x/group-based-policy
Code Issues Proposed changes

[aim] Fix aim gate job

Browse Source 
This patch fixes the gate-group-based-policy-dsvm-aim-ubuntu-xenial-nv
integration job that exercises the aim_mapping policy driver and
the ml2plus plugin with the apic_mapping mechanism driver.

Other GBP integration jobs patch a devstack installation to run GBP, however
this patch configures the aforementioned job to use the in-tree GBP devstack
plugin. Based on the validation from this patch, the same approach can now be
extended to the other jobs as well and has the advantage of providing the
developer the ability to recreate the devstack setup used in the gate job.

Some variations do exist in the devstack setup on account of the environment
available in the gate job versus that in a developer's setup (for example, the
source repo is already cloned in the gate job and needs to be used), and in
such cases the ENABLE_APIC_AIM_GATE devstack env variable is used to
special case appropriately. Anyone wanting to replicate the exact devstack
gate configuration should set this variable to true in their local.conf
instead of the ENABLE_APIC_AIM variable referred to in the devref document
and which adds more configuration and starts neutron agents. Over time, the
ENABLE_APIC_AIM_GATE configuration will converge with that of the
ENABLE_APIC_AIM and the ENABLE_APIC_AIM_GATE variable will be eliminated.

The eventual goal of this job is to be able to test as much of the GBP/Neutron
workflowsi, and resulting AIM and system configuration, as possible (in spite
of the absence of the backend components). The first step towards that end
is to test the CRUD operations. This is achieved by running a basic GBP exercise
script that is a variant of the one run in the
gate-group-based-policy-dsvm-functional-ubuntu-xenial-nv job (it does not launch
the VMs since it will fail on account of the expected port binding failure).

The gbpfunctest functional test suite that is run against the
gate-group-based-policy-dsvm-functional-ubuntu-xenial-nv is also run in this
job with some minor adjustments to the test suite. The adjustments are mainly
to account for the variation in sharing semantics between the aim_mapping and
resource_mapping drivers (the former has more flexibility that the latter), and
the lack of support for hierarchical PRS in the aim_mapping driver.

All neutron agents are being disabled in this iteration to avoid logs being
inundated with port binding failure messages. A number of options are up for
consideration in terms of how to get the port binding to succeed, and will
be evaluated over time. The appropriate agents will be enabled accordingly.

Change-Id: I528b7fd2e66a0f7ef1bb00c887e5fbf2434cf966
This commit is contained in:
Sumit Naiksatam
2016-12-11 14:51:26 -08:00
parent 13dc1f2b6a
commit cd10b7de0e
12 changed files with 1126 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
devstack/lib/apic_aim
View File

@@ -11,11 +11,14 @@ function configure_apic_aim {
echo_summary "Configuring apic_aim"
# devstack/lib/neutron_plugins/ml2 does not allow overriding
# Q_PLUGIN_CLASS in override_defaults, so do it here instread
# Q_PLUGIN_CLASS in override_defaults, so do it here instead
# Neutron Configuration for AIM
iniset $NEUTRON_CONF DEFAULT core_plugin ml2plus
iniset /$Q_PLUGIN_CONF_FILE ml2_type_vxlan vni_ranges "10:100"
iniset /$Q_PLUGIN_CONF_FILE ml2_type_vxlan vxlan_group "224.0.0.1"
iniset /$Q_PLUGIN_CONF_FILE apic_aim_auth auth_plugin v3password
iniset /$Q_PLUGIN_CONF_FILE apic_aim_auth auth_url $KEYSTONE_SERVICE_URI_V3
iniset /$Q_PLUGIN_CONF_FILE apic_aim_auth username admin
@@ -24,10 +27,17 @@ function configure_apic_aim {
iniset /$Q_PLUGIN_CONF_FILE apic_aim_auth project_domain_name default
iniset /$Q_PLUGIN_CONF_FILE apic_aim_auth project_name admin
# The following are used by apic_mapping and should not be needed once
# apic_mapping is no longer called from aim_mapping
iniset $NEUTRON_CONF keystone_authtoken identity_uri $KEYSTONE_SERVICE_URI
iniset $NEUTRON_CONF keystone_authtoken admin_user neutron
iniset $NEUTRON_CONF keystone_authtoken admin_tenant_name services
iniset $NEUTRON_CONF keystone_authtoken admin_password $ADMIN_PASSWORD
# GBP Configuration for AIM
# Policy drivers (REVISIT: chain_mapping might needed to be added later)
iniset $NEUTRON_CONF group_policy policy_drivers "aim_mapping"
iniset $NEUTRON_CONF group_policy extension_drivers "aim_extension,proxy_group"
iniset $NEUTRON_CONF group_policy extension_drivers "aim_extension,proxy_group,apic_segmentation_label"
# Service Chain (REVISIT: not overriding any defaults yet)
init_aim
@@ -41,7 +51,8 @@ function install_aim {
}
function init_aim {
aim -c $NEUTRON_CONF db-migration upgrade
aimctl -c $NEUTRON_CONF db-migration upgrade
aimctl -c $NEUTRON_CONF config update
}
function install_opflex {

4
devstack/lib/gbp
View File

@@ -48,7 +48,9 @@ function init_gbpservice {
# install_gbpservice() - Collect source and prepare
function install_gbpservice {
git_clone $GBPSERVICE_REPO $GBPSERVICE_DIR $GBPSERVICE_BRANCH
if [[ $ENABLE_APIC_AIM_GATE = False ]]; then
git_clone $GBPSERVICE_REPO $GBPSERVICE_DIR $GBPSERVICE_BRANCH
fi
mv $GBPSERVICE_DIR/test-requirements.txt $GBPSERVICE_DIR/_test-requirements.txt
setup_develop $GBPSERVICE_DIR
mv -f $NEUTRON_CONF_DIR/policy.json $NEUTRON_CONF_DIR/policy.json.original 2>/dev/null; true

9
devstack/override-defaults
View File

@@ -1,14 +1,17 @@
NEUTRON_CREATE_INITIAL_NETWORKS="False"
ENABLE_APIC_AIM=${ENABLE_APIC_AIM:-False}
ENABLE_APIC_AIM_GATE=${ENABLE_APIC_AIM_GATE:-False}
if [[ $ENABLE_APIC_AIM = True ]]; then
if [[ $ENABLE_APIC_AIM = True || $ENABLE_APIC_AIM_GATE = True ]]; then
echo_summary "Overriding defaults for apic_aim"
Q_PLUGIN=${Q_PLUGIN:-ml2}
Q_ML2_TENANT_NETWORK_TYPE=${Q_ML2_TENANT_NETWORK_TYPE:-opflex}
Q_ML2_PLUGIN_TYPE_DRIVERS=${Q_ML2_PLUGIN_TYPE_DRIVERS:-local,vlan,opflex}
Q_ML2_PLUGIN_MECHANISM_DRIVERS=${Q_ML2_PLUGIN_MECHANISM_DRIVERS:-apic_aim}
Q_ML2_PLUGIN_EXT_DRIVERS=${Q_ML2_PLUGIN_EXT_DRIVERS:-apic_aim,port_security}
Q_ML2_PLUGIN_TYPE_DRIVERS=${Q_ML2_PLUGIN_TYPE_DRIVERS:-opflex,local,flat,vlan,gre,vxlan}
ML2_L3_PLUGIN=${ML2_L3_PLUGIN:-apic_aim_l3}
Q_ML2_TENANT_NETWORK_TYPE=${Q_ML2_TENANT_NETWORK_TYPE:-opflex}
fi

