csit/suites/openstack/securitygroup/acl.robot

   1 *** Settings ***
   2 Documentation     Test suite to validate ARP functionality for ACL_Enhancement feature.
   3 Suite Setup       Start Suite
   4 Suite Teardown    OpenStackOperations.OpenStack Suite Teardown
   5 Test Setup        SetupUtils.Setup_Test_With_Logging_And_Without_Fast_Failing
   6 Test Teardown     OpenStackOperations.Get Test Teardown Debugs
   7 Library           OperatingSystem
   8 Library           RequestsLibrary
   9 Library           String
  10 Resource          ../../../libraries/DevstackUtils.robot
  11 Resource          ../../../libraries/KarafKeywords.robot
  12 Resource          ../../../libraries/OVSDB.robot
  13 Resource          ../../../libraries/OpenStackOperations.robot
  14 Resource          ../../../libraries/OvsManager.robot
  15 Resource          ../../../libraries/SetupUtils.robot
  16 Resource          ../../../libraries/Utils.robot
  17 Resource          ../../../variables/Variables.robot
  18 Resource          ../../../variables/netvirt/Variables.robot
  19
  20 *** Variables ***
  21 @{REQ_NETWORKS}    acl_net_1    acl_net_2
  22 @{REQ_SUBNETS}    acl_subnet_1    acl_subnet_2
  23 @{REQ_SUBNET_CIDR}    30.30.30.0/24    40.40.40.0/24
  24 @{PORTS}          acl_port_1    acl_port_2    acl_port_3    acl_port_4
  25 @{VM_NAMES}       acl_myvm_1    acl_myvm_2
  26 @{SECURITY_GROUP}    acl_sg_1
  27 ${VIRTUAL_IP}     30.30.30.100/24
  28 ${PACKET_COUNT}    5
  29 ${RANDOM_IP}      11.11.11.11
  30 ${NETMASK}        255.255.255.0
  31 ${PACKET_COUNT_ZERO}    0
  32 ${DHCP_CMD}       sudo /sbin/cirros-dhcpc up eth1
  33 ${SPOOF_IP}       30.30.30.100
  34 @{SPOOF_MAC_ADDRESSES}    FA:17:3E:73:65:86    fa:16:3e:3d:3b:5e
  35 ${ARP_CONFIG}     sudo ifconfig eth0 down \n sudo ifconfig eth0 hw ether ${SPOOF_MAC_ADDRESSES[0]} \n sudo ifconfig eth0 up
  36 ${ARP_SHA}        arp_sha
  37 ${ARP}            arp
  38 ${TABLE}          goto_table:217
  39
  40 *** Test Cases ***
  41 Verify ARP request Valid MAC and Valid IP for the VM Egress Table
  42     [Documentation]    Verifying ARP resquest resolved for Valid MAC and Valid IP at the VM Egress Table
  43     OpenStackOperations.Execute Command on VM Instance    @{REQ_NETWORKS}[0]    @{VM_IP_DPN1}[0]    ${DHCP_CMD}
  44     OpenStackOperations.Execute Command on VM Instance    @{REQ_NETWORKS}[0]    @{VM_IP_DPN2}[0]    ${DHCP_CMD}
  45     ${get_pkt_count_before_arp} =    OvsManager.Get Packet Count From Table    ${OS_CMP1_IP}    ${INTEGRATION_BRIDGE}    table=@{DEFAULT_FLOW_TABLES}[15]    | grep ${VM1_METADATA}.*${ARP_SHA}
  46     ${arping_cli} =    BuiltIn.Set Variable    sudo arping -I eth0 -c ${PACKET_COUNT} \ ${RANDOM_IP}
  47     OpenStackOperations.Execute Command on VM Instance    ${REQ_NETWORKS[1]}    @{VM_IP_DPN1}[1]    ${arping_cli}
  48     ${get_pkt_count_after_arp} =    OvsManager.Get Packet Count From Table    ${OS_CMP1_IP}    ${INTEGRATION_BRIDGE}    table=@{DEFAULT_FLOW_TABLES}[15]    | grep ${VM1_METADATA}.*${ARP_SHA}
