[Tempest] Added uni-scale cases for below entites
- Port-security - Provider Security groups - Also changed to function name to test vm internal traffic Change-Id: I28d92272f100a76b7239a006580f605f91ed14ba
This commit is contained in:
Puneet Arora
parent
2509554d48
commit
bac46c4cd5
@ -341,9 +341,28 @@ class FeatureManager(traffic_manager.IperfManager,
|
||||
# Wait for the firewall resource to become ready
|
||||
self._wait_fw_v1_until_ready(created_firewall['id'])
|
||||
|
||||
def ping_between_vms_different_router_uniscale(self, icmp_succeed=True):
|
||||
"""
|
||||
Receives topology servers dictionary as input and finds all the
|
||||
servers list checks NS and EW Traffic
|
||||
"""
|
||||
for server in self.servers_details.values():
|
||||
ip_address = server[0]['floating_ips'][0]['floating_ip_address']
|
||||
ssh_source = self._get_remote_client(ip_address, use_password=True)
|
||||
self.\
|
||||
test_fip_check_server_and_project_network_connectivity(
|
||||
server,
|
||||
should_connect=icmp_succeed)
|
||||
for remote_server in self.servers_details.values():
|
||||
if remote_server[0]['name'] != server[0]['name']:
|
||||
remote_ip = remote_server[0][
|
||||
'addresses'].values()[0][0]['addr']
|
||||
self.check_remote_connectivity(ssh_source, remote_ip,
|
||||
should_succeed=True)
|
||||
#
|
||||
# L2Gateway base class. To get basics of L2GW.
|
||||
#
|
||||
|
||||
def create_l2gw(self, l2gw_name, l2gw_param):
|
||||
"""Creates L2GW and returns the response.
|
||||
|
||||
|
||||
@ -77,8 +77,9 @@ class TrafficManager(appliance_manager.ApplianceManager):
|
||||
self.check_server_internal_ips_using_floating_ip(
|
||||
floating_ip, server, compute_ips, should_connect)
|
||||
|
||||
def using_floating_ip_check_server_and_project_network_connectivity(
|
||||
self, server_details, floating_ip=None, network=None):
|
||||
def test_fip_check_server_and_project_network_connectivity(
|
||||
self, server_details, floating_ip=None, network=None,
|
||||
should_connect=True):
|
||||
if not network:
|
||||
network = server_details.networks[0]
|
||||
if not floating_ip:
|
||||
|
||||
@ -58,7 +58,7 @@ class TestEnsOps(feature_manager.FeatureManager):
|
||||
CONF.nsxv3.nsx_password)
|
||||
|
||||
def verify_ping_to_fip_from_ext_vm(self, server_details):
|
||||
self.using_floating_ip_check_server_and_project_network_connectivity(
|
||||
self.test_fip_check_server_and_project_network_connectivity(
|
||||
server_details)
|
||||
|
||||
def verify_ping_own_fip(self, server):
|
||||
|
||||
@ -66,13 +66,13 @@ class TestNetOps(feature_manager.FeatureManager):
|
||||
router_ops = self.create_topology_router("router_ops")
|
||||
network_ops = self.create_topology_network("network_ops")
|
||||
self.create_topology_subnet("subnet_ops", network_ops,
|
||||
router_id=router_ops["id"])
|
||||
router_id=router_ops["id"])
|
||||
self.create_topology_instance(
|
||||
"server_ops", [network_ops],
|
||||
security_groups=[{'name': self.net_ssh_icmp_sg['name']}])
|
||||
|
||||
def verify_ping_to_fip_from_ext_vm(self, server_details):
|
||||
self.using_floating_ip_check_server_and_project_network_connectivity(
|
||||
self.test_fip_check_server_and_project_network_connectivity(
|
||||
server_details)
|
||||
|
||||
def verify_ping_own_fip(self, server):
|
||||
|
||||
@ -111,7 +111,7 @@ class TestMicroSegmentationOps(feature_manager.FeatureManager):
|
||||
# Web network
|
||||
network_web = self.create_topology_network("network_web")
|
||||
self.create_topology_subnet("subnet_web", network_web,
|
||||
router_id=router_microseg["id"])
|
||||
router_id=router_microseg["id"])
|
||||
self.create_topology_instance(
|
||||
"server_web_1", [network_web],
|
||||
security_groups=[{'name': self.web_sg['name']}])
