ovs-fw: Use TRANSIENT table for traffic classification
Commit ce8a0b2b7d73caf078c6634d6dded5117dbed265 introduces a TRANSIENT
table where all traffic local to br-int is sent after it's been
preprocessed by other features using openflow. This patch adopts the
table.
Change-Id: Ic66c186ab73bad6fcd133f2b9d15e07fd0eebb33
Related-bug: #1696983
diff --git a/neutron/tests/tempest/scenario/base.py b/neutron/tests/tempest/scenario/base.py
index 5ccbd1c..ac18ab5 100644
--- a/neutron/tests/tempest/scenario/base.py
+++ b/neutron/tests/tempest/scenario/base.py
@@ -192,10 +192,10 @@
waiters.wait_for_server_status(self.os_primary.servers_client,
self.server['server']['id'],
constants.SERVER_STATUS_ACTIVE)
- port = self.client.list_ports(network_id=self.network['id'],
- device_id=self.server[
- 'server']['id'])['ports'][0]
- self.fip = self.create_and_associate_floatingip(port['id'])
+ self.port = self.client.list_ports(network_id=self.network['id'],
+ device_id=self.server[
+ 'server']['id'])['ports'][0]
+ self.fip = self.create_and_associate_floatingip(self.port['id'])
def check_connectivity(self, host, ssh_user, ssh_key, servers=None):
ssh_client = ssh.Client(host, ssh_user, pkey=ssh_key)
diff --git a/neutron/tests/tempest/scenario/test_portsecurity.py b/neutron/tests/tempest/scenario/test_portsecurity.py
new file mode 100644
index 0000000..76b23a4
--- /dev/null
+++ b/neutron/tests/tempest/scenario/test_portsecurity.py
@@ -0,0 +1,53 @@
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from tempest.lib import decorators
+
+from neutron.tests.tempest import config
+from neutron.tests.tempest.scenario import base
+
+CONF = config.CONF
+
+
+class PortSecurityTest(base.BaseTempestTestCase):
+ credentials = ['primary']
+ required_extensions = ['port-security']
+
+ @decorators.idempotent_id('61ab176e-d48b-42b7-b38a-1ba571ecc033')
+ def test_port_security_removed_added(self):
+ """Test connection works after port security has been removed
+
+ Initial test that vm is accessible. Then port security is removed,
+ checked connectivity. Port security is added back and checked
+ connectivity again.
+ """
+ self.setup_network_and_server()
+ self.check_connectivity(self.fip['floating_ip_address'],
+ CONF.validation.image_ssh_user,
+ self.keypair['private_key'])
+ sec_group_id = self.security_groups[0]['id']
+
+ self.port = self.update_port(port=self.port,
+ port_security_enabled=False,
+ security_groups=[])
+ self.check_connectivity(self.fip['floating_ip_address'],
+ CONF.validation.image_ssh_user,
+ self.keypair['private_key'])
+
+ self.port = self.update_port(port=self.port,
+ port_security_enabled=True,
+ security_groups=[sec_group_id])
+ self.check_connectivity(self.fip['floating_ip_address'],
+ CONF.validation.image_ssh_user,
+ self.keypair['private_key'])