Split out listener api tests
Related-Prod: PRODX-35575
Change-Id: Ic893e96014133f710edf13bd285b60e1e1f9bcad
(cherry picked from commit 791144a87098655c70ec3ef48dfbdbb97672a08d)
diff --git a/octavia_tempest_plugin/tests/api/v2/test_listener.py b/octavia_tempest_plugin/tests/api/v2/test_listener.py
index dfdc542..1526243 100644
--- a/octavia_tempest_plugin/tests/api/v2/test_listener.py
+++ b/octavia_tempest_plugin/tests/api/v2/test_listener.py
@@ -12,24 +12,17 @@
# License for the specific language governing permissions and limitations
# under the License.
-import base64
import time
from uuid import UUID
-from cryptography.hazmat.primitives import serialization
-
from dateutil import parser
from oslo_log import log as logging
from oslo_utils import strutils
-from oslo_utils import uuidutils
from tempest import config
from tempest.lib.common.utils import data_utils
from tempest.lib import decorators
from tempest.lib import exceptions
-import testtools
-from octavia_tempest_plugin.common import barbican_client_mgr
-from octavia_tempest_plugin.common import cert_utils
from octavia_tempest_plugin.common import constants as const
from octavia_tempest_plugin.tests import test_base
from octavia_tempest_plugin.tests import waiters
@@ -38,178 +31,13 @@
LOG = logging.getLogger(__name__)
-class ListenerAPITest(test_base.LoadBalancerBaseTest):
+class ListenerAPIBase(test_base.LoadBalancerBaseTest):
"""Test the listener object API."""
@classmethod
- def _store_secret(cls, barbican_mgr, secret):
- new_secret_ref = barbican_mgr.store_secret(secret)
- cls.addClassResourceCleanup(barbican_mgr.delete_secret,
- new_secret_ref)
-
- # Set the barbican ACL if the Octavia API version doesn't do it
- # automatically.
- if not cls.mem_lb_client.is_version_supported(
- cls.api_version, '2.1'):
- user_list = cls.os_admin.users_v3_client.list_users(
- name=CONF.load_balancer.octavia_svc_username)
- msg = 'Only one user named "{0}" should exist, {1} found.'.format(
- CONF.load_balancer.octavia_svc_username,
- len(user_list['users']))
- cls.assertEqual(1, len(user_list['users']), msg)
- barbican_mgr.add_acl(new_secret_ref, user_list['users'][0]['id'])
- return new_secret_ref
-
- @classmethod
- def _generate_load_certificate(cls, barbican_mgr, ca_cert, ca_key, name):
- new_cert, new_key = cert_utils.generate_server_cert_and_key(
- ca_cert, ca_key, name)
-
- LOG.debug('%s Cert: %s', name, new_cert.public_bytes(
- serialization.Encoding.PEM))
- LOG.debug('%s private Key: %s', name, new_key.private_bytes(
- encoding=serialization.Encoding.PEM,
- format=serialization.PrivateFormat.TraditionalOpenSSL,
- encryption_algorithm=serialization.NoEncryption()))
- new_public_key = new_key.public_key()
- LOG.debug('%s public Key: %s', name, new_public_key.public_bytes(
- encoding=serialization.Encoding.PEM,
- format=serialization.PublicFormat.SubjectPublicKeyInfo))
-
- # Create the pkcs12 bundle
- pkcs12 = cert_utils.generate_pkcs12_bundle(new_cert, new_key)
- LOG.debug('%s PKCS12 bundle: %s', name, base64.b64encode(pkcs12))
-
- new_secret_ref = cls._store_secret(barbican_mgr, pkcs12)
-
- return new_cert, new_key, new_secret_ref
-
- @classmethod
- def _load_pool_pki(cls):
- # Create the member client authentication CA
- cls.member_client_ca_cert, member_client_ca_key = (
- cert_utils.generate_ca_cert_and_key())
-
- # Create client cert and key
- cls.member_client_cn = uuidutils.generate_uuid()
- cls.member_client_cert, cls.member_client_key = (
- cert_utils.generate_client_cert_and_key(
- cls.member_client_ca_cert, member_client_ca_key,
- cls.member_client_cn))
-
- # Create the pkcs12 bundle
- pkcs12 = cert_utils.generate_pkcs12_bundle(cls.member_client_cert,
- cls.member_client_key)
- LOG.debug('Pool client PKCS12 bundle: %s', base64.b64encode(pkcs12))
-
- cls.pool_client_ref = cls._store_secret(cls.barbican_mgr, pkcs12)
-
- cls.member_ca_cert, cls.member_ca_key = (
- cert_utils.generate_ca_cert_and_key())
-
- cert, key = cert_utils.generate_server_cert_and_key(
- cls.member_ca_cert, cls.member_ca_key, cls.server_uuid)
-
- cls.pool_CA_ref = cls._store_secret(
- cls.barbican_mgr,
- cls.member_ca_cert.public_bytes(serialization.Encoding.PEM))
-
- cls.member_crl = cert_utils.generate_certificate_revocation_list(
- cls.member_ca_cert, cls.member_ca_key, cert)
-
- cls.pool_CRL_ref = cls._store_secret(
- cls.barbican_mgr,
- cls.member_crl.public_bytes(serialization.Encoding.PEM))
-
- @classmethod
- def should_apply_terminated_https(cls, protocol=None):
- if protocol and protocol != const.TERMINATED_HTTPS:
- return False
- return CONF.load_balancer.test_with_noop or getattr(
- CONF.service_available, 'barbican', False)
-
- @classmethod
def resource_setup(cls):
"""Setup resources needed by the tests."""
- super(ListenerAPITest, cls).resource_setup()
-
- if CONF.load_balancer.test_with_noop:
- cls.server_secret_ref = uuidutils.generate_uuid()
- cls.SNI1_secret_ref = uuidutils.generate_uuid()
- cls.SNI2_secret_ref = uuidutils.generate_uuid()
- elif getattr(CONF.service_available, 'barbican', False):
- # Create a CA self-signed cert and key
- cls.ca_cert, ca_key = cert_utils.generate_ca_cert_and_key()
-
- LOG.debug('CA Cert: %s', cls.ca_cert.public_bytes(
- serialization.Encoding.PEM))
- LOG.debug('CA private Key: %s', ca_key.private_bytes(
- encoding=serialization.Encoding.PEM,
- format=serialization.PrivateFormat.TraditionalOpenSSL,
- encryption_algorithm=serialization.NoEncryption()))
- LOG.debug('CA public Key: %s', ca_key.public_key().public_bytes(
- encoding=serialization.Encoding.PEM,
- format=serialization.PublicFormat.SubjectPublicKeyInfo))
-
- # Load the secret into the barbican service under the
- # os_roles_lb_member tenant
- cls.barbican_mgr = barbican_client_mgr.BarbicanClientManager(
- cls.os_roles_lb_member)
-
- # Create a server cert and key
- # This will be used as the "default certificate" in SNI tests.
