示例#1
0
    def setupProjectNetworksAndPolicies(self):
        self.project_name = "k8s-" + self.namespace.name
        self.namespace_name = self.namespace.name
        isolated_creds = IsolatedCreds(self.inputs,
                                       self.project_name,
                                       input_file=self.input_file,
                                       logger=self.logger)
        self.remove_from_cleanups(isolated_creds.cleanUp)
        self.proj_fix = self.create_project(self.project_name,
                                            cleanup=False,
                                            connections=self.connections)
        self.proj_inputs = isolated_creds.get_inputs(self.proj_fix)
        self.proj_connection = isolated_creds.get_connections(self.proj_inputs)

        self.vn1 = self.setup_vn(project_name=self.project_name,
                                 connections=self.proj_connection,
                                 inputs=self.proj_inputs,
                                 vn_name="vn1")
        self.logger.info(self.vn1.domain_name)
        self.logger.info(self.vn1.project_name)
        self.vn1_dict = {
            "domain": self.vn1.domain_name,
            "project": self.vn1.project_name,
            "name": self.vn1.vn_name
        }
        self.vn2 = self.setup_vn(project_name=self.project_name,
                                 connections=self.proj_connection,
                                 inputs=self.proj_inputs,
                                 vn_name="vn2")
        self.logger.info(self.vn2.domain_name)
        self.logger.info(self.vn2.project_name)
        self.vn2_dict = {
            "domain": self.vn2.domain_name,
            "project": self.vn2.project_name,
            "name": self.vn2.vn_name
        }

        # Define policy
        r1 = [{
            'direction': '<>',
            'simple_action': 'pass',
            'protocol': 'any',
            'src_ports': 'any',
            'dst_ports': 'any',
            'source_network': "vn1",
            'dest_network': "vn2",
        }]
        # Create Policy
        self.nw_policy_fix = self.useFixture(
            PolicyFixture(policy_name="p1",
                          rules_list=r1,
                          inputs=self.proj_inputs,
                          connections=self.proj_connection))
        self.attach_v1_fix = self.useFixture(
            AttachPolicyFixture(self.proj_inputs, self.proj_connection,
                                self.vn1, self.nw_policy_fix))
        self.attach_v2_fix = self.useFixture(
            AttachPolicyFixture(self.proj_inputs, self.proj_connection,
                                self.vn2, self.nw_policy_fix))
示例#2
0
    def test_update_default_quota_for_new_tenant(self):
        result = True

        self.update_default_quota_list(
            subnet=3,
            virtual_network=3,
            floating_ip=10,
            logical_router=10,
            security_group_rule=10,
            virtual_machine_interface=5,
            security_group=5)

        project_name = 'Project'
        isolated_creds = IsolatedCreds(
            self.admin_inputs,
            project_name,
            input_file=self.input_file,
            logger=self.logger)
        project_obj = self.admin_isolated_creds.create_tenant(isolated_creds.project_name)
        self.admin_isolated_creds.create_and_attach_user_to_tenant(project_obj,
                            isolated_creds.username,isolated_creds.password)
        proj_inputs = isolated_creds.get_inputs(project_obj)
        proj_connection = project_obj.get_project_connections()
        resource_dict = self.create_quota_test_resources(
            proj_inputs,
            proj_connection,
            vn_count=3,
            router_count=10,
            secgrp_count=4,
            secgep_rule_count=8,
            fip_count=10,
            port_count=5)

        for item in resource_dict.keys():
            if item != 'vn_fix':
                if None in resource_dict[item]:
                    result = False
                    self.logger.error(
                        "Error while creating resource within quota limit for %s please check logs " %
                        (item))

