Esempio n. 1
0
def test_connect(client_library: ClientLibrary):
    lab = client_library.create_lab("my lab name")
    lab = client_library.join_existing_lab(lab.id)

    lab.auto_sync = False

    s1 = lab.create_node("s1", "server", 50, 100)
    s2 = lab.create_node("s2", "server", 50, 200)
    print(s1, s2)

    # create a link between s1 and s2
    s1_i1 = s1.create_interface()
    s2_i1 = s2.create_interface()
    lab.create_link(s1_i1, s2_i1)

    # this must remove the link between s1 and s2
    lab.remove_node(s2)

    lab.sync_states()
    for node in lab.nodes():
        print(node, node.state)
        for iface in node.interfaces():
            print(iface, iface.state)

    assert [link for link in lab.links() if link.state is not None] == []
def get_testbed(lab, host, user, passwd):
    client_library = ClientLibrary("https://" + host,
                                   user,
                                   passwd,
                                   ssl_verify=False)
    lab = client_library.join_existing_lab(args.lab)
    return lab.get_pyats_testbed()
Esempio n. 3
0
def stop_wipe_and_remove_all_labs(client_library: ClientLibrary):
    lab_list = client_library.get_lab_list()
    for lab_id in lab_list:
        lab = client_library.join_existing_lab(lab_id)
        lab.stop()
        lab.wipe()
        client_library.remove_lab(lab_id)
    def __init__(self, cml_controller, base_config_dir):
        self.__base_config_dir = base_config_dir

        ssl_cert = False

        if "CA_BUNDLE" in os.environ:
            ssl_cert = os.environ["CA_BUNDLE"]

        # Create a client and use the environment to provide the username, password, and CA bundle
        self.__client = ClientLibrary(cml_controller, ssl_verify=ssl_cert)
Esempio n. 5
0
def test_sending_requests_without_auth_token(controller_url: str):
    client_library = ClientLibrary(controller_url,
                                   username="******",
                                   password="******",
                                   ssl_verify=False,
                                   allow_http=True)

    # it probably won't be a common case to override `auth` by ClientLibrary users
    # but missing auth token may happen when using API directly via HTTP:
    client_library.session.auth = None
    with pytest.raises(requests.exceptions.HTTPError) as exc:
        client_library.create_lab()
    exc.match('401 Client Error: Unauthorized for url')
Esempio n. 6
0
def test_lab_details(client_library: ClientLibrary):
    lab = client_library.create_lab("lab_1")

    s1 = lab.create_node("s1", "server", 5, 100)
    s2 = lab.create_node("s2", "server", 102, 201)

    s1_iface = lab.create_interface(s1, 2)
    s2_iface = lab.create_interface(s2, 2)
    lab.create_link(s1_iface, s2_iface)

    expected_keys = (
        "state",
        "created",
        "lab_title",
        "lab_description",
        "node_count",
        "link_count",
        "id",
    )

    details = lab.details()
    assert all(k in details.keys() for k in expected_keys)
    assert details["node_count"] == 2
    assert details["link_count"] == 1
    assert details["state"] == "DEFINED_ON_CORE"
Esempio n. 7
0
def test_lab_state(client_library: ClientLibrary):
    lab = client_library.create_lab("lab_1")

    s1 = lab.create_node("s1", "server", 5, 100)
    s2 = lab.create_node("s2", "server", 102, 201)

    s1_iface = lab.create_interface(s1, 2)
    s2_iface = lab.create_interface(s2, 2)
    lab.create_link(s1_iface, s2_iface)

    state = lab.state()
    assert state == "DEFINED_ON_CORE"

    lab.start()
    state = lab.state()
    assert state == "STARTED"

    assert lab.is_active()

    lab.stop()
    state = lab.state()
    assert state == "STOPPED"

    lab.wipe()
    state = lab.state()
    assert state == "DEFINED_ON_CORE"
Esempio n. 8
0
def get_cml_client(server, ignore=False):
    """
    Helper function to get a consistent CML client library object
    """

    ssl_verify = not ignore
    # The virl2_client library warns about some stuff which can be confusing.
    # This eliminates the warnings, but the level is reset back to the current level
    # Before returning.
    logger = logging.getLogger("virl2_client.virl2_client")
    level = logger.getEffectiveLevel()
    logger.setLevel(logging.ERROR)

    if not ignore and "CML_VERIFY_CERT" in server.config:
        if server.config["CML_VERIFY_CERT"].lower() == "false":
            ssl_verify = False
        else:
            ssl_verify = server.config["CML_VERIFY_CERT"]

    # Remove VIRL2 envvars if they exist.  These would conflict with the virlutils config.
    os.environ.pop("VIRL2_USER", None)
    os.environ.pop("VIRL2_PASS", None)
    os.environ.pop("VIRL2_URL", None)

    client = ClientLibrary(server.host,
                           server.user,
                           server.passwd,
                           raise_for_auth_failure=True,
                           ssl_verify=ssl_verify)
    logger.setLevel(level)

    return client
Esempio n. 9
0
def test_server_node_deletion(client_library: ClientLibrary):
    lab = client_library.create_lab("lab_1")

    lab.auto_sync = False

    s1 = lab.create_node("s1", "server", 5, 100)
    s2 = lab.create_node("s2", "server", 102, 201)

    s1_iface = lab.create_interface(s1, 2)
    s2_iface = lab.create_interface(s2, 2)
    lab.create_link(s1_iface, s2_iface)

    lab.start()

    s3 = lab.create_node("s3", "server", 200, 400)
    s3_iface = lab.create_interface(s3)

    s2.stop()

    lab.create_link(s2.interfaces()[0], s3_iface)

    lab.start()

    # can't remove node while running
    with pytest.raises(requests.exceptions.HTTPError) as exc:
        lab.remove_node(s3)
    assert exc.value.response.status_code == 403

    # need to stop and wipe to be able to remove node.
    s3.stop()
    s3.wipe()
    lab.remove_node(s3)
Esempio n. 10
0
    def print_labs(self):
        """
        Get list of labs from CML2 server and print it formatted on console.