  49     ${pkt_diff} =    BuiltIn.Evaluate    int(${get_pkt_count_after_arp})-int(${get_pkt_count_before_arp})
  50     BuiltIn.Should Be Equal As Numbers    ${pkt_diff}    ${PACKET_COUNT}
  51
  52 Verify ARP request generated from Spoofed IP for the VM
  53     [Documentation]    Verifying ARP resquest generated for Spoofed IP with Valid MAC and Validate the packet drop at the VM Egress Table
  54     ${arp_int_up_cli} =    BuiltIn.Set Variable    sudo ifconfig eth0:1 ${SPOOF_IP} netmask ${NETMASK} up
  55     ${output} =    OpenStackOperations.Execute Command on VM Instance    @{REQ_NETWORKS}[1]    @{VM_IP_DPN1}[1]    ${arp_int_up_cli}
  56     ${get_pkt_count_before_arp} =    OvsManager.Get Packet Count From Table    ${OS_CMP1_IP}    ${INTEGRATION_BRIDGE}    table=@{DEFAULT_FLOW_TABLES}[15]    | grep ${VM1_METADATA}.*${ARP_SHA}
  57     ${get_arp_drop_pkt_before} =    OvsManager.Get Packet Count From Table    ${OS_CMP1_IP}    ${INTEGRATION_BRIDGE}    table=@{DEFAULT_FLOW_TABLES}[15]    | grep ${ARP}.*${TABLE}
  58     ${arping_cli} =    BuiltIn.Set Variable    sudo arping -s ${SPOOF_IP} -c ${PACKET_COUNT} \ ${RANDOM_IP}
  59     ${output} =    OpenStackOperations.Execute Command on VM Instance    @{REQ_NETWORKS}[1]    @{VM_IP_DPN1}[1]    ${arping_cli}
  60     ${get_pkt_count_after_arp} =    OvsManager.Get Packet Count From Table    ${OS_CMP1_IP}    ${INTEGRATION_BRIDGE}    table=@{DEFAULT_FLOW_TABLES}[15]    | grep ${VM1_METADATA}.*${ARP_SHA}
  61     ${get_arp_drop_pkt_after}    OvsManager.Get Packet Count From Table    ${OS_CMP1_IP}    ${INTEGRATION_BRIDGE}    table=@{DEFAULT_FLOW_TABLES}[15]    | grep ${ARP}.*${TABLE}
  62     ${pkt_diff_arp_drop} =    BuiltIn.Evaluate    int(${get_arp_drop_pkt_after})-int(${get_arp_drop_pkt_before})
  63     ${pkt_diff} =    BuiltIn.Evaluate    int(${get_pkt_count_after_arp})-int(${get_pkt_count_before_arp})
  64     BuiltIn.Should Be Equal As Numbers    ${pkt_diff}    ${PACKET_COUNT_ZERO}
  65     BuiltIn.Should Be Equal As Numbers    ${pkt_diff_arp_drop}    ${PACKET_COUNT}
  66
  67 Verify ARP request generated from Spoofed MAC for the VM
  68     [Documentation]    Verifying ARP resquest generated for Spoofed MAC with Valid IP and Validate the ARP packet drop at the VM Egress Table
  69     ${count} =    String.Get Line Count    ${ARP_CONFIG}
  70     FOR    ${index}    IN RANGE    0    ${count}
  71         ${cmd} =    String.Get Line    ${ARP_CONFIG}    ${index}
  72         ${output} =    OpenStackOperations.Execute Command on VM Instance    @{REQ_NETWORKS}[1]    @{VM_IP_DPN1}[1]    ${cmd}
  73     END
  74     ${get_pkt_count_before_arp} =    OvsManager.Get Packet Count From Table    ${OS_CMP1_IP}    ${INTEGRATION_BRIDGE}    table=@{DEFAULT_FLOW_TABLES}[15]    | grep ${VM1_METADATA}.*${ARP_SHA}
