--- /dev/null
+# Copyright 2013 OpenStack Foundation
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import six
+from tempest_lib.common.utils import data_utils
+from tempest_lib import exceptions as lib_exc
+
+from neutron.tests.api import base
+from neutron.tests.tempest import config
+from neutron.tests.tempest import test
+
+CONF = config.CONF
+
+
+class VPNaaSTestJSON(base.BaseAdminNetworkTest):
+
+ """
+ Tests the following operations in the Neutron API using the REST client for
+ Neutron:
+ List, Show, Create, Delete, and Update VPN Service
+ List, Show, Create, Delete, and Update IKE policy
+ List, Show, Create, Delete, and Update IPSec policy
+ """
+
+ @classmethod
+ def resource_setup(cls):
+ if not test.is_extension_enabled('vpnaas', 'network'):
+ msg = "vpnaas extension not enabled."
+ raise cls.skipException(msg)
+ super(VPNaaSTestJSON, cls).resource_setup()
+ cls.ext_net_id = CONF.network.public_network_id
+ cls.network = cls.create_network()
+ cls.subnet = cls.create_subnet(cls.network)
+ cls.router = cls.create_router(
+ data_utils.rand_name("router"),
+ external_network_id=CONF.network.public_network_id)
+ cls.create_router_interface(cls.router['id'], cls.subnet['id'])
+ cls.vpnservice = cls.create_vpnservice(cls.subnet['id'],
+ cls.router['id'])
+
+ cls.ikepolicy = cls.create_ikepolicy(
+ data_utils.rand_name("ike-policy-"))
+ cls.ipsecpolicy = cls.create_ipsecpolicy(
+ data_utils.rand_name("ipsec-policy-"))
+
+ def _delete_ike_policy(self, ike_policy_id):
+ # Deletes a ike policy and verifies if it is deleted or not
+ ike_list = list()
+ all_ike = self.client.list_ikepolicies()
+ for ike in all_ike['ikepolicies']:
+ ike_list.append(ike['id'])
+ if ike_policy_id in ike_list:
+ self.client.delete_ikepolicy(ike_policy_id)
+ # Asserting that the policy is not found in list after deletion
+ ikepolicies = self.client.list_ikepolicies()
+ ike_id_list = list()
+ for i in ikepolicies['ikepolicies']:
+ ike_id_list.append(i['id'])
+ self.assertNotIn(ike_policy_id, ike_id_list)
+
+ def _delete_ipsec_policy(self, ipsec_policy_id):
+ # Deletes an ike policy if it exists
+ try:
+ self.client.delete_ipsecpolicy(ipsec_policy_id)
+
+ except lib_exc.NotFound:
+ pass
+
+ def _assertExpected(self, expected, actual):
+ # Check if not expected keys/values exists in actual response body
+ for key, value in six.iteritems(expected):
+ self.assertIn(key, actual)
+ self.assertEqual(value, actual[key])
+
+ def _delete_vpn_service(self, vpn_service_id):
+ self.client.delete_vpnservice(vpn_service_id)
+ # Asserting if vpn service is found in the list after deletion
+ body = self.client.list_vpnservices()
+ vpn_services = [vs['id'] for vs in body['vpnservices']]
+ self.assertNotIn(vpn_service_id, vpn_services)
+
+ def _get_tenant_id(self):
+ """
+ Returns the tenant_id of the client current user
+ """
+ # TODO(jroovers) This is a temporary workaround to get the tenant_id
+ # of the the current client. Replace this once tenant_isolation for
+ # neutron is fixed.
+ body = self.client.show_network(self.network['id'])
+ return body['network']['tenant_id']
+
+ @test.attr(type='smoke')
+ @test.idempotent_id('14311574-0737-4e53-ac05-f7ae27742eed')
+ def test_admin_create_ipsec_policy_for_tenant(self):
+ tenant_id = self._get_tenant_id()
+ # Create IPSec policy for the newly created tenant
+ name = data_utils.rand_name('ipsec-policy')
+ body = (self.admin_client.
