From 1bda8388730c69a84d346b83998a50476b35f901 Mon Sep 17 00:00:00 2001 From: Ignatious Johnson Christopher Date: Sat, 19 Mar 2016 07:22:40 +0000 Subject: [PATCH] Classified the schema transformer unitests to seperate test modules. Closes-Bug: 1559404 Change-Id: I2625c6dec0c5acb4e77adc3806187930144d124c --- .../schema-transformer/test/test_bgp.py | 336 ++++ .../schema-transformer/test/test_case.py | 94 +- .../schema-transformer/test/test_policy.py | 402 ++++ .../test/test_route_table.py | 248 +++ .../test/test_route_target.py | 73 + .../test/test_security_group.py | 457 +++++ ...test_service.py => test_service_policy.py} | 1737 +++-------------- 7 files changed, 1829 insertions(+), 1518 deletions(-) create mode 100644 src/config/schema-transformer/test/test_bgp.py create mode 100644 src/config/schema-transformer/test/test_policy.py create mode 100644 src/config/schema-transformer/test/test_route_table.py create mode 100644 src/config/schema-transformer/test/test_route_target.py create mode 100644 src/config/schema-transformer/test/test_security_group.py rename src/config/schema-transformer/test/{test_service.py => test_service_policy.py} (53%) diff --git a/src/config/schema-transformer/test/test_bgp.py b/src/config/schema-transformer/test/test_bgp.py new file mode 100644 index 00000000000..6e05e06cdb5 --- /dev/null +++ b/src/config/schema-transformer/test/test_bgp.py @@ -0,0 +1,336 @@ +# +# Copyright (c) 2013 Juniper Networks, Inc. All rights reserved. +# + +import sys +import gevent +from testtools.matchers import Contains, Not + +try: + import config_db +except ImportError: + from schema_transformer import config_db +from vnc_api.vnc_api import (BgpRouterParams, VirtualMachineInterface, + BgpRouter, LogicalRouter, RouteTargetList, InstanceIp, BgpAsAService, + NoIdError) + +from test_case import STTestCase, retries +from test_route_target import VerifyRouteTarget + +sys.path.append("../common/tests") +from test_utils import FakeIfmapClient +import test_common + + +class VerifyBgp(VerifyRouteTarget): + def __init__(self, vnc_lib): + self._vnc_lib = vnc_lib + + @retries(5) + def check_ri_asn(self, fq_name, rt_target): + ri = self._vnc_lib.routing_instance_read(fq_name) + rt_refs = ri.get_route_target_refs() + if not rt_refs: + print "retrying ... ", test_common.lineno() + raise Exception('ri_refs is None for %s' % fq_name) + for rt_ref in rt_refs: + if rt_ref['to'][0] == rt_target: + return + raise Exception('rt_target %s not found in ri %s' % (rt_target, fq_name)) + + @retries(5) + def check_bgp_asn(self, fq_name, asn): + router = self._vnc_lib.bgp_router_read(fq_name) + params = router.get_bgp_router_parameters() + if not params: + print "retrying ... ", test_common.lineno() + raise Exception('bgp params is None for %s' % fq_name) + self.assertEqual(params.get_autonomous_system(), asn) + + @retries(5) + def check_lr_asn(self, fq_name, rt_target): + router = self._vnc_lib.logical_router_read(fq_name) + rt_refs = router.get_route_target_refs() + if not rt_refs: + print "retrying ... ", test_common.lineno() + raise Exception('ri_refs is None for %s' % fq_name) + self.assertEqual(rt_refs[0]['to'][0], rt_target) + + @retries(5) + def check_lr_is_deleted(self, uuid): + try: + self._vnc_lib.logical_router_read(id=uuid) + print "retrying ... ", test_common.lineno() + raise Exception('logical router %s still exists' % uuid) + except NoIdError: + print 'lr deleted' + + @retries(5) + def check_bgp_peering(self, router1, router2, length): + r1 = self._vnc_lib.bgp_router_read(fq_name=router1.get_fq_name()) + ref_names = [ref['to'] for ref in r1.get_bgp_router_refs() or []] + self.assertEqual(len(ref_names), length) + self.assertThat(ref_names, Contains(router2.get_fq_name())) + + def create_bgp_router(self, name, vendor, asn=None): + ip_fabric_ri = self._vnc_lib.routing_instance_read( + fq_name=['default-domain', 'default-project', 'ip-fabric', '__default__']) + router = BgpRouter(name, parent_obj=ip_fabric_ri) + params = BgpRouterParams() + params.vendor = 'contrail' + params.autonomous_system = asn + router.set_bgp_router_parameters(params) + self._vnc_lib.bgp_router_create(router) + return router + + @retries(5) + def check_bgp_no_peering(self, router1, router2): + r1 = self._vnc_lib.bgp_router_read(fq_name=router1.get_fq_name()) + ref_names = [ref['to'] for ref in r1.get_bgp_router_refs() or []] + self.assertThat(ref_names, Not(Contains(router2.get_fq_name()))) + + @retries(5) + def check_bgp_router_ip(self, router_name, ip): + router_obj = self._vnc_lib.bgp_router_read(fq_name_str=router_name) + self.assertEqual(router_obj.get_bgp_router_parameters().address, + ip) + @retries(5) + def check_bgp_router_identifier(self, router_name, ip): + router_obj = self._vnc_lib.bgp_router_read(fq_name_str=router_name) + self.assertEqual(router_obj.get_bgp_router_parameters().identifier, + ip) + + +class TestBgp(STTestCase, VerifyBgp): + # test logical router functionality + def test_logical_router(self): + # create vn1 + vn1_name = self.id() + 'vn1' + vn1_obj = self.create_virtual_network(vn1_name, '10.0.0.0/24') + + # create virtual machine interface + vmi_name = self.id() + 'vmi1' + vmi = VirtualMachineInterface(vmi_name, parent_type='project', fq_name=['default-domain', 'default-project', vmi_name]) + vmi.add_virtual_network(vn1_obj) + self._vnc_lib.virtual_machine_interface_create(vmi) + + # create logical router + lr_name = self.id() + 'lr1' + lr = LogicalRouter(lr_name) + rtgt_list = RouteTargetList(route_target=['target:1:1']) + lr.set_configured_route_target_list(rtgt_list) + lr.add_virtual_machine_interface(vmi) + self._vnc_lib.logical_router_create(lr) + + ri_name = self.get_ri_name(vn1_obj) + self.check_route_target_in_routing_instance(ri_name,rtgt_list.get_route_target()) + + rtgt_list.add_route_target('target:1:2') + lr.set_configured_route_target_list(rtgt_list) + self._vnc_lib.logical_router_update(lr) + self.check_route_target_in_routing_instance(ri_name, rtgt_list.get_route_target()) + + rtgt_list.delete_route_target('target:1:1') + lr.set_configured_route_target_list(rtgt_list) + self._vnc_lib.logical_router_update(lr) + self.check_route_target_in_routing_instance(ri_name, rtgt_list.get_route_target()) + + lr.del_virtual_machine_interface(vmi) + self._vnc_lib.logical_router_update(lr) + self._vnc_lib.virtual_machine_interface_delete(id=vmi.uuid) + self._vnc_lib.virtual_network_delete(id=vn1_obj.uuid) + self.check_vn_is_deleted(uuid=vn1_obj.uuid) + self._vnc_lib.logical_router_delete(id=lr.uuid) + self.check_lr_is_deleted(uuid=lr.uuid) + self.check_rt_is_deleted(name='target:64512:8000002') + + def test_ibgp_auto_mesh(self): + # create router1 + r1_name = self.id() + 'router1' + router1 = self.create_bgp_router(r1_name, 'contrail') + + # create router2 + r2_name = self.id() + 'router2' + router2 = self.create_bgp_router(r2_name, 'contrail') + + self.check_bgp_peering(router1, router2, 1) + + r3_name = self.id() + 'router3' + router3 = self.create_bgp_router(r3_name, 'juniper', 1) + + self.check_bgp_peering(router1, router2, 1) + + params = router3.get_bgp_router_parameters() + params.autonomous_system = 64512 + router3.set_bgp_router_parameters(params) + self._vnc_lib.bgp_router_update(router3) + + self.check_bgp_peering(router1, router3, 2) + + r4_name = self.id() + 'router4' + router4 = self.create_bgp_router(r4_name, 'juniper', 1) + + gsc = self._vnc_lib.global_system_config_read( + fq_name=['default-global-system-config']) + + gsc.set_autonomous_system(1) + self.check_bgp_peering(router1, router4, 3) + + self._vnc_lib.bgp_router_delete(id=router1.uuid) + self._vnc_lib.bgp_router_delete(id=router2.uuid) + self._vnc_lib.bgp_router_delete(id=router3.uuid) + self._vnc_lib.bgp_router_delete(id=router4.uuid) + gevent.sleep(1) + + def test_asn(self): + # create vn1 + vn1_name = self.id() + 'vn1' + vn1_obj = self.create_virtual_network(vn1_name, '10.0.0.0/24') + ident_name = self.get_obj_imid(vn1_obj) + gevent.sleep(2) + ifmap_ident = self.assertThat(FakeIfmapClient._graph, Contains(ident_name)) + + self.check_ri_asn(self.get_ri_name(vn1_obj), 'target:64512:8000001') + + # create router1 + r1_name = self.id() + 'router1' + router1 = self.create_bgp_router(r1_name, 'contrail') + self.check_bgp_asn(router1.get_fq_name(), 64512) + + # create virtual machine interface + vmi_name = self.id() + 'vmi1' + vmi = VirtualMachineInterface(vmi_name, parent_type='project', + fq_name=['default-domain', + 'default-project', vmi_name]) + vmi.add_virtual_network(vn1_obj) + self._vnc_lib.virtual_machine_interface_create(vmi) + + # create logical router + lr_name = self.id() + 'lr1' + lr = LogicalRouter(lr_name) + lr.add_virtual_machine_interface(vmi) + self._vnc_lib.logical_router_create(lr) + self.check_lr_asn(lr.get_fq_name(), 'target:64512:8000002') + + #update global system config but dont change asn value for equality path + gs = self._vnc_lib.global_system_config_read( + fq_name=['default-global-system-config']) + gs.set_autonomous_system(64512) + self._vnc_lib.global_system_config_update(gs) + + # check route targets + self.check_ri_asn(self.get_ri_name(vn1_obj), 'target:64512:8000001') + self.check_bgp_asn(router1.get_fq_name(), 64512) + self.check_lr_asn(lr.get_fq_name(), 'target:64512:8000002') + + #update ASN value + gs = self._vnc_lib.global_system_config_read( + fq_name=[u'default-global-system-config']) + gs.set_autonomous_system(50000) + self._vnc_lib.global_system_config_update(gs) + + # check new route targets + self.check_ri_asn(self.get_ri_name(vn1_obj), 'target:50000:8000001') + self.check_bgp_asn(router1.get_fq_name(), 50000) + self.check_lr_asn(lr.get_fq_name(), 'target:50000:8000002') + + self._vnc_lib.logical_router_delete(id=lr.uuid) + self._vnc_lib.virtual_machine_interface_delete(id=vmi.uuid) + self._vnc_lib.virtual_network_delete(id=vn1_obj.uuid) + self.check_ri_is_deleted(fq_name=vn1_obj.fq_name+[vn1_obj.name]) + self._vnc_lib.bgp_router_delete(id=router1.uuid) + #end test_asn + + def test_bgpaas(self): + # create vn1 + vn1_name = self.id() + 'vn1' + vn1_obj = self.create_virtual_network(vn1_name, + ['10.0.0.0/24', '1000::/16']) + + project_name = ['default-domain', 'default-project'] + project_obj = self._vnc_lib.project_read(fq_name=project_name) + port_name = self.id() + 'p1' + port_obj = VirtualMachineInterface(port_name, parent_obj=project_obj) + port_obj.add_virtual_network(vn1_obj) + self._vnc_lib.virtual_machine_interface_create(port_obj) + + v6_obj = InstanceIp(name=port_name+'-v6') + v6_obj.set_virtual_machine_interface(port_obj) + v6_obj.set_virtual_network(vn1_obj) + v6_obj.set_instance_ip_family('v6') + self._vnc_lib.instance_ip_create(v6_obj) + + v4_obj = InstanceIp(name=port_name+'-v4') + v4_obj.set_virtual_machine_interface(port_obj) + v4_obj.set_virtual_network(vn1_obj) + v4_obj.set_instance_ip_family('v4') + self._vnc_lib.instance_ip_create(v4_obj) + + bgpaas_name = self.id() + 'bgp1' + bgpaas = BgpAsAService(bgpaas_name, parent_obj=project_obj, + autonomous_system=64512) + bgpaas.add_virtual_machine_interface(port_obj) + self._vnc_lib.bgp_as_a_service_create(bgpaas) + + router1_name = vn1_obj.get_fq_name_str() + ':' + vn1_name + ':' + port_name + self.wait_to_get_object(config_db.BgpAsAServiceST, + bgpaas.get_fq_name_str()) + self.wait_to_get_object(config_db.BgpRouterST, router1_name) + server_fq_name = ':'.join(self.get_ri_name(vn1_obj)) + ':bgpaas-server' + self.wait_to_get_object(config_db.BgpRouterST, server_fq_name) + server_router_obj = self._vnc_lib.bgp_router_read(fq_name_str=server_fq_name) + + mx_bgp_router = self.create_bgp_router("mx-bgp-router", "contrail") + mx_bgp_router_name = mx_bgp_router.get_fq_name_str() + self.wait_to_get_object(config_db.BgpRouterST, mx_bgp_router_name) + mx_bgp_router = self._vnc_lib.bgp_router_read(fq_name_str=mx_bgp_router_name) + self.check_bgp_no_peering(server_router_obj, mx_bgp_router) + + router1_obj = self._vnc_lib.bgp_router_read(fq_name_str=router1_name) + self.assertEqual(router1_obj.get_bgp_router_parameters().address, + '10.0.0.252') + self.assertEqual(router1_obj.get_bgp_router_parameters().identifier, + '10.0.0.252') + + self.check_bgp_peering(server_router_obj, router1_obj, 1) + + v4_obj.set_instance_ip_address('10.0.0.60') + self._vnc_lib.instance_ip_update(v4_obj) + self.check_bgp_router_ip(router1_name, '10.0.0.60') + self.check_bgp_router_identifier(router1_name, '10.0.0.60') + + bgpaas.set_bgpaas_ip_address('10.0.0.70') + self._vnc_lib.bgp_as_a_service_update(bgpaas) + self.check_bgp_router_ip(router1_name, '10.0.0.70') + v4_obj.del_virtual_machine_interface(port_obj) + v4_obj.del_virtual_network(vn1_obj) + self._vnc_lib.instance_ip_delete(id=v4_obj.uuid) + self.check_bgp_router_ip(router1_name, '10.0.0.70') + self.check_bgp_router_identifier(router1_name, '10.0.0.70') + + port2_name = self.id() + 'p2' + port2_obj = VirtualMachineInterface(port2_name, parent_obj=project_obj) + port2_obj.add_virtual_network(vn1_obj) + self._vnc_lib.virtual_machine_interface_create(port2_obj) + bgpaas.add_virtual_machine_interface(port2_obj) + self._vnc_lib.bgp_as_a_service_update(bgpaas) + router2_name = vn1_obj.get_fq_name_str() + ':' + vn1_name + ':' + port2_name + self.wait_to_get_object(config_db.BgpRouterST, router2_name) + + router2_obj = self._vnc_lib.bgp_router_read(fq_name_str=router2_name) + self.check_bgp_peering(server_router_obj, router2_obj, 2) + self.check_bgp_peering(server_router_obj, router1_obj, 2) + + bgpaas.del_virtual_machine_interface(port_obj) + self._vnc_lib.bgp_as_a_service_update(bgpaas) + self.wait_to_delete_object(config_db.BgpRouterST, router1_name) + self._vnc_lib.bgp_as_a_service_delete(id=bgpaas.uuid) + self.wait_to_delete_object(config_db.BgpRouterST, router2_name) + + self._vnc_lib.instance_ip_delete(id=v6_obj.uuid) + self._vnc_lib.virtual_machine_interface_delete(id=port_obj.uuid) + self._vnc_lib.virtual_machine_interface_delete(id=port2_obj.uuid) + self._vnc_lib.virtual_network_delete(fq_name=vn1_obj.get_fq_name()) + self.check_ri_is_deleted(vn1_obj.fq_name+[vn1_obj.name]) + self._vnc_lib.bgp_router_delete(id=mx_bgp_router.uuid) + # end test_bgpaas diff --git a/src/config/schema-transformer/test/test_case.py b/src/config/schema-transformer/test/test_case.py index eeb045ac2c2..a10eaebbee2 100644 --- a/src/config/schema-transformer/test/test_case.py +++ b/src/config/schema-transformer/test/test_case.py @@ -1,13 +1,62 @@ import sys +from gevent import sleep + sys.path.append("../common/tests") from test_utils import * import test_common sys.path.insert(0, '../../../../build/production/config/schema-transformer/') from vnc_api.vnc_api import * -import uuid + + +def retry_exc_handler(tries_remaining, exception, delay): + print >> sys.stderr, "." + + +def retries(max_tries, delay=1, backoff=1, exceptions=(Exception,), + hook=retry_exc_handler): + def dec(func): + def f2(*args, **kwargs): + mydelay = delay + tries = range(max_tries) + tries.reverse() + for tries_remaining in tries: + try: + return func(*args, **kwargs) + except exceptions as e: + if tries_remaining > 0: + if hook is not None: + hook(tries_remaining, e, mydelay) + sleep(mydelay) + mydelay = mydelay * backoff + else: + raise + else: + break + return f2 + return dec + + +class VerifyCommon(object): + def __init__(self, vnc_lib): + self._vnc_lib = vnc_lib + + @retries(5) + def wait_to_get_object(self, obj_class, obj_name): + if obj_name not in obj_class._dict: + raise Exception('%s not found' % obj_name) + + @retries(5) + def wait_to_delete_object(self, obj_class, obj_name): + if obj_name in obj_class._dict: + raise Exception('%s still found' % obj_name) + class STTestCase(test_common.TestCase): + + def _class_str(self): + return str(self.