Browse Source
Patch for P0 of allowed address cidr
Patch for P0 of allowed address cidr
- P0 automation Change-Id: I43d14c3f5d700ead7f584ae6555a097a0cf6b746changes/73/768473/8
Shubham Kadam
9 months ago
6 changed files with 417 additions and 17 deletions
-
8doc/requirements.txt
-
6lower-constraints.txt
-
4test-requirements.txt
-
13vmware_nsx_tempest_plugin/lib/feature_manager.py
-
20vmware_nsx_tempest_plugin/lib/traffic_manager.py
-
383vmware_nsx_tempest_plugin/tests/scenario/test_allowed_addres_cidr.py
@ -1,4 +1,4 @@ |
|||
sphinx!=1.6.6,!=1.6.7,>=1.6.2,<2.0.0;python_version=='2.7' # BSD |
|||
sphinx!=1.6.6,!=1.6.7,>=1.6.2;python_version>='3.4' # BSD |
|||
openstackdocstheme>=1.18.1 # Apache-2.0 |
|||
reno>=2.5.0 # Apache-2.0 |
|||
openstackdocstheme>=2.2.0 # Apache-2.0 |
|||
reno>=3.1.0 # Apache-2.0 |
|||
sphinx>=2.0.0,!=2.1.0 # BSD |
|||
sphinxcontrib-svg2pdfconverter>=0.1.0 # BSD |
|||
@ -0,0 +1,383 @@ |
|||
# Copyright 2017 VMware Inc |
|||
# All Rights Reserved |
|||
# |
|||
# Licensed under the Apache License, Version 2.0 (the "License"); you may |
|||
# not use this file except in compliance with the License. You may obtain |
|||
# a copy of the License at |
|||
# |
|||
# http://www.apache.org/licenses/LICENSE-2.0 |
|||
# |
|||
# Unless required by applicable law or agreed to in writing, software |
|||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
|||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
|||
# License for the specific language governing permissions and limitations |
|||
# under the License. |
|||
|
|||
import os |
|||
import time |
|||
|
|||
from tempest.common.utils.linux import remote_client |
|||
from tempest import config |
|||
from tempest.lib.common.utils import data_utils |
|||
from tempest.lib.common.utils import test_utils |
|||
|
|||
from tempest.lib import decorators |
|||
from tempest.lib import exceptions |
|||
|
|||
from vmware_nsx_tempest_plugin.common import constants |
|||
from vmware_nsx_tempest_plugin.lib import feature_manager |
|||
from vmware_nsx_tempest_plugin.services import nsxp_client |
|||
from vmware_nsx_tempest_plugin.services import nsxv3_client |
|||
|
|||
CONF = config.CONF |
|||
LOG = constants.log.getLogger(__name__) |
|||
|
|||
|
|||
class TestAllowedAddresCidr(feature_manager.FeatureManager): |
|||
|
|||
"""Test New Cases Scenario |
|||
|
|||
""" |
|||
@classmethod |
|||
def setup_clients(cls): |
|||
super(TestAllowedAddresCidr, cls).setup_clients() |
|||
cls.cmgr_adm = cls.get_client_manager('admin') |
|||
cls.cmgr_alt = cls.get_client_manager('alt') |
|||
cls.cmgr_adm = cls.get_client_manager('admin') |
|||
cls.routers_client = cls.cmgr_adm.routers_client |
|||
cls.networks_client = cls.cmgr_adm.networks_client |
|||
cls.subnets_client = cls.cmgr_adm.subnets_client |
|||
cls.sec_rule_client = cls.cmgr_adm.security_group_rules_client |
|||
cls.sec_client = cls.cmgr_adm.security_groups_client |
|||
|
|||
def setUp(self): |
|||
super(TestAllowedAddresCidr, self).setUp() |
|||
CONF.validation.ssh_shell_prologue = '' |
|||
self.vip_ip_address = '' |
|||
self.namestart = 'lbaas-ops' |
|||
self.poke_counters = 12 |
|||
self.hm_delay = 4 |
|||
self.hm_max_retries = 3 |
|||
self.hm_timeout = 10 |
|||
self.server_names = [] |
|||
self.loadbalancer = None |
|||
self.vip_fip = None |
|||
self.web_service_start_delay = 2.5 |
|||
|
|||
@classmethod |
|||
def resource_setup(cls): |
|||
super(TestAllowedAddresCidr, cls).resource_setup() |
|||
cls.nsx = nsxv3_client.NSXV3Client(CONF.nsxv3.nsx_manager, |
|||
