openstack/neutron-tempest-plugin
Code Issues Proposed changes

[Stateless SG] Add test for port security and stateless SGs

Browse Source 
This patch modifies exisitng port_security_removed_added to be run
for both stateful and stateless SGs.

Change-Id: Idb49963618c45dbe5976e32d5db466f35ed534c8
This commit is contained in:
Slawek Kaplonski 2024-03-14 11:15:59 +01:00
parent ec162e0f56
commit ad4ddcbaa1
2 changed files with 30 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
neutron_tempest_plugin/scenario/base.py
View File

@ -285,7 +285,8 @@ class BaseTempestTestCase(base_api.BaseNetworkTest):
client.delete_interface(server_id, port_id=port_id) client.delete_interface(server_id, port_id=port_id)
def setup_network_and_server(self, router=None, server_name=None, def setup_network_and_server(self, router=None, server_name=None,
network=None, **kwargs): network=None, use_stateless_sg=False,
**kwargs):
"""Create network resources and a server. """Create network resources and a server.
Creating a network, subnet, router, keypair, security group Creating a network, subnet, router, keypair, security group
@ -296,8 +297,13 @@ class BaseTempestTestCase(base_api.BaseNetworkTest):
self.subnet = self.create_subnet(self.network) self.subnet = self.create_subnet(self.network)
LOG.debug("Created subnet %s", self.subnet['id']) LOG.debug("Created subnet %s", self.subnet['id'])
sg_args = {
'name': data_utils.rand_name('secgroup')
}
if use_stateless_sg:
sg_args['stateful'] = False
secgroup = self.os_primary.network_client.create_security_group( secgroup = self.os_primary.network_client.create_security_group(
name=data_utils.rand_name('secgroup')) **sg_args)
LOG.debug("Created security group %s", LOG.debug("Created security group %s",
secgroup['security_group']['name']) secgroup['security_group']['name'])
self.security_groups.append(secgroup['security_group']) self.security_groups.append(secgroup['security_group'])
@ -307,6 +313,9 @@ class BaseTempestTestCase(base_api.BaseNetworkTest):
self.keypair = self.create_keypair() self.keypair = self.create_keypair()
self.create_loginable_secgroup_rule( self.create_loginable_secgroup_rule(
secgroup_id=secgroup['security_group']['id']) secgroup_id=secgroup['security_group']['id'])
if use_stateless_sg:
self.create_ingress_metadata_secgroup_rule(
secgroup_id=secgroup['security_group']['id'])
server_kwargs = { server_kwargs = {
'flavor_ref': CONF.compute.flavor_ref, 'flavor_ref': CONF.compute.flavor_ref,

22
neutron_tempest_plugin/scenario/test_portsecurity.py
View File

@ -11,7 +11,9 @@
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
import testtools
from tempest.common import utils
from tempest.lib import decorators from tempest.lib import decorators
from neutron_tempest_plugin import config from neutron_tempest_plugin import config
@ -24,15 +26,14 @@ class PortSecurityTest(base.BaseTempestTestCase):
credentials = ['primary', 'admin'] credentials = ['primary', 'admin']
required_extensions = ['port-security'] required_extensions = ['port-security']
@decorators.idempotent_id('61ab176e-d48b-42b7-b38a-1ba571ecc033') def _test_port_security_removed_added(self, use_stateless_sg):
def test_port_security_removed_added(self):
"""Test connection works after port security has been removed """Test connection works after port security has been removed
Initial test that vm is accessible. Then port security is removed, Initial test that vm is accessible. Then port security is removed,
checked connectivity. Port security is added back and checked checked connectivity. Port security is added back and checked
connectivity again. connectivity again.
""" """
self.setup_network_and_server() self.setup_network_and_server(use_stateless_sg=use_stateless_sg)
self.check_connectivity(self.fip['floating_ip_address'], self.check_connectivity(self.fip['floating_ip_address'],
CONF.validation.image_ssh_user, CONF.validation.image_ssh_user,
self.keypair['private_key']) self.keypair['private_key'])
@ -51,3 +52,18 @@ class PortSecurityTest(base.BaseTempestTestCase):
self.check_connectivity(self.fip['floating_ip_address'], self.check_connectivity(self.fip['floating_ip_address'],
CONF.validation.image_ssh_user, CONF.validation.image_ssh_user,
self.keypair['private_key']) self.keypair['private_key'])
@decorators.idempotent_id('61ab176e-d48b-42b7-b38a-1ba571ecc033')
def test_port_security_removed_added_stateful_sg(self):
self._test_port_security_removed_added(use_stateless_sg=False)
@decorators.idempotent_id('2f4005e1-cee1-40e5-adbd-b3e3cf218065')
@testtools.skipUnless(
utils.is_extension_enabled('stateful-security-group', 'network'),
"'stateful-security-group' API extension not available")
@testtools.skipIf(
CONF.neutron_plugin_options.firewall_driver in ['openvswitch', 'None'],
"Firewall driver other than 'openvswitch' is required to use "
"stateless security groups.")
def test_port_security_removed_added_stateless_sg(self):
self._test_port_security_removed_added(use_stateless_sg=True)