def test_basic_policy(self):
vn1_name = self.id() + 'vn1'
vn2_name = self.id() + 'vn2'
vn1_obj = VirtualNetwork(vn1_name)
vn2_obj = VirtualNetwork(vn2_name)
np = self.create_network_policy(vn1_obj, vn2_obj)
seq = SequenceType(1, 1)
vnp = VirtualNetworkPolicyType(seq)
vn1_obj.set_network_policy(np, vnp)
vn2_obj.set_network_policy(np, vnp)
self._vnc_lib.virtual_network_create(vn1_obj)
self._vnc_lib.virtual_network_create(vn2_obj)
for obj in [vn1_obj, vn2_obj]:
self.assertTill(self.vnc_db_has_ident, obj=obj)
self.check_ri_ref_present(self.get_ri_name(vn1_obj),
self.get_ri_name(vn2_obj))
self.check_ri_ref_present(self.get_ri_name(vn2_obj),
self.get_ri_name(vn1_obj))
vn1_obj.del_network_policy(np)
vn2_obj.del_network_policy(np)
self._vnc_lib.virtual_network_update(vn1_obj)
self._vnc_lib.virtual_network_update(vn2_obj)
self.check_ri_refs_are_deleted(fq_name=self.get_ri_name(vn2_obj))
self.delete_network_policy(np)
self._vnc_lib.virtual_network_delete(fq_name=vn1_obj.get_fq_name())
self._vnc_lib.virtual_network_delete(fq_name=vn2_obj.get_fq_name())
self.check_vn_is_deleted(uuid=vn1_obj.uuid)
self.check_ri_is_deleted(fq_name=self.get_ri_name(vn2_obj))
def test_context_undo_fail_db_update(self):
project = Project(name='p-{}'.format(self.id()))
self.api.project_create(project)
vn_og = VirtualNetwork(name='og-vn-{}'.format(self.id()),
parent_obj=project)
self.api.virtual_network_create(vn_og)
vmi_obj = VirtualMachineInterface('vmi-{}'.format(self.id()),
parent_obj=project)
vmi_obj.set_virtual_network(vn_og)
self.api.virtual_machine_interface_create(vmi_obj)
vmi_obj = self.api.virtual_machine_interface_read(id=vmi_obj.uuid)
# change virtual network for VMI
vn_next = VirtualNetwork(name='next-vn-{}'.format(self.id()),
parent_obj=project)
vn_next.uuid = self.api.virtual_network_create(vn_next)
vmi_obj.set_virtual_network(vn_next)
def stub(*args, **kwargs):
return False, (500, "Fake error")
with ExpectedException(HttpError):
with test_common.flexmocks([(self._api_server._db_conn,
'dbe_update', stub)]):
self.api.virtual_machine_interface_update(vmi_obj)
vmi_obj = self.api.virtual_machine_interface_read(id=vmi_obj.uuid)
vn_ref_fq_names = [n['to'] for n in vmi_obj.get_virtual_network_refs()]
self.assertEqual(len(vn_ref_fq_names), 1)
self.assertEqual(vn_ref_fq_names[0], vn_og.get_fq_name())
def test_resources_exists(self):
api = VncApiMock(
self.args.auth_user,
self.args.auth_password,
self.args.auth_tenant,
self.args.vnc_endpoint_ip,
self.args.vnc_endpoint_port,
self.args.auth_token_url
)
domain_fq_name = ['default-domain']
domain = api.domain_read(fq_name=domain_fq_name)
proj_uuid = api.project_create(Project("default", parent_obj=domain))
proj = api.project_read(id=proj_uuid)
# Create cluster-default-pod-network
ipam_uuid = api.network_ipam_create(NetworkIpam("pod-ipam", proj))
ipam = api.network_ipam_read(id=ipam_uuid)
net = VirtualNetwork("cluster-default-pod-network", proj)
# No subnets are associated with IPAM at this point.
# Subnets will be updated in the IPAM, when cluster is created.
net.add_network_ipam(ipam, VnSubnetsType([]))
api.virtual_network_create(net)
# Create cluster-default-service-network
ipam_uuid = api.network_ipam_create(NetworkIpam("service-ipam", proj))
ipam = api.network_ipam_read(id=ipam_uuid)
net = VirtualNetwork("cluster-default-service-network", proj)
