commit aa22c9e1bb5bb1a7362dd4973a59a6572dc4732c
author Slawek Kaplonski <skaplons@redhat.com> Thu May 18 18:59:26 2023 +0200
committer Slawek Kaplonski <skaplons@redhat.com> Fri Oct 06 06:00:57 2023 +0000
tree 84dfe2a683b51816d7357d87a8486cb8f2152d2e
parent 97409c6992f87f323e135933945ecf8bc03eece3

New basic API tests for the default SG rules templates CRUDs

This patch adds some basic API tests for the new API for default SG
rules templates. Those new tests are checking if by default SG rules are
set in the same way as legacy rules which were there since "forever".
Second test checks basic lifecycle of the SG rule template.

Depends-On: https://review.opendev.org/c/openstack/neutron/+/883246/

Related-Bug: #1983053
Change-Id: I458f54ff6b73e277fe9506e90fa6af44d9c51101

neutron_tempest_plugin/api/base.py

diff --git a/neutron_tempest_plugin/api/base.py b/neutron_tempest_plugin/api/base.py
index b66fe0d..e3c9aad 100644
--- a/neutron_tempest_plugin/api/base.py
+++ b/neutron_tempest_plugin/api/base.py
@@ -135,6 +135,7 @@
         cls.admin_subnetpools = []
         cls.security_groups = []
         cls.admin_security_groups = []
+        cls.sg_rule_templates = []
         cls.projects = []
         cls.log_objects = []
         cls.reserved_subnet_cidrs = set()
@@ -243,6 +244,12 @@
                                          security_group,
                                          client=cls.admin_client)
 
+            # Clean up security group rule templates
+            for sg_rule_template in cls.sg_rule_templates:
+                cls._try_delete_resource(
+                    cls.admin_client.delete_default_security_group_rule,
+                    sg_rule_template['id'])
+
             for subnetpool in cls.subnetpools:
                 cls._try_delete_resource(cls.client.delete_subnetpool,
                                          subnetpool['id'])
@@ -971,6 +978,15 @@
         client.delete_security_group(security_group['id'])
 
     @classmethod
+    def get_security_group(cls, name='default', client=None):
+        client = client or cls.client
+        security_groups = client.list_security_groups()['security_groups']
+        for security_group in security_groups:
+            if security_group['name'] == name:
+                return security_group
+        raise ValueError("No such security group named {!r}".format(name))
+
+    @classmethod
     def create_security_group_rule(cls, security_group=None, project=None,
                                    client=None, ip_version=None, **kwargs):
         if project:
@@ -1006,13 +1022,11 @@
             'security_group_rule']
 
     @classmethod
-    def get_security_group(cls, name='default', client=None):
-        client = client or cls.client
-        security_groups = client.list_security_groups()['security_groups']
-        for security_group in security_groups:
-            if security_group['name'] == name:
-                return security_group
-        raise ValueError("No such security group named {!r}".format(name))
+    def create_default_security_group_rule(cls, **kwargs):
+        body = cls.admin_client.create_default_security_group_rule(**kwargs)
+        default_sg_rule = body['default_security_group_rule']
+        cls.sg_rule_templates.append(default_sg_rule)
+        return default_sg_rule
 
     @classmethod
     def create_keypair(cls, client=None, name=None, **kwargs):