        :raises requests.exceptions.HTTPError: if there was a transport error
        """

        cl = ClientLibrary(url="https://" + self._cmlnetkitconfig.host,
                           username=self._cmlnetkitconfig.username,
                           password=self._cmlnetkitconfig.password,
                           ssl_verify=self._cmlnetkitconfig.ssl_verify)
        cl.wait_for_lld_connected()
        labs = cl.all_labs()
        print('\nLab ID\tLab Title')
        for lab in labs:
            print(lab.id + '\t' + lab.title)
Esempio n. 11
0
def test_node_with_unavailable_vnc(client_library: ClientLibrary):
    lab = client_library.create_lab("lab_111")
    node = lab.create_node("s1", "unmanaged_switch", 5, 100)
    lab.start()
    assert lab.state() == "STARTED"
    with pytest.raises(requests.exceptions.HTTPError) as err:
        node.vnc_key()
    assert err.value.response.status_code == 404
Esempio n. 12
0
    def lab_upload(self):
        """
        Upload topology from the self.lab_conf class variable to CML2 server as a new lab, except if
        'dry run' mode is active.

        :raises requests.exceptions.HTTPError: if there was a transport error
        """
        if self._cmlnetkitconfig.dry_run is True:
            print("Dry Run mode: No changes applied to CML2 server")
            return

        cl = ClientLibrary(url="https://" + self._cmlnetkitconfig.host,
                           username=self._cmlnetkitconfig.username,
                           password=self._cmlnetkitconfig.password,
                           ssl_verify=self._cmlnetkitconfig.ssl_verify)
        cl.wait_for_lld_connected()
        self.lab_conf = cl.import_lab(topology=yaml.dump(self.lab_conf),
                                      title=self.lab_conf["lab"]["title"])
Esempio n. 13
0
def test_sync_lab(register_licensing, client_library: ClientLibrary):
    lab = client_library.create_lab("my test lab name")
    lab = client_library.join_existing_lab(lab.id)

    r1 = lab.create_node("r1", "server", 5, 100)
    r2 = lab.create_node("r2", "server", 102, 201)
    r3 = lab.create_node("r3", "server", 200, 400)
    # print(r1, r2, r3)

    r1.x = 400
    r1.label = "abc"

    r1_i1 = r1.create_interface()
    r1_i2 = r1.create_interface()

    r2_i1 = r2.create_interface()
    r2_i2 = r2.create_interface()

    r3_i1 = r3.create_interface()
    r3_i2 = r3.create_interface()

    #
    lab.create_link(r1_i1, r2_i1)
    lab.create_link(r2_i2, r3_i1)
    lab.create_link(r3_i2, r1_i2)

    r1.start()
    r2.start()
    r3.start()

    # lab.stop()
    r1.stop()
    r2.stop()
    r3.stop()

    # lab.remove_link(link_1)
    # lab.remove_link(link_2)
    # lab.remove_link(link_3)
    # lab.remove_node(r1)
    # lab.remove_node(r2)
    # lab.remove_node(r3)

    # TODO: wait for convergence here
    lab.stop()
def test_link_conditioning(register_licensing,
                           client_library_keep_labs: ClientLibrary):
    lab = client_library_keep_labs.create_lab()

    alpine = lab.create_node("alpine-0", "alpine", 0, 0)
    ums = lab.create_node("unmanaged-switch-0", "unmanaged_switch", 100, 0)
    ext = lab.create_node("ext", "external_connector", 200, 0)

    lab.connect_two_nodes(alpine, ums)
    lab.connect_two_nodes(ums, ext)

    lab.start(wait=True)

    alpine = lab.get_node_by_label("alpine-0")
    ums = lab.get_node_by_label("unmanaged-switch-0")
    link = lab.get_link_by_nodes(alpine, ums)

    pylab = ClPyats(lab)
    pylab.sync_testbed("cml2", "cml2cml2")

    # ensure there's no link condition
    result = link.get_condition()
    assert result is None

    # remove, just to be sure
    link.remove_condition()
    result = pylab.run_command("alpine-0", "time ping -Aqc100  192.168.255.1")
    check_result(result, False, 0.0, 10.0)

    # link.set_condition_by_name("dsl1")

    # 2mbps, 50ms delay, 0ms jitter, 5.1% loss)
    # 5.1 to ensure that the float is understood and returned
    link.set_condition(2000, 50, 0, 5.1)

    result = link.get_condition()
    assert result == {
        "bandwidth": 2000,
        "latency": 50,
        "loss": 5.1,
        "jitter": 0
    }

    result = pylab.run_command("alpine-0", "time ping -Aqc100 192.168.255.1")
    check_result(result, True, 90.0, 110.0)

    link.remove_condition()
    result = pylab.run_command("alpine-0", "time ping -Aqc100  192.168.255.1")
    check_result(result, False, 0.0, 10.0)

    lab.stop()
    lab.wipe()
    lab.remove()
Esempio n. 15
0
def client_library_keep_labs_base(url,
                                  usr="******",
                                  pwd="cml2cml2",
                                  ssl_verify=False,
                                  allow_http=True):
    clientlibrary = ClientLibrary(
        url,
        username=usr,
        password=pwd,
        ssl_verify=ssl_verify,
        allow_http=allow_http,
    )
    for _ in range(5):
        try:
            clientlibrary.is_system_ready()
        except HTTPError as err:
            if err.errno == 504:
                # system still initialising, wait longer
                time.sleep(2)

    return clientlibrary
Esempio n. 16
0
    def lab_download(self):
        """
        Imports an existing topology from a CML2 server. Downloaded configuration is stored in self.lab_conf class
        variable and parsed as YAML object

