diff --git a/.gitignore b/.gitignore index 963e589..3c71a79 100644 --- a/.gitignore +++ b/.gitignore @@ -27,7 +27,7 @@ !.coveragerc .tox nosetests.xml -.testrepository +.stestr .venv # Translations diff --git a/.stestr.conf b/.stestr.conf new file mode 100644 index 0000000..4dedb28 --- /dev/null +++ b/.stestr.conf @@ -0,0 +1,3 @@ +[DEFAULT] +test_path=${OS_TEST_PATH:-./cinder_tempest_plugin} +top_dir=./ diff --git a/.testr.conf b/.testr.conf deleted file mode 100644 index 6d83b3c..0000000 --- a/.testr.conf +++ /dev/null @@ -1,7 +0,0 @@ -[DEFAULT] -test_command=OS_STDOUT_CAPTURE=${OS_STDOUT_CAPTURE:-1} \ - OS_STDERR_CAPTURE=${OS_STDERR_CAPTURE:-1} \ - OS_TEST_TIMEOUT=${OS_TEST_TIMEOUT:-60} \ - ${PYTHON:-python} -m subunit.run discover -t ./ . $LISTOPT $IDOPTION -test_id_option=--load-list $IDFILE -test_list_option=--list diff --git a/.zuul.yaml b/.zuul.yaml index 2a04353..27001af 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -9,9 +9,9 @@ voting: false - cinder-tempest-plugin-lvm-tgt-barbican - cinder-tempest-plugin-cbak-ceph + - cinder-tempest-plugin-basic-victoria - cinder-tempest-plugin-basic-ussuri - cinder-tempest-plugin-basic-train - - cinder-tempest-plugin-basic-stein gate: jobs: - cinder-tempest-plugin-lvm-lio-barbican @@ -23,12 +23,6 @@ description: | This is a base job for lvm with lio & tgt targets parent: devstack-tempest - # TODO(gmann): Remove the below nodeset setting to Bionic once - # https://storyboard.openstack.org/#!/story/2007732 is fixed - # Once nodeset is removed form here then devstack-tempest job - # will automatically run this job on Ubuntu Focal nodeset from - # Victoria gate onwards. - nodeset: openstack-single-node-bionic timeout: 10800 roles: - zuul: opendev.org/openstack/cinderlib @@ -55,6 +49,10 @@ devstack_local_conf: test-config: $TEMPEST_CONFIG: + auth: + # FIXME: 'creator' should be re-added by the barbican devstack plugin + # but the value below override everything. + tempest_roles: member,creator volume-feature-enabled: volume_revert: True devstack_services: @@ -143,6 +141,12 @@ - ^releasenotes/.*$ - job: + name: cinder-tempest-plugin-basic-victoria + parent: cinder-tempest-plugin-basic + nodeset: openstack-single-node-focal + override-checkout: stable/victoria + +- job: name: cinder-tempest-plugin-basic-ussuri parent: cinder-tempest-plugin-basic nodeset: openstack-single-node-bionic @@ -156,12 +160,3 @@ vars: devstack_localrc: USE_PYTHON3: True - -- job: - name: cinder-tempest-plugin-basic-stein - parent: cinder-tempest-plugin-basic - nodeset: openstack-single-node-bionic - override-checkout: stable/stein - vars: - devstack_localrc: - USE_PYTHON3: True diff --git a/cinder_tempest_plugin/api/volume/admin/test_consistencygroups.py b/cinder_tempest_plugin/api/volume/admin/test_consistencygroups.py index 15d19dc..7dff494 100644 --- a/cinder_tempest_plugin/api/volume/admin/test_consistencygroups.py +++ b/cinder_tempest_plugin/api/volume/admin/test_consistencygroups.py @@ -78,20 +78,20 @@ self.consistencygroups_adm_client.create_consistencygroup) cg = create_consistencygroup(volume_type['id'], name=cg_name)['consistencygroup'] - vol_name = data_utils.rand_name("volume") - params = {'name': vol_name, - 'volume_type': volume_type['id'], - 'consistencygroup_id': cg['id'], - 'size': CONF.volume.volume_size} - - # Create volume - volume = self.admin_volume_client.create_volume(**params)['volume'] - - waiters.wait_for_volume_resource_status(self.admin_volume_client, - volume['id'], 'available') - self.consistencygroups_adm_client.wait_for_consistencygroup_status( - cg['id'], 'available') - self.assertEqual(cg_name, cg['name']) + self.consistencygroups_adm_client.wait_for_consistencygroup_status( + cg['id'], 'available') + self.assertEqual(cg_name, cg['name']) + + # Create volume + vol_name = data_utils.rand_name("volume") + params = {'name': vol_name, + 'volume_type': volume_type['id'], + 'consistencygroup_id': cg['id'], + 'size': CONF.volume.volume_size} + + volume = self.admin_volume_client.create_volume(**params)['volume'] + waiters.wait_for_volume_resource_status(self.admin_volume_client, + volume['id'], 'available') # Get a given CG cg = self.consistencygroups_adm_client.show_consistencygroup( @@ -122,19 +122,19 @@ self.consistencygroups_adm_client.create_consistencygroup) cg = create_consistencygroup(volume_type['id'], name=cg_name)['consistencygroup'] - vol_name = data_utils.rand_name("volume") - params = {'name': vol_name, - 'volume_type': volume_type['id'], - 'consistencygroup_id': cg['id'], - 'size': CONF.volume.volume_size} - - # Create volume - volume = self.admin_volume_client.create_volume(**params)['volume'] - waiters.wait_for_volume_resource_status(self.admin_volume_client, - volume['id'], 'available') - self.consistencygroups_adm_client.wait_for_consistencygroup_status( - cg['id'], 'available') - self.assertEqual(cg_name, cg['name']) + self.consistencygroups_adm_client.wait_for_consistencygroup_status( + cg['id'], 'available') + self.assertEqual(cg_name, cg['name']) + + # Create volume + vol_name = data_utils.rand_name("volume") + params = {'name': vol_name, + 'volume_type': volume_type['id'], + 'consistencygroup_id': cg['id'], + 'size': CONF.volume.volume_size} + volume = self.admin_volume_client.create_volume(**params)['volume'] + waiters.wait_for_volume_resource_status(self.admin_volume_client, + volume['id'], 'available') # Create cgsnapshot cgsnapshot_name = data_utils.rand_name('cgsnapshot') @@ -142,6 +142,9 @@ self.consistencygroups_adm_client.create_cgsnapshot) cgsnapshot = create_cgsnapshot(cg['id'], name=cgsnapshot_name)['cgsnapshot'] + self.consistencygroups_adm_client.wait_for_cgsnapshot_status( + cgsnapshot['id'], 'available') + self.assertEqual(cgsnapshot_name, cgsnapshot['name']) snapshots = self.os_admin.snapshots_v2_client.list_snapshots( detail=True)['snapshots'] for snap in snapshots: @@ -149,9 +152,6 @@ waiters.wait_for_volume_resource_status( self.os_admin.snapshots_v2_client, snap['id'], 'available') - self.consistencygroups_adm_client.wait_for_cgsnapshot_status( - cgsnapshot['id'], 'available') - self.assertEqual(cgsnapshot_name, cgsnapshot['name']) # Get a given CG snapshot cgsnapshot = self.consistencygroups_adm_client.show_cgsnapshot( @@ -182,19 +182,19 @@ self.consistencygroups_adm_client.create_consistencygroup) cg = create_consistencygroup(volume_type['id'], name=cg_name)['consistencygroup'] - vol_name = data_utils.rand_name("volume") - params = {'name': vol_name, - 'volume_type': volume_type['id'], - 'consistencygroup_id': cg['id'], - 'size': CONF.volume.volume_size} - - # Create volume - volume = self.admin_volume_client.create_volume(**params)['volume'] - waiters.wait_for_volume_resource_status(self.admin_volume_client, - volume['id'], 'available') - self.consistencygroups_adm_client.wait_for_consistencygroup_status( - cg['id'], 'available') - self.assertEqual(cg_name, cg['name']) + self.consistencygroups_adm_client.wait_for_consistencygroup_status( + cg['id'], 'available') + self.assertEqual(cg_name, cg['name']) + + # Create volume + vol_name = data_utils.rand_name("volume") + params = {'name': vol_name, + 'volume_type': volume_type['id'], + 'consistencygroup_id': cg['id'], + 'size': CONF.volume.volume_size} + volume = self.admin_volume_client.create_volume(**params)['volume'] + waiters.wait_for_volume_resource_status(self.admin_volume_client, + volume['id'], 'available') # Create cgsnapshot cgsnapshot_name = data_utils.rand_name('cgsnapshot') @@ -202,15 +202,15 @@ self.consistencygroups_adm_client.create_cgsnapshot) cgsnapshot = create_cgsnapshot(cg['id'], name=cgsnapshot_name)['cgsnapshot'] + self.consistencygroups_adm_client.wait_for_cgsnapshot_status( + cgsnapshot['id'], 'available') + self.assertEqual(cgsnapshot_name, cgsnapshot['name']) snapshots = self.snapshots_client.list_snapshots( detail=True)['snapshots'] for