def acquire_Public_Ip(self):
"""Acquires the public IP"""
try:
self.debug("Acquiring public IP for account: %s" %
self.account.name)
public_ip = PublicIPAddress.create(
self.apiclient,
self.virtual_machine.account,
self.virtual_machine.zoneid,
self.virtual_machine.domainid,
self.services["virtual_machine"]
)
self.debug("Acquired public IP: %s" %
public_ip.ipaddress.ipaddress)
FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.ipaddress.id,
protocol='TCP',
cidrlist=[self.services["fwrule"]["cidr"]],
startport=self.services["fwrule"]["startport"],
endport=self.services["fwrule"]["endport"]
)
return public_ip
except Exception as e:
self.fail("Failed to acquire new public IP: %s" % e)
def create_vm(self, pfrule=False, egress_policy=True, RR=False):
self.create_network_offering(egress_policy, RR)
# Creating network using the network offering created
self.debug("Creating network with network offering: %s" % self.network_offering.id)
self.network = Network.create(
self.apiclient,
self.services["network"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=self.network_offering.id,
zoneid=self.zone.id,
)
self.debug("Created network with ID: %s" % self.network.id)
self.debug("Deploying instance in the account: %s" % self.account.name)
project = None
self.virtual_machine = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
accountid=self.account.name,
domainid=self.domain.id,
serviceofferingid=self.service_offering.id,
mode=self.zone.networktype if pfrule else "basic",
networkids=[str(self.network.id)],
projectid=project.id if project else None,
)
self.debug("Deployed instance %s in account: %s" % (self.virtual_machine.id, self.account.name))
# Checking if VM is running or not, in case it is deployed in error state, test case fails
self.vm_list = list_virtual_machines(self.apiclient, id=self.virtual_machine.id)
self.assertEqual(validateList(self.vm_list)[0], PASS, "vm list validation failed, vm list is %s" % self.vm_list)
self.assertEqual(
str(self.vm_list[0].state).lower(),
"running",
"VM state should be running, it is %s" % self.vm_list[0].state,
)
self.public_ip = PublicIPAddress.create(
self.apiclient,
accountid=self.account.name,
zoneid=self.zone.id,
domainid=self.account.domainid,
networkid=self.network.id,
)
# Open up firewall port for SSH
FireWallRule.create(
self.apiclient,
ipaddressid=self.public_ip.ipaddress.id,
protocol=self.services["natrule"]["protocol"],
cidrlist=["0.0.0.0/0"],
startport=self.services["natrule"]["publicport"],
endport=self.services["natrule"]["publicport"],
)
self.debug("Creating NAT rule for VM ID: %s" % self.virtual_machine.id)
# Create NAT rule
NATRule.create(self.apiclient, self.virtual_machine, self.services["natrule"], self.public_ip.ipaddress.id)
return
def setUp(self):
self.apiclient = self.testClient.getApiClient()
self.dbclient = self.testClient.getDbConnection()
self.account = Account.create(self.apiclient,
self.services["account"],
domainid=self.domain.id)
self.virtual_machine = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
templateid=self.template.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id)
self.virtual_machine_2 = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
templateid=self.template.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id)
self.public_ip = PublicIPAddress.create(
self.apiclient, self.virtual_machine.account,
self.virtual_machine.zoneid, self.virtual_machine.domainid,
self.services["virtual_machine"])
FireWallRule.create(self.apiclient,
ipaddressid=self.public_ip.ipaddress.id,
protocol='TCP',
cidrlist=[self.services["fwrule"]["cidr"]],
startport=self.services["fwrule"]["startport"],
endport=self.services["fwrule"]["endport"])
self.cleanup = [
self.account,
]
return
def createNetworkRulesForVM(apiclient, virtualmachine, ruletype,
account, networkruledata):
"""Acquire IP, create Firewall and NAT/StaticNAT rule
(associating it with given vm) for that IP"""
try:
public_ip = PublicIPAddress.create(
apiclient,accountid=account.name,
zoneid=virtualmachine.zoneid,domainid=account.domainid,
networkid=virtualmachine.nic[0].networkid)
FireWallRule.create(
apiclient,ipaddressid=public_ip.ipaddress.id,
protocol='TCP', cidrlist=[networkruledata["fwrule"]["cidr"]],
startport=networkruledata["fwrule"]["startport"],
endport=networkruledata["fwrule"]["endport"]
)
if ruletype == NAT_RULE:
# Create NAT rule
NATRule.create(apiclient, virtualmachine,
networkruledata["natrule"],ipaddressid=public_ip.ipaddress.id,
networkid=virtualmachine.nic[0].networkid)
elif ruletype == STATIC_NAT_RULE:
# Enable Static NAT for VM
StaticNATRule.enable(apiclient,public_ip.ipaddress.id,
virtualmachine.id, networkid=virtualmachine.nic[0].networkid)
except Exception as e:
[FAIL, e]
return [PASS, public_ip]
def create_vm(self, pfrule=False, egress_policy=True, RR=False):
self.create_network_offering(egress_policy, RR)
# Creating network using the network offering created
self.debug("Creating network with network offering: %s" %
self.network_offering.id)
self.network = Network.create(
self.apiclient,
self.services["network"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=self.network_offering.id,
zoneid=self.zone.id)
self.debug("Created network with ID: %s" % self.network.id)
self.debug("Deploying instance in the account: %s" % self.account.name)
project = None
self.virtual_machine = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
accountid=self.account.name,
domainid=self.domain.id,
serviceofferingid=self.service_offering.id,
mode=self.zone.networktype if pfrule else 'basic',
networkids=[str(self.network.id)],
projectid=project.id if project else None)
self.debug("Deployed instance %s in account: %s" %
(self.virtual_machine.id, self.account.name))
# Checking if VM is running or not, in case it is deployed in error state, test case fails
self.vm_list = list_virtual_machines(self.apiclient,
id=self.virtual_machine.id)
self.assertEqual(
validateList(self.vm_list)[0], PASS,
"vm list validation failed, vm list is %s" % self.vm_list)
self.assertEqual(
str(self.vm_list[0].state).lower(), 'running',
"VM state should be running, it is %s" % self.vm_list[0].state)
self.public_ip = PublicIPAddress.create(self.apiclient,
accountid=self.account.name,
zoneid=self.zone.id,
domainid=self.account.domainid,
networkid=self.network.id)
# Open up firewall port for SSH
FireWallRule.create(self.apiclient,
ipaddressid=self.public_ip.ipaddress.id,
protocol=self.services["natrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule"]["publicport"],
endport=self.services["natrule"]["publicport"])
self.debug("Creating NAT rule for VM ID: %s" % self.virtual_machine.id)
#Create NAT rule
NATRule.create(self.apiclient, self.virtual_machine,
self.services["natrule"], self.public_ip.ipaddress.id)
return
def test_router_dns_guestipquery(self):
"""Checks that guest VM can query VR DNS"""
self.logger.debug("Starting test_router_dns_guestipquery...")
public_ip = self.test_router_common()[0]
self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm1.id)
FireWallRule.create(self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule1"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule1"]["publicport"],
endport=self.services["natrule1"]["publicport"])
self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm1.id)
nat_rule1 = NATRule.create(self.apiclient, self.vm1,
self.services["natrule1"], public_ip.id)
nat_rules = list_nat_rules(self.apiclient, id=nat_rule1.id)
self.assertEqual(
isinstance(nat_rules, list), True,
"Check for list NAT rules response return valid data")
self.assertTrue(
len(nat_rules) >= 1,
"Check for list NAT rules to have at least one rule")
self.assertEqual(nat_rules[0].state, 'Active',
"Check list port forwarding rules")
result1 = None
try:
self.logger.debug("SSH into guest VM with IP: %s" %
nat_rule1.ipaddress)
ssh = self.vm1.get_ssh_client(
ipaddress=nat_rule1.ipaddress,
port=self.services['natrule1']["publicport"],
retries=8)
result1 = str(ssh.execute("nslookup %s" % VM1_NAME))
self.logger.debug("nslookup %s: %s " % (VM1_NAME, result1))
result2 = str(ssh.execute("nslookup %s" % VM2_NAME))
self.logger.debug("nslookup %s: %s " % (VM2_NAME, result2))
except Exception as e:
self.fail("Failed to SSH into VM - %s due to exception: %s" %
(nat_rule1.ipaddress, e))
if not result1:
self.fail(
"Did not to receive any response from the guest VM, failing.")
self.assertTrue(
VM1_NAME in result1 and "#53" in result1,
"VR DNS should serve requests from guest network, ping for %s successful."
% VM1_NAME)
self.assertTrue(
VM2_NAME in result2 and "#53" in result2,
"VR DNS should serve requests from guest network, ping for %s successful."
% VM2_NAME)
return
def test_isolate_network_FW_PF_default_routes(self):
"""Stop existing router, add a PF rule and check we can access the VM """
self.logger.debug("Starting test_isolate_network_FW_PF_default_routes...")
routers = list_routers(self.apiclient, account=self.account.name, domainid=self.account.domainid)
self.assertEqual(isinstance(routers, list), True, "Check for list routers response return valid data")
self.assertNotEqual(len(routers), 0, "Check list router response")
router = routers[0]
self.assertEqual(router.state, "Running", "Check list router response for router state")
public_ips = list_publicIP(
self.apiclient, account=self.account.name, domainid=self.account.domainid, zoneid=self.zone.id
)
self.assertEqual(isinstance(public_ips, list), True, "Check for list public IPs response return valid data")
public_ip = public_ips[0]
self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm_1.id)
FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule"]["protocol"],
cidrlist=["0.0.0.0/0"],
startport=self.services["natrule"]["publicport"],
endport=self.services["natrule"]["publicport"],
)
self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_1.id)
# Create NAT rule
nat_rule = NATRule.create(self.apiclient, self.vm_1, self.services["natrule"], public_ip.id)
nat_rules = list_nat_rules(self.apiclient, id=nat_rule.id)
self.assertEqual(isinstance(nat_rules, list), True, "Check for list NAT rules response return valid data")
self.assertEqual(nat_rules[0].state, "Active", "Check list port forwarding rules")
result = "failed"
try:
ssh_command = "ping -c 3 8.8.8.8"
self.logger.debug("SSH into VM with ID: %s" % nat_rule.ipaddress)
ssh = self.vm_1.get_ssh_client(
ipaddress=nat_rule.ipaddress, port=self.services["natrule"]["publicport"], retries=5
)
result = str(ssh.execute(ssh_command))
self.logger.debug("SSH result: %s; COUNT is ==> %s" % (result, result.count("3 packets received")))
except:
self.fail("Failed to SSH into VM - %s" % (public_ip.ipaddress.ipaddress))
self.assertEqual(result.count("3 packets received"), 1, "Ping to outside world from VM should be successful")
return
def test_router_dns_guestipquery(self):
"""Checks that guest VM can query VR DNS"""
self.logger.debug("Starting test_router_dns_guestipquery...")
public_ip = self.test_router_common()[0]
self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm.id)
FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule1"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule1"]["publicport"],
endport=self.services["natrule1"]["publicport"]
)
self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm.id)
nat_rule1 = NATRule.create(
self.apiclient,
self.vm,
self.services["natrule1"],
public_ip.id
)
nat_rules = list_nat_rules(
self.apiclient,
id=nat_rule1.id
)
self.assertEqual(
isinstance(nat_rules, list),
True,
"Check for list NAT rules response return valid data"
)
self.assertTrue(
len(nat_rules) >= 1,
"Check for list NAT rules to have at least one rule"
)
self.assertEqual(
nat_rules[0].state,
'Active',
"Check list port forwarding rules"
)
result = None
try:
self.logger.debug("SSH into guest VM with IP: %s" % nat_rule1.ipaddress)
ssh = self.vm.get_ssh_client(ipaddress=nat_rule1.ipaddress, port=self.services['natrule1']["publicport"], retries=8)
result = str(ssh.execute("nslookup google.com"))
except Exception as e:
self.fail("Failed to SSH into VM - %s due to exception: %s" % (nat_rule1.ipaddress, e))
if not result:
self.fail("Did not to receive any response from the guest VM, failing.")
self.assertTrue("google.com" in result and "#53" in result,
"VR DNS should serve requests from guest network, unable to get valid nslookup result from guest VM.")
def setUpClass(cls):
cls.logger = MarvinLog(MarvinLog.LOGGER_TEST).get_logger()
testClient = super(TestLoadBalance, cls).getClsTestClient()
cls.apiclient = testClient.getApiClient()
cls.services = testClient.getParsedTestDataConfig()
# Get Zone, Domain and templates
cls.domain = get_domain(cls.apiclient)
cls.zone = get_zone(cls.apiclient, testClient.getZoneForTests())
cls.template = get_template(cls.apiclient, cls.zone.id)
if cls.template == FAILED:
assert False, "get_template() failed to return template with description %s" % cls.services[
"ostype"]
cls.services["virtual_machine"]["zoneid"] = cls.zone.id
# Create an account, network, VM and IP addresses
cls.account = Account.create(cls.apiclient,
cls.services["account"],
admin=True,
domainid=cls.domain.id)
cls.service_offering = get_default_virtual_machine_offering(
cls.apiclient)
cls.vm_1 = VirtualMachine.create(
cls.apiclient,
cls.services["virtual_machine"],
templateid=cls.template.id,
accountid=cls.account.name,
domainid=cls.account.domainid,
serviceofferingid=cls.service_offering.id)
cls.vm_2 = VirtualMachine.create(
cls.apiclient,
cls.services["virtual_machine"],
templateid=cls.template.id,
accountid=cls.account.name,
domainid=cls.account.domainid,
serviceofferingid=cls.service_offering.id)
cls.vm_3 = VirtualMachine.create(
cls.apiclient,
cls.services["virtual_machine"],
templateid=cls.template.id,
accountid=cls.account.name,
domainid=cls.account.domainid,
serviceofferingid=cls.service_offering.id)
cls.non_src_nat_ip = PublicIPAddress.create(
cls.apiclient, cls.account.name, cls.zone.id, cls.account.domainid,
cls.services["virtual_machine"])
# Open up firewall port for SSH
cls.fw_rule = FireWallRule.create(
cls.apiclient,
ipaddressid=cls.non_src_nat_ip.ipaddress.id,
protocol=cls.services["lbrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=cls.services["lbrule"]["publicport"],
endport=cls.services["lbrule"]["publicport"])
cls._cleanup = [cls.account]
def deploy_firewallrule(self, firewallrule, publicipaddress):
firewall = FireWallRule.create(self.api_client,
data=firewallrule['data'],
ipaddress=publicipaddress)
self.logger.debug(
'>>> ISOLATED NETWORKS FIREWALL RULE => ID: %s => Start Port: %s '
'=> End Port: %s => CIDR: %s => Protocol: %s => State: %s '
'=> Network: %s => IP: %s', firewall.id, firewall.startport,
firewall.endport, firewall.cidrlist, firewall.protocol,
firewall.state, firewall.networkid, firewall.ipaddress)
def setUp(self):
self.apiclient = self.testClient.getApiClient()
self.dbclient = self.testClient.getDbConnection()
self.account = Account.create(
self.apiclient,
self.services["account"],
domainid=self.domain.id
)
self.virtual_machine = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
templateid=self.template.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id
)
self.virtual_machine_2 = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
templateid=self.template.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id
)
self.public_ip = PublicIPAddress.create(
self.apiclient,
self.virtual_machine.account,
self.virtual_machine.zoneid,
self.virtual_machine.domainid,
self.services["virtual_machine"]
)
FireWallRule.create(
self.apiclient,
ipaddressid=self.public_ip.ipaddress.id,
protocol='TCP',
cidrlist=[self.services["fwrule"]["cidr"]],
startport=self.services["fwrule"]["startport"],
endport=self.services["fwrule"]["endport"]
)
self.cleanup = [self.account, ]
return
def deploy_firewallrule(self, firewallrule, publicipaddress):
firewall = FireWallRule.create(
self.api_client,
data=firewallrule['data'],
ipaddress=publicipaddress
)
self.logger.debug('>>> ISOLATED NETWORKS FIREWALL RULE => ID: %s => Start Port: %s '
'=> End Port: %s => CIDR: %s => Protocol: %s => State: %s '
'=> Network: %s => IP: %s',
firewall.id, firewall.startport, firewall.endport, firewall.cidrlist,
firewall.protocol, firewall.state, firewall.networkid, firewall.ipaddress)
def create_FirewallRule(self, public_ip, rule=None):
if not rule:
rule = self.test_data["ingress_rule"]
self.debug("Adding an Ingress Firewall rule to make Guest VMs accessible through Static NAT - %s" % rule)
return FireWallRule.create(self.api_client,
ipaddressid=public_ip.ipaddress.id,
protocol=rule["protocol"],
cidrlist=rule["cidrlist"],
startport=rule["startport"],
endport=rule["endport"]
)
def createNetworkRules(self, rule, ipaddressobj, networkid):
""" Create specified rule on acquired public IP and
default network of virtual machine
"""
# Open up firewall port for SSH
self.fw_rule = FireWallRule.create(
self.apiclient,
ipaddressid=ipaddressobj.ipaddress.id,
protocol=self.services["fwrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["fwrule"]["startport"],
endport=self.services["fwrule"]["endport"]
)
if rule == STATIC_NAT_RULE:
StaticNATRule.enable(
self.apiclient,
ipaddressobj.ipaddress.id,
self.virtual_machine.id,
networkid
)
elif rule == LB_RULE:
self.lb_rule = LoadBalancerRule.create(
self.apiclient,
self.services["lbrule"],
ipaddressid=ipaddressobj.ipaddress.id,
accountid=self.account.name,
networkid=self.virtual_machine.nic[0].networkid,
domainid=self.account.domainid)
vmidipmap = [{"vmid": str(self.virtual_machine.id),
"vmip": str(self.virtual_machine.nic[0].ipaddress)}]
self.lb_rule.assign(
self.apiclient,
vmidipmap=vmidipmap
)
else:
self.nat_rule = NATRule.create(
self.apiclient,
self.virtual_machine,
self.services["natrule"],
ipaddressobj.ipaddress.id
)
return
def createNetworkRules(self, rule, ipaddressobj, networkid):
""" Create specified rule on acquired public IP and
default network of virtual machine
"""
# Open up firewall port for SSH
self.fw_rule = FireWallRule.create(
self.apiclient,
ipaddressid=ipaddressobj.ipaddress.id,
protocol=self.services["fwrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["fwrule"]["startport"],
endport=self.services["fwrule"]["endport"]
)
if rule == STATIC_NAT_RULE:
StaticNATRule.enable(
self.apiclient,
ipaddressobj.ipaddress.id,
self.virtual_machine.id,
networkid
)
elif rule == LB_RULE:
self.lb_rule = LoadBalancerRule.create(
self.apiclient,
self.services["lbrule"],
ipaddressid=ipaddressobj.ipaddress.id,
accountid=self.account.name,
networkid=self.virtual_machine.nic[0].networkid,
domainid=self.account.domainid)
vmidipmap = [{"vmid": str(self.virtual_machine.id),
"vmip": str(self.virtual_machine.nic[0].ipaddress)}]
self.lb_rule.assign(
self.apiclient,
vmidipmap=vmidipmap
)
else:
self.nat_rule = NATRule.create(
self.apiclient,
self.virtual_machine,
self.services["natrule"],
ipaddressobj.ipaddress.id
)
return
def test_isolate_network_password_server(self):
"""Check the password file in the Router VM"""
self.logger.debug("Starting test_isolate_network_password_server...")
