Gitiles
Code Review Sign In
spfactory.storpool.com / tempest / 8def7ca397e565de9da21ca2d67de8800d0ad81d / . / tempest / api / network / test_fwaas_extensions.py
blob: 651b4ab2ef3093a77b5cb7f98b91848035773a68 [file] [log] [blame]
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]1# Copyright 2014 NEC Corporation. All rights reserved.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
Matthew Treinish71426682015-04-23 11:19:38 -0400[diff] [blame]15import six
Matthew Treinish01472ff2015-02-20 17:26:52 -0500[diff] [blame]16from tempest_lib.common.utils import data_utils
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]17from tempest_lib import exceptions as lib_exc
18
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]19from tempest.api.network import base
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]20from tempest import config
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]21from tempest import exceptions
22from tempest import test
23
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]24CONF = config.CONF
25
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]26
27class FWaaSExtensionTestJSON(base.BaseNetworkTest):
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]28 """
29 Tests the following operations in the Neutron API using the REST client for
30 Neutron:
31
32 List firewall rules
33 Create firewall rule
34 Update firewall rule
35 Delete firewall rule
36 Show firewall rule
37 List firewall policies
38 Create firewall policy
39 Update firewall policy
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]40 Insert firewall rule to policy
41 Remove firewall rule from policy
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]42 Insert firewall rule after/before rule in policy
43 Update firewall policy audited attribute
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]44 Delete firewall policy
45 Show firewall policy
46 List firewall
47 Create firewall
48 Update firewall
49 Delete firewall
50 Show firewall
51 """
52
53 @classmethod
Rohan Kanadea565e452015-01-27 14:00:13 +0530[diff] [blame]54 def skip_checks(cls):
55 super(FWaaSExtensionTestJSON, cls).skip_checks()
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]56 if not test.is_extension_enabled('fwaas', 'network'):
57 msg = "FWaaS Extension not enabled."
58 raise cls.skipException(msg)
Rohan Kanadea565e452015-01-27 14:00:13 +0530[diff] [blame]59
60 @classmethod
61 def resource_setup(cls):
62 super(FWaaSExtensionTestJSON, cls).resource_setup()
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]63 cls.fw_rule = cls.create_firewall_rule("allow", "tcp")
64 cls.fw_policy = cls.create_firewall_policy()
65
66 def _try_delete_policy(self, policy_id):
67 # delete policy, if it exists
68 try:
69 self.client.delete_firewall_policy(policy_id)
70 # if policy is not found, this means it was deleted in the test
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]71 except lib_exc.NotFound:
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]72 pass
73
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]74 def _try_delete_rule(self, rule_id):
75 # delete rule, if it exists
76 try:
77 self.client.delete_firewall_rule(rule_id)
78 # if rule is not found, this means it was deleted in the test
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]79 except lib_exc.NotFound:
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]80 pass
81
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]82 def _try_delete_firewall(self, fw_id):
83 # delete firewall, if it exists
84 try:
85 self.client.delete_firewall(fw_id)
86 # if firewall is not found, this means it was deleted in the test
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]87 except lib_exc.NotFound:
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]88 pass
89
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]90 self.client.wait_for_resource_deletion('firewall', fw_id)
91
armando-migliaccioc9e9bf62014-08-22 13:57:23 -0700[diff] [blame]92 def _wait_until_ready(self, fw_id):
93 target_states = ('ACTIVE', 'CREATED')
94
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]95 def _wait():
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]96 firewall = self.client.show_firewall(fw_id)
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]97 firewall = firewall['firewall']
armando-migliaccioc9e9bf62014-08-22 13:57:23 -0700[diff] [blame]98 return firewall['status'] in target_states
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]99
100 if not test.call_until_true(_wait, CONF.network.build_timeout,
101 CONF.network.build_interval):
Martin Pavlaseked4c4eb2015-05-26 14:32:43 +0200[diff] [blame]102 status = self.client.show_firewall(fw_id)['firewall']['status']
103 m = ("Timed out waiting for firewall %s to reach %s state(s) "
104 "after %ss, currently in %s state." %
105 (fw_id,
106 target_states,
107 CONF.network.build_interval,
108 status))
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]109 raise exceptions.TimeoutException(m)
110
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]111 @test.idempotent_id('1b84cf01-9c09-4ce7-bc72-b15e39076468')
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]112 def test_list_firewall_rules(self):
113 # List firewall rules
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]114 fw_rules = self.client.list_firewall_rules()
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]115 fw_rules = fw_rules['firewall_rules']
116 self.assertIn((self.fw_rule['id'],
117 self.fw_rule['name'],
118 self.fw_rule['action'],
119 self.fw_rule['protocol'],
120 self.fw_rule['ip_version'],
121 self.fw_rule['enabled']),
122 [(m['id'],
123 m['name'],
124 m['action'],
125 m['protocol'],
126 m['ip_version'],
127 m['enabled']) for m in fw_rules])
128
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]129 @test.idempotent_id('563564f7-7077-4f5e-8cdc-51f37ae5a2b9')
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]130 def test_create_update_delete_firewall_rule(self):
131 # Create firewall rule
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]132 body = self.client.create_firewall_rule(
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]133 name=data_utils.rand_name("fw-rule"),
134 action="allow",
