diff options
author | Tomas Cechvala <tcechval@cisco.com> | 2017-02-10 15:48:05 +0100 |
---|---|---|
committer | Tomas Cechvala <tcechval@cisco.com> | 2017-03-10 09:14:14 +0000 |
commit | 32f101bf3a3e2a17b834f2e17f9976eb7fd03960 (patch) | |
tree | 97b85ff5a19f2deca8a92599bff069f2a53c660d /testing/robot/lib | |
parent | 3ce8b6143a2eac2de4df17cab3e2c7ad9ea2acb6 (diff) |
Security groups smoke test in FDS
Security group rules are applied to L2 traffic.
- creates infrastructure
- applies policy rules
- makes MM send icmp and http traffic
- changes policy rules
- rechecks the traffic
- clears infrastructure
Change-Id: I7b73f7ff22bb3fc59c5e873818bdb5d5ad88c12d
Signed-off-by: Tomas Cechvala <tcechval@cisco.com>
Diffstat (limited to 'testing/robot/lib')
-rw-r--r-- | testing/robot/lib/FDSLibrary.py | 38 | ||||
-rw-r--r-- | testing/robot/lib/Keywords.robot | 109 |
2 files changed, 143 insertions, 4 deletions
diff --git a/testing/robot/lib/FDSLibrary.py b/testing/robot/lib/FDSLibrary.py index 786cee6..32c18eb 100644 --- a/testing/robot/lib/FDSLibrary.py +++ b/testing/robot/lib/FDSLibrary.py @@ -124,11 +124,33 @@ class FDSLibrary(): time.sleep(5) return False - def create_security_group(self): - pass + def create_security_group(self, name): + body = {'security_group': { + 'name': name + }} + response = self.neutron_client.create_security_group(body=body) + return response - def create_security_rule(self): - pass + def create_security_rule(self, sg_id, dir, eth, desc=None, proto=None, port_min=None, port_max=None, r_sg_id=None, r_prefix=None): + body = {'security_group_rule': { + 'security_group_id': sg_id, + 'ethertype': eth, + 'direction': dir + }} + if desc is not None: + body['security_group_rule']['description'] = desc + if proto is not None: + body['security_group_rule']['protocol'] = proto + if port_min is not None: + body['security_group_rule']['port_range_min'] = port_min + if port_max is not None: + body['security_group_rule']['port_range_max'] = port_max + if r_sg_id is not None: + body['security_group_rule']['remote_group_id'] = r_sg_id + if r_prefix is not None: + body['security_group_rule']['remote_ip_prefix'] = r_prefix + response = self.neutron_client.create_security_group_rule(body=body) + return response def poll_server(self, vm_id, status, timeout=300): try: @@ -167,6 +189,14 @@ class FDSLibrary(): response = self.neutron_client.delete_network(net_id) return response + def delete_security_group(self, sg_id): + response = self.neutron_client.delete_security_group(sg_id) + return response + + def delete_security_rule(self, rule_id): + response = self.neutron_client.delete_security_group_rule(rule_id) + return response + def ping_vm(self, ip_address): try: output = subprocess.check_output(['ping', '-c', '4', ip_address]) diff --git a/testing/robot/lib/Keywords.robot b/testing/robot/lib/Keywords.robot new file mode 100644 index 0000000..36136a1 --- /dev/null +++ b/testing/robot/lib/Keywords.robot @@ -0,0 +1,109 @@ +############################################################################## +# Copyright (c) 2016 Juraj Linkes (Cisco) and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +*** Settings *** +Library OperatingSystem +Library FDSLibrary.py +Variables ../data/test_data.py + +*** Keywords *** + +Ensure Flavor + ${result} = Check Flavor Exists ${vm_flavor} + Return From Keyword If '${result}' == 'True' + Create Flavor ${vm_flavor} ram=768 + ${result} = Check Flavor Exists ${vm_flavor} + Should be True ${result} + +Ensure Image + ${result} = Check Image Exists ${vm_image} + Return From Keyword If '${result}' == 'True' + Create Image ${vm_image} /home/opnfv/functest/data/cirros-0.3.4-x86_64-disk.img + ${result} = Check Image Exists ${vm_image} + Should be True ${result} + +Create tenant network + &{response} = create network ${network_name} + log many &{response} + Set Suite Variable ${network_id} ${response.network['id']} + log ${network_id} + +Create subnet without dhcp + &{response} = create subnet ${subnet_name} ${network_id} ${subnet_cidr} dhcp=False + log many &{response} + Set Suite Variable ${subnet_id} ${response.subnet['id']} + log ${subnet_id} + +Create subnet with dhcp + &{response} = create subnet ${subnet_name} ${network_id} ${subnet_cidr} dhcp=True + log many &{response} + Set Suite Variable ${subnet_id} ${response.subnet['id']} + log ${subnet_id} + +Create security group no default rules + [Arguments] ${name} + &{response} = create security group ${name} + log many &{response} + : FOR ${rule} IN @{response.security_group['security_group_rules']} + \ log ${rule} + \ log ${rule['id']} + \ delete security rule ${rule['id']} + [Return] ${response.security_group['id']} + +Create security group rules + #def create_security_rule(self, sg_id, dir, eth, desc=None, proto=None, port_min=None, port_max=None, r_sg_id=None, r_prefix=None): + &{response} = create security rule ${sg_client} ingress ipv4 + log many &{response} + &{response} = create security rule ${sg_client} egress' ipv4 + log many &{response} + &{response} = create security rule ${sg_server} egress ipv4 + log many &{response} + &{response} = create security rule ${sg_server} ingress ipv4 icmp + log many &{response} + +Create port with ip + [Arguments] ${port_name} ${ip_address} + &{response} = create port ${port_name} ${network_id} ${subnet_id} ${ip_address} + log many &{response} + log ${response.port['id']} + [Return] ${response.port['id']} + +Create vm + [Arguments] ${vm_name} ${port_ids} ${security_groups}=${None} ${userdata}=${None} + Log Many ${vm_name} ${vm_image} ${vm_flavor} ${port_ids} ${userdata} + ${response} = create server ${vm_name} ${vm_image} ${vm_flavor} ${port_ids} ${security_groups} + ... ${userdata} + log many ${response} + log ${response.id} + [Return] ${response.id} + +Check vm console + [Arguments] ${vm_id} ${string} + ${response} = check server console ${vm_id} ${string} + [Return] ${response} + +Poll vm + [Arguments] ${id} ${state} + poll server ${id} ${state} + +Delete vm + [Arguments] ${id} + ${response} = delete server ${id} + log ${response} + Poll vm ${id} ${None} + +Delete ports + [Arguments] ${id} + ${response} = delete port ${id} + log ${response} + +Delete network + [Arguments] ${id} + ${response} = delete net ${id} + log ${response} |