        :raises TypeError: if no lab_id is provided
        :raises requests.exceptions.HTTPError: if there was a transport error
        """

        cl = ClientLibrary(url="https://" + self._cmlnetkitconfig.host,
                           username=self._cmlnetkitconfig.username,
                           password=self._cmlnetkitconfig.password,
                           ssl_verify=self._cmlnetkitconfig.ssl_verify)
        cl.wait_for_lld_connected()
        try:
            self.lab_handler = cl.join_existing_lab(
                self._cmlnetkitconfig.lab_id)
            self.lab_conf = yaml.safe_load(self.lab_handler.download())
        except TypeError:
            print(
                "TypeError: No lab_id provided. Use the -l option to provide the lab_id"
            )
Esempio n. 17
0
    def __init__(self, host, username, password):
        logger = logging.getLogger("virl2_client.virl2_client")
        level = logger.getEffectiveLevel()
        logger.setLevel(logging.ERROR)

        # Remove VIRL2 envvars if they exist.  These would conflict with the virlutils config.
        os.environ.pop("VIRL2_USER", None)
        os.environ.pop("VIRL2_PASS", None)
        os.environ.pop("VIRL2_URL", None)

        self._host = host
        self._username = username
        self._password = password
        self._consoles = {}
        self._student = None
        self._student_password = None
        self._student_name = None

        self._client = ClientLibrary(host,
                                     username,
                                     password,
                                     raise_for_auth_failure=True,
                                     ssl_verify=False)
        logger.setLevel(level)
Esempio n. 18
0
def test_labels_and_tags(client_library: ClientLibrary):
    lab = client_library.import_sample_lab("server-triangle.yaml")

    lab.sync(topology_only=True)

    node_1 = lab.get_node_by_label("server-0")
    assert node_1.label == "server-0"
    assert len(node_1.tags()) == 2

    node_2 = lab.get_node_by_label("server-1")
    assert node_2.label == "server-1"
    assert len(node_2.tags()) == 2

    node_3 = lab.get_node_by_label("server-2")
    assert node_3.label == "server-2"
    assert len(node_3.tags()) == 5
Esempio n. 19
0
def test_start_stop_start_stop_cycle(client_library: ClientLibrary):
    """we need to test if the entire lifecycle works... e.g.
    - define
    - start
    - queued
    - booted
    - stopped
    - queued
    - start
    - stopped
    - ...
    """
    lab = client_library.import_sample_lab("server-triangle.ng")

    lab.start()
    lab.stop()
    lab.start()
    lab.stop()
    lab.wipe()
Esempio n. 20
0
def test_node_console_logs(client_library_session: ClientLibrary):
    lab = client_library_session.create_lab("lab_space")
    ext_conn = lab.create_node("ec", "external_connector", 100, 50, wait=False)
    server = lab.create_node("s1", "server", 100, 100)
    iosv = lab.create_node("n", "iosv", 50, 0)
    lab.start()
    assert lab.state() == "STARTED"
    # server has one serial console on id 0
    logs = server.console_logs(console_id=0)
    assert type(logs) == str

    # external connector - no serial console
    with pytest.raises(requests.exceptions.HTTPError) as err:
        ext_conn.console_logs(console_id=0)
    assert err.value.response.status_code == 400
    assert "Serial port does not exist on node" in err.value.response.text

    # test limited number of lines
    num_lines = 5
    logs = server.console_logs(console_id=0, lines=num_lines)
    assert type(logs) == str
    assert len(logs.split("\n")) == num_lines

    # assert 400 for non existent console id for server >0
    with pytest.raises(requests.exceptions.HTTPError) as err:
        server.console_logs(console_id=55)
    assert err.value.response.status_code == 400
    assert "Serial port does not exist on node" in err.value.response.text

    # iosv has 2 serial consoles
    logs = iosv.console_logs(console_id=0)
    assert type(logs) == str
    logs = iosv.console_logs(console_id=1)
    assert type(logs) == str
    with pytest.raises(requests.exceptions.HTTPError) as err:
        iosv.console_logs(console_id=2)
    assert err.value.response.status_code == 400
    assert "Serial port does not exist on node" in err.value.response.text

    lab.stop()
    lab.wipe()
    lab.remove()
Esempio n. 21
0
def test_import(client_library: ClientLibrary):
    lab = client_library.import_sample_lab("server-triangle.ng")
    s0 = lab.get_node_by_id("n0")
    assert lab.get_node_by_id("n1") is not None
    assert lab.get_node_by_id("n2") is not None

    lab.start()

    s0.stop()
    s0.wipe()

    i1 = s0.create_interface()

    s3 = lab.create_node("s3", "server", 100, 200)
    i2 = s3.create_interface()

    lab.create_link(i1, i2)

    lab.start()
    lab.stop()
#

import getpass
import re

from requests.exceptions import HTTPError

from virl2_client import ClientLibrary

VIRL_CONTROLLER = "virl2-controller"
VIRL_USERNAME = input("username: "******"password: "******"enter lab name: ")

client = ClientLibrary(VIRL_CONTROLLER,
                       VIRL_USERNAME,
                       VIRL_PASSWORD,
                       ssl_verify=False)

