Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / barbican-tempest-plugin / f1d2abcbec5bd0916378264992edf0a538627a0b / . / barbican_tempest_plugin / tests / scenario / manager.py
blob: 8daf090164da7a78728bb21b2216ee8824791909 [file] [log] [blame]
Brianna Poulos011292a2017-03-15 16:24:38 -0400[diff] [blame]1# Copyright 2012 OpenStack Foundation
2# Copyright 2013 IBM Corp.
3# All Rights Reserved.
4#
5# Licensed under the Apache License, Version 2.0 (the "License"); you may
6# not use this file except in compliance with the License. You may obtain
7# a copy of the License at
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
13# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
14# License for the specific language governing permissions and limitations
15# under the License.
16
17from oslo_log import log
18
19from tempest.common import compute
20from tempest.common import image as common_image
dane-fichter53f4fea2017-03-01 13:20:02 -0500[diff] [blame]21from tempest.common.utils.linux import remote_client
Brianna Poulos011292a2017-03-15 16:24:38 -0400[diff] [blame]22from tempest.common import waiters
23from tempest import config
dane-fichter53f4fea2017-03-01 13:20:02 -0500[diff] [blame]24from tempest import exceptions
Brianna Poulos011292a2017-03-15 16:24:38 -0400[diff] [blame]25from tempest.lib.common.utils import data_utils
26from tempest.lib.common.utils import test_utils
27from tempest.lib import exceptions as lib_exc
Ihar Hrachyshkaecce1f62018-01-18 13:32:05 -0800[diff] [blame]28from tempest.scenario import manager
Brianna Poulos011292a2017-03-15 16:24:38 -0400[diff] [blame]29
30CONF = config.CONF
31
32LOG = log.getLogger(__name__)
33
34
Ihar Hrachyshka2d0cf0a2018-01-18 13:40:09 -0800[diff] [blame]35# we inherit from NetworkScenarioTest since some test cases need access to
36# check_*_connectivity methods to validate instances are up and accessible
37class ScenarioTest(manager.NetworkScenarioTest):
Brianna Poulos011292a2017-03-15 16:24:38 -0400[diff] [blame]38 """Base class for scenario tests. Uses tempest own clients. """
39
40 credentials = ['primary']
41
42 @classmethod
43 def setup_clients(cls):
44 super(ScenarioTest, cls).setup_clients()
45 # Clients (in alphabetical order)
Vu Cong Tuan17b61932017-06-21 17:52:43 +0700[diff] [blame]46 cls.flavors_client = cls.os_primary.flavors_client
Brianna Poulos011292a2017-03-15 16:24:38 -0400[diff] [blame]47 cls.compute_floating_ips_client = (
Vu Cong Tuan17b61932017-06-21 17:52:43 +0700[diff] [blame]48 cls.os_primary.compute_floating_ips_client)
Brianna Poulos011292a2017-03-15 16:24:38 -0400[diff] [blame]49 if CONF.service_available.glance:
50 # Check if glance v1 is available to determine which client to use.
51 if CONF.image_feature_enabled.api_v1:
Vu Cong Tuan17b61932017-06-21 17:52:43 +0700[diff] [blame]52 cls.image_client = cls.os_primary.image_client
Brianna Poulos011292a2017-03-15 16:24:38 -0400[diff] [blame]53 elif CONF.image_feature_enabled.api_v2:
Vu Cong Tuan17b61932017-06-21 17:52:43 +0700[diff] [blame]54 cls.image_client = cls.os_primary.image_client_v2
Brianna Poulos011292a2017-03-15 16:24:38 -0400[diff] [blame]55 else:
56 raise lib_exc.InvalidConfiguration(
57 'Either api_v1 or api_v2 must be True in '
58 '[image-feature-enabled].')
