x/vmware-nsx
Code Issues Proposed changes

Tempest: Scenario tests for Provider security group with NSXv3

Browse Source 
Basic operation Scenario tests
{0} vmware_nsx_tempest.tests.nsxv3.scenario.test_provider_security_group.TestProviderSecurityGroup.test_connectivity_between_default_psg_server [76.918271s] ... ok
{0} vmware_nsx_tempest.tests.nsxv3.scenario.test_provider_security_group.TestProviderSecurityGroup.test_connectivity_between_default_psg_server_with_multi_networks [146.873962s] ... ok
{0} vmware_nsx_tempest.tests.nsxv3.scenario.test_provider_security_group.TestProviderSecurityGroup.test_connectivity_between_default_psg_servers [143.994441s] ... ok
{0} vmware_nsx_tempest.tests.nsxv3.scenario.test_provider_security_group.TestProviderSecurityGroup.test_ping_when_psg_enabled_disbaled_on_port [84.649035s] ... ok
Change-Id: I0af6c7b0f63ef5cd2d6e09e1e30d39dd261c4236
This commit is contained in:
Puneet Arora 2016-12-20 15:47:30 +00:00 committed by Tong Liu
parent 8bc4104162
commit 0b496f3d93
1 changed files with 363 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

363
vmware_nsx_tempest/tests/nsxv3/scenario/test_provider_security_group.py Normal file
View File

@ -0,0 +1,363 @@
# Copyright 2016 VMware Inc
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import collections
from oslo_log import log as logging
from tempest import config
from tempest.lib.common.utils import data_utils
from tempest.lib.common.utils import test_utils
from tempest.scenario import manager
from tempest import test
from vmware_nsx_tempest.services import nsxv3_client
CONF = config.CONF
LOG = logging.getLogger(__name__)
Floating_IP_tuple = collections.namedtuple('Floating_IP_tuple',
['floating_ip', 'server'])
class TestProviderSecurityGroup(manager.NetworkScenarioTest):
"""Test Provider security Group Scenario
Test the following Provider security Group scenarios
- Create default and PSG based servers and check connectivity
- Create mulitple default and PSG based servers and check
connectivity
- Create mulitple default and PSG based servers and check
connectivity on differect cidr
"""
@classmethod
def skip_checks(cls):
super(TestProviderSecurityGroup, cls).skip_checks()
if not test.is_extension_enabled('provider-security-group', 'network'):
msg = "Extension provider-security-group is not enabled."
raise cls.skipException(msg)
@classmethod
def setup_credentials(cls):
cls.set_network_resources()
super(TestProviderSecurityGroup, cls).setup_credentials()
cls.nsx = nsxv3_client.NSXV3Client(CONF.nsxv3.nsx_manager,
CONF.nsxv3.nsx_user,
CONF.nsxv3.nsx_password)
def setUp(self):
super(TestProviderSecurityGroup, self).setUp()
self.cmgr_pri = self.get_client_manager('primary')
self.cmgr_alt = self.get_client_manager('alt')
self.cmgr_adm = self.get_client_manager('admin')
self.keypairs = {}
self.servers = []
def create_security_provider_group(self, cmgr=None,
tenant_id=None, provider=False):
sg_client_admin = self.cmgr_adm.security_groups_client
sg_dict = dict(name=data_utils.rand_name('provider-sec-group'))
if tenant_id:
sg_dict['tenant_id'] = tenant_id
if provider:
sg_dict['provider'] = True
sg = sg_client_admin.create_security_group(**sg_dict)
sg = sg.get('security_group', sg)
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.delete_security_group,
sg_client_admin, sg.get('id'))
return sg
def delete_security_group(self, sg_client, sg_id):
sg_client.delete_security_group(sg_id)
def _delete_router(self, router):
body = self.ports_client.list_ports(device_id=router['id'])
interfaces = body['ports']
for i in interfaces:
test_utils.call_and_ignore_notfound_exc(
