Add tempest scenario tests
Closes-Bug: #1507522 Change-Id: I8f894cd11a789013d5b94c58cdccbf6a6b846112
This commit is contained in:
parent
dc1d000ec3
commit
a8bcc8f05a
|
@ -0,0 +1,36 @@
|
|||
# Copyright (c) 2015 Midokura SARL
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import os
|
||||
|
||||
from tempest.test_discover import plugins
|
||||
|
||||
|
||||
class NeutronFWaaSPlugin(plugins.TempestPlugin):
|
||||
def get_opt_lists(self):
|
||||
return []
|
||||
|
||||
def load_tests(self):
|
||||
this_dir = os.path.dirname(os.path.abspath(__file__))
|
||||
# top_level_dir = $(this_dir)/../../..
|
||||
d = os.path.split(this_dir)[0]
|
||||
d = os.path.split(d)[0]
|
||||
top_level_dir = os.path.split(d)[0]
|
||||
test_dir = os.path.join(top_level_dir,
|
||||
'neutron_fwaas/tests/tempest_plugin/tests/scenario')
|
||||
return (test_dir, top_level_dir)
|
||||
|
||||
def register_opts(self):
|
||||
return
|
|
@ -0,0 +1,94 @@
|
|||
# Copyright (c) 2015 Midokura SARL
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from tempest.services.network.json import base
|
||||
|
||||
|
||||
class FirewallsClient(base.BaseNetworkClient):
|
||||
|
||||
def create_firewall(self, **kwargs):
|
||||
uri = '/fw/firewalls'
|
||||
post_data = {'firewall': kwargs}
|
||||
return self.create_resource(uri, post_data)
|
||||
|
||||
def update_firewall(self, firewall_id, **kwargs):
|
||||
uri = '/fw/firewalls/%s' % firewall_id
|
||||
post_data = {'firewall': kwargs}
|
||||
return self.update_resource(uri, post_data)
|
||||
|
||||
def show_firewall(self, firewall_id, **fields):
|
||||
uri = '/fw/firewalls/%s' % firewall_id
|
||||
return self.show_resource(uri, **fields)
|
||||
|
||||
def delete_firewall(self, firewall_id):
|
||||
uri = '/fw/firewalls/%s' % firewall_id
|
||||
return self.delete_resource(uri)
|
||||
|
||||
def list_firewalls(self, **filters):
|
||||
uri = '/fw/firewalls'
|
||||
return self.list_resources(uri, **filters)
|
||||
|
||||
|
||||
class FirewallRulesClient(base.BaseNetworkClient):
|
||||
|
||||
def create_firewall_rule(self, **kwargs):
|
||||
uri = '/fw/firewall_rules'
|
||||
post_data = {'firewall_rule': kwargs}
|
||||
return self.create_resource(uri, post_data)
|
||||
|
||||
def update_firewall_rule(self, firewall_rule_id, **kwargs):
|
||||
uri = '/fw/firewall_rules/%s' % firewall_rule_id
|
||||
post_data = {'firewall_rule': kwargs}
|
||||
return self.update_resource(uri, post_data)
|
||||
|
||||
def show_firewall_rule(self, firewall_rule_id, **fields):
|
||||
uri = '/fw/firewall_rules/%s' % firewall_rule_id
|
||||
return self.show_resource(uri, **fields)
|
||||
|
||||
def delete_firewall_rule(self, firewall_rule_id):
|
||||
uri = '/fw/firewall_rules/%s' % firewall_rule_id
|
||||
return self.delete_resource(uri)
|
||||
|
||||
def list_firewall_rules(self, **filters):
|
||||
uri = '/fw/firewall_rules'
|
||||
return self.list_resources(uri, **filters)
|
||||
|
||||
|
||||
class FirewallPoliciesClient(base.BaseNetworkClient):
|
||||
|
||||
def create_firewall_policy(self, **kwargs):
|
||||
uri = '/fw/firewall_policies'
|
||||
post_data = {'firewall_policy': kwargs}
|
||||
return self.create_resource(uri, post_data)
|
||||
|
||||
def update_firewall_policy(self, firewall_policy_id, **kwargs):
