def test_default_security_group_bridge_port_nondef_netpart(self):
kwargs = {
'gatewayvlan': self.gatewayvlans[6][0]['ID'],
'port': None,
'subnet': self.nondef_subnet['id'],
'tenant': self.client.tenant_id
}
body = self.client.create_gateway_vport(**kwargs)
vport = body['nuage_gateway_vport']
self.gatewayvports.append(vport)
gw_vport = self.nuage_client.get_host_vport(vport['id'])
self.verify_vport_properties(gw_vport[0], vport,
self.nondef_network['id'])
body = self.admin_client.list_gateway_vport(self.nondef_subnet['id'])
vports = body['nuage_gateway_vports']
found_vport = False
for vport in vports:
if vport['name'] == gw_vport[0]['name']:
found_vport = True
self.verify_vport_properties(gw_vport[0], vport,
self.nondef_network['id'])
if not found_vport:
assert False, "Bridge Vport not found"
l3domain = self.nuage_client.get_l3domain(
filters='externalID',
filter_values=self.nondef_router['id'],
netpart_name=self.nondef_netpart['name'])
default_pg = self.nuage_client.get_policygroup(n_constants.DOMAIN,
l3domain[0]['ID'])
self.assertEqual(
n_constants.NUAGE_PLCY_GRP_ALLOW_ALL
if Topology.has_unified_pg_for_all_support() else
'defaultPG-VRSG-BRIDGE-' + vport['subnet'], default_pg[0]['name'])
vports_from_pg = self.nuage_client.get_vport(n_constants.POLICYGROUP,
default_pg[0]['ID'])
for vport_from_pg in vports_from_pg:
if vport_from_pg['name'] == vport['name']:
break
else:
self.fail("Can't find Vport {} under the policy group {}".format(
vport['name'], default_pg[0]['name']))
nuage_eacl_template = self.nuage_client.get_egressacl_template(
n_constants.DOMAIN, l3domain[0]['ID'])
nuage_eacl_entrytemplate = \
self.nuage_client.get_egressacl_entrytemplate(
n_constants.EGRESS_ACL_TEMPLATE,
nuage_eacl_template[0]['ID'])
vport_tp_pg_mapping = False
for nuage_eacl_entry in nuage_eacl_entrytemplate:
if nuage_eacl_entry['locationID'] == default_pg[0]['ID']:
self.assertEqual(nuage_eacl_entry['networkType'], 'ANY')
self.assertEqual(nuage_eacl_entry['locationType'],
'POLICYGROUP')
vport_tp_pg_mapping = True
if vport_tp_pg_mapping is False:
assert False, "Bridge Vport not found in default PG"
def _validate_policygroup(self, topology, pg_name=None, vport_num=1):
if topology.normal_port is not None or self.is_dhcp_agent_present():
expected_pgs = 2 # Expecting software + hardware
else:
expected_pgs = 1 # Expecting only hardware
if not Topology.has_unified_pg_for_all_support():
if self.is_dhcp_agent_present():
expected_pgs += 1 # Extra PG for dhcp agent
# Repeated check in case of agent
for attempt in range(Topology.nbr_retries_for_test_robustness):
if len(topology.get_vsd_policygroups(
True)) == expected_pgs:
break
else:
LOG.error("Unexpected amount of PGs found, "
"expected {} found {} "
"(attempt {})".format(
expected_pgs,
len(topology.vsd_policygroups),
attempt + 1))
time.sleep(1)
self.assertThat(topology.get_vsd_policygroups(True),
matchers.HasLength(expected_pgs),
message="Unexpected amount of PGs found")
for pg in topology.vsd_policygroups:
if pg['type'] == 'HARDWARE':
vsd_policygroup = pg
break
else:
self.fail("Could not find HARDWARE policy group.")
