blob: d007fb049b06ae1552afac5a819bb34ffe283dad [file] [log] [blame]
Mh Raies96594fc2014-03-26 16:34:18 +05301# Copyright 2014 NEC Corporation. All rights reserved.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
Matthew Treinish01472ff2015-02-20 17:26:52 -050015from tempest_lib.common.utils import data_utils
Masayuki Igawabfa07602015-01-20 18:47:17 +090016from tempest_lib import exceptions as lib_exc
17
Mh Raies96594fc2014-03-26 16:34:18 +053018from tempest.api.network import base
Adam Gandelman77876cb2014-04-06 15:08:28 -070019from tempest import config
Mh Raies96594fc2014-03-26 16:34:18 +053020from tempest import exceptions
21from tempest import test
22
Adam Gandelman77876cb2014-04-06 15:08:28 -070023CONF = config.CONF
24
Mh Raies96594fc2014-03-26 16:34:18 +053025
26class FWaaSExtensionTestJSON(base.BaseNetworkTest):
Mh Raies96594fc2014-03-26 16:34:18 +053027 """
28 Tests the following operations in the Neutron API using the REST client for
29 Neutron:
30
31 List firewall rules
32 Create firewall rule
33 Update firewall rule
34 Delete firewall rule
35 Show firewall rule
36 List firewall policies
37 Create firewall policy
38 Update firewall policy
Ashish Guptafe016682014-06-26 05:46:55 -070039 Insert firewall rule to policy
40 Remove firewall rule from policy
Ashish Guptad04f6492014-07-22 02:34:18 -070041 Insert firewall rule after/before rule in policy
42 Update firewall policy audited attribute
Mh Raies96594fc2014-03-26 16:34:18 +053043 Delete firewall policy
44 Show firewall policy
45 List firewall
46 Create firewall
47 Update firewall
48 Delete firewall
49 Show firewall
50 """
51
52 @classmethod
Rohan Kanadea565e452015-01-27 14:00:13 +053053 def skip_checks(cls):
54 super(FWaaSExtensionTestJSON, cls).skip_checks()
Mh Raies96594fc2014-03-26 16:34:18 +053055 if not test.is_extension_enabled('fwaas', 'network'):
56 msg = "FWaaS Extension not enabled."
57 raise cls.skipException(msg)
Rohan Kanadea565e452015-01-27 14:00:13 +053058
59 @classmethod
60 def resource_setup(cls):
61 super(FWaaSExtensionTestJSON, cls).resource_setup()
Mh Raies96594fc2014-03-26 16:34:18 +053062 cls.fw_rule = cls.create_firewall_rule("allow", "tcp")
63 cls.fw_policy = cls.create_firewall_policy()
64
65 def _try_delete_policy(self, policy_id):
66 # delete policy, if it exists
67 try:
68 self.client.delete_firewall_policy(policy_id)
69 # if policy is not found, this means it was deleted in the test
Masayuki Igawabfa07602015-01-20 18:47:17 +090070 except lib_exc.NotFound:
Mh Raies96594fc2014-03-26 16:34:18 +053071 pass
72
Ashish Guptafe016682014-06-26 05:46:55 -070073 def _try_delete_rule(self, rule_id):
74 # delete rule, if it exists
75 try:
76 self.client.delete_firewall_rule(rule_id)
77 # if rule is not found, this means it was deleted in the test
Masayuki Igawabfa07602015-01-20 18:47:17 +090078 except lib_exc.NotFound:
Ashish Guptafe016682014-06-26 05:46:55 -070079 pass
80
Mh Raies96594fc2014-03-26 16:34:18 +053081 def _try_delete_firewall(self, fw_id):
82 # delete firewall, if it exists
83 try:
84 self.client.delete_firewall(fw_id)
85 # if firewall is not found, this means it was deleted in the test
Masayuki Igawabfa07602015-01-20 18:47:17 +090086 except lib_exc.NotFound:
Mh Raies96594fc2014-03-26 16:34:18 +053087 pass
88
