class NuageExtraDHCPOptionsNegativeTest( base_nuage_extra_dhcp_options.NuageExtraDHCPOptionsBase): """NuageExtraDHCPOptionsNegativeTest Negative tests on port create port list port show port update v2.0 of the Neutron API is assumed. It is also assumed that the Extra DHCP Options extension (extra_dhcp_opt)is enabled in the [network-feature-enabled] section of etc/tempest.conf """ @classmethod def resource_setup(cls): super(NuageExtraDHCPOptionsNegativeTest, cls).resource_setup() # L2 OS managed network cls.osmgd_l2_network = cls.create_network() cls.osmgd_l2_subnet = cls.create_subnet(cls.osmgd_l2_network) cls.os_l2_port = cls.create_port(cls.osmgd_l2_network) cls.l2domain = cls.nuage_client.get_l2domain( 'externalID', cls.nuage_client.get_vsd_external_id(cls.osmgd_l2_subnet['id']) ) @classmethod def skip_checks(cls): raise cls.skipException('Skipping negative DHCP tests.') def _assert_nuage_create_port_with_dhcp_opts(self, network_id, extra_dhcp_opts): # Create a port with valid opt-name but invalid opt-value(s) self.assertRaises(exceptions.BadRequest, self._create_port_with_dhcp_opts, network_id, extra_dhcp_opts) def _assert_nuage_update_port_with_dhcp_opts(self, port, extra_dhcp_opts): # Update an existing port with valid opt-name but invalid opt-value(s) self.assertRaises(exceptions.BadRequest, self._update_port_with_dhcp_opts, port, extra_dhcp_opts) def _assert_create_update_port_with_bad_dhcp_opts_neg(self, network_id, bad_values, opt_name): for opt_value in bad_values: extra_dhcp_opts = [ {'opt_value': opt_value, 'opt_name': opt_name} ] self.assertRaises(exceptions.BadRequest, self._create_port_with_dhcp_opts, network_id, extra_dhcp_opts) self.assertRaises(exceptions.BadRequest, self._update_port_with_dhcp_opts, self.os_l2_port['id'], extra_dhcp_opts) def _create_network(self, external=False): if external: post_body = {'name': data_utils.rand_name('ext-network'), 'router:external': external} else: post_body = {'name': data_utils.rand_name('network')} body = self.admin_networks_client.create_network(**post_body) network = body['network'] self.addCleanup(self.admin_networks_client.delete_network, network['id']) return network def test_nuage_create_port_with_dhcp_opts_001_netmask_neg(self): network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_IPV4_ADDRESSES, 'netmask') def test_nuage_create_port_with_dhcp_opts_002_time_offset_neg(self): # Create a port with Extra DHCP Options two's complement 32-bit integer network_id = self.osmgd_l2_network['id'] bad_values = ['rubbish', str(constants.MAX_UNSIGNED_INT32_PLUS_ONE), VERY_LONG_STRING] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, bad_values, 'netmask') def test_nuage_create_port_with_dhcp_opts_003_router_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_IPV4_ADDRESSES, 'router') def test_nuage_create_port_with_dhcp_opts_004_time_server_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] bad_values = ['rubbish', str(constants.MAX_UNSIGNED_INT32_PLUS_ONE), VERY_LONG_STRING] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, bad_values, 'time-server') def test_nuage_create_port_with_dhcp_opts_006_dns_server_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_IPV4_ADDRESSES, 'dns-server') def test_nuage_create_port_with_dhcp_opts_007_log_server_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_IPV4_ADDRESSES, 'log-server') def test_nuage_create_port_with_dhcp_opts_009_lpr_server_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_IPV4_ADDRESSES, 'lpr-server') def test_nuage_create_port_with_dhcp_opts_012_hostname_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] bad_values = [ VERY_LONG_STRING] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, bad_values, 'hostname') def test_nuage_create_port_with_dhcp_opts_013_boot_file_size_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_INTEGER_TYPE_VALUES, 'boot-file-size') def test_nuage_create_port_with_dhcp_opts_015_domain_name_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_STRING_TYPE_VALUES, 'domain-name') def test_nuage_create_port_with_dhcp_opts_016_swap_server_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_IPV4_ADDRESSES, 'swap-server') def test_nuage_create_port_with_dhcp_opts_017_root_path_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_STRING_TYPE_VALUES, 'root-path') def test_nuage_create_port_with_dhcp_opts_018_extension_path_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_STRING_TYPE_VALUES, 'extension-path') def test_nuage_create_port_with_dhcp_opts_019_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_INTEGER_TYPE_VALUES, 'ip-forward-enable') def test_nuage_create_port_with_dhcp_opts_020_non_local_source_routing_neg( self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_INTEGER_TYPE_VALUES, 'non-local-source-routing') def test_nuage_create_port_with_dhcp_opts_021_policy_filter_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] bad_values = ['10.20.21.200;255.255.256.0', '10.20.21.300;255.255.255.0', '10.20.21.401;255.255.0.', str(constants.MAX_UNSIGNED_INT32_PLUS_ONE), VERY_LONG_STRING] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, bad_values, 'policy-filter') def test_nuage_create_port_with_dhcp_opts_022_max_datagram_reassembly_neg( self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_INTEGER_TYPE_VALUES, 'max-datagram-reassembly') def test_nuage_create_port_with_dhcp_opts_023_default_ttl_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_INTEGER_TYPE_VALUES, 'default-ttl') def test_nuage_create_port_with_dhcp_opts_026_mtu_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_INTEGER_TYPE_VALUES, 'mtu') def test_nuage_create_port_with_dhcp_opts_027_all_subnets_local_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_INTEGER_TYPE_VALUES, 'TBD') def test_nuage_create_port_with_dhcp_opts_028_broadcast_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_IPV4_ADDRESSES, 'broadcast') def test_nuage_create_port_with_dhcp_opts_031_router_discovery_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_INTEGER_TYPE_VALUES, 'router-discovery') def test_nuage_create_port_with_dhcp_opts_032_router_solicitation_neg( self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_IPV4_ADDRESSES, 'router-solicitation') # {'opt_value': '10.33.33.0;10.33.33.33;10.33.34.0;10.33.34.10', # 'opt_name': 'static-route'} def test_nuage_create_port_with_dhcp_opts_033_static_route_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values # The minimum length of this option is 8, and the length MUST be a # multiple of 8. network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_IPV4_ADDRESSES, 'static-route') def test_nuage_create_port_with_dhcp_opts_034_trailer_encapsulation_neg( self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_INTEGER_TYPE_VALUES, 'trailer-encapsulation') def test_nuage_create_port_with_dhcp_opts_035_arp_timeout_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values # 32-bit unsigned integer network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_INTEGER_TYPE_VALUES, 'arp-timeout') def test_nuage_create_port_with_dhcp_opts_036_ethernet_encap_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_INTEGER_TYPE_VALUES, 'ethernet-encap') def test_nuage_create_port_with_dhcp_opts_037_tcp_ttl_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values # 8-bit unsigned integer. The minimum value is 1. network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_INTEGER_TYPE_VALUES, 'tcp-ttl') def test_nuage_create_port_with_dhcp_opts_038_tcp_keepalive_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values # 32-bit unsigned integer network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_INTEGER_TYPE_VALUES, 'tcp-keepalive') def test_nuage_create_port_with_dhcp_opts_040_nis_domain_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_STRING_TYPE_VALUES, 'nis-domain') def test_nuage_create_port_with_dhcp_opts_041_nis_server_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_IPV4_ADDRESSES, 'nis-server') def test_nuage_create_port_with_dhcp_opts_042_ntp_server_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_IPV4_ADDRESSES, 'ntp-server') def test_nuage_create_port_with_dhcp_opts_044_netbios_ns_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_IPV4_ADDRESSES, 'netbios-ns') def test_nuage_create_port_with_dhcp_opts_045_netbios_dd_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_IPV4_ADDRESSES, 'netbios-dd') def test_nuage_create_port_with_dhcp_opts_046_netbios_nodetype_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values # Valid values: 0x1, 0x2, 0x4, 0x8 network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_INTEGER_TYPE_VALUES, 'netbios-nodetype') def test_nuage_create_port_with_dhcp_opts_047_netbios_scope_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_STRING_TYPE_VALUES, 'netbios-scope') def test_nuage_create_port_with_dhcp_opts_048_x_windows_fs_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_IPV4_ADDRESSES, 'x-windows-fs') def test_nuage_create_port_with_dhcp_opts_049_x_windows_dm_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_IPV4_ADDRESSES, 'x-windows-dm') def test_nuage_create_port_with_dhcp_opts_050_requested_address_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_IPV4_ADDRESSES, 'requested-address') def test_nuage_create_port_with_dhcp_opts_060_vendor_class_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_STRING_TYPE_VALUES, 'vendor-class') def test_nuage_create_port_with_dhcp_opts_064_nisplus_domain_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_STRING_TYPE_VALUES, 'nis+-domain') def test_nuage_create_port_with_dhcp_opts_065_nisplus_server_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_IPV4_ADDRESSES, 'nis+-server') def test_nuage_create_port_with_dhcp_opts_066_tftp_server_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_STRING_TYPE_VALUES, 'tftp_server') def test_nuage_create_port_with_dhcp_opts_067_bootfile_name_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_STRING_TYPE_VALUES, 'bootfile-name') def test_nuage_create_port_with_dhcp_opts_068_mobile_ip_home_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_IPV4_ADDRESSES, 'mobile-ip-home') def test_nuage_create_port_with_dhcp_opts_069_smtp_server_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_IPV4_ADDRESSES, 'smtp-server') def test_nuage_create_port_with_dhcp_opts_070_pop3_server_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_IPV4_ADDRESSES, 'pop3-server') def test_nuage_create_port_with_dhcp_opts_071_nntp_server_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_IPV4_ADDRESSES, 'nntp-server') def test_nuage_create_port_with_dhcp_opts_074_irc_server_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_IPV4_ADDRESSES, 'irc-server') def test_nuage_create_port_with_dhcp_opts_077_user_class_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_INTEGER_TYPE_VALUES, 'user-class') def