Gitiles
Code Review Sign In
spfactory.storpool.com / tempest / 128bbed7a023096b84a2462295a4e7bd4cd0b226 / . / tempest / api / network / test_vpnaas_extensions.py
blob: 56e1a05c257fd6f61112dfe6b55fd20af6ccabf1 [file] [log] [blame]
Anju Tiwari860097d2013-10-17 11:10:39 +0530[diff] [blame]1# Copyright 2013 OpenStack Foundation
2# All Rights Reserved.
3#
4# Licensed under the Apache License, Version 2.0 (the "License"); you may
5# not use this file except in compliance with the License. You may obtain
6# a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13# License for the specific language governing permissions and limitations
14# under the License.
15
16from tempest.api.network import base
Masayuki Igawa259c1132013-10-31 17:48:44 +0900[diff] [blame]17from tempest.common.utils import data_utils
Matthew Treinish03b48df2014-01-29 16:59:49 +0000[diff] [blame]18from tempest import config
raiesmh08df3fac42014-06-02 15:42:18 +0530[diff] [blame]19from tempest import exceptions
mouad benchchaouiea2440d2013-12-22 00:38:06 +0100[diff] [blame]20from tempest import test
Anju Tiwari860097d2013-10-17 11:10:39 +0530[diff] [blame]21
Matthew Treinish03b48df2014-01-29 16:59:49 +0000[diff] [blame]22CONF = config.CONF
23
Anju Tiwari860097d2013-10-17 11:10:39 +0530[diff] [blame]24
Miguel Lavalle3581e462014-03-27 19:01:46 -0500[diff] [blame]25class VPNaaSTestJSON(base.BaseAdminNetworkTest):
Anju Tiwari860097d2013-10-17 11:10:39 +0530[diff] [blame]26 _interface = 'json'
27
28 """
29 Tests the following operations in the Neutron API using the REST client for
30 Neutron:
Miguel Lavalle3581e462014-03-27 19:01:46 -0500[diff] [blame]31 List, Show, Create, Delete, and Update VPN Service
raiesmh08bd6070d2013-12-06 15:13:38 +0530[diff] [blame]32 List, Show, Create, Delete, and Update IKE policy
Miguel Lavalle3581e462014-03-27 19:01:46 -0500[diff] [blame]33 List, Show, Create, Delete, and Update IPSec policy
Anju Tiwari860097d2013-10-17 11:10:39 +0530[diff] [blame]34 """
35
36 @classmethod
Andrea Frittolida4a2452014-09-15 13:12:08 +0100[diff] [blame]37 def resource_setup(cls):
mouad benchchaouiea2440d2013-12-22 00:38:06 +0100[diff] [blame]38 if not test.is_extension_enabled('vpnaas', 'network'):
39 msg = "vpnaas extension not enabled."
