From 72974ff6a5c0d842b0f17d77fddabe9a35d538a9 Mon Sep 17 00:00:00 2001 From: zhongjun Date: Wed, 4 May 2016 11:47:03 +0800 Subject: [PATCH] Enable IPv6 in manila(allow access) Please read spec for design detail [1]. Add support to validate IPv6 based addresses in allow access API when access type is IP. [1] f7202a6cfe32a057f752a4e393f848f8a0211c36 APIImpact DocImpact Change-Id: Ica242007e77a7e21b2151e5fc32401b501d961b2 Partial-Implements: blueprint support-ipv6-access --- manila_tempest_tests/config.py | 2 +- manila_tempest_tests/tests/api/test_rules.py | 29 +++++--- .../tests/api/test_rules_negative.py | 71 +++++-------------- .../tests/api/test_snapshot_rules_negative.py | 8 +-- manila_tempest_tests/utils.py | 26 +++++-- 5 files changed, 62 insertions(+), 74 deletions(-) diff --git a/manila_tempest_tests/config.py b/manila_tempest_tests/config.py index e13d334c..a2332be9 100644 --- a/manila_tempest_tests/config.py +++ b/manila_tempest_tests/config.py @@ -30,7 +30,7 @@ ShareGroup = [ help="The minimum api microversion is configured to be the " "value of the minimum microversion supported by Manila."), cfg.StrOpt("max_api_microversion", - default="2.37", + default="2.38", help="The maximum api microversion is configured to be the " "value of the latest microversion supported by Manila."), cfg.StrOpt("region", diff --git a/manila_tempest_tests/tests/api/test_rules.py b/manila_tempest_tests/tests/api/test_rules.py index 0f16c512..229263ed 100644 --- a/manila_tempest_tests/tests/api/test_rules.py +++ b/manila_tempest_tests/tests/api/test_rules.py @@ -13,9 +13,9 @@ # License for the specific language governing permissions and limitations # under the License. -import itertools import ddt +import itertools from tempest import config from tempest.lib import exceptions as lib_exc import testtools @@ -92,11 +92,15 @@ class ShareIpRulesForNFSTest(base.BaseSharesTest): cls.access_to = "2.2.2.2" @tc.attr(base.TAG_POSITIVE, base.TAG_BACKEND) - @ddt.data(*set(['1.0', '2.9', '2.27', '2.28', LATEST_MICROVERSION])) - def test_create_delete_access_rules_with_one_ip(self, version): - - # test data - access_to = "1.1.1.1" + @ddt.data(*itertools.chain( + itertools.product({'1.0', '2.9', '2.37', LATEST_MICROVERSION}, + {utils.rand_ip()}), + itertools.product({'2.37', LATEST_MICROVERSION}, + {utils.rand_ipv6_ip()}) + )) + @ddt.unpack + def test_create_delete_access_rules_with_one_ip(self, version, + access_to): # create rule if utils.is_microversion_eq(version, '1.0'): @@ -140,11 +144,14 @@ class ShareIpRulesForNFSTest(base.BaseSharesTest): rule_id=rule["id"], share_id=self.share['id'], version=version) @tc.attr(base.TAG_POSITIVE, base.TAG_BACKEND) - @ddt.data(*set(['1.0', '2.9', '2.27', '2.28', LATEST_MICROVERSION])) - def test_create_delete_access_rule_with_cidr(self, version): - - # test data - access_to = "1.2.3.4/32" + @ddt.data(*itertools.chain( + itertools.product({'1.0', '2.9', '2.37', LATEST_MICROVERSION}, + {utils.rand_ip(network=True)}), + itertools.product({'2.37', LATEST_MICROVERSION}, + {utils.rand_ipv6_ip(network=True)}) + )) + @ddt.unpack + def test_create_delete_access_rule_with_cidr(self, version, access_to): # create rule if utils.is_microversion_eq(version, '1.0'): diff --git a/manila_tempest_tests/tests/api/test_rules_negative.py b/manila_tempest_tests/tests/api/test_rules_negative.py index 2bc09eea..22f232fb 100644 --- a/manila_tempest_tests/tests/api/test_rules_negative.py +++ b/manila_tempest_tests/tests/api/test_rules_negative.py @@ -46,60 +46,23 @@ class ShareIpRulesForNFSNegativeTest(base.BaseSharesMixedTest): cls.snap = cls.create_snapshot_wait_for_active(cls.share["id"]) @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND) - @ddt.data('shares_client', 'shares_v2_client') - def test_create_access_rule_ip_with_wrong_target_1(self, client_name): - self.assertRaises(lib_exc.BadRequest, - getattr(self, client_name).create_access_rule, - self.share["id"], "ip", "1.2.3.256") - - @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND) - @ddt.data('shares_client', 'shares_v2_client') - def test_create_access_rule_ip_with_wrong_target_2(self, client_name): - self.assertRaises(lib_exc.BadRequest, - getattr(self, client_name).create_access_rule, - self.share["id"], "ip", "1.1.1.-") - - @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND) - @ddt.data('shares_client', 'shares_v2_client') - def test_create_access_rule_ip_with_wrong_target_3(self, client_name): - self.assertRaises(lib_exc.BadRequest, - getattr(self, client_name).create_access_rule, - self.share["id"], "ip", "1.2.3.4/33") - - @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND) - @ddt.data('shares_client', 'shares_v2_client') - def test_create_access_rule_ip_with_wrong_target_4(self, client_name): - self.assertRaises(lib_exc.BadRequest, - getattr(self, client_name).create_access_rule, - self.share["id"], "ip", "1.2.3.