test_nuage_create_port_with_dhcp_opts_093_client_arch_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_INTEGER_TYPE_VALUES, 'client-arch') def test_nuage_create_port_with_dhcp_opts_094_client_interface_id_neg( self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_INTEGER_TYPE_VALUES, 'client-interface-id') def test_nuage_create_port_with_dhcp_opts_097_client_machine_id_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_INTEGER_TYPE_VALUES, 'client-machine-id') def test_nuage_create_port_with_dhcp_opts_119_domain_search_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_STRING_TYPE_VALUES, 'domain-search') def test_nuage_create_port_with_dhcp_opts_120_sip_server_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_STRING_TYPE_VALUES, 'sip-server') def test_nuage_create_port_with_dhcp_opts_121_classless_static_route_neg( self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_INTEGER_TYPE_VALUES, 'classless-static-route') def test_nuage_create_port_with_dhcp_opts_125_vendor_id_encap_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_INTEGER_TYPE_VALUES, 'vendor-id-encap') def test_nuage_create_port_with_dhcp_opts_255_server_ip_address_neg(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, BAD_INTEGER_TYPE_VALUES, 'server-ip-address') def test_nuage_create_port_with_dhcp_opts_wrong_option(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] bad_values = ['1', '2'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, bad_values, 'non-existing-option') def test_nuage_create_port_with_dhcp_opts_large_option_name(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] some_values = ['1', '2'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, some_values, VERY_LONG_STRING) def test_nuage_create_port_with_dhcp_opts_external_network_neg(self): # Try to create a port with extra dhcp options on an external network # Should fail, as DHCP is handled externally ext_network = self._create_network(external=True) # subnet is needed for trying port creation ext_subnet = self.create_subnet(ext_network, manager=self.admin_manager) # check whether this subnet is not empty self.assertNotEmpty(ext_subnet) extra_dhcp_opts = [ {'opt_value': '12.22.32.42', 'opt_name': 'router'} ] self.assertRaises(exceptions.BadRequest, self._create_port_with_dhcp_opts, ext_network['id'], extra_dhcp_opts, manager=self.admin_manager) def test_nuage_create_port_with_dhcp_opts_nuage_l2_to_l3_migr_port_neg( self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values extra_dhcp_opts = [ {'opt_value': '10.20.30.40', 'opt_name': 'router'} ] # Find the device_owner = 'network:dhcp:nuage' port created by Nuage # when the subnet was created list_body = self.ports_client.list_ports() all_ports = list_body['ports'] nuage_ports = [p for p in all_ports if p['device_owner'] == 'network:dhcp:nuage'] # Now fetch the one from our subnet our_nuage_port = [p for p in nuage_ports if p['fixed_ips'][0]['subnet_id'] == self.osmgd_l2_subnet['id']] self.assertTrue(our_nuage_port) if NUAGE_FEATURES.os_managed_dualstack_subnets: new_nuage_port = self._update_port_with_dhcp_opts( our_nuage_port[0]['id'], extra_dhcp_opts) # with ipv6 patchset we don't raise exception on update of # nuage:dhcp owned ports (upstream allows this) # Openstack-1897 self.assertIsNone(new_nuage_port) else: self.assertRaises(exceptions.BadRequest, self._update_port_with_dhcp_opts, our_nuage_port[0]['id'], extra_dhcp_opts) def test_nuage_create_port_with_dhcp_opts_multiple_times_neg( self): # When specifying the the same option multiple times, it should fail network_id = self.osmgd_l2_network['id'] extra_dhcp_opts = [ {'opt_value': '19.20.30.40', 'opt_name': 'router'}, {'opt_value': '19.20.30.41', 'opt_name': 'router'}, {'opt_value': '19.20.30.42', 'opt_name': 'router'}, {'opt_value': '19.20.30.43', 'opt_name': 'router'}, {'opt_value': '19.20.30.44', 'opt_name': 'router'} ] if Topology.from_openstack('Newton') and Topology.is_ml2: self.assertRaises(exceptions.Conflict, self._create_port_with_dhcp_opts, network_id, extra_dhcp_opts) else: self.assertRaises(exceptions.BadRequest, self._create_port_with_dhcp_opts, network_id, extra_dhcp_opts) @decorators.attr(type='smoke') def test_nuage_update_port_with_dhcp_opts_multiple_times_neg(self): # When specifying the the same option multiple times, it should fail extra_dhcp_opts = [ {'opt_value': '19.20.30.40', 'opt_name': 'router'}, {'opt_value': '19.20.30.41', 'opt_name': 'router'}, {'opt_value': '19.20.30.42', 'opt_name': 'router'}, {'opt_value': '19.20.30.43', 'opt_name': 'router'}, {'opt_value': '19.20.30.44', 'opt_name': 'router'} ] if Topology.from_openstack('Newton') and Topology.is_ml2: self.assertRaises(exceptions.Conflict, self._update_port_with_dhcp_opts, self.os_l2_port['id'], extra_dhcp_opts) else: self.assertRaises(exceptions.BadRequest, self._update_port_with_dhcp_opts, self.os_l2_port['id'], extra_dhcp_opts) @decorators.attr(type='smoke') def test_nuage_create_port_with_dhcp_opts_more_than_16_neg(self): # When specifying the the same option multiple times, it should fail more_than_16_extra_dhcp_opts = [ {'opt_value': '255.255.255.0', 'opt_name': 'netmask'}, {'opt_value': '200', 'opt_name': 'time-offset'}, {'opt_value': '11.33.66.3', 'opt_name': 'router'}, {'opt_value': '11.33.66.4', 'opt_name': 'time-server'}, {'opt_value': '11.33.66.6', 'opt_name': 'dns-server'}, {'opt_value': '11.33.66.7', 'opt_name': 'log-server'}, {'opt_value': '11.33.66.9', 'opt_name': 'lpr-server'}, {'opt_value': 'more.than.16-hostname', 'opt_name': 'hostname'}, {'opt_value': '8192', 'opt_name': 'boot-file-size'}, {'opt_value': 'more.than.16.domain.com', 'opt_name': 'domain-name'}, {'opt_value': '11.33.66.16', 'opt_name': 'swap-server'}, {'opt_value': '/opt/more-than16/root-path', 'opt_name': 'root-path'}, {'opt_value': '/opt/more-than16/extension-path', 'opt_name': 'extension-path'}, {'opt_value': '1', 'opt_name': 'ip-forward-enable'}, {'opt_value': '1', 'opt_name': 'non-local-source-routing'}, {'opt_value': '1576', 'opt_name': 'max-datagram-reassembly'}, {'opt_value': '150', 'opt_name': 'default-ttl'}, {'opt_value': '2104', 'opt_name': 'mtu'} ] self.assertRaises(exceptions.BadRequest, self._create_port_with_dhcp_opts, self.osmgd_l2_network['id'], more_than_16_extra_dhcp_opts) def test_nuage_show_port_non_existent_neg(self): # Try to show the extra dhcp options of a non-existent port bad_port_id = 'blablablabla' self.assertRaises(exceptions.NotFound, self.ports_client.show_port, bad_port_id) @decorators.attr(type='smoke') @testtools.skipIf(Topology.before_openstack('queens'), 'Unsupported pre-queens') def test_nuage_create_port_with_dhcp_opts_wrong_numerical_option(self): # Try to create a port with bad extra dhcp options values # Try to update an existing port with these bad DHCP option values network_id = self.osmgd_l2_network['id'] bad_values = ['1', '2'] self._assert_create_update_port_with_bad_dhcp_opts_neg( network_id, bad_values, '0') @decorators.attr(type='smoke') @testtools.skipIf(Topology.before_openstack('queens'), 'Unsupported pre-queens') def test_nuage_create_port_with_dhcp_opts_mixed_numerical_option(self): extra_dhcp_opts = [ {'opt_value': 'nuage.net', 'opt_name': 'hostname'}] self._update_port_with_dhcp_opts( self.os_l2_port['id'], extra_dhcp_opts ) extra_dhcp_opts = [ {'opt_value': 'nuage.net', 'opt_name': '12'}] self.assertRaises(exceptions.BadRequest, self._update_port_with_dhcp_opts, self.os_l2_port['id'], extra_dhcp_opts)
def skip_checks(cls): super(TestFWaaS, cls).skip_checks() if not Topology.has_fwaas_v6_support(): msg = 'No fwaas v6 support.' raise cls.skipException(msg)
class SriovBasicOpsTest(NuageBaseTest): force_tenant_isolation = False ip_types = {(4,): 'IPV4', (6,): 'IPV6', (4, 6): 'DUALSTACK'} @classmethod def resource_setup(cls): super(SriovBasicOpsTest, cls).resource_setup() cls.aggregates = cls.admin_manager.aggregates_client.list_aggregates() cls.hosts_vrs = [aggregate['hosts'] for aggregate in cls.aggregates['aggregates'] if aggregate['metadata']['flavor'] == 'vrs'][0] cls.hosts_sriov = [aggregate['hosts'] for aggregate in cls.aggregates['aggregates'] if aggregate['metadata']['flavor'] == 'sriov'][0] cls.availability_zones_vrs = ['nova:' + host for host in cls.hosts_vrs] cls.availability_zones_sriov = ['nova:' + host for host in cls.hosts_sriov] @classmethod def skip_checks(cls): super(SriovBasicOpsTest, cls).skip_checks() if CONF.network.port_vnic_type not in ['direct']: msg = 'Test requires port_vnic_type "direct"' raise cls.skipException(msg) if Topology.has_default_switchdev_port_profile(): raise cls.skipException('Test requires switchdev offloading ' 'to be disabled') def _check_connectivity(self, ip_version=4): connectivity_check_pairs = [] sriov_compute = self.availability_zones_sriov[0] server_to = self._create_server_with_direct_port( availability_zone=sriov_compute) vrs_computes = [sriov_compute] if any(self.availability_zones_vrs): vrs_computes.append(self.availability_zones_vrs[0]) for availability_zone in vrs_computes: server_from = self._create_server_with_virtio_port( availability_zone=availability_zone) connectivity_check_pairs.append((server_from, server_to)) for server_from, server_to in connectivity_check_pairs: self.assert_ping(server_from, server_to, network=self.network, ip_version=ip_version) def _create_server_with_virtio_port(self, availability_zone): port = self.create_port(self.network, security_groups=[ self.secgroup['id']], manager=self.admin_manager, **VIRTIO_ARGS) return self.create_tenant_server( availability_zone=availability_zone, ports=[port], prepare_for_connectivity=True, manager=self.admin_manager) def _create_server_with_direct_port(self, availability_zone): kwargs = {'config_drive': True} port = self.create_port(self.network, port_security_enabled=False, manager=self.admin_manager) return self.create_tenant_server( availability_zone=availability_zone, ports=[port], prepare_for_connectivity=False, # explicit, as must be manager=self.admin_manager, **kwargs) def _create_vsd_domain(self, is_l3=True, ip_version=(4,)): cidr4 = None cidr6 = None enable_dhcpv4 = enable_dhcpv6 = Topology.before_nuage('6.0') gateway4 = None gateway6 = None for ip_type in ip_version: if ip_type == 4: cidr4 = data_utils.gimme_a_cidr(ip_type) gateway4 = str(cidr4[1]) if is_l3 else None elif ip_type == 6: cidr6 = data_utils.gimme_a_cidr(ip_type) gateway6 = str(cidr6[1]) if is_l3 else None kwargs = {} if CONF.nuage_sut.gateway_type == 'cisco': kwargs['ingress_replication_enabled'] = True if is_l3: l3template = self.vsd_create_l3domain_template() self.domain = self.vsd_create_l3domain(template_id=l3template.id) zone = self.vsd_create_zone(domain=self.domain) self.l3subnet = self.create_vsd_subnet( zone=zone, cidr4=cidr4, cidr6=cidr6, enable_dhcpv4=enable_dhcpv4, enable_dhcpv6=enable_dhcpv6, gateway4=gateway4, gateway6=gateway6, ip_type=self.ip_types[ip_version], **kwargs ) else: l2template = self.vsd_create_l2domain_template( cidr4=cidr4, cidr6=cidr6, enable_dhcpv4=enable_dhcpv4, enable_dhcpv6=enable_dhcpv6, ip_type=self.ip_types[ip_version], ) self.l2domain = self.vsd_create_l2domain(template=l2template, **kwargs) def _setup_resources_vsd_mgd(self, is_l3=True, ip_version=(4,)): self._create_vsd_domain(is_l3=is_l3, ip_version=ip_version) domain = self.domain if is_l3 else self.l2domain pg_name = tempest_data_utils.rand_name('pg-') self.vsd.create_policy_group(domain, name=pg_name) allow_ipv4 = 4 in ip_version allow_ipv6 = 6 in ip_version self.vsd.define_any_to_any_acl(domain, allow_ipv4=allow_ipv4, allow_ipv6=allow_ipv6, stateful=True) self.network = self.create_network( manager=self.admin_manager, tenant_id=self.manager.networks_client.tenant_id, **NETWORK_ARGS) if is_l3: vsd_subnet = self.l3subnet create_vsd_managed_subnet = self.create_l3_vsd_managed_subnet else: vsd_subnet = self.l2domain create_vsd_managed_subnet = self.create_l2_vsd_managed_subnet self.subnet = [] for ip_type in ip_version: self.subnet.append(create_vsd_managed_subnet( self.network, vsd_subnet, ip_version=ip_type, manager=self.admin_manager, dhcp_managed=Topology.before_nuage('6.0'))) self.secgroup = self.create_open_ssh_security_group( manager=self.admin_manager) def _setup_resources(self, is_l3=True, ip_version=(4,)): # setup basic topology for servers we can log into self.network = self.create_network( manager=self.admin_manager, tenant_id=self.manager.networks_client.tenant_id, **NETWORK_ARGS) self.subnet = [] for ip_type in ip_version: self.subnet.append(self.create_subnet(self.network, ip_version=ip_type, manager=self.admin_manager, enable_dhcp=False)) if is_l3: router = self.create_public_router(manager=self.admin_manager) for subnet in self.subnet: self.router_attach(router, subnet, manager=self.admin_manager) self.secgroup = self.create_open_ssh_security_group( manager=self.admin_manager) def test_server_connectivity_l3(self): self._setup_resources() self._check_connectivity() def test_server_connectivity_l2(self): self._setup_resources(is_l3=False) self._check_connectivity() @testtools.skipIf(Topology.before_nuage('6.0'), 'Unsupported pre-6.0') def test_server_connectivity_l3_ipv6(self): self._setup_resources(ip_version=(6,)) self._check_connectivity(ip_version=6) @testtools.skipIf(Topology.before_nuage('6.0'), 'Unsupported pre-6.0') def test_server_connectivity_l2_ipv6(self): self._setup_resources(is_l3=False, ip_version=(6,)) self._check_connectivity(ip_version=6) def test_server_connectivity_l3_dual(self): self._setup_resources(ip_version=(4, 6)) self._check_connectivity() def test_server_connectivity_l2_dual(self): self._setup_resources(is_l3=False, ip_version=(4, 6)) self._check_connectivity() def test_server_connectivity_l3_vsd_mgd(self): self._setup_resources_vsd_mgd() self._check_connectivity() def test_server_connectivity_l2_vsd_mgd(self): self._setup_resources_vsd_mgd(is_l3=False) self._check_connectivity() @testtools.skipIf(Topology.before_nuage('6.0'), 'Unsupported pre-6.0') def test_server_connectivity_l3_ipv6_vsd_mgd(self): self._setup_resources_vsd_mgd(ip_version=(6,)) self._check_connectivity(ip_version=6) @testtools.skipIf(Topology.before_nuage('6.0'), 'Unsupported pre-6.0') def test_server_connectivity_l2_ipv6_vsd_mgd(self): self._setup_resources_vsd_mgd(is_l3=False, ip_version=(6,)) self._check_connectivity(ip_version=6) def test_server_connectivity_l3_dual_vsd_mgd(self): self._setup_resources_vsd_mgd(ip_version=(4, 6)) self._check_connectivity() def test_server_connectivity_l2_dual_vsd_mgd(self): self._setup_resources_vsd_mgd(is_l3=False, ip_version=(4, 6)) self._check_connectivity()
# # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. from collections import namedtuple from netaddr import IPNetwork from nuage_tempest_plugin.lib.test.nuage_test import NuageBaseTest from nuage_tempest_plugin.lib.topology import Topology from nuage_tempest_plugin.lib.utils import data_utils CONF = Topology.get_conf() CONFIGURE_VLAN_INTERFACE_COMMANDS = ( '{pre} link add link {dev} name {dev}.{tag} type vlan id {tag}\n' '{pre} link set up dev {dev}.{tag}\n' '{pre} link set {dev}.{tag} address {mac}\n' '{pre} address add {ip}/{len} dev {dev}.{tag}\n') CONFIGURE_SECOND_IP = ('{pre} address add {ip}/{len} dev {dev}.{tag}\n') ServerPorts = namedtuple('ServerPorts', 'server port subports') class HwvtepBasicOpsTest(NuageBaseTest): is_trunk = False ip_types = {(4, ): 'IPV4', (6, ): 'IPV6', (4, 6): 'DUALSTACK'}
def skip_checks(cls): super(Ipv4L3VsdManagedConnectivityWithAggrFlowsTest, cls).skip_checks() if not Topology.has_aggregate_flows_support(): msg = 'No aggregate flows support.' raise cls.skipException(msg)
def test_default_security_group_host_port_nondef_netpart(self): post_body = { "network_id": self.nondef_network['id'], "device_owner": 'nuage:vip' } body = self.ports_client.create_port(**post_body) port = body['port'] self.addCleanup(self.ports_client.delete_port, port['id']) # Create host vport kwargs = { 'gatewayvlan': self.gatewayvlans[5][0]['ID'], 'port': port['id'], 'subnet': None, 'tenant': self.client.tenant_id } body = self.client.create_gateway_vport(**kwargs) vport = body['nuage_gateway_vport'] gw_vport = self.nuage_client.get_host_vport(vport['id']) body = self.admin_client.show_gateway_vport(gw_vport[0]['ID'], self.nondef_subnet['id']) vport = body['nuage_gateway_vport'] if vport is None: assert False, "Host Vport not found" self.verify_vport_properties(gw_vport[0], vport, self.network['id']) l3domain = self.nuage_client.get_l3domain( filters='externalID', filter_values=self.nondef_router['id'], netpart_name=self.nondef_netpart['name']) default_pg = self.nuage_client.get_policygroup(n_constants.DOMAIN, l3domain[0]['ID']) if default_pg[0]['name'] == n_constants.NUAGE_PLCY_GRP_ALLOW_ALL: pg_num = 0 else: pg_num = 1 self.assertEqual( n_constants.NUAGE_PLCY_GRP_ALLOW_ALL if Topology.has_unified_pg_for_all_support() else 'defaultPG-VRSG-HOST-' + vport['subnet'], default_pg[pg_num]['name']) vport_from_pg = self.nuage_client.get_vport(n_constants.POLICYGROUP, default_pg[pg_num]['ID']) if len(vport_from_pg) == 1: self.assertEqual(vport_from_pg[0]['name'], vport['name']) elif len(vport_from_pg) == 2: # One bridge vport is created by another test or neutron dhcp # agent is enabled. self.assertEqual(vport_from_pg[1]['name'], vport['name']) else: # One bridge vport is created by another test and neutron dhcp # agent is enabled. self.assertEqual(vport_from_pg[2]['name'], vport['name']) nuage_eacl_template = self.nuage_client.get_egressacl_template( n_constants.DOMAIN, l3domain[0]['ID']) nuage_eacl_entrytemplate = \ self.nuage_client.get_egressacl_entrytemplate( n_constants.EGRESS_ACL_TEMPLATE, nuage_eacl_template[0]['ID']) vport_tp_pg_mapping = False for nuage_eacl_entry in nuage_eacl_entrytemplate: if nuage_eacl_entry['locationID'] == default_pg[pg_num]['ID']: self.assertEqual(nuage_eacl_entry['networkType'], 'ANY') self.assertEqual(nuage_eacl_entry['locationType'], 'POLICYGROUP') vport_tp_pg_mapping = True if vport_tp_pg_mapping is False: assert False, "Host Vport not found in default PG"
from nuage_tempest_plugin.lib.topology import Topology from nuage_tempest_plugin.lib.utils import constants as n_constants from nuage_tempest_plugin.lib.utils import exceptions from nuage_tempest_plugin.services.nuage_client import NuageRestClient from nuage_tempest_plugin.services.nuage_network_client \ import NuageNetworkClientJSON from nuage_tempest_plugin.tests.api.vsd_managed \ import base_vsd_managed_networks as base_vsdman from tempest.api.network import base from tempest.lib.common.utils import data_utils from tempest.lib.common.utils.data_utils import rand_name from tempest.lib import exceptions as lib_exec from tempest.test import decorators CONF = Topology.get_conf() LOG = Topology.get_logger(__name__) class NuageGatewayTestJSON(base.BaseAdminNetworkTest, base_vsdman.BaseVSDManagedNetwork): _interface = 'json' @staticmethod def is_hw_gateway_personality(personality): return personality not in n_constants.SW_GW_TYPES @classmethod def create_gateway(cls, personality): name = rand_name('tempest-gw') gw = cls.nuage_client.create_gateway(name, str(uuid.uuid4()),
def skip_checks(cls): super(AllowedAddressPairIpV6NuageTest, cls).skip_checks() if not Topology.has_single_stack_v6_support(): raise cls.skipException('There is no single-stack v6 support ' 'in current release')
class AllowedAddressPairIpV6OSManagedTest(BaseAllowedAddressPair): _ip_version = 6 """Tests the Neutron Allowed Address Pair API extension The following API operations are tested with this extension: create port list ports update port show port v2.0 of the Neutron API is assumed. It is also assumed that the following options are defined in the [network-feature-enabled] section of etc/tempest.conf api_extensions """ _interface = 'json' @decorators.attr(type='smoke') def test_create_port_with_aap_ipv6_moving_from_l2_to_l3_validation(self): network = self.create_network() # Create port with allowed address pair attribute subnet4 = self.create_subnet( network, ip_version=4, enable_dhcp=True) subnet6 = self.create_subnet( network, ip_version=6, enable_dhcp=False) if CONF.nuage_sut.ipam_driver == 'nuage_vsd_managed': # If nuage_vsd_managed ipam is enabled, a nuage:vip port is needed port_args = { 'fixed_ips': [ {'ip_address': str(IPAddress(self.cidr6.first) + 10)}], 'device_owner': 'nuage:vip' } self.create_port(network, **port_args) port_args = {'fixed_ips': [ {'ip_address': str(IPAddress(self.cidr4.first) + 8)}, {'ip_address': str(IPAddress(self.cidr6.first) + 8)}], 'allowed_address_pairs': [ {'ip_address': str(IPAddress(self.cidr6.first) + 10), 'mac_address': VALID_MAC_ADDRESS}]} port = self.create_port(network, **port_args) # Confirm port was created with allowed address pair attribute self._verify_port( port, subnet4=subnet4, subnet6=subnet6) self._verify_l2_vport_by_id(port, SPOOFING_ENABLED, subnet4=subnet4) router = self.create_router() self.assertIsNotNone(router) vsd_l3_domain = self.vsd.get_l3domain(by_router_id=router['id']) self.assertIsNotNone(vsd_l3_domain) self.router_attach(router, subnet4) self._verify_l3_vport_by_id(router, port, SPOOFING_DISABLED, subnet4=subnet4) self.router_detach(router, subnet4) self._verify_l2_vport_by_id(port, SPOOFING_ENABLED, subnet4=subnet4) self.router_attach(router, subnet4) self._verify_l3_vport_by_id(router, port, SPOOFING_DISABLED, subnet4=subnet4) self.assertRaisesRegex( tempest_exceptions.Conflict, "One or more ports have an IP allocation from this subnet.", self.delete_subnet, subnet4) @decorators.attr(type='smoke') def test_delete_v6_subnet_with_ip_as_vip_in_v4_subnet_neg(self): network = self.create_network() subnet4 = self.create_subnet( network, ip_version=4, enable_dhcp=True) subnet6 = self.create_subnet( network, ip_version=6, enable_dhcp=False) router = self.create_router() self.create_router_interface(router['id'], subnet4['id']) port_args = {'fixed_ips': [{'subnet_id': subnet4['id'], 'ip_address': str(IPAddress(self.cidr4.first) + 10)}], 'allowed_address_pairs': [{'ip_address': str(IPAddress(self.cidr6.first) + 10), 'mac_address': VALID_MAC_ADDRESS}]} port = self.create_port(network, **port_args) msg = ('IP {} is in use for nuage VIP, hence cannot delete the subnet' ).format(port['allowed_address_pairs'][0]['ip_address']) self.assertRaisesRegex(tempest_exceptions.BadRequest, msg, self.delete_subnet, subnet6) @testtools.skipIf(not Topology.has_single_stack_v6_support(), 'There is no single-stack v6 support in current release') def test_delete_v4_subnet_with_ip_as_vip_in_v6_subnet_neg(self): network = self.create_network() subnet4 = self.create_subnet( network, ip_version=4, enable_dhcp=True) subnet6 = self.create_subnet( network, ip_version=6, enable_dhcp=False) router = self.create_router() self.create_router_interface(router['id'], subnet6['id']) port_args = {'fixed_ips': [{'subnet_id': subnet6['id'], 'ip_address': str( IPAddress(self.cidr6.first) + 10)}], 'allowed_address_pairs': [{'ip_address': str(IPAddress(self.cidr4.first) + 10), 'mac_address': VALID_MAC_ADDRESS}]} port = self.create_port(network, **port_args) msg = ('IP {} is in use for nuage VIP, hence cannot delete the subnet' ).format(port['allowed_address_pairs'][0]['ip_address']) self.assertRaisesRegex(tempest_exceptions.BadRequest, msg, self.delete_subnet, subnet4) @decorators.attr(type='smoke') def test_create_port_with_invalid_address_formats_neg_l2_and_l3(self): network = self.create_network() subnet4 = self.create_subnet( network, ip_version=4, enable_dhcp=True) subnet6 = self.create_subnet( network, ip_version=6, enable_dhcp=False) # noinspection PyPep8 reserved_valid_ipv6 = [ '::1', # Loopback 'FE80::1', # Link local address 'FF00:5f74:c4a5:b82e:ffff:ffff:ffff:ffff', # multicast 'FF00::1', # multicast address '::', # empty string '2001:ffff:ffff:ffff:ffff:ffff:ffff:ffff', # valid address, not in subnet ] invalid_ipv6 = [ ('', MSG_INVALID_INPUT_FOR_AAP_IPS), # empty string ("2001:5f74:c4a5:b82e:ffff:ffff:ffff:ffff:ffff", MSG_INVALID_INPUT_FOR_AAP_IPS), # invalid address, too much segments ("2001:5f74:c4a5:b82e:ffff:ffff:ffff", MSG_INVALID_INPUT_FOR_AAP_IPS), # invalid address, seven segments ("2001;5f74.c4a5.b82e:ffff:ffff:ffff", MSG_INVALID_INPUT_FOR_AAP_IPS), # invalid address, wrong characters ("2001:5f74:c4a5:b82e:100.12.13.1", MSG_INVALID_INPUT_FOR_AAP_IPS), # invalid format: must have :: between hex and decimal part. ] # ### L2 ##### for ipv6 in reserved_valid_ipv6: port_args = {'allowed_address_pairs': [ {'ip_address': ipv6, 'mac_address': VALID_MAC_ADDRESS}]} port = self.create_port(network, **port_args) self._verify_port( port, subnet4=subnet4, subnet6=subnet6) self._verify_l2_vport_by_id(port, SPOOFING_ENABLED, subnet4=subnet4) for ipv6, msg in invalid_ipv6: port_args = {'allowed_address_pairs': [ {'ip_address': ipv6, 'mac_address': VALID_MAC_ADDRESS}]} self.assertRaisesRegex(tempest_exceptions.BadRequest, msg % ipv6, self.create_port, network, **port_args) @decorators.attr(type='smoke') def test_fip2ipv6vip(self): # Base resources network = self.create_network() subnet4 = self.create_subnet( network, ip_version=4, enable_dhcp=True) subnet6 = self.create_subnet( network, ip_version=6, enable_dhcp=False) router = self.create_router( admin_state_up=True, external_network_id=CONF.network.public_network_id) self.assertIsNotNone(router, "Unable to create router") self.create_router_interface(router_id=router["id"], subnet_id=subnet4["id"]) # Create VIP_port port_args = { 'allowed_address_pairs': [ {'ip_address': str(IPAddress(self.cidr4.first) + 7)}, {'ip_address': str(IPAddress(self.cidr6.first) + 7)} ], 'fixed_ips': [ {'subnet_id': subnet6['id'], 'ip_address': str(IPAddress(self.cidr6.first) + 11)}], 'device_owner': "nuage:vip"} vip_port = self.create_port(network=network, **port_args) self.assertIsNotNone(vip_port, "Unable to create vip port") # Create floating ip and attach to VIP_PORT floating_ip = self.create_floatingip() self.assertIsNotNone(floating_ip, "Unabe to create floating ip") msg = 'Cannot add floating IP to port %s that' \ ' has no fixed IPv4 addresses.' % vip_port['id'] self.assertRaisesRegex(tempest_exceptions.ClientRestClientException, msg, self.update_floatingip, floatingip=floating_ip, port_id=vip_port['id']) @decorators.attr(type='smoke') def test_provision_ports_without_address_pairs_in_l2_subnet_unmanaged( self): network = self.create_network() subnet4 = self.create_subnet( network, ip_version=4, enable_dhcp=True) subnet6 = self.create_subnet( network, ip_version=6, enable_dhcp=False) vsd_l2_domain = self.vsd.get_l2domain(by_subnet=subnet4) for scenario, port_config in iteritems(self.port_configs): LOG.info("TESTCASE scenario {}".format(scenario)) self._check_crud_port(scenario, network, subnet4, subnet6, vsd_l2_domain, constants.L2_DOMAIN) @decorators.attr(type='smoke') def test_provision_ports_with_address_pairs_in_l3_subnet(self): network = self.create_network() subnet4 = self.create_subnet( network, ip_version=4, enable_dhcp=True) subnet6 = self.create_subnet( network, ip_version=6, enable_dhcp=False) router = self.create_router() self.create_router_interface(router['id'], subnet4['id']) domain = self.vsd.get_domain(by_router_id=router['id']) zone = self.vsd.get_zone(domain=domain, by_router_id=router['id']) vsd_subnet = self.vsd.get_subnet(zone=zone, by_subnet=subnet4) for scenario, port_config in iteritems(self.port_configs): LOG.info("TESTCASE scenario {}".format(scenario)) self._check_crud_port(scenario, network, subnet4, subnet6, vsd_subnet, constants.SUBNETWORK)
class AvrsOsManagedConnectivityTest(E2eTestBase): # Test scenarios, generate tests for product of these lists is_icmpv6_offload_supported = True if Topology.has_single_stack_v6_support(): scenarios = testscenarios.scenarios.multiply_scenarios([ ('L3', {'is_l3': True}), ('L2', {'is_l3': False}) ], [ ('IPv4', {'ip_versions': E2eTestBase.IP_VERSIONS_V4}), ('IPv6', {'ip_versions': E2eTestBase.IP_VERSIONS_V6}), ('Dualstack', {'ip_versions': E2eTestBase.IP_VERSIONS_DUALSTACK}) ]) else: scenarios = testscenarios.scenarios.multiply_scenarios([ ('L3', {'is_l3': True}), ('L2', {'is_l3': False}) ], [ ('IPv4', {'ip_versions': E2eTestBase.IP_VERSIONS_V4}), ('Dualstack', {'ip_versions': E2eTestBase.IP_VERSIONS_DUALSTACK}) ]) @classmethod def setUpClass(cls): super(AvrsOsManagedConnectivityTest, cls).setUpClass() hypervisors = cls.get_hypervisors('avrs') cls.selected_hypervisors = random.sample(hypervisors, min(2, len(hypervisors))) def dump_flows(self, hypervisor): """Dump flows on hypervisor""" flows = json.loads(self.execute_on_hypervisor( hypervisor, 'sudo fpcmd fp-vswitch-flows-json')) return AvrsFlowQuery(flows) def test_restart_avrs(self): if Topology.api_workers > 1: raise self.skipException('Skip OVS restart tests when multiple ' 'workers are present') # Provision OpenStack network resources. network = self.create_network() subnet = self.create_subnet(network) router = self.create_router( external_network_id=CONF.network.public_network_id) self.router_attach(router, subnet) # Create open-ssh security group. ssh_security_group = self.create_open_ssh_security_group() # Launch tenant servers in OpenStack network. server2 = self.create_tenant_server( [network], security_groups=[ssh_security_group], prepare_for_connectivity=True) server1 = self.create_tenant_server( [network], security_groups=[ssh_security_group], prepare_for_connectivity=True) # Test connectivity between peer servers. self.assert_ping(server1, server2, network) for hypervisor in self.selected_hypervisors: self.restart_avrs(hypervisor['host_ip']) # Test connectivity between peer servers again. self.assert_ping(server1, server2, network) def test_fast_path_same_hv_virtio_virtio(self): super( AvrsOsManagedConnectivityTest, self)._test_same_hv_virtio_virtio() def test_fast_path_diff_hv_virtio_virtio(self): super( AvrsOsManagedConnectivityTest, self)._test_diff_hv_virtio_virtio()
class NuageHybridMplsTest(NuageBaseTest): @classmethod def skip_checks(cls): super(NuageHybridMplsTest, cls).skip_checks() if Topology.before_nuage('20.5'): raise cls.skipException('nuage_hybrid_mpls is supported from ' '20.5 onwards only') if not CONF.nuage_sut.nuage_hybrid_mpls_enabled: raise cls.skipException('nuage_hybrid_mpls type driver ' 'not enabled in tempest.conf') def create_l2_domain_tunnel_type(self, tunnel_type): l2template = self.vsd_create_l2domain_template( cidr4=IPNetwork('100.0.0.0/24'), gateway4='100.0.0.1') kwargs = {'l2_encap_type': tunnel_type} l2domain = self.vsd_create_l2domain(template=l2template, **kwargs) return l2domain def create_l3_subnet_tunnel_type(self, tunnel_type): l3template = self.vsd_create_l3domain_template() l3domain = self.vsd_create_l3domain(template_id=l3template.id) zone = self.vsd_create_zone(domain=l3domain) kwargs = {'l2_encap_type': tunnel_type} l3subnet = self.create_vsd_subnet(zone=zone, cidr4=IPNetwork('20.0.0.0/24'), gateway4='20.0.0.1', **kwargs) return l3subnet @decorators.attr(type='smoke') def test_os_managed_subnet_tunnel_type_mpls(self): # Nuage Hybrid MPLS Network kwargs = {'provider:network_type': 'nuage_hybrid_mpls'} network = self.create_network(manager=self.admin_manager, **kwargs) subnet = self.create_subnet(network, ip_version=4, manager=self.admin_manager) l2domain = self.vsd.get_l2domain(by_subnet=subnet) self.assertEqual('MPLS', l2domain.l2_encap_type) # Nuage Hybrid MPLS Segment segments = [{ 'provider:network_type': 'nuage_hybrid_mpls' }, { 'provider:network_type': 'vlan', 'provider:segmentation_id': 210, 'provider:physical_network': 'physnet2' }] kwargs = {'segments': segments} network = self.create_network(manager=self.admin_manager, **kwargs) subnet = self.create_subnet(network, ip_version=4, manager=self.admin_manager) self.assertIsNotNone(subnet) l2domain = self.vsd.get_l2domain(by_subnet=subnet) self.assertEqual('MPLS', l2domain.l2_encap_type) @decorators.attr(type='smoke') def test_vsd_managed_subnet_tunnel_type_mpls(self): # L2 Domain l2domain = self.create_l2_domain_tunnel_type('MPLS') kwargs = {'provider:network_type': 'nuage_hybrid_mpls'} network = self.create_network(manager=self.admin_manager, **kwargs) self.create_l2_vsd_managed_subnet(network, l2domain, manager=self.admin_manager) # L3 Subnet network = self.create_network(manager=self.admin_manager, **kwargs) l3subnet = self.create_l3_subnet_tunnel_type('MPLS') self.create_l3_vsd_managed_subnet(network, l3subnet, manager=self.admin_manager) def test_vsd_managed_subnet_tunnel_type_mpls_neg(self): # L2 Domain l2domain = self.create_l2_domain_tunnel_type('MPLS') network = self.create_network() kwargs = {'vsd_l2domain': l2domain} msg = ('Bad request: Provided Nuage subnet has tunnel type MPLS ' 'which is not supported by VXLAN networks') self.assertRaisesRegex(exceptions.BadRequest, msg, self.create_l2_vsd_managed_subnet, network, **kwargs) # L3 Subnet l3subnet = self.create_l3_subnet_tunnel_type('MPLS') kwargs = {'vsd_subnet': l3subnet} msg = ('Bad request: Provided Nuage subnet has tunnel type MPLS ' 'which is not supported by VXLAN networks') self.assertRaisesRegex(exceptions.BadRequest, msg, self.create_l3_vsd_managed_subnet, network, **kwargs) def test_vsd_managed_subnet_tunnel_type_vxlan_neg(self): # L2 Domain l2domain = self.create_l2_domain_tunnel_type('VXLAN') segments = [{ 'provider:network_type': 'nuage_hybrid_mpls' }, { 'provider:network_type': 'vlan', 'provider:segmentation_id': 210, 'provider:physical_network': 'physnet2' }] kwargs = {'segments': segments} network = self.create_network(manager=self.admin_manager, **kwargs) kwargs = {'vsd_l2domain': l2domain, "manager": self.admin_manager} msg = ('Bad request: Provided Nuage subnet has tunnel type VXLAN ' 'which is not supported by NUAGE_HYBRID_MPLS networks') self.assertRaisesRegex(exceptions.BadRequest, msg, self.create_l2_vsd_managed_subnet, network, **kwargs) # L3 Subnet l3subnet = self.create_l3_subnet_tunnel_type('VXLAN') kwargs = {'vsd_subnet': l3subnet, "manager": self.admin_manager} msg = ('Bad request: Provided Nuage subnet has tunnel type VXLAN ' 'which is not supported by NUAGE_HYBRID_MPLS networks') self.assertRaisesRegex(exceptions.BadRequest, msg, self.create_l3_vsd_managed_subnet, network, **kwargs) @decorators.attr(type='smoke') @testtools.skipIf(Topology.at_openstack('queens'), 'SegmentClient not loaded') def test_router_interface_blocked_tunnel_type_mpls(self): # Nuage Hybrid MPLS Network kwargs = {'provider:network_type': 'nuage_hybrid_mpls'} network = self.create_network(manager=self.admin_manager, **kwargs) subnet = self.create_subnet(network, ip_version=4, manager=self.admin_manager) router = self.create_router(manager=self.admin_manager) msg = ("It is not allowed to add a router interface to a " "network type nuage_hybrid_mpls, or if it has a " "segment of this type.") self.assertRaisesRegex(exceptions.BadRequest, msg, self.router_attach, router, subnet, manager=self.admin_manager) # Nuage Hybrid MPLS Segment kwargs = {'provider:network_type': 'nuage_hybrid_mpls'} network = self.create_network(manager=self.admin_manager, **kwargs) subnet = self.create_subnet(network, ip_version=4, manager=self.admin_manager) kwargs = { 'network_id': network['id'], 'network_type': 'vlan', 'physical_network': 'physnet2', 'segmentation_id': 210 } # This goes to update_network_precommit self.create_segment(**kwargs) router = self.create_router(manager=self.admin_manager) msg = ("It is not allowed to add a router interface to a " "network type nuage_hybrid_mpls, or if it has a " "segment of this type.") self.assertRaisesRegex(exceptions.BadRequest, msg, self.router_attach, router, subnet, manager=self.admin_manager) @decorators.attr(type='smoke') @testtools.skipIf(Topology.at_openstack('queens'), 'SegmentClient not loaded') def test_vxlan_mpls_segments_blocked_single_network(self): # Vxlan must be the default segment. Otherwise neutron rejects # the operation because the default MTU of vlan or nuage_hybrid_mpls # is greater than the one of vxlan # This goes to create_network_precommit segments = [{ "provider:network_type": "vxlan" }, { "provider:network_type": "vxlan" }, { "provider:network_type": "nuage_hybrid_mpls" }, { "provider:network_type": "vlan", "provider:physical_network": "physnet2", "provider:segmentation_id": 210 }] kwargs = {'segments': segments, "manager": self.admin_manager} msg = ("It is not allowed to have both vxlan and " "nuage_hybrid_mpls segments in a single network") self.assertRaisesRegex(exceptions.BadRequest, msg, self.create_network, **kwargs) # This goes to update_network_precommit kwargs = {'provider:network_type': 'vxlan'} network = self.create_network(manager=self.admin_manager, **kwargs) kwargs = { 'network_id': network['id'], 'network_type': 'vlan', 'physical_network': 'physnet2', 'segmentation_id': 210 } self.assertIsNotNone(self.create_segment(**kwargs)) kwargs = { 'network_id': network['id'], 'network_type': 'nuage_hybrid_mpls' } msg = ("It is not allowed to have both vxlan and " "nuage_hybrid_mpls segments in a single network") self.assertRaisesRegex(exceptions.BadRequest, msg, self.create_segment, **kwargs) @decorators.attr(type='smoke') def test_virtio_port_blocked_tunnel_type_mpls(self): kwargs = {'provider:network_type': 'nuage_hybrid_mpls'} network = self.create_network(manager=self.admin_manager, **kwargs) # L3 Subnet l3subnet = self.create_l3_subnet_tunnel_type('MPLS') self.create_l3_vsd_managed_subnet(network, l3subnet, manager=self.admin_manager) kwargs = { 'device_owner': 'compute:nova', 'device_id': uuidutils.generate_uuid(), 'binding:host_id': 'dummy', 'network': network, 'manager': self.admin_manager } msg = ('Bad request: Virtio port is not allowed in nuage_' 'mpls_hybrid networks') self.assertRaisesRegex(exceptions.BadRequest, msg, self.create_port, **kwargs)
def skip_checks(cls): super(DualstackOsMgdConnectivityWithAggrFlowsTest, cls).skip_checks() if Topology.before_nuage('20.5'): raise cls.skipException('OS managed aggregate flows are ' 'unavailable before 20.5')
def skip_checks(cls): super(SecGroupTestNuageBaseV6, cls).skip_checks() if not Topology.has_single_stack_v6_support(): msg = 'There is no single-stack v6 support in current release' raise cls.skipException(msg)
def _verify_fip_vsd(self, port, created_floating_ip, ingress_rate_limit=None, egress_rate_limit=None): # verifying on Domain level that the floating ip is added external_id = self.nuage_client.get_vsd_external_id( created_floating_ip['router_id']) nuage_domain = self.nuage_client.get_l3domain( filters='externalID', filter_values=external_id) nuage_domain_fips = self.nuage_client.get_floatingip( constants.DOMAIN, nuage_domain[0]['ID']) # The VSD FIP has same IP address than OpenStack FIP self.assertIn(created_floating_ip['floating_ip_address'], [fip['address'] for fip in nuage_domain_fips]) # The VSD externalID for FIP matches the OpenStack ID external_id = self.nuage_client.get_vsd_external_id( created_floating_ip['id']) self.assertIn( external_id, [nuage_fip['externalID'] for nuage_fip in nuage_domain_fips]) # Check vsd vsd_subnets = self.nuage_client.get_domain_subnet( None, None, by_subnet=self.subnet) self.assertEqual(1, len(vsd_subnets)) vports = self.nuage_client.get_vport( constants.SUBNETWORK, vsd_subnets[0]['ID'], 'externalID', self.nuage_client.get_vsd_external_id(port['id'])) self.assertEqual(1, len(vports)) qos = self.nuage_client.get_qos(constants.VPORT, vports[0]['ID']) if Topology.from_nuage('20.10'): self.assertEqual(0, len(qos)) nuage_fip = [ fip for fip in nuage_domain_fips if fip['externalID'] == external_id ][0] associated_ingress_rate_limit = nuage_fip.get( 'ingressRateLimiterID') associated_egress_rate_limit = nuage_fip.get('egressRateLimiterID') if ingress_rate_limit is not None: # Get Ratelimiter external_id = 'egress_{}'.format(created_floating_ip['id']) ratelimiter = self.nuage_client.get_ratelimiter(external_id) if ingress_rate_limit == constants.UNLIMITED: self.assertIsNone(ratelimiter) self.assertIsNone(associated_egress_rate_limit) else: self.assertEqualFiprate( ingress_rate_limit, self.convert_mbps_to_kbps( ratelimiter['peakInformationRate'])) self.assertEqual(associated_egress_rate_limit, ratelimiter['ID']) if egress_rate_limit is not None: external_id = 'ingress_{}'.format(created_floating_ip['id']) ratelimiter = self.nuage_client.get_ratelimiter(external_id) if egress_rate_limit == constants.UNLIMITED: self.assertIsNone(ratelimiter) self.assertIsNone(associated_ingress_rate_limit) else: self.assertEqualFiprate( egress_rate_limit, self.convert_mbps_to_kbps( ratelimiter['peakInformationRate'])) self.assertEqual(associated_ingress_rate_limit, ratelimiter['ID']) else: self.assertEqual(1, len(qos)) self.assertEqual(True, qos[0]['FIPRateLimitingActive']) if ingress_rate_limit is not None: self.assertEqualFiprate( ingress_rate_limit, self.convert_mbps_to_kbps( qos[0]['EgressFIPPeakInformationRate'])) if egress_rate_limit is not None: self.assertEqualFiprate( egress_rate_limit, self.convert_mbps_to_kbps( qos[0]['FIPPeakInformationRate'])) self.assertEqual( self.nuage_client.get_vsd_external_id( created_floating_ip['id']), qos[0]['externalID'])
def skip_checks(cls): super(AllowedAddressPairV6Test, cls).skip_checks() if not Topology.has_single_stack_v6_support(): msg = 'There is no single-stack v6 support in current release' raise cls.skipException(msg)
def test_create_floatingip_with_rate_limiting(self): rate_limit = 10000 # Create port port = self.create_port(network=self.network) # Associate a fip to the port body = self.floating_ips_client.create_floatingip( floating_network_id=self.ext_net_id, port_id=port['id'], fixed_ip_address=port['fixed_ips'][0]['ip_address'], nuage_egress_fip_rate_kbps=rate_limit) created_floating_ip = body['floatingip'] self.addCleanup(self.floating_ips_client.delete_floatingip, created_floating_ip['id']) self.assertIsNotNone(created_floating_ip['id']) fip_id = created_floating_ip['id'] body = self.floating_ips_client.show_floatingip(fip_id) fip = body['floatingip'] # rate_limit is in kbps now! self.assertThat(fip, ContainsDict( {'nuage_ingress_fip_rate_kbps': Equals(-1)})) self.assertThat(fip, ContainsDict( {'nuage_egress_fip_rate_kbps': Equals(rate_limit)})) # attribute 'nuage_fip_rate' is no longer in response self.assertIsNone(fip.get('nuage_fip_rate')) # Check vsd vsd_subnets = self.nuage_client.get_domain_subnet( None, None, by_subnet=self.subnet) self.assertEqual(1, len(vsd_subnets)) vports = self.nuage_client.get_vport(constants.SUBNETWORK, vsd_subnets[0]['ID'], 'externalID', port['id']) self.assertEqual(1, len(vports)) qos = self.nuage_client.get_qos(constants.VPORT, vports[0]['ID']) if Topology.from_nuage('20.10'): self.assertEqual(0, len(qos)) external_id_domain = self.nuage_client.get_vsd_external_id( created_floating_ip['router_id']) nuage_domain = self.nuage_client.get_l3domain( filters='externalID', filter_values=external_id_domain) nuage_domain_fips = self.nuage_client.get_floatingip( constants.DOMAIN, nuage_domain[0]['ID']) nuage_fip = [nuage_fip for nuage_fip in nuage_domain_fips if nuage_fip['externalID'].startswith(fip_id)][0] associated_ingress_rate_limit = nuage_fip['ingressRateLimiterID'] associated_egress_rate_limit = nuage_fip['egressRateLimiterID'] # Infinity for egress expected self.assertIsNone(associated_egress_rate_limit) # Ingress: external_id = 'ingress_{}'.format(created_floating_ip['id']) ratelimiter = self.nuage_client.get_ratelimiter(external_id) self.assertEqual( str(float(rate_limit / 1000)), ratelimiter['peakInformationRate']) self.assertEqual(associated_ingress_rate_limit, ratelimiter['ID']) else: self.assertEqual(1, len(qos)) self.assertThat(qos[0], ContainsDict( {'externalID': Equals(self.nuage_client.get_vsd_external_id(fip_id))})) self.assertThat(qos[0], ContainsDict( {'FIPRateLimitingActive': Equals(True)})) self.assertThat(qos[0], ContainsDict( {'FIPPeakInformationRate': Equals( str(float(rate_limit / 1000)))})) self.assertThat(qos[0], ContainsDict( {'FIPPeakBurstSize': Equals(str(100))})) self.assertThat(qos[0], ContainsDict( {'EgressFIPPeakInformationRate': Equals('INFINITY')})) self.assertThat(qos[0], ContainsDict( {'EgressFIPPeakBurstSize': Equals(str(100))}))
