Security group rules are applied to L2 traffic.
- creates infrastructure
- applies policy rules
- makes MM send icmp and http traffic
- changes policy rules
- rechecks the traffic
- clears infrastructure
Change-Id: I7b73f7ff22bb3fc59c5e873818bdb5d5ad88c12d
Signed-off-by: Tomas Cechvala <tcechval@cisco.com>
run_uuid = str(uuid.uuid4())
network_name = 'fds_smoke_network_' + run_uuid
subnet_name = 'fds_smoke_subnet_' + run_uuid
+sg_client = 'client'
+sg_server = 'server'
vm1_name = 'fds_smoke_vm1_' + run_uuid
vm1_address = '192.168.10.5'
vm2_name = 'fds_smoke_vm2_' + run_uuid
subnet_cidr = '192.168.10.0/24'
vm_flavor = 'm1.small'
vm_image = 'cirros-0.3.4'
-userdata1 = "#!/bin/sh\n\nsudo ip a add {}/24 dev eth0\n".format(vm1_address)
+userdata1 = "#!/bin/sh\n\nsudo ip a add {}/24 dev eth0\n while true; do echo curl_passed | nc -l -p 80; done\n".format(vm1_address)
userdata2 = "#!/bin/sh\n\nsudo ip a add {}/24 dev eth0\nwhile true; do\n ping -c 1 {} 2>&1 >/dev/null\n " \
"RES=$?\n if [ \"Z$RES\" = \"Z0\" ] ; then\n echo 'ping PASSED'\n break\n else\n echo " \
- "'ping FAILED'\n fi\n sleep 1\ndone\n".format(vm2_address, vm1_address)
+ "'ping FAILED'\n fi\n sleep 1\ndone\n\nwhile true; do curl {} --retry-delay 1 -m 1; sleep 3; done\n".format(vm2_address, vm1_address, vm1_address)
time.sleep(5)
return False
- def create_security_group(self):
- pass
+ def create_security_group(self, name):
+ body = {'security_group': {
+ 'name': name
+ }}
+ response = self.neutron_client.create_security_group(body=body)
+ return response
- def create_security_rule(self):
- pass
+ def create_security_rule(self, sg_id, dir, eth, desc=None, proto=None, port_min=None, port_max=None, r_sg_id=None, r_prefix=None):
+ body = {'security_group_rule': {
+ 'security_group_id': sg_id,
+ 'ethertype': eth,
+ 'direction': dir
+ }}
+ if desc is not None:
+ body['security_group_rule']['description'] = desc
+ if proto is not None:
+ body['security_group_rule']['protocol'] = proto
+ if port_min is not None:
+ body['security_group_rule']['port_range_min'] = port_min
+ if port_max is not None:
+ body['security_group_rule']['port_range_max'] = port_max
+ if r_sg_id is not None:
+ body['security_group_rule']['remote_group_id'] = r_sg_id
+ if r_prefix is not None:
+ body['security_group_rule']['remote_ip_prefix'] = r_prefix
+ response = self.neutron_client.create_security_group_rule(body=body)
+ return response
def poll_server(self, vm_id, status, timeout=300):
try:
response = self.neutron_client.delete_network(net_id)
return response
+ def delete_security_group(self, sg_id):
+ response = self.neutron_client.delete_security_group(sg_id)
+ return response
+
+ def delete_security_rule(self, rule_id):
+ response = self.neutron_client.delete_security_group_rule(rule_id)
+ return response
+
def ping_vm(self, ip_address):
try:
output = subprocess.check_output(['ping', '-c', '4', ip_address])
--- /dev/null
+##############################################################################
+# Copyright (c) 2016 Juraj Linkes (Cisco) and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
+*** Settings ***
+Library OperatingSystem
+Library FDSLibrary.py
+Variables ../data/test_data.py
+
+*** Keywords ***
+
+Ensure Flavor
+ ${result} = Check Flavor Exists ${vm_flavor}
+ Return From Keyword If '${result}' == 'True'
+ Create Flavor ${vm_flavor} ram=768
+ ${result} = Check Flavor Exists ${vm_flavor}
+ Should be True ${result}
+
+Ensure Image
+ ${result} = Check Image Exists ${vm_image}
+ Return From Keyword If '${result}' == 'True'
+ Create Image ${vm_image} /home/opnfv/functest/data/cirros-0.3.4-x86_64-disk.img
+ ${result} = Check Image Exists ${vm_image}
+ Should be True ${result}
+
+Create tenant network
+ &{response} = create network ${network_name}
+ log many &{response}
+ Set Suite Variable ${network_id} ${response.network['id']}
+ log ${network_id}
+
+Create subnet without dhcp
