Return-Path: X-Original-To: apmail-cloudstack-commits-archive@www.apache.org Delivered-To: apmail-cloudstack-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 8B96E18D5B for ; Mon, 27 Jul 2015 08:43:35 +0000 (UTC) Received: (qmail 14885 invoked by uid 500); 27 Jul 2015 08:42:51 -0000 Delivered-To: apmail-cloudstack-commits-archive@cloudstack.apache.org Received: (qmail 14698 invoked by uid 500); 27 Jul 2015 08:42:51 -0000 Mailing-List: contact commits-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list commits@cloudstack.apache.org Received: (qmail 13414 invoked by uid 99); 27 Jul 2015 08:42:50 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 27 Jul 2015 08:42:50 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 78A2FE0016; Mon, 27 Jul 2015 08:42:50 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: widodh@apache.org To: commits@cloudstack.apache.org Date: Mon, 27 Jul 2015 08:43:35 -0000 Message-Id: <665f657f5eb44f9e841cc89f40362d90@git.apache.org> In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [47/50] [abbrv] git commit: updated refs/heads/reporter to 3e1816d CLOUDSTACK-8634: Made changes to test_security_group.py test suite to support EIP Signed-off-by: Pierre-Luc Dion Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/7f7026ac Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/7f7026ac Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/7f7026ac Branch: refs/heads/reporter Commit: 7f7026ace59d96e7d38270ec4a2fe1a7076d0e87 Parents: fd17e47 Author: sanjeev Authored: Tue Jul 14 17:24:58 2015 +0530 Committer: Pierre-Luc Dion Committed: Sun Jul 26 10:39:15 2015 -0400 ---------------------------------------------------------------------- .../component/test_security_groups.py | 243 ++++++++++++------- 1 file changed, 157 insertions(+), 86 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7f7026ac/test/integration/component/test_security_groups.py ---------------------------------------------------------------------- diff --git a/test/integration/component/test_security_groups.py b/test/integration/component/test_security_groups.py index f132e3a..f1ac0b6 100755 --- a/test/integration/component/test_security_groups.py +++ b/test/integration/component/test_security_groups.py @@ -27,7 +27,8 @@ from marvin.lib.base import (Account, VirtualMachine, SecurityGroup, Router, - Host) + Host, + Network) from marvin.lib.common import (get_domain, get_zone, get_template, @@ -528,6 +529,12 @@ class TestRevokeIngressRule(cloudstackTestCase): return + def revokeSGRule(self, sgid): + cmd = revokeSecurityGroupIngress.revokeSecurityGroupIngressCmd() + cmd.id = sgid + self.apiclient.revokeSecurityGroupIngress(cmd) + return + @attr(tags=["sg", "eip", "advancedsg"]) def test_01_revokeIngressRule(self): """Test revoke ingress rule @@ -605,11 +612,21 @@ class TestRevokeIngressRule(cloudstackTestCase): self.debug("Revoking ingress rule for sec group ID: %s for ssh access" % security_group.id) - # Revoke Security group to SSH to VM - security_group.revoke( + security_groups = SecurityGroup.list( self.apiclient, - id=ssh_rule["ruleid"] + account=self.account.name, + domainid=self.account.domainid, + listall=True + ) + self.assertEqual( + validateList(security_groups)[0], + PASS, + "Security groups list validation failed" ) + for sg in security_groups: + if not sg.ingressrule: + continue + self.revokeSGRule(sg.ingressrule[0].ruleid) # SSH