59 # Compute image client
Vu Cong Tuan17b61932017-06-21 17:52:43 +0700[diff] [blame]60 cls.compute_images_client = cls.os_primary.compute_images_client
61 cls.keypairs_client = cls.os_primary.keypairs_client
Brianna Poulos011292a2017-03-15 16:24:38 -0400[diff] [blame]62 # Nova security groups client
63 cls.compute_security_groups_client = (
Vu Cong Tuan17b61932017-06-21 17:52:43 +0700[diff] [blame]64 cls.os_primary.compute_security_groups_client)
Brianna Poulos011292a2017-03-15 16:24:38 -0400[diff] [blame]65 cls.compute_security_group_rules_client = (
Vu Cong Tuan17b61932017-06-21 17:52:43 +0700[diff] [blame]66 cls.os_primary.compute_security_group_rules_client)
67 cls.servers_client = cls.os_primary.servers_client
Brianna Poulos011292a2017-03-15 16:24:38 -0400[diff] [blame]68 # Neutron network client
Vu Cong Tuan17b61932017-06-21 17:52:43 +0700[diff] [blame]69 cls.networks_client = cls.os_primary.networks_client
70 cls.ports_client = cls.os_primary.ports_client
71 cls.routers_client = cls.os_primary.routers_client
72 cls.subnets_client = cls.os_primary.subnets_client
73 cls.floating_ips_client = cls.os_primary.floating_ips_client
74 cls.security_groups_client = cls.os_primary.security_groups_client
Brianna Poulos011292a2017-03-15 16:24:38 -0400[diff] [blame]75 cls.security_group_rules_client = (
Vu Cong Tuan17b61932017-06-21 17:52:43 +0700[diff] [blame]76 cls.os_primary.security_group_rules_client)
Brianna Poulos011292a2017-03-15 16:24:38 -0400[diff] [blame]77
Ghanshyam Mann48d10b82019-12-12 16:45:44 +0000[diff] [blame]78 cls.volumes_client = cls.os_primary.volumes_client_latest
79 cls.snapshots_client = cls.os_primary.snapshots_client_latest
Brianna Poulos011292a2017-03-15 16:24:38 -0400[diff] [blame]80
81 # ## Test functions library
82 #
83 # The create_[resource] functions only return body and discard the
84 # resp part which is not used in scenario tests
85
86 def _create_port(self, network_id, client=None, namestart='port-quotatest',
87 **kwargs):
88 if not client:
89 client = self.ports_client
90 name = data_utils.rand_name(namestart)
91 result = client.create_port(
92 name=name,
93 network_id=network_id,
94 **kwargs)
95 self.assertIsNotNone(result, 'Unable to allocate port')
96 port = result['port']
97 self.addCleanup(test_utils.call_and_ignore_notfound_exc,
98 client.delete_port, port['id'])
99 return port
100
101 def create_keypair(self, client=None):
102 if not client:
103 client = self.keypairs_client
104 name = data_utils.rand_name(self.__class__.__name__)
105 # We don't need to create a keypair by pubkey in scenario
106 body = client.create_keypair(name=name)
107 self.addCleanup(client.delete_keypair, name)
108 return body['keypair']
109
110 def create_server(self, name=None, image_id=None, flavor=None,
111 validatable=False, wait_until='ACTIVE',
112 clients=None, **kwargs):
113 """Wrapper utility that returns a test server.
114
115 This wrapper utility calls the common create test server and
116 returns a test server. The purpose of this wrapper is to minimize
117 the impact on the code of the tests already using this
118 function.
119 """
120
121 # NOTE(jlanoux): As a first step, ssh checks in the scenario
122 # tests need to be run regardless of the run_validation and
123 # validatable parameters and thus until the ssh validation job
124 # becomes voting in CI. The test resources management and IP
125 # association are taken care of in the scenario tests.
126 # Therefore, the validatable parameter is set to false in all
127 # those tests. In this way create_server just return a standard
128 # server and the scenario tests always perform ssh checks.
129
130 # Needed for the cross_tenant_traffic test:
131 if clients is None:
Vu Cong Tuan17b61932017-06-21 17:52:43 +0700[diff] [blame]132 clients = self.os_primary
Brianna Poulos011292a2017-03-15 16:24:38 -0400[diff] [blame]133
134 if name is None:
135 name = data_utils.rand_name(self.__class__.__name__ + "-server")
136
137 vnic_type = CONF.network.port_vnic_type
138
139 # If vnic_type is configured create port for
140 # every network
141 if vnic_type:
142 ports = []
143
144 create_port_body = {'binding:vnic_type': vnic_type,
145 'namestart': 'port-smoke'}
146 if kwargs:
147 # Convert security group names to security group ids
148 # to pass to create_port
149 if 'security_groups' in kwargs:
150 security_groups = \
151 clients.security_groups_client.list_security_groups(
152 ).get('security_groups')
153 sec_dict = dict([(s['name'], s['id'])
154 for s in security_groups])
155
156 sec_groups_names = [s['name'] for s in kwargs.pop(
157 'security_groups')]
158 security_groups_ids = [sec_dict[s]
159 for s in sec_groups_names]
160
161 if security_groups_ids:
162 create_port_body[
163 'security_groups'] = security_groups_ids
164 networks = kwargs.pop('networks', [])
165 else:
166 networks = []
167
168 # If there are no networks passed to us we look up
169 # for the project's private networks and create a port.
