From 604448cdcd01e9d759726f10831da4ad5f607ac3 Mon Sep 17 00:00:00 2001
From: Deepthi Kandavara Jayarama <dkandavarajay@vmware.com>
Date: Tue, 17 Apr 2018 21:42:12 +0000
Subject: [PATCH] [OS:FVT] ENS based changes Tempest config updated with ens
 parameter Changes to new tempest design to work with ens Includes a basic
 scenario with N-S and E-W traffic

{0} vmware_nsx_tempest.tests.nsxv3.scenario.test_ens.EnsScenarioTest.test_ens_overlay_traffic_scenario [196.270294s] ... ok
======
Totals
======
Ran: 1 tests in 203.0000 sec.
 - Passed: 1

Change-Id: I2bdeac7c334b539c39b9dbb576c181634e571d82
---
 vmware_nsx_tempest/config.py                  |  4 +
 vmware_nsx_tempest/lib/appliance_manager.py   | 15 +--
 .../tests/nsxv3/scenario/test_ens.py          | 97 +++++++++++++++++++
 3 files changed, 110 insertions(+), 6 deletions(-)
 create mode 100644 vmware_nsx_tempest/tests/nsxv3/scenario/test_ens.py

diff --git a/vmware_nsx_tempest/config.py b/vmware_nsx_tempest/config.py
index f3ad8a3..f2671e7 100644
--- a/vmware_nsx_tempest/config.py
+++ b/vmware_nsx_tempest/config.py
@@ -196,4 +196,8 @@ NSXv3Group = [
     cfg.BoolOpt('native_dhcp_metadata',
                 default=False,
                 help="Enable or disable Native DHCP and MDProxy for nsxv3"),
+    cfg.BoolOpt('ens',
+                default=False,
+                help="enable ens based changes like port-security-disabled"
+                     " no security-group"),
 ]
diff --git a/vmware_nsx_tempest/lib/appliance_manager.py b/vmware_nsx_tempest/lib/appliance_manager.py
index 141062a..ae34c37 100644
--- a/vmware_nsx_tempest/lib/appliance_manager.py
+++ b/vmware_nsx_tempest/lib/appliance_manager.py
@@ -125,6 +125,8 @@ class ApplianceManager(manager.NetworkScenarioTest):
         # config before trying to create the network with port_security_enabled
         if CONF.network_feature_enabled.port_security:
             port_security_enabled = True
+        else:
+            port_security_enabled = False
         result = networks_client.create_network(
             name=name, tenant_id=tenant_id,
             port_security_enabled=port_security_enabled, **kwargs)
@@ -297,12 +299,13 @@ class ApplianceManager(manager.NetworkScenarioTest):
             config_drive=None, keypair=None, image_id=None,
             clients=None, create_floating_ip=True, **kwargs):
         # Define security group for server.
-        if security_groups:
-            kwargs["security_groups"] = security_groups
-        else:
-            _sg = self.create_topology_security_group()
-            _security_groups = [{'name': _sg['name']}]
-            kwargs["security_groups"] = _security_groups
+        if CONF.nsxv3.ens is not True:
+            if security_groups:
+                kwargs["security_groups"] = security_groups
+            else:
+                _sg = self.create_topology_security_group()
+                _security_groups = [{'name': _sg['name']}]
+                kwargs["security_groups"] = _security_groups
         # Define config drive for server.
         if not config_drive:
             kwargs["config_drive"] = self.topology_config_drive
diff --git a/vmware_nsx_tempest/tests/nsxv3/scenario/test_ens.py b/vmware_nsx_tempest/tests/nsxv3/scenario/test_ens.py
new file mode 100644
index 0000000..e72b4ae
--- /dev/null
+++ b/vmware_nsx_tempest/tests/nsxv3/scenario/test_ens.py
@@ -0,0 +1,97 @@
+# Copyright 2018 VMware Inc
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from tempest import config
+from tempest.lib import decorators
+
+from vmware_nsx_tempest.lib import feature_manager
+from vmware_nsx_tempest.services import nsx_client
+
+CONF = config.CONF
+
+
+class TestEnsOps(feature_manager.FeatureManager):
+
+    @classmethod
+    def skip_checks(cls):
+        super(TestEnsOps, cls).skip_checks()
+        if not (CONF.network.project_networks_reachable or
+                CONF.network.public_network_id):
+            msg = ('Either project_networks_reachable must be "true", or '
+                   'public_network_id must be defined.')
+            raise cls.skipException(msg)
+        if not CONF.network.public_network_cidr:
+            msg = "public_network_cidr must be defined in network section."
+            raise cls.skipException(msg)
+
+    @classmethod
+    def setup_credentials(cls):
+        cls.set_network_resources()
+        cls.admin_mgr = cls.get_client_manager('admin')
+        super(TestEnsOps, cls).setup_credentials()
+
+    @classmethod
+    def setup_clients(cls):
+        """
+        Create various client connections. Such as NSX.
+        """
+        super(TestEnsOps, cls).setup_clients()
+        cls.nsx_client = nsx_client.NSXClient(
+            CONF.network.backend,
+            CONF.nsxv3.nsx_manager,
+            CONF.nsxv3.nsx_user,
+            CONF.nsxv3.nsx_password)
+
+    def verify_ping_to_fip_from_ext_vm(self, server_details):
+        self.using_floating_ip_check_server_and_project_network_connectivity(
+            server_details)
+
+    def verify_ping_own_fip(self, server):
+        fip = server["floating_ips"][0]["floating_ip_address"]
+        client = self.verify_server_ssh(server, floating_ip=fip)
+        ping_cmd = "ping -c 1 %s " % fip
+        self.exec_cmd_on_server_using_fip(ping_cmd, ssh_client=client)
+
+
+class EnsScenarioTest(TestEnsOps):
+
+    @decorators.idempotent_id('2544b6e2-f61b-4f0a-8821-5274e8e1baa1')
+    def test_ens_overlay_traffic_scenario(self):
+        router_ens = self.create_topology_router("router_ens")
+        # Qos network
+        network_ens = self.create_topology_network("network_ens")
+        self.create_topology_subnet("subnet_ens", network_ens,
+                           router_id=router_ens["id"])
+        image_id = self.get_glance_image_id(['cirros', 'esx'])
+        self.create_topology_instance(
+            "ens_vm_1", [network_ens],
+            create_floating_ip=True, image_id=image_id)
+        self.create_topology_instance(
+            "ens_vm_2", [network_ens],
+            create_floating_ip=True, image_id=image_id)
+        # Verify E-W traffic
+        self.check_cross_network_connectivity(
+            self.topology_networks["network_ens"],
+            self.servers_details["ens_vm_1"].floating_ips[0],
+            self.servers_details["ens_vm_1"].server, should_connect=True)
+        self.check_cross_network_connectivity(
+            self.topology_networks["network_ens"],
+            self.servers_details["ens_vm_2"].floating_ips[0],
+            self.servers_details["ens_vm_2"].server, should_connect=True)
+        # Verify fip ping N-S traffic
+        for server, details in self.servers_details.items():
+            self.verify_ping_to_fip_from_ext_vm(details)
+        self.verify_ping_own_fip(self.topology_servers["ens_vm_1"])
+        self.verify_ping_own_fip(self.topology_servers["ens_vm_2"])