class NuageExtraDHCPOptionsNegativeTest(
base_nuage_extra_dhcp_options.NuageExtraDHCPOptionsBase):
"""NuageExtraDHCPOptionsNegativeTest
Negative tests on
port create
port list
port show
port update
v2.0 of the Neutron API is assumed. It is also assumed that the Extra
DHCP Options extension (extra_dhcp_opt)is enabled in the
[network-feature-enabled] section of etc/tempest.conf
"""
@classmethod
def resource_setup(cls):
super(NuageExtraDHCPOptionsNegativeTest, cls).resource_setup()
# L2 OS managed network
cls.osmgd_l2_network = cls.create_network()
cls.osmgd_l2_subnet = cls.create_subnet(cls.osmgd_l2_network)
cls.os_l2_port = cls.create_port(cls.osmgd_l2_network)
cls.l2domain = cls.nuage_client.get_l2domain(
'externalID',
cls.nuage_client.get_vsd_external_id(cls.osmgd_l2_subnet['id'])
)
@classmethod
def skip_checks(cls):
raise cls.skipException('Skipping negative DHCP tests.')
def _assert_nuage_create_port_with_dhcp_opts(self, network_id,
extra_dhcp_opts):
# Create a port with valid opt-name but invalid opt-value(s)
self.assertRaises(exceptions.BadRequest,
self._create_port_with_dhcp_opts,
network_id,
extra_dhcp_opts)
def _assert_nuage_update_port_with_dhcp_opts(self, port,
extra_dhcp_opts):
# Update an existing port with valid opt-name but invalid opt-value(s)
self.assertRaises(exceptions.BadRequest,
self._update_port_with_dhcp_opts,
port,
extra_dhcp_opts)
def _assert_create_update_port_with_bad_dhcp_opts_neg(self, network_id,
bad_values,
opt_name):
for opt_value in bad_values:
extra_dhcp_opts = [
{'opt_value': opt_value, 'opt_name': opt_name}
]
self.assertRaises(exceptions.BadRequest,
self._create_port_with_dhcp_opts,
network_id,
extra_dhcp_opts)
self.assertRaises(exceptions.BadRequest,
self._update_port_with_dhcp_opts,
self.os_l2_port['id'],
extra_dhcp_opts)
def _create_network(self, external=False):
if external:
post_body = {'name': data_utils.rand_name('ext-network'),
'router:external': external}
else:
post_body = {'name': data_utils.rand_name('network')}
body = self.admin_networks_client.create_network(**post_body)
network = body['network']
self.addCleanup(self.admin_networks_client.delete_network,
network['id'])
return network
def test_nuage_create_port_with_dhcp_opts_001_netmask_neg(self):
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_IPV4_ADDRESSES, 'netmask')
def test_nuage_create_port_with_dhcp_opts_002_time_offset_neg(self):
# Create a port with Extra DHCP Options two's complement 32-bit integer
network_id = self.osmgd_l2_network['id']
bad_values = ['rubbish',
str(constants.MAX_UNSIGNED_INT32_PLUS_ONE),
VERY_LONG_STRING]
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, bad_values, 'netmask')
def test_nuage_create_port_with_dhcp_opts_003_router_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_IPV4_ADDRESSES, 'router')
def test_nuage_create_port_with_dhcp_opts_004_time_server_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
bad_values = ['rubbish',
str(constants.MAX_UNSIGNED_INT32_PLUS_ONE),
VERY_LONG_STRING]
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, bad_values, 'time-server')
def test_nuage_create_port_with_dhcp_opts_006_dns_server_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_IPV4_ADDRESSES, 'dns-server')
def test_nuage_create_port_with_dhcp_opts_007_log_server_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_IPV4_ADDRESSES, 'log-server')
def test_nuage_create_port_with_dhcp_opts_009_lpr_server_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_IPV4_ADDRESSES, 'lpr-server')
def test_nuage_create_port_with_dhcp_opts_012_hostname_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
bad_values = [
VERY_LONG_STRING]
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, bad_values, 'hostname')
def test_nuage_create_port_with_dhcp_opts_013_boot_file_size_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_INTEGER_TYPE_VALUES, 'boot-file-size')
def test_nuage_create_port_with_dhcp_opts_015_domain_name_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_STRING_TYPE_VALUES, 'domain-name')
def test_nuage_create_port_with_dhcp_opts_016_swap_server_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_IPV4_ADDRESSES, 'swap-server')
def test_nuage_create_port_with_dhcp_opts_017_root_path_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_STRING_TYPE_VALUES, 'root-path')
def test_nuage_create_port_with_dhcp_opts_018_extension_path_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_STRING_TYPE_VALUES, 'extension-path')
def test_nuage_create_port_with_dhcp_opts_019_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_INTEGER_TYPE_VALUES, 'ip-forward-enable')
def test_nuage_create_port_with_dhcp_opts_020_non_local_source_routing_neg(
self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_INTEGER_TYPE_VALUES, 'non-local-source-routing')
def test_nuage_create_port_with_dhcp_opts_021_policy_filter_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
bad_values = ['10.20.21.200;255.255.256.0',
'10.20.21.300;255.255.255.0',
'10.20.21.401;255.255.0.',
str(constants.MAX_UNSIGNED_INT32_PLUS_ONE),
VERY_LONG_STRING]
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, bad_values, 'policy-filter')
def test_nuage_create_port_with_dhcp_opts_022_max_datagram_reassembly_neg(
self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_INTEGER_TYPE_VALUES, 'max-datagram-reassembly')
def test_nuage_create_port_with_dhcp_opts_023_default_ttl_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_INTEGER_TYPE_VALUES, 'default-ttl')
def test_nuage_create_port_with_dhcp_opts_026_mtu_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_INTEGER_TYPE_VALUES, 'mtu')
def test_nuage_create_port_with_dhcp_opts_027_all_subnets_local_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_INTEGER_TYPE_VALUES, 'TBD')
def test_nuage_create_port_with_dhcp_opts_028_broadcast_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_IPV4_ADDRESSES, 'broadcast')
def test_nuage_create_port_with_dhcp_opts_031_router_discovery_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_INTEGER_TYPE_VALUES, 'router-discovery')
def test_nuage_create_port_with_dhcp_opts_032_router_solicitation_neg(
self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_IPV4_ADDRESSES, 'router-solicitation')
# {'opt_value': '10.33.33.0;10.33.33.33;10.33.34.0;10.33.34.10',
# 'opt_name': 'static-route'}
def test_nuage_create_port_with_dhcp_opts_033_static_route_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
# The minimum length of this option is 8, and the length MUST be a
# multiple of 8.
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_IPV4_ADDRESSES, 'static-route')
def test_nuage_create_port_with_dhcp_opts_034_trailer_encapsulation_neg(
self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_INTEGER_TYPE_VALUES, 'trailer-encapsulation')
def test_nuage_create_port_with_dhcp_opts_035_arp_timeout_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
# 32-bit unsigned integer
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_INTEGER_TYPE_VALUES, 'arp-timeout')
def test_nuage_create_port_with_dhcp_opts_036_ethernet_encap_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_INTEGER_TYPE_VALUES, 'ethernet-encap')
def test_nuage_create_port_with_dhcp_opts_037_tcp_ttl_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
# 8-bit unsigned integer. The minimum value is 1.
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_INTEGER_TYPE_VALUES, 'tcp-ttl')
def test_nuage_create_port_with_dhcp_opts_038_tcp_keepalive_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
# 32-bit unsigned integer
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_INTEGER_TYPE_VALUES, 'tcp-keepalive')
def test_nuage_create_port_with_dhcp_opts_040_nis_domain_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_STRING_TYPE_VALUES, 'nis-domain')
def test_nuage_create_port_with_dhcp_opts_041_nis_server_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_IPV4_ADDRESSES, 'nis-server')
def test_nuage_create_port_with_dhcp_opts_042_ntp_server_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_IPV4_ADDRESSES, 'ntp-server')
def test_nuage_create_port_with_dhcp_opts_044_netbios_ns_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_IPV4_ADDRESSES, 'netbios-ns')
def test_nuage_create_port_with_dhcp_opts_045_netbios_dd_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_IPV4_ADDRESSES, 'netbios-dd')
def test_nuage_create_port_with_dhcp_opts_046_netbios_nodetype_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
# Valid values: 0x1, 0x2, 0x4, 0x8
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_INTEGER_TYPE_VALUES, 'netbios-nodetype')
def test_nuage_create_port_with_dhcp_opts_047_netbios_scope_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_STRING_TYPE_VALUES, 'netbios-scope')
def test_nuage_create_port_with_dhcp_opts_048_x_windows_fs_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_IPV4_ADDRESSES, 'x-windows-fs')
def test_nuage_create_port_with_dhcp_opts_049_x_windows_dm_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_IPV4_ADDRESSES, 'x-windows-dm')
def test_nuage_create_port_with_dhcp_opts_050_requested_address_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_IPV4_ADDRESSES, 'requested-address')
def test_nuage_create_port_with_dhcp_opts_060_vendor_class_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_STRING_TYPE_VALUES, 'vendor-class')
def test_nuage_create_port_with_dhcp_opts_064_nisplus_domain_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_STRING_TYPE_VALUES, 'nis+-domain')
def test_nuage_create_port_with_dhcp_opts_065_nisplus_server_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_IPV4_ADDRESSES, 'nis+-server')
def test_nuage_create_port_with_dhcp_opts_066_tftp_server_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_STRING_TYPE_VALUES, 'tftp_server')
def test_nuage_create_port_with_dhcp_opts_067_bootfile_name_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_STRING_TYPE_VALUES, 'bootfile-name')
def test_nuage_create_port_with_dhcp_opts_068_mobile_ip_home_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_IPV4_ADDRESSES, 'mobile-ip-home')
def test_nuage_create_port_with_dhcp_opts_069_smtp_server_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_IPV4_ADDRESSES, 'smtp-server')
def test_nuage_create_port_with_dhcp_opts_070_pop3_server_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_IPV4_ADDRESSES, 'pop3-server')
def test_nuage_create_port_with_dhcp_opts_071_nntp_server_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_IPV4_ADDRESSES, 'nntp-server')
def test_nuage_create_port_with_dhcp_opts_074_irc_server_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_IPV4_ADDRESSES, 'irc-server')
def test_nuage_create_port_with_dhcp_opts_077_user_class_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_INTEGER_TYPE_VALUES, 'user-class')
def test_nuage_create_port_with_dhcp_opts_093_client_arch_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_INTEGER_TYPE_VALUES, 'client-arch')
def test_nuage_create_port_with_dhcp_opts_094_client_interface_id_neg(
self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_INTEGER_TYPE_VALUES, 'client-interface-id')
def test_nuage_create_port_with_dhcp_opts_097_client_machine_id_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_INTEGER_TYPE_VALUES, 'client-machine-id')
def test_nuage_create_port_with_dhcp_opts_119_domain_search_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_STRING_TYPE_VALUES, 'domain-search')
def test_nuage_create_port_with_dhcp_opts_120_sip_server_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_STRING_TYPE_VALUES, 'sip-server')
def test_nuage_create_port_with_dhcp_opts_121_classless_static_route_neg(
self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_INTEGER_TYPE_VALUES, 'classless-static-route')
def test_nuage_create_port_with_dhcp_opts_125_vendor_id_encap_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_INTEGER_TYPE_VALUES, 'vendor-id-encap')
def test_nuage_create_port_with_dhcp_opts_255_server_ip_address_neg(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, BAD_INTEGER_TYPE_VALUES, 'server-ip-address')
def test_nuage_create_port_with_dhcp_opts_wrong_option(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
bad_values = ['1', '2']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, bad_values, 'non-existing-option')
def test_nuage_create_port_with_dhcp_opts_large_option_name(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
some_values = ['1', '2']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, some_values, VERY_LONG_STRING)
def test_nuage_create_port_with_dhcp_opts_external_network_neg(self):
# Try to create a port with extra dhcp options on an external network
# Should fail, as DHCP is handled externally
ext_network = self._create_network(external=True)
# subnet is needed for trying port creation
ext_subnet = self.create_subnet(ext_network,
manager=self.admin_manager)
# check whether this subnet is not empty
self.assertNotEmpty(ext_subnet)
extra_dhcp_opts = [
{'opt_value': '12.22.32.42', 'opt_name': 'router'}
]
self.assertRaises(exceptions.BadRequest,
self._create_port_with_dhcp_opts,
ext_network['id'],
extra_dhcp_opts,
manager=self.admin_manager)
