Gitiles
Code Review Sign In
spfactory.storpool.com / tempest / ab01041cb398a1273b9147ce7e2f97ffcc711f86 / . / tempest / api / network / test_fwaas_extensions.py
blob: 0622e87e6928838c320d6a54eadf6f286a634115 [file] [log] [blame]
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]1# Copyright 2014 NEC Corporation. All rights reserved.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
Matthew Treinish71426682015-04-23 11:19:38 -0400[diff] [blame]15import six
Matthew Treinish01472ff2015-02-20 17:26:52 -0500[diff] [blame]16from tempest_lib.common.utils import data_utils
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]17from tempest_lib import exceptions as lib_exc
18
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]19from tempest.api.network import base
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]20from tempest import config
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]21from tempest import exceptions
22from tempest import test
23
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]24CONF = config.CONF
25
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]26
27class FWaaSExtensionTestJSON(base.BaseNetworkTest):
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]28 """
29 Tests the following operations in the Neutron API using the REST client for
30 Neutron:
31
32 List firewall rules
33 Create firewall rule
34 Update firewall rule
35 Delete firewall rule
36 Show firewall rule
37 List firewall policies
38 Create firewall policy
39 Update firewall policy
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]40 Insert firewall rule to policy
41 Remove firewall rule from policy
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]42 Insert firewall rule after/before rule in policy
43 Update firewall policy audited attribute
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]44 Delete firewall policy
45 Show firewall policy
46 List firewall
47 Create firewall
48 Update firewall
49 Delete firewall
50 Show firewall
51 """
52
53 @classmethod
Rohan Kanadea565e452015-01-27 14:00:13 +0530[diff] [blame]54 def skip_checks(cls):
55 super(FWaaSExtensionTestJSON, cls).skip_checks()
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]56 if not test.is_extension_enabled('fwaas', 'network'):
57 msg = "FWaaS Extension not enabled."
58 raise cls.skipException(msg)
Rohan Kanadea565e452015-01-27 14:00:13 +0530[diff] [blame]59
60 @classmethod
61 def resource_setup(cls):
62 super(FWaaSExtensionTestJSON, cls).resource_setup()
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]63 cls.fw_rule = cls.create_firewall_rule("allow", "tcp")
64 cls.fw_policy = cls.create_firewall_policy()
65
66 def _try_delete_policy(self, policy_id):
67 # delete policy, if it exists
68 try:
69 self.client.delete_firewall_policy(policy_id)
70 # if policy is not found, this means it was deleted in the test
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]71 except lib_exc.NotFound:
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]72 pass
73
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]74 def _try_delete_rule(self, rule_id):
75 # delete rule, if it exists
76 try:
77 self.client.delete_firewall_rule(rule_id)
78 # if rule is not found, this means it was deleted in the test
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]79 except lib_exc.NotFound:
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]80 pass
81
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]82 def _try_delete_firewall(self, fw_id):
83 # delete firewall, if it exists
84 try:
85 self.client.delete_firewall(fw_id)
86 # if firewall is not found, this means it was deleted in the test
Masayuki Igawabfa07602015-01-20 18:47:17 +0900[diff] [blame]87 except lib_exc.NotFound:
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]88 pass
89
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]90 self.client.wait_for_resource_deletion('firewall', fw_id)
91
armando-migliaccioc9e9bf62014-08-22 13:57:23 -0700[diff] [blame]92 def _wait_until_ready(self, fw_id):
93 target_states = ('ACTIVE', 'CREATED')
94
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]95 def _wait():
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]96 firewall = self.client.show_firewall(fw_id)
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]97 firewall = firewall['firewall']
armando-migliaccioc9e9bf62014-08-22 13:57:23 -0700[diff] [blame]98 return firewall['status'] in target_states
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]99
100 if not test.call_until_true(_wait, CONF.network.build_timeout,
101 CONF.network.build_interval):