40 raise cls.skipException(msg)
Andrea Frittolida4a2452014-09-15 13:12:08 +0100[diff] [blame]41 super(VPNaaSTestJSON, cls).resource_setup()
vikasa347ffd2014-09-30 23:19:10 -0700[diff] [blame]42 cls.ext_net_id = CONF.network.public_network_id
Anju Tiwari860097d2013-10-17 11:10:39 +0530[diff] [blame]43 cls.network = cls.create_network()
44 cls.subnet = cls.create_subnet(cls.network)
Nachi Ueno41ecf5b2013-12-10 13:26:33 -0800[diff] [blame]45 cls.router = cls.create_router(
Miguel Lavalle3581e462014-03-27 19:01:46 -0500[diff] [blame]46 data_utils.rand_name("router"),
Matthew Treinish03b48df2014-01-29 16:59:49 +0000[diff] [blame]47 external_network_id=CONF.network.public_network_id)
Anju Tiwari860097d2013-10-17 11:10:39 +0530[diff] [blame]48 cls.create_router_interface(cls.router['id'], cls.subnet['id'])
49 cls.vpnservice = cls.create_vpnservice(cls.subnet['id'],
50 cls.router['id'])
Miguel Lavalle3581e462014-03-27 19:01:46 -0500[diff] [blame]51
Eugene Nikanorov909ded12013-12-15 17:45:37 +0400[diff] [blame]52 cls.ikepolicy = cls.create_ikepolicy(
53 data_utils.rand_name("ike-policy-"))
raiesmh08df3fac42014-06-02 15:42:18 +0530[diff] [blame]54 cls.ipsecpolicy = cls.create_ipsecpolicy(
55 data_utils.rand_name("ipsec-policy-"))
raiesmh08bd6070d2013-12-06 15:13:38 +0530[diff] [blame]56
57 def _delete_ike_policy(self, ike_policy_id):
58 # Deletes a ike policy and verifies if it is deleted or not
59 ike_list = list()
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]60 all_ike = self.client.list_ikepolicies()
raiesmh08bd6070d2013-12-06 15:13:38 +0530[diff] [blame]61 for ike in all_ike['ikepolicies']:
62 ike_list.append(ike['id'])
63 if ike_policy_id in ike_list:
Rohan Kanadeeeb21642014-08-14 12:00:26 +0200[diff] [blame]64 self.client.delete_ikepolicy(ike_policy_id)
raiesmh08bd6070d2013-12-06 15:13:38 +0530[diff] [blame]65 # Asserting that the policy is not found in list after deletion
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]66 ikepolicies = self.client.list_ikepolicies()
raiesmh08bd6070d2013-12-06 15:13:38 +0530[diff] [blame]67 ike_id_list = list()
68 for i in ikepolicies['ikepolicies']:
69 ike_id_list.append(i['id'])
70 self.assertNotIn(ike_policy_id, ike_id_list)
Anju Tiwari860097d2013-10-17 11:10:39 +0530[diff] [blame]71
raiesmh08df3fac42014-06-02 15:42:18 +0530[diff] [blame]72 def _delete_ipsec_policy(self, ipsec_policy_id):
73 # Deletes an ike policy if it exists
74 try:
75 self.client.delete_ipsecpolicy(ipsec_policy_id)
76
77 except exceptions.NotFound:
78 pass
79
80 def _assertExpected(self, expected, actual):
81 # Check if not expected keys/values exists in actual response body
82 for key, value in expected.iteritems():
83 self.assertIn(key, actual)
84 self.assertEqual(value, actual[key])
85
Miguel Lavalle3581e462014-03-27 19:01:46 -0500[diff] [blame]86 def _delete_vpn_service(self, vpn_service_id):
Rohan Kanadeeeb21642014-08-14 12:00:26 +0200[diff] [blame]87 self.client.delete_vpnservice(vpn_service_id)
Miguel Lavalle3581e462014-03-27 19:01:46 -0500[diff] [blame]88 # Asserting if vpn service is found in the list after deletion
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]89 body = self.client.list_vpnservices()
Miguel Lavalle3581e462014-03-27 19:01:46 -0500[diff] [blame]90 vpn_services = [vs['id'] for vs in body['vpnservices']]
91 self.assertNotIn(vpn_service_id, vpn_services)
92
93 def _get_tenant_id(self):
94 """
95 Returns the tenant_id of the client current user
96 """
97 # TODO(jroovers) This is a temporary workaround to get the tenant_id
98 # of the the current client. Replace this once tenant_isolation for
99 # neutron is fixed.
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]100 body = self.client.show_network(self.network['id'])
Miguel Lavalle3581e462014-03-27 19:01:46 -0500[diff] [blame]101 return body['network']['tenant_id']
102
103 @test.attr(type='smoke')
104 def test_admin_create_ipsec_policy_for_tenant(self):
105 tenant_id = self._get_tenant_id()
106 # Create IPSec policy for the newly created tenant
107 name = data_utils.rand_name('ipsec-policy')
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]108 body = (self.admin_client.
