Esempio n. 1
0
    def test_security_logging_object_with_policy_and_security_group(self):
        # Add a Network Policy Rule and a Security Group Rule to a
        # SLO
        vn1_name = self.id() + 'vn1'
        vn1 = self.create_virtual_network(vn1_name, "10.1.1.0/24")
        rule1 = {
            "protocol": "udp",
            "direction": "<>",
            "src": {
                "type": "vn",
                "value": vn1
            },
            "dst": {
                "type": "cidr",
                "value": "10.2.1.1/32"
            },
            "action": "deny"
        }
        np = self.create_network_policy_with_multiple_rules([rule1])
        seq = SequenceType(1, 1)
        vnp = VirtualNetworkPolicyType(seq)
        vn1.set_network_policy(np, vnp)
        self._vnc_lib.virtual_network_update(vn1)
        sg_obj = SecurityGroup(name=self.id() + '_sg1')
        self._vnc_lib.security_group_create(sg_obj)
        sgr_uuid = str(uuid.uuid4())
        sg_rule = PolicyRuleType(
            rule_uuid=sgr_uuid,
            direction='>',
            protocol='tcp',
            src_addresses=[AddressType(subnet=SubnetType('11.0.0.0', 24))],
            src_ports=[PortType(0, 65535)],
            dst_addresses=[AddressType(security_group='local')],
            dst_ports=[PortType(0, 65535)],
            ether_type='IPv4')
        sg_policy_rules = PolicyEntriesType([sg_rule])
        sg_obj.set_security_group_entries(sg_policy_rules)
        self._vnc_lib.security_group_update(sg_obj)

        project = self._vnc_lib.project_read(
            fq_name=[u'default-domain', u'default-project'])
        slo_name = self.id() + '_slo1'
        slo_obj = SecurityLoggingObject(name=slo_name,
                                        parent_obj=project,
                                        security_logging_object_rate=300)

        self._vnc_lib.security_logging_object_create(slo_obj)
        self.wait_to_get_object(SecurityLoggingObjectST,
                                slo_obj.get_fq_name_str())

        np_rule1 = np.get_network_policy_entries().get_policy_rule()[0]
        np_fqdn = np.get_fq_name_str()
        np_rule1_uuid = np_rule1.get_rule_uuid()

        slo_rule_entries = []
        slo_rule_entries.append(
            SecurityLoggingObjectRuleEntryType(np_rule1_uuid, rate=300))
        slo_rule_entries.append(
            SecurityLoggingObjectRuleEntryType(sgr_uuid, rate=300))

        slo_obj = self._vnc_lib.security_logging_object_read(
            fq_name=slo_obj.get_fq_name())
        slo_obj.add_network_policy(np, None)
        sg_obj = self._vnc_lib.security_group_read(id=sg_obj.get_uuid())
        slo_obj.add_security_group(sg_obj, None)
        self._vnc_lib.security_logging_object_update(slo_obj)

        st_slo = SecurityLoggingObjectST.get(slo_obj.get_fq_name_str())
        self.check_rules_in_slo(st_slo, np_fqdn, slo_rule_entries)

        slo_obj.del_network_policy(np)
        slo_obj.del_security_group(sg_obj)
        self._vnc_lib.security_logging_object_update(slo_obj)

        st_slo = SecurityLoggingObjectST.get(slo_obj.get_fq_name_str())
        self.check_rules_in_slo(st_slo, None, [])

        # cleanup
        self.delete_network_policy(np, auto_policy=True)
        self._vnc_lib.virtual_network_delete(fq_name=vn1.get_fq_name())

        self._vnc_lib.security_logging_object_delete(
            fq_name=slo_obj.get_fq_name())

