20 17:26:52 -0500[diff] [blame^]15from tempest_lib.common.utils import data_utils
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]16from tempest_lib import exceptions as lib_exc
17
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]18from tempest.api.network import base
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]19from tempest import config
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]20from tempest import exceptions
21from tempest import test
22
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]23CONF = config.CONF
24
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]25
26class FWaaSExtensionTestJSON(base.BaseNetworkTest):
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]27
28 """
29 Tests the following operations in the Neutron API using the REST client for
30 Neutron:
31
32 List firewall rules
33 Create firewall rule
34 Update firewall rule
35 Delete firewall rule
36 Show firewall rule
37 List firewall policies
38 Create firewall policy
39 Update firewall policy
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]40 Insert firewall rule to policy
41 Remove firewall rule from policy
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]42 Insert firewall rule after/before rule in policy
43 Update firewall policy audited attribute
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]44 Delete firewall policy
45 Show firewall policy
46 List firewall
47 Create firewall
48 Update firewall
49 Delete firewall
50 Show firewall
51 """
52
53 @classmethod
Andrea Frittolida4a2452014-09-15 13:12:08 +0100[diff] [blame]54 def resource_setup(cls):
55 super(FWaaSExtensionTestJSON, cls).resource_setup()
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]56 if not test.is_extension_enabled('fwaas', 'network'):
57 msg = "FWaaS Extension not enabled."
58 raise cls.skipException(msg)
59 cls.fw_rule = cls.create_firewall_rule("allow", "tcp")
60 cls.fw_policy = cls.create_firewall_policy()
61
62 def _try_delete_policy(self, policy_id):
63 # delete policy, if it exists
64 try:
65 self.client.delete_firewall_policy(policy_id)
66 # if policy is not found, this means it was deleted in the test
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]67 except lib_exc.NotFound:
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]68 pass
69
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]70 def _try_delete_rule(self, rule_id):
71 # delete rule, if it exists
72 try:
73 self.client.delete_firewall_rule(rule_id)
74 # if rule is not found, this means it was deleted in the test
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]75 except lib_exc.NotFound:
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]76 pass
77
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]78 def _try_delete_firewall(self, fw_id):
79 # delete firewall, if it exists
80 try:
81 self.client.delete_firewall(fw_id)
82 # if firewall is not found, this means it was deleted in the test
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]83 except lib_exc.NotFound:
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]84 pass
85
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]86 self.client.wait_for_resource_deletion('firewall', fw_id)
87
armando-migliaccioc9e9bf62014-08-22 13:57:23 -0700[diff] [blame]88 def _wait_until_ready(self, fw_id):
89 target_states = ('ACTIVE', 'CREATED')
90
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]91 def _wait():
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]92 firewall = self.client.show_firewall(fw_id)
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]93 firewall = firewall['firewall']
armando-migliaccioc9e9bf62014-08-22 13:57:23 -0700[diff] [blame]94 return firewall['status'] in target_states
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]95
96 if not test.call_until_true(_wait, CONF.network.build_timeout,
97 CONF.network.build_interval):
armando-migliaccioc9e9bf62014-08-22 13:57:23 -0700[diff] [blame]98 m = ("Timed out waiting for firewall %s to reach %s state(s)" %
99 (fw_id, target_states))
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]100 raise exceptions.TimeoutException(m)
101
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]102 @test.idempotent_id('1b84cf01-9c09-4ce7-bc72-b15e39076468')
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]103 def test_list_firewall_rules(self):
104 # List firewall rules
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]105 fw_rules = self.client.list_firewall_rules()
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]106 fw_rules = fw_rules['firewall_rules']
107 self.assertIn((self.fw_rule['id'],
108 self.fw_rule['name'],
109 self.fw_rule['action'],
110 self.fw_rule['protocol'],
111 self.fw_rule['ip_version'],
112 self.fw_rule['enabled']),
113 [(m['id'],
114 m['name'],
115 m['action'],
116 m['protocol'],
117 m['ip_version'],
118 m['enabled']) for m in fw_rules])
119
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]120 @test.idempotent_id('563564f7-7077-4f5e-8cdc-51f37ae5a2b9')
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]121 def test_create_update_delete_firewall_rule(self):
122 # Create firewall rule
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]123 body = self.client.create_firewall_rule(
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]124 name=data_utils.rand_name("fw-rule"),
125 action="allow",
126 protocol="tcp")
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]127 fw_rule_id = body['firewall_rule']['id']
128
129 # Update firewall rule
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]130 body = self.client.update_firewall_rule(fw_rule_id,
131 shared=True)
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]132 self.assertTrue(body["firewall_rule"]['shared'])
133
134 # Delete firewall rule
Rohan Kanadeeeb21642014-08-14 12:00:26 +0200[diff] [blame]135 self.client.delete_firewall_rule(fw_rule_id)
