Separate security_group_rules_client
As the qa-spec of consistent-service-method-names, we have decided
all service client modules will be separated into a single module
by each resource. So this patch separates security_group_rules_client
from security_groups_client.
Partially implements blueprint consistent-service-method-names
Change-Id: I28fab7730f62606c771631faf94203dbdd517358
diff --git a/tempest/api/compute/admin/test_quotas_negative.py b/tempest/api/compute/admin/test_quotas_negative.py
index 798bd30..33313be 100644
--- a/tempest/api/compute/admin/test_quotas_negative.py
+++ b/tempest/api/compute/admin/test_quotas_negative.py
@@ -32,6 +32,7 @@
cls.client = cls.os.quotas_client
cls.adm_client = cls.os_adm.quotas_client
cls.sg_client = cls.security_groups_client
+ cls.sgr_client = cls.security_group_rules_client
@classmethod
def resource_setup(cls):
@@ -167,5 +168,5 @@
# A 403 Forbidden or 413 Overlimit (old behaviour) exception
# will be raised when out of quota
self.assertRaises((lib_exc.OverLimit, lib_exc.Forbidden),
- self.sg_client.create_security_group_rule,
+ self.sgr_client.create_security_group_rule,
secgroup_id, ip_protocol, 1025, 1025)
diff --git a/tempest/api/compute/base.py b/tempest/api/compute/base.py
index 759bb8c..33442b2 100644
--- a/tempest/api/compute/base.py
+++ b/tempest/api/compute/base.py
@@ -64,6 +64,7 @@
cls.floating_ip_pools_client = cls.os.floating_ip_pools_client
cls.floating_ips_client = cls.os.floating_ips_client
cls.keypairs_client = cls.os.keypairs_client
+ cls.security_group_rules_client = cls.os.security_group_rules_client
cls.security_groups_client = cls.os.security_groups_client
cls.quotas_client = cls.os.quotas_client
# NOTE(mriedem): os-quota-class-sets is v2 API only
diff --git a/tempest/api/compute/security_groups/test_security_group_rules.py b/tempest/api/compute/security_groups/test_security_group_rules.py
index ff3f25b..4596e1f 100644
--- a/tempest/api/compute/security_groups/test_security_group_rules.py
+++ b/tempest/api/compute/security_groups/test_security_group_rules.py
@@ -25,7 +25,7 @@
@classmethod
def setup_clients(cls):
super(SecurityGroupRulesTestJSON, cls).setup_clients()
- cls.client = cls.security_groups_client
+ cls.client = cls.security_group_rules_client
@classmethod
def resource_setup(cls):
@@ -183,7 +183,7 @@
group_id=sg2_id)
# Delete group2
- self.client.delete_security_group(sg2_id)
+ self.security_groups_client.delete_security_group(sg2_id)
# Get rules of the Group1
rules = \
self.client.list_security_group_rules(sg1_id)
diff --git a/tempest/api/compute/security_groups/test_security_group_rules_negative.py b/tempest/api/compute/security_groups/test_security_group_rules_negative.py
index 15e79ac..e2a1034 100644
--- a/tempest/api/compute/security_groups/test_security_group_rules_negative.py
+++ b/tempest/api/compute/security_groups/test_security_group_rules_negative.py
@@ -36,6 +36,7 @@
def setup_clients(cls):
super(SecurityGroupRulesNegativeTestJSON, cls).setup_clients()
cls.client = cls.security_groups_client
+ cls.rules_client = cls.security_group_rules_client
@test.attr(type=['negative'])
@test.idempotent_id('1d507e98-7951-469b-82c3-23f1e6b8c254')
@@ -49,7 +50,7 @@
from_port = 22
to_port = 22
self.assertRaises(lib_exc.NotFound,
- self.client.create_security_group_rule,
+ self.rules_client.create_security_group_rule,
parent_group_id, ip_protocol, from_port, to_port)
@test.attr(type=['negative'])
@@ -64,7 +65,7 @@
from_port = 22
to_port = 22
self.assertRaises(lib_exc.BadRequest,
- self.client.create_security_group_rule,