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
self.assertNotEqual(
len(routers),
0,
"Check list router response"
)
router = routers[0]
self.assertEqual(
router.state,
'Running',
"Check list router response for router state"
)
public_ips = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id
)
self.assertEqual(
isinstance(public_ips, list),
True,
"Check for list public IPs response return valid data"
)
public_ip = public_ips[0]
self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm_1.id)
FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule1"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule1"]["publicport"],
endport=self.services["natrule1"]["publicport"]
)
self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_1.id)
# Create NAT rule
nat_rule1 = NATRule.create(
self.apiclient,
self.vm_1,
self.services["natrule1"],
public_ip.id
)
self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm_2.id)
FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule2"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule2"]["publicport"],
endport=self.services["natrule2"]["publicport"]
)
self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_2.id)
# Create NAT rule
nat_rule2 = NATRule.create(
self.apiclient,
self.vm_2,
self.services["natrule2"],
public_ip.id
)
nat_rules = list_nat_rules(
self.apiclient,
id=nat_rule1.id
)
self.assertEqual(
isinstance(nat_rules, list),
True,
"Check for list NAT rules response return valid data"
)
self.assertEqual(
nat_rules[0].state,
'Active',
"Check list port forwarding rules"
)
nat_rules = list_nat_rules(
self.apiclient,
id=nat_rule2.id
)
self.assertEqual(
isinstance(nat_rules, list),
True,
"Check for list NAT rules response return valid data"
)
self.assertEqual(
nat_rules[0].state,
'Active',
"Check list port forwarding rules"
)
self.test_ssh_command(self.vm_1, nat_rule1, "natrule1")
self.test_ssh_command(self.vm_2, nat_rule2, "natrule2")
self.test_password_file_not_empty(self.vm_1, router)
self.test_password_file_not_empty(self.vm_2, router)
return
def test_02_isolate_network_FW_PF_default_routes_egress_false(self):
""" Test redundant router internals """
self.logger.debug("Starting test_02_isolate_network_FW_PF_default_routes_egress_false...")
self.logger.debug("Creating Network Offering with default egress FALSE")
network_offering_egress_false = NetworkOffering.create(self.apiclient,
self.services["network_offering_egress_false"],
conservemode=True)
network_offering_egress_false.update(self.apiclient, state='Enabled')
self.logger.debug("Creating Network with Network Offering ID %s" % network_offering_egress_false.id)
network = Network.create(self.apiclient,
self.services["network"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=network_offering_egress_false.id,
zoneid=self.zone.id)
self.logger.debug("Deploying Virtual Machine on Network %s" % network.id)
virtual_machine = VirtualMachine.create(self.apiclient,
self.services["virtual_machine"],
templateid=self.template.id,
accountid=self.account.name,
domainid=self.domain.id,
serviceofferingid=self.service_offering.id,
networkids=[str(network.id)])
self.logger.debug("Deployed VM in network: %s" % network.id)
self.cleanup.insert(0, network_offering_egress_false)
self.cleanup.insert(0, network)
self.cleanup.insert(0, virtual_machine)
self.logger.debug("Starting test_isolate_network_FW_PF_default_routes...")
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
self.assertNotEqual(
len(routers),
0,
"Check list router response"
)
router = routers[0]
self.assertEqual(
router.state,
'Running',
"Check list router response for router state"
)
public_ips = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id
)
self.assertEqual(
isinstance(public_ips, list),
True,
"Check for list public IPs response return valid data"
)
public_ip = public_ips[0]
self.logger.debug("Creating Firewall rule for VM ID: %s" % virtual_machine.id)
FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule"]["publicport"],
endport=self.services["natrule"]["publicport"]
)
self.logger.debug("Creating NAT rule for VM ID: %s" % virtual_machine.id)
# Create NAT rule
nat_rule = NATRule.create(
self.apiclient,
virtual_machine,
self.services["natrule"],
public_ip.id
)
nat_rules = list_nat_rules(
self.apiclient,
id=nat_rule.id
)
self.assertEqual(
isinstance(nat_rules, list),
True,
"Check for list NAT rules response return valid data"
)
self.assertEqual(
nat_rules[0].state,
'Active',
"Check list port forwarding rules"
)
expected = 0
ssh_command = "ping -c 3 8.8.8.8"
check_string = " 0% packet loss"
result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self)
self.assertEqual(
result,
expected,
"Ping to outside world from VM should NOT be successful"
)
expected = 0
ssh_command = "wget -t 1 -T 1 www.google.com"
check_string = "HTTP request sent, awaiting response... 200 OK"
result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self)
self.assertEqual(
result,
expected,
"Attempt to retrieve google.com index page should NOT be successful"
)
EgressFireWallRule.create(
self.apiclient,
networkid=network.id,
protocol=self.services["egress_80"]["protocol"],
startport=self.services["egress_80"]["startport"],
endport=self.services["egress_80"]["endport"],
cidrlist=self.services["egress_80"]["cidrlist"]
)
expected = 1
ssh_command = "wget -t 1 -T 5 www.google.com"
check_string = "HTTP request sent, awaiting response... 200 OK"
result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self)
self.assertEqual(
result,
expected,
"Attempt to retrieve google.com index page should be successful once rule is added!"
)
return
def test_01_CreatePFOnStoppedRouter(self):
"""Stop existing router, add a PF rule and check we can access the VM """
# Get router details associated for that account
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
self.assertNotEqual(
len(routers),
0,
"Check list router response"
)
router = routers[0]
self.logger.debug("Stopping router ID: %s" % router.id)
# Stop the router
cmd = stopRouter.stopRouterCmd()
cmd.id = router.id
self.apiclient.stopRouter(cmd)
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
router = routers[0]
self.assertEqual(
router.state,
'Stopped',
"Check list router response for router state"
)
public_ips = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id
)
self.assertEqual(
isinstance(public_ips, list),
True,
"Check for list public IPs response return valid data"
)
public_ip = public_ips[0]
# Open up firewall port for SSH
FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule"]["publicport"],
endport=self.services["natrule"]["publicport"]
)
self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_1.id)
# Create NAT rule
nat_rule = NATRule.create(
self.apiclient,
self.vm_1,
self.services["natrule"],
public_ip.id
)
self.logger.debug("Starting router ID: %s" % router.id)
# Start the router
cmd = startRouter.startRouterCmd()
cmd.id = router.id
self.apiclient.startRouter(cmd)
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
router = routers[0]
self.assertEqual(
router.state,
'Running',
"Check list router response for router state"
)
# NAT Rule should be in Active state after router start
nat_rules = list_nat_rules(
self.apiclient,
id=nat_rule.id
)
self.assertEqual(
isinstance(nat_rules, list),
True,
"Check for list NAT rules response return valid data"
)
self.assertEqual(
nat_rules[0].state,
'Active',
"Check list port forwarding rules"
)
try:
self.logger.debug("SSH into VM with ID: %s" % nat_rule.ipaddress)
self.vm_1.get_ssh_client(
ipaddress=nat_rule.ipaddress,
port=self.services["natrule"]["publicport"])
except Exception as e:
self.fail(
"SSH Access failed for %s: %s" %
(nat_rule.ipaddress, e)
)
return
def test_01_firewall_rules_port_fw(self):
""""Checking firewall rules deletion after static NAT disable"""
# Validate the following:
#1. Enable static NAT for a VM
#2. Open up some ports. At this point there will be new rows in the
# firewall_rules table.
#3. Disable static NAT for the VM.
#4. Check fire wall rules are deleted from firewall_rules table.
public_ip = self.public_ip.ipaddress
# Enable Static NAT for VM
StaticNATRule.enable(
self.apiclient,
public_ip.id,
self.virtual_machine.id
)
self.debug("Enabled static NAT for public IP ID: %s" %
public_ip.id)
#Create Static NAT rule, in fact it's firewall rule
nat_rule = StaticNATRule.create(
self.apiclient,
self.services["firewall_rule"],
public_ip.id
)
self.debug("Created Static NAT rule for public IP ID: %s" %
public_ip.id)
self.debug("Checking IP address")
ip_response = PublicIPAddress.list(
self.apiclient,
id = public_ip.id
)
self.assertEqual(
isinstance(ip_response, list),
True,
"Check ip response returns a valid list"
)
self.assertNotEqual(
len(ip_response),
0,
"Check static NAT Rule is created"
)
self.assertTrue(
ip_response[0].isstaticnat,
"IP is not static nat enabled"
)
self.assertEqual(
ip_response[0].virtualmachineid,
self.virtual_machine.id,
"IP is not binding with the VM"
)
self.debug("Checking Firewall rule")
firewall_response = FireWallRule.list(
self.apiclient,
ipaddressid = public_ip.id,
listall = True
)
self.assertEqual(
isinstance(firewall_response, list),
True,
"Check firewall response returns a valid list"
)
self.assertNotEqual(
len(firewall_response),
0,
"Check firewall rule is created"
)
self.assertEqual(
firewall_response[0].state,
"Active",
"Firewall rule is not active"
)
self.assertEqual(
firewall_response[0].ipaddressid,
public_ip.id,
"Firewall rule is not static nat related"
)
self.assertEqual(
firewall_response[0].startport,
str(self.services["firewall_rule"]["startport"]),
"Firewall rule is not with specific port"
)
self.debug("Removed the firewall rule")
nat_rule.delete(self.apiclient)
self.debug("Checking IP address, it should still existed")
ip_response = PublicIPAddress.list(
self.apiclient,
id = public_ip.id
)
self.assertEqual(
isinstance(ip_response, list),
True,
"Check ip response returns a valid list"
)
self.assertNotEqual(
len(ip_response),
0,
"Check static NAT Rule is created"
)
self.assertTrue(
ip_response[0].isstaticnat,
"IP is not static nat enabled"
)
self.assertEqual(
ip_response[0].virtualmachineid,
self.virtual_machine.id,
"IP is not binding with the VM"
)
self.debug("Checking Firewall rule, it should be removed")
firewall_response = FireWallRule.list(
self.apiclient,
ipaddressid = public_ip.id,
listall = True
)
self.assertEqual(
isinstance(firewall_response, list),
True,
"Check firewall response returns a valid list"
)
if len(firewall_response) != 0 :
self.assertEqual(
firewall_response[0].state,
"Deleting",
"Firewall rule should be deleted or in deleting state"
)
return
def test_router_dhcphosts(self):
"""Check that the /etc/dhcphosts.txt doesn't contain duplicate IPs"""
self.logger.debug("Starting test_router_dhcphosts...")
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
self.assertNotEqual(
len(routers),
0,
"Check list router response"
)
router = routers[0]
self.assertEqual(
router.state,
'Running',
"Check list router response for router state"
)
public_ips = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id
)
self.assertEqual(
isinstance(public_ips, list),
True,
"Check for list public IPs response return valid data"
)
public_ip = public_ips[0]
self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm_1.id)
FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule1"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule1"]["publicport"],
endport=self.services["natrule1"]["publicport"]
)
self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_1.id)
# Create NAT rule
nat_rule1 = NATRule.create(
self.apiclient,
self.vm_1,
self.services["natrule1"],
public_ip.id
)
self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm_2.id)
FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule2"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule2"]["publicport"],
endport=self.services["natrule2"]["publicport"]
)
self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_2.id)
# Create NAT rule
nat_rule2 = NATRule.create(
self.apiclient,
self.vm_2,
self.services["natrule2"],
public_ip.id
)
nat_rules = list_nat_rules(
self.apiclient,
id=nat_rule1.id
)
self.assertEqual(
isinstance(nat_rules, list),
True,
"Check for list NAT rules response return valid data"
)
self.assertEqual(
nat_rules[0].state,
'Active',
"Check list port forwarding rules"
)
nat_rules = list_nat_rules(
self.apiclient,
id=nat_rule2.id
)
self.assertEqual(
isinstance(nat_rules, list),
True,
"Check for list NAT rules response return valid data"
)
self.assertEqual(
nat_rules[0].state,
'Active',
"Check list port forwarding rules"
)
self.logger.debug("Testing SSH to VMs %s and %s" % (self.vm_1.id, self.vm_2.id))
self.test_ssh_command(self.vm_1, nat_rule1, "natrule1")
self.test_ssh_command(self.vm_2, nat_rule2, "natrule2")
self.logger.debug("Testing DHCP hosts for VMs %s and %s" % (self.vm_1.id, self.vm_2.id))
self.test_dhcphosts(self.vm_1, router)
self.test_dhcphosts(self.vm_2, router)
self.logger.debug("Deleting and Expunging VM %s with ip %s" % (self.vm_1.id, self.vm_1.nic[0].ipaddress))
self.vm_1.delete(self.apiclient)
self.logger.debug("Creating new VM using the same IP as the one which was deleted => IP 10.1.1.50")
self.vm_1 = VirtualMachine.create(self.apiclient,
self.services["virtual_machine"],
templateid=self.template.id,
accountid=self.account.name,
domainid=self.domain.id,
serviceofferingid=self.service_offering.id,
networkids=[str(self.network.id)],
ipaddress="10.1.1.50")
self.cleanup.append(self.vm_1)
self.logger.debug("Testing DHCP hosts for VMs %s and %s" % (self.vm_1.id, self.vm_2.id))
self.test_dhcphosts(self.vm_1, router)
self.test_dhcphosts(self.vm_2, router)
return
def test_02_port_fwd_on_non_src_nat(self):
"""Test for port forwarding on non source NAT"""
# Validate the following:
# 1. listPortForwardingRules should not return the deleted rule anymore
# 2. attempt to do ssh should now fail
ip_address = PublicIPAddress.create(
self.apiclient,
self.account.name,
self.zone.id,
self.account.domainid,
self.services["virtual_machine"]
)
self.cleanup.append(ip_address)
# Check if VM is in Running state before creating NAT rule
vm_response = VirtualMachine.list(
self.apiclient,
id=self.virtual_machine.id
)
self.assertEqual(
isinstance(vm_response, list),
True,
"Check list VM returns a valid list"
)
self.assertNotEqual(
len(vm_response),
0,
"Check Port Forwarding Rule is created"
)
self.assertEqual(
vm_response[0].state,
'Running',
"VM state should be Running before creating a NAT rule."
