Network fwaas API test
This patch implements basic CRUD (json/xml) API tests for -
firewall-rule api
firewall-policy api
firewall api
Change-Id: I97121ae92da00f84d05eba2b8992c0d77443fa6a
diff --git a/tempest/api/network/base.py b/tempest/api/network/base.py
index f92ad68..0eb73c9 100644
--- a/tempest/api/network/base.py
+++ b/tempest/api/network/base.py
@@ -79,9 +79,17 @@
cls.floating_ips = []
cls.metering_labels = []
cls.metering_label_rules = []
+ cls.fw_rules = []
+ cls.fw_policies = []
@classmethod
def tearDownClass(cls):
+ # Clean up firewall policies
+ for fw_policy in cls.fw_policies:
+ cls.client.delete_firewall_policy(fw_policy['id'])
+ # Clean up firewall rules
+ for fw_rule in cls.fw_rules:
+ cls.client.delete_firewall_rule(fw_rule['id'])
# Clean up ike policies
for ikepolicy in cls.ikepolicies:
cls.client.delete_ikepolicy(ikepolicy['id'])
@@ -296,6 +304,26 @@
cls.ikepolicies.append(ikepolicy)
return ikepolicy
+ @classmethod
+ def create_firewall_rule(cls, action, protocol):
+ """Wrapper utility that returns a test firewall rule."""
+ resp, body = cls.client.create_firewall_rule(
+ name=data_utils.rand_name("fw-rule"),
+ action=action,
+ protocol=protocol)
+ fw_rule = body['firewall_rule']
+ cls.fw_rules.append(fw_rule)
+ return fw_rule
+
+ @classmethod
+ def create_firewall_policy(cls):
+ """Wrapper utility that returns a test firewall policy."""
+ resp, body = cls.client.create_firewall_policy(
+ name=data_utils.rand_name("fw-policy"))
+ fw_policy = body['firewall_policy']
+ cls.fw_policies.append(fw_policy)
+ return fw_policy
+
class BaseAdminNetworkTest(BaseNetworkTest):
diff --git a/tempest/api/network/test_fwaas_extensions.py b/tempest/api/network/test_fwaas_extensions.py
new file mode 100644
index 0000000..0647069
--- /dev/null
+++ b/tempest/api/network/test_fwaas_extensions.py
@@ -0,0 +1,207 @@
+# Copyright 2014 NEC Corporation. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from tempest.api.network import base
+from tempest.common.utils import data_utils
+from tempest import exceptions
+from tempest import test
+
+
+class FWaaSExtensionTestJSON(base.BaseNetworkTest):
+ _interface = 'json'
+
+ """
+ Tests the following operations in the Neutron API using the REST client for
+ Neutron:
+
+ List firewall rules
+ Create firewall rule
+ Update firewall rule
+ Delete firewall rule
+ Show firewall rule
+ List firewall policies
+ Create firewall policy
+ Update firewall policy
+ Delete firewall policy
+ Show firewall policy
+ List firewall
+ Create firewall
+ Update firewall
+ Delete firewall
+ Show firewall
+ """
+
+ @classmethod
+ def setUpClass(cls):
+ super(FWaaSExtensionTestJSON, cls).setUpClass()
+ if not test.is_extension_enabled('fwaas', 'network'):
+ msg = "FWaaS Extension not enabled."
+ raise cls.skipException(msg)
+ cls.fw_rule = cls.create_firewall_rule("allow", "tcp")
+ cls.fw_policy = cls.create_firewall_policy()
+
+ def _try_delete_policy(self, policy_id):
+ # delete policy, if it exists
+ try:
+ self.client.delete_firewall_policy(policy_id)
+ # if policy is not found, this means it was deleted in the test
+ except exceptions.NotFound:
+ pass
+
+ def _try_delete_firewall(self, fw_id):
+ # delete firewall, if it exists
+ try:
+ self.client.delete_firewall(fw_id)
+ # if firewall is not found, this means it was deleted in the test
+ except exceptions.NotFound:
+ pass
+
+ @test.attr(type='smoke')
+ def test_list_firewall_rules(self):
+ # List firewall rules
+ resp, fw_rules = self.client.list_firewall_rules()
+ self.assertEqual('200', resp['status'])
+ fw_rules = fw_rules['firewall_rules']
+ self.assertIn((self.fw_rule['id'],
+ self.fw_rule['name'],
+ self.fw_rule['action'],
+ self.fw_rule['protocol'],
+ self.fw_rule['ip_version'],
+ self.fw_rule['enabled']),
+ [(m['id'],
+ m['name'],
+ m['action'],
+ m['protocol'],
+ m['ip_version'],
+ m['enabled']) for m in fw_rules])
+
+ @test.attr(type='smoke')
+ def test_create_update_delete_firewall_rule(self):
+ # Create firewall rule
+ resp, body = self.client.create_firewall_rule(
+ name=data_utils.rand_name("fw-rule"),
+ action="allow",
+ protocol="tcp")
+ self.assertEqual('201', resp['status'])
+ fw_rule_id = body['firewall_rule']['id']
+
+ # Update firewall rule
+ resp, body = self.client.update_firewall_rule(fw_rule_id,
+ shared=True)
+ self.assertEqual('200', resp['status'])
+ self.assertTrue(body["firewall_rule"]['shared'])
+
+ # Delete firewall rule
+ resp, _ = self.client.delete_firewall_rule(fw_rule_id)
+ self.assertEqual('204', resp['status'])
+ # Confirm deletion
