2 Documentation Test suite to verify security groups basic and advanced functionalities, including negative tests.
3 ... These test cases are not so relevant for transparent mode, so each test case will be tagged with
4 ... "skip_if_transparent" to allow any underlying keywords to return with a PASS without risking
5 ... a false failure. The real value of this suite will be in stateful mode.
6 Suite Setup BuiltIn.Run Keywords SetupUtils.Setup_Utils_For_Setup_And_Teardown
7 ... AND DevstackUtils.Devstack Suite Setup
8 Suite Teardown Suite Teardown
9 Test Setup SetupUtils.Setup_Test_With_Logging_And_Without_Fast_Failing
10 Test Teardown OpenStackOperations.Get Test Teardown Debugs
11 Force Tags skip_if_${SECURITY_GROUP_MODE}
12 Library OperatingSystem
13 Library RequestsLibrary
15 Resource ../../../libraries/DevstackUtils.robot
16 Resource ../../../libraries/KarafKeywords.robot
17 Resource ../../../libraries/OpenStackOperations.robot
18 Resource ../../../libraries/SetupUtils.robot
19 Resource ../../../libraries/Utils.robot
20 Resource ../../../variables/netvirt/Variables.robot
23 ${SECURITY_GROUP} sg-remote
24 @{NETWORKS_NAME} network_1 network_2
25 @{SUBNETS_NAME} l2_subnet_1 l2_subnet_2
26 @{ROUTERS_NAME} router1
27 @{NET_1_VM_INSTANCES} sg-net1-vm-1 sg-net1-vm-2
28 @{NET_2_VM_INSTANCES} sg-net2-vm-1
29 @{SUBNETS_RANGE} 30.0.0.0/24 40.0.0.0/24
33 OpenStackOperations.Create Network @{NETWORKS_NAME}[0]
34 OpenStackOperations.Create Network @{NETWORKS_NAME}[1]
35 BuiltIn.Wait Until Keyword Succeeds 10s 2s Utils.Check For Elements At URI ${NETWORK_URL} ${NETWORKS_NAME}
36 OpenStackOperations.Create SubNet @{NETWORKS_NAME}[0] @{SUBNETS_NAME}[0] @{SUBNETS_RANGE}[0]
37 OpenStackOperations.Create SubNet @{NETWORKS_NAME}[1] @{SUBNETS_NAME}[1] @{SUBNETS_RANGE}[1]
38 BuiltIn.Wait Until Keyword Succeeds 10s 2s Utils.Check For Elements At URI ${SUBNETWORK_URL} ${SUBNETS_NAME}
41 [Documentation] Allow only TCP packets for this suite
42 OpenStackOperations.Security Group Create Without Default Security Rules ${SECURITY_GROUP}
43 OpenStackOperations.Neutron Security Group Rule Create ${SECURITY_GROUP} direction=ingress port_range_max=65535 port_range_min=1 protocol=tcp
44 OpenStackOperations.Neutron Security Group Rule Create ${SECURITY_GROUP} direction=egress port_range_max=65535 port_range_min=1 protocol=tcp
45 OpenStackOperations.Neutron Security Group Show ${SECURITY_GROUP}
47 Create Vm Instances For network_1
48 [Documentation] Create VM instances using flavor and image names for a network.
49 OpenStackOperations.Create Vm Instances @{NETWORKS_NAME}[0] ${NET_1_VM_INSTANCES} sg=${SECURITY_GROUP}
51 Create Vm Instances For network_2
52 [Documentation] Create VM instances using flavor and image names for a network.
53 OpenStackOperations.Create Vm Instances @{NETWORKS_NAME}[1] ${NET_2_VM_INSTANCES} sg=${SECURITY_GROUP}
55 Check Vm Instances Have Ip Address
56 [Documentation] Test case to verify that all created VMs are ready and have received their ip addresses.
57 ... We are polling first and longest on the last VM created assuming that if it's received it's address
58 ... already the other instances should have theirs already or at least shortly thereafter.