self.assertThat(vsd_policygroup['type'], matchers.Equals('HARDWARE'))
if Topology.has_unified_pg_for_all_support():
if pg_name:
self.assertEqual(pg_name, vsd_policygroup['name'])
self.assertEqual(pg_name, vsd_policygroup['description'])
self.assertEqual(
"hw:" + (ExternalId(
constants.NUAGE_PLCY_GRP_ALLOW_ALL).at_cms_id()),
vsd_policygroup['externalID'])
else:
self.assertEqual(topology.security_group['id'] + "_HARDWARE",
vsd_policygroup['name'])
self.assertEqual(topology.security_group['name'],
vsd_policygroup['description'])
self.assertEqual(
"hw:" +
(ExternalId(topology.security_group['id']).at_cms_id()),
vsd_policygroup['externalID'])
vsd_pg_vports = self.vsd_client.get_vport(constants.POLICYGROUP,
vsd_policygroup['ID'])
self.assertThat(vsd_pg_vports,
matchers.HasLength(vport_num),
message="Expected to find exactly {} "
"vport in PG".format(vport_num))
for vsd_pg_vport in vsd_pg_vports:
if vsd_pg_vport['ID'] == topology.vsd_baremetal_vport['ID']:
break
else:
self.fail("Vport should be part of HARDWARE PG")
else:
if pg_name:
self.assertThat(vsd_policygroup['name'],
matchers.Contains(pg_name))
vsd_pg_vports = self.vsd_client.get_vport(constants.POLICYGROUP,
vsd_policygroup['ID'])
self.assertThat(vsd_pg_vports,
matchers.HasLength(1),
message="Expected to find exactly 1 vport in PG")
self.assertThat(vsd_pg_vports[0]['ID'],
matchers.Equals(
topology.vsd_baremetal_vport['ID']),
message="Vport should be part of HARDWARE PG")
class BaremetalPortsTest(network_mixin.NetworkMixin, l3.L3Mixin,
sg_mixin.SGMixin):
credentials = ['admin']
personality = 'VSG'
PG_NAME = (constants.NUAGE_PLCY_GRP_ALLOW_ALL_HW
if Topology.has_unified_pg_for_all_support() else
'PG_FOR_LESS_SECURITY')
@classmethod
def setUpClass(cls):
super(BaremetalPortsTest, cls).setUpClass()
if (CONF.nuage_sut.nuage_baremetal_driver ==
constants.BAREMETAL_DRIVER_BRIDGE):
cls.expected_vport_type = constants.VPORT_TYPE_BRIDGE
elif (CONF.nuage_sut.nuage_baremetal_driver ==
constants.BAREMETAL_DRIVER_HOST):
cls.expected_vport_type = constants.VPORT_TYPE_HOST
else:
raise Exception("Unexpected configuration of "
"'nuage_baremetal_driver'")
cls.expected_vlan_normal = 0
cls.expected_vlan_transparent = 4095
@classmethod
def skip_checks(cls):
super(BaremetalPortsTest, cls).skip_checks()
if not CONF.service_available.neutron:
# this check prevents this test to be run in unittests
raise cls.skipException("Neutron support is required")
@classmethod
def setup_clients(cls):
super(BaremetalPortsTest, cls).setup_clients()
cls.vsd_client = NuageRestClient()
@classmethod
def resource_setup(cls):
super(BaremetalPortsTest, cls).resource_setup()