+ self.rules_client.create_security_group_rule,
parent_group_id, ip_protocol, from_port, to_port)
@test.attr(type=['negative'])
@@ -81,14 +82,15 @@
to_port = 22
rule = \
- self.client.create_security_group_rule(parent_group_id,
- ip_protocol,
- from_port,
- to_port)
- self.addCleanup(self.client.delete_security_group_rule, rule['id'])
+ self.rules_client.create_security_group_rule(parent_group_id,
+ ip_protocol,
+ from_port,
+ to_port)
+ self.addCleanup(self.rules_client.delete_security_group_rule,
+ rule['id'])
# Add the same rule to the group should fail
self.assertRaises(lib_exc.BadRequest,
- self.client.create_security_group_rule,
+ self.rules_client.create_security_group_rule,
parent_group_id, ip_protocol, from_port, to_port)
@test.attr(type=['negative'])
@@ -106,7 +108,7 @@
to_port = 22
self.assertRaises(lib_exc.BadRequest,
- self.client.create_security_group_rule,
+ self.rules_client.create_security_group_rule,
parent_group_id, ip_protocol, from_port, to_port)
@test.attr(type=['negative'])
@@ -123,7 +125,7 @@
from_port = data_utils.rand_int_id(start=65536)
to_port = 22
self.assertRaises(lib_exc.BadRequest,
- self.client.create_security_group_rule,
+ self.rules_client.create_security_group_rule,
parent_group_id, ip_protocol, from_port, to_port)
@test.attr(type=['negative'])
@@ -140,7 +142,7 @@
from_port = 22
to_port = data_utils.rand_int_id(start=65536)
self.assertRaises(lib_exc.BadRequest,
- self.client.create_security_group_rule,
+ self.rules_client.create_security_group_rule,
parent_group_id, ip_protocol, from_port, to_port)
@test.attr(type=['negative'])
@@ -157,7 +159,7 @@
from_port = 22
to_port = 21
self.assertRaises(lib_exc.BadRequest,
- self.client.create_security_group_rule,
+ self.rules_client.create_security_group_rule,
secgroup_id, ip_protocol, from_port, to_port)
@test.attr(type=['negative'])
@@ -168,5 +170,5 @@
# with non existent id
non_existent_rule_id = not_existing_id()
self.assertRaises(lib_exc.NotFound,
- self.client.delete_security_group_rule,
+ self.rules_client.delete_security_group_rule,
non_existent_rule_id)
diff --git a/tempest/api/compute/test_authorization.py b/tempest/api/compute/test_authorization.py
index 58c2206..8ee8ad4 100644
--- a/tempest/api/compute/test_authorization.py
+++ b/tempest/api/compute/test_authorization.py
@@ -52,11 +52,13 @@
cls.glance_client = cls.os.image_client
cls.keypairs_client = cls.os.keypairs_client
cls.security_client = cls.os.security_groups_client
+ cls.rule_client = cls.os.security_group_rules_client
cls.alt_client = cls.alt_manager.servers_client
cls.alt_images_client = cls.alt_manager.images_client
cls.alt_keypairs_client = cls.alt_manager.keypairs_client
cls.alt_security_client = cls.alt_manager.security_groups_client
+ cls.alt_rule_client = cls.alt_manager.security_group_rules_client
@classmethod
def resource_setup(cls):
@@ -87,7 +89,7 @@
ip_protocol = 'tcp'
from_port = 22
to_port = 22
- cls.rule = cls.security_client.create_security_group_rule(
+ cls.rule = cls.rule_client.create_security_group_rule(
parent_group_id, ip_protocol, from_port, to_port)
@classmethod
@@ -292,21 +294,21 @@
to_port = -1
try:
# Change the base URL to impersonate another user
- self.alt_security_client.auth_provider.set_alt_auth_data(
+ self.alt_rule_client.auth_provider.set_alt_auth_data(
request_part='url',
- auth_data=self.security_client.auth_provider.auth_data
+ auth_data=self.rule_client.auth_provider.auth_data
)
resp = {}
resp['status'] = None
self.assertRaises(lib_exc.BadRequest,
- self.alt_security_client.
+ self.alt_rule_client.
