diff --git a/test/integration/component/test_netscaler_lb.py b/test/integration/component/test_netscaler_lb.py index 8375f25a7ed..4b380e904e1 100644 --- a/test/integration/component/test_netscaler_lb.py +++ b/test/integration/component/test_netscaler_lb.py @@ -163,7 +163,7 @@ class TestLbSourceNat(cloudstackTestCase): cls.services["ostype"] ) try: - cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services) + cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services["netscaler"]) cls._cleanup = [ cls.netscaler ] @@ -373,7 +373,7 @@ class TestLbOnIpWithPf(cloudstackTestCase): cls.services["ostype"] ) try: - cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services) + cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services["netscaler"]) cls._cleanup = [ cls.netscaler ] @@ -587,7 +587,7 @@ class TestPfOnIpWithLb(cloudstackTestCase): cls.services["ostype"] ) try: - cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services) + cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services["netscaler"]) cls._cleanup = [ cls.netscaler ] @@ -802,7 +802,7 @@ class TestLbOnNonSourceNat(cloudstackTestCase): cls.services["ostype"] ) try: - cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services) + cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services["netscaler"]) cls._cleanup = [ cls.netscaler ] @@ -1020,7 +1020,7 @@ class TestAddMultipleVmsLb(cloudstackTestCase): cls.services["ostype"] ) try: - cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services) + cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services["netscaler"]) cls._cleanup = [ cls.netscaler ] @@ -1300,7 +1300,7 @@ class TestMultipleLbRules(cloudstackTestCase): cls.services["ostype"] ) try: - cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services) + cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services["netscaler"]) cls._cleanup = [ cls.netscaler ] @@ -1620,7 +1620,7 @@ class TestMultipleLbRulesSameIp(cloudstackTestCase): cls.services["ostype"] ) try: - cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services) + cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services["netscaler"]) cls._cleanup = [ cls.netscaler ] @@ -1946,7 +1946,7 @@ class TestLoadBalancingRule(cloudstackTestCase): cls.services["ostype"] ) try: - cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services) + cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services["netscaler"]) cls._cleanup.append(cls.netscaler) cls.network_offering = NetworkOffering.create( cls.api_client, @@ -2160,7 +2160,7 @@ class TestDeleteCreateLBRule(cloudstackTestCase): cls.services["ostype"] ) try: - cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services) + cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services["netscaler"]) cls._cleanup.append(cls.netscaler) cls.network_offering = NetworkOffering.create( cls.api_client, @@ -2289,7 +2289,7 @@ class TestVmWithLb(cloudstackTestCase): cls.services["ostype"] ) try: - cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services) + cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services["netscaler"]) cls._cleanup.append(cls.netscaler) cls.network_offering = NetworkOffering.create( cls.api_client, diff --git a/test/integration/component/test_netscaler_lb_algo.py b/test/integration/component/test_netscaler_lb_algo.py index 24c1837f437..4df7b897a5b 100644 --- a/test/integration/component/test_netscaler_lb_algo.py +++ b/test/integration/component/test_netscaler_lb_algo.py @@ -130,7 +130,7 @@ class TestLbWithRoundRobin(cloudstackTestCase): cls.services["ostype"] ) try: - cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services) + cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services["netscaler"]) cls._cleanup = [ cls.netscaler ] @@ -344,7 +344,7 @@ class TestLbWithLeastConn(cloudstackTestCase): cls.services["ostype"] ) try: - cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services) + cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services["netscaler"]) cls._cleanup = [ cls.netscaler ] @@ -568,7 +568,7 @@ class TestLbWithSourceIp(cloudstackTestCase): cls.services["ostype"] ) try: - cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services) + cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services["netscaler"]) cls._cleanup = [ cls.netscaler ] @@ -784,7 +784,7 @@ class TestLbAlgoRrLc(cloudstackTestCase): cls.services["ostype"] ) try: - cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services) + cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services["netscaler"]) cls._cleanup.append(cls.netscaler) cls.network_offering = NetworkOffering.create( cls.api_client, @@ -989,7 +989,7 @@ class TestLbAlgoLcRr(cloudstackTestCase): cls.services["ostype"] ) try: - cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services) + cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services["netscaler"]) cls._cleanup.append(cls.netscaler) cls.network_offering = NetworkOffering.create( cls.api_client, @@ -1191,7 +1191,7 @@ class TestLbAlgoRrSb(cloudstackTestCase): cls.services["ostype"] ) try: - cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services) + cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services["netscaler"]) cls._cleanup.append(cls.netscaler) cls.network_offering = NetworkOffering.create( cls.api_client, @@ -1396,7 +1396,7 @@ class TestLbAlgoSbRr(cloudstackTestCase): cls.services["ostype"] ) try: - cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services) + cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services["netscaler"]) cls._cleanup.append(cls.netscaler) cls.network_offering = NetworkOffering.create( cls.api_client, @@ -1604,7 +1604,7 @@ class TestLbAlgoSbLc(cloudstackTestCase): cls.services["ostype"] ) try: - cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services) + cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services["netscaler"]) cls._cleanup.append(cls.netscaler) cls.network_offering = NetworkOffering.create( cls.api_client, @@ -1811,7 +1811,7 @@ class TestLbAlgoLcSb(cloudstackTestCase): cls.services["ostype"] ) try: - cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services) + cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services["netscaler"]) cls._cleanup.append(cls.netscaler) cls.network_offering = NetworkOffering.create( cls.api_client, diff --git a/test/integration/component/test_netscaler_lb_sticky.py b/test/integration/component/test_netscaler_lb_sticky.py index 7ec85a13f29..56964a9fd9e 100644 --- a/test/integration/component/test_netscaler_lb_sticky.py +++ b/test/integration/component/test_netscaler_lb_sticky.py @@ -131,7 +131,7 @@ class TestLbStickyPolicy(cloudstackTestCase): cls.services["ostype"] ) try: - cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services) + cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services["netscaler"]) cls._cleanup.append(cls.netscaler) cls.network_offering = NetworkOffering.create( cls.api_client, diff --git a/test/integration/component/test_netscaler_nw_off.py b/test/integration/component/test_netscaler_nw_off.py index 5742f09d933..cb49dbe258d 100644 --- a/test/integration/component/test_netscaler_nw_off.py +++ b/test/integration/component/test_netscaler_nw_off.py @@ -157,13 +157,36 @@ class Services: "publicport": 22, "openfirewall": False, }, + "lbrule_port_2221": { + "name": "SSH", + "alg": "leastconn", + # Algorithm used for load balancing + "privateport": 22, + "publicport": 2221, + "openfirewall": False, + }, + "natrule": { + "privateport": 22, + "publicport": 22, + "protocol": "TCP" + }, + "natrule_port_66": { + "privateport": 22, + "publicport": 66, + "protocol": "TCP" + }, + "fw_rule": { + "startport": 1, + "endport": 6000, + "cidr": '55.55.0.0/11', + # Any network (For creating FW rule) + }, "ostype": 'CentOS 5.3 (64-bit)', # Cent OS 5.3 (64 bit) "sleep": 60, "timeout": 10, } - class TestAddMultipleNetScaler(cloudstackTestCase): @classmethod @@ -2348,3 +2371,637 @@ class TestNwOffDToSUpgrade(cloudstackTestCase): except Exception as e: self.fail("Failed to create load balancing rule - %s" % e) return + +class TestNOWithNetscaler(cloudstackTestCase): + + @classmethod + def setUpClass(cls): + cls.api_client = super( + TestNOWithNetscaler, + cls + ).getClsTestClient().getApiClient() + + cls.services = Services().services + # Get Zone, Domain and templates + cls.domain = get_domain(cls.api_client, cls.services) + cls.zone = get_zone(cls.api_client, cls.services) + cls.services['mode'] = cls.zone.networktype + cls.template = get_template( + cls.api_client, + cls.zone.id, + cls.services["ostype"] + ) + + cls.services["virtual_machine"]["zoneid"] = cls.zone.id + cls.services["virtual_machine"]["template"] = cls.template.id + try: + cls.netscaler = add_netscaler(cls.api_client, cls.zone.id, cls.services["netscaler_1"]) + cls._cleanup = [ + cls.netscaler + ] + cls.service_offering = ServiceOffering.create( + cls.api_client, + cls.services["service_offering"] + ) + except Exception as e: + cls.tearDownClass() + raise Exception ("Warning: Exception in setUpClass: %s" % e) + return + + @classmethod + def tearDownClass(cls): + try: + #Cleanup resources used + cleanup_resources(cls.api_client, cls._cleanup) + except Exception as e: + raise Exception("Warning: Exception during cleanup : %s" % e) + return + + def setUp(self): + self.apiclient = self.testClient.getApiClient() + self.dbclient = self.testClient.getDbConnection() + self.account = Account.create( + self.apiclient, + self.services["account"], + admin=True, + domainid=self.domain.id + ) + self.cleanup = [] + return + + def tearDown(self): + try: + self.account.delete(self.apiclient) + cleanup_resources(self.apiclient, self.cleanup) + except Exception as e: + raise Exception("Warning: Exception during cleanup : %s" % e) + return + + @attr(tags = ["advancedns"]) + def test_01_network_off_without_conserve_mode(self): + """Test Nw off with Conserve mode off, VR-All services, LB-netscaler + """ + + + # Validate the following + # 1. Create a Network from the above network offering and deploy a VM. + # 2. On source NAT ipaddress, we should NOT be allowed to add LB rule + # 3. On source NAT ipaddress, we should NOT be allowed to add PF rule + # 4. On an ipaddress that has PF rules, we should NOT be allowed to + # add a LB rules. + # 5. On an ipaddress that has Lb rules , we should NOT allow firewall + # rules to be programmed. + # 6. On an ipaddress that has Lb rules , we should NOT allow PF rules + # to be programmed. + # 7. We should be allowed to program multiple PF rules on the same Ip + # address on different public ports. + # 8. We should be allowed to program multiple LB rules on the same Ip + # address for different public port ranges. + # 9. On source NAT ipaddress, we should NOT be allowed to Enable VPN. + + # Create a network offering with all virtual router services enabled + self.debug( + "Creating n/w offering with all services in VR, LB in NS & conserve mode:ON" + ) + self.network_offering = NetworkOffering.create( + self.api_client, + self.services["network_offering"], + conservemode=False + ) + self.cleanup.append(self.network_offering) + + self.debug("Created n/w offering with ID: %s" % + self.network_offering.id) + # Enable Network offering + self.network_offering.update(self.apiclient, state='Enabled') + + # Creating network using the network offering created + self.debug("Creating network with network offering: %s" % + self.network_offering.id) + self.network = Network.create( + self.apiclient, + self.services["network"], + accountid=self.account.name, + domainid=self.account.domainid, + networkofferingid=self.network_offering.id, + zoneid=self.zone.id + ) + self.debug("Created network with ID: %s" % self.network.id) + + self.debug("Deploying VM in account: %s" % self.account.name) + + # Spawn an instance in that network + virtual_machine = VirtualMachine.create( + self.apiclient, + self.services["virtual_machine"], + accountid=self.account.name, + domainid=self.account.domainid, + serviceofferingid=self.service_offering.id, + networkids=[str(self.network.id)] + ) + self.debug("Deployed VM in network: %s" % self.network.id) + + src_nat_list = PublicIPAddress.list( + self.apiclient, + associatednetworkid=self.network.id, + account=self.account.name, + domainid=self.account.domainid, + listall=True, + issourcenat=True, + ) + self.assertEqual( + isinstance(src_nat_list, list), + True, + "List Public IP should return a valid source NAT" + ) + self.assertNotEqual( + len(src_nat_list), + 0, + "Length of response from listPublicIp should not be 0" + ) + + src_nat = src_nat_list[0] + + self.debug("Trying to create LB rule on source NAT IP: %s" % + src_nat.ipaddress) + # Create Load Balancer rule with source NAT + with self.assertRaises(Exception): + LoadBalancerRule.create( + self.apiclient, + self.services["lbrule"], + ipaddressid=src_nat.id, + accountid=self.account.name + ) + + self.debug( + "Trying to create a port forwarding rule in source NAT: %s" % + src_nat.ipaddress) + #Create NAT rule + with self.assertRaises(Exception): + NATRule.create( + self.apiclient, + virtual_machine, + self.services["natrule"], + ipaddressid=src_nat.id + ) + self.debug("Creating firewall rule on source NAT: %s" % + src_nat.ipaddress) + #Create Firewall rule on source NAT + fw_rule = FireWallRule.create( + self.apiclient, + ipaddressid=src_nat.id, + protocol='TCP', + cidrlist=[self.services["fw_rule"]["cidr"]], + startport=self.services["fw_rule"]["startport"], + endport=self.services["fw_rule"]["endport"] + ) + + self.debug("Created firewall rule: %s" % fw_rule.id) + + fw_rules = FireWallRule.list( + self.apiclient, + id=fw_rule.id + ) + self.assertEqual( + isinstance(fw_rules, list), + True, + "List fw rules should return a valid firewall rules" + ) + + self.assertNotEqual( + len(fw_rules), + 0, + "Length of fw rules response should not be zero" + ) + + self.debug("Associating public IP for network: %s" % self.network.id) + ip_with_nat_rule = PublicIPAddress.create( + self.apiclient, + accountid=self.account.name, + zoneid=self.zone.id, + domainid=self.account.domainid, + networkid=self.network.id + ) + + self.debug("Associated %s with network %s" % ( + ip_with_nat_rule.ipaddress, + self.network.id + )) + self.debug("Creating PF rule for IP address: %s" % + ip_with_nat_rule.ipaddress) + NATRule.create( + self.apiclient, + virtual_machine, + self.services["natrule"], + ipaddressid=ip_with_nat_rule.ipaddress.id + ) + + self.debug("Trying to create LB rule on IP with NAT: %s" % + ip_with_nat_rule.ipaddress) + + # Create Load Balancer rule on IP already having NAT rule + with self.assertRaises(Exception): + LoadBalancerRule.create( + self.apiclient, + self.services["lbrule"], + ipaddressid=ip_with_nat_rule.ipaddress.id, + accountid=self.account.name + ) + self.debug("Creating PF rule with public port: 66") + + nat_rule = NATRule.create( + self.apiclient, + virtual_machine, + self.services["natrule_port_66"], + ipaddressid=ip_with_nat_rule.ipaddress.id + ) + + # Check if NAT rule created successfully + nat_rules = NATRule.list( + self.apiclient, + id=nat_rule.id + ) + + self.assertEqual( + isinstance(nat_rules, list), + True, + "List NAT rules should return valid list" + ) + + self.debug("Associating public IP for network: %s" % self.network.id) + ip_with_lb_rule = PublicIPAddress.create( + self.apiclient, + accountid=self.account.name, + zoneid=self.zone.id, + domainid=self.account.domainid, + networkid=self.network.id + ) + self.debug("Associated %s with network %s" % ( + ip_with_lb_rule.ipaddress, + self.network.id + )) + self.debug("Creating LB rule for IP address: %s" % + ip_with_lb_rule.ipaddress) + + LoadBalancerRule.create( + self.apiclient, + self.services["lbrule"], + ipaddressid=ip_with_lb_rule.ipaddress.id, + accountid=self.account.name, + networkid=self.network.id + ) + + self.debug("Trying to create PF rule on IP with LB rule: %s" % + ip_with_nat_rule.ipaddress) + + with self.assertRaises(Exception): + NATRule.create( + self.apiclient, + virtual_machine, + self.services["natrule"], + ipaddressid=ip_with_lb_rule.ipaddress.id + ) + + self.debug("Trying to create FW rule on IP with LB rule") + with