def test(): ''' Test image requirements: 1. have nc to check the network port 2. have "nc" to open any port 3. it doesn't include a default firewall VR image is a good candiate to be the guest image. ''' global test_obj_dict test_util.test_dsc("Create 2 VMs with vlan VR L3 network and using VR image.") vm1 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm1) vm2 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm2) vm1.check() vm2.check() test_util.test_dsc("Create security groups.") sg1 = test_stub.create_sg() test_obj_dict.add_sg(sg1.security_group.uuid) sg2 = test_stub.create_sg() test_obj_dict.add_sg(sg2.security_group.uuid) sg3 = test_stub.create_sg() test_obj_dict.add_sg(sg3.security_group.uuid) sg_vm = test_sg_vm_header.ZstackTestSgVm() sg_vm.check() nic_uuid = vm1.vm.vmNics[0].uuid vm_nics = (nic_uuid, vm1) l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0] vm2_ip = test_lib.lib_get_vm_nic_by_l3(vm2.vm, l3_uuid).ip rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.INGRESS, vm2_ip) rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.INGRESS, vm2_ip) rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.TCP, inventory.INGRESS, vm2_ip) rule4 = test_lib.lib_gen_sg_rule(Port.rule4_ports, inventory.TCP, inventory.INGRESS, vm2_ip) rule5 = test_lib.lib_gen_sg_rule(Port.rule5_ports, inventory.TCP, inventory.INGRESS, vm2_ip) sg1.add_rule([rule1]) sg2.add_rule([rule1, rule2, rule3]) sg3.add_rule([rule3, rule4, rule5]) sg_vm.check() sg_vm.add_stub_vm(l3_uuid, vm2) #test_util.test_dsc("Create SG rule6: allow connection from vr to port 0~65535") #rule6 = inventory.SecurityGroupRuleAO() #rule6.allowedCidr = '%s/32' % vr_internal_ip #rule6.protocol = inventory.TCP #rule6.startPort = 0 #rule6.endPort = 65535 #rule6.type = inventory.INGRESS #test_stub.lib_add_sg_rules(sg1.uuid, [rule1, rule6]) #add sg1 test_util.test_dsc("Attach security group 1 to [nic:] %s L3." % nic_uuid) test_util.test_dsc("Add nic to security group 1.") sg_vm.attach(sg1, [vm_nics]) sg_vm.check() #add sg2 test_util.test_dsc("Attach security group 2 to [nic:] %s L3." % nic_uuid) test_util.test_dsc("Add nic to security group 2.") sg_vm.attach(sg2, [vm_nics]) sg_vm.check() #add sg3 test_util.test_dsc("Attach security group 3 to [nic:] %s L3." % nic_uuid) test_util.test_dsc("Add nic to security group 3.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports) sg_vm.attach(sg3, [vm_nics]) sg_vm.check() #shutdown vm1 test_util.test_dsc("Shutdown VM1") vm1.stop() sg_vm.check() test_util.test_dsc("Start VM1") vm1.start() vm1.check() test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports) sg_vm.check() test_util.test_dsc("Restart VM1") vm1.reboot() vm1.check() test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports) sg_vm.check() test_util.test_dsc("Destroy VM1. All its SG rules should be removed.") vm_internalId = test_lib.lib_get_vm_internal_id(vm1.vm) vm1.destroy() test_obj_dict.rm_vm(vm1) if linux.wait_callback_success(do_check, (vm1.vm, "vnic%s.0-in" % vm_internalId), 5, 0.2): test_util.test_logger('[vm:] %s SG INGRESS rules are removed, after it is destroyed.' % vm1.vm.uuid) else: test_util.test_fail('[vm:] %s SG INGRESS rules are not removed, after it is destroyed 5 seconds. ' % vm1.vm.uuid) vm2.destroy() test_obj_dict.rm_vm(vm2) sg_vm.delete_sg(sg3) test_obj_dict.rm_sg(sg3.security_group.uuid) sg_vm.delete_sg(sg2) test_obj_dict.rm_sg(sg2.security_group.uuid) sg_vm.delete_sg(sg1) test_obj_dict.rm_sg(sg1.security_group.uuid) test_util.test_pass('Security Group Vlan VirtualRouter VM Start/Stop/Reboot/Destroy Test Success')
