From dacf2b5d84226f3844dfc0b949ef81446d4c353a Mon Sep 17 00:00:00 2001 From: Manuel Buil Date: Mon, 3 Sep 2018 17:02:53 +0200 Subject: Remove port security from vnfs when no-mano If the ports have security enabled, the traffic is dropped due to the anti-spoofing Change-Id: I6fbc63a3d959d9d55dfd1d64e12e1d0e7ec48bcb Signed-off-by: Manuel Buil --- sfc/lib/openstack_utils.py | 25 ++++++---- sfc/tests/functest/sfc_parent_function.py | 3 +- sfc/unit_tests/unit/lib/test_openstack_utils.py | 64 ++++++++++++++++++++++++- 3 files changed, 80 insertions(+), 12 deletions(-) (limited to 'sfc') diff --git a/sfc/lib/openstack_utils.py b/sfc/lib/openstack_utils.py index 06d19eaa..6d890ebc 100644 --- a/sfc/lib/openstack_utils.py +++ b/sfc/lib/openstack_utils.py @@ -134,18 +134,25 @@ class OpenStackSFC: return sec_group def create_instance(self, vm_name, flavor_name, image_creator, network, - secgrp, av_zone, ports): + secgrp, av_zone, ports, port_security=True): logger.info("Creating the instance {}...".format(vm_name)) port_settings = [] for port in ports: - port_settings.append(PortConfig(name=port, - network_name=network.name)) - - instance_settings = VmInstanceConfig( - name=vm_name, flavor=flavor_name, - security_group_names=str(secgrp.name), - port_settings=port_settings, - availability_zone=av_zone) + port_settings.append( + PortConfig(name=port, + port_security_enabled=port_security, + network_name=network.name)) + if port_security: + instance_settings = VmInstanceConfig( + name=vm_name, flavor=flavor_name, + security_group_names=str(secgrp.name), + port_settings=port_settings, + availability_zone=av_zone) + else: + instance_settings = VmInstanceConfig( + name=vm_name, flavor=flavor_name, + port_settings=port_settings, + availability_zone=av_zone) instance_creator = cr_inst.OpenStackVmInstance( self.os_creds, diff --git a/sfc/tests/functest/sfc_parent_function.py b/sfc/tests/functest/sfc_parent_function.py index d93b2fbf..10c76968 100644 --- a/sfc/tests/functest/sfc_parent_function.py +++ b/sfc/tests/functest/sfc_parent_function.py @@ -260,7 +260,8 @@ class SfcCommonTestCase(object): self.network, self.sg, av_zone, - ports) + ports, + port_security=False) if not openstack_sfc.wait_for_vnf(vnf_creator): raise Exception('ERROR while booting vnf %s' % vnf_name) diff --git a/sfc/unit_tests/unit/lib/test_openstack_utils.py b/sfc/unit_tests/unit/lib/test_openstack_utils.py index 595f09b5..520c8579 100644 --- a/sfc/unit_tests/unit/lib/test_openstack_utils.py +++ b/sfc/unit_tests/unit/lib/test_openstack_utils.py @@ -249,6 +249,62 @@ class SfcOpenStackUtilsTesting(unittest.TestCase): oss_gro_ins.create.assert_called_with() mock_log.info.assert_has_calls(log_calls) + @patch('sfc.lib.openstack_utils.logger', autospec=True) + @patch('sfc.lib.openstack_utils.PortConfig', autospec=True) + @patch('sfc.lib.openstack_utils.VmInstanceConfig', autospec=True) + @patch('sfc.lib.openstack_utils.cr_inst.OpenStackVmInstance', + autospec=True) + def test_create_instance_port_security_false(self, + mock_os_vm_instance, + mock_vm_instance_config, + mock_port_config, + mock_log): + """ + Checks the proper functionality of create_instance + function + """ + + vm_con_ins = mock_vm_instance_config.return_value + pc_inss = ['pc_config1', 'pc_config2'] + mock_port_config.side_effect = pc_inss + os_vm_ins = mock_os_vm_instance.return_value + os_vm_ins_cre = os_vm_ins.create.return_value + expected = (os_vm_ins_cre, os_vm_ins) + secgrp = Mock() + secgrp.name = 'sec_grp' + network = Mock() + network.name = 'nw_name' + img_cre = Mock() + img_cre.image_settings = 'image_settings' + + log_calls = [call('Creating the instance vm_name...')] + pc_calls = [call(name='port1', + network_name='nw_name', + port_security_enabled=False), + call(name='port2', + network_name='nw_name', + port_security_enabled=False)] + result = self.os_sfc.create_instance('vm_name', + 'flavor_name', + img_cre, + network, + secgrp, + 'av_zone', + ['port1', 'port2'], + port_security=False) + self.assertEqual(expected, result) + mock_vm_instance_config.assert_called_once_with(name='vm_name', + flavor='flavor_name', + port_settings=pc_inss, + availability_zone='av' + '_zone') + mock_os_vm_instance.assert_called_once_with(self.os_creds, + vm_con_ins, + 'image_settings') + self.assertEqual([os_vm_ins], self.os_sfc.creators) + mock_log.info.assert_has_calls(log_calls) + mock_port_config.assert_has_calls(pc_calls) + @patch('sfc.lib.openstack_utils.logger', autospec=True) @patch('sfc.lib.openstack_utils.PortConfig', autospec=True) @patch('sfc.lib.openstack_utils.VmInstanceConfig', autospec=True) @@ -278,8 +334,12 @@ class SfcOpenStackUtilsTesting(unittest.TestCase): img_cre.image_settings = 'image_settings' log_calls = [call('Creating the instance vm_name...')] - pc_calls = [call(name='port1', network_name='nw_name'), - call(name='port2', network_name='nw_name')] + pc_calls = [call(name='port1', + network_name='nw_name', + port_security_enabled=True), + call(name='port2', + network_name='nw_name', + port_security_enabled=True)] result = self.os_sfc.create_instance('vm_name', 'flavor_name', img_cre, -- cgit 1.2.3-korg