snap in snapshots: if volume['id'] == snap['volume_id']: waiters.wait_for_volume_resource_status( self.os_admin.snapshots_v2_client, snap['id'], 'available') - self.consistencygroups_adm_client.wait_for_cgsnapshot_status( - cgsnapshot['id'], 'available') - self.assertEqual(cgsnapshot_name, cgsnapshot['name']) # Create CG from CG snapshot cg_name2 = data_utils.rand_name('CG_from_snap') @@ -218,15 +218,15 @@ self.consistencygroups_adm_client.create_consistencygroup_from_src) cg2 = create_consistencygroup2(cgsnapshot_id=cgsnapshot['id'], name=cg_name2)['consistencygroup'] + self.consistencygroups_adm_client.wait_for_consistencygroup_status( + cg2['id'], 'available') + self.assertEqual(cg_name2, cg2['name']) vols = self.admin_volume_client.list_volumes( detail=True)['volumes'] for vol in vols: if vol['consistencygroup_id'] == cg2['id']: waiters.wait_for_volume_resource_status( self.admin_volume_client, vol['id'], 'available') - self.consistencygroups_adm_client.wait_for_consistencygroup_status( - cg2['id'], 'available') - self.assertEqual(cg_name2, cg2['name']) # Clean up self._delete_consistencygroup(cg2['id']) @@ -247,19 +247,19 @@ self.consistencygroups_adm_client.create_consistencygroup) cg = create_consistencygroup(volume_type['id'], name=cg_name)['consistencygroup'] - vol_name = data_utils.rand_name("volume") - params = {'name': vol_name, - 'volume_type': volume_type['id'], - 'consistencygroup_id': cg['id'], - 'size': CONF.volume.volume_size} - - # Create volume - volume = self.admin_volume_client.create_volume(**params)['volume'] - waiters.wait_for_volume_resource_status(self.admin_volume_client, - volume['id'], 'available') - self.consistencygroups_adm_client.wait_for_consistencygroup_status( - cg['id'], 'available') - self.assertEqual(cg_name, cg['name']) + self.consistencygroups_adm_client.wait_for_consistencygroup_status( + cg['id'], 'available') + self.assertEqual(cg_name, cg['name']) + + # Create volume + vol_name = data_utils.rand_name("volume") + params = {'name': vol_name, + 'volume_type': volume_type['id'], + 'consistencygroup_id': cg['id'], + 'size': CONF.volume.volume_size} + volume = self.admin_volume_client.create_volume(**params)['volume'] + waiters.wait_for_volume_resource_status(self.admin_volume_client, + volume['id'], 'available') # Create CG from CG cg_name2 = data_utils.rand_name('CG_from_cg') @@ -267,15 +267,15 @@ self.consistencygroups_adm_client.create_consistencygroup_from_src) cg2 = create_consistencygroup2(source_cgid=cg['id'], name=cg_name2)['consistencygroup'] + self.consistencygroups_adm_client.wait_for_consistencygroup_status( + cg2['id'], 'available') + self.assertEqual(cg_name2, cg2['name']) vols = self.admin_volume_client.list_volumes( detail=True)['volumes'] for vol in vols: if vol['consistencygroup_id'] == cg2['id']: waiters.wait_for_volume_resource_status( self.admin_volume_client, vol['id'], 'available') - self.consistencygroups_adm_client.wait_for_consistencygroup_status( - cg2['id'], 'available') - self.assertEqual(cg_name2, cg2['name']) # Clean up self._delete_consistencygroup(cg2['id']) diff --git a/cinder_tempest_plugin/api/volume/test_volume_unicode.py b/cinder_tempest_plugin/api/volume/test_volume_unicode.py index 35d0a54..ff6473a 100644 --- a/cinder_tempest_plugin/api/volume/test_volume_unicode.py +++ b/cinder_tempest_plugin/api/volume/test_volume_unicode.py @@ -57,6 +57,7 @@ return volume + @decorators.idempotent_id('2d7e2e49-150e-4849-a18e-79f9777c9a96') def test_create_delete_unicode_volume_name(self): """Create a volume with a unicode name and view it.""" @@ -68,6 +69,7 @@ @testtools.skipUnless(CONF.volume_feature_enabled.snapshot, "Cinder volume snapshots are disabled") @decorators.related_bug('1393871') + @decorators.idempotent_id('332be44d-5418-4fb3-a8f0-a3587de6929f') def test_snapshot_create_volume_description_non_ascii_code(self): # Create a volume with non-ascii description description = u'\u05e7\u05d9\u05d9\u05e4\u05e9' diff --git a/cinder_tempest_plugin/scenario/manager.py b/cinder_tempest_plugin/scenario/manager.py new file mode 100644 index 0000000..70c25ae --- /dev/null +++ b/cinder_tempest_plugin/scenario/manager.py @@ -0,0 +1,1106 @@ +# TODO: Remove this file when tempest scenario manager becomes stable +# Copyright 2012 OpenStack Foundation +# Copyright 2013 IBM Corp. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import netaddr +from oslo_log import log +from oslo_serialization import jsonutils as json +from oslo_utils import netutils + +from tempest.common import compute +from tempest.common import image as common_image +from tempest.common.utils.linux import remote_client +from tempest.common import waiters +from tempest import config +from tempest import exceptions +from tempest.lib.common import api_microversion_fixture +from tempest.lib.common import api_version_utils +from tempest.lib.common.utils import data_utils +from tempest.lib.common.utils import test_utils +from tempest.lib import exceptions as lib_exc +import tempest.test + +CONF = config.CONF + +LOG = log.getLogger(__name__) + +LATEST_MICROVERSION = 'latest' + + +class ScenarioTest(tempest.test.BaseTestCase): + """Base class for scenario tests. Uses tempest own clients. """ + + credentials = ['primary'] + + compute_min_microversion = None + compute_max_microversion = LATEST_MICROVERSION + volume_min_microversion = None + volume_max_microversion = LATEST_MICROVERSION + placement_min_microversion = None + placement_max_microversion = LATEST_MICROVERSION + + @classmethod + def skip_checks(cls): + super(ScenarioTest, cls).skip_checks() + api_version_utils.check_skip_with_microversion( + cls.compute_min_microversion, cls.compute_max_microversion, + CONF.compute.min_microversion, CONF.compute.max_microversion) + api_version_utils.check_skip_with_microversion( + cls.volume_min_microversion, cls.volume_max_microversion, + CONF.volume.min_microversion, CONF.volume.max_microversion) + api_version_utils.check_skip_with_microversion( + cls.placement_min_microversion, cls.placement_max_microversion, + CONF.placement.min_microversion, CONF.placement.max_microversion) + + @classmethod + def resource_setup(cls): + super(ScenarioTest, cls).resource_setup() + cls.compute_request_microversion = ( + api_version_utils.select_request_microversion( + cls.compute_min_microversion, + CONF.compute.min_microversion)) + cls.volume_request_microversion = ( + api_version_utils.select_request_microversion( + cls.volume_min_microversion, + CONF.volume.min_microversion)) + cls.placement_request_microversion = ( + api_version_utils.select_request_microversion( + cls.placement_min_microversion, + CONF.placement.min_microversion)) + + def setUp(self): + super(ScenarioTest, self).setUp() + self.useFixture(api_microversion_fixture.APIMicroversionFixture( + compute_microversion=self.compute_request_microversion, + volume_microversion=self.volume_request_microversion, + placement_microversion=self.placement_request_microversion)) + + @classmethod + def setup_clients(cls): + super(ScenarioTest, cls).setup_clients() + # Clients (in alphabetical order) + cls.flavors_client = cls.os_primary.flavors_client + cls.compute_floating_ips_client = ( + cls.os_primary.compute_floating_ips_client) + if CONF.service_available.glance: + # Check if glance v1 is available to determine which client to use. + if CONF.image_feature_enabled.api_v1: + cls.image_client = cls.os_primary.image_client + elif CONF.image_feature_enabled.api_v2: + cls.image_client = cls.os_primary.image_client_v2 + else: + raise lib_exc.InvalidConfiguration( + 'Either api_v1 or api_v2 must be True in ' + '[image-feature-enabled].') + # Compute image client + cls.compute_images_client = cls.os_primary.compute_images_client + cls.keypairs_client = cls.os_primary.keypairs_client + # Nova security groups client + cls.compute_security_groups_client = ( + cls.os_primary.compute_security_groups_client) + cls.compute_security_group_rules_client = ( + cls.os_primary.compute_security_group_rules_client) + cls.servers_client = cls.os_primary.servers_client + cls.interface_client = cls.os_primary.interfaces_client + # Neutron network client + cls.networks_client = cls.os_primary.networks_client + cls.ports_client = cls.os_primary.ports_client + cls.routers_client = cls.os_primary.routers_client + cls.subnets_client = cls.os_primary.subnets_client + cls.floating_ips_client = cls.os_primary.floating_ips_client + cls.security_groups_client = cls.os_primary.security_groups_client + cls.security_group_rules_client = ( + cls.os_primary.security_group_rules_client) + # Use the latest available volume clients + if CONF.service_available.cinder: + cls.volumes_client = cls.os_primary.volumes_client_latest + cls.snapshots_client = cls.os_primary.snapshots_client_latest + cls.backups_client = cls.os_primary.backups_client_latest + + # ## Test functions library + # + # The create_[resource] functions only return body and discard the + # resp part which is not used in scenario tests + + def create_keypair(self, client=None): + if not client: + client = self.keypairs_client + name = data_utils.rand_name(self.__class__.__name__) + # We don't need to create a keypair by pubkey in scenario + body = client.create_keypair(name=name) + self.addCleanup(client.delete_keypair, name) + return body['keypair'] + + def create_server(self, name=None, image_id=None, flavor=None, + validatable=False, wait_until='ACTIVE', + clients=None, **kwargs): + """Wrapper utility that returns a test server. + + This wrapper utility calls the common create test server and + returns a test server. The purpose of this wrapper is to minimize + the impact on the code of the tests already using this + function. + + :param **kwargs: + See extra parameters below + + :Keyword Arguments: + * *vnic_type* (``string``) -- + used when launching instances with pre-configured ports. + Examples: + normal: a traditional virtual port that is either attached + to a linux bridge or an openvswitch bridge on a + compute node. + direct: an SR-IOV port that is directly attached to a VM + macvtap: an SR-IOV port that is attached to a VM via a macvtap + device. + Defaults to ``CONF.network.port_vnic_type``. + * *port_profile* (``dict``) -- + This attribute is a dictionary that can be used (with admin + credentials) to supply information influencing the binding of + the port. + example: port_profile = "capabilities:[switchdev]" + Defaults to ``CONF.network.port_profile``. + """ + + # NOTE(jlanoux): As a first step, ssh checks in the scenario + # tests need to be run regardless of the run_validation and + # validatable parameters and thus until the ssh validation job + # becomes voting in CI. The test resources management and IP + # association are taken care of in the scenario tests. + # Therefore, the validatable parameter is set to false in all + # those tests. In this way create_server just return a standard + # server and the scenario tests always perform ssh checks. + + # Needed for the cross_tenant_traffic test: + if clients is None: + clients = self.os_primary + + if name is None: + name = data_utils.rand_name(self.__class__.__name__ + "-server") + + vnic_type = kwargs.pop('vnic_type', CONF.network.port_vnic_type) + profile = kwargs.pop('port_profile', CONF.network.port_profile) + + # If vnic_type or profile are configured create port for + # every network + if vnic_type or profile: + ports = [] + create_port_body = {} + + if vnic_type: + create_port_body['binding:vnic_type'] = vnic_type + + if profile: + create_port_body['binding:profile'] = profile + + if kwargs: + # Convert security group names to security group ids + # to pass to create_port + if 'security_groups' in kwargs: + security_groups = \ + clients.security_groups_client.list_security_groups( + ).get('security_groups') + sec_dict = dict([(s['name'], s['id']) + for s in security_groups]) + + sec_groups_names = [s['name'] for s in kwargs.pop( + 'security_groups')] + security_groups_ids = [sec_dict[s] + for s in sec_groups_names] + + if security_groups_ids: + create_port_body[ + 'security_groups'] = security_groups_ids + networks = kwargs.pop('networks', []) + else: + networks = [] + + # If there are no networks passed to us we look up + # for the project's private networks and create a port. + # The same behaviour as we would expect when passing + # the call to the clients with no networks + if not networks: + networks = clients.networks_client.list_networks( + **{'router:external': False, 'fields': 'id'})['networks'] + + # It's net['uuid'] if networks come from kwargs + # and net['id'] if they come from + # clients.networks_client.list_networks + for net in networks: + net_id = net.get('uuid', net.get('id')) + if 'port' not in net: + port = self.create_port(network_id=net_id, + client=clients.ports_client, + **create_port_body) + ports.append({'port': port['id']}) + else: + ports.append({'port': net['port']}) + if ports: + kwargs['networks'] = ports + self.ports = ports + + tenant_network = self.get_tenant_network() + + if CONF.compute.compute_volume_common_az: + kwargs.setdefault('availability_zone', + CONF.compute.compute_volume_common_az) + + body, _ = compute.create_test_server( + clients, + tenant_network=tenant_network, + wait_until=wait_until, + name=name, flavor=flavor, + image_id=image_id, **kwargs) + + self.addCleanup(waiters.wait_for_server_termination, + clients.servers_client, body['id']) + self.addCleanup(test_utils.call_and_ignore_notfound_exc, + clients.servers_client.delete_server, body['id']) + server = clients.servers_client.show_server(body['id'])['server'] + return server + + def create_volume(self, size=None, name=None, snapshot_id=None, + imageRef=None, volume_type=None): + if size is None: + size = CONF.volume.volume_size + if imageRef: + if CONF.image_feature_enabled.api_v1: + resp = self.image_client.check_image(imageRef) + image = common_image.get_image_meta_from_headers(resp) + else: + image = self.image_client.show_image(imageRef) + min_disk = image.get('min_disk') + size = max(size, min_disk) + if name is None: + name = data_utils.rand_name(self.__class__.__name__ + "-volume") + kwargs = {'display_name': name, + 'snapshot_id': snapshot_id, + 'imageRef': imageRef, + 'volume_type': volume_type, + 'size': size} + + if CONF.compute.compute_volume_common_az: + kwargs.setdefault('availability_zone', + CONF.compute.compute_volume_common_az) + + volume = self.volumes_client.create_volume(**kwargs)['volume'] + + self.addCleanup(self.volumes_client.wait_for_resource_deletion, + volume['id']) + self.addCleanup(test_utils.call_and_ignore_notfound_exc, + self.volumes_client.delete_volume, volume['id']) + self.assertEqual(name, volume['name']) + waiters.wait_for_volume_resource_status(self.volumes_client, + volume['id'], 'available') + # The volume retrieved on creation has a non-up-to-date status. + # Retrieval after it becomes active ensures correct details. + volume = self.volumes_client.show_volume(volume['id'])['volume'] + return volume + + def create_backup(self, volume_id, name=None, description=None, + force=False, snapshot_id=None, incremental=False, + container=None): + + name = name or data_utils.rand_name( + self.__class__.