+ create_ipsecpolicy(name=name, tenant_id=tenant_id))
+ ipsecpolicy = body['ipsecpolicy']
+ self.assertIsNotNone(ipsecpolicy['id'])
+ self.addCleanup(self.admin_client.delete_ipsecpolicy,
+ ipsecpolicy['id'])
+
+ # Assert that created ipsec policy is found in API list call
+ body = self.client.list_ipsecpolicies()
+ ipsecpolicies = [policy['id'] for policy in body['ipsecpolicies']]
+ self.assertIn(ipsecpolicy['id'], ipsecpolicies)
+
+ @test.attr(type='smoke')
+ @test.idempotent_id('b62acdc6-0c53-4d84-84aa-859b22b79799')
+ def test_admin_create_vpn_service_for_tenant(self):
+ tenant_id = self._get_tenant_id()
+
+ # Create vpn service for the newly created tenant
+ network2 = self.create_network()
+ subnet2 = self.create_subnet(network2)
+ router2 = self.create_router(data_utils.rand_name('router-'),
+ external_network_id=self.ext_net_id)
+ self.create_router_interface(router2['id'], subnet2['id'])
+ name = data_utils.rand_name('vpn-service')
+ body = self.admin_client.create_vpnservice(
+ subnet_id=subnet2['id'],
+ router_id=router2['id'],
+ name=name,
+ admin_state_up=True,
+ tenant_id=tenant_id)
+ vpnservice = body['vpnservice']
+ self.assertIsNotNone(vpnservice['id'])
+ self.addCleanup(self.admin_client.delete_vpnservice, vpnservice['id'])
+ # Assert that created vpnservice is found in API list call
+ body = self.client.list_vpnservices()
+ vpn_services = [vs['id'] for vs in body['vpnservices']]
+ self.assertIn(vpnservice['id'], vpn_services)
+
+ @test.attr(type='smoke')
+ @test.idempotent_id('58cc4a1c-443b-4f39-8fb6-c19d39f343ab')
+ def test_admin_create_ike_policy_for_tenant(self):
+ tenant_id = self._get_tenant_id()
+
+ # Create IKE policy for the newly created tenant
+ name = data_utils.rand_name('ike-policy')
+ body = (self.admin_client.
+ create_ikepolicy(name=name, ike_version="v1",
+ encryption_algorithm="aes-128",
+ auth_algorithm="sha1",
+ tenant_id=tenant_id))
+ ikepolicy = body['ikepolicy']
+ self.assertIsNotNone(ikepolicy['id'])
+ self.addCleanup(self.admin_client.delete_ikepolicy, ikepolicy['id'])
+
+ # Assert that created ike policy is found in API list call
+ body = self.client.list_ikepolicies()
+ ikepolicies = [ikp['id'] for ikp in body['ikepolicies']]
+ self.assertIn(ikepolicy['id'], ikepolicies)
+
+ @test.attr(type='smoke')
+ @test.idempotent_id('de5bb04c-3a1f-46b1-b329-7a8abba5c7f1')
+ def test_list_vpn_services(self):
+ # Verify the VPN service exists in the list of all VPN services
+ body = self.client.list_vpnservices()
+ vpnservices = body['vpnservices']
+ self.assertIn(self.vpnservice['id'], [v['id'] for v in vpnservices])
+
+ @test.attr(type='smoke')
+ @test.idempotent_id('aacb13b1-fdc7-41fd-bab2-32621aee1878')
+ def test_create_update_delete_vpn_service(self):
+ # Creates a VPN service and sets up deletion
+ network1 = self.create_network()
+ subnet1 = self.create_subnet(network1)
+ router1 = self.create_router(data_utils.rand_name('router-'),
+ external_network_id=self.ext_net_id)
+ self.create_router_interface(router1['id'], subnet1['id'])
+ name = data_utils.rand_name('vpn-service1')
+ body = self.client.create_vpnservice(subnet_id=subnet1['id'],
+ router_id=router1['id'],
+ name=name,
+ admin_state_up=True)
+ vpnservice = body['vpnservice']
+ self.addCleanup(self._delete_vpn_service, vpnservice['id'])
+ # Assert if created vpnservices are not found in vpnservices list
+ body = self.client.list_vpnservices()
+ vpn_services = [vs['id'] for vs in body['vpnservices']]
+ self.assertIsNotNone(vpnservice['id'])
+ self.assertIn(vpnservice['id'], vpn_services)
+
+ # TODO(raies): implement logic to update vpnservice
+ # VPNaaS client function to update is implemented.
