def test_repeated_policy_modify(self):
""" Configure policies based on topology; Replace VN's existing policy [same policy name but with different rule set] multiple times and verify.
"""
###
# Get config for test from topology
# very simple topo will do, one vn, one vm, multiple policies with n
# rules
topology_class_name = sdn_single_vm_multiple_policy_topology.sdn_single_vm_multiple_policy_config
self.logger.info("Scenario for the test used is: %s" %
(topology_class_name))
# set project name
try:
# provided by wrapper module if run in parallel test env
topo = topology_class_name(project=self.project.project_name,
username=self.project.username,
password=self.project.password)
except NameError:
topo = topology_class_name()
###
# Test setup: Configure policy, VN, & VM
# return {'result':result, 'msg': err_msg, 'data': [self.topo, config_topo]}
# Returned topo is of following format:
# config_topo= {'policy': policy_fixt, 'vn': vn_fixture, 'vm': vm_fixture}
setup_obj = self.useFixture(sdnTopoSetupFixture(
self.connections, topo))
out = setup_obj.topo_setup()
assertEqual(out['result'], True, out['msg'])
if out['result']:
topo, config_topo = out['data']
###
# Verify [and assert on fail] after setup
# Calling system policy verification, pick any policy fixture to
# access fixture verification
policy_name = topo.policy_list[0]
system_vna_verify_policy(self, config_topo['policy'][policy_name],
topo, 'setup')
###
# Test procedure:
# Test repeated update of a policy attached to a VM
test_vm = topo.vmc_list[0]
test_vn = topo.vn_of_vm[test_vm]
test_vn_fix = config_topo['vn'][test_vn]
test_vn_id = test_vn_fix.vn_id
for policy in topo.policy_list:
# set new policy for test_vn to policy
test_policy_fq_names = []
name = config_topo['policy'][policy].policy_fq_name
test_policy_fq_names.append(name)
state = "policy for %s updated to %s" % (test_vn, policy)
test_vn_fix.bind_policies(test_policy_fq_names, test_vn_id)
# wait for tables update before checking after making changes to
# system
time.sleep(5)
self.logger.info("new policy list of vn %s is %s" %
(test_vn, policy))
# update expected topology with this new info for verification
updated_topo = policy_test_utils.update_topo(topo, test_vn, policy)
system_vna_verify_policy(self, config_topo['policy'][policy],
updated_topo, state)
return True
def test_repeated_policy_modify(self):
""" Configure policies based on topology; Replace VN's existing policy [same policy name but with different rule set] multiple times and verify.
"""
###
# Get config for test from topology
# very simple topo will do, one vn, one vm, multiple policies with n
# rules
topology_class_name = sdn_single_vm_multiple_policy_topology.sdn_single_vm_multiple_policy_config
self.logger.info("Scenario for the test used is: %s" % (topology_class_name))
# set project name
try:
# provided by wrapper module if run in parallel test env
topo = topology_class_name(
project=self.project.project_name, username=self.project.username, password=self.project.password
)
except NameError:
topo = topology_class_name()
###
# Test setup: Configure policy, VN, & VM
# return {'result':result, 'msg': err_msg, 'data': [self.topo, config_topo]}
# Returned topo is of following format:
# config_topo= {'policy': policy_fixt, 'vn': vn_fixture, 'vm': vm_fixture}
setup_obj = self.useFixture(sdnTopoSetupFixture(self.connections, topo))
out = setup_obj.topo_setup()
assertEqual(out["result"], True, out["msg"])
if out["result"]:
topo, config_topo = out["data"]
###
# Verify [and assert on fail] after setup
# Calling system policy verification, pick any policy fixture to
# access fixture verification
policy_name = topo.policy_list[0]
system_vna_verify_policy(self, config_topo["policy"][policy_name], topo, "setup")
###
# Test procedure:
# Test repeated update of a policy attached to a VM
test_vm = topo.vmc_list[0]
test_vn = topo.vn_of_vm[test_vm]
test_vn_fix = config_topo["vn"][test_vn]
test_vn_id = test_vn_fix.vn_id
for policy in topo.policy_list:
# set new policy for test_vn to policy
test_policy_fq_names = []
name = config_topo["policy"][policy].policy_fq_name
test_policy_fq_names.append(name)
state = "policy for %s updated to %s" % (test_vn, policy)
test_vn_fix.bind_policies(test_policy_fq_names, test_vn_id)
