Пример #1
0
 def setUp(self):
     super(TestDHCPApp, self).setUp()
     self.topology = None
     self.policy = None
     try:
         self.topology = self.store(
             app_testing_objects.Topology(self.neutron, self.nb_api))
         self.subnet1 = self.topology.create_subnet(cidr='192.168.11.0/24')
         self.port1 = self.subnet1.create_port()
         self.port2 = self.subnet1.create_port()
         time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)
         # Create policy
         dhcp_packet = self._create_dhcp_discover()
         send_dhcp_offer = app_testing_objects.SendAction(
             self.subnet1.subnet_id, self.port1.port_id, str(dhcp_packet))
         port_policies = self._create_port_policies()
         self.policy = self.store(
             app_testing_objects.Policy(
                 initial_actions=[send_dhcp_offer],
                 port_policies=port_policies,
                 unknown_port_action=app_testing_objects.IgnoreAction()))
     except Exception:
         if self.topology:
             self.topology.close()
         raise
Пример #2
0
    def setUp(self):
        super(TestL3App, self).setUp()
        self.topology = None
        self.policy = None
        self._ping = None
        try:
            self.topology = self.store(
                app_testing_objects.Topology(self.neutron, self.nb_api))
            self.subnet1 = self.topology.create_subnet(cidr='192.168.12.0/24')
            self.subnet2 = self.topology.create_subnet(cidr='192.168.13.0/24')
            self.port1 = self.subnet1.create_port()
            self.port2 = self.subnet2.create_port()
            self.router = self.topology.create_router([
                self.subnet1.subnet_id,
                self.subnet2.subnet_id,
            ])
            time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)

            port_policies = self._create_port_policies()
            self.policy = self.store(
                app_testing_objects.Policy(
                    initial_actions=[
                        app_testing_objects.SendAction(
                            self.subnet1.subnet_id, self.port1.port_id,
                            self._create_ping_packet),
                    ],
                    port_policies=port_policies,
                    unknown_port_action=app_testing_objects.IgnoreAction()))
        except Exception:
            if self.topology:
                self.topology.close()
            raise
Пример #3
0
    def setUp(self):
        super(TestSGApp, self).setUp()
        self.topology = None
        self.policy = None
        self.security_group = objects.SecGroupTestObj(self.neutron,
                                                      self.nb_api)
        self.addCleanup(self.security_group.close)
        security_group_id = self.security_group.create()
        self.assertTrue(self.security_group.exists())

        self.security_group2 = objects.SecGroupTestObj(self.neutron,
                                                       self.nb_api)
        self.addCleanup(self.security_group2.close)
        security_group_id2 = self.security_group2.create()
        self.assertTrue(self.security_group2.exists())

        self.security_group3 = objects.SecGroupTestObj(self.neutron,
                                                       self.nb_api)
        self.addCleanup(self.security_group3.close)
        security_group_id3 = self.security_group3.create()
        self.assertTrue(self.security_group3.exists())

        self.topology = app_testing_objects.Topology(self.neutron, self.nb_api)
        self.addCleanup(self.topology.close)

        self.active_security_group_id = security_group_id
        self.inactive_security_group_id = security_group_id2
        self.allowed_address_pairs_security_group_id = security_group_id3

