Add test job for address_group api backend Ml2/OVN
Depends-on: https://review.opendev.org/c/openstack/neutron/+/949852
Depends-on: https://review.opendev.org/c/openstack/neutron/+/949854
Closes-Bug: #1982287
Change-Id: Idd64c04b98006b0ecfaad9f9c3a8c218a57ab4db
diff --git a/neutron_tempest_plugin/scenario/base.py b/neutron_tempest_plugin/scenario/base.py
index 70cb2dc..d299c47 100644
--- a/neutron_tempest_plugin/scenario/base.py
+++ b/neutron_tempest_plugin/scenario/base.py
@@ -176,7 +176,7 @@
client=None):
"""This rule is intended to permit inbound ssh
- Allowing ssh traffic traffic from all sources, so no group_id is
+ Allowing ssh traffic from all sources, so no group_id is
provided.
Setting a group_id would only permit traffic from ports
belonging to the same security group.
diff --git a/neutron_tempest_plugin/scenario/test_security_groups.py b/neutron_tempest_plugin/scenario/test_security_groups.py
index dc0f5ef..b963887 100644
--- a/neutron_tempest_plugin/scenario/test_security_groups.py
+++ b/neutron_tempest_plugin/scenario/test_security_groups.py
@@ -437,6 +437,9 @@
# configure sec group to support SSH connectivity
self.create_loginable_secgroup_rule(
secgroup_id=ssh_secgrp['id'])
+ if self.stateless_sg:
+ self.create_ingress_metadata_secgroup_rule(
+ secgroup_id=ssh_secgrp['id'])
# spawn two instances with the sec group created
server_ssh_clients, fips, servers = self.create_vm_testing_sec_grp(
security_groups=[{'name': ssh_secgrp['name']}])
@@ -464,9 +467,13 @@
should_succeed=False)
# add ICMP rule with remote address group
+ address_set = [str(netaddr.IPNetwork(fips[0]['fixed_ip_address']))]
+ if self.stateless_sg:
+ address_set.append(
+ str(netaddr.IPNetwork(fips[1]['fixed_ip_address'])))
test_ag = self.create_address_group(
name=data_utils.rand_name('test_ag'),
- addresses=[str(netaddr.IPNetwork(fips[0]['fixed_ip_address']))])
+ addresses=address_set)
rule_list = [{'protocol': constants.PROTO_NUM_ICMP,
'direction': constants.INGRESS_DIRECTION,
'remote_address_group_id': test_ag['id']}]
@@ -762,8 +769,8 @@
self._test_remote_group()
@testtools.skipUnless(
- CONF.neutron_plugin_options.firewall_driver == 'openvswitch',
- "Openvswitch agent is required to run this test")
+ CONF.neutron_plugin_options.firewall_driver in ['openvswitch', 'ovn'],
+ "Openvswitch agent or Ml2/OVN is required to run this test")
@decorators.idempotent_id('678dd4c0-2953-4626-b89c-8e7e4110ec4b')
@tempest_utils.requires_ext(extension="address-group", service="network")
@tempest_utils.requires_ext(
@@ -949,8 +956,8 @@
self._test_remote_group()
@testtools.skipUnless(
- CONF.neutron_plugin_options.firewall_driver == 'openvswitch',
- "Openvswitch agent is required to run this test")
+ CONF.neutron_plugin_options.firewall_driver in ['openvswitch', 'ovn'],
+ "Openvswitch agent or Ml2/OVN is required to run this test")
@decorators.idempotent_id('9fae530d-2711-4c61-a4a5-8efe6e58ab14')
@tempest_utils.requires_ext(extension="address-group", service="network")
@tempest_utils.requires_ext(
diff --git a/zuul.d/2023_1_jobs.yaml b/zuul.d/2023_1_jobs.yaml
index cedbc67..d69054c 100644
--- a/zuul.d/2023_1_jobs.yaml
+++ b/zuul.d/2023_1_jobs.yaml
@@ -216,6 +216,11 @@
(^neutron_tempest_plugin.scenario)|\
(^tempest.api.compute.servers.test_attach_interfaces)|\
(^tempest.api.compute.servers.test_multiple_create)"
+ # NOTE(liushy): This branch of Neutron does not support
+ # the address_group feature for the OVN driver.