# wait for tables update before checking after making changes to
# system
time.sleep(5)
self.logger.info("new policy list of vn %s is %s" % (test_vn, policy))
# update expected topology with this new info for verification
updated_topo = policy_test_utils.update_topo(topo, test_vn, policy)
system_vna_verify_policy(self, config_topo["policy"][policy], updated_topo, state)
return True
def test_policy_modify_vn_policy(self):
""" Configure policies based on topology;
"""
###
# Get config for test from topology
# very simple topo will do, one vn, one vm, one policy, 3 rules
topology_class_name = sdn_single_vm_policy_topology.sdn_single_vm_policy_config
self.logger.info("Scenario for the test used is: %s" %
(topology_class_name))
# set project name
try:
# provided by wrapper module if run in parallel test env
topo = topology_class_name(project=self.project.project_name,
username=self.project.username,
password=self.project.password)
except NameError:
topo = topology_class_name()
###
# Test setup: Configure policy, VN, & VM
# return {'result':result, 'msg': err_msg, 'data': [self.topo, config_topo]}
# Returned topo is of following format:
# config_topo= {'policy': policy_fixt, 'vn': vn_fixture, 'vm': vm_fixture}
setup_obj = self.useFixture(sdnTopoSetupFixture(
self.connections, topo))
out = setup_obj.topo_setup()
assertEqual(out['result'], True, out['msg'])
if out['result']:
topo, config_topo = out['data']
###
# Verify [and assert on fail] after setup
# Calling system policy verification, pick any policy fixture to
# access fixture verification
policy_name = topo.policy_list[0]
system_vna_verify_policy(self, config_topo['policy'][policy_name],
topo, 'setup')
###
# Test procedure:
# Test adding new policy to VN's exiting policy list
state = "add policy: "
test_vm = topo.vmc_list[0]
test_vn = topo.vn_of_vm[test_vm]
# Init test data, take backup of current topology
initial_vn_policy_list = copy.copy(topo.vn_policy[test_vn])
new_policy_to_add = policy_test_utils.get_policy_not_in_vn(
initial_vn_policy_list, topo.policy_list)
if not new_policy_to_add:
result = 'False'
msg = "test %s cannot be run as required config not available in topology; aborting test"
self.logger.info(msg)
assertEqual(result, True, msg)
initial_policy_vn_list = copy.copy(topo.policy_vn[new_policy_to_add])
new_vn_policy_list = copy.copy(initial_vn_policy_list)
new_policy_vn_list = copy.copy(initial_policy_vn_list)
new_vn_policy_list.append(new_policy_to_add)
new_policy_vn_list.append(test_vn)
test_vn_fix = config_topo['vn'][test_vn]
test_vn_id = test_vn_fix.vn_id
# configure new policy
config_topo['policy'][new_policy_to_add] = self.useFixture(
PolicyFixture(policy_name=new_policy_to_add,
rules_list=topo.rules[new_policy_to_add],
inputs=self.inputs,
connections=self.connections))
# get new policy_set to be pushed for the vn
test_policy_fq_names = []
for policy in new_vn_policy_list:
name = config_topo['policy'][policy].policy_fq_name
test_policy_fq_names.append(name)
self.logger.info("adding policy %s to vn %s" %
(new_policy_to_add, test_vn))
test_vn_fix.bind_policies(test_policy_fq_names, test_vn_id)
# wait for tables update before checking after making changes to system
time.sleep(5)
self.logger.info("New policy list of VN %s is %s" %
(test_vn, new_vn_policy_list))
# update expected topology with this new info for verification
topo.vn_policy[test_vn] = new_vn_policy_list
topo.policy_vn[new_policy_to_add] = new_policy_vn_list
system_vna_verify_policy(self,
config_topo['policy'][new_policy_to_add],
topo, state)
# Test unbinding all policies from VN
state = "unbinding all policies"
test_vn_fix.unbind_policies(test_vn_id)
# wait for tables update before checking after making changes to system
time.sleep(5)
current_vn_policy_list = new_vn_policy_list
new_vn_policy_list = []
self.logger.info("New policy list of VN %s is %s" %
(test_vn, new_vn_policy_list))
# update expected topology with this new info for verification
topo.vn_policy[test_vn] = new_vn_policy_list
for policy in current_vn_policy_list:
topo.policy_vn[policy].remove(test_vn)
system_vna_verify_policy(self,
config_topo['policy'][new_policy_to_add],
topo, state)
return True
def test_policy_RT_import_export(self):
''' Test to validate RT imported/exported in control node.
