| Attila Fazekas | a23f500 | 2012-10-23 19:32:45 +0200 | [diff] [blame] | 1 | # vim: tabstop=4 shiftwidth=4 softtabstop=4 |
| 2 | |
| 3 | # Copyright 2012 OpenStack, LLC |
| 4 | # All Rights Reserved. |
| 5 | # |
| 6 | # Licensed under the Apache License, Version 2.0 (the "License"); you may |
| 7 | # not use this file except in compliance with the License. You may obtain |
| 8 | # a copy of the License at |
| 9 | # |
| 10 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 11 | # |
| 12 | # Unless required by applicable law or agreed to in writing, software |
| 13 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| 14 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
| 15 | # License for the specific language governing permissions and limitations |
| 16 | # under the License. |
| 17 | |
| 18 | from nose.plugins.attrib import attr |
| 19 | import unittest2 as unittest |
| 20 | from tempest.testboto import BotoTestCase |
| 21 | from tempest.common.utils.data_utils import rand_name |
| 22 | from tempest import openstack |
| 23 | |
| 24 | |
| 25 | @attr("EC2") |
| 26 | class EC2SecurityGroupTest(BotoTestCase): |
| 27 | |
| 28 | @classmethod |
| 29 | def setUpClass(cls): |
| 30 | super(EC2SecurityGroupTest, cls).setUpClass() |
| 31 | cls.os = openstack.Manager() |
| 32 | cls.client = cls.os.ec2api_client |
| 33 | |
| 34 | @attr(type='smoke') |
| 35 | def test_create_authorize_security_group(self): |
| 36 | """EC2 Create, authorize/revoke security group""" |
| 37 | group_name = rand_name("securty_group-") |
| 38 | group_description = group_name + " security group description " |
| 39 | group = self.client.create_security_group(group_name, |
| 40 | group_description) |
| 41 | self.addResourceCleanUp(self.client.delete_security_group, group_name) |
| Matthew Treinish | 12eb3aa | 2012-11-30 16:52:14 -0500 | [diff] [blame^] | 42 | groups_get = self.client.get_all_security_groups( |
| 43 | groupnames=(group_name,)) |
| Attila Fazekas | a23f500 | 2012-10-23 19:32:45 +0200 | [diff] [blame] | 44 | self.assertEqual(len(groups_get), 1) |
| 45 | group_get = groups_get[0] |
| 46 | self.assertEqual(group.name, group_get.name) |
| 47 | self.assertEqual(group.name, group_get.name) |
| 48 | #ping (icmp_echo) and other icmp allowed from everywhere |
| 49 | # from_port and to_port act as icmp type |
| 50 | success = self.client.authorize_security_group(group_name, |
| 51 | ip_protocol="icmp", |
| 52 | cidr_ip="0.0.0.0/0", |
| 53 | from_port=-1, |
| 54 | to_port=-1) |
| 55 | self.assertTrue(success) |
| 56 | #allow standard ssh port from anywhere |
| 57 | success = self.client.authorize_security_group(group_name, |
| 58 | ip_protocol="tcp", |
| 59 | cidr_ip="0.0.0.0/0", |
| 60 | from_port=22, |
| 61 | to_port=22) |
| 62 | self.assertTrue(success) |
| 63 | #TODO(afazekas): Duplicate tests |
| Matthew Treinish | 12eb3aa | 2012-11-30 16:52:14 -0500 | [diff] [blame^] | 64 | group_get = self.client.get_all_security_groups( |
| 65 | groupnames=(group_name,))[0] |
| Attila Fazekas | a23f500 | 2012-10-23 19:32:45 +0200 | [diff] [blame] | 66 | #remove listed rules |
| 67 | for ip_permission in group_get.rules: |
| 68 | for cidr in ip_permission.grants: |
| 69 | self.assertTrue(self.client.revoke_security_group(group_name, |
| 70 | ip_protocol=ip_permission.ip_protocol, |
| 71 | cidr_ip=cidr, |
| 72 | from_port=ip_permission.from_port, |
| 73 | to_port=ip_permission.to_port)) |
| 74 | |
| Matthew Treinish | 12eb3aa | 2012-11-30 16:52:14 -0500 | [diff] [blame^] | 75 | group_get = self.client.get_all_security_groups( |
| 76 | groupnames=(group_name,))[0] |
| Attila Fazekas | a23f500 | 2012-10-23 19:32:45 +0200 | [diff] [blame] | 77 | #all rules shuld be removed now |
| 78 | self.assertEqual(0, len(group_get.rules)) |