Create api+scenario tests for l7rules
This patch implements l7rule tests for the Octavia Tempest Plugin. Change-Id: Iba7fa5979eab05bf368fd8554e92563b22c7ca79 Story: 2001387 Task: 5972
This commit is contained in:
parent
446f8be193
commit
e029af23ad
|
@ -19,6 +19,8 @@ from octavia_tempest_plugin.services.load_balancer.v2 import (
|
||||||
healthmonitor_client)
|
healthmonitor_client)
|
||||||
from octavia_tempest_plugin.services.load_balancer.v2 import (
|
from octavia_tempest_plugin.services.load_balancer.v2 import (
|
||||||
l7policy_client)
|
l7policy_client)
|
||||||
|
from octavia_tempest_plugin.services.load_balancer.v2 import (
|
||||||
|
l7rule_client)
|
||||||
from octavia_tempest_plugin.services.load_balancer.v2 import (
|
from octavia_tempest_plugin.services.load_balancer.v2 import (
|
||||||
listener_client)
|
listener_client)
|
||||||
from octavia_tempest_plugin.services.load_balancer.v2 import (
|
from octavia_tempest_plugin.services.load_balancer.v2 import (
|
||||||
|
@ -49,3 +51,5 @@ class ManagerV2(clients.Manager):
|
||||||
self.auth_provider, SERVICE_TYPE, CONF.identity.region)
|
self.auth_provider, SERVICE_TYPE, CONF.identity.region)
|
||||||
self.l7policy_client = l7policy_client.L7PolicyClient(
|
self.l7policy_client = l7policy_client.L7PolicyClient(
|
||||||
self.auth_provider, SERVICE_TYPE, CONF.identity.region)
|
self.auth_provider, SERVICE_TYPE, CONF.identity.region)
|
||||||
|
self.l7rule_client = l7rule_client.L7RuleClient(
|
||||||
|
self.auth_provider, SERVICE_TYPE, CONF.identity.region)
|
||||||
|
|
|
@ -125,6 +125,25 @@ REDIRECT_TO_POOL = 'REDIRECT_TO_POOL'
|
||||||
REDIRECT_TO_URL = 'REDIRECT_TO_URL'
|
REDIRECT_TO_URL = 'REDIRECT_TO_URL'
|
||||||
REJECT = 'REJECT'
|
REJECT = 'REJECT'
|
||||||
|
|
||||||
|
# L7Rule options
|
||||||
|
L7POLICY_ID = 'l7policy_id'
|
||||||
|
VALUE = 'value'
|
||||||
|
COMPARE_TYPE = 'compare_type'
|
||||||
|
KEY = 'key'
|
||||||
|
INVERT = 'invert'
|
||||||
|
# Compare types
|
||||||
|
EQUAL_TO = 'EQUAL_TO'
|
||||||
|
STARTS_WITH = 'STARTS_WITH'
|
||||||
|
ENDS_WITH = 'ENDS_WITH'
|
||||||
|
CONTAINS = 'CONTAINS'
|
||||||
|
REGEX = 'REGEX'
|
||||||
|
# Types
|
||||||
|
COOKIE = 'COOKIE'
|
||||||
|
FILE_TYPE = 'FILE_TYPE'
|
||||||
|
HEADER = 'HEADER'
|
||||||
|
HOST_NAME = 'HOST_NAME'
|
||||||
|
PATH = 'PATH'
|
||||||
|
|
||||||
# RBAC options
|
# RBAC options
|
||||||
ADVANCED = 'advanced'
|
ADVANCED = 'advanced'
|
||||||
OWNERADMIN = 'owner_or_admin'
|
OWNERADMIN = 'owner_or_admin'
|
||||||
|
@ -168,3 +187,8 @@ SHOW_L7POLICY_RESPONSE_FIELDS = (
|
||||||
ADMIN_STATE_UP, LISTENER_ID, POSITION, ACTION, REDIRECT_URL,
|
ADMIN_STATE_UP, LISTENER_ID, POSITION, ACTION, REDIRECT_URL,
|
||||||
REDIRECT_POOL_ID, CREATED_AT, UPDATED_AT
|
REDIRECT_POOL_ID, CREATED_AT, UPDATED_AT
|
||||||
)
|
)
|
||||||
|
|
||||||
|
SHOW_L7RULE_RESPONSE_FIELDS = (
|
||||||
|
ID, ADMIN_STATE_UP, CREATED_AT, UPDATED_AT, TYPE, VALUE, COMPARE_TYPE,
|
||||||
|
KEY, INVERT
|
||||||
|
)
|
||||||
|
|
|
@ -0,0 +1,273 @@
|
||||||
|
# Copyright 2018 GoDaddy
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
from tempest import config
|
||||||
|
|
||||||
|
from octavia_tempest_plugin.services.load_balancer.v2 import base_client
|
||||||
|
from octavia_tempest_plugin.services.load_balancer.v2 import l7policy_client
|
||||||
|
|
||||||
|
CONF = config.CONF
|
||||||
|
Unset = base_client.Unset
|
||||||
|
|
||||||
|
|
||||||
|
class L7RuleClient(base_client.BaseLBaaSClient):
|
||||||
|
|
||||||
|
root_tag = 'rule'
|
||||||
|
list_root_tag = 'rules'
|
||||||
|
resource_name = 'l7rule'
|
||||||
|
|
||||||
|
def __init__(self, *args, **kwargs):
|
||||||
|
super(L7RuleClient, self).__init__(*args, **kwargs)
|
||||||
|
l7policy_list_root_tag = l7policy_client.L7PolicyClient.list_root_tag
|
||||||
|
# /v2.0/lbaas/l7policies/<L7POLICY_UUID>/rules
|
||||||
|
self.uri = "{l7policy_base_uri}/{parent}/{object}".format(
|
||||||
|
l7policy_base_uri=self.base_uri.format(
|
||||||
|
object=l7policy_list_root_tag),
|
||||||
|
parent="{parent}",
|
||||||
|
object=self.list_root_tag
|
||||||
|
)
|
||||||
|
|
||||||
|
def create_l7rule(self, l7policy_id, type, value, compare_type,
|
||||||
|
admin_state_up=Unset, key=Unset, invert=Unset,
|
||||||
|
return_object_only=True):
|
||||||
|
"""Create a l7rule.
|
||||||
|
|
||||||
|
:param l7policy_id: The ID of the l7policy for the l7rule.
|
||||||
|
:param type: The L7 rule type.
|
||||||
|
:param value: The value to use for the comparison.
|
||||||
|
:param compare_type: The comparison type for the L7 rule.
|
||||||
|
:param admin_state_up: The administrative state of the resource, which
|
||||||
|
is up (true) or down (false).
|
||||||
|
:param key: The key to use for the comparison.
|
||||||
|
:param invert: When true the logic of the rule is inverted.
|
||||||
|
:param return_object_only: If True, the response returns the object
|
||||||
|
inside the root tag. False returns the full
|
||||||
|
response from the API.
|
||||||
|
:raises AssertionError: if the expected_code isn't a valid http success
|
||||||
|
response code
|
||||||
|
:raises BadRequest: If a 400 response code is received
|
||||||
|
:raises Conflict: If a 409 response code is received
|
||||||
|
:raises Forbidden: If a 403 response code is received
|
||||||
|
:raises Gone: If a 410 response code is received
|
||||||
|
:raises InvalidContentType: If a 415 response code is received
|
||||||
|
:raises InvalidHTTPResponseBody: The response body wasn't valid JSON
|
||||||
|
:raises InvalidHttpSuccessCode: if the read code isn't an expected
|
||||||
|
http success code
|
||||||
|
:raises NotFound: If a 404 response code is received
|
||||||
|
:raises NotImplemented: If a 501 response code is received
|
||||||
|
:raises OverLimit: If a 413 response code is received and over_limit is
|
||||||
|
not in the response body
|
||||||
|
:raises RateLimitExceeded: If a 413 response code is received and
|
||||||
|
over_limit is in the response body
|
||||||
|
:raises ServerFault: If a 500 response code is received
|
||||||
|
:raises Unauthorized: If a 401 response code is received
|
||||||
|
:raises UnexpectedContentType: If the content-type of the response
|
||||||
|
isn't an expect type
|
||||||
|
:raises UnexpectedResponseCode: If a response code above 400 is
|
||||||
|
received and it doesn't fall into any
|
||||||
|
of the handled checks
|
||||||
|
:raises UnprocessableEntity: If a 422 response code is received and
|
||||||
|
couldn't be parsed
|
||||||
|
:returns: A l7rule object.
|
||||||
|
"""
|
||||||
|
kwargs = {arg: value for arg, value in locals().items()
|
||||||
|
if arg != 'self' and value is not Unset}
|
||||||
|
kwargs['parent_id'] = kwargs.pop('l7policy_id')
|
||||||
|
return self._create_object(**kwargs)
|
||||||
|
|
||||||
|
def show_l7rule(self, l7rule_id, l7policy_id, query_params=None,
|
||||||
|
return_object_only=True):
|
||||||
|
"""Get l7rule details.
|
||||||
|
|
||||||
|
:param l7rule_id: The l7rule ID to query.
|
||||||
|
:param l7policy_id: The ID of the l7policy for the l7rule.
|
||||||
|
:param query_params: The optional query parameters to append to the
|
||||||
|
request. Ex. fields=id&fields=name
|
||||||
|
:param return_object_only: If True, the response returns the object
|
||||||
|
inside the root tag. False returns the full
|
||||||
|
response from the API.
|
||||||
|
:raises AssertionError: if the expected_code isn't a valid http success
|
||||||
|
response code
|
||||||
|
:raises BadRequest: If a 400 response code is received
|
||||||
|
:raises Conflict: If a 409 response code is received
|
||||||
|
:raises Forbidden: If a 403 response code is received
|
||||||
|
:raises Gone: If a 410 response code is received
|
||||||
|
:raises InvalidContentType: If a 415 response code is received
|
||||||
|
:raises InvalidHTTPResponseBody: The response body wasn't valid JSON
|
||||||
|
:raises InvalidHttpSuccessCode: if the read code isn't an expected
|
||||||
|
http success code
|
||||||
|
:raises NotFound: If a 404 response code is received
|
||||||
|
:raises NotImplemented: If a 501 response code is received
|
||||||
|
:raises OverLimit: If a 413 response code is received and over_limit is
|
||||||
|
not in the response body
|
||||||
|
:raises RateLimitExceeded: If a 413 response code is received and
|
||||||
|
over_limit is in the response body
|
||||||
|
:raises ServerFault: If a 500 response code is received
|
||||||
|
:raises Unauthorized: If a 401 response code is received
|
||||||
|
:raises UnexpectedContentType: If the content-type of the response
|
||||||
|
isn't an expect type
|
||||||
|
:raises UnexpectedResponseCode: If a response code above 400 is
|
||||||
|
received and it doesn't fall into any
|
||||||
|
of the handled checks
|
||||||
|
:raises UnprocessableEntity: If a 422 response code is received and
|
||||||
|
couldn't be parsed
|
||||||
|
:returns: A l7rule object.
|
||||||
|
"""
|
||||||
|
return self._show_object(obj_id=l7rule_id,
|
||||||
|
parent_id=l7policy_id,
|
||||||
|
query_params=query_params,
|
||||||
|
return_object_only=return_object_only)
|
||||||
|
|
||||||
|
def list_l7rules(self, l7policy_id, query_params=None,
|
||||||
|
return_object_only=True):
|
||||||
|
"""Get a list of l7rule objects.
|
||||||
|
|
||||||
|
:param l7policy_id: The ID of the l7policy for the l7rule.
|
||||||
|
:param query_params: The optional query parameters to append to the
|
||||||
|
request. Ex. fields=id&fields=name
|
||||||
|
:param return_object_only: If True, the response returns the object
|
||||||
|
inside the root tag. False returns the full
|
||||||
|
response from the API.