  75     ${get_arp_drop_pkt_before} =    OvsManager.Get Packet Count From Table    ${OS_CMP1_IP}    ${INTEGRATION_BRIDGE}    table=@{DEFAULT_FLOW_TABLES}[15]    | grep ${ARP}.*${TABLE}
  76     ${arping_cli} =    BuiltIn.Set Variable    sudo arping -I eth0 -c ${PACKET_COUNT} \ ${RANDOM_IP}
  77     OpenStackOperations.Execute Command on VM Instance    @{REQ_NETWORKS}[1]    @{VM_IP_DPN1}[1]    ${arping_cli}
  78     ${get_pkt_count_after_arp} =    OvsManager.Get Packet Count From Table    ${OS_CMP1_IP}    ${INTEGRATION_BRIDGE}    table=@{DEFAULT_FLOW_TABLES}[15]    | grep ${VM1_METADATA}.*${ARP_SHA}
  79     ${get_arp_drop_pkt_after}    OvsManager.Get Packet Count From Table    ${OS_CMP1_IP}    ${INTEGRATION_BRIDGE}    table=@{DEFAULT_FLOW_TABLES}[15]    | grep ${ARP}.*${TABLE}
  80     ${pkt_diff} =    BuiltIn.Evaluate    int(${get_pkt_count_after_arp})-int(${get_pkt_count_before_arp})
  81     ${pkt_diff_arp_drop} =    BuiltIn.Evaluate    int(${get_arp_drop_pkt_after})-int(${get_arp_drop_pkt_before})
  82     BuiltIn.Should Be Equal As Numbers    ${pkt_diff}    ${PACKET_COUNT_ZERO}
  83     BuiltIn.Should Be Equal As Numbers    ${pkt_diff_arp_drop}    ${PACKET_COUNT}
  84
  85 Verify ARP request generated from Spoofed IP and spoofed MAC for the VM
  86     [Documentation]    Verifying ARP resquest generated for Spoofed MAC with Spoofed IP and Validate the ARP packet drop at the VM Egress Table
  87     ${get_pkt_count_before_arp} =    OvsManager.Get Packet Count From Table    ${OS_CMP1_IP}    ${INTEGRATION_BRIDGE}    table=@{DEFAULT_FLOW_TABLES}[15]    | grep ${VM1_METADATA}.*${ARP_SHA}
  88     ${get_arp_drop_pkt_before} =    OvsManager.Get Packet Count From Table    ${OS_CMP1_IP}    ${INTEGRATION_BRIDGE}    table=@{DEFAULT_FLOW_TABLES}[15]    | grep ${ARP}.*${TABLE}
  89     ${arping_cli} =    BuiltIn.Set Variable    sudo arping -s ${SPOOF_IP} -c ${PACKET_COUNT} \ ${RANDOM_IP}
  90     OpenStackOperations.Execute Command on VM Instance    @{REQ_NETWORKS}[1]    @{VM_IP_DPN1}[1]    ${arping_cli}
  91     ${get_pkt_count_after_arp} =    OvsManager.Get Packet Count From Table    ${OS_CMP1_IP}    ${INTEGRATION_BRIDGE}    table=@{DEFAULT_FLOW_TABLES}[15]    | grep ${VM1_METADATA}.*${ARP_SHA}
  92     ${get_arp_drop_pkt_after} =    OvsManager.Get Packet Count From Table    ${OS_CMP1_IP}    ${INTEGRATION_BRIDGE}    table=@{DEFAULT_FLOW_TABLES}[15]    | grep ${ARP}.*${TABLE}
  93     ${pkt_diff} =    BuiltIn.Evaluate    int(${get_pkt_count_after_arp})-int(${get_pkt_count_before_arp})
  94     ${pkt_diff_arp_drop} =    BuiltIn.Evaluate    int(${get_arp_drop_pkt_after})-int(${get_arp_drop_pkt_before})
  95     BuiltIn.Should Be Equal As Numbers    ${pkt_diff}    ${PACKET_COUNT_ZERO}
  96     BuiltIn.Should Be Equal As Numbers    ${pkt_diff_arp_drop}    ${PACKET_COUNT}
  97
  98 *** Keywords ***
  99 Start Suite
 100     [Documentation]    Suite setup for ACL_Enhancement feature
 101     OpenStackOperations.OpenStack Suite Setup
