def test_add_user_to_project_with_project_role(self):
"""
1. Create a User Account
2. Add user of an account with 'Regular' project account role associate it with a Project role;
The role defines what APIs are allowed/disallowed for the user: here, 'listPublicIpAddresses'
is denied for the user account
3. Execute the 'listPublicIpAddresses' API and verify/confirm that the API isn't allowed to be executed
by the user
"""
self.useraccount = Account.create(self.apiclient,
self.testdata["account"],
roleid=4)
self.cleanup.append(self.useraccount)
# Add account to the project
self.project.addUser(self.apiclient,
username=self.useraccount.user[0].username,
projectroleid=self.projectrole.id)
Project.listAccounts(self.apiclient, projectid=self.project.id)
self.userapiclient = self.testClient.getUserApiClient(
UserName=self.useraccount.name,
DomainName=self.useraccount.domain,
type=0)
try:
PublicIPAddress.list(self.userapiclient, projectid=self.project.id)
self.fail(
"API call succeeded which is denied for the project role")
except CloudstackAPIException:
pass
def test_04_list_publicip_all_subdomains(self):
"""
A domain admin should be able to display public ip address
in his domain and also all child domains
Step 1: Display all public ip address in that domain and sub domain
Step 2: Ensure that the count is 11 (all ip from parent domain and allocated from sub domain)
Step 3: Display only the allocated Ip address
Step 4: Ensure that the count is 2
Step 5: Display public ip of child domain using domain/account
Step 6: Ensure that the count is 10
Step 7: Display public ip of child domain using network id
Step 8: Ensure that the count is 1 as only one IP is allocated
:return:
"""
user = self.account1.user[0]
user_api_client = self.testClient.getUserApiClient(
user.username, self.domain1.name)
# Step 1: Display all public ip
ipAddresses = PublicIPAddress.list(user_api_client,
allocatedonly=False,
listall=True,
isrecursive=True,
forvirtualnetwork=True)
# Step 2: Ensure that it can display all ip from current domain and
# only allocated ip from child domains
self.assertEqual(
len(ipAddresses), 11,
"Unable to display all IP address is domain %s" %
self.domain1.name)
# Step 3: display only allocated ip for parent and sub domain
ipAddresses = PublicIPAddress.list(user_api_client,
allocatedonly=True,
listall=True,
isrecursive=True,
forvirtualnetwork=True)
# Step 4: Ensure that the count is 2
self.assertEqual(
len(ipAddresses), 2,
"Unable to display all allocated IP address is domain %s" %
self.domain1.name)
# Step 5: display ip of child domain using domainid/account
ipAddresses = PublicIPAddress.list(user_api_client,
allocatedonly=False,
listall=True,
isrecursive=True,
domainid=self.sub_domain.id,
account=self.sub_account.name,
forvirtualnetwork=True)
# Step 6: Ensure that the count is 10
self.assertEqual(len(ipAddresses), 10,
"Unable to display IP address of child domain")
def test_01_list_publicip_root_domain(self):
"""
ROOT domain should be able to list public IP address of all
sub domains
Step 1: List all public ip address
Step 2: Ensure that the count is greater than or equal to 30
Step 3: Display only allocated ip address
Step 4: Ensure that the count is greater than or equal to 0
Step 5: Display ip address from shared networks
Step 6: Ensure that the count is greater than or equal to 30
:return:
"""
# Step 1
ipAddresses = PublicIPAddress.list(
self.apiclient,
allocatedonly=False,
isrecursive=True,
listall=True,
forvirtualnetwork=True)
# Step 2
self.assertGreaterEqual(
len(ipAddresses),
30,
"Unable to display all public ip for ROOT domain"
)
# Step 4
ipAddresses = PublicIPAddress.list(
self.apiclient,
allocatedonly=True,
isrecursive=True,
listall=True,
forvirtualnetwork=True)
self.assertGreaterEqual(
len(ipAddresses),
0,
"Unable to display all public ip for ROOT domain"
)
# Step 5
ipAddresses = PublicIPAddress.list(
self.apiclient,
allocatedonly=False,
isrecursive=True,
listall=True,
forvirtualnetwork=False)
# Step 6
self.assertGreaterEqual(
len(ipAddresses),
10,
"Unable to display all public ip for ROOT domain"
)
def test_06_list_publicip_user_domain(self):
"""
Display public ip address from shared networks
1. List public ip address of shared network as root admin
2. Ensure that it can display all public ip address
3. List public ip address of shared networks as domain admin
4. It should not return any result
5. Try to display public ip by passing network id
6. Ensure that we get exception when trying to do so
:return:
"""
# Step 1
ipAddresses = PublicIPAddress.list(
self.apiclient,
allocatedonly=False,
listall=True,
networkid=self.guest_network.id,
forvirtualnetwork=False)
# Step 2
self.assertGreaterEqual(
len(ipAddresses),
10,
"Unable to display allocated public ip in VPC"
)
user = self.account1.user[0]
user_api_client = self.testClient.getUserApiClient(user.username, self.domain1.name)
# Step 3
ipAddresses = PublicIPAddress.list(
user_api_client,
allocatedonly=False,
listall=True,
networkid=self.guest_network.id,
forvirtualnetwork=False)
# Step 4
self.assertIsNone(
ipAddresses,
"Unable to display allocated public ip in VPC"
)
try:
# Step 5
PublicIPAddress.list(
user_api_client,
allocatedonly=False,
listall=True,
associatednetworkid=self.guest_network.id,
forvirtualnetwork=True)
# Step 6
self.fail("Domain should not access public ip of sibling domain")
except Exception as e:
self.info("Got exception as expected since domain2 cant access network of domain1")
def validate_Public_IP(self,
public_ip,
network,
static_nat=False,
vm=None):
"""Validates the Public IP"""
self.debug(
"Check if the Public IP is successfully assigned to the network ?")
public_ips = PublicIPAddress.list(self.api_client,
id=public_ip.ipaddress.id,
networkid=network.id,
isstaticnat=static_nat,
listall=True)
self.assertEqual(
isinstance(public_ips, list), True,
"List public Ip for network should return a valid list")
self.assertEqual(
public_ips[0].ipaddress, public_ip.ipaddress.ipaddress,
"List public Ip for network should list the assigned public Ip address"
)
self.assertEqual(public_ips[0].state, "Allocated",
"Assigned public Ip is not in the allocated state")
if static_nat and vm:
self.assertEqual(
public_ips[0].virtualmachineid, vm.id,
"Static NAT Rule not enabled for the VM using the assigned public Ip"
)
self.debug("Assigned Public IP is successfully validated - %s" %
public_ip.ipaddress.ipaddress)
def isIpInDesiredState(apiclient, ipaddressid, state):
""" Check if the given IP is in the correct state (given)
and return True/False accordingly"""
retriesCount = 10
ipInDesiredState = False
exceptionOccured = False
exceptionMessage = ""
try:
while retriesCount >= 0:
portableips = PublicIPAddress.list(apiclient, id=ipaddressid)
assert validateList(
portableips)[0] == PASS, "IPs list validation failed"
if str(portableips[0].state).lower() == state:
ipInDesiredState = True
break
retriesCount -= 1
time.sleep(60)
except Exception as e:
exceptionOccured = True
exceptionMessage = e
return [exceptionOccured, ipInDesiredState, e]
if not ipInDesiredState:
exceptionMessage = "Ip should be in %s state, it is in %s" %\
(state, portableips[0].state)
return [False, ipInDesiredState, exceptionMessage]
def validate_PublicIPAddress(self, public_ip, network, static_nat=False,
vm=None):
"""Validates the Public IP Address"""
self.debug("Validating the assignment and state of public IP address "
"- %s" % public_ip.ipaddress.ipaddress)
public_ips = PublicIPAddress.list(self.api_client,
id=public_ip.ipaddress.id,
networkid=network.id,
isstaticnat=static_nat,
listall=True
)
self.assertEqual(isinstance(public_ips, list), True,
"List public IP for network should return a "
"valid list"
)
self.assertEqual(public_ips[0].ipaddress,
public_ip.ipaddress.ipaddress,
"List public IP for network should list the assigned "
"public IP address"
)
self.assertEqual(public_ips[0].state, "Allocated",
"Assigned public IP is not in the allocated state"
)
if static_nat and vm:
self.assertEqual(public_ips[0].virtualmachineid, vm.id,
"Static NAT rule is not enabled for the VM on "
"the assigned public IP"
)
self.debug("Successfully validated the assignment and state of public "
"IP address - %s" % public_ip.ipaddress.ipaddress)
def validate_network_rules(self):
""" Validate network rules
"""
vms = VirtualMachine.list(self.api_client,
account=self.account.name,
domainid=self.account.domainid,
listall=True)
public_ips = PublicIPAddress.list(self.api_client,
account=self.account.name,
domainid=self.account.domainid,
listall=True)
for vm, public_ip in zip(vms, public_ips):
try:
ssh_1 = vm.get_ssh_client(
ipaddress=public_ip.ipaddress.ipaddress)
self.debug("SSH into VM is successfully")
self.debug(
"Verifying if we can ping to outside world from VM?")
# Ping to outsite world
res = ssh_1.execute("ping -c 1 www.google.com")
# res = 64 bytes from maa03s17-in-f20.1e100.net (74.125.236.212):
# icmp_req=1 ttl=57 time=25.9 ms
# --- www.l.google.com ping statistics ---
# 1 packets transmitted, 1 received, 0% packet loss, time 0ms
# rtt min/avg/max/mdev = 25.970/25.970/25.970/0.000 ms
except Exception as e:
self.fail("Failed to SSH into VM - %s, %s" %
(public_ip.ipaddress.ipaddress, e))
result = str(res)
self.assertEqual(
result.count("1 received"), 1,
"Ping to outside world from VM should be successful")
def get_free_ipaddress(self, vlanId):
ipaddresses = PublicIPAddress.list(self.apiclient,
vlanid=vlanId,
state='Free')
self.assertEqual(
isinstance(ipaddresses, list), True,
"List ipaddresses should return a valid response for Free ipaddresses"
)
random.shuffle(ipaddresses)
return ipaddresses[0].ipaddress
def test_08_add_TCP_PF_Rule_In_VPN(self):
"""
Test to add TCP Port Forwarding rule for specific ports(500,1701 and 4500) in VPN
"""
# Steps for verification
# 1. Enable vpn on SourceNAT IP address
# 2. Configure PF with TCP ports 500,1701 and 4500. It should be allowed
# Should not conflict with UPD ports used for VPN
vm_res = VirtualMachine.list(self.apiclient,
id=self.virtual_machine.id,
listall=True)
self.assertEqual(
validateList(vm_res)[0], PASS, "Failed to list virtual machine")
network_id = vm_res[0].nic[0].networkid
src_nat_list = PublicIPAddress.list(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
associatednetworkid=network_id)
self.assertEqual(
validateList(src_nat_list)[0], PASS,
"Failed to list source nat ip address")
ip = src_nat_list[0]
try:
vpn = Vpn.create(
self.apiclient,
publicipid=ip.id,
account=self.account.name,
domainid=self.account.domainid,
)
self.assertIsNotNone(vpn, "Failed to create remote access vpn")
except Exception as e:
self.fail("Failed to enable vpn on SourceNAT IP with error: %s" %
e)
#Create PF rule with TCP ports 500,4500 and 1701
self.services['natrule']['protocol'] = "TCP"
for port in [500, 4500, 1701]:
self.services['natrule']['privateport'] = port
self.services['natrule']['publicport'] = port
try:
nat = NATRule.create(self.apiclient, self.virtual_machine,
self.services["natrule"], ip.id)
self.assertIsNotNone(
nat, "Failed to add PF rule with tcp parts matching vpn")
except Exception as e:
self.fail(
"Creating PF rule for TCP port %s in VPN failed : %s" %
(port, e))
return
def validate_network_rules(self):
""" Validate network rules
"""
vms = VirtualMachine.list(
self.api_client,
account=self.account.name,
domainid=self.account.domainid,
listall=True
)
public_ips = PublicIPAddress.list(
self.api_client,
account=self.account.name,
domainid=self.account.domainid,
listall=True
)
for vm, public_ip in zip(vms, public_ips):
try:
ssh_1 = vm.get_ssh_client(
ipaddress=public_ip.ipaddress.ipaddress)
self.debug("SSH into VM is successfully")
self.debug(
"Verifying if we can ping to outside world from VM?")
# Ping to outsite world
res = ssh_1.execute("ping -c 1 www.google.com")
# res = 64 bytes from maa03s17-in-f20.1e100.net (74.125.236.212):
# icmp_req=1 ttl=57 time=25.9 ms
# --- www.l.google.com ping statistics ---
# 1 packets transmitted, 1 received, 0% packet loss, time 0ms
# rtt min/avg/max/mdev = 25.970/25.970/25.970/0.000 ms
except Exception as e:
self.fail("Failed to SSH into VM - %s, %s" %
(public_ip.ipaddress.ipaddress, e))
result = str(res)
self.assertEqual(
result.count("1 received"),
1,
"Ping to outside world from VM should be successful"
)
def validate_Public_IP(self, public_ip, network, static_nat=False, vm=None):
"""Validates the Public IP"""
self.debug("Check if the Public IP is successfully assigned to the network ?")
