def test_add_user_to_project_with_project_role(self): """ 1. Create a User Account 2. Add user of an account with 'Regular' project account role associate it with a Project role; The role defines what APIs are allowed/disallowed for the user: here, 'listPublicIpAddresses' is denied for the user account 3. Execute the 'listPublicIpAddresses' API and verify/confirm that the API isn't allowed to be executed by the user """ self.useraccount = Account.create(self.apiclient, self.testdata["account"], roleid=4) self.cleanup.append(self.useraccount) # Add account to the project self.project.addUser(self.apiclient, username=self.useraccount.user[0].username, projectroleid=self.projectrole.id) Project.listAccounts(self.apiclient, projectid=self.project.id) self.userapiclient = self.testClient.getUserApiClient( UserName=self.useraccount.name, DomainName=self.useraccount.domain, type=0) try: PublicIPAddress.list(self.userapiclient, projectid=self.project.id) self.fail( "API call succeeded which is denied for the project role") except CloudstackAPIException: pass
def test_04_list_publicip_all_subdomains(self): """ A domain admin should be able to display public ip address in his domain and also all child domains Step 1: Display all public ip address in that domain and sub domain Step 2: Ensure that the count is 11 (all ip from parent domain and allocated from sub domain) Step 3: Display only the allocated Ip address Step 4: Ensure that the count is 2 Step 5: Display public ip of child domain using domain/account Step 6: Ensure that the count is 10 Step 7: Display public ip of child domain using network id Step 8: Ensure that the count is 1 as only one IP is allocated :return: """ user = self.account1.user[0] user_api_client = self.testClient.getUserApiClient( user.username, self.domain1.name) # Step 1: Display all public ip ipAddresses = PublicIPAddress.list(user_api_client, allocatedonly=False, listall=True, isrecursive=True, forvirtualnetwork=True) # Step 2: Ensure that it can display all ip from current domain and # only allocated ip from child domains self.assertEqual( len(ipAddresses), 11, "Unable to display all IP address is domain %s" % self.domain1.name) # Step 3: display only allocated ip for parent and sub domain ipAddresses = PublicIPAddress.list(user_api_client, allocatedonly=True, listall=True, isrecursive=True, forvirtualnetwork=True) # Step 4: Ensure that the count is 2 self.assertEqual( len(ipAddresses), 2, "Unable to display all allocated IP address is domain %s" % self.domain1.name) # Step 5: display ip of child domain using domainid/account ipAddresses = PublicIPAddress.list(user_api_client, allocatedonly=False, listall=True, isrecursive=True, domainid=self.sub_domain.id, account=self.sub_account.name, forvirtualnetwork=True) # Step 6: Ensure that the count is 10 self.assertEqual(len(ipAddresses), 10, "Unable to display IP address of child domain")
def test_01_list_publicip_root_domain(self): """ ROOT domain should be able to list public IP address of all sub domains Step 1: List all public ip address Step 2: Ensure that the count is greater than or equal to 30 Step 3: Display only allocated ip address Step 4: Ensure that the count is greater than or equal to 0 Step 5: Display ip address from shared networks Step 6: Ensure that the count is greater than or equal to 30 :return: """ # Step 1 ipAddresses = PublicIPAddress.list( self.apiclient, allocatedonly=False, isrecursive=True, listall=True, forvirtualnetwork=True) # Step 2 self.assertGreaterEqual( len(ipAddresses), 30, "Unable to display all public ip for ROOT domain" ) # Step 4 ipAddresses = PublicIPAddress.list( self.apiclient, allocatedonly=True, isrecursive=True, listall=True, forvirtualnetwork=True) self.assertGreaterEqual( len(ipAddresses), 0, "Unable to display all public ip for ROOT domain" ) # Step 5 ipAddresses = PublicIPAddress.list( self.apiclient, allocatedonly=False, isrecursive=True, listall=True, forvirtualnetwork=False) # Step 6 self.assertGreaterEqual( len(ipAddresses), 10, "Unable to display all public ip for ROOT domain" )
def test_06_list_publicip_user_domain(self): """ Display public ip address from shared networks 1. List public ip address of shared network as root admin 2. Ensure that it can display all public ip address 3. List public ip address of shared networks as domain admin 4. It should not return any result 5. Try to display public ip by passing network id 6. Ensure that we get exception when trying to do so :return: """ # Step 1 ipAddresses = PublicIPAddress.list( self.apiclient, allocatedonly=False, listall=True, networkid=self.guest_network.id, forvirtualnetwork=False) # Step 2 self.assertGreaterEqual( len(ipAddresses), 10, "Unable to display allocated public ip in VPC" ) user = self.account1.user[0] user_api_client = self.testClient.getUserApiClient(user.username, self.domain1.name) # Step 3 ipAddresses = PublicIPAddress.list( user_api_client, allocatedonly=False, listall=True, networkid=self.guest_network.id, forvirtualnetwork=False) # Step 4 self.assertIsNone( ipAddresses, "Unable to display allocated public ip in VPC" ) try: # Step 5 PublicIPAddress.list( user_api_client, allocatedonly=False, listall=True, associatednetworkid=self.guest_network.id, forvirtualnetwork=True) # Step 6 self.fail("Domain should not access public ip of sibling domain") except Exception as e: self.info("Got exception as expected since domain2 cant access network of domain1")
def validate_Public_IP(self, public_ip, network, static_nat=False, vm=None): """Validates the Public IP""" self.debug( "Check if the Public IP is successfully assigned to the network ?") public_ips = PublicIPAddress.list(self.api_client, id=public_ip.ipaddress.id, networkid=network.id, isstaticnat=static_nat, listall=True) self.assertEqual( isinstance(public_ips, list), True, "List public Ip for network should return a valid list") self.assertEqual( public_ips[0].ipaddress, public_ip.ipaddress.ipaddress, "List public Ip for network should list the assigned public Ip address" ) self.assertEqual(public_ips[0].state, "Allocated", "Assigned public Ip is not in the allocated state") if static_nat and vm: self.assertEqual( public_ips[0].virtualmachineid, vm.id, "Static NAT Rule not enabled for the VM using the assigned public Ip" ) self.debug("Assigned Public IP is successfully validated - %s" % public_ip.ipaddress.ipaddress)
def isIpInDesiredState(apiclient, ipaddressid, state): """ Check if the given IP is in the correct state (given) and return True/False accordingly""" retriesCount = 10 ipInDesiredState = False exceptionOccured = False exceptionMessage = "" try: while retriesCount >= 0: portableips = PublicIPAddress.list(apiclient, id=ipaddressid) assert validateList( portableips)[0] == PASS, "IPs list validation failed" if str(portableips[0].state).lower() == state: ipInDesiredState = True break retriesCount -= 1 time.sleep(60) except Exception as e: exceptionOccured = True exceptionMessage = e return [exceptionOccured, ipInDesiredState, e] if not ipInDesiredState: exceptionMessage = "Ip should be in %s state, it is in %s" %\ (state, portableips[0].state) return [False, ipInDesiredState, exceptionMessage]
def validate_PublicIPAddress(self, public_ip, network, static_nat=False, vm=None): """Validates the Public IP Address""" self.debug("Validating the assignment and state of public IP address " "- %s" % public_ip.ipaddress.ipaddress) public_ips = PublicIPAddress.list(self.api_client, id=public_ip.ipaddress.id, networkid=network.id, isstaticnat=static_nat, listall=True ) self.assertEqual(isinstance(public_ips, list), True, "List public IP for network should return a " "valid list" ) self.assertEqual(public_ips[0].ipaddress, public_ip.ipaddress.ipaddress, "List public IP for network should list the assigned " "public IP address" ) self.assertEqual(public_ips[0].state, "Allocated", "Assigned public IP is not in the allocated state" ) if static_nat and vm: self.assertEqual(public_ips[0].virtualmachineid, vm.id, "Static NAT rule is not enabled for the VM on " "the assigned public IP" ) self.debug("Successfully validated the assignment and state of public " "IP address - %s" % public_ip.ipaddress.ipaddress)
def validate_network_rules(self): """ Validate network rules """ vms = VirtualMachine.list(self.api_client, account=self.account.name, domainid=self.account.domainid, listall=True) public_ips = PublicIPAddress.list(self.api_client, account=self.account.name, domainid=self.account.domainid, listall=True) for vm, public_ip in zip(vms, public_ips): try: ssh_1 = vm.get_ssh_client( ipaddress=public_ip.ipaddress.ipaddress) self.debug("SSH into VM is successfully") self.debug( "Verifying if we can ping to outside world from VM?") # Ping to outsite world res = ssh_1.execute("ping -c 1 www.google.com") # res = 64 bytes from maa03s17-in-f20.1e100.net (74.125.236.212): # icmp_req=1 ttl=57 time=25.9 ms # --- www.l.google.com ping statistics --- # 1 packets transmitted, 1 received, 0% packet loss, time 0ms # rtt min/avg/max/mdev = 25.970/25.970/25.970/0.000 ms except Exception as e: self.fail("Failed to SSH into VM - %s, %s" % (public_ip.ipaddress.ipaddress, e)) result = str(res) self.assertEqual( result.count("1 received"), 1, "Ping to outside world from VM should be successful")
def get_free_ipaddress(self, vlanId): ipaddresses = PublicIPAddress.list(self.apiclient, vlanid=vlanId, state='Free') self.assertEqual( isinstance(ipaddresses, list), True, "List ipaddresses should return a valid response for Free ipaddresses" ) random.shuffle(ipaddresses) return ipaddresses[0].ipaddress
def test_08_add_TCP_PF_Rule_In_VPN(self): """ Test to add TCP Port Forwarding rule for specific ports(500,1701 and 4500) in VPN """ # Steps for verification # 1. Enable vpn on SourceNAT IP address # 2. Configure PF with TCP ports 500,1701 and 4500. It should be allowed # Should not conflict with UPD ports used for VPN vm_res = VirtualMachine.list(self.apiclient, id=self.virtual_machine.id, listall=True) self.assertEqual( validateList(vm_res)[0], PASS, "Failed to list virtual machine") network_id = vm_res[0].nic[0].networkid src_nat_list = PublicIPAddress.list(self.apiclient, account=self.account.name, domainid=self.account.domainid, listall=True, issourcenat=True, associatednetworkid=network_id) self.assertEqual( validateList(src_nat_list)[0], PASS, "Failed to list source nat ip address") ip = src_nat_list[0] try: vpn = Vpn.create( self.apiclient, publicipid=ip.id, account=self.account.name, domainid=self.account.domainid, ) self.assertIsNotNone(vpn, "Failed to create remote access vpn") except Exception as e: self.fail("Failed to enable vpn on SourceNAT IP with error: %s" % e) #Create PF rule with TCP ports 500,4500 and 1701 self.services['natrule']['protocol'] = "TCP" for port in [500, 4500, 1701]: self.services['natrule']['privateport'] = port self.services['natrule']['publicport'] = port try: nat = NATRule.create(self.apiclient, self.virtual_machine, self.services["natrule"], ip.id) self.assertIsNotNone( nat, "Failed to add PF rule with tcp parts matching vpn") except Exception as e: self.fail( "Creating PF rule for TCP port %s in VPN failed : %s" % (port, e)) return
def validate_network_rules(self): """ Validate network rules """ vms = VirtualMachine.list( self.api_client, account=self.account.name, domainid=self.account.domainid, listall=True ) public_ips = PublicIPAddress.list( self.api_client, account=self.account.name, domainid=self.account.domainid, listall=True ) for vm, public_ip in zip(vms, public_ips): try: ssh_1 = vm.get_ssh_client( ipaddress=public_ip.ipaddress.ipaddress) self.debug("SSH into VM is successfully") self.debug( "Verifying if we can ping to outside world from VM?") # Ping to outsite world res = ssh_1.execute("ping -c 1 www.google.com") # res = 64 bytes from maa03s17-in-f20.1e100.net (74.125.236.212): # icmp_req=1 ttl=57 time=25.9 ms # --- www.l.google.com ping statistics --- # 1 packets transmitted, 1 received, 0% packet loss, time 0ms # rtt min/avg/max/mdev = 25.970/25.970/25.970/0.000 ms except Exception as e: self.fail("Failed to SSH into VM - %s, %s" % (public_ip.ipaddress.ipaddress, e)) result = str(res) self.assertEqual( result.count("1 received"), 1, "Ping to outside world from VM should be successful" )
def validate_Public_IP(self, public_ip, network, static_nat=False, vm=None): """Validates the Public IP""" self.debug("Check if the Public IP is successfully assigned to the network ?") public_ips = PublicIPAddress.list(self.api_client, id=public_ip.ipaddress.id, networkid=network.id, isstaticnat=static_nat, listall=True ) self.assertEqual(isinstance(public_ips, list), True, "List public Ip for network should return a valid list" ) self.assertEqual(public_ips[0].ipaddress, public_ip.ipaddress.ipaddress, "List public Ip for network should list the assigned public Ip address" ) self.assertEqual(public_ips[0].state, "Allocated", "Assigned public Ip is not in the allocated state" ) if static_nat and vm: self.assertEqual(public_ips[0].virtualmachineid, vm.id, "Static NAT Rule not enabled for the VM using the assigned public Ip" ) self.debug("Assigned Public IP is successfully validated - %s" % public_ip.ipaddress.ipaddress)
def test_01_create_delete_portforwarding_fornonvpc(self): """ @summary: Test to list, create and delete Port Forwarding for IP Address associated to Non VPC network @Steps: Step1: Creating a Network for the user Step2: Associating an IP Addresses for Network Step3: Launching Virtual Machine in network created in step 2 Step4: Listing Port Forwarding Rules for the IP Address associated in Step2 Step5: Verifying that no Port Forwarding Rules are listed Step6: Creating a Port Forwarding Rule for IP Address associated in Step2 Step7: Listing Port Forwarding Rules for the IP Address associated in Step2 Step8: Verifying 1 Port Forwarding Rule is listed Step9: Deleting the Port Forwarding Rule created in Step6 Step10: Listing Port Forwarding Rules for the IP Address associated in Step2 Step11: Verifying that no Port Forwarding Rules are listed """ # Listing all the Networks's for a user list_networks_before = Network.list( self.userapiclient, listall=self.services["listall"], type="Isolated" ) # Verifying No Networks are listed self.assertIsNone( list_networks_before, "Networks listed for newly created User" ) # Listing Network Offerings network_offerings_list = NetworkOffering.list( self.apiClient, forvpc="false", guestiptype="Isolated", state="Enabled", supportedservices="SourceNat,PortForwarding", zoneid=self.zone.id ) status = validateList(network_offerings_list) self.assertEqual( PASS, status[0], "Isolated Network Offerings with sourceNat,\ PortForwarding enabled are not found" ) # Creating a network network = Network.create( self.userapiclient, self.services["network"], accountid=self.account.name, domainid=self.domain.id, networkofferingid=network_offerings_list[0].id, zoneid=self.zone.id ) self.assertIsNotNone( network, "Network creation failed" ) # Listing all the IP Addresses for a user list_ipaddresses_before = PublicIPAddress.list( self.userapiclient, listall=self.services["listall"] ) # Verifying no IP Addresses are listed self.assertIsNone( list_ipaddresses_before, "IP Addresses listed for newly created User" ) service_offering = ServiceOffering.create( self.apiClient, self.services["service_offerings"]["tiny"], ) self.services["virtual_machine"]["zoneid"] = self.zone.id vm = VirtualMachine.create( self.userapiclient, self.services["virtual_machine"], accountid=self.account.name, domainid=self.account.domainid, networkids=network.id, serviceofferingid=service_offering.id ) VirtualMachine.delete(vm, self.apiClient, expunge=True) # Associating an IP Addresses to Network created associated_ipaddress = PublicIPAddress.create( self.userapiclient, services=self.services["network"], networkid=network.id ) self.assertIsNotNone( associated_ipaddress, "Failed to Associate IP Address" ) # Listing all the IP Addresses for a user list_ipaddresses_after = PublicIPAddress.list( self.userapiclient, listall=self.services["listall"] ) status = validateList(list_ipaddresses_after) self.assertEqual( PASS, status[0], "IP Addresses Association Failed" ) # Verifying the length of the list is 2 self.assertEqual( 2, len(list_ipaddresses_after), "Number of IP Addresses associated are not matching expected" ) # Launching a Virtual Machine with above created Network vm_created = VirtualMachine.create( self.userapiclient, self.services["virtual_machine"], accountid=self.account.name, domainid=self.account.domainid, networkids=network.id, serviceofferingid=self.service_offering.id, ) self.assertIsNotNone( vm_created, "Failed to launch a VM under network created" ) self.cleanup.append(network) # Listing Virtual Machines in running state in above created network list_vms_running = VirtualMachine.list( self.userapiclient, listall=self.services["listall"], state="Running", networkid=network.id ) status = validateList(list_vms_running) self.assertEqual( PASS, status[0], "VM Created is not in Running state" ) # Verifying the length of the list is 2 self.assertEqual( 2, len(list_ipaddresses_after), "VM Created is not in Running state" ) self.assertEqual( vm_created.id, list_vms_running[0].id, "VM Created is not in Running state" ) # Listing Virtual Machines in stopped state in above created network list_vms_stopped = VirtualMachine.list( self.userapiclient, listall=self.services["listall"], state="Stopped", networkid=network.id ) # Verifying no VMs are in stopped state self.assertIsNone( list_vms_stopped, "VM Created is in stopped state" ) # Listing Port Forwarding Rules for the IP Address associated list_prtfwdrule_before = NATRule.list( self.userapiclient, listall=self.services["listall"], ipaddressid=associated_ipaddress.ipaddress.id ) # Verifying no port forwarding rules are listed self.assertIsNone( list_prtfwdrule_before, "Port Forwarding Rules listed for newly associated IP Address" ) # Creating a Port Forwarding rule portfwd_rule = NATRule.create( self.userapiclient, virtual_machine=vm_created, services=self.services["natrule"], ipaddressid=associated_ipaddress.ipaddress.id, ) self.assertIsNotNone( portfwd_rule, "Failed to create Port Forwarding Rule" ) # Verifying details of Sticky Policy created # Creating expected and actual values dictionaries expected_dict = { "ipaddressid": associated_ipaddress.ipaddress.id, "privateport": str(self.services["natrule"]["privateport"]), "publicport": str(self.services["natrule"]["publicport"]), "protocol": str(self.services["natrule"]["protocol"]).lower(), } actual_dict = { "ipaddressid": portfwd_rule.ipaddressid, "privateport": str(portfwd_rule.privateport), "publicport": str(portfwd_rule.publicport), "protocol": portfwd_rule.protocol, } portfwd_status = self.