def test_update_in_use_provider_vn(self):
project = Project('%s-project' % self.id())
project_uuid = self.api.project_create(project)
project = self.api.project_read(id=project_uuid)
vn = VirtualNetwork('%s-vn' % self.id(), parent_obj=project)
vn.set_is_provider_network(True)
vn.set_provider_properties(
ProviderDetails(
params_dict={"segmentation_id": 100,
"physical_network": "physnet1"}))
vn_uuid = self.api.virtual_network_create(vn)
vmi = VirtualMachineInterface('%s-vmi' % self.id(), parent_obj=project)
vmi.set_virtual_network(vn)
self.api.virtual_machine_interface_create(vmi)
vn = self.api.virtual_network_read(id=vn_uuid)
vn.set_provider_properties(
ProviderDetails(
params_dict={"segmentation_id": 200,
"physical_network": "physnet2"}))
with ExpectedException(RefsExistError):
self.api.virtual_network_update(vn)
updated_provider_properties = (self
.api.virtual_network_read(id=vn.uuid)
.get_provider_properties())
segmentation_id = updated_provider_properties.get_segmentation_id()
physical_network = updated_provider_properties.get_physical_network()
self.assertEqual((100, "physnet1"),
(segmentation_id, physical_network))
def test_update_not_in_use_non_provider_vn_to_provider(self):
project = Project('%s-project' % self.id())
project_uuid = self.api.project_create(project)
project = self.api.project_read(id=project_uuid)
vn = VirtualNetwork('%s-vn' % self.id(), parent_obj=project)
vn_uuid = self.api.virtual_network_create(vn)
vn = self.api.virtual_network_read(id=vn_uuid)
is_provider_network = vn.get_is_provider_network()
self.assertFalse(is_provider_network)
vn.set_is_provider_network(True)
vn.set_provider_properties(
ProviderDetails(
params_dict={"segmentation_id": 100,
"physical_network": "physnet1"}))
self.api.virtual_network_update(vn)
vn = self.api.virtual_network_read(id=vn_uuid)
is_provider_network = vn.get_is_provider_network()
self.assertTrue(is_provider_network)
updated_provider_properties = vn.get_provider_properties()
segmentation_id = updated_provider_properties.get_segmentation_id()
physical_network = updated_provider_properties.get_physical_network()
self.assertEqual((100, "physnet1"),
(segmentation_id, physical_network))
def test_create_provider_vn_without_provider_details(self):
project = Project('%s-project' % self.id())
project_uuid = self.api.project_create(project)
project = self.api.project_read(id=project_uuid)
vn = VirtualNetwork('%s-vn' % self.id(), parent_obj=project)
vn.set_is_provider_network(True)
vn_uuid = self.api.virtual_network_create(vn)
is_provider_network = (self
.api.virtual_network_read(id=vn_uuid)
.get_is_provider_network())
self.assertTrue(is_provider_network)
def test_create_provider_vn(self):
project = Project('%s-project' % self.id())
project_uuid = self.api.project_create(project)
project = self.api.project_read(id=project_uuid)
vn = VirtualNetwork('%s-vn' % self.id(), parent_obj=project)
vn.set_is_provider_network(True)
vn.set_provider_properties(
ProviderDetails(
params_dict={"segmentation_id": 100,
"physical_network": "physnet1"}))
vn_uuid = self.api.virtual_network_create(vn)
is_provider_network = (self
.api.virtual_network_read(id=vn_uuid)
.get_is_provider_network())
self.assertTrue(is_provider_network)
def _pre_create_virtual_networks(self):
# red ang green VN are the provider VNs
virtual_network_red = VirtualNetwork(
name='test-virtual-network-red',
parent_obj=self.project)
self.vlan_id_red = 100
virtual_network_red.set_is_provider_network(True)
virtual_network_red.set_provider_properties(
ProviderDetails(
segmentation_id=self.vlan_id_red,
physical_network=self.physnet))
virtual_network_red_uuid = \
self.api.virtual_network_create(virtual_network_red)
self.virtual_network_red = \
self.api.virtual_network_read(id=virtual_network_red_uuid)
virtual_network_green = VirtualNetwork(
name='test-virtual-network-green',
parent_obj=self.project)
self.vlan_id_green = 200
virtual_network_green.set_is_provider_network(True)
virtual_network_green.set_provider_properties(
ProviderDetails(
segmentation_id=self.vlan_id_green,
physical_network=self.physnet))
virtual_network_green_uuid = \
self.api.virtual_network_create(virtual_network_green)
self.virtual_network_green = \
self.api.virtual_network_read(id=virtual_network_green_uuid)
# blue VN is the non-provider VN
virtual_network_blue = VirtualNetwork(
name='test-virtual-network-blue',
parent_obj=self.project)
virtual_network_red.set_is_provider_network(False)
virtual_network_blue_uuid = \
self.api.virtual_network_create(virtual_network_blue)
self.virtual_network_blue = \
self.api.virtual_network_read(id=virtual_network_blue_uuid)
def test_provider_network(self):
"""
Test description.
