def test_create_bgp_speaker_illegal_local_asn(self):
wrong_asn = 65537
if utils.is_extension_enabled('bgp_4byte_asn', 'network'):
wrong_asn = 4294967296
self.assertRaises(lib_exc.BadRequest,
self.create_bgp_speaker,
local_as=wrong_asn)
def get_project_cleanup_services():
project_services = []
# TODO(gmann): Tempest should provide some plugin hook for cleanup
# script extension to plugin tests also.
if IS_NOVA:
project_services.append(ServerService)
project_services.append(KeyPairService)
project_services.append(ServerGroupService)
project_services.append(NovaQuotaService)
if IS_NEUTRON:
project_services.append(NetworkFloatingIpService)
if utils.is_extension_enabled('metering', 'network'):
project_services.append(NetworkMeteringLabelRuleService)
project_services.append(NetworkMeteringLabelService)
project_services.append(NetworkRouterService)
project_services.append(NetworkPortService)
project_services.append(NetworkSubnetService)
project_services.append(NetworkService)
project_services.append(NetworkSecGroupService)
project_services.append(NetworkSubnetPoolsService)
if IS_CINDER:
project_services.append(SnapshotService)
project_services.append(VolumeService)
project_services.append(VolumeQuotaService)
return project_services
def skip_checks(cls):
super(AutoAllocateNetworkTest, cls).skip_checks()
if not CONF.service_available.neutron:
raise cls.skipException('Neutron is required')
if not utils.is_extension_enabled('auto-allocated-topology',
'network'):
raise cls.skipException(
'auto-allocated-topology extension is not available')
def resource_setup(cls):
super(BaseFlowClassifierTest, cls).resource_setup()
if not utils.is_extension_enabled('flow_classifier', 'network'):
msg = "FlowClassifier Extension not enabled."
raise cls.skipException(msg)
cls.network = cls.create_network()
cls.subnet = cls.create_subnet(cls.network)
cls.host_id = socket.gethostname()
def skip_checks(cls):
super(BaseTestCase, cls).skip_checks()
cfg = config.network
if not utils.is_extension_enabled('lbaasv2', 'network'):
msg = 'LBaaS Extension is not enabled'
raise cls.skipException(msg)
if not (cfg.project_networks_reachable or cfg.public_network_id):
msg = ('Either tenant_networks_reachable must be "true", or '
'public_network_id must be defined.')
raise cls.skipException(msg)
def skip_checks(cls):
super(FloatingIPAdminTestJSON, cls).skip_checks()
if not utils.is_extension_enabled('router', 'network'):
msg = "router extension not enabled."
raise cls.skipException(msg)
if not CONF.network.public_network_id:
msg = "The public_network_id option must be specified."
raise cls.skipException(msg)
if not CONF.network_feature_enabled.floating_ips:
raise cls.skipException("Floating ips are not available")
def test_list_networks_fields(self):
# Verify specific fields of the networks
fields = ['id', 'name']
if utils.is_extension_enabled('net-mtu', 'network'):
fields.append('mtu')
body = self.networks_client.list_networks(fields=fields)
networks = body['networks']
self.assertNotEmpty(networks, "Network list returned is empty")
for network in networks:
self.assertEqual(sorted(network.keys()), sorted(fields))
def _setup_server(self, keypair):
security_groups = []
if utils.is_extension_enabled('security-group', 'network'):
security_group = self._create_security_group()
security_groups = [{'name': security_group['name']}]
network, _, _ = self.create_networks()
server = self.create_server(
networks=[{'uuid': network['id']}],
key_name=keypair['name'],
security_groups=security_groups)
return server
def resource_setup(cls):
super(TestPools, cls).resource_setup()
if not utils.is_extension_enabled('lbaasv2', 'network'):
msg = "lbaas extension not enabled."
raise cls.skipException(msg)
network_name = data_utils.rand_name('network-')
cls.network = cls.create_network(network_name)
cls.subnet = cls.create_subnet(cls.network)
cls.load_balancer = cls._create_load_balancer(
tenant_id=cls.subnet.get('tenant_id'),
vip_subnet_id=cls.subnet.get('id'))
def setUp(self):
LOG.debug("Initializing FWaaSScenarioTest Setup")
super(TestFWaaS_v2, self).setUp()
required_exts = ['fwaas_v2', 'security-group', 'router']
# if self.router_insertion:
# required_exts.append('fwaasrouterinsertion')
for ext in required_exts:
if not utils.is_extension_enabled(ext, 'network'):
msg = "%s Extension not enabled." % ext
raise self.skipException(msg)
LOG.debug("FWaaSScenarioTest Setup done.")
def resource_setup(cls):
super(BgpSpeakerTestJSONBase, cls).resource_setup()
if not utils.is_extension_enabled('bgp', 'network'):
msg = "BGP Speaker extension is not enabled."
raise cls.skipException(msg)
cls.admin_routerports = []
cls.admin_floatingips = []
cls.admin_routers = []
cls.ext_net_id = CONF.network.public_network_id
cls._setup_bgp_admin_client()
cls._setup_bgp_non_admin_client()
def test_show_network_fields(self):
# Verify specific fields of a network
fields = ['id', 'name']
if utils.is_extension_enabled('net-mtu', 'network'):
fields.append('mtu')
body = self.networks_client.show_network(self.network['id'],
fields=fields)
network = body['network']
self.assertEqual(sorted(network.keys()), sorted(fields))
for field_name in fields:
self.assertEqual(network[field_name], self.network[field_name])
self.assertNotIn('tenant_id', network)
self.assertNotIn('project_id', network)
def resource_setup(cls):
super(LoadBalancersTestJSON, cls).resource_setup()
if not utils.is_extension_enabled('lbaasv2', 'network'):
msg = "lbaas extension not enabled."
raise cls.skipException(msg)
network_name = data_utils.rand_name('network')
cls.network = cls.create_network(network_name)
cls.subnet = cls.create_subnet(cls.network)
cls.create_lb_kwargs = {'tenant_id': cls.subnet['tenant_id'],
'vip_subnet_id': cls.subnet['id']}
cls.load_balancer = \
cls._create_active_load_balancer(**cls.create_lb_kwargs)
cls.load_balancer_id = cls.load_balancer['id']
def skip_checks(cls):
super(TestNetworkBasicOps, cls).skip_checks()
if not (CONF.network.project_networks_reachable
or CONF.network.public_network_id):
msg = ('Either project_networks_reachable must be "true", or '
'public_network_id must be defined.')
raise cls.skipException(msg)
for ext in ['router', 'security-group']:
if not utils.is_extension_enabled(ext, 'network'):
msg = "%s extension not enabled." % ext
raise cls.skipException(msg)
if not CONF.network_feature_enabled.floating_ips:
raise cls.skipException("Floating ips are not available")
def test_list_show_extensions(self):
# List available extensions for the project
expected_alias = ['security-group', 'l3_agent_scheduler',
'ext-gw-mode', 'binding', 'quotas',
'agent', 'dhcp_agent_scheduler', 'provider',
'router', 'extraroute', 'external-net',
'allowed-address-pairs', 'extra_dhcp_opt',
'metering', 'dvr']
expected_alias = [ext for ext in expected_alias if
utils.is_extension_enabled(ext, 'network')]
actual_alias = list()
extensions = self.network_extensions_client.list_extensions()
list_extensions = extensions['extensions']
# Show and verify the details of the available extensions
for ext in list_extensions:
ext_name = ext['name']
ext_alias = ext['alias']
actual_alias.append(ext['alias'])
ext_details = self.network_extensions_client.show_extension(
ext_alias)
ext_details = ext_details['extension']
self.assertIsNotNone(ext_details)
self.assertIn('updated', ext_details.keys())
self.assertIn('name', ext_details.keys())
self.assertIn('description', ext_details.keys())
self.assertIn('links', ext_details.keys())
self.assertIn('alias', ext_details.keys())
self.assertEqual(ext_details['name'], ext_name)
self.assertEqual(ext_details['alias'], ext_alias)
self.assertEqual(ext_details, ext)
# Verify if expected extensions are present in the actual list
# of extensions returned, but only for those that have been
# enabled via configuration
for e in expected_alias:
if utils.is_extension_enabled(e, 'network'):
self.assertIn(e, actual_alias)
def resource_setup(cls):
super(TestHealthMonitors, cls).resource_setup()
if not utils.is_extension_enabled('lbaasv2', 'network'):
msg = "lbaas extension not enabled."
raise cls.skipException(msg)
network_name = data_utils.rand_name('network-')
cls.network = cls.create_network(network_name)
cls.subnet = cls.create_subnet(cls.network)
cls.load_balancer = cls._create_load_balancer(
tenant_id=cls.subnet.get('tenant_id'),
vip_subnet_id=cls.subnet.get('id'))
cls.listener = cls._create_listener(
loadbalancer_id=cls.load_balancer.get('id'),
protocol=cls.listener_protocol, protocol_port=80)
cls.pool = cls._create_pool(
protocol=cls.pool_protocol, lb_algorithm='ROUND_ROBIN',
listener_id=cls.listener.get('id'))
def resource_setup(cls):
super(LoadBalancersTestAdmin, cls).resource_setup()
if not utils.is_extension_enabled('lbaasv2', 'network'):
msg = "lbaas extension not enabled."