|
||||
@ -121,7 +121,7 @@ class TestMicroSegmentationOps(feature_manager.FeatureManager):
|
||||
# App network
|
||||
network_app = self.create_topology_network("network_app")
|
||||
self.create_topology_subnet("subnet_app", network_app,
|
||||
router_id=router_microseg["id"])
|
||||
router_id=router_microseg["id"])
|
||||
self.create_topology_instance(
|
||||
"server_app_1", [network_app],
|
||||
security_groups=[{'name': self.app_sg['name']}])
|
||||
@ -130,7 +130,7 @@ class TestMicroSegmentationOps(feature_manager.FeatureManager):
|
||||
security_groups=[{'name': self.app_sg['name']}])
|
||||
|
||||
def check_server_project_connectivity(self, server_details):
|
||||
self.using_floating_ip_check_server_and_project_network_connectivity(
|
||||
self.test_fip_check_server_and_project_network_connectivity(
|
||||
server_details)
|
||||
|
||||
@decorators.attr(type=["nsxv3", "nsxv"])
|
||||
|
||||
@ -163,7 +163,7 @@ class TestNewCase(feature_manager.FeatureManager):
|
||||
return topology_dict
|
||||
|
||||
def verify_ping_to_fip_from_ext_vm(self, server_details):
|
||||
self.using_floating_ip_check_server_and_project_network_connectivity(
|
||||
self.test_fip_check_server_and_project_network_connectivity(
|
||||
server_details)
|
||||
|
||||
def verify_ping_own_fip(self, server):
|
||||
|
||||
@ -0,0 +1,99 @@
|
||||
# Copyright 2018 VMware Inc
|
||||
# All Rights Reserved
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import re
|
||||
|
||||
from tempest import config
|
||||
from tempest.lib.common.utils import data_utils
|
||||
from tempest.lib import decorators
|
||||
|
||||
from vmware_nsx_tempest_plugin.lib import feature_manager
|
||||
from vmware_nsx_tempest_plugin.services import nsxv3_client
|
||||
from vmware_nsx_tempest_plugin.services import nsxv_client
|
||||
|
||||
from oslo_log import log as logging
|
||||
|
||||
CONF = config.CONF
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
|
||||
class PORTSecUnidimensionalScaleTest(feature_manager.FeatureManager):
|
||||
|
||||
"""Test Uni Dimesional Case for
|
||||
Logical-switches
|
||||
Logical-Dhcp-Servers
|
||||
Logical-Static-bindings
|
||||
|
||||
"""
|
||||
@classmethod
|
||||
def setup_clients(cls):
|
||||
super(PORTSecUnidimensionalScaleTest, cls).setup_clients()
|
||||
cls.cmgr_adm = cls.get_client_manager('admin')
|
||||
cls.cmgr_alt = cls.get_client_manager('alt')
|
||||
cls.cmgr_adm = cls.get_client_manager('admin')
|
||||
|
||||
@classmethod
|
||||
def resource_setup(cls):
|
||||
super(PORTSecUnidimensionalScaleTest, cls).resource_setup()
|
||||
if CONF.network.backend == "nsxv3":
|
||||
cls.nsx = nsxv3_client.NSXV3Client(CONF.nsxv3.nsx_manager,
|
||||
CONF.nsxv3.nsx_user,
|
||||
CONF.nsxv3.nsx_password)
|
||||
elif CONF.network.backend == "nsxv":
|
||||
manager_ip = re.search(r"(\d{1,3}\.){3}\d{1,3}",
|
||||
CONF.nsxv.manager_uri).group(0)
|
||||
cls.vsm = nsxv_client.VSMClient(
|
||||
manager_ip, CONF.nsxv.user, CONF.nsxv.password)
|
||||
|
||||
def _create_scale_logical_port_with_disabled_port_sec(self, scale):
|
||||
# Create a network with dhcp enabled subnet
|
||||
neutron_ports = 0
|
||||
name = data_utils.rand_name('port-sec-net')
|
||||
network = self.create_topology_network(network_name=name)
|
||||
sub_name = data_utils.rand_name('port-sec-sub')
|
||||
self.create_topology_subnet(sub_name, network, cidr='20.20.0.0/16')
|
||||
port_name = data_utils.rand_name('port-sec')
|
||||
for i in range(scale):
|
||||
args = {"device_owner": 'compute:None',
|
||||
"port_security_enabled": False,
|
||||
"name": '%s%s' % (port_name, i)}
|
||||
self.create_topology_port(network, **args)
|
||||
ports = self.ports_client.list_ports()
|
||||
