P0 testcase Automation of NAT and Firewall order feature
Change-Id: I521f447f698e93b11612da2ce98236d80580c1e6
This commit is contained in:
parent
08cba39042
commit
6ecd11d457
@ -1,6 +1,6 @@
|
|||||||
- project:
|
- project:
|
||||||
templates:
|
templates:
|
||||||
- openstack-lower-constraints-jobs
|
|
||||||
- openstack-python-jobs-neutron
|
- openstack-python-jobs-neutron
|
||||||
|
- openstack-lower-constraints-jobs
|
||||||
- openstack-python36-jobs
|
- openstack-python36-jobs
|
||||||
- check-requirements
|
- check-requirements
|
||||||
|
@ -6,6 +6,7 @@ description-file =
|
|||||||
author = OpenStack
|
author = OpenStack
|
||||||
author-email = openstack-dev@lists.openstack.org
|
author-email = openstack-dev@lists.openstack.org
|
||||||
home-page = http://www.openstack.org/
|
home-page = http://www.openstack.org/
|
||||||
|
python-requires = >=3.6
|
||||||
classifier =
|
classifier =
|
||||||
Environment :: OpenStack
|
Environment :: OpenStack
|
||||||
Intended Audience :: Information Technology
|
Intended Audience :: Information Technology
|
||||||
@ -13,8 +14,6 @@ classifier =
|
|||||||
License :: OSI Approved :: Apache Software License
|
License :: OSI Approved :: Apache Software License
|
||||||
Operating System :: POSIX :: Linux
|
Operating System :: POSIX :: Linux
|
||||||
Programming Language :: Python
|
Programming Language :: Python
|
||||||
Programming Language :: Python :: 2
|
|
||||||
Programming Language :: Python :: 2.7
|
|
||||||
Programming Language :: Python :: 3
|
Programming Language :: Python :: 3
|
||||||
Programming Language :: Python :: 3.3
|
Programming Language :: Python :: 3.3
|
||||||
Programming Language :: Python :: 3.6
|
Programming Language :: Python :: 3.6
|
||||||
|
7
tox.ini
7
tox.ini
@ -1,10 +1,11 @@
|
|||||||
[tox]
|
[tox]
|
||||||
minversion = 2.0
|
minversion = 3.1
|
||||||
envlist = py36,py27,pep8,docs
|
envlist = py36,pep8,docs
|
||||||
skipsdist = True
|
skipsdist = True
|
||||||
|
|
||||||
|
|
||||||
[testenv]
|
[testenv]
|
||||||
|
basepython = python3
|
||||||
usedevelop = True
|
usedevelop = True
|
||||||
install_command = pip install {opts} {packages}
|
install_command = pip install {opts} {packages}
|
||||||
setenv =
|
setenv =
|
||||||
@ -40,8 +41,6 @@ commands =
|
|||||||
flake8
|
flake8
|
||||||
{[testenv:bandit]commands}
|
{[testenv:bandit]commands}
|
||||||
|
|
||||||
[testenv:py27]
|
|
||||||
setenv = OS_FAIL_ON_MISSING_DEPS=1
|
|
||||||
|
|
||||||
[testenv:venv]
|
[testenv:venv]
|
||||||
basepython = python3
|
basepython = python3
|
||||||
|
@ -167,15 +167,12 @@ def wait_for_recordset_status(client, zone_id, recordset_id, status):
|
|||||||
return
|
return
|
||||||
|
|
||||||
if int(time.time()) - start >= client.build_timeout:
|
if int(time.time()) - start >= client.build_timeout:
|
||||||
message = ('Recordset %(recordset_id)s failed to reach '
|
message = 'Recordset %s s failed to reach ' \
|
||||||
'status=%(status) within the required time '
|
'status=%s within the required time ' \
|
||||||
'(%(timeout)s s). Current '
|
'(%s s s). Current ' \
|
||||||
'status: %(status_curr)s' %
|
'status: %s s' % \
|
||||||
{'recordset_id': recordset_id,
|
(recordset_id, status,
|
||||||
'status': status,
|
status_curr, client.build_timeout)
|
||||||
'status_curr': status_curr,
|
|
||||||
'timeout': client.build_timeout})
|
|
||||||
|
|
||||||
caller = test_utils.find_test_caller()
|
caller = test_utils.find_test_caller()
|
||||||
|
|
||||||
if caller:
|
if caller:
|
||||||
|
@ -341,7 +341,7 @@ class TestAdminPolicyBasicOps(dmgr.TopoDeployScenarioManager):
|
|||||||