109 create_ipsecpolicy(name=name, tenant_id=tenant_id))
Miguel Lavalle3581e462014-03-27 19:01:46 -0500[diff] [blame]110 ipsecpolicy = body['ipsecpolicy']
111 self.assertIsNotNone(ipsecpolicy['id'])
112 self.addCleanup(self.admin_client.delete_ipsecpolicy,
113 ipsecpolicy['id'])
114
115 # Assert that created ipsec policy is found in API list call
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]116 body = self.client.list_ipsecpolicies()
Miguel Lavalle3581e462014-03-27 19:01:46 -0500[diff] [blame]117 ipsecpolicies = [policy['id'] for policy in body['ipsecpolicies']]
118 self.assertIn(ipsecpolicy['id'], ipsecpolicies)
119
120 @test.attr(type='smoke')
121 def test_admin_create_vpn_service_for_tenant(self):
122 tenant_id = self._get_tenant_id()
123
124 # Create vpn service for the newly created tenant
vikasa347ffd2014-09-30 23:19:10 -0700[diff] [blame]125 network2 = self.create_network()
126 subnet2 = self.create_subnet(network2)
127 router2 = self.create_router(data_utils.rand_name('router-'),
128 external_network_id=self.ext_net_id)
129 self.create_router_interface(router2['id'], subnet2['id'])
Miguel Lavalle3581e462014-03-27 19:01:46 -0500[diff] [blame]130 name = data_utils.rand_name('vpn-service')
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]131 body = self.admin_client.create_vpnservice(
vikasa347ffd2014-09-30 23:19:10 -0700[diff] [blame]132 subnet_id=subnet2['id'],
133 router_id=router2['id'],
Miguel Lavalle3581e462014-03-27 19:01:46 -0500[diff] [blame]134 name=name,
135 admin_state_up=True,
136 tenant_id=tenant_id)
Miguel Lavalle3581e462014-03-27 19:01:46 -0500[diff] [blame]137 vpnservice = body['vpnservice']
138 self.assertIsNotNone(vpnservice['id'])
139 self.addCleanup(self.admin_client.delete_vpnservice, vpnservice['id'])
Miguel Lavalle3581e462014-03-27 19:01:46 -0500[diff] [blame]140 # Assert that created vpnservice is found in API list call
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]141 body = self.client.list_vpnservices()
Miguel Lavalle3581e462014-03-27 19:01:46 -0500[diff] [blame]142 vpn_services = [vs['id'] for vs in body['vpnservices']]
143 self.assertIn(vpnservice['id'], vpn_services)
144
145 @test.attr(type='smoke')
146 def test_admin_create_ike_policy_for_tenant(self):
147 tenant_id = self._get_tenant_id()
148
149 # Create IKE policy for the newly created tenant
150 name = data_utils.rand_name('ike-policy')
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]151 body = (self.admin_client.
