cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-9403) Nuage VSP Plugin : Support for SharedNetwork fuctionality including Marvin test coverage
Date Thu, 16 Feb 2017 18:49:41 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-9403?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15870496#comment-15870496
] 

ASF GitHub Bot commented on CLOUDSTACK-9403:
--------------------------------------------

Github user mike-tutkowski commented on a diff in the pull request:

    https://github.com/apache/cloudstack/pull/1579#discussion_r101596817
  
    --- Diff: server/src/com/cloud/configuration/ConfigurationManagerImpl.java ---
    @@ -2909,51 +2911,21 @@ public Vlan doInTransaction(final TransactionStatus status) {
             String vlanGateway = null;
             String vlanNetmask = null;
             boolean sameSubnet = false;
    -        if (vlans != null && vlans.size() > 0) {
    +        if (CollectionUtils.isNotEmpty(vlans)) {
                 for (final VlanVO vlan : vlans) {
    -                if (ipv4) {
    -                    vlanGateway = vlan.getVlanGateway();
    -                    vlanNetmask = vlan.getVlanNetmask();
    -                    // check if subset or super set or neither.
    -                    final NetUtils.SupersetOrSubset val = checkIfSubsetOrSuperset(newVlanGateway,
newVlanNetmask, vlan, startIP, endIP);
    -                    if (val == NetUtils.SupersetOrSubset.isSuperset) {
    -                        // this means that new cidr is a superset of the
    -                        // existing subnet.
    -                        throw new InvalidParameterValueException("The subnet you are
trying to add is a superset of the existing subnet having gateway" + vlan.getVlanGateway()
    -                                + " and netmask  " + vlan.getVlanNetmask());
    -                    } else if (val == NetUtils.SupersetOrSubset.neitherSubetNorSuperset)
{
    -                        // this implies the user is trying to add a new subnet
    -                        // which is not a superset or subset of this subnet.
    -                        // checking with the other subnets.
    -                        continue;
    -                    } else if (val == NetUtils.SupersetOrSubset.isSubset) {
    -                        // this means he is trying to add to the same subnet.
    -                        throw new InvalidParameterValueException("The subnet you are
trying to add is a subset of the existing subnet having gateway" + vlan.getVlanGateway()
    -                                + " and netmask  " + vlan.getVlanNetmask());
    -                    } else if (val == NetUtils.SupersetOrSubset.sameSubnet) {
    -                        sameSubnet = true;
    -                        //check if the gateway provided by the user is same as that of
the subnet.
    -                        if (newVlanGateway != null && !newVlanGateway.equals(vlanGateway))
{
    -                            throw new InvalidParameterValueException("The gateway of
the subnet should be unique. The subnet alreaddy has a gateway " + vlanGateway);
    -                        }
    -                        break;
    -                    }
    -                }
    -                if (ipv6) {
    -                    if (ip6Gateway != null && !ip6Gateway.equals(network.getIp6Gateway()))
{
    -                        throw new InvalidParameterValueException("The input gateway "
+ ip6Gateway + " is not same as network gateway " + network.getIp6Gateway());
    -                    }
    -                    if (ip6Cidr != null && !ip6Cidr.equals(network.getIp6Cidr()))
{
    -                        throw new InvalidParameterValueException("The input cidr " +
ip6Cidr + " is not same as network ciddr " + network.getIp6Cidr());
    -                    }
    -                    ip6Gateway = network.getIp6Gateway();
    -                    ip6Cidr = network.getIp6Cidr();
    -                    _networkModel.checkIp6Parameters(startIPv6, endIPv6, ip6Gateway,
ip6Cidr);
    -                    sameSubnet = true;
    -                }
    +                vlanGateway = vlan.getVlanGateway();
    +                vlanNetmask = vlan.getVlanNetmask();
    +                sameSubnet = hasSameSubnet(ipv4, vlanGateway, vlanNetmask, newVlanGateway,
newVlanNetmask, startIP, endIP,
    +                        ipv6, ip6Gateway, ip6Cidr, startIPv6, endIPv6, network);
    +                if (sameSubnet) break;
                 }
    +        } else {
    +            vlanGateway = network.getGateway();
    +            vlanNetmask = NetUtils.getCidrNetmask(network.getCidr());
    --- End diff --
    
    I believe this is the root of the following blocker for 4.10: https://issues.apache.org/jira/browse/CLOUDSTACK-9790


