def test_03_update_security_group_with_existing_name(self): # Validate the following # # 1. Create a security groups with name "test" # 2. Create another security group # 3. Try to update the second security group to update its name to "test" # 4. Update security group should fail # Create security group security_group = SecurityGroup.create( self.apiclient, self.testdata["security_group"], account=self.account.name, domainid=self.account.domainid ) self.debug("Created security group with ID: %s" % security_group.id) security_group_name = security_group.name # Make sure its created security_group_list = SecurityGroup.list( self.apiclient, account=self.account.name, domainid=self.account.domainid, keyword=security_group_name ) self.assertNotEqual( len(security_group_list), 0, "Creating security group failed" ) # Create another security group second_security_group = SecurityGroup.create( self.apiclient, self.testdata["security_group"], account=self.account.name, domainid=self.account.domainid ) self.debug("Created security group with ID: %s" % second_security_group.id) # Make sure its created security_group_list = SecurityGroup.list( self.apiclient, account=self.account.name, domainid=self.account.domainid, keyword=second_security_group.name ) self.assertNotEqual( len(security_group_list), 0, "Creating security group failed" ) # Update the security group with self.assertRaises(Exception): cmd = updateSecurityGroup.updateSecurityGroupCmd() cmd.id = second_security_group.id cmd.name = security_group_name self.apiclient.updateSecurityGroup(cmd)
def test_01_add_valid_protocol_number(self): # Validate the following # # 1. Create a security group # 2. Try to add a new ingress rule by specifying a protocol number # 3. New rule should be added successfully # 4. Try to add a new egress rule by specifying a protocol number # 5. New rule should be added successfully self.security_group = SecurityGroup.create( self.apiclient, self.testdata["security_group"], account=self.account.name, domainid=self.account.domainid) self.debug("Created security group with ID: %s" % self.security_group.id) # Add ingress rule self.createIngressRule("111") # Add egress rule self.createEgressRule("111") # verify number of ingress rules and egress rules self.verify_security_group_rules(self.security_group.id, 1, 1)
def test_01_create_security_group(self): # Validate the following: # # 1. Create a new security group # 2. Update the security group with new name # 3. List the security group with new name as the keyword # 4. Make sure that the response is not empty security_group = SecurityGroup.create( self.apiclient, self.testdata["security_group"], account=self.account.name, domainid=self.account.domainid ) self.debug("Created security group with ID: %s" % security_group.id) initial_secgroup_name = security_group.name new_secgroup_name = "testing-update-security-group" cmd = updateSecurityGroup.updateSecurityGroupCmd() cmd.id = security_group.id cmd.name = new_secgroup_name self.apiclient.updateSecurityGroup(cmd) new_security_group = SecurityGroup.list( self.apiclient, account=self.account.name, domainid=self.account.domainid, keyword=new_secgroup_name ) self.assertNotEqual( len(new_security_group), 0, "Update security group failed" )
def test_02_duplicate_security_group_name(self): # Validate the following # # 1. Create a security groups with name "test" # 2. Try to create another security group with name "test" # 3. Creation of second security group should fail security_group_name = "test" security_group = SecurityGroup.create(self.apiclient, {"name": security_group_name}, account=self.account.name, domainid=self.account.domainid) self.debug("Created security group with name: %s" % security_group.name) security_group_list = SecurityGroup.list( self.apiclient, account=self.account.name, domainid=self.account.domainid, keyword=security_group.name) self.assertNotEqual(len(security_group_list), 0, "Creating security group failed") # Need to use createSecurituGroupCmd since SecurityGroup.create # adds random string to security group name with self.assertRaises(Exception): cmd = createSecurityGroup.createSecurityGroupCmd() cmd.name = security_group.name cmd.account = self.account.name cmd.domainid = self.account.domainid self.apiclient.createSecurityGroup(cmd)
def test_08_security_group(self): """Test security groups in project """ # Validate the following: # 1. Create a project # 2. Assign some security groups to that project # 3. Verify the security groups can only be assigned to VM belonging # to that project. security_group = SecurityGroup.create( self.apiclient, self.services["security_group"], projectid=self.project.id ) self.debug("Created security group with ID: %s" % security_group.id) # Default Security group should not have any ingress rule sercurity_groups = SecurityGroup.list(self.apiclient, projectid=self.project.id) self.assertEqual(isinstance(sercurity_groups, list), True, "Check for list security groups response") self.assertNotEqual(len(sercurity_groups), 0, "Check List Security groups response") # Authorize Security group to SSH to VM ingress_rule = security_group.authorize( self.apiclient, self.services["security_group"], projectid=self.project.id ) self.assertEqual(isinstance(ingress_rule, dict), True, "Check ingress rule created properly") self.debug("Authorizing ingress rule for sec group ID: %s for ssh access" % security_group.id) self.virtual_machine = VirtualMachine.create( self.apiclient, self.services["server"], serviceofferingid=self.service_offering.id, securitygroupids=[security_group.id], projectid=self.project.id, ) self.debug("Deployed VM (ID: %s) in project: %s" % (self.virtual_machine.id, self.project.id)) self.assertEqual(self.virtual_machine.state, "Running", "VM state should be running after deployment") # Deploy another VM with same security group outside the project self.debug("Deploying VM with security group: %s outside project:%s" % (security_group.id, self.project.id)) with self.assertRaises(Exception): VirtualMachine.create( self.apiclient, self.services["server"], serviceofferingid=self.service_offering.id, accountid=self.account.name, domainid=self.account.domainid, securitygroupids=[security_group.id], ) return
