[cloudstack] branch master updated: network: Offerings do not have to have Security Grouping enabled (#3112)

Mon, 28 Jan 2019 09:38:41 -0800 

This is an automated email from the ASF dual-hosted git repository.

gabriel pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cloudstack.git


The following commit(s) were added to refs/heads/master by this push:
     new 9c4292c  network: Offerings do not have to have Security Grouping 
enabled (#3112)
9c4292c is described below

commit 9c4292cc45587001ed1c673a18b9b2326819ca0e
Author: Wido den Hollander <[email protected]>
AuthorDate: Mon Jan 28 18:38:08 2019 +0100

    network: Offerings do not have to have Security Grouping enabled (#3112)
    
    Offerings can co-exist where on does provide Security Grouping in the
    network, but other guest Networks have no Security Grouping.
    
    In V(X)LAN isolation environments the L2 separation is handled by V(X)LAN
    and protection between Instances is handled by Security Grouping.
    
    There are multiple scenarios possible where one network has Security 
Grouping
    enabled because that is required in that network.
    
    In the other network, but in the same zone it could be a choice to have
    Security Grouping disabled and allow all traffic to flow.
    
    Signed-off-by: Wido den Hollander <[email protected]>
---
 .../engine/orchestration/NetworkOrchestrator.java  |  3 -
 .../com/cloud/network/guru/DirectNetworkGuru.java  | 27 +++---
 .../cloud/network/guru/DirectNetworkGuruTest.java  | 95 ++++++++++++++++++++--
 3 files changed, 99 insertions(+), 26 deletions(-)

diff --git 
a/engine/orchestration/src/main/java/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java
 
b/engine/orchestration/src/main/java/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java
index 1629493..5c0e50b 100644
--- 
a/engine/orchestration/src/main/java/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java
+++ 
b/engine/orchestration/src/main/java/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java
@@ -2246,9 +2246,6 @@ public class NetworkOrchestrator extends ManagerBase 
implements NetworkOrchestra
                 if 
(_networkModel.areServicesSupportedByNetworkOffering(ntwkOff.getId(), 
Service.SourceNat)) {
                     throw new InvalidParameterValueException("Service 
SourceNat is not allowed in security group enabled zone");
                 }
-                if 
(!_networkModel.areServicesSupportedByNetworkOffering(ntwkOff.getId(), 
Service.SecurityGroup)) {
-                    throw new InvalidParameterValueException("network must 
have SecurityGroup provider in security group enabled zone");
-                }
             }
 
             //don't allow eip/elb networks in Advance zone
diff --git a/server/src/main/java/com/cloud/network/guru/DirectNetworkGuru.java 
b/server/src/main/java/com/cloud/network/guru/DirectNetworkGuru.java
index f6279bf..8bb5c9a 100644
--- a/server/src/main/java/com/cloud/network/guru/DirectNetworkGuru.java
+++ b/server/src/main/java/com/cloud/network/guru/DirectNetworkGuru.java
@@ -122,10 +122,11 @@ public class DirectNetworkGuru extends AdapterBase 
implements NetworkGuru {
      * Return true if the physical network isolation method contains the 
expected isolation method for this guru
      */
     protected boolean isMyIsolationMethod(PhysicalNetwork physicalNetwork) {
-        for (IsolationMethod m : _isolationMethods) {
+        for (IsolationMethod m : this.getIsolationMethods()) {
             List<String> isolationMethods = 
physicalNetwork.getIsolationMethods();
             if (CollectionUtils.isNotEmpty(isolationMethods)) {
                 for (String method : isolationMethods) {
+                    s_logger.debug(method + ": " + m.toString());
                     if (method.equalsIgnoreCase(m.toString())) {
                         return true;
                     }
@@ -140,20 +141,11 @@ public class DirectNetworkGuru extends AdapterBase 
implements NetworkGuru {
         return TrafficTypes;
     }
 
