Remove vmware_nsx_tempest

This now existsin the vmware_nsx_tempest_plugin

Change-Id: I76e5856deeeb06b87675314635d06aa0291143eb
Depends-On: I804c3fd1e0c9cbeb454677e7951072ad74391fec
This commit is contained in:
Gary Kotton 2017-07-28 15:01:01 +03:00 committed by garyk
parent 02c28ee5ea
commit 508c6262a2
143 changed files with 0 additions and 30124 deletions

View File

@ -21,8 +21,6 @@ classifier =
[files]
packages =
vmware_nsx
vmware_nsx_tempest
[entry_points]
console_scripts =
neutron-check-nsx-config = vmware_nsx.check_nsx_config:main
@ -53,8 +51,6 @@ vmware_nsx.neutron.nsxv.router_type_drivers =
shared = vmware_nsx.plugins.nsx_v.drivers.shared_router_driver:RouterSharedDriver
distributed = vmware_nsx.plugins.nsx_v.drivers.distributed_router_driver:RouterDistributedDriver
exclusive = vmware_nsx.plugins.nsx_v.drivers.exclusive_router_driver:RouterExclusiveDriver
tempest.test_plugins =
vmware-nsx-tempest-plugin = vmware_nsx_tempest.plugin:VMwareNsxTempestPlugin
oslo.config.opts =
nsx = vmware_nsx.opts:list_opts
networking_sfc.flowclassifier.drivers =

View File

@ -59,23 +59,10 @@ check_identical_policy_files () {
fi
}
check_no_duplicate_api_test_idempotent_ids() {
# For API tests, an idempotent ID is assigned to each single API test,
# those IDs should be unique
output=$(check-uuid --package vmware_nsx_tempest)
if [ "$?" -ne 0 ]; then
echo "There are duplicate idempotent ids in the API tests" >>$FAILURES
echo "please, assign unique uuids to each API test:" >>$FAILURES
echo "$output" >>$FAILURES
fi
}
# Add your checks here...
check_no_symlinks_allowed
check_pot_files_errors
#check_identical_policy_files
# Remove the comment below when we figure out how to consume pyshark
#check_no_duplicate_api_test_idempotent_ids
# Fail, if there are emitted failures
if [ -f $FAILURES ]; then

View File

@ -106,7 +106,6 @@ import-order-style = pep8
[hacking]
import_exceptions = vmware_nsx._i18n,
vmware_nsx_tempest._i18n
local-check-factory = neutron_lib.hacking.checks.factory
[testenv:genconfig]

View File

@ -1,92 +0,0 @@
Welcome!
========
vmware_nsx_tempest is a plugin module to openstack tempest project.
If you are not familiar with tempest, please refer to::
https://docs.openstack.org/developer/tempest
It is implemented with tempest external plugin.
The official design sepcification is at::
https://review.openstack.org/#/c/184992/
Overview
========
vmware_nsx_tempest hosts vmware_nsx's functional api and scenario tests.
All vmware_nsx_tempest tests are in "master" branch. For this reason,
it is recommended to have your own developer version of vmware-nsx repo
installed outside the devstack folder, /opt/stack/.
For example at /opt/devtest folder. In doing so, you can install
editable vmware-nsx repo under tempest VENV environemnt.
Installation:
-------------
#. On your own development folder, for example /opt/devtest/,
install your own tempest development env at /opt/devtest/os-tempest/::
$ cd /opt/devtest
$ git clone https://github.com/openstack/tempest os-tempest
#. Install virtualenv with the following command::
$ cd /opt/devtest/os-tempest
$ ./run_tempest.sh -u not_exist_tests
#. Install vmware-nsx master branch at /opt/devtest/vmware-nsx::
$ cd /opt/devtest
$ git clone https://github.com/openstack/vmware-nsx
#. Install vmware_nsx_tempest in your tempest development environment::
$ cd /opt/devtest/os-tempest
$ source .venv/bin/activate
$ pip install -e /opt/devtest/vmware-nsx/
Run command::
$ pip show vmware-nsx
You should observe the following statements::
Location: /opt/devtest/vmware-nsx
and under section of Entry-points::
[tempest.test_plugins]
vmware-nsx-tempest-plugin = vmware_nsx_tempest.plugin:VMwareNsxTempestPlugin
#. Validate installed vmware_nsx_tempest successfully do::
$ cd /opt/devtest/os-tempest
$ tools/with_venv.sh testr list-tests vmware_nsx_tempest.*l2_gateway
Your installation failed, if no tests are shown.
Execution:
----------
vmware_nsx_tempest tests are tempest tests, you need to
run from tempest directory. For example, to run only l2-gateway tests::
$ cd /opt/devtest/os-tempest
$ ./run_tempest.sh -t vmware_nsx_tempest.*test_l2_gateway
$ ./run_tempest.sh -d vmware_nsx_tempest.tests.nsxv.api.test_l2_gateway_connection.L2GatewayConnectionTest.test_csuld_single_device_interface_vlan
TechNote on vmware_nsx_tempest:
-------------------------------
vmware_nsx_tempest is a plugin to tempest, not neutron, nor vmware_nsx.
It is defined by tempest.test_plugins.
Modules within vmware_nsx_tempest can not see resources defined
by vmware_nsx. Commands like following are not acceptable, unless
vmware_nsx is installed in your tempest environment::
import vmware_nsx.shell.admin.plugins.common.utils as admin_utils

View File

@ -1,32 +0,0 @@
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import oslo_i18n
DOMAIN = "vmware-nsx-tempest"
_translators = oslo_i18n.TranslatorFactory(domain=DOMAIN)
# The primary translation function using the well-known name "_"
_ = _translators.primary
# The contextual translation function using the name "_C"
_C = _translators.contextual_form
# The plural translation function using the name "_P"
_P = _translators.plural_form
def get_available_languages():
return oslo_i18n.get_available_languages(DOMAIN)

