From: Jamo Luhrsen Date: Sat, 1 Sep 2018 03:52:44 +0000 (+0000) Subject: Revert "Add Acl enhancement" X-Git-Tag: pre-potassium~582 X-Git-Url: https://git.opendaylight.org/gerrit/gitweb?a=commitdiff_plain;h=097e3ece4e1220f8f58fbefc82674cbba8756668;p=integration%2Ftest.git Revert "Add Acl enhancement" This reverts commit de41221e7fda59bc5ead54ce812d1d3bffe866ab. This broke our normal tests in the security group rule create. we forgot to run those in the sandbox too. please fix. Change-Id: I7bf12b07e24f73d29bc90f1cff0bd90253e17915 Signed-off-by: Jamo Luhrsen --- diff --git a/csit/libraries/OpenStackOperations.robot b/csit/libraries/OpenStackOperations.robot index 82408eeb9a..6f050e5838 100644 --- a/csit/libraries/OpenStackOperations.robot +++ b/csit/libraries/OpenStackOperations.robot @@ -318,17 +318,6 @@ Get VM IPs OpenStackOperations.Copy DHCP Files From Control Node [Return] @{vm_ips} ${ips_and_console_log[1]} -Get Two Port VM IP Addresses - [Arguments] ${conn_id} ${vm_name} - [Documentation] Show information of a given two port VM and grep for two ip address. VM name should be sent as arguments. - SSHLibrary.Switch Connection ${conn_id} - ${cmd} = BuiltIn.Set Variable openstack server show ${vm_name} - ${output} = OpenStackOperations.OpenStack CLI ${cmd} - BuiltIn.Log ${output} - ${address_output} = OpenStackOperations.OpenStack CLI ${cmd} | grep "addresses" | awk '{print $4$5}' - @{vm_ips} = String.Get Regexp Matches ${address_output} ${REGEX_IPV4} - [Return] @{vm_ips} - Get Subnet Gateway Ip [Arguments] ${subnet_name} [Documentation] Show information of a subnet and grep for subnet gateway ip address @@ -435,10 +424,10 @@ Execute Command on VM Instance [Documentation] Login to the vm instance using ssh in the network, executes a command inside the VM and returns the ouput. OpenStackOperations.Get ControlNode Connection ${net_id} = OpenStackOperations.Get Net Id ${net_name} - ${output} = Utils.Write Commands Until Expected Prompt sudo ip netns exec qdhcp-${net_id} ssh ${user}@${vm_ip} -o ConnectTimeout=10 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null password: timeout=60s - ${output} = Utils.Write Commands Until Expected Prompt ${password} ${OS_SYSTEM_PROMPT} timeout=60s + ${output} = Utils.Write Commands Until Expected Prompt sudo ip netns exec qdhcp-${net_id} ssh ${user}@${vm_ip} -o ConnectTimeout=10 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null password: + ${output} = Utils.Write Commands Until Expected Prompt ${password} ${OS_SYSTEM_PROMPT} ${rcode} = BuiltIn.Run Keyword And Return Status OpenStackOperations.Check If Console Is VmInstance - ${output} = BuiltIn.Run Keyword If ${rcode} Utils.Write Commands Until Expected Prompt ${cmd} ${OS_SYSTEM_PROMPT} timeout=60s + ${output} = BuiltIn.Run Keyword If ${rcode} Utils.Write Commands Until Expected Prompt ${cmd} ${OS_SYSTEM_PROMPT} [Teardown] Exit From Vm Console [Return] ${output} @@ -646,8 +635,8 @@ Neutron Security Group Rule Create ${port_range_min} BuiltIn.Run Keyword If ${Kwargs} Collections.Pop From Dictionary ${Kwargs} port_range_min default=${None} ${protocol} BuiltIn.Run Keyword If ${Kwargs} Collections.Pop From Dictionary ${Kwargs} protocol default=${None} ${remote_group_id} BuiltIn.Run Keyword If ${Kwargs} Collections.Pop From Dictionary ${Kwargs} remote_group_id default=${None} - ${remote_ip_prefix} BuiltIn.Run Keyword If ${Kwargs} Collections.Pop From Dictionary ${Kwargs} remote-ip default=${None} - ${cmd} = BuiltIn.Set Variable openstack security group rule create + ${remote_ip_prefix} BuiltIn.Run Keyword If ${Kwargs} Collections.Pop From Dictionary ${Kwargs} remote_ip_prefix default=${None} + ${cmd} = BuiltIn.Set Variable openstack security group rule create ${Security_group_name} ${cmd} = BuiltIn.Run Keyword If '${description}'!