def test_02_use_vpn_port(self):
"""Test create VPN when L2TP port in use"""
# Validate the following
# 1. set a port forward for UDP: 1701 and enable VPN
# 2. set port forward rule for the udp port 1701 over which L2TP works
# 3. port forward should prevent VPN from being enabled
self.debug("Creating a port forwarding rule on port 1701")
# Create NAT rule
nat_rule = NATRule.create(
self.apiclient,
self.virtual_machine,
self.services["natrule"],
self.public_ip.ipaddress.id)
self.debug("Verifying the NAT rule created")
nat_rules = NATRule.list(self.apiclient, id=nat_rule.id, listall=True)
self.assertEqual(isinstance(nat_rules, list),
True,
"List NAT rules should return a valid response")
self.debug("Enabling the VPN connection for IP: %s" %
self.public_ip.ipaddress)
with self.assertRaises(Exception):
self.create_VPN(self.public_ip)
self.debug("Create VPN connection failed! Test successful!")
return
def test_01_create_delete_portforwarding_fornonvpc(self):
"""
@summary: Test to list, create and delete Port Forwarding for
IP Address associated to Non VPC network
@Steps:
Step1: Creating a Network for the user
Step2: Associating an IP Addresses for Network
Step3: Launching Virtual Machine in network created in step 2
Step4: Listing Port Forwarding Rules for the IP Address associated
in Step2
Step5: Verifying that no Port Forwarding Rules are listed
Step6: Creating a Port Forwarding Rule for IP Address associated in
Step2
Step7: Listing Port Forwarding Rules for the IP Address associated in
Step2
Step8: Verifying 1 Port Forwarding Rule is listed
Step9: Deleting the Port Forwarding Rule created in Step6
Step10: Listing Port Forwarding Rules for the IP Address associated in
Step2
Step11: Verifying that no Port Forwarding Rules are listed
"""
# Listing all the Networks's for a user
list_networks_before = Network.list(
self.userapiclient,
listall=self.services["listall"],
type="Isolated"
)
# Verifying No Networks are listed
self.assertIsNone(
list_networks_before,
"Networks listed for newly created User"
)
# Listing Network Offerings
network_offerings_list = NetworkOffering.list(
self.apiClient,
forvpc="false",
guestiptype="Isolated",
state="Enabled",
supportedservices="SourceNat,PortForwarding",
zoneid=self.zone.id
)
status = validateList(network_offerings_list)
self.assertEquals(
PASS,
status[0],
"Isolated Network Offerings with sourceNat,\
PortForwarding enabled are not found"
)
# Creating a network
network = Network.create(
self.userapiclient,
self.services["network"],
accountid=self.account.name,
domainid=self.domain.id,
networkofferingid=network_offerings_list[0].id,
zoneid=self.zone.id
)
self.assertIsNotNone(
network,
"Network creation failed"
)
# Listing all the IP Addresses for a user
list_ipaddresses_before = PublicIPAddress.list(
self.userapiclient,
listall=self.services["listall"]
)
# Verifying no IP Addresses are listed
self.assertIsNone(
list_ipaddresses_before,
"IP Addresses listed for newly created User"
)
# Associating an IP Addresses to Network created
associated_ipaddress = PublicIPAddress.create(
self.userapiclient,
services=self.services["network"],
networkid=network.id
)
self.assertIsNotNone(
associated_ipaddress,
"Failed to Associate IP Address"
)
# Listing all the IP Addresses for a user
list_ipaddresses_after = PublicIPAddress.list(
self.userapiclient,
listall=self.services["listall"]
)
status = validateList(list_ipaddresses_after)
self.assertEquals(
PASS,
status[0],
"IP Addresses Association Failed"
)
# Verifying the length of the list is 1
self.assertEqual(
1,
len(list_ipaddresses_after),
"Number of IP Addresses associated are not matching expected"
)
# Launching a Virtual Machine with above created Network
vm_created = VirtualMachine.create(
self.userapiclient,
self.services["virtual_machine"],
accountid=self.account.name,
domainid=self.account.domainid,