__name__ + "-backup") + kwargs = {'name': name, + 'description': description, + 'force': force, + 'snapshot_id': snapshot_id, + 'incremental': incremental, + 'container': container} + backup = self.backups_client.create_backup(volume_id=volume_id, + **kwargs)['backup'] + self.addCleanup(self.backups_client.delete_backup, backup['id']) + waiters.wait_for_volume_resource_status(self.backups_client, + backup['id'], 'available') + return backup + + def restore_backup(self, backup_id): + restore = self.backups_client.restore_backup(backup_id)['restore'] + self.addCleanup(self.volumes_client.delete_volume, + restore['volume_id']) + waiters.wait_for_volume_resource_status(self.backups_client, + backup_id, 'available') + waiters.wait_for_volume_resource_status(self.volumes_client, + restore['volume_id'], + 'available') + self.assertEqual(backup_id, restore['backup_id']) + return restore + + def create_volume_snapshot(self, volume_id, name=None, description=None, + metadata=None, force=False): + name = name or data_utils.rand_name( + self.__class__.__name__ + '-snapshot') + snapshot = self.snapshots_client.create_snapshot( + volume_id=volume_id, + force=force, + display_name=name, + description=description, + metadata=metadata)['snapshot'] + self.addCleanup(self.snapshots_client.wait_for_resource_deletion, + snapshot['id']) + self.addCleanup(self.snapshots_client.delete_snapshot, snapshot['id']) + waiters.wait_for_volume_resource_status(self.snapshots_client, + snapshot['id'], 'available') + snapshot = self.snapshots_client.show_snapshot( + snapshot['id'])['snapshot'] + return snapshot + + def _cleanup_volume_type(self, volume_type): + """Clean up a given volume type. + + Ensuring all volumes associated to a type are first removed before + attempting to remove the type itself. This includes any image volume + cache volumes stored in a separate tenant to the original volumes + created from the type. + """ + admin_volume_type_client = self.os_admin.volume_types_client_latest + admin_volumes_client = self.os_admin.volumes_client_latest + volumes = admin_volumes_client.list_volumes( + detail=True, params={'all_tenants': 1})['volumes'] + type_name = volume_type['name'] + for volume in [v for v in volumes if v['volume_type'] == type_name]: + test_utils.call_and_ignore_notfound_exc( + admin_volumes_client.delete_volume, volume['id']) + admin_volumes_client.wait_for_resource_deletion(volume['id']) + admin_volume_type_client.delete_volume_type(volume_type['id']) + + def create_volume_type(self, client=None, name=None, backend_name=None): + if not client: + client = self.os_admin.volume_types_client_latest + if not name: + class_name = self.__class__.__name__ + name = data_utils.rand_name(class_name + '-volume-type') + randomized_name = data_utils.rand_name('scenario-type-' + name) + + LOG.debug("Creating a volume type: %s on backend %s", + randomized_name, backend_name) + extra_specs = {} + if backend_name: + extra_specs = {"volume_backend_name": backend_name} + + volume_type = client.create_volume_type( + name=randomized_name, extra_specs=extra_specs)['volume_type'] + self.addCleanup(self._cleanup_volume_type, volume_type) + return volume_type + + def _create_loginable_secgroup_rule(self, secgroup_id=None): + _client = self.compute_security_groups_client + _client_rules = self.compute_security_group_rules_client + if secgroup_id is None: + sgs = _client.list_security_groups()['security_groups'] + for sg in sgs: + if sg['name'] == 'default': + secgroup_id = sg['id'] + + # These rules are intended to permit inbound ssh and icmp + # traffic from all sources, so no group_id is provided. + # Setting a group_id would only permit traffic from ports + # belonging to the same security group. + rulesets = [ + { + # ssh + 'ip_protocol': 'tcp', + 'from_port': 22, + 'to_port': 22, + 'cidr': '0.0.0.0/0', + }, + { + # ping + 'ip_protocol': 'icmp', + 'from_port': -1, + 'to_port': -1, + 'cidr': '0.0.0.0/0', + } + ] + rules = list() + for ruleset in rulesets: + sg_rule = _client_rules.create_security_group_rule( + parent_group_id=secgroup_id, **ruleset)['security_group_rule'] + rules.append(sg_rule) + return rules + + def _create_security_group(self): + # Create security group + sg_name = data_utils.rand_name(self.__class__.__name__) + sg_desc = sg_name + " description" + secgroup = self.compute_security_groups_client.create_security_group( + name=sg_name, description=sg_desc)['security_group'] + self.assertEqual(secgroup['name'], sg_name) + self.assertEqual(secgroup['description'], sg_desc) + self.addCleanup( + test_utils.call_and_ignore_notfound_exc, + self.compute_security_groups_client.delete_security_group, + secgroup['id']) + + # Add rules to the security group + self._create_loginable_secgroup_rule(secgroup['id']) + + return secgroup + + def get_remote_client(self, ip_address, username=None, private_key=None, + server=None): + """Get a SSH client to a remote server + + :param ip_address: the server floating or fixed IP address to use + for ssh validation + :param username: name of the Linux account on the remote server + :param private_key: the SSH private key to use + :param server: server dict, used for debugging purposes + :return: a RemoteClient object + """ + + if username is None: + username = CONF.validation.image_ssh_user + # Set this with 'keypair' or others to log in with keypair or + # username/password. + if CONF.validation.auth_method == 'keypair': + password = None + if private_key is None: + private_key = self.keypair['private_key'] + else: + password = CONF.validation.image_ssh_password + private_key = None + linux_client = remote_client.RemoteClient( + ip_address, username, pkey=private_key, password=password, + server=server, servers_client=self.servers_client) + linux_client.validate_authentication() + return linux_client + + def _log_net_info(self, exc): + # network debug is called as part of ssh init + if not isinstance(exc, lib_exc.SSHTimeout): + LOG.debug('Network information on a devstack host') + + def create_server_snapshot(self, server, name=None): + # Glance client + _image_client = self.image_client + # Compute client + _images_client = self.compute_images_client + if name is None: + name = data_utils.rand_name(self.__class__.__name__ + 'snapshot') + LOG.debug("Creating a snapshot image for server: %s", server['name']) + image = _images_client.create_image(server['id'], name=name) + image_id = image.response['location'].split('images/')[1] + waiters.wait_for_image_status(_image_client, image_id, 'active') + + self.addCleanup(_image_client.wait_for_resource_deletion, + image_id) + self.addCleanup(test_utils.call_and_ignore_notfound_exc, + _image_client.delete_image, image_id) + + if CONF.image_feature_enabled.api_v1: + # In glance v1 the additional properties are stored in the headers. + resp = _image_client.check_image(image_id) + snapshot_image = common_image.get_image_meta_from_headers(resp) + image_props = snapshot_image.get('properties', {}) + else: + # In glance v2 the additional properties are flattened. + snapshot_image = _image_client.show_image(image_id) + image_props = snapshot_image + + bdm = image_props.get('block_device_mapping') + if bdm: + bdm = json.loads(bdm) + if bdm and 'snapshot_id' in bdm[0]: + snapshot_id = bdm[0]['snapshot_id'] + self.addCleanup( + self.snapshots_client.wait_for_resource_deletion, + snapshot_id) + self.addCleanup(test_utils.call_and_ignore_notfound_exc, + self.snapshots_client.delete_snapshot, + snapshot_id) + waiters.wait_for_volume_resource_status(self.snapshots_client, + snapshot_id, + 'available') + image_name = snapshot_image['name'] + self.assertEqual(name, image_name) + LOG.debug("Created snapshot image %s for server %s", + image_name, server['name']) + return snapshot_image + + def nova_volume_attach(self, server, volume_to_attach): + volume = self.servers_client.attach_volume( + server['id'], volumeId=volume_to_attach['id'], device='/dev/%s' + % CONF.compute.volume_device_name)['volumeAttachment'] + self.assertEqual(volume_to_attach['id'], volume['id']) + waiters.wait_for_volume_resource_status(self.volumes_client, + volume['id'], 'in-use') + + # Return the updated volume after the attachment + return self.volumes_client.show_volume(volume['id'])['volume'] + + def nova_volume_detach(self, server, volume): + self.servers_client.detach_volume(server['id'], volume['id']) + waiters.wait_for_volume_resource_status(self.volumes_client, + volume['id'], 'available') + + def check_vm_connectivity(self, ip_address, + username=None, + private_key=None, + should_connect=True, + extra_msg="", + server=None, + mtu=None): + """Check server connectivity + + :param ip_address: server to test against + :param username: server's ssh username + :param private_key: server's ssh private key to be used + :param should_connect: True/False indicates positive/negative test + positive - attempt ping and ssh + negative - attempt ping and fail if succeed + :param extra_msg: Message to help with debugging if ``ping_ip_address`` + fails + :param server: The server whose console to log for debugging + :param mtu: network MTU to use for connectivity validation + + :raises: AssertError if the result of the connectivity check does + not match the value of the should_connect param + """ + LOG.debug('checking network connections to IP %s with user: %s', + ip_address, username) + if should_connect: + msg = "Timed out waiting for %s to become reachable" % ip_address + else: + msg = "ip address %s is reachable" % ip_address + if extra_msg: + msg = "%s\n%s" % (extra_msg, msg) + self.assertTrue(self.ping_ip_address(ip_address, + should_succeed=should_connect, + mtu=mtu, server=server), + msg=msg) + if should_connect: + # no need to check ssh for negative connectivity + try: + self.get_remote_client(ip_address, username, private_key, + server=server) + except Exception: + if not extra_msg: + extra_msg = 'Failed to ssh to %s' % ip_address + LOG.exception(extra_msg) + raise + + def create_floating_ip(self, thing, pool_name=None): + """Create a floating IP and associates to a server on Nova""" + + if not pool_name: + pool_name = CONF.network.floating_network_name + floating_ip = (self.compute_floating_ips_client. + create_floating_ip(pool=pool_name)['floating_ip']) + self.addCleanup(test_utils.call_and_ignore_notfound_exc, + self.compute_floating_ips_client.delete_floating_ip, + floating_ip['id']) + self.compute_floating_ips_client.associate_floating_ip_to_server( + floating_ip['ip'], thing['id']) + return floating_ip + + def create_timestamp(self, ip_address, dev_name=None, mount_path='/mnt', + private_key=None, server=None): + ssh_client = self.get_remote_client(ip_address, + private_key=private_key, + server=server) + if dev_name is not None: + ssh_client.make_fs(dev_name) + ssh_client.exec_command('sudo mount /dev/%s %s' % (dev_name, + mount_path)) + cmd_timestamp = 'sudo sh -c "date > %s/timestamp; sync"' % mount_path + ssh_client.exec_command(cmd_timestamp) + timestamp = ssh_client.exec_command('sudo cat %s/timestamp' + % mount_path) + if dev_name is not None: + ssh_client.exec_command('sudo umount %s' % mount_path) + return timestamp + + def get_timestamp(self, ip_address, dev_name=None, mount_path='/mnt', + private_key=None, server=None): + ssh_client = self.get_remote_client(ip_address, + private_key=private_key, + server=server) + if dev_name is not None: + ssh_client.mount(dev_name, mount_path) + timestamp = ssh_client.exec_command('sudo cat %s/timestamp' + % mount_path) + if dev_name is not None: + ssh_client.exec_command('sudo umount %s' % mount_path) + return timestamp + + def get_server_ip(self, server): + """Get the server fixed or floating IP. + + Based on the configuration we're in, return a correct ip + address for validating that a guest is up. + """ + if CONF.validation.connect_method == 'floating': + # The tests calling this method don't have a floating IP + # and can't make use of the validation resources. So the + # method is creating the floating IP there. + return self.create_floating_ip(server)['ip'] + elif CONF.validation.connect_method == 'fixed': + # Determine the network name to look for based on config or creds + # provider network resources. + if CONF.validation.network_for_ssh: + addresses = server['addresses'][ + CONF.validation.network_for_ssh] + else: + network = self.get_tenant_network() + addresses = (server['addresses'][network['name']] + if network else []) + for address in addresses: + if (address['version'] == CONF.validation.ip_version_for_ssh and # noqa + address['OS-EXT-IPS:type'] == 'fixed'): + return address['addr'] + raise exceptions.ServerUnreachable(server_id=server['id']) + else: + raise lib_exc.InvalidConfiguration() + + @classmethod + def get_host_for_server(cls, server_id): + server_details = cls.os_admin.servers_client.show_server(server_id) + return server_details['server']['OS-EXT-SRV-ATTR:host'] + + def _get_bdm(self, source_id, source_type, delete_on_termination=False): + bd_map_v2 = [{ + 'uuid': source_id, + 'source_type': source_type, + 'destination_type': 'volume', + 'boot_index': 0, + 'delete_on_termination': delete_on_termination}] + return {'block_device_mapping_v2': bd_map_v2} + + def boot_instance_from_resource(self, source_id, + source_type, + keypair=None, + security_group=None, + delete_on_termination=False, + name=None): + create_kwargs = dict() + if keypair: + create_kwargs['key_name'] = keypair['name'] + if security_group: + create_kwargs['security_groups'] = [ + {'name': security_group['name']}] + create_kwargs.update(self._get_bdm( + source_id, + source_type, + delete_on_termination=delete_on_termination)) + if name: + create_kwargs['name'] = name + + return self.create_server(image_id='', **create_kwargs) + + def create_volume_from_image(self): + img_uuid = CONF.compute.image_ref + vol_name = data_utils.rand_name( + self.__class__.__name__ + '-volume-origin') + return self.create_volume(name=vol_name, imageRef=img_uuid) + + +class NetworkScenarioTest(ScenarioTest): + """Base class for network scenario tests. + + This class provide helpers for network scenario tests, using the neutron + API. Helpers from ancestor which use the nova network API are overridden + with the neutron API. + + This Class also enforces using Neutron instead of novanetwork. + Subclassed tests will be skipped if Neutron is not enabled + + """ + + credentials = ['primary', 'admin'] + + @classmethod + def skip_checks(cls): + super(NetworkScenarioTest, cls).skip_checks() + if not CONF.service_available.neutron: + raise cls.skipException('Neutron not available') + + def _create_network(self, networks_client=None, + tenant_id=None, + namestart='network-smoke-', + port_security_enabled=True, **net_dict): + if not networks_client: + networks_client = self.networks_client + if not tenant_id: + tenant_id = networks_client.tenant_id + name = data_utils.rand_name(namestart) + network_kwargs = dict(name=name, tenant_id=tenant_id) + if net_dict: + network_kwargs.update(net_dict) + # Neutron disables port security by default so we have to check the + # config before trying to create the network with port_security_enabled + if CONF.network_feature_enabled.port_security: + network_kwargs['port_security_enabled'] = port_security_enabled + result = networks_client.create_network(**network_kwargs) + network = result['network'] + + self.assertEqual(network['name'], name) + self.addCleanup(test_utils.call_and_ignore_notfound_exc, + networks_client.delete_network, + network['id']) + return network + + def create_subnet(self, network, subnets_client=None, + namestart='subnet-smoke', **kwargs): + """Create a subnet for the given network + + within the cidr block configured for tenant networks. + """ + if not subnets_client: + subnets_client = self.subnets_client + + def cidr_in_use(cidr, tenant_id): + """Check cidr existence + + :returns: True if subnet with cidr already exist in tenant + False else + """ + cidr_in_use = self.os_admin.subnets_client.list_subnets( + tenant_id=tenant_id, cidr=cidr)['subnets'] + return len(cidr_in_use) != 0 + + ip_version = kwargs.pop('ip_version', 