        # check if vn is deleted
        self.check_vn_is_deleted(uuid=vn1.uuid)
Esempio n. 2
0
    def test_security_logging_object_with_network_policy_update(self):
        vn1_name = self.id() + 'vn1'
        vn1 = self.create_virtual_network(vn1_name, "10.1.1.0/24")

        np = self.create_network_policy_with_multiple_rules([])
        np_fqdn = np.get_fq_name_str()
        seq = SequenceType(1, 1)
        vnp = VirtualNetworkPolicyType(seq)
        vn1.set_network_policy(np, vnp)
        self._vnc_lib.virtual_network_update(vn1)

        project = self._vnc_lib.project_read(
            fq_name=[u'default-domain', u'default-project'])
        slo_name = self.id() + '_slo1'
        slo_obj = SecurityLoggingObject(name=slo_name,
                                        parent_obj=project,
                                        security_logging_object_rate=300)

        self._vnc_lib.security_logging_object_create(slo_obj)

        self.wait_to_get_object(SecurityLoggingObjectST,
                                slo_obj.get_fq_name_str())

        slo_obj.add_network_policy(np, None)
        self._vnc_lib.security_logging_object_update(slo_obj)

        npr_uuid = str(uuid.uuid4())
        action_list = ActionListType()
        action_list.simple_action = 'pass'
        np_rule = PolicyRuleType(
            rule_uuid=npr_uuid,
            direction='>',
            protocol='tcp',
            src_addresses=[AddressType(subnet=SubnetType('11.0.0.0', 24))],
            src_ports=[PortType(0, 65535)],
            dst_addresses=[AddressType(subnet=SubnetType('10.0.0.0', 24))],
            dst_ports=[PortType(0, 65535)],
            ether_type='IPv4',
            action_list=action_list)
        np.set_network_policy_entries(PolicyEntriesType([np_rule]))

        self._vnc_lib.network_policy_update(np)

        slo_obj = self._vnc_lib.security_logging_object_read(
            fq_name=slo_obj.get_fq_name())
        expected_rule_list = [
            SecurityLoggingObjectRuleEntryType(npr_uuid, rate=300)
        ]

        st_slo = SecurityLoggingObjectST.get(slo_obj.get_fq_name_str())
        self.check_rules_in_slo(st_slo, np_fqdn, expected_rule_list)

        slo_obj.del_network_policy(np)
        self._vnc_lib.security_logging_object_update(slo_obj)

        st_slo = SecurityLoggingObjectST.get(slo_obj.get_fq_name_str())
        self.check_rules_in_slo(st_slo, None, [])

        # cleanup
        self.delete_network_policy(np, auto_policy=True)
        self._vnc_lib.virtual_network_delete(fq_name=vn1.get_fq_name())

        self._vnc_lib.security_logging_object_delete(
            fq_name=slo_obj.get_fq_name())

        # check if vn is deleted
        self.check_vn_is_deleted(uuid=vn1.uuid)
Esempio n. 3
0
    def test_security_logging_object_with_wildcard_rules(self):
        vn1_name = self.id() + 'vn1'
        vn1 = self.create_virtual_network(vn1_name, "10.1.1.0/24")
        rules = []
        rule1 = {
            "protocol": "udp",
            "direction": "<>",
            "src": {
                "type": "vn",
                "value": vn1
            },
            "dst": {
                "type": "cidr",
                "value": "10.2.1.1/32"
            },
            "action": "deny"
        }
        rule2 = {
            "protocol": "icmp",
            "direction": "<>",
            "src": {
                "type": "vn",
                "value": vn1
            },
            "dst": {
                "type": "cidr",
                "value": "10.2.1.2/32"
            },
            "action": "deny"
        }
        rules.append(rule1)
        rules.append(rule2)

        np = self.create_network_policy_with_multiple_rules(rules)
        seq = SequenceType(1, 1)
        vnp = VirtualNetworkPolicyType(seq)
        vn1.set_network_policy(np, vnp)
        self._vnc_lib.virtual_network_update(vn1)

        project = self._vnc_lib.project_read(
            fq_name=[u'default-domain', u'default-project'])
        slo_name = self.id() + '_slo1'
        slo_obj = SecurityLoggingObject(name=slo_name,
                                        parent_obj=project,
                                        security_logging_object_rate=300)

