diff options
author | stark, steven <steven.stark@att.com> | 2019-11-12 17:18:22 -0800 |
---|---|---|
committer | stark, steven <steven.stark@att.com> | 2019-11-12 17:30:54 -0800 |
commit | 9c7ab065e6477c035ffc6addf384abcef2e9588a (patch) | |
tree | 4cd8acab9da9c9911ad2c15e1246de69b83d522a | |
parent | dd0d480978570b4222206bc04edd271c39b88b44 (diff) |
[VVP] updating ports.py to check str_replace params
allowed_address_pairs/ip_address can use CIDR format,
and is often done by using the intrinsic function str_replace.
This update will naively go through each param in a str_replace to
check if one is a valid allowed_address_pair/ip_address parameter.
Issue-ID: VVP-341
Signed-off-by: stark, steven <steven.stark@att.com>
Change-Id: I24e7ad6b74e5795b577d99468517287be46cd2b7
10 files changed, 317 insertions, 491 deletions
diff --git a/ice_validator/tests/fixtures/test_allowed_address_pairs_include_vm_type_network_role/fail/contrail/fail.yaml b/ice_validator/tests/fixtures/test_allowed_address_pairs_include_vm_type_network_role/fail/contrail/fail.yaml deleted file mode 100644 index 248f9ec..0000000 --- a/ice_validator/tests/fixtures/test_allowed_address_pairs_include_vm_type_network_role/fail/contrail/fail.yaml +++ /dev/null @@ -1,65 +0,0 @@ -heat_template_version: 2015-04-30 - -description: fdsafsfsa - -parameters: - - TESTDB_priv_floating_ips: - type: comma_delimited_list - description: asnfjl - - TESTDB_int_priav_floating_ip: - type: string - description: asnfjl - -resources: - - TESTDB_0_priv_vmi_0: - type: OS::ContrailV2::VirtualMachineInterface - properties: - virtual_machine_interface_properties: - virtual_machine_interface_properties_service_interface_type: { - "priv_interface_type" - } - virtual_network_refs: - - get_param: priv_net_fqdn - virtual_machine_interface_allowed_address_pairs: - { - virtual_machine_interface_allowed_address_pairs_allowed_address_pair: - [{ - virtual_machine_interface_allowed_address_pairs_allowed_address_pair_ip: - { - virtual_machine_interface_allowed_address_pairs_allowed_address_pair_ip_ip_prefix: { get_param: [TESTDB_priv_floating_ip, 0] }, - virtual_machine_interface_allowed_address_pairs_allowed_address_pair_ip_ip_prefix_len: "dsafasdF", - }, - virtual_machine_interface_allowed_address_pairs_allowed_address_pair_mac: "sdnfjkas", - virtual_machine_interface_allowed_address_pairs_allowed_address_pair_address_mode: "sadfnjasdfknj", - }], - } - - - TESTDB_0_int_private_vmi_0: - type: OS::ContrailV2::VirtualMachineInterface - properties: - virtual_machine_interface_properties: - virtual_machine_interface_properties_service_interface_type: { - "priv_interface_type" - } - virtual_network_refs: - - get_param: priv_net_fqdn - virtual_machine_interface_allowed_address_pairs: - { - virtual_machine_interface_allowed_address_pairs_allowed_address_pair: - [{ - virtual_machine_interface_allowed_address_pairs_allowed_address_pair_ip: - { - virtual_machine_interface_allowed_address_pairs_allowed_address_pair_ip_ip_prefix: { get_param: TESTDB_int_priav_floating_ip }, - virtual_machine_interface_allowed_address_pairs_allowed_address_pair_ip_ip_prefix_len: "dsafasdF", - }, - virtual_machine_interface_allowed_address_pairs_allowed_address_pair_mac: "sdnfjkas", - virtual_machine_interface_allowed_address_pairs_allowed_address_pair_address_mode: "sadfnjasdfknj", - }], - } - - #testnlksadf: - # type: http://www.google.com diff --git a/ice_validator/tests/fixtures/test_allowed_address_pairs_include_vm_type_network_role/fail/contrail/vmi_fail.yaml b/ice_validator/tests/fixtures/test_allowed_address_pairs_include_vm_type_network_role/fail/contrail/vmi_fail.yaml deleted file mode 100644 index 5113bd4..0000000 --- a/ice_validator/tests/fixtures/test_allowed_address_pairs_include_vm_type_network_role/fail/contrail/vmi_fail.yaml +++ /dev/null @@ -1,61 +0,0 @@ -# -*- coding: utf8 -*- -# ============LICENSE_START======================================================= -# org.onap.vvp/validation-scripts -# =================================================================== -# Copyright © 2019 AT&T Intellectual Property. All