networkids=network.id,
serviceofferingid=self.service_offering.id,
)
self.assertIsNotNone(
vm_created,
"Failed to launch a VM under network created"
)
self.cleanup.append(network)
# Listing Virtual Machines in running state in above created network
list_vms_running = VirtualMachine.list(
self.userapiclient,
listall=self.services["listall"],
state="Running",
networkid=network.id
)
status = validateList(list_vms_running)
self.assertEquals(
PASS,
status[0],
"VM Created is not in Running state"
)
# Verifying the length of the list is 1
self.assertEqual(
1,
len(list_ipaddresses_after),
"VM Created is not in Running state"
)
self.assertEquals(
vm_created.id,
list_vms_running[0].id,
"VM Created is not in Running state"
)
# Listing Virtual Machines in stopped state in above created network
list_vms_stopped = VirtualMachine.list(
self.userapiclient,
listall=self.services["listall"],
state="Stopped",
networkid=network.id
)
# Verifying no VMs are in stopped state
self.assertIsNone(
list_vms_stopped,
"VM Created is in stopped state"
)
# Listing Port Forwarding Rules for the IP Address associated
list_prtfwdrule_before = NATRule.list(
self.userapiclient,
listall=self.services["listall"],
ipaddressid=associated_ipaddress.ipaddress.id
)
# Verifying no port forwarding rules are listed
self.assertIsNone(
list_prtfwdrule_before,
"Port Forwarding Rules listed for newly associated IP Address"
)
# Creating a Port Forwarding rule
portfwd_rule = NATRule.create(
self.userapiclient,
virtual_machine=vm_created,
services=self.services["natrule"],
ipaddressid=associated_ipaddress.ipaddress.id,
)
self.assertIsNotNone(
portfwd_rule,
"Failed to create Port Forwarding Rule"
)
# Verifying details of Sticky Policy created
# Creating expected and actual values dictionaries
expected_dict = {
"ipaddressid": associated_ipaddress.ipaddress.id,
"privateport": str(self.services["natrule"]["privateport"]),
"publicport": str(self.services["natrule"]["publicport"]),
"protocol": str(self.services["natrule"]["protocol"]).lower(),
}
actual_dict = {
"ipaddressid": portfwd_rule.ipaddressid,
"privateport": str(portfwd_rule.privateport),
"publicport": str(portfwd_rule.publicport),
"protocol": portfwd_rule.protocol,
}
portfwd_status = self.__verify_values(
expected_dict,
actual_dict
)
self.assertEqual(
True,
portfwd_status,
"Created Port Forward Rule details are not as expected"
)
# Listing Port Forwarding Rules for the IP Address associated
list_prtfwdrule_after = NATRule.list(
self.userapiclient,
listall=self.services["listall"],
ipaddressid=associated_ipaddress.ipaddress.id
)
status = validateList(list_prtfwdrule_after)
self.assertEquals(
PASS,
status[0],
"Failed to create Port Forwarding Rule"
)
# Verifying the length of the list is 1
self.assertEqual(
1,
len(list_prtfwdrule_after),
"Failed to create Port Forwarding Rule"
)
# Deleting Port Forwarding Rule
portfwd_rule.delete(self.userapiclient)
# Creating a Port Forwarding rule with port range
portfwd_rule = NATRule.create(
self.userapiclient,
virtual_machine=vm_created,
services=self.services["natrulerange"],
ipaddressid=associated_ipaddress.ipaddress.id,
)
self.assertIsNotNone(
portfwd_rule,
"Failed to create Port Forwarding Rule"
)
#update the private port for port forwarding rule
updatefwd_rule = portfwd_rule.update(self.userapiclient,
portfwd_rule.id,
virtual_machine=vm_created,
services=self.services["updatenatrulerange"],
)
# Verifying details of Sticky Policy created
# Creating expected and actual values dictionaries
expected_dict = {
"privateport": str(self.services["updatenatrulerange"]["privateport"]),
"privateendport": str(self.services["updatenatrulerange"]["privateendport"]),
}
actual_dict = {
"privateport": str(updatefwd_rule.privateport),
"privateendport": str(updatefwd_rule.privateendport),
}
portfwd_status = self.__verify_values(
expected_dict,
