Merge "Configure subnets CIDR for BGP tests" into mcp/caracal
diff --git a/neutron_tempest_plugin/api/test_timestamp.py b/neutron_tempest_plugin/api/test_timestamp.py
index c3227a9..c39c523 100644
--- a/neutron_tempest_plugin/api/test_timestamp.py
+++ b/neutron_tempest_plugin/api/test_timestamp.py
@@ -15,6 +15,7 @@
from neutron_lib import constants
from tempest.common import utils
+from tempest import config as tempestconf
from tempest.lib.common.utils import data_utils
from tempest.lib import decorators
@@ -305,6 +306,10 @@
updated_security_group = self.client.update_security_group(
security_group['id'], name=security_group['name'] + 'new')[
'security_group']
+ # Workaround for PRODX-7986
+ if tempestconf.is_tungstenfabric_backend_enabled():
+ updated_security_group = self.client.show_security_group(
+ security_group['id'])['security_group']
# Verify that created_at hasn't changed
self.assertEqual(security_group['created_at'],
diff --git a/neutron_tempest_plugin/bgpvpn/scenario/test_bgpvpn_basic.py b/neutron_tempest_plugin/bgpvpn/scenario/test_bgpvpn_basic.py
index 9cca602..75ca80c 100644
--- a/neutron_tempest_plugin/bgpvpn/scenario/test_bgpvpn_basic.py
+++ b/neutron_tempest_plugin/bgpvpn/scenario/test_bgpvpn_basic.py
@@ -27,6 +27,7 @@
from tempest.lib.common.utils import data_utils
from tempest.lib.common.utils import test_utils
from tempest.lib import decorators
+import testtools
from neutron_tempest_plugin.bgpvpn import base
from neutron_tempest_plugin.bgpvpn.scenario import manager
@@ -763,6 +764,101 @@
self._check_l3_bgpvpn_by_specific_ip(
should_succeed=False, to_server_ip=ip)
+ @decorators.idempotent_id('910e6d89-5703-4a5e-a5c7-0743ddffbeb7')
+ @utils.services('compute', 'network')
+ @utils.requires_ext(extension='bgpvpn-routes-control', service='network')
+ def test_bgpvpn_port_association_create_and_delete_association(self):
+ """This test checks port association in BGPVPN.
+
+ 1. Create networks A and B with their respective subnets
+ 2. Create L3 BGPVPN
+ 3. Create router and connect it to network A
+ 5. Start up server 1 in network A
+ 6. Start up server 2 in network B
+ 7. Give a FIP to server 1
+ LOG.debug("Check that server 1 cannot ping server's 2")
+ LOG.debug("Check that server 1 can ping server's 2")
+ import rpdb; rpdb.set_trace()
+ LOG.debug("Check that server 1 cannot ping server's 2")
+ 8. Check that server 1 cannot ping server's 2
+ 10. Associate network A to a given L3 BGPVPN
+ 11. Associate port of server 2 to a given L3 BGPVPN
+ 12. Check that server 1 can ping server's 2
+ 13. Remove created before port association
+ 14. Check that server 1 cannot ping server's 2
+ """
+ self._create_networks_and_subnets(port_security=False)
+ self._create_l3_bgpvpn()
+ self._create_servers([[self.networks[NET_A], IP_A_S1_1],
+ [self.networks[NET_B], IP_B_S1_1]],
+ port_security=False)
+ self._create_fip_router(subnet_id=self.subnets[NET_A][0]['id'])
+ self._associate_fip(0)
+
+ # preliminary check that no connectivity to 192.168.0.1 initially
+ # exists
+ self._check_l3_bgpvpn_by_specific_ip(
+ should_succeed=False, to_server_ip=IP_B_S1_1)
+ self.bgpvpn_client.create_network_association(
+ self.bgpvpn['id'], self.networks[NET_A]['id'])
+ port_id = self.ports[self.servers[1]['id']]['id']
+ body = self.bgpvpn_client.create_port_association(self.bgpvpn['id'],
+ port_id=port_id)
+ port_association = body['port_association']
+ self._check_l3_bgpvpn_by_specific_ip(
+ should_succeed=True, to_server_ip=IP_B_S1_1)
+ self.bgpvpn_client.delete_port_association(
+ self.bgpvpn['id'], port_association['id'])
+ self._check_l3_bgpvpn_by_specific_ip(
+ should_succeed=False, to_server_ip=IP_B_S1_1)
+
+ @decorators.idempotent_id('8de130c1-778a-4d86-913b-ff41be3c2f0b')
+ @utils.services('compute', 'network')
+ @utils.requires_ext(extension='bgpvpn-routes-control', service='network')
+ @testtools.skipUnless(False, "Skip unless PRODX-25126 is fixed")
+ def test_bgpvpn_port_association_create_and_delete_bgpvpn(self):
+ """This test checks port association in BGPVPN.
