def create_network(self, name, proj_obj, pod_subnet, service_subnet):
vn = VirtualNetwork(
name=name, parent_obj=proj_obj,
virtual_network_properties=VirtualNetworkType(forwarding_mode='l3'),
address_allocation_mode='user-defined-subnet-only')
try:
vn_obj = self._vnc_lib.virtual_network_read(
fq_name=vn.get_fq_name())
except NoIdError:
# Virtual network does not exist. Create one.
vn_uuid = self._vnc_lib.virtual_network_create(vn)
vn_obj = self._vnc_lib.virtual_network_read(id=vn_uuid)
pod_ipam_obj = self._create_network_ipam('pod-ipam', 'flat-subnet',
pod_subnet, proj_obj, vn_obj)
self._create_network_ipam('service-ipam', '', service_subnet, proj_obj,
vn_obj)
try:
self._vnc_lib.virtual_network_update(vn_obj)
except Exception as e:
self.logger.error("%s - failed to update virtual network %s %s. %s"
% (self._name, vn_obj.uuid, str(vn_obj.fq_name),
str(e)))
vn_obj = self._vnc_lib.virtual_network_read(
fq_name=vn_obj.get_fq_name())
kube = vnc_kubernetes.VncKubernetes.get_instance()
kube._create_cluster_service_fip_pool(vn_obj, pod_ipam_obj)
return vn_obj
def test_unset_tag_from_a_resource(self):
project = Project('project-%s' % self.id())
self.api.project_create(project)
vn = VirtualNetwork('vn-%s' % self.id(), parent_obj=project)
vn_uuid = self.api.virtual_network_create(vn)
type = 'fake_type-%s' % self.id()
value = 'fake_value-%s' % self.id()
tag = Tag(tag_type_name=type, tag_value=value, parent_obj=project)
self.api.tag_create(tag)
self.api.set_tag(vn, type, value)
for system_type in constants.TagTypeNameToId:
self.api.tag_create(
Tag(tag_type_name=system_type, tag_value=value))
self.api.set_tag(vn, system_type, value, is_global=True)
vn = self._vnc_lib.virtual_network_read(id=vn_uuid)
self.assertEqual(len(vn.get_tag_refs()),
len(constants.TagTypeNameToId) + 1)
self.assertTrue(tag.uuid in {ref['uuid'] for ref in vn.get_tag_refs()})
self.api.unset_tag(vn, type)
vn = self._vnc_lib.virtual_network_read(id=vn_uuid)
self.assertEqual(len(vn.get_tag_refs()),
len(constants.TagTypeNameToId))
self.assertFalse(tag.uuid in
{ref['uuid'] for ref in vn.get_tag_refs()})
def test_deallocate_vxlan_id(self):
# enable vxlan routing on project
proj = self._vnc_lib.project_read(
fq_name=["default-domain", "default-project"])
proj.set_vxlan_routing(True)
self._vnc_lib.project_update(proj)
mock_zk = self._api_server._db_conn._zk_db
vn_obj = VirtualNetwork('%s-vn' % self.id())
vn_obj_properties = VirtualNetworkType(forwarding_mode='l3')
vn_obj_properties.set_vxlan_network_identifier(6002)
vn_obj.set_virtual_network_properties(vn_obj_properties)
self.api.virtual_network_create(vn_obj)
# VN created, now read back the VN data to check if vxlan_id is set
vn_obj = self.api.virtual_network_read(id=vn_obj.uuid)
vn_obj_properties = vn_obj.get_virtual_network_properties()
if not vn_obj_properties:
self.fail("VN properties are not set")
vxlan_id = vn_obj_properties.get_vxlan_network_identifier()
self.assertEqual(vxlan_id, 6002)
self.api.virtual_network_delete(id=vn_obj.uuid)
self.assertNotEqual(vn_obj.get_fq_name_str() + "_vxlan",
mock_zk.get_vn_from_id(vxlan_id))
logger.debug('PASS - test_deallocate_vxlan_id')
def test_create_pool(self):
tenant_id = _uuid()
pool_id = _uuid()
vip_id = _uuid()
subnet_id = _uuid()
api = self.api_server
project = Project(name='test')
project.uuid = tenant_id
template = ServiceTemplate('lb-test', project)
template.uuid = _uuid()
pool_attrs = LoadbalancerPoolType()
pool_attrs.subnet_id = subnet_id
pool = LoadbalancerPool(
pool_id, project, loadbalancer_pool_properties=pool_attrs)
pool.uuid = pool_id
vip_attrs = VirtualIpType()
vip_attrs.subnet_id = subnet_id
vip_attrs.address = '127.0.0.1'
vip = VirtualIp(vip_id, project, virtual_ip_properties=vip_attrs)
vip.uuid = vip_id
vip.set_loadbalancer_pool(pool)
vnet = VirtualNetwork('test', project)
vnet.uuid = _uuid()
vmi = VirtualMachineInterface(vip_id, project)
vmi.uuid = _uuid()
vmi.set_virtual_network(vnet)
iip = InstanceIp(vip_id, instance_ip_address='127.0.0.1')
iip.uuid = _uuid()
iip.set_virtual_machine_interface(vmi)
iip_refs = [
{'to': iip.get_fq_name(), 'uuid': iip.uuid}
]
vmi.get_instance_ip_back_refs = mock.Mock()
vmi.get_instance_ip_back_refs.return_value = iip_refs
vip.set_virtual_machine_interface(vmi)
api.virtual_service_template_read = template
api.loadbalancer_pool_read.return_value = pool
api.virtual_ip_read.return_value = vip
api.kv_retrieve.return_value = '%s %s' % (vnet.uuid, subnet_id)
api.virtual_machine_interface_read.return_value = vmi
api.instance_ip_read.return_value = iip
api.service_instance_read.side_effect = NoIdError('404')
context = {}
pool_data = {
'id': pool_id,
'vip_id': vip_id
}
self.driver.create_pool(context, pool_data)
api.service_instance_create.assert_called_with(mock.ANY)
def _create_virtual_network(self, vn_name, proj_obj, ipam_obj, \
ipam_update, provider=None, subnets=None, \
type='flat-subnet-only'):
vn_exists = False
vn = VirtualNetwork(name=vn_name, parent_obj=proj_obj,
address_allocation_mode=type)
try:
vn_obj = self._vnc_lib.virtual_network_read(
fq_name=vn.get_fq_name())
vn_exists = True
except NoIdError:
# VN does not exist. Create one.
vn_obj = vn
if vn_exists:
return vn_obj
# Attach IPAM to virtual network.
#
# For flat-subnets, the subnets are specified on the IPAM and
# not on the virtual-network to IPAM link. So pass an empty
# list of VnSubnetsType.
# For user-defined-subnets, use the provided subnets
if ipam_update or \
not self._is_ipam_exists(vn_obj, ipam_obj.get_fq_name()):
if subnets and type == 'user-defined-subnet-only':
vn_obj.add_network_ipam(ipam_obj, subnets)
else:
vn_obj.add_network_ipam(ipam_obj, VnSubnetsType([]))
vn_obj.set_virtual_network_properties(
VirtualNetworkType(forwarding_mode='l3'))
fabric_snat = False
if self.ip_fabric_snat:
fabric_snat = True
if not vn_exists:
if self.ip_fabric_forwarding:
if provider:
#enable ip_fabric_forwarding
vn_obj.add_virtual_network(provider)
elif fabric_snat:
#enable fabric_snat
vn_obj.set_fabric_snat(True)
else:
#disable fabric_snat
vn_obj.set_fabric_snat(False)
# Create VN.
self._vnc_lib.virtual_network_create(vn_obj)
else:
# TODO: Handle Network update
pass
vn_obj = self._vnc_lib.virtual_network_read(
fq_name=vn_obj.get_fq_name())
VirtualNetworkKM.locate(vn_obj.uuid)
return vn_obj
def test_create_vn_with_configured_rt_in_system_range(self):
gsc = self.api.global_system_config_read(GlobalSystemConfig().fq_name)
vn = VirtualNetwork('%s-vn' % self.id())
rt_name = 'target:%d:%d' % (gsc.autonomous_system,
BGP_RTGT_MIN_ID + 1000)
vn.set_route_target_list(RouteTargetList([rt_name]))
self.assertRaises(BadRequest, self.api.virtual_network_create, vn)
def test_only_one_value_for_a_type_can_be_associate_to_a_resource2(self):
project = Project('project-%s' % self.id())
self.api.project_create(project)
tag_type = 'fake_type-%s' % self.id()
global_tag = Tag(tag_type_name=tag_type,
tag_value='global_fake_value-%s' % self.id())
self.api.tag_create(global_tag)
scoped_tag = Tag(tag_type_name=tag_type,
tag_value='scoped_fake_value-%s' % self.id(),
parent_obj=project)
self.api.tag_create(scoped_tag)
vn = VirtualNetwork('vn-%s' % self.id(), parent_obj=project)
vn.add_tag(global_tag)
vn.add_tag(scoped_tag)
self.assertRaises(BadRequest, self.api.virtual_network_create, vn)
vn.set_tag(global_tag)
self.api.virtual_network_create(vn)
vn = self._vnc_lib.virtual_network_read(id=vn.uuid)
self.assertEqual(len(vn.get_tag_refs()), 1)
self.assertEqual(vn.get_tag_refs()[0]['uuid'], global_tag.uuid)
vn.add_tag(scoped_tag)
self.assertRaises(BadRequest, self.api.virtual_network_update, vn)
def test_deallocate_vn_id(self):
mock_zk = self._api_server._db_conn._zk_db
vn_obj = VirtualNetwork('%s-vn' % self.id())
self.api.virtual_network_create(vn_obj)
vn_obj = self.api.virtual_network_read(id=vn_obj.uuid)
vn_id = vn_obj.virtual_network_network_id
self.api.virtual_network_delete(id=vn_obj.uuid)
self.assertNotEqual(mock_zk.get_vn_from_id(vn_id),
vn_obj.get_fq_name_str())
def test_allocate_vn_id(self):
mock_zk = self._api_server._db_conn._zk_db
vn_obj = VirtualNetwork('%s-vn' % self.id())
self.api.virtual_network_create(vn_obj)
vn_obj = self.api.virtual_network_read(id=vn_obj.uuid)
vn_id = vn_obj.virtual_network_network_id
self.assertEqual(vn_obj.get_fq_name_str(),
mock_zk.get_vn_from_id(vn_id))
self.assertGreaterEqual(vn_id, VNID_MIN_ALLOC)
def test_cannot_update_vn_id(self):
vn_obj = VirtualNetwork('%s-vn' % self.id())
self.api.virtual_network_create(vn_obj)
vn_obj = self.api.virtual_network_read(id=vn_obj.uuid)
vn_obj.set_virtual_network_network_id(42)
with ExpectedException(PermissionDenied):
self.api.virtual_network_update(vn_obj)
# test can update with same value, needed internally
# TODO(ethuleau): not sure why it's needed
vn_obj = self.api.virtual_network_read(id=vn_obj.uuid)
vn_obj.set_virtual_network_network_id(
vn_obj.virtual_network_network_id)
self.api.virtual_network_update(vn_obj)
def create_network(self, name, proj_obj):
vn = VirtualNetwork(
name=name,
parent_obj=proj_obj,
virtual_network_properties=VirtualNetworkType(forwarding_mode='l3'),
address_allocation_mode='flat-subnet-only')
try:
vn_obj = self._vnc_lib.virtual_network_read(
fq_name=vn.get_fq_name())
except NoIdError:
# Virtual network does not exist. Create one.
uid = self._vnc_lib.virtual_network_create(vn)
vn_obj = self._vnc_lib.virtual_network_read(id=uid)
return vn_obj
def test_resources_exists(self):
api = VncApiMock(
self.args.auth_user,
self.args.auth_password,
self.args.auth_tenant,
self.args.vnc_endpoint_ip,
self.args.vnc_endpoint_port,
self.args.auth_token_url
)
domain_uuid = api.domain_create(Domain("default-domain"))
domain = api.domain_read(id=domain_uuid)
proj_uuid = api.project_create(Project("default", parent_obj=domain))
proj = api.project_read(id=proj_uuid)
ipam_uuid = api.network_ipam_create(NetworkIpam("pod-ipam", proj))
ipam = api.network_ipam_read(id=ipam_uuid)
net = VirtualNetwork("cluster-network", proj)
net.add_network_ipam(ipam, VnSubnetsType([]))
api.virtual_network_create(net)
vnc_kubernetes.VncKubernetes(self.args, Mock())
def test_only_one_value_for_a_type_can_be_associate_to_a_resource(self):
project = Project('project-%s' % self.id())
self.api.project_create(project)
vn = VirtualNetwork('vn-%s' % self.id(), parent_obj=project)
vn_uuid = self.api.virtual_network_create(vn)
tag_type = 'fake_type-%s' % self.id()
global_tag_value = 'global_fake_value-%s' % self.id()
global_tag = Tag(tag_type_name=tag_type, tag_value=global_tag_value)
self.api.tag_create(global_tag)
tags_dict = {
tag_type: {
'is_global': True,
'value': global_tag_value,
},
}
self.api.set_tags(vn, tags_dict)
vn = self._vnc_lib.virtual_network_read(id=vn_uuid)
self.assertEqual(len(vn.get_tag_refs()), 1)
self.assertEqual(vn.get_tag_refs()[0]['uuid'], global_tag.uuid)
scoped_tag_value = 'scoped_fake_value-%s' % self.id()
scoped_tag = Tag(tag_type_name=tag_type, tag_value=scoped_tag_value,
parent_obj=project)
self.api.tag_create(scoped_tag)
tags_dict = {
tag_type: {
'value': scoped_tag_value,
},
}
self.api.set_tags(vn, tags_dict)
# Scoped tag which is the same type as the global tag but with a
# different value, replaced the global tag ref of the VN. One at a time
vn = self._vnc_lib.virtual_network_read(id=vn_uuid)
self.assertEqual(len(vn.get_tag_refs()), 1)
self.assertEqual(vn.get_tag_refs()[0]['uuid'], scoped_tag.uuid)
def test_resources_exists(self):
api = VncApiMock(
self.args.auth_user,
self.args.auth_password,
self.args.auth_tenant,
self.args.vnc_endpoint_ip,
self.args.vnc_endpoint_port,
self.args.auth_token_url
)
domain_fq_name = ['default-domain']
domain = api.domain_read(fq_name=domain_fq_name)
proj_uuid = api.project_create(Project("default", parent_obj=domain))
proj = api.project_read(id=proj_uuid)
# Create cluster-default-pod-network
ipam_uuid = api.network_ipam_create(NetworkIpam("pod-ipam", proj))
ipam = api.network_ipam_read(id=ipam_uuid)
net = VirtualNetwork("cluster-default-pod-network", proj)
