Add more API tests for port-security extension:

author Dmitry Ratushnyy <d.ratushnyy@gmail.com>

Mon, 20 Apr 2015 13:22:27 +0000 (16:22 +0300)

committer Dmitry Ratushnyy <dratushn@cisco.com>

Thu, 4 Jun 2015 13:02:46 +0000 (16:02 +0300)
author Dmitry Ratushnyy <d.ratushnyy@gmail.com>
Mon, 20 Apr 2015 13:22:27 +0000 (16:22 +0300)
committer Dmitry Ratushnyy <dratushn@cisco.com>
Thu, 4 Jun 2015 13:02:46 +0000 (16:02 +0300)
diff --git a/neutron/tests/api/admin/test_extension_driver_port_security_admin.py b/neutron/tests/api/admin/test_extension_driver_port_security_admin.py

new file mode 100644 (file)

index 0000000..2e28371
--- /dev/null
+++ b/neutron/tests/api/admin/test_extension_driver_port_security_admin.py
@@ -0,0 +1,32 @@
+# Copyright 2015 Cisco Systems, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from neutron.tests.api import base
+from neutron.tests.api import base_security_groups as base_security
+from neutron.tests.tempest import test
+from tempest_lib import exceptions as lib_exc
+
+
+class PortSecurityAdminTests(base_security.BaseSecGroupTest,
+                             base.BaseAdminNetworkTest):
+
+    @test.attr(type=['negative', 'smoke'])
+    @test.idempotent_id('d39a96e2-2dea-4feb-8093-e7ac991ce6f8')
+    def test_create_port_security_false_on_shared_network(self):
+        network = self.create_shared_network()
+        self.assertTrue(network['shared'])
+        self.create_subnet(network, client=self.admin_client)
+        self.assertRaises(lib_exc.Forbidden, self.create_port,
+                          network, port_security_enabled=False)
diff --git a/neutron/tests/api/base.py b/neutron/tests/api/base.py

index e0c7386611ba3bbf3e59c1cb335e0618fd08680c..25ae565e58065726481596e6827619e76e25100f 100644 (file)
--- a/neutron/tests/api/base.py
+++ b/neutron/tests/api/base.py
@@ -188,11 +188,11 @@ class BaseNetworkTest(neutron.tests.tempest.test.BaseTestCase):
              pass
  
      @classmethod
-    def create_network(cls, network_name=None):
+    def create_network(cls, network_name=None, **kwargs):
          """Wrapper utility that returns a test network."""
          network_name = network_name or data_utils.rand_name('test-network-')
  
-        body = cls.client.create_network(name=network_name)
+        body = cls.client.create_network(name=network_name, **kwargs)
          network = body['network']
          cls.networks.append(network)
          return network
diff --git a/neutron/tests/api/test_extension_driver_port_security.py b/neutron/tests/api/test_extension_driver_port_security.py

index 10ccb224dbbfaf6176af4910d71c9fb231820317..6e5d32eb5938cb723a39a025e54f89524c898226 100644 (file)
--- a/neutron/tests/api/test_extension_driver_port_security.py
+++ b/neutron/tests/api/test_extension_driver_port_security.py
@@ -13,34 +13,22 @@
  #    License for the specific language governing permissions and limitations
  #    under the License.
  
-from tempest_lib.common.utils import data_utils
-from tempest_lib import exceptions as lib_exc
+import ddt
  
-from neutron.tests.api import base_security_groups as base
+from neutron.tests.api import base
+from neutron.tests.api import base_security_groups as base_security
  from neutron.tests.tempest import config
  from neutron.tests.tempest import test
-
+from tempest_lib import exceptions as lib_exc
  
  CONF = config.CONF
  FAKE_IP = '10.0.0.1'
  FAKE_MAC = '00:25:64:e8:19:dd'
  