def test_nuage_create_port_with_dhcp_opts_nuage_l2_to_l3_migr_port_neg(
self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
extra_dhcp_opts = [
{'opt_value': '10.20.30.40', 'opt_name': 'router'}
]
# Find the device_owner = 'network:dhcp:nuage' port created by Nuage
# when the subnet was created
list_body = self.ports_client.list_ports()
all_ports = list_body['ports']
nuage_ports = [p for p in all_ports
if p['device_owner'] == 'network:dhcp:nuage']
# Now fetch the one from our subnet
our_nuage_port = [p for p in nuage_ports
if p['fixed_ips'][0]['subnet_id'] ==
self.osmgd_l2_subnet['id']]
self.assertTrue(our_nuage_port)
if NUAGE_FEATURES.os_managed_dualstack_subnets:
new_nuage_port = self._update_port_with_dhcp_opts(
our_nuage_port[0]['id'],
extra_dhcp_opts)
# with ipv6 patchset we don't raise exception on update of
# nuage:dhcp owned ports (upstream allows this)
# Openstack-1897
self.assertIsNone(new_nuage_port)
else:
self.assertRaises(exceptions.BadRequest,
self._update_port_with_dhcp_opts,
our_nuage_port[0]['id'],
extra_dhcp_opts)
def test_nuage_create_port_with_dhcp_opts_multiple_times_neg(
self):
# When specifying the the same option multiple times, it should fail
network_id = self.osmgd_l2_network['id']
extra_dhcp_opts = [
{'opt_value': '19.20.30.40', 'opt_name': 'router'},
{'opt_value': '19.20.30.41', 'opt_name': 'router'},
{'opt_value': '19.20.30.42', 'opt_name': 'router'},
{'opt_value': '19.20.30.43', 'opt_name': 'router'},
{'opt_value': '19.20.30.44', 'opt_name': 'router'}
]
if Topology.from_openstack('Newton') and Topology.is_ml2:
self.assertRaises(exceptions.Conflict,
self._create_port_with_dhcp_opts,
network_id,
extra_dhcp_opts)
else:
self.assertRaises(exceptions.BadRequest,
self._create_port_with_dhcp_opts,
network_id,
extra_dhcp_opts)
@decorators.attr(type='smoke')
def test_nuage_update_port_with_dhcp_opts_multiple_times_neg(self):
# When specifying the the same option multiple times, it should fail
extra_dhcp_opts = [
{'opt_value': '19.20.30.40', 'opt_name': 'router'},
{'opt_value': '19.20.30.41', 'opt_name': 'router'},
{'opt_value': '19.20.30.42', 'opt_name': 'router'},
{'opt_value': '19.20.30.43', 'opt_name': 'router'},
{'opt_value': '19.20.30.44', 'opt_name': 'router'}
]
if Topology.from_openstack('Newton') and Topology.is_ml2:
self.assertRaises(exceptions.Conflict,
self._update_port_with_dhcp_opts,
self.os_l2_port['id'],
extra_dhcp_opts)
else:
self.assertRaises(exceptions.BadRequest,
self._update_port_with_dhcp_opts,
self.os_l2_port['id'],
extra_dhcp_opts)
@decorators.attr(type='smoke')
def test_nuage_create_port_with_dhcp_opts_more_than_16_neg(self):
# When specifying the the same option multiple times, it should fail
more_than_16_extra_dhcp_opts = [
{'opt_value': '255.255.255.0', 'opt_name': 'netmask'},
{'opt_value': '200', 'opt_name': 'time-offset'},
{'opt_value': '11.33.66.3', 'opt_name': 'router'},
{'opt_value': '11.33.66.4', 'opt_name': 'time-server'},
{'opt_value': '11.33.66.6', 'opt_name': 'dns-server'},
{'opt_value': '11.33.66.7', 'opt_name': 'log-server'},
{'opt_value': '11.33.66.9', 'opt_name': 'lpr-server'},
{'opt_value': 'more.than.16-hostname', 'opt_name': 'hostname'},
{'opt_value': '8192', 'opt_name': 'boot-file-size'},
{'opt_value': 'more.than.16.domain.com',
'opt_name': 'domain-name'},
{'opt_value': '11.33.66.16', 'opt_name': 'swap-server'},
{'opt_value': '/opt/more-than16/root-path',
'opt_name': 'root-path'},
{'opt_value': '/opt/more-than16/extension-path',
'opt_name': 'extension-path'},
{'opt_value': '1', 'opt_name': 'ip-forward-enable'},
{'opt_value': '1', 'opt_name': 'non-local-source-routing'},
{'opt_value': '1576', 'opt_name': 'max-datagram-reassembly'},
{'opt_value': '150', 'opt_name': 'default-ttl'},
{'opt_value': '2104', 'opt_name': 'mtu'}
]
self.assertRaises(exceptions.BadRequest,
self._create_port_with_dhcp_opts,
self.osmgd_l2_network['id'],
more_than_16_extra_dhcp_opts)
def test_nuage_show_port_non_existent_neg(self):
# Try to show the extra dhcp options of a non-existent port
bad_port_id = 'blablablabla'
self.assertRaises(exceptions.NotFound,
self.ports_client.show_port,
bad_port_id)
@decorators.attr(type='smoke')
@testtools.skipIf(Topology.before_openstack('queens'),
'Unsupported pre-queens')
def test_nuage_create_port_with_dhcp_opts_wrong_numerical_option(self):
# Try to create a port with bad extra dhcp options values
# Try to update an existing port with these bad DHCP option values
network_id = self.osmgd_l2_network['id']
bad_values = ['1', '2']
self._assert_create_update_port_with_bad_dhcp_opts_neg(
network_id, bad_values, '0')
@decorators.attr(type='smoke')
@testtools.skipIf(Topology.before_openstack('queens'),
'Unsupported pre-queens')
def test_nuage_create_port_with_dhcp_opts_mixed_numerical_option(self):
extra_dhcp_opts = [
{'opt_value': 'nuage.net', 'opt_name': 'hostname'}]
self._update_port_with_dhcp_opts(
self.os_l2_port['id'],
extra_dhcp_opts
)
extra_dhcp_opts = [
{'opt_value': 'nuage.net', 'opt_name': '12'}]
self.assertRaises(exceptions.BadRequest,
self._update_port_with_dhcp_opts,
self.os_l2_port['id'],
extra_dhcp_opts)
def skip_checks(cls):
super(TestFWaaS, cls).skip_checks()
if not Topology.has_fwaas_v6_support():
msg = 'No fwaas v6 support.'
raise cls.skipException(msg)
class SriovBasicOpsTest(NuageBaseTest):
force_tenant_isolation = False
ip_types = {(4,): 'IPV4', (6,): 'IPV6', (4, 6): 'DUALSTACK'}
@classmethod
def resource_setup(cls):
super(SriovBasicOpsTest, cls).resource_setup()
cls.aggregates = cls.admin_manager.aggregates_client.list_aggregates()
cls.hosts_vrs = [aggregate['hosts'] for aggregate in
cls.aggregates['aggregates']
if aggregate['metadata']['flavor'] == 'vrs'][0]
cls.hosts_sriov = [aggregate['hosts'] for aggregate in
cls.aggregates['aggregates']
if aggregate['metadata']['flavor'] == 'sriov'][0]
cls.availability_zones_vrs = ['nova:' + host for host
in cls.hosts_vrs]
cls.availability_zones_sriov = ['nova:' + host for host
in cls.hosts_sriov]
@classmethod
def skip_checks(cls):
super(SriovBasicOpsTest, cls).skip_checks()
if CONF.network.port_vnic_type not in ['direct']:
msg = 'Test requires port_vnic_type "direct"'
raise cls.skipException(msg)
if Topology.has_default_switchdev_port_profile():
raise cls.skipException('Test requires switchdev offloading '
'to be disabled')
def _check_connectivity(self, ip_version=4):
connectivity_check_pairs = []
sriov_compute = self.availability_zones_sriov[0]
server_to = self._create_server_with_direct_port(
availability_zone=sriov_compute)
vrs_computes = [sriov_compute]
if any(self.availability_zones_vrs):
vrs_computes.append(self.availability_zones_vrs[0])
for availability_zone in vrs_computes:
server_from = self._create_server_with_virtio_port(
availability_zone=availability_zone)
connectivity_check_pairs.append((server_from, server_to))
for server_from, server_to in connectivity_check_pairs:
self.assert_ping(server_from, server_to, network=self.network,
ip_version=ip_version)
def _create_server_with_virtio_port(self, availability_zone):
port = self.create_port(self.network, security_groups=[
self.secgroup['id']],
manager=self.admin_manager,
**VIRTIO_ARGS)
return self.create_tenant_server(
availability_zone=availability_zone,
ports=[port],
prepare_for_connectivity=True,
manager=self.admin_manager)
def _create_server_with_direct_port(self, availability_zone):
kwargs = {'config_drive': True}
port = self.create_port(self.network,
port_security_enabled=False,
manager=self.admin_manager)
return self.create_tenant_server(
availability_zone=availability_zone,
ports=[port],
prepare_for_connectivity=False, # explicit, as must be
manager=self.admin_manager,
**kwargs)
def _create_vsd_domain(self, is_l3=True, ip_version=(4,)):
cidr4 = None
cidr6 = None
enable_dhcpv4 = enable_dhcpv6 = Topology.before_nuage('6.0')
gateway4 = None
gateway6 = None
for ip_type in ip_version:
if ip_type == 4:
cidr4 = data_utils.gimme_a_cidr(ip_type)
gateway4 = str(cidr4[1]) if is_l3 else None
elif ip_type == 6:
cidr6 = data_utils.gimme_a_cidr(ip_type)
gateway6 = str(cidr6[1]) if is_l3 else None
kwargs = {}
if CONF.nuage_sut.gateway_type == 'cisco':
kwargs['ingress_replication_enabled'] = True
if is_l3:
l3template = self.vsd_create_l3domain_template()
self.domain = self.vsd_create_l3domain(template_id=l3template.id)
zone = self.vsd_create_zone(domain=self.domain)
self.l3subnet = self.create_vsd_subnet(
zone=zone,
cidr4=cidr4,
cidr6=cidr6,
enable_dhcpv4=enable_dhcpv4,
enable_dhcpv6=enable_dhcpv6,
gateway4=gateway4,
gateway6=gateway6,
ip_type=self.ip_types[ip_version],
**kwargs
)
else:
l2template = self.vsd_create_l2domain_template(
cidr4=cidr4,
cidr6=cidr6,
enable_dhcpv4=enable_dhcpv4,
enable_dhcpv6=enable_dhcpv6,
ip_type=self.ip_types[ip_version],
)
self.l2domain = self.vsd_create_l2domain(template=l2template,
**kwargs)
def _setup_resources_vsd_mgd(self, is_l3=True, ip_version=(4,)):
self._create_vsd_domain(is_l3=is_l3, ip_version=ip_version)
domain = self.domain if is_l3 else self.l2domain
pg_name = tempest_data_utils.rand_name('pg-')
self.vsd.create_policy_group(domain, name=pg_name)
allow_ipv4 = 4 in ip_version
allow_ipv6 = 6 in ip_version
self.vsd.define_any_to_any_acl(domain, allow_ipv4=allow_ipv4,
allow_ipv6=allow_ipv6, stateful=True)
self.network = self.create_network(
manager=self.admin_manager,
tenant_id=self.manager.networks_client.tenant_id,
**NETWORK_ARGS)
if is_l3:
vsd_subnet = self.l3subnet
create_vsd_managed_subnet = self.create_l3_vsd_managed_subnet
else:
vsd_subnet = self.l2domain
create_vsd_managed_subnet = self.create_l2_vsd_managed_subnet
self.subnet = []
for ip_type in ip_version:
self.subnet.append(create_vsd_managed_subnet(
self.network, vsd_subnet, ip_version=ip_type,
manager=self.admin_manager,
dhcp_managed=Topology.before_nuage('6.0')))
self.secgroup = self.create_open_ssh_security_group(
manager=self.admin_manager)
def _setup_resources(self, is_l3=True, ip_version=(4,)):
# setup basic topology for servers we can log into
self.network = self.create_network(
manager=self.admin_manager,
tenant_id=self.manager.networks_client.tenant_id,
**NETWORK_ARGS)
self.subnet = []
for ip_type in ip_version:
self.subnet.append(self.create_subnet(self.network,
ip_version=ip_type,
manager=self.admin_manager,
enable_dhcp=False))
if is_l3:
router = self.create_public_router(manager=self.admin_manager)
for subnet in self.subnet:
self.router_attach(router, subnet,
manager=self.admin_manager)
self.secgroup = self.create_open_ssh_security_group(
manager=self.admin_manager)
def test_server_connectivity_l3(self):
self._setup_resources()
self._check_connectivity()
def test_server_connectivity_l2(self):
self._setup_resources(is_l3=False)
self._check_connectivity()
@testtools.skipIf(Topology.before_nuage('6.0'), 'Unsupported pre-6.0')
def test_server_connectivity_l3_ipv6(self):
self._setup_resources(ip_version=(6,))
self._check_connectivity(ip_version=6)
@testtools.skipIf(Topology.before_nuage('6.0'), 'Unsupported pre-6.0')
def test_server_connectivity_l2_ipv6(self):
self._setup_resources(is_l3=False, ip_version=(6,))
self._check_connectivity(ip_version=6)
def test_server_connectivity_l3_dual(self):
self._setup_resources(ip_version=(4, 6))
self._check_connectivity()
def test_server_connectivity_l2_dual(self):
self._setup_resources(is_l3=False, ip_version=(4, 6))
self._check_connectivity()
def test_server_connectivity_l3_vsd_mgd(self):
self._setup_resources_vsd_mgd()
self._check_connectivity()
def test_server_connectivity_l2_vsd_mgd(self):
self._setup_resources_vsd_mgd(is_l3=False)
self._check_connectivity()
@testtools.skipIf(Topology.before_nuage('6.0'), 'Unsupported pre-6.0')
def test_server_connectivity_l3_ipv6_vsd_mgd(self):
self._setup_resources_vsd_mgd(ip_version=(6,))
self._check_connectivity(ip_version=6)
@testtools.skipIf(Topology.before_nuage('6.0'), 'Unsupported pre-6.0')
def test_server_connectivity_l2_ipv6_vsd_mgd(self):
self._setup_resources_vsd_mgd(is_l3=False, ip_version=(6,))
self._check_connectivity(ip_version=6)
def test_server_connectivity_l3_dual_vsd_mgd(self):
self._setup_resources_vsd_mgd(ip_version=(4, 6))
self._check_connectivity()
def test_server_connectivity_l2_dual_vsd_mgd(self):
self._setup_resources_vsd_mgd(is_l3=False, ip_version=(4, 6))
self._check_connectivity()
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from collections import namedtuple
from netaddr import IPNetwork
from nuage_tempest_plugin.lib.test.nuage_test import NuageBaseTest
from nuage_tempest_plugin.lib.topology import Topology
from nuage_tempest_plugin.lib.utils import data_utils
CONF = Topology.get_conf()
CONFIGURE_VLAN_INTERFACE_COMMANDS = (
'{pre} link add link {dev} name {dev}.{tag} type vlan id {tag}\n'
'{pre} link set up dev {dev}.{tag}\n'
'{pre} link set {dev}.{tag} address {mac}\n'
'{pre} address add {ip}/{len} dev {dev}.{tag}\n')
CONFIGURE_SECOND_IP = ('{pre} address add {ip}/{len} dev {dev}.{tag}\n')
ServerPorts = namedtuple('ServerPorts', 'server port subports')
class HwvtepBasicOpsTest(NuageBaseTest):
is_trunk = False
ip_types = {(4, ): 'IPV4', (6, ): 'IPV6', (4, 6): 'DUALSTACK'}
def skip_checks(cls):
super(Ipv4L3VsdManagedConnectivityWithAggrFlowsTest, cls).skip_checks()
if not Topology.has_aggregate_flows_support():
msg = 'No aggregate flows support.'