-    /**
-     * True for Advanced zones, with VXLAN isolation method and Security 
Groups enabled
-     */
-    private boolean isMyIsolationMethodVxlanWithSecurityGroups(NetworkOffering 
offering, DataCenter dc, PhysicalNetwork physnet) {
-        return dc.getNetworkType().equals(NetworkType.Advanced) &&
-                
_networkModel.areServicesSupportedByNetworkOffering(offering.getId(), 
Service.SecurityGroup) &&
-                physnet.getIsolationMethods().contains("VXLAN");
-    }
-
     protected boolean canHandle(NetworkOffering offering, DataCenter dc, 
PhysicalNetwork physnet) {
-        // this guru handles only Guest networks in Advance zone with source 
nat service disabled
-        boolean vxlanWithSecurityGroups = 
isMyIsolationMethodVxlanWithSecurityGroups(offering, dc, physnet);
-        if (dc.getNetworkType() == NetworkType.Advanced && 
isMyTrafficType(offering.getTrafficType()) &&
-                (isMyIsolationMethod(physnet) || vxlanWithSecurityGroups) && 
offering.getGuestType() == GuestType.Shared
+        if (dc.getNetworkType() == NetworkType.Advanced
+                && isMyTrafficType(offering.getTrafficType())
+                && isMyIsolationMethod(physnet)
+                && offering.getGuestType() == GuestType.Shared
                 && 
!_ntwkOfferingSrvcDao.isProviderForNetworkOffering(offering.getId(), 
Network.Provider.NuageVsp)
                 && 
!_ntwkOfferingSrvcDao.isProviderForNetworkOffering(offering.getId(), 
Network.Provider.NiciraNvp)) {
             return true;
@@ -169,6 +161,7 @@ public class DirectNetworkGuru extends AdapterBase 
implements NetworkGuru {
         PhysicalNetworkVO physnet = 
_physicalNetworkDao.findById(plan.getPhysicalNetworkId());
 
         if (!canHandle(offering, dc, physnet)) {
+            s_logger.info("Refusing to design this network");
             return null;
         }
 
@@ -222,7 +215,11 @@ public class DirectNetworkGuru extends AdapterBase 
implements NetworkGuru {
 
     protected DirectNetworkGuru() {
         super();
-        _isolationMethods = new IsolationMethod[] { new 
IsolationMethod("VLAN") };
+        _isolationMethods = new IsolationMethod[] { new 
IsolationMethod("VLAN"), new IsolationMethod("VXLAN") };
+    }
+
+    public IsolationMethod[] getIsolationMethods() {
+        return _isolationMethods;
     }
 
     @Override
diff --git 
a/server/src/test/java/com/cloud/network/guru/DirectNetworkGuruTest.java 
b/server/src/test/java/com/cloud/network/guru/DirectNetworkGuruTest.java
index 98d43f3..72bec50 100644
--- a/server/src/test/java/com/cloud/network/guru/DirectNetworkGuruTest.java
+++ b/server/src/test/java/com/cloud/network/guru/DirectNetworkGuruTest.java
@@ -16,7 +16,20 @@
 // under the License.
 package com.cloud.network.guru;
 
-import com.cloud.network.PhysicalNetwork;
+import com.cloud.dc.DataCenter.NetworkType;
+import com.cloud.dc.DataCenterVO;
+import com.cloud.dc.dao.DataCenterDao;
+import com.cloud.deploy.DeploymentPlan;
+import com.cloud.network.Network;
+import com.cloud.network.NetworkModel;
+import com.cloud.network.Networks.TrafficType;
+import com.cloud.network.Network.GuestType;
+import com.cloud.network.PhysicalNetwork.IsolationMethod;
+import com.cloud.network.dao.PhysicalNetworkDao;
+import com.cloud.network.dao.PhysicalNetworkVO;
+import com.cloud.offering.NetworkOffering;
+import com.cloud.offerings.dao.NetworkOfferingServiceMapDao;
+import com.cloud.user.Account;
 import org.junit.Before;
 import org.junit.Test;
 import org.mockito.Mock;
@@ -24,30 +37,96 @@ import org.mockito.MockitoAnnotations;
 
 import java.util.Arrays;
 
