diff --git a/vmware_nsx_tempest_plugin/lib/feature_manager.py b/vmware_nsx_tempest_plugin/lib/feature_manager.py index 6303c4e..733ffaf 100644 --- a/vmware_nsx_tempest_plugin/lib/feature_manager.py +++ b/vmware_nsx_tempest_plugin/lib/feature_manager.py @@ -157,6 +157,18 @@ class FeatureManager(traffic_manager.IperfManager, net_client.region, net_client.endpoint_type, **_params) + cls.octavia_admin_l7policies_client = openstack_network_clients.\ + OctaviaL7PolicyClient(net_client.auth_provider, + net_client.service, + net_client.region, + net_client.endpoint_type, + **_params) + cls.octavia_admin_l7rules_client = openstack_network_clients.\ + OctaviaL7RulesClient(net_client.auth_provider, + net_client.service, + net_client.region, + net_client.endpoint_type, + **_params) net_client.service = 'dns' cls.zones_v2_client = openstack_network_clients.ZonesV2Client( net_client.auth_provider, @@ -1546,7 +1558,13 @@ class FeatureManager(traffic_manager.IperfManager, vip_port_id=None, persistence=False, persistence_type=None, session_persistence=None, - persistence_cookie_name=None): + persistence_cookie_name=None, + allowed_cidrs=None, l7policy=False, action=None, + redirect_url=None, l7rule=False, + compare_type=None, + type=None, value=None, barbican=False, + barbican_container=None, invert=None + ): count = 0 lb_name = None if persistence: @@ -1567,12 +1585,31 @@ class FeatureManager(traffic_manager.IperfManager, )['loadbalancer'] lb_id = self.loadbalancer['id'] self.octavia_admin_client.wait_for_load_balancer_status(lb_id) + if barbican: + tls_id = barbican_container["container_ref"] + else: + tls_id = None self.listener = self.octavia_admin_listener_client.\ create_octavia_listener(loadbalancer_id=lb_id, protocol=protocol_type, protocol_port=protocol_port, - name=lb_name)['listener'] + name=lb_name, + allowed_cidrs=allowed_cidrs, + default_tls_container_ref=tls_id + )['listener'] self.octavia_admin_client.wait_for_load_balancer_status(lb_id) + if l7policy and action != 'REDIRECT_TO_POOL': + l7p = self.octavia_admin_l7policies_client.\ + create_octavia_l7policies(listener_id=self.listener['id'], + name='l7p', action=action, + redirect_url=redirect_url) + self.octavia_admin_client.wait_for_load_balancer_status(lb_id) + if l7rule: + l7p_id = l7p['l7policy']['id'] + self.octavia_admin_l7rules_client.create_octavia_l7rules( + l7policy_id=l7p_id, compare_type=compare_type, value=value, + type=type, invert=invert) + self.octavia_admin_client.wait_for_load_balancer_status(lb_id) if default_pool: self.pool = self.octavia_admin_pools_client.\ create_octavia_pool(loadbalancer_id=lb_id, @@ -1586,6 +1623,8 @@ class FeatureManager(traffic_manager.IperfManager, listener_id=self.listener['id']) self.octavia_admin_client.wait_for_load_balancer_status(lb_id) else: + if barbican: + protocol_type = pool_protocol self.pool = self.octavia_admin_pools_client.\ create_octavia_pool(listener_id=self.listener['id'], lb_algorithm=lb_algorithm, @@ -1596,8 +1635,9 @@ class FeatureManager(traffic_manager.IperfManager, pool_id = self.pool['pool']['id'] if hm_type: self.healthmonitor = self.octavia_hm_client.\ - create_octavia_hm(pool_id=pool_id, type=hm_type, delay=2, - timeout=2, max_retries=2, name=lb_name) + create_octavia_hm(pool_id=pool_id, type=hm_type, delay=delay, + timeout=timeout, max_retries=max_retries, + name=lb_name) self.octavia_admin_client.wait_for_load_balancer_status(lb_id) self.members = [] for server_name in self.topology_servers.keys(): @@ -1682,7 +1722,7 @@ class FeatureManager(traffic_manager.IperfManager, timeout=None, default_pool=False, vip_port_id=None, scale=None, listener_count=None, pool_count=None, - lb_pool=False): + lb_pool=False, allowed_cidrs=None): count = 0 lb_name = None lb_name = data_utils.rand_name(self.namestart) @@ -1706,7 +1746,9 @@ class FeatureManager(traffic_manager.IperfManager, create_octavia_listener(loadbalancer_id=lb_id, protocol=protocol_type, protocol_port=protocol_port, - name=lb_name)['listener'] + name=lb_name, + allowed_cidrs=allowed_cidrs + )['listener'] self.octavia_admin_client.wait_for_load_balancer_status(lb_id) l_id = self.listener['id'] for x in range(pool_count): diff --git a/vmware_nsx_tempest_plugin/services/openstack_network_clients.py b/vmware_nsx_tempest_plugin/services/openstack_network_clients.py index d97735f..4c404c2 100644 --- a/vmware_nsx_tempest_plugin/services/openstack_network_clients.py +++ b/vmware_nsx_tempest_plugin/services/openstack_network_clients.py @@ -731,7 +731,7 @@ class OctaviaListenersClient(base.BaseNetworkClient): resource_base_path = '/%s' % path resource_object_path = '/%s/%%s' % path - def create_octavia_listener(self, **kwargs): + def create_octavia_listener(self, allowed_cidrs, **kwargs): uri = self.resource_base_path post_data = {self.resource: kwargs} return self.create_resource(uri, post_data) @@ -816,3 +816,43 @@ class OctaviaMembersClient(base.BaseNetworkClient): def delete_octavia_member(self, pool_id, member_id): uri = self.resource_object_path % (pool_id, member_id) return self.delete_resource(uri) + + +class OctaviaL7PolicyClient(base.BaseNetworkClient): + """ + The Client is responsible for + Creating members for the pool + Deleting members from the pool + """ + resource = 'l7policy' + resource_plural = 'l7policies' + path = 'lbaas/l7policies' + resource_base_path = '/lbaas/l7policies' + resource_object_path = '/lbaas/l7policies/%s' + + def create_octavia_l7policies(self, **kwargs): + uri = self.resource_base_path + post_data = {self.resource: kwargs} + return self.create_resource(uri, post_data) + + def list_octavia_l7policies(self, listener_id, **filters): + uri = self.resource_base_path + return self.list_resources(uri, **filters) + + def delete_octavia_l7policy(self, l7policy_id): + uri = self.resource_object_path % l7policy_id + return self.delete_resource(uri) + + +class OctaviaL7RulesClient(base.BaseNetworkClient): + """ + The Client is responsible for create, list, delete, + update rules for l7 policies for a listener. + """ + resource = 'rule' + resource_base_path = '/lbaas/l7policies/%s/rules' + + def create_octavia_l7rules(self, l7policy_id, **kwargs): + uri = self.resource_base_path % l7policy_id + post_data = {self.resource: kwargs} + return self.create_resource(uri, post_data) diff --git a/vmware_nsx_tempest_plugin/tests/nsxv3/scenario/test_octavia_loadbalancers.py b/vmware_nsx_tempest_plugin/tests/nsxv3/scenario/test_octavia_loadbalancers.py index bfad273..8702aeb 100644 --- a/vmware_nsx_tempest_plugin/tests/nsxv3/scenario/test_octavia_loadbalancers.py +++ b/vmware_nsx_tempest_plugin/tests/nsxv3/scenario/test_octavia_loadbalancers.py @@ -266,3 +266,330 @@ class OctaviaRoundRobin(feature_manager.FeatureManager): persistence_type="SOURCE_IP") self.check_lbaas_project_weight_values(constants.NO_OF_VMS_2, hash_persistence=True) + + @decorators.attr(type='nsxv3') + @decorators.idempotent_id('c5ac8546-6768-4b7a-8704-3844b11b1a34') + def test_create_verify_lb_rr_with_allowed_cidr_on_listener(self): + """ + The Loadbalancer listener is created with allowed_cidrs specified + """ + diction = self.deploy_octavia_topology() + cidr_list = ['192.92.0.0/24', '192.94.0.0/16'] + if not CONF.nsxv3.ens: + self.start_web_servers(constants.HTTP_PORT) + subnet_id = diction['subnet']['subnet']['id'] + self.create_project_octavia(protocol_type="HTTP", protocol_port="80", + lb_algorithm="ROUND_ROBIN", + vip_subnet_id=subnet_id, + allowed_cidrs=cidr_list) + + self.check_project_lbaas() + + @decorators.attr(type='nsxv3') + @decorators.idempotent_id('ca5c8546-6768-4b7a-8704-3844b11b1a34') + def