def cleanup(self):
env = Environment(name="Cleanup")
with env:
eventlet.sleep(30)
provider = env.manager.realizer.plcy_provider
_, plcy_meta = env.dump_provider_inventory(printable=False)
for type, meta in plcy_meta.items():
if type != provider.SEGMENT and type != provider.SG_RULES_REMOTE_PREFIX:
self.assertEquals(meta["meta"], dict())
def test_synchronous_creation(self):
with responses.RequestsMock(
assert_all_requests_are_fired=False) as resp:
self._mock(resp)
c = coverage
env = Environment(
inventory=copy.deepcopy(coverage.OPENSTACK_INVENTORY))
with env:
i = env.openstack_inventory
i.test_synchronous_port_create(
c.PORT_FRONTEND_EXTERNAL["name"], "1001")
eventlet.sleep(10)
pp = env.manager.realizer.plcy_provider
mp = env.manager.realizer.mngr_provider
mngr_meta, plcy_meta = env.dump_provider_inventory(printable=False)
# Validate network creation
self.assertEquals("1001" in mngr_meta[mp.NETWORK]["meta"], True)
# Validate QoS State
self.assertEquals(c.QOS_EXTERNAL["id"] in mngr_meta[mp.QOS]["meta"],
True)
# Validate Security Groups Members
self.assertEquals(
c.SECURITY_GROUP_FRONTEND["id"]
in plcy_meta[pp.SG_MEMBERS]["meta"], True)
# Validate Security Group Rules Sections
self.assertEquals(
c.SECURITY_GROUP_FRONTEND["id"] in plcy_meta[pp.SG_RULES]["meta"],
True)
# Validate Security Group Remote Prefix IPSets
for id in plcy_meta[pp.SG_RULES_REMOTE_PREFIX]["meta"].keys():
self.assertEquals("0.0.0.0/" in id or "::/" in id, True)
def test_creation(self):
with responses.RequestsMock(
assert_all_requests_are_fired=False) as resp:
self._mock(resp)
c = coverage
env = Environment(
inventory=copy.deepcopy(coverage.OPENSTACK_INVENTORY))
with env:
# LOG.info("Begin - OpenStack Inventory: %s", env.dump_openstack_inventory())
# LOG.info("Begin - NSX-T Inventory: %s", env.dump_provider_inventory())
i = env.openstack_inventory
i.port_bind(c.PORT_FRONTEND_EXTERNAL["name"], "1000")
i.port_bind(c.PORT_FRONTEND_INTERNAL["name"], "3200")
i.port_bind(c.PORT_BACKEND["name"], "3200")
i.port_bind(c.PORT_DB["name"], "3200")
eventlet.sleep(10)
# LOG.info("End - OpenStack Inventory: %s", env.dump_openstack_inventory())
# LOG.info("End - NSX-T Inventory: %s", env.dump_provider_inventory())
plcy = env.manager.realizer.plcy_provider
mngr = env.manager.realizer.mngr_provider
mngr_meta, plcy_meta = env.dump_provider_inventory(printable=False)
# Validate network creation
self.assertEquals("1000" in mngr_meta[mngr.NETWORK]["meta"], True)
self.assertEquals("3200" in mngr_meta[mngr.NETWORK]["meta"], True)
self.assertEquals(plcy_meta[plcy.SEGMENT]["meta"], {})
self.assertEquals(plcy_meta[plcy.SEGM_PORT]["meta"], {})
# Validate QoS State
self.assertEquals(c.QOS_INTERNAL["id"] in mngr_meta[mngr.QOS]["meta"],
True)
self.assertEquals(c.QOS_EXTERNAL["id"] in mngr_meta[mngr.QOS]["meta"],
True)
self.assertEquals(
c.QOS_NOT_REFERENCED["id"] in mngr_meta[mngr.QOS]["meta"], False)
# Validate Security Groups Members
self.assertEquals(
c.SECURITY_GROUP_FRONTEND["id"]
in plcy_meta[plcy.SG_MEMBERS]["meta"], True)
self.assertEquals(
c.SECURITY_GROUP_BACKEND["id"]
in plcy_meta[plcy.SG_MEMBERS]["meta"], True)
self.assertEquals(
c.SECURITY_GROUP_DB["id"] in plcy_meta[plcy.SG_MEMBERS]["meta"],
True)
self.assertEquals(
c.SECURITY_GROUP_OPERATIONS["id"]
in plcy_meta[plcy.SG_MEMBERS]["meta"], True)
self.assertEquals(
c.SECURITY_GROUP_AUTH["id"] in plcy_meta[plcy.SG_MEMBERS]["meta"],
True)
self.assertEquals(