__verify_values( expected_dict, actual_dict ) self.assertEqual( True, portfwd_status, "Created Port Forward Rule details are not as expected" ) # Listing Port Forwarding Rules for the IP Address associated list_prtfwdrule_after = NATRule.list( self.userapiclient, listall=self.services["listall"], ipaddressid=associated_ipaddress.ipaddress.id ) status = validateList(list_prtfwdrule_after) self.assertEqual( PASS, status[0], "Failed to create Port Forwarding Rule" ) # Verifying the length of the list is 1 self.assertEqual( 1, len(list_prtfwdrule_after), "Failed to create Port Forwarding Rule" ) # Deleting Port Forwarding Rule portfwd_rule.delete(self.userapiclient) # Creating a Port Forwarding rule with port range portfwd_rule = NATRule.create( self.userapiclient, virtual_machine=vm_created, services=self.services["natrulerange"], ipaddressid=associated_ipaddress.ipaddress.id, ) self.assertIsNotNone( portfwd_rule, "Failed to create Port Forwarding Rule" ) # update the private port for port forwarding rule updatefwd_rule = portfwd_rule.update(self.userapiclient, portfwd_rule.id, virtual_machine=vm_created, services=self.services["updatenatrulerange"], ) # Verifying details of Sticky Policy created # Creating expected and actual values dictionaries expected_dict = { "privateport": str(self.services["updatenatrulerange"]["privateport"]), "privateendport": str(self.services["updatenatrulerange"]["privateendport"]), } actual_dict = { "privateport": str(updatefwd_rule.privateport), "privateendport": str(updatefwd_rule.privateendport), } portfwd_status = self.__verify_values( expected_dict, actual_dict ) self.assertEqual( True, portfwd_status, "Updated Port Forward Rule details are not as expected" ) # Deleting Port Forwarding Rule portfwd_rule.delete(self.userapiclient) # Listing Port Forwarding Rules for the IP Address associated list_prtfwdrule_after = NATRule.list( self.userapiclient, listall=self.services["listall"], ipaddressid=associated_ipaddress.ipaddress.id ) # Verifying no port forwarding rules are listed self.assertIsNone( list_prtfwdrule_after, "Port Forwarding Rules listed after deletion" ) # Destroying the VM Launched vm_created.delete(self.apiClient) self.cleanup.append(self.account) return
def test_08_add_TCP_PF_Rule_In_VPN(self): """ Test to add TCP Port Forwarding rule for specific ports(500,1701 and 4500) in VPN """ # Steps for verification # 1. Enable vpn on SourceNAT IP address # 2. Configure PF with TCP ports 500,1701 and 4500. It should be allowed # Should not conflict with UPD ports used for VPN vm_res = VirtualMachine.list( self.apiclient, id=self.virtual_machine.id, listall=True ) self.assertEqual( validateList(vm_res)[0], PASS, "Failed to list virtual machine" ) network_id = vm_res[0].nic[0].networkid src_nat_list = PublicIPAddress.list( self.apiclient, account=self.account.name, domainid=self.account.domainid, listall=True, issourcenat=True, associatednetworkid=network_id ) self.assertEqual( validateList(src_nat_list)[0], PASS, "Failed to list source nat ip address" ) ip = src_nat_list[0] try: vpn = Vpn.create( self.apiclient, publicipid=ip.id, account=self.account.name, domainid=self.account.domainid, ) self.assertIsNotNone( vpn, "Failed to create remote access vpn" ) except Exception as e: self.fail("Failed to enable vpn on SourceNAT IP with error: %s" % e) #Create PF rule with TCP ports 500,4500 and 1701 self.services['natrule']['protocol']="TCP" for port in [500, 4500, 1701]: self.services['natrule']['privateport'] = port self.services['natrule']['publicport'] = port try: nat = NATRule.create( self.apiclient, self.virtual_machine, self.services["natrule"], ip.id ) self.assertIsNotNone( nat, "Failed to add PF rule with tcp parts matching vpn" ) except Exception as e: self.fail("Creating PF rule for TCP port %s in VPN failed : %s" % (port, e)) return
def _test_vpc_site2site_vpn(self, vpc_offering, num_VPCs=3): # Number of VPNs (to test) is number_of_VPCs - 1 # By default test setting up 2 VPNs from VPC0, requiring total of 3 VPCs maxnumVM = num_VPCs - 1 # Create VPC i vpc_list = [] for i in range(num_VPCs): # Generate VPC (mostly subnet) info vpcservice_n = copy.deepcopy(self.services["vpcN"]) for key in vpcservice_n.keys(): vpcservice_n[key] = vpcservice_n[key].format(N=`i`) vpc_n = VPC.create( api_client=self.apiclient, services=vpcservice_n, networkDomain="vpc%d.vpn" % i, vpcofferingid=vpc_offering.id, zoneid=self.zone.id, account=self.account.name, domainid=self.domain.id ) self.assertIsNotNone(vpc_n, "VPC%d creation failed" % i) vpc_list.append(vpc_n) self.cleanup.append(vpc_n) self.logger.debug("VPC%d %s created" % (i, vpc_list[i].id)) default_acl = NetworkACLList.list(self.apiclient, name="default_allow")[0] # Create network in VPC i ntwk_list = [] for i in range(num_VPCs): # Generate network (mostly subnet) info ntwk_info_n = copy.deepcopy(self.services["network_N"]) for key in ntwk_info_n.keys(): ntwk_info_n[key] = ntwk_info_n[key].format(N=`i`) ntwk_n = Network.create( api_client=self.apiclient, services=ntwk_info_n, accountid=self.account.name, domainid=self.account.domainid, networkofferingid=self.network_offering.id, zoneid=self.zone.id, vpcid=vpc_list[i].id, aclid=default_acl.id ) self.assertIsNotNone(ntwk_n, "Network%d failed to create" % i) self.cleanup.append(ntwk_n) ntwk_list.append(ntwk_n) self.logger.debug("Network%d %s created in VPC %s" % (i, ntwk_list[i].id, vpc_list[i].id)) # Deploy a vm in network i vm_list = [] vm_n = None for i in range(num_VPCs): vm_n = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"], templateid=self.template.id, zoneid=self.zone.id, accountid=self.account.name, domainid=self.account.domainid, serviceofferingid=self.virtual_machine_offering.id, networkids=[ntwk_list[i].id], hypervisor=self.hypervisor, mode='advanced' if (i == 0) or (i == maxnumVM) else 'default' ) self.assertIsNotNone(vm_n, "VM%d failed to deploy" % i) self.cleanup.append(vm_n) vm_list.append(vm_n) self.logger.debug("VM%d %s deployed in VPC %s" % (i, vm_list[i].id, vpc_list[i].id)) self.assertEquals(vm_n.state, 'Running', "VM%d is not running" % i) # 4) Enable Site-to-Site VPN for VPC vpn_response_list = [] for i in range(num_VPCs): vpn_response = Vpn.createVpnGateway(self.apiclient, vpc_list[i].id) self.assertIsNotNone(vpn_response, "Failed to enable VPN Gateway %d" % i) vpn_response_list.append(vpn_response) self.logger.debug("VPN gateway for VPC%d %s enabled" % (i, vpc_list[i].id)) # 5) Add VPN Customer gateway info vpn_cust_gw_list = [] services = self.services["vpncustomergateway"] for i in range(num_VPCs): src_nat_list = PublicIPAddress.list( self.apiclient, account=self.account.name, domainid=self.account.domainid, listall=True, issourcenat=True, vpcid=vpc_list[i].id ) ip = src_nat_list[0] customer_response = VpnCustomerGateway.create(self.apiclient, services, "Peer VPC" + `i`, ip.ipaddress, vpc_list[i].cidr, self.account.name, self.domain.id) self.cleanup.insert(0, customer_response) # this has to be cleaned up after the VPCs have been destroyed (due to client connectionsonections) vpn_cust_gw_list.append(customer_response) self.logger.debug("VPN customer gateway added for VPC%d %s enabled" % (i, vpc_list[i].id)) # Before the next step ensure the last VPC is up and running # Routers in the right state? self.assertEqual(self.routers_in_right_state(vpcid=vpc_list[maxnumVM].id), True, "Check whether the routers are in the right state.") # 6) Connect VPCi with VPC0 for i in range(num_VPCs)[1:]: passiveVpn = Vpn.createVpnConnection(self.apiclient, vpn_cust_gw_list[0].id, vpn_response_list[i]['id'], True) self.logger.debug("VPN passive connection created for VPC%d %s" % (i, vpc_list[i].id)) vpnconn2_response = Vpn.createVpnConnection(self.apiclient, vpn_cust_gw_list[i].id, vpn_response_list[0]['id']) self.logger.debug("VPN connection created for VPC%d %s" % (0, vpc_list[0].id)) self.assertEqual(vpnconn2_response['state'], "Connected", "Failed to connect between VPCs 0 and %d!" % i) self.logger.debug("VPN connected between VPC0 and VPC%d" % i) time.sleep(15) self.logger.debug("Resetting VPN connection with id %s" % (passiveVpn['id'])) Vpn.resetVpnConnection(self.apiclient, passiveVpn['id']) # Ping to put tunnel up ssh_client = vm_list[0].get_ssh_client(retries=10) self.assertIsNotNone(ssh_client, "Failed to setup SSH to VM0") if ssh_client: # run ping test for i in range(num_VPCs)[1:]: packet_loss = ssh_client.execute("/bin/ping -c 3 -t 10 " + vm_list[i].nic[0].ipaddress)[0] self.logger.debug("Ping from vm0 to vm%d to make sure tunnel is up." % i) else: self.fail("Failed to setup ssh connection to %s" % vm_list[0].public_ip) self.logger.debug("Waiting for the VPN with id %s to connect" % (passiveVpn['id'])) max_retries = 30 retries = 0 while retries < max_retries: vpnconn2_response = Vpn.listVpnConnection(self.apiclient, listall=True, id=passiveVpn['id']) if len(vpnconn2_response) > 0 and vpnconn2_response[0].state.lower() == 'connected': break retries += 1 time.sleep(2) self.assertLess(retries, max_retries, "Failed to reconnect VPN with id %s" % (passiveVpn['id'])) # First the last VM # setup ssh connection to vm maxnumVM self.logger.debug("Setup SSH connection to last VM created (%d) to ensure availability for ping tests" % maxnumVM) ssh_max_client = vm_list[maxnumVM].get_ssh_client(retries=20) self.assertIsNotNone(ssh_max_client, "Failed to setup SSH to last VM created (%d)" % maxnumVM) self.logger.debug("Setup SSH connection to first VM created (0) to ensure availability for ping tests") ssh_client = vm_list[0].get_ssh_client(retries=10) self.assertIsNotNone(ssh_client, "Failed to setup SSH to VM0") if ssh_client: # run ping test for i in range(num_VPCs)[1:]: packet_loss = ssh_client.execute( "/bin/ping -c 3 -t 10 " + vm_list[i].nic[0].ipaddress + " |grep packet|cut -d ' ' -f 7| cut -f1 -d'%'")[0] self.assertEquals(int(packet_loss), 0, " Ping towards vm" + `i` + " did not succeed") self.logger.debug("SUCCESS! Ping from vm0 to vm%d succeeded." % i) else: self.fail("Failed to setup ssh connection to %s" % vm_list[0].public_ip) return
def test_01_firewall_rules_port_fw(self): """"Checking firewall rules deletion after static NAT disable""" # Validate the following: #1. Enable static NAT for a VM #2. Open up some ports. At this point there will be new rows in the # firewall_rules table. #3. Disable static NAT for the VM. #4. Check fire wall rules are deleted from firewall_rules table. public_ip = self.public_ip.ipaddress # Enable Static NAT for VM StaticNATRule.enable( self.apiclient, public_ip.id, self.virtual_machine.id ) self.debug("Enabled static NAT for public IP ID: %s" % public_ip.id) #Create Static NAT rule, in fact it's firewall rule nat_rule = StaticNATRule.create( self.apiclient, self.services["firewall_rule"], public_ip.id ) self.debug("Created Static NAT rule for public IP ID: %s" % public_ip.id) self.debug("Checking IP address") ip_response = PublicIPAddress.list( self.apiclient, id = public_ip.id ) self.assertEqual( isinstance(ip_response, list), True, "Check ip response returns a valid list" ) self.assertNotEqual( len(ip_response), 0, "Check static NAT Rule is created" ) self.assertTrue( ip_response[0].isstaticnat, "IP is not static nat enabled" ) self.assertEqual( ip_response[0].virtualmachineid, self.virtual_machine.id, "IP is not binding with the VM" ) self.debug("Checking Firewall rule") firewall_response = FireWallRule.list( self.apiclient, ipaddressid = public_ip.id, listall = True ) self.assertEqual( isinstance(firewall_response, list), True, "Check firewall response returns a valid list" ) self.assertNotEqual( len(firewall_response), 0, "Check firewall rule is created" ) self.assertEqual( firewall_response[0].state, "Active", "Firewall rule is not active" ) self.assertEqual( firewall_response[0].ipaddressid, public_ip.id, "Firewall rule is not static nat related" ) self.assertEqual( firewall_response[0].startport, str(self.services["firewall_rule"]["startport"]), "Firewall rule is not with specific port" ) self.debug("Removed the firewall rule") nat_rule.delete(self.apiclient) self.debug("Checking IP address, it should still existed") ip_response = PublicIPAddress.list( self.apiclient, id = public_ip.id ) self.assertEqual( isinstance(ip_response, list), True, "Check ip response returns a valid list" ) self.assertNotEqual( len(ip_response), 0, "Check static NAT Rule is created" ) self.assertTrue( ip_response[0].isstaticnat, "IP is not static nat enabled" ) self.assertEqual( ip_response[0].virtualmachineid, self.virtual_machine.id, "IP is not binding with the VM" ) self.debug("Checking Firewall rule, it should be removed") firewall_response = FireWallRule.list( self.apiclient, ipaddressid = public_ip.id, listall = True ) self.assertEqual( isinstance(firewall_response, list), True, "Check firewall response returns a valid list" ) if len(firewall_response) != 0 : self.assertEqual( firewall_response[0].state, "Deleting", "Firewall rule should be deleted or in deleting state" ) return
