Create api+scenario tests for l7rules
This patch implements l7rule tests for the Octavia
Tempest Plugin.
Change-Id: Iba7fa5979eab05bf368fd8554e92563b22c7ca79
Story: 2001387
Task: 5972
diff --git a/octavia_tempest_plugin/tests/api/v2/test_l7rule.py b/octavia_tempest_plugin/tests/api/v2/test_l7rule.py
new file mode 100644
index 0000000..3520b35
--- /dev/null
+++ b/octavia_tempest_plugin/tests/api/v2/test_l7rule.py
@@ -0,0 +1,675 @@
+# Copyright 2018 GoDaddy
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import time
+from uuid import UUID
+
+from dateutil import parser
+from tempest import config
+from tempest.lib.common.utils import data_utils
+from tempest.lib import decorators
+from tempest.lib import exceptions
+
+from octavia_tempest_plugin.common import constants as const
+from octavia_tempest_plugin.tests import test_base
+from octavia_tempest_plugin.tests import waiters
+
+CONF = config.CONF
+
+
+class L7RuleAPITest(test_base.LoadBalancerBaseTest):
+ """Test the l7rule object API."""
+
+ @classmethod
+ def resource_setup(cls):
+ """Setup resources needed by the tests."""
+ super(L7RuleAPITest, cls).resource_setup()
+
+ lb_name = data_utils.rand_name("lb_member_lb1_l7rule")
+ lb_kwargs = {const.PROVIDER: CONF.load_balancer.provider,
+ const.NAME: lb_name}
+
+ cls._setup_lb_network_kwargs(lb_kwargs)
+
+ lb = cls.mem_lb_client.create_loadbalancer(**lb_kwargs)
+ cls.lb_id = lb[const.ID]
+ cls.addClassResourceCleanup(
+ cls.mem_lb_client.cleanup_loadbalancer,
+ cls.lb_id)
+
+ waiters.wait_for_status(cls.mem_lb_client.show_loadbalancer,
+ cls.lb_id, const.PROVISIONING_STATUS,
+ const.ACTIVE,
+ CONF.load_balancer.lb_build_interval,
+ CONF.load_balancer.lb_build_timeout)
+
+ listener_name = data_utils.rand_name("lb_member_listener1_l7rule")
+ listener_kwargs = {
+ const.NAME: listener_name,
+ const.PROTOCOL: const.HTTP,
+ const.PROTOCOL_PORT: '80',
+ const.LOADBALANCER_ID: cls.lb_id,
+ }
+ listener = cls.mem_listener_client.create_listener(**listener_kwargs)
+ cls.listener_id = listener[const.ID]
+ cls.addClassResourceCleanup(
+ cls.mem_listener_client.cleanup_listener,
+ cls.listener_id,
+ lb_client=cls.mem_lb_client, lb_id=cls.lb_id)
+
+ waiters.wait_for_status(cls.mem_lb_client.show_loadbalancer,
+ cls.lb_id, const.PROVISIONING_STATUS,
+ const.ACTIVE,
+ CONF.load_balancer.build_interval,
+ CONF.load_balancer.build_timeout)
+
+ pool_name = data_utils.rand_name("lb_member_pool1_l7rule")
+ pool_kwargs = {
+ const.NAME: pool_name,
+ const.PROTOCOL: const.HTTP,
+ const.LB_ALGORITHM: const.LB_ALGORITHM_ROUND_ROBIN,
+ const.LISTENER_ID: cls.listener_id,
+ }
+
+ pool = cls.mem_pool_client.create_pool(**pool_kwargs)
+ cls.pool_id = pool[const.ID]
+ cls.addClassResourceCleanup(
+ cls.mem_pool_client.cleanup_pool,
+ cls.pool_id,
+ lb_client=cls.mem_lb_client, lb_id=cls.lb_id)
+
+ waiters.wait_for_status(cls.mem_lb_client.show_loadbalancer,
+ cls.lb_id, const.PROVISIONING_STATUS,
+ const.ACTIVE,
+ CONF.load_balancer.build_interval,
+ CONF.load_balancer.build_timeout)
+
+ l7policy_name = data_utils.rand_name("lb_member_l7policy1_l7rule")
+ l7policy_kwargs = {
+ const.NAME: l7policy_name,
+ const.LISTENER_ID: cls.listener_id,
+ const.ACTION: const.REJECT,
+ }
+ l7policy = cls.mem_l7policy_client.create_l7policy(**l7policy_kwargs)
+ cls.l7policy_id = l7policy[const.ID]
+ cls.addClassResourceCleanup(
+ cls.mem_l7policy_client.cleanup_l7policy,
+ cls.l7policy_id,
+ lb_client=cls.mem_lb_client, lb_id=cls.lb_id)
+
+ waiters.wait_for_status(cls.mem_lb_client.show_loadbalancer,
+ cls.lb_id, const.PROVISIONING_STATUS,
+ const.ACTIVE,
+ CONF.load_balancer.build_interval,
+ CONF.load_balancer.build_timeout)
+
+ # Note: This test also covers basic l7rule show API
+ @decorators.idempotent_id('55ac1337-189d-40a6-b614-47d7a8e991f6')
+ def test_l7rule_create(self):
+ """Tests l7rule create and basic show APIs.
+
+ * Tests that users without the loadbalancer member role cannot
+ create l7rules.
+ * Create a fully populated l7rule.
+ * Show l7rule details.
+ * Validate the show reflects the requested values.
+ """
+ l7rule_kwargs = {
+ const.ADMIN_STATE_UP: True,
+ const.L7POLICY_ID: self.l7policy_id,
+ const.TYPE: const.HEADER,
+ const.VALUE: 'myvalue-create',
+ const.COMPARE_TYPE: const.EQUAL_TO,
+ const.KEY: 'mykey-create',
+ const.INVERT: False,
+ }
+
+ # Test that a user without the load balancer role cannot
+ # create a l7rule
+ if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
+ self.assertRaises(
+ exceptions.Forbidden,
+ self.os_primary.l7rule_client.create_l7rule,
+ **l7rule_kwargs)
+
+ l7rule = self.mem_l7rule_client.create_l7rule(**l7rule_kwargs)
+ self.addClassResourceCleanup(
+ self.mem_l7rule_client.cleanup_l7rule,
+ l7rule[const.ID], l7policy_id=self.l7policy_id,
+ lb_client=self.mem_lb_client, lb_id=self.lb_id)
+
+ waiters.wait_for_status(
+ self.mem_lb_client.show_loadbalancer, self.lb_id,
+ const.PROVISIONING_STATUS, const.ACTIVE,
+ CONF.load_balancer.build_interval,
+ CONF.load_balancer.build_timeout)
+ l7rule = waiters.wait_for_status(
+ self.mem_l7rule_client.show_l7rule,
+ l7rule[const.ID], const.PROVISIONING_STATUS,
+ const.ACTIVE,
+ CONF.load_balancer.build_interval,
+ CONF.load_balancer.build_timeout,
+ l7policy_id=self.l7policy_id)
+ if not CONF.load_balancer.test_with_noop:
+ l7rule = waiters.wait_for_status(
+ self.mem_l7rule_client.show_l7rule,
+ l7rule[const.ID], const.OPERATING_STATUS,
+ const.ONLINE,
+ CONF.load_balancer.build_interval,
+ CONF.load_balancer.build_timeout,
+ l7policy_id=self.l7policy_id)
+
+ parser.parse(l7rule[const.CREATED_AT])
+ parser.parse(l7rule[const.UPDATED_AT])
+ UUID(l7rule[const.ID])
+ # Operating status for a l7rule will be ONLINE if it is enabled:
+ if l7rule[const.ADMIN_STATE_UP]:
+ self.assertEqual(const.ONLINE, l7rule[const.OPERATING_STATUS])
+ else:
+ self.assertEqual(const.OFFLINE, l7rule[const.OPERATING_STATUS])
+
+ equal_items = [const.ADMIN_STATE_UP, const.TYPE, const.VALUE,
+ const.COMPARE_TYPE, const.KEY, const.INVERT]
+
+ for item in equal_items:
+ self.assertEqual(l7rule_kwargs[item], l7rule[item])
+
+ @decorators.idempotent_id('69095254-f106-4fb6-9f54-7a78cc14fb51')
+ def test_l7rule_list(self):
+ """Tests l7rule list API and field filtering.
