def test_outdated_with_filtered_deletions(self): _, _, _, _, os_port_parent, _ = self.port_fixture() provider = provider_nsx_mgmt.Provider() meta = provider.network_realize( os_port_parent['vif_details']['segmentation_id']) os_port_parent['vif_details']['nsx-logical-switch-id'] = meta.id provider.port_realize(os_port_parent) meta_p = provider.meta_provider(provider.PORT) provider.port_realize(os_port_parent, delete=True) cfg.CONF.NSXV3.nsxv3_remove_orphan_ports_after = 1000 outdated, _ = provider.outdated( provider.PORT, {os_port_parent['id']: os_port_parent['revision_number']}) self.assertEquals(len(outdated), 0) outdated, _ = provider.outdated(provider.PORT, {}) self.assertEquals(len(outdated), 0) cfg.CONF.NSXV3.nsxv3_remove_orphan_ports_after = 0 outdated, _ = provider.outdated(provider.PORT, {}) self.assertEquals(len(outdated), 1) provider.port_realize(os_port_parent, delete=True) self.assertEquals(len(meta_p.meta.keys()), 0)
def test_security_group_rules_service_udp_any_port(self): sg = { "id": "53C33142-3607-4CB2-B6E4-FA5F5C9E3C19", "revision_number": 2, "tags": ["capability_tcp_strict"], "rules": [] } rule = { "id": "9961B0AE-53EC-4E54-95B6-2F440D243F7B", "ethertype": "IPv6", "direction": "egress", "remote_ip_prefix": "", "remote_group_id": "34B87931-F273-4C6D-96D0-B3979E30254A", "security_group_id": "ED75FC68-69BB-4034-A6E9-A7586792B229", "protocol": "udp" } sg["rules"].append(rule) provider_nsx_mgmt.Provider().sg_rules_realize(sg) inv = self.inventory.inv sg_section = self.get_by_name(inv[Inventory.SECTIONS], sg["id"]) sg_rule = self.get_by_name( sg_section.get("_", {}).get("rules", {}), rule["id"]) self.assertEquals( sg_rule["services"][0]["service"]["destination_ports"], ["1-65535"])
def test_port_delete(self): provider_port, os_sg, _, os_qos, os_port_parent, os_port_child = self.port_fixture( ) # Port crated via Nova machine provisioning provider_port = requests.post(get_url("/api/v1/logical-ports"), data=json.dumps(provider_port)).json() provider = provider_nsx_mgmt.Provider() provider.sg_rules_realize(os_sg) provider.qos_realize(os_qos) provider.port_realize(os_port_parent) provider.port_realize(os_port_child) meta_parent_port = provider.metadata(provider.PORT, os_port_parent.get("id")).id meta_child_port = provider.metadata(provider.PORT, os_port_child.get("id")).id self.assertEquals(len(self.inventory.inv[Inventory.PORTS].keys()), 2) self.assertNotEqual(meta_parent_port, None) self.assertNotEqual(meta_child_port, None) provider.port_realize(os_port_child, delete=True) provider.port_realize(os_port_parent, delete=True) self.assertEquals(list(self.inventory.inv[Inventory.PORTS].keys()), [meta_parent_port])
def test_port_child_create(self): provider_port, os_sg, _, os_qos, os_port_parent, os_port_child = self.port_fixture( ) # Port crated via Nova machine provisioning provider_port = requests.post(get_url("/api/v1/logical-ports"), data=json.dumps(provider_port)).json() provider = provider_nsx_mgmt.Provider() provider.sg_rules_realize(os_sg) provider.qos_realize(os_qos) provider.port_realize(os_port_parent) provider.port_realize(os_port_child) meta_port = provider.metadata(provider.PORT, os_port_child.get("id")) self.assertEquals(meta_port.rev, os_port_child.get("revision_number")) provider_port = requests.get( get_url("/api/v1/logical-ports/{}".format(meta_port.id))).json() self.assertEquals( provider_port.get("attachment").get("id"), os_port_child.get("id")) self.assertEquals(provider_port.get("address_bindings"), os_port_child.get("address_bindings")) self.assertEquals([self.get_tag(provider_port, "security_group")], os_port_child.get("security_groups")) self.assertEquals(self.get_tag(provider_port, "revision_number"), os_port_child.get("revision_number"))