except Exception as ex:
|
except Exception as ex:
|
||||||
ssh_client = None
|
ssh_client = None
|
||||||
msg = (self.exc_msg +
|
msg = (self.exc_msg +
|
||||||
("\n**FAIL to ssh to host[%s=%s]\n%s" %
|
("\n**FAIL to ssh to host %s \n%s" %
|
||||||
(host_id, str(ex))))
|
(host_id, str(ex))))
|
||||||
self.assertTrue(ssh_client, msg)
|
self.assertTrue(ssh_client, msg)
|
||||||
self.log_exc_msg(
|
self.log_exc_msg(
|
||||||
@ -423,10 +423,12 @@ class TestAdminPolicyBasicOps(dmgr.TopoDeployScenarioManager):
|
|||||||
router_type))
|
router_type))
|
||||||
self.create_nasa_topo(router_type)
|
self.create_nasa_topo(router_type)
|
||||||
self.jpl_private_ips = [y['fixed_ip_address']
|
self.jpl_private_ips = [y['fixed_ip_address']
|
||||||
for x, y in six.iteritems(self.server_ips)
|
for x, y in six.iteritems(
|
||||||
|
self.server_ips)
|
||||||
if x > '2']
|
if x > '2']
|
||||||
self.ames_private_ips = [y['fixed_ip_address']
|
self.ames_private_ips = [y['fixed_ip_address']
|
||||||
for x, y in six.iteritems(self.server_ips)
|
for x, y in six.iteritems(
|
||||||
|
self.server_ips)
|
||||||
if x < '3']
|
if x < '3']
|
||||||
|
|
||||||
self.run_policy_AA_on_ames_AA_on_jpl()
|
self.run_policy_AA_on_ames_AA_on_jpl()
|
||||||
|
@ -0,0 +1,308 @@
|
|||||||
|
# Copyright 2017 VMware Inc
|
||||||
|
# All Rights Reserved
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
import os
|
||||||
|
import time
|
||||||
|
|
||||||
|
from tempest import config
|
||||||
|
from tempest.lib.common.utils import data_utils
|
||||||
|
from tempest.lib.common.utils import test_utils
|
||||||
|
|
||||||
|
from tempest.lib import decorators
|
||||||
|
|
||||||
|
from vmware_nsx_tempest_plugin.common import constants
|
||||||
|
from vmware_nsx_tempest_plugin.lib import feature_manager
|
||||||
|
from vmware_nsx_tempest_plugin.services import nsxp_client
|
||||||
|
from vmware_nsx_tempest_plugin.services import nsxv3_client
|
||||||
|
|
||||||
|
CONF = config.CONF
|
||||||
|
LOG = constants.log.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
|
class TestVerifyFwNatOrder(feature_manager.FeatureManager):
|
||||||
|
|
||||||
|
"""Test New Cases Scenario
|
||||||
|
|
||||||
|
"""
|
||||||
|
@classmethod
|
||||||
|
def setup_clients(cls):
|
||||||
|
super(TestVerifyFwNatOrder, cls).setup_clients()
|
||||||
|
cls.cmgr_adm = cls.get_client_manager('admin')
|
||||||
|
cls.cmgr_alt = cls.get_client_manager('alt')
|
||||||
|
cls.cmgr_adm = cls.get_client_manager('admin')
|
||||||
|
cls.routers_client = cls.cmgr_adm.routers_client
|
||||||
|
cls.networks_client = cls.cmgr_adm.networks_client
|
||||||
|
cls.subnets_client = cls.cmgr_adm.subnets_client
|
||||||
|
cls.sec_rule_client = cls.cmgr_adm.security_group_rules_client
|
||||||
|
cls.sec_client = cls.cmgr_adm.security_groups_client
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def resource_setup(cls):
|
||||||
|
super(TestVerifyFwNatOrder, cls).resource_setup()
|
||||||
|
cls.nsx = nsxv3_client.NSXV3Client(CONF.nsxv3.nsx_manager,
|
||||||
|
CONF.nsxv3.nsx_user,
|
||||||
|
CONF.nsxv3.nsx_password)
|
||||||
|
cls.nsxp = nsxp_client.NSXPClient(CONF.nsxv3.nsx_manager,
|
||||||
|
CONF.nsxv3.nsx_user,
|
||||||
|
CONF.nsxv3.nsx_password)
|
||||||
|
|
||||||
|
def _test_ping_from_external_network(self, fip_ip):
|
||||||
|
out = os.popen('ping -c 5 %s' % fip_ip).read().strip()
|
||||||
|
return out
|
||||||
|
|
||||||
|
@decorators.idempotent_id('2317449c-03ac-9106-c317-09956daa46c3')
|
||||||
|
def test_verfiy_nat_fw_order_external_fw(self):
|
||||||
|
"""
|
||||||
|
Create NAT and Firewall rules on router.
