2 Documentation Test suite to verify security groups basic and advanced functionalities, including negative tests.
3 ... These test cases are not so relevant for transparent mode, so each test case will be tagged with
4 ... "skip_if_transparent" to allow any underlying keywords to return with a PASS without risking
5 ... a false failure. The real value of this suite will be in stateful mode.
6 Suite Setup BuiltIn.Run Keywords SetupUtils.Setup_Utils_For_Setup_And_Teardown
7 ... AND DevstackUtils.Devstack Suite Setup
8 Suite Teardown Suite Teardown
9 Test Setup SetupUtils.Setup_Test_With_Logging_And_Without_Fast_Failing
10 Test Teardown OpenStackOperations.Get Test Teardown Debugs
11 Force Tags skip_if_${SECURITY_GROUP_MODE}
12 Library OperatingSystem
13 Library RequestsLibrary
15 Resource ../../../libraries/DevstackUtils.robot
16 Resource ../../../libraries/KarafKeywords.robot
17 Resource ../../../libraries/OpenStackOperations.robot
18 Resource ../../../libraries/SetupUtils.robot
19 Resource ../../../libraries/Utils.robot
20 Resource ../../../variables/netvirt/Variables.robot
23 ${SECURITY_GROUP} sg_sg
24 @{NETWORKS_NAME} sg_net_1 sg_net_2
25 @{SUBNETS_NAME} sg_sub_1 sg_sub_2
26 ${ROUTER_NAME} sg_router
27 @{NET_1_VM_INSTANCES} sg_net_1_vm_1 sg_net_1_vm_2
28 @{NET_2_VM_INSTANCES} sg_net_2_vm_1
29 @{SUBNETS_RANGE} 51.0.0.0/24 52.0.0.0/24
33 OpenStackOperations.Create Network @{NETWORKS_NAME}[0]
34 OpenStackOperations.Create Network @{NETWORKS_NAME}[1]
35 BuiltIn.Wait Until Keyword Succeeds 10s 2s Utils.Check For Elements At URI ${NETWORK_URL} ${NETWORKS_NAME}
36 OpenStackOperations.Create SubNet @{NETWORKS_NAME}[0] @{SUBNETS_NAME}[0] @{SUBNETS_RANGE}[0]
37 OpenStackOperations.Create SubNet @{NETWORKS_NAME}[1] @{SUBNETS_NAME}[1] @{SUBNETS_RANGE}[1]
38 BuiltIn.Wait Until Keyword Succeeds 10s 2s Utils.Check For Elements At URI ${SUBNETWORK_URL} ${SUBNETS_NAME}
41 [Documentation] Allow only TCP packets for this suite
42 OpenStackOperations.Security Group Create Without Default Security Rules ${SECURITY_GROUP}
43 OpenStackOperations.Neutron Security Group Rule Create ${SECURITY_GROUP} direction=ingress port_range_max=65535 port_range_min=1 protocol=tcp
44 OpenStackOperations.Neutron Security Group Rule Create ${SECURITY_GROUP} direction=egress port_range_max=65535 port_range_min=1 protocol=tcp
45 OpenStackOperations.Neutron Security Group Show ${SECURITY_GROUP}
47 Create Vm Instances For net_1
48 [Documentation] Create VM instances using flavor and image names for a network.
49 OpenStackOperations.Create Vm Instances @{NETWORKS_NAME}[0] ${NET_1_VM_INSTANCES} sg=${SECURITY_GROUP}
51 Create Vm Instances For net_2
52 [Documentation] Create VM instances using flavor and image names for a network.