='None' BuiltIn.Catenate ${cmd} --description ${description} ... ELSE BuiltIn.Catenate ${cmd} ${cmd} = BuiltIn.Run Keyword If '${direction}'!='None' BuiltIn.Catenate ${cmd} --${direction} @@ -662,7 +651,7 @@ Neutron Security Group Rule Create ... ELSE BuiltIn.Catenate ${cmd} ${cmd} = BuiltIn.Run Keyword If '${remote_group_id}'!='None' BuiltIn.Catenate ${cmd} --remote-group ${remote_group_id} ... ELSE BuiltIn.Catenate ${cmd} - ${cmd} = BuiltIn.Run Keyword If '${remote_ip_prefix}'!='None' BuiltIn.Catenate ${cmd} --remote-ip ${remote_ip_prefix} ${Security_group_name} + ${cmd} = BuiltIn.Run Keyword If '${remote_ip_prefix}'!='None' BuiltIn.Catenate ${cmd} --src-ip ${remote_ip_prefix} ... ELSE BuiltIn.Catenate ${cmd} ${output} = OpenStack CLI ${cmd} ${rule_id} = BuiltIn.Should Match Regexp ${output} ${REGEX_UUID} diff --git a/csit/suites/openstack/securitygroup/acl.robot b/csit/suites/openstack/securitygroup/acl.robot deleted file mode 100644 index 43ca6e31f7..0000000000 --- a/csit/suites/openstack/securitygroup/acl.robot +++ /dev/null @@ -1,155 +0,0 @@ -*** Settings *** -Documentation Test suite to validate ARP functionality for ACL_Enhancement feature. -Suite Setup Start Suite -Suite Teardown OpenStackOperations.OpenStack Suite Teardown -Test Setup SetupUtils.Setup_Test_With_Logging_And_Without_Fast_Failing -Test Teardown OpenStackOperations.Get Test Teardown Debugs -Library OperatingSystem -Library RequestsLibrary -Library String -Resource ../../../libraries/DevstackUtils.robot -Resource ../../../libraries/KarafKeywords.robot -Resource ../../../libraries/OVSDB.robot -Resource ../../../libraries/OpenStackOperations.robot -Resource ../../../libraries/OvsManager.robot -Resource ../../../libraries/SetupUtils.robot -Resource ../../../libraries/Utils.robot -Resource ../../../variables/Variables.robot -Resource ../../../variables/netvirt/Variables.robot - -*** Variables *** -@{REQ_NETWORKS} acl_net_1 acl_net_2 -@{REQ_SUBNETS} acl_subnet_1 acl_subnet_2 -@{REQ_SUBNET_CIDR} 30.30.30.0/24 40.40.40.0/24 -@{PORTS} acl_port_1 acl_port_2 acl_port_3 acl_port_4 acl_port_5 acl_port_6 -@{VM_NAMES} acl_myvm_1 acl_myvm_2 acl_myvm_3 -@{SECURITY_GROUP} acl_sg_1 -${VIRTUAL_IP} 30.30.30.100/24 -${PACKET_COUNT} 5 -${RANDOM_IP} 11.11.11.11 -${NETMASK} 255.255.255.0 -${PACKET_COUNT_ZERO} 0 -${DHCP_CMD} sudo /sbin/cirros-dhcpc up eth1 -${SPOOF} 30.30.30.100 -@{SPOOF_MAC_ADDRESS} FA:17:3E:73:65:86 fa:16:3e:3d:3b:5e -${ARP_CONFIG} sudo ifconfig eth0 down \n sudo ifconfig eth0 hw ether ${SPOOF_MAC_ADDRESS[0]} \n sudo ifconfig eth0 up -${timeout} 60 - -*** Test Cases *** -Verify ARP request Valid MAC and Valid IP for the VM Egress Table - [Documentation] Verifying ARP resquest resolved for Valid MAC and Valid IP at the VM Egress Table - BuiltIn.Wait Until Keyword Succeeds 60s 10s OpenStackOperations.Execute Command on VM Instance @{REQ_NETWORKS}[0] @{VM_IP_DPN1}[0] ${DHCP_CMD} - BuiltIn.Wait