        self._vnc_lib.security_logging_object_create(slo_obj)
        self.wait_to_get_object(SecurityLoggingObjectST,
                                slo_obj.get_fq_name_str())

        np_rule1 = np.get_network_policy_entries().get_policy_rule()[0]
        np_rule2 = np.get_network_policy_entries().get_policy_rule()[1]
        np_fqdn = np.get_fq_name_str()
        np_rule1_uuid = np_rule1.get_rule_uuid()
        np_rule2_uuid = np_rule2.get_rule_uuid()

        slo_rule_entries = []
        slo_rule_entries.append(
            SecurityLoggingObjectRuleEntryType(np_rule1_uuid, rate=300))
        slo_rule_entries.append(
            SecurityLoggingObjectRuleEntryType(np_rule2_uuid, rate=300))

        slo_obj = self._vnc_lib.security_logging_object_read(
            fq_name=slo_obj.get_fq_name())
        slo_obj.add_network_policy(np, None)
        self._vnc_lib.security_logging_object_update(slo_obj)

        st_slo = SecurityLoggingObjectST.get(slo_obj.get_fq_name_str())
        self.check_rules_in_slo(st_slo, np_fqdn, slo_rule_entries)

        slo_obj.del_network_policy(np)
        self._vnc_lib.security_logging_object_update(slo_obj)

        st_slo = SecurityLoggingObjectST.get(slo_obj.get_fq_name_str())
        self.check_rules_in_slo(st_slo, None, [])

        # cleanup
        self.delete_network_policy(np, auto_policy=True)
        self._vnc_lib.virtual_network_delete(fq_name=vn1.get_fq_name())

        self._vnc_lib.security_logging_object_delete(
            fq_name=slo_obj.get_fq_name())

        # check if vn is deleted
        self.check_vn_is_deleted(uuid=vn1.uuid)
    def test_security_logging_object_with_policy_and_security_group(self):
        # Add a Network Policy Rule and a Security Group Rule to a
        # SLO
        vn1_name = self.id() + 'vn1'
        vn1 = self.create_virtual_network(vn1_name, "10.1.1.0/24")
        rule1 = {"protocol": "udp",
                 "direction": "<>",
                 "src": {"type": "vn", "value": vn1},
                 "dst": {"type": "cidr", "value": "10.2.1.1/32"},
                 "action": "deny"
                 }
        np = self.create_network_policy_with_multiple_rules([rule1])
        seq = SequenceType(1, 1)
        vnp = VirtualNetworkPolicyType(seq)
        vn1.set_network_policy(np, vnp)
        self._vnc_lib.virtual_network_update(vn1)
        sg_obj = SecurityGroup(name=self.id() + '_sg1')
        self._vnc_lib.security_group_create(sg_obj)
        sgr_uuid = str(uuid.uuid4())
        sg_rule = PolicyRuleType(rule_uuid=sgr_uuid,
                                 direction='>',
                                 protocol='tcp',
                                 src_addresses=[AddressType(subnet=SubnetType('11.0.0.0', 24))],
                                 src_ports=[PortType(0, 65535)],
                                 dst_addresses=[AddressType(security_group='local')],
                                 dst_ports=[PortType(0, 65535)],
                                 ether_type='IPv4')
        sg_policy_rules = PolicyEntriesType([sg_rule])
        sg_obj.set_security_group_entries(sg_policy_rules)
        self._vnc_lib.security_group_update(sg_obj)

        project = self._vnc_lib.project_read(fq_name=[u'default-domain', u'default-project'])
        slo_name = self.id() + '_slo1'
        slo_obj = SecurityLoggingObject(name=slo_name,
                                        parent_obj=project,
                                        security_logging_object_rate=300)

        self._vnc_lib.security_logging_object_create(slo_obj)
        self.wait_to_get_object(config_db.SecurityLoggingObjectST,
                                slo_obj.get_fq_name_str())