create_security_group_rule,
parent_group_id, ip_protocol, from_port,
to_port)
finally:
# Next request the base_url is back to normal
if resp['status'] is not None:
- self.alt_security_client.delete_security_group_rule(resp['id'])
+ self.alt_rule_client.delete_security_group_rule(resp['id'])
LOG.error("Create security group rule request should not "
"happen if the tenant id does not match the"
" current user")
@@ -316,7 +318,7 @@
# A DELETE request for another user's security group rule
# should fail
self.assertRaises(lib_exc.NotFound,
- self.alt_security_client.delete_security_group_rule,
+ self.alt_rule_client.delete_security_group_rule,
self.rule['id'])
@test.idempotent_id('c5f52351-53d9-4fc9-83e5-917f7f5e3d71')
diff --git a/tempest/clients.py b/tempest/clients.py
index 6a2c601..20cefbc 100644
--- a/tempest/clients.py
+++ b/tempest/clients.py
@@ -65,6 +65,8 @@
from tempest.services.compute.json.quotas_client import QuotasClient
from tempest.services.compute.json.security_group_default_rules_client import \
SecurityGroupDefaultRulesClient
+from tempest.services.compute.json.security_group_rules_client import \
+ SecurityGroupRulesClient
from tempest.services.compute.json.security_groups_client import \
SecurityGroupsClient
from tempest.services.compute.json.server_groups_client import \
@@ -286,6 +288,8 @@
self.auth_provider, **params)
self.floating_ips_client = FloatingIPsClient(self.auth_provider,
**params)
+ self.security_group_rules_client = SecurityGroupRulesClient(
+ self.auth_provider, **params)
self.security_groups_client = SecurityGroupsClient(
self.auth_provider, **params)
self.interfaces_client = InterfacesClient(self.auth_provider,
diff --git a/tempest/cmd/javelin.py b/tempest/cmd/javelin.py
index f091cd3..f35548a 100755
--- a/tempest/cmd/javelin.py
+++ b/tempest/cmd/javelin.py
@@ -122,6 +122,7 @@
from tempest import config
from tempest.services.compute.json import flavors_client
from tempest.services.compute.json import floating_ips_client
+from tempest.services.compute.json import security_group_rules_client
from tempest.services.compute.json import security_groups_client
from tempest.services.compute.json import servers_client
from tempest.services.identity.v2.json import identity_client
@@ -202,6 +203,8 @@
_auth, **compute_params)
self.secgroups = security_groups_client.SecurityGroupsClient(
_auth, **compute_params)
+ self.secrules = security_group_rules_client.SecurityGroupRulesClient(
+ _auth, **compute_params)
self.objects = object_client.ObjectClient(_auth,
**object_storage_params)
self.containers = container_client.ContainerClient(
@@ -917,7 +920,7 @@
# for each security group, create the rules
for rule in secgroup['rules']:
ip_proto, from_port, to_port, cidr = rule.split()
- client.secgroups.create_security_group_rule(
+ client.secrules.create_security_group_rule(
secgroup_id, ip_proto, from_port, to_port, cidr=cidr)
diff --git a/tempest/scenario/manager.py b/tempest/scenario/manager.py
index 03e572f..e77d07c 100644
--- a/tempest/scenario/manager.py
+++ b/tempest/scenario/manager.py
@@ -54,6 +54,8 @@
cls.keypairs_client = cls.manager.keypairs_client
# Nova security groups client
cls.security_groups_client = cls.manager.security_groups_client
+ cls.security_group_rules_client = (
+ cls.manager.security_group_rules_client)
cls.servers_client = cls.manager.servers_client
cls.volumes_client = cls.manager.volumes_client
cls.snapshots_client = cls.manager.snapshots_client
@@ -217,6 +219,7 @@
def _create_loginable_secgroup_rule(self, secgroup_id=None):
_client = self.security_groups_client
+ _client_rules = self.security_group_rules_client
if secgroup_id is None:
sgs = _client.list_security_groups()
for sg in sgs:
@@ -245,10 +248,10 @@
]
rules = list()
for ruleset in rulesets:
- sg_rule = _client.create_security_group_rule(secgroup_id,
- **ruleset)
+ sg_rule = _client_rules.create_security_group_rule(secgroup_id,
+ **ruleset)
self.addCleanup(self.delete_wrapper,
- _client.delete_security_group_rule,
+ _client_rules.delete_security_group_rule,
sg_rule['id'])
rules.append(sg_rule)
return rules
diff --git a/tempest/services/compute/json/security_group_rules_client.py b/tempest/services/compute/json/security_group_rules_client.py
new file mode 100644
index 0000000..f570eb7
--- /dev/null
+++ b/tempest/services/compute/json/security_group_rules_client.py
@@ -0,0 +1,68 @@
+# Copyright 2012 OpenStack Foundation
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import json
+
+from tempest_lib import exceptions as lib_exc
+
+from tempest.api_schema.response.compute.v2_1 import security_groups as schema
+from tempest.common import service_client
+
+
+class SecurityGroupRulesClient(service_client.ServiceClient):
+
+ def create_security_group_rule(self, parent_group_id, ip_proto, from_port,
+ to_port, **kwargs):
+ """
+ Creating a new security group rules.
+ parent_group_id :ID of Security group
+ ip_protocol : ip_proto (icmp, tcp, udp).
+ from_port: Port at start of range.
+ to_port : Port at end of range.
+ Following optional keyword arguments are accepted:
+ cidr : CIDR for address range.