4
devstack/plugin.sh
View File

@@ -90,7 +90,7 @@ if is_service_enabled group-policy; then
echo_summary "Preparing $GBP"
elif [[ "$1" == "stack" && "$2" == "install" ]]; then
echo_summary "Installing $GBP"
[[ $ENABLE_APIC_AIM = True ]] && install_apic_aim
[[ $ENABLE_APIC_AIM = True || $ENABLE_APIC_AIM_GATE = True ]] && install_apic_aim
if [[ $ENABLE_NFP = True ]]; then
echo_summary "Installing $NFP"
prepare_nfp_image_builder
@@ -118,7 +118,7 @@ if is_service_enabled group-policy; then
[[ $ENABLE_NFP = True ]] && init_nfpgbpservice
install_gbpheat
install_gbpui
[[ $ENABLE_APIC_AIM = True ]] && configure_apic_aim
[[ $ENABLE_APIC_AIM = True || $ENABLE_APIC_AIM_GATE = True ]] && configure_apic_aim
stop_apache_server
start_apache_server
elif [[ "$1" == "stack" && "$2" == "extra" ]]; then

15
devstack/settings
View File

@@ -1,7 +1,10 @@
# Make sure the plugin name in local.conf is "gbp", as in: enable_plugin gbp <remote> <branch>
source $DEST/gbp/devstack/lib/gbp
ENABLE_APIC_AIM=${ENABLE_APIC_AIM:-False}
ENABLE_APIC_AIM_GATE=${ENABLE_APIC_AIM_GATE:-False}
[[ $ENABLE_APIC_AIM = True ]] && source $DEST/gbp/devstack/lib/apic_aim
[[ $ENABLE_APIC_AIM_GATE = True ]] && source $DEST/gbp/devstack/lib/apic_aim
ENABLE_NFP=${ENABLE_NFP:-False}
[[ $ENABLE_NFP = True ]] && NFP_DEVSTACK_MODE=${NFP_DEVSTACK_MODE:-base}
@@ -34,15 +37,21 @@ APICAPI_BRANCH=${APICAPI_BRANCH:-aci_integration_manager}
disable_service n-net
enable_service n-novnc
enable_service q-svc
if [[ $ENABLE_APIC_AIM = True ]]; then
if [[ $ENABLE_APIC_AIM = True || $ENABLE_APIC_AIM_GATE = True ]]; then
disable_service q-agt
disable_service q-l3
else
enable_service q-agt
enable_service q-l3
fi
enable_service q-dhcp
enable_service q-fwaas
if [[ $ENABLE_APIC_AIM_GATE = True ]]; then
disable_service q-dhcp
disable_service q-lbaas
disable_service q-meta
else
enable_service q-dhcp
enable_service q-fwaas
fi
[[ $ENABLE_NFP = True ]] && [[ $NFP_DEVSTACK_MODE = advanced ]] && enable_service neutron-vpnaas
if [[ $ENABLE_NFP = True ]] && [[ $NFP_DEVSTACK_MODE = advanced ]] && [[ $ENABLE_LBAASV2 = True ]]; then
enable_service q-lbaasv2

148
gbpservice/tests/contrib/devstack/exercises-aim/gbp_aim.sh Executable file
View File

@@ -0,0 +1,148 @@
#!/usr/bin/env bash
# **gbp_aim.sh**
# Sanity check that gbp started if enabled
echo "*********************************************************************"
echo "Begin DevStack Exercise: $0"
echo "*********************************************************************"
# Settings
# ========
# This script exits on an error so that errors don't compound and you see
# only the first error that occurred.
set -o errexit
# Keep track of the current directory
EXERCISE_DIR=$(cd $(dirname "$0") && pwd)
TOP_DIR=$(cd $EXERCISE_DIR/..; pwd)
# Import common functions
source $TOP_DIR/functions
# Import configuration
source $TOP_DIR/openrc
# Import exercise configuration
source $TOP_DIR/exerciserc
source $TOP_DIR/openrc demo demo
# Print the commands being run so that we can see the command that triggers
# an error. It is also useful for following allowing as the install occurs.
set -o xtrace
function confirm_server_active {
local VM_UUID=$1
if ! timeout $ACTIVE_TIMEOUT sh -c "while ! nova show $VM_UUID | grep status | grep -q ACTIVE; do sleep 1; done"; then
echo "server '$VM_UUID' did not become active!"
false
fi
}
# Create allow action that can used in several rules
gbp policy-action-create allow --action-type allow
# Create ICMP rule
gbp policy-classifier-create icmp-traffic --protocol icmp --direction bi
gbp policy-rule-create ping-policy-rule --classifier icmp-traffic --actions allow
# Create SSH Rule (Optional)
# gbp policy-classifier-create ssh-traffic --protocol tcp --port-range 22 --direction bi
# gbp policy-rule-create ssh-policy-rule --classifier ssh-traffic --actions allow
# Create HTTP Rule
gbp policy-classifier-create web-traffic --protocol tcp --port-range 80 --direction in
gbp policy-rule-create web-policy-rule --classifier web-traffic --actions allow
# Create HTTPs Rule
gbp policy-classifier-create secure-web-traffic --protocol tcp --port-range 443 --direction in
gbp policy-rule-create secure-web-policy-rule --classifier secure-web-traffic --actions allow
# ICMP policy-rule-set
gbp policy-rule-set-create icmp-policy-rule-set --policy-rules ping-policy-rule
# WEB policy-rule-set
gbp policy-rule-set-create web-policy-rule-set --policy-rules web-policy-rule
# ====== PROJECT OPERATION ======
# PTGs creation
gbp group-create web
gbp group-create client-1
gbp group-create client-2
# PT creation
WEB_PORT=$(gbp policy-target-create web-pt-1 --policy-target-group web | awk "/port_id/ {print \$4}")
CLIENT1_PORT=$(gbp policy-target-create client-pt-1 --policy-target-group client-1 | awk "/port_id/ {print \$4}")
CLIENT2_PORT=$(gbp policy-target-create client-pt-2 --policy-target-group client-2 | awk "/port_id/ {print \$4}")
# Temporarily disable VM launching
# WEB_VM_1_UUID=`nova boot --flavor m1.tiny --image $DEFAULT_IMAGE_NAME --nic port-id=$WEB_PORT web-vm-1 | grep ' id ' | cut -d"|" -f3 | sed 's/ //g'`
# die_if_not_set $LINENO WEB_VM_1_UUID "Failure launching web-vm-1"
# confirm_server_active $WEB_VM_1_UUID
# CLIENT_VM_1_UUID=`nova boot --flavor m1.tiny --image $DEFAULT_IMAGE_NAME --nic port-id=$CLIENT1_PORT client-vm-1 | grep ' id ' | cut -d"|" -f3 | sed 's/ //g'`
# die_if_not_set $LINENO CLIENT_VM_1_UUID "Failure launching client-vm-1"
# confirm_server_active $CLIENT_VM_1_UUID
# CLIENT_VM_2_UUID=`nova boot --flavor m1.tiny --image $DEFAULT_IMAGE_NAME --nic port-id=$CLIENT2_PORT client-vm-2 | grep ' id ' | cut -d"|" -f3 | sed 's/ //g'`
# die_if_not_set $LINENO CLIENT_VM_2_UUID "Failure launching client-vm-2"
# confirm_server_active $CLIENT_VM_2_UUID
####CHECKPOINT: No traffic flows
# policy-rule-set Association
gbp group-update client-1 --consumed-policy-rule-sets "icmp-policy-rule-set,web-policy-rule-set"
gbp group-update client-2 --consumed-policy-rule-sets "icmp-policy-rule-set,web-policy-rule-set"
gbp group-update web --provided-policy-rule-sets "icmp-policy-rule-set,web-policy-rule-set"
####CHECKPOINT: ICMP and HTTP work from app to web and vice versa
gbp policy-rule-set-update web-policy-rule-set --policy-rules "secure-web-policy-rule"
####CHECKPOINT: HTTP stops working for both the client PTGs, HTTPs is now enabled
# Since VMs are not being launched, dont delete and wait for them
# nova delete web-vm-1
# nova delete client-vm-1
# nova delete client-vm-2
#if ! timeout $TERMINATE_TIMEOUT sh -c "while nova list | grep -q ACTIVE; do sleep 1; done"; then
# die $LINENO "Some VMs failed to shutdown"
#fi
gbp policy-target-delete web-pt-1
gbp policy-target-delete client-pt-1
gbp policy-target-delete client-pt-2
# The following tests fixed IP assignment for PTs
WEB_SUBNET=$(gbp ptg-show web | grep subnets | awk '{print $4}')
WEB_GW_IP=$(neutron subnet-show $WEB_SUBNET | grep gateway_ip | awk '{print $4}')
FIXED_IP="${WEB_GW_IP}0"
gbp pt-create --policy-target-group web --fixed-ip subnet_id=$WEB_SUBNET,ip_address=$FIXED_IP pt-fixed-ip
neutron port-show pt_pt-fixed-ip
gbp pt-delete pt-fixed-ip
gbp group-delete web
gbp group-delete client-1
gbp group-delete client-2
gbp policy-rule-set-delete icmp-policy-rule-set
gbp policy-rule-set-delete web-policy-rule-set
gbp policy-rule-delete secure-web-policy-rule
gbp policy-rule-delete web-policy-rule
gbp policy-rule-delete ping-policy-rule
gbp policy-classifier-delete secure-web-traffic
gbp policy-classifier-delete web-traffic
gbp policy-classifier-delete icmp-traffic
gbp policy-action-delete allow
set +o xtrace
echo "*********************************************************************"
echo "SUCCESS: End DevStack Exercise: $0"
echo "*********************************************************************"

