def test_default_security_group_bridge_port_nondef_netpart(self): kwargs = { 'gatewayvlan': self.gatewayvlans[6][0]['ID'], 'port': None, 'subnet': self.nondef_subnet['id'], 'tenant': self.client.tenant_id } body = self.client.create_gateway_vport(**kwargs) vport = body['nuage_gateway_vport'] self.gatewayvports.append(vport) gw_vport = self.nuage_client.get_host_vport(vport['id']) self.verify_vport_properties(gw_vport[0], vport, self.nondef_network['id']) body = self.admin_client.list_gateway_vport(self.nondef_subnet['id']) vports = body['nuage_gateway_vports'] found_vport = False for vport in vports: if vport['name'] == gw_vport[0]['name']: found_vport = True self.verify_vport_properties(gw_vport[0], vport, self.nondef_network['id']) if not found_vport: assert False, "Bridge Vport not found" l3domain = self.nuage_client.get_l3domain( filters='externalID', filter_values=self.nondef_router['id'], netpart_name=self.nondef_netpart['name']) default_pg = self.nuage_client.get_policygroup(n_constants.DOMAIN, l3domain[0]['ID']) self.assertEqual( n_constants.NUAGE_PLCY_GRP_ALLOW_ALL if Topology.has_unified_pg_for_all_support() else 'defaultPG-VRSG-BRIDGE-' + vport['subnet'], default_pg[0]['name']) vports_from_pg = self.nuage_client.get_vport(n_constants.POLICYGROUP, default_pg[0]['ID']) for vport_from_pg in vports_from_pg: if vport_from_pg['name'] == vport['name']: break else: self.fail("Can't find Vport {} under the policy group {}".format( vport['name'], default_pg[0]['name'])) nuage_eacl_template = self.nuage_client.get_egressacl_template( n_constants.DOMAIN, l3domain[0]['ID']) nuage_eacl_entrytemplate = \ self.nuage_client.get_egressacl_entrytemplate( n_constants.EGRESS_ACL_TEMPLATE, nuage_eacl_template[0]['ID']) vport_tp_pg_mapping = False for nuage_eacl_entry in nuage_eacl_entrytemplate: if nuage_eacl_entry['locationID'] == default_pg[0]['ID']: self.assertEqual(nuage_eacl_entry['networkType'], 'ANY') self.assertEqual(nuage_eacl_entry['locationType'], 'POLICYGROUP') vport_tp_pg_mapping = True if vport_tp_pg_mapping is False: assert False, "Bridge Vport not found in default PG"
def _validate_policygroup(self, topology, pg_name=None, vport_num=1): if topology.normal_port is not None or self.is_dhcp_agent_present(): expected_pgs = 2 # Expecting software + hardware else: expected_pgs = 1 # Expecting only hardware if not Topology.has_unified_pg_for_all_support(): if self.is_dhcp_agent_present(): expected_pgs += 1 # Extra PG for dhcp agent # Repeated check in case of agent for attempt in range(Topology.nbr_retries_for_test_robustness): if len(topology.get_vsd_policygroups( True)) == expected_pgs: break else: LOG.error("Unexpected amount of PGs found, " "expected {} found {} " "(attempt {})".format( expected_pgs, len(topology.vsd_policygroups), attempt + 1)) time.sleep(1) self.assertThat(topology.get_vsd_policygroups(True), matchers.HasLength(expected_pgs), message="Unexpected amount of PGs found") for pg in topology.vsd_policygroups: if pg['type'] == 'HARDWARE': vsd_policygroup = pg break else: self.fail("Could not find HARDWARE policy group.") self.assertThat(vsd_policygroup['type'], matchers.Equals('HARDWARE')) if Topology.has_unified_pg_for_all_support(): if pg_name: self.assertEqual(pg_name, vsd_policygroup['name']) self.assertEqual(pg_name, vsd_policygroup['description']) self.assertEqual( "hw:" + (ExternalId( constants.NUAGE_PLCY_GRP_ALLOW_ALL).at_cms_id()), vsd_policygroup['externalID']) else: self.assertEqual(topology.security_group['id'] + "_HARDWARE", vsd_policygroup['name']) self.assertEqual(topology.security_group['name'], vsd_policygroup['description']) self.assertEqual( "hw:" + (ExternalId(topology.security_group['id']).at_cms_id()), vsd_policygroup['externalID']) vsd_pg_vports = self.vsd_client.get_vport(constants.POLICYGROUP, vsd_policygroup['ID']) self.assertThat(vsd_pg_vports, matchers.HasLength(vport_num), message="Expected to find exactly {} " "vport in PG".format(vport_num)) for vsd_pg_vport in vsd_pg_vports: if vsd_pg_vport['ID'] == topology.vsd_baremetal_vport['ID']: break else: self.fail("Vport should be part of HARDWARE PG") else: if pg_name: self.assertThat(vsd_policygroup['name'], matchers.Contains(pg_name)) vsd_pg_vports = self.vsd_client.get_vport(constants.POLICYGROUP, vsd_policygroup['ID']) self.assertThat(vsd_pg_vports, matchers.HasLength(1), message="Expected to find exactly 1 vport in PG") self.assertThat(vsd_pg_vports[0]['ID'], matchers.Equals( topology.vsd_baremetal_vport['ID']), message="Vport should be part of HARDWARE PG")
class BaremetalPortsTest(network_mixin.NetworkMixin, l3.L3Mixin, sg_mixin.SGMixin): credentials = ['admin'] personality = 'VSG' PG_NAME = (constants.NUAGE_PLCY_GRP_ALLOW_ALL_HW if Topology.has_unified_pg_for_all_support() else 'PG_FOR_LESS_SECURITY') @classmethod def setUpClass(cls): super(BaremetalPortsTest, cls).setUpClass() if (CONF.nuage_sut.nuage_baremetal_driver == constants.BAREMETAL_DRIVER_BRIDGE): cls.expected_vport_type = constants.VPORT_TYPE_BRIDGE elif (CONF.nuage_sut.nuage_baremetal_driver == constants.BAREMETAL_DRIVER_HOST): cls.expected_vport_type = constants.VPORT_TYPE_HOST else: raise Exception("Unexpected configuration of " "'nuage_baremetal_driver'") cls.expected_vlan_normal = 0 cls.expected_vlan_transparent = 4095 @classmethod def skip_checks(cls): super(BaremetalPortsTest, cls).skip_checks() if not CONF.service_available.neutron: # this check prevents this test to be run in unittests raise cls.skipException("Neutron support is required") @classmethod def setup_clients(cls): super(BaremetalPortsTest, cls).setup_clients() cls.vsd_client = NuageRestClient() @classmethod def resource_setup(cls): super(BaremetalPortsTest, cls).resource_setup() # Only gateway here, to support parallel testing each tests makes its # own gateway port so no VLAN overlap should occur. cls.gateway = cls.vsd_client.create_gateway( data_utils.rand_name(name='vsg'), data_utils.rand_name(name='sys_id'), cls.personality)[0] @classmethod def resource_cleanup(cls): super(BaremetalPortsTest, cls).resource_cleanup() cls.vsd_client.delete_gateway(cls.gateway['ID']) def setUp(self): super(BaremetalPortsTest, self).setUp() gw_port_name = data_utils.rand_name(name='gw-port') self.gw_port = self.vsd_client.create_gateway_port( gw_port_name, gw_port_name, 'ACCESS', self.gateway['ID'], extra_params={'VLANRange': '0-4095'})[0] self.binding_data = { 'binding:vnic_type': 'baremetal', 'binding:host_id': 'dummy', 'binding:profile': { "local_link_information": [{ "port_id": self.gw_port['name'], "switch_info": self.gateway['systemID'] }] } } gw_port_name1 = data_utils.rand_name(name='gw-port') self.gw_port1 = self.vsd_client.create_gateway_port( gw_port_name1, gw_port_name1, 'ACCESS', self.gateway['ID'], extra_params={'VLANRange': '0-4095'})[0] self.binding_data1 = { 'binding:vnic_type': 'baremetal', 'binding:host_id': 'dummy', 'binding:profile': { "local_link_information": [{ "port_id": self.gw_port1['name'], "switch_info": self.gateway['systemID'] }] } } def test_baremetal_port_l3_create(self): topology = self._create_topology(with_router=True) self._test_baremetal_port(topology, update=False) @testtools.skipUnless(Topology.has_vlan_transparency_support(), 'Test skipped as no vlan transparency supported') def test_baremetal_port_l3_create_vlan_transparent(self): topology = self._create_topology(with_router=True, vlan_transparent=True) self._test_baremetal_port(topology, update=False, vlan_transparent=True) @decorators.attr(type='smoke') def test_baremetal_port_l3_update(self): topology = self._create_topology(with_router=True) self._test_baremetal_port(topology, update=True) @testtools.skipUnless(Topology.has_vlan_transparency_support(), 'Test skipped as no vlan transparency supported') def test_baremetal_port_l3_update_vlan_transparent(self): topology = self._create_topology(with_router=True, vlan_transparent=True) self._test_baremetal_port(topology, update=True, vlan_transparent=True) @decorators.attr(type='smoke') def test_baremetal_port_l2_create(self): topology = self._create_topology(with_router=False) self._test_baremetal_port(topology, update=False) @decorators.attr(type='smoke') def test_baremetal_port_l2_create_vlan_transparent(self): topology = self._create_topology(with_router=False, vlan_transparent=True) self._test_baremetal_port(topology, update=False, vlan_transparent=True) def test_baremetal_port_l2_update(self): topology = self._create_topology(with_router=False) self._test_baremetal_port(topology, update=True) def test_baremetal_port_l2_update_vlan_transparent(self): topology = self._create_topology(with_router=False, vlan_transparent=True) self._test_baremetal_port(topology, update=True, vlan_transparent=True) @testtools.skip("Currently unknown how to trigger vport resolution") def test_router_attach(self): topology = self._create_topology(with_router=False) port = self.create_port(topology.network['id'], **self.binding_data) topology.baremetal_port = port with self.router(attached_subnets=[topology.subnet['id']]) as router: topology.router = router self._validate_vsd(topology) @testtools.skip("Currently not supported") def test_port_dhcp_opts_create(self): topology = self._create_topology() data = { 'security_groups': [topology.security_group['id']], 'extra_dhcp_opts': [{ 'opt_name': 'tftp-server', 'opt_value': '192.168.0.3' }] } data.update(self.binding_data) baremetal_port = self.create_port(topology.network['id'], **data) # Workaround for https://bugs.launchpad.net/neutron/+bug/1698852 topology.baremetal_port = self.get_port(baremetal_port['id']) self._validate_dhcp_option(topology) @testtools.skip("Currently not supported") def test_port_dhcp_opts_update(self): topology = self._create_topology() create_data = {'security_groups': [topology.security_group['id']]} create_data.update(self.binding_data) data = { 'extra_dhcp_opts': [{ 'opt_name': 'tftp-server', 'opt_value': '192.168.0.3' }] } baremetal_port = self.create_port(topology.network['id'], **create_data) baremetal_port = self.update_port(baremetal_port['id'], **data) topology.baremetal_port = baremetal_port self._validate_dhcp_option(topology) @decorators.attr(type='negative') def test_fail_create_with_default_sg(self): topology = self._create_topology() # Creating baremetal port with default sg should fail # as it has rules with remote-group-id self.assertRaises(lib_exc.BadRequest, self.create_port, topology.network['id'], **self.binding_data) @decorators.attr(type='negative') def test_fail_create_with_sg_used_by_vm(self): topology = self._create_topology(with_router=True, with_port=True) # update a normal port with