+
+ * Create a clean l7policy.
+ * Create three l7rules.
+ * Validates that other accounts cannot list the l7rules.
+ * List the l7rules using the default sort order.
+ * List the l7rules using descending sort order.
+ * List the l7rules using ascending sort order.
+ * List the l7rules returning one field at a time.
+ * List the l7rules returning two fields.
+ * List the l7rules filtering to one of the three.
+ * List the l7rules filtered, one field, and sorted.
+ """
+ l7policy_name = data_utils.rand_name("lb_member_l7policy2_l7rule-list")
+ l7policy = self.mem_l7policy_client.create_l7policy(
+ name=l7policy_name, listener_id=self.listener_id,
+ action=const.REJECT)
+ l7policy_id = l7policy[const.ID]
+ self.addCleanup(
+ self.mem_l7policy_client.cleanup_l7policy, l7policy_id,
+ lb_client=self.mem_lb_client, lb_id=self.lb_id)
+
+ waiters.wait_for_status(self.mem_lb_client.show_loadbalancer,
+ self.lb_id,
+ const.PROVISIONING_STATUS,
+ const.ACTIVE,
+ CONF.load_balancer.build_interval,
+ CONF.load_balancer.build_timeout)
+
+ l7rule1_kwargs = {
+ const.L7POLICY_ID: l7policy_id,
+ const.ADMIN_STATE_UP: True,
+ const.TYPE: const.HEADER,
+ const.VALUE: '2',
+ const.COMPARE_TYPE: const.EQUAL_TO,
+ const.KEY: 'mykey2-list',
+ }
+ l7rule1 = self.mem_l7rule_client.create_l7rule(
+ **l7rule1_kwargs)
+ self.addCleanup(
+ self.mem_l7rule_client.cleanup_l7rule,
+ l7rule1[const.ID], l7policy_id=l7policy_id,
+ lb_client=self.mem_lb_client, lb_id=self.lb_id)
+ l7rule1 = waiters.wait_for_status(
+ self.mem_l7rule_client.show_l7rule, l7rule1[const.ID],
+ const.PROVISIONING_STATUS, const.ACTIVE,
+ CONF.load_balancer.build_interval,
+ CONF.load_balancer.build_timeout,
+ l7policy_id=l7policy_id)
+ waiters.wait_for_status(self.mem_lb_client.show_loadbalancer,
+ self.lb_id,
+ const.PROVISIONING_STATUS,
+ const.ACTIVE,
+ CONF.load_balancer.check_interval,
+ CONF.load_balancer.check_timeout)
+ # Time resolution for created_at is only to the second, and we need to
+ # ensure that each object has a distinct creation time. Delaying one
+ # second is both a simple and a reliable way to accomplish this.
+ time.sleep(1)
+
+ l7rule2_kwargs = {
+ const.L7POLICY_ID: l7policy_id,
+ const.ADMIN_STATE_UP: True,
+ const.TYPE: const.HEADER,
+ const.VALUE: '1',
+ const.COMPARE_TYPE: const.EQUAL_TO,
+ const.KEY: 'mykey1-list',
+ }
+ l7rule2 = self.mem_l7rule_client.create_l7rule(
+ **l7rule2_kwargs)
+ self.addCleanup(
+ self.mem_l7rule_client.cleanup_l7rule,
+ l7rule2[const.ID], l7policy_id=l7policy_id,
+ lb_client=self.mem_lb_client, lb_id=self.lb_id)
+ l7rule2 = waiters.wait_for_status(
+ self.mem_l7rule_client.show_l7rule, l7rule2[const.ID],
+ const.PROVISIONING_STATUS, const.ACTIVE,
+ CONF.load_balancer.build_interval,
+ CONF.load_balancer.build_timeout,
+ l7policy_id=l7policy_id)
+ waiters.wait_for_status(self.mem_lb_client.show_loadbalancer,
+ self.lb_id,
+ const.PROVISIONING_STATUS,
+ const.ACTIVE,
+ CONF.load_balancer.check_interval,
+ CONF.load_balancer.check_timeout)
+ # Time resolution for created_at is only to the second, and we need to
+ # ensure that each object has a distinct creation time. Delaying one
+ # second is both a simple and a reliable way to accomplish this.