|
||||||
|
:raises AssertionError: if the expected_code isn't a valid http success
|
||||||
|
response code
|
||||||
|
:raises BadRequest: If a 400 response code is received
|
||||||
|
:raises Conflict: If a 409 response code is received
|
||||||
|
:raises Forbidden: If a 403 response code is received
|
||||||
|
:raises Gone: If a 410 response code is received
|
||||||
|
:raises InvalidContentType: If a 415 response code is received
|
||||||
|
:raises InvalidHTTPResponseBody: The response body wasn't valid JSON
|
||||||
|
:raises InvalidHttpSuccessCode: if the read code isn't an expected
|
||||||
|
http success code
|
||||||
|
:raises NotFound: If a 404 response code is received
|
||||||
|
:raises NotImplemented: If a 501 response code is received
|
||||||
|
:raises OverLimit: If a 413 response code is received and over_limit is
|
||||||
|
not in the response body
|
||||||
|
:raises RateLimitExceeded: If a 413 response code is received and
|
||||||
|
over_limit is in the response body
|
||||||
|
:raises ServerFault: If a 500 response code is received
|
||||||
|
:raises Unauthorized: If a 401 response code is received
|
||||||
|
:raises UnexpectedContentType: If the content-type of the response
|
||||||
|
isn't an expect type
|
||||||
|
:raises UnexpectedResponseCode: If a response code above 400 is
|
||||||
|
received and it doesn't fall into any
|
||||||
|
of the handled checks
|
||||||
|
:raises UnprocessableEntity: If a 422 response code is received and
|
||||||
|
couldn't be parsed
|
||||||
|
:returns: A list of l7rule objects.
|
||||||
|
"""
|
||||||
|
return self._list_objects(parent_id=l7policy_id,
|
||||||
|
query_params=query_params,
|
||||||
|
return_object_only=return_object_only)
|
||||||
|
|
||||||
|
def update_l7rule(self, l7rule_id, l7policy_id, type=Unset, value=Unset,
|
||||||
|
compare_type=Unset, admin_state_up=Unset, key=Unset,
|
||||||
|
invert=Unset, return_object_only=True):
|
||||||
|
"""Update a l7rule.
|
||||||
|
|
||||||
|
:param l7rule_id: The l7rule ID to update.
|
||||||
|
:param l7policy_id: The ID of the l7policy for the l7rule.
|
||||||
|
:param type: The L7 rule type.
|
||||||
|
:param value: The value to use for the comparison.
|
||||||
|
:param compare_type: The comparison type for the L7 rule.
|
||||||
|
:param admin_state_up: The administrative state of the resource, which
|
||||||
|
is up (true) or down (false).
|
||||||
|
:param key: The key to use for the comparison.
|
||||||
|
:param invert: When true the logic of the rule is inverted.
|
||||||
|
:param return_object_only: If True, the response returns the object
|
||||||
|
inside the root tag. False returns the full
|
||||||
|
response from the API.
|
||||||
|
:raises AssertionError: if the expected_code isn't a valid http success
|
||||||
|
response code
|
||||||
|
:raises BadRequest: If a 400 response code is received
|
||||||
|
:raises Conflict: If a 409 response code is received
|
||||||
|
:raises Forbidden: If a 403 response code is received
|
||||||
|
:raises Gone: If a 410 response code is received
|
||||||
|
:raises InvalidContentType: If a 415 response code is received
|
||||||
|
:raises InvalidHTTPResponseBody: The response body wasn't valid JSON
|
||||||
|
:raises InvalidHttpSuccessCode: if the read code isn't an expected
|
||||||
|
http success code
|
||||||
|
:raises NotFound: If a 404 response code is received
|
||||||
|
:raises NotImplemented: If a 501 response code is received
|
||||||
|
:raises OverLimit: If a 413 response code is received and over_limit is
|
||||||
|
not in the response body
|
||||||
|
:raises RateLimitExceeded: If a 413 response code is received and
|
||||||
|
over_limit is in the response body
|
||||||
|
:raises ServerFault: If a 500 response code is received
|
||||||
|
:raises Unauthorized: If a 401 response code is received
|
||||||
|
:raises UnexpectedContentType: If the content-type of the response
|
||||||
|
isn't an expect type
|
||||||
|
:raises UnexpectedResponseCode: If a response code above 400 is
|
||||||
|
received and it doesn't fall into any
|
||||||
|
of the handled checks
|
||||||
|
:raises UnprocessableEntity: If a 422 response code is received and
|
||||||
|
couldn't be parsed
|
||||||
|
:returns: A l7rule object.
|
||||||
|
"""
|
||||||
|
kwargs = {arg: value for arg, value in locals().items()
|
||||||
|
if arg != 'self' and value is not Unset}
|
||||||
|
kwargs['obj_id'] = kwargs.pop('l7rule_id')
|
||||||
|
kwargs['parent_id'] = kwargs.pop('l7policy_id')
|
||||||
|
return self._update_object(**kwargs)
|
||||||
|
|
||||||
|
def delete_l7rule(self, l7rule_id, l7policy_id, ignore_errors=False):
|
||||||
|
"""Delete a l7rule.
|
||||||
|
|
||||||
|
:param l7rule_id: The l7rule ID to delete.
|
||||||
|
:param l7policy_id: The ID of the l7policy for the l7rule.
|
||||||
|
:param ignore_errors: True if errors should be ignored.
|
||||||
|
:raises AssertionError: if the expected_code isn't a valid http success
|
||||||
|
response code
|
||||||
|
:raises BadRequest: If a 400 response code is received
|
||||||
|
:raises Conflict: If a 409 response code is received
|
||||||
|
:raises Forbidden: If a 403 response code is received
|
||||||
|
:raises Gone: If a 410 response code is received
|
||||||
|
:raises InvalidContentType: If a 415 response code is received
|
||||||
|
:raises InvalidHTTPResponseBody: The response body wasn't valid JSON
|
||||||
|
:raises InvalidHttpSuccessCode: if the read code isn't an expected
|
||||||
|
http success code
|
||||||
|
:raises NotFound: If a 404 response code is received
|
||||||
|
:raises NotImplemented: If a 501 response code is received
|
||||||
|
:raises OverLimit: If a 413 response code is received and over_limit is
|
||||||
|
not in the response body
|
||||||
|
:raises RateLimitExceeded: If a 413 response code is received and
|
||||||
|
over_limit is in the response body
|
||||||
|
:raises ServerFault: If a 500 response code is received
|
||||||
|
:raises Unauthorized: If a 401 response code is received
|
||||||
|
:raises UnexpectedContentType: If the content-type of the response
|
||||||
|
isn't an expect type
|
||||||
|
:raises UnexpectedResponseCode: If a response code above 400 is
|
||||||
|
received and it doesn't fall into any
|
||||||
|
of the handled checks
|
||||||
|
:raises UnprocessableEntity: If a 422 response code is received and
|
||||||
|
couldn't be parsed
|
||||||
|
:returns: None if ignore_errors is True, the response status code
|
||||||
|
if not.
|
||||||
|
"""
|
||||||
|
return self._delete_obj(obj_id=l7rule_id,
|
||||||
|
parent_id=l7policy_id,
|
||||||
|
ignore_errors=ignore_errors)
|
||||||
|
|
||||||
|
def cleanup_l7rule(self, l7rule_id, l7policy_id, lb_client=None,
|
||||||
|
lb_id=None):
|
||||||
|
kwargs = {arg: value for arg, value in locals().items()
|
||||||
|
if arg != 'self' and value is not Unset}
|
||||||
|
kwargs['obj_id'] = kwargs.pop('l7rule_id')
|
||||||
|
kwargs['parent_id'] = kwargs.pop('l7policy_id')
|
||||||
|
return self._cleanup_obj(**kwargs)
|
||||||
|
|
||||||
|
def is_resource_deleted(self, id):
|
||||||
|
# Trying to implement this for l7rules would be impossible, because
|
||||||
|
# they are sub-objects that can't be referenced directly, and this is
|
||||||
|
# used internally in tempest where we have no control over passed args
|
||||||
|
raise NotImplementedError()
|
|
@ -0,0 +1,675 @@
|
||||||
|
# Copyright 2018 GoDaddy
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
import time
|
||||||
|
from uuid import UUID
|
||||||
|
|
||||||
|
from dateutil import parser
|
||||||
|
from tempest import config
|
||||||
|
from tempest.lib.common.utils import data_utils
|
||||||
|
from tempest.lib import decorators
|
||||||
|
from tempest.lib import exceptions
|
||||||
|
|
||||||
|
from octavia_tempest_plugin.common import constants as const
|
||||||
|
from octavia_tempest_plugin.tests import test_base
|
||||||
|
from octavia_tempest_plugin.tests import waiters
|
||||||
|
|
||||||
|
CONF = config.CONF
|
||||||
|
|
||||||
|
|
||||||
|
class L7RuleAPITest(test_base.LoadBalancerBaseTest):
|
||||||
|
"""Test the l7rule object API."""
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def resource_setup(cls):
|
||||||
|
"""Setup resources needed by the tests."""
|
||||||
|
super(L7RuleAPITest, cls).resource_setup()
|
||||||
|
|
||||||
|
lb_name = data_utils.rand_name("lb_member_lb1_l7rule")
|
||||||
|
lb_kwargs = {const.PROVIDER: CONF.load_balancer.provider,
|
||||||
|
const.NAME: lb_name}
|
||||||
|
|
||||||
|
cls._setup_lb_network_kwargs(lb_kwargs)
|
||||||
|
|
||||||
|
lb = cls.mem_lb_client.create_loadbalancer(**lb_kwargs)
|
||||||
|
cls.lb_id = lb[const.ID]
|
||||||
|
cls.addClassResourceCleanup(
|
||||||
|
cls.mem_lb_client.cleanup_loadbalancer,
|
||||||
|
cls.lb_id)
|
||||||
|
|
||||||
|
waiters.wait_for_status(cls.mem_lb_client.show_loadbalancer,
|
||||||
|
cls.lb_id, const.PROVISIONING_STATUS,
|
||||||
|
const.ACTIVE,
|
||||||
|
CONF.load_balancer.lb_build_interval,
|
||||||
|
CONF.load_balancer.lb_build_timeout)
|
||||||
|
|
||||||
|
listener_name = data_utils.rand_name("lb_member_listener1_l7rule")
|
||||||
|
listener_kwargs = {
|
||||||
|
const.NAME: listener_name,
|
||||||
|
const.PROTOCOL: const.HTTP,
|
||||||
|
const.PROTOCOL_PORT: '80',
|
||||||
|
const.LOADBALANCER_ID: cls.lb_id,
|
||||||
|
}
|
||||||
|
listener = cls.mem_listener_client.create_listener(**listener_kwargs)
|
||||||
|
cls.listener_id = listener[const.ID]
|
||||||
|
cls.addClassResourceCleanup(
|
||||||
|
cls.mem_listener_client.cleanup_listener,
|
||||||
|
cls.listener_id,
|
||||||
|
lb_client=cls.mem_lb_client, lb_id=cls.lb_id)
|
||||||
|
|
||||||
|
waiters.wait_for_status(cls.mem_lb_client.show_loadbalancer,
|
||||||
|
cls.lb_id, const.PROVISIONING_STATUS,
|
||||||
|
const.ACTIVE,
|
||||||
|
CONF.load_balancer.build_interval,
|
||||||
|
CONF.load_balancer.build_timeout)
|
||||||
|
|
||||||
|
pool_name = data_utils.rand_name("lb_member_pool1_l7rule")
|
||||||
|
pool_kwargs = {
|
||||||
|
const.NAME: pool_name,
|
||||||
|
const.PROTOCOL: const.HTTP,
|
||||||
|
const.LB_ALGORITHM: const.LB_ALGORITHM_ROUND_ROBIN,
|
||||||
|
const.LISTENER_ID: cls.listener_id,
|
||||||
|
}
|
||||||
|
|
||||||
|
pool = cls.mem_pool_client.create_pool(**pool_kwargs)
|
||||||
|
cls.pool_id = pool[const.ID]
|
||||||
|
cls.addClassResourceCleanup(
|
||||||
|
cls.mem_pool_client.cleanup_pool,
|
||||||
|
cls.pool_id,
|
||||||
|
lb_client=cls.mem_lb_client, lb_id=cls.lb_id)
|
||||||
|
|
||||||
|
waiters.wait_for_status(cls.mem_lb_client.show_loadbalancer,
|
||||||
|
cls.lb_id, const.PROVISIONING_STATUS,
|
||||||
|
const.ACTIVE,
|
||||||
|
CONF.load_balancer.build_interval,
|
||||||
|
CONF.load_balancer.build_timeout)
|
||||||
|
|
||||||
|
l7policy_name = data_utils.rand_name("lb_member_l7policy1_l7rule")
|
||||||
|
l7policy_kwargs = {
|
||||||
|
const.NAME: l7policy_name,
|
||||||
|
const.LISTENER_ID: cls.listener_id,
|
||||||
|
const.ACTION: const.REJECT,
|
||||||
|
}
|
||||||
|
l7policy = cls.mem_l7policy_client.create_l7policy(**l7policy_kwargs)
|
||||||
|
cls.l7policy_id = l7policy[const.ID]
|
||||||
|
cls.addClassResourceCleanup(
|
||||||
|
cls.mem_l7policy_client.cleanup_l7policy,
|
||||||
|
cls.l7policy_id,
|
||||||
|
lb_client=cls.mem_lb_client, lb_id=cls.lb_id)
|
||||||
|
|
||||||
|
waiters.wait_for_status(cls.mem_lb_client.show_loadbalancer,
|
||||||
|
cls.lb_id, const.PROVISIONING_STATUS,
|
||||||
|
const.ACTIVE,
|
||||||
|
CONF.load_balancer.build_interval,
|
||||||
|
CONF.load_balancer.build_timeout)
|
||||||
|
|
||||||
|
# Note: This test also covers basic l7rule show API
|
||||||
|
@decorators.idempotent_id('55ac1337-189d-40a6-b614-47d7a8e991f6')
|
||||||
|
def test_l7rule_create(self):
|
||||||
|
"""Tests l7rule create and basic show APIs.