6
gbpservice/tests/contrib/devstack/local-aim.conf
View File

@@ -15,7 +15,9 @@ SKIP_EXERCISES=volumes,trove,swift,sahara,euca,bundle,boot_from_volume,aggregate
#OFFLINE=True
RECLONE=True
enable_plugin gbp https://github.com/openstack/group-based-policy.git master
#enable_plugin gbp https://github.com/openstack/group-based-policy.git master
#The following should be reverted to the above after this patch merges
enable_plugin gbp https://git.openstack.org/openstack/group-based-policy refs/changes/52/409552/41
ENABLE_APIC_AIM=True
ENABLE_APIC_AIM_GATE=True

13
gbpservice/tests/contrib/functions-gbp
View File

@@ -2,10 +2,15 @@
TOP_DIR="$BASE/new/devstack"
NEW_BASE="$BASE/new"
GBP_DIR="$NEW_BASE/group-based-policy"
SCRIPTS_DIR="/usr/os-testr-env/bin"
LOGS_DIR="$NEW_BASE/logs"
ARCHIVE_LOGS_DIR="$BASE/logs"
# The following config is legacy and is used for GBP non-devstack plugin
# install
GBP_DIR="$NEW_BASE/group-based-policy"
GBP_FUNC_DIR=$GBP_DIR/gbpservice/tests/contrib/gbpfunctests
XTRACE=$(set +o | grep xtrace)
function prepare_gbp_devstack {
@@ -41,7 +46,11 @@ function prepare_gbp_aim_devstack {
cd $TOP_DIR
sudo git checkout stable/mitaka
sudo cp $CONTRIB_DIR/devstack/local-aim.conf $TOP_DIR/local.conf
sudo cp $CONTRIB_DIR/devstack/exercises/gbp.sh $TOP_DIR/exercises/
sudo cp $CONTRIB_DIR/devstack/exercises-aim/gbp_aim.sh $TOP_DIR/exercises/
sudo sed -i 's/DEST=\/opt\/stack/DEST=\/opt\/stack\/new/g' $TOP_DIR/stackrc
# Use the aim version of the shared PRS test
sudo mv $GBP_FUNC_DIR/testcases/tc_gbp_prs_pr_shared_func.py.aim $GBP_FUNC_DIR/testcases/tc_gbp_prs_pr_shared_func.py
sudo mv $GBP_FUNC_DIR/testcases/tc_gbp_prs_func.py.aim $GBP_FUNC_DIR/testcases/tc_gbp_prs_func.py
source $TOP_DIR/functions
source $TOP_DIR/functions-common
}

4
gbpservice/tests/contrib/gbpfunctests/testcases/tc_gbp_l3p_func.py
View File

@@ -379,7 +379,7 @@ class test_gbp_l3p_func(object):
"\n## Step 1: Create Policy L3Policy with non-default "
"attrs and values ")
l3p_uuid = self.gbpcfg.gbp_policy_cfg_all(
1, 'l3p', self.l3p_name, ip_pool='40.50.0.0/24',
1, 'l3p', self.l3p_name, ip_pool='40.50.0.0/16',
subnet_prefix_length='25')
if l3p_uuid == 0:
self._log.info("\n## Step 1: Create L3Policy == Failed")
@@ -390,7 +390,7 @@ class test_gbp_l3p_func(object):
l3p_uuid,
id=l3p_uuid,
name=self.l3p_name,
ip_pool='40.50.0.0/24',
ip_pool='40.50.0.0/16',
subnet_prefix_length='25',
ip_version='4') == 0:
self._log.info("\n## Step 1A: Verify non-default == Failed")

636
gbpservice/tests/contrib/gbpfunctests/testcases/tc_gbp_prs_func.py.aim Executable file
View File

