Merge "Split out Neutron security group rules client"
diff --git a/tempest/api/compute/security_groups/test_security_group_rules.py b/tempest/api/compute/security_groups/test_security_group_rules.py
index 9aa59f7..38c294b 100644
--- a/tempest/api/compute/security_groups/test_security_group_rules.py
+++ b/tempest/api/compute/security_groups/test_security_group_rules.py
@@ -158,7 +158,9 @@
to_port=to_port2)['security_group_rule']
rule2_id = rule['id']
# Delete the Security Group rule2 at the end of this method
- self.addCleanup(self.client.delete_security_group_rule, rule2_id)
+ self.addCleanup(
+ self.security_group_rules_client.delete_security_group_rule,
+ rule2_id)
# Get rules of the created Security Group
rules = self.security_groups_client.show_security_group(
diff --git a/tempest/api/network/base.py b/tempest/api/network/base.py
index 81337f3..14a6358 100644
--- a/tempest/api/network/base.py
+++ b/tempest/api/network/base.py
@@ -76,6 +76,8 @@
cls.quotas_client = cls.os.network_quotas_client
cls.floating_ips_client = cls.os.floating_ips_client
cls.security_groups_client = cls.os.security_groups_client
+ cls.security_group_rules_client = (
+ cls.os.security_group_rules_client)
@classmethod
def resource_setup(cls):
diff --git a/tempest/api/network/base_security_groups.py b/tempest/api/network/base_security_groups.py
index 1525e19..3ea3aea 100644
--- a/tempest/api/network/base_security_groups.py
+++ b/tempest/api/network/base_security_groups.py
@@ -40,10 +40,11 @@
self.assertNotIn(secgroup_id, secgroup_list)
def _delete_security_group_rule(self, rule_id):
- self.client.delete_security_group_rule(rule_id)
+ self.security_group_rules_client.delete_security_group_rule(rule_id)
# Asserting that the security group is not found in the list
# after deletion
- list_body = self.client.list_security_group_rules()
+ list_body = (
+ self.security_group_rules_client.list_security_group_rules())
rules_list = list()
for rule in list_body['security_group_rules']:
rules_list.append(rule['id'])
diff --git a/tempest/api/network/test_security_groups.py b/tempest/api/network/test_security_groups.py
index cf45328..7d0765e 100644
--- a/tempest/api/network/test_security_groups.py
+++ b/tempest/api/network/test_security_groups.py
@@ -41,7 +41,8 @@
remote_ip_prefix=None):
# Create Security Group rule with the input params and validate
# that SG rule is created with the same parameters.
- rule_create_body = self.client.create_security_group_rule(
+ sec_group_rules_client = self.security_group_rules_client
+ rule_create_body = sec_group_rules_client.create_security_group_rule(
security_group_id=sg_id,
direction=direction,
ethertype=ethertype,
@@ -116,8 +117,9 @@
# Create rules for each protocol
protocols = ['tcp', 'udp', 'icmp']
+ client = self.security_group_rules_client
for protocol in protocols:
- rule_create_body = self.client.create_security_group_rule(
+ rule_create_body = client.create_security_group_rule(
security_group_id=group_create_body['security_group']['id'],
protocol=protocol,
direction='ingress',
@@ -125,7 +127,7 @@
)
# Show details of the created security rule
- show_rule_body = self.client.show_security_group_rule(
+ show_rule_body = client.show_security_group_rule(
rule_create_body['security_group_rule']['id']
)
create_dict = rule_create_body['security_group_rule']