        (vn_name, vn_fix) = resource_dict['vn_fix']._vn_fixtures[1]
        sg_objs = resource_dict['sg_grps']

        response_dict = self.verify_quota_limit(
            proj_inputs,
            proj_connection,
            vn_fix,
            sg_objs[0])
        for item in response_dict.keys():
            if response_dict[item]:
                result = False
                self.logger.error("Quota limit not followed for %s " % (item))

        assert result, 'Quota tests failed'
    def test_update_default_quota_for_new_tenant(self):
        result = True

        self.update_default_quota_list(
            subnet=3,
            virtual_network=3,
            floating_ip=10,
            logical_router=10,
            security_group_rule=10,
            virtual_machine_interface=5,
            security_group=5)

        project_name = 'Project'
        isolated_creds = IsolatedCreds(
            self.admin_inputs,
            project_name,
            input_file=self.input_file,
            logger=self.logger)
        project_obj = self.admin_isolated_creds.create_tenant(isolated_creds.project_name)
        self.admin_isolated_creds.create_and_attach_user_to_tenant(project_obj,
                            isolated_creds.username,isolated_creds.password)
        proj_inputs = isolated_creds.get_inputs(project_obj)
        proj_connection = project_obj.get_project_connections()
        resource_dict = self.create_quota_test_resources(
            proj_inputs,
            proj_connection,
            vn_count=3,
            router_count=10,
            secgrp_count=4,
            secgep_rule_count=8,
            fip_count=10,
            port_count=5)

        for item in list(resource_dict.keys()):
            if item != 'vn_fix':
                if None in resource_dict[item]:
                    result = False
                    self.logger.error(
                        "Error while creating resource within quota limit for %s please check logs " %
                        (item))

        (vn_name, vn_fix) = resource_dict['vn_fix']._vn_fixtures[1]
        sg_objs = resource_dict['sg_grps']

        response_dict = self.verify_quota_limit(
            proj_inputs,
            proj_connection,
            vn_fix,
            sg_objs[0])
        for item in list(response_dict.keys()):
            if response_dict[item]:
                result = False
                self.logger.error("Quota limit not followed for %s " % (item))

        assert result, 'Quota tests failed'
示例#4
0
    def run_test(self,
                 vn1_name,
                 tag_type,
                 tag_value,
                 tag_obj_name,
                 vn2_name=None,
                 tag2_value=None,
                 inter_compute=False,
                 cleanup=True):
        project_name = "k8s-" + self.namespace.name
        isolated_creds = IsolatedCreds(self.inputs,
                                       project_name,
                                       input_file=self.input_file,
                                       logger=self.logger)
        self.remove_from_cleanups(isolated_creds.cleanUp)
        proj_fix = self.create_project(project_name=project_name,
                                       cleanup=False,
                                       connections=self.connections)
        proj_inputs = isolated_creds.get_inputs(proj_fix)
        proj_connection = isolated_creds.get_connections(proj_inputs)

        # Create VNs
        vn1 = self.setup_vn(project_name=project_name,
                            connections=proj_connection,
                            inputs=proj_inputs,
                            vn_name=vn1_name)
        vn1_dict = {
            "domain": vn1.domain_name,
            "project": vn1.project_name,
            "name": vn1.vn_name
        }

        if vn2_name != None:
            vn2 = self.setup_vn(project_name=project_name,
                                connections=proj_connection,
                                inputs=proj_inputs,
                                vn_name=vn2_name)
            vn2_dict = {
                "domain": vn2.domain_name,
                "project": vn2.project_name,
                "name": vn2.vn_name
            }

            # Attach policy btw vn1 and vn2 to allow all traffic
            pol_rules_vn1_vn2 = [
                {
                    'direction': '<>',
                    'simple_action': 'pass',
                    'protocol': 'any',
                    'src_ports': 'any',
                    'dst_ports': 'any',
                    'source_network': vn1_name,
                    'dest_network': vn2_name,
                },
            ]

            policy1_name = 'p1_vn1_vn2'
            policy1_fixture = self.useFixture(
                PolicyFixture(policy_name=policy1_name,
                              rules_list=pol_rules_vn1_vn2,
                              inputs=proj_inputs,
                              connections=proj_connection))

            policy_attach_fix1 = self.useFixture(
                AttachPolicyFixture(proj_inputs, proj_connection, vn1,
                                    policy1_fixture))
            policy_attach_fix1 = self.useFixture(
                AttachPolicyFixture(proj_inputs, proj_connection, vn2,
                                    policy1_fixture))
        else:
            vn2_dict = None
            vn2 = None
            policy1_fixture = None