raise cls.skipException(msg)
def test_default_security_group_host_port_nondef_netpart(self):
post_body = {
"network_id": self.nondef_network['id'],
"device_owner": 'nuage:vip'
}
body = self.ports_client.create_port(**post_body)
port = body['port']
self.addCleanup(self.ports_client.delete_port, port['id'])
# Create host vport
kwargs = {
'gatewayvlan': self.gatewayvlans[5][0]['ID'],
'port': port['id'],
'subnet': None,
'tenant': self.client.tenant_id
}
body = self.client.create_gateway_vport(**kwargs)
vport = body['nuage_gateway_vport']
gw_vport = self.nuage_client.get_host_vport(vport['id'])
body = self.admin_client.show_gateway_vport(gw_vport[0]['ID'],
self.nondef_subnet['id'])
vport = body['nuage_gateway_vport']
if vport is None:
assert False, "Host Vport not found"
self.verify_vport_properties(gw_vport[0], vport, self.network['id'])
l3domain = self.nuage_client.get_l3domain(
filters='externalID',
filter_values=self.nondef_router['id'],
netpart_name=self.nondef_netpart['name'])
default_pg = self.nuage_client.get_policygroup(n_constants.DOMAIN,
l3domain[0]['ID'])
if default_pg[0]['name'] == n_constants.NUAGE_PLCY_GRP_ALLOW_ALL:
pg_num = 0
else:
pg_num = 1
self.assertEqual(
n_constants.NUAGE_PLCY_GRP_ALLOW_ALL
if Topology.has_unified_pg_for_all_support() else
'defaultPG-VRSG-HOST-' + vport['subnet'],
default_pg[pg_num]['name'])
vport_from_pg = self.nuage_client.get_vport(n_constants.POLICYGROUP,
default_pg[pg_num]['ID'])
if len(vport_from_pg) == 1:
self.assertEqual(vport_from_pg[0]['name'], vport['name'])
elif len(vport_from_pg) == 2:
# One bridge vport is created by another test or neutron dhcp
# agent is enabled.
self.assertEqual(vport_from_pg[1]['name'], vport['name'])
else:
# One bridge vport is created by another test and neutron dhcp
# agent is enabled.
self.assertEqual(vport_from_pg[2]['name'], vport['name'])
nuage_eacl_template = self.nuage_client.get_egressacl_template(
n_constants.DOMAIN, l3domain[0]['ID'])
nuage_eacl_entrytemplate = \
self.nuage_client.get_egressacl_entrytemplate(
n_constants.EGRESS_ACL_TEMPLATE,
nuage_eacl_template[0]['ID'])
vport_tp_pg_mapping = False
for nuage_eacl_entry in nuage_eacl_entrytemplate:
if nuage_eacl_entry['locationID'] == default_pg[pg_num]['ID']:
self.assertEqual(nuage_eacl_entry['networkType'], 'ANY')
self.assertEqual(nuage_eacl_entry['locationType'],
'POLICYGROUP')
vport_tp_pg_mapping = True
if vport_tp_pg_mapping is False:
assert False, "Host Vport not found in default PG"
from nuage_tempest_plugin.lib.topology import Topology
from nuage_tempest_plugin.lib.utils import constants as n_constants
from nuage_tempest_plugin.lib.utils import exceptions
from nuage_tempest_plugin.services.nuage_client import NuageRestClient
from nuage_tempest_plugin.services.nuage_network_client \
import NuageNetworkClientJSON
from nuage_tempest_plugin.tests.api.vsd_managed \
import base_vsd_managed_networks as base_vsdman
from tempest.api.network import base
from tempest.lib.common.utils import data_utils
from tempest.lib.common.utils.data_utils import rand_name
from tempest.lib import exceptions as lib_exec
from tempest.test import decorators
CONF = Topology.get_conf()
LOG = Topology.get_logger(__name__)
class NuageGatewayTestJSON(base.BaseAdminNetworkTest,
base_vsdman.BaseVSDManagedNetwork):
_interface = 'json'
@staticmethod
def is_hw_gateway_personality(personality):
return personality not in n_constants.SW_GW_TYPES
@classmethod
def create_gateway(cls, personality):
name = rand_name('tempest-gw')
gw = cls.nuage_client.create_gateway(name, str(uuid.uuid4()),
def skip_checks(cls):
super(AllowedAddressPairIpV6NuageTest, cls).skip_checks()
if not Topology.has_single_stack_v6_support():
raise cls.skipException('There is no single-stack v6 support '
'in current release')
class AllowedAddressPairIpV6OSManagedTest(BaseAllowedAddressPair):
_ip_version = 6
"""Tests the Neutron Allowed Address Pair API extension
The following API operations are tested with this extension:
create port
list ports
update port
show port
v2.0 of the Neutron API is assumed. It is also assumed that the following
options are defined in the [network-feature-enabled] section of
etc/tempest.conf
api_extensions
"""
_interface = 'json'
@decorators.attr(type='smoke')
def test_create_port_with_aap_ipv6_moving_from_l2_to_l3_validation(self):
network = self.create_network()
# Create port with allowed address pair attribute
subnet4 = self.create_subnet(
network, ip_version=4, enable_dhcp=True)
subnet6 = self.create_subnet(
network, ip_version=6, enable_dhcp=False)
if CONF.nuage_sut.ipam_driver == 'nuage_vsd_managed':
# If nuage_vsd_managed ipam is enabled, a nuage:vip port is needed
port_args = {
'fixed_ips': [
{'ip_address': str(IPAddress(self.cidr6.first) + 10)}],
'device_owner': 'nuage:vip'
}
self.create_port(network, **port_args)
port_args = {'fixed_ips': [
{'ip_address': str(IPAddress(self.cidr4.first) + 8)},
{'ip_address': str(IPAddress(self.cidr6.first) + 8)}],
'allowed_address_pairs': [
{'ip_address': str(IPAddress(self.cidr6.first) + 10),
'mac_address': VALID_MAC_ADDRESS}]}
port = self.create_port(network, **port_args)
# Confirm port was created with allowed address pair attribute
self._verify_port(
port, subnet4=subnet4, subnet6=subnet6)
self._verify_l2_vport_by_id(port, SPOOFING_ENABLED,
subnet4=subnet4)
router = self.create_router()
self.assertIsNotNone(router)
vsd_l3_domain = self.vsd.get_l3domain(by_router_id=router['id'])
self.assertIsNotNone(vsd_l3_domain)
self.router_attach(router, subnet4)
self._verify_l3_vport_by_id(router, port, SPOOFING_DISABLED,
subnet4=subnet4)
self.router_detach(router, subnet4)
self._verify_l2_vport_by_id(port, SPOOFING_ENABLED,
subnet4=subnet4)
self.router_attach(router, subnet4)
self._verify_l3_vport_by_id(router, port, SPOOFING_DISABLED,
subnet4=subnet4)
self.assertRaisesRegex(
tempest_exceptions.Conflict,
"One or more ports have an IP allocation from this subnet.",
self.delete_subnet,
subnet4)
@decorators.attr(type='smoke')
def test_delete_v6_subnet_with_ip_as_vip_in_v4_subnet_neg(self):
network = self.create_network()
subnet4 = self.create_subnet(
network, ip_version=4, enable_dhcp=True)
subnet6 = self.create_subnet(
network, ip_version=6, enable_dhcp=False)
router = self.create_router()
self.create_router_interface(router['id'], subnet4['id'])
port_args = {'fixed_ips': [{'subnet_id': subnet4['id'],
'ip_address': str(IPAddress(self.cidr4.first) + 10)}],
'allowed_address_pairs':
[{'ip_address': str(IPAddress(self.cidr6.first) + 10),
'mac_address': VALID_MAC_ADDRESS}]}
port = self.create_port(network, **port_args)
msg = ('IP {} is in use for nuage VIP, hence cannot delete the subnet'
).format(port['allowed_address_pairs'][0]['ip_address'])
self.assertRaisesRegex(tempest_exceptions.BadRequest,
msg,
self.delete_subnet,
subnet6)
@testtools.skipIf(not Topology.has_single_stack_v6_support(),
'There is no single-stack v6 support in current release')
def test_delete_v4_subnet_with_ip_as_vip_in_v6_subnet_neg(self):
network = self.create_network()
subnet4 = self.create_subnet(
network, ip_version=4, enable_dhcp=True)
subnet6 = self.create_subnet(
network, ip_version=6, enable_dhcp=False)
router = self.create_router()
self.create_router_interface(router['id'], subnet6['id'])
port_args = {'fixed_ips': [{'subnet_id': subnet6['id'],
'ip_address': str(
IPAddress(self.cidr6.first) + 10)}],
'allowed_address_pairs':
[{'ip_address': str(IPAddress(self.cidr4.first) + 10),
'mac_address': VALID_MAC_ADDRESS}]}
port = self.create_port(network, **port_args)
msg = ('IP {} is in use for nuage VIP, hence cannot delete the subnet'
).format(port['allowed_address_pairs'][0]['ip_address'])
self.assertRaisesRegex(tempest_exceptions.BadRequest,
msg,
self.delete_subnet,
subnet4)
@decorators.attr(type='smoke')
def test_create_port_with_invalid_address_formats_neg_l2_and_l3(self):
network = self.create_network()
subnet4 = self.create_subnet(
network, ip_version=4, enable_dhcp=True)
subnet6 = self.create_subnet(
network, ip_version=6, enable_dhcp=False)
# noinspection PyPep8
reserved_valid_ipv6 = [
'::1',
# Loopback
'FE80::1',
# Link local address
'FF00:5f74:c4a5:b82e:ffff:ffff:ffff:ffff',
# multicast
'FF00::1',
# multicast address
'::',
# empty string
'2001:ffff:ffff:ffff:ffff:ffff:ffff:ffff',
# valid address, not in subnet
]