Verify:
1. Check creating a non-provider VNs with
non-provider VNs connected to it is not allowed
2. Check a non provider-VN can not be created
with is_provider_network property set to True
3. Check is_provider_network property of a
provider-VN is True by default
4. Check is_provider_network property of a
provider-VN can be set as True
5. Check is_provider_network property of provider-VN
can not be set as False
6. Check is_provider_network property of non provider-VN
can not be set as True
7. Check is_provider_network property of non provider-VN
can be set as False
8. Check setting other parameters of a non provider-VN
is not affected
9. Check db_resync sets is_provider_network property
of provider-VN as True (simulating upgrade case)
10. Check non provider VNs can be added to
provider VN
11. Check the provider-VN can be added to a VN
12. Check non provider-VN can not be added to a VN
13. Check many VNs can be linked to the provider-VN
14. Check (provider-vn -> any-VN),DENY acl rule is added to
the provider-VN
15. Check (VN -> provider-VN),DENY acl rule is added to
the VN
16. Adding a (VN -> provider-VN),PASS acl rule at VN removes
(VN -> provider-VN),DENY acl rule
Assumption: ip-fabric VN is the provider-VN
"""
# create two VNs - vn1, vn2
vn1_name = self.id() + '_vn1'
vn2_name = self.id() + '_vn2'
vn3_name = self.id() + '_vn3'
vn4_name = self.id() + '_vn4'
vn1_obj1 = VirtualNetwork(vn1_name)
vn2_obj1 = VirtualNetwork(vn2_name)
vn3_obj1 = VirtualNetwork(vn3_name)
vn4_obj1 = VirtualNetwork(vn4_name)
self._vnc_lib.virtual_network_create(vn1_obj1)
self._vnc_lib.virtual_network_create(vn2_obj1)
self._vnc_lib.virtual_network_create(vn3_obj1)
# try creating non provider_vn with linked
# non provider_vn (linked before creating)
vn4_obj1.add_virtual_network(vn3_obj1)
self.assertRaises(BadRequest, self._vnc_lib.virtual_network_create,
vn4_obj1)
vn4_obj1.add_virtual_network(vn2_obj1)
self.assertRaises(BadRequest, self._vnc_lib.virtual_network_create,
vn4_obj1)
# remove vn3_obj1 and vn2_obj1
# as its not allowed
vn4_obj1.del_virtual_network(vn3_obj1)
vn4_obj1.del_virtual_network(vn2_obj1)
# set is_provider_network on a non provider-vn
# and try creating it
vn4_obj1.set_is_provider_network(True)
self.assertRaises(BadRequest, self._vnc_lib.virtual_network_create,
vn4_obj1)
# set it as False and retry creating it
vn4_obj1.set_is_provider_network(False)
self._vnc_lib.virtual_network_create(vn4_obj1)
# Check updating other parameters of a non provider VN
# when no provider VN is not connected
vn4_obj1.set_mac_aging_time(400)
self._vnc_lib.virtual_network_update(vn4_obj1)
# retrieve provider network, assuming ip-fabric for now
provider_fq_name = ['default-domain', 'default-project', 'ip-fabric']
provider_vn = self._vnc_lib.virtual_network_read(
fq_name=provider_fq_name)
self.assertEqual(provider_vn.get_is_provider_network(), True)
# check is_provider_network of provider_vn
# can be set to True (ie only as its default)
provider_vn.set_is_provider_network(True)
self._vnc_lib.virtual_network_update(provider_vn)
# check is_provider_network of provider_vn
# can not be set to False
provider_vn.set_is_provider_network(False)
self.assertRaises(BadRequest, self._vnc_lib.virtual_network_update,
provider_vn)
# check is_provider_network of non provider_vn
# can be set to False
vn4_obj1.set_is_provider_network(False)
self._vnc_lib.virtual_network_update(vn4_obj1)
# check is_provider_network of non provider_vn
# can not be set to True
vn4_obj1.set_is_provider_network(True)