# No subnets are associated with IPAM at this point.
# Subnets will be updated in the IPAM, when cluster is created.
net.add_network_ipam(ipam, VnSubnetsType([]))
api.virtual_network_create(net)
# Create cluster-default-service-network
ipam_uuid = api.network_ipam_create(NetworkIpam("service-ipam", proj))
ipam = api.network_ipam_read(id=ipam_uuid)
net = VirtualNetwork("cluster-default-service-network", proj)
# No subnets are associated with IPAM at this point.
# Subnets will be updated in the IPAM, when cluster is created.
net.add_network_ipam(ipam, VnSubnetsType([]))
api.virtual_network_create(net)
vnc_kubernetes.VncKubernetes(self.args, Mock())
def test_associate_scoped_tag_to_a_resource(self):
project = Project('project-%s' % self.id())
self.api.project_create(project)
vn = VirtualNetwork('vn-%s' % self.id(), parent_obj=project)
vn_uuid = self.api.virtual_network_create(vn)
type = 'fake_type-%s' % self.id()
value = 'fake_value-%s' % self.id()
scoped_tag = Tag(tag_type_name=type, tag_value=value,
parent_obj=project)
self.api.tag_create(scoped_tag)
tags_dict = {
type: {
'value': value,
},
}
self.api.set_tags(vn, tags_dict)
vn = self._vnc_lib.virtual_network_read(id=vn_uuid)
self.assertEqual(len(vn.get_tag_refs()), 1)
self.assertEqual(vn.get_tag_refs()[0]['uuid'], scoped_tag.uuid)
def test_update_vxlan_id(self):
# enable vxlan routing on project
proj = self._vnc_lib.project_read(
fq_name=["default-domain", "default-project"])
proj.set_vxlan_routing(True)
self._vnc_lib.project_update(proj)
vn_obj = VirtualNetwork('%s-vn' % self.id())
vn_obj_properties = VirtualNetworkType(forwarding_mode='l3')
vn_obj_properties.set_vxlan_network_identifier(6003)
vn_obj_properties.set_forwarding_mode('l2_l3')
vn_obj.set_virtual_network_properties(vn_obj_properties)
self.api.virtual_network_create(vn_obj)
# VN created, now read back the VN data to check if vxlan_id is set
vn_obj_read = self.api.virtual_network_read(id=vn_obj.uuid)
vn_obj_properties_read = vn_obj_read.get_virtual_network_properties()
if not vn_obj_properties_read:
self.fail("VN properties are not set")
vxlan_id = vn_obj_properties_read.get_vxlan_network_identifier()
self.assertEqual(vxlan_id, 6003)
# Created VN. Now Update it with a different vxlan_id
vn_obj_properties.set_vxlan_network_identifier(6004)
vn_obj.set_virtual_network_properties(vn_obj_properties)
self.api.virtual_network_update(vn_obj)
vn_obj_read = self.api.virtual_network_read(id=vn_obj.uuid)
vn_obj_properties_read = vn_obj_read.get_virtual_network_properties()
if not vn_obj_properties_read:
self.fail("VN properties are not set")
vxlan_id = vn_obj_properties_read.get_vxlan_network_identifier()
self.assertEqual(vxlan_id, 6004)
self.api.virtual_network_delete(id=vn_obj.uuid)
logger.debug('PASS - test_update_vxlan_id')
def test_out_of_order_rabbit_publish(self):
""" Test to make sure api-server preserves the state of the
object even if the CREATE msg is queued after UPDATE in rabbit
"""
self.wait_till_api_server_idle()
api_server = test_common.vnc_cfg_api_server.server
orig_dbe_create_publish = api_server._db_conn._msgbus.dbe_create_publish
self.block_untill_update_publish = True
def out_of_order_dbe_create_publish(obj_type, obj_ids, *args, **kwargs):
if obj_type == 'virtual_network':
while self.block_untill_update_publish:
gevent.sleep(1)
return orig_dbe_create_publish(obj_type,obj_ids, *args, **kwargs)
api_server._db_conn._msgbus.dbe_create_publish = \
out_of_order_dbe_create_publish
logger.info("Creating VN object, without publishing it to IFMAP.")
vn_obj = VirtualNetwork('vn1')
vn_obj.set_uuid(str(uuid.uuid4()))
ipam_obj = NetworkIpam('ipam1')
vn_obj.add_network_ipam(ipam_obj, VnSubnetsType())
self._vnc_lib.network_ipam_create(ipam_obj)
vn_create_greenlet = gevent.spawn(self._vnc_lib.virtual_network_create, vn_obj)
gevent.sleep(0)
logger.info("Update VN object, Expected to update the object in",
"Cassandra DB and skip publishing to IFMAP.")
vn_obj = self._vnc_lib.virtual_network_read(id=vn_obj.uuid)
vn_obj.display_name = 'test_update_1'
self._vnc_lib.virtual_network_update(vn_obj)
gevent.sleep(2)
with testtools.ExpectedException(KeyError):
api_server._db_conn._ifmap_db._id_to_metas[\
'contrail:virtual-network:default-domain:default-project:vn1']
logger.info("Unblock create notify to amqp, Create expected to read from DB",
"and publish to IFMAP with the updated object info.")
self.block_untill_update_publish = False
vn_uuid = vn_create_greenlet.get(timeout=3)
gevent.sleep(2)
self.assertEqual(api_server._db_conn._ifmap_db._id_to_metas[\
'contrail:virtual-network:default-domain:default-project:vn1'][\
'display-name']['']._Metadata__value, 'test_update_1')
logger.info("update after publishing to IFAMAP, Expected to publish to IFMAP")
vn_obj.display_name = 'test_update_2'
self._vnc_lib.virtual_network_update(vn_obj)
gevent.sleep(2)
self.assertEqual(api_server._db_conn._ifmap_db._id_to_metas[\
'contrail:virtual-network:default-domain:default-project:vn1'][\
'display-name']['']._Metadata__value, 'test_update_2')
def test_cannot_update_vxlan_id(self):
# enable vxlan routing on project
proj = self._vnc_lib.project_read(
fq_name=["default-domain", "default-project"])
proj.set_vxlan_routing(True)
self._vnc_lib.project_update(proj)
vn1_obj = VirtualNetwork('%s-vn1' % self.id())
vn1_obj_properties = VirtualNetworkType(forwarding_mode='l3')
vn1_obj_properties.set_vxlan_network_identifier(6005)
vn1_obj_properties.set_forwarding_mode('l2_l3')
vn1_obj.set_virtual_network_properties(vn1_obj_properties)
self.api.virtual_network_create(vn1_obj)
# VN created, create second VN with different vxlan_id
vn2_obj = VirtualNetwork('%s-vn2' % self.id())
vn2_obj_properties = VirtualNetworkType(forwarding_mode='l3')
vn2_obj_properties.set_vxlan_network_identifier(6006)
vn2_obj_properties.set_forwarding_mode('l2_l3')
vn2_obj.set_virtual_network_properties(vn2_obj_properties)
self.api.virtual_network_create(vn2_obj)
# Created Two VNs. Now Update it second VN with 1st VNs VXLAN_ID
vn2_obj_properties.set_vxlan_network_identifier(6005)
vn2_obj.set_virtual_network_properties(vn2_obj_properties)
with ExpectedException(BadRequest):
self.api.virtual_network_update(vn2_obj)
vn_obj_read = self.api.virtual_network_read(id=vn2_obj.uuid)
vn_obj_properties_read = vn_obj_read.get_virtual_network_properties()
if not vn_obj_properties_read:
self.fail("VN properties are not set")
vxlan_id = vn_obj_properties_read.get_vxlan_network_identifier()
self.assertEqual(vxlan_id, 6006)
self.api.virtual_network_delete(id=vn2_obj.uuid)
self.api.virtual_network_delete(id=vn1_obj.uuid)
logger.debug('PASS - test_cannot_update_vxlan_id')
def test_out_of_order_rabbit_publish(self):
""" Test to make sure api-server preserves the state of the
object even if the CREATE msg is queued after UPDATE in rabbit
"""
self.wait_till_api_server_idle()
api_server = self._server_info['api_server']
orig_dbe_create_publish = api_server._db_conn._msgbus.dbe_create_publish
self.block_untill_update_publish = True
def out_of_order_dbe_create_publish(obj_type, obj_ids, *args, **kwargs):
if obj_type == 'virtual_network':
while self.block_untill_update_publish:
gevent.sleep(1)
return orig_dbe_create_publish(obj_type,obj_ids, *args, **kwargs)
api_server._db_conn._msgbus.dbe_create_publish = \
out_of_order_dbe_create_publish
logger.info("Creating VN object, without publishing it to IFMAP.")
vn_obj = VirtualNetwork('vn1')
vn_obj.set_uuid(str(uuid.uuid4()))
ipam_obj = NetworkIpam('ipam1')
vn_obj.add_network_ipam(ipam_obj, VnSubnetsType())
self._vnc_lib.network_ipam_create(ipam_obj)
vn_create_greenlet = gevent.spawn(self._vnc_lib.virtual_network_create, vn_obj)
gevent.sleep(0)
logger.info("Update VN object, Expected to update the object in",
"Cassandra DB and skip publishing to IFMAP.")
vn_obj = self._vnc_lib.virtual_network_read(id=vn_obj.uuid)
vn_obj.display_name = 'test_update_1'
self._vnc_lib.virtual_network_update(vn_obj)
gevent.sleep(2)
self.assertTill(self.ifmap_doesnt_have_ident, obj=vn_obj)
logger.info("Unblock create notify to amqp, Create expected to read from DB",
"and publish to IFMAP with the updated object info.")
self.block_untill_update_publish = False
vn_uuid = vn_create_greenlet.get(timeout=3)
self.assertTill(self.ifmap_ident_has_link, obj=vn_obj,
link_name='display-name')
self.assertTrue('test_update_1' in self.ifmap_ident_has_link(
obj=vn_obj, link_name='display-name')['meta'])
logger.info("update after publishing to IFAMAP, Expected to publish to IFMAP")
vn_obj.display_name = 'test_update_2'
self._vnc_lib.virtual_network_update(vn_obj)
self.assertTill(lambda: 'test_update_2' in self.ifmap_ident_has_link(
obj=vn_obj, link_name='display-name')['meta'])
def test_set_unset_multi_value_of_authorized_type_on_one_resource(self):
project = Project('project-%s' % self.id())
self.api.project_create(project)
vn = VirtualNetwork('vn-%s' % self.id(), parent_obj=project)
vn_uuid = self.api.virtual_network_create(vn)
# Label tag type is the only one type authorized to be set multiple
# time on a same resource
type = 'label'
value1 = '%s-label1' % self.id()
label_tag1 = Tag(tag_type_name=type, tag_value=value1,
parent_obj=project)
self.api.tag_create(label_tag1)
value2 = '%s-label2' % self.id()
label_tag2 = Tag(tag_type_name=type, tag_value=value2,
parent_obj=project)
self.api.tag_create(label_tag2)
value3 = '%s-label3' % self.id()
label_tag3 = Tag(tag_type_name=type, tag_value=value3,
parent_obj=project)
self.api.tag_create(label_tag3)
tags_dict = {
type: {
'value': value1,
'add_values': [value2],
},
}
self.api.set_tags(vn, tags_dict)
vn = self._vnc_lib.virtual_network_read(id=vn_uuid)
self.assertEqual(len(vn.get_tag_refs()), 2)
self.assertEqual({ref['uuid'] for ref in vn.get_tag_refs()},
set([label_tag1.uuid, label_tag2.uuid]))
tags_dict = {
type: {
'add_values': [value3],
'delete_values': [value1],
},
}
self.api.set_tags(vn, tags_dict)
vn = self._vnc_lib.virtual_network_read(id=vn_uuid)
self.assertEqual(len(vn.get_tag_refs()), 2)
self.assertEqual({ref['uuid'] for ref in vn.get_tag_refs()},
set([label_tag2.uuid, label_tag3.uuid]))
self.api.unset_tag(vn, type)
vn = self._vnc_lib.virtual_network_read(id=vn_uuid)
self.assertIsNone(vn.get_tag_refs())
def test_cannot_allocate_vxlan_id(self):
# enable vxlan routing on project
proj = self._vnc_lib.project_read(
fq_name=["default-domain", "default-project"])
proj.set_vxlan_routing(True)
self._vnc_lib.project_update(proj)
mock_zk = self._api_server._db_conn._zk_db
vn1_obj = VirtualNetwork('%s-vn' % self.id())
vn1_obj_properties = VirtualNetworkType(forwarding_mode='l3')
vn1_obj_properties.set_vxlan_network_identifier(6001)
vn1_obj_properties.set_forwarding_mode('l2_l3')
vn1_obj.set_virtual_network_properties(vn1_obj_properties)
self.api.virtual_network_create(vn1_obj)
# VN created, now read back the VN data to check if vxlan_id is set
vn1_obj = self.api.virtual_network_read(id=vn1_obj.uuid)
vn1_obj_properties = vn1_obj.get_virtual_network_properties()
if not vn1_obj_properties:
self.fail("VN properties are not set")
vxlan_id = vn1_obj_properties.get_vxlan_network_identifier()
self.assertEqual(vxlan_id, 6001)
# Verified vxlan_id for VN1, now create VN2 with same vxlan_id
vn2_obj = VirtualNetwork('%s-vn2' % self.id())
vn2_obj_properties = VirtualNetworkType(forwarding_mode='l3')
vn2_obj_properties.set_vxlan_network_identifier(6001)
vn2_obj_properties.set_forwarding_mode('l2_l3')
vn2_obj.set_virtual_network_properties(vn2_obj_properties)
