From 2513b27e03abad158e86efe0a41a246f30378d32 Mon Sep 17 00:00:00 2001 From: basavarajhh Date: Wed, 19 Oct 2016 05:23:00 -0700 Subject: [PATCH] New feature Neutron security group scripts and library commit Change-Id: I5fdf261df0b4f582b9e1473014a3130723458cbf Signed-off-by: basavarajhh --- csit/libraries/OpenStackOperations.robot | 104 +++++++++ .../Neutron_Security_Group.robot | 199 ++++++++++++++++++ .../netvirt-vpnservice-1node-openstack.txt | 1 + 3 files changed, 304 insertions(+) create mode 100755 csit/suites/openstack/NeutronSecurityGrp/Neutron_Security_Group.robot diff --git a/csit/libraries/OpenStackOperations.robot b/csit/libraries/OpenStackOperations.robot index 8ed3d26a8c..f018dba6b7 100644 --- a/csit/libraries/OpenStackOperations.robot +++ b/csit/libraries/OpenStackOperations.robot @@ -422,3 +422,107 @@ Create Security Rule Switch Connection ${devstack_conn_id} ${output}= Write Commands Until Prompt neutron security-group-rule-create --direction ${direction} --protocol ${protocol} --port-range-min ${min_port} --port-range-max ${max_port} --remote-ip-prefix ${remote_ip} ${sg_name} Close Connection + +Neutron Security Group Show + [Arguments] ${SecurityGroupRuleName} ${additional_args}=${EMPTY} + [Documentation] Displays the neutron security group configurations that belongs to a given neutron security group name + ${devstack_conn_id}= Get ControlNode Connection + Switch Connection ${devstack_conn_id} + ${cmd}= Set Variable neutron security-group-show ${SecurityGroupRuleName} ${additional_args} + Log ${cmd} + ${output}= Write Commands Until Prompt ${cmd} 30s + Log ${output} + Close Connection + [Return] ${output} + +Neutron Port Show + [Arguments] ${PortName} ${additional_args}=${EMPTY} + [Documentation] Display the port configuration that belong to a given neutron port + ${devstack_conn_id}= Get ControlNode Connection + Switch Connection ${devstack_conn_id} + ${cmd}= Set Variable neutron port-show ${PortName} ${additional_args} + Log ${cmd} + ${output}= Write Commands Until Prompt ${cmd} 30s + Log ${output} + Close Connection + [Return] ${output} + +Neutron Security Group Create + [Arguments] ${SecurityGroupName} ${additional_args}=${EMPTY} + [Documentation] Create a security group with specified name ,description & protocol value according to security group template + ${devstack_conn_id}= Get ControlNode Connection + Switch Connection ${devstack_conn_id} + ${cmd}= Set Variable neutron security-group-create ${SecurityGroupName} ${additional_args} + Log ${cmd} + ${output}= Write Commands Until Prompt ${cmd} 30s + Log ${output} + Should Contain ${output} Created a new security_group + ${sgp_id}= Should Match Regexp ${output} [0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} + Log ${sgp_id} + Close Connection + [Return] ${output} ${sgp_id} + +Neutron Security Group Update + [Arguments] ${SecurityGroupName} ${additional_args}=${EMPTY} + [Documentation] Updating security groups + ${devstack_conn_id}= Get ControlNode Connection + Switch Connection ${devstack_conn_id} + ${cmd}= Set Variable neutron security-group-update ${SecurityGroupName} ${additional_args} + Log ${cmd} + ${output}= Write Commands Until Prompt ${cmd} 30s + Log ${output} + Close Connection + [Return] ${output} + +Neutron Security Group Rule Create + [Arguments] ${Security_group_name} &{Kwargs} + [Documentation] Creates neutron security rule with neutron request with or