|
||||||
|
|
||||||
|
* Tests that users without the loadbalancer member role cannot
|
||||||
|
create l7rules.
|
||||||
|
* Create a fully populated l7rule.
|
||||||
|
* Show l7rule details.
|
||||||
|
* Validate the show reflects the requested values.
|
||||||
|
"""
|
||||||
|
l7rule_kwargs = {
|
||||||
|
const.ADMIN_STATE_UP: True,
|
||||||
|
const.L7POLICY_ID: self.l7policy_id,
|
||||||
|
const.TYPE: const.HEADER,
|
||||||
|
const.VALUE: 'myvalue-create',
|
||||||
|
const.COMPARE_TYPE: const.EQUAL_TO,
|
||||||
|
const.KEY: 'mykey-create',
|
||||||
|
const.INVERT: False,
|
||||||
|
}
|
||||||
|
|
||||||
|
# Test that a user without the load balancer role cannot
|
||||||
|
# create a l7rule
|
||||||
|
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||||
|
self.assertRaises(
|
||||||
|
exceptions.Forbidden,
|
||||||
|
self.os_primary.l7rule_client.create_l7rule,
|
||||||
|
**l7rule_kwargs)
|
||||||
|
|
||||||
|
l7rule = self.mem_l7rule_client.create_l7rule(**l7rule_kwargs)
|
||||||
|
self.addClassResourceCleanup(
|
||||||
|
self.mem_l7rule_client.cleanup_l7rule,
|
||||||
|
l7rule[const.ID], l7policy_id=self.l7policy_id,
|
||||||
|
lb_client=self.mem_lb_client, lb_id=self.lb_id)
|
||||||
|
|
||||||
|
waiters.wait_for_status(
|
||||||
|
self.mem_lb_client.show_loadbalancer, self.lb_id,
|
||||||
|
const.PROVISIONING_STATUS, const.ACTIVE,
|
||||||
|
CONF.load_balancer.build_interval,
|
||||||
|
CONF.load_balancer.build_timeout)
|
||||||
|
l7rule = waiters.wait_for_status(
|
||||||
|
self.mem_l7rule_client.show_l7rule,
|
||||||
|
l7rule[const.ID], const.PROVISIONING_STATUS,
|
||||||
|
const.ACTIVE,
|
||||||
|
CONF.load_balancer.build_interval,
|
||||||
|
CONF.load_balancer.build_timeout,
|
||||||
|
l7policy_id=self.l7policy_id)
|
||||||
|
if not CONF.load_balancer.test_with_noop:
|
||||||
|
l7rule = waiters.wait_for_status(
|
||||||
|
self.mem_l7rule_client.show_l7rule,
|
||||||
|
l7rule[const.ID], const.OPERATING_STATUS,
|
||||||
|
const.ONLINE,
|
||||||
|
CONF.load_balancer.build_interval,
|
||||||
|
CONF.load_balancer.build_timeout,
|
||||||
|
l7policy_id=self.l7policy_id)
|
||||||
|
|
||||||
|
parser.parse(l7rule[const.CREATED_AT])
|
||||||
|
parser.parse(l7rule[const.UPDATED_AT])
|
||||||
|
UUID(l7rule[const.ID])
|
||||||
|
# Operating status for a l7rule will be ONLINE if it is enabled:
|
||||||
|
if l7rule[const.ADMIN_STATE_UP]:
|
||||||
|
self.assertEqual(const.ONLINE, l7rule[const.OPERATING_STATUS])
|
||||||
|
else:
|
||||||
|
self.assertEqual(const.OFFLINE, l7rule[const.OPERATING_STATUS])
|
||||||
|
|
||||||
|
equal_items = [const.ADMIN_STATE_UP, const.TYPE, const.VALUE,
|
||||||
|
const.COMPARE_TYPE, const.KEY, const.INVERT]
|
||||||
|
|
||||||
|
for item in equal_items:
|
||||||
|
self.assertEqual(l7rule_kwargs[item], l7rule[item])
|
||||||
|
|
||||||
|
@decorators.idempotent_id('69095254-f106-4fb6-9f54-7a78cc14fb51')
|
||||||
|
def test_l7rule_list(self):
|
||||||
|
"""Tests l7rule list API and field filtering.
|
||||||
|
|
||||||
|
* Create a clean l7policy.
|
||||||
|
* Create three l7rules.
|
||||||
|
* Validates that other accounts cannot list the l7rules.
|
||||||
|
* List the l7rules using the default sort order.
|
||||||
|
* List the l7rules using descending sort order.
|
||||||
|
* List the l7rules using ascending sort order.
|
||||||
|
* List the l7rules returning one field at a time.
|
||||||
|
* List the l7rules returning two fields.
|
||||||
|
* List the l7rules filtering to one of the three.
|
||||||
|
* List the l7rules filtered, one field, and sorted.
|
||||||
|
"""
|
||||||
|
l7policy_name = data_utils.rand_name("lb_member_l7policy2_l7rule-list")
|
||||||
|
l7policy = self.mem_l7policy_client.create_l7policy(
|
||||||
|
name=l7policy_name, listener_id=self.listener_id,
|
||||||
|
action=const.REJECT)
|
||||||
|
l7policy_id = l7policy[const.ID]
|
||||||
|
self.addCleanup(
|
||||||
|
self.mem_l7policy_client.cleanup_l7policy, l7policy_id,
|
||||||
|
lb_client=self.mem_lb_client, lb_id=self.lb_id)
|
||||||
|
|
||||||
|
waiters.wait_for_status(self.mem_lb_client.show_loadbalancer,
|
||||||
|
self.lb_id,
|
||||||
|
const.PROVISIONING_STATUS,
|
||||||
|
const.ACTIVE,
|
||||||
|
CONF.load_balancer.build_interval,
|
||||||
|
CONF.load_balancer.build_timeout)
|
||||||
|
|
||||||
|
l7rule1_kwargs = {
|
||||||
|
const.L7POLICY_ID: l7policy_id,
|
||||||
|
const.ADMIN_STATE_UP: True,
|
||||||
|
const.TYPE: const.HEADER,
|
||||||
|
const.VALUE: '2',
|
||||||
|
const.COMPARE_TYPE: const.EQUAL_TO,
|
||||||
|
const.KEY: 'mykey2-list',
|
||||||
|
}
|
||||||
|
l7rule1 = self.mem_l7rule_client.create_l7rule(
|
||||||
|
**l7rule1_kwargs)
|
||||||
|
self.addCleanup(
|
||||||
|
self.mem_l7rule_client.cleanup_l7rule,
|
||||||
|
l7rule1[const.ID], l7policy_id=l7policy_id,
|
||||||
|
lb_client=self.mem_lb_client, lb_id=self.lb_id)
|
||||||
|
l7rule1 = waiters.wait_for_status(
|
||||||
|
self.mem_l7rule_client.show_l7rule, l7rule1[const.ID],
|
||||||
|
const.PROVISIONING_STATUS, const.ACTIVE,
|
||||||
|
CONF.load_balancer.build_interval,
|
||||||
|
CONF.load_balancer.build_timeout,
|
||||||
|
l7policy_id=l7policy_id)
|
||||||
|
waiters.wait_for_status(self.mem_lb_client.show_loadbalancer,
|
||||||
|
self.lb_id,
|
||||||
|
const.PROVISIONING_STATUS,
|
||||||
|
const.ACTIVE,
|
||||||
|
CONF.load_balancer.check_interval,
|
||||||
|
CONF.load_balancer.check_timeout)
|
||||||
|
# Time resolution for created_at is only to the second, and we need to
|
||||||
|
# ensure that each object has a distinct creation time. Delaying one
|
||||||
|
# second is both a simple and a reliable way to accomplish this.
|
||||||
|
time.sleep(1)
|
||||||
|
|
||||||
|
l7rule2_kwargs = {
|
||||||
|
const.L7POLICY_ID: l7policy_id,
|
||||||
|
const.ADMIN_STATE_UP: True,
|
||||||
|
const.TYPE: const.HEADER,
|
||||||
|
const.VALUE: '1',
|
||||||
|
const.COMPARE_TYPE: const.EQUAL_TO,
|
||||||
|
const.KEY: 'mykey1-list',
|
||||||
|
}
|
||||||
|
l7rule2 = self.mem_l7rule_client.create_l7rule(
|
||||||
|
**l7rule2_kwargs)
|
||||||
|
self.addCleanup(
|
||||||
|
self.mem_l7rule_client.cleanup_l7rule,
|
||||||
|
l7rule2[const.ID], l7policy_id=l7policy_id,
|
||||||
|
lb_client=self.mem_lb_client, lb_id=self.lb_id)
|
||||||
|
l7rule2 = waiters.wait_for_status(
|
||||||
|
self.mem_l7rule_client.show_l7rule, l7rule2[const.ID],
|
||||||
|
const.PROVISIONING_STATUS, const.ACTIVE,
|
||||||
|
CONF.load_balancer.build_interval,
|
||||||
|
CONF.load_balancer.build_timeout,
|
||||||
|
l7policy_id=l7policy_id)
|
||||||
|
waiters.wait_for_status(self.mem_lb_client.show_loadbalancer,
|
||||||
|
self.lb_id,
|
||||||
|
const.PROVISIONING_STATUS,
|
||||||
|
const.ACTIVE,
|
||||||
|
CONF.load_balancer.check_interval,
|
||||||
|
CONF.load_balancer.check_timeout)