c.SECURITY_GROUP_OPERATIONS_NOT_REFERENCED["id"]
in plcy_meta[plcy.SG_MEMBERS]["meta"], False)
# Validate Security Group Rules Sections
self.assertEquals(
c.SECURITY_GROUP_FRONTEND["id"]
in plcy_meta[plcy.SG_RULES]["meta"], True)
self.assertEquals(
c.SECURITY_GROUP_BACKEND["id"] in plcy_meta[plcy.SG_RULES]["meta"],
True)
self.assertEquals(
c.SECURITY_GROUP_DB["id"] in plcy_meta[plcy.SG_RULES]["meta"],
True)
self.assertEquals(
c.SECURITY_GROUP_OPERATIONS["id"]
in plcy_meta[plcy.SG_RULES]["meta"], True)
self.assertEquals(
c.SECURITY_GROUP_AUTH["id"] in plcy_meta[plcy.SG_RULES]["meta"],
False)
self.assertEquals(
c.SECURITY_GROUP_OPERATIONS_NOT_REFERENCED["id"]
in plcy_meta[plcy.SG_RULES]["meta"], False)
# Validate Security Group Remote Prefix IPSets
for id in plcy_meta[plcy.SG_RULES_REMOTE_PREFIX]["meta"].keys():
self.assertEquals("0.0.0.0/" in id or "::/" in id, True)
def test_transition_to_static_group_membership(self):
with responses.RequestsMock(
assert_all_requests_are_fired=False) as resp:
self._mock(resp)
c = coverage
env = Environment(
inventory=copy.deepcopy(coverage.OPENSTACK_INVENTORY))
with env:
i = env.openstack_inventory
i.port_bind(c.PORT_WITH_3_SG["name"], "1000")
eventlet.sleep(10)
# LOG.info("End - NSX-T Inventory: %s", env.dump_provider_inventory())
plcy = env.manager.realizer.plcy_provider
mngr = env.manager.realizer.mngr_provider
mngr_meta, plcy_meta = env.dump_provider_inventory(printable=False)
# Validate Networks
self.assertEquals("1000" in mngr_meta[mngr.NETWORK]["meta"], True)
# Validate Ports
self.assertEquals(
c.PORT_WITH_3_SG["id"] in mngr_meta[mngr.PORT]["meta"], True)
self.assertEquals(
c.PORT_WITH_3_SG["id"] in plcy_meta[plcy.SEGM_PORT]["meta"], True)
# Validate Security Groups Members
self.assertEquals(
c.SECURITY_GROUP_FRONTEND["id"]
in plcy_meta[plcy.SG_MEMBERS]["meta"], True)
self.assertEquals(
c.SECURITY_GROUP_OPERATIONS["id"]
in plcy_meta[plcy.SG_MEMBERS]["meta"], True)
self.assertEquals(
c.SECURITY_GROUP_DB["id"] in plcy_meta[plcy.SG_MEMBERS]["meta"],
True)
# Assert the new static membership is used
self.assertEquals(
plcy_meta[plcy.SEGM_PORT]["meta"][c.PORT_WITH_3_SG["id"]]["path"]
in plcy_meta[plcy.SG_MEMBERS]["meta"][
c.SECURITY_GROUP_FRONTEND["id"]]["sg_members"], True)
self.assertEquals(
plcy_meta[plcy.SEGM_PORT]["meta"][c.PORT_WITH_3_SG["id"]]["path"]
in plcy_meta[plcy.SG_MEMBERS]["meta"][
c.SECURITY_GROUP_OPERATIONS["id"]]["sg_members"], True)
self.assertEquals(
plcy_meta[plcy.SEGM_PORT]["meta"][c.PORT_WITH_3_SG["id"]]["path"]
in plcy_meta[plcy.SG_MEMBERS]["meta"][
c.SECURITY_GROUP_DB["id"]]["sg_members"], True)
self.assertEquals(
3,
len(plcy_meta[plcy.SG_MEMBERS]["meta"][
c.SECURITY_GROUP_FRONTEND["id"]]["sg_cidrs"]))
self.assertEquals(
4,
len(plcy_meta[plcy.SG_MEMBERS]["meta"][
c.SECURITY_GROUP_OPERATIONS["id"]]["sg_cidrs"]))
self.assertEquals(
2,
len(plcy_meta[plcy.SG_MEMBERS]["meta"][c.SECURITY_GROUP_DB["id"]]
["sg_cidrs"]))
def test_cleanup(self):
with responses.RequestsMock(
assert_all_requests_are_fired=False) as resp:
self._mock(resp)
c = coverage
env = Environment(
inventory=copy.deepcopy(coverage.OPENSTACK_INVENTORY))
with env:
i = env.openstack_inventory
i.port_bind(c.PORT_FRONTEND_EXTERNAL["name"], "1000")
i.port_bind(c.PORT_FRONTEND_INTERNAL["name"], "3200")
i.port_bind(c.PORT_BACKEND["name"], "3200")
i.port_bind(c.PORT_DB["name"], "3200")
eventlet.sleep(10)