self.assertRaises(BadRequest, self._vnc_lib.virtual_network_update,
vn4_obj1)
# check db_resync sets is_provider_network property
# as True in provider-vn
self._api_server._db_conn.db_resync()
provider_vn = self._vnc_lib.virtual_network_read(
fq_name=provider_fq_name)
self.assertEqual(provider_vn.get_is_provider_network(), True)
# check adding vn3 and vn2 to provider vn
provider_vn.add_virtual_network(vn2_obj1)
provider_vn.add_virtual_network(vn3_obj1)
self._vnc_lib.virtual_network_update(provider_vn)
gevent.sleep(5)
provider_vn = self._vnc_lib.virtual_network_read(
fq_name=provider_vn.get_fq_name())
self.assertEqual(len(provider_vn.virtual_network_refs), 2)
linked_uuids = [
ref['uuid'] for ref in provider_vn.virtual_network_refs
]
self.assertIn(vn3_obj1.uuid, linked_uuids)
self.assertIn(vn2_obj1.uuid, linked_uuids)
VirtualNetworkST._dict = {}
VirtualNetworkST.reinit()
provider_vn = self._vnc_lib.virtual_network_read(
fq_name=provider_vn.get_fq_name())
vn3_obj1 = self._vnc_lib.virtual_network_read(
fq_name=vn3_obj1.get_fq_name())
vn2_obj1 = self._vnc_lib.virtual_network_read(
fq_name=vn2_obj1.get_fq_name())
self.assertEqual(len(provider_vn.virtual_network_refs), 2)
linked_uuids = [
ref['uuid'] for ref in provider_vn.virtual_network_refs
]
self.assertIn(vn3_obj1.uuid, linked_uuids)
self.assertIn(vn2_obj1.uuid, linked_uuids)
self.check_acl_implicit_deny_rule(
fq_name=self.get_ri_name(provider_vn),
src_vn=':'.join(provider_fq_name),
dst_vn='any')
self.check_acl_implicit_deny_rule(fq_name=self.get_ri_name(vn2_obj1),
src_vn=vn2_obj1.get_fq_name_str(),
dst_vn=':'.join(provider_fq_name))
self.check_acl_implicit_deny_rule(fq_name=self.get_ri_name(vn3_obj1),
src_vn=vn3_obj1.get_fq_name_str(),
dst_vn=':'.join(provider_fq_name))
# check adding provider vn to vn1 works
vn1_obj1.add_virtual_network(provider_vn)
self._vnc_lib.virtual_network_update(vn1_obj1)
gevent.sleep(2)
vn1_obj2 = self._vnc_lib.virtual_network_read(
fq_name=vn1_obj1.get_fq_name())
self.assertEqual(vn1_obj2.virtual_network_refs[0]['to'],
provider_fq_name)
self.check_acl_implicit_deny_rule(fq_name=self.get_ri_name(vn1_obj2),
src_vn=vn1_obj2.get_fq_name_str(),
dst_vn=':'.join(provider_fq_name))
# Check updating other parameters of a non provider VN
# when a provider VN is connected
vn1_obj2.set_mac_aging_time(400)
self._vnc_lib.virtual_network_update(vn1_obj2)
# create a policy to allow icp between vn1 <> vn2
# and update vn1
vn1_to_vn2_rule = {
"protocol": "icmp",
"direction": "<>",
"src": {
"type": "vn",
"value": vn1_obj2
},
"dst": [{
"type": "vn",
"value": vn2_obj1
}],
"action": "pass"
}
np = self.create_network_policy_with_multiple_rules([vn1_to_vn2_rule])
seq = SequenceType(1, 1)
vnp = VirtualNetworkPolicyType(seq)
vn1_obj2.set_network_policy(np, vnp)
self._vnc_lib.virtual_network_update(vn1_obj2)
vn1_obj3 = self._vnc_lib.virtual_network_read(
fq_name=vn1_obj2.get_fq_name())
# check linking a non provider network is not allowed
vn1_obj3.add_virtual_network(vn2_obj1)
self.assertRaises(BadRequest, self._vnc_lib.virtual_network_update,
vn1_obj3)
vn1_obj4 = self._vnc_lib.virtual_network_read(
fq_name=vn1_obj3.get_fq_name())
self.assertEqual(vn1_obj4.virtual_network_refs[0]['to'],
provider_fq_name)
self.assertNotEqual(vn1_obj4.virtual_network_refs[0]['to'],
vn2_obj1.get_fq_name())
# check the provider-network got a deny rule to any VN
provider_to_vn1_rule = {
"protocol": "icmp",
"direction": ">",
"src": {
"type": "vn",
"value": provider_vn
},
"dst": [{