for port in ports.get('ports'):
|
||||
if "port-sec" in port['name']:
|
||||
neutron_ports += 1
|
||||
self.assertEqual(neutron_ports, scale)
|
||||
backend_ports = self.nsx.get_logical_ports()
|
||||
ports_name = [i.get('display_name') for i in backend_ports
|
||||
if "port-sec" in i.get('display_name')]
|
||||
self.assertEqual(len(ports_name) - 2, scale)
|
||||
ns_group_id = self.nsx.get_neutron_ns_group_id()
|
||||
members = self.nsx.get_ns_group_port_members(ns_group_id)
|
||||
self.assertEqual(members.get('result_count'), scale)
|
||||
|
||||
@decorators.attr(type='nsxv3')
|
||||
@decorators.idempotent_id('c2b264a2-daab-4123-ad3b-f0713a390f47')
|
||||
def test_create_500_logical_dhcp_server(self):
|
||||
self._create_scale_logical_port_with_disabled_port_sec(500)
|
||||
|
||||
@decorators.attr(type='nsxv3')
|
||||
@decorators.idempotent_id('5ba22b0f-4593-4345-8998-a3002ce63406')
|
||||
def test_create_1k_logical_dhcp_server(self):
|
||||
self._create_scale_logical_port_with_disabled_port_sec(1000)
|
||||
|
||||
@decorators.attr(type='nsxv3')
|
||||
@decorators.idempotent_id('ddf3d789-838a-4567-b4fe-8fe214f0e956')
|
||||
def test_create_2k_logical_dhcp_server(self):
|
||||
self._create_scale_logical_port_with_disabled_port_sec(2000)
|
||||
@ -0,0 +1,147 @@
|
||||
# Copyright 2018 VMware Inc
|
||||
# All Rights Reserved
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import re
|
||||
|
||||
from tempest import config
|
||||
from tempest.lib import decorators
|
||||
|
||||
from vmware_nsx_tempest_plugin.lib import feature_manager
|
||||
from vmware_nsx_tempest_plugin.services import nsxv3_client
|
||||
from vmware_nsx_tempest_plugin.services import nsxv_client
|
||||
|
||||
from oslo_log import log as logging
|
||||
|
||||
CONF = config.CONF
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
|
||||
class ProviderSecGrpUnidimensionalScaleTest(feature_manager.FeatureManager):
|
||||
|
||||
"""Test Uni Dimesional Case for
|
||||
Logical-security-groups
|
||||
Logical-security-group-rules
|
||||
|
||||
"""
|
||||
@classmethod
|
||||
def setup_clients(cls):
|
||||
super(ProviderSecGrpUnidimensionalScaleTest, cls).setup_clients()
|
||||
cls.cmgr_adm = cls.get_client_manager('admin')
|
||||
cls.cmgr_alt = cls.get_client_manager('alt')
|
||||
cls.cmgr_adm = cls.get_client_manager('admin')
|
||||
|
||||
@classmethod
|
||||
def resource_setup(cls):
|
||||
super(ProviderSecGrpUnidimensionalScaleTest, cls).resource_setup()
|
||||
if CONF.network.backend == "nsxv3":
|
||||
cls.nsx = nsxv3_client.NSXV3Client(CONF.nsxv3.nsx_manager,
|
||||
CONF.nsxv3.nsx_user,
|
||||
CONF.nsxv3.nsx_password)
|
||||
elif CONF.network.backend == "nsxv":
|
||||
manager_ip = re.search(r"(\d{1,3}\.){3}\d{1,3}",
|
||||
CONF.nsxv.manager_uri).group(0)
|
||||
cls.vsm = nsxv_client.VSMClient(
|
||||
manager_ip, CONF.nsxv.user, CONF.nsxv.password)
|
||||
|
||||
def _create_topology_tier1_with_vms(self, no_of_entites, no_of_ports):
|
||||
name = 'pro-sec-router'
|
||||
router = self.create_topology_router(router_name=name)
|
||||
for i in range(no_of_entites):
|
||||
name = 'uniscale-%s-net' % i
|
||||
network = self.create_topology_network(network_name=name)
|
||||
sub_name = 'uniscale-%s-sub' % i
|
||||
self.create_topology_subnet(
|
||||
sub_name,
|
||||
network,
|
||||
router_id=router['id'])
|
||||
self.create_topology_instance(
|
||||
"server_pro_%s" % i, [network])
|
||||
|
||||
for j in range(no_of_ports):
|
||||
kwargs = {"port_security_enabled": "true",
|
||||
"security_groups": []}
|
||||
self.create_topology_port(
|
||||
network, ports_client=self.cmgr_adm.ports_client, **kwargs)
|
||||
|
||||
def _create_scale_logical_security_groups(self, scale):
|
||||
i = 100
