Merge "Get token for admin client with static accounts" into mcp/caracal
diff --git a/neutron_tempest_plugin/api/base.py b/neutron_tempest_plugin/api/base.py
index a0ff1f1..5a1de9c 100644
--- a/neutron_tempest_plugin/api/base.py
+++ b/neutron_tempest_plugin/api/base.py
@@ -546,7 +546,7 @@
"""
if not cls.try_reserve_subnet_cidr(addr, **ipnetwork_kwargs):
- raise ValueError('Subnet CIDR already reserved: {0!r}'.format(
+ LOG.info('Subnet CIDR already reserved: {0!r}'.format(
addr))
@classmethod
diff --git a/neutron_tempest_plugin/api/test_timestamp.py b/neutron_tempest_plugin/api/test_timestamp.py
index c3227a9..c39c523 100644
--- a/neutron_tempest_plugin/api/test_timestamp.py
+++ b/neutron_tempest_plugin/api/test_timestamp.py
@@ -15,6 +15,7 @@
from neutron_lib import constants
from tempest.common import utils
+from tempest import config as tempestconf
from tempest.lib.common.utils import data_utils
from tempest.lib import decorators
@@ -305,6 +306,10 @@
updated_security_group = self.client.update_security_group(
security_group['id'], name=security_group['name'] + 'new')[
'security_group']
+ # Workaround for PRODX-7986
+ if tempestconf.is_tungstenfabric_backend_enabled():
+ updated_security_group = self.client.show_security_group(
+ security_group['id'])['security_group']
# Verify that created_at hasn't changed
self.assertEqual(security_group['created_at'],
diff --git a/neutron_tempest_plugin/bgpvpn/api/test_bgpvpn.py b/neutron_tempest_plugin/bgpvpn/api/test_bgpvpn.py
index 4610686..14fa320 100644
--- a/neutron_tempest_plugin/bgpvpn/api/test_bgpvpn.py
+++ b/neutron_tempest_plugin/bgpvpn/api/test_bgpvpn.py
@@ -257,6 +257,7 @@
self.assertRaises(exceptions.BadRequest,
self.bgpvpn_admin_client.update_bgpvpn,
bgpvpn['bgpvpn']['id'], **updatedata)
+ self.delete_bgpvpn(self.bgpvpn_admin_client, bgpvpn['bgpvpn'])
@decorators.attr(type=['negative'])
@decorators.idempotent_id('f049ce21-d239-47c0-b13f-fb57a2a558ce')
@@ -279,6 +280,7 @@
self.bgpvpn_client.create_network_association,
uuidutils.generate_uuid(),
network['network']['id'])
+ self.delete_bgpvpn(self.bgpvpn_admin_client, bgpvpn['bgpvpn'])
@decorators.attr(type=['negative'])
@decorators.idempotent_id('078b2660-4adb-4c4c-abf0-b77bf0bface5')
@@ -306,6 +308,7 @@
self.bgpvpn_client.delete_network_association,
uuidutils.generate_uuid(),
association['network_association']['id'])
+ self.delete_bgpvpn(self.bgpvpn_admin_client, bgpvpn['bgpvpn'])
@decorators.idempotent_id('de8d94b0-0239-4a48-9574-c3a4a4f7cacb')
def test_associate_disassociate_router(self):
diff --git a/neutron_tempest_plugin/bgpvpn/base.py b/neutron_tempest_plugin/bgpvpn/base.py
index b436a5d..46c2c78 100644
--- a/neutron_tempest_plugin/bgpvpn/base.py
+++ b/neutron_tempest_plugin/bgpvpn/base.py
@@ -17,6 +17,7 @@
from tempest.common import utils
from tempest import config
from tempest.lib.common.utils import data_utils
+from tempest.lib.common.utils import test_utils
from neutron_tempest_plugin.bgpvpn.services import bgpvpn_client
@@ -34,12 +35,6 @@
bgpvpn_alt_client = None
@classmethod
- def resource_cleanup(cls):
- for bgpvpn in cls.bgpvpns:
- cls.bgpvpn_admin_client.delete_bgpvpn(bgpvpn['id'])
- super(BaseBgpvpnTest, cls).resource_cleanup()
-
- @classmethod
def resource_setup(cls):
cls.route_distinguishers = []
cls.bgpvpns = []
@@ -87,9 +82,9 @@
body = client.create_bgpvpn(**kwargs)
bgpvpn = body['bgpvpn']
- self.bgpvpns.append(bgpvpn)
+ self.addCleanup(test_utils.call_and_ignore_notfound_exc,
+ self.bgpvpn_admin_client.delete_bgpvpn, bgpvpn['id'])
return bgpvpn
def delete_bgpvpn(self, client, bgpvpn):
client.delete_bgpvpn(bgpvpn['id'])
- self.bgpvpns.remove(bgpvpn)
diff --git a/neutron_tempest_plugin/bgpvpn/scenario/test_bgpvpn_advanced.py b/neutron_tempest_plugin/bgpvpn/scenario/test_bgpvpn_advanced.py
new file mode 100644
index 0000000..c7b2f8f
--- /dev/null
+++ b/neutron_tempest_plugin/bgpvpn/scenario/test_bgpvpn_advanced.py
@@ -0,0 +1,267 @@
+# Copyright 2021 Mirantis, Inc.