)
# Open up firewall port for SSH
FireWallRule.create(
self.apiclient,
ipaddressid=ip_address.ipaddress.id,
protocol=self.services["natrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule"]["publicport"],
endport=self.services["natrule"]["publicport"]
)
# Create NAT rule
nat_rule = NATRule.create(
self.apiclient,
self.virtual_machine,
self.services["natrule"],
ip_address.ipaddress.id
)
# Validate the following:
# 1. listPortForwardingRules should not return the deleted rule anymore
# 2. attempt to do ssh should now fail
list_nat_rule_response = list_nat_rules(
self.apiclient,
id=nat_rule.id
)
self.assertEqual(
isinstance(list_nat_rule_response, list),
True,
"Check list response returns a valid list"
)
self.assertNotEqual(
len(list_nat_rule_response),
0,
"Check Port Forwarding Rule is created"
)
self.assertEqual(
list_nat_rule_response[0].id,
nat_rule.id,
"Check Correct Port forwarding Rule is returned"
)
try:
logger.debug("SSHing into VM with IP address %s with NAT IP %s" %
(
self.virtual_machine.ipaddress,
ip_address.ipaddress.ipaddress
))
self.virtual_machine.get_ssh_client(ip_address.ipaddress.ipaddress)
except Exception as e:
self.fail(
"SSH Access failed for %s: %s" %
(self.virtual_machine.ipaddress, e)
)
nat_rule.delete(self.apiclient)
try:
list_nat_rule_response = list_nat_rules(
self.apiclient,
id=nat_rule.id
)
except CloudstackAPIException:
logger.debug("Nat Rule is deleted")
# Check if the Public SSH port is inaccessible
with self.assertRaises(Exception):
logger.debug(
"SSHing into VM with IP address %s after NAT rule deletion" %
self.virtual_machine.ipaddress)
SshClient(
ip_address.ipaddress.ipaddress,
self.virtual_machine.ssh_port,
self.virtual_machine.username,
self.virtual_machine.password,
retries=2,
delay=0
)
return
def test_01_RouterStopCreateFW(self):
"""Test router stop create Firewall rule
"""
# validate the following
# 1. 1. listFirewallRules (filter by ipaddressid of sourcenat)
# 2. rule should be for ports 1-600 and in state=Active
# (optional backend)
# 3. verify on router using iptables -t nat -nvx if rules are applied
# Get the router details associated with account
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
self.assertNotEqual(
len(routers),
0,
"Check list router response"
)
router = routers[0]
self.debug("Stopping the router: %s" % router.id)
# Stop the router
cmd = stopRouter.stopRouterCmd()
cmd.id = router.id
self.apiclient.stopRouter(cmd)
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
router = routers[0]
self.assertEqual(
router.state,
'Stopped',
"Check list router response for router state"
)
public_ips = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid
)
self.assertEqual(
isinstance(public_ips, list),
True,
"Check for list public IP response return valid data"
)
public_ip = public_ips[0]
# Create Firewall rule with configurations from settings file
fw_rule = FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.id,
protocol='TCP',
cidrlist=[self.services["fwrule"]["cidr"]],
startport=self.services["fwrule"]["startport"],
endport=self.services["fwrule"]["endport"]
)
self.debug("Created firewall rule: %s" % fw_rule.id)
self.debug("Starting the router: %s" % router.id)
# Start the router
cmd = startRouter.startRouterCmd()
cmd.id = router.id
self.apiclient.startRouter(cmd)
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
router = routers[0]
self.assertEqual(
router.state,
'Running',
"Check list router response for router state"
)
# After Router start, FW rule should be in Active state
fw_rules = list_firewall_rules(
self.apiclient,
id=fw_rule.id,
)
self.assertEqual(
isinstance(fw_rules, list),
True,
"Check for list FW rules response return valid data"
)
self.assertEqual(
fw_rules[0].state,
'Active',
"Check list load balancing rules"
)
self.assertEqual(
fw_rules[0].startport,
self.services["fwrule"]["startport"],
"Check start port of firewall rule"
)
self.assertEqual(
fw_rules[0].endport,
self.services["fwrule"]["endport"],
"Check end port of firewall rule"
)
# For DNS and DHCP check 'dnsmasq' process status
if (self.hypervisor.lower() == 'vmware'
or self.hypervisor.lower() == 'hyperv'):
result = get_process_status(
self.apiclient.connection.mgtSvr,
22,
self.apiclient.connection.user,
self.apiclient.connection.passwd,
router.linklocalip,
'iptables -t nat -L',
hypervisor=self.hypervisor
)
else:
hosts = list_hosts(
self.apiclient,
id=router.hostid,
)
self.assertEqual(
isinstance(hosts, list),
True,
"Check for list hosts response return valid data"
)
host = hosts[0]
try:
result = get_process_status(
host.ipaddress,
22,
self.hostConfig['username'],
self.hostConfig['password'],
router.linklocalip,
'iptables -t nat -L'
)
except KeyError:
self.skipTest(
"Provide a marvin config file with host\
credentials to run %s" %
self._testMethodName)
self.debug("iptables -t nat -L: %s" % result)
self.debug("Public IP: %s" % public_ip.ipaddress)
res = str(result)
self.assertEqual(
res.count(str(public_ip.ipaddress)),
1,
"Check public IP address"
)
return
def test_isolate_network_FW_PF_default_routes(self):
"""Stop existing router, add a PF rule and check we can access the VM """
self.logger.debug("Starting test_isolate_network_FW_PF_default_routes...")
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
self.assertNotEqual(
len(routers),
0,
"Check list router response"
)
router = routers[0]
self.assertEqual(
router.state,
'Running',
"Check list router response for router state"
)
public_ips = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id
)
self.assertEqual(
isinstance(public_ips, list),
True,
"Check for list public IPs response return valid data"
)
public_ip = public_ips[0]
self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm_1.id)
FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule"]["publicport"],
endport=self.services["natrule"]["publicport"]
)
self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_1.id)
# Create NAT rule
nat_rule = NATRule.create(
self.apiclient,
self.vm_1,
self.services["natrule"],
public_ip.id
)
nat_rules = list_nat_rules(
self.apiclient,
id=nat_rule.id
)
self.assertEqual(
isinstance(nat_rules, list),
True,
"Check for list NAT rules response return valid data"
)
self.assertEqual(
nat_rules[0].state,
'Active',
"Check list port forwarding rules"
)
result = 'failed'
try:
ssh_command = "ping -c 3 8.8.8.8"
self.logger.debug("SSH into VM with IP: %s" % nat_rule.ipaddress)
ssh = self.vm_1.get_ssh_client(ipaddress=nat_rule.ipaddress, port=self.services["natrule"]["publicport"], retries=5)
result = str(ssh.execute(ssh_command))
self.logger.debug("SSH result: %s; COUNT is ==> %s" % (result, result.count("3 packets received")))
except:
self.fail("Failed to SSH into VM - %s" % (nat_rule.ipaddress))
self.assertEqual(
result.count("3 packets received"),
1,
"Ping to outside world from VM should be successful"
)
return
def test_RVR_Network_FW_PF_SSH_default_routes(self):
""" Test redundant router internals """
self.logger.debug("Starting test_RVR_Network_FW_PF_SSH_default_routes...")
self.logger.debug("Creating network with network offering: %s" % self.network_offering.id)
network = Network.create(
self.apiclient,
self.services["network"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=self.network_offering.id,
zoneid=self.zone.id
)
self.logger.debug("Created network with ID: %s" % network.id)
networks = Network.list(
self.apiclient,
id=network.id,
listall=True
)
self.assertEqual(
isinstance(networks, list),
True,
"List networks should return a valid response for created network"
)
nw_response = networks[0]
self.logger.debug("Deploying VM in account: %s" % self.account.name)
virtual_machine = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
templateid=self.template.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id,
networkids=[str(network.id)]
)
self.logger.debug("Deployed VM in network: %s" % network.id)
vms = VirtualMachine.list(
self.apiclient,
id=virtual_machine.id,
listall=True
)
self.assertEqual(
isinstance(vms, list),
True,
"List Vms should return a valid list"
)
vm = vms[0]
self.assertEqual(
vm.state,
"Running",
"VM should be in running state after deployment"
)
self.logger.debug("Listing routers for network: %s" % network.name)
routers = Router.list(
self.apiclient,
networkid=network.id,
listall=True
)
self.assertEqual(
isinstance(routers, list),
True,
"list router should return Master and backup routers"
)
self.assertEqual(
len(routers),
2,
"Length of the list router should be 2 (Backup & master)"
)
self.logger.debug("Associating public IP for network: %s" % network.name)
public_ip = PublicIPAddress.create(
self.apiclient,
accountid=self.account.name,
zoneid=self.zone.id,
domainid=self.account.domainid,
networkid=network.id
)
self.logger.debug("Associated %s with network %s" % (
public_ip.ipaddress.ipaddress,
network.id
))
public_ips = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id
)
self.assertEqual(
isinstance(public_ips, list),
True,
"Check for list public IPs response return valid data"
)
public_ip_1 = public_ips[0]
self.logger.debug("Creating Firewall rule for VM ID: %s" % virtual_machine.id)
FireWallRule.create(
self.apiclient,
ipaddressid=public_ip_1.id,
protocol=self.services["natrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule"]["publicport"],
endport=self.services["natrule"]["publicport"]
)
self.logger.debug("Creating NAT rule for VM ID: %s" % virtual_machine.id)
nat_rule = NATRule.create(
self.apiclient,
virtual_machine,
self.services["natrule"],
public_ip_1.id
)
self.cleanup.insert(0, network)
self.cleanup.insert(0, virtual_machine)
result = 'failed'
try:
ssh_command = "ping -c 3 8.8.8.8"
ssh = virtual_machine.get_ssh_client(ipaddress=public_ip.ipaddress.ipaddress, retries=5)
self.logger.debug("Ping to google.com from VM")
result = str(ssh.execute(ssh_command))
self.logger.debug("SSH result: %s; COUNT is ==> %s" % (result, result.count("3 packets received")))
except:
self.fail("Failed to SSH into VM - %s" % (public_ip.ipaddress.ipaddress))
self.assertEqual(
result.count("3 packets received"),
1,
"Ping to outside world from VM should be successful"
)
return
def test_isolate_network_password_server(self):
"""Check the password file in the Router VM"""
self.logger.debug("Starting test_isolate_network_password_server...")
routers = list_routers(self.apiclient,
account=self.account.name,
domainid=self.account.domainid)
self.assertEqual(isinstance(routers, list), True,
"Check for list routers response return valid data")
self.assertNotEqual(len(routers), 0, "Check list router response")
router = routers[0]
self.assertEqual(router.state, 'Running',
"Check list router response for router state")
public_ips = list_publicIP(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id)
self.assertEqual(
isinstance(public_ips, list), True,
"Check for list public IPs response return valid data")
public_ip = public_ips[0]
self.logger.debug("Creating Firewall rule for VM ID: %s" %
self.vm_1.id)
FireWallRule.create(self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule1"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule1"]["publicport"],
endport=self.services["natrule1"]["publicport"])
self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_1.id)
# Create NAT rule
nat_rule1 = NATRule.create(self.apiclient, self.vm_1,
self.services["natrule1"], public_ip.id)
self.logger.debug("Creating Firewall rule for VM ID: %s" %
self.vm_2.id)
FireWallRule.create(self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule2"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule2"]["publicport"],
endport=self.services["natrule2"]["publicport"])
self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_2.id)
# Create NAT rule
nat_rule2 = NATRule.create(self.apiclient, self.vm_2,
self.services["natrule2"], public_ip.id)
nat_rules = list_nat_rules(self.apiclient, id=nat_rule1.id)
self.assertEqual(
isinstance(nat_rules, list), True,
"Check for list NAT rules response return valid data")
self.assertEqual(nat_rules[0].state, 'Active',
"Check list port forwarding rules")
nat_rules = list_nat_rules(self.apiclient, id=nat_rule2.id)
self.assertEqual(
isinstance(nat_rules, list), True,
"Check for list NAT rules response return valid data")
self.assertEqual(nat_rules[0].state, 'Active',
"Check list port forwarding rules")
self.test_ssh_command(self.vm_1, nat_rule1, "natrule1")
self.test_ssh_command(self.vm_2, nat_rule2, "natrule2")
self.test_password_file_not_empty(self.vm_1, router)
self.test_password_file_not_empty(self.vm_2, router)
return
def test_iptable_rules(self):
"""Test iptable rules in case we have IP associated with a network which is in
different pubic IP range from that of public IP range that has source NAT IP.
When IP is associated we should see a rule '-i eth3 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT' in FORWARD table.
When IP is dis-associated we should see a rule in the FORWARD table is deleted.
"""
# Validate the following:
# 1. Create a new public IP range and dedicate to a account
# 2. Acquire a IP from new public range
# 3. Create a firewall rule to open up the port, so that IP is associated with network
# 5. Login to VR and verify routing tables, there should be Table_eth3
# 6. Delete firewall rule, since its last IP, routing table Table_eth3 should be deleted
self.services["extrapubliciprange"]["zoneid"] = self.services["zoneid"]
self.public_ip_range = PublicIpRange.create(
self.apiclient,
self.services["extrapubliciprange"]
)
self.cleanup.append(self.public_ip_range)
logger.debug("Dedicating Public IP range to the account");
dedicate_public_ip_range_response = PublicIpRange.dedicate(
self.apiclient,
self.public_ip_range.vlan.id,
account=self.account.name,
domainid=self.account.domainid
)
ip_address = PublicIPAddress.create(
self.apiclient,
self.account.name,
self.zone.id,
self.account.domainid,
self.services["virtual_machine"]
)
self.cleanup.append(ip_address)
# Check if VM is in Running state before creating NAT and firewall rules
vm_response = VirtualMachine.list(
self.apiclient,
id=self.virtual_machine.id
)
self.assertEqual(
isinstance(vm_response, list),
True,
"Check list VM returns a valid list"
)
self.assertNotEqual(
len(vm_response),
0,
"Check Port Forwarding Rule is created"
)
self.assertEqual(
vm_response[0].state,
'Running',
"VM state should be Running before creating a NAT rule."
)
# Open up firewall port for SSH
firewall_rule = FireWallRule.create(
self.apiclient,
ipaddressid=ip_address.ipaddress.id,
protocol=self.services["natrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule"]["publicport"],
endport=self.services["natrule"]["publicport"]
)
self.cleanup.append(firewall_rule)
# Get the router details associated with account
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
)
router = routers[0]
if (self.hypervisor.lower() == 'vmware'
or self.hypervisor.lower() == 'hyperv'):
result = get_process_status(
self.apiclient.connection.mgtSvr,
22,
self.apiclient.connection.user,
self.apiclient.connection.passwd,
router.linklocalip,
'iptables -t filter -L FORWARD -v',
hypervisor=self.hypervisor
)
else:
hosts = list_hosts(
self.apiclient,
id=router.hostid,
)
self.assertEqual(
isinstance(hosts, list),
True,
"Check for list hosts response return valid data"
)
host = hosts[0]
host.user = self.hostConfig['username']
host.passwd = self.hostConfig['password']
try:
result = get_process_status(
host.ipaddress,
22,
host.user,
host.passwd,
router.linklocalip,
'iptables -t filter -L FORWARD -v'
)
except KeyError:
self.skipTest(
"Provide a marvin config file with host\
credentials to run %s" %
self._testMethodName)
logger.debug("iptables -t filter -L FORWARD -v: %s" % result)
res = str(result)
self.assertEqual(
res.count("eth3 eth0 anywhere anywhere state RELATED,ESTABLISHED"),
1,
"Check to ensure there is a iptable rule to accept the RELATED,ESTABLISHED traffic"
)
firewall_rule.delete(self.apiclient)
self.cleanup.remove(firewall_rule)
def test_static_nat_on_ip_from_non_src_nat_ip_range(self):
"""Test for static nat on a IP which is in pubic IP range different
from public IP range that has source NAT IP associated with network
"""
# Validate the following:
# 1. Create a new public IP range and dedicate to a account
# 2. Acquire a IP from new public range
# 3. Enable static NAT on acquired IP from new range
# 4. Create a firewall rule to open up the port
# 5. Test SSH works to the VM
self.services["extrapubliciprange"]["zoneid"] = self.services["zoneid"]
self.public_ip_range = PublicIpRange.create(
self.apiclient,
self.services["extrapubliciprange"]
)
self.cleanup.append(self.public_ip_range)
logger.debug("Dedicating Public IP range to the account");
dedicate_public_ip_range_response = PublicIpRange.dedicate(
self.apiclient,
self.public_ip_range.vlan.id,
account=self.account.name,
domainid=self.account.domainid
)
ip_address = PublicIPAddress.create(
self.apiclient,
self.account.name,
self.zone.id,
self.account.domainid,
self.services["virtual_machine"]
)
self.cleanup.append(ip_address)
# Check if VM is in Running state before creating NAT and firewall rules
vm_response = VirtualMachine.list(
self.apiclient,
id=self.virtual_machine.id
)
self.assertEqual(
isinstance(vm_response, list),
True,
"Check list VM returns a valid list"
)
self.assertNotEqual(
len(vm_response),
0,
"Check Port Forwarding Rule is created"
)
self.assertEqual(
vm_response[0].state,
'Running',
"VM state should be Running before creating a NAT rule."