with ExpectedException(BadRequest):
self.api.virtual_network_create(vn2_obj)
self.assertEqual(vn1_obj.get_fq_name_str() + "_vxlan",
mock_zk.get_vn_from_id(vxlan_id))
self.assertGreaterEqual(vxlan_id, VNID_MIN_ALLOC)
self.api.virtual_network_delete(id=vn1_obj.uuid)
logger.debug('PASS - test_cannot_allocate_vxlan_id')
def _create_vpg_prerequisites(self,
enterprise_style_flag=True,
create_second_pr=False,
disable_vlan_vn_uniqueness_check=False):
# Create project first
proj_obj = Project('%s-project' % (self.id()))
self.api.project_create(proj_obj)
# Create Fabric with enterprise style flag set to false
fabric_obj = Fabric('%s-fabric' % (self.id()))
fabric_obj.set_fabric_enterprise_style(enterprise_style_flag)
fabric_obj.set_disable_vlan_vn_uniqueness_check(
disable_vlan_vn_uniqueness_check)
fabric_uuid = self.api.fabric_create(fabric_obj)
fabric_obj = self.api.fabric_read(id=fabric_uuid)
# Create physical router
pr_name = self.id() + '_physical_router'
pr = PhysicalRouter(pr_name)
pr_uuid = self._vnc_lib.physical_router_create(pr)
pr_obj = self._vnc_lib.physical_router_read(id=pr_uuid)
# Create physical interface
esi_id = '00:11:22:33:44:55:66:77:88:99'
pi_name = self.id() + '__phy_intf_1'
pi = PhysicalInterface(name=pi_name,
parent_obj=pr_obj,
ethernet_segment_identifier=esi_id)
pi_uuid = self.api.physical_interface_create(pi)
pi_obj = self.api.physical_interface_read(id=pi_uuid)
# Create VN
vn_name = 'vn-%s-1' % self.id()
vn = VirtualNetwork(vn_name, parent_obj=proj_obj)
vn_uuid = self.api.virtual_network_create(vn)
vn_obj = self.api.virtual_network_read(id=vn_uuid)
return proj_obj, fabric_obj, pr_obj, pi_obj, vn_obj
def test_context_undo_vxlan_id_fail_db_update(self):
# enable vxlan routing on project
proj = self._vnc_lib.project_read(
fq_name=["default-domain", "default-project"])
proj.set_vxlan_routing(True)
self._vnc_lib.project_update(proj)
mock_zk = self._api_server._db_conn._zk_db
vn_obj = VirtualNetwork('%s-vn' % self.id())
# Create vxlan
vxlan_id = 6000
vn_obj_properties = VirtualNetworkType(forwarding_mode='l3')
vn_obj_properties.set_vxlan_network_identifier(vxlan_id)
vn_obj_properties.set_forwarding_mode('l2_l3')
vn_obj.set_virtual_network_properties(vn_obj_properties)
self.api.virtual_network_create(vn_obj)
vxlan_fqname = mock_zk.get_vn_from_id(vxlan_id)
# Update vxlan id (will fail)
new_vxlan_id = 6005
vn_obj_properties.set_vxlan_network_identifier(new_vxlan_id)
vn_obj.set_virtual_network_properties(vn_obj_properties)
def stub(*args, **kwargs):
return (False, (500, "Fake error"))
zk_alloc_count_start = mock_zk._vn_id_allocator.get_alloc_count()
with ExpectedException(HttpError):
with test_common.flexmocks(
[(self._api_server._db_conn, 'dbe_update', stub)]):
self.api.virtual_network_update(vn_obj)
# Make sure vxlan_id is still allocated with same name
new_vxlan_fqname = mock_zk.get_vn_from_id(vxlan_id)
self.assertEqual(new_vxlan_fqname, vxlan_fqname)
# Make sure new_vxlan_id is deallocated
update_vxlan_fqname = mock_zk.get_vn_from_id(new_vxlan_id)
self.assertEqual(update_vxlan_fqname, None)
# Make sure allocation counter stays the same
zk_alloc_count_current = mock_zk._vn_id_allocator.get_alloc_count()
self.assertEqual(zk_alloc_count_start, zk_alloc_count_current)
def setUp(self):
VncApiMock.init()
DBMock.init()
vnc_kubernetes.VncKubernetes.reset()
self.args = Mock()
self.args.admin_user = "******"
self.args.admin_password = "******"
self.args.admin_tenant = "default"
self.args.vnc_endpoint_ip = '127.0.0.1'
self.args.vnc_endpoint_port = "8082"
self.args.auth_token_url = "token"
self.args.cluster_project = None
self.args.cluster_network = None
self.args.cluster_pod_network = None
self.args.cluster_service_network = None
self.args.cluster_name = "unittest-cluster"
self.args.pod_subnets = ['10.10.0.0/16']
self.args.service_subnets = ['192.168.0.0/24']
self.args.kubernetes_api_secure_port = "8443"
self.args.auth_user = "******"
self.args.auth_password = "******"
self.args.auth_tenant = "default"
self.args.cassandra_server_list = ()
self.args.aps_name = "test-aps"
api = VncApiMock(self.args.auth_user, self.args.auth_password,
self.args.auth_tenant, self.args.vnc_endpoint_ip,
self.args.vnc_endpoint_port, self.args.auth_token_url)
domain_uuid = api.domain_create(Domain("default-domain"))
domain = api.domain_read(id=domain_uuid)
proj_uuid = api.project_create(
Project("default-project", parent_obj=domain))
proj = api.project_read(id=proj_uuid)
net = VirtualNetwork("ip-fabric", proj)
api.virtual_network_create(net)
def test_context_undo_fail_db_create_routing_instance(self):
project = Project('project-%s' % self.id())
self.api.project_create(project)
vn = VirtualNetwork('vn-%s' % self.id(), parent_obj=project)
self.api.virtual_network_create(vn)
mock_zk = self._api_server._db_conn._zk_db
ri_name = 'ri-%s' % self.id()
ri_fq_name = vn.fq_name + [ri_name]
ri = RoutingInstance(ri_name, parent_obj=vn)
ri.set_routing_instance_is_default(False)
self.api.routing_instance_create(ri)
# Make sure we have right zk path (ri_fq_name)
ri_uuid, _ = mock_zk.get_fq_name_to_uuid_mapping(
'routing_instance', ri_fq_name)
self.assertTrue(ri_uuid is not None)
# Clean ri
self.api.routing_instance_delete(id=ri_uuid)
ri = RoutingInstance(ri_name, parent_obj=vn)
ri.set_routing_instance_is_default(False)
def stub(*args, **kwargs):
return (False, (500, "Fake error"))
with ExpectedException(HttpError):
with test_common.flexmocks([(self._api_server._db_conn,
'dbe_create', stub)]):
self.api.routing_instance_create(ri)
# Check if uuid for ri got released during undo action
# using same zk path parameters as above
with ExpectedException(TypeError):
mock_zk.get_fq_name_to_uuid_mapping('routing_instance', ri_fq_name)
def test_virtual_port_group_delete(self):
proj_obj = Project('%s-project' % (self.id()))
self.api.project_create(proj_obj)
fabric_obj = Fabric('%s-fabric' % (self.id()))
self.api.fabric_create(fabric_obj)
vn = VirtualNetwork('vn-%s' % (self.id()), parent_obj=proj_obj)
self.api.virtual_network_create(vn)
vpg_name = "vpg-" + self.id()
vpg_obj = VirtualPortGroup(vpg_name, parent_obj=fabric_obj)
self.api.virtual_port_group_create(vpg_obj)
vmi_id_list = []
for i in range(self.VMI_NUM):
vmi_obj = VirtualMachineInterface(self.id() + str(i),
parent_obj=proj_obj)
vmi_obj.set_virtual_network(vn)
vmi_id_list.append(
self.api.virtual_machine_interface_create(vmi_obj))
vpg_obj.add_virtual_machine_interface(vmi_obj)
self.api.virtual_port_group_update(vpg_obj)
self.api.ref_relax_for_delete(vpg_obj.uuid, vmi_id_list[i])
# Make sure when VPG doesn't get deleted, since associated VMIs
# still refers it.
with ExpectedException(BadRequest):
self.api.virtual_port_group_delete(id=vpg_obj.uuid)
# Cleanup
for i in range(self.VMI_NUM):
self.api.virtual_machine_interface_delete(id=vmi_id_list[i])
self.api.virtual_port_group_delete(id=vpg_obj.uuid)
self.api.fabric_delete(id=fabric_obj.uuid)
def create_vn_with_subnets(self, id, vn_name, ipam_obj, subnet,
subnetmask=24):
vn_obj = VirtualNetwork(vn_name)
vn_obj_properties = VirtualNetworkType()
vn_obj_properties.set_vxlan_network_identifier(2000 + id)
vn_obj_properties.set_forwarding_mode('l2_l3')
vn_obj.set_virtual_network_properties(vn_obj_properties)
vn_obj.add_network_ipam(ipam_obj, VnSubnetsType(
[IpamSubnetType(SubnetType(subnet, subnetmask))]))
vn_uuid = self._vnc_lib.virtual_network_create(vn_obj)
vn_obj_rd = self._vnc_lib.virtual_network_read(id=vn_uuid)
# make sure RT for vn is created
rt = []
try:
rt = self._get_route_target(vn_obj_rd)
except Exception:
pass
return vn_obj, self._vnc_lib.virtual_network_read(id=vn_uuid), rt
def test_only_one_value_for_a_type_can_be_associate_to_a_resource(self):
project = Project('project-%s' % self.id())
self.api.project_create(project)
vn = VirtualNetwork('vn-%s' % self.id(), parent_obj=project)
vn_uuid = self.api.virtual_network_create(vn)
tag_type = 'fake_type-%s' % self.id()
global_tag_value = 'global_fake_value-%s' % self.id()
global_tag = Tag(tag_type_name=tag_type, tag_value=global_tag_value)
self.api.tag_create(global_tag)
tags_dict = {
tag_type: {
'is_global': True,
'value': global_tag_value,
},
}
self.api.set_tags(vn, tags_dict)
vn = self._vnc_lib.virtual_network_read(id=vn_uuid)
self.assertEqual(len(vn.get_tag_refs()), 1)
self.assertEqual(vn.get_tag_refs()[0]['uuid'], global_tag.uuid)
scoped_tag_value = 'scoped_fake_value-%s' % self.id()
scoped_tag = Tag(tag_type_name=tag_type,
tag_value=scoped_tag_value,
parent_obj=project)
self.api.tag_create(scoped_tag)
tags_dict = {
tag_type: {
'value': scoped_tag_value,
},
}
self.api.set_tags(vn, tags_dict)
# Scoped tag which is the same type as the global tag but with a
# different value, replaced the global tag ref of the VN. One at a time
vn = self._vnc_lib.virtual_network_read(id=vn_uuid)
self.assertEqual(len(vn.get_tag_refs()), 1)
self.assertEqual(vn.get_tag_refs()[0]['uuid'], scoped_tag.uuid)
def test_update_vxlan_id(self):
# enable vxlan routing on project
proj = self._vnc_lib.project_read(
fq_name=["default-domain", "default-project"])
proj.set_vxlan_routing(True)
self._vnc_lib.project_update(proj)
mock_zk = self._api_server._db_conn._zk_db
vn_obj = VirtualNetwork('%s-vn' % self.id())
vn_obj_properties = VirtualNetworkType(forwarding_mode='l3')
vn_obj_properties.set_vxlan_network_identifier(6003)
vn_obj_properties.set_forwarding_mode('l2_l3')
vn_obj.set_virtual_network_properties(vn_obj_properties)
self.api.virtual_network_create(vn_obj)
#VN created, now read back the VN data to check if vxlan_id is set
vn_obj_read = self.api.virtual_network_read(id=vn_obj.uuid)
vn_obj_properties_read = vn_obj_read.get_virtual_network_properties()
if not vn_obj_properties_read:
self.fail("VN properties are not set")
vxlan_id = vn_obj_properties_read.get_vxlan_network_identifier()
self.assertEqual(vxlan_id, 6003)
#Created VN. Now Update it with a different vxlan_id
vn_obj_properties.set_vxlan_network_identifier(6004)
vn_obj.set_virtual_network_properties(vn_obj_properties)
self.api.virtual_network_update(vn_obj)
vn_obj_read = self.api.virtual_network_read(id=vn_obj.uuid)
vn_obj_properties_read = vn_obj_read.get_virtual_network_properties()
if not vn_obj_properties_read:
self.fail("VN properties are not set")
vxlan_id = vn_obj_properties_read.get_vxlan_network_identifier()
self.assertEqual(vxlan_id, 6004)
self.api.virtual_network_delete(id=vn_obj.uuid)
logger.debug('PASS - test_update_vxlan_id')
def _create_isolated_ns_virtual_network(self, ns_name, vn_name, proj_obj):
"""
Create a virtual network for this namespace.
"""
vn = VirtualNetwork(
name=vn_name, parent_obj=proj_obj,
virtual_network_properties=VirtualNetworkType(forwarding_mode='l3'),
address_allocation_mode='flat-subnet-only')
# Add annotatins on this isolated virtual-network.
VirtualNetworkKM.add_annotations(self, vn, namespace=ns_name,
name=ns_name, isolated='True')
try:
vn_uuid = self._vnc_lib.virtual_network_create(vn)
except RefsExistError:
vn_obj = self._vnc_lib.virtual_network_read(
fq_name=vn.get_fq_name())
vn_uuid = vn_obj.uuid
# Instance-Ip for pods on this VN, should be allocated from
# cluster pod ipam. Attach the cluster pod-ipam object
# to this virtual network.
ipam_fq_name = vnc_kube_config.pod_ipam_fq_name()
ipam_obj = self._vnc_lib.network_ipam_read(
fq_name=ipam_fq_name)
vn.add_network_ipam(ipam_obj, VnSubnetsType([]))
# Update VN.
self._vnc_lib.virtual_network_update(vn)
# Cache the virtual network.
VirtualNetworkKM.locate(vn_uuid)