135 protocol="tcp")
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]136 fw_rule_id = body['firewall_rule']['id']
137
138 # Update firewall rule
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]139 body = self.client.update_firewall_rule(fw_rule_id,
140 shared=True)
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]141 self.assertTrue(body["firewall_rule"]['shared'])
142
143 # Delete firewall rule
Rohan Kanadeeeb21642014-08-14 12:00:26 +0200[diff] [blame]144 self.client.delete_firewall_rule(fw_rule_id)
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]145 # Confirm deletion
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]146 fw_rules = self.client.list_firewall_rules()
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]147 self.assertNotIn(fw_rule_id,
148 [m['id'] for m in fw_rules['firewall_rules']])
149
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]150 @test.idempotent_id('3ff8c08e-26ff-4034-ae48-810ed213a998')
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]151 def test_show_firewall_rule(self):
152 # show a created firewall rule
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]153 fw_rule = self.client.show_firewall_rule(self.fw_rule['id'])
Matthew Treinish71426682015-04-23 11:19:38 -0400[diff] [blame]154 for key, value in six.iteritems(fw_rule['firewall_rule']):
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]155 self.assertEqual(self.fw_rule[key], value)
156
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]157 @test.idempotent_id('1086dd93-a4c0-4bbb-a1bd-6d4bc62c199f')
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]158 def test_list_firewall_policies(self):
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]159 fw_policies = self.client.list_firewall_policies()
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]160 fw_policies = fw_policies['firewall_policies']
161 self.assertIn((self.fw_policy['id'],
162 self.fw_policy['name'],
163 self.fw_policy['firewall_rules']),
164 [(m['id'],
165 m['name'],
166 m['firewall_rules']) for m in fw_policies])
167
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]168 @test.idempotent_id('bbf37b6c-498c-421e-9c95-45897d3ed775')
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]169 def test_create_update_delete_firewall_policy(self):
170 # Create firewall policy
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]171 body = self.client.create_firewall_policy(
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]172 name=data_utils.rand_name("fw-policy"))
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]173 fw_policy_id = body['firewall_policy']['id']
174 self.addCleanup(self._try_delete_policy, fw_policy_id)
175
176 # Update firewall policy
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]177 body = self.client.update_firewall_policy(fw_policy_id,
178 shared=True,
179 name="updated_policy")
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]180 updated_fw_policy = body["firewall_policy"]
181 self.assertTrue(updated_fw_policy['shared'])
182 self.assertEqual("updated_policy", updated_fw_policy['name'])
183
184 # Delete firewall policy
Rohan Kanadeeeb21642014-08-14 12:00:26 +0200[diff] [blame]185 self.client.delete_firewall_policy(fw_policy_id)
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]186 # Confirm deletion
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]187 fw_policies = self.client.list_firewall_policies()
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]188 fw_policies = fw_policies['firewall_policies']
189 self.assertNotIn(fw_policy_id, [m['id'] for m in fw_policies])
190
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]191 @test.idempotent_id('1df59b3a-517e-41d4-96f6-fc31cf4ecff2')
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]192 def test_show_firewall_policy(self):
193 # show a created firewall policy
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]194 fw_policy = self.client.show_firewall_policy(self.fw_policy['id'])
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]195 fw_policy = fw_policy['firewall_policy']
Matthew Treinish71426682015-04-23 11:19:38 -0400[diff] [blame]196 for key, value in six.iteritems(fw_policy):
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]197 self.assertEqual(self.fw_policy[key], value)
198
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]199 @test.idempotent_id('02082a03-3cdd-4789-986a-1327dd80bfb7')
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]200 def test_create_show_delete_firewall(self):
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]201 # Create tenant network resources required for an ACTIVE firewall
202 network = self.create_network()
203 subnet = self.create_subnet(network)
204 router = self.create_router(
205 data_utils.rand_name('router-'),
206 admin_state_up=True)
207 self.client.add_router_interface_with_subnet_id(
208 router['id'], subnet['id'])
209
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]210 # Create firewall
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]211 body = self.client.create_firewall(
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]212 name=data_utils.rand_name("firewall"),
213 firewall_policy_id=self.fw_policy['id'])
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]214 created_firewall = body['firewall']
215 firewall_id = created_firewall['id']
216 self.addCleanup(self._try_delete_firewall, firewall_id)
217
armando-migliaccioc9e9bf62014-08-22 13:57:23 -0700[diff] [blame]218 # Wait for the firewall resource to become ready
219 self._wait_until_ready(firewall_id)
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]220
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]221 # show a created firewall
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]222 firewall = self.client.show_firewall(firewall_id)
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]223 firewall = firewall['firewall']
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]224
Matthew Treinish71426682015-04-23 11:19:38 -0400[diff] [blame]225 for key, value in six.iteritems(firewall):
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]226 if key == 'status':
227 continue