def test_vpc_site2site_vpn(self): """Test VPN in VPC""" # 0) Get the default network offering for VPC networkOffering = NetworkOffering.list( self.apiclient, name="DefaultIsolatedNetworkOfferingForVpcNetworks") self.assert_(networkOffering is not None and len(networkOffering) > 0, "No VPC based network offering") # 1) Create VPC offering vpcOffering = VpcOffering.list(self.apiclient, isdefault=True) self.assert_(vpcOffering is not None and len(vpcOffering) > 0, "No VPC offerings found") # Create VPC 1 try: vpc1 = VPC.create(apiclient=self.apiclient, services=self.services["vpc"], networkDomain="vpc1.vpn", vpcofferingid=vpcOffering[0].id, zoneid=self.zone.id, account=self.account.name, domainid=self.domain.id) except Exception as e: self.fail(e) finally: self.assert_(vpc1 is not None, "VPC1 creation failed") self.logger.debug("VPC1 %s created" % (vpc1.id)) # Create VPC 2 try: vpc2 = VPC.create(apiclient=self.apiclient, services=self.services["vpc2"], networkDomain="vpc2.vpn", vpcofferingid=vpcOffering[0].id, zoneid=self.zone.id, account=self.account.name, domainid=self.account.domainid) except Exception as e: self.fail(e) finally: self.assert_(vpc2 is not None, "VPC2 creation failed") self.logger.debug("VPC2 %s created" % (vpc2.id)) default_acl = NetworkACLList.list(self.apiclient, name="default_allow")[0] # Create network in VPC 1 try: ntwk1 = Network.create(apiclient=self.apiclient, services=self.services["network_1"], accountid=self.account.name, domainid=self.account.domainid, networkofferingid=networkOffering[0].id, zoneid=self.zone.id, vpcid=vpc1.id, aclid=default_acl.id) except Exception as e: self.fail(e) finally: self.assertIsNotNone(ntwk1, "Network failed to create") self.logger.debug("Network %s created in VPC %s" % (ntwk1.id, vpc1.id)) # Create network in VPC 2 try: ntwk2 = Network.create(apiclient=self.apiclient, services=self.services["network_2"], accountid=self.account.name, domainid=self.account.domainid, networkofferingid=networkOffering[0].id, zoneid=self.zone.id, vpcid=vpc2.id, aclid=default_acl.id) except Exception as e: self.fail(e) finally: self.assertIsNotNone(ntwk2, "Network failed to create") self.logger.debug("Network %s created in VPC %s" % (ntwk2.id, vpc2.id)) # Deploy a vm in network 2 try: vm1 = VirtualMachine.create( self.apiclient, services=self.services["virtual_machine"], templateid=self.template.id, zoneid=self.zone.id, accountid=self.account.name, domainid=self.account.domainid, serviceofferingid=self.service_offering.id, networkids=ntwk1.id, hypervisor=self.services["virtual_machine"]["hypervisor"]) except Exception as e: self.fail(e) finally: self.assert_(vm1 is not None, "VM failed to deploy") self.assert_(vm1.state == 'Running', "VM is not running") self.logger.debug("VM %s deployed in VPC %s" % (vm1.id, vpc1.id)) # Deploy a vm in network 2 try: vm2 = VirtualMachine.create( self.apiclient, services=self.services["virtual_machine"], templateid=self.template.id, zoneid=self.zone.id, accountid=self.account.name, domainid=self.account.domainid, serviceofferingid=self.service_offering.id, networkids=ntwk2.id, hypervisor=self.services["virtual_machine"]["hypervisor"]) except Exception as e: self.fail(e) finally: self.assert_(vm2 is not None, "VM failed to deploy") self.assert_(vm2.state == 'Running', "VM is not running") self.debug("VM %s deployed in VPC %s" % (vm2.id, vpc2.id)) # 4) Enable Site-to-Site VPN for VPC vpn1_response = Vpn.createVpnGateway(self.apiclient, vpc1.id) self.assert_(vpn1_response is not None, "Failed to enable VPN Gateway 1") self.logger.debug("VPN gateway for VPC %s enabled" % vpc1.id) vpn2_response = Vpn.createVpnGateway(self.apiclient, vpc2.id) self.assert_(vpn2_response is not None, "Failed to enable VPN Gateway 2") self.logger.debug("VPN gateway for VPC %s enabled" % vpc2.id) # 5) Add VPN Customer gateway info src_nat_list = PublicIPAddress.list(self.apiclient, account=self.account.name, domainid=self.account.domainid, listall=True, issourcenat=True, vpcid=vpc1.id) ip1 = src_nat_list[0] src_nat_list = PublicIPAddress.list(self.apiclient, account=self.account.name, domainid=self.account.domainid, listall=True, issourcenat=True, vpcid=vpc2.id) ip2 = src_nat_list[0] services = self.services["vpncustomergateway"] customer1_response = VpnCustomerGateway.create( self.apiclient, services, "Peer VPC1", ip1.ipaddress, vpc1.cidr, self.account.name, self.domain.id) self.debug("VPN customer gateway added for VPC %s enabled" % vpc1.id) self.logger.debug(vars(customer1_response)) customer2_response = VpnCustomerGateway.create( self.apiclient, services, "Peer VPC2", ip2.ipaddress, vpc2.cidr, self.account.name, self.domain.id) self.debug("VPN customer gateway added for VPC %s enabled" % vpc2.id) self.logger.debug(vars(customer2_response)) # 6) Connect two VPCs vpnconn1_response = Vpn.createVpnConnection(self.apiclient, customer1_response.id, vpn2_response['id'], True) self.debug("VPN passive connection created for VPC %s" % vpc2.id) vpnconn2_response = Vpn.createVpnConnection(self.apiclient, customer2_response.id, vpn1_response['id']) self.debug("VPN connection created for VPC %s" % vpc1.id) self.assertEqual(vpnconn2_response['state'], "Connected", "Failed to connect between VPCs!") # acquire an extra ip address to use to ssh into vm2 try: vm2.public_ip = PublicIPAddress.create( apiclient=self.apiclient, accountid=self.account.name, zoneid=self.zone.id, domainid=self.account.domainid, services=self.services, networkid=ntwk2.id, vpcid=vpc2.id) except Exception as e: self.fail(e) finally: self.assert_(vm2.public_ip is not None, "Failed to aqcuire public ip for vm2") # Create port forward to be able to ssh into vm2 try: natrule = self.create_natrule(vpc2, vm2, 22, 22, vm2.public_ip, ntwk2) except Exception as e: self.fail(e) finally: self.assert_(natrule is not None, "Failed to create portforward for vm2") time.sleep(10) # setup ssh connection to vm2 ssh_client = self.get_ssh_client(vm2, self.services, 10) if ssh_client: # run ping test packet_loss = ssh_client.execute( "/bin/ping -c 3 -t 10 " + vm1.nic[0].ipaddress + " |grep packet|cut -d ' ' -f 7| cut -f1 -d'%'")[0] self.assert_(int(packet_loss) == 0, "Ping did not succeed") else: self.fail("Failed to setup ssh connection to %s" % vm2.public_ip)
def test_forceDeleteDomain(self): """ Test delete domain with force option""" # Steps for validations # 1. create a domain DOM # 2. create 2 users under this domain # 3. deploy 1 VM into each of these user accounts # 4. create PF / FW rules for port 22 on these VMs for their # respective accounts # 5. delete the domain with force=true option # Validate the following # 1. listDomains should list the created domain # 2. listAccounts should list the created accounts # 3. listvirtualmachines should show the Running VMs # 4. PF and FW rules should be shown in listFirewallRules # 5. domain should delete successfully and above three list calls # should show all the resources now deleted. listRouters should # not return any routers in the deleted accounts/domains self.debug("Creating a domain for login with API domain test") domain = Domain.create( self.apiclient, self.services["domain"], parentdomainid=self.domain.id ) self.debug("Domain is created succesfully.") self.debug( "Checking if the created domain is listed in list domains API") domains = Domain.list(self.apiclient, id=domain.id, listall=True) self.assertEqual( isinstance(domains, list), True, "List domains shall return a valid response" ) self.debug("Creating 2 user accounts in domain: %s" % domain.name) self.account_1 = Account.create( self.apiclient, self.services["account"], domainid=domain.id ) self.account_2 = Account.create( self.apiclient, self.services["account"], domainid=domain.id ) try: self.debug("Creating a tiny service offering for VM deployment") self.service_offering = ServiceOffering.create( self.apiclient, self.services["service_offering"], domainid=self.domain.id ) self.debug("Deploying virtual machine in account 1: %s" % self.account_1.name) vm_1 = VirtualMachine.create( self.apiclient, self.services["virtual_machine"], templateid=self.template.id, accountid=self.account_1.name, domainid=self.account_1.domainid, serviceofferingid=self.service_offering.id ) self.debug("Deploying virtual machine in account 2: %s" % self.account_2.name) VirtualMachine.create( self.apiclient, self.services["virtual_machine"], templateid=self.template.id, accountid=self.account_2.name, domainid=self.account_2.domainid, serviceofferingid=self.service_offering.id ) networks = Network.list( self.apiclient, account=self.account_1.name, domainid=self.account_1.domainid, listall=True ) self.assertEqual( isinstance(networks, list), True, "List networks should return a valid response" ) network_1 = networks[0] self.debug("Default network in account 1: %s is %s" % ( self.account_1.name, network_1.name)) src_nat_list = PublicIPAddress.list( self.apiclient, associatednetworkid=network_1.id, account=self.account_1.name, domainid=self.account_1.domainid, listall=True, issourcenat=True, ) self.assertEqual( isinstance(src_nat_list, list), True, "List Public IP should return a valid source NAT" ) self.assertNotEqual( len(src_nat_list), 0, "Length of response from listPublicIp should not be 0" ) src_nat = src_nat_list[0] self.debug( "Trying to create a port forwarding rule in source NAT: %s" % src_nat.ipaddress) #Create NAT rule nat_rule = NATRule.create( self.apiclient, vm_1, self.services["natrule"], ipaddressid=src_nat.id ) self.debug("Created PF rule on source NAT: %s" % src_nat.ipaddress) nat_rules = NATRule.list(self.apiclient, id=nat_rule.id) self.assertEqual( isinstance(nat_rules, list), True, "List NAT should return a valid port forwarding rules" ) self.assertNotEqual( len(nat_rules), 0, "Length of response from listLbRules should not be 0" ) except Exception as e: self._cleanup.append(self.account_1) self._cleanup.append(self.account_2) self.fail(e) self.debug("Deleting domain with force option") try: domain.delete(self.apiclient, cleanup=True) except Exception as e: self.debug("Waiting for account.cleanup.interval" + " to cleanup any remaining resouces") # Sleep 3*account.gc to ensure that all resources are deleted wait_for_cleanup(self.apiclient, ["account.cleanup.interval"]*3) with self.assertRaises(CloudstackAPIException): Domain.list( self.apiclient, id=domain.id, listall=True ) self.debug("Checking if the resources in domain are deleted") with self.assertRaises(CloudstackAPIException): Account.list( self.apiclient, name=self.account_1.name, domainid=self.account_1.domainid, listall=True ) return
def test_01_redundant_vpc_site2site_vpn(self): """Test Site 2 Site VPN Across redundant VPCs""" self.logger.debug("Starting test: test_02_redundant_vpc_site2site_vpn") # 0) Get the default network offering for VPC networkOffering = NetworkOffering.list( self.apiclient, name="DefaultIsolatedNetworkOfferingForVpcNetworks") self.assert_(networkOffering is not None and len( networkOffering) > 0, "No VPC based network offering") # Create and enable redundant VPC offering redundant_vpc_offering = self._create_vpc_offering( 'redundant_vpc_offering') self.assert_(redundant_vpc_offering is not None, "Failed to create redundant VPC Offering") redundant_vpc_offering.update(self.apiclient, state='Enabled') # Create VPC 1 vpc1 = None try: vpc1 = VPC.create( apiclient=self.apiclient, services=self.services["vpc"], networkDomain="vpc1.vpn", vpcofferingid=redundant_vpc_offering.id, zoneid=self.zone.id, account=self.account.name, domainid=self.domain.id ) except Exception as e: self.fail(e) finally: self.assert_(vpc1 is not None, "VPC1 creation failed") self.logger.debug("VPC1 %s created" % vpc1.id) # Create VPC 2 vpc2 = None try: vpc2 = VPC.create( apiclient=self.apiclient, services=self.services["vpc2"], networkDomain="vpc2.vpn", vpcofferingid=redundant_vpc_offering.id, zoneid=self.zone.id, account=self.account.name, domainid=self.account.domainid ) except Exception as e: self.fail(e) finally: self.assert_(vpc2 is not None, "VPC2 creation failed") self.logger.debug("VPC2 %s created" % vpc2.id) default_acl = NetworkACLList.list( self.apiclient, name="default_allow")[0] # Create network in VPC 1 ntwk1 = None try: ntwk1 = Network.create( apiclient=self.apiclient, services=self.services["network_1"], accountid=self.account.name, domainid=self.account.domainid, networkofferingid=networkOffering[0].id, zoneid=self.zone.id, vpcid=vpc1.id, aclid=default_acl.id ) except Exception as e: self.fail(e) finally: self.assertIsNotNone(ntwk1, "Network failed to create") self.logger.debug("Network %s created in VPC %s" % (ntwk1.id, vpc1.id)) # Create network in VPC 2 ntwk2 = None try: ntwk2 = Network.create( apiclient=self.apiclient, services=self.services["network_2"], accountid=self.account.name, domainid=self.account.domainid, networkofferingid=networkOffering[0].id, zoneid=self.zone.id, vpcid=vpc2.id, aclid=default_acl.id ) except Exception as e: self.fail(e) finally: self.assertIsNotNone(ntwk2, "Network failed to create") self.logger.debug("Network %s created in VPC %s" % (ntwk2.id, vpc2.id)) # Deploy a vm in network 2 vm1 = None try: vm1 = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"], templateid=self.template.id, zoneid=self.zone.id, accountid=self.account.name, domainid=self.account.domainid, serviceofferingid=self.compute_offering.id, networkids=ntwk1.id, hypervisor=self.hypervisor ) except Exception as e: self.fail(e) finally: self.assert_(vm1 is not None, "VM failed to deploy") self.assert_(vm1.state == 'Running', "VM is not running") self.logger.debug("VM %s deployed in VPC %s" % (vm1.id, vpc1.id)) # Deploy a vm in network 2 vm2 = None try: vm2 = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"], templateid=self.template.id, zoneid=self.zone.id, accountid=self.account.name, domainid=self.account.domainid, serviceofferingid=self.compute_offering.id, networkids=ntwk2.id, hypervisor=self.hypervisor ) except Exception as e: self.fail(e) finally: self.assert_(vm2 is not None, "VM failed to deploy") self.assert_(vm2.state == 'Running', "VM is not running") self.debug("VM %s deployed in VPC %s" % (vm2.id, vpc2.id)) # 4) Enable Site-to-Site VPN for VPC vpn1_response = Vpn.createVpnGateway(self.apiclient, vpc1.id) self.assert_( vpn1_response is not None, "Failed to enable VPN Gateway 1") self.logger.debug("VPN gateway for VPC %s enabled" % vpc1.id) vpn2_response = Vpn.createVpnGateway(self.apiclient, vpc2.id) self.assert_( vpn2_response is not None, "Failed to enable VPN Gateway 2") self.logger.debug("VPN gateway for VPC %s enabled" % vpc2.id) # 5) Add VPN Customer gateway info src_nat_list = PublicIPAddress.list( self.apiclient, account=self.account.name, domainid=self.account.domainid, listall=True, issourcenat=True, vpcid=vpc1.id ) ip1 = src_nat_list[0] src_nat_list = PublicIPAddress.list( self.apiclient, account=self.account.name, domainid=self.account.domainid, listall=True, issourcenat=True, vpcid=vpc2.id ) ip2 = src_nat_list[0] services = self.services["vpncustomergateway"] customer1_response = VpnCustomerGateway.create( self.apiclient, services, "Peer VPC1", ip1.ipaddress, vpc1.cidr, self.account.name, self.domain.id) self.debug("VPN customer gateway added for VPC %s enabled" % vpc1.id) self.logger.debug(vars(customer1_response)) customer2_response = VpnCustomerGateway.create( self.apiclient, services, "Peer VPC2", ip2.ipaddress, vpc2.cidr, self.account.name, self.domain.id) self.debug("VPN customer gateway added for VPC %s enabled" % vpc2.id) self.logger.debug(vars(customer2_response)) # 6) Connect two VPCs vpnconn1_response = Vpn.createVpnConnection( self.apiclient, customer1_response.id, vpn2_response['id'], True) self.debug("VPN passive connection created for VPC %s" % vpc2.id) vpnconn2_response = Vpn.createVpnConnection( self.apiclient, customer2_response.id, vpn1_response['id']) self.debug("VPN connection created for VPC %s" % vpc1.id) self.assertEqual( vpnconn2_response['state'], "Connected", "Failed to connect between VPCs!") # acquire an extra ip address to use to ssh into vm2 try: vm2.public_ip = PublicIPAddress.create( apiclient=self.apiclient, accountid=self.account.name, zoneid=self.zone.id, domainid=self.account.domainid, services=self.services, networkid=ntwk2.id, vpcid=vpc2.id) except Exception as e: self.fail(e) finally: self.assert_( vm2.public_ip is not None, "Failed to aqcuire public ip for vm2") # Create port forward to be able to ssh into vm2 natrule = None try: natrule = self._create_natrule( vpc2, vm2, 22, 22, vm2.public_ip, ntwk2) except Exception as e: self.fail(e) finally: self.assert_( natrule is not None, "Failed to create portforward for vm2") time.sleep(20) # setup ssh connection to vm2 ssh_client = self._get_ssh_client(vm2, self.services, 10) if ssh_client: # run ping test packet_loss = ssh_client.execute( "/bin/ping -c 3 -t 10 " + vm1.nic[0].ipaddress + " |grep packet|cut -d ' ' -f 7| cut -f1 -d'%'")[0] self.assert_(int(packet_loss) == 0, "Ping did not succeed") else: self.fail("Failed to setup ssh connection to %s" % vm2.public_ip)
