blob: 47f2b521c83befd247c3d5679d753d4ba36f0a6c [file] [log] [blame]
Yair Friedf37dae32013-09-01 15:35:14 +03001# Copyright 2013 OpenStack Foundation
2# All Rights Reserved.
3#
4# Licensed under the Apache License, Version 2.0 (the "License"); you may
5# not use this file except in compliance with the License. You may obtain
6# a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13# License for the specific language governing permissions and limitations
14# under the License.
15
sridhargaddam4dbbc962014-05-14 02:10:56 +053016import six
17
Yair Friedd5479822013-10-14 15:33:32 +030018from tempest.api.network import base_security_groups as base
nayna-patel1c76bc92014-01-28 09:24:16 +000019from tempest.common.utils import data_utils
sridhargaddam510f8962014-09-08 23:37:16 +053020from tempest import config
Yoshihiro Kaneko05670262014-01-18 19:22:44 +090021from tempest import test
Yair Friedf37dae32013-09-01 15:35:14 +030022
sridhargaddam510f8962014-09-08 23:37:16 +053023CONF = config.CONF
24
Yair Friedf37dae32013-09-01 15:35:14 +030025
Yair Friedd5479822013-10-14 15:33:32 +030026class SecGroupTest(base.BaseSecGroupTest):
Yair Friedf37dae32013-09-01 15:35:14 +030027 _interface = 'json'
sridhargaddam510f8962014-09-08 23:37:16 +053028 _tenant_network_cidr = CONF.network.tenant_network_cidr
Yair Friedf37dae32013-09-01 15:35:14 +030029
Yoshihiro Kaneko05670262014-01-18 19:22:44 +090030 @classmethod
Andrea Frittolida4a2452014-09-15 13:12:08 +010031 def resource_setup(cls):
32 super(SecGroupTest, cls).resource_setup()
Yoshihiro Kaneko05670262014-01-18 19:22:44 +090033 if not test.is_extension_enabled('security-group', 'network'):
34 msg = "security-group extension not enabled."
35 raise cls.skipException(msg)
36
sridhargaddam510f8962014-09-08 23:37:16 +053037 def _create_verify_security_group_rule(self, sg_id, direction,
38 ethertype, protocol,
39 port_range_min,
40 port_range_max,
41 remote_group_id=None,
42 remote_ip_prefix=None):
43 # Create Security Group rule with the input params and validate
44 # that SG rule is created with the same parameters.
45 resp, rule_create_body = self.client.create_security_group_rule(
46 security_group_id=sg_id,
47 direction=direction,
48 ethertype=ethertype,
49 protocol=protocol,
50 port_range_min=port_range_min,
51 port_range_max=port_range_max,
52 remote_group_id=remote_group_id,
53 remote_ip_prefix=remote_ip_prefix
54 )
55
56 sec_group_rule = rule_create_body['security_group_rule']
57 self.addCleanup(self._delete_security_group_rule,
58 sec_group_rule['id'])
59
60 expected = {'direction': direction, 'protocol': protocol,
61 'ethertype': ethertype, 'port_range_min': port_range_min,
62 'port_range_max': port_range_max,
63 'remote_group_id': remote_group_id,
64 'remote_ip_prefix': remote_ip_prefix}
65 for key, value in six.iteritems(expected):
66 self.assertEqual(value, sec_group_rule[key],
67 "Field %s of the created security group "
68 "rule does not match with %s." %
69 (key, value))
70
Yoshihiro Kaneko05670262014-01-18 19:22:44 +090071 @test.attr(type='smoke')
Yair Friedf37dae32013-09-01 15:35:14 +030072 def test_list_security_groups(self):
73 # Verify the that security group belonging to tenant exist in list
Rohan Kanadeeeb21642014-08-14 12:00:26 +020074 _, body = self.client.list_security_groups()
Yair Friedf37dae32013-09-01 15:35:14 +030075 security_groups = body['security_groups']
76 found = None
77 for n in security_groups:
78 if (n['name'] == 'default'):
79 found = n['id']
80 msg = "Security-group list doesn't contain default security-group"
81 self.assertIsNotNone(found, msg)
82
Yoshihiro Kaneko05670262014-01-18 19:22:44 +090083 @test.attr(type='smoke')
nayna-patel1c76bc92014-01-28 09:24:16 +000084 def test_create_list_update_show_delete_security_group(self):