actual_dict
)
self.assertEqual(
True,
portfwd_status,
"Updated Port Forward Rule details are not as expected"
)
# Deleting Port Forwarding Rule
portfwd_rule.delete(self.userapiclient)
# Listing Port Forwarding Rules for the IP Address associated
list_prtfwdrule_after = NATRule.list(
self.userapiclient,
listall=self.services["listall"],
ipaddressid=associated_ipaddress.ipaddress.id
)
# Verifying no port forwarding rules are listed
self.assertIsNone(
list_prtfwdrule_after,
"Port Forwarding Rules listed after deletion"
)
# Destroying the VM Launched
vm_created.delete(self.apiClient)
self.cleanup.append(self.account)
return
def test_forceDeleteDomain(self):
""" Test delete domain with force option"""
# Steps for validations
# 1. create a domain DOM
# 2. create 2 users under this domain
# 3. deploy 1 VM into each of these user accounts
# 4. create PF / FW rules for port 22 on these VMs for their
# respective accounts
# 5. delete the domain with force=true option
# Validate the following
# 1. listDomains should list the created domain
# 2. listAccounts should list the created accounts
# 3. listvirtualmachines should show the Running VMs
# 4. PF and FW rules should be shown in listFirewallRules
# 5. domain should delete successfully and above three list calls
# should show all the resources now deleted. listRouters should
# not return any routers in the deleted accounts/domains
self.debug("Creating a domain for login with API domain test")
domain = Domain.create(
self.apiclient,
self.services["domain"],
parentdomainid=self.domain.id
)
self.debug("Domain is created succesfully.")
self.debug(
"Checking if the created domain is listed in list domains API")
domains = Domain.list(self.apiclient, id=domain.id, listall=True)
self.assertEqual(
isinstance(domains, list),
True,
"List domains shall return a valid response"
)
self.debug("Creating 2 user accounts in domain: %s" % domain.name)
self.account_1 = Account.create(
self.apiclient,
self.services["account"],
domainid=domain.id
)
self.account_2 = Account.create(
self.apiclient,
self.services["account"],
domainid=domain.id
)
try:
self.debug("Creating a tiny service offering for VM deployment")
self.service_offering = ServiceOffering.create(
self.apiclient,
self.services["service_offering"],
domainid=self.domain.id
)
self.debug("Deploying virtual machine in account 1: %s" %
self.account_1.name)
vm_1 = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
templateid=self.template.id,
accountid=self.account_1.name,
domainid=self.account_1.domainid,
serviceofferingid=self.service_offering.id
)
self.debug("Deploying virtual machine in account 2: %s" %
self.account_2.name)
VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
templateid=self.template.id,
accountid=self.account_2.name,
domainid=self.account_2.domainid,
serviceofferingid=self.service_offering.id
)
networks = Network.list(
self.apiclient,
account=self.account_1.name,
domainid=self.account_1.domainid,
listall=True
)
self.assertEqual(
isinstance(networks, list),
True,
"List networks should return a valid response"
)
network_1 = networks[0]
self.debug("Default network in account 1: %s is %s" % (
self.account_1.name,
network_1.name))
src_nat_list = PublicIPAddress.list(
self.apiclient,
associatednetworkid=network_1.id,
account=self.account_1.name,
domainid=self.account_1.domainid,
listall=True,
issourcenat=True,
)
self.assertEqual(
isinstance(src_nat_list, list),
True,
"List Public IP should return a valid source NAT"
)
self.assertNotEqual(
len(src_nat_list),
0,
"Length of response from listPublicIp should not be 0"
)
src_nat = src_nat_list[0]
self.debug(
"Trying to create a port forwarding rule in source NAT: %s" %
src_nat.ipaddress)
#Create NAT rule
nat_rule = NATRule.create(
self.apiclient,
vm_1,
self.services["natrule"],
ipaddressid=src_nat.id
)