|
||||||
|
Verify order of NAT and Firewall.
|
||||||
|
"""
|
||||||
|
rtr_name = data_utils.rand_name(name='tempest-router')
|
||||||
|
network_name = data_utils.rand_name(name='tempest-net')
|
||||||
|
subnet_name = data_utils.rand_name(name='tempest-subnet')
|
||||||
|
router_state = self.create_topology_router(
|
||||||
|
rtr_name, set_gateway=True,
|
||||||
|
routers_client=self.cmgr_adm.routers_client)
|
||||||
|
network_state = self.create_topology_network(
|
||||||
|
network_name, networks_client=self.cmgr_adm.networks_client)
|
||||||
|
subnet_state = self.create_topology_subnet(
|
||||||
|
subnet_name, network_state,
|
||||||
|
subnets_client=self.cmgr_adm.subnets_client)
|
||||||
|
interface = self.cmgr_adm.routers_client.add_router_interface(
|
||||||
|
router_state['id'], subnet_id=subnet_state["id"])
|
||||||
|
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
|
||||||
|
self.cmgr_adm.routers_client.remove_router_interface,
|
||||||
|
router_state['id'], subnet_id=subnet_state["id"])
|
||||||
|
security_group = self._create_security_group(
|
||||||
|
security_group_rules_client=self.cmgr_adm.
|
||||||
|
security_group_rules_client,
|
||||||
|
security_groups_client=self.cmgr_adm.security_groups_client)
|
||||||
|
image_id = self.get_glance_image_id(["cirros", "esx"])
|
||||||
|
security_groups = [{'name': security_group['name']}]
|
||||||
|
server1 = self.create_topology_instance(
|
||||||
|
"state_vm_1", [network_state],
|
||||||
|
create_floating_ip=True, image_id=image_id, clients=self.cmgr_adm,
|
||||||
|
security_groups=security_groups)
|
||||||
|
server2 = self.create_topology_instance(
|
||||||
|
"state_vm_2", [network_state],
|
||||||
|
create_floating_ip=True, image_id=image_id, clients=self.cmgr_adm,
|
||||||
|
security_groups=security_groups)
|
||||||
|
if CONF.network.backend == 'nsxp':
|
||||||
|
time.sleep(constants.NSXP_BACKEND_SMALL_TIME_INTERVAL)
|
||||||
|
nsx_router = self.nsxp.get_logical_router(router_state['name'],
|
||||||
|
router_state['id'])
|
||||||
|
nat_rules = self.nsxp.get_logical_router_nat_rules(nsx_router)
|
||||||
|
for nat_rule in nat_rules:
|
||||||
|
if nat_rule['firewall_match'] == 'BYPASS':
|
||||||
|
continue
|
||||||
|
self.assertEqual('MATCH_EXTERNAL_ADDRESS',
|
||||||
|
nat_rule['firewall_match'])
|
||||||
|
nsx_router = self.nsx.get_logical_router(router_state['name'],
|
||||||
|
router_state['id'])
|
||||||
|
nat_rules = self.nsx.get_logical_router_nat_rules(nsx_router)
|
||||||
|
for nat_rule in nat_rules:
|
||||||
|
if nat_rule['firewall_match'] == 'BYPASS':
|
||||||
|
continue
|
||||||
|
self.assertEqual('MATCH_EXTERNAL_ADDRESS',
|
||||||
|
nat_rule['firewall_match'])
|
||||||
|
ext_network = self.cmgr_adm.networks_client.show_network(
|
||||||
|
CONF.network.public_network_id)['network']
|
||||||
|
ext_subnet = self.cmgr_adm.subnets_client.show_subnet(
|
||||||
|
ext_network['subnets'][0])['subnet']
|
||||||
|
fw_rules = self.create_firewall_rule(
|
||||||
|
name='test_rule', protocol='icmp',
|
||||||
|
action="allow", destination_ip_address=ext_subnet["cidr"])
|
||||||
|
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
|
||||||
|
self.fwaas_v2_client.delete_firewall_v2_rule,