def test_02_network_off_with_conserve_mode(self): """Test Network offering with Conserve mode ON and VR - All services """ # Validate the following # 1. Create a Network from the above network offering and deploy a VM. # 2. On source NAT ipaddress, we should be allowed to add a LB rules # 3. On source NAT ipaddress, we should be allowed to add a PF rules # 4. On source NAT ipaddress, we should be allowed to add a Firewall # rules # 5. On an ipaddress that has Lb rules, we should be allowed to # program PF rules. # 6. We should be allowed to program multiple PF rules on the same Ip # address on different public ports. # 7. We should be allowed to program multiple LB rules on the same Ip # address for different public port ranges. # 8. On source NAT ipaddress, we should be allowed to Enable VPN # access. # Create a network offering with all virtual router services enabled self.debug( "Creating n/w offering with all services in VR & conserve mode:off" ) self.network_offering = NetworkOffering.create( self.api_client, self.services["network_offering"], conservemode=True ) self.cleanup.append(self.network_offering) self.debug("Created n/w offering with ID: %s" % self.network_offering.id) # Enable Network offering self.network_offering.update(self.apiclient, state='Enabled') # Creating network using the network offering created self.debug("Creating network with network offering: %s" % self.network_offering.id) self.network = Network.create( self.apiclient, self.services["network"], accountid=self.account.name, domainid=self.account.domainid, networkofferingid=self.network_offering.id, zoneid=self.zone.id ) self.debug("Created network with ID: %s" % self.network.id) self.debug("Deploying VM in account: %s" % self.account.name) # Spawn an instance in that network virtual_machine = VirtualMachine.create( self.apiclient, self.services["virtual_machine"], accountid=self.account.name, domainid=self.account.domainid, serviceofferingid=self.service_offering.id, networkids=[str(self.network.id)] ) self.debug("Deployed VM in network: %s" % self.network.id) src_nat_list = PublicIPAddress.list( self.apiclient, associatednetworkid=self.network.id, account=self.account.name, domainid=self.account.domainid, listall=True, issourcenat=True, ) self.assertEqual( isinstance(src_nat_list, list), True, "List Public IP should return a valid source NAT" ) self.assertNotEqual( len(src_nat_list), 0, "Length of response from listPublicIp should not be 0" ) src_nat = src_nat_list[0] self.debug("Trying to create LB rule on source NAT IP: %s" % src_nat.ipaddress) # Create Load Balancer rule with source NAT lb_rule = LoadBalancerRule.create( self.apiclient, self.services["lbrule"], ipaddressid=src_nat.id, accountid=self.account.name ) self.debug("Created LB rule on source NAT: %s" % src_nat.ipaddress) lb_rules = LoadBalancerRule.list( self.apiclient, id=lb_rule.id ) self.assertEqual( isinstance(lb_rules, list), True, "List lb rules should return a valid lb rules" ) self.assertNotEqual( len(lb_rules), 0, "Length of response from listLbRules should not be 0" ) self.debug( "Trying to create a port forwarding rule in source NAT: %s" % src_nat.ipaddress) #Create NAT rule nat_rule = NATRule.create( self.apiclient, virtual_machine, self.services["natrule"], ipaddressid=src_nat.id ) self.debug("Created PF rule on source NAT: %s" % src_nat.ipaddress) nat_rules = NATRule.list( self.apiclient, id=nat_rule.id ) self.assertEqual( isinstance(nat_rules, list), True, "List NAT should return a valid port forwarding rules" ) self.assertNotEqual( len(nat_rules), 0, "Length of response from listLbRules should not be 0" ) self.debug("Creating firewall rule on source NAT: %s" % src_nat.ipaddress) #Create Firewall rule on source NAT fw_rule = FireWallRule.create( self.apiclient, ipaddressid=src_nat.id, protocol='TCP', cidrlist=[self.services["fw_rule"]["cidr"]], startport=self.services["fw_rule"]["startport"], endport=self.services["fw_rule"]["endport"] ) self.debug("Created firewall rule: %s" % fw_rule.id) fw_rules = FireWallRule.list( self.apiclient, id=fw_rule.id ) self.assertEqual( isinstance(fw_rules, list), True, "List fw rules should return a valid firewall rules" ) self.assertNotEqual( len(fw_rules), 0, "Length of fw rules response should not be zero" ) self.debug("Associating public IP for network: %s" % self.network.id) public_ip = PublicIPAddress.create( self.apiclient, accountid=self.account.name, zoneid=self.zone.id, domainid=self.account.domainid, networkid=self.network.id ) self.debug("Associated %s with network %s" % ( public_ip.ipaddress, self.network.id )) self.debug("Creating PF rule for IP address: %s" % public_ip.ipaddress) NATRule.create( self.apiclient, virtual_machine, self.services["natrule"], ipaddressid=public_ip.ipaddress.id ) self.debug("Trying to create LB rule on IP with NAT: %s" % public_ip.ipaddress) # Create Load Balancer rule on IP already having NAT rule lb_rule = LoadBalancerRule.create( self.apiclient, self.services["lbrule"], ipaddressid=public_ip.ipaddress.id, accountid=self.account.name ) self.debug("Creating PF rule with public port: 66") nat_rule = NATRule.create( self.apiclient, virtual_machine, self.services["natrule_port_66"], ipaddressid=public_ip.ipaddress.id ) # Check if NAT rule created successfully nat_rules = NATRule.list( self.apiclient, id=nat_rule.id ) self.assertEqual( isinstance(nat_rules, list), True, "List NAT rules should return valid list" ) self.debug("Creating LB rule with public port: 2221") lb_rule = LoadBalancerRule.create( self.apiclient, self.services["lbrule_port_2221"], ipaddressid=public_ip.ipaddress.id, accountid=self.account.name ) # Check if NAT rule created successfully lb_rules = LoadBalancerRule.list( self.apiclient, id=lb_rule.id ) self.assertEqual( isinstance(lb_rules, list), True, "List LB rules should return valid list" ) # User should be able to enable VPN on source NAT self.debug("Created VPN with source NAT IP: %s" % src_nat.ipaddress) # Assign VPN to source NAT Vpn.create( self.apiclient, src_nat.id, account=self.account.name, domainid=self.account.domainid ) vpns = Vpn.list( self.apiclient, publicipid=src_nat.id, listall=True, ) self.assertEqual( isinstance(vpns, list), True, "List VPNs should return a valid VPN list" ) self.assertNotEqual( len(vpns), 0, "Length of list VPN response should not be zero" ) return
def test_vpc_network_bcf(self): """Test VPC workflow with BigSwitch BCF plugin 1. Create a VPC with three networks 2. Create one VM on each of the three networks 3. Add firewall rule to make virtual router pingable 4. Test ping to virtual router public IP 5. Add static NAT to vm_1, with firewall rule to allow ssh 6. Add NAT rule to allow ping between net1 and net2 7. Ssh to vm_1, ping vm_2 private address, should succeed 8. continue ... ping vm_3 private address, should fail 9. continue ... ping Internet, should succeed """ self.debug("STEP 1: Creating VPC with VPC offering: %s" % self.vpc_offering.id) vpc = VPC.create( self.apiclient, self.services["vpc"], accountid=self.account.name, domainid=self.account.domainid, vpcofferingid=self.vpc_offering.id, zoneid=self.zone.id ) self.debug("Created VPC with ID: %s" % self.vpc.id) # Creating network using the vpc network offering created self.debug("Creating networks with vpc network offering: %s" % self.vpc_network_offering.id) net1 = Network.create( self.apiclient, self.services["vpc_network"], accountid=self.account.name, domainid=self.account.domainid, networkofferingid=self.vpc_network_offering.id, zoneid=self.zone.id, gateway="10.0.100.1", vpcid=vpc.id ) self.debug("Created network with ID: %s" % net1.id) net2 = Network.create( self.apiclient, self.services["vpc_network"], accountid=self.account.name, domainid=self.account.domainid, networkofferingid=self.vpc_network_offering.id, zoneid=self.zone.id, gateway="10.0.101.1", vpcid=vpc.id ) self.debug("Created network with ID: %s" % net2.id) net3 = Network.create( self.apiclient, self.services["vpc_network"], accountid=self.account.name, domainid=self.account.domainid, networkofferingid=self.vpc_network_offering.id, zoneid=self.zone.id, gateway="10.0.102.0", vpcid=vpc.id ) self.debug("Created network with ID: %s" % net3.id) self.debug("STEP 2: Deploying VMs in networks") vm_1 = VirtualMachine.create( self.apiclient, self.services["virtual_machine"], accountid=self.account.name, domainid=self.account.domainid, serviceofferingid=self.service_offering.id, networkids=[ str(net1.id), ] ) self.debug("Deployed VM in network: %s" % net1.id) list_vm_response = VirtualMachine.list( self.apiclient, id=vm_1.id ) self.debug( "Verify listVirtualMachines response for virtual machine: %s" \ % vm_1.id ) self.assertEqual( isinstance(list_vm_response, list), True, "Check list response returns a valid list" ) vm_response = list_vm_response[0] self.assertEqual( vm_response.state, "Running", "VM state should be running after deployment" ) vm_2 = VirtualMachine.create( self.apiclient, self.services["virtual_machine"], accountid=self.account.name, domainid=self.account.domainid, serviceofferingid=self.service_offering.id, networkids=[ str(net2.id), ] ) self.debug("Deployed VM in network: %s" % net2.id) list_vm_response = VirtualMachine.list( self.apiclient, id=vm_2.id ) self.debug( "Verify listVirtualMachines response for virtual machine: %s" \ % vm_2.id ) self.assertEqual( isinstance(list_vm_response, list), True, "Check list response returns a valid list" ) vm_response = list_vm_response[0] self.assertEqual( vm_response.state, "Running", "VM state should be running after deployment" ) vm_3 = VirtualMachine.create( self.apiclient, self.services["virtual_machine"], accountid=self.account.name, domainid=self.account.domainid, serviceofferingid=self.service_offering.id, networkids=[ str(net3.id), ] ) self.debug("Deployed VM in network: %s" % net3.id) list_vm_response = VirtualMachine.list( self.apiclient, id=vm_3.id ) self.debug( "Verify listVirtualMachines response for virtual machine: %s" \ % vm_3.id ) self.assertEqual( isinstance(list_vm_response, list), True, "Check list response returns a valid list" ) vm_response = list_vm_response[0] self.assertEqual( vm_response.state, "Running", "VM state should be running after deployment" ) self.debug("STEP 3: Add FW rule to allow source nat ping") src_nat_list = PublicIPAddress.list( self.apiclient, account=self.account.name, domainid=self.account.domainid, listall=True, issourcenat=True, vpcid=vpc.id ) self.assertEqual( isinstance(src_nat_list, list), True, "List Public IP should return a valid source NAT" ) self.assertNotEqual( len(src_nat_list), 0, "Length of response from listPublicIp should not be 0" ) src_nat = src_nat_list[0] #Create Firewall rules on source NAT fw_rule_icmp = FireWallRule.create( self.apiclient, ipaddressid=src_nat.id, protocol='ICMP', cidrlist=["0.0.0.0/0",] ) self.debug("Created firewall rule: %s" % fw_rule_icmp.id) self.debug("STEP 4: Trying to ping source NAT %s" % src_nat.ipaddress) # User should be able to ping router via source nat ip try: self.debug("Trying to ping source NAT %s" % src_nat.ipaddress) result = subprocess.call( ['ping', '-c 1', src_nat.ipaddress]) self.debug("Ping result: %s" % result) # if ping successful, then result should be 0 self.assertEqual( result, 0, "Check if ping is successful or not" ) except Exception as e: self.fail("Ping failed for source NAT %s (%s)" % (src_nat.ipaddress, e)) self.debug("STEP 5: Add static NAT to vm_1 with FW rule to allow SSH") floating_ip_1 = PublicIPAddress.create( self.apiclient, accountid=self.account.name, zoneid=self.zone.id, domainid=self.account.domainid, networkid=net1.id, vpcid=vpc.id ) self.debug("Associated %s with network %s" % ( floating_ip_1.ipaddress, net1.id ) ) NATRule.create( self.apiclient, vm_1, self.services["natrule"], ipaddressid=floating_ip_1.ipaddress.id, openfirewall=False, networkid=net1.id, vpcid=vpc.id ) # Should be able to SSH vm_1 via static nat, then ping vm_2 & Internet try: self.debug("STEP 6: SSH into vm_1: %s" % floating_ip_1) ssh = vm_1.get_ssh_client( ipaddress=floating_ip_1.ipaddress.ipaddress ) # self.debug("Ping vm_2 at %s" % vm_2.ipaddress) # Ping to outsite world # res_1 = ssh.execute("ping -c 1 %s" % vm_2.ipaddress) # self.debug("Ping to google.com from VM") # Ping to outsite world # res_2 = ssh.execute("ping -c 1 www.google.com") # res = 64 bytes from maa03s17-in-f20.1e100.net (74.125.236.212): # icmp_req=1 ttl=57 time=25.9 ms # --- www.l.google.com ping statistics --- # 1 packets transmitted, 1 received, 0% packet loss, time 0ms # rtt min/avg/max/mdev = 25.970/25.970/25.970/0.000 ms except Exception as e: self.fail("SSH Access failed: %s" % e) # self.debug("ping result1: %s" % res_1); # self.debug("ping result2: %s" % res_2); # result1 = str(res_1) # self.assertEqual( # result1.count("1 received"), # 1, # "Ping vm_2 from vm_1 should be successful" # ) # result2 = str(res_2) # self.assertEqual( # result2.count("1 received"), # 1, # "Ping Internet from vm_1 should be successful" # ) # Deleting two test VMs VirtualMachine.delete(vm_1, self.apiclient, expunge=True) VirtualMachine.delete(vm_2, self.apiclient, expunge=True) # Delete Network Network.delete(self.network, self.apiclient) return
def test_create_network_with_snat(self): """Test to create a network with SourceNAT service only""" # Validate the following # 1. create a network offering with source nat service # 2. create a network and deploy a vm within the network # 3. deployment and network creation should be successful # 4. attempt to create a fw rule. should fail since offering hasn't allowed it # 5. try to ping out of the guest to www.google.com to check SourceNAT is working self.account = Account.create( self.apiclient, self.services["account"], admin=False, domainid=self.domain.id ) self.cleanup.append(self.account) # Create a network offering VR and only SourceNAT service self.debug( "creating network offering with source NAT only" ) self.network_offering = NetworkOffering.create( self.apiclient, self.services["network_offering_sourcenat"] ) # Enable Network offering self.network_offering.update(self.apiclient, state='Enabled') self.debug("Created n/w offering with ID: %s" % self.network_offering.id) # Creating network using the network offering created self.debug("Creating network with network offering: %s" % self.network_offering.id) self.network = Network.create( self.apiclient, self.services["network"], accountid=self.account.name, domainid=self.account.domainid, networkofferingid=self.network_offering.id, zoneid=self.zone.id ) self.debug("Created guest network with ID: %s within account %s" % (self.network.id, self.account.name)) self.debug("Deploying VM in account: %s on the network %s" % (self.account.name, self.network.id)) # Spawn an instance in that network VirtualMachine.create( self.apiclient, self.services["virtual_machine"], accountid=self.account.name, domainid=self.account.domainid, serviceofferingid=self.service_offering.id, networkids=[str(self.network.id)] ) self.debug("Deployed VM in network: %s" % self.network.id) src_nat_list = PublicIPAddress.list( self.apiclient, associatednetworkid=self.network.id, account=self.account.name, domainid=self.account.domainid, listall=True, issourcenat=True, ) self.assertEqual( isinstance(src_nat_list, list), True, "List Public IP should return a valid source NAT" ) self.assertNotEqual( len(src_nat_list), 0, "Length of response from listPublicIp should not be 0" ) src_nat = src_nat_list[0] self.debug("Successfully implemented network with source NAT IP: %s" % src_nat.ipaddress) with self.assertRaises(Exception): FireWallRule.create( self.apiclient, ipaddressid=src_nat.id, protocol='TCP', cidrlist=[self.services["fw_rule"]["cidr"]], startport=self.services["fw_rule"]["startport"], endport=self.services["fw_rule"]["endport"] ) return
def test_01_create_lb_rule_src_nat(self): """Test to create Load balancing rule with source NAT""" # Validate the Following: # 1. listLoadBalancerRules should return the added rule # 2. attempt to ssh twice on the load balanced IP # 3. verify using the UNAME of the VM # that round robin is indeed happening as expected src_nat_ip_addrs = PublicIPAddress.list( self.apiclient, account=self.account.name, domainid=self.account.domainid ) self.assertEqual( isinstance(src_nat_ip_addrs, list), True, "Check list response returns a valid list" ) src_nat_ip_addr = src_nat_ip_addrs[0] # Check if VM is in Running state before creating LB rule vm_response = VirtualMachine.list( self.apiclient, account=self.account.name, domainid=self.account.domainid ) self.assertEqual( isinstance(vm_response, list), True, "Check list VM returns a valid list" ) self.assertNotEqual( len(vm_response), 0, "Check Port Forwarding Rule is created" ) for vm in vm_response: self.assertEqual( vm.state, 'Running', "VM state should be Running before creating a NAT rule." ) # Create Load Balancer rule and assign VMs to rule lb_rule = LoadBalancerRule.create( self.apiclient, self.services["lbrule"], src_nat_ip_addr.id, accountid=self.account.name, vpcid=self.vpc1.id, networkid=self.network1.id ) self.cleanup.append(lb_rule) lb_rule.assign(self.apiclient, [self.vm_1, self.vm_2]) lb_rules = list_lb_rules( self.apiclient, id=lb_rule.id ) self.assertEqual( isinstance(lb_rules, list), True, "Check list response returns a valid list" ) # verify listLoadBalancerRules lists the added load balancing rule self.assertNotEqual( len(lb_rules), 0, "Check Load Balancer Rule in its List" ) self.assertEqual( lb_rules[0].id, lb_rule.id, "Check List Load Balancer Rules returns valid Rule" ) # listLoadBalancerRuleInstances should list all # instances associated with that LB rule lb_instance_rules = list_lb_instances( self.apiclient, id=lb_rule.id ) self.assertEqual( isinstance(lb_instance_rules, list), True, "Check list response returns a valid list" ) self.assertNotEqual( len(lb_instance_rules), 0, "Check Load Balancer instances Rule in its List" ) self.logger.debug("lb_instance_rules Ids: %s, %s" % ( lb_instance_rules[0].id, lb_instance_rules[1].id )) self.logger.debug("VM ids: %s, %s" % (self.vm_1.id, self.vm_2.id)) self.assertIn( lb_instance_rules[0].id, [self.vm_1.id, self.vm_2.id], "Check List Load Balancer instances Rules returns valid VM ID" ) self.assertIn( lb_instance_rules[1].id, [self.vm_1.id, self.vm_2.id], "Check List Load Balancer instances Rules returns valid VM ID" ) unameResults = [] self.try_ssh(src_nat_ip_addr.ipaddress, unameResults) self.try_ssh(src_nat_ip_addr.ipaddress, unameResults) self.try_ssh(src_nat_ip_addr.ipaddress, unameResults) self.try_ssh(src_nat_ip_addr.ipaddress, unameResults) self.try_ssh(src_nat_ip_addr.ipaddress, unameResults) self.logger.debug("UNAME: %s" % str(unameResults)) self.assertIn( "Linux", unameResults, "Check if ssh succeeded for server1" ) self.assertIn( "Linux", unameResults, "Check if ssh succeeded for server2" ) # SSH should pass till there is a last VM associated with LB rule lb_rule.remove(self.apiclient, [self.vm_2]) # making unameResultss list empty unameResults[:] = [] try: self.logger.debug("SSHing into IP address: %s after removing VM (ID: %s)" % ( src_nat_ip_addr.ipaddress, self.vm_2.id )) self.try_ssh(src_nat_ip_addr.ipaddress, unameResults) self.assertIn( "Linux", unameResults, "Check if ssh succeeded for server1" ) except Exception as e: self.fail("%s: SSH failed for VM with IP Address: %s" % (e, src_nat_ip_addr.ipaddress)) lb_rule.remove(self.apiclient, [self.vm_1]) with self.assertRaises(Exception): self.logger.debug("Removed all VMs, trying to SSH") self.try_ssh(src_nat_ip_addr.ipaddress, unameResults) return
