def test_verify_hbf_on_single_project(self):
'''
1. Create hsb object in a namespace
2. verify hbs object in config api and computes.
3. Disable hbs and verify hbs object, vn and vmi are removed
'''
namespace1_name = get_random_name("hbsnamespace")
namespace1_fix = self.useFixture(
NamespaceFixture(connections=self.connections,
name=namespace1_name,
isolation=True))
namespace1_fix.verify_on_setup()
hbs1_name = get_random_name("hbsobj")
hbs1_fix = self.useFixture(
HbsFixture(connections=self.connections,
name=hbs1_name,
namespace=namespace1_name))
hbs1_fix.verify_on_setup()
#self.setup_csrx(namespace_name=namespace1_name)
hbs_config = self.verify_host_based_service(
namespace_name=namespace1_name, hbs_obj_name=hbs1_name)
assert hbs_config == True, "Host Based Service verification Passesd"
# Delete csrx expilictly so vnleft and vnright have no attached vmi
#self.setup_csrx(namespace_name=namespace1_name, delete=True)
self.remove_from_cleanups(hbs1_fix.cleanUp)
self.vnc_lib.host_based_service_delete(fq_name=[
"default-domain",
"k8s-%s" % (namespace1_name),
"%s" % (hbs1_name)
])
hbs_config_disabled = self.verify_host_based_service(
namespace_name=namespace1_name,
hbs_obj_name=hbs1_name,
enabled=False)
assert hbs_config_disabled, "Host Base Service verification failed check logs"
def test_verify_quota_limit_for_host_based_service(self):
'''
1) Create a namespace, attach a hbs object to it quota is 1 here.
2) Try adding one more hbs object to namspace, expect failure.
3) Increase hbs quota to 3 and add 2 hbs objects, verfiy hbs
4) Cleanup should delete namespace.
'''
namespace1_name = get_random_name("hbsnamespace")
namespace1_fix = self.useFixture(
NamespaceFixture(connections=self.connections,
name=namespace1_name,
isolation=True))
namespace1_fix.verify_on_setup()
hbs1_name = get_random_name("hbsobj")
hbs1_fix = self.useFixture(
HbsFixture(connections=self.connections,
name=hbs1_name,
namespace=namespace1_name))
#self.setup_csrx(namespace_name=namespace1_name)
hbs_config = self.verify_host_based_service(
namespace_name=namespace1_name, hbs_obj_name=hbs1_name)
assert hbs_config == True, "Host Based Service verification Passesd"
project_obj = self.vnc_lib.project_read(
fq_name=['default-domain',
'k8s-%s' % (namespace1_name)])
hbs_obj = HostBasedService(get_random_name("hbs_quota"),
parent_obj=project_obj)
try:
self.vnc_lib.host_based_service_create(hbs_obj)
except Exception as e:
self.logger.info("hbs create failed %s" % (e))
def setUpClass(cls):
super(TestNetworkPolicy, cls).setUpClass()
cls.namespace = NamespaceFixture(cls._connections, isolation=True)
cls.namespace.setUp()
cls.namespace.verify_on_setup()
namespace = cls.namespace.name
cls.hbs = HbsFixture(cls._connections, name="hbs", namespace=namespace)
cls.hbs.setUp()
cls.hbs.verify_on_setup()
def test_hbs_with_hbf_type_label(self):
'''
1. Create hbs object in an namespace and verify it on node with label hbf
2. Remove hbf label from compute node, see hbs object is removed from node
3. Label the compute node again with hbf label, verify hbs object on the compute
4. cleanup of hbs object and namespace should succeed
'''
namespace1_name = get_random_name("hbsnamespace")
namespace1_fix = self.useFixture(
NamespaceFixture(connections=self.connections,
name=namespace1_name,
isolation=True))
namespace1_fix.verify_on_setup()
hbs1_name = get_random_name("hbsobj")
hbs1_fix = self.useFixture(
HbsFixture(connections=self.connections,
name=hbs1_name,
namespace=namespace1_name))
#self.setup_csrx(namespace_name=namespace1_name)
hbs_config = self.verify_host_based_service(
namespace_name=namespace1_name, hbs_obj_name=hbs1_name)
assert hbs_config == True, "Host Based Service verification Passesd"
#Remove hbf label form compute zero
remove_label = "kubectl label --overwrite node %s type=" % (
self.inputs.compute_names[0])
output = self.inputs.run_cmd_on_server(self.inputs.k8s_master_ip,
remove_label)
time.sleep(60)
project_fq_name = ['default-domain', 'k8s-%s' % (namespace1_name)]
# csrx interfaces are deleted from compute zero, along with left and right vns
vn_list = self.agent_inspect[
self.inputs.compute_ips[0]].get_vna_vn_list(
domain=project_fq_name[-2], project=project_fq_name[-1])['VNs']
vn_name_list = []
for i in range(len(vn_list)):