__class__).strip('').strip("'") + def setUp(self): super(STTestCase, self).setUp() self._svc_mon_greenlet = gevent.spawn(test_common.launch_svc_monitor, @@ -76,17 +125,56 @@ def frame_rule_addresses(self, addr): rule_addr = AddressType(**rule_kwargs) return rule_addr + def get_service_list(self, rule): + service_name_list = [] + service_list = rule.get('service_list', None) + if service_list: + src_addresses = [rule['src']] if isinstance(rule['src'], dict) else rule['src'] + dst_addresses = [rule['dst']] if isinstance(rule['dst'], dict) else rule['dst'] + vn1_name = [addr["value"].get_fq_name_str()\ + for addr in src_addresses if addr["type"] == "vn"][0] + vn2_name = [addr["value"].get_fq_name_str()\ + for addr in dst_addresses if addr["type"] == "vn"][0] + for service in service_list: + service_name_list.append(self._create_service( + [('left', vn1_name), ('right', vn2_name)], service, + rule['auto_policy'], **rule['service_kwargs'])) + return service_name_list + + def get_mirror_service(self, rule): + mirror_si = None + mirror_service = rule.get('mirror_service', None) + if mirror_service: + src_addresses = [rule['src']] if isinstance(rule['src'], dict) else rule['src'] + dst_addresses = [rule['dst']] if isinstance(rule['dst'], dict) else rule['dst'] + vn1_name = [addr["value"].get_fq_name_str()\ + for addr in src_addresses if addr["type"] == "vn"][0] + vn2_name = [addr["value"].get_fq_name_str()\ + for addr in dst_addresses if addr["type"] == "vn"][0] + mirror_si = self._create_service( + [('left', vn1_name), ('right', vn2_name)], mirror_service, False, + service_mode='transparent', service_type='analyzer') + return mirror_si + def create_network_policy_with_multiple_rules(self, rules): pentrys = [] for rule in rules: addr1 = self.frame_rule_addresses(rule["src"]) addr2 = self.frame_rule_addresses(rule["dst"]) + service_list = self.get_service_list(rule) + mirror_service = self.get_mirror_service(rule) #src_port = rule["src-port"] src_port = PortType(-1, 0) #dst_port = rule["dst-port"] dst_port = PortType(-1, 0) - action = rule["action"] - action_list = ActionListType(simple_action=action) + action_list = ActionListType() + if mirror_service: + mirror = MirrorActionType(analyzer_name=mirror_service) + action_list.mirror_to=mirror + if service_list: + action_list.apply_service=service_list + else: + action_list.simple_action=rule["action"] prule = PolicyRuleType(direction=rule["direction"], protocol=rule["protocol"], src_addresses=[addr1], dst_addresses=[addr2], src_ports=[src_port], dst_ports=[dst_port], diff --git a/src/config/schema-transformer/test/test_policy.py b/src/config/schema-transformer/test/test_policy.py new file mode 100644 index 00000000000..ce02756e301 --- /dev/null +++ b/src/config/schema-transformer/test/test_policy.py @@ -0,0 +1,402 @@ +# +# Copyright (c) 2013 Juniper Networks, Inc. All rights reserved. +# + +import sys +import gevent +from testtools.matchers import Contains + +from vnc_api.vnc_api import (VirtualNetwork, SequenceType, + VirtualNetworkPolicyType, NoIdError) + +from test_case import STTestCase, retries, VerifyCommon +sys.path.append("../common/tests") +from test_utils import FakeIfmapClient +import test_common + + +class VerifyPolicy(VerifyCommon): + def __init__(self, vnc_lib): + self._vnc_lib = vnc_lib + + def get_ri_name(self, vn, ri_name=None): + return vn.get_fq_name() + [ri_name or vn.name] + + @retries(5) + def check_vn_ri_state(self, fq_name): + self._vnc_lib.routing_instance_read(fq_name) + + @retries(5) + def check_ri_ref_present(self, fq_name, to_fq_name): + ri = self._vnc_lib.routing_instance_read(fq_name) + for ri_ref in ri.get_routing_instance_refs() or []: + if ri_ref['to'] == to_fq_name: + return + raise Exception('ri_ref not found from %s to %s' % (fq_name, to_fq_name)) + + @retries(5) + def check_ri_ref_not_present(self, fq_name, to_fq_name): + ri = self._vnc_lib.routing_instance_read(fq_name) + for ri_ref in ri.get_routing_instance_refs() or []: + if ri_ref['to'] == to_fq_name: + raise Exception('ri_ref found from %s to %s' % (fq_name, to_fq_name)) + + @retries(5) + def check_ri_refs_are_deleted(self, fq_name): + ri = self._vnc_lib.routing_instance_read(fq_name) + ri_refs = ri.get_routing_instance_refs() + if ri_refs: + print "retrying ... ", test_common.lineno() + raise Exception('ri_refs still exist for %s' % fq_name) + + @retries(5) + def check_ri_is_deleted(self, fq_name): + try: + self._vnc_lib.routing_instance_read(fq_name) + print "retrying ... ", test_common.lineno() + raise Exception('routing instance %s still exists' % fq_name) + except NoIdError: + print 'ri deleted' + + @retries(5) + def check_vn_is_deleted(self, uuid): + try: + self._vnc_lib.virtual_network_read(id=uuid) + print "retrying ... ", test_common.lineno() + raise Exception('virtual network %s still exists' % uuid) + except NoIdError: + print 'vn deleted' + + @retries(5) + def check_acl_match_dst_cidr(self, fq_name, ip_prefix, ip_len): + acl = self._vnc_lib.access_control_list_read(fq_name) + for rule in acl.access_control_list_entries.acl_rule: + subnets = [] + if rule.match_condition.dst_address.subnet: + subnets.append(rule.match_condition.dst_address.subnet) + if rule.match_condition.dst_address.subnet_list: + subnets.extend(rule.match_condition.dst_address.subnet_list) + for subnet in subnets: + if (subnet.ip_prefix == ip_prefix and + subnet.ip_prefix_len == ip_len): + return + raise Exception('prefix %s/%d not found in ACL rules for %s' % + (ip_prefix, ip_len, fq_name)) + + @retries(5) + def check_acl_implicit_deny_rule(self, fq_name, src_vn, dst_vn): + acl = self._vnc_lib.access_control_list_read(fq_name) + for rule in acl.access_control_list_entries.acl_rule: + match_condition = rule.match_condition + if (match_condition.src_address.virtual_network == src_vn and + match_condition.dst_address.virtual_network == dst_vn and + rule.action_list.simple_action == 'deny'): + return + raise Exception('Implicit deny ACL rule not found') + + @retries(5) + def check_rt_in_ri(self, ri_name, rt_id, is_present, exim=None): + ri_obj = self._vnc_lib.routing_instance_read(fq_name=ri_name) + ri_rt_refs = [ref for ref in ri_obj.get_route_target_refs() or [] + if ref['to'][0] == rt_id] + if not is_present: + self.assertEqual(ri_rt_refs, []) + return + else: + self.assertEqual(ri_rt_refs[0]['to'][0], rt_id) + self.assertEqual(ri_rt_refs[0]['attr'].import_export, exim) + + @retries(5) + def check_route_target_in_routing_instance(self, ri_name, rt_list): + ri_obj = self._vnc_lib.routing_instance_read(fq_name=ri_name) + ri_rt_refs = set([ref['to'][0] for ref in ri_obj.get_route_target_refs() or []]) + self.assertTrue(set(rt_list) <= ri_rt_refs) + + +class TestPolicy(STTestCase, VerifyPolicy): + + def test_basic_policy(self): + vn1_name = self.id() + 'vn1' + vn2_name = self.id() + 'vn2' + vn1_obj = VirtualNetwork(vn1_name) + vn2_obj = VirtualNetwork(vn2_name) + + np = self.create_network_policy(vn1_obj, vn2_obj) + seq = SequenceType(1, 1) + vnp = VirtualNetworkPolicyType(seq) + vn1_obj.set_network_policy(np, vnp) + vn2_obj.set_network_policy(np, vnp) + self._vnc_lib.virtual_network_create(vn1_obj) + self._vnc_lib.virtual_network_create(vn2_obj) + + for obj in [vn1_obj, vn2_obj]: + ident_name = self.get_obj_imid(obj) + gevent.sleep(2) + self.assertThat(FakeIfmapClient._graph, Contains(ident_name)) + + self.check_ri_ref_present(self.get_ri_name(vn1_obj), + self.get_ri_name(vn2_obj)) + self.check_ri_ref_present(self.get_ri_name(vn2_obj), + self.get_ri_name(vn1_obj)) + + vn1_obj.del_network_policy(np) + vn2_obj.del_network_policy(np) + self._vnc_lib.virtual_network_update(vn1_obj) + self._vnc_lib.virtual_network_update(vn2_obj) + + self.check_ri_refs_are_deleted(fq_name=self.get_ri_name(vn2_obj)) + + self.delete_network_policy(np) + self._vnc_lib.virtual_network_delete(fq_name=vn1_obj.get_fq_name()) + self._vnc_lib.virtual_network_delete(fq_name=vn2_obj.get_fq_name()) + + self.check_vn_is_deleted(uuid=vn1_obj.uuid) + self.check_ri_is_deleted(fq_name=self.get_ri_name(vn2_obj)) + # end test_basic_policy + + def test_multiple_policy(self): + vn1_name = self.id() + 'vn1' + vn2_name = self.id() + 'vn2' + vn1_obj = VirtualNetwork(vn1_name) + vn2_obj = VirtualNetwork(vn2_name) + + np1 = self.create_network_policy(vn1_obj, vn2_obj) + np2 = self.create_network_policy(vn2_obj, vn1_obj) + seq = SequenceType(1, 1) + vnp = VirtualNetworkPolicyType(seq) + vn1_obj.set_network_policy(np1, vnp) + vn2_obj.set_network_policy(np2, vnp) + self._vnc_lib.virtual_network_create(vn1_obj) + self._vnc_lib.virtual_network_create(vn2_obj) + + self.check_ri_ref_present(self.get_ri_name(vn1_obj), + self.get_ri_name(vn2_obj)) + self.check_ri_ref_present(self.get_ri_name(vn2_obj), + self.get_ri_name(vn1_obj)) + + np1.network_policy_entries.policy_rule[0].action_list.simple_action = 'deny' + np1.set_network_policy_entries(np1.network_policy_entries) + self._vnc_lib.network_policy_update(np1) + + expr =("('contrail:connection contrail:routing-instance:%s' in FakeIfmapClient._graph['contrail:routing-instance:%s']['links'])" + % (':'.join(self.get_ri_name(vn2_obj)), + ':'.join(self.get_ri_name(vn1_obj)))) + self.assertTill(expr) + np1.network_policy_entries.policy_rule[0].action_list.simple_action = 'pass' + np1.set_network_policy_entries(np1.network_policy_entries) + self._vnc_lib.network_policy_update(np1) + np2.network_policy_entries.policy_rule[0].action_list.simple_action = 'deny' + np2.set_network_policy_entries(np2.network_policy_entries) + self._vnc_lib.network_policy_update(np2) + + expr = ("('contrail:connection contrail:routing-instance:%s' in FakeIfmapClient._graph['contrail:routing-instance:%s']['links'])" + % (':'.join(self.get_ri_name(vn1_obj)), + ':'.join(self.get_ri_name(vn2_obj)))) + + self.assertTill(expr) + vn1_obj.del_network_policy(np1) + vn2_obj.del_network_policy(np2) + self._vnc_lib.virtual_network_update(vn1_obj) + self._vnc_lib.virtual_network_update(vn2_obj) + + self.check_ri_refs_are_deleted(fq_name=self.get_ri_name(vn2_obj)) + + self.delete_network_policy(np1) + self.delete_network_policy(np2) + self._vnc_lib.virtual_network_delete(fq_name=vn1_obj.get_fq_name()) + self._vnc_lib.virtual_network_delete(fq_name=vn2_obj.get_fq_name()) + + self.check_vn_is_deleted(uuid=vn1_obj.uuid) + # end test_multiple_policy + + def test_policy_in_policy(self): + vn1_name = self.id() + 'vn1' + vn2_name = self.id() + 'vn2' + vn3_name = self.id() + 'vn3' + vn1_obj = VirtualNetwork(vn1_name) + vn2_obj = VirtualNetwork(vn2_name) + + np1 = self.create_network_policy(vn1_obj, vn2_obj) + np2 = self.create_network_policy(vn2_obj, vn1_obj) + + np1.network_policy_entries.policy_rule[0].dst_addresses[0].virtual_network = None + np1.network_policy_entries.policy_rule[0].dst_addresses[0].network_policy = np2.get_fq_name_str() + np1.set_network_policy_entries(np1.network_policy_entries) + self._vnc_lib.network_policy_update(np1) + + np2.network_policy_entries.policy_rule[0].src_addresses[0].virtual_network = 'local' + np2.set_network_policy_entries(np1.network_policy_entries) + self._vnc_lib.network_policy_update(np2) + seq = SequenceType(1, 1) + vnp = VirtualNetworkPolicyType(seq) + vn1_obj.set_network_policy(np1, vnp) + vn2_obj.set_network_policy(np2, vnp) + self._vnc_lib.virtual_network_create(vn1_obj) + self._vnc_lib.virtual_network_create(vn2_obj) + + self.check_ri_ref_present(self.get_ri_name(vn1_obj), + self.get_ri_name(vn2_obj)) + self.check_ri_ref_present(self.get_ri_name(vn2_obj), + self.get_ri_name(vn1_obj)) + + vn3_obj = VirtualNetwork(vn3_name) + vn3_obj.set_network_policy(np2, vnp) + self._vnc_lib.virtual_network_create(vn3_obj) + + self.check_ri_ref_present(self.get_ri_name(vn3_obj), + self.get_ri_name(vn1_obj)) + + vn3_obj.del_network_policy(np2) + self._vnc_lib.virtual_network_update(vn3_obj) + + @retries(5) + def _match_acl_rule(): + acl = self._vnc_lib.access_control_list_read( + fq_name=self.get_ri_name(vn1_obj)) + for rule in acl.get_access_control_list_entries().get_acl_rule(): + if rule.match_condition.dst_address.virtual_network == vn3_obj.get_fq_name_str(): + raise Exception("ACL rule still present") + + _match_acl_rule() + + vn1_obj.del_network_policy(np1) + vn2_obj.del_network_policy(np2) + self._vnc_lib.virtual_network_update(vn1_obj) + self._vnc_lib.virtual_network_update(vn2_obj) + self.delete_network_policy(np1) + self.delete_network_policy(np2) + self._vnc_lib.virtual_network_delete(fq_name=vn1_obj.get_fq_name()) + self._vnc_lib.virtual_network_delete(fq_name=vn2_obj.get_fq_name()) + self._vnc_lib.virtual_network_delete(fq_name=vn3_obj.get_fq_name()) + + self.check_vn_is_deleted(uuid=vn1_obj.uuid) + # end test_multiple_policy + + def test_policy_with_cidr(self): + vn1_name = self.id() + 'vn1' + vn2_name = self.id() + 'vn2' + vn1 = self.create_virtual_network(vn1_name, "10.1.1.0/24") + vn2 = self.create_virtual_network(vn2_name, "10.2.1.0/24") + rules = [] + rule1 = {"protocol": "icmp", + "direction": "<>", + "src-port": "any", + "src": {"type": "vn", "value": vn1}, + "dst": {"type": "cidr", "value": "10.2.1.1/32"}, + "dst-port": "any", + "action": "deny" + } + rule2 = {"protocol": "icmp", + "direction": "<>", + "src-port": "any", + "src": {"type": "vn", "value": vn1}, + "dst": {"type": "cidr", "value": "10.2.1.2/32"}, + "dst-port": "any", + "action": "deny" + } + rules.append(rule1) + rules.append(rule2) + + np = self.create_network_policy_with_multiple_rules(rules) + seq = SequenceType(1, 1) + vnp = VirtualNetworkPolicyType(seq) + vn1.set_network_policy(np, vnp) + self._vnc_lib.virtual_network_update(vn1) + + for obj in [vn1]: + ident_name = self.get_obj_imid(obj) + gevent.sleep(2) + self.assertThat(FakeIfmapClient._graph, Contains(ident_name)) + + self.check_vn_ri_state(fq_name=self.get_ri_name(vn1)) + + self.check_acl_match_dst_cidr(fq_name=self.get_ri_name(vn1), + ip_prefix="10.2.1.1", ip_len=32) + self.check_acl_match_dst_cidr(fq_name=self.get_ri_name(vn1), + ip_prefix="10.2.1.2", ip_len=32) + + # cleanup + self.delete_network_policy(np, auto_policy=True) + self._vnc_lib.virtual_network_delete(fq_name=vn1.get_fq_name()) + self._vnc_lib.virtual_network_delete(fq_name=vn2.get_fq_name()) + + # check if vn is deleted + self.check_vn_is_deleted(uuid=vn1.uuid) + # end test_policy_with_cidr + + def test_policy_with_cidr_and_vn(self): + vn1_name = self.id() + 'vn1' + vn2_name = self.id() + 'vn2' + vn1 = self.create_virtual_network(vn1_name, "10.1.1.0/24") + vn2 = self.create_virtual_network(vn2_name, ["10.2.1.0/24", + "10.2.2.0/24"]) + rules = [] + rule1 = {"protocol": "icmp", + "direction": "<>", + "src-port": "any", + "src": {"type": "vn", "value": vn1}, + "dst": [{"type": "cidr_list", "value": ["10.2.1.0/24"]}, + {"type": "vn", "value": vn2}], + "dst-port": "any", + "action": "pass" + } + rules.append(rule1) + + np = self.create_network_policy_with_multiple_rules(rules) + seq = SequenceType(1, 1) + vnp = VirtualNetworkPolicyType(seq) + vn1.set_network_policy(np, vnp) + self._vnc_lib.virtual_network_update(vn1) + + for obj in [vn1]: + ident_name = self.get_obj_imid(obj) + gevent.sleep(2) + self.assertThat(FakeIfmapClient._graph, Contains(ident_name)) + + self.check_vn_ri_state(fq_name=self.get_ri_name(vn1)) + + self.check_acl_match_dst_cidr(fq_name=self.get_ri_name(vn1), + ip_prefix="10.2.1.0", ip_len=24) + self.check_acl_implicit_deny_rule(fq_name=self.get_ri_name(vn1), + src_vn=':'.join(vn1.get_fq_name()), + dst_vn=':'.join(vn2.get_fq_name())) + + # cleanup + self.delete_network_policy(np, auto_policy=True) + self._vnc_lib.virtual_network_delete(fq_name=vn1.get_fq_name()) + self._vnc_lib.virtual_network_delete(fq_name=vn2.get_fq_name()) + + # check if vn is deleted + self.check_vn_is_deleted(uuid=vn1.uuid) + self.check_vn_is_deleted(uuid=vn2.uuid) + # end test_policy_with_cidr_and_vn + + def test_vn_delete(self): + vn_name = self.id() + 'vn' + vn = self.create_virtual_network(vn_name, "10.1.1.0/24") + gevent.sleep(2) + for obj in [vn]: + ident_name = self.get_obj_imid(obj) + ifmap_ident = self.assertThat(FakeIfmapClient._graph, Contains(ident_name)) + + self.check_vn_ri_state(fq_name=self.get_ri_name(vn)) + + # stop st + self._st_greenlet.kill() + gevent.sleep(5) + + # delete vn in api server + self._vnc_lib.virtual_network_delete(fq_name=vn.get_fq_name()) + + # start st on a free port + self._st_greenlet = gevent.spawn(test_common.launch_schema_transformer, + self.id(), self._api_server_ip, self._api_server_port) + gevent.sleep(2) + + # check if vn is deleted + self.check_vn_is_deleted(uuid=vn.uuid) + + # check if ri is deleted + self.check_ri_is_deleted(fq_name=self.get_ri_name(vn)) + # test_vn_delete +# end TestPolicy diff --git a/src/config/schema-transformer/test/test_route_table.py b/src/config/schema-transformer/test/test_route_table.py new file mode 100644 index 00000000000..b789bc8d65a --- /dev/null +++ b/src/config/schema-transformer/test/test_route_table.py @@ -0,0 +1,248 @@ +# +# Copyright (c) 2013 Juniper Networks, Inc. All rights reserved. +# + +import gevent + +try: + import to_bgp +except ImportError: + from schema_transformer import to_bgp +from vnc_api.vnc_api import (RouteTargetList, RouteTable, RouteTableType, + RouteType, CommunityAttributes) + +from