Add some tests for security_group_rules api
- test_security_group_rules_delete_when_peer_group_deleted
- test_create_security_group_rule_with_invalid_id
- test_create_security_group_rule_duplicate
Change-Id: Ia07944079e7ffb250bf6ad9d0598592660a49a6f
diff --git a/tempest/api/compute/security_groups/test_security_group_rules.py b/tempest/api/compute/security_groups/test_security_group_rules.py
index d61acfb..2ccc3a8 100644
--- a/tempest/api/compute/security_groups/test_security_group_rules.py
+++ b/tempest/api/compute/security_groups/test_security_group_rules.py
@@ -15,11 +15,8 @@
# License for the specific language governing permissions and limitations
# under the License.
-import uuid
-
from tempest.api.compute import base
from tempest.common.utils import data_utils
-from tempest import exceptions
from tempest.test import attr
@@ -32,7 +29,7 @@
cls.client = cls.security_groups_client
cls.neutron_available = cls.config.service_available.neutron
- @attr(type='gate')
+ @attr(type='smoke')
def test_security_group_rules_create(self):
# Positive test: Creation of Security Group rule
# should be successful
@@ -55,7 +52,7 @@
self.addCleanup(self.client.delete_security_group_rule, rule['id'])
self.assertEqual(200, resp.status)
- @attr(type='gate')
+ @attr(type='smoke')
def test_security_group_rules_create_with_optional_arguments(self):
# Positive test: Creation of Security Group rule
# with optional arguments
@@ -94,110 +91,7 @@
self.addCleanup(self.client.delete_security_group_rule, rule['id'])
self.assertEqual(200, resp.status)
- @attr(type=['negative', 'smoke'])
- def test_security_group_rules_create_with_invalid_id(self):
- # Negative test: Creation of Security Group rule should FAIL
- # with invalid Parent group id
- # Adding rules to the invalid Security Group id
- parent_group_id = data_utils.rand_int_id(start=999)
- if self.neutron_available:
- parent_group_id = str(uuid.uuid4())
- ip_protocol = 'tcp'
- from_port = 22
- to_port = 22
- self.assertRaises(exceptions.NotFound,
- self.client.create_security_group_rule,
- parent_group_id, ip_protocol, from_port, to_port)
-
- @attr(type=['negative', 'gate'])
- def test_security_group_rules_create_with_invalid_ip_protocol(self):
- # Negative test: Creation of Security Group rule should FAIL
- # with invalid ip_protocol
- # Creating a Security Group to add rule to it
- s_name = data_utils.rand_name('securitygroup-')
- s_description = data_utils.rand_name('description-')
- resp, securitygroup = self.client.create_security_group(s_name,
- s_description)
- # Adding rules to the created Security Group
- parent_group_id = securitygroup['id']
- ip_protocol = data_utils.rand_name('999')
- from_port = 22
- to_port = 22
-
- self.addCleanup(self.client.delete_security_group, securitygroup['id'])
- self.assertRaises(exceptions.BadRequest,
- self.client.create_security_group_rule,
- parent_group_id, ip_protocol, from_port, to_port)
-
- @attr(type=['negative', 'gate'])
- def test_security_group_rules_create_with_invalid_from_port(self):
- # Negative test: Creation of Security Group rule should FAIL
- # with invalid from_port
- # Creating a Security Group to add rule to it
- s_name = data_utils.rand_name('securitygroup-')
- s_description = data_utils.rand_name('description-')
- resp, securitygroup = self.client.create_security_group(s_name,
- s_description)
- # Adding rules to the created Security Group
- parent_group_id = securitygroup['id']
- ip_protocol = 'tcp'
- from_port = data_utils.rand_int_id(start=999, end=65535)
- to_port = 22
- self.addCleanup(self.client.delete_security_group, securitygroup['id'])
- self.assertRaises(exceptions.BadRequest,
- self.client.create_security_group_rule,
- parent_group_id, ip_protocol, from_port, to_port)
-
- @attr(type=['negative', 'gate'])
- def test_security_group_rules_create_with_invalid_to_port(self):
- # Negative test: Creation of Security Group rule should FAIL
- # with invalid to_port
- # Creating a Security Group to add rule to it
- s_name = data_utils.rand_name('securitygroup-')
- s_description = data_utils.rand_name('description-')
- resp, securitygroup = self.client.create_security_group(s_name,
- s_description)
- # Adding rules to the created Security Group
- parent_group_id = securitygroup['id']
- ip_protocol = 'tcp'
- from_port = 22
- to_port = data_utils.rand_int_id(start=65536)
- self.addCleanup(self.client.delete_security_group, securitygroup['id'])
- self.assertRaises(exceptions.BadRequest,
- self.client.create_security_group_rule,
- parent_group_id, ip_protocol, from_port, to_port)
-
- @attr(type=['negative', 'gate'])
- def test_security_group_rules_create_with_invalid_port_range(self):
- # Negative test: Creation of Security Group rule should FAIL
- # with invalid port range.