53 OpenStackOperations.Create Vm Instances @{NETWORKS_NAME}[1] ${NET_2_VM_INSTANCES} sg=${SECURITY_GROUP}
55 Check Vm Instances Have Ip Address
56 @{NET_1_VM_IPS} ${NET_1_DHCP_IP} = OpenStackOperations.Get VM IPs @{NET_1_VM_INSTANCES}
57 @{NET_2_VM_IPS} ${NET_2_DHCP_IP} = OpenStackOperations.Get VM IPs @{NET_2_VM_INSTANCES}
58 BuiltIn.Set Suite Variable @{NET_1_VM_IPS}
59 BuiltIn.Set Suite Variable ${NET_1_DHCP_IP}
60 BuiltIn.Set Suite Variable @{NET_2_VM_IPS}
61 BuiltIn.Should Not Contain ${NET_1_VM_IPS} None
62 BuiltIn.Should Not Contain ${NET_2_VM_IPS} None
63 BuiltIn.Should Not Contain ${NET_1_DHCP_IP} None
64 BuiltIn.Should Not Contain ${NET_2_DHCP_IP} None
65 [Teardown] BuiltIn.Run Keywords OpenStackOperations.Show Debugs @{NET_1_VM_INSTANCES}
66 ... AND OpenStackOperations.Get Test Teardown Debugs
68 No Ping From DHCP To Vm Instance1
69 [Documentation] Check non-reachability of vm instances by pinging to them.
70 OpenStackOperations.Ping From DHCP Should Not Succeed @{NETWORKS_NAME}[0] @{NET_1_VM_IPS}[1]
72 No Ping From Vm Instance1 To Vm Instance2
73 [Documentation] Login to the vm instance and test some operations
74 ${vm_ips} = BuiltIn.Create List @{NET_1_VM_IPS}[1]
75 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET_1_VM_IPS}[0] ${vm_ips} ping_should_succeed=False
77 No Ping From Vm Instance2 To Vm Instance1
78 [Documentation] Login to the vm instance and test operations
79 ${vm_ips} = BuiltIn.Create List @{NET_1_VM_IPS}[0]
80 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET_1_VM_IPS}[1] ${vm_ips} ping_should_succeed=False
82 Add Ping Allow Rules With Remote SG (only between VMs)
83 OpenStackOperations.Neutron Security Group Rule Create Legacy Cli ${SECURITY_GROUP} direction=ingress protocol=icmp remote_group_id=${SECURITY_GROUP}
84 OpenStackOperations.Neutron Security Group Rule Create Legacy Cli ${SECURITY_GROUP} direction=egress protocol=icmp remote_group_id=${SECURITY_GROUP}
85 OpenStackOperations.Neutron Security Group Show ${SECURITY_GROUP}
87 Verify No Ping From DHCP To Vm Instance1
88 [Documentation] Check non-reachability of vm instances by pinging to them.
89 OpenStackOperations.Ping From DHCP Should Not Succeed @{NETWORKS_NAME}[0] @{NET_1_VM_IPS}[0]
91 Verify No Ping From DHCP To Vm Instance2
92 [Documentation] Check non-reachability of vm instances by pinging to them.
93 OpenStackOperations.Ping From DHCP Should Not Succeed @{NETWORKS_NAME}[0] @{NET_1_VM_IPS}[1]
95 Ping From Vm Instance1 To Vm Instance2
96 [Documentation] Login to the vm instance and test some operations
97 ${vm_ips} = BuiltIn.Create List @{NET_1_VM_IPS}[1]
98 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET_1_VM_IPS}[0] ${vm_ips}
100 Ping From Vm Instance2 To Vm Instance1
101 [Documentation] Login to the vm instance and test operations
102 ${vm_ips} = BuiltIn.Create List @{NET_1_VM_IPS}[0]
103 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET_1_VM_IPS}[1] ${vm_ips}
106 [Documentation] Create Router and Add Interface to the subnets.
