From 8d2557c6320208e0d27532f8d4d5f239b002a4c5 Mon Sep 17 00:00:00 2001 From: Brian Haley Date: Mon, 20 May 2019 15:56:58 -0400 Subject: [PATCH] Change legacy security group rule check A neutron change, https://review.opendev.org/#/c/453346/ is standardizing the protocol name for IPv6 ICMP in security group rules to be 'ipv6-icmp', even if 'icmp' or 'icmpv6' was passed during creation. Change the API test to check against a list of possible values so it covers both old and new behaviors. Change-Id: I0ca8d743ca56f7d67ef8c1ae45ca518bd6e6dc35 Partial-Bug: #1582500 --- .../api/base_security_groups.py | 4 +- .../api/test_security_groups.py | 38 +++++++++++++++++-- 2 files changed, 35 insertions(+), 7 deletions(-) diff --git a/neutron_tempest_plugin/api/base_security_groups.py b/neutron_tempest_plugin/api/base_security_groups.py index ca2c17a3..952de95e 100644 --- a/neutron_tempest_plugin/api/base_security_groups.py +++ b/neutron_tempest_plugin/api/base_security_groups.py @@ -47,8 +47,6 @@ V4_PROTOCOL_INTS = {v for k, v in constants.IP_PROTOCOL_MAP.items() if k in V4_PROTOCOL_NAMES} -V6_PROTOCOL_LEGACY = {constants.PROTO_NAME_IPV6_ICMP_LEGACY} - V6_PROTOCOL_NAMES = { 'ipv6-encap', 'ipv6-frag', @@ -60,4 +58,4 @@ V6_PROTOCOL_NAMES = { V6_PROTOCOL_INTS = {v for k, v in constants.IP_PROTOCOL_MAP.items() - if k in (V6_PROTOCOL_NAMES | V6_PROTOCOL_LEGACY)} + if k in V6_PROTOCOL_NAMES} diff --git a/neutron_tempest_plugin/api/test_security_groups.py b/neutron_tempest_plugin/api/test_security_groups.py index d44ba504..6de2c22e 100644 --- a/neutron_tempest_plugin/api/test_security_groups.py +++ b/neutron_tempest_plugin/api/test_security_groups.py @@ -109,12 +109,42 @@ class SecGroupProtocolIPv6Test(SecGroupProtocolTest): _ip_version = constants.IP_VERSION_6 protocol_names = base_security_groups.V6_PROTOCOL_NAMES protocol_ints = base_security_groups.V6_PROTOCOL_INTS - protocol_legacy_names = base_security_groups.V6_PROTOCOL_LEGACY @decorators.idempotent_id('c7d17b41-3b4e-4add-bb3b-6af59baaaffa') - def test_security_group_rule_protocol_legacy_names(self): - self._test_security_group_rule_protocols( - protocols=self.protocol_legacy_names) + def test_security_group_rule_protocol_legacy_icmpv6(self): + # These legacy protocols can be used to create security groups, + # but they could be shown either with their passed protocol name, + # or a canonical-ized version, depending on the neutron version. + # So we check against a list of possible values. + # TODO(haleyb): Remove once these legacy names are deprecated + protocols = {constants.PROTO_NAME_IPV6_ICMP_LEGACY: + constants.PROTO_NAME_IPV6_ICMP, + constants.PROTO_NAME_ICMP: + constants.PROTO_NAME_IPV6_ICMP} + for key, value in protocols.items(): + self._test_security_group_rule_legacy( + protocol_list=[str(key), str(value)], + protocol=str(key), + direction=constants.INGRESS_DIRECTION, + ethertype=self.ethertype) + + def _test_security_group_rule_legacy(self, protocol_list, **kwargs): + security_group = self.create_security_group() + security_group_rule = self.create_security_group_rule( + security_group=security_group, **kwargs) + observed_security_group_rule = self.client.show_security_group_rule( + security_group_rule['id'])['security_group_rule'] + for key, value in kwargs.items(): + if key == 'protocol': + self.assertIn(security_group_rule[key], protocol_list, + "{!r} does not match.".format(key)) + self.assertIn(observed_security_group_rule[key], protocol_list, + "{!r} does not match.".format(key)) + else: + self.assertEqual(value, security_group_rule[key], + "{!r} does not match.".format(key)) + self.assertEqual(value, observed_security_group_rule[key], + "{!r} does not match.".format(key)) class RbacSharedSecurityGroupTest(base.BaseAdminNetworkTest):