def test_host_based_resource_limited_to_one_per_project(self):
project2 = Project('project2-%s' % self.id())
self.api.project_create(project2)
hbs1 = HostBasedService('hbs1-%s' % self.id(), parent_obj=project2)
self.assertRaises(OverQuota, self.api.host_based_service_create, hbs1)
project2.set_quota(QuotaType(host_based_service=1))
self._vnc_lib.project_update(project2)
hbs1 = HostBasedService('hbs1-%s' % self.id(), parent_obj=project2)
self.api.host_based_service_create(hbs1)
hbs2 = HostBasedService('hbs2-%s' % self.id(), parent_obj=project2)
self.assertRaises(OverQuota, self.api.host_based_service_create, hbs2)
project2.set_quota(QuotaType(host_based_service=2))
self.assertRaises(BadRequest, self._vnc_lib.project_update, project2)
project2.set_quota(QuotaType(host_based_service=-1))
self.assertRaises(BadRequest, self._vnc_lib.project_update, project2)
project2.set_quota(QuotaType(host_based_service=None))
self._vnc_lib.project_update(project2)
self.assertRaises(OverQuota, self.api.host_based_service_create, hbs2)
def test_hbs_update_property(self):
project2 = Project('project2-%s' % self.id())
project2.set_quota(QuotaType(host_based_service=1))
self.api.project_create(project2)
hbs = HostBasedService('hbs1-%s' % self.id(), parent_obj=project2)
self.api.host_based_service_create(hbs)
hbs.set_display_name('new display name')
self.api.host_based_service_update(hbs)
def test_hbs_create_with_mgmt_vn_ref(self):
project2 = Project('project2-%s' % self.id())
project2.set_quota(QuotaType(host_based_service=1))
self.api.project_create(project2)
vn1 = VirtualNetwork('vn1-%s' % self.id(), parent_obj=project2)
self.api.virtual_network_create(vn1)
hbs1 = HostBasedService('hbs1-%s' % self.id(), parent_obj=project2)
hbs1.add_virtual_network(vn1, ServiceVirtualNetworkType('management'))
self.api.host_based_service_create(hbs1)
def test_hbs_create_with_annotations(self):
project2 = Project('project2-%s' % self.id())
project2.set_quota(QuotaType(host_based_service=1))
self.api.project_create(project2)
vn1 = VirtualNetwork('vn1-%s' % self.id(), parent_obj=project2)
self.api.virtual_network_create(vn1)
hbs1 = HostBasedService('hbs1-%s' % self.id(), parent_obj=project2)
hbs1.add_annotations(KeyValuePair(
key='image', value='hub.juniper.net/security/csrx:19.2R1.8'))
hbs1.add_annotations(KeyValuePair(key='imagePullSecrets', value='psd'))
self.api.host_based_service_create(hbs1)
def _create_project(self, project_name):
proj_fq_name = vnc_kube_config.cluster_project_fq_name(project_name)
proj_obj = Project(name=proj_fq_name[-1], fq_name=proj_fq_name)
try:
self.vnc_lib.project_create(proj_obj)
except RefsExistError:
proj_obj = self.vnc_lib.project_read(fq_name=proj_fq_name)
ProjectKM.locate(proj_obj.uuid)
return proj_obj
def test_hbs_update_default_vn_property(self):
project2 = Project('project2-%s' % self.id())
project2.set_quota(QuotaType(host_based_service=1))
self.api.project_create(project2)
hbs = HostBasedService('hbs1-%s' % self.id(), parent_obj=project2)
self.api.host_based_service_create(hbs)
hbs = self.api.host_based_service_read(id=hbs.uuid)
vn_ref_left_uuid = hbs.virtual_network_refs[0]['uuid']
self.assertRaises(
BadRequest,
self.api.ref_update,
hbs.resource_type,
hbs.uuid,
'virtual_network',
vn_ref_left_uuid,
None,
'ADD',
ServiceVirtualNetworkType('management'),
)
def test_hbs_create_with_vn_ref(self):
project2 = Project('project2-%s' % self.id())
self.api.project_create(project2)
