You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by bh...@apache.org on 2015/03/10 05:51:15 UTC
git commit: updated refs/heads/master to 1fd401f
Repository: cloudstack
Updated Branches:
refs/heads/master 8ed833a13 -> 1fd401ff4
CLOUDSTACK-8299: Adding additional test case to test ingress rules with two security groups together
This closes #102
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/1fd401ff
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/1fd401ff
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/1fd401ff
Branch: refs/heads/master
Commit: 1fd401ff4396dfcc5fb9786e04b55017bfcf3b0c
Parents: 8ed833a
Author: Gaurav Aradhye <ga...@clogeny.com>
Authored: Mon Mar 9 14:21:44 2015 +0530
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Tue Mar 10 10:20:46 2015 +0530
----------------------------------------------------------------------
.../component/test_security_groups.py | 179 ++++++++++++++++++-
1 file changed, 178 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1fd401ff/test/integration/component/test_security_groups.py
----------------------------------------------------------------------
diff --git a/test/integration/component/test_security_groups.py b/test/integration/component/test_security_groups.py
index 40ac561..2a37fd8 100644
--- a/test/integration/component/test_security_groups.py
+++ b/test/integration/component/test_security_groups.py
@@ -1760,7 +1760,7 @@ class TestIngressRuleSpecificIpSet(cloudstackTestCase):
# 5. Revoke the ingress rule and add ingress rule for specific IP
set (including test machine)
# 6. Add new Vm to default sec group
- # 7. Verify that SSH works to VM from tst machine
+ # 7. Verify that SSH works to VM from test machine
# 8. Verify that SSH does not work to VM from different machine which
is outside specified IP set
"""
@@ -1920,3 +1920,180 @@ class TestIngressRuleSpecificIpSet(cloudstackTestCase):
(virtual_machine_3.ssh_ip,
self.mgtSvrDetails["mgtSvrIp"]))
return
+
+ @attr(tags=["sg", "eip", "advancedsg"])
+ def test_ingress_rules_specific_IP_set_non_def_sec_group(self):
+ """Test ingress rules for specific IP set and non default security group
+
+ # Validate the following:
+ # 1. Create an account and add ingress rule
+ (CIDR 0.0.0.0/0) in default security group
+ # 2. Deploy 2 VMs in the default sec group
+ # 3. Check if SSH works for the VMs from test machine, should work
+ # 4. Check if SSH works for the VM from different machine (
+ for instance, management server), should work
+ # 5. Add new security group to the account and add ingress rule for
+ specific IP set (including test machine)
+ # 6. Add new Vm to new sec group
+ # 7. Verify that SSH works to VM from test machine
+ # 8. Verify that SSH does not work to VM from different machine which
+ is outside specified IP set
+ """
+
+ # Default Security group should not have any ingress rule
+ security_groups = SecurityGroup.list(
+ self.apiclient,
+ account=self.account.name,
+ domainid=self.account.domainid,
+ listall=True
+ )
+ self.assertEqual(
+ validateList(security_groups)[0],
+ PASS,
+ "Security groups list validation failed"
+ )
+
+ defaultSecurityGroup = security_groups[0]
+
+ # Authorize Security group to SSH to VM
+ cmd = authorizeSecurityGroupIngress.authorizeSecurityGroupIngressCmd()
+ cmd.securitygroupid = defaultSecurityGroup.id
+ cmd.protocol = 'TCP'
+ cmd.startport = 22
+ cmd.endport = 22
+ cmd.cidrlist = '0.0.0.0/0'
+ self.apiclient.authorizeSecurityGroupIngress(cmd)
+
+ virtual_machine_1 = VirtualMachine.create(
+ self.apiclient,
+ self.testdata["virtual_machine"],