@@ -135,7 +137,8 @@
"%s does not match." % key)
# List rules and verify created rule is in response
- rule_list_body = self.client.list_security_group_rules()
+ rule_list_body = (
+ self.security_group_rules_client.list_security_group_rules())
rule_list = [rule['id']
for rule in rule_list_body['security_group_rules']]
self.assertIn(rule_create_body['security_group_rule']['id'],
@@ -223,7 +226,8 @@
direction = 'ingress'
protocol = 17
security_group_id = group_create_body['security_group']['id']
- rule_create_body = self.client.create_security_group_rule(
+ client = self.security_group_rules_client
+ rule_create_body = client.create_security_group_rule(
security_group_id=security_group_id,
direction=direction,
protocol=protocol
diff --git a/tempest/api/network/test_security_groups_negative.py b/tempest/api/network/test_security_groups_negative.py
index 58e39e9..ff38e9e 100644
--- a/tempest/api/network/test_security_groups_negative.py
+++ b/tempest/api/network/test_security_groups_negative.py
@@ -46,9 +46,10 @@
@test.idempotent_id('4c094c09-000b-4e41-8100-9617600c02a6')
def test_show_non_existent_security_group_rule(self):
non_exist_id = str(uuid.uuid4())
- self.assertRaises(lib_exc.NotFound,
- self.client.show_security_group_rule,
- non_exist_id)
+ self.assertRaises(
+ lib_exc.NotFound,
+ self.security_group_rules_client.show_security_group_rule,
+ non_exist_id)
@test.attr(type=['negative'])
@test.idempotent_id('1f1bb89d-5664-4956-9fcd-83ee0fa603df')
@@ -67,7 +68,8 @@
# Create rule with bad protocol name
pname = 'bad_protocol_name'
self.assertRaises(
- lib_exc.BadRequest, self.client.create_security_group_rule,
+ lib_exc.BadRequest,
+ self.security_group_rules_client.create_security_group_rule,
security_group_id=group_create_body['security_group']['id'],
protocol=pname, direction='ingress', ethertype=self.ethertype)
@@ -80,7 +82,8 @@
prefix = ['192.168.1./24', '192.168.1.1/33', 'bad_prefix', '256']
for remote_ip_prefix in prefix:
self.assertRaises(
- lib_exc.BadRequest, self.client.create_security_group_rule,
+ lib_exc.BadRequest,
+ self.security_group_rules_client.create_security_group_rule,
security_group_id=group_create_body['security_group']['id'],
protocol='tcp', direction='ingress', ethertype=self.ethertype,
remote_ip_prefix=remote_ip_prefix)
@@ -95,7 +98,8 @@
group_ids = ['bad_group_id', non_exist_id]
for remote_group_id in group_ids:
self.assertRaises(
- lib_exc.NotFound, self.client.create_security_group_rule,
+ lib_exc.NotFound,
+ self.security_group_rules_client.create_security_group_rule,
security_group_id=group_create_body['security_group']['id'],
protocol='tcp', direction='ingress', ethertype=self.ethertype,
remote_group_id=remote_group_id)
@@ -109,7 +113,8 @@
# Create rule specifying both remote_ip_prefix and remote_group_id
prefix = self._tenant_network_cidr
self.assertRaises(
- lib_exc.BadRequest, self.client.create_security_group_rule,
+ lib_exc.BadRequest,
+ self.security_group_rules_client.create_security_group_rule,
security_group_id=sg1_body['security_group']['id'],
protocol='tcp', direction='ingress',
ethertype=self.ethertype, remote_ip_prefix=prefix,
@@ -123,7 +128,8 @@
# Create rule with bad ethertype
ethertype = 'bad_ethertype'
self.assertRaises(
- lib_exc.BadRequest, self.client.create_security_group_rule,