vn1 = VirtualNetwork('vn1-%s' % self.id(), parent_obj=project2)
self.api.virtual_network_create(vn1)
hbs1 = HostBasedService('hbs1-%s' % self.id(), parent_obj=project2)
hbs1.add_virtual_network(vn1, ServiceVirtualNetworkType('left'))
self.assertRaises(
BadRequest,
self.api.host_based_service_create,
hbs1
)
def _vnc_create_sg(self,
np_spec,
namespace,
name,
uuid=None,
**kwargs_annotations):
proj_fq_name = vnc_kube_config.cluster_project_fq_name(namespace)
proj_obj = Project(name=proj_fq_name[-1],
fq_name=proj_fq_name,
parent='domain')
sg_obj = SecurityGroup(name=name, parent_obj=proj_obj)
if uuid:
sg_obj.uuid = uuid
if np_spec:
kwargs_annotations.update({'np_spec': json.dumps(np_spec)})
self._set_sg_annotations(namespace, name, sg_obj, **kwargs_annotations)
try:
self._vnc_lib.security_group_create(sg_obj)
except Exception:
self._logger.error("%s - %s SG Not Created" % (self._name, name))
return None
sg = SecurityGroupKM.locate(sg_obj.uuid)
return sg
def test_get_hbs_template_no_json(self):
project2 = Project('project2-%s' % self.id())
project2.set_quota(QuotaType(host_based_service=1))
kvp_array = []
kvp = KeyValuePair("namespace", "k8test")
kvp_array.append(kvp)
kvp = KeyValuePair("cluster", "c1")
kvp_array.append(kvp)
kvps = KeyValuePairs()
kvps.set_key_value_pair(kvp_array)
project2.set_annotations(kvps)
self.api.project_create(project2)
hbs = HostBasedService('hbs-%s' % self.id(), parent_obj=project2)
self.api.host_based_service_create(hbs)
(code, msg) = self._http_post('/hbs-get', None)
self.assertEquals(code, 400)
def test_lr_v4_subnets(self):
# Create Domain
domain = Domain('my-lr-domain')
self._vnc_lib.domain_create(domain)
# Create Project
project = Project('my-lr-proj', domain)
self._vnc_lib.project_create(project)
# Create NetworkIpam
ipam = NetworkIpam('default-network-ipam', project, IpamType("dhcp"))
self._vnc_lib.network_ipam_create(ipam)
ipam = self._vnc_lib.network_ipam_read(
['my-lr-domain', 'my-lr-proj', 'default-network-ipam'])
# Create subnets
ipam_sn_v4_vn1 = IpamSubnetType(subnet=SubnetType('11.1.1.0', 24))
ipam_sn_v6_vn1 = IpamSubnetType(subnet=SubnetType('fd11::', 120))
ipam_sn_v4_vn2 = IpamSubnetType(subnet=SubnetType('11.1.2.0', 24))
ipam_sn_v6_vn2 = IpamSubnetType(subnet=SubnetType('fd12::', 120))
# Create VN my-vn-1
vn1 = VirtualNetwork('my-vn-1', project)
vn1.add_network_ipam(ipam,
VnSubnetsType([ipam_sn_v4_vn1, ipam_sn_v6_vn1]))
self._vnc_lib.virtual_network_create(vn1)
net_obj1 = self._vnc_lib.virtual_network_read(id=vn1.uuid)
# Create VN my-vn-2
vn2 = VirtualNetwork('my-vn-2', project)
vn2.add_network_ipam(ipam,
VnSubnetsType([ipam_sn_v4_vn2, ipam_sn_v6_vn2]))
self._vnc_lib.virtual_network_create(vn2)
net_obj2 = self._vnc_lib.virtual_network_read(id=vn2.uuid)
# Create Logical Router
lr = LogicalRouter('router-test-v4-%s' % self.id(), project)
lr_uuid = self._vnc_lib.logical_router_create(lr)
# Create a Virtual Machine Interface belonging to my-vn-1
id_perms = IdPermsType(enable=True)
port_obj1 = VirtualMachineInterface(str(uuid.uuid4()),
parent_obj=project,
id_perms=id_perms)
port_obj1.uuid = port_obj1.name
port_obj1.set_virtual_network(vn1)
port_obj1.set_virtual_machine_interface_device_owner(
'DEVICE_OWNER_ROUTER_INTF')
# Assign gateway ip
ipam_refs = net_obj1.get_network_ipam_refs()
for ipam_ref in ipam_refs:
subnets = ipam_ref['attr'].get_ipam_subnets()
for subnet in subnets:
cidr = '%s/%s' % (subnet.subnet.get_ip_prefix(),