- cls.server_uuid = uuidutils.generate_uuid()
- LOG.debug('Server (default) UUID: %s', cls.server_uuid)
-
- server_cert, server_key, cls.server_secret_ref = (
- cls._generate_load_certificate(cls.barbican_mgr, cls.ca_cert,
- ca_key, cls.server_uuid))
-
- # Create the SNI1 cert and key
- cls.SNI1_uuid = uuidutils.generate_uuid()
- LOG.debug('SNI1 UUID: %s', cls.SNI1_uuid)
-
- SNI1_cert, SNI1_key, cls.SNI1_secret_ref = (
- cls._generate_load_certificate(cls.barbican_mgr, cls.ca_cert,
- ca_key, cls.SNI1_uuid))
-
- # Create the SNI2 cert and key
- cls.SNI2_uuid = uuidutils.generate_uuid()
- LOG.debug('SNI2 UUID: %s', cls.SNI2_uuid)
-
- SNI2_cert, SNI2_key, cls.SNI2_secret_ref = (
- cls._generate_load_certificate(cls.barbican_mgr, cls.ca_cert,
- ca_key, cls.SNI2_uuid))
-
- # Create the client authentication CA
- cls.client_ca_cert, client_ca_key = (
- cert_utils.generate_ca_cert_and_key())
-
- cls.client_ca_cert_ref = cls._store_secret(
- cls.barbican_mgr,
- cls.client_ca_cert.public_bytes(serialization.Encoding.PEM))
-
- # Create client cert and key
- cls.client_cn = uuidutils.generate_uuid()
- cls.client_cert, cls.client_key = (
- cert_utils.generate_client_cert_and_key(
- cls.client_ca_cert, client_ca_key, cls.client_cn))
-
- # Create revoked client cert and key
- cls.revoked_client_cn = uuidutils.generate_uuid()
- cls.revoked_client_cert, cls.revoked_client_key = (
- cert_utils.generate_client_cert_and_key(
- cls.client_ca_cert, client_ca_key, cls.revoked_client_cn))
-
- # Create certificate revocation list and revoke cert
- cls.client_crl = cert_utils.generate_certificate_revocation_list(
- cls.client_ca_cert, client_ca_key, cls.revoked_client_cert)
-
- cls.client_crl_ref = cls._store_secret(
- cls.barbican_mgr,
- cls.client_crl.public_bytes(serialization.Encoding.PEM))
-
- cls._load_pool_pki()
+ super().resource_setup()
lb_name = data_utils.rand_name("lb_member_lb1_listener")
lb_kwargs = {const.PROVIDER: CONF.load_balancer.provider,
@@ -236,56 +64,11 @@
@classmethod
def setup_clients(cls):
"""Setup client aliases."""
- super(ListenerAPITest, cls).setup_clients()
+ super().setup_clients()
cls.listener_client = cls.os_primary.load_balancer_v2.ListenerClient()
cls.member2_listener_client = (
cls.os_roles_lb_member2.load_balancer_v2.ListenerClient())
- @decorators.idempotent_id('88d0ec83-7b08-48d9-96e2-0df1d2f8cd98')
- def test_http_listener_create(self):
- self._test_listener_create(const.HTTP, 8000)
-
- @decorators.idempotent_id('2cc89237-fc6b-434d-b38e-b3309823e71f')
- def test_https_listener_create(self):
- self._test_listener_create(const.HTTPS, 8001)
-
- @decorators.idempotent_id('45580065-5653-436b-aaff-dc465fa0a542')
- def test_tcp_listener_create(self):
- self._test_listener_create(const.TCP, 8002)
-
- @testtools.skipIf(CONF.load_balancer.provider == 'tungstenfabric',
- "Not supported by TungstenFabric")
- @decorators.idempotent_id('1a6ba0d0-f309-4088-a686-dda0e9ab7e43')
- @testtools.skipUnless(
- CONF.loadbalancer_feature_enabled.prometheus_listener_enabled,
- 'PROMETHEUS listener tests are disabled in the tempest configuration.')
- def test_prometheus_listener_create(self):
- if not self.mem_listener_client.is_version_supported(
- self.api_version, '2.25'):
- raise self.skipException('PROMETHEUS listeners are only available '
- 'on Octavia API version 2.25 or newer.')
- self._test_listener_create(const.PROMETHEUS, 8090)
-
- @decorators.idempotent_id('df9861c5-4a2a-4122-8d8f-5556156e343e')
- @testtools.skipUnless(
- CONF.loadbalancer_feature_enabled.terminated_tls_enabled,
- '[loadbalancer-feature-enabled] "terminated_tls_enabled" is '
- 'False in the tempest configuration. TLS tests will be skipped.')
- def test_terminated_https_listener_create(self):
- if not self.should_apply_terminated_https():
- raise self.skipException(
- f'Listener API tests with {const.TERMINATED_HTTPS} protocol'
- ' require the either the barbican service,or running in noop.')
- self._test_listener_create(const.TERMINATED_HTTPS, 8095)
-
- @decorators.idempotent_id('7b53f336-47bc-45ae-bbd7-4342ef0673fc')
- def test_udp_listener_create(self):
- self._test_listener_create(const.UDP, 8003)
-
- @decorators.idempotent_id('d6d36c32-27ff-4977-9d21-fd71a14e3b20')
- def test_sctp_listener_create(self):
- self._test_listener_create(const.SCTP, 8004)
-
def _test_listener_create(self, protocol, protocol_port):
"""Tests listener create and basic show APIs.
@@ -299,8 +82,6 @@
listener_name = data_utils.rand_name("lb_member_listener1-create")
listener_description = data_utils.arbitrary_string(size=255)
- hsts_supported = self.mem_listener_client.is_version_supported(
- self.api_version, '2.27') and protocol == const.TERMINATED_HTTPS
listener_kwargs = {
const.NAME: listener_name,
@@ -314,6 +95,10 @@
# but this will allow us to test that the field isn't mandatory,
# as well as not conflate pool failures with listener test failures
# const.DEFAULT_POOL_ID: self.pool_id,
+
+ # TODO(rm_work): need to add TLS related stuff
+ # const.DEFAULT_TLS_CONTAINER_REF: '',
+ # const.SNI_CONTAINER_REFS: [],
}
if (protocol == const.HTTP and
CONF.load_balancer.provider != 'tungstenfabric'):
@@ -322,15 +107,6 @@
const.X_FORWARDED_PORT: "true",
const.X_FORWARDED_PROTO: "true",
}
-
- # Add terminated_https args
- if self.should_apply_terminated_https(protocol=protocol):
- listener_kwargs.update({
- const.DEFAULT_TLS_CONTAINER_REF: self.server_secret_ref,
- const.SNI_CONTAINER_REFS: [self.SNI1_secret_ref,
- self.SNI2_secret_ref],
- })
-
if self.mem_listener_client.is_version_supported(
self.api_version, '2.1'):
listener_kwargs.update({
@@ -357,22 +133,27 @@
exceptions.BadRequest,
self.mem_listener_client.create_listener,
**listener_kwargs)
- listener_kwargs.update({const.ALLOWED_CIDRS: self.allowed_cidrs})
- if hsts_supported:
- listener_kwargs[const.HSTS_PRELOAD] = True
- listener_kwargs[const.HSTS_MAX_AGE] = 10000
- listener_kwargs[const.HSTS_INCLUDE_SUBDOMAINS] = True
+ listener_kwargs.update({const.ALLOWED_CIDRS: self.allowed_cidrs})
