R1.06

fixtures/nova_test.py

@@ -358,7 +358,7 @@ def get_vm_list(self, name_pattern='', project_id=None):
         final_vm_list = []
         vm_list = self.obj.servers.list(search_opts={"all_tenants": True})
         for vm_obj in vm_list:
-            match_obj = re.match(r'%s' %
+            match_obj = re.match(r'^%s$' %
                                  name_pattern, vm_obj.name, re.M | re.I)
             if project_id:
                 if match_obj and vm_obj.tenant_id == self.strip(project_id):

fixtures/svc_instance_fixture.py

@@ -153,6 +153,8 @@ def verify_st(self):
     @retry(delay=10, tries=15)
     def verify_svm(self):
         """check Service VM"""
+	self.cs_si = self.api_s_inspect.get_cs_si(
+            project=self.project_name, si=self.si_name, refresh=True)
         try:
             self.vm_refs = self.cs_si[
                 'service-instance']['virtual_machine_back_refs']

scripts/flow_tests/sdn_flow_test_topo.py

@@ -164,6 +164,140 @@ def build_topo_project1(self, domain='default-domain', project='project1', usern
 
 # end sdn_flow_test_topo_single_project
 
+################################################################################
+class sdn_4vn_xvm_config ():
+    def __init__(self):
+        print "building dynamic topo"
+    # end __init__
+
+    def build_topo_admin (self, domain= 'default-domain', project= 'admin', compute_node_list= None, username= None, password= None):
+        ##
+        # Domain and project defaults: Do not change until support for non-default is tested!
+        self.domain= domain; self.project= project; self.username= username; self.password= password
+        ##
+        # Define VN's in the project:
+        self.vnet_list=  ['vnet1','vnet2', 'vnet3', 'vnet4']
+        ##
+        # Define network info for each VN:
+        self.vn_nets=  {'vnet1': ['10.1.1.0/24', '11.1.1.0/24'], 'vnet2': ['10.1.2.0/24', '11.1.2.0/24'], 'vnet3': ['10.1.3.0/24', '11.1.3.0/24'], 'vnet4': ['10.1.4.0/24', '11.1.4.0/24']}
+        ##
+        # Define network policies
+        self.policy_list=  ['policy0', 'policy1', 'policy100']
+        self.vn_policy=  {'vnet1': ['policy0'], 'vnet2': ['policy0'],'vnet3':['policy0'],'vnet4':['policy0']}
+
+        self.vn_of_vm= {'vm1': 'vnet1', 'vm2': 'vnet1', 'vm3': 'vnet1', 'vm4': 'vnet2', 'vm5': 'vnet2',
+                        'vm6': 'vnet3', 'vm7': 'vnet3', 'vm8': 'vnet3', 'vm9': 'vnet4', 'vm10': 'vnet4','vm11':'vnet4','vm12':'vnet3'}
+
+        #Define the vm to compute node mapping to pin a vm to a particular
+        #compute node or else leave empty.
+        self.vm_node_map = {}
+        if compute_node_list is not None:
+            if len(compute_node_list) == 2:
+                self.vm_node_map = {'vm1':'CN0', 'vm2':'CN0', 'vm3':'CN1', 'vm4':'CN0', 'vm5':'CN1',
+                                    'vm6':'CN0', 'vm7':'CN0', 'vm8':'CN1', 'vm9':'CN0', 'vm10':'CN1','vm11':'CN0','vm12':'CN1'}
+            elif len(compute_node_list) > 2:
+               self.vm_node_map = {'vm1':'CN0', 'vm2':'CN0', 'vm3':'CN2', 'vm4':'CN0', 'vm5':'CN1', 'vm6':'CN0',
+                                   'vm7':'CN0', 'vm8':'CN2', 'vm9':'CN0', 'vm10':'CN1', 'vm11':'CN0','vm12':'CN1'}
+
+        #Logic to create a vm to Compute node mapping.
+        if self.vm_node_map:
+            CN = []