self.debug("Created PF rule on source NAT: %s" % src_nat.ipaddress)
nat_rules = NATRule.list(self.apiclient, id=nat_rule.id)
self.assertEqual(
isinstance(nat_rules, list),
True,
"List NAT should return a valid port forwarding rules"
)
self.assertNotEqual(
len(nat_rules),
0,
"Length of response from listLbRules should not be 0"
)
except Exception as e:
self._cleanup.append(self.account_1)
self._cleanup.append(self.account_2)
self.fail(e)
self.debug("Deleting domain with force option")
try:
domain.delete(self.apiclient, cleanup=True)
except Exception as e:
self.debug("Waiting for account.cleanup.interval" +
" to cleanup any remaining resouces")
# Sleep 3*account.gc to ensure that all resources are deleted
wait_for_cleanup(self.apiclient, ["account.cleanup.interval"]*3)
with self.assertRaises(CloudstackAPIException):
Domain.list(
self.apiclient,
id=domain.id,
listall=True
)
self.debug("Checking if the resources in domain are deleted")
with self.assertRaises(CloudstackAPIException):
Account.list(
self.apiclient,
name=self.account_1.name,
domainid=self.account_1.domainid,
listall=True
)
return
def test_01_create_delete_portforwarding_fornonvpc(self):
"""
@summary: Test to list, create and delete Port Forwarding for
IP Address associated to Non VPC network
@Steps:
Step1: Creating a Network for the user
Step2: Associating an IP Addresses for Network
Step3: Launching Virtual Machine in network created in step 2
Step4: Listing Port Forwarding Rules for the IP Address associated
in Step2
Step5: Verifying that no Port Forwarding Rules are listed
Step6: Creating a Port Forwarding Rule for IP Address associated in
Step2
Step7: Listing Port Forwarding Rules for the IP Address associated in
Step2
Step8: Verifying 1 Port Forwarding Rule is listed
Step9: Deleting the Port Forwarding Rule created in Step6
Step10: Listing Port Forwarding Rules for the IP Address associated in
Step2
Step11: Verifying that no Port Forwarding Rules are listed
"""
# Listing all the Networks's for a user
list_networks_before = Network.list(
self.userapiclient,
listall=self.services["listall"],
type="Isolated"
)
# Verifying No Networks are listed
self.assertIsNone(
list_networks_before,
"Networks listed for newly created User"
)
# Listing Network Offerings
network_offerings_list = NetworkOffering.list(
self.apiClient,
forvpc="false",
guestiptype="Isolated",
state="Enabled",
supportedservices="SourceNat,PortForwarding",
zoneid=self.zone.id
)
status = validateList(network_offerings_list)
self.assertEqual(
PASS,
status[0],
"Isolated Network Offerings with sourceNat,\
PortForwarding enabled are not found"
)
# Creating a network
network = Network.create(
self.userapiclient,
self.services["network"],
accountid=self.account.name,
domainid=self.domain.id,
networkofferingid=network_offerings_list[0].id,
zoneid=self.zone.id
)
self.assertIsNotNone(
network,
"Network creation failed"
)
# Listing all the IP Addresses for a user
list_ipaddresses_before = PublicIPAddress.list(
self.userapiclient,
listall=self.services["listall"]
)
# Verifying no IP Addresses are listed
self.assertIsNone(
list_ipaddresses_before,
"IP Addresses listed for newly created User"
)
service_offering = ServiceOffering.create(
self.apiClient,
self.services["service_offerings"]["tiny"],
)
self.services["virtual_machine"]["zoneid"] = self.zone.id
vm = VirtualMachine.create(
self.userapiclient,
self.services["virtual_machine"],
accountid=self.account.name,
domainid=self.account.domainid,
networkids=network.id,
serviceofferingid=service_offering.id
)
VirtualMachine.delete(vm, self.apiClient, expunge=True)
# Associating an IP Addresses to Network created
associated_ipaddress = PublicIPAddress.create(
self.userapiclient,
services=self.services["network"],
networkid=network.id
)
self.assertIsNotNone(
associated_ipaddress,
"Failed to Associate IP Address"
)