self.assertRaises(Exception): + FireWallRule.create( + self.apiclient, + ipaddressid=src_nat.id, + protocol='TCP', + cidrlist=[self.services["fw_rule"]["cidr"]], + startport=self.services["fw_rule"]["startport"], + endport=self.services["fw_rule"]["endport"] + ) + + self.debug("Creating LB rule with public port: 2221") + lb_rule = LoadBalancerRule.create( + self.apiclient, + self.services["lbrule_port_2221"], + ipaddressid=ip_with_lb_rule.ipaddress.id, + accountid=self.account.name, + networkid=self.network.id + ) + + # Check if NAT rule created successfully + lb_rules = LoadBalancerRule.list( + self.apiclient, + id=lb_rule.id + ) + + self.assertEqual( + isinstance(lb_rules, list), + True, + "List LB rules should return valid list" + ) + + # User should be able to enable VPN on source NAT + self.debug("Enabling VPN on source NAT IP: %s" % src_nat.ipaddress) + # Assign VPN to source NAT + with self.assertRaises(Exception): + Vpn.create( + self.apiclient, + src_nat.id, + account=self.account.name, + domainid=self.account.domainid + ) + return + + @attr(tags = ["advancedns"]) + def test_02_network_off_with_conserve_mode_netscaler(self): + """Test NW off with Conserve mode ON, LB-Netscaler and VR-All services + """ + + + # Validate the following + # 1. Create a Network from the above network offering and deploy a VM. + # 2. On source NAT ipaddress, we should NOT be allowed to add LB rule + # 3. On source NAT ipaddress, we should be allowed to add PF rule and + # Fierwall rules. + # 4. On an ipaddress that has PF rules, we should NOT be allowed to + # add a LB rules. + # 5. On an ipaddress that has Lb rules , we should NOT allow firewall + # rules to be programmed. + # 6. On an ipaddress that has Lb rules , we should NOT allow PF rules + # to be programmed. + # 7. We should be allowed to program multiple PF rules on the same Ip + # address on different public ports. + # 8. We should be allowed to program multiple LB rules on the same Ip + # address for different public port ranges. + # 9. On source NAT ipaddress, we should be allowed to Enable VPN. + + # Create a network offering with all virtual router services enabled + self.debug( + "Creating n/w offering with all services in VR & conserve mode:ON" + ) + self.network_offering = NetworkOffering.create( + self.api_client, + self.services["network_offering"], + conservemode=True + ) + self.cleanup.append(self.network_offering) + + self.debug("Created n/w offering with ID: %s" % + self.network_offering.id) + # Enable Network offering + self.network_offering.update(self.apiclient, state='Enabled') + + # Creating network using the network offering created + self.debug("Creating network with network offering: %s" % + self.network_offering.id) + self.network = Network.create( + self.apiclient, + self.services["network"], + accountid=self.account.name, + domainid=self.account.domainid, + networkofferingid=self.network_offering.id, + zoneid=self.zone.id + ) + self.debug("Created network with ID: %s" % self.network.id) + + self.debug("Deploying VM in account: %s" % self.account.name) + + # Spawn an instance in that network + virtual_machine = VirtualMachine.create( + self.apiclient, + self.services["virtual_machine"], + accountid=self.account.name, + domainid=self.account.domainid, + serviceofferingid=self.service_offering.id, + networkids=[str(self.network.id)] + ) + self.debug("Deployed VM in network: %s" % self.network.id) + + src_nat_list = PublicIPAddress.list( + self.apiclient, + associatednetworkid=self.network.id, + account=self.account.name, + domainid=self.account.domainid, + listall=True, + issourcenat=True, + ) + self.assertEqual( + isinstance(src_nat_list, list), + True, + "List Public IP should return a valid source NAT" + ) + self.assertNotEqual( + len(src_nat_list), + 0, + "Length of response from listPublicIp should not be 0" + ) + + src_nat = src_nat_list[0] + + self.debug("Trying to create LB rule on source NAT IP: %s" % + src_nat.ipaddress) + # Create Load Balancer rule with source NAT + with self.assertRaises(Exception): + LoadBalancerRule.create( + self.apiclient, + self.services["lbrule"], + ipaddressid=src_nat.id, + accountid=self.account.name + ) + + self.debug( + "Trying to create a port forwarding rule in source NAT: %s" % + src_nat.ipaddress) + #Create NAT rule + nat_rule = NATRule.create( + self.apiclient, + virtual_machine, + self.services["natrule"], + ipaddressid=src_nat.id + ) + self.debug("Created PF rule on source NAT: %s" % src_nat.ipaddress) + + nat_rules = NATRule.list( + self.apiclient, + id=nat_rule.id + ) + self.assertEqual( + isinstance(nat_rules, list), + True, + "List NAT should return a valid port forwarding rules" + ) + self.assertNotEqual( + len(nat_rules), + 0, + "Length of response from listLbRules should not be 0" + ) + self.debug("Creating firewall rule on source NAT: %s" % + src_nat.ipaddress) + #Create Firewall rule on source NAT + fw_rule = FireWallRule.create( + self.apiclient, + ipaddressid=src_nat.id, + protocol='TCP', + cidrlist=[self.services["fw_rule"]["cidr"]], + startport=self.services["fw_rule"]["startport"], + endport=self.services["fw_rule"]["endport"] + ) + self.debug("Created firewall rule: %s" % fw_rule.id) + + fw_rules = FireWallRule.list( + self.apiclient, + id=fw_rule.id + ) + self.assertEqual( + isinstance(fw_rules, list), + True, + "List fw rules should return a valid firewall rules" + ) + + self.assertNotEqual( + len(fw_rules), + 0, + "Length of fw rules response should not be zero" + ) + self.debug("Associating public IP for network: %s" % self.network.id) + ip_with_nat_rule = PublicIPAddress.create( + self.apiclient, + accountid=self.account.name, + zoneid=self.zone.id, + domainid=self.account.domainid, + networkid=self.network.id + ) + + self.debug("Associated %s with network %s" % ( + ip_with_nat_rule.ipaddress, + self.network.id + )) + self.debug("Creating PF rule for IP address: %s" % + ip_with_nat_rule.ipaddress) + NATRule.create( + self.apiclient, + virtual_machine, + self.services["natrule"], + ipaddressid=ip_with_nat_rule.ipaddress.id + ) + + self.debug("Trying to create LB rule on IP with NAT: %s" % + ip_with_nat_rule.ipaddress) + + # Create Load Balancer rule on IP already having NAT rule + with self.assertRaises(Exception): + LoadBalancerRule.create( + self.apiclient, + self.services["lbrule"], + ipaddressid=ip_with_nat_rule.ipaddress.id, + accountid=self.account.name + ) + self.debug("Creating PF rule with public port: 66") + + nat_rule = NATRule.create( + self.apiclient, + virtual_machine, + self.services["natrule_port_66"], + ipaddressid=ip_with_nat_rule.ipaddress.id + ) + + # Check if NAT rule created successfully + nat_rules = NATRule.list( + self.apiclient, + id=nat_rule.id + ) + + self.assertEqual( + isinstance(nat_rules, list), + True, + "List NAT rules should return valid list" + ) + + self.debug("Associating public IP for network: %s" % self.network.id) + ip_with_lb_rule = PublicIPAddress.create( + self.apiclient, + accountid=self.account.name, + zoneid=self.zone.id, + domainid=self.account.domainid, + networkid=self.network.id + ) + self.debug("Associated %s with network %s" % ( + ip_with_lb_rule.ipaddress, + self.network.id + )) + self.debug("Creating LB rule for IP address: %s" % + ip_with_lb_rule.ipaddress) + + LoadBalancerRule.create( + self.apiclient, + self.services["lbrule"], + ipaddressid=ip_with_lb_rule.ipaddress.id, + accountid=self.account.name, + networkid=self.network.id + ) + + self.debug("Trying to create PF rule on IP with LB rule: %s" % + ip_with_nat_rule.ipaddress) + + with self.assertRaises(Exception): + NATRule.create( + self.apiclient, + virtual_machine, + self.services["natrule"], + ipaddressid=ip_with_lb_rule.ipaddress.id + ) + + self.debug("Trying to create FW rule on IP with LB rule") + with self.assertRaises(Exception): + FireWallRule.create( + self.apiclient, + ipaddressid=src_nat.id, + protocol='TCP', + cidrlist=[self.services["fw_rule"]["cidr"]], + startport=self.services["fw_rule"]["startport"], + endport=self.services["fw_rule"]["endport"] + ) + + self.debug("Creating LB rule with public port: 2221") + lb_rule = LoadBalancerRule.create( + self.apiclient, + self.services["lbrule_port_2221"], + ipaddressid=ip_with_lb_rule.ipaddress.id, + accountid=self.account.name, + networkid=self.network.id + ) + + # Check if NAT rule created successfully + lb_rules = LoadBalancerRule.list( + self.apiclient, + id=lb_rule.id + ) + + self.assertEqual( + isinstance(lb_rules, list), + True, + "List LB rules should return valid list" + ) + + # User should be able to enable VPN on source NAT + self.debug("Created VPN with source NAT IP: %s" % src_nat.ipaddress) + # Assign VPN to source NAT + vpn = Vpn.create( + self.apiclient, + src_nat.id, + account=self.account.name, + domainid=self.account.domainid + ) + + vpns = Vpn.list( + self.apiclient, + publicipid=src_nat.id, + listall=True, + ) + + self.assertEqual( + isinstance(vpns, list), + True, + "List VPNs should return a valid VPN list" + ) + + self.assertNotEqual( + len(vpns), + 0, + "Length of list VNP response should not be zero" + ) + return diff --git a/test/integration/component/test_network_offering.py b/test/integration/component/test_network_offering.py index e8a7b971017..335f8592ff0 100644 --- a/test/integration/component/test_network_offering.py +++ b/test/integration/component/test_network_offering.py @@ -729,634 +729,6 @@ class TestNOVirtualRouter(cloudstackTestCase): return -class TestNOWithNetscaler(cloudstackTestCase): - - @classmethod - def setUpClass(cls): - cls.api_client = super( - TestNOWithNetscaler, - cls - ).getClsTestClient().getApiClient() - cls.services = Services().services - # Get Zone, Domain and templates - cls.domain = get_domain(cls.api_client, cls.services) - cls.zone = get_zone(cls.api_client, cls.services) - cls.services['mode'] = cls.zone.networktype - cls.template = get_template( - cls.api_client, - cls.zone.id, - cls.services["ostype"] - ) - cls.services["virtual_machine"]["zoneid"] = cls.zone.id - cls.services["virtual_machine"]["template"] = cls.template.id - - cls.service_offering = ServiceOffering.create( - cls.api_client, - cls.services["service_offering"] - ) - cls._cleanup = [ - cls.service_offering, - ] - return - - @classmethod - def tearDownClass(cls): - try: - #Cleanup resources used - cleanup_resources(cls.api_client, cls._cleanup) - except Exception as e: - raise Exception("Warning: Exception during cleanup : %s" % e) - return - - def setUp(self): - self.apiclient = self.testClient.getApiClient() - self.dbclient = self.testClient.getDbConnection() - self.account = Account.create( - self.apiclient, - self.services["account"], - admin=True, - domainid=self.domain.id - ) - self.cleanup = [] - return - - def tearDown(self): - try: - self.account.delete(self.apiclient) - cleanup_resources(self.apiclient, self.cleanup) - except Exception as e: - raise Exception("Warning: Exception during cleanup : %s" % e) - return - - @attr(tags = ["advancedns"]) - def test_01_network_off_without_conserve_mode(self): - """Test Nw off with Conserve mode off, VR-All services, LB-netscaler - """ - - - # Validate the following - # 1. Create a Network from the above network offering and deploy a VM. - # 2. On source NAT ipaddress, we should NOT be allowed to add LB rule - # 3. On source NAT ipaddress, we should NOT be allowed to add PF rule - # 4. On an ipaddress that has PF rules, we should NOT be allowed to - # add a LB rules. - # 5. On an ipaddress that has Lb rules , we should NOT allow firewall - # rules to be programmed. - # 6. On an ipaddress that has Lb rules , we should NOT allow PF rules - # to be programmed. - # 7. We should be allowed to program multiple PF rules on the same Ip - # address on different public ports. - # 8. We should be allowed to program multiple LB rules on the same Ip - # address for different public port ranges. - # 9. On source NAT ipaddress, we should NOT be allowed to Enable VPN. - - # Create a network offering with all virtual router services enabled - self.debug( - "Creating n/w offering with all services in VR & conserve mode:ON" - ) - self.network_offering = NetworkOffering.create( - self.api_client, - self.services["network_offering_netscaler"], - conservemode=False - ) - self.cleanup.append(self.network_offering) - - self.debug("Created n/w offering with ID: %s" % - self.network_offering.id) - # Enable Network offering - self.network_offering.update(self.apiclient, state='Enabled') - - # Creating network using the network offering created - self.debug("Creating network with network offering: %s" % - self.network_offering.id) - self.network = Network.create( - self.apiclient, - self.services["network"], - accountid=self.account.name, - domainid=self.account.domainid, - networkofferingid=self.network_offering.id, - zoneid=self.zone.id - ) - self.debug("Created network with ID: %s" % self.network.id) - - self.debug("Deploying VM in account: %s" % self.account.name) - - # Spawn an instance in that network - virtual_machine = VirtualMachine.create( - self.apiclient, - self.services["virtual_machine"], - accountid=self.account.name, - domainid=self.account.domainid, - serviceofferingid=self.service_offering.id, - networkids=[str(self.network.id)] - ) - self.debug("Deployed VM in network: %s" % self.network.id) - - src_nat_list = PublicIPAddress.list( - self.apiclient, - associatednetworkid=self.network.id, - account=self.account.name, - domainid=self.account.domainid, - listall=True, - issourcenat=True, - ) - self.assertEqual( - isinstance(src_nat_list, list), - True, - "List Public IP should return a valid source NAT" - ) - self.assertNotEqual( - len(src_nat_list), - 0, - "Length of response from listPublicIp should not be 0" - ) - - src_nat = src_nat_list[0] - - self.debug("Trying to create LB rule on source NAT IP: %s" % - src_nat.ipaddress) - # Create Load Balancer rule with source NAT - with self.assertRaises(Exception): - LoadBalancerRule.create( - self.apiclient, - self.services["lbrule"], - ipaddressid=src_nat.id, - accountid=self.account.name - ) - - self.debug( - "Trying to create a port forwarding rule in source NAT: %s" % - src_nat.ipaddress) - #Create NAT rule - with self.assertRaises(Exception): - NATRule.create( - self.apiclient, - virtual_machine, - self.services["natrule"], - ipaddressid=src_nat.id - ) - self.debug("Creating firewall rule on source NAT: %s" % - src_nat.ipaddress) - #Create Firewall rule on source NAT - fw_rule = FireWallRule.create( - self.apiclient, - ipaddressid=src_nat.id, - protocol='TCP', - cidrlist=[self.services["fw_rule"]["cidr"]], - startport=self.services["fw_rule"]["startport"], - endport=self.services["fw_rule"]["endport"] - ) - - self.debug("Created firewall rule: %s" % fw_rule.id) - - fw_rules = FireWallRule.list( - self.apiclient, - id=fw_rule.id - ) - self.assertEqual( - isinstance(fw_rules, list), - True, - "List fw rules should return a valid firewall rules" - ) - - self.assertNotEqual( - len(fw_rules), - 0, - "Length of fw rules response should not be zero" - ) - - self.debug("Associating public IP for network: %s" % self.network.id) - ip_with_nat_rule = PublicIPAddress.create( - self.apiclient, - accountid=self.account.name, - zoneid=self.zone.id, - domainid=self.account.domainid, - networkid=self.network.id - ) - - self.debug("Associated %s with network %s" % ( - ip_with_nat_rule.ipaddress, - self.network.id - )) - self.debug("Creating PF rule for IP address: %s" % - ip_with_nat_rule.ipaddress) - NATRule.create( - self.apiclient, - virtual_machine, - self.services["natrule"], - ipaddressid=ip_with_nat_rule.ipaddress.id - ) - - self.debug("Trying to create LB rule on IP with NAT: %s" % - ip_with_nat_rule.ipaddress) - - # Create Load Balancer rule on IP already having NAT rule - with self.assertRaises(Exception): - LoadBalancerRule.create( - self.apiclient, - self.services["lbrule"], - ipaddressid=ip_with_nat_rule.ipaddress.id, - accountid=self.account.name - ) - self.debug("Creating PF rule with public port: 66") - - nat_rule = NATRule.create( - self.apiclient, - virtual_machine, - self.services["natrule_port_66"], - ipaddressid=ip_with_nat_rule.ipaddress.id - ) - - # Check if NAT rule created successfully - nat_rules = NATRule.list( - self.apiclient, - id=nat_rule.id - ) - - self.assertEqual( - isinstance(nat_rules, list), - True, - "List NAT rules should return valid list" - ) - - self.debug("Associating