invalid_ipv6 = [
('', MSG_INVALID_INPUT_FOR_AAP_IPS),
# empty string
("2001:5f74:c4a5:b82e:ffff:ffff:ffff:ffff:ffff",
MSG_INVALID_INPUT_FOR_AAP_IPS),
# invalid address, too much segments
("2001:5f74:c4a5:b82e:ffff:ffff:ffff",
MSG_INVALID_INPUT_FOR_AAP_IPS),
# invalid address, seven segments
("2001;5f74.c4a5.b82e:ffff:ffff:ffff",
MSG_INVALID_INPUT_FOR_AAP_IPS),
# invalid address, wrong characters
("2001:5f74:c4a5:b82e:100.12.13.1",
MSG_INVALID_INPUT_FOR_AAP_IPS),
# invalid format: must have :: between hex and decimal part.
]
# ### L2 #####
for ipv6 in reserved_valid_ipv6:
port_args = {'allowed_address_pairs': [
{'ip_address': ipv6,
'mac_address': VALID_MAC_ADDRESS}]}
port = self.create_port(network, **port_args)
self._verify_port(
port, subnet4=subnet4, subnet6=subnet6)
self._verify_l2_vport_by_id(port, SPOOFING_ENABLED,
subnet4=subnet4)
for ipv6, msg in invalid_ipv6:
port_args = {'allowed_address_pairs': [
{'ip_address': ipv6,
'mac_address': VALID_MAC_ADDRESS}]}
self.assertRaisesRegex(tempest_exceptions.BadRequest,
msg % ipv6,
self.create_port, network, **port_args)
@decorators.attr(type='smoke')
def test_fip2ipv6vip(self):
# Base resources
network = self.create_network()
subnet4 = self.create_subnet(
network, ip_version=4, enable_dhcp=True)
subnet6 = self.create_subnet(
network, ip_version=6, enable_dhcp=False)
router = self.create_router(
admin_state_up=True,
external_network_id=CONF.network.public_network_id)
self.assertIsNotNone(router, "Unable to create router")
self.create_router_interface(router_id=router["id"],
subnet_id=subnet4["id"])
# Create VIP_port
port_args = {
'allowed_address_pairs': [
{'ip_address': str(IPAddress(self.cidr4.first) + 7)},
{'ip_address': str(IPAddress(self.cidr6.first) + 7)}
],
'fixed_ips': [
{'subnet_id': subnet6['id'],
'ip_address': str(IPAddress(self.cidr6.first) + 11)}],
'device_owner': "nuage:vip"}
vip_port = self.create_port(network=network, **port_args)
self.assertIsNotNone(vip_port, "Unable to create vip port")
# Create floating ip and attach to VIP_PORT
floating_ip = self.create_floatingip()
self.assertIsNotNone(floating_ip, "Unabe to create floating ip")
msg = 'Cannot add floating IP to port %s that' \
' has no fixed IPv4 addresses.' % vip_port['id']
self.assertRaisesRegex(tempest_exceptions.ClientRestClientException,
msg,
self.update_floatingip,
floatingip=floating_ip,
port_id=vip_port['id'])
@decorators.attr(type='smoke')
def test_provision_ports_without_address_pairs_in_l2_subnet_unmanaged(
self):
network = self.create_network()
subnet4 = self.create_subnet(
network, ip_version=4, enable_dhcp=True)
subnet6 = self.create_subnet(
network, ip_version=6, enable_dhcp=False)
vsd_l2_domain = self.vsd.get_l2domain(by_subnet=subnet4)
for scenario, port_config in iteritems(self.port_configs):
LOG.info("TESTCASE scenario {}".format(scenario))
self._check_crud_port(scenario, network, subnet4, subnet6,
vsd_l2_domain, constants.L2_DOMAIN)
@decorators.attr(type='smoke')
def test_provision_ports_with_address_pairs_in_l3_subnet(self):
network = self.create_network()
subnet4 = self.create_subnet(
network, ip_version=4, enable_dhcp=True)
subnet6 = self.create_subnet(
network, ip_version=6, enable_dhcp=False)
router = self.create_router()
self.create_router_interface(router['id'], subnet4['id'])
domain = self.vsd.get_domain(by_router_id=router['id'])
zone = self.vsd.get_zone(domain=domain, by_router_id=router['id'])
vsd_subnet = self.vsd.get_subnet(zone=zone,
by_subnet=subnet4)
for scenario, port_config in iteritems(self.port_configs):
LOG.info("TESTCASE scenario {}".format(scenario))
self._check_crud_port(scenario, network, subnet4, subnet6,
vsd_subnet, constants.SUBNETWORK)
class AvrsOsManagedConnectivityTest(E2eTestBase):
# Test scenarios, generate tests for product of these lists
is_icmpv6_offload_supported = True
if Topology.has_single_stack_v6_support():
scenarios = testscenarios.scenarios.multiply_scenarios([
('L3', {'is_l3': True}),
('L2', {'is_l3': False})
], [
('IPv4', {'ip_versions': E2eTestBase.IP_VERSIONS_V4}),
('IPv6', {'ip_versions': E2eTestBase.IP_VERSIONS_V6}),
('Dualstack', {'ip_versions': E2eTestBase.IP_VERSIONS_DUALSTACK})
])
else:
scenarios = testscenarios.scenarios.multiply_scenarios([
('L3', {'is_l3': True}),
('L2', {'is_l3': False})
], [
('IPv4', {'ip_versions': E2eTestBase.IP_VERSIONS_V4}),
('Dualstack', {'ip_versions': E2eTestBase.IP_VERSIONS_DUALSTACK})
])
@classmethod
def setUpClass(cls):
super(AvrsOsManagedConnectivityTest, cls).setUpClass()
hypervisors = cls.get_hypervisors('avrs')
cls.selected_hypervisors = random.sample(hypervisors,
min(2, len(hypervisors)))
def dump_flows(self, hypervisor):
"""Dump flows on hypervisor"""
flows = json.loads(self.execute_on_hypervisor(
hypervisor, 'sudo fpcmd fp-vswitch-flows-json'))
return AvrsFlowQuery(flows)
def test_restart_avrs(self):
if Topology.api_workers > 1:
raise self.skipException('Skip OVS restart tests when multiple '
'workers are present')
# Provision OpenStack network resources.
network = self.create_network()
subnet = self.create_subnet(network)
router = self.create_router(
external_network_id=CONF.network.public_network_id)
self.router_attach(router, subnet)
# Create open-ssh security group.
ssh_security_group = self.create_open_ssh_security_group()
# Launch tenant servers in OpenStack network.
server2 = self.create_tenant_server(
[network],
security_groups=[ssh_security_group],
prepare_for_connectivity=True)
server1 = self.create_tenant_server(
[network],
security_groups=[ssh_security_group],
prepare_for_connectivity=True)
# Test connectivity between peer servers.
self.assert_ping(server1, server2, network)
for hypervisor in self.selected_hypervisors:
self.restart_avrs(hypervisor['host_ip'])
# Test connectivity between peer servers again.
self.assert_ping(server1, server2, network)
def test_fast_path_same_hv_virtio_virtio(self):
super(
AvrsOsManagedConnectivityTest, self)._test_same_hv_virtio_virtio()
def test_fast_path_diff_hv_virtio_virtio(self):
super(
AvrsOsManagedConnectivityTest, self)._test_diff_hv_virtio_virtio()
class NuageHybridMplsTest(NuageBaseTest):
@classmethod
def skip_checks(cls):
super(NuageHybridMplsTest, cls).skip_checks()
if Topology.before_nuage('20.5'):
raise cls.skipException('nuage_hybrid_mpls is supported from '
'20.5 onwards only')
if not CONF.nuage_sut.nuage_hybrid_mpls_enabled:
raise cls.skipException('nuage_hybrid_mpls type driver '
'not enabled in tempest.conf')
def create_l2_domain_tunnel_type(self, tunnel_type):
l2template = self.vsd_create_l2domain_template(
cidr4=IPNetwork('100.0.0.0/24'), gateway4='100.0.0.1')
kwargs = {'l2_encap_type': tunnel_type}
l2domain = self.vsd_create_l2domain(template=l2template, **kwargs)
return l2domain
def create_l3_subnet_tunnel_type(self, tunnel_type):
l3template = self.vsd_create_l3domain_template()
l3domain = self.vsd_create_l3domain(template_id=l3template.id)
zone = self.vsd_create_zone(domain=l3domain)
kwargs = {'l2_encap_type': tunnel_type}
l3subnet = self.create_vsd_subnet(zone=zone,
cidr4=IPNetwork('20.0.0.0/24'),
gateway4='20.0.0.1',
**kwargs)
return l3subnet
@decorators.attr(type='smoke')
def test_os_managed_subnet_tunnel_type_mpls(self):
# Nuage Hybrid MPLS Network
kwargs = {'provider:network_type': 'nuage_hybrid_mpls'}
network = self.create_network(manager=self.admin_manager, **kwargs)
subnet = self.create_subnet(network,
ip_version=4,
manager=self.admin_manager)
l2domain = self.vsd.get_l2domain(by_subnet=subnet)
self.assertEqual('MPLS', l2domain.l2_encap_type)
# Nuage Hybrid MPLS Segment
segments = [{
'provider:network_type': 'nuage_hybrid_mpls'
}, {
'provider:network_type': 'vlan',
'provider:segmentation_id': 210,
'provider:physical_network': 'physnet2'
}]
kwargs = {'segments': segments}
network = self.create_network(manager=self.admin_manager, **kwargs)
subnet = self.create_subnet(network,
ip_version=4,
manager=self.admin_manager)
self.assertIsNotNone(subnet)
l2domain = self.vsd.get_l2domain(by_subnet=subnet)
self.assertEqual('MPLS', l2domain.l2_encap_type)
@decorators.attr(type='smoke')
def test_vsd_managed_subnet_tunnel_type_mpls(self):
# L2 Domain
l2domain = self.create_l2_domain_tunnel_type('MPLS')
kwargs = {'provider:network_type': 'nuage_hybrid_mpls'}
network = self.create_network(manager=self.admin_manager, **kwargs)
self.create_l2_vsd_managed_subnet(network,
l2domain,
manager=self.admin_manager)
# L3 Subnet
network = self.create_network(manager=self.admin_manager, **kwargs)
l3subnet = self.create_l3_subnet_tunnel_type('MPLS')
self.create_l3_vsd_managed_subnet(network,
l3subnet,
manager=self.admin_manager)
def test_vsd_managed_subnet_tunnel_type_mpls_neg(self):
# L2 Domain
l2domain = self.create_l2_domain_tunnel_type('MPLS')
network = self.create_network()
kwargs = {'vsd_l2domain': l2domain}
msg = ('Bad request: Provided Nuage subnet has tunnel type MPLS '
'which is not supported by VXLAN networks')
self.assertRaisesRegex(exceptions.BadRequest, msg,
self.create_l2_vsd_managed_subnet, network,
**kwargs)
# L3 Subnet
l3subnet = self.create_l3_subnet_tunnel_type('MPLS')
kwargs = {'vsd_subnet': l3subnet}
msg = ('Bad request: Provided Nuage subnet has tunnel type MPLS '
'which is not supported by VXLAN networks')
self.assertRaisesRegex(exceptions.BadRequest, msg,
self.create_l3_vsd_managed_subnet, network,
**kwargs)
def test_vsd_managed_subnet_tunnel_type_vxlan_neg(self):
# L2 Domain
l2domain = self.create_l2_domain_tunnel_type('VXLAN')
segments = [{
'provider:network_type': 'nuage_hybrid_mpls'
}, {
'provider:network_type': 'vlan',
'provider:segmentation_id': 210,
'provider:physical_network': 'physnet2'
}]
kwargs = {'segments': segments}
network = self.create_network(manager=self.admin_manager, **kwargs)
kwargs = {'vsd_l2domain': l2domain, "manager": self.admin_manager}
msg = ('Bad request: Provided Nuage subnet has tunnel type VXLAN '
'which is not supported by NUAGE_HYBRID_MPLS networks')
self.assertRaisesRegex(exceptions.BadRequest, msg,
self.create_l2_vsd_managed_subnet, network,
**kwargs)
# L3 Subnet
l3subnet = self.create_l3_subnet_tunnel_type('VXLAN')
kwargs = {'vsd_subnet': l3subnet, "manager": self.admin_manager}
msg = ('Bad request: Provided Nuage subnet has tunnel type VXLAN '
'which is not supported by NUAGE_HYBRID_MPLS networks')
self.assertRaisesRegex(exceptions.BadRequest, msg,
self.create_l3_vsd_managed_subnet, network,
**kwargs)
@decorators.attr(type='smoke')
@testtools.skipIf(Topology.at_openstack('queens'),
'SegmentClient not loaded')
def test_router_interface_blocked_tunnel_type_mpls(self):
# Nuage Hybrid MPLS Network
kwargs = {'provider:network_type': 'nuage_hybrid_mpls'}
network = self.create_network(manager=self.admin_manager, **kwargs)
subnet = self.create_subnet(network,
ip_version=4,
manager=self.admin_manager)
router = self.create_router(manager=self.admin_manager)
msg = ("It is not allowed to add a router interface to a "
"network type nuage_hybrid_mpls, or if it has a "
"segment of this type.")