+ lib_exc.BadRequest,
+ self.security_group_rules_client.create_security_group_rule,
security_group_id=group_create_body['security_group']['id'],
protocol='udp', direction='ingress', ethertype=ethertype)
@@ -140,7 +146,8 @@
(-16, 65536, 'Invalid value for port')]
for pmin, pmax, msg in states:
ex = self.assertRaises(
- lib_exc.BadRequest, self.client.create_security_group_rule,
+ lib_exc.BadRequest,
+ self.security_group_rules_client.create_security_group_rule,
security_group_id=group_create_body['security_group']['id'],
protocol='tcp', port_range_min=pmin, port_range_max=pmax,
direction='ingress', ethertype=self.ethertype)
@@ -152,7 +159,8 @@
(300, 1, 'Invalid value for ICMP type')]
for pmin, pmax, msg in states:
ex = self.assertRaises(
- lib_exc.BadRequest, self.client.create_security_group_rule,
+ lib_exc.BadRequest,
+ self.security_group_rules_client.create_security_group_rule,
security_group_id=group_create_body['security_group']['id'],
protocol='icmp', port_range_min=pmin, port_range_max=pmax,
direction='ingress', ethertype=self.ethertype)
@@ -176,7 +184,7 @@
min_port = 66
max_port = 67
# Create a rule with valid params
- self.client.create_security_group_rule(
+ self.security_group_rules_client.create_security_group_rule(
security_group_id=body['security_group']['id'],
direction='ingress',
ethertype=self.ethertype,
@@ -187,7 +195,8 @@
# Try creating the same security group rule, it should fail
self.assertRaises(
- lib_exc.Conflict, self.client.create_security_group_rule,
+ lib_exc.Conflict,
+ self.security_group_rules_client.create_security_group_rule,
security_group_id=body['security_group']['id'],
protocol='tcp', direction='ingress', ethertype=self.ethertype,
port_range_min=min_port, port_range_max=max_port)
@@ -197,10 +206,11 @@
def test_create_security_group_rule_with_non_existent_security_group(self):
# Create security group rules with not existing security group.
non_existent_sg = str(uuid.uuid4())
- self.assertRaises(lib_exc.NotFound,
- self.client.create_security_group_rule,
- security_group_id=non_existent_sg,
- direction='ingress', ethertype=self.ethertype)
+ self.assertRaises(
+ lib_exc.NotFound,
+ self.security_group_rules_client.create_security_group_rule,
+ security_group_id=non_existent_sg,
+ direction='ingress', ethertype=self.ethertype)
class NegativeSecGroupIPv6Test(NegativeSecGroupTest):
@@ -221,7 +231,7 @@
self.assertRaisesRegexp(
lib_exc.BadRequest,
"Conflicting value ethertype",
- self.client.create_security_group_rule,
+ self.security_group_rules_client.create_security_group_rule,
security_group_id=group_create_body['security_group']['id'],
protocol='tcp', direction='ingress',
ethertype=pair['ethertype'],
diff --git a/tempest/clients.py b/tempest/clients.py
index 2c40d0c..2ff0629 100644
--- a/tempest/clients.py
+++ b/tempest/clients.py
@@ -124,6 +124,8 @@
from tempest.services.network.json.network_client import NetworkClient
from tempest.services.network.json.quotas_client import QuotasClient \
as NetworkQuotasClient
+from tempest.services.network.json.security_group_rules_client import \
+ SecurityGroupRulesClient
from tempest.services.network.json.security_groups_client import \
SecurityGroupsClient
from tempest.services.network.json.subnetpools_client import SubnetpoolsClient
@@ -310,6 +312,14 @@