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]136 # Confirm deletion
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]137 fw_rules = self.client.list_firewall_rules()
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]138 self.assertNotIn(fw_rule_id,
139 [m['id'] for m in fw_rules['firewall_rules']])
140
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]141 @test.idempotent_id('3ff8c08e-26ff-4034-ae48-810ed213a998')
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]142 def test_show_firewall_rule(self):
143 # show a created firewall rule
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]144 fw_rule = self.client.show_firewall_rule(self.fw_rule['id'])
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]145 for key, value in fw_rule['firewall_rule'].iteritems():
146 self.assertEqual(self.fw_rule[key], value)
147
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]148 @test.idempotent_id('1086dd93-a4c0-4bbb-a1bd-6d4bc62c199f')
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]149 def test_list_firewall_policies(self):
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]150 fw_policies = self.client.list_firewall_policies()
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]151 fw_policies = fw_policies['firewall_policies']
152 self.assertIn((self.fw_policy['id'],
153 self.fw_policy['name'],
154 self.fw_policy['firewall_rules']),
155 [(m['id'],
156 m['name'],
157 m['firewall_rules']) for m in fw_policies])
158
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]159 @test.idempotent_id('bbf37b6c-498c-421e-9c95-45897d3ed775')
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]160 def test_create_update_delete_firewall_policy(self):
161 # Create firewall policy
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]162 body = self.client.create_firewall_policy(
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]163 name=data_utils.rand_name("fw-policy"))
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]164 fw_policy_id = body['firewall_policy']['id']
165 self.addCleanup(self._try_delete_policy, fw_policy_id)
166
167 # Update firewall policy
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]168 body = self.client.update_firewall_policy(fw_policy_id,
169 shared=True,
170 name="updated_policy")
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]171 updated_fw_policy = body["firewall_policy"]
172 self.assertTrue(updated_fw_policy['shared'])
173 self.assertEqual("updated_policy", updated_fw_policy['name'])
174
175 # Delete firewall policy
Rohan Kanadeeeb21642014-08-14 12:00:26 +0200[diff] [blame]176 self.client.delete_firewall_policy(fw_policy_id)
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]177 # Confirm deletion
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]178 fw_policies = self.client.list_firewall_policies()
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]179 fw_policies = fw_policies['firewall_policies']
180 self.assertNotIn(fw_policy_id, [m['id'] for m in fw_policies])
181
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]182 @test.idempotent_id('1df59b3a-517e-41d4-96f6-fc31cf4ecff2')
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]183 def test_show_firewall_policy(self):
184 # show a created firewall policy
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]185 fw_policy = self.client.show_firewall_policy(self.fw_policy['id'])
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]186 fw_policy = fw_policy['firewall_policy']
187 for key, value in fw_policy.iteritems():
188 self.assertEqual(self.fw_policy[key], value)
189
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]190 @test.idempotent_id('02082a03-3cdd-4789-986a-1327dd80bfb7')
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]191 def test_create_show_delete_firewall(self):
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]192 # Create tenant network resources required for an ACTIVE firewall
193 network = self.create_network()
194 subnet = self.create_subnet(network)
195 router = self.create_router(
196 data_utils.rand_name('router-'),
197 admin_state_up=True)
198 self.client.add_router_interface_with_subnet_id(
199 router['id'], subnet['id'])
200
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]201 # Create firewall
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]202 body = self.client.create_firewall(
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]203 name=data_utils.rand_name("firewall"),
204 firewall_policy_id=self.fw_policy['id'])
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]205 created_firewall = body['firewall']
206 firewall_id = created_firewall['id']
207 self.addCleanup(self._try_delete_firewall, firewall_id)
208
armando-migliaccioc9e9bf62014-08-22 13:57:23 -0700[diff] [blame]209 # Wait for the firewall resource to become ready
210 self._wait_until_ready(firewall_id)
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]211
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]212 # show a created firewall
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]213 firewall = self.client.show_firewall(firewall_id)
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]214 firewall = firewall['firewall']
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]215
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]216 for key, value in firewall.iteritems():
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]217 if key == 'status':
218 continue
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]219 self.assertEqual(created_firewall[key], value)
220
221 # list firewall
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]222 firewalls = self.client.list_firewalls()
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]223 firewalls = firewalls['firewalls']
224 self.assertIn((created_firewall['id'],
225 created_firewall['name'],
226 created_firewall['firewall_policy_id']),
227 [(m['id'],