public_ips = PublicIPAddress.list(self.api_client,
id=public_ip.ipaddress.id,
networkid=network.id,
isstaticnat=static_nat,
listall=True
)
self.assertEqual(isinstance(public_ips, list), True,
"List public Ip for network should return a valid list"
)
self.assertEqual(public_ips[0].ipaddress, public_ip.ipaddress.ipaddress,
"List public Ip for network should list the assigned public Ip address"
)
self.assertEqual(public_ips[0].state, "Allocated",
"Assigned public Ip is not in the allocated state"
)
if static_nat and vm:
self.assertEqual(public_ips[0].virtualmachineid, vm.id,
"Static NAT Rule not enabled for the VM using the assigned public Ip"
)
self.debug("Assigned Public IP is successfully validated - %s" % public_ip.ipaddress.ipaddress)
def test_01_create_delete_portforwarding_fornonvpc(self):
"""
@summary: Test to list, create and delete Port Forwarding for
IP Address associated to Non VPC network
@Steps:
Step1: Creating a Network for the user
Step2: Associating an IP Addresses for Network
Step3: Launching Virtual Machine in network created in step 2
Step4: Listing Port Forwarding Rules for the IP Address associated
in Step2
Step5: Verifying that no Port Forwarding Rules are listed
Step6: Creating a Port Forwarding Rule for IP Address associated in
Step2
Step7: Listing Port Forwarding Rules for the IP Address associated in
Step2
Step8: Verifying 1 Port Forwarding Rule is listed
Step9: Deleting the Port Forwarding Rule created in Step6
Step10: Listing Port Forwarding Rules for the IP Address associated in
Step2
Step11: Verifying that no Port Forwarding Rules are listed
"""
# Listing all the Networks's for a user
list_networks_before = Network.list(
self.userapiclient,
listall=self.services["listall"],
type="Isolated"
)
# Verifying No Networks are listed
self.assertIsNone(
list_networks_before,
"Networks listed for newly created User"
)
# Listing Network Offerings
network_offerings_list = NetworkOffering.list(
self.apiClient,
forvpc="false",
guestiptype="Isolated",
state="Enabled",
supportedservices="SourceNat,PortForwarding",
zoneid=self.zone.id
)
status = validateList(network_offerings_list)
self.assertEqual(
PASS,
status[0],
"Isolated Network Offerings with sourceNat,\
PortForwarding enabled are not found"
)
# Creating a network
network = Network.create(
self.userapiclient,
self.services["network"],
accountid=self.account.name,
domainid=self.domain.id,
networkofferingid=network_offerings_list[0].id,
zoneid=self.zone.id
)
self.assertIsNotNone(
network,
"Network creation failed"
)
# Listing all the IP Addresses for a user
list_ipaddresses_before = PublicIPAddress.list(
self.userapiclient,
listall=self.services["listall"]
)
# Verifying no IP Addresses are listed
self.assertIsNone(
list_ipaddresses_before,
"IP Addresses listed for newly created User"
)
service_offering = ServiceOffering.create(
self.apiClient,
self.services["service_offerings"]["tiny"],
)
self.services["virtual_machine"]["zoneid"] = self.zone.id
vm = VirtualMachine.create(
self.userapiclient,
self.services["virtual_machine"],
accountid=self.account.name,
domainid=self.account.domainid,
networkids=network.id,
serviceofferingid=service_offering.id
)
VirtualMachine.delete(vm, self.apiClient, expunge=True)
# Associating an IP Addresses to Network created
associated_ipaddress = PublicIPAddress.create(
self.userapiclient,
services=self.services["network"],
networkid=network.id
)
self.assertIsNotNone(
associated_ipaddress,
"Failed to Associate IP Address"
)
# Listing all the IP Addresses for a user
list_ipaddresses_after = PublicIPAddress.list(
self.userapiclient,
listall=self.services["listall"]
)
status = validateList(list_ipaddresses_after)
self.assertEqual(
PASS,
status[0],
"IP Addresses Association Failed"
)
# Verifying the length of the list is 2
self.assertEqual(
2,
len(list_ipaddresses_after),
"Number of IP Addresses associated are not matching expected"
)
# Launching a Virtual Machine with above created Network
vm_created = VirtualMachine.create(
self.userapiclient,
self.services["virtual_machine"],
accountid=self.account.name,
domainid=self.account.domainid,
networkids=network.id,
serviceofferingid=self.service_offering.id,
)
self.assertIsNotNone(
vm_created,
"Failed to launch a VM under network created"
)
self.cleanup.append(network)
# Listing Virtual Machines in running state in above created network
list_vms_running = VirtualMachine.list(
self.userapiclient,
listall=self.services["listall"],
state="Running",
networkid=network.id
)
status = validateList(list_vms_running)
self.assertEqual(
PASS,
status[0],
"VM Created is not in Running state"
)
# Verifying the length of the list is 2
self.assertEqual(
2,
len(list_ipaddresses_after),
"VM Created is not in Running state"
)
self.assertEqual(
vm_created.id,
list_vms_running[0].id,
"VM Created is not in Running state"
)
# Listing Virtual Machines in stopped state in above created network
list_vms_stopped = VirtualMachine.list(
self.userapiclient,
listall=self.services["listall"],
state="Stopped",
networkid=network.id
)
# Verifying no VMs are in stopped state
self.assertIsNone(
list_vms_stopped,
"VM Created is in stopped state"
)
# Listing Port Forwarding Rules for the IP Address associated
list_prtfwdrule_before = NATRule.list(
self.userapiclient,
listall=self.services["listall"],
ipaddressid=associated_ipaddress.ipaddress.id
)
# Verifying no port forwarding rules are listed
self.assertIsNone(
list_prtfwdrule_before,
"Port Forwarding Rules listed for newly associated IP Address"
)
# Creating a Port Forwarding rule
portfwd_rule = NATRule.create(
self.userapiclient,
virtual_machine=vm_created,
services=self.services["natrule"],
ipaddressid=associated_ipaddress.ipaddress.id,
)
self.assertIsNotNone(
portfwd_rule,
"Failed to create Port Forwarding Rule"
)
# Verifying details of Sticky Policy created
# Creating expected and actual values dictionaries
expected_dict = {
"ipaddressid": associated_ipaddress.ipaddress.id,
"privateport": str(self.services["natrule"]["privateport"]),
"publicport": str(self.services["natrule"]["publicport"]),
"protocol": str(self.services["natrule"]["protocol"]).lower(),
}
actual_dict = {
"ipaddressid": portfwd_rule.ipaddressid,
"privateport": str(portfwd_rule.privateport),
"publicport": str(portfwd_rule.publicport),
"protocol": portfwd_rule.protocol,
}
portfwd_status = self.__verify_values(
expected_dict,
actual_dict
)
self.assertEqual(
True,
portfwd_status,
"Created Port Forward Rule details are not as expected"
)
# Listing Port Forwarding Rules for the IP Address associated
list_prtfwdrule_after = NATRule.list(
self.userapiclient,
listall=self.services["listall"],
ipaddressid=associated_ipaddress.ipaddress.id
)
status = validateList(list_prtfwdrule_after)
self.assertEqual(
PASS,
status[0],
"Failed to create Port Forwarding Rule"
)
# Verifying the length of the list is 1
self.assertEqual(
1,
len(list_prtfwdrule_after),
"Failed to create Port Forwarding Rule"
)
# Deleting Port Forwarding Rule
portfwd_rule.delete(self.userapiclient)
# Creating a Port Forwarding rule with port range
portfwd_rule = NATRule.create(
self.userapiclient,
virtual_machine=vm_created,
services=self.services["natrulerange"],
ipaddressid=associated_ipaddress.ipaddress.id,
)
self.assertIsNotNone(
portfwd_rule,
"Failed to create Port Forwarding Rule"
)
# update the private port for port forwarding rule
updatefwd_rule = portfwd_rule.update(self.userapiclient,
portfwd_rule.id,
virtual_machine=vm_created,
services=self.services["updatenatrulerange"],
)
# Verifying details of Sticky Policy created
# Creating expected and actual values dictionaries
expected_dict = {
"privateport": str(self.services["updatenatrulerange"]["privateport"]),
"privateendport": str(self.services["updatenatrulerange"]["privateendport"]),
}
actual_dict = {
"privateport": str(updatefwd_rule.privateport),
"privateendport": str(updatefwd_rule.privateendport),
}
portfwd_status = self.__verify_values(
expected_dict,
actual_dict
)
self.assertEqual(
True,
portfwd_status,
"Updated Port Forward Rule details are not as expected"
)
# Deleting Port Forwarding Rule
portfwd_rule.delete(self.userapiclient)
# Listing Port Forwarding Rules for the IP Address associated
list_prtfwdrule_after = NATRule.list(
self.userapiclient,
listall=self.services["listall"],
ipaddressid=associated_ipaddress.ipaddress.id
)
# Verifying no port forwarding rules are listed
self.assertIsNone(
list_prtfwdrule_after,
"Port Forwarding Rules listed after deletion"
)
# Destroying the VM Launched
vm_created.delete(self.apiClient)
self.cleanup.append(self.account)
return
def test_08_add_TCP_PF_Rule_In_VPN(self):
"""
Test to add TCP Port Forwarding rule for specific ports(500,1701 and 4500) in VPN
"""
# Steps for verification
# 1. Enable vpn on SourceNAT IP address
# 2. Configure PF with TCP ports 500,1701 and 4500. It should be allowed
# Should not conflict with UPD ports used for VPN
vm_res = VirtualMachine.list(
self.apiclient,
id=self.virtual_machine.id,
listall=True
)
self.assertEqual(
validateList(vm_res)[0],
PASS,
"Failed to list virtual machine"
)
network_id = vm_res[0].nic[0].networkid
src_nat_list = PublicIPAddress.list(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
associatednetworkid=network_id
)
self.assertEqual(
validateList(src_nat_list)[0],
PASS,
"Failed to list source nat ip address"
)
ip = src_nat_list[0]
try:
vpn = Vpn.create(
self.apiclient,
publicipid=ip.id,
account=self.account.name,
domainid=self.account.domainid,
)
self.assertIsNotNone(
vpn,
"Failed to create remote access vpn"
)
except Exception as e:
self.fail("Failed to enable vpn on SourceNAT IP with error: %s" % e)
#Create PF rule with TCP ports 500,4500 and 1701
self.services['natrule']['protocol']="TCP"
for port in [500, 4500, 1701]:
self.services['natrule']['privateport'] = port
self.services['natrule']['publicport'] = port
try:
nat = NATRule.create(
self.apiclient,
self.virtual_machine,
self.services["natrule"],
ip.id
)
self.assertIsNotNone(
nat,
"Failed to add PF rule with tcp parts matching vpn"
)
except Exception as e:
self.fail("Creating PF rule for TCP port %s in VPN failed : %s" % (port, e))
return
def _test_vpc_site2site_vpn(self, vpc_offering, num_VPCs=3):
# Number of VPNs (to test) is number_of_VPCs - 1
# By default test setting up 2 VPNs from VPC0, requiring total of 3 VPCs
maxnumVM = num_VPCs - 1
# Create VPC i
vpc_list = []
for i in range(num_VPCs):
# Generate VPC (mostly subnet) info
vpcservice_n = copy.deepcopy(self.services["vpcN"])
for key in vpcservice_n.keys():
vpcservice_n[key] = vpcservice_n[key].format(N=`i`)
vpc_n = VPC.create(
api_client=self.apiclient,
services=vpcservice_n,
networkDomain="vpc%d.vpn" % i,
vpcofferingid=vpc_offering.id,
zoneid=self.zone.id,
account=self.account.name,
domainid=self.domain.id
)
self.assertIsNotNone(vpc_n, "VPC%d creation failed" % i)
vpc_list.append(vpc_n)
self.cleanup.append(vpc_n)
self.logger.debug("VPC%d %s created" % (i, vpc_list[i].id))
default_acl = NetworkACLList.list(self.apiclient, name="default_allow")[0]
# Create network in VPC i
ntwk_list = []
for i in range(num_VPCs):
# Generate network (mostly subnet) info
ntwk_info_n = copy.deepcopy(self.services["network_N"])
for key in ntwk_info_n.keys():
ntwk_info_n[key] = ntwk_info_n[key].format(N=`i`)
ntwk_n = Network.create(
api_client=self.apiclient,
services=ntwk_info_n,
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=self.network_offering.id,
zoneid=self.zone.id,
vpcid=vpc_list[i].id,
aclid=default_acl.id
)
self.assertIsNotNone(ntwk_n, "Network%d failed to create" % i)
self.cleanup.append(ntwk_n)
ntwk_list.append(ntwk_n)
self.logger.debug("Network%d %s created in VPC %s" % (i, ntwk_list[i].id, vpc_list[i].id))
# Deploy a vm in network i
vm_list = []
vm_n = None
for i in range(num_VPCs):
vm_n = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"],
templateid=self.template.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.virtual_machine_offering.id,
networkids=[ntwk_list[i].id],
hypervisor=self.hypervisor,
mode='advanced' if (i == 0) or (i == maxnumVM) else 'default'
)
self.assertIsNotNone(vm_n, "VM%d failed to deploy" % i)
self.cleanup.append(vm_n)
vm_list.append(vm_n)
self.logger.debug("VM%d %s deployed in VPC %s" % (i, vm_list[i].id, vpc_list[i].id))
self.assertEquals(vm_n.state, 'Running', "VM%d is not running" % i)
# 4) Enable Site-to-Site VPN for VPC
vpn_response_list = []
for i in range(num_VPCs):
vpn_response = Vpn.createVpnGateway(self.apiclient, vpc_list[i].id)
self.assertIsNotNone(vpn_response, "Failed to enable VPN Gateway %d" % i)
vpn_response_list.append(vpn_response)
self.logger.debug("VPN gateway for VPC%d %s enabled" % (i, vpc_list[i].id))
# 5) Add VPN Customer gateway info
vpn_cust_gw_list = []
services = self.services["vpncustomergateway"]
for i in range(num_VPCs):
src_nat_list = PublicIPAddress.list(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
vpcid=vpc_list[i].id
)
ip = src_nat_list[0]
customer_response = VpnCustomerGateway.create(self.apiclient, services, "Peer VPC" + `i`, ip.ipaddress, vpc_list[i].cidr, self.account.name, self.domain.id)
self.cleanup.insert(0, customer_response) # this has to be cleaned up after the VPCs have been destroyed (due to client connectionsonections)
vpn_cust_gw_list.append(customer_response)
self.logger.debug("VPN customer gateway added for VPC%d %s enabled" % (i, vpc_list[i].id))
# Before the next step ensure the last VPC is up and running
# Routers in the right state?
self.assertEqual(self.routers_in_right_state(vpcid=vpc_list[maxnumVM].id), True, "Check whether the routers are in the right state.")
# 6) Connect VPCi with VPC0
for i in range(num_VPCs)[1:]:
passiveVpn = Vpn.createVpnConnection(self.apiclient, vpn_cust_gw_list[0].id, vpn_response_list[i]['id'], True)
self.logger.debug("VPN passive connection created for VPC%d %s" % (i, vpc_list[i].id))
vpnconn2_response = Vpn.createVpnConnection(self.apiclient, vpn_cust_gw_list[i].id, vpn_response_list[0]['id'])
self.logger.debug("VPN connection created for VPC%d %s" % (0, vpc_list[0].id))
self.assertEqual(vpnconn2_response['state'], "Connected", "Failed to connect between VPCs 0 and %d!" % i)
self.logger.debug("VPN connected between VPC0 and VPC%d" % i)
time.sleep(15)
self.logger.debug("Resetting VPN connection with id %s" % (passiveVpn['id']))
Vpn.resetVpnConnection(self.apiclient, passiveVpn['id'])
# Ping to put tunnel up
ssh_client = vm_list[0].get_ssh_client(retries=10)
self.assertIsNotNone(ssh_client, "Failed to setup SSH to VM0")
if ssh_client:
# run ping test
for i in range(num_VPCs)[1:]:
packet_loss = ssh_client.execute("/bin/ping -c 3 -t 10 " + vm_list[i].nic[0].ipaddress)[0]
self.logger.debug("Ping from vm0 to vm%d to make sure tunnel is up." % i)
else:
self.fail("Failed to setup ssh connection to %s" % vm_list[0].public_ip)
self.logger.debug("Waiting for the VPN with id %s to connect" % (passiveVpn['id']))
max_retries = 30
retries = 0
while retries < max_retries:
vpnconn2_response = Vpn.listVpnConnection(self.apiclient, listall=True, id=passiveVpn['id'])
if len(vpnconn2_response) > 0 and vpnconn2_response[0].state.lower() == 'connected':
break
retries += 1
time.sleep(2)
self.assertLess(retries, max_retries, "Failed to reconnect VPN with id %s" % (passiveVpn['id']))
# First the last VM
# setup ssh connection to vm maxnumVM
self.logger.debug("Setup SSH connection to last VM created (%d) to ensure availability for ping tests" % maxnumVM)
ssh_max_client = vm_list[maxnumVM].get_ssh_client(retries=20)
self.assertIsNotNone(ssh_max_client, "Failed to setup SSH to last VM created (%d)" % maxnumVM)
self.logger.debug("Setup SSH connection to first VM created (0) to ensure availability for ping tests")
ssh_client = vm_list[0].get_ssh_client(retries=10)
self.assertIsNotNone(ssh_client, "Failed to setup SSH to VM0")
if ssh_client:
# run ping test
for i in range(num_VPCs)[1:]:
packet_loss = ssh_client.execute(
"/bin/ping -c 3 -t 10 " + vm_list[i].nic[0].ipaddress + " |grep packet|cut -d ' ' -f 7| cut -f1 -d'%'")[0]
self.assertEquals(int(packet_loss), 0, " Ping towards vm" + `i` + " did not succeed")
self.logger.debug("SUCCESS! Ping from vm0 to vm%d succeeded." % i)
else:
self.fail("Failed to setup ssh connection to %s" % vm_list[0].public_ip)
return
def test_01_firewall_rules_port_fw(self):
""""Checking firewall rules deletion after static NAT disable"""
# Validate the following:
#1. Enable static NAT for a VM
#2. Open up some ports. At this point there will be new rows in the
# firewall_rules table.
#3. Disable static NAT for the VM.
#4. Check fire wall rules are deleted from firewall_rules table.
public_ip = self.public_ip.ipaddress
# Enable Static NAT for VM
StaticNATRule.enable(
self.apiclient,
public_ip.id,
self.virtual_machine.id
)
self.debug("Enabled static NAT for public IP ID: %s" %
public_ip.id)
#Create Static NAT rule, in fact it's firewall rule
nat_rule = StaticNATRule.create(
self.apiclient,
self.services["firewall_rule"],
public_ip.id
)
self.debug("Created Static NAT rule for public IP ID: %s" %
public_ip.id)
self.debug("Checking IP address")
ip_response = PublicIPAddress.list(
self.apiclient,
id = public_ip.id
)
self.assertEqual(
isinstance(ip_response, list),
True,
"Check ip response returns a valid list"
)
self.assertNotEqual(
len(ip_response),
0,
"Check static NAT Rule is created"
)
self.assertTrue(
ip_response[0].isstaticnat,
"IP is not static nat enabled"
)
self.assertEqual(
ip_response[0].virtualmachineid,
self.virtual_machine.id,
"IP is not binding with the VM"
)
self.debug("Checking Firewall rule")
firewall_response = FireWallRule.list(
self.apiclient,
ipaddressid = public_ip.id,
listall = True
)
self.assertEqual(
isinstance(firewall_response, list),
True,
"Check firewall response returns a valid list"
)
self.assertNotEqual(
len(firewall_response),
0,
"Check firewall rule is created"
)
self.assertEqual(
firewall_response[0].state,
"Active",
"Firewall rule is not active"
)
self.assertEqual(
firewall_response[0].ipaddressid,
public_ip.id,
"Firewall rule is not static nat related"
)
self.assertEqual(
firewall_response[0].startport,
str(self.services["firewall_rule"]["startport"]),
"Firewall rule is not with specific port"
)
self.debug("Removed the firewall rule")
nat_rule.delete(self.apiclient)
self.debug("Checking IP address, it should still existed")
ip_response = PublicIPAddress.list(
self.apiclient,
id = public_ip.id
)
self.assertEqual(
isinstance(ip_response, list),
True,
"Check ip response returns a valid list"
)
self.assertNotEqual(
len(ip_response),
0,
"Check static NAT Rule is created"
)
self.assertTrue(
ip_response[0].isstaticnat,
"IP is not static nat enabled"
)
self.assertEqual(
ip_response[0].virtualmachineid,
self.virtual_machine.id,
"IP is not binding with the VM"
)
self.debug("Checking Firewall rule, it should be removed")
firewall_response = FireWallRule.list(
self.apiclient,
ipaddressid = public_ip.id,
listall = True
)
self.assertEqual(
isinstance(firewall_response, list),
True,
"Check firewall response returns a valid list"
)
if len(firewall_response) != 0 :
self.assertEqual(
firewall_response[0].state,
"Deleting",
"Firewall rule should be deleted or in deleting state"
)
return
def test_vpc_site2site_vpn(self):
"""Test VPN in VPC"""
# 0) Get the default network offering for VPC
networkOffering = NetworkOffering.list(
self.apiclient,
name="DefaultIsolatedNetworkOfferingForVpcNetworks")
self.assert_(networkOffering is not None and len(networkOffering) > 0,
"No VPC based network offering")
# 1) Create VPC offering
vpcOffering = VpcOffering.list(self.apiclient, isdefault=True)
self.assert_(vpcOffering is not None and len(vpcOffering) > 0,
"No VPC offerings found")
# Create VPC 1
try:
vpc1 = VPC.create(apiclient=self.apiclient,
services=self.services["vpc"],
networkDomain="vpc1.vpn",
vpcofferingid=vpcOffering[0].id,
zoneid=self.zone.id,
account=self.account.name,
domainid=self.domain.id)
except Exception as e:
self.fail(e)
finally:
self.assert_(vpc1 is not None, "VPC1 creation failed")
self.logger.debug("VPC1 %s created" % (vpc1.id))
# Create VPC 2
try:
vpc2 = VPC.create(apiclient=self.apiclient,
services=self.services["vpc2"],
networkDomain="vpc2.vpn",
vpcofferingid=vpcOffering[0].id,
zoneid=self.zone.id,
account=self.account.name,
domainid=self.account.domainid)
except Exception as e:
self.fail(e)
finally:
self.assert_(vpc2 is not None, "VPC2 creation failed")
self.logger.debug("VPC2 %s created" % (vpc2.id))
default_acl = NetworkACLList.list(self.apiclient,
name="default_allow")[0]
# Create network in VPC 1
try:
ntwk1 = Network.create(apiclient=self.apiclient,
services=self.services["network_1"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=networkOffering[0].id,
zoneid=self.zone.id,
vpcid=vpc1.id,
aclid=default_acl.id)
except Exception as e:
self.fail(e)
finally:
self.assertIsNotNone(ntwk1, "Network failed to create")
self.logger.debug("Network %s created in VPC %s" % (ntwk1.id, vpc1.id))
# Create network in VPC 2
try:
ntwk2 = Network.create(apiclient=self.apiclient,
services=self.services["network_2"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=networkOffering[0].id,
zoneid=self.zone.id,
vpcid=vpc2.id,
aclid=default_acl.id)
except Exception as e:
self.fail(e)
finally:
self.assertIsNotNone(ntwk2, "Network failed to create")
self.logger.debug("Network %s created in VPC %s" % (ntwk2.id, vpc2.id))
# Deploy a vm in network 2
try:
vm1 = VirtualMachine.create(
self.apiclient,
services=self.services["virtual_machine"],
templateid=self.template.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id,
networkids=ntwk1.id,
hypervisor=self.services["virtual_machine"]["hypervisor"])
except Exception as e:
self.fail(e)
finally:
self.assert_(vm1 is not None, "VM failed to deploy")
self.assert_(vm1.state == 'Running', "VM is not running")
self.logger.debug("VM %s deployed in VPC %s" % (vm1.id, vpc1.id))
# Deploy a vm in network 2
try:
vm2 = VirtualMachine.create(
self.apiclient,
services=self.services["virtual_machine"],
templateid=self.template.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id,
networkids=ntwk2.id,
hypervisor=self.services["virtual_machine"]["hypervisor"])
except Exception as e:
self.fail(e)
finally:
self.assert_(vm2 is not None, "VM failed to deploy")
self.assert_(vm2.state == 'Running', "VM is not running")
self.debug("VM %s deployed in VPC %s" % (vm2.id, vpc2.id))
# 4) Enable Site-to-Site VPN for VPC
vpn1_response = Vpn.createVpnGateway(self.apiclient, vpc1.id)
self.assert_(vpn1_response is not None,
"Failed to enable VPN Gateway 1")
self.logger.debug("VPN gateway for VPC %s enabled" % vpc1.id)
vpn2_response = Vpn.createVpnGateway(self.apiclient, vpc2.id)
self.assert_(vpn2_response is not None,
"Failed to enable VPN Gateway 2")
self.logger.debug("VPN gateway for VPC %s enabled" % vpc2.id)
# 5) Add VPN Customer gateway info
src_nat_list = PublicIPAddress.list(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
vpcid=vpc1.id)
ip1 = src_nat_list[0]
src_nat_list = PublicIPAddress.list(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
vpcid=vpc2.id)
ip2 = src_nat_list[0]
services = self.services["vpncustomergateway"]
customer1_response = VpnCustomerGateway.create(
self.apiclient, services, "Peer VPC1", ip1.ipaddress, vpc1.cidr,
self.account.name, self.domain.id)
self.debug("VPN customer gateway added for VPC %s enabled" % vpc1.id)
self.logger.debug(vars(customer1_response))
customer2_response = VpnCustomerGateway.create(
self.apiclient, services, "Peer VPC2", ip2.ipaddress, vpc2.cidr,
self.account.name, self.domain.id)
self.debug("VPN customer gateway added for VPC %s enabled" % vpc2.id)
self.logger.debug(vars(customer2_response))
# 6) Connect two VPCs
vpnconn1_response = Vpn.createVpnConnection(self.apiclient,
customer1_response.id,
vpn2_response['id'], True)
self.debug("VPN passive connection created for VPC %s" % vpc2.id)
vpnconn2_response = Vpn.createVpnConnection(self.apiclient,
customer2_response.id,
vpn1_response['id'])
self.debug("VPN connection created for VPC %s" % vpc1.id)
self.assertEqual(vpnconn2_response['state'], "Connected",
"Failed to connect between VPCs!")