# No subnets are associated with IPAM at this point.
# Subnets will be updated in the IPAM, when cluster is created.
net.add_network_ipam(ipam, VnSubnetsType([]))
api.virtual_network_create(net)
vnc_kubernetes.VncKubernetes(self.args, Mock())
def test_multiple_policy(self):
vn1_name = self.id() + 'vn1'
vn2_name = self.id() + 'vn2'
vn1_obj = VirtualNetwork(vn1_name)
vn2_obj = VirtualNetwork(vn2_name)
np1 = self.create_network_policy(vn1_obj, vn2_obj)
np2 = self.create_network_policy(vn2_obj, vn1_obj)
seq = SequenceType(1, 1)
vnp = VirtualNetworkPolicyType(seq)
vn1_obj.set_network_policy(np1, vnp)
vn2_obj.set_network_policy(np2, vnp)
self._vnc_lib.virtual_network_create(vn1_obj)
self._vnc_lib.virtual_network_create(vn2_obj)
self.check_ri_ref_present(self.get_ri_name(vn1_obj),
self.get_ri_name(vn2_obj))
self.check_ri_ref_present(self.get_ri_name(vn2_obj),
self.get_ri_name(vn1_obj))
np1.network_policy_entries.policy_rule[
0].action_list.simple_action = 'deny'
np1.set_network_policy_entries(np1.network_policy_entries)
self._vnc_lib.network_policy_update(np1)
expr = (
"('contrail:connection contrail:routing-instance:%s' in FakeIfmapClient._graph['8443']['contrail:routing-instance:%s']['links'])"
% (':'.join(self.get_ri_name(vn2_obj)), ':'.join(
self.get_ri_name(vn1_obj))))
self.assertTill(expr)
np1.network_policy_entries.policy_rule[
0].action_list.simple_action = 'pass'
np1.set_network_policy_entries(np1.network_policy_entries)
self._vnc_lib.network_policy_update(np1)
np2.network_policy_entries.policy_rule[
0].action_list.simple_action = 'deny'
np2.set_network_policy_entries(np2.network_policy_entries)
self._vnc_lib.network_policy_update(np2)
expr = (
"('contrail:connection contrail:routing-instance:%s' in FakeIfmapClient._graph['8443']['contrail:routing-instance:%s']['links'])"
% (':'.join(self.get_ri_name(vn1_obj)), ':'.join(
self.get_ri_name(vn2_obj))))
self.assertTill(expr)
vn1_obj.del_network_policy(np1)
vn2_obj.del_network_policy(np2)
self._vnc_lib.virtual_network_update(vn1_obj)
self._vnc_lib.virtual_network_update(vn2_obj)
self.check_ri_refs_are_deleted(fq_name=self.get_ri_name(vn2_obj))
self.delete_network_policy(np1)
self.delete_network_policy(np2)
self._vnc_lib.virtual_network_delete(fq_name=vn1_obj.get_fq_name())
self._vnc_lib.virtual_network_delete(fq_name=vn2_obj.get_fq_name())
self.check_vn_is_deleted(uuid=vn1_obj.uuid)
def test_multiple_policy(self):
vn1_name = self.id() + 'vn1'
vn2_name = self.id() + 'vn2'
vn1_obj = VirtualNetwork(vn1_name)
vn2_obj = VirtualNetwork(vn2_name)
np1 = self.create_network_policy(vn1_obj, vn2_obj)
np2 = self.create_network_policy(vn2_obj, vn1_obj)
seq = SequenceType(1, 1)
vnp = VirtualNetworkPolicyType(seq)
vn1_obj.set_network_policy(np1, vnp)
vn2_obj.set_network_policy(np2, vnp)
self._vnc_lib.virtual_network_create(vn1_obj)
self._vnc_lib.virtual_network_create(vn2_obj)
self.check_ri_ref_present(self.get_ri_name(vn1_obj),
self.get_ri_name(vn2_obj))
self.check_ri_ref_present(self.get_ri_name(vn2_obj),
self.get_ri_name(vn1_obj))
np1.network_policy_entries.policy_rule[
0].action_list.simple_action = 'deny'
np1.set_network_policy_entries(np1.network_policy_entries)
self._vnc_lib.network_policy_update(np1)
self.assertTill(
self.ifmap_ident_has_link,
type_fq_name=('routing-instance', self.get_ri_name(vn1_obj)),
link_name='contrail:connection contrail:routing-instance:%s' %
':'.join(self.get_ri_name(vn2_obj)))
np1.network_policy_entries.policy_rule[
0].action_list.simple_action = 'pass'
np1.set_network_policy_entries(np1.network_policy_entries)
self._vnc_lib.network_policy_update(np1)
np2.network_policy_entries.policy_rule[
0].action_list.simple_action = 'deny'
np2.set_network_policy_entries(np2.network_policy_entries)
self._vnc_lib.network_policy_update(np2)
self.assertTill(
self.ifmap_ident_has_link,
type_fq_name=('routing-instance', self.get_ri_name(vn2_obj)),
link_name='contrail:connection contrail:routing-instance:%s' %
':'.join(self.get_ri_name(vn1_obj)))
vn1_obj.del_network_policy(np1)
vn2_obj.del_network_policy(np2)
self._vnc_lib.virtual_network_update(vn1_obj)
self._vnc_lib.virtual_network_update(vn2_obj)
self.check_ri_refs_are_deleted(fq_name=self.get_ri_name(vn2_obj))
self.delete_network_policy(np1)
self.delete_network_policy(np2)
self._vnc_lib.virtual_network_delete(fq_name=vn1_obj.get_fq_name())
self._vnc_lib.virtual_network_delete(fq_name=vn2_obj.get_fq_name())
self.check_vn_is_deleted(uuid=vn1_obj.uuid)
def _validate_untagged_vmis(self, fabric_obj, proj_obj, pi_obj):
fabric_name = fabric_obj.get_fq_name()
pi_fq_name = pi_obj.get_fq_name()
vn1 = VirtualNetwork('vn1-%s' % (self.id()), parent_obj=proj_obj)
self.api.virtual_network_create(vn1)
vn2 = VirtualNetwork('vn2-%s' % (self.id()), parent_obj=proj_obj)
self.api.virtual_network_create(vn2)
# Create VPG
vpg_name = "vpg-1"
vpg = VirtualPortGroup(vpg_name, parent_obj=fabric_obj)
vpg_uuid = self.api.virtual_port_group_create(vpg)
vpg_obj = self._vnc_lib.virtual_port_group_read(id=vpg_uuid)
vpg_name = vpg_obj.get_fq_name()
# If tor_port_vlan_id is set, then it signifies a untagged VMI
# Create first untagged VMI and attach it to Virtual Port Group
vmi_obj = VirtualMachineInterface(self.id() + "1",
parent_obj=proj_obj)
vmi_obj.set_virtual_network(vn1)
# Create KV_Pairs for this VMI
kv_pairs = self._create_kv_pairs(pi_fq_name,
fabric_name,
vpg_name,
tor_port_vlan_id='4094')
vmi_obj.set_virtual_machine_interface_bindings(kv_pairs)
vmi_uuid_1 = self.api.virtual_machine_interface_create(vmi_obj)
vpg_obj.add_virtual_machine_interface(vmi_obj)
self.api.virtual_port_group_update(vpg_obj)