Verification is implemented in vn_fixture to compare fixture route data with the data in control node..
Verification expects test code to compile policy allowed VN info, which is used to validate data in CN.
Test calls get_policy_peer_vns [internally call get_allowed_peer_vns_by_policy for each VN]. This data is
fed to verify_vn_route_target, which internally calls get_rt_info to build expected list. This is compared
against actual by calling cn_ref.get_cn_routing_instance and getting rt info. '''
vn1_name = 'vn40'
vn1_subnets = ['40.1.1.0/24']
vn2_name = 'vn41'
vn2_subnets = ['41.1.1.0/24']
vn3_name = 'vn42'
vn3_subnets = ['42.1.1.0/24']
policy1_name = 'policy1'
policy2_name = 'policy2'
policy3_name = 'policy3'
policy4_name = 'policy4'
# cover all combinations of rules for this test
# 1. both vn's allow each other 2. one vn allows peer, while other denies 3. policy rule doesnt list local vn
# 4. allow or deny any vn is not handled now..
rules = [
{
'direction': '<>',
'simple_action': 'pass',
'protocol': 'icmp',
'source_network': vn1_name,
'dest_network': vn2_name
},
{
'direction': '<>',
'simple_action': 'deny',
'protocol': 'icmp',
'source_network': vn1_name,
'dest_network': vn3_name
},
{
'direction': '<>',
'simple_action': 'pass',
'protocol': 'icmp',
'source_network': vn2_name,
'dest_network': vn3_name
},
{
'direction': '<>',
'simple_action': 'pass',
'protocol': 'icmp',
'source_network': 'any',
'dest_network': vn3_name
},
]
rev_rules2 = [
{
'direction': '<>',
'simple_action': 'pass',
'protocol': 'icmp',
'source_network': vn1_name,
'dest_network': vn3_name,
},
]
rev_rules1 = [
{
'direction': '<>',
'simple_action': 'pass',
'protocol': 'icmp',
'source_network': vn2_name,
'dest_network': vn1_name,
},
]
rules2 = [
{
'direction': '<>',
'simple_action': 'pass',
'protocol': 'icmp',
'source_network': vn3_name,
'dest_network': vn1_name,
},
]
policy1_fixture = self.useFixture(
PolicyFixture(policy_name=policy1_name,
rules_list=rules,
inputs=self.inputs,
connections=self.connections))
policy2_fixture = self.useFixture(
PolicyFixture(policy_name=policy2_name,
rules_list=rev_rules1,
inputs=self.inputs,
connections=self.connections))
policy3_fixture = self.useFixture(
PolicyFixture(policy_name=policy3_name,
rules_list=rules2,
inputs=self.inputs,
connections=self.connections))
policy4_fixture = self.useFixture(
PolicyFixture(policy_name=policy4_name,
rules_list=rev_rules2,
inputs=self.inputs,
connections=self.connections))