# acquire an extra ip address to use to ssh into vm2
try:
vm2.public_ip = PublicIPAddress.create(
apiclient=self.apiclient,
accountid=self.account.name,
zoneid=self.zone.id,
domainid=self.account.domainid,
services=self.services,
networkid=ntwk2.id,
vpcid=vpc2.id)
except Exception as e:
self.fail(e)
finally:
self.assert_(vm2.public_ip is not None,
"Failed to aqcuire public ip for vm2")
# Create port forward to be able to ssh into vm2
try:
natrule = self.create_natrule(vpc2, vm2, 22, 22, vm2.public_ip,
ntwk2)
except Exception as e:
self.fail(e)
finally:
self.assert_(natrule is not None,
"Failed to create portforward for vm2")
time.sleep(10)
# setup ssh connection to vm2
ssh_client = self.get_ssh_client(vm2, self.services, 10)
if ssh_client:
# run ping test
packet_loss = ssh_client.execute(
"/bin/ping -c 3 -t 10 " + vm1.nic[0].ipaddress +
" |grep packet|cut -d ' ' -f 7| cut -f1 -d'%'")[0]
self.assert_(int(packet_loss) == 0, "Ping did not succeed")
else:
self.fail("Failed to setup ssh connection to %s" % vm2.public_ip)
def test_forceDeleteDomain(self):
""" Test delete domain with force option"""
# Steps for validations
# 1. create a domain DOM
# 2. create 2 users under this domain
# 3. deploy 1 VM into each of these user accounts
# 4. create PF / FW rules for port 22 on these VMs for their
# respective accounts
# 5. delete the domain with force=true option
# Validate the following
# 1. listDomains should list the created domain
# 2. listAccounts should list the created accounts
# 3. listvirtualmachines should show the Running VMs
# 4. PF and FW rules should be shown in listFirewallRules
# 5. domain should delete successfully and above three list calls
# should show all the resources now deleted. listRouters should
# not return any routers in the deleted accounts/domains
self.debug("Creating a domain for login with API domain test")
domain = Domain.create(
self.apiclient,
self.services["domain"],
parentdomainid=self.domain.id
)
self.debug("Domain is created succesfully.")
self.debug(
"Checking if the created domain is listed in list domains API")
domains = Domain.list(self.apiclient, id=domain.id, listall=True)
self.assertEqual(
isinstance(domains, list),
True,
"List domains shall return a valid response"
)
self.debug("Creating 2 user accounts in domain: %s" % domain.name)
self.account_1 = Account.create(
self.apiclient,
self.services["account"],
domainid=domain.id
)
self.account_2 = Account.create(
self.apiclient,
self.services["account"],
domainid=domain.id
)
try:
self.debug("Creating a tiny service offering for VM deployment")
self.service_offering = ServiceOffering.create(
self.apiclient,
self.services["service_offering"],
domainid=self.domain.id
)
self.debug("Deploying virtual machine in account 1: %s" %
self.account_1.name)
vm_1 = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
templateid=self.template.id,
accountid=self.account_1.name,
domainid=self.account_1.domainid,
serviceofferingid=self.service_offering.id
)
self.debug("Deploying virtual machine in account 2: %s" %
self.account_2.name)
VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
templateid=self.template.id,
accountid=self.account_2.name,
domainid=self.account_2.domainid,
serviceofferingid=self.service_offering.id
)
networks = Network.list(
self.apiclient,
account=self.account_1.name,
domainid=self.account_1.domainid,
listall=True
)
self.assertEqual(
isinstance(networks, list),
True,
"List networks should return a valid response"
)
network_1 = networks[0]
self.debug("Default network in account 1: %s is %s" % (
self.account_1.name,
network_1.name))
src_nat_list = PublicIPAddress.list(
self.apiclient,
associatednetworkid=network_1.id,
account=self.account_1.name,
domainid=self.account_1.domainid,
listall=True,
issourcenat=True,
)
self.assertEqual(
isinstance(src_nat_list, list),
True,
"List Public IP should return a valid source NAT"
)
self.assertNotEqual(
len(src_nat_list),
0,
"Length of response from listPublicIp should not be 0"
)
src_nat = src_nat_list[0]
self.debug(
"Trying to create a port forwarding rule in source NAT: %s" %
src_nat.ipaddress)
#Create NAT rule
nat_rule = NATRule.create(
self.apiclient,
vm_1,
self.services["natrule"],
ipaddressid=src_nat.id
)
self.debug("Created PF rule on source NAT: %s" % src_nat.ipaddress)
nat_rules = NATRule.list(self.apiclient, id=nat_rule.id)
self.assertEqual(
isinstance(nat_rules, list),
True,
"List NAT should return a valid port forwarding rules"
)
self.assertNotEqual(
len(nat_rules),
0,
"Length of response from listLbRules should not be 0"
)
except Exception as e:
self._cleanup.append(self.account_1)
self._cleanup.append(self.account_2)
self.fail(e)
self.debug("Deleting domain with force option")
try:
domain.delete(self.apiclient, cleanup=True)
except Exception as e:
self.debug("Waiting for account.cleanup.interval" +
" to cleanup any remaining resouces")
# Sleep 3*account.gc to ensure that all resources are deleted
wait_for_cleanup(self.apiclient, ["account.cleanup.interval"]*3)
with self.assertRaises(CloudstackAPIException):
Domain.list(
self.apiclient,
id=domain.id,
listall=True
)
self.debug("Checking if the resources in domain are deleted")
with self.assertRaises(CloudstackAPIException):
Account.list(
self.apiclient,
name=self.account_1.name,
domainid=self.account_1.domainid,
listall=True
)
return
def test_01_redundant_vpc_site2site_vpn(self):
"""Test Site 2 Site VPN Across redundant VPCs"""
self.logger.debug("Starting test: test_02_redundant_vpc_site2site_vpn")
# 0) Get the default network offering for VPC
networkOffering = NetworkOffering.list(
self.apiclient, name="DefaultIsolatedNetworkOfferingForVpcNetworks")
self.assert_(networkOffering is not None and len(
networkOffering) > 0, "No VPC based network offering")
# Create and enable redundant VPC offering
redundant_vpc_offering = self._create_vpc_offering(
'redundant_vpc_offering')
self.assert_(redundant_vpc_offering is not None,
"Failed to create redundant VPC Offering")
redundant_vpc_offering.update(self.apiclient, state='Enabled')
# Create VPC 1
vpc1 = None
try:
vpc1 = VPC.create(
apiclient=self.apiclient,
services=self.services["vpc"],
networkDomain="vpc1.vpn",
vpcofferingid=redundant_vpc_offering.id,
zoneid=self.zone.id,
account=self.account.name,
domainid=self.domain.id
)
except Exception as e:
self.fail(e)
finally:
self.assert_(vpc1 is not None, "VPC1 creation failed")
self.logger.debug("VPC1 %s created" % vpc1.id)
# Create VPC 2
vpc2 = None
try:
vpc2 = VPC.create(
apiclient=self.apiclient,
services=self.services["vpc2"],
networkDomain="vpc2.vpn",
vpcofferingid=redundant_vpc_offering.id,
zoneid=self.zone.id,
account=self.account.name,
domainid=self.account.domainid
)
except Exception as e:
self.fail(e)
finally:
self.assert_(vpc2 is not None, "VPC2 creation failed")
self.logger.debug("VPC2 %s created" % vpc2.id)
default_acl = NetworkACLList.list(
self.apiclient, name="default_allow")[0]
# Create network in VPC 1
ntwk1 = None
try:
ntwk1 = Network.create(
apiclient=self.apiclient,
services=self.services["network_1"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=networkOffering[0].id,
zoneid=self.zone.id,
vpcid=vpc1.id,
aclid=default_acl.id
)
except Exception as e:
self.fail(e)
finally:
self.assertIsNotNone(ntwk1, "Network failed to create")
self.logger.debug("Network %s created in VPC %s" % (ntwk1.id, vpc1.id))
# Create network in VPC 2
ntwk2 = None
try:
ntwk2 = Network.create(
apiclient=self.apiclient,
services=self.services["network_2"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=networkOffering[0].id,
zoneid=self.zone.id,
vpcid=vpc2.id,
aclid=default_acl.id
)
except Exception as e:
self.fail(e)
finally:
self.assertIsNotNone(ntwk2, "Network failed to create")
self.logger.debug("Network %s created in VPC %s" % (ntwk2.id, vpc2.id))
# Deploy a vm in network 2
vm1 = None
try:
vm1 = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"],
templateid=self.template.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.compute_offering.id,
networkids=ntwk1.id,
hypervisor=self.hypervisor
)
except Exception as e:
self.fail(e)
finally:
self.assert_(vm1 is not None, "VM failed to deploy")
self.assert_(vm1.state == 'Running', "VM is not running")
self.logger.debug("VM %s deployed in VPC %s" % (vm1.id, vpc1.id))
# Deploy a vm in network 2
vm2 = None
try:
vm2 = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"],
templateid=self.template.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.compute_offering.id,
networkids=ntwk2.id,
hypervisor=self.hypervisor
)
except Exception as e:
self.fail(e)
finally:
self.assert_(vm2 is not None, "VM failed to deploy")
self.assert_(vm2.state == 'Running', "VM is not running")
self.debug("VM %s deployed in VPC %s" % (vm2.id, vpc2.id))
# 4) Enable Site-to-Site VPN for VPC
vpn1_response = Vpn.createVpnGateway(self.apiclient, vpc1.id)
self.assert_(
vpn1_response is not None, "Failed to enable VPN Gateway 1")
self.logger.debug("VPN gateway for VPC %s enabled" % vpc1.id)
vpn2_response = Vpn.createVpnGateway(self.apiclient, vpc2.id)
self.assert_(
vpn2_response is not None, "Failed to enable VPN Gateway 2")
self.logger.debug("VPN gateway for VPC %s enabled" % vpc2.id)
# 5) Add VPN Customer gateway info
src_nat_list = PublicIPAddress.list(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
vpcid=vpc1.id
)
ip1 = src_nat_list[0]
src_nat_list = PublicIPAddress.list(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
vpcid=vpc2.id
)
ip2 = src_nat_list[0]
services = self.services["vpncustomergateway"]
customer1_response = VpnCustomerGateway.create(
self.apiclient, services, "Peer VPC1", ip1.ipaddress, vpc1.cidr, self.account.name, self.domain.id)
self.debug("VPN customer gateway added for VPC %s enabled" % vpc1.id)
self.logger.debug(vars(customer1_response))
customer2_response = VpnCustomerGateway.create(
self.apiclient, services, "Peer VPC2", ip2.ipaddress, vpc2.cidr, self.account.name, self.domain.id)
self.debug("VPN customer gateway added for VPC %s enabled" % vpc2.id)
self.logger.debug(vars(customer2_response))
# 6) Connect two VPCs
vpnconn1_response = Vpn.createVpnConnection(
self.apiclient, customer1_response.id, vpn2_response['id'], True)
self.debug("VPN passive connection created for VPC %s" % vpc2.id)
vpnconn2_response = Vpn.createVpnConnection(
self.apiclient, customer2_response.id, vpn1_response['id'])
self.debug("VPN connection created for VPC %s" % vpc1.id)
self.assertEqual(
vpnconn2_response['state'], "Connected", "Failed to connect between VPCs!")
# acquire an extra ip address to use to ssh into vm2
try:
vm2.public_ip = PublicIPAddress.create(
apiclient=self.apiclient,
accountid=self.account.name,
zoneid=self.zone.id,
domainid=self.account.domainid,
services=self.services,
networkid=ntwk2.id,
vpcid=vpc2.id)
except Exception as e:
self.fail(e)
finally:
self.assert_(
vm2.public_ip is not None, "Failed to aqcuire public ip for vm2")
# Create port forward to be able to ssh into vm2
natrule = None
try:
natrule = self._create_natrule(
vpc2, vm2, 22, 22, vm2.public_ip, ntwk2)
except Exception as e:
self.fail(e)
finally:
self.assert_(
natrule is not None, "Failed to create portforward for vm2")
time.sleep(20)
# setup ssh connection to vm2
ssh_client = self._get_ssh_client(vm2, self.services, 10)
if ssh_client:
# run ping test
packet_loss = ssh_client.execute(
"/bin/ping -c 3 -t 10 " + vm1.nic[0].ipaddress + " |grep packet|cut -d ' ' -f 7| cut -f1 -d'%'")[0]
self.assert_(int(packet_loss) == 0, "Ping did not succeed")
else:
self.fail("Failed to setup ssh connection to %s" % vm2.public_ip)
def test_02_network_off_with_conserve_mode(self):
"""Test Network offering with Conserve mode ON and VR - All services
"""
