From 0790c3b0a14a69252a93ca6951e991b0a48867fc Mon Sep 17 00:00:00 2001 From: Alok Kumar Date: Tue, 8 Jul 2014 04:18:37 -0700 Subject: [PATCH 1/3] read self.cs_si from api again in case of retry --- fixtures/svc_instance_fixture.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fixtures/svc_instance_fixture.py b/fixtures/svc_instance_fixture.py index 302520fc2..f90609a06 100644 --- a/fixtures/svc_instance_fixture.py +++ b/fixtures/svc_instance_fixture.py @@ -153,6 +153,8 @@ def verify_st(self): @retry(delay=10, tries=15) def verify_svm(self): """check Service VM""" + self.cs_si = self.api_s_inspect.get_cs_si( + project=self.project_name, si=self.si_name, refresh=True) try: self.vm_refs = self.cs_si[ 'service-instance']['virtual_machine_back_refs'] From 6f08a97e7545e92104e4604ab53d196b07b1295f Mon Sep 17 00:00:00 2001 From: Alok Kumar Date: Tue, 8 Jul 2014 06:38:21 -0700 Subject: [PATCH 2/3] moving SI-Policy mapping to topo_helper to create it dynamically --- scripts/flow_tests/system_test_topo.py | 5 +---- scripts/project_setup.py | 2 ++ scripts/sdn_policy_traffic_test_topo.py | 2 -- scripts/topo_helper.py | 26 +++++++++++++++++++++++++ 4 files changed, 29 insertions(+), 6 deletions(-) diff --git a/scripts/flow_tests/system_test_topo.py b/scripts/flow_tests/system_test_topo.py index 739ae4d19..a0b398354 100755 --- a/scripts/flow_tests/system_test_topo.py +++ b/scripts/flow_tests/system_test_topo.py @@ -141,10 +141,7 @@ def build_topo_project1(self, domain='default-domain', project='project1', usern self.si_params[self.si_list[0]] = {'svc_template':self.st_list[0], 'if_list':self.st_params[self.st_list[0]]['if_list'], 'left_vn':None} self.si_params[self.si_list[1]] = {'svc_template':self.st_list[1], 'if_list':self.st_params[self.st_list[1]]['if_list'], 'left_vn':None} - self.pol_si= {self.policy_list[1]:self.si_list[0], self.policy_list[2]:self.si_list[1]} - self.si_pol = {self.si_list[0]:self.policy_list[1], self.si_list[1]:self.policy_list[2]} - - # Define security_group name + # Define security_group name self.sg_list = ['test_sg_p1'] # # Define security_group with vm diff --git a/scripts/project_setup.py b/scripts/project_setup.py index 65978a11c..812e9c8a3 100644 --- a/scripts/project_setup.py +++ b/scripts/project_setup.py @@ -76,6 +76,8 @@ def setUp(self): topo_helper_obj = topology_helper(self.topo) self.topo.vmc_list = topo_helper_obj.get_vmc_list() self.topo.policy_vn = topo_helper_obj.get_policy_vn() + self.topo.pol_si = topo_helper_obj.get_si_of_pol() + self.topo.si_pol = topo_helper_obj.get_pol_of_si() self.logger.info("Starting setup") topo_steps.createProject(self) topo_steps.createSec_group(self, option=self.config_option) diff --git a/scripts/sdn_policy_traffic_test_topo.py b/scripts/sdn_policy_traffic_test_topo.py index 9795e3089..81c98b41f 100755 --- a/scripts/sdn_policy_traffic_test_topo.py +++ b/scripts/sdn_policy_traffic_test_topo.py @@ -359,8 +359,6 @@ def build_topo(self, domain='default-domain', project='admin', num_compute=1, tr self.si_params[self.si_list[0]] = {'svc_template':self.st_list[0], 'if_list':self.st_params[self.st_list[0]]['if_list'], 