def setUp(self): self.apiclient = self.testClient.getApiClient() self.dbclient = self.testClient.getDbConnection() self.account = Account.create(self.apiclient, self.services["account"], domainid=self.domain.id) self.virtual_machine = VirtualMachine.create( self.apiclient, self.services["virtual_machine"], templateid=self.template.id, accountid=self.account.name, domainid=self.account.domainid, serviceofferingid=self.service_offering.id) self.virtual_machine_2 = VirtualMachine.create( self.apiclient, self.services["virtual_machine"], templateid=self.template.id, accountid=self.account.name, domainid=self.account.domainid, serviceofferingid=self.service_offering.id) self.public_ip = PublicIPAddress.create( self.apiclient, self.virtual_machine.account, self.virtual_machine.zoneid, self.virtual_machine.domainid, self.services["virtual_machine"]) NATRule.create(self.apiclient, self.virtual_machine, self.services["natrule"], ipaddressid=self.public_ip.ipaddress.id) self.cleanup = [ self.account, ] return
def acquire_Public_Ip(self): """Acquires the public IP""" try: self.debug("Acquiring public IP for account: %s" % self.account.name) public_ip = PublicIPAddress.create( self.apiclient, self.virtual_machine.account, self.virtual_machine.zoneid, self.virtual_machine.domainid, self.services["virtual_machine"] ) self.debug("Acquired public IP: %s" % public_ip.ipaddress.ipaddress) self.debug("Configuring NAT rule for the acquired public ip") NATRule.create( self.apiclient, self.virtual_machine, self.services["natrule"], ipaddressid=public_ip.ipaddress.id ) return public_ip except Exception as e: self.fail("Failed to acquire new public IP: %s" % e)
def createNetworkRulesForVM(apiclient, virtualmachine, ruletype, account, networkruledata): """Acquire IP, create Firewall and NAT/StaticNAT rule (associating it with given vm) for that IP""" try: public_ip = PublicIPAddress.create( apiclient,accountid=account.name, zoneid=virtualmachine.zoneid,domainid=account.domainid, networkid=virtualmachine.nic[0].networkid) FireWallRule.create( apiclient,ipaddressid=public_ip.ipaddress.id, protocol='TCP', cidrlist=[networkruledata["fwrule"]["cidr"]], startport=networkruledata["fwrule"]["startport"], endport=networkruledata["fwrule"]["endport"] ) if ruletype == NAT_RULE: # Create NAT rule NATRule.create(apiclient, virtualmachine, networkruledata["natrule"],ipaddressid=public_ip.ipaddress.id, networkid=virtualmachine.nic[0].networkid) elif ruletype == STATIC_NAT_RULE: # Enable Static NAT for VM StaticNATRule.enable(apiclient,public_ip.ipaddress.id, virtualmachine.id, networkid=virtualmachine.nic[0].networkid) except Exception as e: [FAIL, e] return [PASS, public_ip]
def test_02_use_vpn_port(self): """Test create VPN when L2TP port in use""" # Validate the following # 1. set a port forward for UDP: 1701 and enable VPN # 2. set port forward rule for the udp port 1701 over which L2TP works # 3. port forward should prevent VPN from being enabled self.debug("Creating a port forwarding rule on port 1701") # Create NAT rule nat_rule = NATRule.create( self.apiclient, self.virtual_machine, self.services["natrule"], self.public_ip.ipaddress.id) self.debug("Verifying the NAT rule created") nat_rules = NATRule.list(self.apiclient, id=nat_rule.id, listall=True) self.assertEqual(isinstance(nat_rules, list), True, "List NAT rules should return a valid response") self.debug("Enabling the VPN connection for IP: %s" % self.public_ip.ipaddress) with self.assertRaises(Exception): self.create_VPN(self.public_ip) self.debug("Create VPN connection failed! Test successful!") return
def test_02_use_vpn_port(self): """Test create VPN when L2TP port in use""" # Validate the following # 1. set a port forward for UDP: 1701 and enable VPN # 2. set port forward rule for the udp port 1701 over which L2TP works # 3. port forward should prevent VPN from being enabled self.debug("Creating a port forwarding rule on port 1701") # Create NAT rule nat_rule = NATRule.create(self.apiclient, self.virtual_machine, self.services["natrule"], self.public_ip.ipaddress.id) self.debug("Verifying the NAT rule created") nat_rules = NATRule.list(self.apiclient, id=nat_rule.id, listall=True) self.assertEqual(isinstance(nat_rules, list), True, "List NAT rules should return a valid response") self.debug("Enabling the VPN connection for IP: %s" % self.public_ip.ipaddress) with self.assertRaises(Exception): self.create_VPN(self.public_ip) self.debug("Create VPN connection failed! Test successful!") return
