def cleanup(self): env = Environment(name="Cleanup") with env: eventlet.sleep(30) provider = env.manager.realizer.plcy_provider _, plcy_meta = env.dump_provider_inventory(printable=False) for type, meta in plcy_meta.items(): if type != provider.SEGMENT and type != provider.SG_RULES_REMOTE_PREFIX: self.assertEquals(meta["meta"], dict())
def run(self): """ Run NSX-T Agent with exported Neutron inventory """ description = "Run NSX-T Agent" parser = argparse.ArgumentParser(description=description) parser.add_argument( "--config-file", action="append", help="OpenStack Neutron configuration file(s) location(s)") args = parser.parse_args(sys.argv[2:]) self._init_(args) load_path = os.path.join(os.getcwd(), "inventory") with open(os.path.join(load_path, "neutron"), "r") as file: dataset = json.load(file) # Add name to the port to be able to use port binding mock for id, port in dataset["port"].items(): port["name"] = id env = Environment(inventory=dataset) with env: i = env.openstack_inventory for id, port in dataset["port"].items(): if "segmentation_id" in port["vif_details"]: i.port_bind(port["name"], port["vif_details"]["segmentation_id"]) else: LOG.error("Port:%s does not have segmentation_id", id)
def test_end_to_end(self): self.cleanup() c = coverage LOG.info("Create inventory with the provider") inventory = copy.deepcopy(coverage.OPENSTACK_INVENTORY) env = Environment(inventory=inventory) with env: i = env.openstack_inventory i.port_bind(c.PORT_FRONTEND_EXTERNAL["name"], "1000") i.port_bind(c.PORT_FRONTEND_INTERNAL["name"], "3200") i.port_bind(c.PORT_BACKEND["name"], "3200") i.port_bind(c.PORT_DB["name"], "3200") i.port_bind(c.PORT_WITH_3_SG["name"], "1000") eventlet.sleep(30) self._assert_create(c, env) LOG.info("Create inventory with the provider") env = Environment(inventory=inventory) with env: inventory = i = env.openstack_inventory provider = p = env.manager.realizer.plcy_provider eventlet.sleep(30) for index in range(1, 10): self._pollute(env, index) # Remove parent i.port_delete(c.PORT_FRONTEND_INTERNAL["name"]) i.port_delete(c.PORT_WITH_3_SG["name"]) eventlet.sleep(10) # Remove child i.port_delete(c.PORT_FRONTEND_EXTERNAL["name"]) eventlet.sleep(60) self._assert_update(c, env)
def test_synchronous_creation(self): with responses.RequestsMock( assert_all_requests_are_fired=False) as resp: self._mock(resp) c = coverage env = Environment( inventory=copy.deepcopy(coverage.OPENSTACK_INVENTORY)) with env: i = env.openstack_inventory i.test_synchronous_port_create( c.PORT_FRONTEND_EXTERNAL["name"], "1001") eventlet.sleep(10) pp = env.manager.realizer.plcy_provider mp = env.manager.realizer.mngr_provider mngr_meta, plcy_meta = env.dump_provider_inventory(printable=False) # Validate network creation self.assertEquals("1001" in mngr_meta[mp.NETWORK]["meta"], True) # Validate QoS State self.assertEquals(c.QOS_EXTERNAL["id"] in mngr_meta[mp.QOS]["meta"], True) # Validate Security Groups Members self.assertEquals( c.SECURITY_GROUP_FRONTEND["id"] in plcy_meta[pp.SG_MEMBERS]["meta"], True) # Validate Security Group Rules Sections self.assertEquals( c.SECURITY_GROUP_FRONTEND["id"] in plcy_meta[pp.SG_RULES]["meta"], True) # Validate Security Group Remote Prefix IPSets for id in plcy_meta[pp.SG_RULES_REMOTE_PREFIX]["meta"].keys(): self.assertEquals("0.0.0.0/" in id or "::/" in id, True)
