diff --git a/test/integration/smoke/test_network_acl.py b/test/integration/smoke/test_network_acl.py index 3ed45be9cd0..4b3c1f70b67 100644 --- a/test/integration/smoke/test_network_acl.py +++ b/test/integration/smoke/test_network_acl.py @@ -24,96 +24,154 @@ from marvin.integration.lib.base import * from marvin.integration.lib.common import * from nose.plugins.attrib import attr +class Services: + def __init__(self): + self.services = { + "account": { + "email": "test@test.com", + "firstname": "Test", + "lastname": "User", + "username": "test", + "password": "password", + }, + "virtual_machine": { + "displayname": "Test VM", + "username": "root", + "password": "password", + "ssh_port": 22, + "hypervisor": 'XenServer', + "privateport": 22, + "publicport": 22, + "protocol": 'TCP', + }, + "ostype": 'CentOS 5.3 (64-bit)', + "service_offering": { + "name": "Tiny Instance", + "displaytext": "Tiny Instance", + "cpunumber": 1, + "cpuspeed": 100, + "memory": 256, + }, + "network_offering": { + "name": "Network offering for internal lb service", + "displaytext": "Network offering for internal lb service", + "guestiptype": "Isolated", + "traffictype": "Guest", + "supportedservices": "Vpn,Dhcp,Dns,Lb,UserData,SourceNat,StaticNat,PortForwarding,NetworkACL", + "serviceProviderList": { + "Dhcp": "VpcVirtualRouter", + "Dns": "VpcVirtualRouter", + "Vpn": "VpcVirtualRouter", + "UserData": "VpcVirtualRouter", + "Lb": "InternalLbVM", + "SourceNat": "VpcVirtualRouter", + "StaticNat": "VpcVirtualRouter", + "PortForwarding": "VpcVirtualRouter", + "NetworkACL": "VpcVirtualRouter", + }, + "serviceCapabilityList": { + "SourceNat": {"SupportedSourceNatTypes": "peraccount"}, + "Lb": {"lbSchemes": "internal", "SupportedLbIsolation": "dedicated"} + } + } + } + + class TestNetworkACL(cloudstackTestCase): - networkOfferingId = 11 - networkId = None - vmId = None - vpcId = None - aclId = None - zoneId = 1 - serviceOfferingId = 1 - templateId = 5 + @classmethod + def setUpClass(cls): + cls.apiclient = super(TestNetworkACL, cls).getClsTestClient().getApiClient() + cls.services = Services().services + cls.zone = get_zone(cls.apiclient, cls.services) + cls.domain = get_domain(cls.apiclient) + cls.service_offering = ServiceOffering.create( + cls.apiclient, + cls.services["service_offering"] + ) + cls.account = Account.create(cls.apiclient, services=cls.services["account"]) + cls.template = get_template( + cls.apiclient, + cls.zone.id, + cls.services["ostype"] + ) + cls.debug("Successfully created account: %s, id: \ + %s" % (cls.account.name,\ + cls.account.id)) + cls.cleanup = [cls.account] - def setUp(self): - self.apiClient = self.testClient.getApiClient() - - - @attr(tags=["advanced"]) - def test_networkAcl(self): + def test_network_acl(self): + """Test network ACL lists and items in VPC""" + + # 0) Get the default network offering for VPC + networkOffering = NetworkOffering.list(self.apiclient, name="DefaultIsolatedNetworkOfferingForVpcNetworks") + self.assert_(networkOffering is not None and len(networkOffering) > 0, "No VPC based network offering") # 1) Create VPC - self.createVPC() + vpcOffering = VpcOffering.list(self.apiclient) + self.assert_(vpcOffering is not None and len(vpcOffering)>0, "No VPC offerings found") + self.services["vpc"] = {} + self.services["vpc"]["name"] = "vpc-networkacl" + self.services["vpc"]["displaytext"] = "vpc-networkacl" + self.services["vpc"]["cidr"] = "10.1.1.0/24" + vpc = VPC.create( + apiclient=self.apiclient, + services=self.services["vpc"], + networkDomain="vpc.networkacl", + vpcofferingid=vpcOffering[0].id, + zoneid=self.zone.id, + account=self.account.name, + domainid=self.domain.id + ) + self.assert_(vpc is not None, "VPC creation failed") - # 2) Create ACl - self.createACL() + # 2) Create ACL + aclgroup = NetworkACLList.create(apiclient=self.apiclient, services={}, name="acl", description="acl", vpcid=vpc.id) + self.assertIsNotNone(aclgroup, "Failed to create NetworkACL list") + self.debug("Created a network ACL list %s" % aclgroup.name) - # 