|
||||
uri = '/fw/firewall_policies/%s' % firewall_policy_id
|
||||
post_data = {'firewall_policy': kwargs}
|
||||
return self.update_resource(uri, post_data)
|
||||
|
||||
def show_firewall_policy(self, firewall_policy_id, **fields):
|
||||
uri = '/fw/firewall_policies/%s' % firewall_policy_id
|
||||
return self.show_resource(uri, **fields)
|
||||
|
||||
def delete_firewall_policy(self, firewall_policy_id):
|
||||
uri = '/fw/firewall_policies/%s' % firewall_policy_id
|
||||
return self.delete_resource(uri)
|
||||
|
||||
def list_firewall_policies(self, **filters):
|
||||
uri = '/fw/firewall_policies'
|
||||
return self.list_resources(uri, **filters)
|
||||
|
||||
# TODO(yamamoto): insert_rule
|
||||
# TODO(yamamoto): remove_rule
|
|
@ -0,0 +1,85 @@
|
|||
# Copyright (c) 2015 Midokura SARL
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from tempest_lib.common.utils import data_utils
|
||||
|
||||
from tempest import config
|
||||
from tempest.scenario import manager
|
||||
|
||||
from neutron_fwaas.tests.tempest_plugin.services import client
|
||||
|
||||
CONF = config.CONF
|
||||
|
||||
|
||||
class FWaaSScenarioTest(manager.NetworkScenarioTest):
|
||||
|
||||
@classmethod
|
||||
def resource_setup(cls):
|
||||
super(FWaaSScenarioTest, cls).resource_setup()
|
||||
manager = cls.manager
|
||||
cls.firewalls_client = client.FirewallsClient(
|
||||
manager.auth_provider,
|
||||
CONF.network.catalog_type,
|
||||
CONF.network.region or CONF.identity.region,
|
||||
endpoint_type=CONF.network.endpoint_type,
|
||||
build_interval=CONF.network.build_interval,
|
||||
build_timeout=CONF.network.build_timeout,
|
||||
**manager.default_params)
|
||||
cls.firewall_policies_client = client.FirewallPoliciesClient(
|
||||
manager.auth_provider,
|
||||
CONF.network.catalog_type,
|
||||
CONF.network.region or CONF.identity.region,
|
||||
endpoint_type=CONF.network.endpoint_type,
|
||||
build_interval=CONF.network.build_interval,
|
||||
build_timeout=CONF.network.build_timeout,
|
||||
**manager.default_params)
|
||||
cls.firewall_rules_client = client.FirewallRulesClient(
|
||||
manager.auth_provider,
|
||||
CONF.network.catalog_type,
|
||||
CONF.network.region or CONF.identity.region,
|
||||
endpoint_type=CONF.network.endpoint_type,
|
||||
build_interval=CONF.network.build_interval,
|
||||
build_timeout=CONF.network.build_timeout,
|
||||
**manager.default_params)
|
||||
|
||||
def create_firewall_rule(self, **kwargs):
|
||||
body = self.firewall_rules_client.create_firewall_rule(
|
||||
name=data_utils.rand_name("fw-rule"),
|
||||
**kwargs)
|
||||
fw_rule = body['firewall_rule']
|
||||
self.addCleanup(self.delete_wrapper,
|
||||
self.firewall_rules_client.delete_firewall_rule,
|
||||
fw_rule['id'])
|
||||
return fw_rule
|
||||
|
||||
def create_firewall_policy(self, **kwargs):
|
||||
body = self.firewall_policies_client.create_firewall_policy(
|
||||
name=data_utils.rand_name("fw-policy"),
|
||||
**kwargs)
|
||||
fw_policy = body['firewall_policy']
|
||||
self.addCleanup(self.delete_wrapper,
|
||||
self.firewall_policies_client.delete_firewall_policy,
|
||||
fw_policy['id'])
|
||||
return fw_policy
|
||||
|
||||
def create_firewall(self, **kwargs):
|
||||
body = self.firewalls_client.create_firewall(
