1 # Copyright 2015 OpenStack Foundation
4 # Licensed under the Apache License, Version 2.0 (the "License"); you may
5 # not use this file except in compliance with the License. You may obtain
6 # a copy of the License at
8 # http://www.apache.org/licenses/LICENSE-2.0
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13 # License for the specific language governing permissions and limitations
18 from neutron.tests.api import base
19 from neutron.tests.api import base_security_groups as base_security
20 from neutron.tests.tempest import config
21 from neutron.tests.tempest import test
22 from tempest_lib import exceptions as lib_exc
26 FAKE_MAC = '00:25:64:e8:19:dd'
30 class PortSecTest(base_security.BaseSecGroupTest,
31 base.BaseNetworkTest):
33 @test.attr(type='smoke')
34 @test.idempotent_id('7c338ddf-e64e-4118-bd33-e49a1f2f1495')
35 @test.requires_ext(extension='port-security', service='network')
36 def test_port_sec_default_value(self):
37 # Default port-sec value is True, and the attr of the port will inherit
38 # from the port-sec of the network when it not be specified in API
39 network = self.create_network()
40 self.assertTrue(network['port_security_enabled'])
41 self.create_subnet(network)
42 port = self.create_port(network)
43 self.assertTrue(port['port_security_enabled'])
45 @test.attr(type='smoke')
46 @test.idempotent_id('e60eafd2-31de-4c38-8106-55447d033b57')
47 @test.requires_ext(extension='port-security', service='network')
49 @ddt.data({'port_sec_net': False, 'port_sec_port': True, 'expected': True},
50 {'port_sec_net': True, 'port_sec_port': False,
52 def test_port_sec_specific_value(self, port_sec_net, port_sec_port,
54 network = self.create_network(port_security_enabled=port_sec_net)
55 self.create_subnet(network)
56 port = self.create_port(network, port_security_enabled=port_sec_port)
57 self.assertEqual(network['port_security_enabled'], port_sec_net)
58 self.assertEqual(port['port_security_enabled'], expected)
60 @test.attr(type=['smoke'])
61 @test.idempotent_id('05642059-1bfc-4581-9bc9-aaa5db08dd60')
62 @test.requires_ext(extension='port-security', service='network')
63 def test_create_port_sec_with_security_group(self):
64 network = self.create_network(port_security_enabled=True)
65 self.create_subnet(network)
67 port = self.create_port(network, security_groups=[])
68 self.assertTrue(port['port_security_enabled'])
69 self.client.delete_port(port['id'])
71 port = self.create_port(network, security_groups=[],
72 port_security_enabled=False)
73 self.assertFalse(port['port_security_enabled'])
74 self.assertEmpty(port['security_groups'])
76 @test.attr(type=['negative', 'smoke'])
77 @test.idempotent_id('05642059-1bfc-4581-9bc9-aaa5db08dd60')
78 @test.requires_ext(extension='port-security', service='network')
79 def test_port_sec_update_port_failed(self):
80 network = self.create_network()
81 self.create_subnet(network)
83 sec_group_body, sec_group_name = self._create_security_group()
84 port = self.create_port(network)
86 # Exception when set port-sec to False with sec-group defined
87 self.assertRaises(lib_exc.Conflict, self.update_port, port,
88 port_security_enabled=False)
90 port = self.update_port(port, security_groups=[],
91 port_security_enabled=False)
92 self.assertEmpty(port['security_groups'])
93 self.assertFalse(port['port_security_enabled'])
94 port = self.update_port(
95 port, security_groups=[sec_group_body['security_group']['id']],
96 port_security_enabled=True)
98 self.assertNotEmpty(port['security_groups'])
99 self.assertTrue(port['port_security_enabled'])
101 # Remove security group from port before deletion on resource_cleanup
102 self.update_port(port, security_groups=[])
104 @test.attr(type=['smoke'])
105 @test.idempotent_id('05642059-1bfc-4581-9bc9-aaa5db08dd60')
106 @test.requires_ext(extension='port-security', service='network')
107 def test_port_sec_update_pass(self):
108 network = self.create_network()
109 self.create_subnet(network)
110 sec_group, _ = self._create_security_group()
111 sec_group_id = sec_group['security_group']['id']
112 port = self.create_port(network, security_groups=[sec_group_id],
113 port_security_enabled=True)
115 self.assertNotEmpty(port['security_groups'])
116 self.assertTrue(port['port_security_enabled'])
118 port = self.update_port(port, security_groups=[])
119 self.assertEmpty(port['security_groups'])
120 self.assertTrue(port['port_security_enabled'])
122 port = self.update_port(port, security_groups=[sec_group_id])
123 self.assertNotEmpty(port['security_groups'])
124 port = self.update_port(port, security_groups=[],
125 port_security_enabled=False)
126 self.assertEmpty(port['security_groups'])
127 self.assertFalse(port['port_security_enabled'])
129 @test.attr(type=['smoke'])
130 @test.idempotent_id('2df6114b-b8c3-48a1-96e8-47f08159d35c')
131 @test.requires_ext(extension='port-security', service='network')
132 def test_delete_with_port_sec(self):
133 network = self.create_network(port_security_enabled=True)
134 port = self.create_port(network=network,
135 port_security_enabled=True)
136 self.client.delete_port(port['id'])
137 self.assertTrue(self.client.is_resource_deleted('port', port['id']))
138 self.client.delete_network(network['id'])
140 self.client.is_resource_deleted('network', network['id']))
142 @test.attr(type=['negative', 'smoke'])
143 @test.idempotent_id('ed93e453-3f8d-495e-8e7e-b0e268c2ebd9')
144 def test_allow_address_pairs(self):
145 network = self.create_network()
146 self.create_subnet(network)
147 port = self.create_port(network=network, port_security_enabled=False)
148 allowed_address_pairs = [{'ip_address': FAKE_IP,
149 'mac_address': FAKE_MAC}]
151 # Exception when set address-pairs with port-sec is False
152 self.assertRaises(lib_exc.Conflict,
153 self.update_port, port,
154 allowed_address_pairs=allowed_address_pairs)