rights reserved. -# =================================================================== -# -# Unless otherwise specified, all software contained herein is licensed -# under the Apache License, Version 2.0 (the "License"); -# you may not use this software except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# -# -# Unless otherwise specified, all documentation contained herein is licensed -# under the Creative Commons License, Attribution 4.0 Intl. (the "License"); -# you may not use this documentation except in compliance with the License. -# You may obtain a copy of the License at -# -# https://creativecommons.org/licenses/by/4.0/ -# -# Unless required by applicable law or agreed to in writing, documentation -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# ============LICENSE_END============================================ -# -# - -heat_template_version: 2015-04-30 - -description: fdsafsfsa - -parameters: - - invalid_format: - type: string - -resources: - - fw_0_oam_vmi_0: - type: OS::ContrailV2::VirtualMachineInterface - properties: - virtual_machine_interface_allowed_address_pairs: - virtual_machine_interface_allowed_address_pairs_allowed_address_pair: - [{ - virtual_machine_interface_allowed_address_pairs_allowed_address_pair_ip: - { - virtual_machine_interface_allowed_address_pairs_allowed_address_pair_ip_ip_prefix: { get_param: invalid_format }, - }, - }] diff --git a/ice_validator/tests/fixtures/test_allowed_address_pairs_include_vm_type_network_role/fail/neutron/fail.yaml b/ice_validator/tests/fixtures/test_allowed_address_pairs_include_vm_type_network_role/fail/fail.yaml index 4a3093b..81f0c00 100644 --- a/ice_validator/tests/fixtures/test_allowed_address_pairs_include_vm_type_network_role/fail/neutron/fail.yaml +++ b/ice_validator/tests/fixtures/test_allowed_address_pairs_include_vm_type_network_role/fail/fail.yaml @@ -95,6 +95,22 @@ parameters: type: string description: lb_extanet_floating_ip + cidr: + type: string + description: naslfnsakl + + badparameter: + type: string + description: naslfnsakl + + TESTDB_int_priav_floating_ip: + type: string + description: asnfjl + + TESTDB_priav_floating_ip: + type: string + description: asnfjl + resources: lb_server_0: @@ -137,3 +153,63 @@ resources: network: { get_param: extnet_net_name } allowed_address_pairs: - ip_address: { get_param: lb_extanet_floating_ip } + + lb_0_extnet_port_0: + type: OS::Neutron::Port + properties: + network: { get_param: extnet_net_name } + allowed_address_pairs: + - ip_address: + str_replace: + template: $IPADDR$CIDR + params: + $IPADDR: { get_param: lb_extanet_floating_ip } + $CIDR: { get_param: cidr} + + TESTDB_0_int_private_vmi_0: + type: OS::ContrailV2::VirtualMachineInterface + properties: + virtual_machine_interface_properties: + virtual_machine_interface_properties_service_interface_type: { + "priv_interface_type" + } + virtual_network_refs: + - get_param: priv_net_fqdn + virtual_machine_interface_allowed_address_pairs: + { + virtual_machine_interface_allowed_address_pairs_allowed_address_pair: + [{ + virtual_machine_interface_allowed_address_pairs_allowed_address_pair_ip: + { + virtual_machine_interface_allowed_address_pairs_allowed_address_pair_ip_ip_prefix: { get_param: TESTDB_int_priav_floating_ip }, + virtual_machine_interface_allowed_address_pairs_allowed_address_pair_ip_ip_prefix_len: "dsafasdF", + }, + virtual_machine_interface_allowed_address_pairs_allowed_address_pair_mac: "sdnfjkas", + virtual_machine_interface_allowed_address_pairs_allowed_address_pair_address_mode: "sadfnjasdfknj", + }], + } + + + TESTDB_0_private_vmi_0: + type: OS::ContrailV2::VirtualMachineInterface + properties: + virtual_machine_interface_properties: + virtual_machine_interface_properties_service_interface_type: { + "priv_interface_type" + } + virtual_network_refs: + - get_param: priv_net_fqdn + virtual_machine_interface_allowed_address_pairs: + { + virtual_machine_interface_allowed_address_pairs_allowed_address_pair: + [{ + virtual_machine_interface_allowed_address_pairs_allowed_address_pair_ip: + { + virtual_machine_interface_allowed_address_pairs_allowed_address_pair_ip_ip_prefix: { get_param: TESTDB_priav_floating_ip }, + virtual_machine_interface_allowed_address_pairs_allowed_address_pair_ip_ip_prefix_len: "dsafasdF", + }, + virtual_machine_interface_allowed_address_pairs_allowed_address_pair_mac: "sdnfjkas", + virtual_machine_interface_allowed_address_pairs_allowed_address_pair_address_mode: "sadfnjasdfknj", + }], + } + diff --git a/ice_validator/tests/fixtures/test_allowed_address_pairs_include_vm_type_network_role/pass/contrail/pass.yaml b/ice_validator/tests/fixtures/test_allowed_address_pairs_include_vm_type_network_role/pass/contrail/pass.yaml deleted file mode 100644 index df4ca00..0000000 --- a/ice_validator/tests/fixtures/test_allowed_address_pairs_include_vm_type_network_role/pass/contrail/pass.yaml +++ /dev/null @@ -1,65 +0,0 @@ -heat_template_version: 2015-04-30 - -description: fdsafsfsa - -parameters: - - TESTDB_priv_floating_ip: - type: string - description: asnfjl - - TESTDB_int_private_floating_ips: - type: comma_delimited_list - description: asnfjl - -resources: - - TESTDB_0_priv_vmi_0: - type: OS::ContrailV2::VirtualMachineInterface - properties: - virtual_machine_interface_properties: - virtual_machine_interface_properties_service_interface_type: { - "priv_interface_type" - } - virtual_network_refs: - - get_param: priv_net_fqdn - virtual_machine_interface_allowed_address_pairs: - { - virtual_machine_interface_allowed_address_pairs_allowed_address_pair: - [{ - virtual_machine_interface_allowed_address_pairs_allowed_address_pair_ip: - { - virtual_machine_interface_allowed_address_pairs_allowed_address_pair_ip_ip_prefix: { get_param: TESTDB_priv_floating_ip }, - virtual_machine_interface_allowed_address_pairs_allowed_address_pair_ip_ip_prefix_len: "dsafasdF", - }, - virtual_machine_interface_allowed_address_pairs_allowed_address_pair_mac: "sdnfjkas", - virtual_machine_interface_allowed_address_pairs_allowed_address_pair_address_mode: "sadfnjasdfknj", - }], - } - - - TESTDB_0_int_private_vmi_0: - type: OS::ContrailV2::VirtualMachineInterface - properties: - virtual_machine_interface_properties: - virtual_machine_interface_properties_service_interface_type: { - "priv_interface_type" - } - virtual_network_refs: - - get_param: priv_net_fqdn - virtual_machine_interface_allowed_address_pairs: - { - virtual_machine_interface_allowed_address_pairs_allowed_address_pair: - [{ - virtual_machine_interface_allowed_address_pairs_allowed_address_pair_ip: - { - virtual_machine_interface_allowed_address_pairs_allowed_address_pair_ip_ip_prefix: { get_param: [TESTDB_int_private_floating_ips, 0] }, - virtual_machine_interface_allowed_address_pairs_allowed_address_pair_ip_ip_prefix_len: "dsafasdF", - }, - virtual_machine_interface_allowed_address_pairs_allowed_address_pair_mac: "sdnfjkas", - virtual_machine_interface_allowed_address_pairs_allowed_address_pair_address_mode: "sadfnjasdfknj", - }], - } - - #testnlksadf: - # type: http://www.google.com diff --git a/ice_validator/tests/fixtures/test_allowed_address_pairs_include_vm_type_network_role/pass/contrail/vmi_pass.yaml b/ice_validator/tests/fixtures/test_allowed_address_pairs_include_vm_type_network_role/pass/contrail/vmi_pass.yaml deleted file mode 100644 index 959c846..0000000 --- a/ice_validator/tests/fixtures/test_allowed_address_pairs_include_vm_type_network_role/pass/contrail/vmi_pass.yaml +++ /dev/null @@ -1,61 +0,0 @@ -# -*- coding: utf8 -*- -# ============LICENSE_START======================================================= -# org.onap.vvp/validation-scripts -# =================================================================== -# Copyright © 2019 AT&T Intellectual Property. All rights reserved. -# =================================================================== -# -# Unless otherwise specified, all software contained herein is licensed -# under the Apache License, Version 2.0 (the "License"); -# you may not use this software except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# -# -# Unless otherwise specified, all documentation contained herein is licensed -# under the Creative Commons