def test_02_use_vpn_port(self):
"""Test create VPN when L2TP port in use"""
# Validate the following
# 1. set a port forward for UDP: 1701 and enable VPN
# 2. set port forward rule for the udp port 1701 over which L2TP works
# 3. port forward should prevent VPN from being enabled
self.debug("Creating a port forwarding rule on port 1701")
# Create NAT rule
nat_rule = NATRule.create(self.apiclient, self.virtual_machine,
self.services["natrule"],
self.public_ip.ipaddress.id)
self.debug("Verifying the NAT rule created")
nat_rules = NATRule.list(self.apiclient, id=nat_rule.id, listall=True)
self.assertEqual(isinstance(nat_rules, list), True,
"List NAT rules should return a valid response")
self.debug("Enabling the VPN connection for IP: %s" %
self.public_ip.ipaddress)
with self.assertRaises(Exception):
self.create_VPN(self.public_ip)
self.debug("Create VPN connection failed! Test successful!")
return
def test_02_use_vpn_port(self):
"""Test create VPN when L2TP port in use"""
# Validate the following
# 1. set a port forward for UDP: 1701 and enable VPN
# 2. set port forward rule for the udp port 1701 over which L2TP works
# 3. port forward should prevent VPN from being enabled
self.debug("Creating a port forwarding rule on port 1701")
# Create NAT rule
nat_rule = NATRule.create(
self.apiclient,
self.virtual_machine,
self.services["natrule"],
self.public_ip.ipaddress.id)
self.debug("Verifying the NAT rule created")
nat_rules = NATRule.list(self.apiclient, id=nat_rule.id, listall=True)
self.assertEqual(isinstance(nat_rules, list),
True,
"List NAT rules should return a valid response")
self.debug("Enabling the VPN connection for IP: %s" %
self.public_ip.ipaddress)
with self.assertRaises(Exception):
self.create_VPN(self.public_ip)
self.debug("Create VPN connection failed! Test successful!")
return
def acquire_Public_Ip(self):
"""Acquires the public IP"""
try:
self.debug("Acquiring public IP for account: %s" %
self.account.name)
public_ip = PublicIPAddress.create(
self.apiclient,
self.virtual_machine.account,
self.virtual_machine.zoneid,
self.virtual_machine.domainid,
self.services["virtual_machine"]
)
self.debug("Acquired public IP: %s" %
public_ip.ipaddress.ipaddress)
self.debug("Configuring NAT rule for the acquired public ip")
NATRule.create(
self.apiclient,
self.virtual_machine,
self.services["natrule"],
ipaddressid=public_ip.ipaddress.id
)
return public_ip
except Exception as e:
self.fail("Failed to acquire new public IP: %s" % e)
def createNetworkRulesForVM(apiclient, virtualmachine, ruletype,
account, networkruledata):
"""Acquire IP, create Firewall and NAT/StaticNAT rule
(associating it with given vm) for that IP"""
try:
public_ip = PublicIPAddress.create(
apiclient,accountid=account.name,
zoneid=virtualmachine.zoneid,domainid=account.domainid,
networkid=virtualmachine.nic[0].networkid)
FireWallRule.create(
apiclient,ipaddressid=public_ip.ipaddress.id,
protocol='TCP', cidrlist=[networkruledata["fwrule"]["cidr"]],
startport=networkruledata["fwrule"]["startport"],
endport=networkruledata["fwrule"]["endport"]
)
if ruletype == NAT_RULE:
# Create NAT rule
NATRule.create(apiclient, virtualmachine,
networkruledata["natrule"],ipaddressid=public_ip.ipaddress.id,
networkid=virtualmachine.nic[0].networkid)
elif ruletype == STATIC_NAT_RULE:
# Enable Static NAT for VM
StaticNATRule.enable(apiclient,public_ip.ipaddress.id,
virtualmachine.id, networkid=virtualmachine.nic[0].networkid)
except Exception as e:
[FAIL, e]
return [PASS, public_ip]
def setUp(self):
self.apiclient = self.testClient.getApiClient()
self.dbclient = self.testClient.getDbConnection()
self.account = Account.create(self.apiclient,
self.services["account"],
domainid=self.domain.id)
self.virtual_machine = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
templateid=self.template.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id)
self.virtual_machine_2 = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
templateid=self.template.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id)
self.public_ip = PublicIPAddress.create(
self.apiclient, self.virtual_machine.account,
self.virtual_machine.zoneid, self.virtual_machine.domainid,
self.services["virtual_machine"])
NATRule.create(self.apiclient,
self.virtual_machine,