# Find the lab by title and join it as long as it's the only
# lab with that title.
labs = client.find_labs_by_title(LAB_NAME)

if not labs or len(labs) != 1:
    print("ERROR: Unable to find a unique lab named {}".format(LAB_NAME))
    exit(1)

lobj = client.join_existing_lab(labs[0].id)

if not lobj:
    print("ERROR: Failed to join lab {}".format(LAB_NAME))
    exit(1)
Esempio n. 23
0
def create_client_connection(virl_host, virl_username, virl_password):
    client = ClientLibrary(virl_host,
                           virl_username,
                           virl_password,
                           ssl_verify=False)
    return client
Esempio n. 24
0
import re
import sys
import urllib3
from braceexpand import braceexpand
from virl2_client import ClientLibrary
from pprint import pprint

# Get login credentials
username = input("Enter CML username: "******"Enter CML password: "******"https://192.168.137.252",
                           username,
                           password,
                           ssl_verify=False)
    client.is_system_ready()
except:
    print(
        f"\nUnable to contact CML2.x server, please check server connectivity."
    )

# get list of labs
all_labs = client.all_labs()

# check if programmatic_network_build exists
if 'programmatic_network_build' in [lab.title for lab in all_labs]:
    print(f"\nprogrammatic_network_build exists, deleting lab..")
    lab = client.find_labs_by_title(title='programmatic_network_build')[0]
    try:
    headers = {
        'Authorization': f'Bearer {webex_token}',
    }
    response = requests.request("POST",
                                url,
                                headers=headers,
                                data=payload,
                                files=files)
    response.raise_for_status()


if __name__ == "__main__":
    urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
    client = ClientLibrary(cml_server_url,
                           cml_username,
                           cml_password,
                           ssl_verify=False,
                           raise_for_auth_failure=True,
                           allow_http=True)

    #get lab
    lab = client.find_labs_by_title("Jupyter Lab")[0]

    #get lab testbed
    pyats_testbed = lab.get_pyats_testbed()

    #add credentials to testbed
    add_cml_credentials(pyats_testbed, "lab_testbed.yaml", cml_username,
                        cml_password)

    #create directories if doesn't exist
    if not os.path.exists("./learn_results"):
Esempio n. 26
0
    def parse(self, inventory, loader, path, cache=True):

        # call base method to ensure properties are available for use with other helper methods
        super(InventoryModule, self).parse(inventory, loader, path, cache)

        # this method will parse 'common format' inventory sources and
        # update any options declared in DOCUMENTATION as needed
        # config = self._read_config_data(self, path)
        self._read_config_data(path)

        # if NOT using _read_config_data you should call set_options directly,
        # to process any defined configuration for this plugin,
        # if you dont define any options you can skip
        # self.set_options()

        if 'VIRL_HOST' in os.environ and len(os.environ['VIRL_HOST']):
            self.host = os.environ['VIRL_HOST']
        else:
            self.host = self.get_option('host')

        self.display.vvv("virl2.py - VIRL_HOST: {0}".format(self.host))

        if 'VIRL_USERNAME' in os.environ and len(os.environ['VIRL_USERNAME']):
            self.username = os.environ['VIRL_USERNAME']
        else:
            self.username = self.get_option('username')

        self.display.vvv("virl2.py - VIRL_USERNAME: {0}".format(self.username))

        if 'VIRL_PASSWORD' in os.environ and len(os.environ['VIRL_PASSWORD']):
            self.password = os.environ['VIRL_PASSWORD']
        else:
            self.password = self.get_option('password')

        if 'VIRL_LAB' in os.environ and len(os.environ['VIRL_LAB']):
            self.lab = os.environ['VIRL_LAB']
        else:
            self.lab = self.get_option('lab')

        self.display.vvv("virl2.py - VIRL_LAB: {0}".format(self.lab))

        if not self.lab:
            self.display.vvv("No lab defined.  Nothing to do.")
            return

        self.group = self.get_option('group')
        if self.group is None:
            self.group = 'virl_hosts'

        self.display.vvv("virl2.py - Group: {0}".format(self.group))

        self.inventory.set_variable('all', 'virl_host', self.host)
        self.inventory.set_variable('all', 'virl_username', self.username)
        self.inventory.set_variable('all', 'virl_password', self.password)
        self.inventory.set_variable('all', 'virl_lab', self.lab)

        url = 'https://{0}'.format(self.host)
        try:
            client = ClientLibrary(url, username=self.username, password=self.password, ssl_verify=False)
        except:
            raise AnsibleParserError('Unable to log into {0}'.format(url))

        labs = (client.find_labs_by_title(self.lab))
        if not labs:
            return

        try:
            group = self.inventory.add_group(self.group)
        except AnsibleError as e:
            raise AnsibleParserError("Unable to add group %s: %s" % (group, to_text(e)))
        group_dict = {}

        lab = labs[0]
        lab.sync()
        for node in lab.nodes():
            self.inventory.add_host(node.label, group=self.group)
            virl = {
                'state': node.state,
                'image_definition': node.image_definition,
                'node_definition': node.node_definition,
                'cpus': node.cpus,
                'ram': node.ram,
                'config': node.config,
                'data_volume': node.data_volume,
            }
            interface_list = []
            ansible_host = None
            for interface in node.interfaces():
                if interface.discovered_ipv4 and not ansible_host:
                    ansible_host = interface.discovered_ipv4[0]
                interface_dict = {
                    'name': interface.label,
                    'state': interface.state,
                    'ipv4_addresses': interface.discovered_ipv4,
                    'ipv6_addresses': interface.discovered_ipv6,
                    'mac_address': interface.discovered_mac_address
                }
                interface_list.append(interface_dict)
            virl.update({'interfaces': interface_list})
            if ansible_host:
                self.inventory.set_variable(node.label, 'ansible_host', ansible_host)
            self.inventory.set_variable(node.label, 'virl_facts', virl)
            self.display.vvv("Adding {0}({1}) to group {2}, state: {3}, ansible_host: {4}".format(
                node.label, node.node_definition, self.group, node.state, ansible_host))
            # Group by node_definition
            if node.node_definition not in group_dict:
                try:
                    group_dict[node.node_definition] = self.inventory.add_group(node.node_definition)
                except AnsibleError as e:
                    raise AnsibleParserError("Unable to add group %s: %s" % (group, to_text(e)))
            self.inventory.add_host(node.label, group=node.node_definition)
Esempio n. 27
0
def test_import_virl(client_library: ClientLibrary):
    lab = client_library.import_sample_lab("dual-server.virl")
    assert lab is not None
Esempio n. 28
0
def test_topology_owner(client_library_keep_labs: ClientLibrary):
    lab = client_library_keep_labs.create_lab("owned_by_cml2")
    lab.sync(topology_only=True)
    assert lab.owner == "cml2"
Esempio n. 29
0
class DSTTopology(object):
    __client = None
    __lab = None

