Add more API tests for port-security extension:

Test create port with specific value of port_security_enabled Test create secure port with security_group attached Test update port with port_security_enabled True\False and with or without security groups Test deleting port with port_security_enabled Change-Id: Id71f5451dc17f374feff1a3bdb35fb9ec42f0fa1 Depends-On: Ia27881a34ff99cad34c84764d2bf8a6cdf77af9c Depends-On: Ie0ec090e8fdce7dbdbce14ef47f38e8e57f262d4
2015-04-20 16:22:27 +03:00 · 2015-04-20 16:22:27 +03:00 · 770859d25b
commit 770859d25b
parent 5509839e0a
4 changed files with 127 additions and 38 deletions
--- a/neutron/tests/api/admin/test_extension_driver_port_security_admin.py
+++ b/neutron/tests/api/admin/test_extension_driver_port_security_admin.py
@ -0,0 +1,32 @@
+# Copyright 2015 Cisco Systems, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from neutron.tests.api import base
+from neutron.tests.api import base_security_groups as base_security
+from neutron.tests.tempest import test
+from tempest_lib import exceptions as lib_exc
+
+
+class PortSecurityAdminTests(base_security.BaseSecGroupTest,
+                             base.BaseAdminNetworkTest):
+
+    @test.attr(type=['negative', 'smoke'])
+    @test.idempotent_id('d39a96e2-2dea-4feb-8093-e7ac991ce6f8')
+    def test_create_port_security_false_on_shared_network(self):
+        network = self.create_shared_network()
+        self.assertTrue(network['shared'])
+        self.create_subnet(network, client=self.admin_client)
+        self.assertRaises(lib_exc.Forbidden, self.create_port,
+                          network, port_security_enabled=False)
--- a/neutron/tests/api/base.py
+++ b/neutron/tests/api/base.py
@ -188,11 +188,11 @@ class BaseNetworkTest(neutron.tests.tempest.test.BaseTestCase):
            pass

    @classmethod
-    def create_network(cls, network_name=None):
+    def create_network(cls, network_name=None, **kwargs):
        """Wrapper utility that returns a test network."""
        network_name = network_name or data_utils.rand_name('test-network-')

-        body = cls.client.create_network(name=network_name)
+        body = cls.client.create_network(name=network_name, **kwargs)
        network = body['network']
        cls.networks.append(network)
        return network
--- a/neutron/tests/api/test_extension_driver_port_security.py
+++ b/neutron/tests/api/test_extension_driver_port_security.py
@ -13,34 +13,22 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.

-from tempest_lib.common.utils import data_utils
-from tempest_lib import exceptions as lib_exc
+import ddt

-from neutron.tests.api import base_security_groups as base
+from neutron.tests.api import base
+from neutron.tests.api import base_security_groups as base_security
 from neutron.tests.tempest import config
 from neutron.tests.tempest import test
-
+from tempest_lib import exceptions as lib_exc

 CONF = config.CONF
 FAKE_IP = '10.0.0.1'
 FAKE_MAC = '00:25:64:e8:19:dd'


-class PortSecTest(base.BaseSecGroupTest):
-
-    @classmethod
-    def resource_setup(cls):
-        super(PortSecTest, cls).resource_setup()
-
-    def _create_network(self, network_name=None, port_security_enabled=True):
-        """Wrapper utility that returns a test network."""
-        network_name = network_name or data_utils.rand_name('test-network')
-
-        body = self.client.create_network(
-            name=network_name, port_security_enabled=port_security_enabled)
-        network = body['network']
-        self.networks.append(network)
-        return network
+@ddt.ddt
+class PortSecTest(base_security.BaseSecGroupTest,
+                  base.BaseNetworkTest):

    @test.attr(type='smoke')
    @test.idempotent_id('7c338ddf-e64e-4118-bd33-e49a1f2f1495')
@ -49,29 +37,41 @@ class PortSecTest(base.BaseSecGroupTest):
        # Default port-sec value is True, and the attr of the port will inherit
        # from the port-sec of the network when it not be specified in API
        network = self.create_network()
-        self.create_subnet(network)
        self.assertTrue(network['port_security_enabled'])
+        self.create_subnet(network)
        port = self.create_port(network)
        self.assertTrue(port['port_security_enabled'])

    @test.attr(type='smoke')
    @test.idempotent_id('e60eafd2-31de-4c38-8106-55447d033b57')
    @test.requires_ext(extension='port-security', service='network')
-    def test_port_sec_specific_value(self):
-        network = self.create_network()
-
-        self.assertTrue(network['port_security_enabled'])
+    @ddt.unpack
+    @ddt.data({'port_sec_net': False, 'port_sec_port': True, 'expected': True},
+              {'port_sec_net': True, 'port_sec_port': False,
+               'expected': False})
+    def test_port_sec_specific_value(self, port_sec_net, port_sec_port,
+                                     expected):
+        network = self.create_network(port_security_enabled=port_sec_net)
        self.create_subnet(network)
-        port = self.create_port(network, port_security_enabled=False)
-        self.assertFalse(port['port_security_enabled'])
+        port = self.create_port(network, port_security_enabled=port_sec_port)
+        self.assertEqual(network['port_security_enabled'], port_sec_net)
+        self.assertEqual(port['port_security_enabled'], expected)