self.assertRaisesRegex(exceptions.BadRequest,
msg,
self.router_attach,
router,
subnet,
manager=self.admin_manager)
# Nuage Hybrid MPLS Segment
kwargs = {'provider:network_type': 'nuage_hybrid_mpls'}
network = self.create_network(manager=self.admin_manager, **kwargs)
subnet = self.create_subnet(network,
ip_version=4,
manager=self.admin_manager)
kwargs = {
'network_id': network['id'],
'network_type': 'vlan',
'physical_network': 'physnet2',
'segmentation_id': 210
}
# This goes to update_network_precommit
self.create_segment(**kwargs)
router = self.create_router(manager=self.admin_manager)
msg = ("It is not allowed to add a router interface to a "
"network type nuage_hybrid_mpls, or if it has a "
"segment of this type.")
self.assertRaisesRegex(exceptions.BadRequest,
msg,
self.router_attach,
router,
subnet,
manager=self.admin_manager)
@decorators.attr(type='smoke')
@testtools.skipIf(Topology.at_openstack('queens'),
'SegmentClient not loaded')
def test_vxlan_mpls_segments_blocked_single_network(self):
# Vxlan must be the default segment. Otherwise neutron rejects
# the operation because the default MTU of vlan or nuage_hybrid_mpls
# is greater than the one of vxlan
# This goes to create_network_precommit
segments = [{
"provider:network_type": "vxlan"
}, {
"provider:network_type": "vxlan"
}, {
"provider:network_type": "nuage_hybrid_mpls"
}, {
"provider:network_type": "vlan",
"provider:physical_network": "physnet2",
"provider:segmentation_id": 210
}]
kwargs = {'segments': segments, "manager": self.admin_manager}
msg = ("It is not allowed to have both vxlan and "
"nuage_hybrid_mpls segments in a single network")
self.assertRaisesRegex(exceptions.BadRequest, msg, self.create_network,
**kwargs)
# This goes to update_network_precommit
kwargs = {'provider:network_type': 'vxlan'}
network = self.create_network(manager=self.admin_manager, **kwargs)
kwargs = {
'network_id': network['id'],
'network_type': 'vlan',
'physical_network': 'physnet2',
'segmentation_id': 210
}
self.assertIsNotNone(self.create_segment(**kwargs))
kwargs = {
'network_id': network['id'],
'network_type': 'nuage_hybrid_mpls'
}
msg = ("It is not allowed to have both vxlan and "
"nuage_hybrid_mpls segments in a single network")
self.assertRaisesRegex(exceptions.BadRequest, msg, self.create_segment,
**kwargs)
@decorators.attr(type='smoke')
def test_virtio_port_blocked_tunnel_type_mpls(self):
kwargs = {'provider:network_type': 'nuage_hybrid_mpls'}
network = self.create_network(manager=self.admin_manager, **kwargs)
# L3 Subnet
l3subnet = self.create_l3_subnet_tunnel_type('MPLS')
self.create_l3_vsd_managed_subnet(network,
l3subnet,
manager=self.admin_manager)
kwargs = {
'device_owner': 'compute:nova',
'device_id': uuidutils.generate_uuid(),
'binding:host_id': 'dummy',
'network': network,
'manager': self.admin_manager
}
msg = ('Bad request: Virtio port is not allowed in nuage_'
'mpls_hybrid networks')
self.assertRaisesRegex(exceptions.BadRequest, msg, self.create_port,
**kwargs)
def skip_checks(cls):
super(DualstackOsMgdConnectivityWithAggrFlowsTest, cls).skip_checks()
if Topology.before_nuage('20.5'):
raise cls.skipException('OS managed aggregate flows are '
'unavailable before 20.5')
def skip_checks(cls):
super(SecGroupTestNuageBaseV6, cls).skip_checks()
if not Topology.has_single_stack_v6_support():
msg = 'There is no single-stack v6 support in current release'
raise cls.skipException(msg)
def _verify_fip_vsd(self,
port,
created_floating_ip,
ingress_rate_limit=None,
egress_rate_limit=None):
# verifying on Domain level that the floating ip is added
external_id = self.nuage_client.get_vsd_external_id(
created_floating_ip['router_id'])
nuage_domain = self.nuage_client.get_l3domain(
filters='externalID', filter_values=external_id)
nuage_domain_fips = self.nuage_client.get_floatingip(
constants.DOMAIN, nuage_domain[0]['ID'])
# The VSD FIP has same IP address than OpenStack FIP
self.assertIn(created_floating_ip['floating_ip_address'],
[fip['address'] for fip in nuage_domain_fips])
# The VSD externalID for FIP matches the OpenStack ID
external_id = self.nuage_client.get_vsd_external_id(
created_floating_ip['id'])
self.assertIn(
external_id,
[nuage_fip['externalID'] for nuage_fip in nuage_domain_fips])
# Check vsd
vsd_subnets = self.nuage_client.get_domain_subnet(
None, None, by_subnet=self.subnet)
self.assertEqual(1, len(vsd_subnets))
vports = self.nuage_client.get_vport(
constants.SUBNETWORK, vsd_subnets[0]['ID'], 'externalID',
self.nuage_client.get_vsd_external_id(port['id']))
self.assertEqual(1, len(vports))
qos = self.nuage_client.get_qos(constants.VPORT, vports[0]['ID'])
if Topology.from_nuage('20.10'):
self.assertEqual(0, len(qos))
nuage_fip = [
fip for fip in nuage_domain_fips
if fip['externalID'] == external_id
][0]
associated_ingress_rate_limit = nuage_fip.get(
'ingressRateLimiterID')
associated_egress_rate_limit = nuage_fip.get('egressRateLimiterID')
if ingress_rate_limit is not None:
# Get Ratelimiter
external_id = 'egress_{}'.format(created_floating_ip['id'])
ratelimiter = self.nuage_client.get_ratelimiter(external_id)
if ingress_rate_limit == constants.UNLIMITED:
self.assertIsNone(ratelimiter)
self.assertIsNone(associated_egress_rate_limit)
else:
self.assertEqualFiprate(
ingress_rate_limit,
self.convert_mbps_to_kbps(
ratelimiter['peakInformationRate']))
self.assertEqual(associated_egress_rate_limit,
ratelimiter['ID'])
if egress_rate_limit is not None:
external_id = 'ingress_{}'.format(created_floating_ip['id'])
ratelimiter = self.nuage_client.get_ratelimiter(external_id)
if egress_rate_limit == constants.UNLIMITED:
self.assertIsNone(ratelimiter)
self.assertIsNone(associated_ingress_rate_limit)
else:
self.assertEqualFiprate(
egress_rate_limit,
self.convert_mbps_to_kbps(
ratelimiter['peakInformationRate']))
self.assertEqual(associated_ingress_rate_limit,
ratelimiter['ID'])
else:
self.assertEqual(1, len(qos))
self.assertEqual(True, qos[0]['FIPRateLimitingActive'])
if ingress_rate_limit is not None:
self.assertEqualFiprate(
ingress_rate_limit,
self.convert_mbps_to_kbps(
qos[0]['EgressFIPPeakInformationRate']))
if egress_rate_limit is not None:
self.assertEqualFiprate(
egress_rate_limit,
self.convert_mbps_to_kbps(
qos[0]['FIPPeakInformationRate']))
self.assertEqual(
self.nuage_client.get_vsd_external_id(
created_floating_ip['id']), qos[0]['externalID'])
def skip_checks(cls):
super(AllowedAddressPairV6Test, cls).skip_checks()
if not Topology.has_single_stack_v6_support():
msg = 'There is no single-stack v6 support in current release'
raise cls.skipException(msg)
def test_create_floatingip_with_rate_limiting(self):
rate_limit = 10000
# Create port
port = self.create_port(network=self.network)
# Associate a fip to the port
body = self.floating_ips_client.create_floatingip(
floating_network_id=self.ext_net_id,
port_id=port['id'],
fixed_ip_address=port['fixed_ips'][0]['ip_address'],
nuage_egress_fip_rate_kbps=rate_limit)
created_floating_ip = body['floatingip']
self.addCleanup(self.floating_ips_client.delete_floatingip,
created_floating_ip['id'])
self.assertIsNotNone(created_floating_ip['id'])
fip_id = created_floating_ip['id']
body = self.floating_ips_client.show_floatingip(fip_id)
fip = body['floatingip']
# rate_limit is in kbps now!
self.assertThat(fip, ContainsDict(
{'nuage_ingress_fip_rate_kbps': Equals(-1)}))
self.assertThat(fip, ContainsDict(
{'nuage_egress_fip_rate_kbps': Equals(rate_limit)}))
# attribute 'nuage_fip_rate' is no longer in response
self.assertIsNone(fip.get('nuage_fip_rate'))
# Check vsd
vsd_subnets = self.nuage_client.get_domain_subnet(
None, None, by_subnet=self.subnet)
self.assertEqual(1, len(vsd_subnets))
vports = self.nuage_client.get_vport(constants.SUBNETWORK,
vsd_subnets[0]['ID'],
'externalID',
port['id'])
self.assertEqual(1, len(vports))
qos = self.nuage_client.get_qos(constants.VPORT, vports[0]['ID'])
if Topology.from_nuage('20.10'):
self.assertEqual(0, len(qos))
external_id_domain = self.nuage_client.get_vsd_external_id(
created_floating_ip['router_id'])
nuage_domain = self.nuage_client.get_l3domain(
filters='externalID',
filter_values=external_id_domain)
nuage_domain_fips = self.nuage_client.get_floatingip(
constants.DOMAIN, nuage_domain[0]['ID'])
nuage_fip = [nuage_fip for nuage_fip in nuage_domain_fips
if nuage_fip['externalID'].startswith(fip_id)][0]
associated_ingress_rate_limit = nuage_fip['ingressRateLimiterID']
associated_egress_rate_limit = nuage_fip['egressRateLimiterID']
# Infinity for egress expected
self.assertIsNone(associated_egress_rate_limit)
# Ingress:
external_id = 'ingress_{}'.format(created_floating_ip['id'])
ratelimiter = self.nuage_client.get_ratelimiter(external_id)
self.assertEqual(
str(float(rate_limit / 1000)),
ratelimiter['peakInformationRate'])
self.assertEqual(associated_ingress_rate_limit,
ratelimiter['ID'])
else:
self.assertEqual(1, len(qos))
self.assertThat(qos[0], ContainsDict(
{'externalID':
Equals(self.nuage_client.get_vsd_external_id(fip_id))}))
self.assertThat(qos[0], ContainsDict(
{'FIPRateLimitingActive': Equals(True)}))
self.assertThat(qos[0], ContainsDict(
{'FIPPeakInformationRate': Equals(
str(float(rate_limit / 1000)))}))
self.assertThat(qos[0], ContainsDict(
{'FIPPeakBurstSize': Equals(str(100))}))
self.assertThat(qos[0], ContainsDict(
{'EgressFIPPeakInformationRate': Equals('INFINITY')}))
self.assertThat(qos[0], ContainsDict(
{'EgressFIPPeakBurstSize': Equals(str(100))}))
def test_default_security_group_bridge_port(self):
kwargs = {
'gatewayvlan': self.gatewayvlans[4][0]['ID'],
'port': None,
'subnet': self.subnet['id'],
'tenant': self.client.tenant_id
}
body = self.client.create_gateway_vport(**kwargs)
vport1 = body['nuage_gateway_vport']
self.gatewayvports.append(vport1)
gw_vport = self.nuage_client.get_host_vport(vport1['id'])
self.verify_vport_properties(gw_vport[0], vport1, self.network['id'])
body = self.admin_client.list_gateway_vport(self.subnet['id'])
vports = body['nuage_gateway_vports']
found_vport = False
vport = None
for vport in vports:
if vport['name'] == gw_vport[0]['name']:
found_vport = True
self.verify_vport_properties(gw_vport[0], vport,
self.network['id'])