self.services["natrule"],
ipaddressid=self.public_ip.ipaddress.id)
self.cleanup = [
self.account,
]
return
def setUp(self):
self.apiclient = self.testClient.getApiClient()
self.dbclient = self.testClient.getDbConnection()
self.account = Account.create(
self.apiclient,
self.services["account"],
domainid=self.domain.id
)
self.virtual_machine = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
templateid=self.template.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id
)
self.virtual_machine_2 = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
templateid=self.template.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id
)
self.public_ip = PublicIPAddress.create(
self.apiclient,
self.virtual_machine.account,
self.virtual_machine.zoneid,
self.virtual_machine.domainid,
self.services["virtual_machine"]
)
NATRule.create(
self.apiclient,
self.virtual_machine,
self.services["natrule"],
ipaddressid=self.public_ip.ipaddress.id
)
self.cleanup = [self.account, ]
return
def test_03_enable_vpn_use_port(self):
"""Test create NAT rule when VPN when L2TP enabled"""
# Validate the following
# 1. Enable a VPN connection on source NAT
# 2. Add a VPN user
# 3. add a port forward rule for UDP port 1701. Should result in error
# saying that VPN is enabled over port 1701
self.debug("Enabling the VPN connection for IP: %s" %
self.public_ip.ipaddress)
self.create_VPN(self.public_ip)
self.debug("Creating a port forwarding rule on port 1701")
# Create NAT rule
with self.assertRaises(Exception):
NATRule.create(self.apiclient, self.virtual_machine,
self.services["natrule"],
self.public_ip.ipaddress.id)
self.debug("Create NAT rule failed! Test successful!")
return
def test_disassociate_ip_mapped_to_secondary_ip_through_PF_rule(self, value):
""" Add secondary IP to NIC of a VM"""
## Steps:
# 1. Create Account and create network in it (isoalted/ shared/ vpc)
# 2. Deploy a VM in this network and account
# 3. Add secondary IP to the default nic of VM
# 4. Acquire public IP, open firewall for it, and
# create NAT rule for this public IP to the 1st secondary IP
# 5. Try to delete the public IP used for NAT rule
# Validations:
# 1. Step 5 should succeed
self.account = Account.create(self.apiclient,self.services["account"],domainid=self.domain.id)
self.cleanup.append(self.account)
network = createNetwork(self, value)
try:
virtual_machine = VirtualMachine.create(self.apiclient,self.services["virtual_machine"],
networkids=[network.id],serviceofferingid=self.service_offering.id,
accountid=self.account.name,domainid=self.account.domainid)
except Exception as e:
self.fail("vm creation failed: %s" % e)
try:
ipaddress_1 = NIC.addIp(self.apiclient, id=virtual_machine.nic[0].id)
except Exception as e:
self.fail("Failed while adding secondary IP to NIC of vm %s" % virtual_machine.id)
public_ip = PublicIPAddress.create(self.api_client,accountid=self.account.name,
zoneid=self.zone.id,domainid=self.account.domainid,
networkid=network.id, vpcid = network.vpcid if value == VPC_NETWORK else None)
if value != VPC_NETWORK:
FireWallRule.create(self.apiclient,ipaddressid=public_ip.ipaddress.id,
protocol='TCP', cidrlist=[self.services["fwrule"]["cidr"]],
startport=self.services["fwrule"]["startport"],endport=self.services["fwrule"]["endport"])
# Create NAT rule
natrule = NATRule.create(self.api_client, virtual_machine,
self.services["natrule"],ipaddressid=public_ip.ipaddress.id,
networkid=network.id, vmguestip = ipaddress_1.ipaddress)
try:
public_ip.delete(self.apiclient)
except Exception as e:
self.fail("Exception while deleting nat rule %s: %s" % (natrule.id, e))
return
def test_03_enable_vpn_use_port(self):
"""Test create NAT rule when VPN when L2TP enabled"""
# Validate the following
# 1. Enable a VPN connection on source NAT
# 2. Add a VPN user
# 3. add a port forward rule for UDP port 1701. Should result in error
# saying that VPN is enabled over port 1701
self.debug("Enabling the VPN connection for IP: %s" %
self.public_ip.ipaddress)
self.create_VPN(self.public_ip)
self.debug("Creating a port forwarding rule on port 1701")
# Create NAT rule
with self.assertRaises(Exception):
NATRule.create(
self.apiclient,
self.virtual_machine,
self.services["natrule"],
self.public_ip.ipaddress.id)
self.debug("Create NAT rule failed! Test successful!")