def test(): ''' Test image requirements: 1. have nc to check the network port 2. have "nc" to open any port 3. it doesn't include a default firewall VR image is a good candiate to be the guest image. ''' global test_obj_dict test_util.test_dsc( "Create 2 VMs with vlan VR L3 network and using VR image.") vm1 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm1) vm2 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm2) vm1.check() vm2.check() test_util.test_dsc("Create security groups.") sg1 = test_stub.create_sg() test_obj_dict.add_sg(sg1.security_group.uuid) sg2 = test_stub.create_sg() test_obj_dict.add_sg(sg2.security_group.uuid) sg3 = test_stub.create_sg() test_obj_dict.add_sg(sg3.security_group.uuid) sg_vm = test_sg_vm_header.ZstackTestSgVm() sg_vm.check() nic_uuid = vm1.vm.vmNics[0].uuid vm_nics = (nic_uuid, vm1) l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid vm_internalId = test_lib.lib_get_vm_internal_id(vm1.vm) vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0] vm2_ip = test_lib.lib_get_vm_nic_by_l3(vm2.vm, l3_uuid).ip rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.UDP, inventory.INGRESS, vm2_ip) rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.UDP, inventory.INGRESS, vm2_ip) rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.UDP, inventory.EGRESS, vm2_ip) rule4 = test_lib.lib_gen_sg_rule(Port.rule4_ports, inventory.UDP, inventory.EGRESS, vm2_ip) rule5 = test_lib.lib_gen_sg_rule(Port.rule5_ports, inventory.UDP, inventory.EGRESS, vm2_ip) sg1.add_rule([rule1]) sg2.add_rule([rule1, rule2, rule3]) sg3.add_rule([rule3, rule4, rule5]) sg_vm.add_stub_vm(l3_uuid, vm2) sg_vm.check() test_util.test_dsc("Add nic to security group 1.") test_util.test_dsc("Allowed ports: %s" % test_stub.rule1_ports) sg_vm.attach(sg1, [vm_nics]) sg_vm.check() # test_util.test_dsc("Remove nic from security group 1.") test_util.test_dsc("Allowed ports: %s" % test_stub.target_ports) sg_vm.detach(sg1, nic_uuid) sg_vm.check() test_util.test_dsc("Add rule1, rule2, rule3 to security group 1.") sg1.add_rule([rule1, rule2, rule3]) sg_vm.check() test_util.test_dsc("Add nic to security group 1 again.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports) sg_vm.attach(sg1, [vm_nics]) sg_vm.check() #can't directly remove rule1, as it will block vr ssh connection. test_util.test_dsc("Remove rule2/3 from security group 1.") test_util.test_dsc("Allowed ports: %s" % test_stub.rule1_ports) sg1.delete_rule([rule2, rule3]) sg_vm.check() #add sg2 test_util.test_dsc("Add nic to security group 2.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports) sg_vm.attach(sg2, [vm_nics]) sg_vm.check() #add sg3 test_util.test_dsc("Add nic to security group 3.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports test_util.test_dsc("Allowed ports (rule1+rule2+rul3+rule4+rule5): %s" % tmp_allowed_ports) sg_vm.attach(sg3, [vm_nics]) sg_vm.check() #detach nic from sg2 test_util.test_dsc("Remove security group 2 for nic.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports test_util.test_dsc("Allowed ports (rule1+rule3+rule4+rule5): %s" % tmp_allowed_ports) sg_vm.detach(sg2, nic_uuid) sg_vm.check() #delete sg3 test_util.test_dsc("Delete security group 3.") test_util.test_dsc("Allowed ports (rule1): %s" % test_stub.rule1_ports) sg_vm.delete_sg(sg3) sg_vm.check() test_obj_dict.rm_sg(sg3.security_group.uuid) #Cleanup sg_vm.delete_sg(sg2) test_obj_dict.rm_sg(sg2.security_group.uuid) sg_vm.delete_sg(sg1) test_obj_dict.rm_sg(sg1.security_group.uuid) sg_vm.check() vm1.destroy() test_obj_dict.rm_vm(vm1) vm2.destroy() test_obj_dict.rm_vm(vm2) test_util.test_pass( 'Security Group UDP Vlan VirtualRouter VMs Test Success')
