Gitiles
Code Review Sign In
spfactory.storpool.com / tempest / 80b938ae37b5da988547438dcdb45ba39c800aa4 / . / tempest / api / network / test_fwaas_extensions.py
blob: 8104567e3fd082eacd0d492e175471fa639d6d56 [file] [log] [blame]
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]1# Copyright 2014 NEC Corporation. All rights reserved.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
15from tempest.api.network import base
16from tempest.common.utils import data_utils
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]17from tempest import config
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]18from tempest import exceptions
19from tempest import test
20
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]21CONF = config.CONF
22
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]23
24class FWaaSExtensionTestJSON(base.BaseNetworkTest):
25 _interface = 'json'
26
27 """
28 Tests the following operations in the Neutron API using the REST client for
29 Neutron:
30
31 List firewall rules
32 Create firewall rule
33 Update firewall rule
34 Delete firewall rule
35 Show firewall rule
36 List firewall policies
37 Create firewall policy
38 Update firewall policy
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]39 Insert firewall rule to policy
40 Remove firewall rule from policy
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]41 Insert firewall rule after/before rule in policy
42 Update firewall policy audited attribute
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]43 Delete firewall policy
44 Show firewall policy
45 List firewall
46 Create firewall
47 Update firewall
48 Delete firewall
49 Show firewall
50 """
51
52 @classmethod
Andrea Frittolida4a2452014-09-15 13:12:08 +0100[diff] [blame]53 def resource_setup(cls):
54 super(FWaaSExtensionTestJSON, cls).resource_setup()
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]55 if not test.is_extension_enabled('fwaas', 'network'):
56 msg = "FWaaS Extension not enabled."
57 raise cls.skipException(msg)
58 cls.fw_rule = cls.create_firewall_rule("allow", "tcp")
59 cls.fw_policy = cls.create_firewall_policy()
60
61 def _try_delete_policy(self, policy_id):
62 # delete policy, if it exists
63 try:
64 self.client.delete_firewall_policy(policy_id)
65 # if policy is not found, this means it was deleted in the test
66 except exceptions.NotFound:
67 pass
68
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]69 def _try_delete_rule(self, rule_id):
70 # delete rule, if it exists
71 try:
72 self.client.delete_firewall_rule(rule_id)
73 # if rule is not found, this means it was deleted in the test
74 except exceptions.NotFound:
75 pass
76
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]77 def _try_delete_firewall(self, fw_id):
78 # delete firewall, if it exists
79 try:
80 self.client.delete_firewall(fw_id)
81 # if firewall is not found, this means it was deleted in the test
82 except exceptions.NotFound:
83 pass
84
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]85 self.client.wait_for_resource_deletion('firewall', fw_id)
86
armando-migliaccioc9e9bf62014-08-22 13:57:23 -0700[diff] [blame]87 def _wait_until_ready(self, fw_id):
88 target_states = ('ACTIVE', 'CREATED')
89
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]90 def _wait():
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]91 firewall = self.client.show_firewall(fw_id)
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]92 firewall = firewall['firewall']
armando-migliaccioc9e9bf62014-08-22 13:57:23 -0700[diff] [blame]93 return firewall['status'] in target_states
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]94
95 if not test.call_until_true(_wait, CONF.network.build_timeout,
96 CONF.network.build_interval):
armando-migliaccioc9e9bf62014-08-22 13:57:23 -0700[diff] [blame]97 m = ("Timed out waiting for firewall %s to reach %s state(s)" %
98 (fw_id, target_states))
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]99 raise exceptions.TimeoutException(m)
100
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]101 def test_list_firewall_rules(self):
102 # List firewall rules
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]103 fw_rules = self.client.list_firewall_rules()
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]104 fw_rules = fw_rules['firewall_rules']
105 self.assertIn((self.fw_rule['id'],
106 self.fw_rule['name'],
107 self.fw_rule['action'],
108 self.fw_rule['protocol'],
109 self.fw_rule['ip_version'],
110 self.fw_rule['enabled']),
111 [(m['id'],
112 m['name'],
113 m['action'],
114 m['protocol'],
115 m['ip_version'],
116 m['enabled']) for m in fw_rules])
117
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]118 def test_create_update_delete_firewall_rule(self):
119 # Create firewall rule
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]120 body = self.client.create_firewall_rule(
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]121 name=data_utils.rand_name("fw-rule"),
122 action="allow",
123 protocol="tcp")
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]124 fw_rule_id = body['firewall_rule']['id']
125
126 # Update firewall rule
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]127 body = self.client.update_firewall_rule(fw_rule_id,
128 shared=True)
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]129 self.assertTrue(body["firewall_rule"]['shared'])
130
131 # Delete firewall rule
Rohan Kanadeeeb21642014-08-14 12:00:26 +0200[diff] [blame]132 self.client.delete_firewall_rule(fw_rule_id)