raise cls.skipException(msg)
network_name = data_utils.rand_name('network')
cls.network = cls.create_network(network_name)
cls.subnet = cls.create_subnet(cls.network)
cls.load_balancer = cls.load_balancers_client.create_load_balancer(
vip_subnet_id=cls.subnet['id'])
cls._wait_for_load_balancer_status(cls.load_balancer['id'])
cls.tenant = 'deffb4d7c0584e89a8ec99551565713c'
cls.tenant_load_balancer = (
cls.load_balancers_client.create_load_balancer(
vip_subnet_id=cls.subnet['id'],
tenant_id=cls.tenant))
cls._wait_for_load_balancer_status(cls.tenant_load_balancer['id'])
def resource_setup(cls):
super(BgpSpeakerScenarioTestJSONBase, cls).resource_setup()
if not utils.is_extension_enabled('bgp', 'network'):
msg = "BGP Speaker extension is not enabled."
raise cls.skipException(msg)
cls.images = []
cls.containers = []
cls.r_ass = []
cls.r_as_ip = []
cls.bridges = []
cls.admin_routerports = []
cls.admin_floatingips = []
cls.admin_routers = []
cls.admin_router_ip = []
cls.resource_setup_container()
cls._setup_bgp_admin_client()
cls._setup_bgp_non_admin_client()
cls.lock = threading.Lock()
def skip_checks(cls):
super(TestSecurityGroupsBasicOps, cls).skip_checks()
if CONF.network.port_vnic_type in ['direct', 'macvtap']:
msg = ('Not currently supported when using vnic_type'
' direct or macvtap')
raise cls.skipException(msg)
if not (CONF.network.project_networks_reachable or
CONF.network.public_network_id):
msg = ('Either project_networks_reachable must be "true", or '
'public_network_id must be defined.')
raise cls.skipException(msg)
if not utils.is_extension_enabled('security-group', 'network'):
msg = "security-group extension not enabled."
raise cls.skipException(msg)
if CONF.network.shared_physical_network:
msg = ('Deployment uses a shared physical network, security '
'groups not supported')
raise cls.skipException(msg)
if not CONF.network_feature_enabled.floating_ips:
raise cls.skipException("Floating ips are not available")
def test_delete_external_networks_with_floating_ip(self):
# Verifies external network can be deleted while still holding
# (unassociated) floating IPs
body = self.admin_networks_client.create_network(
**{'router:external': True})
external_network = body['network']
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.admin_networks_client.delete_network,
external_network['id'])
subnet = self.create_subnet(
external_network, client=self.admin_subnets_client,
enable_dhcp=False)
body = self.admin_floating_ips_client.create_floatingip(
floating_network_id=external_network['id'])
created_floating_ip = body['floatingip']
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.admin_floating_ips_client.delete_floatingip,
created_floating_ip['id'])
if utils.is_extension_enabled('filter-validation', 'network'):
floatingip_list = self.admin_floating_ips_client.list_floatingips(
floating_network_id=external_network['id'])
else:
# NOTE(hongbin): This is for testing the backward-compatibility
# of neutron API although the parameter is a wrong filter
# for listing floating IPs.
floatingip_list = self.admin_floating_ips_client.list_floatingips(
invalid_filter=external_network['id'])
self.assertIn(created_floating_ip['id'],
(f['id'] for f in floatingip_list['floatingips']))
self.admin_networks_client.delete_network(external_network['id'])
# Verifies floating ip is deleted
floatingip_list = self.admin_floating_ips_client.list_floatingips()
self.assertNotIn(created_floating_ip['id'],
(f['id'] for f in floatingip_list['floatingips']))
# Verifies subnet is deleted
subnet_list = self.admin_subnets_client.list_subnets()
self.assertNotIn(subnet['id'],
(s['id'] for s in subnet_list))
def resource_setup(cls):
super(MemberTestJSON, cls).resource_setup()
if not utils.is_extension_enabled("lbaasv2", "network"):
msg = "lbaas extension not enabled."
raise cls.skipException(msg)
network_name = data_utils.rand_name('network-')
cls.network = cls.create_network(network_name)
cls.subnet = cls.create_subnet(cls.network)
cls.tenant_id = cls.subnet.get('tenant_id')
cls.subnet_id = cls.subnet.get('id')
cls.load_balancer = cls._create_active_load_balancer(
tenant_id=cls.tenant_id,
vip_subnet_id=cls.subnet.get('id'))
cls.load_balancer_id = cls.load_balancer.get("id")
cls.listener = cls._create_listener(
loadbalancer_id=cls.load_balancer.get('id'),
protocol=cls.listener_protocol, protocol_port=80)
cls.listener_id = cls.listener.get('id')
cls.pool = cls._create_pool(protocol=cls.pool_protocol,
tenant_id=cls.tenant_id,
lb_algorithm='ROUND_ROBIN',
listener_id=cls.listener_id)
cls.pool_id = cls.pool.get('id')
def skip_checks(cls):
super(CapabilitiesV3RbacTest, cls).skip_checks()
if not utils.is_extension_enabled('capabilities', 'volume'):
msg = "%s skipped as capabilities not enabled." % cls.__name__
raise cls.skipException(msg)
def skip_checks(cls):
super(EC2CredentialsTest, cls).skip_checks()
if not utils.is_extension_enabled('OS-EC2', 'identity'):
msg = "OS-EC2 identity extension not enabled."
raise cls.skipException(msg)
def skip_checks(cls):
super(MigrationsRbacTest, cls).skip_checks()
if not utils.is_extension_enabled('os-migrations', 'compute'):
msg = "%s skipped as os-migrations not enabled." % cls.__name__
raise cls.skipException(msg)
def skip_checks(cls):
super(RoutersTestDVR, cls).skip_checks()
for ext in ['router', 'dvr']:
if not utils.is_extension_enabled(ext, 'network'):
msg = "%s extension not enabled." % ext
raise cls.skipException(msg)
def skip_checks(cls):
super(QosExtRbacTest, cls).skip_checks()
if not utils.is_extension_enabled('qos', 'network'):
msg = "qos extension not enabled."
raise cls.skipException(msg)
def skip_checks(cls):
super(VolumeServicesV3RbacTest, cls).skip_checks()
if not utils.is_extension_enabled('os-services', 'volume'):
msg = "%s skipped as os-services not enabled." % cls.__name__
raise cls.skipException(msg)
def skip_checks(cls):
super(RoutersTest, cls).skip_checks()
if not utils.is_extension_enabled('router', 'network'):
msg = "router extension not enabled."
raise cls.skipException(msg)
def skip_checks(cls):
super(QuotaSetsRbacTest, cls).skip_checks()
if not utils.is_extension_enabled('os-quota-sets', 'compute'):
msg = "%s skipped as os-quota-sets extension not enabled."\
% cls.__name__
raise cls.skipException(msg)
def skip_checks(cls):
super(SchedulerStatsV3RbacTest, cls).skip_checks()
if not utils.is_extension_enabled('scheduler-stats', 'volume'):
msg = "%s skipped as scheduler-stats not enabled." % cls.__name__
raise cls.skipException(msg)
def skip_checks(cls):
super(ServerTagsTestJSON, cls).skip_checks()
if not utils.is_extension_enabled('os-server-tags', 'compute'):
msg = "os-server-tags extension is not enabled."
raise cls.skipException(msg)
def skip_checks(cls):
super(ExtraDHCPOptionsTestJSON, cls).skip_checks()
if not utils.is_extension_enabled('extra_dhcp_opt', 'network'):
msg = "Extra DHCP Options extension not enabled."
raise cls.skipException(msg)
def skip_checks(cls):
super(FlavorsExtraSpecsNegativeTestJSON, cls).skip_checks()
if not utils.is_extension_enabled('OS-FLV-EXT-DATA', 'compute'):
msg = "OS-FLV-EXT-DATA extension not enabled."
raise cls.skipException(msg)
def skip_checks(cls):
super(BaseBgpvpnTest, cls).skip_checks()
if not utils.is_extension_enabled('bgpvpn', 'network'):
msg = "Bgpvpn extension not enabled."
