2 Documentation Test suite to verify security groups basic and advanced functionalities, including negative tests.
3 ... These test cases are not so relevant for transparent mode, so each test case will be tagged with
4 ... "skip_if_transparent" to allow any underlying keywords to return with a PASS without risking
5 ... a false failure. The real value of this suite will be in stateful mode.
6 Suite Setup BuiltIn.Run Keywords SetupUtils.Setup_Utils_For_Setup_And_Teardown
7 ... AND DevstackUtils.Devstack Suite Setup
8 Suite Teardown Suite Teardown
9 Test Setup SetupUtils.Setup_Test_With_Logging_And_Without_Fast_Failing
10 Test Teardown OpenStackOperations.Get Test Teardown Debugs
11 Force Tags skip_if_${SECURITY_GROUP_MODE}
12 Library OperatingSystem
13 Library RequestsLibrary
15 Resource ../../../libraries/DevstackUtils.robot
16 Resource ../../../libraries/KarafKeywords.robot
17 Resource ../../../libraries/OpenStackOperations.robot
18 Resource ../../../libraries/SetupUtils.robot
19 Resource ../../../libraries/Utils.robot
20 Resource ../../../variables/netvirt/Variables.robot
23 ${SECURITY_GROUP} sg-remote
24 @{NETWORKS_NAME} network_1 network_2
25 @{SUBNETS_NAME} l2_subnet_1 l2_subnet_2
26 @{ROUTERS_NAME} router1
27 @{NET_1_VM_INSTANCES} sg-net1-vm-1 sg-net1-vm-2
28 @{NET_2_VM_INSTANCES} sg-net2-vm-1
29 @{SUBNETS_RANGE} 30.0.0.0/24 40.0.0.0/24
33 OpenStackOperations.Create Network @{NETWORKS_NAME}[0]
34 OpenStackOperations.Create Network @{NETWORKS_NAME}[1]
35 BuiltIn.Wait Until Keyword Succeeds 10s 2s Utils.Check For Elements At URI ${NETWORK_URL} ${NETWORKS_NAME}
36 OpenStackOperations.Create SubNet @{NETWORKS_NAME}[0] @{SUBNETS_NAME}[0] @{SUBNETS_RANGE}[0]
37 OpenStackOperations.Create SubNet @{NETWORKS_NAME}[1] @{SUBNETS_NAME}[1] @{SUBNETS_RANGE}[1]
38 BuiltIn.Wait Until Keyword Succeeds 10s 2s Utils.Check For Elements At URI ${SUBNETWORK_URL} ${SUBNETS_NAME}
41 [Documentation] Allow only TCP packets for this suite
42 OpenStackOperations.Security Group Create Without Default Security Rules ${SECURITY_GROUP}
43 OpenStackOperations.Neutron Security Group Rule Create ${SECURITY_GROUP} direction=ingress port_range_max=65535 port_range_min=1 protocol=tcp
44 OpenStackOperations.Neutron Security Group Rule Create ${SECURITY_GROUP} direction=egress port_range_max=65535 port_range_min=1 protocol=tcp
45 OpenStackOperations.Neutron Security Group Show ${SECURITY_GROUP}
47 Create Vm Instances For network_1
48 [Documentation] Create VM instances using flavor and image names for a network.
49 OpenStackOperations.Create Vm Instances @{NETWORKS_NAME}[0] ${NET_1_VM_INSTANCES} sg=${SECURITY_GROUP}
51 Create Vm Instances For network_2
52 [Documentation] Create VM instances using flavor and image names for a network.
53 OpenStackOperations.Create Vm Instances @{NETWORKS_NAME}[1] ${NET_2_VM_INSTANCES} sg=${SECURITY_GROUP}
55 Check Vm Instances Have Ip Address
56 @{NET1_VM_IPS} ${NET1_DHCP_IP} = Get VM IPs @{NET_1_VM_INSTANCES}
57 @{NET2_VM_IPS} ${NET2_DHCP_IP} = Get VM IPs @{NET_2_VM_INSTANCES}
58 Set Suite Variable @{NET1_VM_IPS}
59 Set Suite Variable ${NET1_DHCP_IP}
60 Set Suite Variable @{NET2_VM_IPS}
61 Should Not Contain ${NET1_VM_IPS} None
62 Should Not Contain ${NET2_VM_IPS} None
63 Should Not Contain ${NET1_DHCP_IP} None
64 Should Not Contain ${NET2_DHCP_IP} None
65 [Teardown] BuiltIn.Run Keywords OpenStackOperations.Show Debugs @{NET_1_VM_INSTANCES}
66 ... AND OpenStackOperations.Get Test Teardown Debugs
68 No Ping From DHCP To Vm Instance1
69 [Documentation] Check non-reachability of vm instances by pinging to them.