+# All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from oslo_log import log as logging
+from tempest.common import compute
+from tempest.common import utils
+from tempest.common import waiters
+from tempest import config
+from tempest.lib.common.utils import data_utils
+from tempest.lib.common.utils import test_utils
+from tempest.lib import decorators
+import testtools
+
+from neutron_tempest_plugin.bgpvpn import base
+from neutron_tempest_plugin.bgpvpn.scenario import manager
+
+CONF = config.CONF
+LOG = logging.getLogger(__name__)
+
+
+class TestBGPVPNAdvanced(base.BaseBgpvpnTest, manager.NetworkScenarioTest):
+ def setUp(self):
+ super(TestBGPVPNAdvanced, self).setUp()
+ self.security_group = self._create_security_group(
+ tenant_id=self.bgpvpn_client.tenant_id
+ )
+
+ @decorators.idempotent_id("734213fb-8213-487d-9fe3-c8ff31758e18")
+ @utils.services("compute", "network")
+ @testtools.skipUnless(
+ CONF.bgpvpn.l2vpn_endpoint and CONF.bgpvpn.route_target,
+ "Required ip address of L2 endpoint and route target.",
+ )
+ def test_bgpvpn_l2vpn_endpoint(self):
+ """This test checks L2VPN connectivity.
+
+ 1. Create network with respective subnet
+ 2. Start up server
+ 4. Associate network to a given L2 BGPVPN
+ 5. Create router and connect it to network
+ 6. Give a FIP to server
+ 7. Check that server can ping l2vpn vtep/endpoint
+ """
+
+ self._create_networks_and_subnets(
+ subnet_cidr=CONF.bgpvpn.l2vpn_endpoint
+ )
+ self._create_server()
+ self._create_bgpvpn(
+ type="l2",
+ rts=CONF.bgpvpn.route_target,
+ vni=CONF.bgpvpn.route_target.split(":")[1],
+ )
+ self._associate_all_nets_to_bgpvpn()
+ self._associate_fip_and_check_bgpvpn(
+ CONF.bgpvpn.l2vpn_endpoint.split("/")[0]
+ )
+
+ @decorators.idempotent_id("124fe1bd-e18a-4482-9c52-855c81a58cd2")
+ @utils.services("compute", "network")
+ @testtools.skipUnless(
+ CONF.bgpvpn.l3vpn_endpoint and CONF.bgpvpn.route_target,
+ "Required ip address of L3 endpoint and route target.",
+ )
+ def test_bgpvpn_l3vpn_endpoint(self):
+ """This test checks L3VPN connectivity.
