def setupProjectNetworksAndPolicies(self): self.project_name = "k8s-" + self.namespace.name self.namespace_name = self.namespace.name isolated_creds = IsolatedCreds(self.inputs, self.project_name, input_file=self.input_file, logger=self.logger) self.remove_from_cleanups(isolated_creds.cleanUp) self.proj_fix = self.create_project(self.project_name, cleanup=False, connections=self.connections) self.proj_inputs = isolated_creds.get_inputs(self.proj_fix) self.proj_connection = isolated_creds.get_connections(self.proj_inputs) self.vn1 = self.setup_vn(project_name=self.project_name, connections=self.proj_connection, inputs=self.proj_inputs, vn_name="vn1") self.logger.info(self.vn1.domain_name) self.logger.info(self.vn1.project_name) self.vn1_dict = { "domain": self.vn1.domain_name, "project": self.vn1.project_name, "name": self.vn1.vn_name } self.vn2 = self.setup_vn(project_name=self.project_name, connections=self.proj_connection, inputs=self.proj_inputs, vn_name="vn2") self.logger.info(self.vn2.domain_name) self.logger.info(self.vn2.project_name) self.vn2_dict = { "domain": self.vn2.domain_name, "project": self.vn2.project_name, "name": self.vn2.vn_name } # Define policy r1 = [{ 'direction': '<>', 'simple_action': 'pass', 'protocol': 'any', 'src_ports': 'any', 'dst_ports': 'any', 'source_network': "vn1", 'dest_network': "vn2", }] # Create Policy self.nw_policy_fix = self.useFixture( PolicyFixture(policy_name="p1", rules_list=r1, inputs=self.proj_inputs, connections=self.proj_connection)) self.attach_v1_fix = self.useFixture( AttachPolicyFixture(self.proj_inputs, self.proj_connection, self.vn1, self.nw_policy_fix)) self.attach_v2_fix = self.useFixture( AttachPolicyFixture(self.proj_inputs, self.proj_connection, self.vn2, self.nw_policy_fix))
def test_update_default_quota_for_new_tenant(self): result = True self.update_default_quota_list( subnet=3, virtual_network=3, floating_ip=10, logical_router=10, security_group_rule=10, virtual_machine_interface=5, security_group=5) project_name = 'Project' isolated_creds = IsolatedCreds( self.admin_inputs, project_name, input_file=self.input_file, logger=self.logger) project_obj = self.admin_isolated_creds.create_tenant(isolated_creds.project_name) self.admin_isolated_creds.create_and_attach_user_to_tenant(project_obj, isolated_creds.username,isolated_creds.password) proj_inputs = isolated_creds.get_inputs(project_obj) proj_connection = project_obj.get_project_connections() resource_dict = self.create_quota_test_resources( proj_inputs, proj_connection, vn_count=3, router_count=10, secgrp_count=4, secgep_rule_count=8, fip_count=10, port_count=5) for item in resource_dict.keys(): if item != 'vn_fix': if None in resource_dict[item]: result = False self.logger.error( "Error while creating resource within quota limit for %s please check logs " % (item)) (vn_name, vn_fix) = resource_dict['vn_fix']._vn_fixtures[1] sg_objs = resource_dict['sg_grps'] response_dict = self.verify_quota_limit( proj_inputs, proj_connection, vn_fix, sg_objs[0]) for item in response_dict.keys(): if response_dict[item]: result = False self.logger.error("Quota limit not followed for %s " % (item)) assert result, 'Quota tests failed'
def test_update_default_quota_for_new_tenant(self): result = True self.update_default_quota_list( subnet=3, virtual_network=3, floating_ip=10, logical_router=10, security_group_rule=10, virtual_machine_interface=5, security_group=5) project_name = 'Project' isolated_creds = IsolatedCreds( self.admin_inputs, project_name, input_file=self.input_file, logger=self.logger) project_obj = self.admin_isolated_creds.create_tenant(isolated_creds.project_name) self.admin_isolated_creds.create_and_attach_user_to_tenant(project_obj, isolated_creds.username,isolated_creds.password) proj_inputs = isolated_creds.get_inputs(project_obj) proj_connection = project_obj.get_project_connections() resource_dict = self.create_quota_test_resources( proj_inputs, proj_connection, vn_count=3, router_count=10, secgrp_count=4, secgep_rule_count=8, fip_count=10, port_count=5) for item in list(resource_dict.keys()): if item != 'vn_fix': if None in resource_dict[item]: result = False self.logger.error( "Error while creating resource within quota limit for %s please check logs " % (item)) (vn_name, vn_fix) = resource_dict['vn_fix']._vn_fixtures[1] sg_objs = resource_dict['sg_grps'] response_dict = self.verify_quota_limit( proj_inputs, proj_connection, vn_fix, sg_objs[0]) for item in list(response_dict.keys()): if response_dict[item]: result = False self.logger.error("Quota limit not followed for %s " % (item)) assert result, 'Quota tests failed'
def run_test(self, vn1_name, tag_type, tag_value, tag_obj_name, vn2_name=None, tag2_value=None, inter_compute=False, cleanup=True): project_name = "k8s-" + self.namespace.name isolated_creds = IsolatedCreds(self.inputs, project_name, input_file=self.input_file, logger=self.logger) self.remove_from_cleanups(isolated_creds.cleanUp) proj_fix = self.create_project(project_name=project_name, cleanup=False, connections=self.connections) proj_inputs = isolated_creds.get_inputs(proj_fix) proj_connection = isolated_creds.get_connections(proj_inputs) # Create VNs vn1 = self.setup_vn(project_name=project_name, connections=proj_connection, inputs=proj_inputs, vn_name=vn1_name) vn1_dict = { "domain": vn1.domain_name, "project": vn1.project_name, "name": vn1.vn_name } if vn2_name != None: vn2 = self.setup_vn(project_name=project_name, connections=proj_connection, inputs=proj_inputs, vn_name=vn2_name) vn2_dict = { "domain": vn2.domain_name, "project": vn2.project_name, "name": vn2.vn_name } # Attach policy btw vn1 and vn2 to allow all traffic pol_rules_vn1_vn2 = [ { 'direction': '<>', 'simple_action': 'pass', 'protocol': 'any', 'src_ports': 'any', 'dst_ports': 'any', 'source_network': vn1_name, 'dest_network': vn2_name, }, ] policy1_name = 'p1_vn1_vn2' policy1_fixture = self.useFixture( PolicyFixture(policy_name=policy1_name, rules_list=pol_rules_vn1_vn2, inputs=proj_inputs, connections=proj_connection)) policy_attach_fix1 = self.useFixture( AttachPolicyFixture(proj_inputs, proj_connection, vn1, policy1_fixture)) policy_attach_fix1 = self.useFixture( AttachPolicyFixture(proj_inputs, proj_connection, vn2, policy1_fixture)) else: vn2_dict = None vn2 = None policy1_fixture = None # Create 2 pods namespace_name = self.namespace.name compute_label_list, compute_count = self.connections.k8s_client.get_kubernetes_compute_labels( ) compute_selector_1 = {'computenode': compute_label_list[0]} if inter_compute and compute_count >= 2: compute_selector_2 = {'computenode': compute_label_list[1]} else: compute_selector_2 = compute_selector_1 pod1 = self.setup_busybox_pod(namespace=namespace_name, custom_isolation=True, fq_network_name=vn1_dict, compute_node_selector=compute_selector_1) assert pod1.verify_on_setup() pod2 = self.setup_busybox_pod(namespace=namespace_name, custom_isolation=True, fq_network_name=(vn2_dict or vn1_dict), compute_node_selector=compute_selector_2) assert pod2.verify_on_setup() assert pod1.ping_with_certainty(pod2.pod_ip) self.addCleanup(self.perform_cleanup, pod1) self.addCleanup(self.perform_cleanup, pod2) # Create tags fq_name1 = [ 'default-domain', project_name, '%s=%s' % (tag_type, tag_value) ] tag1 = self.create_tag(fq_name=fq_name1, tag_type=tag_type, tag_value=tag_value, parent_type='project') self.addCleanup(self.vnc_h.delete_tag, id=tag1) if tag2_value != None: fq_name2 = [ 'default-domain', project_name, '%s=%s' % (tag_type, tag2_value) ] tag2 = self.create_tag(fq_name=fq_name1, tag_type=tag_type, tag_value=tag2_value, parent_type='project') self.addCleanup(self.vnc_h.delete_tag, id=tag2) app_tag_name = 'myk8s' fq_name3 = [ 'default-domain', project_name, '%s=%s' % ('application', 'myk8s') ] apptag = self.create_tag(fq_name=fq_name3, tag_type='application', tag_value=app_tag_name, parent_type='project') self.addCleanup(self.vnc_h.delete_tag, id=apptag) # Apply