Yair Friedd5479822013-10-14 15:33:32 +030085 group_create_body, name = self._create_security_group()
Yair Friedf37dae32013-09-01 15:35:14 +030086
Yair Friedf37dae32013-09-01 15:35:14 +030087 # List security groups and verify if created group is there in response
Rohan Kanadeeeb21642014-08-14 12:00:26 +020088 _, list_body = self.client.list_security_groups()
Yair Friedf37dae32013-09-01 15:35:14 +030089 secgroup_list = list()
90 for secgroup in list_body['security_groups']:
91 secgroup_list.append(secgroup['id'])
92 self.assertIn(group_create_body['security_group']['id'], secgroup_list)
nayna-patel1c76bc92014-01-28 09:24:16 +000093 # Update the security group
94 new_name = data_utils.rand_name('security-')
95 new_description = data_utils.rand_name('security-description')
Rohan Kanadeeeb21642014-08-14 12:00:26 +020096 _, update_body = self.client.update_security_group(
nayna-patel1c76bc92014-01-28 09:24:16 +000097 group_create_body['security_group']['id'],
98 name=new_name,
99 description=new_description)
100 # Verify if security group is updated
nayna-patel1c76bc92014-01-28 09:24:16 +0000101 self.assertEqual(update_body['security_group']['name'], new_name)
102 self.assertEqual(update_body['security_group']['description'],
103 new_description)
104 # Show details of the updated security group
105 resp, show_body = self.client.show_security_group(
106 group_create_body['security_group']['id'])
107 self.assertEqual(show_body['security_group']['name'], new_name)
108 self.assertEqual(show_body['security_group']['description'],
109 new_description)
Yair Friedbcdcb3b2013-10-11 09:08:15 +0300110
Yoshihiro Kaneko05670262014-01-18 19:22:44 +0900111 @test.attr(type='smoke')
Yair Friedbcdcb3b2013-10-11 09:08:15 +0300112 def test_create_show_delete_security_group_rule(self):
Yair Friedd5479822013-10-14 15:33:32 +0300113 group_create_body, _ = self._create_security_group()
Yair Friedbcdcb3b2013-10-11 09:08:15 +0300114
115 # Create rules for each protocol
116 protocols = ['tcp', 'udp', 'icmp']
117 for protocol in protocols:
Rohan Kanadeeeb21642014-08-14 12:00:26 +0200118 _, rule_create_body = self.client.create_security_group_rule(
nayna-patel3e361372014-01-29 10:25:41 +0000119 security_group_id=group_create_body['security_group']['id'],
120 protocol=protocol,
sridhargaddam510f8962014-09-08 23:37:16 +0530121 direction='ingress',
122 ethertype=self.ethertype
Yair Friedbcdcb3b2013-10-11 09:08:15 +0300123 )
Yair Friedbcdcb3b2013-10-11 09:08:15 +0300124
sridhargaddam4dbbc962014-05-14 02:10:56 +0530125 # Show details of the created security rule
Rohan Kanadeeeb21642014-08-14 12:00:26 +0200126 _, show_rule_body = self.client.show_security_group_rule(
sridhargaddam4dbbc962014-05-14 02:10:56 +0530127 rule_create_body['security_group_rule']['id']
128 )
sridhargaddam4dbbc962014-05-14 02:10:56 +0530129 create_dict = rule_create_body['security_group_rule']
130 for key, value in six.iteritems(create_dict):
131 self.assertEqual(value,
132 show_rule_body['security_group_rule'][key],
133 "%s does not match." % key)
Yair Friedf37dae32013-09-01 15:35:14 +0300134
sridhargaddam4dbbc962014-05-14 02:10:56 +0530135 # List rules and verify created rule is in response
Rohan Kanadeeeb21642014-08-14 12:00:26 +0200136 _, rule_list_body = self.client.list_security_group_rules()
sridhargaddam4dbbc962014-05-14 02:10:56 +0530137 rule_list = [rule['id']
138 for rule in rule_list_body['security_group_rules']]
139 self.assertIn(rule_create_body['security_group_rule']['id'],
140 rule_list)
Yair Friedf37dae32013-09-01 15:35:14 +0300141
Yoshihiro Kaneko05670262014-01-18 19:22:44 +0900142 @test.attr(type='smoke')
jun xiee31dbe92014-01-13 18:10:37 +0800143 def test_create_security_group_rule_with_additional_args(self):
sridhargaddam510f8962014-09-08 23:37:16 +0530144 """Verify security group rule with additional arguments works.