152 create_ikepolicy(name=name, ike_version="v1",
153 encryption_algorithm="aes-128",
154 auth_algorithm="sha1",
155 tenant_id=tenant_id))
Miguel Lavalle3581e462014-03-27 19:01:46 -0500[diff] [blame]156 ikepolicy = body['ikepolicy']
157 self.assertIsNotNone(ikepolicy['id'])
158 self.addCleanup(self.admin_client.delete_ikepolicy, ikepolicy['id'])
159
160 # Assert that created ike policy is found in API list call
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]161 body = self.client.list_ikepolicies()
Miguel Lavalle3581e462014-03-27 19:01:46 -0500[diff] [blame]162 ikepolicies = [ikp['id'] for ikp in body['ikepolicies']]
163 self.assertIn(ikepolicy['id'], ikepolicies)
164
mouad benchchaouiea2440d2013-12-22 00:38:06 +0100[diff] [blame]165 @test.attr(type='smoke')
Anju Tiwari860097d2013-10-17 11:10:39 +0530[diff] [blame]166 def test_list_vpn_services(self):
167 # Verify the VPN service exists in the list of all VPN services
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]168 body = self.client.list_vpnservices()
Anju Tiwari860097d2013-10-17 11:10:39 +0530[diff] [blame]169 vpnservices = body['vpnservices']
170 self.assertIn(self.vpnservice['id'], [v['id'] for v in vpnservices])
171
mouad benchchaouiea2440d2013-12-22 00:38:06 +0100[diff] [blame]172 @test.attr(type='smoke')
Anju Tiwari860097d2013-10-17 11:10:39 +0530[diff] [blame]173 def test_create_update_delete_vpn_service(self):
Miguel Lavalle3581e462014-03-27 19:01:46 -0500[diff] [blame]174 # Creates a VPN service and sets up deletion
vikasa347ffd2014-09-30 23:19:10 -0700[diff] [blame]175 network1 = self.create_network()
176 subnet1 = self.create_subnet(network1)
177 router1 = self.create_router(data_utils.rand_name('router-'),
178 external_network_id=self.ext_net_id)
179 self.create_router_interface(router1['id'], subnet1['id'])
180 name = data_utils.rand_name('vpn-service1')
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]181 body = self.client.create_vpnservice(subnet_id=subnet1['id'],
182 router_id=router1['id'],
183 name=name,
184 admin_state_up=True)
Anju Tiwari860097d2013-10-17 11:10:39 +0530[diff] [blame]185 vpnservice = body['vpnservice']
Miguel Lavalle3581e462014-03-27 19:01:46 -0500[diff] [blame]186 self.addCleanup(self._delete_vpn_service, vpnservice['id'])
Anju Tiwari860097d2013-10-17 11:10:39 +0530[diff] [blame]187 # Assert if created vpnservices are not found in vpnservices list
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]188 body = self.client.list_vpnservices()
Anju Tiwari860097d2013-10-17 11:10:39 +0530[diff] [blame]189 vpn_services = [vs['id'] for vs in body['vpnservices']]
190 self.assertIsNotNone(vpnservice['id'])
191 self.assertIn(vpnservice['id'], vpn_services)
192
193 # TODO(raies): implement logic to update vpnservice
194 # VPNaaS client function to update is implemented.
195 # But precondition is that current state of vpnservice
196 # should be "ACTIVE" not "PENDING*"
197
mouad benchchaouiea2440d2013-12-22 00:38:06 +0100[diff] [blame]198 @test.attr(type='smoke')
Anju Tiwari860097d2013-10-17 11:10:39 +0530[diff] [blame]199 def test_show_vpn_service(self):
200 # Verifies the details of a vpn service
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]201 body = self.client.show_vpnservice(self.vpnservice['id'])
Anju Tiwari860097d2013-10-17 11:10:39 +0530[diff] [blame]202 vpnservice = body['vpnservice']
203 self.assertEqual(self.vpnservice['id'], vpnservice['id'])
204 self.assertEqual(self.vpnservice['name'], vpnservice['name'])