build_interval=CONF.network.build_interval,
build_timeout=CONF.network.build_timeout,
**self.default_params)
+ self.security_group_rules_client = SecurityGroupRulesClient(
+ self.auth_provider,
+ CONF.network.catalog_type,
+ CONF.network.region or CONF.identity.region,
+ endpoint_type=CONF.network.endpoint_type,
+ build_interval=CONF.network.build_interval,
+ build_timeout=CONF.network.build_timeout,
+ **self.default_params)
self.security_groups_client = SecurityGroupsClient(
self.auth_provider,
CONF.network.catalog_type,
diff --git a/tempest/scenario/manager.py b/tempest/scenario/manager.py
index 37d0d10..f4e2185 100644
--- a/tempest/scenario/manager.py
+++ b/tempest/scenario/manager.py
@@ -69,6 +69,8 @@
cls.subnets_client = cls.manager.subnets_client
cls.floating_ips_client = cls.manager.floating_ips_client
cls.security_groups_client = cls.manager.security_groups_client
+ cls.security_group_rules_client = (
+ cls.manager.security_group_rules_client)
# Heat client
cls.orchestration_client = cls.manager.orchestration_client
@@ -940,11 +942,12 @@
CONF.validation.ping_timeout,
1)
- def _create_security_group(self, client=None, tenant_id=None,
+ def _create_security_group(self, security_group_rules_client=None,
+ tenant_id=None,
namestart='secgroup-smoke',
security_groups_client=None):
- if client is None:
- client = self.network_client
+ if security_group_rules_client is None:
+ security_group_rules_client = self.security_group_rules_client
if security_groups_client is None:
security_groups_client = self.security_groups_client
if tenant_id is None:
@@ -955,7 +958,8 @@
# Add rules to the security group
rules = self._create_loginable_secgroup_rule(
- client=client, secgroup=secgroup,
+ security_group_rules_client=security_group_rules_client,
+ secgroup=secgroup,
security_groups_client=security_groups_client)
for rule in rules:
self.assertEqual(tenant_id, rule.tenant_id)
@@ -1011,7 +1015,8 @@
return net_resources.DeletableSecurityGroup(client=client,
**sgs[0])
- def _create_security_group_rule(self, secgroup=None, client=None,
+ def _create_security_group_rule(self, secgroup=None,
+ sec_group_rules_client=None,
tenant_id=None,
security_groups_client=None, **kwargs):
"""Create a rule from a dictionary of rule parameters.
@@ -1031,8 +1036,8 @@
port_range_max: 22
}
"""
- if client is None:
- client = self.network_client
+ if sec_group_rules_client is None:
+ sec_group_rules_client = self.security_group_rules_client
if security_groups_client is None:
security_groups_client = self.security_groups_client
if not tenant_id:
@@ -1045,9 +1050,9 @@
tenant_id=secgroup.tenant_id)
ruleset.update(kwargs)
- sg_rule = client.create_security_group_rule(**ruleset)
+ sg_rule = sec_group_rules_client.create_security_group_rule(**ruleset)
sg_rule = net_resources.DeletableSecurityGroupRule(
- client=client,
+ client=sec_group_rules_client,
**sg_rule['security_group_rule']
)
self.addCleanup(self.delete_wrapper, sg_rule.delete)
@@ -1056,7 +1061,8 @@
return sg_rule
- def _create_loginable_secgroup_rule(self, client=None, secgroup=None,
+ def _create_loginable_secgroup_rule(self, security_group_rules_client=None,
+ secgroup=None,
security_groups_client=None):
"""Create loginable security group rule
@@ -1066,8 +1072,8 @@
belonging to the same security group.