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.Mockito.when;
 
 public class DirectNetworkGuruTest {
 
-    DirectNetworkGuru guru = new DirectNetworkGuru();
+    protected DirectNetworkGuru guru = new DirectNetworkGuru();
 
     @Mock
-    PhysicalNetwork physicalNetwork;
+    PhysicalNetworkVO physicalNetwork;
+
+    @Mock
+    DataCenterVO dc;
+
+    @Mock
+    NetworkOffering offering;
+
+    @Mock
+    NetworkOfferingServiceMapDao ntwkOfferingSrvcDao;
+
+    @Mock
+    DataCenterDao dcDao;
+
+    @Mock
+    PhysicalNetworkDao physicalNetworkDao;
+
+    @Mock
+    Network network;
+
+    @Mock
+    NetworkModel networkModel;
+
+    @Mock
+    DeploymentPlan plan;
+
+    @Mock
+    Account owner;
 
     @Before
-    public void setup() throws Exception {
+    public void setup() {
         MockitoAnnotations.initMocks(this);
+        guru._ntwkOfferingSrvcDao = ntwkOfferingSrvcDao;
+        guru._dcDao = dcDao;
+        guru._physicalNetworkDao = physicalNetworkDao;
+        guru._networkModel = networkModel;
+
+        when(physicalNetwork.getId()).thenReturn(1l);
         
when(physicalNetwork.getIsolationMethods()).thenReturn(Arrays.asList("VXLAN", 
"VLAN"));
+
+        when(dc.getNetworkType()).thenReturn(NetworkType.Advanced);
+        when(dc.getId()).thenReturn(1l);
+        when(offering.getGuestType()).thenReturn(GuestType.Shared);
+        when(offering.getTrafficType()).thenReturn(TrafficType.Guest);
+        when(offering.getId()).thenReturn(42l);
+        
when(ntwkOfferingSrvcDao.isProviderForNetworkOffering(offering.getId(), 
Network.Provider.NuageVsp)).thenReturn(false);
+        
when(ntwkOfferingSrvcDao.isProviderForNetworkOffering(offering.getId(), 
Network.Provider.NiciraNvp)).thenReturn(false);
     }
 
     @Test
-    public void testIsMyIsolationMethodUppercaseMethods() {
+    public void testIsMyIsolationMethod() {
         assertTrue(guru.isMyIsolationMethod(physicalNetwork));
     }
 
     @Test
-    public void testIsMyIsolationMethodLowercaseMethods() {
-        
when(physicalNetwork.getIsolationMethods()).thenReturn(Arrays.asList("vxlan", 
"vlan"));
-        assertTrue(guru.isMyIsolationMethod(physicalNetwork));
+    public void testIsolationMethods() {
+        IsolationMethod[] expected = new IsolationMethod[] { new 
IsolationMethod("VLAN"), new IsolationMethod("VXLAN") };
+        assertEquals(expected, guru.getIsolationMethods());
+    }
+
+    @Test
+    public void testTrafficTypes() {
+        assertTrue(guru.isMyTrafficType(TrafficType.Guest));
+    }
+
+    @Test
+    public void testCanHandle() {
+        assertTrue(guru.canHandle(offering, dc, physicalNetwork));
+    }
+
+    @Test
+    public void testCanDesign() {
+        when(dcDao.findById(dc.getId())).thenReturn(dc);
+        when(plan.getDataCenterId()).thenReturn(1l);
+        when(plan.getPhysicalNetworkId()).thenReturn(1l);
+        
when(physicalNetworkDao.findById(physicalNetwork.getId())).thenReturn(physicalNetwork);
+        when(offering.isRedundantRouter()).thenReturn(false);
+
+        
when(networkModel.areServicesSupportedByNetworkOffering(offering.getId(), 
Network.Service.SecurityGroup)).thenReturn(true);
+
+        assertNotNull(guru.design(offering, plan, network, owner));
     }
 }

Reply via email to