Merge "Add test for checking intra security group isolation"
diff --git a/neutron_tempest_plugin/api/test_port_forwarding_negative.py b/neutron_tempest_plugin/api/test_port_forwarding_negative.py
new file mode 100644
index 0000000..76dd6ee
--- /dev/null
+++ b/neutron_tempest_plugin/api/test_port_forwarding_negative.py
@@ -0,0 +1,83 @@
+# Copyright 2020 OpenStack Foundation
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+from tempest.lib.common.utils import data_utils
+from tempest.lib import decorators
+from tempest.lib import exceptions
+
+from neutron_tempest_plugin.api import base
+from neutron_tempest_plugin import config
+
+CONF = config.CONF
+
+
+class PortForwardingNegativeTestJSON(base.BaseNetworkTest):
+ required_extensions = ['router', 'floating-ip-port-forwarding']
+
+ @classmethod
+ def resource_setup(cls):
+ super(PortForwardingNegativeTestJSON, cls).resource_setup()
+ cls.ext_net_id = CONF.network.public_network_id
+
+ # Create network, subnet, router and add interface
+ cls.network = cls.create_network()
+ cls.subnet = cls.create_subnet(cls.network)
+ cls.router = cls.create_router(data_utils.rand_name('router'),
+ external_network_id=cls.ext_net_id)
+ cls.create_router_interface(cls.router['id'], cls.subnet['id'])
+
+ @decorators.attr(type='negative')
+ @decorators.idempotent_id('63c0d406-99d5-11ea-bb37-0242ac130002')
+ def test_mapping_same_fip_and_external_port_to_different_dest(self):
+ port1 = self.create_port(self.network)
+ port2 = self.create_port(self.network)
+ fip_for_pf = self.create_floatingip()
+
+ self.create_port_forwarding(
+ fip_for_pf['id'],
+ internal_port_id=port1['id'],
+ internal_ip_address=port1['fixed_ips'][0]['ip_address'],
+ internal_port=1111, external_port=2222,
+ protocol="tcp")
+
+ self.assertRaises(
+ exceptions.BadRequest,
+ self.create_port_forwarding,
+ fip_for_pf['id'],
+ internal_port_id=port2['id'],
+ internal_ip_address=port2['fixed_ips'][0]['ip_address'],
+ internal_port=3333, external_port=2222,
+ protocol="tcp")
+
+ @decorators.attr(type='negative')
+ @decorators.idempotent_id('0c229a4c-9f28-11ea-bb37-0242ac130002')
+ def test_mapping_different_external_ports_to_the_same_destination(self):
+ port = self.create_port(self.network)
+ fip_for_pf = self.create_floatingip()
+
+ self.create_port_forwarding(
+ fip_for_pf['id'],
+ internal_port_id=port['id'],
+ internal_ip_address=port['fixed_ips'][0]['ip_address'],
+ internal_port=1111, external_port=3333,
+ protocol="tcp")
+
+ self.assertRaises(
+ exceptions.BadRequest,
+ self.create_port_forwarding,
+ fip_for_pf['id'],
+ internal_port_id=port['id'],
+ internal_ip_address=port['fixed_ips'][0]['ip_address'],
+ internal_port=1111, external_port=5555,
+ protocol="tcp")
diff --git a/zuul.d/base.yaml b/zuul.d/base.yaml
index b6d9f90..db59ac0 100644
--- a/zuul.d/base.yaml
+++ b/zuul.d/base.yaml
@@ -34,6 +34,8 @@
neutron-port-forwarding: true
neutron-conntrack-helper: true
neutron-tag-ports-during-bulk-creation: true
+ br-ex-tcpdump: true
+ br-int-flows: true
devstack_local_conf:
post-config:
$NEUTRON_CONF:
diff --git a/zuul.d/master_jobs.yaml b/zuul.d/master_jobs.yaml
index 7e93aaf..45862c8 100644
--- a/zuul.d/master_jobs.yaml
+++ b/zuul.d/master_jobs.yaml
@@ -183,6 +183,66 @@
q_agent: linuxbridge
- job:
+ name: neutron-tempest-plugin-scenario-ovn
+ parent: neutron-tempest-plugin-scenario
+ timeout: 10000
+ vars:
+ network_api_extensions: *api_extensions
+ # TODO(haleyb): Remove this blacklist when
+ # https://bugs.launchpad.net/neutron/+bug/1881558 is fixed.