"type": "vn",
"value": vn1_obj4
}],
"action": "pass"
}
np = self.create_network_policy_with_multiple_rules(
[provider_to_vn1_rule])
seq = SequenceType(1, 1)
vnp = VirtualNetworkPolicyType(seq)
provider_vn.set_network_policy(np, vnp)
self._vnc_lib.virtual_network_update(provider_vn)
self.check_acl_implicit_deny_rule(
fq_name=self.get_ri_name(provider_vn),
src_vn=':'.join(provider_fq_name),
dst_vn='any')
# check the network connected to provider-network
# got a deny rule to provider-network
self.check_acl_implicit_deny_rule(fq_name=self.get_ri_name(vn1_obj4),
src_vn=':'.join(
vn1_obj4.get_fq_name()),
dst_vn=':'.join(provider_fq_name))
# add an explicit policy to allow traffic to provider network
# and the implicit deny is removed
vn1_to_provider_rule = {
"protocol": "any",
"direction": ">",
"src": {
"type": "vn",
"value": vn1_obj4
},
"dst": [{
"type": "vn",
"value": provider_vn
}],
"action": "pass"
}
np = self.create_network_policy_with_multiple_rules(
[vn1_to_provider_rule])
seq = SequenceType(1, 1)
vnp = VirtualNetworkPolicyType(seq)
vn1_obj4.set_network_policy(np, vnp)
self._vnc_lib.virtual_network_update(vn1_obj4)
vn1_obj5 = self._vnc_lib.virtual_network_read(
fq_name=vn1_obj4.get_fq_name())
self.check_acl_no_implicit_deny_rule(
fq_name=self.get_ri_name(vn1_obj5),
src_vn=':'.join(vn1_obj5.get_fq_name()),
dst_vn=':'.join(provider_fq_name))
self.check_acl_allow_rule(fq_name=self.get_ri_name(vn1_obj5),
src_vn=':'.join(vn1_obj5.get_fq_name()),
dst_vn=':'.join(provider_fq_name))
# adding explicit policy to allow traffic to provider network
# do not change deny rule in provider network
self.check_acl_implicit_deny_rule(
fq_name=self.get_ri_name(provider_vn),
src_vn=':'.join(provider_fq_name),
dst_vn='any')
def test_provider_network(self):
'''
Verify:
1. Check creating a non-provider VNs with
non-provider VNs connected to it is not allowed
2. Check a non provider-VN can not be created
with is_provider_network property set to True
3. Check is_provider_network property of a
provider-VN is True by default
4. Check is_provider_network property of a
provider-VN can be set as True
5. Check is_provider_network property of provider-VN
can not be set as False
6. Check is_provider_network property of non provider-VN
can not be set as True
7. Check is_provider_network property of non provider-VN
can be set as False
8. Check setting other parameters of a non provider-VN
is not affected
9. Check db_resync sets is_provider_network property
of provider-VN as True (simulating upgrade case)
10. Check non provider VNs can be added to
provider VN
11. Check the provider-VN can be added to a VN
12. Check non provider-VN can not be added to a VN
13. Check many VNs can be linked to the provider-VN
14. Check (provider-vn -> any-VN),DENY acl rule is added to
the provider-VN
15. Check (VN -> provider-VN),DENY acl rule is added to
the VN
16. Adding a (VN -> provider-VN),PASS acl rule at VN removes
(VN -> provider-VN),DENY acl rule
Assumption: ip-fabric VN is the provider-VN
'''
# create two VNs - vn1, vn2
vn1_name = self.id() + '_vn1'
vn2_name = self.id() + '_vn2'
vn3_name = self.id() + '_vn3'
vn4_name = self.id() + '_vn4'
vn1_obj1 = VirtualNetwork(vn1_name)
vn2_obj1 = VirtualNetwork(vn2_name)
vn3_obj1 = VirtualNetwork(vn3_name)
vn4_obj1 = VirtualNetwork(vn4_name)
self._vnc_lib.virtual_network_create(vn1_obj1)
self._vnc_lib.virtual_network_create(vn2_obj1)
self._vnc_lib.virtual_network_create(vn3_obj1)
# try creating non provider_vn with linked
# non provider_vn (linked before creating)
vn4_obj1.add_virtual_network(vn3_obj1)
