From f90ca8fdcefd21d655f3903940a60ce73912d76a Mon Sep 17 00:00:00 2001
From: dkumbhar <dkumbhar@vmware.com>
Date: Fri, 27 Nov 2020 06:35:56 +0000
Subject: [PATCH] firewall group attached two ports of router

Change-Id: Ia459073b8503a1ea2f3a571804f33a1bb51f319d
---
 .../tests/scenario/test_v2_fwaas_nsxv.py      | 43 +++++++++++++++++++
 1 file changed, 43 insertions(+)

diff --git a/vmware_nsx_tempest_plugin/tests/scenario/test_v2_fwaas_nsxv.py b/vmware_nsx_tempest_plugin/tests/scenario/test_v2_fwaas_nsxv.py
index eb762d6..b05d428 100644
--- a/vmware_nsx_tempest_plugin/tests/scenario/test_v2_fwaas_nsxv.py
+++ b/vmware_nsx_tempest_plugin/tests/scenario/test_v2_fwaas_nsxv.py
@@ -413,6 +413,49 @@ class TestFwaasV2Ops(feature_manager.FeatureManager):
                         vm1_float_ip=float_ip, server=vm1)
         return net_topo
 
+    @decorators.attr(type='nsxv')
+    @decorators.idempotent_id('131288d7-9213-4b1e-b22d-15840c8e3f13')
+    def test_fwaas_group_attach_to_multiple_ports_of_router(self):
+        """
+        Test fwaasv2 group attach to multiple ports of one router
+        """
+        net_topo = self.create_network_topo(router_type='exclusive',
+                                            create_instance=True)
+        # Create another network and subnet and attach to router in net_topo
+        network2 = \
+            self.create_topology_network(network_name="fw-network2",
+                                         networks_client=self.networks_client)
+        router_id = net_topo['router']['id']
+        self.create_topology_subnet('subnet2', network2,
+                                    router_id=router_id,
+                                    networks_client=self.networks_client)
+        device_owner = u'network:router_interface'
+        ports_list = self.ports_client.list_ports(device_id=router_id,
+                                                  device_owner=device_owner)
+        ports = []
+        for port in ports_list['ports']:
+            port_info = self.ports_client.show_port(port['id'])
+            ports.append(port_info['port']['id'])
+
+        self.project_id = net_topo['project']
+        ingr = {'enable': True,
+                'rules': [{'proto': 'icmp', 'action': 'allow'},
+                          {'proto': 'tcp', 'action': 'allow'}
+                          ]}
+        egr = {'enable': True,
+               'rules': [{'proto': 'icmp', 'action': 'allow'},
+                         {'proto': 'tcp', 'action': 'allow'}
+                         ]}
+        self.create_fw_basic_topo_port_per_protocol(ports,
+                                                    net_topo['router'],
+                                                    ingr, egr)
+        # verify int-VM to int-VM ping works
+        self.verify_connectivity_to_extvm(net_topo['server'],
+                                          traffic_result=True)
+        # verify ext-VM to intVM floating IP ping
+        out = self._test_ping_from_external_network(net_topo['vm1_float_ip'])
+        self.assertIn("2 received", str(out))
+
     @decorators.attr(type='nsxv')
     @decorators.idempotent_id('131288d7-9213-4b1e-a11d-15840c8e3f13')
     def test_fwaas_in_egr_allow_tcp_icmp_default_ip_address(self):