def _cli_create_os_l3_vsd_managed_subnet(self, vsd_l3_subnet): network = self.create_network_with_args( data_utils.rand_name('cli-osl3network')) subnet_name = data_utils.rand_name('cli-subnet') prefixlen = mask_to_prefix(vsd_l3_subnet.netmask) cidr4 = "%s/%d" % (vsd_l3_subnet.address, prefixlen) subnet4 = self.create_subnet_with_args( network['name'], cidr4, "--name", data_utils.rand_name('cli-osl3subnet'), "--net-partition ", Topology.def_netpartition, "--nuagenet ", vsd_l3_subnet.id) cidr6 = vsd_l3_subnet.ipv6_address subnet6 = None if cidr6: if Topology.up_to_openstack('train'): set_gateway = '' # rely on OpenStack's default ::1 gateway else: # set gw explicitly to ::1, as Ussuri++ defaults to ::0 set_gateway = '--gateway {}'.format(IPNetwork(cidr6)[1]) subnet6 = self.create_subnet_with_args( network['name'], cidr6, "--name ", subnet_name + "-6", "--ip-version 6", set_gateway, "--disable-dhcp", "--net-partition", Topology.def_netpartition, "--nuagenet", vsd_l3_subnet.id) self.addCleanup(self._delete_subnet, subnet6['id']) self.subnets.remove(subnet6) return network, subnet4, subnet6
def _test_create_show_delete_security_group_rule(self, ipv6=False): group_create_body, _ = self._create_security_group() security_group_id = group_create_body['security_group']['id'] # create a nuage port to create sg on VSD. self._create_nuage_port_with_security_group([security_group_id], self.network) if ipv6: if Topology.up_to_openstack('stein'): protocols = (n_constants.IPV6_PROTO_NAME + [n_constants.IPV6_PROTO_NAME_LEGACY]) else: # Train onwards, legacy is canonicalized # https://review.opendev.org/#/c/453346/14 protocols = n_constants.IPV6_PROTO_NAME else: protocols = n_constants.IPV4_PROTO_NAME # Create rules for each protocol for protocol in protocols: rule_create_body = ( self.security_group_rules_client.create_security_group_rule( security_group_id=security_group_id, protocol=protocol, direction='ingress', ethertype=self.ethertype)) # Show details of the created security rule show_rule_body = ( self.security_group_rules_client.show_security_group_rule( rule_create_body['security_group_rule']['id'])) create_dict = rule_create_body['security_group_rule'] for key, value in iteritems(create_dict): self.assertEqual(value, show_rule_body['security_group_rule'][key], "%s does not match." % key) self._verify_nuage_acl(rule_create_body['security_group_rule'], expected_stateful='icmp' not in protocol) # List rules and verify created rule is in response rule_list_body = ( self.security_group_rules_client.list_security_group_rules()) rule_list = [ rule['id'] for rule in rule_list_body['security_group_rules'] ] self.assertIn(rule_create_body['security_group_rule']['id'], rule_list)
def test_create_update_delete_sg(self): sg = self.create_security_group() sg2 = self.create_security_group() # Create for ipversions: # - normal rule, for all applicable protocols # - normal rule, TCP protocol, port 80 # - normal rule, UDP protocol, port 80, egress # - networkmacro rule for 90.0.0.0/24 # - remote group id rule for SG2 for ip_version in self.ip_versions: ethertype = 'IPv' + str(ip_version) # - normal rule, for all applicable protocols if ip_version == 6: if Topology.up_to_openstack('stein'): protocols = (n_constants.IPV6_PROTO_NAME + [n_constants.IPV6_PROTO_NAME_LEGACY]) else: # Train onwards, legacy is canonicalized # https://review.opendev.org/#/c/453346/14 protocols = n_constants.IPV6_PROTO_NAME else: protocols = n_constants.IPV4_PROTO_NAME for protocol in protocols: self.create_security_group_rule_with_manager( sg, protocol=protocol, direction='ingress', ethertype=ethertype) # - normal rule, TCP protocol, port 80 self.create_security_group_rule_with_manager(sg, protocol='tcp', direction='ingress', ethertype=ethertype, port_range_min=80, port_range_max=80) # - normal rule, UDP protocol, port 80, egress self.create_security_group_rule_with_manager(sg, protocol='udp', direction='egress', ethertype=ethertype, port_range_min=80, port_range_max=80) # - networkmacro rule for 90.0.0.0/24 or cafe:babe::/64 remote_ip_prefix = ('90.0.0.0/24' if ip_version == 4 else 'cafe:babe::/64') self.create_security_group_rule_with_manager( sg, direction='egress', ethertype=ethertype, remote_ip_prefix=remote_ip_prefix) # - remote group id rule for SG2 self.create_security_group_rule_with_manager( sg, direction='egress', ethertype=ethertype, remote_group_id=sg2['id']) port = self.create_port(self.network, security_groups=[sg['id']]) # Verify VSD # Get updated SG with SGRules sg = self.get_security_group(sg['id']) self._verify_sg(sg, ports=[port]) # Update Security group name name = "updated SG name" sg = self.update_security_group(sg, name=name) self._verify_sg(sg, ports=[port]) # Delete port from SG self.delete_port(port) # cleanup happens before 20.10, not after. pg_expected = Topology.from_nuage('20.10') self._verify_sg(sg, ports=[], pg_expected_without_port=pg_expected)