License, Attribution 4.0 Intl. (the "License"); -# you may not use this documentation except in compliance with the License. -# You may obtain a copy of the License at -# -# https://creativecommons.org/licenses/by/4.0/ -# -# Unless required by applicable law or agreed to in writing, documentation -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# ============LICENSE_END============================================ -# -# - -heat_template_version: 2015-04-30 - -description: fdsafsfsa - -parameters: - - fw_oam_floating_ip: - type: string - -resources: - - fw_0_oam_vmi_0: - type: OS::ContrailV2::VirtualMachineInterface - properties: - virtual_machine_interface_allowed_address_pairs: - virtual_machine_interface_allowed_address_pairs_allowed_address_pair: - [{ - virtual_machine_interface_allowed_address_pairs_allowed_address_pair_ip: - { - virtual_machine_interface_allowed_address_pairs_allowed_address_pair_ip_ip_prefix: { get_param: fw_oam_floating_ip }, - }, - }] diff --git a/ice_validator/tests/fixtures/test_allowed_address_pairs_include_vm_type_network_role/pass/contrail/vmi_pass_exemption.yaml b/ice_validator/tests/fixtures/test_allowed_address_pairs_include_vm_type_network_role/pass/contrail/vmi_pass_exemption.yaml deleted file mode 100644 index 2d9ca4a..0000000 --- a/ice_validator/tests/fixtures/test_allowed_address_pairs_include_vm_type_network_role/pass/contrail/vmi_pass_exemption.yaml +++ /dev/null @@ -1,83 +0,0 @@ -# -*- coding: utf8 -*- -# ============LICENSE_START======================================================= -# org.onap.vvp/validation-scripts -# =================================================================== -# Copyright © 2019 AT&T Intellectual Property. All rights reserved. -# =================================================================== -# -# Unless otherwise specified, all software contained herein is licensed -# under the Apache License, Version 2.0 (the "License"); -# you may not use this software except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# -# -# Unless otherwise specified, all documentation contained herein is licensed -# under the Creative Commons License, Attribution 4.0 Intl. (the "License"); -# you may not use this documentation except in compliance with the License. -# You may obtain a copy of the License at -# -# https://creativecommons.org/licenses/by/4.0/ -# -# Unless required by applicable law or agreed to in writing, documentation -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# ============LICENSE_END============================================ -# -# - -heat_template_version: 2015-04-30 - -description: fdsafsfsa - -parameters: - - other_format: - type: string - - other_ips: - type: comma_delimited_list - -resources: - - fw_0_oam_vmi_0: - type: OS::ContrailV2::VirtualMachineInterface - metadata: - aap_exempt: - - other_format - properties: - virtual_machine_interface_allowed_address_pairs: - virtual_machine_interface_allowed_address_pairs_allowed_address_pair: - [{ - virtual_machine_interface_allowed_address_pairs_allowed_address_pair_ip: - { - virtual_machine_interface_allowed_address_pairs_allowed_address_pair_ip_ip_prefix: { get_param: other_format }, - }, - }] - - fw_0_oam_vmi_1: - type: OS::ContrailV2::VirtualMachineInterface - metadata: - aap_exempt: - - other_format - - other_ips - properties: - virtual_machine_interface_allowed_address_pairs: - virtual_machine_interface_allowed_address_pairs_allowed_address_pair: - [{ - virtual_machine_interface_allowed_address_pairs_allowed_address_pair_ip: - { - virtual_machine_interface_allowed_address_pairs_allowed_address_pair_ip_ip_prefix: { get_param: [other_ips, 1] }, - }, - }]