raise cls.skipException(msg)
def skip_checks(cls):
super(NovaAvailabilityZoneRbacTest, cls).skip_checks()
if not utils.is_extension_enabled('os-availability-zone', 'compute'):
msg = ("%s skipped as os-availability-zone not "
"enabled." % cls.__name__)
raise cls.skipException(msg)
class PortsTestJSON(sec_base.BaseSecGroupTest):
"""Test the following operations for ports:
port create
port delete
port list
port show
port update
"""
@classmethod
def resource_setup(cls):
super(PortsTestJSON, cls).resource_setup()
cls.network = cls.create_network()
cls.port = cls.create_port(cls.network)
def _delete_port(self, port_id):
self.ports_client.delete_port(port_id)
body = self.ports_client.list_ports()
ports_list = body['ports']
self.assertFalse(port_id in [n['id'] for n in ports_list])
def _create_subnet(self,
network,
gateway='',
cidr=None,
mask_bits=None,
**kwargs):
subnet = self.create_subnet(network, gateway, cidr, mask_bits)
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.subnets_client.delete_subnet, subnet['id'])
return subnet
def _create_network(self, network_name=None, **kwargs):
network_name = network_name or data_utils.rand_name(
self.__class__.__name__)
network = self.networks_client.create_network(name=network_name,
**kwargs)['network']
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.networks_client.delete_network, network['id'])
return network
@decorators.attr(type='smoke')
@decorators.idempotent_id('c72c1c0c-2193-4aca-aaa4-b1442640f51c')
def test_create_update_delete_port(self):
"""Test creating, updating and deleting port"""
# Verify port creation
body = self.ports_client.create_port(network_id=self.network['id'],
name=data_utils.rand_name(
self.__class__.__name__))
port = body['port']
# Schedule port deletion with verification upon test completion
self.addCleanup(self.ports_client.wait_for_resource_deletion,
port['id'])
self.addCleanup(self._delete_port, port['id'])
self.assertTrue(port['admin_state_up'])
# Verify port update
new_name = "New_Port"
body = self.ports_client.update_port(port['id'],
name=new_name,
admin_state_up=False)
updated_port = body['port']
self.assertEqual(updated_port['name'], new_name)
self.assertFalse(updated_port['admin_state_up'])
@decorators.idempotent_id('67f1b811-f8db-43e2-86bd-72c074d4a42c')
def test_create_bulk_port(self):
"""Test creating multiple ports in a single request"""
network1 = self.network
network2 = self._create_network()
network_list = [network1['id'], network2['id']]
port_list = [{'network_id': net_id} for net_id in network_list]
body = self.ports_client.create_bulk_ports(ports=port_list)
created_ports = body['ports']
port1 = created_ports[0]
port2 = created_ports[1]
self.addCleanup(self.ports_client.wait_for_resource_deletion,
port1['id'])
self.addCleanup(self.ports_client.wait_for_resource_deletion,
port2['id'])
self.addCleanup(self._delete_port, port1['id'])
self.addCleanup(self._delete_port, port2['id'])
self.assertEqual(port1['network_id'], network1['id'])
self.assertEqual(port2['network_id'], network2['id'])
self.assertTrue(port1['admin_state_up'])
self.assertTrue(port2['admin_state_up'])
@decorators.attr(type='smoke')
@decorators.idempotent_id('0435f278-40ae-48cb-a404-b8a087bc09b1')
def test_create_port_in_allowed_allocation_pools(self):
"""Test creating port in allowed allocation pools"""
network = self._create_network()
net_id = network['id']
address = self.cidr
address.prefixlen = self.mask_bits
if ((address.version == 4 and address.prefixlen >= 30)
or (address.version == 6 and address.prefixlen >= 126)):
msg = ("Subnet %s isn't large enough for the test" % address.cidr)
raise exceptions.InvalidConfiguration(msg)
allocation_pools = {
'allocation_pools': [{
'start': str(address[2]),
'end': str(address[-2])
}]
}
self._create_subnet(network,
cidr=address,
mask_bits=address.prefixlen,
**allocation_pools)
body = self.ports_client.create_port(network_id=net_id,
name=data_utils.rand_name(
self.__class__.__name__))
self.addCleanup(self.ports_client.wait_for_resource_deletion,
body['port']['id'])
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.ports_client.delete_port, body['port']['id'])
port = body['port']
ip_address = port['fixed_ips'][0]['ip_address']
start_ip_address = allocation_pools['allocation_pools'][0]['start']
end_ip_address = allocation_pools['allocation_pools'][0]['end']
ip_range = netaddr.IPRange(start_ip_address, end_ip_address)
self.assertIn(ip_address, ip_range)
self.ports_client.delete_port(port['id'])
@decorators.attr(type='smoke')
@decorators.idempotent_id('c9a685bd-e83f-499c-939f-9f7863ca259f')
def test_show_port(self):
"""Verify the details of port"""
body = self.ports_client.show_port(self.port['id'])
port = body['port']
self.assertIn('id', port)
# NOTE(rfolco): created_at and updated_at may get inconsistent values
# due to possible delay between POST request and resource creation.
# TODO(rfolco): Neutron Bug #1365341 is fixed, can remove the key
# extra_dhcp_opts in the O release (K/L gate jobs still need it).
self.assertThat(
self.port,
custom_matchers.MatchesDictExceptForKeys(
port,
excluded_keys=['extra_dhcp_opts', 'created_at', 'updated_at']))
@decorators.idempotent_id('45fcdaf2-dab0-4c13-ac6c-fcddfb579dbd')
def test_show_port_fields(self):
"""Verify specific fields of a port"""
fields = ['id', 'mac_address']
body = self.ports_client.show_port(self.port['id'], fields=fields)
port = body['port']
self.assertEqual(sorted(port.keys()), sorted(fields))
for field_name in fields:
self.assertEqual(port[field_name], self.port[field_name])
@decorators.attr(type='smoke')
@decorators.idempotent_id('cf95b358-3e92-4a29-a148-52445e1ac50e')
def test_list_ports(self):
"""Verify the port exists in the list of all ports"""
body = self.ports_client.list_ports()
ports = [
port['id'] for port in body['ports']
if port['id'] == self.port['id']
]
self.assertNotEmpty(ports, "Created port not found in the list")
@decorators.idempotent_id('e7fe260b-1e79-4dd3-86d9-bec6a7959fc5')
def test_port_list_filter_by_ip(self):
"""Test listing ports filtered by ip"""
# Create network and subnet
network = self._create_network()
self._create_subnet(network)
# Create two ports
port_1 = self.ports_client.create_port(network_id=network['id'],
name=data_utils.rand_name(
self.__class__.__name__))
self.addCleanup(self.ports_client.wait_for_resource_deletion,
port_1['port']['id'])
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.ports_client.delete_port, port_1['port']['id'])
port_2 = self.ports_client.create_port(network_id=network['id'],
name=data_utils.rand_name(
self.__class__.__name__))
self.addCleanup(self.ports_client.wait_for_resource_deletion,
port_2['port']['id'])
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.ports_client.delete_port, port_2['port']['id'])
# List ports filtered by fixed_ips
port_1_fixed_ip = port_1['port']['fixed_ips'][0]['ip_address']
fixed_ips = 'ip_address=' + port_1_fixed_ip
port_list = self.ports_client.list_ports(fixed_ips=fixed_ips)
# Check that we got the desired port
ports = port_list['ports']
project_ids = set([port['project_id'] for port in ports])
self.assertEqual(len(project_ids), 1,
'Ports from multiple projects are in the list resp')
port_ids = [port['id'] for port in ports]
fixed_ips = [port['fixed_ips'] for port in ports]
port_net_ids = [port['network_id'] for port in ports]
self.assertIn(port_1['port']['id'], port_ids)
self.assertIn(network['id'], port_net_ids)
# Check that every port has a fixed_ip that matches the query
for addr in fixed_ips:
port_ips = [port['ip_address'] for port in addr]
self.assertIn(port_1_fixed_ip, port_ips,
'Port not matching IP filter found')
@decorators.idempotent_id('79895408-85d5-460d-94e7-9531c5fd9123')
@testtools.skipUnless(
utils.is_extension_enabled('ip-substring-filtering', 'network'),
'ip-substring-filtering extension not enabled.')