# Validate the following
# 1. Create a Network from the above network offering and deploy a VM.
# 2. On source NAT ipaddress, we should be allowed to add a LB rules
# 3. On source NAT ipaddress, we should be allowed to add a PF rules
# 4. On source NAT ipaddress, we should be allowed to add a Firewall
# rules
# 5. On an ipaddress that has Lb rules, we should be allowed to
# program PF rules.
# 6. We should be allowed to program multiple PF rules on the same Ip
# address on different public ports.
# 7. We should be allowed to program multiple LB rules on the same Ip
# address for different public port ranges.
# 8. On source NAT ipaddress, we should be allowed to Enable VPN
# access.
# Create a network offering with all virtual router services enabled
self.debug(
"Creating n/w offering with all services in VR & conserve mode:off"
)
self.network_offering = NetworkOffering.create(
self.api_client,
self.services["network_offering"],
conservemode=True
)
self.cleanup.append(self.network_offering)
self.debug("Created n/w offering with ID: %s" %
self.network_offering.id)
# Enable Network offering
self.network_offering.update(self.apiclient, state='Enabled')
# Creating network using the network offering created
self.debug("Creating network with network offering: %s" %
self.network_offering.id)
self.network = Network.create(
self.apiclient,
self.services["network"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=self.network_offering.id,
zoneid=self.zone.id
)
self.debug("Created network with ID: %s" % self.network.id)
self.debug("Deploying VM in account: %s" % self.account.name)
# Spawn an instance in that network
virtual_machine = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id,
networkids=[str(self.network.id)]
)
self.debug("Deployed VM in network: %s" % self.network.id)
src_nat_list = PublicIPAddress.list(
self.apiclient,
associatednetworkid=self.network.id,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
)
self.assertEqual(
isinstance(src_nat_list, list),
True,
"List Public IP should return a valid source NAT"
)
self.assertNotEqual(
len(src_nat_list),
0,
"Length of response from listPublicIp should not be 0"
)
src_nat = src_nat_list[0]
self.debug("Trying to create LB rule on source NAT IP: %s" %
src_nat.ipaddress)
# Create Load Balancer rule with source NAT
lb_rule = LoadBalancerRule.create(
self.apiclient,
self.services["lbrule"],
ipaddressid=src_nat.id,
accountid=self.account.name
)
self.debug("Created LB rule on source NAT: %s" % src_nat.ipaddress)
lb_rules = LoadBalancerRule.list(
self.apiclient,
id=lb_rule.id
)
self.assertEqual(
isinstance(lb_rules, list),
True,
"List lb rules should return a valid lb rules"
)
self.assertNotEqual(
len(lb_rules),
0,
"Length of response from listLbRules should not be 0"
)
self.debug(
"Trying to create a port forwarding rule in source NAT: %s" %
src_nat.ipaddress)
#Create NAT rule
nat_rule = NATRule.create(
self.apiclient,
virtual_machine,
self.services["natrule"],
ipaddressid=src_nat.id
)
self.debug("Created PF rule on source NAT: %s" % src_nat.ipaddress)
nat_rules = NATRule.list(
self.apiclient,
id=nat_rule.id
)
self.assertEqual(
isinstance(nat_rules, list),
True,
"List NAT should return a valid port forwarding rules"
)
self.assertNotEqual(
len(nat_rules),
0,
"Length of response from listLbRules should not be 0"
)
self.debug("Creating firewall rule on source NAT: %s" %
src_nat.ipaddress)
#Create Firewall rule on source NAT
fw_rule = FireWallRule.create(
self.apiclient,
ipaddressid=src_nat.id,
protocol='TCP',
cidrlist=[self.services["fw_rule"]["cidr"]],
startport=self.services["fw_rule"]["startport"],
endport=self.services["fw_rule"]["endport"]
)
self.debug("Created firewall rule: %s" % fw_rule.id)
fw_rules = FireWallRule.list(
self.apiclient,
id=fw_rule.id
)
self.assertEqual(
isinstance(fw_rules, list),
True,
"List fw rules should return a valid firewall rules"
)
self.assertNotEqual(
len(fw_rules),
0,
"Length of fw rules response should not be zero"
)
self.debug("Associating public IP for network: %s" % self.network.id)
public_ip = PublicIPAddress.create(
self.apiclient,
accountid=self.account.name,
zoneid=self.zone.id,
domainid=self.account.domainid,
networkid=self.network.id
)
self.debug("Associated %s with network %s" % (
public_ip.ipaddress,
self.network.id
))
self.debug("Creating PF rule for IP address: %s" %
public_ip.ipaddress)
NATRule.create(
self.apiclient,
virtual_machine,
self.services["natrule"],
ipaddressid=public_ip.ipaddress.id
)
self.debug("Trying to create LB rule on IP with NAT: %s" %
public_ip.ipaddress)
# Create Load Balancer rule on IP already having NAT rule
lb_rule = LoadBalancerRule.create(
self.apiclient,
self.services["lbrule"],
ipaddressid=public_ip.ipaddress.id,
accountid=self.account.name
)
self.debug("Creating PF rule with public port: 66")
nat_rule = NATRule.create(
self.apiclient,
virtual_machine,
self.services["natrule_port_66"],
ipaddressid=public_ip.ipaddress.id
)
# Check if NAT rule created successfully
nat_rules = NATRule.list(
self.apiclient,
id=nat_rule.id
)
self.assertEqual(
isinstance(nat_rules, list),
True,
"List NAT rules should return valid list"
)
self.debug("Creating LB rule with public port: 2221")
lb_rule = LoadBalancerRule.create(
self.apiclient,
self.services["lbrule_port_2221"],
ipaddressid=public_ip.ipaddress.id,
accountid=self.account.name
)
# Check if NAT rule created successfully
lb_rules = LoadBalancerRule.list(
self.apiclient,
id=lb_rule.id
)
self.assertEqual(
isinstance(lb_rules, list),
True,
"List LB rules should return valid list"
)
# User should be able to enable VPN on source NAT
self.debug("Created VPN with source NAT IP: %s" % src_nat.ipaddress)
# Assign VPN to source NAT
Vpn.create(
self.apiclient,
src_nat.id,
account=self.account.name,
domainid=self.account.domainid
)
vpns = Vpn.list(
self.apiclient,
publicipid=src_nat.id,
listall=True,
)
self.assertEqual(
isinstance(vpns, list),
True,
"List VPNs should return a valid VPN list"
)
self.assertNotEqual(
len(vpns),
0,
"Length of list VPN response should not be zero"
)
return
def test_vpc_network_bcf(self):
"""Test VPC workflow with BigSwitch BCF plugin
1. Create a VPC with three networks
2. Create one VM on each of the three networks
3. Add firewall rule to make virtual router pingable
4. Test ping to virtual router public IP
5. Add static NAT to vm_1, with firewall rule to allow ssh
6. Add NAT rule to allow ping between net1 and net2
7. Ssh to vm_1, ping vm_2 private address, should succeed
8. continue ... ping vm_3 private address, should fail
9. continue ... ping Internet, should succeed
"""
self.debug("STEP 1: Creating VPC with VPC offering: %s" %
self.vpc_offering.id)
vpc = VPC.create(
self.apiclient,
self.services["vpc"],
accountid=self.account.name,
domainid=self.account.domainid,
vpcofferingid=self.vpc_offering.id,
zoneid=self.zone.id
)
self.debug("Created VPC with ID: %s" % self.vpc.id)
# Creating network using the vpc network offering created
self.debug("Creating networks with vpc network offering: %s" %
self.vpc_network_offering.id)
net1 = Network.create(
self.apiclient,
self.services["vpc_network"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=self.vpc_network_offering.id,
zoneid=self.zone.id,
gateway="10.0.100.1",
vpcid=vpc.id
)
self.debug("Created network with ID: %s" % net1.id)
net2 = Network.create(
self.apiclient,
self.services["vpc_network"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=self.vpc_network_offering.id,
zoneid=self.zone.id,
gateway="10.0.101.1",
vpcid=vpc.id
)
self.debug("Created network with ID: %s" % net2.id)
net3 = Network.create(
self.apiclient,
self.services["vpc_network"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=self.vpc_network_offering.id,
zoneid=self.zone.id,
gateway="10.0.102.0",
vpcid=vpc.id
)
self.debug("Created network with ID: %s" % net3.id)
self.debug("STEP 2: Deploying VMs in networks")
vm_1 = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id,
networkids=[ str(net1.id), ]
)
self.debug("Deployed VM in network: %s" % net1.id)
list_vm_response = VirtualMachine.list(
self.apiclient,
id=vm_1.id
)
self.debug(
"Verify listVirtualMachines response for virtual machine: %s" \
% vm_1.id
)
self.assertEqual(
isinstance(list_vm_response, list),
True,
"Check list response returns a valid list"
)
vm_response = list_vm_response[0]
self.assertEqual(
vm_response.state,
"Running",
"VM state should be running after deployment"
)
vm_2 = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id,
networkids=[ str(net2.id), ]
)
self.debug("Deployed VM in network: %s" % net2.id)
list_vm_response = VirtualMachine.list(
self.apiclient,
id=vm_2.id
)
self.debug(
"Verify listVirtualMachines response for virtual machine: %s" \
% vm_2.id
)
self.assertEqual(
isinstance(list_vm_response, list),
True,
"Check list response returns a valid list"
)
vm_response = list_vm_response[0]
self.assertEqual(
vm_response.state,
"Running",
"VM state should be running after deployment"
)
vm_3 = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id,
networkids=[ str(net3.id), ]
)
self.debug("Deployed VM in network: %s" % net3.id)
list_vm_response = VirtualMachine.list(
self.apiclient,
id=vm_3.id
)
self.debug(
"Verify listVirtualMachines response for virtual machine: %s" \
% vm_3.id
)
self.assertEqual(
isinstance(list_vm_response, list),
True,
"Check list response returns a valid list"
)
vm_response = list_vm_response[0]
self.assertEqual(
vm_response.state,
"Running",
"VM state should be running after deployment"
)
self.debug("STEP 3: Add FW rule to allow source nat ping")
src_nat_list = PublicIPAddress.list(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
vpcid=vpc.id
)
self.assertEqual(
isinstance(src_nat_list, list),
True,
"List Public IP should return a valid source NAT"
)
self.assertNotEqual(
len(src_nat_list),
0,
"Length of response from listPublicIp should not be 0"
)
src_nat = src_nat_list[0]
#Create Firewall rules on source NAT
fw_rule_icmp = FireWallRule.create(
self.apiclient,
ipaddressid=src_nat.id,
protocol='ICMP',
cidrlist=["0.0.0.0/0",]
)
self.debug("Created firewall rule: %s" % fw_rule_icmp.id)
self.debug("STEP 4: Trying to ping source NAT %s" % src_nat.ipaddress)
# User should be able to ping router via source nat ip
try:
self.debug("Trying to ping source NAT %s" % src_nat.ipaddress)
result = subprocess.call(
['ping', '-c 1', src_nat.ipaddress])
self.debug("Ping result: %s" % result)
# if ping successful, then result should be 0
self.assertEqual(
result,
0,
"Check if ping is successful or not"
)
except Exception as e:
self.fail("Ping failed for source NAT %s (%s)"
% (src_nat.ipaddress, e))
self.debug("STEP 5: Add static NAT to vm_1 with FW rule to allow SSH")
floating_ip_1 = PublicIPAddress.create(
self.apiclient,
accountid=self.account.name,
zoneid=self.zone.id,
domainid=self.account.domainid,
networkid=net1.id,
vpcid=vpc.id
)
self.debug("Associated %s with network %s" % (
floating_ip_1.ipaddress,
net1.id
)
)
NATRule.create(
self.apiclient,
vm_1,
self.services["natrule"],
ipaddressid=floating_ip_1.ipaddress.id,
openfirewall=False,
networkid=net1.id,
vpcid=vpc.id
)
# Should be able to SSH vm_1 via static nat, then ping vm_2 & Internet
try:
self.debug("STEP 6: SSH into vm_1: %s" % floating_ip_1)
ssh = vm_1.get_ssh_client(
ipaddress=floating_ip_1.ipaddress.ipaddress
)
# self.debug("Ping vm_2 at %s" % vm_2.ipaddress)
# Ping to outsite world
# res_1 = ssh.execute("ping -c 1 %s" % vm_2.ipaddress)
# self.debug("Ping to google.com from VM")
# Ping to outsite world
# res_2 = ssh.execute("ping -c 1 www.google.com")
# res = 64 bytes from maa03s17-in-f20.1e100.net (74.125.236.212):
# icmp_req=1 ttl=57 time=25.9 ms
# --- www.l.google.com ping statistics ---
# 1 packets transmitted, 1 received, 0% packet loss, time 0ms
# rtt min/avg/max/mdev = 25.970/25.970/25.970/0.000 ms
except Exception as e:
self.fail("SSH Access failed: %s" % e)
# self.debug("ping result1: %s" % res_1);
# self.debug("ping result2: %s" % res_2);
# result1 = str(res_1)
# self.assertEqual(
# result1.count("1 received"),
# 1,
# "Ping vm_2 from vm_1 should be successful"
# )
# result2 = str(res_2)
# self.assertEqual(
# result2.count("1 received"),
# 1,
# "Ping Internet from vm_1 should be successful"
# )
# Deleting two test VMs
VirtualMachine.delete(vm_1, self.apiclient, expunge=True)
VirtualMachine.delete(vm_2, self.apiclient, expunge=True)
# Delete Network
Network.delete(self.network, self.apiclient)
return
def test_create_network_with_snat(self):
"""Test to create a network with SourceNAT service only"""
# Validate the following
# 1. create a network offering with source nat service
# 2. create a network and deploy a vm within the network
# 3. deployment and network creation should be successful
# 4. attempt to create a fw rule. should fail since offering hasn't allowed it
# 5. try to ping out of the guest to www.google.com to check SourceNAT is working
self.account = Account.create(
self.apiclient,
self.services["account"],
admin=False,
domainid=self.domain.id
)
self.cleanup.append(self.account)
# Create a network offering VR and only SourceNAT service
self.debug(
"creating network offering with source NAT only"
)
self.network_offering = NetworkOffering.create(
self.apiclient,
self.services["network_offering_sourcenat"]
)
# Enable Network offering
self.network_offering.update(self.apiclient, state='Enabled')
self.debug("Created n/w offering with ID: %s" %
self.network_offering.id)
# Creating network using the network offering created
self.debug("Creating network with network offering: %s" %
self.network_offering.id)
self.network = Network.create(
self.apiclient,
self.services["network"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=self.network_offering.id,
zoneid=self.zone.id
)
self.debug("Created guest network with ID: %s within account %s" % (self.network.id, self.account.name))
self.debug("Deploying VM in account: %s on the network %s" % (self.account.name, self.network.id))
# Spawn an instance in that network
VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id,
networkids=[str(self.network.id)]
)
self.debug("Deployed VM in network: %s" % self.network.id)
src_nat_list = PublicIPAddress.list(
self.apiclient,
associatednetworkid=self.network.id,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
)
self.assertEqual(
isinstance(src_nat_list, list),
True,
"List Public IP should return a valid source NAT"
)
self.assertNotEqual(
len(src_nat_list),
0,
"Length of response from listPublicIp should not be 0"
)
src_nat = src_nat_list[0]
self.debug("Successfully implemented network with source NAT IP: %s" %
src_nat.ipaddress)
with self.assertRaises(Exception):
FireWallRule.create(
self.apiclient,
ipaddressid=src_nat.id,
protocol='TCP',
cidrlist=[self.services["fw_rule"]["cidr"]],
startport=self.services["fw_rule"]["startport"],
endport=self.services["fw_rule"]["endport"]
)
return
def test_01_create_lb_rule_src_nat(self):
"""Test to create Load balancing rule with source NAT"""
# Validate the Following:
# 1. listLoadBalancerRules should return the added rule
# 2. attempt to ssh twice on the load balanced IP
# 3. verify using the UNAME of the VM
# that round robin is indeed happening as expected
src_nat_ip_addrs = PublicIPAddress.list(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid
)
self.assertEqual(
isinstance(src_nat_ip_addrs, list),
True,
"Check list response returns a valid list"
)
src_nat_ip_addr = src_nat_ip_addrs[0]
# Check if VM is in Running state before creating LB rule
vm_response = VirtualMachine.list(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid
)
self.assertEqual(
isinstance(vm_response, list),
True,
"Check list VM returns a valid list"
)
self.assertNotEqual(
len(vm_response),
0,
"Check Port Forwarding Rule is created"
)
for vm in vm_response:
self.assertEqual(
vm.state,
'Running',
"VM state should be Running before creating a NAT rule."
)
# Create Load Balancer rule and assign VMs to rule
lb_rule = LoadBalancerRule.create(
self.apiclient,
self.services["lbrule"],
src_nat_ip_addr.id,
accountid=self.account.name,
vpcid=self.vpc1.id,
networkid=self.network1.id
)
self.cleanup.append(lb_rule)
lb_rule.assign(self.apiclient, [self.vm_1, self.vm_2])
lb_rules = list_lb_rules(
self.apiclient,
id=lb_rule.id
)
self.assertEqual(
isinstance(lb_rules, list),
True,
"Check list response returns a valid list"
)
# verify listLoadBalancerRules lists the added load balancing rule
self.assertNotEqual(
len(lb_rules),
0,
"Check Load Balancer Rule in its List"
)
self.assertEqual(
lb_rules[0].id,
lb_rule.id,
"Check List Load Balancer Rules returns valid Rule"
)
# listLoadBalancerRuleInstances should list all
# instances associated with that LB rule
lb_instance_rules = list_lb_instances(
self.apiclient,
id=lb_rule.id
)
self.assertEqual(
isinstance(lb_instance_rules, list),
True,
"Check list response returns a valid list"
)
self.assertNotEqual(
len(lb_instance_rules),
0,
"Check Load Balancer instances Rule in its List"
)
self.logger.debug("lb_instance_rules Ids: %s, %s" % (
lb_instance_rules[0].id,
lb_instance_rules[1].id
))
self.logger.debug("VM ids: %s, %s" % (self.vm_1.id, self.vm_2.id))
self.assertIn(
lb_instance_rules[0].id,
[self.vm_1.id, self.vm_2.id],
"Check List Load Balancer instances Rules returns valid VM ID"
)
self.assertIn(
lb_instance_rules[1].id,
[self.vm_1.id, self.vm_2.id],
"Check List Load Balancer instances Rules returns valid VM ID"
)
unameResults = []
self.try_ssh(src_nat_ip_addr.ipaddress, unameResults)
self.try_ssh(src_nat_ip_addr.ipaddress, unameResults)
self.try_ssh(src_nat_ip_addr.ipaddress, unameResults)
self.try_ssh(src_nat_ip_addr.ipaddress, unameResults)
self.try_ssh(src_nat_ip_addr.ipaddress, unameResults)
self.logger.debug("UNAME: %s" % str(unameResults))
self.assertIn(
"Linux",
unameResults,
"Check if ssh succeeded for server1"
)
self.assertIn(
"Linux",
unameResults,
"Check if ssh succeeded for server2"
)
# SSH should pass till there is a last VM associated with LB rule
lb_rule.remove(self.apiclient, [self.vm_2])
# making unameResultss list empty
unameResults[:] = []
try:
self.logger.debug("SSHing into IP address: %s after removing VM (ID: %s)" %
(
src_nat_ip_addr.ipaddress,
self.vm_2.id
))
self.try_ssh(src_nat_ip_addr.ipaddress, unameResults)
self.assertIn(
"Linux",
unameResults,
"Check if ssh succeeded for server1"
)
except Exception as e:
self.fail("%s: SSH failed for VM with IP Address: %s" %
(e, src_nat_ip_addr.ipaddress))
lb_rule.remove(self.apiclient, [self.vm_1])
with self.assertRaises(Exception):
self.logger.debug("Removed all VMs, trying to SSH")
self.try_ssh(src_nat_ip_addr.ipaddress, unameResults)
return
def test_01_create_lb_rule_src_nat(self):
"""Test to create Load balancing rule with source NAT"""
# Validate the Following:
# 1. listLoadBalancerRules should return the added rule
# 2. attempt to ssh twice on the load balanced IP
# 3. verify using the UNAME of the VM
# that round robin is indeed happening as expected
src_nat_ip_addrs = PublicIPAddress.list(self.apiclient,
account=self.account.name,
domainid=self.account.domainid)
self.assertEqual(isinstance(src_nat_ip_addrs, list), True,
"Check list response returns a valid list")
src_nat_ip_addr = src_nat_ip_addrs[0]
# Check if VM is in Running state before creating LB rule
vm_response = VirtualMachine.list(self.apiclient,
account=self.account.name,
domainid=self.account.domainid)
self.assertEqual(isinstance(vm_response, list), True,
"Check list VM returns a valid list")
self.assertNotEqual(len(vm_response), 0,
"Check Port Forwarding Rule is created")
for vm in vm_response:
self.assertEqual(
vm.state, 'Running',
"VM state should be Running before creating a NAT rule.")