|
||||||
|
# Time resolution for created_at is only to the second, and we need to
|
||||||
|
# ensure that each object has a distinct creation time. Delaying one
|
||||||
|
# second is both a simple and a reliable way to accomplish this.
|
||||||
|
time.sleep(1)
|
||||||
|
|
||||||
|
l7rule3_kwargs = {
|
||||||
|
const.L7POLICY_ID: l7policy_id,
|
||||||
|
const.ADMIN_STATE_UP: False,
|
||||||
|
const.TYPE: const.HEADER,
|
||||||
|
const.VALUE: '3',
|
||||||
|
const.COMPARE_TYPE: const.EQUAL_TO,
|
||||||
|
const.KEY: 'mykey3-list',
|
||||||
|
}
|
||||||
|
l7rule3 = self.mem_l7rule_client.create_l7rule(
|
||||||
|
**l7rule3_kwargs)
|
||||||
|
self.addCleanup(
|
||||||
|
self.mem_l7rule_client.cleanup_l7rule,
|
||||||
|
l7rule3[const.ID], l7policy_id=l7policy_id,
|
||||||
|
lb_client=self.mem_lb_client, lb_id=self.lb_id)
|
||||||
|
l7rule3 = waiters.wait_for_status(
|
||||||
|
self.mem_l7rule_client.show_l7rule, l7rule3[const.ID],
|
||||||
|
const.PROVISIONING_STATUS, const.ACTIVE,
|
||||||
|
CONF.load_balancer.build_interval,
|
||||||
|
CONF.load_balancer.build_timeout,
|
||||||
|
l7policy_id=l7policy_id)
|
||||||
|
waiters.wait_for_status(self.mem_lb_client.show_loadbalancer,
|
||||||
|
self.lb_id,
|
||||||
|
const.PROVISIONING_STATUS,
|
||||||
|
const.ACTIVE,
|
||||||
|
CONF.load_balancer.check_interval,
|
||||||
|
CONF.load_balancer.check_timeout)
|
||||||
|
|
||||||
|
# Test that a different user cannot list l7rules
|
||||||
|
if not CONF.load_balancer.RBAC_test_type == const.NONE:
|
||||||
|
member2_client = self.os_roles_lb_member2.l7rule_client
|
||||||
|
self.assertRaises(
|
||||||
|
exceptions.Forbidden,
|
||||||
|
member2_client.list_l7rules,
|
||||||
|
l7policy_id)
|
||||||
|
|
||||||
|
# Test that a user without the lb l7rule role cannot list load
|
||||||
|
# balancers
|
||||||
|
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||||
|
self.assertRaises(
|
||||||
|
exceptions.Forbidden,
|
||||||
|
self.os_primary.l7rule_client.list_l7rules,
|
||||||
|
l7policy_id)
|
||||||
|
|
||||||
|
# Check the default sort order, created_at
|
||||||
|
l7rules = self.mem_l7rule_client.list_l7rules(l7policy_id)
|
||||||
|
self.assertEqual(l7rule1[const.VALUE],
|
||||||
|
l7rules[0][const.VALUE])
|
||||||
|
self.assertEqual(l7rule2[const.VALUE],
|
||||||
|
l7rules[1][const.VALUE])
|
||||||
|
self.assertEqual(l7rule3[const.VALUE],
|
||||||
|
l7rules[2][const.VALUE])
|
||||||
|
|
||||||
|
# Test sort descending by `value`
|
||||||
|
l7rules = self.mem_l7rule_client.list_l7rules(
|
||||||
|
l7policy_id, query_params='{sort}={value}:{desc}'.format(
|
||||||
|
sort=const.SORT, value=const.VALUE, desc=const.DESC))
|
||||||
|
self.assertEqual(l7rule1[const.VALUE],
|
||||||
|
l7rules[1][const.VALUE])
|
||||||
|
self.assertEqual(l7rule2[const.VALUE],
|
||||||
|
l7rules[2][const.VALUE])
|
||||||
|
self.assertEqual(l7rule3[const.VALUE],
|
||||||
|
l7rules[0][const.VALUE])
|
||||||
|
|
||||||
|
# Test sort ascending by `value`
|
||||||
|
l7rules = self.mem_l7rule_client.list_l7rules(
|
||||||
|
l7policy_id, query_params='{sort}={value}:{asc}'.format(
|
||||||
|
sort=const.SORT, value=const.VALUE, asc=const.ASC))
|
||||||
|
self.assertEqual(l7rule1[const.VALUE],
|
||||||
|
l7rules[1][const.VALUE])
|
||||||
|
self.assertEqual(l7rule2[const.VALUE],
|
||||||
|
l7rules[0][const.VALUE])
|
||||||
|
self.assertEqual(l7rule3[const.VALUE],
|
||||||
|
l7rules[2][const.VALUE])
|
||||||
|
|
||||||
|
# Test fields
|
||||||
|
for field in const.SHOW_L7RULE_RESPONSE_FIELDS:
|
||||||
|
l7rules = self.mem_l7rule_client.list_l7rules(
|
||||||
|
l7policy_id, query_params='{fields}={field}'.format(
|
||||||
|
fields=const.FIELDS, field=field))
|
||||||
|
self.assertEqual(1, len(l7rules[0]))
|
||||||
|
self.assertEqual(l7rule1[field], l7rules[0][field])
|
||||||
|
self.assertEqual(l7rule2[field], l7rules[1][field])
|
||||||
|
self.assertEqual(l7rule3[field], l7rules[2][field])
|
||||||
|
|
||||||
|
# Test multiple fields at the same time
|
||||||
|
l7rules = self.mem_l7rule_client.list_l7rules(
|
||||||
|
l7policy_id,
|
||||||
|
query_params='{fields}={admin}&{fields}={created}'.format(
|
||||||
|
fields=const.FIELDS, admin=const.ADMIN_STATE_UP,
|
||||||
|
created=const.CREATED_AT))
|
||||||
|
self.assertEqual(2, len(l7rules[0]))
|
||||||
|
self.assertTrue(l7rules[0][const.ADMIN_STATE_UP])
|
||||||
|
parser.parse(l7rules[0][const.CREATED_AT])
|
||||||
|
self.assertTrue(l7rules[1][const.ADMIN_STATE_UP])
|
||||||
|
parser.parse(l7rules[1][const.CREATED_AT])
|
||||||
|
self.assertFalse(l7rules[2][const.ADMIN_STATE_UP])
|
||||||
|
parser.parse(l7rules[2][const.CREATED_AT])
|
||||||
|
|
||||||
|
# Test filtering
|
||||||
|
l7rules = self.mem_l7rule_client.list_l7rules(
|
||||||
|
l7policy_id,
|
||||||
|
query_params='{value}={rule_value}'.format(
|
||||||
|
value=const.VALUE,
|
||||||
|
rule_value=l7rule2[const.VALUE]))
|
||||||
|
self.assertEqual(1, len(l7rules))
|
||||||
|
self.assertEqual(l7rule2[const.VALUE],
|
||||||
|
l7rules[0][const.VALUE])
|
||||||
|
|
||||||
|
# Test combined params
|
||||||
|
l7rules = self.mem_l7rule_client.list_l7rules(
|
||||||
|
l7policy_id,
|
||||||
|
query_params='{admin}={true}&'
|
||||||
|
'{fields}={value}&{fields}={id}&'
|
||||||
|
'{sort}={value}:{desc}'.format(
|
||||||
|
admin=const.ADMIN_STATE_UP,
|
||||||
|
true=const.ADMIN_STATE_UP_TRUE,
|
||||||
|
fields=const.FIELDS, value=const.VALUE,
|
||||||
|
id=const.ID, sort=const.SORT, desc=const.DESC))
|
||||||
|
# Should get two l7rules
|
||||||
|
self.assertEqual(2, len(l7rules))
|
||||||
|
# l7rules should have two fields
|
||||||
|
self.assertEqual(2, len(l7rules[0]))
|
||||||
|
# Should be in descending order by `value`
|
||||||
|
self.assertEqual(l7rule2[const.VALUE],
|
||||||
|
l7rules[1][const.VALUE])
|
||||||
|
self.assertEqual(l7rule1[const.VALUE],
|
||||||
|
l7rules[0][const.VALUE])
|
||||||
|
|
||||||
|
@decorators.idempotent_id('b80b34c3-09fc-467b-8027-7350adb17070')
|
||||||
|
def test_l7rule_show(self):
|
||||||
|
"""Tests l7rule show API.
|
||||||
|
|
||||||
|
* Create a fully populated l7rule.
|
||||||
|
* Show l7rule details.
|
||||||
|
* Validate the show reflects the requested values.
|
||||||
|
* Validates that other accounts cannot see the l7rule.
|
||||||
|
"""
|
||||||
|
l7rule_kwargs = {
|
||||||
|
const.ADMIN_STATE_UP: True,
|
||||||
|
const.L7POLICY_ID: self.l7policy_id,
|
||||||
|
const.TYPE: const.HEADER,
|
||||||
|
const.VALUE: 'myvalue-show',
|
||||||
|
const.COMPARE_TYPE: const.EQUAL_TO,
|
||||||
|
const.KEY: 'mykey-show',
|
||||||
|
const.INVERT: False,
|
||||||
|
}
|
||||||
|
|
||||||
|
l7rule = self.mem_l7rule_client.create_l7rule(**l7rule_kwargs)
|
||||||
|
self.addClassResourceCleanup(
|
||||||
|
self.mem_l7rule_client.cleanup_l7rule,
|
||||||
|
l7rule[const.ID], l7policy_id=self.l7policy_id,
|
||||||
|
lb_client=self.mem_lb_client, lb_id=self.lb_id)
|
||||||
|
|
||||||
|
waiters.wait_for_status(
|
||||||
|
self.mem_lb_client.show_loadbalancer, self.lb_id,
|
||||||
|
const.PROVISIONING_STATUS, const.ACTIVE,
|
||||||
|
CONF.load_balancer.build_interval,
|
||||||
|
CONF.load_balancer.build_timeout)
|
||||||
|
l7rule = waiters.wait_for_status(
|
||||||
|
self.mem_l7rule_client.show_l7rule,
|
||||||
|
l7rule[const.ID], const.PROVISIONING_STATUS,
|
||||||
|
const.ACTIVE,
|
||||||
|
CONF.load_balancer.build_interval,
|
||||||
|
CONF.load_balancer.build_timeout,
|
||||||
|
l7policy_id=self.l7policy_id)
|
||||||
|
if not CONF.load_balancer.test_with_noop:
|
||||||
|
l7rule = waiters.wait_for_status(
|
||||||
|
self.mem_l7rule_client.show_l7rule,
|
||||||
|
l7rule[const.ID], const.OPERATING_STATUS,
|
||||||
|
const.ONLINE,
|
||||||
|
CONF.load_balancer.build_interval,
|
||||||
|
CONF.load_balancer.build_timeout,
|
||||||
|
l7policy_id=self.l7policy_id)
|
||||||
|
|
||||||
|
parser.parse(l7rule[const.CREATED_AT])
|
||||||
|
parser.parse(l7rule[const.UPDATED_AT])
|
||||||
|
UUID(l7rule[const.ID])
|
||||||
|
# Operating status for a l7rule will be ONLINE if it is enabled:
|
||||||
|
if l7rule[const.ADMIN_STATE_UP]:
|
||||||
|
self.assertEqual(const.ONLINE, l7rule[const.OPERATING_STATUS])
|
||||||
|
else:
|
||||||
|
self.assertEqual(const.OFFLINE, l7rule[const.OPERATING_STATUS])
|
||||||
|
|
||||||
|
equal_items = [const.ADMIN_STATE_UP, const.TYPE, const.VALUE,
|
||||||
|
const.COMPARE_TYPE, const.KEY, const.INVERT]
|
||||||
|
|
||||||
|
for item in equal_items:
|
||||||
|
self.assertEqual(l7rule_kwargs[item], l7rule[item])
|
||||||
|
|
||||||
|
# Test that a user with lb_admin role can see the l7rule
|
||||||
|
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||||
|
l7rule_client = self.os_roles_lb_admin.l7rule_client
|
||||||
|
l7rule_adm = l7rule_client.show_l7rule(
|
||||||
|
l7rule[const.ID], l7policy_id=self.l7policy_id)
|
||||||
|
self.assertEqual(l7rule_kwargs[const.KEY], l7rule_adm[const.KEY])
|
||||||
|
|
||||||
|
# Test that a user with cloud admin role can see the l7rule
|
||||||
|
if not CONF.load_balancer.RBAC_test_type == const.NONE:
|
||||||
|
adm = self.os_admin.l7rule_client.show_l7rule(
|
||||||
|
l7rule[const.ID], l7policy_id=self.l7policy_id)
|
||||||
|
self.assertEqual(l7rule_kwargs[const.KEY], adm[const.KEY])
|
||||||
|
|
||||||
|
# Test that a different user, with load balancer member role, cannot
|
||||||
|
# see this l7rule
|
||||||
|
if not CONF.load_balancer.RBAC_test_type == const.NONE:
|
||||||
|
member2_client = self.os_roles_lb_member2.l7rule_client
|
||||||
|
self.assertRaises(exceptions.Forbidden,
|
||||||
|
member2_client.show_l7rule,
|
||||||
|
l7rule[const.ID], l7policy_id=self.l7policy_id)
|
||||||
|
|
||||||
|
# Test that a user, without the load balancer member role, cannot
|
||||||
|
# show l7rules
|
||||||
|
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||||
|
self.assertRaises(
|
||||||
|
exceptions.Forbidden,
|
||||||
|
self.os_primary.l7rule_client.show_l7rule,
|
||||||
|
l7rule[const.ID], l7policy_id=self.l7policy_id)
|
||||||
|
|
||||||
|
@decorators.idempotent_id('f8cee23b-89b6-4f3a-a842-1463daf42cf7')
|
||||||
|
def test_l7rule_update(self):
|
||||||
|
"""Tests l7rule show API and field filtering.