@@ -0,0 +1,636 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import commands
import logging
import sys
from libs import config_libs
from libs import utils_libs
from libs import verify_libs
def main():
# Run the Testcases:
test = test_gbp_prs_func()
if test.test_gbp_prs_func_1() == 0:
test.cleanup(tc_name='TESTCASE_GBP_PRS_FUNC_1')
if test.test_gbp_prs_func_2() == 0:
test.cleanup(tc_name='TESTCASE_GBP_PRS_FUNC_2')
if test.test_gbp_prs_func_3() == 0:
test.cleanup(tc_name='TESTCASE_GBP_PRS_FUNC_3')
if test.test_gbp_prs_func_4() == 0:
test.cleanup(tc_name='TESTCASE_GBP_PRS_FUNC_4')
test._log.info(
"\nTESTCASE_GBP_PRS_FUNC_5: TO CREATE/VERIFY/DELETE/VERIFY "
"a PARENT and CHILD POLICY RULESET\n")
test._log.info("\nTESTCASE_GBP_PRS_FUNC_5: NOT SUPPORTED in ACI")
test._log.info(
"\nTESTCASE_GBP_PRS_FUNC_6: TO CHANGE/UPDATE/DELETE/VERIFY "
"PARENT and CHILD POLICY RULESET\n")
test._log.info("\nTESTCASE_GBP_PRS_FUNC_6: NOT SUPPORTED in ACI")
test.cleanup()
utils_libs.report_results('test_gbp_prs_func', 'test_results.txt')
sys.exit(1)
class test_gbp_prs_func(object):
# Initialize logging
logging.basicConfig(
format='%(asctime)s [%(levelname)s] %(name)s - %(message)s',
level=logging.WARNING)
_log = logging.getLogger(__name__)
cmd = 'rm /tmp/test_gbp_prs_func.log'
commands.getoutput(cmd)
hdlr = logging.FileHandler('/tmp/test_gbp_prs_func.log')
formatter = logging.Formatter('%(asctime)s %(levelname)s %(message)s')
hdlr.setFormatter(formatter)
_log.addHandler(hdlr)
_log.setLevel(logging.INFO)
_log.setLevel(logging.DEBUG)
def __init__(self):
"""
Init def
"""
self._log.info(
"\n## START OF GBP POLICY_RULE_SET FUNCTIONALITY TESTSUITE\n")
self.gbpcfg = config_libs.Gbp_Config()
self.gbpverify = verify_libs.Gbp_Verify()
self.act_name = 'demo_pa'
self.cls_name = 'demo_pc'
self.rule_name = 'demo_pr'
self.ruleset_name = 'demo_prs'
self._log.info('\n## Step 1: Create a PC needed for PRS Testing ##')
self.cls_uuid = self.gbpcfg.gbp_policy_cfg_all(
1, 'classifier', self.cls_name)
if self.cls_uuid == 0:
self._log.info(
"\nReqd Policy Classifier Create Failed, hence GBP "
"Policy Rule-Set Functional Test Suite Run ABORTED\n")
return
self._log.info('\n## Step 1: Create a PA needed for PRS Testing ##')
self.act_uuid = self.gbpcfg.gbp_policy_cfg_all(
1, 'action', self.act_name)
if self.act_uuid == 0:
self._log.info(
"\nReqd Policy Action Create Failed, hence GBP "
"Policy Rule-Set Functional Test Suite Run ABORTED\n")
return
self._log.info('\n## Step 1: Create a PR needed for PRS Testing ##')
self.rule_uuid = self.gbpcfg.gbp_policy_cfg_all(
1, 'rule', self.rule_name, classifier=self.cls_name,
action=self.act_name)
if self.rule_uuid == 0:
self._log.info(
"\nReqd Policy Rule Create Failed, hence GBP "
"Policy Rule-Set Functional Test Suite Run ABORTED\n ")
return
def cleanup(self, tc_name=''):
if tc_name != '':
self._log.info('%s: FAILED' % (tc_name))
for obj in ['ruleset', 'rule', 'classifier', 'action']:
self.gbpcfg.gbp_del_all_anyobj(obj)
def test_gbp_prs_func_1(
self,
name_uuid='',
ruleset_uuid='',
rep_cr=0,
rep_del=0):
if rep_cr == 0 and rep_del == 0:
self._log.info(
"\n########################################################\n"
"TESTCASE_GBP_PRS_FUNC_1: TO CREATE/VERIFY/DELETE/VERIFY "
"a POLICY RULESET with DEFAULT ATTRIB VALUE\n"
"TEST_STEP::\n"
"Create Policy RuleSet Object\n"
"Verify the attributes & value, show & list cmds\n"
"Delete Policy RuleSet using Name\n"
"Verify that PR has got deleted, show & list cmds\n"
"##########################################################\n")
if name_uuid == '':
name_uuid = self.ruleset_name
# Testcase work-flow starts
if rep_cr == 0 or rep_cr == 1:
self._log.info(
'\n## Step 1: Create RuleSet with default attrib vals##\n')
ruleset_uuid = self.gbpcfg.gbp_policy_cfg_all(
1, 'ruleset', name_uuid)
if ruleset_uuid == 0:
self._log.info("# Step 1: Create RuleSet == Failed")
return 0
self._log.info('# Step 2A: Verify RuleSet using -list cmd')
if self.gbpverify.gbp_policy_verify_all(
0, 'ruleset', name_uuid, ruleset_uuid) == 0:
self._log.info(
"# Step 2A: Verify RuleSet using -list option == Failed")
return 0
self._log.info('# Step 2B: Verify RuleSet using -show cmd')
if self.gbpverify.gbp_policy_verify_all(
1, 'ruleset', name_uuid, id=ruleset_uuid,
shared='False') == 0:
self._log.info(
"# Step 2B: Verify RuleSet using -show option == Failed")
return 0
#######
if rep_del == 0 or rep_del == 1:
self._log.info('\n## Step 3: Delete RuleSet using name ##\n')
if self.gbpcfg.gbp_policy_cfg_all(0, 'ruleset', name_uuid) == 0:
self._log.info("# Step 3: Delete RuleSet == Failed")
return 0
if self.gbpverify.gbp_policy_verify_all(
0, 'ruleset', name_uuid, ruleset_uuid) != 0:
self._log.info(
"# Step 3A: Verify RuleSet is Deleted using -list "
"option == Failed")
return 0
if self.gbpverify.gbp_policy_verify_all(
1, 'ruleset', name_uuid, id=ruleset_uuid,
shared='False') != 0:
self._log.info(
"# Step 3B: Verify RuleSet is Deleted using "
"-show option == Failed")
return 0
if rep_cr == 0 and rep_del == 0:
self._log.info("\nTESTCASE_GBP_PRS_FUNC_1: PASSED")
return 1
def test_gbp_prs_func_2(self):
self._log.info(
"\n############################################################\n"
"TESTCASE_GBP_PRS_FUNC_2: TO CREATE/VERIFY/DELETE/VERIFY "
"a POLICY RULESET with POLICY RULE\n"
"TEST_STEP::\n"
"Create Policy RuleSet Object with GBP PR\n"
"Verify the attributes & value, show & list cmds\n"
"Delete Policy RuleSet using Name\n"
"Verify that PR has got deleted, show & list cmds\n"
"##############################################################\n")
# Testcase work-flow starts
self._log.info("\n## Step 1: Create Policy RuleSet with PR ##")
ruleset_uuid = self.gbpcfg.gbp_policy_cfg_all(
1, 'ruleset', self.ruleset_name, policy_rules=self.rule_name)
if ruleset_uuid == 0:
self._log.info("# Step 1: Create RuleSet == Failed")
return 0
self._log.info('# Step 2A: Verify RuleSet using -list cmd')
if self.gbpverify.gbp_policy_verify_all(
0, 'ruleset', self.ruleset_name, ruleset_uuid) == 0:
self._log.info(
"# Step 2A: Verify RuleSet using -list option == Failed")
return 0
self._log.info('# Step 2B: Verify RuleSet using -show cmd')
if self.gbpverify.gbp_policy_verify_all(
1,
'ruleset',
self.ruleset_name,
id=ruleset_uuid,
policy_rules=self.rule_uuid,
shared='False') == 0:
self._log.info(
"# Step 2B: Verify RuleSet using -show option == Failed")
return 0