def setUp(self): self.apiclient = self.testClient.getApiClient() self.dbclient = self.testClient.getDbConnection() self.account = Account.create( self.apiclient, self.services["account"], domainid=self.domain.id ) self.virtual_machine = VirtualMachine.create( self.apiclient, self.services["virtual_machine"], templateid=self.template.id, accountid=self.account.name, domainid=self.account.domainid, serviceofferingid=self.service_offering.id ) self.virtual_machine_2 = VirtualMachine.create( self.apiclient, self.services["virtual_machine"], templateid=self.template.id, accountid=self.account.name, domainid=self.account.domainid, serviceofferingid=self.service_offering.id ) self.public_ip = PublicIPAddress.create( self.apiclient, self.virtual_machine.account, self.virtual_machine.zoneid, self.virtual_machine.domainid, self.services["virtual_machine"] ) NATRule.create( self.apiclient, self.virtual_machine, self.services["natrule"], ipaddressid=self.public_ip.ipaddress.id ) self.cleanup = [self.account, ] return
def test_03_enable_vpn_use_port(self): """Test create NAT rule when VPN when L2TP enabled""" # Validate the following # 1. Enable a VPN connection on source NAT # 2. Add a VPN user # 3. add a port forward rule for UDP port 1701. Should result in error # saying that VPN is enabled over port 1701 self.debug("Enabling the VPN connection for IP: %s" % self.public_ip.ipaddress) self.create_VPN(self.public_ip) self.debug("Creating a port forwarding rule on port 1701") # Create NAT rule with self.assertRaises(Exception): NATRule.create(self.apiclient, self.virtual_machine, self.services["natrule"], self.public_ip.ipaddress.id) self.debug("Create NAT rule failed! Test successful!") return
def test_disassociate_ip_mapped_to_secondary_ip_through_PF_rule(self, value): """ Add secondary IP to NIC of a VM""" ## Steps: # 1. Create Account and create network in it (isoalted/ shared/ vpc) # 2. Deploy a VM in this network and account # 3. Add secondary IP to the default nic of VM # 4. Acquire public IP, open firewall for it, and # create NAT rule for this public IP to the 1st secondary IP # 5. Try to delete the public IP used for NAT rule # Validations: # 1. Step 5 should succeed self.account = Account.create(self.apiclient,self.services["account"],domainid=self.domain.id) self.cleanup.append(self.account) network = createNetwork(self, value) try: virtual_machine = VirtualMachine.create(self.apiclient,self.services["virtual_machine"], networkids=[network.id],serviceofferingid=self.service_offering.id, accountid=self.account.name,domainid=self.account.domainid) except Exception as e: self.fail("vm creation failed: %s" % e) try: ipaddress_1 = NIC.addIp(self.apiclient, id=virtual_machine.nic[0].id) except Exception as e: self.fail("Failed while adding secondary IP to NIC of vm %s" % virtual_machine.id) public_ip = PublicIPAddress.create(self.api_client,accountid=self.account.name, zoneid=self.zone.id,domainid=self.account.domainid, networkid=network.id, vpcid = network.vpcid if value == VPC_NETWORK else None) if value != VPC_NETWORK: FireWallRule.create(self.apiclient,ipaddressid=public_ip.ipaddress.id, protocol='TCP', cidrlist=[self.services["fwrule"]["cidr"]], startport=self.services["fwrule"]["startport"],endport=self.services["fwrule"]["endport"]) # Create NAT rule natrule = NATRule.create(self.api_client, virtual_machine, self.services["natrule"],ipaddressid=public_ip.ipaddress.id, networkid=network.id, vmguestip = ipaddress_1.ipaddress) try: public_ip.delete(self.apiclient) except Exception as e: self.fail("Exception while deleting nat rule %s: %s" % (natrule.id, e)) return
def test_03_enable_vpn_use_port(self): """Test create NAT rule when VPN when L2TP enabled""" # Validate the following # 1. Enable a VPN connection on source NAT # 2. Add a VPN user # 3. add a port forward rule for UDP port 1701. Should result in error # saying that VPN is enabled over port 1701 self.debug("Enabling the VPN connection for IP: %s" % self.public_ip.ipaddress) self.create_VPN(self.public_ip) self.debug("Creating a port forwarding rule on port 1701") # Create NAT rule with self.assertRaises(Exception): NATRule.create( self.apiclient, self.virtual_machine, self.services["natrule"], self.public_ip.ipaddress.id) self.debug("Create NAT rule failed! Test successful!") return
