def test_basic_policy(self): vn1_name = self.id() + 'vn1' vn2_name = self.id() + 'vn2' vn1_obj = VirtualNetwork(vn1_name) vn2_obj = VirtualNetwork(vn2_name) np = self.create_network_policy(vn1_obj, vn2_obj) seq = SequenceType(1, 1) vnp = VirtualNetworkPolicyType(seq) vn1_obj.set_network_policy(np, vnp) vn2_obj.set_network_policy(np, vnp) self._vnc_lib.virtual_network_create(vn1_obj) self._vnc_lib.virtual_network_create(vn2_obj) for obj in [vn1_obj, vn2_obj]: self.assertTill(self.vnc_db_has_ident, obj=obj) self.check_ri_ref_present(self.get_ri_name(vn1_obj), self.get_ri_name(vn2_obj)) self.check_ri_ref_present(self.get_ri_name(vn2_obj), self.get_ri_name(vn1_obj)) vn1_obj.del_network_policy(np) vn2_obj.del_network_policy(np) self._vnc_lib.virtual_network_update(vn1_obj) self._vnc_lib.virtual_network_update(vn2_obj) self.check_ri_refs_are_deleted(fq_name=self.get_ri_name(vn2_obj)) self.delete_network_policy(np) self._vnc_lib.virtual_network_delete(fq_name=vn1_obj.get_fq_name()) self._vnc_lib.virtual_network_delete(fq_name=vn2_obj.get_fq_name()) self.check_vn_is_deleted(uuid=vn1_obj.uuid) self.check_ri_is_deleted(fq_name=self.get_ri_name(vn2_obj))
def test_context_undo_fail_db_update(self): project = Project(name='p-{}'.format(self.id())) self.api.project_create(project) vn_og = VirtualNetwork(name='og-vn-{}'.format(self.id()), parent_obj=project) self.api.virtual_network_create(vn_og) vmi_obj = VirtualMachineInterface('vmi-{}'.format(self.id()), parent_obj=project) vmi_obj.set_virtual_network(vn_og) self.api.virtual_machine_interface_create(vmi_obj) vmi_obj = self.api.virtual_machine_interface_read(id=vmi_obj.uuid) # change virtual network for VMI vn_next = VirtualNetwork(name='next-vn-{}'.format(self.id()), parent_obj=project) vn_next.uuid = self.api.virtual_network_create(vn_next) vmi_obj.set_virtual_network(vn_next) def stub(*args, **kwargs): return False, (500, "Fake error") with ExpectedException(HttpError): with test_common.flexmocks([(self._api_server._db_conn, 'dbe_update', stub)]): self.api.virtual_machine_interface_update(vmi_obj) vmi_obj = self.api.virtual_machine_interface_read(id=vmi_obj.uuid) vn_ref_fq_names = [n['to'] for n in vmi_obj.get_virtual_network_refs()] self.assertEqual(len(vn_ref_fq_names), 1) self.assertEqual(vn_ref_fq_names[0], vn_og.get_fq_name())
def test_resources_exists(self): api = VncApiMock( self.args.auth_user, self.args.auth_password, self.args.auth_tenant, self.args.vnc_endpoint_ip, self.args.vnc_endpoint_port, self.args.auth_token_url ) domain_fq_name = ['default-domain'] domain = api.domain_read(fq_name=domain_fq_name) proj_uuid = api.project_create(Project("default", parent_obj=domain)) proj = api.project_read(id=proj_uuid) # Create cluster-default-pod-network ipam_uuid = api.network_ipam_create(NetworkIpam("pod-ipam", proj)) ipam = api.network_ipam_read(id=ipam_uuid) net = VirtualNetwork("cluster-default-pod-network", proj) # No subnets are associated with IPAM at this point. # Subnets will be updated in the IPAM, when cluster is created. net.add_network_ipam(ipam, VnSubnetsType([])) api.virtual_network_create(net) # Create cluster-default-service-network ipam_uuid = api.network_ipam_create(NetworkIpam("service-ipam", proj)) ipam = api.network_ipam_read(id=ipam_uuid) net = VirtualNetwork("cluster-default-service-network", proj) # No subnets are associated with IPAM at this point. # Subnets will be updated in the IPAM, when cluster is created. net.add_network_ipam(ipam, VnSubnetsType([])) api.virtual_network_create(net) vnc_kubernetes.VncKubernetes(self.args, Mock())
def test_multiple_policy(self): vn1_name = self.id() + 'vn1' vn2_name = self.id() + 'vn2' vn1_obj = VirtualNetwork(vn1_name) vn2_obj = VirtualNetwork(vn2_name) np1 = self.create_network_policy(vn1_obj, vn2_obj) np2 = self.create_network_policy(vn2_obj, vn1_obj) seq = SequenceType(1, 1) vnp = VirtualNetworkPolicyType(seq) vn1_obj.set_network_policy(np1, vnp) vn2_obj.set_network_policy(np2, vnp) self._vnc_lib.virtual_network_create(vn1_obj) self._vnc_lib.virtual_network_create(vn2_obj) self.check_ri_ref_present(self.get_ri_name(vn1_obj), self.get_ri_name(vn2_obj)) self.check_ri_ref_present(self.get_ri_name(vn2_obj), self.get_ri_name(vn1_obj)) np1.network_policy_entries.policy_rule[ 0].action_list.simple_action = 'deny' np1.set_network_policy_entries(np1.network_policy_entries) self._vnc_lib.network_policy_update(np1) expr = ( "('contrail:connection contrail:routing-instance:%s' in FakeIfmapClient._graph['8443']['contrail:routing-instance:%s']['links'])" % (':'.join(self.get_ri_name(vn2_obj)), ':'.join( self.get_ri_name(vn1_obj)))) self.assertTill(expr) np1.network_policy_entries.policy_rule[ 0].action_list.simple_action = 'pass' np1.set_network_policy_entries(np1.network_policy_entries) self._vnc_lib.network_policy_update(np1) np2.network_policy_entries.policy_rule[ 0].action_list.simple_action = 'deny' np2.set_network_policy_entries(np2.network_policy_entries) self._vnc_lib.network_policy_update(np2) expr = ( "('contrail:connection contrail:routing-instance:%s' in FakeIfmapClient._graph['8443']['contrail:routing-instance:%s']['links'])" % (':'.join(self.get_ri_name(vn1_obj)), ':'.join( self.get_ri_name(vn2_obj)))) self.assertTill(expr) vn1_obj.del_network_policy(np1) vn2_obj.del_network_policy(np2) self._vnc_lib.virtual_network_update(vn1_obj) self._vnc_lib.virtual_network_update(vn2_obj) self.check_ri_refs_are_deleted(fq_name=self.get_ri_name(vn2_obj)) self.delete_network_policy(np1) self.delete_network_policy(np2) self._vnc_lib.virtual_network_delete(fq_name=vn1_obj.get_fq_name()) self._vnc_lib.virtual_network_delete(fq_name=vn2_obj.get_fq_name()) self.check_vn_is_deleted(uuid=vn1_obj.uuid)
def test_multiple_policy(self): vn1_name = self.id() + 'vn1' vn2_name = self.id() + 'vn2' vn1_obj = VirtualNetwork(vn1_name) vn2_obj = VirtualNetwork(vn2_name) np1 = self.create_network_policy(vn1_obj, vn2_obj) np2 = self.create_network_policy(vn2_obj, vn1_obj) seq = SequenceType(1, 1) vnp = VirtualNetworkPolicyType(seq) vn1_obj.set_network_policy(np1, vnp) vn2_obj.set_network_policy(np2, vnp) self._vnc_lib.virtual_network_create(vn1_obj) self._vnc_lib.virtual_network_create(vn2_obj) self.check_ri_ref_present(self.get_ri_name(vn1_obj), self.get_ri_name(vn2_obj)) self.check_ri_ref_present(self.get_ri_name(vn2_obj), self.get_ri_name(vn1_obj)) np1.network_policy_entries.policy_rule[ 0].action_list.simple_action = 'deny' np1.set_network_policy_entries(np1.network_policy_entries) self._vnc_lib.network_policy_update(np1) self.assertTill( self.ifmap_ident_has_link, type_fq_name=('routing-instance', self.get_ri_name(vn1_obj)), link_name='contrail:connection contrail:routing-instance:%s' % ':'.join(self.get_ri_name(vn2_obj))) np1.network_policy_entries.policy_rule[ 0].action_list.simple_action = 'pass' np1.set_network_policy_entries(np1.network_policy_entries) self._vnc_lib.network_policy_update(np1) np2.network_policy_entries.policy_rule[ 0].action_list.simple_action = 'deny' np2.set_network_policy_entries(np2.network_policy_entries) self._vnc_lib.network_policy_update(np2) self.assertTill( self.ifmap_ident_has_link, type_fq_name=('routing-instance', self.get_ri_name(vn2_obj)), link_name='contrail:connection contrail:routing-instance:%s' % ':'.join(self.get_ri_name(vn1_obj))) vn1_obj.del_network_policy(np1) vn2_obj.del_network_policy(np2) self._vnc_lib.virtual_network_update(vn1_obj) self._vnc_lib.virtual_network_update(vn2_obj) self.check_ri_refs_are_deleted(fq_name=self.get_ri_name(vn2_obj)) self.delete_network_policy(np1) self.delete_network_policy(np2) self._vnc_lib.virtual_network_delete(fq_name=vn1_obj.get_fq_name()) self._vnc_lib.virtual_network_delete(fq_name=vn2_obj.get_fq_name()) self.check_vn_is_deleted(uuid=vn1_obj.uuid)
def _validate_untagged_vmis(self, fabric_obj, proj_obj, pi_obj): fabric_name = fabric_obj.get_fq_name() pi_fq_name = pi_obj.get_fq_name() vn1 = VirtualNetwork('vn1-%s' % (self.id()), parent_obj=proj_obj) self.api.virtual_network_create(vn1) vn2 = VirtualNetwork('vn2-%s' % (self.id()), parent_obj=proj_obj) self.api.virtual_network_create(vn2) # Create VPG vpg_name = "vpg-1" vpg = VirtualPortGroup(vpg_name, parent_obj=fabric_obj) vpg_uuid = self.api.virtual_port_group_create(vpg) vpg_obj = self._vnc_lib.virtual_port_group_read(id=vpg_uuid) vpg_name = vpg_obj.get_fq_name() # If tor_port_vlan_id is set, then it signifies a untagged VMI # Create first untagged VMI and attach it to Virtual Port Group vmi_obj = VirtualMachineInterface(self.id() + "1", parent_obj=proj_obj) vmi_obj.set_virtual_network(vn1) # Create KV_Pairs for this VMI kv_pairs = self._create_kv_pairs(pi_fq_name, fabric_name, vpg_name, tor_port_vlan_id='4094') vmi_obj.set_virtual_machine_interface_bindings(kv_pairs) vmi_uuid_1 = self.api.virtual_machine_interface_create(vmi_obj) vpg_obj.add_virtual_machine_interface(vmi_obj) self.api.virtual_port_group_update(vpg_obj) # Now, try to create the second untagged VMI. # This should fail as there can be only one untagged VMI in a VPG vmi_obj_2 = VirtualMachineInterface(self.id() + "2", parent_obj=proj_obj) vmi_obj_2.set_virtual_network(vn2) # Create KV_Pairs for this VMI kv_pairs = self._create_kv_pairs(pi_fq_name, fabric_name, vpg_name, tor_port_vlan_id='4092') vmi_obj_2.set_virtual_machine_interface_bindings(kv_pairs) with ExpectedException(BadRequest): self.api.virtual_machine_interface_create(vmi_obj_2) self.api.virtual_machine_interface_delete(id=vmi_uuid_1) self.api.virtual_port_group_delete(id=vpg_obj.uuid)
def test_multiple_policy(self): vn1_name = self.id() + 'vn1' vn2_name = self.id() + 'vn2' vn1_obj = VirtualNetwork(vn1_name) vn2_obj = VirtualNetwork(vn2_name) np1 = self.create_network_policy(vn1_obj, vn2_obj) np2 = self.create_network_policy(vn2_obj, vn1_obj) seq = SequenceType(1, 1) vnp = VirtualNetworkPolicyType(seq) vn1_obj.set_network_policy(np1, vnp) vn2_obj.set_network_policy(np2, vnp) self._vnc_lib.virtual_network_create(vn1_obj) self._vnc_lib.virtual_network_create(vn2_obj) self.check_ri_ref_present(self.get_ri_name(vn1_obj), self.get_ri_name(vn2_obj)) self.check_ri_ref_present(self.get_ri_name(vn2_obj), self.get_ri_name(vn1_obj)) np1.network_policy_entries.policy_rule[0].action_list.simple_action = \ 'deny' np1.set_network_policy_entries(np1.network_policy_entries) self._vnc_lib.network_policy_update(np1) self.check_ri_refs_are_deleted(fq_name=self.get_ri_name(vn2_obj)) np1.network_policy_entries.policy_rule[0].action_list.simple_action = \ 'pass' np1.set_network_policy_entries(np1.network_policy_entries) self._vnc_lib.network_policy_update(np1) self.check_ri_ref_present(self.get_ri_name(vn1_obj), self.get_ri_name(vn2_obj)) np2.network_policy_entries.policy_rule[0].action_list.simple_action = \ 'deny' np2.set_network_policy_entries(np2.network_policy_entries) self._vnc_lib.network_policy_update(np2) self.check_ri_refs_are_deleted(fq_name=self.get_ri_name(vn2_obj)) vn1_obj.del_network_policy(np1) vn2_obj.del_network_policy(np2) self._vnc_lib.virtual_network_update(vn1_obj) self._vnc_lib.virtual_network_update(vn2_obj) self.delete_network_policy(np1) self.delete_network_policy(np2) self._vnc_lib.virtual_network_delete(fq_name=vn1_obj.get_fq_name()) self._vnc_lib.virtual_network_delete(fq_name=vn2_obj.get_fq_name()) self.check_vn_is_deleted(uuid=vn1_obj.uuid) self.check_vn_is_deleted(uuid=vn2_obj.uuid)
def test_unset_tag_from_a_resource(self): project = Project('project-%s' % self.id()) self.api.project_create(project) vn = VirtualNetwork('vn-%s' % self.id(), parent_obj=project) vn_uuid = self.api.virtual_network_create(vn) tag_type = 'fake_type-%s' % self.id() tag_value = 'fake_value-%s' % self.id() tag = Tag(tag_type_name=tag_type, tag_value=tag_value, parent_obj=project) self.api.tag_create(tag) self.api.set_tag(vn, tag_type, tag_value) for system_tag_type in constants.TagTypeNameToId: self.api.tag_create( Tag(tag_type_name=system_tag_type, tag_value=tag_value)) self.api.set_tag(vn, system_tag_type, tag_value, is_global=True) vn = self._vnc_lib.virtual_network_read(id=vn_uuid) self.assertEqual(len(vn.get_tag_refs()), len(constants.TagTypeNameToId) + 1) self.assertTrue(tag.uuid in {ref['uuid'] for ref in vn.get_tag_refs()}) self.api.unset_tag(vn, tag_type) vn = self._vnc_lib.virtual_network_read(id=vn_uuid) self.assertEqual(len(vn.get_tag_refs()), len(constants.TagTypeNameToId)) self.assertFalse( tag.uuid in {ref['uuid'] for ref in vn.get_tag_refs()})
def test_tag_created_before_associated_to_a_resource(self): project = Project('project-%s' % self.id()) self.api.project_create(project) vn = VirtualNetwork('vn-%s' % self.id(), parent_obj=project) self.api.virtual_network_create(vn) tag_type = 'fake_type-%s' % self.id() tag_value = 'fake_value-%s' % self.id() # global tags_dict = { tag_type: { 'is_global': True, 'value': tag_value, } } self.assertRaises(NoIdError, self.api.set_tags, vn, tags_dict) # scoped tags_dict = { tag_type: { 'value': tag_value, } } self.assertRaises(NoIdError, self.api.set_tags, vn, tags_dict)