        self.permit_icmp_request = self._get_icmp_request1
        self.no_permit_icmp_request = self._get_icmp_request2
Пример #4
0
 def test_infrastructure(self):
     try:
         topology = app_testing_objects.Topology(self.neutron, self.nb_api)
         subnet1 = topology.create_subnet(cidr='192.168.10.0/24')
         subnet2 = topology.create_subnet(cidr='192.168.11.0/24')
         port1 = subnet1.create_port()
         port2 = subnet2.create_port()
         topology.create_router([subnet1.subnet_id, subnet2.subnet_id])
         LOG.info('Port1 name: {}'.format(port1.tap.tap.name))
         LOG.info('Port2 name: {}'.format(port2.tap.tap.name))
         test_utils.print_command(['ip', 'addr'])
         test_utils.print_command(['ovs-vsctl', 'show'], True)
         test_utils.print_command(
             ['ovs-ofctl', 'show', self.integration_bridge], True)
         test_utils.print_command(
             ['ovs-ofctl', 'dump-flows', self.integration_bridge], True)
         test_utils.print_command(['ovsdb-client', 'dump', 'Open_vSwitch'],
                                  True)
     except Exception as e:
         traceback = sys.exc_info()[2]
         try:
             topology.close()
         except Exception:
             pass  # Ignore
         # Just calling raise may raise an exception from topology.close()
         raise e, None, traceback
     topology.close()
Пример #5
0
 def setUp(self):
     super(TestArpResponder, self).setUp()
     self.topology = None
     self.policy = None
     try:
         self.topology = app_testing_objects.Topology(
             self.neutron,
             self.nb_api)
         subnet1 = self.topology.create_subnet(cidr='192.168.10.0/24')
         port1 = subnet1.create_port()
         port2 = subnet1.create_port()
         time.sleep(test_utils.DEFAULT_CMD_TIMEOUT)
         # Create policy
         arp_packet = self._create_arp_request(
             src_port=port1.port.get_logical_port(),
             dst_port=port2.port.get_logical_port(),
         )
         send_arp_request = app_testing_objects.SendAction(
             subnet1.subnet_id,
             port1.port_id,
             str(arp_packet),
         )
         ignore_action = app_testing_objects.IgnoreAction()
         log_action = app_testing_objects.LogAction()
         key1 = (subnet1.subnet_id, port1.port_id)
         port_policies = {
             key1: app_testing_objects.PortPolicy(
                 rules=[
                     app_testing_objects.PortPolicyRule(
                         # Detect arp replies
                         app_testing_objects.RyuARPReplyFilter(),
                         actions=[
                             log_action,
                             app_testing_objects.StopSimulationAction()
                         ]
                     ),
                     app_testing_objects.PortPolicyRule(
                         # Ignore IPv6 packets
                         app_testing_objects.RyuIPv6Filter(),
                         actions=[
                             ignore_action
                         ]
                     ),
                 ],
                 default_action=app_testing_objects.RaiseAction(
                     "Unexpected packet"
                 )
             ),
         }
         self.policy = app_testing_objects.Policy(
             initial_actions=[send_arp_request],
             port_policies=port_policies,
             unknown_port_action=ignore_action
         )
     except Exception:
         if self.topology:
             self.topology.close()
         raise
     self.store(self.topology)
     self.store(self.policy)
Пример #6
0
    def _init_topology(self):
        network = netaddr.IPNetwork(self.cidr)
        security_group = self.store(
            objects.SecGroupTestObj(self.neutron, self.nb_api))
        security_group_id = security_group.create()
        self.assertTrue(security_group.exists())

        egress_rule_info = {
            'ethertype': self.ethertype,
            'direction': 'egress',
            'protocol': self.icmp_proto
        }
        egress_rule_id = security_group.rule_create(secrule=egress_rule_info)
        self.assertTrue(security_group.rule_exists(egress_rule_id))

        ingress_rule_info = {
            'ethertype': self.ethertype,
            'direction': 'ingress',
            'protocol': self.icmp_proto,
            'remote_ip_prefix': self.cidr
        }
        ingress_rule_id = security_group.rule_create(secrule=ingress_rule_info)
        self.assertTrue(security_group.rule_exists(ingress_rule_id))
        self.topology = self.store(
            app_testing_objects.Topology(self.neutron, self.nb_api))

        self.subnet = self.topology.create_subnet(cidr=self.cidr)
        self.port1 = self.subnet.create_port()
        self.port1.update({
            "allowed_address_pairs": [{
                "ip_address": network[100],
                "mac_address": "10:20:99:99:99:99"
            }]
        })
        self.port2 = self.subnet.create_port([security_group_id])
Пример #7
0
 def test_infrastructure(self):
     try:
         topology = app_testing_objects.Topology(self.neutron, self.nb_api)
         subnet1 = topology.create_subnet(cidr='192.168.10.0/24')
         subnet2 = topology.create_subnet(cidr='192.168.11.0/24')
         port1 = subnet1.create_port()
         port2 = subnet2.create_port()
         topology.create_router([subnet1.subnet_id, subnet2.subnet_id])
         LOG.info('Port1 name: {}'.format(port1.tap.tap.name))
         LOG.info('Port2 name: {}'.format(port2.tap.tap.name))
         test_utils.print_command(['ip', 'addr'])
         test_utils.print_command(['ovs-vsctl', 'show'], True)
         test_utils.print_command(
             ['ovs-ofctl', 'show', self.integration_bridge],
             True
         )
         test_utils.print_command(
             ['ovs-ofctl', 'dump-flows', self.integration_bridge],
             True
         )
         test_utils.print_command(
             ['ovsdb-client', 'dump', 'Open_vSwitch'],
             True
         )
     except Exception:
         with excutils.save_and_reraise_exception():
             try:
                 topology.close()
             except Exception:
                 pass  # Ignore
     topology.close()
Пример #8
0
    def setUp(self):
        super(TestDNATApp, self).setUp()