# LOG.info("Begin - OpenStack Inventory: %s", env.dump_openstack_inventory())
# LOG.info("Begin - NSX-T Inventory: %s", env.dump_provider_inventory())
# Add orphan IPSets
# pp.client.post(path="/api/v1/ip-sets", data=pp.payload.sg_rule_remote("192.168.0.0/12"))
# pp.client.post(path="/api/v1/ip-sets", data=pp.payload.sg_rule_remote("::ffff/64"))
i.port_delete(c.PORT_FRONTEND_INTERNAL["name"])
eventlet.sleep(1)
i.port_delete(c.PORT_FRONTEND_EXTERNAL["name"])
eventlet.sleep(10)
# LOG.info("End - OpenStack Inventory: %s", env.dump_openstack_inventory())
# LOG.info("End - NSX-T Inventory: %s", env.dump_provider_inventory())
pp = env.manager.realizer.plcy_provider
mp = env.manager.realizer.mngr_provider
mngr_meta, plcy_meta = env.dump_provider_inventory(printable=False)
# Validate network creation
self.assertEquals("1000" in mngr_meta[mp.NETWORK]["meta"], True)
self.assertEquals("3200" in mngr_meta[mp.NETWORK]["meta"], True)
# Validate Ports
self.assertEquals(
c.PORT_FRONTEND_EXTERNAL["id"] in mngr_meta[mp.PORT]["meta"],
False)
self.assertEquals(
c.PORT_FRONTEND_INTERNAL["id"] in mngr_meta[mp.PORT]["meta"],
False)
self.assertEquals(c.PORT_BACKEND["id"] in mngr_meta[mp.PORT]["meta"],
True)
self.assertEquals(c.PORT_DB["id"] in mngr_meta[mp.PORT]["meta"], True)
# Validate QoS State
self.assertEquals(c.QOS_INTERNAL["id"] in mngr_meta[mp.QOS]["meta"],
False)
self.assertEquals(c.QOS_EXTERNAL["id"] in mngr_meta[mp.QOS]["meta"],
False)
self.assertEquals(
c.QOS_NOT_REFERENCED["id"] in mngr_meta[mp.QOS]["meta"], False)
# Validate Security Groups Members
self.assertEquals(
c.SECURITY_GROUP_FRONTEND["id"]
in plcy_meta[pp.SG_MEMBERS]["meta"], True)
self.assertEquals(
c.SECURITY_GROUP_BACKEND["id"] in plcy_meta[pp.SG_MEMBERS]["meta"],
True)
self.assertEquals(
c.SECURITY_GROUP_DB["id"] in plcy_meta[pp.SG_MEMBERS]["meta"],
True)
self.assertEquals(
c.SECURITY_GROUP_OPERATIONS["id"]
in plcy_meta[pp.SG_MEMBERS]["meta"], True)
self.assertEquals(
c.SECURITY_GROUP_AUTH["id"] in plcy_meta[pp.SG_MEMBERS]["meta"],
True)
self.assertEquals(
c.SECURITY_GROUP_OPERATIONS_NOT_REFERENCED["id"]
in plcy_meta[pp.SG_MEMBERS]["meta"], False)
# Validate Security Group Rules Sections
self.assertEquals(
c.SECURITY_GROUP_FRONTEND["id"] in plcy_meta[pp.SG_RULES]["meta"],
True)
self.assertEquals(
c.SECURITY_GROUP_BACKEND["id"] in plcy_meta[pp.SG_RULES]["meta"],
True)
self.assertEquals(
c.SECURITY_GROUP_DB["id"] in plcy_meta[pp.SG_RULES]["meta"], True)
self.assertEquals(
c.SECURITY_GROUP_OPERATIONS["id"]
in plcy_meta[pp.SG_RULES]["meta"], True)
self.assertEquals(
c.SECURITY_GROUP_AUTH["id"] in plcy_meta[pp.SG_RULES]["meta"],
False)
self.assertEquals(
c.SECURITY_GROUP_OPERATIONS_NOT_REFERENCED["id"]
in plcy_meta[pp.SG_RULES]["meta"], False)
# Validate Security Group Rules NSGroups
# self.assertEquals(c.SECURITY_GROUP_FRONTEND["id"] in m[mp.SG_RULES_EXT]["meta"], False)
# self.assertEquals(c.SECURITY_GROUP_BACKEND["id"] in m[mp.SG_RULES_EXT]["meta"], True)
# self.assertEquals(c.SECURITY_GROUP_DB["id"] in m[mp.SG_RULES_EXT]["meta"], True)
# self.assertEquals(c.SECURITY_GROUP_OPERATIONS["id"] in m[mp.SG_RULES_EXT]["meta"], True)
# self.assertEquals(c.SECURITY_GROUP_AUTH["id"] in m[mp.SG_RULES_EXT]["meta"], False)
# self.assertEquals(c.SECURITY_GROUP_OPERATIONS_NOT_REFERENCED["id"] in m[mp.SG_RULES_EXT]["meta"], False)
# Validate Security Group Remote Prefix IPSets
for id in plcy_meta[pp.SG_RULES_REMOTE_PREFIX]["meta"].keys():
self.assertEquals("0.0.0.0/" in id or "::/" in id, True)