From cd8c3e97f594639292075d9a704dc7c382a103ca Mon Sep 17 00:00:00 2001 From: Wilder Rodrigues Date: Sat, 10 Oct 2015 12:02:47 +0200 Subject: [PATCH] CLOUDSTACK-8934 - Fix the AclIP class to make it configure the default FW policy --- .../VirtualNetworkApplianceManagerImpl.java | 2 +- .../debian/config/opt/cloud/bin/configure.py | 8 +++- .../component/test_routers_network_ops.py | 45 +++++++++---------- 3 files changed, 30 insertions(+), 25 deletions(-) diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java index 9eda2a2cdab..f0e5f0916b9 100644 --- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java @@ -1975,7 +1975,7 @@ Configurable, StateListener { final NetworkOfferingVO offering = _networkOfferingDao.findById(network.getNetworkOfferingId()); final Boolean defaultEgressPolicy = offering.getEgressDefaultPolicy(); - // The default on the router is set to Deny all. So, if the default configuration in the offering is set to treu (Allow), we change the Egress here + // The default on the router is set to Deny all. So, if the default configuration in the offering is set to true (Allow), we change the Egress here if (defaultEgressPolicy) { final List sourceCidr = new ArrayList(); diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py index c3c4cae11e0..55a4b942bd0 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py @@ -86,8 +86,14 @@ class CsAcl(CsDataBag): self.rule['first_port'] = obj['src_port_range'][0] self.rule['last_port'] = obj['src_port_range'][1] self.rule['allowed'] = True - self.rule['cidr'] = obj['source_cidr_list'] + + if self.rule['type'] == 'all' and not obj['source_cidr_list']: + self.rule['cidr'] = ['0.0.0.0/0'] + else: + self.rule['cidr'] = obj['source_cidr_list'] + self.rule['action'] = "ACCEPT" + logging.debug("AclIP created for rule ==> %s", self.rule) def create(self): for cidr in self.rule['cidr']: diff --git a/test/integration/component/test_routers_network_ops.py b/test/integration/component/test_routers_network_ops.py index 95ede49baf2..ba3e5e461f6 100644 --- a/test/integration/component/test_routers_network_ops.py +++ b/test/integration/component/test_routers_network_ops.py @@ -32,7 +32,8 @@ from marvin.lib.base import (ServiceOffering, FireWallRule, PublicIPAddress, NetworkOffering, - Network) + Network, + Router) from marvin.lib.common import (get_zone, get_template, get_domain, @@ -62,7 +63,7 @@ class TestRedundantIsolateNetworks(cloudstackTestCase): cls.domain = get_domain(cls.api_client) cls.zone = get_zone(cls.api_client, cls.testClient.getZoneForTests()) cls.services['mode'] = cls.zone.networktype - template = get_template( + cls.template = get_template( cls.api_client, cls.zone.id, cls.services["ostype"] @@ -157,34 +158,17 @@ class TestRedundantIsolateNetworks(cloudstackTestCase): ) nw_response = networks[0] - self.logger.debug("Network state: %s" % nw_response.state) - self.assertEqual( - nw_response.state, - "Allocated", - "The network should be in allocated state after creation" - ) - - self.logger.debug("Listing routers for network: %s" % network.name) - routers = Router.list( - self.apiclient, - networkid=network.id, - listall=True - ) - self.assertEqual( - routers, - None, - "Routers should not be spawned when network is in allocated state" - ) - self.logger.debug("Deploying VM in account: %s" % self.account.name) virtual_machine = VirtualMachine.create( self.apiclient, self.services["virtual_machine"], + templateid=self.template.id, accountid=self.account.name, domainid=self.account.domainid, serviceofferingid=self.service_offering.id, networkids=[str(network.id)] ) + self.logger.debug("Deployed VM in network: %s" % network.id) vms = VirtualMachine.list( @@ -234,10 +218,25 @@ class TestRedundantIsolateNetworks(cloudstackTestCase): network.id )) + public_ips = list_publicIP( + self.apiclient, + account=self.account.name, + domainid=self.account.domainid, + zoneid=self.zone.id + ) + + self.assertEqual( + isinstance(public_ips, list), + True, + "Check for list public IPs response return valid data" + ) + + public_ip_1 = public_ips[0] + self.logger.debug("Creating Firewall rule for VM ID: %s" % virtual_machine.id) FireWallRule.create( self.apiclient, - ipaddressid=public_ip.id, + ipaddressid=public_ip_1.id, protocol=self.services["natrule"]["protocol"], cidrlist=['0.0.0.0/0'], startport=self.services["natrule"]["publicport"], @@ -249,7 +248,7 @@ class TestRedundantIsolateNetworks(cloudstackTestCase): self.apiclient, virtual_machine, self.services["natrule"], - public_ip.id + public_ip_1.id ) self.cleanup.insert(0, network)