tempest/api/compute/security_groups/test_security_group_rules.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179

# Copyright 2012 OpenStack Foundation
# All Rights Reserved.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

from tempest.api.compute.security_groups import base
from tempest.lib import decorators


class SecurityGroupRulesTestJSON(base.BaseSecurityGroupsTest):
    """Test security group rules API

    Test security group rules API with compute microversion less than 2.36.
    """

    @classmethod
    def setup_clients(cls):
        super(SecurityGroupRulesTestJSON, cls).setup_clients()
        cls.client = cls.security_group_rules_client

    @classmethod
    def resource_setup(cls):
        super(SecurityGroupRulesTestJSON, cls).resource_setup()
        cls.ip_protocol = 'tcp'
        cls.from_port = 22
        cls.to_port = 22

    def setUp(self):
        super(SecurityGroupRulesTestJSON, self).setUp()

        from_port = self.from_port
        to_port = self.to_port
        group = {}
        ip_range = {}
        self.expected = {
            'parent_group_id': None,
            'ip_protocol': self.ip_protocol,
            'from_port': from_port,
            'to_port': to_port,
            'ip_range': ip_range,
            'group': group
        }

    def _check_expected_response(self, actual_rule):
        for key in self.expected:
            self.assertEqual(self.expected[key], actual_rule[key],
                             "Miss-matched key is %s" % key)

    @decorators.attr(type='smoke')
    @decorators.idempotent_id('850795d7-d4d3-4e55-b527-a774c0123d3a')
    def test_security_group_rules_create(self):
        """Test creating security group rules"""
        # Creating a Security Group to add rules to it
        security_group = self.create_security_group()
        securitygroup_id = security_group['id']
        # Adding rules to the created Security Group
        rule = self.client.create_security_group_rule(
            parent_group_id=securitygroup_id,
            ip_protocol=self.ip_protocol,
            from_port=self.from_port,
            to_port=self.to_port)['security_group_rule']
        self.expected['parent_group_id'] = securitygroup_id
        self.expected['ip_range'] = {'cidr': '0.0.0.0/0'}
        self._check_expected_response(rule)

    @decorators.idempotent_id('7a01873e-3c38-4f30-80be-31a043cfe2fd')
    def test_security_group_rules_create_with_optional_cidr(self):
        """Test creating security group rules with optional field cidr"""
        # Creating a Security Group to add rules to it
        security_group = self.create_security_group()
        parent_group_id = security_group['id']

        # Adding rules to the created Security Group with optional cidr
        cidr = '10.2.3.124/24'
        rule = self.client.create_security_group_rule(
            parent_group_id=parent_group_id,
            ip_protocol=self.ip_protocol,
            from_port=self.from_port,
            to_port=self.to_port,
            cidr=cidr)['security_group_rule']
        self.expected['parent_group_id'] = parent_group_id
        self.expected['ip_range'] = {'cidr': cidr}
        self._check_expected_response(rule)

    @decorators.idempotent_id('7f5d2899-7705-4d4b-8458-4505188ffab6')
    def test_security_group_rules_create_with_optional_group_id(self):
        """Test creating security group rules with optional field group id"""
        # Creating a Security Group to add rules to it
        security_group = self.create_security_group()
        parent_group_id = security_group['id']

        # Creating a Security Group so as to assign group_id to the rule
        security_group = self.create_security_group()
        group_id = security_group['id']
        group_name = security_group['name']

        # Adding rules to the created Security Group with optional group_id
        rule = self.client.create_security_group_rule(
            parent_group_id=parent_group_id,
            ip_protocol=self.ip_protocol,
            from_port=self.from_port,
            to_port=self.to_port,
            group_id=group_id)['security_group_rule']
        self.expected['parent_group_id'] = parent_group_id
        self.expected['group'] = {'tenant_id': self.client.tenant_id,
                                  'name': group_name}
        self._check_expected_response(rule)

    @decorators.attr(type='smoke')
    @decorators.idempotent_id('a6154130-5a55-4850-8be4-5e9e796dbf17')
    def test_security_group_rules_list(self):
        """Test listing security group rules"""
        # Creating a Security Group to add rules to it
        security_group = self.create_security_group()
        securitygroup_id = security_group['id']

        # Add a first rule to the created Security Group
        rule = self.client.create_security_group_rule(
            parent_group_id=securitygroup_id,
            ip_protocol=self.ip_protocol,
            from_port=self.from_port,
            to_port=self.to_port)['security_group_rule']
        rule1_id = rule['id']

        # Add a second rule to the created Security Group
        ip_protocol2 = 'icmp'
        from_port2 = -1
        to_port2 = -1
        rule = self.client.create_security_group_rule(
            parent_group_id=securitygroup_id,
            ip_protocol=ip_protocol2,
            from_port=from_port2,
            to_port=to_port2)['security_group_rule']
        rule2_id = rule['id']
        # Delete the Security Group rule2 at the end of this method
        self.addCleanup(
            self.security_group_rules_client.delete_security_group_rule,
            rule2_id)

        # Get rules of the created Security Group
        rules = self.security_groups_client.show_security_group(
            securitygroup_id)['security_group']['rules']
        self.assertNotEmpty([i for i in rules if i['id'] == rule1_id])
        self.assertNotEmpty([i for i in rules if i['id'] == rule2_id])

    @decorators.idempotent_id('fc5c5acf-2091-43a6-a6ae-e42760e9ffaf')
    def test_security_group_rules_delete_when_peer_group_deleted(self):
        """Test security group rule gets deleted when peer group is deleted"""
        # Creating a Security Group to add rules to it
        security_group = self.create_security_group()
        sg1_id = security_group['id']
        # Creating other Security Group to access to group1
        security_group = self.create_security_group()
        sg2_id = security_group['id']
        # Adding rules to the Group1
        self.client.create_security_group_rule(
            parent_group_id=sg1_id,
            ip_protocol=self.ip_protocol,
            from_port=self.from_port,
            to_port=self.to_port,
            group_id=sg2_id)

        # Delete group2
        self.security_groups_client.delete_security_group(sg2_id)
        # Get rules of the Group1
        rules = (self.security_groups_client.show_security_group(sg1_id)
                 ['security_group']['rules'])
        # The group1 has no rules because group2 has deleted
        self.assertEmpty(rules)