|
||||
name=data_utils.rand_name("fw"),
|
||||
**kwargs)
|
||||
fw = body['firewall']
|
||||
self.addCleanup(self.delete_wrapper,
|
||||
self.firewalls_client.delete_firewall,
|
||||
fw['id'])
|
||||
return fw
|
|
@ -0,0 +1,79 @@
|
|||
# Copyright (c) 2015 Midokura SARL
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from tempest import config
|
||||
from tempest import test
|
||||
|
||||
from neutron_fwaas.tests.tempest_plugin.tests.scenario import base
|
||||
|
||||
CONF = config.CONF
|
||||
|
||||
|
||||
class TestFWaaS(base.FWaaSScenarioTest):
|
||||
|
||||
@classmethod
|
||||
def resource_setup(cls):
|
||||
super(TestFWaaS, cls).resource_setup()
|
||||
for ext in ['fwaas', 'security-group', 'router']:
|
||||
if not test.is_extension_enabled(ext, 'network'):
|
||||
msg = "%s Extension not enabled." % ext
|
||||
raise cls.skipException(msg)
|
||||
|
||||
def _create_server(self, network, security_group=None):
|
||||
keys = self.create_keypair()
|
||||
kwargs = {
|
||||
'networks': [
|
||||
{'uuid': network['id']},
|
||||
],
|
||||
'key_name': keys['name'],
|
||||
}
|
||||
if security_group is not None:
|
||||
kwargs['security_groups'] = [{'name': security_group['name']}]
|
||||
server = self.create_server(create_kwargs=kwargs)
|
||||
return server, keys
|
||||
|
||||
@test.idempotent_id('f970f6b3-6541-47ac-a9ea-f769be1e21a8')
|
||||
def test_firewall_basic(self):
|
||||
ssh_login = CONF.compute.image_ssh_user
|
||||
public_network_id = CONF.network.public_network_id
|
||||
|
||||
network1, subnet1, router1 = self.create_networks()
|
||||
security_group = self._create_security_group()
|
||||
server1, keys1 = self._create_server(network1,
|
||||
security_group=security_group)
|
||||
private_key = keys1['private_key']
|
||||
server1_floating_ip = self.create_floating_ip(server1,
|
||||
public_network_id)
|
||||
server1_ip = server1_floating_ip.floating_ip_address
|
||||
|
||||
self.check_vm_connectivity(server1_ip, username=ssh_login,
|
||||
private_key=private_key,
|
||||
should_connect=True)
|
||||
|
||||
# Create a firewall to block traffic.
|
||||
fw_rule = self.create_firewall_rule(
|
||||
source_ip_address=server1_ip,
|
||||
action="deny")
|
||||
fw_policy = self.create_firewall_policy(firewall_rules=[fw_rule['id']])
|
||||
fw = self.create_firewall(firewall_policy_id=fw_policy['id'])
|
||||
self.check_vm_connectivity(server1_ip, username=ssh_login,
|
||||
private_key=private_key,
|
||||
should_connect=False)
|
||||
|
||||
# Remove the firewall so that the VM is reachable again.
|
||||
self.firewalls_client.delete_firewall(fw['id'])
|
||||
self.check_vm_connectivity(server1_ip, username=ssh_login,
|
||||
private_key=private_key,
|
||||
should_connect=True)
|
|
@ -35,6 +35,8 @@ firewall_drivers =
|
|||
neutron.services.firewall.drivers.varmour.varmour_fwaas.vArmourFwaasDriver = neutron_fwaas.services.firewall.drivers.varmour.varmour_fwaas:vArmourFwaasDriver
|
||||
neutron.db.alembic_migrations =
|
||||
neutron-fwaas = neutron_fwaas.db.migration:alembic_migrations
|
||||
tempest.test_plugins =
|
||||
neutron-fwaas = neutron_fwaas.tests.tempest_plugin.plugin:NeutronFWaaSPlugin
|
||||
|
||||
[build_sphinx]
|
||||
all_files = 1
|
||||
|
|
Loading…
Reference in New Issue