3) Create ACl Item - self.createACLItem() + # 3) Create ACL Item + aclitem = NetworkACL.create(apiclient=self.apiclient, services={}, + protocol="TCP", number="10", action="Deny", aclid=aclgroup.id, cidrlist=["0.0.0.0/0"]) + self.assertIsNotNone(aclitem, "Network failed to aclItem") + self.debug("Added a network ACL %s to ACL list %s" % (aclitem.id, aclgroup.name)) # 4) Create network with ACL - self.createNetwork() + self.services["vpcnetwork"] = {} + self.services["vpcnetwork"]["name"] = "vpcntwk" + self.services["vpcnetwork"]["displaytext"] = "vpcntwk" + ntwk = Network.create( + apiclient=self.apiclient, + services=self.services["vpcnetwork"], + accountid=self.account.name, + domainid=self.domain.id, + networkofferingid=networkOffering[0].id, + zoneid=self.zone.id, + vpcid=vpc.id, + aclid=aclgroup.id, + gateway="10.1.1.1", + netmask="255.255.255.192" + ) + self.assertIsNotNone(ntwk, "Network failed to create") + self.debug("Network %s created in VPC %s" %(ntwk.id, vpc.id)) + # 5) Deploy a vm - self.deployVm() + self.services["virtual_machine"]["networkids"] = ntwk.id + vm = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"], + templateid=self.template.id, + zoneid=self.zone.id, + accountid=self.account.name, + domainid= self.domain.id, + serviceofferingid=self.service_offering.id, + ) + self.assert_(vm is not None, "VM failed to deploy") + self.assert_(vm.state == 'Running', "VM is not running") + self.debug("VM %s deployed in VPC %s" %(vm.id, vpc.id)) - def createACL(self): - createAclCmd = createNetworkACLList.createNetworkACLListCmd() - createAclCmd.name = "acl1" - createAclCmd.description = "new acl" - createAclCmd.vpcId = TestNetworkACL.vpcId - createAclResponse = self.apiClient.createNetworkACLList(createAclCmd) - TestNetworkACL.aclId = createAclResponse.id - - def createACLItem(self): - createAclItemCmd = createNetworkACL.createNetworkACLCmd() - createAclItemCmd.cidr = "0.0.0.0/0" - createAclItemCmd.protocol = "TCP" - createAclItemCmd.number = "10" - createAclItemCmd.action = "Deny" - createAclItemCmd.aclId = TestNetworkACL.aclId - createAclItemResponse = self.apiClient.createNetworkACL(createAclItemCmd) - self.assertIsNotNone(createAclItemResponse.id, "Network failed to aclItem") - - def createVPC(self): - createVPCCmd = createVPC.createVPCCmd() - createVPCCmd.name = "new vpc" - createVPCCmd.cidr = "10.1.1.0/24" - createVPCCmd.displaytext = "new vpc" - createVPCCmd.vpcofferingid = 1 - createVPCCmd.zoneid = self.zoneId - createVPCResponse = self.apiClient.createVPC(createVPCCmd) - TestNetworkACL.vpcId = createVPCResponse.id - - - def createNetwork(self): - createNetworkCmd = createNetwork.createNetworkCmd() - createNetworkCmd.name = "vpc network" - createNetworkCmd.displaytext = "vpc network" - createNetworkCmd.netmask = "255.255.255.0" - createNetworkCmd.gateway = "10.1.1.1" - createNetworkCmd.zoneid = self.zoneId - createNetworkCmd.vpcid = TestNetworkACL.vpcId - createNetworkCmd.networkofferingid = TestNetworkACL.networkOfferingId - createNetworkCmd.aclId = TestNetworkACL.aclId - createNetworkResponse = self.apiClient.createNetwork(createNetworkCmd) - TestNetworkACL.networkId = createNetworkResponse.id - - self.assertIsNotNone(createNetworkResponse.id, "Network failed to create") - - def deployVm(self): - deployVirtualMachineCmd = deployVirtualMachine.deployVirtualMachineCmd() - deployVirtualMachineCmd.networkids = TestNetworkACL.networkId - deployVirtualMachineCmd.serviceofferingid = TestNetworkACL.serviceOfferingId - deployVirtualMachineCmd.zoneid = TestNetworkACL.zoneId - deployVirtualMachineCmd.templateid = TestNetworkACL.templateId - deployVirtualMachineCmd.hypervisor = "XenServer" - deployVMResponse = self.apiClient.deployVirtualMachine(deployVirtualMachineCmd) - TestNetworkACL.vmId = deployVMResponse.id - - def tearDown(self): - #destroy the vm - if TestNetworkACL.vmId is not None: - destroyVirtualMachineCmd = destroyVirtualMachine.destroyVirtualMachineCmd() - destroyVirtualMachineCmd.id = TestNetworkACL.vmId - destroyVirtualMachineResponse = self.apiClient.destroyVirtualMachine(destroyVirtualMachineCmd) + @classmethod + def tearDownClass(cls): + try: + cleanup_resources(cls.apiclient, cls.cleanup) + except Exception, e: + raise Exception("Cleanup failed with %s" % e) diff --git a/tools/marvin/marvin/integration/lib/base.py b/tools/marvin/marvin/integration/lib/base.py index 5daacbb7cea..503ed6446f5 100755 --- a/tools/marvin/marvin/integration/lib/base.py +++ b/tools/marvin/marvin/integration/lib/base.py @@ -1800,7 +1800,7 @@ class Network: def create(cls, apiclient, services, accountid=None, domainid=None, networkofferingid=None, projectid=None, subdomainaccess=None, zoneid=None, - gateway=None, netmask=None, vpcid=None, guestcidr=None): + gateway=None, netmask=None, vpcid=None, aclid=None, guestcidr=None): """Create Network for account""" cmd = createNetwork.createNetworkCmd() cmd.name = services["name"] @@ -1846,6 +1846,8 @@ class Network: cmd.guestcidr = guestcidr if vpcid: cmd.vpcid = vpcid + if aclid: + cmd.aclid = aclid return Network(apiclient.createNetwork(cmd).__dict__) def delete(self, apiclient): @@ -1888,25 +1890,55 @@ class NetworkACL: self.__dict__.update(items) @classmethod - def create(cls, apiclient, networkid, services, traffictype=None): + def create(cls, apiclient, services, networkid=None, protocol=None, + number=None, aclid=None, action='Allow', traffictype=None, cidrlist=[]): """Create network ACL rules(Ingress/Egress)""" cmd = createNetworkACL.createNetworkACLCmd() - cmd.networkid = networkid + if "networkid" in services: + cmd.networkid = services["networkid"] + elif networkid: + cmd.networkid = networkid + if "protocol" in services: cmd.protocol = services["protocol"] + if services["protocol"] == 'ICMP': + cmd.icmptype = -1 + cmd.icmpcode = -1 + elif protocol: + cmd.protocol = protocol - if services["protocol"] == 'ICMP': - cmd.icmptype = -1 - cmd.icmpcode = -1 - else: + if "startport" in services: cmd.startport = services["startport"] + if "endport" in services: cmd.endport = services["endport"] - cmd.cidrlist = services["cidrlist"] - if traffictype: + if "cidrlist" in services: + cmd.cidrlist = services["cidrlist"] + elif cidrlist: + cmd.cidrlist = cidrlist + + if "traffictype" in services: + cmd.traffictype = services["traffictype"] + elif traffictype: cmd.traffictype = traffictype - # Defaulted to Ingress + + if "action" in services: + cmd.action = services["action"] + elif action: + cmd.action = action + + if "number" in services: + cmd.number = services["number"] + elif number: + cmd.number = number + + if "aclid" in services: + cmd.aclid = services["aclid"] + elif aclid: + cmd.aclid = aclid + + # Defaulted to Ingress return NetworkACL(apiclient.createNetworkACL(cmd).__dict__) def delete(self, apiclient): @@ -1925,6 +1957,50 @@ class NetworkACL: return(apiclient.listNetworkACLs(cmd)) +class NetworkACLList: + """Manage Network ACL lists lifecycle""" + + def __init__(self, items): + self.__dict__.update(items) + + @classmethod + def create(cls, apiclient, services, name=None, description=None, vpcid=None): + """Create network ACL container list""" + + cmd = createNetworkACLList.createNetworkACLListCmd() + if "name" in services: + cmd.name = services["name"] + elif name: + cmd.name = name + + if "description" in services: + cmd.description = services["description"] + elif description: + cmd.description = description + + if "vpcid" in services: + cmd.vpcid = services["vpcid"] + elif vpcid: + cmd.vpcid = vpcid + + return NetworkACLList(apiclient.createNetworkACLList(cmd).__dict__) + + def delete(self, apiclient): + """Delete network acl list""" + + cmd = deleteNetworkACLList.deleteNetworkACLListCmd() + cmd.id = self.id + return apiclient.deleteNetworkACLList(cmd) + + @classmethod + def list(cls, apiclient, **kwargs): + """List Network ACL lists""" + + cmd = listNetworkACLLists.listNetworkACLListsCmd() + [setattr(cmd, k, v) for k, v in kwargs.items()] + return(apiclient.listNetworkACLLists(cmd)) + + class Vpn: """Manage VPN life cycle"""