vn1_fixture = self.useFixture(
VNFixture(project_name=self.inputs.project_name,
connections=self.connections,
vn_name=vn1_name,
inputs=self.inputs,
subnets=vn1_subnets))
assert vn1_fixture.verify_on_setup()
vn2_fixture = self.useFixture(
VNFixture(project_name=self.inputs.project_name,
connections=self.connections,
vn_name=vn2_name,
inputs=self.inputs,
subnets=vn2_subnets))
assert vn2_fixture.verify_on_setup()
vn3_fixture = self.useFixture(
VNFixture(project_name=self.inputs.project_name,
connections=self.connections,
vn_name=vn3_name,
inputs=self.inputs,
subnets=vn3_subnets))
assert vn3_fixture.verify_on_setup()
self.logger.info("TEST STEP: End of setup")
vn_fixture = {
vn1_name: vn1_fixture,
vn2_name: vn2_fixture,
vn3_name: vn3_fixture
}
vnet_list = [vn1_name, vn2_name, vn3_name]
self.logger.info("TEST STEP: Route verification for VN after setup")
actual_peer_vns_by_policy = policy_test_utils.get_policy_peer_vns(
self, vnet_list, vn_fixture)
for vn in vnet_list:
err_msg_on_fail = "route verification failed for vn %s" % (vn)
assert (vn_fixture[vn].verify_vn_route_target(
policy_peer_vns=actual_peer_vns_by_policy[vn])
), err_msg_on_fail
self.logger.info(
"TEST STEP: Bind policys to VN and verify import and export RT values"
)
policy_fq_name1 = [policy1_fixture.policy_fq_name]
policy_fq_name2 = [policy2_fixture.policy_fq_name]
vn1_fixture.bind_policies(policy_fq_name1, vn1_fixture.vn_id)
vn1_pol = vn1_fixture.get_policy_attached_to_vn()
vn2_fixture.bind_policies(policy_fq_name2, vn2_fixture.vn_id)
vn2_pol = vn2_fixture.get_policy_attached_to_vn()
vn3_fixture.bind_policies([policy3_fixture.policy_fq_name],
vn3_fixture.vn_id)
vn3_pol = vn3_fixture.get_policy_attached_to_vn()
self.logger.info("vn: %s policys: %s" % (vn1_name, vn1_pol))
self.logger.info("vn: %s policys: %s" % (vn2_name, vn2_pol))
self.logger.info("vn: %s policys: %s" % (vn3_name, vn3_pol))
actual_peer_vns_by_policy = policy_test_utils.get_policy_peer_vns(
self, vnet_list, vn_fixture)
for vn in vnet_list:
err_msg_on_fail = "route verification failed for vn %s" % (vn)
out = vn_fixture[vn].verify_vn_route_target(
policy_peer_vns=actual_peer_vns_by_policy[vn])
# control node may not be updated of the config changes right away, as it depends on system load ..
# one scenario being when multiple tests are run in parallel..
# wait & retry one more time if result is not as expected..
if not out:
self.logger.info("wait and verify VN RT again...")