)
# Open up firewall port for SSH
fwr = FireWallRule.create(
self.apiclient,
ipaddressid=ip_address.ipaddress.id,
protocol=self.services["natrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule"]["publicport"],
endport=self.services["natrule"]["publicport"]
)
self.cleanup.append(fwr)
# Create Static NAT rule
StaticNATRule.enable(
self.apiclient,
ip_address.ipaddress.id,
self.virtual_machine.id,
self.defaultNetworkId
)
try:
logger.debug("SSHing into VM with IP address %s with NAT IP %s" %
(
self.virtual_machine.ipaddress,
ip_address.ipaddress.ipaddress
))
self.virtual_machine.get_ssh_client(ip_address.ipaddress.ipaddress)
except Exception as e:
self.fail(
"SSH Access failed for %s: %s" %
(self.virtual_machine.ipaddress, e)
)
StaticNATRule.disable(
self.apiclient,
ip_address.ipaddress.id,
self.virtual_machine.id
)
def test_01_firewall_rules_port_fw(self):
""""Checking firewall rules deletion after static NAT disable"""
# Validate the following:
#1. Enable static NAT for a VM
#2. Open up some ports. At this point there will be new rows in the
# firewall_rules table.
#3. Disable static NAT for the VM.
#4. Check fire wall rules are deleted from firewall_rules table.
public_ip = self.public_ip.ipaddress
# Enable Static NAT for VM
StaticNATRule.enable(self.apiclient, public_ip.id,
self.virtual_machine.id)
self.debug("Enabled static NAT for public IP ID: %s" % public_ip.id)
#Create Static NAT rule, in fact it's firewall rule
nat_rule = StaticNATRule.create(self.apiclient,
self.services["firewall_rule"],
public_ip.id)
self.debug("Created Static NAT rule for public IP ID: %s" %
public_ip.id)
self.debug("Checking IP address")
ip_response = PublicIPAddress.list(self.apiclient, id=public_ip.id)
self.assertEqual(isinstance(ip_response, list), True,
"Check ip response returns a valid list")
self.assertNotEqual(len(ip_response), 0,
"Check static NAT Rule is created")
self.assertTrue(ip_response[0].isstaticnat,
"IP is not static nat enabled")
self.assertEqual(ip_response[0].virtualmachineid,
self.virtual_machine.id,
"IP is not binding with the VM")
self.debug("Checking Firewall rule")
firewall_response = FireWallRule.list(self.apiclient,
ipaddressid=public_ip.id,
listall=True)
self.assertEqual(isinstance(firewall_response, list), True,
"Check firewall response returns a valid list")
self.assertNotEqual(len(firewall_response), 0,
"Check firewall rule is created")
self.assertEqual(firewall_response[0].state, "Active",
"Firewall rule is not active")
self.assertEqual(firewall_response[0].ipaddressid, public_ip.id,
"Firewall rule is not static nat related")
self.assertEqual(firewall_response[0].startport,
str(self.services["firewall_rule"]["startport"]),
"Firewall rule is not with specific port")
self.debug("Removed the firewall rule")
nat_rule.delete(self.apiclient)
self.debug("Checking IP address, it should still existed")
ip_response = PublicIPAddress.list(self.apiclient, id=public_ip.id)
self.assertEqual(isinstance(ip_response, list), True,
"Check ip response returns a valid list")
self.assertNotEqual(len(ip_response), 0,
"Check static NAT Rule is created")
self.assertTrue(ip_response[0].isstaticnat,
"IP is not static nat enabled")
self.assertEqual(ip_response[0].virtualmachineid,
self.virtual_machine.id,
"IP is not binding with the VM")
self.debug("Checking Firewall rule, it should be removed")
firewall_response = FireWallRule.list(self.apiclient,
ipaddressid=public_ip.id,
listall=True)
self.assertEqual(isinstance(firewall_response, list), True,
"Check firewall response returns a valid list")
if len(firewall_response) != 0:
self.assertEqual(
firewall_response[0].state, "Deleting",
"Firewall rule should be deleted or in deleting state")
return
def test_create_network_with_snat(self):
"""Test to create a network with SourceNAT service only"""
# Validate the following
# 1. create a network offering with source nat service
# 2. create a network and deploy a vm within the network
# 3. deployment and network creation should be successful
# 4. attempt to create a fw rule. should fail since offering hasn't allowed it
# 5. try to ping out of the guest to www.google.com to check SourceNAT is working
self.account = Account.create(
self.apiclient,
self.services["account"],
admin=False,
domainid=self.domain.id
)
self.cleanup.append(self.account)
# Create a network offering VR and only SourceNAT service
self.debug(
"creating network offering with source NAT only"
)
self.network_offering = NetworkOffering.create(
self.apiclient,
self.services["network_offering_sourcenat"]
)
# Enable Network offering
self.network_offering.update(self.apiclient, state='Enabled')
self.debug("Created n/w offering with ID: %s" %
self.network_offering.id)
# Creating network using the network offering created
self.debug("Creating network with network offering: %s" %
self.network_offering.id)
self.network = Network.create(
self.apiclient,
self.services["network"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=self.network_offering.id,
zoneid=self.zone.id
)
self.debug("Created guest network with ID: %s within account %s" % (self.network.id, self.account.name))
self.debug("Deploying VM in account: %s on the network %s" % (self.account.name, self.network.id))
# Spawn an instance in that network
VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id,
networkids=[str(self.network.id)]
)
self.debug("Deployed VM in network: %s" % self.network.id)
src_nat_list = PublicIPAddress.list(
self.apiclient,
associatednetworkid=self.network.id,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
)
self.assertEqual(
isinstance(src_nat_list, list),
True,
"List Public IP should return a valid source NAT"
)
self.assertNotEqual(
len(src_nat_list),
0,
"Length of response from listPublicIp should not be 0"
)
src_nat = src_nat_list[0]
self.debug("Successfully implemented network with source NAT IP: %s" %
src_nat.ipaddress)
with self.assertRaises(Exception):
FireWallRule.create(
self.apiclient,
ipaddressid=src_nat.id,
protocol='TCP',
cidrlist=[self.services["fw_rule"]["cidr"]],
startport=self.services["fw_rule"]["startport"],
endport=self.services["fw_rule"]["endport"]
)
return
def test_01_isolate_network_FW_PF_default_routes_egress_true(self):
""" Test redundant router internals """
self.logger.debug(
"Starting test_01_isolate_network_FW_PF_default_routes_egress_true..."
)
network_offering_egress_true = get_default_isolated_network_offering_with_egress(
self.apiclient)
self.logger.debug("Creating Network with Network Offering ID %s" %
network_offering_egress_true.id)
network = Network.create(
self.apiclient,
self.services["network"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=network_offering_egress_true.id,
zoneid=self.zone.id)
self.logger.debug("Deploying Virtual Machine on Network %s" %
network.id)
virtual_machine = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
templateid=self.template.id,
accountid=self.account.name,
domainid=self.domain.id,
serviceofferingid=self.service_offering.id,
networkids=[str(network.id)])
self.logger.debug("Deployed VM in network: %s" % network.id)
self.cleanup.insert(0, network)
self.cleanup.insert(0, virtual_machine)
self.logger.debug(
"Starting test_isolate_network_FW_PF_default_routes...")
routers = list_routers(self.apiclient,
account=self.account.name,
domainid=self.account.domainid)
self.assertEqual(isinstance(routers, list), True,
"Check for list routers response return valid data")
self.assertNotEqual(len(routers), 0, "Check list router response")
router = routers[0]
self.assertEqual(router.state, 'Running',
"Check list router response for router state")
public_ips = list_public_ip(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id)
self.assertEqual(
isinstance(public_ips, list), True,
"Check for list public IPs response return valid data")
public_ip = public_ips[0]
self.logger.debug("Creating Firewall rule for VM ID: %s" %
virtual_machine.id)
FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule_ssh"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule_ssh"]["publicport"],
endport=self.services["natrule_ssh"]["publicport"])
self.logger.debug("Creating NAT rule for VM ID: %s" %
virtual_machine.id)
# Create NAT rule
nat_rule = NATRule.create(self.apiclient, virtual_machine,
self.services["natrule_ssh"], public_ip.id)
nat_rules = list_nat_rules(self.apiclient, id=nat_rule.id)
self.assertEqual(
isinstance(nat_rules, list), True,
"Check for list NAT rules response return valid data")
self.assertEqual(nat_rules[0].state, 'Active',
"Check list port forwarding rules")
# Test SSH after closing port 22
expected = 1
ssh_command = "ping -c 3 8.8.8.8"
check_string = "3 packets received"
result = self.check_router_command(virtual_machine, nat_rule.ipaddress,
ssh_command, check_string, self)
self.assertEqual(
result, expected,
"Ping to outside world from VM should be successful!")
expected = 1
ssh_command = self.HTTP_COMMAND
check_string = self.HTTP_CHECK_STRING
result = self.check_router_command(virtual_machine, nat_rule.ipaddress,
ssh_command, check_string, self)
self.assertEqual(result, expected, self.HTTP_ASSERT_SUCCESS_MESSAGE)
EgressFireWallRule.create(
self.apiclient,
networkid=network.id,
protocol=self.services["egress_443"]["protocol"],
startport=self.services["egress_443"]["startport"],
endport=self.services["egress_443"]["endport"],
cidrlist=self.services["egress_443"]["cidrlist"])
expected = 0
result = self.check_router_command(virtual_machine, nat_rule.ipaddress,
ssh_command, check_string, self)
self.assertEqual(result, expected, self.HTTP_ASSERT_FAILURE_MESSAGE)
return
def test_01_port_fwd_on_src_nat(self):
"""Test for port forwarding on source NAT"""
# Validate the following:
# 1. listPortForwarding rules API should return the added PF rule
# 2. attempt to do an ssh into the user VM through the sourceNAT
src_nat_ip_addrs = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid
)
self.assertEqual(
isinstance(src_nat_ip_addrs, list),
True,
"Check list response returns a valid list"
)
src_nat_ip_addr = src_nat_ip_addrs[0]
# Check if VM is in Running state before creating NAT rule
vm_response = VirtualMachine.list(
self.apiclient,
id=self.virtual_machine.id
)
self.assertEqual(
isinstance(vm_response, list),
True,
"Check list VM returns a valid list"
)
self.assertNotEqual(
len(vm_response),
0,
"Check Port Forwarding Rule is created"
)
self.assertEqual(
vm_response[0].state,
'Running',
"VM state should be Running before creating a NAT rule."
)
# Open up firewall port for SSH
FireWallRule.create(
self.apiclient,
ipaddressid=src_nat_ip_addr.id,
protocol=self.services["natrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule"]["publicport"],
endport=self.services["natrule"]["publicport"]
)
# Create NAT rule
nat_rule = NATRule.create(
self.apiclient,
self.virtual_machine,
self.services["natrule"],
src_nat_ip_addr.id
)
list_nat_rule_response = list_nat_rules(
self.apiclient,
id=nat_rule.id
)
self.assertEqual(
isinstance(list_nat_rule_response, list),
True,
"Check list response returns a valid list"
)
self.assertNotEqual(
len(list_nat_rule_response),
0,
"Check Port Forwarding Rule is created"
)
self.assertEqual(
list_nat_rule_response[0].id,
nat_rule.id,
"Check Correct Port forwarding Rule is returned"
)
# SSH virtual machine to test port forwarding
try:
logger.debug("SSHing into VM with IP address %s with NAT IP %s" %
(
self.virtual_machine.ipaddress,
src_nat_ip_addr.ipaddress
))
self.virtual_machine.get_ssh_client(src_nat_ip_addr.ipaddress)
vm_response = VirtualMachine.list(
self.apiclient,
id=self.virtual_machine.id
)
if vm_response[0].state != 'Running':
self.fail(
"State of VM : %s is not found to be Running" % str(
self.virtual_machine.ipaddress))
except Exception as e:
self.fail(
"SSH Access failed for %s: %s" %
(self.virtual_machine.ipaddress, e)
)
try:
nat_rule.delete(self.apiclient)
except Exception as e:
self.fail("NAT Rule Deletion Failed: %s" % e)
# NAT rule listing should fail as the nat rule does not exist
with self.assertRaises(Exception):
list_nat_rules(self.apiclient,
id=nat_rule.id)
# Check if the Public SSH port is inaccessible
with self.assertRaises(Exception):
logger.debug(
"SSHing into VM with IP address %s after NAT rule deletion" %
self.virtual_machine.ipaddress)
SshClient(
src_nat_ip_addr.ipaddress,
self.virtual_machine.ssh_port,
self.virtual_machine.username,
self.virtual_machine.password,
retries=2,
delay=0
)
return
def test_router_dhcphosts(self):
"""Check that the /etc/dhcphosts.txt doesn't contain duplicate IPs"""
self.logger.debug("Starting test_router_dhcphosts...")