|
||||||
|
fw_rules['firewall_rule']['id'])
|
||||||
|
rules = []
|
||||||
|
# Check firewall rule
|
||||||
|
rules.append(fw_rules['firewall_rule']['id'])
|
||||||
|
policy_name = data_utils.rand_name('fw-policy-')
|
||||||
|
# Create firewall policy
|
||||||
|
fw_policy = self.create_firewall_policy(
|
||||||
|
name=policy_name, firewall_rules=rules,
|
||||||
|
project_id=router_state['project_id'])
|
||||||
|
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
|
||||||
|
self.fwaas_v2_client.delete_firewall_v2_policy,
|
||||||
|
fw_policy['firewall_policy']['id'])
|
||||||
|
show_policy = self.show_firewall_policy(
|
||||||
|
fw_policy['firewall_policy']['id'])
|
||||||
|
# Check firewall policy
|
||||||
|
self.assertEqual(
|
||||||
|
show_policy.get('firewall_policy')['name'],
|
||||||
|
policy_name)
|
||||||
|
self.assertEqual(show_policy.get('firewall_policy')
|
||||||
|
['firewall_rules'], rules)
|
||||||
|
policy_id = fw_policy['firewall_policy']['id']
|
||||||
|
group_name = data_utils.rand_name('fw-group-')
|
||||||
|
# Create firewall group
|
||||||
|
fw_group = self.create_firewall_group(
|
||||||
|
name=group_name,
|
||||||
|
ingress_firewall_policy_id=policy_id,
|
||||||
|
egress_firewall_policy_id=policy_id,
|
||||||
|
ports=[interface['port_id']],
|
||||||
|
project_id=router_state['project_id'])
|
||||||
|
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
|
||||||
|
self.fwaas_v2_client.update_firewall_v2_group,
|
||||||
|
fw_group["firewall_group"]["id"], ports=[])
|
||||||
|
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
|
||||||
|
self.fwaas_v2_client.delete_firewall_v2_group,
|
||||||
|
fw_group["firewall_group"]["id"])
|
||||||
|
self._wait_firewall_ready(fw_group["firewall_group"]["id"])
|
||||||
|
# Verify traffic to vm
|
||||||
|
fip = server1["floating_ips"][0]["floating_ip_address"]
|
||||||
|
out = self._test_ping_from_external_network(fip)
|
||||||
|
self.assertIn("64 bytes from ", str(out))
|
||||||
|
fip = server2["floating_ips"][0]["floating_ip_address"]
|
||||||
|
out = self._test_ping_from_external_network(fip)
|
||||||
|
self.assertIn("64 bytes from ", str(out))
|
||||||
|
# Update destination ip address in firewall rule
|
||||||
|
fw_rules = self.update_firewall_rule(
|
||||||
|
fw_rules['firewall_rule']['id'],
|
||||||
|
destination_ip_address=subnet_state['cidr'])
|
||||||
|
if CONF.network.backend == 'nsxp':
|
||||||
|
time.sleep(constants.NSXP_BACKEND_SMALL_TIME_INTERVAL)
|
||||||
|
# Verify traffic to vm
|
||||||
|
fip = server1["floating_ips"][0]["floating_ip_address"]
|
||||||
|
out = self._test_ping_from_external_network(fip)
|
||||||
|
self.assertNotIn("64 bytes from ", str(out))
|
||||||
|
fip = server2["floating_ips"][0]["floating_ip_address"]
|
||||||
|
out = self._test_ping_from_external_network(fip)
|
||||||
|
self.assertNotIn("64 bytes from ", str(out))
|
||||||
|
self.fwaas_v2_client.update_firewall_v2_group(
|
||||||
|
fw_group["firewall_group"]["id"], ports=[])
|
||||||
|
|
||||||
|
@decorators.idempotent_id('2317449c-14bd-0317-c317-09956daa46c3')
|
||||||
|
def test_verfiy_nat_fw_order_internal_fw(self):
|
||||||
|
"""
|
||||||
|
Create NAT and Firewall rules on router.