- # Creating a Security Group to add rule to it.
- s_name = data_utils.rand_name('securitygroup-')
- s_description = data_utils.rand_name('description-')
- resp, securitygroup = self.client.create_security_group(s_name,
- s_description)
- # Adding a rule to the created Security Group
- secgroup_id = securitygroup['id']
- ip_protocol = 'tcp'
- from_port = 22
- to_port = 21
- self.addCleanup(self.client.delete_security_group, securitygroup['id'])
- self.assertRaises(exceptions.BadRequest,
- self.client.create_security_group_rule,
- secgroup_id, ip_protocol, from_port, to_port)
-
- @attr(type=['negative', 'smoke'])
- def test_security_group_rules_delete_with_invalid_id(self):
- # Negative test: Deletion of Security Group rule should be FAIL
- # with invalid rule id
- group_rule_id = data_utils.rand_int_id(start=999)
- if self.neutron_available:
- group_rule_id = str(uuid.uuid4())
- self.assertRaises(exceptions.NotFound,
- self.client.delete_security_group_rule,
- group_rule_id)
-
- @attr(type='gate')
+ @attr(type='smoke')
def test_security_group_rules_list(self):
# Positive test: Created Security Group rules should be
# in the list of all rules
@@ -240,6 +134,44 @@
self.assertTrue(any([i for i in rules if i['id'] == rule1_id]))
self.assertTrue(any([i for i in rules if i['id'] == rule2_id]))
+ @attr(type='smoke')
+ def test_security_group_rules_delete_when_peer_group_deleted(self):
+ # Positive test:rule will delete when peer group deleting
+ # Creating a Security Group to add rules to it
+ s1_name = data_utils.rand_name('securitygroup1-')
+ s1_description = data_utils.rand_name('description1-')
+ resp, sg1 = \
+ self.client.create_security_group(s1_name, s1_description)
+ self.addCleanup(self.client.delete_security_group, sg1['id'])
+ self.assertEqual(200, resp.status)
+ # Creating other Security Group to access to group1
+ s2_name = data_utils.rand_name('securitygroup2-')
+ s2_description = data_utils.rand_name('description2-')
+ resp, sg2 = \
+ self.client.create_security_group(s2_name, s2_description)
+ self.assertEqual(200, resp.status)
+ sg2_id = sg2['id']
+ # Adding rules to the Group1
+ ip_protocol = 'tcp'
+ from_port = 22
+ to_port = 22
+ resp, rule = \
+ self.client.create_security_group_rule(sg1['id'],
+ ip_protocol,
+ from_port,
+ to_port,
+ group_id=sg2_id)
+
+ self.assertEqual(200, resp.status)
+ # Delete group2
+ resp, body = self.client.delete_security_group(sg2_id)
+ self.assertEqual(202, resp.status)
+ # Get rules of the Group1
+ resp, rules = \
+ self.client.list_security_group_rules(sg1['id'])
+ # The group1 has no rules because group2 has deleted
+ self.assertEqual(0, len(rules))
+
class SecurityGroupRulesTestXML(SecurityGroupRulesTestJSON):
_interface = 'xml'
diff --git a/tempest/api/compute/security_groups/test_security_group_rules_negative.py b/tempest/api/compute/security_groups/test_security_group_rules_negative.py
new file mode 100644
index 0000000..1c38268
--- /dev/null
+++ b/tempest/api/compute/security_groups/test_security_group_rules_negative.py
@@ -0,0 +1,183 @@
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright 2013 Huawei Technologies Co.,LTD.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import testtools
+