+            for cn in self.vm_node_map.keys():
+                if self.vm_node_map[cn] not in CN:
+                    CN.append(self.vm_node_map[cn])
+            my_node_dict = {}
+            if compute_node_list is not None:
+                if len(compute_node_list) >= len(CN):
+                    my_node_dict = dict(zip(CN, compute_node_list))
+
+            if my_node_dict:
+                for key in my_node_dict:
+                    for key1 in self.vm_node_map:
+                        if self.vm_node_map[key1] == key:
+                            self.vm_node_map[key1] = my_node_dict[key]
+
+        ##
+        # Define network policy rules
+        self.rules= {}
+        # Multiple policies are defined with different action for the test traffic streams..
+        self.policy_test_order= ['policy0', 'policy1', 'policy0']
+        self.rules['policy0']= [
+            {'direction': '<>', 'protocol': 'any', 'dest_network': 'any', 'source_network': 'any', 'dst_ports': 'any', 'simple_action': 'pass', 'src_ports': 'any'}]
+        self.rules['policy1']= [
+            {'direction': '<>', 'protocol': 'udp', 'dest_network': 'vnet1', 'source_network': 'vnet0', 'dst_ports': 'any', 'simple_action': 'pass', 'src_ports': 'any'},
+            {'direction': '<>', 'protocol': 'udp', 'dest_network': 'vnet2', 'source_network': 'vnet0', 'dst_ports': 'any', 'simple_action': 'pass', 'src_ports': 'any'}]
+        self.rules['policy100']= [
+            {'direction': '<>', 'protocol': 'udp', 'dest_network': 'any', 'source_network': 'any', 'dst_ports': 'any', 'simple_action': 'pass', 'src_ports': 'any'}]
+
+        #Define the security_group and its rules
+        # Define security_group name
+        self.sg_list=['sg_allow_all', 'sg_allow_tcp', 'sg_allow_udp', 'sg_allow_icmp', 'sg_allow_udp_sg']
+        self.sg_names = self.sg_list[:]
+        ##
+        #Define security_group with vm
+        self.sg_of_vm = {}
+        for key in self.vn_of_vm:
+           self.sg_of_vm[key] = []
+        self.sg_of_vm['vm6'] = [self.sg_list[4]]; self.sg_of_vm['vm9'] = [self.sg_list[4]]; self.sg_of_vm['vm10'] = [self.sg_list[4]];
+        self.sg_of_vm['vm11'] = [self.sg_list[4]]; self.sg_of_vm['vm12'] = [self.sg_list[4]];
+        ##Define the security group rules
+        import uuid
+        uuid_1= uuid.uuid1().urn.split(':')[2]
+        uuid_2= uuid.uuid1().urn.split(':')[2]
+        self.sg_rules={}
+        for sg in self.sg_list:
+            self.sg_rules[sg] = []
+        self.sg_rules[self.sg_list[2]]=[
+               {'direction' : '>',
+                 'protocol' : 'udp',
+                 'dst_addresses': [{'security_group': 'local', 'subnet' : None}],
+                 'dst_ports': [{'start_port' : 0, 'end_port' : 65535}],
+                 'src_ports': [{'start_port' : 0, 'end_port' : 65535}],
+                 'src_addresses': [{'subnet' : {'ip_prefix' : '0.0.0.0', 'ip_prefix_len' : 0}}],
+                 'rule_uuid': uuid_1
+               },{'direction' : '>',
+                 'protocol' : 'any',
+                 'src_addresses': [{'security_group': 'local', 'subnet' : None}],
+                 'dst_ports': [{'start_port' : 0, 'end_port' : 65535}],
+                 'src_ports': [{'start_port' : 0, 'end_port' : 65535}],