def test_firewall_group_port_association(self): vn = VirtualNetwork('%s-vn' % self.id(), parent_obj=self.project) self._vnc_lib.virtual_network_create(vn) vmi_ids = [] for i in range(3): vmi = VirtualMachineInterface('%s-vmi%d' % (self.id(), i), parent_obj=self.project) vmi.add_virtual_network(vn) vmi_ids.append(self._vnc_lib.virtual_machine_interface_create(vmi)) neutron_fg = self.create_resource( 'firewall_group', self.project_id, extra_res_fields={ 'ports': vmi_ids[:-1], }, ) self.assertEquals(set(neutron_fg['ports']), set(vmi_ids[:-1])) neutron_fg = self.update_resource( 'firewall_group', neutron_fg['id'], self.project_id, extra_res_fields={ 'ports': vmi_ids[1:], }, ) self.assertEquals(set(neutron_fg['ports']), set(vmi_ids[1:]))
def setUp(self): VncApiMock.init() DBMock.init() vnc_kubernetes.VncKubernetes.reset() self.args = Mock() self.args.admin_user = "******" self.args.admin_password = "******" self.args.admin_tenant = "default" self.args.vnc_endpoint_ip = '127.0.0.1' self.args.vnc_endpoint_port = "8082" self.args.auth_token_url = "token" self.args.cluster_project = None self.args.cluster_network = None self.args.cluster_pod_network = None self.args.cluster_service_network = None self.args.pod_subnets = ['10.10.0.0/16'] self.args.service_subnets = ['192.168.0.0/24'] self.args.kubernetes_api_secure_port = "8443" self.args.auth_user = "******" self.args.auth_password = "******" self.args.auth_tenant = "default" self.args.cassandra_server_list = () api = VncApiMock(self.args.auth_user, self.args.auth_password, self.args.auth_tenant, self.args.vnc_endpoint_ip, self.args.vnc_endpoint_port, self.args.auth_token_url) domain_uuid = api.domain_create(Domain("default-domain")) domain = api.domain_read(id=domain_uuid) proj_uuid = api.project_create( Project("default-project", parent_obj=domain)) proj = api.project_read(id=proj_uuid) net = VirtualNetwork("ip-fabric", proj) api.virtual_network_create(net)
def test_dedicated_tag_and_refs_deleted(self): vn = VirtualNetwork('%s-vn' % self.id(), parent_obj=self.project) self._vnc_lib.virtual_network_create(vn) vmi_ids = [] for i in range(3): vmi = VirtualMachineInterface('%s-vmi%d' % (self.id(), i), parent_obj=self.project) vmi.add_virtual_network(vn) vmi_ids.append(self._vnc_lib.virtual_machine_interface_create(vmi)) neutron_fg = self.create_resource( 'firewall_group', self.project_id, extra_res_fields={ 'ports': vmi_ids, }, ) tag_fq_name = self._get_tag_fq_name(neutron_fg, self.project) try: self._vnc_lib.tag_read(tag_fq_name) except NoIdError: msg = ("Dedicated Tag %s for firewall group %s was not created" % (':'.join(tag_fq_name), neutron_fg['id'])) self.fail(msg) self.delete_resource('firewall_group', self.project_id, neutron_fg['id']) self.assertRaises(NoIdError, self._vnc_lib.tag_read, tag_fq_name)
def test_update_in_use_provider_vn(self): project = Project('%s-project' % self.id()) project_uuid = self.api.project_create(project) project = self.api.project_read(id=project_uuid) vn = VirtualNetwork('%s-vn' % self.id(), parent_obj=project) vn.set_is_provider_network(True) vn.set_provider_properties( ProviderDetails( params_dict={"segmentation_id": 100, "physical_network": "physnet1"})) vn_uuid = self.api.virtual_network_create(vn) vmi = VirtualMachineInterface('%s-vmi' % self.id(), parent_obj=project) vmi.set_virtual_network(vn) self.api.virtual_machine_interface_create(vmi) vn = self.api.virtual_network_read(id=vn_uuid) vn.set_provider_properties( ProviderDetails( params_dict={"segmentation_id": 200, "physical_network": "physnet2"})) with ExpectedException(RefsExistError): self.api.virtual_network_update(vn) updated_provider_properties = (self .api.virtual_network_read(id=vn.uuid) .get_provider_properties()) segmentation_id = updated_provider_properties.get_segmentation_id() physical_network = updated_provider_properties.get_physical_network() self.assertEqual((100, "physnet1"), (segmentation_id, physical_network))
def test_context_undo_fail_db_delete(self): project = Project(name='p-{}'.format(self.id())) self.api.project_create(project) vn = VirtualNetwork(name='vn-{}'.format(self.id()), parent_obj=project) self.api.virtual_network_create(vn) vmi_obj = VirtualMachineInterface('vmi-{}'.format(self.id()), parent_obj=project) vmi_obj.set_virtual_network(vn) self.api.virtual_machine_interface_create(vmi_obj) vmi_obj = self.api.virtual_machine_interface_read(id=vmi_obj.uuid) mock_zk = self._api_server._db_conn._zk_db zk_alloc_count_before = mock_zk._vpg_id_allocator.get_alloc_count() def stub(*args, **kwargs): return False, (500, "Fake error") with ExpectedException(HttpError): with test_common.flexmocks([(self._api_server._db_conn, 'dbe_delete', stub)]): self.api.virtual_machine_interface_delete( fq_name=vmi_obj.fq_name) zk_alloc_count_after = mock_zk._vpg_id_allocator.get_alloc_count() self.assertEqual(zk_alloc_count_before, zk_alloc_count_after)