# Only gateway here, to support parallel testing each tests makes its
# own gateway port so no VLAN overlap should occur.
cls.gateway = cls.vsd_client.create_gateway(
data_utils.rand_name(name='vsg'),
data_utils.rand_name(name='sys_id'), cls.personality)[0]
@classmethod
def resource_cleanup(cls):
super(BaremetalPortsTest, cls).resource_cleanup()
cls.vsd_client.delete_gateway(cls.gateway['ID'])
def setUp(self):
super(BaremetalPortsTest, self).setUp()
gw_port_name = data_utils.rand_name(name='gw-port')
self.gw_port = self.vsd_client.create_gateway_port(
gw_port_name,
gw_port_name,
'ACCESS',
self.gateway['ID'],
extra_params={'VLANRange': '0-4095'})[0]
self.binding_data = {
'binding:vnic_type': 'baremetal',
'binding:host_id': 'dummy',
'binding:profile': {
"local_link_information": [{
"port_id":
self.gw_port['name'],
"switch_info":
self.gateway['systemID']
}]
}
}
gw_port_name1 = data_utils.rand_name(name='gw-port')
self.gw_port1 = self.vsd_client.create_gateway_port(
gw_port_name1,
gw_port_name1,
'ACCESS',
self.gateway['ID'],
extra_params={'VLANRange': '0-4095'})[0]
self.binding_data1 = {
'binding:vnic_type': 'baremetal',
'binding:host_id': 'dummy',
'binding:profile': {
"local_link_information": [{
"port_id":
self.gw_port1['name'],
"switch_info":
self.gateway['systemID']
}]
}
}
def test_baremetal_port_l3_create(self):
topology = self._create_topology(with_router=True)
self._test_baremetal_port(topology, update=False)
@testtools.skipUnless(Topology.has_vlan_transparency_support(),
'Test skipped as no vlan transparency supported')
def test_baremetal_port_l3_create_vlan_transparent(self):
topology = self._create_topology(with_router=True,
vlan_transparent=True)
self._test_baremetal_port(topology,
update=False,
vlan_transparent=True)
@decorators.attr(type='smoke')
def test_baremetal_port_l3_update(self):
topology = self._create_topology(with_router=True)
self._test_baremetal_port(topology, update=True)
@testtools.skipUnless(Topology.has_vlan_transparency_support(),
'Test skipped as no vlan transparency supported')
def test_baremetal_port_l3_update_vlan_transparent(self):
topology = self._create_topology(with_router=True,
vlan_transparent=True)
self._test_baremetal_port(topology, update=True, vlan_transparent=True)
@decorators.attr(type='smoke')
def test_baremetal_port_l2_create(self):
topology = self._create_topology(with_router=False)
self._test_baremetal_port(topology, update=False)
@decorators.attr(type='smoke')
def test_baremetal_port_l2_create_vlan_transparent(self):
topology = self._create_topology(with_router=False,
vlan_transparent=True)
self._test_baremetal_port(topology,
update=False,
vlan_transparent=True)
def test_baremetal_port_l2_update(self):
topology = self._create_topology(with_router=False)
self._test_baremetal_port(topology, update=True)
def test_baremetal_port_l2_update_vlan_transparent(self):
topology = self._create_topology(with_router=False,
vlan_transparent=True)
self._test_baremetal_port(topology, update=True, vlan_transparent=True)
@testtools.skip("Currently unknown how to trigger vport resolution")
def test_router_attach(self):
topology = self._create_topology(with_router=False)
port = self.create_port(topology.network['id'], **self.binding_data)
topology.baremetal_port = port
with self.router(attached_subnets=[topology.subnet['id']]) as router:
topology.router = router
self._validate_vsd(topology)
@testtools.skip("Currently not supported")
def test_port_dhcp_opts_create(self):
topology = self._create_topology()
data = {
'security_groups': [topology.security_group['id']],
'extra_dhcp_opts': [{
'opt_name': 'tftp-server',
'opt_value': '192.168.0.3'
}]
}
data.update(self.binding_data)
baremetal_port = self.create_port(topology.network['id'], **data)
# Workaround for https://bugs.launchpad.net/neutron/+bug/1698852
topology.baremetal_port = self.get_port(baremetal_port['id'])
self._validate_dhcp_option(topology)
@testtools.skip("Currently not supported")
def test_port_dhcp_opts_update(self):
topology = self._create_topology()
