def create_pf(vip_option, nic_uuid, num): try: #create vip and eip vip = net_ops.create_vip(vip_option) pf_option = test_util.PortForwardingRuleOption() if num < 32767: port_s = 2 * num port_e = port_s + 1 pf_option.set_allowedCidr('192.168.0.1/32') else: port_s = num / 20 port_e = port_s + 1 pf_option.set_allowedCidr('192.168.%d.%d/32' % (num / 1000, num % 255)) pf_option.set_vip_uuid(vip.uuid) pf_option.set_vm_nic_uuid(nic_uuid) pf_option.set_session_uuid(session_uuid) pf_option.set_protocol(inventory.TCP) pf_option.set_private_ports(port_s, port_e) pf_option.set_vip_ports(port_s, port_e) pf_option.set_name('pf_%s' % vip_option.get_name()) pf = net_ops.create_port_forwarding(pf_option) except: exc_info.append(sys.exc_info())
def create_eip(vip_option, nic_uuid): try: #create vip and eip vip = net_ops.create_vip(vip_option) eip_option = test_util.EipOption() eip_option.set_name('eip_%s' % vip_option.get_name()) eip_option.set_session_uuid(session_uuid) eip_option.set_vip_uuid(vip.uuid) eip_option.set_vm_nic_uuid(nic_uuid) eip = net_ops.create_eip(eip_option) except: exc_info.append(sys.exc_info())
def create(self, target_vm=None): if not self.pf_creation_option.get_vm_nic_uuid(): self.state = pf_header.DETACHED else: if not self.pf_creation_option.get_vip_uuid(): l3_uuid = test_lib.lib_get_l3_uuid_by_nic(self.pf_creation_option.get_vm_nic_uuid()) if not 'PortForwarding' in test_lib.lib_get_l3_service_type(l3_uuid): test_util.test_fail('[l3:] %s is not available PortForwarding network for [vm:] %s' % (l3_uuid, target_vm.get_vm().uuid)) vr = test_lib.lib_find_vr_by_l3_uuid(l3_uuid)[0] vr_pub_nic = test_lib.lib_find_vr_pub_nic(vr) vip = net_ops.create_vip(vr_pub_nic.l3NetworkUuid) self.pf_creation_option.set_vip_uuid(vip.uuid) self.state = pf_header.ATTACHED if not target_vm: test_util.test_fail('You forget to add target_vm object when calling pf.create(target_vm). ') self.port_forwarding = net_ops.create_port_forwarding(self.pf_creation_option) self.target_vm = target_vm super(ZstackTestPortForwarding, self).create() return self.port_forwarding
def create_vip(vip_option): try: #create vip vip = net_ops.create_vip(vip_option) except: exc_info.append(sys.exc_info())
def test(): ''' Since VR ip address is assigned by zstack, so we need to use VR to test PF rules' connectibility. PF test needs at least 3 VR existence. The PF VM's VR is for set PF rule. The PF rule will add VIP for PF_VM. Besides of PF_VM's VR, there are needed another 2 VR VMs. 1st VR public IP address will be set as allowedCidr. The 1st VR VM should be able to access PF_VM. So the 2nd VR VM should not be able to access PF_VM. In this test, will also add SG rules to check the coexistence between PF and SG. SG rule will be added onto PF_VM's internal IP. ''' pf_vm = test_stub.create_vr_vm('migrate_pf_sg_vm1', 'imageName_net', 'l3VlanNetwork2') test_obj_dict.add_vm(pf_vm) l3_name = os.environ.get('l3VlanNetworkName1') vr1_l3_uuid = test_lib.lib_get_l3_by_name(l3_name).uuid vrs = test_lib.lib_find_vr_by_l3_uuid(vr1_l3_uuid) temp_vm1 = None if not vrs: #create temp_vm1 for getting vlan1's vr for test pf_vm portforwarding temp_vm1 = test_stub.create_vr_vm('migrate_temp_vm1', 'imageName_net', 'l3VlanNetworkName1') test_obj_dict.add_vm(temp_vm1) vr1 = test_lib.lib_find_vr_by_vm(temp_vm1.vm)[0] else: vr1 = vrs[0] l3_name = os.environ.get('l3VlanNetwork3') vr2_l3_uuid = test_lib.lib_get_l3_by_name(l3_name).uuid vrs = test_lib.lib_find_vr_by_l3_uuid(vr2_l3_uuid) temp_vm2 = None if not vrs: #create temp_vm2 for getting novlan's vr for test pf_vm portforwarding temp_vm2 = test_stub.create_vr_vm('migrate_temp_vm2', 'imageName_net', 'l3VlanNetwork3') test_obj_dict.add_vm(temp_vm2) vr2 = test_lib.lib_find_vr_by_vm(temp_vm2.vm)[0] else: vr2 = vrs[0] vr1_pub_ip = test_lib.lib_find_vr_pub_ip(vr1) vr2_pub_ip = test_lib.lib_find_vr_pub_ip(vr2) pf_vm.check() vm_nic = pf_vm.vm.vmNics[0] vm_nic_uuid = vm_nic.uuid pri_l3_uuid = vm_nic.l3NetworkUuid vr = test_lib.lib_find_vr_by_l3_uuid(pri_l3_uuid)[0] vr_pub_nic = test_lib.lib_find_vr_pub_nic(vr) l3_uuid = vr_pub_nic.l3NetworkUuid vip_option = test_util.VipOption() vip_option.set_l3_uuid(l3_uuid) vip_uuid = net_ops.create_vip(vip_option).uuid pf_creation_opt = PfRule.generate_pf_rule_option(vr1_pub_ip, protocol=inventory.TCP, vip_target_rule=Port.rule1_ports, private_target_rule=Port.rule1_ports, vip_uuid=vip_uuid, vm_nic_uuid=vm_nic_uuid) test_pf = zstack_pf_header.ZstackTestPortForwarding() test_pf.set_creation_option(pf_creation_opt) test_pf.create(pf_vm) pf_vm.check() #Ignore this check, since it has been checked many times in other PF cases. #test_pf.check() sg1 = test_stub.create_sg() test_obj_dict.add_sg(sg1.security_group.uuid) sg_vm = zstack_sg_vm_header.ZstackTestSgVm() sg_vm.check() vm_nics = (vm_nic_uuid, pf_vm) rule1 = test_lib.lib_gen_sg_rule(Port.rule1_ports, inventory.TCP, inventory.INGRESS, vr1_pub_ip) rule2 = test_lib.lib_gen_sg_rule(Port.rule2_ports, inventory.TCP, inventory.INGRESS, vr2_pub_ip) sg1.add_rule([rule1]) test_util.test_dsc("Add nic to security group 1.") test_util.test_dsc("PF rule is allowed, since VR1's IP is granted by SG Rule1.") sg_vm.attach(sg1, [vm_nics]) test_pf.check() test_stub.migrate_vm_to_random_host(pf_vm) test_util.test_dsc("Remove rule1 from security group 1.") test_util.test_dsc("PF rule is still allowed") sg1.delete_rule([rule1]) test_pf.check() test_util.test_dsc("Add rule2") test_util.test_dsc("PF rule is not allowed, since rule2 only allowed the ingress from VR2, but VR2 can't pass PF rule. ") sg1.add_rule([rule2]) test_pf.check() test_util.test_dsc("Delete SG") sg_vm.delete_sg(sg1) test_util.test_dsc("PF rule is allowed") test_pf.check() if temp_vm1: temp_vm1.destroy() test_obj_dict.rm_vm(temp_vm1) if temp_vm2: temp_vm2.destroy() test_obj_dict.rm_vm(temp_vm2) test_pf.delete() pf_vm.destroy() test_obj_dict.rm_vm(pf_vm) net_ops.delete_vip(vip_uuid) test_util.test_pass("Test Port Forwarding TCP Rule Successfully")
def create(self): self.vip = net_ops.create_vip(self.get_creation_option()) super(ZstackTestVip, self).create() return self.vip
def test(): global project_uuid, project_admin_uuid, virtual_id_uuid, project_operator_uuid, plain_user_uuid flavor = case_flavor[os.environ.get('CASE_FLAVOR')] # 1 create project if flavor['target_role'] != 'system_admin': project_name = 'test_project' project = iam2_ops.create_iam2_project(project_name) project_uuid = project.uuid project_linked_account_uuid = project.linkedAccountUuid if flavor['target_role'] == 'project_admin': # 2 create virtual id project_admin_name = 'username' project_admin_password = '******' project_admin_uuid = iam2_ops.create_iam2_virtual_id(project_admin_name, project_admin_password).uuid virtual_id_uuid = iam2_ops.create_iam2_virtual_id('usernametwo', 'password').uuid # 3 create project admin iam2_ops.add_iam2_virtual_ids_to_project([project_admin_uuid],project_uuid) attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}] iam2_ops.add_attributes_to_iam2_virtual_id(project_admin_uuid, attributes) # login