test_case import STTestCase, retries +from test_policy import VerifyPolicy + + +class VerifyRouteTable(VerifyPolicy): + def __init__(self, vnc_lib): + self._vnc_lib = vnc_lib + + +class TestRouteTable(STTestCase, VerifyRouteTable): + def test_add_delete_route(self): + lvn_name = self.id() + 'lvn' + rvn_name = self.id() + 'rvn' + lvn = self.create_virtual_network(lvn_name, "10.0.0.0/24") + rvn = self.create_virtual_network(rvn_name, "20.0.0.0/24") + + service_name = self.id() + 's1' + np = self.create_network_policy(lvn, rvn, [service_name], auto_policy=True, service_mode="in-network") + + vn_name = self.id() + 'vn100' + vn = self.create_virtual_network(vn_name, "1.0.0.0/24") + rtgt_list = RouteTargetList(route_target=['target:1:1']) + vn.set_route_target_list(rtgt_list) + exp_rtgt_list = RouteTargetList(route_target=['target:2:1']) + vn.set_export_route_target_list(exp_rtgt_list) + imp_rtgt_list = RouteTargetList(route_target=['target:3:1']) + vn.set_import_route_target_list(imp_rtgt_list) + self._vnc_lib.virtual_network_update(vn) + rt = RouteTable("rt1") + self._vnc_lib.route_table_create(rt) + vn.add_route_table(rt) + self._vnc_lib.virtual_network_update(vn) + routes = RouteTableType() + route = RouteType(prefix="0.0.0.0/0", + next_hop="default-domain:default-project:"+service_name) + routes.add_route(route) + rt.set_routes(routes) + self._vnc_lib.route_table_update(rt) + + @retries(5) + def _match_route_table(rtgt_list): + sc = [x for x in to_bgp.ServiceChain] + if len(sc) == 0: + raise Exception("sc has 0 len") + + sc_ri_name = ('service-'+sc[0] + + '-default-domain_default-project_' + service_name) + lri = self._vnc_lib.routing_instance_read( + fq_name=self.get_ri_name(lvn, sc_ri_name)) + sr = lri.get_static_route_entries() + if sr is None: + raise Exception("sr is None") + route = sr.route[0] + self.assertEqual(route.prefix, "0.0.0.0/0") + self.assertEqual(route.next_hop, "10.0.0.252") + for rtgt in rtgt_list: + self.assertIn(rtgt, route.route_target) + ri100 = self._vnc_lib.routing_instance_read( + fq_name=self.get_ri_name(vn)) + rt100 = set(ref['to'][0] for ref in ri100.get_route_target_refs()) + lrt = set(ref['to'][0] for ref in lri.get_route_target_refs() or []) + if rt100 & lrt: + return sc_ri_name, (rt100 & lrt) + raise Exception("rt100 route-target ref not found") + + sc_ri_name, rt100 = _match_route_table(rtgt_list.get_route_target() + + imp_rtgt_list.get_route_target()) + + rtgt_list.add_route_target('target:1:2') + vn.set_route_target_list(rtgt_list) + exp_rtgt_list.add_route_target('target:2:2') + vn.set_export_route_target_list(exp_rtgt_list) + imp_rtgt_list.add_route_target('target:3:2') + vn.set_import_route_target_list(imp_rtgt_list) + self._vnc_lib.virtual_network_update(vn) + _match_route_table(rtgt_list.get_route_target()) + + rtgt_list.delete_route_target('target:1:1') + vn.set_route_target_list(rtgt_list) + exp_rtgt_list.delete_route_target('target:2:1') + vn.set_export_route_target_list(exp_rtgt_list) + imp_rtgt_list.delete_route_target('target:3:1') + vn.set_import_route_target_list(imp_rtgt_list) + self._vnc_lib.virtual_network_update(vn) + _match_route_table(rtgt_list.get_route_target()) + + routes.set_route([]) + rt.set_routes(routes) + self._vnc_lib.route_table_update(rt) + + @retries(5) + def _match_route_table_cleanup(sc_ri_name, rt100): + lri = self._vnc_lib.routing_instance_read( + fq_name=self.get_ri_name(lvn, sc_ri_name)) + sr = lri.get_static_route_entries() + if sr and sr.route: + raise Exception("sr has route") + ri = self._vnc_lib.routing_instance_read( + fq_name=self.get_ri_name(lvn)) + rt_refs = ri.get_route_target_refs() + rt_set = set(ref['to'][0] for ref in ri.get_route_target_refs() or []) + if rt100 & rt_set: + raise Exception("route-target ref still found: %s" % (rt100 & rt_set)) + + _match_route_table_cleanup(sc_ri_name, rt100) + + # add the route again, then delete the network without deleting the + # link to route table + routes.add_route(route) + rt.set_routes(routes) + self._vnc_lib.route_table_update(rt) + _match_route_table(rtgt_list.get_route_target()) + self._vnc_lib.virtual_network_delete(fq_name=vn.get_fq_name()) + _match_route_table_cleanup(sc_ri_name, rt100) + + self._vnc_lib.route_table_delete(fq_name=rt.get_fq_name()) + self.delete_network_policy(np, auto_policy=True) + gevent.sleep(1) + self._vnc_lib.virtual_network_delete(fq_name=lvn.get_fq_name()) + self._vnc_lib.virtual_network_delete(fq_name=rvn.get_fq_name()) + # check if vn is deleted + self.check_vn_is_deleted(uuid=lvn.uuid) + self.check_vn_is_deleted(uuid=rvn.uuid) + self.check_vn_is_deleted(uuid=vn.uuid) + self.check_ri_is_deleted(fq_name=lvn.fq_name+[lvn.name]) + self.check_ri_is_deleted(fq_name=rvn.fq_name+[rvn.name]) + self.check_ri_is_deleted(fq_name=vn.fq_name+[vn.name]) + # test_add_delete_route + + def test_add_delete_static_route(self): + + vn1_name = 'vn1' + vn2_name = 'vn2' + vn1 = self.create_virtual_network(vn1_name, "1.0.0.0/24") + vn2 = self.create_virtual_network(vn2_name, "2.0.0.0/24") + + rt = RouteTable("rt1") + self._vnc_lib.route_table_create(rt) + vn1.add_route_table(rt) + self._vnc_lib.virtual_network_update(vn1) + routes = RouteTableType() + route = RouteType(prefix="1.1.1.1/0", + next_hop="10.10.10.10", next_hop_type="ip-address") + routes.add_route(route) + rt.set_routes(routes) + self._vnc_lib.route_table_update(rt) + + @retries(5) + def _match_route_table(vn, prefix, next_hop, should_present=True): + ri = self._vnc_lib.routing_instance_read( + fq_name=self.get_ri_name(vn)) + sr_list = ri.get_static_route_entries() + if sr_list is None: + if should_present: + raise Exception("sr is None") + else: + return + found = False + for sr in sr_list.get_route() or []: + if sr.prefix == prefix and sr.next_hop == next_hop: + found = True + break + if found != should_present: + raise Exception("route " + prefix + "" + next_hop + "not found") + return + + _match_route_table(vn1, "1.1.1.1/0", "10.10.10.10") + + route = RouteType(prefix="2.2.2.2/0", + next_hop="20.20.20.20", next_hop_type="ip-address") + routes.add_route(route) + rt.set_routes(routes) + + self._vnc_lib.route_table_update(rt) + _match_route_table(vn1, "1.1.1.1/0", "10.10.10.10") + _match_route_table(vn1, "2.2.2.2/0", "20.20.20.20") + + vn2.add_route_table(rt) + self._vnc_lib.virtual_network_update(vn2) + + _match_route_table(vn1, "1.1.1.1/0", "10.10.10.10") + _match_route_table(vn1, "2.2.2.2/0", "20.20.20.20") + _match_route_table(vn2, "1.1.1.1/0", "10.10.10.10") + _match_route_table(vn2, "2.2.2.2/0", "20.20.20.20") + + # delete second route and check vn ri sr entries + routes.delete_route(route) + rt.set_routes(routes) + self._vnc_lib.route_table_update(rt) + + _match_route_table(vn1, "2.2.2.2/0", "20.20.20.20", False) + _match_route_table(vn2, "2.2.2.2/0", "20.20.20.20", False) + + @retries(5) + def _match_route_table_cleanup(vn): + ri = self._vnc_lib.routing_instance_read( + fq_name=self.get_ri_name(vn)) + sr = ri.get_static_route_entries() + if sr and sr.route: + raise Exception("sr has route") + + vn2.del_route_table(rt) + self._vnc_lib.virtual_network_update(vn2) + _match_route_table(vn1, "1.1.1.1/0", "10.10.10.10") + _match_route_table_cleanup(vn2) + + # delete first route and check vn ri sr entries + rt.set_routes(None) + self._vnc_lib.route_table_update(rt) + + _match_route_table(vn1, "1.1.1.1/0", "10.10.10.10", False) + + vn1.del_route_table(rt) + self._vnc_lib.virtual_network_update(vn1) + _match_route_table_cleanup(vn1) + + vn1.add_route_table(rt) + self._vnc_lib.virtual_network_update(vn1) + + vn2.add_route_table(rt) + self._vnc_lib.virtual_network_update(vn2) + + routes.set_route([]) + rt.set_routes(routes) + self._vnc_lib.route_table_update(rt) + + _match_route_table_cleanup(vn1) + _match_route_table_cleanup(vn2) + + self._vnc_lib.virtual_network_delete(fq_name=vn1.get_fq_name()) + self._vnc_lib.virtual_network_delete(fq_name=vn2.get_fq_name()) + gevent.sleep(2) + self._vnc_lib.route_table_delete(fq_name=rt.get_fq_name()) + # test_add_delete_static_route +# end class TestRouteTable diff --git a/src/config/schema-transformer/test/test_route_target.py b/src/config/schema-transformer/test/test_route_target.py new file mode 100644 index 00000000000..7ff12d552af --- /dev/null +++ b/src/config/schema-transformer/test/test_route_target.py @@ -0,0 +1,73 @@ +# +# Copyright (c) 2013 Juniper Networks, Inc. All rights reserved. +# + +try: + import config_db +except ImportError: + from schema_transformer import config_db +from vnc_api.vnc_api import RouteTargetList, NoIdError + +from test_case import STTestCase, retries +from test_policy import VerifyPolicy + + +class VerifyRouteTarget(VerifyPolicy): + def __init__(self, vnc_lib): + self._vnc_lib = vnc_lib + + @retries(5) + def check_rt_is_deleted(self, name): + try: + self._vnc_lib.route_target_read(fq_name=[name]) + print "retrying ... ", test_common.lineno() + raise Exception('rt %s still exists' % name) + except NoIdError: + print 'rt deleted' + + +class TestRouteTarget(STTestCase, VerifyRouteTarget): + def test_configured_targets(self): + # create vn1 + vn1_name = self.id() + 'vn1' + vn1_obj = self.create_virtual_network(vn1_name, '10.0.0.0/24') + self.wait_to_get_object(config_db.RoutingInstanceST, + vn1_obj.get_fq_name_str()+':'+vn1_name) + + rtgt_list = RouteTargetList(route_target=['target:1:1']) + vn1_obj.set_route_target_list(rtgt_list) + exp_rtgt_list = RouteTargetList(route_target=['target:2:1']) + vn1_obj.set_export_route_target_list(exp_rtgt_list) + imp_rtgt_list = RouteTargetList(route_target=['target:3:1']) + vn1_obj.set_import_route_target_list(imp_rtgt_list) + self._vnc_lib.virtual_network_update(vn1_obj) + + self.check_rt_in_ri(self.get_ri_name(vn1_obj), 'target:1:1', True) + self.check_rt_in_ri(self.get_ri_name(vn1_obj), 'target:2:1', True, 'export') + self.check_rt_in_ri(self.get_ri_name(vn1_obj), 'target:3:1', True, 'import') + + exp_rtgt_list.route_target.append('target:1:1') + vn1_obj.set_export_route_target_list(exp_rtgt_list) + self._vnc_lib.virtual_network_update(vn1_obj) + self.check_rt_in_ri(self.get_ri_name(vn1_obj), 'target:1:1', True) + self.check_rt_in_ri(self.get_ri_name(vn1_obj), 'target:2:1', True, 'export') + + imp_rtgt_list.route_target.append('target:1:1') + vn1_obj.set_import_route_target_list(imp_rtgt_list) + self._vnc_lib.virtual_network_update(vn1_obj) + self.check_rt_in_ri(self.get_ri_name(vn1_obj), 'target:1:1', True) + self.check_rt_in_ri(self.get_ri_name(vn1_obj), 'target:3:1', True, 'import') + + exp_rtgt_list = RouteTargetList(route_target=['target:2:1']) + vn1_obj.set_export_route_target_list(exp_rtgt_list) + imp_rtgt_list = RouteTargetList(route_target=['target:3:1']) + vn1_obj.set_import_route_target_list(imp_rtgt_list) + self._vnc_lib.virtual_network_update(vn1_obj) + self.check_rt_in_ri(self.get_ri_name(vn1_obj), 'target:1:1', True) + self.check_rt_in_ri(self.get_ri_name(vn1_obj), 'target:2:1', True, 'export') + self.check_rt_in_ri(self.get_ri_name(vn1_obj), 'target:3:1', True, 'import') + + self._vnc_lib.virtual_network_delete(id=vn1_obj.uuid) + self.check_ri_is_deleted(fq_name=vn1_obj.fq_name+[vn1_obj.name]) + # end test_configured_targets +# end class TestRouteTarget diff --git a/src/config/schema-transformer/test/test_security_group.py b/src/config/schema-transformer/test/test_security_group.py new file mode 100644 index 00000000000..6a6ba478eca --- /dev/null +++ b/src/config/schema-transformer/test/test_security_group.py @@ -0,0 +1,457 @@ +# +# Copyright (c) 2013 Juniper Networks, Inc. All rights reserved. +# + +import uuid +import copy + +try: + import config_db +except ImportError: + from schema_transformer import config_db +from vnc_api.vnc_api import (AddressType, SubnetType, PolicyRuleType, + PortType, PolicyEntriesType, SecurityGroup, NoIdError) + +from test_case import STTestCase, retries +from test_policy import VerifyPolicy + + +class VerifySecurityGroup(VerifyPolicy): + def __init__(self, vnc_lib): + self._vnc_lib = vnc_lib + + @retries(5) + def wait_to_get_sg_id(self, sg_fq_name): + sg_obj = self._vnc_lib.security_group_read(sg_fq_name) + if sg_obj.get_security_group_id() is None: + raise Exception('Security Group Id is none %s' % str(sg_fq_name)) + + @retries(5) + def check_security_group_id(self, sg_fq_name, verify_sg_id=None): + sg = self._vnc_lib.security_group_read(sg_fq_name) + sg_id = sg.get_security_group_id() + if sg_id is None: + raise Exception('sg id is not present for %s' % sg_fq_name) + if verify_sg_id is not None and str(sg_id) != str(verify_sg_id): + raise Exception('sg id is not same as passed value (%s, %s)' % + (str(sg_id), str(verify_sg_id))) + + @retries(5) + def check_acl_match_sg(self, fq_name, acl_name, sg_id, is_all_rules = False): + sg_obj = self._vnc_lib.security_group_read(fq_name) + acls = sg_obj.get_access_control_lists() + acl = None + for acl_to in acls or []: + if (acl_to['to'][-1] == acl_name): + acl = self._vnc_lib.access_control_list_read(id=acl_to['uuid']) + break + self.assertTrue(acl != None) + match = False + for rule in acl.access_control_list_entries.acl_rule: + if acl_name == 'egress-access-control-list': + if rule.match_condition.dst_address.security_group != sg_id: + if is_all_rules: + raise Exception('sg %s/%s not found in %s - for some rule' % + (str(fq_name), str(sg_id), acl_name)) + else: + match = True + break + if acl_name == 'ingress-access-control-list': + if rule.match_condition.src_address.security_group != sg_id: + if is_all_rules: + raise Exception('sg %s/%s not found in %s - for some rule' % + (str(fq_name), str(sg_id), acl_name)) + else: + match = True + break + if match == False: + raise Exception('sg %s/%s not found in %s' % + (str(fq_name), str(sg_id), acl_name)) + return + + @retries(5) + def check_no_policies_for_sg(self, fq_name): + try: + sg_obj = self._vnc_lib.security_group_read(fq_name) + sg_entries = sg_obj.get_security_group_entries() + if sg_entries.get_policy_rule(): + raise Exception('sg %s found policies' % (str(fq_name))) + except NoIdError: + pass + + @retries(5) + def check_sg_refer_list(self, sg_referred_by, sg_referrer, is_present): + self.assertEqual(is_present, sg_referred_by in config_db.SecurityGroupST._sg_dict.get(sg_referrer, [])) + + @retries(5) + def check_acl_not_match_sg(self, fq_name, acl_name, sg_id): + try: + sg_obj = self._vnc_lib.security_group_read(fq_name) + acls = sg_obj.get_access_control_lists() + acl = None + for acl_to in acls or []: + if (acl_to['to'][-1] != acl_name): + continue + acl = self._vnc_lib.access_control_list_read(id=acl_to['uuid']) + if acl == None: + return + for rule in acl.access_control_list_entries.acl_rule: + if acl_name == 'egress-access-control-list': + if rule.match_condition.dst_address.security_group == sg_id: + raise Exception('sg %s/%s found in %s - for some rule' % + (str(fq_name), str(sg_id), acl_name)) + if acl_name == 'ingress-access-control-list': + if rule.match_condition.src_address.security_group == sg_id: + raise Exception('sg %s/%s found in %s - for some rule' % + (str(fq_name), str(sg_id), acl_name)) + except NoIdError: + pass + + +class TestSecurityGroup(STTestCase, VerifySecurityGroup): + def _security_group_rule_build(self, rule_info, sg_fq_name_str): + protocol = rule_info['protocol'] + port_min = rule_info['port_min'] or 0 + port_max = rule_info['port_max'] or 65535 + direction = rule_info['direction'] or 'ingress' + ip_prefix = rule_info['ip_prefix'] + ether_type = rule_info['ether_type'] + + if ip_prefix: + cidr = ip_prefix.split('/') + pfx = cidr[0] + pfx_len = int(cidr[1]) + endpt = [AddressType(subnet=SubnetType(pfx, pfx_len))] + else: + endpt = [AddressType(security_group=sg_fq_name_str)] + + local = None + remote = None + if direction == 'ingress': + dir = '>' + local = endpt + remote = [AddressType(security_group='local')] + else: + dir = '>' + remote = endpt + local = [AddressType(security_group='local')] + + if not protocol: + protocol = 'any' + + if protocol.isdigit(): + protocol = int(protocol) + if protocol < 0 or protocol > 255: + raise Exception('SecurityGroupRuleInvalidProtocol-%s' % protocol) + else: + if protocol not in ['any', 'tcp', 'udp', 'icmp']: + raise Exception('SecurityGroupRuleInvalidProtocol-%s' % protocol) + + if not ip_prefix and not sg_fq_name_str: + if not ether_type: + ether_type = 'IPv4' + + sgr_uuid = str(uuid.uuid4()) + rule = PolicyRuleType(rule_uuid=sgr_uuid, direction=dir, + protocol=protocol, + src_addresses=local, + src_ports=[PortType(0, 