public IP for network: %s" % self.network.id) - ip_with_lb_rule = PublicIPAddress.create( - self.apiclient, - accountid=self.account.name, - zoneid=self.zone.id, - domainid=self.account.domainid, - networkid=self.network.id - ) - self.debug("Associated %s with network %s" % ( - ip_with_lb_rule.ipaddress, - self.network.id - )) - self.debug("Creating LB rule for IP address: %s" % - ip_with_lb_rule.ipaddress) - - LoadBalancerRule.create( - self.apiclient, - self.services["lbrule"], - ipaddressid=ip_with_lb_rule.ipaddress.id, - accountid=self.account.name, - networkid=self.network.id - ) - - self.debug("Trying to create PF rule on IP with LB rule: %s" % - ip_with_nat_rule.ipaddress) - - with self.assertRaises(Exception): - NATRule.create( - self.apiclient, - virtual_machine, - self.services["natrule"], - ipaddressid=ip_with_lb_rule.ipaddress.id - ) - - self.debug("Trying to create FW rule on IP with LB rule") - with self.assertRaises(Exception): - FireWallRule.create( - self.apiclient, - ipaddressid=src_nat.id, - protocol='TCP', - cidrlist=[self.services["fw_rule"]["cidr"]], - startport=self.services["fw_rule"]["startport"], - endport=self.services["fw_rule"]["endport"] - ) - - self.debug("Creating LB rule with public port: 2221") - lb_rule = LoadBalancerRule.create( - self.apiclient, - self.services["lbrule_port_2221"], - ipaddressid=ip_with_lb_rule.ipaddress.id, - accountid=self.account.name, - networkid=self.network.id - ) - - # Check if NAT rule created successfully - lb_rules = LoadBalancerRule.list( - self.apiclient, - id=lb_rule.id - ) - - self.assertEqual( - isinstance(lb_rules, list), - True, - "List LB rules should return valid list" - ) - - # User should be able to enable VPN on source NAT - self.debug("Enabling VPN on source NAT IP: %s" % src_nat.ipaddress) - # Assign VPN to source NAT - with self.assertRaises(Exception): - Vpn.create( - self.apiclient, - src_nat.id, - account=self.account.name, - domainid=self.account.domainid - ) - return - - @attr(tags = ["advancedns"]) - def test_02_network_off_with_conserve_mode_netscaler(self): - """Test NW off with Conserve mode ON, LB-Netscaler and VR-All services - """ - - - # Validate the following - # 1. Create a Network from the above network offering and deploy a VM. - # 2. On source NAT ipaddress, we should NOT be allowed to add LB rule - # 3. On source NAT ipaddress, we should be allowed to add PF rule and - # Fierwall rules. - # 4. On an ipaddress that has PF rules, we should NOT be allowed to - # add a LB rules. - # 5. On an ipaddress that has Lb rules , we should NOT allow firewall - # rules to be programmed. - # 6. On an ipaddress that has Lb rules , we should NOT allow PF rules - # to be programmed. - # 7. We should be allowed to program multiple PF rules on the same Ip - # address on different public ports. - # 8. We should be allowed to program multiple LB rules on the same Ip - # address for different public port ranges. - # 9. On source NAT ipaddress, we should be allowed to Enable VPN. - - # Create a network offering with all virtual router services enabled - self.debug( - "Creating n/w offering with all services in VR & conserve mode:ON" - ) - self.network_offering = NetworkOffering.create( - self.api_client, - self.services["network_offering_netscaler"], - conservemode=True - ) - self.cleanup.append(self.network_offering) - - self.debug("Created n/w offering with ID: %s" % - self.network_offering.id) - # Enable Network offering - self.network_offering.update(self.apiclient, state='Enabled') - - # Creating network using the network offering created - self.debug("Creating network with network offering: %s" % - self.network_offering.id) - self.network = Network.create( - self.apiclient, - self.services["network"], - accountid=self.account.name, - domainid=self.account.domainid, - networkofferingid=self.network_offering.id, - zoneid=self.zone.id - ) - self.debug("Created network with ID: %s" % self.network.id) - - self.debug("Deploying VM in account: %s" % self.account.name) - - # Spawn an instance in that network - virtual_machine = VirtualMachine.create( - self.apiclient, - self.services["virtual_machine"], - accountid=self.account.name, - domainid=self.account.domainid, - serviceofferingid=self.service_offering.id, - networkids=[str(self.network.id)] - ) - self.debug("Deployed VM in network: %s" % self.network.id) - - src_nat_list = PublicIPAddress.list( - self.apiclient, - associatednetworkid=self.network.id, - account=self.account.name, - domainid=self.account.domainid, - listall=True, - issourcenat=True, - ) - self.assertEqual( - isinstance(src_nat_list, list), - True, - "List Public IP should return a valid source NAT" - ) - self.assertNotEqual( - len(src_nat_list), - 0, - "Length of response from listPublicIp should not be 0" - ) - - src_nat = src_nat_list[0] - - self.debug("Trying to create LB rule on source NAT IP: %s" % - src_nat.ipaddress) - # Create Load Balancer rule with source NAT - with self.assertRaises(Exception): - LoadBalancerRule.create( - self.apiclient, - self.services["lbrule"], - ipaddressid=src_nat.id, - accountid=self.account.name - ) - - self.debug( - "Trying to create a port forwarding rule in source NAT: %s" % - src_nat.ipaddress) - #Create NAT rule - nat_rule = NATRule.create( - self.apiclient, - virtual_machine, - self.services["natrule"], - ipaddressid=src_nat.id - ) - self.debug("Created PF rule on source NAT: %s" % src_nat.ipaddress) - - nat_rules = NATRule.list( - self.apiclient, - id=nat_rule.id - ) - self.assertEqual( - isinstance(nat_rules, list), - True, - "List NAT should return a valid port forwarding rules" - ) - self.assertNotEqual( - len(nat_rules), - 0, - "Length of response from listLbRules should not be 0" - ) - self.debug("Creating firewall rule on source NAT: %s" % - src_nat.ipaddress) - #Create Firewall rule on source NAT - fw_rule = FireWallRule.create( - self.apiclient, - ipaddressid=src_nat.id, - protocol='TCP', - cidrlist=[self.services["fw_rule"]["cidr"]], - startport=self.services["fw_rule"]["startport"], - endport=self.services["fw_rule"]["endport"] - ) - self.debug("Created firewall rule: %s" % fw_rule.id) - - fw_rules = FireWallRule.list( - self.apiclient, - id=fw_rule.id - ) - self.assertEqual( - isinstance(fw_rules, list), - True, - "List fw rules should return a valid firewall rules" - ) - - self.assertNotEqual( - len(fw_rules), - 0, - "Length of fw rules response should not be zero" - ) - self.debug("Associating public IP for network: %s" % self.network.id) - ip_with_nat_rule = PublicIPAddress.create( - self.apiclient, - accountid=self.account.name, - zoneid=self.zone.id, - domainid=self.account.domainid, - networkid=self.network.id - ) - - self.debug("Associated %s with network %s" % ( - ip_with_nat_rule.ipaddress, - self.network.id - )) - self.debug("Creating PF rule for IP address: %s" % - ip_with_nat_rule.ipaddress) - NATRule.create( - self.apiclient, - virtual_machine, - self.services["natrule"], - ipaddressid=ip_with_nat_rule.ipaddress.id - ) - - self.debug("Trying to create LB rule on IP with NAT: %s" % - ip_with_nat_rule.ipaddress) - - # Create Load Balancer rule on IP already having NAT rule - with self.assertRaises(Exception): - LoadBalancerRule.create( - self.apiclient, - self.services["lbrule"], - ipaddressid=ip_with_nat_rule.ipaddress.id, - accountid=self.account.name - ) - self.debug("Creating PF rule with public port: 66") - - nat_rule = NATRule.create( - self.apiclient, - virtual_machine, - self.services["natrule_port_66"], - ipaddressid=ip_with_nat_rule.ipaddress.id - ) - - # Check if NAT rule created successfully - nat_rules = NATRule.list( - self.apiclient, - id=nat_rule.id - ) - - self.assertEqual( - isinstance(nat_rules, list), - True, - "List NAT rules should return valid list" - ) - - self.debug("Associating public IP for network: %s" % self.network.id) - ip_with_lb_rule = PublicIPAddress.create( - self.apiclient, - accountid=self.account.name, - zoneid=self.zone.id, - domainid=self.account.domainid, - networkid=self.network.id - ) - self.debug("Associated %s with network %s" % ( - ip_with_lb_rule.ipaddress, - self.network.id - )) - self.debug("Creating LB rule for IP address: %s" % - ip_with_lb_rule.ipaddress) - - LoadBalancerRule.create( - self.apiclient, - self.services["lbrule"], - ipaddressid=ip_with_lb_rule.ipaddress.id, - accountid=self.account.name, - networkid=self.network.id - ) - - self.debug("Trying to create PF rule on IP with LB rule: %s" % - ip_with_nat_rule.ipaddress) - - with self.assertRaises(Exception): - NATRule.create( - self.apiclient, - virtual_machine, - self.services["natrule"], - ipaddressid=ip_with_lb_rule.ipaddress.id - ) - - self.debug("Trying to create FW rule on IP with LB rule") - with self.assertRaises(Exception): - FireWallRule.create( - self.apiclient, - ipaddressid=src_nat.id, - protocol='TCP', - cidrlist=[self.services["fw_rule"]["cidr"]], - startport=self.services["fw_rule"]["startport"], - endport=self.services["fw_rule"]["endport"] - ) - - self.debug("Creating LB rule with public port: 2221") - lb_rule = LoadBalancerRule.create( - self.apiclient, - self.services["lbrule_port_2221"], - ipaddressid=ip_with_lb_rule.ipaddress.id, - accountid=self.account.name, - networkid=self.network.id - ) - - # Check if NAT rule created successfully - lb_rules = LoadBalancerRule.list( - self.apiclient, - id=lb_rule.id - ) - - self.assertEqual( - isinstance(lb_rules, list), - True, - "List LB rules should return valid list" - ) - - # User should be able to enable VPN on source NAT - self.debug("Created VPN with source NAT IP: %s" % src_nat.ipaddress) - # Assign VPN to source NAT - vpn = Vpn.create( - self.apiclient, - src_nat.id, - account=self.account.name, - domainid=self.account.domainid - ) - - vpns = Vpn.list( - self.apiclient, - publicipid=src_nat.id, - listall=True, - ) - - self.assertEqual( - isinstance(vpns, list), - True, - "List VPNs should return a valid VPN list" - ) - - self.assertNotEqual( - len(vpns), - 0, - "Length of list VNP response should not be zero" - ) - return - class TestNetworkUpgrade(cloudstackTestCase): diff --git a/tools/marvin/marvin/integration/lib/common.py b/tools/marvin/marvin/integration/lib/common.py index 7e8d92d6864..f27e87df38f 100644 --- a/tools/marvin/marvin/integration/lib/common.py +++ b/tools/marvin/marvin/integration/lib/common.py @@ -59,7 +59,7 @@ def wait_for_cleanup(apiclient, configs=None): time.sleep(int(config_desc.value)) return -def add_netscaler(apiclient, zoneid, services=None): +def add_netscaler(apiclient, zoneid, NSservice): """ Adds Netscaler device and enables NS provider""" cmd = listPhysicalNetworks.listPhysicalNetworksCmd() @@ -70,7 +70,7 @@ def add_netscaler(apiclient, zoneid, services=None): netscaler = NetScaler.add( apiclient, - services["netscaler"], + NSservice, physicalnetworkid=physical_network.id )