self.assertRaises(BadRequest,
self._vnc_lib.virtual_network_create,
vn4_obj1)
vn4_obj1.add_virtual_network(vn2_obj1)
self.assertRaises(BadRequest,
self._vnc_lib.virtual_network_create,
vn4_obj1)
# remove vn3_obj1 and vn2_obj1
# as its not allowed
vn4_obj1.del_virtual_network(vn3_obj1)
vn4_obj1.del_virtual_network(vn2_obj1)
# set is_provider_network on a non provider-vn
# and try creating it
vn4_obj1.set_is_provider_network(True)
self.assertRaises(BadRequest,
self._vnc_lib.virtual_network_create,
vn4_obj1)
# set it as False and retry creating it
vn4_obj1.set_is_provider_network(False)
self._vnc_lib.virtual_network_create(vn4_obj1)
# Check updating other parameters of a non provider VN
# when no provider VN is not connected
vn4_obj1.set_mac_aging_time(400)
self._vnc_lib.virtual_network_update(vn4_obj1)
# retrieve provider network, assuming ip-fabric for now
provider_fq_name = ['default-domain', 'default-project', 'ip-fabric']
provider_vn = self._vnc_lib.virtual_network_read(
fq_name=provider_fq_name)
self.assertEqual(provider_vn.get_is_provider_network(), True)
# check is_provider_network of provider_vn
# can be set to True (ie only as its default)
provider_vn.set_is_provider_network(True)
self._vnc_lib.virtual_network_update(provider_vn)
# check is_provider_network of provider_vn
# can not be set to False
provider_vn.set_is_provider_network(False)
self.assertRaises(BadRequest,
self._vnc_lib.virtual_network_update,
provider_vn)
# check is_provider_network of non provider_vn
# can be set to False
vn4_obj1.set_is_provider_network(False)
self._vnc_lib.virtual_network_update(vn4_obj1)
# check is_provider_network of non provider_vn
# can not be set to True
vn4_obj1.set_is_provider_network(True)
self.assertRaises(BadRequest,
self._vnc_lib.virtual_network_update,
vn4_obj1)
# check db_resync sets is_provider_network property
# as True in provider-vn
self._api_server._db_conn.db_resync()
provider_vn = self._vnc_lib.virtual_network_read(
fq_name=provider_fq_name)
self.assertEqual(provider_vn.get_is_provider_network(), True)
# check adding vn3 and vn2 to provider vn
provider_vn.add_virtual_network(vn2_obj1)
provider_vn.add_virtual_network(vn3_obj1)
self._vnc_lib.virtual_network_update(provider_vn)
gevent.sleep(5)
provider_vn = self._vnc_lib.virtual_network_read(
fq_name=provider_vn.get_fq_name())
self.assertEqual(len(provider_vn.virtual_network_refs), 2)
linked_uuids = [ref['uuid'] for ref in
provider_vn.virtual_network_refs]
self.assertIn(vn3_obj1.uuid, linked_uuids)
self.assertIn(vn2_obj1.uuid, linked_uuids)
config_db.VirtualNetworkST._dict = {}
config_db.VirtualNetworkST.reinit()
provider_vn = self._vnc_lib.virtual_network_read(
fq_name=provider_vn.get_fq_name())
vn3_obj1 = self._vnc_lib.virtual_network_read(
fq_name=vn3_obj1.get_fq_name())
vn2_obj1 = self._vnc_lib.virtual_network_read(
fq_name=vn2_obj1.get_fq_name())
self.assertEqual(len(provider_vn.virtual_network_refs), 2)
linked_uuids = [ref['uuid'] for ref in
provider_vn.virtual_network_refs]
self.assertIn(vn3_obj1.uuid, linked_uuids)
self.assertIn(vn2_obj1.uuid, linked_uuids)
self.check_acl_implicit_deny_rule(
fq_name=self.get_ri_name(provider_vn),
src_vn=':'.join(provider_fq_name),
dst_vn='any')
self.check_acl_implicit_deny_rule(
fq_name=self.get_ri_name(vn2_obj1),
src_vn=vn2_obj1.get_fq_name_str(),
dst_vn=':'.join(provider_fq_name))
self.check_acl_implicit_deny_rule(
fq_name=self.get_ri_name(vn3_obj1),