View File

@ -1,61 +0,0 @@
# Copyright 2017 VMware, Inc.
# All Rights Reserved
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from oslo_log import log
LOG = log.getLogger(__name__)
# General constants.
ONE_SEC = 1
# L2GW constants.
L2GW = "l2_gateway"
L2GWS = L2GW + "s"
L2_GWS_BASE_URI = "/l2-gateways"
EXPECTED_HTTP_RESPONSE_200 = "200"
EXPECTED_HTTP_RESPONSE_201 = "201"
EXPECTED_HTTP_RESPONSE_204 = "204"
L2GWC = "l2_gateway_connection"
# MAC Learning constants
MAC_SW_PROFILE = "MacManagementSwitchingProfile"
PORT_SEC_PROFILE = "SpoofGuardSwitchingProfile"
SEC_GRPS_PROFILE = "SwitchSecuritySwitchingProfile"
# NSXV3 MDProxy constants.
MD_ERROR_CODE_WHEN_LS_BOUNDED = "10026"
INTERVAL_BETWEEN_EXEC_RETRY_ON_SSH = 5
MAX_NO_OF_TIMES_EXECUTION_OVER_SSH = 30
MD_BASE_URL = "http://169.254.169.254/"
# NSXV3 Port Security constants.
NSX_BACKEND_TIME_INTERVAL = 30
NSX_BACKEND_SMALL_TIME_INTERVAL = 10
NSX_BACKEND_VERY_SMALL_TIME_INTERVAL = 5
# DFW
NSX_FIREWALL_REALIZED_TIMEOUT = 120
# FWaaS
NO_OF_ENTRIES = 20
EXCLUSIVE_ROUTER = 'exclusive'
DISTRIBUTED_ROUTER = 'distributed'
TCP_PROTOCOL = 'tcp'
ICMP_PROTOCOL = 'icmp'
# NSXV3 Firewall
NSX_FIREWALL_REALIZED_DELAY = 2
APPLIANCE_NAME_STARTS_WITH = "vmw_"

View File

@ -1,199 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from oslo_config import cfg
from tempest import config
service_option = cfg.BoolOpt("vmware_nsx",
default=True,
help="Whether or not vmware_nsx is expected to be"
" available")
scenario_group = config.scenario_group
ScenarioGroup = [
cfg.FloatOpt('waitfor_disassoc',
default=15.0,
help="Wait for seconds after disassociation."),
cfg.FloatOpt('waitfor_assoc',
default=5.0,
help="Waitfor seconds after association."),
cfg.FloatOpt('waitfor_connectivity',
default=120.0,
help="Wait for seconds to become connected."),
cfg.ListOpt('outside_world_servers',
default=["8.8.8.8", "8.8.4.4"],
help="List of servers reside outside of openstack env."
" which is used to test default gateway behavior"
" when VMs are under logical routers,"
" & DNS are local to provider's settings."),
cfg.DictOpt('flat_alloc_pool_dict',
default={},
help="Define flat network ip range."
" required attributes are gateway, start, end"
" and cidr. Example value: gateway:10.1.1.253,"
" start:10.1.1.30,end:10.1.1.49,cidr=10.1.1.0/24"),
cfg.DictOpt('xnet_multiple_subnets_dict',
default={},
help="External network with multiple subnets."
" The primary subnet ip-range will be shrinked,"
" This is for the 2nd subnet, required attrs:"
" start:10.1.1.31,end:10.1.1.33,cidr=10.1.2.0/24"
" AND limit to only 3 ip addresses defined."),
]
network_group = config.network_group
NetworkGroup = [
cfg.StrOpt('l2gw_switch',
default='',
help="Distributed Virtual Portgroup to create VLAN port."),
cfg.DictOpt('l2gw_switch_dict',
default={},
help="dict version of l2gw_switch:"
"device_name:,interfaces:,segmentation_id:,"),
cfg.StrOpt('dns_search_domain',
default='vmware.com',
help="a valid domain that contains host defined at"
" attribute host_in_search_domain"),
cfg.StrOpt('host_in_search_domain',
default='mail',
help="host exists in dns_search_domain"),
cfg.StrOpt('public_network_cidr',
default='',
help="Public network cidr which provides external network"
" connectivity"),
cfg.StrOpt('backend',
default='nsxv',
help="NSX backend, valid values are nsxv|nsxv3"),
]
nsxv_group = cfg.OptGroup(name='nsxv',
title="NSX-v Configuration Options")
NSXvGroup = [
cfg.StrOpt('manager_uri',
default='https://10.0.0.10',
help="NSX-v manager ip address"),
cfg.StrOpt('user',
default='admin',
help="NSX-v manager username"),
cfg.StrOpt('password',
default='default',
help="NSX-v manager password"),
cfg.StrOpt('vdn_scope_id',
default='vdnscope-1',
help="NSX-v vdn scope id"),
cfg.IntOpt('max_mtz',
default=3,
help="Max Multiple Transport Zones used for testing."),
cfg.DictOpt('flat_alloc_pool_dict',
default={},
help=" Define flat network ip range."
" required attributes are gateway, start, end"
" and cidr. Example value: gateway:10.1.1.253,"
" start:10.1.1.30,end:10.1.1.49,cidr=10.1.1.0/24"),
cfg.StrOpt('vlan_physical_network',
default='',
help="physval_network to create vlan."),
cfg.IntOpt('provider_vlan_id',
default=888,
help="The default vlan_id for admin vlan."),
cfg.IntOpt('create_router_http_timeout',
default=900,
help="Specific for router_size tests. This value defines"
" how long http.request should retry."),
cfg.BoolOpt('no_router_type',
default=False,
help="router_type is NSXv extension."
"Set it to True allow tests to remove this attribute"
" when creating router."),
cfg.ListOpt('bugs_to_resolve',
default=[],
help="Bugs to be resolved. Define this at tempest.conf and"
" test case testtools.skipIf(condition, reasons) to"
" skip test cannot be run at specific plugin env."),
cfg.StrOpt('default_policy_id',
default='',
help="NSX security-policy ID used to create all tenants"
" default security-group-policy."
" This must be the same as the one at vmware/nsx.ini"),
cfg.StrOpt('alt_policy_id',
default='',
help="NSX security-policy ID used to create the 2nd"
" security-group-policy, and != default_policy_id."),
cfg.BoolOpt('allow_tenant_rules_with_policy',
default=False,
help="Default=False; a tenant cannot create security-group."
" If True, tenant can create non-policy security-group."
" Sync this value with nsx.ini file."),
]
l2gw_group = cfg.OptGroup(name='l2gw',
title="l2-gateway Configuration Options")
L2gwGroup = [
cfg.DictOpt('vlan_subnet_ipv4_dict',
default={},
help="Tenant's VLAN subnet cdir to connect to l2gw/VXLAN."
" Example: cidr=192.168.99.0/24,start:192.168.99.41"
" ,end:192.168.99.50,gateway=192.168.99.253"),
cfg.StrOpt('device_one_vlan',
default="",
help="l2g2 device with one VLAN"
" l2gw-1::dvportgroup-14420|3845"),
cfg.StrOpt('device_multiple_vlans',
default="",
help="l2gw device with multiple VLANs"
" l2gw-x::dvportgroup-14429|3880#3381#3382"),
cfg.StrOpt('multiple_interfaces_multiple_vlans',
default="",
help="l2gw multiple devices, interface has multiple VLANs"
" m-ifs::dvportgroup-144|138#246;dvportgroup-155|339"),
cfg.StrOpt('vlan_1',
default="16",
help="VLAN id"),
cfg.StrOpt('vlan_2',
default="17",
help="VLAN id"),
cfg.StrOpt("subnet_1_cidr",
default="192.168.1.0/24",
help="Subnet 1 network cidr."
"Example: 1.1.1.0/24"),
cfg.StrOpt('vm_on_vds_tz1_vlan16_ip',
default="192.168.1.203",
help="IPv4 IP address of VM3"),
cfg.StrOpt('vm_on_switch_vlan16',
default="192.168.1.204",
help="IPv4 IP address of VM4"),
cfg.StrOpt('vm_on_vds_tz2_vlan16_ip',
default="192.168.1.205",
help="IPv4 IP address of VM5"),
cfg.StrOpt('vm_on_vds_tz2_vlan17_ip',
default="192.168.1.206",
help="IPv4 IP address of VM6"),
]
nsxv3_group = cfg.OptGroup(name='nsxv3',
title="NSXv3 Configuration Options")
NSXv3Group = [
cfg.StrOpt('nsx_manager',
default='',
help="NSX manager IP address"),
cfg.StrOpt('nsx_user',
default='admin',
help="NSX manager username"),
cfg.StrOpt('nsx_password',
default='default',
help="NSX manager password"),
cfg.BoolOpt('native_dhcp_metadata',
default=False,
help="Enable or disable Native DHCP and MDProxy for nsxv3"),
]