def test_port_list_filter_by_ip_substr(self):
"""Test listing ports filtered by part of ip address string"""
# Create network and subnet
network = self._create_network()
subnet = self._create_subnet(network)
# Get two IP addresses
ip_address_1 = None
ip_address_2 = None
ip_network = ipaddress.ip_network(str(subnet['cidr']))
for ip in ip_network:
if ip == ip_network.network_address:
continue
if ip_address_1 is None:
ip_address_1 = str(ip)
else:
ip_address_2 = ip_address_1
ip_address_1 = str(ip)
# Make sure these two IP addresses have different substring
if ip_address_1[:-1] != ip_address_2[:-1]:
break
# Create two ports
fixed_ips = [{'subnet_id': subnet['id'], 'ip_address': ip_address_1}]
port_1 = self.ports_client.create_port(network_id=network['id'],
name=data_utils.rand_name(
self.__class__.__name__),
fixed_ips=fixed_ips)
self.addCleanup(self.ports_client.wait_for_resource_deletion,
port_1['port']['id'])
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.ports_client.delete_port, port_1['port']['id'])
fixed_ips = [{'subnet_id': subnet['id'], 'ip_address': ip_address_2}]
port_2 = self.ports_client.create_port(network_id=network['id'],
name=data_utils.rand_name(
self.__class__.__name__),
fixed_ips=fixed_ips)
self.addCleanup(self.ports_client.wait_for_resource_deletion,
port_2['port']['id'])
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.ports_client.delete_port, port_2['port']['id'])
# Scenario 1: List port1 (port2 is filtered out)
if ip_address_1[:-1] != ip_address_2[:-1]:
ips_filter = 'ip_address_substr=' + ip_address_1[:-1]
else:
ips_filter = 'ip_address_substr=' + ip_address_1
ports = self.ports_client.list_ports(fixed_ips=ips_filter)['ports']
# Check that we got the desired port
port_ids = [port['id'] for port in ports]
fixed_ips = [port['fixed_ips'] for port in ports]
port_ips = []
for addr in fixed_ips:
port_ips.extend([a['ip_address'] for a in addr])
port_net_ids = [port['network_id'] for port in ports]
self.assertIn(network['id'], port_net_ids)
self.assertIn(port_1['port']['id'], port_ids)
self.assertIn(port_1['port']['fixed_ips'][0]['ip_address'], port_ips)
self.assertNotIn(port_2['port']['id'], port_ids)
self.assertNotIn(port_2['port']['fixed_ips'][0]['ip_address'],
port_ips)
# Scenario 2: List both port1 and port2
substr = ip_address_1
while substr not in ip_address_2:
substr = substr[:-1]
ips_filter = 'ip_address_substr=' + substr
ports = self.ports_client.list_ports(fixed_ips=ips_filter)['ports']
# Check that we got both port
port_ids = [port['id'] for port in ports]
fixed_ips = [port['fixed_ips'] for port in ports]
port_ips = []
for addr in fixed_ips:
port_ips.extend([a['ip_address'] for a in addr])
port_net_ids = [port['network_id'] for port in ports]
self.assertIn(network['id'], port_net_ids)
self.assertIn(port_1['port']['id'], port_ids)
self.assertIn(port_1['port']['fixed_ips'][0]['ip_address'], port_ips)
self.assertIn(port_2['port']['id'], port_ids)
self.assertIn(port_2['port']['fixed_ips'][0]['ip_address'], port_ips)
@decorators.idempotent_id('5ad01ed0-0e6e-4c5d-8194-232801b15c72')
def test_port_list_filter_by_router_id(self):
"""Test listing ports filtered by router id"""
# Create a router
network = self._create_network()
self._create_subnet(network)
router = self.create_router()
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.routers_client.delete_router, router['id'])
port = self.ports_client.create_port(network_id=network['id'],
name=data_utils.rand_name(
self.__class__.__name__))
# Add router interface to port created above
self.routers_client.add_router_interface(router['id'],
port_id=port['port']['id'])
self.addCleanup(self.ports_client.wait_for_resource_deletion,
port['port']['id'])
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.routers_client.remove_router_interface,
router['id'],
port_id=port['port']['id'])
# List ports filtered by router_id
port_list = self.ports_client.list_ports(device_id=router['id'])
ports = port_list['ports']
self.assertEqual(len(ports), 1)
self.assertEqual(ports[0]['id'], port['port']['id'])
self.assertEqual(ports[0]['device_id'], router['id'])
@decorators.idempotent_id('ff7f117f-f034-4e0e-abff-ccef05c454b4')
def test_list_ports_fields(self):
"""Verify specific fields of ports"""
fields = ['id', 'mac_address']
body = self.ports_client.list_ports(fields=fields)
ports = body['ports']
self.assertNotEmpty(ports, "Port list returned is empty")
# Asserting the fields returned are correct
for port in ports:
self.assertEqual(sorted(fields), sorted(port.keys()))
@decorators.idempotent_id('63aeadd4-3b49-427f-a3b1-19ca81f06270')
def test_create_update_port_with_second_ip(self):
"""Test updating port from 2 fixed ips to 1 fixed ip and vice versa"""
# Create a network with two subnets
network = self._create_network()
subnet_1 = self._create_subnet(network)
subnet_2 = self._create_subnet(network)
fixed_ip_1 = [{'subnet_id': subnet_1['id']}]
fixed_ip_2 = [{'subnet_id': subnet_2['id']}]
fixed_ips = fixed_ip_1 + fixed_ip_2
# Create a port with multiple IP addresses
port = self.create_port(network, fixed_ips=fixed_ips)
self.addCleanup(self.ports_client.wait_for_resource_deletion,
port['id'])
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.ports_client.delete_port, port['id'])
self.assertEqual(2, len(port['fixed_ips']))
check_fixed_ips = [subnet_1['id'], subnet_2['id']]
for item in port['fixed_ips']:
self.assertIn(item['subnet_id'], check_fixed_ips)
# Update the port to return to a single IP address
port = self.update_port(port, fixed_ips=fixed_ip_1)
self.assertEqual(1, len(port['fixed_ips']))
# Update the port with a second IP address from second subnet
port = self.update_port(port, fixed_ips=fixed_ips)
self.assertEqual(2, len(port['fixed_ips']))
def _update_port_with_security_groups(self, security_groups_names):
subnet_1 = self._create_subnet(self.network)
fixed_ip_1 = [{'subnet_id': subnet_1['id']}]
security_groups_list = list()
sec_grps_client = self.security_groups_client
for name in security_groups_names:
group_create_body = sec_grps_client.create_security_group(
name=name)
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.security_groups_client.delete_security_group,
group_create_body['security_group']['id'])
security_groups_list.append(
group_create_body['security_group']['id'])
# Create a port
sec_grp_name = data_utils.rand_name('secgroup')
security_group = sec_grps_client.create_security_group(
name=sec_grp_name)
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.security_groups_client.delete_security_group,
security_group['security_group']['id'])
post_body = {
"name": data_utils.rand_name(self.__class__.__name__),
"security_groups": [security_group['security_group']['id']],
"network_id": self.network['id'],
"admin_state_up": True,
"fixed_ips": fixed_ip_1
}
body = self.ports_client.create_port(**post_body)
self.addCleanup(self.ports_client.wait_for_resource_deletion,
body['port']['id'])
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.ports_client.delete_port, body['port']['id'])
port = body['port']
# Update the port with security groups
subnet_2 = self.create_subnet(self.network)
fixed_ip_2 = [{'subnet_id': subnet_2['id']}]
update_body = {
"name": data_utils.rand_name(self.__class__.__name__),
"admin_state_up": False,
"fixed_ips": fixed_ip_2,
"security_groups": security_groups_list
}
body = self.ports_client.update_port(port['id'], **update_body)
port_show = body['port']
# Verify the security groups and other attributes updated to port
exclude_keys = set(port_show).symmetric_difference(update_body)
exclude_keys.add('fixed_ips')
exclude_keys.add('security_groups')
self.assertThat(
port_show,
custom_matchers.MatchesDictExceptForKeys(update_body,
exclude_keys))
self.assertEqual(fixed_ip_2[0]['subnet_id'],
port_show['fixed_ips'][0]['subnet_id'])
for security_group in security_groups_list:
self.assertIn(security_group, port_show['security_groups'])
@decorators.idempotent_id('58091b66-4ff4-4cc1-a549-05d60c7acd1a')
@testtools.skipUnless(
utils.is_extension_enabled('security-group', 'network'),
'security-group extension not enabled.')
def test_update_port_with_security_group_and_extra_attributes(self):
"""Test updating port's security_group along with extra attributes
First we create a port with one security group, and then we update the
port's security_group, in the same update request we also change
the port's fixed ips.
"""
self._update_port_with_security_groups(
[data_utils.rand_name('secgroup')])
@decorators.idempotent_id('edf6766d-3d40-4621-bc6e-2521a44c257d')
@testtools.skipUnless(
utils.is_extension_enabled('security-group', 'network'),
'security-group extension not enabled.')
def test_update_port_with_two_security_groups_and_extra_attributes(self):
"""Test updating port with two security_groups and extra attributes
First we create a port with one security group, and then we update the
port to two security_groups, in the same update request we also change
the port's fixed ips.
"""
self._update_port_with_security_groups([
data_utils.rand_name('secgroup'),
data_utils.rand_name('secgroup')
])
@decorators.idempotent_id('13e95171-6cbd-489c-9d7c-3f9c58215c18')
def test_create_show_delete_port_user_defined_mac(self):
"""Test creating port with user defined mac address"""
# Create a port for a legal mac
body = self.ports_client.create_port(network_id=self.network['id'],
name=data_utils.rand_name(
self.__class__.__name__))
old_port = body['port']
free_mac_address = old_port['mac_address']
self.ports_client.delete_port(old_port['id'])
# Create a new port with user defined mac
body = self.ports_client.create_port(network_id=self.network['id'],
mac_address=free_mac_address,
name=data_utils.rand_name(
self.__class__.__name__))
self.addCleanup(self.ports_client.wait_for_resource_deletion,
body['port']['id'])
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.ports_client.delete_port, body['port']['id'])
port = body['port']
body = self.ports_client.show_port(port['id'])
show_port = body['port']
self.assertEqual(free_mac_address, show_port['mac_address'])
@decorators.attr(type='smoke')
@decorators.idempotent_id('4179dcb9-1382-4ced-84fe-1b91c54f5735')
@testtools.skipUnless(
utils.is_extension_enabled('security-group', 'network'),
'security-group extension not enabled.')
def test_create_port_with_no_securitygroups(self):
"""Test creating port without security groups"""
network = self._create_network()
self._create_subnet(network)
port = self.create_port(network, security_groups=[])
self.addCleanup(self.ports_client.wait_for_resource_deletion,
port['id'])
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.ports_client.delete_port, port['id'])
self.assertIsNotNone(port['security_groups'])
self.assertEmpty(port['security_groups'])
def skip_checks(cls):
super(RoutersNegativeTest, cls).skip_checks()
if not utils.is_extension_enabled('router', 'network'):
msg = "router extension not enabled."
