diff options
Diffstat (limited to 'yardstick')
-rw-r--r-- | yardstick/common/openstack_utils.py | 89 | ||||
-rw-r--r-- | yardstick/orchestrator/heat.py | 9 | ||||
-rw-r--r-- | yardstick/tests/unit/common/test_openstack_utils.py | 25 | ||||
-rw-r--r-- | yardstick/tests/unit/orchestrator/test_heat.py | 19 |
4 files changed, 103 insertions, 39 deletions
diff --git a/yardstick/common/openstack_utils.py b/yardstick/common/openstack_utils.py index a6b53a607..2785230c0 100644 --- a/yardstick/common/openstack_utils.py +++ b/yardstick/common/openstack_utils.py @@ -658,44 +658,57 @@ def create_security_group(neutron_client, sg_name, return None -def create_secgroup_rule(neutron_client, sg_id, direction, protocol, - port_range_min=None, port_range_max=None, - **json_body): # pragma: no cover - # We create a security group in 2 steps - # 1 - we check the format and set the json body accordingly - # 2 - we call neturon client to create the security group - - # Format check - json_body.update({'security_group_rule': {'direction': direction, - 'security_group_id': sg_id, 'protocol': protocol}}) - # parameters may be - # - both None => we do nothing - # - both Not None => we add them to the json description - # but one cannot be None is the other is not None - if (port_range_min is not None and port_range_max is not None): - # add port_range in json description - json_body['security_group_rule']['port_range_min'] = port_range_min - json_body['security_group_rule']['port_range_max'] = port_range_max - log.debug("Security_group format set (port range included)") - else: - # either both port range are set to None => do nothing - # or one is set but not the other => log it and return False - if port_range_min is None and port_range_max is None: - log.debug("Security_group format set (no port range mentioned)") - else: - log.error("Bad security group format." - "One of the port range is not properly set:" - "range min: %s, range max: %s", port_range_min, - port_range_max) - return False +def create_security_group_rule(shade_client, secgroup_name_or_id, + port_range_min=None, port_range_max=None, + protocol=None, remote_ip_prefix=None, + remote_group_id=None, direction='ingress', + ethertype='IPv4', project_id=None): + """Create a new security group rule + + :param secgroup_name_or_id:(string) The security group name or ID to + associate with this security group rule. If a + non-unique group name is given, an exception is + raised. + :param port_range_min:(int) The minimum port number in the range that is + matched by the security group rule. If the protocol + is TCP or UDP, this value must be less than or equal + to the port_range_max attribute value. If nova is + used by the cloud provider for security groups, then + a value of None will be transformed to -1. + :param port_range_max:(int) The maximum port number in the range that is + matched by the security group rule. The + port_range_min attribute constrains the + port_range_max attribute. If nova is used by the + cloud provider for security groups, then a value of + None will be transformed to -1. + :param protocol:(string) The protocol that is matched by the security group + rule. Valid values are None, tcp, udp, and icmp. + :param remote_ip_prefix:(string) The remote IP prefix to be associated with + this security group rule. This attribute matches + the specified IP prefix as the source IP address of + the IP packet. + :param remote_group_id:(string) The remote group ID to be associated with + this security group rule. + :param direction:(string) Ingress or egress: The direction in which the + security group rule is applied. + :param ethertype:(string) Must be IPv4 or IPv6, and addresses represented + in CIDR must match the ingress or egress rules. + :param project_id:(string) Specify the project ID this security group will + be created on (admin-only). + + :returns: True on success. + """ - # Create security group using neutron client try: - neutron_client.create_security_group_rule(json_body) + shade_client.create_security_group_rule( + secgroup_name_or_id, port_range_min=port_range_min, + port_range_max=port_range_max, protocol=protocol, + remote_ip_prefix=remote_ip_prefix, remote_group_id=remote_group_id, + direction=direction, ethertype=ethertype, project_id=project_id) return True - except Exception: # pylint: disable=broad-except - log.exception("Impossible to create_security_group_rule," - "security group rule probably already exists") + except exc.OpenStackCloudException as op_exc: + log.error("Failed to create_security_group_rule(shade_client). " + "Exception message: %s", op_exc.orig_message) return False @@ -719,18 +732,18 @@ def create_security_group_full(neutron_client, sg_name, SECGROUP['name'], sg_id) log.debug("Adding