Adam Gandelman77876cb2014-04-06 15:08:28 -070089 self.client.wait_for_resource_deletion('firewall', fw_id)
90
armando-migliaccioc9e9bf62014-08-22 13:57:23 -070091 def _wait_until_ready(self, fw_id):
92 target_states = ('ACTIVE', 'CREATED')
93
Adam Gandelman77876cb2014-04-06 15:08:28 -070094 def _wait():
David Kranz34e88122014-12-11 15:24:05 -050095 firewall = self.client.show_firewall(fw_id)
Adam Gandelman77876cb2014-04-06 15:08:28 -070096 firewall = firewall['firewall']
armando-migliaccioc9e9bf62014-08-22 13:57:23 -070097 return firewall['status'] in target_states
Adam Gandelman77876cb2014-04-06 15:08:28 -070098
99 if not test.call_until_true(_wait, CONF.network.build_timeout,
100 CONF.network.build_interval):
armando-migliaccioc9e9bf62014-08-22 13:57:23 -0700101 m = ("Timed out waiting for firewall %s to reach %s state(s)" %
102 (fw_id, target_states))
Adam Gandelman77876cb2014-04-06 15:08:28 -0700103 raise exceptions.TimeoutException(m)
104
Chris Hoge7579c1a2015-02-26 14:12:15 -0800105 @test.idempotent_id('1b84cf01-9c09-4ce7-bc72-b15e39076468')
Mh Raies96594fc2014-03-26 16:34:18 +0530106 def test_list_firewall_rules(self):
107 # List firewall rules
David Kranz34e88122014-12-11 15:24:05 -0500108 fw_rules = self.client.list_firewall_rules()
Mh Raies96594fc2014-03-26 16:34:18 +0530109 fw_rules = fw_rules['firewall_rules']
110 self.assertIn((self.fw_rule['id'],
111 self.fw_rule['name'],
112 self.fw_rule['action'],
113 self.fw_rule['protocol'],
114 self.fw_rule['ip_version'],
115 self.fw_rule['enabled']),
116 [(m['id'],
117 m['name'],
118 m['action'],
119 m['protocol'],
120 m['ip_version'],
121 m['enabled']) for m in fw_rules])
122
Chris Hoge7579c1a2015-02-26 14:12:15 -0800123 @test.idempotent_id('563564f7-7077-4f5e-8cdc-51f37ae5a2b9')
Mh Raies96594fc2014-03-26 16:34:18 +0530124 def test_create_update_delete_firewall_rule(self):
125 # Create firewall rule
David Kranz34e88122014-12-11 15:24:05 -0500126 body = self.client.create_firewall_rule(
Mh Raies96594fc2014-03-26 16:34:18 +0530127 name=data_utils.rand_name("fw-rule"),
128 action="allow",
129 protocol="tcp")
Mh Raies96594fc2014-03-26 16:34:18 +0530130 fw_rule_id = body['firewall_rule']['id']
131
132 # Update firewall rule
David Kranz34e88122014-12-11 15:24:05 -0500133 body = self.client.update_firewall_rule(fw_rule_id,
134 shared=True)
Mh Raies96594fc2014-03-26 16:34:18 +0530135 self.assertTrue(body["firewall_rule"]['shared'])
136
137 # Delete firewall rule
Rohan Kanadeeeb21642014-08-14 12:00:26 +0200138 self.client.delete_firewall_rule(fw_rule_id)
Mh Raies96594fc2014-03-26 16:34:18 +0530139 # Confirm deletion
David Kranz34e88122014-12-11 15:24:05 -0500140 fw_rules = self.client.list_firewall_rules()
Mh Raies96594fc2014-03-26 16:34:18 +0530141 self.assertNotIn(fw_rule_id,
142 [m['id'] for m in fw_rules['firewall_rules']])
143
Chris Hoge7579c1a2015-02-26 14:12:15 -0800144 @test.idempotent_id('3ff8c08e-26ff-4034-ae48-810ed213a998')
Mh Raies96594fc2014-03-26 16:34:18 +0530145 def test_show_firewall_rule(self):
146 # show a created firewall rule
David Kranz34e88122014-12-11 15:24:05 -0500147 fw_rule = self.client.show_firewall_rule(self.fw_rule['id'])
Mh Raies96594fc2014-03-26 16:34:18 +0530148 for key, value in fw_rule['firewall_rule'].iteritems():
149 self.assertEqual(self.fw_rule[key], value)
150
Chris Hoge7579c1a2015-02-26 14:12:15 -0800151 @test.idempotent_id('1086dd93-a4c0-4bbb-a1bd-6d4bc62c199f')
