Merge "Configure subnets CIDR for BGP tests" into mcp/caracal
diff --git a/neutron_tempest_plugin/api/test_timestamp.py b/neutron_tempest_plugin/api/test_timestamp.py
index c3227a9..c39c523 100644
--- a/neutron_tempest_plugin/api/test_timestamp.py
+++ b/neutron_tempest_plugin/api/test_timestamp.py
@@ -15,6 +15,7 @@
 
 from neutron_lib import constants
 from tempest.common import utils
+from tempest import config as tempestconf
 from tempest.lib.common.utils import data_utils
 from tempest.lib import decorators
 
@@ -305,6 +306,10 @@
         updated_security_group = self.client.update_security_group(
             security_group['id'], name=security_group['name'] + 'new')[
                 'security_group']
+        # Workaround for PRODX-7986
+        if tempestconf.is_tungstenfabric_backend_enabled():
+            updated_security_group = self.client.show_security_group(
+                security_group['id'])['security_group']
 
         # Verify that created_at hasn't changed
         self.assertEqual(security_group['created_at'],
diff --git a/neutron_tempest_plugin/bgpvpn/scenario/test_bgpvpn_basic.py b/neutron_tempest_plugin/bgpvpn/scenario/test_bgpvpn_basic.py
index 9cca602..75ca80c 100644
--- a/neutron_tempest_plugin/bgpvpn/scenario/test_bgpvpn_basic.py
+++ b/neutron_tempest_plugin/bgpvpn/scenario/test_bgpvpn_basic.py
@@ -27,6 +27,7 @@
 from tempest.lib.common.utils import data_utils
 from tempest.lib.common.utils import test_utils
 from tempest.lib import decorators
+import testtools
 
 from neutron_tempest_plugin.bgpvpn import base
 from neutron_tempest_plugin.bgpvpn.scenario import manager
@@ -763,6 +764,101 @@
             self._check_l3_bgpvpn_by_specific_ip(
                 should_succeed=False, to_server_ip=ip)
 
+    @decorators.idempotent_id('910e6d89-5703-4a5e-a5c7-0743ddffbeb7')
+    @utils.services('compute', 'network')
+    @utils.requires_ext(extension='bgpvpn-routes-control', service='network')
+    def test_bgpvpn_port_association_create_and_delete_association(self):
+        """This test checks port association in BGPVPN.
+
+        1. Create networks A and B with their respective subnets
+        2. Create L3 BGPVPN
+        3. Create router and connect it to network A
+        5. Start up server 1 in network A
+        6. Start up server 2 in network B
+        7. Give a FIP to server 1
+        LOG.debug("Check that server 1 cannot ping server's 2")
+        LOG.debug("Check that server 1 can ping server's 2")
+        import rpdb; rpdb.set_trace()
+        LOG.debug("Check that server 1 cannot ping server's 2")
+        8. Check that server 1 cannot ping server's 2
+        10. Associate network A to a given L3 BGPVPN
+        11. Associate port of server 2 to a given L3 BGPVPN
+        12. Check that server 1 can ping server's 2
+        13. Remove created before port association
+        14. Check that server 1 cannot ping server's 2
+        """
+        self._create_networks_and_subnets(port_security=False)
+        self._create_l3_bgpvpn()
+        self._create_servers([[self.networks[NET_A], IP_A_S1_1],
+                              [self.networks[NET_B], IP_B_S1_1]],
+                             port_security=False)
+        self._create_fip_router(subnet_id=self.subnets[NET_A][0]['id'])
+        self._associate_fip(0)
+
+        # preliminary check that no connectivity to 192.168.0.1 initially
+        # exists
+        self._check_l3_bgpvpn_by_specific_ip(
+            should_succeed=False, to_server_ip=IP_B_S1_1)
+        self.bgpvpn_client.create_network_association(
+            self.bgpvpn['id'], self.networks[NET_A]['id'])
+        port_id = self.ports[self.servers[1]['id']]['id']
+        body = self.bgpvpn_client.create_port_association(self.bgpvpn['id'],
+                                                          port_id=port_id)
+        port_association = body['port_association']
+        self._check_l3_bgpvpn_by_specific_ip(
+            should_succeed=True, to_server_ip=IP_B_S1_1)
+        self.bgpvpn_client.delete_port_association(
+            self.bgpvpn['id'], port_association['id'])
+        self._check_l3_bgpvpn_by_specific_ip(
+            should_succeed=False, to_server_ip=IP_B_S1_1)
+
+    @decorators.idempotent_id('8de130c1-778a-4d86-913b-ff41be3c2f0b')
+    @utils.services('compute', 'network')
+    @utils.requires_ext(extension='bgpvpn-routes-control', service='network')
+    @testtools.skipUnless(False, "Skip unless PRODX-25126 is fixed")
+    def test_bgpvpn_port_association_create_and_delete_bgpvpn(self):
+        """This test checks port association in BGPVPN.
+
+        1. Create networks A and B with their respective subnets
+        2. Create L3 BGPVPN
+        3. Create router and connect it to network A
+        5. Start up server 1 in network A
+        6. Start up server 2 in network B
+        7. Give a FIP to server 1
+        LOG.debug("Check that server 1 cannot ping server's 2")
+        LOG.debug("Check that server 1 can ping server's 2")
+        import rpdb; rpdb.set_trace()
+        LOG.debug("Check that server 1 cannot ping server's 2")
+        8. Check that server 1 cannot ping server's 2
+        10. Associate network A to a given L3 BGPVPN
+        11. Associate port of server 2 to a given L3 BGPVPN
+        12. Check that server 1 can ping server's 2
+        13. Remove created before bgpvpn
+        14. Check that server 1 cannot ping server's 2
+        """
+        self._create_networks_and_subnets(port_security=False)
+        self._create_l3_bgpvpn()
+        self._create_servers([[self.networks[NET_A], IP_A_S1_1],
+                              [self.networks[NET_B], IP_B_S1_1]],
+                             port_security=False)
+        self._create_fip_router(subnet_id=self.subnets[NET_A][0]['id'])
+        self._associate_fip(0)
+
+        # preliminary check that no connectivity to 192.168.0.1 initially
+        # exists
+        self._check_l3_bgpvpn_by_specific_ip(
+            should_succeed=False, to_server_ip=IP_B_S1_1)
+        self.bgpvpn_client.create_network_association(
+            self.bgpvpn['id'], self.networks[NET_A]['id'])
+        port_id = self.ports[self.servers[1]['id']]['id']
+        self.bgpvpn_client.create_port_association(self.bgpvpn['id'],
+                                                   port_id=port_id)
+        self._check_l3_bgpvpn_by_specific_ip(
+            should_succeed=True, to_server_ip=IP_B_S1_1)
+        self.delete_bgpvpn(self.bgpvpn_admin_client, self.bgpvpn)
+        self._check_l3_bgpvpn_by_specific_ip(
+            should_succeed=False, to_server_ip=IP_B_S1_1)
+
     @decorators.idempotent_id('9c3280b5-0b32-4562-800c-0b50d9d52bfd')
     @utils.services('compute', 'network')
     @utils.requires_ext(extension='bgpvpn-routes-control', service='network')
diff --git a/neutron_tempest_plugin/scenario/admin/test_floatingip.py b/neutron_tempest_plugin/scenario/admin/test_floatingip.py
index d9abaf5..1774289 100644
--- a/neutron_tempest_plugin/scenario/admin/test_floatingip.py
+++ b/neutron_tempest_plugin/scenario/admin/test_floatingip.py
@@ -70,7 +70,7 @@
         servers, fips, server_ssh_clients = ([], [], [])
         # Create the availability zone with default zone and
         # a specific mentioned hypervisor.
-        az = avail_zone + ':' + hyper
+        az = avail_zone + '::' + hyper
         for i in range(num_servers):
             servers.append(self.create_server(
                 flavor_ref=CONF.compute.flavor_ref,
diff --git a/neutron_tempest_plugin/scenario/test_connectivity.py b/neutron_tempest_plugin/scenario/test_connectivity.py
index a6fc893..be0fc35 100644
--- a/neutron_tempest_plugin/scenario/test_connectivity.py
+++ b/neutron_tempest_plugin/scenario/test_connectivity.py
@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+import time
+
 import netaddr
 