+from tempest.api.compute import base
+from tempest.common.utils import data_utils
+from tempest import config
+from tempest import exceptions
+from tempest.test import attr
+from tempest.test import skip_because
+
+
+class SecurityGroupRulesNegativeTestJSON(base.BaseV2ComputeTest):
+ _interface = 'json'
+
+ @classmethod
+ def setUpClass(cls):
+ super(SecurityGroupRulesNegativeTestJSON, cls).setUpClass()
+ cls.client = cls.security_groups_client
+
+ @skip_because(bug="1182384",
+ condition=config.TempestConfig().service_available.neutron)
+ @attr(type=['negative', 'smoke'])
+ def test_create_security_group_rule_with_non_existent_id(self):
+ # Negative test: Creation of Security Group rule should FAIL
+ # with non existent Parent group id
+ # Adding rules to the non existent Security Group id
+ parent_group_id = data_utils.rand_int_id(start=999)
+ ip_protocol = 'tcp'
+ from_port = 22
+ to_port = 22
+ self.assertRaises(exceptions.NotFound,
+ self.client.create_security_group_rule,
+ parent_group_id, ip_protocol, from_port, to_port)
+
+ @testtools.skipIf(config.TempestConfig().service_available.neutron,
+ "Neutron not check the security_group_id")
+ @attr(type=['negative', 'smoke'])
+ def test_create_security_group_rule_with_invalid_id(self):
+ # Negative test: Creation of Security Group rule should FAIL
+ # with Parent group id which is not integer
+ # Adding rules to the non int Security Group id
+ parent_group_id = data_utils.rand_name('non_int_id')
+ ip_protocol = 'tcp'
+ from_port = 22
+ to_port = 22
+ self.assertRaises(exceptions.BadRequest,
+ self.client.create_security_group_rule,
+ parent_group_id, ip_protocol, from_port, to_port)
+
+ @attr(type=['negative', 'smoke'])
+ def test_create_security_group_rule_duplicate(self):
+ # Negative test: Create Security Group rule duplicate should fail
+ # Creating a Security Group to add rule to it
+ s_name = data_utils.rand_name('securitygroup-')
+ s_description = data_utils.rand_name('description-')
+ resp, sg = self.client.create_security_group(s_name, s_description)
+ self.assertEqual(200, resp.status)
+ # Adding rules to the created Security Group
+ parent_group_id = sg['id']
+ ip_protocol = 'tcp'
+ from_port = 22
+ to_port = 22
+
+ self.addCleanup(self.client.delete_security_group, sg['id'])
+ resp, rule = \
+ self.client.create_security_group_rule(parent_group_id,
+ ip_protocol,
+ from_port,
+ to_port)
+ self.addCleanup(self.client.delete_security_group_rule, rule['id'])
+ self.assertEqual(200, resp.status)
+ # Add the same rule to the group should fail
+ self.assertRaises(exceptions.BadRequest,
+ self.client.create_security_group_rule,
+ parent_group_id, ip_protocol, from_port, to_port)
+
+ @attr(type=['negative', 'smoke'])
+ def test_create_security_group_rule_with_invalid_ip_protocol(self):
+ # Negative test: Creation of Security Group rule should FAIL
+ # with invalid ip_protocol
+ # Creating a Security Group to add rule to it
+ s_name = data_utils.rand_name('securitygroup-')
+ s_description = data_utils.rand_name('description-')
+ resp, securitygroup = self.client.create_security_group(s_name,
+ s_description)
+ # Adding rules to the created Security Group
+ parent_group_id = securitygroup['id']
+ ip_protocol = data_utils.rand_name('999')