70 OpenStackOperations.Ping From DHCP Should Not Succeed @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[1]
72 No Ping From Vm Instance1 To Vm Instance2
73 [Documentation] Login to the vm instance and test some operations
74 ${vms} = BuiltIn.Create List @{NET1_VM_IPS}[1]
75 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[0] ${vms} ping_should_succeed=False
77 No Ping From Vm Instance2 To Vm Instance1
78 [Documentation] Login to the vm instance and test operations
79 ${vms} = BuiltIn.Create List @{NET1_VM_IPS}[0]
80 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[1] ${vms} ping_should_succeed=False
82 Add Ping Allow Rules With Remote SG (only between VMs)
83 OpenStackOperations.Neutron Security Group Rule Create Legacy Cli ${SECURITY_GROUP} direction=ingress protocol=icmp remote_group_id=${SECURITY_GROUP}
84 OpenStackOperations.Neutron Security Group Rule Create Legacy Cli ${SECURITY_GROUP} direction=egress protocol=icmp remote_group_id=${SECURITY_GROUP}
85 OpenStackOperations.Neutron Security Group Show ${SECURITY_GROUP}
87 Verify No Ping From DHCP To Vm Instance1
88 [Documentation] Check non-reachability of vm instances by pinging to them.
89 OpenStackOperations.Ping From DHCP Should Not Succeed @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[0]
91 Verify No Ping From DHCP To Vm Instance2
92 [Documentation] Check non-reachability of vm instances by pinging to them.
93 OpenStackOperations.Ping From DHCP Should Not Succeed @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[1]
95 Ping From Vm Instance1 To Vm Instance2
96 [Documentation] Login to the vm instance and test some operations
97 ${vms} = BuiltIn.Create List @{NET1_VM_IPS}[1]
98 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[0] ${vms}
100 Ping From Vm Instance2 To Vm Instance1
101 [Documentation] Login to the vm instance and test operations
102 ${vms} = BuiltIn.Create List @{NET1_VM_IPS}[0]
103 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[1] ${vms}
106 [Documentation] Create Router and Add Interface to the subnets.
107 OpenStackOperations.Create Router @{ROUTERS_NAME}[0]
109 Add Interfaces To Router
110 : FOR ${interface} IN @{SUBNETS_NAME}
111 \ OpenStackOperations.Add Router Interface @{ROUTERS_NAME}[0] ${interface}
113 Ping From Vm Instance1 To Vm Instance3
114 [Documentation] Login to the vm instance and test some operations
115 ${vms} = BuiltIn.Create List @{NET2_VM_IPS}[0]
116 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[0] ${vms}
118 Repeat Ping From Vm Instance1 To Vm Instance2 With a Router
119 [Documentation] Login to the vm instance and test some operations
120 ${vms} = BuiltIn.Create List @{NET1_VM_IPS}[1]
121 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[0] ${vms}
123 Repeat Ping From Vm Instance2 To Vm Instance1 With a Router
124 [Documentation] Login to the vm instance and test operations
125 ${vms} = BuiltIn.Create List @{NET1_VM_IPS}[0]
126 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[1] ${vms}
128 Add Additional Security Group To VMs
129 [Documentation] Add an additional security group to the VMs - this is done to test a different logic put in place for ports with multiple SGs
130 OpenStackOperations.Security Group Create Without Default Security Rules additional-sg
131 #TODO Remove this after the Newton jobs are removed, Openstack CLI with Newton lacks support to configure rule with remote_ip_prefix
132 OpenStackOperations.Neutron Security Group Rule Create Legacy Cli additional-sg direction=ingress protocol=icmp remote_ip_prefix=${NET1_DHCP_IP}/32
133 OpenStackOperations.Neutron Security Group Show additional-sg
134 : FOR ${vm} IN @{NET_1_VM_INSTANCES}
135 \ OpenStackOperations.Add Security Group To VM ${vm} additional-sg
137 Ping From DHCP To Vm Instance1
138 [Documentation] Check reachability of vm instances by pinging to them from DHCP.
139 OpenStackOperations.Ping Vm From DHCP Namespace @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[0]
141 Ping From DHCP To Vm Instance2
142 [Documentation] Check reachability of vm instances by pinging to them from DHCP.
143 OpenStackOperations.Ping Vm From DHCP Namespace @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[1]
145 Repeat Ping From Vm Instance1 To Vm Instance2 With additional SG
146 [Documentation] Login to the vm instance and test some operations
147 ${vms} BuiltIn.Create List @{NET1_VM_IPS}[1]
148 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[0] ${vms}
150 Repeat Ping From Vm Instance2 To Vm Instance1 With additional SG
151 [Documentation] Login to the vm instance and test operations
152 ${vms} BuiltIn.Create List @{NET1_VM_IPS}[0]
153 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[1] ${vms}
155 Remove The Rules From Additional Security Group
156 OpenStackOperations.Delete All Security Group Rules additional-sg
158 No Ping From DHCP To Vm Instance1 With Additional Security Group Rules Removed
159 [Documentation] Check non-reachability of vm instances by pinging to them.