|
||||||
|
|
||||||
|
* Create a fully populated l7rule.
|
||||||
|
* Show l7rule details.
|
||||||
|
* Validate the show reflects the initial values.
|
||||||
|
* Validates that other accounts cannot update the l7rule.
|
||||||
|
* Update the l7rule details.
|
||||||
|
* Show l7rule details.
|
||||||
|
* Validate the show reflects the initial values.
|
||||||
|
"""
|
||||||
|
l7rule_kwargs = {
|
||||||
|
const.ADMIN_STATE_UP: False,
|
||||||
|
const.L7POLICY_ID: self.l7policy_id,
|
||||||
|
const.TYPE: const.HEADER,
|
||||||
|
const.VALUE: 'myvalue-update',
|
||||||
|
const.COMPARE_TYPE: const.EQUAL_TO,
|
||||||
|
const.KEY: 'mykey-update',
|
||||||
|
const.INVERT: False,
|
||||||
|
}
|
||||||
|
|
||||||
|
l7rule = self.mem_l7rule_client.create_l7rule(**l7rule_kwargs)
|
||||||
|
self.addClassResourceCleanup(
|
||||||
|
self.mem_l7rule_client.cleanup_l7rule,
|
||||||
|
l7rule[const.ID], l7policy_id=self.l7policy_id,
|
||||||
|
lb_client=self.mem_lb_client, lb_id=self.lb_id)
|
||||||
|
|
||||||
|
waiters.wait_for_status(
|
||||||
|
self.mem_lb_client.show_loadbalancer, self.lb_id,
|
||||||
|
const.PROVISIONING_STATUS, const.ACTIVE,
|
||||||
|
CONF.load_balancer.build_interval,
|
||||||
|
CONF.load_balancer.build_timeout)
|
||||||
|
l7rule = waiters.wait_for_status(
|
||||||
|
self.mem_l7rule_client.show_l7rule,
|
||||||
|
l7rule[const.ID], const.PROVISIONING_STATUS,
|
||||||
|
const.ACTIVE,
|
||||||
|
CONF.load_balancer.build_interval,
|
||||||
|
CONF.load_balancer.build_timeout,
|
||||||
|
l7policy_id=self.l7policy_id)
|
||||||
|
|
||||||
|
parser.parse(l7rule[const.CREATED_AT])
|
||||||
|
parser.parse(l7rule[const.UPDATED_AT])
|
||||||
|
UUID(l7rule[const.ID])
|
||||||
|
# Operating status for a l7rule will be ONLINE if it is enabled:
|
||||||
|
if l7rule[const.ADMIN_STATE_UP]:
|
||||||
|
self.assertEqual(const.ONLINE, l7rule[const.OPERATING_STATUS])
|
||||||
|
else:
|
||||||
|
self.assertEqual(const.OFFLINE, l7rule[const.OPERATING_STATUS])
|
||||||
|
|
||||||
|
equal_items = [const.ADMIN_STATE_UP, const.TYPE, const.VALUE,
|
||||||
|
const.COMPARE_TYPE, const.KEY, const.INVERT]
|
||||||
|
|
||||||
|
for item in equal_items:
|
||||||
|
self.assertEqual(l7rule_kwargs[item], l7rule[item])
|
||||||
|
|
||||||
|
# Test that a user, without the load balancer member role, cannot
|
||||||
|
# use this command
|
||||||
|
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||||
|
self.assertRaises(
|
||||||
|
exceptions.Forbidden,
|
||||||
|
self.os_primary.l7rule_client.update_l7rule,
|
||||||
|
l7rule[const.ID], l7policy_id=self.l7policy_id,
|
||||||
|
admin_state_up=True)
|
||||||
|
|
||||||
|
# Assert we didn't go into PENDING_*
|
||||||
|
l7rule_check = self.mem_l7rule_client.show_l7rule(
|
||||||
|
l7rule[const.ID], l7policy_id=self.l7policy_id)
|
||||||
|
self.assertEqual(const.ACTIVE, l7rule_check[const.PROVISIONING_STATUS])
|
||||||
|
self.assertEqual(False, l7rule_check[const.ADMIN_STATE_UP])
|
||||||
|
|
||||||
|
# Test that a user, without the load balancer member role, cannot
|
||||||
|
# update this l7rule
|
||||||
|
if not CONF.load_balancer.RBAC_test_type == const.NONE:
|
||||||
|
member2_client = self.os_roles_lb_member2.l7rule_client
|
||||||
|
self.assertRaises(exceptions.Forbidden,
|
||||||
|
member2_client.update_l7rule,
|
||||||
|
l7rule[const.ID], l7policy_id=self.l7policy_id,
|
||||||
|
admin_state_up=True)
|
||||||
|
|
||||||
|
# Assert we didn't go into PENDING_*
|
||||||
|
l7rule_check = self.mem_l7rule_client.show_l7rule(
|
||||||
|
l7rule[const.ID], l7policy_id=self.l7policy_id)
|
||||||
|
self.assertEqual(const.ACTIVE, l7rule_check[const.PROVISIONING_STATUS])
|
||||||
|
self.assertEqual(False, l7rule_check[const.ADMIN_STATE_UP])
|
||||||
|
|
||||||
|
l7rule_update_kwargs = {
|
||||||
|
const.L7POLICY_ID: self.l7policy_id,
|
||||||
|
const.ADMIN_STATE_UP: True,
|
||||||
|
const.TYPE: const.COOKIE,
|
||||||
|
const.VALUE: 'myvalue-UPDATED',
|
||||||
|
const.COMPARE_TYPE: const.CONTAINS,
|
||||||
|
const.KEY: 'mykey-UPDATED',
|
||||||
|
const.INVERT: True,
|
||||||
|
}
|
||||||
|
l7rule = self.mem_l7rule_client.update_l7rule(
|
||||||
|
l7rule[const.ID], **l7rule_update_kwargs)
|
||||||
|
|
||||||
|
waiters.wait_for_status(
|
||||||
|
self.mem_lb_client.show_loadbalancer, self.lb_id,
|
||||||
|
const.PROVISIONING_STATUS, const.ACTIVE,
|
||||||
|
CONF.load_balancer.build_interval,
|
||||||
|
CONF.load_balancer.build_timeout)
|
||||||
|
l7rule = waiters.wait_for_status(
|
||||||
|
self.mem_l7rule_client.show_l7rule,
|
||||||
|
l7rule[const.ID], const.PROVISIONING_STATUS,
|
||||||
|
const.ACTIVE,
|
||||||
|
CONF.load_balancer.build_interval,
|
||||||
|
CONF.load_balancer.build_timeout,
|
||||||
|
l7policy_id=self.l7policy_id)
|
||||||
|
|
||||||
|
# Operating status for a l7rule will be ONLINE if it is enabled:
|
||||||
|
if l7rule[const.ADMIN_STATE_UP]:
|
||||||
|
self.assertEqual(const.ONLINE, l7rule[const.OPERATING_STATUS])
|
||||||
|
else:
|
||||||
|
self.assertEqual(const.OFFLINE, l7rule[const.OPERATING_STATUS])
|
||||||
|
|
||||||
|
# Test changed items (which is all of them, for l7rules)
|
||||||
|
equal_items = [const.ADMIN_STATE_UP, const.TYPE, const.VALUE,
|
||||||
|
const.COMPARE_TYPE, const.KEY, const.INVERT]
|
||||||
|
for item in equal_items:
|
||||||
|
self.assertEqual(l7rule_update_kwargs[item], l7rule[item])
|
||||||
|
|
||||||
|
@decorators.idempotent_id('8e15d68d-70e7-4cf3-82bc-9604384654a0')
|
||||||
|
def test_l7rule_delete(self):
|
||||||
|
"""Tests l7rule create and delete APIs.
|
||||||
|
|
||||||
|
* Creates a l7rule.
|
||||||
|
* Validates that other accounts cannot delete the l7rule
|
||||||
|
* Deletes the l7rule.
|
||||||
|
* Validates the l7rule is in the DELETED state.
|
||||||
|
"""
|
||||||
|
l7rule_kwargs = {
|
||||||
|
const.L7POLICY_ID: self.l7policy_id,
|
||||||
|
const.TYPE: const.HEADER,
|
||||||
|
const.VALUE: 'myvalue-delete',
|
||||||
|
const.COMPARE_TYPE: const.EQUAL_TO,
|
||||||
|
const.KEY: 'mykey-delete',
|
||||||
|
}
|
||||||
|
l7rule = self.mem_l7rule_client.create_l7rule(**l7rule_kwargs)
|
||||||
|
self.addClassResourceCleanup(
|
||||||
|
self.mem_l7rule_client.cleanup_l7rule,
|
||||||
|
l7rule[const.ID], l7policy_id=self.l7policy_id,
|
||||||
|
lb_client=self.mem_lb_client, lb_id=self.lb_id)
|
||||||
|
|
||||||
|
waiters.wait_for_status(
|
||||||
|
self.mem_lb_client.show_loadbalancer,
|
||||||
|
self.lb_id, const.PROVISIONING_STATUS,
|
||||||
|
const.ACTIVE,
|
||||||
|
CONF.load_balancer.build_interval,
|
||||||
|
CONF.load_balancer.build_timeout)
|
||||||
|
|
||||||
|
# Test that a user without the load balancer role cannot
|
||||||
|
# delete this l7rule
|
||||||
|
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
|
||||||
|
self.assertRaises(
|
||||||
|
exceptions.Forbidden,
|
||||||
|
self.os_primary.l7rule_client.delete_l7rule,
|
||||||
|
l7rule[const.ID], l7policy_id=self.l7policy_id)
|
||||||
|
|
||||||
|
# Test that a different user, with the load balancer member role
|
||||||
|
# cannot delete this l7rule
|
||||||
|
if not CONF.load_balancer.RBAC_test_type == const.NONE:
|
||||||
|
member2_client = self.os_roles_lb_member2.l7rule_client
|
||||||
|
self.assertRaises(exceptions.Forbidden,
|
||||||
|
member2_client.delete_l7rule,
|
||||||
|
l7rule[const.ID], l7policy_id=self.l7policy_id)
|
||||||
|
|
||||||
|
self.mem_l7rule_client.delete_l7rule(l7rule[const.ID],
|
||||||
|
l7policy_id=self.l7policy_id)
|
||||||
|
|
||||||
|
waiters.wait_for_deleted_status_or_not_found(
|
||||||
|
self.mem_l7rule_client.show_l7rule, l7rule[const.ID],
|
||||||
|
const.PROVISIONING_STATUS,
|
||||||
|
CONF.load_balancer.check_interval,
|
||||||
|
CONF.load_balancer.check_timeout,
|
||||||
|
l7policy_id=self.l7policy_id)
|
|
@ -0,0 +1,195 @@
|
||||||
|
# Copyright 2018 GoDaddy
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
from uuid import UUID
|
||||||
|
|
||||||
|
from dateutil import parser
|
||||||
|
from tempest import config
|
||||||
|
from tempest.lib.common.utils import data_utils
|
||||||
|
from tempest.lib import decorators
|
||||||
|
|
||||||
|
from octavia_tempest_plugin.common import constants as const
|
||||||
|
from octavia_tempest_plugin.tests import test_base
|
||||||
|
from octavia_tempest_plugin.tests import waiters
|
||||||
|
|
||||||
|
CONF = config.CONF
|
||||||
|
|
||||||
|
|
||||||
|
class L7RuleScenarioTest(test_base.LoadBalancerBaseTest):
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def resource_setup(cls):
|
||||||
|
"""Setup resources needed by the tests."""
