Uploaded image for project: 'CloudStack'
  1. CloudStack
  2. CLOUDSTACK-9403

Nuage VSP Plugin : Support for SharedNetwork fuctionality including Marvin test coverage

    XMLWordPrintableJSON

Details

    • Task
    • Status: In Progress
    • Major
    • Resolution: Unresolved
    • None
    • None
    • Automation, Network Controller
    • Security Level: Public (Anyone can view this level - this is the default.)
    • None

    Description

      This is first phase of support of Shared Network in cloudstack through NuageVsp Network Plugin. A shared network is a type of virtual network that is shared between multiple accounts i.e. a shared network can be accessed by virtual machines that belong to many different accounts. This basic functionality will be supported with the below common use case:

      • shared network can be used for monitoring purposes. A shared network can be assigned to a domain and can be used for monitoring VMs belonging to all accounts in that domain.
      • Public accessible of shared Network.

      With the current implementation with NuageVsp plugin, It support over-lapping of Ip address, Public Access and also adding Ip ranges in shared Network.
      In VSD, it is implemented in below manner:

      • In order to have tenant isolation for shared networks, we will have to create a Shared L3 Subnet for each shared network, and instantiate it across the relevant enterprises. A shared network will only exist under an enterprise when it is needed, so when the first VM is spinned under that ACS domain inside that shared network.
      • For public shared Network it will also create a floating ip subnet pool in VSD along with all the things mentioned in above point.

      PR contents:
      1) Support for shared networks with tenant isolation on master with Nuage VSP SDN Plugin.
      2) Support of shared network with publicly accessible ip ranges.
      2) Marvin test coverage for shared networks on master with Nuage VSP SDN Plugin.
      3) Enhancements on our exiting Marvin test code (nuagevsp plugins directory).
      4) PEP8 & PyFlakes compliance with our Marvin test code.

