Split out Neutron security groups client
Splitting out a security groups client for Neutron.
Partially implements blueprint consistent-service-method-names
Change-Id: I88a43f44346671de5dfb759d07c4086cffa8d4d9
diff --git a/tempest/api/network/base.py b/tempest/api/network/base.py
index f1fd3e9..e155bd0 100644
--- a/tempest/api/network/base.py
+++ b/tempest/api/network/base.py
@@ -76,6 +76,7 @@
cls.ports_client = cls.os.ports_client
cls.quotas_client = cls.os.network_quotas_client
cls.floating_ips_client = cls.os.floating_ips_client
+ cls.security_groups_client = cls.os.security_groups_client
@classmethod
def resource_setup(cls):
diff --git a/tempest/api/network/base_security_groups.py b/tempest/api/network/base_security_groups.py
index 1cef2cc..1525e19 100644
--- a/tempest/api/network/base_security_groups.py
+++ b/tempest/api/network/base_security_groups.py
@@ -22,17 +22,18 @@
def _create_security_group(self):
# Create a security group
name = data_utils.rand_name('secgroup-')
- group_create_body = self.client.create_security_group(name=name)
+ group_create_body = (
+ self.security_groups_client.create_security_group(name=name))
self.addCleanup(self._delete_security_group,
group_create_body['security_group']['id'])
self.assertEqual(group_create_body['security_group']['name'], name)
return group_create_body, name
def _delete_security_group(self, secgroup_id):
- self.client.delete_security_group(secgroup_id)
+ self.security_groups_client.delete_security_group(secgroup_id)
# Asserting that the security group is not found in the list
# after deletion
- list_body = self.client.list_security_groups()
+ list_body = self.security_groups_client.list_security_groups()
secgroup_list = list()
for secgroup in list_body['security_groups']:
secgroup_list.append(secgroup['id'])
diff --git a/tempest/api/network/test_ports.py b/tempest/api/network/test_ports.py
index 43da1c4..4b28cc2 100644
--- a/tempest/api/network/test_ports.py
+++ b/tempest/api/network/test_ports.py
@@ -250,17 +250,19 @@
fixed_ip_1 = [{'subnet_id': subnet_1['id']}]
security_groups_list = list()
+ sec_grps_client = self.security_groups_client
for name in security_groups_names:
- group_create_body = self.client.create_security_group(
+ group_create_body = sec_grps_client.create_security_group(
name=name)
- self.addCleanup(self.client.delete_security_group,
+ self.addCleanup(self.security_groups_client.delete_security_group,
group_create_body['security_group']['id'])
security_groups_list.append(group_create_body['security_group']
['id'])
# Create a port
sec_grp_name = data_utils.rand_name('secgroup')
- security_group = self.client.create_security_group(name=sec_grp_name)
- self.addCleanup(self.client.delete_security_group,
+ security_group = sec_grps_client.create_security_group(
+ name=sec_grp_name)
+ self.addCleanup(self.security_groups_client.delete_security_group,
security_group['security_group']['id'])
post_body = {
"name": data_utils.rand_name('port-'),
diff --git a/tempest/api/network/test_security_groups.py b/tempest/api/network/test_security_groups.py
index ccc5232..cf45328 100644
--- a/tempest/api/network/test_security_groups.py
+++ b/tempest/api/network/test_security_groups.py
@@ -71,7 +71,7 @@
@test.idempotent_id('e30abd17-fef9-4739-8617-dc26da88e686')
def test_list_security_groups(self):
# Verify the that security group belonging to tenant exist in list
- body = self.client.list_security_groups()
+ body = self.security_groups_client.list_security_groups()
security_groups = body['security_groups']
found = None
for n in security_groups:
@@ -86,7 +86,7 @@
group_create_body, name = self._create_security_group()
# List security groups and verify if created group is there in response
- list_body = self.client.list_security_groups()
+ list_body = self.security_groups_client.list_security_groups()
secgroup_list = list()
for secgroup in list_body['security_groups']:
secgroup_list.append(secgroup['id'])
@@ -94,7 +94,7 @@
# Update the security group
new_name = data_utils.rand_name('security-')
new_description = data_utils.rand_name('security-description')
- update_body = self.client.update_security_group(
+ update_body = self.security_groups_client.update_security_group(
group_create_body['security_group']['id'],
name=new_name,
description=new_description)
@@ -103,7 +103,7 @@
self.assertEqual(update_body['security_group']['description'],
new_description)
# Show details of the updated security group
- show_body = self.client.show_security_group(
+ show_body = self.security_groups_client.show_security_group(
group_create_body['security_group']['id'])
self.assertEqual(show_body['security_group']['name'], new_name)
self.assertEqual(show_body['security_group']['description'],
diff --git a/tempest/api/network/test_security_groups_negative.py b/tempest/api/network/test_security_groups_negative.py
index f80ea59..58e39e9 100644
--- a/tempest/api/network/test_security_groups_negative.py
+++ b/tempest/api/network/test_security_groups_negative.py
@@ -38,8 +38,9 @@
@test.idempotent_id('424fd5c3-9ddc-486a-b45f-39bf0c820fc6')
def test_show_non_existent_security_group(self):
non_exist_id = str(uuid.uuid4())
- self.assertRaises(lib_exc.NotFound, self.client.show_security_group,
- non_exist_id)
+ self.assertRaises(
+ lib_exc.NotFound, self.security_groups_client.show_security_group,
+ non_exist_id)
@test.attr(type=['negative'])
@test.idempotent_id('4c094c09-000b-4e41-8100-9617600c02a6')
@@ -54,7 +55,7 @@
def test_delete_non_existent_security_group(self):
non_exist_id = str(uuid.uuid4())
self.assertRaises(lib_exc.NotFound,
- self.client.delete_security_group,
+ self.security_groups_client.delete_security_group,
non_exist_id
)