|
||||||
|
super(L7RuleScenarioTest, cls).resource_setup()
|
||||||
|
|
||||||
|
lb_name = data_utils.rand_name("lb_member_lb1_l7rule")
|
||||||
|
lb_kwargs = {const.PROVIDER: CONF.load_balancer.provider,
|
||||||
|
const.NAME: lb_name}
|
||||||
|
|
||||||
|
cls._setup_lb_network_kwargs(lb_kwargs)
|
||||||
|
|
||||||
|
lb = cls.mem_lb_client.create_loadbalancer(**lb_kwargs)
|
||||||
|
cls.lb_id = lb[const.ID]
|
||||||
|
cls.addClassResourceCleanup(
|
||||||
|
cls.mem_lb_client.cleanup_loadbalancer,
|
||||||
|
cls.lb_id)
|
||||||
|
|
||||||
|
waiters.wait_for_status(cls.mem_lb_client.show_loadbalancer,
|
||||||
|
cls.lb_id, const.PROVISIONING_STATUS,
|
||||||
|
const.ACTIVE,
|
||||||
|
CONF.load_balancer.lb_build_interval,
|
||||||
|
CONF.load_balancer.lb_build_timeout)
|
||||||
|
|
||||||
|
listener_name = data_utils.rand_name("lb_member_listener1_l7rule")
|
||||||
|
listener_kwargs = {
|
||||||
|
const.NAME: listener_name,
|
||||||
|
const.PROTOCOL: const.HTTP,
|
||||||
|
const.PROTOCOL_PORT: '80',
|
||||||
|
const.LOADBALANCER_ID: cls.lb_id,
|
||||||
|
}
|
||||||
|
listener = cls.mem_listener_client.create_listener(**listener_kwargs)
|
||||||
|
cls.listener_id = listener[const.ID]
|
||||||
|
cls.addClassResourceCleanup(
|
||||||
|
cls.mem_listener_client.cleanup_listener,
|
||||||
|
cls.listener_id,
|
||||||
|
lb_client=cls.mem_lb_client, lb_id=cls.lb_id)
|
||||||
|
|
||||||
|
waiters.wait_for_status(cls.mem_lb_client.show_loadbalancer,
|
||||||
|
cls.lb_id, const.PROVISIONING_STATUS,
|
||||||
|
const.ACTIVE,
|
||||||
|
CONF.load_balancer.build_interval,
|
||||||
|
CONF.load_balancer.build_timeout)
|
||||||
|
|
||||||
|
l7policy_name = data_utils.rand_name("lb_member_l7policy1_l7rule")
|
||||||
|
l7policy_kwargs = {
|
||||||
|
const.NAME: l7policy_name,
|
||||||
|
const.LISTENER_ID: cls.listener_id,
|
||||||
|
const.ACTION: const.REJECT,
|
||||||
|
}
|
||||||
|
l7policy = cls.mem_l7policy_client.create_l7policy(**l7policy_kwargs)
|
||||||
|
cls.l7policy_id = l7policy[const.ID]
|
||||||
|
cls.addClassResourceCleanup(
|
||||||
|
cls.mem_l7policy_client.cleanup_l7policy,
|
||||||
|
cls.l7policy_id,
|
||||||
|
lb_client=cls.mem_lb_client, lb_id=cls.lb_id)
|
||||||
|
|
||||||
|
waiters.wait_for_status(cls.mem_lb_client.show_loadbalancer,
|
||||||
|
cls.lb_id, const.PROVISIONING_STATUS,
|
||||||
|
const.ACTIVE,
|
||||||
|
CONF.load_balancer.build_interval,
|
||||||
|
CONF.load_balancer.build_timeout)
|
||||||
|
|
||||||
|
@decorators.idempotent_id('a1c268b9-5304-48c7-9a34-0ef0e8e9307e')
|
||||||
|
def test_l7rule_CRUD(self):
|
||||||
|
"""Tests l7rule create, read, update, delete
|
||||||
|
|
||||||
|
* Create a fully populated l7rule.
|
||||||
|
* Show l7rule details.
|
||||||
|
* Update the l7rule.
|
||||||
|
* Delete the l7rule.
|
||||||
|
"""
|
||||||
|
|
||||||
|
# L7Rule create
|
||||||
|
l7rule_kwargs = {
|
||||||
|
const.ADMIN_STATE_UP: False,
|
||||||
|
const.L7POLICY_ID: self.l7policy_id,
|
||||||
|
const.TYPE: const.HEADER,
|
||||||
|
const.VALUE: 'myvalue-create',
|
||||||
|
const.COMPARE_TYPE: const.EQUAL_TO,
|
||||||
|
const.KEY: 'mykey-create',
|
||||||
|
const.INVERT: False,
|
||||||
|
}
|
||||||
|
|
||||||
|
l7rule = self.mem_l7rule_client.create_l7rule(**l7rule_kwargs)
|
||||||
|
self.addClassResourceCleanup(
|
||||||
|
self.mem_l7rule_client.cleanup_l7rule,
|
||||||
|
l7rule[const.ID], l7policy_id=self.l7policy_id,
|
||||||
|
lb_client=self.mem_lb_client, lb_id=self.lb_id)
|
||||||
|
|
||||||
|
waiters.wait_for_status(
|
||||||
|
self.mem_lb_client.show_loadbalancer, self.lb_id,
|
||||||
|
const.PROVISIONING_STATUS, const.ACTIVE,
|
||||||
|
CONF.load_balancer.build_interval,
|
||||||
|
CONF.load_balancer.build_timeout)
|
||||||
|
l7rule = waiters.wait_for_status(
|
||||||
|
self.mem_l7rule_client.show_l7rule,
|
||||||
|
l7rule[const.ID], const.PROVISIONING_STATUS,
|
||||||
|
const.ACTIVE,
|
||||||
|
CONF.load_balancer.build_interval,
|
||||||
|
CONF.load_balancer.build_timeout,
|
||||||
|
l7policy_id=self.l7policy_id)
|
||||||
|
|
||||||
|
parser.parse(l7rule[const.CREATED_AT])
|
||||||
|
parser.parse(l7rule[const.UPDATED_AT])
|
||||||
|
UUID(l7rule[const.ID])
|
||||||
|
# Operating status will be OFFLINE while admin_state_up = False
|
||||||
|
self.assertEqual(const.OFFLINE, l7rule[const.OPERATING_STATUS])
|
||||||
|
|
||||||
|
equal_items = [const.ADMIN_STATE_UP, const.TYPE, const.VALUE,
|
||||||
|
const.COMPARE_TYPE, const.KEY, const.INVERT]
|
||||||
|
|
||||||
|
for item in equal_items:
|
||||||
|
self.assertEqual(l7rule_kwargs[item], l7rule[item])
|
||||||
|
|
||||||
|
# L7Rule update
|
||||||
|
l7rule_update_kwargs = {
|
||||||
|
const.L7POLICY_ID: self.l7policy_id,
|
||||||
|
const.ADMIN_STATE_UP: True,
|
||||||
|
const.TYPE: const.COOKIE,
|
||||||
|
const.VALUE: 'myvalue-UPDATED',
|
||||||
|
const.COMPARE_TYPE: const.CONTAINS,
|
||||||
|
const.KEY: 'mykey-UPDATED',
|
||||||
|
const.INVERT: True,
|
||||||
|
}
|
||||||
|
l7rule = self.mem_l7rule_client.update_l7rule(
|
||||||
|
l7rule[const.ID], **l7rule_update_kwargs)
|
||||||
|
|
||||||
|
waiters.wait_for_status(
|
||||||
|
self.mem_lb_client.show_loadbalancer, self.lb_id,
|
||||||
|
const.PROVISIONING_STATUS, const.ACTIVE,
|
||||||
|
CONF.load_balancer.build_interval,
|
||||||
|
CONF.load_balancer.build_timeout)
|
||||||
|
l7rule = waiters.wait_for_status(
|
||||||
|
self.mem_l7rule_client.show_l7rule,
|
||||||
|
l7rule[const.ID], const.PROVISIONING_STATUS,
|
||||||
|
const.ACTIVE,
|
||||||
|
CONF.load_balancer.build_interval,
|
||||||
|
CONF.load_balancer.build_timeout,
|
||||||
|
l7policy_id=self.l7policy_id)
|
||||||
|
|
||||||
|
# Operating status for a l7rule will be ONLINE if it is enabled:
|
||||||
|
self.assertEqual(const.ONLINE, l7rule[const.OPERATING_STATUS])
|
||||||
|
|
||||||
|
# Test changed items (which is all of them, for l7rules)
|
||||||
|
equal_items = [const.ADMIN_STATE_UP, const.TYPE, const.VALUE,
|
||||||
|
const.COMPARE_TYPE, const.KEY, const.INVERT]
|
||||||
|
for item in equal_items:
|
||||||
|
self.assertEqual(l7rule_update_kwargs[item], l7rule[item])
|
||||||
|
|
||||||
|
# L7Rule delete
|
||||||
|
waiters.wait_for_status(
|
||||||
|
self.mem_lb_client.show_loadbalancer,
|
||||||
|
self.lb_id, const.PROVISIONING_STATUS,
|
||||||
|
const.ACTIVE,
|
||||||
|
CONF.load_balancer.check_interval,
|
||||||
|
CONF.load_balancer.check_timeout)
|
||||||
|
self.mem_l7rule_client.delete_l7rule(l7rule[const.ID],
|
||||||
|
l7policy_id=self.l7policy_id)
|
||||||
|
|
||||||
|
waiters.wait_for_deleted_status_or_not_found(
|
||||||
|
self.mem_l7rule_client.show_l7rule, l7rule[const.ID],
|
||||||
|
const.PROVISIONING_STATUS,
|
||||||
|
CONF.load_balancer.check_interval,
|
||||||
|
CONF.load_balancer.check_timeout,
|
||||||
|
l7policy_id=self.l7policy_id)
|
|
@ -12,11 +12,12 @@
|
||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
|
import testtools
|
||||||
|
|
||||||
from oslo_log import log as logging
|
from oslo_log import log as logging
|
||||||
from tempest import config
|
from tempest import config
|
||||||
from tempest.lib.common.utils import data_utils
|
from tempest.lib.common.utils import data_utils
|
||||||
from tempest.lib import decorators
|
from tempest.lib import decorators
|
||||||
import testtools
|
|
||||||
|
|
||||||
from octavia_tempest_plugin.common import constants as const
|
from octavia_tempest_plugin.common import constants as const
|
||||||
from octavia_tempest_plugin.tests import test_base
|
from octavia_tempest_plugin.tests import test_base
|
||||||
|
@ -118,7 +119,7 @@ class TrafficOperationsScenarioTest(test_base.LoadBalancerBaseTestWithCompute):
|
||||||
def test_basic_traffic(self):
|
def test_basic_traffic(self):
|
||||||
"""Tests sending traffic through a loadbalancer
|
"""Tests sending traffic through a loadbalancer
|
||||||
|
|
||||||
* Create a fully populated loadbalancer.
