Fix security group ping allow rules

Change-Id: I54b651a674de98345a3170b92ab74ee37a278207
2017-04-13 18:14:03 +03:00 · 2017-04-13 18:14:03 +03:00 · 35c6eef7b8
parent ecda54cc96
commit 35c6eef7b8
2 changed files with 64 additions and 0 deletions
--- a/plugin_test/vapor/vapor/fixtures/security_groups.py
+++ b/plugin_test/vapor/vapor/fixtures/security_groups.py
@ -1,7 +1,21 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
 import pycontrail.types as types
 import pytest
 from stepler.third_party import utils

+from vapor import settings
+

@pytest.fixture
 def contrail_security_groups_cleanup(contrail_api_client):
@ -44,3 +58,29 @@ def create_contrail_security_group(contrail_api_client,
 def contrail_security_group(create_contrail_security_group):
    """Fixture to create contrail security group."""
    return create_contrail_security_group()
+
+
+@pytest.fixture
+def neutron_security_group(neutron_create_security_group,
+                           neutron_security_group_rule_steps):
+    """Function fixture to create security group before test.
+
+    Can be called several times during test.
+    After the test it destroys all created security groups
+
+    Args:
+        neutron_create_security_group (function): function to create security
+            group with options
+        neutron_security_group_rule_steps (object): instantiated security
+            groups rules steps
+
+    Returns:
+        dict: security group
+    """
+    group_name = next(utils.generate_ids('security-group'))
+    group = neutron_create_security_group(group_name)
+
+    neutron_security_group_rule_steps.add_rules_to_group(
+        group['id'], settings.SECURITY_GROUP_SSH_PING_RULES)
+
+    return group
--- a/plugin_test/vapor/vapor/settings.py
+++ b/plugin_test/vapor/vapor/settings.py
@ -5,6 +5,9 @@ import sys
 import yaml
 import logbook

+from stepler import config as stepler_config
+
+
 LOG_FILENAME = './vapor.log'
 logger = logbook.Logger(__name__)
 logger.handlers.append(logbook.FileHandler(LOG_FILENAME,
@ -193,3 +196,24 @@ DPDK_NEC_BIND_PATH = '/opt/contrail/bin/dpdk_nic_bind.py'

 # SR-IOV
 SRIOV_PHYSNET = 'physnet1'
+
+# Security groups
+INGRESS = 'ingress'
+EGRESS = 'egress'
+
+SECURITY_GROUP_PING_RULES = [
+    {
+        # ping IPv4
+        'direction': INGRESS,
+        'protocol': 'icmp',
+        # For ICMP neutron allows to set port range from 0 to 255.
+        # But in neutron this means ICMP type and ICMP code.
+        # So this values are valid only with contrail.
+        'port_range_min': 0,
+        'port_range_max': 255,
+        'remote_ip_prefix': '0.0.0.0/0',
+    }
+]
+
+SECURITY_GROUP_SSH_PING_RULES = (stepler_config.SECURITY_GROUP_SSH_RULES +
+                                 SECURITY_GROUP_PING_RULES)