# Listing all the IP Addresses for a user
list_ipaddresses_after = PublicIPAddress.list(
self.userapiclient,
listall=self.services["listall"]
)
status = validateList(list_ipaddresses_after)
self.assertEqual(
PASS,
status[0],
"IP Addresses Association Failed"
)
# Verifying the length of the list is 2
self.assertEqual(
2,
len(list_ipaddresses_after),
"Number of IP Addresses associated are not matching expected"
)
# Launching a Virtual Machine with above created Network
vm_created = VirtualMachine.create(
self.userapiclient,
self.services["virtual_machine"],
accountid=self.account.name,
domainid=self.account.domainid,
networkids=network.id,
serviceofferingid=self.service_offering.id,
)
self.assertIsNotNone(
vm_created,
"Failed to launch a VM under network created"
)
self.cleanup.append(network)
# Listing Virtual Machines in running state in above created network
list_vms_running = VirtualMachine.list(
self.userapiclient,
listall=self.services["listall"],
state="Running",
networkid=network.id
)
status = validateList(list_vms_running)
self.assertEqual(
PASS,
status[0],
"VM Created is not in Running state"
)
# Verifying the length of the list is 2
self.assertEqual(
2,
len(list_ipaddresses_after),
"VM Created is not in Running state"
)
self.assertEqual(
vm_created.id,
list_vms_running[0].id,
"VM Created is not in Running state"
)
# Listing Virtual Machines in stopped state in above created network
list_vms_stopped = VirtualMachine.list(
self.userapiclient,
listall=self.services["listall"],
state="Stopped",
networkid=network.id
)
# Verifying no VMs are in stopped state
self.assertIsNone(
list_vms_stopped,
"VM Created is in stopped state"
)
# Listing Port Forwarding Rules for the IP Address associated
list_prtfwdrule_before = NATRule.list(
self.userapiclient,
listall=self.services["listall"],
ipaddressid=associated_ipaddress.ipaddress.id
)
# Verifying no port forwarding rules are listed
self.assertIsNone(
list_prtfwdrule_before,
"Port Forwarding Rules listed for newly associated IP Address"
)
# Creating a Port Forwarding rule
portfwd_rule = NATRule.create(
self.userapiclient,
virtual_machine=vm_created,
services=self.services["natrule"],
ipaddressid=associated_ipaddress.ipaddress.id,
)
self.assertIsNotNone(
portfwd_rule,
"Failed to create Port Forwarding Rule"
)
# Verifying details of Sticky Policy created
# Creating expected and actual values dictionaries
expected_dict = {
"ipaddressid": associated_ipaddress.ipaddress.id,
"privateport": str(self.services["natrule"]["privateport"]),
"publicport": str(self.services["natrule"]["publicport"]),
"protocol": str(self.services["natrule"]["protocol"]).lower(),
}
actual_dict = {
"ipaddressid": portfwd_rule.ipaddressid,
"privateport": str(portfwd_rule.privateport),
"publicport": str(portfwd_rule.publicport),
"protocol": portfwd_rule.protocol,
}
portfwd_status = self.__verify_values(
expected_dict,
actual_dict
)
self.assertEqual(
True,
portfwd_status,
"Created Port Forward Rule details are not as expected"
)
# Listing Port Forwarding Rules for the IP Address associated
list_prtfwdrule_after = NATRule.list(
self.userapiclient,
listall=self.services["listall"],
ipaddressid=associated_ipaddress.ipaddress.id
)
status = validateList(list_prtfwdrule_after)
self.assertEqual(
PASS,
status[0],
"Failed to create Port Forwarding Rule"
)
# Verifying the length of the list is 1
self.assertEqual(
1,
len(list_prtfwdrule_after),
"Failed to create Port Forwarding Rule"
)
# Deleting Port Forwarding Rule
portfwd_rule.delete(self.userapiclient)
# Creating a Port Forwarding rule with port range
portfwd_rule = NATRule.create(
self.userapiclient,
virtual_machine=vm_created,
services=self.services["natrulerange"],
ipaddressid=associated_ipaddress.ipaddress.id,
)
self.assertIsNotNone(
portfwd_rule,
"Failed to create Port Forwarding Rule"
)