> Nuage VSP Plugin : Support for SharedNetwork fuctionality including Marvin test coverage
> ----------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-9403
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9403
>             Project: CloudStack
>          Issue Type: Task
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Automation, Network Controller
>            Reporter: Rahul Singal
>            Assignee: Nick Livens
>
> This is first phase of support of Shared Network in cloudstack through NuageVsp Network
Plugin. A shared network is a type of virtual network that is shared between multiple accounts
i.e. a shared network can be accessed by virtual machines that belong to many different accounts.
This basic functionality will be supported with the below common use case:
> - shared network can be used for monitoring purposes. A shared network can be assigned
to a domain and can be used for monitoring VMs  belonging to all accounts in that domain.
> - Public accessible of shared Network.
> With the current implementation with NuageVsp plugin, It support over-lapping of Ip address,
Public Access and also adding Ip ranges in shared Network.
> In VSD, it is implemented in below manner:
> - In order to have tenant isolation for shared networks, we will have to create a Shared
L3 Subnet for each shared network, and instantiate it across the relevant enterprises. A shared
network will only exist under an enterprise when it is needed, so when the first VM is spinned
under that ACS domain inside that shared network.
> - For public shared Network it will also create a floating ip subnet pool in VSD along
with all the things mentioned in above point.
> PR contents:
> 1) Support for shared networks with tenant isolation on master with Nuage VSP SDN Plugin.
> 2) Support of shared network with publicly accessible ip ranges.  
> 2) Marvin test coverage for shared networks on master with Nuage VSP SDN Plugin.
> 3) Enhancements on our exiting Marvin test code (nuagevsp plugins directory).
> 4) PEP8 & PyFlakes compliance with our Marvin test code.
> Test Results are:-
> Valiate that ROOT admin is NOT able to deploy a VM for a user in ROOT domain in a shared
network with ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_account_ROOTuser
| Status : SUCCESS ===
> ok
> Valiate that ROOT admin is NOT able to deploy a VM for a admin user in a shared network
with ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_account_differentdomain
| Status : SUCCESS ===
> ok
> Valiate that ROOT admin is NOT able to deploy a VM for admin user in the same domain
but in a ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_account_domainadminuser
| Status : SUCCESS ===
> ok
> Valiate that ROOT admin is NOT able to deploy a VM for user in the same domain but in
a different ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_account_domainuser
| Status : SUCCESS ===
> ok
> Valiate that ROOT admin is able to deploy a VM for regular user in a shared network with
scope=account ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_account_user
| Status : SUCCESS ===
> ok
> Valiate that ROOT admin is able to deploy a VM for user in ROOT domain in a shared network
with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_all_ROOTuser
| Status : SUCCESS ===
> ok
> Valiate that ROOT admin is able to deploy a VM for a domain admin users in a shared network
with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_all_domainadminuser
| Status : SUCCESS ===
> ok
> Valiate that ROOT admin is able to deploy a VM for other users in a shared network with
scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_all_domainuser |
Status : SUCCESS ===
> ok
> Valiate that ROOT admin is able to deploy a VM for admin user in a domain in a shared
network with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_all_subdomainadminuser
| Status : SUCCESS ===
> ok
> Valiate that ROOT admin is able to deploy a VM for any user in a subdomain in a shared
network with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_all_subdomainuser
| Status : SUCCESS ===
> ok
> Valiate that ROOT admin is NOT able to deploy a VM for parent domain admin user in a
shared network with scope=domain with no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_nosubdomainaccess_ROOTuser
| Status : SUCCESS ===
> ok
> Valiate that ROOT admin is able to deploy a VM for domain admin user in a shared network
with scope=domain with no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_nosubdomainaccess_domainadminuser
| Status : SUCCESS ===
> ok
> Valiate that ROOT admin is able to deploy a VM for domain user in a shared network with
scope=domain with no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_nosubdomainaccess_domainuser
| Status : SUCCESS ===
> ok
> Valiate that ROOT admin is NOT able to deploy a VM for parent domain admin user in a
shared network with scope=domain with no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_nosubdomainaccess_parentdomainadminuser
| Status : SUCCESS ===
> ok
> Valiate that ROOT admin is NOT able to deploy a VM for parent domain user in a shared
network with scope=domain with no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_nosubdomainaccess_parentdomainuser
| Status : SUCCESS ===
> ok