View File

@ -1,90 +0,0 @@
Admin Policy
============
Admin policy, neutron extension secuirty-group-policy provides organization
to enforce traffic forwarding utilizing NSX security policy.
The "Admin Policy" feature is admin priviledge, normal project/tenant is not
able to create security-group-policy.
This feature can be enabled from devstack or manually.
Enable security-group-policy extention at bring up devstack
===========================================================
You can enable security-group-policy when starting up devstack.
However, if the policy-id does not exist, starting will fail.
To enable it, add the following tokens to local.conf:
NSXV_USE_NSX_POLICIES=True
NSXV_DEFAULT_POLICY_ID=policy-11
NSXV_ALLOW_TENANT_RULES_WITH_POLICY=True
Change values according to your needs though.
Enable security-group-policy extention manually
===============================================
Instruction is from the view of devstack
#. Add following items to /etc/neutron/policy.json::
"create_security_group:logging": "rule:admin_only",
"update_security_group:logging": "rule:admin_only",
"get_security_group:logging": "rule:admin_only",
"create_security_group:provider": "rule:admin_only",
"create_port:provider_security_groups": "rule:admin_only",
"create_security_group:policy": "rule:admin_only",
"update_security_group:policy": "rule:admin_only",
#. Add following key=value pair to session [nsxv] of /etc/neutron/plugin/vmware/nsx.ini::
use_nsx_policies = True
default_policy_id = policy-11
allow_tenant_rules_with_policy = False
# NOTE: For automation, set allow_tenant_rules_with_policy to True
tempest.conf
============
At session [nsxv] add the following 3 key=value pair:
default_policy_id = policy-11
alt_policy_id = policy-22
allow_tenant_rules_with_policy = False
# NOTE: default_policy_id and allow_tenant_rules_with_policy need to match nsx.ini
default_policy_id and alt_policy_id:
For API tests, both must exist at NSX.
For scenario tests, please refer to nsxv/scenario/test_admin_policy_basic_ops.py
In short::
policy-11 (policy-AA at script & test-plan) firewall rules::
action-1: dhcp-in/any/policy-security-groups/dhcp/Allow
action-2: dhcp-out/policy-security-groups/dhcp/Allow
action-3: ping-in/any/policy-security-groups/ICMP/Allow
action-4: ping-out/policy-security-groups/any/ICMP/Allow/
action-5: ssh-in/any/policy-security-groups/SSH/Allow/
action-6: ssh-in/any/policy-security-groups/SSH/Allow/
action-7: http-ok/any/policy-security-groups/HTTP,HTTPS/Allow/
action-8: sorry-nothing-allowed/any/policy-security-groups/Any/Reject
You can import policy-AA to NSX using the admin-policy-AA.blueprint
policy-22 (policy-BB at script & test-plan) firewall rules::
action-1: dhcp-in/any/policy-security-groups/dhcp/Allow
action-2: dhcp-out/policy-security-groups/dhcp/Allow
action-3: group-ping/policy-security-groups/policy-security-groups/ICMP/Allow/
action-4: ssh-in/any/policy-security-groups/SSH/Allow/
action-5: ssh-in/any/policy-security-groups/SSH/Allow/
action-6: http-ok/any/policy-security-groups/HTTP,HTTPS/Allow/
pction-7: sorry-nothing-allowed/any/policy-security-groups/Any/Reject
NOTE on ping: same as policy-11 but only allowed from policy-security-groups
You can import policy-BB to NSX using the admin-policy-BB.blueprint

