2 Documentation Test Suite for Neutron Security Group
3 Suite Setup Create Session session http://${ODL_SYSTEM_IP}:${RESTCONFPORT} auth=${AUTH} headers=${HEADERS}
4 Test Teardown Get Flows ${OS_COMPUTE_1_IP} ${OS_COMPUTE_2_IP}
6 Library OperatingSystem
7 Library RequestsLibrary
9 Resource ../../../libraries/DevstackUtils.robot
10 Resource ../../../variables/Variables.robot
14 ${DESCRIPTION} --description "new security group 1"
15 ${VERIFY_DESCRIPTION} new security group 1
16 ${VERIFY_NAME} SSH_UPDATED
17 ${NAME_UPDATE} --name SSH_UPDATED
18 ${SECURITY_FALSE} --port-security-enabled false
19 ${SECURITY_TRUE} --port-security-enabled true
20 ${SEC_GROUP} /restconf/config/neutron:neutron/security-groups/
21 ${SEC_RULE} /restconf/config/neutron:neutron/security-rules/
22 ${ADD_ARG_SSH} --direction ingress --ethertype IPv4 --port_range_max 22 --port_range_min 22 --protocol tcp
23 @{NETWORK} net1 net2 net3 net4 net5 net6 net7
25 @{SUBNET} sub1 sub2 sub3 sub4 sub5 sub6 sub7
27 @{IP_SUBNET} 20.2.1.0/24 20.2.2.0/24 20.2.3.0/24 20.2.4.0/24 20.2.5.0/24 20.2.6.0/24
28 @{PORT} port01 port02 port03 port04 port05 port06 port07
29 ... port08 port09 port10
30 ${SECURITY_GROUPS} --security-group
31 @{SGP_SSH} SSH1 SSH2 SSH3 SSH4 SSH5 SSH6 SSH7
33 ${ADD_ARG_SSH5} --direction ingress --ethertype IPv4 --port_range_max 20 --port_range_min 25 --protocol tcp
34 @{ADD_PARAMS} ingression IPv4 20 25 tcp
35 ${ADD_ARG_SSH6} --direction ingress --ethertype IPv4 --port_range_max 25 --port_range_min -1 --protocol tcp
36 ${ADD_ARG_SSH7} --direction ingress --ethertype IPv4 --port_range_max -1 --port_range_min 20 --protocol tcp
37 ${PORT_RANGE_ERROR} For TCP/UDP protocols, port_range_min must be <= port_range_max
38 ${INVALID_PORT_RANGE_MIN} Invalid value for port
41 TC01_Update Security Group description and Name
42 [Documentation] This test case validates the security group creation with optional parameter description, Update Security Group description and name
44 Log "Creating security Group and verification"
45 Create Security Group and Validate ${SGP_SSH[0]}
46 Log "Creating security Rule and verification"
47 Create Security Rule and Validate ${SGP_SSH[0]} direction=${ADD_PARAMS[0]} ethertype=${ADD_PARAMS[1]} port_range_max=${ADD_PARAMS[3]} port_range_min=${ADD_PARAMS[2]} protocol=${ADD_PARAMS[4]}
48 Log "Fetching the flows from DPN1 and DPN2"
49 Get Flows ${OS_COMPUTE_1_IP} ${OS_COMPUTE_2_IP}
50 Log "Creating neutron setup as network subnet port"
51 Neutron Setup Creation ${NETWORK[0]} ${SUBNET[0]} ${IP_SUBNET[0]} ${PORT[0]} ${PORT[1]} ${SECURITY_GROUPS}
53 Log "Security group verification on Neutron port"
54 Security group verification on Neutron port ${PORT[0]} ${SGP_ID}
55 Security group verification on Neutron port ${PORT[1]} ${SGP_ID}
56 Log "Update Security Group Description and Verification"
57 Update Security Group Description and Verification ${SGP_ID} ${DESCRIPTION} ${VERIFY_DESCRIPTION}
58 Log "Update Security Group Name and Verification"
59 Update Security Group Name and Verification ${SGP_ID} ${NAME_UPDATE} ${VERIFY_NAME}
61 TC02_Create Security Rule with port_range_min > port_range_max
62 [Documentation] This test case validates the security group and rule creation with optional parameters Create Security Rule with port_range_min greater than port_range_max
64 Log "Creating security Group and verification"
65 Create Security Group and Validate ${SGP_SSH[1]}
66 Log "Fetching the flows from DPN1 and DPN2"
67 Get Flows ${OS_COMPUTE_1_IP} ${OS_COMPUTE_2_IP}
68 Log "Neutron Rule Creation With Port Range Min Grt Port Range Max and Validation"
69 Neutron Rule Creation With Invalid Parameters ${SGP_SSH[1]} ${ADD_ARG_SSH5} ${PORT_RANGE_ERROR}
71 TC03_Create Security Rule with port_range_min = -1
72 [Documentation] This test case validates the security group and rule creation with optional parameters, Create Security Rule with port_range_min = -1
74 Log "Creating security Group and verification"
75 Create Security Group and Validate ${SGP_SSH[2]}
76 Log "Fetching the flows from DPN1 and DPN2"
77 Get Flows ${OS_COMPUTE_1_IP} ${OS_COMPUTE_2_IP}
78 Log "Neutron Rule Creation With Port Range Min Grt Port Range Max and Validation"
79 Neutron Rule Creation With Invalid Parameters ${SGP_SSH[2]} ${ADD_ARG_SSH6} ${INVALID_PORT_RANGE_MIN}
81 TC04_Create Security Rule with port_range_max = -1
82 [Documentation] This test case validates the security group and rule creation with optional parameters, Create Security Rule with port_range_max = -1
84 Log "Creating security Group and verification"
85 Create Security Group and Validate ${SGP_SSH[3]}
86 Log "Fetching the flows from DPN1 and DPN2"
87 Get Flows ${OS_COMPUTE_1_IP} ${OS_COMPUTE_2_IP}
88 Log "Neutron Rule Creation With Port Range Min Grt Port Range Max and Validation"
89 Neutron Rule Creation With Invalid Parameters ${SGP_SSH[3]} ${ADD_ARG_SSH7} ${INVALID_PORT_RANGE_MIN}
93 [Arguments] ${OS_COMPUTE_1_IP} ${OS_COMPUTE_2_IP}
94 [Documentation] Get the Flows from DPN1 and DPN2
95 Log "Fetching the flows from DPN1"
96 ${resp}= Run Command On Remote System ${OS_COMPUTE_1_IP} sudo ovs-ofctl dump-flows br-int -O OpenFlow13
98 Log "Fetching the Groups from DPN1"
99 ${resp}= Run Command On Remote System ${OS_COMPUTE_1_IP} sudo ovs-ofctl dump-groups br-int -OOpenflow13
101 Log "Fetching the flows from DPN2"
102 ${resp}= Run Command On Remote System ${OS_COMPUTE_2_IP} sudo ovs-ofctl dump-flows br-int -O OpenFlow13
104 Log "Fetching the Groups from DPN2"
105 ${resp}= Run Command On Remote System ${OS_COMPUTE_2_IP} sudo ovs-ofctl dump-groups br-int -OOpenflow13
108 Create Security Group and Validate
109 [Arguments] ${SGP_SSH}
110 [Documentation] Create Security Group and Validate
111 Log "Creating security Group"
112 ${OUTPUT} ${SGP_ID} Neutron Security Group Create ${SGP_SSH}
113 Set Global Variable ${SGP_ID}
116 Log "Verifying the security group"
117 ${resp} RequestsLibrary.Get Request session ${SEC_GROUP}
119 Should Be Equal As Strings ${resp.status_code} ${RESP_CODE}
120 Should Contain ${resp.content} ${SGP_SSH}
122 Create Security Rule and Validate
123 [Arguments] ${SGP_SSH} &{Kwargs}
124 [Documentation] Create Security Rule and Validate
125 Log "Creating the Rules for SSH groups"
126 ${OUTPUT} ${RULE_ID} Neutron Security Group Rule Create ${SGP_SSH}
129 Set Global Variable ${RULE_ID}
130 Log "Verifying the security Rule"
131 ${resp} RequestsLibrary.Get Request session ${SEC_RULE}
133 Should Be Equal As Strings ${resp.status_code} ${RESP_CODE}
134 Should Contain ${resp.content} ${RULE_ID}
136 Neutron Setup Creation
137 [Arguments] ${NETWORK} ${SUBNET} ${IP_SUBNET} ${PORT1} ${PORT2} ${SECURITY_GROUPS}
139 [Documentation] Neutron Setup Creation
140 Log "Creating networks"
141 ${net_id} Create Network ${NETWORK}
143 Set Global Variable ${net_id}
144 Log "Creating subnets"
145 ${subnet_id} Create SubNet ${NETWORK} ${SUBNET} ${IP_SUBNET}
147 Set Global Variable ${subnet_id}
148 ${ADD_ARGMS}= Set Variable ${SECURITY_GROUPS} ${SGP_ID}
149 ${port_id} Create Neutron Port With Additional Params ${NETWORK} ${PORT1} ${ADD_ARGMS}
152 ${port_id} Create Neutron Port With Additional Params ${NETWORK} ${PORT2} ${ADD_ARGMS}
155 Security group verification on Neutron port
156 [Arguments] ${PORT} ${SGP_ID}
157 [Documentation] Security group verification on Neutron port
158 Log "security group verification"
159 ${PORT_SHOW} Neutron Port Show ${PORT}
161 Should Contain ${PORT_SHOW} ${SGP_ID}
163 Update Security Group Description and Verification
164 [Arguments] ${SGP_ID} ${DESCRIPTION} ${VERIFY_DESCRIPTION}
165 [Documentation] Update Security Group Description and Verification
166 Log "Update Security Group Description"
167 ${output} Neutron Security Group Update ${SGP_ID} ${DESCRIPTION}
168 Log "Verification of Description"
169 ${output} Neutron Security Group Show ${SGP_ID}
171 Should Contain ${output} ${VERIFY_DESCRIPTION}
173 Update Security Group Name and Verification
174 [Arguments] ${SGP_ID} ${NAME_UPDATE} ${VERIFY_NAME}
175 [Documentation] Update Security Group Name and Verification
176 Log "Update Security Group Name"
177 ${output} Neutron Security Group Update ${SGP_ID} ${NAME_UPDATE}
178 Log "Verification of Updated Name"
179 ${output} Neutron Security Group Show ${SGP_ID}
181 Should Contain ${output} ${VERIFY_NAME}
182 Log "Verification of Updated Name via Rest"
183 ${resp} RequestsLibrary.Get Request session ${SEC_GROUP}
185 Should Be Equal As Strings ${resp.status_code} ${RESP_CODE}
186 Should Contain ${resp.content} ${VERIFY_NAME}
188 Neutron Rule Creation With Invalid Parameters
189 [Arguments] ${SecurityGroupName} ${additional_args} ${EXPECTED_ERROR}
190 [Documentation] Neutron Rule Creation With Null Protocol
191 ${devstack_conn_id}= Get ControlNode Connection
192 Switch Connection ${devstack_conn_id}
193 ${cmd}= Set Variable neutron security-group-rule-create ${SecurityGroupName} ${additional_args}
195 ${OUTPUT}= Write Commands Until Prompt ${cmd} 30s
197 Should Contain ${output} ${EXPECTED_ERROR}