[
https://issues.apache.org/jira/browse/CLOUDSTACK-9403?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15414786#comment-15414786
]
ASF GitHub Bot commented on CLOUDSTACK-9403:
--------------------------------------------
GitHub user nlivens reopened a pull request:
https://github.com/apache/cloudstack/pull/1579
CLOUDSTACK-9403 : Support for shared networks in Nuage VSP plugin
This is first phase of support of Shared Network in cloudstack through
NuageVsp Network Plugin. A shared network is a type of virtual network that is
shared between multiple accounts i.e. a shared network can be accessed by
virtual machines that belong to many different accounts. This basic
functionality will be supported with the below common use case:
- shared network can be used for monitoring purposes. A shared network can
be assigned to a domain and can be used for monitoring VMs belonging to all
accounts in that domain.
With the current implementation with NuageVsp plugin, Each shared network
needs its unique IP address range, and can not overlap with another shared
network.
In VSD, it is implemented in below manner:
- In order to have tenant isolation for shared networks, we will have to
create a Shared L3 Subnet for each shared network, and instantiate it across
the relevant enterprises. A shared network will only exist under an enterprise
when it is needed, so when the first VM is spinned under that ACS domain inside
that shared network.
PR contents:
1) Support for shared networks with tenant isolation on master with Nuage
VSP SDN Plugin.
2) Marvin test coverage for shared networks on master with Nuage VSP SDN
Plugin.
3) Enhancements on our exiting Marvin test code (nuagevsp plugins
directory).
4) PEP8 & PyFlakes compliance with our Marvin test code.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/nlivens/cloudstack nuage_vsp_shared_networks
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/cloudstack/pull/1579.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #1579
----
commit f316851375678b048e95d082a9df7035c7de0fa9
Author: Eric Waegeman <[email protected]>
Date: 2016-05-26T09:37:52Z
CLOUDSTACK-9401 : Support for Internal DNS in Nuage VSP plugin
commit b10af67fef96607f7bf4defc8ccdb5e679f9fdc2
Author: Rahul Singal <[email protected]>
Date: 2016-07-01T13:22:50Z
CLOUDSTACK-9401 : Marvin tests for Internal DNS verification with NuageVsp
commit b6b9589a6b452a1aec7185d26662f24554adf938
Author: Nick Livens <[email protected]>
Date: 2016-04-28T14:24:50Z
CLOUDSTACK-9403 : Support for shared networks in Nuage VSP plugin
commit 09ee14e3917c69dfcbd5cf182ba44e77f2a31007
Author: rahul singal <[email protected]>
Date: 2016-06-01T15:31:24Z
CLOUDSTACK-9403 : Marvin tests for shared networks verification with
NuageVsp
commit 9b4af844ff2d2ce008b7b8ec315754c2d9712964
Author: Nick Livens <[email protected]>
Date: 2016-07-01T14:14:55Z
CLOUDSTACK-9403 : Support for shared networks in Nuage VSP plugin
commit 381b1ea79abe5712a346bf917326344abfa7a571
Author: Rahul Singal <[email protected]>
Date: 2016-07-01T14:20:58Z
CLOUDSTACK-9403 : Marvin tests for shared networks verification with
NuageVsp
Phase 2: Public Access
----
> Nuage VSP Plugin : Support for SharedNetwork fuctionality including Marvin
> test coverage
> ----------------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-9403
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9403
> Project: CloudStack
> Issue Type: Task
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Automation, Network Controller
> Reporter: Rahul Singal
> Assignee: Nick Livens
>
> This is first phase of support of Shared Network in cloudstack through
> NuageVsp Network Plugin. A shared network is a type of virtual network that
> is shared between multiple accounts i.e. a shared network can be accessed by
> virtual machines that belong to many different accounts. This basic
> functionality will be supported with the below common use case:
> - shared network can be used for monitoring purposes. A shared network can be
> assigned to a domain and can be used for monitoring VMs belonging to all
> accounts in that domain.
> - Public accessible of shared Network.
> With the current implementation with NuageVsp plugin, It support over-lapping
> of Ip address, Public Access and also adding Ip ranges in shared Network.
> In VSD, it is implemented in below manner:
> - In order to have tenant isolation for shared networks, we will have to
> create a Shared L3 Subnet for each shared network, and instantiate it across
> the relevant enterprises. A shared network will only exist under an
> enterprise when it is needed, so when the first VM is spinned under that ACS
> domain inside that shared network.