    __started = False
    __wiped = True

    __base_config_dir = None

    __nodes = {
        "Internet Router": {
            "type": "iosv",
            "node": None,
            "config": "internet_router.txt"
        },
        "HQ Firewall": {
            "type": "asav",
            "node": None,
            "config": "hq_firewall.txt"
        },
        "HQ Switch": {
            "type": "unmanaged_switch",
            "node": None
        },
        "HQ Server": {
            "type": "ubuntu",
            "node": None,
            "config": "hq_server.txt"
        },
        "Internet": {
            "type": "external_connector",
            "node": None
        },
        "OOB Management": {
            "type": "external_connector",
            "node": None,
            "config": "oob_management.txt"
        },
    }

    def __init__(self, cml_controller, base_config_dir):
        self.__base_config_dir = base_config_dir

        ssl_cert = False

        if "CA_BUNDLE" in os.environ:
            ssl_cert = os.environ["CA_BUNDLE"]

        # Create a client and use the environment to provide the username, password, and CA bundle
        self.__client = ClientLibrary(cml_controller, ssl_verify=ssl_cert)

    @staticmethod
    def __get_lab_suffix():
        return "".join(
            random.choice(string.ascii_lowercase + string.digits)
            for i in range(8))

    def __create_lab(self):
        # Wait for the low-level drive to connect
        self.__client.wait_for_lld_connected()

        lab_prefix = "Dynamic Split Tunnel Test-"
        lab_suffix = DSTTopology.__get_lab_suffix()

        # Find a unique name for this lab
        while True:
            labs = self.__client.find_labs_by_title(lab_prefix + lab_suffix)
            if labs is not None and len(labs) > 0:
                lab_suffix = DSTTopology.__get_lab_suffix()
            else:
                break

        self.__lab = self.__client.create_lab(title=lab_prefix + lab_suffix)
        self.__lab.description = "This lab is for testing a Dynamic Split Tunnel config change (created at: {ctime})".format(
            ctime=time.ctime())
        self.__lab.wait_for_convergence = False

    def __add_nodes(self):
        # Create each node
        for node in list(self.__nodes.keys()):
            self.__nodes[node]["node"] = self.__lab.create_node(
                node, self.__nodes[node]["type"], populate_interfaces=True)

    def __connect_nodes(self):
        """
        Connect all nodes in the test topology is a known, static way.
        """

        # First connect Gi0/0 of the Internet Router to the Internet
        igi0 = self.__nodes["Internet Router"]["node"].get_interface_by_label(
            "GigabitEthernet0/0")
        iport = self.__nodes["Internet"]["node"].get_interface_by_label("port")
        self.__lab.create_link(igi0, iport)

        # Next connect Gi0/1 of the Internet Router to Gi0/0 of the HQ Firewall
        igi1 = self.__nodes["Internet Router"]["node"].get_interface_by_label(
            "GigabitEthernet0/1")
        fgi0 = self.__nodes["HQ Firewall"]["node"].get_interface_by_label(
            "GigabitEthernet0/0")
        self.__lab.create_link(igi1, fgi0)

        # Next connect Gi0/1 of the HQ Firewall to port0 of the HQ Switch
        # ...But before we can do that, we need to add a new interface.
        self.__nodes["HQ Firewall"]["node"].create_interface()
        fgi1 = self.__nodes["HQ Firewall"]["node"].get_interface_by_label(
            "GigabitEthernet0/1")
        sport0 = self.__nodes["HQ Switch"]["node"].get_interface_by_label(
            "port0")
        self.__lab.create_link(fgi1, sport0)

        # Next connect Management0/0 of HQ Firewall to the OOB Management network
        fm0 = self.__nodes["HQ Firewall"]["node"].get_interface_by_label(
            "Management0/0")
        oport = self.__nodes["OOB Management"]["node"].get_interface_by_label(
            "port")
        self.__lab.create_link(fm0, oport)

        # Next connect port1 of HQ Switch to port enp0s2 of the HQ Server
        sport1 = self.__nodes["HQ Switch"]["node"].get_interface_by_label(
            "port1")
        seth = self.__nodes["HQ Server"]["node"].get_interface_by_label(
            "enp0s2")
        self.__lab.create_link(sport1, seth)

    def __configure_nodes(self):
        for node, properties in list(self.__nodes.items()):
            if "config" in properties:
                config = self.__base_config_dir + "/" + properties["config"]
                if not os.path.exists(config):
                    raise FileNotFoundError(config)

                with open(config, "r") as fd:
                    conf_contents = fd.read()
                    properties["node"].config = conf_contents

    def create_topology(self):
        """
        Create a DST test topology and configure it.
        """

        self.__create_lab()
        self.__add_nodes()
        self.__connect_nodes()
        self.__configure_nodes()

    def start(self):
        """
        Start the DST test lab.
        """

        if self.__started:
            return

        self.__lab.start()
        self.__started = True
        self.__wiped = False

    def stop(self):
        """
        Stop the DST test lab.
        """

        if not self.__started:
            return

        self.__lab.stop(wait=True)
        self.__started = False

    def is_ready(self):
        """
        Check if the overall lab is ready.