        self.topology = None
        try:
            self.topology = self.store(
                app_testing_objects.Topology(
                    self.neutron,
                    self.nb_api
                )
            )
            self.subnet = self.topology.create_subnet()
            self.port = self.subnet.create_port()
            self.router = self.topology.create_router([
                self.subnet.subnet_id
            ])
            ext_net_id = self.topology.create_external_network([
                self.router.router_id
            ])
            self.fip = self.store(
                objects.FloatingipTestObj(self.neutron, self.nb_api))
            self.fip.create({'floating_network_id': ext_net_id,
                             'port_id': self.port.port.port_id})
        except Exception:
            if self.topology:
                self.topology.close()
            raise
Пример #9
0
 def setUp(self):
     super(TestNeighborAdvertiser, self).setUp()
     self.topology = None
     self.policy = None
     # Disable Duplicate Address Detection requests from the interface
     self.dad_conf = utils.execute(
         ['sysctl', '-n', 'net.ipv6.conf.default.accept_dad'])
     utils.execute(['sysctl', '-w', 'net.ipv6.conf.default.accept_dad=0'],
                   run_as_root=True)
     # Disable Router Solicitation requests from the interface
     self.router_solicit_conf = utils.execute(
         ['sysctl', '-n', 'net.ipv6.conf.default.router_solicitations'])
     utils.execute(
         ['sysctl', '-w', 'net.ipv6.conf.default.router_solicitations=0'],
         run_as_root=True)
     self.topology = app_testing_objects.Topology(self.neutron, self.nb_api)
     self.addCleanup(self.topology.close)
     subnet1 = self.topology.create_subnet(cidr='1111:1111:1111::/64')
     port1 = subnet1.create_port()
     port2 = subnet1.create_port()
     time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)
     # Create Neighbor Solicitation packet
     ns_packet = self._create_ns_request(
         src_port=port1.port.get_logical_port(),
         dst_port=port2.port.get_logical_port(),
     )
     send_ns_request = app_testing_objects.SendAction(
         subnet1.subnet_id,
         port1.port_id,
         ns_packet,
     )
     ignore_action = app_testing_objects.IgnoreAction()
     log_action = app_testing_objects.LogAction()
     key1 = (subnet1.subnet_id, port1.port_id)
     adv_filter = app_testing_objects.RyuNeighborAdvertisementFilter()
     port_policies = {
         key1:
         app_testing_objects.PortPolicy(
             rules=[
                 app_testing_objects.PortPolicyRule(
                     # Detect advertisements
                     adv_filter,
                     actions=[
                         log_action,
                         app_testing_objects.StopSimulationAction()
                     ]),
                 app_testing_objects.PortPolicyRule(
                     # Filter local VM's Multicast requests
                     app_testing_objects.RyuIpv6MulticastFilter(),
                     actions=[ignore_action])
             ],
             default_action=app_testing_objects.RaiseAction(
                 "Unexpected packet")),
     }
     self.policy = app_testing_objects.Policy(
         initial_actions=[send_ns_request],
         port_policies=port_policies,
         unknown_port_action=ignore_action)
     self.addCleanup(self.policy.close)
Пример #10
0
 def _create_topology(self, enable_dhcp=True, cidr='192.168.11.0/24'):
     self.topology = app_testing_objects.Topology(self.neutron, self.nb_api)
     self.addCleanup(self.topology.close)
     self.subnet1 = self.topology.create_subnet(cidr=cidr,
                                                enable_dhcp=enable_dhcp)
     self.port1 = self.subnet1.create_port()
     self.port2 = self.subnet1.create_port()
     time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)
Пример #11
0
 def _create_topology(self):
     self.topology = app_testing_objects.Topology(self.neutron, self.nb_api)
     self.addCleanup(self.topology.close)
     self.subnet1 = self.topology.create_subnet(cidr='192.168.15.0/24')
     self.port1 = self.subnet1.create_port()
     self.router = self.topology.create_router([self.subnet1.subnet_id])
     self.topology.create_external_network([self.router.router_id])
     time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)
Пример #12
0
 def start_subscribing(self):
     self._topology = self.store(
         test_objects.Topology(self.neutron, self.nb_api))
     subnet = self._topology.create_subnet(cidr="192.168.200.0/24")
     port = subnet.create_port()
     utils.wait_until_true(lambda: port.name is not None,
                           timeout=const.DEFAULT_RESOURCE_READY_TIMEOUT,
                           exception=Exception('Port was not created'))
Пример #13
0
 def setUp(self):
     super(TestL3Flows, self).setUp()
     self.topology = None
     self.topology = app_testing_objects.Topology(
         self.neutron,
         self.nb_api)
     self.addCleanup(self.topology.close)
     self.subnet1 = self.topology.create_subnet(cidr='192.168.10.0/24')
     self.port1 = self.subnet1.create_port()
     self.router = self.topology.create_router([
         self.subnet1.subnet_id])
Пример #14
0
 def _create_topology(self, enable_dhcp=True, cidr='192.168.11.0/24'):
     try:
         self.topology = self.store(
             app_testing_objects.Topology(self.neutron, self.nb_api))
         self.subnet1 = self.topology.create_subnet(cidr=cidr,
                                                    enable_dhcp=enable_dhcp)
         self.port1 = self.subnet1.create_port()
         self.port2 = self.subnet1.create_port()
         time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)
     except Exception:
         if self.topology:
             self.topology.close()
         raise
Пример #15
0
    def setUp(self):
        super(TestL3Flows, self).setUp()
        self.topology = None
        try:
            self.topology = app_testing_objects.Topology(
                self.neutron, self.nb_api)
            self.subnet1 = self.topology.create_subnet(cidr='192.168.10.0/24')
            self.port1 = self.subnet1.create_port()
            self.router = self.topology.create_router([self.subnet1.subnet_id])