def test_01_create_lb_rule_src_nat(self): """Test to create Load balancing rule with source NAT""" # Validate the Following: # 1. listLoadBalancerRules should return the added rule # 2. attempt to ssh twice on the load balanced IP # 3. verify using the UNAME of the VM # that round robin is indeed happening as expected src_nat_ip_addrs = PublicIPAddress.list(self.apiclient, account=self.account.name, domainid=self.account.domainid) self.assertEqual(isinstance(src_nat_ip_addrs, list), True, "Check list response returns a valid list") src_nat_ip_addr = src_nat_ip_addrs[0] # Check if VM is in Running state before creating LB rule vm_response = VirtualMachine.list(self.apiclient, account=self.account.name, domainid=self.account.domainid) self.assertEqual(isinstance(vm_response, list), True, "Check list VM returns a valid list") self.assertNotEqual(len(vm_response), 0, "Check Port Forwarding Rule is created") for vm in vm_response: self.assertEqual( vm.state, 'Running', "VM state should be Running before creating a NAT rule.") # Create Load Balancer rule and assign VMs to rule lb_rule = LoadBalancerRule.create(self.apiclient, self.services["lbrule"], src_nat_ip_addr.id, accountid=self.account.name, vpcid=self.vpc1.id, networkid=self.network1.id) self.cleanup.append(lb_rule) lb_rule.assign(self.apiclient, [self.vm_1, self.vm_2]) lb_rules = list_lb_rules(self.apiclient, id=lb_rule.id) self.assertEqual(isinstance(lb_rules, list), True, "Check list response returns a valid list") # verify listLoadBalancerRules lists the added load balancing rule self.assertNotEqual(len(lb_rules), 0, "Check Load Balancer Rule in its List") self.assertEqual(lb_rules[0].id, lb_rule.id, "Check List Load Balancer Rules returns valid Rule") # listLoadBalancerRuleInstances should list all # instances associated with that LB rule lb_instance_rules = list_lb_instances(self.apiclient, id=lb_rule.id) self.assertEqual(isinstance(lb_instance_rules, list), True, "Check list response returns a valid list") self.assertNotEqual(len(lb_instance_rules), 0, "Check Load Balancer instances Rule in its List") self.logger.debug("lb_instance_rules Ids: %s, %s" % (lb_instance_rules[0].id, lb_instance_rules[1].id)) self.logger.debug("VM ids: %s, %s" % (self.vm_1.id, self.vm_2.id)) self.assertIn( lb_instance_rules[0].id, [self.vm_1.id, self.vm_2.id], "Check List Load Balancer instances Rules returns valid VM ID") self.assertIn( lb_instance_rules[1].id, [self.vm_1.id, self.vm_2.id], "Check List Load Balancer instances Rules returns valid VM ID") unameResults = [] self.try_ssh(src_nat_ip_addr.ipaddress, unameResults) self.try_ssh(src_nat_ip_addr.ipaddress, unameResults) self.try_ssh(src_nat_ip_addr.ipaddress, unameResults) self.try_ssh(src_nat_ip_addr.ipaddress, unameResults) self.try_ssh(src_nat_ip_addr.ipaddress, unameResults) self.logger.debug("UNAME: %s" % str(unameResults)) self.assertIn("Linux", unameResults, "Check if ssh succeeded for server1") self.assertIn("Linux", unameResults, "Check if ssh succeeded for server2") # SSH should pass till there is a last VM associated with LB rule lb_rule.remove(self.apiclient, [self.vm_2]) # making unameResultss list empty unameResults[:] = [] try: self.logger.debug( "SSHing into IP address: %s after removing VM (ID: %s)" % (src_nat_ip_addr.ipaddress, self.vm_2.id)) self.try_ssh(src_nat_ip_addr.ipaddress, unameResults) self.assertIn("Linux", unameResults, "Check if ssh succeeded for server1") except Exception as e: self.fail("%s: SSH failed for VM with IP Address: %s" % (e, src_nat_ip_addr.ipaddress)) lb_rule.remove(self.apiclient, [self.vm_1]) with self.assertRaises(Exception): self.logger.debug("Removed all VMs, trying to SSH") self.try_ssh(src_nat_ip_addr.ipaddress, unameResults) return
def setUpClass(cls): cls._cleanup = [] cls.testClient = super(TestVPCRouterOneNetwork, cls).getClsTestClient() cls.api_client = cls.testClient.getApiClient() cls.hypervisor = cls.testClient.getHypervisorInfo() cls.vpcSupported = True cls._cleanup = [] cls.services = Services().services # Get Zone, Domain and templates cls.domain = get_domain(cls.api_client) cls.zone = get_zone(cls.api_client, cls.testClient.getZoneForTests()) cls.template = get_template(cls.api_client, cls.zone.id, cls.services["ostype"]) cls.services["virtual_machine"]["zoneid"] = cls.zone.id cls.services["virtual_machine"]["template"] = cls.template.id cls.service_offering = ServiceOffering.create( cls.api_client, cls.services["service_offering"]) cls._cleanup.append(cls.service_offering) cls.vpc_off = VpcOffering.create(cls.api_client, cls.services["vpc_offering"]) cls.vpc_off.update(cls.api_client, state='Enabled') cls._cleanup.append(cls.vpc_off) cls.account = Account.create(cls.api_client, cls.services["account"], admin=True, domainid=cls.domain.id) cls._cleanup.insert(0, cls.account) cls.services["vpc"]["cidr"] = '10.1.1.1/16' cls.vpc = VPC.create(cls.api_client, cls.services["vpc"], vpcofferingid=cls.vpc_off.id, zoneid=cls.zone.id, account=cls.account.name, domainid=cls.account.domainid) private_gateway = PrivateGateway.create(cls.api_client, gateway='10.1.3.1', ipaddress='10.1.3.100', netmask='255.255.255.0', vlan=678, vpcid=cls.vpc.id) cls.gateways = PrivateGateway.list(cls.api_client, id=private_gateway.id, listall=True) static_route = StaticRoute.create(cls.api_client, cidr='11.1.1.1/24', gatewayid=private_gateway.id) cls.static_routes = StaticRoute.list(cls.api_client, id=static_route.id, listall=True) cls.nw_off = NetworkOffering.create(cls.api_client, cls.services["network_offering"], conservemode=False) # Enable Network offering cls.nw_off.update(cls.api_client, state='Enabled') cls._cleanup.append(cls.nw_off) # Creating network using the network offering created cls.network_1 = Network.create(cls.api_client, cls.services["network"], accountid=cls.account.name, domainid=cls.account.domainid, networkofferingid=cls.nw_off.id, zoneid=cls.zone.id, gateway='10.1.1.1', vpcid=cls.vpc.id) # Spawn an instance in that network vm_1 = VirtualMachine.create(cls.api_client, cls.services["virtual_machine"], accountid=cls.account.name, domainid=cls.account.domainid, serviceofferingid=cls.service_offering.id, networkids=[str(cls.network_1.id)]) vm_2 = VirtualMachine.create(cls.api_client, cls.services["virtual_machine"], accountid=cls.account.name, domainid=cls.account.domainid, serviceofferingid=cls.service_offering.id, networkids=[str(cls.network_1.id)]) # Spawn an instance in that network vm_3 = VirtualMachine.create(cls.api_client, cls.services["virtual_machine"], accountid=cls.account.name, domainid=cls.account.domainid, serviceofferingid=cls.service_offering.id, networkids=[str(cls.network_1.id)]) VirtualMachine.list(cls.api_client, account=cls.account.name, domainid=cls.account.domainid, listall=True) public_ip_1 = PublicIPAddress.create(cls.api_client, accountid=cls.account.name, zoneid=cls.zone.id, domainid=cls.account.domainid, networkid=cls.network_1.id, vpcid=cls.vpc.id) NATRule.create(cls.api_client, vm_1, cls.services["natrule"], ipaddressid=public_ip_1.ipaddress.id, openfirewall=False, networkid=cls.network_1.id, vpcid=cls.vpc.id) NetworkACL.create(cls.api_client, networkid=cls.network_1.id, services=cls.services["natrule"], traffictype='Ingress') public_ip_2 = PublicIPAddress.create(cls.api_client, accountid=cls.account.name, zoneid=cls.zone.id, domainid=cls.account.domainid, networkid=cls.network_1.id, vpcid=cls.vpc.id) try: StaticNATRule.enable(cls.api_client, ipaddressid=public_ip_2.ipaddress.id, virtualmachineid=vm_2.id, networkid=cls.network_1.id) except Exception as e: cls.fail("Failed to enable static NAT on IP: %s - %s" % (public_ip_2.ipaddress.ipaddress, e)) PublicIPAddress.list(cls.api_client, networkid=cls.network_1.id, listall=True, isstaticnat=True, account=cls.account.name, domainid=cls.account.domainid) public_ip_3 = PublicIPAddress.create(cls.api_client, accountid=cls.account.name, zoneid=cls.zone.id, domainid=cls.account.domainid, networkid=cls.network_1.id, vpcid=cls.vpc.id) lb_rule = LoadBalancerRule.create(cls.api_client, cls.services["lbrule"], ipaddressid=public_ip_3.ipaddress.id, accountid=cls.account.name, networkid=cls.network_1.id, vpcid=cls.vpc.id, domainid=cls.account.domainid) lb_rule.assign(cls.api_client, [vm_3]) NetworkACL.create(cls.api_client, networkid=cls.network_1.id, services=cls.services["lbrule"], traffictype='Ingress') NetworkACL.create(cls.api_client, networkid=cls.network_1.id, services=cls.services["http_rule"], traffictype='Egress')
def setUpClass(cls): cls._cleanup = [] cls.testClient = super(TestVPCRouterOneNetwork, cls).getClsTestClient() cls.api_client = cls.testClient.getApiClient() cls.hypervisor = cls.testClient.getHypervisorInfo() cls.vpcSupported = True cls._cleanup = [] cls.services = Services().services # Get Zone, Domain and templates cls.domain = get_domain(cls.api_client) cls.zone = get_zone(cls.api_client, cls.testClient.getZoneForTests()) cls.template = get_template( cls.api_client, cls.zone.id, cls.services["ostype"] ) cls.services["virtual_machine"]["zoneid"] = cls.zone.id cls.services["virtual_machine"]["template"] = cls.template.id cls.service_offering = ServiceOffering.create( cls.api_client, cls.services["service_offering"] ) cls._cleanup.append(cls.service_offering) cls.vpc_off = VpcOffering.create( cls.api_client, cls.services["vpc_offering"] ) cls.vpc_off.update(cls.api_client, state='Enabled') cls._cleanup.append(cls.vpc_off) cls.account = Account.create( cls.api_client, cls.services["account"], admin=True, domainid=cls.domain.id ) cls._cleanup.insert(0, cls.account) cls.services["vpc"]["cidr"] = '10.1.1.1/16' cls.vpc = VPC.create( cls.api_client, cls.services["vpc"], vpcofferingid=cls.vpc_off.id, zoneid=cls.zone.id, account=cls.account.name, domainid=cls.account.domainid ) private_gateway = PrivateGateway.create( cls.api_client, gateway='10.1.3.1', ipaddress='10.1.3.100', netmask='255.255.255.0', vlan=678, vpcid=cls.vpc.id ) cls.gateways = PrivateGateway.list( cls.api_client, id=private_gateway.id, listall=True ) static_route = StaticRoute.create( cls.api_client, cidr='11.1.1.1/24', gatewayid=private_gateway.id ) cls.static_routes = StaticRoute.list( cls.api_client, id=static_route.id, listall=True ) cls.nw_off = NetworkOffering.create( cls.api_client, cls.services["network_offering"], conservemode=False ) # Enable Network offering cls.nw_off.update(cls.api_client, state='Enabled') cls._cleanup.append(cls.nw_off) # Creating network using the network offering created cls.network_1 = Network.create( cls.api_client, cls.services["network"], accountid=cls.account.name, domainid=cls.account.domainid, networkofferingid=cls.nw_off.id, zoneid=cls.zone.id, gateway='10.1.1.1', vpcid=cls.vpc.id ) # Spawn an instance in that network vm_1 = VirtualMachine.create( cls.api_client, cls.services["virtual_machine"], accountid=cls.account.name, domainid=cls.account.domainid, serviceofferingid=cls.service_offering.id, networkids=[str(cls.network_1.id)] ) vm_2 = VirtualMachine.create( cls.api_client, cls.services["virtual_machine"], accountid=cls.account.name, domainid=cls.account.domainid, serviceofferingid=cls.service_offering.id, networkids=[str(cls.network_1.id)] ) # Spawn an instance in that network vm_3 = VirtualMachine.create( cls.api_client, cls.services["virtual_machine"], accountid=cls.account.name, domainid=cls.account.domainid, serviceofferingid=cls.service_offering.id, networkids=[str(cls.network_1.id)] ) VirtualMachine.list( cls.api_client, account=cls.account.name, domainid=cls.account.domainid, listall=True ) public_ip_1 = PublicIPAddress.create( cls.api_client, accountid=cls.account.name, zoneid=cls.zone.id, domainid=cls.account.domainid, networkid=cls.network_1.id, vpcid=cls.vpc.id ) NATRule.create( cls.api_client, vm_1, cls.services["natrule"], ipaddressid=public_ip_1.ipaddress.id, openfirewall=False, networkid=cls.network_1.id, vpcid=cls.vpc.id ) NetworkACL.create( cls.api_client, networkid=cls.network_1.id, services=cls.services["natrule"], traffictype='Ingress' ) public_ip_2 = PublicIPAddress.create( cls.api_client, accountid=cls.account.name, zoneid=cls.zone.id, domainid=cls.account.domainid, networkid=cls.network_1.id, vpcid=cls.vpc.id ) try: StaticNATRule.enable( cls.api_client, ipaddressid=public_ip_2.ipaddress.id, virtualmachineid=vm_2.id, networkid=cls.network_1.id ) except Exception as e: cls.fail("Failed to enable static NAT on IP: %s - %s" % ( public_ip_2.ipaddress.ipaddress, e)) PublicIPAddress.list( cls.api_client, networkid=cls.network_1.id, listall=True, isstaticnat=True, account=cls.account.name, domainid=cls.account.domainid ) public_ip_3 = PublicIPAddress.create( cls.api_client, accountid=cls.account.name, zoneid=cls.zone.id, domainid=cls.account.domainid, networkid=cls.network_1.id, vpcid=cls.vpc.id ) lb_rule = LoadBalancerRule.create( cls.api_client, cls.services["lbrule"], ipaddressid=public_ip_3.ipaddress.id, accountid=cls.account.name, networkid=cls.network_1.id, vpcid=cls.vpc.id, domainid=cls.account.domainid ) lb_rule.assign(cls.api_client, [vm_3]) NetworkACL.create( cls.api_client, networkid=cls.network_1.id, services=cls.services["lbrule"], traffictype='Ingress' ) NetworkACL.create( cls.api_client, networkid=cls.network_1.id, services=cls.services["http_rule"], traffictype='Egress' )