+ time.sleep(1)
+
+ l7rule3_kwargs = {
+ const.L7POLICY_ID: l7policy_id,
+ const.ADMIN_STATE_UP: False,
+ const.TYPE: const.HEADER,
+ const.VALUE: '3',
+ const.COMPARE_TYPE: const.EQUAL_TO,
+ const.KEY: 'mykey3-list',
+ }
+ l7rule3 = self.mem_l7rule_client.create_l7rule(
+ **l7rule3_kwargs)
+ self.addCleanup(
+ self.mem_l7rule_client.cleanup_l7rule,
+ l7rule3[const.ID], l7policy_id=l7policy_id,
+ lb_client=self.mem_lb_client, lb_id=self.lb_id)
+ l7rule3 = waiters.wait_for_status(
+ self.mem_l7rule_client.show_l7rule, l7rule3[const.ID],
+ const.PROVISIONING_STATUS, const.ACTIVE,
+ CONF.load_balancer.build_interval,
+ CONF.load_balancer.build_timeout,
+ l7policy_id=l7policy_id)
+ waiters.wait_for_status(self.mem_lb_client.show_loadbalancer,
+ self.lb_id,
+ const.PROVISIONING_STATUS,
+ const.ACTIVE,
+ CONF.load_balancer.check_interval,
+ CONF.load_balancer.check_timeout)
+
+ # Test that a different user cannot list l7rules
+ if not CONF.load_balancer.RBAC_test_type == const.NONE:
+ member2_client = self.os_roles_lb_member2.l7rule_client
+ self.assertRaises(
+ exceptions.Forbidden,
+ member2_client.list_l7rules,
+ l7policy_id)
+
+ # Test that a user without the lb l7rule role cannot list load
+ # balancers
+ if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
+ self.assertRaises(
+ exceptions.Forbidden,
+ self.os_primary.l7rule_client.list_l7rules,
+ l7policy_id)
+
+ # Check the default sort order, created_at
+ l7rules = self.mem_l7rule_client.list_l7rules(l7policy_id)
+ self.assertEqual(l7rule1[const.VALUE],
+ l7rules[0][const.VALUE])
+ self.assertEqual(l7rule2[const.VALUE],
+ l7rules[1][const.VALUE])
+ self.assertEqual(l7rule3[const.VALUE],
+ l7rules[2][const.VALUE])
+
+ # Test sort descending by `value`
+ l7rules = self.mem_l7rule_client.list_l7rules(
+ l7policy_id, query_params='{sort}={value}:{desc}'.format(
+ sort=const.SORT, value=const.VALUE, desc=const.DESC))
+ self.assertEqual(l7rule1[const.VALUE],
+ l7rules[1][const.VALUE])
+ self.assertEqual(l7rule2[const.VALUE],
+ l7rules[2][const.VALUE])
+ self.assertEqual(l7rule3[const.VALUE],
+ l7rules[0][const.VALUE])
+
+ # Test sort ascending by `value`
+ l7rules = self.mem_l7rule_client.list_l7rules(
+ l7policy_id, query_params='{sort}={value}:{asc}'.format(
+ sort=const.SORT, value=const.VALUE, asc=const.ASC))
+ self.assertEqual(l7rule1[const.VALUE],
+ l7rules[1][const.VALUE])
+ self.assertEqual(l7rule2[const.VALUE],
+ l7rules[0][const.VALUE])
+ self.assertEqual(l7rule3[const.VALUE],
+ l7rules[2][const.VALUE])
+
+ # Test fields
+ for field in const.SHOW_L7RULE_RESPONSE_FIELDS:
+ l7rules = self.mem_l7rule_client.list_l7rules(
+ l7policy_id, query_params='{fields}={field}'.format(
+ fields=const.FIELDS, field=field))
+ self.assertEqual(1, len(l7rules[0]))
+ self.assertEqual(l7rule1[field], l7rules[0][field])
+ self.assertEqual(l7rule2[field], l7rules[1][field])
+ self.assertEqual(l7rule3[field], l7rules[2][field])
+
+ # Test multiple fields at the same time
+ l7rules = self.mem_l7rule_client.list_l7rules(
+ l7policy_id,
+ query_params='{fields}={admin}&{fields}={created}'.format(
+ fields=const.FIELDS, admin=const.ADMIN_STATE_UP,
+ created=const.CREATED_AT))
+ self.assertEqual(2, len(l7rules[0]))
+ self.assertTrue(l7rules[0][const.ADMIN_STATE_UP])
+ parser.parse(l7rules[0][const.CREATED_AT])
+ self.assertTrue(l7rules[1][const.ADMIN_STATE_UP])
+ parser.parse(l7rules[1][const.CREATED_AT])
+ self.assertFalse(l7rules[2][const.ADMIN_STATE_UP])
+ parser.parse(l7rules[2][const.CREATED_AT])
+
+ # Test filtering
+ l7rules = self.mem_l7rule_client.list_l7rules(
+ l7policy_id,
+ query_params='{value}={rule_value}'.format(
+ value=const.VALUE,
+ rule_value=l7rule2[const.VALUE]))
+ self.assertEqual(1, len(l7rules))
+ self.assertEqual(l7rule2[const.VALUE],
+ l7rules[0][const.VALUE])
+
+ # Test combined params
+ l7rules = self.mem_l7rule_client.list_l7rules(
+ l7policy_id,
+ query_params='{admin}={true}&'
+ '{fields}={value}&{fields}={id}&'
+ '{sort}={value}:{desc}'.format(
+ admin=const.ADMIN_STATE_UP,
+ true=const.ADMIN_STATE_UP_TRUE,
+ fields=const.FIELDS, value=const.VALUE,
+ id=const.ID, sort=const.SORT, desc=const.DESC))
+ # Should get two l7rules
+ self.assertEqual(2, len(l7rules))
+ # l7rules should have two fields
+ self.assertEqual(2, len(l7rules[0]))
+ # Should be in descending order by `value`
+ self.assertEqual(l7rule2[const.VALUE],
+ l7rules[1][const.VALUE])
+ self.assertEqual(l7rule1[const.VALUE],
+ l7rules[0][const.VALUE])
+
+ @decorators.idempotent_id('b80b34c3-09fc-467b-8027-7350adb17070')
+ def test_l7rule_show(self):
+ """Tests l7rule show API.
+
+ * Create a fully populated l7rule.
+ * Show l7rule details.
+ * Validate the show reflects the requested values.
+ * Validates that other accounts cannot see the l7rule.
+ """
+ l7rule_kwargs = {
+ const.ADMIN_STATE_UP: True,
+ const.L7POLICY_ID: self.l7policy_id,
+ const.TYPE: const.HEADER,
+ const.VALUE: 'myvalue-show',
+ const.COMPARE_TYPE: const.EQUAL_TO,
+ const.KEY: 'mykey-show',
+ const.INVERT: False,
+ }
+
+ l7rule = self.mem_l7rule_client.create_l7rule(**l7rule_kwargs)
+ self.addClassResourceCleanup(
+ self.mem_l7rule_client.cleanup_l7rule,
+ l7rule[const.ID], l7policy_id=self.l7policy_id,
+ lb_client=self.mem_lb_client, lb_id=self.lb_id)
+
+ waiters.wait_for_status(
+ self.mem_lb_client.show_loadbalancer, self.lb_id,
+ const.PROVISIONING_STATUS, const.ACTIVE,
+ CONF.load_balancer.build_interval,
+ CONF.load_balancer.build_timeout)
+ l7rule = waiters.wait_for_status(
+ self.mem_l7rule_client.show_l7rule,
+ l7rule[const.ID], const.PROVISIONING_STATUS,
+ const.ACTIVE,
+ CONF.load_balancer.build_interval,
+ CONF.load_balancer.build_timeout,
+ l7policy_id=self.l7policy_id)
+ if not CONF.load_balancer.test_with_noop:
+ l7rule = waiters.wait_for_status(
+ self.mem_l7rule_client.show_l7rule,
+ l7rule[const.ID], const.OPERATING_STATUS,
+ const.ONLINE,
+ CONF.load_balancer.build_interval,
+ CONF.load_balancer.build_timeout,
+ l7policy_id=self.l7policy_id)
+
+ parser.parse(l7rule[const.CREATED_AT])
+ parser.parse(l7rule[const.UPDATED_AT])
+ UUID(l7rule[const.ID])
+ # Operating status for a l7rule will be ONLINE if it is enabled:
+ if l7rule[const.ADMIN_STATE_UP]:
+ self.assertEqual(const.ONLINE, l7rule[const.OPERATING_STATUS])
+ else:
+ self.assertEqual(const.OFFLINE, l7rule[const.OPERATING_STATUS])
+
+ equal_items = [const.ADMIN_STATE_UP, const.TYPE, const.VALUE,
+ const.COMPARE_TYPE, const.KEY, const.INVERT]
+
+ for item in equal_items:
+ self.assertEqual(l7rule_kwargs[item], l7rule[item])
+
+ # Test that a user with lb_admin role can see the l7rule
+ if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
+ l7rule_client = self.os_roles_lb_admin.l7rule_client
+ l7rule_adm = l7rule_client.show_l7rule(
+ l7rule[const.ID], l7policy_id=self.l7policy_id)
+ self.assertEqual(l7rule_kwargs[const.KEY], l7rule_adm[const.KEY])
+
+ # Test that a user with cloud admin role can see the l7rule
+ if not CONF.load_balancer.RBAC_test_type == const.NONE:
+ adm = self.os_admin.l7rule_client.show_l7rule(
+ l7rule[const.ID], l7policy_id=self.l7policy_id)
+ self.assertEqual(l7rule_kwargs[const.KEY], adm[const.KEY])
+
+ # Test that a different user, with load balancer member role, cannot
+ # see this l7rule
+ if not CONF.load_balancer.RBAC_test_type == const.NONE:
+ member2_client = self.os_roles_lb_member2.l7rule_client
+ self.assertRaises(exceptions.Forbidden,
+ member2_client.show_l7rule,
+ l7rule[const.ID], l7policy_id=self.l7policy_id)
+
+ # Test that a user, without the load balancer member role, cannot
+ # show l7rules
+ if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
+ self.assertRaises(
+ exceptions.Forbidden,
+ self.os_primary.l7rule_client.show_l7rule,
+ l7rule[const.ID], l7policy_id=self.l7policy_id)
+
+ @decorators.idempotent_id('f8cee23b-89b6-4f3a-a842-1463daf42cf7')
+ def test_l7rule_update(self):
+ """Tests l7rule show API and field filtering.