armando-migliaccioc9e9bf62014-08-22 13:57:23 -0700[diff] [blame]102 m = ("Timed out waiting for firewall %s to reach %s state(s)" %
103 (fw_id, target_states))
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]104 raise exceptions.TimeoutException(m)
105
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]106 @test.idempotent_id('1b84cf01-9c09-4ce7-bc72-b15e39076468')
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]107 def test_list_firewall_rules(self):
108 # List firewall rules
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]109 fw_rules = self.client.list_firewall_rules()
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]110 fw_rules = fw_rules['firewall_rules']
111 self.assertIn((self.fw_rule['id'],
112 self.fw_rule['name'],
113 self.fw_rule['action'],
114 self.fw_rule['protocol'],
115 self.fw_rule['ip_version'],
116 self.fw_rule['enabled']),
117 [(m['id'],
118 m['name'],
119 m['action'],
120 m['protocol'],
121 m['ip_version'],
122 m['enabled']) for m in fw_rules])
123
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]124 @test.idempotent_id('563564f7-7077-4f5e-8cdc-51f37ae5a2b9')
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]125 def test_create_update_delete_firewall_rule(self):
126 # Create firewall rule
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]127 body = self.client.create_firewall_rule(
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]128 name=data_utils.rand_name("fw-rule"),
129 action="allow",
130 protocol="tcp")
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]131 fw_rule_id = body['firewall_rule']['id']
132
133 # Update firewall rule
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]134 body = self.client.update_firewall_rule(fw_rule_id,
135 shared=True)
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]136 self.assertTrue(body["firewall_rule"]['shared'])
137
138 # Delete firewall rule
Rohan Kanadeeeb21642014-08-14 12:00:26 +0200[diff] [blame]139 self.client.delete_firewall_rule(fw_rule_id)
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]140 # Confirm deletion
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]141 fw_rules = self.client.list_firewall_rules()
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]142 self.assertNotIn(fw_rule_id,
143 [m['id'] for m in fw_rules['firewall_rules']])
144
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]145 @test.idempotent_id('3ff8c08e-26ff-4034-ae48-810ed213a998')
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]146 def test_show_firewall_rule(self):
147 # show a created firewall rule
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]148 fw_rule = self.client.show_firewall_rule(self.fw_rule['id'])
Matthew Treinish71426682015-04-23 11:19:38 -0400[diff] [blame]149 for key, value in six.iteritems(fw_rule['firewall_rule']):
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]150 self.assertEqual(self.fw_rule[key], value)
151
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]152 @test.idempotent_id('1086dd93-a4c0-4bbb-a1bd-6d4bc62c199f')
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]153 def test_list_firewall_policies(self):
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]154 fw_policies = self.client.list_firewall_policies()
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]155 fw_policies = fw_policies['firewall_policies']
156 self.assertIn((self.fw_policy['id'],
157 self.fw_policy['name'],
158 self.fw_policy['firewall_rules']),
159 [(m['id'],
160 m['name'],
161 m['firewall_rules']) for m in fw_policies])
162
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]163 @test.idempotent_id('bbf37b6c-498c-421e-9c95-45897d3ed775')
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]164 def test_create_update_delete_firewall_policy(self):
165 # Create firewall policy
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]166 body = self.client.create_firewall_policy(
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]167 name=data_utils.rand_name("fw-policy"))
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]168 fw_policy_id = body['firewall_policy']['id']
169 self.addCleanup(self._try_delete_policy, fw_policy_id)
170
171 # Update firewall policy
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]172 body = self.client.update_firewall_policy(fw_policy_id,
173 shared=True,
174 name="updated_policy")
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]175 updated_fw_policy = body["firewall_policy"]
176 self.assertTrue(updated_fw_policy['shared'])
177 self.assertEqual("updated_policy", updated_fw_policy['name'])
178
179 # Delete firewall policy
Rohan Kanadeeeb21642014-08-14 12:00:26 +0200[diff] [blame]180 self.client.delete_firewall_policy(fw_policy_id)