+ group_id : ID of the Source group
+ """
+ post_body = {
+ 'parent_group_id': parent_group_id,
+ 'ip_protocol': ip_proto,
+ 'from_port': from_port,
+ 'to_port': to_port,
+ 'cidr': kwargs.get('cidr'),
+ 'group_id': kwargs.get('group_id'),
+ }
+ post_body = json.dumps({'security_group_rule': post_body})
+ url = 'os-security-group-rules'
+ resp, body = self.post(url, post_body)
+ body = json.loads(body)
+ self.validate_response(schema.create_security_group_rule, resp, body)
+ return service_client.ResponseBody(resp, body['security_group_rule'])
+
+ def delete_security_group_rule(self, group_rule_id):
+ """Deletes the provided Security Group rule."""
+ resp, body = self.delete('os-security-group-rules/%s' %
+ group_rule_id)
+ self.validate_response(schema.delete_security_group_rule, resp, body)
+ return service_client.ResponseBody(resp, body)
+
+ def list_security_group_rules(self, security_group_id):
+ """List all rules for a security group."""
+ resp, body = self.get('os-security-groups')
+ body = json.loads(body)
+ self.validate_response(schema.list_security_groups, resp, body)
+ for sg in body['security_groups']:
+ if sg['id'] == security_group_id:
+ return service_client.ResponseBodyList(resp, sg['rules'])
+ raise lib_exc.NotFound('No such Security Group')
diff --git a/tempest/services/compute/json/security_groups_client.py b/tempest/services/compute/json/security_groups_client.py
index 5a3d771..eec961c 100644
--- a/tempest/services/compute/json/security_groups_client.py
+++ b/tempest/services/compute/json/security_groups_client.py
@@ -86,50 +86,6 @@
self.validate_response(schema.delete_security_group, resp, body)
return service_client.ResponseBody(resp, body)
- def create_security_group_rule(self, parent_group_id, ip_proto, from_port,
- to_port, **kwargs):
- """
- Creating a new security group rules.
- parent_group_id :ID of Security group
- ip_protocol : ip_proto (icmp, tcp, udp).
- from_port: Port at start of range.
- to_port : Port at end of range.
- Following optional keyword arguments are accepted:
- cidr : CIDR for address range.
- group_id : ID of the Source group
- """
- post_body = {
- 'parent_group_id': parent_group_id,
- 'ip_protocol': ip_proto,
- 'from_port': from_port,
- 'to_port': to_port,
- 'cidr': kwargs.get('cidr'),
- 'group_id': kwargs.get('group_id'),
- }
- post_body = json.dumps({'security_group_rule': post_body})
- url = 'os-security-group-rules'
- resp, body = self.post(url, post_body)
- body = json.loads(body)
- self.validate_response(schema.create_security_group_rule, resp, body)
- return service_client.ResponseBody(resp, body['security_group_rule'])
-
- def delete_security_group_rule(self, group_rule_id):
- """Deletes the provided Security Group rule."""
- resp, body = self.delete('os-security-group-rules/%s' %
- group_rule_id)
- self.validate_response(schema.delete_security_group_rule, resp, body)
- return service_client.ResponseBody(resp, body)
-
- def list_security_group_rules(self, security_group_id):
- """List all rules for a security group."""
- resp, body = self.get('os-security-groups')
- body = json.loads(body)
- self.validate_response(schema.list_security_groups, resp, body)
- for sg in body['security_groups']:
- if sg['id'] == security_group_id:
- return service_client.ResponseBodyList(resp, sg['rules'])
- raise lib_exc.NotFound('No such Security Group')
-
def is_resource_deleted(self, id):
try:
self.show_security_group(id)
diff --git a/tempest/tests/common/test_service_clients.py b/tempest/tests/common/test_service_clients.py
index 695d4a4..3a0873c 100644
--- a/tempest/tests/common/test_service_clients.py
+++ b/tempest/tests/common/test_service_clients.py
@@ -40,6 +40,7 @@
from tempest.services.compute.json import quotas_client
from tempest.services.compute.json import security_group_default_rules_client \
as nova_secgrop_default_client
+from tempest.services.compute.json import security_group_rules_client
from tempest.services.compute.json import security_groups_client
from tempest.services.compute.json import server_groups_client
from tempest.services.compute.json import servers_client
@@ -130,6 +131,7 @@
quotas_client.QuotasClient,
quota_classes_client.QuotaClassesClient,
nova_secgrop_default_client.SecurityGroupDefaultRulesClient,
+ security_group_rules_client.SecurityGroupRulesClient,
security_groups_client.SecurityGroupsClient,
server_groups_client.ServerGroupsClient,
servers_client.ServersClient,