        # Create 2 pods
        namespace_name = self.namespace.name
        compute_label_list, compute_count = self.connections.k8s_client.get_kubernetes_compute_labels(
        )
        compute_selector_1 = {'computenode': compute_label_list[0]}
        if inter_compute and compute_count >= 2:
            compute_selector_2 = {'computenode': compute_label_list[1]}
        else:
            compute_selector_2 = compute_selector_1

        pod1 = self.setup_busybox_pod(namespace=namespace_name,
                                      custom_isolation=True,
                                      fq_network_name=vn1_dict,
                                      compute_node_selector=compute_selector_1)
        assert pod1.verify_on_setup()
        pod2 = self.setup_busybox_pod(namespace=namespace_name,
                                      custom_isolation=True,
                                      fq_network_name=(vn2_dict or vn1_dict),
                                      compute_node_selector=compute_selector_2)
        assert pod2.verify_on_setup()
        assert pod1.ping_with_certainty(pod2.pod_ip)

        self.addCleanup(self.perform_cleanup, pod1)
        self.addCleanup(self.perform_cleanup, pod2)

        # Create tags
        fq_name1 = [
            'default-domain', project_name,
            '%s=%s' % (tag_type, tag_value)
        ]
        tag1 = self.create_tag(fq_name=fq_name1,
                               tag_type=tag_type,
                               tag_value=tag_value,
                               parent_type='project')
        self.addCleanup(self.vnc_h.delete_tag, id=tag1)
        if tag2_value != None:
            fq_name2 = [
                'default-domain', project_name,
                '%s=%s' % (tag_type, tag2_value)
            ]
            tag2 = self.create_tag(fq_name=fq_name1,
                                   tag_type=tag_type,
                                   tag_value=tag2_value,
                                   parent_type='project')
            self.addCleanup(self.vnc_h.delete_tag, id=tag2)
        app_tag_name = 'myk8s'
        fq_name3 = [
            'default-domain', project_name,
            '%s=%s' % ('application', 'myk8s')
        ]
        apptag = self.create_tag(fq_name=fq_name3,
                                 tag_type='application',
                                 tag_value=app_tag_name,
                                 parent_type='project')
        self.addCleanup(self.vnc_h.delete_tag, id=apptag)

        # Apply tag
        tag_obj_list = []
        tag_value_list = []
        if tag_obj_name == 'project':
            project_fq_name = ['default-domain', project_name]
            tag_obj = self.read_project_obj(project_fq_name=project_fq_name)
            tag_obj_list.append(tag_obj)
            tag_value_list.append(tag_value)
        elif tag_obj_name == 'vmi':
            tag_obj1 = self.read_virtual_machine_interface(
                id=pod1.vmi_objs[0].uuid)
            tag_obj_list.append(tag_obj1)
            tag_value_list.append(tag_value)
            tag_obj2 = self.read_virtual_machine_interface(
                id=pod2.vmi_objs[0].uuid)
            tag_obj_list.append(tag_obj2)
            tag_value_list.append(tag2_value or tag_value)
        elif tag_obj_name == 'vn':
            vn_name = ['default-domain', project_name, '%s' % (vn1_name)]
            tag_obj = self.read_virtual_network(fq_name=vn_name)
            tag_obj_list.append(tag_obj)
            tag_value_list.append(tag_value)
            if vn2_name:
                vn_name = ['default-domain', project_name, '%s' % (vn2_name)]
                tag_obj = self.read_virtual_network(fq_name=vn_name)
                tag_obj_list.append(tag_obj)
                tag_value_list.append(tag2_value or tag_value)
        for tag_obj, tagv in zip(tag_obj_list, tag_value_list):
            self.set_tag(tag_type=tag_type, tag_value=tagv, obj=tag_obj)
            self.set_tag(tag_type='application',
                         tag_value=app_tag_name,
                         obj=tag_obj)