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]228 self.assertEqual(created_firewall[key], value)
229
230 # list firewall
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]231 firewalls = self.client.list_firewalls()
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]232 firewalls = firewalls['firewalls']
233 self.assertIn((created_firewall['id'],
234 created_firewall['name'],
235 created_firewall['firewall_policy_id']),
236 [(m['id'],
237 m['name'],
238 m['firewall_policy_id']) for m in firewalls])
239
240 # Delete firewall
Rohan Kanadeeeb21642014-08-14 12:00:26 +0200[diff] [blame]241 self.client.delete_firewall(firewall_id)
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]242
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]243 @test.idempotent_id('53305b4b-9897-4e01-87c0-2ae386083180')
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]244 def test_firewall_rule_insertion_position_removal_rule_from_policy(self):
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]245 # Create firewall rule
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]246 body = self.client.create_firewall_rule(
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]247 name=data_utils.rand_name("fw-rule"),
248 action="allow",
249 protocol="tcp")
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]250 fw_rule_id1 = body['firewall_rule']['id']
251 self.addCleanup(self._try_delete_rule, fw_rule_id1)
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]252 # Create firewall policy
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]253 body = self.client.create_firewall_policy(
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]254 name=data_utils.rand_name("fw-policy"))
255 fw_policy_id = body['firewall_policy']['id']
256 self.addCleanup(self._try_delete_policy, fw_policy_id)
257
258 # Insert rule to firewall policy
259 self.client.insert_firewall_rule_in_policy(
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]260 fw_policy_id, fw_rule_id1, '', '')
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]261
262 # Verify insertion of rule in policy
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]263 self.assertIn(fw_rule_id1, self._get_list_fw_rule_ids(fw_policy_id))
264 # Create another firewall rule
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]265 body = self.client.create_firewall_rule(
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]266 name=data_utils.rand_name("fw-rule"),
267 action="allow",
268 protocol="icmp")
269 fw_rule_id2 = body['firewall_rule']['id']
270 self.addCleanup(self._try_delete_rule, fw_rule_id2)
271
272 # Insert rule to firewall policy after the first rule
273 self.client.insert_firewall_rule_in_policy(
274 fw_policy_id, fw_rule_id2, fw_rule_id1, '')
275
276 # Verify the posiition of rule after insertion
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]277 fw_rule = self.client.show_firewall_rule(
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]278 fw_rule_id2)
279
280 self.assertEqual(int(fw_rule['firewall_rule']['position']), 2)
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]281 # Remove rule from the firewall policy
282 self.client.remove_firewall_rule_from_policy(
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]283 fw_policy_id, fw_rule_id2)
284 # Insert rule to firewall policy before the first rule
285 self.client.insert_firewall_rule_in_policy(
286 fw_policy_id, fw_rule_id2, '', fw_rule_id1)
287 # Verify the posiition of rule after insertion
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]288 fw_rule = self.client.show_firewall_rule(
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]289 fw_rule_id2)
290 self.assertEqual(int(fw_rule['firewall_rule']['position']), 1)
291 # Remove rule from the firewall policy
292 self.client.remove_firewall_rule_from_policy(
293 fw_policy_id, fw_rule_id2)
294 # Verify removal of rule from firewall policy
295 self.assertNotIn(fw_rule_id2, self._get_list_fw_rule_ids(fw_policy_id))
296
297 # Remove rule from the firewall policy
298 self.client.remove_firewall_rule_from_policy(
299 fw_policy_id, fw_rule_id1)
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]300
301 # Verify removal of rule from firewall policy
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]302 self.assertNotIn(fw_rule_id1, self._get_list_fw_rule_ids(fw_policy_id))
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]303
304 def _get_list_fw_rule_ids(self, fw_policy_id):
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]305 fw_policy = self.client.show_firewall_policy(
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]306 fw_policy_id)
307 return [ruleid for ruleid in fw_policy['firewall_policy']
308 ['firewall_rules']]
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]309
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]310 @test.idempotent_id('8515ca8a-0d2f-4298-b5ff-6f924e4587ca')
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]311 def test_update_firewall_policy_audited_attribute(self):
312 # Create firewall rule
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]313 body = self.client.create_firewall_rule(
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]314 name=data_utils.rand_name("fw-rule"),
315 action="allow",
316 protocol="icmp")
317 fw_rule_id = body['firewall_rule']['id']
318 self.addCleanup(self._try_delete_rule, fw_rule_id)
319 # Create firewall policy
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]320 body = self.client.create_firewall_policy(
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]321 name=data_utils.rand_name('fw-policy'))
322 fw_policy_id = body['firewall_policy']['id']
323 self.addCleanup(self._try_delete_policy, fw_policy_id)
324 self.assertFalse(body['firewall_policy']['audited'])
325 # Update firewall policy audited attribute to ture
326 self.client.update_firewall_policy(fw_policy_id,
327 audited=True)
328 # Insert Firewall rule to firewall policy
329 self.client.insert_firewall_rule_in_policy(
330 fw_policy_id, fw_rule_id, '', '')
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]331 body = self.client.show_firewall_policy(
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]332 fw_policy_id)
333 self.assertFalse(body['firewall_policy']['audited'])