        Returns:
            Boolean: True if all nodes have converged, False otherwise.
        """

        if not self.__started:
            raise Exception("Lab has not been started yet.")

        ready = True
        for node, properties in list(self.__nodes.items()):
            if not properties["node"].has_converged(
            ) or properties["node"].has_converged(
            ) == 0 or not properties["node"].is_booted():
                ready = False
                break

        return ready

    def get_fw_ip(self, wait=False):
        """
        Return the IP address of the OOB Management interface on the firewall node.

        Parameters:
            wait (Boolean): Whether or not to wait for the firewall node to converge (default: False)

        Returns:
            string: The first IP address on Management0/0 if found, else None
        """

        if not self.__started:
            raise Exception("Lab has not been started yet.")

        if not wait and not self.__nodes["HQ Firewall"]["node"].has_converged(
        ):
            raise Exception("Firewall node has not yet converged.")
        elif not self.__nodes["HQ Firewall"]["node"].has_converged():
            while not self.__nodes["HQ Firewall"]["node"].has_converged():
                time.sleep(1)

        fm0 = self.__nodes["HQ Firewall"]["node"].get_interface_by_label(
            "Management0/0")
        ip4_addr = fm0.discovered_ipv4
        if len(ip4_addr) > 0:
            return ip4_addr[0]

        return None

    def wipe(self):
        """
        Wipe the DST test lab
        """

        if self.__started:
            raise Exception("Lab must be stopped first.")

        self.__lab.wipe(wait=True)
        self.__wiped = True

    def remove(self):
        """
        Remove the lab from the CML controller.
        """

        if not self.__wiped:
            raise Exception("Lab must be wiped before it can be removed.")

        self.__lab.remove()
Esempio n. 30
0
def test_group_api_permissions(controller_url,
                               client_library_session: ClientLibrary):
    cl_admin = client_library_session
    # create non-admin user
    username = "******"
    satoshi_pwd = "super-secret-pwd"
    satoshi = cl_admin.user_management.create_user(username=username,
                                                   pwd=satoshi_pwd)
    halfinn = cl_admin.user_management.create_user(username="******",
                                                   pwd=satoshi_pwd)
    satoshi_uid = satoshi["id"]
    cml2_uid = client_library_session.user_management.user_id(username="******")
    halfinn_uid = client_library_session.user_management.user_id(
        username="******")
    # assert there is no lab
    assert cl_admin.all_labs(show_all=True) == []
    # create lab
    lab0 = cl_admin.create_lab(title="lab0")
    lab1 = cl_admin.create_lab(title="lab1")
    # create students group
    lab0_ro = [{"id": lab0.id, "permission": "read_only"}]
    lab0_1_rw = [
        {
            "id": lab0.id,
            "permission": "read_write"
        },
        {
            "id": lab1.id,
            "permission": "read_write"
        },
    ]
    students_group = cl_admin.group_management.create_group(
        name="students",
        description="students group",
        members=[satoshi_uid],
        labs=lab0_ro,
    )
    teachers_group = cl_admin.group_management.create_group(
        name="teachers",
        description="teachers group",
        members=[],
        labs=lab0_1_rw)
    all_groups = cl_admin.group_management.groups()
    assert len(all_groups) == 2
    all_groups_names = [group["id"] for group in all_groups]
    assert students_group["id"] in all_groups_names
    assert teachers_group["id"] in all_groups_names

    # log in as non-admin satoshi user
    cl_satoshi = ClientLibrary(
        controller_url,
        username=username,
        password=satoshi_pwd,
        ssl_verify=False,
        allow_http=True,
    )
    # satoshi must only see groups that he is part of
    satoshi_groups = cl_satoshi.group_management.groups()
    assert len(satoshi_groups) == 1
    assert satoshi_groups[0]["name"] == "students"
    assert cl_satoshi.user_management.user_groups(user_id=satoshi_uid) == [
        students_group["id"]
    ]

    # cannot check other user info
    with pytest.raises(requests.exceptions.HTTPError) as err:
        cl_satoshi.user_management.user_groups(user_id=cml2_uid)
    assert err.value.response.status_code == 403
    assert "User does not have required access" in err.value.response.text

    # user cannot see groups he is not part of
    with pytest.raises(requests.exceptions.HTTPError) as err:
        cl_satoshi.group_management.get_group(group_id=teachers_group["id"])
    assert err.value.response.status_code == 403
    assert "User does not have required access" in err.value.response.text
    # can see those where he is member
    students_group = cl_satoshi.group_management.get_group(
        group_id=students_group["id"])
    assert students_group["members"] == [satoshi_uid]
    # only admin can create, delete and modify group
    # create
    with pytest.raises(requests.exceptions.HTTPError) as err:
        cl_satoshi.group_management.create_group(name="xxx")
    assert err.value.response.status_code == 403
    assert "User does not have required access" in err.value.response.text
    # update
    with pytest.raises(requests.exceptions.HTTPError) as err:
        cl_satoshi.group_management.update_group(group_id=teachers_group["id"],
                                                 description="new")
    assert err.value.response.status_code == 403
    assert "User does not have required access" in err.value.response.text
    # delete
    with pytest.raises(requests.exceptions.HTTPError) as err:
        cl_satoshi.group_management.delete_group(group_id=teachers_group["id"])
    assert err.value.response.status_code == 403
    assert "User does not have required access" in err.value.response.text
    # user cannot see members of group that he is not part of
    with pytest.raises(requests.exceptions.HTTPError) as err:
        cl_satoshi.group_management.group_members(
            group_id=teachers_group["id"])
    assert err.value.response.status_code == 403
    assert "User does not have required access" in err.value.response.text
    # can see those where he is member
    students_group_members = cl_satoshi.group_management.group_members(
        group_id=students_group["id"])
    assert students_group_members == [satoshi_uid]
    # user cannot see labs of group that he is not part of
    with pytest.raises(requests.exceptions.HTTPError) as err:
        cl_satoshi.group_management.group_labs(group_id=teachers_group["id"])
    assert err.value.response.status_code == 403
    assert "User does not have required access" in err.value.response.text
    # can see those where he is member
    students_group_labs = cl_satoshi.group_management.group_labs(
        group_id=students_group["id"])
    assert students_group_labs == [lab0.id]