 102     Create Setup
 103
 104 Create Setup
 105     [Documentation]    Create Two Networks, Two Subnets, Four Ports
 106     Create Multiple Networks    @{REQ_NETWORKS}
 107     Create Multiple Subnets    ${REQ_NETWORKS}    ${REQ_SUBNETS}    ${REQ_SUBNET_CIDR}
 108     OpenStackOperations.Neutron Security Group Create    @{SECURITY_GROUP}[0]
 109     OpenStackOperations.Delete All Security Group Rules    @{SECURITY_GROUP}[0]
 110     OpenStackOperations.Create Port    @{REQ_NETWORKS}[0]    @{PORTS}[0]    sg=@{SECURITY_GROUP}[0]
 111     OpenStackOperations.Create Port    @{REQ_NETWORKS}[1]    @{PORTS}[1]    sg=@{SECURITY_GROUP}[0]
 112     OpenStackOperations.Create Port    @{REQ_NETWORKS}[0]    @{PORTS}[2]    sg=@{SECURITY_GROUP}[0]
 113     OpenStackOperations.Create Port    @{REQ_NETWORKS}[1]    @{PORTS}[3]    sg=@{SECURITY_GROUP}[0]
 114     OpenStackOperations.Neutron Security Group Rule Create    @{SECURITY_GROUP}[0]    direction=ingress    protocol=icmp    remote_ip=0.0.0.0/0
 115     OpenStackOperations.Neutron Security Group Rule Create    @{SECURITY_GROUP}[0]    direction=egress    protocol=icmp    remote_ip=0.0.0.0/0
 116     OpenStackOperations.Neutron Security Group Rule Create    @{SECURITY_GROUP}[0]    direction=ingress    port_range_max=65535    port_range_min=1    protocol=tcp    remote-ip=0.0.0.0/0
 117     OpenStackOperations.Neutron Security Group Rule Create    @{SECURITY_GROUP}[0]    direction=egress    port_range_max=65535    port_range_min=1    protocol=tcp    remote-ip=0.0.0.0/0
 118     OpenStackOperations.Create Vm Instance With Ports On Compute Node    @{PORTS}[0]    @{PORTS}[1]    @{VM_NAMES}[0]    ${OS_CMP1_HOSTNAME}    flavor=m1.tiny    sg=@{SECURITY_GROUP}[0]
 119     OpenStackOperations.Create Vm Instance With Ports On Compute Node    @{PORTS}[2]    @{PORTS}[3]    @{VM_NAMES}[1]    ${OS_CMP2_HOSTNAME}    flavor=m1.tiny    sg=@{SECURITY_GROUP}[0]
 120     FOR    ${vm}    IN    @{VM_NAMES}
 121         OpenStackOperations.Poll VM Is ACTIVE    ${vm}
 122     END
 123     @{VM_IP_DPN1} =    BuiltIn.Wait Until Keyword Succeeds    300 sec    15 sec    OpenStackOperations.Get All VM IP Addresses    ${OS_CMP1_CONN_ID}    @{VM_NAMES}[0]
 124     @{VM_IP_DPN2} =    BuiltIn.Wait Until Keyword Succeeds    300 sec    15 sec    OpenStackOperations.Get All VM IP Addresses    ${OS_CMP2_CONN_ID}    @{VM_NAMES}[1]
 125     BuiltIn.Set Suite Variable    @{VM_IP_DPN1}
 126     BuiltIn.Set Suite Variable    @{VM_IP_DPN2}
 127     FOR    ${ip}    IN    @{VM_IP_DPN1}
 128         BuiltIn.Should Not Contain    ${ip}    None
 129     END
 130     FOR    ${ip}    IN    @{VM_IP_DPN2}
 131         BuiltIn.Should Not Contain    ${ip}    None
 132     END
 133     ${VM1_PORT} =    Get VMs OVS Port Number    ${OS_CMP1_IP}    @{PORTS}[0]
 134     ${VM1_METADATA} =    OVSDB.Get Port Metadata    ${OS_CMP1_IP}    ${VM1_PORT}
 135     BuiltIn.Set Suite Variable    ${VM1_METADATA}