+
+ * Create a fully populated l7rule.
+ * Show l7rule details.
+ * Validate the show reflects the initial values.
+ * Validates that other accounts cannot update the l7rule.
+ * Update the l7rule details.
+ * Show l7rule details.
+ * Validate the show reflects the initial values.
+ """
+ l7rule_kwargs = {
+ const.ADMIN_STATE_UP: False,
+ const.L7POLICY_ID: self.l7policy_id,
+ const.TYPE: const.HEADER,
+ const.VALUE: 'myvalue-update',
+ const.COMPARE_TYPE: const.EQUAL_TO,
+ const.KEY: 'mykey-update',
+ const.INVERT: False,
+ }
+
+ l7rule = self.mem_l7rule_client.create_l7rule(**l7rule_kwargs)
+ self.addClassResourceCleanup(
+ self.mem_l7rule_client.cleanup_l7rule,
+ l7rule[const.ID], l7policy_id=self.l7policy_id,
+ lb_client=self.mem_lb_client, lb_id=self.lb_id)
+
+ waiters.wait_for_status(
+ self.mem_lb_client.show_loadbalancer, self.lb_id,
+ const.PROVISIONING_STATUS, const.ACTIVE,
+ CONF.load_balancer.build_interval,
+ CONF.load_balancer.build_timeout)
+ l7rule = waiters.wait_for_status(
+ self.mem_l7rule_client.show_l7rule,
+ l7rule[const.ID], const.PROVISIONING_STATUS,
+ const.ACTIVE,
+ CONF.load_balancer.build_interval,
+ CONF.load_balancer.build_timeout,
+ l7policy_id=self.l7policy_id)
+
+ parser.parse(l7rule[const.CREATED_AT])
+ parser.parse(l7rule[const.UPDATED_AT])
+ UUID(l7rule[const.ID])
+ # Operating status for a l7rule will be ONLINE if it is enabled:
+ if l7rule[const.ADMIN_STATE_UP]:
+ self.assertEqual(const.ONLINE, l7rule[const.OPERATING_STATUS])
+ else:
+ self.assertEqual(const.OFFLINE, l7rule[const.OPERATING_STATUS])
+
+ equal_items = [const.ADMIN_STATE_UP, const.TYPE, const.VALUE,
+ const.COMPARE_TYPE, const.KEY, const.INVERT]
+
+ for item in equal_items:
+ self.assertEqual(l7rule_kwargs[item], l7rule[item])
+
+ # Test that a user, without the load balancer member role, cannot
+ # use this command
+ if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
+ self.assertRaises(
+ exceptions.Forbidden,
+ self.os_primary.l7rule_client.update_l7rule,
+ l7rule[const.ID], l7policy_id=self.l7policy_id,
+ admin_state_up=True)
+
+ # Assert we didn't go into PENDING_*
+ l7rule_check = self.mem_l7rule_client.show_l7rule(
+ l7rule[const.ID], l7policy_id=self.l7policy_id)
+ self.assertEqual(const.ACTIVE, l7rule_check[const.PROVISIONING_STATUS])
+ self.assertEqual(False, l7rule_check[const.ADMIN_STATE_UP])
+
+ # Test that a user, without the load balancer member role, cannot
+ # update this l7rule
+ if not CONF.load_balancer.RBAC_test_type == const.NONE:
+ member2_client = self.os_roles_lb_member2.l7rule_client
+ self.assertRaises(exceptions.Forbidden,
+ member2_client.update_l7rule,
+ l7rule[const.ID], l7policy_id=self.l7policy_id,
+ admin_state_up=True)
+
+ # Assert we didn't go into PENDING_*
+ l7rule_check = self.mem_l7rule_client.show_l7rule(
+ l7rule[const.ID], l7policy_id=self.l7policy_id)
+ self.assertEqual(const.ACTIVE, l7rule_check[const.PROVISIONING_STATUS])
+ self.assertEqual(False, l7rule_check[const.ADMIN_STATE_UP])
+
+ l7rule_update_kwargs = {
+ const.L7POLICY_ID: self.l7policy_id,
+ const.ADMIN_STATE_UP: True,
+ const.TYPE: const.COOKIE,
+ const.VALUE: 'myvalue-UPDATED',
+ const.COMPARE_TYPE: const.CONTAINS,
+ const.KEY: 'mykey-UPDATED',
+ const.INVERT: True,
+ }
+ l7rule = self.mem_l7rule_client.update_l7rule(
+ l7rule[const.ID], **l7rule_update_kwargs)
+
+ waiters.wait_for_status(
+ self.mem_lb_client.show_loadbalancer, self.lb_id,
+ const.PROVISIONING_STATUS, const.ACTIVE,
+ CONF.load_balancer.build_interval,
+ CONF.load_balancer.build_timeout)
+ l7rule = waiters.wait_for_status(
+ self.mem_l7rule_client.show_l7rule,
+ l7rule[const.ID], const.PROVISIONING_STATUS,
+ const.ACTIVE,
+ CONF.load_balancer.build_interval,
+ CONF.load_balancer.build_timeout,
+ l7policy_id=self.l7policy_id)
+
+ # Operating status for a l7rule will be ONLINE if it is enabled:
+ if l7rule[const.ADMIN_STATE_UP]:
+ self.assertEqual(const.ONLINE, l7rule[const.OPERATING_STATUS])
+ else:
+ self.assertEqual(const.OFFLINE, l7rule[const.OPERATING_STATUS])
+
+ # Test changed items (which is all of them, for l7rules)
+ equal_items = [const.ADMIN_STATE_UP, const.TYPE, const.VALUE,
+ const.COMPARE_TYPE, const.KEY, const.INVERT]
+ for item in equal_items:
+ self.assertEqual(l7rule_update_kwargs[item], l7rule[item])
+
+ @decorators.idempotent_id('8e15d68d-70e7-4cf3-82bc-9604384654a0')
+ def test_l7rule_delete(self):
+ """Tests l7rule create and delete APIs.