# Now, try to create the second untagged VMI.
# This should fail as there can be only one untagged VMI in a VPG
vmi_obj_2 = VirtualMachineInterface(self.id() + "2",
parent_obj=proj_obj)
vmi_obj_2.set_virtual_network(vn2)
# Create KV_Pairs for this VMI
kv_pairs = self._create_kv_pairs(pi_fq_name,
fabric_name,
vpg_name,
tor_port_vlan_id='4092')
vmi_obj_2.set_virtual_machine_interface_bindings(kv_pairs)
with ExpectedException(BadRequest):
self.api.virtual_machine_interface_create(vmi_obj_2)
self.api.virtual_machine_interface_delete(id=vmi_uuid_1)
self.api.virtual_port_group_delete(id=vpg_obj.uuid)
def test_multiple_policy(self):
vn1_name = self.id() + 'vn1'
vn2_name = self.id() + 'vn2'
vn1_obj = VirtualNetwork(vn1_name)
vn2_obj = VirtualNetwork(vn2_name)
np1 = self.create_network_policy(vn1_obj, vn2_obj)
np2 = self.create_network_policy(vn2_obj, vn1_obj)
seq = SequenceType(1, 1)
vnp = VirtualNetworkPolicyType(seq)
vn1_obj.set_network_policy(np1, vnp)
vn2_obj.set_network_policy(np2, vnp)
self._vnc_lib.virtual_network_create(vn1_obj)
self._vnc_lib.virtual_network_create(vn2_obj)
self.check_ri_ref_present(self.get_ri_name(vn1_obj),
self.get_ri_name(vn2_obj))
self.check_ri_ref_present(self.get_ri_name(vn2_obj),
self.get_ri_name(vn1_obj))
np1.network_policy_entries.policy_rule[0].action_list.simple_action = \
'deny'
np1.set_network_policy_entries(np1.network_policy_entries)
self._vnc_lib.network_policy_update(np1)
self.check_ri_refs_are_deleted(fq_name=self.get_ri_name(vn2_obj))
np1.network_policy_entries.policy_rule[0].action_list.simple_action = \
'pass'
np1.set_network_policy_entries(np1.network_policy_entries)
self._vnc_lib.network_policy_update(np1)
self.check_ri_ref_present(self.get_ri_name(vn1_obj),
self.get_ri_name(vn2_obj))
np2.network_policy_entries.policy_rule[0].action_list.simple_action = \
'deny'
np2.set_network_policy_entries(np2.network_policy_entries)
self._vnc_lib.network_policy_update(np2)
self.check_ri_refs_are_deleted(fq_name=self.get_ri_name(vn2_obj))
vn1_obj.del_network_policy(np1)
vn2_obj.del_network_policy(np2)
self._vnc_lib.virtual_network_update(vn1_obj)
self._vnc_lib.virtual_network_update(vn2_obj)
self.delete_network_policy(np1)
self.delete_network_policy(np2)
self._vnc_lib.virtual_network_delete(fq_name=vn1_obj.get_fq_name())
self._vnc_lib.virtual_network_delete(fq_name=vn2_obj.get_fq_name())
self.check_vn_is_deleted(uuid=vn1_obj.uuid)
self.check_vn_is_deleted(uuid=vn2_obj.uuid)
def test_unset_tag_from_a_resource(self):
project = Project('project-%s' % self.id())
self.api.project_create(project)
vn = VirtualNetwork('vn-%s' % self.id(), parent_obj=project)
vn_uuid = self.api.virtual_network_create(vn)
tag_type = 'fake_type-%s' % self.id()
tag_value = 'fake_value-%s' % self.id()
tag = Tag(tag_type_name=tag_type,
tag_value=tag_value,
parent_obj=project)
self.api.tag_create(tag)
self.api.set_tag(vn, tag_type, tag_value)
for system_tag_type in constants.TagTypeNameToId:
self.api.tag_create(
Tag(tag_type_name=system_tag_type, tag_value=tag_value))
self.api.set_tag(vn, system_tag_type, tag_value, is_global=True)
vn = self._vnc_lib.virtual_network_read(id=vn_uuid)
self.assertEqual(len(vn.get_tag_refs()),
len(constants.TagTypeNameToId) + 1)
self.assertTrue(tag.uuid in {ref['uuid'] for ref in vn.get_tag_refs()})
self.api.unset_tag(vn, tag_type)
vn = self._vnc_lib.virtual_network_read(id=vn_uuid)
self.assertEqual(len(vn.get_tag_refs()),
len(constants.TagTypeNameToId))
self.assertFalse(
tag.uuid in {ref['uuid']
for ref in vn.get_tag_refs()})
def test_tag_created_before_associated_to_a_resource(self):
project = Project('project-%s' % self.id())
self.api.project_create(project)
vn = VirtualNetwork('vn-%s' % self.id(), parent_obj=project)
self.api.virtual_network_create(vn)
tag_type = 'fake_type-%s' % self.id()
tag_value = 'fake_value-%s' % self.id()
# global
tags_dict = {
tag_type: {
'is_global': True,
'value': tag_value,
}
}
self.assertRaises(NoIdError, self.api.set_tags, vn, tags_dict)
# scoped
tags_dict = {
tag_type: {
'value': tag_value,
}
}
self.assertRaises(NoIdError, self.api.set_tags, vn, tags_dict)
def test_firewall_group_port_association(self):
vn = VirtualNetwork('%s-vn' % self.id(), parent_obj=self.project)
self._vnc_lib.virtual_network_create(vn)
vmi_ids = []
for i in range(3):
vmi = VirtualMachineInterface('%s-vmi%d' % (self.id(), i),
parent_obj=self.project)
vmi.add_virtual_network(vn)
vmi_ids.append(self._vnc_lib.virtual_machine_interface_create(vmi))
neutron_fg = self.create_resource(