170 # The same behaviour as we would expect when passing
171 # the call to the clients with no networks
172 if not networks:
173 networks = clients.networks_client.list_networks(
174 **{'router:external': False, 'fields': 'id'})['networks']
175
176 # It's net['uuid'] if networks come from kwargs
177 # and net['id'] if they come from
178 # clients.networks_client.list_networks
179 for net in networks:
180 net_id = net.get('uuid', net.get('id'))
181 if 'port' not in net:
182 port = self._create_port(network_id=net_id,
183 client=clients.ports_client,
184 **create_port_body)
185 ports.append({'port': port['id']})
186 else:
187 ports.append({'port': net['port']})
188 if ports:
189 kwargs['networks'] = ports
190 self.ports = ports
191
192 tenant_network = self.get_tenant_network()
193
194 body, servers = compute.create_test_server(
195 clients,
196 tenant_network=tenant_network,
197 wait_until=wait_until,
198 name=name, flavor=flavor,
199 image_id=image_id, **kwargs)
200
201 self.addCleanup(waiters.wait_for_server_termination,
202 clients.servers_client, body['id'])
203 self.addCleanup(test_utils.call_and_ignore_notfound_exc,
204 clients.servers_client.delete_server, body['id'])
205 server = clients.servers_client.show_server(body['id'])['server']
206 return server
207
208 def create_volume(self, size=None, name=None, snapshot_id=None,
209 imageRef=None, volume_type=None):
210 if size is None:
211 size = CONF.volume.volume_size
212 if imageRef:
213 image = self.compute_images_client.show_image(imageRef)['image']
214 min_disk = image.get('minDisk')
215 size = max(size, min_disk)
216 if name is None:
217 name = data_utils.rand_name(self.__class__.__name__ + "-volume")
218 kwargs = {'display_name': name,
219 'snapshot_id': snapshot_id,
220 'imageRef': imageRef,
221 'volume_type': volume_type,
222 'size': size}
Marian Krcmarikda011992020-09-12 02:32:23 +0200[diff] [blame]223 if CONF.compute.compute_volume_common_az:
224 kwargs.setdefault('availability_zone',
225 CONF.compute.compute_volume_common_az)
Brianna Poulos011292a2017-03-15 16:24:38 -0400[diff] [blame]226 volume = self.volumes_client.create_volume(**kwargs)['volume']
227
228 self.addCleanup(self.volumes_client.wait_for_resource_deletion,
229 volume['id'])
230 self.addCleanup(test_utils.call_and_ignore_notfound_exc,
231 self.volumes_client.delete_volume, volume['id'])
232
233 # NOTE(e0ne): Cinder API v2 uses name instead of display_name
234 if 'display_name' in volume:
235 self.assertEqual(name, volume['display_name'])
236 else:
237 self.assertEqual(name, volume['name'])
238 waiters.wait_for_volume_resource_status(self.volumes_client,
239 volume['id'], 'available')
240 # The volume retrieved on creation has a non-up-to-date status.
241 # Retrieval after it becomes active ensures correct details.