+ from_port = 22
+ to_port = 22
+
+ self.addCleanup(self.client.delete_security_group, securitygroup['id'])
+ self.assertRaises(exceptions.BadRequest,
+ self.client.create_security_group_rule,
+ parent_group_id, ip_protocol, from_port, to_port)
+
+ @attr(type=['negative', 'smoke'])
+ def test_create_security_group_rule_with_invalid_from_port(self):
+ # Negative test: Creation of Security Group rule should FAIL
+ # with invalid from_port
+ # Creating a Security Group to add rule to it
+ s_name = data_utils.rand_name('securitygroup-')
+ s_description = data_utils.rand_name('description-')
+ resp, securitygroup = self.client.create_security_group(s_name,
+ s_description)
+ # Adding rules to the created Security Group
+ parent_group_id = securitygroup['id']
+ ip_protocol = 'tcp'
+ from_port = data_utils.rand_int_id(start=65536)
+ to_port = 22
+ self.addCleanup(self.client.delete_security_group, securitygroup['id'])
+ self.assertRaises(exceptions.BadRequest,
+ self.client.create_security_group_rule,
+ parent_group_id, ip_protocol, from_port, to_port)
+
+ @attr(type=['negative', 'smoke'])
+ def test_create_security_group_rule_with_invalid_to_port(self):
+ # Negative test: Creation of Security Group rule should FAIL
+ # with invalid to_port
+ # Creating a Security Group to add rule to it
+ s_name = data_utils.rand_name('securitygroup-')
+ s_description = data_utils.rand_name('description-')
+ resp, securitygroup = self.client.create_security_group(s_name,
+ s_description)
+ # Adding rules to the created Security Group
+ parent_group_id = securitygroup['id']
+ ip_protocol = 'tcp'
+ from_port = 22
+ to_port = data_utils.rand_int_id(start=65536)
+ self.addCleanup(self.client.delete_security_group, securitygroup['id'])
+ self.assertRaises(exceptions.BadRequest,
+ self.client.create_security_group_rule,
+ parent_group_id, ip_protocol, from_port, to_port)
+
+ @attr(type=['negative', 'smoke'])
+ def test_create_security_group_rule_with_invalid_port_range(self):
+ # Negative test: Creation of Security Group rule should FAIL
+ # with invalid port range.
+ # Creating a Security Group to add rule to it.
+ s_name = data_utils.rand_name('securitygroup-')
+ s_description = data_utils.rand_name('description-')
+ resp, securitygroup = self.client.create_security_group(s_name,
+ s_description)
+ # Adding a rule to the created Security Group
+ secgroup_id = securitygroup['id']
+ ip_protocol = 'tcp'
+ from_port = 22
+ to_port = 21
+ self.addCleanup(self.client.delete_security_group, securitygroup['id'])
+ self.assertRaises(exceptions.BadRequest,
+ self.client.create_security_group_rule,
+ secgroup_id, ip_protocol, from_port, to_port)
+
+ @skip_because(bug="1182384",
+ condition=config.TempestConfig().service_available.neutron)
+ @attr(type=['negative', 'smoke'])
+ def test_delete_security_group_rule_with_non_existent_id(self):
+ # Negative test: Deletion of Security Group rule should be FAIL
+ # with non existent id
+ non_existent_rule_id = data_utils.rand_int_id(start=999)
+ self.assertRaises(exceptions.NotFound,
+ self.client.delete_security_group_rule,
+ non_existent_rule_id)
+
+
+class SecurityGroupRulesNegativeTestXML(SecurityGroupRulesNegativeTestJSON):
+ _interface = 'xml'