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]181 # Confirm deletion
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]182 fw_policies = self.client.list_firewall_policies()
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]183 fw_policies = fw_policies['firewall_policies']
184 self.assertNotIn(fw_policy_id, [m['id'] for m in fw_policies])
185
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]186 @test.idempotent_id('1df59b3a-517e-41d4-96f6-fc31cf4ecff2')
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]187 def test_show_firewall_policy(self):
188 # show a created firewall policy
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]189 fw_policy = self.client.show_firewall_policy(self.fw_policy['id'])
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]190 fw_policy = fw_policy['firewall_policy']
Matthew Treinish71426682015-04-23 11:19:38 -0400[diff] [blame]191 for key, value in six.iteritems(fw_policy):
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]192 self.assertEqual(self.fw_policy[key], value)
193
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]194 @test.idempotent_id('02082a03-3cdd-4789-986a-1327dd80bfb7')
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]195 def test_create_show_delete_firewall(self):
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]196 # Create tenant network resources required for an ACTIVE firewall
197 network = self.create_network()
198 subnet = self.create_subnet(network)
199 router = self.create_router(
200 data_utils.rand_name('router-'),
201 admin_state_up=True)
202 self.client.add_router_interface_with_subnet_id(
203 router['id'], subnet['id'])
204
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]205 # Create firewall
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]206 body = self.client.create_firewall(
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]207 name=data_utils.rand_name("firewall"),
208 firewall_policy_id=self.fw_policy['id'])
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]209 created_firewall = body['firewall']
210 firewall_id = created_firewall['id']
211 self.addCleanup(self._try_delete_firewall, firewall_id)
212
armando-migliaccioc9e9bf62014-08-22 13:57:23 -0700[diff] [blame]213 # Wait for the firewall resource to become ready
214 self._wait_until_ready(firewall_id)
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]215
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]216 # show a created firewall
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]217 firewall = self.client.show_firewall(firewall_id)
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]218 firewall = firewall['firewall']
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]219
Matthew Treinish71426682015-04-23 11:19:38 -0400[diff] [blame]220 for key, value in six.iteritems(firewall):
Adam Gandelman77876cb2014-04-06 15:08:28 -0700[diff] [blame]221 if key == 'status':
222 continue
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]223 self.assertEqual(created_firewall[key], value)
224
225 # list firewall
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]226 firewalls = self.client.list_firewalls()
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]227 firewalls = firewalls['firewalls']
228 self.assertIn((created_firewall['id'],
229 created_firewall['name'],
230 created_firewall['firewall_policy_id']),
231 [(m['id'],
232 m['name'],
233 m['firewall_policy_id']) for m in firewalls])
234
235 # Delete firewall
Rohan Kanadeeeb21642014-08-14 12:00:26 +0200[diff] [blame]236 self.client.delete_firewall(firewall_id)
Mh Raies96594fc2014-03-26 16:34:18 +0530[diff] [blame]237
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]238 @test.idempotent_id('53305b4b-9897-4e01-87c0-2ae386083180')
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]239 def test_firewall_rule_insertion_position_removal_rule_from_policy(self):
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]240 # Create firewall rule
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]241 body = self.client.create_firewall_rule(
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]242 name=data_utils.rand_name("fw-rule"),
243 action="allow",
244 protocol="tcp")
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]245 fw_rule_id1 = body['firewall_rule']['id']
246 self.addCleanup(self._try_delete_rule, fw_rule_id1)
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]247 # Create firewall policy
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]248 body = self.client.create_firewall_policy(
