Merge "Separate tests of negative_rest_client"
diff --git a/requirements.txt b/requirements.txt
index a6e7dd1..2af8586 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -6,7 +6,7 @@
httplib2>=0.7.5
jsonschema>=2.0.0,<3.0.0
testtools>=0.9.36,!=1.2.0
-boto>=2.32.1
+boto>=2.32.1,<2.35.0
paramiko>=1.13.0
netaddr>=0.7.12
python-ceilometerclient>=1.0.6
@@ -20,7 +20,7 @@
python-saharaclient>=0.7.6
python-swiftclient>=2.2.0
testrepository>=0.0.18
-oslo.config>=1.4.0 # Apache-2.0
+oslo.config>=1.6.0 # Apache-2.0
six>=1.7.0
iso8601>=0.1.9
fixtures>=0.3.14
diff --git a/tempest/api/network/admin/test_external_networks_negative.py b/tempest/api/network/admin/test_external_networks_negative.py
new file mode 100644
index 0000000..7dbb347
--- /dev/null
+++ b/tempest/api/network/admin/test_external_networks_negative.py
@@ -0,0 +1,53 @@
+# Copyright 2014 OpenStack Foundation
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from tempest.api.network import base
+from tempest import config
+from tempest import exceptions
+from tempest import test
+
+CONF = config.CONF
+
+
+class ExternalNetworksAdminNegativeTestJSON(base.BaseAdminNetworkTest):
+ _interface = 'json'
+
+ @test.attr(type=['negative'])
+ def test_create_port_with_precreated_floatingip_as_fixed_ip(self):
+ """
+ External networks can be used to create both floating-ip as well
+ as instance-ip. So, creating an instance-ip with a value of a
+ pre-created floating-ip should be denied.
+ """
+
+ # create a floating ip
+ client = self.admin_client
+ body = client.create_floatingip(
+ floating_network_id=CONF.network.public_network_id)
+ created_floating_ip = body['floatingip']
+ self.addCleanup(self._try_delete_resource,
+ client.delete_floatingip,
+ created_floating_ip['id'])
+ floating_ip_address = created_floating_ip['floating_ip_address']
+ self.assertIsNotNone(floating_ip_address)
+
+ # use the same value of floatingip as fixed-ip to create_port()
+ fixed_ips = [{'ip_address': floating_ip_address}]
+
+ # create a port which will internally create an instance-ip
+ self.assertRaises(exceptions.Conflict,
+ client.create_port,
+ network_id=CONF.network.public_network_id,
+ fixed_ips=fixed_ips)
diff --git a/tempest/scenario/test_security_groups_basic_ops.py b/tempest/scenario/test_security_groups_basic_ops.py
index 5e2a9d0..de6b0f9 100644
--- a/tempest/scenario/test_security_groups_basic_ops.py
+++ b/tempest/scenario/test_security_groups_basic_ops.py
@@ -72,6 +72,10 @@
* test that reverse traffic is still blocked
* test than revesre traffic is enabled once an appropriate rule has
been created on source tenant
+ 7._test_port_update_new_security_group:
+ * test that traffic is blocked with default security group
+ * test that traffic is enabled after updating port with new security
+ group having appropriate rule
assumptions:
1. alt_tenant/user existed and is different from primary_tenant/user
@@ -452,7 +456,57 @@
# in-tenant check
self._test_in_tenant_block(self.primary_tenant)
self._test_in_tenant_allow(self.primary_tenant)
+ except Exception:
+ for tenant in self.tenants.values():
+ self._log_console_output(servers=tenant.servers)
+ raise
+ @test.attr(type='smoke')
+ @test.services('compute', 'network')
+ def test_port_update_new_security_group(self):
+ """
+ This test verifies the traffic after updating the vm port with new
+ security group having appropiate rule.
+ """
+ new_tenant = self.primary_tenant
+
+ # Create empty security group and add icmp rule in it
+ new_sg = self._create_empty_security_group(
+ namestart='secgroup_new-',
+ tenant_id=new_tenant.creds.tenant_id,
+ client=new_tenant.manager.network_client)
+ icmp_rule = dict(
+ protocol='icmp',
+ direction='ingress',
+ )
+ self._create_security_group_rule(
+ secgroup=new_sg,
+ client=new_tenant.manager.network_client,
+ **icmp_rule)
+ new_tenant.security_groups.update(new_sg=new_sg)
+
+ # Create server with default security group
+ name = 'server-{tenant}-gen-1-'.format(
+ tenant=new_tenant.creds.tenant_name
+ )
+ name = data_utils.rand_name(name)
+ server = self._create_server(name, new_tenant)
+
+ # Check connectivity failure with default security group
+ try:
+ access_point_ssh = self._connect_to_access_point(new_tenant)
+ self._check_connectivity(access_point=access_point_ssh,
+ ip=self._get_server_ip(server),
+ should_succeed=False)
+ server_id = server['id']
+ port_id = self._list_ports(device_id=server_id)[0]['id']
+
+ # update port with new security group and check connectivity
+ self.network_client.update_port(port_id, security_groups=[
+ new_tenant.security_groups['new_sg'].id])
+ self._check_connectivity(
+ access_point=access_point_ssh,
+ ip=self._get_server_ip(server))
except Exception:
for tenant in self.tenants.values():
self._log_console_output(servers=tenant.servers)