# Create Load Balancer rule and assign VMs to rule
lb_rule = LoadBalancerRule.create(self.apiclient,
self.services["lbrule"],
src_nat_ip_addr.id,
accountid=self.account.name,
vpcid=self.vpc1.id,
networkid=self.network1.id)
self.cleanup.append(lb_rule)
lb_rule.assign(self.apiclient, [self.vm_1, self.vm_2])
lb_rules = list_lb_rules(self.apiclient, id=lb_rule.id)
self.assertEqual(isinstance(lb_rules, list), True,
"Check list response returns a valid list")
# verify listLoadBalancerRules lists the added load balancing rule
self.assertNotEqual(len(lb_rules), 0,
"Check Load Balancer Rule in its List")
self.assertEqual(lb_rules[0].id, lb_rule.id,
"Check List Load Balancer Rules returns valid Rule")
# listLoadBalancerRuleInstances should list all
# instances associated with that LB rule
lb_instance_rules = list_lb_instances(self.apiclient, id=lb_rule.id)
self.assertEqual(isinstance(lb_instance_rules, list), True,
"Check list response returns a valid list")
self.assertNotEqual(len(lb_instance_rules), 0,
"Check Load Balancer instances Rule in its List")
self.logger.debug("lb_instance_rules Ids: %s, %s" %
(lb_instance_rules[0].id, lb_instance_rules[1].id))
self.logger.debug("VM ids: %s, %s" % (self.vm_1.id, self.vm_2.id))
self.assertIn(
lb_instance_rules[0].id, [self.vm_1.id, self.vm_2.id],
"Check List Load Balancer instances Rules returns valid VM ID")
self.assertIn(
lb_instance_rules[1].id, [self.vm_1.id, self.vm_2.id],
"Check List Load Balancer instances Rules returns valid VM ID")
unameResults = []
self.try_ssh(src_nat_ip_addr.ipaddress, unameResults)
self.try_ssh(src_nat_ip_addr.ipaddress, unameResults)
self.try_ssh(src_nat_ip_addr.ipaddress, unameResults)
self.try_ssh(src_nat_ip_addr.ipaddress, unameResults)
self.try_ssh(src_nat_ip_addr.ipaddress, unameResults)
self.logger.debug("UNAME: %s" % str(unameResults))
self.assertIn("Linux", unameResults,
"Check if ssh succeeded for server1")
self.assertIn("Linux", unameResults,
"Check if ssh succeeded for server2")
# SSH should pass till there is a last VM associated with LB rule
lb_rule.remove(self.apiclient, [self.vm_2])
# making unameResultss list empty
unameResults[:] = []
try:
self.logger.debug(
"SSHing into IP address: %s after removing VM (ID: %s)" %
(src_nat_ip_addr.ipaddress, self.vm_2.id))
self.try_ssh(src_nat_ip_addr.ipaddress, unameResults)
self.assertIn("Linux", unameResults,
"Check if ssh succeeded for server1")
except Exception as e:
self.fail("%s: SSH failed for VM with IP Address: %s" %
(e, src_nat_ip_addr.ipaddress))
lb_rule.remove(self.apiclient, [self.vm_1])
with self.assertRaises(Exception):
self.logger.debug("Removed all VMs, trying to SSH")
self.try_ssh(src_nat_ip_addr.ipaddress, unameResults)
return
def setUpClass(cls):
cls._cleanup = []
cls.testClient = super(TestVPCRouterOneNetwork, cls).getClsTestClient()
cls.api_client = cls.testClient.getApiClient()
cls.hypervisor = cls.testClient.getHypervisorInfo()
cls.vpcSupported = True
cls._cleanup = []
cls.services = Services().services
# Get Zone, Domain and templates
cls.domain = get_domain(cls.api_client)
cls.zone = get_zone(cls.api_client, cls.testClient.getZoneForTests())
cls.template = get_template(cls.api_client, cls.zone.id,
cls.services["ostype"])
cls.services["virtual_machine"]["zoneid"] = cls.zone.id
cls.services["virtual_machine"]["template"] = cls.template.id
cls.service_offering = ServiceOffering.create(
cls.api_client, cls.services["service_offering"])
cls._cleanup.append(cls.service_offering)
cls.vpc_off = VpcOffering.create(cls.api_client,
cls.services["vpc_offering"])
cls.vpc_off.update(cls.api_client, state='Enabled')
cls._cleanup.append(cls.vpc_off)
cls.account = Account.create(cls.api_client,
cls.services["account"],
admin=True,
domainid=cls.domain.id)
cls._cleanup.insert(0, cls.account)
cls.services["vpc"]["cidr"] = '10.1.1.1/16'
cls.vpc = VPC.create(cls.api_client,
cls.services["vpc"],
vpcofferingid=cls.vpc_off.id,
zoneid=cls.zone.id,
account=cls.account.name,
domainid=cls.account.domainid)
private_gateway = PrivateGateway.create(cls.api_client,
gateway='10.1.3.1',
ipaddress='10.1.3.100',
netmask='255.255.255.0',
vlan=678,
vpcid=cls.vpc.id)
cls.gateways = PrivateGateway.list(cls.api_client,
id=private_gateway.id,
listall=True)
static_route = StaticRoute.create(cls.api_client,
cidr='11.1.1.1/24',
gatewayid=private_gateway.id)
cls.static_routes = StaticRoute.list(cls.api_client,
id=static_route.id,
listall=True)
cls.nw_off = NetworkOffering.create(cls.api_client,
cls.services["network_offering"],
conservemode=False)
# Enable Network offering
cls.nw_off.update(cls.api_client, state='Enabled')
cls._cleanup.append(cls.nw_off)
# Creating network using the network offering created
cls.network_1 = Network.create(cls.api_client,
cls.services["network"],
accountid=cls.account.name,
domainid=cls.account.domainid,
networkofferingid=cls.nw_off.id,
zoneid=cls.zone.id,
gateway='10.1.1.1',
vpcid=cls.vpc.id)
# Spawn an instance in that network
vm_1 = VirtualMachine.create(cls.api_client,
cls.services["virtual_machine"],
accountid=cls.account.name,
domainid=cls.account.domainid,
serviceofferingid=cls.service_offering.id,
networkids=[str(cls.network_1.id)])
vm_2 = VirtualMachine.create(cls.api_client,
cls.services["virtual_machine"],
accountid=cls.account.name,
domainid=cls.account.domainid,
serviceofferingid=cls.service_offering.id,
networkids=[str(cls.network_1.id)])
# Spawn an instance in that network
vm_3 = VirtualMachine.create(cls.api_client,
cls.services["virtual_machine"],
accountid=cls.account.name,
domainid=cls.account.domainid,
serviceofferingid=cls.service_offering.id,
networkids=[str(cls.network_1.id)])
VirtualMachine.list(cls.api_client,
account=cls.account.name,
domainid=cls.account.domainid,
listall=True)
public_ip_1 = PublicIPAddress.create(cls.api_client,
accountid=cls.account.name,
zoneid=cls.zone.id,
domainid=cls.account.domainid,
networkid=cls.network_1.id,
vpcid=cls.vpc.id)
NATRule.create(cls.api_client,
vm_1,
cls.services["natrule"],
ipaddressid=public_ip_1.ipaddress.id,
openfirewall=False,
networkid=cls.network_1.id,
vpcid=cls.vpc.id)
NetworkACL.create(cls.api_client,
networkid=cls.network_1.id,
services=cls.services["natrule"],
traffictype='Ingress')
public_ip_2 = PublicIPAddress.create(cls.api_client,
accountid=cls.account.name,
zoneid=cls.zone.id,
domainid=cls.account.domainid,
networkid=cls.network_1.id,
vpcid=cls.vpc.id)
try:
StaticNATRule.enable(cls.api_client,
ipaddressid=public_ip_2.ipaddress.id,
virtualmachineid=vm_2.id,
networkid=cls.network_1.id)
except Exception as e:
cls.fail("Failed to enable static NAT on IP: %s - %s" %
(public_ip_2.ipaddress.ipaddress, e))
PublicIPAddress.list(cls.api_client,
networkid=cls.network_1.id,
listall=True,
isstaticnat=True,
account=cls.account.name,
domainid=cls.account.domainid)
public_ip_3 = PublicIPAddress.create(cls.api_client,
accountid=cls.account.name,
zoneid=cls.zone.id,
domainid=cls.account.domainid,
networkid=cls.network_1.id,
vpcid=cls.vpc.id)
lb_rule = LoadBalancerRule.create(cls.api_client,
cls.services["lbrule"],
ipaddressid=public_ip_3.ipaddress.id,
accountid=cls.account.name,
networkid=cls.network_1.id,
vpcid=cls.vpc.id,
domainid=cls.account.domainid)
lb_rule.assign(cls.api_client, [vm_3])
NetworkACL.create(cls.api_client,
networkid=cls.network_1.id,
services=cls.services["lbrule"],
traffictype='Ingress')
NetworkACL.create(cls.api_client,
networkid=cls.network_1.id,
services=cls.services["http_rule"],
traffictype='Egress')
def setUpClass(cls):
cls._cleanup = []
cls.testClient = super(TestVPCRouterOneNetwork, cls).getClsTestClient()
cls.api_client = cls.testClient.getApiClient()
cls.hypervisor = cls.testClient.getHypervisorInfo()
cls.vpcSupported = True
cls._cleanup = []
cls.services = Services().services
# Get Zone, Domain and templates
cls.domain = get_domain(cls.api_client)
cls.zone = get_zone(cls.api_client, cls.testClient.getZoneForTests())
cls.template = get_template(
cls.api_client,
cls.zone.id,
cls.services["ostype"]
)
cls.services["virtual_machine"]["zoneid"] = cls.zone.id
cls.services["virtual_machine"]["template"] = cls.template.id
cls.service_offering = ServiceOffering.create(
cls.api_client,
cls.services["service_offering"]
)
cls._cleanup.append(cls.service_offering)
cls.vpc_off = VpcOffering.create(
cls.api_client,
cls.services["vpc_offering"]
)
cls.vpc_off.update(cls.api_client, state='Enabled')
cls._cleanup.append(cls.vpc_off)
cls.account = Account.create(
cls.api_client,
cls.services["account"],
admin=True,
domainid=cls.domain.id
)
cls._cleanup.insert(0, cls.account)
cls.services["vpc"]["cidr"] = '10.1.1.1/16'
cls.vpc = VPC.create(
cls.api_client,
cls.services["vpc"],
vpcofferingid=cls.vpc_off.id,
zoneid=cls.zone.id,
account=cls.account.name,
domainid=cls.account.domainid
)
private_gateway = PrivateGateway.create(
cls.api_client,
gateway='10.1.3.1',
ipaddress='10.1.3.100',
netmask='255.255.255.0',
vlan=678,
vpcid=cls.vpc.id
)
cls.gateways = PrivateGateway.list(
cls.api_client,
id=private_gateway.id,
listall=True
)
static_route = StaticRoute.create(
cls.api_client,
cidr='11.1.1.1/24',
gatewayid=private_gateway.id
)
cls.static_routes = StaticRoute.list(
cls.api_client,
id=static_route.id,
listall=True
)
cls.nw_off = NetworkOffering.create(
cls.api_client,
cls.services["network_offering"],
conservemode=False
)
# Enable Network offering
cls.nw_off.update(cls.api_client, state='Enabled')
cls._cleanup.append(cls.nw_off)
# Creating network using the network offering created
cls.network_1 = Network.create(
cls.api_client,
cls.services["network"],
accountid=cls.account.name,
domainid=cls.account.domainid,
networkofferingid=cls.nw_off.id,
zoneid=cls.zone.id,
gateway='10.1.1.1',
vpcid=cls.vpc.id
)
# Spawn an instance in that network
vm_1 = VirtualMachine.create(
cls.api_client,
cls.services["virtual_machine"],
accountid=cls.account.name,
domainid=cls.account.domainid,
serviceofferingid=cls.service_offering.id,
networkids=[str(cls.network_1.id)]
)
vm_2 = VirtualMachine.create(
cls.api_client,
cls.services["virtual_machine"],
accountid=cls.account.name,
domainid=cls.account.domainid,
serviceofferingid=cls.service_offering.id,
networkids=[str(cls.network_1.id)]
)
# Spawn an instance in that network
vm_3 = VirtualMachine.create(
cls.api_client,
cls.services["virtual_machine"],
accountid=cls.account.name,
domainid=cls.account.domainid,
serviceofferingid=cls.service_offering.id,
networkids=[str(cls.network_1.id)]
)
VirtualMachine.list(
cls.api_client,
account=cls.account.name,
domainid=cls.account.domainid,
listall=True
)
public_ip_1 = PublicIPAddress.create(
cls.api_client,
accountid=cls.account.name,
zoneid=cls.zone.id,
domainid=cls.account.domainid,
networkid=cls.network_1.id,
vpcid=cls.vpc.id
)
NATRule.create(
cls.api_client,
vm_1,
cls.services["natrule"],
ipaddressid=public_ip_1.ipaddress.id,
openfirewall=False,
networkid=cls.network_1.id,
vpcid=cls.vpc.id
)
NetworkACL.create(
cls.api_client,
networkid=cls.network_1.id,
services=cls.services["natrule"],
traffictype='Ingress'
)
public_ip_2 = PublicIPAddress.create(
cls.api_client,
accountid=cls.account.name,
zoneid=cls.zone.id,
domainid=cls.account.domainid,
networkid=cls.network_1.id,
vpcid=cls.vpc.id
)
try:
StaticNATRule.enable(
cls.api_client,
ipaddressid=public_ip_2.ipaddress.id,
virtualmachineid=vm_2.id,
networkid=cls.network_1.id
)
except Exception as e:
cls.fail("Failed to enable static NAT on IP: %s - %s" % (
public_ip_2.ipaddress.ipaddress, e))
PublicIPAddress.list(
cls.api_client,
networkid=cls.network_1.id,
listall=True,
isstaticnat=True,
account=cls.account.name,
domainid=cls.account.domainid
)
public_ip_3 = PublicIPAddress.create(
cls.api_client,
accountid=cls.account.name,
zoneid=cls.zone.id,
domainid=cls.account.domainid,
networkid=cls.network_1.id,
vpcid=cls.vpc.id
)
lb_rule = LoadBalancerRule.create(
cls.api_client,
cls.services["lbrule"],
ipaddressid=public_ip_3.ipaddress.id,
accountid=cls.account.name,
networkid=cls.network_1.id,
vpcid=cls.vpc.id,
domainid=cls.account.domainid
)
lb_rule.assign(cls.api_client, [vm_3])
NetworkACL.create(
cls.api_client,
networkid=cls.network_1.id,
services=cls.services["lbrule"],
traffictype='Ingress'
)
NetworkACL.create(
cls.api_client,
networkid=cls.network_1.id,
services=cls.services["http_rule"],
traffictype='Egress'
)
def _test_vpc_site2site_vpn(self, vpc_offering, num_VPCs=3):
# Number of VPNs (to test) is number_of_VPCs - 1
# By default test setting up 2 VPNs from VPC0, requiring total of 3 VPCs
maxnumVM = num_VPCs - 1
# Create VPC i
vpc_list = []
for i in range(num_VPCs):
# Generate VPC (mostly subnet) info
vpcservice_n = copy.deepcopy(self.services["vpcN"])
for key in vpcservice_n.keys():
vpcservice_n[key] = vpcservice_n[key].format(N=` i `)
vpc_n = VPC.create(apiclient=self.apiclient,
services=vpcservice_n,
networkDomain="vpc%d.vpn" % i,
vpcofferingid=vpc_offering.id,
zoneid=self.zone.id,
account=self.account.name,
domainid=self.domain.id)
self.assertIsNotNone(vpc_n, "VPC%d creation failed" % i)
vpc_list.append(vpc_n)
self.cleanup.append(vpc_n)
self.logger.debug("VPC%d %s created" % (i, vpc_list[i].id))
default_acl = NetworkACLList.list(self.apiclient,
name="default_allow")[0]
# Create network in VPC i
ntwk_list = []
for i in range(num_VPCs):
# Generate network (mostly subnet) info
ntwk_info_n = copy.deepcopy(self.services["network_N"])
for key in ntwk_info_n.keys():
ntwk_info_n[key] = ntwk_info_n[key].format(N=` i `)
ntwk_n = Network.create(
apiclient=self.apiclient,
services=ntwk_info_n,
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=self.network_offerings[0].id,
zoneid=self.zone.id,
vpcid=vpc_list[i].id,
aclid=default_acl.id)
self.assertIsNotNone(ntwk_n, "Network%d failed to create" % i)
self.cleanup.append(ntwk_n)
ntwk_list.append(ntwk_n)
self.logger.debug("Network%d %s created in VPC %s" %
(i, ntwk_list[i].id, vpc_list[i].id))
# Deploy a vm in network i
vm_list = []
vm_n = None
for i in range(num_VPCs):
vm_n = VirtualMachine.create(
self.apiclient,
services=self.services["virtual_machine"],
templateid=self.template.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.compute_offering.id,
networkids=[ntwk_list[i].id],
hypervisor=self.hypervisor,
mode='advanced' if (i == 0) or (i == maxnumVM) else 'default')
self.assertIsNotNone(vm_n, "VM%d failed to deploy" % i)
self.cleanup.append(vm_n)
vm_list.append(vm_n)
self.logger.debug("VM%d %s deployed in VPC %s" %
(i, vm_list[i].id, vpc_list[i].id))
self.assertEquals(vm_n.state, 'Running', "VM%d is not running" % i)
# 4) Enable Site-to-Site VPN for VPC
vpn_response_list = []
for i in range(num_VPCs):
vpn_response = Vpn.createVpnGateway(self.apiclient, vpc_list[i].id)
self.assertIsNotNone(vpn_response,
"Failed to enable VPN Gateway %d" % i)
vpn_response_list.append(vpn_response)
self.logger.debug("VPN gateway for VPC%d %s enabled" %
(i, vpc_list[i].id))
# 5) Add VPN Customer gateway info
vpn_cust_gw_list = []
services = self.services["vpncustomergateway"]
for i in range(num_VPCs):
src_nat_list = PublicIPAddress.list(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
vpcid=vpc_list[i].id)
ip = src_nat_list[0]
customer_response = VpnCustomerGateway.create(
self.apiclient, services, "Peer VPC" + ` i `, ip.ipaddress,
vpc_list[i].cidr, self.account.name, self.domain.id)
self.cleanup.insert(
0, customer_response
) # this has to be cleaned up after the VPCs have been destroyed (due to client connectionsonections)
vpn_cust_gw_list.append(customer_response)
self.logger.debug(
"VPN customer gateway added for VPC%d %s enabled" %
(i, vpc_list[i].id))
# Before the next step ensure the last VPC is up and running
# Routers in the right state?
self.assertEqual(
self.routers_in_right_state(vpcid=vpc_list[maxnumVM].id), True,
"Check whether the routers are in the right state.")