Attempt to VM should fail with self.assertRaises(Exception): @@ -617,7 +634,8 @@ class TestRevokeIngressRule(cloudstackTestCase): SshClient(self.virtual_machine.ssh_ip, self.virtual_machine.ssh_port, self.virtual_machine.username, - self.virtual_machine.password + self.virtual_machine.password, + retries=5 ) return @@ -1490,32 +1508,45 @@ class TestIngressRule(cloudstackTestCase): security_group.id, self.account.name )) - result = security_group.revoke( + #skip revoke and ping tests in case of EIP/ELB zone + vm_res = VirtualMachine.list( self.apiclient, - id=icmp_rule["ruleid"] + id=self.virtual_machine.id ) - self.debug("Revoke ingress rule result: %s" % result) - time.sleep(self.testdata["sleep"]) - # User should not be able to ping VM - try: - self.debug("Trying to ping VM %s" % self.virtual_machine.ssh_ip) - if platform_type == 'windows': - result = subprocess.call( - ['ping', '-n', '1', self.virtual_machine.ssh_ip]) - else: - result = subprocess.call( - ['ping', '-c 1', self.virtual_machine.ssh_ip]) - - self.debug("Ping result: %s" % result) - # if ping successful, then result should be 0 - self.assertNotEqual( - result, - 0, - "Check if ping is successful or not" + self.assertEqual(validateList(vm_res)[0], PASS, "invalid vm response") + vm_nw = Network.list( + self.apiclient, + id=vm_res[0].nic[0].networkid + ) + self.assertEqual(validateList(vm_nw)[0], PASS, "invalid network response") + vm_nw_off = vm_nw[0].networkofferingname + if vm_nw_off != "DefaultSharedNetscalerEIPandELBNetworkOffering": + result = security_group.revoke( + self.apiclient, + id=icmp_rule["ruleid"] ) - except Exception as e: - self.fail("Ping failed for ingress rule ID: %s, %s" - % (icmp_rule["ruleid"], e)) + self.debug("Revoke ingress rule result: %s" % result) + time.sleep(self.testdata["sleep"]) + # User should not be able to ping VM + try: + self.debug("Trying to ping VM %s" % self.virtual_machine.ssh_ip) + if platform_type == 'windows': + result = subprocess.call( + ['ping', '-n', '1', self.virtual_machine.ssh_ip]) + else: + result = subprocess.call( + ['ping', '-c 1', self.virtual_machine.ssh_ip]) + + self.debug("Ping result: %s" % result) + # if ping successful, then result should be 0 + self.assertNotEqual( + result, + 0, + "Check if ping is successful or not" + ) + except Exception as e: + self.fail("Ping failed for ingress rule ID: %s, %s" + % (icmp_rule["ruleid"], e)) return @attr(tags=["sg", "eip", "advancedsg"]) @@ -1754,6 +1785,12 @@ class TestIngressRuleSpecificIpSet(cloudstackTestCase): self.debug(response) return + def revokeSGRule(self, sgid): + cmd = revokeSecurityGroupIngress.revokeSecurityGroupIngressCmd() + cmd.id = sgid + self.apiclient.revokeSecurityGroupIngress(cmd) + return + @attr(tags=["sg", "eip", "advancedsg"]) def test_ingress_rules_specific_IP_set(self): """Test ingress rules for specific IP set @@ -1803,18 +1840,20 @@ class TestIngressRuleSpecificIpSet(cloudstackTestCase): accountid=self.account.name, domainid=self.account.domainid, serviceofferingid=self.service_offering.id, - securitygroupids=[defaultSecurityGroup.id] + securitygroupids=[defaultSecurityGroup.id], + mode=self.testdata['mode'] ) - + self.cleanup.append(virtual_machine_1) virtual_machine_2 = VirtualMachine.create( self.apiclient, self.testdata["virtual_machine"], accountid=self.account.name, domainid=self.account.domainid, serviceofferingid=self.service_offering.id, - securitygroupids=[defaultSecurityGroup.id] + securitygroupids=[defaultSecurityGroup.id], + mode=self.testdata['mode'] ) - + self.cleanup.append(virtual_machine_2) try: SshClient( virtual_machine_1.ssh_ip, @@ -1823,9 +1862,10 @@ class TestIngressRuleSpecificIpSet(cloudstackTestCase): virtual_machine_1.password ) except Exception as e: + self.revokeSGRule(ingress_rule.ingressrule[0].ruleid) self.fail("SSH Access failed for %s: %s" % (virtual_machine_1.ipaddress, e) - ) + ) try: SshClient( @@ -1835,42 +1875,66 @@ class TestIngressRuleSpecificIpSet(cloudstackTestCase): virtual_machine_2.password ) except Exception as e: + self.revokeSGRule(ingress_rule.ingressrule[0].ruleid) self.fail("SSH Access failed for %s: %s" % (virtual_machine_2.ipaddress, e) - ) - - sshClient = SshClient( - self.mgtSvrDetails["mgtSvrIp"], - 22, - self.mgtSvrDetails["user"], - self.mgtSvrDetails["passwd"] - ) - + ) + try: + sshClient = SshClient( + self.mgtSvrDetails["mgtSvrIp"], + 22, + self.mgtSvrDetails["user"], + self.mgtSvrDetails["passwd"] + ) + except Exception as e: + self.revokeSGRule(ingress_rule.ingressrule[0].ruleid) + self.fail("SSH Access failed for %s: %s" % + (self.mgtSvrDetails["mgtSvrIp"], e) + ) response = sshClient.execute("ssh %s@%s -v" % - (virtual_machine_1.username, - virtual_machine_1.ssh_ip)) + (virtual_machine_1.username, + virtual_machine_1.ssh_ip)) self.debug("Response is :%s" % response) self.assertTrue("connection established" in str(response).lower(), - "SSH to VM at %s failed from external machine ip %s other than test machine" % - (virtual_machine_1.ssh_ip, - self.mgtSvrDetails["mgtSvrIp"])) + "SSH to VM at %s failed from external machine ip %s other than test machine" % + (virtual_machine_1.ssh_ip, + self.mgtSvrDetails["mgtSvrIp"])) response = sshClient.execute("ssh %s@%s -v" % - (virtual_machine_2.username, - virtual_machine_2.ssh_ip)) + (virtual_machine_2.username, + virtual_machine_2.ssh_ip)) self.debug("Response is :%s" % response) self.assertTrue("connection established" in str(response).lower(), - "SSH to VM at %s failed from external machine ip %s other than test machine" % - (virtual_machine_2.ssh_ip, - self.mgtSvrDetails["mgtSvrIp"])) - - - cmd = revokeSecurityGroupIngress.revokeSecurityGroupIngressCmd() - cmd.id = ingress_rule.ingressrule[0].ruleid - self.apiclient.revokeSecurityGroupIngress(cmd) - + "SSH to VM at %s failed from external machine ip %s other than test machine" % + (virtual_machine_2.ssh_ip, + self.mgtSvrDetails["mgtSvrIp"])) + virtual_machine_3 = VirtualMachine.create( + self.apiclient, + self.testdata["virtual_machine"], + accountid=self.account.name, + domainid=self.account.domainid, + serviceofferingid=self.service_offering.id, + securitygroupids=[defaultSecurityGroup.id], + mode=self.testdata['mode'] + ) + self.cleanup.append(virtual_machine_3) + security_groups = SecurityGroup.list( + self.apiclient, + account=self.account.name, + domainid=self.account.domainid, + listall=True + ) + self.assertEqual( + validateList(security_groups)[0], + PASS, + "Security groups list validation failed" + ) + for sg in security_groups: + if not sg.ingressrule: + continue + self.revokeSGRule(sg.ingressrule[0].ruleid) localMachineIpAddress = self.getLocalMachineIpAddress() cidr = localMachineIpAddress + "/32" @@ -1882,16 +1946,6 @@ class TestIngressRuleSpecificIpSet(cloudstackTestCase): cmd.endport = 22 