+
+ 1. Create network with respective subnet
+ 2. Start up server
+ 4. Associate network to a given L3 BGPVPN
+ 5. Create router and connect it to network
+ 6. Give a FIP to server
+ 7. Check that server can ping l3vpn endpoint
+ """
+
+ self._create_networks_and_subnets(
+ subnet_cidr=CONF.bgpvpn.l3vpn_subnet_cidr
+ )
+ self._create_server()
+ self._create_bgpvpn(rts=CONF.bgpvpn.route_target)
+ self._associate_all_nets_to_bgpvpn()
+ self._associate_fip_and_check_bgpvpn(
+ CONF.bgpvpn.l3vpn_endpoint.split("/")[0]
+ )
+
+ def _create_networks_and_subnets(
+ self, name="bgp", subnet_cidr=None, port_security=True
+ ):
+ self.network = self._create_network(
+ namestart=name, port_security_enabled=port_security
+ )
+ self.subnet = self._create_subnet_with_cidr(
+ self.network, cidr=subnet_cidr, ip_version=4
+ )
+ self._reserve_ip_address(subnet_cidr.split("/")[0], self.os_primary)
+
+ def _create_subnet_with_cidr(
+ self, network, subnets_client=None, namestart="subnet-bgp", **kwargs
+ ):
+ if not subnets_client:
+ subnets_client = self.subnets_client
+ subnet = dict(
+ name=data_utils.rand_name(namestart),
+ network_id=network["id"],
+ tenant_id=network["tenant_id"],
+ **kwargs
+ )
+ result = subnets_client.create_subnet(**subnet)
+ self.assertIsNotNone(result, "Unable to allocate tenant network")
+ subnet = result["subnet"]
+ self.addCleanup(
+ test_utils.call_and_ignore_notfound_exc,
+ subnets_client.delete_subnet,
+ subnet["id"],
+ )
+ return subnet
+
+ def _create_fip_router(
+ self, client=None, public_network_id=None, subnet_id=None
+ ):
+ router = self._create_router(client, namestart="router-")
+ router_id = router["id"]
+ if public_network_id is None:
+ public_network_id = CONF.network.public_network_id
+ if client is None:
+ client = self.routers_client
+ kwargs = {"external_gateway_info": {"network_id": public_network_id}}
+ router = client.update_router(router_id, **kwargs)["router"]
+ if subnet_id is not None:
+ client.add_router_interface(router_id, subnet_id=subnet_id)
+ self.addCleanup(
+ test_utils.call_and_ignore_notfound_exc,
+ client.remove_router_interface,
+ router_id,
+ subnet_id=subnet_id,
+ )
+ return router
+
+ def _create_router_and_associate_fip(self, subnet):
+ router = self._create_fip_router(subnet_id=subnet["id"])
+ self.server_fip = self.create_floating_ip(
+ self.server, external_network_id=CONF.network.public_network_id
+ )
+ return router
+
+ def _reserve_ip_address(self, ip_address, clients):
+ create_port_kwargs = {
+ "fixed_ips": [{"ip_address": ip_address}],
+ "namestart": "port-endpoint",
+ }
+ self._create_port(
+ network_id=self.network["id"],
+ client=clients.ports_client,
+ **create_port_kwargs
+ )
+
+ def _create_server(self, name="server-bgp", port_security=True):
+ self.keypair = self.create_keypair()
+ security_group_name = self.security_group["name"]
+ clients = self.os_primary
+
+ security_groups = {}
+ if port_security:
+ security_groups = {
+ "security_groups": [{"name": security_group_name}]
+ }
+
+ create_server_kwargs = {
+ "key_name": self.keypair["name"],
+ "networks": [{"uuid": self.network["id"]}],
+ **security_groups,
+ }
+ body, _ = compute.create_test_server(
+ clients, wait_until="ACTIVE", name=name, **create_server_kwargs
+ )
+ self.addCleanup(
+ waiters.wait_for_server_termination,
+ clients.servers_client,
+ body["id"],
+ )
+ self.addCleanup(
+ test_utils.call_and_ignore_notfound_exc,
+ clients.servers_client.delete_server,
+ body["id"],
+ )
+ self.server = clients.servers_client.show_server(body["id"])["server"]
+ LOG.debug(
+ "Created server: %s with status: %s",
+ self.server["id"],
+ self.server["status"],
+ )
+
+ def _create_bgpvpn(
+ self,
+ name="test-bgpvpn",
+ type="l3",
+ rts=None,
+ import_rts=None,
+ export_rts=None,
+ vni=None,
+ ):
+ import_rts = import_rts or []
+ export_rts = export_rts or []
+ self.bgpvpn = self.create_bgpvpn(
+ self.bgpvpn_admin_client,
+ tenant_id=self.bgpvpn_client.tenant_id,
+ name=name,
+ route_targets=rts,
+ export_targets=export_rts,
+ import_targets=import_rts,
