From 76bc74f47aaae4064f836b351074e3db07180c91 Mon Sep 17 00:00:00 2001 From: Gary Wu Date: Thu, 22 Mar 2018 13:25:49 -0700 Subject: Fix vFW Closed Loop robot test case MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Issued addressed by this change: * Cherry picked from Amsterdam * Send the invariantUUID of VPKTG to Policy instead of VFW * Extraneous single quote characters in the policy yaml * Policy update wouldn’t “stick” until I added in the delays in between the various Policy API calls * Had to ignore the VID teardown errors; not sure if this is necessary to pass the closed loop test Change-Id: Ie504736484df78c46f564ee21bbd0c22d494af1f Issue-ID: INT-406 Signed-off-by: Gary Wu Signed-off-by: Brian Freeman --- .../policy/FirewallPolicy_update.template | 16 +++++++ robot/resources/demo_preload.robot | 6 +++ robot/resources/policy_interface.robot | 55 +++++++++++++++++++++- robot/resources/ssh/processes.robot | 2 +- .../stack_validation/policy_check_vfw.robot | 32 ++++++++----- .../vnf_orchestration_test_template.robot | 2 +- robot/testsuites/closed-loop.robot | 2 +- 7 files changed, 99 insertions(+), 16 deletions(-) create mode 100644 robot/assets/templates/policy/FirewallPolicy_update.template diff --git a/robot/assets/templates/policy/FirewallPolicy_update.template b/robot/assets/templates/policy/FirewallPolicy_update.template new file mode 100644 index 00000000..a5709f56 --- /dev/null +++ b/robot/assets/templates/policy/FirewallPolicy_update.template @@ -0,0 +1,16 @@ +{ + "policyConfigType": "BRMS_PARAM", + "policyName": "com.BRMSParamvFirewall", + "policyDescription": "BRMS Param vFirewall policy", + "policyScope": "com", + "attributes": { + "MATCHING": { + "controller": "amsterdam" + }, + "RULE": { + "templateName": "ClosedLoopControlName", + "closedLoopControlName": "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a", + "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a%0D%0A++trigger_policy%3A+unique-policy-id-1-modifyConfig%0D%0A++timeout%3A+1200%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-modifyConfig%0D%0A++++name%3A+modify+packet+gen+config%0D%0A++++description%3A%0D%0A++++actor%3A+APPC%0D%0A++++recipe%3A+ModifyConfig%0D%0A++++target%3A%0D%0A++++++%23+TBD+-+Cannot+be+known+until+instantiation+is+done%0D%0A++++++resourceID%3A+${RESOURCE_ID}%0D%0A++++++type%3A+VNF%0D%0A++++retry%3A+0%0D%0A++++timeout%3A+300%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard" + } + } +} diff --git a/robot/resources/demo_preload.robot b/robot/resources/demo_preload.robot index 406f8f0e..1a0e034b 100644 --- a/robot/resources/demo_preload.robot +++ b/robot/resources/demo_preload.robot @@ -98,6 +98,12 @@ Get Relationship Data \ Return From Keyword If '${status}' == 'PASS' ${relationship_data} +Get Generic VNF By ID + [Arguments] ${vnf_id} + ${resp}= Run A&AI Get Request ${AAI_INDEX PATH}/network/generic-vnfs/generic-vnf?vnf-id=${vnf_id} + Should Be Equal As Strings ${resp.status_code} 200 + [Return] ${resp.json()} + Get Service Instance [Arguments] ${vnf_name} ${resp}= Run A&AI Get Request ${AAI_INDEX PATH}/network/generic-vnfs/generic-vnf?vnf-name=${vnf_name} diff --git a/robot/resources/policy_interface.robot b/robot/resources/policy_interface.robot index a622ae6c..f05f2650 100644 --- a/robot/resources/policy_interface.robot +++ b/robot/resources/policy_interface.robot @@ -57,4 +57,57 @@ Run Policy Get Configs Request ${headers}= Create Dictionary Accept=application/json Content-Type=application/json Authorization=Basic ${GLOBAL_POLICY_AUTH} ClientAuth=${GLOBAL_POLICY_CLIENTAUTH} ${resp}= Post Request policy ${data_path} data=${data} headers=${headers} Log Received response from policy ${resp.text} - [Return] ${resp} \ No newline at end of file + [Return] ${resp} + + + +Update vVFWCL Policy + [Arguments] ${resource_id} + Delete vFWCL Policy + Sleep 20s + Create vFWCL Policy ${resource_id} + Sleep 5s + Push vFWCL Policy + Sleep 20s + Reboot Drools + Sleep 20s + Validate the vFWCL Policy + +Delete vFWCL Policy + ${data}= OperatingSystem.Get File ${POLICY_TEMPLATES}/FirewallPolicy_delete.template + ${resp}= Run Policy Delete Request /pdp/api/deletePolicy ${data} + Should Be Equal As Strings ${resp.status_code} 200 + +Create vFWCL Policy + [Arguments] ${resource_id} + ${dict}= Create Dictionary RESOURCE_ID=${resource_id} + ${data}= Fill JSON Template File ${POLICY_TEMPLATES}/FirewallPolicy_update.template ${dict} + ${resp}= Run Policy Put Request /pdp/api/updatePolicy ${data} + Should Be Equal As Strings ${resp.status_code} 200 + +Push vFWCL Policy + ${dict}= Create Dictionary + ${data}= Fill JSON Template File ${POLICY_TEMPLATES}/FirewallPolicy_push.template ${dict} + ${resp}= Run Policy Put Request /pdp/api/pushPolicy ${data} + Should Be Equal As Strings ${resp.status_code} 200 + +Reboot Drools + ${stop}= Catenate docker exec -t -u policy drools bash -c "source /opt/app/policy/etc/profile.d/env.sh; policy stop" + ${start}= Catenate docker exec -t -u policy drools bash -c "source /opt/app/policy/etc/profile.d/env.sh; policy start" + Wait Until Keyword Succeeds 120 5 sec Open Connection And Log In ${GLOBAL_INJECTED_POLICY_IP_ADDR} root ${GLOBAL_VM_PRIVATE_KEY} + Write ${stop} + ${status} ${stdout}= Run Keyword And Ignore Error SSHLibrary.Read Until Regexp has stopped + Log ${status}: stdout=${stdout} + ${ctrlc}= Evaluate '\x03' + Run Keyword If '${status}' == 'FAIL' Write ${ctrlc} + Sleep 5s + Write ${start} + ${stdout}= SSHLibrary.Read Until Regexp is running + Log stdout=${stdout} + Should Contain ${stdout} is running + +Validate the vFWCL Policy + ${resp}= Run Drools Get Request /policy/pdp/engine/controllers/amsterdam/drools + Should Be Equal As Strings ${resp.status_code} 200 + ${resp}= Run Drools Get Request /policy/pdp/engine/controllers/amsterdam/drools/facts/closedloop-amsterdam/org.onap.policy.controlloop.Params + Should Be Equal As Strings ${resp.status_code} 200 diff --git a/robot/resources/ssh/processes.robot b/robot/resources/ssh/processes.robot index e9f37318..2ab6a14a 100644 --- a/robot/resources/ssh/processes.robot +++ b/robot/resources/ssh/processes.robot @@ -38,7 +38,7 @@ Create Process Map Wait for Process on Host [Documentation] Wait for the passed process name (regular expression) to be running on the passed host - [Arguments] ${process_name} ${host} ${timeout}=600s + [Arguments] ${process_name} ${host} ${timeout}=1200s ${map}= Wait Until Keyword Succeeds ${timeout} 10 sec Is Process On Host ${process_name} ${host} [Return] ${map} diff --git a/robot/resources/stack_validation/policy_check_vfw.robot b/robot/resources/stack_validation/policy_check_vfw.robot index 22340729..a4c343eb 100644 --- a/robot/resources/stack_validation/policy_check_vfw.robot +++ b/robot/resources/stack_validation/policy_check_vfw.robot @@ -23,20 +23,28 @@ Resource ../../resources/test_templates/vnf_orchestration_test_template *** Variables *** *** Keywords *** -Policy Check Firewall Stack +Policy Check FirewallCL Stack [Documentation] Executes the vFW policy closed loop test. - [Arguments] ${stack_name} ${policy_rate} + [Arguments] ${stacknamemap} ${policy_rate} Run Openstack Auth Request auth - ${stack_info}= Wait for Stack to Be Deployed auth ${stack_name} - ${stack_id}= Get From Dictionary ${stack_info} id + ${vsnk_stack_name}= Get From Dictionary ${stacknamemap} vFWSNK + ${vpkg_stack_name}= Get From Dictionary ${stacknamemap} vPKG + ${vsnk_stack_info}= Wait for Stack to Be Deployed auth ${vsnk_stack_name} + ${vpkg_stack_info}= Wait