        except Exception:
            if self.topology:
                self.topology.close()
            raise
        self.store(self.topology)
Пример #16
0
    def setUp(self):
        super(TestDNATApp, self).setUp()

        self.topology = None
        self.topology = app_testing_objects.Topology(self.neutron, self.nb_api)
        self.addCleanup(self.topology.close)
        self.subnet = self.topology.create_subnet()
        self.port = self.subnet.create_port()
        self.router = self.topology.create_router([self.subnet.subnet_id])
        ext_net_id = self.topology.create_external_network(
            [self.router.router_id])
        self.fip = objects.FloatingipTestObj(self.neutron, self.nb_api)
        self.addCleanup(self.fip.close)
        self.fip.create({
            'floating_network_id': ext_net_id,
            'port_id': self.port.port.port_id
        })
    def setUp(self):
        super(TestAllowedAddressPairsDetectActive, self).setUp()
        if not self.check_app_loaded("active_port_detection"):
            self.skipTest("ActivePortDetectionApp is not enabled")
        self.topology = None
        self.policy = None
        self.allowed_address_pair_ip_address = None
        self.allowed_address_pair_mac_address = None
        try:
            self.topology = self.store(app_testing_objects.Topology(
                self.neutron,
                self.nb_api))
            subnet = self.topology.create_subnet(cidr='192.168.98.0/24')
            self.subnet = subnet
            port = subnet.create_port()
            self.port = port

            time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)

            port.update({'allowed_address_pairs': [{
                'ip_address': '192.168.98.100'}]})

            time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)

            port_lport = port.port.get_logical_port()
            self.assertIsNotNone(port_lport)

            self.allowed_address_pair_mac_address, \
                self.allowed_address_pair_ip_address = \
                apps.get_port_mac_and_ip(port, True)

            # Create policy to reply arp request sent from controller
            self.policy = self.store(
                app_testing_objects.Policy(
                    initial_actions=[],
                    port_policies=self._create_policy_to_reply_arp_request(),
                    unknown_port_action=app_testing_objects.IgnoreAction()
                )
            )
        except Exception:
            if self.topology:
                self.topology.close()
            raise
Пример #18
0
 def setUp(self):
     super(TestL3App, self).setUp()
     self.topology = None
     self.policy = None
     self._ping = None
     try:
         self.topology = self.store(
             app_testing_objects.Topology(self.neutron, self.nb_api))
         self.subnet1 = self.topology.create_subnet(cidr='192.168.12.0/24')
         self.subnet2 = self.topology.create_subnet(cidr='192.168.13.0/24')
         self.port1 = self.subnet1.create_port()
         self.port2 = self.subnet2.create_port()
         self.router = self.topology.create_router([
             self.subnet1.subnet_id,
             self.subnet2.subnet_id,
         ])
         time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)
     except Exception:
         if self.topology:
             self.topology.close()
         raise
Пример #19
0
    def test_icmp_ping_pong(self):
        # Setup base components - two ports on 1 network
        self.topology = app_testing_objects.Topology(self.neutron, self.nb_api)
        self.addCleanup(self.topology.close)
        self.subnet1 = self.topology.create_subnet(cidr='192.168.12.0/24')
        self.port1 = self.subnet1.create_port()
        self.port2 = self.subnet1.create_port()
        time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)