+ type=type,
+ vni=vni,
+ )
+ return self.bgpvpn
+
+ def _associate_all_nets_to_bgpvpn(self, bgpvpn=None):
+ bgpvpn = bgpvpn or self.bgpvpn
+ self.bgpvpn_client.create_network_association(
+ bgpvpn["id"], self.network["id"]
+ )
+ LOG.debug("BGPVPN network associations completed")
+
+ def _setup_ssh_client(self, server):
+ server_fip = self.server_fip["floating_ip_address"]
+ private_key = self.keypair["private_key"]
+ ssh_client = self.get_remote_client(
+ server_fip, private_key=private_key
+ )
+ return ssh_client
+
+ def _check_bgpvpn(self, from_server=None, to_server_ip=None):
+ from_server = from_server or self.server
+ from_server_ip = self.server_fip["floating_ip_address"]
+ ssh_client = self._setup_ssh_client(from_server)
+ msg = "Timed out waiting for {ip} to become reachable".format(
+ ip=to_server_ip
+ )
+ try:
+ result = self._check_remote_connectivity(
+ ssh_client, to_server_ip, True
+ )
+ self.assertTrue(result, msg)
+ except Exception:
+ LOG.exception(
+ "Error validating connectivity to %s "
+ "from VM with IP address %s: %s",
+ to_server_ip,
+ from_server_ip,
+ msg,
+ )
+ raise
+
+ def _associate_fip_and_check_bgpvpn(self, to_server_ip=None):
+ self.router = self._create_router_and_associate_fip(self.subnet)
+ self._check_bgpvpn(to_server_ip=to_server_ip)
diff --git a/neutron_tempest_plugin/bgpvpn/scenario/test_bgpvpn_basic.py b/neutron_tempest_plugin/bgpvpn/scenario/test_bgpvpn_basic.py
index 9cca602..597bfc8 100644
--- a/neutron_tempest_plugin/bgpvpn/scenario/test_bgpvpn_basic.py
+++ b/neutron_tempest_plugin/bgpvpn/scenario/test_bgpvpn_basic.py
@@ -763,6 +763,100 @@
self._check_l3_bgpvpn_by_specific_ip(
should_succeed=False, to_server_ip=ip)
+ @decorators.idempotent_id('910e6d89-5703-4a5e-a5c7-0743ddffbeb7')
+ @utils.services('compute', 'network')
+ @utils.requires_ext(extension='bgpvpn-routes-control', service='network')
+ def test_bgpvpn_port_association_create_and_delete_association(self):
+ """This test checks port association in BGPVPN.
+
+ 1. Create networks A and B with their respective subnets
+ 2. Create L3 BGPVPN
+ 3. Create router and connect it to network A
+ 5. Start up server 1 in network A
+ 6. Start up server 2 in network B
+ 7. Give a FIP to server 1
+ LOG.debug("Check that server 1 cannot ping server's 2")
+ LOG.debug("Check that server 1 can ping server's 2")
+ import rpdb; rpdb.set_trace()
+ LOG.debug("Check that server 1 cannot ping server's 2")
+ 8. Check that server 1 cannot ping server's 2
+ 10. Associate network A to a given L3 BGPVPN
+ 11. Associate port of server 2 to a given L3 BGPVPN
+ 12. Check that server 1 can ping server's 2
+ 13. Remove created before port association
+ 14. Check that server 1 cannot ping server's 2
+ """
+ self._create_networks_and_subnets(port_security=False)
+ self._create_l3_bgpvpn()
+ self._create_servers([[self.networks[NET_A], IP_A_S1_1],
+ [self.networks[NET_B], IP_B_S1_1]],
+ port_security=False)
+ self._create_fip_router(subnet_id=self.subnets[NET_A][0]['id'])
+ self._associate_fip(0)
+
+ # preliminary check that no connectivity to 192.168.0.1 initially
+ # exists
+ self._check_l3_bgpvpn_by_specific_ip(
+ should_succeed=False, to_server_ip=IP_B_S1_1)
+ self.bgpvpn_client.create_network_association(
+ self.bgpvpn['id'], self.networks[NET_A]['id'])
+ port_id = self.ports[self.servers[1]['id']]['id']
+ body = self.bgpvpn_client.create_port_association(self.bgpvpn['id'],
+ port_id=port_id)
+ port_association = body['port_association']
+ self._check_l3_bgpvpn_by_specific_ip(
+ should_succeed=True, to_server_ip=IP_B_S1_1)
+ self.bgpvpn_client.delete_port_association(
+ self.bgpvpn['id'], port_association['id'])
+ self._check_l3_bgpvpn_by_specific_ip(
+ should_succeed=False, to_server_ip=IP_B_S1_1)
+
+ @decorators.idempotent_id('8de130c1-778a-4d86-913b-ff41be3c2f0b')
+ @utils.services('compute', 'network')
+ @utils.requires_ext(extension='bgpvpn-routes-control', service='network')
+ def test_bgpvpn_port_association_create_and_delete_bgpvpn(self):
+ """This test checks port association in BGPVPN.