def test_creation(self): with responses.RequestsMock( assert_all_requests_are_fired=False) as resp: self._mock(resp) c = coverage env = Environment( inventory=copy.deepcopy(coverage.OPENSTACK_INVENTORY)) with env: # LOG.info("Begin - OpenStack Inventory: %s", env.dump_openstack_inventory()) # LOG.info("Begin - NSX-T Inventory: %s", env.dump_provider_inventory()) i = env.openstack_inventory i.port_bind(c.PORT_FRONTEND_EXTERNAL["name"], "1000") i.port_bind(c.PORT_FRONTEND_INTERNAL["name"], "3200") i.port_bind(c.PORT_BACKEND["name"], "3200") i.port_bind(c.PORT_DB["name"], "3200") eventlet.sleep(10) # LOG.info("End - OpenStack Inventory: %s", env.dump_openstack_inventory()) # LOG.info("End - NSX-T Inventory: %s", env.dump_provider_inventory()) plcy = env.manager.realizer.plcy_provider mngr = env.manager.realizer.mngr_provider mngr_meta, plcy_meta = env.dump_provider_inventory(printable=False) # Validate network creation self.assertEquals("1000" in mngr_meta[mngr.NETWORK]["meta"], True) self.assertEquals("3200" in mngr_meta[mngr.NETWORK]["meta"], True) self.assertEquals(plcy_meta[plcy.SEGMENT]["meta"], {}) self.assertEquals(plcy_meta[plcy.SEGM_PORT]["meta"], {}) # Validate QoS State self.assertEquals(c.QOS_INTERNAL["id"] in mngr_meta[mngr.QOS]["meta"], True) self.assertEquals(c.QOS_EXTERNAL["id"] in mngr_meta[mngr.QOS]["meta"], True) self.assertEquals( c.QOS_NOT_REFERENCED["id"] in mngr_meta[mngr.QOS]["meta"], False) # Validate Security Groups Members self.assertEquals( c.SECURITY_GROUP_FRONTEND["id"] in plcy_meta[plcy.SG_MEMBERS]["meta"], True) self.assertEquals( c.SECURITY_GROUP_BACKEND["id"] in plcy_meta[plcy.SG_MEMBERS]["meta"], True) self.assertEquals( c.SECURITY_GROUP_DB["id"] in plcy_meta[plcy.SG_MEMBERS]["meta"], True) self.assertEquals( c.SECURITY_GROUP_OPERATIONS["id"] in plcy_meta[plcy.SG_MEMBERS]["meta"], True) self.assertEquals( c.SECURITY_GROUP_AUTH["id"] in plcy_meta[plcy.SG_MEMBERS]["meta"], True) self.assertEquals( c.SECURITY_GROUP_OPERATIONS_NOT_REFERENCED["id"] in plcy_meta[plcy.SG_MEMBERS]["meta"], False) # Validate Security Group Rules Sections self.assertEquals( c.SECURITY_GROUP_FRONTEND["id"] in plcy_meta[plcy.SG_RULES]["meta"], True) self.assertEquals( c.SECURITY_GROUP_BACKEND["id"] in plcy_meta[plcy.SG_RULES]["meta"], True) self.assertEquals( c.SECURITY_GROUP_DB["id"] in plcy_meta[plcy.SG_RULES]["meta"], True) self.assertEquals( c.SECURITY_GROUP_OPERATIONS["id"] in plcy_meta[plcy.SG_RULES]["meta"], True) self.assertEquals( c.SECURITY_GROUP_AUTH["id"] in plcy_meta[plcy.SG_RULES]["meta"], False) self.assertEquals( c.SECURITY_GROUP_OPERATIONS_NOT_REFERENCED["id"] in plcy_meta[plcy.SG_RULES]["meta"], False) # Validate Security Group Remote Prefix IPSets for id in plcy_meta[plcy.SG_RULES_REMOTE_PREFIX]["meta"].keys(): self.assertEquals("0.0.0.0/" in id or "::/" in id, True)