+ # But precondition is that current state of vpnservice
+ # should be "ACTIVE" not "PENDING*"
+
+ @test.attr(type='smoke')
+ @test.idempotent_id('0dedfc1d-f8ee-4e2a-bfd4-7997b9dc17ff')
+ def test_show_vpn_service(self):
+ # Verifies the details of a vpn service
+ body = self.client.show_vpnservice(self.vpnservice['id'])
+ vpnservice = body['vpnservice']
+ self.assertEqual(self.vpnservice['id'], vpnservice['id'])
+ self.assertEqual(self.vpnservice['name'], vpnservice['name'])
+ self.assertEqual(self.vpnservice['description'],
+ vpnservice['description'])
+ self.assertEqual(self.vpnservice['router_id'], vpnservice['router_id'])
+ self.assertEqual(self.vpnservice['subnet_id'], vpnservice['subnet_id'])
+ self.assertEqual(self.vpnservice['tenant_id'], vpnservice['tenant_id'])
+ valid_status = ["ACTIVE", "DOWN", "BUILD", "ERROR", "PENDING_CREATE",
+ "PENDING_UPDATE", "PENDING_DELETE"]
+ self.assertIn(vpnservice['status'], valid_status)
+
+ @test.attr(type='smoke')
+ @test.idempotent_id('e0fb6200-da3d-4869-8340-a8c1956ca618')
+ def test_list_ike_policies(self):
+ # Verify the ike policy exists in the list of all IKE policies
+ body = self.client.list_ikepolicies()
+ ikepolicies = body['ikepolicies']
+ self.assertIn(self.ikepolicy['id'], [i['id'] for i in ikepolicies])
+
+ @test.attr(type='smoke')
+ @test.idempotent_id('d61f29a5-160c-487d-bc0d-22e32e731b44')
+ def test_create_update_delete_ike_policy(self):
+ # Creates a IKE policy
+ name = data_utils.rand_name('ike-policy')
+ body = (self.client.create_ikepolicy(
+ name=name,
+ ike_version="v1",
+ encryption_algorithm="aes-128",
+ auth_algorithm="sha1"))
+ ikepolicy = body['ikepolicy']
+ self.assertIsNotNone(ikepolicy['id'])
+ self.addCleanup(self._delete_ike_policy, ikepolicy['id'])
+
+ # Update IKE Policy
+ new_ike = {'name': data_utils.rand_name("New-IKE"),
+ 'description': "Updated ike policy",
+ 'encryption_algorithm': "aes-256",
+ 'ike_version': "v2",
+ 'pfs': "group14",
+ 'lifetime': {'units': "seconds", 'value': 2000}}
+ self.client.update_ikepolicy(ikepolicy['id'], **new_ike)
+ # Confirm that update was successful by verifying using 'show'
+ body = self.client.show_ikepolicy(ikepolicy['id'])
+ ike_policy = body['ikepolicy']
+ for key, value in six.iteritems(new_ike):
+ self.assertIn(key, ike_policy)
+ self.assertEqual(value, ike_policy[key])
+
+ # Verification of ike policy delete
+ self.client.delete_ikepolicy(ikepolicy['id'])
+ body = self.client.list_ikepolicies()
+ ikepolicies = [ikp['id'] for ikp in body['ikepolicies']]
+ self.assertNotIn(ike_policy['id'], ikepolicies)
+
+ @test.attr(type='smoke')
+ @test.idempotent_id('b5fcf3a3-9407-452d-b8a8-e7c6c32baea8')
+ def test_show_ike_policy(self):