for Stack to Be Deployed auth ${vpkg_stack_name} ${server_list}= Get Openstack Servers auth Log ${server_list} - ${vpg_unprotected_ip}= Get From Dictionary ${stack_info} vpg_private_ip_0 - ${vsn_protected_ip}= Get From Dictionary ${stack_info} vsn_private_ip_0 - ${vpg_public_ip}= Get Server Ip ${server_list} ${stack_info} vpg_name_0 network_name=public - ${vsn_public_ip}= Get Server Ip ${server_list} ${stack_info} vsn_name_0 network_name=public + ${vpkg_id}= Get From Dictionary ${vpkg_stack_info} vnf_id + ${status} ${generic_vnf}= Run Keyword And Ignore Error Get Generic VNF By ID ${vpkg_id} + Run Keyword If '${status}' == 'FAIL' FAIL VNF ID: ${vpkg_id} is not found. + ${invariantUUID} Get From Dictionary ${generic_vnf} persona-model-id + Update vVFWCL Policy ${invariantUUID} + + ${vpg_unprotected_ip}= Get From Dictionary ${vpkg_stack_info} vpg_private_ip_0 + ${vsn_protected_ip}= Get From Dictionary ${vsnk_stack_info} vsn_private_ip_0 + ${vpg_public_ip}= Get Server Ip ${server_list} ${vpkg_stack_info} vpg_name_0 network_name=public + ${vsn_public_ip}= Get Server Ip ${server_list} ${vsnk_stack_info} vsn_name_0 network_name=public ${upper_bound}= Evaluate ${policy_rate}*2 - Wait Until Keyword Succeeds 300s 1s Run VFW Policy Check ${vpg_public_ip} ${policy_rate} ${upper_bound} 1 + Wait Until Keyword Succeeds 30m 2s Run VFW Policy Check ${vpg_public_ip} ${policy_rate} ${upper_bound} 1 Run VFW Policy Check [Documentation] Push traffic above upper bound, wait for policy to fix it, push traffic to lower bound, wait for policy to fix it, @@ -51,8 +59,8 @@ Check For Policy Enforcement [Documentation] Push traffic above upper bound, wait for policy to fix it, push traffic to lower bound, wait for policy to fix it, [Arguments] ${vpg_public_ip} ${policy_rate} ${forced_rate} Enable Streams ${vpg_public_ip} ${forced_rate} - Wait Until Keyword Succeeds 20s 5s Test For Expected Rate ${vpg_public_ip} ${forced_rate} - Wait Until Keyword Succeeds 280s 5s Test For Expected Rate ${vpg_public_ip} ${policy_rate} + Wait Until Keyword Succeeds 20s 2s Test For Expected Rate ${vpg_public_ip} ${forced_rate} + Wait Until Keyword Succeeds 10m 2s Test For Expected Rate ${vpg_public_ip} ${policy_rate} Test For Expected Rate [Documentation] Ge the number of pg-streams from the PGN, and test to see if it is what we expect. @@ -93,4 +101,4 @@ Start DNS Traffic [Documentation] Run nslookups at rate per second. Run for 10 minutes or until it is called by the terminate process [Arguments] ${vlb_public_ip} ${rate} ${pid}= Start Process ./dnstraffic.sh ${vlb_public_ip} ${rate} ${GLOBAL_DNS_TRAFFIC_DURATION} - [Return] ${pid} \ No newline at end of file + [Return] ${pid} diff --git a/robot/resources/test_templates/vnf_orchestration_test_template.robot b/robot/resources/test_templates/vnf_orchestration_test_template.robot index 38e3c5f9..a8085485 100644 --- a/robot/resources/test_templates/vnf_orchestration_test_template.robot +++ b/robot/resources/test_templates/vnf_orchestration_test_template.robot @@ -182,7 +182,7 @@ Delete VNF ${lcp_region}= Get Openstack Region Teardown VVG Server Teardown VLB Closed Loop Hack - Teardown VID ${SERVICE_INSTANCE_ID} ${lcp_region} ${TENANT_NAME} ${CUSTOMER_NAME} + Run Keyword and Ignore Error Teardown VID ${SERVICE_INSTANCE_ID} ${lcp_region} ${TENANT_NAME} ${CUSTOMER_NAME} Log VNF Deleted Teardown VNF diff --git a/robot/testsuites/closed-loop.robot b/robot/testsuites/closed-loop.robot index e36be894..8f580da8 100644 --- a/robot/testsuites/closed-loop.robot +++ b/robot/testsuites/closed-loop.robot @@ -12,4 +12,4 @@ VFW Closed Loop Test VFW Policy VDNS Closed Loop Test [TAGS] ete closedloop - VDNS Policy \ No newline at end of file + VDNS Policy -- cgit 1.2.3-korg