        # Setup VLAN ports
        self.network = objects.NetworkTestObj(self.neutron, self.nb_api)
        self.addCleanup(self.network.close)
        self.network.create()
        self.subnet = objects.SubnetTestObj(self.neutron,
                                            self.nb_api,
                                            network_id=self.network.network_id)
        self.addCleanup(self.subnet.close)
        self.subnet.create()
        self.vlan_port1 = objects.PortTestObj(
            self.neutron, self.nb_api, network_id=self.network.network_id)
        self.addCleanup(self.vlan_port1.close)
        self.vlan_port1.create()
        self.vlan_port2 = objects.PortTestObj(
            self.neutron, self.nb_api, network_id=self.network.network_id)
        self.addCleanup(self.vlan_port2.close)
        self.vlan_port2.create()

        self.cps1 = objects.ChildPortSegmentationTestObj(
            self.neutron, self.nb_api)
        self.addCleanup(self.cps1.close)
        self.cps1.create(self.port1.port.port_id, self.vlan_port1.port_id,
                         'vlan', 7)
        self.addCleanup(self.port1.unbind)

        self.cps2 = objects.ChildPortSegmentationTestObj(
            self.neutron, self.nb_api)
        self.addCleanup(self.cps2.close)
        self.cps2.create(self.port2.port.port_id, self.vlan_port2.port_id,
                         'vlan', 8)
        self.addCleanup(self.port2.unbind)

        # Setup policy
        ignore_action = app_testing_objects.IgnoreAction()
        key1 = (self.subnet1.subnet_id, self.port1.port_id)
        rules1 = [
            app_testing_objects.PortPolicyRule(
                # Detect pong, end simulation
                app_testing_objects.AndingFilter(
                    app_testing_objects.OsKenVLANTagFilter(7),
                    app_testing_objects.OsKenICMPPongFilter(self._get_ping)),
                actions=[
                    app_testing_objects.DisableRuleAction(),
                    app_testing_objects.StopSimulationAction()
                ]),
            app_testing_objects.PortPolicyRule(
                # Ignore gratuitous ARP packets
                app_testing_objects.OsKenARPGratuitousFilter(),
                actions=[ignore_action]),
            app_testing_objects.PortPolicyRule(
                # Ignore IPv6 packets
                app_testing_objects.OsKenIPv6Filter(),
                actions=[ignore_action]),
        ]
        key2 = (self.subnet1.subnet_id, self.port2.port_id)
        rules2 = [
            app_testing_objects.PortPolicyRule(
                # Detect ping, reply with pong
                app_testing_objects.AndingFilter(
                    app_testing_objects.OsKenVLANTagFilter(8),
                    app_testing_objects.OsKenICMPPingFilter()),
                actions=[
                    app_testing_objects.SendAction(self.subnet1.subnet_id,
                                                   self.port2.port_id,
                                                   self._create_pong_packet),
                    app_testing_objects.DisableRuleAction()
                ]),
            app_testing_objects.PortPolicyRule(
                # Ignore gratuitous ARP packets
                app_testing_objects.OsKenARPGratuitousFilter(),
                actions=[ignore_action]),
            app_testing_objects.PortPolicyRule(
                # Ignore IPv6 packets
                app_testing_objects.OsKenIPv6Filter(),
                actions=[ignore_action]),
        ]
        raise_action = app_testing_objects.RaiseAction("Unexpected packet")
        policy1 = app_testing_objects.PortPolicy(rules=rules1,
                                                 default_action=raise_action)
        policy2 = app_testing_objects.PortPolicy(rules=rules2,
                                                 default_action=raise_action)
        port_policies = {key1: policy1, key2: policy2}
        initial_packet = self._create_ping_packet()
        policy = app_testing_objects.Policy(
            initial_actions=[
                app_testing_objects.SendAction(
                    self.subnet1.subnet_id,
                    self.port1.port_id,
                    initial_packet,
                ),
            ],
            port_policies=port_policies,
            unknown_port_action=app_testing_objects.IgnoreAction())
        self.addCleanup(policy.close)

        time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)