without optional params, here security group name is mandatory args, rule with optional params can be created by passing the optional args values ex: direction=${INGRESS_EGRESS}, Then these optional params are catenated with mandatory args, example of usage: "Neutron Security Group Rule Create ${SGP_SSH} direction=${RULE_PARAMS[0]} ethertype=${RULE_PARAMS[1]} ..." + ${devstack_conn_id}= Get ControlNode Connection + Switch Connection ${devstack_conn_id} + Run Keyword If ${Kwargs} Log ${Kwargs} + ${description} Run Keyword If ${Kwargs} Pop From Dictionary ${Kwargs} description default=${None} + ${direction} Run Keyword If ${Kwargs} Pop From Dictionary ${Kwargs} direction default=${None} + ${ethertype} Run Keyword If ${Kwargs} Pop From Dictionary ${Kwargs} ethertype default=${None} + ${port_range_max} Run Keyword If ${Kwargs} Pop From Dictionary ${Kwargs} port_range_max default=${None} + ${port_range_min} Run Keyword If ${Kwargs} Pop From Dictionary ${Kwargs} port_range_min default=${None} + ${protocol} Run Keyword If ${Kwargs} Pop From Dictionary ${Kwargs} protocol default=${None} + ${remote_group_id} Run Keyword If ${Kwargs} Pop From Dictionary ${Kwargs} remote_group_id default=${None} + ${remote_ip_prefix} Run Keyword If ${Kwargs} Pop From Dictionary ${Kwargs} remote_ip_prefix default=${None} + ${cmd}= Set Variable neutron security-group-rule-create ${Security_group_name} + ${cmd}= Run Keyword If '${description}'!='None' Catenate ${cmd} --description ${description} + ... ELSE Catenate ${cmd} + ${cmd}= Run Keyword If '${direction}'!='None' Catenate ${cmd} --direction ${direction} + ... ELSE Catenate ${cmd} + ${cmd}= Run Keyword If '${ethertype}'!='None' Catenate ${cmd} --ethertype ${ethertype} + ... ELSE Catenate ${cmd} + ${cmd}= Run Keyword If '${port_range_max}'!='None' Catenate ${cmd} --port_range_max ${port_range_max} + ... ELSE Catenate ${cmd} + ${cmd}= Run Keyword If '${port_range_min}'!='None' Catenate ${cmd} --port_range_min ${port_range_min} + ... ELSE Catenate ${cmd} + ${cmd}= Run Keyword If '${protocol}'!='None' Catenate ${cmd} --protocol ${protocol} + ... ELSE Catenate ${cmd} + ${cmd}= Run Keyword If '${remote_group_id}'!='None' Catenate ${cmd} --remote_group_id ${remote_group_id} + ... ELSE Catenate ${cmd} + ${cmd}= Run Keyword If '${remote_ip_prefix}'!='None' Catenate ${cmd} --remote_ip_prefix ${remote_ip_prefix} + ... ELSE Catenate ${cmd} + ${output}= Write Commands Until Prompt ${cmd} 30s + ${rule_id}= Should Match Regexp ${output} [0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} + Log ${rule_id} + Should Contain ${output} Created a new security_group_rule + Close Connection + [Return] ${output} ${rule_id} + +Create Neutron Port With Additional Params + [Arguments] ${network_name} ${port_name} ${additional_args}=${EMPTY} + [Documentation] Create Port With given additional parameters + ${devstack_conn_id}= Get ControlNode Connection + Switch Connection ${devstack_conn_id} + ${cmd}= Set Variable neutron -v port-create ${network_name} --name ${port_name} ${additional_args} + Log ${cmd} + ${OUTPUT}= Write Commands Until Prompt ${cmd} 30s + Log ${OUTPUT} + Should Contain ${output} Created a new port + ${port_id}= Should Match Regexp ${OUTPUT} [0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} + Log ${port_id} + Close Connection + [Return] ${OUTPUT} ${port_id} diff --git a/csit/suites/openstack/NeutronSecurityGrp/Neutron_Security_Group.robot