def check(self):
super(zstack_kvm_pf_rule_exist_checker, self).check()
test_result = test_lib.lib_check_vm_pf_rule_exist_in_iptables(
self.test_obj.get_port_forwarding())
test_util.test_logger(
'Check result: [Port Forwarding] %s finishes rule existance testing'
% self.test_obj.get_port_forwarding().uuid)
return self.judge(test_result)
def check(self):
super(zstack_vcenter_pf_rule_exist_checker, self).check()
test_result = test_lib.lib_check_vm_pf_rule_exist_in_iptables(self.test_obj.get_port_forwarding())
test_util.test_logger('Check result: [Port Forwarding] %s finishes rule existance testing' % self.test_obj.get_port_forwarding().uuid)
return self.judge(test_result)
def check(self):
super(pf_checker, self).check()
test_result = True
try:
test_vip = test_lib.lib_get_vip_by_uuid(self.test_obj.get_vip().uuid)
except:
test_util.test_logger('Check Result: [vip:] %s is not exist' % self.test_obj.get_vip().uuid)
self.test_obj.update()
return self.judge(False)
if not self.test_obj.get_pf_list():
test_util.test_logger('Check Result: [vip:] %s is not attached to any pf.' % self.test_obj.get_vip().uuid)
self.test_obj.update()
return self.judge(False)
vip = self.test_obj.get_vip()
vipIp = vip.ip
all_ports = port_header.all_ports
pf_running_list = self.test_obj.get_pf_list_for_running_vm()
pf_tcp_list, pf_udp_list = self.separate_tcp_udp_list(pf_running_list)
pf_tcp_dict = self.gen_tcp_dict_by_allowed_cidr(pf_tcp_list)
pf_stopped_list = self.test_obj.get_pf_list_for_stopped_vm()
pf_detached_list = self.test_obj.get_detached_pf_list()
vip_l3 = self.test_obj.get_vip().l3NetworkUuid
if not pf_running_list:
# all ports should be denied, since no living vm.
for pf in pf_stopped_list:
test_result = self.check_denied_pf(pf)
if test_result != self.exp_result:
return self.judge(test_result)
for pf in pf_detached_list:
test_result = self.check_denied_pf(pf)
if test_result != self.exp_result:
return self.judge(test_result)
else:
#open TCP ports for living vms
for pf in pf_tcp_list:
target_vm = pf.get_target_vm().vm
vm_l3 = test_lib.lib_get_nic_by_uuid(pf.get_port_forwarding().vmNicUuid).l3NetworkUuid
test_lib.lib_open_vm_listen_ports(target_vm, all_ports, vm_l3)
#calc allowed ports, per allowed_cidr
for allowed_vr_ip, pf_dict_list in pf_tcp_dict.iteritems():
allowed_ports = []
denied_ports = all_ports
#find all pf rules on running vm. These rules are supposed to be connectable, unless they are blocked by target vm's sg.
allowed_ports, denied_ports = \
self.count_pf_allowed_denied_ports(
pf_dict_list,
allowed_ports,
denied_ports)
#although the target_vm might be different, but the denied_vr_vm should be same.
target_vm_nic_uuid = pf_dict_list[0].get_port_forwarding().vmNicUuid
allowed_vr_vm, denied_vr_vm = \
self.get_allowed_denied_vr_vm(allowed_vr_ip, target_vm_nic_uuid)
denied_vr_ip = test_lib.lib_find_vr_pub_ip(denied_vr_vm)
try:
test_lib.lib_check_ports_in_a_command(allowed_vr_vm, allowed_vr_ip, vipIp, allowed_ports, denied_ports, target_vm)
except:
traceback.print_exc(file=sys.stdout)
test_util.test_logger("Catch failure when checking [vip:] %s Port Forwarding TCP [rules] for allowed Cidr: %s from [vm:] %s . " % \
(vip.uuid, allowed_vr_ip, allowed_vr_vm.uuid))
test_result = False
if test_result != self.exp_result:
return self.judge(test_result)
if test_result != self.exp_result:
return self.judge(test_result)
test_util.test_logger("Checking pass for [vip:] %s Port Forwardings TCP rules for allowed Cidr: %s from [vm:] %s " % \
(vip.uuid, allowed_vr_ip, allowed_vr_vm.uuid))
#check denied vr access.
allowed_ports = []
denied_ports = all_ports
#the denied vr might be in other pf rule.
if denied_vr_ip in pf_tcp_dict.keys():
allowed_ports, denied_ports = \
self.count_pf_allowed_denied_ports(
pf_tcp_dict[denied_vr_ip],
allowed_ports,
denied_ports)
try:
test_lib.lib_check_ports_in_a_command(denied_vr_vm, denied_vr_ip, vipIp, allowed_ports, denied_ports, target_vm)
except:
traceback.print_exc(file=sys.stdout)
test_util.test_logger("Catch failure when checking [vip:] %s Port Forwarding TCPs for not allowed Cidr from [vm:] %s" % (vip.uuid, allowed_vr_vm.uuid))
test_result = False
if test_result != self.exp_result:
return self.judge(test_result)
test_util.test_logger("Checking pass for Port Forwarding TCP [rule:] %s for not allowed Cidr from [vm:] %s . All ports should be blocked. " % (vip.uuid, allowed_vr_vm.uuid))
if test_result != self.exp_result:
return self.judge(test_result)
#check pf_udp rule existance.
