*** Settings ***
-Documentation Test suite to verify security groups basic and advanced functionalities, including negative tests.
-... These test cases are not so relevant for transparent mode, so each test case will be tagged with
-... "skip_if_transparent" to allow any underlying keywords to return with a PASS without risking
-... a false failure. The real value of this suite will be in stateful mode.
-Suite Setup Suite Setup
-Suite Teardown OpenStackOperations.OpenStack Suite Teardown
-Test Setup SetupUtils.Setup_Test_With_Logging_And_Without_Fast_Failing
-Test Teardown OpenStackOperations.Get Test Teardown Debugs
-Force Tags skip_if_${SECURITY_GROUP_MODE}
-Library OperatingSystem
-Library RequestsLibrary
-Library SSHLibrary
-Resource ../../../libraries/DevstackUtils.robot
-Resource ../../../libraries/KarafKeywords.robot
-Resource ../../../libraries/OpenStackOperations.robot
-Resource ../../../libraries/SetupUtils.robot
-Resource ../../../libraries/Utils.robot
-Resource ../../../libraries/RemoteBash.robot
-Resource ../../../variables/netvirt/Variables.robot
+Documentation Test suite to verify security groups basic and advanced functionalities, including negative tests.
+... These test cases are not so relevant for transparent mode, so each test case will be tagged with
+... "skip_if_transparent" to allow any underlying keywords to return with a PASS without risking
+... a false failure. The real value of this suite will be in stateful mode.
+
+Library OperatingSystem
+Library RequestsLibrary
+Library SSHLibrary
+Resource ../../../libraries/DevstackUtils.robot
+Resource ../../../libraries/KarafKeywords.robot
+Resource ../../../libraries/OpenStackOperations.robot
+Resource ../../../libraries/SetupUtils.robot
+Resource ../../../libraries/Utils.robot
+Resource ../../../libraries/RemoteBash.robot
+Resource ../../../variables/netvirt/Variables.robot
+
+Suite Setup Suite Setup
+Suite Teardown OpenStackOperations.OpenStack Suite Teardown
+Test Setup SetupUtils.Setup_Test_With_Logging_And_Without_Fast_Failing
+Test Teardown OpenStackOperations.Get Test Teardown Debugs
+
+Force Tags skip_if_${security_group_mode}
+
*** Variables ***
-${SECURITY_GROUP} sg_sg
-@{NETWORKS} sg_net_1 sg_net_2
-@{SUBNETS} sg_sub_1 sg_sub_2
-${ROUTER} sg_router
-@{NET_1_VMS} sg_net_1_vm_1 sg_net_1_vm_2
-@{NET_2_VMS} sg_net_2_vm_1
-@{SUBNET_CIDRS} 51.0.0.0/24 52.0.0.0/24
+${SECURITY_GROUP} sg_sg
+@{NETWORKS} sg_net_1 sg_net_2
+@{SUBNETS} sg_sub_1 sg_sub_2
+${ROUTER} sg_router
+@{NET_1_VMS} sg_net_1_vm_1 sg_net_1_vm_2
+@{NET_2_VMS} sg_net_2_vm_1
+@{SUBNET_CIDRS} 51.0.0.0/24 52.0.0.0/24
+
*** Test Cases ***
No Ping From DHCP To Vm Instance1
No Ping From Vm Instance1 To Vm Instance2
[Documentation] Login to the vm instance and test some operations
${vm_ips} = BuiltIn.Create List ${NET_1_VM_IPS}[1]
- OpenStackOperations.Test Operations From Vm Instance ${NETWORKS}[0] ${NET_1_VM_IPS}[0] ${vm_ips} ping_should_succeed=False
+ OpenStackOperations.Test Operations From Vm Instance
+ ... ${NETWORKS}[0]
+ ... ${NET_1_VM_IPS}[0]
+ ... ${vm_ips}
+ ... ping_should_succeed=False
No Ping From Vm Instance2 To Vm Instance1
[Documentation] Login to the vm instance and test operations
${vm_ips} = BuiltIn.Create List ${NET_1_VM_IPS}[0]
- OpenStackOperations.Test Operations From Vm Instance ${NETWORKS}[0] ${NET_1_VM_IPS}[1] ${vm_ips} ping_should_succeed=False
+ OpenStackOperations.Test Operations From Vm Instance
+ ... ${NETWORKS}[0]
+ ... ${NET_1_VM_IPS}[1]
+ ... ${vm_ips}
+ ... ping_should_succeed=False
Add Ping Allow Rules With Remote SG (only between VMs)