+
+ * Creates a l7rule.
+ * Validates that other accounts cannot delete the l7rule
+ * Deletes the l7rule.
+ * Validates the l7rule is in the DELETED state.
+ """
+ l7rule_kwargs = {
+ const.L7POLICY_ID: self.l7policy_id,
+ const.TYPE: const.HEADER,
+ const.VALUE: 'myvalue-delete',
+ const.COMPARE_TYPE: const.EQUAL_TO,
+ const.KEY: 'mykey-delete',
+ }
+ l7rule = self.mem_l7rule_client.create_l7rule(**l7rule_kwargs)
+ self.addClassResourceCleanup(
+ self.mem_l7rule_client.cleanup_l7rule,
+ l7rule[const.ID], l7policy_id=self.l7policy_id,
+ lb_client=self.mem_lb_client, lb_id=self.lb_id)
+
+ waiters.wait_for_status(
+ self.mem_lb_client.show_loadbalancer,
+ self.lb_id, const.PROVISIONING_STATUS,
+ const.ACTIVE,
+ CONF.load_balancer.build_interval,
+ CONF.load_balancer.build_timeout)
+
+ # Test that a user without the load balancer role cannot
+ # delete this l7rule
+ if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
+ self.assertRaises(
+ exceptions.Forbidden,
+ self.os_primary.l7rule_client.delete_l7rule,
+ l7rule[const.ID], l7policy_id=self.l7policy_id)
+
+ # Test that a different user, with the load balancer member role
+ # cannot delete this l7rule
+ if not CONF.load_balancer.RBAC_test_type == const.NONE:
+ member2_client = self.os_roles_lb_member2.l7rule_client
+ self.assertRaises(exceptions.Forbidden,
+ member2_client.delete_l7rule,
+ l7rule[const.ID], l7policy_id=self.l7policy_id)
+
+ self.mem_l7rule_client.delete_l7rule(l7rule[const.ID],
+ l7policy_id=self.l7policy_id)
+
+ waiters.wait_for_deleted_status_or_not_found(
+ self.mem_l7rule_client.show_l7rule, l7rule[const.ID],
+ const.PROVISIONING_STATUS,
+ CONF.load_balancer.check_interval,
+ CONF.load_balancer.check_timeout,
+ l7policy_id=self.l7policy_id)
diff --git a/octavia_tempest_plugin/tests/scenario/v2/test_l7rule.py b/octavia_tempest_plugin/tests/scenario/v2/test_l7rule.py
new file mode 100644
index 0000000..3e14a74
--- /dev/null
+++ b/octavia_tempest_plugin/tests/scenario/v2/test_l7rule.py
@@ -0,0 +1,195 @@
+# Copyright 2018 GoDaddy
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from uuid import UUID
+
+from dateutil import parser
+from tempest import config
+from tempest.lib.common.utils import data_utils
+from tempest.lib import decorators
+
+from octavia_tempest_plugin.common import constants as const
+from octavia_tempest_plugin.tests import test_base
+from octavia_tempest_plugin.tests import waiters
+
+CONF = config.CONF
+
+
+class L7RuleScenarioTest(test_base.LoadBalancerBaseTest):
+
+ @classmethod
+ def resource_setup(cls):
+ """Setup resources needed by the tests."""
+ super(L7RuleScenarioTest, cls).resource_setup()
+
+ lb_name = data_utils.rand_name("lb_member_lb1_l7rule")
+ lb_kwargs = {const.PROVIDER: CONF.load_balancer.provider,
+ const.NAME: lb_name}
+
+ cls._setup_lb_network_kwargs(lb_kwargs)
+
+ lb = cls.mem_lb_client.create_loadbalancer(**lb_kwargs)
+ cls.lb_id = lb[const.ID]
+ cls.addClassResourceCleanup(
+ cls.mem_lb_client.cleanup_loadbalancer,
+ cls.lb_id)
+
+ waiters.wait_for_status(cls.mem_lb_client.show_loadbalancer,
+ cls.lb_id, const.PROVISIONING_STATUS,
+ const.ACTIVE,
+ CONF.load_balancer.lb_build_interval,
+ CONF.load_balancer.lb_build_timeout)
+
+ listener_name = data_utils.rand_name("lb_member_listener1_l7rule")
+ listener_kwargs = {
+ const.NAME: listener_name,
+ const.PROTOCOL: const.HTTP,
+ const.PROTOCOL_PORT: '80',
+ const.LOADBALANCER_ID: cls.lb_id,
+ }
+ listener = cls.mem_listener_client.create_listener(**listener_kwargs)
+ cls.listener_id = listener[const.ID]
+ cls.addClassResourceCleanup(
+ cls.mem_listener_client.cleanup_listener,
+ cls.listener_id,
+ lb_client=cls.mem_lb_client, lb_id=cls.lb_id)
+
+ waiters.wait_for_status(cls.mem_lb_client.show_loadbalancer,
+ cls.lb_id, const.PROVISIONING_STATUS,
+ const.ACTIVE,
+ CONF.load_balancer.build_interval,
+ CONF.load_balancer.build_timeout)
+
+ l7policy_name = data_utils.rand_name("lb_member_l7policy1_l7rule")
+ l7policy_kwargs = {
+ const.NAME: l7policy_name,
+ const.LISTENER_ID: cls.listener_id,
+ const.ACTION: const.REJECT,
+ }
+ l7policy = cls.mem_l7policy_client.create_l7policy(**l7policy_kwargs)
+ cls.l7policy_id = l7policy[const.ID]
+ cls.addClassResourceCleanup(
+ cls.mem_l7policy_client.cleanup_l7policy,
+ cls.l7policy_id,
+ lb_client=cls.mem_lb_client, lb_id=cls.lb_id)
+
+ waiters.wait_for_status(cls.mem_lb_client.show_loadbalancer,
+ cls.lb_id, const.PROVISIONING_STATUS,
+ const.ACTIVE,
+ CONF.load_balancer.build_interval,
+ CONF.load_balancer.build_timeout)
+
+ @decorators.idempotent_id('a1c268b9-5304-48c7-9a34-0ef0e8e9307e')
+ def test_l7rule_CRUD(self):
+ """Tests l7rule create, read, update, delete
+
+ * Create a fully populated l7rule.
+ * Show l7rule details.
+ * Update the l7rule.
+ * Delete the l7rule.