time.sleep(5)
out = vn_fixture[vn].verify_vn_route_target(
policy_peer_vns=actual_peer_vns_by_policy[vn])
assert (out), err_msg_on_fail
self.logger.info(
"TEST STEP: Bind one more policy to VN and verify RT import values updated"
)
vn1_fixture.bind_policies(
[policy1_fixture.policy_fq_name, policy4_fixture.policy_fq_name],
vn1_fixture.vn_id)
actual_peer_vns_by_policy = policy_test_utils.get_policy_peer_vns(
self, vnet_list, vn_fixture)
for vn in vnet_list:
err_msg_on_fail = "route verification failed for vn %s" % (vn)
assert (vn_fixture[vn].verify_vn_route_target(
policy_peer_vns=actual_peer_vns_by_policy[vn])
), err_msg_on_fail
self.logger.info(
"TEST STEP: Unbind policy which was added earlier and verify RT import/export values are updated accordingly"
)
vn1_fixture.unbind_policies(vn1_fixture.vn_id,
[policy4_fixture.policy_fq_name])
vn3_fixture.unbind_policies(vn3_fixture.vn_id,
[policy3_fixture.policy_fq_name])
actual_peer_vns_by_policy = policy_test_utils.get_policy_peer_vns(
self, vnet_list, vn_fixture)
for vn in vnet_list:
err_msg_on_fail = "route verification failed for vn %s" % (vn)
assert (vn_fixture[vn].verify_vn_route_target(
policy_peer_vns=actual_peer_vns_by_policy[vn])
), err_msg_on_fail
return True
def test_policy_modify_vn_policy(self):
""" Configure policies based on topology;
"""
###
# Get config for test from topology
# very simple topo will do, one vn, one vm, one policy, 3 rules
topology_class_name = sdn_single_vm_policy_topology.sdn_single_vm_policy_config
self.logger.info("Scenario for the test used is: %s" % (topology_class_name))
# set project name
try:
# provided by wrapper module if run in parallel test env
topo = topology_class_name(
project=self.project.project_name, username=self.project.username, password=self.project.password
)
except NameError:
topo = topology_class_name()
###
# Test setup: Configure policy, VN, & VM
# return {'result':result, 'msg': err_msg, 'data': [self.topo, config_topo]}
# Returned topo is of following format:
# config_topo= {'policy': policy_fixt, 'vn': vn_fixture, 'vm': vm_fixture}
setup_obj = self.useFixture(sdnTopoSetupFixture(self.connections, topo))
out = setup_obj.topo_setup()
assertEqual(out["result"], True, out["msg"])
if out["result"]:
topo, config_topo = out["data"]
###
# Verify [and assert on fail] after setup
# Calling system policy verification, pick any policy fixture to
# access fixture verification
policy_name = topo.policy_list[0]
system_vna_verify_policy(self, config_topo["policy"][policy_name], topo, "setup")
###
# Test procedure:
# Test adding new policy to VN's exiting policy list
state = "add policy: "
test_vm = topo.vmc_list[0]
test_vn = topo.vn_of_vm[test_vm]
# Init test data, take backup of current topology
initial_vn_policy_list = copy.copy(topo.vn_policy[test_vn])
new_policy_to_add = policy_test_utils.get_policy_not_in_vn(initial_vn_policy_list, topo.policy_list)
if not new_policy_to_add:
result = "False"
msg = "test %s cannot be run as required config not available in topology; aborting test"
self.logger.info(msg)
assertEqual(result, True, msg)
initial_policy_vn_list = copy.copy(topo.policy_vn[new_policy_to_add])
new_vn_policy_list = copy.copy(initial_vn_policy_list)
new_policy_vn_list = copy.copy(initial_policy_vn_list)
new_vn_policy_list.append(new_policy_to_add)
new_policy_vn_list.append(test_vn)
test_vn_fix = config_topo["vn"][test_vn]
test_vn_id = test_vn_fix.vn_id
# configure new policy
config_topo["policy"][new_policy_to_add] = self.useFixture(
PolicyFixture(
policy_name=new_policy_to_add,
rules_list=topo.rules[new_policy_to_add],
inputs=self.inputs,
connections=self.connections,
)
)
# get new policy_set to be pushed for the vn
test_policy_fq_names = []
for policy in new_vn_policy_list:
name = config_topo["policy"][policy].policy_fq_name
test_policy_fq_names.append(name)
self.logger.info("adding policy %s to vn %s" % (new_policy_to_add, test_vn))
test_vn_fix.bind_policies(test_policy_fq_names, test_vn_id)
# wait for tables update before checking after making changes to system
time.sleep(5)
self.logger.info("New policy list of VN %s is %s" % (test_vn, new_vn_policy_list))
# update expected topology with this new info for verification
topo.vn_policy[test_vn] = new_vn_policy_list
topo.policy_vn[new_policy_to_add] = new_policy_vn_list
system_vna_verify_policy(self, config_topo["policy"][new_policy_to_add], topo, state)
# Test unbinding all policies from VN
state = "unbinding all policies"
test_vn_fix.unbind_policies(test_vn_id)
# wait for tables update before checking after making changes to system
time.sleep(5)
current_vn_policy_list = new_vn_policy_list
new_vn_policy_list = []
self.logger.info("New policy list of VN %s is %s" % (test_vn, new_vn_policy_list))
# update expected topology with this new info for verification
topo.vn_policy[test_vn] = new_vn_policy_list
for policy in current_vn_policy_list:
topo.policy_vn[policy].remove(test_vn)
system_vna_verify_policy(self, config_topo["policy"][new_policy_to_add], topo, state)
return True
def test_policy_RT_import_export(self):
''' Test to validate RT imported/exported in control node.