> - For public shared Network it will also create a floating ip subnet pool in
> VSD along with all the things mentioned in above point.
> PR contents:
> 1) Support for shared networks with tenant isolation on master with Nuage VSP
> SDN Plugin.
> 2) Support of shared network with publicly accessible ip ranges.
> 2) Marvin test coverage for shared networks on master with Nuage VSP SDN
> Plugin.
> 3) Enhancements on our exiting Marvin test code (nuagevsp plugins directory).
> 4) PEP8 & PyFlakes compliance with our Marvin test code.
> Test Results are:-
> Valiate that ROOT admin is NOT able to deploy a VM for a user in ROOT domain
> in a shared network with ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_account_ROOTuser | Status :
> SUCCESS ===
> ok
> Valiate that ROOT admin is NOT able to deploy a VM for a admin user in a
> shared network with ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_account_differentdomain |
> Status : SUCCESS ===
> ok
> Valiate that ROOT admin is NOT able to deploy a VM for admin user in the same
> domain but in a ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_account_domainadminuser |
> Status : SUCCESS ===
> ok
> Valiate that ROOT admin is NOT able to deploy a VM for user in the same
> domain but in a different ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_account_domainuser | Status :
> SUCCESS ===
> ok
> Valiate that ROOT admin is able to deploy a VM for regular user in a shared
> network with scope=account ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_account_user | Status : SUCCESS
> ===
> ok
> Valiate that ROOT admin is able to deploy a VM for user in ROOT domain in a
> shared network with scope=all ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_all_ROOTuser | Status : SUCCESS
> ===
> ok
> Valiate that ROOT admin is able to deploy a VM for a domain admin users in a
> shared network with scope=all ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_all_domainadminuser | Status :
> SUCCESS ===
> ok
> Valiate that ROOT admin is able to deploy a VM for other users in a shared
> network with scope=all ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_all_domainuser | Status :
> SUCCESS ===
> ok
> Valiate that ROOT admin is able to deploy a VM for admin user in a domain in
> a shared network with scope=all ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_all_subdomainadminuser | Status
> : SUCCESS ===
> ok
> Valiate that ROOT admin is able to deploy a VM for any user in a subdomain in
> a shared network with scope=all ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_all_subdomainuser | Status :
> SUCCESS ===
> ok
> Valiate that ROOT admin is NOT able to deploy a VM for parent domain admin
> user in a shared network with scope=domain with no subdomain access ... ===
> TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_domain_nosubdomainaccess_ROOTuser
> | Status : SUCCESS ===
> ok
> Valiate that ROOT admin is able to deploy a VM for domain admin user in a
> shared network with scope=domain with no subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_domain_nosubdomainaccess_domainadminuser
> | Status : SUCCESS ===
> ok
> Valiate that ROOT admin is able to deploy a VM for domain user in a shared
> network with scope=domain with no subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_domain_nosubdomainaccess_domainuser
> | Status : SUCCESS ===
> ok
> Valiate that ROOT admin is NOT able to deploy a VM for parent domain admin
> user in a shared network with scope=domain with no subdomain access ... ===
> TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_domain_nosubdomainaccess_parentdomainadminuser
> | Status : SUCCESS ===
> ok
> Valiate that ROOT admin is NOT able to deploy a VM for parent domain user in
> a shared network with scope=domain with no subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_domain_nosubdomainaccess_parentdomainuser
> | Status : SUCCESS ===
> ok
> Valiate that ROOT admin is NOT able to deploy a VM for sub domain admin user
> in a shared network with scope=domain with no subdomain access ... ===
> TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_domain_nosubdomainaccess_subdomainadminuser
> | Status : SUCCESS ===
> ok
> Valiate that ROOT admin is NOT able to deploy a VM for sub domain user in a
> shared network with scope=domain with no subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_domain_nosubdomainaccess_subdomainuser
> | Status : SUCCESS ===
> ok
> Valiate that ROOT admin is NOT able to deploy a VM for user in ROOT domain in
> a shared network with scope=domain with subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_domain_withsubdomainaccess_ROOTuser
> | Status : SUCCESS ===
> ok
> Valiate that ROOT admin is able to deploy a VM for domain admin user in a
> shared network with scope=domain with subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_domain_withsubdomainaccess_domainadminuser
> | Status : SUCCESS ===
> ok
> Valiate that ROOT admin is able to deploy a VM for domain user in a shared