+                 'dst_addresses': [{'subnet' : {'ip_prefix' : '0.0.0.0', 'ip_prefix_len' : 0}}],'rule_uuid': uuid_2}]
+
+        self.sg_rules[self.sg_list[4]]=[
+               {'direction' : '>',
+                 'protocol' : 'udp',
+                 'dst_addresses': [{'security_group': 'local', 'subnet' : None}],
+                 'dst_ports': [{'start_port' : 0, 'end_port' : 65535}],
+                 'src_ports': [{'start_port' : 0, 'end_port' : 65535}],
+                 'src_addresses': [{'security_group': self.domain + ':'+ self.project+ ':'+ self.sg_list[4]}],
+                 'rule_uuid': uuid_1
+               },{'direction' : '>',
+                 'protocol' : 'any',
+                 'src_addresses': [{'security_group': 'local', 'subnet' : None}],
+                 'dst_ports': [{'start_port' : 0, 'end_port' : 65535}],
+                 'src_ports': [{'start_port' : 0, 'end_port' : 65535}],
+                 'dst_addresses': [{'subnet' : {'ip_prefix' : '0.0.0.0', 'ip_prefix_len' : 0}}],'rule_uuid': uuid_2}]
+
+        ##
+        # Define traffic profile.
+        self.traffic_profile= [{'src_vm':'vm1', 'dst_vm':'vm2', 'proto':'udp', 'sport':8000, 'dport':9000, 'exp':'pass'},# intra VN, intra compute, same default SG
+                               {'src_vm':'vm1', 'dst_vm':'vm3', 'proto':'udp', 'sport':8000, 'dport':9000, 'exp':'pass'},# intra VN, inter compute, same default SG
+                               {'src_vm':'vm1', 'dst_vm':'vm5', 'proto':'udp', 'sport':8000, 'dport':9000, 'exp':'pass'},# inter VN, inter compute, same default SG
+                               {'src_vm':'vm1', 'dst_vm':'vm4', 'proto':'udp', 'sport':8000, 'dport':9000, 'exp':'pass'},# inter VN, intra compute, same default SG
+                               {'src_vm':'vm6', 'dst_vm':'vm7', 'proto':'udp', 'sport':8000, 'dport':9000, 'exp':'fail'},# intra VN, intra compute, diff. SG
+                               {'src_vm':'vm6', 'dst_vm':'vm8', 'proto':'udp', 'sport':8000, 'dport':9000, 'exp':'fail'},# intra VN, inter compute, diff. SG
+                               {'src_vm':'vm6', 'dst_vm':'vm5', 'proto':'udp', 'sport':8000, 'dport':9000, 'exp':'fail'},# inter VN, inter compute, diff. SG
+                               {'src_vm':'vm6', 'dst_vm':'vm4', 'proto':'udp', 'sport':8000, 'dport':9000, 'exp':'fail'},# inter VN, intra compute, diff. SG
+                               {'src_vm':'vm9', 'dst_vm':'vm11','proto':'udp','sport':8000,'dport':9000,'exp':'pass'},# intra VN, intra compute, same non-default SG
+                               {'src_vm':'vm9', 'dst_vm':'vm10','proto':'udp','sport':8000,'dport':9000,'exp':'pass'},# intra VN, inter compute, same non-default SG
+                               {'src_vm':'vm9', 'dst_vm':'vm12','proto':'udp','sport':8000,'dport':9000,'exp':'pass'},# inter VN, inter compute, same non-default SG
+                               {'src_vm':'vm9', 'dst_vm':'vm6', 'proto':'udp','sport':8000,'dport':9000,'exp':'pass'}]# inter VN, intra compute, same non-default SG
+
+        return self
+        # end build_topo
+# end class sdn_4vn_xvm_config
+################################################################################
+
+
 if __name__ == '__main__':
     print "Currently topology limited to one domain/project.."
     print "Based on need, can be extended to cover config for multiple domain/projects"

