--- /dev/null
+##############################################################################
+# Copyright (c) 2018 Huawei Technologies Co.,Ltd and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+# Sample ping test case using custom security group
+# measure network latency using ping
+
+schema: "yardstick:task:0.1"
+
+{% set provider = provider or none %}
+{% set physical_network = physical_network or 'physnet1' %}
+{% set segmentation_id = segmentation_id or none %}
+scenarios:
+-
+ type: Ping
+ options:
+ packetsize: 200
+ host: athena.demo
+ target: ares.demo
+
+ runner:
+ type: Duration
+ duration: 60
+ interval: 1
+
+ sla:
+ max_rtt: 10
+ action: monitor
+
+context:
+ name: demo
+ image: yardstick-image
+ flavor: yardstick-flavor
+ user: ubuntu
+ security_group:
+ rules:
+ - remote_ip_prefix: "0.0.0.0/0"
+ protocol: "tcp"
+ port_range_min: 1
+ port_range_max: 65535
+ - remote_ip_prefix: "0.0.0.0/0"
+ protocol: "udp"
+ port_range_min: 1
+ port_range_max: 65535
+ - remote_ip_prefix: "0.0.0.0/0"
+ protocol: "icmp"
+
+ placement_groups:
+ pgrp1:
+ policy: "availability"
+
+ servers:
+ athena:
+ floating_ip: true
+ placement: "pgrp1"
+ ares:
+ placement: "pgrp1"
+
+
+ networks:
+ test:
+ cidr: '10.0.1.0/24'
+ {% if provider == "vlan" %}
+ provider: {{provider}}
+ physical_network: {{physical_network}}
+ {% if segmentation_id %}
+ segmentation_id: {{segmentation_id}}
+ {% endif %}
+ {% endif %}
'value': {'get_resource': name}
}
- def add_security_group(self, name):
+ def add_security_group(self, name, security_group=None):
"""add to the template a Neutron SecurityGroup"""
log.debug("adding Neutron::SecurityGroup '%s'", name)
+ description = ("Group allowing IPv4 and IPv6 for icmp and upd/tcp on"
+ "all ports")
+ rules = [
+ {'remote_ip_prefix': '0.0.0.0/0',
+ 'protocol': 'tcp',
+ 'port_range_min': '1',
+ 'port_range_max': '65535'},
+ {'remote_ip_prefix': '0.0.0.0/0',
+ 'protocol': 'udp',
+ 'port_range_min': '1',
+ 'port_range_max': '65535'},
+ {'remote_ip_prefix': '0.0.0.0/0',
+ 'protocol': 'icmp'},
+ {'remote_ip_prefix': '::/0',
+ 'ethertype': 'IPv6',
+ 'protocol': 'tcp',
+ 'port_range_min': '1',
+ 'port_range_max': '65535'},
+ {'remote_ip_prefix': '::/0',
+ 'ethertype': 'IPv6',
+ 'protocol': 'udp',
+ 'port_range_min': '1',
+ 'port_range_max': '65535'},
+ {'remote_ip_prefix': '::/0',
+ 'ethertype': 'IPv6',
+ 'protocol': 'ipv6-icmp'},
+ {'remote_ip_prefix': '0.0.0.0/0',
+ 'direction': 'egress',
+ 'protocol': 'tcp',
+ 'port_range_min': '1',
+ 'port_range_max': '65535'},
+ {'remote_ip_prefix': '0.0.0.0/0',
+ 'direction': 'egress',
+ 'protocol': 'udp',
+ 'port_range_min': '1',
+ 'port_range_max': '65535'},
+ {'remote_ip_prefix': '0.0.0.0/0',
+ 'direction': 'egress',
+ 'protocol': 'icmp'},
+ {'remote_ip_prefix': '::/0',
+ 'direction': 'egress',
+ 'ethertype': 'IPv6',
+ 'protocol': 'tcp',
+ 'port_range_min': '1',
+ 'port_range_max': '65535'},
+ {'remote_ip_prefix': '::/0',
+ 'direction': 'egress',
+ 'ethertype': 'IPv6',
+ 'protocol': 'udp',
+ 'port_range_min': '1',
+ 'port_range_max': '65535'},
+ {'remote_ip_prefix': '::/0',
+ 'direction': 'egress',
+ 'ethertype': 'IPv6',
+ 'protocol': 'ipv6-icmp'},
+ ]
+ if security_group:
+ description = "Custom security group rules defined by the user"
+ rules = security_group.get('rules')
+