|
||||||
|
Verify order of NAT and Firewall.
|
||||||
|
"""
|
||||||
|
rtr_name = data_utils.rand_name(name='tempest-router')
|
||||||
|
network_name = data_utils.rand_name(name='tempest-net')
|
||||||
|
subnet_name = data_utils.rand_name(name='tempest-subnet')
|
||||||
|
router_state = self.create_topology_router(
|
||||||
|
rtr_name, set_gateway=True,
|
||||||
|
routers_client=self.cmgr_adm.routers_client)
|
||||||
|
network_state = self.create_topology_network(
|
||||||
|
network_name, networks_client=self.cmgr_adm.networks_client)
|
||||||
|
subnet_state = self.create_topology_subnet(
|
||||||
|
subnet_name, network_state,
|
||||||
|
subnets_client=self.cmgr_adm.subnets_client)
|
||||||
|
interface = self.cmgr_adm.routers_client.add_router_interface(
|
||||||
|
router_state['id'], subnet_id=subnet_state["id"])
|
||||||
|
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
|
||||||
|
self.cmgr_adm.routers_client.remove_router_interface,
|
||||||
|
router_state['id'], subnet_id=subnet_state["id"])
|
||||||
|
security_group = self._create_security_group(
|
||||||
|
security_group_rules_client=self.cmgr_adm.
|
||||||
|
security_group_rules_client,
|
||||||
|
security_groups_client=self.cmgr_adm.security_groups_client)
|
||||||
|
image_id = self.get_glance_image_id(["cirros", "esx"])
|
||||||
|
security_groups = [{'name': security_group['name']}]
|
||||||
|
server1 = self.create_topology_instance(
|
||||||
|
"state_vm_1", [network_state],
|
||||||
|
create_floating_ip=True, image_id=image_id, clients=self.cmgr_adm,
|
||||||
|
security_groups=security_groups)
|
||||||
|
server2 = self.create_topology_instance(
|
||||||
|
"state_vm_2", [network_state],
|
||||||
|
create_floating_ip=True, image_id=image_id, clients=self.cmgr_adm,
|
||||||
|
security_groups=security_groups)
|
||||||
|
if CONF.network.backend == 'nsxp':
|
||||||
|
time.sleep(constants.NSXP_BACKEND_SMALL_TIME_INTERVAL)
|
||||||
|
nsx_router = self.nsxp.get_logical_router(router_state['name'],
|
||||||
|
router_state['id'])
|
||||||
|
nat_rules = self.nsxp.get_logical_router_nat_rules(nsx_router)
|
||||||
|
for nat_rule in nat_rules:
|
||||||
|
if nat_rule['firewall_match'] == 'BYPASS':
|
||||||
|
continue
|
||||||
|
self.assertEqual('MATCH_INTERNAL_ADDRESS',
|
||||||
|
nat_rule['firewall_match'])
|
||||||
|
nsx_router = self.nsx.get_logical_router(router_state['name'],
|
||||||
|
router_state['id'])
|
||||||
|
nat_rules = self.nsx.get_logical_router_nat_rules(nsx_router)
|
||||||
|
for nat_rule in nat_rules:
|
||||||
|
if nat_rule['firewall_match'] == 'BYPASS':
|
||||||
|
continue
|
||||||
|
self.assertEqual('MATCH_INTERNAL_ADDRESS',
|
||||||
|
nat_rule['firewall_match'])
|
||||||
|
ext_network = self.cmgr_adm.networks_client.show_network(
|
||||||
|
CONF.network.public_network_id)['network']
|
||||||
|
ext_subnet = self.cmgr_adm.subnets_client.show_subnet(
|
||||||
|
ext_network['subnets'][0])['subnet']
|
||||||
|
fw_rules = self.create_firewall_rule(
|
||||||
|
name='test_rule', protocol='icmp',
|
||||||
|
action="allow",
|
||||||
|
destination_ip_address=subnet_state['cidr'])
|
||||||
|