test_create_verify_lb_rr_with_allowed_cidr_0_0_0_0_on_listener(self): + """ + The Loadbalancer listener is created with allowed_cidrs specified + """ + diction = self.deploy_octavia_topology() + cidr_list = ['0.0.0.0/0'] + if not CONF.nsxv3.ens: + self.start_web_servers(constants.HTTP_PORT) + subnet_id = diction['subnet']['subnet']['id'] + self.create_project_octavia(protocol_type="HTTP", protocol_port="80", + lb_algorithm="ROUND_ROBIN", + vip_subnet_id=subnet_id, + allowed_cidrs=cidr_list) + + self.check_project_lbaas() + + @decorators.attr(type='nsxv3') + @decorators.idempotent_id('ca5c5468-6768-4b7a-8704-3844b11b1a34') + def test_create_REJECT_l7policies_listeneres(self): + """ + The Loadbalancer listener is created with allowed_cidrs specified + """ + diction = self.deploy_octavia_topology() + if not CONF.nsxv3.ens: + self.start_web_servers(constants.HTTP_PORT) + subnet_id = diction['subnet']['subnet']['id'] + self.create_project_octavia(protocol_type="HTTP", + protocol_port="80", + lb_algorithm="ROUND_ROBIN", + vip_subnet_id=subnet_id, + l7policy=True, action='REJECT') + + @decorators.attr(type='nsxv3') + @decorators.idempotent_id('ca5c4368-6768-4b7a-8704-3844b11b1a34') + def test_create_REDIRECT_TO_URL_l7policies_listeneres(self): + """ + The Loadbalancer listener is created with redirect_url l7policy + with no url specified. + """ + diction = self.deploy_octavia_topology() + if not CONF.nsxv3.ens: + self.start_web_servers(constants.HTTP_PORT) + subnet_id = diction['subnet']['subnet']['id'] + self.create_project_octavia(protocol_type="HTTP", + protocol_port="80", + lb_algorithm="ROUND_ROBIN", + vip_subnet_id=subnet_id, + l7policy=True, + action='REDIRECT_TO_URL') + + @decorators.attr(type='nsxv3') + @decorators.idempotent_id('ca5c4368-6768-4b7a-8704-3844b11b1b34') + def test_create_REDIRECT_TO_URL_url_l7policies_listeneres(self): + """ + The Loadbalancer listener is created with redirect_url l7policy + with url specified. + + """ + diction = self.deploy_octavia_topology() + if not CONF.nsxv3.ens: + self.start_web_servers(constants.HTTP_PORT) + subnet_id = diction['subnet']['subnet']['id'] + self.create_project_octavia(protocol_type="HTTP", + protocol_port="80", + lb_algorithm="ROUND_ROBIN", + vip_subnet_id=subnet_id, + l7policy=True, + action='REDIRECT_TO_URL', + redirect_url='http://www.vmware.com') + + @decorators.attr(type='nsxv3') + @decorators.idempotent_id('ca5c4368-6768-4a7b-8704-3844b11b1b34') + def test_create_REDIRECT_TO_POOL_l7policies_listeneres(self): + """ + The Loadbalancer listener is created with redirect_pool l7policy + with url specified. + """ + diction = self.deploy_octavia_topology() + if not CONF.nsxv3.ens: + self.start_web_servers(constants.HTTP_PORT) + subnet_id = diction['subnet']['subnet']['id'] + lb = self.create_project_octavia(protocol_type="HTTP", + protocol_port="80", + lb_algorithm="ROUND_ROBIN", + vip_subnet_id=subnet_id) + listener = lb['listener_id'] + self.octavia_admin_l7policies_client.create_octavia_l7policies( + listener_id=listener, action='REDIRECT_TO_POOL', + redirect_pool_id=lb['pool_id']) + self.octavia_admin_client.wait_for_load_balancer_status(lb['lb_id']) + l7p = self.octavia_admin_l7policies_client.list_octavia_l7policies( + lb['listener_id']) + for i in l7p['l7policies']: + if lb['listener_id'] == i['listener_id']: + l7p_id = i['id'] + self.octavia_admin_l7policies_client.delete_octavia_l7policy( + l7p_id) + + @decorators.attr(type='nsxv3') + @decorators.idempotent_id('ca5c5468-6768-4a7a-8704-3844b11b1a34') + def test_create_REJECT_l7policies_with_rules_REGEX_compare_type(self): + """ + This testcase creates a l7policy to reject particular regex i.e + regex rule is added to the l7policy. + """ + diction = self.deploy_octavia_topology() + if not CONF.nsxv3.ens: + self.start_web_servers(constants.HTTP_PORT) + subnet_id = diction['subnet']['subnet']['id'] + self.create_project_octavia(protocol_type="HTTP", + protocol_port="80", + lb_algorithm="ROUND_ROBIN", + vip_subnet_id=subnet_id, + l7policy=True, action='REJECT', + compare_type='REGEX', type='PATH', + value='.