228 m['name'],
229 m['firewall_policy_id']) for m in firewalls])
230
231 # Delete firewall
Rohan Kanadeeeb21642014-08-14 12:00:26 +0200[diff] [blame]232 self.client.delete_firewall(firewall_id)
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]233
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]234 @test.attr(type='smoke')
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]235 @test.idempotent_id('53305b4b-9897-4e01-87c0-2ae386083180')
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]236 def test_firewall_rule_insertion_position_removal_rule_from_policy(self):
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]237 # Create firewall rule
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]238 body = self.client.create_firewall_rule(
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]239 name=data_utils.rand_name("fw-rule"),
240 action="allow",
241 protocol="tcp")
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]242 fw_rule_id1 = body['firewall_rule']['id']
243 self.addCleanup(self._try_delete_rule, fw_rule_id1)
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]244 # Create firewall policy
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]245 body = self.client.create_firewall_policy(
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]246 name=data_utils.rand_name("fw-policy"))
247 fw_policy_id = body['firewall_policy']['id']
248 self.addCleanup(self._try_delete_policy, fw_policy_id)
249
250 # Insert rule to firewall policy
251 self.client.insert_firewall_rule_in_policy(
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]252 fw_policy_id, fw_rule_id1, '', '')
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]253
254 # Verify insertion of rule in policy
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]255 self.assertIn(fw_rule_id1, self._get_list_fw_rule_ids(fw_policy_id))
256 # Create another firewall rule
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]257 body = self.client.create_firewall_rule(
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]258 name=data_utils.rand_name("fw-rule"),
259 action="allow",
260 protocol="icmp")
261 fw_rule_id2 = body['firewall_rule']['id']
262 self.addCleanup(self._try_delete_rule, fw_rule_id2)
263
264 # Insert rule to firewall policy after the first rule
265 self.client.insert_firewall_rule_in_policy(
266 fw_policy_id, fw_rule_id2, fw_rule_id1, '')
267
268 # Verify the posiition of rule after insertion
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]269 fw_rule = self.client.show_firewall_rule(
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]270 fw_rule_id2)
271
272 self.assertEqual(int(fw_rule['firewall_rule']['position']), 2)
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]273 # Remove rule from the firewall policy
274 self.client.remove_firewall_rule_from_policy(
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]275 fw_policy_id, fw_rule_id2)
276 # Insert rule to firewall policy before the first rule
277 self.client.insert_firewall_rule_in_policy(
278 fw_policy_id, fw_rule_id2, '', fw_rule_id1)
279 # Verify the posiition of rule after insertion
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]280 fw_rule = self.client.show_firewall_rule(
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]281 fw_rule_id2)
282 self.assertEqual(int(fw_rule['firewall_rule']['position']), 1)
283 # Remove rule from the firewall policy
284 self.client.remove_firewall_rule_from_policy(
285 fw_policy_id, fw_rule_id2)
286 # Verify removal of rule from firewall policy
287 self.assertNotIn(fw_rule_id2, self._get_list_fw_rule_ids(fw_policy_id))
288
289 # Remove rule from the firewall policy
290 self.client.remove_firewall_rule_from_policy(
291 fw_policy_id, fw_rule_id1)
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]292
293 # Verify removal of rule from firewall policy
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]294 self.assertNotIn(fw_rule_id1, self._get_list_fw_rule_ids(fw_policy_id))
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]295
296 def _get_list_fw_rule_ids(self, fw_policy_id):
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]297 fw_policy = self.client.show_firewall_policy(
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]298 fw_policy_id)
299 return [ruleid for ruleid in fw_policy['firewall_policy']
300 ['firewall_rules']]
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]301
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]302 @test.idempotent_id('8515ca8a-0d2f-4298-b5ff-6f924e4587ca')
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]303 def test_update_firewall_policy_audited_attribute(self):
304 # Create firewall rule
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]305 body = self.client.create_firewall_rule(
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]306 name=data_utils.rand_name("fw-rule"),
307 action="allow",
308 protocol="icmp")
309 fw_rule_id = body['firewall_rule']['id']
310 self.addCleanup(self._try_delete_rule, fw_rule_id)
311 # Create firewall policy
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]312 body = self.client.create_firewall_policy(
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]313 name=data_utils.rand_name('fw-policy'))
314 fw_policy_id = body['firewall_policy']['id']
315 self.addCleanup(self._try_delete_policy, fw_policy_id)
316 self.assertFalse(body['firewall_policy']['audited'])
317 # Update firewall policy audited attribute to ture
318 self.client.update_firewall_policy(fw_policy_id,
319 audited=True)
320 # Insert Firewall rule to firewall policy
321 self.client.insert_firewall_rule_in_policy(
322 fw_policy_id, fw_rule_id, '', '')
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]323 body = self.client.show_firewall_policy(
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]324 fw_policy_id)
325 self.assertFalse(body['firewall_policy']['audited'])