From 35c6eef7b8f24b8ad29f022d615b94f65813f583 Mon Sep 17 00:00:00 2001 From: Georgy Dyuldin Date: Thu, 13 Apr 2017 18:14:03 +0300 Subject: [PATCH] Fix security group ping allow rules Change-Id: I54b651a674de98345a3170b92ab74ee37a278207 --- .../vapor/vapor/fixtures/security_groups.py | 40 +++++++++++++++++++ plugin_test/vapor/vapor/settings.py | 24 +++++++++++ 2 files changed, 64 insertions(+) diff --git a/plugin_test/vapor/vapor/fixtures/security_groups.py b/plugin_test/vapor/vapor/fixtures/security_groups.py index d40f5bd63..0209ff694 100644 --- a/plugin_test/vapor/vapor/fixtures/security_groups.py +++ b/plugin_test/vapor/vapor/fixtures/security_groups.py @@ -1,7 +1,21 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + import pycontrail.types as types import pytest from stepler.third_party import utils +from vapor import settings + @pytest.fixture def contrail_security_groups_cleanup(contrail_api_client): @@ -44,3 +58,29 @@ def create_contrail_security_group(contrail_api_client, def contrail_security_group(create_contrail_security_group): """Fixture to create contrail security group.""" return create_contrail_security_group() + + +@pytest.fixture +def neutron_security_group(neutron_create_security_group, + neutron_security_group_rule_steps): + """Function fixture to create security group before test. + + Can be called several times during test. + After the test it destroys all created security groups + + Args: + neutron_create_security_group (function): function to create security + group with options + neutron_security_group_rule_steps (object): instantiated security + groups rules steps + + Returns: + dict: security group + """ + group_name = next(utils.generate_ids('security-group')) + group = neutron_create_security_group(group_name) + + neutron_security_group_rule_steps.add_rules_to_group( + group['id'], settings.SECURITY_GROUP_SSH_PING_RULES) + + return group diff --git a/plugin_test/vapor/vapor/settings.py b/plugin_test/vapor/vapor/settings.py index 6a8917508..2fcf1aae6 100644 --- a/plugin_test/vapor/vapor/settings.py +++ b/plugin_test/vapor/vapor/settings.py @@ -5,6 +5,9 @@ import sys import yaml import logbook +from stepler import config as stepler_config + + LOG_FILENAME = './vapor.log' logger = logbook.Logger(__name__) logger.handlers.append(logbook.FileHandler(LOG_FILENAME, @@ -193,3 +196,24 @@ DPDK_NEC_BIND_PATH = '/opt/contrail/bin/dpdk_nic_bind.py' # SR-IOV SRIOV_PHYSNET = 'physnet1' + +# Security groups +INGRESS = 'ingress' +EGRESS = 'egress' + +SECURITY_GROUP_PING_RULES = [ + { + # ping IPv4 + 'direction': INGRESS, + 'protocol': 'icmp', + # For ICMP neutron allows to set port range from 0 to 255. + # But in neutron this means ICMP type and ICMP code. + # So this values are valid only with contrail. + 'port_range_min': 0, + 'port_range_max': 255, + 'remote_ip_prefix': '0.0.0.0/0', + } +] + +SECURITY_GROUP_SSH_PING_RULES = (stepler_config.SECURITY_GROUP_SSH_RULES + + SECURITY_GROUP_PING_RULES)