*") - - @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND) - @ddt.data('shares_client', 'shares_v2_client') - def test_create_access_rule_ip_with_wrong_target_5(self, client_name): - self.assertRaises(lib_exc.BadRequest, - getattr(self, client_name).create_access_rule, - self.share["id"], "ip", "1.2.3.*/23") - - @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND) - @ddt.data('shares_client', 'shares_v2_client') - def test_create_access_rule_ip_with_wrong_target_6(self, client_name): - self.assertRaises(lib_exc.BadRequest, - getattr(self, client_name).create_access_rule, - self.share["id"], "ip", "1.2.3.1|23") - - @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND) - @ddt.data('shares_client', 'shares_v2_client') - def test_create_access_rule_ip_with_wrong_target_7(self, client_name): - self.assertRaises(lib_exc.BadRequest, - getattr(self, client_name).create_access_rule, - self.share["id"], "ip", "1.2.3.1/-1") - - @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND) - @ddt.data('shares_client', 'shares_v2_client') - def test_create_access_rule_ip_with_wrong_target_8(self, client_name): - self.assertRaises(lib_exc.BadRequest, - getattr(self, client_name).create_access_rule, - self.share["id"], "ip", "1.2.3.1/") + @ddt.data('1.2.3.256', + '1.1.1.-', + '1.2.3.4/33', + '1.2.3.*', + '1.2.3.*/23', + '1.2.3.1|23', + '1.2.3.1/-1', + '1.2.3.1/', + 'ad80::abaa:0:c2:2/-3', + 'AD80:ABAA::|26', + '2001:DB8:2de:0:0:0:0:e13:200a', + ) + def test_create_access_rule_ip_with_wrong_target(self, ip_address): + for client_name in ['shares_client', 'shares_v2_client']: + self.assertRaises(lib_exc.BadRequest, + getattr(self, client_name).create_access_rule, + self.share["id"], "ip", ip_address) @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND) @ddt.data('shares_client', 'shares_v2_client') diff --git a/manila_tempest_tests/tests/api/test_snapshot_rules_negative.py b/manila_tempest_tests/tests/api/test_snapshot_rules_negative.py index 9f48b735..b1818e52 100644 --- a/manila_tempest_tests/tests/api/test_snapshot_rules_negative.py +++ b/manila_tempest_tests/tests/api/test_snapshot_rules_negative.py @@ -48,10 +48,10 @@ class SnapshotIpRulesForNFSNegativeTest( @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND) @ddt.data("1.2.3.256", "1.1.1.-", "1.2.3.4/33", "1.2.3.*", "1.2.3.*/23", - "1.2.3.1|23", "1.2.3.1/", "1.2.3.1/-1", "fe00::1", - "fe80::217:f2ff:fe07:ed62", "2001:db8::/48", "::1/128", - "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", - "2001:0db8:0000:85a3:0000:0000:ac1f:8001") + "1.2.3.1|23", "1.2.3.1/", "1.2.3.1/-1", + "fe80:217:f2ff:fe07:ed62", "2001:db8::1/148", + "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", + "2001:0db8:0000:85a3:0000:0000:ac1f:8001/64") def test_create_access_rule_ip_with_wrong_target(self, target): self.assertRaises(lib_exc.BadRequest, self.shares_v2_client.create_snapshot_access_rule, diff --git a/manila_tempest_tests/utils.py b/manila_tempest_tests/utils.py index 5c934438..80eebea8 100644 --- a/manila_tempest_tests/utils.py +++ b/manila_tempest_tests/utils.py @@ -13,6 +13,7 @@ # License for the specific language governing permissions and limitations # under the License. +from netaddr import ip import random import re @@ -90,16 +91,33 @@ def skip_if_microversion_lt(microversion): return lambda f: f -def rand_ip(): +def rand_ip(network=False): """This uses the TEST-NET-3 range of reserved IP addresses. Using this range, which are reserved solely for use in documentation and example source code, should avoid any potential conflicts in real-world testing. """ - TEST_NET_3 = '203.0.113.' - final_octet = six.text_type(random.randint(0, 255)) - return TEST_NET_3 + final_octet + test_net_3 = '203.0.113.' + address = test_net_3 + six.text_type(random.randint(0, 255)) + if network: + mask_length = six.text_type(random.randint(24, 32)) + address = '/'.join((address, mask_length)) + ip_network = ip.IPNetwork(address) + return '/'.join((six.text_type(ip_network.network), mask_length)) + return address + + +def rand_ipv6_ip(network=False): + """This uses the IPv6 documentation range of 2001:DB8::/32""" + ran_add = ["%x" % random.randrange(0, 16**4) for i in range(6)] + address = "2001:0DB8:" + ":".join(ran_add) + if network: + mask_length = six.text_type(random.randint(32, 128)) + address = '/'.join((address, mask_length)) + ip_network = ip.IPNetwork(address) + return '/'.join((six.text_type(ip_network.network), mask_length)) + return address def choose_matching_backend(share, pools, share_type):