242 volume = self.volumes_client.show_volume(volume['id'])['volume']
243 return volume
244
245 def create_volume_type(self, client=None, name=None, backend_name=None):
246 if not client:
247 client = self.admin_volume_types_client
248 if not name:
249 class_name = self.__class__.__name__
250 name = data_utils.rand_name(class_name + '-volume-type')
251 randomized_name = data_utils.rand_name('scenario-type-' + name)
252
253 LOG.debug("Creating a volume type: %s on backend %s",
254 randomized_name, backend_name)
255 extra_specs = {}
256 if backend_name:
257 extra_specs = {"volume_backend_name": backend_name}
258
259 body = client.create_volume_type(name=randomized_name,
260 extra_specs=extra_specs)
261 volume_type = body['volume_type']
262 self.assertIn('id', volume_type)
263 self.addCleanup(client.delete_volume_type, volume_type['id'])
264 return volume_type
265
266 def _image_create(self, name, fmt, path,
267 disk_format=None, properties=None):
268 if properties is None:
269 properties = {}
270 name = data_utils.rand_name('%s-' % name)
271 params = {
272 'name': name,
273 'container_format': fmt,
274 'disk_format': disk_format or fmt,
275 }
276 if CONF.image_feature_enabled.api_v1:
277 params['is_public'] = 'False'
278 params['properties'] = properties
279 params = {'headers': common_image.image_meta_to_headers(**params)}
280 else:
281 params['visibility'] = 'private'
282 # Additional properties are flattened out in the v2 API.
283 params.update(properties)
284 body = self.image_client.create_image(**params)
285 image = body['image'] if 'image' in body else body
286 self.addCleanup(self.image_client.delete_image, image['id'])
287 self.assertEqual("queued", image['status'])
288 with open(path, 'rb') as image_file:
289 if CONF.image_feature_enabled.api_v1:
290 self.image_client.update_image(image['id'], data=image_file)
291 else:
292 self.image_client.store_image_file(image['id'], image_file)
Marian Krcmarik1972c462020-11-20 01:33:02 +0100[diff] [blame]293
294 if CONF.image_feature_enabled.import_image:
295 available_stores = []
296 try:
297 available_stores = self.image_client.info_stores()['stores']
298 except exceptions.NotFound:
299 pass
300 available_import_methods = self.image_client.info_import()[
301 'import-methods']['value']
302 if ('copy-image' in available_import_methods and
303 len(available_stores) > 1):
304 self.image_client.image_import(image['id'],
305 method='copy-image',
306 all_stores=True,
307 all_stores_must_succeed=False)
308 failed_stores = waiters.wait_for_image_copied_to_stores(
309 self.image_client, image['id'])
310 self.assertEqual(0, len(failed_stores),
311 "Failed to copy the following stores: %s" %
312 str(failed_stores))
313
Brianna Poulos011292a2017-03-15 16:24:38 -0400[diff] [blame]314 return image['id']
315
316 def rebuild_server(self, server_id, image=None,
317 preserve_ephemeral=False, wait=True,
318 rebuild_kwargs=None):
319 if image is None:
320 image = CONF.compute.image_ref
321
322 rebuild_kwargs = rebuild_kwargs or {}
323
324 LOG.debug("Rebuilding server (id: %s, image: %s, preserve eph: %s)",
325 server_id, image, preserve_ephemeral)
326 self.servers_client.rebuild_server(
327 server_id=server_id, image_ref=image,
328 preserve_ephemeral=preserve_ephemeral,
329 **rebuild_kwargs)
330 if wait:
331 waiters.wait_for_server_status(self.servers_client,
332 server_id, 'ACTIVE')
333
334 def create_floating_ip(self, thing, pool_name=None):
335 """Create a floating IP and associates to a server on Nova"""
336
337 if not pool_name:
338 pool_name = CONF.network.floating_network_name
339 floating_ip = (self.compute_floating_ips_client.