# TODO(Kris noticed) - shld there be break here?
if not found_vport:
assert False, "Bridge Vport not found"
l3domain = self.nuage_client.get_l3domain(
filters='externalID', filter_values=self.router['id'])
default_pg = self.nuage_client.get_policygroup(n_constants.DOMAIN,
l3domain[0]['ID'])
self.assertEqual(
n_constants.NUAGE_PLCY_GRP_ALLOW_ALL
if Topology.has_unified_pg_for_all_support() else
'defaultPG-VRSG-BRIDGE-' + vport['subnet'], default_pg[0]['name'])
self.assertThat(
default_pg[0],
ContainsDict(
{'externalID': Equals(self._expected_allow_all_pg_ext_id())}))
vports_from_pg = self.nuage_client.get_vport(n_constants.POLICYGROUP,
default_pg[0]['ID'])
for vport_from_pg in vports_from_pg:
if vport_from_pg['name'] == vport['name']:
break
else:
self.fail("Can't find Vport {} under the policy group {}".format(
vport['name'], default_pg[0]['name']))
# Egress ACL
nuage_eacl_template = self.nuage_client.get_egressacl_template(
n_constants.DOMAIN, l3domain[0]['ID'])
# must have external ID as router_id @ cms_id
self.assertThat(
nuage_eacl_template[0],
ContainsDict({
'externalID':
Equals(ExternalId(self.router['id']).at_cms_id())
}))
nuage_eacl_entrytemplate = \
self.nuage_client.get_egressacl_entrytemplate(
n_constants.EGRESS_ACL_TEMPLATE,
nuage_eacl_template[0]['ID'])
self.assertThat(
nuage_eacl_entrytemplate[0],
ContainsDict(
{'externalID': Equals(self._expected_allow_all_pg_ext_id())}))
vport_tp_pg_mapping = False
for nuage_eacl_entry in nuage_eacl_entrytemplate:
if nuage_eacl_entry['locationID'] == default_pg[0]['ID']:
self.assertThat(
nuage_eacl_entry,
ContainsDict({
'externalID':
Equals(self._expected_allow_all_pg_ext_id())
}))
self.assertEqual(nuage_eacl_entry['networkType'], 'ANY')
self.assertEqual(nuage_eacl_entry['locationType'],
'POLICYGROUP')
vport_tp_pg_mapping = True
if vport_tp_pg_mapping is False:
assert False, "Bridge Vport not found in default PG"
# Ingress ACL
nuage_iacl_template = self.nuage_client.get_ingressacl_template(
n_constants.DOMAIN, l3domain[0]['ID'])
# must have external ID as router_id @ cms_id
self.assertThat(
nuage_iacl_template[0],
ContainsDict({
'externalID':
Equals(ExternalId(self.router['id']).at_cms_id())
}))
nuage_iacl_entrytemplate = \
self.nuage_client.get_ingressacl_entrytemplate(
n_constants.INGRESS_ACL_TEMPLATE,
nuage_iacl_template[0]['ID'])
self.assertThat(
nuage_iacl_entrytemplate[0],
ContainsDict(
{'externalID': Equals(self._expected_allow_all_pg_ext_id())}))
vport_tp_pg_mapping = False
for nuage_iacl_entry in nuage_iacl_entrytemplate:
if nuage_iacl_entry['locationID'] == default_pg[0]['ID']:
self.assertThat(
nuage_iacl_entry,
ContainsDict({
'externalID':
Equals(self._expected_allow_all_pg_ext_id())
}))
self.assertEqual('ANY', nuage_iacl_entry['networkType'])
self.assertEqual('POLICYGROUP',
nuage_iacl_entry['locationType'])
vport_tp_pg_mapping = True
self.assertTrue(vport_tp_pg_mapping,
'Bridge Vport not found in default PG')
def test_create_floatingip_without_rate_limiting(self):
# Create port
port = self.create_port(network=self.network)
# Associate a fip to the port
body = self.floating_ips_client.create_floatingip(
floating_network_id=self.ext_net_id,
port_id=port['id'],
fixed_ip_address=port['fixed_ips'][0]['ip_address'])
created_floating_ip = body['floatingip']
self.addCleanup(self.floating_ips_client.delete_floatingip,
created_floating_ip['id'])
self.assertIsNotNone(created_floating_ip['id'])
fip_id = created_floating_ip['id']
body = self.floating_ips_client.show_floatingip(fip_id)
fip = body['floatingip']
self.assertIsNotNone(fip.get('nuage_ingress_fip_rate_kbps'))
self.assertIsNotNone(fip.get('nuage_egress_fip_rate_kbps'))
# Check vsd
vsd_subnets = self.nuage_client.get_domain_subnet(
None, None, by_subnet=self.subnet)
self.assertEqual(1, len(vsd_subnets))
vports = self.nuage_client.get_vport(constants.SUBNETWORK,
vsd_subnets[0]['ID'],
'externalID',
port['id'])
self.assertEqual(1, len(vports))
qos = self.nuage_client.get_qos(constants.VPORT, vports[0]['ID'])
if Topology.from_nuage('20.10'):
self.assertEqual(0, len(qos))
external_id_domain = self.nuage_client.get_vsd_external_id(
created_floating_ip['router_id'])
nuage_domain = self.nuage_client.get_l3domain(
filters='externalID',
filter_values=external_id_domain)
nuage_domain_fips = self.nuage_client.get_floatingip(
constants.DOMAIN, nuage_domain[0]['ID'])
nuage_fip = [nuage_fip for nuage_fip in nuage_domain_fips
if nuage_fip['externalID'].startswith(fip_id)][0]
associated_ingress_rate_limit = nuage_fip['ingressRateLimiterID']
associated_egress_rate_limit = nuage_fip['egressRateLimiterID']
# Infinity for egress expected
self.assertIsNone(associated_egress_rate_limit)
# Infinity for ingress expected
self.assertIsNone(associated_ingress_rate_limit)
else:
self.assertEqual(1, len(vports))
qos = self.nuage_client.get_qos(constants.VPORT, vports[0]['ID'])
self.assertEqual(1, len(qos))
self.assertEqual(self.nuage_client.get_vsd_external_id(fip_id),
qos[0]['externalID'])
self.assertEqual(True, qos[0]['FIPRateLimitingActive'])
self.assertEqual('INFINITY', qos[0]['FIPPeakInformationRate'])
self.assertEqual('INFINITY',
qos[0]['EgressFIPPeakInformationRate'])
def is_dhcp_enabled_on_subnet(subnet):
return (subnet['enable_dhcp'] and
(subnet['ip_version'] == 4 or Topology.has_dhcp_v6_support()))
class VlanTransparentConnectivityTest(NuageBaseTest):
default_prepare_for_connectivity = True
@classmethod
def setup_clients(cls):
super(VlanTransparentConnectivityTest, cls).setup_clients()
cls.nuage_client = NuageRestClient()
cls.client = NuageNetworkClientJSON(cls.os_primary.auth_provider,
**cls.os_primary.default_params)
@testtools.skipUnless(CONF.nuage_sut.image_is_advanced,
"Advanced image is required to run this test.")
def test_l2_transparent_network(self):
kwargs = {'vlan_transparent': 'true'}
network = self.create_network(**kwargs)
self.create_subnet(network, gateway=None)
# create open-ssh security group
ssh_security_group = self.create_open_ssh_security_group()
# Launch tenant servers in OpenStack network
vm1 = self.create_tenant_server([network],
security_groups=[ssh_security_group],
prepare_for_connectivity=True)
vm2 = self.create_tenant_server([network],
security_groups=[ssh_security_group],
prepare_for_connectivity=True)
vm1_ip = '13.13.13.13/24'
vm2_ip = '13.13.13.14/24'
ping_tgt = IPNetwork(vm2_ip)
vm1.configure_vlan_interface(vm1_ip, 'eth1', vlan='10')
vm2.configure_vlan_interface(vm2_ip, 'eth1', vlan='10')
self.assert_ping(vm1,
vm2,
network,
address=str(ping_tgt.ip),
interface='eth1.10')
@testtools.skipUnless(Topology.has_vlan_transparency_support(),
'Test skipped as no vlan transparency supported')
@skip_because(bug='OPENSTACK-2325')
def test_l3_transparent_network(self):
kwargs = {'vlan_transparent': 'true'}
router = self.create_public_router()
network = self.create_network(**kwargs)
subnet = self.create_subnet(network)
self.router_attach(router, subnet)
# create open-ssh security group
ssh_security_group = self.create_open_ssh_security_group()
vm1 = self.create_tenant_server([network],
security_groups=[ssh_security_group],
prepare_for_connectivity=True)
vm2 = self.create_tenant_server([network],
security_groups=[ssh_security_group],
prepare_for_connectivity=True)
vm1_ip = '13.13.13.13/24'
vm2_ip = '13.13.13.14/24'
ping_tgt = IPNetwork(vm2_ip)
vm1.configure_vlan_interface(vm1_ip, 'eth0', vlan='10')
vm2.configure_vlan_interface(vm2_ip, 'eth0', vlan='10')
self.assert_ping(vm1,
vm2,
network,
address=str(ping_tgt.ip),
interface='eth0.10')
class NuageExtSecGroup(nuage_test.NuageBaseTest):
if Topology.from_nuage('20.5'):
expected_exception_from_topology = exceptions.BadRequest
else:
expected_exception_from_topology = exceptions.ServerFault
@classmethod
def resource_setup(cls):
super(NuageExtSecGroup, cls).resource_setup()
cls.network = cls.create_cls_network()
cls.subnet4 = cls.create_cls_subnet(cls.network, ip_version=4)
cls.subnet6 = cls.create_cls_subnet(cls.network, ip_version=6)
cls.router = cls.create_cls_router()
cls.router_cls_attach(cls.router, cls.subnet4)
cls.router_cls_attach(cls.router, cls.subnet6)
cls.domain = cls.vsd.get_l3_domain_by_subnet(cls.subnet4)
def _create_external_security_group(self, cleanup=True, **kwargs):
body = self.plugin_network_client.create_nuage_external_security_group(
**kwargs)
ext_sg = body['nuage_external_security_group']
if cleanup:
self.addCleanup(self._delete_external_security_group,
ext_sg['id'])
return ext_sg
def _delete_external_security_group(self, esg_id):
self.plugin_network_client.delete_nuage_external_security_group(esg_id)
def _create_external_security_group_rule(self, **kwargs):
body = (self.plugin_network_client.
create_nuage_external_security_group_rule(**kwargs))
ext_sg_rule = body['nuage_external_security_group_rule']
return ext_sg_rule
def _verify_external_secgroup_properties(self, actual_esg,
vsd_pg):
self.assertEqual(actual_esg['name'], vsd_pg.name)
self.assertEqual(actual_esg['extended_community_id'],
vsd_pg.evpn_community_tag)
self.assertEqual(actual_esg['id'], vsd_pg.id)
def _verify_external_secgroup_rule_properties(self, actual_esgr,
vsd_pg, origin_sg):
self.assertEqual(actual_esgr['id'], vsd_pg.id)
self.assertEqual(actual_esgr['protocol'], vsd_pg.protocol)
self.assertEqual(actual_esgr['origin_group_id'], origin_sg['id'])
def _get_nuage_external_acl(self, ext_sg_rule=None):
if ext_sg_rule:
template = self.vsd.vspk.NUEgressACLEntryTemplate(
id=ext_sg_rule['id'])
template.fetch()
return template
else:
return self.domain.egress_acl_entry_templates.get()
def test_create_show_list_delete_ext_secgroup(self):
name = self.get_randomized_name()
kwargs = {'name': name,
'router_id': self.router['id'],
'extended_community_id': "1:1"}
ext_sg = self._create_external_security_group(**kwargs)
self.assertEqual(ext_sg['name'], name)
self.assertEqual(ext_sg['extended_community_id'],
"1:1")
# VSD verification of external security group
ext_pg = self.vsd.vspk.NUPolicyGroup(id=ext_sg['id'])
ext_pg.fetch()
show_resp = (self.plugin_network_client.