b/csit/suites/openstack/NeutronSecurityGrp/Neutron_Security_Group.robot new file mode 100755 index 0000000000..17943113a1 --- /dev/null +++ b/csit/suites/openstack/NeutronSecurityGrp/Neutron_Security_Group.robot @@ -0,0 +1,199 @@ +*** Settings *** +Documentation Test Suite for Neutron Security Group +Suite Setup Create Session session http://${ODL_SYSTEM_IP}:${RESTCONFPORT} auth=${AUTH} headers=${HEADERS} +Test Teardown Get Flows ${OS_COMPUTE_1_IP} ${OS_COMPUTE_2_IP} +Library SSHLibrary +Library OperatingSystem +Library RequestsLibrary +Library json +Resource ../../../libraries/DevstackUtils.robot +Resource ../../../variables/Variables.robot + +*** Variables *** +${RESP_CODE} 200 +${DESCRIPTION} --description "new security group 1" +${VERIFY_DESCRIPTION} new security group 1 +${VERIFY_NAME} SSH_UPDATED +${NAME_UPDATE} --name SSH_UPDATED +${SECURITY_FALSE} --port-security-enabled false +${SECURITY_TRUE} --port-security-enabled true +${SEC_GROUP} /restconf/config/neutron:neutron/security-groups/ +${SEC_RULE} /restconf/config/neutron:neutron/security-rules/ +${ADD_ARG_SSH} --direction ingress --ethertype IPv4 --port_range_max 22 --port_range_min 22 --protocol tcp +@{NETWORK} net1 net2 net3 net4 net5 net6 net7 +... net8 net9 net10 +@{SUBNET} sub1 sub2 sub3 sub4 sub5 sub6 sub7 +... sub8 sub9 sub10 +@{IP_SUBNET} 20.2.1.0/24 20.2.2.0/24 20.2.3.0/24 20.2.4.0/24 20.2.5.0/24 20.2.6.0/24 +@{PORT} port01 port02 port03 port04 port05 port06 port07 +... port08 port09 port10 +${SECURITY_GROUPS} --security-group +@{SGP_SSH} SSH1 SSH2 SSH3 SSH4 SSH5 SSH6 SSH7 +... SSH8 SSH9 SSH10 +${ADD_ARG_SSH5} --direction ingress --ethertype IPv4 --port_range_max 20 --port_range_min 25 --protocol tcp +@{ADD_PARAMS} ingression IPv4 20 25 tcp +${ADD_ARG_SSH6} --direction ingress --ethertype IPv4 --port_range_max 25 --port_range_min -1 --protocol tcp +${ADD_ARG_SSH7} --direction ingress --ethertype IPv4 --port_range_max -1 --port_range_min 20 --protocol tcp +${PORT_RANGE_ERROR} For TCP/UDP protocols, port_range_min must be <= port_range_max +${INVALID_PORT_RANGE_MIN} Invalid value for port + +*** Testcases *** +TC01_Update Security Group description and Name + [Documentation] This test case validates the security group creation with optional parameter description, Update Security Group description and name + [Tags] Regression + Log "Creating security Group and verification" + Create Security Group and Validate ${SGP_SSH[0]} + Log "Creating security Rule and verification" + Create Security Rule and Validate ${SGP_SSH[0]} direction=${ADD_PARAMS[0]} ethertype=${ADD_PARAMS[1]} port_range_max=${ADD_PARAMS[3]} port_range_min=${ADD_PARAMS[2]} protocol=${ADD_PARAMS[4]} + Log "Fetching the flows from DPN1 and DPN2" + Get Flows ${OS_COMPUTE_1_IP} ${OS_COMPUTE_2_IP} + Log "Creating neutron setup as network subnet port" + Neutron Setup Creation ${NETWORK[0]} ${SUBNET[0]} ${IP_SUBNET[0]} ${PORT[0]} ${PORT[1]} ${SECURITY_GROUPS} + ... ${SGP_ID} + Log "Security group verification on Neutron port" + Security group verification on Neutron port ${PORT[0]} ${SGP_ID} + Security group verification on Neutron port ${PORT[1]} ${SGP_ID} + Log "Update Security Group Description and Verification" + Update Security Group Description and Verification ${SGP_ID} ${DESCRIPTION} ${VERIFY_DESCRIPTION} + Log "Update Security Group Name and Verification" + Update Security Group Name and Verification ${SGP_ID} ${NAME_UPDATE} ${VERIFY_NAME} + +TC02_Create Security Rule with port_range_min > port_range_max + [Documentation] This test case validates the security group and rule creation with optional parameters Create Security Rule with port_range_min greater than port_range_max + [Tags] Regression + Log "Creating security Group and verification" + Create Security Group and Validate ${SGP_SSH[1]} + Log "Fetching the flows from DPN1 and DPN2" + Get Flows ${OS_COMPUTE_1_IP} ${OS_COMPUTE_2_IP} + Log "Neutron Rule Creation With Port Range Min Grt Port Range Max and Validation" + Neutron Rule Creation With Invalid Parameters ${SGP_SSH[1]} ${ADD_ARG_SSH5} ${PORT_RANGE_ERROR} + +TC03_Create Security Rule with port_range_min = -1 + [Documentation] This test case validates the security group and rule creation with optional parameters, Create Security Rule with port_range_min = -1 + [Tags] Regression + Log "Creating security Group and verification" + Create Security Group and Validate ${SGP_SSH[2]} + Log "Fetching the flows from DPN1 and DPN2" + Get Flows ${OS_COMPUTE_1_IP} ${OS_COMPUTE_2_IP} + Log "Neutron Rule Creation With Port Range Min Grt Port Range Max and Validation" + Neutron Rule Creation With Invalid Parameters ${SGP_SSH[2]} ${ADD_ARG_SSH6} ${INVALID_PORT_RANGE_MIN} + +TC04_Create Security Rule with port_range_max = -1 + [Documentation] This test case validates the security group and rule creation with optional parameters, Create Security Rule with port_range_max = -1 + [Tags] Regression + Log "Creating security Group and verification" + Create Security Group and Validate ${SGP_SSH[3]} + Log "Fetching the flows from DPN1 and DPN2" + Get Flows ${OS_COMPUTE_1_IP} ${OS_COMPUTE_2_IP} + Log "Neutron Rule Creation With Port Range Min Grt Port Range Max and Validation" + Neutron Rule Creation With Invalid Parameters ${SGP_SSH[3]} ${ADD_ARG_SSH7} ${INVALID_PORT_RANGE_MIN} + +*** Keywords *** +Get Flows + [Arguments] ${OS_COMPUTE_1_IP} ${OS_COMPUTE_2_IP} + [Documentation] Get the Flows from DPN1 and DPN2 + Log "Fetching the flows from DPN1" + ${resp}= Run Command On Remote System ${OS_COMPUTE_1_IP} sudo ovs-ofctl dump-flows br-int -O OpenFlow13 + Log ${resp} + Log "Fetching the Groups from DPN1" + ${resp}= Run Command On Remote System ${OS_COMPUTE_1_IP} sudo ovs-ofctl dump-groups br-int -OOpenflow13 + Log ${resp} + Log "Fetching the flows from DPN2" + ${resp}= Run Command On Remote System ${OS_COMPUTE_2_IP} sudo ovs-ofctl dump-flows br-int -O OpenFlow13 + Log ${resp} + Log "Fetching the Groups from DPN2" + ${resp}= Run Command On Remote System ${OS_COMPUTE_2_IP} sudo ovs-ofctl dump-groups br-int -OOpenflow13 + Log ${resp} + +Create Security Group and Validate + [Arguments] ${SGP_SSH} + [Documentation] Create Security Group and Validate + Log "Creating security Group" + ${OUTPUT} ${SGP_ID} Neutron Security Group Create ${SGP_SSH} + Set Global Variable ${SGP_ID} + Log ${OUTPUT} + Log ${SGP_ID} + Log "Verifying the security group" + ${resp} RequestsLibrary.Get Request session ${SEC_GROUP} + Log ${resp.content} + Should Be Equal As Strings ${resp.status_code} ${RESP_CODE} + Should Contain ${resp.content} ${SGP_SSH} + +Create Security Rule and Validate + [Arguments] ${SGP_SSH} &{Kwargs} + [Documentation] Create Security Rule and Validate + Log "Creating the Rules for SSH groups" + ${OUTPUT} ${RULE_ID} Neutron Security Group Rule Create ${SGP_SSH} + Log ${OUTPUT} + Log ${RULE_ID} + Set Global Variable ${RULE_ID} + Log "Verifying the security Rule" + ${resp} RequestsLibrary.Get Request session ${SEC_RULE} + Log ${resp.content} + Should Be Equal As Strings ${resp.status_code} ${RESP_CODE} + Should Contain ${resp.content} ${RULE_ID} + +Neutron Setup Creation + [Arguments] ${NETWORK} ${SUBNET} ${IP_SUBNET} ${PORT1} ${PORT2} ${SECURITY_GROUPS} + ... ${SGP_ID} + [Documentation] Neutron Setup Creation + Log "Creating networks" + ${net_id} Create Network ${NETWORK} + Log ${net_id} + Set Global Variable ${net_id} + Log "Creating subnets" + ${subnet_id} Create SubNet ${NETWORK} ${SUBNET} ${IP_SUBNET} + Log ${subnet_id} + Set Global Variable ${subnet_id} + ${ADD_ARGMS}= Set Variable ${SECURITY_GROUPS} ${SGP_ID} + ${port_id} Create Neutron Port With Additional Params ${NETWORK} ${PORT1} ${ADD_ARGMS} + Log ${port_id} + Log "Creating ports" + ${port_id} Create Neutron Port With Additional Params ${NETWORK} ${PORT2} ${ADD_ARGMS} + Log ${port_id} + +Security group verification on Neutron port + [Arguments] ${PORT} ${SGP_ID} + [Documentation] Security group verification on Neutron port + Log "security group verification" + ${PORT_SHOW} Neutron Port Show ${PORT} + Log ${PORT_SHOW} + Should Contain ${PORT_SHOW} ${SGP_ID} + +Update Security Group Description and Verification + [Arguments] ${SGP_ID} ${DESCRIPTION} ${VERIFY_DESCRIPTION} + [Documentation] Update Security Group Description and Verification + Log "Update Security Group Description" + ${output} Neutron Security Group Update ${SGP_ID} ${DESCRIPTION} + Log "Verification of Description" + ${output} Neutron Security Group Show ${SGP_ID} + Log ${output} + Should Contain ${output} ${VERIFY_DESCRIPTION} + +Update Security Group Name and Verification + [Arguments] ${SGP_ID} ${NAME_UPDATE} ${VERIFY_NAME} + [Documentation] Update Security Group Name and Verification + Log "Update Security Group Name" + ${output} Neutron Security Group Update ${SGP_ID} ${NAME_UPDATE} + Log "Verification of Updated Name" + ${output} Neutron Security Group Show ${SGP_ID} + Log ${output} + Should Contain ${output} ${VERIFY_NAME} + Log "Verification of Updated Name via Rest" + ${resp} RequestsLibrary.Get Request session ${SEC_GROUP} + Log ${resp.content} + Should Be Equal As Strings ${resp.status_code} ${RESP_CODE} + Should Contain ${resp.content} ${VERIFY_NAME} + +Neutron Rule Creation With Invalid Parameters + [Arguments] ${SecurityGroupName} ${additional_args} ${EXPECTED_ERROR} + [Documentation] Neutron Rule Creation With Null Protocol + ${devstack_conn_id}= Get ControlNode Connection + Switch Connection ${devstack_conn_id} + ${cmd}= Set Variable neutron security-group-rule-create ${SecurityGroupName} ${additional_args} + Log ${cmd} + ${OUTPUT}= Write Commands Until Prompt ${cmd} 30s + Log ${OUTPUT} + Should Contain ${output} ${EXPECTED_ERROR} + Close Connection + [Return] ${OUTPUT} diff --git a/csit/testplans/netvirt-vpnservice-1node-openstack.txt b/csit/testplans/netvirt-vpnservice-1node-openstack.txt index c55b42da2b..1c60b8688e 100644 --- a/csit/testplans/netvirt-vpnservice-1node-openstack.txt +++ b/csit/testplans/netvirt-vpnservice-1node-openstack.txt @@ -1,3 +1,4 @@ +integration/test/csit/suites/openstack/NeutronSecurityGrp/ integration/test/csit/suites/openstack/tempest/ integration/test/csit/suites/openstack/connectivity/ integration/test/csit/suites/openstack/vpnservice/ -- 2.36.6