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]133 # Confirm deletion
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]134 fw_rules = self.client.list_firewall_rules()
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]135 self.assertNotIn(fw_rule_id,
136 [m['id'] for m in fw_rules['firewall_rules']])
137
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]138 def test_show_firewall_rule(self):
139 # show a created firewall rule
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]140 fw_rule = self.client.show_firewall_rule(self.fw_rule['id'])
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]141 for key, value in fw_rule['firewall_rule'].iteritems():
142 self.assertEqual(self.fw_rule[key], value)
143
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]144 def test_list_firewall_policies(self):
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]145 fw_policies = self.client.list_firewall_policies()
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]146 fw_policies = fw_policies['firewall_policies']
147 self.assertIn((self.fw_policy['id'],
148 self.fw_policy['name'],
149 self.fw_policy['firewall_rules']),
150 [(m['id'],
151 m['name'],
152 m['firewall_rules']) for m in fw_policies])
153
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]154 def test_create_update_delete_firewall_policy(self):
155 # Create firewall policy
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]156 body = self.client.create_firewall_policy(
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]157 name=data_utils.rand_name("fw-policy"))
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]158 fw_policy_id = body['firewall_policy']['id']
159 self.addCleanup(self._try_delete_policy, fw_policy_id)
160
161 # Update firewall policy
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]162 body = self.client.update_firewall_policy(fw_policy_id,
163 shared=True,
164 name="updated_policy")
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]165 updated_fw_policy = body["firewall_policy"]
166 self.assertTrue(updated_fw_policy['shared'])
167 self.assertEqual("updated_policy", updated_fw_policy['name'])
168
169 # Delete firewall policy
Rohan Kanadeeeb21642014-08-14 12:00:26 +0200[diff] [blame]170 self.client.delete_firewall_policy(fw_policy_id)
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]171 # Confirm deletion
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]172 fw_policies = self.client.list_firewall_policies()
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]173 fw_policies = fw_policies['firewall_policies']
174 self.assertNotIn(fw_policy_id, [m['id'] for m in fw_policies])
175
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]176 def test_show_firewall_policy(self):
177 # show a created firewall policy
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]178 fw_policy = self.client.show_firewall_policy(self.fw_policy['id'])
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]179 fw_policy = fw_policy['firewall_policy']
180 for key, value in fw_policy.iteritems():
181 self.assertEqual(self.fw_policy[key], value)
182
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]183 def test_create_show_delete_firewall(self):
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]184 # Create tenant network resources required for an ACTIVE firewall
185 network = self.create_network()
186 subnet = self.create_subnet(network)
187 router = self.create_router(
188 data_utils.rand_name('router-'),
189 admin_state_up=True)
190 self.client.add_router_interface_with_subnet_id(
191 router['id'], subnet['id'])
192
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]193 # Create firewall
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]194 body = self.client.create_firewall(
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]195 name=data_utils.rand_name("firewall"),
196 firewall_policy_id=self.fw_policy['id'])
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]197 created_firewall = body['firewall']
198 firewall_id = created_firewall['id']
199 self.addCleanup(self._try_delete_firewall, firewall_id)
200
armando-migliaccioc9e9bf62014-08-22 13:57:23 -0700[diff] [blame]201 # Wait for the firewall resource to become ready
202 self._wait_until_ready(firewall_id)
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]203
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]204 # show a created firewall
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]205 firewall = self.client.show_firewall(firewall_id)
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]206 firewall = firewall['firewall']
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]207
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]208 for key, value in firewall.iteritems():
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]209 if key == 'status':
210 continue
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]211 self.assertEqual(created_firewall[key], value)
212
213 # list firewall
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]214 firewalls = self.client.list_firewalls()
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]215 firewalls = firewalls['firewalls']
216 self.assertIn((created_firewall['id'],
217 created_firewall['name'],
218 created_firewall['firewall_policy_id']),
219 [(m['id'],
220 m['name'],
221 m['firewall_policy_id']) for m in firewalls])
222
223 # Delete firewall
