csit/suites/openstack/securitygroup/acl.robot

   1 *** Settings ***
   2 Documentation       Test suite to validate ARP functionality for ACL_Enhancement feature.
   3
   4 Library             OperatingSystem
   5 Library             RequestsLibrary
   6 Library             String
   7 Resource            ../../../libraries/DevstackUtils.robot
   8 Resource            ../../../libraries/KarafKeywords.robot
   9 Resource            ../../../libraries/OVSDB.robot
  10 Resource            ../../../libraries/OpenStackOperations.robot
  11 Resource            ../../../libraries/OvsManager.robot
  12 Resource            ../../../libraries/SetupUtils.robot
  13 Resource            ../../../libraries/Utils.robot
  14 Resource            ../../../variables/Variables.robot
  15
  16 Suite Setup         Start Suite
  17 Suite Teardown      OpenStackOperations.OpenStack Suite Teardown
  18 Test Setup          SetupUtils.Setup_Test_With_Logging_And_Without_Fast_Failing
  19 Test Teardown       OpenStackOperations.Get Test Teardown Debugs
  20
  21
  22 *** Variables ***
  23 @{REQ_NETWORKS}             acl_net_1    acl_net_2
  24 @{REQ_SUBNETS}              acl_subnet_1    acl_subnet_2
  25 @{REQ_SUBNET_CIDR}          30.30.30.0/24    40.40.40.0/24
  26 @{PORTS}                    acl_port_1    acl_port_2    acl_port_3    acl_port_4
  27 @{VM_NAMES}                 acl_myvm_1    acl_myvm_2
  28 @{SECURITY_GROUP}           acl_sg_1
  29 ${VIRTUAL_IP}               30.30.30.100/24
  30 ${PACKET_COUNT}             5
  31 ${RANDOM_IP}                11.11.11.11
  32 ${NETMASK}                  255.255.255.0
  33 ${PACKET_COUNT_ZERO}        0
  34 ${DHCP_CMD}                 sudo /sbin/cirros-dhcpc up eth1
  35 ${SPOOF_IP}                 30.30.30.100
  36 @{SPOOF_MAC_ADDRESSES}      FA:17:3E:73:65:86    fa:16:3e:3d:3b:5e
  37 ${ARP_CONFIG}
  38 ...                         sudo ifconfig eth0 down \n sudo ifconfig eth0 hw ether ${SPOOF_MAC_ADDRESSES[0]} \n sudo ifconfig eth0 up
  39 ${ARP_SHA}                  arp_sha
  40 ${ARP}                      arp
  41 ${TABLE}                    goto_table:217
  42 ${INTEGRATION_BRIDGE}       br-int
  43 @{DEFAULT_FLOW_TABLES}      18    19    20    22    23    24    43
  44 ...                         45    48    50    51    60    80    81
  45 ...                         90    210    211    212    213    214    215
  46 ...                         216    217    239    240    241    242    243
  47 ...                         244    245    246    247
  48
  49
  50 *** Test Cases ***
  51 Verify ARP request Valid MAC and Valid IP for the VM Egress Table
  52     [Documentation]    Verifying ARP resquest resolved for Valid MAC and Valid IP at the VM Egress Table
  53     OpenStackOperations.Execute Command on VM Instance    ${REQ_NETWORKS}[0]    ${VM_IP_DPN1}[0]    ${DHCP_CMD}
  54     OpenStackOperations.Execute Command on VM Instance    ${REQ_NETWORKS}[0]    ${VM_IP_DPN2}[0]    ${DHCP_CMD}
  55     ${get_pkt_count_before_arp} =    OvsManager.Get Packet Count From Table
  56     ...    ${OS_CMP1_IP}
  57     ...    ${INTEGRATION_BRIDGE}
  58     ...    table=${DEFAULT_FLOW_TABLES}[15]
  59     ...    | grep ${VM1_METADATA}.*${ARP_SHA}
  60     ${arping_cli} =    BuiltIn.Set Variable    sudo arping -I eth0 -c ${PACKET_COUNT} \ ${RANDOM_IP}
  61     OpenStackOperations.Execute Command on VM Instance    ${REQ_NETWORKS[1]}    ${VM_IP_DPN1}[1]    ${arping_cli}