'left_vn':None} self.si_params[self.si_list[1]] = {'svc_template':self.st_list[1], 'if_list':self.st_params[self.st_list[1]]['if_list'], 'left_vn':None} - self.pol_si= {self.policy_list[2]:self.si_list[0]} - self.si_pol = {self.si_list[0]:self.policy_list[2]} return self # end build_topo # end class sdn_2vn_xvm_config diff --git a/scripts/topo_helper.py b/scripts/topo_helper.py index 9dce9fd8b..1014813c2 100644 --- a/scripts/topo_helper.py +++ b/scripts/topo_helper.py @@ -8,8 +8,12 @@ def __init__(self, topology_obj): self.vnet_list = self.topo_dict['vnet_list'] self.vn_policy = self.topo_dict['vn_policy'] self.policy_list = self.topo_dict['policy_list'] + self.rules = self.topo_dict['rules'] + self.si_list = self.topo_dict['si_list'] self.vmc_list = [] self.policy_vn = {} + self.pol_si = {} + self.si_pol = {} def get_vmc_list(self): vn_vm_l = self.topo_dict['vn_of_vm'] @@ -39,4 +43,26 @@ def get_vm_of_vn(self): for k, v in vn_vm_l.items(): self.vm_of_vn[v].append(k) return self.vm_of_vn + + def get_si_of_pol(self): + '''return SI for the policies''' + for policy in self.policy_list: + self.pol_si[policy] = [] + for rule in self.rules[policy]: + if 'action_list' in rule: + if 'mirror_to' in rule['action_list']: + self.pol_si[policy].append(rule['action_list']['mirror_to']['analyzer_name'].split(':')[-1]) + + return self.pol_si + + def get_pol_of_si(self): + '''return all policies where SI is used''' + self.get_si_of_pol() + for si in self.si_list: + self.si_pol[si] = [] + for k in self.pol_si: + for v in self.pol_si[k]: + self.si_pol[v].append(k) + return self.si_pol + # end From d30dfafa23c516551975603aa11c814601b3ef47 Mon Sep 17 00:00:00 2001 From: Alok Kumar Date: Tue, 8 Jul 2014 14:25:17 -0700 Subject: [PATCH 3/3] new SG tests and other related changes --- fixtures/nova_test.py | 2 +- scripts/flow_tests/sdn_flow_test_topo.py | 134 ++++++++++++++++++ scripts/flow_tests/sdn_flow_tests.py | 89 ++++++++++++ scripts/flow_tests/system_test_topo.py | 4 +- scripts/policy_test_helper.py | 26 ++-- scripts/sdn_policy_topo_with_multi_project.py | 16 +-- scripts/topo_helper.py | 5 +- scripts/topo_steps.py | 9 +- 8 files changed, 257 insertions(+), 28 deletions(-) diff --git a/fixtures/nova_test.py b/fixtures/nova_test.py index feb10a68a..c3da32c49 100644 --- a/fixtures/nova_test.py +++ b/fixtures/nova_test.py @@ -358,7 +358,7 @@ def get_vm_list(self, name_pattern='', project_id=None): final_vm_list = [] vm_list = self.obj.servers.list(search_opts={"all_tenants": True}) for vm_obj in vm_list: - match_obj = re.match(r'%s' % + match_obj = re.match(r'^%s$' % name_pattern, vm_obj.name, re.M | re.I) if project_id: if match_obj and vm_obj.tenant_id == self.strip(project_id): diff --git a/scripts/flow_tests/sdn_flow_test_topo.py b/scripts/flow_tests/sdn_flow_test_topo.py index 1e06c3d85..b97bed066 100755 --- a/scripts/flow_tests/sdn_flow_test_topo.py +++ b/scripts/flow_tests/sdn_flow_test_topo.py @@ -164,6 +164,140 @@ def build_topo_project1(self, domain='default-domain', project='project1', usern # end sdn_flow_test_topo_single_project +################################################################################ +class