x = vn_list[i]['name']
x = x.split(":")
vn_name_list.append(x[-1])
leftvn_name = "__%s-hbf-left__" % (hbs1_name)
right_vn_name = "__%s-hbf-right__" % (hbs1_name)
if ((leftvn_name not in vn_name_list)
and (right_vn_name not in vn_name_list)):
self.logger.info("Hbs interface and vn deleted from compute")
else:
self.logger.error("Hbs virtual networks not deleted from compute")
assert False
# Restore hbf label on comput zero
add_label = "kubectl label --overwrite node %s type=hbf" % (
self.inputs.compute_names[0])
output = self.inputs.run_cmd_on_server(self.inputs.k8s_master_ip,
add_label)
time.sleep(60)
hbs_config = self.verify_host_based_service(
namespace_name=namespace1_name, hbs_obj_name=hbs1_name)
assert hbs_config == True, "Host Based Service verification Passesd"
def setUpClass(cls):
super(TestHbsTraffic, cls).setUpClass()
cls.namespace = NamespaceFixture(cls._connections, isolation=True)
cls.namespace.setUp()
cls.namespace.verify_on_setup()
namespace = cls.namespace.name
cls.hbs = HbsFixture(cls._connections, name="hbs", namespace=namespace)
assert cls._connections.k8s_client.set_label_for_hbf_nodes( \
node_selector='computenode'), "Error : could not label the nodes"
cls.hbs.setUp()
cls.hbs.verify_on_setup()
def setup_namespace(self,
name=None,
isolation = None,
custom_isolation = False,
fq_network_name = None):
isolation = isolation or self.setup_namespace_isolation
if custom_isolation == False:
vn_fq_name = None
return self.useFixture(NamespaceFixture(
connections=self.connections,
name=name, isolation=isolation,
custom_isolation = custom_isolation,
fq_network_name = fq_network_name))
def test_many_add_delete_ns(self):
'''
Delete and add namespace multiple times, validate that there are
no validation errors
#TODO
#Need to add verifications in namespace to make this test more
meaningful
'''
name = get_random_name('ns')
for i in range(0, 10):
namespace = self.useFixture(
NamespaceFixture(self.connections, name=name))
assert namespace.verify_on_setup()
self.perform_cleanup(namespace)
def setup_namespace(self,
name=None,
isolation = None,
ip_fabric_snat = None,
ip_fabric_forwarding = None,
custom_isolation = False,
fq_network_name = None):
isolation = isolation or self.setup_namespace_isolation
if custom_isolation == False:
vn_fq_name = None
return self.useFixture(NamespaceFixture(
connections=self.connections,
name=name, isolation=isolation,
ip_fabric_snat=ip_fabric_snat,
ip_fabric_forwarding=ip_fabric_forwarding,
custom_isolation = custom_isolation,
fq_network_name = fq_network_name))
def check_namespace_creation():
namespace = self.useFixture(
NamespaceFixture(self.connections, name=name))
result = namespace.verify_on_setup()
self.perform_cleanup(namespace)
return result
def test_namespace_1(self):
''' Create and delete a namespace
'''
namespace = self.useFixture(NamespaceFixture(self.connections))
assert namespace.verify_on_setup()
def setUpClass(cls):
super(TestNetworkPolicyRestart, cls).setUpClass()
try:
cls.ns1 = NamespaceFixture(connections=cls.connections,
name="new-default")
cls.ns1.setUp()
cls.ns2 = NamespaceFixture(connections=cls.connections,
name="non-default")
cls.ns2.setUp()
cls.ns3 = NamespaceFixture(connections=cls.connections,
name="temp-ns")
cls.ns3.setUp()
#cls.ns1.set_labels({'project': cls.ns1.name})
cls.ns1.set_labels({'site': cls.ns1.name})
cls.ns2.set_labels({'site': cls.ns2.name})
cls.ns3.set_labels({'new_site': cls.ns3.name})
web_label_ns1, web_label_ns2 = 'webns1', 'webns2'
client1_label_ns1, client1_label_ns2, client1_label_ns3 = 'client1_ns1', 'client1_ns2', 'client1_ns3'
client2_label_ns1, client2_label_ns2, client2_label_ns3 = 'client2_ns1', 'client2_ns2', 'client2_ns3'
client3_label_ns3 = 'client3_ns3'
nginx_spec_1 = {
'containers': [{
'image': 'nginx',
'ports': [{
'container_port': 80
}]
}]
}
nginx_spec_2 = {
'containers': [{
'image': 'nginx',
'ports': [{
'container_port': 80
}]
}]
}
nginx_metadata_ns1 = {'labels': {'app': web_label_ns1}}
nginx_metadata_ns2 = {'labels': {'app': web_label_ns2}}
cls.web_pod_ns1 = PodFixture(connections=cls.connections,
namespace=cls.ns1.name,
metadata=nginx_metadata_ns1,
spec=nginx_spec_1)
cls.web_pod_ns1.setUp()
cls.web_pod_ns2 = PodFixture(connections=cls.connections,
namespace=cls.ns2.name,
metadata=nginx_metadata_ns2,