'firewall_group',
self.project_id,
extra_res_fields={
'ports': vmi_ids[:-1],
},
)
self.assertEquals(set(neutron_fg['ports']), set(vmi_ids[:-1]))
neutron_fg = self.update_resource(
'firewall_group',
neutron_fg['id'],
self.project_id,
extra_res_fields={
'ports': vmi_ids[1:],
},
)
self.assertEquals(set(neutron_fg['ports']), set(vmi_ids[1:]))
def setUp(self):
VncApiMock.init()
DBMock.init()
vnc_kubernetes.VncKubernetes.reset()
self.args = Mock()
self.args.admin_user = "******"
self.args.admin_password = "******"
self.args.admin_tenant = "default"
self.args.vnc_endpoint_ip = '127.0.0.1'
self.args.vnc_endpoint_port = "8082"
self.args.auth_token_url = "token"
self.args.cluster_project = None
self.args.cluster_network = None
self.args.cluster_pod_network = None
self.args.cluster_service_network = None
self.args.pod_subnets = ['10.10.0.0/16']
self.args.service_subnets = ['192.168.0.0/24']
self.args.kubernetes_api_secure_port = "8443"
self.args.auth_user = "******"
self.args.auth_password = "******"
self.args.auth_tenant = "default"
self.args.cassandra_server_list = ()
api = VncApiMock(self.args.auth_user, self.args.auth_password,
self.args.auth_tenant, self.args.vnc_endpoint_ip,
self.args.vnc_endpoint_port, self.args.auth_token_url)
domain_uuid = api.domain_create(Domain("default-domain"))
domain = api.domain_read(id=domain_uuid)
proj_uuid = api.project_create(
Project("default-project", parent_obj=domain))
proj = api.project_read(id=proj_uuid)
net = VirtualNetwork("ip-fabric", proj)
api.virtual_network_create(net)
def test_dedicated_tag_and_refs_deleted(self):
vn = VirtualNetwork('%s-vn' % self.id(), parent_obj=self.project)
self._vnc_lib.virtual_network_create(vn)
vmi_ids = []
for i in range(3):
vmi = VirtualMachineInterface('%s-vmi%d' % (self.id(), i),
parent_obj=self.project)
vmi.add_virtual_network(vn)
vmi_ids.append(self._vnc_lib.virtual_machine_interface_create(vmi))
neutron_fg = self.create_resource(
'firewall_group',
self.project_id,
extra_res_fields={
'ports': vmi_ids,
},
)
tag_fq_name = self._get_tag_fq_name(neutron_fg, self.project)
try:
self._vnc_lib.tag_read(tag_fq_name)
except NoIdError:
msg = ("Dedicated Tag %s for firewall group %s was not created" %
(':'.join(tag_fq_name), neutron_fg['id']))
self.fail(msg)
self.delete_resource('firewall_group', self.project_id,
neutron_fg['id'])
self.assertRaises(NoIdError, self._vnc_lib.tag_read, tag_fq_name)
def test_update_in_use_provider_vn(self):
project = Project('%s-project' % self.id())
project_uuid = self.api.project_create(project)
project = self.api.project_read(id=project_uuid)
vn = VirtualNetwork('%s-vn' % self.id(), parent_obj=project)
vn.set_is_provider_network(True)
vn.set_provider_properties(
ProviderDetails(
params_dict={"segmentation_id": 100,
"physical_network": "physnet1"}))
vn_uuid = self.api.virtual_network_create(vn)
vmi = VirtualMachineInterface('%s-vmi' % self.id(), parent_obj=project)
vmi.set_virtual_network(vn)
self.api.virtual_machine_interface_create(vmi)
vn = self.api.virtual_network_read(id=vn_uuid)
vn.set_provider_properties(
ProviderDetails(
params_dict={"segmentation_id": 200,
"physical_network": "physnet2"}))
with ExpectedException(RefsExistError):
self.api.virtual_network_update(vn)
updated_provider_properties = (self
.api.virtual_network_read(id=vn.uuid)
.get_provider_properties())
segmentation_id = updated_provider_properties.get_segmentation_id()
physical_network = updated_provider_properties.get_physical_network()
self.assertEqual((100, "physnet1"),
(segmentation_id, physical_network))
def test_context_undo_fail_db_delete(self):
project = Project(name='p-{}'.format(self.id()))
self.api.project_create(project)
vn = VirtualNetwork(name='vn-{}'.format(self.id()), parent_obj=project)
self.api.virtual_network_create(vn)
vmi_obj = VirtualMachineInterface('vmi-{}'.format(self.id()),
parent_obj=project)
vmi_obj.set_virtual_network(vn)
self.api.virtual_machine_interface_create(vmi_obj)
vmi_obj = self.api.virtual_machine_interface_read(id=vmi_obj.uuid)
mock_zk = self._api_server._db_conn._zk_db
zk_alloc_count_before = mock_zk._vpg_id_allocator.get_alloc_count()
def stub(*args, **kwargs):
return False, (500, "Fake error")
with ExpectedException(HttpError):
with test_common.flexmocks([(self._api_server._db_conn,
'dbe_delete', stub)]):
self.api.virtual_machine_interface_delete(
fq_name=vmi_obj.fq_name)
zk_alloc_count_after = mock_zk._vpg_id_allocator.get_alloc_count()
self.assertEqual(zk_alloc_count_before, zk_alloc_count_after)