      Test Results are:-
      Valiate that ROOT admin is NOT able to deploy a VM for a user in ROOT domain in a shared network with ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_account_ROOTuser | Status : SUCCESS ===
      ok
      Valiate that ROOT admin is NOT able to deploy a VM for a admin user in a shared network with ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_account_differentdomain | Status : SUCCESS ===
      ok
      Valiate that ROOT admin is NOT able to deploy a VM for admin user in the same domain but in a ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_account_domainadminuser | Status : SUCCESS ===
      ok
      Valiate that ROOT admin is NOT able to deploy a VM for user in the same domain but in a different ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_account_domainuser | Status : SUCCESS ===
      ok
      Valiate that ROOT admin is able to deploy a VM for regular user in a shared network with scope=account ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_account_user | Status : SUCCESS ===
      ok
      Valiate that ROOT admin is able to deploy a VM for user in ROOT domain in a shared network with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_all_ROOTuser | Status : SUCCESS ===
      ok
      Valiate that ROOT admin is able to deploy a VM for a domain admin users in a shared network with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_all_domainadminuser | Status : SUCCESS ===
      ok
      Valiate that ROOT admin is able to deploy a VM for other users in a shared network with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_all_domainuser | Status : SUCCESS ===
      ok
      Valiate that ROOT admin is able to deploy a VM for admin user in a domain in a shared network with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_all_subdomainadminuser | Status : SUCCESS ===
      ok
      Valiate that ROOT admin is able to deploy a VM for any user in a subdomain in a shared network with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_all_subdomainuser | Status : SUCCESS ===
      ok
      Valiate that ROOT admin is NOT able to deploy a VM for parent domain admin user in a shared network with scope=domain with no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_nosubdomainaccess_ROOTuser | Status : SUCCESS ===
      ok
      Valiate that ROOT admin is able to deploy a VM for domain admin user in a shared network with scope=domain with no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_nosubdomainaccess_domainadminuser | Status : SUCCESS ===
      ok
      Valiate that ROOT admin is able to deploy a VM for domain user in a shared network with scope=domain with no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_nosubdomainaccess_domainuser | Status : SUCCESS ===
      ok
      Valiate that ROOT admin is NOT able to deploy a VM for parent domain admin user in a shared network with scope=domain with no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_nosubdomainaccess_parentdomainadminuser | Status : SUCCESS ===
      ok
      Valiate that ROOT admin is NOT able to deploy a VM for parent domain user in a shared network with scope=domain with no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_nosubdomainaccess_parentdomainuser | Status : SUCCESS ===
      ok
      Valiate that ROOT admin is NOT able to deploy a VM for sub domain admin user in a shared network with scope=domain with no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_nosubdomainaccess_subdomainadminuser | Status : SUCCESS ===
      ok
      Valiate that ROOT admin is NOT able to deploy a VM for sub domain user in a shared network with scope=domain with no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_nosubdomainaccess_subdomainuser | Status : SUCCESS ===
      ok
      Valiate that ROOT admin is NOT able to deploy a VM for user in ROOT domain in a shared network with scope=domain with subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_withsubdomainaccess_ROOTuser | Status : SUCCESS ===
      ok
      Valiate that ROOT admin is able to deploy a VM for domain admin user in a shared network with scope=domain with subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_withsubdomainaccess_domainadminuser | Status : SUCCESS ===
      ok
      Valiate that ROOT admin is able to deploy a VM for domain user in a shared network with scope=domain with subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_withsubdomainaccess_domainuser | Status : SUCCESS ===
      ok
      Valiate that ROOT admin is NOT able to deploy a VM for parent domain admin user in a shared network with scope=domain with subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_withsubdomainaccess_parentdomainadminuser | Status : SUCCESS ===
      ok
      Valiate that ROOT admin is NOT able to deploy a VM for parent domain user in a shared network with scope=domain with subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_withsubdomainaccess_parentdomainuser | Status : SUCCESS ===
      ok
      Valiate that ROOT admin is able to deploy a VM for subdomain admin user in a shared network with scope=domain with subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_withsubdomainaccess_subdomainadminuser | Status : SUCCESS ===
      ok
      Valiate that ROOT admin is able to deploy a VM for subdomain user in a shared network with scope=domain with subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_withsubdomainaccess_subdomainuser | Status : SUCCESS ===
      ok
      Valiate that Domain admin is NOT able to deploy a VM for an regular user in ROOT domain in a shared network with scope=account ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_account_ROOTuser | Status : SUCCESS ===
      ok
      Valiate that Domain admin is able NOT able to deploy a VM for an regular user from a differnt domain in a shared network with scope=account ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_account_differentdomain | Status : SUCCESS ===
      ok
      Valiate that Domain admin is NOT able to deploy a VM for an admin user in the same domain but belonging ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_account_domainadminuser | Status : SUCCESS ===
      ok
      Valiate that Domain admin is NOT able to deploy a VM for user in the same domain but belonging to a ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_account_domainuser | Status : SUCCESS ===
      ok
      Valiate that Domain admin is able to deploy a VM for an regular user in a shared network with scope=account ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_account_user | Status : SUCCESS ===
      ok
      Valiate that Domain admin is NOT able to deploy a VM for user in ROOT domain in a shared network with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_all_ROOTuser | Status : SUCCESS ===
      ok
      Valiate that Domain admin is NOT able to deploy a VM for user in other domain in a shared network with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_all_crossdomainuser | Status : SUCCESS ===
      ok
      Valiate that Domain admin is able to deploy a VM for a domain admin user in a shared network with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_all_domainadminuser | Status : SUCCESS ===
      ok
      Valiate that Domain admin is able to deploy a VM for a domain user in a shared network with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_all_domainuser | Status : SUCCESS ===
      ok
      Valiate that Domain admin is able to deploy a VM for a sub domain admin user in a shared network with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_all_subdomainadminuser | Status : SUCCESS ===
      ok
      Valiate that Domain admin is able to deploy a VM for a sub domain user in a shared network with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_all_subdomainuser | Status : SUCCESS ===
      ok
      Valiate that Domain admin is NOT able to deploy a VM for user in ROOT domain in a shared network with scope=Domain and no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_nosubdomainaccess_ROOTuser | Status : SUCCESS ===
      ok
      Valiate that Domain admin is able to deploy a VM for domain admin user in a shared network with scope=Domain and no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_nosubdomainaccess_domainadminuser | Status : SUCCESS ===
      ok
      Valiate that Domain admin is able to deploy a VM for domain user in a shared network with scope=Domain and no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_nosubdomainaccess_domainuser | Status : SUCCESS ===
      ok
      Valiate that Domain admin is NOT able to deploy VM for parent domain admin user in shared network with scope=Domain and no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_nosubdomainaccess_parentdomainadminuser | Status : SUCCESS ===
      ok
      Valiate that Domain admin is NOT able to deploy a VM for parent domain user in a shared network with scope=Domain and no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_nosubdomainaccess_parentdomainuser | Status : SUCCESS ===
      ok
      Valiate that Domain admin is NOT able to deploy a VM for sub domain admin user in a shared network with scope=Domain and no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_nosubdomainaccess_subdomainadminuser | Status : SUCCESS ===
      ok
      Valiate that Domain admin is NOT able to deploy a VM for sub domain user in a shared network with scope=Domain and no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_nosubdomainaccess_subdomainuser | Status : SUCCESS ===
      ok
      Valiate that Domain admin is NOT able to deploy a VM for user in ROOT domain in a shared network with scope=Domain and subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_withsubdomainaccess_ROOTuser | Status : SUCCESS ===
      ok
      Valiate that Domain admin is able to deploy a VM for admin user in domain in a shared network with scope=Domain and subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_withsubdomainaccess_domainadminuser | Status : SUCCESS ===
      ok
      Valiate that Domain admin is able to deploy a VM for regular user in domain in a shared network with scope=Domain and subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_withsubdomainaccess_domainuser | Status : SUCCESS ===
      ok
      Validate that Domain admin is NOT able to deploy VM for admin user in parent domain in shared network with scope=Domain subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_withsubdomainaccess_parentdomainadminuser | Status : SUCCESS ===
      ok
      Valiate that Domain admin NOT able to deploy VM for regular user in parent domain in shared network with scope=Domain subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_withsubdomainaccess_parentdomainuser | Status : SUCCESS ===
      ok
      Valiate that Domain admin is able to deploy a VM for admin user in subdomain in a shared network with scope=Domain and subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_withsubdomainaccess_subdomainadminuser | Status : SUCCESS ===
      ok
      Valiate that Domain admin is able to deploy a VM for regular user in subdomain in a shared network with scope=Domain and subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_withsubdomainaccess_subdomainuser | Status : SUCCESS ===
      ok
      Valiate that regular user is able NOT able to deploy a VM for another user in the same domain in a shared network with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_regularuser_scope_all_anotherusersamedomain | Status : SUCCESS ===
      ok
      Valiate that regular user is able NOT able to deploy a VM for another user in a different domain in a shared network with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_regularuser_scope_all_crossdomain | Status : SUCCESS ===
      ok