spec=nginx_spec_2)
cls.web_pod_ns2.setUp()
busybox_spec_1 = {
'containers': [{
'image': 'busybox',
'command': ['sleep', '1000000'],
'image_pull_policy': 'IfNotPresent',
}],
'restart_policy':
'Always'
}
busybox_spec_2 = dict(busybox_spec_1)
busybox_spec_3 = dict(busybox_spec_1)
busybox_spec_4 = dict(busybox_spec_1)
busybox_spec_5 = dict(busybox_spec_1)
busybox_spec_6 = dict(busybox_spec_1)
busybox_spec_7 = dict(busybox_spec_1)
busybox_metadata_c1_ns1 = {'labels': {'app': client1_label_ns1}}
busybox_metadata_c1_ns2 = {'labels': {'app': client1_label_ns2}}
busybox_metadata_c1_ns3 = {'labels': {'app': client1_label_ns3}}
busybox_metadata_c2_ns1 = {'labels': {'app': client2_label_ns1}}
busybox_metadata_c2_ns2 = {'labels': {'app': client2_label_ns2}}
busybox_metadata_c2_ns3 = {'labels': {'app': client2_label_ns3}}
busybox_metadata_c3_ns3 = {'labels': {'app': client3_label_ns3}}
cls.client1_pod_ns1 = PodFixture(connections=cls.connections,
namespace=cls.ns1.name,
metadata=busybox_metadata_c1_ns1,
spec=busybox_spec_1)
cls.client1_pod_ns1.setUp()
cls.client2_pod_ns1 = PodFixture(connections=cls.connections,
namespace=cls.ns1.name,
metadata=busybox_metadata_c2_ns1,
spec=busybox_spec_2)
cls.client2_pod_ns1.setUp()
cls.client1_pod_ns2 = PodFixture(connections=cls.connections,
namespace=cls.ns2.name,
metadata=busybox_metadata_c1_ns2,
spec=busybox_spec_3)
cls.client1_pod_ns2.setUp()
cls.client2_pod_ns2 = PodFixture(connections=cls.connections,
namespace=cls.ns2.name,
metadata=busybox_metadata_c2_ns2,
spec=busybox_spec_4)
cls.client2_pod_ns2.setUp()
cls.client1_pod_ns3 = PodFixture(connections=cls.connections,
namespace=cls.ns3.name,
metadata=busybox_metadata_c1_ns3,
spec=busybox_spec_5)
cls.client1_pod_ns3.setUp()
cls.client2_pod_ns3 = PodFixture(connections=cls.connections,
namespace=cls.ns3.name,
metadata=busybox_metadata_c2_ns3,
spec=busybox_spec_6)
cls.client2_pod_ns3.setUp()
cls.client3_pod_ns3 = PodFixture(connections=cls.connections,
namespace=cls.ns3.name,
metadata=busybox_metadata_c3_ns3,
spec=busybox_spec_7)
cls.client3_pod_ns3.setUp()
assert cls.ns1.verify_on_setup()
assert cls.ns2.verify_on_setup()
assert cls.ns3.verify_on_setup()
assert cls.web_pod_ns1.verify_on_setup()
assert cls.web_pod_ns2.verify_on_setup()
assert cls.client1_pod_ns1.verify_on_setup()
assert cls.client1_pod_ns2.verify_on_setup()
assert cls.client1_pod_ns3.verify_on_setup()
assert cls.client2_pod_ns1.verify_on_setup()
assert cls.client2_pod_ns2.verify_on_setup()
assert cls.client2_pod_ns3.verify_on_setup()
assert cls.client3_pod_ns3.verify_on_setup()
except:
cls.tearDownClass()
raise
def setUp(self):
try:
self.ns1 = NamespaceFixture(connections=self.connections,
name="new-default")
self.ns1.setUp()
self.ns2 = NamespaceFixture(connections=self.connections,
name="non-default")
self.ns2.setUp()
self.ns3 = NamespaceFixture(connections=self.connections,
name="temp-ns")
self.ns3.setUp()
self.ns1.set_labels({'site': self.ns1.name})
self.ns2.set_labels({'site': self.ns2.name})
self.ns3.set_labels({'new_site': self.ns3.name})
web_label_ns1, web_label_ns2 = 'webns1', 'webns2'
client1_label_ns1, client1_label_ns2, client1_label_ns3 = 'client1_ns1', 'client1_ns2', 'client1_ns3'
client2_label_ns1, client2_label_ns2, client2_label_ns3 = 'client2_ns1', 'client2_ns2', 'client2_ns3'
client3_label_ns3 = 'client3_ns3'
nginx_spec_1 = {
'containers': [{
'image': 'nginx',
'ports': [{
'container_port': 80
}]
}]
}
nginx_spec_2 = {
'containers': [{
'image': 'nginx',
'ports': [{
'container_port': 80
}]
}]
}
nginx_metadata_ns1 = {'labels': {'app': web_label_ns1}}
nginx_metadata_ns2 = {'labels': {'app': web_label_ns2}}
self.web_pod_ns1 = PodFixture(connections=self.connections,
namespace=self.ns1.name,
metadata=nginx_metadata_ns1,
spec=nginx_spec_1)
self.web_pod_ns1.setUp()
self.web_pod_ns2 = PodFixture(connections=self.connections,
namespace=self.ns2.name,
metadata=nginx_metadata_ns2,
spec=nginx_spec_2)
self.web_pod_ns2.setUp()
busybox_spec_1 = {
'containers': [{
'image': 'busybox',
'command': ['sleep', '1000000'],
'image_pull_policy': 'IfNotPresent',
}],
'restart_policy':
'Always'
}
busybox_spec_2 = dict(busybox_spec_1)
busybox_spec_3 = dict(busybox_spec_1)
busybox_spec_4 = dict(busybox_spec_1)
busybox_spec_5 = dict(busybox_spec_1)
busybox_spec_6 = dict(busybox_spec_1)
busybox_spec_7 = dict(busybox_spec_1)
busybox_metadata_c1_ns1 = {
'labels': {
'app': client1_label_ns1
}
}
busybox_metadata_c1_ns2 = {
'labels': {
'app': client1_label_ns2
}
}
busybox_metadata_c1_ns3 = {
'labels': {
'app': client1_label_ns3
}
}
busybox_metadata_c2_ns1 = {
'labels': {
'app': client2_label_ns1
}
}
busybox_metadata_c2_ns2 = {
'labels': {
'app': client2_label_ns2
}
}
busybox_metadata_c2_ns3 = {
'labels': {
'app': client2_label_ns3
}
}
busybox_metadata_c3_ns3 = {
'labels': {
'app': client3_label_ns3
}
}
self.client1_pod_ns1 = PodFixture(
connections=self.connections,
namespace=self.ns1.name,
metadata=busybox_metadata_c1_ns1,
spec=busybox_spec_1)
self.client1_pod_ns1.setUp()
self.client2_pod_ns1 = PodFixture(
connections=self.connections,
namespace=self.ns1.name,
metadata=busybox_metadata_c2_ns1,
spec=busybox_spec_2)
self.client2_pod_ns1.setUp()
self.client1_pod_ns2 = PodFixture(
connections=self.connections,
namespace=self.ns2.name,
metadata=busybox_metadata_c1_ns2,
spec=busybox_spec_3)
self.client1_pod_ns2.setUp()
self.client2_pod_ns2 = PodFixture(
connections=self.connections,
namespace=self.ns2.name,
metadata=busybox_metadata_c2_ns2,
spec=busybox_spec_4)
self.client2_pod_ns2.setUp()
self.client1_pod_ns3 = PodFixture(
connections=self.connections,
namespace=self.ns3.name,
metadata=busybox_metadata_c1_ns3,
spec=busybox_spec_5)
self.client1_pod_ns3.setUp()
self.client2_pod_ns3 = PodFixture(
connections=self.connections,
namespace=self.ns3.name,
metadata=busybox_metadata_c2_ns3,
spec=busybox_spec_6)
self.client2_pod_ns3.setUp()
self.client3_pod_ns3 = PodFixture(
connections=self.connections,
namespace=self.ns3.name,
metadata=busybox_metadata_c3_ns3,
spec=busybox_spec_7)
self.client3_pod_ns3.setUp()
assert self.ns1.verify_on_setup()
assert self.ns2.verify_on_setup()
assert self.ns3.verify_on_setup()
assert self.web_pod_ns1.verify_on_setup()
assert self.web_pod_ns2.verify_on_setup()
assert self.client1_pod_ns1.verify_on_setup()
assert self.client1_pod_ns2.verify_on_setup()
assert self.client1_pod_ns3.verify_on_setup()
assert self.client2_pod_ns1.verify_on_setup()
assert self.client2_pod_ns2.verify_on_setup()
assert self.client2_pod_ns3.verify_on_setup()
assert self.client3_pod_ns3.verify_on_setup()
except:
self.cleanUp()
raise
def run_test(self,
vn1_name,
tag_type,
tag_value,
tag_obj_name,
vn2_name=None,
tag2_value=None,
inter_compute=False,
cleanup=True):
namespace1_name = get_random_name("hbsnamespace")
namespace1_fix = self.useFixture(
NamespaceFixture(connections=self.connections,
name=namespace1_name,
isolation=True))
namespace1_fix.verify_on_setup()
hbs1_name = get_random_name("hbsobj")
hbs1_fix = self.useFixture(
HbsFixture(connections=self.connections,
name=hbs1_name,
namespace=namespace1_name))
hbs1_fix.verify_on_setup()
#self.setup_csrx(namespace_name=namespace1_name)
project_name = "k8s-%s" % (namespace1_name)
isolated_creds = IsolatedCreds(self.inputs,
project_name,
input_file=self.input_file,
logger=self.logger)
self.remove_from_cleanups(isolated_creds.cleanUp)
proj_fix = self.create_project(project_name=project_name,
cleanup=False,
connections=self.connections)
proj_inputs = isolated_creds.get_inputs(proj_fix)
proj_connection = isolated_creds.get_connections(proj_inputs)
# Create VNs
vn1 = self.setup_vn(project_name=project_name,
connections=proj_connection,
inputs=proj_inputs,
vn_name=vn1_name)
vn1_dict = {
"domain": vn1.domain_name,
"project": vn1.project_name,
"name": vn1.vn_name
}
if vn2_name != None:
vn2 = self.setup_vn(project_name=project_name,
connections=proj_connection,
inputs=proj_inputs,
vn_name=vn2_name)
vn2_dict = {
"domain": vn2.domain_name,
"project": vn2.project_name,
"name": vn2.vn_name
}
# Attach policy btw vn1 and vn2 to allow all traffic
pol_rules_vn1_vn2 = [
{
'direction': '<>',
'simple_action': 'pass',
'protocol': 'any',
'src_ports': 'any',
'dst_ports': 'any',
'source_network': vn1_name,
'dest_network': vn2_name,
},
]
policy1_name = 'p1_vn1_vn2'
policy1_fixture = self.useFixture(
PolicyFixture(policy_name=policy1_name,
rules_list=pol_rules_vn1_vn2,
inputs=proj_inputs,
connections=proj_connection))
policy_attach_fix1 = self.useFixture(
AttachPolicyFixture(proj_inputs, proj_connection, vn1,
policy1_fixture))