routers = list_routers(self.apiclient,
account=self.account.name,
domainid=self.account.domainid)
self.assertEqual(isinstance(routers, list), True,
"Check for list routers response return valid data")
self.assertNotEqual(len(routers), 0, "Check list router response")
router = routers[0]
self.assertEqual(router.state, 'Running',
"Check list router response for router state")
public_ips = list_publicIP(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id)
self.assertEqual(
isinstance(public_ips, list), True,
"Check for list public IPs response return valid data")
public_ip = public_ips[0]
self.logger.debug("Creating Firewall rule for VM ID: %s" %
self.vm_1.id)
FireWallRule.create(self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule1"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule1"]["publicport"],
endport=self.services["natrule1"]["publicport"])
self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_1.id)
# Create NAT rule
nat_rule1 = NATRule.create(self.apiclient, self.vm_1,
self.services["natrule1"], public_ip.id)
self.logger.debug("Creating Firewall rule for VM ID: %s" %
self.vm_2.id)
FireWallRule.create(self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule2"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule2"]["publicport"],
endport=self.services["natrule2"]["publicport"])
self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_2.id)
# Create NAT rule
nat_rule2 = NATRule.create(self.apiclient, self.vm_2,
self.services["natrule2"], public_ip.id)
nat_rules = list_nat_rules(self.apiclient, id=nat_rule1.id)
self.assertEqual(
isinstance(nat_rules, list), True,
"Check for list NAT rules response return valid data")
self.assertEqual(nat_rules[0].state, 'Active',
"Check list port forwarding rules")
nat_rules = list_nat_rules(self.apiclient, id=nat_rule2.id)
self.assertEqual(
isinstance(nat_rules, list), True,
"Check for list NAT rules response return valid data")
self.assertEqual(nat_rules[0].state, 'Active',
"Check list port forwarding rules")
self.logger.debug("Testing SSH to VMs %s and %s" %
(self.vm_1.id, self.vm_2.id))
self.test_ssh_command(self.vm_1, nat_rule1, "natrule1")
self.test_ssh_command(self.vm_2, nat_rule2, "natrule2")
self.logger.debug("Testing DHCP hosts for VMs %s and %s" %
(self.vm_1.id, self.vm_2.id))
self.test_dhcphosts(self.vm_1, router)
self.test_dhcphosts(self.vm_2, router)
self.logger.debug("Deleting and Expunging VM %s with ip %s" %
(self.vm_1.id, self.vm_1.nic[0].ipaddress))
self.vm_1.delete(self.apiclient)
self.logger.debug(
"Creating new VM using the same IP as the one which was deleted => IP 10.1.1.50"
)
self.vm_1 = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
templateid=self.template.id,
accountid=self.account.name,
domainid=self.domain.id,
serviceofferingid=self.service_offering.id,
networkids=[str(self.network.id)],
ipaddress="10.1.1.50")
self.cleanup.append(self.vm_1)
self.logger.debug("Testing DHCP hosts for VMs %s and %s" %
(self.vm_1.id, self.vm_2.id))
self.test_dhcphosts(self.vm_1, router)
self.test_dhcphosts(self.vm_2, router)
return
def setUp(self):
self.apiclient = self.testClient.getApiClient()
self.services = self.testClient.getParsedTestDataConfig()
# Get Zone, Domain and templates
self.domain = get_domain(self.apiclient)
self.zone = get_zone(self.apiclient, self.testClient.getZoneForTests())
self.hypervisor = self.testClient.getHypervisorInfo()
template = get_test_template(
self.apiclient,
self.zone.id,
self.hypervisor
)
if template == FAILED:
self.fail("get_test_template() failed to return template")
self.services["virtual_machine"]["zoneid"] = self.zone.id
# Create an account, network, VM and IP addresses
self.account = Account.create(
self.apiclient,
self.services["account"],
admin=True,
domainid=self.domain.id
)
self.service_offering = ServiceOffering.create(
self.apiclient,
self.services["service_offerings"]["tiny"]
)
self.vm_1 = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
templateid=template.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id
)
# Wait for VM to come up
time.sleep(120)
src_nat_ip_addrs = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid
)
try:
src_nat_ip_addr = src_nat_ip_addrs[0]
except Exception as e:
raise Exception(
"Warning: Exception during fetching source NAT: %s" %
e)
self.public_ip = PublicIPAddress.create(
self.apiclient,
self.vm_1.account,
self.vm_1.zoneid,
self.vm_1.domainid,
self.services["virtual_machine"]
)
# Open up firewall port for SSH
FireWallRule.create(
self.apiclient,
ipaddressid=self.public_ip.ipaddress.id,
protocol=self.services["lbrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["lbrule"]["publicport"],
endport=self.services["lbrule"]["publicport"]
)
lb_rule = LoadBalancerRule.create(
self.apiclient,
self.services["lbrule"],
src_nat_ip_addr.id,
self.account.name
)
lb_rule.assign(self.apiclient, [self.vm_1])
self.nat_rule = NATRule.create(
self.apiclient,
self.vm_1,
self.services["natrule"],
ipaddressid=self.public_ip.ipaddress.id
)
self.cleanup = [self.nat_rule,
lb_rule,
self.vm_1,
self.service_offering,
self.account,
]
return
def test_02_port_fwd_on_non_src_nat(self):
"""Test for port forwarding on non source NAT"""
# Validate the following:
# 1. listPortForwardingRules should not return the deleted rule anymore
# 2. attempt to do ssh should now fail
ip_address = PublicIPAddress.create(
self.apiclient,
self.account.name,
self.zone.id,
self.account.domainid,
self.services["virtual_machine"]
)
self.cleanup.append(ip_address)
# Check if VM is in Running state before creating NAT rule
vm_response = VirtualMachine.list(
self.apiclient,
id=self.virtual_machine.id
)
self.assertEqual(
isinstance(vm_response, list),
True,
"Check list VM returns a valid list"
)
self.assertNotEqual(
len(vm_response),
0,
"Check Port Forwarding Rule is created"
)
self.assertEqual(
vm_response[0].state,
'Running',
"VM state should be Running before creating a NAT rule."
)
# Open up firewall port for SSH
FireWallRule.create(
self.apiclient,
ipaddressid=ip_address.ipaddress.id,
protocol=self.services["natrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule"]["publicport"],
endport=self.services["natrule"]["publicport"]
)
# Create NAT rule
nat_rule = NATRule.create(
self.apiclient,
self.virtual_machine,
self.services["natrule"],
ip_address.ipaddress.id
)
# Validate the following:
# 1. listPortForwardingRules should not return the deleted rule anymore
# 2. attempt to do ssh should now fail
list_nat_rule_response = list_nat_rules(
self.apiclient,
id=nat_rule.id
)
self.assertEqual(
isinstance(list_nat_rule_response, list),
True,
"Check list response returns a valid list"
)
self.assertNotEqual(
len(list_nat_rule_response),
0,
"Check Port Forwarding Rule is created"
)
self.assertEqual(
list_nat_rule_response[0].id,
nat_rule.id,
"Check Correct Port forwarding Rule is returned"
)
try:
self.debug("SSHing into VM with IP address %s with NAT IP %s" %
(
self.virtual_machine.ipaddress,
ip_address.ipaddress.ipaddress
))
self.virtual_machine.get_ssh_client(ip_address.ipaddress.ipaddress)
except Exception as e:
self.fail(
"SSH Access failed for %s: %s" %
(self.virtual_machine.ipaddress, e)
)
nat_rule.delete(self.apiclient)
try:
list_nat_rule_response = list_nat_rules(
self.apiclient,
id=nat_rule.id
)
except CloudstackAPIException:
self.debug("Nat Rule is deleted")
# Check if the Public SSH port is inaccessible
with self.assertRaises(Exception):
self.debug(
"SSHing into VM with IP address %s after NAT rule deletion" %
self.virtual_machine.ipaddress)
SshClient(
ip_address.ipaddress.ipaddress,
self.virtual_machine.ssh_port,
self.virtual_machine.username,
self.virtual_machine.password,
retries=2,
delay=0
)
return
def test_router_dhcp_opts(self):
"""Check that the /etc/dhcpopts.txt has entries for the"""
self.logger.debug("Starting test_router_dhcphosts...")
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
networkid=self.network1.id
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
self.assertNotEqual(
len(routers),
0,
"Check list router response"
)
network1_router = routers[0]
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
networkid=self.network2.id
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
self.assertNotEqual(
len(routers),
0,
"Check list router response"
)
network2_router = routers[0]
self.assertEqual(
network1_router.state,
'Running',
"Check list router response for router state"
)
self.assertEqual(
network2_router.state,
'Running',
"Check list router response for router state"
)
public_ips = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id,
associatednetworkid=self.network1.id
)
self.assertEqual(
isinstance(public_ips, list),
True,
"Check for list public IPs response return valid data"
)
network1_public_ip = public_ips[0]
public_ips = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id,
associatednetworkid=self.network2.id
)
self.assertEqual(
isinstance(public_ips, list),
True,
"Check for list public IPs response return valid data"
)
network2_public_ip = public_ips[0]
self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm_1.id)
FireWallRule.create(
self.apiclient,
ipaddressid=network1_public_ip.id,
protocol=self.services["natrule1"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule1"]["publicport"],
endport=self.services["natrule1"]["publicport"]
)
self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_1.id)
# Create NAT rule
nat_rule1 = NATRule.create(
self.apiclient,
self.vm_1,
self.services["natrule1"],
network1_public_ip.id
)
self.logger.debug("Creating Firewall rule for VM ID: %s" % self.vm_2.id)
FireWallRule.create(
self.apiclient,
ipaddressid=network2_public_ip.id,
protocol=self.services["natrule2"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule2"]["publicport"],
endport=self.services["natrule2"]["publicport"]
)
self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_2.id)
# Create NAT rule
nat_rule2 = NATRule.create(
self.apiclient,
self.vm_2,
self.services["natrule2"],
network2_public_ip.id
)
nat_rules = list_nat_rules(
self.apiclient,
id=nat_rule1.id
)
self.assertEqual(
isinstance(nat_rules, list),
True,
"Check for list NAT rules response return valid data"
)
self.assertEqual(
nat_rules[0].state,
'Active',
"Check list port forwarding rules"
)
nat_rules = list_nat_rules(
self.apiclient,
id=nat_rule2.id
)
self.assertEqual(
isinstance(nat_rules, list),
True,
"Check for list NAT rules response return valid data"
)
self.assertEqual(
nat_rules[0].state,
'Active',
"Check list port forwarding rules"
)
self.logger.debug("Testing DHCP options for VMs %s and %s" % (self.vm_1.id, self.vm_2.id))
self.test_dhcphopts(self.vm_2.nic[1].ipaddress, network1_router)
self.test_dhcphopts(self.vm_1.nic[0].ipaddress, network2_router)
return
def test_02_network_off_with_conserve_mode(self):
"""Test Network offering with Conserve mode ON and VR - All services
"""
# Validate the following
# 1. Create a Network from the above network offering and deploy a VM.
# 2. On source NAT ipaddress, we should be allowed to add a LB rules
# 3. On source NAT ipaddress, we should be allowed to add a PF rules
# 4. On source NAT ipaddress, we should be allowed to add a Firewall
# rules
# 5. On an ipaddress that has Lb rules, we should be allowed to
# program PF rules.
# 6. We should be allowed to program multiple PF rules on the same Ip
# address on different public ports.
# 7. We should be allowed to program multiple LB rules on the same Ip
# address for different public port ranges.
# 8. On source NAT ipaddress, we should be allowed to Enable VPN
# access.
# Create a network offering with all virtual router services enabled
self.debug(
"Creating n/w offering with all services in VR & conserve mode:off"
)
self.network_offering = NetworkOffering.create(
self.api_client,
self.services["network_offering"],
conservemode=True
)
self.cleanup.append(self.network_offering)
self.debug("Created n/w offering with ID: %s" %
self.network_offering.id)
# Enable Network offering
self.network_offering.update(self.apiclient, state='Enabled')
# Creating network using the network offering created
self.debug("Creating network with network offering: %s" %
self.network_offering.id)
self.network = Network.create(
self.apiclient,
self.services["network"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=self.network_offering.id,
zoneid=self.zone.id
)
self.debug("Created network with ID: %s" % self.network.id)
self.debug("Deploying VM in account: %s" % self.account.name)
# Spawn an instance in that network
virtual_machine = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id,
networkids=[str(self.network.id)]
)
self.debug("Deployed VM in network: %s" % self.network.id)
src_nat_list = PublicIPAddress.list(
self.apiclient,
associatednetworkid=self.network.id,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
)
self.assertEqual(
isinstance(src_nat_list, list),
True,
"List Public IP should return a valid source NAT"
)
self.assertNotEqual(
len(src_nat_list),
0,
"Length of response from listPublicIp should not be 0"
)
src_nat = src_nat_list[0]
self.debug("Trying to create LB rule on source NAT IP: %s" %
src_nat.ipaddress)
# Create Load Balancer rule with source NAT
lb_rule = LoadBalancerRule.create(
self.apiclient,
self.services["lbrule"],
ipaddressid=src_nat.id,
accountid=self.account.name
)
self.debug("Created LB rule on source NAT: %s" % src_nat.ipaddress)
lb_rules = LoadBalancerRule.list(
self.apiclient,
id=lb_rule.id
)
self.assertEqual(
isinstance(lb_rules, list),
True,
"List lb rules should return a valid lb rules"
)
self.assertNotEqual(
len(lb_rules),
0,
"Length of response from listLbRules should not be 0"
)
self.debug(
"Trying to create a port forwarding rule in source NAT: %s" %
src_nat.ipaddress)
#Create NAT rule
nat_rule = NATRule.create(
self.apiclient,
virtual_machine,
self.services["natrule"],
ipaddressid=src_nat.id
)
self.debug("Created PF rule on source NAT: %s" % src_nat.ipaddress)
nat_rules = NATRule.list(
self.apiclient,
id=nat_rule.id
)
self.assertEqual(
isinstance(nat_rules, list),
True,
"List NAT should return a valid port forwarding rules"
)
self.assertNotEqual(
len(nat_rules),
0,
"Length of response from listLbRules should not be 0"
)
self.debug("Creating firewall rule on source NAT: %s" %
src_nat.ipaddress)
#Create Firewall rule on source NAT
fw_rule = FireWallRule.create(
self.apiclient,
ipaddressid=src_nat.id,
protocol='TCP',
cidrlist=[self.services["fw_rule"]["cidr"]],
startport=self.services["fw_rule"]["startport"],
endport=self.services["fw_rule"]["endport"]
)
self.debug("Created firewall rule: %s" % fw_rule.id)
fw_rules = FireWallRule.list(
self.apiclient,
id=fw_rule.id
)
self.assertEqual(
isinstance(fw_rules, list),
True,
"List fw rules should return a valid firewall rules"
)
self.assertNotEqual(
len(fw_rules),
0,
"Length of fw rules response should not be zero"
)
self.debug("Associating public IP for network: %s" % self.network.id)
public_ip = PublicIPAddress.create(
self.apiclient,
accountid=self.account.name,
zoneid=self.zone.id,
domainid=self.account.domainid,
networkid=self.network.id
)
self.debug("Associated %s with network %s" % (
public_ip.ipaddress,
self.network.id
))
self.debug("Creating PF rule for IP address: %s" %
public_ip.ipaddress)
NATRule.create(
self.apiclient,
virtual_machine,
self.services["natrule"],
ipaddressid=public_ip.ipaddress.id
)
self.debug("Trying to create LB rule on IP with NAT: %s" %
public_ip.ipaddress)
# Create Load Balancer rule on IP already having NAT rule
lb_rule = LoadBalancerRule.create(
self.apiclient,
self.services["lbrule"],
ipaddressid=public_ip.ipaddress.id,
accountid=self.account.name
)
self.debug("Creating PF rule with public port: 66")
nat_rule = NATRule.create(
self.apiclient,
virtual_machine,
self.services["natrule_port_66"],
ipaddressid=public_ip.ipaddress.id
)
# Check if NAT rule created successfully
nat_rules = NATRule.list(
self.apiclient,
id=nat_rule.id
)
self.assertEqual(
isinstance(nat_rules, list),
True,
"List NAT rules should return valid list"
)
self.debug("Creating LB rule with public port: 2221")
lb_rule = LoadBalancerRule.create(
self.apiclient,
self.services["lbrule_port_2221"],
ipaddressid=public_ip.ipaddress.id,
accountid=self.account.name
)
# Check if NAT rule created successfully
lb_rules = LoadBalancerRule.list(
self.apiclient,
id=lb_rule.id
)
self.assertEqual(
isinstance(lb_rules, list),
True,
"List LB rules should return valid list"
)
# User should be able to enable VPN on source NAT
self.debug("Created VPN with source NAT IP: %s" % src_nat.ipaddress)
# Assign VPN to source NAT
Vpn.create(
self.apiclient,
src_nat.id,
account=self.account.name,
domainid=self.account.domainid
)
vpns = Vpn.list(
self.apiclient,
publicipid=src_nat.id,
listall=True,
)
self.assertEqual(
isinstance(vpns, list),
True,
"List VPNs should return a valid VPN list"
)
self.assertNotEqual(
len(vpns),
0,
"Length of list VPN response should not be zero"
)
return
def test_01_RouterStopCreatePF(self):
"""Test router stop create port forwarding
"""