CONF.nsxv3.nsx_user, |
|||
CONF.nsxv3.nsx_password) |
|||
cls.nsxp = nsxp_client.NSXPClient(CONF.nsxv3.nsx_manager, |
|||
CONF.nsxv3.nsx_user, |
|||
CONF.nsxv3.nsx_password) |
|||
|
|||
def _test_ping_from_external_network(self, fip_ip): |
|||
out = os.popen('ping -c 5 %s' % fip_ip).read().strip() |
|||
return out |
|||
|
|||
def _create_ipv6_subnet(self, network, cidr, ipv6_ra_mode=None, |
|||
ipv6_address_mode=None, |
|||
router_id=None, slaac=False, enable_dhcp=False): |
|||
subnet_client = self.cmgr_adm.subnets_client |
|||
subnet_name = network['name'] + 'sub' |
|||
if slaac: |
|||
subnet = self.create_topology_subnet( |
|||
subnet_name, network, |
|||
subnets_client=subnet_client, |
|||
ip_version=6, ipv6_ra_mode='slaac', |
|||
ipv6_address_mode='slaac', |
|||
cidr=cidr, router_id=router_id) |
|||
else: |
|||
subnet = self.create_topology_subnet( |
|||
subnet_name, network, |
|||
subnets_client=subnet_client, |
|||
ipv6_address_mode=ipv6_address_mode, |
|||
ipv6_ra_mode=ipv6_ra_mode, |
|||
ip_version=6, enable_dhcp=True, |
|||
cidr=cidr, router_id=router_id) |
|||
return subnet |
|||
|
|||
def create_topo_single_dhcpv6_network( |
|||
self, namestart, ipv6_address_mode, |
|||
ipv6_ra_mode, create_instance=True, |
|||
set_gateway=True, slaac=False, |
|||
ipv6cidr=None, cidr=None, |
|||
security_groups=None, **kwargs): |
|||
""" |
|||
Create Topo where 1 logical switches which is |
|||
connected via tier-1 router. |
|||
""" |
|||
rtr_name = data_utils.rand_name(name='tempest-router') |
|||
network_name = data_utils.rand_name(name='tempest-net') |
|||
subnet_name = data_utils.rand_name(name='tempest-subnet') |
|||
router_state = self.create_topology_router(rtr_name, |
|||
set_gateway=set_gateway, |
|||
**kwargs) |
|||
network_state = self.create_topology_network(network_name) |
|||
subnet_state = self.create_topology_subnet( |
|||
subnet_name, network_state, |
|||
router_id=router_state["id"], cidr=cidr) |
|||
subnet_v6 = self._create_ipv6_subnet( |
|||
network_state, cidr=ipv6cidr, slaac=slaac, |
|||
ipv6_address_mode=ipv6_address_mode, |
|||
ipv6_ra_mode=ipv6_ra_mode, |
|||
router_id=router_state["id"]) |
|||
time.sleep(constants.NSX_NETWORK_REALISE_TIMEOUT) |
|||
if create_instance: |
|||
image_id = self.get_glance_image_id(["cirros", "esx"]) |
|||
self.create_topology_instance( |
|||
"state_vm_1", [network_state], |
|||
create_floating_ip=True, image_id=image_id, |
|||
clients=self.cmgr_adm, |
|||
security_groups=security_groups) |
|||
self.create_topology_instance( |
|||
"state_vm_2", [network_state], |
|||
create_floating_ip=True, image_id=image_id, |
|||
clients=self.cmgr_adm, |
|||
security_groups=security_groups) |
|||
topology_dict = dict(router_state=router_state, |
|||
network_state=network_state, |
|||
subnet_state=subnet_state, |
|||
subnet_v6=subnet_v6) |
|||
return topology_dict |
|||
|
|||
@decorators.idempotent_id('2317449c-14ca-1428-a428-09956daa46c3') |
|||
def test_allowed_address_cidr_octavia_lb(self): |
|||
""" |
|||
Create NAT and Firewall rules on router. |
|||
Verify order of NAT and Firewall. |
|||
""" |
|||
kwargs = {"enable_snat": True} |
|||
network_name = data_utils.rand_name(name='tempest-net') |
|||
subnet_name = data_utils.rand_name(name='tempest-subnet') |
|||
router_state = self.create_topology_router( |
|||
set_gateway=True, |
|||
routers_client=self.cmgr_adm.routers_client, **kwargs) |
|||
network_state = self.create_topology_network( |
|||
network_name, networks_client=self.cmgr_adm.networks_client) |
|||