# Cache network info in namespace entry.
self._set_namespace_virtual_network(ns_name, vn.get_fq_name())
return vn_uuid
def test_get_floating_ip_project_ref(self):
# create project
project = Project(name='project-{}'.format(self.id()))
p_uuid = self._vnc_lib.project_create(project)
project.set_uuid(p_uuid)
# create virtual network
vn = VirtualNetwork(name='vn-{}'.format(self.id()),
parent_obj=project)
vn.add_network_ipam(NetworkIpam(), VnSubnetsType([
IpamSubnetType(SubnetType('1.1.1.0', 28)),
]))
vn_uuid = self._vnc_lib.virtual_network_create(vn)
vn.set_uuid(vn_uuid)
# create floating IP pool
fip_pool = FloatingIpPool(name='fip_p-{}'.format(self.id()),
parent_obj=vn)
fip_p_uuid = self._vnc_lib.floating_ip_pool_create(fip_pool)
fip_pool.set_uuid(fip_p_uuid)
# finally, create floating IP
fip = FloatingIp(name='fip-{}'.format(self.id()),
parent_obj=fip_pool)
fip_uuid = self._vnc_lib.floating_ip_create(fip)
# get floating IPs
fip_list = self._vnc_lib.floating_ips_list(obj_uuids=[fip_uuid],
fields=['project_refs'],
detail=True)
self.assertEqual(len(fip_list), 1)
project_refs = fip_list[0].get_project_refs()
self.assertEqual(len(project_refs), 1)
self.assertEqual(project_refs[0]['uuid'], p_uuid)
self.assertEqual(project_refs[0]['to'], project.fq_name)
def test_public_snat_routes(self):
#create private vn
vn_private_name = self.id() + 'vn1'
vn_private = self.create_virtual_network(vn_private_name, "1.0.0.0/24")
# create virtual machine interface
vmi_name = self.id() + 'vmi1'
vmi = VirtualMachineInterface(vmi_name, parent_type='project',
fq_name=['default-domain', 'default-project', vmi_name])
vmi.add_virtual_network(vn_private)
self._vnc_lib.virtual_machine_interface_create(vmi)
#create public vn
vn_public_name = 'vn-public'
vn_public = VirtualNetwork(vn_public_name)
vn_public.set_router_external(True)
ipam_obj = NetworkIpam('ipam')
self._vnc_lib.network_ipam_create(ipam_obj)
vn_public.add_network_ipam(ipam_obj, VnSubnetsType(
[IpamSubnetType(SubnetType("192.168.7.0", 24))]))
self._vnc_lib.virtual_network_create(vn_public)
#create logical router, set route targets,
#add private network and extend lr to public network
lr_name = self.id() + 'lr1'
lr = LogicalRouter(lr_name)
rtgt_list = RouteTargetList(route_target=['target:1:1'])
lr.set_configured_route_target_list(rtgt_list)
lr.add_virtual_machine_interface(vmi)
lr.add_virtual_network(vn_public)
self._vnc_lib.logical_router_create(lr)
@retries(5)
def _match_route_table(rtgt_list, ri_name):
lri = self._vnc_lib.routing_instance_read(
fq_name_str=ri_name)
sr = lri.get_static_route_entries()
if sr is None:
raise Exception("sr is None")
route = sr.route[0]
self.assertEqual(route.prefix, "0.0.0.0/0")
self.assertEqual(route.next_hop, "100.64.0.4")
for rtgt in rtgt_list:
self.assertIn(rtgt, route.route_target)
@retries(5)
def _wait_to_get_si():
si_list = self._vnc_lib.service_instances_list()
si = si_list.get("service-instances")[0]
si = self._vnc_lib.service_instance_read(id=si.get("uuid"))
return si
@retries(5)
def _wait_to_delete_si():
si_list = self._vnc_lib.service_instances_list()
try:
si = si_list.get("service-instances")[0]
si = self._vnc_lib.service_instance_read(id=si.get("uuid"))
raise
except:
pass
@retries(5)
def _wait_to_delete_ip(vn_fq_name):
vn = self._vnc_lib.virtual_network_read(fq_name=vn_fq_name)
ip_refs = vn.get_instance_ip_back_refs()
if ip_refs:
raise
return
# end
si = _wait_to_get_si()
si_props = si.get_service_instance_properties().get_interface_list()[1]
ri_name = si_props.virtual_network + ":" + si_props.virtual_network.split(':')[-1]
lr_rtgt = self._vnc_lib.logical_router_read(id=lr.uuid).route_target_refs[0]['to'][0]
_match_route_table(['target:1:1', lr_rtgt], ri_name)
rtgt_list = RouteTargetList(route_target=['target:2:2'])
lr.set_configured_route_target_list(rtgt_list)
self._vnc_lib.logical_router_update(lr)
_match_route_table(['target:2:2', lr_rtgt], ri_name)
lr.del_virtual_network(vn_public)
self._vnc_lib.logical_router_update(lr)
_wait_to_delete_si()
#cleanup
self._vnc_lib.logical_router_delete(fq_name=lr.get_fq_name())
self._vnc_lib.virtual_machine_interface_delete(fq_name=vmi.get_fq_name())
_wait_to_delete_ip(vn_private.get_fq_name())
self._vnc_lib.virtual_network_delete(fq_name=vn_private.get_fq_name())
_wait_to_delete_ip(vn_public.get_fq_name())
self._vnc_lib.virtual_network_delete(fq_name=vn_public.get_fq_name())
def test_policy_in_policy(self):
vn1_name = self.id() + 'vn1'
vn2_name = self.id() + 'vn2'
vn3_name = self.id() + 'vn3'
vn1_obj = VirtualNetwork(vn1_name)
vn2_obj = VirtualNetwork(vn2_name)
np1 = self.create_network_policy(vn1_obj, vn2_obj)
np2 = self.create_network_policy(vn2_obj, vn1_obj)
np1.network_policy_entries.policy_rule[0].dst_addresses[0].virtual_network = None
np1.network_policy_entries.policy_rule[0].dst_addresses[0].network_policy = np2.get_fq_name_str()
np1.set_network_policy_entries(np1.network_policy_entries)
self._vnc_lib.network_policy_update(np1)
np2.network_policy_entries.policy_rule[0].src_addresses[0].virtual_network = 'local'
np2.set_network_policy_entries(np1.network_policy_entries)
self._vnc_lib.network_policy_update(np2)
seq = SequenceType(1, 1)
vnp = VirtualNetworkPolicyType(seq)
vn1_obj.set_network_policy(np1, vnp)
vn2_obj.set_network_policy(np2, vnp)
self._vnc_lib.virtual_network_create(vn1_obj)
self._vnc_lib.virtual_network_create(vn2_obj)
self.check_ri_ref_present(self.get_ri_name(vn1_obj),
self.get_ri_name(vn2_obj))
self.check_ri_ref_present(self.get_ri_name(vn2_obj),
self.get_ri_name(vn1_obj))
vn3_obj = VirtualNetwork(vn3_name)
vn3_obj.set_network_policy(np2, vnp)
self._vnc_lib.virtual_network_create(vn3_obj)
self.check_ri_ref_present(self.get_ri_name(vn3_obj),
self.get_ri_name(vn1_obj))
vn3_obj.del_network_policy(np2)
self._vnc_lib.virtual_network_update(vn3_obj)
@retries(5)
def _match_acl_rule():
acl = self._vnc_lib.access_control_list_read(
fq_name=self.get_ri_name(vn1_obj))
for rule in acl.get_access_control_list_entries().get_acl_rule():
if rule.match_condition.dst_address.virtual_network == vn3_obj.get_fq_name_str():
raise Exception("ACL rule still present")
_match_acl_rule()
vn1_obj.del_network_policy(np1)
vn2_obj.del_network_policy(np2)
self._vnc_lib.virtual_network_update(vn1_obj)
self._vnc_lib.virtual_network_update(vn2_obj)
self.delete_network_policy(np1)
self.delete_network_policy(np2)
self._vnc_lib.virtual_network_delete(fq_name=vn1_obj.get_fq_name())
self._vnc_lib.virtual_network_delete(fq_name=vn2_obj.get_fq_name())
self._vnc_lib.virtual_network_delete(fq_name=vn3_obj.get_fq_name())
self.check_vn_is_deleted(uuid=vn1_obj.uuid)
def test_basic_policy(self):
vn1_name = self.id() + 'vn1'
vn2_name = self.id() + 'vn2'
vn1_obj = VirtualNetwork(vn1_name)
vn2_obj = VirtualNetwork(vn2_name)
np = self.create_network_policy(vn1_obj, vn2_obj)
seq = SequenceType(1, 1)
vnp = VirtualNetworkPolicyType(seq)
vn1_obj.set_network_policy(np, vnp)
vn2_obj.set_network_policy(np, vnp)
self._vnc_lib.virtual_network_create(vn1_obj)
self._vnc_lib.virtual_network_create(vn2_obj)
for obj in [vn1_obj, vn2_obj]:
ident_name = self.get_obj_imid(obj)
gevent.sleep(2)
self.assertThat(FakeIfmapClient._graph, Contains(ident_name))
self.check_ri_ref_present(self.get_ri_name(vn1_obj),
self.get_ri_name(vn2_obj))
self.check_ri_ref_present(self.get_ri_name(vn2_obj),
self.get_ri_name(vn1_obj))
vn1_obj.del_network_policy(np)
vn2_obj.del_network_policy(np)
self._vnc_lib.virtual_network_update(vn1_obj)
self._vnc_lib.virtual_network_update(vn2_obj)
self.check_ri_refs_are_deleted(fq_name=self.get_ri_name(vn2_obj))
self.delete_network_policy(np)
self._vnc_lib.virtual_network_delete(fq_name=vn1_obj.get_fq_name())
self._vnc_lib.virtual_network_delete(fq_name=vn2_obj.get_fq_name())
self.check_vn_is_deleted(uuid=vn1_obj.uuid)
self.check_ri_is_deleted(fq_name=self.get_ri_name(vn2_obj))
def _create_isolated_ns_virtual_network(self,
ns_name,
vn_name,
proj_obj,
ipam_obj=None,
provider=None):
"""
Create a virtual network for this namespace.
"""
vn = VirtualNetwork(name=vn_name,
parent_obj=proj_obj,
virtual_network_properties=VirtualNetworkType(
forwarding_mode='l3'),
address_allocation_mode='flat-subnet-only')
# Add annotatins on this isolated virtual-network.
VirtualNetworkKM.add_annotations(self,
vn,
namespace=ns_name,
name=ns_name,
isolated='True')
try:
vn_uuid = self._vnc_lib.virtual_network_create(vn)
except RefsExistError:
vn_obj = self._vnc_lib.virtual_network_read(
fq_name=vn.get_fq_name())
vn_uuid = vn_obj.uuid
vn = vn_obj
# Instance-Ip for pods on this VN, should be allocated from
# cluster pod ipam. Attach the cluster pod-ipam object
# to this virtual network.
vn.add_network_ipam(ipam_obj, VnSubnetsType([]))
# enable ip-fabric-forwarding
if provider:
ip_fabric_forwarding = self._get_ip_fabric_forwarding(ns_name)
if ip_fabric_forwarding == True:
add_provider = True
elif ip_fabric_forwarding == False:
add_provider = False
else:
add_provider = self._args.ip_fabric_forwarding
if add_provider:
vn.add_virtual_network(provider)
else:
vn_refs = vn.get_virtual_network_refs()
for vn_ref in vn_refs or []:
vn_ref_obj = self._vnc_lib.virtual_network_read(
id=vn_ref['uuid'])
vn.del_virtual_network(vn_ref_obj)
# Update VN.
self._vnc_lib.virtual_network_update(vn)
# Cache the virtual network.
VirtualNetworkKM.locate(vn_uuid)
return vn
def test_policy_in_policy(self):
vn1_name = self.id() + 'vn1'
vn2_name = self.id() + 'vn2'
vn3_name = self.id() + 'vn3'
vn1_obj = VirtualNetwork(vn1_name)
vn2_obj = VirtualNetwork(vn2_name)
np1 = self.create_network_policy(vn1_obj, vn2_obj)
np2 = self.create_network_policy(vn2_obj, vn1_obj)
np1.network_policy_entries.policy_rule[0].dst_addresses[
0].virtual_network = None
np1.network_policy_entries.policy_rule[0].dst_addresses[
0].network_policy = np2.get_fq_name_str()
np1.set_network_policy_entries(np1.network_policy_entries)
self._vnc_lib.network_policy_update(np1)
np2.network_policy_entries.policy_rule[0].src_addresses[
0].virtual_network = 'local'
np2.set_network_policy_entries(np1.network_policy_entries)
self._vnc_lib.network_policy_update(np2)
seq = SequenceType(1, 1)
vnp = VirtualNetworkPolicyType(seq)
vn1_obj.set_network_policy(np1, vnp)
vn2_obj.set_network_policy(np2, vnp)
self._vnc_lib.virtual_network_create(vn1_obj)
self._vnc_lib.virtual_network_create(vn2_obj)
self.check_ri_ref_present(self.get_ri_name(vn1_obj),
self.get_ri_name(vn2_obj))
self.check_ri_ref_present(self.get_ri_name(vn2_obj),
self.get_ri_name(vn1_obj))
vn3_obj = VirtualNetwork(vn3_name)
vn3_obj.set_network_policy(np2, vnp)
self._vnc_lib.virtual_network_create(vn3_obj)
self.check_ri_ref_present(self.get_ri_name(vn3_obj),
self.get_ri_name(vn1_obj))
vn3_obj.del_network_policy(np2)
self._vnc_lib.virtual_network_update(vn3_obj)
@retries(5)
def _match_acl_rule():
acl = self._vnc_lib.access_control_list_read(
fq_name=self.get_ri_name(vn1_obj))
for rule in acl.get_access_control_list_entries().get_acl_rule():
if (rule.match_condition.dst_address.virtual_network ==
vn3_obj.get_fq_name_str()):
raise Exception("ACL rule still present")
_match_acl_rule()
vn1_obj.del_network_policy(np1)
vn2_obj.del_network_policy(np2)
self._vnc_lib.virtual_network_update(vn1_obj)
self._vnc_lib.virtual_network_update(vn2_obj)
self.delete_network_policy(np1)
self.delete_network_policy(np2)
self._vnc_lib.virtual_network_delete(fq_name=vn1_obj.get_fq_name())
self._vnc_lib.virtual_network_delete(fq_name=vn2_obj.get_fq_name())
self._vnc_lib.virtual_network_delete(fq_name=vn3_obj.get_fq_name())
self.check_vn_is_deleted(uuid=vn1_obj.uuid)
def test_basic_policy(self):
vn1_name = self.id() + 'vn1'
vn2_name = self.id() + 'vn2'
vn1_obj = VirtualNetwork(vn1_name)
vn2_obj = VirtualNetwork(vn2_name)
np = self.create_network_policy(vn1_obj, vn2_obj)
seq = SequenceType(1, 1)
vnp = VirtualNetworkPolicyType(seq)
vn1_obj.set_network_policy(np, vnp)
vn2_obj.set_network_policy(np, vnp)
self._vnc_lib.virtual_network_create(vn1_obj)
self._vnc_lib.virtual_network_create(vn2_obj)
for obj in [vn1_obj, vn2_obj]:
self.assertTill(self.vnc_db_has_ident, obj=obj)
self.check_ri_ref_present(self.get_ri_name(vn1_obj),
self.get_ri_name(vn2_obj))
self.check_ri_ref_present(self.get_ri_name(vn2_obj),
self.get_ri_name(vn1_obj))
vn1_obj.del_network_policy(np)
vn2_obj.del_network_policy(np)
self._vnc_lib.virtual_network_update(vn1_obj)
self._vnc_lib.virtual_network_update(vn2_obj)