create_data = {'security_groups': [topology.security_group['id']]}
create_data.update(self.binding_data)
data = {
'extra_dhcp_opts': [{
'opt_name': 'tftp-server',
'opt_value': '192.168.0.3'
}]
}
baremetal_port = self.create_port(topology.network['id'],
**create_data)
baremetal_port = self.update_port(baremetal_port['id'], **data)
topology.baremetal_port = baremetal_port
self._validate_dhcp_option(topology)
@decorators.attr(type='negative')
def test_fail_create_with_default_sg(self):
topology = self._create_topology()
# Creating baremetal port with default sg should fail
# as it has rules with remote-group-id
self.assertRaises(lib_exc.BadRequest, self.create_port,
topology.network['id'], **self.binding_data)
@decorators.attr(type='negative')
def test_fail_create_with_sg_used_by_vm(self):
topology = self._create_topology(with_router=True, with_port=True)
# update a normal port with binding and sg
# this will result in port binding
data = {
'security_groups': [topology.security_group['id']],
'device_owner': 'compute:nova',
'device_id': topology.normal_port['id'],
'binding:host_id': 'dummy'
}
self.update_port(topology.normal_port['id'], **data)
self.assertRaises(lib_exc.BadRequest, self.create_port,
topology.network['id'], **self.binding_data)
data = {'security_groups': []}
self.update_port(topology.normal_port['id'], **data)
@decorators.attr(type='negative')
def test_fail_create_with_non_existent_gw(self):
topology = self._create_topology()
data = {
'security_groups': [topology.security_group['id']],
'binding:vnic_type': 'baremetal',
'binding:host_id': 'dummy',
'binding:profile': {
"local_link_information": [{
"port_id": self.gw_port['name'],
"switch_info": '123.123.123.123'
}]
}
}
self.assertRaises(lib_exc.BadRequest, self.create_port,
topology.network['id'], **data)
@decorators.attr(type='negative')
def test_fail_create_with_non_existent_port(self):
topology = self._create_topology()
data = {
'security_groups': [topology.security_group['id']],
'binding:vnic_type': 'baremetal',
'binding:host_id': 'dummy',
'binding:profile': {
"local_link_information": [{
"port_id":
data_utils.rand_name(name='gw-port'),
"switch_info":
self.gateway['systemID']
}]
}
}
self.assertRaises(lib_exc.BadRequest, self.create_port,
topology.network['id'], **data)
@decorators.attr(type='smoke')
def test_l2_create_without_psec(self):
topology = self._create_topology()
create_data = {
'port_security_enabled': False,
'binding:vnic_type': 'baremetal',
'binding:host_id': 'dummy',
'binding:profile': {
"local_link_information": [{
"port_id":
self.gw_port['name'],
"switch_info":
self.gateway['systemID']
}]
}
}
baremetal_port = self.create_port(topology.network['id'],
**create_data)
topology.baremetal_port = baremetal_port
self._validate_baremetal_vport(topology)
self._validate_vlan(topology, vlan_transparent=False)
self._validate_interface(topology)
if Topology.is_v5:
self._validate_policygroup(topology, self.PG_NAME)
else:
# Add normal port and check there are two PG_ALLOW_ALL
# (software and hardware)
create_data = {'port_security_enabled': False}
topology.normal_port = self.create_port(topology.network['id'],
**create_data)
self._validate_policygroup(topology, pg_name=self.PG_NAME)
create_data = {
'port_security_enabled': False,
'binding:vnic_type': 'baremetal',
'binding:host_id': 'dummy',
'binding:profile': {
"local_link_information": [{
"port_id":
self.gw_port1['name'],
"switch_info":
self.gateway['systemID']
}]
}
}
topology.baremetal_port = self.create_port(topology.network['id'],
**create_data)
self._validate_policygroup(topology,
pg_name=self.PG_NAME,
vport_num=2)
@decorators.attr(type='smoke')
def test_l2_update_without_psec(self):
topology = self._create_topology()
create_data = {
'port_security_enabled': False,
'binding:vnic_type': 'baremetal',
}
baremetal_port = self.create_port(topology.network['id'],
**create_data)
update_data = {
'binding:host_id': 'dummy',
'binding:profile': {
"local_link_information": [{
"port_id":
self.gw_port['name'],