Verification is implemented in vn_fixture to compare fixture route data with the data in control node..
Verification expects test code to compile policy allowed VN info, which is used to validate data in CN.
Test calls get_policy_peer_vns [internally call get_allowed_peer_vns_by_policy for each VN]. This data is
fed to verify_vn_route_target, which internally calls get_rt_info to build expected list. This is compared
against actual by calling cn_ref.get_cn_routing_instance and getting rt info. '''
vn1_name = 'vn40'
vn1_subnets = ['40.1.1.0/24']
vn2_name = 'vn41'
vn2_subnets = ['41.1.1.0/24']
vn3_name = 'vn42'
vn3_subnets = ['42.1.1.0/24']
policy1_name = 'policy1'
policy2_name = 'policy2'
policy3_name = 'policy3'
policy4_name = 'policy4'
# cover all combinations of rules for this test
# 1. both vn's allow each other 2. one vn allows peer, while other denies 3. policy rule doesnt list local vn
# 4. allow or deny any vn is not handled now..
rules = [{'direction': '<>',
'simple_action': 'pass',
'protocol': 'icmp',
'source_network': vn1_name,
'dest_network': vn2_name},
{'direction': '<>',
'simple_action': 'deny',
'protocol': 'icmp',
'source_network': vn1_name,
'dest_network': vn3_name},
{'direction': '<>',
'simple_action': 'pass',
'protocol': 'icmp',
'source_network': vn2_name,
'dest_network': vn3_name},
{'direction': '<>',
'simple_action': 'pass',
'protocol': 'icmp',
'source_network': 'any',
'dest_network': vn3_name},
]
rev_rules2 = [{'direction': '<>',
'simple_action': 'pass',
'protocol': 'icmp',
'source_network': vn1_name,
'dest_network': vn3_name,
},
]
rev_rules1 = [{'direction': '<>',
'simple_action': 'pass',
'protocol': 'icmp',
'source_network': vn2_name,
'dest_network': vn1_name,
},
]
rules2 = [{'direction': '<>',
'simple_action': 'pass',
'protocol': 'icmp',
'source_network': vn3_name,
'dest_network': vn1_name,
},
]
policy1_fixture = self.useFixture(
PolicyFixture(
policy_name=policy1_name,
rules_list=rules,
inputs=self.inputs,
connections=self.connections))
policy2_fixture = self.useFixture(
PolicyFixture(
policy_name=policy2_name,
rules_list=rev_rules1,
inputs=self.inputs,
connections=self.connections))
policy3_fixture = self.useFixture(
PolicyFixture(
policy_name=policy3_name,
rules_list=rules2,
inputs=self.inputs,
connections=self.connections))
policy4_fixture = self.useFixture(
PolicyFixture(
policy_name=policy4_name,
rules_list=rev_rules2,
inputs=self.inputs,
connections=self.connections))
vn1_fixture = self.useFixture(
VNFixture(
project_name=self.inputs.project_name,
connections=self.connections,
vn_name=vn1_name,
inputs=self.inputs,
subnets=vn1_subnets))
assert vn1_fixture.verify_on_setup()
vn2_fixture = self.useFixture(
VNFixture(
project_name=self.inputs.project_name,
connections=self.connections,
vn_name=vn2_name,
inputs=self.inputs,
subnets=vn2_subnets))
assert vn2_fixture.verify_on_setup()
vn3_fixture = self.useFixture(
VNFixture(
project_name=self.inputs.project_name,
connections=self.connections,
vn_name=vn3_name,
inputs=self.inputs,
subnets=vn3_subnets))
assert vn3_fixture.verify_on_setup()
self.logger.info("TEST STEP: End of setup")
