diff --git a/test/integration/component/test_vpc_network_pfrules.py b/test/integration/component/test_vpc_network_pfrules.py index 1e1b5cc2dad..6894c997aae 100644 --- a/test/integration/component/test_vpc_network_pfrules.py +++ b/test/integration/component/test_vpc_network_pfrules.py @@ -343,22 +343,6 @@ class TestVPCNetworkPFRules(cloudstackTestCase): else: self.debug("Failed to wget from VM=%s http server on public_ip=%s" % (vm.name, public_ip.ipaddress.ipaddress)) - def create_staticnat(self, vm, public_ip, network): - self.debug("Enabling static NAT for IP: %s" % - public_ip.ipaddress.ipaddress) - try: - StaticNATRule.enable( - self.apiclient, - ipaddressid=public_ip.ipaddress.id, - virtualmachineid=vm.id, - networkid=network.id - ) - self.debug("Static NAT enabled for IP: %s" % - public_ip.ipaddress.ipaddress) - except Exception as e: - self.fail("Failed to enable static NAT on IP: %s - %s" % ( - public_ip.ipaddress.ipaddress, e)) - def create_natrule(self, vm, public_ip, network, services=None): self.debug("Creating NAT rule in network for vm with public IP") if not services: diff --git a/test/integration/component/test_vpc_network_staticnatrule.py b/test/integration/component/test_vpc_network_staticnatrule.py index 28c065d70a0..539672e0b10 100644 --- a/test/integration/component/test_vpc_network_staticnatrule.py +++ b/test/integration/component/test_vpc_network_staticnatrule.py @@ -141,7 +141,7 @@ class Services: "protocol": "TCP", "cidrlist": '0.0.0.0/0', }, - "natrule": { + "ssh_rule": { "privateport": 22, "publicport": 22, "startport": 22, @@ -361,28 +361,6 @@ class TestVPCNetworkPFRules(cloudstackTestCase): self.fail("Failed to enable static NAT on IP: %s - %s" % ( public_ip.ipaddress.ipaddress, e)) - def create_NatRule_For_VM(self, vm, public_ip, network, services=None): - self.debug("Creatinng NAT rule in network for vm with public IP") - if not services: - services = self.services["natrule"] - nat_rule = NATRule.create(self.apiclient, - vm, - services, - ipaddressid=public_ip.ipaddress.id, - openfirewall=False, - networkid=network.id, - vpcid=self.vpc.id - ) - - self.debug("Adding NetwrokACl rules to make NAT rule accessible") - nwacl_nat = NetworkACL.create(self.apiclient, - networkid=network.id, - services=services, - traffictype='Ingress' - ) - self.debug('nwacl_nat=%s' % nwacl_nat.__dict__) - return nat_rule - def acquire_Public_IP(self, network): self.debug("Associating public IP for network: %s" % network.name) public_ip = PublicIPAddress.create(self.apiclient, @@ -490,16 +468,16 @@ class TestVPCNetworkPFRules(cloudstackTestCase): lb_rule.assign(self.apiclient, vmarray) return lb_rule - def create_egress_Internet_Rule(self, network): - self.debug("Adding Egress rules to network %s and %s to allow access to internet" % (network.name,self.services["http_rule"])) - nwacl_internet_1 = NetworkACL.create( - self.apiclient, + def create_ingress_rule(self, network, services=None): + if not services: + services = self.services["ssh_rule"] + self.debug("Adding NetworkACL rules to make NAT rule accessible") + nwacl_nat = NetworkACL.create(self.apiclient, + services, networkid=network.id, - services=self.services["http_rule"], traffictype='Ingress' ) - - return nwacl_internet_1 + return nwacl_nat @attr(tags=["advanced", "intervlan"]) @@ -518,10 +496,13 @@ class TestVPCNetworkPFRules(cloudstackTestCase): # 8. Successfully ssh into the Guest VM using the PF rule network_1 = self.create_Network(self.services["network_offering"]) + self.create_ingress_rule(network_1) + vm_1 = self.create_VM_in_Network(network_1) public_ip_1 = self.acquire_Public_IP(network_1) + router = self.stop_VPC_VRouter() - self.create_NatRule_For_VM( vm_1, public_ip_1, network_1) + self.create_StaticNatRule_For_VM( vm_1, public_ip_1, network_1) self.start_VPC_VRouter(router) self.check_ssh_into_vm(vm_1, public_ip_1, testnegative=False) @@ -542,6 +523,8 @@ class TestVPCNetworkPFRules(cloudstackTestCase): # 6. Successfully ssh into the Guest VM using the PF rule network_1 = self.create_Network(self.services["network_offering"]) + self.create_ingress_rule(network_1) + vm_1 = self.create_VM_in_Network(network_1) public_ip_1 = self.acquire_Public_IP(network_1) self.create_StaticNatRule_For_VM( vm_1, public_ip_1, network_1) @@ -569,6 +552,9 @@ class TestVPCNetworkPFRules(cloudstackTestCase): network_1 = self.create_Network(self.services["network_offering_no_lb"]) network_2 = self.create_Network(self.services["network_offering_no_lb"], '10.1.2.1') + self.create_ingress_rule(network_1) + self.create_ingress_rule(network_2) + vm_1 = self.create_VM_in_Network(network_1) vm_2 = self.create_VM_in_Network(network_2) public_ip_1 = self.acquire_Public_IP(network_1) @@ -601,6 +587,9 @@ class TestVPCNetworkPFRules(cloudstackTestCase): network_1 = self.create_Network(self.services["network_offering"]) network_2 = self.create_Network(self.services["network_offering_no_lb"], '10.1.2.1') + self.create_ingress_rule(network_1) + self.create_ingress_rule(network_2) + vm_1 = self.create_VM_in_Network(network_1) vm_2 = self.create_VM_in_Network(network_2) public_ip_1 = self.acquire_Public_IP(network_1) @@ -632,10 +621,13 @@ class TestVPCNetworkPFRules(cloudstackTestCase): # 10. ssh into Guest VM using the PF rule should fail network_1 = self.create_Network(self.services["network_offering"]) + self.create_ingress_rule(network_1) + self.create_ingress_rule(network_1, self.services["http_rule"]) + vm_1 = self.create_VM_in_Network(network_1) public_ip_1 = self.acquire_Public_IP(network_1) - nat_rule = self.create_NatRule_For_VM(vm_1, public_ip_1, network_1) - http_rule = self.create_NatRule_For_VM(vm_1, public_ip_1, network_1, self.services["http_rule"]) + nat_rule = self.create_StaticNatRule_For_VM(vm_1, public_ip_1, network_1) + http_rule = self.create_StaticNatRule_For_VM(vm_1, public_ip_1, network_1, self.services["http_rule"]) self.check_ssh_into_vm(vm_1, public_ip_1, testnegative=False) self.check_wget_from_vm(vm_1, public_ip_1, testnegative=False) http_rule.delete(self.apiclient) @@ -666,18 +658,23 @@ class TestVPCNetworkPFRules(cloudstackTestCase): network_1 = self.create_Network(self.services["network_offering"]) network_2 = self.create_Network(self.services["network_offering_no_lb"], '10.1.2.1') + self.create_ingress_rule(network_1) + self.create_ingress_rule(network_2) + self.create_ingress_rule(network_1, self.services["http_rule"]) + self.create_ingress_rule(network_2, self.services["http_rule"]) + vm_1 = self.create_VM_in_Network(network_1) vm_2 = self.create_VM_in_Network(network_1) vm_3 = self.create_VM_in_Network(network_2) vm_4 = self.create_VM_in_Network(network_2) public_ip_1 = self.acquire_Public_IP(network_1) public_ip_2 = self.acquire_Public_IP(network_1) - nat_rule1 = self.create_NatRule_For_VM(vm_1, public_ip_1, network_1) - nat_rule2 = self.create_NatRule_For_VM(vm_2, public_ip_2, network_1) - http_rule1 = self.create_egress_Internet_Rule(network_1) - nat_rule3 = self.create_NatRule_For_VM(vm_3, public_ip_1, network_2) - nat_rule4 = self.create_NatRule_For_VM(vm_4, public_ip_2, network_2) - http_rule2 = self.create_egress_Internet_Rule(network_2) + public_ip_3 = self.acquire_Public_IP(network_2) + public_ip_4 = self.acquire_Public_IP(network_2) + nat_rule1 = self.create_StaticNatRule_For_VM(vm_1, public_ip_1, network_1) + nat_rule2 = self.create_StaticNatRule_For_VM(vm_2, public_ip_2, network_1) + nat_rule3 = self.create_StaticNatRule_For_VM(vm_3, public_ip_3, network_2) + nat_rule4 = self.create_StaticNatRule_For_VM(vm_4, public_ip_4, network_2) self.check_ssh_into_vm(vm_1, public_ip_1, testnegative=False) self.check_ssh_into_vm(vm_2, public_ip_2, testnegative=False) self.check_ssh_into_vm(vm_3, public_ip_1, testnegative=False) @@ -690,8 +687,6 @@ class TestVPCNetworkPFRules(cloudstackTestCase): nat_rule2.delete(self.apiclient) nat_rule3.delete(self.apiclient) nat_rule4.delete(self.apiclient) - http_rule1.delete(self.apiclient) - http_rule2.delete(self.apiclient) self.check_ssh_into_vm(vm_1, public_ip_1, testnegative=True) self.check_ssh_into_vm(vm_2, public_ip_2, testnegative=True) self.check_ssh_into_vm(vm_3, public_ip_1, testnegative=True)