+
+ 1. Create networks A and B with their respective subnets
+ 2. Create L3 BGPVPN
+ 3. Create router and connect it to network A
+ 5. Start up server 1 in network A
+ 6. Start up server 2 in network B
+ 7. Give a FIP to server 1
+ LOG.debug("Check that server 1 cannot ping server's 2")
+ LOG.debug("Check that server 1 can ping server's 2")
+ import rpdb; rpdb.set_trace()
+ LOG.debug("Check that server 1 cannot ping server's 2")
+ 8. Check that server 1 cannot ping server's 2
+ 10. Associate network A to a given L3 BGPVPN
+ 11. Associate port of server 2 to a given L3 BGPVPN
+ 12. Check that server 1 can ping server's 2
+ 13. Remove created before bgpvpn
+ 14. Check that server 1 cannot ping server's 2
+ """
+ self._create_networks_and_subnets(port_security=False)
+ self._create_l3_bgpvpn()
+ self._create_servers([[self.networks[NET_A], IP_A_S1_1],
+ [self.networks[NET_B], IP_B_S1_1]],
+ port_security=False)
+ self._create_fip_router(subnet_id=self.subnets[NET_A][0]['id'])
+ self._associate_fip(0)
+
+ # preliminary check that no connectivity to 192.168.0.1 initially
+ # exists
+ self._check_l3_bgpvpn_by_specific_ip(
+ should_succeed=False, to_server_ip=IP_B_S1_1)
+ self.bgpvpn_client.create_network_association(
+ self.bgpvpn['id'], self.networks[NET_A]['id'])
+ port_id = self.ports[self.servers[1]['id']]['id']
+ self.bgpvpn_client.create_port_association(self.bgpvpn['id'],
+ port_id=port_id)
+ self._check_l3_bgpvpn_by_specific_ip(
+ should_succeed=True, to_server_ip=IP_B_S1_1)
+ self.delete_bgpvpn(self.bgpvpn_admin_client, self.bgpvpn)
+ self._check_l3_bgpvpn_by_specific_ip(
+ should_succeed=False, to_server_ip=IP_B_S1_1)
+
@decorators.idempotent_id('9c3280b5-0b32-4562-800c-0b50d9d52bfd')
@utils.services('compute', 'network')
@utils.requires_ext(extension='bgpvpn-routes-control', service='network')
@@ -1256,6 +1350,9 @@
tenant_id=self.bgpvpn_admin_client.project_id,
name=name, route_targets=rts, export_targets=export_rts,
import_targets=import_rts)
+ self.addCleanup(test_utils.call_and_ignore_notfound_exc,
+ self.bgpvpn_admin_client.delete_bgpvpn,
+ self.bgpvpn['id'])
return self.bgpvpn
def _update_l3_bgpvpn(self, rts=None, import_rts=None, export_rts=None,
diff --git a/neutron_tempest_plugin/config.py b/neutron_tempest_plugin/config.py
index a6d5c09..eb91c6d 100644
--- a/neutron_tempest_plugin/config.py
+++ b/neutron_tempest_plugin/config.py
@@ -184,6 +184,22 @@
default=200,
help=("Maximum number for the range of "
"assigned number for distinguishers.")),
+ cfg.StrOpt('l3vpn_endpoint',
+ default=None,
+ help=("IP Address/Mask, which will be used to "
+ "test the l3vpn connectivity.")),
+ cfg.StrOpt('l3vpn_subnet_cidr',
+ default="192.168.0.254/24",
+ help=("IP Address/Mask, which will be used as private network"
+ "test the l3vpn connectivity.")),
+ cfg.StrOpt('l2vpn_endpoint',
+ default=None,
+ help=("IP Address/Mask, which will be used to "
+ "test the l2vpn connectivity.")),
+ cfg.StrOpt('route_target',
+ default=None,
+ help=("Route-target (RT) extended community attributes "
+ "identify the VPN membership of routes.")),
]
bgpvpn_group = cfg.OptGroup(name="bgpvpn", title=("Networking-Bgpvpn Service "
diff --git a/neutron_tempest_plugin/neutron_dynamic_routing/api/test_bgp_speaker_extensions.py b/neutron_tempest_plugin/neutron_dynamic_routing/api/test_bgp_speaker_extensions.py
index 5cdd524..b7e5c9e 100644
--- a/neutron_tempest_plugin/neutron_dynamic_routing/api/test_bgp_speaker_extensions.py
+++ b/neutron_tempest_plugin/neutron_dynamic_routing/api/test_bgp_speaker_extensions.py
@@ -229,6 +229,25 @@
def test_get_advertised_routes_null_address_scope(self):
self.useFixture(fixtures.LockFixture('gateway_network_binding'))