sdn_4vn_xvm_config (): + def __init__(self): + print "building dynamic topo" + # end __init__ + + def build_topo_admin (self, domain= 'default-domain', project= 'admin', compute_node_list= None, username= None, password= None): + ## + # Domain and project defaults: Do not change until support for non-default is tested! + self.domain= domain; self.project= project; self.username= username; self.password= password + ## + # Define VN's in the project: + self.vnet_list= ['vnet1','vnet2', 'vnet3', 'vnet4'] + ## + # Define network info for each VN: + self.vn_nets= {'vnet1': ['10.1.1.0/24', '11.1.1.0/24'], 'vnet2': ['10.1.2.0/24', '11.1.2.0/24'], 'vnet3': ['10.1.3.0/24', '11.1.3.0/24'], 'vnet4': ['10.1.4.0/24', '11.1.4.0/24']} + ## + # Define network policies + self.policy_list= ['policy0', 'policy1', 'policy100'] + self.vn_policy= {'vnet1': ['policy0'], 'vnet2': ['policy0'],'vnet3':['policy0'],'vnet4':['policy0']} + + self.vn_of_vm= {'vm1': 'vnet1', 'vm2': 'vnet1', 'vm3': 'vnet1', 'vm4': 'vnet2', 'vm5': 'vnet2', + 'vm6': 'vnet3', 'vm7': 'vnet3', 'vm8': 'vnet3', 'vm9': 'vnet4', 'vm10': 'vnet4','vm11':'vnet4','vm12':'vnet3'} + + #Define the vm to compute node mapping to pin a vm to a particular + #compute node or else leave empty. + self.vm_node_map = {} + if compute_node_list is not None: + if len(compute_node_list) == 2: + self.vm_node_map = {'vm1':'CN0', 'vm2':'CN0', 'vm3':'CN1', 'vm4':'CN0', 'vm5':'CN1', + 'vm6':'CN0', 'vm7':'CN0', 'vm8':'CN1', 'vm9':'CN0', 'vm10':'CN1','vm11':'CN0','vm12':'CN1'} + elif len(compute_node_list) > 2: + self.vm_node_map = {'vm1':'CN0', 'vm2':'CN0', 'vm3':'CN2', 'vm4':'CN0', 'vm5':'CN1', 'vm6':'CN0', + 'vm7':'CN0', 'vm8':'CN2', 'vm9':'CN0', 'vm10':'CN1', 'vm11':'CN0','vm12':'CN1'} + + #Logic to create a vm to Compute node mapping. + if self.vm_node_map: + CN = [] + for cn in self.vm_node_map.keys(): + if self.vm_node_map[cn] not in CN: + CN.append(self.vm_node_map[cn]) + my_node_dict = {} + if compute_node_list is not None: + if len(compute_node_list) >= len(CN): + my_node_dict = dict(zip(CN, compute_node_list)) + + if my_node_dict: + for key in my_node_dict: + for key1 in self.vm_node_map: + if self.vm_node_map[key1] == key: + self.vm_node_map[key1] = my_node_dict[key] + + ## + # Define network policy rules + self.rules= {} + # Multiple policies are defined with different action for the test traffic streams.. + self.policy_test_order= ['policy0', 'policy1', 'policy0'] + self.rules['policy0']= [ + {'direction': '<>', 'protocol': 'any', 'dest_network': 'any', 'source_network': 'any', 'dst_ports': 'any', 'simple_action': 'pass', 'src_ports': 'any'}] + self.rules['policy1']= [ + {'direction': '<>', 'protocol': 'udp', 'dest_network': 'vnet1', 'source_network': 'vnet0', 'dst_ports': 'any', 'simple_action': 'pass', 'src_ports': 'any'}, + {'direction': '<>', 'protocol': 'udp', 'dest_network': 'vnet2', 'source_network': 'vnet0', 'dst_ports': 'any', 'simple_action': 'pass', 'src_ports': 'any'}] + self.rules['policy100']= [ + {'direction': '<>', 'protocol': 'udp', 'dest_network': 'any', 'source_network': 'any', 'dst_ports': 'any', 'simple_action': 'pass', 'src_ports': 