\ No newline at end of file diff --git a/ice_validator/tests/fixtures/test_allowed_address_pairs_include_vm_type_network_role/pass/neutron/valid_template.yaml b/ice_validator/tests/fixtures/test_allowed_address_pairs_include_vm_type_network_role/pass/pass.yaml index 58444b3..d7cbd54 100644 --- a/ice_validator/tests/fixtures/test_allowed_address_pairs_include_vm_type_network_role/pass/neutron/valid_template.yaml +++ b/ice_validator/tests/fixtures/test_allowed_address_pairs_include_vm_type_network_role/pass/pass.yaml @@ -87,37 +87,33 @@ parameters: type: string description: network id for the internal network intranet - db_int_intranet_ip_0: + db_int_intranet_floating_ip: type: string - description: db_int_intranet_ip_0 + description: db_int_intranet_floating_ip - db_int_intranet_v6_ip_0: + db_int_intranet_floating_v6_ip: type: string - description: db_int_intranet_v6_ip_0 + description: db_int_intranet_floating_v6_ip - db_int_intranet_ips: + db_int_intranet_floating_ips: type: comma_delimited_list - description: db_int_intranet_ips + description: db_int_intranet_floating_ips - db_int_intranet_v6_ips: + db_int_intranet_floating_v6_ips: type: comma_delimited_list - description: db_int_intranet_v6_ips + description: db_int_intranet_floating_v6_ips db_int_intranet_floating_ip: type: string description: db_int_intranet_floating_ip - db_int_intranet_floating_v6_ip: - type: string - description: db_int_intranet_floating_v6_ip - - lb_extnet_ip_0: + lb_extnet_floating_ip: type: string - description: lb_extnet_ip_0 + description: lb_extnet_floating_ip - lb_extnet_v6_ip_0: + lb_extnet_floating_v6_ip: type: string - description: lb_extnet_v6_ip_0 + description: lb_extnet_floating_v6_ip lb_extnet_ips: type: comma_delimited_list @@ -131,9 +127,9 @@ parameters: type: string description: lb_extnet_floating_ip - lb_extnet_floating_v6_ip: + cidr: type: string - description: lb_extnet_floating_v6_ip + description: nafskldnaklsdf resources: @@ -150,6 +146,7 @@ resources: - port: { get_resource: lb_3_extnet_0_port } - port: { get_resource: lb_4_extnet_0_port } - port: { get_resource: lb_5_extnet_0_port } + - port: { get_resource: lb_6_extnet_0_port } metadata: vnf_name: { get_param: vnf_name } vnf_id: { get_param: vnf_id } @@ -173,86 +170,104 @@ resources: vnf_id: { get_param: vnf_id } vf_module_id: { get_param: vf_module_id } - db_0_int_intranet_0_port: + db_0_int_intranet_port_0: type: OS::Neutron::Port properties: network: { get_param: int_intranet_net_id } allowed_address_pairs: - - ip_address: { get_param: db_int_intranet_ip_0 } + - ip_address: { get_param: db_int_intranet_floating_ip } - db_1_int_intranet_0_port: + db_0_int_intranet_port_1: type: OS::Neutron::Port properties: network: { get_param: int_intranet_net_id } allowed_address_pairs: - - ip_address: { get_param: db_int_intranet_v6_ip_0 } + - ip_address: { get_param: db_int_intranet_floating_v6_ip } - db_2_int_intranet_0_port: + db_0_int_intranet_port_2: type: OS::Neutron::Port properties: network: { get_param: int_intranet_net_id } allowed_address_pairs: - - ip_address: { get_param: [db_int_intranet_ips, 0] } + - ip_address: { get_param: [db_int_intranet_floating_ips, 0] } - db_3_int_intranet_0_port: + db_0_int_intranet_port_3: type: OS::Neutron::Port properties: network: { get_param: int_intranet_net_id } allowed_address_pairs: - - ip_address: { get_param: [db_int_intranet_v6_ips, 0] } + - ip_address: { get_param: [db_int_intranet_floating_v6_ips, 0] } - db_4_int_intranet_0_port: + db_0_int_intranet_port_4: type: OS::Neutron::Port properties: network: { get_param: int_intranet_net_id } allowed_address_pairs: - ip_address: { get_param: db_int_intranet_floating_ip } - db_5_int_intranet_0_port: + db_0_int_intranet_port_5: type: OS::Neutron::Port properties: network: { get_param: int_intranet_net_id } allowed_address_pairs: - ip_address: { get_param: db_int_intranet_floating_v6_ip } - lb_0_extnet_0_port: + lb_0_extnet_port_0: type: OS::Neutron::Port properties: network: { get_param: extnet_net_name } allowed_address_pairs: - - ip_address: { get_param: lb_extnet_ip_0 } - - lb_1_extnet_0_port: - type: OS::Neutron::Port - properties: - network: { get_param: extnet_net_id } - allowed_address_pairs: - - ip_address: { get_param: lb_extnet_v6_ip_0 } + - ip_address: { get_param: lb_extnet_floating_ip } - lb_2_extnet_0_port: - type: OS::Neutron::Port - properties: - network: { get_param: extnet_net_name } - allowed_address_pairs: - - ip_address: { get_param: [lb_extnet_ips, 0] } + lb_0_extnet_port_1: + type: OS::Neutron::Port + properties: + network: { get_param: extnet_net_id } + allowed_address_pairs: + - ip_address: { get_param: lb_extnet_floating_v6_ip } - lb_3_extnet_0_port: - type: OS::Neutron::Port - properties: - network: { get_param: extnet_net_id } - allowed_address_pairs: - - ip_address: { get_param: [lb_extnet_v6_ips, 0] } + lb_0_extnet_port_2: + type: OS::Neutron::Port + properties: + network: { get_param: extnet_net_name } + allowed_address_pairs: + - ip_address: { get_param: [lb_extnet_ips, 0] } + metadata: + aap_exempt: + - lb_extnet_ips + + lb_0_extnet_port_3: + type: OS::Neutron::Port + properties: + network: { get_param: extnet_net_id } + allowed_address_pairs: + - ip_address: { get_param: [lb_extnet_v6_ips, 0] } + metadata: + aap_exempt: + - lb_extnet_v6_ips + + lb_0_extnet_port_4: + type: OS::Neutron::Port + properties: + network: { get_param: extnet_net_name } + allowed_address_pairs: + - ip_address: { get_param: lb_extnet_floating_ip } - lb_4_extnet_0_port: - type: OS::Neutron::Port - properties: - network: { get_param: extnet_net_name } - allowed_address_pairs: - - ip_address: { get_param: lb_extnet_floating_ip } + lb_0_extnet_port_5: + type: OS::Neutron::Port + properties: + network: { get_param: extnet_net_id } + allowed_address_pairs: + - ip_address: { get_param: lb_extnet_floating_v6_ip } - lb_5_extnet_0_port: - type: OS::Neutron::Port - properties: - network: { get_param: extnet_net_id } - allowed_address_pairs: - - ip_address: { get_param: lb_extnet_floating_v6_ip } + lb_0_extnet_port_6: + type: OS::Neutron::Port + properties: + network: { get_param: extnet_net_id } + allowed_address_pairs: + ip_address: + str_replace: + template: $IPADDR$CIDR + params: + $CIDR: { get_param: cidr } + $IPADDR: { get_param: lb_extnet_floating_v6_ip } diff --git a/ice_validator/tests/fixtures/test_contrail_instance_ip_parameters/fail/fail_base.yaml b/ice_validator/tests/fixtures/test_contrail_instance_ip_parameters/fail/fail_base.yaml index 7043cda..93924f2 100644 --- a/ice_validator/tests/fixtures/test_contrail_instance_ip_parameters/fail/fail_base.yaml +++ b/ice_validator/tests/fixtures/test_contrail_instance_ip_parameters/fail/fail_base.yaml @@ -41,6 +41,10 @@ description: fdsafsfsa parameters: + TESTDB_praivate_ips: + type: comma_delimited_list + description: asnfjl + TESTDB_int_priav_ips: type: comma_delimited_list description: asnfjl @@ -75,5 +79,13 @@ resources: instance_ip_address: { get_param: [TESTDB_private_ips, 1] } subnet_uuid: { get_param: privte_v6_subnet_id } + TESTDB_0_private_vmi_2_IP_0: + type: OS::ContrailV2::InstanceIp + properties: + virtual_machine_interface_refs: { get_resource: TESTDB_1_priv_vmi_0 } + virtual_network_refs: [{ get_param: priv_net_fqdn }] + instance_ip_address: { get_param: [TESTDB_praivate_ips, 1] } + subnet_uuid: { get_param: privte_v6_subnet_id } + #testnlksadf: # type: http://www.google.com diff --git a/ice_validator/tests/fixtures/test_contrail_instance_ip_parameters/fail/fail_module.yaml b/ice_validator/tests/fixtures/test_contrail_instance_ip_parameters/fail/fail_module.yaml index 66dd13d..def7b3d 100644 --- a/ice_validator/tests/fixtures/test_contrail_instance_ip_parameters/fail/fail_module.yaml +++ b/ice_validator/tests/fixtures/test_contrail_instance_ip_parameters/fail/fail_module.yaml @@ -49,6 +49,10 @@ parameters: type: string description: asnfjl + TESTDB_praivate_ips: + type: string + description: asnfjl + priv_subnet_id: type: string description: asnfjl @@ -75,8 +79,16 @@ resources: instance_ip_address: { get_param: [TESTDB_private_ips, 1] } subnet_uuid: { get_param: privte_v6_subnet_id } + TESTDB_0_private_vmi_1_IP_1: + type: OS::ContrailV2::InstanceIp + properties: + virtual_machine_interface_refs: { get_resource: TESTDB_1_priv_vmi_0 } + virtual_network_refs: [{ get_param: priv_net_fqdn }] + instance_ip_address: { get_param: [TESTDB_praivate_ips, 1] } + subnet_uuid: { get_param: privte_v6_subnet_id } + other_0_int_priv_vmi_0_IP_0: type: OS::ContrailV2::InstanceIp properties: instance_ip_address: { get_param: [other_int_priv_ips, 0] } - subnet_uuid: { get_param: int_priv_subnet_id }