Rohan Kanadeeeb21642014-08-14 12:00:26 +0200[diff] [blame]224 self.client.delete_firewall(firewall_id)
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]225
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]226 @test.attr(type='smoke')
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]227 def test_firewall_rule_insertion_position_removal_rule_from_policy(self):
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]228 # Create firewall rule
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]229 body = self.client.create_firewall_rule(
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]230 name=data_utils.rand_name("fw-rule"),
231 action="allow",
232 protocol="tcp")
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]233 fw_rule_id1 = body['firewall_rule']['id']
234 self.addCleanup(self._try_delete_rule, fw_rule_id1)
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]235 # Create firewall policy
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]236 body = self.client.create_firewall_policy(
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]237 name=data_utils.rand_name("fw-policy"))
238 fw_policy_id = body['firewall_policy']['id']
239 self.addCleanup(self._try_delete_policy, fw_policy_id)
240
241 # Insert rule to firewall policy
242 self.client.insert_firewall_rule_in_policy(
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]243 fw_policy_id, fw_rule_id1, '', '')
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]244
245 # Verify insertion of rule in policy
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]246 self.assertIn(fw_rule_id1, self._get_list_fw_rule_ids(fw_policy_id))
247 # Create another firewall rule
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]248 body = self.client.create_firewall_rule(
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]249 name=data_utils.rand_name("fw-rule"),
250 action="allow",
251 protocol="icmp")
252 fw_rule_id2 = body['firewall_rule']['id']
253 self.addCleanup(self._try_delete_rule, fw_rule_id2)
254
255 # Insert rule to firewall policy after the first rule
256 self.client.insert_firewall_rule_in_policy(
257 fw_policy_id, fw_rule_id2, fw_rule_id1, '')
258
259 # Verify the posiition of rule after insertion
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]260 fw_rule = self.client.show_firewall_rule(
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]261 fw_rule_id2)
262
263 self.assertEqual(int(fw_rule['firewall_rule']['position']), 2)
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]264 # Remove rule from the firewall policy
265 self.client.remove_firewall_rule_from_policy(
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]266 fw_policy_id, fw_rule_id2)
267 # Insert rule to firewall policy before the first rule
268 self.client.insert_firewall_rule_in_policy(
269 fw_policy_id, fw_rule_id2, '', fw_rule_id1)
270 # Verify the posiition of rule after insertion
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]271 fw_rule = self.client.show_firewall_rule(
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]272 fw_rule_id2)
273 self.assertEqual(int(fw_rule['firewall_rule']['position']), 1)
274 # Remove rule from the firewall policy
275 self.client.remove_firewall_rule_from_policy(
276 fw_policy_id, fw_rule_id2)
277 # Verify removal of rule from firewall policy
278 self.assertNotIn(fw_rule_id2, self._get_list_fw_rule_ids(fw_policy_id))
279
280 # Remove rule from the firewall policy
281 self.client.remove_firewall_rule_from_policy(
282 fw_policy_id, fw_rule_id1)
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]283
284 # Verify removal of rule from firewall policy
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]285 self.assertNotIn(fw_rule_id1, self._get_list_fw_rule_ids(fw_policy_id))
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]286
287 def _get_list_fw_rule_ids(self, fw_policy_id):
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]288 fw_policy = self.client.show_firewall_policy(
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]289 fw_policy_id)
290 return [ruleid for ruleid in fw_policy['firewall_policy']
291 ['firewall_rules']]
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]292
293 def test_update_firewall_policy_audited_attribute(self):
294 # Create firewall rule
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]295 body = self.client.create_firewall_rule(
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]296 name=data_utils.rand_name("fw-rule"),
297 action="allow",
298 protocol="icmp")
299 fw_rule_id = body['firewall_rule']['id']
300 self.addCleanup(self._try_delete_rule, fw_rule_id)
301 # Create firewall policy
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]302 body = self.client.create_firewall_policy(
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]303 name=data_utils.rand_name('fw-policy'))
304 fw_policy_id = body['firewall_policy']['id']
305 self.addCleanup(self._try_delete_policy, fw_policy_id)
306 self.assertFalse(body['firewall_policy']['audited'])
307 # Update firewall policy audited attribute to ture
308 self.client.update_firewall_policy(fw_policy_id,
309 audited=True)
310 # Insert Firewall rule to firewall policy
311 self.client.insert_firewall_rule_in_policy(
312 fw_policy_id, fw_rule_id, '', '')
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]313 body = self.client.show_firewall_policy(
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]314 fw_policy_id)
315 self.assertFalse(body['firewall_policy']['audited'])