# update the private port for port forwarding rule
updatefwd_rule = portfwd_rule.update(self.userapiclient,
portfwd_rule.id,
virtual_machine=vm_created,
services=self.services["updatenatrulerange"],
)
# Verifying details of Sticky Policy created
# Creating expected and actual values dictionaries
expected_dict = {
"privateport": str(self.services["updatenatrulerange"]["privateport"]),
"privateendport": str(self.services["updatenatrulerange"]["privateendport"]),
}
actual_dict = {
"privateport": str(updatefwd_rule.privateport),
"privateendport": str(updatefwd_rule.privateendport),
}
portfwd_status = self.__verify_values(
expected_dict,
actual_dict
)
self.assertEqual(
True,
portfwd_status,
"Updated Port Forward Rule details are not as expected"
)
# Deleting Port Forwarding Rule
portfwd_rule.delete(self.userapiclient)
# Listing Port Forwarding Rules for the IP Address associated
list_prtfwdrule_after = NATRule.list(
self.userapiclient,
listall=self.services["listall"],
ipaddressid=associated_ipaddress.ipaddress.id
)
# Verifying no port forwarding rules are listed
self.assertIsNone(
list_prtfwdrule_after,
"Port Forwarding Rules listed after deletion"
)
# Destroying the VM Launched
vm_created.delete(self.apiClient)
self.cleanup.append(self.account)
return
def test_02_network_off_with_conserve_mode(self):
"""Test Network offering with Conserve mode ON and VR - All services
"""
# Validate the following
# 1. Create a Network from the above network offering and deploy a VM.
# 2. On source NAT ipaddress, we should be allowed to add a LB rules
# 3. On source NAT ipaddress, we should be allowed to add a PF rules
# 4. On source NAT ipaddress, we should be allowed to add a Firewall
# rules
# 5. On an ipaddress that has Lb rules, we should be allowed to
# program PF rules.
# 6. We should be allowed to program multiple PF rules on the same Ip
# address on different public ports.
# 7. We should be allowed to program multiple LB rules on the same Ip
# address for different public port ranges.
# 8. On source NAT ipaddress, we should be allowed to Enable VPN
# access.
# Create a network offering with all virtual router services enabled
self.debug(
"Creating n/w offering with all services in VR & conserve mode:off"
)
self.network_offering = NetworkOffering.create(
self.api_client,
self.services["network_offering"],
conservemode=True
)
self.cleanup.append(self.network_offering)
self.debug("Created n/w offering with ID: %s" %
self.network_offering.id)
# Enable Network offering
self.network_offering.update(self.apiclient, state='Enabled')
# Creating network using the network offering created
self.debug("Creating network with network offering: %s" %
self.network_offering.id)
self.network = Network.create(
self.apiclient,
self.services["network"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=self.network_offering.id,
zoneid=self.zone.id
)
self.debug("Created network with ID: %s" % self.network.id)
self.debug("Deploying VM in account: %s" % self.account.name)
# Spawn an instance in that network
virtual_machine = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id,
networkids=[str(self.network.id)]
)
self.debug("Deployed VM in network: %s" % self.network.id)
src_nat_list = PublicIPAddress.list(
self.apiclient,
associatednetworkid=self.network.id,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
)
self.assertEqual(
isinstance(src_nat_list, list),
True,
"List Public IP should return a valid source NAT"
)
self.assertNotEqual(
len(src_nat_list),
0,
"Length of response from listPublicIp should not be 0"
)
src_nat = src_nat_list[0]
self.debug("Trying to create LB rule on source NAT IP: %s" %
src_nat.ipaddress)
# Create Load Balancer rule with source NAT
lb_rule = LoadBalancerRule.create(
self.apiclient,
self.services["lbrule"],
ipaddressid=src_nat.id,
accountid=self.account.name
)
self.debug("Created LB rule on source NAT: %s" % src_nat.ipaddress)