+ tempest_black_regex: "(?:neutron_tempest_plugin.scenario.test_ipv6.IPv6Test)"
+ devstack_localrc:
+ Q_AGENT: ovn
+ NETWORK_API_EXTENSIONS: "{{ network_api_extensions | join(',') }}"
+ Q_ML2_PLUGIN_MECHANISM_DRIVERS: ovn,logger
+ Q_ML2_PLUGIN_TYPE_DRIVERS: local,flat,vlan,geneve
+ Q_ML2_TENANT_NETWORK_TYPE: geneve
+ Q_USE_PROVIDERNET_FOR_PUBLIC: true
+ PHYSICAL_NETWORK: public
+ ENABLE_CHASSIS_AS_GW: true
+ OVN_L3_CREATE_PUBLIC_NETWORK: true
+ OVN_DBS_LOG_LEVEL: dbg
+ # TODO(mjozefcz): Stop compiling OVS modules when meter action in kernel
+ # will be released in Ubuntu Bionic.
+ # More info: https://mail.openvswitch.org/pipermail/ovs-discuss/2018-December/048009.html
+ OVN_BUILD_MODULES: True
+ ENABLE_TLS: True
+ OVN_IGMP_SNOOPING_ENABLE: True
+ devstack_services:
+ br-ex-tcpdump: true
+ br-int-flows: true
+ q-ovn-metadata-agent: true
+ ovn-controller: true
+ ovn-northd: true
+ ovs-vswitchd: true
+ ovsdb-server: true
+ q-agt: false
+ q-dhcp: false
+ q-l3: false
+ q-meta: false
+ q-metering: false
+ s-account: false
+ s-container-sync: false
+ s-container: false
+ s-object: false
+ s-proxy: false
+ tls-proxy: true
+ q-qos: true
+ devstack_local_conf:
+ post-config:
+ $NEUTRON_CONF:
+ DEFAULT:
+ enable_dvr: false
+ /$NEUTRON_CORE_PLUGIN_CONF:
+ ml2:
+ type_drivers: local,flat,vlan,geneve
+ test-config:
+ $TEMPEST_CONFIG:
+ neutron_plugin_options:
+ available_type_drivers: local,flat,vlan,geneve
+ is_igmp_snooping_enabled: True
+
+- job:
name: neutron-tempest-plugin-dvr-multinode-scenario
parent: tempest-multinode-full
description: |
diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml
index 80c3a72..3086d6c 100644
--- a/zuul.d/project.yaml
+++ b/zuul.d/project.yaml
@@ -7,11 +7,13 @@
- neutron-tempest-plugin-scenario-linuxbridge
- neutron-tempest-plugin-scenario-openvswitch
- neutron-tempest-plugin-scenario-openvswitch-iptables_hybrid
+ - neutron-tempest-plugin-scenario-ovn
gate:
jobs:
- neutron-tempest-plugin-api
- neutron-tempest-plugin-scenario-linuxbridge
- neutron-tempest-plugin-scenario-openvswitch
+ - neutron-tempest-plugin-scenario-ovn
- neutron-tempest-plugin-scenario-openvswitch-iptables_hybrid
#TODO(slaweq): Move neutron-tempest-plugin-dvr-multinode-scenario out of
# the experimental queue when it will be more stable
@@ -104,6 +106,7 @@
- neutron-tempest-plugin-scenario-linuxbridge-ussuri
- neutron-tempest-plugin-scenario-openvswitch-ussuri
- neutron-tempest-plugin-scenario-openvswitch-iptables_hybrid-ussuri
+ - neutron-tempest-plugin-scenario-ovn-ussuri
gate:
jobs:
- neutron-tempest-plugin-api-ussuri
diff --git a/zuul.d/ussuri_jobs.yaml b/zuul.d/ussuri_jobs.yaml
index 4e7bd5d..a9e578e 100644
--- a/zuul.d/ussuri_jobs.yaml
+++ b/zuul.d/ussuri_jobs.yaml
@@ -97,9 +97,9 @@
- job:
name: neutron-tempest-plugin-scenario-openvswitch-iptables_hybrid-ussuri
parent: neutron-tempest-plugin-scenario-openvswitch-iptables_hybrid
- override-checkout: stable-ussuri
+ override-checkout: stable/ussuri
vars:
- branch_override: stable-ussuri
+ branch_override: stable/ussuri
network_api_extensions: *api_extensions
devstack_localrc:
NETWORK_API_EXTENSIONS: "{{ network_api_extensions | join(',') }}"
@@ -115,6 +115,16 @@
NETWORK_API_EXTENSIONS: "{{ network_api_extensions | join(',') }}"
- job:
+ name: neutron-tempest-plugin-scenario-ovn-ussuri
+ parent: neutron-tempest-plugin-scenario-ovn
+ override-checkout: stable/ussuri
+ vars:
+ branch_override: stable/ussuri
+ network_api_extensions: *api_extensions
+ devstack_localrc:
+ NETWORK_API_EXTENSIONS: "{{ network_api_extensions | join(',') }}"
+
+- job:
name: neutron-tempest-plugin-dvr-multinode-scenario-ussuri
parent: neutron-tempest-plugin-dvr-multinode-scenario
override-checkout: stable/ussuri