Merge "[IPv6] Adding sg tests for IPv4v6 port"

vmware_nsx_tempest_plugin/tests/nsxv3/api/test_nsx_ipv6_security_groups.py

@@ -0,0 +1,177 @@
+
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from tempest import config
+from tempest.lib import decorators
+from tempest.lib import exceptions
+
+from vmware_nsx_tempest_plugin.lib import feature_manager
+CONF = config.CONF
+
+
+class IPv6SecurityGroupsTest(feature_manager.FeatureManager):
+    """Test the following operations for security groups:
+        port create
+        port delete
+        port list
+        port show
+        port update
+    """
+
+    @classmethod
+    def skip_checks(cls):
+        super(IPv6SecurityGroupsTest, cls).skip_checks()
+        if not (CONF.network_feature_enabled.ipv6 and
+                CONF.network_feature_enabled.ipv6_subnet_attributes):
+            raise cls.skipException('IPv6 or its attributes not supported')
+        if not (CONF.network.project_networks_reachable or
+                CONF.network.public_network_id):
+            msg = ('Either project_networks_reachable must be "true", or '
+                   'public_network_id must be defined.')
+            raise cls.skipException(msg)
+
+    @classmethod
+    def setup_clients(cls):
+        super(IPv6SecurityGroupsTest, cls).setup_clients()
+        cls.cmgr_adm = cls.get_client_manager('admin')
+
+    @classmethod
+    def resource_setup(cls):
+        super(IPv6SecurityGroupsTest, cls).resource_setup()
+
+    def _create_ipv6_topology(self):
+        name = "ipv6-network"
+        networks_client = self.cmgr_adm.networks_client
+        network = self.create_topology_network(name,
+                                               networks_client=networks_client)
+        address_cidr = CONF.network.project_network_v6_cidr
+        address_prefixlen = CONF.network.project_network_v6_mask_bits
+        if ((address_prefixlen >= 126)):
+            msg = ("Subnet %s isn't large enough for the test" % address_cidr)
+            raise exceptions.InvalidConfiguration(msg)
+        allocation_pools = {'allocation_pools': [{
+                            'start': str(address_cidr).split('/')[0] + '2',
+                            'end':str(address_cidr).split('/')[0] + '70'}]}
+        subnet_client = self.cmgr_adm.subnets_client
+        subnet_name = network['name'] + 'sub'
+        self.create_topology_subnet(subnet_name, network,
+                                    subnets_client=subnet_client,
+                                    ip_version=6, enable_dhcp=False,
+                                    **allocation_pools)
+        return network
+
+    def _create_ipv4_v6_topology(self):
+        name = "ipv4-v6-network"
+        networks_client = self.cmgr_adm.networks_client
+        network = self.create_topology_network(name,
+                                               networks_client=networks_client)
+        address_cidr = CONF.network.project_network_v6_cidr
+        address_prefixlen = CONF.network.project_network_v6_mask_bits
+        if ((address_prefixlen >= 126)):
+            msg = ("Subnet %s isn't large enough for the test" % address_cidr)
+            raise exceptions.InvalidConfiguration(msg)
+        allocation_pools = {'allocation_pools': [{
+                            'start': str(address_cidr).split('/')[0] + '2',
+                            'end':str(address_cidr).split('/')[0] + '70'}]}
+        subnet_client = self.cmgr_adm.subnets_client
+        subnet_name = network['name'] + 'ipv6-sub'
+        self.create_topology_subnet(subnet_name, network,
+                                    subnets_client=subnet_client,
+                                    ip_version=6, enable_dhcp=False,
+                                    **allocation_pools)
+        subnet_name = network['name'] + 'ipv4-sub'
+        self.create_topology_subnet(subnet_name, network,
+                                    subnets_client=subnet_client)
+        return network
+
+    @decorators.attr(type=['nsxv3', 'positive'])
+    @decorators.idempotent_id('a8dfdba6-7dcf-4082-9669-0fbaa4b0fb2c')
+    def test_create_security_group_rules_with_v4_v6_prefix(self):
+        """
+        Test create security group with ipv4
+        and ipv6 remote ip prefix rules
+        """
+        sg = self.create_topology_security_group()
+        ipv4_prefix = "192.168.1.0/24"
+        ipv6_prefix = "2010:1:10::/64"
+        sg_ipv4_rule = self.add_security_group_rule(
+            security_group=sg,
+            protocol='tcp', ethertype='IPv4',
+            direction='ingress',
+            remote_ip_prefix=ipv4_prefix)
+        self.assertEqual(sg_ipv4_rule['remote_ip_prefix'], ipv4_prefix)
+        sg_ipv6_rule = self.add_security_group_rule(
+            security_group=sg,
+            protocol='tcp', ethertype='IPv6',
+            direction='egress',
+            remote_ip_prefix=ipv6_prefix)
+        self.assertEqual(sg_ipv6_rule['remote_ip_prefix'], ipv6_prefix)
+
+    @decorators.attr(type=['nsxv3', 'positive'])
+    @decorators.idempotent_id('037413a8-0db7-411a-a389-0ecc9007b6ef')
+    def test_create_security_group_with_ipv6_port(self):
+        """
+        Test create security group with ipv6 rule
+        and attach to port with ipv6 address
+        """
+        sec_client = self.cmgr_adm.security_groups_client
+        sec_rule_client = self.cmgr_adm.security_group_rules_client
+        network = self._create_ipv6_topology()
+        sec_group = self._create_empty_security_group(
+            namestart="tempest-ipv6-", client=sec_client)
+        rule = dict(
+                   direction='ingress',
+                   ethertype='IPv6',
+                   protocol='udp',
+                   remote_ip_prefix='2010:1:10::/64')
+        self._create_security_group_rule(
+            sec_group_rules_client=sec_rule_client,
+            security_groups_client=sec_client,
+            secgroup=sec_group,
+            **rule)
+        port_client = self.cmgr_adm.ports_client
+        body = self.create_topology_port(network=network,
+                                         ports_client=port_client,
+                                         security_groups=[sec_group['id']])
+        port = body['port']
+        for sg in port["security_groups"]:
+            self.assertEqual(sg, sec_group['id'])
+
+    @decorators.attr(type=['nsxv3', 'positive'])
+    @decorators.idempotent_id('0604fee9-011e-4b5e-886a-620669a8c2f5')
+    def test_create_security_group_with_ipv4_v6_port(self):
+        """
+        Test create security group with ipv6 rule
+        and attach to port with ipv6 address
+        """
+        sec_client = self.cmgr_adm.security_groups_client
+        sec_rule_client = self.cmgr_adm.security_group_rules_client
+        network = self._create_ipv4_v6_topology()
+        sec_group = self._create_empty_security_group(
+            namestart="tempest-ipv6-", client=sec_client)
+        rule = dict(
+                   direction='ingress',
+                   ethertype='IPv6',
+                   protocol='tcp')
+        self._create_security_group_rule(
+            sec_group_rules_client=sec_rule_client,
+            security_groups_client=sec_client,
+            secgroup=sec_group,
+            **rule)
+        port_client = self.cmgr_adm.ports_client
+        body = self.create_topology_port(network=network,
+                                         ports_client=port_client,
+                                         security_groups=[sec_group['id']])
+        port = body['port']
+        for sg in port["security_groups"]:
+            self.assertEqual(sg, sec_group['id'])