subnet_state = self.create_topology_subnet( |
|||
subnet_name, network_state, |
|||
subnets_client=self.cmgr_adm.subnets_client) |
|||
time.sleep(constants.NSX_NETWORK_REALISE_TIMEOUT) |
|||
self.cmgr_adm.routers_client.add_router_interface( |
|||
router_state['id'], subnet_id=subnet_state["id"]) |
|||
self.addCleanup(test_utils.call_and_ignore_notfound_exc, |
|||
self.cmgr_adm.routers_client.remove_router_interface, |
|||
router_state['id'], subnet_id=subnet_state["id"]) |
|||
sec_rule_client = self.cmgr_adm.security_group_rules_client |
|||
sec_client = self.cmgr_adm.security_groups_client |
|||
kwargs = dict(tenant_id=network_state['tenant_id'], |
|||
security_group_rules_client=sec_rule_client, |
|||
security_groups_client=sec_client) |
|||
self.sg = self._create_security_group( |
|||
security_group_rules_client=self.cmgr_adm. |
|||
security_group_rules_client, |
|||
security_groups_client=self.cmgr_adm.security_groups_client) |
|||
lbaas_rules = [dict(direction='ingress', protocol='tcp', |
|||
port_range_min=constants.HTTP_PORT, |
|||
port_range_max=constants.HTTP_PORT, ), |
|||
dict(direction='ingress', protocol='tcp', |
|||
port_range_min=443, port_range_max=443, ), |
|||
dict(direction='ingress', protocol='tcp', |
|||
port_range_min=constants.HTTP_PORT, |
|||
port_range_max=constants.HTTP_PORT, |
|||
ethertype='IPv6'), |
|||
dict(direction='ingress', protocol='tcp', |
|||
port_range_min=443, port_range_max=443, |
|||
ethertype='IPv6')] |
|||
for rule in lbaas_rules: |
|||
self.add_security_group_rule( |
|||
self.sg, |
|||
rule, |
|||
ruleclient=self.cmgr_adm.security_group_rules_client, |
|||
secclient=self.cmgr_adm.security_groups_client, |
|||
tenant_id=network_state['tenant_id']) |
|||
security_groups = [{'name': self.sg['name']}] |
|||
image_id = self.get_glance_image_id(["cirros", "esx"]) |
|||
self.create_topology_instance( |
|||
"state_vm_1", [network_state], |
|||
create_floating_ip=True, image_id=image_id, clients=self.cmgr_adm, |
|||
security_groups=security_groups) |
|||
self.create_topology_instance( |
|||
"state_vm_2", [network_state], |
|||
create_floating_ip=True, image_id=image_id, clients=self.cmgr_adm, |
|||
security_groups=security_groups) |
|||
self.start_web_servers(constants.HTTP_PORT) |
|||
lb_cist = self.create_project_octavia( |
|||
protocol_type="HTTP", protocol_port="80", |
|||
lb_algorithm="LEAST_CONNECTIONS", |
|||
vip_net_id=network_state['id']) |
|||
allowed_cidrs = {'allowed_cidrs': ['3.0.0.0/24', '4.0.0.0/24']} |
|||
self.octavia_admin_listener_client.\ |
|||
update_octavia_listener(lb_cist['listener_id'], |
|||
listener_data=allowed_cidrs)['listener'] |
|||
time.sleep(constants.NSX_NETWORK_REALISE_TIMEOUT) |
|||
self.check_project_lbaas(no_resp=True) |
|||
out = os.popen("sudo ifconfig eth1 | grep 'inet'" |
|||
"| awk {'print$2'} | " |
|||
"cut -f2 -d':'").read().strip() |
|||
allowed_cidrs = {'allowed_cidrs': ['%s/24' % out]} |
|||
self.octavia_admin_listener_client.\ |
|||
update_octavia_listener(lb_cist['listener_id'], |
|||
listener_data=allowed_cidrs)['listener'] |
|||
time.sleep(constants.NSX_NETWORK_REALISE_TIMEOUT) |
|||
self.check_project_lbaas(no_resp=False) |
|||
self.delete_octavia_lb_resources(lb_cist['lb_id']) |
|||
|
|||
@decorators.idempotent_id('2317449c-14ca-1428-a428-09956daa46c3') |
|||
def test_allowed_address_ipv6_cidr_octavia_lb(self): |
|||
""" |
|||
Create NAT and Firewall rules on router. |
|||
Verify order of NAT and Firewall. |
|||
""" |
|||
kwargs = {"enable_snat": True} |
|||
mode = "dhcpv6-stateless" |
|||