59 # first, ensure all VMs are in ACTIVE state. if not, we can just fail the test case and not waste time polling
61 : FOR ${vm} IN @{NET_1_VM_INSTANCES}
62 \ OpenStackOperations.Poll VM Is ACTIVE ${vm}
63 ${status} ${message} BuiltIn.Run Keyword And Ignore Error BuiltIn.Wait Until Keyword Succeeds 60s 5s OpenStackOperations.Collect VM IP Addresses
64 ... true @{NET_1_VM_INSTANCES}
65 ${NET1_VM_IPS} ${NET1_DHCP_IP} OpenStackOperations.Collect VM IP Addresses false @{NET_1_VM_INSTANCES}
66 ${NET2_VM_IPS} ${NET2_DHCP_IP} OpenStackOperations.Collect VM IP Addresses false @{NET_2_VM_INSTANCES}
67 ${VM_INSTANCES}= Collections.Combine Lists ${NET_1_VM_INSTANCES}
68 ${VM_IPS}= Collections.Combine Lists ${NET1_VM_IPS}
69 ${LOOP_COUNT} BuiltIn.Get Length ${VM_INSTANCES}
70 : FOR ${index} IN RANGE 0 ${LOOP_COUNT}
71 \ ${status} ${message} BuiltIn.Run Keyword And Ignore Error BuiltIn.Should Not Contain @{VM_IPS}[${index}] None
72 \ BuiltIn.Run Keyword If '${status}' == 'FAIL' DevstackUtils.Write Commands Until Prompt openstack console log show @{VM_INSTANCES}[${index}] 30s
73 BuiltIn.Set Suite Variable ${NET1_VM_IPS}
74 BuiltIn.Set Suite Variable ${NET1_DHCP_IP}
75 BuiltIn.Should Not Contain ${NET1_VM_IPS} None
76 BuiltIn.Should Not Contain ${NET1_DHCP_IP} None
77 BuiltIn.Set Suite Variable ${NET2_VM_IPS}
78 BuiltIn.Set Suite Variable ${NET2_DHCP_IP}
79 BuiltIn.Should Not Contain ${NET2_VM_IPS} None
80 BuiltIn.Should Not Contain ${NET2_DHCP_IP} None
81 [Teardown] BuiltIn.Run Keywords OpenStackOperations.Show Debugs @{NET_1_VM_INSTANCES}
82 ... AND OpenStackOperations.Get Test Teardown Debugs
84 No Ping From DHCP To Vm Instance1
85 [Documentation] Check non-reachability of vm instances by pinging to them.
86 OpenStackOperations.Ping From DHCP Should Not Succeed @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[1]
88 No Ping From Vm Instance1 To Vm Instance2
89 [Documentation] Login to the vm instance and test some operations
90 ${vms} = BuiltIn.Create List @{NET1_VM_IPS}[1]
91 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[0] ${vms} ping_should_succeed=False
93 No Ping From Vm Instance2 To Vm Instance1
94 [Documentation] Login to the vm instance and test operations
95 ${vms} = BuiltIn.Create List @{NET1_VM_IPS}[0]
96 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[1] ${vms} ping_should_succeed=False
98 Add Ping Allow Rules With Remote SG (only between VMs)
99 OpenStackOperations.Neutron Security Group Rule Create Legacy Cli ${SECURITY_GROUP} direction=ingress protocol=icmp remote_group_id=${SECURITY_GROUP}
100 OpenStackOperations.Neutron Security Group Rule Create Legacy Cli ${SECURITY_GROUP} direction=egress protocol=icmp remote_group_id=${SECURITY_GROUP}
101 OpenStackOperations.Neutron Security Group Show ${SECURITY_GROUP}
103 Verify No Ping From DHCP To Vm Instance1
104 [Documentation] Check non-reachability of vm instances by pinging to them.
105 OpenStackOperations.Ping From DHCP Should Not Succeed @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[0]
107 Verify No Ping From DHCP To Vm Instance2
108 [Documentation] Check non-reachability of vm instances by pinging to them.