+ &{response} = create subnet ${subnet_name} ${network_id} ${subnet_cidr} dhcp=False
+ log many &{response}
+ Set Suite Variable ${subnet_id} ${response.subnet['id']}
+ log ${subnet_id}
+
+Create subnet with dhcp
+ &{response} = create subnet ${subnet_name} ${network_id} ${subnet_cidr} dhcp=True
+ log many &{response}
+ Set Suite Variable ${subnet_id} ${response.subnet['id']}
+ log ${subnet_id}
+
+Create security group no default rules
+ [Arguments] ${name}
+ &{response} = create security group ${name}
+ log many &{response}
+ : FOR ${rule} IN @{response.security_group['security_group_rules']}
+ \ log ${rule}
+ \ log ${rule['id']}
+ \ delete security rule ${rule['id']}
+ [Return] ${response.security_group['id']}
+
+Create security group rules
+ #def create_security_rule(self, sg_id, dir, eth, desc=None, proto=None, port_min=None, port_max=None, r_sg_id=None, r_prefix=None):
+ &{response} = create security rule ${sg_client} ingress ipv4
+ log many &{response}
+ &{response} = create security rule ${sg_client} egress' ipv4
+ log many &{response}
+ &{response} = create security rule ${sg_server} egress ipv4
+ log many &{response}
+ &{response} = create security rule ${sg_server} ingress ipv4 icmp
+ log many &{response}
+
+Create port with ip
+ [Arguments] ${port_name} ${ip_address}
+ &{response} = create port ${port_name} ${network_id} ${subnet_id} ${ip_address}
+ log many &{response}
+ log ${response.port['id']}
+ [Return] ${response.port['id']}
+
+Create vm
+ [Arguments] ${vm_name} ${port_ids} ${security_groups}=${None} ${userdata}=${None}
+ Log Many ${vm_name} ${vm_image} ${vm_flavor} ${port_ids} ${userdata}
+ ${response} = create server ${vm_name} ${vm_image} ${vm_flavor} ${port_ids} ${security_groups}
+ ... ${userdata}
+ log many ${response}
+ log ${response.id}
+ [Return] ${response.id}
+
+Check vm console
+ [Arguments] ${vm_id} ${string}
+ ${response} = check server console ${vm_id} ${string}
+ [Return] ${response}
+
+Poll vm
+ [Arguments] ${id} ${state}
+ poll server ${id} ${state}
+
+Delete vm
+ [Arguments] ${id}
+ ${response} = delete server ${id}
+ log ${response}
+ Poll vm ${id} ${None}
+
+Delete ports
+ [Arguments] ${id}
+ ${response} = delete port ${id}
+ log ${response}
+
+Delete network
+ [Arguments] ${id}
+ ${response} = delete net ${id}
+ log ${response}
--- /dev/null
+##############################################################################
+# Copyright (c) 2017 Tomas Cechvala (Cisco) and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
+*** Settings ***
+Library OperatingSystem
+Library lib/FDSLibrary.py
+Variables data/test_data.py
+Resource lib/Keywords.robot
+Suite Setup Setup Suite
+Suite Teardown Teardown Suite
+
+*** Variables ***
+
+*** Test Cases ***
+
+Create network for VMs
+ Create tenant network
+
+Create subnet with dhcp for VMs
+ Create subnet with dhcp
+
+Create sec groups
+ ${result} = Create security group no default rules ${sg_server}
+ Set Suite Variable ${SEC_GR_SERVER} ${result}
+ ${result} = Create security group no default rules ${sg_client}
+ Set Suite Variable ${SEC_GR_CLIENT} ${result}
+
+Create sec rules
+ Wait Until Keyword Succeeds 3x 3s create security rule ${SEC_GR_CLIENT} egress ipv4
+ Wait Until Keyword Succeeds 3x 3s create security rule ${SEC_GR_CLIENT} ingress ipv4
+ Wait Until Keyword Succeeds 3x 3s create security rule ${SEC_GR_SERVER} egress ipv4
+ Wait Until Keyword Succeeds 3x 3s create security rule ${SEC_GR_SERVER} ingress ipv4 proto=icmp
+
+Create port for VM1
+ ${result} = Create port with ip ${port1_name} ${vm1_address}
+ Set Suite Variable ${port1_id} ${result}
+
+Create port for VM2
+ ${result} = Create port with ip ${port2_name} ${vm2_address}
+ Set Suite Variable ${port2_id} ${result}
+
+Create VM1
+ ${port_ids} = Create List ${port1_id}
+ ${result} = Create vm ${vm1_name} ${port_ids} userdata=${userdata1}
+ Set Suite Variable ${vm1_id} ${result}
+
+Wait for VM1 to be active