"switch_info":
self.gateway['systemID']
}]
}
}
baremetal_port = self.update_port(baremetal_port['id'], **update_data)
topology.baremetal_port = baremetal_port
self._validate_baremetal_vport(topology)
self._validate_vlan(topology, vlan_transparent=False)
self._validate_interface(topology)
self._validate_policygroup(topology, pg_name=self.PG_NAME)
@testtools.skipIf(Topology.is_v5,
'Skipping in 5.x - test was added for refactored '
'PG_FOR_LESS_SECURITY and sriov defaultPG in 6.0')
@decorators.attr(type='smoke')
def test_l3_create_without_psec(self):
topology = self._create_topology(with_router=True)
create_data = {
'port_security_enabled': False,
'binding:vnic_type': 'baremetal',
'binding:host_id': 'dummy',
'binding:profile': {
"local_link_information": [{
"port_id":
self.gw_port['name'],
"switch_info":
self.gateway['systemID']
}]
}
}
baremetal_port = self.create_port(topology.network['id'],
**create_data)
topology.baremetal_port = baremetal_port
self._validate_baremetal_vport(topology)
self._validate_vlan(topology, vlan_transparent=False)
self._validate_interface(topology)
# Add normal port and check there are two PG_ALLOW_ALL
# (software and hardware)
create_data = {'port_security_enabled': False}
topology.normal_port = self.create_port(topology.network['id'],
**create_data)
self._validate_policygroup(
topology, pg_name=constants.NUAGE_PLCY_GRP_ALLOW_ALL_HW)
create_data = {
'port_security_enabled': False,
'binding:vnic_type': 'baremetal',
'binding:host_id': 'dummy',
'binding:profile': {
"local_link_information": [{
"port_id":
self.gw_port1['name'],
"switch_info":
self.gateway['systemID']
}]
}
}
topology.baremetal_port = self.create_port(topology.network['id'],
**create_data)
self._validate_policygroup(
topology,
pg_name=constants.NUAGE_PLCY_GRP_ALLOW_ALL_HW,
vport_num=2)
@testtools.skipIf(Topology.is_v5,
'Skipping in 5.x - test was added for refactored '
'PG_FOR_LESS_SECURITY and sriov defaultPG in 6.0')
@decorators.attr(type='smoke')
def test_l3_update_without_psec(self):
topology = self._create_topology(with_router=True)
create_data = {
'port_security_enabled': False,
'binding:vnic_type': 'baremetal',
}
baremetal_port = self.create_port(topology.network['id'],
**create_data)
update_data = {
'binding:host_id': 'dummy',
'binding:profile': {
"local_link_information": [{
"port_id":
self.gw_port['name'],
"switch_info":
self.gateway['systemID']
}]
}
}
baremetal_port = self.update_port(baremetal_port['id'], **update_data)
topology.baremetal_port = baremetal_port
self._validate_baremetal_vport(topology)
self._validate_vlan(topology, vlan_transparent=False)
self._validate_interface(topology)
self._validate_policygroup(
topology, pg_name=constants.NUAGE_PLCY_GRP_ALLOW_ALL_HW)
def _create_topology(self,
with_router=False,
with_port=False,
vlan_transparent=False,
with_security_group=True):
router = port = security_group = None
if with_router:
router = self.create_router()
if vlan_transparent:
network = self.create_network(vlan_transparent=True)
else:
network = self.create_network()
subnet = self.create_subnet('10.20.30.0/24', network['id'])
if with_router:
self.add_router_interface(router['id'], subnet_id=subnet['id'])
if with_port:
port = self.create_port(network['id'])
if with_security_group:
security_group = self.create_security_group()
return BaremetalTopology(self.vsd_client, network, subnet, router,
port, security_group)
def _test_baremetal_port(self,
topology,
update=False,
vlan_transparent=False):
create_data = {'security_groups': [topology.security_group['id']]}
if not update:
create_data.update(self.binding_data)
with self.port(topology.network['id'], **create_data) as bm_port:
topology.baremetal_port = bm_port
if update:
self.update_port(bm_port['id'],
as_admin=True,
**self.binding_data)
self._validate_vsd(topology, vlan_transparent=vlan_transparent)
# Validation part
def _validate_vsd(self, topology, vlan_transparent=False):
self._validate_baremetal_vport(topology)
self._validate_vlan(topology, vlan_transparent=vlan_transparent)