return
def createNetworkRules(self, virtual_machine, network, vmguestip, networktype, ruletype):
""" Acquire public ip in the given network, open firewall if required and
create NAT rule for the public ip to the given guest vm ip address"""
try:
public_ip = PublicIPAddress.create(self.api_client,accountid=self.account.name,
zoneid=self.zone.id,domainid=self.account.domainid,
networkid=network.id, vpcid = network.vpcid if networktype == VPC_NETWORK else None)
if networktype != VPC_NETWORK:
FireWallRule.create(self.apiclient,ipaddressid=public_ip.ipaddress.id,
protocol='TCP', cidrlist=[self.services["fwrule"]["cidr"]],
startport=self.services["fwrule"]["startport"],endport=self.services["fwrule"]["endport"])
if ruletype == "nat":
NATRule.create(self.api_client, virtual_machine,
self.services["natrule"],ipaddressid=public_ip.ipaddress.id,
networkid=network.id, vmguestip = vmguestip)
elif ruletype == "staticnat":
StaticNATRule.enable(self.apiclient, public_ip.ipaddress.id, virtual_machine.id, network.id, vmguestip=vmguestip)
except Exception:
return FAIL
return PASS
def create_NatRule_For_VM(self, vm, public_ip, network):
self.debug("Creatinng NAT rule in network for vm with public IP")
nat_rule = NATRule.create(self.apiclient,
vm,
self.services["natrule"],
ipaddressid=public_ip.ipaddress.id,
openfirewall=False,
networkid=network.id,
vpcid=self.vpc.id)
self.debug("Adding NetwrokACl rules to make NAT rule accessible")
nwacl_nat = NetworkACL.create(self.apiclient,
networkid=network.id,
services=self.services["natrule"],
traffictype='Ingress')
self.debug('nwacl_nat=%s' % nwacl_nat.__dict__)
return nat_rule
def create_NatRule_For_VM(self, vm, public_ip, network, services=None):
self.debug("Creatinng NAT rule in network for vm with public IP")
if not services:
services = self.services["natrule"]
nat_rule = NATRule.create(
self.apiclient,
vm,
services,
ipaddressid=public_ip.ipaddress.id,
openfirewall=False,
networkid=network.id,
vpcid=self.vpc.id,
)
self.debug("Adding NetwrokACl rules to make NAT rule accessible")
nwacl_nat = NetworkACL.create(self.apiclient, networkid=network.id, services=services, traffictype="Ingress")
self.debug("nwacl_nat=%s" % nwacl_nat.__dict__)
return nat_rule
def create_vm(self, pfrule=False, egress_policy=True, RR=False):
self.create_network_offering(egress_policy, RR)
# Creating network using the network offering created
self.debug("Creating network with network offering: %s" %
self.network_offering.id)
self.network = Network.create(self.apiclient,
self.services["network"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=self.network_offering.id,
zoneid=self.zone.id)
self.cleanup_networks.append(self.network)
self.debug("Created network with ID: %s" % self.network.id)
self.debug("Deploying instance in the account: %s" % self.account.name)
project = None
try:
self.virtual_machine = VirtualMachine.create(self.apiclient,
self.services["virtual_machine"],
accountid=self.account.name,
domainid=self.domain.id,
serviceofferingid=self.service_offering.id,
mode=self.zone.networktype if pfrule else 'basic',
networkids=[str(self.network.id)],
projectid=project.id if project else None)
self.cleanup_vms.append(self.virtual_machine)
except Exception as e:
self.fail("Virtual machine deployment failed with exception: %s" % e)
self.debug("Deployed instance %s in account: %s" % (self.virtual_machine.id,self.account.name))
# Checking if VM is running or not, in case it is deployed in error state, test case fails
self.vm_list = list_virtual_machines(self.apiclient, id=self.virtual_machine.id)
self.assertEqual(validateList(self.vm_list)[0], PASS, "vm list validation failed, vm list is %s" % self.vm_list)
self.assertEqual(str(self.vm_list[0].state).lower(),'running',"VM state should be running, it is %s" % self.vm_list[0].state)
self.public_ip = PublicIPAddress.create(
self.apiclient,
accountid=self.account.name,
zoneid=self.zone.id,
domainid=self.account.domainid,
networkid=self.network.id
)
# Open up firewall port for SSH
FireWallRule.create(
self.apiclient,
ipaddressid=self.public_ip.ipaddress.id,
protocol=self.services["natrule"]["protocol"],
cidrlist=['0.0.0.0/0'],
startport=self.services["natrule"]["publicport"],
endport=self.services["natrule"]["publicport"]
)
self.debug("Creating NAT rule for VM ID: %s" % self.virtual_machine.id)
#Create NAT rule
NATRule.create(
self.apiclient,
self.virtual_machine,
self.services["natrule"],
self.public_ip.ipaddress.id
)
return