self.check_ri_refs_are_deleted(fq_name=self.get_ri_name(vn2_obj))
self.delete_network_policy(np)
self._vnc_lib.virtual_network_delete(fq_name=vn1_obj.get_fq_name())
self._vnc_lib.virtual_network_delete(fq_name=vn2_obj.get_fq_name())
self.check_vn_is_deleted(uuid=vn1_obj.uuid)
self.check_ri_is_deleted(fq_name=self.get_ri_name(vn2_obj))
def test_multiple_policy(self):
vn1_name = self.id() + 'vn1'
vn2_name = self.id() + 'vn2'
vn1_obj = VirtualNetwork(vn1_name)
vn2_obj = VirtualNetwork(vn2_name)
np1 = self.create_network_policy(vn1_obj, vn2_obj)
np2 = self.create_network_policy(vn2_obj, vn1_obj)
seq = SequenceType(1, 1)
vnp = VirtualNetworkPolicyType(seq)
vn1_obj.set_network_policy(np1, vnp)
vn2_obj.set_network_policy(np2, vnp)
self._vnc_lib.virtual_network_create(vn1_obj)
self._vnc_lib.virtual_network_create(vn2_obj)
self.check_ri_ref_present(self.get_ri_name(vn1_obj),
self.get_ri_name(vn2_obj))
self.check_ri_ref_present(self.get_ri_name(vn2_obj),
self.get_ri_name(vn1_obj))
np1.network_policy_entries.policy_rule[0].action_list.simple_action = 'deny'
np1.set_network_policy_entries(np1.network_policy_entries)
self._vnc_lib.network_policy_update(np1)
self.check_ri_refs_are_deleted(fq_name=self.get_ri_name(vn2_obj))
np1.network_policy_entries.policy_rule[0].action_list.simple_action = 'pass'
np1.set_network_policy_entries(np1.network_policy_entries)
self._vnc_lib.network_policy_update(np1)
self.check_ri_ref_present(self.get_ri_name(vn1_obj),
self.get_ri_name(vn2_obj))
np2.network_policy_entries.policy_rule[0].action_list.simple_action = 'deny'
np2.set_network_policy_entries(np2.network_policy_entries)
self._vnc_lib.network_policy_update(np2)
self.check_ri_refs_are_deleted(fq_name=self.get_ri_name(vn2_obj))
vn1_obj.del_network_policy(np1)
vn2_obj.del_network_policy(np2)
self._vnc_lib.virtual_network_update(vn1_obj)
self._vnc_lib.virtual_network_update(vn2_obj)
self.delete_network_policy(np1)
self.delete_network_policy(np2)
self._vnc_lib.virtual_network_delete(fq_name=vn1_obj.get_fq_name())
self._vnc_lib.virtual_network_delete(fq_name=vn2_obj.get_fq_name())
self.check_vn_is_deleted(uuid=vn1_obj.uuid)
def test_multiple_firewall_group_port_association(self):
vn = VirtualNetwork('%s-vn' % self.id(), parent_obj=self.project)
self._vnc_lib.virtual_network_create(vn)
vmi = VirtualMachineInterface('%s-vmi' % self.id(),
parent_obj=self.project)
vmi.add_virtual_network(vn)
vmi_id = self._vnc_lib.virtual_machine_interface_create(vmi)
neutron_fg1 = self.create_resource(
'firewall_group',
self.project_id,
extra_res_fields={
'name': '%s-fg1' % self.id(),
'ports': [vmi_id],
},
)
neutron_fg2 = self.create_resource(
'firewall_group',
self.project_id,
extra_res_fields={
'name': '%s-fg2' % self.id(),
},
)
tag1_fq_name = self._get_tag_fq_name(neutron_fg1, self.project)
tag2_fq_name = self._get_tag_fq_name(neutron_fg2, self.project)
self.assertEquals(set(neutron_fg1['ports']), set([vmi_id]))
vmi = self._vnc_lib.virtual_machine_interface_read(id=vmi_id)
tag_refs = [r['to'] for r in vmi.get_tag_refs() or []]
self.assertEquals(len(tag_refs), 1)
self.assertEquals(tag1_fq_name, tag_refs[0])
neutron_fg2 = self.update_resource(
'firewall_group',
neutron_fg2['id'],
self.project_id,
extra_res_fields={
'ports': [vmi_id],
},
)
neutron_fg1 = self.read_resource('firewall_group', neutron_fg1['id'])
self.assertEquals(set(neutron_fg1['ports']), set([vmi_id]))
self.assertEquals(set(neutron_fg2['ports']), set([vmi_id]))
vmi = self._vnc_lib.virtual_machine_interface_read(id=vmi_id)
tag_refs = [r['to'] for r in vmi.get_tag_refs() or []]
self.assertEquals(len(tag_refs), 2)
self.assertIn(tag1_fq_name, tag_refs)
self.assertIn(tag2_fq_name, tag_refs)
neutron_fg1 = self.update_resource(
'firewall_group',
neutron_fg1['id'],
self.project_id,
extra_res_fields={
'ports': [],
},
)
neutron_fg2 = self.read_resource('firewall_group', neutron_fg2['id'])
self.assertFalse(neutron_fg1['ports'])
self.assertEquals(set(neutron_fg2['ports']), set([vmi_id]))
vmi = self._vnc_lib.virtual_machine_interface_read(id=vmi_id)
tag_refs = [r['to'] for r in vmi.get_tag_refs() or []]
self.assertEquals(len(tag_refs), 1)
self.assertEquals(tag2_fq_name, tag_refs[0])
def test_vmi_update(self):
proj_obj, fabric_obj, pr_objs = self._create_prerequisites(
enterprise_style_flag=False, create_second_pr=True)
pr_obj_1 = pr_objs[0]
pr_obj_2 = pr_objs[1]
# Create first PI
esi_id = '00:11:22:33:44:55:66:77:88:99'
pi_name = self.id() + '_physical_interface1'
pi_1 = PhysicalInterface(name=pi_name,
parent_obj=pr_obj_1,
ethernet_segment_identifier=esi_id)
pi_uuid_1 = self._vnc_lib.physical_interface_create(pi_1)
pi_obj_1 = self._vnc_lib.physical_interface_read(id=pi_uuid_1)
fabric_name = fabric_obj.get_fq_name()
pi_fq_name_1 = pi_obj_1.get_fq_name()
# Create second PI
pi_name = self.id() + '_physical_interface2'
pi_2 = PhysicalInterface(name=pi_name,
parent_obj=pr_obj_2,
ethernet_segment_identifier=esi_id)
pi_uuid_2 = self._vnc_lib.physical_interface_create(pi_2)
pi_obj_2 = self._vnc_lib.physical_interface_read(id=pi_uuid_2)
fabric_name = fabric_obj.get_fq_name()
pi_fq_name_2 = pi_obj_2.get_fq_name()
# Create VPG
vpg_name = "vpg-1"
vpg = VirtualPortGroup(vpg_name, parent_obj=fabric_obj)
vpg_uuid = self.api.virtual_port_group_create(vpg)
vpg_obj = self._vnc_lib.virtual_port_group_read(id=vpg_uuid)
vpg_name = vpg_obj.get_fq_name()
# Create single VN
vn1 = VirtualNetwork('vn1-%s' % (self.id()), parent_obj=proj_obj)
self.api.virtual_network_create(vn1)
# Create a VMI that's attached to vpg-1 and having reference
# to vn1
vmi_obj = VirtualMachineInterface(self.id() + "1",
parent_obj=proj_obj)
vmi_obj.set_virtual_network(vn1)
# Populate binding profile to be used in VMI create
binding_profile = {'local_link_information': [
{'port_id': pi_fq_name_1[2],
'switch_id': pi_fq_name_1[2],
'fabric': fabric_name[-1],
'switch_info': pi_fq_name_1[1]},
{'port_id': pi_fq_name_2[2],
'switch_id': pi_fq_name_2[2],
'fabric': fabric_name[-1],
'switch_info': pi_fq_name_2[1]}]}
kv_pairs = KeyValuePairs(
[KeyValuePair(key='vpg', value=vpg_name[-1]),
KeyValuePair(key='vif_type', value='vrouter'),
KeyValuePair(key='vnic_type', value='baremetal'),
KeyValuePair(key='profile',
value=json.dumps(binding_profile))])
vmi_obj.set_virtual_machine_interface_bindings(kv_pairs)
vmi_obj.set_virtual_machine_interface_properties(
VirtualMachineInterfacePropertiesType(sub_interface_vlan_tag=42))
vmi_uuid_1 = self.api.virtual_machine_interface_create(vmi_obj)
# Read physical interface type, it should be set to access
pi_obj_1 = self._vnc_lib.physical_interface_read(id=pi_uuid_1)
pi_obj_2 = self._vnc_lib.physical_interface_read(id=pi_uuid_2)
intf_type_pi_1 = pi_obj_1.get_physical_interface_type()
self.assertEqual(intf_type_pi_1, 'access')
intf_type_pi_2 = pi_obj_2.get_physical_interface_type()
self.assertEqual(intf_type_pi_2, 'access')
vpg_obj.add_virtual_machine_interface(vmi_obj)
self.api.virtual_port_group_update(vpg_obj)
# Now, remove one of the local_link_information
binding_profile = {'local_link_information': [
{'port_id': pi_fq_name_1[2],
'switch_id': pi_fq_name_1[2],
'fabric': fabric_name[-1],
'switch_info': pi_fq_name_1[1]}]}
vmi_obj.set_virtual_machine_interface_bindings(kv_pairs)
self.api.virtual_machine_interface_update(vmi_obj)
self.api.virtual_machine_interface_delete(id=vmi_uuid_1)
self.api.virtual_port_group_delete(id=vpg_obj.uuid)
# Read physical interface type again, it should be set to None
pi_obj_1 = self._vnc_lib.physical_interface_read(id=pi_uuid_1)
pi_obj_2 = self._vnc_lib.physical_interface_read(id=pi_uuid_2)
intf_type_pi_1 = pi_obj_1.get_physical_interface_type()
self.assertEqual(intf_type_pi_1, None)
intf_type_pi_2 = pi_obj_2.get_physical_interface_type()
self.assertEqual(intf_type_pi_2, None)
self.api.physical_interface_delete(id=pi_uuid_1)
self.api.physical_interface_delete(id=pi_uuid_2)
self.api.physical_router_delete(id=pr_obj_1.uuid)
self.api.physical_router_delete(id=pr_obj_2.uuid)
self.api.fabric_delete(id=fabric_obj.uuid)
def test_resource_exists_before_disassociate_tag(self):
vn = VirtualNetwork('vn-%s' % self.id())
with ExpectedException(exceptions.BadRequest):
self.api.unset_tag(vn, 'fake_type-%s' % self.id())
def test_multiple_policy(self):
vn1_name = self.id() + 'vn1'
vn2_name = self.id() + 'vn2'
vn1_obj = VirtualNetwork(vn1_name)
vn2_obj = VirtualNetwork(vn2_name)
np1 = self.create_network_policy(vn1_obj, vn2_obj)
np2 = self.create_network_policy(vn2_obj, vn1_obj)
seq = SequenceType(1, 1)
vnp = VirtualNetworkPolicyType(seq)
vn1_obj.set_network_policy(np1, vnp)
vn2_obj.set_network_policy(np2, vnp)
self._vnc_lib.virtual_network_create(vn1_obj)
self._vnc_lib.virtual_network_create(vn2_obj)
self.check_ri_ref_present(self.get_ri_name(vn1_obj),
self.get_ri_name(vn2_obj))
self.check_ri_ref_present(self.get_ri_name(vn2_obj),
self.get_ri_name(vn1_obj))
np1.network_policy_entries.policy_rule[
0].action_list.simple_action = 'deny'
np1.set_network_policy_entries(np1.network_policy_entries)
self._vnc_lib.network_policy_update(np1)
self.assertTill(
self.ifmap_ident_has_link,
type_fq_name=('routing-instance', self.get_ri_name(vn1_obj)),
link_name='contrail:connection contrail:routing-instance:%s' %
':'.join(self.get_ri_name(vn2_obj)))
np1.network_policy_entries.policy_rule[
0].action_list.simple_action = 'pass'
np1.set_network_policy_entries(np1.network_policy_entries)
self._vnc_lib.network_policy_update(np1)
np2.network_policy_entries.policy_rule[
0].action_list.simple_action = 'deny'
np2.set_network_policy_entries(np2.network_policy_entries)
self._vnc_lib.network_policy_update(np2)
self.assertTill(
self.ifmap_ident_has_link,
type_fq_name=('routing-instance', self.get_ri_name(vn2_obj)),
link_name='contrail:connection contrail:routing-instance:%s' %
':'.join(self.get_ri_name(vn1_obj)))
vn1_obj.del_network_policy(np1)
vn2_obj.del_network_policy(np2)
self._vnc_lib.virtual_network_update(vn1_obj)
self._vnc_lib.virtual_network_update(vn2_obj)
self.check_ri_refs_are_deleted(fq_name=self.get_ri_name(vn2_obj))
self.delete_network_policy(np1)
self.delete_network_policy(np2)
self._vnc_lib.virtual_network_delete(fq_name=vn1_obj.get_fq_name())
self._vnc_lib.virtual_network_delete(fq_name=vn2_obj.get_fq_name())
self.check_vn_is_deleted(uuid=vn1_obj.uuid)
def test_cannot_set_vn_id(self):
vn_obj = VirtualNetwork('%s-vn' % self.id())
vn_obj.set_virtual_network_network_id(42)
with ExpectedException(PermissionDenied):
self.api.virtual_network_create(vn_obj)
def test_public_snat_routes(self):
# create private vn
vn_private_name = self.id() + 'vn1'
vn_private = self.create_virtual_network(vn_private_name, "1.0.0.0/24")
# create virtual machine interface
vmi_name = self.id() + 'vmi1'
vmi = VirtualMachineInterface(
vmi_name,
parent_type='project',
fq_name=['default-domain', 'default-project', vmi_name])
vmi.add_virtual_network(vn_private)
self._vnc_lib.virtual_machine_interface_create(vmi)
# create public vn
vn_public_name = 'vn-public'
vn_public = VirtualNetwork(vn_public_name)
vn_public.set_router_external(True)
ipam_obj = NetworkIpam('ipam')
self._vnc_lib.network_ipam_create(ipam_obj)
vn_public.add_network_ipam(
ipam_obj,
VnSubnetsType([IpamSubnetType(SubnetType("192.168.7.0", 24))]))
self._vnc_lib.virtual_network_create(vn_public)
# create logical router, set route targets,
# add private network and extend lr to public network
lr_name = self.id() + 'lr1'
lr = LogicalRouter(lr_name)
rtgt_list = RouteTargetList(route_target=['target:1:1'])
lr.set_configured_route_target_list(rtgt_list)
lr.add_virtual_machine_interface(vmi)
lr.add_virtual_network(vn_public)
self._vnc_lib.logical_router_create(lr)
@retries(5)
def _match_route_table(rtgt_list, ri_name):
lri = self._vnc_lib.routing_instance_read(fq_name_str=ri_name)
sr = lri.get_static_route_entries()
if sr is None:
raise Exception("sr is None")
route = sr.route[0]
self.assertEqual(route.prefix, "0.0.0.0/0")
self.assertEqual(route.next_hop, "100.64.0.4")
for rtgt in rtgt_list:
self.assertIn(rtgt, route.route_target)
@retries(5)
def _wait_to_get_si():
si_list = self._vnc_lib.service_instances_list()
si = si_list.get("service-instances")[0]
si = self._vnc_lib.service_instance_read(id=si.get("uuid"))
return si
@retries(5)
def _wait_to_delete_si():
si_list = self._vnc_lib.service_instances_list()
try:
si = si_list.get("service-instances")[0]