Mh Raies96594fc2014-03-26 16:34:18 +0530152 def test_list_firewall_policies(self):
David Kranz34e88122014-12-11 15:24:05 -0500153 fw_policies = self.client.list_firewall_policies()
Mh Raies96594fc2014-03-26 16:34:18 +0530154 fw_policies = fw_policies['firewall_policies']
155 self.assertIn((self.fw_policy['id'],
156 self.fw_policy['name'],
157 self.fw_policy['firewall_rules']),
158 [(m['id'],
159 m['name'],
160 m['firewall_rules']) for m in fw_policies])
161
Chris Hoge7579c1a2015-02-26 14:12:15 -0800162 @test.idempotent_id('bbf37b6c-498c-421e-9c95-45897d3ed775')
Mh Raies96594fc2014-03-26 16:34:18 +0530163 def test_create_update_delete_firewall_policy(self):
164 # Create firewall policy
David Kranz34e88122014-12-11 15:24:05 -0500165 body = self.client.create_firewall_policy(
Mh Raies96594fc2014-03-26 16:34:18 +0530166 name=data_utils.rand_name("fw-policy"))
Mh Raies96594fc2014-03-26 16:34:18 +0530167 fw_policy_id = body['firewall_policy']['id']
168 self.addCleanup(self._try_delete_policy, fw_policy_id)
169
170 # Update firewall policy
David Kranz34e88122014-12-11 15:24:05 -0500171 body = self.client.update_firewall_policy(fw_policy_id,
172 shared=True,
173 name="updated_policy")
Mh Raies96594fc2014-03-26 16:34:18 +0530174 updated_fw_policy = body["firewall_policy"]
175 self.assertTrue(updated_fw_policy['shared'])
176 self.assertEqual("updated_policy", updated_fw_policy['name'])
177
178 # Delete firewall policy
Rohan Kanadeeeb21642014-08-14 12:00:26 +0200179 self.client.delete_firewall_policy(fw_policy_id)
Mh Raies96594fc2014-03-26 16:34:18 +0530180 # Confirm deletion
David Kranz34e88122014-12-11 15:24:05 -0500181 fw_policies = self.client.list_firewall_policies()
Mh Raies96594fc2014-03-26 16:34:18 +0530182 fw_policies = fw_policies['firewall_policies']
183 self.assertNotIn(fw_policy_id, [m['id'] for m in fw_policies])
184
Chris Hoge7579c1a2015-02-26 14:12:15 -0800185 @test.idempotent_id('1df59b3a-517e-41d4-96f6-fc31cf4ecff2')
Mh Raies96594fc2014-03-26 16:34:18 +0530186 def test_show_firewall_policy(self):
187 # show a created firewall policy
David Kranz34e88122014-12-11 15:24:05 -0500188 fw_policy = self.client.show_firewall_policy(self.fw_policy['id'])
Mh Raies96594fc2014-03-26 16:34:18 +0530189 fw_policy = fw_policy['firewall_policy']
190 for key, value in fw_policy.iteritems():
191 self.assertEqual(self.fw_policy[key], value)
192
Chris Hoge7579c1a2015-02-26 14:12:15 -0800193 @test.idempotent_id('02082a03-3cdd-4789-986a-1327dd80bfb7')
Mh Raies96594fc2014-03-26 16:34:18 +0530194 def test_create_show_delete_firewall(self):
Adam Gandelman77876cb2014-04-06 15:08:28 -0700195 # Create tenant network resources required for an ACTIVE firewall
196 network = self.create_network()
197 subnet = self.create_subnet(network)
198 router = self.create_router(
199 data_utils.rand_name('router-'),
200 admin_state_up=True)
201 self.client.add_router_interface_with_subnet_id(
202 router['id'], subnet['id'])
203
Mh Raies96594fc2014-03-26 16:34:18 +0530204 # Create firewall
David Kranz34e88122014-12-11 15:24:05 -0500205 body = self.client.create_firewall(
Mh Raies96594fc2014-03-26 16:34:18 +0530206 name=data_utils.rand_name("firewall"),
207 firewall_policy_id=self.fw_policy['id'])
Mh Raies96594fc2014-03-26 16:34:18 +0530208 created_firewall = body['firewall']