def test_migration_rollback(self): responses.reset() responses.add(method=responses.GET, match_querystring=True, url=re.compile(r"(.*)/status-summary\?component_type=MP_TO_POLICY_MIGRATION"), status=200, json={"overall_migration_status": "FAIL"}) self._register_api_responses() _, _, _, _, os_port_parent, _ = self.port_fixture() migr_provider = mp_to_policy_migration.Provider() mngr_provider = provider_nsx_mgmt.Provider() mngr_meta = mngr_provider.port_realize(os_port_parent) inv = self.inventory.inv[Inventory.PORTS] mngr_port: dict = self.get_by_name(inv, os_port_parent.get("id")) try: with patch.object(mp_to_policy_migration.Provider, '_try_rollback') as _try_rollback_mock: migr_provider.migrate_ports([mngr_port.get("id")]) except RuntimeError as e: self.assertEqual(True, "Migration status check FAILED" in str(e)) _try_rollback_mock.assert_called_once_with(migr_data={ 'migration_data': [{ 'type': 'LOGICAL_PORT', 'resource_ids': [ { 'manager_id': mngr_meta.id, 'policy_id': mngr_meta.id } ]}]}) return assert False
def test_security_group_rules_service_ip_protocol(self): sg = { "id": "53C33142-3607-4CB2-B6E4-FA5F5C9E3C19", "revision_number": 2, "tags": ["capability_tcp_strict"], "rules": [] } rule_hopopt = { "id": "1", "ethertype": "", "direction": "ingress", "remote_group_id": "", "remote_ip_prefix": "192.168.10.0/24", "security_group_id": "", "port_range_min": "", "port_range_max": "", "protocol": "hopopt", } rule_0 = { "id": "2", "ethertype": "", "direction": "ingress", "remote_group_id": "", "remote_ip_prefix": "192.168.10.0/24", "security_group_id": "", "port_range_min": "", "port_range_max": "", "protocol": "0", } sg["rules"].append(rule_hopopt) sg["rules"].append(rule_0) provider_nsx_mgmt.Provider().sg_rules_realize(sg) inv = self.inventory.inv sg_section = self.get_by_name(inv[Inventory.SECTIONS], sg["id"]) sg_rule_hopopt = self.get_by_name( sg_section.get("_", {}).get("rules", {}), rule_hopopt["id"]) sg_rule_hopopt_service = sg_rule_hopopt.get("services")[0].get( "service") self.assertEquals(sg_rule_hopopt_service, { "resource_type": "IPProtocolNSService", "protocol_number": 0 }) sg_rule_0 = self.get_by_name( sg_section.get("_", {}).get("rules", {}), rule_0["id"]) sg_rule_0_service = sg_rule_0.get("services")[0].get("service") self.assertEquals(sg_rule_0_service, { "resource_type": "IPProtocolNSService", "protocol_number": 0 })
def test_security_group_rules_create(self): sg = ({ "id": "53C33142-3607-4CB2-B6E4-FA5F5C9E3C19", "revision_number": 2, "tags": ["capability_tcp_strict"], "rules": [] }, { "resource_type": "FirewallSection", "display_name": "53C33142-3607-4CB2-B6E4-FA5F5C9E3C19", "tags": [{ "scope": "revision_number", "tag": 2 }], "tcp_strict": True }, { "resource_type": "NSGroup", "display_name": "53C33142-3607-4CB2-B6E4-FA5F5C9E3C19", "membership_criteria": [{ "target_type": "LogicalPort", "tag_op": "EQUALS", "scope_op": "EQUALS", "tag": "53C33142-3607-4CB2-B6E4-FA5F5C9E3C19", "scope": "security_group", "resource_type": "NSGroupTagExpression" }], "tags": [{ "scope": "revision_number", "tag": 2 }] }) provider_nsx_mgmt.Provider().sg_rules_realize(sg[0]) inv = self.inventory.inv sg_section = self.get_by_name(inv[Inventory.SECTIONS], sg[0]["id"]) for k, v in sg[1].items(): if k == "tags": tags = set([(t["scope"], t["tag"]) for t in sg_section.get(k, dict())]) tags_exp = set([(t["scope"], t["tag"]) for t in sg[1].get(k)]) self.assertEquals(tags_exp.intersection(tags), tags_exp) else: self.assertEquals(sg_section.get(k), sg[1].get(k)) sg_nsgroup = self.get_by_name(inv[Inventory.NSGROUPS], sg[0]["id"]) for k, v in sg[2].items(): if k == "tags": tags = set([(t["scope"], t["tag"]) for t in sg_nsgroup.get(k)]) # NS Group should not have revision tag tags_exp = set([(t["scope"], t["tag"]) for t in sg[2].get(k) if t["scope"] != "revision_number"]) self.assertEquals(tags_exp.intersection(tags), tags_exp) else: self.assertEquals(sg_nsgroup.get(k), sg[2].get(k))
def test_create_network(self): segmentation_id = "3200" provider = provider_nsx_mgmt.Provider() meta = provider.network_realize(segmentation_id) inv = self.inventory.inv net = inv[Inventory.SWITCHES].get(meta.id) self.assertEquals(net.get("vlan"), segmentation_id) self.assertEquals(net.get("transport_zone_id"), provider.zone_id) self.assertEquals(net.get("display_name"), "{}-{}".format(provider.zone_name, segmentation_id))
def test_bulk_migration(self): _, _, _, os_qos, os_port_parent, _ = self.port_fixture() migr_provider = mp_to_policy_migration.Provider() mngr_provider = provider_nsx_mgmt.Provider() plcy_provider = provider_nsx_policy.Provider() mngr_provider.qos_realize(os_qos) mngr_net_meta = mngr_provider.network_realize(3200) os_port_parent["vif_details"]["nsx-logical-switch-id"] = mngr_net_meta.id mngr_port_meta = mngr_provider.port_realize(os_port_parent) mngr_port_inv = self.inventory.inv[Inventory.PROFILES] mngr_qos: dict = self.get_by_name(mngr_port_inv, os_qos.get("id")) pb = mp_to_policy_migration.PayloadBuilder() payload = pb\ .sw_profiles([(mngr_qos.get("id"), "QosSwitchingProfile")])\ .switch(mngr_net_meta.id)\ .ports([mngr_port_meta.id])\ .build() migr_provider.migrate_bulk(payload) plcy_provider.metadata_refresh(plcy_provider.SEGMENT) plcy_net_meta = plcy_provider.network_realize(3200) mngr_net_inv = self.inventory.inv[Inventory.SWITCHES] plcy_net_inv = self.inventory.inv[Inventory.SEGMENTS] mngr_port_inv = self.inventory.inv[Inventory.PORTS] mngr_net: dict = mngr_net_inv.get(mngr_net_meta.id) plcy_net: dict = plcy_net_inv.get(plcy_net_meta.id) prfls = plcy_provider.get_non_default_switching_profiles() mngr_port: dict = self.get_by_name(mngr_port_inv, os_port_parent.get("id")) plcy_port = plcy_provider.get_port(os_port_parent.get("id"))[1] policy_qos_profile = prfls[0] self.assertEqual(os_qos.get("id"), policy_qos_profile.get("display_name")) self.assertEqual("QoSProfile", policy_qos_profile.get("resource_type")) self.assertEqual(mngr_qos.get("id"), policy_qos_profile.get("id")) self.assertEqual("nsx_policy", mngr_qos.get("_create_user")) self.assertEqual(mngr_qos.get("tags"), policy_qos_profile.get("tags")) self.assertEqual(os_port_parent.get("id"), plcy_port.get("display_name")) self.assertEqual("SegmentPort", plcy_port.get("resource_type")) self.assertEqual(mngr_port.get("id"), plcy_port.get("id")) self.assertEqual("nsx_policy", mngr_port.get("_create_user")) self.assertEqual(mngr_port.get("tags"), plcy_port.get("tags")) self.assertEqual(mngr_net_meta.id, plcy_net_meta.id) self.assertEqual(mngr_net.get("id"), plcy_net.get("id")) self.assertEqual(mngr_net.get("display_name"), plcy_net.get("display_name")) self.assertEqual(True, str(mngr_net.get("vlan")) in plcy_net.get("vlan_ids")) self.assertEqual("Segment", plcy_net.get("resource_type")) self.assertEqual("LogicalSwitch", mngr_net.get("resource_type")) self.assertEqual("nsx_policy", mngr_net.get("_create_user"))