policy_attach_fix1 = self.useFixture(
AttachPolicyFixture(proj_inputs, proj_connection, vn2,
policy1_fixture))
else:
vn2_dict = None
vn2 = None
policy1_fixture = None
# Create 2 pods
namespace_name = namespace1_name
compute_label_list, compute_count = self.connections.k8s_client.get_kubernetes_compute_labels(
)
compute_selector_1 = {'computenode': compute_label_list[0]}
if inter_compute and compute_count >= 2:
compute_selector_2 = {'computenode': compute_label_list[1]}
else:
compute_selector_2 = compute_selector_1
pod1 = self.setup_busybox_pod(namespace=namespace_name,
custom_isolation=True,
fq_network_name=vn1_dict,
compute_node_selector=compute_selector_1)
assert pod1.verify_on_setup()
self.addCleanup(self.perform_cleanup, pod1)
pod2 = self.setup_busybox_pod(namespace=namespace_name,
custom_isolation=True,
fq_network_name=(vn2_dict or vn1_dict),
compute_node_selector=compute_selector_2)
assert pod2.verify_on_setup()
self.addCleanup(self.perform_cleanup, pod2)
assert pod1.ping_with_certainty(pod2.pod_ip)
pod3 = self.setup_busybox_pod(namespace=namespace_name,
custom_isolation=True,
fq_network_name=vn1_dict,
compute_node_selector=compute_selector_1)
assert pod3.verify_on_setup()
self.addCleanup(self.perform_cleanup, pod3)
pod4 = self.setup_busybox_pod(namespace=namespace_name,
custom_isolation=True,
fq_network_name=(vn2_dict or vn1_dict),
compute_node_selector=compute_selector_2)
assert pod4.verify_on_setup()
self.addCleanup(self.perform_cleanup, pod4)
assert pod3.ping_with_certainty(pod4.pod_ip)
# Create tags
fq_name1 = [
'default-domain', project_name,
'%s=%s' % (tag_type, tag_value)
]
tag1 = self.create_tag(fq_name=fq_name1,
tag_type=tag_type,
tag_value=tag_value,
parent_type='project')
self.addCleanup(self.vnc_h.delete_tag, id=tag1)
if tag2_value != None:
fq_name2 = [
'default-domain', project_name,
'%s=%s' % (tag_type, tag2_value)
]
tag2 = self.create_tag(fq_name=fq_name1,
tag_type=tag_type,
tag_value=tag2_value,
parent_type='project')
self.addCleanup(self.vnc_h.delete_tag, id=tag2)
app_tag_name = 'myk8s'
fq_name3 = [
'default-domain', project_name,
'%s=%s' % ('application', 'myk8s')
]
apptag = self.create_tag(fq_name=fq_name3,
tag_type='application',
tag_value=app_tag_name,
parent_type='project')
self.addCleanup(self.vnc_h.delete_tag, id=apptag)
# Apply tag
tag_obj_list = []
tag_value_list = []
if tag_obj_name == 'project':
project_name_fq = ['default-domain', project_name]
tag_obj = self.read_project_obj(project_fq_name=project_name_fq)
tag_obj_list.append(tag_obj)
tag_value_list.append(tag_value)
elif tag_obj_name == 'vmi':
tag_obj1 = self.read_virtual_machine_interface(
id=pod1.vmi_objs[0].uuid)
tag_obj_list.append(tag_obj1)
tag_value_list.append(tag_value)
tag_obj2 = self.read_virtual_machine_interface(
id=pod2.vmi_objs[0].uuid)
tag_obj_list.append(tag_obj2)
tag_value_list.append(tag2_value or tag_value)
elif tag_obj_name == 'vn':
vn_name = ['default-domain', project_name, '%s' % (vn1_name)]
tag_obj = self.read_virtual_network(fq_name=vn_name)
tag_obj_list.append(tag_obj)
tag_value_list.append(tag_value)
if vn2_name:
vn_name = ['default-domain', project_name, '%s' % (vn2_name)]
tag_obj = self.read_virtual_network(fq_name=vn_name)
tag_obj_list.append(tag_obj)
tag_value_list.append(tag2_value or tag_value)
for tag_obj, tagv in zip(tag_obj_list, tag_value_list):
self.set_tag(tag_type=tag_type, tag_value=tagv, obj=tag_obj)
self.set_tag(tag_type='application',
tag_value=app_tag_name,
obj=tag_obj)
# Only add application tag to pod3 and pod4 vmi, used for checking negative case
pod3_vmi = self.read_virtual_machine_interface(
id=pod3.vmi_objs[0].uuid)
pod4_vmi = self.read_virtual_machine_interface(
id=pod4.vmi_objs[0].uuid)
self.set_tag(tag_type='application',
tag_value=app_tag_name,
obj=pod3_vmi)
self.set_tag(tag_type='application',
tag_value=app_tag_name,
obj=pod4_vmi)
self.addCleanup(self.vnc_h.unset_tag,
tag_type='application',
obj=pod3_vmi)
self.addCleanup(self.vnc_h.unset_tag,
tag_type='application',
obj=pod4_vmi)
# Create FW rule
site_ep1 = {'tags': ['%s=%s' % (tag_type, tag_value)]}
if tag2_value != None:
site_ep2 = {'tags': ['%s=%s' % (tag_type, tag2_value)]}
else:
site_ep2 = None
fwr_fqname = ['default-domain', project_name, 'my_fwr']
fwr_uuid = self.vnc_h.create_firewall_rule(fq_name=fwr_fqname,