+ resp, fw_rules = self.client.list_firewall_rules()
+ self.assertNotIn(fw_rule_id,
+ [m['id'] for m in fw_rules['firewall_rules']])
+
+ @test.attr(type='smoke')
+ def test_show_firewall_rule(self):
+ # show a created firewall rule
+ resp, fw_rule = self.client.show_firewall_rule(self.fw_rule['id'])
+ self.assertEqual('200', resp['status'])
+ for key, value in fw_rule['firewall_rule'].iteritems():
+ self.assertEqual(self.fw_rule[key], value)
+
+ @test.attr(type='smoke')
+ def test_list_firewall_policies(self):
+ resp, fw_policies = self.client.list_firewall_policies()
+ self.assertEqual('200', resp['status'])
+ fw_policies = fw_policies['firewall_policies']
+ self.assertIn((self.fw_policy['id'],
+ self.fw_policy['name'],
+ self.fw_policy['firewall_rules']),
+ [(m['id'],
+ m['name'],
+ m['firewall_rules']) for m in fw_policies])
+
+ @test.attr(type='smoke')
+ def test_create_update_delete_firewall_policy(self):
+ # Create firewall policy
+ resp, body = self.client.create_firewall_policy(
+ name=data_utils.rand_name("fw-policy"))
+ self.assertEqual('201', resp['status'])
+ fw_policy_id = body['firewall_policy']['id']
+ self.addCleanup(self._try_delete_policy, fw_policy_id)
+
+ # Update firewall policy
+ resp, body = self.client.update_firewall_policy(fw_policy_id,
+ shared=True,
+ name="updated_policy")
+ self.assertEqual('200', resp['status'])
+ updated_fw_policy = body["firewall_policy"]
+ self.assertTrue(updated_fw_policy['shared'])
+ self.assertEqual("updated_policy", updated_fw_policy['name'])
+
+ # Delete firewall policy
+ resp, _ = self.client.delete_firewall_policy(fw_policy_id)
+ self.assertEqual('204', resp['status'])
+ # Confirm deletion
+ resp, fw_policies = self.client.list_firewall_policies()
+ fw_policies = fw_policies['firewall_policies']
+ self.assertNotIn(fw_policy_id, [m['id'] for m in fw_policies])
+
+ @test.attr(type='smoke')
+ def test_show_firewall_policy(self):
+ # show a created firewall policy
+ resp, fw_policy = self.client.show_firewall_policy(
+ self.fw_policy['id'])
+ self.assertEqual('200', resp['status'])
+ fw_policy = fw_policy['firewall_policy']
+ for key, value in fw_policy.iteritems():
+ self.assertEqual(self.fw_policy[key], value)
+
+ @test.attr(type='smoke')
+ def test_create_show_delete_firewall(self):
+ # Create firewall
+ resp, body = self.client.create_firewall(
+ name=data_utils.rand_name("firewall"),
+ firewall_policy_id=self.fw_policy['id'])
+ self.assertEqual('201', resp['status'])
+ created_firewall = body['firewall']
+ firewall_id = created_firewall['id']
+ self.addCleanup(self._try_delete_firewall, firewall_id)
+
+ # show a created firewall
+ resp, firewall = self.client.show_firewall(firewall_id)
+ self.assertEqual('200', resp['status'])
+ firewall = firewall['firewall']
+ for key, value in firewall.iteritems():
+ self.assertEqual(created_firewall[key], value)
+
+ # list firewall
+ resp, firewalls = self.client.list_firewalls()
+ self.assertEqual('200', resp['status'])
+ firewalls = firewalls['firewalls']
+ self.assertIn((created_firewall['id'],
+ created_firewall['name'],
+ created_firewall['firewall_policy_id']),
+ [(m['id'],
+ m['name'],
+ m['firewall_policy_id']) for m in firewalls])
+
+ # Delete firewall
+ resp, _ = self.client.delete_firewall(firewall_id)
+ self.assertEqual('204', resp['status'])
+ # Confirm deletion
+ # TODO(raies): Confirm deletion can be done only when,
+ # deleted firewall status is not "PENDING_DELETE".
+
+
+class FWaaSExtensionTestXML(FWaaSExtensionTestJSON):
+ _interface = 'xml'
diff --git a/tempest/services/network/network_client_base.py b/tempest/services/network/network_client_base.py
index e21abe1..34c61b0 100644
--- a/tempest/services/network/network_client_base.py
+++ b/tempest/services/network/network_client_base.py
@@ -31,12 +31,15 @@
'vpnservices': 'vpn',
'ikepolicies': 'vpn',
'metering_labels': 'metering',
- 'metering_label_rules': 'metering'
+ 'metering_label_rules': 'metering',
+ 'firewall_rules': 'fw',
+ 'firewall_policies': 'fw',
+ 'firewalls': 'fw'
}
# The following list represents resource names that do not require
# changing underscore to a hyphen
-hyphen_exceptions = ["health_monitors"]
+hyphen_exceptions = ["health_monitors", "firewall_rules", "firewall_policies"]
# map from resource name to a plural name
# needed only for those which can't be constructed as name + 's'
@@ -44,7 +47,8 @@
'security_groups': 'security_groups',
'security_group_rules': 'security_group_rules',
'ikepolicy': 'ikepolicies',
- 'quotas': 'quotas'
+ 'quotas': 'quotas',
+ 'firewall_policy': 'firewall_policies'
}