def test_security_group_stateful(self): sg1 = {"id": str(uuid.uuid4()), "revision_number": 2, "rules": []} sg2 = dict(sg1, **{'id': str(uuid.uuid4()), "stateful": False}) provider = provider_nsx_mgmt.Provider() provider.sg_rules_realize(sg1) provider.sg_rules_realize(sg2) inv = self.inventory.inv self.assertTrue( self.get_by_name(inv[Inventory.SECTIONS], sg1["id"]).get("stateful")) self.assertFalse( self.get_by_name(inv[Inventory.SECTIONS], sg2["id"]).get("stateful"))
def test_provider_initialization(self): provider_nsx_mgmt.Provider() profiles = self.inventory.inv.get(Inventory.PROFILES) sgp = cfg.CONF.NSXV3.nsxv3_spoof_guard_switching_profile ipp = cfg.CONF.NSXV3.nsxv3_ip_discovery_switching_profile self.assertEquals(len(profiles), 2) realized_profiles = [ profiles.get(key).get("display_name") for key in profiles.keys() ] self.assertIn(sgp, realized_profiles) self.assertIn(ipp, realized_profiles)
def test_qos_create(self): os_qos = { "id": "628722EC-B0AA-4AF8-8045-3071BEE00EB2", "revision_number": "3", "name": "test", "rules": [ { "dscp_mark": "5" }, { "direction": "ingress", "max_kbps": "6400", "max_burst_kbps": "128000" }, { "direction": "egress", "max_kbps": "7200", "max_burst_kbps": "256000" }, ] } provider = provider_nsx_mgmt.Provider() provider.qos_realize(os_qos) result = requests.get(get_url("/{}".format(Inventory.PROFILES))).json() qos = self.get_result_by_name(result, os_qos.get("id")) self.assertEquals(qos.get("dscp"), { "priority": 5, "mode": "UNTRUSTED" }) self.assertEquals(qos.get("shaper_configuration"), [{ "average_bandwidth_mbps": 6, "peak_bandwidth_mbps": 12, "enabled": True, "burst_size_bytes": 16384000, "resource_type": "IngressRateShaper" }, { "average_bandwidth_mbps": 7, "peak_bandwidth_mbps": 14, "enabled": True, "burst_size_bytes": 32768000, "resource_type": "EgressRateShaper" }])
def test_security_group_members_creation_compact_ipv6_cidrs(self): sg = ({ "id": "53C33142-3607-4CB2-B6E4-FA5F5C9E3C19", "cidrs": ["fd2e:faa4:fe14:e370:fd2e:faa4:fe14:e370/128"], "revision_number": 2 }, { "resource_type": "IPSet", "ip_addresses": ["fd2e:faa4:fe14:e370:fd2e:faa4:fe14:e370"] }) provider_nsx_mgmt.Provider().sg_members_realize(sg[0]) inv = self.inventory.inv sg_ipset = self.get_by_name(inv[Inventory.IPSETS], sg[0]["id"]) for k, v in sg[1].items(): self.assertEquals(sg_ipset.get(k), sg[1].get(k))
def test_reuse_network(self): segmentation_id = "3200" segmentation_id2 = "3201" provider = provider_nsx_mgmt.Provider() inv = self.inventory.inv meta = provider.network_realize(segmentation_id) self.assertEquals(len(inv[Inventory.SWITCHES]), 1) meta1 = provider.network_realize(segmentation_id) self.assertEquals(len(inv[Inventory.SWITCHES]), 1) self.assertEquals(meta.id, meta1.id) meta = provider.network_realize(segmentation_id2) self.assertEquals(len(inv[Inventory.SWITCHES]), 2)