    # we need to get lab objects again so that they are bound to satoshi user
    lab0 = cl_satoshi.find_labs_by_title(title="lab0")[0]
    # satishi can only see groups where he is a member - in this case students
    assert lab0.groups == [
        {
            "id": students_group["id"],
            "permission": "read_only"
        },
    ]
    # we cannot modify groups associations as satoshi is not owner or admin
    with pytest.raises(requests.exceptions.HTTPError) as err:
        lab0.update_lab_groups(group_list=[])
    assert err.value.response.status_code == 403
    assert "User does not have required access" in err.value.response.text

    # we cannot modify notes
    with pytest.raises(requests.exceptions.HTTPError) as err:
        lab0.notes = "new note"
    assert err.value.response.status_code == 403
    assert "User does not have write permission to lab" in err.value.response.text

    # we cannot modify description
    with pytest.raises(requests.exceptions.HTTPError) as err:
        lab0.description = "new description"
    assert err.value.response.status_code == 403
    assert "User does not have write permission to lab" in err.value.response.text

    # change students association to lab0 to read_write
    assert cl_admin.group_management.update_group(
        group_id=students_group["id"],
        labs=[{
            "id": lab0.id,
            "permission": "read_write"
        }],
    )
    # now user can perform writes to associated lab
    lab0.notes = "new note"
    assert lab0.notes == "new note"
    lab0.description = "new description"
    assert lab0.description == "new description"
    # get students groups association to lab0 back to read only
    # satoshi cannot - he is not admin or owner
    with pytest.raises(requests.exceptions.HTTPError) as err:
        lab0.update_lab_groups(group_list=[
            {
                "id": students_group["id"],
                "permission": "read_only"
            },
        ])
    assert err.value.response.status_code == 403
    assert "User does not have required access" in err.value.response.text
    # admin can
    lab0 = cl_admin.find_labs_by_title(title="lab0")[0]
    lab0.update_lab_groups(group_list=[
        {
            "id": students_group["id"],
            "permission": "read_only"
        },
    ])
    lab0 = cl_satoshi.find_labs_by_title(title="lab0")[0]
    assert lab0.groups == [
        {
            "id": students_group["id"],
            "permission": "read_only"
        },
    ]
    # add teachers group rw association to lab0 (admin action)
    teachers_group = cl_admin.group_management.update_group(
        group_id=teachers_group["id"], labs=lab0_1_rw)
    # we cannot modify groups associations as satoshi is not admin or owner
    with pytest.raises(requests.exceptions.HTTPError) as err:
        lab0.update_lab_groups(group_list=[])
    assert err.value.response.status_code == 403
    assert "User does not have required access" in err.value.response.text

    # we cannot modify notes
    with pytest.raises(requests.exceptions.HTTPError) as err:
        lab0.notes = "new note"
    assert err.value.response.status_code == 403
    assert "User does not have write permission to lab" in err.value.response.text

    # we cannot modify description
    with pytest.raises(requests.exceptions.HTTPError) as err:
        lab0.description = "new description"
    assert err.value.response.status_code == 403
    assert "User does not have write permission to lab" in err.value.response.text

    # as satoshi has no access to lab1 - below list is empty
    assert cl_satoshi.find_labs_by_title(title="lab1") == []
    # add satoshi to teachers group - by doing this now he gains read write
    # access to both ;ab0 and lab1
    cl_admin.group_management.update_group(group_id=teachers_group["id"],
                                           members=[satoshi_uid])
    # now we can access teachers group and related data
    assert cl_satoshi.group_management.get_group(group_id=teachers_group["id"])
    assert cl_satoshi.group_management.group_members(
        group_id=teachers_group["id"]) == [satoshi_uid]
    assert (len(
        cl_satoshi.group_management.group_labs(
            group_id=teachers_group["id"])) == 2)
    user_groups = cl_satoshi.user_management.user_groups(user_id=satoshi_uid)
    assert students_group["id"] in user_groups and teachers_group[
        "id"] in user_groups
    associated_groups_names = [
        group["name"] for group in cl_satoshi.group_management.groups()
    ]
    assert ("students" in associated_groups_names
            and "teachers" in associated_groups_names)
    # test adjusting lab groups (only owner and admin can change lab group associations)
    # admin must see all associations
    # owner and non-admin users can only see those associations where they are members of group
    # log in as non-admin satoshi user
    cl_halfinn = ClientLibrary(
        controller_url,
        username="******",
        password=satoshi_pwd,
        ssl_verify=False,
        allow_http=True,
    )
    # create lab owned by halfin
    lab2 = cl_halfinn.create_lab(title="lab2")
    # only satoshi in students group + add lab2 association
    cl_admin.group_management.update_group(
        group_id=students_group["id"],
        members=[satoshi_uid],
        labs=[{
            "id": lab2.id,
            "permission": "read_only"
        }],
    )
    # only halfinney in teachers group + add lab2 association
    cl_admin.group_management.update_group(
        group_id=teachers_group["id"],
        members=[halfinn_uid],
        labs=[{
            "id": lab2.id,
            "permission": "read_only"
        }],
    )
    halfinn_lab2 = cl_halfinn.find_labs_by_title(title="lab2")[0]
    # get lab owned by halfinney with satoshi (who is not owner)
    satoshi_lab2 = cl_satoshi.find_labs_by_title(title="lab2")[0]
    # get lab owned by halfinney with admin
    admin_lab2 = cl_admin.find_labs_by_title(title="lab2")[0]