show_nuage_external_security_group(ext_sg['id']))
self._verify_external_secgroup_properties(
show_resp['nuage_external_security_group'],
ext_pg)
router_ext_id = self.vsd.external_id(self.router['id'])
self.assertEqual(router_ext_id, ext_pg.external_id)
# list_external_security_group
list_resp = (self.plugin_network_client.
list_nuage_external_security_group(self.router['id']))
self._verify_external_secgroup_properties(
list_resp['nuage_external_security_groups'][0],
ext_pg)
def test_create_show_list_delete_ext_secgroup_rule(self):
sec_group = self.create_security_group()
name = self.get_randomized_name()
kwargs = {'name': name,
'router_id': self.router['id'],
'extended_community_id': "1:1"}
ext_sg = self._create_external_security_group(**kwargs)
kwargs = {'protocol': 'tcp',
'direction': 'egress',
'origin_group_id': sec_group['id'],
'remote_external_group_id': ext_sg['id']}
ext_sg_rule = self._create_external_security_group_rule(**kwargs)
# Show operation and VSD verification of external security group
show_resp = (
self.plugin_network_client.
show_nuage_external_security_group_rule(ext_sg_rule['id']))
show_vsd_resp = self._get_nuage_external_acl(ext_sg_rule)
self._verify_external_secgroup_rule_properties(
show_resp['nuage_external_security_group_rule'],
show_vsd_resp, sec_group)
# Create second rule
kwargs = {'protocol': 'udp',
'port_range_min': 300,
'port_range_max': 500,
'direction': 'egress',
'origin_group_id': sec_group['id'],
'remote_external_group_id': ext_sg['id']}
self._create_external_security_group_rule(**kwargs)
# Create third rule
kwargs = {'protocol': 'vrrp',
'direction': 'egress',
'origin_group_id': sec_group['id'],
'remote_external_group_id': ext_sg['id']}
self._create_external_security_group_rule(**kwargs)
# List Operation on secgroup rules
list_resp = (self.plugin_network_client.
list_nuage_external_security_group_rule(
ext_sg['id'])['nuage_external_security_group_rules'])
list_vsd_resp = self._get_nuage_external_acl()
for resp, vsd_resp in zip(list_resp, list_vsd_resp):
self._verify_external_secgroup_rule_properties(
resp, vsd_resp, sec_group)
router_ext_id = self.vsd.external_id(self.router['id'])
for vsd_resp in list_vsd_resp:
self.assertEqual(router_ext_id, vsd_resp.external_id)
def test_create_show_list_delete_ext_secgroup_l2domain(self):
network = self.create_network()
esg_subnet = self.create_subnet(network)
name = self.get_randomized_name()
kwargs = {'name': name,
'subnet_id': esg_subnet['id'],
'extended_community_id': "4:4"}
ext_sg = self._create_external_security_group(**kwargs)
self.assertEqual(ext_sg['name'], name)
self.assertEqual(ext_sg['extended_community_id'],
"4:4")
# VSD verification of external security group
ext_pg = self.vsd.vspk.NUPolicyGroup(id=ext_sg['id'])
ext_pg.fetch()
show_resp = (self.plugin_network_client.
show_nuage_external_security_group(ext_sg['id']))
self._verify_external_secgroup_properties(
show_resp['nuage_external_security_group'],
ext_pg)
subnet_ext_id = self.vsd.external_id(esg_subnet['id'])
self.assertEqual(subnet_ext_id, ext_pg.external_id)
# list_external_security_group
list_resp = (
self.plugin_network_client.
list_nuage_external_security_group_l2domain(esg_subnet['id']))
self._verify_external_secgroup_properties(
list_resp['nuage_external_security_groups'][0],
ext_pg)
def test_create_delete_invalid_ext_secgroup(self):
name = self.get_randomized_name()
# Missing pararmeter: external_communtiy_tag in input
kwargs = {'name': name,
'router_id': self.router['id']}
self.assertRaises(
exceptions.BadRequest,
self.plugin_network_client.create_nuage_external_security_group,
**kwargs)
# Invalid external_communtiy_tag_value
kwargs = {'name': name,
'router_id': self.router['id'],
'extended_community_id': "4"}
self.assertRaises(
self.expected_exception_from_topology,
self.plugin_network_client.create_nuage_external_security_group,
**kwargs)
# Missing pararmeter: router/subnet ID in input
kwargs = {'name': name,
'router_id': '11111111-1111-1111-1111111111111111',
'extended_community_id': "2:2"}
self.assertRaises(
exceptions.BadRequest,
self.plugin_network_client.create_nuage_external_security_group,
**kwargs)
# Try deleting invalid external_secgroup
self.assertRaises(
exceptions.NotFound,
self.plugin_network_client.delete_nuage_external_security_group,
'11111111-1111-1111-1111111111111111')
def test_create_delete_invalid_ext_secgroup_rule(self):
sec_group = self.create_security_group()
name = self.get_randomized_name()
kwargs = {'name': name,
'router_id': self.router['id'],
'extended_community_id': "1:1"}
ext_sg = self._create_external_security_group(**kwargs)
# Missing mandatory parameter: origin_group_id in input
kwargs = {'protocol': 'tcp',
'direction': 'egress',
'remote_external_group_id': ext_sg['id']}
self.assertRaises(
self.expected_exception_from_topology,
self.plugin_network_client.
create_nuage_external_security_group_rule,
**kwargs)
# Invalid remote_group_id value
kwargs = {'protocol': 'tcp',
'direction': 'egress',
'origin_group_id': sec_group['id'],
'remote_external_group_id':
'11111111-1111-1111-1111111111111111'}
self.assertRaises(
self.expected_exception_from_topology,
self.plugin_network_client.
create_nuage_external_security_group_rule,
**kwargs)
# Try deleting invalid external_secgroup_rule
self.assertRaises(
exceptions.NotFound,
self.plugin_network_client.
delete_nuage_external_security_group_rule,
'11111111-1111-1111-1111111111111111')
class TestFWaaS(fwaas_mixins.FWaaSClientMixin, NuageBaseTest):
default_prepare_for_connectivity = True
@classmethod
def skip_checks(cls):
super(TestFWaaS, cls).skip_checks()
if not Topology.has_fwaas_v6_support():
msg = 'No fwaas v6 support.'
raise cls.skipException(msg)
def setUp(self):
super(TestFWaaS, self).setUp()
required_exts = ['fwaas', 'security-group', 'router']
for ext in required_exts:
if not test.is_extension_enabled(ext, 'network'):
msg = "%s Extension not enabled." % ext
raise self.skipException(msg)
def assert_no_icmp_connectivity(self, **kwargs):
self.assert_icmp_connectivity(is_connectivity_expected=False, **kwargs)
def assert_no_tcp_connectivity(self, **kwargs):
self.assert_tcp_connectivity(is_connectivity_expected=False, **kwargs)
def assert_connectivity(self, **kwargs):
self.assert_icmp_connectivity(**kwargs)
self.assert_tcp_connectivity(**kwargs)
def assert_no_connectivity(self, **kwargs):
self.assert_no_icmp_connectivity(**kwargs)
self.assert_no_tcp_connectivity(**kwargs)
def _empty_policy(self, router_id=None, **_kwargs):
# NOTE(yamamoto): an empty policy would deny all
# We allow ipv4 traffic here
fw_rule_ipv4 = self.create_firewall_rule(action='allow', ip_version=4)
fw_policy = self.create_firewall_policy(
firewall_rules=[fw_rule_ipv4['id']])
fw = self.create_firewall(firewall_policy_id=fw_policy['id'],
router_ids=[router_id])
self._wait_firewall_ready(fw['id'])
return {
'fw': fw,
'fw_policy': fw_policy,
}
def _all_disabled_rules(self, **_kwargs):
# NOTE(yamamoto): a policy whose rules are all disabled would deny all
fw_rule = self.create_firewall_rule(action="allow",
enabled=False,
ip_version=6)
fw_rule_ipv4 = self.create_firewall_rule(action='allow', ip_version=4)
fw_policy = self.create_firewall_policy(
firewall_rules=[fw_rule['id'], fw_rule_ipv4['id']])
fw = self.create_firewall(firewall_policy_id=fw_policy['id'])
self._wait_firewall_ready(fw['id'])
return {
'fw': fw,
'fw_policy': fw_policy,
'fw_rule': fw_rule,
}
def _block_destination_ip(self, server1_fixed_ip, server2_fixed_ip,
router_id, **_kwargs):
rules = [
# NOTE(yamamoto): The filtering is taken place after
# destination ip is rewritten to fixed-ip.
self.create_firewall_rule(destination_ip_address=server2_fixed_ip,
action="deny",
ip_version=6),
self.create_firewall_rule(action='allow', ip_version=6),
self.create_firewall_rule(action="allow", ip_version=4)
]
rule_ids = [r['id'] for r in rules]
fw_policy = self.create_firewall_policy(firewall_rules=rule_ids)
fw = self.create_firewall(firewall_policy_id=fw_policy['id'],
router_ids=[router_id])
self._wait_firewall_ready(fw['id'])
