x/vmware-nsx-tempest-plugin
Code Issues Proposed changes

FwaasV2 new cases.

Browse Source 
Change-Id: Ia0d90ed12891a8925c04da74e7bf87448f954690
This commit is contained in:
pbharathbhu 2019-07-25 10:01:50 +00:00
parent 14f6ba9bc6
commit b175a450ee
1 changed files with 60 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
vmware_nsx_tempest_plugin/tests/api/test_v2_fwaas.py
View File

@ -16,6 +16,7 @@ from oslo_log import log as logging
from tempest import config from tempest import config
from tempest.lib.common.utils import data_utils from tempest.lib.common.utils import data_utils
from tempest.lib.common.utils import test_utils
from tempest.lib import decorators from tempest.lib import decorators
from tempest.lib import exceptions from tempest.lib import exceptions
from tempest import test from tempest import test
@ -57,13 +58,14 @@ class TestFwaasV2Ops(feature_manager.FeatureManager):
CONF.nsxv3.nsx_user, CONF.nsxv3.nsx_user,
CONF.nsxv3.nsx_password) CONF.nsxv3.nsx_password)
def create_fw_basic_topo(self, protocol_name=None): def create_fw_basic_topo(self, protocol_name=None, source_ip=None):
if protocol_name is None: if protocol_name is None:
protocol_name = 'icmp' protocol_name = 'icmp'
rule_name = data_utils.rand_name('fw-rule-') rule_name = data_utils.rand_name('fw-rule-')
# Create firewall rule # Create firewall rule
fw_rules = self.create_firewall_rule(name=rule_name, fw_rules = self.create_firewall_rule(name=rule_name,
protocol=protocol_name) protocol=protocol_name,
source_ip_address=source_ip)
rules = [] rules = []
show_rules = self.show_firewall_rule(fw_rules['firewall_rule']['id']) show_rules = self.show_firewall_rule(fw_rules['firewall_rule']['id'])
# Check firewall rule # Check firewall rule
@ -127,13 +129,18 @@ class TestFwaasV2Ops(feature_manager.FeatureManager):
group_delete=True, group_delete=True,
project_id=None, project_id=None,
ports=None, ports=None,
protocol_name=None): protocol_name=None,
source_ip=None):
if protocol_name is None: if protocol_name is None:
protocol_name = 'icmp' protocol_name = 'icmp'
rule_name = data_utils.rand_name('fw-rule-') rule_name = data_utils.rand_name('fw-rule-')
# Create firewall rule # Create firewall rule
fw_rules = self.create_firewall_rule( fw_rules = self.create_firewall_rule(
name=rule_name, protocol=protocol_name, project_id=project_id) name=rule_name, protocol=protocol_name, project_id=project_id,
source_ip_address=source_ip)
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.fwaas_v2_client.delete_firewall_v2_rule,
fw_rules['firewall_rule']['id'])
rules = [] rules = []
show_rules = self.show_firewall_rule(fw_rules['firewall_rule']['id']) show_rules = self.show_firewall_rule(fw_rules['firewall_rule']['id'])
# Check firewall rule # Check firewall rule
@ -146,6 +153,10 @@ class TestFwaasV2Ops(feature_manager.FeatureManager):
fw_policy = self.create_firewall_policy(name=policy_name, fw_policy = self.create_firewall_policy(name=policy_name,
firewall_rules=rules, firewall_rules=rules,
project_id=project_id) project_id=project_id)
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.fwaas_v2_client.delete_firewall_v2_policy,
fw_policy['firewall_policy']['id'])
show_policy = self.show_firewall_policy( show_policy = self.show_firewall_policy(
fw_policy['firewall_policy']['id']) fw_policy['firewall_policy']['id'])
# Check firewall policy # Check firewall policy
@ -163,6 +174,9 @@ class TestFwaasV2Ops(feature_manager.FeatureManager):
egress_firewall_policy_id=policy_id, egress_firewall_policy_id=policy_id,
ports=ports, ports=ports,
project_id=project_id) project_id=project_id)
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.fwaas_v2_client.delete_firewall_v2_group,
fw_group["firewall_group"]["id"])
self._wait_firewall_ready(fw_group["firewall_group"]["id"]) self._wait_firewall_ready(fw_group["firewall_group"]["id"])
show_group = self.show_firewall_group(fw_group["firewall_group"]["id"]) show_group = self.show_firewall_group(fw_group["firewall_group"]["id"])