"""
- if client is None:
- client = self.network_client
+ if security_group_rules_client is None:
+ security_group_rules_client = self.security_group_rules_client
if security_groups_client is None:
security_groups_client = self.security_groups_client
rules = []
@@ -1088,12 +1094,14 @@
ethertype='IPv6',
)
]
+ sec_group_rules_client = security_group_rules_client
for ruleset in rulesets:
for r_direction in ['ingress', 'egress']:
ruleset['direction'] = r_direction
try:
sg_rule = self._create_security_group_rule(
- client=client, secgroup=secgroup,
+ sec_group_rules_client=sec_group_rules_client,
+ secgroup=secgroup,
security_groups_client=security_groups_client,
**ruleset)
except lib_exc.Conflict as ex:
diff --git a/tempest/scenario/test_security_groups_basic_ops.py b/tempest/scenario/test_security_groups_basic_ops.py
index 8375d05..1bf4089 100644
--- a/tempest/scenario/test_security_groups_basic_ops.py
+++ b/tempest/scenario/test_security_groups_basic_ops.py
@@ -191,9 +191,11 @@
port_range_max=22,
direction='ingress',
)
- self._create_security_group_rule(secgroup=access_sg,
- client=tenant.manager.network_client,
- **ssh_rule)
+ sec_group_rules_client = tenant.manager.security_group_rules_client
+ self._create_security_group_rule(
+ secgroup=access_sg,
+ sec_group_rules_client=sec_group_rules_client,
+ **ssh_rule)
def _verify_network_details(self, tenant):
# Checks that we see the newly created network/subnet/router via
@@ -371,9 +373,11 @@
protocol='icmp',
direction='ingress'
)
+ sec_group_rules_client = (
+ dest_tenant.manager.security_group_rules_client)
self._create_security_group_rule(
secgroup=dest_tenant.security_groups['default'],
- client=dest_tenant.manager.network_client,
+ sec_group_rules_client=sec_group_rules_client,
**ruleset
)
access_point_ssh = self._connect_to_access_point(source_tenant)
@@ -385,9 +389,11 @@
self._test_cross_tenant_block(dest_tenant, source_tenant)
# allow reverse traffic and check
+ sec_group_rules_client = (
+ source_tenant.manager.security_group_rules_client)
self._create_security_group_rule(
secgroup=source_tenant.security_groups['default'],
- client=source_tenant.manager.network_client,
+ sec_group_rules_client=sec_group_rules_client,
**ruleset
)
@@ -468,9 +474,10 @@
protocol='icmp',
direction='ingress',
)
+ sec_group_rules_client = new_tenant.manager.security_group_rules_client
self._create_security_group_rule(
secgroup=new_sg,
- client=new_tenant.manager.network_client,
+ sec_group_rules_client=sec_group_rules_client,
**icmp_rule)
new_tenant.security_groups.update(new_sg=new_sg)
diff --git a/tempest/services/network/json/network_client.py b/tempest/services/network/json/network_client.py
index e8e21d2..1e944a6 100644
--- a/tempest/services/network/json/network_client.py
+++ b/tempest/services/network/json/network_client.py
@@ -35,23 +35,6 @@
quotas
"""
- def create_security_group_rule(self, **kwargs):
- uri = '/security-group-rules'
- post_data = {'security_group_rule': kwargs}
- return self.create_resource(uri, post_data)
-
- def show_security_group_rule(self, security_group_rule_id, **fields):
- uri = '/security-group-rules/%s' % security_group_rule_id
- return self.show_resource(uri, **fields)
-
- def delete_security_group_rule(self, security_group_rule_id):
- uri = '/security-group-rules/%s' % security_group_rule_id
- return self.delete_resource(uri)
-
- def list_security_group_rules(self, **filters):
- uri = '/security-group-rules'
- return self.list_resources(uri, **filters)
-
def show_extension(self, ext_alias, **fields):
uri = '/extensions/%s' % ext_alias
return self.show_resource(uri, **fields)
diff --git a/tempest/services/network/json/security_group_rules_client.py b/tempest/services/network/json/security_group_rules_client.py
new file mode 100644
index 0000000..b2ba5b2
--- /dev/null
+++ b/tempest/services/network/json/security_group_rules_client.py
@@ -0,0 +1,33 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from tempest.services.network.json import base
+
+
+class SecurityGroupRulesClient(base.BaseNetworkClient):
+
+ def create_security_group_rule(self, **kwargs):
+ uri = '/security-group-rules'
+ post_data = {'security_group_rule': kwargs}
+ return self.create_resource(uri, post_data)
+
+ def show_security_group_rule(self, security_group_rule_id, **fields):
+ uri = '/security-group-rules/%s' % security_group_rule_id
+ return self.show_resource(uri, **fields)
+
+ def delete_security_group_rule(self, security_group_rule_id):
+ uri = '/security-group-rules/%s' % security_group_rule_id
+ return self.delete_resource(uri)
+
+ def list_security_group_rules(self, **filters):
+ uri = '/security-group-rules'
+ return self.list_resources(uri, **filters)