# Test that a user without the loadbalancer role cannot
# create a listener.
- expected_allowed = ['os_admin', 'os_roles_lb_admin',
- 'os_roles_lb_member']
- self.check_create_RBAC_enforcement(
- 'ListenerClient', 'create_listener',
- expected_allowed,
- status_method=self.mem_lb_client.show_loadbalancer,
- obj_id=self.lb_id, **listener_kwargs)
+ expected_allowed = []
+ if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
+ expected_allowed = ['os_admin', 'os_roles_lb_admin',
+ 'os_roles_lb_member']
+ if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
+ expected_allowed = ['os_admin', 'os_roles_lb_admin',
+ 'os_roles_lb_member']
+ if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
+ expected_allowed = ['os_system_admin', 'os_roles_lb_admin',
+ 'os_roles_lb_member']
+ if expected_allowed:
+ self.check_create_RBAC_enforcement(
+ 'ListenerClient', 'create_listener',
+ expected_allowed,
+ status_method=self.mem_lb_client.show_loadbalancer,
+ obj_id=self.lb_id, **listener_kwargs)
listener = self.mem_listener_client.create_listener(**listener_kwargs)
@@ -412,11 +193,6 @@
equal_items.append(const.TIMEOUT_MEMBER_DATA)
equal_items.append(const.TIMEOUT_TCP_INSPECT)
- if hsts_supported:
- equal_items.append(const.HSTS_PRELOAD)
- equal_items.append(const.HSTS_MAX_AGE)
- equal_items.append(const.HSTS_INCLUDE_SUBDOMAINS)
-
for item in equal_items:
self.assertEqual(listener_kwargs[item], listener[item])
@@ -439,14 +215,6 @@
self.assertTrue(strutils.bool_from_string(
insert_headers[const.X_FORWARDED_PROTO]))
- # Add terminated_https args
- if self.should_apply_terminated_https(protocol=protocol):
- self.assertEqual(self.server_secret_ref,
- listener[const.DEFAULT_TLS_CONTAINER_REF])
- self.assertEqual(sorted([self.SNI1_secret_ref,
- self.SNI2_secret_ref]),
- sorted(listener[const.SNI_CONTAINER_REFS]))
-
if self.mem_listener_client.is_version_supported(
self.api_version, '2.5'):
self.assertCountEqual(listener_kwargs[const.TAGS],
@@ -457,58 +225,6 @@
CONF.load_balancer.provider != 'tungstenfabric'):
self.assertEqual(self.allowed_cidrs, listener[const.ALLOWED_CIDRS])
- @decorators.idempotent_id('cceac303-4db5-4d5a-9f6e-ff33780a5f29')
- def test_http_udp_sctp_tcp_listener_create_on_same_port(self):
- self._test_listener_create_on_same_port(const.HTTP, const.UDP,
- const.SCTP,
- const.TCP, 8010)
-
- @decorators.idempotent_id('930338b8-3029-48a6-89b2-8b062060fe61')
- def test_http_udp_sctp_https_listener_create_on_same_port(self):
- self._test_listener_create_on_same_port(const.HTTP, const.UDP,
- const.SCTP,
- const.HTTPS, 8011)
-
- @decorators.idempotent_id('01a21892-008a-4327-b4fd-fbf194ecb1a5')
- def test_tcp_udp_sctp_http_listener_create_on_same_port(self):
- self._test_listener_create_on_same_port(const.TCP, const.UDP,
- const.SCTP,
- const.HTTP, 8012)
-
- @decorators.idempotent_id('5da764a4-c03a-46ed-848b-98b9d9fa9089')
- def test_tcp_udp_sctp_https_listener_create_on_same_port(self):
- self._test_listener_create_on_same_port(const.TCP, const.UDP,
- const.SCTP,
- const.HTTPS, 8013)
-
- @decorators.idempotent_id('128dabd0-3a9b-4c11-9ef5-8d189a290f17')
- @testtools.skipUnless(
- CONF.loadbalancer_feature_enabled.terminated_tls_enabled,
- '[loadbalancer-feature-enabled] "terminated_tls_enabled" is '
- 'False in the tempest configuration. TLS tests will be skipped.')
- def test_http_udp_sctp_terminated_https_listener_create_on_same_port(self):
- if not self.should_apply_terminated_https():
- raise self.skipException(
- f'Listener API tests with {const.TERMINATED_HTTPS} protocol'
- ' require the either the barbican service,or running in noop.')
- self._test_listener_create_on_same_port(const.HTTP, const.UDP,
- const.SCTP,
- const.TERMINATED_HTTPS, 8014)
-
- @decorators.idempotent_id('21da2598-c79e-4548-8fe0-b47749027010')
- @testtools.skipUnless(
- CONF.loadbalancer_feature_enabled.terminated_tls_enabled,
- '[loadbalancer-feature-enabled] "terminated_tls_enabled" is '
- 'False in the tempest configuration. TLS tests will be skipped.')
- def test_tcp_udp_sctp_terminated_https_listener_create_on_same_port(self):
- if not self.should_apply_terminated_https():
- raise self.skipException(
- f'Listener API tests with {const.TERMINATED_HTTPS} protocol'
- ' require the either the barbican service,or running in noop.')
- self._test_listener_create_on_same_port(const.TCP, const.UDP,
- const.SCTP,
- const.TERMINATED_HTTPS, 8015)
-
def _test_listener_create_on_same_port(self, protocol1, protocol2,
protocol3, protocol4,
protocol_port):
@@ -668,64 +384,11 @@
const.CONNECTION_LIMIT: CONF.load_balancer.listener_conn_limit,
}
- # Add terminated_https args
- if self.should_apply_terminated_https(protocol=protocol4):
- listener5_kwargs.update({
- const.DEFAULT_TLS_CONTAINER_REF: self.server_secret_ref,
- const.SNI_CONTAINER_REFS: [self.SNI1_secret_ref,
- self.SNI2_secret_ref],
- })
-
self.assertRaises(
exceptions.Conflict,
self.mem_listener_client.create_listener,
**listener5_kwargs)
- @decorators.idempotent_id('78ba6eb0-178c-477e-9156-b6775ca7b271')
- def test_http_listener_list(self):
- self._test_listener_list(const.HTTP, 8020)
-
- @decorators.idempotent_id('61b7c643-f5fa-4471-8f9e-2e0ccdaf5ac7')
- def test_https_listener_list(self):
- self._test_listener_list(const.HTTPS, 8030)
-
- @testtools.skipIf(CONF.load_balancer.provider == 'tungstenfabric',
- "Not supported by TungstenFabric")
- @decorators.idempotent_id('5473e071-8277-4ac5-9277-01ecaf46e274')
- @testtools.skipUnless(
- CONF.loadbalancer_feature_enabled.prometheus_listener_enabled,
- 'PROMETHEUS listener tests are disabled in the tempest configuration.')
- def test_prometheus_listener_list(self):
- if not self.mem_listener_client.is_version_supported(
- self.api_version, '2.25'):
- raise self.skipException('PROMETHEUS listeners are only available '
- 'on Octavia API version 2.25 or newer.')
- self._test_listener_list(const.PROMETHEUS, 8091)
-
- @decorators.idempotent_id('1cd476e2-7788-415e-bcaf-c377acfc9794')
- def test_tcp_listener_list(self):
- self._test_listener_list(const.TCP, 8030)
-
- @decorators.idempotent_id('c08fb77e-b317-4d6f-b430-91f5b27ebac6')
- def test_udp_listener_list(self):
- self._test_listener_list(const.UDP, 8040)
-
- @decorators.idempotent_id('0abc3998-aacd-4edd-88f5-c5c35557646f')
- def test_sctp_listener_list(self):
- self._test_listener_list(const.SCTP, 8041)
-
- @decorators.idempotent_id('aed69f58-fe69-401d-bf07-37b0d6d8437f')
- @testtools.skipUnless(
- CONF.loadbalancer_feature_enabled.terminated_tls_enabled,
- '[loadbalancer-feature-enabled] "terminated_tls_enabled" is '
- 'False in the tempest configuration. TLS tests will be skipped.')