ICMP rules in security group '%s'...", sg_name) - if not create_secgroup_rule(neutron_client, sg_id, + if not create_security_group_rule(neutron_client, sg_id, 'ingress', 'icmp'): log.error("Failed to create the security group rule...") return None log.debug("Adding SSH rules in security group '%s'...", sg_name) - if not create_secgroup_rule( + if not create_security_group_rule( neutron_client, sg_id, 'ingress', 'tcp', '22', '22'): log.error("Failed to create the security group rule...") return None - if not create_secgroup_rule( + if not create_security_group_rule( neutron_client, sg_id, 'egress', 'tcp', '22', '22'): log.error("Failed to create the security group rule...") return None diff --git a/yardstick/orchestrator/heat.py b/yardstick/orchestrator/heat.py index d69f86044..5afa4151e 100644 --- a/yardstick/orchestrator/heat.py +++ b/yardstick/orchestrator/heat.py @@ -15,6 +15,7 @@ import datetime import getpass import logging import pkg_resources +import pprint import socket import tempfile import time @@ -22,6 +23,7 @@ import time from oslo_serialization import jsonutils from oslo_utils import encodeutils import shade +from shade._heat import event_utils import yardstick.common.openstack_utils as op_utils from yardstick.common import exceptions @@ -63,6 +65,10 @@ class HeatStack(object): self._update_stack_tracking() + def get_failures(self): + return event_utils.get_events(self._cloud, self._stack.id, + event_args={'resource_status': 'FAILED'}) + def get(self): """Retrieves an existing stack from the target cloud @@ -625,6 +631,9 @@ name (i.e. %s). return stack if stack.status != self.HEAT_STATUS_COMPLETE: + for event in stack.get_failures(): + log.error("%s", event.resource_status_reason) + log.error(pprint.pformat(self._template)) raise exceptions.HeatTemplateError(stack_name=self.name) log.info("Creating stack '%s' DONE in %d secs", diff --git a/yardstick/tests/unit/common/test_openstack_utils.py b/yardstick/tests/unit/common/test_openstack_utils.py index b8f85c083..3b7e8eaa1 100644 --- a/yardstick/tests/unit/common/test_openstack_utils.py +++ b/yardstick/tests/unit/common/test_openstack_utils.py @@ -239,3 +239,28 @@ class DeleteFloatingIpTestCase(unittest.TestCase): 'floating_ip_id') mock_logger.error.assert_called_once() self.assertFalse(output) + + +class CreateSecurityGroupRuleTestCase(unittest.TestCase): + + def setUp(self): + self.mock_shade_client = mock.Mock() + self.secgroup_name_or_id = 'sg_name_id' + self.mock_shade_client.create_security_group_rule = mock.Mock() + + def test_create_security_group_rule(self): + self.mock_shade_client.create_security_group_rule.return_value = ( + {'security_group_rule'}) + output = openstack_utils.create_security_group_rule( + self.mock_shade_client, self.secgroup_name_or_id) + self.assertTrue(output) + + @mock.patch.object(openstack_utils, 'log') + def test_create_security_group_rule_exception(self, mock_logger): + self.mock_shade_client.create_security_group_rule.side_effect = ( + exc.OpenStackCloudException('error message')) + + output = openstack_utils.create_security_group_rule( + self.mock_shade_client, self.secgroup_name_or_id) + mock_logger.error.assert_called_once() + self.assertFalse(output) diff --git a/yardstick/tests/unit/orchestrator/test_heat.py b/yardstick/tests/unit/orchestrator/test_heat.py index aae2487aa..9598eeb04 100644 --- a/yardstick/tests/unit/orchestrator/test_heat.py +++ b/yardstick/tests/unit/orchestrator/test_heat.py @@ -354,13 +354,30 @@ class HeatTemplateTestCase(unittest.TestCase): 3600) self.assertEqual(heat_stack, ret) - def test_create_block_status_no_complete(self): heat_stack = mock.Mock() heat_stack.status = 'other status' + heat_stack.get_failures.return_value = [] with mock.patch.object(heat, 'HeatStack', return_value=heat_stack): self.assertRaises(exceptions.HeatTemplateError, self.template.create, block=True) heat_stack.create.assert_called_once_with( self.template._template, self.template.heat_parameters, True, 3600) + + def test_create_block_status_no_complete_with_reasons(self): + heat_stack = mock.Mock() + heat_stack.status = 'other status' + heat_stack.get_failures.return_value = [ + mock.Mock(resource_status_reason="A reason"), + mock.Mock(resource_status_reason="Something else") + ] + with mock.patch.object(heat, 'HeatStack', return_value=heat_stack): + with mock.patch.object(heat, 'log') as mock_log: + self.assertRaises(exceptions.HeatTemplateError, + self.template.create, block=True) + mock_log.error.assert_any_call("%s", "A reason") + mock_log.error.assert_any_call("%s", "Something else") + heat_stack.create.assert_called_once_with( + self.template._template, self.template.heat_parameters, True, + 3600) |