self.test_gbp_prs_func_1(ruleset_uuid=ruleset_uuid, rep_cr=2)
self._log.info("\nTESTCASE_GBP_PRS_FUNC_2: PASSED")
return 1
def test_gbp_prs_func_3(self):
self._log.info(
"\n############################################################\n"
"TESTCASE_GBP_PRS_FUNC_3: TO UPDATE/VERIFY/DELETE/VERIFY "
"EACH ATTRIB of a POLICY RULESET\n"
"TEST_STEP::\n"
"Create Policy RuleSet using Default param values\n"
"Update Each the Policy Rule's editable params\n"
"Verify the Policy Rule's attributes & values, show & list cmds\n"
"Delete the Policy Rule\n"
"Verify Policy RuleSet successfully deleted\n"
"##############################################################\n")
# Testcase work-flow starts
self._log.info('\n## Step 1: Create Policy RuleSet with PR ##\n')
ruleset_uuid = self.gbpcfg.gbp_policy_cfg_all(
1, 'ruleset', self.ruleset_name, policy_rules=self.rule_name)
if ruleset_uuid != 0:
self._log.info(
"Step 1: Create RuleSet Passed, UUID == %s\n" %
(ruleset_uuid))
else:
self._log.info("# Step 1: Create RuleSet == Failed")
return 0
self._log.info('\n## Step 1A: Create new PA ,new PC, new PR##\n')
new_cls_uuid = self.gbpcfg.gbp_policy_cfg_all(
1, 'classifier', 'grppol_pc1')
if new_cls_uuid == 0:
self._log.info(
"\nNew Classifier Create Failed, hence "
"testcase_gbp_prs_func_3 ABORTED\n")
return 0
new_act_uuid = self.gbpcfg.gbp_policy_cfg_all(
1, 'action', 'grppol_pa1')
if new_act_uuid == 0:
self._log.info(
"\nNew Action Create Failed, hence "
"testcase_gbp_prs_func_3 ABORTED\n")
return 0
new_rule_uuid = self.gbpcfg.gbp_policy_cfg_all(
1,
'rule',
'grppol_pr',
classifier=new_cls_uuid,
action=new_act_uuid,
description="'For devstack demo'")
if new_rule_uuid == 0:
self._log.info(
"\nNew Rule Create Failed, hence "
"testcase_gbp_prs_func_3 ABORTED\n")
return 0
if self.gbpcfg.gbp_policy_cfg_all(
2,
'ruleset',
ruleset_uuid,
name='grppol_prs',
policy_rule=new_rule_uuid,
description="'For devstack demo'") == 0:
self._log.info(
"\nStep 2: Updating Policy RuleSet's Attributes , Failed")
return 0
# Verify starts
if self.gbpverify.gbp_policy_verify_all(
0, 'ruleset', 'grppol_prs', ruleset_uuid) == 0:
self._log.info(
"# Step 2A: Verify Policy RuleSet Updated "
"Attributes using -list option == Failed")
return 0
if self.gbpverify.gbp_policy_verify_all(
1,
'ruleset',
ruleset_uuid,
name='grppol_prs',
policy_rules=new_rule_uuid,
description='For devstack demo') == 0:
self._log.info(
"# Step 2B: Verify Policy RuleSet Updated "
"Attributes using -show option == Failed")
return 0
self._log.info("\nTESTCASE_GBP_PRS_FUNC_3: PASSED")
return 1
def test_gbp_prs_func_4(self):
self._log.info(
"\n############################################################\n"
"TESTCASE_GBP_PRS_FUNC_4: TO CREATE/UPDATE/VERIFY/DELETE/ "
"ASSOCIATING MULTIPLE PRs to 1 POLICY RULESET \n"
"TEST_STEP::\n"
"Create Multiple Policy Rules\n"
"Create Policy RuleSet by associating all the Policy Rules\n"
"Verify that multiple Policy Rules are associated to the "
"Policy RuleSet\n"
"Update the Policy RuleSet such that few Policy Rules "
"are unmapped\n"
"Verify the Policy Rule's attributes & values, show & list cmds\n"
"Update the Policy RuleSet such that all Policy Rules "
"association removed\n"
"Verify the Policy Rule's attributes & values, show & list cmds\n"
"##############################################################\n")
# Testcase work-flow starts
self._log.info(
'\n## Step 1A: Create new PA ,new PC, 4 PRs using the '
'same PA & PC##\n')
new_cls_uuid = self.gbpcfg.gbp_policy_cfg_all(
1, 'classifier', 'grppol_pc1')
if new_cls_uuid == 0:
self._log.info(
"\nNew Classifier Create Failed, hence "
"testcase_gbp_prs_func_4 ABORTED\n")
return 0
new_act_uuid = self.gbpcfg.gbp_policy_cfg_all(
1, 'action', 'grppol_pa1')
if new_act_uuid == 0:
self._log.info(
"\nNew Action Create Failed, hence "
"testcase_gbp_prs_func_4 ABORTED\n")
return 0
rule_uuid_list = []
for i in range(4):
new_rule_uuid = self.gbpcfg.gbp_policy_cfg_all(
1,
'rule',
'grppol_pr_%s' %
(i),
classifier=new_cls_uuid,
action=new_act_uuid,
description="'For devstack demo'")
if new_rule_uuid == 0:
self._log.info(
"\nNew Rule Create Failed, hence "
"testcase_gbp_prs_func_4 ABORTED\n")
return 0
rule_uuid_list.append(new_rule_uuid)
ruleset_uuid = self.gbpcfg.gbp_policy_cfg_all(
1,
'ruleset',
'grppol_prs_many',
policy_rule='"%s %s %s %s"' %
(rule_uuid_list[0],
rule_uuid_list[1],
rule_uuid_list[2],
rule_uuid_list[3]),
description="'For devstack demo'")
if ruleset_uuid == 0:
self._log.info(
"\nStep 2: Updating Policy RuleSet's Attributes , Failed")
return 0
# Verify starts
if self.gbpverify.gbp_policy_verify_all(
0, 'ruleset', 'grppol_prs_many', ruleset_uuid) == 0:
self._log.info(
"# Step 2A: Verify Policy RuleSet Updated Attributes "
"using -list option == Failed")
return 0
if self.gbpverify.gbp_policy_verify_all(
1,
'ruleset',
ruleset_uuid,
name='grppol_prs_many',
description='For devstack demo') == 0:
self._log.info(
"# Step 2B: Verify Policy RuleSet Updated Attributes "
"using -show option == Failed")
return 0
if self.gbpverify.gbp_obj_ver_attr_all_values(
'ruleset', 'grppol_prs_many', 'policy_rules',
rule_uuid_list) == 0:
self._log.info(
"# Step 2C: Verify Policy RuleSet and its Multiple PRs "
"using -show option == Failed")
return 0
# Update and Verify the PRS by updating the PRs(removing few existing
# ones)
if self.gbpcfg.gbp_policy_cfg_all(
2, 'ruleset', 'grppol_prs_many', policy_rule='"%s %s"' %
(rule_uuid_list[0], rule_uuid_list[2])) == 0:
self._log.info(
"# Step 3: Updating Policy RuleSet's Attributes , Failed")
return 0
if self.gbpverify.gbp_obj_ver_attr_all_values(
'ruleset', 'grppol_prs_many', 'policy_rules',
rule_uuid_list) != 0:
self._log.info(
"# Step 3A: Verify Policy RuleSet and its Multiple "
"PRs using -show option == Failed")
return 0
# Update and Verify the PRS by updating the PRs=NULL(unmapping all PRs)
if self.gbpcfg.gbp_policy_cfg_all(2, 'ruleset', 'grppol_prs_many',
policy_rule='""') == 0:
self._log.info(
"# Step 4: Upmapping All Policy Rule from Policy "
"RuleSet , Failed")
return 0
if self.gbpverify.gbp_obj_ver_attr_all_values(
'ruleset', 'grppol_prs_many', 'policy_rules',
rule_uuid_list) != 0:
self._log.info(
"# Step 4A: Verify All Policy Rules have been Removed "
"from Policy RuleSet using --show option == Failed")
return 0
self._log.info("\nTESTCASE_GBP_PRS_FUNC_4: PASSED")
return 1
def test_gbp_prs_func_5(self):