- def test_terminated_https_listener_list(self):
- if not self.should_apply_terminated_https():
- raise self.skipException(
- f'Listener API tests with {const.TERMINATED_HTTPS} protocol'
- ' require the either the barbican service,or running in noop.')
- self._test_listener_list(const.TERMINATED_HTTPS, 8042)
-
def _test_listener_list(self, protocol, protocol_port_base):
"""Tests listener list API and field filtering.
@@ -784,14 +447,6 @@
"Marketing", "Creativity"]
listener1_kwargs.update({const.TAGS: listener1_tags})
- # Add terminated_https args
- if self.should_apply_terminated_https(protocol=protocol):
- listener1_kwargs.update({
- const.DEFAULT_TLS_CONTAINER_REF: self.server_secret_ref,
- const.SNI_CONTAINER_REFS: [self.SNI1_secret_ref,
- self.SNI2_secret_ref],
- })
-
listener1 = self.mem_listener_client.create_listener(
**listener1_kwargs)
self.addCleanup(
@@ -831,14 +486,6 @@
"Soft_skills", "Creativity"]
listener2_kwargs.update({const.TAGS: listener2_tags})
- # Add terminated_https args
- if self.should_apply_terminated_https(protocol=protocol):
- listener2_kwargs.update({
- const.DEFAULT_TLS_CONTAINER_REF: self.server_secret_ref,
- const.SNI_CONTAINER_REFS: [self.SNI1_secret_ref,
- self.SNI2_secret_ref],
- })
-
listener2 = self.mem_listener_client.create_listener(
**listener2_kwargs)
self.addCleanup(
@@ -878,14 +525,6 @@
"Communication", "Creativity"]
listener3_kwargs.update({const.TAGS: listener3_tags})
- # Add terminated_https args
- if self.should_apply_terminated_https(protocol=protocol):
- listener3_kwargs.update({
- const.DEFAULT_TLS_CONTAINER_REF: self.server_secret_ref,
- const.SNI_CONTAINER_REFS: [self.SNI1_secret_ref,
- self.SNI2_secret_ref],
- })
-
listener3 = self.mem_listener_client.create_listener(
**listener3_kwargs)
self.addCleanup(
@@ -944,10 +583,10 @@
expected_allowed = ['os_admin', 'os_roles_lb_member']
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
expected_allowed = ['os_admin', 'os_roles_lb_admin',
- 'os_roles_lb_member']
+ 'os_system_reader', 'os_roles_lb_member']
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
- expected_allowed = ['os_admin', 'os_roles_lb_admin',
- 'os_roles_lb_member',
+ expected_allowed = ['os_system_admin', 'os_system_reader',
+ 'os_roles_lb_admin', 'os_roles_lb_member',
'os_roles_lb_global_observer']
if expected_allowed:
self.check_list_IDs_RBAC_enforcement(
@@ -969,12 +608,12 @@
# objects in the "admin" credential's project.
if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
expected_allowed = ['os_admin', 'os_primary', 'os_roles_lb_admin',
- 'os_roles_lb_observer',
+ 'os_system_reader', 'os_roles_lb_observer',
'os_roles_lb_global_observer',
'os_roles_lb_member', 'os_roles_lb_member2']
if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
- expected_allowed = ['os_admin', 'os_roles_lb_admin',
- 'os_roles_lb_observer',
+ expected_allowed = ['os_system_admin', 'os_system_reader',
+ 'os_roles_lb_admin', 'os_roles_lb_observer',
'os_roles_lb_global_observer',
'os_roles_lb_member', 'os_roles_lb_member2']
if expected_allowed:
@@ -1028,11 +667,6 @@
self.api_version, '2.12') and
CONF.load_balancer.provider != 'tungstenfabric'):
show_listener_response_fields.append('allowed_cidrs')
- if self.mem_listener_client.is_version_supported(
- self.api_version, '2.27'):
- show_listener_response_fields.append(const.HSTS_PRELOAD)
- show_listener_response_fields.append(const.HSTS_MAX_AGE)
- show_listener_response_fields.append(const.HSTS_INCLUDE_SUBDOMAINS)
for field in show_listener_response_fields:
if field in (const.DEFAULT_POOL_ID, const.L7_POLICIES):
continue
@@ -1110,51 +744,6 @@
self.assertTrue(not any(["" in listener[const.TAGS]
for listener in list_of_listeners]))
- @decorators.idempotent_id('6e299eae-6907-4dfc-89c2-e57709d25d3d')
- def test_http_listener_show(self):
- self._test_listener_show(const.HTTP, 8050)
-
- @decorators.idempotent_id('aa838646-435f-4a20-8442-519a7a138e7e')
- def test_https_listener_show(self):
- self._test_listener_show(const.HTTPS, 8051)
-
- @testtools.skipIf(CONF.load_balancer.provider == 'tungstenfabric',
- "Not supported by TungstenFabric")
- @decorators.idempotent_id('b851b754-4333-4115-9063-a9fce44c2e46')
- @testtools.skipUnless(
- CONF.loadbalancer_feature_enabled.prometheus_listener_enabled,
- 'PROMETHEUS listener tests are disabled in the tempest configuration.')
- def test_prometheus_listener_show(self):
- if not self.mem_listener_client.is_version_supported(
- self.api_version, '2.25'):
- raise self.skipException('PROMETHEUS listeners are only available '
- 'on Octavia API version 2.25 or newer.')
- self._test_listener_show(const.PROMETHEUS, 8092)
-
- @decorators.idempotent_id('1fcbbee2-b697-4890-b6bf-d308ac1c94cd')
- def test_tcp_listener_show(self):
- self._test_listener_show(const.TCP, 8052)
-
- @decorators.idempotent_id('1dea3a6b-c95b-4e91-b591-1aa9cbcd0d1d')
- def test_udp_listener_show(self):
- self._test_listener_show(const.UDP, 8053)
-
- @decorators.idempotent_id('10992529-1d0a-47a3-855c-3dbcd868db4e')
- def test_sctp_listener_show(self):
- self._test_listener_show(const.SCTP, 8054)
-
- @decorators.idempotent_id('2c2e7146-0efc-44b6-8401-f1c69c2422fe')
- @testtools.skipUnless(
- CONF.loadbalancer_feature_enabled.terminated_tls_enabled,
- '[loadbalancer-feature-enabled] "terminated_tls_enabled" is '
- 'False in the tempest configuration. TLS tests will be skipped.')
- def test_terminated_https_listener_show(self):
- if not self.should_apply_terminated_https():
- raise self.skipException(
- f'Listener API tests with {const.TERMINATED_HTTPS} protocol'
- ' require the either the barbican service,or running in noop.')
- self._test_listener_show(const.TERMINATED_HTTPS, 8055)
-
def _test_listener_show(self, protocol, protocol_port):
"""Tests listener show API.
