Fixes bug #1016042 - New tests for security groups
Change-Id: Ic0695db8f4f254b78c569b5bcaa053465e9f38bc
diff --git a/tempest/services/nova/json/servers_client.py b/tempest/services/nova/json/servers_client.py
index d6873e4..031259f 100644
--- a/tempest/services/nova/json/servers_client.py
+++ b/tempest/services/nova/json/servers_client.py
@@ -353,3 +353,25 @@
resp, body = self.delete('servers/%s/os-volume_attachments/%s' %
(server_id, volume_id))
return resp, body
+
+ def add_security_group(self, server_id, security_group_name):
+ """Adds a security group to the server"""
+ post_body = {
+ 'addSecurityGroup': {
+ 'name': security_group_name
+ }
+ }
+ post_body = json.dumps(post_body)
+ return self.post('servers/%s/action' % server_id,
+ post_body, self.headers)
+
+ def remove_security_group(self, server_id, security_group_name):
+ """Removes a security group from the server"""
+ post_body = {
+ 'removeSecurityGroup': {
+ 'name': security_group_name
+ }
+ }
+ post_body = json.dumps(post_body)
+ return self.post('servers/%s/action' % server_id,
+ post_body, self.headers)
diff --git a/tempest/tests/compute/test_security_groups.py b/tempest/tests/compute/test_security_groups.py
index aa1c017..70018b5 100644
--- a/tempest/tests/compute/test_security_groups.py
+++ b/tempest/tests/compute/test_security_groups.py
@@ -254,3 +254,60 @@
else:
self.fail('Should not be able to delete a Security Group'
'with out passing ID')
+
+ def test_server_security_groups(self):
+ """
+ Checks that security groups may be added and linked to a server
+ and not deleted if the server is active.
+ """
+ # Create a couple security groups that we will use
+ # for the server resource this test creates
+ sg_name = rand_name('sg')
+ sg_desc = rand_name('sg-desc')
+ resp, sg = self.client.create_security_group(sg_name, sg_desc)
+ sg_id = sg['id']
+
+ sg2_name = rand_name('sg')
+ sg2_desc = rand_name('sg-desc')
+ resp, sg2 = self.client.create_security_group(sg2_name, sg2_desc)
+ sg2_id = sg2['id']
+
+ # Create server and add the security group created
+ # above to the server we just created
+ server_name = rand_name('server')
+ resp, server = self.servers_client.create_server(server_name,
+ self.image_ref,
+ self.flavor_ref)
+ server_id = server['id']
+ self.servers_client.wait_for_server_status(server_id, 'ACTIVE')
+ resp, body = self.servers_client.add_security_group(server_id,
+ sg_name)
+
+ # Check that we are not able to delete the security
+ # group since it is in use by an active server
+ self.assertRaises(exceptions.BadRequest,
+ self.client.delete_security_group,
+ sg_id)
+
+ # Reboot and add the other security group
+ resp, body = self.servers_client.reboot(server_id, 'HARD')
+ self.servers_client.wait_for_server_status(server_id, 'ACTIVE')
+ resp, body = self.servers_client.add_security_group(server_id,
+ sg2_name)
+
+ # Check that we are not able to delete the other security
+ # group since it is in use by an active server
+ self.assertRaises(exceptions.BadRequest,
+ self.client.delete_security_group,
+ sg2_id)
+
+ # Shutdown the server and then verify we can destroy the
+ # security groups, since no active server instance is using them
+ self.servers_client.delete_server(server_id)
+ self.servers_client.wait_for_server_termination(server_id)
+
+ self.client.delete_security_group(sg_id)
+ self.assertEqual(202, resp.status)
+
+ self.client.delete_security_group(sg2_id)
+ self.assertEqual(202, resp.status)