109 OpenStackOperations.Ping From DHCP Should Not Succeed @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[1]
111 Ping From Vm Instance1 To Vm Instance2
112 [Documentation] Login to the vm instance and test some operations
113 ${vms} = BuiltIn.Create List @{NET1_VM_IPS}[1]
114 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[0] ${vms}
116 Ping From Vm Instance2 To Vm Instance1
117 [Documentation] Login to the vm instance and test operations
118 ${vms} = BuiltIn.Create List @{NET1_VM_IPS}[0]
119 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[1] ${vms}
122 [Documentation] Create Router and Add Interface to the subnets.
123 OpenStackOperations.Create Router @{ROUTERS_NAME}[0]
125 Add Interfaces To Router
126 : FOR ${interface} IN @{SUBNETS_NAME}
127 \ OpenStackOperations.Add Router Interface @{ROUTERS_NAME}[0] ${interface}
129 Ping From Vm Instance1 To Vm Instance3
130 [Documentation] Login to the vm instance and test some operations
131 ${vms} = BuiltIn.Create List @{NET2_VM_IPS}[0]
132 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[0] ${vms}
134 Repeat Ping From Vm Instance1 To Vm Instance2 With a Router
135 [Documentation] Login to the vm instance and test some operations
136 ${vms} = BuiltIn.Create List @{NET1_VM_IPS}[1]
137 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[0] ${vms}
139 Repeat Ping From Vm Instance2 To Vm Instance1 With a Router
140 [Documentation] Login to the vm instance and test operations
141 ${vms} = BuiltIn.Create List @{NET1_VM_IPS}[0]
142 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[1] ${vms}
144 Add Additional Security Group To VMs
145 [Documentation] Add an additional security group to the VMs - this is done to test a different logic put in place for ports with multiple SGs
146 OpenStackOperations.Security Group Create Without Default Security Rules additional-sg
147 #TODO Remove this after the Newton jobs are removed, Openstack CLI with Newton lacks support to configure rule with remote_ip_prefix
148 OpenStackOperations.Neutron Security Group Rule Create Legacy Cli additional-sg direction=ingress protocol=icmp remote_ip_prefix=@{NET1_DHCP_IP}[0]/32
149 OpenStackOperations.Neutron Security Group Show additional-sg
150 : FOR ${vm} IN @{NET_1_VM_INSTANCES}
151 \ OpenStackOperations.Add Security Group To VM ${vm} additional-sg
153 Ping From DHCP To Vm Instance1
154 [Documentation] Check reachability of vm instances by pinging to them from DHCP.
155 OpenStackOperations.Ping Vm From DHCP Namespace @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[0]
157 Ping From DHCP To Vm Instance2
158 [Documentation] Check reachability of vm instances by pinging to them from DHCP.
159 OpenStackOperations.Ping Vm From DHCP Namespace @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[1]
161 Repeat Ping From Vm Instance1 To Vm Instance2 With additional SG
162 [Documentation] Login to the vm instance and test some operations
163 ${vms} BuiltIn.Create List @{NET1_VM_IPS}[1]
164 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[0] ${vms}
166 Repeat Ping From Vm Instance2 To Vm Instance1 With additional SG
167 [Documentation] Login to the vm instance and test operations
168 ${vms} BuiltIn.Create List @{NET1_VM_IPS}[0]
169 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[1] ${vms}
171 Remove The Rules From Additional Security Group
172 OpenStackOperations.Delete All Security Group Rules additional-sg
174 No Ping From DHCP To Vm Instance1 With Additional Security Group Rules Removed
175 [Documentation] Check non-reachability of vm instances by pinging to them.
176 OpenStackOperations.Ping From DHCP Should Not Succeed @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[0]
178 No Ping From DHCP To Vm Instance2 With Additional Security Group Rules Removed
179 [Documentation] Check non-reachability of vm instances by pinging to them.
180 OpenStackOperations.Ping From DHCP Should Not Succeed @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[1]
182 Add The Rules To Additional Security Group Again
183 OpenStackOperations.Neutron Security Group Rule Create Legacy Cli additional-sg direction=ingress protocol=icmp remote_ip_prefix=@{NET1_DHCP_IP}[0]/32
185 Ping From DHCP To Vm Instance1 After Rules Are Added Again
186 [Documentation] Check reachability of vm instances by pinging to them from DHCP.