raise cls.skipException(msg)
def skip_checks(cls):
super(ServerGroupsRbacTest, cls).skip_checks()
if not utils.is_extension_enabled('os-server-groups', 'compute'):
msg = "%s skipped as os-server-groups not enabled." % cls.__name__
raise cls.skipException(msg)
def skip_checks(cls):
super(FlavorsAccessTestJSON, cls).skip_checks()
if not utils.is_extension_enabled('OS-FLV-EXT-DATA', 'compute'):
msg = "OS-FLV-EXT-DATA extension not enabled."
raise cls.skipException(msg)
def skip_checks(cls):
super(SubnetsRbacTest, cls).skip_checks()
if not utils.is_extension_enabled('subnet_allocation', 'network'):
msg = "subnet_allocation extension not enabled."
raise cls.skipException(msg)
def skip_checks(cls):
super(AgentManagementTestJSON, cls).skip_checks()
if not utils.is_extension_enabled('agent', 'network'):
msg = "agent extension not enabled."
raise cls.skipException(msg)
def skip_checks(cls):
super(SecGroupRbacTest, cls).skip_checks()
if not utils.is_extension_enabled('security-group', 'network'):
msg = "security-group extension not enabled."
raise cls.skipException(msg)
def skip_checks(cls):
super(EncryptionTypesV3RbacTest, cls).skip_checks()
if not utils.is_extension_enabled('encryption', 'volume'):
msg = "%s skipped as encryption not enabled." % cls.__name__
raise cls.skipException(msg)
def skip_checks(cls):
super(AllowedAddressPairTestJSON, cls).skip_checks()
if not utils.is_extension_enabled('allowed-address-pairs', 'network'):
msg = "Allowed Address Pairs extension not enabled."
raise cls.skipException(msg)
def skip_checks(cls):
super(ServerGroupTestJSON, cls).skip_checks()
if not utils.is_extension_enabled('os-server-groups', 'compute'):
msg = "os-server-groups extension is not enabled."
raise cls.skipException(msg)
def skip_checks(cls):
super(DvrRoutersNegativeTest, cls).skip_checks()
if not utils.is_extension_enabled('dvr', 'network'):
msg = "DVR extension not enabled."
raise cls.skipException(msg)
def skip_checks(cls):
super(AgentManagementTestJSON, cls).skip_checks()
if not utils.is_extension_enabled('agent', 'network'):
msg = "agent extension not enabled."
raise cls.skipException(msg)
def skip_checks(cls):
super(TestNumaResize, cls).skip_checks()
if not utils.is_extension_enabled('OS-FLV-EXT-DATA', 'compute'):
msg = "OS-FLV-EXT-DATA extension not enabled."
raise cls.skipException(msg)
def skip_checks(cls):
super(QuotasTestJSON, cls).skip_checks()
if not utils.is_extension_enabled('os-quota-sets', 'compute'):
msg = "quotas extension not enabled."
raise cls.skipException(msg)
def skip_checks(cls):
super(AvailabilityZoneExtRbacTest, cls).skip_checks()
if not utils.is_extension_enabled('availability_zone',
'network'):
msg = "network_availability_zone extension not enabled."
raise cls.skipException(msg)
def skip_checks(cls):
super(InheritsV3TestJSON, cls).skip_checks()
if not utils.is_extension_enabled('OS-INHERIT', 'identity'):
raise cls.skipException("Inherits aren't enabled")
def skip_checks(cls):
super(QuotasNegativeTest, cls).skip_checks()
if not utils.is_extension_enabled('quotas', 'network'):
msg = "quotas extension not enabled."
raise cls.skipException(msg)
def skip_checks(cls):
super(VolumeTypesAccessRbacTest, cls).skip_checks()
if not utils.is_extension_enabled('os-volume-type-access', 'volume'):
msg = "os-volume-type-access extension not enabled."
raise cls.skipException(msg)
def resource_setup(cls):
super(FWaaSExtensionTestJSON, cls).resource_setup()
if not utils.is_extension_enabled('fwaas', 'network'):
msg = "FWaaS Extension not enabled."
raise cls.skipException(msg)
def skip_checks(cls):
super(MeteringTestJSON, cls).skip_checks()
if not utils.is_extension_enabled('metering', 'network'):
msg = "metering extension not enabled."
raise cls.skipException(msg)
def skip_checks(cls):
super(QuotasTestJSON, cls).skip_checks()
if not utils.is_extension_enabled('os-quota-sets', 'compute'):
msg = "quotas extension not enabled."
raise cls.skipException(msg)
def skip_checks(cls):
super(QuotasNegativeTest, cls).skip_checks()
if not utils.is_extension_enabled('quotas', 'network'):
msg = "quotas extension not enabled."
raise cls.skipException(msg)
class QuotasTest(base.BaseAdminNetworkTest):
"""Tests the following operations in the Neutron API:
list quotas for projects who have non-default quota values
show quotas for a specified project
update quotas for a specified project
reset quotas to default values for a specified project
v2.0 of the API is assumed.
It is also assumed that the per-project quota extension API is configured
in /etc/neutron/neutron.conf as follows:
quota_driver = neutron.db.quota.driver.DbQuotaDriver
"""
@classmethod
def skip_checks(cls):
super(QuotasTest, cls).skip_checks()
if not utils.is_extension_enabled('quotas', 'network'):
msg = "quotas extension not enabled."
raise cls.skipException(msg)
def _check_quotas(self, new_quotas):
# Add a project to conduct the test
project = data_utils.rand_name('test_project_')
description = data_utils.rand_name('desc_')
project = identity.identity_utils(self.os_admin).create_project(
name=project, description=description)
project_id = project['id']
self.addCleanup(
identity.identity_utils(self.os_admin).delete_project, project_id)
# Change quotas for project
quota_set = self.admin_quotas_client.update_quotas(
project_id, **new_quotas)['quota']
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.admin_quotas_client.reset_quotas, project_id)
for key, value in new_quotas.items():
self.assertEqual(value, quota_set[key])
# Confirm our project is listed among projects with non default quotas
non_default_quotas = self.admin_quotas_client.list_quotas()
found = False
for qs in non_default_quotas['quotas']:
if qs['project_id'] == project_id:
found = True
self.assertTrue(found)
# Confirm from API quotas were changed as requested for project
quota_set = self.admin_quotas_client.show_quotas(project_id)
quota_set = quota_set['quota']
for key, value in new_quotas.items():
self.assertEqual(value, quota_set[key])
# Reset quotas to default and confirm
self.admin_quotas_client.reset_quotas(project_id)
non_default_quotas = self.admin_quotas_client.list_quotas()
for q in non_default_quotas['quotas']:
self.assertNotEqual(project_id, q['project_id'])
quota_set = self.admin_quotas_client.show_quotas(project_id)['quota']
default_quotas = self.admin_quotas_client.show_default_quotas(
project_id)['quota']
self.assertEqual(default_quotas, quota_set)
@decorators.idempotent_id('2390f766-836d-40ef-9aeb-e810d78207fb')
def test_quotas(self):
"""Test update/list/show/reset of network quotas"""
new_quotas = {'network': 0, 'port': 0}
self._check_quotas(new_quotas)
@testtools.skipUnless(
utils.is_extension_enabled('quota_details', 'network'),
'Quota details extension not enabled.')
@decorators.idempotent_id('7b05ec5f-bf44-43cb-b28f-ddd72a824288')
def test_show_quota_details(self):
"""Test showing network quota details"""
# Show quota details for an existing project
quota_details = self.admin_quotas_client.show_quota_details(
self.admin_quotas_client.tenant_id)['quota']
expected_keys = ['used', 'limit', 'reserved']
for resource_type in quota_details:
for key in expected_keys:
self.assertIn(key, quota_details[resource_type])
def skip_checks(cls):
super(MeteringTestJSON, cls).skip_checks()
if not utils.is_extension_enabled('metering', 'network'):
msg = "metering extension not enabled."
raise cls.skipException(msg)
class TestNetworkBasicOps(manager.NetworkScenarioTest):
"""The test suite of network basic operations
This smoke test suite assumes that Nova has been configured to
boot VM's with Neutron-managed networking, and attempts to
verify network connectivity as follows:
There are presumed to be two types of networks: tenant and
public. A tenant network may or may not be reachable from the
Tempest host. A public network is assumed to be reachable from
the Tempest host, and it should be possible to associate a public
('floating') IP address with a tenant ('fixed') IP address to
facilitate external connectivity to a potentially unroutable
tenant IP address.
This test suite can be configured to test network connectivity to
a VM via a tenant network, a public network, or both. If both
networking types are to be evaluated, tests that need to be
executed remotely on the VM (via ssh) will only be run against
one of the networks (to minimize test execution time).
Determine which types of networks to test as follows:
* Configure tenant network checks (via the
'project_networks_reachable' key) if the Tempest host should
have direct connectivity to tenant networks. This is likely to
be the case if Tempest is running on the same host as a
single-node devstack installation with IP namespaces disabled.
* Configure checks for a public network if a public network has
been configured prior to the test suite being run and if the
Tempest host should have connectivity to that public network.
Checking connectivity for a public network requires that a
value be provided for 'public_network_id'. A value can
optionally be provided for 'public_router_id' if tenants will
use a shared router to access a public network (as is likely to
be the case when IP namespaces are not enabled). If a value is
not provided for 'public_router_id', a router will be created
for each tenant and use the network identified by
'public_network_id' as its gateway.
