def create_sg(sg_option, l3_uuid, nic_uuid): try: #create security group sg = net_ops.create_security_group(sg_option) #add rule net_ops.add_rules_to_security_group(sg.uuid, rules, session_uuid) #attach to l3 net_ops.attach_security_group_to_l3(sg.uuid, l3_uuid, session_uuid) #attach to vm net_ops.add_nic_to_security_group(sg.uuid, [nic_uuid], session_uuid) except: exc_info.append(sys.exc_info())
def attach(self, target_nic_uuids): added_l3_uuid = [] for nic in target_nic_uuids: l3_uuid = test_lib.lib_get_l3_uuid_by_nic(nic) self._add_nic(l3_uuid, nic) #In zstack, need attach Nic's L3 to SG, before add Nic to SG # If SG has been attached to L3, it should not be attached again. if l3_uuid in added_l3_uuid: continue conditions = res_ops.gen_query_conditions('uuid', '=', self.security_group.uuid) sg = res_ops.query_resource(res_ops.SECURITY_GROUP, conditions)[0] if l3_uuid in sg.attachedL3NetworkUuids: added_l3_uuid.append(l3_uuid) continue added_l3_uuid.append(l3_uuid) net_ops.attach_security_group_to_l3(self.security_group.uuid, l3_uuid) net_ops.add_nic_to_security_group(self.security_group.uuid, target_nic_uuids) super(ZstackTestSecurityGroup, self).attach(target_nic_uuids)
def test(): ''' Test image requirements: 1. have nc to check the network port 2. have "nc" to open any port 3. it doesn't include a default firewall VR image is a good candiate to be the guest image. ''' test_util.test_dsc( "Create 3 VMs with vlan VR L3 network and using VR image.") vm1 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm1) vm1_ip = vm1.vm.vmNics[0].ip vm2 = test_stub.create_sg_vm() test_obj_dict.add_vm(vm2) vm2_ip = vm2.vm.vmNics[0].ip vm1.check() vm2.check() test_util.test_dsc("Create security groups.") sg1 = test_stub.create_sg() test_obj_dict.add_sg(sg1.security_group.uuid) sg2 = test_stub.create_sg() test_obj_dict.add_sg(sg2.security_group.uuid) sg_vm = test_sg_vm_header.ZstackTestSgVm() sg_vm.check() l3_uuid = vm1.vm.vmNics[0].l3NetworkUuid vm1_nic_uuid = vm1.vm.vmNics[0].uuid vm2_nic_uuid = vm2.vm.vmNics[0].uuid #Attach security group to l3 network net_ops.attach_security_group_to_l3(sg1.security_group.uuid, l3_uuid) net_ops.attach_security_group_to_l3(sg2.security_group.uuid, l3_uuid) #Add vm1 nic to security group sg_vm.attach(sg1, [(vm1_nic_uuid, vm1)]) sg_vm.check() sg_vm.attach(sg2, [(vm2_nic_uuid, vm2)]) sg_vm.check() rule1_1 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP, inventory.INGRESS, vm2_ip) rule1_2 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.INGRESS, vm2_ip) rule1_3 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.UDP, inventory.INGRESS, vm2_ip) sg1.add_rule([rule1_1, rule1_2, rule1_3], [sg2.security_group.uuid]) sg_vm.check() sg_vm.add_stub_vm(l3_uuid, vm2) sg_vm.check() sg_vm.delete_stub_vm(l3_uuid) rule2_1 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP, inventory.INGRESS, vm1_ip) rule2_2 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.INGRESS, vm1_ip) rule2_3 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.UDP, inventory.INGRESS, vm1_ip) sg2.add_rule([rule2_1, rule2_2, rule2_3], [sg1.security_group.uuid]) sg_vm.check() sg_vm.add_stub_vm(l3_uuid, vm1) #sg_vm.check() try: test_lib.lib_open_vm_listen_ports(vm1.vm, Port.ports_range_dict['rule1_ports'], l3_uuid) test_lib.lib_open_vm_listen_ports(vm2.vm, Port.ports_range_dict['rule1_ports'], l3_uuid) test_lib.lib_check_vm_ports_in_a_command( vm1.vm, vm2.vm, Port.ports_range_dict['rule1_ports'], []) except: test_util.test_fail( 'Security Group Meets Failure When Checking Ingress Rule. ') #Cleanup sg_vm.delete_sg(sg2) test_obj_dict.rm_sg(sg2.security_group.uuid) sg_vm.delete_sg(sg1) test_obj_dict.rm_sg(sg1.security_group.uuid) sg_vm.check() vm1.destroy() test_obj_dict.rm_vm(vm1) vm2.destroy() test_obj_dict.rm_vm(vm2) test_util.test_pass( 'Security Group Vlan VirtualRouter 2 VMs Group Ingress Test Success')
