Added custom security group with ICMP and SSH rules.

This was done for all tests exercising floating IPs. Also added check to all of these tests to ensure the VMs all have received their private IP address via DHCP. JIRA: FUNCTEST-834 Change-Id: I88ae2fecc3f8e507641adf24cb65a0583f4db24c Signed-off-by: spisarski <s.pisarski@cablelabs.com>
author: spisarski <s.pisarski@cablelabs.com> 2017-06-06 14:45:19 -0600
committer: spisarski <s.pisarski@cablelabs.com> 2017-06-06 15:14:06 -0600
commit: 9a20a7224ab4b45d541c183fb208e221b1fc1b6c (patch)
tree: a0591c5da24d1afd532efc36b7eef3979a863214 /snaps/provisioning
parent: c01f193cad22895f86f726f588a46e44ed4ab68a (diff)
1 files changed, 29 insertions, 3 deletions
diff --git a/snaps/provisioning/tests/ansible_utils_tests.py b/snaps/provisioning/tests/ansible_utils_tests.py
index c39bde4..76714b8 100644
--- a/snaps/provisioning/tests/ansible_utils_tests.py
+++ b/snaps/provisioning/tests/ansible_utils_tests.py
@@ -16,6 +16,8 @@
 import os
 import uuid
 from scp import SCPClient
+from snaps.openstack.create_security_group import SecurityGroupRuleSettings, Direction, Protocol, \
+    OpenStackSecurityGroup, SecurityGroupSettings
 
 from snaps.openstack import create_flavor
 from snaps.openstack import create_instance
@@ -23,7 +25,7 @@ from snaps.openstack import create_image
 from snaps.openstack import create_keypairs
 from snaps.openstack import create_network
 from snaps.openstack import create_router
-from snaps.openstack.tests import openstack_tests
+from snaps.openstack.tests import openstack_tests, create_instance_tests
 from snaps.openstack.tests.os_source_file_test import OSIntegrationTestCase
 from snaps.provisioning import ansible_utils
 
@@ -58,6 +60,7 @@ class AnsibleProvisioningTests(OSIntegrationTestCase):
         # Setup members to cleanup just in case they don't get created
         self.inst_creator = None
         self.keypair_creator = None
+        self.sec_grp_creator = None
         self.flavor_creator = None
         self.router_creator = None
         self.network_creator = None
@@ -96,6 +99,17 @@ class AnsibleProvisioningTests(OSIntegrationTestCase):
                     private_filepath=self.keypair_priv_filepath))
             self.keypair_creator.create()
 
+            # Create Security Group
+            sec_grp_name = guid + '-sec-grp'
+            rule1 = SecurityGroupRuleSettings(sec_grp_name=sec_grp_name, direction=Direction.ingress,
+                                              protocol=Protocol.icmp)
+            rule2 = SecurityGroupRuleSettings(sec_grp_name=sec_grp_name, direction=Direction.ingress,
+                                              protocol=Protocol.tcp, port_range_min=22, port_range_max=22)
+            self.sec_grp_creator = OpenStackSecurityGroup(
+                self.os_creds,
+                SecurityGroupSettings(name=sec_grp_name, rule_settings=[rule1, rule2]))
+            self.sec_grp_creator.create()
+
             # Create instance
             ports_settings = list()
             ports_settings.append(
@@ -155,11 +169,17 @@ class AnsibleProvisioningTests(OSIntegrationTestCase):
         2. Set the following environment variable in your executing shell: ANSIBLE_HOST_KEY_CHECKING=False
         Should this not be performed, the creation of the host ssh key will cause your ansible calls to fail.
         """
-        self.inst_creator.create(block=True)
+        vm = self.inst_creator.create(block=True)
 
         # Block until VM's ssh port has been opened
         self.assertTrue(self.inst_creator.vm_ssh_active(block=True))
 
+        priv_ip = self.inst_creator.get_port_ip(self.port_1_name)
+        self.assertTrue(create_instance_tests.check_dhcp_lease(vm, priv_ip))
+
+        # Apply Security Group
+        self.inst_creator.add_security_group(self.sec_grp_creator.get_security_group())
+
         ssh_client = self.inst_creator.ssh_client()
         self.assertIsNotNone(ssh_client)
         out = ssh_client.exec_command('pwd')[1].channel.in_buffer.read(1024)
@@ -192,11 +212,17 @@ class AnsibleProvisioningTests(OSIntegrationTestCase):
         2. Set the following environment variable in your executing shell: ANSIBLE_HOST_KEY_CHECKING=False
         Should this not be performed, the creation of the host ssh key will cause your ansible calls to fail.
         """
-        self.inst_creator.create(block=True)
+        vm = self.inst_creator.create(block=True)
 
         # Block until VM's ssh port has been opened
         self.assertTrue(self.inst_creator.vm_ssh_active(block=True))
 
+        priv_ip = self.inst_creator.get_port_ip(self.port_1_name)
+        self.assertTrue(create_instance_tests.check_dhcp_lease(vm, priv_ip))
+
+        # Apply Security Group
+        self.inst_creator.add_security_group(self.sec_grp_creator.get_security_group())
+
         # Need to use the first floating IP as subsequent ones are currently broken with Apex CO
         ip = self.inst_creator.get_floating_ip().ip
         user = self.inst_creator.get_image_user()
author	spisarski <s.pisarski@cablelabs.com>	2017-06-06 14:45:19 -0600
committer	spisarski <s.pisarski@cablelabs.com>	2017-06-06 15:14:06 -0600
commit	9a20a7224ab4b45d541c183fb208e221b1fc1b6c (patch)
tree	a0591c5da24d1afd532efc36b7eef3979a863214 /snaps/provisioning
parent	c01f193cad22895f86f726f588a46e44ed4ab68a (diff)