\ No newline at end of file + subnet_uuid: { get_param: int_priv_subnet_id } diff --git a/ice_validator/tests/utils/ports.py b/ice_validator/tests/utils/ports.py index d65202c..1f5f658 100644 --- a/ice_validator/tests/utils/ports.py +++ b/ice_validator/tests/utils/ports.py @@ -78,7 +78,6 @@ def check_parameter_format( heat = Heat(filepath=yaml_file) resource_type = resource_processor.resource_type resources = heat.get_resource_by_type(resource_type) - heat_parameters = heat.parameters for rid, resource in resources.items(): resource_intext, port_match = resource_processor.get_rid_match_tuple(rid) if not port_match: @@ -88,7 +87,6 @@ def check_parameter_format( resource_intext != intext ): # skipping if type (internal/external) doesn't match continue - for param in prop_iterator(resource, *properties): if ( param @@ -96,108 +94,156 @@ def check_parameter_format( and "get_resource" not in param and "get_attr" not in param ): - # checking parameter uses get_param - parameter = param.get("get_param") - if not parameter: - msg = ( - "Unexpected parameter format for {} {} property {}: {}. " - "Please consult the heat guidelines documentation for details." - ).format(resource_type, rid, properties, param) - invalid_parameters.append(msg) # should this be a failure? - continue - - # getting parameter if the get_param uses list, and getting official - # HEAT parameter type - parameter_type = parameter_type_to_heat_type(parameter) - if parameter_type == "comma_delimited_list": - parameter = parameter[0] - elif parameter_type != "string": - continue - - # checking parameter format = parameter type defined in parameters - # section - heat_parameter_type = nested_dict.get( - heat_parameters, parameter, "type" - ) - if not heat_parameter_type or heat_parameter_type != parameter_type: - msg = ( - "{} {} parameter {} defined as type {} " - + "is being used as type {} in the heat template" - ).format( - resource_type, - properties, - parameter, - heat_parameter_type, - parameter_type, + template_parameters = [] + if "str_replace" in param: + # print(param) + template_parameters.extend( + v + for k, v in nested_dict.get( + param, "str_replace", "params", default={} + ).items() ) - invalid_parameters.append(msg) # should this actually be an error? - continue - - if exemptions_allowed and parameter in get_aap_exemptions(resource): - continue - - # if parameter type is not in regx dict, then it is not supported - # by automation - regx_dict = regx[resource_intext].get(parameter_type) - if not regx_dict: - msg = ( - "{} {} {} parameter {} defined as type {} " - "which is required by platform data model for proper " - "assignment and inventory." - ).format(resource_type, rid, properties, parameter, parameter_type) - if exemptions_allowed: - msg = "WARNING: {} {}".format(msg, AAP_EXEMPT_CAVEAT) - invalid_parameters.append(msg) - continue - - # checking if param adheres to guidelines format - regexp = regx[resource_intext][parameter_type]["machine"] - readable_format = regx[resource_intext][parameter_type]["readable"] - match = regexp.match(parameter) - if not match: - msg = ( - "{} {} property {} parameter {} does not follow {} " - "format {} which is required by platform data model for proper " - "assignment and inventory." - ).format( + else: + template_parameters.append(param) + + invalid_template_parameters = [] + for template_parameter in template_parameters: + # Looping through each parameter to check + # the only case where there can be more than 1 is + # if using str_replace + msg = validate_port_parameter( resource_type, rid, properties, - parameter, + template_parameter, resource_intext, - readable_format, + resource, + regx, + port_match, + exemptions_allowed, ) - if exemptions_allowed: - msg = "WARNING: {} {}".format(msg, AAP_EXEMPT_CAVEAT) - invalid_parameters.append(msg) - continue - - # checking that parameter includes correct vm_type/network_role - parameter_checks = regx.get("parameter_to_resource_comparisons", []) - for check in parameter_checks: - resource_match = port_match.group(check) - if ( - resource_match - and not