si = self._vnc_lib.service_instance_read(id=si.get("uuid"))
raise
except Exception:
pass
@retries(5)
def _wait_to_delete_ip(vn_fq_name):
vn = self._vnc_lib.virtual_network_read(fq_name=vn_fq_name)
ip_refs = vn.get_instance_ip_back_refs()
if ip_refs:
raise
return
# end
si = _wait_to_get_si()
si_props = si.get_service_instance_properties().get_interface_list()[1]
ri_name = si_props.virtual_network + ":" + \
si_props.virtual_network.split(':')[-1]
lr_rtgt = self._vnc_lib.logical_router_read(
id=lr.uuid).route_target_refs[0]['to'][0]
_match_route_table(['target:1:1', lr_rtgt], ri_name)
rtgt_list = RouteTargetList(route_target=['target:2:2'])
lr.set_configured_route_target_list(rtgt_list)
self._vnc_lib.logical_router_update(lr)
_match_route_table(['target:2:2', lr_rtgt], ri_name)
lr.del_virtual_network(vn_public)
self._vnc_lib.logical_router_update(lr)
_wait_to_delete_si()
# cleanup
self._vnc_lib.logical_router_delete(fq_name=lr.get_fq_name())
self._vnc_lib.virtual_machine_interface_delete(
fq_name=vmi.get_fq_name())
_wait_to_delete_ip(vn_private.get_fq_name())
self._vnc_lib.virtual_network_delete(fq_name=vn_private.get_fq_name())
_wait_to_delete_ip(vn_public.get_fq_name())
self._vnc_lib.virtual_network_delete(fq_name=vn_public.get_fq_name())
def test_list_firewall_group(self):
vn = VirtualNetwork('%s-vn' % self.id(), parent_obj=self.project)
self._vnc_lib.virtual_network_create(vn)
neutron_fgs = []
fp_ids = []
vmi_ids = []
for i in range(2):
fp = FirewallPolicy('%s-fp%d' % (self.id(), i),
parent_obj=self.project)
fp_ids.append(self._vnc_lib.firewall_policy_create(fp))
vmi = VirtualMachineInterface('%s-vmi%d' % (self.id(), i),
parent_obj=self.project)
vmi.add_virtual_network(vn)
vmi_ids.append(self._vnc_lib.virtual_machine_interface_create(vmi))
neutron_fgs.append(
self.create_resource(
'firewall_group',
self.project_id,
extra_res_fields={
'name': '%s-fg%d' % (self.id(), i),
'ingress_firewall_policy_id': fp.uuid,
'ports': [vmi.uuid],
},
), )
list_result = self.list_resource(
'firewall_group',
self.project_id,
req_filters={
'ingress_firewall_policy_id': fp_ids,
},
)
self.assertEquals(len(list_result), len(neutron_fgs))
self.assertEquals({r['id']
for r in list_result},
{r['id']
for r in neutron_fgs})
list_result = self.list_resource(
'firewall_group',
self.project_id,
req_filters={
'egress_firewall_policy_id': fp_ids,
},
)
self.assertEquals(len(list_result), len(neutron_fgs))
self.assertEquals({r['id']
for r in list_result},
{r['id']
for r in neutron_fgs})
list_result = self.list_resource(
'firewall_group',
self.project_id,
req_filters={
'ports': vmi_ids,
},
)
self.assertEquals(len(list_result), len(neutron_fgs))
self.assertEquals({r['id']
for r in list_result},
{r['id']
for r in neutron_fgs})
list_result = self.list_resource(
'firewall_group',
self.project_id,
req_filters={
'ingress_firewall_policy_id': [fp_ids[0]],
},
)
self.assertEquals(len(list_result), 1)
self.assertEquals(list_result[0], neutron_fgs[0])
list_result = self.list_resource(
'firewall_group',
self.project_id,
req_filters={
'egress_firewall_policy_id': [fp_ids[1]],
},
)
self.assertEquals(len(list_result), 1)
self.assertEquals(list_result[0], neutron_fgs[1])
list_result = self.list_resource(
'firewall_group',
self.project_id,
req_filters={
'ports': [vmi_ids[0]],
},
)
self.assertEquals(len(list_result), 1)
self.assertEquals(list_result[0], neutron_fgs[0])
def test_basic_policy(self):
vn1_name = self.id() + 'vn1'
vn2_name = self.id() + 'vn2'
vn1_obj = VirtualNetwork(vn1_name)
vn2_obj = VirtualNetwork(vn2_name)
np = self.create_network_policy(vn1_obj, vn2_obj)
seq = SequenceType(1, 1)
vnp = VirtualNetworkPolicyType(seq)
vn1_obj.set_network_policy(np, vnp)
vn2_obj.set_network_policy(np, vnp)
self._vnc_lib.virtual_network_create(vn1_obj)
self._vnc_lib.virtual_network_create(vn2_obj)
for obj in [vn1_obj, vn2_obj]:
self.assertTill(self.vnc_db_has_ident, obj=obj)
self.check_ri_ref_present(self.get_ri_name(vn1_obj),
self.get_ri_name(vn2_obj))
self.check_ri_ref_present(self.get_ri_name(vn2_obj),
self.get_ri_name(vn1_obj))
vn1_obj.del_network_policy(np)
vn2_obj.del_network_policy(np)
self._vnc_lib.virtual_network_update(vn1_obj)
self._vnc_lib.virtual_network_update(vn2_obj)
self.check_ri_refs_are_deleted(fq_name=self.get_ri_name(vn2_obj))
self.delete_network_policy(np)
self._vnc_lib.virtual_network_delete(fq_name=vn1_obj.get_fq_name())
self._vnc_lib.virtual_network_delete(fq_name=vn2_obj.get_fq_name())
self.check_vn_is_deleted(uuid=vn1_obj.uuid)
self.check_ri_is_deleted(fq_name=self.get_ri_name(vn2_obj))
def test_resource_exists_before_disassociate_tag(self):
vn = VirtualNetwork('vn-%s' % self.id())
self.assertRaises(BadRequest, self.api.unset_tag, vn,
'fake_type-%s' % self.id())
def _pre_create_virtual_networks(self):
# red ang green VN are the provider VNs
virtual_network_red = VirtualNetwork(
name='test-virtual-network-red',
parent_obj=self.project)
self.vlan_id_red = 100
virtual_network_red.set_is_provider_network(True)
virtual_network_red.set_provider_properties(
ProviderDetails(
segmentation_id=self.vlan_id_red,
physical_network=self.physnet))
virtual_network_red_uuid = \
self.api.virtual_network_create(virtual_network_red)
self.virtual_network_red = \
self.api.virtual_network_read(id=virtual_network_red_uuid)
virtual_network_green = VirtualNetwork(
name='test-virtual-network-green',
parent_obj=self.project)
self.vlan_id_green = 200
virtual_network_green.set_is_provider_network(True)
virtual_network_green.set_provider_properties(
ProviderDetails(
segmentation_id=self.vlan_id_green,
physical_network=self.physnet))
virtual_network_green_uuid = \
self.api.virtual_network_create(virtual_network_green)
self.virtual_network_green = \
self.api.virtual_network_read(id=virtual_network_green_uuid)
# blue VN is the non-provider VN
virtual_network_blue = VirtualNetwork(
name='test-virtual-network-blue',
parent_obj=self.project)
virtual_network_red.set_is_provider_network(False)
virtual_network_blue_uuid = \
self.api.virtual_network_create(virtual_network_blue)
self.virtual_network_blue = \
self.api.virtual_network_read(id=virtual_network_blue_uuid)
def test_resource_not_updated_if_no_tag_references_modified(self):
project = Project('project-%s' % self.id())
self.api.project_create(project)
vn = VirtualNetwork('vn-%s' % self.id(), parent_obj=project)
self.api.virtual_network_create(vn)
tag_type = 'fake_type-%s' % self.id()
tag_value = 'fake_value-%s' % self.id()
tag = Tag(tag_type_name=tag_type,
tag_value=tag_value,
parent_obj=project)
self.api.tag_create(tag)
original_resource_update = self._api_server._db_conn.dbe_update
def update_resource(*args, **kwargs):
original_resource_update(*args, **kwargs)
with mock.patch.object(self._api_server._db_conn,
'dbe_update',
side_effect=update_resource) as mock_db_update:
self.api.unset_tag(vn, tag_type)
mock_db_update.assert_not_called()
mock_db_update.reset_mock()
self.api.set_tag(vn, tag_type, tag_value)
mock_db_update.assert_called()
mock_db_update.reset_mock()
self.api.set_tag(vn, tag_type, tag_value)
mock_db_update.assert_not_called()
mock_db_update.reset_mock()
self.api.unset_tag(vn, tag_type)
mock_db_update.assert_called()
tag_type = 'label'
tag_value1 = '%s-label1' % self.id()
label_tag1 = Tag(tag_type_name=tag_type,
tag_value=tag_value1,
parent_obj=project)
self.api.tag_create(label_tag1)
tag_value2 = '%s-label2' % self.id()
label_tag2 = Tag(tag_type_name=tag_type,
tag_value=tag_value2,
parent_obj=project)
self.api.tag_create(label_tag2)
tags_dict = {
tag_type: {
'delete_values': [tag_value1, tag_value2],
},
}
mock_db_update.reset_mock()
self.api.set_tags(vn, tags_dict)
mock_db_update.assert_not_called()
tags_dict = {
tag_type: {
'add_values': [tag_value1, tag_value2],
},
}
mock_db_update.reset_mock()
self.api.set_tags(vn, tags_dict)
mock_db_update.assert_called()
mock_db_update.reset_mock()
self.api.set_tag(vn, tag_type, tag_value1)
self.api.set_tags(vn, tags_dict)
mock_db_update.assert_not_called()
tags_dict = {
tag_type: {
'delete_values': [tag_value1, tag_value2],
},
}
mock_db_update.reset_mock()
self.api.set_tags(vn, tags_dict)
mock_db_update.assert_called()
def test_multiple_policy(self):
vn1_name = self.id() + 'vn1'
vn2_name = self.id() + 'vn2'
vn1_obj = VirtualNetwork(vn1_name)
vn2_obj = VirtualNetwork(vn2_name)
np1 = self.create_network_policy(vn1_obj, vn2_obj)
np2 = self.create_network_policy(vn2_obj, vn1_obj)
seq = SequenceType(1, 1)
vnp = VirtualNetworkPolicyType(seq)
vn1_obj.set_network_policy(np1, vnp)
vn2_obj.set_network_policy(np2, vnp)
self._vnc_lib.virtual_network_create(vn1_obj)
self._vnc_lib.virtual_network_create(vn2_obj)
self.check_ri_ref_present(self.get_ri_name(vn1_obj),
self.get_ri_name(vn2_obj))
self.check_ri_ref_present(self.get_ri_name(vn2_obj),
self.get_ri_name(vn1_obj))
np1.network_policy_entries.policy_rule[0].action_list.simple_action = \
'deny'
np1.set_network_policy_entries(np1.network_policy_entries)
self._vnc_lib.network_policy_update(np1)
self.check_ri_refs_are_deleted(fq_name=self.get_ri_name(vn2_obj))
np1.network_policy_entries.policy_rule[0].action_list.simple_action = \
'pass'
np1.set_network_policy_entries(np1.network_policy_entries)
self._vnc_lib.network_policy_update(np1)
self.check_ri_ref_present(self.get_ri_name(vn1_obj),
self.get_ri_name(vn2_obj))
np2.network_policy_entries.policy_rule[0].action_list.simple_action = \
'deny'
np2.set_network_policy_entries(np2.network_policy_entries)
self._vnc_lib.network_policy_update(np2)
self.check_ri_refs_are_deleted(fq_name=self.get_ri_name(vn2_obj))
vn1_obj.del_network_policy(np1)
vn2_obj.del_network_policy(np2)
self._vnc_lib.virtual_network_update(vn1_obj)
self._vnc_lib.virtual_network_update(vn2_obj)
self.delete_network_policy(np1)
self.delete_network_policy(np2)
self._vnc_lib.virtual_network_delete(fq_name=vn1_obj.get_fq_name())
self._vnc_lib.virtual_network_delete(fq_name=vn2_obj.get_fq_name())
self.check_vn_is_deleted(uuid=vn1_obj.uuid)
self.check_vn_is_deleted(uuid=vn2_obj.uuid)
def test_single_vn_in_vpg_with_different_vlan_for_service_provider(self):
proj_obj, fabric_obj, pr_obj = self._create_prerequisites(
enterprise_style_flag=False)
esi_id = '00:11:22:33:44:55:66:77:88:99'
pi_name = self.id() + '_physical_interface1'
pi = PhysicalInterface(name=pi_name,
parent_obj=pr_obj,
ethernet_segment_identifier=esi_id)
pi_uuid = self._vnc_lib.physical_interface_create(pi)
pi_obj = self._vnc_lib.physical_interface_read(id=pi_uuid)
fabric_name = fabric_obj.get_fq_name()
pi_fq_name = pi_obj.get_fq_name()
# Create VPG
vpg_name = "vpg-1"
vpg = VirtualPortGroup(vpg_name, parent_obj=fabric_obj)
vpg_uuid = self.api.virtual_port_group_create(vpg)
vpg_obj = self._vnc_lib.virtual_port_group_read(id=vpg_uuid)
vpg_name = vpg_obj.get_fq_name()
# Create single VN
vn1 = VirtualNetwork('vn1-%s' % (self.id()), parent_obj=proj_obj)
self.api.virtual_network_create(vn1)
# Create a VMI that's attached to vpg-1 and having reference
# to vn1
vmi_obj = VirtualMachineInterface(self.id() + "1",
parent_obj=proj_obj)
vmi_obj.set_virtual_network(vn1)
# Create KV_Pairs for this VMI
kv_pairs = self._create_kv_pairs(pi_fq_name,
fabric_name,
vpg_name)
vmi_obj.set_virtual_machine_interface_bindings(kv_pairs)
vmi_obj.set_virtual_machine_interface_properties(
VirtualMachineInterfacePropertiesType(sub_interface_vlan_tag=42))
vmi_uuid_1 = self.api.virtual_machine_interface_create(vmi_obj)
vpg_obj.add_virtual_machine_interface(vmi_obj)
self.api.virtual_port_group_update(vpg_obj)
# Now, try to create the second VMI with same VN, but with a different
# VLAN. This should pass
vmi_obj_2 = VirtualMachineInterface(self.id() + "2",
parent_obj=proj_obj)
vmi_obj_2.set_virtual_network(vn1)
# Create KV_Pairs for this VMI
kv_pairs = self._create_kv_pairs(pi_fq_name,
fabric_name,
vpg_name)
vmi_obj_2.set_virtual_machine_interface_bindings(kv_pairs)
vmi_obj_2.set_virtual_machine_interface_properties(
VirtualMachineInterfacePropertiesType(sub_interface_vlan_tag=43))
vmi_uuid_2 = self.api.virtual_machine_interface_create(vmi_obj_2)
self.api.virtual_machine_interface_delete(id=vmi_uuid_1)
self.api.virtual_machine_interface_delete(id=vmi_uuid_2)
self.api.virtual_port_group_delete(id=vpg_obj.uuid)
self.api.physical_interface_delete(id=pi_uuid)
self.api.physical_router_delete(id=pr_obj.uuid)
self.api.fabric_delete(id=fabric_obj.uuid)
def test_provider_network(self):
"""
Test description.