|
* Set up members on a loadbalancer.
|
||||||
* Test traffic to ensure it is balanced properly.
|
* Test traffic to ensure it is balanced properly.
|
||||||
"""
|
"""
|
||||||
# Set up Member 1 for Webserver 1
|
# Set up Member 1 for Webserver 1
|
||||||
|
@ -170,7 +171,7 @@ class TrafficOperationsScenarioTest(test_base.LoadBalancerBaseTestWithCompute):
|
||||||
CONF.load_balancer.check_timeout)
|
CONF.load_balancer.check_timeout)
|
||||||
|
|
||||||
# Send some traffic
|
# Send some traffic
|
||||||
self._check_members_balanced(self.lb_vip_address)
|
self.check_members_balanced(self.lb_vip_address)
|
||||||
|
|
||||||
@decorators.idempotent_id('a16f8eb4-a77c-4b0e-8b1b-91c237039713')
|
@decorators.idempotent_id('a16f8eb4-a77c-4b0e-8b1b-91c237039713')
|
||||||
def test_healthmonitor_traffic(self):
|
def test_healthmonitor_traffic(self):
|
||||||
|
@ -286,8 +287,8 @@ class TrafficOperationsScenarioTest(test_base.LoadBalancerBaseTestWithCompute):
|
||||||
pool_id=self.pool_id)
|
pool_id=self.pool_id)
|
||||||
|
|
||||||
# Send some traffic and verify it is balanced
|
# Send some traffic and verify it is balanced
|
||||||
self._check_members_balanced(self.lb_vip_address,
|
self.check_members_balanced(self.lb_vip_address,
|
||||||
traffic_member_count=2)
|
traffic_member_count=2)
|
||||||
|
|
||||||
# Create the healthmonitor
|
# Create the healthmonitor
|
||||||
hm_name = data_utils.rand_name("lb_member_hm1-hm-traffic")
|
hm_name = data_utils.rand_name("lb_member_hm1-hm-traffic")
|
||||||
|
@ -346,8 +347,8 @@ class TrafficOperationsScenarioTest(test_base.LoadBalancerBaseTestWithCompute):
|
||||||
pool_id=self.pool_id)
|
pool_id=self.pool_id)
|
||||||
|
|
||||||
# Send some traffic and verify it is *unbalanced*, as expected
|
# Send some traffic and verify it is *unbalanced*, as expected
|
||||||
self._check_members_balanced(self.lb_vip_address,
|
self.check_members_balanced(self.lb_vip_address,
|
||||||
traffic_member_count=1)
|
traffic_member_count=1)
|
||||||
|
|
||||||
# Delete the healthmonitor
|
# Delete the healthmonitor
|
||||||
self.mem_healthmonitor_client.delete_healthmonitor(hm[const.ID])
|
self.mem_healthmonitor_client.delete_healthmonitor(hm[const.ID])
|
||||||
|
@ -382,4 +383,240 @@ class TrafficOperationsScenarioTest(test_base.LoadBalancerBaseTestWithCompute):
|
||||||
pool_id=self.pool_id)
|
pool_id=self.pool_id)
|
||||||
|
|
||||||
# Send some traffic and verify it is balanced again
|
# Send some traffic and verify it is balanced again
|
||||||
self._check_members_balanced(self.lb_vip_address)
|
self.check_members_balanced(self.lb_vip_address)
|
||||||
|
|
||||||
|
@decorators.idempotent_id('3558186d-6dcd-4d9d-b7f7-adc190b66149')
|
||||||
|
def test_l7policies_and_l7rules(self):
|
||||||
|
"""Tests sending traffic through a loadbalancer with l7rules
|
||||||
|
|
||||||
|
* Create an extra pool.
|
||||||
|
* Put one member on the default pool, and one on the second pool.
|
||||||
|
* Create a policy/rule to redirect to the second pool.
|
||||||
|
* Create a policy/rule to redirect to the identity URI.
|
||||||
|
* Create a policy/rule to reject connections.
|
||||||
|
* Test traffic to ensure it goes to the correct place.
|
||||||
|
"""
|
||||||
|
# Create a second pool
|
||||||
|
pool_name = data_utils.rand_name("lb_member_pool2_l7redirect")
|
||||||
|
pool_kwargs = {
|
||||||
|
const.NAME: pool_name,
|
||||||
|
const.PROTOCOL: const.HTTP,
|
||||||
|
const.LB_ALGORITHM: const.LB_ALGORITHM_ROUND_ROBIN,
|
||||||
|
const.LOADBALANCER_ID: self.lb_id,
|
||||||
|
}
|
||||||
|
pool = self.mem_pool_client.create_pool(**pool_kwargs)
|
||||||
|
pool_id = pool[const.ID]
|
||||||
|
self.addCleanup(
|
||||||
|
self.mem_pool_client.cleanup_pool,
|
||||||
|
pool_id,
|
||||||
|
lb_client=self.mem_lb_client, lb_id=self.lb_id)
|
||||||
|
|
||||||
|
waiters.wait_for_status(self.mem_lb_client.show_loadbalancer,
|
||||||
|
self.lb_id, const.PROVISIONING_STATUS,
|
||||||
|
const.ACTIVE,
|
||||||
|
CONF.load_balancer.build_interval,
|
||||||
|
CONF.load_balancer.build_timeout)
|
||||||
|
|
||||||
|
# Set up Member 1 for Webserver 1 on the default pool
|
||||||
|
member1_name = data_utils.rand_name("lb_member_member1-l7redirect")
|
||||||
|
member1_kwargs = {
|
||||||
|
const.POOL_ID: self.pool_id,
|
||||||
|
const.NAME: member1_name,
|
||||||
|
const.ADMIN_STATE_UP: True,
|
||||||
|
const.ADDRESS: self.webserver1_ip,
|
||||||
|
const.PROTOCOL_PORT: 80,
|
||||||
|
}
|
||||||
|
if self.lb_member_1_subnet:
|
||||||
|
member1_kwargs[const.SUBNET_ID] = self.lb_member_1_subnet[const.ID]
|
||||||
|
|
||||||
|
member1 = self.mem_member_client.create_member(
|
||||||
|
**member1_kwargs)
|
||||||
|
self.addCleanup(
|
||||||
|
self.mem_member_client.cleanup_member,
|
||||||
|
member1[const.ID], pool_id=self.pool_id,
|
||||||
|
lb_client=self.mem_lb_client, lb_id=self.lb_id)
|
||||||
|
waiters.wait_for_status(
|
||||||
|
self.mem_lb_client.show_loadbalancer, self.lb_id,
|
||||||
|
const.PROVISIONING_STATUS, const.ACTIVE,
|
||||||
|
CONF.load_balancer.check_interval,
|
||||||
|
CONF.load_balancer.check_timeout)
|
||||||
|
|
||||||
|
# Set up Member 2 for Webserver 2 on the alternate pool
|
||||||
|
member2_name = data_utils.rand_name("lb_member_member2-l7redirect")
|
||||||
|
member2_kwargs = {
|
||||||
|
const.POOL_ID: pool_id,
|
||||||
|
const.NAME: member2_name,
|
||||||
|
const.ADMIN_STATE_UP: True,
|
||||||
|
const.ADDRESS: self.webserver2_ip,
|
||||||
|
const.PROTOCOL_PORT: 80,
|
||||||
|
}
|
||||||
|
if self.lb_member_2_subnet:
|
||||||
|
member2_kwargs[const.SUBNET_ID] = self.lb_member_2_subnet[const.ID]
|
||||||
|
|
||||||
|
member2 = self.mem_member_client.create_member(
|
||||||
|
**member2_kwargs)
|
||||||
|
self.addCleanup(
|
||||||
|
self.mem_member_client.cleanup_member,
|
||||||
|
member2[const.ID], pool_id=self.pool_id,
|
||||||
|
lb_client=self.mem_lb_client, lb_id=self.lb_id)
|
||||||
|
waiters.wait_for_status(
|
||||||
|
self.mem_lb_client.show_loadbalancer, self.lb_id,
|
||||||
|
const.PROVISIONING_STATUS, const.ACTIVE,
|
||||||
|
CONF.load_balancer.check_interval,
|
||||||
|
CONF.load_balancer.check_timeout)
|
||||||
|
|
||||||
|
# Create the l7policy to redirect to the alternate pool
|
||||||
|
l7policy1_name = data_utils.rand_name("lb_member_l7policy1-l7redirect")
|
||||||
|
l7policy1_description = data_utils.arbitrary_string(size=255)
|
||||||
|
l7policy1_kwargs = {
|
||||||
|
const.LISTENER_ID: self.listener_id,
|
||||||
|
const.NAME: l7policy1_name,
|
||||||
|
const.DESCRIPTION: l7policy1_description,
|
||||||
|
const.ADMIN_STATE_UP: True,
|
||||||
|
const.POSITION: 1,
|
||||||
|
const.ACTION: const.REDIRECT_TO_POOL,
|
||||||
|
const.REDIRECT_POOL_ID: pool_id,
|
||||||
|
}
|
||||||
|
l7policy1 = self.mem_l7policy_client.create_l7policy(
|
||||||
|
**l7policy1_kwargs)
|
||||||
|
self.addCleanup(
|
||||||
|
self.mem_l7policy_client.cleanup_l7policy,
|
||||||
|
l7policy1[const.ID],
|
||||||
|
lb_client=self.mem_lb_client, lb_id=self.lb_id)
|
||||||
|
waiters.wait_for_status(
|
||||||
|
self.mem_lb_client.show_loadbalancer, self.lb_id,
|
||||||
|
const.PROVISIONING_STATUS, const.ACTIVE,
|
||||||
|
CONF.load_balancer.build_interval,
|
||||||
|
CONF.load_balancer.build_timeout)
|
||||||
|
|
||||||
|
# Redirect slow queries to the alternate pool
|
||||||
|
l7rule1_kwargs = {
|
||||||
|
const.L7POLICY_ID: l7policy1[const.ID],
|
||||||
|
const.ADMIN_STATE_UP: True,
|
||||||
|
const.TYPE: const.PATH,
|
||||||
|
const.VALUE: '/slow',
|
||||||
|
const.COMPARE_TYPE: const.STARTS_WITH,
|
||||||
|
const.INVERT: False,
|
||||||
|
}
|
||||||
|
|
||||||
|
l7rule1 = self.mem_l7rule_client.create_l7rule(**l7rule1_kwargs)
|
||||||
|
self.addCleanup(
|
||||||
|
self.mem_l7rule_client.cleanup_l7rule,
|
||||||
|
l7rule1[const.ID], l7policy_id=l7rule1_kwargs[const.L7POLICY_ID],
|
||||||
|
lb_client=self.mem_lb_client, lb_id=self.lb_id)
|
||||||
|
waiters.wait_for_status(
|
||||||
|
self.mem_lb_client.show_loadbalancer, self.lb_id,
|
||||||
|
const.PROVISIONING_STATUS, const.ACTIVE,
|
||||||
|
CONF.load_balancer.build_interval,
|
||||||
|
CONF.load_balancer.build_timeout)
|
||||||
|
|
||||||
|
# Create the l7policy to redirect to the identity URI
|
||||||
|
l7policy2_name = data_utils.rand_name("lb_member_l7policy2-l7redirect")
|
||||||
|
l7policy2_description = data_utils.arbitrary_string(size=255)
|
||||||
|
l7policy2_kwargs = {
|
||||||
|
const.LISTENER_ID: self.listener_id,
|
||||||
|
const.NAME: l7policy2_name,
|
||||||
|
const.DESCRIPTION: l7policy2_description,
|
||||||
|
const.ADMIN_STATE_UP: True,
|
||||||
|
const.POSITION: 1,
|
||||||
|
const.ACTION: const.REDIRECT_TO_URL,
|
||||||
|
const.REDIRECT_URL: CONF.identity.uri_v3,
|
||||||
|
}
|
||||||
|
l7policy2 = self.mem_l7policy_client.create_l7policy(
|
||||||
|
**l7policy2_kwargs)
|
||||||
|
self.addCleanup(
|
||||||
|
self.mem_l7policy_client.cleanup_l7policy,
|
||||||