binding and sg # this will result in port binding data = { 'security_groups': [topology.security_group['id']], 'device_owner': 'compute:nova', 'device_id': topology.normal_port['id'], 'binding:host_id': 'dummy' } self.update_port(topology.normal_port['id'], **data) self.assertRaises(lib_exc.BadRequest, self.create_port, topology.network['id'], **self.binding_data) data = {'security_groups': []} self.update_port(topology.normal_port['id'], **data) @decorators.attr(type='negative') def test_fail_create_with_non_existent_gw(self): topology = self._create_topology() data = { 'security_groups': [topology.security_group['id']], 'binding:vnic_type': 'baremetal', 'binding:host_id': 'dummy', 'binding:profile': { "local_link_information": [{ "port_id": self.gw_port['name'], "switch_info": '123.123.123.123' }] } } self.assertRaises(lib_exc.BadRequest, self.create_port, topology.network['id'], **data) @decorators.attr(type='negative') def test_fail_create_with_non_existent_port(self): topology = self._create_topology() data = { 'security_groups': [topology.security_group['id']], 'binding:vnic_type': 'baremetal', 'binding:host_id': 'dummy', 'binding:profile': { "local_link_information": [{ "port_id": data_utils.rand_name(name='gw-port'), "switch_info": self.gateway['systemID'] }] } } self.assertRaises(lib_exc.BadRequest, self.create_port, topology.network['id'], **data) @decorators.attr(type='smoke') def test_l2_create_without_psec(self): topology = self._create_topology() create_data = { 'port_security_enabled': False, 'binding:vnic_type': 'baremetal', 'binding:host_id': 'dummy', 'binding:profile': { "local_link_information": [{ "port_id": self.gw_port['name'], "switch_info": self.gateway['systemID'] }] } } baremetal_port = self.create_port(topology.network['id'], **create_data) topology.baremetal_port = baremetal_port self._validate_baremetal_vport(topology) self._validate_vlan(topology, vlan_transparent=False) self._validate_interface(topology) if Topology.is_v5: self._validate_policygroup(topology, self.PG_NAME) else: # Add normal port and check there are two PG_ALLOW_ALL # (software and hardware) create_data = {'port_security_enabled': False} topology.normal_port = self.create_port(topology.network['id'], **create_data) self._validate_policygroup(topology, pg_name=self.PG_NAME) create_data = { 'port_security_enabled': False, 'binding:vnic_type': 'baremetal', 'binding:host_id': 'dummy', 'binding:profile': { "local_link_information": [{ "port_id": self.gw_port1['name'], "switch_info": self.gateway['systemID'] }] } } topology.baremetal_port = self.create_port(topology.network['id'], **create_data) self._validate_policygroup(topology, pg_name=self.PG_NAME, vport_num=2) @decorators.attr(type='smoke') def test_l2_update_without_psec(self): topology = self._create_topology() create_data = { 'port_security_enabled': False, 'binding:vnic_type': 'baremetal', } baremetal_port = self.create_port(topology.network['id'], **create_data) update_data = { 'binding:host_id': 'dummy', 'binding:profile': { "local_link_information": [{ "port_id": self.gw_port['name'], "switch_info": self.gateway['systemID'] }] } } baremetal_port = self.update_port(baremetal_port['id'], **update_data) topology.baremetal_port = baremetal_port self._validate_baremetal_vport(topology) self._validate_vlan(topology, vlan_transparent=False) self._validate_interface(topology) self._validate_policygroup(topology, pg_name=self.PG_NAME) @testtools.skipIf(Topology.is_v5, 'Skipping in 5.x - test was added for refactored ' 'PG_FOR_LESS_SECURITY