Code Review / sdnvpn.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 5960fab)
Fix security group rule conflict 43/32043/1
authortomsou <soth@intracom-telecom.com>
Tue, 28 Mar 2017 12:20:37 +0000 (12:20 +0000)
committertomsou <soth@intracom-telecom.com>
Tue, 28 Mar 2017 12:39:15 +0000 (12:39 +0000)
-open_icmp_ssh function, that creates security
 group rules for icmp and http (here the name of
 the function is misleading),  is splitted into 2
 new functions one for each rule (open_icmp() and
 open_http_port()).
 Test cases that used the old function have been
 updated

-In the original implementation of open_icmp_ssh()
 and open_bgp_port(), the direction parameter was
 missing. This was leading to an error message

-A check for the existence of security group rule
 has been added and used before the creation of each
 security group rule. If a rule already exists,
 an info message is printed and the testcase
 continues

This change is strongly dependent on https://gerrit.opnfv.org/gerrit/#/c/31925
of Functest repo. NOT TO BE MERGED before

JIRA: SDNVPN-103

Change-Id: Icb96954556f6d7294cf3454f045dbca4b9be672d
Signed-off-by: tomsou <soth@intracom-telecom.com>
sdnvpn/lib/utils.py patch | blob | history
sdnvpn/test/functest/testcase_3.py patch | blob | history
sdnvpn/test/functest/testcase_7.py patch | blob | history
sdnvpn/test/functest/testcase_8.py patch | blob | history

diff --git a/sdnvpn/lib/utils.py b/sdnvpn/lib/utils.py
index 90fce4a..eb59446 100644 (file)
--- a/sdnvpn/lib/utils.py
+++ b/sdnvpn/lib/utils.py
@@ -343,22 +343,57 @@ def assert_and_get_compute_nodes(nova_client, required_node_number=2):
     return compute_nodes
 
 
-def open_icmp_ssh(neutron_client, security_group_id):
-    os_utils.create_secgroup_rule(neutron_client,
-                                  security_group_id,
-                                  'ingress',
-                                  'icmp')
-    os_utils.create_secgroup_rule(neutron_client,
-                                  security_group_id,
-                                  'tcp',
-                                  80, 80)
+def open_icmp(neutron_client, security_group_id):
+    if os_utils.check_security_group_rules(neutron_client,
+                                           security_group_id,
+                                           'ingress',
+                                           'icmp'):
+
+        if not os_utils.create_secgroup_rule(neutron_client,
+                                             security_group_id,
+                                             'ingress',
+                                             'icmp'):
+            logger.error("Failed to create icmp security group rule...")
+    else:
+        logger.info("This rule exists for security group: %s"
+                    % security_group_id)
+
+
+def open_http_port(neutron_client, security_group_id):
+    if os_utils.check_security_group_rules(neutron_client,
+                                           security_group_id,
+                                           'ingress',
+                                           'tcp',
+                                           80, 80):
+
+        if not os_utils.create_secgroup_rule(neutron_client,
+                                             security_group_id,
+                                             'ingress',
+                                             'tcp',
+                                             80, 80):
+
+            logger.error("Failed to create http security group rule...")
+    else:
+        logger.info("This rule exists for security group: %s"
+                    % security_group_id)
 
 
 def open_bgp_port(neutron_client, security_group_id):
-    os_utils.create_secgroup_rule(neutron_client,
-                                  security_group_id,
-                                  'tcp',
-                                  179, 179)
+    if os_utils.check_security_group_rules(neutron_client,
+                                           security_group_id,
+                                           'ingress',
+                                           'tcp',
+                                           179, 179):
+
+        if not os_utils.create_secgroup_rule(neutron_client,
+                                             security_group_id,
+                                             'ingress',
+                                             'tcp',
+                                             179, 179):
+            logger.error("Failed to create bgp security group rule...")
+    else:
+        logger.info("This rule exists for security group: %s"
+                    % security_group_id)
 
 
 def exec_cmd(cmd, verbose):
diff --git a/sdnvpn/test/functest/testcase_3.py b/sdnvpn/test/functest/testcase_3.py
index b7df013..0f0c407 100644 (file)
--- a/sdnvpn/test/functest/testcase_3.py
+++ b/sdnvpn/test/functest/testcase_3.py
@@ -52,6 +52,7 @@ def main():
                    if "running" in
                    node.run_cmd("sudo systemctl status opendaylight")]
     computes = [node for node in openstack_nodes if node.is_compute()]
+
     msg = ("Verify that OpenDaylight can start/communicate with zrpcd/Quagga")
     results.record_action(msg)
     results.add_to_summary(0, "-")
@@ -151,7 +152,9 @@ def main():
     sg_id = os_utils.create_security_group_full(neutron_client,
                                                 TESTCASE_CONFIG.secgroup_name,
                                                 TESTCASE_CONFIG.secgroup_descr)
-    test_utils.open_icmp_ssh(neutron_client, sg_id)
+    test_utils.open_icmp(neutron_client, sg_id)
+    test_utils.open_http_port(neutron_client, sg_id)
+
     test_utils.open_bgp_port(neutron_client, sg_id)
     net_id, _, _ = test_utils.create_network(neutron_client,
                                              TESTCASE_CONFIG.net_1_name,
diff --git a/sdnvpn/test/functest/testcase_7.py b/sdnvpn/test/functest/testcase_7.py
index 3bc9afb..00e9eef 100644 (file)
--- a/sdnvpn/test/functest/testcase_7.py
+++ b/sdnvpn/test/functest/testcase_7.py
@@ -74,7 +74,9 @@ def main():
     sg_id = os_utils.create_security_group_full(neutron_client,
                                                 TESTCASE_CONFIG.secgroup_name,
                                                 TESTCASE_CONFIG.secgroup_descr)
-    test_utils.open_icmp_ssh(neutron_client, sg_id)
+    test_utils.open_icmp(neutron_client, sg_id)
+    test_utils.open_http_port(neutron_client, sg_id)
+
     vm_2 = test_utils.create_instance(
         nova_client,
         TESTCASE_CONFIG.instance_2_name,
diff --git a/sdnvpn/test/functest/testcase_8.py b/sdnvpn/test/functest/testcase_8.py
index 1fdfa00..dc479b5 100644 (file)
--- a/sdnvpn/test/functest/testcase_8.py
+++ b/sdnvpn/test/functest/testcase_8.py
@@ -73,7 +73,9 @@ def main():
     sg_id = os_utils.create_security_group_full(neutron_client,
                                                 TESTCASE_CONFIG.secgroup_name,
                                                 TESTCASE_CONFIG.secgroup_descr)
-    test_utils.open_icmp_ssh(neutron_client, sg_id)
+    test_utils.open_icmp(neutron_client, sg_id)
+    test_utils.open_http_port(neutron_client, sg_id)
+
     vm_2 = test_utils.create_instance(
         nova_client,
         TESTCASE_CONFIG.instance_2_name,