def test_port_bound_multiple_security_groups(self): provider_port, _, _, _, os_port_parent, _ = self.port_fixture() # Port created via Nova machine provisioning provider_port = requests.post(get_url("/api/v1/logical-ports"), data=json.dumps(provider_port)).json() provider = provider_nsx_mgmt.Provider() provider.port_realize(os_port_parent) provider_port = requests.get( get_url("/api/v1/logical-ports/{}".format( provider_port.get("id")))).json() self.assertEquals(self.get_tag(provider_port, "security_group"), os_port_parent.get("security_groups")) self.assertEquals(len(self.get_tag(provider_port, "security_group")), 2)
def test_security_group_members_delete(self): sg = { "id": "53C33142-3607-4CB2-B6E4-FA5F5C9E3C19", "cidrs": ["172.16.1.1/32"], "revision_number": 2 } inv = self.inventory.inv provider = provider_nsx_mgmt.Provider() provider.sg_members_realize(sg) sg_ipset = self.get_by_name(inv[Inventory.IPSETS], sg["id"]) self.assertNotEqual(sg_ipset, None) provider.sg_members_realize(sg, delete=True) sg_ipset = self.get_by_name(inv[Inventory.IPSETS], sg["id"]) self.assertEquals(sg_ipset, None)
def test_port_migration(self): _, _, _, _, os_port_parent, _ = self.port_fixture() migr_provider = mp_to_policy_migration.Provider() mngr_provider = provider_nsx_mgmt.Provider() plcy_provider = provider_nsx_policy.Provider() mngr_provider.port_realize(os_port_parent) inv = self.inventory.inv[Inventory.PORTS] mngr_port: dict = self.get_by_name(inv, os_port_parent.get("id")) migr_provider.migrate_ports([mngr_port.get("id")]) plcy_port = plcy_provider.get_port(os_port_parent.get("id"))[1] self.assertEqual(os_port_parent.get("id"), plcy_port.get("display_name")) self.assertEqual("SegmentPort", plcy_port.get("resource_type")) self.assertEqual(mngr_port.get("id"), plcy_port.get("id")) self.assertEqual("nsx_policy", mngr_port.get("_create_user")) self.assertEqual(mngr_port.get("tags"), plcy_port.get("tags"))
def test_security_group_rules_service_l4(self): sg = { "id": "53C33142-3607-4CB2-B6E4-FA5F5C9E3C19", "revision_number": 2, "tags": ["capability_tcp_strict"], "rules": [] } rule = { "id": "1", "ethertype": "IPv4", "direction": "ingress", "remote_group_id": "", "remote_ip_prefix": "192.168.10.0/24", "security_group_id": "", "port_range_min": "443", "port_range_max": "443", "protocol": "tcp", } sg["rules"].append(rule) provider_nsx_mgmt.Provider().sg_rules_realize(sg) inv = self.inventory.inv sg_section = self.get_by_name(inv[Inventory.SECTIONS], sg["id"]) sg_rule = self.get_by_name( sg_section.get("_", {}).get("rules", {}), rule["id"]) sg_rule_service = sg_rule.get("services")[0].get("service") self.assertEquals(sg_rule.get("action"), "ALLOW") self.assertEquals(sg_rule.get("ip_protocol"), "IPV4") self.assertEquals(sg_rule.get("direction"), "IN") self.assertEquals(sg_rule.get("destinations"), []) self.assertEquals(sg_rule.get("disabled"), False) self.assertEquals( sg_rule_service, { "resource_type": "L4PortSetNSService", "l4_protocol": "TCP", "source_ports": ["1-65535"], "destination_ports": ["443"] })