Until Keyword Succeeds 60s 10s OpenStackOperations.Execute Command on VM Instance @{REQ_NETWORKS}[0] @{VM_IP_DPN2}[0] ${DHCP_CMD} - ${get_pkt_count_before_arp} OvsManager.Get Packet Count From Table ${OS_COMPUTE_1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep ${VM1_METADATA} | grep arp_sha - ${arping_cli} = BuiltIn.Set Variable sudo arping -I eth0 -c ${PACKET_COUNT} \ ${RANDOM_IP} - BuiltIn.Wait Until Keyword Succeeds 60s 10s OpenStackOperations.Execute Command on VM Instance ${REQ_NETWORKS[1]} @{VM_IP_DPN1}[1] ${arping_cli} - ${get_pkt_count_after_arp} OvsManager.Get Packet Count From Table ${OS_COMPUTE_1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep ${VM1_METADATA} | grep arp_sha - ${pkt_diff} = BuiltIn.Evaluate int(${get_pkt_count_after_arp})-int(${get_pkt_count_before_arp}) - BuiltIn.Should Be Equal As Numbers ${pkt_diff} ${PACKET_COUNT} - -Verify ARP request generated from Spoofed IP for the VM - [Documentation] Verifying ARP resquest generated for Spoofed IP with Valid MAC and Validate the packet drop at the VM Egress Table - ${arp_int_up_cli} = BuiltIn.Set Variable sudo ifconfig eth0:1 ${SPOOF} netmask ${NETMASK} up - ${output} = BuiltIn.Wait Until Keyword Succeeds 60s 10s OpenStackOperations.Execute Command on VM Instance @{REQ_NETWORKS}[1] @{VM_IP_DPN1}[1] - ... ${arp_int_up_cli} - ${get_pkt_count_before_arp} OvsManager.Get Packet Count From Table ${OS_COMPUTE_1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep ${VM1_METADATA} | grep arp_sha - ${get_arp_drop_pkt_before} OvsManager.Get Packet Count From Table ${OS_COMPUTE_1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep arp | grep goto_table:217 - ${arping_cli} = BuiltIn.Set Variable sudo arping -s ${SPOOF} -c ${PACKET_COUNT} \ ${RANDOM_IP} - ${output} = BuiltIn.Wait Until Keyword Succeeds 60s 10s OpenStackOperations.Execute Command on VM Instance @{REQ_NETWORKS}[1] @{VM_IP_DPN1}[1] - ... ${arping_cli} - ${get_pkt_count_after_arp} OvsManager.Get Packet Count From Table ${OS_COMPUTE_1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep ${VM1_METADATA} | grep arp_sha - ${get_arp_drop_pkt_after} OvsManager.Get Packet Count From Table ${OS_COMPUTE_1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep arp | grep goto_table:217 - ${pkt_diff_arp_drop} = BuiltIn.Evaluate int(${get_arp_drop_pkt_after})-int(${get_arp_drop_pkt_before}) - ${pkt_diff} = BuiltIn.Evaluate int(${get_pkt_count_after_arp})-int(${get_pkt_count_before_arp}) - BuiltIn.Should Be Equal As Numbers ${pkt_diff} ${PACKET_COUNT_ZERO} - BuiltIn.Should Be Equal As Numbers ${pkt_diff_arp_drop} ${PACKET_COUNT} - -Verify ARP request generated from Spoofed MAC for the VM - [Documentation] Verifying ARP resquest generated for Spoofed MAC with Valid IP and Validate the ARP packet drop at the VM Egress Table - ${count} = String.Get Line Count ${ARP_CONFIG} - : FOR ${index} IN RANGE 0 ${count} - \ ${cmd} = String.Get Line ${ARP_CONFIG} ${index} - \ ${output} = BuiltIn.Wait Until Keyword Succeeds 60s 10s OpenStackOperations.Execute Command on VM Instance @{REQ_NETWORKS}[1] - \ ... @{VM_IP_DPN1}[1] ${cmd} - ${get_pkt_count_before_arp} OvsManager.Get Packet Count From Table ${OS_COMPUTE_1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep ${VM1_METADATA}|grep arp_sha - ${get_arp_drop_pkt_before} OvsManager.Get Packet Count From Table ${OS_COMPUTE_1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep arp | grep goto_table:217 - ${arping_cli} = BuiltIn.Set Variable sudo arping -I eth0 -c ${PACKET_COUNT} \ ${RANDOM_IP} - BuiltIn.Wait Until Keyword Succeeds 60s 10s OpenStackOperations.Execute Command on VM Instance @{REQ_NETWORKS}[1] @{VM_IP_DPN1}[1] ${arping_cli} - ${get_pkt_count_after_arp} OvsManager.Get Packet Count From Table ${OS_COMPUTE_1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep ${VM1_METADATA}|grep arp_sha - ${get_arp_drop_pkt_after} OvsManager.Get Packet Count From Table ${OS_COMPUTE_1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep arp | grep goto_table:217 - ${pkt_diff} = BuiltIn.Evaluate int(${get_pkt_count_after_arp})-int(${get_pkt_count_before_arp}) - ${pkt_diff_arp_drop} = BuiltIn.Evaluate int(${get_arp_drop_pkt_after})-int(${get_arp_drop_pkt_before}) - BuiltIn.Should Be Equal As Numbers ${pkt_diff} ${PACKET_COUNT_ZERO} - BuiltIn.Should Be Equal As Numbers ${pkt_diff_arp_drop} ${PACKET_COUNT} - -Verify ARP request generated from Spoofed IP and spoofed MAC for the VM - [Documentation] Verifying ARP resquest generated for Spoofed MAC with Spoofed IP and Validate the ARP packet drop at the VM Egress Table - ${get_pkt_count_before_arp} OvsManager.Get Packet Count From Table ${OS_COMPUTE_1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep ${VM1_METADATA}|grep arp_sha - ${get_arp_drop_pkt_before} OvsManager.Get Packet Count From Table ${OS_COMPUTE_1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep arp | grep goto_table:217 - ${arping_cli} = BuiltIn.Set Variable sudo arping -s ${SPOOF} -c ${PACKET_COUNT} \ ${RANDOM_IP} - BuiltIn.Wait Until Keyword Succeeds 60s 10s OpenStackOperations.Execute Command on VM Instance @{REQ_NETWORKS}[1] @{VM_IP_DPN1}[1] ${arping_cli} - ${get_pkt_count_after_arp} OvsManager.Get Packet Count From Table ${OS_COMPUTE_1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep ${VM1_METADATA}|grep arp_sha - ${get_arp_drop_pkt_after} OvsManager.Get Packet Count From Table ${OS_COMPUTE_1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep arp | grep goto_table:217 - ${pkt_diff} = BuiltIn.Evaluate int(${get_pkt_count_after_arp})-int(${get_pkt_count_before_arp}) - ${pkt_diff_arp_drop} = BuiltIn.Evaluate int(${get_arp_drop_pkt_after})-int(${get_arp_drop_pkt_before}) - BuiltIn.Should Be Equal As Numbers ${pkt_diff} ${PACKET_COUNT_ZERO} - BuiltIn.Should Be Equal As Numbers ${pkt_diff_arp_drop} ${PACKET_COUNT} - -*** Keywords *** -Start Suite - [Documentation] Suite setup for ACL_Enhancement feature - OpenStackOperations.OpenStack Suite Setup - Create Setup - -Create Setup - [Documentation] Create Two Networks, Two Subnets, Four Ports - Create Neutron Networks 2 - Create Neutron Subnets 2 - OpenStackOperations.Neutron Security Group Create @{SECURITY_GROUP}[0] - OpenStackOperations.Delete All Security Group Rules @{SECURITY_GROUP}[0] - OpenStackOperations.Create Port @{REQ_NETWORKS}[0] @{PORTS}[0] sg=@{SECURITY_GROUP}[0] - OpenStackOperations.Create Port @{REQ_NETWORKS}[1] @{PORTS}[1] sg=@{SECURITY_GROUP}[0] - OpenStackOperations.Create Port @{REQ_NETWORKS}[0] @{PORTS}[2] sg=@{SECURITY_GROUP}[0] - OpenStackOperations.Create Port @{REQ_NETWORKS}[1] @{PORTS}[3] sg=@{SECURITY_GROUP}[0] - OpenStackOperations.Neutron Security Group Rule Create @{SECURITY_GROUP}[0] direction=ingress