self._validate_interface(topology)
self._validate_policygroup(topology)
def _validate_baremetal_vport(self, topology):
self.assertThat(topology.vsd_baremetal_vport['type'],
matchers.Equals(self.expected_vport_type),
message="Vport has wrong type")
def _validate_vlan(self, topology, vlan_transparent=False):
vsd_vlan = self.vsd_client.get_gateway_vlan_by_id(
topology.vsd_baremetal_vport['VLANID'])
if vlan_transparent:
self.assertThat(vsd_vlan['value'],
matchers.Equals(self.expected_vlan_transparent),
message="Vport has unexpected vlan")
else:
self.assertThat(vsd_vlan['value'],
matchers.Equals(self.expected_vlan_normal),
message="Vport has unexpected vlan")
def _validate_interface(self, topology):
vsd_vport = topology.vsd_baremetal_vport
neutron_port = topology.baremetal_port
if vsd_vport['type'] == constants.VPORT_TYPE_HOST:
self.assertThat(topology.vsd_baremetal_interface['MAC'],
matchers.Equals(neutron_port['mac_address']))
self.assertThat(
topology.vsd_baremetal_interface['IPAddress'],
matchers.Equals(neutron_port['fixed_ips'][0]['ip_address']))
def _validate_policygroup(self, topology, pg_name=None, vport_num=1):
if topology.normal_port is not None or self.is_dhcp_agent_present():
expected_pgs = 2 # Expecting software + hardware
else:
expected_pgs = 1 # Expecting only hardware
if not Topology.has_unified_pg_for_all_support():
if self.is_dhcp_agent_present():
expected_pgs += 1 # Extra PG for dhcp agent
# Repeated check in case of agent
for attempt in range(Topology.nbr_retries_for_test_robustness):
if len(topology.get_vsd_policygroups(
True)) == expected_pgs:
break
else:
LOG.error("Unexpected amount of PGs found, "
"expected {} found {} "
"(attempt {})".format(
expected_pgs,
len(topology.vsd_policygroups),
attempt + 1))
time.sleep(1)
self.assertThat(topology.get_vsd_policygroups(True),
matchers.HasLength(expected_pgs),
message="Unexpected amount of PGs found")
for pg in topology.vsd_policygroups:
if pg['type'] == 'HARDWARE':
vsd_policygroup = pg
break
else:
self.fail("Could not find HARDWARE policy group.")
self.assertThat(vsd_policygroup['type'], matchers.Equals('HARDWARE'))
if Topology.has_unified_pg_for_all_support():
if pg_name:
self.assertEqual(pg_name, vsd_policygroup['name'])
self.assertEqual(pg_name, vsd_policygroup['description'])
self.assertEqual(
"hw:" + (ExternalId(
constants.NUAGE_PLCY_GRP_ALLOW_ALL).at_cms_id()),
vsd_policygroup['externalID'])
else:
self.assertEqual(topology.security_group['id'] + "_HARDWARE",
vsd_policygroup['name'])
self.assertEqual(topology.security_group['name'],
vsd_policygroup['description'])
self.assertEqual(
"hw:" +
(ExternalId(topology.security_group['id']).at_cms_id()),
vsd_policygroup['externalID'])
vsd_pg_vports = self.vsd_client.get_vport(constants.POLICYGROUP,
vsd_policygroup['ID'])
self.assertThat(vsd_pg_vports,
matchers.HasLength(vport_num),
message="Expected to find exactly {} "
"vport in PG".format(vport_num))
for vsd_pg_vport in vsd_pg_vports:
if vsd_pg_vport['ID'] == topology.vsd_baremetal_vport['ID']:
break
else:
self.fail("Vport should be part of HARDWARE PG")
else:
if pg_name:
self.assertThat(vsd_policygroup['name'],
matchers.Contains(pg_name))
vsd_pg_vports = self.vsd_client.get_vport(constants.POLICYGROUP,
vsd_policygroup['ID'])
self.assertThat(vsd_pg_vports,
matchers.HasLength(1),
message="Expected to find exactly 1 vport in PG")
self.assertThat(vsd_pg_vports[0]['ID'],
matchers.Equals(
topology.vsd_baremetal_vport['ID']),
message="Vport should be part of HARDWARE PG")
def _validate_interconnect(self, topology):
self.assertThat(topology.vsd_policygroups,
matchers.HasLength(2),
message="Expected 2 PGs: 1 hardware, 1 software")
vsd_policygroups = {pg['type']: pg for pg in topology.vsd_policygroups}
egress_entries = topology.vsd_egress_acl_entries
for rule in egress_entries:
if (rule['locationID'] == vsd_policygroups['SOFTWARE']['ID'] and
rule['networkID'] == vsd_policygroups['HARDWARE']['ID']):
break
else:
self.fail("Could not find interlink egress rule.")