        # Create FW rule
        site_ep1 = {'tags': ['%s=%s' % (tag_type, tag_value)]}
        if tag2_value != None:
            site_ep2 = {'tags': ['%s=%s' % (tag_type, tag2_value)]}
        else:
            site_ep2 = None
        fwr_fqname = ['default-domain', project_name, 'my_fwr']
        fwr_uuid = self.vnc_h.create_firewall_rule(fq_name=fwr_fqname,
                                                   parent_type='project',
                                                   service_groups=[],
                                                   protocol='icmp',
                                                   source=site_ep1,
                                                   destination=(site_ep2
                                                                or site_ep1),
                                                   action='pass',
                                                   direction="<>")

        rule_obj = self.vnc_h.firewall_rule_read(id=fwr_uuid)
        rule_obj.set_action_list(
            ActionListType(host_based_service=True, simple_action="pass"))
        self.vnc_h.firewall_rule_update(rule_obj)
        self.addCleanup(self.vnc_h.delete_firewall_rule, id=fwr_uuid)

        # Create FW policy and add the rule
        rules = [{'uuid': fwr_uuid, 'seq_no': 20}]
        fwp_policy_fqname = ['default-domain', project_name, 'fw_pol']
        fwp_uuid = self.vnc_h.create_firewall_policy(parent_type='project',
                                                     fq_name=fwp_policy_fqname,
                                                     rules=rules)
        fwp_obj = self.vnc_h.read_firewall_policy(fq_name=fwp_policy_fqname)
        self.addCleanup(self.vnc_h.delete_firewall_policy, id=fwp_uuid)

        # Create an APS and add the policy
        aps_fqname = ['default-domain', project_name, 'myaps']
        aps_uuid = self.vnc_h.create_application_policy_set(
            fq_name=aps_fqname,
            parent_type='project',
            policies=[{
                'uuid': fwp_uuid,
                'seq_no': 20
            }])
        self.addCleanup(self.vnc_h.delete_application_policy_set, id=aps_uuid)
        self.vnc_h.set_tag('application', app_tag_name, False, None,
                           'application-policy-set', aps_uuid)

        #import pdb; pdb.set_trace()
        assert pod1.ping_with_certainty(pod2.pod_ip,
                                        expectation=True,
                                        count='5',
                                        hbf_enabled=True)

        # Cleanups
        for tag_obj in tag_obj_list:
            self.addCleanup(self.vnc_h.unset_tag,
                            tag_type=tag_type,
                            obj=tag_obj)
            self.addCleanup(self.vnc_h.unset_tag,
                            tag_type='application',
                            obj=tag_obj)
        '''
        self.addCleanup(self.vnc_h.delete_tag, id=tag1)
        if tag2_value != None:
            self.addCleanup(self.vnc_h.delete_tag, id=tag2)
        self.addCleanup(self.vnc_h.delete_tag, id=apptag)
        '''

        return policy1_fixture, pod1, pod2, fwp_obj, project_name
示例#5
0
    def test_quota_update_of_new_project_by_admin(self):
        '''Launch two custom tenants, quota update by admin tenant should be successful
           quota update of one custom tenant by other should fail
        '''
        result = True
        quota_dict = {
            'subnet': 3,
            'router': 5,
            'network': 3,
            'floatingip': 4,
            'port': 5,
            'security_group': 4,
            'security_group_rule': 6
        }

        project_name = get_random_name('project1')
        isolated_creds = IsolatedCreds(project_name,
                                       self.admin_inputs,
                                       ini_file=self.ini_file,
                                       logger=self.logger)
        isolated_creds.setUp()
        project_obj = isolated_creds.create_tenant()
        isolated_creds.create_and_attach_user_to_tenant()
        proj_inputs = isolated_creds.get_inputs()
        proj_connection = isolated_creds.get_conections()

        project_name1 = get_random_name('project2')
        isolated_creds1 = IsolatedCreds(project_name1,
                                        self.admin_inputs,
                                        ini_file=self.ini_file,
                                        logger=self.logger)
        isolated_creds1.setUp()
        project_obj1 = isolated_creds1.create_tenant()
        isolated_creds1.create_and_attach_user_to_tenant()
        proj_inputs1 = isolated_creds1.get_inputs()
        proj_connection1 = isolated_creds1.get_conections()