 from neutron_lib import constants
@@ -105,6 +107,10 @@
         self.create_router_interface(ap1_rt['id'], ap1_subnet['id'])
         self.create_router_interface(ap2_rt['id'], ap2_subnet['id'])
 
+        # NOTE(ohryhorov): the sleep below is added to avoid the situation
+        # when a port is not in active state yet but static route is added.
+        time.sleep(15)
+
         self.client.update_router(
             ap1_rt['id'],
             routes=[{"destination": ap2_subnet['cidr'],
diff --git a/neutron_tempest_plugin/scenario/test_floatingip.py b/neutron_tempest_plugin/scenario/test_floatingip.py
index ee1b192..4c68dae 100644
--- a/neutron_tempest_plugin/scenario/test_floatingip.py
+++ b/neutron_tempest_plugin/scenario/test_floatingip.py
@@ -476,7 +476,9 @@
         def _wait_for_fip_associated():
             try:
                 self.check_servers_hostnames(servers[-1:], log_errors=False)
-            except (AssertionError, exceptions.SSHTimeout):
+            # NOTE(vsaienko): it might take some time by neutron to update VIP
+            # retry on any exception here.
+            except Exception:
                 return False
             return True
 
diff --git a/neutron_tempest_plugin/scenario/test_security_groups.py b/neutron_tempest_plugin/scenario/test_security_groups.py
index 03156c7..ae6c57d 100644
--- a/neutron_tempest_plugin/scenario/test_security_groups.py
+++ b/neutron_tempest_plugin/scenario/test_security_groups.py
@@ -20,6 +20,7 @@
 from oslo_log import log
 from tempest.common import utils as tempest_utils
 from tempest.common import waiters
+from tempest import config as tempestconf
 from tempest.lib.common.utils import data_utils
 from tempest.lib.common.utils import test_utils
 from tempest.lib import decorators
@@ -629,7 +630,7 @@
                 direction=constants.INGRESS_DIRECTION,
                 remote_group_id=secgroups[1]['id'])
 
-        self.create_secgroup_rules(
+        secgroup_rules = self.create_secgroup_rules(
             rule_list, secgroup_id=secgroups[1]['id'])
 
         # verify that conections are working
@@ -639,9 +640,19 @@
                 con.test_connection()
 
         # list the tcp rule id by SG id and port-range
-        sg_rule_id = self.os_primary.network_client.list_security_group_rules(
-            security_group_id=secgroups[1]['id'],
-            port_range_min=80)['security_group_rules'][0]['id']
+        # (gzimin): due to TungstenFabric lack of subnet filtering,
+        #           secgroup rule to delete should be taken directly
+        #           from create request.
+        if tempestconf.is_tungstenfabric_backend_enabled():
+            for rule in secgroup_rules:
+                if rule['port_range_min'] == 80:
+                    sg_rule_id = rule['id']
+                    break
+        else:
+            sg_rule_id =  \
+                self.os_primary.network_client.list_security_group_rules(
+                    security_group_id=secgroups[1]['id'],
+                    port_range_min=80)['security_group_rules'][0]['id']
 
         # delete the tcp rule from the security group
         self.client.delete_security_group_rule(sg_rule_id)