+ Should Be True $vm1_id is not $None
+ Poll vm ${vm1_id} active
+
+Create VM2
+ ${port_ids} = Create List ${port2_id}
+ ${result} = Create vm ${vm2_name} ${port_ids} userdata=${userdata2}
+ Set Suite Variable ${vm2_id} ${result}
+
+Wait for VM2 to be active
+ Should Be True $vm2_id is not $None
+ Poll vm ${vm2_id} active
+
+Check VM2 userdata
+ ${result} = Check vm console ${vm2_id} PASSED
+ Should Be True ${result}
+
+Modify policy
+ Wait Until Keyword Succeeds 3x 3s create security rule ${SEC_GR_SERVER} ingress ipv4 proto=tcp port_min=80 port_max=80
+
+Check VM2 userdata again
+ ${result} = Check vm console ${vm2_id} curl_passed
+ Should Be True ${result}
+
+*** Keywords ***
+Setup Suite
+ Set Suite Variable ${network_id} ${None}
+ Set Suite Variable ${subnet_id} ${None}
+ Set Suite Variable ${port1_id} ${None}
+ Set Suite Variable ${port2_id} ${None}
+ Set Suite Variable ${vm1_id} ${None}
+ Set Suite Variable ${vm2_id} ${None}
+ Set Suite Variable ${SEC_GR_SERVER} ${None}
+ Set Suite Variable ${SEC_GR_CLIENT} ${None}
+ Ensure Image
+ Ensure Flavor
+
+Teardown Suite
+ Run Keyword If $vm1_id is not $None Delete vm ${vm1_id}
+ Run Keyword If $vm2_id is not $None Delete vm ${vm2_id}
+ Run Keyword If $port1_id is not $None Delete ports ${port1_id}
+ Run Keyword If $port2_id is not $None Delete ports ${port2_id}
+ Run Keyword If $network_id is not $None Delete network ${network_id}
+ Run Keyword If $SEC_GR_SERVER is not $None delete security group ${SEC_GR_SERVER}
+ Run Keyword If $SEC_GR_CLIENT is not $None delete security group ${SEC_GR_CLIENT}
*** Settings ***
Library OperatingSystem
Library lib/FDSLibrary.py
+Library lib/Keywords.robot
Variables data/test_data.py
Suite Setup Setup Suite
Suite Teardown Teardown Suite
Run Keyword If $port1_id is not $None Delete ports ${port1_id}
Run Keyword If $port2_id is not $None Delete ports ${port2_id}
Run Keyword If $network_id is not $None Delete network ${network_id}
-
-Ensure Flavor
- ${result} = Check Flavor Exists ${vm_flavor}
- Return From Keyword If '${result}' == 'True'
- Create Flavor ${vm_flavor} ram=768
- ${result} = Check Flavor Exists ${vm_flavor}
- Should be True ${result}
-
-Ensure Image
- ${result} = Check Image Exists ${vm_image}
- Return From Keyword If '${result}' == 'True'
- Create Image ${vm_image} /home/opnfv/functest/data/cirros-0.3.4-x86_64-disk.img
- ${result} = Check Image Exists ${vm_image}
- Should be True ${result}
-
-Create tenant network
- &{response} = create network ${network_name}
- log many &{response}
- Set Suite Variable ${network_id} ${response.network['id']}
- log ${network_id}
-
-Create subnet without dhcp
- &{response} = create subnet ${subnet_name} ${network_id} ${subnet_cidr} dhcp=False
- log many &{response}
- Set Suite Variable ${subnet_id} ${response.subnet['id']}
- log ${subnet_id}
-
-Create port with ip
- [Arguments] ${port_name} ${ip_address}
- &{response} = create port ${port_name} ${network_id} ${subnet_id} ${ip_address}
- log many &{response}
- log ${response.port['id']}
- [Return] ${response.port['id']}
-
-Create vm
- [Arguments] ${vm_name} ${port_ids} ${security_groups}=${None} ${userdata}=${None}
- Log Many ${vm_name} ${vm_image} ${vm_flavor} ${port_ids} ${userdata}
- ${response} = create server ${vm_name} ${vm_image} ${vm_flavor} ${port_ids} ${security_groups}
- ... ${userdata}
- log many ${response}
- log ${response.id}
- [Return] ${response.id}
-
-Check vm console
- [Arguments] ${vm_id} ${string}
- ${response} = check server console ${vm_id} ${string}
- [Return] ${response}
-
-Poll vm
- [Arguments] ${id} ${state}
- poll server ${id} ${state}
-
-Delete vm
- [Arguments] ${id}
- ${response} = delete server ${id}
- log ${response}
- Poll vm ${id} ${None}
-
-Delete ports
- [Arguments] ${id}
- ${response} = delete port ${id}
- log ${response}
-
-Delete network
- [Arguments] ${id}
- ${response} = delete net ${id}
- log ${response}
Code Review / fds.git / commitdiff