  62     ${get_pkt_count_after_arp} =    OvsManager.Get Packet Count From Table
  63     ...    ${OS_CMP1_IP}
  64     ...    ${INTEGRATION_BRIDGE}
  65     ...    table=${DEFAULT_FLOW_TABLES}[15]
  66     ...    | grep ${VM1_METADATA}.*${ARP_SHA}
  67     ${pkt_diff} =    BuiltIn.Evaluate    int(${get_pkt_count_after_arp})-int(${get_pkt_count_before_arp})
  68     BuiltIn.Should Be Equal As Numbers    ${pkt_diff}    ${PACKET_COUNT}
  69
  70 Verify ARP request generated from Spoofed IP for the VM
  71     [Documentation]    Verifying ARP resquest generated for Spoofed IP with Valid MAC and Validate the packet drop at the VM Egress Table
  72     ${arp_int_up_cli} =    BuiltIn.Set Variable    sudo ifconfig eth0:1 ${SPOOF_IP} netmask ${NETMASK} up
  73     ${output} =    OpenStackOperations.Execute Command on VM Instance
  74     ...    ${REQ_NETWORKS}[1]
  75     ...    ${VM_IP_DPN1}[1]
  76     ...    ${arp_int_up_cli}
  77     ${get_pkt_count_before_arp} =    OvsManager.Get Packet Count From Table
  78     ...    ${OS_CMP1_IP}
  79     ...    ${INTEGRATION_BRIDGE}
  80     ...    table=${DEFAULT_FLOW_TABLES}[15]
  81     ...    | grep ${VM1_METADATA}.*${ARP_SHA}
  82     ${get_arp_drop_pkt_before} =    OvsManager.Get Packet Count From Table
  83     ...    ${OS_CMP1_IP}
  84     ...    ${INTEGRATION_BRIDGE}
  85     ...    table=${DEFAULT_FLOW_TABLES}[15]
  86     ...    | grep ${ARP}.*${TABLE}
  87     ${arping_cli} =    BuiltIn.Set Variable    sudo arping -s ${SPOOF_IP} -c ${PACKET_COUNT} \ ${RANDOM_IP}
  88     ${output} =    OpenStackOperations.Execute Command on VM Instance
  89     ...    ${REQ_NETWORKS}[1]
  90     ...    ${VM_IP_DPN1}[1]
  91     ...    ${arping_cli}
  92     ${get_pkt_count_after_arp} =    OvsManager.Get Packet Count From Table
  93     ...    ${OS_CMP1_IP}
  94     ...    ${INTEGRATION_BRIDGE}
  95     ...    table=${DEFAULT_FLOW_TABLES}[15]
  96     ...    | grep ${VM1_METADATA}.*${ARP_SHA}
  97     ${get_arp_drop_pkt_after} =    OvsManager.Get Packet Count From Table
  98     ...    ${OS_CMP1_IP}
  99     ...    ${INTEGRATION_BRIDGE}
 100     ...    table=${DEFAULT_FLOW_TABLES}[15]
 101     ...    | grep ${ARP}.*${TABLE}
 102     ${pkt_diff_arp_drop} =    BuiltIn.Evaluate    int(${get_arp_drop_pkt_after})-int(${get_arp_drop_pkt_before})
 103     ${pkt_diff} =    BuiltIn.Evaluate    int(${get_pkt_count_after_arp})-int(${get_pkt_count_before_arp})
 104     BuiltIn.Should Be Equal As Numbers    ${pkt_diff}    ${PACKET_COUNT_ZERO}
 105     BuiltIn.Should Be Equal As Numbers    ${pkt_diff_arp_drop}    ${PACKET_COUNT}
 106
 107 Verify ARP request generated from Spoofed MAC for the VM
 108     [Documentation]    Verifying ARP resquest generated for Spoofed MAC with Valid IP and Validate the ARP packet drop at the VM Egress Table
 109     ${count} =    String.Get Line Count    ${ARP_CONFIG}
 110     FOR    ${index}    IN RANGE    0    ${count}
 111         ${cmd} =    String.Get Line    ${ARP_CONFIG}    ${index}
 112         ${output} =    OpenStackOperations.Execute Command on VM Instance
 113         ...    ${REQ_NETWORKS}[1]
 114         ...    ${VM_IP_DPN1}[1]
 115         ...    ${cmd}
 116     END
 117     ${get_pkt_count_before_arp} =    OvsManager.Get Packet Count From Table
 118     ...    ${OS_CMP1_IP}
 119     ...    ${INTEGRATION_BRIDGE}
 120     ...    table=${DEFAULT_FLOW_TABLES}[15]