def test_05_rename_security_group(self): # Validate the following # # 1. Create a security group # 2. Update the security group and change its name to "default" # 3. Exception should be thrown as "default" name cant be used security_group = SecurityGroup.create(self.apiclient, self.testdata["security_group"], account=self.account.name, domainid=self.account.domainid) self.debug("Created security group with ID: %s" % security_group.id) with self.assertRaises(Exception): cmd = updateSecurityGroup.updateSecurityGroupCmd() cmd.id = security_group.id cmd.name = "default" self.apiclient.updateSecurityGroup(cmd)
def test_01_create_list_delete_security_group(self): """ Test Security Group Creation,List,Deletion on a Basic """ if self.zone.networktype!="Basic": self.skipTest("Security Group creation is applicable only with Basic zone setup. skipping") sg=SecurityGroup.create(self.user_api_client, self.services("security_group") ) listsg=SecurityGroup.list(self.user_api_client,id=sg.id) if sg.name!=listsg[0].name: self.fail("Security Group is not created with specified details") sg.delete(self.user_api_client) return
def test_01_create_list_delete_security_group(self): """ Test Security Group Creation,List,Deletion on a Basic """ if self.zone.networktype!="Basic": self.skipTest("Security Group creation is applicable only with Basic zone setup. skipping") sg=SecurityGroup.create(self.user_api_client, self.services("security_group") ) listsg=SecurityGroup.list(self.user_api_client,id=sg.id) if sg.name!=listsg[0].name: self.fail("Security Group is not created with specified details") sg.delete(self.user_api_client) return
def test_05_invalid_protocol_string(self): # Validate the following # # 1. Create a security group # 2. Try to add ingress rule with invalid protocol name # 3. Exception should be thrown # 4. Try to add egressrule with invalid protocol name # 5. Exception should be thrown security_group = SecurityGroup.create(self.apiclient, self.testdata["security_group"], account=self.account.name, domainid=self.account.domainid) self.debug("Created security group with ID: %s" % security_group.id) with self.assertRaises(Exception): self.createIngressRule("randomprotocol") with self.assertRaises(Exception): self.createEgressRule("randomprotocol")
def test_02_add_invalid_protocol_number(self): # Validate the following # # 1. Create a security group # 2. Try to add a new ingress rule by specifying an invalid (> 255) protocol number # 3. Exception should be thrown successfully # 4. Try to add a new egreess rule by specifying an invalid (> 255) protocol number # 5. Exception should be thrown successfully self.security_group = SecurityGroup.create( self.apiclient, self.testdata["security_group"], account=self.account.name, domainid=self.account.domainid) self.debug("Created security group with ID: %s" % self.security_group.id) # Create ingress rule with invalid protocol number. Exception should be thrown with self.assertRaises(Exception): self.createIngressRule("555") # Create egress rule with invalid protocol number. Exception should be thrown with self.assertRaises(Exception): self.createEgressRule("555")
def test_04_add_duplicate_protocol_number(self): # Validate the following # # 1. Create a security group # 2. Try to add a new ingress rule by using "all" as the protocol string # 3. Try to add one more ingress rule by specifying the same protocol # 4. Exception should be thrown successfully # 5. Try to add a new egress rule by using "all" as the protocol string # 6. Try to add one more egress rule by specifying the same protocol # 7. Exception should be thrown successfully self.security_group = SecurityGroup.create( self.apiclient, self.testdata["security_group"], account=self.account.name, domainid=self.account.domainid) self.debug("Created security group with ID: %s" % self.security_group.id) # Add ingress rule self.createIngressRule("111") # verify number of ingress rules and egress rules self.verify_security_group_rules(self.security_group.id, 1, 0) # Try to add another ingress with same protocol number. Exception is thrown with self.assertRaises(Exception): self.createIngressRule("111") # Add egress rule self.createEgressRule("111") # verify number of ingress rules and egress rules self.verify_security_group_rules(self.security_group.id, 1, 1) # Try to add another ingress with same protocol number. Exception is thrown with self.assertRaises(Exception): self.createEgressRule("111")
def test_01_positive_tests_vm_operations_basic_zone(self): """ Positive tests for VMLC test path - Basic Zone # 1. List created service offering in setUpClass by name # 2. List registered template with name # 3. Create VM in account # 4. Enable networking for reaching to VM thorugh SSH # 5. Check VM accessibility through SSH # 6. Stop vm and verify vm is not accessible # 7. Start vm and verify vm is not accessible # 8. Reboot vm and verify vm is not accessible # 9. Destroy and recover VM # 10. Change service offering of VM to a different service offering # 11. Verify that the cpuspeed, cpunumber and memory of VM matches to # as specified in new service offering # 12. Start VM and verify VM accessibility # 13. Find suitable host for VM to migrate and migrate the VM # 14. Verify VM accessibility on new host """ # List created service offering in setUpClass by name listServiceOfferings = ServiceOffering.list( self.apiclient, name=self.service_offering_1.name, listall=True) self.assertEqual( validateList(listServiceOfferings)[0], PASS, "List validation failed for service offerings list") self.assertEqual( listServiceOfferings[0].name, self.service_offering_1.name, "Names of created service offering and\ listed service offering not