        # Verify port is up
        neutron_vlan_port1 = objects.get_port_by_id(self.neutron,
                                                    self.vlan_port1.port_id)
        self.assertEqual(n_const.PORT_STATUS_ACTIVE,
                         neutron_vlan_port1['status'])
        neutron_vlan_port2 = objects.get_port_by_id(self.neutron,
                                                    self.vlan_port2.port_id)
        self.assertEqual(n_const.PORT_STATUS_ACTIVE,
                         neutron_vlan_port2['status'])

        # Verify connectivity
        apps.start_policy(policy, self.topology,
                          const.DEFAULT_RESOURCE_READY_TIMEOUT)
Пример #20
0
    def setUp(self):
        super(SfcTestsCommonBase, self).setUp()

        self.security_group = self.store(
            objects.SecGroupTestObj(self.neutron, self.nb_api))

        security_group_id = self.security_group.create()
        self.assertTrue(self.security_group.exists())

        for direction, ethertype, protocol in itertools.product(
            ('ingress', 'egress'),
            (constants.IPv4, constants.IPv6),
            (constants.PROTO_NAME_TCP, constants.PROTO_NAME_UDP),
        ):
            rule = {
                'direction': direction,
                'ethertype': ethertype,
                'protocol': protocol,
                'port_range_min': 1,
                'port_range_max': 65535,
            }
            rule_id = self.security_group.rule_create(secrule=rule)
            self.assertTrue(self.security_group.rule_exists(rule_id))

        self.topology = self.store(
            app_testing_objects.Topology(
                self.neutron,
                self.nb_api,
            ), )

        self.subnet = self.topology.create_subnet(
            cidr=IPV4_CIDR,
            enable_dhcp=True,
            allocation_pool=IPV4_ALLOCATION_POOL,
        )
        self.subnet_ipv6 = self.topology.create_subnet(
            cidr=IPV6_CIDR,
            enable_dhcp=True,
            allocation_pool=IPV6_ALLOCATION_POOL,
        )

        self.src_port = self.subnet.create_port([security_group_id])
        self.dst_port = self.subnet.create_port([security_group_id])

        self.src_port.update({
            'name':
            'src_port',
            'admin_state_up':
            True,
            'fixed_ips': [
                {
                    'ip_address': SRC_IPV4_1
                },
                {
                    'ip_address': SRC_IPV4_2
                },
                {
                    'ip_address': SRC_IPV6_1
                },
                {
                    'ip_address': SRC_IPV6_2
                },
            ],
        })

        self.dst_port.update({
            'name':
            'dst_port',
            'admin_state_up':
            True,
            'fixed_ips': [
                {
                    'ip_address': DST_IPV4_1
                },
                {
                    'ip_address': DST_IPV4_2
                },
                {
                    'ip_address': DST_IPV6_1
                },
                {
                    'ip_address': DST_IPV6_2
                },
            ],
        })

        self.src_lport = self.nb_api.get(
            l2.LogicalPort(id=self.src_port.port.port_id), )
        self.dst_lport = self.nb_api.get(
            l2.LogicalPort(id=self.dst_port.port.port_id), )
Пример #21
0
    def setUp(self):
        super(TestSGApp, self).setUp()
        self.topology = None
        self.policy = None
        try:
            security_group = self.store(
                objects.SecGroupTestObj(self.neutron, self.nb_api))
            security_group_id = security_group.create()
            self.assertTrue(security_group.exists())

            security_group2 = self.store(
                objects.SecGroupTestObj(self.neutron, self.nb_api))
            security_group_id2 = security_group2.create()
            self.assertTrue(security_group2.exists())

            self.topology = self.store(
                app_testing_objects.Topology(self.neutron, self.nb_api))

            self.subnet = self.topology.create_subnet(cidr='192.168.14.0/24')
            self.port1 = self.subnet.create_port()
            self.port2 = self.subnet.create_port()
            self.port3 = self.subnet.create_port([security_group_id])

            port1_lport = self.port1.port.get_logical_port()
            self.assertIsNotNone(port1_lport)
            port1_fixed_ip = port1_lport.get_ip()