lb_rules = LoadBalancerRule.list(
self.apiclient,
id=lb_rule.id
)
self.assertEqual(
isinstance(lb_rules, list),
True,
"List lb rules should return a valid lb rules"
)
self.assertNotEqual(
len(lb_rules),
0,
"Length of response from listLbRules should not be 0"
)
self.debug(
"Trying to create a port forwarding rule in source NAT: %s" %
src_nat.ipaddress)
#Create NAT rule
nat_rule = NATRule.create(
self.apiclient,
virtual_machine,
self.services["natrule"],
ipaddressid=src_nat.id
)
self.debug("Created PF rule on source NAT: %s" % src_nat.ipaddress)
nat_rules = NATRule.list(
self.apiclient,
id=nat_rule.id
)
self.assertEqual(
isinstance(nat_rules, list),
True,
"List NAT should return a valid port forwarding rules"
)
self.assertNotEqual(
len(nat_rules),
0,
"Length of response from listLbRules should not be 0"
)
self.debug("Creating firewall rule on source NAT: %s" %
src_nat.ipaddress)
#Create Firewall rule on source NAT
fw_rule = FireWallRule.create(
self.apiclient,
ipaddressid=src_nat.id,
protocol='TCP',
cidrlist=[self.services["fw_rule"]["cidr"]],
startport=self.services["fw_rule"]["startport"],
endport=self.services["fw_rule"]["endport"]
)
self.debug("Created firewall rule: %s" % fw_rule.id)
fw_rules = FireWallRule.list(
self.apiclient,
id=fw_rule.id
)
self.assertEqual(
isinstance(fw_rules, list),
True,
"List fw rules should return a valid firewall rules"
)
self.assertNotEqual(
len(fw_rules),
0,
"Length of fw rules response should not be zero"
)
self.debug("Associating public IP for network: %s" % self.network.id)
public_ip = PublicIPAddress.create(
self.apiclient,
accountid=self.account.name,
zoneid=self.zone.id,
domainid=self.account.domainid,
networkid=self.network.id
)
self.debug("Associated %s with network %s" % (
public_ip.ipaddress,
self.network.id
))
self.debug("Creating PF rule for IP address: %s" %
public_ip.ipaddress)
NATRule.create(
self.apiclient,
virtual_machine,
self.services["natrule"],
ipaddressid=public_ip.ipaddress.id
)
self.debug("Trying to create LB rule on IP with NAT: %s" %
public_ip.ipaddress)
# Create Load Balancer rule on IP already having NAT rule
lb_rule = LoadBalancerRule.create(
self.apiclient,
self.services["lbrule"],
ipaddressid=public_ip.ipaddress.id,
accountid=self.account.name
)
self.debug("Creating PF rule with public port: 66")
nat_rule = NATRule.create(
self.apiclient,
virtual_machine,
self.services["natrule_port_66"],
ipaddressid=public_ip.ipaddress.id
)
# Check if NAT rule created successfully
nat_rules = NATRule.list(
self.apiclient,
id=nat_rule.id
)
self.assertEqual(
isinstance(nat_rules, list),
True,
"List NAT rules should return valid list"
)
self.debug("Creating LB rule with public port: 2221")
lb_rule = LoadBalancerRule.create(
self.apiclient,
self.services["lbrule_port_2221"],
ipaddressid=public_ip.ipaddress.id,
accountid=self.account.name
)
# Check if NAT rule created successfully
lb_rules = LoadBalancerRule.list(
self.apiclient,
id=lb_rule.id
)
self.assertEqual(
isinstance(lb_rules, list),
True,
"List LB rules should return valid list"
)
# User should be able to enable VPN on source NAT
self.debug("Created VPN with source NAT IP: %s" % src_nat.ipaddress)
# Assign VPN to source NAT
Vpn.create(
self.apiclient,
src_nat.id,
account=self.account.name,
domainid=self.account.domainid
)
vpns = Vpn.list(
self.apiclient,
publicipid=src_nat.id,
listall=True,
)
self.assertEqual(
isinstance(vpns, list),
True,
"List VPNs should return a valid VPN list"
)
self.assertNotEqual(
len(vpns),
0,
"Length of list VPN response should not be zero"
)
return
def test_07_associate_public_ip(self):
"""Test associate public IP within the project
"""
# Validate the following
# 1. Create a project
# 2. Add some public Ips to the project
# 3. Verify public IP assigned can only used to create PF/LB rules
# inside project
networks = Network.list(self.apiclient, projectid=self.project.id, listall=True)