205 self.assertEqual(self.vpnservice['description'],
206 vpnservice['description'])
207 self.assertEqual(self.vpnservice['router_id'], vpnservice['router_id'])
208 self.assertEqual(self.vpnservice['subnet_id'], vpnservice['subnet_id'])
209 self.assertEqual(self.vpnservice['tenant_id'], vpnservice['tenant_id'])
Miguel Lavalle3581e462014-03-27 19:01:46 -0500[diff] [blame]210 valid_status = ["ACTIVE", "DOWN", "BUILD", "ERROR", "PENDING_CREATE",
211 "PENDING_UPDATE", "PENDING_DELETE"]
212 self.assertIn(vpnservice['status'], valid_status)
raiesmh08bd6070d2013-12-06 15:13:38 +0530[diff] [blame]213
mouad benchchaouiea2440d2013-12-22 00:38:06 +0100[diff] [blame]214 @test.attr(type='smoke')
raiesmh08bd6070d2013-12-06 15:13:38 +0530[diff] [blame]215 def test_list_ike_policies(self):
216 # Verify the ike policy exists in the list of all IKE policies
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]217 body = self.client.list_ikepolicies()
raiesmh08bd6070d2013-12-06 15:13:38 +0530[diff] [blame]218 ikepolicies = body['ikepolicies']
219 self.assertIn(self.ikepolicy['id'], [i['id'] for i in ikepolicies])
220
mouad benchchaouiea2440d2013-12-22 00:38:06 +0100[diff] [blame]221 @test.attr(type='smoke')
raiesmh08bd6070d2013-12-06 15:13:38 +0530[diff] [blame]222 def test_create_update_delete_ike_policy(self):
223 # Creates a IKE policy
Miguel Lavalle3581e462014-03-27 19:01:46 -0500[diff] [blame]224 name = data_utils.rand_name('ike-policy')
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]225 body = (self.client.create_ikepolicy(
226 name=name,
227 ike_version="v1",
228 encryption_algorithm="aes-128",
229 auth_algorithm="sha1"))
raiesmh08bd6070d2013-12-06 15:13:38 +0530[diff] [blame]230 ikepolicy = body['ikepolicy']
Miguel Lavalle3581e462014-03-27 19:01:46 -0500[diff] [blame]231 self.assertIsNotNone(ikepolicy['id'])
raiesmh08bd6070d2013-12-06 15:13:38 +0530[diff] [blame]232 self.addCleanup(self._delete_ike_policy, ikepolicy['id'])
Miguel Lavalle3581e462014-03-27 19:01:46 -0500[diff] [blame]233
234 # Update IKE Policy
235 new_ike = {'name': data_utils.rand_name("New-IKE"),
236 'description': "Updated ike policy",
237 'encryption_algorithm': "aes-256",
238 'ike_version': "v2",
239 'pfs': "group14",
240 'lifetime': {'units': "seconds", 'value': 2000}}
Rohan Kanadeeeb21642014-08-14 12:00:26 +0200[diff] [blame]241 self.client.update_ikepolicy(ikepolicy['id'], **new_ike)
Miguel Lavalle3581e462014-03-27 19:01:46 -0500[diff] [blame]242 # Confirm that update was successful by verifying using 'show'
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]243 body = self.client.show_ikepolicy(ikepolicy['id'])
Miguel Lavalle3581e462014-03-27 19:01:46 -0500[diff] [blame]244 ike_policy = body['ikepolicy']
245 for key, value in new_ike.iteritems():
246 self.assertIn(key, ike_policy)
247 self.assertEqual(value, ike_policy[key])
248
raiesmh08bd6070d2013-12-06 15:13:38 +0530[diff] [blame]249 # Verification of ike policy delete
Rohan Kanadeeeb21642014-08-14 12:00:26 +0200[diff] [blame]250 self.client.delete_ikepolicy(ikepolicy['id'])
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]251 body = self.client.list_ikepolicies()
Miguel Lavalle3581e462014-03-27 19:01:46 -0500[diff] [blame]252 ikepolicies = [ikp['id'] for ikp in body['ikepolicies']]
253 self.assertNotIn(ike_policy['id'], ikepolicies)
raiesmh08bd6070d2013-12-06 15:13:38 +0530[diff] [blame]254
mouad benchchaouiea2440d2013-12-22 00:38:06 +0100[diff] [blame]255 @test.attr(type='smoke')