def test_port_security_and_allowed_address_pairs(self): project = Project('%s-project' % self.id()) self.api.project_create(project) vn = VirtualNetwork('vn-%s' % self.id(), parent_obj=project) self.api.virtual_network_create(vn) addr_pair = AllowedAddressPairs(allowed_address_pair=[ AllowedAddressPair(ip=SubnetType('1.1.1.0', 24), mac='02:ce:1b:d7:a6:e7') ]) msg = (r"^Allowed address pairs are not allowed when port security is " "disabled$") vmi = VirtualMachineInterface( 'vmi-%s' % self.id(), parent_obj=project, port_security_enabled=False, virtual_machine_interface_allowed_address_pairs=addr_pair) vmi.set_virtual_network(vn) with self.assertRaisesRegexp(BadRequest, msg): self.api.virtual_machine_interface_create(vmi) vmi = VirtualMachineInterface('vmi-%s' % self.id(), parent_obj=project, port_security_enabled=False) vmi.set_virtual_network(vn) self.api.virtual_machine_interface_create(vmi) # updating a port with allowed address pair should throw an exception # when port security enabled is set to false vmi.virtual_machine_interface_allowed_address_pairs = addr_pair with self.assertRaisesRegexp(BadRequest, msg): self.api.virtual_machine_interface_update(vmi)
def test_tag_created_before_associated_to_a_resource(self): project = Project('project-%s' % self.id()) self.api.project_create(project) vn = VirtualNetwork('vn-%s' % self.id(), parent_obj=project) self.api.virtual_network_create(vn) type = 'fake_type-%s' % self.id() value = 'fake_value-%s' % self.id() # global tags_dict = { type: { 'is_global': True, 'value': value, } } with ExpectedException(exceptions.NoIdError): self.api.set_tags(vn, tags_dict) # scoped tags_dict = { type: { 'value': value, } } with ExpectedException(exceptions.NoIdError): self.api.set_tags(vn, tags_dict)
def test_set_tag_api_sanity(self): project = Project('project-%s' % self.id()) self.api.project_create(project) tag_type = 'fake_type-%s' % self.id() tag_value = 'fake_value-%s' % self.id() tag = Tag(tag_type_name=tag_type, tag_value=tag_value, parent_obj=project) self.api.tag_create(tag) vn = VirtualNetwork('vn-%s' % self.id(), parent_obj=project) self.api.virtual_network_create(vn) url = self.api._action_uri['set-tag'] test_suite = [ ({'obj_uuid': vn.uuid}, BadRequest), ({'obj_type': 'virtual_network'}, BadRequest), ({'obj_uuid': 'fake_uuid', 'obj_type': 'virtual_network'}, NoIdError), ({'obj_uuid': vn.uuid, 'obj_type': 'wrong_type'}, BadRequest), ({ 'obj_uuid': vn.uuid, 'obj_type': 'virtual_network', tag_type: {'value': tag_value} }, None), ({ 'obj_uuid': vn.uuid, 'obj_type': 'virtual-network', tag_type: {'value': tag_value} }, None), ] for tags_dict, result in test_suite: if result and issubclass(result, Exception): self.assertRaises(result, self.api._request_server, OP_POST, url, json.dumps(tags_dict)) else: self.api._request_server(OP_POST, url, json.dumps(tags_dict))
def test_only_one_value_for_a_type_can_be_associate_to_a_resource2(self): project = Project('project-%s' % self.id()) self.api.project_create(project) tag_type = 'fake_type-%s' % self.id() global_tag = Tag(tag_type_name=tag_type, tag_value='global_fake_value-%s' % self.id()) self.api.tag_create(global_tag) scoped_tag = Tag(tag_type_name=tag_type, tag_value='scoped_fake_value-%s' % self.id(), parent_obj=project) self.api.tag_create(scoped_tag) vn = VirtualNetwork('vn-%s' % self.id(), parent_obj=project) vn.add_tag(global_tag) vn.add_tag(scoped_tag) self.assertRaises(BadRequest, self.api.virtual_network_create, vn) vn.set_tag(global_tag) self.api.virtual_network_create(vn) vn = self._vnc_lib.virtual_network_read(id=vn.uuid) self.assertEqual(len(vn.get_tag_refs()), 1) self.assertEqual(vn.get_tag_refs()[0]['uuid'], global_tag.uuid) vn.add_tag(scoped_tag) self.assertRaises(BadRequest, self.api.virtual_network_update, vn)
def test_virtual_port_group_delete(self): proj_obj = Project('%s-project' % (self.id())) self.api.project_create(proj_obj) vn = VirtualNetwork('vn-%s' % (self.id()), parent_obj=proj_obj) self.api.virtual_network_create(vn) vpg_name = "vpg-" + self.id() vpg_obj = VirtualPortGroup(vpg_name) self.api.virtual_port_group_create(vpg_obj) vmi_id_list = [] for i in range(self.VMI_NUM): vmi_obj = VirtualMachineInterface(self.id() + str(i), parent_obj=proj_obj) vmi_obj.set_virtual_network(vn) vmi_id_list.append( self.api.virtual_machine_interface_create(vmi_obj)) vpg_obj.add_virtual_machine_interface(vmi_obj) self.api.virtual_port_group_update(vpg_obj) self.api.ref_relax_for_delete(vpg_obj.uuid, vmi_id_list[i]) # Make sure when VPG doesn't get deleted, since associated VMIs # still refers it. with ExpectedException(BadRequest): self.api.virtual_port_group_delete(id=vpg_obj.uuid) # Cleanup for i in range(self.VMI_NUM): self.api.virtual_machine_interface_delete(id=vmi_id_list[i]) self.api.virtual_port_group_delete(id=vpg_obj.uuid)
def test_deallocate_vxlan_id(self): # enable vxlan routing on project proj = self._vnc_lib.project_read( fq_name=["default-domain", "default-project"]) proj.set_vxlan_routing(True) self._vnc_lib.project_update(proj) mock_zk = self._api_server._db_conn._zk_db vn_obj = VirtualNetwork('%s-vn' % self.id()) vn_obj_properties = VirtualNetworkType(forwarding_mode='l3') vn_obj_properties.set_vxlan_network_identifier(6002) vn_obj.set_virtual_network_properties(vn_obj_properties) self.api.virtual_network_create(vn_obj) # VN created, now read back the VN data to check if vxlan_id is set vn_obj = self.api.virtual_network_read(id=vn_obj.uuid) vn_obj_properties = vn_obj.get_virtual_network_properties() if not vn_obj_properties: self.fail("VN properties are not set") vxlan_id = vn_obj_properties.get_vxlan_network_identifier() self.assertEqual(vxlan_id, 6002) self.api.virtual_network_delete(id=vn_obj.uuid) self.assertNotEqual(vn_obj.get_fq_name_str() + "_vxlan", mock_zk.get_vn_from_id(vxlan_id)) logger.debug('PASS - test_deallocate_vxlan_id')
def test_update_not_in_use_non_provider_vn_to_provider(self): project = Project('%s-project' % self.id()) project_uuid = self.api.project_create(project) project = self.api.project_read(id=project_uuid) vn = VirtualNetwork('%s-vn' % self.id(), parent_obj=project) vn_uuid = self.api.virtual_network_create(vn) vn = self.api.virtual_network_read(id=vn_uuid) is_provider_network = vn.get_is_provider_network() self.assertFalse(is_provider_network) vn.set_is_provider_network(True) vn.set_provider_properties( ProviderDetails( params_dict={"segmentation_id": 100, "physical_network": "physnet1"})) self.api.virtual_network_update(vn) vn = self.api.virtual_network_read(id=vn_uuid) is_provider_network = vn.get_is_provider_network() self.assertTrue(is_provider_network) updated_provider_properties = vn.get_provider_properties() segmentation_id = updated_provider_properties.get_segmentation_id() physical_network = updated_provider_properties.get_physical_network() self.assertEqual((100, "physnet1"), (segmentation_id, physical_network))
def test_disable_port_security_with_empty_allowed_address_pair_list(self): project = Project('%s-project' % self.id()) self.api.project_create(project) vn = VirtualNetwork('vn-%s' % self.id(), parent_obj=project) self.api.virtual_network_create(vn) addr_pair = AllowedAddressPairs() vmi1 = VirtualMachineInterface( 'vmi1-%s' % self.id(), parent_obj=project, port_security_enabled=False, virtual_machine_interface_allowed_address_pairs=addr_pair) vmi1.set_virtual_network(vn) self.api.virtual_machine_interface_create(vmi1) addr_pair = AllowedAddressPairs(allowed_address_pair=[ AllowedAddressPair(ip=SubnetType('1.1.1.0', 24), mac='02:ce:1b:d7:a6:e7') ]) vmi2 = VirtualMachineInterface( 'vmi2-%s' % self.id(), parent_obj=project, port_security_enabled=True, virtual_machine_interface_allowed_address_pairs=addr_pair) vmi2.set_virtual_network(vn) self.api.virtual_machine_interface_create(vmi2) addr_pair = AllowedAddressPairs() vmi2.set_virtual_machine_interface_allowed_address_pairs(addr_pair) self.api.virtual_machine_interface_update(vmi2) vmi2.set_port_security_enabled(False) self.api.virtual_machine_interface_update(vmi2)
def test_context_undo_vxlan_id_fail_db_create(self): # enable vxlan routing on project proj = self._vnc_lib.project_read( fq_name=["default-domain", "default-project"]) proj.set_vxlan_routing(True) self._vnc_lib.project_update(proj) mock_zk = self._api_server._db_conn._zk_db vn_obj = VirtualNetwork('%s-vn' % self.id()) vn_obj_properties = VirtualNetworkType(forwarding_mode='l3') vn_obj_properties.set_vxlan_network_identifier(6000) vn_obj.set_virtual_network_properties(vn_obj_properties) def stub(*args, **kwargs): return (False, (500, "Fake error")) zk_alloc_count_start = mock_zk._vn_id_allocator.get_alloc_count() with ExpectedException(HttpError): with test_common.flexmocks( [(self._api_server._db_conn, 'dbe_create', stub)]): self.api.virtual_network_create(vn_obj) # make sure allocation counter stays the same zk_alloc_count_current = mock_zk._vn_id_allocator.get_alloc_count() self.assertEqual(zk_alloc_count_start, zk_alloc_count_current)