@@ -163,7 +164,7 @@
# Create security group named 'default', it should be failed.
name = 'default'
self.assertRaises(lib_exc.Conflict,
- self.client.create_security_group,
+ self.security_groups_client.create_security_group,
name=name)
@test.attr(type=['negative'])
diff --git a/tempest/clients.py b/tempest/clients.py
index a837ce1..53f4006 100644
--- a/tempest/clients.py
+++ b/tempest/clients.py
@@ -120,6 +120,8 @@
from tempest.services.network.json.ports_client import PortsClient
from tempest.services.network.json.quotas_client import QuotasClient \
as NetworkQuotasClient
+from tempest.services.network.json.security_groups_client import \
+ SecurityGroupsClient
from tempest.services.network.json.subnets_client import SubnetsClient
from tempest.services.object_storage.account_client import AccountClient
from tempest.services.object_storage.container_client import ContainerClient
@@ -267,6 +269,14 @@
build_interval=CONF.network.build_interval,
build_timeout=CONF.network.build_timeout,
**self.default_params)
+ self.security_groups_client = SecurityGroupsClient(
+ self.auth_provider,
+ CONF.network.catalog_type,
+ CONF.network.region or CONF.identity.region,
+ endpoint_type=CONF.network.endpoint_type,
+ build_interval=CONF.network.build_interval,
+ build_timeout=CONF.network.build_timeout,
+ **self.default_params)
self.messaging_client = MessagingClient(
self.auth_provider,
CONF.messaging.catalog_type,
diff --git a/tempest/cmd/cleanup_service.py b/tempest/cmd/cleanup_service.py
index 032b8b4..4158cc3 100644
--- a/tempest/cmd/cleanup_service.py
+++ b/tempest/cmd/cleanup_service.py
@@ -389,6 +389,7 @@
self.floating_ips_client = manager.floating_ips_client
self.metering_labels_client = manager.metering_labels_client
self.metering_label_rules_client = manager.metering_label_rules_client
+ self.security_groups_client = manager.security_groups_client
def _filter_by_conf_networks(self, item_list):
if not item_list or not all(('network_id' in i for i in item_list)):
@@ -654,7 +655,7 @@
class NetworkSecGroupService(NetworkService):
def list(self):
- client = self.client
+ client = self.security_groups_client
filter = self.tenant_filter
# cannot delete default sec group so never show it.
secgroups = [secgroup for secgroup in
diff --git a/tempest/common/dynamic_creds.py b/tempest/common/dynamic_creds.py
index c52aa41..5bbc93c 100644
--- a/tempest/common/dynamic_creds.py
+++ b/tempest/common/dynamic_creds.py
@@ -62,7 +62,8 @@
self.network_admin_client,
self.networks_admin_client,
self.subnets_admin_client,
- self.ports_admin_client) = self._get_admin_clients()
+ self.ports_admin_client,
+ self.security_groups_admin_client) = self._get_admin_clients()
# Domain where isolated credentials are provisioned (v3 only).
# Use that of the admin account is None is configured.
self.creds_domain_name = None
@@ -87,10 +88,11 @@
if self.identity_version == 'v2':
return (os.identity_client, os.tenants_client, os.roles_client,
os.network_client, os.networks_client, os.subnets_client,
- os.ports_client)
+ os.ports_client, os.security_groups_client)
else:
return (os.identity_v3_client, None, None, os.network_client,
- os.networks_client, os.subnets_client, os.ports_client)
+ os.networks_client, os.subnets_client, os.ports_client,
+ os.security_groups_client)
def _create_creds(self, suffix="", admin=False, roles=None):
"""Create random credentials under the following schema.