# 6) Connect VPCi with VPC0
for i in range(num_VPCs)[1:]:
Vpn.createVpnConnection(self.apiclient, vpn_cust_gw_list[0].id,
vpn_response_list[i]['id'], True)
self.logger.debug("VPN passive connection created for VPC%d %s" %
(i, vpc_list[i].id))
vpnconn2_response = Vpn.createVpnConnection(
self.apiclient, vpn_cust_gw_list[i].id,
vpn_response_list[0]['id'])
self.logger.debug("VPN connection created for VPC%d %s" %
(0, vpc_list[0].id))
self.assertEqual(vpnconn2_response['state'], "Connected",
"Failed to connect between VPCs 0 and %d!" % i)
self.logger.debug("VPN connected between VPC0 and VPC%d" % i)
# First the last VM
# setup ssh connection to vm maxnumVM
self.logger.debug(
"Setup SSH connection to last VM created (%d) to ensure availability for ping tests"
% maxnumVM)
ssh_max_client = vm_list[maxnumVM].get_ssh_client(retries=20)
self.assertIsNotNone(
ssh_max_client,
"Failed to setup SSH to last VM created (%d)" % maxnumVM)
self.logger.debug(
"Setup SSH connection to first VM created (0) to ensure availability for ping tests"
)
ssh_client = vm_list[0].get_ssh_client(retries=10)
self.assertIsNotNone(ssh_client, "Failed to setup SSH to VM0")
if ssh_client:
# run ping test
for i in range(num_VPCs)[1:]:
packet_loss = ssh_client.execute(
"/bin/ping -c 3 -t 10 " + vm_list[i].nic[0].ipaddress +
" |grep packet|cut -d ' ' -f 7| cut -f1 -d'%'")[0]
self.assertEquals(
int(packet_loss), 0,
"Ping towards vm" + ` i ` + "did not succeed")
self.logger.debug("Ping from vm0 to vm%d did succeed" % i)
else:
self.fail("Failed to setup ssh connection to %s" %
vm_list[0].public_ip)
return
def _test_01_create_lb_rule_src_nat(self):
"""Test to create Load balancing rule with source NAT"""
# Validate the Following:
# 1. listLoadBalancerRules should return the added rule
# 2. attempt to ssh twice on the load balanced IP
# 3. verify using the UNAME of the VM
# that round robin is indeed happening as expected
src_nat_ip_addrs = PublicIPAddress.list(self.apiclient,
account=self.account.name,
domainid=self.account.domainid)
self.assertEqual(isinstance(src_nat_ip_addrs, list), True,
"Check list response returns a valid list")
src_nat_ip_addr_1 = src_nat_ip_addrs[0]
src_nat_ip_addr_2 = src_nat_ip_addrs[1]
# Check if VM is in Running state before creating LB rule
vm_response = VirtualMachine.list(self.apiclient,
account=self.account.name,
domainid=self.account.domainid)
self.assertEqual(isinstance(vm_response, list), True,
"Check list VM returns a valid list")
self.assertNotEqual(len(vm_response), 0,
"Check Port Forwarding Rule is created")
for vm in vm_response:
self.assertEqual(
vm.state, 'Running',
"VM state should be Running before creating a NAT rule.")
# Create Load Balancer rule and assign VMs to rule
lb_rule_1 = self.create_lb_rule(src_nat_ip_addr_1.id, self.vpc1.id,
self.network1.id,
[self.vm_1, self.vm_2])
# Create Load Balancer rule and assign VMs to rule
lb_rule_2 = self.create_lb_rule(src_nat_ip_addr_2.id, self.vpc1.id,
self.network2.id,
[self.vm_4, self.vm_5])
# listLoadBalancerRuleInstances should list all
# instances associated with that LB rule
self.check_lb_rules(lb_rule_1.id, [self.vm_1.id, self.vm_2.id])
self.check_lb_rules(lb_rule_2.id, [self.vm_4.id, self.vm_5.id])
uname_results = []
for x in range(0, 5):
self.try_ssh(src_nat_ip_addr_1.ipaddress, uname_results)
self.logger.debug("OUTPUT: %s" % str(uname_results))
self.assertIn(
self.vm_1.id.split("-", 3)[3].upper(), uname_results,
"Check if ssh succeeded for server1")
self.assertIn(
self.vm_2.id.split("-", 3)[3].upper(), uname_results,
"Check if ssh succeeded for server2")
uname_results = []
for x in range(0, 5):
self.try_ssh(src_nat_ip_addr_2.ipaddress, uname_results)
self.logger.debug("OUTPUT: %s" % str(uname_results))
self.assertIn(
self.vm_4.id.split("-", 3)[3].upper(), uname_results,
"Check if ssh succeeded for server4")
self.assertIn(
self.vm_5.id.split("-", 3)[3].upper(), uname_results,
"Check if ssh succeeded for server5")
uname_results.append(
self.remove_and_check(lb_rule_1, src_nat_ip_addr_1,
[self.vm_2, self.vm_1]))
uname_results.append(
self.remove_and_check(lb_rule_2, src_nat_ip_addr_2,
[self.vm_4, self.vm_5]))
return
def test_01_vpc_remote_access_vpn(self):
"""Test Remote Access VPN in VPC"""
# 1) Create VPC
vpc_offering = VpcOffering.list(self.apiclient, isdefault=True)
self.assertTrue(vpc_offering is not None and len(vpc_offering) > 0,
"No VPC offerings found")
vpc = VPC.create(apiclient=self.apiclient,
services=self.services["vpc"],
networkDomain="vpc.vpn",
vpcofferingid=vpc_offering[0].id,
zoneid=self.zone.id,
account=self.account.name,
domainid=self.domain.id)
self.assertIsNotNone(vpc, "VPC creation failed")
self.logger.debug("VPC %s created" % (vpc.id))
self.cleanup.append(vpc)
# 2) Create network in VPC
ntwk = Network.create(apiclient=self.apiclient,
services=self.services["network_1"],
accountid=self.account.name,
domainid=self.domain.id,
networkofferingid=self.network_offerings[0].id,
zoneid=self.zone.id,
vpcid=vpc.id)
self.assertIsNotNone(ntwk, "Network failed to create")
self.logger.debug("Network %s created in VPC %s" % (ntwk.id, vpc.id))
self.cleanup.append(ntwk)
# 3) Deploy a vm
vm = VirtualMachine.create(self.apiclient,
services=self.services["virtual_machine"],
templateid=self.template.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.domain.id,
serviceofferingid=self.compute_offering.id,
networkids=ntwk.id,
hypervisor=self.hypervisor)
self.assertIsNotNone(vm, "VM failed to deploy")
self.assertEquals(vm.state, 'Running', "VM is not running")
self.debug("VM %s deployed in VPC %s" % (vm.id, vpc.id))
self.logger.debug("Deployed virtual machine: OK")
self.cleanup.append(vm)
# 4) Enable VPN for VPC
src_nat_list = PublicIPAddress.list(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
vpcid=vpc.id)
ip = src_nat_list[0]
self.logger.debug("Acquired public ip address: OK")
vpn = Vpn.create(self.apiclient,
publicipid=ip.id,
account=self.account.name,
domainid=self.account.domainid,
iprange=self.services["vpn"]["iprange"],
fordisplay=self.services["vpn"]["fordisplay"])
self.assertIsNotNone(vpn, "Failed to create Remote Access VPN")
self.logger.debug("Created Remote Access VPN: OK")
vpn_user = None
# 5) Add VPN user for VPC
vpn_user = VpnUser.create(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
username=self.services["vpn"]["vpn_user"],
password=self.services["vpn"]["vpn_pass"])
self.assertIsNotNone(vpn_user,
"Failed to create Remote Access VPN User")
self.logger.debug("Created VPN User: OK")
# TODO: Add an actual remote vpn connection test from a remote vpc
# 9) Disable VPN for VPC
vpn.delete(self.apiclient)
self.logger.debug("Deleted the Remote Access VPN: OK")
def test_03_deploy_vms_in_vpc_with_regionlevelvpc(self):
"""Test deploy virtual machines in VPC networks"""
# 1. Create VPC Offering by specifying all supported Services
# (Vpn,dhcpdns,UserData, SourceNat,Static NAT and PF,LB,NetworkAcl)
# 2. Create a VPC using the above VPC offering
# 3. Create a network as part of this VPC.
# 4. Deploy few Vms.
# 5. Create a LB rule for this VM.
# 6. Create a PF rule for this VM.
# 7. Create a Static Nat rule for this VM.
# 8. Create Ingress rules on the network to open the above created
# LB PF and Static Nat rule
# 9. Create Egress Network ACL for this network to access google.com.
# 10. Enable VPN services
if not self.isOvsPluginEnabled:
self.skipTest("OVS plugin should be enabled to run this test case")
self.debug("Creating a VPC offering..")
vpc_off = VpcOffering.create(self.apiclient,
self.services["vpc_offering"])
vpc_off.update(self.apiclient, state='Enabled')
self.debug("creating a VPC network in the account: %s" %
self.account.name)
vpc = VPC.create(self.apiclient,
self.services["vpc"],
vpcofferingid=vpc_off.id,
zoneid=self.zone.id,
account=self.account.name,
domainid=self.account.domainid,
networkDomain=self.account.domainid)
self.validate_vpc_network(vpc)
self.network_offering = NetworkOffering.create(
self.apiclient,
self.services["network_offering"],
conservemode=False)
# Enable Network offering
self.network_offering.update(self.apiclient, state='Enabled')
gateway = vpc.cidr.split('/')[0]
# Split the cidr to retrieve gateway
# for eg. cidr = 10.0.0.1/24
# Gateway = 10.0.0.1
# Creating network using the network offering created
self.debug("Creating network with network offering: %s" %
self.network_offering.id)
network = Network.create(self.apiclient,
self.services["network"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=self.network_offering.id,
zoneid=self.zone.id,
gateway=gateway,
vpcid=vpc.id)
self.debug("Created network with ID: %s" % network.id)
# Spawn an instance in that network
virtual_machine = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id,
networkids=[str(network.id)])
self.debug("Deployed VM in network: %s" % network.id)
self.debug("Associating public IP for network: %s" % network.name)
public_ip = PublicIPAddress.create(self.apiclient,
accountid=self.account.name,
zoneid=self.zone.id,
domainid=self.account.domainid,
networkid=network.id,
vpcid=vpc.id)
self.debug("Associated %s with network %s" %
(public_ip.ipaddress.ipaddress, network.id))
self.debug("Creating LB rule for IP address: %s" %
public_ip.ipaddress.ipaddress)
LoadBalancerRule.create(self.apiclient,
self.services["lbrule"],
ipaddressid=public_ip.ipaddress.id,
accountid=self.account.name,
networkid=network.id,
vpcid=vpc.id,
domainid=self.account.domainid)
self.debug("Associating public IP for network: %s" % vpc.name)
public_ip_2 = PublicIPAddress.create(self.apiclient,
accountid=self.account.name,
zoneid=self.zone.id,
domainid=self.account.domainid,
networkid=network.id,
vpcid=vpc.id)
self.debug("Associated %s with network %s" %
(public_ip_2.ipaddress.ipaddress, network.id))
NATRule.create(self.apiclient,
virtual_machine,
self.services["natrule"],
ipaddressid=public_ip_2.ipaddress.id,
openfirewall=False,
networkid=network.id,
vpcid=vpc.id)
self.debug("Adding NetwrokACl rules to make PF and LB accessible")
NetworkACL.create(self.apiclient,
networkid=network.id,
services=self.services["natrule"],
traffictype='Ingress')
NetworkACL.create(self.apiclient,
networkid=network.id,
services=self.services["lbrule"],
traffictype='Ingress')
self.debug("Checking if we can SSH into VM?")
try:
virtual_machine.get_ssh_client(
ipaddress=public_ip_2.ipaddress.ipaddress, )
self.debug("SSH into VM is successfully")
except Exception as e:
self.fail("Failed to SSH into VM - %s, %s" %
(public_ip_2.ipaddress.ipaddress, e))
self.debug("Associating public IP for network: %s" % network.name)
public_ip_3 = PublicIPAddress.create(self.apiclient,
accountid=self.account.name,
zoneid=self.zone.id,
domainid=self.account.domainid,
networkid=network.id,
vpcid=vpc.id)
self.debug("Associated %s with network %s" %
(public_ip_3.ipaddress.ipaddress, network.id))
self.debug("Enabling static NAT for IP: %s" %
public_ip_3.ipaddress.ipaddress)
try:
StaticNATRule.enable(self.apiclient,
ipaddressid=public_ip_3.ipaddress.id,
virtualmachineid=virtual_machine.id,
networkid=network.id)
self.debug("Static NAT enabled for IP: %s" %
public_ip_3.ipaddress.ipaddress)
except Exception as e:
self.fail("Failed to enable static NAT on IP: %s - %s" %
(public_ip_3.ipaddress.ipaddress, e))
public_ips = PublicIPAddress.list(self.apiclient,
networkid=network.id,
listall=True,
isstaticnat=True,
account=self.account.name,
domainid=self.account.domainid)
self.assertEqual(isinstance(public_ips, list), True,
"List public Ip for network should list the Ip addr")
self.assertEqual(public_ips[0].ipaddress,
public_ip_3.ipaddress.ipaddress,
"List public Ip for network should list the Ip addr")
# TODO: Remote Access VPN is not yet supported in VPC
return
def test_01_vpc_remote_access_vpn(self):
"""Test Remote Access VPN in VPC"""
self.logger.debug("Starting test: test_01_vpc_remote_access_vpn")
# 0) Get the default network offering for VPC
self.logger.debug("Retrieving default VPC offering")
networkOffering = NetworkOffering.list(
self.apiclient, name="DefaultIsolatedNetworkOfferingForVpcNetworks")
self.assert_(networkOffering is not None and len(
networkOffering) > 0, "No VPC based network offering")
# 1) Create VPC
vpcOffering = VpcOffering.list(self.apiclient, name="Default VPC offering")
self.assert_(vpcOffering is not None and len(
vpcOffering) > 0, "No VPC offerings found")
vpc = None
try:
vpc = VPC.create(
apiclient=self.apiclient,
services=self.services["vpc"],
networkDomain="vpc.vpn",
vpcofferingid=vpcOffering[0].id,
zoneid=self.zone.id,
account=self.account.name,
domainid=self.domain.id
)
except Exception as e:
self.fail(e)
finally:
self.assert_(vpc is not None, "VPC creation failed")
self.logger.debug("VPC %s created" % (vpc.id))
try:
# 2) Create network in VPC
ntwk = Network.create(
apiclient=self.apiclient,
services=self.services["network_1"],
accountid=self.account.name,
domainid=self.domain.id,
networkofferingid=networkOffering[0].id,
zoneid=self.zone.id,
vpcid=vpc.id
)
except Exception as e:
self.fail(e)
finally:
self.assertIsNotNone(ntwk, "Network failed to create")
self.logger.debug(
"Network %s created in VPC %s" % (ntwk.id, vpc.id))
try:
# 3) Deploy a vm
vm = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"],
templateid=self.template.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.domain.id,
serviceofferingid=self.compute_offering.id,
networkids=ntwk.id,
hypervisor=self.hypervisor
)
self.assert_(vm is not None, "VM failed to deploy")
self.assert_(vm.state == 'Running', "VM is not running")
self.debug("VM %s deployed in VPC %s" % (vm.id, vpc.id))
except Exception as e:
self.fail(e)
finally:
self.logger.debug("Deployed virtual machine: OK")
try:
# 4) Enable VPN for VPC
src_nat_list = PublicIPAddress.list(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
vpcid=vpc.id
)
ip = src_nat_list[0]
except Exception as e:
self.fail(e)
finally:
self.logger.debug("Acquired public ip address: OK")
try:
vpn = Vpn.create(self.apiclient,
publicipid=ip.id,
account=self.account.name,
domainid=self.account.domainid,
iprange=self.services["vpn"]["iprange"],
fordisplay=self.services["vpn"]["fordisplay"]
)
except Exception as e:
self.fail(e)
finally:
self.assertIsNotNone(vpn, "Failed to create Remote Access VPN")
self.logger.debug("Created Remote Access VPN: OK")
vpnUser = None
# 5) Add VPN user for VPC
try:
vpnUser = VpnUser.create(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
username=self.services["vpn"]["vpn_user"],
password=self.services["vpn"]["vpn_pass"]
)
except Exception as e:
self.fail(e)
finally:
self.assertIsNotNone(
vpnUser, "Failed to create Remote Access VPN User")
self.logger.debug("Created VPN User: OK")
# TODO: Add an actual remote vpn connection test from a remote vpc
try:
# 9) Disable VPN for VPC
vpn.delete(self.apiclient)
except Exception as e:
self.fail(e)
finally:
self.logger.debug("Deleted the Remote Access VPN: OK")
def test_03_deploy_vms_in_vpc_with_regionlevelvpc(self):
"""Test deploy virtual machines in VPC networks"""
# 1. Create VPC Offering by specifying all supported Services
# (Vpn,dhcpdns,UserData, SourceNat,Static NAT and PF,LB,NetworkAcl)
# 2. Create a VPC using the above VPC offering
# 3. Create a network as part of this VPC.
# 4. Deploy few Vms.
# 5. Create a LB rule for this VM.
# 6. Create a PF rule for this VM.
# 7. Create a Static Nat rule for this VM.
# 8. Create Ingress rules on the network to open the above created
# LB PF and Static Nat rule
# 9. Create Egress Network ACL for this network to access google.com.
# 10. Enable VPN services
if not self.isOvsPluginEnabled:
self.skipTest("OVS plugin should be enabled to run this test case")
self.debug("Creating a VPC offering..")