"""
@classmethod
def skip_checks(cls):
super(TestNetworkBasicOps, cls).skip_checks()
if not (CONF.network.project_networks_reachable
or CONF.network.public_network_id):
msg = ('Either project_networks_reachable must be "true", or '
'public_network_id must be defined.')
raise cls.skipException(msg)
for ext in ['router', 'security-group']:
if not utils.is_extension_enabled(ext, 'network'):
msg = "%s extension not enabled." % ext
raise cls.skipException(msg)
if not CONF.network_feature_enabled.floating_ips:
raise cls.skipException("Floating ips are not available")
@classmethod
def setup_credentials(cls):
# Create no network resources for these tests.
cls.set_network_resources()
super(TestNetworkBasicOps, cls).setup_credentials()
def setUp(self):
super(TestNetworkBasicOps, self).setUp()
self.keypairs = {}
self.servers = []
def _setup_network_and_servers(self, **kwargs):
boot_with_port = kwargs.pop('boot_with_port', False)
self.network, self.subnet, self.router = self.create_networks(**kwargs)
self.check_networks()
self.ports = []
port_id = None
if boot_with_port:
# create a port on the network and boot with that
port_id = self._create_port(self.network['id'])['id']
self.ports.append({'port': port_id})
server = self._create_server(self.network, port_id)
self._check_tenant_network_connectivity()
floating_ip = self.create_floating_ip(server)
self.floating_ip_tuple = Floating_IP_tuple(floating_ip, server)
def check_networks(self):
"""Checks that we see the newly created network/subnet/router
via checking the result of list_[networks,routers,subnets]
"""
seen_nets = self.os_admin.networks_client.list_networks()
seen_names = [n['name'] for n in seen_nets['networks']]
seen_ids = [n['id'] for n in seen_nets['networks']]
self.assertIn(self.network['name'], seen_names)
self.assertIn(self.network['id'], seen_ids)
if self.subnet:
seen_subnets = self.os_admin.subnets_client.list_subnets()
seen_net_ids = [n['network_id'] for n in seen_subnets['subnets']]
seen_subnet_ids = [n['id'] for n in seen_subnets['subnets']]
self.assertIn(self.network['id'], seen_net_ids)
self.assertIn(self.subnet['id'], seen_subnet_ids)
if self.router:
seen_routers = self.os_admin.routers_client.list_routers()
seen_router_ids = [n['id'] for n in seen_routers['routers']]
seen_router_names = [n['name'] for n in seen_routers['routers']]
self.assertIn(self.router['name'], seen_router_names)
self.assertIn(self.router['id'], seen_router_ids)
def _create_server(self, network, port_id=None):
keypair = self.create_keypair()
self.keypairs[keypair['name']] = keypair
security_groups = [{'name': self._create_security_group()['name']}]
network = {'uuid': network['id']}
if port_id is not None:
network['port'] = port_id
server = self.create_server(networks=[network],
key_name=keypair['name'],
security_groups=security_groups)
self.servers.append(server)
return server
def _get_server_key(self, server):
return self.keypairs[server['key_name']]['private_key']
def _check_tenant_network_connectivity(self):
ssh_login = CONF.validation.image_ssh_user
for server in self.servers:
# call the common method in the parent class
super(TestNetworkBasicOps, self).\
_check_tenant_network_connectivity(
server, ssh_login, self._get_server_key(server),
servers_for_debug=self.servers)
def check_public_network_connectivity(self,
should_connect=True,
msg=None,
should_check_floating_ip_status=True,
mtu=None):
"""Verifies connectivty to a VM via public network and floating IP
and verifies floating IP has resource status is correct.
:param should_connect: bool. determines if connectivity check is
negative or positive.
:param msg: Failure message to add to Error message. Should describe
the place in the test scenario where the method was called,
to indicate the context of the failure
:param should_check_floating_ip_status: bool. should status of
floating_ip be checked or not
:param mtu: int. MTU network to use for connectivity validation
"""
ssh_login = CONF.validation.image_ssh_user
floating_ip, server = self.floating_ip_tuple
ip_address = floating_ip['floating_ip_address']
private_key = None
floatingip_status = 'DOWN'
if should_connect:
private_key = self._get_server_key(server)
floatingip_status = 'ACTIVE'
# Check FloatingIP Status before initiating a connection
if should_check_floating_ip_status:
self.check_floating_ip_status(floating_ip, floatingip_status)
# call the common method in the parent class
super(TestNetworkBasicOps,
self).check_public_network_connectivity(ip_address,
ssh_login,
private_key,
should_connect,
msg,
self.servers,
mtu=mtu)
def _disassociate_floating_ips(self):
floating_ip, _ = self.floating_ip_tuple
self._disassociate_floating_ip(floating_ip)
self.floating_ip_tuple = Floating_IP_tuple(floating_ip, None)
def _reassociate_floating_ips(self):
floating_ip, server = self.floating_ip_tuple
# create a new server for the floating ip
server = self._create_server(self.network)
self._associate_floating_ip(floating_ip, server)
self.floating_ip_tuple = Floating_IP_tuple(floating_ip, server)
def _create_new_network(self, create_gateway=False):
self.new_net = self._create_network()
if create_gateway:
self.new_subnet = self._create_subnet(network=self.new_net)
else:
self.new_subnet = self._create_subnet(network=self.new_net,
gateway_ip=None)
def _hotplug_server(self):
old_floating_ip, server = self.floating_ip_tuple
ip_address = old_floating_ip['floating_ip_address']
private_key = self._get_server_key(server)
ssh_client = self.get_remote_client(ip_address,
private_key=private_key,
server=server)
old_nic_list = self._get_server_nics(ssh_client)
# get a port from a list of one item
port_list = self.os_admin.ports_client.list_ports(
device_id=server['id'])['ports']
self.assertEqual(1, len(port_list))
old_port = port_list[0]
interface = self.interface_client.create_interface(
server_id=server['id'],
net_id=self.new_net['id'])['interfaceAttachment']
self.addCleanup(self.ports_client.wait_for_resource_deletion,
interface['port_id'])
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.interface_client.delete_interface, server['id'],
interface['port_id'])
def check_ports():
self.new_port_list = [
port for port in self.os_admin.ports_client.list_ports(
device_id=server['id'])['ports']
if port['id'] != old_port['id']
]
return len(self.new_port_list) == 1
if not test_utils.call_until_true(check_ports,
CONF.network.build_timeout,
CONF.network.build_interval):
raise exceptions.TimeoutException(
"No new port attached to the server in time (%s sec)! "
"Old port: %s. Number of new ports: %d" %
(CONF.network.build_timeout, old_port, len(
self.new_port_list)))
new_port = self.new_port_list[0]
def check_new_nic():
new_nic_list = self._get_server_nics(ssh_client)
self.diff_list = [n for n in new_nic_list if n not in old_nic_list]
return len(self.diff_list) == 1
if not test_utils.call_until_true(check_new_nic,
CONF.network.build_timeout,
CONF.network.build_interval):
raise exceptions.TimeoutException("Interface not visible on the "
"guest after %s sec" %
CONF.network.build_timeout)
_, new_nic = self.diff_list[0]
ssh_client.exec_command(
"sudo ip addr add %s/%s dev %s" %
(new_port['fixed_ips'][0]['ip_address'],
CONF.network.project_network_mask_bits, new_nic))
ssh_client.exec_command("sudo ip link set %s up" % new_nic)
def _get_server_nics(self, ssh_client):
reg = re.compile(r'(?P<num>\d+): (?P<nic_name>\w+)[@]?.*:')
ipatxt = ssh_client.exec_command("ip address")
return reg.findall(ipatxt)
def _check_network_internal_connectivity(self,
network,
should_connect=True):
"""via ssh check VM internal connectivity:
- ping internal gateway and DHCP port, implying in-tenant connectivity
pinging both, because L3 and DHCP agents might be on different nodes
"""
floating_ip, server = self.floating_ip_tuple
# get internal ports' ips:
# get all network ports in the new network
internal_ips = (p['fixed_ips'][0]['ip_address']
for p in self.os_admin.ports_client.list_ports(
tenant_id=server['tenant_id'],
network_id=network['id'])['ports']
if p['device_owner'].startswith('network'))
self._check_server_connectivity(floating_ip, internal_ips,
should_connect)
def _check_network_external_connectivity(self):
"""ping default gateway to imply external connectivity"""
if not CONF.network.public_network_id:
msg = 'public network not defined.'