matching") # List registered template with name listTemplates = Template.list(self.userapiclient, templatefilter="self", name=self.template.name, listall=True, zone=self.zone.id) self.assertEqual( validateList(listTemplates)[0], PASS, "List validation failed for\ templates list") self.assertEqual( listTemplates[0].name, self.template.name, "Names of created template and listed template\ not matching") # Enable networking for reaching to VM thorugh SSH security_group = SecurityGroup.create(self.apiclient, self.testdata["security_group"], account=self.account.name, domainid=self.account.domainid) self.cleanup.append(security_group) # Authorize Security group to SSH to VM security_group.authorize(self.apiclient, self.testdata["ingress_rule"], account=self.account.name, domainid=self.account.domainid) # Create VM in account self.virtual_machine = VirtualMachine.create( self.userapiclient, self.testdata["small"], templateid=self.template.id, accountid=self.account.name, domainid=self.account.domainid, serviceofferingid=self.service_offering_1.id, zoneid=self.zone.id, securitygroupids=[ security_group.id, ]) self.cleanup.append(self.virtual_machine) # Check VM accessibility try: SshClient(host=self.virtual_machine.ssh_ip, port=22, user=self.virtual_machine.username, passwd=self.virtual_machine.password) except Exception as e: self.fail("Exception while SSHing to VM: %s" % e) # Stop VM and verify VM is not accessible self.virtual_machine.stop(self.userapiclient) with self.assertRaises(Exception): SshClient(host=self.virtual_machine.ssh_ip, port=22, user=self.virtual_machine.username, passwd=self.virtual_machine.password, retries=0) # Start VM and verify that it is accessible self.virtual_machine.start(self.userapiclient) try: SshClient(host=self.virtual_machine.ssh_ip, port=22, user=self.virtual_machine.username, passwd=self.virtual_machine.password) except Exception as e: self.fail("Exception while SSHing to VM: %s" % e) # Reboot VM and verify that it is accessible self.virtual_machine.reboot(self.userapiclient) try: SshClient(host=self.virtual_machine.ssh_ip, port=22, user=self.virtual_machine.username, passwd=self.virtual_machine.password) except Exception as e: self.fail("Exception while SSHing to VM: %s" % e) # Destroy and recover VM self.virtual_machine.delete(self.userapiclient, expunge=False) self.virtual_machine.recover(self.apiclient) # Change service offering of VM and verify that it is changed self.virtual_machine.change_service_offering( self.userapiclient, serviceOfferingId=self.service_offering_2.id) VerifyChangeInServiceOffering(self, self.virtual_machine, self.service_offering_2) # Start VM and verify that it is accessible self.virtual_machine.start(self.userapiclient) try: SshClient(host=self.virtual_machine.ssh_ip, port=22, user=self.virtual_machine.username, passwd=self.virtual_machine.password) except Exception as e: self.fail("Exception while SSHing to VM: %s" % e) return
def test_03_securitygroups_authorize_revoke_egress(self): """ @Desc: Test to Authorize and Revoke Egress for Security Group @steps: Step1: Listing all the Security Groups for a user Step2: Verifying that list size is 1 Step3: Creating a Security Groups Step4: Listing all the Security Groups again for a user Step5: Verifying that list size is 2 Step6: Authorizing Egress for the security group created in step3 Step7: Listing the security groups by passing id of security group created in step3 Step8: Verifying that list size is 1 Step9: Verifying that Egress is authorized to the security group Step10: Verifying the details of the Egress rule are as expected Step11: Revoking Egress for the security group created in step3 Step12: Listing the security groups by passing id of security group created in step3 Step13: Verifying that list size is 1 Step14: Verifying that Egress is revoked from the security group """ # Listing all the Security Groups for a User list_securitygroups_before = SecurityGroup.list(self.userapiclient, listall=self.services["listall"]) # Verifying that default security group is created status = validateList(list_securitygroups_before) self.assertEquals(PASS, status[0], "Default Security Groups creation failed") # Verifying the size of the list is 1 self.assertEquals(1, len(list_securitygroups_before), "Count of Security Groups list is not matching") # Creating a security group securitygroup_created = SecurityGroup.create( self.userapiclient, self.services["security_group"], account=self.account.name, domainid=self.domain.id, description=self.services["security_group"]["name"], ) self.assertIsNotNone(securitygroup_created, "Security Group creation failed") self.cleanup.append(securitygroup_created) # Listing all the security groups for user again list_securitygroups_after = SecurityGroup.list(self.userapiclient, listall=self.services["listall"]) status = validateList(list_securitygroups_after) self.assertEquals(PASS, status[0], "Security Groups creation failed") # Verifying that list size is 2 self.assertEquals(2, len(list_securitygroups_after), "Failed to create Security Group") # Authorizing Egress for the security group created in step3 securitygroup_created.authorizeEgress( self.userapiclient, self.services["ingress_rule"], self.account.name, self.domain.id ) # Listing the security group by Id list_securitygroups_byid = SecurityGroup.list( self.userapiclient, listall=self.services["listall"], id=securitygroup_created.id, domainid=self.domain.id ) # Verifying that security group is listed status = validateList(list_securitygroups_byid) self.assertEquals(PASS, status[0], "Listing of Security Groups by id failed") # Verifying size of the list is 1 self.assertEquals(1, len(list_securitygroups_byid), "Count of the listing security group by id is not matching") securitygroup_egress = list_securitygroups_byid[0].egressrule # Validating the Ingress rule status = validateList(securitygroup_egress) self.assertEquals(PASS, status[0], "Security Groups Egress rule authorization failed") self.assertEquals(1, len(securitygroup_egress), "Security Group Egress rules count is not matching") # Verifying the details of the Egress rule are as expected # Creating expected and actual values dictionaries expected_dict = { "cidr": self.services["ingress_rule"]["cidrlist"], "protocol": self.services["ingress_rule"]["protocol"], "startport": self.services["ingress_rule"]["startport"], "endport": self.services["ingress_rule"]["endport"], } actual_dict = { "cidr": str(securitygroup_egress[0].cidr), "protocol": str(securitygroup_egress[0].protocol.upper()), "startport": str(securitygroup_egress[0].startport), "endport": str(securitygroup_egress[0].endport), } ingress_status = self.