def test_default_security_group_bridge_port(self): kwargs = { 'gatewayvlan': self.gatewayvlans[4][0]['ID'], 'port': None, 'subnet': self.subnet['id'], 'tenant': self.client.tenant_id } body = self.client.create_gateway_vport(**kwargs) vport1 = body['nuage_gateway_vport'] self.gatewayvports.append(vport1) gw_vport = self.nuage_client.get_host_vport(vport1['id']) self.verify_vport_properties(gw_vport[0], vport1, self.network['id']) body = self.admin_client.list_gateway_vport(self.subnet['id']) vports = body['nuage_gateway_vports'] found_vport = False vport = None for vport in vports: if vport['name'] == gw_vport[0]['name']: found_vport = True self.verify_vport_properties(gw_vport[0], vport, self.network['id']) # TODO(Kris noticed) - shld there be break here? if not found_vport: assert False, "Bridge Vport not found" l3domain = self.nuage_client.get_l3domain( filters='externalID', filter_values=self.router['id']) default_pg = self.nuage_client.get_policygroup(n_constants.DOMAIN, l3domain[0]['ID']) self.assertEqual( n_constants.NUAGE_PLCY_GRP_ALLOW_ALL if Topology.has_unified_pg_for_all_support() else 'defaultPG-VRSG-BRIDGE-' + vport['subnet'], default_pg[0]['name']) self.assertThat( default_pg[0], ContainsDict( {'externalID': Equals(self._expected_allow_all_pg_ext_id())})) vports_from_pg = self.nuage_client.get_vport(n_constants.POLICYGROUP, default_pg[0]['ID']) for vport_from_pg in vports_from_pg: if vport_from_pg['name'] == vport['name']: break else: self.fail("Can't find Vport {} under the policy group {}".format( vport['name'], default_pg[0]['name'])) # Egress ACL nuage_eacl_template = self.nuage_client.get_egressacl_template( n_constants.DOMAIN, l3domain[0]['ID']) # must have external ID as router_id @ cms_id self.assertThat( nuage_eacl_template[0], ContainsDict({ 'externalID': Equals(ExternalId(self.router['id']).at_cms_id()) })) nuage_eacl_entrytemplate = \ self.nuage_client.get_egressacl_entrytemplate( n_constants.EGRESS_ACL_TEMPLATE, nuage_eacl_template[0]['ID']) self.assertThat( nuage_eacl_entrytemplate[0], ContainsDict( {'externalID': Equals(self._expected_allow_all_pg_ext_id())})) vport_tp_pg_mapping = False for nuage_eacl_entry in nuage_eacl_entrytemplate: if nuage_eacl_entry['locationID'] == default_pg[0]['ID']: self.assertThat( nuage_eacl_entry, ContainsDict({ 'externalID': Equals(self._expected_allow_all_pg_ext_id()) })) self.assertEqual(nuage_eacl_entry['networkType'], 'ANY') self.assertEqual(nuage_eacl_entry['locationType'], 'POLICYGROUP') vport_tp_pg_mapping = True if vport_tp_pg_mapping is False: assert False, "Bridge Vport not found in default PG" # Ingress ACL nuage_iacl_template = self.nuage_client.get_ingressacl_template( n_constants.DOMAIN, l3domain[0]['ID']) # must have external ID as router_id @ cms_id self.assertThat( nuage_iacl_template[0], ContainsDict({ 'externalID': Equals(ExternalId(self.router['id']).at_cms_id()) })) nuage_iacl_entrytemplate = \ self.nuage_client.get_ingressacl_entrytemplate( n_constants.INGRESS_ACL_TEMPLATE, nuage_iacl_template[0]['ID']) self.assertThat( nuage_iacl_entrytemplate[0], ContainsDict( {'externalID': Equals(self._expected_allow_all_pg_ext_id())})) vport_tp_pg_mapping = False for nuage_iacl_entry in nuage_iacl_entrytemplate: if nuage_iacl_entry['locationID'] == default_pg[0]['ID']: self.assertThat( nuage_iacl_entry, ContainsDict({ 'externalID': Equals(self._expected_allow_all_pg_ext_id()) })) self.assertEqual('ANY', nuage_iacl_entry['networkType']) self.assertEqual('POLICYGROUP', nuage_iacl_entry['locationType']) vport_tp_pg_mapping = True self.assertTrue(vport_tp_pg_mapping, 'Bridge Vport not found in default PG')
def test_create_floatingip_without_rate_limiting(self): # Create port port = self.create_port(network=self.network) # Associate a fip to the port body = self.floating_ips_client.create_floatingip( floating_network_id=self.ext_net_id, port_id=port['id'], fixed_ip_address=port['fixed_ips'][0]['ip_address']) created_floating_ip = body['floatingip'] self.addCleanup(self.floating_ips_client.delete_floatingip, created_floating_ip['id']) self.assertIsNotNone(created_floating_ip['id']) fip_id = created_floating_ip['id'] body = self.floating_ips_client.show_floatingip(fip_id) fip = body['floatingip'] self.assertIsNotNone(fip.get('nuage_ingress_fip_rate_kbps')) self.assertIsNotNone(fip.get('nuage_egress_fip_rate_kbps')) # Check vsd vsd_subnets = self.nuage_client.get_domain_subnet( None, None, by_subnet=self.subnet) self.assertEqual(1, len(vsd_subnets)) vports = self.nuage_client.get_vport(constants.SUBNETWORK, vsd_subnets[0]['ID'], 'externalID', port['id']) self.assertEqual(1, len(vports)) qos = self.nuage_client.get_qos(constants.VPORT, vports[0]['ID']) if Topology.from_nuage('20.10'): self.assertEqual(0, len(qos)) external_id_domain = self.nuage_client.get_vsd_external_id( created_floating_ip['router_id']) nuage_domain = self.nuage_client.get_l3domain( filters='externalID', filter_values=external_id_domain) nuage_domain_fips = self.nuage_client.get_floatingip( constants.DOMAIN, nuage_domain[0]['ID']) nuage_fip = [nuage_fip for nuage_fip in nuage_domain_fips if nuage_fip['externalID'].startswith(fip_id)][0] associated_ingress_rate_limit = nuage_fip['ingressRateLimiterID'] associated_egress_rate_limit = nuage_fip['egressRateLimiterID'] # Infinity for egress expected self.assertIsNone(associated_egress_rate_limit) # Infinity for ingress expected self.assertIsNone(associated_ingress_rate_limit) else: self.assertEqual(1, len(vports)) qos = self.nuage_client.get_qos(constants.VPORT, vports[0]['ID']) self.assertEqual(1, len(qos)) self.assertEqual(self.nuage_client.get_vsd_external_id(fip_id), qos[0]['externalID']) self.assertEqual(True, qos[0]['FIPRateLimitingActive']) self.assertEqual('INFINITY', qos[0]['FIPPeakInformationRate']) self.assertEqual('INFINITY', qos[0]['EgressFIPPeakInformationRate'])
def is_dhcp_enabled_on_subnet(subnet): return (subnet['enable_dhcp'] and (subnet['ip_version'] == 4 or Topology.has_dhcp_v6_support()))
class VlanTransparentConnectivityTest(NuageBaseTest): default_prepare_for_connectivity = True @classmethod def setup_clients(cls): super(VlanTransparentConnectivityTest, cls).setup_clients() cls.nuage_client = NuageRestClient() cls.client = NuageNetworkClientJSON(cls.os_primary.auth_provider, **cls.os_primary.default_params) @testtools.skipUnless(CONF.nuage_sut.image_is_advanced, "Advanced image is required to run this test.") def test_l2_transparent_network(self): kwargs = {'vlan_transparent': 'true'} network = self.create_network(**kwargs) self.create_subnet(network, gateway=None) # create open-ssh security group ssh_security_group = self.create_open_ssh_security_group() # Launch tenant servers in OpenStack network vm1 = self.create_tenant_server([network], security_groups=[ssh_security_group], prepare_for_connectivity=True) vm2 = self.create_tenant_server([network], security_groups=[ssh_security_group], prepare_for_connectivity=True) vm1_ip = '13.13.13.13/24' vm2_ip = '13.13.13.14/24' ping_tgt = IPNetwork(vm2_ip) vm1.configure_vlan_interface(vm1_ip, 'eth1', vlan='10') vm2.configure_vlan_interface(vm2_ip, 'eth1', vlan='10') self.assert_ping(vm1, vm2, network, address=str(ping_tgt.ip), interface='eth1.10') @testtools.skipUnless(Topology.has_vlan_transparency_support(), 'Test skipped as no vlan transparency supported') @skip_because(bug='OPENSTACK-2325') def test_l3_transparent_network(self): kwargs = {'vlan_transparent': 'true'} router = self.create_public_router() network = self.create_network(**kwargs) subnet = self.create_subnet(network) self.router_attach(router, subnet) # create open-ssh security group ssh_security_group = self.create_open_ssh_security_group() vm1 = self.create_tenant_server([network], security_groups=[ssh_security_group], prepare_for_connectivity=True) vm2 = self.create_tenant_server([network], security_groups=[ssh_security_group], prepare_for_connectivity=True) vm1_ip = '13.13.13.13/24' vm2_ip = '13.13.13.14/24' ping_tgt = IPNetwork(vm2_ip) vm1.configure_vlan_interface(vm1_ip, 'eth0', vlan='10') vm2.configure_vlan_interface(vm2_ip, 'eth0', vlan='10') self.assert_ping(vm1, vm2, network, address=str(ping_tgt.ip), interface='eth0.10')
class NuageExtSecGroup(nuage_test.NuageBaseTest): if Topology.from_nuage('20.5'): expected_exception_from_topology = exceptions.BadRequest else: expected_exception_from_topology = exceptions.ServerFault @classmethod def resource_setup(cls): super(NuageExtSecGroup, cls).resource_setup() cls.network = cls.create_cls_network() cls.subnet4 = cls.create_cls_subnet(cls.network, ip_version=4) cls.subnet6 = cls.create_cls_subnet(cls.network, ip_version=6) cls.router = cls.create_cls_router() cls.router_cls_attach(cls.router, cls.subnet4) cls.router_cls_attach(cls.router, cls.subnet6) cls.domain = cls.vsd.get_l3_domain_by_subnet(cls.subnet4) def _create_external_security_group(self, cleanup=True, **kwargs): body = self.plugin_network_client.create_nuage_external_security_group( **kwargs) ext_sg = body['nuage_external_security_group'] if cleanup: self.addCleanup(self._delete_external_security_group, ext_sg['id']) return ext_sg def _delete_external_security_group(self, esg_id): self.plugin_network_client.delete_nuage_external_security_group(esg_id) def _create_external_security_group_rule(self, **kwargs): body = (self.plugin_network_client. create_nuage_external_security_group_rule(**kwargs)) ext_sg_rule = body['nuage_external_security_group_rule'] return ext_sg_rule def _verify_external_secgroup_properties(self, actual_esg, vsd_pg): self.assertEqual(actual_esg['name'], vsd_pg.name) self.assertEqual(actual_esg['extended_community_id'], vsd_pg.evpn_community_tag) self.assertEqual(actual_esg['id'], vsd_pg.id) def _verify_external_secgroup_rule_properties(self, actual_esgr, vsd_pg, origin_sg): self.assertEqual(actual_esgr['id'], vsd_pg.id) self.assertEqual(actual_esgr['protocol'], vsd_pg.protocol) self.assertEqual(actual_esgr['origin_group_id'], origin_sg['id']) def _get_nuage_external_acl(self, ext_sg_rule=None): if ext_sg_rule: template = self.vsd.vspk.NUEgressACLEntryTemplate( id=ext_sg_rule['id']) template.fetch() return template else: return self.domain.egress_acl_entry_templates.get() def