def testBasicPolicy(testbed, numContainer, numIter):
for iter in range(numIter):
tenant = objmodel.tenant('default')
network = tenant.newNetwork('private')
# Create policy
policy = tenant.newPolicy('first')
# create default deny Rule
policy.addRule('1', direction="in", protocol="tcp", action="deny")
# Create allow port 8000 Rule
policy.addRule('2', direction="in", priority=100, protocol="tcp", port=8000, action="accept")
# Add the policy to epg
groups = []
for cntIdx in range(numContainer):
nodeIdx = cntIdx % testbed.numNodes()
epgName = "srv" + str(cntIdx)
group = network.newGroup(epgName, policies=["first"])
groups.append(group)
# start containers
containers = testbed.runContainers(numContainer, withService=True)
# start netcast listeners
testbed.startListeners(containers, [8000, 8001])
# Check connection to all containers
if testbed.checkConnections(containers, 8000, True) != True:
testbedApi.exit("Connection failed")
if testbed.checkConnections(containers, 8001, False) != False:
testbedApi.exit("Connection succeded while expecting it to fail")
# stop netcast listeners
testbed.stopListeners(containers)
# remove containers
testbed.removeContainers(containers)
# Remove policy from epg
for group in groups:
group.removePolicy("first")
# delete epg
for cntIdx in range(numContainer):
nodeIdx = cntIdx % testbed.numNodes()
epgName = "srv" + str(cntIdx)
network.deleteGroup(epgName)
# Remove the policy and rules
policy.deleteRule('1')
policy.deleteRule('2')
tenant.deletePolicy('first')
testbedApi.info("testBasicPolicy Iteration " + str(iter) + " passed")
testbedApi.info("testBasicPolicy Test passed")
def cleanupPolicies(numPolicy, numRulesPerPolicy):
tenant = objmodel.tenant('default')
for pid in range(numPolicy):
pname = 'policy' + str(pid + 1)
policy = tenant.newPolicy(pname)
# Remove policy from epg and delete epg
epgName = "srv" + str(pid) + ".private"
group = tenant.newGroup(epgName, policies=[])
tenant.deleteGroup(epgName)
# Remove the policy and rules
tenant.deletePolicy(pname)
def cleanupPolicies(numPolicy, numRulesPerPolicy):
tenant = objmodel.tenant('default')
for pid in range(numPolicy):
pname = 'policy' + str(pid + 1)
policy = tenant.newPolicy(pname)
# Remove policy from epg and delete epg
epgName = "srv" + str(pid) + ".private"
group = tenant.newGroup(epgName, policies=[])
tenant.deleteGroup(epgName)
# Remove the policy and rules
tenant.deletePolicy(pname)
def createPolicies(numPolicy, numRulesPerPolicy):
tenant = objmodel.tenant('default')
for pid in range(numPolicy):
pname = 'policy' + str(pid + 1)
# Create policy
policy = tenant.newPolicy(pname)
# create default deny Rule
policy.addRule('1', direction="in", protocol="tcp", action="deny")
# Create Rules
for rid in range(numRulesPerPolicy):
# Create allow port xxx Rule
policy.addRule(str(2 + rid), direction="in", priority=10, protocol="tcp", port=(8000 + rid), action="accept")
# Add the policy to epg
epgName = "srv" + str(pid) + ".private"
group = tenant.newGroup(epgName, policies=[pname])
def createPolicies(numPolicy, numRulesPerPolicy):
tenant = objmodel.tenant('default')
for pid in range(numPolicy):
pname = 'policy' + str(pid + 1)
# Create policy
policy = tenant.newPolicy(pname)
# create default deny Rule
policy.addRule('1', direction="in", protocol="tcp", action="deny")
# Create Rules
for rid in range(numRulesPerPolicy):
# Create allow port xxx Rule
policy.addRule(str(2 + rid),
direction="in",
priority=10,
protocol="tcp",
port=(8000 + rid),
action="accept")
# Add the policy to epg
epgName = "srv" + str(pid) + ".private"
group = tenant.newGroup(epgName, policies=[pname])
def testPolicyAddDeleteRule(testbed, numContainer, numIter):
tenant = objmodel.tenant('default')
# Create policy
policy = tenant.newPolicy('first')
# create default deny Rule
policy.addRule('1', direction="both", protocol="tcp", action="deny")
# Create allow port 8000 Rule
policy.addRule('2', direction="in", priority=100, protocol="tcp", port=8000, action="accept")
# Add the policy to epg
groups = []
for cntIdx in range(numContainer):
nodeIdx = cntIdx % testbed.numNodes()
epgName = "srv" + str(cntIdx) + ".private"
group = tenant.newGroup(epgName, policies=["first"])
groups.append(group)