+ """
+
+ # L7Rule create
+ l7rule_kwargs = {
+ const.ADMIN_STATE_UP: False,
+ const.L7POLICY_ID: self.l7policy_id,
+ const.TYPE: const.HEADER,
+ const.VALUE: 'myvalue-create',
+ const.COMPARE_TYPE: const.EQUAL_TO,
+ const.KEY: 'mykey-create',
+ const.INVERT: False,
+ }
+
+ l7rule = self.mem_l7rule_client.create_l7rule(**l7rule_kwargs)
+ self.addClassResourceCleanup(
+ self.mem_l7rule_client.cleanup_l7rule,
+ l7rule[const.ID], l7policy_id=self.l7policy_id,
+ lb_client=self.mem_lb_client, lb_id=self.lb_id)
+
+ waiters.wait_for_status(
+ self.mem_lb_client.show_loadbalancer, self.lb_id,
+ const.PROVISIONING_STATUS, const.ACTIVE,
+ CONF.load_balancer.build_interval,
+ CONF.load_balancer.build_timeout)
+ l7rule = waiters.wait_for_status(
+ self.mem_l7rule_client.show_l7rule,
+ l7rule[const.ID], const.PROVISIONING_STATUS,
+ const.ACTIVE,
+ CONF.load_balancer.build_interval,
+ CONF.load_balancer.build_timeout,
+ l7policy_id=self.l7policy_id)
+
+ parser.parse(l7rule[const.CREATED_AT])
+ parser.parse(l7rule[const.UPDATED_AT])
+ UUID(l7rule[const.ID])
+ # Operating status will be OFFLINE while admin_state_up = False
+ self.assertEqual(const.OFFLINE, l7rule[const.OPERATING_STATUS])
+
+ equal_items = [const.ADMIN_STATE_UP, const.TYPE, const.VALUE,
+ const.COMPARE_TYPE, const.KEY, const.INVERT]
+
+ for item in equal_items:
+ self.assertEqual(l7rule_kwargs[item], l7rule[item])
+
+ # L7Rule update
+ l7rule_update_kwargs = {
+ const.L7POLICY_ID: self.l7policy_id,
+ const.ADMIN_STATE_UP: True,
+ const.TYPE: const.COOKIE,
+ const.VALUE: 'myvalue-UPDATED',
+ const.COMPARE_TYPE: const.CONTAINS,
+ const.KEY: 'mykey-UPDATED',
+ const.INVERT: True,
+ }
+ l7rule = self.mem_l7rule_client.update_l7rule(
+ l7rule[const.ID], **l7rule_update_kwargs)
+
+ waiters.wait_for_status(
+ self.mem_lb_client.show_loadbalancer, self.lb_id,
+ const.PROVISIONING_STATUS, const.ACTIVE,
+ CONF.load_balancer.build_interval,
+ CONF.load_balancer.build_timeout)
+ l7rule = waiters.wait_for_status(
+ self.mem_l7rule_client.show_l7rule,
+ l7rule[const.ID], const.PROVISIONING_STATUS,
+ const.ACTIVE,
+ CONF.load_balancer.build_interval,
+ CONF.load_balancer.build_timeout,
+ l7policy_id=self.l7policy_id)
+
+ # Operating status for a l7rule will be ONLINE if it is enabled:
+ self.assertEqual(const.ONLINE, l7rule[const.OPERATING_STATUS])
+
+ # Test changed items (which is all of them, for l7rules)
+ equal_items = [const.ADMIN_STATE_UP, const.TYPE, const.VALUE,
+ const.COMPARE_TYPE, const.KEY, const.INVERT]
+ for item in equal_items:
+ self.assertEqual(l7rule_update_kwargs[item], l7rule[item])
+
+ # L7Rule delete
+ waiters.wait_for_status(
+ self.mem_lb_client.show_loadbalancer,
+ self.lb_id, const.PROVISIONING_STATUS,
+ const.ACTIVE,
+ CONF.load_balancer.check_interval,
+ CONF.load_balancer.check_timeout)
+ self.mem_l7rule_client.delete_l7rule(l7rule[const.ID],
+ l7policy_id=self.l7policy_id)
+
+ waiters.wait_for_deleted_status_or_not_found(
+ self.mem_l7rule_client.show_l7rule, l7rule[const.ID],
+ const.PROVISIONING_STATUS,
+ CONF.load_balancer.check_interval,
+ CONF.load_balancer.check_timeout,
+ l7policy_id=self.l7policy_id)
diff --git a/octavia_tempest_plugin/tests/scenario/v2/test_traffic_ops.py b/octavia_tempest_plugin/tests/scenario/v2/test_traffic_ops.py
index 0a0f20e..627c261 100644
--- a/octavia_tempest_plugin/tests/scenario/v2/test_traffic_ops.py
+++ b/octavia_tempest_plugin/tests/scenario/v2/test_traffic_ops.py
@@ -12,11 +12,12 @@
# License for the specific language governing permissions and limitations
# under the License.
+import testtools
+
from oslo_log import log as logging
from tempest import config
from tempest.lib.common.utils import data_utils
from tempest.lib import decorators
-import testtools
from octavia_tempest_plugin.common import constants as const
from octavia_tempest_plugin.tests import test_base
@@ -118,7 +119,7 @@
def test_basic_traffic(self):
"""Tests sending traffic through a loadbalancer
- * Create a fully populated loadbalancer.
+ * Set up members on a loadbalancer.
* Test traffic to ensure it is balanced properly.
"""
# Set up Member 1 for Webserver 1
@@ -170,7 +171,7 @@
CONF.load_balancer.check_timeout)
# Send some traffic
- self._check_members_balanced(self.lb_vip_address)
+ self.check_members_balanced(self.lb_vip_address)
@decorators.idempotent_id('a16f8eb4-a77c-4b0e-8b1b-91c237039713')
def test_healthmonitor_traffic(self):
@@ -286,8 +287,8 @@
pool_id=self.pool_id)
# Send some traffic and verify it is balanced
- self._check_members_balanced(self.lb_vip_address,
- traffic_member_count=2)
+ self.check_members_balanced(self.lb_vip_address,
+ traffic_member_count=2)
# Create the healthmonitor
hm_name = data_utils.rand_name("lb_member_hm1-hm-traffic")
@@ -346,8 +347,8 @@
pool_id=self.pool_id)
# Send some traffic and verify it is *unbalanced*, as expected
- self._check_members_balanced(self.lb_vip_address,
- traffic_member_count=1)
+ self.check_members_balanced(self.lb_vip_address,
+ traffic_member_count=1)
# Delete the healthmonitor
self.mem_healthmonitor_client.delete_healthmonitor(hm[const.ID])
@@ -382,4 +383,240 @@
pool_id=self.pool_id)
# Send some traffic and verify it is balanced again
- self._check_members_balanced(self.lb_vip_address)
+ self.check_members_balanced(self.lb_vip_address)
+
+ @decorators.idempotent_id('3558186d-6dcd-4d9d-b7f7-adc190b66149')
+ def test_l7policies_and_l7rules(self):
+ """Tests sending traffic through a loadbalancer with l7rules
+
+ * Create an extra pool.
+ * Put one member on the default pool, and one on the second pool.
+ * Create a policy/rule to redirect to the second pool.
+ * Create a policy/rule to redirect to the identity URI.
+ * Create a policy/rule to reject connections.