*', l7rule=True) + + @decorators.attr(type='nsxv3') + @decorators.idempotent_id('ca5c5468-6768-4a7a-8704-3844b11b1a34') + def test_create_REJECT_l7policies_with_rules_CONTAINS_compare_type(self): + """ + This testcase creates a l7policy to reject particular regex i.e + regex rule is added to the l7policy. + """ + diction = self.deploy_octavia_topology() + if not CONF.nsxv3.ens: + self.start_web_servers(constants.HTTP_PORT) + subnet_id = diction['subnet']['subnet']['id'] + self.create_project_octavia(protocol_type="HTTP", + protocol_port="80", + lb_algorithm="ROUND_ROBIN", + vip_subnet_id=subnet_id, + l7policy=True, action='REJECT', + compare_type='CONTAINS', type='PATH', + value='.*', l7rule=True) + + @decorators.attr(type='nsxv3') + @decorators.idempotent_id('ca5c5468-6768-4a7a-8704-3844b11b1a34') + def test_create_REJECT_l7policies_with_rules_ENDS_WITH_compare_type(self): + """ + This testcase creates a l7policy to reject particular regex i.e + regex rule is added to the l7policy. + """ + diction = self.deploy_octavia_topology() + if not CONF.nsxv3.ens: + self.start_web_servers(constants.HTTP_PORT) + subnet_id = diction['subnet']['subnet']['id'] + self.create_project_octavia(protocol_type="HTTP", + protocol_port="80", + lb_algorithm="ROUND_ROBIN", + vip_subnet_id=subnet_id, + l7policy=True, action='REJECT', + compare_type='ENDS_WITH', type='PATH', + value='*', l7rule=True) + + @decorators.attr(type='nsxv3') + @decorators.idempotent_id('ca5c5468-6768-4a7a-8704-3844b11b1a34') + def test_create_REJECT_l7policies_with_rules_STARTS_WITH_cmpr_type(self): + """ + This testcase creates a l7policy to reject particular regex i.e + regex rule is added to the l7policy. + """ + diction = self.deploy_octavia_topology() + if not CONF.nsxv3.ens: + self.start_web_servers(constants.HTTP_PORT) + subnet_id = diction['subnet']['subnet']['id'] + self.create_project_octavia(protocol_type="HTTP", + protocol_port="80", + lb_algorithm="ROUND_ROBIN", + vip_subnet_id=subnet_id, + l7policy=True, action='REJECT', + compare_type='STARTS_WITH', type='PATH', + value='', l7rule=True) + + @decorators.attr(type='nsxv3') + @decorators.idempotent_id('ca5c5468-6768-4a7a-8704-3844b11b1a34') + def test_create_REJECT_l7policies_with_invert_enabled(self): + """ + This testcase creates a l7policy to reject particular regex i.e + regex rule is added to the l7policy. + """ + diction = self.deploy_octavia_topology() + if not CONF.nsxv3.ens: + self.start_web_servers(constants.HTTP_PORT) + subnet_id = diction['subnet']['subnet']['id'] + self.create_project_octavia(protocol_type="HTTP", + protocol_port="80", + lb_algorithm="ROUND_ROBIN", + vip_subnet_id=subnet_id, + l7policy=True, action='REJECT', + invert=True) + self.check_project_lbaas() + + @decorators.attr(type='nsxv3') + @decorators.idempotent_id('74f022d6-a6ef-4458-96a7-541deadacf99') + def test_octavia_http_http_traffic_with_barbican_secrets(self): + """ + Create octavia loadbalancer with http traffic with barbican enabled. + """ + diction = self.deploy_octavia_topology() + subnet_id = diction['subnet']['subnet']['id'] + if not CONF.nsxv3.ens: + self.start_web_servers(constants.HTTP_PORT) + barbican_secrets = self.create_barbican_secret_conatainer( + constants.CERT_FILE, constants.KEY_FILE) + barbican_container = barbican_secrets['secret_container'] + self.create_project_octavia(protocol_type="TERMINATED_HTTPS", + protocol_port="443", + lb_algorithm="ROUND_ROBIN", + vip_subnet_id=subnet_id, + barbican_container=barbican_container, + barbican=True, pool_protocol='HTTP') + self.check_project_lbaas() + + @decorators.attr(type='nsxv3') + @decorators.idempotent_id('74f022d6-a6ef-4458-96a7-541deadacf99') + def test_octavia_https_http_traffic_with_barbican_secrets(self): + """ + Create octavia loadbalancer with http traffic with barbican enabled. + """ + diction = self.deploy_octavia_topology() + subnet_id = diction['subnet']['subnet']['id'] + if not CONF.nsxv3.ens: + self.start_web_servers(constants.HTTP_PORT) + barbican_secrets = self.create_barbican_secret_conatainer( + constants.CERT_FILE, constants.KEY_FILE) + barbican_container = barbican_secrets['secret_container'] + self.create_project_octavia(protocol_type="TERMINATED_HTTPS", + protocol_port="443", + lb_algorithm="ROUND_ROBIN", + vip_subnet_id=subnet_id, + barbican_container=barbican_container, + barbican=True, pool_protocol='HTTPS') + self.check_project_lbaas() + + @decorators.attr(type='nsxv3') + @decorators.idempotent_id('c5ac8546-6867-4b7a-8704-3844b11b1a34') + def test_create_verify_octavia_lb_with_vip_net_id_LC_hm_ping(self): + """ + This testcase creates an octavia Loadbalancer with vip-net-ip + option, and verifies the traffic on the loadbalancer vip + """ + diction = self.deploy_octavia_topology() + self.start_web_servers(constants.HTTP_PORT) + net_id = diction['network']['id'] + self.create_project_octavia(protocol_type="HTTP", protocol_port="80", + lb_algorithm="LEAST_CONNECTIONS", + vip_net_id=net_id, hm_type='PING', + timeout=self.hm_timeout, + max_retries=self.hm_max_retries, + delay=self.hm_delay) + self.check_project_lbaas() + + @decorators.attr(type='nsxv3') + @decorators.idempotent_id('c5ac8546-6867-4b7a-8704-3844b11b1a34') + def test_create_verify_octavia_lb_with_vip_net_id_LC_hm_ping_https(self): + """ + This testcase creates an octavia Loadbalancer with vip-net-ip + option, and verifies the traffic on the loadbalancer vip + """ + diction = self.deploy_octavia_topology() + self.start_web_servers(constants.HTTP_PORT) + net_id = diction['network']['id'] + self.create_project_octavia(protocol_type="HTTPS", protocol_port="443", + lb_algorithm="LEAST_CONNECTIONS", + vip_net_id=net_id, hm_type='PING', + timeout=self.hm_timeout, + max_retries=self.hm_max_retries, + delay=self.hm_delay) + self.check_project_lbaas() + + @decorators.attr(type='nsxv3') + @decorators.idempotent_id('c5ac8546-6867-4b7a-8704-3844b11b1a34') + def test_create_verify_octavia_lb_with_vip_net_id_RR_hm_ping(self): + """ + This testcase creates an octavia Loadbalancer with vip-net-ip + option, and verifies the traffic on the loadbalancer vip + """ + diction = self.deploy_octavia_topology() + self.start_web_servers(constants.HTTP_PORT) + net_id = diction['network']['id'] + self.create_project_octavia(protocol_type="HTTP", protocol_port="80", + lb_algorithm="ROUND_ROBIN", + vip_net_id=net_id, hm_type='PING', + timeout=self.hm_timeout, + max_retries=self.hm_max_retries, + delay=self.hm_delay) + self.check_project_lbaas() + + @decorators.attr(type='nsxv3') + @decorators.idempotent_id('c5ac8546-6867-4b7a-8704-3844b11b1a34') + def test_create_verify_octavia_lb_with_vip_net_id_SOURCE_IP_hm_ping(self): + """ + This testcase creates an octavia Loadbalancer with vip-net-ip + option, and verifies the traffic on the loadbalancer vip + """ + diction = self.deploy_octavia_topology() + self.start_web_servers(constants.HTTP_PORT) + net_id = diction['network']['id'] + self.create_project_octavia(protocol_type="HTTP", protocol_port="80", + lb_algorithm="ROUND_ROBIN", + vip_net_id=net_id, hm_type='PING', + timeout=self.hm_timeout, + max_retries=self.hm_max_retries, + delay=self.hm_delay) + self.check_project_lbaas()