vn_fixture = {
vn1_name: vn1_fixture,
vn2_name: vn2_fixture,
vn3_name: vn3_fixture}
vnet_list = [vn1_name, vn2_name, vn3_name]
self.logger.info("TEST STEP: Route verification for VN after setup")
actual_peer_vns_by_policy = policy_test_utils.get_policy_peer_vns(
self,
vnet_list,
vn_fixture)
for vn in vnet_list:
err_msg_on_fail = "route verification failed for vn %s" % (vn)
assert (
vn_fixture[vn].verify_vn_route_target(
policy_peer_vns=actual_peer_vns_by_policy[vn])), err_msg_on_fail
self.logger.info(
"TEST STEP: Bind policys to VN and verify import and export RT values")
policy_fq_name1 = [policy1_fixture.policy_fq_name]
policy_fq_name2 = [policy2_fixture.policy_fq_name]
vn1_fixture.bind_policies(policy_fq_name1, vn1_fixture.vn_id)
vn1_pol = vn1_fixture.get_policy_attached_to_vn()
vn2_fixture.bind_policies(policy_fq_name2, vn2_fixture.vn_id)
vn2_pol = vn2_fixture.get_policy_attached_to_vn()
vn3_fixture.bind_policies(
[policy3_fixture.policy_fq_name], vn3_fixture.vn_id)
vn3_pol = vn3_fixture.get_policy_attached_to_vn()
self.logger.info("vn: %s policys: %s" % (vn1_name, vn1_pol))
self.logger.info("vn: %s policys: %s" % (vn2_name, vn2_pol))
self.logger.info("vn: %s policys: %s" % (vn3_name, vn3_pol))
actual_peer_vns_by_policy = policy_test_utils.get_policy_peer_vns(
self,
vnet_list,
vn_fixture)
for vn in vnet_list:
err_msg_on_fail = "route verification failed for vn %s" % (vn)
out = vn_fixture[vn].verify_vn_route_target(
policy_peer_vns=actual_peer_vns_by_policy[vn])
# control node may not be updated of the config changes right away, as it depends on system load ..
# one scenario being when multiple tests are run in parallel..
# wait & retry one more time if result is not as expected..
if not out:
self.logger.info("wait and verify VN RT again...")
time.sleep(5)
out = vn_fixture[vn].verify_vn_route_target(
policy_peer_vns=actual_peer_vns_by_policy[vn])
assert (out), err_msg_on_fail
self.logger.info(
"TEST STEP: Bind one more policy to VN and verify RT import values updated")
vn1_fixture.bind_policies(
[policy1_fixture.policy_fq_name, policy4_fixture.policy_fq_name], vn1_fixture.vn_id)
actual_peer_vns_by_policy = policy_test_utils.get_policy_peer_vns(
self,
vnet_list,
vn_fixture)
for vn in vnet_list:
err_msg_on_fail = "route verification failed for vn %s" % (vn)
assert (
vn_fixture[vn].verify_vn_route_target(
policy_peer_vns=actual_peer_vns_by_policy[vn])), err_msg_on_fail
self.logger.info(
"TEST STEP: Unbind policy which was added earlier and verify RT import/export values are updated accordingly")
vn1_fixture.unbind_policies(
vn1_fixture.vn_id, [
policy4_fixture.policy_fq_name])
vn3_fixture.unbind_policies(
vn3_fixture.vn_id, [
policy3_fixture.policy_fq_name])
actual_peer_vns_by_policy = policy_test_utils.get_policy_peer_vns(
self,
vnet_list,
vn_fixture)
for vn in vnet_list:
err_msg_on_fail = "route verification failed for vn %s" % (vn)
assert (
vn_fixture[vn].verify_vn_route_target(
policy_peer_vns=actual_peer_vns_by_policy[vn])), err_msg_on_fail
return True
def test_remove_policy_with_ref(self):
''' This tests the following scenarios.