vpc_off = VpcOffering.create(
self.apiclient,
self.services["vpc_offering"]
)
vpc_off.update(self.apiclient, state='Enabled')
self.debug("creating a VPC network in the account: %s" %
self.account.name)
vpc = VPC.create(
self.apiclient,
self.services["vpc"],
vpcofferingid=vpc_off.id,
zoneid=self.zone.id,
account=self.account.name,
domainid=self.account.domainid,
networkDomain=self.account.domainid
)
self.validate_vpc_network(vpc)
self.network_offering = NetworkOffering.create(
self.apiclient,
self.services["network_offering"],
conservemode=False
)
# Enable Network offering
self.network_offering.update(self.apiclient, state='Enabled')
gateway = vpc.cidr.split('/')[0]
# Split the cidr to retrieve gateway
# for eg. cidr = 10.0.0.1/24
# Gateway = 10.0.0.1
# Creating network using the network offering created
self.debug("Creating network with network offering: %s" %
self.network_offering.id)
network = Network.create(
self.apiclient,
self.services["network"],
accountid=self.account.name,
domainid=self.account.domainid,
networkofferingid=self.network_offering.id,
zoneid=self.zone.id,
gateway=gateway,
vpcid=vpc.id
)
self.debug("Created network with ID: %s" % network.id)
# Spawn an instance in that network
virtual_machine = VirtualMachine.create(
self.apiclient,
self.services["virtual_machine"],
accountid=self.account.name,
domainid=self.account.domainid,
serviceofferingid=self.service_offering.id,
networkids=[str(network.id)]
)
self.debug("Deployed VM in network: %s" % network.id)
self.debug("Associating public IP for network: %s" % network.name)
public_ip = PublicIPAddress.create(
self.apiclient,
accountid=self.account.name,
zoneid=self.zone.id,
domainid=self.account.domainid,
networkid=network.id,
vpcid=vpc.id
)
self.debug("Associated %s with network %s" % (
public_ip.ipaddress.ipaddress,
network.id
))
self.debug("Creating LB rule for IP address: %s" %
public_ip.ipaddress.ipaddress)
LoadBalancerRule.create(
self.apiclient,
self.services["lbrule"],
ipaddressid=public_ip.ipaddress.id,
accountid=self.account.name,
networkid=network.id,
vpcid=vpc.id,
domainid=self.account.domainid
)
self.debug("Associating public IP for network: %s" % vpc.name)
public_ip_2 = PublicIPAddress.create(
self.apiclient,
accountid=self.account.name,
zoneid=self.zone.id,
domainid=self.account.domainid,
networkid=network.id,
vpcid=vpc.id
)
self.debug("Associated %s with network %s" % (
public_ip_2.ipaddress.ipaddress,
network.id
))
NATRule.create(
self.apiclient,
virtual_machine,
self.services["natrule"],
ipaddressid=public_ip_2.ipaddress.id,
openfirewall=False,
networkid=network.id,
vpcid=vpc.id
)
self.debug("Adding NetwrokACl rules to make PF and LB accessible")
NetworkACL.create(
self.apiclient,
networkid=network.id,
services=self.services["natrule"],
traffictype='Ingress'
)
NetworkACL.create(
self.apiclient,
networkid=network.id,
services=self.services["lbrule"],
traffictype='Ingress'
)
self.debug("Checking if we can SSH into VM?")
try:
virtual_machine.get_ssh_client(
ipaddress=public_ip_2.ipaddress.ipaddress,
)
self.debug("SSH into VM is successfully")
except Exception as e:
self.fail("Failed to SSH into VM - %s, %s" %
(public_ip_2.ipaddress.ipaddress, e))
self.debug("Associating public IP for network: %s" % network.name)
public_ip_3 = PublicIPAddress.create(
self.apiclient,
accountid=self.account.name,
zoneid=self.zone.id,
domainid=self.account.domainid,
networkid=network.id,
vpcid=vpc.id
)
self.debug("Associated %s with network %s" % (
public_ip_3.ipaddress.ipaddress,
network.id
))
self.debug("Enabling static NAT for IP: %s" %
public_ip_3.ipaddress.ipaddress)
try:
StaticNATRule.enable(
self.apiclient,
ipaddressid=public_ip_3.ipaddress.id,
virtualmachineid=virtual_machine.id,
networkid=network.id
)
self.debug("Static NAT enabled for IP: %s" %
public_ip_3.ipaddress.ipaddress)
except Exception as e:
self.fail("Failed to enable static NAT on IP: %s - %s" % (
public_ip_3.ipaddress.ipaddress, e))
public_ips = PublicIPAddress.list(
self.apiclient,
networkid=network.id,
listall=True,
isstaticnat=True,
account=self.account.name,
domainid=self.account.domainid
)
self.assertEqual(
isinstance(public_ips, list),
True,
"List public Ip for network should list the Ip addr"
)
self.assertEqual(
public_ips[0].ipaddress,
public_ip_3.ipaddress.ipaddress,
"List public Ip for network should list the Ip addr"
)
# TODO: Remote Access VPN is not yet supported in VPC
return
def test_01_firewall_rules_port_fw(self):
""""Checking firewall rules deletion after static NAT disable"""
# Validate the following:
#1. Enable static NAT for a VM
#2. Open up some ports. At this point there will be new rows in the
# firewall_rules table.
#3. Disable static NAT for the VM.
#4. Check fire wall rules are deleted from firewall_rules table.
public_ip = self.public_ip.ipaddress
# Enable Static NAT for VM
StaticNATRule.enable(self.apiclient, public_ip.id,
self.virtual_machine.id)
self.debug("Enabled static NAT for public IP ID: %s" % public_ip.id)
#Create Static NAT rule, in fact it's firewall rule
nat_rule = StaticNATRule.create(self.apiclient,
self.services["firewall_rule"],
public_ip.id)
self.debug("Created Static NAT rule for public IP ID: %s" %
public_ip.id)
self.debug("Checking IP address")
ip_response = PublicIPAddress.list(self.apiclient, id=public_ip.id)
self.assertEqual(isinstance(ip_response, list), True,
"Check ip response returns a valid list")
self.assertNotEqual(len(ip_response), 0,
"Check static NAT Rule is created")
self.assertTrue(ip_response[0].isstaticnat,
"IP is not static nat enabled")
self.assertEqual(ip_response[0].virtualmachineid,
self.virtual_machine.id,
"IP is not binding with the VM")
self.debug("Checking Firewall rule")
firewall_response = FireWallRule.list(self.apiclient,
ipaddressid=public_ip.id,
listall=True)
self.assertEqual(isinstance(firewall_response, list), True,
"Check firewall response returns a valid list")
self.assertNotEqual(len(firewall_response), 0,
"Check firewall rule is created")
self.assertEqual(firewall_response[0].state, "Active",
"Firewall rule is not active")
self.assertEqual(firewall_response[0].ipaddressid, public_ip.id,
"Firewall rule is not static nat related")
self.assertEqual(firewall_response[0].startport,
str(self.services["firewall_rule"]["startport"]),
"Firewall rule is not with specific port")
self.debug("Removed the firewall rule")
nat_rule.delete(self.apiclient)
self.debug("Checking IP address, it should still existed")
ip_response = PublicIPAddress.list(self.apiclient, id=public_ip.id)
self.assertEqual(isinstance(ip_response, list), True,
"Check ip response returns a valid list")
self.assertNotEqual(len(ip_response), 0,
"Check static NAT Rule is created")
self.assertTrue(ip_response[0].isstaticnat,
"IP is not static nat enabled")
self.assertEqual(ip_response[0].virtualmachineid,
self.virtual_machine.id,
"IP is not binding with the VM")
self.debug("Checking Firewall rule, it should be removed")
firewall_response = FireWallRule.list(self.apiclient,
ipaddressid=public_ip.id,
listall=True)
self.assertEqual(isinstance(firewall_response, list), True,
"Check firewall response returns a valid list")
if len(firewall_response) != 0:
self.assertEqual(
firewall_response[0].state, "Deleting",
"Firewall rule should be deleted or in deleting state")
return
def test_01_vpc_remote_access_vpn(self):
"""Test Remote Access VPN in VPC"""
# 1) Create VPC
vpc = VPC.create(
api_client=self.apiclient,
services=self.services["vpc"],
networkDomain="vpc.vpn",
vpcofferingid=self.vpc_offering.id,
zoneid=self.zone.id,
account=self.account.name,
domainid=self.domain.id
)
self.assertIsNotNone(vpc, "VPC creation failed")
self.logger.debug("VPC %s created" % (vpc.id))
self.cleanup.append(vpc)
# 2) Create network in VPC
ntwk = Network.create(
api_client=self.apiclient,
services=self.services["network_1"],
accountid=self.account.name,
domainid=self.domain.id,
networkofferingid=self.network_offering.id,
zoneid=self.zone.id,
vpcid=vpc.id
)
self.assertIsNotNone(ntwk, "Network failed to create")
self.logger.debug("Network %s created in VPC %s" % (ntwk.id, vpc.id))
self.cleanup.append(ntwk)
# 3) Deploy a vm
vm = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"],
templateid=self.template.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.domain.id,
serviceofferingid=self.virtual_machine_offering.id,
networkids=ntwk.id,
hypervisor=self.hypervisor
)
self.assertIsNotNone(vm, "VM failed to deploy")
self.assertEquals(vm.state, 'Running', "VM is not running")
self.debug("VM %s deployed in VPC %s" % (vm.id, vpc.id))
self.logger.debug("Deployed virtual machine: OK")
self.cleanup.append(vm)
# 4) Enable VPN for VPC
src_nat_list = PublicIPAddress.list(
self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
vpcid=vpc.id
)
ip = src_nat_list[0]
self.logger.debug("Acquired public ip address: OK")
vpn = Vpn.create(self.apiclient,
publicipid=ip.id,
account=self.account.name,
domainid=self.account.domainid,
iprange=self.services["vpn"]["iprange"],
fordisplay=self.services["vpn"]["fordisplay"]
)
self.assertIsNotNone(vpn, "Failed to create Remote Access VPN")
self.logger.debug("Created Remote Access VPN: OK")
vpn_user = None
# 5) Add VPN user for VPC
vpn_user = VpnUser.create(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
username=self.services["vpn"]["vpn_user"],
password=self.services["vpn"]["vpn_pass"]
)
self.assertIsNotNone(vpn_user, "Failed to create Remote Access VPN User")
self.logger.debug("Created VPN User: OK")
# TODO: Add an actual remote vpn connection test from a remote vpc
# 9) Disable VPN for VPC
vpn.delete(self.apiclient)
self.logger.debug("Deleted the Remote Access VPN: OK")
def test_02_list_publicip_domain_admin(self):
"""
A domain admin should be able to list public IP address of
his/her domain and all sub domains
Step 1: Create an isolated network in the user domain and sub domain
Step 2: Associate IP in the range, dedicated to domain1
Step 3: Display all public ip address in domain1
Step 4: Ensure that the count is greater than or equal to 10
Step 5: Display only the allocated Ip address in domain1
Step 6: Ensure that the count is 1
Step 7: Try to display public ip address from shared networks
Step 8: It should not return any result
Step 9: Try to display ip address of domain1 from domain2
Step 10: Ensure that it doesnt not return any result
:return:
"""
# Step 1. Create isolated network
self.isolated_network1 = Network.create(
self.apiclient,
self.services["isolated_network"],
accountid=self.account1.name,
domainid=self.account1.domainid,
networkofferingid=self.isolated_network_offering.id,
zoneid=self.zone.id
)
# Step 2. Associate IP in range dedicated to domain1
ip_address_1 = self.get_free_ipaddress(self.public_ip_range1.vlan.id)
ipaddress = PublicIPAddress.create(
self.apiclient,
zoneid=self.zone.id,
networkid=self.isolated_network1.id,
ipaddress=ip_address_1
)
self.assertIsNotNone(
ipaddress,
"Failed to Associate IP Address"
)
# Step 3: Display all public ip address in domain1
user = self.account1.user[0]
user_api_client = self.testClient.getUserApiClient(user.username, self.domain1.name)
ipAddresses = PublicIPAddress.list(
user_api_client,
allocatedonly=False,
isrecursive=True,
listall=True,
forvirtualnetwork=True)
# Step 4: Ensure that the count is equal to 10
self.assertEqual(
len(ipAddresses),
10,
"Failed to display all public ip address is domain %s" % self.domain1.name
)
# Display public ip address using network id
ipAddresses = PublicIPAddress.list(
self.apiclient,
associatednetworkid=self.isolated_network1.id,
account=self.account1.name,
domainid=self.account1.domainid,
allocatedonly=False,
listall=True,
forvirtualnetwork=True)
# Step 4: Ensure that the count is greater than or equal to 10
self.assertEqual(
len(ipAddresses),
10,
"Failed to display all public ip address using network id"
)
# Step 5: Display all allocated public ip address in domain1
ipAddresses = PublicIPAddress.list(
user_api_client,
allocatedonly=True,
isrecursive=True,
listall=True,
forvirtualnetwork=True)
# Step 6: Ensure that the count is greater than or equal to 1
self.assertEqual(
len(ipAddresses),
1,
"Allocated IP address is greater than 1"
)
# Step 7: Display public ip address from shared networks
ipAddresses = PublicIPAddress.list(
user_api_client,
allocatedonly=True,
isrecursive=True,
listall=True,
forvirtualnetwork=False)
# Step 8: Ensure that the result is empty
self.assertIsNone(
ipAddresses,
"Users should not display ip from shared networks"
)
try:
# Step 9
user = self.account2.user[0]
user_api_client = self.testClient.getUserApiClient(user.username, self.domain2.name)
ipAddresses = PublicIPAddress.list(
user_api_client,
allocatedonly=False,
listall=True,
associatednetworkid=self.isolated_network1.id,
forvirtualnetwork=True)
# Step 10
self.fail("Domain should not access public ip of sibling domain")
except Exception as e:
self.info("Got exception as expected since domain2 cant access network of domain1")
def test_vpc_remote_access_vpn(self):
"""Test Remote Access VPN in VPC"""
# 0) Get the default network offering for VPC
self.logger.debug("Retrieving default VPC offering")
networkOffering = NetworkOffering.list(
self.apiclient,
name="DefaultIsolatedNetworkOfferingForVpcNetworks")
self.assert_(networkOffering is not None and len(networkOffering) > 0,
"No VPC based network offering")
# 1) Create VPC
vpcOffering = VpcOffering.list(self.apiclient, isdefault=True)
self.assert_(vpcOffering is not None and len(vpcOffering) > 0,
"No VPC offerings found")
try:
vpc = VPC.create(apiclient=self.apiclient,
services=self.services["vpc"],
networkDomain="vpc.vpn",
vpcofferingid=vpcOffering[0].id,
zoneid=self.zone.id,
account=self.account.name,
domainid=self.domain.id)
except Exception as e:
self.fail(e)
finally:
self.assert_(vpc is not None, "VPC creation failed")
self.logger.debug("VPC %s created" % (vpc.id))
try:
# 2) Create network in VPC
ntwk = Network.create(apiclient=self.apiclient,
services=self.services["network_1"],
accountid=self.account.name,
domainid=self.domain.id,
networkofferingid=networkOffering[0].id,
zoneid=self.zone.id,
vpcid=vpc.id)
except Exception as e:
self.fail(e)
finally:
self.assertIsNotNone(ntwk, "Network failed to create")
self.logger.debug("Network %s created in VPC %s" %
(ntwk.id, vpc.id))
try:
# 3) Deploy a vm
vm = VirtualMachine.create(
self.apiclient,
services=self.services["virtual_machine"],
templateid=self.template.id,
zoneid=self.zone.id,
accountid=self.account.name,
domainid=self.domain.id,
serviceofferingid=self.compute_offering.id,
networkids=ntwk.id,
hypervisor=self.services["virtual_machine"]["hypervisor"])
self.assert_(vm is not None, "VM failed to deploy")
self.assert_(vm.state == 'Running', "VM is not running")
self.debug("VM %s deployed in VPC %s" % (vm.id, vpc.id))
except Exception as e:
self.fail(e)
finally:
self.logger.debug("Deployed virtual machine: OK")
try:
# 4) Enable VPN for VPC
src_nat_list = PublicIPAddress.list(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
listall=True,
issourcenat=True,
vpcid=vpc.id)
ip = src_nat_list[0]
except Exception as e:
self.fail(e)
finally:
self.logger.debug("Acquired public ip address: OK")
try:
vpn = Vpn.create(self.apiclient,
publicipid=ip.id,
account=self.account.name,
domainid=self.account.domainid,
iprange=self.services["vpn"]["iprange"],
fordisplay=self.services["vpn"]["fordisplay"])
except Exception as e:
self.fail(e)
finally:
self.assertIsNotNone(vpn, "Failed to create Remote Access VPN")
self.logger.debug("Created Remote Access VPN: OK")
vpnUser = None
# 5) Add VPN user for VPC
try:
vpnUser = VpnUser.create(self.apiclient,
account=self.account.name,
domainid=self.account.domainid,
username=self.services["vpn"]["vpn_user"],
password=self.services["vpn"]["vpn_pass"])
except Exception as e:
self.fail(e)
finally:
self.assertIsNotNone(vpnUser,
"Failed to create Remote Access VPN User")
self.logger.debug("Created VPN User: OK")