def test_security_group_rules_remote_group(self): sg_remote = ({ "id": "53C33142-3607-4CB2-B6E4-FA5F5C9E3C19", "cidrs": [], "revision_number": 0 }) sg = { "id": "53C33142-3607-4CB2-B6E4-FA5F5C9E3C19", "revision_number": 2, "tags": ["capability_tcp_strict"], "rules": [] } rule = { "id": "1", "ethertype": "IPv4", "direction": "ingress", "remote_group_id": sg_remote.get("id"), "remote_ip_prefix": "", "security_group_id": sg.get("id"), "port_range_min": "443", "port_range_max": "443", "protocol": "tcp", } sg["rules"].append(rule) provider = provider_nsx_mgmt.Provider() provider.sg_members_realize(sg_remote) provider.sg_rules_realize(sg) inv = self.inventory.inv sg_section = self.get_by_name(inv[Inventory.SECTIONS], sg["id"]) sg_rule = self.get_by_name( sg_section.get("_", {}).get("rules", {}), rule["id"]) sg_rule_ipset = self.get_by_name( inv[Inventory.IPSETS], sg_rule.get("sources")[0].get("target_display_name")) self.assertEquals(sg_rule_ipset.get("display_name"), sg_remote.get("id"))
def test_outdated(self): sg = [{ "id": str(uuid.uuid4()), "revision_number": 1, "tags": [], "rules": [] }, { "id": str(uuid.uuid4()), "revision_number": 2, "tags": [], "rules": [] }, { "id": str(uuid.uuid4()), "revision_number": 3, "tags": [], "rules": [] }, { "id": str(uuid.uuid4()), "revision_number": 4, "tags": [], "rules": [] }] meta = { sg[0]['id']: "1", # same sg[1]['id']: "3", # updated sg[2]['id']: "8" # updated # 4th was removed => orphaned } provider = provider_nsx_mgmt.Provider() provider.sg_rules_realize(sg[0]) provider.sg_rules_realize(sg[1]) provider.sg_rules_realize(sg[2]) provider.sg_rules_realize(sg[3]) outdated, current = provider.outdated(provider.SG_RULES, meta) LOG.info(json.dumps(self.inventory.inv, indent=4)) self.assertItemsEqual(outdated, [sg[1]['id'], sg[2]['id'], sg[3]['id']]) self.assertItemsEqual(current, [sg[0]['id']])
def test_migrate_sw_profiles_supported_type(self): _, _, _, os_qos, _, _ = self.port_fixture() migr_provider = mp_to_policy_migration.Provider() mngr_provider = provider_nsx_mgmt.Provider() plcy_provider = provider_nsx_policy.Provider() mngr_provider.qos_realize(os_qos) inv = self.inventory.inv[Inventory.PROFILES] mngr_qos: dict = self.get_by_name(inv, os_qos.get("id")) migr_provider.migrate_sw_profiles( not_migrated=[(mngr_qos.get("id"), "QosSwitchingProfile")]) prfls = plcy_provider.get_non_default_switching_profiles() policy_qos_profile = prfls[0] self.assertEqual(os_qos.get("id"), policy_qos_profile.get("display_name")) self.assertEqual("QoSProfile", policy_qos_profile.get("resource_type")) self.assertEqual(mngr_qos.get("id"), policy_qos_profile.get("id")) self.assertEqual("nsx_policy", mngr_qos.get("_create_user")) self.assertEqual(mngr_qos.get("tags"), policy_qos_profile.get("tags"))
def test_security_group_members_update(self): sg = { "id": "53C33142-3607-4CB2-B6E4-FA5F5C9E3C19", "cidrs": ["172.16.1.1/32"], "revision_number": 2 } sgu = { "id": "53C33142-3607-4CB2-B6E4-FA5F5C9E3C19", "cidrs": ["172.16.1.2/16"], "revision_number": 3 } provider = provider_nsx_mgmt.Provider() provider.sg_members_realize(sg) provider.sg_members_realize(sgu) inv = self.inventory.inv sg_ipset = self.get_by_name(inv[Inventory.IPSETS], sg["id"]) self.assertEquals(sg_ipset.get("ip_addresses"), ["172.16.1.2/16"])
def test_port_already_migrated(self): _, _, _, _, os_port_parent, _ = self.port_fixture() migr_provider = mp_to_policy_migration.Provider() mngr_provider = provider_nsx_mgmt.Provider() plcy_provider = provider_nsx_policy.Provider() mngr_provider.port_realize(os_port_parent) inv = self.inventory.inv[Inventory.PORTS] mngr_port: dict = self.get_by_name(inv, os_port_parent.get("id")) migr_provider.migrate_ports([mngr_port.get("id")]) plcy_port = plcy_provider.get_port(os_port_parent.get("id"))[1] self.assertEqual(os_port_parent.get("id"), plcy_port.get("display_name")) try: migr_provider.migrate_ports([mngr_port.get("id")]) except RuntimeError as e: self.assertEqual(True, "Policy Resource already exists" in str(e)) return assert False
