Cleanup: Add common "create security rule" method
There are many "create security rule" methods in each scenario test,
their behaviors are almost the same. They create security rule which
is loginable/reachable to a server with ssh/ping.
For code-cleanup, this patch adds the method which creates loginable
rules to the specified security group.
Change-Id: I4e2ebd099b7373948c82abf86615a85db055c7c5
diff --git a/tempest/scenario/manager.py b/tempest/scenario/manager.py
index 525c3a9..7ba40e7 100644
--- a/tempest/scenario/manager.py
+++ b/tempest/scenario/manager.py
@@ -258,6 +258,40 @@
self.fail("Timed out waiting for thing %s to become %s"
% (thing_id, expected_status))
+ def create_loginable_secgroup_rule(self, client=None, secgroup_id=None):
+ if client is None:
+ client = self.compute_client
+ if secgroup_id is None:
+ sgs = client.security_groups.list()
+ for sg in sgs:
+ if sg.name == 'default':
+ secgroup_id = sg.id
+
+ # These rules are intended to permit inbound ssh and icmp
+ # traffic from all sources, so no group_id is provided.
+ # Setting a group_id would only permit traffic from ports
+ # belonging to the same security group.
+ rulesets = [
+ {
+ # ssh
+ 'ip_protocol': 'tcp',
+ 'from_port': 22,
+ 'to_port': 22,
+ 'cidr': '0.0.0.0/0',
+ },
+ {
+ # ping
+ 'ip_protocol': 'icmp',
+ 'from_port': -1,
+ 'to_port': -1,
+ 'cidr': '0.0.0.0/0',
+ }
+ ]
+ for ruleset in rulesets:
+ sg_rule = client.security_group_rules.create(secgroup_id,
+ **ruleset)
+ self.set_resource(sg_rule.id, sg_rule)
+
def create_server(self, client, name=None, image=None, flavor=None,
create_kwargs={}):
if name is None:
@@ -335,32 +369,7 @@
self.fail("SecurityGroup object not successfully created.")
# Add rules to the security group
-
- # These rules are intended to permit inbound ssh and icmp
- # traffic from all sources, so no group_id is provided.
- # Setting a group_id would only permit traffic from ports
- # belonging to the same security group.
- rulesets = [
- {
- # ssh
- 'ip_protocol': 'tcp',
- 'from_port': 22,
- 'to_port': 22,
- 'cidr': '0.0.0.0/0',
- },
- {
- # ping
- 'ip_protocol': 'icmp',
- 'from_port': -1,
- 'to_port': -1,
- 'cidr': '0.0.0.0/0',
- }
- ]
- for ruleset in rulesets:
- try:
- client.security_group_rules.create(secgroup.id, **ruleset)
- except Exception:
- self.fail("Failed to create rule in security group.")
+ self.create_loginable_secgroup_rule(client, secgroup.id)
return secgroup
diff --git a/tempest/scenario/test_minimum_basic.py b/tempest/scenario/test_minimum_basic.py
index b789fa2..6504f40 100644
--- a/tempest/scenario/test_minimum_basic.py
+++ b/tempest/scenario/test_minimum_basic.py
@@ -143,25 +143,6 @@
def nova_floating_ip_add(self):
self.server.add_floating_ip(self.floating_ip)
- def nova_security_group_rule_create(self):
- sgs = self.compute_client.security_groups.list()
- for sg in sgs:
- if sg.name == 'default':
- secgroup = sg
-
- ruleset = {
- # ssh
- 'ip_protocol': 'tcp',
- 'from_port': 22,
- 'to_port': 22,
- 'cidr': '0.0.0.0/0',
- 'group_id': None
- }
- sg_rule = self.compute_client.security_group_rules.create(secgroup.id,
- **ruleset)
- self.addCleanup(self.compute_client.security_group_rules.delete,
- sg_rule.id)
-
def ssh_to_server(self):
username = self.config.scenario.ssh_user
self.linux_client = RemoteClient(self.floating_ip.ip,
@@ -195,7 +176,7 @@
self.nova_floating_ip_create()
self.nova_floating_ip_add()
- self.nova_security_group_rule_create()
+ self.create_loginable_secgroup_rule()
self.ssh_to_server()
self.check_partitions()
diff --git a/tempest/scenario/test_server_basic_ops.py b/tempest/scenario/test_server_basic_ops.py
index 43ac2d9..c175b04 100644
--- a/tempest/scenario/test_server_basic_ops.py
+++ b/tempest/scenario/test_server_basic_ops.py
@@ -58,28 +58,7 @@
self.fail("SecurityGroup object not successfully created.")