bgp_speaker = self.create_bgp_speaker(**self.default_bgp_speaker_args)
+
+ addr_scope1 = self.create_address_scope(
+ 'get-advertised-routes-null-address-scope',
+ ip_version=4)
+ ext_net = self.create_shared_network(**{'router:external': True})
+ ext_subnetpool = self.create_subnetpool(
+ 'get-advertised-routes-null-address-pool-ext',
+ is_admin=True,
+ default_prefixlen=24,
+ address_scope_id=addr_scope1['id'],
+ prefixes=['8.0.0.0/8'])
+ self.create_subnet({'id': ext_net['id']},
+ cidr=netaddr.IPNetwork('8.1.0.0/24'),
+ ip_version=4,
+ client=self.admin_client,
+ subnetpool_id=ext_subnetpool['id'])
+ ext_gw_info = {'network_id': ext_net['id']}
+ router = self.create_router(ext_gw_info)
+ self.admin_routers.append(router)
bgp_speaker_id = bgp_speaker['id']
self.bgp_adm_client.add_bgp_gateway_network(bgp_speaker_id,
self.ext_net_id)
@@ -238,6 +257,21 @@
@decorators.idempotent_id('cae9cdb1-ad65-423c-9604-d4cd0073616e')
def test_get_advertised_routes_floating_ips(self):
self.useFixture(fixtures.LockFixture('gateway_network_binding'))
+ addr_scope1 = self.create_address_scope(
+ 'get-advertised-routes-floating-ip-scope',
+ ip_version=4)
+ ext_net = self.create_shared_network(**{'router:external': True})
+ ext_subnetpool = self.create_subnetpool(
+ 'get-advertised-routes-floating-ip-ext',
+ is_admin=True,
+ default_prefixlen=24,
+ address_scope_id=addr_scope1['id'],
+ prefixes=['8.0.0.0/8'])
+ self.create_subnet({'id': ext_net['id']},
+ cidr=netaddr.IPNetwork('8.2.0.0/24'),
+ ip_version=4,
+ client=self.admin_client,
+ subnetpool_id=ext_subnetpool['id'])
bgp_speaker = self.create_bgp_speaker(**self.default_bgp_speaker_args)
bgp_speaker_id = bgp_speaker['id']
self.bgp_adm_client.add_bgp_gateway_network(bgp_speaker_id,
diff --git a/neutron_tempest_plugin/scenario/admin/test_floatingip.py b/neutron_tempest_plugin/scenario/admin/test_floatingip.py
index d9abaf5..1774289 100644
--- a/neutron_tempest_plugin/scenario/admin/test_floatingip.py
+++ b/neutron_tempest_plugin/scenario/admin/test_floatingip.py
@@ -70,7 +70,7 @@
servers, fips, server_ssh_clients = ([], [], [])
# Create the availability zone with default zone and
# a specific mentioned hypervisor.
- az = avail_zone + ':' + hyper
+ az = avail_zone + '::' + hyper
for i in range(num_servers):
servers.append(self.create_server(
flavor_ref=CONF.compute.flavor_ref,
diff --git a/neutron_tempest_plugin/scenario/test_connectivity.py b/neutron_tempest_plugin/scenario/test_connectivity.py
index a6fc893..be0fc35 100644
--- a/neutron_tempest_plugin/scenario/test_connectivity.py
+++ b/neutron_tempest_plugin/scenario/test_connectivity.py
@@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
+import time
+
import netaddr
from neutron_lib import constants
@@ -105,6 +107,10 @@
self.create_router_interface(ap1_rt['id'], ap1_subnet['id'])
self.create_router_interface(ap2_rt['id'], ap2_subnet['id'])
+ # NOTE(ohryhorov): the sleep below is added to avoid the situation
+ # when a port is not in active state yet but static route is added.
+ time.sleep(15)
+
self.client.update_router(
ap1_rt['id'],
routes=[{"destination": ap2_subnet['cidr'],
diff --git a/neutron_tempest_plugin/scenario/test_floatingip.py b/neutron_tempest_plugin/scenario/test_floatingip.py
index ee1b192..4c68dae 100644
--- a/neutron_tempest_plugin/scenario/test_floatingip.py
+++ b/neutron_tempest_plugin/scenario/test_floatingip.py
@@ -476,7 +476,9 @@
def _wait_for_fip_associated():
try:
self.check_servers_hostnames(servers[-1:], log_errors=False)
- except (AssertionError, exceptions.SSHTimeout):
+ # NOTE(vsaienko): it might take some time by neutron to update VIP
+ # retry on any exception here.