  
-class PortSecTest(base.BaseSecGroupTest):
-
-    @classmethod
-    def resource_setup(cls):
-        super(PortSecTest, cls).resource_setup()
-
-    def _create_network(self, network_name=None, port_security_enabled=True):
-        """Wrapper utility that returns a test network."""
-        network_name = network_name or data_utils.rand_name('test-network')
-
-        body = self.client.create_network(
-            name=network_name, port_security_enabled=port_security_enabled)
-        network = body['network']
-        self.networks.append(network)
-        return network
+@ddt.ddt
+class PortSecTest(base_security.BaseSecGroupTest,
+                  base.BaseNetworkTest):
  
      @test.attr(type='smoke')
      @test.idempotent_id('7c338ddf-e64e-4118-bd33-e49a1f2f1495')
@@ -49,29 +37,41 @@ class PortSecTest(base.BaseSecGroupTest):
          # Default port-sec value is True, and the attr of the port will inherit
          # from the port-sec of the network when it not be specified in API
          network = self.create_network()
-        self.create_subnet(network)
          self.assertTrue(network['port_security_enabled'])
+        self.create_subnet(network)
          port = self.create_port(network)
          self.assertTrue(port['port_security_enabled'])
  
      @test.attr(type='smoke')
      @test.idempotent_id('e60eafd2-31de-4c38-8106-55447d033b57')
      @test.requires_ext(extension='port-security', service='network')
-    def test_port_sec_specific_value(self):
-        network = self.create_network()
-
-        self.assertTrue(network['port_security_enabled'])
+    @ddt.unpack
+    @ddt.data({'port_sec_net': False, 'port_sec_port': True, 'expected': True},
+              {'port_sec_net': True, 'port_sec_port': False,
+               'expected': False})
+    def test_port_sec_specific_value(self, port_sec_net, port_sec_port,
+                                     expected):
+        network = self.create_network(port_security_enabled=port_sec_net)
          self.create_subnet(network)
-        port = self.create_port(network, port_security_enabled=False)
-        self.assertFalse(port['port_security_enabled'])
-
-        # Create a network with port-sec set to False
-        network = self._create_network(port_security_enabled=False)
+        port = self.create_port(network, port_security_enabled=port_sec_port)
+        self.assertEqual(network['port_security_enabled'], port_sec_net)
+        self.assertEqual(port['port_security_enabled'], expected)
  
-        self.assertFalse(network['port_security_enabled'])
+    @test.attr(type=['smoke'])
+    @test.idempotent_id('05642059-1bfc-4581-9bc9-aaa5db08dd60')
+    @test.requires_ext(extension='port-security', service='network')
+    def test_create_port_sec_with_security_group(self):
+        network = self.create_network(port_security_enabled=True)
          self.create_subnet(network)
-        port = self.create_port(network, port_security_enabled=True)
+
+        port = self.create_port(network, security_groups=[])
          self.assertTrue(port['port_security_enabled'])
+        self.client.delete_port(port['id'])
+
+        port = self.create_port(network, security_groups=[],
+                                port_security_enabled=False)
+        self.assertFalse(port['port_security_enabled'])
+        self.assertEmpty(port['security_groups'])
  
      @test.attr(type=['negative', 'smoke'])
      @test.idempotent_id('05642059-1bfc-4581-9bc9-aaa5db08dd60')
@@ -79,16 +79,72 @@ class PortSecTest(base.BaseSecGroupTest):
      def test_port_sec_update_port_failed(self):
          network = self.create_network()
          self.create_subnet(network)
+
+        sec_group_body, sec_group_name = self._create_security_group()
          port = self.create_port(network)
  
          # Exception when set port-sec to False with sec-group defined
-        self.assertRaises(lib_exc.Conflict,
-                          self.update_port, port, port_security_enabled=False)
+        self.assertRaises(lib_exc.Conflict, self.update_port, port,
+                          port_security_enabled=False)
  