# start containers
containers = testbed.runContainers(numContainer)
# start netcast listeners
testbed.startListeners(containers, [8000, 8001])
# Check connection to all containers
if testbed.checkConnections(containers, 8000, True) != True:
testbedApi.exit("Connection failed")
if testbed.checkConnections(containers, 8001, False) != False:
testbedApi.exit("Connection succeded while expecting it to fail")
for iter in range(numIter):
# Add a rule for port 8001
policy.addRule('3', direction="in", priority=100, protocol="tcp", port=8001, action="accept")
# now check connection passes
if testbed.checkConnections(containers, 8000, True) != True:
testbedApi.exit("Connection failed")
if testbed.checkConnections(containers, 8001, True) != True:
testbedApi.exit("Connection failed to port 8001")
# Now delete the Rule
policy.deleteRule('3')
# Now verify connection fails
if testbed.checkConnections(containers, 8000, True) != True:
testbedApi.exit("Connection failed")
if testbed.checkConnections(containers, 8001, False) != False:
testbedApi.exit("Connection succeded while expecting it to fail")
testbedApi.info("testPolicyAddDeleteRule Iteration " + str(iter) + " Passed")
# stop netcast listeners
testbed.stopListeners(containers)
# remove containers
testbed.removeContainers(containers)
# Remove policy from epg
for group in groups:
group.removePolicy("first")
# Remove the policy and rules
policy.deleteRule('1')
policy.deleteRule('2')
tenant.deletePolicy('first')
testbedApi.info("testPolicyAddDeleteRule Test passed")
def testPolicyFromEpg(testbed, numContainer, numIter):
for iter in range(numIter):
tenant = objmodel.tenant('default')
network = tenant.newNetwork('private')
# Create common epg
network.newGroup('common')
# Add the policy to epg
groups = []
for cntIdx in range(numContainer):
nodeIdx = cntIdx % testbed.numNodes()
srvName = "srv" + str(cntIdx)
# Create policy for each service
policy = tenant.newPolicy(srvName)
# create default deny Rule
policy.addRule('1', direction="in", protocol="tcp", action="deny")
# Create allow port 8000 Rule
policy.addRule('2', direction="in", priority=100, protocol="tcp", port=8000, action="accept")
# Create allow from 'common' epg rule
policy.addRule('3', direction="in", priority=100, endpointGroup="common", network='private', protocol="tcp", port=8001, action="accept")
group = network.newGroup(srvName, policies=[srvName])
groups.append(group)
# start containers
containers = testbed.runContainers(numContainer, withService=True)
# Start containers in common Epg
cmnContainers = testbed.runContainersInService(numContainer, serviceName='common')
# start netcast listeners
testbed.startListeners(containers, [8000, 8001])
# Check connection to all containers
if testbed.checkConnections(containers, 8000, True) != True:
testbedApi.exit("Connection failed")
if testbed.checkConnections(containers, 8001, False) != False:
testbedApi.exit("Connection succeded while expecting it to fail")
if testbed.checkConnectionPair(cmnContainers, containers, 8001, True) != True:
testbedApi.exit("Connection failed")
# stop netcast listeners
testbed.stopListeners(containers)
# remove containers
testbed.removeContainers(containers)
testbed.removeContainers(cmnContainers)
# delete epg
for cntIdx in range(numContainer):
nodeIdx = cntIdx % testbed.numNodes()
srvName = "srv" + str(cntIdx)
network.deleteGroup(srvName)
tenant.deletePolicy(srvName)
testbedApi.info("testPolicyFromEpg Iteration " + str(iter) + " passed")
testbedApi.info("testPolicyFromEpg Test passed")
def testBasicPolicy(testbed, numContainer, numIter):
for iter in range(numIter):
tenant = objmodel.tenant('default')
network = tenant.newNetwork('private')
# Create policy
policy = tenant.newPolicy('first')
# create default deny Rule
policy.addRule('1', direction="in", protocol="tcp", action="deny")
# Create allow port 8000 Rule
policy.addRule('2',
direction="in",
priority=100,
protocol="tcp",
port=8000,
action="accept")
# Add the policy to epg
groups = []
for cntIdx in range(numContainer):
nodeIdx = cntIdx % testbed.numNodes()
epgName = "srv" + str(cntIdx)
group = network.newGroup(epgName, policies=["first"])
groups.append(group)