subnet.subnet.get_ip_prefix_len())
if IPNetwork(cidr).version == 4:
gateway_ip = subnet.get_default_gateway()
self._vnc_lib.virtual_machine_interface_create(port_obj1)
# Create v4 Ip object
ip_obj1 = InstanceIp(name=str(uuid.uuid4()),
instance_ip_address=gateway_ip,
instance_ip_family='v4')
ip_obj1.uuid = ip_obj1.name
ip_obj1.set_virtual_machine_interface(port_obj1)
ip_obj1.set_virtual_network(net_obj1)
ip_id1 = self._vnc_lib.instance_ip_create(ip_obj1)
# Add Router Interface (test being subnet)
lr.add_virtual_machine_interface(port_obj1)
self._vnc_lib.logical_router_update(lr)
# Create a Virtual Machine Interface belonging to my-vn-2
port_obj2 = VirtualMachineInterface(str(uuid.uuid4()),
parent_obj=project,
id_perms=id_perms)
port_obj2.uuid = port_obj2.name
port_obj2.set_virtual_network(vn2)
port_obj2.set_virtual_machine_interface_device_owner(
'DEVICE_OWNER_ROUTER_INTF')
# Assign gateway ip
ipam_refs = net_obj2.get_network_ipam_refs()
for ipam_ref in ipam_refs:
subnets = ipam_ref['attr'].get_ipam_subnets()
for subnet in subnets:
cidr = '%s/%s' % (subnet.subnet.get_ip_prefix(),
subnet.subnet.get_ip_prefix_len())
if IPNetwork(cidr).version == 4:
gateway_ip = subnet.get_default_gateway()
self._vnc_lib.virtual_machine_interface_create(port_obj2)
# Create v4 Ip object
ip_obj2 = InstanceIp(name=str(uuid.uuid4()),
instance_ip_address=gateway_ip,
instance_ip_family='v4')
ip_obj2.uuid = ip_obj2.name
ip_obj2.set_virtual_machine_interface(port_obj2)
ip_obj2.set_virtual_network(net_obj2)
ip_id2 = self._vnc_lib.instance_ip_create(ip_obj2)
# Add Router Interface (test being subnet)
lr.add_virtual_machine_interface(port_obj2)
self._vnc_lib.logical_router_update(lr)
# TODO: Schema transformer not integrated in the tests,
# hence route-target refs not set yet
# Verify Route Target Creation
rt_refs = lr.get_route_target_refs()
for rt_ref in rt_refs or []:
rt_obj = self._vnc_lib.route_target_read(id=rt_ref['uuid'])
ri_refs = rt_obj.get_routing_instance_back_refs()
for ri_ref in ri_refs:
ri_obj = self.vnc_lib.routing_instance_read(id=ri_ref['uuid'])
ri_name = ri_obj.get_display_name()
if ri_name != 'my-vn-1' and ri_name != 'my-vn-2':
pass
# cleanup
self._vnc_lib.instance_ip_delete(id=ip_id1)
self._vnc_lib.instance_ip_delete(id=ip_id2)
self._vnc_lib.logical_router_delete(id=lr_uuid)
self._vnc_lib.virtual_machine_interface_delete(id=port_obj1.uuid)
self._vnc_lib.virtual_machine_interface_delete(id=port_obj2.uuid)
self._vnc_lib.virtual_network_delete(id=vn1.uuid)
self._vnc_lib.virtual_network_delete(id=vn2.uuid)
self._vnc_lib.network_ipam_delete(id=ipam.uuid)
self._vnc_lib.project_delete(id=project.uuid)
self._vnc_lib.domain_delete(id=domain.uuid)
def setUp(self):
super(TestHostBasedService, self).setUp()
project = Project('project-%s' % self.id())
project.set_quota(QuotaType(host_based_service=1))
self.api.project_create(project)
self.project = self.api.project_read(id=project.uuid)
def setUp(self):
def _carve_out_subnets(subnets, cidr):
carved_subnets = []
for subnet in subnets:
slash_x_subnets = IPNetwork(subnet.get('cidr')).subnet(cidr)
for slash_x_sn in slash_x_subnets:
carved_subnets.append({'cidr': str(slash_x_sn)})
return carved_subnets
# end _carve_out_subnets
def _get_network_ipam(ipam_name, subnets, subnetting):
def _new_subnet(cidr):
split_cidr = cidr.split('/')
return SubnetType(
ip_prefix=split_cidr[0],
ip_prefix_len=split_cidr[1])