parent_type='project',
service_groups=[],
protocol='icmp',
source=site_ep1,
destination=(site_ep2
or site_ep1),
action='pass',
direction="<>")
rule_obj = self.vnc_h.firewall_rule_read(id=fwr_uuid)
rule_obj.set_action_list(
ActionListType(host_based_service=True, simple_action="pass"))
self.vnc_h.firewall_rule_update(rule_obj)
self.addCleanup(self.vnc_h.delete_firewall_rule, id=fwr_uuid)
# Create FW policy and add the rule
rules = [{'uuid': fwr_uuid, 'seq_no': 20}]
fwp_policy_fqname = ['default-domain', project_name, 'fw_pol']
fwp_uuid = self.vnc_h.create_firewall_policy(parent_type='project',
fq_name=fwp_policy_fqname,
rules=rules)
fwp_obj = self.vnc_h.read_firewall_policy(fq_name=fwp_policy_fqname)
self.addCleanup(self.vnc_h.delete_firewall_policy, id=fwp_uuid)
# Create an APS and add the policy
aps_fqname = ['default-domain', project_name, 'myaps']
aps_uuid = self.vnc_h.create_application_policy_set(
fq_name=aps_fqname,
parent_type='project',
policies=[{
'uuid': fwp_uuid,
'seq_no': 20
}])
self.addCleanup(self.vnc_h.delete_application_policy_set, id=aps_uuid)
self.vnc_h.set_tag('application', app_tag_name, False, None,
'application-policy-set', aps_uuid)
assert pod1.ping_with_certainty(pod2.pod_ip,
expectation=True,
count='5',
hbf_enabled=True)
assert pod3.ping_with_certainty(pod4.pod_ip,
expectation=False,
count='5',
hbf_enabled=True)
# Cleanups
for tag_obj in tag_obj_list:
self.addCleanup(self.vnc_h.unset_tag,
tag_type=tag_type,
obj=tag_obj)
self.addCleanup(self.vnc_h.unset_tag,
tag_type='application',
obj=tag_obj)
return pod1, pod2, pod3, pod4, namespace1_name
class SharedResources(with_metaclass(Singleton, object)):
def __init__(self, connections):
self.connections = connections
self.setUp()
def setUp(self):
try:
self.ns1 = NamespaceFixture(connections=self.connections,
name="new-default")
self.ns1.setUp()
self.ns2 = NamespaceFixture(connections=self.connections,
name="non-default")
self.ns2.setUp()
self.ns3 = NamespaceFixture(connections=self.connections,
name="temp-ns")
self.ns3.setUp()
self.ns1.set_labels({'site': self.ns1.name})
self.ns2.set_labels({'site': self.ns2.name})
self.ns3.set_labels({'new_site': self.ns3.name})
web_label_ns1, web_label_ns2 = 'webns1', 'webns2'
client1_label_ns1, client1_label_ns2, client1_label_ns3 = 'client1_ns1', 'client1_ns2', 'client1_ns3'
client2_label_ns1, client2_label_ns2, client2_label_ns3 = 'client2_ns1', 'client2_ns2', 'client2_ns3'
client3_label_ns3 = 'client3_ns3'
nginx_spec_1 = {
'containers': [{
'image': 'nginx',
'ports': [{
'container_port': 80
}]
}]
}
nginx_spec_2 = {
'containers': [{
'image': 'nginx',
'ports': [{
'container_port': 80
}]
}]
}
nginx_metadata_ns1 = {'labels': {'app': web_label_ns1}}
nginx_metadata_ns2 = {'labels': {'app': web_label_ns2}}
self.web_pod_ns1 = PodFixture(connections=self.connections,
namespace=self.ns1.name,
metadata=nginx_metadata_ns1,
spec=nginx_spec_1)
self.web_pod_ns1.setUp()
self.web_pod_ns2 = PodFixture(connections=self.connections,
namespace=self.ns2.name,
metadata=nginx_metadata_ns2,
spec=nginx_spec_2)
self.web_pod_ns2.setUp()
busybox_spec_1 = {
'containers': [{
'image': 'busybox',
'command': ['sleep', '1000000'],
'image_pull_policy': 'IfNotPresent',
}],
'restart_policy':
'Always'
}
busybox_spec_2 = dict(busybox_spec_1)
busybox_spec_3 = dict(busybox_spec_1)
busybox_spec_4 = dict(busybox_spec_1)
busybox_spec_5 = dict(busybox_spec_1)
busybox_spec_6 = dict(busybox_spec_1)
busybox_spec_7 = dict(busybox_spec_1)
busybox_metadata_c1_ns1 = {
'labels': {
'app': client1_label_ns1
}
}
busybox_metadata_c1_ns2 = {
'labels': {
'app': client1_label_ns2
}
}
busybox_metadata_c1_ns3 = {
'labels': {
'app': client1_label_ns3
}
}
busybox_metadata_c2_ns1 = {
'labels': {
'app': client2_label_ns1
}
}
busybox_metadata_c2_ns2 = {
'labels': {
'app': client2_label_ns2
}
}
busybox_metadata_c2_ns3 = {
'labels': {
'app': client2_label_ns3
}
}
busybox_metadata_c3_ns3 = {
'labels': {
'app': client3_label_ns3
}
}
self.client1_pod_ns1 = PodFixture(
connections=self.connections,
namespace=self.ns1.name,
metadata=busybox_metadata_c1_ns1,
spec=busybox_spec_1)
self.client1_pod_ns1.setUp()
self.client2_pod_ns1 = PodFixture(
connections=self.connections,
namespace=self.ns1.name,
metadata=busybox_metadata_c2_ns1,