def test_qos_delete(self): os_qos = { "id": "628722EC-B0AA-4AF8-8045-3071BEE00EB2", "revision_number": "3", "name": "test", "rules": [{ "dscp_mark": "5" }] } provider = provider_nsx_mgmt.Provider() provider.qos_realize(os_qos) result = requests.get(get_url("/{}".format(Inventory.PROFILES))).json() qos = self.get_result_by_name(result, os_qos.get("id")) self.assertNotEqual(qos, None) provider.qos_realize(os_qos, delete=True) result = requests.get(get_url("/{}".format(Inventory.PROFILES))).json() qos = self.get_result_by_name(result, os_qos.get("id")) self.assertEquals(qos, None)
def test_security_group_members_creation_diverse_cidrs(self): sg = ({ "id": "53C33142-3607-4CB2-B6E4-FA5F5C9E3C19", "cidrs": ["172.16.1.1/32", "172.16.1.2", "172.16.2.0/24", "172.16.5.0/24"], "revision_number": 0 }, { "resource_type": "IPSet", "ip_addresses": ["172.16.1.1", "172.16.1.2", "172.16.2.0/24", "172.16.5.0/24"] }) provider_nsx_mgmt.Provider().sg_members_realize(sg[0]) inv = self.inventory.inv sg_ipset = self.get_by_name(inv[Inventory.IPSETS], sg[0]["id"]) for k, v in sg[1].items(): self.assertEquals(sg_ipset.get(k), sg[1].get(k))
def test_switch_migration(self): migr_provider = mp_to_policy_migration.Provider() mngr_provider = provider_nsx_mgmt.Provider() plcy_provider = provider_nsx_policy.Provider() mngr_meta = mngr_provider.network_realize(10) migr_provider.migrate_switch(mngr_meta.id) plcy_provider.metadata_refresh(plcy_provider.SEGMENT) plcy_meta = plcy_provider.network_realize(10) mngr_inv = self.inventory.inv[Inventory.SWITCHES] plcy_inv = self.inventory.inv[Inventory.SEGMENTS] mngr_net: dict = mngr_inv.get(mngr_meta.id) plcy_net: dict = plcy_inv.get(plcy_meta.id) self.assertEqual(mngr_meta.id, plcy_meta.id) self.assertEqual(mngr_net.get("id"), plcy_net.get("id")) self.assertEqual(mngr_net.get("display_name"), plcy_net.get("display_name")) self.assertEqual(True, str(mngr_net.get("vlan")) in plcy_net.get("vlan_ids")) self.assertEqual("Segment", plcy_net.get("resource_type")) self.assertEqual("LogicalSwitch", mngr_net.get("resource_type")) self.assertEqual("nsx_policy", mngr_net.get("_create_user"))
def test_port_parent_create(self): provider_port, os_sg, os_sg_second, os_qos, os_port_parent, _ = self.port_fixture( ) provider_port_attachment = provider_port.get("attachment") # Port created via Nova machine provisioning provider_port = requests.post(get_url("/api/v1/logical-ports"), data=json.dumps(provider_port)).json() provider = provider_nsx_mgmt.Provider() provider.sg_rules_realize(os_sg) provider.qos_realize(os_qos) provider.port_realize(os_port_parent) meta_port = provider.metadata(provider.PORT, os_port_parent.get("id")) self.assertEquals(meta_port.rev, os_port_parent.get("revision_number")) provider_port = requests.get( get_url("/api/v1/logical-ports/{}".format( provider_port.get("id")))).json() provider_port_attachment.update({ "context": { "resource_type": "VifAttachmentContext", "traffic_tag": "3200", "vif_type": "PARENT" } }) self.assertEquals(provider_port_attachment, provider_port.get("attachment")) self.assertEquals(provider_port.get("address_bindings"), os_port_parent.get("address_bindings")) self.assertEquals(self.get_tag(provider_port, "security_group"), os_port_parent.get("security_groups")) self.assertEquals(self.get_tag(provider_port, "revision_number"), os_port_parent.get("revision_number"))