@@ -303,13 +305,13 @@
network_name)
def _cleanup_default_secgroup(self, tenant):
- net_client = self.network_admin_client
- resp_body = net_client.list_security_groups(tenant_id=tenant,
+ nsg_client = self.security_groups_admin_client
+ resp_body = nsg_client.list_security_groups(tenant_id=tenant,
name="default")
secgroups_to_delete = resp_body['security_groups']
for secgroup in secgroups_to_delete:
try:
- net_client.delete_security_group(secgroup['id'])
+ nsg_client.delete_security_group(secgroup['id'])
except lib_exc.NotFound:
LOG.warn('Security group %s, id %s not found for clean-up' %
(secgroup['name'], secgroup['id']))
diff --git a/tempest/scenario/manager.py b/tempest/scenario/manager.py
index c2159c3..6983036 100644
--- a/tempest/scenario/manager.py
+++ b/tempest/scenario/manager.py
@@ -67,6 +67,7 @@
cls.ports_client = cls.manager.ports_client
cls.subnets_client = cls.manager.subnets_client
cls.floating_ips_client = cls.manager.floating_ips_client
+ cls.security_groups_client = cls.manager.security_groups_client
# Heat client
cls.orchestration_client = cls.manager.orchestration_client
@@ -196,7 +197,7 @@
# to pass to create_port
if 'security_groups' in kwargs:
security_groups =\
- clients.network_client.list_security_groups(
+ clients.security_groups_client.list_security_groups(
).get('security_groups')
sec_dict = dict([(s['name'], s['id'])
for s in security_groups])
@@ -941,18 +942,22 @@
1)
def _create_security_group(self, client=None, tenant_id=None,
- namestart='secgroup-smoke'):
+ namestart='secgroup-smoke',
+ security_groups_client=None):
if client is None:
client = self.network_client
+ if security_groups_client is None:
+ security_groups_client = self.security_groups_client
if tenant_id is None:
- tenant_id = client.tenant_id
- secgroup = self._create_empty_security_group(namestart=namestart,
- client=client,
- tenant_id=tenant_id)
+ tenant_id = security_groups_client.tenant_id
+ secgroup = self._create_empty_security_group(
+ namestart=namestart, client=security_groups_client,
+ tenant_id=tenant_id)
# Add rules to the security group
- rules = self._create_loginable_secgroup_rule(client=client,
- secgroup=secgroup)
+ rules = self._create_loginable_secgroup_rule(
+ client=client, secgroup=secgroup,
+ security_groups_client=security_groups_client)
for rule in rules:
self.assertEqual(tenant_id, rule.tenant_id)
self.assertEqual(secgroup.id, rule.security_group_id)
@@ -970,7 +975,7 @@
:returns: DeletableSecurityGroup -- containing the secgroup created
"""
if client is None:
- client = self.network_client
+ client = self.security_groups_client
if not tenant_id:
tenant_id = client.tenant_id
sg_name = data_utils.rand_name(namestart)
@@ -995,7 +1000,7 @@
:returns: DeletableSecurityGroup -- default secgroup for given tenant
"""
if client is None:
- client = self.network_client
+ client = self.security_groups_client
if not tenant_id:
tenant_id = client.tenant_id
sgs = [
@@ -1008,7 +1013,8 @@
**sgs[0])
def _create_security_group_rule(self, secgroup=None, client=None,
- tenant_id=None, **kwargs):
+ tenant_id=None,
+ security_groups_client=None, **kwargs):
"""Create a rule from a dictionary of rule parameters.