LOG.info(msg)
return
# We ping the external IP from the instance using its floating IP
# which is always IPv4, so we must only test connectivity to
# external IPv4 IPs if the external network is dualstack.
v4_subnets = [
s for s in self.os_admin.subnets_client.list_subnets(
network_id=CONF.network.public_network_id)['subnets']
if s['ip_version'] == 4
]
self.assertEqual(1, len(v4_subnets),
"Found %d IPv4 subnets" % len(v4_subnets))
external_ips = [v4_subnets[0]['gateway_ip']]
self._check_server_connectivity(self.floating_ip_tuple.floating_ip,
external_ips)
def _check_server_connectivity(self,
floating_ip,
address_list,
should_connect=True):
ip_address = floating_ip['floating_ip_address']
private_key = self._get_server_key(self.floating_ip_tuple.server)
ssh_source = self.get_remote_client(
ip_address,
private_key=private_key,
server=self.floating_ip_tuple.server)
for remote_ip in address_list:
self.check_remote_connectivity(ssh_source, remote_ip,
should_connect)
@decorators.attr(type='smoke')
@decorators.idempotent_id('f323b3ba-82f8-4db7-8ea6-6a895869ec49')
@utils.services('compute', 'network')
def test_network_basic_ops(self):
"""Basic network operation test
For a freshly-booted VM with an IP address ("port") on a given
network:
- the Tempest host can ping the IP address. This implies, but
does not guarantee (see the ssh check that follows), that the
VM has been assigned the correct IP address and has
connectivity to the Tempest host.
- the Tempest host can perform key-based authentication to an
ssh server hosted at the IP address. This check guarantees
that the IP address is associated with the target VM.
- the Tempest host can ssh into the VM via the IP address and
successfully execute the following:
- ping an external IP address, implying external connectivity.
- ping an external hostname, implying that dns is correctly
configured.
- ping an internal IP address, implying connectivity to another
VM on the same network.
- detach the floating-ip from the VM and verify that it becomes
unreachable
- associate detached floating ip to a new VM and verify connectivity.
VMs are created with unique keypair so connectivity also asserts that
floating IP is associated with the new VM instead of the old one
Verifies that floating IP status is updated correctly after each change
"""
self._setup_network_and_servers()
self.check_public_network_connectivity(should_connect=True)
self._check_network_internal_connectivity(network=self.network)
self._check_network_external_connectivity()
self._disassociate_floating_ips()
self.check_public_network_connectivity(should_connect=False,
msg="after disassociate "
"floating ip")
self._reassociate_floating_ips()
self.check_public_network_connectivity(should_connect=True,
msg="after re-associate "
"floating ip")
@decorators.idempotent_id('b158ea55-472e-4086-8fa9-c64ac0c6c1d0')
@testtools.skipUnless(utils.is_extension_enabled('net-mtu', 'network'),
'No way to calculate MTU for networks')
@decorators.attr(type='slow')
@utils.services('compute', 'network')
def test_mtu_sized_frames(self):
"""Validate that network MTU sized frames fit through."""
self._setup_network_and_servers()
self.check_public_network_connectivity(should_connect=True,
mtu=self.network['mtu'])
@decorators.idempotent_id('1546850e-fbaa-42f5-8b5f-03d8a6a95f15')
@testtools.skipIf(CONF.network.shared_physical_network,
'Connectivity can only be tested when in a '
'multitenant network environment')
@decorators.skip_because(bug="1610994")
@decorators.attr(type='slow')
@utils.services('compute', 'network')
def test_connectivity_between_vms_on_different_networks(self):
"""Test connectivity between VMs on different networks
For a freshly-booted VM with an IP address ("port") on a given
network:
- the Tempest host can ping the IP address.
- the Tempest host can ssh into the VM via the IP address and
successfully execute the following:
- ping an external IP address, implying external connectivity.
- ping an external hostname, implying that dns is correctly
configured.
- ping an internal IP address, implying connectivity to another
VM on the same network.
- Create another network on the same tenant with subnet, create
an VM on the new network.
- Ping the new VM from previous VM failed since the new network
was not attached to router yet.
- Attach the new network to the router, Ping the new VM from
previous VM succeed.
"""
self._setup_network_and_servers()
self.check_public_network_connectivity(should_connect=True)
self._check_network_internal_connectivity(network=self.network)
self._check_network_external_connectivity()
self._create_new_network(create_gateway=True)
self._create_server(self.new_net)
self._check_network_internal_connectivity(network=self.new_net,
should_connect=False)
router_id = self.router['id']
self.routers_client.add_router_interface(
router_id, subnet_id=self.new_subnet['id'])
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
self.routers_client.remove_router_interface,
router_id,
subnet_id=self.new_subnet['id'])
self._check_network_internal_connectivity(network=self.new_net,
should_connect=True)
@decorators.idempotent_id('c5adff73-e961-41f1-b4a9-343614f18cfa')
@testtools.skipUnless(CONF.compute_feature_enabled.interface_attach,
'NIC hotplug not available')
@testtools.skipIf(CONF.network.port_vnic_type in ['direct', 'macvtap'],
'NIC hotplug not supported for '
'vnic_type direct or macvtap')
@utils.services('compute', 'network')
def test_hotplug_nic(self):
"""Test hotplug network interface
1. Create a network and a VM.
2. Check connectivity to the VM via a public network.
3. Create a new network, with no gateway.
4. Bring up a new interface
5. check the VM reach the new network
"""
self._setup_network_and_servers()
self.check_public_network_connectivity(should_connect=True)
self._create_new_network()
self._hotplug_server()
self._check_network_internal_connectivity(network=self.new_net)
@decorators.idempotent_id('04b9fe4e-85e8-4aea-b937-ea93885ac59f')
@testtools.skipIf(CONF.network.shared_physical_network,
'Router state can be altered only with multitenant '
'networks capabilities')
@decorators.attr(type='slow')
@utils.services('compute', 'network')
def test_update_router_admin_state(self):
"""Test to update admin state up of router
1. Check public connectivity before updating
admin_state_up attribute of router to False
2. Check public connectivity after updating
admin_state_up attribute of router to False
3. Check public connectivity after updating
admin_state_up attribute of router to True
"""
self._setup_network_and_servers()
self.check_public_network_connectivity(
should_connect=True,
msg="before updating "
"admin_state_up of router to False")
self._update_router_admin_state(self.router, False)
# TODO(alokmaurya): Remove should_check_floating_ip_status=False check
# once bug 1396310 is fixed
self.check_public_network_connectivity(
should_connect=False,
msg="after updating "
"admin_state_up of router to False",
should_check_floating_ip_status=False)
self._update_router_admin_state(self.router, True)
self.check_public_network_connectivity(
should_connect=True,
msg="after updating "
"admin_state_up of router to True")
@decorators.idempotent_id('d8bb918e-e2df-48b2-97cd-b73c95450980')
@testtools.skipIf(CONF.network.shared_physical_network,
'network isolation not available')
@testtools.skipUnless(CONF.scenario.dhcp_client,
"DHCP client is not available.")
@decorators.attr(type='slow')
@utils.services('compute', 'network')
def test_subnet_details(self):
"""Tests that subnet's extra configuration details are affecting VMs.
This test relies on non-shared, isolated tenant networks.
NOTE: Neutron subnets push data to servers via dhcp-agent, so any
update in subnet requires server to actively renew its DHCP lease.
1. Configure subnet with dns nameserver
2. retrieve the VM's configured dns and verify it matches the one
configured for the subnet.
3. update subnet's dns
4. retrieve the VM's configured dns and verify it matches the new one
configured for the subnet.
TODO(yfried): add host_routes
any resolution check would be testing either:
* l3 forwarding (tested in test_network_basic_ops)
* Name resolution of an external DNS nameserver - out of scope for
Tempest
"""
# this test check only updates (no actual resolution) so using
# arbitrary ip addresses as nameservers, instead of parsing CONF
initial_dns_server = '1.2.3.4'
alt_dns_server = '9.8.7.6'
# renewal should be immediate.
# Timeouts are suggested by salvatore-orlando in
# https://bugs.launchpad.net/neutron/+bug/1412325/comments/3
renew_delay = CONF.network.build_interval
renew_timeout = CONF.network.build_timeout
self._setup_network_and_servers(dns_nameservers=[initial_dns_server])
self.check_public_network_connectivity(should_connect=True)
floating_ip, server = self.floating_ip_tuple
ip_address = floating_ip['floating_ip_address']
private_key = self._get_server_key(server)
ssh_client = self.get_remote_client(ip_address,
private_key=private_key,
server=server)
dns_servers = [initial_dns_server]
servers = ssh_client.get_dns_servers()
self.assertEqual(
set(dns_servers), set(servers),
'Looking for servers: {trgt_serv}. '
'Retrieved DNS nameservers: {act_serv} '
'From host: {host}.'.format(host=ssh_client.ssh_client.host,
act_serv=servers,
trgt_serv=dns_servers))
self.subnet = self.subnets_client.update_subnet(
self.subnet['id'], dns_nameservers=[alt_dns_server])['subnet']
# asserts that Neutron DB has updated the nameservers
self.assertEqual([alt_dns_server], self.subnet['dns_nameservers'],
"Failed to update subnet's nameservers")
def check_new_dns_server():