+ accountid=self.account.name,
+ domainid=self.account.domainid,
+ serviceofferingid=self.service_offering.id,
+ securitygroupids=[defaultSecurityGroup.id]
+ )
+
+ virtual_machine_2 = VirtualMachine.create(
+ self.apiclient,
+ self.testdata["virtual_machine"],
+ accountid=self.account.name,
+ domainid=self.account.domainid,
+ serviceofferingid=self.service_offering.id,
+ securitygroupids=[defaultSecurityGroup.id]
+ )
+
+ try:
+ SshClient(
+ virtual_machine_1.ssh_ip,
+ virtual_machine_1.ssh_port,
+ virtual_machine_1.username,
+ virtual_machine_1.password
+ )
+ except Exception as e:
+ self.fail("SSH Access failed for %s: %s" %
+ (self.virtual_machine.ipaddress, e)
+ )
+
+ try:
+ SshClient(
+ virtual_machine_2.ssh_ip,
+ virtual_machine_2.ssh_port,
+ virtual_machine_2.username,
+ virtual_machine_2.password
+ )
+ except Exception as e:
+ self.fail("SSH Access failed for %s: %s" %
+ (self.virtual_machine.ipaddress, e)
+ )
+
+ sshClient = SshClient(
+ self.mgtSvrDetails["mgtSvrIp"],
+ 22,
+ self.mgtSvrDetails["user"],
+ self.mgtSvrDetails["passwd"]
+ )
+
+ response = sshClient.execute("ssh %s@%s -v" %
+ (virtual_machine_1.username,
+ virtual_machine_1.ssh_ip))
+ self.debug("Response is :%s" % response)
+
+ self.assertTrue("connection established" in str(response).lower(),
+ "SSH to VM at %s failed from external machine ip %s other than test machine" %
+ (virtual_machine_1.ssh_ip,
+ self.mgtSvrDetails["mgtSvrIp"]))
+
+ response = sshClient.execute("ssh %s@%s -v" %
+ (virtual_machine_2.username,
+ virtual_machine_2.ssh_ip))
+ self.debug("Response is :%s" % response)
+
+ self.assertTrue("connection established" in str(response).lower(),
+ "SSH to VM at %s failed from external machine ip %s other than test machine" %
+ (virtual_machine_2.ssh_ip,
+ self.mgtSvrDetails["mgtSvrIp"]))
+
+ localMachineIpAddress = self.getLocalMachineIpAddress()
+ cidr = localMachineIpAddress + "/32"
+
+ security_group = SecurityGroup.create(
+ self.apiclient,
+ self.testdata["security_group"],
+ account=self.account.name,
+ domainid=self.account.domainid
+ )
+
+ # Authorize Security group to SSH to VM
+ cmd = authorizeSecurityGroupIngress.authorizeSecurityGroupIngressCmd()
+ cmd.securitygroupid = security_group.id
+ cmd.protocol = 'TCP'
+ cmd.startport = 22
+ cmd.endport = 22
+ cmd.cidrlist = cidr
+ self.apiclient.authorizeSecurityGroupIngress(cmd)
+
+ virtual_machine_3 = VirtualMachine.create(
+ self.apiclient,
+ self.testdata["virtual_machine"],
+ accountid=self.account.name,
+ domainid=self.account.domainid,
+ serviceofferingid=self.service_offering.id,
+ securitygroupids=[security_group.id]
+ )
+
+ if self.testdata["configurableData"]["setHostConfigurationForIngressRule"]:
+ self.setHostConfiguration()
+ time.sleep(180)
+
+ virtual_machine_3.stop(self.apiclient)
+ virtual_machine_3.start(self.apiclient)
+
+ try:
+ sshClient = SshClient(
+ virtual_machine_3.ssh_ip,
+ virtual_machine_3.ssh_port,
+ virtual_machine_3.username,
+ virtual_machine_3.password
+ )
+ except Exception as e:
+ self.fail("SSH Access failed for %s: %s" %
+ (virtual_machine_3.ssh_ip, e)
+ )
+
+ sshClient = SshClient(
+ self.mgtSvrDetails["mgtSvrIp"],
+ 22,
+ self.mgtSvrDetails["user"],
+ self.mgtSvrDetails["passwd"]
+ )
+
+ response = sshClient.execute("ssh %s@%s -v" %
+ (virtual_machine_3.username,
+ virtual_machine_3.ssh_ip))
+ self.debug("Response is :%s" % response)
+
+ self.assertFalse("connection established" in str(response).lower(),
+ "SSH to VM at %s succeeded from external machine ip %s other than test machine" %
+ (virtual_machine_3.ssh_ip,
+ self.mgtSvrDetails["mgtSvrIp"]))
+ return