self._log.info(
"\n############################################################\n"
"TESTCASE_GBP_PRS_FUNC_5: TO CREATE/VERIFY/DELETE/VERIFY "
"a PARENT and CHILD POLICY RULESET\n"
"TEST_STEP::\n"
"Create 1 Policy RuleSet using the same PA & PC\n"
"Create the 2nd Policy RuleSet using the same PA, "
"PC and associate PRS-1 as CHILD\n"
"Verify the Child PRS reflect the Parent PRS and viceversa\n"
"Delete the Child PRS\n"
"Verify the Parent PRS has no CHILD\n"
"Create the CHild PRS, associate to the Parent PRS\n"
"Verify the association is established b/e Child and Parent\n"
"Delete the Parent PRS\n"
"Verify the Parent PRS association removed the Child PRS\n"
"##############################################################\n")
# Testcase work-flow starts
self._log.info("\n## Step 1: Create Policy RuleSet with PR ##")
child_uuid = self.gbpcfg.gbp_policy_cfg_all(
1, 'ruleset', 'demo_child_prs', policy_rules=self.rule_name)
if child_uuid == 0:
self._log.info(
"\n## Step 1: Create Child Policy RuleSet == Failed")
return 0
parent_uuid = self.gbpcfg.gbp_policy_cfg_all(
1,
'ruleset',
'demo_par_prs',
policy_rules=self.rule_name,
child_policy_rule_sets=child_uuid)
if parent_uuid == 0:
self._log.info(
"\n## Step 2: Create Parent Policy RuleSet == Failed")
return 0
self._log.info(
'# Step 2A: Verify Parent and Child Policy RuleSet '
'using -show cmd')
if self.gbpverify.gbp_policy_verify_all(
1,
'ruleset',
'demo_par_prs',
id=parent_uuid,
policy_rules=self.rule_uuid,
shared='False',
child_policy_rule_sets=child_uuid) == 0:
self._log.info(
"\n## Step 2A: Verify Parent RuleSet using -show "
"option == Failed")
return 0
if self.gbpverify.gbp_policy_verify_all(
1,
'ruleset',
'demo_child_prs',
id=child_uuid,
policy_rules=self.rule_uuid,
shared='False',
parent_id=parent_uuid) == 0:
self._log.info(
"\n## Step 2B: Verify Parent RuleSet using -show "
"option == Failed")
return 0
# Delete Child PRS
if self.gbpcfg.gbp_policy_cfg_all(0, 'ruleset', 'demo_child_prs') == 0:
self._log.info("# Step 3: Delete Child Policy RuleSet == Failed")
return 0
if self.gbpverify.gbp_policy_verify_all(
1,
'ruleset',
'demo_par_prs',
id=parent_uuid,
policy_rules=self.rule_uuid,
shared='False',
child_policy_rule_sets=child_uuid) != 0:
self._log.info(
"# Step 3A: Verify Parent PRS after Delete of Child "
"PRS using -show option == Failed")
return 0
# Create Child PRS,Associate to Parent and Verify
child_uuid = self.gbpcfg.gbp_policy_cfg_all(
1, 'ruleset', 'demo_child_prs', policy_rules=self.rule_name)
if child_uuid == 0:
self._log.info("# Step 4: Create Child Policy RuleSet == Failed")
return 0
if self.gbpcfg.gbp_policy_cfg_all(
2,
'ruleset',
'demo_par_prs',
child_policy_rule_sets=child_uuid) == 0:
self._log.info(
"# Step 5: Associating Child PRS by Updating Parent "
"PRS == Failed")
return 0
self._log.info(
'# Step 5A: Verify Parent and Child Policy RuleSet '
'using -show cmd')
if self.gbpverify.gbp_policy_verify_all(
1,
'ruleset',
'demo_par_prs',
id=parent_uuid,
policy_rules=self.rule_uuid,
shared='False',
child_policy_rule_sets=child_uuid) == 0:
self._log.info(
"# Step 5A: Verify Parent RuleSet using -show "
"option == Failed")
return 0
if self.gbpverify.gbp_policy_verify_all(
1,
'ruleset',
'demo_child_prs',
id=child_uuid,
policy_rules=self.rule_uuid,
shared='False',
parent_id=parent_uuid) == 0:
self._log.info(
"# Step 5B: Verify Parent RuleSet using -show "
"option == Failed")
return 0
# Delete Parent PRS and Verify
if self.gbpcfg.gbp_policy_cfg_all(0, 'ruleset', 'demo_par_prs') == 0:
self._log.info("# Step 6: Delete Parent Policy RuleSet == Failed")
return 0
if self.gbpverify.gbp_policy_verify_all(
1,
'ruleset',
'demo_child_prs',
id=child_uuid,
policy_rules=self.rule_uuid,
shared='False',
parent_id=parent_uuid) != 0:
self._log.info(
"# Step 6A: Verify Child PRS after Delete of "
"Parent PRS using -show option == Failed")
return 0
self._log.info("\nTESTCASE_GBP_PRS_FUNC_5: PASSED")
return 1
def test_gbp_prs_func_6(self):
"""
Changing parent-child prs mapping
Create 4 PRS, two are parent and two are child
Update the one of the parent such that both childs are mapped
Verify
Delete both child PRS
Verify the parent PRS
"""
self._log.info(
"\n############################################################\n"
"TESTCASE_GBP_PRS_FUNC_6: TO CHANGE/UPDATE/DELETE/VERIFY "
"PARENT and CHILD POLICY RULESET\n"
"TEST_STEP::\n"
"Changing parent-child prs mapping\n"
"Create 4 PRS, two are parent and two are child\n"
"Update the one of the parent such that both childs are mapped\n"
"Verify\n"
"Delete both child PRS\n"
"Verify the parent PRS\n"
"##############################################################\n")
# Testcase work-flow starts
self._log.info(
"\n## Step 1: Create 4 Policy RuleSets, 2 Parent & 2 "
"Child with PR ##")
ch_uuids, par_uuids = [], []
for i in range(1, 3):
child_name, par_name = 'child_%s_prs' % (i), 'par_%s_prs' % (i)
child_uuid = self.gbpcfg.gbp_policy_cfg_all(
1, 'ruleset', child_name, policy_rules=self.rule_name)
if child_uuid == 0:
self._log.info(
"\n## Step 1: Create Child Policy RuleSet == Failed")
return 0
parent_uuid = self.gbpcfg.gbp_policy_cfg_all(
1,
'ruleset',
par_name,
policy_rules=self.rule_name,
child_policy_rule_sets=child_uuid)
if parent_uuid == 0:
self._log.info(
"\n## Step 2: Create Parent Policy RuleSet == Failed")
return 0
ch_uuids.append(child_uuid)
par_uuids.append(parent_uuid)
# Update One of the Parent with two Child PRSs
if self.gbpcfg.gbp_policy_cfg_all(
2, 'ruleset', 'par_1_prs', child_policy_rule_sets='"%s %s"' %
(ch_uuids[0], ch_uuids[1])) == 0:
self._log.info(
"\n## Step 3: Update Parent Policy RuleSet == Failed")
return 0
if self.gbpverify.gbp_obj_ver_attr_all_values(
'ruleset', 'par_1_prs', 'child_policy_rule_sets', [
ch_uuids[0], ch_uuids[1]]) == 0:
self._log.info("\n## Step 3A: Child PRS NOT Found in Parent PRS")
return 0
# Delete Child PRSs
for i in range(2):
if self.gbpcfg.gbp_policy_cfg_all(0, 'ruleset', ch_uuids[i]) == 0:
self._log.info(
"\n## Step 5: Delete of Child PRS child_%s_prs" %
(i))
return 0
if self.gbpverify.gbp_obj_ver_attr_all_values(
'ruleset', 'par_1_prs', 'child_policy_rule_sets', [
ch_uuids[0], ch_uuids[1]]) != 0:
self._log.info(
"\n## Step 5A: Stale Child PRS Mapping still "
"persists in Parent PRS")
return 0
self._log.info("\nTESTCASE_GBP_PRS_FUNC_6: PASSED")
return 1
if __name__ == '__main__':
main()

