From b175a450eefb74e466c32e19e2fe1ffe80ca309f Mon Sep 17 00:00:00 2001 From: pbharathbhu Date: Thu, 25 Jul 2019 10:01:50 +0000 Subject: [PATCH] FwaasV2 new cases. Change-Id: Ia0d90ed12891a8925c04da74e7bf87448f954690 --- .../tests/api/test_v2_fwaas.py | 71 ++++++++++++++++--- 1 file changed, 60 insertions(+), 11 deletions(-) diff --git a/vmware_nsx_tempest_plugin/tests/api/test_v2_fwaas.py b/vmware_nsx_tempest_plugin/tests/api/test_v2_fwaas.py index 3d1a1ed..762d64a 100644 --- a/vmware_nsx_tempest_plugin/tests/api/test_v2_fwaas.py +++ b/vmware_nsx_tempest_plugin/tests/api/test_v2_fwaas.py @@ -16,6 +16,7 @@ from oslo_log import log as logging from tempest import config from tempest.lib.common.utils import data_utils +from tempest.lib.common.utils import test_utils from tempest.lib import decorators from tempest.lib import exceptions from tempest import test @@ -57,13 +58,14 @@ class TestFwaasV2Ops(feature_manager.FeatureManager): CONF.nsxv3.nsx_user, CONF.nsxv3.nsx_password) - def create_fw_basic_topo(self, protocol_name=None): + def create_fw_basic_topo(self, protocol_name=None, source_ip=None): if protocol_name is None: protocol_name = 'icmp' rule_name = data_utils.rand_name('fw-rule-') # Create firewall rule fw_rules = self.create_firewall_rule(name=rule_name, - protocol=protocol_name) + protocol=protocol_name, + source_ip_address=source_ip) rules = [] show_rules = self.show_firewall_rule(fw_rules['firewall_rule']['id']) # Check firewall rule @@ -127,13 +129,18 @@ class TestFwaasV2Ops(feature_manager.FeatureManager): group_delete=True, project_id=None, ports=None, - protocol_name=None): + protocol_name=None, + source_ip=None): if protocol_name is None: protocol_name = 'icmp' rule_name = data_utils.rand_name('fw-rule-') # Create firewall rule fw_rules = self.create_firewall_rule( - name=rule_name, protocol=protocol_name, project_id=project_id) + name=rule_name, protocol=protocol_name, project_id=project_id, + source_ip_address=source_ip) + self.addCleanup(test_utils.call_and_ignore_notfound_exc, + self.fwaas_v2_client.delete_firewall_v2_rule, + fw_rules['firewall_rule']['id']) rules = [] show_rules = self.show_firewall_rule(fw_rules['firewall_rule']['id']) # Check firewall rule @@ -146,6 +153,10 @@ class TestFwaasV2Ops(feature_manager.FeatureManager): fw_policy = self.create_firewall_policy(name=policy_name, firewall_rules=rules, project_id=project_id) + self.addCleanup(test_utils.call_and_ignore_notfound_exc, + self.fwaas_v2_client.delete_firewall_v2_policy, + fw_policy['firewall_policy']['id']) + show_policy = self.show_firewall_policy( fw_policy['firewall_policy']['id']) # Check firewall policy @@ -163,6 +174,9 @@ class TestFwaasV2Ops(feature_manager.FeatureManager): egress_firewall_policy_id=policy_id, ports=ports, project_id=project_id) + self.addCleanup(test_utils.call_and_ignore_notfound_exc, + self.fwaas_v2_client.delete_firewall_v2_group, + fw_group["firewall_group"]["id"]) self._wait_firewall_ready(fw_group["firewall_group"]["id"]) show_group = self.show_firewall_group(fw_group["firewall_group"]["id"]) self.assertEqual(show_group.get('firewall_group')['ports'], ports) @@ -178,18 +192,25 @@ class TestFwaasV2Ops(feature_manager.FeatureManager): 'ingress_firewall_policy_id'], policy_id) self.assertEqual(show_group.get('firewall_group')[ 'egress_firewall_policy_id'], policy_id) + fw_topo = dict(fw_rules=fw_rules, fw_policy=fw_policy, + fw_group=fw_group) # Delete firewall group + f_id = fw_group["firewall_group"]["id"] + self.fwaas_v2_client.update_firewall_v2_group(f_id, + ports=[]) self.fwaas_v2_client.delete_firewall_v2_group( fw_group["firewall_group"]["id"]) else: fw_topo = dict(fw_rules=fw_rules, fw_policy=fw_policy, fw_group=fw_group) - return fw_topo + return fw_topo - def create_fw_with_port_topology(self, protocol_name, group_delete=True): + def create_fw_with_port_topology(self, protocol_name, + group_delete=True, + source_ip=None, + create_instance=False): # Create network topo - network = \ - self.create_topology_network(network_name="fw-network") + network = self.create_topology_network(network_name="fw-network") router_name = 'fw-router' # Create router topo router = self.create_topology_router(router_name) @@ -197,16 +218,28 @@ class TestFwaasV2Ops(feature_manager.FeatureManager): # Create subnet topo self.create_topology_subnet(subnet_name, network, router_id=router['id']) + + if create_instance: + image_id = self.get_glance_image_id(["cirros", "esx"]) + self.create_topology_instance( + "state_vm_1", [network], + create_floating_ip=True, image_id=image_id) + self.create_topology_instance( + "state_vm_2", [network], + create_floating_ip=True, image_id=image_id) + floatin_ip = self.topology_servers['state_vm_1']['floating_ips'] + source_ip = floatin_ip[0]['fixed_ip_address'] p_client = self.ports_client ports = [] ports.append(self.get_router_port(p_client)) if not group_delete: fw_topo = self.create_fw_group_port_topo( - group_delete, network['project_id'], ports, protocol_name) - return fw_topo + group_delete, network['project_id'], ports, protocol_name, + source_ip) else: - self.create_fw_group_port_topo( + fw_topo = self.create_fw_group_port_topo( group_delete, network['project_id'], ports, protocol_name) + return fw_topo @decorators.attr(type='nsxv3') @decorators.idempotent_id('431288d7-9213-4b1e-a11d-15840c8e2f12') @@ -302,3 +335,19 @@ class TestFwaasV2Ops(feature_manager.FeatureManager): self.assertRaises(exceptions.Conflict, self.fwaas_v2_client.delete_firewall_v2_policy, fw_topo["fw_policy"]["firewall_policy"]["id"]) + + @decorators.attr(type='nsxv3') + @decorators.attr(type=["negative"]) + @decorators.idempotent_id('901488d7-1184-4b1e-511d-15878c8e2fd6') + def test_verify_firewall_group_source_ip_invalid(self): + """ + Verify Firewall group with invalid ip should be ACTIVE + """ + cidr = '0.0.0.0/0' + fw_topo = self.create_fw_with_port_topology('icmp', + source_ip=cidr, + group_delete=False) + self.assertEqual("ACTIVE", + fw_topo['fw_group']['firewall_group']['status']) + self.update_firewall_group(fw_topo["fw_group"]['firewall_group']["id"], + ports=[])