- OpenStackOperations.Neutron Security Group Rule Create ${SECURITY_GROUP} direction=ingress protocol=icmp remote_group_id=${SECURITY_GROUP}
- OpenStackOperations.Neutron Security Group Rule Create ${SECURITY_GROUP} direction=egress protocol=icmp remote_group_id=${SECURITY_GROUP}
+ OpenStackOperations.Neutron Security Group Rule Create
+ ... ${SECURITY_GROUP}
+ ... direction=ingress
+ ... protocol=icmp
+ ... remote_group_id=${SECURITY_GROUP}
+ OpenStackOperations.Neutron Security Group Rule Create
+ ... ${SECURITY_GROUP}
+ ... direction=egress
+ ... protocol=icmp
+ ... remote_group_id=${SECURITY_GROUP}
OpenStackOperations.Neutron Security Group Show ${SECURITY_GROUP}
Verify No Ping From DHCP To Vm Instance1
[Documentation] Add an additional security group to the VMs - this is done to test a different logic put in place for ports with multiple SGs
OpenStackOperations.Security Group Create Without Default Security Rules additional-sg
#TODO Remove this after the Newton jobs are removed, Openstack CLI with Newton lacks support to configure rule with remote_ip_prefix
- OpenStackOperations.Neutron Security Group Rule Create additional-sg direction=ingress protocol=icmp remote_ip_prefix=${NET_1_DHCP_IP}/32
+ OpenStackOperations.Neutron Security Group Rule Create
+ ... additional-sg
+ ... direction=ingress
+ ... protocol=icmp
+ ... remote_ip_prefix=${NET_1_DHCP_IP}/32
OpenStackOperations.Neutron Security Group Show additional-sg
FOR ${vm} IN @{NET_1_VMS}
OpenStackOperations.Add Security Group To VM ${vm} additional-sg
Repeat Ping From Vm Instance1 To Vm Instance2 With additional SG
[Documentation] Login to the vm instance and test some operations
- ${vm_ips} BuiltIn.Create List ${NET_1_VM_IPS}[1]
+ ${vm_ips} = BuiltIn.Create List ${NET_1_VM_IPS}[1]
OpenStackOperations.Test Operations From Vm Instance ${NETWORKS}[0] ${NET_1_VM_IPS}[0] ${vm_ips}
Repeat Ping From Vm Instance2 To Vm Instance1 With additional SG
[Documentation] Login to the vm instance and test operations
- ${vm_ips} BuiltIn.Create List ${NET_1_VM_IPS}[0]
+ ${vm_ips} = BuiltIn.Create List ${NET_1_VM_IPS}[0]
OpenStackOperations.Test Operations From Vm Instance ${NETWORKS}[0] ${NET_1_VM_IPS}[1] ${vm_ips}
Test Connection when Rules Change Dynamically
[Documentation] Initiate ping from DHCP to VM instance and remove security rules
... dynamically check the communication has stopped after removing the security group rules.
- ${net_id}= OpenstackOperations.Get Net Id ${NETWORKS}[0]
+ ${net_id} = OpenstackOperations.Get Net Id ${NETWORKS}[0]
Get ControlNode Connection
- ${output}= SSHLibrary.Write sudo ip netns exec qdhcp-${net_id} ping ${NET_1_VM_IPS}[0]
+ ${output} = SSHLibrary.Write sudo ip netns exec qdhcp-${net_id} ping ${NET_1_VM_IPS}[0]
Delete All Security Group Rules additional-sg
Read delay=10s
Write_Bare_Ctrl_C
- ${output}= Read Until packet loss
+ ${output} = Read Until packet loss
Should Not Contain ${output} ${PING_REGEXP}
No Ping From DHCP To Vm Instance1 With Additional Security Group Rules Removed
OpenStackOperations.Ping From DHCP Should Not Succeed ${NETWORKS}[0] ${NET_1_VM_IPS}[1]
Add The Rules To Additional Security Group Again
- OpenStackOperations.Neutron Security Group Rule Create additional-sg direction=ingress protocol=icmp remote_ip_prefix=${NET_1_DHCP_IP}/32
+ OpenStackOperations.Neutron Security Group Rule Create
+ ... additional-sg
+ ... direction=ingress
+ ... protocol=icmp
+ ... remote_ip_prefix=${NET_1_DHCP_IP}/32
Ping From DHCP To Vm Instance1 After Rules Are Added Again
[Documentation] Check reachability of vm instances by pinging to them from DHCP.