def test_port_security_and_allowed_address_pairs(self):
project = Project('%s-project' % self.id())
self.api.project_create(project)
vn = VirtualNetwork('vn-%s' % self.id(), parent_obj=project)
self.api.virtual_network_create(vn)
addr_pair = AllowedAddressPairs(allowed_address_pair=[
AllowedAddressPair(ip=SubnetType('1.1.1.0', 24),
mac='02:ce:1b:d7:a6:e7')
])
msg = (r"^Allowed address pairs are not allowed when port security is "
"disabled$")
vmi = VirtualMachineInterface(
'vmi-%s' % self.id(),
parent_obj=project,
port_security_enabled=False,
virtual_machine_interface_allowed_address_pairs=addr_pair)
vmi.set_virtual_network(vn)
with self.assertRaisesRegexp(BadRequest, msg):
self.api.virtual_machine_interface_create(vmi)
vmi = VirtualMachineInterface('vmi-%s' % self.id(),
parent_obj=project,
port_security_enabled=False)
vmi.set_virtual_network(vn)
self.api.virtual_machine_interface_create(vmi)
# updating a port with allowed address pair should throw an exception
# when port security enabled is set to false
vmi.virtual_machine_interface_allowed_address_pairs = addr_pair
with self.assertRaisesRegexp(BadRequest, msg):
self.api.virtual_machine_interface_update(vmi)
def test_tag_created_before_associated_to_a_resource(self):
project = Project('project-%s' % self.id())
self.api.project_create(project)
vn = VirtualNetwork('vn-%s' % self.id(), parent_obj=project)
self.api.virtual_network_create(vn)
type = 'fake_type-%s' % self.id()
value = 'fake_value-%s' % self.id()
# global
tags_dict = {
type: {
'is_global': True,
'value': value,
}
}
with ExpectedException(exceptions.NoIdError):
self.api.set_tags(vn, tags_dict)
# scoped
tags_dict = {
type: {
'value': value,
}
}
with ExpectedException(exceptions.NoIdError):
self.api.set_tags(vn, tags_dict)
def test_set_tag_api_sanity(self):
project = Project('project-%s' % self.id())
self.api.project_create(project)
tag_type = 'fake_type-%s' % self.id()
tag_value = 'fake_value-%s' % self.id()
tag = Tag(tag_type_name=tag_type, tag_value=tag_value,
parent_obj=project)
self.api.tag_create(tag)
vn = VirtualNetwork('vn-%s' % self.id(), parent_obj=project)
self.api.virtual_network_create(vn)
url = self.api._action_uri['set-tag']
test_suite = [
({'obj_uuid': vn.uuid}, BadRequest),
({'obj_type': 'virtual_network'}, BadRequest),
({'obj_uuid': 'fake_uuid', 'obj_type': 'virtual_network'},
NoIdError),
({'obj_uuid': vn.uuid, 'obj_type': 'wrong_type'}, BadRequest),
({
'obj_uuid': vn.uuid, 'obj_type': 'virtual_network',
tag_type: {'value': tag_value}
}, None),
({
'obj_uuid': vn.uuid, 'obj_type': 'virtual-network',
tag_type: {'value': tag_value}
}, None),
]
for tags_dict, result in test_suite:
if result and issubclass(result, Exception):
self.assertRaises(result, self.api._request_server,
OP_POST, url, json.dumps(tags_dict))
else:
self.api._request_server(OP_POST, url, json.dumps(tags_dict))
def test_only_one_value_for_a_type_can_be_associate_to_a_resource2(self):
project = Project('project-%s' % self.id())
self.api.project_create(project)
tag_type = 'fake_type-%s' % self.id()
global_tag = Tag(tag_type_name=tag_type,
tag_value='global_fake_value-%s' % self.id())
self.api.tag_create(global_tag)
scoped_tag = Tag(tag_type_name=tag_type,
tag_value='scoped_fake_value-%s' % self.id(),
parent_obj=project)
self.api.tag_create(scoped_tag)
vn = VirtualNetwork('vn-%s' % self.id(), parent_obj=project)
vn.add_tag(global_tag)
vn.add_tag(scoped_tag)
self.assertRaises(BadRequest, self.api.virtual_network_create, vn)
vn.set_tag(global_tag)
self.api.virtual_network_create(vn)
vn = self._vnc_lib.virtual_network_read(id=vn.uuid)
self.assertEqual(len(vn.get_tag_refs()), 1)
self.assertEqual(vn.get_tag_refs()[0]['uuid'], global_tag.uuid)
vn.add_tag(scoped_tag)
self.assertRaises(BadRequest, self.api.virtual_network_update, vn)
def test_virtual_port_group_delete(self):
proj_obj = Project('%s-project' % (self.id()))
self.api.project_create(proj_obj)
vn = VirtualNetwork('vn-%s' % (self.id()), parent_obj=proj_obj)
self.api.virtual_network_create(vn)
vpg_name = "vpg-" + self.id()
vpg_obj = VirtualPortGroup(vpg_name)
self.api.virtual_port_group_create(vpg_obj)
vmi_id_list = []
for i in range(self.VMI_NUM):
vmi_obj = VirtualMachineInterface(self.id() + str(i),
parent_obj=proj_obj)
vmi_obj.set_virtual_network(vn)
vmi_id_list.append(
self.api.virtual_machine_interface_create(vmi_obj))
vpg_obj.add_virtual_machine_interface(vmi_obj)
self.api.virtual_port_group_update(vpg_obj)
self.api.ref_relax_for_delete(vpg_obj.uuid, vmi_id_list[i])