160 OpenStackOperations.Ping From DHCP Should Not Succeed @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[0]
162 No Ping From DHCP To Vm Instance2 With Additional Security Group Rules Removed
163 [Documentation] Check non-reachability of vm instances by pinging to them.
164 OpenStackOperations.Ping From DHCP Should Not Succeed @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[1]
166 Add The Rules To Additional Security Group Again
167 OpenStackOperations.Neutron Security Group Rule Create Legacy Cli additional-sg direction=ingress protocol=icmp remote_ip_prefix=${NET1_DHCP_IP}/32
169 Ping From DHCP To Vm Instance1 After Rules Are Added Again
170 [Documentation] Check reachability of vm instances by pinging to them from DHCP.
171 OpenStackOperations.Ping Vm From DHCP Namespace @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[0]
173 Ping From DHCP To Vm Instance2 After Rules Are Added Again
174 [Documentation] Check reachability of vm instances by pinging to them from DHCP.
175 OpenStackOperations.Ping Vm From DHCP Namespace @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[1]
177 Remove the additional Security Group from First Vm
178 OpenStackOperations.Remove Security Group From VM @{NET_1_VM_INSTANCES}[0] additional-sg
180 Repeat Ping From Vm Instance1 To Vm Instance2 With Additional SG Removed From Vm1
181 [Documentation] Login to the vm instance and test some operations
182 ${vms} = BuiltIn.Create List @{NET1_VM_IPS}[1]
183 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[0] ${vms}
185 Repeat Ping From Vm Instance2 To Vm Instance1 With Additional SG Removed From Vm1
186 [Documentation] Login to the vm instance and test operations
187 ${vms} = BuiltIn.Create List @{NET1_VM_IPS}[0]
188 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[1] ${vms}
190 Remove Router Interfaces
191 : FOR ${interface} IN @{SUBNETS_NAME}
192 \ OpenStackOperations.Remove Interface @{ROUTERS_NAME}[0] ${interface}
195 OpenStackOperations.Delete Router @{ROUTERS_NAME}[0]
197 Repeat Ping From Vm Instance1 To Vm Instance2 With Router Removed
198 [Documentation] Login to the vm instance and test some operations
199 ${VM2_LIST} BuiltIn.Create List @{NET1_VM_IPS}[1]
200 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[0] ${VM2_LIST}
202 Repeat Ping From Vm Instance2 To Vm Instance1 With Router Removed
203 [Documentation] Login to the vm instance and test operations
204 ${VM1_LIST} BuiltIn.Create List @{NET1_VM_IPS}[0]
205 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[1] ${VM1_LIST}
207 Delete Vm Instances In network_2
208 : FOR ${vm} IN @{NET_2_VM_INSTANCES}
209 \ OpenStackOperations.Delete Vm Instance ${vm}
211 Repeat Ping From Vm Instance1 To Vm Instance2 With network_2 VM Deleted
212 [Documentation] Login to the vm instance and test some operations
213 ${VM2_LIST} BuiltIn.Create List @{NET1_VM_IPS}[1]
214 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[0] ${VM2_LIST}
216 Repeat Ping From Vm Instance2 To Vm Instance1 With network_2 VM Deleted
217 [Documentation] Login to the vm instance and test operations
218 ${VM1_LIST} BuiltIn.Create List @{NET1_VM_IPS}[0]
219 OpenStackOperations.Test Operations From Vm Instance @{NETWORKS_NAME}[0] @{NET1_VM_IPS}[1] ${VM1_LIST}
221 Delete Vm Instances In network_1
222 : FOR ${VmElement} IN @{NET_1_VM_INSTANCES}
223 \ OpenStackOperations.Delete Vm Instance ${VmElement}
225 Delete Security Groups
226 OpenStackOperations.Delete SecurityGroup additional-sg
227 OpenStackOperations.Delete SecurityGroup ${SECURITY_GROUP}
231 : FOR ${vm} IN @{NET_1_VM_INSTANCES}
232 \ OpenStackOperations.Delete Vm Instance ${vm}
233 : FOR ${vm} IN @{NET_2_VM_INSTANCES}
234 \ OpenStackOperations.Delete Vm Instance ${vm}
235 : FOR ${subnet} IN @{SUBNETS_NAME}
236 \ BuiltIn.Run Keyword And Ignore Error OpenStackOperations.Delete SubNet ${subnet}
237 : FOR ${network} IN @{NETWORKS_NAME}
238 \ BuiltIn.Run Keyword And Ignore Error OpenStackOperations.Delete Network ${network}
239 BuiltIn.Run Keyword And Ignore Error OpenStackOperations.Delete SecurityGroup additional-sg
240 BuiltIn.Run Keyword And Ignore Error OpenStackOperations.Delete SecurityGroup ${SECURITY_GROUP}
241 SSHLibrary.Close All Connections