Fix security group ping allow rules
Change-Id: I54b651a674de98345a3170b92ab74ee37a278207
This commit is contained in:
parent
ecda54cc96
commit
35c6eef7b8
|
@ -1,7 +1,21 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import pycontrail.types as types
|
||||
import pytest
|
||||
from stepler.third_party import utils
|
||||
|
||||
from vapor import settings
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def contrail_security_groups_cleanup(contrail_api_client):
|
||||
|
@ -44,3 +58,29 @@ def create_contrail_security_group(contrail_api_client,
|
|||
def contrail_security_group(create_contrail_security_group):
|
||||
"""Fixture to create contrail security group."""
|
||||
return create_contrail_security_group()
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def neutron_security_group(neutron_create_security_group,
|
||||
neutron_security_group_rule_steps):
|
||||
"""Function fixture to create security group before test.
|
||||
|
||||
Can be called several times during test.
|
||||
After the test it destroys all created security groups
|
||||
|
||||
Args:
|
||||
neutron_create_security_group (function): function to create security
|
||||
group with options
|
||||
neutron_security_group_rule_steps (object): instantiated security
|
||||
groups rules steps
|
||||
|
||||
Returns:
|
||||
dict: security group
|
||||
"""
|
||||
group_name = next(utils.generate_ids('security-group'))
|
||||
group = neutron_create_security_group(group_name)
|
||||
|
||||
neutron_security_group_rule_steps.add_rules_to_group(
|
||||
group['id'], settings.SECURITY_GROUP_SSH_PING_RULES)
|
||||
|
||||
return group
|
||||
|
|
|
@ -5,6 +5,9 @@ import sys
|
|||
import yaml
|
||||
import logbook
|
||||
|
||||
from stepler import config as stepler_config
|
||||
|
||||
|
||||
LOG_FILENAME = './vapor.log'
|
||||
logger = logbook.Logger(__name__)
|
||||
logger.handlers.append(logbook.FileHandler(LOG_FILENAME,
|
||||
|
@ -193,3 +196,24 @@ DPDK_NEC_BIND_PATH = '/opt/contrail/bin/dpdk_nic_bind.py'
|
|||
|
||||
# SR-IOV
|
||||
SRIOV_PHYSNET = 'physnet1'
|
||||
|
||||
# Security groups
|
||||
INGRESS = 'ingress'
|
||||
EGRESS = 'egress'
|
||||
|
||||
SECURITY_GROUP_PING_RULES = [
|
||||
{
|
||||
# ping IPv4
|
||||
'direction': INGRESS,
|
||||
'protocol': 'icmp',
|
||||
# For ICMP neutron allows to set port range from 0 to 255.
|
||||
# But in neutron this means ICMP type and ICMP code.
|
||||
# So this values are valid only with contrail.
|
||||
'port_range_min': 0,
|
||||
'port_range_max': 255,
|
||||
'remote_ip_prefix': '0.0.0.0/0',
|
||||
}
|
||||
]
|
||||
|
||||
SECURITY_GROUP_SSH_PING_RULES = (stepler_config.SECURITY_GROUP_SSH_RULES +
|
||||
SECURITY_GROUP_PING_RULES)
|
||||
|
|
Loading…
Reference in New Issue