for pf in pf_udp_list:
test_result = test_lib.lib_check_vm_pf_rule_exist_in_iptables(pf.get_port_forwarding())
test_util.test_logger('Check result: [Port Forwarding] %s finishes UDP rule existance testing' % pf.get_port_forwarding().uuid)
return self.judge(test_result)
test_util.test_logger('Check result: [Port Forwarding] finishes [vip:] %s TCP testing.' % vip.uuid)
return self.judge(test_result)
def check(self):
super(pf_checker, self).check()
test_result = True
try:
test_vip = test_lib.lib_get_vip_by_uuid(self.test_obj.get_vip().uuid)
except:
test_util.test_logger('Check Result: [vip:] %s is not exist' % self.test_obj.get_vip().uuid)
self.test_obj.update()
return self.judge(False)
if not self.test_obj.get_pf_list():
test_util.test_logger('Check Result: [vip:] %s is not attached to any pf.' % self.test_obj.get_vip().uuid)
self.test_obj.update()
return self.judge(False)
vip = self.test_obj.get_vip()
vipIp = vip.ip
all_ports = port_header.all_ports
pf_running_list = self.test_obj.get_pf_list_for_running_vm()
pf_tcp_list, pf_udp_list = self.separate_tcp_udp_list(pf_running_list)
pf_tcp_dict = self.gen_tcp_dict_by_allowed_cidr(pf_tcp_list)
pf_stopped_list = self.test_obj.get_pf_list_for_stopped_vm()
pf_detached_list = self.test_obj.get_detached_pf_list()
vip_l3 = self.test_obj.get_vip().l3NetworkUuid
if not pf_running_list:
# all ports should be denied, since no living vm.
for pf in pf_stopped_list:
test_result = self.check_denied_pf(pf)
if test_result != self.exp_result:
return self.judge(test_result)
for pf in pf_detached_list:
test_result = self.check_denied_pf(pf)
if test_result != self.exp_result:
return self.judge(test_result)
else:
#open TCP ports for living vms
for pf in pf_tcp_list:
target_vm = pf.get_target_vm().vm
vm_l3 = test_lib.lib_get_nic_by_uuid(pf.get_port_forwarding().vmNicUuid).l3NetworkUuid
test_lib.lib_open_vm_listen_ports(target_vm, all_ports, vm_l3)
#calc allowed ports, per allowed_cidr
for allowed_vr_ip, pf_dict_list in pf_tcp_dict.iteritems():
allowed_ports = []
denied_ports = all_ports
#find all pf rules on running vm. These rules are supposed to be connectable, unless they are blocked by target vm's sg.
allowed_ports, denied_ports = \
self.count_pf_allowed_denied_ports(
pf_dict_list,
allowed_ports,
denied_ports)
#although the target_vm might be different, but the denied_vr_vm should be same.
target_vm_nic_uuid = pf_dict_list[0].get_port_forwarding().vmNicUuid
allowed_vr_vm, denied_vr_vm = \
self.get_allowed_denied_vr_vm(allowed_vr_ip, target_vm_nic_uuid)
denied_vr_ip = test_lib.lib_find_vr_pub_ip(denied_vr_vm)
try:
test_lib.lib_check_ports_in_a_command(allowed_vr_vm, allowed_vr_ip, vipIp, allowed_ports, denied_ports, target_vm)
except:
traceback.print_exc(file=sys.stdout)
test_util.test_logger("Catch failure when checking [vip:] %s Port Forwarding TCP [rules] for allowed Cidr: %s from [vm:] %s . " % \
(vip.uuid, allowed_vr_ip, allowed_vr_vm.uuid))
test_result = False
if test_result != self.exp_result:
return self.judge(test_result)
if test_result != self.exp_result:
return self.judge(test_result)
test_util.test_logger("Checking pass for [vip:] %s Port Forwardings TCP rules for allowed Cidr: %s from [vm:] %s " % \
(vip.uuid, allowed_vr_ip, allowed_vr_vm.uuid))
#check denied vr access.
allowed_ports = []
denied_ports = all_ports
#the denied vr might be in other pf rule.
if denied_vr_ip in pf_tcp_dict.keys():
allowed_ports, denied_ports = \
self.count_pf_allowed_denied_ports(
pf_tcp_dict[denied_vr_ip],
allowed_ports,
denied_ports)
try:
test_lib.lib_check_ports_in_a_command(denied_vr_vm, denied_vr_ip, vipIp, allowed_ports, denied_ports, target_vm)
except:
traceback.print_exc(file=sys.stdout)
test_util.test_logger("Catch failure when checking [vip:] %s Port Forwarding TCPs for not allowed Cidr from [vm:] %s" % (vip.uuid, allowed_vr_vm.uuid))
test_result = False
if test_result != self.exp_result:
return self.judge(test_result)
test_util.test_logger("Checking pass for Port Forwarding TCP [rule:] %s for not allowed Cidr from [vm:] %s . All ports should be blocked. " % (vip.uuid, allowed_vr_vm.uuid))
if test_result != self.exp_result:
return self.judge(test_result)
#check pf_udp rule existance.
for pf in pf_udp_list:
test_result = test_lib.lib_check_vm_pf_rule_exist_in_iptables(pf.get_port_forwarding())
test_util.test_logger('Check result: [Port Forwarding] %s finishes UDP rule existance testing' % pf.get_port_forwarding().uuid)
return self.judge(test_result)
test_util.test_logger('Check result: [Port Forwarding] finishes [vip:] %s TCP testing.' % vip.uuid)
return self.judge(test_result)