-        updated_port = self.update_port(
-            port, security_groups=[], port_security_enabled=False)
-        self.assertFalse(updated_port['port_security_enabled'])
+        port = self.update_port(port, security_groups=[],
+                                port_security_enabled=False)
+        self.assertEmpty(port['security_groups'])
+        self.assertFalse(port['port_security_enabled'])
+        port = self.update_port(
+            port, security_groups=[sec_group_body['security_group']['id']],
+            port_security_enabled=True)
+
+        self.assertNotEmpty(port['security_groups'])
+        self.assertTrue(port['port_security_enabled'])
+
+        # Remove security group from port before deletion on resource_cleanup
+        self.update_port(port, security_groups=[])
+
+    @test.attr(type=['smoke'])
+    @test.idempotent_id('05642059-1bfc-4581-9bc9-aaa5db08dd60')
+    @test.requires_ext(extension='port-security', service='network')
+    def test_port_sec_update_pass(self):
+        network = self.create_network()
+        self.create_subnet(network)
+        sec_group, _ = self._create_security_group()
+        sec_group_id = sec_group['security_group']['id']
+        port = self.create_port(network, security_groups=[sec_group_id],
+                                port_security_enabled=True)
+
+        self.assertNotEmpty(port['security_groups'])
+        self.assertTrue(port['port_security_enabled'])
+
+        port = self.update_port(port, security_groups=[])
+        self.assertEmpty(port['security_groups'])
+        self.assertTrue(port['port_security_enabled'])
+
+        port = self.update_port(port, security_groups=[sec_group_id])
+        self.assertNotEmpty(port['security_groups'])
+        port = self.update_port(port, security_groups=[],
+                                port_security_enabled=False)
+        self.assertEmpty(port['security_groups'])
+        self.assertFalse(port['port_security_enabled'])
  
+    @test.attr(type=['smoke'])
+    @test.idempotent_id('2df6114b-b8c3-48a1-96e8-47f08159d35c')
+    @test.requires_ext(extension='port-security', service='network')
+    def test_delete_with_port_sec(self):
+        network = self.create_network(port_security_enabled=True)
+        port = self.create_port(network=network,
+                                port_security_enabled=True)
+        self.client.delete_port(port['id'])
+        self.assertTrue(self.client.is_resource_deleted('port', port['id']))
+        self.client.delete_network(network['id'])
+        self.assertTrue(
+            self.client.is_resource_deleted('network', network['id']))
+
+    @test.attr(type=['negative', 'smoke'])
+    @test.idempotent_id('ed93e453-3f8d-495e-8e7e-b0e268c2ebd9')
+    def test_allow_address_pairs(self):
+        network = self.create_network()
+        self.create_subnet(network)
+        port = self.create_port(network=network, port_security_enabled=False)
          allowed_address_pairs = [{'ip_address': FAKE_IP,
                                    'mac_address': FAKE_MAC}]
  
diff --git a/test-requirements.txt b/test-requirements.txt

index be4bd087cbce986ac7c8765f4f009327cc7b28dd..5648e677f75849cd0227d7bad67fd7ba12f58b9a 100644 (file)
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -17,3 +17,4 @@ testscenarios>=0.4
  WebTest>=2.0
  oslotest>=1.5.1  # Apache-2.0
  tempest-lib>=0.5.0
+ddt>=0.7.0
author	Dmitry Ratushnyy <d.ratushnyy@gmail.com>
	Mon, 20 Apr 2015 13:22:27 +0000 (16:22 +0300)
committer	Dmitry Ratushnyy <dratushn@cisco.com>
	Thu, 4 Jun 2015 13:02:46 +0000 (16:02 +0300)
neutron/tests/api/admin/test_extension_driver_port_security_admin.py	[new file with mode: 0644]	patch \| blob
neutron/tests/api/base.py		patch \| blob \| history
neutron/tests/api/test_extension_driver_port_security.py		patch \| blob \| history
test-requirements.txt		patch \| blob \| history