        np_rule1 = np.get_network_policy_entries().get_policy_rule()[0]
        np_fqdn = np.get_fq_name_str()
        np_rule1_uuid = np_rule1.get_rule_uuid()

        slo_rule_entries = []
        slo_rule_entries.append(SecurityLoggingObjectRuleEntryType(np_rule1_uuid,
                                                                   rate=300))
        slo_rule_entries.append(SecurityLoggingObjectRuleEntryType(sgr_uuid,
                                                                   rate=300))

        slo_obj = self._vnc_lib.security_logging_object_read(fq_name=slo_obj.get_fq_name())
        slo_obj.add_network_policy(np, None)
        sg_obj = self._vnc_lib.security_group_read(id=sg_obj.get_uuid())
        slo_obj.add_security_group(sg_obj, None)
        self._vnc_lib.security_logging_object_update(slo_obj)

        st_slo = to_bgp.SecurityLoggingObjectST.get(slo_obj.get_fq_name_str())
        self.check_rules_in_slo(st_slo, np_fqdn, slo_rule_entries)

        slo_obj.del_network_policy(np)
        slo_obj.del_security_group(sg_obj)
        self._vnc_lib.security_logging_object_update(slo_obj)

        st_slo = to_bgp.SecurityLoggingObjectST.get(slo_obj.get_fq_name_str())
        self.check_rules_in_slo(st_slo, None, [])

        # cleanup
        self.delete_network_policy(np, auto_policy=True)
        self._vnc_lib.virtual_network_delete(fq_name=vn1.get_fq_name())

        self._vnc_lib.security_logging_object_delete(fq_name=slo_obj.get_fq_name())

        # check if vn is deleted
        self.check_vn_is_deleted(uuid=vn1.uuid)
    def test_security_logging_object_with_network_policy_update(self):
        vn1_name = self.id() + 'vn1'
        vn1 = self.create_virtual_network(vn1_name, "10.1.1.0/24")

        np = self.create_network_policy_with_multiple_rules([])
        np_fqdn = np.get_fq_name_str()
        seq = SequenceType(1, 1)
        vnp = VirtualNetworkPolicyType(seq)
        vn1.set_network_policy(np, vnp)
        self._vnc_lib.virtual_network_update(vn1)

        project = self._vnc_lib.project_read(fq_name=[u'default-domain', u'default-project'])
        slo_name = self.id() + '_slo1'
        slo_obj = SecurityLoggingObject(name=slo_name,
                                        parent_obj=project,
                                        security_logging_object_rate=300)

        self._vnc_lib.security_logging_object_create(slo_obj)

        self.wait_to_get_object(config_db.SecurityLoggingObjectST,
                                slo_obj.get_fq_name_str())

        slo_obj.add_network_policy(np, None)
        self._vnc_lib.security_logging_object_update(slo_obj)

        npr_uuid = str(uuid.uuid4())
        action_list = ActionListType()
        action_list.simple_action = 'pass'
        np_rule = PolicyRuleType(rule_uuid=npr_uuid,
                                 direction='>',
                                 protocol='tcp',
                                 src_addresses=[AddressType(subnet=SubnetType('11.0.0.0', 24))],
                                 src_ports=[PortType(0, 65535)],
                                 dst_addresses=[AddressType(subnet=SubnetType('10.0.0.0', 24))],
                                 dst_ports=[PortType(0, 65535)],
                                 ether_type='IPv4',
                                 action_list=action_list
                                 )
        np.set_network_policy_entries(PolicyEntriesType([np_rule]))

        self._vnc_lib.network_policy_update(np)

        slo_obj = self._vnc_lib.security_logging_object_read(fq_name=slo_obj.get_fq_name())
        expected_rule_list = [SecurityLoggingObjectRuleEntryType(npr_uuid, rate=300)]

        st_slo = to_bgp.SecurityLoggingObjectST.get(slo_obj.get_fq_name_str())
        self.check_rules_in_slo(st_slo, np_fqdn, expected_rule_list)

        slo_obj.del_network_policy(np)
        self._vnc_lib.security_logging_object_update(slo_obj)

        st_slo = to_bgp.SecurityLoggingObjectST.get(slo_obj.get_fq_name_str())
        self.check_rules_in_slo(st_slo, None, [])