65535)], + dst_addresses=remote, + dst_ports=[PortType(port_min, port_max)], + ethertype=ether_type) + return rule + #end _security_group_rule_build + + def _security_group_rule_append(self, sg_obj, sg_rule): + rules = sg_obj.get_security_group_entries() + if rules is None: + rules = PolicyEntriesType([sg_rule]) + else: + for sgr in rules.get_policy_rule() or []: + sgr_copy = copy.copy(sgr) + sgr_copy.rule_uuid = sg_rule.rule_uuid + if sg_rule == sgr_copy: + raise Exception('SecurityGroupRuleExists %s' % sgr.rule_uuid) + rules.add_policy_rule(sg_rule) + + sg_obj.set_security_group_entries(rules) + #end _security_group_rule_append + + def _security_group_rule_remove(self, sg_obj, sg_rule): + rules = sg_obj.get_security_group_entries() + if rules is None: + raise Exception('SecurityGroupRuleNotExists %s' % sgr.rule_uuid) + else: + for sgr in rules.get_policy_rule() or []: + if sgr.rule_uuid == sg_rule.rule_uuid: + rules.delete_policy_rule(sgr) + sg_obj.set_security_group_entries(rules) + return + raise Exception('SecurityGroupRuleNotExists %s' % sg_rule.rule_uuid) + + #end _security_group_rule_append + + def security_group_create(self, sg_name, project_fq_name): + project_obj = self._vnc_lib.project_read(project_fq_name) + sg_obj = SecurityGroup(name=sg_name, parent_obj=project_obj) + self._vnc_lib.security_group_create(sg_obj) + return sg_obj + #end security_group_create + + def test_sg_reference(self): + #create sg and associate egress rules with sg names + sg1_obj = self.security_group_create('sg-1', ['default-domain', + 'default-project']) + self.wait_to_get_sg_id(sg1_obj.get_fq_name()) + sg1_obj = self._vnc_lib.security_group_read(sg1_obj.get_fq_name()) + rule1 = {} + rule1['port_min'] = 0 + rule1['port_max'] = 65535 + rule1['direction'] = 'egress' + rule1['ip_prefix'] = None + rule1['protocol'] = 'any' + rule1['ether_type'] = 'IPv4' + #create rule with forward sg-names + sg_rule1 = self._security_group_rule_build(rule1, "default-domain:default-project:sg-2") + self._security_group_rule_append(sg1_obj, sg_rule1) + sg_rule3 = self._security_group_rule_build(rule1, "default-domain:default-project:sg-3") + self._security_group_rule_append(sg1_obj, sg_rule3) + self._vnc_lib.security_group_update(sg1_obj) + self.check_security_group_id(sg1_obj.get_fq_name()) + + #check ST SG refer dict for right association + self.check_sg_refer_list(sg1_obj.get_fq_name_str(), + "default-domain:default-project:sg-2", True) + self.check_sg_refer_list(sg1_obj.get_fq_name_str(), + "default-domain:default-project:sg-3", True) + sg1_obj = self._vnc_lib.security_group_read(sg1_obj.get_fq_name()) + + #create another sg and associate ingress rule and check acls + sg2_obj = self.security_group_create('sg-2', ['default-domain', + 'default-project']) + self.wait_to_get_sg_id(sg2_obj.get_fq_name()) + sg2_obj = self._vnc_lib.security_group_read(sg2_obj.get_fq_name()) + rule2 = {} + rule2['port_min'] = 0 + rule2['port_max'] = 65535 + rule2['direction'] = 'ingress' + rule2['ip_prefix'] = None + rule2['protocol'] = 'any' + rule2['ether_type'] = 'IPv4' + #reference to SG1 + sg_rule2 = self._security_group_rule_build(rule2, sg1_obj.get_fq_name_str()) + self._security_group_rule_append(sg2_obj, sg_rule2) + self._vnc_lib.security_group_update(sg2_obj) + self.check_security_group_id(sg2_obj.get_fq_name()) + + #check acl updates sg2 should have sg1 id and sg1 should have sg2 + self.check_acl_match_sg(sg2_obj.get_fq_name(), + 'ingress-access-control-list', + sg1_obj.get_security_group_id()) + + self.check_acl_match_sg(sg1_obj.get_fq_name(), + 'egress-access-control-list', + sg2_obj.get_security_group_id()) + + #create sg3 + sg3_obj = self.security_group_create('sg-3', ['default-domain', + 'default-project']) + self.check_sg_refer_list(sg1_obj.get_fq_name_str(), + sg3_obj.get_fq_name_str(), True) + + #remove sg2 reference rule from sg1 + self._security_group_rule_remove(sg1_obj, sg_rule1) + self._vnc_lib.security_group_update(sg1_obj) + self.check_acl_not_match_sg(sg1_obj.get_fq_name(), + 'egress-access-control-list', + sg2_obj.get_security_group_id()) + self.check_sg_refer_list(sg1_obj.get_fq_name_str(), + sg2_obj.get_fq_name_str(), False) + + #delete sg3 + self._vnc_lib.security_group_delete(fq_name=sg3_obj.get_fq_name()) + #sg1 still should have sg3 ref + self.check_sg_refer_list(sg1_obj.get_fq_name_str(), + sg3_obj.get_fq_name_str(), True) + + #delete sg3 ref rule from sg1 + self._security_group_rule_remove(sg1_obj, sg_rule3) + self._vnc_lib.security_group_update(sg1_obj) + self.check_acl_not_match_sg(sg1_obj.get_fq_name(), + 'egress-access-control-list', + sg3_obj.get_security_group_id()) + self.check_sg_refer_list(sg1_obj.get_fq_name_str(), + sg3_obj.get_fq_name_str(), False) + + #delete all SGs + self._vnc_lib.security_group_delete(fq_name=sg1_obj.get_fq_name()) + self._vnc_lib.security_group_delete(fq_name=sg2_obj.get_fq_name()) + + #end test_sg_reference + + def test_sg(self): + #create sg and associate egress rule and check acls + sg1_obj = self.security_group_create('sg-1', ['default-domain', + 'default-project']) + self.wait_to_get_sg_id(sg1_obj.get_fq_name()) + sg1_obj = self._vnc_lib.security_group_read(sg1_obj.get_fq_name()) + rule1 = {} + rule1['port_min'] = 0 + rule1['port_max'] = 65535 + rule1['direction'] = 'egress' + rule1['ip_prefix'] = None + rule1['protocol'] = 'any' + rule1['ether_type'] = 'IPv4' + sg_rule1 = self._security_group_rule_build(rule1, + sg1_obj.get_fq_name_str()) + self._security_group_rule_append(sg1_obj, sg_rule1) + self._vnc_lib.security_group_update(sg1_obj) + self.check_security_group_id(sg1_obj.get_fq_name()) + sg1_obj = self._vnc_lib.security_group_read(sg1_obj.get_fq_name()) + self.check_acl_match_sg(sg1_obj.get_fq_name(), + 'egress-access-control-list', + sg1_obj.get_security_group_id()) + + sg1_obj.set_configured_security_group_id(100) + self._vnc_lib.security_group_update(sg1_obj) + self.check_security_group_id(sg1_obj.get_fq_name(), 100) + sg1_obj = self._vnc_lib.security_group_read(sg1_obj.get_fq_name()) + self.check_acl_match_sg(sg1_obj.get_fq_name(), + 'egress-access-control-list', + sg1_obj.get_security_group_id()) + + #create another sg and associate ingress rule and check acls + sg2_obj = self.security_group_create('sg-2', ['default-domain', + 'default-project']) + self.wait_to_get_sg_id(sg2_obj.get_fq_name()) + sg2_obj = self._vnc_lib.security_group_read(sg2_obj.get_fq_name()) + rule2 = {} + rule2['port_min'] = 0 + rule2['port_max'] = 65535 + rule2['direction'] = 'ingress' + rule2['ip_prefix'] = None + rule2['protocol'] = 'any' + rule2['ether_type'] = 'IPv4' + sg_rule2 = self._security_group_rule_build(rule2, sg2_obj.get_fq_name_str()) + self._security_group_rule_append(sg2_obj, sg_rule2) + self._vnc_lib.security_group_update(sg2_obj) + self.check_security_group_id(sg2_obj.get_fq_name()) + self.check_acl_match_sg(sg2_obj.get_fq_name(), + 'ingress-access-control-list', + sg2_obj.get_security_group_id()) + + #add ingress and egress rules to same sg and check for both + sg_rule3 = self._security_group_rule_build(rule1, sg2_obj.get_fq_name_str()) + self._security_group_rule_append(sg2_obj, sg_rule3) + self._vnc_lib.security_group_update(sg2_obj) + self.check_security_group_id(sg2_obj.get_fq_name()) + self.check_acl_match_sg(sg2_obj.get_fq_name(), + 'egress-access-control-list', + sg2_obj.get_security_group_id()) + self.check_acl_match_sg(sg2_obj.get_fq_name(), + 'ingress-access-control-list', + sg2_obj.get_security_group_id()) + + #add one more ingress and egress + rule1['direction'] = 'ingress' + rule1['port_min'] = 1 + rule1['port_max'] = 100 + self._security_group_rule_append( + sg2_obj, self._security_group_rule_build( + rule1, sg2_obj.get_fq_name_str())) + rule1['direction'] = 'egress' + rule1['port_min'] = 101 + rule1['port_max'] = 200 + self._security_group_rule_append( + sg2_obj, self._security_group_rule_build( + rule1, sg2_obj.get_fq_name_str())) + self._vnc_lib.security_group_update(sg2_obj) + self.check_acl_match_sg(sg2_obj.get_fq_name(), + 'egress-access-control-list', + sg2_obj.get_security_group_id(), True) + self.check_acl_match_sg(sg2_obj.get_fq_name(), + 'ingress-access-control-list', + sg2_obj.get_security_group_id(), True) + + # duplicate security group id configured, vnc api allows + # isn't this a problem? + sg2_obj.set_configured_security_group_id(100) + self._vnc_lib.security_group_update(sg2_obj) + self.check_security_group_id(sg2_obj.get_fq_name(), 100) + + #sg id '0' is not allowed, should not get modified + sg1_obj.set_configured_security_group_id(0) + self._vnc_lib.security_group_update(sg1_obj) + self.check_security_group_id(sg1_obj.get_fq_name(), 8000001) + + # -ve security group id not allowed, should not get modified + sg1_obj.set_configured_security_group_id(-100) + self._vnc_lib.security_group_update(sg1_obj) + self.check_security_group_id(sg1_obj.get_fq_name(), -100) + + self._vnc_lib.security_group_delete(id=sg1_obj.uuid) + self._vnc_lib.security_group_delete(id=sg2_obj.uuid) + #end test_sg + + def test_delete_sg(self): + #create sg and associate egress rule and check acls + sg1_obj = self.security_group_create('sg-1', ['default-domain', + 'default-project']) + self.wait_to_get_sg_id(sg1_obj.get_fq_name()) + sg1_obj = self._vnc_lib.security_group_read(sg1_obj.get_fq_name()) + rule1 = {} + rule1['ip_prefix'] = None + rule1['protocol'] = 'any' + rule1['ether_type'] = 'IPv4' + rule1['sg_id'] = sg1_obj.get_security_group_id() + + rule1['direction'] = 'ingress' + rule1['port_min'] = 1 + rule1['port_max'] = 100 + rule_in_obj = self._security_group_rule_build(rule1, + sg1_obj.get_fq_name_str()) + rule1['direction'] = 'egress' + rule1['port_min'] = 101 + rule1['port_max'] = 200 + rule_eg_obj = self._security_group_rule_build(rule1, + sg1_obj.get_fq_name_str()) + + self._security_group_rule_append(sg1_obj, rule_in_obj) + self._security_group_rule_append(sg1_obj, rule_eg_obj) + self._vnc_lib.security_group_update(sg1_obj) + self.check_acl_match_sg(sg1_obj.get_fq_name(), + 'egress-access-control-list', + sg1_obj.get_security_group_id()) + self.check_acl_match_sg(sg1_obj.get_fq_name(), + 'ingress-access-control-list', + sg1_obj.get_security_group_id()) + + self._security_group_rule_remove(sg1_obj, rule_in_obj) + self._vnc_lib.security_group_update(sg1_obj) + self.check_acl_not_match_sg(sg1_obj.get_fq_name(), + 'ingress-access-control-list', + sg1_obj.get_security_group_id()) + self.check_acl_match_sg(sg1_obj.get_fq_name(), + 'egress-access-control-list', + sg1_obj.get_security_group_id()) + + self._security_group_rule_append(sg1_obj, rule_in_obj) + self._security_group_rule_remove(sg1_obj, rule_eg_obj) + self._vnc_lib.security_group_update(sg1_obj) + self.check_acl_match_sg(sg1_obj.get_fq_name(), + 'ingress-access-control-list', + sg1_obj.get_security_group_id()) + self.check_acl_not_match_sg(sg1_obj.get_fq_name(), + 'egress-access-control-list', + sg1_obj.get_security_group_id()) + + self._security_group_rule_remove(sg1_obj, rule_in_obj) + self._vnc_lib.security_group_update(sg1_obj) + self._vnc_lib.security_group_delete(fq_name=sg1_obj.get_fq_name()) + self.check_acl_not_match_sg(sg1_obj.get_fq_name(), + 'ingress-access-control-list', + sg1_obj.get_security_group_id()) + self.check_acl_not_match_sg(sg1_obj.get_fq_name(), + 'egress-access-control-list', + sg1_obj.get_security_group_id()) + #end test_delete_sg diff --git a/src/config/schema-transformer/test/test_service.py b/src/config/schema-transformer/test/test_service_policy.py similarity index 53% rename from src/config/schema-transformer/test/test_service.py rename to src/config/schema-transformer/test/test_service_policy.py index 725c41432fd..ae68cfb63ab 100644 --- a/src/config/schema-transformer/test/test_service.py +++ b/src/config/schema-transformer/test/test_service_policy.py @@ -1,16 +1,11 @@ # # Copyright (c) 2013 Juniper Networks, Inc. All rights reserved. # - import sys +import copy import gevent -sys.path.append("../common/tests") -from testtools.matchers import Equals, Contains, Not -from test_utils import * -import test_common -import test_case +from testtools.matchers import Contains, Not -from vnc_api.vnc_api import * try: import to_bgp except ImportError: @@ -19,68 +14,44 @@ import config_db except ImportError: from schema_transformer import config_db +from vnc_api.vnc_api import (VirtualNetwork, SequenceType, VirtualNetworkType, + VirtualNetworkPolicyType, NoIdError, NetworkIpam, VirtualMachine, + VnSubnetsType, IpamSubnetType, SubnetType, FloatingIpPool, + FloatingIp, VirtualMachineInterfacePropertiesType, PortType, + VirtualMachineInterface, InterfaceMirrorType, MirrorActionType, + ServiceChainInfo, RoutingPolicy, RoutingPolicyServiceInstanceType, + RouteListType, RouteAggregate,RouteTargetList, ServiceInterfaceTag, + PolicyBasedForwardingRuleType) + +from test_case import STTestCase, retries +from test_policy import VerifyPolicy +sys.path.append("../common/tests") +from test_utils import FakeIfmapClient, CassandraCFs +import test_common -from gevent import sleep - -def retry_exc_handler(tries_remaining, exception, delay): - print >> sys.stderr, "." - - -def retries(max_tries, delay=1, backoff=1, exceptions=(Exception,), - hook=retry_exc_handler): - def dec(func): - def f2(*args, **kwargs): - mydelay = delay - tries = range(max_tries) - tries.reverse() - for tries_remaining in tries: - try: - return func(*args, **kwargs) - except exceptions as e: - if tries_remaining > 0: - if hook is not None: - hook(tries_remaining, e, mydelay) - sleep(mydelay) - mydelay = mydelay * backoff - else: - raise - else: - break - return f2 - return dec - - -class TestPolicy(test_case.STTestCase): + +class VerifyServicePolicy(VerifyPolicy): + def __init__(self, vnc_lib): + self._vnc_lib = vnc_lib @retries(5) - def check_ri_asn(self, fq_name, rt_target): - ri = self._vnc_lib.routing_instance_read(fq_name) - rt_refs = ri.get_route_target_refs() - if not rt_refs: - print "retrying ... ", test_common.lineno() - raise Exception('ri_refs is None for %s' % fq_name) - for rt_ref in rt_refs: - if rt_ref['to'][0] == rt_target: - return - raise Exception('rt_target %s not found in ri %s' % (rt_target, fq_name)) + def wait_to_get_sc(self, left_vn=None, right_vn=None, si_name=None): + for sc in to_bgp.ServiceChain.values(): + if (left_vn in (None, sc.left_vn) and + right_vn in (None, sc.right_vn) and + si_name in (sc.service_list[0], None)): + return sc.name + raise Exception('Service chain not found') @retries(5) - def check_bgp_asn(self, fq_name, asn): - router = self._vnc_lib.bgp_router_read(fq_name) - params = router.get_bgp_router_parameters() - if not params: - print "retrying ... ", test_common.lineno() - raise Exception('bgp params is None for %s' % fq_name) - self.assertEqual(params.get_autonomous_system(), asn) + def wait_to_get_link(self, ident_name, link_fq_name): + self.assertThat(str(FakeIfmapClient._graph[ident_name]['links']), + Contains(link_fq_name)) @retries(5) - def check_lr_asn(self, fq_name, rt_target): - router = self._vnc_lib.logical_router_read(fq_name) - rt_refs = router.get_route_target_refs() - if not rt_refs: - print "retrying ... ", test_common.lineno() - raise Exception('ri_refs is None for %s' % fq_name) - self.assertEqual(rt_refs[0]['to'][0], rt_target) + def wait_to_remove_link(self, ident_name, link_fq_name): + self.assertThat(str(FakeIfmapClient._graph[ident_name]['links']), + Not(Contains(link_fq_name))) @retries(5) def check_service_chain_prefix_match(self, fq_name, prefix): @@ -161,198 +132,13 @@ def check_service_chain_pbf_rules(self, vn1, vn2, sc_ri_name, service_name, sc_i self.assertEqual(pbf_rule, expected_pbf) return raise Exception('Service chain pbf rules not found for %s' % service_ri_fq_name) - + @retries(5) def check_service_chain_ip(self, sc_name): _SC_IP_CF = 'service_chain_ip_address_table' cf = CassandraCFs.get_cf(_SC_IP_CF) ip = cf.get(sc_name)['ip_address'] - @retries(5) - def check_ri_ref_present(self, fq_name, to_fq_name): - ri = self._vnc_lib.routing_instance_read(fq_name) - for ri_ref in ri.get_routing_instance_refs() or []: - if ri_ref['to'] == to_fq_name: - return - raise Exception('ri_ref not found from %s to %s' % (fq_name, to_fq_name)) - - @retries(5) - def check_ri_ref_not_present(self, fq_name, to_fq_name): - ri = self._vnc_lib.routing_instance_read(fq_name) - for ri_ref in ri.get_routing_instance_refs() or []: - if ri_ref['to'] == to_fq_name: - raise Exception('ri_ref