@@ -1167,8 +756,6 @@
listener_name = data_utils.rand_name("lb_member_listener1-show")
listener_description = data_utils.arbitrary_string(size=255)
- hsts_supported = self.mem_listener_client.is_version_supported(
- self.api_version, '2.27') and protocol == const.TERMINATED_HTTPS
listener_kwargs = {
const.NAME: listener_name,
@@ -1180,6 +767,8 @@
const.CONNECTION_LIMIT: CONF.load_balancer.listener_conn_limit,
# TODO(rm_work): need to finish the rest of this stuff
# const.DEFAULT_POOL_ID: '',
+ # const.DEFAULT_TLS_CONTAINER_REF: '',
+ # const.SNI_CONTAINER_REFS: [],
}
if (protocol == const.HTTP and
CONF.load_balancer.provider != 'tungstenfabric'):
@@ -1189,19 +778,6 @@
const.X_FORWARDED_PROTO: "true",
}
- # Add terminated_https args
- if self.should_apply_terminated_https(protocol=protocol):
- listener_kwargs.update({
- const.DEFAULT_TLS_CONTAINER_REF: self.server_secret_ref,
- const.SNI_CONTAINER_REFS: [self.SNI1_secret_ref,
- self.SNI2_secret_ref],
- })
-
- if hsts_supported:
- listener_kwargs[const.HSTS_PRELOAD] = True
- listener_kwargs[const.HSTS_MAX_AGE] = 10000
- listener_kwargs[const.HSTS_INCLUDE_SUBDOMAINS] = True
-
if self.mem_listener_client.is_version_supported(
self.api_version, '2.1'):
listener_kwargs.update({
@@ -1278,14 +854,6 @@
self.assertTrue(strutils.bool_from_string(
insert_headers[const.X_FORWARDED_PROTO]))
- # Add terminated_https args
- if self.should_apply_terminated_https(protocol=protocol):
- self.assertEqual(self.server_secret_ref,
- listener[const.DEFAULT_TLS_CONTAINER_REF])
- self.assertEqual(sorted([self.SNI1_secret_ref,
- self.SNI2_secret_ref]),
- sorted(listener[const.SNI_CONTAINER_REFS]))
-
parser.parse(listener[const.CREATED_AT])
parser.parse(listener[const.UPDATED_AT])
UUID(listener[const.ID])
@@ -1300,68 +868,24 @@
CONF.load_balancer.provider != 'tungstenfabric'):
self.assertEqual(self.allowed_cidrs, listener[const.ALLOWED_CIDRS])
- if hsts_supported:
- self.assertTrue(listener[const.HSTS_PRELOAD])
- self.assertEqual(10000, listener[const.HSTS_MAX_AGE])
- self.assertTrue(listener[const.HSTS_INCLUDE_SUBDOMAINS])
-
# Test that the appropriate users can see or not see the listener
# based on the API RBAC.
- if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
+ expected_allowed = []
+ if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
expected_allowed = ['os_admin', 'os_roles_lb_admin',
+ 'os_roles_lb_member']
+ if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
+ expected_allowed = ['os_admin', 'os_roles_lb_admin',
+ 'os_system_reader', 'os_roles_lb_member']
+ if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
+ expected_allowed = ['os_system_admin', 'os_system_reader',
+ 'os_roles_lb_admin',
'os_roles_lb_global_observer',
'os_roles_lb_member']
- else:
- expected_allowed = ['os_admin', 'os_roles_lb_admin',
- 'os_roles_lb_member']
- self.check_show_RBAC_enforcement(
- 'ListenerClient', 'show_listener',
- expected_allowed, listener[const.ID])
-
- @decorators.idempotent_id('aaae0298-5778-4c7e-a27a-01549a71b319')
- def test_http_listener_update(self):
- self._test_listener_update(const.HTTP, 8060)
-
- @decorators.idempotent_id('9679b061-2b2c-469f-abd9-26ed140ef001')
- def test_https_listener_update(self):
- self._test_listener_update(const.HTTPS, 8061)
-
- @testtools.skipIf(CONF.load_balancer.provider == 'tungstenfabric',
- "Not supported by TungstenFabric")
- @decorators.idempotent_id('cbba6bf8-9184-4da5-95e9-5efe1f89ddf0')
- @testtools.skipUnless(
- CONF.loadbalancer_feature_enabled.prometheus_listener_enabled,
- 'PROMETHEUS listener tests are disabled in the tempest configuration.')
- def test_prometheus_listener_update(self):
- if not self.mem_listener_client.is_version_supported(
- self.api_version, '2.25'):
- raise self.skipException('PROMETHEUS listeners are only available '
- 'on Octavia API version 2.25 or newer.')
- self._test_listener_update(const.PROMETHEUS, 8093)
-
- @decorators.idempotent_id('8d933121-db03-4ccc-8b77-4e879064a9ba')
- def test_tcp_listener_update(self):
- self._test_listener_update(const.TCP, 8062)
-
- @decorators.idempotent_id('fd02dbfd-39ce-41c2-b181-54fc7ad91707')
- def test_udp_listener_update(self):
- self._test_listener_update(const.UDP, 8063)
-
- @decorators.idempotent_id('c590b485-4e08-4e49-b384-2282b3f6f1b9')
- def test_sctp_listener_update(self):
- self._test_listener_update(const.SCTP, 8064)
-
- @decorators.idempotent_id('2ae08e10-fbf8-46d8-a073-15f90454d718')
- @testtools.skipUnless(
- CONF.loadbalancer_feature_enabled.terminated_tls_enabled,
- '[loadbalancer-feature-enabled] "terminated_tls_enabled" is '
- 'False in the tempest configuration. TLS tests will be skipped.')
- def test_terminated_https_listener_update(self):
- if not self.should_apply_terminated_https():
- raise self.skipException(
- f'Listener API tests with {const.TERMINATED_HTTPS} protocol'
- ' require the either the barbican service,or running in noop.')
- self._test_listener_update(const.TERMINATED_HTTPS, 8065)
+ if expected_allowed:
+ self.check_show_RBAC_enforcement(
+ 'ListenerClient', 'show_listener',
+ expected_allowed, listener[const.ID])
def _test_listener_update(self, protocol, protocol_port):
"""Tests listener update and show APIs.
@@ -1378,8 +902,6 @@
listener_name = data_utils.rand_name("lb_member_listener1-update")
listener_description = data_utils.arbitrary_string(size=255)
- hsts_supported = self.mem_listener_client.is_version_supported(
- self.api_version, '2.27') and protocol == const.TERMINATED_HTTPS
listener_kwargs = {
const.NAME: listener_name,
@@ -1391,6 +913,8 @@
const.CONNECTION_LIMIT: CONF.load_balancer.listener_conn_limit,
# TODO(rm_work): need to finish the rest of this stuff
# const.DEFAULT_POOL_ID: '',
+ # const.DEFAULT_TLS_CONTAINER_REF: '',
+ # const.SNI_CONTAINER_REFS: [],
}
if (protocol == const.HTTP and
CONF.load_balancer.provider != 'tungstenfabric'):
@@ -1400,14 +924,6 @@
const.X_FORWARDED_PROTO: "true"
}
- # Add terminated_https args
- if self.should_apply_terminated_https(protocol=protocol):
- listener_kwargs.update({
- const.DEFAULT_TLS_CONTAINER_REF: self.server_secret_ref,
- const.SNI_CONTAINER_REFS: [self.SNI1_secret_ref,
- self.SNI2_secret_ref],
- })
-
if self.mem_listener_client.is_version_supported(
self.api_version, '2.1'):
listener_kwargs.update({
@@ -1469,13 +985,6 @@
insert_headers[const.X_FORWARDED_PORT]))
self.assertTrue(strutils.bool_from_string(
insert_headers[const.X_FORWARDED_PROTO]))
- # Add terminated_https args
- if self.should_apply_terminated_https(protocol=protocol):
- self.assertEqual(self.server_secret_ref,
- listener[const.DEFAULT_TLS_CONTAINER_REF])
- self.assertEqual(sorted([self.SNI1_secret_ref,
- self.SNI2_secret_ref]),
- sorted(listener[const.SNI_CONTAINER_REFS]))
if self.mem_listener_client.is_version_supported(
self.api_version, '2.1'):
self.assertEqual(1000, listener[const.TIMEOUT_CLIENT_DATA])