return {
'fw': fw,
'fw_policy': fw_policy,
'server1_fixed_ip': server1_fixed_ip,
'server2_fixed_ip': server2_fixed_ip,
}
def _block_source_ip(self, server1_fixed_ip, server2_fixed_ip, router_id,
**_kwargs):
rules = [
# NOTE(yamamoto): The filtering is taken place after
# destination ip is rewritten to fixed-ip.
self.create_firewall_rule(source_ip_address=server1_fixed_ip,
action="deny",
ip_version=6),
self.create_firewall_rule(action='allow', ip_version=6),
self.create_firewall_rule(action="allow", ip_version=4)
]
fw_policy = self.create_firewall_policy(
firewall_rules=[r['id'] for r in rules])
fw = self.create_firewall(firewall_policy_id=fw_policy['id'],
router_ids=[router_id])
self._wait_firewall_ready(fw['id'])
return {
'fw': fw,
'fw_policy': fw_policy,
'server1_fixed_ip': server1_fixed_ip,
'server2_fixed_ip': server2_fixed_ip,
}
def _block_icmp(self, router_id=None, **_kwargs):
deny_icmp = self.create_firewall_rule(protocol="ipv6-icmp",
action="deny",
ip_version=6)
allow_ipv6 = self.create_firewall_rule(action="allow", ip_version=6)
allow_ipv4 = self.create_firewall_rule(action='allow', ip_version=4)
fw_policy = self.create_firewall_policy(firewall_rules=[
deny_icmp['id'], allow_ipv6['id'], allow_ipv4['id']
])
fw = self.create_firewall(firewall_policy_id=fw_policy['id'],
router_ids=[router_id])
self._wait_firewall_ready(fw['id'])
return {
'fw': fw,
'fw_policy': fw_policy,
'fw_rule': deny_icmp,
'router_id': router_id
}
def _block_all_with_default_allow(self, router_id, **_kwargs):
fw_rule = self.create_firewall_rule(action="deny", ip_version=6)
fw_rule_allow = self.create_firewall_rule(action="allow", ip_version=6)
fw_rule_ipv4 = self.create_firewall_rule(action='allow', ip_version=4)
fw_policy = self.create_firewall_policy(firewall_rules=[
fw_rule['id'], fw_rule_allow['id'], fw_rule_ipv4['id']
])
fw = self.create_firewall(firewall_policy_id=fw_policy['id'],
router_ids=[router_id])
self._wait_firewall_ready(fw['id'])
return {
'fw': fw,
'fw_policy': fw_policy,
'fw_rules': [fw_rule],
}
def _block_certain_ports(self, router_id, **_kwargs):
deny_source_9090 = self.create_firewall_rule(action="deny",
ip_version=6,
source_port=9090,
protocol='tcp')
deny_destination_80 = self.create_firewall_rule(action="deny",
ip_version=6,
destination_port=80,
protocol='tcp')
allow_v6 = self.create_firewall_rule(action="allow", ip_version=6)
allow_v4 = self.create_firewall_rule(action='allow', ip_version=4)
fw_policy = self.create_firewall_policy(firewall_rules=[
deny_source_9090['id'], deny_destination_80['id'], allow_v6['id'],
allow_v4['id']
])
fw = self.create_firewall(firewall_policy_id=fw_policy['id'],
router_ids=[router_id])
self._wait_firewall_ready(fw['id'])
return {
'fw': fw,
'fw_policy': fw_policy,
'fw_rules': (deny_source_9090, deny_destination_80),
}
def _confirm_certain_ports_blocked(self, from_server, to_server):
servers = {'from_server': from_server, 'to_server': to_server}
# icmp not blocked
self.assert_icmp_connectivity(**servers)
# ports that are not blocked
self.assert_tcp_connectivity(destination_port=81,
source_port=9091,
**servers)
# blocked destination port
self.assert_no_tcp_connectivity(destination_port=80,
source_port=9092,
**servers)
# blocked source port
self.assert_no_tcp_connectivity(destination_port=81,
source_port=9090,
**servers)
def _confirm_certain_ports_allowed(self, from_server, to_server):
servers = {'from_server': from_server, 'to_server': to_server}
# icmp not blocked
self.assert_icmp_connectivity(**servers)
# ports that are not blocked
self.assert_tcp_connectivity(destination_port=81,
source_port=9091,
**servers)
# blocked destination port
self.assert_tcp_connectivity(destination_port=80,
source_port=9092,
**servers)
# blocked source port
self.assert_tcp_connectivity(destination_port=81,
source_port=9090,
**servers)
def _remove_rule_and_wait(self, firewall_id, firewall_policy_id,
firewall_rule_id):
self.firewall_policies_client.remove_firewall_rule_from_policy(
firewall_policy_id=firewall_policy_id,
firewall_rule_id=firewall_rule_id)
self._wait_firewall_ready(firewall_id)
def _delete_firewall(self, ctx):
self.delete_firewall_and_wait(ctx['fw']['id'])
def _remove_rule(self, ctx):
for rule in ctx['fw_rules']:
self._remove_rule_and_wait(
firewall_id=ctx['fw']['id'],
firewall_policy_id=ctx['fw_policy']['id'],
firewall_rule_id=rule['id'])
def _disable_rules(self, ctx):
for rule in ctx['fw_rules']:
self.firewall_rules_client.update_firewall_rule(
firewall_rule_id=rule['id'], enabled=False)
self._wait_firewall_ready(ctx['fw']['id'])
def _reverse_rules_order(self, ctx):
self.firewall_policies_client.update_firewall_policy(
ctx['fw_policy']['id'],
firewall_rules=list(reversed(ctx['fw_policy']['firewall_rules'])))
self._wait_firewall_ready(ctx['fw']['id'])
def _confirm_blocked_one_way(self, from_server, to_server, **_kwargs):
# one way
self.assert_no_icmp_connectivity(from_server=from_server,
to_server=to_server)
self.assert_no_tcp_connectivity(from_server=from_server,
to_server=to_server)
# other way
self.assert_icmp_connectivity(from_server=to_server,
to_server=from_server)
self.assert_tcp_connectivity(from_server=to_server,
to_server=from_server)
def _confirm_icmp_blocked_but_tcp_allowed(self, from_server, to_server):
self.assert_no_icmp_connectivity(from_server=from_server,
to_server=to_server)
self.assert_tcp_connectivity(from_server=from_server,
to_server=to_server)
def _create_topology(self, router, cidrv4=None, cidrv6=None):
"""Create a topology for testing
+--------+ +-----------+
|"server"| | "subnet" |
| VM +-------------+ "network" |
+--------+ +----+------+
|
| router interface port
+----+-----+
| "router" |
+----+-----+
| router gateway port
|
|
+----+------------------+
| existing network |
| ("public_network_id") |
+-----------------------+
"""
network = self.create_network()
subnet = self.create_subnet(network, cidr=cidrv4)
subnet6 = self.create_subnet(network, ip_version=6, cidr=cidrv6)
self.router_attach(router, subnet)
self.router_attach(router, subnet6)
security_group = self._create_security_group()
self.create_security_group_rule(security_group,
direction='ingress',
protocol='tcp',
ethertype='IPv6',
port_range_min=80,
port_range_max=9999)
server = self.create_tenant_server([network],
security_groups=[security_group],
prepare_for_connectivity=True)
fixed_ip4 = IPAddress(
server.get_server_ip_in_network(network['name'], 4))
fixed_ip6 = IPAddress(
server.get_server_ip_in_network(network['name'], 6))
return server, fixed_ip4, fixed_ip6
def _test_firewall_basic(self,
block,
allow=None,
confirm_allowed=None,
confirm_blocked=None,
ports_for_webserver=(80, )):
LOG.info('[{}] Begin _test_firewall_basic'.format(self.test_name))
if allow is None:
allow = self._delete_firewall
if confirm_allowed is None:
confirm_allowed = self.assert_connectivity
if confirm_blocked is None:
confirm_blocked = self.assert_no_connectivity
LOG.info('[{}] 1. Creating topology'.format(self.test_name))
router = self._get_router()
(server2, server2_fixed_ip4,
server2_fixed_ip6) = self._create_topology(
router,
cidrv4=IPNetwork('20.0.0.0/24'),
cidrv6=IPNetwork('cafe:bace::/64'))
(server1, server1_fixed_ip4,
server1_fixed_ip6) = self._create_topology(
router,
cidrv4=IPNetwork('10.0.0.0/24'),
cidrv6=IPNetwork('cafe:babe::/64'))
for port in ports_for_webserver:
self.start_web_server(server1, port=port)
self.start_web_server(server2, port=port)
self.sleep(10, 'Naively mitigating slow CI', tag=self.test_name)
server1.echo_debug_info()
server2.echo_debug_info()
LOG.info('[{}] 2. Verify connectivity'.format(self.test_name))
self.assert_connectivity(from_server=server1, to_server=server2)
self.sleep(10, 'Naively mitigating slow CI')
LOG.info('[{}] 3. Create firewall'.format(self.test_name))
ctx = block(server1_fixed_ip=server1_fixed_ip6,
server2_fixed_ip=server2_fixed_ip6,
router_id=router['id'])
self.sleep(10, 'Naively mitigating slow CI', tag=self.test_name)
LOG.info('[{}] 4. Verify no connectivity'.format(self.test_name))
confirm_blocked(from_server=server1, to_server=server2)
LOG.info('[{}] 5. Allow traffic'.format(self.test_name))
allow(ctx)
self.sleep(10, 'Naively mitigating slow CI', tag=self.test_name)
LOG.info('[{}] 6. Verify connectivity'.format(self.test_name))
confirm_allowed(from_server=server1, to_server=server2)
def test_block_port(self):
self._test_firewall_basic(
block=self._block_certain_ports,
confirm_blocked=self._confirm_certain_ports_blocked,
allow=self._disable_rules,
confirm_allowed=self._confirm_certain_ports_allowed,
ports_for_webserver=(80, 81))
def test_firewall_block_source_ip(self):
self._test_firewall_basic(
block=self._block_source_ip,
confirm_blocked=self._confirm_blocked_one_way)
def test_firewall_destination_ip(self):
self._test_firewall_basic(
block=self._block_destination_ip,
confirm_blocked=self._confirm_blocked_one_way)
def test_firewall_block_icmp(self):
self._test_firewall_basic(
block=self._block_icmp,
confirm_blocked=self._confirm_icmp_blocked_but_tcp_allowed)
def test_firewall_remove_rule(self):
self._test_firewall_basic(block=self._block_all_with_default_allow,
allow=self._remove_rule)
def test_firewall_disable_rule(self):
self._test_firewall_basic(block=self._block_all_with_default_allow,
allow=self._disable_rules)
def test_firewall_empty_policy(self):
self._test_firewall_basic(block=self._empty_policy)
def test_firewall_all_disabled_rules(self):
self._test_firewall_basic(block=self._all_disabled_rules)
@testtools.skipIf(Topology.at_nuage('6.0') or Topology.up_to_nuage('5.4'),
reason='VSD-42518')
def test_firewall_order_rules(self):
self._test_firewall_basic(block=self._block_all_with_default_allow,
allow=self._reverse_rules_order)
# Copyright 2017 - Nokia
# All Rights Reserved.
from netaddr import IPAddress
from netaddr import IPNetwork
from .base_nuage_networks_cli import BaseNuageNetworksCliTestCase
from nuage_tempest_plugin.lib.topology import Topology
from nuage_tempest_plugin.lib.utils import constants
from nuage_tempest_plugin.services.nuage_network_client \
import NuageNetworkClientJSON
from nuage_tempest_plugin.tests.api.ipv6.vsd_managed.base_nuage_networks \
import BaseVSDManagedNetworksIPv6Test
from tempest.lib.common.utils import data_utils
LOG = Topology.get_logger(__name__)
VALID_MAC_ADDRESS = 'fa:fa:3e:e8:e8:01'
VALID_MAC_ADDRESS_2A = 'fa:fa:3e:e8:e8:2a'
VALID_MAC_ADDRESS_2B = 'fa:fa:3e:e8:e8:2b'
SPOOFING_ENABLED = constants.ENABLED
SPOOFING_DISABLED = (constants.INHERITED
if Topology.is_v5 else constants.DISABLED)
###############################################################################
# MultiVIP . allowed address pairs
###############################################################################
class OSManagedAllowedAddressPairsCliTest(BaseNuageNetworksCliTestCase,
BaseVSDManagedNetworksIPv6Test):
class NuageFloatingIPProprietaryQosTest(
test_floatingip.FloatingIpTestCasesMixin,
base_nuage_qos.NuageQoSTestMixin, neutron_base.BaseTempestTestCase):
same_network = True
@classmethod
@utils.requires_ext(extension="router", service="network")
def resource_setup(cls):
super(NuageFloatingIPProprietaryQosTest, cls).resource_setup()
@testtools.skipIf(Topology.before_nuage('20.10'), 'VRS-47436')
def test_qos(self):
"""Test floating IP is binding to a QoS policy with
ingress and egress bandwidth limit rules. And it applied correctly
by sending a file from the instance to the test node.
Then calculating the bandwidth every ~1 sec by the number of bits
received / elapsed time.
"""
self._test_basic_resources()
ssh_client = self._create_ssh_client()
fip = self.os_admin.network_client.get_floatingip(
self.fip['id'])['floatingip']
self.assertEqual(self.port['id'], fip['port_id'])
if hasattr(self, 'FILE_SIZE'):
# Queens & Rocky: create file
self._create_file_for_bw_tests(ssh_client)
# Check bw not limited
unlimited_bw = sys.maxsize
common_utils.wait_until_true(
lambda: self._check_bw(ssh_client,
self.fip['floating_ip_address'],
port=self.NC_PORT,
expected_bw=unlimited_bw),
timeout=240)
self.os_admin.network_client.update_floatingip(
self.fip['id'],
nuage_egress_fip_rate_kbps=500,
nuage_ingress_fip_rate_kbps=1000)
expected_egress_bw = 500 * 1024 * self.TOLERANCE_FACTOR / 8.0
expected_ingress_bw = 1000 * 1024 * self.TOLERANCE_FACTOR / 8.0
common_utils.wait_until_true(
lambda: self._check_bw(ssh_client,
self.fip['floating_ip_address'],
port=self.NC_PORT,
expected_bw=expected_egress_bw),
timeout=120,
sleep=1)
common_utils.wait_until_true(
lambda: self._check_bw_ingress(ssh_client,
self.fip['floating_ip_address'],
port=self.NC_PORT + 1,
expected_bw=expected_ingress_bw),
timeout=120,
sleep=1)
# Update floating ip QOS to new value
self.os_admin.network_client.update_floatingip(
self.fip['id'],
nuage_egress_fip_rate_kbps=200,
nuage_ingress_fip_rate_kbps=400)
expected_egress_bw = 200 * 1024 * self.TOLERANCE_FACTOR / 8.0
expected_ingress_bw = 400 * 1024 * self.TOLERANCE_FACTOR / 8.0
common_utils.wait_until_true(
lambda: self._check_bw(ssh_client,
self.fip['floating_ip_address'],
port=self.NC_PORT,
expected_bw=expected_egress_bw),
timeout=120,
sleep=1)
common_utils.wait_until_true(
lambda: self._check_bw_ingress(ssh_client,
self.fip['floating_ip_address'],
port=self.NC_PORT + 1,
expected_bw=expected_ingress_bw),
timeout=120,
sleep=1)