#TODO: Add an actual remote vpn connection test from a remote vpc
try:
# 9) Disable VPN for VPC
vpn.delete(self.apiclient)
except Exceptio as e:
self.fail(e)
finally:
self.logger.debug("Deleted the Remote Access VPN: OK")
def test_01_create_delete_portforwarding_fornonvpc(self):
"""
@summary: Test to list, create and delete Port Forwarding for
IP Address associated to Non VPC network
@Steps:
Step1: Creating a Network for the user
Step2: Associating an IP Addresses for Network
Step3: Launching Virtual Machine in network created in step 2
Step4: Listing Port Forwarding Rules for the IP Address associated
in Step2
Step5: Verifying that no Port Forwarding Rules are listed
Step6: Creating a Port Forwarding Rule for IP Address associated in
Step2
Step7: Listing Port Forwarding Rules for the IP Address associated in
Step2
Step8: Verifying 1 Port Forwarding Rule is listed
Step9: Deleting the Port Forwarding Rule created in Step6
Step10: Listing Port Forwarding Rules for the IP Address associated in
Step2
Step11: Verifying that no Port Forwarding Rules are listed
"""
# Listing all the Networks's for a user
list_networks_before = Network.list(
self.userapiclient,
listall=self.services["listall"],
type="Isolated"
)
# Verifying No Networks are listed
self.assertIsNone(
list_networks_before,
"Networks listed for newly created User"
)
# Listing Network Offerings
network_offerings_list = NetworkOffering.list(
self.apiClient,
forvpc="false",
guestiptype="Isolated",
state="Enabled",
supportedservices="SourceNat,PortForwarding",
zoneid=self.zone.id
)
status = validateList(network_offerings_list)
self.assertEquals(
PASS,
status[0],
"Isolated Network Offerings with sourceNat,\
PortForwarding enabled are not found"
)
# Creating a network
network = Network.create(
self.userapiclient,
self.services["network"],
accountid=self.account.name,
domainid=self.domain.id,
networkofferingid=network_offerings_list[0].id,
zoneid=self.zone.id
)
self.assertIsNotNone(
network,
"Network creation failed"
)
# Listing all the IP Addresses for a user
list_ipaddresses_before = PublicIPAddress.list(
self.userapiclient,
listall=self.services["listall"]
)
# Verifying no IP Addresses are listed
self.assertIsNone(
list_ipaddresses_before,
"IP Addresses listed for newly created User"
)
# Associating an IP Addresses to Network created
associated_ipaddress = PublicIPAddress.create(
self.userapiclient,
services=self.services["network"],
networkid=network.id
)
self.assertIsNotNone(
associated_ipaddress,
"Failed to Associate IP Address"
)
# Listing all the IP Addresses for a user
list_ipaddresses_after = PublicIPAddress.list(
self.userapiclient,
listall=self.services["listall"]
)
status = validateList(list_ipaddresses_after)
self.assertEquals(
PASS,
status[0],
"IP Addresses Association Failed"
)
# Verifying the length of the list is 1
self.assertEqual(
1,
len(list_ipaddresses_after),
"Number of IP Addresses associated are not matching expected"
)
# Launching a Virtual Machine with above created Network
vm_created = VirtualMachine.create(
self.userapiclient,
self.services["virtual_machine"],
accountid=self.account.name,
domainid=self.account.domainid,
networkids=network.id,
serviceofferingid=self.service_offering.id,
)
self.assertIsNotNone(
vm_created,
"Failed to launch a VM under network created"
)
self.cleanup.append(network)
# Listing Virtual Machines in running state in above created network
list_vms_running = VirtualMachine.list(
self.userapiclient,
listall=self.services["listall"],
state="Running",
networkid=network.id
)
status = validateList(list_vms_running)
self.assertEquals(
PASS,
status[0],
"VM Created is not in Running state"
)
# Verifying the length of the list is 1
self.assertEqual(
1,
len(list_ipaddresses_after),
"VM Created is not in Running state"
)
self.assertEquals(
vm_created.id,
list_vms_running[0].id,
"VM Created is not in Running state"
)
# Listing Virtual Machines in stopped state in above created network
list_vms_stopped = VirtualMachine.list(
self.userapiclient,
listall=self.services["listall"],
state="Stopped",
networkid=network.id
)
# Verifying no VMs are in stopped state
self.assertIsNone(
list_vms_stopped,
"VM Created is in stopped state"
)
# Listing Port Forwarding Rules for the IP Address associated
list_prtfwdrule_before = NATRule.list(
self.userapiclient,
listall=self.services["listall"],
ipaddressid=associated_ipaddress.ipaddress.id
)
# Verifying no port forwarding rules are listed
self.assertIsNone(
list_prtfwdrule_before,
"Port Forwarding Rules listed for newly associated IP Address"
)
# Creating a Port Forwarding rule
portfwd_rule = NATRule.create(
self.userapiclient,
virtual_machine=vm_created,
services=self.services["natrule"],
ipaddressid=associated_ipaddress.ipaddress.id,
)
self.assertIsNotNone(
portfwd_rule,
"Failed to create Port Forwarding Rule"
)
# Verifying details of Sticky Policy created
# Creating expected and actual values dictionaries
expected_dict = {
"ipaddressid": associated_ipaddress.ipaddress.id,
"privateport": str(self.services["natrule"]["privateport"]),
"publicport": str(self.services["natrule"]["publicport"]),
"protocol": str(self.services["natrule"]["protocol"]).lower(),
}
actual_dict = {
"ipaddressid": portfwd_rule.ipaddressid,
"privateport": str(portfwd_rule.privateport),
"publicport": str(portfwd_rule.publicport),
"protocol": portfwd_rule.protocol,
}
portfwd_status = self.__verify_values(
expected_dict,
actual_dict
)
self.assertEqual(
True,
portfwd_status,
"Created Port Forward Rule details are not as expected"
)
# Listing Port Forwarding Rules for the IP Address associated
list_prtfwdrule_after = NATRule.list(
self.userapiclient,
listall=self.services["listall"],
ipaddressid=associated_ipaddress.ipaddress.id
)
status = validateList(list_prtfwdrule_after)
self.assertEquals(
PASS,
status[0],
"Failed to create Port Forwarding Rule"
)
# Verifying the length of the list is 1
self.assertEqual(
1,
len(list_prtfwdrule_after),
"Failed to create Port Forwarding Rule"
)
# Deleting Port Forwarding Rule
portfwd_rule.delete(self.userapiclient)
# Creating a Port Forwarding rule with port range
portfwd_rule = NATRule.create(
self.userapiclient,
virtual_machine=vm_created,
services=self.services["natrulerange"],
ipaddressid=associated_ipaddress.ipaddress.id,
)
self.assertIsNotNone(
portfwd_rule,
"Failed to create Port Forwarding Rule"
)
#update the private port for port forwarding rule
updatefwd_rule = portfwd_rule.update(self.userapiclient,
portfwd_rule.id,
virtual_machine=vm_created,
services=self.services["updatenatrulerange"],
)
# Verifying details of Sticky Policy created
# Creating expected and actual values dictionaries
expected_dict = {
"privateport": str(self.services["updatenatrulerange"]["privateport"]),
"privateendport": str(self.services["updatenatrulerange"]["privateendport"]),
}
actual_dict = {
"privateport": str(updatefwd_rule.privateport),
"privateendport": str(updatefwd_rule.privateendport),
}
portfwd_status = self.__verify_values(
expected_dict,
actual_dict
)
self.assertEqual(
True,
portfwd_status,
"Updated Port Forward Rule details are not as expected"
)
# Deleting Port Forwarding Rule
portfwd_rule.delete(self.userapiclient)
# Listing Port Forwarding Rules for the IP Address associated
list_prtfwdrule_after = NATRule.list(
self.userapiclient,
listall=self.services["listall"],
ipaddressid=associated_ipaddress.ipaddress.id
)
# Verifying no port forwarding rules are listed
self.assertIsNone(
list_prtfwdrule_after,
"Port Forwarding Rules listed after deletion"
)
# Destroying the VM Launched
vm_created.delete(self.apiClient)
self.cleanup.append(self.account)
return
def test_03_list_publicip_user_domain(self):
"""
A regular user should be able to display public ip address
only in their domain
Step 1: Create an isolated network in the user domain
Step 2: Display all public ip address in that domain
Step 3: Ensure that the count is 10
Step 4: Associate IP in the range, dedicated to domain2
Step 5: Display only the allocated Ip address in domain2
Step 6: Ensure that the count is 1
Step 7: Try to display public ip address from shared networks
Step 8: It should not return any result
Step 9: Try to display allocated public ip address of child domain using networkid
Step 10: It should display all allocated ip address from child domain
Step 11: Try to display all public ip address from child domain
Step 12: It should display all public ip of child domain
Step 13: Try to display ip of domain2 from a different domain
Step 14: Ensure that we get exception when trying to do so
:return:
"""
user = self.sub_account.user[0]
sub_user_api_client = self.testClient.getUserApiClient(user.username, self.sub_domain.name)
# Step 1: create network in child domain
self.isolated_network2 = Network.create(
self.apiclient,
self.services["isolated_network"],
accountid=self.sub_account.name,
domainid=self.sub_account.domainid,
networkofferingid=self.isolated_network_offering.id,
zoneid=self.zone.id
)
# Step 2: Display all public ip address in sub domain
ipAddresses = PublicIPAddress.list(
sub_user_api_client,
allocatedonly=False,
listall=True,
forvirtualnetwork=True)
# Step 3: Ensure that sub domain can list only the ip address in their domain
self.assertEqual(
len(ipAddresses),
10,
"Allocated IP address is greater than 1"
)
# Step 4: Associate IP in range dedicated to sub domain
ip_address_1 = self.get_free_ipaddress(self.public_ip_range2.vlan.id)
ipaddress = PublicIPAddress.create(
sub_user_api_client,
zoneid=self.zone.id,
networkid=self.isolated_network2.id,
ipaddress=ip_address_1
)
# Step 5: Display all allocated ip address in sub domain
ipAddresses = PublicIPAddress.list(
sub_user_api_client,
allocatedonly=True,
listall=True,
forvirtualnetwork=True)
# Step 6: Ensure that the count is 1
self.assertEqual(
len(ipAddresses),
1,
"Allocated IP address is greater than 1"
)
# Step 7: Display ip address from shared networks
ipAddresses = PublicIPAddress.list(
sub_user_api_client,
allocatedonly=True,
listall=True,
forvirtualnetwork=False)
# Step 8: It should not return any result
self.assertIsNone(
ipAddresses,
"Users should not display ip from shared networks"
)
user = self.account1.user[0]
user_api_client = self.testClient.getUserApiClient(user.username, self.domain1.name)
# Step 9: display ip of child domain using network id
ipAddresses = PublicIPAddress.list(
user_api_client,
allocatedonly=True,
listall=True,
isrecursive=True,
associatednetworkid=self.isolated_network2.id,
forvirtualnetwork=True)
# Step 10: Ensure that the count is 1 as only 1 ip is acquired in test 3
self.assertEqual(
len(ipAddresses),
1,
"Unable to display IP address of child domain using network id"
)
# Step 11: display ip of child domain using network id
ipAddresses = PublicIPAddress.list(
user_api_client,
allocatedonly=False,
listall=True,
isrecursive=True,
associatednetworkid=self.isolated_network2.id,
forvirtualnetwork=True)
# Step 12: Ensure that the count is 1 as only 1 ip is acquired in test 3
self.assertEqual(
len(ipAddresses),
10,
"Unable to display IP address of child domain using network id"
)
try:
# Step 13
user = self.account2.user[0]
user_api_client = self.testClient.getUserApiClient(user.username, self.domain2.name)
PublicIPAddress.list(
user_api_client,
allocatedonly=False,
listall=True,
associatednetworkid=self.isolated_network2.id,
forvirtualnetwork=True)
# Step 14
self.fail("Domain should not access public ip of sibling domain")
except Exception as e:
self.info("Got exception as expected since domain2 cant access network of domain1")
def test_add_multiple_admins_in_project(self):
"""
1. Create a User Account
2. Add user account with 'Admin' project account role and associate it with a Project role;
The role defines what APIs are allowed/disallowed for the user: here, 'listPublicIpAddresses'
is denied for the user account
3. Execute the 'listPublicIpAddresses' API and verify/confirm that the user/account can execute the
API as it is a project admin
"""
self.useraccount = Account.create(self.apiclient,
self.testdata["account"],
roleid=4)
self.cleanup.append(self.useraccount)
self.useraccount1 = Account.create(self.apiclient,
self.testdata["useracc"],
roleid=4)
self.cleanup.append(self.useraccount1)
self.project.addAccount(self.apiclient,
account=self.useraccount.name,
projectroleid=self.projectrole.id,
roletype='Admin')
self.project.addAccount(self.apiclient,
account=self.useraccount1.name,
projectroleid=self.projectrole.id)
project_accounts = Project.listAccounts(self.apiclient,
projectid=self.project.id,
role='Admin')
self.assertEqual(len(project_accounts), 2,
"account not added with admin Role")
self.userapiclientAdminRole = self.testClient.getUserApiClient(
UserName=self.useraccount.name,
DomainName=self.useraccount.domain,
type=0)
self.userapiclientRegularRole = self.testClient.getUserApiClient(
UserName=self.useraccount1.name,
DomainName=self.useraccount1.domain,
type=0)
try:
PublicIPAddress.list(self.userapiclientAdminRole,
projectid=self.project.id)
self.debug(
"User added to the project could execute the listPublicIpAddresses API despite the project "
"role as it is the Admin")
pass
except CloudstackAPIException:
self.fail(
"User is an Admin, should be able to execute the command despite Project role"
)
try:
self.project.suspend(self.userapiclientAdminRole, )
self.debug(
"The user can perform Project administrative operations as it is added as "
"an Admin to the project")
pass
except CloudstackAPIException:
self.fail(
"User should be allowed to execute project administrative operations"
"as it is the Project Admin")
try:
self.project.suspend(self.userapiclientRegularRole, )
except Exception as e:
pass
def test_05_list_publicip_user_domain(self):
"""
A domain admin should be able to display public ip address
in their domain and also all child domains
Step 1: Display all public ip address in that domain and sub domain
Step 2: Ensure that the count is 20
Step 3: Display only the allocated Ip address
Step 4: Ensure that the count is 2
Step 5: Try to display public ip of vpc from different domain
Step 6: Ensure that we get exception when trying to do so
:return:
"""
user = self.account2.user[0]
user_api_client = self.testClient.getUserApiClient(user.username, self.domain2.name)
self.services["vpc"]["cidr"] = "10.1.1.1/16"
vpc_1 = VPC.create(
user_api_client,
self.services["vpc"],
vpcofferingid=self.vpc_off.id,
zoneid=self.zone.id,
account=self.account2.name,
domainid=self.account2.domainid
)
self.validate_vpc_network(vpc_1)
ipAddresses = PublicIPAddress.list(
user_api_client,
allocatedonly=False,
listall=True,
forvirtualnetwork=True)
self.assertGreaterEqual(
len(ipAddresses),
10,
"Unable to display all public ip in VPC"
)
# List ip address using vpcid
ipAddresses = PublicIPAddress.list(
self.apiclient,
vpcid=vpc_1.id,
allocatedonly=False,
account=self.account2.name,
domainid=self.domain2.id,
forvirtualnetwork=True)
self.assertGreaterEqual(
len(ipAddresses),
10,
"Unable to display all public ip in VPC"
)
# Acquire public ip address from VPC
ip_address_1 = self.get_free_ipaddress(self.public_ip_range3.vlan.id)
PublicIPAddress.create(
user_api_client,
zoneid=self.zone.id,
vpcid=vpc_1.id,
ipaddress=ip_address_1
)
ipAddresses = PublicIPAddress.list(
user_api_client,
allocatedonly=True,
listall=True,
forvirtualnetwork=True)
self.assertGreaterEqual(
len(ipAddresses),
2,
"Unable to display allocated public ip in VPC"
)
try:
# Step 5
user = self.account1.user[0]
user_api_client = self.testClient.getUserApiClient(user.username, self.domain1.name)
PublicIPAddress.list(
user_api_client,
allocatedonly=False,
listall=True,
vpcid=vpc_1.id,
forvirtualnetwork=True)
# Step 6
self.fail("Domain should not access public ip of sibling domain")
except Exception as e:
self.info("Got exception as expected since domain2 cant access network of domain1")
self.vpc_off.update(self.apiclient, state='Disabled')
self.cleanup.append(vpc_1)
self.cleanup.append(self.vpc_off)