 121     ...    | grep ${VM1_METADATA}.*${ARP_SHA}
 122     ${get_arp_drop_pkt_before} =    OvsManager.Get Packet Count From Table
 123     ...    ${OS_CMP1_IP}
 124     ...    ${INTEGRATION_BRIDGE}
 125     ...    table=${DEFAULT_FLOW_TABLES}[15]
 126     ...    | grep ${ARP}.*${TABLE}
 127     ${arping_cli} =    BuiltIn.Set Variable    sudo arping -I eth0 -c ${PACKET_COUNT} \ ${RANDOM_IP}
 128     OpenStackOperations.Execute Command on VM Instance    ${REQ_NETWORKS}[1]    ${VM_IP_DPN1}[1]    ${arping_cli}
 129     ${get_pkt_count_after_arp} =    OvsManager.Get Packet Count From Table
 130     ...    ${OS_CMP1_IP}
 131     ...    ${INTEGRATION_BRIDGE}
 132     ...    table=${DEFAULT_FLOW_TABLES}[15]
 133     ...    | grep ${VM1_METADATA}.*${ARP_SHA}
 134     ${get_arp_drop_pkt_after} =    OvsManager.Get Packet Count From Table
 135     ...    ${OS_CMP1_IP}
 136     ...    ${INTEGRATION_BRIDGE}
 137     ...    table=${DEFAULT_FLOW_TABLES}[15]
 138     ...    | grep ${ARP}.*${TABLE}
 139     ${pkt_diff} =    BuiltIn.Evaluate    int(${get_pkt_count_after_arp})-int(${get_pkt_count_before_arp})
 140     ${pkt_diff_arp_drop} =    BuiltIn.Evaluate    int(${get_arp_drop_pkt_after})-int(${get_arp_drop_pkt_before})
 141     BuiltIn.Should Be Equal As Numbers    ${pkt_diff}    ${PACKET_COUNT_ZERO}
 142     BuiltIn.Should Be Equal As Numbers    ${pkt_diff_arp_drop}    ${PACKET_COUNT}
 143
 144 Verify ARP request generated from Spoofed IP and spoofed MAC for the VM
 145     [Documentation]    Verifying ARP resquest generated for Spoofed MAC with Spoofed IP and Validate the ARP packet drop at the VM Egress Table
 146     ${get_pkt_count_before_arp} =    OvsManager.Get Packet Count From Table
 147     ...    ${OS_CMP1_IP}
 148     ...    ${INTEGRATION_BRIDGE}
 149     ...    table=${DEFAULT_FLOW_TABLES}[15]
 150     ...    | grep ${VM1_METADATA}.*${ARP_SHA}
 151     ${get_arp_drop_pkt_before} =    OvsManager.Get Packet Count From Table
 152     ...    ${OS_CMP1_IP}
 153     ...    ${INTEGRATION_BRIDGE}
 154     ...    table=${DEFAULT_FLOW_TABLES}[15]
 155     ...    | grep ${ARP}.*${TABLE}
 156     ${arping_cli} =    BuiltIn.Set Variable    sudo arping -s ${SPOOF_IP} -c ${PACKET_COUNT} \ ${RANDOM_IP}
 157     OpenStackOperations.Execute Command on VM Instance    ${REQ_NETWORKS}[1]    ${VM_IP_DPN1}[1]    ${arping_cli}
 158     ${get_pkt_count_after_arp} =    OvsManager.Get Packet Count From Table
 159     ...    ${OS_CMP1_IP}
 160     ...    ${INTEGRATION_BRIDGE}
 161     ...    table=${DEFAULT_FLOW_TABLES}[15]
 162     ...    | grep ${VM1_METADATA}.*${ARP_SHA}
 163     ${get_arp_drop_pkt_after} =    OvsManager.Get Packet Count From Table
 164     ...    ${OS_CMP1_IP}
 165     ...    ${INTEGRATION_BRIDGE}
 166     ...    table=${DEFAULT_FLOW_TABLES}[15]
 167     ...    | grep ${ARP}.*${TABLE}
 168     ${pkt_diff} =    BuiltIn.Evaluate    int(${get_pkt_count_after_arp})-int(${get_pkt_count_before_arp})
 169     ${pkt_diff_arp_drop} =    BuiltIn.Evaluate    int(${get_arp_drop_pkt_after})-int(${get_arp_drop_pkt_before})
 170     BuiltIn.Should Be Equal As Numbers    ${pkt_diff}    ${PACKET_COUNT_ZERO}
 171     BuiltIn.Should Be Equal As Numbers    ${pkt_diff_arp_drop}    ${PACKET_COUNT}
 172
 173
 174 *** Keywords ***
 175 Start Suite
 176     [Documentation]    Suite setup for ACL_Enhancement feature
 177     OpenStackOperations.OpenStack Suite Setup
 178     Create Setup
 179
 180 Create Setup