spec=busybox_spec_2)
self.client2_pod_ns1.setUp()
self.client1_pod_ns2 = PodFixture(
connections=self.connections,
namespace=self.ns2.name,
metadata=busybox_metadata_c1_ns2,
spec=busybox_spec_3)
self.client1_pod_ns2.setUp()
self.client2_pod_ns2 = PodFixture(
connections=self.connections,
namespace=self.ns2.name,
metadata=busybox_metadata_c2_ns2,
spec=busybox_spec_4)
self.client2_pod_ns2.setUp()
self.client1_pod_ns3 = PodFixture(
connections=self.connections,
namespace=self.ns3.name,
metadata=busybox_metadata_c1_ns3,
spec=busybox_spec_5)
self.client1_pod_ns3.setUp()
self.client2_pod_ns3 = PodFixture(
connections=self.connections,
namespace=self.ns3.name,
metadata=busybox_metadata_c2_ns3,
spec=busybox_spec_6)
self.client2_pod_ns3.setUp()
self.client3_pod_ns3 = PodFixture(
connections=self.connections,
namespace=self.ns3.name,
metadata=busybox_metadata_c3_ns3,
spec=busybox_spec_7)
self.client3_pod_ns3.setUp()
assert self.ns1.verify_on_setup()
assert self.ns2.verify_on_setup()
assert self.ns3.verify_on_setup()
assert self.web_pod_ns1.verify_on_setup()
assert self.web_pod_ns2.verify_on_setup()
assert self.client1_pod_ns1.verify_on_setup()
assert self.client1_pod_ns2.verify_on_setup()
assert self.client1_pod_ns3.verify_on_setup()
assert self.client2_pod_ns1.verify_on_setup()
assert self.client2_pod_ns2.verify_on_setup()
assert self.client2_pod_ns3.verify_on_setup()
assert self.client3_pod_ns3.verify_on_setup()
except:
self.cleanUp()
raise
def cleanUp(self):
cleanup_list = list()
if getattr(self, 'web_pod_ns1', None):
cleanup_list.append(gevent.spawn(self.web_pod_ns1.cleanUp))
if getattr(self, 'web_pod_ns2', None):
cleanup_list.append(gevent.spawn(self.web_pod_ns2.cleanUp))
if getattr(self, 'client1_pod_ns1', None):
cleanup_list.append(gevent.spawn(self.client1_pod_ns1.cleanUp))
if getattr(self, 'client2_pod_ns1', None):
cleanup_list.append(gevent.spawn(self.client2_pod_ns1.cleanUp))
if getattr(self, 'client1_pod_ns2', None):
cleanup_list.append(gevent.spawn(self.client1_pod_ns2.cleanUp))
if getattr(self, 'client2_pod_ns2', None):
cleanup_list.append(gevent.spawn(self.client2_pod_ns2.cleanUp))
if getattr(self, 'client1_pod_ns3', None):
cleanup_list.append(gevent.spawn(self.client1_pod_ns3.cleanUp))
if getattr(self, 'client2_pod_ns3', None):
cleanup_list.append(gevent.spawn(self.client2_pod_ns3.cleanUp))
if getattr(self, 'client3_pod_ns3', None):
cleanup_list.append(gevent.spawn(self.client3_pod_ns3.cleanUp))
gevent.joinall(cleanup_list)
if getattr(self, 'ns1', None):
self.ns1.cleanUp()
if getattr(self, 'ns2', None):
self.ns2.cleanUp()
if getattr(self, 'ns3', None):
self.ns3.cleanUp()
def setup_namespace(self, name=None):
return self.useFixture(
NamespaceFixture(connections=self.connections,
name=name,
isolation=self.setup_namespace_isolation))
def test_verify_hbf_on_multiple_projects(self):
'''
1) Create 3 projects with host based service enable
2) Verify hbs object in contrail api server
3) Verify left vn, right vn and csrx interface objects on each compute
4) Verify disabling hbs on one namespace, with no effect on others
'''
namespace1_name = get_random_name("hbsnamespace")
namespace1_fix = self.useFixture(
NamespaceFixture(connections=self.connections,
name=namespace1_name,
isolation=True))
namespace1_fix.verify_on_setup()
hbs1_name = get_random_name("hbsobj")
hbs1_fix = self.useFixture(
HbsFixture(connections=self.connections,
name=hbs1_name,
namespace=namespace1_name))
hbs1_fix.verify_on_setup()
#self.setup_csrx(namespace_name=namespace1_name)
hbs_config = self.verify_host_based_service(
namespace_name=namespace1_name, hbs_obj_name=hbs1_name)
assert hbs_config == True, "Host Based Service verification Passesd"
namespace2_name = get_random_name("hbsnamespace")
namespace2_fix = self.useFixture(
NamespaceFixture(connections=self.connections,
name=namespace2_name,
isolation=True))
namespace2_fix.verify_on_setup()
hbs2_name = get_random_name("hbsobj")
hbs2_fix = self.useFixture(
HbsFixture(connections=self.connections,
name=hbs2_name,
namespace=namespace2_name))
hbs2_fix.verify_on_setup()
#self.setup_csrx(namespace_name=namespace2_name)
hbs_config = self.verify_host_based_service(
namespace_name=namespace2_name, hbs_obj_name=hbs2_name)
assert hbs_config == True, "Host Based Service verification Passesd"