and sriov defaultPG in 6.0') @decorators.attr(type='smoke') def test_l3_create_without_psec(self): topology = self._create_topology(with_router=True) create_data = { 'port_security_enabled': False, 'binding:vnic_type': 'baremetal', 'binding:host_id': 'dummy', 'binding:profile': { "local_link_information": [{ "port_id": self.gw_port['name'], "switch_info": self.gateway['systemID'] }] } } baremetal_port = self.create_port(topology.network['id'], **create_data) topology.baremetal_port = baremetal_port self._validate_baremetal_vport(topology) self._validate_vlan(topology, vlan_transparent=False) self._validate_interface(topology) # Add normal port and check there are two PG_ALLOW_ALL # (software and hardware) create_data = {'port_security_enabled': False} topology.normal_port = self.create_port(topology.network['id'], **create_data) self._validate_policygroup( topology, pg_name=constants.NUAGE_PLCY_GRP_ALLOW_ALL_HW) create_data = { 'port_security_enabled': False, 'binding:vnic_type': 'baremetal', 'binding:host_id': 'dummy', 'binding:profile': { "local_link_information": [{ "port_id": self.gw_port1['name'], "switch_info": self.gateway['systemID'] }] } } topology.baremetal_port = self.create_port(topology.network['id'], **create_data) self._validate_policygroup( topology, pg_name=constants.NUAGE_PLCY_GRP_ALLOW_ALL_HW, vport_num=2) @testtools.skipIf(Topology.is_v5, 'Skipping in 5.x - test was added for refactored ' 'PG_FOR_LESS_SECURITY and sriov defaultPG in 6.0') @decorators.attr(type='smoke') def test_l3_update_without_psec(self): topology = self._create_topology(with_router=True) create_data = { 'port_security_enabled': False, 'binding:vnic_type': 'baremetal', } baremetal_port = self.create_port(topology.network['id'], **create_data) update_data = { 'binding:host_id': 'dummy', 'binding:profile': { "local_link_information": [{ "port_id": self.gw_port['name'], "switch_info": self.gateway['systemID'] }] } } baremetal_port = self.update_port(baremetal_port['id'], **update_data) topology.baremetal_port = baremetal_port self._validate_baremetal_vport(topology) self._validate_vlan(topology, vlan_transparent=False) self._validate_interface(topology) self._validate_policygroup( topology, pg_name=constants.NUAGE_PLCY_GRP_ALLOW_ALL_HW) def _create_topology(self, with_router=False, with_port=False, vlan_transparent=False, with_security_group=True): router = port = security_group = None if with_router: router = self.create_router() if vlan_transparent: network = self.create_network(vlan_transparent=True) else: network = self.create_network() subnet = self.create_subnet('10.20.30.0/24', network['id']) if with_router: self.add_router_interface(router['id'], subnet_id=subnet['id']) if with_port: port = self.create_port(network['id']) if with_security_group: security_group = self.create_security_group() return BaremetalTopology(self.vsd_client, network, subnet, router, port, security_group) def _test_baremetal_port(self, topology, update=False, vlan_transparent=False): create_data = {'security_groups': [topology.security_group['id']]} if not update: create_data.update(self.binding_data) with self.port(topology.network['id'], **create_data) as bm_port: topology.baremetal_port = bm_port if update: self.update_port(bm_port['id'], as_admin=True, **self.binding_data) self._validate_vsd(topology, vlan_transparent=vlan_transparent) # Validation part def _validate_vsd(self, topology, vlan_transparent=False): self._validate_baremetal_vport(topology) self._validate_vlan(topology, vlan_transparent=vlan_transparent) self._validate_interface(topology) self._validate_policygroup(topology) def _validate_baremetal_vport(self, topology): self.assertThat(topology.vsd_baremetal_vport['type'], matchers.Equals(self.expected_vport_type), message="Vport has wrong type") def _validate_vlan(self, topology, vlan_transparent=False): vsd_vlan = self.vsd_client.get_gateway_vlan_by_id( topology.vsd_baremetal_vport['VLANID']) if vlan_transparent: self.assertThat(vsd_vlan['value'], matchers.Equals(self.expected_vlan_transparent), message="Vport has unexpected vlan") else: self.assertThat(vsd_vlan['value'], matchers.Equals(self.expected_vlan_normal), message="Vport has unexpected vlan") def _validate_interface(self, topology): vsd_vport = topology.vsd_baremetal_vport neutron_port = topology.baremetal_port if vsd_vport['type'] == constants.VPORT_TYPE_HOST: self.assertThat(topology.vsd_baremetal_interface['MAC'], matchers.Equals(neutron_port['mac_address'])) self.assertThat( topology.vsd_baremetal_interface['IPAddress'], matchers.Equals(neutron_port['fixed_ips'][0]['ip_address'])) def _validate_policygroup(self, topology, pg_name=None, vport_num=1): if topology.normal_port is not None or self.is_dhcp_agent_present(): expected_pgs = 2 # Expecting software + hardware else: expected_pgs = 1 # Expecting only hardware if not Topology.has_unified_pg_for_all_support(): if self.is_dhcp_agent_present(): expected_pgs += 1 # Extra PG for dhcp agent # Repeated check in case of agent for attempt in range(Topology.nbr_retries_for_test_robustness): if len(topology.get_vsd_policygroups( True)) == expected_pgs: break else: LOG.error("Unexpected amount of PGs found, " "expected {} found {} " "(attempt {})".format( expected_pgs, len(topology.vsd_policygroups), attempt + 1)) time.sleep(1) self.assertThat(topology.get_vsd_policygroups(True), matchers.HasLength(expected_pgs), message="Unexpected amount of PGs found") for pg in topology.vsd_policygroups: if pg['type'] == 'HARDWARE': vsd_policygroup = pg break else: self.fail("Could not find HARDWARE policy group.") self.assertThat(vsd_policygroup['type'], matchers.Equals('HARDWARE')) if Topology.has_unified_pg_for_all_support(): if pg_name: self.assertEqual(pg_name, vsd_policygroup['name']) self.assertEqual(pg_name, vsd_policygroup['description']) self.assertEqual( "hw:" + (ExternalId( constants.NUAGE_PLCY_GRP_ALLOW_ALL).at_cms_id()), vsd_policygroup['externalID']) else: self.assertEqual(topology.security_group['id'] + "_HARDWARE", vsd_policygroup['name']) self.assertEqual(topology.security_group['name'], vsd_policygroup['description']) self.assertEqual( "hw:" + (ExternalId(topology.security_group['id']).at_cms_id()), vsd_policygroup['externalID']) vsd_pg_vports = self.vsd_client.get_vport(constants.POLICYGROUP, vsd_policygroup['ID']) self.assertThat(vsd_pg_vports, matchers.HasLength(vport_num), message="Expected to find exactly {} " "vport in PG".format(vport_num)) for vsd_pg_vport in vsd_pg_vports: if vsd_pg_vport['ID'] == topology.vsd_baremetal_vport['ID']: break else: self.fail("Vport should be part of HARDWARE PG") else: if pg_name: self.assertThat(vsd_policygroup['name'], matchers.Contains(pg_name)) vsd_pg_vports = self.vsd_client.get_vport(constants.POLICYGROUP, vsd_policygroup['ID']) self.assertThat(vsd_pg_vports, matchers.HasLength(1), message="Expected to find exactly 1 vport in PG") self.assertThat(vsd_pg_vports[0]['ID'], matchers.Equals( topology.vsd_baremetal_vport['ID']), message="Vport should be part of HARDWARE PG") def _validate_interconnect(self, topology): self.assertThat(topology.vsd_policygroups, matchers.HasLength(2), message="Expected 2 PGs: 1 hardware, 1 software") vsd_policygroups = {pg['type']: pg for pg in topology.vsd_policygroups} egress_entries = topology.vsd_egress_acl_entries for rule in egress_entries: if (rule['locationID'] == vsd_policygroups['SOFTWARE']['ID'] and rule['networkID'] == vsd_policygroups['HARDWARE']['ID']): break else: self.fail("Could not find interlink egress rule.") def _validate_dhcp_option(self, topology): self.assertThat(topology.vsd_baremetal_dhcp_opts, matchers.HasLength(2)) DHCP_ROUTER_OPT = 3 DHCP_SERVER_NAME_OPT = 66 for dhcp_opt in topology.vsd_baremetal_dhcp_opts: if dhcp_opt['actualType'] == DHCP_ROUTER_OPT: self.assertThat(dhcp_opt['actualValues'][0], matchers.Equals(topology.subnet['gateway_ip'])) elif dhcp_opt['actualType'] == DHCP_SERVER_NAME_OPT: os_dhcp_opt = topology.baremetal_port['extra_dhcp_opts'][0] self.assertThat(dhcp_opt['actualValues'][0], matchers.Equals(os_dhcp_opt['opt_value']))
def test_default_security_group_host_port_nondef_netpart(self): post_body = { "network_id": self.nondef_network['id'], "device_owner": 'nuage:vip' } body = self.ports_client.create_port(**post_body) port = body['port'] self.addCleanup(self.ports_client.delete_port, port['id']) # Create host vport kwargs = { 'gatewayvlan': self.gatewayvlans[5][0]['ID'], 'port': port['id'], 'subnet': None, 'tenant': self.client.tenant_id } body = self.client.create_gateway_vport(**kwargs) vport = body['nuage_gateway_vport'] gw_vport = self.nuage_client.get_host_vport(vport['id']) body = self.admin_client.show_gateway_vport(gw_vport[0]['ID'], self.nondef_subnet['id']) vport = body['nuage_gateway_vport'] if vport is None: assert False, "Host Vport not found" self.verify_vport_properties(gw_vport[0], vport, self.network['id']) l3domain = self.nuage_client.get_l3domain( filters='externalID', filter_values=self.nondef_router['id'], netpart_name=self.nondef_netpart['name']) default_pg = self.nuage_client.get_policygroup(n_constants.DOMAIN, l3domain[0]['ID']) if default_pg[0]['name'] == n_constants.NUAGE_PLCY_GRP_ALLOW_ALL: pg_num = 0 else: pg_num = 1 self.assertEqual( n_constants.NUAGE_PLCY_GRP_ALLOW_ALL if Topology.has_unified_pg_for_all_support() else 'defaultPG-VRSG-HOST-' + vport['subnet'], default_pg[pg_num]['name']) vport_from_pg = self.nuage_client.get_vport(n_constants.POLICYGROUP, default_pg[pg_num]['ID']) if len(vport_from_pg) == 1: self.assertEqual(vport_from_pg[0]['name'], vport['name']) elif len(vport_from_pg) == 2: # One bridge vport is created by another test or neutron dhcp # agent is enabled. self.assertEqual(vport_from_pg[1]['name'], vport['name']) else: # One bridge vport is created by another test and neutron dhcp # agent is enabled. self.assertEqual(vport_from_pg[2]['name'], vport['name']) nuage_eacl_template = self.nuage_client.get_egressacl_template( n_constants.DOMAIN, l3domain[0]['ID']) nuage_eacl_entrytemplate = \ self.nuage_client.get_egressacl_entrytemplate( n_constants.EGRESS_ACL_TEMPLATE, nuage_eacl_template[0]['ID']) vport_tp_pg_mapping = False for nuage_eacl_entry in nuage_eacl_entrytemplate: if nuage_eacl_entry['locationID'] == default_pg[pg_num]['ID']: self.assertEqual(nuage_eacl_entry['networkType'], 'ANY') self.assertEqual(nuage_eacl_entry['locationType'], 'POLICYGROUP') vport_tp_pg_mapping = True if vport_tp_pg_mapping is False: assert False, "Host Vport not found in default PG"
