Source code for compute.security_groups.test_security_group_rules
# Copyright 2012 OpenStack Foundation
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from tempest.api.compute.security_groups import base
from tempest.lib import decorators
[docs]
class SecurityGroupRulesTestJSON(base.BaseSecurityGroupsTest):
"""Test security group rules API
Test security group rules API with compute microversion less than 2.36.
"""
@classmethod
def setup_clients(cls):
super(SecurityGroupRulesTestJSON, cls).setup_clients()
cls.client = cls.security_group_rules_client
@classmethod
def resource_setup(cls):
super(SecurityGroupRulesTestJSON, cls).resource_setup()
cls.ip_protocol = 'tcp'
cls.from_port = 22
cls.to_port = 22
def setUp(self):
super(SecurityGroupRulesTestJSON, self).setUp()
from_port = self.from_port
to_port = self.to_port
group = {}
ip_range = {}
self.expected = {
'parent_group_id': None,
'ip_protocol': self.ip_protocol,
'from_port': from_port,
'to_port': to_port,
'ip_range': ip_range,
'group': group
}
def _check_expected_response(self, actual_rule):
for key in self.expected:
self.assertEqual(self.expected[key], actual_rule[key],
"Miss-matched key is %s" % key)
[docs]
@decorators.attr(type='smoke')
@decorators.idempotent_id('850795d7-d4d3-4e55-b527-a774c0123d3a')
def test_security_group_rules_create(self):
"""Test creating security group rules"""
# Creating a Security Group to add rules to it
security_group = self.create_security_group()
securitygroup_id = security_group['id']
# Adding rules to the created Security Group
rule = self.client.create_security_group_rule(
parent_group_id=securitygroup_id,
ip_protocol=self.ip_protocol,
from_port=self.from_port,
to_port=self.to_port)['security_group_rule']
self.expected['parent_group_id'] = securitygroup_id
self.expected['ip_range'] = {'cidr': '0.0.0.0/0'}
self._check_expected_response(rule)
[docs]
@decorators.idempotent_id('7a01873e-3c38-4f30-80be-31a043cfe2fd')
def test_security_group_rules_create_with_optional_cidr(self):
"""Test creating security group rules with optional field cidr"""
# Creating a Security Group to add rules to it
security_group = self.create_security_group()
parent_group_id = security_group['id']
# Adding rules to the created Security Group with optional cidr
cidr = '10.2.3.124/24'
rule = self.client.create_security_group_rule(
parent_group_id=parent_group_id,
ip_protocol=self.ip_protocol,
from_port=self.from_port,
to_port=self.to_port,
cidr=cidr)['security_group_rule']
self.expected['parent_group_id'] = parent_group_id
self.expected['ip_range'] = {'cidr': cidr}
self._check_expected_response(rule)
[docs]
@decorators.idempotent_id('7f5d2899-7705-4d4b-8458-4505188ffab6')
def test_security_group_rules_create_with_optional_group_id(self):
"""Test creating security group rules with optional field group id"""
# Creating a Security Group to add rules to it
security_group = self.create_security_group()
parent_group_id = security_group['id']
# Creating a Security Group so as to assign group_id to the rule
security_group = self.create_security_group()
group_id = security_group['id']
group_name = security_group['name']
# Adding rules to the created Security Group with optional group_id
rule = self.client.create_security_group_rule(
parent_group_id=parent_group_id,
ip_protocol=self.ip_protocol,
from_port=self.from_port,
to_port=self.to_port,
group_id=group_id)['security_group_rule']
self.expected['parent_group_id'] = parent_group_id
self.expected['group'] = {'tenant_id': self.client.tenant_id,
'name': group_name}
self._check_expected_response(rule)
[docs]
@decorators.attr(type='smoke')
@decorators.idempotent_id('a6154130-5a55-4850-8be4-5e9e796dbf17')
def test_security_group_rules_list(self):
"""Test listing security group rules"""
# Creating a Security Group to add rules to it
security_group = self.create_security_group()
securitygroup_id = security_group['id']
# Add a first rule to the created Security Group
rule = self.client.create_security_group_rule(
parent_group_id=securitygroup_id,
ip_protocol=self.ip_protocol,
from_port=self.from_port,
to_port=self.to_port)['security_group_rule']
rule1_id = rule['id']
# Add a second rule to the created Security Group
ip_protocol2 = 'icmp'
from_port2 = -1
to_port2 = -1
rule = self.client.create_security_group_rule(
parent_group_id=securitygroup_id,
ip_protocol=ip_protocol2,
from_port=from_port2,
to_port=to_port2)['security_group_rule']
rule2_id = rule['id']
# Delete the Security Group rule2 at the end of this method
self.addCleanup(
self.security_group_rules_client.delete_security_group_rule,
rule2_id)
# Get rules of the created Security Group
rules = self.security_groups_client.show_security_group(
securitygroup_id)['security_group']['rules']
self.assertNotEmpty([i for i in rules if i['id'] == rule1_id])
self.assertNotEmpty([i for i in rules if i['id'] == rule2_id])
[docs]
@decorators.idempotent_id('fc5c5acf-2091-43a6-a6ae-e42760e9ffaf')
def test_security_group_rules_delete_when_peer_group_deleted(self):
"""Test security group rule gets deleted when peer group is deleted"""
# Creating a Security Group to add rules to it
security_group = self.create_security_group()
sg1_id = security_group['id']
# Creating other Security Group to access to group1
security_group = self.create_security_group()
sg2_id = security_group['id']
# Adding rules to the Group1
self.client.create_security_group_rule(
parent_group_id=sg1_id,
ip_protocol=self.ip_protocol,
from_port=self.from_port,
to_port=self.to_port,
group_id=sg2_id)
# Delete group2
self.security_groups_client.delete_security_group(sg2_id)
# Get rules of the Group1
rules = (self.security_groups_client.show_security_group(sg1_id)
['security_group']['rules'])
# The group1 has no rules because group2 has deleted
self.assertEmpty(rules)