self.assertEqual(isinstance(networks, list), True, "Check list networks response returns a valid response")
self.assertNotEqual(len(networks), 0, "Check list networks response returns a valid network")
network = networks[0]
self.debug("Associating public IP for project: %s" % self.project.id)
public_ip = PublicIPAddress.create(
self.apiclient,
zoneid=self.virtual_machine.zoneid,
services=self.services["server"],
networkid=network.id,
projectid=self.project.id,
)
self.cleanup.append(public_ip)
# Create NAT rule
self.debug("Creating a NAT rule within project, VM ID: %s" % self.virtual_machine.id)
nat_rule = NATRule.create(
self.apiclient,
self.virtual_machine,
self.services["natrule"],
public_ip.ipaddress.id,
projectid=self.project.id,
)
self.debug("created a NAT rule with ID: %s" % nat_rule.id)
nat_rule_response = NATRule.list(self.apiclient, id=nat_rule.id)
self.assertEqual(isinstance(nat_rule_response, list), True, "Check list response returns a valid list")
self.assertNotEqual(len(nat_rule_response), 0, "Check Port Forwarding Rule is created")
self.assertEqual(nat_rule_response[0].id, nat_rule.id, "Check Correct Port forwarding Rule is returned")
# Create Load Balancer rule and assign VMs to rule
self.debug("Created LB rule for public IP: %s" % public_ip.ipaddress)
lb_rule = LoadBalancerRule.create(
self.apiclient, self.services["lbrule"], public_ip.ipaddress.id, projectid=self.project.id
)
self.debug("Assigning VM: %s to LB rule: %s" % (self.virtual_machine.name, lb_rule.id))
lb_rule.assign(self.apiclient, [self.virtual_machine])
lb_rules = list_lb_rules(self.apiclient, id=lb_rule.id)
self.assertEqual(isinstance(lb_rules, list), True, "Check list response returns a valid list")
# verify listLoadBalancerRules lists the added load balancing rule
self.assertNotEqual(len(lb_rules), 0, "Check Load Balancer Rule in its List")
self.assertEqual(lb_rules[0].id, lb_rule.id, "Check List Load Balancer Rules returns valid Rule")
# Create Firewall rule with configurations from settings file
fw_rule = FireWallRule.create(
self.apiclient,
ipaddressid=public_ip.ipaddress.id,
protocol="TCP",
cidrlist=[self.services["fw_rule"]["cidr"]],
startport=self.services["fw_rule"]["startport"],
endport=self.services["fw_rule"]["endport"],
projectid=self.project.id,
)
self.debug("Created firewall rule: %s" % fw_rule.id)
# After Router start, FW rule should be in Active state
fw_rules = FireWallRule.list(self.apiclient, id=fw_rule.id)
self.assertEqual(isinstance(fw_rules, list), True, "Check for list FW rules response return valid data")
self.assertEqual(fw_rules[0].state, "Active", "Check list load balancing rules")
self.assertEqual(
fw_rules[0].startport, str(self.services["fw_rule"]["startport"]), "Check start port of firewall rule"
)
self.assertEqual(
fw_rules[0].endport, str(self.services["fw_rule"]["endport"]), "Check end port of firewall rule"
)
self.debug("Deploying VM for account: %s" % self.account.name)
virtual_machine_1 = VirtualMachine.create(
self.apiclient,
self.services["server"],
templateid=self.template.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id,
)
self.cleanup.append(virtual_machine_1)
self.debug("VM state after deploy: %s" % virtual_machine_1.state)
# Verify VM state
self.assertEqual(virtual_machine_1.state, "Running", "Check VM state is Running or not")
self.debug("Creating NAT rule for VM (ID: %s) outside project" % virtual_machine_1.id)
with self.assertRaises(Exception):
NATRule.create(self.apiclient, virtual_machine_1, self.services["natrule"], public_ip.ipaddress.id)
self.debug("Creating LB rule for public IP: %s outside project" % public_ip.ipaddress)
with self.assertRaises(Exception):
LoadBalancerRule.create(
self.apiclient, self.services["lbrule"], public_ip.ipaddress.id, accountid=self.account.name
)
return