in project by project admin project_admin_session_uuid = iam2_ops.login_iam2_virtual_id(project_admin_name, project_admin_password) project_login_uuid = iam2_ops.login_iam2_project(project_name, session_uuid=project_admin_session_uuid).uuid # iam2_ops.remove_attributes_from_iam2_virtual_id(virtual_id_uuid, attributes) elif flavor['target_role'] == 'project_operator': project_operator_name = 'username2' project_operator_password = '******' attributes = [{"name": "__ProjectOperator__", "value": project_uuid}] project_operator_uuid = iam2_ops.create_iam2_virtual_id(project_operator_name,project_operator_password,attributes=attributes).uuid virtual_id_uuid = iam2_ops.create_iam2_virtual_id('usernamethree','password').uuid # login in project by project operator iam2_ops.add_iam2_virtual_ids_to_project([project_operator_uuid],project_uuid) project_operator_session_uuid = iam2_ops.login_iam2_virtual_id(project_operator_name,project_operator_password) project_login_uuid = iam2_ops.login_iam2_project(project_name,session_uuid=project_operator_session_uuid).uuid elif flavor['target_role'] == 'project_member': plain_user_name = 'username' plain_user_password = '******' plain_user_uuid = iam2_ops.create_iam2_virtual_id(plain_user_name, plain_user_password, project_uuid=project_uuid).uuid # 3 add virtual id to project iam2_ops.add_iam2_virtual_ids_to_project([plain_user_uuid],project_uuid) # 4 login in project by plain user plain_user_session_uuid = iam2_ops.login_iam2_virtual_id(plain_user_name, plain_user_password) # 4 login in project #project_inv=iam2_ops.get_iam2_projects_of_virtual_id(plain_user_session_uuid) project_login_uuid = iam2_ops.login_iam2_project(project_name, plain_user_session_uuid).uuid elif flavor['target_role'] == 'system_admin': username = "******" password = '******' vid_tst_obj = test_vid.ZstackTestVid() test_stub.create_system_admin(username, password, vid_tst_obj) virtual_id_uuid = vid_tst_obj.get_vid().uuid project_login_uuid = acc_ops.login_by_account(username, password) # Image related ops: Add, Delete, Expunge, sync image size, Update QGA, delete, expunge if flavor['target_role'] == 'project_member': statements = [{"effect": "Allow", "actions": ["org.zstack.header.vm.**"]}] role_uuid = iam2_ops.create_role('test_role', statements).uuid iam2_ops.add_roles_to_iam2_virtual_id([role_uuid], plain_user_uuid) vm_creation_option = test_util.VmOption() pub_l3_uuid = test_lib.lib_get_l3_by_name(os.environ.get('l3PublicNetworkName')).uuid l3_net_uuid = test_lib.lib_get_l3_by_name(os.environ.get('l3VlanNetworkName3')).uuid if flavor['target_role'] != 'system_admin': acc_ops.share_resources([project_linked_account_uuid], [l3_net_uuid]) vm_creation_option.set_l3_uuids([l3_net_uuid]) image_uuid = test_lib.lib_get_image_by_name(os.environ.get('imageName_net')).uuid vm_creation_option.set_image_uuid(image_uuid) if flavor['target_role'] != 'system_admin': acc_ops.share_resources([project_linked_account_uuid], [image_uuid]) instance_offering_uuid = test_lib.lib_get_instance_offering_by_name(os.environ.get('instanceOfferingName_s')).uuid vm_creation_option.set_instance_offering_uuid(instance_offering_uuid) if flavor['target_role'] != 'system_admin': acc_ops.share_resources([project_linked_account_uuid], [instance_offering_uuid]) vm_creation_option.set_name('vm_for_project_management') vm_creation_option.set_session_uuid(project_login_uuid) vm = test_stub.create_vm(image_uuid = image_uuid, session_uuid=project_login_uuid) vm_uuid = vm.get_vm().uuid vip_option = test_util.VipOption() vip_option.set_name("vip for pm") vip_option.set_session_uuid(project_login_uuid) vip_option.set_l3_uuid(pub_l3_uuid) vm_nic = vm.vm.vmNics[0] vm_nic_uuid = vm_nic.uuid vip = net_ops.create_vip(vip_option) eip_option = test_util.EipOption() eip_option.set_name('eip for pm') eip_option.set_session_uuid(project_login_uuid) eip_option.set_vip_uuid(vip.uuid) eip_option.set_vm_nic_uuid(vm_nic_uuid) eip = net_ops.create_eip(eip_option) net_ops.detach_eip(eip.uuid, session_uuid=project_login_uuid) net_ops.attach_eip(eip.uuid, vm_nic_uuid, session_uuid=project_login_uuid) net_ops.detach_eip(eip.uuid, session_uuid=project_login_uuid) net_ops.delete_eip(eip.uuid) net_ops.delete_vip(vip.uuid) vm_ops.destroy_vm(vm_uuid, session_uuid=project_login_uuid) vm_ops.expunge_vm(vm_uuid, session_uuid=project_login_uuid) # 11 delete acc_ops.logout(project_login_uuid) if virtual_id_uuid != None: iam2_ops.delete_iam2_virtual_id(virtual_id_uuid) if project_admin_uuid != None: iam2_ops.delete_iam2_virtual_id(project_admin_uuid) if project_operator_uuid != None: iam2_ops.delete_iam2_virtual_id(project_operator_uuid) if plain_user_uuid != None: iam2_ops.delete_iam2_virtual_id(plain_user_uuid) if flavor['target_role'] != 'system_admin': iam2_ops.delete_iam2_project(project_uuid) iam2_ops.expunge_iam2_project(project_uuid) test_util.test_pass('success test iam2 login in by project admin!')
def test(): global project_uuid, project_admin_uuid, virtual_id_uuid, project_operator_uuid, plain_user_uuid flavor = case_flavor[os.environ.get('CASE_FLAVOR')] # 1 create project project_name = 'test_project' project = iam2_ops.create_iam2_project(project_name) project_uuid = project.uuid project_linked_account_uuid = project.linkedAccountUuid if flavor['target_role'] == 'project_admin': # 2 create virtual id project_admin_name = 'username' project_admin_password = '******' project_admin_uuid = iam2_ops.create_iam2_virtual_id( project_admin_name, project_admin_password).uuid virtual_id_uuid = iam2_ops.create_iam2_virtual_id( 'usernametwo', 'password').uuid # 3 create project admin iam2_ops.add_iam2_virtual_ids_to_project([project_admin_uuid], project_uuid) attributes = [{"name": "__ProjectAdmin__", "value": project_uuid}] iam2_ops.add_attributes_to_iam2_virtual_id(project_admin_uuid, attributes) # login in project by project admin project_admin_session_uuid = iam2_ops.login_iam2_virtual_id( project_admin_name, project_admin_password) project_login_uuid = iam2_ops.login_iam2_project( project_name, session_uuid=project_admin_session_uuid).uuid # iam2_ops.remove_attributes_from_iam2_virtual_id(virtual_id_uuid, attributes) elif flavor['target_role'] == 'project_operator': project_operator_name = 'username2' project_operator_password = '******' attributes = [{"name": "__ProjectOperator__", "value": project_uuid}] project_operator_uuid = iam2_ops.create_iam2_virtual_id( project_operator_name, project_operator_password, attributes=attributes).uuid virtual_id_uuid = iam2_ops.create_iam2_virtual_id( 'usernamethree', 'password').uuid # login in project by project operator iam2_ops.add_iam2_virtual_ids_to_project([project_operator_uuid], project_uuid) project_operator_session_uuid = iam2_ops.login_iam2_virtual_id( project_operator_name, project_operator_password) project_login_uuid = iam2_ops.login_iam2_project( project_name, session_uuid=project_operator_session_uuid).uuid elif flavor['target_role'] == 'project_member': plain_user_name = 'username' plain_user_password = '******' plain_user_uuid = iam2_ops.create_iam2_virtual_id( plain_user_name, plain_user_password, project_uuid=project_uuid).uuid # 3 add virtual id to project iam2_ops.add_iam2_virtual_ids_to_project([plain_user_uuid], project_uuid) # 4 login in project by plain user plain_user_session_uuid = iam2_ops.login_iam2_virtual_id( plain_user_name, plain_user_password) # 4 login in project #project_inv=iam2_ops.get_iam2_projects_of_virtual_id(plain_user_session_uuid) project_login_uuid = iam2_ops.login_iam2_project( project_name, plain_user_session_uuid).uuid # Image related ops: Add, Delete, Expunge, sync image size, Update QGA, delete, expunge if flavor['target_role'] == 'project_member': statements = [{ "effect": "Allow", "actions": ["org.zstack.header.vm.**"] }] role_uuid = iam2_ops.create_role('test_role', statements).uuid iam2_ops.add_roles_to_iam2_virtual_id([role_uuid], plain_user_uuid) vm_creation_option = test_util.VmOption() pub_l3_uuid = test_lib.lib_get_l3_by_name( os.environ.get('l3PublicNetworkName')).uuid l3_net_uuid = test_lib.lib_get_l3_by_name( os.environ.get('l3VlanNetworkName3')).uuid acc_ops.share_resources([project_linked_account_uuid], [l3_net_uuid]) vm_creation_option.set_l3_uuids([l3_net_uuid]) image_uuid = test_lib.lib_get_image_by_name( os.environ.get('imageName_net')).uuid vm_creation_option.set_image_uuid(image_uuid) acc_ops.share_resources([project_linked_account_uuid], [image_uuid]) instance_offering_uuid = test_lib.lib_get_instance_offering_by_name( os.environ.get('instanceOfferingName_s')).uuid vm_creation_option.set_instance_offering_uuid(instance_offering_uuid) acc_ops.share_resources([project_linked_account_uuid], [instance_offering_uuid]) vm_creation_option.set_name('vm_for_project_management') vm_creation_option.set_session_uuid(project_login_uuid) vm = test_stub.create_vm(image_uuid=image_uuid, session_uuid=project_login_uuid) vm_uuid = vm.get_vm().uuid vip_option = test_util.VipOption() vip_option.set_name("vip for pm") vip_option.set_session_uuid(project_login_uuid) vip_option.set_l3_uuid(pub_l3_uuid) vm_nic = vm.vm.vmNics[0] vm_nic_uuid = vm_nic.uuid vip = net_ops.create_vip(vip_option) eip_option = test_util.EipOption() eip_option.set_name('eip for pm') eip_option.set_session_uuid(project_login_uuid) eip_option.set_vip_uuid(vip.uuid) eip_option.set_vm_nic_uuid(vm_nic_uuid) eip = net_ops.create_eip(eip_option) net_ops.detach_eip(eip.uuid, session_uuid=project_login_uuid) net_ops.attach_eip(eip.uuid, vm_nic_uuid, session_uuid=project_login_uuid) net_ops.detach_eip(eip.uuid, session_uuid=project_login_uuid) net_ops.delete_eip(eip.uuid) net_ops.delete_vip(vip.uuid) vm_ops.destroy_vm(vm_uuid, session_uuid=project_login_uuid) vm_ops.expunge_vm(vm_uuid, session_uuid=project_login_uuid) # 11 delete acc_ops.logout(project_login_uuid) if virtual_id_uuid != None: iam2_ops.delete_iam2_virtual_id(virtual_id_uuid) if project_admin_uuid != None: iam2_ops.delete_iam2_virtual_id(project_admin_uuid) if project_operator_uuid != None: iam2_ops.delete_iam2_virtual_id(project_operator_uuid) if plain_user_uuid != None: iam2_ops.delete_iam2_virtual_id(plain_user_uuid) iam2_ops.delete_iam2_project(project_uuid) iam2_ops.expunge_iam2_project(project_uuid) test_util.test_pass('success test iam2 login in by project admin!')