def test_priveleged_ports(self): cfg.CONF.NSXV3.nsxv3_remove_orphan_ports_after = 0 _, _, _, _, os_port_parent, _ = self.port_fixture() provider = provider_nsx_mgmt.Provider() # Create non-agent managed port/switch meta = provider.network_realize('vmotion') os_port_parent['vif_details']['nsx-logical-switch-id'] = meta.id provider.port_realize(os_port_parent) outdated, _ = provider.outdated(provider.PORT, {}) self.assertEquals(len(outdated), 0) # Create agent-managed port/switch meta = provider.network_realize('1234') os_port_parent['vif_details']['nsx-logical-switch-id'] = meta.id provider.port_realize(os_port_parent) # Assume to clean it up outdated, _ = provider.outdated(provider.PORT, {}) self.assertEquals(len(outdated), 1)
def test_security_group_rules_delete(self): sg = { "id": "53C33142-3607-4CB2-B6E4-FA5F5C9E3C19", "revision_number": 2, "tags": ["capability_tcp_strict"], "rules": [], } provider = provider_nsx_mgmt.Provider() provider.sg_rules_realize(sg) inv = self.inventory.inv sg_section = self.get_by_name(inv[Inventory.SECTIONS], sg.get("id")) self.assertEquals(sg_section.get("display_name"), sg.get("id")) provider.sg_rules_realize(sg, delete=True) sg_section = self.get_by_name(inv[Inventory.SECTIONS], sg.get("id")) self.assertEquals(sg_section, None)
def test_security_group_icmp_generic_rules(self): sg = { "id": str(uuid.uuid4()), "revision_number": 2, "tags": ["capability_tcp_strict"], "rules": [] } rule1 = { "id": str(uuid.uuid4()), "ethertype": "IPv4", "direction": "ingress", "remote_group_id": "", "remote_ip_prefix": "192.168.10.0/24", "security_group_id": "", "port_range_min": None, "port_range_max": None, "protocol": "icmp", } rule2 = { "id": str(uuid.uuid4()), "ethertype": "IPv4", "direction": "ingress", "remote_group_id": "", "remote_ip_prefix": "192.168.10.0/24", "security_group_id": "", "port_range_min": "5", "port_range_max": None, "protocol": "icmp", } rule3 = { "id": str(uuid.uuid4()), "ethertype": "IPv4", "direction": "ingress", "remote_group_id": "", "remote_ip_prefix": "192.168.10.0/24", "security_group_id": "", "port_range_min": "3", "port_range_max": "1", "protocol": "icmp", } # Add rules sg["rules"].append(copy.deepcopy(rule1)) sg["rules"].append(copy.deepcopy(rule2)) sg["rules"].append(copy.deepcopy(rule3)) inv = self.inventory.inv provider = provider_nsx_mgmt.Provider() provider.sg_rules_realize(sg) LOG.info(json.dumps(inv, indent=4)) sg_meta_rules = provider.metadata(provider.SG_RULE, sg.get("id")) self.assertEquals(len(sg_meta_rules.keys()), 3) generic_icmp_expected = [ { "service": { "icmp_code": "", "icmp_type": "", "protocol": "ICMPv4", "resource_type": "ICMPTypeNSService" } }, { "service": { "icmp_code": "", "icmp_type": "5", "protocol": "ICMPv4", "resource_type": "ICMPTypeNSService" } }, { "service": { "icmp_code": "1", "icmp_type": "3", "protocol": "ICMPv4", "resource_type": "ICMPTypeNSService" } }, ] self.assertDictContainsSubset( sg_meta_rules.get(rule1.get("id")).get("services")[0], generic_icmp_expected[0]) self.assertDictContainsSubset( sg_meta_rules.get(rule2.get("id")).get("services")[0], generic_icmp_expected[1]) self.assertDictContainsSubset( sg_meta_rules.get(rule3.get("id")).get("services")[0], generic_icmp_expected[2])