src_vn=vn3_obj1.get_fq_name_str(),
dst_vn=':'.join(provider_fq_name))
# check adding provider vn to vn1 works
vn1_obj1.add_virtual_network(provider_vn)
self._vnc_lib.virtual_network_update(vn1_obj1)
gevent.sleep(2)
vn1_obj2 = self._vnc_lib.virtual_network_read(
fq_name=vn1_obj1.get_fq_name())
self.assertEqual(vn1_obj2.virtual_network_refs[0]['to'],
provider_fq_name)
self.check_acl_implicit_deny_rule(
fq_name=self.get_ri_name(vn1_obj2),
src_vn=vn1_obj2.get_fq_name_str(),
dst_vn=':'.join(provider_fq_name))
# Check updating other parameters of a non provider VN
# when a provider VN is connected
vn1_obj2.set_mac_aging_time(400)
self._vnc_lib.virtual_network_update(vn1_obj2)
# create a policy to allow icp between vn1 <> vn2
# and update vn1
vn1_to_vn2_rule = {"protocol": "icmp",
"direction": "<>",
"src": {"type": "vn", "value": vn1_obj2},
"dst": [{"type": "vn", "value": vn2_obj1}],
"action": "pass"}
np = self.create_network_policy_with_multiple_rules([vn1_to_vn2_rule])
seq = SequenceType(1, 1)
vnp = VirtualNetworkPolicyType(seq)
vn1_obj2.set_network_policy(np, vnp)
self._vnc_lib.virtual_network_update(vn1_obj2)
vn1_obj3 = self._vnc_lib.virtual_network_read(
fq_name=vn1_obj2.get_fq_name())
# check linking a non provider network is not allowed
vn1_obj3.add_virtual_network(vn2_obj1)
self.assertRaises(BadRequest,
self._vnc_lib.virtual_network_update,
vn1_obj3)
vn1_obj4 = self._vnc_lib.virtual_network_read(
fq_name=vn1_obj3.get_fq_name())
self.assertEqual(vn1_obj4.virtual_network_refs[0]['to'],
provider_fq_name)
self.assertNotEqual(vn1_obj4.virtual_network_refs[0]['to'],
vn2_obj1.get_fq_name())
# check the provider-network got a deny rule to any VN
provider_to_vn1_rule = {"protocol": "icmp",
"direction": ">",
"src": {"type": "vn", "value": provider_vn},
"dst": [{"type": "vn", "value": vn1_obj4}],
"action": "pass"}
np = self.create_network_policy_with_multiple_rules(
[provider_to_vn1_rule])
seq = SequenceType(1, 1)
vnp = VirtualNetworkPolicyType(seq)
provider_vn.set_network_policy(np, vnp)
self._vnc_lib.virtual_network_update(provider_vn)
self.check_acl_implicit_deny_rule(
fq_name=self.get_ri_name(provider_vn),
src_vn=':'.join(provider_fq_name),
dst_vn='any')
# check the network connected to provider-network
# got a deny rule to provider-network
self.check_acl_implicit_deny_rule(
fq_name=self.get_ri_name(vn1_obj4),
src_vn=':'.join(vn1_obj4.get_fq_name()),
dst_vn=':'.join(provider_fq_name))
# add an explicit policy to allow traffic to provider network
# and the implicit deny is removed
vn1_to_provider_rule = {"protocol": "any",
"direction": ">",
"src": {"type": "vn", "value": vn1_obj4},
"dst": [{"type": "vn", "value": provider_vn}],
"action": "pass"}
np = self.create_network_policy_with_multiple_rules(
[vn1_to_provider_rule])
seq = SequenceType(1, 1)
vnp = VirtualNetworkPolicyType(seq)
vn1_obj4.set_network_policy(np, vnp)
self._vnc_lib.virtual_network_update(vn1_obj4)
vn1_obj5 = self._vnc_lib.virtual_network_read(
fq_name=vn1_obj4.get_fq_name())
self.check_acl_no_implicit_deny_rule(
fq_name=self.get_ri_name(vn1_obj5),
src_vn=':'.join(vn1_obj5.get_fq_name()),
dst_vn=':'.join(provider_fq_name))
self.check_acl_allow_rule(
fq_name=self.get_ri_name(vn1_obj5),
src_vn=':'.join(vn1_obj5.get_fq_name()),
dst_vn=':'.join(provider_fq_name))
# adding explicit policy to allow traffic to provider network
# do not change deny rule in provider network
self.check_acl_implicit_deny_rule(
fq_name=self.get_ri_name(provider_vn),
src_vn=':'.join(provider_fq_name),
dst_vn='any')