def test(): ''' Test image requirements: 1. have nc to check the network port 2. have "nc" to open any port 3. it doesn't include a default firewall VR image is a good candiate to be the guest image. ''' test_util.test_dsc("Create 3 VMs with vlan VR L3 network and using VR image.") image_name = os.environ.get('ipv6ImageName') ipv4_net_uuid = test_lib.lib_get_l3_by_name(os.environ.get('l3PublicNetworkName')).uuid ipv6_net_uuid = test_lib.lib_get_l3_by_name(os.environ.get('l3PublicNetworkName1')).uuid print "ipv4_net_uuid is : %s , ipv6_net_uuid is : %s" %(ipv4_net_uuid, ipv6_net_uuid) vm1 = test_stub.create_vm(l3_name = os.environ.get('l3PublicNetworkName'), vm_name = 'vm_1 IPv6 2 stack test', system_tags = ["dualStackNic::%s::%s" %(ipv4_net_uuid, ipv6_net_uuid)], image_name = image_name) test_obj_dict.add_vm(vm1) vm2 = test_stub.create_vm(l3_name = os.environ.get('l3PublicNetworkName'), vm_name = 'vm_2 IPv6 2 stack test', system_tags = ["dualStackNic::%s::%s" %(ipv4_net_uuid, ipv6_net_uuid)], image_name = image_name) test_obj_dict.add_vm(vm2) time.sleep(120) #waiting for vm bootup vm1_ip1 = vm1.get_vm().vmNics[0].usedIps[0].ip vm1_ip2 = vm1.get_vm().vmNics[0].usedIps[1].ip vm2_ip1 = vm2.get_vm().vmNics[0].usedIps[0].ip vm2_ip2 = vm2.get_vm().vmNics[0].usedIps[1].ip if "172.20" in vm1_ip1: vm1_ipv4 = vm1_ip1 vm1_ipv6 = vm1_ip2 else: vm1_ipv4 = vm1_ip2 vm1_ipv6 = vm1_ip1 if "172.20" in vm2_ip1: vm2_ipv4 = vm2_ip1 vm2_ipv6 = vm2_ip2 else: vm2_ipv4 = vm2_ip2 vm2_ipv6 = vm2_ip1 print "vm1_ipv6 : %s, vm1_ipv4: %s, vm2_ipv6 :%s,vm2_ipv4 :%s, ipv4 :%s, ipv6 :%s." %(vm1_ipv6, vm1_ipv4, vm2_ipv6, vm2_ipv4, vm2_ipv4, vm2_ipv6) cmd = "ping6 -c 4 %s" %(vm2_ipv6) (retcode, output, erroutput) = ssh.execute(cmd, vm1_ipv4, "root", "password", True, 22) cmd1 = "ping -c 4 %s" %(vm2_ipv4) (retcode1, output1, erroutput1) = ssh.execute(cmd1, vm1_ipv4, "root", "password", True, 22) print "retcode is: %s; output is : %s.; erroutput is: %s" %(retcode, output , erroutput) print "retcode1 is: %s; output1 is : %s.; erroutput1 is: %s" %(retcode1, output1 , erroutput1) test_util.test_dsc("Create security groups.") sg1 = test_stub.create_sg(ipVersion = 6) test_obj_dict.add_sg(sg1.security_group.uuid) sg2 = test_stub.create_sg(ipVersion = 6) test_obj_dict.add_sg(sg2.security_group.uuid) sg_vm = test_sg_vm_header.ZstackTestSgVm() l3_uuid = ipv6_net_uuid vm1_nic_uuid = vm1.get_vm().vmNics[0].uuid vm2_nic_uuid = vm2.get_vm().vmNics[0].uuid print "vm1_nic_uuid :%s, vm2_nic_uuid :%s ."%(vm1_nic_uuid, vm2_nic_uuid) #Attach security group to l3 network net_ops.attach_security_group_to_l3(sg1.security_group.uuid, l3_uuid) net_ops.attach_security_group_to_l3(sg2.security_group.uuid, l3_uuid) #Add vm1 nic to security group sg_vm.attach(sg1, [(vm1_nic_uuid, vm1)], ipv6 = "ipv6") sg_vm.attach(sg2, [(vm2_nic_uuid, vm2)], ipv6 = "ipv6") rule1_1 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP, inventory.INGRESS, vm2_ipv6, ipVersion = 6) rule1_2 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.INGRESS, vm2_ipv6, ipVersion = 6) rule1_3 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.UDP, inventory.INGRESS, vm2_ipv6, ipVersion = 6) sg1.add_rule([rule1_1,rule1_2,rule1_3], [sg2.security_group.uuid]) sg_vm.add_stub_vm(l3_uuid, vm2) sg_vm.delete_stub_vm(l3_uuid) rule2_1 = test_lib.lib_gen_sg_rule(Port.icmp_ports, inventory.ICMP, inventory.INGRESS, vm1_ipv6, ipVersion = 6) rule2_2 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.INGRESS, vm1_ipv6, ipVersion = 6) rule2_3 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.UDP, inventory.INGRESS, vm1_ipv6, ipVersion = 6) sg2.add_rule([rule2_1,rule2_2,rule2_3], [sg1.security_group.uuid]) sg_vm.add_stub_vm(l3_uuid, vm1) try: test_lib.lib_open_vm_listen_ports(vm1.vm, Port.ports_range_dict['rule1_ports'], l3_uuid, target_ip = vm1_ipv4, target_ipv6 = vm1_ipv6) test_lib.lib_open_vm_listen_ports(vm2.vm, Port.ports_range_dict['rule1_ports'], l3_uuid, target_ip = vm2_ipv4, target_ipv6 = vm2_ipv6) test_lib.lib_check_vm_ports_in_a_command(vm1.vm, vm2.vm, Port.ports_range_dict['rule1_ports'], [], target_ipv6 = vm2_ipv6) except: test_util.test_fail('Security Group Meets Failure When Checking Ingress Rule. ') #Cleanup sg_vm.delete_sg(sg2) test_obj_dict.rm_sg(sg2.security_group.uuid) sg_vm.delete_sg(sg1) test_obj_dict.rm_sg(sg1.security_group.uuid) sg_vm.check() vm1.destroy() test_obj_dict.rm_vm(vm1) vm2.destroy() test_obj_dict.rm_vm(vm2) test_util.test_pass('Security Group Vlan VirtualRouter 2 VMs Group Ingress Test Success')