csit/suites/openstack/securitygroup/acl.robot

   1 *** Settings ***
   2 Documentation       Test suite to validate ARP functionality for ACL_Enhancement feature.
   3
   4 Library             OperatingSystem
   5 Library             RequestsLibrary
   6 Library             String
   7 Resource            ../../../libraries/DevstackUtils.robot
   8 Resource            ../../../libraries/KarafKeywords.robot
   9 Resource            ../../../libraries/OVSDB.robot
  10 Resource            ../../../libraries/OpenStackOperations.robot
  11 Resource            ../../../libraries/OvsManager.robot
  12 Resource            ../../../libraries/SetupUtils.robot
  13 Resource            ../../../libraries/Utils.robot
  14 Resource            ../../../variables/Variables.robot
  15 Resource            ../../../variables/netvirt/Variables.robot
  16
  17 Suite Setup         Start Suite
  18 Suite Teardown      OpenStackOperations.OpenStack Suite Teardown
  19 Test Setup          SetupUtils.Setup_Test_With_Logging_And_Without_Fast_Failing
  20 Test Teardown       OpenStackOperations.Get Test Teardown Debugs
  21
  22
  23 *** Variables ***
  24 @{REQ_NETWORKS}             acl_net_1    acl_net_2
  25 @{REQ_SUBNETS}              acl_subnet_1    acl_subnet_2
  26 @{REQ_SUBNET_CIDR}          30.30.30.0/24    40.40.40.0/24
  27 @{PORTS}                    acl_port_1    acl_port_2    acl_port_3    acl_port_4
  28 @{VM_NAMES}                 acl_myvm_1    acl_myvm_2
  29 @{SECURITY_GROUP}           acl_sg_1
  30 ${VIRTUAL_IP}               30.30.30.100/24
  31 ${PACKET_COUNT}             5
  32 ${RANDOM_IP}                11.11.11.11
  33 ${NETMASK}                  255.255.255.0
  34 ${PACKET_COUNT_ZERO}        0
  35 ${DHCP_CMD}                 sudo /sbin/cirros-dhcpc up eth1
  36 ${SPOOF_IP}                 30.30.30.100
  37 @{SPOOF_MAC_ADDRESSES}      FA:17:3E:73:65:86    fa:16:3e:3d:3b:5e
  38 ${ARP_CONFIG}
  39 ...                         sudo ifconfig eth0 down \n sudo ifconfig eth0 hw ether ${SPOOF_MAC_ADDRESSES[0]} \n sudo ifconfig eth0 up
  40 ${ARP_SHA}                  arp_sha
  41 ${ARP}                      arp
  42 ${TABLE}                    goto_table:217
  43
  44
  45 *** Test Cases ***
  46 Verify ARP request Valid MAC and Valid IP for the VM Egress Table
  47     [Documentation]    Verifying ARP resquest resolved for Valid MAC and Valid IP at the VM Egress Table
  48     OpenStackOperations.Execute Command on VM Instance    ${REQ_NETWORKS}[0]    ${VM_IP_DPN1}[0]    ${DHCP_CMD}
  49     OpenStackOperations.Execute Command on VM Instance    ${REQ_NETWORKS}[0]    ${VM_IP_DPN2}[0]    ${DHCP_CMD}
  50     ${get_pkt_count_before_arp} =    OvsManager.Get Packet Count From Table
  51     ...    ${OS_CMP1_IP}
  52     ...    ${INTEGRATION_BRIDGE}
  53     ...    table=${DEFAULT_FLOW_TABLES}[15]
  54     ...    | grep ${VM1_METADATA}.*${ARP_SHA}
  55     ${arping_cli} =    BuiltIn.Set Variable    sudo arping -I eth0 -c ${PACKET_COUNT} \ ${RANDOM_IP}
  56     OpenStackOperations.Execute Command on VM Instance    ${REQ_NETWORKS[1]}    ${VM_IP_DPN1}[1]    ${arping_cli}
  57     ${get_pkt_count_after_arp} =    OvsManager.Get Packet Count From Table
  58     ...    ${OS_CMP1_IP}
  59     ...    ${INTEGRATION_BRIDGE}
  60     ...    table=${DEFAULT_FLOW_TABLES}[15]
  61     ...    | grep ${VM1_METADATA}.*${ARP_SHA}