|
l7policy2[const.ID],
|
||||||
|
lb_client=self.mem_lb_client, lb_id=self.lb_id)
|
||||||
|
waiters.wait_for_status(
|
||||||
|
self.mem_lb_client.show_loadbalancer, self.lb_id,
|
||||||
|
const.PROVISIONING_STATUS, const.ACTIVE,
|
||||||
|
CONF.load_balancer.build_interval,
|
||||||
|
CONF.load_balancer.build_timeout)
|
||||||
|
|
||||||
|
# Redirect queries for 'turtles' to identity
|
||||||
|
l7rule2_kwargs = {
|
||||||
|
const.L7POLICY_ID: l7policy2[const.ID],
|
||||||
|
const.ADMIN_STATE_UP: True,
|
||||||
|
const.TYPE: const.PATH,
|
||||||
|
const.VALUE: '/turtles',
|
||||||
|
const.COMPARE_TYPE: const.EQUAL_TO,
|
||||||
|
const.INVERT: False,
|
||||||
|
}
|
||||||
|
|
||||||
|
l7rule2 = self.mem_l7rule_client.create_l7rule(**l7rule2_kwargs)
|
||||||
|
self.addCleanup(
|
||||||
|
self.mem_l7rule_client.cleanup_l7rule,
|
||||||
|
l7rule2[const.ID], l7policy_id=l7rule2_kwargs[const.L7POLICY_ID],
|
||||||
|
lb_client=self.mem_lb_client, lb_id=self.lb_id)
|
||||||
|
waiters.wait_for_status(
|
||||||
|
self.mem_lb_client.show_loadbalancer, self.lb_id,
|
||||||
|
const.PROVISIONING_STATUS, const.ACTIVE,
|
||||||
|
CONF.load_balancer.build_interval,
|
||||||
|
CONF.load_balancer.build_timeout)
|
||||||
|
|
||||||
|
# Create the l7policy to reject requests
|
||||||
|
l7policy3_name = data_utils.rand_name("lb_member_l7policy3-l7redirect")
|
||||||
|
l7policy3_description = data_utils.arbitrary_string(size=255)
|
||||||
|
l7policy3_kwargs = {
|
||||||
|
const.LISTENER_ID: self.listener_id,
|
||||||
|
const.NAME: l7policy3_name,
|
||||||
|
const.DESCRIPTION: l7policy3_description,
|
||||||
|
const.ADMIN_STATE_UP: True,
|
||||||
|
const.POSITION: 1,
|
||||||
|
const.ACTION: const.REJECT,
|
||||||
|
}
|
||||||
|
l7policy3 = self.mem_l7policy_client.create_l7policy(
|
||||||
|
**l7policy3_kwargs)
|
||||||
|
self.addCleanup(
|
||||||
|
self.mem_l7policy_client.cleanup_l7policy,
|
||||||
|
l7policy3[const.ID],
|
||||||
|
lb_client=self.mem_lb_client, lb_id=self.lb_id)
|
||||||
|
waiters.wait_for_status(
|
||||||
|
self.mem_lb_client.show_loadbalancer, self.lb_id,
|
||||||
|
const.PROVISIONING_STATUS, const.ACTIVE,
|
||||||
|
CONF.load_balancer.build_interval,
|
||||||
|
CONF.load_balancer.build_timeout)
|
||||||
|
|
||||||
|
# Reject requests that include the header data 'reject=true'
|
||||||
|
l7rule3_kwargs = {
|
||||||
|
const.L7POLICY_ID: l7policy3[const.ID],
|
||||||
|
const.ADMIN_STATE_UP: True,
|
||||||
|
const.TYPE: const.HEADER,
|
||||||
|
const.KEY: 'reject',
|
||||||
|
const.VALUE: 'true',
|
||||||
|
const.COMPARE_TYPE: const.EQUAL_TO,
|
||||||
|
const.INVERT: False,
|
||||||
|
}
|
||||||
|
|
||||||
|
l7rule3 = self.mem_l7rule_client.create_l7rule(**l7rule3_kwargs)
|
||||||
|
self.addCleanup(
|
||||||
|
self.mem_l7rule_client.cleanup_l7rule,
|
||||||
|
l7rule3[const.ID], l7policy_id=l7rule3_kwargs[const.L7POLICY_ID],
|
||||||
|
lb_client=self.mem_lb_client, lb_id=self.lb_id)
|
||||||
|
waiters.wait_for_status(
|
||||||
|
self.mem_lb_client.show_loadbalancer, self.lb_id,
|
||||||
|
const.PROVISIONING_STATUS, const.ACTIVE,
|
||||||
|
CONF.load_balancer.build_interval,
|
||||||
|
CONF.load_balancer.build_timeout)
|
||||||
|
|
||||||
|
# Assert that normal traffic goes to pool1->member1
|
||||||
|
url_for_member1 = 'http://{}/'.format(self.lb_vip_address)
|
||||||
|
self.assertConsistentResponse((200, self.webserver1_response),
|
||||||
|
url_for_member1)
|
||||||
|
|
||||||
|
# Assert that slow traffic goes to pool2->member2
|
||||||
|
url_for_member2 = 'http://{}/slow?delay=1s'.format(self.lb_vip_address)
|
||||||
|
self.assertConsistentResponse((200, self.webserver2_response),
|
||||||
|
url_for_member2)
|
||||||
|
|
||||||
|
# Assert that /turtles is redirected to identity
|
||||||
|
url_for_identity = 'http://{}/turtles'.format(self.lb_vip_address)
|
||||||
|
self.assertConsistentResponse((302, CONF.identity.uri_v3),
|
||||||
|
url_for_identity,
|
||||||
|
redirect=True)
|
||||||
|
|
||||||
|
# Assert that traffic with header 'reject=true' is rejected
|
||||||
|
self.assertConsistentResponse((403, None),
|
||||||
|
url_for_member1,
|
||||||
|
headers={'reject': 'true'})
|
||||||
|
|
|
@ -51,6 +51,8 @@ class LoadBalancerBaseTest(test.BaseTestCase):
|
||||||
['lb_admin', CONF.load_balancer.admin_role]]
|
['lb_admin', CONF.load_balancer.admin_role]]
|
||||||
|
|
||||||
client_manager = clients.ManagerV2
|
client_manager = clients.ManagerV2
|
||||||
|
webserver1_response = 1
|
||||||
|
webserver2_response = 5
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def skip_checks(cls):
|
def skip_checks(cls):
|
||||||
|
@ -111,6 +113,7 @@ class LoadBalancerBaseTest(test.BaseTestCase):
|
||||||
cls.mem_healthmonitor_client = (
|
cls.mem_healthmonitor_client = (
|
||||||
cls.os_roles_lb_member.healthmonitor_client)
|
cls.os_roles_lb_member.healthmonitor_client)
|
||||||
cls.mem_l7policy_client = cls.os_roles_lb_member.l7policy_client
|
cls.mem_l7policy_client = cls.os_roles_lb_member.l7policy_client
|
||||||
|
cls.mem_l7rule_client = cls.os_roles_lb_member.l7rule_client
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def resource_setup(cls):
|
def resource_setup(cls):
|
||||||
|
@ -509,17 +512,21 @@ class LoadBalancerBaseTestWithCompute(LoadBalancerBaseTest):
|
||||||
|
|
||||||
# Set up serving on webserver 1
|
# Set up serving on webserver 1
|
||||||
cls._install_start_webserver(cls.webserver1_public_ip,
|
cls._install_start_webserver(cls.webserver1_public_ip,
|
||||||
cls.lb_member_keypair['private_key'], 1)
|
cls.lb_member_keypair['private_key'],
|
||||||
|
cls.webserver1_response)
|
||||||
|
|
||||||
# Validate webserver 1
|
# Validate webserver 1
|
||||||
cls._validate_webserver(cls.webserver1_public_ip, 1)
|
cls._validate_webserver(cls.webserver1_public_ip,
|
||||||
|
cls.webserver1_response)
|
||||||
|
|
||||||
# Set up serving on webserver 2
|
# Set up serving on webserver 2
|
||||||
cls._install_start_webserver(cls.webserver2_public_ip,
|
cls._install_start_webserver(cls.webserver2_public_ip,
|
||||||
cls.lb_member_keypair['private_key'], 5)
|
cls.lb_member_keypair['private_key'],
|
||||||
|
cls.webserver2_response)
|
||||||
|
|
||||||
# Validate webserver 2
|
# Validate webserver 2
|
||||||
cls._validate_webserver(cls.webserver2_public_ip, 5)
|
cls._validate_webserver(cls.webserver2_public_ip,
|
||||||
|
cls.webserver2_response)
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def _create_networks(cls):
|
def _create_networks(cls):
|
||||||
|
@ -716,7 +723,7 @@ class LoadBalancerBaseTestWithCompute(LoadBalancerBaseTest):
|
||||||
'period. Failing test.')
|
'period. Failing test.')
|
||||||
raise Exception()
|
raise Exception()
|
||||||
|
|
||||||
def _check_members_balanced(self, vip_address, traffic_member_count=2):
|
def check_members_balanced(self, vip_address, traffic_member_count=2):
|
||||||
session = requests.Session()
|
session = requests.Session()
|
||||||
response_counts = {}
|
response_counts = {}
|
||||||
|
|
||||||
|
@ -743,3 +750,34 @@ class LoadBalancerBaseTestWithCompute(LoadBalancerBaseTest):
|
||||||
|
|
||||||
# Ensure both members got the same number of responses
|
# Ensure both members got the same number of responses
|
||||||
self.assertEqual(1, len(set(response_counts.values())))
|
self.assertEqual(1, len(set(response_counts.values())))
|
||||||
|
|
||||||
|
def assertConsistentResponse(self, response, url, method='GET', repeat=10,
|
||||||
|
redirect=False, timeout=2, **kwargs):
|
||||||
|
"""Assert that a request to URL gets the expected response.
|
||||||
|
|
||||||
|
:param response: Expected response in format (status_code, content).
|
||||||
|
:param url: The URL to request.
|
||||||
|
:param method: The HTTP method to use (GET, POST, PUT, etc)
|
||||||
|
:param repeat: How many times to test the response.
|
||||||
|
:param data: Optional data to send in the request.
|
||||||
|
:param headers: Optional headers to send in the request.
|
||||||
|
:param cookies: Optional cookies to send in the request.
|
||||||
|
:param redirect: Is the request a redirect? If true, assume the passed
|
||||||
|
content should be the next URL in the chain.
|
||||||
|
:return: boolean success status
|
||||||
|
|
||||||
|
:raises: testtools.matchers.MismatchError
|
||||||
|
"""
|
||||||
|
session = requests.Session()
|
||||||
|
response_code, response_content = response
|
||||||
|
|
||||||
|
for i in range(0, repeat):
|
||||||
|
req = session.request(method, url, allow_redirects=not redirect,
|
||||||
|
timeout=timeout, **kwargs)
|
||||||
|
if response_code:
|
||||||
|
self.assertEqual(response_code, req.status_code)
|
||||||
|
if redirect:
|
||||||
|
self.assertTrue(req.is_redirect)
|
||||||
|
self.assertEqual(response_content, req.next.url)
|
||||||
|
elif response_content:
|
||||||
|
self.assertEqual(six.text_type(response_content), req.text)
|
||||||
|
|
Loading…
Reference in New Issue