# end _new_subnet
ipam = NetworkIpam(
name=ipam_name,
ipam_subnets=IpamSubnets([
IpamSubnetType(
subnet=_new_subnet(sn.get('cidr')),
default_gateway=sn.get('gateway'),
subnet_uuid=str(uuid.uuid1())
) for sn in subnets if int(
sn.get('cidr').split('/')[-1]) < 31
]),
ipam_subnet_method='flat-subnet',
ipam_subnetting=subnetting
)
return ipam
# end _add_network_ipam
super(TestPnfPortTuple, self).setUp()
logger.debug("setUp called")
# Create Global objects
default_gsc_name = 'default-global-system-config'
gsc_obj = self.api.global_system_config_read(
GlobalSystemConfig().fq_name)
proj_obj = self.api.project_read(Project().fq_name)
# Create PNF and spine Physical Router
pnf_obj = PhysicalRouter('pnf-' + self.id(), gsc_obj)
pnf_obj.set_physical_router_role('pnf')
self.pnf_uuid = self.api.physical_router_create(pnf_obj)
# Create spine Physical Router
spine_obj = PhysicalRouter('spine-' + self.id(), gsc_obj)
self.spine_uuid = self.api.physical_router_create(spine_obj)
# Create left/right LR
left_lr_name = 'left_lr-' + self.id()
left_lr_obj = LogicalRouter(name=left_lr_name, parent_obj=proj_obj)
left_lr_obj.add_physical_router(spine_obj)
self.left_lr_uuid = self.api.logical_router_create(left_lr_obj)
right_lr_name = 'right_lr-' + self.id()
right_lr_obj = LogicalRouter(name=right_lr_name, parent_obj=proj_obj)
right_lr_obj.add_physical_router(spine_obj)
self.right_lr_uuid = self.api.logical_router_create(right_lr_obj)
# create left, right PNF PI
left_pnf_pi_obj = PhysicalInterface(
'ge-0/0/1-' + self.id(), parent_obj=pnf_obj)
right_pnf_pi_obj = PhysicalInterface(
'ge-0/0/2-' + self.id(), parent_obj=pnf_obj)
lo_pnf_pi_obj = PhysicalInterface('lo0', parent_obj=pnf_obj)
self.left_pnf_pi_uuid = self.api.physical_interface_create(
left_pnf_pi_obj)
self.right_pnf_pi_uuid = self.api.physical_interface_create(
right_pnf_pi_obj)
self.lo_pnf_pi_uuid = self.api.physical_interface_create(lo_pnf_pi_obj)
# create left, right spine PI
left_spine_pi_obj = PhysicalInterface(
'xe-0/0/1-' + self.id(), parent_obj=spine_obj)
right_spine_pi_obj = PhysicalInterface(
'xe-0/0/2-' + self.id(), parent_obj=spine_obj)
self.left_spine_pi_uuid = self.api.physical_interface_create(
left_spine_pi_obj)
self.right_spine_pi_uuid = self.api.physical_interface_create(
right_spine_pi_obj)
# Create Service Appliance Set
sas_obj = ServiceApplianceSet('sas-' + self.id(), gsc_obj)
sas_obj.set_service_appliance_set_virtualization_type(
'physical-device')
self.sas_uuid = self.api.service_appliance_set_create(sas_obj)
# Create Service template
st_obj = ServiceTemplate(name='st-' + self.id())
st_obj.set_service_appliance_set(sas_obj)
svc_properties = ServiceTemplateType()
svc_properties.set_service_virtualization_type('physical-device')
if_type = ServiceTemplateInterfaceType()
if_type.set_service_interface_type('left')
svc_properties.add_interface_type(if_type)
if_type = ServiceTemplateInterfaceType()
if_type.set_service_interface_type('right')
svc_properties.add_interface_type(if_type)
st_obj.set_service_template_properties(svc_properties)
self.st_uuid = self.api.service_template_create(st_obj)
# Create Service Instance object
si_fqn = ['default-domain', 'default-project', 'si-' + self.id()]
si_obj = ServiceInstance(fq_name=si_fqn)
si_obj.fq_name = si_fqn
si_obj.add_service_template(st_obj)
kvp_array = []
kvp = KeyValuePair("left-svc-vlan", "100")
kvp_array.append(kvp)
kvp = KeyValuePair("right-svc-vlan", "101")
kvp_array.append(kvp)