288
gbpservice/tests/contrib/gbpfunctests/testcases/tc_gbp_prs_pr_shared_func.py.aim Executable file
View File

@@ -0,0 +1,288 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import commands
import logging
import sys
from libs import config_libs
from libs import utils_libs
from libs import verify_libs
def main():
# Run the Testcases:
test = test_gbp_prs_pr_shared_func()
if test.test_gbp_prs_pr_shared_func_1() == 0:
test.cleanup(tc_name='TESTCASE_GBP_PRS_PR_SHARED_INTEG_1')
if test.test_gbp_prs_pr_shared_func_2() == 0:
test.cleanup(tc_name='TESTCASE_GBP_PRS_PR_SHARED_INTEG_2')
test.cleanup()
utils_libs.report_results('test_gbp_prs_pr_shared_func',
'test_results_admin.txt')
sys.exit(1)
class test_gbp_prs_pr_shared_func(object):
# Initialize logging
logging.basicConfig(
format='%(asctime)s [%(levelname)s] %(name)s - %(message)s',
level=logging.WARNING)
_log = logging.getLogger(__name__)
cmd = 'rm /tmp/test_gbp_prs_pr_shared_func.log'
commands.getoutput(cmd)
hdlr = logging.FileHandler('/tmp/test_gbp_prs_pr_shared_func.log')
formatter = logging.Formatter('%(asctime)s %(levelname)s %(message)s')
hdlr.setFormatter(formatter)
_log.addHandler(hdlr)
_log.setLevel(logging.INFO)
_log.setLevel(logging.DEBUG)
def __init__(self):
"""
Init def
"""
self._log.info(
"\n## START OF GBP POLICY_RULE_SET FUNCTIONALITY TESTSUITE\n")
self.gbpcfg = config_libs.Gbp_Config()
self.gbpverify = verify_libs.Gbp_Verify()
self.act_name = 'demo_pa'
self.cls_name = 'demo_pc'
self.rule_name = 'demo_pr'
self.ruleset_name = 'demo_prs'
def cleanup(self, tc_name=''):
if tc_name != '':
self._log.info('%s: FAILED' % (tc_name))
for obj in ['ruleset', 'rule', 'classifier', 'action']:
self.gbpcfg.gbp_del_all_anyobj(obj)
def test_gbp_prs_pr_shared_func_1(self):
self._log.info(
"\n############################################################\n"
"TESTCASE_GBP_PRS_PR_SHARED_INTEG_1: TO "
"CREATE/UPDATE/VERIFY/DELETE/ ASSOCIATING MULTIPLE PRs to 1 "
"POLICY RULESET \n"
"TEST_STEP::\n"
"Create Multiple Policy Rules with shared=True\n"
"Create Policy RuleSet by associating all the Policy "
"Rules and shared=False(default)\n"
"Verify that multiple Policy Rules are associated to "
"the Policy RuleSet\n"
"Update the Policy RuleSet with shared=True\n"
"Verify the Policy RuleSet's shared=True\n"
"##############################################################\n")
# Testcase work-flow starts
self._log.info(
'\n## Step 1A: Create new PA ,new PC, 4 PRs using the '
'same PA & PC##\n')
new_cls_uuid = self.gbpcfg.gbp_policy_cfg_all(
1, 'classifier', 'grppol_pc1', shared='True')
if new_cls_uuid == 0:
self._log.info(
"\nNew Classifier Create Failed, hence "
"Testcase_gbp_prs_pr_shared_integ_1 ABORTED\n")
return 0
new_act_uuid = self.gbpcfg.gbp_policy_cfg_all(
1, 'action', 'grppol_pa1', shared='True')
if new_act_uuid == 0:
self._log.info(
"\nNew Action Create Failed, hence "
"testcase_gbp_prs_pr_shared_integ_1 ABORTED\n")
return 0
rule_uuid_list = []
for i in range(4):
new_rule_uuid = self.gbpcfg.gbp_policy_cfg_all(
1,
'rule',
'grppol_pr_%s' %
(i),
classifier=new_cls_uuid,
action=new_act_uuid,
description="'For devstack demo'",
shared="True")
if new_rule_uuid == 0:
self._log.info(
"\nNew Rule Create Failed, hence "
"testcase_gbp_prs_pr_shared_integ_1 ABORTED\n")
return 0
rule_uuid_list.append(new_rule_uuid)
ruleset_uuid = self.gbpcfg.gbp_policy_cfg_all(
1,
'ruleset',
'grppol_prs_many',
policy_rule='"%s %s %s %s"' %
(rule_uuid_list[0],
rule_uuid_list[1],
rule_uuid_list[2],
rule_uuid_list[3]),
description="'For devstack demo'",
shared='False')
if ruleset_uuid == 0:
self._log.info(
"\nStep 2: Creating Policy RuleSet with multiple "
"PRs(shared=True) and shared=False , Failed")
return 0
# Verify starts
if self.gbpverify.gbp_policy_verify_all(
1,
'ruleset',
ruleset_uuid,
name='grppol_prs_many',
description='For devstack demo',
shared='False') == 0:
self._log.info(
"# Step 2B: Verify Policy RuleSet and its "
"shared='False' == Failed")
return 0
if self.gbpverify.gbp_obj_ver_attr_all_values(
'ruleset', 'grppol_prs_many', 'policy_rules',
rule_uuid_list) == 0:
self._log.info(
"# Step 2C: Verify Policy RuleSet and its "
