Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / neutron-tempest-plugin / b511789fac53345f733dda64655e4d9ceb188abd^! / .
commitb511789fac53345f733dda64655e4d9ceb188abd[log] [tgz]
authorYAMAMOTO Takashi <yamamoto@midokura.com>Wed Jan 10 17:18:46 2018 +0900
committerYAMAMOTO Takashi <yamamoto@midokura.com>Fri Jan 19 21:51:31 2018 +0900
treeafd4ccadc8d3d993c3e139785d76370a18da2b60
parent71554defe59b3797acc9cd0e9286d64e00ab6f40 [diff]
Do not assume all protocols in neutron-lib are usable for SG

Tempest is branchless and thus supposed to work against older
deployments.  Also, it's supposed to work against other
implementations, which might not support the same set as
the reference implementation.  Ideally SG can have a way
to discover the set of usable protocols.  But for now,
let's make this conservative a bit.  It might still be too
aggressive because the set of protocols here was taken from
Ocata. (neutron-lib 1.1.0)

Closes-Bug: #1742385
Change-Id: Id67037252aafbacbe43f6af786f30a687321952d

diff --git a/neutron_tempest_plugin/api/base_security_groups.py b/neutron_tempest_plugin/api/base_security_groups.py
index cda18b8..127bbd9 100644
--- a/neutron_tempest_plugin/api/base_security_groups.py
+++ b/neutron_tempest_plugin/api/base_security_groups.py

@@ -19,17 +19,45 @@
 from neutron_tempest_plugin.api import base
 
 
-V4_PROTOCOL_NAMES = set(key for key in constants.IP_PROTOCOL_MAP if
-                        'v6' not in key)
-V4_PROTOCOL_INTS = set(v for k, v in constants.IP_PROTOCOL_MAP.items()
-                       if 'v6' not in k)
+# NOTE(yamamoto): The list of protocols here is what we had in Ocata.
+# (neutron-lib 1.1.0)
+# Why don't we just use neutron_lib.constants.IP_PROTOCOL_MAP etc here?
+# Tempest is branchless and thus supposed to work against older deployments.
+# Also, it's supposed to work against other implementations, which might not
+# support the same set as the reference implementation. Ideally SG can have
+# a way to discover the set of usable protocols. But for now, we need to be
+# conservative.
+
+V4_PROTOCOL_NAMES = {
+    'ah',
+    'dccp',
+    'egp',
+    'esp',
+    'gre',
+    'icmp',
+    'igmp',
+    'ospf',
+    'pgm',
+    'rsvp',
+    'sctp',
+    'tcp',
+    'udp',
+    'udplite',
+    'vrrp',
+}
+V4_PROTOCOL_INTS = set(v for k, v in constants.IP_PROTOCOL_MAP.items() if
+                       k in V4_PROTOCOL_NAMES)
 V6_PROTOCOL_LEGACY = set([constants.PROTO_NAME_IPV6_ICMP_LEGACY])
-V6_PROTOCOL_NAMES = (
-    set(key for key in constants.IP_PROTOCOL_MAP if 'v6' in key) -
-    V6_PROTOCOL_LEGACY
-)
+V6_PROTOCOL_NAMES = {
+    'ipv6-encap',
+    'ipv6-frag',
+    'ipv6-icmp',
+    'ipv6-nonxt',
+    'ipv6-opts',
+    'ipv6-route',
+}
 V6_PROTOCOL_INTS = set(v for k, v in constants.IP_PROTOCOL_MAP.items() if
-                       'v6' in k)
+                       k in (V6_PROTOCOL_NAMES | V6_PROTOCOL_LEGACY))
 
 
 class BaseSecGroupTest(base.BaseNetworkTest):