def test_default_security_group_bridge_port(self): kwargs = { 'gatewayvlan': self.gatewayvlans[4][0]['ID'], 'port': None, 'subnet': self.subnet['id'], 'tenant': self.client.tenant_id } body = self.client.create_gateway_vport(**kwargs) vport1 = body['nuage_gateway_vport'] self.gatewayvports.append(vport1) gw_vport = self.nuage_client.get_host_vport(vport1['id']) self.verify_vport_properties(gw_vport[0], vport1, self.network['id']) body = self.admin_client.list_gateway_vport(self.subnet['id']) vports = body['nuage_gateway_vports'] found_vport = False vport = None for vport in vports: if vport['name'] == gw_vport[0]['name']: found_vport = True self.verify_vport_properties(gw_vport[0], vport, self.network['id']) # TODO(Kris noticed) - shld there be break here? if not found_vport: assert False, "Bridge Vport not found" l3domain = self.nuage_client.get_l3domain( filters='externalID', filter_values=self.router['id']) default_pg = self.nuage_client.get_policygroup(n_constants.DOMAIN, l3domain[0]['ID']) self.assertEqual( n_constants.NUAGE_PLCY_GRP_ALLOW_ALL if Topology.has_unified_pg_for_all_support() else 'defaultPG-VRSG-BRIDGE-' + vport['subnet'], default_pg[0]['name']) self.assertThat( default_pg[0], ContainsDict( {'externalID': Equals(self._expected_allow_all_pg_ext_id())})) vports_from_pg = self.nuage_client.get_vport(n_constants.POLICYGROUP, default_pg[0]['ID']) for vport_from_pg in vports_from_pg: if vport_from_pg['name'] == vport['name']: break else: self.fail("Can't find Vport {} under the policy group {}".format( vport['name'], default_pg[0]['name'])) # Egress ACL nuage_eacl_template = self.nuage_client.get_egressacl_template( n_constants.DOMAIN, l3domain[0]['ID']) # must have external ID as router_id @ cms_id self.assertThat( nuage_eacl_template[0], ContainsDict({ 'externalID': Equals(ExternalId(self.router['id']).at_cms_id()) })) nuage_eacl_entrytemplate = \ self.nuage_client.get_egressacl_entrytemplate( n_constants.EGRESS_ACL_TEMPLATE, nuage_eacl_template[0]['ID']) self.assertThat( nuage_eacl_entrytemplate[0], ContainsDict( {'externalID': Equals(self._expected_allow_all_pg_ext_id())})) vport_tp_pg_mapping = False for nuage_eacl_entry in nuage_eacl_entrytemplate: if nuage_eacl_entry['locationID'] == default_pg[0]['ID']: self.assertThat( nuage_eacl_entry, ContainsDict({ 'externalID': Equals(self._expected_allow_all_pg_ext_id()) })) self.assertEqual(nuage_eacl_entry['networkType'], 'ANY') self.assertEqual(nuage_eacl_entry['locationType'], 'POLICYGROUP') vport_tp_pg_mapping = True if vport_tp_pg_mapping is False: assert False, "Bridge Vport not found in default PG" # Ingress ACL nuage_iacl_template = self.nuage_client.get_ingressacl_template( n_constants.DOMAIN, l3domain[0]['ID']) # must have external ID as router_id @ cms_id self.assertThat( nuage_iacl_template[0], ContainsDict({ 'externalID': Equals(ExternalId(self.router['id']).at_cms_id()) })) nuage_iacl_entrytemplate = \ self.nuage_client.get_ingressacl_entrytemplate( n_constants.INGRESS_ACL_TEMPLATE, nuage_iacl_template[0]['ID']) self.assertThat( nuage_iacl_entrytemplate[0], ContainsDict( {'externalID': Equals(self._expected_allow_all_pg_ext_id())})) vport_tp_pg_mapping = False for nuage_iacl_entry in nuage_iacl_entrytemplate: if nuage_iacl_entry['locationID'] == default_pg[0]['ID']: self.assertThat( nuage_iacl_entry, ContainsDict({ 'externalID': Equals(self._expected_allow_all_pg_ext_id()) })) self.assertEqual('ANY', nuage_iacl_entry['networkType']) self.assertEqual('POLICYGROUP', nuage_iacl_entry['locationType']) vport_tp_pg_mapping = True self.assertTrue(vport_tp_pg_mapping, 'Bridge Vport not found in default PG')