found from %s to %s' % (fq_name, to_fq_name)) - - @retries(5) - def check_default_ri_rtgt_imported(self, fq_name, service_ri_fq_name): - ri = self._vnc_lib.routing_instance_read(fq_name) - service_ri = self._vnc_lib.routing_instance_read(service_ri_fq_name) - to_fq_names = [rt_ref['to'] for rt_ref in service_ri.get_route_target_refs()] - for rt_ref in ri.get_route_target_refs() or []: - if rt_ref['to'] in to_fq_names: - return - raise Exception('%s not imported to service_ri:%s ' % (rt_ref['to'], - service_ri_fq_name)) - - @retries(5) - def check_default_ri_rtgt_not_imported(self, fq_name, service_ri_fq_name): - ri = self._vnc_lib.routing_instance_read(fq_name) - service_ri = self._vnc_lib.routing_instance_read(service_ri_fq_name) - to_fq_names = [rt_ref['to'] for rt_ref in service_ri.get_route_target_refs()] - for rt_ref in ri.get_route_target_refs() or []: - if rt_ref['to'] in to_fq_names: - raise Exception('%s imported to service_ri:%s ' % (rt_ref['to'], - service_ri_fq_name)) - - @retries(5) - def check_ri_refs_are_deleted(self, fq_name): - ri = self._vnc_lib.routing_instance_read(fq_name) - ri_refs = ri.get_routing_instance_refs() - if ri_refs: - print "retrying ... ", test_common.lineno() - raise Exception('ri_refs still exist for %s' % fq_name) - - @retries(5) - def delete_vn(self, fq_name): - try: - self._vnc_lib.virtual_network_delete(fq_name=fq_name) - print 'vn deleted' - except RefsExistError: - print "retrying ... ", test_common.lineno() - raise Exception('virtual network %s still exists' % str(fq_name)) - - @retries(5) - def check_st_vm_is_deleted(self, name): - vm_obj = config_db.VirtualMachineST.get(name) - if vm_obj is not None: - raise Exception('vm %s still exists' % name) - return - - @retries(5) - def check_lr_is_deleted(self, uuid): - try: - self._vnc_lib.logical_router_read(id=uuid) - print "retrying ... ", test_common.lineno() - raise Exception('logical router %s still exists' % uuid) - except NoIdError: - print 'lr deleted' - - @retries(5) - def check_rt_is_deleted(self, name): - try: - self._vnc_lib.route_target_read(fq_name=[name]) - print "retrying ... ", test_common.lineno() - raise Exception('rt %s still exists' % name) - except NoIdError: - print 'rt deleted' - - @retries(5) - def check_vn_is_deleted(self, uuid): - try: - self._vnc_lib.virtual_network_read(id=uuid) - print "retrying ... ", test_common.lineno() - raise Exception('virtual network %s still exists' % uuid) - except NoIdError: - print 'vn deleted' - - @retries(5) - def check_all_vmis_are_deleted(self): - vmi_list = self._vnc_lib.virtual_machine_interfaces_list() - if vmi_list['virtual-machine-interfaces']: - raise Exception('virtual machine interfaces still exist' + str(vmi_list)) - print 'all virtual machine interfaces deleted' - - @retries(5) - def check_ri_is_deleted(self, fq_name): - try: - self._vnc_lib.routing_instance_read(fq_name) - print "retrying ... ", test_common.lineno() - raise Exception('routing instance %s still exists' % fq_name) - except NoIdError: - print 'ri deleted' - - @retries(5) - def check_ri_is_present(self, fq_name): - self._vnc_lib.routing_instance_read(fq_name) - - @retries(5) - def check_link_in_ifmap_graph(self, fq_name_str, links): - self._vnc_lib.routing_instance_read(fq_name) - - @retries(5) - def wait_to_get_object(self, obj_class, obj_name): - if obj_name not in obj_class._dict: - raise Exception('%s not found' % obj_name) - - @retries(5) - def wait_to_delete_object(self, obj_class, obj_name): - if obj_name in obj_class._dict: - raise Exception('%s still found' % obj_name) - - @retries(5) - def wait_to_get_sc(self, left_vn=None, right_vn=None, si_name=None): - for sc in to_bgp.ServiceChain.values(): - if (left_vn in (None, sc.left_vn) and - right_vn in (None, sc.right_vn) and - si_name in (sc.service_list[0], None)): - return sc.name - raise Exception('Service chain not found') - - @retries(5) - def wait_to_get_link(self, ident_name, link_fq_name): - self.assertThat(str(FakeIfmapClient._graph[ident_name]['links']), - Contains(link_fq_name)) - - @retries(5) - def wait_to_remove_link(self, ident_name, link_fq_name): - self.assertThat(str(FakeIfmapClient._graph[ident_name]['links']), - Not(Contains(link_fq_name))) - - @retries(5) - def wait_to_get_sg_id(self, sg_fq_name): - sg_obj = self._vnc_lib.security_group_read(sg_fq_name) - if sg_obj.get_security_group_id() is None: - raise Exception('Security Group Id is none %s' % str(sg_fq_name)) - - @retries(5) - def check_rt_in_ri(self, ri_name, rt_id, is_present, exim=None): - ri_obj = self._vnc_lib.routing_instance_read(fq_name=ri_name) - ri_rt_refs = [ref for ref in ri_obj.get_route_target_refs() or [] - if ref['to'][0] == rt_id] - if not is_present: - self.assertEqual(ri_rt_refs, []) - return - else: - self.assertEqual(ri_rt_refs[0]['to'][0], rt_id) - self.assertEqual(ri_rt_refs[0]['attr'].import_export, exim) - - @retries(5) - def check_acl_match_dst_cidr(self, fq_name, ip_prefix, ip_len): - acl = self._vnc_lib.access_control_list_read(fq_name) - for rule in acl.access_control_list_entries.acl_rule: - subnets = [] - if rule.match_condition.dst_address.subnet: - subnets.append(rule.match_condition.dst_address.subnet) - if rule.match_condition.dst_address.subnet_list: - subnets.extend(rule.match_condition.dst_address.subnet_list) - for subnet in subnets: - if (subnet.ip_prefix == ip_prefix and - subnet.ip_prefix_len == ip_len): - return - raise Exception('prefix %s/%d not found in ACL rules for %s' % - (ip_prefix, ip_len, fq_name)) - - @retries(5) - def check_acl_implicit_deny_rule(self, fq_name, src_vn, dst_vn): - acl = self._vnc_lib.access_control_list_read(fq_name) - for rule in acl.access_control_list_entries.acl_rule: - match_condition = rule.match_condition - if (match_condition.src_address.virtual_network == src_vn and - match_condition.dst_address.virtual_network == dst_vn and - rule.action_list.simple_action == 'deny'): - return - raise Exception('Implicit deny ACL rule not found') - @retries(5) def check_acl_match_nets(self, fq_name, vn1_fq_name, vn2_fq_name): acl = self._vnc_lib.access_control_list_read(fq_name) @@ -363,88 +149,6 @@ def check_acl_match_nets(self, fq_name, vn1_fq_name, vn2_fq_name): raise Exception('nets %s/%s not found in ACL rules for %s' % (vn1_fq_name, vn2_fq_name, fq_name)) - @retries(5) - def check_acl_action_assign_rules(self, fq_name, vn1_fq_name, vn2_fq_name, sc_ri_fq_name): - acl = self._vnc_lib.access_control_list_read(fq_name) - for rule in acl.access_control_list_entries.acl_rule: - if (rule.match_condition.src_address.virtual_network == vn1_fq_name and - rule.match_condition.dst_address.virtual_network == vn2_fq_name): - if rule.action_list.assign_routing_instance == sc_ri_fq_name: - return - raise Exception('vrf assign for nets %s/%s not matched in ACL rules for %s; sc: %s' % - (vn1_fq_name, vn2_fq_name, fq_name, sc_ri_fq_name)) - - @retries(5) - def check_acl_match_sg(self, fq_name, acl_name, sg_id, is_all_rules = False): - sg_obj = self._vnc_lib.security_group_read(fq_name) - acls = sg_obj.get_access_control_lists() - acl = None - for acl_to in acls or []: - if (acl_to['to'][-1] == acl_name): - acl = self._vnc_lib.access_control_list_read(id=acl_to['uuid']) - break - self.assertTrue(acl != None) - match = False - for rule in acl.access_control_list_entries.acl_rule: - if acl_name == 'egress-access-control-list': - if rule.match_condition.dst_address.security_group != sg_id: - if is_all_rules: - raise Exception('sg %s/%s not found in %s - for some rule' % - (str(fq_name), str(sg_id), acl_name)) - else: - match = True - break - if acl_name == 'ingress-access-control-list': - if rule.match_condition.src_address.security_group != sg_id: - if is_all_rules: - raise Exception('sg %s/%s not found in %s - for some rule' % - (str(fq_name), str(sg_id), acl_name)) - else: - match = True - break - if match == False: - raise Exception('sg %s/%s not found in %s' % - (str(fq_name), str(sg_id), acl_name)) - return - - @retries(5) - def check_no_policies_for_sg(self, fq_name): - try: - sg_obj = self._vnc_lib.security_group_read(fq_name) - sg_entries = sg_obj.get_security_group_entries() - if sg_entries.get_policy_rule(): - raise Exception('sg %s found policies' % (str(fq_name))) - except NoIdError: - pass - - @retries(5) - def check_sg_refer_list(self, sg_referred_by, sg_referrer, is_present): - self.assertEqual(is_present, sg_referred_by in config_db.SecurityGroupST._sg_dict.get(sg_referrer, [])) - - @retries(5) - def check_acl_not_match_sg(self, fq_name, acl_name, sg_id): - try: - sg_obj = self._vnc_lib.security_group_read(fq_name) - acls = sg_obj.get_access_control_lists() - acl = None - for acl_to in acls or []: - if (acl_to['to'][-1] != acl_name): - continue - acl = self._vnc_lib.access_control_list_read(id=acl_to['uuid']) - if acl == None: - return - for rule in acl.access_control_list_entries.acl_rule: - if acl_name == 'egress-access-control-list': - if rule.match_condition.dst_address.security_group == sg_id: - raise Exception('sg %s/%s found in %s - for some rule' % - (str(fq_name), str(sg_id), acl_name)) - if acl_name == 'ingress-access-control-list': - if rule.match_condition.src_address.security_group == sg_id: - raise Exception('sg %s/%s found in %s - for some rule' % - (str(fq_name), str(sg_id), acl_name)) - except NoIdError: - pass - @retries(5) def check_acl_not_match_nets(self, fq_name, vn1_fq_name, vn2_fq_name): acl = None @@ -462,6 +166,14 @@ def check_acl_not_match_nets(self, fq_name, vn1_fq_name, vn2_fq_name): (vn1_fq_name, vn2_fq_name, fq_name)) return + @retries(5) + def check_acl_match_mirror_to_ip(self, fq_name): + acl = self._vnc_lib.access_control_list_read(fq_name) + for rule in acl.access_control_list_entries.acl_rule: + if (rule.action_list.mirror_to.analyzer_ip_address is not None): + return + raise Exception('mirror to ip not found in ACL rules for %s' % (fq_name)) + @retries(5) def check_acl_not_match_mirror_to_ip(self, fq_name): acl = None @@ -474,191 +186,76 @@ def check_acl_not_match_mirror_to_ip(self, fq_name): raise Exception('mirror to ip %s found in ACL rules for %s' % (fq_name)) return - @retries(5) - def check_acl_match_mirror_to_ip(self, fq_name): - acl = self._vnc_lib.access_control_list_read(fq_name) - for rule in acl.access_control_list_entries.acl_rule: - if (rule.action_list.mirror_to.analyzer_ip_address is not None): - return - raise Exception('mirror to ip not found in ACL rules for %s' % (fq_name)) + @retries(10) + def check_vrf_assign_table(self, vmi_fq_name, floating_ip, is_present = True): + vmi = self._vnc_lib.virtual_machine_interface_read(vmi_fq_name) + if is_present: + self.assertEqual(vmi.get_vrf_assign_table().vrf_assign_rule[1].match_condition.src_address.subnet.ip_prefix, floating_ip) + else: + try: + self.assertEqual(vmi.get_vrf_assign_table().vrf_assign_rule[1].match_condition.src_address.subnet.ip_prefix, floating_ip) + raise Exception('floating is still present: ' + floating_ip) + except: + pass @retries(5) - def check_route_target_in_routing_instance(self, ri_name, rt_list): - ri_obj = self._vnc_lib.routing_instance_read(fq_name=ri_name) - ri_rt_refs = set([ref['to'][0] for ref in ri_obj.get_route_target_refs() or []]) - self.assertTrue(set(rt_list) <= ri_rt_refs) + def check_st_vm_is_deleted(self, name): + vm_obj = config_db.VirtualMachineST.get(name) + if vm_obj is not None: + raise Exception('vm %s still exists' % name) + return @retries(5) - def check_bgp_router_ip(self, router_name, ip): - router_obj = self._vnc_lib.bgp_router_read(fq_name_str=router_name) - self.assertEqual(router_obj.get_bgp_router_parameters().address, - ip) - @retries(5) - def check_bgp_router_identifier(self, router_name, ip): - router_obj = self._vnc_lib.bgp_router_read(fq_name_str=router_name) - self.assertEqual(router_obj.get_bgp_router_parameters().identifier, - ip) - - def get_ri_name(self, vn, ri_name=None): - return vn.get_fq_name() + [ri_name or vn.name] - - def test_basic_policy(self): - vn1_name = self.id() + 'vn1' - vn2_name = self.id() + 'vn2' - vn1_obj = VirtualNetwork(vn1_name) - vn2_obj = VirtualNetwork(vn2_name) - - np = self.create_network_policy(vn1_obj, vn2_obj) - seq = SequenceType(1, 1) - vnp = VirtualNetworkPolicyType(seq) - vn1_obj.set_network_policy(np, vnp) - vn2_obj.set_network_policy(np, vnp) - vn1_uuid = self._vnc_lib.virtual_network_create(vn1_obj) - vn2_uuid = self._vnc_lib.virtual_network_create(vn2_obj) - - for obj in [vn1_obj, vn2_obj]: - ident_name = self.get_obj_imid(obj) - gevent.sleep(2) - ifmap_ident = self.assertThat(FakeIfmapClient._graph, Contains(ident_name)) - - self.check_ri_ref_present(self.get_ri_name(vn1_obj), - self.get_ri_name(vn2_obj)) - self.check_ri_ref_present(self.get_ri_name(vn2_obj), - self.get_ri_name(vn1_obj)) - - vn1_obj.del_network_policy(np) - vn2_obj.del_network_policy(np) - self._vnc_lib.virtual_network_update(vn1_obj) - self._vnc_lib.virtual_network_update(vn2_obj) - - self.check_ri_refs_are_deleted(fq_name=self.get_ri_name(vn2_obj)) - - self.delete_network_policy(np) - self._vnc_lib.virtual_network_delete(fq_name=vn1_obj.get_fq_name()) - self._vnc_lib.virtual_network_delete(fq_name=vn2_obj.get_fq_name()) - - self.check_vn_is_deleted(uuid=vn1_obj.uuid) - self.check_ri_is_deleted(fq_name=self.get_ri_name(vn2_obj)) - # end test_basic_policy - - def test_multiple_policy(self): - vn1_name = self.id() + 'vn1' - vn2_name = self.id() + 'vn2' - vn1_obj = VirtualNetwork(vn1_name) - vn2_obj = VirtualNetwork(vn2_name) - - np1 = self.create_network_policy(vn1_obj, vn2_obj) - np2 = self.create_network_policy(vn2_obj, vn1_obj) - seq = SequenceType(1, 1) - vnp = VirtualNetworkPolicyType(seq) - vn1_obj.set_network_policy(np1, vnp) - vn2_obj.set_network_policy(np2, vnp) - vn1_uuid = self._vnc_lib.virtual_network_create(vn1_obj) - vn2_uuid = self._vnc_lib.virtual_network_create(vn2_obj) - - self.check_ri_ref_present(self.get_ri_name(vn1_obj), - self.get_ri_name(vn2_obj)) - self.check_ri_ref_present(self.get_ri_name(vn2_obj), - self.get_ri_name(vn1_obj)) - - np1.network_policy_entries.policy_rule[0].action_list.simple_action = 'deny' - np1.set_network_policy_entries(np1.network_policy_entries) - self._vnc_lib.network_policy_update(np1) - - expr =("('contrail:connection contrail:routing-instance:%s' in FakeIfmapClient._graph['contrail:routing-instance:%s']['links'])" - % (':'.join(self.get_ri_name(vn2_obj)), - ':'.join(self.get_ri_name(vn1_obj)))) - self.assertTill(expr) - np1.network_policy_entries.policy_rule[0].action_list.simple_action = 'pass' - np1.set_network_policy_entries(np1.network_policy_entries) - self._vnc_lib.network_policy_update(np1) - np2.network_policy_entries.policy_rule[0].action_list.simple_action = 'deny' - np2.set_network_policy_entries(np2.network_policy_entries) - self._vnc_lib.network_policy_update(np2) - - expr = ("('contrail:connection contrail:routing-instance:%s' in FakeIfmapClient._graph['contrail:routing-instance:%s']['links'])" - % (':'.join(self.get_ri_name(vn1_obj)), - ':'.join(self.get_ri_name(vn2_obj)))) - - self.assertTill(expr) - vn1_obj.del_network_policy(np1) - vn2_obj.del_network_policy(np2) - self._vnc_lib.virtual_network_update(vn1_obj) - self._vnc_lib.virtual_network_update(vn2_obj) - - self.check_ri_refs_are_deleted(fq_name=self.get_ri_name(vn2_obj)) - - self.delete_network_policy(np1) - self.delete_network_policy(np2) - self._vnc_lib.virtual_network_delete(fq_name=vn1_obj.get_fq_name()) - self._vnc_lib.virtual_network_delete(fq_name=vn2_obj.get_fq_name()) - - self.check_vn_is_deleted(uuid=vn1_obj.uuid) - # end test_multiple_policy - - def test_policy_in_policy(self): - vn1_name = self.id() + 'vn1' - vn2_name = self.id() + 'vn2' - vn3_name = self.id() + 'vn3' - vn1_obj = VirtualNetwork(vn1_name) - vn2_obj = VirtualNetwork(vn2_name) - - np1 = self.create_network_policy(vn1_obj, vn2_obj) - np2 = self.create_network_policy(vn2_obj, vn1_obj) - - np1.network_policy_entries.policy_rule[0].dst_addresses[0].virtual_network = None - np1.network_policy_entries.policy_rule[0].dst_addresses[0].network_policy = np2.get_fq_name_str() - np1.set_network_policy_entries(np1.network_policy_entries) - self._vnc_lib.network_policy_update(np1) - - np2.network_policy_entries.policy_rule[0].src_addresses[0].virtual_network = 'local' - np2.set_network_policy_entries(np1.network_policy_entries) - self._vnc_lib.network_policy_update(np2) - seq = SequenceType(1, 1) - vnp = VirtualNetworkPolicyType(seq) - vn1_obj.set_network_policy(np1, vnp) - vn2_obj.set_network_policy(np2, vnp) - vn1_uuid = self._vnc_lib.virtual_network_create(vn1_obj) - vn2_uuid = self._vnc_lib.virtual_network_create(vn2_obj) - - self.check_ri_ref_present(self.get_ri_name(vn1_obj), - self.get_ri_name(vn2_obj)) - self.check_ri_ref_present(self.get_ri_name(vn2_obj), - self.get_ri_name(vn1_obj)) - - vn3_obj = VirtualNetwork(vn3_name) - vn3_obj.set_network_policy(np2, vnp) - vn3_uuid = self._vnc_lib.virtual_network_create(vn3_obj) + def check_default_ri_rtgt_imported(self, fq_name, service_ri_fq_name): + ri = self._vnc_lib.routing_instance_read(fq_name) + service_ri = self._vnc_lib.routing_instance_read(service_ri_fq_name) + to_fq_names = [rt_ref['to'] for rt_ref in service_ri.get_route_target_refs()] + for rt_ref in ri.get_route_target_refs() or []: + if rt_ref['to'] in to_fq_names: + return + raise Exception('%s not imported to service_ri:%s ' % (rt_ref['to'], + service_ri_fq_name)) - self.check_ri_ref_present(self.get_ri_name(vn3_obj), - self.get_ri_name(vn1_obj)) + @retries(5) + def check_default_ri_rtgt_not_imported(self, fq_name, service_ri_fq_name): + ri = self._vnc_lib.routing_instance_read(fq_name) + service_ri = self._vnc_lib.routing_instance_read(service_ri_fq_name) + to_fq_names = [rt_ref['to'] for rt_ref in service_ri.get_route_target_refs()] + for rt_ref in ri.get_route_target_refs() or []: + if rt_ref['to'] in to_fq_names: + raise Exception('%s imported to service_ri:%s ' % (rt_ref['to'], + service_ri_fq_name)) - vn3_obj.del_network_policy(np2) - self._vnc_lib.virtual_network_update(vn3_obj) + @retries(5) + def delete_vn(self, fq_name): + try: + self._vnc_lib.virtual_network_delete(fq_name=fq_name) + print 'vn deleted' + except RefsExistError: + print "retrying ... ", test_common.lineno() + raise Exception('virtual network %s still exists' % str(fq_name)) - @retries(5) - def _match_acl_rule(): - acl = self._vnc_lib.access_control_list_read( - fq_name=self.get_ri_name(vn1_obj)) - for rule in acl.get_access_control_list_entries().get_acl_rule(): - if rule.match_condition.dst_address.virtual_network == vn3_obj.get_fq_name_str(): - raise Exception("ACL rule still present") + @retries(5) + def check_acl_action_assign_rules(self, fq_name, vn1_fq_name, vn2_fq_name, sc_ri_fq_name): + acl = self._vnc_lib.access_control_list_read(fq_name) + for rule in acl.access_control_list_entries.acl_rule: + if (rule.match_condition.src_address.virtual_network == vn1_fq_name and + rule.match_condition.dst_address.virtual_network == vn2_fq_name): + if rule.action_list.assign_routing_instance == sc_ri_fq_name: + return + raise Exception('vrf assign for nets %s/%s not matched in ACL rules for %s; sc: %s' % + (vn1_fq_name, vn2_fq_name, fq_name, sc_ri_fq_name)) - _match_acl_rule() + @retries(5) + def check_all_vmis_are_deleted(self): + vmi_list = self._vnc_lib.virtual_machine_interfaces_list() + if vmi_list['virtual-machine-interfaces']: + raise Exception('virtual machine interfaces still exist' + str(vmi_list)) + print 'all virtual machine interfaces deleted' - vn1_obj.del_network_policy(np1) - vn2_obj.del_network_policy(np2) - self._vnc_lib.virtual_network_update(vn1_obj) - self._vnc_lib.virtual_network_update(vn2_obj) - self.delete_network_policy(np1) - self.delete_network_policy(np2) - self._vnc_lib.virtual_network_delete(fq_name=vn1_obj.get_fq_name()) - self._vnc_lib.virtual_network_delete(fq_name=vn2_obj.get_fq_name()) - self._vnc_lib.virtual_network_delete(fq_name=vn3_obj.get_fq_name()) - self.check_vn_is_deleted(uuid=vn1_obj.uuid) - # end test_multiple_policy +class TestServicePolicy(STTestCase, VerifyServicePolicy): def service_policy_test_with_version(self, version=None): # create vn1 vn1_name = self.id() + 'vn1' @@ -996,7 +593,7 @@ def test_multi_service_in_policy(self): self.check_ri_ref_present(self.get_ri_name(vn2_obj, sc_ri_names[2]), self.get_ri_name(vn2_obj)) - si_name = 'default-domain:default-project:test.test_service.TestPolicy.test_multi_service_in_policys3' + si_name = 'default-domain:default-project:%s.test_multi_service_in_policys3' % self._class_str() sci = ServiceChainInfo(prefix = ['10.0.0.0/24'], routing_instance = ':'.join(self.get_ri_name(vn1_obj)), service_chain_address = '20.0.0.250', @@ -1230,289 +827,41 @@ def test_multi_policy_service_chain(self): self.check_ri_is_deleted(fq_name=self.get_ri_name(vn2_obj)) # end test_multi_policy_service_chain - -# end class TestPolicy - -#class TestRouteTable(test_case.STTestCase): - def test_add_delete_route(self): - lvn_name = self.id() + 'lvn' - rvn_name = self.id() + 'rvn' - lvn = self.create_virtual_network(lvn_name, "10.0.0.0/24") - rvn = self.create_virtual_network(rvn_name, "20.0.0.0/24") - - service_name = self.id() + 's1' - np = self.create_network_policy(lvn, rvn, [service_name], auto_policy=True, service_mode="in-network") - - vn_name = self.id() + 'vn100' - vn = self.create_virtual_network(vn_name, "1.0.0.0/24") - rtgt_list = RouteTargetList(route_target=['target:1:1']) - vn.set_route_target_list(rtgt_list) - exp_rtgt_list = RouteTargetList(route_target=['target:2:1']) - vn.set_export_route_target_list(exp_rtgt_list) - imp_rtgt_list = RouteTargetList(route_target=['target:3:1']) - vn.set_import_route_target_list(imp_rtgt_list) - self._vnc_lib.virtual_network_update(vn) - rt = RouteTable("rt1") - self._vnc_lib.route_table_create(rt) - vn.add_route_table(rt) - self._vnc_lib.virtual_network_update(vn) - routes = RouteTableType() - route = RouteType(prefix="0.0.0.0/0", - next_hop="default-domain:default-project:"+service_name) - routes.add_route(route) - rt.set_routes(routes) - self._vnc_lib.route_table_update(rt) - - @retries(5) - def _match_route_table(rtgt_list): - sc = [x for x in to_bgp.ServiceChain] - if len(sc) == 0: - raise Exception("sc has 0 len") - - sc_ri_name = ('service-'+sc[0] + - '-default-domain_default-project_' + service_name) - lri = self._vnc_lib.routing_instance_read( - fq_name=self.get_ri_name(lvn, sc_ri_name)) - sr = lri.get_static_route_entries() - if sr is None: - raise Exception("sr is None") - route = sr.route[0] - self.assertEqual(route.prefix, "0.0.0.0/0") - self.assertEqual(route.next_hop, "10.0.0.252") - for rtgt in rtgt_list: - self.assertIn(rtgt, route.route_target) - ri100 = self._vnc_lib.routing_instance_read( - fq_name=self.get_ri_name(vn)) - rt100 = set(ref['to'][0] for ref in ri100.get_route_target_refs()) - lrt = set(ref['to'][0] for ref in lri.get_route_target_refs() or []) - if rt100 & lrt: - return sc_ri_name, (rt100 & lrt) - raise Exception("rt100 route-target ref not found") - - sc_ri_name, rt100 = _match_route_table(rtgt_list.get_route_target() + - imp_rtgt_list.get_route_target()) - - rtgt_list.add_route_target('target:1:2') - vn.set_route_target_list(rtgt_list) - exp_rtgt_list.add_route_target('target:2:2') - vn.set_export_route_target_list(exp_rtgt_list) - imp_rtgt_list.add_route_target('target:3:2') - vn.set_import_route_target_list(imp_rtgt_list) - self._vnc_lib.virtual_network_update(vn) - _match_route_table(rtgt_list.get_route_target()) - - rtgt_list.delete_route_target('target:1:1') - vn.set_route_target_list(rtgt_list) - exp_rtgt_list.delete_route_target('target:2:1') - vn.set_export_route_target_list(exp_rtgt_list) - imp_rtgt_list.delete_route_target('target:3:1') - vn.set_import_route_target_list(imp_rtgt_list) - self._vnc_lib.virtual_network_update(vn) - _match_route_table(rtgt_list.get_route_target()) - - routes.set_route([]) - rt.set_routes(routes) - self._vnc_lib.route_table_update(rt) - - @retries(5) - def _match_route_table_cleanup(sc_ri_name, rt100): - lri = self._vnc_lib.routing_instance_read( - fq_name=self.get_ri_name(lvn, sc_ri_name)) - sr = lri.get_static_route_entries() - if sr and sr.route: - raise Exception("sr has route") - ri = self._vnc_lib.routing_instance_read( - fq_name=self.get_ri_name(lvn)) - rt_refs = ri.get_route_target_refs() - rt_set = set(ref['to'][0] for ref in ri.get_route_target_refs() or []) - if rt100 & rt_set: - raise Exception("route-target ref still found: %s" % (rt100 & rt_set)) - - _match_route_table_cleanup(sc_ri_name, rt100) - - # add the route again, then delete the network without deleting the - # link to route table - routes.add_route(route) - rt.set_routes(routes) - self._vnc_lib.route_table_update(rt) - _match_route_table(rtgt_list.get_route_target()) - self._vnc_lib.virtual_network_delete(fq_name=vn.get_fq_name()) - _match_route_table_cleanup(sc_ri_name, rt100) - - self._vnc_lib.route_table_delete(fq_name=rt.get_fq_name()) - self.delete_network_policy(np, auto_policy=True) - gevent.sleep(1) - self._vnc_lib.virtual_network_delete(fq_name=lvn.get_fq_name()) - self._vnc_lib.virtual_network_delete(fq_name=rvn.get_fq_name()) - # check if vn is deleted - self.check_vn_is_deleted(uuid=lvn.uuid) - self.check_vn_is_deleted(uuid=rvn.uuid) - self.check_vn_is_deleted(uuid=vn.uuid) - self.check_ri_is_deleted(fq_name=lvn.fq_name+[lvn.name]) - self.check_ri_is_deleted(fq_name=rvn.fq_name+[rvn.name]) - self.check_ri_is_deleted(fq_name=vn.fq_name+[vn.name]) - # test_add_delete_route - - def test_add_delete_static_route(self): - - vn1_name = 'vn1' - vn2_name = 'vn2' - vn1 = self.create_virtual_network(vn1_name, "1.0.0.0/24") - vn2 = self.create_virtual_network(vn2_name, "2.0.0.0/24") - - rt = RouteTable("rt1") - self._vnc_lib.route_table_create(rt) - vn1.add_route_table(rt) - self._vnc_lib.virtual_network_update(vn1) - routes = RouteTableType() - route = RouteType(prefix="1.1.1.1/0", - next_hop="10.10.10.10", next_hop_type="ip-address") - routes.add_route(route) - rt.set_routes(routes) - self._vnc_lib.route_table_update(rt) - - @retries(5) - def _match_route_table(vn, prefix, next_hop, should_present=True): - ri = self._vnc_lib.routing_instance_read( - fq_name=self.get_ri_name(vn)) - sr_list = ri.get_static_route_entries() - if sr_list is None: - if should_present: - raise Exception("sr is None") - else: - return - found = False - for sr in sr_list.get_route() or []: - if sr.prefix == prefix and sr.next_hop == next_hop: - found = True - break - if found != should_present: - raise Exception("route " + prefix + "" + next_hop + "not found") - return - - _match_route_table(vn1, "1.1.1.1/0", "10.10.10.10") - - route = RouteType(prefix="2.2.2.2/0", - next_hop="20.20.20.20", next_hop_type="ip-address") - routes.add_route(route) - rt.set_routes(routes) - - self._vnc_lib.route_table_update(rt) - _match_route_table(vn1, "1.1.1.1/0", "10.10.10.10") - _match_route_table(vn1, "2.2.2.2/0", "20.20.20.20") - - vn2.add_route_table(rt) - self._vnc_lib.virtual_network_update(vn2) - - _match_route_table(vn1, "1.1.1.1/0", "10.10.10.10") - _match_route_table(vn1, "2.2.2.2/0", "20.20.20.20") - _match_route_table(vn2, "1.1.1.1/0", "10.10.10.10") - _match_route_table(vn2, "2.2.2.2/0", "20.20.20.20") - - # delete second route and check vn ri sr entries - routes.delete_route(route) - rt.set_routes(routes) - self._vnc_lib.route_table_update(rt) - - _match_route_table(vn1, "2.2.2.2/0", "20.20.20.20", False) - _match_route_table(vn2, "2.2.2.2/0", "20.20.20.20", False) - - @retries(5) - def _match_route_table_cleanup(vn): - ri = self._vnc_lib.routing_instance_read( - fq_name=self.get_ri_name(vn)) - sr = ri.get_static_route_entries() - if sr and sr.route: - raise Exception("sr has route") - - vn2.del_route_table(rt) - self._vnc_lib.virtual_network_update(vn2) - _match_route_table(vn1, "1.1.1.1/0", "10.10.10.10") - _match_route_table_cleanup(vn2) - - # delete first route and check vn ri sr entries - rt.set_routes(None) - self._vnc_lib.route_table_update(rt) - - _match_route_table(vn1, "1.1.1.1/0", "10.10.10.10", False) - - vn1.del_route_table(rt) - self._vnc_lib.virtual_network_update(vn1) - _match_route_table_cleanup(vn1) - - vn1.add_route_table(rt) - self._vnc_lib.virtual_network_update(vn1) - - vn2.add_route_table(rt) - self._vnc_lib.virtual_network_update(vn2) - - routes.set_route([]) - rt.set_routes(routes) - self._vnc_lib.route_table_update(rt) - - _match_route_table_cleanup(vn1) - _match_route_table_cleanup(vn2) - - self._vnc_lib.virtual_network_delete(fq_name=vn1.get_fq_name()) - self._vnc_lib.virtual_network_delete(fq_name=vn2.get_fq_name()) - gevent.sleep(2) - self._vnc_lib.route_table_delete(fq_name=rt.get_fq_name()) - # test_add_delete_static_route - - def test_vn_delete(self): - vn_name = self.id() + 'vn' - vn = self.create_virtual_network(vn_name, "10.1.1.0/24") - gevent.sleep(2) - for obj in [vn]: - ident_name = self.get_obj_imid(obj) - ifmap_ident = self.assertThat(FakeIfmapClient._graph, Contains(ident_name)) - - self.check_vn_ri_state(fq_name=self.get_ri_name(vn)) - - # stop st - self._st_greenlet.kill() - gevent.sleep(5) - - # delete vn in api server - self._vnc_lib.virtual_network_delete(fq_name=vn.get_fq_name()) - - # start st on a free port - self._st_greenlet = gevent.spawn(test_common.launch_schema_transformer, - self.id(), self._api_server_ip, self._api_server_port) - gevent.sleep(2) - - # check if vn is deleted - self.check_vn_is_deleted(uuid=vn.uuid) - - # check if ri is deleted - self.check_ri_is_deleted(fq_name=self.get_ri_name(vn)) - # test_vn_delete - - @retries(5) - def check_vn_ri_state(self, fq_name): - ri = self._vnc_lib.routing_instance_read(fq_name) - - def test_policy_with_cidr(self): + def _test_multi_rule_service_chain(self): + # create vn1 vn1_name = self.id() + 'vn1' + vn1_obj = self.create_virtual_network(vn1_name, ['1.1.1.0/24', + '1.1.2.0/24', + '1000::/16']) + + # create vn2 vn2_name = self.id() + 'vn2' - vn1 = self.create_virtual_network(vn1_name, "10.1.1.0/24") - vn2 = self.create_virtual_network(vn2_name, "10.2.1.0/24") + vn2_obj = self.create_virtual_network(vn2_name, ['20.0.0.0/24', '2000::/16']) + rules = [] - rule1 = { "protocol": "icmp", - "direction": "<>", - "src-port": "any", - "src": {"type": "vn", "value": vn1}, - "dst": {"type": "cidr", "value": "10.2.1.1/32"}, - "dst-port": "any", - "action": "deny" + rule1 = {"protocol": "icmp", + "direction": "<>", + "src-port": 'any', + "src": [{"type": "cidr", "value": "1.1.1.0/24"}, + {"type": "vn", "value": vn1_obj}], + "dst": [{"type": "vn", "value": vn2_obj}], + "dst-port": 'any', + "action": "pass", + "service_list": [self.id() + 's1'], + "service_kwargs": {}, + "auto_policy": False } - rule2 = { "protocol": "icmp", - "direction": "<>", - "src-port": "any", - "src": {"type": "vn", "value": vn1}, - "dst": {"type": "cidr", "value": "10.2.1.2/32"}, - "dst-port": "any", - "action": "deny" + rule2 = {"protocol": "icmp", + "direction": "<>", + "src-port": 'any', + "src": [{"type": "vn", "value": vn1_obj}, + {"type": "cidr", "value": "1.1.2.0/24"}], + "dst": {"type": "vn", "value": vn2_obj}, + "dst-port": 'any', + "action": "pass", + "service_list": [self.id() + 's2'], + "service_kwargs": {}, + "auto_policy": False } rules.append(rule1) rules.append(rule2) @@ -1520,77 +869,104 @@ def test_policy_with_cidr(self): np = self.create_network_policy_with_multiple_rules(rules) seq = SequenceType(1, 1) vnp = VirtualNetworkPolicyType(seq) - vn1.set_network_policy(np, vnp) - self._vnc_lib.virtual_network_update(vn1) + vn1_obj.add_network_policy(np, vnp) + vn2_obj.add_network_policy(np, vnp) + vn1_obj.set_multi_policy_service_chains_enabled(True) + vn2_obj.set_multi_policy_service_chains_enabled(True) + self._vnc_lib.virtual_network_update(vn1_obj) + self._vnc_lib.virtual_network_update(vn2_obj) - for obj in [vn1]: - ident_name = self.get_obj_imid(obj) - gevent.sleep(2) - ifmap_ident = self.assertThat(FakeIfmapClient._graph, Contains(ident_name)) + for i in range(1, 3): + service_name = self.id() + 's%s' % i + si_name = 'default-domain:default-project:' + service_name + sc = self.wait_to_get_sc(si_name=si_name) + sc_ri_name = 'service-'+sc+'-default-domain_default-project_' + service_name + self.check_ri_ref_not_present(self.get_ri_name(vn1_obj), + self.get_ri_name(vn1_obj, sc_ri_name)) + self.check_default_ri_rtgt_imported(self.get_ri_name(vn1_obj), + self.get_ri_name(vn1_obj, sc_ri_name)) + self.check_ri_ref_not_present(self.get_ri_name(vn2_obj), + self.get_ri_name(vn2_obj, sc_ri_name)) + self.check_default_ri_rtgt_imported(self.get_ri_name(vn2_obj), + self.get_ri_name(vn2_obj, sc_ri_name)) + self.check_ri_ref_present(self.get_ri_name(vn1_obj), + self.get_ri_name(vn2_obj)) - self.check_vn_ri_state(fq_name=self.get_ri_name(vn1)) - self.check_acl_match_dst_cidr(fq_name=self.get_ri_name(vn1), - ip_prefix="10.2.1.1", ip_len=32) - self.check_acl_match_dst_cidr(fq_name=self.get_ri_name(vn1), - ip_prefix="10.2.1.2", ip_len=32) + sci = ServiceChainInfo(prefix=['1.1.1.0/24', '1.1.2.0/24'], + routing_instance = ':'.join(self.get_ri_name(vn1_obj)), + service_instance = si_name) + service_chain_address = '1.1.1.