def test_transition_to_static_group_membership(self): with responses.RequestsMock( assert_all_requests_are_fired=False) as resp: self._mock(resp) c = coverage env = Environment( inventory=copy.deepcopy(coverage.OPENSTACK_INVENTORY)) with env: i = env.openstack_inventory i.port_bind(c.PORT_WITH_3_SG["name"], "1000") eventlet.sleep(10) # LOG.info("End - NSX-T Inventory: %s", env.dump_provider_inventory()) plcy = env.manager.realizer.plcy_provider mngr = env.manager.realizer.mngr_provider mngr_meta, plcy_meta = env.dump_provider_inventory(printable=False) # Validate Networks self.assertEquals("1000" in mngr_meta[mngr.NETWORK]["meta"], True) # Validate Ports self.assertEquals( c.PORT_WITH_3_SG["id"] in mngr_meta[mngr.PORT]["meta"], True) self.assertEquals( c.PORT_WITH_3_SG["id"] in plcy_meta[plcy.SEGM_PORT]["meta"], True) # Validate Security Groups Members self.assertEquals( c.SECURITY_GROUP_FRONTEND["id"] in plcy_meta[plcy.SG_MEMBERS]["meta"], True) self.assertEquals( c.SECURITY_GROUP_OPERATIONS["id"] in plcy_meta[plcy.SG_MEMBERS]["meta"], True) self.assertEquals( c.SECURITY_GROUP_DB["id"] in plcy_meta[plcy.SG_MEMBERS]["meta"], True) # Assert the new static membership is used self.assertEquals( plcy_meta[plcy.SEGM_PORT]["meta"][c.PORT_WITH_3_SG["id"]]["path"] in plcy_meta[plcy.SG_MEMBERS]["meta"][ c.SECURITY_GROUP_FRONTEND["id"]]["sg_members"], True) self.assertEquals( plcy_meta[plcy.SEGM_PORT]["meta"][c.PORT_WITH_3_SG["id"]]["path"] in plcy_meta[plcy.SG_MEMBERS]["meta"][ c.SECURITY_GROUP_OPERATIONS["id"]]["sg_members"], True) self.assertEquals( plcy_meta[plcy.SEGM_PORT]["meta"][c.PORT_WITH_3_SG["id"]]["path"] in plcy_meta[plcy.SG_MEMBERS]["meta"][ c.SECURITY_GROUP_DB["id"]]["sg_members"], True) self.assertEquals( 3, len(plcy_meta[plcy.SG_MEMBERS]["meta"][ c.SECURITY_GROUP_FRONTEND["id"]]["sg_cidrs"])) self.assertEquals( 4, len(plcy_meta[plcy.SG_MEMBERS]["meta"][ c.SECURITY_GROUP_OPERATIONS["id"]]["sg_cidrs"])) self.assertEquals( 2, len(plcy_meta[plcy.SG_MEMBERS]["meta"][c.SECURITY_GROUP_DB["id"]] ["sg_cidrs"]))
def test_cleanup(self): with responses.RequestsMock( assert_all_requests_are_fired=False) as resp: self._mock(resp) c = coverage env = Environment( inventory=copy.deepcopy(coverage.OPENSTACK_INVENTORY)) with env: i = env.openstack_inventory i.port_bind(c.PORT_FRONTEND_EXTERNAL["name"], "1000") i.port_bind(c.PORT_FRONTEND_INTERNAL["name"], "3200") i.port_bind(c.PORT_BACKEND["name"], "3200") i.port_bind(c.PORT_DB["name"], "3200") eventlet.sleep(10) # LOG.info("Begin - OpenStack Inventory: %s", env.dump_openstack_inventory()) # LOG.info("Begin - NSX-T Inventory: %s", env.dump_provider_inventory()) # Add orphan IPSets # pp.client.post(path="/api/v1/ip-sets", data=pp.payload.sg_rule_remote("192.168.0.0/12")) # pp.client.post(path="/api/v1/ip-sets", data=pp.payload.sg_rule_remote("::ffff/64")) i.port_delete(c.PORT_FRONTEND_INTERNAL["name"]) eventlet.sleep(1) i.port_delete(c.PORT_FRONTEND_EXTERNAL["name"]) eventlet.sleep(10) # LOG.info("End - OpenStack Inventory: %s", env.dump_openstack_inventory()) # LOG.info("End - NSX-T Inventory: %s", env.dump_provider_inventory()) pp = env.manager.realizer.plcy_provider mp = env.manager.realizer.mngr_provider mngr_meta, plcy_meta = env.dump_provider_inventory(printable=False) # Validate network creation self.assertEquals("1000" in mngr_meta[mp.NETWORK]["meta"], True) self.assertEquals("3200" in mngr_meta[mp.NETWORK]["meta"], True) # Validate Ports self.assertEquals( c.PORT_FRONTEND_EXTERNAL["id"] in mngr_meta[mp.PORT]["meta"], False) self.assertEquals( c.PORT_FRONTEND_INTERNAL["id"] in mngr_meta[mp.PORT]["meta"], False) self.assertEquals(c.PORT_BACKEND["id"] in mngr_meta[mp.PORT]["meta"], True) self.assertEquals(c.PORT_DB["id"] in mngr_meta[mp.PORT]["meta"], True) # Validate QoS State self.assertEquals(c.QOS_INTERNAL["id"] in mngr_meta[mp.QOS]["meta"], False) self.assertEquals(c.QOS_EXTERNAL["id"] in mngr_meta[mp.QOS]["meta"], False) self.assertEquals( c.QOS_NOT_REFERENCED["id"] in mngr_meta[mp.QOS]["meta"], False) # Validate Security Groups Members self.assertEquals( c.SECURITY_GROUP_FRONTEND["id"] in plcy_meta[pp.SG_MEMBERS]["meta"], True) self.assertEquals( c.SECURITY_GROUP_BACKEND["id"] in plcy_meta[pp.SG_MEMBERS]["meta"], True) self.assertEquals( c.SECURITY_GROUP_DB["id"] in plcy_meta[pp.SG_MEMBERS]["meta"], True) self.assertEquals( c.SECURITY_GROUP_OPERATIONS["id"] in plcy_meta[pp.SG_MEMBERS]["meta"], True) self.assertEquals( c.SECURITY_GROUP_AUTH["id"] in plcy_meta[pp.SG_MEMBERS]["meta"], True) self.assertEquals( c.SECURITY_GROUP_OPERATIONS_NOT_REFERENCED["id"] in plcy_meta[pp.SG_MEMBERS]["meta"], False) # Validate Security Group Rules Sections self.assertEquals( c.SECURITY_GROUP_FRONTEND["id"] in plcy_meta[pp.SG_RULES]["meta"], True) self.assertEquals( c.SECURITY_GROUP_BACKEND["id"] in plcy_meta[pp.SG_RULES]["meta"], True) self.assertEquals( c.SECURITY_GROUP_DB["id"] in plcy_meta[pp.SG_RULES]["meta"], True) self.assertEquals( c.SECURITY_GROUP_OPERATIONS["id"] in plcy_meta[pp.SG_RULES]["meta"], True) self.assertEquals( c.SECURITY_GROUP_AUTH["id"] in plcy_meta[pp.SG_RULES]["meta"], False) self.assertEquals( c.SECURITY_GROUP_OPERATIONS_NOT_REFERENCED["id"] in plcy_meta[pp.SG_RULES]["meta"], False) # Validate Security Group Rules NSGroups # self.assertEquals(c.SECURITY_GROUP_FRONTEND["id"] in m[mp.SG_RULES_EXT]["meta"], False) # self.assertEquals(c.SECURITY_GROUP_BACKEND["id"] in m[mp.SG_RULES_EXT]["meta"], True) # self.assertEquals(c.SECURITY_GROUP_DB["id"] in m[mp.SG_RULES_EXT]["meta"], True) # self.assertEquals(c.SECURITY_GROUP_OPERATIONS["id"] in m[mp.SG_RULES_EXT]["meta"], True) # self.assertEquals(c.SECURITY_GROUP_AUTH["id"] in m[mp.SG_RULES_EXT]["meta"], False) # self.assertEquals(c.SECURITY_GROUP_OPERATIONS_NOT_REFERENCED["id"] in m[mp.SG_RULES_EXT]["meta"], False) # Validate Security Group Remote Prefix IPSets for id in plcy_meta[pp.SG_RULES_REMOTE_PREFIX]["meta"].keys(): self.assertEquals("0.0.0.0/" in id or "::/" in id, True)
def cleanup(self): env = Environment(name="Cleanup") with env: # TODO - define more correct criteria eventlet.sleep(30)