kvp = KeyValuePair("left-svc-asns", "66000,66001")
kvp_array.append(kvp)
kvp = KeyValuePair("right-svc-asns", "66000,66002")
kvp_array.append(kvp)
kvps = KeyValuePairs()
kvps.set_key_value_pair(kvp_array)
si_obj.set_annotations(kvps)
props = ServiceInstanceType()
props.set_service_virtualization_type('physical-device')
props.set_ha_mode("active-standby")
si_obj.set_service_instance_properties(props)
self.si_uuid = self.api.service_instance_create(si_obj)
# Create service appliance
sa_obj = ServiceAppliance('sa-' + self.id(), parent_obj=sas_obj)
kvp_array = []
kvp = KeyValuePair(
"left-attachment-point",
default_gsc_name +
':' +
'spine-' +
self.id() +
':' +
'xe-0/0/1-' +
self.id())
kvp_array.append(kvp)
kvp = KeyValuePair(
"right-attachment-point",
default_gsc_name +
':' +
'spine-' +
self.id() +
':' +
'xe-0/0/2-' +
self.id())
kvp_array.append(kvp)
kvps = KeyValuePairs()
kvps.set_key_value_pair(kvp_array)
sa_obj.set_service_appliance_properties(kvps)
sa_obj.set_service_appliance_virtualization_type('physical-device')
attr = ServiceApplianceInterfaceType(interface_type='left')
sa_obj.add_physical_interface(left_pnf_pi_obj, attr)
attr = ServiceApplianceInterfaceType(interface_type='right')
sa_obj.add_physical_interface(right_pnf_pi_obj, attr)
self.sa_uuid = self.api.service_appliance_create(sa_obj)
# Create fabric and add it to spine and PNF
fab_obj = Fabric('fab-' + self.id())
self.fab_uuid = self.api.fabric_create(fab_obj)
pnf_obj.add_fabric(fab_obj)
self.api.physical_router_update(pnf_obj)
spine_obj.add_fabric(fab_obj)
self.api.physical_router_update(spine_obj)
fab_obj = self.api.fabric_read(id=self.fab_uuid)
# Create PNF service chain IPAM/network
pnf_cidr = [{'cidr': "10.1.1.0/28"}]
peer_subnets = _carve_out_subnets(pnf_cidr, 29)
pnf_vn_obj = VirtualNetwork(
name='fab-' + self.id() + '-pnf-servicechain-network',
virtual_network_properties=VirtualNetworkType(
forwarding_mode='l3'),
address_allocation_mode='flat-subnet-only')
self.pnf_vn_uuid = self.api.virtual_network_create(pnf_vn_obj)
pnf_ipam_obj = _get_network_ipam(
'fab-' +
self.id() +
'-pnf-servicechain-network-ipam',
peer_subnets,
True)
self.pnf_ipam_uuid = self.api.network_ipam_create(pnf_ipam_obj)
pnf_vn_obj.add_network_ipam(pnf_ipam_obj, VnSubnetsType([]))
self.api.virtual_network_update(pnf_vn_obj)
fab_obj = self.api.fabric_read(id=self.fab_uuid)
fab_obj.add_virtual_network(
pnf_vn_obj, FabricNetworkTag(
network_type='pnf-servicechain'))
self.api.fabric_update(fab_obj)
# Create loopback IPAM/network
lo_cidr = [{'cidr': "100.100.100.0/28"}]
peer_subnets = _carve_out_subnets(lo_cidr, 28)
lo_vn_obj = VirtualNetwork(
name='fab-' + self.id() + '-loopback-network',
virtual_network_properties=VirtualNetworkType(
forwarding_mode='l3'),
address_allocation_mode='flat-subnet-only')
self.lo_vn_uuid = self.api.virtual_network_create(lo_vn_obj)
lo_ipam_obj = _get_network_ipam(
'fab-' +
self.id() +
'-loopback-network-ipam',
peer_subnets,
False)
self.lo_ipam_uuid = self.api.network_ipam_create(lo_ipam_obj)
lo_vn_obj.add_network_ipam(lo_ipam_obj, VnSubnetsType([]))
self.api.virtual_network_update(lo_vn_obj)
fab_obj = self.api.fabric_read(id=self.fab_uuid)
fab_obj.add_virtual_network(
lo_vn_obj, FabricNetworkTag(
network_type='loopback'))
self.api.fabric_update(fab_obj)
def vnc_namespace_add(self, namespace_id, name, labels):
isolated_ns_ann = 'True' if self._is_namespace_isolated(name) \
else 'False'