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]249 name=data_utils.rand_name("fw-policy"))
250 fw_policy_id = body['firewall_policy']['id']
251 self.addCleanup(self._try_delete_policy, fw_policy_id)
252
253 # Insert rule to firewall policy
254 self.client.insert_firewall_rule_in_policy(
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]255 fw_policy_id, fw_rule_id1, '', '')
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]256
257 # Verify insertion of rule in policy
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]258 self.assertIn(fw_rule_id1, self._get_list_fw_rule_ids(fw_policy_id))
259 # Create another firewall rule
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]260 body = self.client.create_firewall_rule(
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]261 name=data_utils.rand_name("fw-rule"),
262 action="allow",
263 protocol="icmp")
264 fw_rule_id2 = body['firewall_rule']['id']
265 self.addCleanup(self._try_delete_rule, fw_rule_id2)
266
267 # Insert rule to firewall policy after the first rule
268 self.client.insert_firewall_rule_in_policy(
269 fw_policy_id, fw_rule_id2, fw_rule_id1, '')
270
271 # Verify the posiition of rule after insertion
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]272 fw_rule = self.client.show_firewall_rule(
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]273 fw_rule_id2)
274
275 self.assertEqual(int(fw_rule['firewall_rule']['position']), 2)
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]276 # Remove rule from the firewall policy
277 self.client.remove_firewall_rule_from_policy(
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]278 fw_policy_id, fw_rule_id2)
279 # Insert rule to firewall policy before the first rule
280 self.client.insert_firewall_rule_in_policy(
281 fw_policy_id, fw_rule_id2, '', fw_rule_id1)
282 # Verify the posiition of rule after insertion
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]283 fw_rule = self.client.show_firewall_rule(
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]284 fw_rule_id2)
285 self.assertEqual(int(fw_rule['firewall_rule']['position']), 1)
286 # Remove rule from the firewall policy
287 self.client.remove_firewall_rule_from_policy(
288 fw_policy_id, fw_rule_id2)
289 # Verify removal of rule from firewall policy
290 self.assertNotIn(fw_rule_id2, self._get_list_fw_rule_ids(fw_policy_id))
291
292 # Remove rule from the firewall policy
293 self.client.remove_firewall_rule_from_policy(
294 fw_policy_id, fw_rule_id1)
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]295
296 # Verify removal of rule from firewall policy
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]297 self.assertNotIn(fw_rule_id1, self._get_list_fw_rule_ids(fw_policy_id))
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]298
299 def _get_list_fw_rule_ids(self, fw_policy_id):
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]300 fw_policy = self.client.show_firewall_policy(
Ashish Guptafe016682014-06-26 05:46:55 -0700[diff] [blame]301 fw_policy_id)
302 return [ruleid for ruleid in fw_policy['firewall_policy']
303 ['firewall_rules']]
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]304
Chris Hoge7579c1a2015-02-26 14:12:15 -0800[diff] [blame]305 @test.idempotent_id('8515ca8a-0d2f-4298-b5ff-6f924e4587ca')
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]306 def test_update_firewall_policy_audited_attribute(self):
307 # Create firewall rule
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]308 body = self.client.create_firewall_rule(
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]309 name=data_utils.rand_name("fw-rule"),
310 action="allow",
311 protocol="icmp")
312 fw_rule_id = body['firewall_rule']['id']
313 self.addCleanup(self._try_delete_rule, fw_rule_id)
314 # Create firewall policy
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]315 body = self.client.create_firewall_policy(
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]316 name=data_utils.rand_name('fw-policy'))
317 fw_policy_id = body['firewall_policy']['id']
318 self.addCleanup(self._try_delete_policy, fw_policy_id)
319 self.assertFalse(body['firewall_policy']['audited'])
320 # Update firewall policy audited attribute to ture
321 self.client.update_firewall_policy(fw_policy_id,
322 audited=True)
323 # Insert Firewall rule to firewall policy
324 self.client.insert_firewall_rule_in_policy(
325 fw_policy_id, fw_rule_id, '', '')
David Kranz34e88122014-12-11 15:24:05 -0500[diff] [blame]326 body = self.client.show_firewall_policy(
Ashish Guptad04f6492014-07-22 02:34:18 -0700[diff] [blame]327 fw_policy_id)
328 self.assertFalse(body['firewall_policy']['audited'])