      ----------------------------------------------------------------------
      Ran 51 tests in 3192.356s

      OK

      For monitoring useCase test runs are:-

      Valiate that Normal user in the same domain able to add NIC in a shared network with scope=all ... === TestName: test_01_addNic_in_sharedNetwork_scope_all_as_domainuser | Status : SUCCESS ===
      ok
      Valiate that Parent domain admin is able to add a NIC in a shared network with scope=all ... === TestName: test_02_addNic_in_sharedNetwork_scope_all_as_domain_parentAdmin | Status : SUCCESS ===
      ok
      Valiate that User can enable staticNat on VPC NIC where second nicn is in a shared network with scope=all ... === TestName: test_03_staticNat_in_VPC_secondNic_sharedNetwork_scope_all | Status : SUCCESS ===
      ok
      Validate that reboot VM is done successfully without any Error ... === TestName: test_04_rebootVM_after_sharedNetwork_nic | Status : SUCCESS ===
      ok
      Validate that restart Tier Network is done successfully with cleanup ... === TestName: test_05_restart_Tier_VPC_Network_sharedNetwork_nic | Status : SUCCESS ===
      ok
      Validate that restart Shared Network is done successfully without any Error ... === TestName: test_06_restart_sharedNetwork_scope_all | Status : SUCCESS ===
      ok
      Valiate that Normal user in the same domain able to remove NIC in a shared network which is added by Parent Domain Admin ... === TestName: test_07_removeNic_in_sharedNetwork_scope_all_as_domainuser | Status : SUCCESS ===
      ok
      Valiate that Parent domain admin is able to remove a NIC which is added by child domain user ... === TestName: test_08_removeNic_in_sharedNetwork_scope_all_as_domain_parentAdmin | Status : SUCCESS ===
      ok
      Valiate that Normal user in the same domain able to add NIC in a shared network with scope=domain without subdomain Access ... === TestName: test_09_addNic_in_sharedNetwork_scope_domain_as_domainuser | Status : SUCCESS ===
      ok
      Valiate that Normal user in the same domain able to add NIC in a shared network with scope=domain with subdomain Access ... === TestName: test_10_addNic_in_sharedNetwork_scope_domain_subdomain_as_domainuser | Status : SUCCESS ===
      ok

      ----------------------------------------------------------------------
      Ran 10 tests in 744.354s

      OK

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #1579

          Activity

            People

              nlivens Nick Livens
              singalrahul@gmail.com Rahul Singal
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: