def setupProjectNetworksAndPolicies(self):
self.project_name = "k8s-" + self.namespace.name
self.namespace_name = self.namespace.name
isolated_creds = IsolatedCreds(self.inputs,
self.project_name,
input_file=self.input_file,
logger=self.logger)
self.remove_from_cleanups(isolated_creds.cleanUp)
self.proj_fix = self.create_project(self.project_name,
cleanup=False,
connections=self.connections)
self.proj_inputs = isolated_creds.get_inputs(self.proj_fix)
self.proj_connection = isolated_creds.get_connections(self.proj_inputs)
self.vn1 = self.setup_vn(project_name=self.project_name,
connections=self.proj_connection,
inputs=self.proj_inputs,
vn_name="vn1")
self.logger.info(self.vn1.domain_name)
self.logger.info(self.vn1.project_name)
self.vn1_dict = {
"domain": self.vn1.domain_name,
"project": self.vn1.project_name,
"name": self.vn1.vn_name
}
self.vn2 = self.setup_vn(project_name=self.project_name,
connections=self.proj_connection,
inputs=self.proj_inputs,
vn_name="vn2")
self.logger.info(self.vn2.domain_name)
self.logger.info(self.vn2.project_name)
self.vn2_dict = {
"domain": self.vn2.domain_name,
"project": self.vn2.project_name,
"name": self.vn2.vn_name
}
# Define policy
r1 = [{
'direction': '<>',
'simple_action': 'pass',
'protocol': 'any',
'src_ports': 'any',
'dst_ports': 'any',
'source_network': "vn1",
'dest_network': "vn2",
}]
# Create Policy
self.nw_policy_fix = self.useFixture(
PolicyFixture(policy_name="p1",
rules_list=r1,
inputs=self.proj_inputs,
connections=self.proj_connection))
self.attach_v1_fix = self.useFixture(
AttachPolicyFixture(self.proj_inputs, self.proj_connection,
self.vn1, self.nw_policy_fix))
self.attach_v2_fix = self.useFixture(
AttachPolicyFixture(self.proj_inputs, self.proj_connection,
self.vn2, self.nw_policy_fix))
def attach_policy_to_vn(self, policy_fix, vn_fix, policy_type=None):
policy_attach_fix = self.useFixture(
AttachPolicyFixture(self.inputs, self.connections, vn_fix,
policy_fix, policy_type))
return policy_attach_fix
def run_test(self,
vn1_name,
tag_type,
tag_value,
tag_obj_name,
vn2_name=None,
tag2_value=None,
inter_compute=False,
cleanup=True):
project_name = "k8s-" + self.namespace.name
isolated_creds = IsolatedCreds(self.inputs,
project_name,
input_file=self.input_file,
logger=self.logger)
self.remove_from_cleanups(isolated_creds.cleanUp)
proj_fix = self.create_project(project_name=project_name,
cleanup=False,
connections=self.connections)
proj_inputs = isolated_creds.get_inputs(proj_fix)
proj_connection = isolated_creds.get_connections(proj_inputs)
# Create VNs
vn1 = self.setup_vn(project_name=project_name,
connections=proj_connection,
inputs=proj_inputs,
vn_name=vn1_name)
vn1_dict = {
"domain": vn1.domain_name,
"project": vn1.project_name,
"name": vn1.vn_name
}
if vn2_name != None:
vn2 = self.setup_vn(project_name=project_name,
connections=proj_connection,
inputs=proj_inputs,
vn_name=vn2_name)
vn2_dict = {
"domain": vn2.domain_name,
"project": vn2.project_name,
"name": vn2.vn_name
}
# Attach policy btw vn1 and vn2 to allow all traffic
pol_rules_vn1_vn2 = [
{
'direction': '<>',
'simple_action': 'pass',
'protocol': 'any',
'src_ports': 'any',
'dst_ports': 'any',
'source_network': vn1_name,
'dest_network': vn2_name,
},
]
policy1_name = 'p1_vn1_vn2'
policy1_fixture = self.useFixture(
PolicyFixture(policy_name=policy1_name,
rules_list=pol_rules_vn1_vn2,
inputs=proj_inputs,
connections=proj_connection))
policy_attach_fix1 = self.useFixture(
AttachPolicyFixture(proj_inputs, proj_connection, vn1,
policy1_fixture))
policy_attach_fix1 = self.useFixture(
AttachPolicyFixture(proj_inputs, proj_connection, vn2,
policy1_fixture))
else:
vn2_dict = None
vn2 = None
policy1_fixture = None
# Create 2 pods
namespace_name = self.namespace.name
compute_label_list, compute_count = self.connections.k8s_client.get_kubernetes_compute_labels(
)
compute_selector_1 = {'computenode': compute_label_list[0]}
if inter_compute and compute_count >= 2:
compute_selector_2 = {'computenode': compute_label_list[1]}
else:
compute_selector_2 = compute_selector_1
pod1 = self.setup_busybox_pod(namespace=namespace_name,
custom_isolation=True,
fq_network_name=vn1_dict,
compute_node_selector=compute_selector_1)
assert pod1.verify_on_setup()
pod2 = self.setup_busybox_pod(namespace=namespace_name,