namespace3_name = get_random_name("hbsnamespace")
namespace3_fix = self.useFixture(
NamespaceFixture(connections=self.connections,
name=namespace3_name,
isolation=True))
namespace3_fix.verify_on_setup()
hbs3_name = get_random_name("hbsobj")
hbs3_fix = self.useFixture(
HbsFixture(connections=self.connections,
name=hbs3_name,
namespace=namespace3_name))
hbs3_fix.verify_on_setup()
#self.setup_csrx(namespace_name=namespace3_name)
hbs_config = self.verify_host_based_service(
namespace_name=namespace3_name, hbs_obj_name=hbs3_name)
assert hbs_config == True, "Host Based Service verification Passesd"
# Disable hbs on namespace1_name
#self.setup_csrx(namespace_name=namespace1_name, delete=True)
self.remove_from_cleanups(hbs1_fix.cleanUp)
self.vnc_lib.host_based_service_delete(fq_name=["default-domain"] +
["k8s-%s" % (namespace1_name)] +
[hbs1_name])
hbs_config_disabled = self.verify_host_based_service(
namespace_name=namespace1_name,
hbs_obj_name=hbs1_name,
enabled=False)
assert hbs_config_disabled, "Host Based Service verification failed, check logs"
# Again verify hbs on namespace2_name and namespace2_name
hbs_config = self.verify_host_based_service(
namespace_name=namespace2_name, hbs_obj_name=hbs2_name)
assert hbs_config == True, "Host Based Service verification Passesd"
hbs_config = self.verify_host_based_service(
namespace_name=namespace3_name, hbs_obj_name=hbs3_name)
assert hbs_config == True, "Host Based Service verification Passesd"
def setup_namespace(self,
name=None):
return self.useFixture(NamespaceFixture(
connections=self.connections,
name=name))
def test_verify_hbf_on_multiple_projects_with_non_hbf_project(self):
'''
1) Create 3 hbs namespaces verify leftvn, right vn, hbs object and csrx
2) Create 1 namespace without hbs, verify hbs is not enabled there
3) Cleanup of test case should be successful deleting all hbs objects
'''
namespace1_name = get_random_name("hbsnamespace")
namespace1_fix = self.useFixture(
NamespaceFixture(connections=self.connections,
name=namespace1_name,
isolation=True))
namespace1_fix.verify_on_setup()
hbs1_name = get_random_name("hbsobj")
hbs1_fix = self.useFixture(
HbsFixture(connections=self.connections,
name=hbs1_name,
namespace=namespace1_name))
hbs1_fix.verify_on_setup()
#self.setup_csrx(namespace_name=namespace1_name)
hbs_config = self.verify_host_based_service(
namespace_name=namespace1_name, hbs_obj_name=hbs1_name)
assert hbs_config == True, "Host Based Service verification Passesd"
namespace2_name = get_random_name("hbsnamespace")
namespace2_fix = self.useFixture(
NamespaceFixture(connections=self.connections,
name=namespace2_name,
isolation=True))
namespace2_fix.verify_on_setup()
hbs2_name = get_random_name("hbsobj")
hbs2_fix = self.useFixture(
HbsFixture(connections=self.connections,
name=hbs2_name,
namespace=namespace2_name))
hbs2_fix.verify_on_setup()
#self.setup_csrx(namespace_name=namespace2_name)
hbs_config = self.verify_host_based_service(
namespace_name=namespace2_name, hbs_obj_name=hbs2_name)
assert hbs_config == True, "Host Based Service verification Passesd"
namespace3_name = get_random_name("hbsnamespace")
namespace3_fix = self.useFixture(
NamespaceFixture(connections=self.connections,
name=namespace3_name,
isolation=True))
namespace3_fix.verify_on_setup()
hbs3_name = get_random_name("hbsobj")
hbs3_fix = self.useFixture(
HbsFixture(connections=self.connections,
name=hbs3_name,
namespace=namespace3_name))
hbs3_fix.verify_on_setup()
#self.setup_csrx(namespace_name=namespace3_name)
hbs_config = self.verify_host_based_service(
namespace_name=namespace3_name, hbs_obj_name=hbs3_name)
assert hbs_config == True, "Host Based Service verification Passesd"
namespace4_name = get_random_name("hbsnamespace")
namespace4_fix = self.useFixture(
NamespaceFixture(connections=self.connections,
name=namespace4_name,
isolation=True))
namespace4_fix.verify_on_setup()
project_obj = self.vnc_lib.project_read(
fq_name=['default-domain',
'k8s-%s' % (namespace4_name)])
hbs_obj_list = project_obj.get_host_based_services()
if hbs_obj_list:
self.logger.error(
"ERROR: Host based service objects found for %s not expected" %
(namespace4_name))
assert False
else:
self.logger.info(
"INFO: Host based service object not found for %s as expected"
% (namespace4_name))
