summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGeorgy Dyuldin <g.dyuldin@gmail.com>2017-04-13 18:14:03 +0300
committerGeorgy Dyuldin <g.dyuldin@gmail.com>2017-04-13 18:14:03 +0300
commit35c6eef7b8f24b8ad29f022d615b94f65813f583 (patch)
treea2304e250c89506f24e3b8823566fbef99a22406
parentecda54cc96d0eb927b6fea19f3670c372e096f89 (diff)
Fix security group ping allow rules
Notes
Notes (review): Verified+1: Plugins CI <plugins.ci@mirantis.com> Code-Review+2: okosse <okosse@mirantis.com> Workflow+1: okosse <okosse@mirantis.com> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Thu, 13 Apr 2017 15:16:50 +0000 Reviewed-on: https://review.openstack.org/456660 Project: openstack/fuel-plugin-contrail Branch: refs/heads/master
-rw-r--r--plugin_test/vapor/vapor/fixtures/security_groups.py40
-rw-r--r--plugin_test/vapor/vapor/settings.py24
2 files changed, 64 insertions, 0 deletions
diff --git a/plugin_test/vapor/vapor/fixtures/security_groups.py b/plugin_test/vapor/vapor/fixtures/security_groups.py
index d40f5bd..0209ff6 100644
--- a/plugin_test/vapor/vapor/fixtures/security_groups.py
+++ b/plugin_test/vapor/vapor/fixtures/security_groups.py
@@ -1,7 +1,21 @@
1# Licensed under the Apache License, Version 2.0 (the "License"); you may
2# not use this file except in compliance with the License. You may obtain
3# a copy of the License at
4
5# http://www.apache.org/licenses/LICENSE-2.0
6
7# Unless required by applicable law or agreed to in writing, software
8# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
9# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
10# License for the specific language governing permissions and limitations
11# under the License.
12
1import pycontrail.types as types 13import pycontrail.types as types
2import pytest 14import pytest
3from stepler.third_party import utils 15from stepler.third_party import utils
4 16
17from vapor import settings
18
5 19
6@pytest.fixture 20@pytest.fixture
7def contrail_security_groups_cleanup(contrail_api_client): 21def contrail_security_groups_cleanup(contrail_api_client):
@@ -44,3 +58,29 @@ def create_contrail_security_group(contrail_api_client,
44def contrail_security_group(create_contrail_security_group): 58def contrail_security_group(create_contrail_security_group):
45 """Fixture to create contrail security group.""" 59 """Fixture to create contrail security group."""
46 return create_contrail_security_group() 60 return create_contrail_security_group()
61
62
63@pytest.fixture
64def neutron_security_group(neutron_create_security_group,
65 neutron_security_group_rule_steps):
66 """Function fixture to create security group before test.
67
68 Can be called several times during test.
69 After the test it destroys all created security groups
70
71 Args:
72 neutron_create_security_group (function): function to create security
73 group with options
74 neutron_security_group_rule_steps (object): instantiated security
75 groups rules steps
76
77 Returns:
78 dict: security group
79 """
80 group_name = next(utils.generate_ids('security-group'))
81 group = neutron_create_security_group(group_name)
82
83 neutron_security_group_rule_steps.add_rules_to_group(
84 group['id'], settings.SECURITY_GROUP_SSH_PING_RULES)
85
86 return group
diff --git a/plugin_test/vapor/vapor/settings.py b/plugin_test/vapor/vapor/settings.py
index 6a89175..2fcf1aa 100644
--- a/plugin_test/vapor/vapor/settings.py
+++ b/plugin_test/vapor/vapor/settings.py
@@ -5,6 +5,9 @@ import sys
5import yaml 5import yaml
6import logbook 6import logbook
7 7
8from stepler import config as stepler_config
9
10
8LOG_FILENAME = './vapor.log' 11LOG_FILENAME = './vapor.log'
9logger = logbook.Logger(__name__) 12logger = logbook.Logger(__name__)
10logger.handlers.append(logbook.FileHandler(LOG_FILENAME, 13logger.handlers.append(logbook.FileHandler(LOG_FILENAME,
@@ -193,3 +196,24 @@ DPDK_NEC_BIND_PATH = '/opt/contrail/bin/dpdk_nic_bind.py'
193 196
194# SR-IOV 197# SR-IOV
195SRIOV_PHYSNET = 'physnet1' 198SRIOV_PHYSNET = 'physnet1'
199
200# Security groups
201INGRESS = 'ingress'
202EGRESS = 'egress'
203
204SECURITY_GROUP_PING_RULES = [
205 {
206 # ping IPv4
207 'direction': INGRESS,
208 'protocol': 'icmp',
209 # For ICMP neutron allows to set port range from 0 to 255.
210 # But in neutron this means ICMP type and ICMP code.
211 # So this values are valid only with contrail.
212 'port_range_min': 0,
213 'port_range_max': 255,
214 'remote_ip_prefix': '0.0.0.0/0',
215 }
216]
217
218SECURITY_GROUP_SSH_PING_RULES = (stepler_config.SECURITY_GROUP_SSH_RULES +
219 SECURITY_GROUP_PING_RULES)