__verify_values(expected_dict, actual_dict) self.assertEqual(True, ingress_status, "Listed Security group Egress rule details are not as expected") # Revoking the Egress rule from Security Group securitygroup_created.revokeEgress(self.userapiclient, securitygroup_egress[0].ruleid) # Listing the security group by Id list_securitygroups_byid = SecurityGroup.list( self.userapiclient, listall=self.services["listall"], id=securitygroup_created.id, domainid=self.domain.id ) # Verifying that security group is listed status = validateList(list_securitygroups_byid) self.assertEquals(PASS, status[0], "Listing of Security Groups by id failed") # Verifying size of the list is 1 self.assertEquals(1, len(list_securitygroups_byid), "Count of the listing security group by id is not matching") securitygroup_egress = list_securitygroups_byid[0].egressrule # Verifying that Ingress rule is empty(revoked) status = validateList(securitygroup_egress) self.assertEquals(EMPTY_LIST, status[2], "Security Groups Egress rule is not revoked") return
def test_01_positive_tests_vm_operations_basic_zone(self): """ Positive tests for VMLC test path - Basic Zone # 1. List created service offering in setUpClass by name # 2. List registered template with name # 3. Create VM in account # 4. Enable networking for reaching to VM thorugh SSH # 5. Check VM accessibility through SSH # 6. Stop vm and verify vm is not accessible # 7. Start vm and verify vm is not accessible # 8. Reboot vm and verify vm is not accessible # 9. Destroy and recover VM # 10. Change service offering of VM to a different service offering # 11. Verify that the cpuspeed, cpunumber and memory of VM matches to # as specified in new service offering # 12. Start VM and verify VM accessibility # 13. Find suitable host for VM to migrate and migrate the VM # 14. Verify VM accessibility on new host """ # List created service offering in setUpClass by name listServiceOfferings = ServiceOffering.list( self.apiclient, name=self.service_offering_1.name, listall=True ) self.assertEqual(validateList(listServiceOfferings)[0], PASS, "List validation failed for service offerings list") self.assertEqual(listServiceOfferings[0].name, self.service_offering_1.name, "Names of created service offering and\ listed service offering not matching") # List registered template with name listTemplates = Template.list(self.userapiclient, templatefilter="self", name=self.template.name, listall=True, zone=self.zone.id ) self.assertEqual(validateList(listTemplates)[0], PASS, "List validation failed for\ templates list") self.assertEqual(listTemplates[0].name, self.template.name, "Names of created template and listed template\ not matching") # Enable networking for reaching to VM thorugh SSH security_group = SecurityGroup.create( self.apiclient, self.testdata["security_group"], account=self.account.name, domainid=self.account.domainid ) self.cleanup.append(security_group) # Authorize Security group to SSH to VM security_group.authorize( self.apiclient, self.testdata["ingress_rule"], account=self.account.name, domainid=self.account.domainid ) # Create VM in account self.virtual_machine = VirtualMachine.create( self.userapiclient, self.testdata["small"], templateid=self.template.id, accountid=self.account.name, domainid=self.account.domainid, serviceofferingid=self.service_offering_1.id, zoneid=self.zone.id, securitygroupids=[security_group.id, ] ) self.cleanup.append(self.virtual_machine) # Check VM accessibility try: SshClient(host=self.virtual_machine.ssh_ip, port=22, user=self.virtual_machine.username, passwd=self.virtual_machine.password) except Exception as e: self.fail("Exception while SSHing to VM: %s" % e) # Stop VM and verify VM is not accessible self.virtual_machine.stop(self.userapiclient) with self.assertRaises(Exception): SshClient(host=self.virtual_machine.ssh_ip, port=22, user=self.virtual_machine.username, passwd=self.virtual_machine.password, retries=0 ) # Start VM and verify that it is accessible self.virtual_machine.start(self.userapiclient) try: SshClient(host=self.virtual_machine.ssh_ip, port=22, user=self.virtual_machine.username, passwd=self.virtual_machine.password) except Exception as e: self.fail("Exception while SSHing to VM: %s" % e) # Reboot VM and verify that it is accessible self.virtual_machine.reboot(self.userapiclient) try: SshClient(host=self.virtual_machine.ssh_ip, port=22, user=self.virtual_machine.username, passwd=self.virtual_machine.password) except Exception as e: self.fail("Exception while SSHing to VM: %s" % e) # Destroy and recover VM self.virtual_machine.delete(self.userapiclient, expunge=False) self.virtual_machine.recover(self.apiclient) # Change service offering of VM and verify that it is changed self.virtual_machine.change_service_offering( self.userapiclient, serviceOfferingId=self.service_offering_2.id ) VerifyChangeInServiceOffering(self, self.virtual_machine, self.service_offering_2) # Start VM and verify that it is accessible self.virtual_machine.start(self.userapiclient) try: SshClient(host=self.virtual_machine.ssh_ip, port=22, user=self.virtual_machine.username, passwd=self.virtual_machine.password) except Exception as e: self.fail("Exception while SSHing to VM: %s" % e) return