107 OpenStackOperations.Create Router ${ROUTER_NAME}
109 Add Interfaces To Router
110 : FOR ${interface} IN @{SUBNETS_NAME}
111 \ OpenStackOperations.Add Router Interface ${ROUTER_NAME} ${interface}
113 Ping From Vm Instance1 To Vm Instance3
114 [Documentation] Login to the vm instance and test some operations
115 ${vm_ips} = BuiltIn.Create List @{NET_2_VM_IPS}[0]
116 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET_1_VM_IPS}[0] ${vm_ips}
118 Repeat Ping From Vm Instance1 To Vm Instance2 With a Router
119 [Documentation] Login to the vm instance and test some operations
120 ${vm_ips} = BuiltIn.Create List @{NET_1_VM_IPS}[1]
121 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET_1_VM_IPS}[0] ${vm_ips}
123 Repeat Ping From Vm Instance2 To Vm Instance1 With a Router
124 [Documentation] Login to the vm instance and test operations
125 ${vm_ips} = BuiltIn.Create List @{NET_1_VM_IPS}[0]
126 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET_1_VM_IPS}[1] ${vm_ips}
128 Add Additional Security Group To VMs
129 [Documentation] Add an additional security group to the VMs - this is done to test a different logic put in place for ports with multiple SGs
130 OpenStackOperations.Security Group Create Without Default Security Rules additional-sg
131 #TODO Remove this after the Newton jobs are removed, Openstack CLI with Newton lacks support to configure rule with remote_ip_prefix
132 OpenStackOperations.Neutron Security Group Rule Create Legacy Cli additional-sg direction=ingress protocol=icmp remote_ip_prefix=${NET_1_DHCP_IP}/32
133 OpenStackOperations.Neutron Security Group Show additional-sg
134 : FOR ${vm} IN @{NET_1_VM_INSTANCES}
135 \ OpenStackOperations.Add Security Group To VM ${vm} additional-sg
137 Ping From DHCP To Vm Instance1
138 [Documentation] Check reachability of vm instances by pinging to them from DHCP.
139 OpenStackOperations.Ping Vm From DHCP Namespace @{NETWORKS_NAME}[0] @{NET_1_VM_IPS}[0]
141 Ping From DHCP To Vm Instance2
142 [Documentation] Check reachability of vm instances by pinging to them from DHCP.
143 OpenStackOperations.Ping Vm From DHCP Namespace @{NETWORKS_NAME}[0] @{NET_1_VM_IPS}[1]
145 Repeat Ping From Vm Instance1 To Vm Instance2 With additional SG
146 [Documentation] Login to the vm instance and test some operations
147 ${vm_ips} BuiltIn.Create List @{NET_1_VM_IPS}[1]
148 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET_1_VM_IPS}[0] ${vm_ips}
150 Repeat Ping From Vm Instance2 To Vm Instance1 With additional SG
151 [Documentation] Login to the vm instance and test operations
152 ${vm_ips} BuiltIn.Create List @{NET_1_VM_IPS}[0]
153 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET_1_VM_IPS}[1] ${vm_ips}
155 Remove The Rules From Additional Security Group
156 OpenStackOperations.Delete All Security Group Rules additional-sg
158 No Ping From DHCP To Vm Instance1 With Additional Security Group Rules Removed
159 [Documentation] Check non-reachability of vm instances by pinging to them.
160 OpenStackOperations.Ping From DHCP Should Not Succeed @{NETWORKS_NAME}[0] @{NET_1_VM_IPS}[0]
162 No Ping From DHCP To Vm Instance2 With Additional Security Group Rules Removed
163 [Documentation] Check non-reachability of vm instances by pinging to them.
164 OpenStackOperations.Ping From DHCP Should Not Succeed @{NETWORKS_NAME}[0] @{NET_1_VM_IPS}[1]
166 Add The Rules To Additional Security Group Again
167 OpenStackOperations.Neutron Security Group Rule Create Legacy Cli additional-sg direction=ingress protocol=icmp remote_ip_prefix=${NET_1_DHCP_IP}/32
169 Ping From DHCP To Vm Instance1 After Rules Are Added Again
170 [Documentation] Check reachability of vm instances by pinging to them from DHCP.
171 OpenStackOperations.Ping Vm From DHCP Namespace @{NETWORKS_NAME}[0] @{NET_1_VM_IPS}[0]
173 Ping From DHCP To Vm Instance2 After Rules Are Added Again
174 [Documentation] Check reachability of vm instances by pinging to them from DHCP.