@@ -1495,14 +1004,23 @@
# Test that a user without the loadbalancer role cannot
# update a listener.
- expected_allowed = ['os_admin', 'os_roles_lb_admin',
- 'os_roles_lb_member']
- self.check_update_RBAC_enforcement(
- 'ListenerClient', 'update_listener',
- expected_allowed,
- status_method=self.mem_listener_client.show_listener,
- obj_id=listener[const.ID], listener_id=listener[const.ID],
- admin_state_up=True)
+ expected_allowed = []
+ if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
+ expected_allowed = ['os_admin', 'os_roles_lb_admin',
+ 'os_roles_lb_member']
+ if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
+ expected_allowed = ['os_admin', 'os_roles_lb_admin',
+ 'os_roles_lb_member']
+ if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
+ expected_allowed = ['os_system_admin', 'os_roles_lb_admin',
+ 'os_roles_lb_member']
+ if expected_allowed:
+ self.check_update_RBAC_enforcement(
+ 'ListenerClient', 'update_listener',
+ expected_allowed,
+ status_method=self.mem_listener_client.show_listener,
+ obj_id=listener[const.ID], listener_id=listener[const.ID],
+ admin_state_up=True)
new_name = data_utils.rand_name("lb_member_listener1-UPDATED")
new_description = data_utils.arbitrary_string(size=255,
@@ -1514,6 +1032,8 @@
const.CONNECTION_LIMIT: CONF.load_balancer.listener_conn_limit+200,
# TODO(rm_work): need to finish the rest of this stuff
# const.DEFAULT_POOL_ID: '',
+ # const.DEFAULT_TLS_CONTAINER_REF: '',
+ # const.SNI_CONTAINER_REFS: [],
}
if (protocol == const.HTTP and
CONF.load_balancer.provider != 'tungstenfabric'):
@@ -1522,13 +1042,6 @@
const.X_FORWARDED_PORT: "false",
const.X_FORWARDED_PROTO: "false"
}
- # Add terminated_https args
- if self.should_apply_terminated_https(protocol=protocol):
- listener_update_kwargs.update({
- const.DEFAULT_TLS_CONTAINER_REF: self.SNI2_secret_ref,
- const.SNI_CONTAINER_REFS: [self.SNI1_secret_ref,
- self.server_secret_ref],
- })
if self.mem_listener_client.is_version_supported(
self.api_version, '2.1'):
listener_update_kwargs.update({
@@ -1561,11 +1074,6 @@
new_cidrs = ['2001:db8::/64']
listener_update_kwargs.update({const.ALLOWED_CIDRS: new_cidrs})
- if hsts_supported:
- listener_update_kwargs[const.HSTS_PRELOAD] = False
- listener_update_kwargs[const.HSTS_MAX_AGE] = 0
- listener_update_kwargs[const.HSTS_INCLUDE_SUBDOMAINS] = False
-
listener = self.mem_listener_client.update_listener(
listener[const.ID], **listener_update_kwargs)
@@ -1607,13 +1115,6 @@
insert_headers[const.X_FORWARDED_PORT]))
self.assertFalse(strutils.bool_from_string(
insert_headers[const.X_FORWARDED_PROTO]))
- # Add terminated_https args
- if self.should_apply_terminated_https(protocol=protocol):
- self.assertEqual(self.SNI2_secret_ref,
- listener[const.DEFAULT_TLS_CONTAINER_REF])
- self.assertEqual(sorted([self.SNI1_secret_ref,
- self.server_secret_ref]),
- sorted(listener[const.SNI_CONTAINER_REFS]))
if self.mem_listener_client.is_version_supported(
self.api_version, '2.1'):
self.assertEqual(2000, listener[const.TIMEOUT_CLIENT_DATA])
@@ -1634,56 +1135,6 @@
expected_cidrs = ['2001:db8::/64']
self.assertEqual(expected_cidrs, listener[const.ALLOWED_CIDRS])
- if hsts_supported:
- self.assertFalse(listener[const.HSTS_PRELOAD])
- self.assertEqual(0, listener[const.HSTS_MAX_AGE])
- self.assertFalse(listener[const.HSTS_INCLUDE_SUBDOMAINS])
-
- @decorators.idempotent_id('16f11c82-f069-4592-8954-81b35a98e3b7')
- def test_http_listener_delete(self):
- self._test_listener_delete(const.HTTP, 8070)
-
- @decorators.idempotent_id('769526a0-df71-47cd-996e-46484de32223')
- def test_https_listener_delete(self):
- self._test_listener_delete(const.HTTPS, 8071)
-
- @testtools.skipIf(CONF.load_balancer.provider == 'tungstenfabric',
- "Not supported by TungstenFabric")
- @decorators.idempotent_id('322a6372-6b56-4a3c-87e3-dd82074bc83e')
- @testtools.skipUnless(
- CONF.loadbalancer_feature_enabled.prometheus_listener_enabled,
- 'PROMETHEUS listener tests are disabled in the tempest configuration.')
- def test_prometheus_listener_delete(self):
- if not self.mem_listener_client.is_version_supported(
- self.api_version, '2.25'):
- raise self.skipException('PROMETHEUS listeners are only available '
- 'on Octavia API version 2.25 or newer.')
- self._test_listener_delete(const.PROMETHEUS, 8094)
-
- @decorators.idempotent_id('f5ca019d-2b33-48f9-9c2d-2ec169b423ca')
- def test_tcp_listener_delete(self):
- self._test_listener_delete(const.TCP, 8072)
-
- @decorators.idempotent_id('86bd9717-e3e9-41e3-86c4-888c64455926')
- def test_udp_listener_delete(self):
- self._test_listener_delete(const.UDP, 8073)
-
- @decorators.idempotent_id('0de6f1ad-58ae-4b31-86b6-b440fce70244')
- def test_sctp_listener_delete(self):
- self._test_listener_delete(const.SCTP, 8074)
-
- @decorators.idempotent_id('ef357dcc-c9a0-40fe-a15c-b368f15d7187')
- @testtools.skipUnless(
- CONF.loadbalancer_feature_enabled.terminated_tls_enabled,
- '[loadbalancer-feature-enabled] "terminated_tls_enabled" is '
- 'False in the tempest configuration. TLS tests will be skipped.')
- def test_terminated_https_listener_delete(self):
- if not self.should_apply_terminated_https():
- raise self.skipException(
- f'Listener API tests with {const.TERMINATED_HTTPS} protocol'
- ' require the either the barbican service,or running in noop.')
- self._test_listener_delete(const.TERMINATED_HTTPS, 8075)
-
def _test_listener_delete(self, protocol, protocol_port):
"""Tests listener create and delete APIs.