def test_01_list_securitygroups_pagination(self): """ @Desc: Test to List Security Groups pagination @steps: Step1: Listing all the Security Groups for a user Step2: Verifying that list size is 1 Step3: Creating (page size) number of Security Groups Step4: Listing all the Security Groups again for a user Step5: Verifying that list size is (page size + 1) Step6: Listing all the Security Groups in page1 Step7: Verifying that list size is (page size) Step8: Listing all the Security Groups in page2 Step9: Verifying that list size is 1 Step10: Deleting the Security Group present in page 2 Step11: Listing all the Security Groups in page2 Step12: Verifying that no security groups are listed """ # Listing all the Security Groups for a User list_securitygroups_before = SecurityGroup.list(self.userapiclient, listall=self.services["listall"]) # Verifying that default security group is created status = validateList(list_securitygroups_before) self.assertEquals(PASS, status[0], "Default Security Groups creation failed") # Verifying the size of the list is 1 self.assertEquals(1, len(list_securitygroups_before), "Count of Security Groups list is not matching") # Creating pagesize number of security groups for i in range(0, (self.services["pagesize"])): securitygroup_created = SecurityGroup.create( self.userapiclient, self.services["security_group"], account=self.account.name, domainid=self.domain.id, description=self.services["security_group"]["name"], ) self.assertIsNotNone(securitygroup_created, "Security Group creation failed") if i < self.services["pagesize"]: self.cleanup.append(securitygroup_created) # Listing all the security groups for user again list_securitygroups_after = SecurityGroup.list(self.userapiclient, listall=self.services["listall"]) status = validateList(list_securitygroups_after) self.assertEquals(PASS, status[0], "Security Groups creation failed") # Verifying that list size is pagesize + 1 self.assertEquals( self.services["pagesize"] + 1, len(list_securitygroups_after), "Failed to create pagesize + 1 number of Security Groups", ) # Listing all the security groups in page 1 list_securitygroups_page1 = SecurityGroup.list( self.userapiclient, listall=self.services["listall"], page=1, pagesize=self.services["pagesize"] ) status = validateList(list_securitygroups_page1) self.assertEquals(PASS, status[0], "Failed to list security groups in page 1") # Verifying the list size to be equal to pagesize self.assertEquals( self.services["pagesize"], len(list_securitygroups_page1), "Size of security groups in page 1 is not matching", ) # Listing all the security groups in page 2 list_securitygroups_page2 = SecurityGroup.list( self.userapiclient, listall=self.services["listall"], page=2, pagesize=self.services["pagesize"] ) status = validateList(list_securitygroups_page2) self.assertEquals(PASS, status[0], "Failed to list security groups in page 2") # Verifying the list size to be equal to pagesize self.assertEquals(1, len(list_securitygroups_page2), "Size of security groups in page 2 is not matching") # Deleting the security group present in page 2 SecurityGroup.delete(securitygroup_created, self.userapiclient) self.cleanup.remove(securitygroup_created) # Listing all the security groups in page 2 again list_securitygroups_page2 = SecurityGroup.list( self.userapiclient, listall=self.services["listall"], page=2, pagesize=self.services["pagesize"] ) # Verifying that there are no security groups listed self.assertIsNone(list_securitygroups_page2, "Security Groups not deleted from page 2") return
def test_03_securitygroups_authorize_revoke_egress(self): """ @Desc: Test to Authorize and Revoke Egress for Security Group @steps: Step1: Listing all the Security Groups for a user Step2: Verifying that list size is 1 Step3: Creating a Security Groups Step4: Listing all the Security Groups again for a user Step5: Verifying that list size is 2 Step6: Authorizing Egress for the security group created in step3 Step7: Listing the security groups by passing id of security group created in step3 Step8: Verifying that list size is 1 Step9: Verifying that Egress is authorized to the security group Step10: Verifying the details of the Egress rule are as expected Step11: Revoking Egress for the security group created in step3 Step12: Listing the security groups by passing id of security group created in step3 Step13: Verifying that list size is 1 Step14: Verifying that Egress is revoked from the security group """ # Listing all the Security Groups for a User list_securitygroups_before = SecurityGroup.list( self.userapiclient, listall=self.services["listall"]) # Verifying that default security group is created status = validateList(list_securitygroups_before) self.assertEqual(PASS, status[0], "Default Security Groups creation failed") # Verifying the size of the list is 1 self.assertEqual(1, len(list_securitygroups_before), "Count of Security Groups list is not matching") # Creating a security group securitygroup_created = SecurityGroup.create( self.userapiclient, self.services["security_group"], account=self.account.name, domainid=self.domain.id, description=self.services["security_group"]["name"]) self.assertIsNotNone(securitygroup_created, "Security Group creation failed") self.cleanup.append(securitygroup_created) # Listing all the security groups for user again list_securitygroups_after = SecurityGroup.list( self.userapiclient, listall=self.services["listall"]) status = validateList(list_securitygroups_after) self.assertEqual(PASS, status[0], "Security Groups creation failed") # Verifying that list size is 2 self.assertEqual(2, len(list_securitygroups_after), "Failed to create Security Group") # Authorizing Egress for the security group created in step3 securitygroup_created.authorizeEgress( self.userapiclient, self.services["ingress_rule"], self.account.name, self.domain.id, ) # Listing the security group by Id list_securitygroups_byid = SecurityGroup.list( self.userapiclient, listall=self.services["listall"], id=securitygroup_created.id, domainid=self.domain.id) # Verifying