View File

@ -1,74 +0,0 @@
Overview
========
This document describes what LBaaS tests are not supported at different
NSX plugin's and backends.
NOTE::
All LBaaS API & Scenario tests should PASS with exceptions
due to NSX plugins and features supported by backend.
For how tests can be skipped for specific plugin and backend,
please refer to paragraph "Config for Test Execution".
NOTE::
We no longer support LBaaS v1. So this document and LBaaS tests
only applys to releases from Mitaka/Marvin or later.
Limitation:
-----------
NSX-v with VMware LBaaS driver::
#. LBaaS networks need to attach to exclusive router
#. One tenant per subnet
#. L7 switching not supported
NSX-v3 with Octavia driver::
#. upstream implemenation - all tests should PASS.
#. scenario tests take long time, it might fail with fixture timeout.
Config for Test execution:
--------------------------
Following configuration attributes used to controll test execution::
#. no_router_type at group/session nsxv
Default is False, and is used to run LBaaS tests in NSX-v environment.
To run in NSX-t environment, set it to True
#. bugs_to_resolve at group/session nsxv
For test to skip if bug-ID presented in this attribute.
The test will use testtools.skipIf(condition, reason) to skip if its ID in the bugs_to_resolve list.
local.conf:
----------
NSX-v::
[nsxv]
no_router_type=False
bugs_to_resolve=1641902,1715126,1703396,1739510
NSX-v3::
[compute]
build_timeout=900
build_interval=2
[nsxv]
no_router_type=True
Execution:
----------
#. Use testr list-tests command to generate test suite for run API and Scenario tests::
tools/with_venv.sh testr list-tests nsxv.api.lbaas
tools/with_venv.sh testr list-tests nsxv.scenarion.test_lbaas
#. l7 switching tests take long time to complete. If got fixture timeout, do::
OS_TEST_TIMEOUT=2400 ./run_tempest.sh -t test_lbaas_l7_switching_ops