@@ -1702,15 +1153,6 @@
const.PROTOCOL_PORT: protocol_port,
const.LOADBALANCER_ID: self.lb_id,
}
-
- # Add terminated_https args
- if self.should_apply_terminated_https(protocol=protocol):
- listener_kwargs.update({
- const.DEFAULT_TLS_CONTAINER_REF: self.server_secret_ref,
- const.SNI_CONTAINER_REFS: [self.SNI1_secret_ref,
- self.SNI2_secret_ref],
- })
-
listener = self.mem_listener_client.create_listener(**listener_kwargs)
self.addCleanup(
@@ -1727,13 +1169,22 @@
# Test that a user without the loadbalancer role cannot
# delete a listener.
- expected_allowed = ['os_admin', 'os_roles_lb_admin',
- 'os_roles_lb_member']
- self.check_update_RBAC_enforcement(
- 'ListenerClient', 'delete_listener',
- expected_allowed,
- status_method=self.mem_listener_client.show_listener,
- obj_id=listener[const.ID], listener_id=listener[const.ID])
+ expected_allowed = []
+ if CONF.load_balancer.RBAC_test_type == const.OWNERADMIN:
+ expected_allowed = ['os_admin', 'os_roles_lb_admin',
+ 'os_roles_lb_member']
+ if CONF.load_balancer.RBAC_test_type == const.KEYSTONE_DEFAULT_ROLES:
+ expected_allowed = ['os_admin', 'os_roles_lb_admin',
+ 'os_roles_lb_member']
+ if CONF.load_balancer.RBAC_test_type == const.ADVANCED:
+ expected_allowed = ['os_system_admin', 'os_roles_lb_admin',
+ 'os_roles_lb_member']
+ if expected_allowed:
+ self.check_update_RBAC_enforcement(
+ 'ListenerClient', 'delete_listener',
+ expected_allowed,
+ status_method=self.mem_listener_client.show_listener,
+ obj_id=listener[const.ID], listener_id=listener[const.ID])
self.mem_listener_client.delete_listener(listener[const.ID])
@@ -1750,38 +1201,6 @@
CONF.load_balancer.check_interval,
CONF.load_balancer.check_timeout)
- @decorators.idempotent_id('6f14a6c1-945e-43bc-8215-410c8a5edb25')
- def test_http_listener_show_stats(self):
- self._test_listener_show_stats(const.HTTP, 8080)
-
- @decorators.idempotent_id('f8a43c27-f0a0-496d-a287-1958f337ac04')
- def test_https_listener_show_stats(self):
- self._test_listener_show_stats(const.HTTPS, 8081)
-
- @decorators.idempotent_id('8a999856-f448-498c-b891-21af449b5208')
- def test_tcp_listener_show_stats(self):
- self._test_listener_show_stats(const.TCP, 8082)
-
- @decorators.idempotent_id('a4c1f199-923b-41e4-a134-c91e590e20c4')
- def test_udp_listener_show_stats(self):
- self._test_listener_show_stats(const.UDP, 8083)
-
- @decorators.idempotent_id('7f6d3906-529c-4b99-8376-b836059df220')
- def test_sctp_listener_show_stats(self):
- self._test_listener_show_stats(const.SCTP, 8084)
-
- @decorators.idempotent_id('c39c996f-9633-4d81-a5f1-e94643f0c650')
- @testtools.skipUnless(
- CONF.loadbalancer_feature_enabled.terminated_tls_enabled,
- '[loadbalancer-feature-enabled] "terminated_tls_enabled" is '
- 'False in the tempest configuration. TLS tests will be skipped.')
- def test_terminated_https_listener_show_stats(self):
- if not self.should_apply_terminated_https():
- raise self.skipException(
- f'Listener API tests with {const.TERMINATED_HTTPS} protocol'
- ' require the either the barbican service,or running in noop.')
- self._test_listener_show_stats(const.TERMINATED_HTTPS, 8085)
-
def _test_listener_show_stats(self, protocol, protocol_port):
"""Tests listener show statistics API.
@@ -1806,14 +1225,6 @@
const.CONNECTION_LIMIT: CONF.load_balancer.listener_conn_limit,
}
- # Add terminated_https args
- if self.should_apply_terminated_https(protocol=protocol):
- listener_kwargs.update({
- const.DEFAULT_TLS_CONTAINER_REF: self.server_secret_ref,
- const.SNI_CONTAINER_REFS: [self.SNI1_secret_ref,
- self.SNI2_secret_ref],
- })
-
listener = self.mem_listener_client.create_listener(**listener_kwargs)
self.addCleanup(
self.mem_listener_client.cleanup_listener,
@@ -1863,3 +1274,218 @@
self.assertEqual(0, stats[const.BYTES_OUT])
self.assertEqual(0, stats[const.REQUEST_ERRORS])
self.assertEqual(0, stats[const.TOTAL_CONNECTIONS])
+
+
+class ListenerAPITestTCP(ListenerAPIBase):
+
+ @decorators.idempotent_id('45580065-5653-436b-aaff-dc465fa0a542')
+ def test_tcp_listener_create(self):
+ self._test_listener_create(const.TCP, 8002)
+
+ @decorators.idempotent_id('1cd476e2-7788-415e-bcaf-c377acfc9794')
+ def test_tcp_listener_list(self):
+ self._test_listener_list(const.TCP, 8030)
+
+ @decorators.idempotent_id('1fcbbee2-b697-4890-b6bf-d308ac1c94cd')
+ def test_tcp_listener_show(self):
+ self._test_listener_show(const.TCP, 8052)
+
+ @decorators.idempotent_id('8d933121-db03-4ccc-8b77-4e879064a9ba')
+ def test_tcp_listener_update(self):
+ self._test_listener_update(const.TCP, 8062)
+
+ @decorators.idempotent_id('f5ca019d-2b33-48f9-9c2d-2ec169b423ca')
+ def test_tcp_listener_delete(self):
+ self._test_listener_delete(const.TCP, 8072)
+
+ @decorators.idempotent_id('8a999856-f448-498c-b891-21af449b5208')
+ def test_tcp_listener_show_stats(self):
+ self._test_listener_show_stats(const.TCP, 8082)
+
+
+class ListenerAPITestUDP(ListenerAPIBase):
+ @decorators.idempotent_id('7b53f336-47bc-45ae-bbd7-4342ef0673fc')
+ def test_udp_listener_create(self):
+ self._test_listener_create(const.UDP, 8003)
+
+ @decorators.idempotent_id('c08fb77e-b317-4d6f-b430-91f5b27ebac6')
+ def test_udp_listener_list(self):
+ self._test_listener_list(const.UDP, 8040)
+
+ @decorators.idempotent_id('1dea3a6b-c95b-4e91-b591-1aa9cbcd0d1d')
+ def test_udp_listener_show(self):
+ self._test_listener_show(const.UDP, 8053)
+
+ @decorators.idempotent_id('fd02dbfd-39ce-41c2-b181-54fc7ad91707')
+ def test_udp_listener_update(self):
+ self._test_listener_update(const.UDP, 8063)
+
+ @decorators.idempotent_id('86bd9717-e3e9-41e3-86c4-888c64455926')
+ def test_udp_listener_delete(self):
+ self._test_listener_delete(const.UDP, 8073)
+
+ @decorators.idempotent_id('a4c1f199-923b-41e4-a134-c91e590e20c4')
+ def test_udp_listener_show_stats(self):
+ self._test_listener_show_stats(const.UDP, 8083)
+
+
+class ListenerAPITestSCTP(ListenerAPIBase):
+
+ @decorators.idempotent_id('d6d36c32-27ff-4977-9d21-fd71a14e3b20')
+ def test_sctp_listener_create(self):
+ self._test_listener_create(const.SCTP, 8004)