def _validate_dhcp_option(self, topology):
self.assertThat(topology.vsd_baremetal_dhcp_opts,
matchers.HasLength(2))
DHCP_ROUTER_OPT = 3
DHCP_SERVER_NAME_OPT = 66
for dhcp_opt in topology.vsd_baremetal_dhcp_opts:
if dhcp_opt['actualType'] == DHCP_ROUTER_OPT:
self.assertThat(dhcp_opt['actualValues'][0],
matchers.Equals(topology.subnet['gateway_ip']))
elif dhcp_opt['actualType'] == DHCP_SERVER_NAME_OPT:
os_dhcp_opt = topology.baremetal_port['extra_dhcp_opts'][0]
self.assertThat(dhcp_opt['actualValues'][0],
matchers.Equals(os_dhcp_opt['opt_value']))
def test_default_security_group_host_port_nondef_netpart(self):
post_body = {
"network_id": self.nondef_network['id'],
"device_owner": 'nuage:vip'
}
body = self.ports_client.create_port(**post_body)
port = body['port']
self.addCleanup(self.ports_client.delete_port, port['id'])
# Create host vport
kwargs = {
'gatewayvlan': self.gatewayvlans[5][0]['ID'],
'port': port['id'],
'subnet': None,
'tenant': self.client.tenant_id
}
body = self.client.create_gateway_vport(**kwargs)
vport = body['nuage_gateway_vport']
gw_vport = self.nuage_client.get_host_vport(vport['id'])
body = self.admin_client.show_gateway_vport(gw_vport[0]['ID'],
self.nondef_subnet['id'])
vport = body['nuage_gateway_vport']
if vport is None:
assert False, "Host Vport not found"
self.verify_vport_properties(gw_vport[0], vport, self.network['id'])
l3domain = self.nuage_client.get_l3domain(
filters='externalID',
filter_values=self.nondef_router['id'],
netpart_name=self.nondef_netpart['name'])
default_pg = self.nuage_client.get_policygroup(n_constants.DOMAIN,
l3domain[0]['ID'])
if default_pg[0]['name'] == n_constants.NUAGE_PLCY_GRP_ALLOW_ALL:
pg_num = 0
else:
pg_num = 1
self.assertEqual(
n_constants.NUAGE_PLCY_GRP_ALLOW_ALL
if Topology.has_unified_pg_for_all_support() else
'defaultPG-VRSG-HOST-' + vport['subnet'],
default_pg[pg_num]['name'])
vport_from_pg = self.nuage_client.get_vport(n_constants.POLICYGROUP,
default_pg[pg_num]['ID'])
if len(vport_from_pg) == 1:
self.assertEqual(vport_from_pg[0]['name'], vport['name'])
elif len(vport_from_pg) == 2:
# One bridge vport is created by another test or neutron dhcp
# agent is enabled.
self.assertEqual(vport_from_pg[1]['name'], vport['name'])
else:
# One bridge vport is created by another test and neutron dhcp
# agent is enabled.
self.assertEqual(vport_from_pg[2]['name'], vport['name'])
nuage_eacl_template = self.nuage_client.get_egressacl_template(
n_constants.DOMAIN, l3domain[0]['ID'])
nuage_eacl_entrytemplate = \
self.nuage_client.get_egressacl_entrytemplate(
n_constants.EGRESS_ACL_TEMPLATE,
nuage_eacl_template[0]['ID'])
vport_tp_pg_mapping = False
for nuage_eacl_entry in nuage_eacl_entrytemplate:
if nuage_eacl_entry['locationID'] == default_pg[pg_num]['ID']:
self.assertEqual(nuage_eacl_entry['networkType'], 'ANY')
self.assertEqual(nuage_eacl_entry['locationType'],
'POLICYGROUP')
vport_tp_pg_mapping = True
if vport_tp_pg_mapping is False:
assert False, "Host Vport not found in default PG"
def test_default_security_group_bridge_port(self):
kwargs = {
'gatewayvlan': self.gatewayvlans[4][0]['ID'],
'port': None,
'subnet': self.subnet['id'],
'tenant': self.client.tenant_id
}
body = self.client.create_gateway_vport(**kwargs)
vport1 = body['nuage_gateway_vport']
self.gatewayvports.append(vport1)
gw_vport = self.nuage_client.get_host_vport(vport1['id'])
self.verify_vport_properties(gw_vport[0], vport1, self.network['id'])
body = self.admin_client.list_gateway_vport(self.subnet['id'])
vports = body['nuage_gateway_vports']
found_vport = False
vport = None
for vport in vports:
if vport['name'] == gw_vport[0]['name']:
found_vport = True
self.verify_vport_properties(gw_vport[0], vport,
self.network['id'])