+ tempest_exclude_regex: "\
+ (^neutron_tempest_plugin.scenario.test_security_groups.StatefulNetworkSecGroupTest.test_remote_group_and_remote_address_group)|\
+ (^neutron_tempest_plugin.scenario.test_security_groups.StatelessNetworkSecGroupIPv4Test.test_remote_group_and_remote_address_group)"
devstack_localrc:
NETWORK_API_EXTENSIONS: "{{ (network_api_extensions_common + network_api_extensions_ovn) | join(',') }}"
NEUTRON_DEPLOY_MOD_WSGI: false
diff --git a/zuul.d/yoga_jobs.yaml b/zuul.d/yoga_jobs.yaml
index 72b0492..2c18450 100644
--- a/zuul.d/yoga_jobs.yaml
+++ b/zuul.d/yoga_jobs.yaml
@@ -185,13 +185,17 @@
(^tempest.api.compute.servers.test_multiple_create)"
# NOTE(ralonsoh): tests disabled because of https://bugs.launchpad.net/neutron/+bug/2082070
# NOTE(ralonsoh): ``NetworkWritableMtuTest`` excluded because of https://bugs.launchpad.net/neutron/+bug/2082344
+ # NOTE(liushy): This branch of Neutron does not support
+ # the address_group feature for the OVN driver.
tempest_exclude_regex: "\
(neutron_tempest_plugin.scenario.test_security_groups.StatelessNetworkSecGroupIPv4Test.test_connectivity_between_vms_using_different_sec_groups)|\
(neutron_tempest_plugin.scenario.test_security_groups.StatelessNetworkSecGroupIPv4Test.test_packets_of_any_connection_state_can_reach_dest)|\
(neutron_tempest_plugin.scenario.test_vlan_transparency.VlanTransparencyTest.test_vlan_transparent_allowed_address_pairs)|\
(neutron_tempest_plugin.scenario.test_vlan_transparency.VlanTransparencyTest.test_vlan_transparent_port_sec_disabled)|\
(neutron_tempest_plugin.scenario.test_mtu.NetworkWritableMtuTest.*)|\
- (^neutron_tempest_plugin.scenario.test_multicast.MulticastTestIPv4.test_multicast_between_vms_on_same_network)"
+ (^neutron_tempest_plugin.scenario.test_multicast.MulticastTestIPv4.test_multicast_between_vms_on_same_network)|\
+ (neutron_tempest_plugin.scenario.test_security_groups.StatefulNetworkSecGroupTest.test_remote_group_and_remote_address_group)|\
+ (neutron_tempest_plugin.scenario.test_security_groups.StatelessNetworkSecGroupIPv4Test.test_remote_group_and_remote_address_group)"
network_api_extensions: *api_extensions
network_api_extensions_ovn:
- vlan-transparent
diff --git a/zuul.d/zed_jobs.yaml b/zuul.d/zed_jobs.yaml
index 72ccfdb..fe98935 100644
--- a/zuul.d/zed_jobs.yaml
+++ b/zuul.d/zed_jobs.yaml
@@ -189,13 +189,17 @@
(^tempest.api.compute.servers.test_multiple_create)"
# NOTE(ralonsoh): tests disabled because of https://bugs.launchpad.net/neutron/+bug/2082070
# NOTE(ralonsoh): ``NetworkWritableMtuTest`` excluded because of https://bugs.launchpad.net/neutron/+bug/2082344
+ # NOTE(liushy): This branch of Neutron does not support
+ # the address_group feature for the OVN driver.
tempest_exclude_regex: "\
(neutron_tempest_plugin.scenario.test_security_groups.StatelessNetworkSecGroupIPv4Test.test_connectivity_between_vms_using_different_sec_groups)|\
(neutron_tempest_plugin.scenario.test_security_groups.StatelessNetworkSecGroupIPv4Test.test_packets_of_any_connection_state_can_reach_dest)|\
(neutron_tempest_plugin.scenario.test_vlan_transparency.VlanTransparencyTest.test_vlan_transparent_allowed_address_pairs)|\
(neutron_tempest_plugin.scenario.test_vlan_transparency.VlanTransparencyTest.test_vlan_transparent_port_sec_disabled)|\
(neutron_tempest_plugin.scenario.test_mtu.NetworkWritableMtuTest.*)|\
- (^neutron_tempest_plugin.scenario.test_multicast.MulticastTestIPv4.test_multicast_between_vms_on_same_network)"
+ (^neutron_tempest_plugin.scenario.test_multicast.MulticastTestIPv4.test_multicast_between_vms_on_same_network)|\
+ (neutron_tempest_plugin.scenario.test_security_groups.StatefulNetworkSecGroupTest.test_remote_group_and_remote_address_group)|\
+ (neutron_tempest_plugin.scenario.test_security_groups.StatelessNetworkSecGroupIPv4Test.test_remote_group_and_remote_address_group)"
network_api_extensions: *api_extensions
network_api_extensions_ovn:
- vlan-transparent