+
+ 1. Create networks A and B with their respective subnets
+ 2. Create L3 BGPVPN
+ 3. Create router and connect it to network A
+ 5. Start up server 1 in network A
+ 6. Start up server 2 in network B
+ 7. Give a FIP to server 1
+ LOG.debug("Check that server 1 cannot ping server's 2")
+ LOG.debug("Check that server 1 can ping server's 2")
+ import rpdb; rpdb.set_trace()
+ LOG.debug("Check that server 1 cannot ping server's 2")
+ 8. Check that server 1 cannot ping server's 2
+ 10. Associate network A to a given L3 BGPVPN
+ 11. Associate port of server 2 to a given L3 BGPVPN
+ 12. Check that server 1 can ping server's 2
+ 13. Remove created before bgpvpn
+ 14. Check that server 1 cannot ping server's 2
+ """
+ self._create_networks_and_subnets(port_security=False)
+ self._create_l3_bgpvpn()
+ self._create_servers([[self.networks[NET_A], IP_A_S1_1],
+ [self.networks[NET_B], IP_B_S1_1]],
+ port_security=False)
+ self._create_fip_router(subnet_id=self.subnets[NET_A][0]['id'])
+ self._associate_fip(0)
+
+ # preliminary check that no connectivity to 192.168.0.1 initially
+ # exists
+ self._check_l3_bgpvpn_by_specific_ip(
+ should_succeed=False, to_server_ip=IP_B_S1_1)
+ self.bgpvpn_client.create_network_association(
+ self.bgpvpn['id'], self.networks[NET_A]['id'])
+ port_id = self.ports[self.servers[1]['id']]['id']
+ self.bgpvpn_client.create_port_association(self.bgpvpn['id'],
+ port_id=port_id)
+ self._check_l3_bgpvpn_by_specific_ip(
+ should_succeed=True, to_server_ip=IP_B_S1_1)
+ self.delete_bgpvpn(self.bgpvpn_admin_client, self.bgpvpn)
+ self._check_l3_bgpvpn_by_specific_ip(
+ should_succeed=False, to_server_ip=IP_B_S1_1)
+
@decorators.idempotent_id('9c3280b5-0b32-4562-800c-0b50d9d52bfd')
@utils.services('compute', 'network')
@utils.requires_ext(extension='bgpvpn-routes-control', service='network')
diff --git a/neutron_tempest_plugin/scenario/admin/test_floatingip.py b/neutron_tempest_plugin/scenario/admin/test_floatingip.py
index d9abaf5..1774289 100644
--- a/neutron_tempest_plugin/scenario/admin/test_floatingip.py
+++ b/neutron_tempest_plugin/scenario/admin/test_floatingip.py
@@ -70,7 +70,7 @@
servers, fips, server_ssh_clients = ([], [], [])
# Create the availability zone with default zone and
# a specific mentioned hypervisor.
- az = avail_zone + ':' + hyper
+ az = avail_zone + '::' + hyper
for i in range(num_servers):
servers.append(self.create_server(
flavor_ref=CONF.compute.flavor_ref,
diff --git a/neutron_tempest_plugin/scenario/test_connectivity.py b/neutron_tempest_plugin/scenario/test_connectivity.py
index a6fc893..be0fc35 100644
--- a/neutron_tempest_plugin/scenario/test_connectivity.py
+++ b/neutron_tempest_plugin/scenario/test_connectivity.py
@@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
+import time
+
import netaddr
from neutron_lib import constants
@@ -105,6 +107,10 @@
self.create_router_interface(ap1_rt['id'], ap1_subnet['id'])
self.create_router_interface(ap2_rt['id'], ap2_subnet['id'])
+ # NOTE(ohryhorov): the sleep below is added to avoid the situation
+ # when a port is not in active state yet but static route is added.
+ time.sleep(15)
+
self.client.update_router(
ap1_rt['id'],
routes=[{"destination": ap2_subnet['cidr'],
diff --git a/neutron_tempest_plugin/scenario/test_floatingip.py b/neutron_tempest_plugin/scenario/test_floatingip.py
index ee1b192..4c68dae 100644
--- a/neutron_tempest_plugin/scenario/test_floatingip.py
+++ b/neutron_tempest_plugin/scenario/test_floatingip.py
@@ -476,7 +476,9 @@
def _wait_for_fip_associated():
try:
self.check_servers_hostnames(servers[-1:], log_errors=False)
- except (AssertionError, exceptions.SSHTimeout):
+ # NOTE(vsaienko): it might take some time by neutron to update VIP
+ # retry on any exception here.
+ except Exception:
return False
return True
diff --git a/neutron_tempest_plugin/scenario/test_security_groups.py b/neutron_tempest_plugin/scenario/test_security_groups.py
index 03156c7..ae6c57d 100644
--- a/neutron_tempest_plugin/scenario/test_security_groups.py
+++ b/neutron_tempest_plugin/scenario/test_security_groups.py
@@ -20,6 +20,7 @@
from oslo_log import log
from tempest.common import utils as tempest_utils
from tempest.common import waiters
+from tempest import config as tempestconf
from tempest.lib.common.utils import data_utils
from tempest.lib.common.utils import test_utils
from tempest.lib import decorators
@@ -629,7 +630,7 @@
direction=constants.INGRESS_DIRECTION,
remote_group_id=secgroups[1]['id'])
- self.create_secgroup_rules(
+ secgroup_rules = self.create_secgroup_rules(
rule_list, secgroup_id=secgroups[1]['id'])
# verify that conections are working
@@ -639,9 +640,19 @@
con.test_connection()
# list the tcp rule id by SG id and port-range
- sg_rule_id = self.os_primary.network_client.list_security_group_rules(
- security_group_id=secgroups[1]['id'],
- port_range_min=80)['security_group_rules'][0]['id']
+ # (gzimin): due to TungstenFabric lack of subnet filtering,
+ # secgroup rule to delete should be taken directly
+ # from create request.
+ if tempestconf.is_tungstenfabric_backend_enabled():
+ for rule in secgroup_rules:
+ if rule['port_range_min'] == 80:
+ sg_rule_id = rule['id']
+ break
+ else:
+ sg_rule_id = \
+ self.os_primary.network_client.list_security_group_rules(
+ security_group_id=secgroups[1]['id'],
+ port_range_min=80)['security_group_rules'][0]['id']
# delete the tcp rule from the security group
self.client.delete_security_group_rule(sg_rule_id)