+
+ @decorators.idempotent_id('0abc3998-aacd-4edd-88f5-c5c35557646f')
+ def test_sctp_listener_list(self):
+ self._test_listener_list(const.SCTP, 8041)
+
+ @decorators.idempotent_id('10992529-1d0a-47a3-855c-3dbcd868db4e')
+ def test_sctp_listener_show(self):
+ self._test_listener_show(const.SCTP, 8054)
+
+ @decorators.idempotent_id('c590b485-4e08-4e49-b384-2282b3f6f1b9')
+ def test_sctp_listener_update(self):
+ self._test_listener_update(const.SCTP, 8064)
+
+ @decorators.idempotent_id('0de6f1ad-58ae-4b31-86b6-b440fce70244')
+ def test_sctp_listener_delete(self):
+ self._test_listener_delete(const.SCTP, 8074)
+
+ @decorators.idempotent_id('7f6d3906-529c-4b99-8376-b836059df220')
+ def test_sctp_listener_show_stats(self):
+ self._test_listener_show_stats(const.SCTP, 8084)
+
+
+class ListenerAPITestHTTP(ListenerAPIBase):
+
+ @decorators.idempotent_id('88d0ec83-7b08-48d9-96e2-0df1d2f8cd98')
+ def test_http_listener_create(self):
+ self._test_listener_create(const.HTTP, 8000)
+
+ @decorators.idempotent_id('78ba6eb0-178c-477e-9156-b6775ca7b271')
+ def test_http_listener_list(self):
+ self._test_listener_list(const.HTTP, 8020)
+
+ @decorators.idempotent_id('6e299eae-6907-4dfc-89c2-e57709d25d3d')
+ def test_http_listener_show(self):
+ self._test_listener_show(const.HTTP, 8050)
+
+ @decorators.idempotent_id('aaae0298-5778-4c7e-a27a-01549a71b319')
+ def test_http_listener_update(self):
+ self._test_listener_update(const.HTTP, 8060)
+
+ @decorators.idempotent_id('16f11c82-f069-4592-8954-81b35a98e3b7')
+ def test_http_listener_delete(self):
+ self._test_listener_delete(const.HTTP, 8070)
+
+ @decorators.idempotent_id('6f14a6c1-945e-43bc-8215-410c8a5edb25')
+ def test_http_listener_show_stats(self):
+ self._test_listener_show_stats(const.HTTP, 8080)
+
+
+class ListenerAPITestHTTPS(ListenerAPIBase):
+
+ @decorators.idempotent_id('2cc89237-fc6b-434d-b38e-b3309823e71f')
+ def test_https_listener_create(self):
+ self._test_listener_create(const.HTTPS, 8001)
+
+ @decorators.idempotent_id('61b7c643-f5fa-4471-8f9e-2e0ccdaf5ac7')
+ def test_https_listener_list(self):
+ self._test_listener_list(const.HTTPS, 8030)
+
+ @decorators.idempotent_id('aa838646-435f-4a20-8442-519a7a138e7e')
+ def test_https_listener_show(self):
+ self._test_listener_show(const.HTTPS, 8051)
+
+ @decorators.idempotent_id('9679b061-2b2c-469f-abd9-26ed140ef001')
+ def test_https_listener_update(self):
+ self._test_listener_update(const.HTTPS, 8061)
+
+ @decorators.idempotent_id('769526a0-df71-47cd-996e-46484de32223')
+ def test_https_listener_delete(self):
+ self._test_listener_delete(const.HTTPS, 8071)
+
+ @decorators.idempotent_id('f8a43c27-f0a0-496d-a287-1958f337ac04')
+ def test_https_listener_show_stats(self):
+ self._test_listener_show_stats(const.HTTPS, 8081)
+
+
+class ListenerAPITestPrometheus(ListenerAPIBase):
+
+ @classmethod
+ def skip_checks(cls):
+ super().skip_checks()
+ if CONF.load_balancer.provider == 'tungstenfabric':
+ raise cls.skipException("Not supported by TungstenFabric")
+ if not CONF.loadbalancer_feature_enabled.prometheus_listener_enabled:
+ raise cls.skipException(
+ 'PROMETHEUS listener tests are disabled '
+ 'in the tempest configuration.'
+ )
+
+ @decorators.idempotent_id('1a6ba0d0-f309-4088-a686-dda0e9ab7e43')
+ def test_prometheus_listener_create(self):
+ if not self.mem_listener_client.is_version_supported(
+ self.api_version, '2.25'):
+ raise self.skipException('PROMETHEUS listeners are only available '
+ 'on Octavia API version 2.25 or newer.')
+ self._test_listener_create(const.PROMETHEUS, 8090)
+
+ @decorators.idempotent_id('5473e071-8277-4ac5-9277-01ecaf46e274')
+ def test_prometheus_listener_list(self):
+ if not self.mem_listener_client.is_version_supported(
+ self.api_version, '2.25'):
+ raise self.skipException('PROMETHEUS listeners are only available '
+ 'on Octavia API version 2.25 or newer.')
+ self._test_listener_list(const.PROMETHEUS, 8091)
+
+ @decorators.idempotent_id('b851b754-4333-4115-9063-a9fce44c2e46')
+ def test_prometheus_listener_show(self):
+ if not self.mem_listener_client.is_version_supported(
+ self.api_version, '2.25'):
+ raise self.skipException('PROMETHEUS listeners are only available '
+ 'on Octavia API version 2.25 or newer.')
+ self._test_listener_show(const.PROMETHEUS, 8092)
+
+ @decorators.idempotent_id('cbba6bf8-9184-4da5-95e9-5efe1f89ddf0')
+ def test_prometheus_listener_update(self):
+ if not self.mem_listener_client.is_version_supported(
+ self.api_version, '2.25'):
+ raise self.skipException('PROMETHEUS listeners are only available '
+ 'on Octavia API version 2.25 or newer.')
+ self._test_listener_update(const.PROMETHEUS, 8093)
+
+ @decorators.idempotent_id('322a6372-6b56-4a3c-87e3-dd82074bc83e')
+ def test_prometheus_listener_delete(self):
+ if not self.mem_listener_client.is_version_supported(
+ self.api_version, '2.25'):
+ raise self.skipException('PROMETHEUS listeners are only available '
+ 'on Octavia API version 2.25 or newer.')
+ self._test_listener_delete(const.PROMETHEUS, 8094)
+
+
+class ListenerAPITestMultiprotocol(ListenerAPIBase):
+
+ @decorators.idempotent_id('01a21892-008a-4327-b4fd-fbf194ecb1a5')
+ def test_tcp_udp_sctp_http_listener_create_on_same_port(self):
+ self._test_listener_create_on_same_port(const.TCP, const.UDP,
+ const.SCTP,
+ const.HTTP, 8012)
+
+ @decorators.idempotent_id('cceac303-4db5-4d5a-9f6e-ff33780a5f29')
+ def test_http_udp_sctp_tcp_listener_create_on_same_port(self):
+ self._test_listener_create_on_same_port(const.HTTP, const.UDP,
+ const.SCTP,
+ const.TCP, 8010)
+
+ @decorators.idempotent_id('930338b8-3029-48a6-89b2-8b062060fe61')
+ def test_http_udp_sctp_https_listener_create_on_same_port(self):
+ self._test_listener_create_on_same_port(const.HTTP, const.UDP,
+ const.SCTP,
+ const.HTTPS, 8011)
+
+ @decorators.idempotent_id('5da764a4-c03a-46ed-848b-98b9d9fa9089')
+ def test_tcp_udp_sctp_https_listener_create_on_same_port(self):
+ self._test_listener_create_on_same_port(const.TCP, const.UDP,
+ const.SCTP,
+ const.HTTPS, 8013)