    # admin must see both groups associated with lab2
    assert admin_lab2.groups == [
        {
            "id": students_group["id"],
            "permission": "read_only"
        },
        {
            "id": teachers_group["id"],
            "permission": "read_only"
        },
    ]
    # halfinney only sees group that he is member of (teachers)
    assert halfinn_lab2.groups == [
        {
            "id": teachers_group["id"],
            "permission": "read_only"
        },
    ]
    # satoshi only sees group that he is member of (students)
    assert satoshi_lab2.groups == [
        {
            "id": students_group["id"],
            "permission": "read_only"
        },
    ]
    # satoshi cannot update lab groups associations for lab2 -> 403 (not owner or admin)
    with pytest.raises(requests.exceptions.HTTPError) as err:
        satoshi_lab2.update_lab_groups(group_list=[])
    assert err.value.response.status_code == 403
    assert "User does not have required access" in err.value.response.text
    # associations mus still be present after above failure
    assert admin_lab2.groups == [
        {
            "id": students_group["id"],
            "permission": "read_only"
        },
        {
            "id": teachers_group["id"],
            "permission": "read_only"
        },
    ]
    # halfinney cannot add/remove students association to lab2 as he is not member of students
    halfinn_lab2.update_lab_groups(group_list=[])
    # above only removed the group teachers as halfinn is owner and also member of teachers
    assert halfinn_lab2.groups == []  # sees nothing
    assert satoshi_lab2.groups == [
        {
            "id": students_group["id"],
            "permission": "read_only"
        },
    ]  # sees students
    assert admin_lab2.groups == [
        {
            "id": students_group["id"],
            "permission": "read_only"
        },
    ]  # admin too sees only students as that is now only associtation
    # halfinney cannot add students group as he is not member
    with pytest.raises(requests.exceptions.HTTPError) as err:
        halfinn_lab2.update_lab_groups(group_list=[{
            "id": students_group["id"],
            "permission": "read_only"
        }])
    assert err.value.response.status_code == 403
    assert "User does not have required access" in err.value.response.text
    # halfinney can add teachers as he is a member
    halfinn_lab2.update_lab_groups(group_list=[{
        "id": teachers_group["id"],
        "permission": "read_only"
    }])
    # halfinney only sees group that he is member of (teachers)
    assert halfinn_lab2.groups == [
        {
            "id": teachers_group["id"],
            "permission": "read_only"
        },
    ]
    # add halfinney to students group
    cl_admin.group_management.update_group(
        group_id=students_group["id"],
        members=[satoshi_uid, halfinn_uid],
    )
    # halfinney now sees both students and teachers
    # associations mus still be present after above failure
    assert halfinn_lab2.groups == [
        {
            "id": students_group["id"],
            "permission": "read_only"
        },
        {
            "id": teachers_group["id"],
            "permission": "read_only"
        },
    ]
    # he can now also remove both associations
    halfinn_lab2.update_lab_groups(group_list=[])
    assert admin_lab2.groups == []
    assert halfinn_lab2.groups == []
    # satoshi lost access --> 404
    with pytest.raises(requests.exceptions.HTTPError) as err:
        assert satoshi_lab2.groups == []
    assert err.value.response.status_code == 404
    assert "Lab not found" in err.value.response.text
    # add also possible
    halfinn_lab2.update_lab_groups(group_list=[
        {
            "id": students_group["id"],
            "permission": "read_only"
        },
        {
            "id": teachers_group["id"],
            "permission": "read_only"
        },
    ])
    assert halfinn_lab2.groups == [
        {
            "id": students_group["id"],
            "permission": "read_only"
        },
        {
            "id": teachers_group["id"],
            "permission": "read_only"
        },
    ]
    assert satoshi_lab2.groups == [
        {
            "id": students_group["id"],
            "permission": "read_only"
        },
    ]  # sees students as he is only part of students not teachers
    assert admin_lab2.groups == [
        {
            "id": students_group["id"],
            "permission": "read_only"
        },
        {
            "id": teachers_group["id"],
            "permission": "read_only"
        },
    ]
    # admin can do whatever he pleases
    admin_lab2.update_lab_groups(group_list=[])
    assert admin_lab2.groups == []
    assert halfinn_lab2.groups == []
    # satoshi lost access --> 404
    with pytest.raises(requests.exceptions.HTTPError) as err:
        assert satoshi_lab2.groups == []
    assert err.value.response.status_code == 404
    assert "Lab not found" in err.value.response.text

    # CLEAN UP
    # again need to get lab0 from admin account
    lab0 = cl_admin.find_labs_by_title(title="lab0")[0]
    lab0.remove()
    lab1.remove()
    lab2.remove()
    cl_admin.user_management.delete_user(user_id=satoshi_uid)
    cl_admin.user_management.delete_user(user_id=halfinn_uid)
    assert cl_admin.group_management.delete_group(
        group_id=students_group["id"]) is None
    assert cl_admin.group_management.delete_group(
        group_id=teachers_group["id"]) is None

    assert cl_admin.group_management.groups() == []
    assert cl_admin.all_labs(show_all=True) == []