        # cleanup
        self.delete_network_policy(np, auto_policy=True)
        self._vnc_lib.virtual_network_delete(fq_name=vn1.get_fq_name())

        self._vnc_lib.security_logging_object_delete(fq_name=slo_obj.get_fq_name())

        # check if vn is deleted
        self.check_vn_is_deleted(uuid=vn1.uuid)
    def test_security_logging_object_with_wildcard_rules(self):
        vn1_name = self.id() + 'vn1'
        vn1 = self.create_virtual_network(vn1_name, "10.1.1.0/24")
        rules = []
        rule1 = {"protocol": "udp",
                 "direction": "<>",
                 "src": {"type": "vn", "value": vn1},
                 "dst": {"type": "cidr", "value": "10.2.1.1/32"},
                 "action": "deny"
                 }
        rule2 = {"protocol": "icmp",
                 "direction": "<>",
                 "src": {"type": "vn", "value": vn1},
                 "dst": {"type": "cidr", "value": "10.2.1.2/32"},
                 "action": "deny"
                 }
        rules.append(rule1)
        rules.append(rule2)

        np = self.create_network_policy_with_multiple_rules(rules)
        seq = SequenceType(1, 1)
        vnp = VirtualNetworkPolicyType(seq)
        vn1.set_network_policy(np, vnp)
        self._vnc_lib.virtual_network_update(vn1)

        project = self._vnc_lib.project_read(fq_name=[u'default-domain', u'default-project'])
        slo_name = self.id() + '_slo1'
        slo_obj = SecurityLoggingObject(name=slo_name,
                                        parent_obj=project,
                                        security_logging_object_rate=300)

        self._vnc_lib.security_logging_object_create(slo_obj)
        self.wait_to_get_object(config_db.SecurityLoggingObjectST,
                                slo_obj.get_fq_name_str())

        np_rule1 = np.get_network_policy_entries().get_policy_rule()[0]
        np_rule2 = np.get_network_policy_entries().get_policy_rule()[1]
        np_fqdn = np.get_fq_name_str()
        np_rule1_uuid = np_rule1.get_rule_uuid()
        np_rule2_uuid = np_rule2.get_rule_uuid()

        slo_rule_entries = []
        slo_rule_entries.append(SecurityLoggingObjectRuleEntryType(np_rule1_uuid,
                                                                   rate=300))
        slo_rule_entries.append(SecurityLoggingObjectRuleEntryType(np_rule2_uuid,
                                                                   rate=300))

        slo_obj = self._vnc_lib.security_logging_object_read(fq_name=slo_obj.get_fq_name())
        slo_obj.add_network_policy(np, None)
        self._vnc_lib.security_logging_object_update(slo_obj)

        st_slo = to_bgp.SecurityLoggingObjectST.get(slo_obj.get_fq_name_str())
        self.check_rules_in_slo(st_slo, np_fqdn, slo_rule_entries)

        slo_obj.del_network_policy(np)
        self._vnc_lib.security_logging_object_update(slo_obj)

        st_slo = to_bgp.SecurityLoggingObjectST.get(slo_obj.get_fq_name_str())
        self.check_rules_in_slo(st_slo, None, [])

        # cleanup
        self.delete_network_policy(np, auto_policy=True)
        self._vnc_lib.virtual_network_delete(fq_name=vn1.get_fq_name())

        self._vnc_lib.security_logging_object_delete(fq_name=slo_obj.get_fq_name())

        # check if vn is deleted
        self.check_vn_is_deleted(uuid=vn1.uuid)