jun xiee31dbe92014-01-13 18:10:37 +0800145
sridhargaddam510f8962014-09-08 23:37:16 +0530146 direction:ingress, ethertype:[IPv4/IPv6],
147 protocol:tcp, port_range_min:77, port_range_max:77
148 """
149 group_create_body, _ = self._create_security_group()
150 sg_id = group_create_body['security_group']['id']
jun xiee31dbe92014-01-13 18:10:37 +0800151 direction = 'ingress'
152 protocol = 'tcp'
153 port_range_min = 77
154 port_range_max = 77
sridhargaddam510f8962014-09-08 23:37:16 +0530155 self._create_verify_security_group_rule(sg_id, direction,
156 self.ethertype, protocol,
157 port_range_min,
158 port_range_max)
jun xiee31dbe92014-01-13 18:10:37 +0800159
sridhargaddam510f8962014-09-08 23:37:16 +0530160 @test.attr(type='smoke')
161 def test_create_security_group_rule_with_icmp_type_code(self):
162 """Verify security group rule for icmp protocol works.
jun xiee31dbe92014-01-13 18:10:37 +0800163
sridhargaddam510f8962014-09-08 23:37:16 +0530164 Specify icmp type (port_range_min) and icmp code
165 (port_range_max) with different values. A seperate testcase
166 is added for icmp protocol as icmp validation would be
167 different from tcp/udp.
168 """
169 group_create_body, _ = self._create_security_group()
170
171 sg_id = group_create_body['security_group']['id']
172 direction = 'ingress'
173 protocol = 'icmp'
174 icmp_type_codes = [(3, 2), (2, 3), (3, 0), (2, None)]
175 for icmp_type, icmp_code in icmp_type_codes:
176 self._create_verify_security_group_rule(sg_id, direction,
177 self.ethertype, protocol,
178 icmp_type, icmp_code)
179
180 @test.attr(type='smoke')
181 def test_create_security_group_rule_with_remote_group_id(self):
182 # Verify creating security group rule with remote_group_id works
183 sg1_body, _ = self._create_security_group()
184 sg2_body, _ = self._create_security_group()
185
186 sg_id = sg1_body['security_group']['id']
187 direction = 'ingress'
188 protocol = 'udp'
189 port_range_min = 50
190 port_range_max = 55
191 remote_id = sg2_body['security_group']['id']
192 self._create_verify_security_group_rule(sg_id, direction,
193 self.ethertype, protocol,
194 port_range_min,
195 port_range_max,
196 remote_group_id=remote_id)
197
198 @test.attr(type='smoke')
199 def test_create_security_group_rule_with_remote_ip_prefix(self):
200 # Verify creating security group rule with remote_ip_prefix works
201 sg1_body, _ = self._create_security_group()
202
203 sg_id = sg1_body['security_group']['id']
204 direction = 'ingress'
205 protocol = 'tcp'
206 port_range_min = 76
207 port_range_max = 77
208 ip_prefix = self._tenant_network_cidr
209 self._create_verify_security_group_rule(sg_id, direction,
210 self.ethertype, protocol,
211 port_range_min,
212 port_range_max,
213 remote_ip_prefix=ip_prefix)
jun xiee31dbe92014-01-13 18:10:37 +0800214
Yair Friedf37dae32013-09-01 15:35:14 +0300215
216class SecGroupTestXML(SecGroupTest):
217 _interface = 'xml'
sridhargaddam510f8962014-09-08 23:37:16 +0530218
219
220class SecGroupIPv6Test(SecGroupTest):
221 _ip_version = 6
222 _tenant_network_cidr = CONF.network.tenant_network_v6_cidr
223
sridhargaddam510f8962014-09-08 23:37:16 +0530224
225class SecGroupIPv6TestXML(SecGroupIPv6Test):
226 _interface = 'xml'