openstack
/
murano-tempest-plugin
Code Issues Proposed changes

Allow users to assign a security group to an app 

This patch allows users to supply a list* of their own security groups to
an instance, rather than using the application defined one (built via
the SecurityGroupManager).

* Note, while we can support multiple security groups, murano-dashboard
currently has no UI element to select multiple items. This means that
currently users are restricted to selecting one group. If/when the
UI is improved this change can easily support multiple groups.

Example
=======

Application authors can make this available in their apps as follows:

UI.yaml
-------
Forms:
  - instanceConfiguration:
      fields:
          ...
        - name: securityGroups
          type: securitygroup
          label: Security Group
          required: false

Class.yaml:
----------
  Application:
    ?:
       type: com.paul.HelloWorld
    instance:
      ?:
        type: io.murano.resources.LinuxMuranoInstance
      name: $.instanceConfiguration.hostname
      securityGroups: $.instanceConfiguration.securityGroups
      ...

DocImpact
Change-Id: I60d37cfe034c467e894ee93cf3718e463bf49337
Partially-Implements: blueprint app-use-existing-security-group
This commit is contained in:
Paul Bourke 2017-04-11 17:26:42 +01:00
parent 80b4569ae0
commit 92126e6b11
2 changed files with 109 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
murano_tempest_tests/tests/scenario/application_catalog/base.py
View File

@ -212,6 +212,32 @@ class BaseApplicationCatalogScenarioTest(base.BaseTestCase):
}
return post_body
def vm_test(self, **kwargs):
instance = {
"flavor": "m1.small",
"image": self.cirros_image,
"assignFloatingIp": True,
"availabilityZone": "nova",
"?": {
"type": "io.murano.resources.LinuxMuranoInstance",
"id": utils.generate_uuid()
},
"name": utils.generate_name("testMurano")
}
if kwargs.get('securityGroups'):
instance['securityGroups'] = kwargs.get('securityGroups')
return {
"instance": instance,
"name": utils.generate_name("VM"),
"?": {
"_{id}".format(id=utils.generate_uuid()): {
"name": "VM"
},
"type": "io.murano.apps.test.VM",
"id": utils.generate_uuid()
}
}
def update_executor(self, flavor='m1.small'):
post_body = {
"instance": {
@ -365,7 +391,7 @@ class BaseApplicationCatalogScenarioTest(base.BaseTestCase):
instance_id = self.get_instance_id(name)
attached_volumes = self.servers_client.\
list_volume_attachments(instance_id)['volumeAttachments']
assert attached_volumes[0]['id'] == volume_id
self.assertEqual(attached_volumes[0]['id'], volume_id)
class BaseApplicationCatalogScenarioIsolatedAdminTest(

82
murano_tempest_tests/tests/scenario/application_catalog/test_security_groups.py Normal file
View File

@ -0,0 +1,82 @@
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import os
import testtools
from tempest import config
from murano_tempest_tests.tests.scenario.application_catalog import base
from murano_tempest_tests import utils
CONF = config.CONF
class TestSecurityGroups(base.BaseApplicationCatalogScenarioTest):
@classmethod
def resource_setup(cls):
super(TestSecurityGroups, cls).resource_setup()
cls.linux = CONF.application_catalog.linux_image
application_name = utils.generate_name('VM')
cls.abs_archive_path, dir_with_archive, archive_name = \
utils.prepare_package(
application_name,
app='io.murano.apps.test.VM',
manifest_required=False)
if CONF.application_catalog.glare_backend:
cls.client = cls.artifacts_client
else:
cls.client = cls.application_catalog_client
cls.package = cls.client.upload_package(
application_name, archive_name, dir_with_archive,
{"categories": ["Web"], "tags": ["test"]})
@classmethod
def resource_cleanup(cls):
cls.client.delete_package(cls.package['id'])
os.remove(cls.abs_archive_path)
super(TestSecurityGroups, cls).resource_cleanup()
@testtools.testcase.attr('smoke')
@testtools.testcase.attr('scenario')
def test_deploy_app_with_murano_defined_security_group(self):
name = utils.generate_name('testMurano')
environment = self.application_catalog_client.create_environment(name)
session = self.application_catalog_client.create_session(
environment['id'])
self.application_catalog_client.create_service(
environment['id'], session['id'], self.vm_test())
self.deploy_environment(environment, session)
instance_id = self.get_instance_id('testMurano')
security_groups = self.servers_client.list_security_groups_by_server(
instance_id).get('security_groups')
self.assertEqual(len(security_groups), 1)
self.assertEqual(len(security_groups[0].get('rules')), 4)
@testtools.testcase.attr('smoke')
@testtools.testcase.attr('scenario')
def test_deploy_app_with_user_defined_security_group(self):
name = utils.generate_name('testMurano')
environment = self.application_catalog_client.create_environment(name)
session = self.application_catalog_client.create_session(
environment['id'])
self.application_catalog_client.create_service(
environment['id'], session['id'],
self.vm_test(securityGroups=['default']))
self.deploy_environment(environment, session)
instance_id = self.get_instance_id('testMurano')
security_groups = self.servers_client.list_security_groups_by_server(
instance_id).get('security_groups')
self.assertEqual(len(security_groups), 1)
self.assertEqual('default', security_groups[0].get('name'))