def testBasicPolicy(testbed, numContainer, numIter): for iter in range(numIter): tenant = objmodel.tenant('default') network = tenant.newNetwork('private') # Create policy policy = tenant.newPolicy('first') # create default deny Rule policy.addRule('1', direction="in", protocol="tcp", action="deny") # Create allow port 8000 Rule policy.addRule('2', direction="in", priority=100, protocol="tcp", port=8000, action="accept") # Add the policy to epg groups = [] for cntIdx in range(numContainer): nodeIdx = cntIdx % testbed.numNodes() epgName = "srv" + str(cntIdx) group = network.newGroup(epgName, policies=["first"]) groups.append(group) # start containers containers = testbed.runContainers(numContainer, withService=True) # start netcast listeners testbed.startListeners(containers, [8000, 8001]) # Check connection to all containers if testbed.checkConnections(containers, 8000, True) != True: testbedApi.exit("Connection failed") if testbed.checkConnections(containers, 8001, False) != False: testbedApi.exit("Connection succeded while expecting it to fail") # stop netcast listeners testbed.stopListeners(containers) # remove containers testbed.removeContainers(containers) # Remove policy from epg for group in groups: group.removePolicy("first") # delete epg for cntIdx in range(numContainer): nodeIdx = cntIdx % testbed.numNodes() epgName = "srv" + str(cntIdx) network.deleteGroup(epgName) # Remove the policy and rules policy.deleteRule('1') policy.deleteRule('2') tenant.deletePolicy('first') testbedApi.info("testBasicPolicy Iteration " + str(iter) + " passed") testbedApi.info("testBasicPolicy Test passed")
def cleanupPolicies(numPolicy, numRulesPerPolicy): tenant = objmodel.tenant('default') for pid in range(numPolicy): pname = 'policy' + str(pid + 1) policy = tenant.newPolicy(pname) # Remove policy from epg and delete epg epgName = "srv" + str(pid) + ".private" group = tenant.newGroup(epgName, policies=[]) tenant.deleteGroup(epgName) # Remove the policy and rules tenant.deletePolicy(pname)
def createPolicies(numPolicy, numRulesPerPolicy): tenant = objmodel.tenant('default') for pid in range(numPolicy): pname = 'policy' + str(pid + 1) # Create policy policy = tenant.newPolicy(pname) # create default deny Rule policy.addRule('1', direction="in", protocol="tcp", action="deny") # Create Rules for rid in range(numRulesPerPolicy): # Create allow port xxx Rule policy.addRule(str(2 + rid), direction="in", priority=10, protocol="tcp", port=(8000 + rid), action="accept") # Add the policy to epg epgName = "srv" + str(pid) + ".private" group = tenant.newGroup(epgName, policies=[pname])
def testPolicyAddDeleteRule(testbed, numContainer, numIter): tenant = objmodel.tenant('default') # Create policy policy = tenant.newPolicy('first') # create default deny Rule policy.addRule('1', direction="both", protocol="tcp", action="deny") # Create allow port 8000 Rule policy.addRule('2', direction="in", priority=100, protocol="tcp", port=8000, action="accept") # Add the policy to epg groups = [] for cntIdx in range(numContainer): nodeIdx = cntIdx % testbed.numNodes() epgName = "srv" + str(cntIdx) + ".private" group = tenant.newGroup(epgName, policies=["first"]) groups.append(group) # start containers containers = testbed.runContainers(numContainer) # start netcast listeners testbed.startListeners(containers, [8000, 8001]) # Check connection to all containers if testbed.checkConnections(containers, 8000, True) != True: testbedApi.exit("Connection failed") if testbed.checkConnections(containers, 8001, False) != False: testbedApi.exit("Connection succeded while expecting it to fail") for iter in range(numIter): # Add a rule for port 8001 policy.addRule('3', direction="in", priority=100, protocol="tcp", port=8001, action="accept") # now check connection passes if testbed.checkConnections(containers, 8000, True) != True: testbedApi.exit("Connection failed") if testbed.checkConnections(containers, 8001, True) != True: testbedApi.exit("Connection