Repeat Ping From Vm Instance1 To Vm Instance2 With Router Removed
[Documentation] Login to the vm instance and test some operations
- ${vm_ips} BuiltIn.Create List ${NET_1_VM_IPS}[1]
+ ${vm_ips} = BuiltIn.Create List ${NET_1_VM_IPS}[1]
OpenStackOperations.Test Operations From Vm Instance ${NETWORKS}[0] ${NET_1_VM_IPS}[0] ${vm_ips}
Repeat Ping From Vm Instance2 To Vm Instance1 With Router Removed
[Documentation] Login to the vm instance and test operations
- ${vm_ips} BuiltIn.Create List ${NET_1_VM_IPS}[0]
+ ${vm_ips} = BuiltIn.Create List ${NET_1_VM_IPS}[0]
OpenStackOperations.Test Operations From Vm Instance ${NETWORKS}[0] ${NET_1_VM_IPS}[1] ${vm_ips}
Delete Vm Instances In net_2
Repeat Ping From Vm Instance1 To Vm Instance2 With net_2 VM Deleted
[Documentation] Login to the vm instance and test some operations
- ${vm_ips} BuiltIn.Create List ${NET_1_VM_IPS}[1]
+ ${vm_ips} = BuiltIn.Create List ${NET_1_VM_IPS}[1]
OpenStackOperations.Test Operations From Vm Instance ${NETWORKS}[0] ${NET_1_VM_IPS}[0] ${vm_ips}
Repeat Ping From Vm Instance2 To Vm Instance1 With net_2 VM Deleted
${vm_ips} = BuiltIn.Create List ${NET_1_VM_IPS}[0]
OpenStackOperations.Test Operations From Vm Instance ${NETWORKS}[0] ${NET_1_VM_IPS}[1] ${vm_ips}
+
*** Keywords ***
Suite Setup
OpenStackOperations.OpenStack Suite Setup
OpenStackOperations.Create Network ${NETWORKS}[0]
OpenStackOperations.Create Network ${NETWORKS}[1]
- BuiltIn.Wait Until Keyword Succeeds 10s 2s Utils.Check For Elements At URI ${NETWORK_URL} ${NETWORKS}
+ BuiltIn.Wait Until Keyword Succeeds
+ ... 10s
+ ... 2s
+ ... Utils.Check For Elements At URI
+ ... ${NETWORK_URL}
+ ... ${NETWORKS}
OpenStackOperations.Create SubNet ${NETWORKS}[0] ${SUBNETS}[0] ${SUBNET_CIDRS}[0]
OpenStackOperations.Create SubNet ${NETWORKS}[1] ${SUBNETS}[1] ${SUBNET_CIDRS}[1]
- BuiltIn.Wait Until Keyword Succeeds 10s 2s Utils.Check For Elements At URI ${SUBNETWORK_URL} ${SUBNETS}
+ BuiltIn.Wait Until Keyword Succeeds
+ ... 10s
+ ... 2s
+ ... Utils.Check For Elements At URI
+ ... ${SUBNETWORK_URL}
+ ... ${SUBNETS}
OpenStackOperations.Security Group Create Without Default Security Rules ${SECURITY_GROUP}
- OpenStackOperations.Neutron Security Group Rule Create ${SECURITY_GROUP} direction=ingress port_range_max=65535 port_range_min=1 protocol=tcp
- OpenStackOperations.Neutron Security Group Rule Create ${SECURITY_GROUP} direction=egress port_range_max=65535 port_range_min=1 protocol=tcp
+ OpenStackOperations.Neutron Security Group Rule Create
+ ... ${SECURITY_GROUP}
+ ... direction=ingress
+ ... port_range_max=65535
+ ... port_range_min=1
+ ... protocol=tcp
+ OpenStackOperations.Neutron Security Group Rule Create
+ ... ${SECURITY_GROUP}
+ ... direction=egress
+ ... port_range_max=65535
+ ... port_range_min=1
+ ... protocol=tcp
OpenStackOperations.Neutron Security Group Show ${SECURITY_GROUP}
- OpenStackOperations.Create Vm Instance On Compute Node ${NETWORKS}[0] ${NET_1_VMS}[0] ${OS_CMP1_HOSTNAME} sg=${SECURITY_GROUP}
- OpenStackOperations.Create Vm Instance On Compute Node ${NETWORKS}[0] ${NET_1_VMS}[1] ${OS_CMP2_HOSTNAME} sg=${SECURITY_GROUP}
- OpenStackOperations.Create Vm Instance On Compute Node ${NETWORKS}[1] ${NET_2_VMS}[0] ${OS_CMP1_HOSTNAME} sg=${SECURITY_GROUP}
+ OpenStackOperations.Create Vm Instance On Compute Node
+ ... ${NETWORKS}[0]
+ ... ${NET_1_VMS}[0]
+ ... ${OS_CMP1_HOSTNAME}
+ ... sg=${SECURITY_GROUP}
+ OpenStackOperations.Create Vm Instance On Compute Node
+ ... ${NETWORKS}[0]
+ ... ${NET_1_VMS}[1]
+ ... ${OS_CMP2_HOSTNAME}
+ ... sg=${SECURITY_GROUP}
+ OpenStackOperations.Create Vm Instance On Compute Node
+ ... ${NETWORKS}[1]
+ ... ${NET_2_VMS}[0]
+ ... ${OS_CMP1_HOSTNAME}
+ ... sg=${SECURITY_GROUP}
@{NET_1_VM_IPS} ${NET_1_DHCP_IP} = OpenStackOperations.Get VM IPs @{NET_1_VMS}
@{NET_2_VM_IPS} ${NET_2_DHCP_IP} = OpenStackOperations.Get VM IPs @{NET_2_VMS}
BuiltIn.Set Suite Variable @{NET_1_VM_IPS}