def _create_virtual_network(self, vn_name, proj_obj, ipam_obj, \ ipam_update, provider=None, subnets=None, \ type='flat-subnet-only'): vn_exists = False vn = VirtualNetwork(name=vn_name, parent_obj=proj_obj, address_allocation_mode=type) try: vn_obj = self._vnc_lib.virtual_network_read( fq_name=vn.get_fq_name()) vn_exists = True except NoIdError: # VN does not exist. Create one. vn_obj = vn if vn_exists: return vn_obj # Attach IPAM to virtual network. # # For flat-subnets, the subnets are specified on the IPAM and # not on the virtual-network to IPAM link. So pass an empty # list of VnSubnetsType. # For user-defined-subnets, use the provided subnets if ipam_update or \ not self._is_ipam_exists(vn_obj, ipam_obj.get_fq_name()): if subnets and type == 'user-defined-subnet-only': vn_obj.add_network_ipam(ipam_obj, subnets) else: vn_obj.add_network_ipam(ipam_obj, VnSubnetsType([])) vn_obj.set_virtual_network_properties( VirtualNetworkType(forwarding_mode='l3')) fabric_snat = False if self.ip_fabric_snat: fabric_snat = True if not vn_exists: if self.ip_fabric_forwarding: if provider: #enable ip_fabric_forwarding vn_obj.add_virtual_network(provider) elif fabric_snat: #enable fabric_snat vn_obj.set_fabric_snat(True) else: #disable fabric_snat vn_obj.set_fabric_snat(False) # Create VN. self._vnc_lib.virtual_network_create(vn_obj) else: # TODO: Handle Network update pass vn_obj = self._vnc_lib.virtual_network_read( fq_name=vn_obj.get_fq_name()) VirtualNetworkKM.locate(vn_obj.uuid) return vn_obj
def create_network(self, name, proj_obj, subnet, ipam_name): vn = VirtualNetwork( name=name, parent_obj=proj_obj, virtual_network_properties=VirtualNetworkType(forwarding_mode='l3'), address_allocation_mode='user-defined-subnet-only') try: vn_obj = self._vnc_lib.virtual_network_read( fq_name=vn.get_fq_name()) except NoIdError: # Virtual network does not exist. Create one. vn_uuid = self._vnc_lib.virtual_network_create(vn) vn_obj = self._vnc_lib.virtual_network_read(id=vn_uuid) ipam_obj = self._create_network_ipam(ipam_name, 'flat-subnet', subnet, proj_obj, vn_obj) try: self._vnc_lib.virtual_network_update(vn_obj) except Exception as e: self.logger.error("%s - failed to update virtual network %s %s. %s" % (self._name, vn_obj.uuid, str(vn_obj.fq_name), str(e))) vn_obj = self._vnc_lib.virtual_network_read( fq_name=vn_obj.get_fq_name()) #kube = vnc_kubernetes.VncKubernetes.get_instance() #kube._create_cluster_service_fip_pool(vn_obj, pod_ipam_obj) return vn_obj
def test_valid_sub_interface_vlan_tag_id(self): project = Project('%s-project' % self.id()) self.api.project_create(project) vn = VirtualNetwork('%s-vn' % self.id(), parent_obj=project) self.api.virtual_network_create(vn) test_suite = [ (None, None), (VMIPT(None), None), (VMIPT(sub_interface_vlan_tag=None), None), (VMIPT(sub_interface_vlan_tag=-42), BadRequest), (VMIPT(sub_interface_vlan_tag=4095), BadRequest), (VMIPT(sub_interface_vlan_tag='fo'), BadRequest), (VMIPT(sub_interface_vlan_tag='42'), None), (VMIPT(sub_interface_vlan_tag=42), None), ] for (vmipt, result) in test_suite: vmi = VirtualMachineInterface('%s-vmi' % self.id(), parent_obj=project) vmi.set_virtual_network(vn) vmi.set_virtual_machine_interface_properties(vmipt) if result and issubclass(result, Exception): self.assertRaises(result, self.api.virtual_machine_interface_create, vmi) else: self.api.virtual_machine_interface_create(vmi) self.api.virtual_machine_interface_delete(id=vmi.uuid)