# Check if policy enforcement is enabled at project level.
# If not, then security will be enforced at VN level.
if DBBaseKM.is_nested():
# In nested mode, policy is always enforced at network level.
# This is so that we do not enforce policy on other virtual
# networks that may co-exist in the current project.
secure_project = False
else:
secure_project = vnc_kube_config.is_secure_project_enabled()
secure_vn = not secure_project
proj_fq_name = vnc_kube_config.cluster_project_fq_name(name)
proj_obj = Project(name=proj_fq_name[-1], fq_name=proj_fq_name)
ProjectKM.add_annotations(self,
proj_obj,
namespace=name,
name=name,
k8s_uuid=(namespace_id),
isolated=isolated_ns_ann)
try:
self._vnc_lib.project_create(proj_obj)
except RefsExistError:
proj_obj = self._vnc_lib.project_read(fq_name=proj_fq_name)
project = ProjectKM.locate(proj_obj.uuid)
# Validate the presence of annotated virtual network.
ann_vn_fq_name = self._get_annotated_virtual_network(name)
if ann_vn_fq_name:
# Validate that VN exists.
try:
self._vnc_lib.virtual_network_read(ann_vn_fq_name)
except NoIdError as e:
self._logger.error("Unable to locate virtual network [%s]"
"annotated on namespace [%s]. Error [%s]" %
(ann_vn_fq_name, name, str(e)))
# If this namespace is isolated, create it own network.
if self._is_namespace_isolated(name) or name == 'default':
vn_name = self._get_namespace_pod_vn_name(name)
if self._is_ip_fabric_forwarding_enabled(name):
ipam_fq_name = vnc_kube_config.ip_fabric_ipam_fq_name()
ipam_obj = self._vnc_lib.network_ipam_read(
fq_name=ipam_fq_name)
provider = self._ip_fabric_vn_obj
else:
ipam_fq_name = vnc_kube_config.pod_ipam_fq_name()
ipam_obj = self._vnc_lib.network_ipam_read(
fq_name=ipam_fq_name)
provider = None
pod_vn = self._create_isolated_ns_virtual_network(
ns_name=name,
vn_name=vn_name,
vn_type='pod-network',
proj_obj=proj_obj,
ipam_obj=ipam_obj,
provider=provider,
enforce_policy=secure_vn)
# Cache pod network info in namespace entry.
self._set_namespace_pod_virtual_network(name, pod_vn.get_fq_name())
vn_name = self._get_namespace_service_vn_name(name)
ipam_fq_name = vnc_kube_config.service_ipam_fq_name()
ipam_obj = self._vnc_lib.network_ipam_read(fq_name=ipam_fq_name)
service_vn = self._create_isolated_ns_virtual_network(
ns_name=name,
vn_name=vn_name,
vn_type='service-network',
ipam_obj=ipam_obj,
proj_obj=proj_obj,
enforce_policy=secure_vn)
# Cache service network info in namespace entry.
self._set_namespace_service_virtual_network(
name, service_vn.get_fq_name())
self._create_attach_policy(name, proj_obj, self._ip_fabric_vn_obj,
pod_vn, service_vn)
else:
self._update_default_virtual_network_perms2(name, proj_obj.uuid)
try:
self._update_security_groups(name, proj_obj)
except RefsExistError:
pass
if project:
self._update_namespace_label_cache(labels, namespace_id, project)
# If requested, enforce security policy at project level.
if secure_project:
proj_obj = self._vnc_lib.project_read(id=project.uuid)
self._vnc_lib.set_tags(
proj_obj,
self._labels.get_labels_dict(
VncSecurityPolicy.cluster_aps_uuid))
return project