|
||||
for num in range(scale):
|
||||
sg = self.create_topology_security_provider_group(self.cmgr_adm,
|
||||
provider=True)
|
||||
sw_rules = [dict(direction='ingress', protocol='icmp',
|
||||
port_range_min=i + 1,
|
||||
port_range_max=i + 1, )]
|
||||
for rule in sw_rules:
|
||||
self.add_security_group_rule(sg, rule)
|
||||
provider_sec = self.security_group_rules_client.list_security_groups(
|
||||
)
|
||||
error_msg = "Neutron provider sec group doesn't created"
|
||||
self.assertIsNotNone(len(provider_sec), error_msg)
|
||||
nsx_firewall = self.nsx.get_firewall_sections()
|
||||
sec_group = [dfw for dfw in nsx_firewall
|
||||
if sg['name'] in dfw['display_name']][0]
|
||||
self.assertIsNotNone(len(sec_group))
|
||||
nsx_firewall = self.nsx.get_firewall_section_rules(sec_group)
|
||||
scale_firewall_rule = [dfw for dfw in nsx_firewall
|
||||
if dfw['id'] is not None]
|
||||
self.assertIsNotNone(len(scale_firewall_rule))
|
||||
|
||||
@decorators.attr(type='nsxv3')
|
||||
@decorators.idempotent_id('a12264a2-daab-451f-ad3b-f0713a390123')
|
||||
def test_create_10_provider_groups_100_ports_1_switch(self):
|
||||
self._create_scale_logical_security_groups(10)
|
||||
self._create_topology_tier1_with_vms(1, 100)
|
||||
# Check vms connectivity from outside world when provider-sec group enabled
|
||||
self.ping_between_vms_different_router_uniscale(icmp_succeed=False)
|
||||
|
||||
@decorators.attr(type='nsxv3')
|
||||
@decorators.idempotent_id('b1222b0f-4593-4509-8998-a3002ce63231')
|
||||
def test_create_10_provider_groups_1000_ports_1_switch(self):
|
||||
self._create_scale_logical_security_groups(10)
|
||||
self._create_topology_tier1_with_vms(1, 1000)
|
||||
# Check vms connectivity from outside world when provider-sec group enabled
|
||||
self.ping_between_vms_different_router_uniscale(icmp_succeed=False)
|
||||
|
||||
@decorators.attr(type='nsxv3')
|
||||
@decorators.idempotent_id('b1222b0f-4593-4509-8998-a3002ce63981')
|
||||
def test_create_100_provider_groups_100_ports_1_switch(self):
|
||||
self._create_scale_logical_security_groups(100)
|
||||
self._create_topology_tier1_with_vms(1, 100)
|
||||
# Check vms connectivity from outside world when provider-sec group enabled
|
||||
self.ping_between_vms_different_router_uniscale(icmp_succeed=False)
|
||||
|
||||
@decorators.attr(type='nsxv3')
|
||||
@decorators.idempotent_id('b1222b0f-4593-4509-8998-a3002ce63009')
|
||||
def test_create_100_provider_groups_1000_ports_1_switch(self):
|
||||
self._create_scale_logical_security_groups(100)
|
||||
self._create_topology_tier1_with_vms(1, 1000)
|
||||
# Check vms connectivity from outside world when provider-sec group enabled
|
||||
self.ping_between_vms_different_router_uniscale(icmp_succeed=False)
|
||||
|
||||
@decorators.attr(type='nsxv3')
|
||||
@decorators.idempotent_id('b1222b0f-4593-4509-8998-a3002ce63341')
|
||||
def test_create_10_provider_groups_100_ports_switch_10(self):
|
||||
self._create_scale_logical_security_groups(10)
|
||||
self._create_topology_tier1_with_vms(10, 100)
|
||||
# Check vms connectivity from outside world when provider-sec group enabled
|
||||
self.ping_between_vms_different_router_uniscale(icmp_succeed=False)
|
||||
|
||||
@decorators.attr(type='nsxv3')
|
||||
@decorators.idempotent_id('b1222b0f-4593-4509-8998-a3002c345406')
|
||||
def test_create_1000_provider_groups_100_ports_10_switch(self):
|
||||
self._create_scale_logical_security_groups(1000)
|
||||
self._create_topology_tier1_with_vms(10, 100)
|
||||
# Check vms connectivity from outside world when provider-sec group enabled
|
||||
self.ping_between_vms_different_router_uniscale(icmp_succeed=False)
|
||||
Loading…
Reference in New Issue
Block a user