# Make sure when VPG doesn't get deleted, since associated VMIs
# still refers it.
with ExpectedException(BadRequest):
self.api.virtual_port_group_delete(id=vpg_obj.uuid)
# Cleanup
for i in range(self.VMI_NUM):
self.api.virtual_machine_interface_delete(id=vmi_id_list[i])
self.api.virtual_port_group_delete(id=vpg_obj.uuid)
def test_deallocate_vxlan_id(self):
# enable vxlan routing on project
proj = self._vnc_lib.project_read(
fq_name=["default-domain", "default-project"])
proj.set_vxlan_routing(True)
self._vnc_lib.project_update(proj)
mock_zk = self._api_server._db_conn._zk_db
vn_obj = VirtualNetwork('%s-vn' % self.id())
vn_obj_properties = VirtualNetworkType(forwarding_mode='l3')
vn_obj_properties.set_vxlan_network_identifier(6002)
vn_obj.set_virtual_network_properties(vn_obj_properties)
self.api.virtual_network_create(vn_obj)
# VN created, now read back the VN data to check if vxlan_id is set
vn_obj = self.api.virtual_network_read(id=vn_obj.uuid)
vn_obj_properties = vn_obj.get_virtual_network_properties()
if not vn_obj_properties:
self.fail("VN properties are not set")
vxlan_id = vn_obj_properties.get_vxlan_network_identifier()
self.assertEqual(vxlan_id, 6002)
self.api.virtual_network_delete(id=vn_obj.uuid)
self.assertNotEqual(vn_obj.get_fq_name_str() + "_vxlan",
mock_zk.get_vn_from_id(vxlan_id))
logger.debug('PASS - test_deallocate_vxlan_id')
def test_update_not_in_use_non_provider_vn_to_provider(self):
project = Project('%s-project' % self.id())
project_uuid = self.api.project_create(project)
project = self.api.project_read(id=project_uuid)
vn = VirtualNetwork('%s-vn' % self.id(), parent_obj=project)
vn_uuid = self.api.virtual_network_create(vn)
vn = self.api.virtual_network_read(id=vn_uuid)
is_provider_network = vn.get_is_provider_network()
self.assertFalse(is_provider_network)
vn.set_is_provider_network(True)
vn.set_provider_properties(
ProviderDetails(
params_dict={"segmentation_id": 100,
"physical_network": "physnet1"}))
self.api.virtual_network_update(vn)
vn = self.api.virtual_network_read(id=vn_uuid)
is_provider_network = vn.get_is_provider_network()
self.assertTrue(is_provider_network)
updated_provider_properties = vn.get_provider_properties()
segmentation_id = updated_provider_properties.get_segmentation_id()
physical_network = updated_provider_properties.get_physical_network()
self.assertEqual((100, "physnet1"),
(segmentation_id, physical_network))
def test_disable_port_security_with_empty_allowed_address_pair_list(self):
project = Project('%s-project' % self.id())
self.api.project_create(project)
vn = VirtualNetwork('vn-%s' % self.id(), parent_obj=project)
self.api.virtual_network_create(vn)
addr_pair = AllowedAddressPairs()
vmi1 = VirtualMachineInterface(
'vmi1-%s' % self.id(),
parent_obj=project,
port_security_enabled=False,
virtual_machine_interface_allowed_address_pairs=addr_pair)
vmi1.set_virtual_network(vn)
self.api.virtual_machine_interface_create(vmi1)
addr_pair = AllowedAddressPairs(allowed_address_pair=[
AllowedAddressPair(ip=SubnetType('1.1.1.0', 24),
mac='02:ce:1b:d7:a6:e7')
])
vmi2 = VirtualMachineInterface(
'vmi2-%s' % self.id(),
parent_obj=project,
port_security_enabled=True,
virtual_machine_interface_allowed_address_pairs=addr_pair)
vmi2.set_virtual_network(vn)
self.api.virtual_machine_interface_create(vmi2)
addr_pair = AllowedAddressPairs()
vmi2.set_virtual_machine_interface_allowed_address_pairs(addr_pair)
self.api.virtual_machine_interface_update(vmi2)
vmi2.set_port_security_enabled(False)
self.api.virtual_machine_interface_update(vmi2)
def test_context_undo_vxlan_id_fail_db_create(self):
# enable vxlan routing on project
proj = self._vnc_lib.project_read(
fq_name=["default-domain", "default-project"])
proj.set_vxlan_routing(True)
self._vnc_lib.project_update(proj)
mock_zk = self._api_server._db_conn._zk_db
vn_obj = VirtualNetwork('%s-vn' % self.id())
vn_obj_properties = VirtualNetworkType(forwarding_mode='l3')
vn_obj_properties.set_vxlan_network_identifier(6000)
vn_obj.set_virtual_network_properties(vn_obj_properties)
def stub(*args, **kwargs):
return (False, (500, "Fake error"))
zk_alloc_count_start = mock_zk._vn_id_allocator.get_alloc_count()
with ExpectedException(HttpError):
with test_common.flexmocks(
[(self._api_server._db_conn, 'dbe_create', stub)]):
self.api.virtual_network_create(vn_obj)
# make sure allocation counter stays the same
zk_alloc_count_current = mock_zk._vn_id_allocator.get_alloc_count()
self.assertEqual(zk_alloc_count_start, zk_alloc_count_current)
def _create_virtual_network(self, vn_name, proj_obj, ipam_obj, \
ipam_update, provider=None, subnets=None, \
type='flat-subnet-only'):
vn_exists = False
vn = VirtualNetwork(name=vn_name,
parent_obj=proj_obj,
address_allocation_mode=type)
try:
vn_obj = self._vnc_lib.virtual_network_read(
fq_name=vn.get_fq_name())
vn_exists = True
except NoIdError:
# VN does not exist. Create one.
vn_obj = vn
if vn_exists:
return vn_obj
# Attach IPAM to virtual network.
#
# For flat-subnets, the subnets are specified on the IPAM and
# not on the virtual-network to IPAM link. So pass an empty
# list of VnSubnetsType.
# For user-defined-subnets, use the provided subnets
if ipam_update or \
not self._is_ipam_exists(vn_obj, ipam_obj.get_fq_name()):
if subnets and type == 'user-defined-subnet-only':
vn_obj.add_network_ipam(ipam_obj, subnets)
else:
vn_obj.add_network_ipam(ipam_obj, VnSubnetsType([]))
vn_obj.set_virtual_network_properties(
VirtualNetworkType(forwarding_mode='l3'))
fabric_snat = False
if self.ip_fabric_snat:
fabric_snat = True
if not vn_exists:
if self.ip_fabric_forwarding:
if provider:
#enable ip_fabric_forwarding
vn_obj.add_virtual_network(provider)
elif fabric_snat:
#enable fabric_snat
vn_obj.set_fabric_snat(True)
else:
#disable fabric_snat
vn_obj.set_fabric_snat(False)
# Create VN.
self._vnc_lib.virtual_network_create(vn_obj)
else:
# TODO: Handle Network update
pass
vn_obj = self._vnc_lib.virtual_network_read(
fq_name=vn_obj.get_fq_name())
VirtualNetworkKM.locate(vn_obj.uuid)
return vn_obj
def create_network(self, name, proj_obj, subnet, ipam_name):
vn = VirtualNetwork(
name=name, parent_obj=proj_obj,
virtual_network_properties=VirtualNetworkType(forwarding_mode='l3'),
address_allocation_mode='user-defined-subnet-only')
try:
vn_obj = self._vnc_lib.virtual_network_read(
fq_name=vn.get_fq_name())
except NoIdError:
# Virtual network does not exist. Create one.
vn_uuid = self._vnc_lib.virtual_network_create(vn)
vn_obj = self._vnc_lib.virtual_network_read(id=vn_uuid)
ipam_obj = self._create_network_ipam(ipam_name, 'flat-subnet',
subnet, proj_obj, vn_obj)
try:
self._vnc_lib.virtual_network_update(vn_obj)
except Exception as e:
self.logger.error("%s - failed to update virtual network %s %s. %s"
% (self._name, vn_obj.uuid, str(vn_obj.fq_name),
str(e)))
vn_obj = self._vnc_lib.virtual_network_read(
fq_name=vn_obj.get_fq_name())
#kube = vnc_kubernetes.VncKubernetes.get_instance()
#kube._create_cluster_service_fip_pool(vn_obj, pod_ipam_obj)
return vn_obj
def test_valid_sub_interface_vlan_tag_id(self):
project = Project('%s-project' % self.id())
self.api.project_create(project)
vn = VirtualNetwork('%s-vn' % self.id(), parent_obj=project)
self.api.virtual_network_create(vn)
test_suite = [
(None, None),
(VMIPT(None), None),
(VMIPT(sub_interface_vlan_tag=None), None),
(VMIPT(sub_interface_vlan_tag=-42), BadRequest),
(VMIPT(sub_interface_vlan_tag=4095), BadRequest),
(VMIPT(sub_interface_vlan_tag='fo'), BadRequest),
(VMIPT(sub_interface_vlan_tag='42'), None),
(VMIPT(sub_interface_vlan_tag=42), None),
]
for (vmipt, result) in test_suite:
vmi = VirtualMachineInterface('%s-vmi' % self.id(),
parent_obj=project)
vmi.set_virtual_network(vn)
vmi.set_virtual_machine_interface_properties(vmipt)
if result and issubclass(result, Exception):
self.assertRaises(result,
self.api.virtual_machine_interface_create,
vmi)
else:
self.api.virtual_machine_interface_create(vmi)
self.api.virtual_machine_interface_delete(id=vmi.uuid)
def test_create_pool(self):
tenant_id = _uuid()
pool_id = _uuid()
vip_id = _uuid()
subnet_id = _uuid()
api = self.api_server
project = Project(name='test')
project.uuid = tenant_id
template = ServiceTemplate('lb-test', project)
template.uuid = _uuid()
pool_attrs = LoadbalancerPoolType()
pool_attrs.subnet_id = subnet_id
pool = LoadbalancerPool(
pool_id, project, loadbalancer_pool_properties=pool_attrs)
pool.uuid = pool_id
vip_attrs = VirtualIpType()
vip_attrs.subnet_id = subnet_id
vip_attrs.address = '127.0.0.1'
vip = VirtualIp(vip_id, project, virtual_ip_properties=vip_attrs)
vip.uuid = vip_id
vip.set_loadbalancer_pool(pool)
vnet = VirtualNetwork('test', project)
vnet.uuid = _uuid()
vmi = VirtualMachineInterface(vip_id, project)
vmi.uuid = _uuid()
vmi.set_virtual_network(vnet)
iip = InstanceIp(vip_id, instance_ip_address='127.0.0.1')
iip.uuid = _uuid()
iip.set_virtual_machine_interface(vmi)
iip_refs = [