'any'}] + + #Define the security_group and its rules + # Define security_group name + self.sg_list=['sg_allow_all', 'sg_allow_tcp', 'sg_allow_udp', 'sg_allow_icmp', 'sg_allow_udp_sg'] + self.sg_names = self.sg_list[:] + ## + #Define security_group with vm + self.sg_of_vm = {} + for key in self.vn_of_vm: + self.sg_of_vm[key] = [] + self.sg_of_vm['vm6'] = [self.sg_list[4]]; self.sg_of_vm['vm9'] = [self.sg_list[4]]; self.sg_of_vm['vm10'] = [self.sg_list[4]]; + self.sg_of_vm['vm11'] = [self.sg_list[4]]; self.sg_of_vm['vm12'] = [self.sg_list[4]]; + ##Define the security group rules + import uuid + uuid_1= uuid.uuid1().urn.split(':')[2] + uuid_2= uuid.uuid1().urn.split(':')[2] + self.sg_rules={} + for sg in self.sg_list: + self.sg_rules[sg] = [] + self.sg_rules[self.sg_list[2]]=[ + {'direction' : '>', + 'protocol' : 'udp', + 'dst_addresses': [{'security_group': 'local', 'subnet' : None}], + 'dst_ports': [{'start_port' : 0, 'end_port' : 65535}], + 'src_ports': [{'start_port' : 0, 'end_port' : 65535}], + 'src_addresses': [{'subnet' : {'ip_prefix' : '0.0.0.0', 'ip_prefix_len' : 0}}], + 'rule_uuid': uuid_1 + },{'direction' : '>', + 'protocol' : 'any', + 'src_addresses': [{'security_group': 'local', 'subnet' : None}], + 'dst_ports': [{'start_port' : 0, 'end_port' : 65535}], + 'src_ports': [{'start_port' : 0, 'end_port' : 65535}], + 'dst_addresses': [{'subnet' : {'ip_prefix' : '0.0.0.0', 'ip_prefix_len' : 0}}],'rule_uuid': uuid_2}] + + self.sg_rules[self.sg_list[4]]=[ + {'direction' : '>', + 'protocol' : 'udp', + 'dst_addresses': [{'security_group': 'local', 'subnet' : None}], + 'dst_ports': [{'start_port' : 0, 'end_port' : 65535}], + 'src_ports': [{'start_port' : 0, 'end_port' : 65535}], + 'src_addresses': [{'security_group': self.domain + ':'+ self.project+ ':'+ self.sg_list[4]}], + 'rule_uuid': uuid_1 + },{'direction' : '>', + 'protocol' : 'any', + 'src_addresses': [{'security_group': 'local', 'subnet' : None}], + 'dst_ports': [{'start_port' : 0, 'end_port' : 65535}], + 'src_ports': [{'start_port' : 0, 'end_port' : 65535}], + 'dst_addresses': [{'subnet' : {'ip_prefix' : '0.0.0.0', 'ip_prefix_len' : 0}}],'rule_uuid': uuid_2}] + + ## + # Define traffic profile. + self.traffic_profile= [{'src_vm':'vm1', 'dst_vm':'vm2', 'proto':'udp', 'sport':8000, 'dport':9000, 'exp':'pass'},# intra VN, intra compute, same default SG + {'src_vm':'vm1', 'dst_vm':'vm3', 'proto':'udp', 'sport':8000, 'dport':9000, 'exp':'pass'},# intra VN, inter compute, same default SG + {'src_vm':'vm1', 'dst_vm':'vm5', 'proto':'udp', 'sport':8000, 'dport':9000, 'exp':'pass'},# inter VN, inter compute, same default SG + {'src_vm':'vm1', 'dst_vm':'vm4', 'proto':'udp', 'sport':8000, 'dport':9000, 'exp':'pass'},# inter VN, intra compute, same default SG + {'src_vm':'vm6', 'dst_vm':'vm7', 'proto':'udp', 'sport':8000, 'dport':9000, 'exp':'fail'},# intra VN, intra compute, diff. SG + {'src_vm':'vm6', 'dst_vm':'vm8', 'proto':'udp', 'sport':8000, 'dport':9000, 'exp':'fail'},# intra VN, inter compute, diff. SG + {'src_vm':'vm6', 'dst_vm':'vm5', 'proto':'udp', 'sport':8000, 'dport':9000, 'exp':'fail'},# inter VN, inter compute, diff. SG + {'src_vm':'vm6', 