self.routers_client.remove_router_interface, router['id'],
subnet_id=i['fixed_ips'][0]['subnet_id'])
self.routers_client.delete_router(router['id'])
def _create_router(self, router_name=None, admin_state_up=True,
external_network_id=None, enable_snat=None,
**kwargs):
ext_gw_info = {}
if external_network_id:
ext_gw_info['network_id'] = external_network_id
if enable_snat is not None:
ext_gw_info['enable_snat'] = enable_snat
body = self.routers_client.create_router(
name=router_name, external_gateway_info=ext_gw_info,
admin_state_up=admin_state_up, **kwargs)
router = body.get('router', body)
self.addCleanup(self._delete_router, router)
return router
def _create_subnet(self, network, cidr, subnets_client=None, **kwargs):
client = subnets_client or self.subnets_client
body = client.create_subnet(
name=data_utils.rand_name('subnet-psg'),
network_id=network['id'], tenant_id=network['tenant_id'],
cidr=cidr, ip_version=4, **kwargs)
subnet = body.get('subnet', body)
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
client.delete_subnet, subnet['id'])
return subnet
def get_port_id(self, network_id, subnet_id, instance):
_, instance_addr = instance["addresses"].items()[0]
instance_fixed_ip = instance_addr[0]["addr"]
for port in self._list_ports():
port_fixed_ip = port["fixed_ips"][0]["ip_address"]
if port["network_id"] == network_id and port["fixed_ips"][0][
"subnet_id"] == subnet_id and instance["id"] == port[
"device_id"] and port_fixed_ip == instance_fixed_ip:
port_id = port["id"]
self.assertIsNotNone(port_id, "Failed to find Instance's port id!!!")
return port_id
def _create_server(self, name, network, image_id=None):
keypair = self.create_keypair()
self.keypairs[keypair['name']] = keypair
security_groups = [{'name': self.security_group['name']}]
network = {'uuid': network['id']}
server = self.create_server(name=name, networks=[network],
key_name=keypair['name'],
security_groups=security_groups,
image_id=image_id,
wait_until='ACTIVE')
self.servers.append(server)
return server
def _get_server_key(self, server):
return self.keypairs[server['key_name']]['private_key']
def _get_server_ip(self, server):
addresses = server['addresses'][self.network['name']]
for address in addresses:
if address['version'] == CONF.validation.ip_version_for_ssh:
return address['addr']
def create_security_group_rule(self, security_group_id,
cmgr=None, tenant_id=None,
protocol=None):
cmgr = cmgr or self.cmgr_adm
sgr_client = cmgr.security_group_rules_client
sgr_dict = dict(security_group_id=security_group_id,
direction='ingress', protocol=protocol)
if tenant_id:
sgr_dict['tenant_id'] = tenant_id
sgr = sgr_client.create_security_group_rule(**sgr_dict)
return sgr.get('security_group_rule', sgr)
def create_network_topo(self):
self.security_group = self._create_security_group()
self.network = self._create_network()
self.subnet = self._create_subnet(self.network,
cidr='10.168.1.0/24')
self.router = self._create_router(
router_name=data_utils.rand_name('router-psg'),
external_network_id=CONF.network.public_network_id)
self.routers_client.add_router_interface(
self.router['id'], subnet_id=self.subnet['id'])
self.addCleanup(self.routers_client.remove_router_interface,
self.router['id'], subnet_id=self.subnet['id'])
networks = dict(security_group=self.security_group,
network=self.network,
subnet=self.subnet, router=self.router)
return networks
def create_multi_network_topo(self):
self.security_group = self._create_security_group()
self.network = self._create_network(namestart="net-psg")
self.subnet = self._create_subnet(self.network,
cidr='10.168.1.0/24')