def _test_vpc_site2site_vpn(self, vpc_offering, num_VPCs=3): # Number of VPNs (to test) is number_of_VPCs - 1 # By default test setting up 2 VPNs from VPC0, requiring total of 3 VPCs maxnumVM = num_VPCs - 1 # Create VPC i vpc_list = [] for i in range(num_VPCs): # Generate VPC (mostly subnet) info vpcservice_n = copy.deepcopy(self.services["vpcN"]) for key in vpcservice_n.keys(): vpcservice_n[key] = vpcservice_n[key].format(N=` i `) vpc_n = VPC.create(apiclient=self.apiclient, services=vpcservice_n, networkDomain="vpc%d.vpn" % i, vpcofferingid=vpc_offering.id, zoneid=self.zone.id, account=self.account.name, domainid=self.domain.id) self.assertIsNotNone(vpc_n, "VPC%d creation failed" % i) vpc_list.append(vpc_n) self.cleanup.append(vpc_n) self.logger.debug("VPC%d %s created" % (i, vpc_list[i].id)) default_acl = NetworkACLList.list(self.apiclient, name="default_allow")[0] # Create network in VPC i ntwk_list = [] for i in range(num_VPCs): # Generate network (mostly subnet) info ntwk_info_n = copy.deepcopy(self.services["network_N"]) for key in ntwk_info_n.keys(): ntwk_info_n[key] = ntwk_info_n[key].format(N=` i `) ntwk_n = Network.create( apiclient=self.apiclient, services=ntwk_info_n, accountid=self.account.name, domainid=self.account.domainid, networkofferingid=self.network_offerings[0].id, zoneid=self.zone.id, vpcid=vpc_list[i].id, aclid=default_acl.id) self.assertIsNotNone(ntwk_n, "Network%d failed to create" % i) self.cleanup.append(ntwk_n) ntwk_list.append(ntwk_n) self.logger.debug("Network%d %s created in VPC %s" % (i, ntwk_list[i].id, vpc_list[i].id)) # Deploy a vm in network i vm_list = [] vm_n = None for i in range(num_VPCs): vm_n = VirtualMachine.create( self.apiclient, services=self.services["virtual_machine"], templateid=self.template.id, zoneid=self.zone.id, accountid=self.account.name, domainid=self.account.domainid, serviceofferingid=self.compute_offering.id, networkids=[ntwk_list[i].id], hypervisor=self.hypervisor, mode='advanced' if (i == 0) or (i == maxnumVM) else 'default') self.assertIsNotNone(vm_n, "VM%d failed to deploy" % i) self.cleanup.append(vm_n) vm_list.append(vm_n) self.logger.debug("VM%d %s deployed in VPC %s" % (i, vm_list[i].id, vpc_list[i].id)) self.assertEquals(vm_n.state, 'Running', "VM%d is not running" % i) # 4) Enable Site-to-Site VPN for VPC vpn_response_list = [] for i in range(num_VPCs): vpn_response = Vpn.createVpnGateway(self.apiclient, vpc_list[i].id) self.assertIsNotNone(vpn_response, "Failed to enable VPN Gateway %d" % i) vpn_response_list.append(vpn_response) self.logger.debug("VPN gateway for VPC%d %s enabled" % (i, vpc_list[i].id)) # 5) Add VPN Customer gateway info vpn_cust_gw_list = [] services = self.services["vpncustomergateway"] for i in range(num_VPCs): src_nat_list = PublicIPAddress.list(self.apiclient, account=self.account.name, domainid=self.account.domainid, listall=True, issourcenat=True, vpcid=vpc_list[i].id) ip = src_nat_list[0] customer_response = VpnCustomerGateway.create( self.apiclient, services, "Peer VPC" + ` i `, ip.ipaddress, vpc_list[i].cidr, self.account.name, self.domain.id) self.cleanup.insert( 0, customer_response ) # this has to be cleaned up after the VPCs have been destroyed (due to client connectionsonections) vpn_cust_gw_list.append(customer_response) self.logger.debug( "VPN customer gateway added for VPC%d %s enabled" % (i, vpc_list[i].id)) # Before the next step ensure the last VPC is up and running # Routers in the right state? self.assertEqual( self.routers_in_right_state(vpcid=vpc_list[maxnumVM].id), True, "Check whether the routers are in the right state.") # 6) Connect VPCi with VPC0 for i in range(num_VPCs)[1:]: Vpn.createVpnConnection(self.apiclient, vpn_cust_gw_list[0].id, vpn_response_list[i]['id'], True) self.logger.debug("VPN passive connection created for VPC%d %s" % (i, vpc_list[i].id)) vpnconn2_response = Vpn.createVpnConnection( self.apiclient, vpn_cust_gw_list[i].id, vpn_response_list[0]['id']) self.logger.debug("VPN connection created for VPC%d %s" % (0, vpc_list[0].id)) self.assertEqual(vpnconn2_response['state'], "Connected", "Failed to connect between VPCs 0 and %d!" % i) self.logger.debug("VPN connected between VPC0 and VPC%d" % i) # First the last VM # setup ssh connection to vm maxnumVM self.logger.debug( "Setup SSH connection to last VM created (%d) to ensure availability for ping tests" % maxnumVM) ssh_max_client = vm_list[maxnumVM].get_ssh_client(retries=20) self.assertIsNotNone( ssh_max_client, "Failed to setup SSH to last VM created (%d)" % maxnumVM) self.logger.debug( "Setup SSH connection to first VM created (0) to ensure availability for ping tests" ) ssh_client = vm_list[0].get_ssh_client(retries=10) self.assertIsNotNone(ssh_client, "Failed to setup SSH to VM0") if ssh_client: # run ping test for i in range(num_VPCs)[1:]: packet_loss = ssh_client.execute( "/bin/ping -c 3 -t 10 " + vm_list[i].nic[0].ipaddress + " |grep packet|cut -d ' ' -f 7| cut -f1 -d'%'")[0] self.assertEquals( int(packet_loss), 0, "Ping towards vm" + ` i ` + "did not succeed") self.logger.debug("Ping from vm0 to vm%d did succeed" % i) else: self.fail("Failed to setup ssh connection to %s" % vm_list[0].public_ip) return
def _test_01_create_lb_rule_src_nat(self): """Test to create Load balancing rule with source NAT""" # Validate the Following: # 1. listLoadBalancerRules should return the added rule # 2. attempt to ssh twice on the load balanced IP # 3. verify using the UNAME of the VM # that round robin is indeed happening as expected src_nat_ip_addrs = PublicIPAddress.list(self.apiclient, account=self.account.name, domainid=self.account.domainid) self.assertEqual(isinstance(src_nat_ip_addrs, list), True, "Check list response returns a valid list") src_nat_ip_addr_1 = src_nat_ip_addrs[0] src_nat_ip_addr_2 = src_nat_ip_addrs[1] # Check if VM is in Running state before creating LB rule vm_response = VirtualMachine.list(self.apiclient, account=self.account.name, domainid=self.account.domainid) self.assertEqual(isinstance(vm_response, list), True, "Check list VM returns a valid list") self.assertNotEqual(len(vm_response), 0, "Check Port Forwarding Rule is created") for vm in vm_response: self.assertEqual( vm.state, 'Running', "VM state should be Running before creating a NAT rule.") # Create Load Balancer rule and assign VMs to rule lb_rule_1 = self.create_lb_rule(src_nat_ip_addr_1.id, self.vpc1.id, self.network1.id, [self.vm_1, self.vm_2]) # Create Load Balancer rule and assign VMs to rule lb_rule_2 = self.create_lb_rule(src_nat_ip_addr_2.id, self.vpc1.id, self.network2.id, [self.vm_4, self.vm_5]) # listLoadBalancerRuleInstances should list all # instances associated with that LB rule self.check_lb_rules(lb_rule_1.id, [self.vm_1.id, self.vm_2.id]) self.check_lb_rules(lb_rule_2.id, [self.vm_4.id, self.vm_5.id]) uname_results = [] for x in range(0, 5): self.try_ssh(src_nat_ip_addr_1.ipaddress, uname_results) self.logger.debug("OUTPUT: %s" % str(uname_results)) self.assertIn( self.vm_1.id.split("-", 3)[3].upper(), uname_results, "Check if ssh succeeded for server1") self.assertIn( self.vm_2.id.split("-", 3)[3].upper(), uname_results, "Check if ssh succeeded for server2") uname_results = [] for x in range(0, 5): self.try_ssh(src_nat_ip_addr_2.ipaddress, uname_results) self.logger.debug("OUTPUT: %s" % str(uname_results)) self.assertIn( self.vm_4.id.split("-", 3)[3].upper(), uname_results, "Check if ssh succeeded for server4") self.assertIn( self.vm_5.id.split("-", 3)[3].upper(), uname_results, "Check if ssh succeeded for server5") uname_results.append( self.remove_and_check(lb_rule_1, src_nat_ip_addr_1, [self.vm_2, self.vm_1])) uname_results.append( self.remove_and_check(lb_rule_2, src_nat_ip_addr_2, [self.vm_4, self.vm_5])) return
def test_01_vpc_remote_access_vpn(self): """Test Remote Access VPN in VPC""" # 1) Create VPC vpc_offering = VpcOffering.list(self.apiclient, isdefault=True) self.assertTrue(vpc_offering is not None and len(vpc_offering) > 0, "No VPC offerings found") vpc = VPC.create(apiclient=self.apiclient, services=self.services["vpc"], networkDomain="vpc.vpn", vpcofferingid=vpc_offering[0].id, zoneid=self.zone.id, account=self.account.name, domainid=self.domain.id) self.assertIsNotNone(vpc, "VPC creation failed") self.logger.debug("VPC %s created" % (vpc.id)) self.cleanup.append(vpc) # 2) Create network in VPC ntwk = Network.create(apiclient=self.apiclient, services=self.services["network_1"], accountid=self.account.name, domainid=self.domain.id, networkofferingid=self.network_offerings[0].id, zoneid=self.zone.id, vpcid=vpc.id) self.assertIsNotNone(ntwk, "Network failed to create") self.logger.debug("Network %s created in VPC %s" % (ntwk.id, vpc.id)) self.cleanup.append(ntwk) # 3) Deploy a vm vm = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"], templateid=self.template.id, zoneid=self.zone.id, accountid=self.account.name, domainid=self.domain.id, serviceofferingid=self.compute_offering.id, networkids=ntwk.id, hypervisor=self.hypervisor) self.assertIsNotNone(vm, "VM failed to deploy") self.assertEquals(vm.state, 'Running', "VM is not running") self.debug("VM %s deployed in VPC %s" % (vm.id, vpc.id)) self.logger.debug("Deployed virtual machine: OK") self.cleanup.append(vm) # 4) Enable VPN for VPC src_nat_list = PublicIPAddress.list(self.apiclient, account=self.account.name, domainid=self.account.domainid, listall=True, issourcenat=True, vpcid=vpc.id) ip = src_nat_list[0] self.logger.debug("Acquired public ip address: OK") vpn = Vpn.create(self.apiclient, publicipid=ip.id, account=self.account.name, domainid=self.account.domainid, iprange=self.services["vpn"]["iprange"], fordisplay=self.services["vpn"]["fordisplay"]) self.assertIsNotNone(vpn, "Failed to create Remote Access VPN") self.logger.debug("Created Remote Access VPN: OK") vpn_user = None # 5) Add VPN user for VPC vpn_user = VpnUser.create(self.apiclient, account=self.account.name, domainid=self.account.domainid, username=self.services["vpn"]["vpn_user"], password=self.services["vpn"]["vpn_pass"]) self.assertIsNotNone(vpn_user, "Failed to create Remote Access VPN User") self.logger.debug("Created VPN User: OK") # TODO: Add an actual remote vpn connection test from a remote vpc # 9) Disable VPN for VPC vpn.delete(self.apiclient) self.logger.debug("Deleted the Remote Access VPN: OK")
def test_03_deploy_vms_in_vpc_with_regionlevelvpc(self): """Test deploy virtual machines in VPC networks""" # 1. Create VPC Offering by specifying all supported Services # (Vpn,dhcpdns,UserData, SourceNat,Static NAT and PF,LB,NetworkAcl) # 2. Create a VPC using the above VPC offering # 3. Create a network as part of this VPC. # 4. Deploy few Vms. # 5. Create a LB rule for this VM. # 6. Create a PF rule for this VM. # 7. Create a Static Nat rule for this VM. # 8. Create Ingress rules on the network to open the above created # LB PF and Static Nat rule # 9. Create Egress Network ACL for this network to access google.com. # 10. Enable VPN services if not self.isOvsPluginEnabled: self.skipTest("OVS plugin should be enabled to run this test case") self.debug("Creating a VPC offering..") vpc_off = VpcOffering.create(self.apiclient, self.services["vpc_offering"]) vpc_off.update(self.apiclient, state='Enabled') self.debug("creating a VPC network in the account: %s" % self.account.name) vpc = VPC.create(self.apiclient, self.services["vpc"], vpcofferingid=vpc_off.id, zoneid=self.zone.id, account=self.account.name, domainid=self.account.domainid, networkDomain=self.account.domainid) self.validate_vpc_network(vpc) self.network_offering = NetworkOffering.create( self.apiclient, self.services["network_offering"], conservemode=False) # Enable Network offering self.network_offering.update(self.apiclient, state='Enabled') gateway = vpc.cidr.split('/')[0] # Split the cidr to retrieve gateway # for eg. cidr = 10.0.0.1/24 # Gateway = 10.0.0.1 # Creating network using the network offering created self.debug("Creating network with network offering: %s" % self.network_offering.id) network = Network.create(self.apiclient, self.services["network"], accountid=self.account.name, domainid=self.account.domainid, networkofferingid=self.network_offering.id, zoneid=self.zone.id, gateway=gateway, vpcid=vpc.id) self.debug("Created network with ID: %s" % network.id) # Spawn an instance in that network virtual_machine = VirtualMachine.create( self.apiclient, self.services["virtual_machine"], accountid=self.account.name, domainid=self.account.domainid, serviceofferingid=self.service_offering.id, networkids=[str(network.id)]) self.debug("Deployed VM in network: %s" % network.id) self.debug("Associating public IP for network: %s" % network.name) public_ip = PublicIPAddress.create(self.apiclient, accountid=self.account.name, zoneid=self.zone.id, domainid=self.account.domainid, networkid=network.id, vpcid=vpc.id) self.debug("Associated %s with network %s" % (public_ip.ipaddress.ipaddress, network.id)) self.debug("Creating LB rule for IP address: %s" % public_ip.ipaddress.ipaddress) LoadBalancerRule.create(self.apiclient, self.services["lbrule"], ipaddressid=public_ip.ipaddress.id, accountid=self.account.name, networkid=network.id, vpcid=vpc.id, domainid=self.account.domainid) self.debug("Associating public IP for network: %s" % vpc.name) public_ip_2 = PublicIPAddress.create(self.apiclient, accountid=self.account.name, zoneid=self.zone.id, domainid=self.account.domainid, networkid=network.id, vpcid=vpc.id) self.debug("Associated %s with network %s" % (public_ip_2.ipaddress.ipaddress, network.id)) NATRule.create(self.apiclient, virtual_machine, self.services["natrule"], ipaddressid=public_ip_2.ipaddress.id, openfirewall=False, networkid=network.id, vpcid=vpc.id) self.debug("Adding NetwrokACl rules to make PF and LB accessible") NetworkACL.create(self.apiclient, networkid=network.id, services=self.services["natrule"], traffictype='Ingress') NetworkACL.create(self.apiclient, networkid=network.id, services=self.services["lbrule"], traffictype='Ingress') self.debug("Checking if we can SSH into VM?") try: virtual_machine.get_ssh_client( ipaddress=public_ip_2.ipaddress.ipaddress, ) self.debug("SSH into VM is successfully") except Exception as e: self.fail("Failed to SSH into VM - %s, %s" % (public_ip_2.ipaddress.ipaddress, e)) self.debug("Associating public IP for network: %s" % network.name) public_ip_3 = PublicIPAddress.create(self.apiclient, accountid=self.account.name, zoneid=self.zone.id, domainid=self.account.domainid, networkid=network.id, vpcid=vpc.id) self.debug("Associated %s with network %s" % (public_ip_3.ipaddress.ipaddress, network.id)) self.debug("Enabling static NAT for IP: %s" % public_ip_3.ipaddress.ipaddress) try: StaticNATRule.enable(self.apiclient, ipaddressid=public_ip_3.ipaddress.id, virtualmachineid=virtual_machine.id, networkid=network.id) self.debug("Static NAT enabled for IP: %s" % public_ip_3.ipaddress.ipaddress) except Exception as e: self.fail("Failed to enable static NAT on IP: %s - %s" % (public_ip_3.ipaddress.ipaddress, e)) public_ips = PublicIPAddress.list(self.apiclient, networkid=network.id, listall=True, isstaticnat=True, account=self.account.name, domainid=self.account.domainid) self.assertEqual(isinstance(public_ips, list), True, "List public Ip for network should list the Ip addr") self.assertEqual(public_ips[0].ipaddress, public_ip_3.ipaddress.ipaddress, "List public Ip for network should list the Ip addr") # TODO: Remote Access VPN is not yet supported in VPC return
def test_01_vpc_remote_access_vpn(self): """Test Remote Access VPN in VPC""" self.logger.debug("Starting test: test_01_vpc_remote_access_vpn") # 0) Get the default network offering for VPC self.logger.debug("Retrieving default VPC offering") networkOffering = NetworkOffering.list( self.apiclient, name="DefaultIsolatedNetworkOfferingForVpcNetworks") self.assert_(networkOffering is not None and len( networkOffering) > 0, "No VPC based network offering") # 1) Create VPC vpcOffering = VpcOffering.list(self.apiclient, name="Default VPC offering") self.assert_(vpcOffering is not None and len( vpcOffering) > 0, "No VPC offerings found") vpc = None try: vpc = VPC.create( apiclient=self.apiclient, services=self.services["vpc"], networkDomain="vpc.vpn", vpcofferingid=vpcOffering[0].id, zoneid=self.zone.id, account=self.account.name, domainid=self.domain.id ) except Exception as e: self.fail(e) finally: self.assert_(vpc is not None, "VPC creation failed") self.logger.debug("VPC %s created" % (vpc.id)) try: # 2) Create network in VPC ntwk = Network.create( apiclient=self.apiclient, services=self.services["network_1"], accountid=self.account.name, domainid=self.domain.id, networkofferingid=networkOffering[0].id, zoneid=self.zone.id, vpcid=vpc.id ) except Exception as e: self.fail(e) finally: self.assertIsNotNone(ntwk, "Network failed to create") self.logger.debug( "Network %s created in VPC %s" % (ntwk.id, vpc.id)) try: # 3) Deploy a vm vm = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"], templateid=self.template.id, zoneid=self.zone.id, accountid=self.account.name, domainid=self.domain.id, serviceofferingid=self.compute_offering.id, networkids=ntwk.id, hypervisor=self.hypervisor ) self.assert_(vm is not None, "VM failed to deploy") self.assert_(vm.state == 'Running', "VM is not running") self.debug("VM %s deployed in VPC %s" % (vm.id, vpc.id)) except Exception as e: self.fail(e) finally: self.logger.debug("Deployed virtual machine: OK") try: # 4) Enable VPN for VPC src_nat_list = PublicIPAddress.list( self.apiclient, account=self.account.name, domainid=self.account.domainid, listall=True, issourcenat=True, vpcid=vpc.id ) ip = src_nat_list[0] except Exception as e: self.fail(e) finally: self.logger.debug("Acquired public ip address: OK") try: vpn = Vpn.create(self.apiclient, publicipid=ip.id, account=self.account.name, domainid=self.account.domainid, iprange=self.services["vpn"]["iprange"], fordisplay=self.services["vpn"]["fordisplay"] ) except Exception as e: self.fail(e) finally: self.assertIsNotNone(vpn, "Failed to create Remote Access VPN") self.logger.debug("Created Remote Access VPN: OK") vpnUser = None # 5) Add VPN user for VPC try: vpnUser = VpnUser.create(self.apiclient, account=self.account.name, domainid=self.account.domainid, username=self.services["vpn"]["vpn_user"], password=self.services["vpn"]["vpn_pass"] ) except Exception as e: self.fail(e) finally: self.assertIsNotNone( vpnUser, "Failed to create Remote Access VPN User") self.logger.debug("Created VPN User: OK") # TODO: Add an actual remote vpn connection test from a remote vpc try: # 9) Disable VPN for VPC vpn.delete(self.apiclient) except Exception as e: self.fail(e) finally: self.logger.debug("Deleted the Remote Access VPN: OK")