            port2_lport = self.port2.port.get_logical_port()
            self.assertIsNotNone(port2_lport)
            port2_fixed_ip = port2_lport.get_ip()

            egress_rule_info = {
                'ethertype': 'IPv4',
                'direction': 'egress',
                'protocol': 'icmp'
            }
            egress_rule_id = security_group.rule_create(
                secrule=egress_rule_info)
            self.assertTrue(security_group.rule_exists(egress_rule_id))
            egress_rule_id2 = security_group2.rule_create(
                secrule=egress_rule_info)
            self.assertTrue(security_group2.rule_exists(egress_rule_id2))

            ingress_rule_info = {
                'ethertype': 'IPv4',
                'direction': 'ingress',
                'protocol': 'icmp',
                'remote_ip_prefix': port1_fixed_ip + "/32"
            }
            ingress_rule_id = security_group.rule_create(
                secrule=ingress_rule_info)
            self.assertTrue(security_group.rule_exists(ingress_rule_id))

            ingress_rule_info2 = {
                'ethertype': 'IPv4',
                'direction': 'ingress',
                'protocol': 'icmp',
                'remote_ip_prefix': port2_fixed_ip + "/32"
            }
            ingress_rule_id2 = security_group2.rule_create(
                secrule=ingress_rule_info2)
            self.assertTrue(security_group2.rule_exists(ingress_rule_id2))

            self.active_security_group_id = security_group_id
            self.inactive_security_group_id = security_group_id2
            self.permit_port_id = self.port1.port_id
            self.no_permit_port_id = self.port2.port_id
            self.permit_icmp_request = self._get_icmp_request1
            self.no_permit_icmp_request = self._get_icmp_request2

            time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)

            self._update_policy()
        except Exception:
            if self.topology:
                self.topology.close()
            raise
Пример #22
0
    def setUp(self):
        super(TestPortSecApp, self).setUp()
        self.topology = None
        self.policy = None
        self._ping = None
        self.icmp_id_cursor = int(time.mktime(time.gmtime())) & 0xffff
        try:
            security_group = self.store(
                objects.SecGroupTestObj(self.neutron, self.nb_api))
            security_group_id = security_group.create()
            self.assertTrue(security_group.exists())

            egress_rule_info = {
                'ethertype': 'IPv4',
                'direction': 'egress',
                'protocol': 'icmp'
            }
            egress_rule_id = security_group.rule_create(
                secrule=egress_rule_info)
            self.assertTrue(security_group.rule_exists(egress_rule_id))

            ingress_rule_info = {
                'ethertype': 'IPv4',
                'direction': 'ingress',
                'protocol': 'icmp',
                'remote_ip_prefix': "192.168.196.0/24"
            }
            ingress_rule_id = security_group.rule_create(
                secrule=ingress_rule_info)
            self.assertTrue(security_group.rule_exists(ingress_rule_id))

            self.topology = self.store(
                app_testing_objects.Topology(self.neutron, self.nb_api))
            self.subnet = self.topology.create_subnet(cidr='192.168.196.0/24')
            self.port1 = self.subnet.create_port()
            self.port1.update({
                "allowed_address_pairs": [{
                    "ip_address": "192.168.196.100",
                    "mac_address": "10:20:99:99:99:99"
                }]
            })
            self.port2 = self.subnet.create_port([security_group_id])

            time.sleep(const.DEFAULT_RESOURCE_READY_TIMEOUT)

            port_policies = self._create_port_policies()
            self.policy = self.store(
                app_testing_objects.Policy(
                    initial_actions=[
                        app_testing_objects.SendAction(
                            self.subnet.subnet_id, self.port1.port_id,
                            self._create_ping_using_fake_ip),
                        app_testing_objects.SendAction(
                            self.subnet.subnet_id, self.port1.port_id,
                            self._create_ping_using_fake_mac),
                        app_testing_objects.SendAction(
                            self.subnet.subnet_id, self.port1.port_id,
                            self._create_ping_using_vm_ip_mac),
                        app_testing_objects.SendAction(
                            self.subnet.subnet_id, self.port1.port_id,
                            self._create_ping_using_allowed_address_pair),
                    ],
                    port_policies=port_policies,
                    unknown_port_action=app_testing_objects.IgnoreAction()))
        except Exception:
            if self.topology:
                self.topology.close()
            raise