209 firewall_id = created_firewall['id']
210 self.addCleanup(self._try_delete_firewall, firewall_id)
211
armando-migliaccioc9e9bf62014-08-22 13:57:23 -0700212 # Wait for the firewall resource to become ready
213 self._wait_until_ready(firewall_id)
Adam Gandelman77876cb2014-04-06 15:08:28 -0700214
Mh Raies96594fc2014-03-26 16:34:18 +0530215 # show a created firewall
David Kranz34e88122014-12-11 15:24:05 -0500216 firewall = self.client.show_firewall(firewall_id)
Mh Raies96594fc2014-03-26 16:34:18 +0530217 firewall = firewall['firewall']
Adam Gandelman77876cb2014-04-06 15:08:28 -0700218
Mh Raies96594fc2014-03-26 16:34:18 +0530219 for key, value in firewall.iteritems():
Adam Gandelman77876cb2014-04-06 15:08:28 -0700220 if key == 'status':
221 continue
Mh Raies96594fc2014-03-26 16:34:18 +0530222 self.assertEqual(created_firewall[key], value)
223
224 # list firewall
David Kranz34e88122014-12-11 15:24:05 -0500225 firewalls = self.client.list_firewalls()
Mh Raies96594fc2014-03-26 16:34:18 +0530226 firewalls = firewalls['firewalls']
227 self.assertIn((created_firewall['id'],
228 created_firewall['name'],
229 created_firewall['firewall_policy_id']),
230 [(m['id'],
231 m['name'],
232 m['firewall_policy_id']) for m in firewalls])
233
234 # Delete firewall
Rohan Kanadeeeb21642014-08-14 12:00:26 +0200235 self.client.delete_firewall(firewall_id)
Mh Raies96594fc2014-03-26 16:34:18 +0530236
Chris Hoge7579c1a2015-02-26 14:12:15 -0800237 @test.idempotent_id('53305b4b-9897-4e01-87c0-2ae386083180')
Ashish Guptad04f6492014-07-22 02:34:18 -0700238 def test_firewall_rule_insertion_position_removal_rule_from_policy(self):
Ashish Guptafe016682014-06-26 05:46:55 -0700239 # Create firewall rule
David Kranz34e88122014-12-11 15:24:05 -0500240 body = self.client.create_firewall_rule(
Ashish Guptafe016682014-06-26 05:46:55 -0700241 name=data_utils.rand_name("fw-rule"),
242 action="allow",
243 protocol="tcp")
Ashish Guptad04f6492014-07-22 02:34:18 -0700244 fw_rule_id1 = body['firewall_rule']['id']
245 self.addCleanup(self._try_delete_rule, fw_rule_id1)
Ashish Guptafe016682014-06-26 05:46:55 -0700246 # Create firewall policy
David Kranz34e88122014-12-11 15:24:05 -0500247 body = self.client.create_firewall_policy(
Ashish Guptafe016682014-06-26 05:46:55 -0700248 name=data_utils.rand_name("fw-policy"))
249 fw_policy_id = body['firewall_policy']['id']
250 self.addCleanup(self._try_delete_policy, fw_policy_id)
251
252 # Insert rule to firewall policy
253 self.client.insert_firewall_rule_in_policy(
Ashish Guptad04f6492014-07-22 02:34:18 -0700254 fw_policy_id, fw_rule_id1, '', '')
Ashish Guptafe016682014-06-26 05:46:55 -0700255
256 # Verify insertion of rule in policy
Ashish Guptad04f6492014-07-22 02:34:18 -0700257 self.assertIn(fw_rule_id1, self._get_list_fw_rule_ids(fw_policy_id))
258 # Create another firewall rule
David Kranz34e88122014-12-11 15:24:05 -0500259 body = self.client.create_firewall_rule(
Ashish Guptad04f6492014-07-22 02:34:18 -0700260 name=data_utils.rand_name("fw-rule"),
261 action="allow",
262 protocol="icmp")
263 fw_rule_id2 = body['firewall_rule']['id']
264 self.addCleanup(self._try_delete_rule, fw_rule_id2)
265
266 # Insert rule to firewall policy after the first rule
267 self.client.insert_firewall_rule_in_policy(