failed to port 8001") # Now delete the Rule policy.deleteRule('3') # Now verify connection fails if testbed.checkConnections(containers, 8000, True) != True: testbedApi.exit("Connection failed") if testbed.checkConnections(containers, 8001, False) != False: testbedApi.exit("Connection succeded while expecting it to fail") testbedApi.info("testPolicyAddDeleteRule Iteration " + str(iter) + " Passed") # stop netcast listeners testbed.stopListeners(containers) # remove containers testbed.removeContainers(containers) # Remove policy from epg for group in groups: group.removePolicy("first") # Remove the policy and rules policy.deleteRule('1') policy.deleteRule('2') tenant.deletePolicy('first') testbedApi.info("testPolicyAddDeleteRule Test passed")
def testPolicyFromEpg(testbed, numContainer, numIter): for iter in range(numIter): tenant = objmodel.tenant('default') network = tenant.newNetwork('private') # Create common epg network.newGroup('common') # Add the policy to epg groups = [] for cntIdx in range(numContainer): nodeIdx = cntIdx % testbed.numNodes() srvName = "srv" + str(cntIdx) # Create policy for each service policy = tenant.newPolicy(srvName) # create default deny Rule policy.addRule('1', direction="in", protocol="tcp", action="deny") # Create allow port 8000 Rule policy.addRule('2', direction="in", priority=100, protocol="tcp", port=8000, action="accept") # Create allow from 'common' epg rule policy.addRule('3', direction="in", priority=100, endpointGroup="common", network='private', protocol="tcp", port=8001, action="accept") group = network.newGroup(srvName, policies=[srvName]) groups.append(group) # start containers containers = testbed.runContainers(numContainer, withService=True) # Start containers in common Epg cmnContainers = testbed.runContainersInService(numContainer, serviceName='common') # start netcast listeners testbed.startListeners(containers, [8000, 8001]) # Check connection to all containers if testbed.checkConnections(containers, 8000, True) != True: testbedApi.exit("Connection failed") if testbed.checkConnections(containers, 8001, False) != False: testbedApi.exit("Connection succeded while expecting it to fail") if testbed.checkConnectionPair(cmnContainers, containers, 8001, True) != True: testbedApi.exit("Connection failed") # stop netcast listeners testbed.stopListeners(containers) # remove containers testbed.removeContainers(containers) testbed.removeContainers(cmnContainers) # delete epg for cntIdx in range(numContainer): nodeIdx = cntIdx % testbed.numNodes() srvName = "srv" + str(cntIdx) network.deleteGroup(srvName) tenant.deletePolicy(srvName) testbedApi.info("testPolicyFromEpg Iteration " + str(iter) + " passed") testbedApi.info("testPolicyFromEpg Test passed")
#!/usr/bin/python # synthesizer import testbedApi import time import sys import objmodel import threading def sleepMs(ms): time.sleep (ms / 1000.0); # Get the tenant tenant = objmodel.tenant('default') # Create policy tenant.newPolicy('1111111111') tenant.newPolicy('2222222222') tenant.newPolicy('3333333333') tenant.newPolicy('4444444444') tenant.newPolicy('5555555555') tenant.newPolicy('6666666666') tenant.newPolicy('7777777777') tenant.newPolicy('8888888888') # Create Groups g0 = tenant.newGroup("0group0", networkName="private", policies=["1111111111", "2222222222", "3333333333", "4444444444", "5555555555", "6666666666", "7777777777", "8888888888"]) numGroups = 8 stepDelay = 600.0
#!/usr/bin/python # synthesizer import testbedApi import time import sys import objmodel import threading def sleepMs(ms): time.sleep(ms / 1000.0) # Get the tenant tenant = objmodel.tenant('default') # Create policy tenant.newPolicy('1111111111') tenant.newPolicy('2222222222') tenant.newPolicy('3333333333') tenant.newPolicy('4444444444') tenant.newPolicy('5555555555') tenant.newPolicy('6666666666') tenant.newPolicy('7777777777') tenant.newPolicy('8888888888') # Create Groups g0 = tenant.newGroup("0group0", networkName="private", policies=[