self.assertEqual(show_group.get('firewall_group')['ports'], ports) self.assertEqual(show_group.get('firewall_group')['ports'], ports)
@ -178,7 +192,12 @@ class TestFwaasV2Ops(feature_manager.FeatureManager):
'ingress_firewall_policy_id'], policy_id) 'ingress_firewall_policy_id'], policy_id)
self.assertEqual(show_group.get('firewall_group')[ self.assertEqual(show_group.get('firewall_group')[
'egress_firewall_policy_id'], policy_id) 'egress_firewall_policy_id'], policy_id)
fw_topo = dict(fw_rules=fw_rules, fw_policy=fw_policy,
fw_group=fw_group)
# Delete firewall group # Delete firewall group
f_id = fw_group["firewall_group"]["id"]
self.fwaas_v2_client.update_firewall_v2_group(f_id,
ports=[])
self.fwaas_v2_client.delete_firewall_v2_group( self.fwaas_v2_client.delete_firewall_v2_group(
fw_group["firewall_group"]["id"]) fw_group["firewall_group"]["id"])
else: else:
@ -186,10 +205,12 @@ class TestFwaasV2Ops(feature_manager.FeatureManager):
fw_group=fw_group) fw_group=fw_group)
return fw_topo return fw_topo
def create_fw_with_port_topology(self, protocol_name, group_delete=True): def create_fw_with_port_topology(self, protocol_name,
group_delete=True,
source_ip=None,
create_instance=False):
# Create network topo # Create network topo
network = \ network = self.create_topology_network(network_name="fw-network")
self.create_topology_network(network_name="fw-network")
router_name = 'fw-router' router_name = 'fw-router'
# Create router topo # Create router topo
router = self.create_topology_router(router_name) router = self.create_topology_router(router_name)
@ -197,16 +218,28 @@ class TestFwaasV2Ops(feature_manager.FeatureManager):
# Create subnet topo # Create subnet topo
self.create_topology_subnet(subnet_name, network, self.create_topology_subnet(subnet_name, network,
router_id=router['id']) router_id=router['id'])
if create_instance:
image_id = self.get_glance_image_id(["cirros", "esx"])
self.create_topology_instance(
"state_vm_1", [network],
create_floating_ip=True, image_id=image_id)
self.create_topology_instance(
"state_vm_2", [network],
create_floating_ip=True, image_id=image_id)
floatin_ip = self.topology_servers['state_vm_1']['floating_ips']
source_ip = floatin_ip[0]['fixed_ip_address']
p_client = self.ports_client p_client = self.ports_client
ports = [] ports = []
ports.append(self.get_router_port(p_client)) ports.append(self.get_router_port(p_client))
if not group_delete: if not group_delete:
fw_topo = self.create_fw_group_port_topo(
group_delete, network['project_id'], ports, protocol_name,
source_ip)
else:
fw_topo = self.create_fw_group_port_topo( fw_topo = self.create_fw_group_port_topo(
group_delete, network['project_id'], ports, protocol_name) group_delete, network['project_id'], ports, protocol_name)
return fw_topo return fw_topo
else:
self.create_fw_group_port_topo(
group_delete, network['project_id'], ports, protocol_name)
@decorators.attr(type='nsxv3') @decorators.attr(type='nsxv3')
@decorators.idempotent_id('431288d7-9213-4b1e-a11d-15840c8e2f12') @decorators.idempotent_id('431288d7-9213-4b1e-a11d-15840c8e2f12')
@ -302,3 +335,19 @@ class TestFwaasV2Ops(feature_manager.FeatureManager):
self.assertRaises(exceptions.Conflict, self.assertRaises(exceptions.Conflict,
self.fwaas_v2_client.delete_firewall_v2_policy, self.fwaas_v2_client.delete_firewall_v2_policy,
fw_topo["fw_policy"]["firewall_policy"]["id"]) fw_topo["fw_policy"]["firewall_policy"]["id"])
@decorators.attr(type='nsxv3')
@decorators.attr(type=["negative"])
@decorators.idempotent_id('901488d7-1184-4b1e-511d-15878c8e2fd6')
def test_verify_firewall_group_source_ip_invalid(self):
"""
Verify Firewall group with invalid ip should be ACTIVE
"""
cidr = '0.0.0.0/0'
fw_topo = self.create_fw_with_port_topology('icmp',
source_ip=cidr,
group_delete=False)
self.assertEqual("ACTIVE",
fw_topo['fw_group']['firewall_group']['status'])
self.update_firewall_group(fw_topo["fw_group"]['firewall_group']["id"],
ports=[])