# NOTE: Server needs to renew its dhcp lease in order to get new
# definitions from subnet
# NOTE(amuller): we are renewing the lease as part of the retry
# because Neutron updates dnsmasq asynchronously after the
# subnet-update API call returns.
ssh_client.renew_lease(fixed_ip=floating_ip['fixed_ip_address'],
dhcp_client=CONF.scenario.dhcp_client)
if ssh_client.get_dns_servers() != [alt_dns_server]:
LOG.debug("Failed to update DNS nameservers")
return False
return True
self.assertTrue(test_utils.call_until_true(check_new_dns_server,
renew_timeout, renew_delay),
msg="DHCP renewal failed to fetch "
"new DNS nameservers")
@decorators.idempotent_id('f5dfcc22-45fd-409f-954c-5bd500d7890b')
@testtools.skipUnless(CONF.network_feature_enabled.port_admin_state_change,
"Changing a port's admin state is not supported "
"by the test environment")
@decorators.attr(type='slow')
@utils.services('compute', 'network')
def test_update_instance_port_admin_state(self):
"""Test to update admin_state_up attribute of instance port
1. Check public and project connectivity before updating
admin_state_up attribute of instance port to False
2. Check public and project connectivity after updating
admin_state_up attribute of instance port to False
3. Check public and project connectivity after updating
admin_state_up attribute of instance port to True
"""
self._setup_network_and_servers()
_, server = self.floating_ip_tuple
server_id = server['id']
port_id = self.os_admin.ports_client.list_ports(
device_id=server_id)['ports'][0]['id']
server_pip = server['addresses'][self.network['name']][0]['addr']
server2 = self._create_server(self.network)
server2_fip = self.create_floating_ip(server2)
private_key = self._get_server_key(server2)
ssh_client = self.get_remote_client(server2_fip['floating_ip_address'],
private_key=private_key,
server=server2)
self.check_public_network_connectivity(
should_connect=True,
msg="before updating "
"admin_state_up of instance port to False")
self.check_remote_connectivity(ssh_client,
dest=server_pip,
should_succeed=True)
self.ports_client.update_port(port_id, admin_state_up=False)
self.check_public_network_connectivity(
should_connect=False,
msg="after updating "
"admin_state_up of instance port to False",
should_check_floating_ip_status=False)
self.check_remote_connectivity(ssh_client,
dest=server_pip,
should_succeed=False)
self.ports_client.update_port(port_id, admin_state_up=True)
self.check_public_network_connectivity(
should_connect=True,
msg="after updating "
"admin_state_up of instance port to True")
self.check_remote_connectivity(ssh_client,
dest=server_pip,
should_succeed=True)
@decorators.idempotent_id('759462e1-8535-46b0-ab3a-33aa45c55aaa')
@decorators.attr(type='slow')
@utils.services('compute', 'network')
def test_preserve_preexisting_port(self):
"""Test preserve pre-existing port
Tests that a pre-existing port provided on server boot is not deleted
if the server is deleted.
Nova should unbind the port from the instance on delete if the port was
not created by Nova as part of the boot request.
We should also be able to boot another server with the same port.
"""
# Setup the network, create a port and boot the server from that port.
self._setup_network_and_servers(boot_with_port=True)
_, server = self.floating_ip_tuple
self.assertEqual(
1, len(self.ports), 'There should only be one port created for '
'server %s.' % server['id'])
port_id = self.ports[0]['port']
self.assertIsNotNone(
port_id, 'Server should have been created from a '
'pre-existing port.')
# Assert the port is bound to the server.
port_list = self.os_admin.ports_client.list_ports(
device_id=server['id'], network_id=self.network['id'])['ports']
self.assertEqual(
1, len(port_list), 'There should only be one port created for '
'server %s.' % server['id'])
self.assertEqual(port_id, port_list[0]['id'])
# Delete the server.
self.servers_client.delete_server(server['id'])
waiters.wait_for_server_termination(self.servers_client, server['id'])
# Assert the port still exists on the network but is unbound from
# the deleted server.
port = self.ports_client.show_port(port_id)['port']
self.assertEqual(self.network['id'], port['network_id'])
self.assertEqual('', port['device_id'])
self.assertEqual('', port['device_owner'])
# Boot another server with the same port to make sure nothing was
# left around that could cause issues.
server = self._create_server(self.network, port['id'])
port_list = self.os_admin.ports_client.list_ports(
device_id=server['id'], network_id=self.network['id'])['ports']
self.assertEqual(
1, len(port_list), 'There should only be one port created for '
'server %s.' % server['id'])
self.assertEqual(port['id'], port_list[0]['id'])
@utils.requires_ext(service='network', extension='l3_agent_scheduler')
@decorators.idempotent_id('2e788c46-fb3f-4ac9-8f82-0561555bea73')
@decorators.attr(type='slow')
@utils.services('compute', 'network')
def test_router_rescheduling(self):
"""Tests that router can be removed from agent and add to a new agent.
1. Verify connectivity
2. Remove router from all l3-agents
3. Verify connectivity is down
4. Assign router to new l3-agent (or old one if no new agent is
available)
5. Verify connectivity
"""
# TODO(yfried): refactor this test to be used for other agents (dhcp)
# as well
list_hosts = (
self.os_admin.routers_client.list_l3_agents_hosting_router)
schedule_router = (
self.os_admin.network_agents_client.create_router_on_l3_agent)
unschedule_router = (
self.os_admin.network_agents_client.delete_router_from_l3_agent)
agent_list_alive = set(
a["id"] for a in self.os_admin.network_agents_client.list_agents(
agent_type="L3 agent")['agents'] if a["alive"] is True)
self._setup_network_and_servers()
# NOTE(kevinbenton): we have to use the admin credentials to check
# for the distributed flag because self.router only has a project view.
admin = self.os_admin.routers_client.show_router(self.router['id'])
if admin['router'].get('distributed', False):
msg = "Rescheduling test does not apply to distributed routers."
raise self.skipException(msg)
self.check_public_network_connectivity(should_connect=True)
# remove resource from agents
hosting_agents = set(a["id"]
for a in list_hosts(self.router['id'])['agents'])
no_migration = agent_list_alive == hosting_agents
LOG.info("Router will be assigned to {mig} hosting agent".format(
mig="the same" if no_migration else "a new"))
for hosting_agent in hosting_agents:
unschedule_router(hosting_agent, self.router['id'])
self.assertNotIn(
hosting_agent,
[a["id"] for a in list_hosts(self.router['id'])['agents']],
'unscheduling router failed')
# verify resource is un-functional
self.check_public_network_connectivity(
should_connect=False,
msg='after router unscheduling',
)
# schedule resource to new agent
target_agent = list(
hosting_agents if no_migration else agent_list_alive -
hosting_agents)[0]
schedule_router(target_agent, router_id=self.router['id'])
self.assertEqual(
target_agent,
list_hosts(self.router['id'])['agents'][0]['id'],
"Router failed to reschedule. Hosting agent doesn't match "
"target agent")
# verify resource is functional
self.check_public_network_connectivity(should_connect=True,
msg='After router rescheduling')
@utils.requires_ext(service='network', extension='port-security')
@testtools.skipUnless(CONF.compute_feature_enabled.interface_attach,
'NIC hotplug not available')
@decorators.idempotent_id('7c0bb1a2-d053-49a4-98f9-ca1a1d849f63')
@decorators.attr(type='slow')
@utils.services('compute', 'network')
def test_port_security_macspoofing_port(self):
"""Tests port_security extension enforces mac spoofing
Neutron security groups always apply anti-spoof rules on the VMs. This
allows traffic to originate and terminate at the VM as expected, but
prevents traffic to pass through the VM. Anti-spoof rules are not
required in cases where the VM routes traffic through it.
The test steps are :
1. Create a new network.
2. Connect (hotplug) the VM to a new network.
3. Check the VM can ping a server on the new network ("peer")
4. Spoof the mac address of the new VM interface.
5. Check the Security Group enforces mac spoofing and blocks pings via
spoofed interface (VM cannot ping the peer).
6. Disable port-security of the spoofed port- set the flag to false.
7. Retest 3rd step and check that the Security Group allows pings via
the spoofed interface.
"""
spoof_mac = "00:00:00:00:00:01"
# Create server
self._setup_network_and_servers()
self.check_public_network_connectivity(should_connect=True)
self._create_new_network()
self._hotplug_server()
fip, server = self.floating_ip_tuple
new_ports = self.os_admin.ports_client.list_ports(
device_id=server["id"], network_id=self.new_net["id"])['ports']
spoof_port = new_ports[0]
private_key = self._get_server_key(server)
ssh_client = self.get_remote_client(fip['floating_ip_address'],
private_key=private_key,
server=server)
spoof_nic = ssh_client.get_nic_name_by_mac(spoof_port["mac_address"])
peer = self._create_server(self.new_net)
peer_address = peer['addresses'][self.new_net['name']][0]['addr']
self.check_remote_connectivity(ssh_client,
dest=peer_address,
nic=spoof_nic,
should_succeed=True)
# Set a mac address by making nic down temporary
cmd = ("sudo ip link set {nic} down;"
"sudo ip link set dev {nic} address {mac};"
"sudo ip link set {nic} up").format(nic=spoof_nic,
mac=spoof_mac)
ssh_client.exec_command(cmd)
new_mac = ssh_client.get_mac_address(nic=spoof_nic)
self.assertEqual(spoof_mac, new_mac)
self.check_remote_connectivity(ssh_client,
dest=peer_address,
nic=spoof_nic,
should_succeed=False)
self.ports_client.update_port(spoof_port["id"],
port_security_enabled=False,
security_groups=[])
self.check_remote_connectivity(ssh_client,
dest=peer_address,
nic=spoof_nic,
should_succeed=True)