parameter.startswith(resource_match) - and parameter.find("_{}_".format(resource_match)) == -1 - ): - msg = ( - "{0} {1} property {2} parameter " - "{3} {4} does match resource {4} {5}" - ).format( - resource_type, - rid, - properties, - parameter, - check, - resource_match, - ) - invalid_parameters.append(msg) - continue + + if not msg: + # if we found a valid parameter then + # reset invalide_template_parameters + # and break out of loop + invalid_template_parameters = [] + break + else: + # haven't found a valid parameter yet + invalid_template_parameters.append(msg) + + invalid_parameters.extend(x for x in invalid_template_parameters) assert not invalid_parameters, "%s" % "\n".join(invalid_parameters) +def validate_port_parameter( + resource_type, + rid, + properties, + param, + resource_intext, + resource, + regx, + port_match, + exemptions_allowed, +): + """ + Performs 4 validations + + 1) param actually uses get_param + 2) parameter_type + network_type (internal/external) is a valid combination + 3) parameter format matches expected format from input dictionary + 4) the vm_type or network role from resource matches parameter + + If the parameter is present in the resource metadata + and exemptions are allowed, then the validation will be skipped. + """ + parameter = param.get("get_param") + if not parameter: + return ( + "Unexpected parameter format for {} {} property {}: {}. " + "Please consult the heat guidelines documentation for details." + ).format(resource_type, rid, properties, param) + + # getting parameter if the get_param uses list, and getting official + # HEAT parameter type + parameter_type = parameter_type_to_heat_type(parameter) + if parameter_type == "comma_delimited_list": + parameter = parameter[0] + elif parameter_type != "string": + return None + + if exemptions_allowed and parameter in get_aap_exemptions(resource): + return None + + # if parameter type is not in regx dict, then it is not supported + # by automation + regx_dict = regx[resource_intext].get(parameter_type) + if not regx_dict: + msg = ( + "{} {} {} parameter {} defined as type {} " + "which is required by platform data model for proper " + "assignment and inventory." + ).format(resource_type, rid, properties, parameter, parameter_type) + if exemptions_allowed: + msg = "WARNING: {} {}".format(msg, AAP_EXEMPT_CAVEAT) + return msg + + msg = validate_parameter_format( + regx, parameter_type, resource_intext, parameter, rid, exemptions_allowed + ) + if msg: + return msg + + # checking that parameter includes correct vm_type/network_role + parameter_checks = regx.get("parameter_to_resource_comparisons", []) + for check in parameter_checks: + msg = mismatch_resource_and_parameter_attribute( + check, port_match, parameter, rid + ) + if msg: + return msg + + return None + + +def validate_parameter_format( + regx, parameter_type, resource_intext, parameter, rid, exemptions_allowed +): + """Checks if a parameter format matches the expected format + from input format dictionary""" + msg = None + regexp = regx[resource_intext][parameter_type]["machine"] + readable_format = regx[resource_intext][parameter_type]["readable"] + match = regexp.match(parameter) + if not match: + msg = ( + "{} property parameter {} does not follow {} " + "format {} which is required by platform data model for proper " + "assignment and inventory." + ).format(rid, parameter, resource_intext, readable_format) + if exemptions_allowed: + msg = "WARNING: {} {}".format(msg, AAP_EXEMPT_CAVEAT) + + return msg + + +def mismatch_resource_and_parameter_attribute(check, resource_re_match, parameter, rid): + """Compares vm_type or network_role from resource + is the same as found in parameter""" + resource_match = resource_re_match.group(check) + if ( + resource_match + and not parameter.startswith(resource_match) + and parameter.find("_{}_".format(resource_match)) == -1 + ): + return ("{0} {1} does not match parameter {2} {1}").format( + rid, check, parameter + ) + + def get_list_of_ports_attached_to_nova_server(nova_server): networks_list = nova_server.get("properties", {}).get("networks") |