View File

@ -1,341 +0,0 @@
<securityPolicyHierarchy>
<name>admin-policy-AA</name>
<description>8 firewall rules - ping, ssh from anywhere are OK</description>
<securityPolicy>
<revision>0</revision>
<name>security-policy-AA</name>
<description>Security Policy AA</description>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<inheritanceAllowed>false</inheritanceAllowed>
<precedence>5500</precedence>
<actionsByCategory>
<category>firewall</category>
<action class="firewallSecurityAction">
<revision>0</revision>
<name>dhcp-in</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<category>firewall</category>
<executionOrder>1</executionOrder>
<isEnabled>true</isEnabled>
<isActionEnforced>false</isActionEnforced>
<invalidSecondaryContainers>false</invalidSecondaryContainers>
<applications>
<application>
<revision>0</revision>
<name>DHCP-Client</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<inheritanceAllowed>true</inheritanceAllowed>
<element>
<applicationProtocol>UDP</applicationProtocol>
<value>68</value>
</element>
</application>
<application>
<revision>0</revision>
<name>DHCP-Server</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<inheritanceAllowed>true</inheritanceAllowed>
<element>
<applicationProtocol>UDP</applicationProtocol>
<value>67</value>
</element>
</application>
</applications>
<invalidApplications>false</invalidApplications>
<logged>false</logged>
<action>allow</action>
<direction>inbound</direction>
<outsideSecondaryContainer>false</outsideSecondaryContainer>
</action>
<action class="firewallSecurityAction">
<revision>0</revision>
<name>dhcp-out</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<category>firewall</category>
<executionOrder>2</executionOrder>
<isEnabled>true</isEnabled>
<isActionEnforced>false</isActionEnforced>
<invalidSecondaryContainers>false</invalidSecondaryContainers>
<applications>
<application>
<revision>0</revision>
<name>DHCP-Client</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<inheritanceAllowed>true</inheritanceAllowed>
<element>
<applicationProtocol>UDP</applicationProtocol>
<value>68</value>
</element>
</application>
<application>
<revision>0</revision>
<name>DHCP-Server</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<inheritanceAllowed>true</inheritanceAllowed>
<element>
<applicationProtocol>UDP</applicationProtocol>
<value>67</value>
</element>
</application>
</applications>
<invalidApplications>false</invalidApplications>
<logged>false</logged>
<action>allow</action>
<direction>outbound</direction>
<outsideSecondaryContainer>false</outsideSecondaryContainer>
</action>
<action class="firewallSecurityAction">
<revision>0</revision>
<name>ping-in</name>
<description>Everyone can ping me</description>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<category>firewall</category>
<executionOrder>3</executionOrder>
<isEnabled>true</isEnabled>
<isActionEnforced>false</isActionEnforced>
<invalidSecondaryContainers>false</invalidSecondaryContainers>
<applications>
<application>
<revision>0</revision>
<name>ICMP Echo</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<inheritanceAllowed>true</inheritanceAllowed>
<element>
<applicationProtocol>ICMP</applicationProtocol>
<value>echo-request</value>
</element>
</application>
<application>
<revision>0</revision>
<name>ICMP Redirect</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<inheritanceAllowed>true</inheritanceAllowed>
<element>
<applicationProtocol>ICMP</applicationProtocol>
<value>redirect</value>
</element>
</application>
<application>
<revision>0</revision>
<name>ICMP Echo Reply</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<inheritanceAllowed>true</inheritanceAllowed>
<element>
<applicationProtocol>ICMP</applicationProtocol>
<value>echo-reply</value>
</element>
</application>
</applications>
<invalidApplications>false</invalidApplications>
<logged>false</logged>
<action>allow</action>
<direction>inbound</direction>
<outsideSecondaryContainer>false</outsideSecondaryContainer>
</action>
<action class="firewallSecurityAction">
<revision>0</revision>
<name>ping-out</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<category>firewall</category>
<executionOrder>4</executionOrder>
<isEnabled>true</isEnabled>
<isActionEnforced>false</isActionEnforced>
<invalidSecondaryContainers>false</invalidSecondaryContainers>
<applications>
<application>
<revision>0</revision>
<name>ICMP Echo</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<inheritanceAllowed>true</inheritanceAllowed>
<element>
<applicationProtocol>ICMP</applicationProtocol>
<value>echo-request</value>
</element>
</application>
<application>
<revision>0</revision>
<name>ICMP Redirect</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<inheritanceAllowed>true</inheritanceAllowed>
<element>
<applicationProtocol>ICMP</applicationProtocol>
<value>redirect</value>
</element>
</application>
<application>
<revision>0</revision>
<name>ICMP Echo Reply</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<inheritanceAllowed>true</inheritanceAllowed>
<element>
<applicationProtocol>ICMP</applicationProtocol>
<value>echo-reply</value>
</element>
</application>
</applications>
<invalidApplications>false</invalidApplications>
<logged>false</logged>
<action>allow</action>
<direction>outbound</direction>
<outsideSecondaryContainer>false</outsideSecondaryContainer>
</action>
<action class="firewallSecurityAction">
<revision>0</revision>
<name>ssh-in-ok</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<category>firewall</category>
<executionOrder>5</executionOrder>
<isEnabled>true</isEnabled>
<isActionEnforced>false</isActionEnforced>
<invalidSecondaryContainers>false</invalidSecondaryContainers>
<applications>
<application>
<revision>0</revision>
<name>SSH</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<inheritanceAllowed>true</inheritanceAllowed>
<element>
<applicationProtocol>TCP</applicationProtocol>
<value>22</value>
</element>
</application>
</applications>
<invalidApplications>false</invalidApplications>
<logged>false</logged>
<action>allow</action>
<direction>inbound</direction>
<outsideSecondaryContainer>false</outsideSecondaryContainer>
</action>
<action class="firewallSecurityAction">
<revision>0</revision>
<name>ssh-out-ok</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<category>firewall</category>
<executionOrder>6</executionOrder>
<isEnabled>true</isEnabled>
<isActionEnforced>false</isActionEnforced>
<invalidSecondaryContainers>false</invalidSecondaryContainers>
<applications>
<application>
<revision>0</revision>
<name>SSH</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<inheritanceAllowed>true</inheritanceAllowed>
<element>
<applicationProtocol>TCP</applicationProtocol>
<value>22</value>
</element>
</application>
</applications>
<invalidApplications>false</invalidApplications>
<logged>false</logged>
<action>allow</action>
<direction>outbound</direction>
<outsideSecondaryContainer>false</outsideSecondaryContainer>
</action>
<action class="firewallSecurityAction">
<revision>0</revision>
<name>HTTP-ok</name>
<description>All can http(s) me</description>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<category>firewall</category>
<executionOrder>7</executionOrder>
<isEnabled>true</isEnabled>
<isActionEnforced>false</isActionEnforced>
<invalidSecondaryContainers>false</invalidSecondaryContainers>
<applications>
<application>
<revision>0</revision>
<name>HTTP</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<inheritanceAllowed>true</inheritanceAllowed>
<element>
<applicationProtocol>TCP</applicationProtocol>
<value>80</value>
</element>
</application>
<application>
<revision>0</revision>
<name>HTTPS</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<inheritanceAllowed>true</inheritanceAllowed>
<element>
<applicationProtocol>TCP</applicationProtocol>
<value>443</value>
</element>
</application>
</applications>
<invalidApplications>false</invalidApplications>
<logged>false</logged>
<action>allow</action>
<direction>inbound</direction>
<outsideSecondaryContainer>false</outsideSecondaryContainer>
</action>
<action class="firewallSecurityAction">
<revision>0</revision>
<name>sorry-nothing-allowed</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<category>firewall</category>
<executionOrder>8</executionOrder>
<isEnabled>true</isEnabled>
<isActionEnforced>false</isActionEnforced>
<invalidSecondaryContainers>false</invalidSecondaryContainers>
<invalidApplications>false</invalidApplications>
<logged>false</logged>
<action>reject</action>
<direction>inbound</direction>
<outsideSecondaryContainer>false</outsideSecondaryContainer>
</action>
</actionsByCategory>
<statusesByCategory>
<category>firewall</category>
<status>in_sync</status>
</statusesByCategory>
</securityPolicy>
</securityPolicyHierarchy>