  62     ${pkt_diff} =    BuiltIn.Evaluate    int(${get_pkt_count_after_arp})-int(${get_pkt_count_before_arp})
  63     BuiltIn.Should Be Equal As Numbers    ${pkt_diff}    ${PACKET_COUNT}
  64
  65 Verify ARP request generated from Spoofed IP for the VM
  66     [Documentation]    Verifying ARP resquest generated for Spoofed IP with Valid MAC and Validate the packet drop at the VM Egress Table
  67     ${arp_int_up_cli} =    BuiltIn.Set Variable    sudo ifconfig eth0:1 ${SPOOF_IP} netmask ${NETMASK} up
  68     ${output} =    OpenStackOperations.Execute Command on VM Instance
  69     ...    ${REQ_NETWORKS}[1]
  70     ...    ${VM_IP_DPN1}[1]
  71     ...    ${arp_int_up_cli}
  72     ${get_pkt_count_before_arp} =    OvsManager.Get Packet Count From Table
  73     ...    ${OS_CMP1_IP}
  74     ...    ${INTEGRATION_BRIDGE}
  75     ...    table=${DEFAULT_FLOW_TABLES}[15]
  76     ...    | grep ${VM1_METADATA}.*${ARP_SHA}
  77     ${get_arp_drop_pkt_before} =    OvsManager.Get Packet Count From Table
  78     ...    ${OS_CMP1_IP}
  79     ...    ${INTEGRATION_BRIDGE}
  80     ...    table=${DEFAULT_FLOW_TABLES}[15]
  81     ...    | grep ${ARP}.*${TABLE}
  82     ${arping_cli} =    BuiltIn.Set Variable    sudo arping -s ${SPOOF_IP} -c ${PACKET_COUNT} \ ${RANDOM_IP}
  83     ${output} =    OpenStackOperations.Execute Command on VM Instance
  84     ...    ${REQ_NETWORKS}[1]
  85     ...    ${VM_IP_DPN1}[1]
  86     ...    ${arping_cli}
  87     ${get_pkt_count_after_arp} =    OvsManager.Get Packet Count From Table
  88     ...    ${OS_CMP1_IP}
  89     ...    ${INTEGRATION_BRIDGE}
  90     ...    table=${DEFAULT_FLOW_TABLES}[15]
  91     ...    | grep ${VM1_METADATA}.*${ARP_SHA}
  92     ${get_arp_drop_pkt_after} =    OvsManager.Get Packet Count From Table
  93     ...    ${OS_CMP1_IP}
  94     ...    ${INTEGRATION_BRIDGE}
  95     ...    table=${DEFAULT_FLOW_TABLES}[15]
  96     ...    | grep ${ARP}.*${TABLE}
  97     ${pkt_diff_arp_drop} =    BuiltIn.Evaluate    int(${get_arp_drop_pkt_after})-int(${get_arp_drop_pkt_before})
  98     ${pkt_diff} =    BuiltIn.Evaluate    int(${get_pkt_count_after_arp})-int(${get_pkt_count_before_arp})
  99     BuiltIn.Should Be Equal As Numbers    ${pkt_diff}    ${PACKET_COUNT_ZERO}
 100     BuiltIn.Should Be Equal As Numbers    ${pkt_diff_arp_drop}    ${PACKET_COUNT}
 101
 102 Verify ARP request generated from Spoofed MAC for the VM
 103     [Documentation]    Verifying ARP resquest generated for Spoofed MAC with Valid IP and Validate the ARP packet drop at the VM Egress Table
 104     ${count} =    String.Get Line Count    ${ARP_CONFIG}
 105     FOR    ${index}    IN RANGE    0    ${count}
 106         ${cmd} =    String.Get Line    ${ARP_CONFIG}    ${index}
 107         ${output} =    OpenStackOperations.Execute Command on VM Instance
 108         ...    ${REQ_NETWORKS}[1]
 109         ...    ${VM_IP_DPN1}[1]
 110         ...    ${cmd}
 111     END
 112     ${get_pkt_count_before_arp} =    OvsManager.Get Packet Count From Table
 113     ...    ${OS_CMP1_IP}
 114     ...    ${INTEGRATION_BRIDGE}
 115     ...    table=${DEFAULT_FLOW_TABLES}[15]
 116     ...    | grep ${VM1_METADATA}.*${ARP_SHA}
 117     ${get_arp_drop_pkt_before} =    OvsManager.Get Packet Count From Table
 118     ...    ${OS_CMP1_IP}
 119     ...    ${INTEGRATION_BRIDGE}