-        # Create a network with port-sec set to False
-        network = self._create_network(port_security_enabled=False)
-
-        self.assertFalse(network['port_security_enabled'])
+    @test.attr(type=['smoke'])
+    @test.idempotent_id('05642059-1bfc-4581-9bc9-aaa5db08dd60')
+    @test.requires_ext(extension='port-security', service='network')
+    def test_create_port_sec_with_security_group(self):
+        network = self.create_network(port_security_enabled=True)
        self.create_subnet(network)
-        port = self.create_port(network, port_security_enabled=True)
+
+        port = self.create_port(network, security_groups=[])
        self.assertTrue(port['port_security_enabled'])
+        self.client.delete_port(port['id'])
+
+        port = self.create_port(network, security_groups=[],
+                                port_security_enabled=False)
+        self.assertFalse(port['port_security_enabled'])
+        self.assertEmpty(port['security_groups'])

    @test.attr(type=['negative', 'smoke'])
    @test.idempotent_id('05642059-1bfc-4581-9bc9-aaa5db08dd60')
@ -79,16 +79,72 @@ class PortSecTest(base.BaseSecGroupTest):
    def test_port_sec_update_port_failed(self):
        network = self.create_network()
        self.create_subnet(network)
+
+        sec_group_body, sec_group_name = self._create_security_group()
        port = self.create_port(network)

        # Exception when set port-sec to False with sec-group defined
-        self.assertRaises(lib_exc.Conflict,
-                          self.update_port, port, port_security_enabled=False)
+        self.assertRaises(lib_exc.Conflict, self.update_port, port,
+                          port_security_enabled=False)

-        updated_port = self.update_port(
-            port, security_groups=[], port_security_enabled=False)
-        self.assertFalse(updated_port['port_security_enabled'])
+        port = self.update_port(port, security_groups=[],
+                                port_security_enabled=False)
+        self.assertEmpty(port['security_groups'])
+        self.assertFalse(port['port_security_enabled'])
+        port = self.update_port(
+            port, security_groups=[sec_group_body['security_group']['id']],
+            port_security_enabled=True)

+        self.assertNotEmpty(port['security_groups'])
+        self.assertTrue(port['port_security_enabled'])
+
+        # Remove security group from port before deletion on resource_cleanup
+        self.update_port(port, security_groups=[])
+
+    @test.attr(type=['smoke'])
+    @test.idempotent_id('05642059-1bfc-4581-9bc9-aaa5db08dd60')
+    @test.requires_ext(extension='port-security', service='network')
+    def test_port_sec_update_pass(self):
+        network = self.create_network()
+        self.create_subnet(network)
+        sec_group, _ = self._create_security_group()
+        sec_group_id = sec_group['security_group']['id']
+        port = self.create_port(network, security_groups=[sec_group_id],
+                                port_security_enabled=True)
+
+        self.assertNotEmpty(port['security_groups'])
+        self.assertTrue(port['port_security_enabled'])
+
+        port = self.update_port(port, security_groups=[])
+        self.assertEmpty(port['security_groups'])
+        self.assertTrue(port['port_security_enabled'])
+
+        port = self.update_port(port, security_groups=[sec_group_id])
+        self.assertNotEmpty(port['security_groups'])
+        port = self.update_port(port, security_groups=[],
+                                port_security_enabled=False)
+        self.assertEmpty(port['security_groups'])
+        self.assertFalse(port['port_security_enabled'])
+
+    @test.attr(type=['smoke'])
+    @test.idempotent_id('2df6114b-b8c3-48a1-96e8-47f08159d35c')
+    @test.requires_ext(extension='port-security', service='network')
+    def test_delete_with_port_sec(self):
+        network = self.create_network(port_security_enabled=True)
+        port = self.create_port(network=network,
+                                port_security_enabled=True)
+        self.client.delete_port(port['id'])
+        self.assertTrue(self.client.is_resource_deleted('port', port['id']))
+        self.client.delete_network(network['id'])
+        self.assertTrue(
+            self.client.is_resource_deleted('network', network['id']))
+
+    @test.attr(type=['negative', 'smoke'])
+    @test.idempotent_id('ed93e453-3f8d-495e-8e7e-b0e268c2ebd9')
+    def test_allow_address_pairs(self):
+        network = self.create_network()
+        self.create_subnet(network)
+        port = self.create_port(network=network, port_security_enabled=False)
        allowed_address_pairs = [{'ip_address': FAKE_IP,
                                  'mac_address': FAKE_MAC}]

--- a/test-requirements.txt
+++ b/test-requirements.txt
@ -17,3 +17,4 @@ testscenarios>=0.4
 WebTest>=2.0
 oslotest>=1.5.1  # Apache-2.0
 tempest-lib>=0.5.0
+ddt>=0.7.0