self.router = self._create_router(
router_name=data_utils.rand_name('router-psg'),
external_network_id=CONF.network.public_network_id)
self.routers_client.add_router_interface(
self.router['id'], subnet_id=self.subnet['id'])
self.addCleanup(self.routers_client.remove_router_interface,
self.router['id'], subnet_id=self.subnet['id'])
self.network_2 = self._create_network()
self.subnet_2 = self._create_subnet(self.network_2,
cidr='10.168.2.0/24')
self.routers_client.add_router_interface(
self.router['id'], subnet_id=self.subnet_2['id'])
self.addCleanup(self.routers_client.remove_router_interface,
self.router['id'], subnet_id=self.subnet_2['id'])
networks_topo = dict(security_group=self.security_group,
network=self.network,
subnet=self.subnet, router=self.router,
network2=self.network_2, subnet2=self.subnet_2)
return networks_topo
def _check_server_connectivity(self, floating_ip,
remote_ip, private_key,
should_connect=True):
ssh_source = self.get_remote_client(floating_ip,
private_key=private_key)
msg = "ip address %s is reachable" % remote_ip
try:
self.assertTrue(self._check_remote_connectivity
(ssh_source, remote_ip, should_connect),
msg)
except Exception:
LOG.exception("Unable to access {dest} via ssh to "
"floating-ip {src}".format(dest=remote_ip,
src=floating_ip))
raise
def _test_connectivity_between_default_psg_server(self, network_topo):
server_name_default = data_utils.rand_name('server-default-sec-group')
network = network_topo['network']
server_default = self._create_server(server_name_default, network)
tenant_id = network['tenant_id']
sg = self.create_security_provider_group(provider=True,
tenant_id=tenant_id)
sg_id = sg.get('id')
server_name_psg = data_utils.rand_name('server-psg-sec-group')
server_psg = self._create_server(server_name_psg, network)
floating_ip_default = self.create_floating_ip(server_default)
floating_ip_psg = self.create_floating_ip(server_psg)
private_ip_address_psg_vm = floating_ip_psg['fixed_ip_address']
ip_address_default_vm = floating_ip_default['floating_ip_address']
private_key_default_vm = self._get_server_key(server_default)
self._check_server_connectivity(ip_address_default_vm,
private_ip_address_psg_vm,
private_key_default_vm)
self.create_security_group_rule(sg_id, cmgr=self.cmgr_adm,
protocol='icmp')
self._check_server_connectivity(ip_address_default_vm,
private_ip_address_psg_vm,
private_key_default_vm,
should_connect=False)
def _test_ping_when_psg_enabled_disbaled_on_port(self, network_topo):
server_name_default = data_utils.rand_name('server-default-sec-group')
network = network_topo['network']
server_default = self._create_server(server_name_default, network)
tenant_id = network['tenant_id']
sg = self.create_security_provider_group(provider=True,
tenant_id=tenant_id)
sg_id = sg.get('id')
server_name_psg = data_utils.rand_name('server-psg-sec-group')
server_psg = self._create_server(server_name_psg, network)
floating_ip_default = self.create_floating_ip(server_default)
floating_ip_psg = self.create_floating_ip(server_psg)
private_ip_address_psg_vm = floating_ip_psg['fixed_ip_address']
ip_address_default_vm = floating_ip_default['floating_ip_address']
private_key_default_vm = self._get_server_key(server_default)
self._check_server_connectivity(ip_address_default_vm,
private_ip_address_psg_vm,
private_key_default_vm)
self.create_security_group_rule(sg_id, cmgr=self.cmgr_adm,
protocol='icmp')
self._check_server_connectivity(ip_address_default_vm,
private_ip_address_psg_vm,
private_key_default_vm,
should_connect=False)
p_client = self.ports_client
kwargs = {"provider_security_groups": ''}