"Multiple PRs using -show option == Failed")
return 0
if self.gbpcfg.gbp_policy_cfg_all(
2, 'ruleset', 'grppol_prs_many', shared='True') == 0:
self._log.info(
"# Step 3: Updating Policy RuleSet's Attribute "
"shared=True Failed")
return 0
self._log.info("\nTESTCASE_GBP_PRS_PR_SHARED_INTEG_1: PASSED")
self.cleanup()
return 1
def test_gbp_prs_pr_shared_func_2(self):
self._log.info(
"\n############################################################\n"
"TESTCASE_GBP_PRS_PR_SHARED_INTEG_2: TO "
"CREATE/UPDATE/VERIFY/DELETE/ ASSOCIATING MULTIPLE "
"PRs to 1 POLICY RULESET\n"
"TEST_STEP::\n"
"Create Multiple Policy Rules witha mix of shared=True "
"and shared=False\n"
"Create Policy RuleSet by associating all the Policy "
"Rules and shared=False(default)\n"
"Verify that multiple Policy Rules are associated to "
"the Policy RuleSet\n"
"Update the Policy RuleSet with shared=True and update "
"should fail\n"
"Verify the Policy RuleSet's continues with attribute "
"shared=False\n"
"##############################################################\n")
# Testcase work-flow starts
self._log.info(
'\n## Step 1A: Create new PA ,new PC, 4 PRs using the '
'same PA & PC##\n')
new_cls_uuid = self.gbpcfg.gbp_policy_cfg_all(
1, 'classifier', 'grppol_pc1', shared='True')
if new_cls_uuid == 0:
self._log.info(
"\nNew Classifier Create Failed, hence "
"testcase_gbp_prs_pr_shared_integ_2 ABORTED\n")
return 0
new_act_uuid = self.gbpcfg.gbp_policy_cfg_all(
1, 'action', 'grppol_pa1', shared='True')
if new_act_uuid == 0:
self._log.info(
"\nNew Action Create Failed, hence "
"testcase_gbp_prs_pr_shared_integ_2 ABORTED\n")
return 0
rule_uuid_list = []
shared_flag = ['True', 'False', 'True', 'False']
for i in range(4):
new_rule_uuid = self.gbpcfg.gbp_policy_cfg_all(
1,
'rule',
'grppol_pr_%s' %
(i),
classifier=new_cls_uuid,
action=new_act_uuid,
description="'For devstack demo'",
shared=shared_flag[i])
if new_rule_uuid == 0:
self._log.info(
"\nNew Rule Create Failed, hence "
"testcase_gbp_prs_pr_shared_integ_2 ABORTED\n")
return 0
rule_uuid_list.append(new_rule_uuid)
ruleset_uuid = self.gbpcfg.gbp_policy_cfg_all(
1,
'ruleset',
'grppol_prs_many',
policy_rule='"%s %s %s %s"' %
(rule_uuid_list[0],
rule_uuid_list[1],
rule_uuid_list[2],
rule_uuid_list[3]),
description="'For devstack demo'",
shared='False')
if ruleset_uuid == 0:
self._log.info(
"\nStep 2: Creating Policy RuleSet with multiple "
"PRs(shared=True) and shared=False , Failed")
return 0
# Verify starts
if self.gbpverify.gbp_policy_verify_all(
1,
'ruleset',
ruleset_uuid,
name='grppol_prs_many',
description='For devstack demo',
shared='False') == 0:
self._log.info(
"# Step 2B: Verify Policy RuleSet and its "
"shared='False' == Failed")
return 0
if self.gbpverify.gbp_obj_ver_attr_all_values(
'ruleset', 'grppol_prs_many', 'policy_rules',
rule_uuid_list) == 0:
self._log.info(
"# Step 2C: Verify Policy RuleSet and its "
"Multiple PRs using -show option == Failed")
return 0
# Update and Verify the PRS by updating the PRs(removing few existing
# ones)
if self.gbpcfg.gbp_policy_cfg_all(
2, 'ruleset', 'grppol_prs_many', shared='True') != 0:
self._log.info(
"# Step 3: Updating Policy RuleSet's"
" Attribute shared=True did NOT fail")
return 0
if self.gbpverify.gbp_obj_ver_attr_all_values(
'ruleset', 'grppol_prs_many', 'policy_rules',
rule_uuid_list) == 0:
self._log.info(
"# Step 3A: Verify Policy RuleSet and its "
"Multiple PRs using -show option == Failed")
return 0
if self.gbpverify.gbp_policy_verify_all(
1,
'ruleset',
ruleset_uuid,
name='grppol_prs_many',
description='For devstack demo',
shared='False') == 0:
self._log.info(
"# Step 3B: Verify Policy RuleSet and its "
"shared=False, == Failed")
return 0
self._log.info("\nTESTCASE_GBP_PRS_PR_SHARED_INTEG_2: PASSED")
return 1
if __name__ == '__main__':
main()

1
gbpservice/tests/contrib/post_test_hook.sh
View File

@@ -15,7 +15,6 @@ check_residual_resources admin admin
check_residual_resources admin demo
check_residual_resources demo demo
GBP_FUNC_DIR=$GBP_DIR/gbpservice/tests/contrib/gbpfunctests
# Run gbpfunc integration tests
echo "Running gbpfunc test suite"
export PYTHONPATH="$GBP_FUNC_DIR:${PYTHONPATH}"