custom_isolation=True,
fq_network_name=(vn2_dict or vn1_dict),
compute_node_selector=compute_selector_2)
assert pod2.verify_on_setup()
assert pod1.ping_with_certainty(pod2.pod_ip)
self.addCleanup(self.perform_cleanup, pod1)
self.addCleanup(self.perform_cleanup, pod2)
# Create tags
fq_name1 = [
'default-domain', project_name,
'%s=%s' % (tag_type, tag_value)
]
tag1 = self.create_tag(fq_name=fq_name1,
tag_type=tag_type,
tag_value=tag_value,
parent_type='project')
self.addCleanup(self.vnc_h.delete_tag, id=tag1)
if tag2_value != None:
fq_name2 = [
'default-domain', project_name,
'%s=%s' % (tag_type, tag2_value)
]
tag2 = self.create_tag(fq_name=fq_name1,
tag_type=tag_type,
tag_value=tag2_value,
parent_type='project')
self.addCleanup(self.vnc_h.delete_tag, id=tag2)
app_tag_name = 'myk8s'
fq_name3 = [
'default-domain', project_name,
'%s=%s' % ('application', 'myk8s')
]
apptag = self.create_tag(fq_name=fq_name3,
tag_type='application',
tag_value=app_tag_name,
parent_type='project')
self.addCleanup(self.vnc_h.delete_tag, id=apptag)
# Apply tag
tag_obj_list = []
tag_value_list = []
if tag_obj_name == 'project':
project_fq_name = ['default-domain', project_name]
tag_obj = self.read_project_obj(project_fq_name=project_fq_name)
tag_obj_list.append(tag_obj)
tag_value_list.append(tag_value)
elif tag_obj_name == 'vmi':
tag_obj1 = self.read_virtual_machine_interface(
id=pod1.vmi_objs[0].uuid)
tag_obj_list.append(tag_obj1)
tag_value_list.append(tag_value)
tag_obj2 = self.read_virtual_machine_interface(
id=pod2.vmi_objs[0].uuid)
tag_obj_list.append(tag_obj2)
tag_value_list.append(tag2_value or tag_value)
elif tag_obj_name == 'vn':
vn_name = ['default-domain', project_name, '%s' % (vn1_name)]
tag_obj = self.read_virtual_network(fq_name=vn_name)
tag_obj_list.append(tag_obj)
tag_value_list.append(tag_value)
if vn2_name:
vn_name = ['default-domain', project_name, '%s' % (vn2_name)]
tag_obj = self.read_virtual_network(fq_name=vn_name)
tag_obj_list.append(tag_obj)
tag_value_list.append(tag2_value or tag_value)
for tag_obj, tagv in zip(tag_obj_list, tag_value_list):
self.set_tag(tag_type=tag_type, tag_value=tagv, obj=tag_obj)
self.set_tag(tag_type='application',
tag_value=app_tag_name,
obj=tag_obj)
# Create FW rule
site_ep1 = {'tags': ['%s=%s' % (tag_type, tag_value)]}
if tag2_value != None:
site_ep2 = {'tags': ['%s=%s' % (tag_type, tag2_value)]}
else:
site_ep2 = None
fwr_fqname = ['default-domain', project_name, 'my_fwr']
fwr_uuid = self.vnc_h.create_firewall_rule(fq_name=fwr_fqname,
parent_type='project',
service_groups=[],
protocol='icmp',
source=site_ep1,
destination=(site_ep2
or site_ep1),
action='pass',
direction="<>")
rule_obj = self.vnc_h.firewall_rule_read(id=fwr_uuid)
rule_obj.set_action_list(
ActionListType(host_based_service=True, simple_action="pass"))
self.vnc_h.firewall_rule_update(rule_obj)
self.addCleanup(self.vnc_h.delete_firewall_rule, id=fwr_uuid)
# Create FW policy and add the rule
rules = [{'uuid': fwr_uuid, 'seq_no': 20}]
fwp_policy_fqname = ['default-domain', project_name, 'fw_pol']
fwp_uuid = self.vnc_h.create_firewall_policy(parent_type='project',
fq_name=fwp_policy_fqname,
rules=rules)
fwp_obj = self.vnc_h.read_firewall_policy(fq_name=fwp_policy_fqname)
self.addCleanup(self.vnc_h.delete_firewall_policy, id=fwp_uuid)
# Create an APS and add the policy
aps_fqname = ['default-domain', project_name, 'myaps']
aps_uuid = self.vnc_h.create_application_policy_set(
fq_name=aps_fqname,
parent_type='project',
policies=[{
'uuid': fwp_uuid,
'seq_no': 20
}])
self.addCleanup(self.vnc_h.delete_application_policy_set, id=aps_uuid)
self.vnc_h.set_tag('application', app_tag_name, False, None,
'application-policy-set', aps_uuid)
#import pdb; pdb.set_trace()
assert pod1.ping_with_certainty(pod2.pod_ip,
expectation=True,
count='5',
hbf_enabled=True)
# Cleanups
for tag_obj in tag_obj_list:
self.addCleanup(self.vnc_h.unset_tag,
tag_type=tag_type,
obj=tag_obj)
self.addCleanup(self.vnc_h.unset_tag,
tag_type='application',
obj=tag_obj)
'''
self.addCleanup(self.vnc_h.delete_tag, id=tag1)
if tag2_value != None:
self.addCleanup(self.vnc_h.delete_tag, id=tag2)
self.addCleanup(self.vnc_h.delete_tag, id=apptag)
'''
return policy1_fixture, pod1, pod2, fwp_obj, project_name