def test_03_deploy_vms_in_vpc_with_regionlevelvpc(self): """Test deploy virtual machines in VPC networks""" # 1. Create VPC Offering by specifying all supported Services # (Vpn,dhcpdns,UserData, SourceNat,Static NAT and PF,LB,NetworkAcl) # 2. Create a VPC using the above VPC offering # 3. Create a network as part of this VPC. # 4. Deploy few Vms. # 5. Create a LB rule for this VM. # 6. Create a PF rule for this VM. # 7. Create a Static Nat rule for this VM. # 8. Create Ingress rules on the network to open the above created # LB PF and Static Nat rule # 9. Create Egress Network ACL for this network to access google.com. # 10. Enable VPN services if not self.isOvsPluginEnabled: self.skipTest("OVS plugin should be enabled to run this test case") self.debug("Creating a VPC offering..") vpc_off = VpcOffering.create( self.apiclient, self.services["vpc_offering"] ) vpc_off.update(self.apiclient, state='Enabled') self.debug("creating a VPC network in the account: %s" % self.account.name) vpc = VPC.create( self.apiclient, self.services["vpc"], vpcofferingid=vpc_off.id, zoneid=self.zone.id, account=self.account.name, domainid=self.account.domainid, networkDomain=self.account.domainid ) self.validate_vpc_network(vpc) self.network_offering = NetworkOffering.create( self.apiclient, self.services["network_offering"], conservemode=False ) # Enable Network offering self.network_offering.update(self.apiclient, state='Enabled') gateway = vpc.cidr.split('/')[0] # Split the cidr to retrieve gateway # for eg. cidr = 10.0.0.1/24 # Gateway = 10.0.0.1 # Creating network using the network offering created self.debug("Creating network with network offering: %s" % self.network_offering.id) network = Network.create( self.apiclient, self.services["network"], accountid=self.account.name, domainid=self.account.domainid, networkofferingid=self.network_offering.id, zoneid=self.zone.id, gateway=gateway, vpcid=vpc.id ) self.debug("Created network with ID: %s" % network.id) # Spawn an instance in that network virtual_machine = VirtualMachine.create( self.apiclient, self.services["virtual_machine"], accountid=self.account.name, domainid=self.account.domainid, serviceofferingid=self.service_offering.id, networkids=[str(network.id)] ) self.debug("Deployed VM in network: %s" % network.id) self.debug("Associating public IP for network: %s" % network.name) public_ip = PublicIPAddress.create( self.apiclient, accountid=self.account.name, zoneid=self.zone.id, domainid=self.account.domainid, networkid=network.id, vpcid=vpc.id ) self.debug("Associated %s with network %s" % ( public_ip.ipaddress.ipaddress, network.id )) self.debug("Creating LB rule for IP address: %s" % public_ip.ipaddress.ipaddress) LoadBalancerRule.create( self.apiclient, self.services["lbrule"], ipaddressid=public_ip.ipaddress.id, accountid=self.account.name, networkid=network.id, vpcid=vpc.id, domainid=self.account.domainid ) self.debug("Associating public IP for network: %s" % vpc.name) public_ip_2 = PublicIPAddress.create( self.apiclient, accountid=self.account.name, zoneid=self.zone.id, domainid=self.account.domainid, networkid=network.id, vpcid=vpc.id ) self.debug("Associated %s with network %s" % ( public_ip_2.ipaddress.ipaddress, network.id )) NATRule.create( self.apiclient, virtual_machine, self.services["natrule"], ipaddressid=public_ip_2.ipaddress.id, openfirewall=False, networkid=network.id, vpcid=vpc.id ) self.debug("Adding NetwrokACl rules to make PF and LB accessible") NetworkACL.create( self.apiclient, networkid=network.id, services=self.services["natrule"], traffictype='Ingress' ) NetworkACL.create( self.apiclient, networkid=network.id, services=self.services["lbrule"], traffictype='Ingress' ) self.debug("Checking if we can SSH into VM?") try: virtual_machine.get_ssh_client( ipaddress=public_ip_2.ipaddress.ipaddress, ) self.debug("SSH into VM is successfully") except Exception as e: self.fail("Failed to SSH into VM - %s, %s" % (public_ip_2.ipaddress.ipaddress, e)) self.debug("Associating public IP for network: %s" % network.name) public_ip_3 = PublicIPAddress.create( self.apiclient, accountid=self.account.name, zoneid=self.zone.id, domainid=self.account.domainid, networkid=network.id, vpcid=vpc.id ) self.debug("Associated %s with network %s" % ( public_ip_3.ipaddress.ipaddress, network.id )) self.debug("Enabling static NAT for IP: %s" % public_ip_3.ipaddress.ipaddress) try: StaticNATRule.enable( self.apiclient, ipaddressid=public_ip_3.ipaddress.id, virtualmachineid=virtual_machine.id, networkid=network.id ) self.debug("Static NAT enabled for IP: %s" % public_ip_3.ipaddress.ipaddress) except Exception as e: self.fail("Failed to enable static NAT on IP: %s - %s" % ( public_ip_3.ipaddress.ipaddress, e)) public_ips = PublicIPAddress.list( self.apiclient, networkid=network.id, listall=True, isstaticnat=True, account=self.account.name, domainid=self.account.domainid ) self.assertEqual( isinstance(public_ips, list), True, "List public Ip for network should list the Ip addr" ) self.assertEqual( public_ips[0].ipaddress, public_ip_3.ipaddress.ipaddress, "List public Ip for network should list the Ip addr" ) # TODO: Remote Access VPN is not yet supported in VPC return
def test_01_firewall_rules_port_fw(self): """"Checking firewall rules deletion after static NAT disable""" # Validate the following: #1. Enable static NAT for a VM #2. Open up some ports. At this point there will be new rows in the # firewall_rules table. #3. Disable static NAT for the VM. #4. Check fire wall rules are deleted from firewall_rules table. public_ip = self.public_ip.ipaddress # Enable Static NAT for VM StaticNATRule.enable(self.apiclient, public_ip.id, self.virtual_machine.id) self.debug("Enabled static NAT for public IP ID: %s" % public_ip.id) #Create Static NAT rule, in fact it's firewall rule nat_rule = StaticNATRule.create(self.apiclient, self.services["firewall_rule"], public_ip.id) self.debug("Created Static NAT rule for public IP ID: %s" % public_ip.id) self.debug("Checking IP address") ip_response = PublicIPAddress.list(self.apiclient, id=public_ip.id) self.assertEqual(isinstance(ip_response, list), True, "Check ip response returns a valid list") self.assertNotEqual(len(ip_response), 0, "Check static NAT Rule is created") self.assertTrue(ip_response[0].isstaticnat, "IP is not static nat enabled") self.assertEqual(ip_response[0].virtualmachineid, self.virtual_machine.id, "IP is not binding with the VM") self.debug("Checking Firewall rule") firewall_response = FireWallRule.list(self.apiclient, ipaddressid=public_ip.id, listall=True) self.assertEqual(isinstance(firewall_response, list), True, "Check firewall response returns a valid list") self.assertNotEqual(len(firewall_response), 0, "Check firewall rule is created") self.assertEqual(firewall_response[0].state, "Active", "Firewall rule is not active") self.assertEqual(firewall_response[0].ipaddressid, public_ip.id, "Firewall rule is not static nat related") self.assertEqual(firewall_response[0].startport, str(self.services["firewall_rule"]["startport"]), "Firewall rule is not with specific port") self.debug("Removed the firewall rule") nat_rule.delete(self.apiclient) self.debug("Checking IP address, it should still existed") ip_response = PublicIPAddress.list(self.apiclient, id=public_ip.id) self.assertEqual(isinstance(ip_response, list), True, "Check ip response returns a valid list") self.assertNotEqual(len(ip_response), 0, "Check static NAT Rule is created") self.assertTrue(ip_response[0].isstaticnat, "IP is not static nat enabled") self.assertEqual(ip_response[0].virtualmachineid, self.virtual_machine.id, "IP is not binding with the VM") self.debug("Checking Firewall rule, it should be removed") firewall_response = FireWallRule.list(self.apiclient, ipaddressid=public_ip.id, listall=True) self.assertEqual(isinstance(firewall_response, list), True, "Check firewall response returns a valid list") if len(firewall_response) != 0: self.assertEqual( firewall_response[0].state, "Deleting", "Firewall rule should be deleted or in deleting state") return
def test_01_vpc_remote_access_vpn(self): """Test Remote Access VPN in VPC""" # 1) Create VPC vpc = VPC.create( api_client=self.apiclient, services=self.services["vpc"], networkDomain="vpc.vpn", vpcofferingid=self.vpc_offering.id, zoneid=self.zone.id, account=self.account.name, domainid=self.domain.id ) self.assertIsNotNone(vpc, "VPC creation failed") self.logger.debug("VPC %s created" % (vpc.id)) self.cleanup.append(vpc) # 2) Create network in VPC ntwk = Network.create( api_client=self.apiclient, services=self.services["network_1"], accountid=self.account.name, domainid=self.domain.id, networkofferingid=self.network_offering.id, zoneid=self.zone.id, vpcid=vpc.id ) self.assertIsNotNone(ntwk, "Network failed to create") self.logger.debug("Network %s created in VPC %s" % (ntwk.id, vpc.id)) self.cleanup.append(ntwk) # 3) Deploy a vm vm = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"], templateid=self.template.id, zoneid=self.zone.id, accountid=self.account.name, domainid=self.domain.id, serviceofferingid=self.virtual_machine_offering.id, networkids=ntwk.id, hypervisor=self.hypervisor ) self.assertIsNotNone(vm, "VM failed to deploy") self.assertEquals(vm.state, 'Running', "VM is not running") self.debug("VM %s deployed in VPC %s" % (vm.id, vpc.id)) self.logger.debug("Deployed virtual machine: OK") self.cleanup.append(vm) # 4) Enable VPN for VPC src_nat_list = PublicIPAddress.list( self.apiclient, account=self.account.name, domainid=self.account.domainid, listall=True, issourcenat=True, vpcid=vpc.id ) ip = src_nat_list[0] self.logger.debug("Acquired public ip address: OK") vpn = Vpn.create(self.apiclient, publicipid=ip.id, account=self.account.name, domainid=self.account.domainid, iprange=self.services["vpn"]["iprange"], fordisplay=self.services["vpn"]["fordisplay"] ) self.assertIsNotNone(vpn, "Failed to create Remote Access VPN") self.logger.debug("Created Remote Access VPN: OK") vpn_user = None # 5) Add VPN user for VPC vpn_user = VpnUser.create(self.apiclient, account=self.account.name, domainid=self.account.domainid, username=self.services["vpn"]["vpn_user"], password=self.services["vpn"]["vpn_pass"] ) self.assertIsNotNone(vpn_user, "Failed to create Remote Access VPN User") self.logger.debug("Created VPN User: OK") # TODO: Add an actual remote vpn connection test from a remote vpc # 9) Disable VPN for VPC vpn.delete(self.apiclient) self.logger.debug("Deleted the Remote Access VPN: OK")
def test_02_list_publicip_domain_admin(self): """ A domain admin should be able to list public IP address of his/her domain and all sub domains Step 1: Create an isolated network in the user domain and sub domain Step 2: Associate IP in the range, dedicated to domain1 Step 3: Display all public ip address in domain1 Step 4: Ensure that the count is greater than or equal to 10 Step 5: Display only the allocated Ip address in domain1 Step 6: Ensure that the count is 1 Step 7: Try to display public ip address from shared networks Step 8: It should not return any result Step 9: Try to display ip address of domain1 from domain2 Step 10: Ensure that it doesnt not return any result :return: """ # Step 1. Create isolated network self.isolated_network1 = Network.create( self.apiclient, self.services["isolated_network"], accountid=self.account1.name, domainid=self.account1.domainid, networkofferingid=self.isolated_network_offering.id, zoneid=self.zone.id ) # Step 2. Associate IP in range dedicated to domain1 ip_address_1 = self.get_free_ipaddress(self.public_ip_range1.vlan.id) ipaddress = PublicIPAddress.create( self.apiclient, zoneid=self.zone.id, networkid=self.isolated_network1.id, ipaddress=ip_address_1 ) self.assertIsNotNone( ipaddress, "Failed to Associate IP Address" ) # Step 3: Display all public ip address in domain1 user = self.account1.user[0] user_api_client = self.testClient.getUserApiClient(user.username, self.domain1.name) ipAddresses = PublicIPAddress.list( user_api_client, allocatedonly=False, isrecursive=True, listall=True, forvirtualnetwork=True) # Step 4: Ensure that the count is equal to 10 self.assertEqual( len(ipAddresses), 10, "Failed to display all public ip address is domain %s" % self.domain1.name ) # Display public ip address using network id ipAddresses = PublicIPAddress.list( self.apiclient, associatednetworkid=self.isolated_network1.id, account=self.account1.name, domainid=self.account1.domainid, allocatedonly=False, listall=True, forvirtualnetwork=True) # Step 4: Ensure that the count is greater than or equal to 10 self.assertEqual( len(ipAddresses), 10, "Failed to display all public ip address using network id" ) # Step 5: Display all allocated public ip address in domain1 ipAddresses = PublicIPAddress.list( user_api_client, allocatedonly=True, isrecursive=True, listall=True, forvirtualnetwork=True) # Step 6: Ensure that the count is greater than or equal to 1 self.assertEqual( len(ipAddresses), 1, "Allocated IP address is greater than 1" ) # Step 7: Display public ip address from shared networks ipAddresses = PublicIPAddress.list( user_api_client, allocatedonly=True, isrecursive=True, listall=True, forvirtualnetwork=False) # Step 8: Ensure that the result is empty self.assertIsNone( ipAddresses, "Users should not display ip from shared networks" ) try: # Step 9 user = self.account2.user[0] user_api_client = self.testClient.getUserApiClient(user.username, self.domain2.name) ipAddresses = PublicIPAddress.list( user_api_client, allocatedonly=False, listall=True, associatednetworkid=self.isolated_network1.id, forvirtualnetwork=True) # Step 10 self.fail("Domain should not access public ip of sibling domain") except Exception as e: self.info("Got exception as expected since domain2 cant access network of domain1")
def test_vpc_remote_access_vpn(self): """Test Remote Access VPN in VPC""" # 0) Get the default network offering for VPC self.logger.debug("Retrieving default VPC offering") networkOffering = NetworkOffering.list( self.apiclient, name="DefaultIsolatedNetworkOfferingForVpcNetworks") self.assert_(networkOffering is not None and len(networkOffering) > 0, "No VPC based network offering") # 1) Create VPC vpcOffering = VpcOffering.list(self.apiclient, isdefault=True) self.assert_(vpcOffering is not None and len(vpcOffering) > 0, "No VPC offerings found") try: vpc = VPC.create(apiclient=self.apiclient, services=self.services["vpc"], networkDomain="vpc.vpn", vpcofferingid=vpcOffering[0].id, zoneid=self.zone.id, account=self.account.name, domainid=self.domain.id) except Exception as e: self.fail(e) finally: self.assert_(vpc is not None, "VPC creation failed") self.logger.debug("VPC %s created" % (vpc.id)) try: # 2) Create network in VPC ntwk = Network.create(apiclient=self.apiclient, services=self.services["network_1"], accountid=self.account.name, domainid=self.domain.id, networkofferingid=networkOffering[0].id, zoneid=self.zone.id, vpcid=vpc.id) except Exception as e: self.fail(e) finally: self.assertIsNotNone(ntwk, "Network failed to create") self.logger.debug("Network %s created in VPC %s" % (ntwk.id, vpc.id)) try: # 3) Deploy a vm vm = VirtualMachine.create( self.apiclient, services=self.services["virtual_machine"], templateid=self.template.id, zoneid=self.zone.id, accountid=self.account.name, domainid=self.domain.id, serviceofferingid=self.compute_offering.id, networkids=ntwk.id, hypervisor=self.services["virtual_machine"]["hypervisor"]) self.assert_(vm is not None, "VM failed to deploy") self.assert_(vm.state == 'Running', "VM is not running") self.debug("VM %s deployed in VPC %s" % (vm.id, vpc.id)) except Exception as e: self.fail(e) finally: self.logger.debug("Deployed virtual machine: OK") try: # 4) Enable VPN for VPC src_nat_list = PublicIPAddress.list(self.apiclient, account=self.account.name, domainid=self.account.domainid, listall=True, issourcenat=True, vpcid=vpc.id) ip = src_nat_list[0] except Exception as e: self.fail(e) finally: self.logger.debug("Acquired public ip address: OK") try: vpn = Vpn.create(self.apiclient, publicipid=ip.id, account=self.account.name, domainid=self.account.domainid, iprange=self.services["vpn"]["iprange"], fordisplay=self.services["vpn"]["fordisplay"]) except Exception as e: self.fail(e) finally: self.assertIsNotNone(vpn, "Failed to create Remote Access VPN") self.logger.debug("Created Remote Access VPN: OK") vpnUser = None # 5) Add VPN user for VPC try: vpnUser = VpnUser.create(self.apiclient, account=self.account.name, domainid=self.account.domainid, username=self.services["vpn"]["vpn_user"], password=self.services["vpn"]["vpn_pass"]) except Exception as e: self.fail(e) finally: self.assertIsNotNone(vpnUser, "Failed to create Remote Access VPN User") self.logger.debug("Created VPN User: OK") #TODO: Add an actual remote vpn connection test from a remote vpc try: # 9) Disable VPN for VPC vpn.delete(self.apiclient) except Exceptio as e: self.fail(e) finally: self.logger.debug("Deleted the Remote Access VPN: OK")