 120     ...    table=${DEFAULT_FLOW_TABLES}[15]
 121     ...    | grep ${ARP}.*${TABLE}
 122     ${arping_cli} =    BuiltIn.Set Variable    sudo arping -I eth0 -c ${PACKET_COUNT} \ ${RANDOM_IP}
 123     OpenStackOperations.Execute Command on VM Instance    ${REQ_NETWORKS}[1]    ${VM_IP_DPN1}[1]    ${arping_cli}
 124     ${get_pkt_count_after_arp} =    OvsManager.Get Packet Count From Table
 125     ...    ${OS_CMP1_IP}
 126     ...    ${INTEGRATION_BRIDGE}
 127     ...    table=${DEFAULT_FLOW_TABLES}[15]
 128     ...    | grep ${VM1_METADATA}.*${ARP_SHA}
 129     ${get_arp_drop_pkt_after} =    OvsManager.Get Packet Count From Table
 130     ...    ${OS_CMP1_IP}
 131     ...    ${INTEGRATION_BRIDGE}
 132     ...    table=${DEFAULT_FLOW_TABLES}[15]
 133     ...    | grep ${ARP}.*${TABLE}
 134     ${pkt_diff} =    BuiltIn.Evaluate    int(${get_pkt_count_after_arp})-int(${get_pkt_count_before_arp})
 135     ${pkt_diff_arp_drop} =    BuiltIn.Evaluate    int(${get_arp_drop_pkt_after})-int(${get_arp_drop_pkt_before})
 136     BuiltIn.Should Be Equal As Numbers    ${pkt_diff}    ${PACKET_COUNT_ZERO}
 137     BuiltIn.Should Be Equal As Numbers    ${pkt_diff_arp_drop}    ${PACKET_COUNT}
 138
 139 Verify ARP request generated from Spoofed IP and spoofed MAC for the VM
 140     [Documentation]    Verifying ARP resquest generated for Spoofed MAC with Spoofed IP and Validate the ARP packet drop at the VM Egress Table
 141     ${get_pkt_count_before_arp} =    OvsManager.Get Packet Count From Table
 142     ...    ${OS_CMP1_IP}
 143     ...    ${INTEGRATION_BRIDGE}
 144     ...    table=${DEFAULT_FLOW_TABLES}[15]
 145     ...    | grep ${VM1_METADATA}.*${ARP_SHA}
 146     ${get_arp_drop_pkt_before} =    OvsManager.Get Packet Count From Table
 147     ...    ${OS_CMP1_IP}
 148     ...    ${INTEGRATION_BRIDGE}
 149     ...    table=${DEFAULT_FLOW_TABLES}[15]
 150     ...    | grep ${ARP}.*${TABLE}
 151     ${arping_cli} =    BuiltIn.Set Variable    sudo arping -s ${SPOOF_IP} -c ${PACKET_COUNT} \ ${RANDOM_IP}
 152     OpenStackOperations.Execute Command on VM Instance    ${REQ_NETWORKS}[1]    ${VM_IP_DPN1}[1]    ${arping_cli}
 153     ${get_pkt_count_after_arp} =    OvsManager.Get Packet Count From Table
 154     ...    ${OS_CMP1_IP}
 155     ...    ${INTEGRATION_BRIDGE}
 156     ...    table=${DEFAULT_FLOW_TABLES}[15]
 157     ...    | grep ${VM1_METADATA}.*${ARP_SHA}
 158     ${get_arp_drop_pkt_after} =    OvsManager.Get Packet Count From Table
 159     ...    ${OS_CMP1_IP}
 160     ...    ${INTEGRATION_BRIDGE}
 161     ...    table=${DEFAULT_FLOW_TABLES}[15]
 162     ...    | grep ${ARP}.*${TABLE}
 163     ${pkt_diff} =    BuiltIn.Evaluate    int(${get_pkt_count_after_arp})-int(${get_pkt_count_before_arp})
 164     ${pkt_diff_arp_drop} =    BuiltIn.Evaluate    int(${get_arp_drop_pkt_after})-int(${get_arp_drop_pkt_before})
 165     BuiltIn.Should Be Equal As Numbers    ${pkt_diff}    ${PACKET_COUNT_ZERO}
 166     BuiltIn.Should Be Equal As Numbers    ${pkt_diff_arp_drop}    ${PACKET_COUNT}
 167
 168
 169 *** Keywords ***
 170 Start Suite
 171     [Documentation]    Suite setup for ACL_Enhancement feature
 172     OpenStackOperations.OpenStack Suite Setup
 173     Create Setup
 174
 175 Create Setup
 176     [Documentation]    Create Two Networks, Two Subnets, Four Ports