        self.logger.info(
            "Update quota for tenant %s to: \n %s by admin tenat " %
            (proj_inputs1.project_name, quota_dict))
        quota_rsp = self.admin_connections.quantum_h.update_quota(
            project_obj1.uuid, quota_dict)
        quota_show_dict = self.admin_connections.quantum_h.show_quota(
            project_obj1.uuid)

        for neutron_obj in quota_rsp['quota']:
            if quota_rsp['quota'][neutron_obj] != quota_show_dict['quota'][
                    neutron_obj]:
                self.logger.error(
                    "Quota update unsuccessful for %s for %s tenant " %
                    (neutron_obj, project_name1))
                result = False
        assert result, 'Quota update by admin tenant failed'
        self.logger.info("Quota for tenant %s updated to : \n %s" %
                         (proj_inputs1.project_name, quota_show_dict))
        self.logger.info(
            "Try to update quota for tenant %s to : \n %s by tenant %s" %
            (proj_inputs1.project_name, quota_dict, proj_inputs.project_name))
        result1 = proj_connection.quantum_h.update_quota(
            project_obj1.uuid, quota_dict)
        assert not result1, 'Quota update of %s by %s successful not expected' % (
            project_name1, project_name)
        self.logger.info(
            "Quota for tenant %s still set to : \n %s as expected " %
            (proj_inputs1.project_name, quota_show_dict))
示例#6
0
    def test_quota_update_of_new_project_by_admin(self):
        '''Launch two custom tenants, quota update by admin tenant should be successful
           quota update of one custom tenant by other should fail
        '''
        result = True
        quota_dict = {
            'subnet': 3,
            'router': 5,
            'network': 3,
            'floatingip': 4,
            'port': 5,
            'security_group': 4,
            'security_group_rule': 6}

        project_name = get_random_name('project1')
        isolated_creds = IsolatedCreds(
            self.admin_inputs,
            project_name,
            input_file=self.input_file,
            logger=self.logger)
        project_obj = self.admin_isolated_creds.create_tenant(isolated_creds.project_name)
        self.admin_isolated_creds.create_and_attach_user_to_tenant(project_obj,
                            isolated_creds.username,isolated_creds.password)
        proj_inputs = isolated_creds.get_inputs(project_obj)
        proj_connection = project_obj.get_project_connections()

        project_name1 = get_random_name('project2')
        isolated_creds1 = IsolatedCreds(
            self.admin_inputs,
            project_name1,
            input_file=self.input_file,
            logger=self.logger)
        project_obj1 = self.admin_isolated_creds.create_tenant(isolated_creds1.project_name)
        self.admin_isolated_creds.create_and_attach_user_to_tenant(project_obj1,
                            isolated_creds1.username,isolated_creds1.password)
        proj_inputs1 = isolated_creds1.get_inputs(project_obj1)
        proj_connection1 = project_obj1.get_project_connections()

        self.logger.info(
            "Update quota for tenant %s to: \n %s by admin tenat " %
            (proj_inputs1.project_name, quota_dict))
        quota_rsp = self.admin_connections.quantum_h.update_quota(
            project_obj1.uuid,
            quota_dict)
        quota_show_dict = self.admin_connections.quantum_h.show_quota(
            project_obj1.uuid)

        for neutron_obj in quota_rsp['quota']:
            if quota_rsp['quota'][neutron_obj] != quota_show_dict[
                    'quota'][neutron_obj]:
                self.logger.error(
                    "Quota update unsuccessful for %s for %s tenant " %
                    (neutron_obj, project_name1))
                result = False
        assert result, 'Quota update by admin tenant failed'
        self.logger.info(
            "Quota for tenant %s updated to : \n %s" %
            (proj_inputs1.project_name, quota_show_dict))
        self.logger.info(
            "Try to update quota for tenant %s to : \n %s by tenant %s" %
            (proj_inputs1.project_name,
             quota_dict,
             proj_inputs.project_name))
        result1 = proj_connection.quantum_h.update_quota(
            project_obj1.uuid,
            quota_dict)
        assert not result1, 'Quota update of %s by %s successful not expected' % (
            project_name1, project_name)
        self.logger.info(
            "Quota for tenant %s still set to : \n %s as expected " %
            (proj_inputs1.project_name, quota_show_dict))