From 32f101bf3a3e2a17b834f2e17f9976eb7fd03960 Mon Sep 17 00:00:00 2001
From: Tomas Cechvala <tcechval@cisco.com>
Date: Fri, 10 Feb 2017 15:48:05 +0100
Subject: Security groups smoke test in FDS

Security group rules are applied to L2 traffic.

 - creates infrastructure
 - applies policy rules
 - makes MM send icmp and http traffic
 - changes policy rules
 - rechecks the traffic
 - clears infrastructure

Change-Id: I7b73f7ff22bb3fc59c5e873818bdb5d5ad88c12d
Signed-off-by: Tomas Cechvala <tcechval@cisco.com>
---
 testing/robot/lib/FDSLibrary.py  |  38 ++++++++++++--
 testing/robot/lib/Keywords.robot | 109 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 143 insertions(+), 4 deletions(-)
 create mode 100644 testing/robot/lib/Keywords.robot

(limited to 'testing/robot/lib')

diff --git a/testing/robot/lib/FDSLibrary.py b/testing/robot/lib/FDSLibrary.py
index 786cee6..32c18eb 100644
--- a/testing/robot/lib/FDSLibrary.py
+++ b/testing/robot/lib/FDSLibrary.py
@@ -124,11 +124,33 @@ class FDSLibrary():
             time.sleep(5)
         return False
 
-    def create_security_group(self):
-        pass
+    def create_security_group(self, name):
+        body = {'security_group': {
+            'name': name
+        }}
+        response = self.neutron_client.create_security_group(body=body)
+        return response
 
-    def create_security_rule(self):
-        pass
+    def create_security_rule(self, sg_id, dir, eth, desc=None, proto=None, port_min=None, port_max=None, r_sg_id=None, r_prefix=None):
+        body = {'security_group_rule': {
+            'security_group_id': sg_id,
+            'ethertype': eth,
+            'direction': dir
+        }}
+        if desc is not None:
+            body['security_group_rule']['description'] = desc
+        if proto is not None:
+            body['security_group_rule']['protocol'] = proto
+        if port_min is not None:
+            body['security_group_rule']['port_range_min'] = port_min
+        if port_max is not None:
+            body['security_group_rule']['port_range_max'] = port_max
+        if r_sg_id is not None:
+            body['security_group_rule']['remote_group_id'] = r_sg_id
+        if r_prefix is not None:
+            body['security_group_rule']['remote_ip_prefix'] = r_prefix
+        response = self.neutron_client.create_security_group_rule(body=body)
+        return response
 
     def poll_server(self, vm_id, status, timeout=300):
         try:
@@ -167,6 +189,14 @@ class FDSLibrary():
         response = self.neutron_client.delete_network(net_id)
         return response
 
+    def delete_security_group(self, sg_id):
+        response = self.neutron_client.delete_security_group(sg_id)
+        return response
+
+    def delete_security_rule(self, rule_id):
+        response = self.neutron_client.delete_security_group_rule(rule_id)
+        return response
+
     def ping_vm(self, ip_address):
         try:
             output = subprocess.check_output(['ping', '-c', '4', ip_address])
diff --git a/testing/robot/lib/Keywords.robot b/testing/robot/lib/Keywords.robot
new file mode 100644
index 0000000..36136a1
--- /dev/null
+++ b/testing/robot/lib/Keywords.robot
@@ -0,0 +1,109 @@
+##############################################################################
+# Copyright (c) 2016 Juraj Linkes (Cisco) and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
+*** Settings ***
+Library         OperatingSystem
+Library         FDSLibrary.py
+Variables       ../data/test_data.py
+
+*** Keywords ***
+
+Ensure Flavor
+    ${result} =     Check Flavor Exists     ${vm_flavor}
+    Return From Keyword If  '${result}' == 'True'
+    Create Flavor  ${vm_flavor}  ram=768
+    ${result} =     Check Flavor Exists     ${vm_flavor}
+    Should be True      ${result}
+
+Ensure Image
+    ${result} =     Check Image Exists  ${vm_image}
+    Return From Keyword If  '${result}' == 'True'
+    Create Image  ${vm_image}  /home/opnfv/functest/data/cirros-0.3.4-x86_64-disk.img
+    ${result} =     Check Image Exists  ${vm_image}
+    Should be True      ${result}
+
+Create tenant network
+    &{response} =   create network  ${network_name}
+    log many    &{response}
+    Set Suite Variable  ${network_id}   ${response.network['id']}
+    log     ${network_id}
+
+Create subnet without dhcp
+    &{response} =   create subnet  ${subnet_name}   ${network_id}   ${subnet_cidr}  dhcp=False
+    log many    &{response}
+    Set Suite Variable  ${subnet_id}    ${response.subnet['id']}
+    log     ${subnet_id}
+
+Create subnet with dhcp
+    &{response} =   create subnet  ${subnet_name}   ${network_id}   ${subnet_cidr}  dhcp=True
+    log many    &{response}
+    Set Suite Variable  ${subnet_id}    ${response.subnet['id']}
+    log     ${subnet_id}
+
+Create security group no default rules
+    [Arguments]     ${name}
+    &{response} =   create security group  ${name}
+    log many     &{response}
+    : FOR    ${rule}    IN    @{response.security_group['security_group_rules']}
+    \    log    ${rule}
+    \    log    ${rule['id']}
+    \    delete security rule  ${rule['id']}
+    [Return]    ${response.security_group['id']}
+
+Create security group rules
+    #def create_security_rule(self, sg_id, dir, eth, desc=None, proto=None, port_min=None, port_max=None, r_sg_id=None, r_prefix=None):
+    &{response} =   create security rule  ${sg_client}  ingress  ipv4
+    log many    &{response}
+    &{response} =   create security rule  ${sg_client}  egress'  ipv4
+    log many    &{response}
+    &{response} =   create security rule  ${sg_server}  egress   ipv4
+    log many    &{response}
+    &{response} =   create security rule  ${sg_server}  ingress  ipv4  icmp
+    log many    &{response}
+
+Create port with ip
+    [Arguments]     ${port_name}    ${ip_address}
+    &{response} =   create port     ${port_name}    ${network_id}   ${subnet_id}    ${ip_address}
+    log many    &{response}
+    log         ${response.port['id']}
+    [Return]    ${response.port['id']}
+
+Create vm
+    [Arguments]     ${vm_name}     ${port_ids}  ${security_groups}=${None}  ${userdata}=${None}
+    Log Many    ${vm_name}  ${vm_image}     ${vm_flavor}    ${port_ids}     ${userdata}
+    ${response} =   create server   ${vm_name}     ${vm_image}     ${vm_flavor}    ${port_ids}  ${security_groups}
+    ...                             ${userdata}
+    log many    ${response}
+    log         ${response.id}
+    [Return]    ${response.id}
+
+Check vm console
+    [Arguments]     ${vm_id}    ${string}
+    ${response} =   check server console    ${vm_id}    ${string}
+    [Return]    ${response}
+
+Poll vm
+    [Arguments]     ${id}   ${state}
+    poll server     ${id}   ${state}
+
+Delete vm
+    [Arguments]     ${id}
+    ${response} =   delete server   ${id}
+    log     ${response}
+    Poll vm     ${id}   ${None}
+
+Delete ports
+    [Arguments]     ${id}
+    ${response} =   delete port     ${id}
+    log     ${response}
+
+Delete network
+    [Arguments]     ${id}
+    ${response} =   delete net      ${id}
+    log     ${response}
-- 
cgit 1.2.3-korg