> Valiate that ROOT admin is NOT able to deploy a VM for sub domain admin user in a shared
network with scope=domain with no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_nosubdomainaccess_subdomainadminuser
| Status : SUCCESS ===
> ok
> Valiate that ROOT admin is NOT able to deploy a VM for sub domain user in a shared network
with scope=domain with no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_nosubdomainaccess_subdomainuser
| Status : SUCCESS ===
> ok
> Valiate that ROOT admin is NOT able to deploy a VM for user in ROOT domain in a shared
network with scope=domain with subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_withsubdomainaccess_ROOTuser
| Status : SUCCESS ===
> ok
> Valiate that ROOT admin is able to deploy a VM for domain admin user in a shared network
with scope=domain with subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_withsubdomainaccess_domainadminuser
| Status : SUCCESS ===
> ok
> Valiate that ROOT admin is able to deploy a VM for domain user in a shared network with
scope=domain with subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_withsubdomainaccess_domainuser
| Status : SUCCESS ===
> ok
> Valiate that ROOT admin is NOT able to deploy a VM for parent domain admin user in a
shared network with scope=domain with subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_withsubdomainaccess_parentdomainadminuser
| Status : SUCCESS ===
> ok
> Valiate that ROOT admin is NOT able to deploy a VM for parent domain user in a shared
network with scope=domain with subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_withsubdomainaccess_parentdomainuser
| Status : SUCCESS ===
> ok
> Valiate that ROOT admin is able to deploy a VM for subdomain admin user in a shared network
with scope=domain with subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_withsubdomainaccess_subdomainadminuser
| Status : SUCCESS ===
> ok
> Valiate that ROOT admin is able to deploy a VM for subdomain user in a shared network
with scope=domain with subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_withsubdomainaccess_subdomainuser
| Status : SUCCESS ===
> ok
> Valiate that Domain admin is NOT able to deploy a VM for an regular user in ROOT domain
in a shared network with scope=account ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_account_ROOTuser
| Status : SUCCESS ===
> ok
> Valiate that Domain admin is able NOT able to deploy a VM for an regular user from a
differnt domain in a shared network with scope=account ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_account_differentdomain
| Status : SUCCESS ===
> ok
> Valiate that Domain admin is NOT able to deploy a VM for an admin user in the same domain
but belonging ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_account_domainadminuser
| Status : SUCCESS ===
> ok
> Valiate that Domain admin is NOT able to deploy a VM for user in the same domain but
belonging to a ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_account_domainuser
| Status : SUCCESS ===
> ok
> Valiate that Domain admin is able to deploy a VM for an regular user in a shared network
with scope=account ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_account_user
| Status : SUCCESS ===
> ok
> Valiate that Domain admin is NOT able to deploy a VM for user in ROOT domain in a shared
network with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_all_ROOTuser
| Status : SUCCESS ===
> ok
> Valiate that Domain admin is NOT able to deploy a VM for user in other domain in a shared
network with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_all_crossdomainuser
| Status : SUCCESS ===
> ok
> Valiate that Domain admin is able to deploy a VM for a domain admin user in a shared
network with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_all_domainadminuser
| Status : SUCCESS ===
> ok
> Valiate that Domain admin is able to deploy a VM for a domain user in a shared network
with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_all_domainuser
| Status : SUCCESS ===
> ok
> Valiate that Domain admin is able to deploy a VM for a sub domain admin user in a shared
network with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_all_subdomainadminuser
| Status : SUCCESS ===
> ok
> Valiate that Domain admin is able to deploy a VM for a sub domain user in a shared network
with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_all_subdomainuser
| Status : SUCCESS ===
> ok
> Valiate that Domain admin is NOT able to deploy a VM for user in ROOT domain in a shared
network with scope=Domain and no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_nosubdomainaccess_ROOTuser
| Status : SUCCESS ===
> ok
> Valiate that Domain admin is able to deploy a VM for domain admin user in a shared network
with scope=Domain and no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_nosubdomainaccess_domainadminuser
| Status : SUCCESS ===
> ok
> Valiate that Domain admin is able to deploy a VM for domain user in a shared network
with scope=Domain and no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_nosubdomainaccess_domainuser
| Status : SUCCESS ===
> ok
> Valiate that Domain admin is NOT able to deploy VM for parent domain admin user in shared
network with scope=Domain and no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_nosubdomainaccess_parentdomainadminuser