%s' % (253-i) + sci.service_chain_address = service_chain_address + self.check_service_chain_info(self.get_ri_name(vn2_obj, sc_ri_name), sci) + sci.prefix = ['1000::/16'] + if i == 1: + sci.service_chain_address = '1000:ffff:ffff:ffff:ffff:ffff:ffff:fffc' + else: + sci.service_chain_address = '1000:ffff:ffff:ffff:ffff:ffff:ffff:fffb' - #cleanup - self.delete_network_policy(np, auto_policy=True) - self._vnc_lib.virtual_network_delete(fq_name=vn1.get_fq_name()) - self._vnc_lib.virtual_network_delete(fq_name=vn2.get_fq_name()) + self.check_v6_service_chain_info(self.get_ri_name(vn2_obj, sc_ri_name), sci) + sci = ServiceChainInfo(prefix = ['20.0.0.0/24'], + routing_instance = ':'.join(self.get_ri_name(vn2_obj)), + service_chain_address=service_chain_address, + service_instance=si_name) + self.check_service_chain_info(self.get_ri_name(vn1_obj, sc_ri_name), sci) + sci.prefix = ['2000::/16'] + if i == 1: + sci.service_chain_address = '1000:ffff:ffff:ffff:ffff:ffff:ffff:fffc' + else: + sci.service_chain_address = '1000:ffff:ffff:ffff:ffff:ffff:ffff:fffb' + self.check_v6_service_chain_info(self.get_ri_name(vn1_obj, sc_ri_name), sci) - # check if vn is deleted - self.check_vn_is_deleted(uuid=vn1.uuid) - # end test_policy_with_cidr - def test_policy_with_cidr_and_vn(self): - vn1_name = self.id() + 'vn1' - vn2_name = self.id() + 'vn2' - vn1 = self.create_virtual_network(vn1_name, "10.1.1.0/24") - vn2 = self.create_virtual_network(vn2_name, ["10.2.1.0/24", "10.2.2.0/24"]) - rules = [] - rule1 = { "protocol": "icmp", - "direction": "<>", - "src-port": "any", - "src": {"type": "vn", "value": vn1}, - "dst": [{"type": "cidr_list", "value": ["10.2.1.0/24"]}, - {"type": "vn", "value": vn2}], - "dst-port": "any", - "action": "pass" - } - rules.append(rule1) - np = self.create_network_policy_with_multiple_rules(rules) - seq = SequenceType(1, 1) - vnp = VirtualNetworkPolicyType(seq) - vn1.set_network_policy(np, vnp) - self._vnc_lib.virtual_network_update(vn1) + rp = RoutingPolicy('rp1') + si_obj = self._vnc_lib.service_instance_read(fq_name_str=si_name) + si_rp = RoutingPolicyServiceInstanceType(left_sequence='1.0') + rp.add_service_instance(si_obj, si_rp) + self._vnc_lib.routing_policy_create(rp) + self.wait_to_get_object(config_db.RoutingPolicyST, + rp.get_fq_name_str()) + ident_name = self.get_obj_imid(rp) + self.wait_to_get_link(ident_name, ':'.join(self.get_ri_name(vn1_obj, sc_ri_name))) + rp.del_service_instance(si_obj) + self._vnc_lib.routing_policy_update(rp) + self.wait_to_remove_link(ident_name, ':'.join(self.get_ri_name(vn1_obj, sc_ri_name))) + self._vnc_lib.routing_policy_delete(id=rp.uuid) - for obj in [vn1]: - ident_name = self.get_obj_imid(obj) - gevent.sleep(2) - ifmap_ident = self.assertThat(FakeIfmapClient._graph, Contains(ident_name)) + rlist = RouteListType(route=['100.0.0.0/24']) + ra = RouteAggregate('ra1', aggregate_route_entries=rlist) - self.check_vn_ri_state(fq_name=self.get_ri_name(vn1)) + sit = ServiceInterfaceTag(interface_type='left') + ra.add_service_instance(si_obj, sit) + self._vnc_lib.route_aggregate_create(ra) + self.wait_to_get_object(config_db.RouteAggregateST, + ra.get_fq_name_str()) + ra = self._vnc_lib.route_aggregate_read(id=ra.uuid) + self.assertEqual(ra.get_aggregate_route_nexthop(), service_chain_address) + + ident_name = self.get_obj_imid(ra) + self.wait_to_get_link(ident_name, ':'.join(self.get_ri_name(vn1_obj, sc_ri_name))) + ra.del_service_instance(si_obj) + self._vnc_lib.route_aggregate_update(ra) + self.wait_to_remove_link(ident_name, ':'.join(self.get_ri_name(vn1_obj, sc_ri_name))) + self._vnc_lib.route_aggregate_delete(id=ra.uuid) - self.check_acl_match_dst_cidr(fq_name=self.get_ri_name(vn1), - ip_prefix="10.2.1.0", ip_len=24) - self.check_acl_implicit_deny_rule(fq_name=self.get_ri_name(vn1), - src_vn=':'.join(vn1.get_fq_name()), - dst_vn=':'.join(vn2.get_fq_name())) + vn1_obj.del_network_policy(np) + vn2_obj.del_network_policy(np) - #cleanup - self.delete_network_policy(np, auto_policy=True) - self._vnc_lib.virtual_network_delete(fq_name=vn1.get_fq_name()) - self._vnc_lib.virtual_network_delete(fq_name=vn2.get_fq_name()) + self._vnc_lib.virtual_network_update(vn1_obj) + self._vnc_lib.virtual_network_update(vn2_obj) + self.check_ri_refs_are_deleted(fq_name=self.get_ri_name(vn1_obj)) - # check if vn is deleted - self.check_vn_is_deleted(uuid=vn1.uuid) - self.check_vn_is_deleted(uuid=vn2.uuid) - # end test_policy_with_cidr_and_vn + self.delete_network_policy(np) + self._vnc_lib.virtual_network_delete(fq_name=vn1_obj.get_fq_name()) + self._vnc_lib.virtual_network_delete(fq_name=vn2_obj.get_fq_name()) + self.check_vn_is_deleted(uuid=vn1_obj.uuid) + self.check_vn_is_deleted(uuid=vn2_obj.uuid) + self.check_ri_is_deleted(fq_name=self.get_ri_name(vn2_obj)) + # end test_multi_rule_service_chain - # test st restart while service chain is configured def test_st_restart_service_chain_delete(self): # create vn1 vn1_name = self.id() + 'vn1' @@ -1731,117 +1107,7 @@ def test_st_restart_service_chain(self): self.check_ri_is_deleted(fq_name=self.get_ri_name(vn2_obj)) self.check_ri_is_deleted(fq_name=self.get_ri_name(vn1_obj, sc_ri_name)) self.check_ri_is_deleted(fq_name=self.get_ri_name(vn2_obj, sc_ri_name)) - #end - - # test logical router functionality - def test_logical_router(self): - # create vn1 - vn1_name = self.id() + 'vn1' - vn1_obj = self.create_virtual_network(vn1_name, '10.0.0.0/24') - - # create virtual machine interface - vmi_name = self.id() + 'vmi1' - vmi = VirtualMachineInterface(vmi_name, parent_type='project', fq_name=['default-domain', 'default-project', vmi_name]) - vmi.add_virtual_network(vn1_obj) - self._vnc_lib.virtual_machine_interface_create(vmi) - - # create logical router - lr_name = self.id() + 'lr1' - lr = LogicalRouter(lr_name) - rtgt_list = RouteTargetList(route_target=['target:1:1']) - lr.set_configured_route_target_list(rtgt_list) - lr.add_virtual_machine_interface(vmi) - self._vnc_lib.logical_router_create(lr) - - ri_name = self.get_ri_name(vn1_obj) - self.check_route_target_in_routing_instance(ri_name,rtgt_list.get_route_target()) - - rtgt_list.add_route_target('target:1:2') - lr.set_configured_route_target_list(rtgt_list) - self._vnc_lib.logical_router_update(lr) - self.check_route_target_in_routing_instance(ri_name, rtgt_list.get_route_target()) - - rtgt_list.delete_route_target('target:1:1') - lr.set_configured_route_target_list(rtgt_list) - self._vnc_lib.logical_router_update(lr) - self.check_route_target_in_routing_instance(ri_name, rtgt_list.get_route_target()) - - lr.del_virtual_machine_interface(vmi) - self._vnc_lib.logical_router_update(lr) - self._vnc_lib.virtual_machine_interface_delete(id=vmi.uuid) - self._vnc_lib.virtual_network_delete(id=vn1_obj.uuid) - self.check_vn_is_deleted(uuid=vn1_obj.uuid) - self._vnc_lib.logical_router_delete(id=lr.uuid) - self.check_lr_is_deleted(uuid=lr.uuid) - self.check_rt_is_deleted(name='target:64512:8000002') - - @retries(5) - def check_bgp_peering(self, router1, router2, length): - r1 = self._vnc_lib.bgp_router_read(fq_name=router1.get_fq_name()) - ref_names = [ref['to'] for ref in r1.get_bgp_router_refs() or []] - self.assertEqual(len(ref_names), length) - self.assertThat(ref_names, Contains(router2.get_fq_name())) - - def create_bgp_router(self, name, vendor, asn=None): - ip_fabric_ri = self._vnc_lib.routing_instance_read( - fq_name=['default-domain', 'default-project', 'ip-fabric', '__default__']) - router = BgpRouter(name, parent_obj=ip_fabric_ri) - params = BgpRouterParams() - params.vendor = 'contrail' - params.autonomous_system = asn - router.set_bgp_router_parameters(params) - self._vnc_lib.bgp_router_create(router) - return router - - def test_ibgp_auto_mesh(self): - # create router1 - r1_name = self.id() + 'router1' - router1 = self.create_bgp_router(r1_name, 'contrail') - - # create router2 - r2_name = self.id() + 'router2' - router2 = self.create_bgp_router(r2_name, 'contrail') - - self.check_bgp_peering(router1, router2, 1) - - r3_name = self.id() + 'router3' - router3 = self.create_bgp_router(r3_name, 'juniper', 1) - - self.check_bgp_peering(router1, router2, 1) - - params = router3.get_bgp_router_parameters() - params.autonomous_system = 64512 - router3.set_bgp_router_parameters(params) - self._vnc_lib.bgp_router_update(router3) - - self.check_bgp_peering(router1, router3, 2) - - r4_name = self.id() + 'router4' - router4 = self.create_bgp_router(r4_name, 'juniper', 1) - - gsc = self._vnc_lib.global_system_config_read( - fq_name=['default-global-system-config']) - - gsc.set_autonomous_system(1) - self.check_bgp_peering(router1, router4, 3) - - self._vnc_lib.bgp_router_delete(id=router1.uuid) - self._vnc_lib.bgp_router_delete(id=router2.uuid) - self._vnc_lib.bgp_router_delete(id=router3.uuid) - self._vnc_lib.bgp_router_delete(id=router4.uuid) - gevent.sleep(1) - - @retries(10) - def check_vrf_assign_table(self, vmi_fq_name, floating_ip, is_present = True): - vmi = self._vnc_lib.virtual_machine_interface_read(vmi_fq_name) - if is_present: - self.assertEqual(vmi.get_vrf_assign_table().vrf_assign_rule[1].match_condition.src_address.subnet.ip_prefix, floating_ip) - else: - try: - self.assertEqual(vmi.get_vrf_assign_table().vrf_assign_rule[1].match_condition.src_address.subnet.ip_prefix, floating_ip) - raise Exception('floating is still present: ' + floating_ip) - except: - pass + # end test_st_restart_service_chain def test_analyzer(self): # create vn1 @@ -1955,422 +1221,6 @@ def test_service_and_analyzer_policy(self): self.check_ri_is_deleted(fq_name=self.get_ri_name(vn2_obj)) # end test_service_and_analyzer_policy - @retries(5) - def check_security_group_id(self, sg_fq_name, verify_sg_id = None): - sg = self._vnc_lib.security_group_read(sg_fq_name) - sg_id = sg.get_security_group_id() - if sg_id is None: - raise Exception('sg id is not present for %s' % sg_fq_name) - if verify_sg_id is not None and str(sg_id) != str(verify_sg_id): - raise Exception('sg id is not same as passed value (%s, %s)' % - (str(sg_id), str(verify_sg_id))) - - def _security_group_rule_build(self, rule_info, sg_fq_name_str): - protocol = rule_info['protocol'] - port_min = rule_info['port_min'] or 0 - port_max = rule_info['port_max'] or 65535 - direction = rule_info['direction'] or 'ingress' - ip_prefix = rule_info['ip_prefix'] - ether_type = rule_info['ether_type'] - - if ip_prefix: - cidr = ip_prefix.split('/') - pfx = cidr[0] - pfx_len = int(cidr[1]) - endpt = [AddressType(subnet=SubnetType(pfx, pfx_len))] - else: - endpt = [AddressType(security_group=sg_fq_name_str)] - - local = None - remote = None - if direction == 'ingress': - dir = '>' - local = endpt - remote = [AddressType(security_group='local')] - else: - dir = '>' - remote = endpt - local = [AddressType(security_group='local')] - - if not protocol: - protocol = 'any' - - if protocol.isdigit(): - protocol = int(protocol) - if protocol < 0 or protocol > 255: - raise Exception('SecurityGroupRuleInvalidProtocol-%s' % protocol) - else: - if protocol not in ['any', 'tcp', 'udp', 'icmp']: - raise Exception('SecurityGroupRuleInvalidProtocol-%s' % protocol) - - if not ip_prefix and not sg_fq_name_str: - if not ether_type: - ether_type = 'IPv4' - - sgr_uuid = str(uuid.uuid4()) - rule = PolicyRuleType(rule_uuid=sgr_uuid, direction=dir, - protocol=protocol, - src_addresses=local, - src_ports=[PortType(0, 65535)], - dst_addresses=remote, - dst_ports=[PortType(port_min, port_max)], - ethertype=ether_type) - return rule - #end _security_group_rule_build - - def _security_group_rule_append(self, sg_obj, sg_rule): - rules = sg_obj.get_security_group_entries() - if rules is None: - rules = PolicyEntriesType([sg_rule]) - else: - for sgr in rules.get_policy_rule() or []: - sgr_copy = copy.copy(sgr) - sgr_copy.rule_uuid = sg_rule.rule_uuid - if sg_rule == sgr_copy: - raise Exception('SecurityGroupRuleExists %s' % sgr.rule_uuid) - rules.add_policy_rule(sg_rule) - - sg_obj.set_security_group_entries(rules) - #end _security_group_rule_append - - def _security_group_rule_remove(self, sg_obj, sg_rule): - rules = sg_obj.get_security_group_entries() - if rules is None: - raise Exception('SecurityGroupRuleNotExists %s' % sgr.rule_uuid) - else: - for sgr in rules.get_policy_rule() or []: - if sgr.rule_uuid == sg_rule.rule_uuid: - rules.delete_policy_rule(sgr) - sg_obj.set_security_group_entries(rules) - return - raise Exception('SecurityGroupRuleNotExists %s' % sg_rule.rule_uuid) - - #end _security_group_rule_append - - def security_group_create(self, sg_name, project_fq_name): - project_obj = self._vnc_lib.project_read(project_fq_name) - sg_obj = SecurityGroup(name=sg_name, parent_obj=project_obj) - self._vnc_lib.security_group_create(sg_obj) - return sg_obj - #end security_group_create - - def test_sg_reference(self): - #create sg and associate egress rules with sg names - sg1_obj = self.security_group_create('sg-1', ['default-domain', - 'default-project']) - self.wait_to_get_sg_id(sg1_obj.get_fq_name()) - sg1_obj = self._vnc_lib.security_group_read(sg1_obj.get_fq_name()) - rule1 = {} - rule1['port_min'] = 0 - rule1['port_max'] = 65535 - rule1['direction'] = 'egress' - rule1['ip_prefix'] = None - rule1['protocol'] = 'any' - rule1['ether_type'] = 'IPv4' - #create rule with forward sg-names - sg_rule1 = self._security_group_rule_build(rule1, "default-domain:default-project:sg-2") - self._security_group_rule_append(sg1_obj, sg_rule1) - sg_rule3 = self._security_group_rule_build(rule1, "default-domain:default-project:sg-3") - self._security_group_rule_append(sg1_obj, sg_rule3) - self._vnc_lib.security_group_update(sg1_obj) - self.check_security_group_id(sg1_obj.get_fq_name()) - - #check ST SG refer dict for right association - self.check_sg_refer_list(sg1_obj.get_fq_name_str(), - "default-domain:default-project:sg-2", True) - self.check_sg_refer_list(sg1_obj.get_fq_name_str(), - "default-domain:default-project:sg-3", True) - sg1_obj = self._vnc_lib.security_group_read(sg1_obj.get_fq_name()) - - #create another sg and associate ingress rule and check acls - sg2_obj = self.security_group_create('sg-2', ['default-domain', - 'default-project']) - self.wait_to_get_sg_id(sg2_obj.get_fq_name()) - sg2_obj = self._vnc_lib.security_group_read(sg2_obj.get_fq_name()) - rule2 = {} - rule2['port_min'] = 0 - rule2['port_max'] = 65535 - rule2['direction'] = 'ingress' - rule2['ip_prefix'] = None - rule2['protocol'] = 'any' - rule2['ether_type'] = 'IPv4' - #reference to SG1 - sg_rule2 = self._security_group_rule_build(rule2, sg1_obj.get_fq_name_str()) - self._security_group_rule_append(sg2_obj, sg_rule2) - self._vnc_lib.security_group_update(sg2_obj) - self.check_security_group_id(sg2_obj.get_fq_name()) - - #check acl updates sg2 should have sg1 id and sg1 should have sg2 - self.check_acl_match_sg(sg2_obj.get_fq_name(), - 'ingress-access-control-list', - sg1_obj.get_security_group_id()) - - self.check_acl_match_sg(sg1_obj.get_fq_name(), - 'egress-access-control-list', - sg2_obj.get_security_group_id()) - - #create sg3 - sg3_obj = self.security_group_create('sg-3', ['default-domain', - 'default-project']) - self.check_sg_refer_list(sg1_obj.get_fq_name_str(), - sg3_obj.get_fq_name_str(), True) - - #remove sg2 reference rule from sg1 - self._security_group_rule_remove(sg1_obj, sg_rule1) - self._vnc_lib.security_group_update(sg1_obj) - self.check_acl_not_match_sg(sg1_obj.get_fq_name(), - 'egress-access-control-list', - sg2_obj.get_security_group_id()) - self.check_sg_refer_list(sg1_obj.get_fq_name_str(), - sg2_obj.get_fq_name_str(), False) - - #delete sg3 - self._vnc_lib.security_group_delete(fq_name=sg3_obj.get_fq_name()) - #sg1 still should have sg3 ref - self.check_sg_refer_list(sg1_obj.get_fq_name_str(), - sg3_obj.get_fq_name_str(), True) - - #delete sg3 ref rule from sg1 - self._security_group_rule_remove(sg1_obj, sg_rule3) - self._vnc_lib.security_group_update(sg1_obj) - self.check_acl_not_match_sg(sg1_obj.get_fq_name(), - 'egress-access-control-list', - sg3_obj.get_security_group_id()) - self.check_sg_refer_list(sg1_obj.get_fq_name_str(), - sg3_obj.get_fq_name_str(), False) - - #delete all SGs - self._vnc_lib.security_group_delete(fq_name=sg1_obj.get_fq_name()) - self._vnc_lib.security_group_delete(fq_name=sg2_obj.get_fq_name()) - - #end