network_name = data_utils.rand_name(name='tempest-net') |
|||
subnet_name = data_utils.rand_name(name='tempest-subnet') |
|||
router_name = data_utils.rand_name(name='tempest-router') |
|||
network_state1 = self.create_topology_network( |
|||
network_name, networks_client=self.cmgr_adm.networks_client) |
|||
time.sleep(constants.NSX_NETWORK_REALISE_TIMEOUT) |
|||
sec_rule_client = self.cmgr_adm.security_group_rules_client |
|||
sec_client = self.cmgr_adm.security_groups_client |
|||
kwargs = dict(tenant_id=network_state1['tenant_id'], |
|||
security_group_rules_client=sec_rule_client, |
|||
security_groups_client=sec_client) |
|||
self.sg = self._create_security_group( |
|||
security_group_rules_client=self.cmgr_adm. |
|||
security_group_rules_client, |
|||
security_groups_client=self.cmgr_adm.security_groups_client) |
|||
lbaas_rules = [dict(direction='ingress', protocol='tcp'), |
|||
dict(direction='ingress', protocol='tcp', |
|||
ethertype='IPv6'), |
|||
dict(direction='egress', protocol='tcp', |
|||
ethertype='IPv6'), |
|||
dict(direction='egress', protocol='tcp')] |
|||
for rule in lbaas_rules: |
|||
self.add_security_group_rule( |
|||
self.sg, |
|||
rule, |
|||
ruleclient=self.cmgr_adm.security_group_rules_client, |
|||
secclient=self.cmgr_adm.security_groups_client, |
|||
tenant_id=network_state1['tenant_id']) |
|||
kwargs = {"admin_state_up": "True"} |
|||
security_groups = [{'name': self.sg['name']}] |
|||
topology_dict = self.create_topo_single_dhcpv6_network( |
|||
"allowed_address_cidr", create_instance=True, |
|||
set_gateway=True, |
|||
ipv6_ra_mode=mode, ipv6_address_mode=mode, |
|||
ipv6cidr="1300::/64", cidr="13.0.0.0/24", |
|||
security_groups=security_groups, **kwargs) |
|||
subnetipv6_state = topology_dict['subnet_v6'] |
|||
router_state1 = self.create_topology_router( |
|||
router_name, set_gateway=True, |
|||
routers_client=self.cmgr_adm.routers_client, **kwargs) |
|||
self.create_topology_subnet( |
|||
subnet_name, network_state1, |
|||
subnets_client=self.cmgr_adm.subnets_client, |
|||
cidr="35.0.0.0/24", router_id=router_state1["id"]) |
|||
mode = "dhcpv6-stateless" |
|||
self._create_ipv6_subnet( |
|||
network_state1, cidr="3500::/64", slaac=False, |
|||
ipv6_address_mode=mode, |
|||
ipv6_ra_mode=mode, |
|||
router_id=router_state1["id"]) |
|||
network_name = data_utils.rand_name(name='tempest-net') |
|||
subnet_name = data_utils.rand_name(name='tempest-subnet') |
|||
router_name = data_utils.rand_name(name='tempest-router') |
|||
network_state2 = self.create_topology_network( |
|||
network_name, networks_client=self.cmgr_adm.networks_client) |
|||
router_state2 = self.create_topology_router( |
|||
router_name, set_gateway=True, |
|||
routers_client=self.cmgr_adm.routers_client, **kwargs) |
|||
self.create_topology_subnet( |
|||
subnet_name, network_state2, |
|||
subnets_client=self.cmgr_adm.subnets_client, |
|||
cidr="46.0.0.0/24", router_id=router_state2["id"]) |
|||
self._create_ipv6_subnet( |
|||
network_state2, cidr="4600::/64", slaac=False, |
|||
ipv6_address_mode=mode, |
|||
ipv6_ra_mode=mode, |
|||
router_id=router_state2["id"]) |
|||
time.sleep(constants.NSX_NETWORK_REALISE_TIMEOUT) |
|||
self.start_web_servers(constants.HTTP_PORT) |
|||
lb_cist = self.create_project_octavia( |
|||
protocol_type="HTTP", protocol_port="80", |
|||
lb_algorithm="LEAST_CONNECTIONS", |
|||
vip_subnet_id=subnetipv6_state['id'], |
|||
create_fip=False, ipv6=True) |
|||
security_groups = [{'name': self.sg['name']}] |
|||
image_id = self.get_glance_image_id(["cirros", "esx"]) |