| Status : SUCCESS ===
> ok
> Valiate that Domain admin is NOT able to deploy a VM for parent domain user in a shared
network with scope=Domain and no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_nosubdomainaccess_parentdomainuser
| Status : SUCCESS ===
> ok
> Valiate that Domain admin is NOT able to deploy a VM for sub domain admin user in a shared
network with scope=Domain and no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_nosubdomainaccess_subdomainadminuser
| Status : SUCCESS ===
> ok
> Valiate that Domain admin is NOT able to deploy a VM for sub domain user in a shared
network with scope=Domain and no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_nosubdomainaccess_subdomainuser
| Status : SUCCESS ===
> ok
> Valiate that Domain admin is NOT able to deploy a VM for user in ROOT domain in a shared
network with scope=Domain and subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_withsubdomainaccess_ROOTuser
| Status : SUCCESS ===
> ok
> Valiate that Domain admin is able to deploy a VM for admin user in domain in a shared
network with scope=Domain and subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_withsubdomainaccess_domainadminuser
| Status : SUCCESS ===
> ok
> Valiate that Domain admin is able to deploy a VM for regular user in domain in a shared
network with scope=Domain and subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_withsubdomainaccess_domainuser
| Status : SUCCESS ===
> ok
> Validate that Domain admin is NOT able to deploy VM for admin user in parent domain in
shared network with scope=Domain subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_withsubdomainaccess_parentdomainadminuser
| Status : SUCCESS ===
> ok
> Valiate that Domain admin NOT able to deploy VM for regular user in parent domain in
shared network with scope=Domain subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_withsubdomainaccess_parentdomainuser
| Status : SUCCESS ===
> ok
> Valiate that Domain admin is able to deploy a VM for admin user in subdomain in a shared
network with scope=Domain and subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_withsubdomainaccess_subdomainadminuser
| Status : SUCCESS ===
> ok
> Valiate that Domain admin is able to deploy a VM for regular user in subdomain in a shared
network with scope=Domain and subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_withsubdomainaccess_subdomainuser
| Status : SUCCESS ===
> ok
> Valiate that regular user is able NOT able to deploy a VM for another user in the same
 domain in a shared network with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_regularuser_scope_all_anotherusersamedomain
| Status : SUCCESS ===
> ok
> Valiate that regular user is able NOT able to deploy a VM for another user in a different
domain in a shared network with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_regularuser_scope_all_crossdomain
| Status : SUCCESS ===
> ok
> ----------------------------------------------------------------------
> Ran 51 tests in 3192.356s
> OK
> For monitoring useCase test runs are:-
> Valiate that Normal user in the same domain able to add NIC in a shared network with
scope=all ... === TestName: test_01_addNic_in_sharedNetwork_scope_all_as_domainuser | Status
: SUCCESS ===
> ok
> Valiate that Parent domain admin is able to add a NIC  in a shared network with scope=all
... === TestName: test_02_addNic_in_sharedNetwork_scope_all_as_domain_parentAdmin | Status
: SUCCESS ===
> ok
> Valiate that User can enable staticNat on VPC NIC where second nicn is in a shared network
with scope=all ... === TestName: test_03_staticNat_in_VPC_secondNic_sharedNetwork_scope_all
| Status : SUCCESS ===
> ok
> Validate that reboot VM is done successfully without any Error ... === TestName: test_04_rebootVM_after_sharedNetwork_nic
| Status : SUCCESS ===
> ok
> Validate that restart Tier Network is done successfully with cleanup ... === TestName:
test_05_restart_Tier_VPC_Network_sharedNetwork_nic | Status : SUCCESS ===
> ok
> Validate that restart Shared Network is done successfully without any Error ... === TestName:
test_06_restart_sharedNetwork_scope_all | Status : SUCCESS ===
> ok
> Valiate that Normal user in the same domain able to remove NIC in a shared network which
is added by Parent Domain Admin ... === TestName: test_07_removeNic_in_sharedNetwork_scope_all_as_domainuser
| Status : SUCCESS ===
> ok
> Valiate that Parent domain admin is able to remove a NIC  which is added by child domain
user ... === TestName: test_08_removeNic_in_sharedNetwork_scope_all_as_domain_parentAdmin
| Status : SUCCESS ===
> ok
> Valiate that Normal user in the same domain able to add NIC in a shared network with
scope=domain without subdomain Access ... === TestName: test_09_addNic_in_sharedNetwork_scope_domain_as_domainuser
| Status : SUCCESS ===
> ok
> Valiate that Normal user in the same domain able to add NIC in a shared network with
scope=domain with subdomain Access ... === TestName: test_10_addNic_in_sharedNetwork_scope_domain_subdomain_as_domainuser
| Status : SUCCESS ===
> ok
> ----------------------------------------------------------------------
> Ran 10 tests in 744.354s
> OK



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message