# validate the following
# 1. wait for router to start, guest network to be implemented and
# VM to report Running
# 2. stopRouter for this account
# 3. wait for listRouters to report Router as 'Stopped'
# 4. listPublicIpAddresses account=user, domainid=1 - pick ipaddressid
# 5. createPortForwardingRule (ipaddressid from step 5.)
# a. for port 22 (ssh) for user VM deployed in step 1.
# b. public port 22 , private port 22
# 6. startRouter stopped for this account
# 7. wait for listRouters to show router as Running
# Get router details associated for that account
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
self.assertNotEqual(
len(routers),
0,
"Check list router response"
)
router = routers[0]
self.debug("Stopping router ID: %s" % router.id)
# Stop the router
cmd = stopRouter.stopRouterCmd()
cmd.id = router.id
self.apiclient.stopRouter(cmd)
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
router = routers[0]
self.assertEqual(
router.state,
'Stopped',
"Check list router response for router state"
)
public_ips = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id
)
self.assertEqual(
isinstance(public_ips, list),
True,
"Check for list public IPs response return valid data"
)
public_ip = public_ips[0]
# Open up firewall port for SSH
FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule"]["publicport"],
endport=self.services["natrule"]["publicport"]
)
self.debug("Creating NAT rule for VM ID: %s" % self.vm_1.id)
# Create NAT rule
nat_rule = NATRule.create(
self.apiclient,
self.vm_1,
self.services["natrule"],
public_ip.id
)
self.debug("Starting router ID: %s" % router.id)
# Start the router
cmd = startRouter.startRouterCmd()
cmd.id = router.id
self.apiclient.startRouter(cmd)
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
router = routers[0]
self.assertEqual(
router.state,
'Running',
"Check list router response for router state"
)
# NAT Rule should be in Active state after router start
nat_rules = list_nat_rules(
self.apiclient,
id=nat_rule.id
)
self.assertEqual(
isinstance(nat_rules, list),
True,
"Check for list NAT rules response return valid data"
)
self.assertEqual(
nat_rules[0].state,
'Active',
"Check list port forwarding rules"
)
try:
self.debug("SSH into VM with ID: %s" % nat_rule.ipaddress)
self.vm_1.get_ssh_client(
ipaddress=nat_rule.ipaddress,
port=self.services["natrule"]["publicport"])
except Exception as e:
self.fail(
"SSH Access failed for %s: %s" %
(nat_rule.ipaddress, e)
)
return
def test_01_positive_tests_vm_operations_advanced_zone(self, value):
""" Positive tests for VMLC test path - Advanced Zone
# 1. List created service offering in setUpClass by name
# 2. List registered template with name
# 3. Create VM in account
# 4. Enable networking for reaching to VM thorugh SSH
# 5. Check VM accessibility through SSH
# 6. Stop vm and verify vm is not accessible
# 7. Start vm and verify vm is not accessible
# 8. Reboot vm and verify vm is not accessible
# 9. Destroy and recover VM
# 10. Change service offering of VM to a different service offering
# 11. Verify that the cpuspeed, cpunumber and memory of VM matches to
# as specified in new service offering
# 12. Start VM and verify VM accessibility
# 13. Find suitable host for VM to migrate and migrate the VM
# 14. Verify VM accessibility on new host
"""
# List created service offering in setUpClass by name
listServiceOfferings = ServiceOffering.list(
self.apiclient, name=self.service_offering_1.name, listall=True)
self.assertEqual(
validateList(listServiceOfferings)[0], PASS,
"List validation failed for service offerings list")
self.assertEqual(
listServiceOfferings[0].name, self.service_offering_1.name,
"Names of created service offering\
and listed service offering not matching")
# List registered template with name
listTemplates = Template.list(self.userapiclient,
templatefilter="self",
name=self.template.name,
listall=True,
zone=self.zone.id)
self.assertEqual(
validateList(listTemplates)[0], PASS,
"List validation failed for templates list")
self.assertEqual(
listTemplates[0].name, self.template.name,
"Names of created template and listed template\
not matching")
network = CreateNetwork(self, value)
# Create VM in account
self.virtual_machine = VirtualMachine.create(
self.userapiclient,
self.testdata["small"],
templateid=self.template.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering_1.id,
networkids=[
network.id,
],
zoneid=self.zone.id)
self.cleanup.append(self.virtual_machine)
publicip = PublicIPAddress.create(self.userapiclient,
accountid=self.account.name,
zoneid=self.zone.id,
domainid=self.account.domainid,
networkid=network.id,
vpcid=self.vpcid)
if value == VPC_NETWORK:
lb_rule = LoadBalancerRule.create(
self.apiclient,
self.testdata["vpclbrule"],
ipaddressid=publicip.ipaddress.id,
accountid=self.account.name,
domainid=self.account.domainid,
networkid=network.id,
vpcid=self.vpcid)
lb_rule.assign(self.apiclient, [self.virtual_machine])
# Opening up the ports in VPC
NetworkACL.create(self.apiclient,
networkid=network.id,
services=self.testdata["natrule"],
traffictype='Ingress')
elif value == ISOLATED_NETWORK:
FireWallRule.create(self.userapiclient,
ipaddressid=publicip.ipaddress.id,
protocol='TCP',
cidrlist=[self.testdata["fwrule"]["cidr"]],
startport=self.testdata["fwrule"]["startport"],
endport=self.testdata["fwrule"]["endport"])
NATRule.create(self.userapiclient,
self.virtual_machine,
self.testdata["natrule"],
ipaddressid=publicip.ipaddress.id,
networkid=network.id)
# Check VM accessibility
try:
SshClient(host=publicip.ipaddress.ipaddress,
port=22,
user=self.virtual_machine.username,
passwd=self.virtual_machine.password)
except Exception as e:
self.fail("Exception while SSHing to VM: %s" % e)
# Stop VM and verify VM is not accessible
self.virtual_machine.stop(self.userapiclient)
with self.assertRaises(Exception):
SshClient(host=publicip.ipaddress.ipaddress,
port=22,
user=self.virtual_machine.username,
passwd=self.virtual_machine.password,
retries=0)
# Start VM and verify that it is accessible
self.virtual_machine.start(self.userapiclient)
try:
SshClient(host=publicip.ipaddress.ipaddress,
port=22,
user=self.virtual_machine.username,
passwd=self.virtual_machine.password)
except Exception as e:
self.fail("Exception while SSHing to VM: %s" % e)
# Reboot VM and verify that it is accessible
self.virtual_machine.reboot(self.userapiclient)
try:
SshClient(host=publicip.ipaddress.ipaddress,
port=22,
user=self.virtual_machine.username,
passwd=self.virtual_machine.password)
except Exception as e:
self.fail("Exception while SSHing to VM: %s" % e)
# Destroy and recover VM
self.virtual_machine.delete(self.apiclient, expunge=False)
self.virtual_machine.recover(self.apiclient)
# Change service offering of VM and verify that it is changed
self.virtual_machine.change_service_offering(
self.userapiclient, serviceOfferingId=self.service_offering_2.id)
VerifyChangeInServiceOffering(self, self.virtual_machine,
self.service_offering_2)
# Start VM and verify that it is accessible
self.virtual_machine.start(self.userapiclient)
try:
SshClient(host=publicip.ipaddress.ipaddress,
port=22,
user=self.virtual_machine.username,
passwd=self.virtual_machine.password)
except Exception as e:
self.fail("Exception while SSHing to VM: %s" % e)
return
def test_01_positive_tests_vm_operations_advanced_zone(self, value):
""" Positive tests for VMLC test path - Advanced Zone
# 1. List created service offering in setUpClass by name
# 2. List registered template with name
# 3. Create VM in account
# 4. Enable networking for reaching to VM thorugh SSH
# 5. Check VM accessibility through SSH
# 6. Stop vm and verify vm is not accessible
# 7. Start vm and verify vm is not accessible
# 8. Reboot vm and verify vm is not accessible
# 9. Destroy and recover VM
# 10. Change service offering of VM to a different service offering
# 11. Verify that the cpuspeed, cpunumber and memory of VM matches to
# as specified in new service offering
# 12. Start VM and verify VM accessibility
# 13. Find suitable host for VM to migrate and migrate the VM
# 14. Verify VM accessibility on new host
"""
# List created service offering in setUpClass by name
listServiceOfferings = ServiceOffering.list(
self.apiclient,
name=self.service_offering_1.name,
listall=True
)
self.assertEqual(validateList(listServiceOfferings)[0], PASS,
"List validation failed for service offerings list")
self.assertEqual(listServiceOfferings[0].name,
self.service_offering_1.name,
"Names of created service offering\
and listed service offering not matching")
# List registered template with name
listTemplates = Template.list(
self.userapiclient,
templatefilter="self",
name=self.template.name,
listall=True,
zone=self.zone.id)
self.assertEqual(validateList(listTemplates)[0], PASS,
"List validation failed for templates list")
self.assertEqual(listTemplates[0].name, self.template.name,
"Names of created template and listed template\
not matching")
network = CreateNetwork(self, value)
# Create VM in account
self.virtual_machine = VirtualMachine.create(
self.userapiclient,
self.testdata["small"],
templateid=self.template.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering_1.id,
networkids=[network.id, ],
zoneid=self.zone.id
)
self.cleanup.append(self.virtual_machine)
publicip = PublicIPAddress.create(
self.userapiclient, accountid=self.account.name,
zoneid=self.zone.id, domainid=self.account.domainid,
networkid=network.id, vpcid=self.vpcid
)
if value == VPC_NETWORK:
lb_rule = LoadBalancerRule.create(
self.apiclient,
self.testdata["vpclbrule"],
ipaddressid=publicip.ipaddress.id,
accountid=self.account.name,
domainid=self.account.domainid,
networkid=network.id,
vpcid=self.vpcid
)
lb_rule.assign(self.apiclient, [self.virtual_machine])
# Opening up the ports in VPC
NetworkACL.create(
self.apiclient,
networkid=network.id,
services=self.testdata["natrule"],
traffictype='Ingress'
)
elif value == ISOLATED_NETWORK:
FireWallRule.create(
self.userapiclient,
ipaddressid=publicip.ipaddress.id,
protocol='TCP',
cidrlist=[self.testdata["fwrule"]["cidr"]],
startport=self.testdata["fwrule"]["startport"],
endport=self.testdata["fwrule"]["endport"]
)
NATRule.create(
self.userapiclient,
self.virtual_machine,
self.testdata["natrule"],
ipaddressid=publicip.ipaddress.id,
networkid=network.id
)
# Check VM accessibility
try:
SshClient(host=publicip.ipaddress.ipaddress,
port=22,
user=self.virtual_machine.username,
passwd=self.virtual_machine.password)
except Exception as e:
self.fail("Exception while SSHing to VM: %s" % e)
# Stop VM and verify VM is not accessible
self.virtual_machine.stop(self.userapiclient)
with self.assertRaises(Exception):
SshClient(host=publicip.ipaddress.ipaddress,
port=22,
user=self.virtual_machine.username,
passwd=self.virtual_machine.password,
retries=0)
# Start VM and verify that it is accessible
self.virtual_machine.start(self.userapiclient)
try:
SshClient(host=publicip.ipaddress.ipaddress,
port=22,
user=self.virtual_machine.username,
passwd=self.virtual_machine.password)
except Exception as e:
self.fail("Exception while SSHing to VM: %s" % e)
# Reboot VM and verify that it is accessible
self.virtual_machine.reboot(self.userapiclient)
try:
SshClient(host=publicip.ipaddress.ipaddress,
port=22,
user=self.virtual_machine.username,
passwd=self.virtual_machine.password)
except Exception as e:
self.fail("Exception while SSHing to VM: %s" % e)
# Destroy and recover VM
self.virtual_machine.delete(self.apiclient, expunge=False)
self.virtual_machine.recover(self.apiclient)
# Change service offering of VM and verify that it is changed
self.virtual_machine.change_service_offering(
self.userapiclient,
serviceOfferingId=self.service_offering_2.id
)
VerifyChangeInServiceOffering(self,
self.virtual_machine,
self.service_offering_2)
# Start VM and verify that it is accessible
self.virtual_machine.start(self.userapiclient)
try:
SshClient(host=publicip.ipaddress.ipaddress,
port=22,
user=self.virtual_machine.username,
passwd=self.virtual_machine.password)
except Exception as e:
self.fail("Exception while SSHing to VM: %s" % e)
return
def test_01_RouterStopCreateLB(self):
"""Test router stop create Load balancing
"""
# validate the following
# 1. listLoadBalancerRules (publicipid=ipaddressid of source NAT)
# 2. rule should be for port 22 as applied and
# should be in state=Active
# 3. ssh access should be allowed to the userVMs over the source NAT IP
# and port 22
# Get router details associated for that account
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
self.assertNotEqual(
len(routers),
0,
"Check list router response"
)
router = routers[0]
self.debug("Stopping router with ID: %s" % router.id)
# Stop the router
cmd = stopRouter.stopRouterCmd()
cmd.id = router.id
self.apiclient.stopRouter(cmd)
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
router = routers[0]
self.assertEqual(
router.state,
'Stopped',
"Check list router response for router state"
)
public_ips = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid
)
self.assertEqual(
isinstance(public_ips, list),
True,
"Check for list public IPs response return valid data"
)
public_ip = public_ips[0]
# Open up firewall port for SSH
FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["lbrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["lbrule"]["publicport"],
endport=self.services["lbrule"]["publicport"]
)
self.debug("Creating LB rule for public IP: %s" % public_ip.id)
# Create Load Balancer rule and assign VMs to rule
lb_rule = LoadBalancerRule.create(
self.apiclient,
self.services["lbrule"],
public_ip.id,
accountid=self.account.name
)
self.debug("Assigning VM %s to LB rule: %s" % (
self.vm_1.id,
lb_rule.id
))
lb_rule.assign(self.apiclient, [self.vm_1])
# Start the router
cmd = startRouter.startRouterCmd()
cmd.id = router.id
self.apiclient.startRouter(cmd)
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
)
self.assertEqual(
isinstance(routers, list),
True,
"Check for list routers response return valid data"
)
router = routers[0]
self.assertEqual(
router.state,
'Running',
"Check list router response for router state"
)
# After router start, LB RUle should be in Active state
lb_rules = list_lb_rules(
self.apiclient,
id=lb_rule.id
)
self.assertEqual(
isinstance(lb_rules, list),
True,
"Check for list LB rules response return valid data"
)
self.assertEqual(
lb_rules[0].state,
'Active',
"Check list load balancing rules"
)
self.assertEqual(
lb_rules[0].publicport,
str(self.services["lbrule"]["publicport"]),
"Check list load balancing rules"
)
try:
self.debug("SSH into VM with IP: %s" % public_ip.ipaddress)
self.vm_1.ssh_port = self.services["lbrule"]["publicport"]
self.vm_1.get_ssh_client(public_ip.ipaddress)
except Exception as e:
self.fail(
"SSH Access failed for %s: %s" %
(self.vm_1.ipaddress, e)
)
return
def test_router_dhcp_opts(self):
"""Check that the /etc/dhcpopts.txt has entries for the"""
self.logger.debug("Starting test_router_dhcphosts...")
routers = list_routers(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
networkid=self.network1.id)
self.assertEqual(isinstance(routers, list), True,
"Check for list routers response return valid data")
self.assertNotEqual(len(routers), 0, "Check list router response")
network1_router = routers[0]
routers = list_routers(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
networkid=self.network2.id)
self.assertEqual(isinstance(routers, list), True,
"Check for list routers response return valid data")
self.assertNotEqual(len(routers), 0, "Check list router response")
network2_router = routers[0]
self.assertEqual(network1_router.state, 'Running',
"Check list router response for router state")
self.assertEqual(network2_router.state, 'Running',
"Check list router response for router state")
public_ips = list_publicIP(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id,
associatednetworkid=self.network1.id)
self.assertEqual(
isinstance(public_ips, list), True,
"Check for list public IPs response return valid data")
network1_public_ip = public_ips[0]
public_ips = list_publicIP(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id,
associatednetworkid=self.network2.id)
self.assertEqual(
isinstance(public_ips, list), True,
"Check for list public IPs response return valid data")
network2_public_ip = public_ips[0]
self.logger.debug("Creating Firewall rule for VM ID: %s" %
self.vm_1.id)
FireWallRule.create(self.apiclient,
ipaddressid=network1_public_ip.id,
protocol=self.services["natrule1"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule1"]["publicport"],
endport=self.services["natrule1"]["publicport"])
self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_1.id)
# Create NAT rule
nat_rule1 = NATRule.create(self.apiclient, self.vm_1,
self.services["natrule1"],
network1_public_ip.id)
self.logger.debug("Creating Firewall rule for VM ID: %s" %
self.vm_2.id)
FireWallRule.create(self.apiclient,
ipaddressid=network2_public_ip.id,
protocol=self.services["natrule2"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule2"]["publicport"],
endport=self.services["natrule2"]["publicport"])
self.logger.debug("Creating NAT rule for VM ID: %s" % self.vm_2.id)
# Create NAT rule
nat_rule2 = NATRule.create(self.apiclient, self.vm_2,
self.services["natrule2"],
network2_public_ip.id)
nat_rules = list_nat_rules(self.apiclient, id=nat_rule1.id)
self.assertEqual(
isinstance(nat_rules, list), True,
"Check for list NAT rules response return valid data")
self.assertEqual(nat_rules[0].state, 'Active',
"Check list port forwarding rules")
nat_rules = list_nat_rules(self.apiclient, id=nat_rule2.id)
self.assertEqual(
isinstance(nat_rules, list), True,
"Check for list NAT rules response return valid data")
self.assertEqual(nat_rules[0].state, 'Active',
"Check list port forwarding rules")
self.logger.debug("Testing DHCP options for VMs %s and %s" %
(self.vm_1.id, self.vm_2.id))
self.test_dhcphopts(self.vm_2.nic[1].ipaddress, network1_router)
self.test_dhcphopts(self.vm_1.nic[0].ipaddress, network2_router)
return
def test_01_RVR_Network_FW_PF_SSH_default_routes_egress_true(self):
""" Test redundant router internals """
self.logger.debug(
"Starting test_01_RVR_Network_FW_PF_SSH_default_routes_egress_true..."