+ log.debug("The security group rules is %s", rules)
+
self.resources[name] = {
'type': 'OS::Neutron::SecurityGroup',
'properties': {
'name': name,
- 'description': "Group allowing IPv4 and IPv6 for icmp and upd/tcp on all ports",
- 'rules': [
- {'remote_ip_prefix': '0.0.0.0/0',
- 'protocol': 'tcp',
- 'port_range_min': '1',
- 'port_range_max': '65535'},
- {'remote_ip_prefix': '0.0.0.0/0',
- 'protocol': 'udp',
- 'port_range_min': '1',
- 'port_range_max': '65535'},
- {'remote_ip_prefix': '0.0.0.0/0',
- 'protocol': 'icmp'},
- {'remote_ip_prefix': '::/0',
- 'ethertype': 'IPv6',
- 'protocol': 'tcp',
- 'port_range_min': '1',
- 'port_range_max': '65535'},
- {'remote_ip_prefix': '::/0',
- 'ethertype': 'IPv6',
- 'protocol': 'udp',
- 'port_range_min': '1',
- 'port_range_max': '65535'},
- {'remote_ip_prefix': '::/0',
- 'ethertype': 'IPv6',
- 'protocol': 'ipv6-icmp'},
- {'remote_ip_prefix': '0.0.0.0/0',
- 'direction': 'egress',
- 'protocol': 'tcp',
- 'port_range_min': '1',
- 'port_range_max': '65535'},
- {'remote_ip_prefix': '0.0.0.0/0',
- 'direction': 'egress',
- 'protocol': 'udp',
- 'port_range_min': '1',
- 'port_range_max': '65535'},
- {'remote_ip_prefix': '0.0.0.0/0',
- 'direction': 'egress',
- 'protocol': 'icmp'},
- {'remote_ip_prefix': '::/0',
- 'direction': 'egress',
- 'ethertype': 'IPv6',
- 'protocol': 'tcp',
- 'port_range_min': '1',
- 'port_range_max': '65535'},
- {'remote_ip_prefix': '::/0',
- 'direction': 'egress',
- 'ethertype': 'IPv6',
- 'protocol': 'udp',
- 'port_range_min': '1',
- 'port_range_max': '65535'},
- {'remote_ip_prefix': '::/0',
- 'direction': 'egress',
- 'ethertype': 'IPv6',
- 'protocol': 'ipv6-icmp'},
- ]
+ 'description': description,
+ 'rules': rules
}
}
self.assertEqual(self.test_context.server_groups, [])
self.assertIsNone(self.test_context.keypair_name)
self.assertIsNone(self.test_context.secgroup_name)
+ self.assertIsNone(self.test_context.security_group)
self.assertEqual(self.test_context._server_map, {})
self.assertIsNone(self.test_context._image)
self.assertIsNone(self.test_context._flavor)
mock_template.add_keypair.assert_called_with(
"ctx-key",
"ctx-12345678")
- mock_template.add_security_group.assert_called_with("ctx-secgroup")
+ mock_template.add_security_group.assert_called_with("ctx-secgroup", None)
mock_template.add_network.assert_called_with(
"ctx-12345678-mynet", 'physnet1', None, None, None, None)
mock_template.add_router.assert_called_with(
self.assertEqual(self.template.resources['some-server-group'][
'properties']['policies'], ['anti-affinity'])
+ def test_add_security_group(self):
+ security_group = {
+ 'rules': [
+ {'remote_ip_prefix': '0.0.0.0/0',
+ 'port_range_max': 65535,
+ 'port_range_min': 1,
+ 'protocol': 'custom'},
+ ]
+ }
+ self.template.add_security_group('some-security-group', security_group)
+
+ secgroup_rsc = self.template.resources['some-security-group']
+
+ self.assertEqual(secgroup_rsc['type'], "OS::Neutron::SecurityGroup")
+ self.assertEqual(secgroup_rsc['properties']['description'],
+ "Custom security group rules defined by the user")
+ self.assertEqual(secgroup_rsc['properties']['rules'][0]['protocol'],
+ 'custom')
+
def test__add_resources_to_template_raw(self):
test_context = node.NodeContext()
self.addCleanup(test_context._delete_context)
Code Review / yardstick.git / commitdiff