'dst_vm':'vm4', 'proto':'udp', 'sport':8000, 'dport':9000, 'exp':'fail'},# inter VN, intra compute, diff. SG + {'src_vm':'vm9', 'dst_vm':'vm11','proto':'udp','sport':8000,'dport':9000,'exp':'pass'},# intra VN, intra compute, same non-default SG + {'src_vm':'vm9', 'dst_vm':'vm10','proto':'udp','sport':8000,'dport':9000,'exp':'pass'},# intra VN, inter compute, same non-default SG + {'src_vm':'vm9', 'dst_vm':'vm12','proto':'udp','sport':8000,'dport':9000,'exp':'pass'},# inter VN, inter compute, same non-default SG + {'src_vm':'vm9', 'dst_vm':'vm6', 'proto':'udp','sport':8000,'dport':9000,'exp':'pass'}]# inter VN, intra compute, same non-default SG + + return self + # end build_topo +# end class sdn_4vn_xvm_config +################################################################################ + + if __name__ == '__main__': print "Currently topology limited to one domain/project.." print "Based on need, can be extended to cover config for multiple domain/projects" diff --git a/scripts/flow_tests/sdn_flow_tests.py b/scripts/flow_tests/sdn_flow_tests.py index 49813eef1..06a7191de 100644 --- a/scripts/flow_tests/sdn_flow_tests.py +++ b/scripts/flow_tests/sdn_flow_tests.py @@ -38,6 +38,7 @@ import threading import socket import flow_test_utils +from securitygroup.verify import * class sdnFlowTest(flow_test_utils.VerifySvcMirror, testtools.TestCase, fixtures.TestWithFixtures): @@ -332,6 +333,48 @@ def generate_udp_flows_and_do_verification(self, traffic_profile, build_version) return True # end generate_udp_flows_and_do_verification + def start_traffic_and_verify(self, topo, config_topo, prto=None, sprt=None, dprt=None, expt=None, start=0, end=None): + results = [] + if not end: + end = len(topo.traffic_profile) - 1 + for i in range(start, end+1): + sender = (config_topo['vm'][topo.traffic_profile[i]['src_vm']], topo.sg_of_vm[topo.traffic_profile[i]['src_vm']]) + receiver = (config_topo['vm'][topo.traffic_profile[i]['dst_vm']], topo.sg_of_vm[topo.traffic_profile[i]['dst_vm']]) + if not sprt: + sport = topo.traffic_profile[i]['sport'] + else: + sport = sprt + if not dprt: + dport = topo.traffic_profile[i]['dport'] + else: + dport = dprt + if not prto: + proto = topo.traffic_profile[i]['proto'] + else: + proto = prto + if not expt: + exp = topo.traffic_profile[i]['exp'] + else: + exp = expt + self.vsg_obj = VerifySecGroup() + self.vsg_obj.logger = self.inputs.logger + self.vsg_obj.inputs = self.inputs + results.append(self.vsg_obj.assert_traffic(sender, receiver, proto, sport, dport, exp)) + results.append(self.vsg_obj.assert_traffic(receiver, sender, proto, sport, dport, exp)) + + errmsg = '' + for (rc, msg) in results: + if rc: + self.logger.debug(msg) + else: + errmsg += msg + '\n' + if errmsg: + assert False, errmsg + + def attach_remove_sg_edit_sg_verify_traffic(self, topo, config_topo): + sdnFlowTest.start_traffic_and_verify(self, topo, config_topo) + sdnFlowTest.start_traffic_and_verify(self, topo, config_topo, prto='tcp',expt='fail',start=4) + sdnFlowTest.start_traffic_and_verify(self, topo, config_topo, prto='icmp',expt='fail',start=4) def generate_udp_flows(self, traffic_profile, build_version): """ Routine to generate UDP flows by calling the start_traffic routine in a thread .. @@ -559,4 +602,50 @@ def test_flow_multi_projects(self): return True # end test_flow_multi_projects + @preposttest_wrapper + def test_SG(self): + """Tests SG and rules to check if traffic is allowed as per rules in SG""" + + self.inputs.fixture_cleanup= 'no' + topology_class_name = None + '''topo_obj = sdn_flow_test_topo.sdn_4vn_xvm_config() + topo= topo_obj.build_topo(compute_node_list=self.inputs.compute_ips) + + setup_obj= self.useFixture(sdnTopoSetupFixture(self.connections, topo)) + out= setup_obj.topo_setup(VmToNodeMapping= topo.vm_node_map,skip_verify= 'yes')''' + + # + # Get config for test from topology + import system_test_topo + result = True + msg = [] + if not topology_class_name: + topology_class_name = sdn_flow_test_topo.sdn_4vn_xvm_config + + self.logger.info("Scenario for the test used is: %s" % + (topology_class_name)) + # + topo_obj = topology_class_name() + # + # Test setup: Configure policy, VN, & VM + # return {'result':result, 'msg': err_msg, 'data': [self.topo, config_topo]} + # Returned topo is of following format: + # config_topo= {'policy': policy_fixt, 'vn': vn_fixture, 'vm': vm_fixture} + out = self.useFixture( + sdnTopoSetupFixture(self.connections, topo_obj)) + self.assertEqual(out.result, True, out.msg) + if out.result == True: + topo_objs, config_topo = out.data + self.topo_objs = topo_objs + self.config_topo = config_topo + + print "******self.topo_objs:*****" + print self.topo_objs + print "******topo_obj******" + print topo_obj + sdnFlowTest.attach_remove_sg_edit_sg_verify_traffic(self, self.topo_objs[self.inputs.project_name], self.config_topo[self.inputs.project_name]) + + return True + #end test_SG + # end sdnFlowTest diff --git a/scripts/flow_tests/system_test_topo.py b/scripts/flow_tests/system_test_topo.py index a0b398354..0e8de0b26 100755 --- a/scripts/flow_tests/system_test_topo.py +++ b/scripts/flow_tests/system_test_topo.py @@ -146,8 +146,8 @@ def build_topo_project1(self, domain='default-domain', project='project1', usern # # Define security_group with vm self.sg_of_vm = { - 'vmc1': 'test_sg_p1', 'vmc2': 'test_sg_p1', 'vmc3': 'test_sg_p1', 'vmc4': 'test_sg_p1', 'vmc5': 'test_sg_p1', - 'vmc6': 'test_sg_p1', 'vmc7': 'test_sg_p1', 'vmc8': 'test_sg_p1', 'vmc9': 'test_sg_p1', 'vmd10': 'test_sg_p1'} + 'vmc1': ['test_sg_p1'], 'vmc2': ['test_sg_p1'], 'vmc3': ['test_sg_p1'], 'vmc4': ['test_sg_p1'], 'vmc5': ['test_sg_p1'], + 'vmc6': ['test_sg_p1'], 'vmc7': ['test_sg_p1'], 'vmc8': ['test_sg_p1'], 'vmc9': ['test_sg_p1'], 'vmd10': ['test_sg_p1']} # Define the security_group rules import uuid uuid_1 = uuid.uuid1().urn.split(':')[2] diff --git a/scripts/policy_test_helper.py b/scripts/policy_test_helper.py index 5fc405f8b..4d402dbe3 100644 --- a/scripts/policy_test_helper.py +++ b/scripts/policy_test_helper.py @@ -206,18 +206,7 @@ def tx_quantum_rules_to_aces(no_of_rules, fq_vn): rule['proto_l'] = {'max': str(rule['proto_l']), 'min': str(rule['proto_l'])} - # step 3: expanding rules if bidir rule - for rule in user_rules_tx: - if rule['direction'] == '<>': - rule['direction'] = '>' - pos = user_rules_tx.index(rule) - new_rule = copy.deepcopy(rule) - # update newly copied rule: swap address/ports & insert - new_rule['src'], new_rule['dst'] = new_rule['dst'], new_rule['src'] - new_rule['src_port_l'], new_rule['dst_port_l'] = new_rule[ - 'dst_port_l'], new_rule['src_port_l'], - user_rules_tx.insert(pos + 1, new_rule) - # step 4: if the rules are unidirectional + # step 3: if the rules are unidirectional for rule in user_rules_tx: if rule['direction'] == '>': if (rule['src'] != rule['dst']): @@ -232,6 +221,19 @@ def tx_quantum_rules_to_aces(no_of_rules, fq_vn): uni_rule['simple_action'] = 'deny' uni_rule['action_l'] = ['deny'] break + + # step 4: expanding rules if bidir rule + for rule in user_rules_tx: + if rule['direction'] == '<>': + rule['direction'] = '>' + pos = user_rules_tx.index(rule) + new_rule = copy.deepcopy(rule) + # update newly copied rule: swap address/ports & insert + new_rule['src'], new_rule['dst'] = new_rule['dst'], new_rule['src'] + new_rule['src_port_l'], new_rule['dst_port_l'] = new_rule[ + 'dst_port_l'], new_rule['src_port_l'], + user_rules_tx.insert(pos + 1, new_rule) + return (user_rules_tx, uni_rule) # end of tx_quantum_rules_to_aces diff --git a/scripts/sdn_policy_topo_with_multi_project.py b/scripts/sdn_policy_topo_with_multi_project.py index 1d07e20d6..bb4adeecd 100644 --- a/scripts/sdn_policy_topo_with_multi_project.py +++ b/scripts/sdn_policy_topo_with_multi_project.py @@ -49,7 +49,7 @@ def build_topo_project1(self, domain='default-domain', project='project1', usern self.sg_list = ['test_sg_p1'] # # Define security_group with vm - self.sg_of_vm = {'vmc1': 'test_sg_p1'} + self.sg_of_vm = {'vmc1': ['test_sg_p1']} # Define the security group rules import uuid uuid_1 = uuid.uuid1().urn.split(':')[2] @@ -113,7 +113,7 @@ def build_topo_project2(self, domain='default-domain', project='project2', usern self.sg_list = ['test_sg_p2'] # # Define security_group with vm - self.sg_of_vm = {'vmc2': 'test_sg_p2'} + self.sg_of_vm = {'vmc2': ['test_sg_p2']} # # Define the security_group rules import uuid @@ -177,7 +177,7 @@ def build_topo_project3(self, domain='default-domain', project='project3', usern self.sg_list = ['test_sg_p3'] # # Define security_group with vm - self.sg_of_vm = {'vmc3': 'test_sg_p3'} + self.sg_of_vm = {'vmc3': ['test_sg_p3']} # # Define the security_group rules import uuid @@ -241,7 +241,7 @@ def build_topo_admin(self, domain='default-domain', project='admin', username=No self.sg_list = ['test_sg_admin'] # # Define security_group with vm - self.sg_of_vm = {'vmc-admin': 'test_sg_admin'} + self.sg_of_vm = {'vmc-admin': ['test_sg_admin']} # # Define the security_group rules import uuid @@ -340,7 +340,7 @@ def build_topo_project1(self, domain='default-domain', project='project1', usern self.sg_list = ['test_sg_p1'] # # Define security_group with vm - self.sg_of_vm = {'vmc1': 'test_sg_p1'} + self.sg_of_vm = {'vmc1': ['test_sg_p1']} # # Define the security_group rules import uuid @@ -408,7 +408,7 @@ def build_topo_project2(self, domain='default-domain', project='project2', usern self.sg_list = ['test_sg_p2'] # # Define security_group