# start containers
containers = testbed.runContainers(numContainer, withService=True)
# start netcast listeners
testbed.startListeners(containers, [8000, 8001])
# Check connection to all containers
if testbed.checkConnections(containers, 8000, True) != True:
testbedApi.exit("Connection failed")
if testbed.checkConnections(containers, 8001, False) != False:
testbedApi.exit("Connection succeded while expecting it to fail")
# stop netcast listeners
testbed.stopListeners(containers)
# remove containers
testbed.removeContainers(containers)
# Remove policy from epg
for group in groups:
group.removePolicy("first")
# delete epg
for cntIdx in range(numContainer):
nodeIdx = cntIdx % testbed.numNodes()
epgName = "srv" + str(cntIdx)
network.deleteGroup(epgName)
# Remove the policy and rules
policy.deleteRule('1')
policy.deleteRule('2')
tenant.deletePolicy('first')
testbedApi.info("testBasicPolicy Iteration " + str(iter) + " passed")
testbedApi.info("testBasicPolicy Test passed")
def testPolicyFromEpg(testbed, numContainer, numIter):
for iter in range(numIter):
tenant = objmodel.tenant('default')
network = tenant.newNetwork('private')
# Create common epg
network.newGroup('common')
# Add the policy to epg
groups = []
for cntIdx in range(numContainer):
nodeIdx = cntIdx % testbed.numNodes()
srvName = "srv" + str(cntIdx)
# Create policy for each service
policy = tenant.newPolicy(srvName)
# create default deny Rule
policy.addRule('1', direction="in", protocol="tcp", action="deny")
# Create allow port 8000 Rule
policy.addRule('2',
direction="in",
priority=100,
protocol="tcp",
port=8000,
action="accept")
# Create allow from 'common' epg rule
policy.addRule('3',
direction="in",
priority=100,
endpointGroup="common",
network='private',
protocol="tcp",
port=8001,
action="accept")
group = network.newGroup(srvName, policies=[srvName])
groups.append(group)
# start containers
containers = testbed.runContainers(numContainer, withService=True)
# Start containers in common Epg
cmnContainers = testbed.runContainersInService(numContainer,
serviceName='common')
# start netcast listeners
testbed.startListeners(containers, [8000, 8001])
# Check connection to all containers
if testbed.checkConnections(containers, 8000, True) != True:
testbedApi.exit("Connection failed")
if testbed.checkConnections(containers, 8001, False) != False:
testbedApi.exit("Connection succeded while expecting it to fail")
if testbed.checkConnectionPair(cmnContainers, containers, 8001,
True) != True:
testbedApi.exit("Connection failed")
# stop netcast listeners
testbed.stopListeners(containers)
# remove containers
testbed.removeContainers(containers)
testbed.removeContainers(cmnContainers)
# delete epg
for cntIdx in range(numContainer):
nodeIdx = cntIdx % testbed.numNodes()
srvName = "srv" + str(cntIdx)
network.deleteGroup(srvName)
tenant.deletePolicy(srvName)
testbedApi.info("testPolicyFromEpg Iteration " + str(iter) + " passed")
testbedApi.info("testPolicyFromEpg Test passed")
#!/usr/bin/python
# synthesizer
import testbedApi
import time
import sys
import objmodel
import threading
def sleepMs(ms):
time.sleep (ms / 1000.0);
# Get the tenant
tenant = objmodel.tenant('default')
# Create policy
tenant.newPolicy('1111111111')
tenant.newPolicy('2222222222')
tenant.newPolicy('3333333333')
tenant.newPolicy('4444444444')
tenant.newPolicy('5555555555')
tenant.newPolicy('6666666666')
tenant.newPolicy('7777777777')
tenant.newPolicy('8888888888')
# Create Groups
g0 = tenant.newGroup("0group0", networkName="private", policies=["1111111111", "2222222222", "3333333333", "4444444444", "5555555555", "6666666666", "7777777777", "8888888888"])
numGroups = 8
stepDelay = 600.0
#!/usr/bin/python
# synthesizer
import testbedApi
import time
import sys
import objmodel
import threading
def sleepMs(ms):
time.sleep(ms / 1000.0)
# Get the tenant
tenant = objmodel.tenant('default')
# Create policy
tenant.newPolicy('1111111111')
tenant.newPolicy('2222222222')
tenant.newPolicy('3333333333')
tenant.newPolicy('4444444444')
tenant.newPolicy('5555555555')
tenant.newPolicy('6666666666')
tenant.newPolicy('7777777777')
tenant.newPolicy('8888888888')
# Create Groups
g0 = tenant.newGroup("0group0",
networkName="private",
policies=[