protocol=icmp remote-ip=0.0.0.0/0 - OpenStackOperations.Neutron Security Group Rule Create @{SECURITY_GROUP}[0] direction=egress protocol=icmp remote-ip=0.0.0.0/0 - OpenStackOperations.Neutron Security Group Rule Create @{SECURITY_GROUP}[0] direction=ingress port_range_max=65535 port_range_min=1 protocol=tcp remote-ip=0.0.0.0/0 - OpenStackOperations.Neutron Security Group Rule Create @{SECURITY_GROUP}[0] direction=egress port_range_max=65535 port_range_min=1 protocol=tcp remote-ip=0.0.0.0/0 - OpenStackOperations.Create Vm Instance With Ports On Compute Node @{PORTS}[0] @{PORTS}[1] @{VM_NAMES}[0] ${OS_CMP1_HOSTNAME} flavor=m1.tiny sg=@{SECURITY_GROUP}[0] - OpenStackOperations.Create Vm Instance With Ports On Compute Node @{PORTS}[2] @{PORTS}[3] @{VM_NAMES}[1] ${OS_CMP2_HOSTNAME} flavor=m1.tiny sg=@{SECURITY_GROUP}[0] - @{VM_IP_DPN1} = BuiltIn.Wait Until Keyword Succeeds 300 sec 15 sec OpenStackOperations.Get Two Port VM IP Addresses ${OS_CMP1_CONN_ID} @{VM_NAMES}[0] - @{VM_IP_DPN2} = BuiltIn.Wait Until Keyword Succeeds 300 sec 15 sec OpenStackOperations.Get Two Port VM IP Addresses ${OS_CMP2_CONN_ID} @{VM_NAMES}[1] - BuiltIn.Set Suite Variable @{VM_IP_DPN1} - BuiltIn.Set Suite Variable @{VM_IP_DPN2} - BuiltIn.Should Not Contain @{VM_IP_DPN1}[0] None - BuiltIn.Should Not Contain @{VM_IP_DPN1}[1] None - BuiltIn.Should Not Contain @{VM_IP_DPN2}[0] None - BuiltIn.Should Not Contain @{VM_IP_DPN2}[1] None - ${VM1_PORT} = Get Vm Port ${OS_COMPUTE_1_IP} @{PORTS}[0] - ${VM1_METADATA} = OVSDB.Get Port Metadata ${OS_COMPUTE_1_IP} ${VM1_PORT} - BuiltIn.Set Suite Variable ${VM1_METADATA} - -Create Neutron Networks - [Arguments] ${num_of_network} - [Documentation] Create required number of networks - : FOR ${net} IN @{REQ_NETWORKS} - \ OpenStackOperations.Create Network ${net} - ${net_list} OpenStackOperations.List Networks - : FOR ${index} IN RANGE 0 ${num_of_network} - \ BuiltIn.Should Contain ${net_list} ${REQ_NETWORKS[${index}]} - -Create Neutron Subnets - [Arguments] ${NUM_OF_NETWORK} - [Documentation] Create required number of subnets for previously created networks - : FOR ${index} IN RANGE 0 ${NUM_OF_NETWORK} - \ OpenStackOperations.Create SubNet ${REQ_NETWORKS[${index}]} ${REQ_SUBNETS[${index}]} ${REQ_SUBNET_CIDR[${index}]} - ${sub_list} OpenStackOperations.List Subnets - : FOR ${index} IN RANGE 0 ${NUM_OF_NETWORK} - \ BuiltIn.Should Contain ${sub_list} ${REQ_SUBNETS[${index}]} - -Get Vm Port - [Arguments] ${ip_address} ${portname} - [Documentation] Get the port number for given portname - ${subportid} = OpenStackOperations.Get Sub Port Id ${portname} - ${vm_port} = OVSDB.Get Port Number ${subportid} ${ip_address} - [Return] ${vm_port} diff --git a/csit/testplans/netvirt-1node-tdd-wip-openstack.txt b/csit/testplans/netvirt-1node-tdd-wip-openstack.txt index a8e86a05ce..43427a173e 100644 --- a/csit/testplans/netvirt-1node-tdd-wip-openstack.txt +++ b/csit/testplans/netvirt-1node-tdd-wip-openstack.txt @@ -4,5 +4,4 @@ integration/test/csit/suites/netvirt/vpnservice/vpn_basic_dualstack_one_router.robot integration/test/csit/suites/netvirt/host_route/host_route_handling.robot integration/test/csit/suites/netvirt/aclservicerecovery/aclservicerecovery.robot -integration/test/csit/suites/openstack/securitygroup/acl.robot integration/test/csit/suites/integration/Create_JVM_Plots.robot