with vm - self.sg_of_vm = {'vmc2': 'test_sg_p2'} + self.sg_of_vm = {'vmc2': ['test_sg_p2']} # # Define the security_group rules import uuid @@ -473,7 +473,7 @@ def build_topo_project3(self, domain='default-domain', project='project3', usern self.sg_list = ['test_sg_p3'] # # Define security_group with vm - self.sg_of_vm = {'vmc3': 'test_sg_p3'} + self.sg_of_vm = {'vmc3': ['test_sg_p3']} # # Define the security_group rules import uuid @@ -541,7 +541,7 @@ def build_topo_admin(self, domain='default-domain', project='admin', username=No self.sg_list = ['test_sg_admin'] # # Define security_group with vm - self.sg_of_vm = {'vmc-admin': 'test_sg_admin'} + self.sg_of_vm = {'vmc-admin': ['test_sg_admin']} # # Define the security_group rules import uuid diff --git a/scripts/topo_helper.py b/scripts/topo_helper.py index 1014813c2..51d4b3b02 100644 --- a/scripts/topo_helper.py +++ b/scripts/topo_helper.py @@ -9,7 +9,10 @@ def __init__(self, topology_obj): self.vn_policy = self.topo_dict['vn_policy'] self.policy_list = self.topo_dict['policy_list'] self.rules = self.topo_dict['rules'] - self.si_list = self.topo_dict['si_list'] + if 'si_list' in self.topo_dict: + self.si_list = self.topo_dict['si_list'] + else: + self.si_list = [] self.vmc_list = [] self.policy_vn = {} self.pol_si = {} diff --git a/scripts/topo_steps.py b/scripts/topo_steps.py index 5ef04daa3..1e4fd82f7 100755 --- a/scripts/topo_steps.py +++ b/scripts/topo_steps.py @@ -372,7 +372,6 @@ def createVN_Policy_Contrail(self): def createVMNova(self, option='openstack', vms_on_single_compute=False, VmToNodeMapping=None): self.logger.info("Setup step: Creating VM's") - sec_gp = [] self.vm_fixture = {} host_list = [] vm_image_name = 'ubuntu-traffic' @@ -380,6 +379,7 @@ def createVMNova(self, option='openstack', vms_on_single_compute=False, VmToNode host_list.append(self.inputs.host_data[host]['name']) for vm in self.topo.vmc_list: + sec_gp=[] if option == 'contrail': vn_read = self.vnc_lib.virtual_network_read( id=str(self.vn_fixture[self.topo.vn_of_vm[vm]]._obj.uuid)) @@ -389,8 +389,8 @@ def createVMNova(self, option='openstack', vms_on_single_compute=False, VmToNode vn_obj = self.vn_fixture[self.topo.vn_of_vm[vm]].obj if hasattr(self.topo, 'sg_of_vm'): if self.topo.sg_of_vm.has_key(vm): - sg = self.topo.sg_of_vm[vm] - sec_gp = [self.sg_uuid[sg]] + for sg in self.topo.sg_of_vm[vm]: + sec_gp.append(self.sg_uuid[sg]) else: pass if vms_on_single_compute: @@ -599,7 +599,8 @@ def createServiceTemplate(self): st_name=st_name, svc_img_name=self.topo.st_params[st_name][ 'svc_img_name'], svc_type=self.topo.st_params[st_name]['svc_type'], if_list=self.topo.st_params[st_name]['if_list'], svc_mode=self.topo.st_params[st_name]['svc_mode'], svc_scaling=self.topo.st_params[st_name]['svc_scaling'], flavor=self.topo.st_params[st_name]['flavor'], ordered_interfaces=self.topo.st_params[st_name]['ordered_interfaces'])) - assert self.st_fixture[st_name].verify_on_setup() + if self.skip_verify == 'no': + assert self.st_fixture[st_name].verify_on_setup() except (NameError, AttributeError): self.logger.info( "Not Creating Service Templates, as its not defined in topology")