Verify:
1. Check creating a non-provider VNs with
non-provider VNs connected to it is not allowed
2. Check a non provider-VN can not be created
with is_provider_network property set to True
3. Check is_provider_network property of a
provider-VN is True by default
4. Check is_provider_network property of a
provider-VN can be set as True
5. Check is_provider_network property of provider-VN
can not be set as False
6. Check is_provider_network property of non provider-VN
can not be set as True
7. Check is_provider_network property of non provider-VN
can be set as False
8. Check setting other parameters of a non provider-VN
is not affected
9. Check db_resync sets is_provider_network property
of provider-VN as True (simulating upgrade case)
10. Check non provider VNs can be added to
provider VN
11. Check the provider-VN can be added to a VN
12. Check non provider-VN can not be added to a VN
13. Check many VNs can be linked to the provider-VN
14. Check (provider-vn -> any-VN),DENY acl rule is added to
the provider-VN
15. Check (VN -> provider-VN),DENY acl rule is added to
the VN
16. Adding a (VN -> provider-VN),PASS acl rule at VN removes
(VN -> provider-VN),DENY acl rule
Assumption: ip-fabric VN is the provider-VN
"""
# create two VNs - vn1, vn2
vn1_name = self.id() + '_vn1'
vn2_name = self.id() + '_vn2'
vn3_name = self.id() + '_vn3'
vn4_name = self.id() + '_vn4'
vn1_obj1 = VirtualNetwork(vn1_name)
vn2_obj1 = VirtualNetwork(vn2_name)
vn3_obj1 = VirtualNetwork(vn3_name)
vn4_obj1 = VirtualNetwork(vn4_name)
self._vnc_lib.virtual_network_create(vn1_obj1)
self._vnc_lib.virtual_network_create(vn2_obj1)
self._vnc_lib.virtual_network_create(vn3_obj1)
# try creating non provider_vn with linked
# non provider_vn (linked before creating)
vn4_obj1.add_virtual_network(vn3_obj1)
self.assertRaises(BadRequest, self._vnc_lib.virtual_network_create,
vn4_obj1)
vn4_obj1.add_virtual_network(vn2_obj1)
self.assertRaises(BadRequest, self._vnc_lib.virtual_network_create,
vn4_obj1)
# remove vn3_obj1 and vn2_obj1
# as its not allowed
vn4_obj1.del_virtual_network(vn3_obj1)
vn4_obj1.del_virtual_network(vn2_obj1)
# set is_provider_network on a non provider-vn
# and try creating it
vn4_obj1.set_is_provider_network(True)
self.assertRaises(BadRequest, self._vnc_lib.virtual_network_create,
vn4_obj1)
# set it as False and retry creating it
vn4_obj1.set_is_provider_network(False)
self._vnc_lib.virtual_network_create(vn4_obj1)
# Check updating other parameters of a non provider VN
# when no provider VN is not connected
vn4_obj1.set_mac_aging_time(400)
self._vnc_lib.virtual_network_update(vn4_obj1)
# retrieve provider network, assuming ip-fabric for now
provider_fq_name = ['default-domain', 'default-project', 'ip-fabric']
provider_vn = self._vnc_lib.virtual_network_read(
fq_name=provider_fq_name)
self.assertEqual(provider_vn.get_is_provider_network(), True)
# check is_provider_network of provider_vn
# can be set to True (ie only as its default)
provider_vn.set_is_provider_network(True)
self._vnc_lib.virtual_network_update(provider_vn)
# check is_provider_network of provider_vn
# can not be set to False
provider_vn.set_is_provider_network(False)
self.assertRaises(BadRequest, self._vnc_lib.virtual_network_update,
provider_vn)
# check is_provider_network of non provider_vn
# can be set to False
vn4_obj1.set_is_provider_network(False)
self._vnc_lib.virtual_network_update(vn4_obj1)
# check is_provider_network of non provider_vn
# can not be set to True
vn4_obj1.set_is_provider_network(True)
self.assertRaises(BadRequest, self._vnc_lib.virtual_network_update,
vn4_obj1)
# check db_resync sets is_provider_network property
# as True in provider-vn
self._api_server._db_conn.db_resync()
provider_vn = self._vnc_lib.virtual_network_read(
fq_name=provider_fq_name)
self.assertEqual(provider_vn.get_is_provider_network(), True)
# check adding vn3 and vn2 to provider vn
provider_vn.add_virtual_network(vn2_obj1)
provider_vn.add_virtual_network(vn3_obj1)
self._vnc_lib.virtual_network_update(provider_vn)
gevent.sleep(5)
provider_vn = self._vnc_lib.virtual_network_read(
fq_name=provider_vn.get_fq_name())
self.assertEqual(len(provider_vn.virtual_network_refs), 2)
linked_uuids = [
ref['uuid'] for ref in provider_vn.virtual_network_refs
]
self.assertIn(vn3_obj1.uuid, linked_uuids)
self.assertIn(vn2_obj1.uuid, linked_uuids)
VirtualNetworkST._dict = {}
VirtualNetworkST.reinit()
provider_vn = self._vnc_lib.virtual_network_read(
fq_name=provider_vn.get_fq_name())
vn3_obj1 = self._vnc_lib.virtual_network_read(
fq_name=vn3_obj1.get_fq_name())
vn2_obj1 = self._vnc_lib.virtual_network_read(
fq_name=vn2_obj1.get_fq_name())
self.assertEqual(len(provider_vn.virtual_network_refs), 2)
linked_uuids = [
ref['uuid'] for ref in provider_vn.virtual_network_refs
]
self.assertIn(vn3_obj1.uuid, linked_uuids)
self.assertIn(vn2_obj1.uuid, linked_uuids)
self.check_acl_implicit_deny_rule(
fq_name=self.get_ri_name(provider_vn),
src_vn=':'.join(provider_fq_name),
dst_vn='any')
self.check_acl_implicit_deny_rule(fq_name=self.get_ri_name(vn2_obj1),
src_vn=vn2_obj1.get_fq_name_str(),
dst_vn=':'.join(provider_fq_name))
self.check_acl_implicit_deny_rule(fq_name=self.get_ri_name(vn3_obj1),
src_vn=vn3_obj1.get_fq_name_str(),
dst_vn=':'.join(provider_fq_name))
# check adding provider vn to vn1 works
vn1_obj1.add_virtual_network(provider_vn)
self._vnc_lib.virtual_network_update(vn1_obj1)
gevent.sleep(2)
vn1_obj2 = self._vnc_lib.virtual_network_read(
fq_name=vn1_obj1.get_fq_name())
self.assertEqual(vn1_obj2.virtual_network_refs[0]['to'],
provider_fq_name)
self.check_acl_implicit_deny_rule(fq_name=self.get_ri_name(vn1_obj2),
src_vn=vn1_obj2.get_fq_name_str(),
dst_vn=':'.join(provider_fq_name))
# Check updating other parameters of a non provider VN
# when a provider VN is connected
vn1_obj2.set_mac_aging_time(400)
self._vnc_lib.virtual_network_update(vn1_obj2)
# create a policy to allow icp between vn1 <> vn2
# and update vn1
vn1_to_vn2_rule = {
"protocol": "icmp",
"direction": "<>",
"src": {
"type": "vn",
"value": vn1_obj2
},
"dst": [{
"type": "vn",
"value": vn2_obj1
}],
"action": "pass"
}
np = self.create_network_policy_with_multiple_rules([vn1_to_vn2_rule])
seq = SequenceType(1, 1)
vnp = VirtualNetworkPolicyType(seq)
vn1_obj2.set_network_policy(np, vnp)
self._vnc_lib.virtual_network_update(vn1_obj2)
vn1_obj3 = self._vnc_lib.virtual_network_read(
fq_name=vn1_obj2.get_fq_name())
# check linking a non provider network is not allowed
vn1_obj3.add_virtual_network(vn2_obj1)
self.assertRaises(BadRequest, self._vnc_lib.virtual_network_update,
vn1_obj3)
vn1_obj4 = self._vnc_lib.virtual_network_read(
fq_name=vn1_obj3.get_fq_name())
self.assertEqual(vn1_obj4.virtual_network_refs[0]['to'],
provider_fq_name)
self.assertNotEqual(vn1_obj4.virtual_network_refs[0]['to'],
vn2_obj1.get_fq_name())
# check the provider-network got a deny rule to any VN
provider_to_vn1_rule = {
"protocol": "icmp",
"direction": ">",
"src": {
"type": "vn",
"value": provider_vn
},
"dst": [{
"type": "vn",
"value": vn1_obj4
}],
"action": "pass"
}
np = self.create_network_policy_with_multiple_rules(
[provider_to_vn1_rule])
seq = SequenceType(1, 1)
vnp = VirtualNetworkPolicyType(seq)
provider_vn.set_network_policy(np, vnp)
self._vnc_lib.virtual_network_update(provider_vn)
self.check_acl_implicit_deny_rule(
fq_name=self.get_ri_name(provider_vn),
src_vn=':'.join(provider_fq_name),
dst_vn='any')
# check the network connected to provider-network
# got a deny rule to provider-network
self.check_acl_implicit_deny_rule(fq_name=self.get_ri_name(vn1_obj4),
src_vn=':'.join(
vn1_obj4.get_fq_name()),
dst_vn=':'.join(provider_fq_name))
# add an explicit policy to allow traffic to provider network
# and the implicit deny is removed
vn1_to_provider_rule = {
"protocol": "any",
"direction": ">",
"src": {
"type": "vn",
"value": vn1_obj4
},
"dst": [{
"type": "vn",
"value": provider_vn
}],
"action": "pass"
}
np = self.create_network_policy_with_multiple_rules(
[vn1_to_provider_rule])
seq = SequenceType(1, 1)
vnp = VirtualNetworkPolicyType(seq)
vn1_obj4.set_network_policy(np, vnp)
self._vnc_lib.virtual_network_update(vn1_obj4)
vn1_obj5 = self._vnc_lib.virtual_network_read(
fq_name=vn1_obj4.get_fq_name())
self.check_acl_no_implicit_deny_rule(
fq_name=self.get_ri_name(vn1_obj5),
src_vn=':'.join(vn1_obj5.get_fq_name()),
dst_vn=':'.join(provider_fq_name))
self.check_acl_allow_rule(fq_name=self.get_ri_name(vn1_obj5),
src_vn=':'.join(vn1_obj5.get_fq_name()),
dst_vn=':'.join(provider_fq_name))
# adding explicit policy to allow traffic to provider network
# do not change deny rule in provider network
self.check_acl_implicit_deny_rule(
fq_name=self.get_ri_name(provider_vn),
src_vn=':'.join(provider_fq_name),
dst_vn='any')
def _create_isolated_ns_virtual_network(self, ns_name, vn_name,
vn_type, proj_obj, ipam_obj=None, provider=None,
enforce_policy=False):
"""
Create/Update a virtual network for this namespace.
"""
vn_exists = False
vn = VirtualNetwork(
name=vn_name, parent_obj=proj_obj,
virtual_network_properties=VirtualNetworkType(forwarding_mode='l3'),
address_allocation_mode='flat-subnet-only')
try:
vn_obj = self._vnc_lib.virtual_network_read(
fq_name=vn.get_fq_name())
vn_exists = True
except NoIdError:
# VN does not exist. Create one.
vn_obj = vn
fabric_snat = False
if vn_type == 'pod-network':
if self._is_ip_fabric_snat_enabled(ns_name):
fabric_snat = True
if not vn_exists:
# Add annotatins on this isolated virtual-network.
VirtualNetworkKM.add_annotations(self, vn, namespace=ns_name,
name=ns_name, isolated='True')
# Instance-Ip for pods on this VN, should be allocated from
# cluster pod ipam. Attach the cluster pod-ipam object
# to this virtual network.
vn_obj.add_network_ipam(ipam_obj, VnSubnetsType([]))
if provider:
# enable ip_fabric_forwarding
vn_obj.add_virtual_network(provider)
elif fabric_snat:
# enable fabric_snat
vn_obj.set_fabric_snat(True)
else:
# disable fabric_snat
vn_obj.set_fabric_snat(False)
vn_uuid = self._vnc_lib.virtual_network_create(vn_obj)
# Cache the virtual network.
VirtualNetworkKM.locate(vn_uuid)
else:
ip_fabric_enabled = False
if provider:
vn_refs = vn_obj.get_virtual_network_refs()
ip_fabric_fq_name = provider.fq_name
for vn in vn_refs or []:
vn_fq_name = vn['to']
if vn_fq_name == ip_fabric_fq_name:
ip_fabric_enabled = True
break
if not ip_fabric_enabled and fabric_snat:
# enable fabric_snat
vn_obj.set_fabric_snat(True)
else:
# disable fabric_snat
vn_obj.set_fabric_snat(False)
# Update VN.
self._vnc_lib.virtual_network_update(vn_obj)
vn_uuid = vn_obj.get_uuid()
vn_obj = self._vnc_lib.virtual_network_read(id=vn_uuid)
# If required, enforce security policy at virtual network level.
if enforce_policy:
self._vnc_lib.set_tags(vn_obj,
self._labels.get_labels_dict(VncSecurityPolicy.cluster_aps_uuid))
return vn_obj
def test_same_vn_in_same_vpg_for_enterprise(self):
proj_obj, fabric_obj, pr_obj = self._create_prerequisites()
esi_id = '00:11:22:33:44:55:66:77:88:99'
pi_name = self.id() + '_physical_interface1'
pi = PhysicalInterface(name=pi_name,
parent_obj=pr_obj,
ethernet_segment_identifier=esi_id)
pi_uuid = self._vnc_lib.physical_interface_create(pi)
pi_obj = self._vnc_lib.physical_interface_read(id=pi_uuid)
fabric_name = fabric_obj.get_fq_name()
pi_fq_name = pi_obj.get_fq_name()
# Create VPG
vpg_name = "vpg-1"
vpg = VirtualPortGroup(vpg_name, parent_obj=fabric_obj)
vpg_uuid = self.api.virtual_port_group_create(vpg)
vpg_obj = self._vnc_lib.virtual_port_group_read(id=vpg_uuid)
vpg_name = vpg_obj.get_fq_name()
# Create single VN
vn1 = VirtualNetwork('vn1-%s' % (self.id()), parent_obj=proj_obj)
self.api.virtual_network_create(vn1)
# Create a VMI that's attached to vpg-1 and having reference
# to vn1
vmi_obj = VirtualMachineInterface(self.id() + "1",
parent_obj=proj_obj)
vmi_obj.set_virtual_network(vn1)
# Create KV_Pairs for this VMI
kv_pairs = self._create_kv_pairs(pi_fq_name,
fabric_name,
vpg_name)
vmi_obj.set_virtual_machine_interface_bindings(kv_pairs)
vmi_obj.set_virtual_machine_interface_properties(
VirtualMachineInterfacePropertiesType(sub_interface_vlan_tag=42))
vmi_uuid_1 = self.api.virtual_machine_interface_create(vmi_obj)
vpg_obj.add_virtual_machine_interface(vmi_obj)
self.api.virtual_port_group_update(vpg_obj)