+ except Exception:
return False
return True
diff --git a/neutron_tempest_plugin/scenario/test_security_groups.py b/neutron_tempest_plugin/scenario/test_security_groups.py
index 03156c7..ae6c57d 100644
--- a/neutron_tempest_plugin/scenario/test_security_groups.py
+++ b/neutron_tempest_plugin/scenario/test_security_groups.py
@@ -20,6 +20,7 @@
from oslo_log import log
from tempest.common import utils as tempest_utils
from tempest.common import waiters
+from tempest import config as tempestconf
from tempest.lib.common.utils import data_utils
from tempest.lib.common.utils import test_utils
from tempest.lib import decorators
@@ -629,7 +630,7 @@
direction=constants.INGRESS_DIRECTION,
remote_group_id=secgroups[1]['id'])
- self.create_secgroup_rules(
+ secgroup_rules = self.create_secgroup_rules(
rule_list, secgroup_id=secgroups[1]['id'])
# verify that conections are working
@@ -639,9 +640,19 @@
con.test_connection()
# list the tcp rule id by SG id and port-range
- sg_rule_id = self.os_primary.network_client.list_security_group_rules(
- security_group_id=secgroups[1]['id'],
- port_range_min=80)['security_group_rules'][0]['id']
+ # (gzimin): due to TungstenFabric lack of subnet filtering,
+ # secgroup rule to delete should be taken directly
+ # from create request.
+ if tempestconf.is_tungstenfabric_backend_enabled():
+ for rule in secgroup_rules:
+ if rule['port_range_min'] == 80:
+ sg_rule_id = rule['id']
+ break
+ else:
+ sg_rule_id = \
+ self.os_primary.network_client.list_security_group_rules(
+ security_group_id=secgroups[1]['id'],
+ port_range_min=80)['security_group_rules'][0]['id']
# delete the tcp rule from the security group
self.client.delete_security_group_rule(sg_rule_id)
diff --git a/neutron_tempest_plugin/vpnaas/api/base_vpnaas.py b/neutron_tempest_plugin/vpnaas/api/base_vpnaas.py
index 0e54380..3ccf48b 100644
--- a/neutron_tempest_plugin/vpnaas/api/base_vpnaas.py
+++ b/neutron_tempest_plugin/vpnaas/api/base_vpnaas.py
@@ -14,7 +14,10 @@
# License for the specific language governing permissions and limitations
# under the License.
+import time
+
from tempest.lib.common.utils import data_utils
+from tempest.lib import exceptions as lib_exc
from neutron_tempest_plugin.api import base
from neutron_tempest_plugin import config
@@ -138,6 +141,31 @@
return ipsec_site_connection
@classmethod
+ def wait_ipsec_site_connection_status(cls, site_id, status, timeout=None,
+ interval=None):
+ start_time = int(time.time())
+ timeout = timeout or cls.client.build_timeout
+ interval = interval or cls.client.build_interval
+ current_status = ""
+ while True:
+ if current_status.lower() == status.lower():
+ return
+
+ timed_out = int(time.time()) - start_time >= timeout
+ if timed_out:
+ message = ('IPSec site connection %(site_id)s failed to reach '
+ 'desired status %(desired_status)s, current state '
+ '%(current_status)s in %(timeout)d' %
+ {"site_id": site_id,
+ "desired_status": status,
+ "current_status": current_status,
+ "timeout": timeout})
+ raise lib_exc.TimeoutException(message)
+ current_status = cls.client.show_ipsec_site_connection(
+ site_id)['ipsec_site_connection']['status']
+ time.sleep(interval)
+
+ @classmethod
def create_endpoint_group(cls, name, type, endpoints):
"""Wrapper utility that returns a test ipsec policy."""