187 OpenStackOperations.Ping Vm From DHCP Namespace @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[0]
189 Ping From DHCP To Vm Instance2 After Rules Are Added Again
190 [Documentation] Check reachability of vm instances by pinging to them from DHCP.
191 OpenStackOperations.Ping Vm From DHCP Namespace @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[1]
193 Remove the additional Security Group from First Vm
194 OpenStackOperations.Remove Security Group From VM @{NET_1_VM_INSTANCES}[0] additional-sg
196 Repeat Ping From Vm Instance1 To Vm Instance2 With Additional SG Removed From Vm1
197 [Documentation] Login to the vm instance and test some operations
198 ${vms} = BuiltIn.Create List @{NET1_VM_IPS}[1]
199 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[0] ${vms}
201 Repeat Ping From Vm Instance2 To Vm Instance1 With Additional SG Removed From Vm1
202 [Documentation] Login to the vm instance and test operations
203 ${vms} = BuiltIn.Create List @{NET1_VM_IPS}[0]
204 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[1] ${vms}
206 Remove Router Interfaces
207 : FOR ${interface} IN @{SUBNETS_NAME}
208 \ OpenStackOperations.Remove Interface @{ROUTERS_NAME}[0] ${interface}
211 OpenStackOperations.Delete Router @{ROUTERS_NAME}[0]
213 Repeat Ping From Vm Instance1 To Vm Instance2 With Router Removed
214 [Documentation] Login to the vm instance and test some operations
215 ${VM2_LIST} BuiltIn.Create List @{NET1_VM_IPS}[1]
216 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[0] ${VM2_LIST}
218 Repeat Ping From Vm Instance2 To Vm Instance1 With Router Removed
219 [Documentation] Login to the vm instance and test operations
220 ${VM1_LIST} BuiltIn.Create List @{NET1_VM_IPS}[0]
221 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[1] ${VM1_LIST}
223 Delete Vm Instances In network_2
224 : FOR ${vm} IN @{NET_2_VM_INSTANCES}
225 \ OpenStackOperations.Delete Vm Instance ${vm}
227 Repeat Ping From Vm Instance1 To Vm Instance2 With network_2 VM Deleted
228 [Documentation] Login to the vm instance and test some operations
229 ${VM2_LIST} BuiltIn.Create List @{NET1_VM_IPS}[1]
230 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[0] ${VM2_LIST}
232 Repeat Ping From Vm Instance2 To Vm Instance1 With network_2 VM Deleted
233 [Documentation] Login to the vm instance and test operations
234 ${VM1_LIST} BuiltIn.Create List @{NET1_VM_IPS}[0]
235 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[1] ${VM1_LIST}
237 Delete Vm Instances In network_1
238 : FOR ${VmElement} IN @{NET_1_VM_INSTANCES}
239 \ OpenStackOperations.Delete Vm Instance ${VmElement}
241 Delete Security Groups
242 OpenStackOperations.Delete SecurityGroup additional-sg
243 OpenStackOperations.Delete SecurityGroup ${SECURITY_GROUP}
247 : FOR ${vm} IN @{NET_1_VM_INSTANCES}
248 \ OpenStackOperations.Delete Vm Instance ${vm}
249 : FOR ${vm} IN @{NET_2_VM_INSTANCES}
250 \ OpenStackOperations.Delete Vm Instance ${vm}
251 : FOR ${subnet} IN @{SUBNETS_NAME}
252 \ BuiltIn.Run Keyword And Ignore Error OpenStackOperations.Delete SubNet ${subnet}
253 : FOR ${network} IN @{NETWORKS_NAME}
254 \ BuiltIn.Run Keyword And Ignore Error OpenStackOperations.Delete Network ${network}
255 BuiltIn.Run Keyword And Ignore Error OpenStackOperations.Delete SecurityGroup additional-sg
256 BuiltIn.Run Keyword And Ignore Error OpenStackOperations.Delete SecurityGroup ${SECURITY_GROUP}
257 SSHLibrary.Close All Connections