+ * Test traffic to ensure it goes to the correct place.
+ """
+ # Create a second pool
+ pool_name = data_utils.rand_name("lb_member_pool2_l7redirect")
+ pool_kwargs = {
+ const.NAME: pool_name,
+ const.PROTOCOL: const.HTTP,
+ const.LB_ALGORITHM: const.LB_ALGORITHM_ROUND_ROBIN,
+ const.LOADBALANCER_ID: self.lb_id,
+ }
+ pool = self.mem_pool_client.create_pool(**pool_kwargs)
+ pool_id = pool[const.ID]
+ self.addCleanup(
+ self.mem_pool_client.cleanup_pool,
+ pool_id,
+ lb_client=self.mem_lb_client, lb_id=self.lb_id)
+
+ waiters.wait_for_status(self.mem_lb_client.show_loadbalancer,
+ self.lb_id, const.PROVISIONING_STATUS,
+ const.ACTIVE,
+ CONF.load_balancer.build_interval,
+ CONF.load_balancer.build_timeout)
+
+ # Set up Member 1 for Webserver 1 on the default pool
+ member1_name = data_utils.rand_name("lb_member_member1-l7redirect")
+ member1_kwargs = {
+ const.POOL_ID: self.pool_id,
+ const.NAME: member1_name,
+ const.ADMIN_STATE_UP: True,
+ const.ADDRESS: self.webserver1_ip,
+ const.PROTOCOL_PORT: 80,
+ }
+ if self.lb_member_1_subnet:
+ member1_kwargs[const.SUBNET_ID] = self.lb_member_1_subnet[const.ID]
+
+ member1 = self.mem_member_client.create_member(
+ **member1_kwargs)
+ self.addCleanup(
+ self.mem_member_client.cleanup_member,
+ member1[const.ID], pool_id=self.pool_id,
+ lb_client=self.mem_lb_client, lb_id=self.lb_id)
+ waiters.wait_for_status(
+ self.mem_lb_client.show_loadbalancer, self.lb_id,
+ const.PROVISIONING_STATUS, const.ACTIVE,
+ CONF.load_balancer.check_interval,
+ CONF.load_balancer.check_timeout)
+
+ # Set up Member 2 for Webserver 2 on the alternate pool
+ member2_name = data_utils.rand_name("lb_member_member2-l7redirect")
+ member2_kwargs = {
+ const.POOL_ID: pool_id,
+ const.NAME: member2_name,
+ const.ADMIN_STATE_UP: True,
+ const.ADDRESS: self.webserver2_ip,
+ const.PROTOCOL_PORT: 80,
+ }
+ if self.lb_member_2_subnet:
+ member2_kwargs[const.SUBNET_ID] = self.lb_member_2_subnet[const.ID]
+
+ member2 = self.mem_member_client.create_member(
+ **member2_kwargs)
+ self.addCleanup(
+ self.mem_member_client.cleanup_member,
+ member2[const.ID], pool_id=self.pool_id,
+ lb_client=self.mem_lb_client, lb_id=self.lb_id)
+ waiters.wait_for_status(
+ self.mem_lb_client.show_loadbalancer, self.lb_id,
+ const.PROVISIONING_STATUS, const.ACTIVE,
+ CONF.load_balancer.check_interval,
+ CONF.load_balancer.check_timeout)
+
+ # Create the l7policy to redirect to the alternate pool
+ l7policy1_name = data_utils.rand_name("lb_member_l7policy1-l7redirect")
+ l7policy1_description = data_utils.arbitrary_string(size=255)
+ l7policy1_kwargs = {
+ const.LISTENER_ID: self.listener_id,
+ const.NAME: l7policy1_name,
+ const.DESCRIPTION: l7policy1_description,
+ const.ADMIN_STATE_UP: True,
+ const.POSITION: 1,
+ const.ACTION: const.REDIRECT_TO_POOL,
+ const.REDIRECT_POOL_ID: pool_id,
+ }
+ l7policy1 = self.mem_l7policy_client.create_l7policy(
+ **l7policy1_kwargs)
+ self.addCleanup(
+ self.mem_l7policy_client.cleanup_l7policy,
+ l7policy1[const.ID],
+ lb_client=self.mem_lb_client, lb_id=self.lb_id)
+ waiters.wait_for_status(
+ self.mem_lb_client.show_loadbalancer, self.lb_id,
+ const.PROVISIONING_STATUS, const.ACTIVE,
+ CONF.load_balancer.build_interval,
+ CONF.load_balancer.build_timeout)
+
+ # Redirect slow queries to the alternate pool
+ l7rule1_kwargs = {
+ const.L7POLICY_ID: l7policy1[const.ID],
+ const.ADMIN_STATE_UP: True,
+ const.TYPE: const.PATH,
+ const.VALUE: '/slow',
+ const.COMPARE_TYPE: const.STARTS_WITH,
+ const.INVERT: False,
+ }
+
+ l7rule1 = self.mem_l7rule_client.create_l7rule(**l7rule1_kwargs)
+ self.addCleanup(
+ self.mem_l7rule_client.cleanup_l7rule,
+ l7rule1[const.ID], l7policy_id=l7rule1_kwargs[const.L7POLICY_ID],
+ lb_client=self.mem_lb_client, lb_id=self.lb_id)
+ waiters.wait_for_status(
+ self.mem_lb_client.show_loadbalancer, self.lb_id,
+ const.PROVISIONING_STATUS, const.ACTIVE,
+ CONF.load_balancer.build_interval,
+ CONF.load_balancer.build_timeout)
+
+ # Create the l7policy to redirect to the identity URI
+ l7policy2_name = data_utils.rand_name("lb_member_l7policy2-l7redirect")
+ l7policy2_description = data_utils.arbitrary_string(size=255)
+ l7policy2_kwargs = {
+ const.LISTENER_ID: self.listener_id,
+ const.NAME: l7policy2_name,
+ const.DESCRIPTION: l7policy2_description,
+ const.ADMIN_STATE_UP: True,
+ const.POSITION: 1,
+ const.ACTION: const.REDIRECT_TO_URL,
+ const.REDIRECT_URL: CONF.identity.uri_v3,
+ }
+ l7policy2 = self.mem_l7policy_client.create_l7policy(
+ **l7policy2_kwargs)
+ self.addCleanup(
+ self.mem_l7policy_client.cleanup_l7policy,
+ l7policy2[const.ID],
+ lb_client=self.mem_lb_client, lb_id=self.lb_id)
+ waiters.wait_for_status(
+ self.mem_lb_client.show_loadbalancer, self.lb_id,
+ const.PROVISIONING_STATUS, const.ACTIVE,
+ CONF.load_balancer.build_interval,
+ CONF.load_balancer.build_timeout)
+
+ # Redirect queries for 'turtles' to identity
+ l7rule2_kwargs = {
+ const.L7POLICY_ID: l7policy2[const.ID],
+ const.ADMIN_STATE_UP: True,
+ const.TYPE: const.PATH,
+ const.VALUE: '/turtles',
+ const.COMPARE_TYPE: const.EQUAL_TO,
+ const.INVERT: False,
+ }
+
+ l7rule2 = self.mem_l7rule_client.create_l7rule(**l7rule2_kwargs)
+ self.addCleanup(
+ self.mem_l7rule_client.cleanup_l7rule,
+ l7rule2[const.ID], l7policy_id=l7rule2_kwargs[const.L7POLICY_ID],
+ lb_client=self.mem_lb_client, lb_id=self.lb_id)
+ waiters.wait_for_status(
+ self.mem_lb_client.show_loadbalancer, self.lb_id,
+ const.PROVISIONING_STATUS, const.ACTIVE,
+ CONF.load_balancer.build_interval,
+ CONF.load_balancer.build_timeout)
+
+ # Create the l7policy to reject requests
+ l7policy3_name = data_utils.rand_name("lb_member_l7policy3-l7redirect")
+ l7policy3_description = data_utils.arbitrary_string(size=255)
+ l7policy3_kwargs = {
+ const.LISTENER_ID: self.listener_id,
+ const.NAME: l7policy3_name,
+ const.DESCRIPTION: l7policy3_description,
+ const.ADMIN_STATE_UP: True,
+ const.POSITION: 1,
+ const.ACTION: const.REJECT,
+ }
+ l7policy3 = self.mem_l7policy_client.create_l7policy(
+ **l7policy3_kwargs)
+ self.addCleanup(
+ self.mem_l7policy_client.cleanup_l7policy,
+ l7policy3[const.ID],
+ lb_client=self.mem_lb_client, lb_id=self.lb_id)
+ waiters.wait_for_status(
+ self.mem_lb_client.show_loadbalancer, self.lb_id,
+ const.PROVISIONING_STATUS, const.ACTIVE,
+ CONF.load_balancer.build_interval,
+ CONF.load_balancer.build_timeout)
+
+ # Reject requests that include the header data 'reject=true'
+ l7rule3_kwargs = {
+ const.L7POLICY_ID: l7policy3[const.ID],
+ const.ADMIN_STATE_UP: True,
+ const.TYPE: const.HEADER,
+ const.KEY: 'reject',
+ const.VALUE: 'true',
+ const.COMPARE_TYPE: const.EQUAL_TO,
+ const.INVERT: False,
+ }
+
+ l7rule3 = self.mem_l7rule_client.create_l7rule(**l7rule3_kwargs)
+ self.addCleanup(
+ self.mem_l7rule_client.cleanup_l7rule,
+ l7rule3[const.ID], l7policy_id=l7rule3_kwargs[const.L7POLICY_ID],
+ lb_client=self.mem_lb_client, lb_id=self.lb_id)
+ waiters.wait_for_status(
+ self.mem_lb_client.show_loadbalancer, self.lb_id,
+ const.PROVISIONING_STATUS, const.ACTIVE,
+ CONF.load_balancer.build_interval,
+ CONF.load_balancer.build_timeout)
+
+ # Assert that normal traffic goes to pool1->member1
+ url_for_member1 = 'http://{}/'.format(self.lb_vip_address)
+ self.assertConsistentResponse((200, self.webserver1_response),
+ url_for_member1)
+
+ # Assert that slow traffic goes to pool2->member2
+ url_for_member2 = 'http://{}/slow?delay=1s'.format(self.lb_vip_address)
+ self.assertConsistentResponse((200, self.webserver2_response),
+ url_for_member2)
+
+ # Assert that /turtles is redirected to identity
+ url_for_identity = 'http://{}/turtles'.format(self.lb_vip_address)
+ self.assertConsistentResponse((302, CONF.identity.uri_v3),
+ url_for_identity,
+ redirect=True)
+
+ # Assert that traffic with header 'reject=true' is rejected
+ self.assertConsistentResponse((403, None),
+ url_for_member1,
+ headers={'reject': 'true'})
diff --git a/octavia_tempest_plugin/tests/test_base.py b/octavia_tempest_plugin/tests/test_base.py
index 47ea4ad..cf06879 100644
--- a/octavia_tempest_plugin/tests/test_base.py
+++ b/octavia_tempest_plugin/tests/test_base.py
@@ -51,6 +51,8 @@
['lb_admin', CONF.load_balancer.admin_role]]
client_manager = clients.ManagerV2
+ webserver1_response = 1
+ webserver2_response = 5
@classmethod
def skip_checks(cls):
@@ -111,6 +113,7 @@
cls.mem_healthmonitor_client = (
cls.os_roles_lb_member.healthmonitor_client)
cls.mem_l7policy_client = cls.os_roles_lb_member.l7policy_client
+ cls.mem_l7rule_client = cls.os_roles_lb_member.l7rule_client
@classmethod
def resource_setup(cls):
@@ -509,17 +512,21 @@
# Set up serving on webserver 1
cls._install_start_webserver(cls.webserver1_public_ip,
- cls.lb_member_keypair['private_key'], 1)
+ cls.lb_member_keypair['private_key'],
+ cls.webserver1_response)
# Validate webserver 1
- cls._validate_webserver(cls.webserver1_public_ip, 1)
+ cls._validate_webserver(cls.webserver1_public_ip,
+ cls.webserver1_response)
# Set up serving on webserver 2
cls._install_start_webserver(cls.webserver2_public_ip,
- cls.lb_member_keypair['private_key'], 5)
+ cls.lb_member_keypair['private_key'],
+ cls.webserver2_response)
# Validate webserver 2
- cls._validate_webserver(cls.webserver2_public_ip, 5)
+ cls._validate_webserver(cls.webserver2_public_ip,
+ cls.webserver2_response)
@classmethod
def _create_networks(cls):
@@ -716,7 +723,7 @@
'period. Failing test.')
raise Exception()
- def _check_members_balanced(self, vip_address, traffic_member_count=2):
+ def check_members_balanced(self, vip_address, traffic_member_count=2):
session = requests.Session()
response_counts = {}
@@ -743,3 +750,34 @@
# Ensure both members got the same number of responses
self.assertEqual(1, len(set(response_counts.values())))
+
+ def assertConsistentResponse(self, response, url, method='GET', repeat=10,
+ redirect=False, timeout=2, **kwargs):
+ """Assert that a request to URL gets the expected response.
+
+ :param response: Expected response in format (status_code, content).
+ :param url: The URL to request.
+ :param method: The HTTP method to use (GET, POST, PUT, etc)
+ :param repeat: How many times to test the response.
+ :param data: Optional data to send in the request.
+ :param headers: Optional headers to send in the request.
+ :param cookies: Optional cookies to send in the request.
+ :param redirect: Is the request a redirect? If true, assume the passed
+ content should be the next URL in the chain.
+ :return: boolean success status
+
+ :raises: testtools.matchers.MismatchError
+ """
+ session = requests.Session()
+ response_code, response_content = response
+
+ for i in range(0, repeat):
+ req = session.request(method, url, allow_redirects=not redirect,
+ timeout=timeout, **kwargs)
+ if response_code:
+ self.assertEqual(response_code, req.status_code)
+ if redirect:
+ self.assertTrue(req.is_redirect)
+ self.assertEqual(response_content, req.next.url)
+ elif response_content:
+ self.assertEqual(six.text_type(response_content), req.text)