 177     Create Multiple Networks    @{REQ_NETWORKS}
 178     Create Multiple Subnets    ${REQ_NETWORKS}    ${REQ_SUBNETS}    ${REQ_SUBNET_CIDR}
 179     OpenStackOperations.Neutron Security Group Create    ${SECURITY_GROUP}[0]
 180     OpenStackOperations.Delete All Security Group Rules    ${SECURITY_GROUP}[0]
 181     OpenStackOperations.Create Port    ${REQ_NETWORKS}[0]    ${PORTS}[0]    sg=${SECURITY_GROUP}[0]
 182     OpenStackOperations.Create Port    ${REQ_NETWORKS}[1]    ${PORTS}[1]    sg=${SECURITY_GROUP}[0]
 183     OpenStackOperations.Create Port    ${REQ_NETWORKS}[0]    ${PORTS}[2]    sg=${SECURITY_GROUP}[0]
 184     OpenStackOperations.Create Port    ${REQ_NETWORKS}[1]    ${PORTS}[3]    sg=${SECURITY_GROUP}[0]
 185     OpenStackOperations.Neutron Security Group Rule Create
 186     ...    ${SECURITY_GROUP}[0]
 187     ...    direction=ingress
 188     ...    protocol=icmp
 189     ...    remote_ip=0.0.0.0/0
 190     OpenStackOperations.Neutron Security Group Rule Create
 191     ...    ${SECURITY_GROUP}[0]
 192     ...    direction=egress
 193     ...    protocol=icmp
 194     ...    remote_ip=0.0.0.0/0
 195     OpenStackOperations.Neutron Security Group Rule Create
 196     ...    ${SECURITY_GROUP}[0]
 197     ...    direction=ingress
 198     ...    port_range_max=65535
 199     ...    port_range_min=1
 200     ...    protocol=tcp
 201     ...    remote-ip=0.0.0.0/0
 202     OpenStackOperations.Neutron Security Group Rule Create
 203     ...    ${SECURITY_GROUP}[0]
 204     ...    direction=egress
 205     ...    port_range_max=65535
 206     ...    port_range_min=1
 207     ...    protocol=tcp
 208     ...    remote-ip=0.0.0.0/0
 209     OpenStackOperations.Create Vm Instance With Ports On Compute Node
 210     ...    ${PORTS}[0]
 211     ...    ${PORTS}[1]
 212     ...    ${VM_NAMES}[0]
 213     ...    ${OS_CMP1_HOSTNAME}
 214     ...    flavor=m1.tiny
 215     ...    sg=${SECURITY_GROUP}[0]
 216     OpenStackOperations.Create Vm Instance With Ports On Compute Node
 217     ...    ${PORTS}[2]
 218     ...    ${PORTS}[3]
 219     ...    ${VM_NAMES}[1]
 220     ...    ${OS_CMP2_HOSTNAME}
 221     ...    flavor=m1.tiny
 222     ...    sg=${SECURITY_GROUP}[0]
 223     FOR    ${vm}    IN    @{VM_NAMES}
 224         OpenStackOperations.Poll VM Is ACTIVE    ${vm}
 225     END
 226     ${VM_IP_DPN1} =    BuiltIn.Wait Until Keyword Succeeds
 227     ...    300 sec
 228     ...    15 sec
 229     ...    OpenStackOperations.Get All VM IP Addresses
 230     ...    ${OS_CMP1_CONN_ID}
 231     ...    ${VM_NAMES}[0]
 232     ${VM_IP_DPN2} =    BuiltIn.Wait Until Keyword Succeeds
 233     ...    300 sec
 234     ...    15 sec
 235     ...    OpenStackOperations.Get All VM IP Addresses
 236     ...    ${OS_CMP2_CONN_ID}
 237     ...    ${VM_NAMES}[1]
 238     BuiltIn.Set Suite Variable    @{VM_IP_DPN1}
 239     BuiltIn.Set Suite Variable    @{VM_IP_DPN2}
 240     FOR    ${ip}    IN    @{VM_IP_DPN1}
 241         BuiltIn.Should Not Contain    ${ip}    None
 242     END
 243     FOR    ${ip}    IN    @{VM_IP_DPN2}
 244         BuiltIn.Should Not Contain    ${ip}    None
 245     END
 246     ${VM1_PORT} =    Get VMs OVS Port Number    ${OS_CMP1_IP}    ${PORTS}[0]
 247     ${VM1_METADATA} =    OVSDB.Get Port Metadata    ${OS_CMP1_IP}    ${VM1_PORT}
 248     BuiltIn.Set Suite Variable    ${VM1_METADATA}