+ # Verifies the details of a ike policy
+ body = self.client.show_ikepolicy(self.ikepolicy['id'])
+ ikepolicy = body['ikepolicy']
+ self.assertEqual(self.ikepolicy['id'], ikepolicy['id'])
+ self.assertEqual(self.ikepolicy['name'], ikepolicy['name'])
+ self.assertEqual(self.ikepolicy['description'],
+ ikepolicy['description'])
+ self.assertEqual(self.ikepolicy['encryption_algorithm'],
+ ikepolicy['encryption_algorithm'])
+ self.assertEqual(self.ikepolicy['auth_algorithm'],
+ ikepolicy['auth_algorithm'])
+ self.assertEqual(self.ikepolicy['tenant_id'],
+ ikepolicy['tenant_id'])
+ self.assertEqual(self.ikepolicy['pfs'],
+ ikepolicy['pfs'])
+ self.assertEqual(self.ikepolicy['phase1_negotiation_mode'],
+ ikepolicy['phase1_negotiation_mode'])
+ self.assertEqual(self.ikepolicy['ike_version'],
+ ikepolicy['ike_version'])
+
+ @test.attr(type='smoke')
+ @test.idempotent_id('19ea0a2f-add9-44be-b732-ffd8a7b42f37')
+ def test_list_ipsec_policies(self):
+ # Verify the ipsec policy exists in the list of all ipsec policies
+ body = self.client.list_ipsecpolicies()
+ ipsecpolicies = body['ipsecpolicies']
+ self.assertIn(self.ipsecpolicy['id'], [i['id'] for i in ipsecpolicies])
+
+ @test.attr(type='smoke')
+ @test.idempotent_id('9c1701c9-329a-4e5d-930a-1ead1b3f86ad')
+ def test_create_update_delete_ipsec_policy(self):
+ # Creates an ipsec policy
+ ipsec_policy_body = {'name': data_utils.rand_name('ipsec-policy'),
+ 'pfs': 'group5',
+ 'encryption_algorithm': "aes-128",
+ 'auth_algorithm': 'sha1'}
+ resp_body = self.client.create_ipsecpolicy(**ipsec_policy_body)
+ ipsecpolicy = resp_body['ipsecpolicy']
+ self.addCleanup(self._delete_ipsec_policy, ipsecpolicy['id'])
+ self._assertExpected(ipsec_policy_body, ipsecpolicy)
+ # Verification of ipsec policy update
+ new_ipsec = {'description': 'Updated ipsec policy',
+ 'pfs': 'group2',
+ 'name': data_utils.rand_name("New-IPSec"),
+ 'encryption_algorithm': "aes-256",
+ 'lifetime': {'units': "seconds", 'value': '2000'}}
+ body = self.client.update_ipsecpolicy(ipsecpolicy['id'],
+ **new_ipsec)
+ updated_ipsec_policy = body['ipsecpolicy']
+ self._assertExpected(new_ipsec, updated_ipsec_policy)
+ # Verification of ipsec policy delete
+ self.client.delete_ipsecpolicy(ipsecpolicy['id'])
+ self.assertRaises(lib_exc.NotFound,
+ self.client.delete_ipsecpolicy, ipsecpolicy['id'])
+
+ @test.attr(type='smoke')
+ @test.idempotent_id('601f8a05-9d3c-4539-a400-1c4b3a21b03b')
+ def test_show_ipsec_policy(self):
+ # Verifies the details of an ipsec policy
+ body = self.client.show_ipsecpolicy(self.ipsecpolicy['id'])
+ ipsecpolicy = body['ipsecpolicy']
+ self._assertExpected(self.ipsecpolicy, ipsecpolicy)
Code Review / openstack-build / neutron-build.git / commitdiff