 181     [Documentation]    Create Two Networks, Two Subnets, Four Ports
 182     Create Multiple Networks    @{REQ_NETWORKS}
 183     Create Multiple Subnets    ${REQ_NETWORKS}    ${REQ_SUBNETS}    ${REQ_SUBNET_CIDR}
 184     OpenStackOperations.Neutron Security Group Create    ${SECURITY_GROUP}[0]
 185     OpenStackOperations.Delete All Security Group Rules    ${SECURITY_GROUP}[0]
 186     OpenStackOperations.Create Port    ${REQ_NETWORKS}[0]    ${PORTS}[0]    sg=${SECURITY_GROUP}[0]
 187     OpenStackOperations.Create Port    ${REQ_NETWORKS}[1]    ${PORTS}[1]    sg=${SECURITY_GROUP}[0]
 188     OpenStackOperations.Create Port    ${REQ_NETWORKS}[0]    ${PORTS}[2]    sg=${SECURITY_GROUP}[0]
 189     OpenStackOperations.Create Port    ${REQ_NETWORKS}[1]    ${PORTS}[3]    sg=${SECURITY_GROUP}[0]
 190     OpenStackOperations.Neutron Security Group Rule Create
 191     ...    ${SECURITY_GROUP}[0]
 192     ...    direction=ingress
 193     ...    protocol=icmp
 194     ...    remote_ip=0.0.0.0/0
 195     OpenStackOperations.Neutron Security Group Rule Create
 196     ...    ${SECURITY_GROUP}[0]
 197     ...    direction=egress
 198     ...    protocol=icmp
 199     ...    remote_ip=0.0.0.0/0
 200     OpenStackOperations.Neutron Security Group Rule Create
 201     ...    ${SECURITY_GROUP}[0]
 202     ...    direction=ingress
 203     ...    port_range_max=65535
 204     ...    port_range_min=1
 205     ...    protocol=tcp
 206     ...    remote-ip=0.0.0.0/0
 207     OpenStackOperations.Neutron Security Group Rule Create
 208     ...    ${SECURITY_GROUP}[0]
 209     ...    direction=egress
 210     ...    port_range_max=65535
 211     ...    port_range_min=1
 212     ...    protocol=tcp
 213     ...    remote-ip=0.0.0.0/0
 214     OpenStackOperations.Create Vm Instance With Ports On Compute Node
 215     ...    ${PORTS}[0]
 216     ...    ${PORTS}[1]
 217     ...    ${VM_NAMES}[0]
 218     ...    ${OS_CMP1_HOSTNAME}
 219     ...    flavor=m1.tiny
 220     ...    sg=${SECURITY_GROUP}[0]
 221     OpenStackOperations.Create Vm Instance With Ports On Compute Node
 222     ...    ${PORTS}[2]
 223     ...    ${PORTS}[3]
 224     ...    ${VM_NAMES}[1]
 225     ...    ${OS_CMP2_HOSTNAME}
 226     ...    flavor=m1.tiny
 227     ...    sg=${SECURITY_GROUP}[0]
 228     FOR    ${vm}    IN    @{VM_NAMES}
 229         OpenStackOperations.Poll VM Is ACTIVE    ${vm}
 230     END
 231     ${VM_IP_DPN1} =    BuiltIn.Wait Until Keyword Succeeds
 232     ...    300 sec
 233     ...    15 sec
 234     ...    OpenStackOperations.Get All VM IP Addresses
 235     ...    ${OS_CMP1_CONN_ID}
 236     ...    ${VM_NAMES}[0]
 237     ${VM_IP_DPN2} =    BuiltIn.Wait Until Keyword Succeeds
 238     ...    300 sec
 239     ...    15 sec
 240     ...    OpenStackOperations.Get All VM IP Addresses
 241     ...    ${OS_CMP2_CONN_ID}
 242     ...    ${VM_NAMES}[1]
 243     BuiltIn.Set Suite Variable    @{VM_IP_DPN1}
 244     BuiltIn.Set Suite Variable    @{VM_IP_DPN2}
 245     FOR    ${ip}    IN    @{VM_IP_DPN1}
 246         BuiltIn.Should Not Contain    ${ip}    None
 247     END
 248     FOR    ${ip}    IN    @{VM_IP_DPN2}
 249         BuiltIn.Should Not Contain    ${ip}    None
 250     END
 251     ${VM1_PORT} =    Get VMs OVS Port Number    ${OS_CMP1_IP}    ${PORTS}[0]
 252     ${VM1_METADATA} =    OVSDB.Get Port Metadata    ${OS_CMP1_IP}    ${VM1_PORT}
 253     BuiltIn.Set Suite Variable    ${VM1_METADATA}