268 fw_policy_id, fw_rule_id2, fw_rule_id1, '')
269
270 # Verify the posiition of rule after insertion
David Kranz34e88122014-12-11 15:24:05 -0500271 fw_rule = self.client.show_firewall_rule(
Ashish Guptad04f6492014-07-22 02:34:18 -0700272 fw_rule_id2)
273
274 self.assertEqual(int(fw_rule['firewall_rule']['position']), 2)
Ashish Guptafe016682014-06-26 05:46:55 -0700275 # Remove rule from the firewall policy
276 self.client.remove_firewall_rule_from_policy(
Ashish Guptad04f6492014-07-22 02:34:18 -0700277 fw_policy_id, fw_rule_id2)
278 # Insert rule to firewall policy before the first rule
279 self.client.insert_firewall_rule_in_policy(
280 fw_policy_id, fw_rule_id2, '', fw_rule_id1)
281 # Verify the posiition of rule after insertion
David Kranz34e88122014-12-11 15:24:05 -0500282 fw_rule = self.client.show_firewall_rule(
Ashish Guptad04f6492014-07-22 02:34:18 -0700283 fw_rule_id2)
284 self.assertEqual(int(fw_rule['firewall_rule']['position']), 1)
285 # Remove rule from the firewall policy
286 self.client.remove_firewall_rule_from_policy(
287 fw_policy_id, fw_rule_id2)
288 # Verify removal of rule from firewall policy
289 self.assertNotIn(fw_rule_id2, self._get_list_fw_rule_ids(fw_policy_id))
290
291 # Remove rule from the firewall policy
292 self.client.remove_firewall_rule_from_policy(
293 fw_policy_id, fw_rule_id1)
Ashish Guptafe016682014-06-26 05:46:55 -0700294
295 # Verify removal of rule from firewall policy
Ashish Guptad04f6492014-07-22 02:34:18 -0700296 self.assertNotIn(fw_rule_id1, self._get_list_fw_rule_ids(fw_policy_id))
Ashish Guptafe016682014-06-26 05:46:55 -0700297
298 def _get_list_fw_rule_ids(self, fw_policy_id):
David Kranz34e88122014-12-11 15:24:05 -0500299 fw_policy = self.client.show_firewall_policy(
Ashish Guptafe016682014-06-26 05:46:55 -0700300 fw_policy_id)
301 return [ruleid for ruleid in fw_policy['firewall_policy']
302 ['firewall_rules']]
Ashish Guptad04f6492014-07-22 02:34:18 -0700303
Chris Hoge7579c1a2015-02-26 14:12:15 -0800304 @test.idempotent_id('8515ca8a-0d2f-4298-b5ff-6f924e4587ca')
Ashish Guptad04f6492014-07-22 02:34:18 -0700305 def test_update_firewall_policy_audited_attribute(self):
306 # Create firewall rule
David Kranz34e88122014-12-11 15:24:05 -0500307 body = self.client.create_firewall_rule(
Ashish Guptad04f6492014-07-22 02:34:18 -0700308 name=data_utils.rand_name("fw-rule"),
309 action="allow",
310 protocol="icmp")
311 fw_rule_id = body['firewall_rule']['id']
312 self.addCleanup(self._try_delete_rule, fw_rule_id)
313 # Create firewall policy
David Kranz34e88122014-12-11 15:24:05 -0500314 body = self.client.create_firewall_policy(
Ashish Guptad04f6492014-07-22 02:34:18 -0700315 name=data_utils.rand_name('fw-policy'))
316 fw_policy_id = body['firewall_policy']['id']
317 self.addCleanup(self._try_delete_policy, fw_policy_id)
318 self.assertFalse(body['firewall_policy']['audited'])
319 # Update firewall policy audited attribute to ture
320 self.client.update_firewall_policy(fw_policy_id,
321 audited=True)
322 # Insert Firewall rule to firewall policy
323 self.client.insert_firewall_rule_in_policy(
324 fw_policy_id, fw_rule_id, '', '')
David Kranz34e88122014-12-11 15:24:05 -0500325 body = self.client.show_firewall_policy(
Ashish Guptad04f6492014-07-22 02:34:18 -0700326 fw_policy_id)
327 self.assertFalse(body['firewall_policy']['audited'])