View File

@ -1,285 +0,0 @@
<securityPolicyHierarchy>
<name>admin-policy-BB</name>
<description>policy-BB, ssh from anywhere are OK, but ping limited to same security-group</description>
<securityPolicy>
<revision>0</revision>
<name>security-policy-BB</name>
<description>Security Policy BB</description>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<inheritanceAllowed>false</inheritanceAllowed>
<precedence>5600</precedence>
<actionsByCategory>
<category>firewall</category>
<action class="firewallSecurityAction">
<revision>0</revision>
<name>dhcp-in</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<category>firewall</category>
<executionOrder>1</executionOrder>
<isEnabled>true</isEnabled>
<isActionEnforced>false</isActionEnforced>
<invalidSecondaryContainers>false</invalidSecondaryContainers>
<applications>
<application>
<revision>0</revision>
<name>DHCP-Client</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<inheritanceAllowed>true</inheritanceAllowed>
<element>
<applicationProtocol>UDP</applicationProtocol>
<value>68</value>
</element>
</application>
<application>
<revision>0</revision>
<name>DHCP-Server</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<inheritanceAllowed>true</inheritanceAllowed>
<element>
<applicationProtocol>UDP</applicationProtocol>
<value>67</value>
</element>
</application>
</applications>
<invalidApplications>false</invalidApplications>
<logged>false</logged>
<action>allow</action>
<direction>inbound</direction>
<outsideSecondaryContainer>false</outsideSecondaryContainer>
</action>
<action class="firewallSecurityAction">
<revision>0</revision>
<name>dhcp-out</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<category>firewall</category>
<executionOrder>2</executionOrder>
<isEnabled>true</isEnabled>
<isActionEnforced>false</isActionEnforced>
<invalidSecondaryContainers>false</invalidSecondaryContainers>
<applications>
<application>
<revision>0</revision>
<name>DHCP-Client</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<inheritanceAllowed>true</inheritanceAllowed>
<element>
<applicationProtocol>UDP</applicationProtocol>
<value>68</value>
</element>
</application>
<application>
<revision>0</revision>
<name>DHCP-Server</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<inheritanceAllowed>true</inheritanceAllowed>
<element>
<applicationProtocol>UDP</applicationProtocol>
<value>67</value>
</element>
</application>
</applications>
<invalidApplications>false</invalidApplications>
<logged>false</logged>
<action>allow</action>
<direction>outbound</direction>
<outsideSecondaryContainer>false</outsideSecondaryContainer>
</action>
<action class="firewallSecurityAction">
<revision>0</revision>
<name>group-ping-ok</name>
<description>icmp only allowed from VM with same security-policy</description>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<category>firewall</category>
<executionOrder>3</executionOrder>
<isEnabled>true</isEnabled>
<isActionEnforced>false</isActionEnforced>
<invalidSecondaryContainers>false</invalidSecondaryContainers>
<applications>
<application>
<revision>0</revision>
<name>ICMP Echo</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<inheritanceAllowed>true</inheritanceAllowed>
<element>
<applicationProtocol>ICMP</applicationProtocol>
<value>echo-request</value>
</element>
</application>
<application>
<revision>0</revision>
<name>ICMP Redirect</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<inheritanceAllowed>true</inheritanceAllowed>
<element>
<applicationProtocol>ICMP</applicationProtocol>
<value>redirect</value>
</element>
</application>
<application>
<revision>0</revision>
<name>ICMP Echo Reply</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<inheritanceAllowed>true</inheritanceAllowed>
<element>
<applicationProtocol>ICMP</applicationProtocol>
<value>echo-reply</value>
</element>
</application>
</applications>
<invalidApplications>false</invalidApplications>
<logged>false</logged>
<action>allow</action>
<direction>intra</direction>
<outsideSecondaryContainer>false</outsideSecondaryContainer>
</action>
<action class="firewallSecurityAction">
<revision>0</revision>
<name>ssh-in-ok</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<category>firewall</category>
<executionOrder>4</executionOrder>
<isEnabled>true</isEnabled>
<isActionEnforced>false</isActionEnforced>
<invalidSecondaryContainers>false</invalidSecondaryContainers>
<applications>
<application>
<revision>0</revision>
<name>SSH</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<inheritanceAllowed>true</inheritanceAllowed>
<element>
<applicationProtocol>TCP</applicationProtocol>
<value>22</value>
</element>
</application>
</applications>
<invalidApplications>false</invalidApplications>
<logged>false</logged>
<action>allow</action>
<direction>inbound</direction>
<outsideSecondaryContainer>false</outsideSecondaryContainer>
</action>
<action class="firewallSecurityAction">
<revision>0</revision>
<name>ssh-out-ok</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<category>firewall</category>
<executionOrder>5</executionOrder>
<isEnabled>true</isEnabled>
<isActionEnforced>false</isActionEnforced>
<invalidSecondaryContainers>false</invalidSecondaryContainers>
<applications>
<application>
<revision>0</revision>
<name>SSH</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<inheritanceAllowed>true</inheritanceAllowed>
<element>
<applicationProtocol>TCP</applicationProtocol>
<value>22</value>
</element>
</application>
</applications>
<invalidApplications>false</invalidApplications>
<logged>false</logged>
<action>allow</action>
<direction>outbound</direction>
<outsideSecondaryContainer>false</outsideSecondaryContainer>
</action>
<action class="firewallSecurityAction">
<revision>0</revision>
<name>group-HTTP</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<category>firewall</category>
<executionOrder>6</executionOrder>
<isEnabled>true</isEnabled>
<isActionEnforced>false</isActionEnforced>
<invalidSecondaryContainers>false</invalidSecondaryContainers>
<applications>
<application>
<revision>0</revision>
<name>HTTP</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<inheritanceAllowed>true</inheritanceAllowed>
<element>
<applicationProtocol>TCP</applicationProtocol>
<value>80</value>
</element>
</application>
<application>
<revision>0</revision>
<name>HTTPS</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<inheritanceAllowed>true</inheritanceAllowed>
<element>
<applicationProtocol>TCP</applicationProtocol>
<value>443</value>
</element>
</application>
</applications>
<invalidApplications>false</invalidApplications>
<logged>false</logged>
<action>allow</action>
<direction>intra</direction>
<outsideSecondaryContainer>false</outsideSecondaryContainer>
</action>
<action class="firewallSecurityAction">
<revision>0</revision>
<name>sorry-nothing-allowed</name>
<clientHandle></clientHandle>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<category>firewall</category>
<executionOrder>7</executionOrder>
<isEnabled>true</isEnabled>
<isActionEnforced>false</isActionEnforced>
<invalidSecondaryContainers>false</invalidSecondaryContainers>
<invalidApplications>false</invalidApplications>
<logged>false</logged>
<action>reject</action>
<direction>inbound</direction>
<outsideSecondaryContainer>false</outsideSecondaryContainer>
</action>
</actionsByCategory>
<statusesByCategory>
<category>firewall</category>
<status>in_sync</status>
</statusesByCategory>
</securityPolicy>
</securityPolicyHierarchy>