cmd.cidrlist = cidr ingress_rule = self.apiclient.authorizeSecurityGroupIngress(cmd) - - virtual_machine_3 = VirtualMachine.create( - self.apiclient, - self.testdata["virtual_machine"], - accountid=self.account.name, - domainid=self.account.domainid, - serviceofferingid=self.service_offering.id, - securitygroupids=[defaultSecurityGroup.id] - ) - if self.testdata["configurableData"]["setHostConfigurationForIngressRule"]: self.setHostConfiguration() time.sleep(180) @@ -1905,28 +1959,28 @@ class TestIngressRuleSpecificIpSet(cloudstackTestCase): virtual_machine_3.ssh_port, virtual_machine_3.username, virtual_machine_3.password - ) + ) except Exception as e: self.fail("SSH Access failed for %s: %s" % (virtual_machine_3.ssh_ip, e) - ) + ) sshClient = SshClient( - self.mgtSvrDetails["mgtSvrIp"], - 22, - self.mgtSvrDetails["user"], - self.mgtSvrDetails["passwd"] + self.mgtSvrDetails["mgtSvrIp"], + 22, + self.mgtSvrDetails["user"], + self.mgtSvrDetails["passwd"] ) response = sshClient.execute("ssh %s@%s -v" % - (virtual_machine_3.username, - virtual_machine_3.ssh_ip)) + (virtual_machine_3.username, + virtual_machine_3.ssh_ip)) self.debug("Response is :%s" % response) self.assertFalse("connection established" in str(response).lower(), - "SSH to VM at %s succeeded from external machine ip %s other than test machine" % - (virtual_machine_3.ssh_ip, - self.mgtSvrDetails["mgtSvrIp"])) + "SSH to VM at %s succeeded from external machine ip %s other than test machine" % + (virtual_machine_3.ssh_ip, + self.mgtSvrDetails["mgtSvrIp"])) return @attr(tags=["sg", "eip", "advancedsg"]) @@ -1978,18 +2032,20 @@ class TestIngressRuleSpecificIpSet(cloudstackTestCase): accountid=self.account.name, domainid=self.account.domainid, serviceofferingid=self.service_offering.id, - securitygroupids=[defaultSecurityGroup.id] + securitygroupids=[defaultSecurityGroup.id], + mode=self.testdata['mode'] ) - + self.cleanup.append(virtual_machine_1) virtual_machine_2 = VirtualMachine.create( self.apiclient, self.testdata["virtual_machine"], accountid=self.account.name, domainid=self.account.domainid, serviceofferingid=self.service_offering.id, - securitygroupids=[defaultSecurityGroup.id] + securitygroupids=[defaultSecurityGroup.id], + mode=self.testdata['mode'] ) - + self.cleanup.append(virtual_machine_2) try: SshClient( virtual_machine_1.ssh_ip, @@ -2066,9 +2122,10 @@ class TestIngressRuleSpecificIpSet(cloudstackTestCase): accountid=self.account.name, domainid=self.account.domainid, serviceofferingid=self.service_offering.id, - securitygroupids=[security_group.id] + securitygroupids=[security_group.id], + mode=self.testdata['mode'] ) - + self.cleanup.append(virtual_machine_3) if self.testdata["configurableData"]["setHostConfigurationForIngressRule"]: self.setHostConfiguration() time.sleep(180) @@ -2087,7 +2144,21 @@ class TestIngressRuleSpecificIpSet(cloudstackTestCase): self.fail("SSH Access failed for %s: %s" % (virtual_machine_3.ssh_ip, e) ) - + security_groups = SecurityGroup.list( + self.apiclient, + account=self.account.name, + domainid=self.account.domainid, + listall=True + ) + self.assertEqual( + validateList(security_groups)[0], + PASS, + "Security groups list validation failed" + ) + for sg in security_groups: + if sg.id == security_group.id or not sg.ingressrule: + continue + self.revokeSGRule(sg.ingressrule[0].ruleid) sshClient = SshClient( self.mgtSvrDetails["mgtSvrIp"], 22,