# TODO(Kris noticed) - shld there be break here?
if not found_vport:
assert False, "Bridge Vport not found"
l3domain = self.nuage_client.get_l3domain(
filters='externalID', filter_values=self.router['id'])
default_pg = self.nuage_client.get_policygroup(n_constants.DOMAIN,
l3domain[0]['ID'])
self.assertEqual(
n_constants.NUAGE_PLCY_GRP_ALLOW_ALL
if Topology.has_unified_pg_for_all_support() else
'defaultPG-VRSG-BRIDGE-' + vport['subnet'], default_pg[0]['name'])
self.assertThat(
default_pg[0],
ContainsDict(
{'externalID': Equals(self._expected_allow_all_pg_ext_id())}))
vports_from_pg = self.nuage_client.get_vport(n_constants.POLICYGROUP,
default_pg[0]['ID'])
for vport_from_pg in vports_from_pg:
if vport_from_pg['name'] == vport['name']:
break
else:
self.fail("Can't find Vport {} under the policy group {}".format(
vport['name'], default_pg[0]['name']))
# Egress ACL
nuage_eacl_template = self.nuage_client.get_egressacl_template(
n_constants.DOMAIN, l3domain[0]['ID'])
# must have external ID as router_id @ cms_id
self.assertThat(
nuage_eacl_template[0],
ContainsDict({
'externalID':
Equals(ExternalId(self.router['id']).at_cms_id())
}))
nuage_eacl_entrytemplate = \
self.nuage_client.get_egressacl_entrytemplate(
n_constants.EGRESS_ACL_TEMPLATE,
nuage_eacl_template[0]['ID'])
self.assertThat(
nuage_eacl_entrytemplate[0],
ContainsDict(
{'externalID': Equals(self._expected_allow_all_pg_ext_id())}))
vport_tp_pg_mapping = False
for nuage_eacl_entry in nuage_eacl_entrytemplate:
if nuage_eacl_entry['locationID'] == default_pg[0]['ID']:
self.assertThat(
nuage_eacl_entry,
ContainsDict({
'externalID':
Equals(self._expected_allow_all_pg_ext_id())
}))
self.assertEqual(nuage_eacl_entry['networkType'], 'ANY')
self.assertEqual(nuage_eacl_entry['locationType'],
'POLICYGROUP')
vport_tp_pg_mapping = True
if vport_tp_pg_mapping is False:
assert False, "Bridge Vport not found in default PG"
# Ingress ACL
nuage_iacl_template = self.nuage_client.get_ingressacl_template(
n_constants.DOMAIN, l3domain[0]['ID'])
# must have external ID as router_id @ cms_id
self.assertThat(
nuage_iacl_template[0],
ContainsDict({
'externalID':
Equals(ExternalId(self.router['id']).at_cms_id())
}))
nuage_iacl_entrytemplate = \
self.nuage_client.get_ingressacl_entrytemplate(
n_constants.INGRESS_ACL_TEMPLATE,
nuage_iacl_template[0]['ID'])
self.assertThat(
nuage_iacl_entrytemplate[0],
ContainsDict(
{'externalID': Equals(self._expected_allow_all_pg_ext_id())}))
vport_tp_pg_mapping = False
for nuage_iacl_entry in nuage_iacl_entrytemplate:
if nuage_iacl_entry['locationID'] == default_pg[0]['ID']:
self.assertThat(
nuage_iacl_entry,
ContainsDict({
'externalID':
Equals(self._expected_allow_all_pg_ext_id())
}))
self.assertEqual('ANY', nuage_iacl_entry['networkType'])
self.assertEqual('POLICYGROUP',
nuage_iacl_entry['locationType'])
vport_tp_pg_mapping = True
self.assertTrue(vport_tp_pg_mapping,
'Bridge Vport not found in default PG')