|||
server3 = self.create_topology_instance( |
|||
"state_vm_3", [network_state1], |
|||
create_floating_ip=True, image_id=image_id, clients=self.cmgr_adm, |
|||
security_groups=security_groups) |
|||
server4 = self.create_topology_instance( |
|||
"state_vm_4", [network_state2], |
|||
create_floating_ip=True, image_id=image_id, clients=self.cmgr_adm, |
|||
security_groups=security_groups) |
|||
allowed_cidrs = {'allowed_cidrs': ['3500::/64', '4600::/64']} |
|||
self.octavia_admin_listener_client.\ |
|||
update_octavia_listener(lb_cist['listener_id'], |
|||
listener_data=allowed_cidrs)['listener'] |
|||
fip1 = server3["floating_ips"][0]["floating_ip_address"] |
|||
fip2 = server4["floating_ips"][0]["floating_ip_address"] |
|||
ssh_client = remote_client.RemoteClient( |
|||
fip1, 'cirros', 'gocubsgo') |
|||
command = "curl http://[%s]" % lb_cist['loadbalancer']['vip_address'] |
|||
for i in range(4): |
|||
data = ssh_client.exec_command(command) |
|||
self.assertIn(data, ['state_vm_1', 'state_vm_2']) |
|||
time.sleep(constants.NSXP_BACKEND_SMALL_TIME_INTERVAL) |
|||
ssh_client = remote_client.RemoteClient( |
|||
fip2, 'cirros', 'gocubsgo') |
|||
command = "curl http://[%s]" % lb_cist['loadbalancer']['vip_address'] |
|||
for i in range(4): |
|||
data = ssh_client.exec_command(command) |
|||
self.assertIn(data, ['state_vm_1', 'state_vm_2']) |
|||
allowed_cidrs = {'allowed_cidrs': ["6700::/64"]} |
|||
self.octavia_admin_listener_client.\ |
|||
update_octavia_listener(lb_cist['listener_id'], |
|||
listener_data=allowed_cidrs)['listener'] |
|||
fip1 = server3["floating_ips"][0]["floating_ip_address"] |
|||
fip2 = server4["floating_ips"][0]["floating_ip_address"] |
|||
ssh_client = remote_client.RemoteClient( |
|||
fip1, 'cirros', 'gocubsgo') |
|||
command = "curl http://[%s]" % lb_cist['loadbalancer']['vip_address'] |
|||
time.sleep(constants.NSXP_BACKEND_SMALL_TIME_INTERVAL) |
|||
for i in range(4): |
|||
self.assertRaises( |
|||
exceptions.SSHExecCommandFailed, |
|||
ssh_client.exec_command, command) |
|||
time.sleep(constants.NSXP_BACKEND_SMALL_TIME_INTERVAL) |
|||
ssh_client = remote_client.RemoteClient( |
|||
fip2, 'cirros', 'gocubsgo') |
|||
command = "curl http://[%s]" % lb_cist['loadbalancer']['vip_address'] |
|||
for i in range(4): |
|||
self.assertRaises( |
|||
exceptions.SSHExecCommandFailed, |
|||
ssh_client.exec_command, command) |
|||
allowed_cidrs = {'allowed_cidrs': []} |
|||
self.octavia_admin_listener_client.\ |
|||
update_octavia_listener(lb_cist['listener_id'], |
|||
listener_data=allowed_cidrs)['listener'] |
|||
fip1 = server3["floating_ips"][0]["floating_ip_address"] |
|||
fip2 = server4["floating_ips"][0]["floating_ip_address"] |
|||
ssh_client = remote_client.RemoteClient( |
|||
fip1, 'cirros', 'gocubsgo') |
|||
command = "curl http://[%s]" % lb_cist['loadbalancer']['vip_address'] |
|||
time.sleep(constants.NSXP_BACKEND_SMALL_TIME_INTERVAL) |
|||
for i in range(4): |
|||
data = ssh_client.exec_command(command) |
|||
self.assertIn(data, ['state_vm_1', 'state_vm_2']) |
|||
time.sleep(constants.NSXP_BACKEND_SMALL_TIME_INTERVAL) |
|||
ssh_client = remote_client.RemoteClient( |
|||
fip2, 'cirros', 'gocubsgo') |
|||
command = "curl http://[%s]" % lb_cist['loadbalancer']['vip_address'] |
|||
for i in range(4): |
|||
data = ssh_client.exec_command(command) |
|||
self.assertIn(data, ['state_vm_1', 'state_vm_2']) |
|||
self.delete_octavia_lb_resources(lb_cist['lb_id']) |
|||
Write
Preview
Loading…
Cancel
Save
Reference in new issue