Create a rule in a secgroup. if secgroup not defined will search for
@@ -1028,11 +1034,13 @@
"""
if client is None:
client = self.network_client
+ if security_groups_client is None:
+ security_groups_client = self.security_groups_client
if not tenant_id:
- tenant_id = client.tenant_id
+ tenant_id = security_groups_client.tenant_id
if secgroup is None:
- secgroup = self._default_security_group(client=client,
- tenant_id=tenant_id)
+ secgroup = self._default_security_group(
+ client=security_groups_client, tenant_id=tenant_id)
ruleset = dict(security_group_id=secgroup.id,
tenant_id=secgroup.tenant_id)
@@ -1049,7 +1057,8 @@
return sg_rule
- def _create_loginable_secgroup_rule(self, client=None, secgroup=None):
+ def _create_loginable_secgroup_rule(self, client=None, secgroup=None,
+ security_groups_client=None):
"""Create loginable security group rule
These rules are intended to permit inbound ssh and icmp
@@ -1060,6 +1069,8 @@
if client is None:
client = self.network_client
+ if security_groups_client is None:
+ security_groups_client = self.security_groups_client
rules = []
rulesets = [
dict(
@@ -1083,7 +1094,9 @@
ruleset['direction'] = r_direction
try:
sg_rule = self._create_security_group_rule(
- client=client, secgroup=secgroup, **ruleset)
+ client=client, secgroup=secgroup,
+ security_groups_client=security_groups_client,
+ **ruleset)
except lib_exc.Conflict as ex:
# if rule already exist - skip rule and continue
msg = 'Security group rule already exists'
diff --git a/tempest/scenario/test_security_groups_basic_ops.py b/tempest/scenario/test_security_groups_basic_ops.py
index 4e5a1e0..783b740 100644
--- a/tempest/scenario/test_security_groups_basic_ops.py
+++ b/tempest/scenario/test_security_groups_basic_ops.py
@@ -176,14 +176,14 @@
access_sg = self._create_empty_security_group(
namestart='secgroup_access-',
tenant_id=tenant.creds.tenant_id,
- client=tenant.manager.network_client
+ client=tenant.manager.security_groups_client
)
# don't use default secgroup since it allows in-tenant traffic
def_sg = self._create_empty_security_group(
namestart='secgroup_general-',
tenant_id=tenant.creds.tenant_id,
- client=tenant.manager.network_client
+ client=tenant.manager.security_groups_client
)
tenant.security_groups.update(access=access_sg, default=def_sg)
ssh_rule = dict(
@@ -464,7 +464,7 @@
new_sg = self._create_empty_security_group(
namestart='secgroup_new-',
tenant_id=new_tenant.creds.tenant_id,
- client=new_tenant.manager.network_client)
+ client=new_tenant.manager.security_groups_client)
icmp_rule = dict(
protocol='icmp',
direction='ingress',
diff --git a/tempest/services/network/json/network_client.py b/tempest/services/network/json/network_client.py
index 459891f..e8ac9cb 100644
--- a/tempest/services/network/json/network_client.py
+++ b/tempest/services/network/json/network_client.py
@@ -35,28 +35,6 @@
quotas
"""
- def create_security_group(self, **kwargs):
- uri = '/security-groups'
- post_data = {'security_group': kwargs}
- return self.create_resource(uri, post_data)
-
- def update_security_group(self, security_group_id, **kwargs):
- uri = '/security-groups/%s' % security_group_id
- post_data = {'security_group': kwargs}
- return self.update_resource(uri, post_data)
-
- def show_security_group(self, security_group_id, **fields):
- uri = '/security-groups/%s' % security_group_id
- return self.show_resource(uri, **fields)
-
- def delete_security_group(self, security_group_id):
- uri = '/security-groups/%s' % security_group_id
- return self.delete_resource(uri)
-
- def list_security_groups(self, **filters):
- uri = '/security-groups'
- return self.list_resources(uri, **filters)
-
def create_security_group_rule(self, **kwargs):
uri = '/security-group-rules'
post_data = {'security_group_rule': kwargs}
diff --git a/tempest/services/network/json/security_groups_client.py b/tempest/services/network/json/security_groups_client.py
new file mode 100644
index 0000000..a60d2a6
--- /dev/null
+++ b/tempest/services/network/json/security_groups_client.py
@@ -0,0 +1,38 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from tempest.services.network.json import base
+
+
+class SecurityGroupsClient(base.BaseNetworkClient):
+
+ def create_security_group(self, **kwargs):
+ uri = '/security-groups'
+ post_data = {'security_group': kwargs}
+ return self.create_resource(uri, post_data)
+
+ def update_security_group(self, security_group_id, **kwargs):
+ uri = '/security-groups/%s' % security_group_id
+ post_data = {'security_group': kwargs}
+ return self.update_resource(uri, post_data)
+
+ def show_security_group(self, security_group_id, **fields):
+ uri = '/security-groups/%s' % security_group_id
+ return self.show_resource(uri, **fields)
+
+ def delete_security_group(self, security_group_id):
+ uri = '/security-groups/%s' % security_group_id
+ return self.delete_resource(uri)
+
+ def list_security_groups(self, **filters):
+ uri = '/security-groups'
+ return self.list_resources(uri, **filters)
diff --git a/tempest/tests/common/test_dynamic_creds.py b/tempest/tests/common/test_dynamic_creds.py
index d520985..a55e556 100644
--- a/tempest/tests/common/test_dynamic_creds.py
+++ b/tempest/tests/common/test_dynamic_creds.py
@@ -396,15 +396,15 @@
port_list_mock.start()
secgroup_list_mock = mock.patch.object(
- creds.network_admin_client,
+ creds.security_groups_admin_client,
'list_security_groups',
side_effect=side_effect)
secgroup_list_mock.start()
return_values = (fake_http.fake_httplib({}, status=204), {})
remove_secgroup_mock = self.patch(
- 'tempest.services.network.json.network_client.'
- 'NetworkClient.delete', return_value=return_values)
+ 'tempest.services.network.json.security_groups_client.'
+ 'SecurityGroupsClient.delete', return_value=return_values)
creds.clear_creds()
# Verify default security group delete
calls = remove_secgroup_mock.mock_calls