def test_01_create_delete_portforwarding_fornonvpc(self): """ @summary: Test to list, create and delete Port Forwarding for IP Address associated to Non VPC network @Steps: Step1: Creating a Network for the user Step2: Associating an IP Addresses for Network Step3: Launching Virtual Machine in network created in step 2 Step4: Listing Port Forwarding Rules for the IP Address associated in Step2 Step5: Verifying that no Port Forwarding Rules are listed Step6: Creating a Port Forwarding Rule for IP Address associated in Step2 Step7: Listing Port Forwarding Rules for the IP Address associated in Step2 Step8: Verifying 1 Port Forwarding Rule is listed Step9: Deleting the Port Forwarding Rule created in Step6 Step10: Listing Port Forwarding Rules for the IP Address associated in Step2 Step11: Verifying that no Port Forwarding Rules are listed """ # Listing all the Networks's for a user list_networks_before = Network.list( self.userapiclient, listall=self.services["listall"], type="Isolated" ) # Verifying No Networks are listed self.assertIsNone( list_networks_before, "Networks listed for newly created User" ) # Listing Network Offerings network_offerings_list = NetworkOffering.list( self.apiClient, forvpc="false", guestiptype="Isolated", state="Enabled", supportedservices="SourceNat,PortForwarding", zoneid=self.zone.id ) status = validateList(network_offerings_list) self.assertEquals( PASS, status[0], "Isolated Network Offerings with sourceNat,\ PortForwarding enabled are not found" ) # Creating a network network = Network.create( self.userapiclient, self.services["network"], accountid=self.account.name, domainid=self.domain.id, networkofferingid=network_offerings_list[0].id, zoneid=self.zone.id ) self.assertIsNotNone( network, "Network creation failed" ) # Listing all the IP Addresses for a user list_ipaddresses_before = PublicIPAddress.list( self.userapiclient, listall=self.services["listall"] ) # Verifying no IP Addresses are listed self.assertIsNone( list_ipaddresses_before, "IP Addresses listed for newly created User" ) # Associating an IP Addresses to Network created associated_ipaddress = PublicIPAddress.create( self.userapiclient, services=self.services["network"], networkid=network.id ) self.assertIsNotNone( associated_ipaddress, "Failed to Associate IP Address" ) # Listing all the IP Addresses for a user list_ipaddresses_after = PublicIPAddress.list( self.userapiclient, listall=self.services["listall"] ) status = validateList(list_ipaddresses_after) self.assertEquals( PASS, status[0], "IP Addresses Association Failed" ) # Verifying the length of the list is 1 self.assertEqual( 1, len(list_ipaddresses_after), "Number of IP Addresses associated are not matching expected" ) # Launching a Virtual Machine with above created Network vm_created = VirtualMachine.create( self.userapiclient, self.services["virtual_machine"], accountid=self.account.name, domainid=self.account.domainid, networkids=network.id, serviceofferingid=self.service_offering.id, ) self.assertIsNotNone( vm_created, "Failed to launch a VM under network created" ) self.cleanup.append(network) # Listing Virtual Machines in running state in above created network list_vms_running = VirtualMachine.list( self.userapiclient, listall=self.services["listall"], state="Running", networkid=network.id ) status = validateList(list_vms_running) self.assertEquals( PASS, status[0], "VM Created is not in Running state" ) # Verifying the length of the list is 1 self.assertEqual( 1, len(list_ipaddresses_after), "VM Created is not in Running state" ) self.assertEquals( vm_created.id, list_vms_running[0].id, "VM Created is not in Running state" ) # Listing Virtual Machines in stopped state in above created network list_vms_stopped = VirtualMachine.list( self.userapiclient, listall=self.services["listall"], state="Stopped", networkid=network.id ) # Verifying no VMs are in stopped state self.assertIsNone( list_vms_stopped, "VM Created is in stopped state" ) # Listing Port Forwarding Rules for the IP Address associated list_prtfwdrule_before = NATRule.list( self.userapiclient, listall=self.services["listall"], ipaddressid=associated_ipaddress.ipaddress.id ) # Verifying no port forwarding rules are listed self.assertIsNone( list_prtfwdrule_before, "Port Forwarding Rules listed for newly associated IP Address" ) # Creating a Port Forwarding rule portfwd_rule = NATRule.create( self.userapiclient, virtual_machine=vm_created, services=self.services["natrule"], ipaddressid=associated_ipaddress.ipaddress.id, ) self.assertIsNotNone( portfwd_rule, "Failed to create Port Forwarding Rule" ) # Verifying details of Sticky Policy created # Creating expected and actual values dictionaries expected_dict = { "ipaddressid": associated_ipaddress.ipaddress.id, "privateport": str(self.services["natrule"]["privateport"]), "publicport": str(self.services["natrule"]["publicport"]), "protocol": str(self.services["natrule"]["protocol"]).lower(), } actual_dict = { "ipaddressid": portfwd_rule.ipaddressid, "privateport": str(portfwd_rule.privateport), "publicport": str(portfwd_rule.publicport), "protocol": portfwd_rule.protocol, } portfwd_status = self.__verify_values( expected_dict, actual_dict ) self.assertEqual( True, portfwd_status, "Created Port Forward Rule details are not as expected" ) # Listing Port Forwarding Rules for the IP Address associated list_prtfwdrule_after = NATRule.list( self.userapiclient, listall=self.services["listall"], ipaddressid=associated_ipaddress.ipaddress.id ) status = validateList(list_prtfwdrule_after) self.assertEquals( PASS, status[0], "Failed to create Port Forwarding Rule" ) # Verifying the length of the list is 1 self.assertEqual( 1, len(list_prtfwdrule_after), "Failed to create Port Forwarding Rule" ) # Deleting Port Forwarding Rule portfwd_rule.delete(self.userapiclient) # Creating a Port Forwarding rule with port range portfwd_rule = NATRule.create( self.userapiclient, virtual_machine=vm_created, services=self.services["natrulerange"], ipaddressid=associated_ipaddress.ipaddress.id, ) self.assertIsNotNone( portfwd_rule, "Failed to create Port Forwarding Rule" ) #update the private port for port forwarding rule updatefwd_rule = portfwd_rule.update(self.userapiclient, portfwd_rule.id, virtual_machine=vm_created, services=self.services["updatenatrulerange"], ) # Verifying details of Sticky Policy created # Creating expected and actual values dictionaries expected_dict = { "privateport": str(self.services["updatenatrulerange"]["privateport"]), "privateendport": str(self.services["updatenatrulerange"]["privateendport"]), } actual_dict = { "privateport": str(updatefwd_rule.privateport), "privateendport": str(updatefwd_rule.privateendport), } portfwd_status = self.__verify_values( expected_dict, actual_dict ) self.assertEqual( True, portfwd_status, "Updated Port Forward Rule details are not as expected" ) # Deleting Port Forwarding Rule portfwd_rule.delete(self.userapiclient) # Listing Port Forwarding Rules for the IP Address associated list_prtfwdrule_after = NATRule.list( self.userapiclient, listall=self.services["listall"], ipaddressid=associated_ipaddress.ipaddress.id ) # Verifying no port forwarding rules are listed self.assertIsNone( list_prtfwdrule_after, "Port Forwarding Rules listed after deletion" ) # Destroying the VM Launched vm_created.delete(self.apiClient) self.cleanup.append(self.account) return
def test_03_list_publicip_user_domain(self): """ A regular user should be able to display public ip address only in their domain Step 1: Create an isolated network in the user domain Step 2: Display all public ip address in that domain Step 3: Ensure that the count is 10 Step 4: Associate IP in the range, dedicated to domain2 Step 5: Display only the allocated Ip address in domain2 Step 6: Ensure that the count is 1 Step 7: Try to display public ip address from shared networks Step 8: It should not return any result Step 9: Try to display allocated public ip address of child domain using networkid Step 10: It should display all allocated ip address from child domain Step 11: Try to display all public ip address from child domain Step 12: It should display all public ip of child domain Step 13: Try to display ip of domain2 from a different domain Step 14: Ensure that we get exception when trying to do so :return: """ user = self.sub_account.user[0] sub_user_api_client = self.testClient.getUserApiClient(user.username, self.sub_domain.name) # Step 1: create network in child domain self.isolated_network2 = Network.create( self.apiclient, self.services["isolated_network"], accountid=self.sub_account.name, domainid=self.sub_account.domainid, networkofferingid=self.isolated_network_offering.id, zoneid=self.zone.id ) # Step 2: Display all public ip address in sub domain ipAddresses = PublicIPAddress.list( sub_user_api_client, allocatedonly=False, listall=True, forvirtualnetwork=True) # Step 3: Ensure that sub domain can list only the ip address in their domain self.assertEqual( len(ipAddresses), 10, "Allocated IP address is greater than 1" ) # Step 4: Associate IP in range dedicated to sub domain ip_address_1 = self.get_free_ipaddress(self.public_ip_range2.vlan.id) ipaddress = PublicIPAddress.create( sub_user_api_client, zoneid=self.zone.id, networkid=self.isolated_network2.id, ipaddress=ip_address_1 ) # Step 5: Display all allocated ip address in sub domain ipAddresses = PublicIPAddress.list( sub_user_api_client, allocatedonly=True, listall=True, forvirtualnetwork=True) # Step 6: Ensure that the count is 1 self.assertEqual( len(ipAddresses), 1, "Allocated IP address is greater than 1" ) # Step 7: Display ip address from shared networks ipAddresses = PublicIPAddress.list( sub_user_api_client, allocatedonly=True, listall=True, forvirtualnetwork=False) # Step 8: It should not return any result self.assertIsNone( ipAddresses, "Users should not display ip from shared networks" ) user = self.account1.user[0] user_api_client = self.testClient.getUserApiClient(user.username, self.domain1.name) # Step 9: display ip of child domain using network id ipAddresses = PublicIPAddress.list( user_api_client, allocatedonly=True, listall=True, isrecursive=True, associatednetworkid=self.isolated_network2.id, forvirtualnetwork=True) # Step 10: Ensure that the count is 1 as only 1 ip is acquired in test 3 self.assertEqual( len(ipAddresses), 1, "Unable to display IP address of child domain using network id" ) # Step 11: display ip of child domain using network id ipAddresses = PublicIPAddress.list( user_api_client, allocatedonly=False, listall=True, isrecursive=True, associatednetworkid=self.isolated_network2.id, forvirtualnetwork=True) # Step 12: Ensure that the count is 1 as only 1 ip is acquired in test 3 self.assertEqual( len(ipAddresses), 10, "Unable to display IP address of child domain using network id" ) try: # Step 13 user = self.account2.user[0] user_api_client = self.testClient.getUserApiClient(user.username, self.domain2.name) PublicIPAddress.list( user_api_client, allocatedonly=False, listall=True, associatednetworkid=self.isolated_network2.id, forvirtualnetwork=True) # Step 14 self.fail("Domain should not access public ip of sibling domain") except Exception as e: self.info("Got exception as expected since domain2 cant access network of domain1")
def test_add_multiple_admins_in_project(self): """ 1. Create a User Account 2. Add user account with 'Admin' project account role and associate it with a Project role; The role defines what APIs are allowed/disallowed for the user: here, 'listPublicIpAddresses' is denied for the user account 3. Execute the 'listPublicIpAddresses' API and verify/confirm that the user/account can execute the API as it is a project admin """ self.useraccount = Account.create(self.apiclient, self.testdata["account"], roleid=4) self.cleanup.append(self.useraccount) self.useraccount1 = Account.create(self.apiclient, self.testdata["useracc"], roleid=4) self.cleanup.append(self.useraccount1) self.project.addAccount(self.apiclient, account=self.useraccount.name, projectroleid=self.projectrole.id, roletype='Admin') self.project.addAccount(self.apiclient, account=self.useraccount1.name, projectroleid=self.projectrole.id) project_accounts = Project.listAccounts(self.apiclient, projectid=self.project.id, role='Admin') self.assertEqual(len(project_accounts), 2, "account not added with admin Role") self.userapiclientAdminRole = self.testClient.getUserApiClient( UserName=self.useraccount.name, DomainName=self.useraccount.domain, type=0) self.userapiclientRegularRole = self.testClient.getUserApiClient( UserName=self.useraccount1.name, DomainName=self.useraccount1.domain, type=0) try: PublicIPAddress.list(self.userapiclientAdminRole, projectid=self.project.id) self.debug( "User added to the project could execute the listPublicIpAddresses API despite the project " "role as it is the Admin") pass except CloudstackAPIException: self.fail( "User is an Admin, should be able to execute the command despite Project role" ) try: self.project.suspend(self.userapiclientAdminRole, ) self.debug( "The user can perform Project administrative operations as it is added as " "an Admin to the project") pass except CloudstackAPIException: self.fail( "User should be allowed to execute project administrative operations" "as it is the Project Admin") try: self.project.suspend(self.userapiclientRegularRole, ) except Exception as e: pass
def test_05_list_publicip_user_domain(self): """ A domain admin should be able to display public ip address in their domain and also all child domains Step 1: Display all public ip address in that domain and sub domain Step 2: Ensure that the count is 20 Step 3: Display only the allocated Ip address Step 4: Ensure that the count is 2 Step 5: Try to display public ip of vpc from different domain Step 6: Ensure that we get exception when trying to do so :return: """ user = self.account2.user[0] user_api_client = self.testClient.getUserApiClient(user.username, self.domain2.name) self.services["vpc"]["cidr"] = "10.1.1.1/16" vpc_1 = VPC.create( user_api_client, self.services["vpc"], vpcofferingid=self.vpc_off.id, zoneid=self.zone.id, account=self.account2.name, domainid=self.account2.domainid ) self.validate_vpc_network(vpc_1) ipAddresses = PublicIPAddress.list( user_api_client, allocatedonly=False, listall=True, forvirtualnetwork=True) self.assertGreaterEqual( len(ipAddresses), 10, "Unable to display all public ip in VPC" ) # List ip address using vpcid ipAddresses = PublicIPAddress.list( self.apiclient, vpcid=vpc_1.id, allocatedonly=False, account=self.account2.name, domainid=self.domain2.id, forvirtualnetwork=True) self.assertGreaterEqual( len(ipAddresses), 10, "Unable to display all public ip in VPC" ) # Acquire public ip address from VPC ip_address_1 = self.get_free_ipaddress(self.public_ip_range3.vlan.id) PublicIPAddress.create( user_api_client, zoneid=self.zone.id, vpcid=vpc_1.id, ipaddress=ip_address_1 ) ipAddresses = PublicIPAddress.list( user_api_client, allocatedonly=True, listall=True, forvirtualnetwork=True) self.assertGreaterEqual( len(ipAddresses), 2, "Unable to display allocated public ip in VPC" ) try: # Step 5 user = self.account1.user[0] user_api_client = self.testClient.getUserApiClient(user.username, self.domain1.name) PublicIPAddress.list( user_api_client, allocatedonly=False, listall=True, vpcid=vpc_1.id, forvirtualnetwork=True) # Step 6 self.fail("Domain should not access public ip of sibling domain") except Exception as e: self.info("Got exception as expected since domain2 cant access network of domain1") self.vpc_off.update(self.apiclient, state='Disabled') self.cleanup.append(vpc_1) self.cleanup.append(self.vpc_off)