neutron/tests/api/test_extension_driver_port_security.py

   1 # Copyright 2015 OpenStack Foundation
   2 # All Rights Reserved.
   3 #
   4 #    Licensed under the Apache License, Version 2.0 (the "License"); you may
   5 #    not use this file except in compliance with the License. You may obtain
   6 #    a copy of the License at
   7 #
   8 #         http://www.apache.org/licenses/LICENSE-2.0
   9 #
  10 #    Unless required by applicable law or agreed to in writing, software
  11 #    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  12 #    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
  13 #    License for the specific language governing permissions and limitations
  14 #    under the License.
  15
  16 import ddt
  17
  18 from neutron.tests.api import base
  19 from neutron.tests.api import base_security_groups as base_security
  20 from neutron.tests.tempest import config
  21 from neutron.tests.tempest import test
  22 from tempest_lib import exceptions as lib_exc
  23
  24 CONF = config.CONF
  25 FAKE_IP = '10.0.0.1'
  26 FAKE_MAC = '00:25:64:e8:19:dd'
  27
  28
  29 @ddt.ddt
  30 class PortSecTest(base_security.BaseSecGroupTest,
  31                   base.BaseNetworkTest):
  32
  33     @test.attr(type='smoke')
  34     @test.idempotent_id('7c338ddf-e64e-4118-bd33-e49a1f2f1495')
  35     @test.requires_ext(extension='port-security', service='network')
  36     def test_port_sec_default_value(self):
  37         # Default port-sec value is True, and the attr of the port will inherit
  38         # from the port-sec of the network when it not be specified in API
  39         network = self.create_network()
  40         self.assertTrue(network['port_security_enabled'])
  41         self.create_subnet(network)
  42         port = self.create_port(network)
  43         self.assertTrue(port['port_security_enabled'])
  44
  45     @test.attr(type='smoke')
  46     @test.idempotent_id('e60eafd2-31de-4c38-8106-55447d033b57')
  47     @test.requires_ext(extension='port-security', service='network')
  48     @ddt.unpack
  49     @ddt.data({'port_sec_net': False, 'port_sec_port': True, 'expected': True},
  50               {'port_sec_net': True, 'port_sec_port': False,
  51                'expected': False})
  52     def test_port_sec_specific_value(self, port_sec_net, port_sec_port,
  53                                      expected):
  54         network = self.create_network(port_security_enabled=port_sec_net)
  55         self.create_subnet(network)
  56         port = self.create_port(network, port_security_enabled=port_sec_port)
  57         self.assertEqual(network['port_security_enabled'], port_sec_net)
  58         self.assertEqual(port['port_security_enabled'], expected)
  59
  60     @test.attr(type=['smoke'])
  61     @test.idempotent_id('05642059-1bfc-4581-9bc9-aaa5db08dd60')
  62     @test.requires_ext(extension='port-security', service='network')
  63     def test_create_port_sec_with_security_group(self):
  64         network = self.create_network(port_security_enabled=True)
  65         self.create_subnet(network)
  66
  67         port = self.create_port(network, security_groups=[])
  68         self.assertTrue(port['port_security_enabled'])
  69         self.client.delete_port(port['id'])
  70
  71         port = self.create_port(network, security_groups=[],
  72                                 port_security_enabled=False)
  73         self.assertFalse(port['port_security_enabled'])
  74         self.assertEmpty(port['security_groups'])
  75
  76     @test.attr(type=['negative', 'smoke'])
  77     @test.idempotent_id('05642059-1bfc-4581-9bc9-aaa5db08dd60')
  78     @test.requires_ext(extension='port-security', service='network')
  79     def test_port_sec_update_port_failed(self):
  80         network = self.create_network()
  81         self.create_subnet(network)
  82
  83         sec_group_body, sec_group_name = self._create_security_group()
  84         port = self.create_port(network)
  85
  86         # Exception when set port-sec to False with sec-group defined
  87         self.assertRaises(lib_exc.Conflict, self.update_port, port,
  88                           port_security_enabled=False)
  89
  90         port = self.update_port(port, security_groups=[],
  91                                 port_security_enabled=False)
  92         self.assertEmpty(port['security_groups'])
  93         self.assertFalse(port['port_security_enabled'])
  94         port = self.update_port(
  95             port, security_groups=[sec_group_body['security_group']['id']],
  96             port_security_enabled=True)
  97
  98         self.assertNotEmpty(port['security_groups'])
  99         self.assertTrue(port['port_security_enabled'])
 100
 101         # Remove security group from port before deletion on resource_cleanup
 102         self.update_port(port, security_groups=[])
 103
 104     @test.attr(type=['smoke'])
 105     @test.idempotent_id('05642059-1bfc-4581-9bc9-aaa5db08dd60')
 106     @test.requires_ext(extension='port-security', service='network')
 107     def test_port_sec_update_pass(self):
 108         network = self.create_network()
 109         self.create_subnet(network)
 110         sec_group, _ = self._create_security_group()
 111         sec_group_id = sec_group['security_group']['id']
 112         port = self.create_port(network, security_groups=[sec_group_id],
 113                                 port_security_enabled=True)
 114
 115         self.assertNotEmpty(port['security_groups'])
 116         self.assertTrue(port['port_security_enabled'])
 117
 118         port = self.update_port(port, security_groups=[])
 119         self.assertEmpty(port['security_groups'])
 120         self.assertTrue(port['port_security_enabled'])
 121
 122         port = self.update_port(port, security_groups=[sec_group_id])
 123         self.assertNotEmpty(port['security_groups'])
 124         port = self.update_port(port, security_groups=[],
 125                                 port_security_enabled=False)
 126         self.assertEmpty(port['security_groups'])
 127         self.assertFalse(port['port_security_enabled'])
 128
 129     @test.attr(type=['smoke'])
 130     @test.idempotent_id('2df6114b-b8c3-48a1-96e8-47f08159d35c')
 131     @test.requires_ext(extension='port-security', service='network')
 132     def test_delete_with_port_sec(self):
 133         network = self.create_network(port_security_enabled=True)
 134         port = self.create_port(network=network,
 135                                 port_security_enabled=True)
 136         self.client.delete_port(port['id'])
 137         self.assertTrue(self.client.is_resource_deleted('port', port['id']))
 138         self.client.delete_network(network['id'])
 139         self.assertTrue(
 140             self.client.is_resource_deleted('network', network['id']))
 141
 142     @test.attr(type=['negative', 'smoke'])
 143     @test.idempotent_id('ed93e453-3f8d-495e-8e7e-b0e268c2ebd9')
 144     def test_allow_address_pairs(self):
 145         network = self.create_network()
 146         self.create_subnet(network)
 147         port = self.create_port(network=network, port_security_enabled=False)
 148         allowed_address_pairs = [{'ip_address': FAKE_IP,
 149                                   'mac_address': FAKE_MAC}]
 150
 151         # Exception when set address-pairs with port-sec is False
 152         self.assertRaises(lib_exc.Conflict,
 153                           self.update_port, port,
 154                           allowed_address_pairs=allowed_address_pairs)