340 create_floating_ip(pool=pool_name)['floating_ip'])
341 self.addCleanup(test_utils.call_and_ignore_notfound_exc,
342 self.compute_floating_ips_client.delete_floating_ip,
343 floating_ip['id'])
344 self.compute_floating_ips_client.associate_floating_ip_to_server(
345 floating_ip['ip'], thing['id'])
346 return floating_ip
dane-fichter53f4fea2017-03-01 13:20:02 -0500[diff] [blame]347
348 def nova_volume_attach(self, server, volume_to_attach):
349 volume = self.servers_client.attach_volume(
350 server['id'], volumeId=volume_to_attach['id'], device='/dev/%s'
351 % CONF.compute.volume_device_name)['volumeAttachment']
352 self.assertEqual(volume_to_attach['id'], volume['id'])
353 waiters.wait_for_volume_resource_status(self.volumes_client,
354 volume['id'], 'in-use')
355
yatin5ddcc7e2018-03-27 14:49:36 +0530[diff] [blame]356 self.addCleanup(self.nova_volume_detach, server, volume)
dane-fichter53f4fea2017-03-01 13:20:02 -0500[diff] [blame]357 # Return the updated volume after the attachment
358 return self.volumes_client.show_volume(volume['id'])['volume']
359
360 def nova_volume_detach(self, server, volume):
361 self.servers_client.detach_volume(server['id'], volume['id'])
362 waiters.wait_for_volume_resource_status(self.volumes_client,
363 volume['id'], 'available')
364
365 volume = self.volumes_client.show_volume(volume['id'])['volume']
366 self.assertEqual('available', volume['status'])
367
368 def create_timestamp(self, ip_address, dev_name=None, mount_path='/mnt',
369 private_key=None):
370 ssh_client = self.get_remote_client(ip_address,
371 private_key=private_key)
372 if dev_name is not None:
373 ssh_client.make_fs(dev_name)
374 ssh_client.exec_command('sudo mount /dev/%s %s' % (dev_name,
375 mount_path))
376 cmd_timestamp = 'sudo sh -c "date > %s/timestamp; sync"' % mount_path
377 ssh_client.exec_command(cmd_timestamp)
378 timestamp = ssh_client.exec_command('sudo cat %s/timestamp'
379 % mount_path)
380 if dev_name is not None:
381 ssh_client.exec_command('sudo umount %s' % mount_path)
382 return timestamp
383
384 def get_timestamp(self, ip_address, dev_name=None, mount_path='/mnt',
385 private_key=None):
386 ssh_client = self.get_remote_client(ip_address,
387 private_key=private_key)
388 if dev_name is not None:
389 ssh_client.mount(dev_name, mount_path)
390 timestamp = ssh_client.exec_command('sudo cat %s/timestamp'
391 % mount_path)
392 if dev_name is not None:
393 ssh_client.exec_command('sudo umount %s' % mount_path)
394 return timestamp
395
396 def get_server_ip(self, server):
397 """Get the server fixed or floating IP.
398
399 Based on the configuration we're in, return a correct ip
400 address for validating that a guest is up.
401 """
402 if CONF.validation.connect_method == 'floating':
403 # The tests calling this method don't have a floating IP
404 # and can't make use of the validation resources. So the
405 # method is creating the floating IP there.
406 return self.create_floating_ip(server)['ip']
407 elif CONF.validation.connect_method == 'fixed':
408 # Determine the network name to look for based on config or creds
409 # provider network resources.
410 if CONF.validation.network_for_ssh:
411 addresses = server['addresses'][
412 CONF.validation.network_for_ssh]
413 else:
414 creds_provider = self._get_credentials_provider()
415 net_creds = creds_provider.get_primary_creds()
416 network = getattr(net_creds, 'network', None)
417 addresses = (server['addresses'][network['name']]
418 if network else [])
419 for address in addresses:
jacky06a318f6d2019-01-04 23:55:03 +0800[diff] [blame]420 ip_version_for_ssh = CONF.validation.ip_version_for_ssh
421 if (address['version'] == ip_version_for_ssh and
422 address['OS-EXT-IPS:type'] == 'fixed'):
dane-fichter53f4fea2017-03-01 13:20:02 -0500[diff] [blame]423 return address['addr']
424 raise exceptions.ServerUnreachable(server_id=server['id'])
425 else:
426 raise lib_exc.InvalidConfiguration()
427
428 def get_remote_client(self, ip_address, username=None, private_key=None):
429 """Get a SSH client to a remote server
430
431 @param ip_address the server floating or fixed IP address to use
432 for ssh validation
433 @param username name of the Linux account on the remote server
434 @param private_key the SSH private key to use
435 @return a RemoteClient object
436 """
437
438 if username is None:
439 username = CONF.validation.image_ssh_user
440 # Set this with 'keypair' or others to log in with keypair or
441 # username/password.
442 if CONF.validation.auth_method == 'keypair':
443 password = None
444 if private_key is None:
445 private_key = self.keypair['private_key']
446 else:
447 password = CONF.validation.image_ssh_password
448 private_key = None
449 linux_client = remote_client.RemoteClient(ip_address, username,
450 pkey=private_key,
451 password=password)
452 try:
453 linux_client.validate_authentication()
454 except Exception as e:
455 message = ('Initializing SSH connection to %(ip)s failed. '
456 'Error: %(error)s' % {'ip': ip_address,
457 'error': e})
458 caller = test_utils.find_test_caller()
459 if caller:
460 message = '(%s) %s' % (caller, message)
461 LOG.exception(message)
462 self._log_console_output()
463 raise
464
465 return linux_client
466
467 def _default_security_group(self, client=None, tenant_id=None):
468 """Get default secgroup for given tenant_id.