scripts/flow_tests/sdn_flow_tests.py

@@ -38,6 +38,7 @@
 import threading
 import socket
 import flow_test_utils
+from securitygroup.verify import *
 
 class sdnFlowTest(flow_test_utils.VerifySvcMirror, testtools.TestCase, fixtures.TestWithFixtures):
 
@@ -332,6 +333,48 @@ def generate_udp_flows_and_do_verification(self, traffic_profile, build_version)
         return True
     # end generate_udp_flows_and_do_verification
 
+    def start_traffic_and_verify(self, topo, config_topo, prto=None, sprt=None, dprt=None, expt=None, start=0, end=None):
+        results = []
+        if not end:
+            end = len(topo.traffic_profile) - 1
+        for i in range(start, end+1):
+            sender = (config_topo['vm'][topo.traffic_profile[i]['src_vm']], topo.sg_of_vm[topo.traffic_profile[i]['src_vm']])
+            receiver = (config_topo['vm'][topo.traffic_profile[i]['dst_vm']], topo.sg_of_vm[topo.traffic_profile[i]['dst_vm']])
+            if not sprt:
+                sport = topo.traffic_profile[i]['sport']
+            else:
+                sport = sprt
+            if not dprt:
+                dport = topo.traffic_profile[i]['dport']
+            else:
+                dport = dprt
+            if not prto:
+                proto = topo.traffic_profile[i]['proto']
+            else:
+                proto = prto
+            if not expt:
+                exp = topo.traffic_profile[i]['exp']
+            else:
+                exp = expt
+            self.vsg_obj = VerifySecGroup()
+            self.vsg_obj.logger = self.inputs.logger
+            self.vsg_obj.inputs = self.inputs
+            results.append(self.vsg_obj.assert_traffic(sender, receiver, proto, sport, dport, exp))
+            results.append(self.vsg_obj.assert_traffic(receiver, sender, proto, sport, dport, exp))
+
+        errmsg = ''
+        for (rc, msg) in results:
+            if rc:
+                self.logger.debug(msg)
+            else:
+                errmsg += msg + '\n'
+        if errmsg:
+            assert False, errmsg
+
+    def attach_remove_sg_edit_sg_verify_traffic(self, topo, config_topo):
+        sdnFlowTest.start_traffic_and_verify(self, topo, config_topo)
+        sdnFlowTest.start_traffic_and_verify(self, topo, config_topo, prto='tcp',expt='fail',start=4)
+        sdnFlowTest.start_traffic_and_verify(self, topo, config_topo, prto='icmp',expt='fail',start=4)
 
     def generate_udp_flows(self, traffic_profile, build_version):
         """ Routine to generate UDP flows by calling the start_traffic routine in a thread ..
@@ -559,4 +602,50 @@ def test_flow_multi_projects(self):
         return True
     # end test_flow_multi_projects
 
+    @preposttest_wrapper
+    def test_SG(self):
+        """Tests SG and rules to check if traffic is allowed as per rules in SG"""
+
+        self.inputs.fixture_cleanup= 'no'
+	topology_class_name = None
+        '''topo_obj = sdn_flow_test_topo.sdn_4vn_xvm_config()
+        topo= topo_obj.build_topo(compute_node_list=self.inputs.compute_ips)
+
+        setup_obj= self.useFixture(sdnTopoSetupFixture(self.connections, topo))
+        out= setup_obj.topo_setup(VmToNodeMapping= topo.vm_node_map,skip_verify= 'yes')'''
+
+	#
+        # Get config for test from topology
+        import system_test_topo
+        result = True
+        msg = []
+        if not topology_class_name:
+            topology_class_name = sdn_flow_test_topo.sdn_4vn_xvm_config 
+
+        self.logger.info("Scenario for the test used is: %s" %
+                         (topology_class_name))
+        #
+        topo_obj = topology_class_name()
+        #
+        # Test setup: Configure policy, VN, & VM
+        # return {'result':result, 'msg': err_msg, 'data': [self.topo, config_topo]}
+        # Returned topo is of following format:
+        # config_topo= {'policy': policy_fixt, 'vn': vn_fixture, 'vm': vm_fixture}
+        out = self.useFixture(
+            sdnTopoSetupFixture(self.connections, topo_obj))
+        self.assertEqual(out.result, True, out.msg)
+        if out.result == True:
+            topo_objs, config_topo = out.data
+            self.topo_objs = topo_objs
+            self.config_topo = config_topo
+
+	print "******self.topo_objs:*****"
+	print self.topo_objs
+	print "******topo_obj******"
+	print topo_obj
+        sdnFlowTest.attach_remove_sg_edit_sg_verify_traffic(self, self.topo_objs[self.inputs.project_name], self.config_topo[self.inputs.project_name])
+
+        return True
+    #end test_SG
+
 # end sdnFlowTest

scripts/flow_tests/system_test_topo.py

@@ -141,16 +141,13 @@ def build_topo_project1(self, domain='default-domain', project='project1', usern
         self.si_params[self.si_list[0]] = {'svc_template':self.st_list[0], 'if_list':self.st_params[self.st_list[0]]['if_list'], 'left_vn':None}
         self.si_params[self.si_list[1]] = {'svc_template':self.st_list[1], 'if_list':self.st_params[self.st_list[1]]['if_list'], 'left_vn':None}
 