that security group is listed status = validateList(list_securitygroups_byid) self.assertEqual(PASS, status[0], "Listing of Security Groups by id failed") # Verifying size of the list is 1 self.assertEqual( 1, len(list_securitygroups_byid), "Count of the listing security group by id is not matching") securitygroup_egress = list_securitygroups_byid[0].egressrule # Validating the Ingress rule status = validateList(securitygroup_egress) self.assertEqual(PASS, status[0], "Security Groups Egress rule authorization failed") self.assertEqual(1, len(securitygroup_egress), "Security Group Egress rules count is not matching") # Verifying the details of the Egress rule are as expected #Creating expected and actual values dictionaries expected_dict = { "cidr": self.services["ingress_rule"]["cidrlist"], "protocol": self.services["ingress_rule"]["protocol"], "startport": self.services["ingress_rule"]["startport"], "endport": self.services["ingress_rule"]["endport"], } actual_dict = { "cidr": str(securitygroup_egress[0].cidr), "protocol": str(securitygroup_egress[0].protocol.upper()), "startport": str(securitygroup_egress[0].startport), "endport": str(securitygroup_egress[0].endport), } ingress_status = self.__verify_values(expected_dict, actual_dict) self.assertEqual( True, ingress_status, "Listed Security group Egress rule details are not as expected") # Revoking the Egress rule from Security Group securitygroup_created.revokeEgress(self.userapiclient, securitygroup_egress[0].ruleid) # Listing the security group by Id list_securitygroups_byid = SecurityGroup.list( self.userapiclient, listall=self.services["listall"], id=securitygroup_created.id, domainid=self.domain.id) # Verifying that security group is listed status = validateList(list_securitygroups_byid) self.assertEqual(PASS, status[0], "Listing of Security Groups by id failed") # Verifying size of the list is 1 self.assertEqual( 1, len(list_securitygroups_byid), "Count of the listing security group by id is not matching") securitygroup_egress = list_securitygroups_byid[0].egressrule # Verifying that Ingress rule is empty(revoked) status = validateList(securitygroup_egress) self.assertEqual(EMPTY_LIST, status[2], "Security Groups Egress rule is not revoked") return
def test_06_create_virtual_machine(self): # Validate the following # # 1. Create a security group # 2. Create a virtual machine # 3. Try to add a new ingress rule # 4. Check if ingress rule is applied successfully on host # 5. Throw exception if it's not applied # 6. Try to add a new egress rule # 7. Check if egress rule is applied successfully on host # 8. Throw exception if it's not applied self.security_group = SecurityGroup.create( self.apiclient, self.testdata["security_group"], account=self.account.name, domainid=self.account.domainid) self.virtual_machine = VirtualMachine.create( self.apiclient, self.testdata["virtual_machine_userdata"], accountid=self.account.name, domainid=self.account.domainid, serviceofferingid=self.service_offering.id, securitygroupids=[self.security_group.id]) # Get the virtual machine virtial_machine = VirtualMachine.list(self.apiclient, id=self.virtual_machine.id) vm = virtial_machine[0] # get the host on which the vm is running hosts = list_hosts(self.apiclient, id=vm.hostid) host = hosts[0] if host.hypervisor.lower() not in "kvm": return host.user, host.passwd = get_host_credentials(self.config, host.ipaddress) # Add ingress rule self.createIngressRule("tcp", "1.1.1.1/32") # verify number of ingress rules and egress rules self.verify_security_group_rules(self.security_group.id, 1, 0) # Check if the ingress rule if applied successfully on host rule = "-A %s -s 1.1.1.1/32 -p tcp -m tcp --dport 1:65535 -m state --state NEW -j ACCEPT" % vm.instancename self.verify_rule_on_host(host.ipaddress, host.user, host.passwd, rule) # Add ingress rule self.createIngressRule("udp", "2.2.2.2/32") # verify number of ingress rules and egress rules self.verify_security_group_rules(self.security_group.id, 2, 0) # Check if the ingress rule if applied successfully on host rule = "-A %s -s 2.2.2.2/32 -p udp -m udp --dport 1:65535 -m state --state NEW -j ACCEPT" % vm.instancename self.verify_rule_on_host(host.ipaddress, host.user, host.passwd, rule) # Add ingress rule self.createIngressRule("icmp", "3.3.3.3/32") # verify number of ingress rules and egress rules self.verify_security_group_rules(self.security_group.id, 3, 0) # Check if the ingress rule if applied successfully on host rule = "-A %s -s 3.3.3.3/32 -p icmp -m icmp --icmp-type any -j ACCEPT" % vm.instancename self.verify_rule_on_host(host.ipaddress, host.user, host.passwd, rule) # Add ingress rule self.createIngressRule("all", "4.4.4.4/32") # verify number of ingress rules and egress rules self.verify_security_group_rules(self.security_group.id, 4, 0) # Check if the ingress rule if applied successfully on host rule = "-A %s -s 4.4.4.4/32 -m state --state NEW -j ACCEPT" % vm.instancename self.verify_rule_on_host(host.ipaddress, host.user, host.passwd, rule) # Add ingress rule self.createIngressRule("47", "5.5.5.5/32") # verify number of ingress rules and egress rules self.verify_security_group_rules(self.security_group.id, 5, 0) # Check if the ingress rule if applied successfully on host rule = "-A %s -s 5.5.5.5/32 -p gre -j ACCEPT" % vm.instancename self.verify_rule_on_host(host.ipaddress, host.user, host.passwd, rule) # Add egress rule self.createEgressRule("tcp", "11.11.11.11/32") # verify number of ingress rules and egress rules self.verify_security_group_rules(self.security_group.id, 5, 1) # Check if the egress rule if applied successfully on host rule = "-A %s-eg -d 11.11.11.11/32 -p tcp -m tcp --dport 1:65535 -m state --state NEW -j RETURN" % vm.instancename self.verify_rule_on_host(host.ipaddress, host.user, host.passwd, rule) # Add egress rule self.createEgressRule("udp", "12.12.12.12/32") # verify number of ingress rules