def createNetworkRules(self, virtual_machine, network, vmguestip, networktype, ruletype): """ Acquire public ip in the given network, open firewall if required and create NAT rule for the public ip to the given guest vm ip address""" try: public_ip = PublicIPAddress.create(self.api_client,accountid=self.account.name, zoneid=self.zone.id,domainid=self.account.domainid, networkid=network.id, vpcid = network.vpcid if networktype == VPC_NETWORK else None) if networktype != VPC_NETWORK: FireWallRule.create(self.apiclient,ipaddressid=public_ip.ipaddress.id, protocol='TCP', cidrlist=[self.services["fwrule"]["cidr"]], startport=self.services["fwrule"]["startport"],endport=self.services["fwrule"]["endport"]) if ruletype == "nat": NATRule.create(self.api_client, virtual_machine, self.services["natrule"],ipaddressid=public_ip.ipaddress.id, networkid=network.id, vmguestip = vmguestip) elif ruletype == "staticnat": StaticNATRule.enable(self.apiclient, public_ip.ipaddress.id, virtual_machine.id, network.id, vmguestip=vmguestip) except Exception: return FAIL return PASS
def create_NatRule_For_VM(self, vm, public_ip, network): self.debug("Creatinng NAT rule in network for vm with public IP") nat_rule = NATRule.create(self.apiclient, vm, self.services["natrule"], ipaddressid=public_ip.ipaddress.id, openfirewall=False, networkid=network.id, vpcid=self.vpc.id) self.debug("Adding NetwrokACl rules to make NAT rule accessible") nwacl_nat = NetworkACL.create(self.apiclient, networkid=network.id, services=self.services["natrule"], traffictype='Ingress') self.debug('nwacl_nat=%s' % nwacl_nat.__dict__) return nat_rule
def create_NatRule_For_VM(self, vm, public_ip, network, services=None): self.debug("Creatinng NAT rule in network for vm with public IP") if not services: services = self.services["natrule"] nat_rule = NATRule.create( self.apiclient, vm, services, ipaddressid=public_ip.ipaddress.id, openfirewall=False, networkid=network.id, vpcid=self.vpc.id, ) self.debug("Adding NetwrokACl rules to make NAT rule accessible") nwacl_nat = NetworkACL.create(self.apiclient, networkid=network.id, services=services, traffictype="Ingress") self.debug("nwacl_nat=%s" % nwacl_nat.__dict__) return nat_rule
def create_vm(self, pfrule=False, egress_policy=True, RR=False): self.create_network_offering(egress_policy, RR) # Creating network using the network offering created self.debug("Creating network with network offering: %s" % self.network_offering.id) self.network = Network.create(self.apiclient, self.services["network"], accountid=self.account.name, domainid=self.account.domainid, networkofferingid=self.network_offering.id, zoneid=self.zone.id) self.cleanup_networks.append(self.network) self.debug("Created network with ID: %s" % self.network.id) self.debug("Deploying instance in the account: %s" % self.account.name) project = None try: self.virtual_machine = VirtualMachine.create(self.apiclient, self.services["virtual_machine"], accountid=self.account.name, domainid=self.domain.id, serviceofferingid=self.service_offering.id, mode=self.zone.networktype if pfrule else 'basic', networkids=[str(self.network.id)], projectid=project.id if project else None) self.cleanup_vms.append(self.virtual_machine) except Exception as e: self.fail("Virtual machine deployment failed with exception: %s" % e) self.debug("Deployed instance %s in account: %s" % (self.virtual_machine.id,self.account.name)) # Checking if VM is running or not, in case it is deployed in error state, test case fails self.vm_list = list_virtual_machines(self.apiclient, id=self.virtual_machine.id) self.assertEqual(validateList(self.vm_list)[0], PASS, "vm list validation failed, vm list is %s" % self.vm_list) self.assertEqual(str(self.vm_list[0].state).lower(),'running',"VM state should be running, it is %s" % self.vm_list[0].state) self.public_ip = PublicIPAddress.create( self.apiclient, accountid=self.account.name, zoneid=self.zone.id, domainid=self.account.domainid, networkid=self.network.id ) # Open up firewall port for SSH FireWallRule.create( self.apiclient, ipaddressid=self.public_ip.ipaddress.id, protocol=self.services["natrule"]["protocol"], cidrlist=['0.0.0.0/0'], startport=self.services["natrule"]["publicport"], endport=self.services["natrule"]["publicport"] ) self.debug("Creating NAT rule for VM ID: %s" % self.virtual_machine.id) #Create NAT rule NATRule.create( self.apiclient, self.virtual_machine, self.services["natrule"], self.public_ip.ipaddress.id ) return