def get_test_stub_vm_by_ip(test_obj, target_ip):
for l3_uuid in test_obj.get_all_l3():
stub_vm = test_obj.get_stub_vm(l3_uuid)
if stub_vm:
if test_lib.lib_get_vm_ip_by_l3(stub_vm.vm, l3_uuid) == target_ip:
return l3_uuid, stub_vm.vm
return None, None
def get_test_stub_vm_by_ip(test_obj, target_ip):
for l3_uuid in test_obj.get_all_l3():
stub_vm = test_obj.get_stub_vm(l3_uuid)
if stub_vm:
if test_lib.lib_get_vm_ip_by_l3(stub_vm.vm, l3_uuid) == target_ip:
return l3_uuid, stub_vm.vm
return None, None
def check(self):
super(zstack_kvm_sg_icmp_ingress_checker, self).check()
test_result = True
nic = test_lib.lib_get_nic_by_uuid(self.nic_uuid)
l3_uuid = nic.l3NetworkUuid
test_util.test_dsc('Check ICMP ingress rules')
if not 'DHCP' in test_lib.lib_get_l3_service_type(l3_uuid):
test_util.test_logger("Skip SG test for [l3:] %s. Since it doesn't provide DHCP service, there isn't stable IP address for testint." % l3_uuid)
return self.judge(self.exp_result)
stub_vm = self.test_obj.get_stub_vm(l3_uuid)
if not stub_vm:
#test_util.test_warn('Did not find test stub vm for [target address:] %s. Skip testing some TCP rules' % target_addr)
test_util.test_warn('Did not find test stub vm for [l3:] %s. Skip testing some TCP rules' % l3_uuid)
return self.judge(self.exp_result)
stub_vm = stub_vm.vm
stub_vm_ip = test_lib.lib_get_vm_nic_by_l3(stub_vm, l3_uuid).ip
target_addr = '%s/32' % stub_vm_ip
test_vm = test_lib.lib_get_vm_by_nic(nic.uuid)
if test_vm.state == inventory.RUNNING:
rules = self.test_obj.get_nic_icmp_ingress_rule_by_addr(self.nic_uuid, target_addr)
target_ip = test_lib.lib_get_vm_ip_by_l3(test_vm, l3_uuid)
if rules:
if test_lib.lib_check_ping(stub_vm, target_ip, no_exception=True):
test_util.test_logger('Check result: [Security Group] pass ICMP ingress rule checking to ping [vm:] %s from [vm:] %s' % (test_vm.uuid, stub_vm.uuid))
else:
test_util.test_logger('Check result: [Security Group] meets failure to ping [vm:] %s from [vm:] %s when checking ICMP ingress rule. ' % (test_vm.uuid, stub_vm.uuid))
test_result = False
else:
if not test_lib.lib_check_ping(stub_vm, target_ip, no_exception=True):
test_util.test_logger('Check result: [Security Group] pass ICMP ingress rule checking to ping [vm:] %s from [vm:] %s. Expected failure.' % (test_vm.uuid, stub_vm.uuid))
else:
test_util.test_logger('Check result: [Security Group] meet failure when checking ICMP ingress rule to ping [vm:] %s from [vm:] %s. Unexpected ping successfully.' % (test_vm.uuid, stub_vm.uuid))
else:
test_util.test_warn('Test [vm:] %s is not running. Skip SG ICMP ingress checker for this vm.' % test_vm.uuid)
test_util.test_logger('Check result: [Security Group] pass ICMP ingress testing for [vm:] %s [nic:] %s' % (test_vm.uuid, self.nic_uuid))
print_iptables(test_vm)
return self.judge(test_result)
def check(self):
super(zstack_vcenter_sg_icmp_ingress_checker, self).check()
test_result = True
nic = test_lib.lib_get_nic_by_uuid(self.nic_uuid)
l3_uuid = nic.l3NetworkUuid
test_util.test_dsc('Check ICMP ingress rules')
if not 'DHCP' in test_lib.lib_get_l3_service_type(l3_uuid):
test_util.test_logger("Skip SG test for [l3:] %s. Since it doesn't provide DHCP service, there isn't stable IP address for testint." % l3_uuid)
return self.judge(self.exp_result)
stub_vm = self.test_obj.get_stub_vm(l3_uuid)
if not stub_vm:
test_util.test_warn('Did not find test stub vm for [target address:] %s. Skip testing some TCP rules' % target_addr)
return self.judge(self.exp_result)
stub_vm = stub_vm.vm
stub_vm_ip = test_lib.lib_get_vm_nic_by_l3(stub_vm, l3_uuid).ip
target_addr = '%s/32' % stub_vm_ip
test_vm = test_lib.lib_get_vm_by_nic(nic.uuid)
if test_vm.state == inventory.RUNNING:
rules = self.test_obj.get_nic_icmp_ingress_rule_by_addr(self.nic_uuid, target_addr)
target_ip = test_lib.lib_get_vm_ip_by_l3(test_vm, l3_uuid)
if rules:
if test_lib.lib_check_ping(stub_vm, target_ip, no_exception=True):
test_util.test_logger('Check result: [Security Group] pass ICMP ingress rule checking to ping [vm:] %s from [vm:] %s' % (test_vm.uuid, stub_vm.uuid))
else:
test_util.test_logger('Check result: [Security Group] meets failure to ping [vm:] %s from [vm:] %s when checking ICMP ingress rule. ' % (test_vm.uuid, stub_vm.uuid))
test_result = False
else:
if not test_lib.lib_check_ping(stub_vm, target_ip, no_exception=True):
test_util.test_logger('Check result: [Security Group] pass ICMP ingress rule checking to ping [vm:] %s from [vm:] %s. Expected failure.' % (test_vm.uuid, stub_vm.uuid))
else:
test_util.test_logger('Check result: [Security Group] meet failure when checking ICMP ingress rule to ping [vm:] %s from [vm:] %s. Unexpected ping successfully.' % (test_vm.uuid, stub_vm.uuid))
else:
test_util.test_warn('Test [vm:] %s is not running. Skip SG ICMP ingress checker for this vm.' % test_vm.uuid)
test_util.test_logger('Check result: [Security Group] pass ICMP ingress testing for [vm:] %s [nic:] %s' % (test_vm.uuid, self.nic_uuid))
print_iptables(test_vm)
return self.judge(test_result)