and egress rules self.verify_security_group_rules(self.security_group.id, 5, 2) # Check if the egress rule if applied successfully on host rule = "-A %s-eg -d 12.12.12.12/32 -p udp -m udp --dport 1:65535 -m state --state NEW -j RETURN" % vm.instancename self.verify_rule_on_host(host.ipaddress, host.user, host.passwd, rule) # Add egress rule self.createEgressRule("icmp", "13.13.13.13/32") # verify number of ingress rules and egress rules self.verify_security_group_rules(self.security_group.id, 5, 3) # Check if the egress rule if applied successfully on host rule = "-A %s-eg -d 13.13.13.13/32 -p icmp -m icmp --icmp-type any -j RETURN" % vm.instancename self.verify_rule_on_host(host.ipaddress, host.user, host.passwd, rule) # Add egress rule self.createEgressRule("all", "14.14.14.14/32") # verify number of ingress rules and egress rules self.verify_security_group_rules(self.security_group.id, 5, 4) # Check if the egress rule if applied successfully on host rule = "-A %s-eg -d 14.14.14.14/32 -m state --state NEW -j RETURN" % vm.instancename self.verify_rule_on_host(host.ipaddress, host.user, host.passwd, rule) # Add egress rule self.createEgressRule("47", "15.15.15.15/32") # verify number of ingress rules and egress rules self.verify_security_group_rules(self.security_group.id, 5, 5) # Check if the egress rule if applied successfully on host rule = "-A %s-eg -d 15.15.15.15/32 -p gre -j RETURN" % vm.instancename self.verify_rule_on_host(host.ipaddress, host.user, host.passwd, rule)
def setUpClass(cls): cls.testClient = super(TestMulipleNicSupport, cls).getClsTestClient() cls.apiclient = cls.testClient.getApiClient() cls.testdata = cls.testClient.getParsedTestDataConfig() cls.services = cls.testClient.getParsedTestDataConfig() zone = get_zone(cls.apiclient, cls.testClient.getZoneForTests()) cls.zone = Zone(zone.__dict__) cls._cleanup = [] cls.skip = False if str(cls.zone.securitygroupsenabled) != "True": cls.skip = True return cls.logger = logging.getLogger("TestMulipleNicSupport") cls.stream_handler = logging.StreamHandler() cls.logger.setLevel(logging.DEBUG) cls.logger.addHandler(cls.stream_handler) # Get Domain and templates cls.domain = get_domain(cls.apiclient) cls.services['mode'] = cls.zone.networktype cls.template = get_template(cls.apiclient, cls.zone.id, hypervisor="KVM") if cls.template == FAILED: cls.skip = True return # Create new domain, account, network and VM cls.user_domain = Domain.create( cls.apiclient, services=cls.testdata["acl"]["domain2"], parentdomainid=cls.domain.id) # Create account cls.account1 = Account.create(cls.apiclient, cls.testdata["acl"]["accountD2"], admin=True, domainid=cls.user_domain.id) # Create small service offering cls.service_offering = ServiceOffering.create( cls.apiclient, cls.testdata["service_offerings"]["small"]) cls._cleanup.append(cls.service_offering) cls.services["network"]["zoneid"] = cls.zone.id cls.network_offering = NetworkOffering.create( cls.apiclient, cls.services["network_offering"], ) # Enable Network offering cls.network_offering.update(cls.apiclient, state='Enabled') cls._cleanup.append(cls.network_offering) cls.testdata["virtual_machine"]["zoneid"] = cls.zone.id cls.testdata["virtual_machine"]["template"] = cls.template.id if cls.zone.securitygroupsenabled: # Enable networking for reaching to VM thorugh SSH security_group = SecurityGroup.create( cls.apiclient, cls.testdata["security_group"], account=cls.account1.name, domainid=cls.account1.domainid) # Authorize Security group to SSH to VM ingress_rule = security_group.authorize( cls.apiclient, cls.testdata["ingress_rule"], account=cls.account1.name, domainid=cls.account1.domainid) # Authorize Security group to SSH to VM ingress_rule2 = security_group.authorize( cls.apiclient, cls.testdata["ingress_rule_ICMP"], account=cls.account1.name, domainid=cls.account1.domainid) cls.testdata["shared_network_offering_sg"]["specifyVlan"] = 'True' cls.testdata["shared_network_offering_sg"]["specifyIpRanges"] = 'True' cls.shared_network_offering = NetworkOffering.create( cls.apiclient, cls.testdata["shared_network_offering_sg"], conservemode=False) NetworkOffering.update(cls.shared_network_offering, cls.apiclient, id=cls.shared_network_offering.id, state="enabled") physical_network, vlan = get_free_vlan(cls.apiclient, cls.zone.id) cls.testdata["shared_network_sg"][ "physicalnetworkid"] = physical_network.id random_subnet_number = random.randrange(90, 99) cls.testdata["shared_network_sg"][ "name"] = "Shared-Network-SG-Test-vlan" + str(random_subnet_number) cls.testdata["shared_network_sg"][ "displaytext"] = "Shared-Network-SG-Test-vlan" + str( random_subnet_number) cls.testdata["shared_network_sg"]["vlan"] = "vlan://" + str( random_subnet_number) cls.testdata["shared_network_sg"]["startip"] = "192.168." + str( random_subnet_number) + ".240" cls.testdata["shared_network_sg"]["endip"] = "192.168." + str( random_subnet_number) + ".250" cls.testdata["shared_network_sg"]["gateway"] = "192.168." + str( random_subnet_number) + ".254" cls.network1 = Network.create( cls.apiclient, cls.testdata["shared_network_sg"], networkofferingid=cls.shared_network_offering.id, zoneid=cls.zone.id, accountid=cls.account1.name, domainid=cls.account1.domainid) random_subnet_number = random.randrange(100, 110) cls.testdata["shared_network_sg"][ "name"] = "Shared-Network-SG-Test-vlan" + str(random_subnet_number) cls.testdata["shared_network_sg"][ "displaytext"] = "Shared-Network-SG-Test-vlan" + str( random_subnet_number) cls.testdata["shared_network_sg"]["vlan"] = "vlan://" + str( random_subnet_number) cls.testdata["shared_network_sg"]["startip"] = "192.168." + str( random_subnet_number) + ".240" cls.testdata["shared_network_sg"]["endip"] = "192.168." + str( random_subnet_number) + ".250" cls.testdata["shared_network_sg"]["gateway"] = "192.168." + str( random_subnet_number) + ".254" cls.network2 = Network.create( cls.apiclient, cls.testdata["shared_network_sg"], networkofferingid=cls.shared_network_offering.id, zoneid=cls.zone.id, accountid=cls.account1.name, domainid=cls.account1.domainid) random_subnet_number = random.randrange(111, 120) cls.testdata["shared_network_sg"][ "name"] = "Shared-Network-SG-Test-vlan" + str(random_subnet_number) cls.testdata["shared_network_sg"][ "displaytext"] = "Shared-Network-SG-Test-vlan" + str( random_subnet_number) cls.testdata["shared_network_sg"]["vlan"] = "vlan://" + str( random_subnet_number) cls.testdata["shared_network_sg"]["startip"] = "192.168." + str( random_subnet_number) + ".240" cls.testdata["shared_network_sg"]["endip"] = "192.168." + str( random_subnet_number) + ".250" cls.testdata["shared_network_sg"]["gateway"] = "192.168." + str( random_subnet_number) + ".254" cls.network3 = Network.create( cls.apiclient, cls.testdata["shared_network_sg"], networkofferingid=cls.shared_network_offering.id, zoneid=cls.zone.id, accountid=cls.account1.name, domainid=cls.account1.domainid) try: cls.virtual_machine1 = VirtualMachine.create( cls.apiclient, cls.testdata["virtual_machine"], accountid=cls.account1.name, domainid=cls.account1.domainid, serviceofferingid=cls.service_offering.id, templateid=cls.template.id, securitygroupids=[security_group.id], networkids=cls.network1.id) for nic in cls.virtual_machine1.nic: if nic.isdefault: cls.virtual_machine1.ssh_ip = nic.ipaddress cls.virtual_machine1.default_network_id = nic.networkid break except Exception as e: cls.fail("Exception while deploying virtual machine: %s" % e) try: cls.virtual_machine2 = VirtualMachine.create( cls.apiclient, cls.testdata["virtual_machine"], accountid=cls.account1.name, domainid=cls.account1.domainid, serviceofferingid=cls.service_offering.id, templateid=cls.template.id, securitygroupids=[security_group.id], networkids=[str(cls.network1.id), str(cls.network2.id)]) for nic in cls.virtual_machine2.nic: if nic.isdefault: cls.virtual_machine2.ssh_ip = nic.ipaddress cls.virtual_machine2.default_network_id = nic.networkid break except Exception as e: cls.fail("Exception while deploying virtual machine: %s" % e) cls._cleanup.append(cls.virtual_machine1) cls._cleanup.append(cls.virtual_machine2) cls._cleanup.append(cls.network1) cls._cleanup.append(cls.network2) cls._cleanup.append(cls.network3) cls._cleanup.append(cls.shared_network_offering) if cls.zone.securitygroupsenabled: cls._cleanup.append(security_group) cls._cleanup.append(cls.account1) cls._cleanup.append(cls.user_domain)
def test_01_list_securitygroups_pagination(self): """ @Desc: Test to List Security Groups pagination @steps: Step1: Listing all the Security Groups for a user Step2: Verifying that list size is 1 Step3: Creating (page size) number of Security Groups Step4: Listing all the Security Groups again for a user Step5: Verifying that list size is (page size + 1) Step6: Listing all the Security Groups in page1 Step7: Verifying that list size is (page size) Step8: Listing all the Security Groups in page2 Step9: Verifying that list size is 1 Step10: Deleting the Security Group present in page 2 Step11: Listing all the Security Groups in page2 Step12: Verifying that no security groups are listed """ # Listing all the Security Groups for a User list_securitygroups_before = SecurityGroup.list( self.userapiclient, listall=self.services["listall"]) # Verifying that default security group is created status = validateList(list_securitygroups_before) self.assertEqual(PASS, status[0], "Default Security Groups creation failed") # Verifying the size of the list is 1 self.assertEqual(1, len(list_securitygroups_before), "Count of Security Groups list is not matching") # Creating pagesize number of security groups for i in range(0, (self.services["pagesize"])): securitygroup_created = SecurityGroup.create( self.userapiclient, self.services["security_group"], account=self.account.name, domainid=self.domain.id, description=self.services["security_group"]["name"]) self.assertIsNotNone(securitygroup_created, "Security Group creation failed") if (i < self.services["pagesize"]): self.cleanup.append(securitygroup_created) # Listing all the security groups for user again list_securitygroups_after = SecurityGroup.list( self.userapiclient, listall=self.services["listall"]) status = validateList(list_securitygroups_after) self.assertEqual(PASS, status[0], "Security Groups creation failed") # Verifying that list size is pagesize + 1 self.assertEqual( self.services["pagesize"] + 1, len(list_securitygroups_after), "Failed to create pagesize + 1 number of Security Groups") # Listing all the security groups in page 1 list_securitygroups_page1 = SecurityGroup.list( self.userapiclient, listall=self.services["listall"], page=1, pagesize=self.services["pagesize"]) status = validateList(list_securitygroups_page1) self.assertEqual(PASS, status[0], "Failed to list security groups in page 1") # Verifying the list size to be equal to pagesize self.assertEqual(self.services["pagesize"], len(list_securitygroups_page1), "Size of security groups in page 1 is not matching") # Listing all the security groups in page 2 list_securitygroups_page2 = SecurityGroup.list( self.userapiclient, listall=self.services["listall"], page=2, pagesize=self.services["pagesize"]) status = validateList(list_securitygroups_page2) self.assertEqual(PASS, status[0], "Failed to list security groups in page 2") # Verifying the list size to be equal to pagesize self.assertEqual(1, len(list_securitygroups_page2), "Size of security groups in page 2 is not matching") # Deleting the security group present in page 2 SecurityGroup.delete(securitygroup_created, self.userapiclient) self.cleanup.remove(securitygroup_created) # Listing all the security groups in page 2 again list_securitygroups_page2 = SecurityGroup.list( self.userapiclient, listall=self.services["listall"], page=2, pagesize=self.services["pagesize"]) # Verifying that there are no security groups listed self.assertIsNone(list_securitygroups_page2, "Security Groups not deleted from page 2") return