469
470 :returns: default secgroup for given tenant
471 """
472 if client is None:
473 client = self.security_groups_client
474 if not tenant_id:
475 tenant_id = client.tenant_id
476 sgs = [
477 sg for sg in list(client.list_security_groups().values())[0]
478 if sg['tenant_id'] == tenant_id and sg['name'] == 'default'
479 ]
480 msg = "No default security group for tenant %s." % (tenant_id)
481 self.assertGreater(len(sgs), 0, msg)
482 return sgs[0]
483
484 def _create_security_group(self):
485 # Create security group
486 sg_name = data_utils.rand_name(self.__class__.__name__)
487 sg_desc = sg_name + " description"
488 secgroup = self.compute_security_groups_client.create_security_group(
489 name=sg_name, description=sg_desc)['security_group']
490 self.assertEqual(secgroup['name'], sg_name)
491 self.assertEqual(secgroup['description'], sg_desc)
492 self.addCleanup(
493 test_utils.call_and_ignore_notfound_exc,
494 self.compute_security_groups_client.delete_security_group,
495 secgroup['id'])
496
497 # Add rules to the security group
498 self._create_loginable_secgroup_rule(secgroup['id'])
499
500 return secgroup
501
502 def _create_loginable_secgroup_rule(self, secgroup_id=None):
503 _client = self.compute_security_groups_client
504 _client_rules = self.compute_security_group_rules_client
505 if secgroup_id is None:
506 sgs = _client.list_security_groups()['security_groups']
507 for sg in sgs:
508 if sg['name'] == 'default':
509 secgroup_id = sg['id']
510
511 # These rules are intended to permit inbound ssh and icmp
512 # traffic from all sources, so no group_id is provided.
513 # Setting a group_id would only permit traffic from ports
514 # belonging to the same security group.
515 rulesets = [
516 {
517 # ssh
518 'ip_protocol': 'tcp',
519 'from_port': 22,
520 'to_port': 22,
521 'cidr': '0.0.0.0/0',
522 },
523 {
524 # ping
525 'ip_protocol': 'icmp',
526 'from_port': -1,
527 'to_port': -1,
528 'cidr': '0.0.0.0/0',
529 }
530 ]
531 rules = list()
532 for ruleset in rulesets:
533 sg_rule = _client_rules.create_security_group_rule(
534 parent_group_id=secgroup_id, **ruleset)['security_group_rule']
535 rules.append(sg_rule)
536 return rules
537
538 def _create_security_group_rule(self, secgroup=None,
539 sec_group_rules_client=None,
540 tenant_id=None,
541 security_groups_client=None, **kwargs):
542 """Create a rule from a dictionary of rule parameters.
543
544 Create a rule in a secgroup. if secgroup not defined will search for
545 default secgroup in tenant_id.
546
547 :param secgroup: the security group.
548 :param tenant_id: if secgroup not passed -- the tenant in which to
549 search for default secgroup
550 :param kwargs: a dictionary containing rule parameters:
551 for example, to allow incoming ssh:
552 rule = {
553 direction: 'ingress'
554 protocol:'tcp',
555 port_range_min: 22,
556 port_range_max: 22
557 }
558 """
559 if sec_group_rules_client is None:
560 sec_group_rules_client = self.security_group_rules_client
561 if security_groups_client is None:
562 security_groups_client = self.security_groups_client
563 if not tenant_id:
564 tenant_id = security_groups_client.tenant_id
565 if secgroup is None:
566 secgroup = self._default_security_group(
567 client=security_groups_client, tenant_id=tenant_id)
568
569 ruleset = dict(security_group_id=secgroup['id'],
570 tenant_id=secgroup['tenant_id'])
571 ruleset.update(kwargs)
572
573 sg_rule = sec_group_rules_client.create_security_group_rule(**ruleset)
574 sg_rule = sg_rule['security_group_rule']
575
576 self.assertEqual(secgroup['tenant_id'], sg_rule['tenant_id'])
577 self.assertEqual(secgroup['id'], sg_rule['security_group_id'])
578
579 return sg_rule