tag tag_obj_list = [] tag_value_list = [] if tag_obj_name == 'project': project_fq_name = ['default-domain', project_name] tag_obj = self.read_project_obj(project_fq_name=project_fq_name) tag_obj_list.append(tag_obj) tag_value_list.append(tag_value) elif tag_obj_name == 'vmi': tag_obj1 = self.read_virtual_machine_interface( id=pod1.vmi_objs[0].uuid) tag_obj_list.append(tag_obj1) tag_value_list.append(tag_value) tag_obj2 = self.read_virtual_machine_interface( id=pod2.vmi_objs[0].uuid) tag_obj_list.append(tag_obj2) tag_value_list.append(tag2_value or tag_value) elif tag_obj_name == 'vn': vn_name = ['default-domain', project_name, '%s' % (vn1_name)] tag_obj = self.read_virtual_network(fq_name=vn_name) tag_obj_list.append(tag_obj) tag_value_list.append(tag_value) if vn2_name: vn_name = ['default-domain', project_name, '%s' % (vn2_name)] tag_obj = self.read_virtual_network(fq_name=vn_name) tag_obj_list.append(tag_obj) tag_value_list.append(tag2_value or tag_value) for tag_obj, tagv in zip(tag_obj_list, tag_value_list): self.set_tag(tag_type=tag_type, tag_value=tagv, obj=tag_obj) self.set_tag(tag_type='application', tag_value=app_tag_name, obj=tag_obj) # Create FW rule site_ep1 = {'tags': ['%s=%s' % (tag_type, tag_value)]} if tag2_value != None: site_ep2 = {'tags': ['%s=%s' % (tag_type, tag2_value)]} else: site_ep2 = None fwr_fqname = ['default-domain', project_name, 'my_fwr'] fwr_uuid = self.vnc_h.create_firewall_rule(fq_name=fwr_fqname, parent_type='project', service_groups=[], protocol='icmp', source=site_ep1, destination=(site_ep2 or site_ep1), action='pass', direction="<>") rule_obj = self.vnc_h.firewall_rule_read(id=fwr_uuid) rule_obj.set_action_list( ActionListType(host_based_service=True, simple_action="pass")) self.vnc_h.firewall_rule_update(rule_obj) self.addCleanup(self.vnc_h.delete_firewall_rule, id=fwr_uuid) # Create FW policy and add the rule rules = [{'uuid': fwr_uuid, 'seq_no': 20}] fwp_policy_fqname = ['default-domain', project_name, 'fw_pol'] fwp_uuid = self.vnc_h.create_firewall_policy(parent_type='project', fq_name=fwp_policy_fqname, rules=rules) fwp_obj = self.vnc_h.read_firewall_policy(fq_name=fwp_policy_fqname) self.addCleanup(self.vnc_h.delete_firewall_policy, id=fwp_uuid) # Create an APS and add the policy aps_fqname = ['default-domain', project_name, 'myaps'] aps_uuid = self.vnc_h.create_application_policy_set( fq_name=aps_fqname, parent_type='project', policies=[{ 'uuid': fwp_uuid, 'seq_no': 20 }]) self.addCleanup(self.vnc_h.delete_application_policy_set, id=aps_uuid) self.vnc_h.set_tag('application', app_tag_name, False, None, 'application-policy-set', aps_uuid) #import pdb; pdb.set_trace() assert pod1.ping_with_certainty(pod2.pod_ip, expectation=True, count='5', hbf_enabled=True) # Cleanups for tag_obj in tag_obj_list: self.addCleanup(self.vnc_h.unset_tag, tag_type=tag_type, obj=tag_obj) self.addCleanup(self.vnc_h.unset_tag, tag_type='application', obj=tag_obj) ''' self.addCleanup(self.vnc_h.delete_tag, id=tag1) if tag2_value != None: self.addCleanup(self.vnc_h.delete_tag, id=tag2) self.addCleanup(self.vnc_h.delete_tag, id=apptag) ''' return policy1_fixture, pod1, pod2, fwp_obj, project_name
def test_quota_update_of_new_project_by_admin(self): '''Launch two custom tenants, quota update by admin tenant should be successful quota update of one custom tenant by other should fail ''' result = True quota_dict = { 'subnet': 3, 'router': 5, 'network': 3, 'floatingip': 4, 'port': 5, 'security_group': 4, 'security_group_rule': 6 } project_name = get_random_name('project1') isolated_creds = IsolatedCreds(project_name, self.admin_inputs, ini_file=self.ini_file, logger=self.logger) isolated_creds.setUp() project_obj = isolated_creds.create_tenant() isolated_creds.create_and_attach_user_to_tenant() proj_inputs = isolated_creds.get_inputs() proj_connection = isolated_creds.get_conections() project_name1 = get_random_name('project2') isolated_creds1 = IsolatedCreds(project_name1, self.admin_inputs, ini_file=self.ini_file, logger=self.logger) isolated_creds1.setUp() project_obj1 = isolated_creds1.create_tenant() isolated_creds1.create_and_attach_user_to_tenant() proj_inputs1 = isolated_creds1.get_inputs() proj_connection1 = isolated_creds1.get_conections() self.logger.info( "Update quota for tenant %s to: \n %s by admin tenat " % (proj_inputs1.project_name, quota_dict)) quota_rsp = self.admin_connections.quantum_h.update_quota( project_obj1.uuid, quota_dict) quota_show_dict = self.admin_connections.quantum_h.show_quota( project_obj1.uuid) for neutron_obj in quota_rsp['quota']: if quota_rsp['quota'][neutron_obj] != quota_show_dict['quota'][ neutron_obj]: self.logger.error( "Quota update unsuccessful for %s for %s tenant " % (neutron_obj, project_name1)) result = False assert result, 'Quota update by admin tenant failed' self.logger.info("Quota for tenant %s updated to : \n %s" % (proj_inputs1.project_name, quota_show_dict)) self.logger.info( "Try to update quota for tenant %s to : \n %s by tenant %s" % (proj_inputs1.project_name, quota_dict, proj_inputs.project_name)) result1 = proj_connection.quantum_h.update_quota( project_obj1.uuid, quota_dict) assert not result1, 'Quota update of %s by %s successful not expected' % ( project_name1, project_name) self.logger.info( "Quota for tenant %s still set to : \n %s as expected " % (proj_inputs1.project_name, quota_show_dict))
def test_quota_update_of_new_project_by_admin(self): '''Launch two custom tenants, quota update by admin tenant should be successful quota update of one custom tenant by other should fail ''' result = True quota_dict = { 'subnet': 3, 'router': 5, 'network': 3, 'floatingip': 4, 'port': 5, 'security_group': 4, 'security_group_rule': 6} project_name = get_random_name('project1') isolated_creds = IsolatedCreds( self.admin_inputs, project_name, input_file=self.input_file, logger=self.logger) project_obj = self.admin_isolated_creds.create_tenant(isolated_creds.project_name) self.admin_isolated_creds.create_and_attach_user_to_tenant(project_obj, isolated_creds.username,isolated_creds.password) proj_inputs = isolated_creds.get_inputs(project_obj) proj_connection = project_obj.get_project_connections() project_name1 = get_random_name('project2') isolated_creds1 = IsolatedCreds( self.admin_inputs, project_name1, input_file=self.input_file, logger=self.logger) project_obj1 = self.admin_isolated_creds.create_tenant(isolated_creds1.project_name) self.admin_isolated_creds.create_and_attach_user_to_tenant(project_obj1, isolated_creds1.username,isolated_creds1.password) proj_inputs1 = isolated_creds1.get_inputs(project_obj1) proj_connection1 = project_obj1.get_project_connections() self.logger.info( "Update quota for tenant %s to: \n %s by admin tenat " % (proj_inputs1.project_name, quota_dict)) quota_rsp = self.admin_connections.quantum_h.update_quota( project_obj1.uuid, quota_dict) quota_show_dict = self.admin_connections.quantum_h.show_quota( project_obj1.uuid) for neutron_obj in quota_rsp['quota']: if quota_rsp['quota'][neutron_obj] != quota_show_dict[ 'quota'][neutron_obj]: self.logger.error( "Quota update unsuccessful for %s for %s tenant " % (neutron_obj, project_name1)) result = False assert result, 'Quota update by admin tenant failed' self.logger.info( "Quota for tenant %s updated to : \n %s" % (proj_inputs1.project_name, quota_show_dict)) self.logger.info( "Try to update quota for tenant %s to : \n %s by tenant %s" % (proj_inputs1.project_name, quota_dict, proj_inputs.project_name)) result1 = proj_connection.quantum_h.update_quota( project_obj1.uuid, quota_dict) assert not result1, 'Quota update of %s by %s successful not expected' % ( project_name1, project_name) self.logger.info( "Quota for tenant %s still set to : \n %s as expected " % (proj_inputs1.project_name, quota_show_dict))