def test_create_pool(self): tenant_id = _uuid() pool_id = _uuid() vip_id = _uuid() subnet_id = _uuid() api = self.api_server project = Project(name='test') project.uuid = tenant_id template = ServiceTemplate('lb-test', project) template.uuid = _uuid() pool_attrs = LoadbalancerPoolType() pool_attrs.subnet_id = subnet_id pool = LoadbalancerPool( pool_id, project, loadbalancer_pool_properties=pool_attrs) pool.uuid = pool_id vip_attrs = VirtualIpType() vip_attrs.subnet_id = subnet_id vip_attrs.address = '127.0.0.1' vip = VirtualIp(vip_id, project, virtual_ip_properties=vip_attrs) vip.uuid = vip_id vip.set_loadbalancer_pool(pool) vnet = VirtualNetwork('test', project) vnet.uuid = _uuid() vmi = VirtualMachineInterface(vip_id, project) vmi.uuid = _uuid() vmi.set_virtual_network(vnet) iip = InstanceIp(vip_id, instance_ip_address='127.0.0.1') iip.uuid = _uuid() iip.set_virtual_machine_interface(vmi) iip_refs = [ {'to': iip.get_fq_name(), 'uuid': iip.uuid} ] vmi.get_instance_ip_back_refs = mock.Mock() vmi.get_instance_ip_back_refs.return_value = iip_refs vip.set_virtual_machine_interface(vmi) api.virtual_service_template_read = template api.loadbalancer_pool_read.return_value = pool api.virtual_ip_read.return_value = vip api.kv_retrieve.return_value = '%s %s' % (vnet.uuid, subnet_id) api.virtual_machine_interface_read.return_value = vmi api.instance_ip_read.return_value = iip api.service_instance_read.side_effect = NoIdError('404') context = {} pool_data = { 'id': pool_id, 'vip_id': vip_id } self.driver.create_pool(context, pool_data) api.service_instance_create.assert_called_with(mock.ANY)
def test_create_vn_with_configured_rt_in_system_range(self): gsc = self.api.global_system_config_read(GlobalSystemConfig().fq_name) vn = VirtualNetwork('%s-vn' % self.id()) rt_name = 'target:%d:%d' % (gsc.autonomous_system, BGP_RTGT_MIN_ID + 1000) vn.set_route_target_list(RouteTargetList([rt_name])) self.assertRaises(BadRequest, self.api.virtual_network_create, vn)
def test_firewall_group_status(self): neutron_fg = self.create_resource( 'firewall_group', self.project_id, extra_res_fields={ 'admin_state_up': False, }, ) self.assertEquals(neutron_fg['status'], constants.DOWN) neutron_fg = self.update_resource( 'firewall_group', neutron_fg['id'], self.project_id, extra_res_fields={ 'admin_state_up': True, }, ) self.assertEquals(neutron_fg['status'], constants.INACTIVE) vn = VirtualNetwork('%s-vn' % self.id(), parent_obj=self.project) self._vnc_lib.virtual_network_create(vn) vmi = VirtualMachineInterface('%s-vmi' % self.id(), parent_obj=self.project) vmi.add_virtual_network(vn) self._vnc_lib.virtual_machine_interface_create(vmi) neutron_fg = self.update_resource( 'firewall_group', neutron_fg['id'], self.project_id, extra_res_fields={ 'ports': [vmi.uuid], }, ) self.assertEquals(neutron_fg['status'], constants.INACTIVE) fp = FirewallPolicy('%s-fp' % self.id(), parent_obj=self.project) self._vnc_lib.firewall_policy_create(fp) neutron_fg = self.update_resource( 'firewall_group', neutron_fg['id'], self.project_id, extra_res_fields={ 'egress_firewall_policy_id': fp.uuid, }, ) self.assertEquals(neutron_fg['status'], constants.ACTIVE) neutron_fg = self.update_resource( 'firewall_group', neutron_fg['id'], self.project_id, extra_res_fields={ 'ports': [], }, ) self.assertEquals(neutron_fg['status'], constants.INACTIVE)
def test_set_unset_multi_value_of_authorized_type_on_one_resource(self): project = Project('project-%s' % self.id()) self.api.project_create(project) vn = VirtualNetwork('vn-%s' % self.id(), parent_obj=project) vn_uuid = self.api.virtual_network_create(vn) # Label tag type is the only one type authorized to be set multiple # time on a same resource tag_type = 'label' tag_value1 = '%s-label1' % self.id() label_tag1 = Tag(tag_type_name=tag_type, tag_value=tag_value1, parent_obj=project) self.api.tag_create(label_tag1) tag_value2 = '%s-label2' % self.id() label_tag2 = Tag(tag_type_name=tag_type, tag_value=tag_value2, parent_obj=project) self.api.tag_create(label_tag2) tag_value3 = '%s-label3' % self.id() label_tag3 = Tag(tag_type_name=tag_type, tag_value=tag_value3, parent_obj=project) self.api.tag_create(label_tag3) tags_dict = { tag_type: { 'value': tag_value1, 'add_values': [tag_value2], }, } self.api.set_tags(vn, tags_dict) vn = self._vnc_lib.virtual_network_read(id=vn_uuid) self.assertEqual(len(vn.get_tag_refs()), 2) self.assertEqual({ref['uuid'] for ref in vn.get_tag_refs()}, set([label_tag1.uuid, label_tag2.uuid])) tags_dict = { tag_type: { 'add_values': [tag_value3], 'delete_values': [tag_value1], }, } self.api.set_tags(vn, tags_dict) vn = self._vnc_lib.virtual_network_read(id=vn_uuid) self.assertEqual(len(vn.get_tag_refs()), 2) self.assertEqual({ref['uuid'] for ref in vn.get_tag_refs()}, set([label_tag2.uuid, label_tag3.uuid])) self.api.unset_tag(vn, tag_type) vn = self._vnc_lib.virtual_network_read(id=vn_uuid) self.assertIsNone(vn.get_tag_refs())