View File

@ -1,234 +0,0 @@
# Copyright 2017 VMware Inc
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import collections
import netaddr
from oslo_log import log as logging
from tempest import config
from tempest.lib.common.utils import data_utils
from tempest.lib.common.utils import test_utils
from tempest.lib import exceptions as lib_exc
from vmware_nsx_tempest.common import constants
from vmware_nsx_tempest.tests.scenario import manager
CONF = config.CONF
LOG = logging.getLogger(__name__)
class ApplianceManager(manager.NetworkScenarioTest):
server_details = collections.namedtuple('server_details',
['server', 'floating_ip',
'networks'])
def setUp(self):
super(ApplianceManager, self).setUp()
self.topology_routers = {}
self.topology_networks = {}
self.topology_subnets = {}
self.topology_servers = {}
self.topology_servers_floating_ip = []
self.topology_public_network_id = CONF.network.public_network_id
self.topology_config_drive = CONF.compute_feature_enabled.config_drive
self.topology_keypairs = {}
self.servers_details = {}
def get_internal_ips(self, server, network, device="network"):
internal_ips = [p['fixed_ips'][0]['ip_address'] for p in
self.os_admin.ports_client.list_ports(
tenant_id=server['tenant_id'],
network_id=network['id'])['ports'] if
p['device_owner'].startswith(device)]
return internal_ips
def _verify_empty_security_group_status(self, security_group):
ip_protocols = ["IPV6", "IPV4"]
nsx_fw_section, nsx_fw_section_rules = \
self.nsx_client.get_firewall_section_and_rules(
security_group['name'], security_group['id'])
msg = "Newly created empty security group does not meet criteria !!!"
self.assertEqual(nsx_fw_section["rule_count"], 2, msg)
self.assertEqual(nsx_fw_section_rules[0]["action"], "ALLOW", msg)
self.assertEqual(nsx_fw_section_rules[1]["action"], "ALLOW", msg)
self.assertEqual(nsx_fw_section_rules[0]["direction"], "OUT", msg)
self.assertEqual(nsx_fw_section_rules[1]["direction"], "OUT", msg)
self.assertIn(nsx_fw_section_rules[0]["ip_protocol"], ip_protocols,
msg)
self.assertIn(nsx_fw_section_rules[1]["ip_protocol"], ip_protocols,
msg)
def create_topology_empty_security_group(self, namestart="vmw_"):
security_group = self._create_empty_security_group(namestart=namestart)
self._verify_empty_security_group_status(security_group)
return security_group
def add_security_group_rule(self, security_group, rule):
return self._create_security_group_rule(secgroup=security_group,
**rule)
def get_server_key(self, server):
return self.topology_keypairs[server['key_name']]['private_key']
def create_topology_router(self, router_name, routers_client=None,
**kwargs):
if not routers_client:
routers_client = self.routers_client
router_name_ = constants.APPLIANCE_NAME_STARTS_WITH + router_name
router = self._create_router(namestart=router_name_, **kwargs)
public_network_info = {"external_gateway_info": dict(
network_id=self.topology_public_network_id)}
routers_client.update_router(router['id'], **public_network_info)
self.topology_routers[router_name] = router
return router
def create_topology_network(self, network_name, networks_client=None,
tenant_id=None, port_security_enabled=True, **kwargs):
if not networks_client:
networks_client = self.networks_client
if not tenant_id:
tenant_id = networks_client.tenant_id
network_name_ = constants.APPLIANCE_NAME_STARTS_WITH + network_name
name = data_utils.rand_name(network_name_)
# Neutron disables port security by default so we have to check the
# config before trying to create the network with port_security_enabled
if CONF.network_feature_enabled.port_security:
port_security_enabled = True
result = networks_client.create_network(
name=name, tenant_id=tenant_id,
port_security_enabled=port_security_enabled, **kwargs)
network = result['network']
self.assertEqual(network['name'], name)
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
networks_client.delete_network, network['id'])
self.topology_networks[network_name] = network
return network
def create_topology_subnet(
self, subnet_name, network, routers_client=None,
subnets_client=None, router_id=None, ip_version=4, cidr=None,
mask_bits=None, **kwargs):
subnet_name_ = constants.APPLIANCE_NAME_STARTS_WITH + subnet_name
if not subnets_client:
subnets_client = self.subnets_client
if not routers_client:
routers_client = self.routers_client
def cidr_in_use(cidr, tenant_id):
"""Check cidr existence
:returns: True if subnet with cidr already exist in tenant
False else
"""
cidr_in_use = \
self.os_admin.subnets_client.list_subnets(tenant_id=tenant_id,
cidr=cidr)['subnets']
return len(cidr_in_use) != 0
if ip_version == 6:
tenant_cidr = (cidr or netaddr.IPNetwork(
CONF.network.project_network_v6_cidr))
mask_bits = mask_bits or CONF.network.project_network_v6_mask_bits
else:
tenant_cidr = cidr or netaddr.IPNetwork(
CONF.network.project_network_cidr)
mask_bits = mask_bits or CONF.network.project_network_mask_bits
str_cidr = str(tenant_cidr)
if not cidr:
# Repeatedly attempt subnet creation with sequential cidr
# blocks until an unallocated block is found.
for subnet_cidr in tenant_cidr.subnet(mask_bits):
str_cidr = str(subnet_cidr)
if not cidr_in_use(str_cidr, tenant_id=network['tenant_id']):
break
else:
if cidr_in_use(str_cidr, tenant_id=network['tenant_id']):
LOG.error("Specified subnet %r is in use" % str_cidr)
raise
subnet = dict(name=data_utils.rand_name(subnet_name_),
network_id=network['id'], tenant_id=network['tenant_id'],
cidr=str_cidr, ip_version=ip_version, **kwargs)
try:
result = None
result = subnets_client.create_subnet(**subnet)
except lib_exc.Conflict as e:
is_overlapping_cidr = 'overlaps with another subnet' in str(e)
if not is_overlapping_cidr:
raise
self.assertIsNotNone(result, 'Unable to allocate tenant network')
subnet = result['subnet']
self.assertEqual(subnet['cidr'], str_cidr)
self.addCleanup(test_utils.call_and_ignore_notfound_exc,
subnets_client.delete_subnet, subnet['id'])
self.topology_subnets[subnet_name] = subnet
if router_id:
if not routers_client:
routers_client = self.routers_client
routers_client.add_router_interface(
router_id, subnet_id=subnet["id"])
self.addCleanup(
test_utils.call_and_ignore_notfound_exc,
routers_client.remove_router_interface, router_id,
subnet_id=subnet["id"])
return subnet
def create_topology_security_group(self, **kwargs):
return self._create_security_group(**kwargs)
def create_topology_instance(
self, server_name, networks, security_groups=None,
config_drive=None, keypair=None, image_id=None,
clients=None, create_floating_ip=True, **kwargs):
# Define security group for server.
if security_groups:
kwargs["security_groups"] = security_groups
else:
_sg = self.create_topology_security_group()
_security_groups = [{'name': _sg['name']}]
kwargs["security_groups"] = _security_groups
# Define config drive for server.
if not config_drive:
kwargs["config_drive"] = self.topology_config_drive
else:
kwargs["config_drive"] = config_drive
if not keypair:
keypair = self.create_keypair()
self.topology_keypairs[keypair['name']] = keypair
kwargs["key_name"] = keypair['name']
else:
kwargs["key_name"] = keypair['name']
# Define image id for server.
if image_id:
kwargs["image_id"] = image_id
server_name_ = constants.APPLIANCE_NAME_STARTS_WITH + server_name
# Collect all the networks for server.
networks_ = []
for net in networks:
net_ = {"uuid": net["id"]}
networks_.append(net_)
# Deploy server with all teh args.
server = self.create_server(
name=server_name_, networks=networks_, clients=clients, **kwargs)
if create_floating_ip:
floating_ip = self.create_floating_ip(server)
server["floating_ip"] = floating_ip
self.topology_servers_floating_ip.append(floating_ip)
else:
floating_ip = None
server_details = self.server_details(server=server,
floating_ip=floating_ip,
networks=networks)
self.servers_details[server_name] = server_details
self.topology_servers[server_name] = server
return server