)
network_offering_egress_true = get_default_redundant_isolated_network_offering_with_egress(
self.apiclient)
self.logger.debug("Creating network with network offering: %s" %
network_offering_egress_true.id)
network = Network.create(
self.apiclient,
self.services["network"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=network_offering_egress_true.id,
zoneid=self.zone.id)
self.logger.debug("Created network with ID: %s" % network.id)
networks = Network.list(self.apiclient, id=network.id, listall=True)
self.assertEqual(
isinstance(networks, list), True,
"List networks should return a valid response for created network")
self.logger.debug("Deploying VM in account: %s" % self.account.name)
virtual_machine = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
templateid=self.template.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id,
networkids=[str(network.id)])
self.logger.debug("Deployed VM in network: %s" % network.id)
self.cleanup.insert(0, network)
self.cleanup.insert(0, virtual_machine)
vms = VirtualMachine.list(self.apiclient,
id=virtual_machine.id,
listall=True)
self.assertEqual(isinstance(vms, list), True,
"List Vms should return a valid list")
vm = vms[0]
self.assertEqual(vm.state, "Running",
"VM should be in running state after deployment")
self.logger.debug("Listing routers for network: %s" % network.name)
routers = Router.list(self.apiclient,
networkid=network.id,
listall=True)
self.assertEqual(
isinstance(routers, list), True,
"list router should return Master and backup routers")
self.assertEqual(
len(routers), 2,
"Length of the list router should be 2 (Backup & master)")
public_ips = list_public_ip(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id)
public_ip = public_ips[0]
self.assertEqual(
isinstance(public_ips, list), True,
"Check for list public IPs response return valid data")
self.logger.debug("Creating Firewall rule for VM ID: %s" %
virtual_machine.id)
FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule_ssh"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule_ssh"]["publicport"],
endport=self.services["natrule_ssh"]["publicport"])
self.logger.debug("Creating NAT rule for VM ID: %s" %
virtual_machine.id)
nat_rule = NATRule.create(self.apiclient, virtual_machine,
self.services["natrule_ssh"], public_ip.id)
# Test SSH after closing port 22
expected = 1
ssh_command = "ping -c 3 8.8.8.8"
check_string = "3 packets received"
result = self.check_router_command(virtual_machine, nat_rule.ipaddress,
ssh_command, check_string, self)
self.assertEqual(
result, expected,
"Ping to outside world from VM should be successful!")
expected = 1
ssh_command = self.HTTP_COMMAND
check_string = self.HTTP_CHECK_STRING
result = self.check_router_command(virtual_machine, nat_rule.ipaddress,
ssh_command, check_string, self)
self.assertEqual(result, expected, self.HTTP_ASSERT_SUCCESS_MESSAGE)
EgressFireWallRule.create(
self.apiclient,
networkid=network.id,
protocol=self.services["egress_443"]["protocol"],
startport=self.services["egress_443"]["startport"],
endport=self.services["egress_443"]["endport"],
cidrlist=self.services["egress_443"]["cidrlist"])
expected = 0
result = self.check_router_command(virtual_machine, nat_rule.ipaddress,
ssh_command, check_string, self)
self.assertEqual(result, expected, self.HTTP_ASSERT_FAILURE_MESSAGE)
return
def test_01_port_fwd_on_src_nat(self):
"""Test for port forwarding on source NAT"""
# Validate the following:
# 1. listPortForwarding rules API should return the added PF rule
# 2. attempt to do an ssh into the user VM through the sourceNAT
src_nat_ip_addrs = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid
)
self.assertEqual(
isinstance(src_nat_ip_addrs, list),
True,
"Check list response returns a valid list"
)
src_nat_ip_addr = src_nat_ip_addrs[0]
# Check if VM is in Running state before creating NAT rule
vm_response = VirtualMachine.list(
self.apiclient,
id=self.virtual_machine.id
)
self.assertEqual(
isinstance(vm_response, list),
True,
"Check list VM returns a valid list"
)
self.assertNotEqual(
len(vm_response),
0,
"Check Port Forwarding Rule is created"
)
self.assertEqual(
vm_response[0].state,
'Running',
"VM state should be Running before creating a NAT rule."
)
# Open up firewall port for SSH
FireWallRule.create(
self.apiclient,
ipaddressid=src_nat_ip_addr.id,
protocol=self.services["natrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule"]["publicport"],
endport=self.services["natrule"]["publicport"]
)
# Create NAT rule
nat_rule = NATRule.create(
self.apiclient,
self.virtual_machine,
self.services["natrule"],
src_nat_ip_addr.id
)
list_nat_rule_response = list_nat_rules(
self.apiclient,
id=nat_rule.id
)
self.assertEqual(
isinstance(list_nat_rule_response, list),
True,
"Check list response returns a valid list"
)
self.assertNotEqual(
len(list_nat_rule_response),
0,
"Check Port Forwarding Rule is created"
)
self.assertEqual(
list_nat_rule_response[0].id,
nat_rule.id,
"Check Correct Port forwarding Rule is returned"
)
# SSH virtual machine to test port forwarding
try:
self.debug("SSHing into VM with IP address %s with NAT IP %s" %
(
self.virtual_machine.ipaddress,
src_nat_ip_addr.ipaddress
))
self.virtual_machine.get_ssh_client(src_nat_ip_addr.ipaddress)
vm_response = VirtualMachine.list(
self.apiclient,
id=self.virtual_machine.id
)
if vm_response[0].state != 'Running':
self.fail(
"State of VM : %s is not found to be Running" % str(
self.virtual_machine.ipaddress))
except Exception as e:
self.fail(
"SSH Access failed for %s: %s" %
(self.virtual_machine.ipaddress, e)
)
try:
nat_rule.delete(self.apiclient)
except Exception as e:
self.fail("NAT Rule Deletion Failed: %s" % e)
# NAT rule listing should fail as the nat rule does not exist
with self.assertRaises(Exception):
list_nat_rules(self.apiclient,
id=nat_rule.id)
# Check if the Public SSH port is inaccessible
with self.assertRaises(Exception):
self.debug(
"SSHing into VM with IP address %s after NAT rule deletion" %
self.virtual_machine.ipaddress)
SshClient(
src_nat_ip_addr.ipaddress,
self.virtual_machine.ssh_port,
self.virtual_machine.username,
self.virtual_machine.password
)
return
def test_01_RouterStopCreateLB(self):
"""Test router stop create Load balancing
"""
# validate the following
# 1. listLoadBalancerRules (publicipid=ipaddressid of source NAT)
# 2. rule should be for port 22 as applied and
# should be in state=Active
# 3. ssh access should be allowed to the userVMs over the source NAT IP
# and port 22
# Get router details associated for that account
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
)
self.assertEqual(isinstance(routers, list), True,
"Check for list routers response return valid data")
self.assertNotEqual(len(routers), 0, "Check list router response")
router = routers[0]
self.debug("Stopping router with ID: %s" % router.id)
# Stop the router
cmd = stopRouter.stopRouterCmd()
cmd.id = router.id
self.apiclient.stopRouter(cmd)
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
)
self.assertEqual(isinstance(routers, list), True,
"Check for list routers response return valid data")
router = routers[0]
self.assertEqual(router.state, 'Stopped',
"Check list router response for router state")
public_ips = list_publicIP(self.apiclient,
account=self.account.name,
domainid=self.account.domainid)
self.assertEqual(
isinstance(public_ips, list), True,
"Check for list public IPs response return valid data")
public_ip = public_ips[0]
# Open up firewall port for SSH
FireWallRule.create(self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["lbrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["lbrule"]["publicport"],
endport=self.services["lbrule"]["publicport"])
self.debug("Creating LB rule for public IP: %s" % public_ip.id)
# Create Load Balancer rule and assign VMs to rule
lb_rule = LoadBalancerRule.create(self.apiclient,
self.services["lbrule"],
public_ip.id,
accountid=self.account.name)
self.debug("Assigning VM %s to LB rule: %s" %
(self.vm_1.id, lb_rule.id))
lb_rule.assign(self.apiclient, [self.vm_1])
# Start the router
cmd = startRouter.startRouterCmd()
cmd.id = router.id
self.apiclient.startRouter(cmd)
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
)
self.assertEqual(isinstance(routers, list), True,
"Check for list routers response return valid data")
router = routers[0]
self.assertEqual(router.state, 'Running',
"Check list router response for router state")
# After router start, LB RUle should be in Active state
lb_rules = list_lb_rules(self.apiclient, id=lb_rule.id)
self.assertEqual(isinstance(lb_rules, list), True,
"Check for list LB rules response return valid data")
self.assertEqual(lb_rules[0].state, 'Active',
"Check list load balancing rules")
self.assertEqual(lb_rules[0].publicport,
str(self.services["lbrule"]["publicport"]),
"Check list load balancing rules")
try:
self.debug("SSH into VM with IP: %s" % public_ip.ipaddress)
self.vm_1.ssh_port = self.services["lbrule"]["publicport"]
self.vm_1.get_ssh_client(public_ip.ipaddress)
except Exception as e:
self.fail("SSH Access failed for %s: %s" %
(self.vm_1.ipaddress, e))
return
def setUp(self):
self.apiclient = self.testClient.getApiClient()
self.services = self.testClient.getParsedTestDataConfig()
# Get Zone, Domain and templates
self.domain = get_domain(self.apiclient)
self.zone = get_zone(self.apiclient, self.testClient.getZoneForTests())
template = get_template(
self.apiclient,
self.zone.id,
self.services["ostype"]
)
if template == FAILED:
self.fail(
"get_template() failed to return template with description %s" %
self.services["ostype"])
self.services["virtual_machine"]["zoneid"] = self.zone.id
# Create an account, network, VM and IP addresses
self.account = Account.create(
self.apiclient,
self.services["account"],
admin=True,
domainid=self.domain.id
)
self.service_offering = ServiceOffering.create(
self.apiclient,
self.services["service_offerings"]
)
self.vm_1 = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
templateid=template.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id
)
# Wait for VM to come up
time.sleep(120)
src_nat_ip_addrs = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid
)
try:
src_nat_ip_addr = src_nat_ip_addrs[0]
except Exception as e:
raise Exception(
"Warning: Exception during fetching source NAT: %s" %
e)
self.public_ip = PublicIPAddress.create(
self.apiclient,
self.vm_1.account,
self.vm_1.zoneid,
self.vm_1.domainid,
self.services["virtual_machine"]
)
# Open up firewall port for SSH
FireWallRule.create(
self.apiclient,
ipaddressid=self.public_ip.ipaddress.id,
protocol=self.services["lbrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["lbrule"]["publicport"],
endport=self.services["lbrule"]["publicport"]
)
lb_rule = LoadBalancerRule.create(
self.apiclient,
self.services["lbrule"],
src_nat_ip_addr.id,
self.account.name
)
lb_rule.assign(self.apiclient, [self.vm_1])
self.nat_rule = NATRule.create(
self.apiclient,
self.vm_1,
self.services["natrule"],
ipaddressid=self.public_ip.ipaddress.id
)
self.cleanup = [self.nat_rule,
lb_rule,
self.vm_1,
self.service_offering,
self.account,
]
return
def test_07_associate_public_ip(self):
"""Test associate public IP within the project
"""
# Validate the following
# 1. Create a project
# 2. Add some public Ips to the project
# 3. Verify public IP assigned can only used to create PF/LB rules
# inside project
networks = Network.list(self.apiclient, projectid=self.project.id, listall=True)
self.assertEqual(isinstance(networks, list), True, "Check list networks response returns a valid response")
self.assertNotEqual(len(networks), 0, "Check list networks response returns a valid network")
network = networks[0]
self.debug("Associating public IP for project: %s" % self.project.id)
public_ip = PublicIPAddress.create(
self.apiclient,
zoneid=self.virtual_machine.zoneid,
services=self.services["server"],
networkid=network.id,
projectid=self.project.id,
)
self.cleanup.append(public_ip)
# Create NAT rule
self.debug("Creating a NAT rule within project, VM ID: %s" % self.virtual_machine.id)
nat_rule = NATRule.create(
self.apiclient,
self.virtual_machine,
self.services["natrule"],
public_ip.ipaddress.id,
projectid=self.project.id,
)
self.debug("created a NAT rule with ID: %s" % nat_rule.id)
nat_rule_response = NATRule.list(self.apiclient, id=nat_rule.id)
self.assertEqual(isinstance(nat_rule_response, list), True, "Check list response returns a valid list")
self.assertNotEqual(len(nat_rule_response), 0, "Check Port Forwarding Rule is created")
self.assertEqual(nat_rule_response[0].id, nat_rule.id, "Check Correct Port forwarding Rule is returned")
# Create Load Balancer rule and assign VMs to rule
self.debug("Created LB rule for public IP: %s" % public_ip.ipaddress)
lb_rule = LoadBalancerRule.create(
self.apiclient, self.services["lbrule"], public_ip.ipaddress.id, projectid=self.project.id
)
self.debug("Assigning VM: %s to LB rule: %s" % (self.virtual_machine.name, lb_rule.id))
lb_rule.assign(self.apiclient, [self.virtual_machine])
lb_rules = list_lb_rules(self.apiclient, id=lb_rule.id)
self.assertEqual(isinstance(lb_rules, list), True, "Check list response returns a valid list")
# verify listLoadBalancerRules lists the added load balancing rule
self.assertNotEqual(len(lb_rules), 0, "Check Load Balancer Rule in its List")
self.assertEqual(lb_rules[0].id, lb_rule.id, "Check List Load Balancer Rules returns valid Rule")
# Create Firewall rule with configurations from settings file
fw_rule = FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.ipaddress.id,
protocol="TCP",
cidrlist=[self.services["fw_rule"]["cidr"]],
startport=self.services["fw_rule"]["startport"],
endport=self.services["fw_rule"]["endport"],
projectid=self.project.id,
)
self.debug("Created firewall rule: %s" % fw_rule.id)
# After Router start, FW rule should be in Active state
fw_rules = FireWallRule.list(self.apiclient, id=fw_rule.id)
self.assertEqual(isinstance(fw_rules, list), True, "Check for list FW rules response return valid data")
self.assertEqual(fw_rules[0].state, "Active", "Check list load balancing rules")
self.assertEqual(
fw_rules[0].startport, str(self.services["fw_rule"]["startport"]), "Check start port of firewall rule"
)
self.assertEqual(
fw_rules[0].endport, str(self.services["fw_rule"]["endport"]), "Check end port of firewall rule"
)
self.debug("Deploying VM for account: %s" % self.account.name)
virtual_machine_1 = VirtualMachine.create(
self.apiclient,
self.services["server"],
templateid=self.template.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id,
)
self.cleanup.append(virtual_machine_1)
self.debug("VM state after deploy: %s" % virtual_machine_1.state)
# Verify VM state
self.assertEqual(virtual_machine_1.state, "Running", "Check VM state is Running or not")
self.debug("Creating NAT rule for VM (ID: %s) outside project" % virtual_machine_1.id)
with self.assertRaises(Exception):
NATRule.create(self.apiclient, virtual_machine_1, self.services["natrule"], public_ip.ipaddress.id)
self.debug("Creating LB rule for public IP: %s outside project" % public_ip.ipaddress)
with self.assertRaises(Exception):
LoadBalancerRule.create(
self.apiclient, self.services["lbrule"], public_ip.ipaddress.id, accountid=self.account.name
)
return
def test_01_RouterStopCreatePF(self):
"""Test router stop create port forwarding
"""
# validate the following
# 1. wait for router to start, guest network to be implemented and
# VM to report Running
# 2. stopRouter for this account
# 3. wait for listRouters to report Router as 'Stopped'
# 4. listPublicIpAddresses account=user, domainid=1 - pick ipaddressid
# 5. createPortForwardingRule (ipaddressid from step 5.)
# a. for port 22 (ssh) for user VM deployed in step 1.
# b. public port 22 , private port 22
# 6. startRouter stopped for this account
# 7. wait for listRouters to show router as Running
# Get router details associated for that account
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
)
self.assertEqual(isinstance(routers, list), True,
"Check for list routers response return valid data")
self.assertNotEqual(len(routers), 0, "Check list router response")
router = routers[0]
self.debug("Stopping router ID: %s" % router.id)
# Stop the router
cmd = stopRouter.stopRouterCmd()
cmd.id = router.id
self.apiclient.stopRouter(cmd)
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
)
self.assertEqual(isinstance(routers, list), True,
"Check for list routers response return valid data")
router = routers[0]
self.assertEqual(router.state, 'Stopped',
"Check list router response for router state")
public_ips = list_publicIP(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id)
self.assertEqual(
isinstance(public_ips, list), True,
"Check for list public IPs response return valid data")
public_ip = public_ips[0]
# Open up firewall port for SSH
FireWallRule.create(self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule"]["publicport"],
endport=self.services["natrule"]["publicport"])
self.debug("Creating NAT rule for VM ID: %s" % self.vm_1.id)
# Create NAT rule
nat_rule = NATRule.create(self.apiclient, self.vm_1,
self.services["natrule"], public_ip.id)
self.debug("Starting router ID: %s" % router.id)
# Start the router
cmd = startRouter.startRouterCmd()
cmd.id = router.id
self.apiclient.startRouter(cmd)
routers = list_routers(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id)
self.assertEqual(isinstance(routers, list), True,
"Check for list routers response return valid data")
router = routers[0]
self.assertEqual(router.state, 'Running',
"Check list router response for router state")
# NAT Rule should be in Active state after router start
nat_rules = list_nat_rules(self.apiclient, id=nat_rule.id)
self.assertEqual(
isinstance(nat_rules, list), True,
"Check for list NAT rules response return valid data")
self.assertEqual(nat_rules[0].state, 'Active',
"Check list port forwarding rules")
try:
self.debug("SSH into VM with ID: %s" % nat_rule.ipaddress)
self.vm_1.get_ssh_client(
ipaddress=nat_rule.ipaddress,
port=self.services["natrule"]["publicport"])
except Exception as e:
self.fail("SSH Access failed for %s: %s" % (nat_rule.ipaddress, e))
return
def test_02_RVR_Network_FW_PF_SSH_default_routes_egress_false(self):
""" Test redundant router internals """
self.logger.debug("Starting test_02_RVR_Network_FW_PF_SSH_default_routes_egress_false...")