def test(): ''' Test image requirements: 1. have nc to check the network port 2. have "nc" to open any port 3. it doesn't include a default firewall VR image is a good candiate to be the guest image. ''' global test_obj_dict test_util.test_dsc("Create 2 VMs with vlan VR L3 network and using VR image.") vm1 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm1) vm2 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm2) vm1.check() vm2.check() test_util.test_dsc("Create security groups.") sg1 = test_stub.create_sg() test_obj_dict.add_sg(sg1.security_group.uuid) sg2 = test_stub.create_sg() test_obj_dict.add_sg(sg2.security_group.uuid) sg3 = test_stub.create_sg() test_obj_dict.add_sg(sg3.security_group.uuid) sg_vm = test_sg_vm_header.ZstackTestSgVm() sg_vm.check() nic_uuid = vm1.vm.vmNics[0].uuid vm_nics = (nic_uuid, vm1) l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid vm_internalId = test_lib.lib_get_vm_internal_id(vm1.vm) vr_vm = test_lib.lib_find_vr_by_vm(vm1.vm)[0] vm2_ip = test_lib.lib_get_vm_nic_by_l3(vm2.vm, l3_uuid).ip rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.UDP, inventory.INGRESS, vm2_ip) rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.UDP, inventory.INGRESS, vm2_ip) rule3 = test_lib.lib_gen_sg_rule(Port.rule3_ports, inventory.UDP, inventory.EGRESS, vm2_ip) rule4 = test_lib.lib_gen_sg_rule(Port.rule4_ports, inventory.UDP, inventory.EGRESS, vm2_ip) rule5 = test_lib.lib_gen_sg_rule(Port.rule5_ports, inventory.UDP, inventory.EGRESS, vm2_ip) sg1.add_rule([rule1]) sg2.add_rule([rule1, rule2, rule3]) sg3.add_rule([rule3, rule4, rule5]) sg_vm.add_stub_vm(l3_uuid, vm2) sg_vm.check() test_util.test_dsc("Add nic to security group 1.") test_util.test_dsc("Allowed ports: %s" % test_stub.rule1_ports) sg_vm.attach(sg1, [vm_nics]) sg_vm.check() # test_util.test_dsc("Remove nic from security group 1.") test_util.test_dsc("Allowed ports: %s" % test_stub.target_ports) sg_vm.detach(sg1, nic_uuid) sg_vm.check() test_util.test_dsc("Add rule1, rule2, rule3 to security group 1.") sg1.add_rule([rule1, rule2, rule3]) sg_vm.check() test_util.test_dsc("Add nic to security group 1 again.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports) sg_vm.attach(sg1, [vm_nics]) sg_vm.check() #can't directly remove rule1, as it will block vr ssh connection. test_util.test_dsc("Remove rule2/3 from security group 1.") test_util.test_dsc("Allowed ports: %s" % test_stub.rule1_ports) sg1.delete_rule([rule2, rule3]) sg_vm.check() #add sg2 test_util.test_dsc("Add nic to security group 2.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports test_util.test_dsc("Allowed ports: %s" % tmp_allowed_ports) sg_vm.attach(sg2, [vm_nics]) sg_vm.check() #add sg3 test_util.test_dsc("Add nic to security group 3.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule2_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports test_util.test_dsc("Allowed ports (rule1+rule2+rul3+rule4+rule5): %s" % tmp_allowed_ports) sg_vm.attach(sg3, [vm_nics]) sg_vm.check() #detach nic from sg2 test_util.test_dsc("Remove security group 2 for nic.") tmp_allowed_ports = test_stub.rule1_ports + test_stub.rule3_ports + test_stub.rule4_ports + test_stub.rule5_ports test_util.test_dsc("Allowed ports (rule1+rule3+rule4+rule5): %s" % tmp_allowed_ports) sg_vm.detach(sg2, nic_uuid) sg_vm.check() #delete sg3 test_util.test_dsc("Delete security group 3.") test_util.test_dsc("Allowed ports (rule1): %s" % test_stub.rule1_ports) sg_vm.delete_sg(sg3) sg_vm.check() test_obj_dict.rm_sg(sg3.security_group.uuid) #Cleanup sg_vm.delete_sg(sg2) test_obj_dict.rm_sg(sg2.security_group.uuid) sg_vm.delete_sg(sg1) test_obj_dict.rm_sg(sg1.security_group.uuid) sg_vm.check() vm1.destroy() test_obj_dict.rm_vm(vm1) vm2.destroy() test_obj_dict.rm_vm(vm2) test_util.test_pass('Security Group UDP Vlan VirtualRouter VMs Test Success')