View File

@ -1,172 +0,0 @@
# Copyright 2017 VMware Inc
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from tempest import config
from tempest.lib.common.utils import test_utils
from vmware_nsx_tempest._i18n import _
from vmware_nsx_tempest.common import constants
from vmware_nsx_tempest.lib import traffic_manager
from vmware_nsx_tempest.services import nsx_client
from vmware_nsx_tempest.services import openstack_network_clients
LOG = constants.log.getLogger(__name__)
CONF = config.CONF
# It includes feature related function such CRUD Mdproxy, L2GW or QoS
class FeatureManager(traffic_manager.TrafficManager):
@classmethod
def setup_clients(cls):
"""
Create various client connections. Such as NSXv3 and L2 Gateway.
"""
super(FeatureManager, cls).setup_clients()
try:
manager = getattr(cls.os_admin, "manager", cls.os_admin)
net_client = getattr(manager, "networks_client")
_params = manager.default_params_withy_timeout_values.copy()
except AttributeError as attribute_err:
LOG.warning(
"Failed to locate the attribute, Error: %(err_msg)s",
{"err_msg": attribute_err.__str__()})
_params = {}
cls.l2gw_client = openstack_network_clients.L2GatewayClient(
net_client.auth_provider,
net_client.service,
net_client.region,
net_client.endpoint_type,
**_params)
cls.nsx_client = nsx_client.NSXClient(
CONF.network.backend,
CONF.nsxv3.nsx_manager,
CONF.nsxv3.nsx_user,
CONF.nsxv3.nsx_password)
cls.l2gwc_client = openstack_network_clients.L2GatewayConnectionClient(
net_client.auth_provider,
net_client.service,
net_client.region,
net_client.endpoint_type,
**_params)
#
# L2Gateway base class. To get basics of L2GW.
#
def create_l2gw(self, l2gw_name, l2gw_param):
"""
Creates L2GW and returns the response.
:param l2gw_name: name of the L2GW
:param l2gw_param: L2GW parameters
:return: response of L2GW create API
"""
LOG.info("l2gw name: %(name)s, l2gw_param: %(devices)s ",
{"name": l2gw_name, "devices": l2gw_param})