-        self.pol_si= {self.policy_list[1]:self.si_list[0], self.policy_list[2]:self.si_list[1]}
-        self.si_pol = {self.si_list[0]:self.policy_list[1], self.si_list[1]:self.policy_list[2]}
-
-        # Define security_group name
+	# Define security_group name
         self.sg_list = ['test_sg_p1']
         #
         # Define security_group with vm
         self.sg_of_vm = {
-            'vmc1': 'test_sg_p1', 'vmc2': 'test_sg_p1', 'vmc3': 'test_sg_p1', 'vmc4': 'test_sg_p1', 'vmc5': 'test_sg_p1',
-            'vmc6': 'test_sg_p1', 'vmc7': 'test_sg_p1', 'vmc8': 'test_sg_p1', 'vmc9': 'test_sg_p1', 'vmd10': 'test_sg_p1'}
+            'vmc1': ['test_sg_p1'], 'vmc2': ['test_sg_p1'], 'vmc3': ['test_sg_p1'], 'vmc4': ['test_sg_p1'], 'vmc5': ['test_sg_p1'],
+            'vmc6': ['test_sg_p1'], 'vmc7': ['test_sg_p1'], 'vmc8': ['test_sg_p1'], 'vmc9': ['test_sg_p1'], 'vmd10': ['test_sg_p1']}
         # Define the security_group rules
         import uuid
         uuid_1 = uuid.uuid1().urn.split(':')[2]

scripts/policy_test_helper.py

@@ -206,18 +206,7 @@ def tx_quantum_rules_to_aces(no_of_rules, fq_vn):
             rule['proto_l'] = {'max': str(rule['proto_l']),
                                'min': str(rule['proto_l'])}
 
-    # step 3: expanding rules if bidir rule
-    for rule in user_rules_tx:
-        if rule['direction'] == '<>':
-            rule['direction'] = '>'
-            pos = user_rules_tx.index(rule)
-            new_rule = copy.deepcopy(rule)
-            # update newly copied rule: swap address/ports & insert
-            new_rule['src'], new_rule['dst'] = new_rule['dst'], new_rule['src']
-            new_rule['src_port_l'], new_rule['dst_port_l'] = new_rule[
-                'dst_port_l'], new_rule['src_port_l'],
-            user_rules_tx.insert(pos + 1, new_rule)
-    # step 4: if the rules are  unidirectional
+    # step 3: if the rules are  unidirectional
     for rule in user_rules_tx:
         if rule['direction'] == '>':
             if (rule['src'] != rule['dst']):
@@ -232,6 +221,19 @@ def tx_quantum_rules_to_aces(no_of_rules, fq_vn):
                 uni_rule['simple_action'] = 'deny'
                 uni_rule['action_l'] = ['deny']
                 break
+
+    # step 4: expanding rules if bidir rule
+    for rule in user_rules_tx:
+        if rule['direction'] == '<>':
+            rule['direction'] = '>'
+            pos = user_rules_tx.index(rule)
+            new_rule = copy.deepcopy(rule)
+            # update newly copied rule: swap address/ports & insert
+            new_rule['src'], new_rule['dst'] = new_rule['dst'], new_rule['src']
+            new_rule['src_port_l'], new_rule['dst_port_l'] = new_rule[
+                'dst_port_l'], new_rule['src_port_l'],
+            user_rules_tx.insert(pos + 1, new_rule)
+
     return (user_rules_tx, uni_rule)
 
 # end of tx_quantum_rules_to_aces

scripts/project_setup.py

@@ -76,6 +76,8 @@ def setUp(self):
         topo_helper_obj = topology_helper(self.topo)
         self.topo.vmc_list = topo_helper_obj.get_vmc_list()
         self.topo.policy_vn = topo_helper_obj.get_policy_vn()
+	self.topo.pol_si = topo_helper_obj.get_si_of_pol()
+	self.topo.si_pol = topo_helper_obj.get_pol_of_si()
         self.logger.info("Starting setup")
         topo_steps.createProject(self)
         topo_steps.createSec_group(self, option=self.config_option)