1. Test to validate that policy removal will fail when it referenced with VN.
2. validate vn_policy data in api-s against quantum-vn data, when created and unbind policy from VN thru quantum APIs.
3. validate policy data in api-s against quantum-policy data, when created and deleted thru quantum APIs.
'''
vn1_name = 'vn4'
vn1_subnets = ['10.1.1.0/24']
policy_name = 'policy1'
rules = [
{
'direction': '<>', 'simple_action': 'pass',
'protocol': 'icmp',
'source_network': vn1_name,
'dest_network': vn1_name,
},
]
policy_fixture = self.useFixture(
PolicyFixture(
policy_name=policy_name,
rules_list=rules,
inputs=self.inputs,
connections=self.connections))
vn1_fixture = self.useFixture(
VNFixture(
project_name=self.inputs.project_name,
connections=self.connections,
vn_name=vn1_name,
inputs=self.inputs,
subnets=vn1_subnets,
policy_objs=[
policy_fixture.policy_obj]))
assert vn1_fixture.verify_on_setup()
ret = policy_fixture.verify_on_setup()
if ret['result'] == False:
self.logger.error(
"Policy %s verification failed after setup" % policy_name)
assert ret['result'], ret['msg']
self.logger.info(
"Done with setup and verification, moving onto test ..")
# try to remove policy which was referenced with VN.
policy_removal = True
pol_list = self.quantum_fixture.list_policys()
self.logger.info("policy list for project %s is %s" %
(self.project.project_name, pol_list))
pol_id = None
for policy in pol_list['policys']:
if policy['name'] == policy_name:
pol_id = policy['id']
policy_removal = self.quantum_fixture.delete_policy(
policy['id'])
break
self.assertFalse(
policy_removal,
'Policy removal succeed as not expected since policy is referenced with VN')
#assert vn1_fixture.verify_on_setup()
# policy_fixture.verify_policy_in_api_server()
self.logger.info("Done with test, moving onto cleanup ..")
if vn1_fixture.policy_objs:
policy_fq_names = [
self.quantum_fixture.get_policy_fq_name(x) for x in vn1_fixture.policy_objs]
# self.assertTrue(
# vn1_fixture.verify_vn_policy_in_vn_uve(),
# "Policy information is not found in VN UVE Analytics after binding policy to VN")
# unbind the policy from VN
vn1_fixture.unbind_policies(vn1_fixture.vn_id, policy_fq_names)
self.assertTrue(
vn1_fixture.verify_vn_policy_not_in_vn_uve(),
"Policy information is not removed from VN UVE Analytics after policy un binded from VN")
# Verify policy ref is removed from VN
vn_pol_found = vn1_fixture.verify_vn_policy_not_in_api_server(
policy_name)
self.assertFalse(
vn_pol_found,
'policy not removed from VN after policy unbind from VN')
# Wait for 1 secs for db update after unbind operation..
time.sleep(1)
# remove the policy using quantum API
policy_removal = self.quantum_fixture.delete_policy(pol_id)
if not policy_removal:
self.logger.info("policy delete failed, retry again...")
policy_removal = self.quantum_fixture.delete_policy(pol_id)
self.assertTrue(
policy_removal,
'Policy removal failure not expected since policy is dereferenced with VN')
pol_found = policy_fixture.verify_policy_not_in_api_server()
self.assertFalse(
pol_found,
'policy not removed from API server when policy removed from Quantum')
return True