4) + + if ip_version == 6: + tenant_cidr = netaddr.IPNetwork( + CONF.network.project_network_v6_cidr) + num_bits = CONF.network.project_network_v6_mask_bits + else: + tenant_cidr = netaddr.IPNetwork(CONF.network.project_network_cidr) + num_bits = CONF.network.project_network_mask_bits + + result = None + str_cidr = None + # Repeatedly attempt subnet creation with sequential cidr + # blocks until an unallocated block is found. + for subnet_cidr in tenant_cidr.subnet(num_bits): + str_cidr = str(subnet_cidr) + if cidr_in_use(str_cidr, tenant_id=network['tenant_id']): + continue + + subnet = dict( + name=data_utils.rand_name(namestart), + network_id=network['id'], + tenant_id=network['tenant_id'], + cidr=str_cidr, + ip_version=ip_version, + **kwargs + ) + try: + result = subnets_client.create_subnet(**subnet) + break + except lib_exc.Conflict as e: + is_overlapping_cidr = 'overlaps with another subnet' in str(e) + if not is_overlapping_cidr: + raise + self.assertIsNotNone(result, 'Unable to allocate tenant network') + + subnet = result['subnet'] + self.assertEqual(subnet['cidr'], str_cidr) + + self.addCleanup(test_utils.call_and_ignore_notfound_exc, + subnets_client.delete_subnet, subnet['id']) + + return subnet + + def _get_server_port_id_and_ip4(self, server, ip_addr=None): + if ip_addr: + ports = self.os_admin.ports_client.list_ports( + device_id=server['id'], + fixed_ips='ip_address=%s' % ip_addr)['ports'] + else: + ports = self.os_admin.ports_client.list_ports( + device_id=server['id'])['ports'] + # A port can have more than one IP address in some cases. + # If the network is dual-stack (IPv4 + IPv6), this port is associated + # with 2 subnets + p_status = ['ACTIVE'] + # NOTE(vsaienko) With Ironic, instances live on separate hardware + # servers. Neutron does not bind ports for Ironic instances, as a + # result the port remains in the DOWN state. + # TODO(vsaienko) remove once bug: #1599836 is resolved. + if getattr(CONF.service_available, 'ironic', False): + p_status.append('DOWN') + port_map = [(p["id"], fxip["ip_address"]) + for p in ports + for fxip in p["fixed_ips"] + if (netutils.is_valid_ipv4(fxip["ip_address"]) and + p['status'] in p_status)] + inactive = [p for p in ports if p['status'] != 'ACTIVE'] + if inactive: + LOG.warning("Instance has ports that are not ACTIVE: %s", inactive) + + self.assertNotEmpty(port_map, + "No IPv4 addresses found in: %s" % ports) + self.assertEqual(len(port_map), 1, + "Found multiple IPv4 addresses: %s. " + "Unable to determine which port to target." + % port_map) + return port_map[0] + + def _get_network_by_name(self, network_name): + net = self.os_admin.networks_client.list_networks( + name=network_name)['networks'] + self.assertNotEmpty(net, + "Unable to get network by name: %s" % network_name) + return net[0] + + def create_floating_ip(self, thing, external_network_id=None, + port_id=None, client=None): + """Create a floating IP and associates to a resource/port on Neutron""" + if not external_network_id: + external_network_id = CONF.network.public_network_id + if not client: + client = self.floating_ips_client + if not port_id: + port_id, ip4 = self._get_server_port_id_and_ip4(thing) + else: + ip4 = None + result = client.create_floatingip( + floating_network_id=external_network_id, + port_id=port_id, + tenant_id=thing['tenant_id'], + fixed_ip_address=ip4 + ) + floating_ip = result['floatingip'] + self.addCleanup(test_utils.call_and_ignore_notfound_exc, + client.delete_floatingip, + floating_ip['id']) + return floating_ip + + def check_floating_ip_status(self, floating_ip, status): + """Verifies floatingip reaches the given status + + :param dict floating_ip: floating IP dict to check status + :param status: target status + :raises: AssertionError if status doesn't match + """ + floatingip_id = floating_ip['id'] + + def refresh(): + result = (self.floating_ips_client. + show_floatingip(floatingip_id)['floatingip']) + return status == result['status'] + + if not test_utils.call_until_true(refresh, + CONF.network.build_timeout, + CONF.network.build_interval): + floating_ip = self.floating_ips_client.show_floatingip( + floatingip_id)['floatingip'] + self.assertEqual(status, floating_ip['status'], + message="FloatingIP: {fp} is at status: {cst}. " + "failed to reach status: {st}" + .format(fp=floating_ip, cst=floating_ip['status'], + st=status)) + LOG.info("FloatingIP: {fp} is at status: {st}" + .format(fp=floating_ip, st=status)) + + def _create_security_group(self, security_group_rules_client=None, + tenant_id=None, + namestart='secgroup-smoke', + security_groups_client=None): + if security_group_rules_client is None: + security_group_rules_client = self.security_group_rules_client + if security_groups_client is None: + security_groups_client = self.security_groups_client + if tenant_id is None: + tenant_id = security_groups_client.tenant_id + secgroup = self._create_empty_security_group( + namestart=namestart, client=security_groups_client, + tenant_id=tenant_id) + + # Add rules to the security group + rules = self._create_loginable_secgroup_rule( + security_group_rules_client=security_group_rules_client, + secgroup=secgroup, + security_groups_client=security_groups_client) + for rule in rules: + self.assertEqual(tenant_id, rule['tenant_id']) + self.assertEqual(secgroup['id'], rule['security_group_id']) + return secgroup + + def _create_empty_security_group(self, client=None, tenant_id=None, + namestart='secgroup-smoke'): + """Create a security group without rules. + + Default rules will be created: + - IPv4 egress to any + - IPv6 egress to any + + :param tenant_id: secgroup will be created in this tenant + :returns: the created security group + """ + if client is None: + client = self.security_groups_client + if not tenant_id: + tenant_id = client.tenant_id + sg_name = data_utils.rand_name(namestart) + sg_desc = sg_name + " description" + sg_dict = dict(name=sg_name, + description=sg_desc) + sg_dict['tenant_id'] = tenant_id + result = client.create_security_group(**sg_dict) + + secgroup = result['security_group'] + self.assertEqual(secgroup['name'], sg_name) + self.assertEqual(tenant_id, secgroup['tenant_id']) + self.assertEqual(secgroup['description'], sg_desc) + + self.addCleanup(test_utils.call_and_ignore_notfound_exc, + client.delete_security_group, secgroup['id']) + return secgroup + + def _create_security_group_rule(self, secgroup=None, + sec_group_rules_client=None, + tenant_id=None, + security_groups_client=None, **kwargs): + """Create a rule from a dictionary of rule parameters. + + Create a rule in a secgroup. if secgroup not defined will search for + default secgroup in tenant_id. + + :param secgroup: the security group. + :param tenant_id: if secgroup not passed -- the tenant in which to + search for default secgroup + :param kwargs: a dictionary containing rule parameters: + for example, to allow incoming ssh: + rule = { + direction: 'ingress' + protocol:'tcp', + port_range_min: 22, + port_range_max: 22 + } + """ + if sec_group_rules_client is None: + sec_group_rules_client = self.security_group_rules_client + if security_groups_client is None: + security_groups_client = self.security_groups_client + if not tenant_id: + tenant_id = security_groups_client.tenant_id + if secgroup is None: + # Get default secgroup for tenant_id + default_secgroups = security_groups_client.list_security_groups( + name='default', tenant_id=tenant_id)['security_groups'] + msg = "No default security group for tenant %s." % (tenant_id) + self.assertNotEmpty(default_secgroups, msg) + secgroup = default_secgroups[0] + + ruleset = dict(security_group_id=secgroup['id'], + tenant_id=secgroup['tenant_id']) + ruleset.update(kwargs) + + sg_rule = sec_group_rules_client.create_security_group_rule(**ruleset) + sg_rule = sg_rule['security_group_rule'] + + self.assertEqual(secgroup['tenant_id'], sg_rule['tenant_id']) + self.assertEqual(secgroup['id'], sg_rule['security_group_id']) + + return sg_rule + + def _create_loginable_secgroup_rule(self, security_group_rules_client=None, + secgroup=None, + security_groups_client=None): + """Create loginable security group rule + + This function will create: + 1. egress and ingress tcp port 22 allow rule in order to allow ssh + access for ipv4. + 2. egress and ingress ipv6 icmp allow rule, in order to allow icmpv6. + 3. egress and ingress ipv4 icmp allow rule, in order to allow icmpv4. + """ + + if security_group_rules_client is None: + security_group_rules_client = self.security_group_rules_client + if security_groups_client is None: + security_groups_client = self.security_groups_client + rules = [] + rulesets = [ + dict( + # ssh + protocol='tcp', + port_range_min=22, + port_range_max=22, + ), + dict( + # ping + protocol='icmp', + ), + dict( + # ipv6-icmp for ping6 + protocol='icmp', + ethertype='IPv6', + ) + ] + sec_group_rules_client = security_group_rules_client + for ruleset in rulesets: + for r_direction in ['ingress', 'egress']: + ruleset['direction'] = r_direction + try: + sg_rule = self._create_security_group_rule( + sec_group_rules_client=sec_group_rules_client, + secgroup=secgroup, + security_groups_client=security_groups_client, + **ruleset) + except lib_exc.Conflict as ex: + # if rule already exist - skip rule and continue + msg = 'Security group rule already exists' + if msg not in ex._error_string: + raise ex + else: + self.assertEqual(r_direction, sg_rule['direction']) + rules.append(sg_rule) + + return rules + + +class EncryptionScenarioTest(ScenarioTest): + """Base class for encryption scenario tests""" + + credentials = ['primary', 'admin'] + + @classmethod + def setup_clients(cls): + super(EncryptionScenarioTest, cls).setup_clients() + cls.admin_volume_types_client = cls.os_admin.volume_types_client_latest + cls.admin_encryption_types_client =\ + cls.os_admin.encryption_types_client_latest + + def create_encryption_type(self, client=None, type_id=None, provider=None, + key_size=None, cipher=None, + control_location=None): + if not client: + client = self.admin_encryption_types_client + if not type_id: + volume_type = self.create_volume_type() + type_id = volume_type['id'] + LOG.debug("Creating an encryption type for volume type: %s", type_id) + client.create_encryption_type( + type_id, provider=provider, key_size=key_size, cipher=cipher, + control_location=control_location) + + def create_encrypted_volume(self, encryption_provider, volume_type, + key_size=256, cipher='aes-xts-plain64', + control_location='front-end'): + volume_type = self.create_volume_type(name=volume_type) + self.create_encryption_type(type_id=volume_type['id'], + provider=encryption_provider, + key_size=key_size, + cipher=cipher, + control_location=control_location) + return self.create_volume(volume_type=volume_type['name']) diff --git a/cinder_tempest_plugin/scenario/test_snapshots.py b/cinder_tempest_plugin/scenario/test_snapshots.py new file mode 100644 index 0000000..3153281 --- /dev/null +++ b/cinder_tempest_plugin/scenario/test_snapshots.py @@ -0,0 +1,164 @@ +# Copyright 2020 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from tempest.common import utils +from tempest.lib import decorators + +from cinder_tempest_plugin.scenario import manager + + +class SnapshotDataIntegrityTests(manager.ScenarioTest): + + def setUp(self): + super(SnapshotDataIntegrityTests, self).setUp() + self.keypair = self.create_keypair() + self.security_group = self._create_security_group() + + def _get_file_md5(self, ip_address, filename, mount_path='/mnt', + private_key=None, server=None): + ssh_client = self.get_remote_client(ip_address, + private_key=private_key, + server=server) + + md5_sum = ssh_client.exec_command( + 'sudo md5sum %s/%s|cut -c 1-32' % (mount_path, filename)) + return md5_sum + + def _count_files(self, ip_address, mount_path='/mnt', private_key=None, + server=None): + ssh_client = self.get_remote_client(ip_address, + private_key=private_key, + server=server) + count = ssh_client.exec_command('sudo ls -l %s | wc -l' % mount_path) + return int(count) - 1 + + def _launch_instance_from_snapshot(self, snap): + volume_snap = self.create_volume(snapshot_id=snap['id'], + size=snap['size']) + + server_snap = self.boot_instance_from_resource( + source_id=volume_snap['id'], + source_type='volume', + keypair=self.keypair, + security_group=self.security_group) + + return server_snap + + def create_md5_new_file(self, ip_address, filename, mount_path='/mnt', + private_key=None, server=None): + ssh_client = self.get_remote_client(ip_address, + private_key=private_key, + server=server) + + ssh_client.exec_command( + 'sudo dd bs=1024 count=100 if=/dev/urandom of=/%s/%s' % + (mount_path, filename)) + md5 = ssh_client.exec_command( + 'sudo md5sum -b %s/%s|cut -c 1-32' % (mount_path, filename)) + ssh_client.exec_command('sudo sync') + return md5 + + def get_md5_from_file(self, instance, filename): + + instance_ip = self.get_server_ip(instance) + + md5_sum = self._get_file_md5(instance_ip, filename=filename, + private_key=self.keypair['private_key'], + server=instance) + count = self._count_files(instance_ip, + private_key=self.keypair['private_key'], + server=instance) + return count, md5_sum + + @decorators.idempotent_id('ff10644e-5a70-4a9f-9801-8204bb81fb61') + @utils.services('compute', 'volume', 'image', 'network') + def test_snapshot_data_integrity(self): + """This test checks the data integrity after creating and restoring + + snapshots. The procedure is as follows: + + 1) create a volume from image + 2) Boot an instance from the volume + 3) create file on vm and write data into it + 4) create snapshot + 5) repeat 3 and 4 two more times (simply creating 3 snapshots) + + Now restore the snapshots one by one into volume, create instances + from it and check the number of files and file content at each + point when snapshot was created. + """ + + # Create a volume from image + volume = self.create_volume_from_image() + + # create an instance from bootable volume + server = self.boot_instance_from_resource( + source_id=volume['id'], + source_type='volume', + keypair=self.keypair, + security_group=self.security_group) + + instance_ip = self.get_server_ip(server) + + # Write data to volume + file1_md5 = self.create_md5_new_file( + instance_ip, filename="file1", + private_key=self.keypair['private_key'], + server=instance_ip) + + # Create first snapshot + snapshot1 = self.create_volume_snapshot(volume['id'], force=True) + + # Write data to volume + file2_md5 = self.create_md5_new_file( + instance_ip, filename="file2", + private_key=self.keypair['private_key'], + server=instance_ip) + + # Create second snapshot + snapshot2 = self.create_volume_snapshot(volume['id'], force=True) + + # Write data to volume + file3_md5 = self.create_md5_new_file( + instance_ip, filename="file3", + private_key=self.keypair['private_key'], + server=instance_ip) + + # Create third snapshot + snapshot3 = self.create_volume_snapshot(volume['id'], force=True) + + # Create volume, instance and check file and contents for snap1 + instance_1 = self._launch_instance_from_snapshot(snapshot1) + count_snap_1, md5_file_1 = self.get_md5_from_file(instance_1, + 'file1') + + self.assertEqual(count_snap_1, 1) + self.assertEqual(file1_md5, md5_file_1) + + # Create volume, instance and check file and contents for snap2 + instance_2 = self._launch_instance_from_snapshot(snapshot2) + count_snap_2, md5_file_2 = self.get_md5_from_file(instance_2, + 'file2') + + self.assertEqual(count_snap_2, 2) + self.assertEqual(file2_md5, md5_file_2) + + # Create volume, instance and check file and contents for snap3 + instance_3 = self._launch_instance_from_snapshot(snapshot3) + count_snap_3, md5_file_3 = self.get_md5_from_file(instance_3, + 'file3') + + self.assertEqual(count_snap_3, 3) + self.assertEqual(file3_md5, md5_file_3) diff --git a/cinder_tempest_plugin/scenario/test_volume_encrypted.py b/cinder_tempest_plugin/scenario/test_volume_encrypted.py new file mode 100644 index 0000000..baf55e7 --- /dev/null +++ b/cinder_tempest_plugin/scenario/test_volume_encrypted.py @@ -0,0 +1,183 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from tempest.common import utils +from tempest.common import waiters +from tempest import config +from tempest.lib.common.utils import data_utils +from tempest.lib import decorators + +from cinder_tempest_plugin.scenario import manager + +CONF = config.CONF + + +class TestEncryptedCinderVolumes(manager.EncryptionScenarioTest, + manager.ScenarioTest): + + @classmethod + def skip_checks(cls): + super(TestEncryptedCinderVolumes, cls).skip_checks() + if not CONF.compute_feature_enabled.attach_encrypted_volume: + raise cls.skipException('Encrypted volume attach is not supported') + + @classmethod + def resource_setup(cls): + super(TestEncryptedCinderVolumes, cls).resource_setup() + + @classmethod + def resource_cleanup(cls): + super(TestEncryptedCinderVolumes, cls).resource_cleanup() + + def launch_instance(self): + keypair = self.create_keypair() + + return self.create_server(key_name=keypair['name']) + + def attach_detach_volume(self, server, volume): + attached_volume = self.nova_volume_attach(server, volume) + self.nova_volume_detach(server, attached_volume) + + def _delete_server(self, server): + self.servers_client.delete_server(server['id']) + waiters.wait_for_server_termination(self.servers_client, server['id']) + + def create_encrypted_volume_from_image(self, encryption_provider, + volume_type='luks', + key_size=256, + cipher='aes-xts-plain64', + control_location='front-end', + **kwargs): + """Create an encrypted volume from image. + + :param image_id: ID of the image to create volume from, + CONF.compute.image_ref by default + :param name: name of the volume, + '$classname-volume-origin' by default + :param **kwargs: additional parameters + """ + volume_type = self.create_volume_type(name=volume_type) + self.create_encryption_type(type_id=volume_type['id'], + provider=encryption_provider, + key_size=key_size, + cipher=cipher, + control_location=control_location) + image_id = kwargs.pop('image_id', CONF.compute.image_ref) + name = kwargs.pop('name', None) + if not name: + namestart = self.__class__.__name__ + '-volume-origin' + name = data_utils.rand_name(namestart) + return self.create_volume(volume_type=volume_type['name'], + name=name, imageRef=image_id, + **kwargs) + + @decorators.idempotent_id('5bb622ab-5060-48a8-8840-d589a548b9e4') + @utils.services('volume') + @utils.services('compute') + def test_attach_cloned_encrypted_volume(self): + + """This test case attempts to reproduce the following steps: + + * Create an encrypted volume + * Create clone from volume + * Boot an instance and attach/dettach cloned volume + + """ + + volume = self.create_encrypted_volume('luks', volume_type='luks') + kwargs = { + 'display_name': data_utils.rand_name(self.__class__.__name__), + 'source_volid': volume['id'], + 'volume_type': volume['volume_type'], + 'size': volume['size'] + } + volume_s = self.volumes_client.create_volume(**kwargs)['volume'] + self.addCleanup(self.volumes_client.wait_for_resource_deletion, + volume_s['id']) + self.addCleanup(self.volumes_client.delete_volume, volume_s['id']) + waiters.wait_for_volume_resource_status( + self.volumes_client, volume_s['id'], 'available') + volume_source = self.volumes_client.show_volume( + volume_s['id'])['volume'] + server = self.launch_instance() + self.attach_detach_volume(server, volume_source) + + @decorators.idempotent_id('5bb622ab-5060-48a8-8840-d589a548b7e4') + @utils.services('volume') + @utils.services('compute') + @utils.services('image') + def test_boot_cloned_encrypted_volume(self): + + """This test case attempts to reproduce the following steps: + + * Create an encrypted volume from image + * Boot an instance from the volume + * Write data to the volume + * Detach volume + * Create a clone from the first volume + * Create another encrypted volume from source_volumeid + * Boot an instance from cloned volume + * Verify the data + """ + + keypair = self.create_keypair() + security_group = self._create_security_group() + + volume = self.create_encrypted_volume_from_image('luks') + + # create an instance from volume + instance_1st = self.boot_instance_from_resource( + source_id=volume['id'], + source_type='volume', + keypair=keypair, + security_group=security_group) + + # write content to volume on instance + ip_instance_1st = self.get_server_ip(instance_1st) + timestamp = self.create_timestamp(ip_instance_1st, + private_key=keypair['private_key'], + server=instance_1st) + # delete instance + self._delete_server(instance_1st) + + # create clone + kwargs = { + 'display_name': data_utils.rand_name(self.__class__.__name__), + 'source_volid': volume['id'], + 'volume_type': volume['volume_type'], + 'size': volume['size'] + } + volume_s = self.volumes_client.create_volume(**kwargs)['volume'] + + self.addCleanup(self.volumes_client.wait_for_resource_deletion, + volume_s['id']) + self.addCleanup(self.volumes_client.delete_volume, volume_s['id']) + waiters.wait_for_volume_resource_status( + self.volumes_client, volume_s['id'], 'available') + + # create an instance from volume + instance_2nd = self.boot_instance_from_resource( + source_id=volume_s['id'], + source_type='volume', + keypair=keypair, + security_group=security_group) + + # check the content of written file + ip_instance_2nd = self.get_server_ip(instance_2nd) + timestamp2 = self.get_timestamp(ip_instance_2nd, + private_key=keypair['private_key'], + server=instance_2nd) + + self.assertEqual(timestamp, timestamp2) + + # delete instance + self._delete_server(instance_2nd) diff --git a/doc/requirements.txt b/doc/requirements.txt new file mode 100644 index 0000000..d3348d6 --- /dev/null +++ b/doc/requirements.txt @@ -0,0 +1,2 @@ +sphinx!=1.6.6,!=1.6.7,>=1.6.2 # BSD +openstackdocstheme>=1.18.1 # Apache-2.0 diff --git a/setup.cfg b/setup.cfg index 9b05085..7866a06 100644 --- a/setup.cfg +++ b/setup.cfg @@ -16,6 +16,7 @@ Programming Language :: Python :: 3 Programming Language :: Python :: 3.6 Programming Language :: Python :: 3.7 + Programming Language :: Python :: 3.8 [files] packages = diff --git a/test-requirements.txt b/test-requirements.txt index e0bd682..905ad51 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -6,8 +6,6 @@ coverage!=4.4,>=4.0 # Apache-2.0 python-subunit>=1.0.0 # Apache-2.0/BSD -sphinx!=1.6.6,!=1.6.7,>=1.6.2 # BSD oslotest>=3.2.0 # Apache-2.0 -testrepository>=0.0.18 # Apache-2.0/BSD +stestr>=1.0.0 # Apache-2.0 testtools>=2.2.0 # MIT -openstackdocstheme>=1.18.1 # Apache-2.0 diff --git a/tox.ini b/tox.ini index be122b4..e1eb31f 100644 --- a/tox.ini +++ b/tox.ini @@ -12,9 +12,12 @@ setenv = VIRTUAL_ENV={envdir} PYTHONWARNINGS=default::DeprecationWarning + OS_LOG_CAPTURE={env:OS_LOG_CAPTURE:true} + OS_STDOUT_CAPTURE={env:OS_STDOUT_CAPTURE:true} + OS_STDERR_CAPTURE={env:OS_STDERR_CAPTURE:true} deps = -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master} -r{toxinidir}/test-requirements.txt -commands = python setup.py test --slowest --testr-args='{posargs}' +commands = stestr run --slowest {posargs} [testenv:pep8] commands = flake8 {posargs} @@ -26,7 +29,9 @@ # E123, E125 skipped as they are invalid PEP-8. # W503 line break before binary operator # W504 line break after binary operator +# H101 include name with TODO +# reason: no real benefit show-source = True -ignore = E123,E125,W503,W504 +ignore = E123,E125,W503,W504,H101 builtins = _ exclude=.venv,.git,.tox,dist,doc,*lib/python*,*egg,build