def ensure_bgp_pod_policy_created_on_apic(args):
apic = apic_client.RestClient(log, "", [args.apic_ip], args.apic_username,
args.apic_password, args.ssl)
bgp_pol_name = 'default'
asn = args.asn
pp_group_name = 'default'
p_selector_name = 'default'
with apic.transaction() as trs:
apic.bgpInstPol.create(bgp_pol_name, transaction=trs)
if not apic.bgpRRP.get_subtree(bgp_pol_name):
for node in [
x for x in apic.fabricNode.list_all()
if x['role'] == 'spine'
]:
apic.bgpRRNodePEp.create(bgp_pol_name,
node['id'],
transaction=trs)
apic.bgpAsP.create(bgp_pol_name, asn=asn, transaction=trs)
apic.fabricPodPGrp.create(pp_group_name, transaction=trs)
reference = apic.fabricRsPodPGrpBGPRRP.get(pp_group_name)
if not reference or not reference['tnBgpInstPolName']:
apic.fabricRsPodPGrpBGPRRP.update(
pp_group_name,
tnBgpInstPolName=apic.bgpInstPol.name(bgp_pol_name),
transaction=trs)
apic.fabricPodS__ALL.create(p_selector_name,
type='ALL',
transaction=trs)
apic.fabricRsPodPGrp.create(p_selector_name,
tDn=POD_POLICY_GROUP_DN_PATH %
pp_group_name,
transaction=trs)
def setUp(self):
super(TestCiscoApicClient, self).setUp()
self.set_up_mocks()
self.apic = apic.RestClient(self.log, mocked.APIC_SYSTEM_ID,
mocked.APIC_HOSTS)
self.transaction = apic.Transaction(self.apic)
self.addCleanup(mock.patch.stopall)
self.addCleanup(self.clean_up_pvt_key_file)
def test_login_by_instantiation(self):
self.reset_reponses()
self.mock_apic_manager_login_responses()
apic2 = apic.RestClient(self.log,
mocked.APIC_SYSTEM_ID,
mocked.APIC_HOSTS,
usr=mocked.APIC_USR, pwd=mocked.APIC_PWD)
self.assertIsNotNone(apic2.authentication)
self.assertEqual(apic2.username, mocked.APIC_USR)
def test_client_certificate_login(self):
self.reset_reponses()
self.enable_signature_check()
pk = self.create_pvt_key_file()
self.mock_response_for_certificate_fetch(mocked.APIC_USR)
apic.RestClient(self.log, mocked.APIC_SYSTEM_ID,
mocked.APIC_HOSTS,
usr=mocked.APIC_USR,
cert_name=mocked.APIC_USR_CERT_NAME,
private_key_file=pk)
def test_client_session_login_ok(self):
self._mock_authenticate()
self.assertEqual(
self.apic.authentication['userName'], mocked.APIC_USR)
self.assertTrue(self.apic.api_base[0].startswith('https://'))
self.assertEqual(self.apic.username, mocked.APIC_USR)
self.assertIsNotNone(self.apic.authentication)
self.apic = apic.RestClient(self.log,
mocked.APIC_SYSTEM_ID,
mocked.APIC_HOSTS, mocked.APIC_PORT,
ssl=False)
self.assertTrue(self.apic.api_base[0].startswith('http://'))
def inner(*args, **kwargs):
try:
apic = apic_client.RestClient(log, "", [kwargs['apic_ip']],
kwargs['apic_username'],
kwargs['apic_password'],
kwargs['ssl'],
verify=kwargs['secure'])
except apic_client.rexc.SSLError as e:
raise click.UsageError(
"Command failed with error: %s \nTry using option "
"'--no-secure' to skip certificate validation" % e.message)
return f(apic, *args, **kwargs)
def clean(args):
apic_session = apic_client.RestClient(log, "", [args.apic_ip],
args.apic_username,
args.apic_password, args.ssl)
apic_session.login()
classes = ['infraNodeP', 'infraAccPortP', 'fvTenant',
'physDomP', 'infraNodeP', 'infraLeafS',
'infraNodeBlk', 'infraRsAccPortP', 'infraAccPortP',
'infraHPortS', 'infraPortBlk',
'infraAccPortGrp', 'infraRsAttEntP', 'infraAttEntityP',
'infraRsDomP', 'infraRsVlanNs', 'infraAccBndlGrp',
'infraRsAttEntP', 'infraRsLacpPol', 'lacpLagPol',
'fvnsVlanInstP', 'bgpRRP', 'bgpRRNodePEp',
'bgpAsP', 'fabricFuncP', 'infraAccNodePGrp']
[apic_session.delete_class(x) for x in classes]
def establish_aci_session(apic_config):
return apic_client.RestClient(
logging, '',
apic_config.get_option('apic_hosts', group='apic'),
apic_config.get_option('apic_username', group='apic'),
apic_config.get_option('apic_password', group='apic'),
apic_config.get_option('apic_use_ssl', group='apic'),
scope_names=False, scope_infra=False, renew_names=False,
verify=apic_config.get_option('verify_ssl_certificate',
group='apic'),
request_timeout=apic_config.get_option('apic_request_timeout',
group='apic'),
cert_name=apic_config.get_option('certificate_name',
group='apic'),
private_key_file=apic_config.get_option('private_key_file',
group='apic'),
sign_algo=apic_config.get_option(
'signature_verification_algorithm', group='apic'),
sign_hash=apic_config.get_option(
'signature_hash_type', group='apic'))
def test_build_dn(self):
clnt = apic.RestClient(self.log, mocked.APIC_SYSTEM_ID,
mocked.APIC_HOSTS, scope_names=False)
manager = clnt.dn_manager
self.assertEqual('uni/tn-amit1/brc-c/subj-s2/rsfiltAtt-h',
manager.build([('fvTenant', 'amit1'),
('vzBrCP', 'c'),
('vzSubj', 's2'),
('vzRsFiltAtt', 'h')]))
self.assertEqual('uni/tn-amit1/brc-c/subj-s2/intmnl/rsfiltAtt-f',
manager.build([('fvTenant', 'amit1'),
('vzBrCP', 'c'),
('vzSubj', 's2'),
('vzInTerm', 'intmnl'),
('vzRsFiltAtt', 'f')]))
self.assertEqual(
'topology/pod-1/node-301/sys/br-[eth1/33]/odev-167776320',
manager.build([('fabricTopology', 'topology'),
('fabricPod', '1'),
('fabricNode', '301'),
('topSystem', 'sys'),
('l2BrIf', 'eth1/33'),
('opflexODev', '167776320')]))