raiesmh08bd6070d2013-12-06 15:13:38 +0530[diff] [blame]256 def test_show_ike_policy(self):
257 # Verifies the details of a ike policy
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]258 body = self.client.show_ikepolicy(self.ikepolicy['id'])
raiesmh08bd6070d2013-12-06 15:13:38 +0530[diff] [blame]259 ikepolicy = body['ikepolicy']
260 self.assertEqual(self.ikepolicy['id'], ikepolicy['id'])
261 self.assertEqual(self.ikepolicy['name'], ikepolicy['name'])
262 self.assertEqual(self.ikepolicy['description'],
263 ikepolicy['description'])
264 self.assertEqual(self.ikepolicy['encryption_algorithm'],
265 ikepolicy['encryption_algorithm'])
266 self.assertEqual(self.ikepolicy['auth_algorithm'],
267 ikepolicy['auth_algorithm'])
268 self.assertEqual(self.ikepolicy['tenant_id'],
269 ikepolicy['tenant_id'])
270 self.assertEqual(self.ikepolicy['pfs'],
271 ikepolicy['pfs'])
272 self.assertEqual(self.ikepolicy['phase1_negotiation_mode'],
273 ikepolicy['phase1_negotiation_mode'])
274 self.assertEqual(self.ikepolicy['ike_version'],
275 ikepolicy['ike_version'])
Mh Raiesc440bca2014-04-04 12:05:48 +0530[diff] [blame]276
raiesmh08df3fac42014-06-02 15:42:18 +0530[diff] [blame]277 @test.attr(type='smoke')
278 def test_list_ipsec_policies(self):
279 # Verify the ipsec policy exists in the list of all ipsec policies
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]280 body = self.client.list_ipsecpolicies()
raiesmh08df3fac42014-06-02 15:42:18 +0530[diff] [blame]281 ipsecpolicies = body['ipsecpolicies']
282 self.assertIn(self.ipsecpolicy['id'], [i['id'] for i in ipsecpolicies])
283
284 @test.attr(type='smoke')
285 def test_create_update_delete_ipsec_policy(self):
286 # Creates an ipsec policy
287 ipsec_policy_body = {'name': data_utils.rand_name('ipsec-policy'),
288 'pfs': 'group5',
289 'encryption_algorithm': "aes-128",
290 'auth_algorithm': 'sha1'}
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]291 resp_body = self.client.create_ipsecpolicy(**ipsec_policy_body)
raiesmh08df3fac42014-06-02 15:42:18 +0530[diff] [blame]292 ipsecpolicy = resp_body['ipsecpolicy']
293 self.addCleanup(self._delete_ipsec_policy, ipsecpolicy['id'])
294 self._assertExpected(ipsec_policy_body, ipsecpolicy)
295 # Verification of ipsec policy update
296 new_ipsec = {'description': 'Updated ipsec policy',
297 'pfs': 'group2',
298 'name': data_utils.rand_name("New-IPSec"),
299 'encryption_algorithm': "aes-256",
300 'lifetime': {'units': "seconds", 'value': '2000'}}
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]301 body = self.client.update_ipsecpolicy(ipsecpolicy['id'],
302 **new_ipsec)
raiesmh08df3fac42014-06-02 15:42:18 +0530[diff] [blame]303 updated_ipsec_policy = body['ipsecpolicy']
304 self._assertExpected(new_ipsec, updated_ipsec_policy)
305 # Verification of ipsec policy delete
Rohan Kanadeeeb21642014-08-14 12:00:26 +0200[diff] [blame]306 self.client.delete_ipsecpolicy(ipsecpolicy['id'])
raiesmh08df3fac42014-06-02 15:42:18 +0530[diff] [blame]307 self.assertRaises(exceptions.NotFound,
308 self.client.delete_ipsecpolicy, ipsecpolicy['id'])
309
310 @test.attr(type='smoke')
311 def test_show_ipsec_policy(self):
312 # Verifies the details of an ipsec policy
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]313 body = self.client.show_ipsecpolicy(self.ipsecpolicy['id'])
raiesmh08df3fac42014-06-02 15:42:18 +0530[diff] [blame]314 ipsecpolicy = body['ipsecpolicy']
315 self._assertExpected(self.ipsecpolicy, ipsecpolicy)