aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorManuel Buil <mbuil@suse.com>2018-09-03 17:02:53 +0200
committerManuel Buil <mbuil@suse.com>2018-09-03 17:57:16 +0200
commitdacf2b5d84226f3844dfc0b949ef81446d4c353a (patch)
tree516387c682b36aff1484f34c8aad6eddc8b7ac88
parentbdad6faa1fafe7cd20ea96aa70a52178d62add63 (diff)
Remove port security from vnfs when no-mano
If the ports have security enabled, the traffic is dropped due to the anti-spoofing Change-Id: I6fbc63a3d959d9d55dfd1d64e12e1d0e7ec48bcb Signed-off-by: Manuel Buil <mbuil@suse.com>
-rw-r--r--sfc/lib/openstack_utils.py25
-rw-r--r--sfc/tests/functest/sfc_parent_function.py3
-rw-r--r--sfc/unit_tests/unit/lib/test_openstack_utils.py64
3 files changed, 80 insertions, 12 deletions
diff --git a/sfc/lib/openstack_utils.py b/sfc/lib/openstack_utils.py
index 06d19eaa..6d890ebc 100644
--- a/sfc/lib/openstack_utils.py
+++ b/sfc/lib/openstack_utils.py
@@ -134,18 +134,25 @@ class OpenStackSFC:
return sec_group
def create_instance(self, vm_name, flavor_name, image_creator, network,
- secgrp, av_zone, ports):
+ secgrp, av_zone, ports, port_security=True):
logger.info("Creating the instance {}...".format(vm_name))
port_settings = []
for port in ports:
- port_settings.append(PortConfig(name=port,
- network_name=network.name))
-
- instance_settings = VmInstanceConfig(
- name=vm_name, flavor=flavor_name,
- security_group_names=str(secgrp.name),
- port_settings=port_settings,
- availability_zone=av_zone)
+ port_settings.append(
+ PortConfig(name=port,
+ port_security_enabled=port_security,
+ network_name=network.name))
+ if port_security:
+ instance_settings = VmInstanceConfig(
+ name=vm_name, flavor=flavor_name,
+ security_group_names=str(secgrp.name),
+ port_settings=port_settings,
+ availability_zone=av_zone)
+ else:
+ instance_settings = VmInstanceConfig(
+ name=vm_name, flavor=flavor_name,
+ port_settings=port_settings,
+ availability_zone=av_zone)
instance_creator = cr_inst.OpenStackVmInstance(
self.os_creds,
diff --git a/sfc/tests/functest/sfc_parent_function.py b/sfc/tests/functest/sfc_parent_function.py
index d93b2fbf..10c76968 100644
--- a/sfc/tests/functest/sfc_parent_function.py
+++ b/sfc/tests/functest/sfc_parent_function.py
@@ -260,7 +260,8 @@ class SfcCommonTestCase(object):
self.network,
self.sg,
av_zone,
- ports)
+ ports,
+ port_security=False)
if not openstack_sfc.wait_for_vnf(vnf_creator):
raise Exception('ERROR while booting vnf %s' % vnf_name)
diff --git a/sfc/unit_tests/unit/lib/test_openstack_utils.py b/sfc/unit_tests/unit/lib/test_openstack_utils.py
index 595f09b5..520c8579 100644
--- a/sfc/unit_tests/unit/lib/test_openstack_utils.py
+++ b/sfc/unit_tests/unit/lib/test_openstack_utils.py
@@ -254,6 +254,62 @@ class SfcOpenStackUtilsTesting(unittest.TestCase):
@patch('sfc.lib.openstack_utils.VmInstanceConfig', autospec=True)
@patch('sfc.lib.openstack_utils.cr_inst.OpenStackVmInstance',
autospec=True)
+ def test_create_instance_port_security_false(self,
+ mock_os_vm_instance,
+ mock_vm_instance_config,
+ mock_port_config,
+ mock_log):
+ """
+ Checks the proper functionality of create_instance
+ function
+ """
+
+ vm_con_ins = mock_vm_instance_config.return_value
+ pc_inss = ['pc_config1', 'pc_config2']
+ mock_port_config.side_effect = pc_inss
+ os_vm_ins = mock_os_vm_instance.return_value
+ os_vm_ins_cre = os_vm_ins.create.return_value
+ expected = (os_vm_ins_cre, os_vm_ins)
+ secgrp = Mock()
+ secgrp.name = 'sec_grp'
+ network = Mock()
+ network.name = 'nw_name'
+ img_cre = Mock()
+ img_cre.image_settings = 'image_settings'
+
+ log_calls = [call('Creating the instance vm_name...')]
+ pc_calls = [call(name='port1',
+ network_name='nw_name',
+ port_security_enabled=False),
+ call(name='port2',
+ network_name='nw_name',
+ port_security_enabled=False)]
+ result = self.os_sfc.create_instance('vm_name',
+ 'flavor_name',
+ img_cre,
+ network,
+ secgrp,
+ 'av_zone',
+ ['port1', 'port2'],
+ port_security=False)
+ self.assertEqual(expected, result)
+ mock_vm_instance_config.assert_called_once_with(name='vm_name',
+ flavor='flavor_name',
+ port_settings=pc_inss,
+ availability_zone='av'
+ '_zone')
+ mock_os_vm_instance.assert_called_once_with(self.os_creds,
+ vm_con_ins,
+ 'image_settings')
+ self.assertEqual([os_vm_ins], self.os_sfc.creators)
+ mock_log.info.assert_has_calls(log_calls)
+ mock_port_config.assert_has_calls(pc_calls)
+
+ @patch('sfc.lib.openstack_utils.logger', autospec=True)
+ @patch('sfc.lib.openstack_utils.PortConfig', autospec=True)
+ @patch('sfc.lib.openstack_utils.VmInstanceConfig', autospec=True)
+ @patch('sfc.lib.openstack_utils.cr_inst.OpenStackVmInstance',
+ autospec=True)
def test_create_instance(self,
mock_os_vm_instance,
mock_vm_instance_config,
@@ -278,8 +334,12 @@ class SfcOpenStackUtilsTesting(unittest.TestCase):
img_cre.image_settings = 'image_settings'
log_calls = [call('Creating the instance vm_name...')]
- pc_calls = [call(name='port1', network_name='nw_name'),
- call(name='port2', network_name='nw_name')]
+ pc_calls = [call(name='port1',
+ network_name='nw_name',
+ port_security_enabled=True),
+ call(name='port2',
+ network_name='nw_name',
+ port_security_enabled=True)]
result = self.os_sfc.create_instance('vm_name',
'flavor_name',
img_cre,