# Add rules to the security group
- rulesets = [
- {
- 'ip_protocol': 'tcp',
- 'from_port': 1,
- 'to_port': 65535,
- 'cidr': '0.0.0.0/0',
- 'group_id': self.secgroup.id
- },
- {
- 'ip_protocol': 'icmp',
- 'from_port': -1,
- 'to_port': -1,
- 'cidr': '0.0.0.0/0',
- 'group_id': self.secgroup.id
- }
- ]
- for ruleset in rulesets:
- try:
- self.compute_client.security_group_rules.create(
- self.secgroup.id, **ruleset)
- except Exception:
- self.fail("Failed to create rule in security group.")
+ self.create_loginable_secgroup_rule(secgroup_id=self.secgroup.id)
def boot_instance(self):
create_kwargs = {
diff --git a/tempest/scenario/test_snapshot_pattern.py b/tempest/scenario/test_snapshot_pattern.py
index e8ce1bd..6b4ed47 100644
--- a/tempest/scenario/test_snapshot_pattern.py
+++ b/tempest/scenario/test_snapshot_pattern.py
@@ -56,25 +56,6 @@
self.addCleanup(self.compute_client.keypairs.delete, self.keypair)
self.assertEqual(name, self.keypair.name)
- def _create_security_group_rule(self):
- sgs = self.compute_client.security_groups.list()
- for sg in sgs:
- if sg.name == 'default':
- secgroup = sg
-
- ruleset = {
- # ssh
- 'ip_protocol': 'tcp',
- 'from_port': 22,
- 'to_port': 22,
- 'cidr': '0.0.0.0/0',
- 'group_id': None
- }
- sg_rule = self.compute_client.security_group_rules.create(secgroup.id,
- **ruleset)
- self.addCleanup(self.compute_client.security_group_rules.delete,
- sg_rule.id)
-
def _ssh_to_server(self, server_or_ip):
if isinstance(server_or_ip, basestring):
ip = server_or_ip
@@ -120,7 +101,7 @@
def test_snapshot_pattern(self):
# prepare for booting a instance
self._add_keypair()
- self._create_security_group_rule()
+ self.create_loginable_secgroup_rule()
# boot a instance and create a timestamp file in it
server = self._boot_image(self.config.compute.image_ref)
diff --git a/tempest/scenario/test_stamp_pattern.py b/tempest/scenario/test_stamp_pattern.py
index 038d251..930e7fb 100644
--- a/tempest/scenario/test_stamp_pattern.py
+++ b/tempest/scenario/test_stamp_pattern.py
@@ -84,25 +84,6 @@
def _add_floating_ip(self, server, floating_ip):
server.add_floating_ip(floating_ip)
- def _create_security_group_rule(self):
- sgs = self.compute_client.security_groups.list()
- for sg in sgs:
- if sg.name == 'default':
- secgroup = sg
-
- ruleset = {
- # ssh
- 'ip_protocol': 'tcp',
- 'from_port': 22,
- 'to_port': 22,
- 'cidr': '0.0.0.0/0',
- 'group_id': None
- }
- sg_rule = self.compute_client.security_group_rules.create(secgroup.id,
- **ruleset)
- self.addCleanup(self.compute_client.security_group_rules.delete,
- sg_rule.id)
-
def _remote_client_to_server(self, server_or_ip):
if isinstance(server_or_ip, basestring):
ip = server_or_ip
@@ -214,7 +195,7 @@
def test_stamp_pattern(self):
# prepare for booting a instance
self._add_keypair()
- self._create_security_group_rule()
+ self.create_loginable_secgroup_rule()
# boot an instance and create a timestamp file in it
volume = self._create_volume()