self.logger.debug("Creating Network Offering with default egress FALSE")
network_offering_egress_false = NetworkOffering.create(
self.apiclient,
self.services["nw_off_persistent_RVR_egress_false"],
conservemode=True
)
network_offering_egress_false.update(self.api_client, state='Enabled')
self.logger.debug("Creating network with network offering: %s" % network_offering_egress_false.id)
network = Network.create(
self.apiclient,
self.services["network"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=network_offering_egress_false.id,
zoneid=self.zone.id
)
self.logger.debug("Created network with ID: %s" % network.id)
networks = Network.list(
self.apiclient,
id=network.id,
listall=True
)
self.assertEqual(
isinstance(networks, list),
True,
"List networks should return a valid response for created network"
)
nw_response = networks[0]
self.logger.debug("Deploying VM in account: %s" % self.account.name)
virtual_machine = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
templateid=self.template.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id,
networkids=[str(network.id)]
)
self.logger.debug("Deployed VM in network: %s" % network.id)
self.cleanup.insert(0, network_offering_egress_false)
self.cleanup.insert(0, network)
self.cleanup.insert(0, virtual_machine)
vms = VirtualMachine.list(
self.apiclient,
id=virtual_machine.id,
listall=True
)
self.assertEqual(
isinstance(vms, list),
True,
"List Vms should return a valid list"
)
vm = vms[0]
self.assertEqual(
vm.state,
"Running",
"VM should be in running state after deployment"
)
self.logger.debug("Listing routers for network: %s" % network.name)
routers = Router.list(
self.apiclient,
networkid=network.id,
listall=True
)
self.assertEqual(
isinstance(routers, list),
True,
"list router should return Master and backup routers"
)
self.assertEqual(
len(routers),
2,
"Length of the list router should be 2 (Backup & master)"
)
public_ips = list_publicIP(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
zoneid=self.zone.id
)
self.assertEqual(
isinstance(public_ips, list),
True,
"Check for list public IPs response return valid data"
)
public_ip = public_ips[0]
self.logger.debug("Creating Firewall rule for VM ID: %s" % virtual_machine.id)
FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.id,
protocol=self.services["natrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule"]["publicport"],
endport=self.services["natrule"]["publicport"]
)
self.logger.debug("Creating NAT rule for VM ID: %s" % virtual_machine.id)
nat_rule = NATRule.create(
self.apiclient,
virtual_machine,
self.services["natrule"],
public_ip.id
)
expected = 0
ssh_command = "ping -c 3 8.8.8.8"
check_string = " 0% packet loss"
result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self)
self.assertEqual(
result,
expected,
"Ping to outside world from VM should NOT be successful"
)
expected = 0
ssh_command = "wget -t 1 -T 1 www.google.com"
check_string = "HTTP request sent, awaiting response... 200 OK"
result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self)
self.assertEqual(
result,
expected,
"Attempt to retrieve google.com index page should NOT be successful"
)
EgressFireWallRule.create(
self.apiclient,
networkid=network.id,
protocol=self.services["egress_80"]["protocol"],
startport=self.services["egress_80"]["startport"],
endport=self.services["egress_80"]["endport"],
cidrlist=self.services["egress_80"]["cidrlist"]
)
EgressFireWallRule.create(
self.apiclient,
networkid=network.id,
protocol=self.services["egress_53"]["protocol"],
startport=self.services["egress_53"]["startport"],
endport=self.services["egress_53"]["endport"],
cidrlist=self.services["egress_53"]["cidrlist"]
)
expected = 1
ssh_command = "wget -t 1 -T 5 www.google.com"
check_string = "HTTP request sent, awaiting response... 200 OK"
result = check_router_command(virtual_machine, nat_rule.ipaddress, ssh_command, check_string, self)
self.assertEqual(
result,
expected,
"Attempt to retrieve google.com index page should be successful once rule is added!"
)
return
def test_01_RouterStopCreateFW(self):
"""Test router stop create Firewall rule
"""
# validate the following
# 1. 1. listFirewallRules (filter by ipaddressid of sourcenat)
# 2. rule should be for ports 1-600 and in state=Active
# (optional backend)
# 3. verify on router using iptables -t nat -nvx if rules are applied
# Get the router details associated with account
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
)
self.assertEqual(isinstance(routers, list), True,
"Check for list routers response return valid data")
self.assertNotEqual(len(routers), 0, "Check list router response")
router = routers[0]
self.debug("Stopping the router: %s" % router.id)
# Stop the router
cmd = stopRouter.stopRouterCmd()
cmd.id = router.id
self.apiclient.stopRouter(cmd)
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
)
self.assertEqual(isinstance(routers, list), True,
"Check for list routers response return valid data")
router = routers[0]
self.assertEqual(router.state, 'Stopped',
"Check list router response for router state")
public_ips = list_publicIP(self.apiclient,
account=self.account.name,
domainid=self.account.domainid)
self.assertEqual(
isinstance(public_ips, list), True,
"Check for list public IP response return valid data")
public_ip = public_ips[0]
# Create Firewall rule with configurations from settings file
fw_rule = FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.id,
protocol='TCP',
cidrlist=[self.services["fwrule"]["cidr"]],
startport=self.services["fwrule"]["startport"],
endport=self.services["fwrule"]["endport"])
self.debug("Created firewall rule: %s" % fw_rule.id)
self.debug("Starting the router: %s" % router.id)
# Start the router
cmd = startRouter.startRouterCmd()
cmd.id = router.id
self.apiclient.startRouter(cmd)
routers = list_routers(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
)
self.assertEqual(isinstance(routers, list), True,
"Check for list routers response return valid data")
router = routers[0]
self.assertEqual(router.state, 'Running',
"Check list router response for router state")
# After Router start, FW rule should be in Active state
fw_rules = list_firewall_rules(
self.apiclient,
id=fw_rule.id,
)
self.assertEqual(isinstance(fw_rules, list), True,
"Check for list FW rules response return valid data")
self.assertEqual(fw_rules[0].state, 'Active',
"Check list load balancing rules")
self.assertEqual(fw_rules[0].startport,
str(self.services["fwrule"]["startport"]),
"Check start port of firewall rule")
self.assertEqual(fw_rules[0].endport,
str(self.services["fwrule"]["endport"]),
"Check end port of firewall rule")
# For DNS and DHCP check 'dnsmasq' process status
if (self.hypervisor.lower() == 'vmware'
or self.hypervisor.lower() == 'hyperv'):
result = get_process_status(self.apiclient.connection.mgtSvr,
22,
self.apiclient.connection.user,
self.apiclient.connection.passwd,
router.linklocalip,
'iptables -t nat -L',
hypervisor=self.hypervisor)
else:
hosts = list_hosts(
self.apiclient,
id=router.hostid,
)
self.assertEqual(
isinstance(hosts, list), True,
"Check for list hosts response return valid data")
host = hosts[0]
host.user = self.services["configurableData"]["host"]["username"]
host.passwd = self.services["configurableData"]["host"]["password"]
try:
result = get_process_status(host.ipaddress, 22, host.user,
host.passwd, router.linklocalip,
'iptables -t nat -L')
except KeyError:
self.skipTest("Provide a marvin config file with host\
credentials to run %s" % self._testMethodName)
self.debug("iptables -t nat -L: %s" % result)
self.debug("Public IP: %s" % public_ip.ipaddress)
res = str(result)
self.assertEqual(res.count(str(public_ip.ipaddress)), 1,
"Check public IP address")
return
def test_vpc_network_bcf(self):
"""Test VPC workflow with BigSwitch BCF plugin
1. Create a VPC with three networks
2. Create one VM on each of the three networks
3. Add firewall rule to make virtual router pingable
4. Test ping to virtual router public IP
5. Add static NAT to vm_1, with firewall rule to allow ssh
6. Add NAT rule to allow ping between net1 and net2
7. Ssh to vm_1, ping vm_2 private address, should succeed
8. continue ... ping vm_3 private address, should fail
9. continue ... ping Internet, should succeed
"""
self.debug("STEP 1: Creating VPC with VPC offering: %s" %
self.vpc_offering.id)
vpc = VPC.create(
self.apiclient,
self.services["vpc"],
accountid=self.account.name,
domainid=self.account.domainid,
vpcofferingid=self.vpc_offering.id,
zoneid=self.zone.id
)
self.debug("Created VPC with ID: %s" % self.vpc.id)
# Creating network using the vpc network offering created
self.debug("Creating networks with vpc network offering: %s" %
self.vpc_network_offering.id)
net1 = Network.create(
self.apiclient,
self.services["vpc_network"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=self.vpc_network_offering.id,
zoneid=self.zone.id,
gateway="10.0.100.1",
vpcid=vpc.id
)
self.debug("Created network with ID: %s" % net1.id)
net2 = Network.create(
self.apiclient,
self.services["vpc_network"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=self.vpc_network_offering.id,
zoneid=self.zone.id,
gateway="10.0.101.1",
vpcid=vpc.id
)
self.debug("Created network with ID: %s" % net2.id)
net3 = Network.create(
self.apiclient,
self.services["vpc_network"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=self.vpc_network_offering.id,
zoneid=self.zone.id,
gateway="10.0.102.0",
vpcid=vpc.id
)
self.debug("Created network with ID: %s" % net3.id)
self.debug("STEP 2: Deploying VMs in networks")
vm_1 = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id,
networkids=[ str(net1.id), ]
)
self.debug("Deployed VM in network: %s" % net1.id)
list_vm_response = VirtualMachine.list(
self.apiclient,
id=vm_1.id
)
self.debug(
"Verify listVirtualMachines response for virtual machine: %s" \
% vm_1.id
)
self.assertEqual(
isinstance(list_vm_response, list),
True,
"Check list response returns a valid list"
)
vm_response = list_vm_response[0]
self.assertEqual(
vm_response.state,
"Running",
"VM state should be running after deployment"
)
vm_2 = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id,
networkids=[ str(net2.id), ]
)
self.debug("Deployed VM in network: %s" % net2.id)
list_vm_response = VirtualMachine.list(
self.apiclient,
id=vm_2.id
)
self.debug(
"Verify listVirtualMachines response for virtual machine: %s" \
% vm_2.id
)
self.assertEqual(
isinstance(list_vm_response, list),
True,
"Check list response returns a valid list"
)
vm_response = list_vm_response[0]
self.assertEqual(
vm_response.state,
"Running",
"VM state should be running after deployment"
)
vm_3 = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id,
networkids=[ str(net3.id), ]
)
self.debug("Deployed VM in network: %s" % net3.id)
list_vm_response = VirtualMachine.list(
self.apiclient,
id=vm_3.id
)
self.debug(
"Verify listVirtualMachines response for virtual machine: %s" \
% vm_3.id
)
self.assertEqual(
isinstance(list_vm_response, list),
True,
"Check list response returns a valid list"
)
vm_response = list_vm_response[0]
self.assertEqual(
vm_response.state,
"Running",
"VM state should be running after deployment"
)
self.debug("STEP 3: Add FW rule to allow source nat ping")
src_nat_list = PublicIPAddress.list(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
vpcid=vpc.id
)
self.assertEqual(
isinstance(src_nat_list, list),
True,
"List Public IP should return a valid source NAT"
)
self.assertNotEqual(
len(src_nat_list),
0,
"Length of response from listPublicIp should not be 0"
)
src_nat = src_nat_list[0]
#Create Firewall rules on source NAT
fw_rule_icmp = FireWallRule.create(
self.apiclient,
ipaddressid=src_nat.id,
protocol='ICMP',
cidrlist=["0.0.0.0/0",]
)
self.debug("Created firewall rule: %s" % fw_rule_icmp.id)
self.debug("STEP 4: Trying to ping source NAT %s" % src_nat.ipaddress)
# User should be able to ping router via source nat ip
try:
self.debug("Trying to ping source NAT %s" % src_nat.ipaddress)
result = subprocess.call(
['ping', '-c 1', src_nat.ipaddress])
self.debug("Ping result: %s" % result)
# if ping successful, then result should be 0
self.assertEqual(
result,
0,
"Check if ping is successful or not"
)
except Exception as e:
self.fail("Ping failed for source NAT %s (%s)"
% (src_nat.ipaddress, e))
self.debug("STEP 5: Add static NAT to vm_1 with FW rule to allow SSH")
floating_ip_1 = PublicIPAddress.create(
self.apiclient,
accountid=self.account.name,
zoneid=self.zone.id,
domainid=self.account.domainid,
networkid=net1.id,
vpcid=vpc.id
)
self.debug("Associated %s with network %s" % (
floating_ip_1.ipaddress,
net1.id
)
)
NATRule.create(
self.apiclient,
vm_1,
self.services["natrule"],
ipaddressid=floating_ip_1.ipaddress.id,
openfirewall=False,
networkid=net1.id,
vpcid=vpc.id
)
# Should be able to SSH vm_1 via static nat, then ping vm_2 & Internet
try:
self.debug("STEP 6: SSH into vm_1: %s" % floating_ip_1)
ssh = vm_1.get_ssh_client(
ipaddress=floating_ip_1.ipaddress.ipaddress
)
# self.debug("Ping vm_2 at %s" % vm_2.ipaddress)
# Ping to outsite world
# res_1 = ssh.execute("ping -c 1 %s" % vm_2.ipaddress)
# self.debug("Ping to google.com from VM")
# Ping to outsite world
# res_2 = ssh.execute("ping -c 1 www.google.com")
# res = 64 bytes from maa03s17-in-f20.1e100.net (74.125.236.212):
# icmp_req=1 ttl=57 time=25.9 ms
# --- www.l.google.com ping statistics ---
# 1 packets transmitted, 1 received, 0% packet loss, time 0ms
# rtt min/avg/max/mdev = 25.970/25.970/25.970/0.000 ms
except Exception as e:
self.fail("SSH Access failed: %s" % e)
# self.debug("ping result1: %s" % res_1);
# self.debug("ping result2: %s" % res_2);
# result1 = str(res_1)
# self.assertEqual(
# result1.count("1 received"),
# 1,
# "Ping vm_2 from vm_1 should be successful"
# )
# result2 = str(res_2)
# self.assertEqual(
# result2.count("1 received"),
# 1,
# "Ping Internet from vm_1 should be successful"
# )
# Deleting two test VMs
VirtualMachine.delete(vm_1, self.apiclient, expunge=True)
VirtualMachine.delete(vm_2, self.apiclient, expunge=True)
# Delete Network
Network.delete(self.network, self.apiclient)
return