# Now, try to create the second VMI.
# This should fail as a VN can be attached to a VPG only once
# in a Enterprise style fabric
vmi_obj_2 = VirtualMachineInterface(self.id() + "2",
parent_obj=proj_obj)
vmi_obj_2.set_virtual_network(vn1)
# Create KV_Pairs for this VMI
kv_pairs = self._create_kv_pairs(pi_fq_name,
fabric_name,
vpg_name)
vmi_obj_2.set_virtual_machine_interface_bindings(kv_pairs)
vmi_obj_2.set_virtual_machine_interface_properties(
VirtualMachineInterfacePropertiesType(sub_interface_vlan_tag=43))
with ExpectedException(BadRequest):
self.api.virtual_machine_interface_create(vmi_obj_2)
self.api.virtual_machine_interface_delete(id=vmi_uuid_1)
self.api.virtual_port_group_delete(id=vpg_obj.uuid)
self.api.physical_interface_delete(id=pi_uuid)
self.api.physical_router_delete(id=pr_obj.uuid)
self.api.fabric_delete(id=fabric_obj.uuid)
def test_multiple_policy(self):
vn1_name = self.id() + "vn1"
vn2_name = self.id() + "vn2"
vn1_obj = VirtualNetwork(vn1_name)
vn2_obj = VirtualNetwork(vn2_name)
np1 = self.create_network_policy(vn1_obj, vn2_obj)
np2 = self.create_network_policy(vn2_obj, vn1_obj)
seq = SequenceType(1, 1)
vnp = VirtualNetworkPolicyType(seq)
vn1_obj.set_network_policy(np1, vnp)
vn2_obj.set_network_policy(np2, vnp)
self._vnc_lib.virtual_network_create(vn1_obj)
self._vnc_lib.virtual_network_create(vn2_obj)
self.check_ri_ref_present(self.get_ri_name(vn1_obj), self.get_ri_name(vn2_obj))
self.check_ri_ref_present(self.get_ri_name(vn2_obj), self.get_ri_name(vn1_obj))
np1.network_policy_entries.policy_rule[0].action_list.simple_action = "deny"
np1.set_network_policy_entries(np1.network_policy_entries)
self._vnc_lib.network_policy_update(np1)
self.assertTill(
self.ifmap_ident_has_link,
type_fq_name=("routing-instance", self.get_ri_name(vn1_obj)),
link_name="contrail:connection contrail:routing-instance:%s" % ":".join(self.get_ri_name(vn2_obj)),
)
np1.network_policy_entries.policy_rule[0].action_list.simple_action = "pass"
np1.set_network_policy_entries(np1.network_policy_entries)
self._vnc_lib.network_policy_update(np1)
np2.network_policy_entries.policy_rule[0].action_list.simple_action = "deny"
np2.set_network_policy_entries(np2.network_policy_entries)
self._vnc_lib.network_policy_update(np2)
self.assertTill(
self.ifmap_ident_has_link,
type_fq_name=("routing-instance", self.get_ri_name(vn2_obj)),
link_name="contrail:connection contrail:routing-instance:%s" % ":".join(self.get_ri_name(vn1_obj)),
)
vn1_obj.del_network_policy(np1)
vn2_obj.del_network_policy(np2)
self._vnc_lib.virtual_network_update(vn1_obj)
self._vnc_lib.virtual_network_update(vn2_obj)
self.check_ri_refs_are_deleted(fq_name=self.get_ri_name(vn2_obj))
self.delete_network_policy(np1)
self.delete_network_policy(np2)
self._vnc_lib.virtual_network_delete(fq_name=vn1_obj.get_fq_name())
self._vnc_lib.virtual_network_delete(fq_name=vn2_obj.get_fq_name())
self.check_vn_is_deleted(uuid=vn1_obj.uuid)
def test_multiple_policy(self):
vn1_name = self.id() + 'vn1'
vn2_name = self.id() + 'vn2'
vn1_obj = VirtualNetwork(vn1_name)
vn2_obj = VirtualNetwork(vn2_name)
np1 = self.create_network_policy(vn1_obj, vn2_obj)
np2 = self.create_network_policy(vn2_obj, vn1_obj)
seq = SequenceType(1, 1)
vnp = VirtualNetworkPolicyType(seq)
vn1_obj.set_network_policy(np1, vnp)
vn2_obj.set_network_policy(np2, vnp)
self._vnc_lib.virtual_network_create(vn1_obj)
self._vnc_lib.virtual_network_create(vn2_obj)
self.check_ri_ref_present(self.get_ri_name(vn1_obj),
self.get_ri_name(vn2_obj))
self.check_ri_ref_present(self.get_ri_name(vn2_obj),
self.get_ri_name(vn1_obj))
np1.network_policy_entries.policy_rule[0].action_list.simple_action = 'deny'
np1.set_network_policy_entries(np1.network_policy_entries)
self._vnc_lib.network_policy_update(np1)
expr =("('contrail:connection contrail:routing-instance:%s' in FakeIfmapClient._graph['contrail:routing-instance:%s']['links'])"
% (':'.join(self.get_ri_name(vn2_obj)),
':'.join(self.get_ri_name(vn1_obj))))
self.assertTill(expr)
np1.network_policy_entries.policy_rule[0].action_list.simple_action = 'pass'
np1.set_network_policy_entries(np1.network_policy_entries)
self._vnc_lib.network_policy_update(np1)
np2.network_policy_entries.policy_rule[0].action_list.simple_action = 'deny'
np2.set_network_policy_entries(np2.network_policy_entries)
self._vnc_lib.network_policy_update(np2)
expr = ("('contrail:connection contrail:routing-instance:%s' in FakeIfmapClient._graph['contrail:routing-instance:%s']['links'])"
% (':'.join(self.get_ri_name(vn1_obj)),
':'.join(self.get_ri_name(vn2_obj))))
self.assertTill(expr)
vn1_obj.del_network_policy(np1)
vn2_obj.del_network_policy(np2)
self._vnc_lib.virtual_network_update(vn1_obj)
self._vnc_lib.virtual_network_update(vn2_obj)
self.check_ri_refs_are_deleted(fq_name=self.get_ri_name(vn2_obj))
self.delete_network_policy(np1)
self.delete_network_policy(np2)
self._vnc_lib.virtual_network_delete(fq_name=vn1_obj.get_fq_name())
self._vnc_lib.virtual_network_delete(fq_name=vn2_obj.get_fq_name())
self.check_vn_is_deleted(uuid=vn1_obj.uuid)
def test_different_vn_on_same_vlan_across_vpgs_in_enterprise(self):
proj_obj, fabric_obj, pr_obj = self._create_prerequisites()
# Create Physical Interface for VPG-1
esi_id = '00:11:22:33:44:55:66:77:88:99'
pi_name = self.id() + '_physical_interface1'
pi = PhysicalInterface(name=pi_name,
parent_obj=pr_obj,
ethernet_segment_identifier=esi_id)
pi_uuid = self._vnc_lib.physical_interface_create(pi)
pi_obj = self._vnc_lib.physical_interface_read(id=pi_uuid)
fabric_name = fabric_obj.get_fq_name()
pi_fq_name_1 = pi_obj.get_fq_name()
# Create Physical Interface for VPG-2
esi_id = '00:11:22:33:44:55:66:77:88:99'
pi_name = self.id() + '_physical_interface2'
pi = PhysicalInterface(name=pi_name,
parent_obj=pr_obj,
ethernet_segment_identifier=esi_id)
pi_uuid_2 = self._vnc_lib.physical_interface_create(pi)
pi_obj = self._vnc_lib.physical_interface_read(id=pi_uuid_2)
fabric_name = fabric_obj.get_fq_name()
pi_fq_name_2 = pi_obj.get_fq_name()
# Create VPG-1
vpg_name = "vpg-1"
vpg = VirtualPortGroup(vpg_name, parent_obj=fabric_obj)
vpg_uuid = self.api.virtual_port_group_create(vpg)
vpg_obj_1 = self._vnc_lib.virtual_port_group_read(id=vpg_uuid)
vpg_name_1 = vpg_obj_1.get_fq_name()
# Create VPG-2
vpg_name = "vpg-2"
vpg = VirtualPortGroup(vpg_name, parent_obj=fabric_obj)
vpg_uuid = self.api.virtual_port_group_create(vpg)
vpg_obj_2 = self._vnc_lib.virtual_port_group_read(id=vpg_uuid)
vpg_name_2 = vpg_obj_2.get_fq_name()
# Create VN-1
vn1 = VirtualNetwork('vn1-%s' % (self.id()), parent_obj=proj_obj)
self.api.virtual_network_create(vn1)
# Create VN-2
vn2 = VirtualNetwork('vn2-%s' % (self.id()), parent_obj=proj_obj)
self.api.virtual_network_create(vn2)
# Create a VMI that's attached to vpg-1 and having reference
# to vn1
vmi_obj = VirtualMachineInterface(self.id() + "1",
parent_obj=proj_obj)
vmi_obj.set_virtual_network(vn1)
# Create KV_Pairs for this VMI
kv_pairs = self._create_kv_pairs(pi_fq_name_1,
fabric_name,
vpg_name_1)
vmi_obj.set_virtual_machine_interface_bindings(kv_pairs)
vmi_obj.set_virtual_machine_interface_properties(
VirtualMachineInterfacePropertiesType(sub_interface_vlan_tag=42))
vmi_uuid_1 = self.api.virtual_machine_interface_create(vmi_obj)
vpg_obj_1.add_virtual_machine_interface(vmi_obj)
self.api.virtual_port_group_update(vpg_obj_1)
# Create a VMI that's attached to vpg-2 and having reference
# to vn2, but with same vlan_tag=42, this should fail
vmi_obj_2 = VirtualMachineInterface(self.id() + "2",
parent_obj=proj_obj)
vmi_obj_2.set_virtual_network(vn2)
# Create KV_Pairs for this VMI
kv_pairs = self._create_kv_pairs(pi_fq_name_2,
fabric_name,
vpg_name_2)
vmi_obj_2.set_virtual_machine_interface_bindings(kv_pairs)
vmi_obj_2.set_virtual_machine_interface_properties(
VirtualMachineInterfacePropertiesType(sub_interface_vlan_tag=42))
with ExpectedException(BadRequest):
self.api.virtual_machine_interface_create(vmi_obj_2)
self.api.virtual_machine_interface_delete(id=vmi_uuid_1)
self.api.virtual_port_group_delete(id=vpg_obj_1.uuid)
self.api.virtual_port_group_delete(id=vpg_obj_2.uuid)
self.api.physical_interface_delete(id=pi_uuid)
self.api.physical_interface_delete(id=pi_uuid_2)
self.api.physical_router_delete(id=pr_obj.uuid)
self.api.fabric_delete(id=fabric_obj.uuid)
def _create_isolated_ns_virtual_network(self,
ns_name,
vn_name,
vn_type,
proj_obj,
ipam_obj=None,
provider=None,
enforce_policy=False):
"""
Create/Update a virtual network for this namespace.
"""
vn_exists = False
vn = VirtualNetwork(name=vn_name,
parent_obj=proj_obj,
virtual_network_properties=VirtualNetworkType(
forwarding_mode='l3'),
address_allocation_mode='flat-subnet-only')
try:
vn_obj = self._vnc_lib.virtual_network_read(
fq_name=vn.get_fq_name())
vn_exists = True
except NoIdError:
# VN does not exist. Create one.
vn_obj = vn
# Add annotatins on this isolated virtual-network.
VirtualNetworkKM.add_annotations(self,
vn,
namespace=ns_name,
name=ns_name,
isolated='True')
# Instance-Ip for pods on this VN, should be allocated from
# cluster pod ipam. Attach the cluster pod-ipam object
# to this virtual network.
vn_obj.add_network_ipam(ipam_obj, VnSubnetsType([]))
fabric_snat = False
if vn_type == 'pod-network':
if self._is_ip_fabric_snat_enabled(ns_name):
fabric_snat = True
if not vn_exists:
if provider:
# enable ip_fabric_forwarding
vn_obj.add_virtual_network(provider)
elif fabric_snat:
# enable fabric_snat
vn_obj.set_fabric_snat(True)
else:
# disable fabric_snat
vn_obj.set_fabric_snat(False)
vn_uuid = self._vnc_lib.virtual_network_create(vn_obj)
# Cache the virtual network.
VirtualNetworkKM.locate(vn_uuid)
else:
ip_fabric_enabled = False
if provider:
vn_refs = vn_obj.get_virtual_network_refs()
ip_fabric_fq_name = provider.fq_name
for vn in vn_refs or []:
vn_fq_name = vn['to']
if vn_fq_name == ip_fabric_fq_name:
ip_fabric_enabled = True
break
if not ip_fabric_enabled and fabric_snat:
# enable fabric_snat
vn_obj.set_fabric_snat(True)
else:
# disable fabric_snat
vn_obj.set_fabric_snat(False)
# Update VN.
self._vnc_lib.virtual_network_update(vn_obj)
vn_uuid = vn_obj.get_uuid()
vn_obj = self._vnc_lib.virtual_network_read(id=vn_uuid)
# If required, enforce security policy at virtual network level.
if enforce_policy:
self._vnc_lib.set_tags(
vn_obj,
self._labels.get_labels_dict(
VncSecurityPolicy.cluster_aps_uuid))
return vn_obj
def test_add_remove_multi_value_of_authorized_type_on_same_resource(self):
project = Project('project-%s' % self.id())
self.api.project_create(project)
vn = VirtualNetwork('vn-%s' % self.id(), parent_obj=project)
# Label tag type is the only one type authorized to be set multiple
# time on a same resource
tag_type = 'label'
tag_value1 = '%s-label1' % self.id()
label_tag1 = Tag(tag_type_name=tag_type, tag_value=tag_value1,
parent_obj=project)
self.api.tag_create(label_tag1)
tag_value2 = '%s-label2' % self.id()
label_tag2 = Tag(tag_type_name=tag_type, tag_value=tag_value2,
parent_obj=project)
self.api.tag_create(label_tag2)
tag_value3 = '%s-label3' % self.id()
label_tag3 = Tag(tag_type_name=tag_type, tag_value=tag_value3,
parent_obj=project)
self.api.tag_create(label_tag3)
vn.add_tag(label_tag1)
vn.add_tag(label_tag2)
self.api.virtual_network_create(vn)
vn = self._vnc_lib.virtual_network_read(id=vn.uuid)
self.assertEqual(len(vn.get_tag_refs()), 2)
self.assertEqual({ref['uuid'] for ref in vn.get_tag_refs()},
set([label_tag1.uuid, label_tag2.uuid]))
vn.add_tag(label_tag3)
self.api.virtual_network_update(vn)
vn = self._vnc_lib.virtual_network_read(id=vn.uuid)
self.assertEqual(len(vn.get_tag_refs()), 3)
self.assertEqual({ref['uuid'] for ref in vn.get_tag_refs()},
set([label_tag1.uuid, label_tag2.uuid,
label_tag3.uuid]))
vn.del_tag(label_tag2)
self.api.virtual_network_update(vn)
vn = self._vnc_lib.virtual_network_read(id=vn.uuid)
self.assertEqual(len(vn.get_tag_refs()), 2)
self.assertEqual({ref['uuid'] for ref in vn.get_tag_refs()},
set([label_tag1.uuid, label_tag3.uuid]))