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
|
||||||
|
self.fwaas_v2_client.delete_firewall_v2_rule,
|
||||||
|
fw_rules['firewall_rule']['id'])
|
||||||
|
rules = []
|
||||||
|
# Check firewall rule
|
||||||
|
rules.append(fw_rules['firewall_rule']['id'])
|
||||||
|
policy_name = data_utils.rand_name('fw-policy-')
|
||||||
|
# Create firewall policy
|
||||||
|
fw_policy = self.create_firewall_policy(
|
||||||
|
name=policy_name, firewall_rules=rules,
|
||||||
|
project_id=router_state['project_id'])
|
||||||
|
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
|
||||||
|
self.fwaas_v2_client.delete_firewall_v2_policy,
|
||||||
|
fw_policy['firewall_policy']['id'])
|
||||||
|
show_policy = self.show_firewall_policy(
|
||||||
|
fw_policy['firewall_policy']['id'])
|
||||||
|
# Check firewall policy
|
||||||
|
self.assertEqual(
|
||||||
|
show_policy.get('firewall_policy')['name'],
|
||||||
|
policy_name)
|
||||||
|
self.assertEqual(show_policy.get('firewall_policy')
|
||||||
|
['firewall_rules'], rules)
|
||||||
|
policy_id = fw_policy['firewall_policy']['id']
|
||||||
|
group_name = data_utils.rand_name('fw-group-')
|
||||||
|
# Create firewall group
|
||||||
|
fw_group = self.create_firewall_group(
|
||||||
|
name=group_name,
|
||||||
|
ingress_firewall_policy_id=policy_id,
|
||||||
|
egress_firewall_policy_id=policy_id,
|
||||||
|
ports=[interface['port_id']],
|
||||||
|
project_id=router_state['project_id'])
|
||||||
|
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
|
||||||
|
self.fwaas_v2_client.update_firewall_v2_group,
|
||||||
|
fw_group["firewall_group"]["id"], ports=[])
|
||||||
|
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
|
||||||
|
self.fwaas_v2_client.delete_firewall_v2_group,
|
||||||
|
fw_group["firewall_group"]["id"])
|
||||||
|
self._wait_firewall_ready(fw_group["firewall_group"]["id"])
|
||||||
|
# Verify traffic to vm
|
||||||
|
fip = server1["floating_ips"][0]["floating_ip_address"]
|
||||||
|
out = self._test_ping_from_external_network(fip)
|
||||||
|
self.assertIn("64 bytes from ", str(out))
|
||||||
|
fip = server2["floating_ips"][0]["floating_ip_address"]
|
||||||
|
out = self._test_ping_from_external_network(fip)
|
||||||
|
self.assertIn("64 bytes from ", str(out))
|
||||||
|
# Update destination ip address in firewall rule
|
||||||
|
fw_rules = self.update_firewall_rule(
|
||||||
|
fw_rules['firewall_rule']['id'],
|
||||||
|
destination_ip_address=ext_subnet['cidr'])
|
||||||
|
if CONF.network.backend == 'nsxp':
|
||||||
|
time.sleep(constants.NSXP_BACKEND_SMALL_TIME_INTERVAL)
|
||||||
|
# Verify traffic to vm
|
||||||
|
fip = server1["floating_ips"][0]["floating_ip_address"]
|
||||||
|
out = self._test_ping_from_external_network(fip)
|
||||||
|
self.assertNotIn("64 bytes from ", str(out))
|
||||||
|
fip = server2["floating_ips"][0]["floating_ip_address"]
|
||||||
|
out = self._test_ping_from_external_network(fip)
|
||||||
|
self.assertNotIn("64 bytes from ", str(out))
|
||||||
|
self.fwaas_v2_client.update_firewall_v2_group(
|
||||||
|
fw_group["firewall_group"]["id"], ports=[])
|
Loading…
Reference in New Issue
Block a user