{'to': iip.get_fq_name(), 'uuid': iip.uuid}
]
vmi.get_instance_ip_back_refs = mock.Mock()
vmi.get_instance_ip_back_refs.return_value = iip_refs
vip.set_virtual_machine_interface(vmi)
api.virtual_service_template_read = template
api.loadbalancer_pool_read.return_value = pool
api.virtual_ip_read.return_value = vip
api.kv_retrieve.return_value = '%s %s' % (vnet.uuid, subnet_id)
api.virtual_machine_interface_read.return_value = vmi
api.instance_ip_read.return_value = iip
api.service_instance_read.side_effect = NoIdError('404')
context = {}
pool_data = {
'id': pool_id,
'vip_id': vip_id
}
self.driver.create_pool(context, pool_data)
api.service_instance_create.assert_called_with(mock.ANY)
def test_create_vn_with_configured_rt_in_system_range(self):
gsc = self.api.global_system_config_read(GlobalSystemConfig().fq_name)
vn = VirtualNetwork('%s-vn' % self.id())
rt_name = 'target:%d:%d' % (gsc.autonomous_system,
BGP_RTGT_MIN_ID + 1000)
vn.set_route_target_list(RouteTargetList([rt_name]))
self.assertRaises(BadRequest, self.api.virtual_network_create, vn)
def test_firewall_group_status(self):
neutron_fg = self.create_resource(
'firewall_group',
self.project_id,
extra_res_fields={
'admin_state_up': False,
},
)
self.assertEquals(neutron_fg['status'], constants.DOWN)
neutron_fg = self.update_resource(
'firewall_group',
neutron_fg['id'],
self.project_id,
extra_res_fields={
'admin_state_up': True,
},
)
self.assertEquals(neutron_fg['status'], constants.INACTIVE)
vn = VirtualNetwork('%s-vn' % self.id(), parent_obj=self.project)
self._vnc_lib.virtual_network_create(vn)
vmi = VirtualMachineInterface('%s-vmi' % self.id(),
parent_obj=self.project)
vmi.add_virtual_network(vn)
self._vnc_lib.virtual_machine_interface_create(vmi)
neutron_fg = self.update_resource(
'firewall_group',
neutron_fg['id'],
self.project_id,
extra_res_fields={
'ports': [vmi.uuid],
},
)
self.assertEquals(neutron_fg['status'], constants.INACTIVE)
fp = FirewallPolicy('%s-fp' % self.id(), parent_obj=self.project)
self._vnc_lib.firewall_policy_create(fp)
neutron_fg = self.update_resource(
'firewall_group',
neutron_fg['id'],
self.project_id,
extra_res_fields={
'egress_firewall_policy_id': fp.uuid,
},
)
self.assertEquals(neutron_fg['status'], constants.ACTIVE)
neutron_fg = self.update_resource(
'firewall_group',
neutron_fg['id'],
self.project_id,
extra_res_fields={
'ports': [],
},
)
self.assertEquals(neutron_fg['status'], constants.INACTIVE)
def test_set_unset_multi_value_of_authorized_type_on_one_resource(self):
project = Project('project-%s' % self.id())
self.api.project_create(project)
vn = VirtualNetwork('vn-%s' % self.id(), parent_obj=project)
vn_uuid = self.api.virtual_network_create(vn)
# Label tag type is the only one type authorized to be set multiple
# time on a same resource
tag_type = 'label'
tag_value1 = '%s-label1' % self.id()
label_tag1 = Tag(tag_type_name=tag_type,
tag_value=tag_value1,
parent_obj=project)
self.api.tag_create(label_tag1)
tag_value2 = '%s-label2' % self.id()
label_tag2 = Tag(tag_type_name=tag_type,
tag_value=tag_value2,
parent_obj=project)
self.api.tag_create(label_tag2)
tag_value3 = '%s-label3' % self.id()
label_tag3 = Tag(tag_type_name=tag_type,
tag_value=tag_value3,
parent_obj=project)
self.api.tag_create(label_tag3)
tags_dict = {
tag_type: {
'value': tag_value1,
'add_values': [tag_value2],
},
}
self.api.set_tags(vn, tags_dict)
vn = self._vnc_lib.virtual_network_read(id=vn_uuid)
self.assertEqual(len(vn.get_tag_refs()), 2)
self.assertEqual({ref['uuid']
for ref in vn.get_tag_refs()},
set([label_tag1.uuid, label_tag2.uuid]))
tags_dict = {
tag_type: {
'add_values': [tag_value3],
'delete_values': [tag_value1],
},
}
self.api.set_tags(vn, tags_dict)
vn = self._vnc_lib.virtual_network_read(id=vn_uuid)
self.assertEqual(len(vn.get_tag_refs()), 2)
self.assertEqual({ref['uuid']
for ref in vn.get_tag_refs()},
set([label_tag2.uuid, label_tag3.uuid]))
self.api.unset_tag(vn, tag_type)
vn = self._vnc_lib.virtual_network_read(id=vn_uuid)
self.assertIsNone(vn.get_tag_refs())