test_sg_reference - - def test_sg(self): - #create sg and associate egress rule and check acls - sg1_obj = self.security_group_create('sg-1', ['default-domain', - 'default-project']) - self.wait_to_get_sg_id(sg1_obj.get_fq_name()) - sg1_obj = self._vnc_lib.security_group_read(sg1_obj.get_fq_name()) - rule1 = {} - rule1['port_min'] = 0 - rule1['port_max'] = 65535 - rule1['direction'] = 'egress' - rule1['ip_prefix'] = None - rule1['protocol'] = 'any' - rule1['ether_type'] = 'IPv4' - sg_rule1 = self._security_group_rule_build(rule1, - sg1_obj.get_fq_name_str()) - self._security_group_rule_append(sg1_obj, sg_rule1) - self._vnc_lib.security_group_update(sg1_obj) - self.check_security_group_id(sg1_obj.get_fq_name()) - sg1_obj = self._vnc_lib.security_group_read(sg1_obj.get_fq_name()) - self.check_acl_match_sg(sg1_obj.get_fq_name(), - 'egress-access-control-list', - sg1_obj.get_security_group_id()) - - sg1_obj.set_configured_security_group_id(100) - self._vnc_lib.security_group_update(sg1_obj) - self.check_security_group_id(sg1_obj.get_fq_name(), 100) - sg1_obj = self._vnc_lib.security_group_read(sg1_obj.get_fq_name()) - self.check_acl_match_sg(sg1_obj.get_fq_name(), - 'egress-access-control-list', - sg1_obj.get_security_group_id()) - - #create another sg and associate ingress rule and check acls - sg2_obj = self.security_group_create('sg-2', ['default-domain', - 'default-project']) - self.wait_to_get_sg_id(sg2_obj.get_fq_name()) - sg2_obj = self._vnc_lib.security_group_read(sg2_obj.get_fq_name()) - rule2 = {} - rule2['port_min'] = 0 - rule2['port_max'] = 65535 - rule2['direction'] = 'ingress' - rule2['ip_prefix'] = None - rule2['protocol'] = 'any' - rule2['ether_type'] = 'IPv4' - sg_rule2 = self._security_group_rule_build(rule2, sg2_obj.get_fq_name_str()) - self._security_group_rule_append(sg2_obj, sg_rule2) - self._vnc_lib.security_group_update(sg2_obj) - self.check_security_group_id(sg2_obj.get_fq_name()) - self.check_acl_match_sg(sg2_obj.get_fq_name(), - 'ingress-access-control-list', - sg2_obj.get_security_group_id()) - - #add ingress and egress rules to same sg and check for both - sg_rule3 = self._security_group_rule_build(rule1, sg2_obj.get_fq_name_str()) - self._security_group_rule_append(sg2_obj, sg_rule3) - self._vnc_lib.security_group_update(sg2_obj) - self.check_security_group_id(sg2_obj.get_fq_name()) - self.check_acl_match_sg(sg2_obj.get_fq_name(), - 'egress-access-control-list', - sg2_obj.get_security_group_id()) - self.check_acl_match_sg(sg2_obj.get_fq_name(), - 'ingress-access-control-list', - sg2_obj.get_security_group_id()) - - #add one more ingress and egress - rule1['direction'] = 'ingress' - rule1['port_min'] = 1 - rule1['port_max'] = 100 - self._security_group_rule_append( - sg2_obj, self._security_group_rule_build( - rule1, sg2_obj.get_fq_name_str())) - rule1['direction'] = 'egress' - rule1['port_min'] = 101 - rule1['port_max'] = 200 - self._security_group_rule_append( - sg2_obj, self._security_group_rule_build( - rule1, sg2_obj.get_fq_name_str())) - self._vnc_lib.security_group_update(sg2_obj) - self.check_acl_match_sg(sg2_obj.get_fq_name(), - 'egress-access-control-list', - sg2_obj.get_security_group_id(), True) - self.check_acl_match_sg(sg2_obj.get_fq_name(), - 'ingress-access-control-list', - sg2_obj.get_security_group_id(), True) - - # duplicate security group id configured, vnc api allows - # isn't this a problem? - sg2_obj.set_configured_security_group_id(100) - self._vnc_lib.security_group_update(sg2_obj) - self.check_security_group_id(sg2_obj.get_fq_name(), 100) - - #sg id '0' is not allowed, should not get modified - sg1_obj.set_configured_security_group_id(0) - self._vnc_lib.security_group_update(sg1_obj) - self.check_security_group_id(sg1_obj.get_fq_name(), 8000001) - - # -ve security group id not allowed, should not get modified - sg1_obj.set_configured_security_group_id(-100) - self._vnc_lib.security_group_update(sg1_obj) - self.check_security_group_id(sg1_obj.get_fq_name(), -100) - - self._vnc_lib.security_group_delete(id=sg1_obj.uuid) - self._vnc_lib.security_group_delete(id=sg2_obj.uuid) - #end test_sg - - def test_delete_sg(self): - #create sg and associate egress rule and check acls - sg1_obj = self.security_group_create('sg-1', ['default-domain', - 'default-project']) - self.wait_to_get_sg_id(sg1_obj.get_fq_name()) - sg1_obj = self._vnc_lib.security_group_read(sg1_obj.get_fq_name()) - rule1 = {} - rule1['ip_prefix'] = None - rule1['protocol'] = 'any' - rule1['ether_type'] = 'IPv4' - rule1['sg_id'] = sg1_obj.get_security_group_id() - - rule1['direction'] = 'ingress' - rule1['port_min'] = 1 - rule1['port_max'] = 100 - rule_in_obj = self._security_group_rule_build(rule1, - sg1_obj.get_fq_name_str()) - rule1['direction'] = 'egress' - rule1['port_min'] = 101 - rule1['port_max'] = 200 - rule_eg_obj = self._security_group_rule_build(rule1, - sg1_obj.get_fq_name_str()) - - self._security_group_rule_append(sg1_obj, rule_in_obj) - self._security_group_rule_append(sg1_obj, rule_eg_obj) - self._vnc_lib.security_group_update(sg1_obj) - self.check_acl_match_sg(sg1_obj.get_fq_name(), - 'egress-access-control-list', - sg1_obj.get_security_group_id()) - self.check_acl_match_sg(sg1_obj.get_fq_name(), - 'ingress-access-control-list', - sg1_obj.get_security_group_id()) - - self._security_group_rule_remove(sg1_obj, rule_in_obj) - self._vnc_lib.security_group_update(sg1_obj) - self.check_acl_not_match_sg(sg1_obj.get_fq_name(), - 'ingress-access-control-list', - sg1_obj.get_security_group_id()) - self.check_acl_match_sg(sg1_obj.get_fq_name(), - 'egress-access-control-list', - sg1_obj.get_security_group_id()) - - self._security_group_rule_append(sg1_obj, rule_in_obj) - self._security_group_rule_remove(sg1_obj, rule_eg_obj) - self._vnc_lib.security_group_update(sg1_obj) - self.check_acl_match_sg(sg1_obj.get_fq_name(), - 'ingress-access-control-list', - sg1_obj.get_security_group_id()) - self.check_acl_not_match_sg(sg1_obj.get_fq_name(), - 'egress-access-control-list', - sg1_obj.get_security_group_id()) - - self._security_group_rule_remove(sg1_obj, rule_in_obj) - self._vnc_lib.security_group_update(sg1_obj) - self._vnc_lib.security_group_delete(fq_name=sg1_obj.get_fq_name()) - self.check_acl_not_match_sg(sg1_obj.get_fq_name(), - 'ingress-access-control-list', - sg1_obj.get_security_group_id()) - self.check_acl_not_match_sg(sg1_obj.get_fq_name(), - 'egress-access-control-list', - sg1_obj.get_security_group_id()) - #end test_delete_sg - - def test_asn(self): - # create vn1 - vn1_name = self.id() + 'vn1' - vn1_obj = self.create_virtual_network(vn1_name, '10.0.0.0/24') - ident_name = self.get_obj_imid(vn1_obj) - gevent.sleep(2) - ifmap_ident = self.assertThat(FakeIfmapClient._graph, Contains(ident_name)) - - self.check_ri_asn(self.get_ri_name(vn1_obj), 'target:64512:8000001') - - # create router1 - r1_name = self.id() + 'router1' - router1 = self.create_bgp_router(r1_name, 'contrail') - self.check_bgp_asn(router1.get_fq_name(), 64512) - - # create virtual machine interface - vmi_name = self.id() + 'vmi1' - vmi = VirtualMachineInterface(vmi_name, parent_type='project', - fq_name=['default-domain', - 'default-project', vmi_name]) - vmi.add_virtual_network(vn1_obj) - self._vnc_lib.virtual_machine_interface_create(vmi) - - # create logical router - lr_name = self.id() + 'lr1' - lr = LogicalRouter(lr_name) - lr.add_virtual_machine_interface(vmi) - self._vnc_lib.logical_router_create(lr) - self.check_lr_asn(lr.get_fq_name(), 'target:64512:8000002') - - #update global system config but dont change asn value for equality path - gs = self._vnc_lib.global_system_config_read( - fq_name=['default-global-system-config']) - gs.set_autonomous_system(64512) - self._vnc_lib.global_system_config_update(gs) - - # check route targets - self.check_ri_asn(self.get_ri_name(vn1_obj), 'target:64512:8000001') - self.check_bgp_asn(router1.get_fq_name(), 64512) - self.check_lr_asn(lr.get_fq_name(), 'target:64512:8000002') - - #update ASN value - gs = self._vnc_lib.global_system_config_read( - fq_name=[u'default-global-system-config']) - gs.set_autonomous_system(50000) - self._vnc_lib.global_system_config_update(gs) - - # check new route targets - self.check_ri_asn(self.get_ri_name(vn1_obj), 'target:50000:8000001') - self.check_bgp_asn(router1.get_fq_name(), 50000) - self.check_lr_asn(lr.get_fq_name(), 'target:50000:8000002') - - self._vnc_lib.logical_router_delete(id=lr.uuid) - self._vnc_lib.virtual_machine_interface_delete(id=vmi.uuid) - self._vnc_lib.virtual_network_delete(id=vn1_obj.uuid) - self.check_ri_is_deleted(fq_name=vn1_obj.fq_name+[vn1_obj.name]) - self._vnc_lib.bgp_router_delete(id=router1.uuid) - #end test_asn - def test_fip(self): # create vn1 vn1_name = self.id() + 'vn1' @@ -2392,7 +1242,7 @@ def test_fip(self): self.check_ri_ref_present(self.get_ri_name(vn2_obj, sc_ri_name), self.get_ri_name(vn2_obj)) - vmi_fq_name = 'default-domain:default-project:default-domain__default-project__test.test_service.TestPolicy.test_fips1__1__left__1' + vmi_fq_name = 'default-domain:default-project:default-domain__default-project__%s.test_fips1__1__left__1' % self._class_str() vmi = self._vnc_lib.virtual_machine_interface_read(vmi_fq_name.split(':')) vn3_name = 'vn-public' @@ -2511,7 +1361,7 @@ def test_interface_mirror(self): props = VirtualMachineInterfacePropertiesType() mirror_type = InterfaceMirrorType() mirror_act_type = MirrorActionType() - mirror_act_type.analyzer_name = 'default-domain:default-project:test.test_service.TestPolicy.test_interface_mirrors1' + mirror_act_type.analyzer_name = 'default-domain:default-project:%s.test_interface_mirrors1' % self._class_str() mirror_type.mirror_to = mirror_act_type props.interface_mirror = mirror_type vmi.set_virtual_machine_interface_properties(props) @@ -2805,147 +1655,4 @@ def test_misc(self): self.delete_network_policy(np) #end test_misc - - @retries(5) - def check_bgp_no_peering(self, router1, router2): - r1 = self._vnc_lib.bgp_router_read(fq_name=router1.get_fq_name()) - ref_names = [ref['to'] for ref in r1.get_bgp_router_refs() or []] - self.assertThat(ref_names, Not(Contains(router2.get_fq_name()))) - - def test_bgpaas(self): - # create vn1 - vn1_name = self.id() + 'vn1' - vn1_obj = self.create_virtual_network(vn1_name, - ['10.0.0.0/24', '1000::/16']) - - project_name = ['default-domain', 'default-project'] - project_obj = self._vnc_lib.project_read(fq_name=project_name) - port_name = self.id() + 'p1' - port_obj = VirtualMachineInterface(port_name, parent_obj=project_obj) - port_obj.add_virtual_network(vn1_obj) - self._vnc_lib.virtual_machine_interface_create(port_obj) - - v6_obj = InstanceIp(name=port_name+'-v6') - v6_obj.set_virtual_machine_interface(port_obj) - v6_obj.set_virtual_network(vn1_obj) - v6_obj.set_instance_ip_family('v6') - self._vnc_lib.instance_ip_create(v6_obj) - - v4_obj = InstanceIp(name=port_name+'-v4') - v4_obj.set_virtual_machine_interface(port_obj) - v4_obj.set_virtual_network(vn1_obj) - v4_obj.set_instance_ip_family('v4') - self._vnc_lib.instance_ip_create(v4_obj) - - bgpaas_name = self.id() + 'bgp1' - bgpaas = BgpAsAService(bgpaas_name, parent_obj=project_obj, - autonomous_system=64512) - bgpaas.add_virtual_machine_interface(port_obj) - self._vnc_lib.bgp_as_a_service_create(bgpaas) - - router1_name = vn1_obj.get_fq_name_str() + ':' + vn1_name + ':' + port_name - self.wait_to_get_object(config_db.BgpAsAServiceST, - bgpaas.get_fq_name_str()) - self.wait_to_get_object(config_db.BgpRouterST, router1_name) - server_fq_name = ':'.join(self.get_ri_name(vn1_obj)) + ':bgpaas-server' - self.wait_to_get_object(config_db.BgpRouterST, server_fq_name) - server_router_obj = self._vnc_lib.bgp_router_read(fq_name_str=server_fq_name) - - mx_bgp_router = self.create_bgp_router("mx-bgp-router", "contrail") - mx_bgp_router_name = mx_bgp_router.get_fq_name_str() - self.wait_to_get_object(config_db.BgpRouterST, mx_bgp_router_name) - mx_bgp_router = self._vnc_lib.bgp_router_read(fq_name_str=mx_bgp_router_name) - self.check_bgp_no_peering(server_router_obj, mx_bgp_router) - - router1_obj = self._vnc_lib.bgp_router_read(fq_name_str=router1_name) - self.assertEqual(router1_obj.get_bgp_router_parameters().address, - '10.0.0.252') - self.assertEqual(router1_obj.get_bgp_router_parameters().identifier, - '10.0.0.252') - - self.check_bgp_peering(server_router_obj, router1_obj, 1) - - v4_obj.set_instance_ip_address('10.0.0.60') - self._vnc_lib.instance_ip_update(v4_obj) - self.check_bgp_router_ip(router1_name, '10.0.0.60') - self.check_bgp_router_identifier(router1_name, '10.0.0.60') - - bgpaas.set_bgpaas_ip_address('10.0.0.70') - self._vnc_lib.bgp_as_a_service_update(bgpaas) - self.check_bgp_router_ip(router1_name, '10.0.0.70') - v4_obj.del_virtual_machine_interface(port_obj) - v4_obj.del_virtual_network(vn1_obj) - self._vnc_lib.instance_ip_delete(id=v4_obj.uuid) - self.check_bgp_router_ip(router1_name, '10.0.0.70') - self.check_bgp_router_identifier(router1_name, '10.0.0.70') - - port2_name = self.id() + 'p2' - port2_obj = VirtualMachineInterface(port2_name, parent_obj=project_obj) - port2_obj.add_virtual_network(vn1_obj) - self._vnc_lib.virtual_machine_interface_create(port2_obj) - bgpaas.add_virtual_machine_interface(port2_obj) - self._vnc_lib.bgp_as_a_service_update(bgpaas) - router2_name = vn1_obj.get_fq_name_str() + ':' + vn1_name + ':' + port2_name - self.wait_to_get_object(config_db.BgpRouterST, router2_name) - - router2_obj = self._vnc_lib.bgp_router_read(fq_name_str=router2_name) - self.check_bgp_peering(server_router_obj, router2_obj, 2) - self.check_bgp_peering(server_router_obj, router1_obj, 2) - - bgpaas.del_virtual_machine_interface(port_obj) - self._vnc_lib.bgp_as_a_service_update(bgpaas) - self.wait_to_delete_object(config_db.BgpRouterST, router1_name) - self._vnc_lib.bgp_as_a_service_delete(id=bgpaas.uuid) - self.wait_to_delete_object(config_db.BgpRouterST, router2_name) - - self._vnc_lib.instance_ip_delete(id=v6_obj.uuid) - self._vnc_lib.virtual_machine_interface_delete(id=port_obj.uuid) - self._vnc_lib.virtual_machine_interface_delete(id=port2_obj.uuid) - self._vnc_lib.virtual_network_delete(fq_name=vn1_obj.get_fq_name()) - self.check_ri_is_deleted(vn1_obj.fq_name+[vn1_obj.name]) - self._vnc_lib.bgp_router_delete(id=mx_bgp_router.uuid) - # end test_bgpaas - - def test_configured_targets(self): - # create vn1 - vn1_name = self.id() + 'vn1' - vn1_obj = self.create_virtual_network(vn1_name, '10.0.0.0/24') - self.wait_to_get_object(config_db.RoutingInstanceST, - vn1_obj.get_fq_name_str()+':'+vn1_name) - - rtgt_list = RouteTargetList(route_target=['target:1:1']) - vn1_obj.set_route_target_list(rtgt_list) - exp_rtgt_list = RouteTargetList(route_target=['target:2:1']) - vn1_obj.set_export_route_target_list(exp_rtgt_list) - imp_rtgt_list = RouteTargetList(route_target=['target:3:1']) - vn1_obj.set_import_route_target_list(imp_rtgt_list) - self._vnc_lib.virtual_network_update(vn1_obj) - - self.check_rt_in_ri(self.get_ri_name(vn1_obj), 'target:1:1', True) - self.check_rt_in_ri(self.get_ri_name(vn1_obj), 'target:2:1', True, 'export') - self.check_rt_in_ri(self.get_ri_name(vn1_obj), 'target:3:1', True, 'import') - - exp_rtgt_list.route_target.append('target:1:1') - vn1_obj.set_export_route_target_list(exp_rtgt_list) - self._vnc_lib.virtual_network_update(vn1_obj) - self.check_rt_in_ri(self.get_ri_name(vn1_obj), 'target:1:1', True) - self.check_rt_in_ri(self.get_ri_name(vn1_obj), 'target:2:1', True, 'export') - - imp_rtgt_list.route_target.append('target:1:1') - vn1_obj.set_import_route_target_list(imp_rtgt_list) - self._vnc_lib.virtual_network_update(vn1_obj) - self.check_rt_in_ri(self.get_ri_name(vn1_obj), 'target:1:1', True) - self.check_rt_in_ri(self.get_ri_name(vn1_obj), 'target:3:1', True, 'import') - - exp_rtgt_list = RouteTargetList(route_target=['target:2:1']) - vn1_obj.set_export_route_target_list(exp_rtgt_list) - imp_rtgt_list = RouteTargetList(route_target=['target:3:1']) - vn1_obj.set_import_route_target_list(imp_rtgt_list) - self._vnc_lib.virtual_network_update(vn1_obj) - self.check_rt_in_ri(self.get_ri_name(vn1_obj), 'target:1:1', True) - self.check_rt_in_ri(self.get_ri_name(vn1_obj), 'target:2:1', True, 'export') - self.check_rt_in_ri(self.get_ri_name(vn1_obj), 'target:3:1', True, 'import') - - self._vnc_lib.virtual_network_delete(id=vn1_obj.uuid) - self.check_ri_is_deleted(fq_name=vn1_obj.fq_name+[vn1_obj.name]) -# end class TestRouteTable +# end class TestServicePolicy