> network with scope=domain with subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_domain_withsubdomainaccess_domainuser
> | Status : SUCCESS ===
> ok
> Valiate that ROOT admin is NOT able to deploy a VM for parent domain admin
> user in a shared network with scope=domain with subdomain access ... ===
> TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_domain_withsubdomainaccess_parentdomainadminuser
> | Status : SUCCESS ===
> ok
> Valiate that ROOT admin is NOT able to deploy a VM for parent domain user in
> a shared network with scope=domain with subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_domain_withsubdomainaccess_parentdomainuser
> | Status : SUCCESS ===
> ok
> Valiate that ROOT admin is able to deploy a VM for subdomain admin user in a
> shared network with scope=domain with subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_domain_withsubdomainaccess_subdomainadminuser
> | Status : SUCCESS ===
> ok
> Valiate that ROOT admin is able to deploy a VM for subdomain user in a shared
> network with scope=domain with subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_admin_scope_domain_withsubdomainaccess_subdomainuser
> | Status : SUCCESS ===
> ok
> Valiate that Domain admin is NOT able to deploy a VM for an regular user in
> ROOT domain in a shared network with scope=account ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_account_ROOTuser | Status
> : SUCCESS ===
> ok
> Valiate that Domain admin is able NOT able to deploy a VM for an regular user
> from a differnt domain in a shared network with scope=account ... ===
> TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_account_differentdomain |
> Status : SUCCESS ===
> ok
> Valiate that Domain admin is NOT able to deploy a VM for an admin user in the
> same domain but belonging ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_account_domainadminuser |
> Status : SUCCESS ===
> ok
> Valiate that Domain admin is NOT able to deploy a VM for user in the same
> domain but belonging to a ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_account_domainuser |
> Status : SUCCESS ===
> ok
> Valiate that Domain admin is able to deploy a VM for an regular user in a
> shared network with scope=account ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_account_user | Status :
> SUCCESS ===
> ok
> Valiate that Domain admin is NOT able to deploy a VM for user in ROOT domain
> in a shared network with scope=all ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_all_ROOTuser | Status :
> SUCCESS ===
> ok
> Valiate that Domain admin is NOT able to deploy a VM for user in other domain
> in a shared network with scope=all ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_all_crossdomainuser |
> Status : SUCCESS ===
> ok
> Valiate that Domain admin is able to deploy a VM for a domain admin user in a
> shared network with scope=all ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_all_domainadminuser |
> Status : SUCCESS ===
> ok
> Valiate that Domain admin is able to deploy a VM for a domain user in a
> shared network with scope=all ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_all_domainuser | Status :
> SUCCESS ===
> ok
> Valiate that Domain admin is able to deploy a VM for a sub domain admin user
> in a shared network with scope=all ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_all_subdomainadminuser |
> Status : SUCCESS ===
> ok
> Valiate that Domain admin is able to deploy a VM for a sub domain user in a
> shared network with scope=all ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_all_subdomainuser |
> Status : SUCCESS ===
> ok
> Valiate that Domain admin is NOT able to deploy a VM for user in ROOT domain
> in a shared network with scope=Domain and no subdomain access ... ===
> TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_nosubdomainaccess_ROOTuser
> | Status : SUCCESS ===
> ok
> Valiate that Domain admin is able to deploy a VM for domain admin user in a
> shared network with scope=Domain and no subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_nosubdomainaccess_domainadminuser
> | Status : SUCCESS ===
> ok
> Valiate that Domain admin is able to deploy a VM for domain user in a shared
> network with scope=Domain and no subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_nosubdomainaccess_domainuser
> | Status : SUCCESS ===
> ok
> Valiate that Domain admin is NOT able to deploy VM for parent domain admin
> user in shared network with scope=Domain and no subdomain access ... ===
> TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_nosubdomainaccess_parentdomainadminuser
> | Status : SUCCESS ===
> ok
> Valiate that Domain admin is NOT able to deploy a VM for parent domain user
> in a shared network with scope=Domain and no subdomain access ... ===
> TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_nosubdomainaccess_parentdomainuser
> | Status : SUCCESS ===
> ok
> Valiate that Domain admin is NOT able to deploy a VM for sub domain admin
> user in a shared network with scope=Domain and no subdomain access ... ===
> TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_nosubdomainaccess_subdomainadminuser
> | Status : SUCCESS ===
> ok
> Valiate that Domain admin is NOT able to deploy a VM for sub domain user in a
> shared network with scope=Domain and no subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_nosubdomainaccess_subdomainuser
> | Status : SUCCESS ===
> ok
> Valiate that Domain admin is NOT able to deploy a VM for user in ROOT domain
> in a shared network with scope=Domain and subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_withsubdomainaccess_ROOTuser
> | Status : SUCCESS ===
> ok
> Valiate that Domain admin is able to deploy a VM for admin user in domain in
> a shared network with scope=Domain and subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_withsubdomainaccess_domainadminuser
> | Status : SUCCESS ===
> ok
> Valiate that Domain admin is able to deploy a VM for regular user in domain
> in a shared network with scope=Domain and subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_withsubdomainaccess_domainuser
> | Status : SUCCESS ===
> ok
> Validate that Domain admin is NOT able to deploy VM for admin user in parent
> domain in shared network with scope=Domain subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_withsubdomainaccess_parentdomainadminuser
> | Status : SUCCESS ===
> ok
> Valiate that Domain admin NOT able to deploy VM for regular user in parent
> domain in shared network with scope=Domain subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_withsubdomainaccess_parentdomainuser
> | Status : SUCCESS ===
> ok
> Valiate that Domain admin is able to deploy a VM for admin user in subdomain
> in a shared network with scope=Domain and subdomain access ... === TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_withsubdomainaccess_subdomainadminuser
> | Status : SUCCESS ===
> ok
> Valiate that Domain admin is able to deploy a VM for regular user in
> subdomain in a shared network with scope=Domain and subdomain access ... ===
> TestName:
> test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_withsubdomainaccess_subdomainuser
> | Status : SUCCESS ===
> ok
> Valiate that regular user is able NOT able to deploy a VM for another user in
> the same domain in a shared network with scope=all ... === TestName:
> test_deployVM_in_sharedNetwork_as_regularuser_scope_all_anotherusersamedomain
> | Status : SUCCESS ===
> ok
> Valiate that regular user is able NOT able to deploy a VM for another user in
> a different domain in a shared network with scope=all ... === TestName:
> test_deployVM_in_sharedNetwork_as_regularuser_scope_all_crossdomain | Status
> : SUCCESS ===
> ok
> ----------------------------------------------------------------------
> Ran 51 tests in 3192.356s
> OK
> For monitoring useCase test runs are:-
> Valiate that Normal user in the same domain able to add NIC in a shared
> network with scope=all ... === TestName:
> test_01_addNic_in_sharedNetwork_scope_all_as_domainuser | Status : SUCCESS ===
> ok
> Valiate that Parent domain admin is able to add a NIC in a shared network
> with scope=all ... === TestName:
> test_02_addNic_in_sharedNetwork_scope_all_as_domain_parentAdmin | Status :
> SUCCESS ===
> ok
> Valiate that User can enable staticNat on VPC NIC where second nicn is in a
> shared network with scope=all ... === TestName:
> test_03_staticNat_in_VPC_secondNic_sharedNetwork_scope_all | Status : SUCCESS
> ===
> ok
> Validate that reboot VM is done successfully without any Error ... ===
> TestName: test_04_rebootVM_after_sharedNetwork_nic | Status : SUCCESS ===
> ok
> Validate that restart Tier Network is done successfully with cleanup ... ===
> TestName: test_05_restart_Tier_VPC_Network_sharedNetwork_nic | Status :
> SUCCESS ===
> ok
> Validate that restart Shared Network is done successfully without any Error
> ... === TestName: test_06_restart_sharedNetwork_scope_all | Status : SUCCESS
> ===
> ok
> Valiate that Normal user in the same domain able to remove NIC in a shared
> network which is added by Parent Domain Admin ... === TestName:
> test_07_removeNic_in_sharedNetwork_scope_all_as_domainuser | Status : SUCCESS
> ===
> ok
> Valiate that Parent domain admin is able to remove a NIC which is added by
> child domain user ... === TestName:
> test_08_removeNic_in_sharedNetwork_scope_all_as_domain_parentAdmin | Status :
> SUCCESS ===
> ok
> Valiate that Normal user in the same domain able to add NIC in a shared
> network with scope=domain without subdomain Access ... === TestName:
> test_09_addNic_in_sharedNetwork_scope_domain_as_domainuser | Status : SUCCESS
> ===
> ok
> Valiate that Normal user in the same domain able to add NIC in a shared
> network with scope=domain with subdomain Access ... === TestName:
> test_10_addNic_in_sharedNetwork_scope_domain_subdomain_as_domainuser | Status
> : SUCCESS ===
> ok
> ----------------------------------------------------------------------
> Ran 10 tests in 744.354s
> OK
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