test_create_show_list_delete_ext_secgroup(self): name = self.get_randomized_name() kwargs = {'name': name, 'router_id': self.router['id'], 'extended_community_id': "1:1"} ext_sg = self._create_external_security_group(**kwargs) self.assertEqual(ext_sg['name'], name) self.assertEqual(ext_sg['extended_community_id'], "1:1") # VSD verification of external security group ext_pg = self.vsd.vspk.NUPolicyGroup(id=ext_sg['id']) ext_pg.fetch() show_resp = (self.plugin_network_client. show_nuage_external_security_group(ext_sg['id'])) self._verify_external_secgroup_properties( show_resp['nuage_external_security_group'], ext_pg) router_ext_id = self.vsd.external_id(self.router['id']) self.assertEqual(router_ext_id, ext_pg.external_id) # list_external_security_group list_resp = (self.plugin_network_client. list_nuage_external_security_group(self.router['id'])) self._verify_external_secgroup_properties( list_resp['nuage_external_security_groups'][0], ext_pg) def test_create_show_list_delete_ext_secgroup_rule(self): sec_group = self.create_security_group() name = self.get_randomized_name() kwargs = {'name': name, 'router_id': self.router['id'], 'extended_community_id': "1:1"} ext_sg = self._create_external_security_group(**kwargs) kwargs = {'protocol': 'tcp', 'direction': 'egress', 'origin_group_id': sec_group['id'], 'remote_external_group_id': ext_sg['id']} ext_sg_rule = self._create_external_security_group_rule(**kwargs) # Show operation and VSD verification of external security group show_resp = ( self.plugin_network_client. show_nuage_external_security_group_rule(ext_sg_rule['id'])) show_vsd_resp = self._get_nuage_external_acl(ext_sg_rule) self._verify_external_secgroup_rule_properties( show_resp['nuage_external_security_group_rule'], show_vsd_resp, sec_group) # Create second rule kwargs = {'protocol': 'udp', 'port_range_min': 300, 'port_range_max': 500, 'direction': 'egress', 'origin_group_id': sec_group['id'], 'remote_external_group_id': ext_sg['id']} self._create_external_security_group_rule(**kwargs) # Create third rule kwargs = {'protocol': 'vrrp', 'direction': 'egress', 'origin_group_id': sec_group['id'], 'remote_external_group_id': ext_sg['id']} self._create_external_security_group_rule(**kwargs) # List Operation on secgroup rules list_resp = (self.plugin_network_client. list_nuage_external_security_group_rule( ext_sg['id'])['nuage_external_security_group_rules']) list_vsd_resp = self._get_nuage_external_acl() for resp, vsd_resp in zip(list_resp, list_vsd_resp): self._verify_external_secgroup_rule_properties( resp, vsd_resp, sec_group) router_ext_id = self.vsd.external_id(self.router['id']) for vsd_resp in list_vsd_resp: self.assertEqual(router_ext_id, vsd_resp.external_id) def test_create_show_list_delete_ext_secgroup_l2domain(self): network = self.create_network() esg_subnet = self.create_subnet(network) name = self.get_randomized_name() kwargs = {'name': name, 'subnet_id': esg_subnet['id'], 'extended_community_id': "4:4"} ext_sg = self._create_external_security_group(**kwargs) self.assertEqual(ext_sg['name'], name) self.assertEqual(ext_sg['extended_community_id'], "4:4") # VSD verification of external security group ext_pg = self.vsd.vspk.NUPolicyGroup(id=ext_sg['id']) ext_pg.fetch() show_resp = (self.plugin_network_client. show_nuage_external_security_group(ext_sg['id'])) self._verify_external_secgroup_properties( show_resp['nuage_external_security_group'], ext_pg) subnet_ext_id = self.vsd.external_id(esg_subnet['id']) self.assertEqual(subnet_ext_id, ext_pg.external_id) # list_external_security_group list_resp = ( self.plugin_network_client. list_nuage_external_security_group_l2domain(esg_subnet['id'])) self._verify_external_secgroup_properties( list_resp['nuage_external_security_groups'][0], ext_pg) def test_create_delete_invalid_ext_secgroup(self): name = self.get_randomized_name() # Missing pararmeter: external_communtiy_tag in input kwargs = {'name': name, 'router_id': self.router['id']} self.assertRaises( exceptions.BadRequest, self.plugin_network_client.create_nuage_external_security_group, **kwargs) # Invalid external_communtiy_tag_value kwargs = {'name': name, 'router_id': self.router['id'], 'extended_community_id': "4"} self.assertRaises( self.expected_exception_from_topology, self.plugin_network_client.create_nuage_external_security_group, **kwargs) # Missing pararmeter: router/subnet ID in input kwargs = {'name': name, 'router_id': '11111111-1111-1111-1111111111111111', 'extended_community_id': "2:2"} self.assertRaises( exceptions.BadRequest, self.plugin_network_client.create_nuage_external_security_group, **kwargs) # Try deleting invalid external_secgroup self.assertRaises( exceptions.NotFound, self.plugin_network_client.delete_nuage_external_security_group, '11111111-1111-1111-1111111111111111') def test_create_delete_invalid_ext_secgroup_rule(self): sec_group = self.create_security_group() name = self.get_randomized_name() kwargs = {'name': name, 'router_id': self.router['id'], 'extended_community_id': "1:1"} ext_sg = self._create_external_security_group(**kwargs) # Missing mandatory parameter: origin_group_id in input kwargs = {'protocol': 'tcp', 'direction': 'egress', 'remote_external_group_id': ext_sg['id']} self.assertRaises( self.expected_exception_from_topology, self.plugin_network_client. create_nuage_external_security_group_rule, **kwargs) # Invalid remote_group_id value kwargs = {'protocol': 'tcp', 'direction': 'egress', 'origin_group_id': sec_group['id'], 'remote_external_group_id': '11111111-1111-1111-1111111111111111'} self.assertRaises( self.expected_exception_from_topology, self.plugin_network_client. create_nuage_external_security_group_rule, **kwargs) # Try deleting invalid external_secgroup_rule self.assertRaises( exceptions.NotFound, self.plugin_network_client. delete_nuage_external_security_group_rule, '11111111-1111-1111-1111111111111111')
class TestFWaaS(fwaas_mixins.FWaaSClientMixin, NuageBaseTest): default_prepare_for_connectivity = True @classmethod def skip_checks(cls): super(TestFWaaS, cls).skip_checks() if not Topology.has_fwaas_v6_support(): msg = 'No fwaas v6 support.' raise cls.skipException(msg) def setUp(self): super(TestFWaaS, self).setUp() required_exts = ['fwaas', 'security-group', 'router'] for ext in required_exts: if not test.is_extension_enabled(ext, 'network'): msg = "%s Extension not enabled." % ext raise self.skipException(msg) def assert_no_icmp_connectivity(self, **kwargs): self.assert_icmp_connectivity(is_connectivity_expected=False, **kwargs) def assert_no_tcp_connectivity(self, **kwargs): self.assert_tcp_connectivity(is_connectivity_expected=False, **kwargs) def assert_connectivity(self, **kwargs): self.assert_icmp_connectivity(**kwargs) self.assert_tcp_connectivity(**kwargs) def assert_no_connectivity(self, **kwargs): self.assert_no_icmp_connectivity(**kwargs) self.assert_no_tcp_connectivity(**kwargs) def _empty_policy(self, router_id=None, **_kwargs): # NOTE(yamamoto): an empty policy would deny all # We allow ipv4 traffic here fw_rule_ipv4 = self.create_firewall_rule(action='allow', ip_version=4) fw_policy = self.create_firewall_policy( firewall_rules=[fw_rule_ipv4['id']]) fw = self.create_firewall(firewall_policy_id=fw_policy['id'], router_ids=[router_id]) self._wait_firewall_ready(fw['id']) return { 'fw': fw, 'fw_policy': fw_policy, } def _all_disabled_rules(self, **_kwargs): # NOTE(yamamoto): a policy whose rules are all disabled would deny all fw_rule = self.create_firewall_rule(action="allow", enabled=False, ip_version=6) fw_rule_ipv4 = self.create_firewall_rule(action='allow', ip_version=4) fw_policy = self.create_firewall_policy( firewall_rules=[fw_rule['id'], fw_rule_ipv4['id']]) fw = self.create_firewall(firewall_policy_id=fw_policy['id']) self._wait_firewall_ready(fw['id']) return { 'fw': fw, 'fw_policy': fw_policy, 'fw_rule': fw_rule, } def _block_destination_ip(self, server1_fixed_ip, server2_fixed_ip, router_id, **_kwargs): rules = [ # NOTE(yamamoto): The filtering is taken place after # destination ip is rewritten to fixed-ip. self.create_firewall_rule(destination_ip_address=server2_fixed_ip, action="deny", ip_version=6), self.create_firewall_rule(action='allow', ip_version=6), self.create_firewall_rule(action="allow", ip_version=4) ] rule_ids = [r['id'] for r in rules] fw_policy = self.create_firewall_policy(firewall_rules=rule_ids) fw = self.create_firewall(firewall_policy_id=fw_policy['id'], router_ids=[router_id]) self._wait_firewall_ready(fw['id']) return { 'fw': fw, 'fw_policy': fw_policy, 'server1_fixed_ip': server1_fixed_ip, 'server2_fixed_ip': server2_fixed_ip, } def _block_source_ip(self, server1_fixed_ip, server2_fixed_ip, router_id, **_kwargs): rules = [ # NOTE(yamamoto): The filtering is taken place after # destination ip is rewritten to fixed-ip. self.create_firewall_rule(source_ip_address=server1_fixed_ip, action="deny", ip_version=6), self.create_firewall_rule(action='allow', ip_version=6), self.create_firewall_rule(action="allow", ip_version=4) ] fw_policy = self.create_firewall_policy( firewall_rules=[r['id'] for r in rules]) fw = self.create_firewall(firewall_policy_id=fw_policy['id'], router_ids=[router_id]) self._wait_firewall_ready(fw['id']) return { 'fw': fw, 'fw_policy': fw_policy, 'server1_fixed_ip': server1_fixed_ip, 'server2_fixed_ip': server2_fixed_ip, } def _block_icmp(self, router_id=None, **_kwargs): deny_icmp = self.create_firewall_rule(protocol="ipv6-icmp", action="deny", ip_version=6) allow_ipv6 = self.create_firewall_rule(action="allow", ip_version=6) allow_ipv4 = self.create_firewall_rule(action='allow', ip_version=4) fw_policy = self.create_firewall_policy(firewall_rules=[ deny_icmp['id'], allow_ipv6['id'], allow_ipv4['id'] ]) fw = self.create_firewall(firewall_policy_id=fw_policy['id'], router_ids=[router_id]) self._wait_firewall_ready(fw['id']) return { 'fw': fw, 'fw_policy': fw_policy, 'fw_rule': deny_icmp, 'router_id': router_id } def _block_all_with_default_allow(self, router_id, **_kwargs): fw_rule = self.create_firewall_rule(action="deny", ip_version=6) fw_rule_allow = self.create_firewall_rule(action="allow", ip_version=6) fw_rule_ipv4 = self.create_firewall_rule(action='allow', ip_version=4) fw_policy = self.create_firewall_policy(firewall_rules=[ fw_rule['id'], fw_rule_allow['id'], fw_rule_ipv4['id'] ]) fw = self.create_firewall(firewall_policy_id=fw_policy['id'], router_ids=[router_id]) self._wait_firewall_ready(fw['id']) return { 'fw': fw, 'fw_policy': fw_policy, 'fw_rules': [fw_rule], } def _block_certain_ports(self, router_id, **_kwargs): deny_source_9090 = self.create_firewall_rule(action="deny", ip_version=6, source_port=9090, protocol='tcp') deny_destination_80 = self.create_firewall_rule(action="deny", ip_version=6, destination_port=80, protocol='tcp') allow_v6 = self.create_firewall_rule(action="allow", ip_version=6) allow_v4 = self.create_firewall_rule(action='allow', ip_version=4) fw_policy = self.create_firewall_policy(firewall_rules=[ deny_source_9090['id'], deny_destination_80['id'], allow_v6['id'], allow_v4['id'] ]) fw = self.create_firewall(firewall_policy_id=fw_policy['id'], router_ids=[router_id]) self._wait_firewall_ready(fw['id']) return { 'fw': fw, 'fw_policy': fw_policy, 'fw_rules': (deny_source_9090, deny_destination_80), } def _confirm_certain_ports_blocked(self, from_server, to_server): servers = {'from_server': from_server, 'to_server': to_server} # icmp not blocked self.assert_icmp_connectivity(**servers) # ports that are not blocked self.assert_tcp_connectivity(destination_port=81, source_port=9091, **servers) # blocked destination port self.assert_no_tcp_connectivity(destination_port=80, source_port=9092, **servers) # blocked source port self.assert_no_tcp_connectivity(destination_port=81, source_port=9090, **servers) def _confirm_certain_ports_allowed(self, from_server, to_server): servers = {'from_server': from_server, 'to_server': to_server} # icmp not blocked self.assert_icmp_connectivity(**servers) # ports that are not blocked self.assert_tcp_connectivity(destination_port=81, source_port=9091, **servers) # blocked destination port self.assert_tcp_connectivity(destination_port=80, source_port=9092, **servers) # blocked source port self.assert_tcp_connectivity(destination_port=81, source_port=9090, **servers) def _remove_rule_and_wait(self, firewall_id, firewall_policy_id, firewall_rule_id): self.firewall_policies_client.remove_firewall_rule_from_policy( firewall_policy_id=firewall_policy_id, firewall_rule_id=firewall_rule_id) self._wait_firewall_ready(firewall_id) def _delete_firewall(self, ctx): self.delete_firewall_and_wait(ctx['fw']['id']) def _remove_rule(self, ctx): for rule in ctx['fw_rules']: self._remove_rule_and_wait( firewall_id=ctx['fw']['id'], firewall_policy_id=ctx['fw_policy']['id'], firewall_rule_id=rule['id']) def _disable_rules(self, ctx): for rule in ctx['fw_rules']: self.firewall_rules_client.update_firewall_rule( firewall_rule_id=rule['id'], enabled=False) self._wait_firewall_ready(ctx['fw']['id']) def _reverse_rules_order(self, ctx): self.firewall_policies_client.update_firewall_policy( ctx['fw_policy']['id'], firewall_rules=list(reversed(ctx['fw_policy']['firewall_rules']))) self._wait_firewall_ready(ctx['fw']['id']) def _confirm_blocked_one_way(self, from_server, to_server, **_kwargs): # one way self.assert_no_icmp_connectivity(from_server=from_server, to_server=to_server) self.assert_no_tcp_connectivity(from_server=from_server, to_server=to_server) # other way self.assert_icmp_connectivity(from_server=to_server, to_server=from_server) self.assert_tcp_connectivity(from_server=to_server, to_server=from_server) def _confirm_icmp_blocked_but_tcp_allowed(self, from_server, to_server): self.assert_no_icmp_connectivity(from_server=from_server, to_server=to_server) self.assert_tcp_connectivity(from_server=from_server, to_server=to_server) def _create_topology(self, router, cidrv4=None, cidrv6=None): """Create a topology for testing +--------+ +-----------+ |"server"| | "subnet" | | VM +-------------+ "network" | +--------+ +----+------+ | | router interface port +----+-----+ | "router" | +----+-----+ | router gateway port | | +----+------------------+ | existing network | | ("public_network_id") | +-----------------------+ """ network = self.create_network() subnet = self.create_subnet(network, cidr=cidrv4) subnet6 = self.create_subnet(network, ip_version=6, cidr=cidrv6) self.router_attach(router, subnet) self.router_attach(router, subnet6) security_group = self._create_security_group() self.create_security_group_rule(security_group, direction='ingress', protocol='tcp', ethertype='IPv6', port_range_min=80, port_range_max=9999) server = self.create_tenant_server([network], security_groups=[security_group], prepare_for_connectivity=True) fixed_ip4 = IPAddress( server.get_server_ip_in_network(network['name'], 4)) fixed_ip6 = IPAddress( server.get_server_ip_in_network(network['name'], 6)) return server, fixed_ip4, fixed_ip6 def _test_firewall_basic(self, block, allow=None, confirm_allowed=None, confirm_blocked=None, ports_for_webserver=(80, )): LOG.info('[{}] Begin _test_firewall_basic'.format(self.test_name)) if allow is None: allow = self._delete_firewall if confirm_allowed is None: confirm_allowed = self.assert_connectivity if confirm_blocked is None: confirm_blocked = self.assert_no_connectivity LOG.info('[{}] 1. Creating topology'.format(self.test_name)) router = self._get_router() (server2, server2_fixed_ip4, server2_fixed_ip6) = self._create_topology( router, cidrv4=IPNetwork('20.0.0.0/24'), cidrv6=IPNetwork('cafe:bace::/64')) (server1, server1_fixed_ip4, server1_fixed_ip6) = self._create_topology( router, cidrv4=IPNetwork('10.0.0.0/24'), cidrv6=IPNetwork('cafe:babe::/64')) for port in ports_for_webserver: self.start_web_server(server1, port=port) self.start_web_server(server2, port=port) self.sleep(10, 'Naively mitigating slow CI', tag=self.test_name) server1.echo_debug_info() server2.echo_debug_info() LOG.info('[{}] 2. Verify connectivity'.format(self.test_name)) self.assert_connectivity(from_server=server1, to_server=server2) self.sleep(10, 'Naively mitigating slow CI') LOG.info('[{}] 3. Create firewall'.format(self.test_name)) ctx = block(server1_fixed_ip=server1_fixed_ip6, server2_fixed_ip=server2_fixed_ip6, router_id=router['id']) self.sleep(10, 'Naively mitigating slow CI', tag=self.test_name) LOG.info('[{}] 4. Verify no connectivity'.format(self.test_name)) confirm_blocked(from_server=server1, to_server=server2) LOG.info('[{}] 5. Allow traffic'.format(self.test_name)) allow(ctx) self.sleep(10, 'Naively mitigating slow CI', tag=self.test_name) LOG.info('[{}] 6. Verify connectivity'.format(self.test_name)) confirm_allowed(from_server=server1, to_server=server2) def test_block_port(self): self._test_firewall_basic( block=self._block_certain_ports, confirm_blocked=self._confirm_certain_ports_blocked, allow=self._disable_rules, confirm_allowed=self._confirm_certain_ports_allowed, ports_for_webserver=(80, 81)) def test_firewall_block_source_ip(self): self._test_firewall_basic( block=self._block_source_ip, confirm_blocked=self._confirm_blocked_one_way) def test_firewall_destination_ip(self): self._test_firewall_basic( block=self._block_destination_ip, confirm_blocked=self._confirm_blocked_one_way) def test_firewall_block_icmp(self): self._test_firewall_basic( block=self._block_icmp, confirm_blocked=self._confirm_icmp_blocked_but_tcp_allowed) def test_firewall_remove_rule(self): self._test_firewall_basic(block=self._block_all_with_default_allow, allow=self._remove_rule) def test_firewall_disable_rule(self): self._test_firewall_basic(block=self._block_all_with_default_allow, allow=self._disable_rules) def test_firewall_empty_policy(self): self._test_firewall_basic(block=self._empty_policy) def test_firewall_all_disabled_rules(self): self._test_firewall_basic(block=self._all_disabled_rules) @testtools.skipIf(Topology.at_nuage('6.0') or Topology.up_to_nuage('5.4'), reason='VSD-42518') def test_firewall_order_rules(self): self._test_firewall_basic(block=self._block_all_with_default_allow, allow=self._reverse_rules_order)
# Copyright 2017 - Nokia # All Rights Reserved. from netaddr import IPAddress from netaddr import IPNetwork from .base_nuage_networks_cli import BaseNuageNetworksCliTestCase from nuage_tempest_plugin.lib.topology import Topology from nuage_tempest_plugin.lib.utils import constants from nuage_tempest_plugin.services.nuage_network_client \ import NuageNetworkClientJSON from nuage_tempest_plugin.tests.api.ipv6.vsd_managed.base_nuage_networks \ import BaseVSDManagedNetworksIPv6Test from tempest.lib.common.utils import data_utils LOG = Topology.get_logger(__name__) VALID_MAC_ADDRESS = 'fa:fa:3e:e8:e8:01' VALID_MAC_ADDRESS_2A = 'fa:fa:3e:e8:e8:2a' VALID_MAC_ADDRESS_2B = 'fa:fa:3e:e8:e8:2b' SPOOFING_ENABLED = constants.ENABLED SPOOFING_DISABLED = (constants.INHERITED if Topology.is_v5 else constants.DISABLED) ############################################################################### # MultiVIP . allowed address pairs ############################################################################### class OSManagedAllowedAddressPairsCliTest(BaseNuageNetworksCliTestCase, BaseVSDManagedNetworksIPv6Test):
class NuageFloatingIPProprietaryQosTest( test_floatingip.FloatingIpTestCasesMixin, base_nuage_qos.NuageQoSTestMixin, neutron_base.BaseTempestTestCase): same_network = True @classmethod @utils.requires_ext(extension="router", service="network") def resource_setup(cls): super(NuageFloatingIPProprietaryQosTest, cls).resource_setup() @testtools.skipIf(Topology.before_nuage('20.10'), 'VRS-47436') def test_qos(self): """Test floating IP is binding to a QoS policy with ingress and egress bandwidth limit rules. And it applied correctly by sending a file from the instance to the test node. Then calculating the bandwidth every ~1 sec by the number of bits received / elapsed time. """ self._test_basic_resources() ssh_client = self._create_ssh_client() fip = self.os_admin.network_client.get_floatingip( self.fip['id'])['floatingip'] self.assertEqual(self.port['id'], fip['port_id']) if hasattr(self, 'FILE_SIZE'): # Queens & Rocky: create file self._create_file_for_bw_tests(ssh_client) # Check bw not limited unlimited_bw = sys.maxsize common_utils.wait_until_true( lambda: self._check_bw(ssh_client, self.fip['floating_ip_address'], port=self.NC_PORT, expected_bw=unlimited_bw), timeout=240) self.os_admin.network_client.update_floatingip( self.fip['id'], nuage_egress_fip_rate_kbps=500, nuage_ingress_fip_rate_kbps=1000) expected_egress_bw = 500 * 1024 * self.TOLERANCE_FACTOR / 8.0 expected_ingress_bw = 1000 * 1024 * self.TOLERANCE_FACTOR / 8.0 common_utils.wait_until_true( lambda: self._check_bw(ssh_client, self.fip['floating_ip_address'], port=self.NC_PORT, expected_bw=expected_egress_bw), timeout=120, sleep=1) common_utils.wait_until_true( lambda: self._check_bw_ingress(ssh_client, self.fip['floating_ip_address'], port=self.NC_PORT + 1, expected_bw=expected_ingress_bw), timeout=120, sleep=1) # Update floating ip QOS to new value self.os_admin.network_client.update_floatingip( self.fip['id'], nuage_egress_fip_rate_kbps=200, nuage_ingress_fip_rate_kbps=400) expected_egress_bw = 200 * 1024 * self.TOLERANCE_FACTOR / 8.0 expected_ingress_bw = 400 * 1024 * self.TOLERANCE_FACTOR / 8.0 common_utils.wait_until_true( lambda: self._check_bw(ssh_client, self.fip['floating_ip_address'], port=self.NC_PORT, expected_bw=expected_egress_bw), timeout=120, sleep=1) common_utils.wait_until_true( lambda: self._check_bw_ingress(ssh_client, self.fip['floating_ip_address'], port=self.NC_PORT + 1, expected_bw=expected_ingress_bw), timeout=120, sleep=1)