175 OpenStackOperations.Ping Vm From DHCP Namespace @{NETWORKS_NAME}[0] @{NET_1_VM_IPS}[1]
177 Remove the additional Security Group from First Vm
178 OpenStackOperations.Remove Security Group From VM @{NET_1_VM_INSTANCES}[0] additional-sg
180 Repeat Ping From Vm Instance1 To Vm Instance2 With Additional SG Removed From Vm1
181 [Documentation] Login to the vm instance and test some operations
182 ${vm_ips} = BuiltIn.Create List @{NET_1_VM_IPS}[1]
183 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET_1_VM_IPS}[0] ${vm_ips}
185 Repeat Ping From Vm Instance2 To Vm Instance1 With Additional SG Removed From Vm1
186 [Documentation] Login to the vm instance and test operations
187 ${vm_ips} = BuiltIn.Create List @{NET_1_VM_IPS}[0]
188 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET_1_VM_IPS}[1] ${vm_ips}
190 Remove Router Interfaces
191 : FOR ${interface} IN @{SUBNETS_NAME}
192 \ OpenStackOperations.Remove Interface ${ROUTER_NAME} ${interface}
195 OpenStackOperations.Delete Router ${ROUTER_NAME}
197 Repeat Ping From Vm Instance1 To Vm Instance2 With Router Removed
198 [Documentation] Login to the vm instance and test some operations
199 ${vm_ips} BuiltIn.Create List @{NET_1_VM_IPS}[1]
200 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET_1_VM_IPS}[0] ${vm_ips}
202 Repeat Ping From Vm Instance2 To Vm Instance1 With Router Removed
203 [Documentation] Login to the vm instance and test operations
204 ${vm_ips} BuiltIn.Create List @{NET_1_VM_IPS}[0]
205 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET_1_VM_IPS}[1] ${vm_ips}
207 Delete Vm Instances In net_2
208 : FOR ${vm} IN @{NET_2_VM_INSTANCES}
209 \ OpenStackOperations.Delete Vm Instance ${vm}
211 Repeat Ping From Vm Instance1 To Vm Instance2 With net_2 VM Deleted
212 [Documentation] Login to the vm instance and test some operations
213 ${vm_ips} BuiltIn.Create List @{NET_1_VM_IPS}[1]
214 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET_1_VM_IPS}[0] ${vm_ips}
216 Repeat Ping From Vm Instance2 To Vm Instance1 With net_2 VM Deleted
217 [Documentation] Login to the vm instance and test operations
218 ${vm_ips} = BuiltIn.Create List @{NET_1_VM_IPS}[0]
219 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET_1_VM_IPS}[1] ${vm_ips}
221 Delete Vm Instances In net_1
222 : FOR ${VmElement} IN @{NET_1_VM_INSTANCES}
223 \ OpenStackOperations.Delete Vm Instance ${VmElement}
225 Delete Security Groups
226 OpenStackOperations.Delete SecurityGroup additional-sg
227 OpenStackOperations.Delete SecurityGroup ${SECURITY_GROUP}
231 : FOR ${vm} IN @{NET_1_VM_INSTANCES}
232 \ OpenStackOperations.Delete Vm Instance ${vm}
233 : FOR ${vm} IN @{NET_2_VM_INSTANCES}
234 \ OpenStackOperations.Delete Vm Instance ${vm}
235 : FOR ${subnet} IN @{SUBNETS_NAME}
236 \ BuiltIn.Run Keyword And Ignore Error OpenStackOperations.Delete SubNet ${subnet}
237 : FOR ${network} IN @{NETWORKS_NAME}
238 \ BuiltIn.Run Keyword And Ignore Error OpenStackOperations.Delete Network ${network}
239 BuiltIn.Run Keyword And Ignore Error OpenStackOperations.Delete SecurityGroup additional-sg
240 BuiltIn.Run Keyword And Ignore Error OpenStackOperations.Delete SecurityGroup ${SECURITY_GROUP}
241 SSHLibrary.Close All Connections