port_id = self.get_port_id(network['id'],
network_topo['subnet']['id'], server_psg)
p_client.update_port(port_id, **kwargs)
self._check_server_connectivity(ip_address_default_vm,
private_ip_address_psg_vm,
private_key_default_vm)
def _test_build_up_topology_and_check_connectivity(self, network_topo):
server_name_default_1 =\
data_utils.rand_name('server-default-sec-group-1')
server_name_default_2 =\
data_utils.rand_name('server-default-sec-group-2')
network = network_topo['network']
if 'network2' in network_topo:
network2 = network_topo['network2']
else:
network2 = network
server_default_1 = self._create_server(server_name_default_1, network)
server_default_2 = self._create_server(server_name_default_2,
network2)
tenant_id = network['tenant_id']
sg = self.create_security_provider_group(provider=True,
tenant_id=tenant_id)
sg_id = sg.get('id')
server_name_psg_1 = data_utils.rand_name('server-psg-sec-group1')
server_psg_1 = self._create_server(server_name_psg_1, network)
server_name_psg_2 = data_utils.rand_name('server-psg-sec-group2')
server_psg_2 = self._create_server(server_name_psg_2, network2)
floating_ip_default_1 = self.create_floating_ip(server_default_1)
floating_ip_psg_1 = self.create_floating_ip(server_psg_1)
ip_address_default_vm_1 = floating_ip_default_1['floating_ip_address']
private_ip_address_psg_vm_1 = floating_ip_psg_1['fixed_ip_address']
private_key_default_vm_1 = self._get_server_key(server_default_1)
floating_ip_default_2 = self.create_floating_ip(server_default_2)
floating_ip_psg_2 = self.create_floating_ip(server_psg_2)
private_ip_address_psg_vm_2 =\
floating_ip_psg_2['fixed_ip_address']
private_ip_address_default_vm_2 =\
floating_ip_default_2['fixed_ip_address']
self._check_server_connectivity(ip_address_default_vm_1,
private_ip_address_psg_vm_1,
private_key_default_vm_1)
self._check_server_connectivity(ip_address_default_vm_1,
private_ip_address_psg_vm_2,
private_key_default_vm_1)
self._check_server_connectivity(ip_address_default_vm_1,
private_ip_address_default_vm_2,
private_key_default_vm_1)
self.create_security_group_rule(sg_id, cmgr=self.cmgr_adm,
protocol='icmp')
self._check_server_connectivity(ip_address_default_vm_1,
private_ip_address_psg_vm_1,
private_key_default_vm_1,
should_connect=False)
self._check_server_connectivity(ip_address_default_vm_1,
private_ip_address_psg_vm_2,
private_key_default_vm_1,
should_connect=False)
self._check_server_connectivity(ip_address_default_vm_1,
private_ip_address_default_vm_2,
private_key_default_vm_1)
@test.attr(type='nsxv3')
@test.idempotent_id('9d4192e9-b1b7-48c9-af04-67a82637c715')
def test_connectivity_between_default_psg_server(self):
self.network_topo = self.create_network_topo()
self._test_connectivity_between_default_psg_server(self.network_topo)
@test.attr(type='nsxv3')
@test.idempotent_id('4a8eac6a-68ff-4392-bab9-70ea08132acb')
def test_connectivity_between_default_psg_servers(self):
self.network_topo = self.create_network_topo()
self._test_build_up_topology_and_check_connectivity(self.network_topo)
@test.attr(type='nsxv3')
@test.idempotent_id('8bae2101-4f74-4d61-a7a5-42420611cf86')
def test_connectivity_between_default_psg_server_with_multi_networks(self):
self.network_topo = self.create_multi_network_topo()
self._test_build_up_topology_and_check_connectivity(self.network_topo)
@test.attr(type='nsxv3')
@test.idempotent_id('998789ce-8db7-4295-bce0-390fbbf0e489')
def test_ping_when_psg_enabled_disbaled_on_port(self):
self.network_topo = self.create_multi_network_topo()
self._test_ping_when_psg_enabled_disbaled_on_port(self.network_topo)