body = cls.client.create_endpoint_group(
diff --git a/neutron_tempest_plugin/vpnaas/scenario/test_vpnaas.py b/neutron_tempest_plugin/vpnaas/scenario/test_vpnaas.py
index 30a8674..32181fe 100644
--- a/neutron_tempest_plugin/vpnaas/scenario/test_vpnaas.py
+++ b/neutron_tempest_plugin/vpnaas/scenario/test_vpnaas.py
@@ -116,6 +116,13 @@
cls.extra_subnet_attributes['ipv6_address_mode'] = 'slaac'
cls.extra_subnet_attributes['ipv6_ra_mode'] = 'slaac'
+ left_v4_cidr = netaddr.IPNetwork('10.20.0.0/24')
+ left_v6_cidr = netaddr.IPNetwork('2001:db8:0:2::/64')
+ cls.left_cidr = left_v6_cidr if cls.inner_ipv6 else left_v4_cidr
+ right_v4_cidr = netaddr.IPNetwork('10.10.0.0/24')
+ right_v6_cidr = netaddr.IPNetwork('2001:db8:0:1::/64')
+ cls.right_cidr = right_v6_cidr if cls.inner_ipv6 else right_v4_cidr
+
# LEFT
cls.router = cls.create_router(
data_utils.rand_name('left-router'),
@@ -123,14 +130,22 @@
external_network_id=CONF.network.public_network_id)
cls.network = cls.create_network(network_name='left-network')
ip_version = 6 if cls.inner_ipv6 else 4
- v4_cidr = netaddr.IPNetwork('10.20.0.0/24')
- v6_cidr = netaddr.IPNetwork('2001:db8:0:2::/64')
- cidr = v6_cidr if cls.inner_ipv6 else v4_cidr
- cls.subnet = cls.create_subnet(
- cls.network, ip_version=ip_version, cidr=cidr, name='left-subnet',
- **cls.extra_subnet_attributes)
- cls.create_router_interface(cls.router['id'], cls.subnet['id'])
+ is_distributed = cls.os_admin.network_client.show_router(
+ cls.router['id'])['router'].get('distributed')
+ cls.subnet = cls.create_subnet(
+ cls.network, ip_version=ip_version, cidr=cls.left_cidr,
+ name='left-subnet', **cls.extra_subnet_attributes)
+ cls.create_router_interface(cls.router['id'], cls.subnet['id'])
+ if is_distributed:
+ snat_port = cls.os_admin.network_client.list_ports(
+ device_id=cls.router['id'],
+ device_owner='network:router_centralized_snat')
+ snat_ip = cls._get_ip_on_subnet_for_port(
+ cls, snat_port['ports'][0], cls.subnet['id'])
+ cls.os_admin.network_client.update_subnet(
+ cls.subnet['id'], host_routes=[{"destination": cls.right_cidr,
+ "nexthop": snat_ip}])
# Gives an internal IPv4 subnet for floating IP to the left server,
# we use it to ssh into the left server.
if cls.inner_ipv6:
@@ -164,15 +179,23 @@
data_utils.rand_name('right-router'),
admin_state_up=True,
external_network_id=CONF.network.public_network_id)
+ is_distributed = cls.os_admin.network_client.show_router(
+ router['id'])['router'].get('distributed')
network = cls.create_network(network_name='right-network')
- v4_cidr = netaddr.IPNetwork('10.10.0.0/24')
- v6_cidr = netaddr.IPNetwork('2001:db8:0:1::/64')
- cidr = v6_cidr if cls.inner_ipv6 else v4_cidr
ip_version = 6 if cls.inner_ipv6 else 4
subnet = cls.create_subnet(
- network, ip_version=ip_version, cidr=cidr, name='right-subnet',
- **cls.extra_subnet_attributes)
+ network, ip_version=ip_version, cidr=cls.right_cidr,
+ name='right-subnet', **cls.extra_subnet_attributes)
cls.create_router_interface(router['id'], subnet['id'])
+ if is_distributed:
+ snat_port = cls.os_admin.network_client.list_ports(
+ device_id=router['id'],
+ device_owner='network:router_centralized_snat')
+ snat_ip = cls._get_ip_on_subnet_for_port(
+ cls, snat_port['ports'][0], subnet['id'])
+ cls.os_admin.network_client.update_subnet(
+ subnet['id'], host_routes=[{"destination": cls.left_cidr,
+ "nexthop": snat_ip}])
return network, subnet, router
@@ -207,6 +230,7 @@
site['vpnservice'] = self.create_vpnservice(
site['subnet']['id'], site['router']['id'],
name=data_utils.rand_name('%s-vpnservice' % site['name']))
+ site_connections = []
for i in range(0, 2):
site = sites[i]
vpnservice = site['vpnservice']
@@ -218,7 +242,7 @@
raise self.skipException(msg)
else:
peer_address = peer['vpnservice']['external_v4_ip']
- self.create_ipsec_site_connection(
+ site_connection = self.create_ipsec_site_connection(
self.ikepolicy['id'],
self.ipsecpolicy['id'],
vpnservice['id'],
@@ -228,6 +252,10 @@
psk=psk,
name=data_utils.rand_name(
'%s-ipsec-site-connection' % site['name']))
+ site_connections.append(site_connection)
+ for site_connection in site_connections:
+ self.wait_ipsec_site_connection_status(site_connection['id'],
+ status="ACTIVE")
def _get_ip_on_subnet_for_port(self, port, subnet_id):
for fixed_ip in port['fixed_ips']: