Network test: add ip forward and ForwardingRule test

Gustavo Serra Scalet · Gustavo Serra Scalet · commit 647e8f7cb36e · 2018-06-05T18:46:42.000-03:00
diff --git a/daisy_workflows/image_test/linux_common/utils.py b/daisy_workflows/image_test/linux_common/utils.py
@@ -208,6 +208,7 @@ def __init__(self, compute, instance, ssh_user='tester'):
       user: string, the user to create ssh keys and perform ssh tests.
     """
     self.zone = self.FetchMetadataDefault('zone')
+    self.region = self.zone[:-2]  # clears the "-[a-z]$" of the zone
     self.project = self.FetchMetadataDefault('project')
     self.compute = compute
     self.instance = instance
@@ -404,6 +405,9 @@ def AttachDisk(self, instance, disk_name):
     Args:
       instance: string, the name of the instance to attach disk.
       disk_name: string, the name of the disks to be attached.
+
+    Returns:
+      response: dict, the request's response.
     """
     body = {'source': 'projects/%s/zones/%s/disks/%s' % (
         self.project, self.zone, disk_name)}
@@ -431,6 +435,9 @@ def DetachDisk(self, instance, device_name):
     Args:
       instance: string, the name of the instance to detach disk.
       device_name: string, the device name of the disk to be detached.
+
+    Returns:
+      response: dictionary, the request's response.
     """
     request = self.compute.instances().detachDisk(
         project=self.project, zone=self.zone, instance=instance,
@@ -444,14 +451,105 @@ def Wait(self, response):
     Args:
       response: dict, a request's response
     """
-    operation = response[u'name']
+    def _OperationGetter(response):
+      operation = response[u'name']
+      if response.get(u'zone'):
+        return self.compute.zoneOperations().get(
+            project=self.project, zone=self.zone, operation=operation)
+      elif response.get(u'region'):
+        return self.compute.regionOperations().get(
+            project=self.project, region=self.region, operation=operation)
+      else:
+        return self.compute.globalOperations().get(
+            project=self.project, operation=operation)
+
     while True:
-      result = self.compute.zoneOperations().get(
-          project=self.project, zone=self.zone, operation=operation).execute()
+      result = _OperationGetter(response).execute()
 
       if result['status'] == 'DONE':
         if 'error' in result:
           raise Exception(result['error'])
         return result
 
       time.sleep(1)
+
+  def AddTargetInstance(self, name, instance):
+    """Creates a target instance to be used by a forwarding rule
+
+    Args:
+      name: string, the name of the target instance.
+      instance: string, the instance name to be mapped by the target instnace.
+
+    Returns:
+      response: dictionary, the request's response.
+    """
+    body = {
+        "name": name,
+        "instance": 'projects/%s/zones/%s/instances/%s' % (
+            self.project, self.zone, instance)
+    }
+
+    return self.compute.targetInstances().insert(
+        project=self.project, zone=self.zone, body=body).execute()
+
+  def DeleteTargetInstance(self, name):
+    """Deletes a target instance
+
+    Args:
+      name: string, the name of the target instance.
+
+    Returns:
+      response: dictionary, the request's response.
+    """
+    return self.compute.targetInstances().delete(
+        project=self.project, zone=self.zone, targetInstance=name).execute()
+
+  def AddForwardingRule(self, name, target, ports="80", protocol="TCP"):
+    """Creates a forwarding rule
+
+    Args:
+      name: string, the name of this forwarding rule.
+      target: string, the target instance name to be used.
+      ports: list of int or string, the ports used.
+      protocol: string, the ip protocol (e.g: TCP, UDP)
+
+    Returns:
+      response: dictionary, the request's response.
+    """
+    body = {
+        "name": name,
+        "portRange": ",".join(ports) if type(ports) is list else ports,
+        "target": 'projects/%s/zones/%s/targetInstances/%s' % (
+            self.project, self.zone, target),
+        "LoadBalancingScheme": "INTERNAL"
+    }
+
+    return self.compute.forwardingRules().insert(
+        project=self.project, region=self.region, body=body).execute()
+
+  def GetForwardingRuleIP(self, name):
+    """Retrieves a forwarding rule ip
+
+    Args:
+      name: string, the name of the forwarding rule.
+
+    Returns:
+      response: string, the forwarding rule ip.
+    """
+    request = self.compute.forwardingRules().get(
+        project=self.project, region=self.region, forwardingRule=name)
+    response = request.execute()
+    return response[u"IPAddress"]
+
+  def DeleteForwardingRule(self, name):
+    """Deletes a forwarding rule
+
+    Args:
+      name: string, the name of the forwarding rule.
+
+    Returns:
+      response: dictionary, the request's response.
+    """
+    request = self.compute.forwardingRules().delete(
+        project=self.project, region=self.region, forwardingRule=name)
+    return request.execute()
diff --git a/daisy_workflows/image_test/network/network-testee.sh b/daisy_workflows/image_test/network/network-testee.sh
@@ -13,11 +13,16 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# Verify DNS connections if there is a INSTANCE variable defined
+
+# Verify VM to VM DNS connection
+[ -n "$INSTANCE" ] && getent hosts $INSTANCE
+
 # Verify VM to external DNS connection
-getent hosts www.google.com
+[ -n "$INSTANCE" ] && getent hosts www.google.com
 
-# Signalize wait-for-testee-instance that instance is ready
-[ $? -ne 0 ] && echo "DNS_Failed" || echo "BOOTED"
+# Signalize wait-for-instance that instance is ready or error occurred
+[ $? -ne 0 ] && [ -n "$INSTANCE" ] && echo "DNS_Failed" > /dev/console || echo "BOOTED" > /dev/console
 
 # Serve a file server that prints the hostname when requesting "/hostname"
 mkdir /server
diff --git a/daisy_workflows/image_test/network/network-tester.py b/daisy_workflows/image_test/network/network-tester.py
@@ -16,11 +16,10 @@
 import urllib2
 
 
-import utils
 import genips
-
-utils.AptGetInstall(['python-pip'])
-utils.Execute(['pip', 'install', '--upgrade', 'google-api-python-client'])
+from google import auth
+from googleapiclient import discovery
+import utils
 
 
 def GetHostname(addr, timeout=10):
@@ -51,15 +50,59 @@ def TestIPAlias(testee, ip_alias, ip_mask):
     pass
 
 
+class RequestError(Exception):
+  def __init__(self, name, instance, ip_range):
+    self.name = name
+    self.instance = instance
+    self.ip_range = ip_range
+
+  def __str__(self):
+    return "%s didn't redirect ip %s to instance %s" % (
+        self.name, self.ip_range, self.instance)
+
+
+def TestForwardingRule(MD, instance):
+  target_name = instance + "-target"
+  MD.Wait(MD.AddTargetInstance(target_name, instance))
+  try:
+    rule_name = instance + "-rule"
+    MD.Wait(MD.AddForwardingRule(rule_name, target_name))
+    try:
+      ip = MD.GetForwardingRuleIP(rule_name)
+      if GetHostname(instance) != GetHostname(ip):
+        raise RequestError(rule_name, instance, ip)
+    finally:
+      MD.Wait(MD.DeleteForwardingRule(rule_name))
+  finally:
+    MD.Wait(MD.DeleteTargetInstance(target_name))
+
+
 def main():
   MM = utils.MetadataManager
-  # Verify VM to VM DNS connection
   testee = MM.FetchMetadataDefault('testee')
 
   # Verify IP aliasing is working
   TestIPAlias(testee, MM.FetchMetadataDefault('alias_ip'),
       MM.FetchMetadataDefault('alias_ip_mask'))
 
+  # Ensure routes are added when enabling IP Forwarding
+  credentials, _ = auth.default()
+  compute = utils.GetCompute(discovery, credentials)
+
+  # (Negative test)
+  # The testee instance has IP Forward disabled, hence it should not accept the
+  # traffic from a different IP even if the router is sending traffic to it.
+  # This was a test to guarantee that behavior.
+  try:
+    TestForwardingRule(MM(compute, testee), testee)
+    raise Exception("Forwarding rule shouldn't work for non-ipforward machine")
+  except (RequestError, urllib2.URLError):
+    pass
+
+  # (Positive test)
+  testee_ipforward = MM.FetchMetadataDefault('testee_ipforward')
+  TestForwardingRule(MM(compute, testee_ipforward), testee_ipforward)
+
 
 if __name__ == '__main__':
   utils.RunTest(main)
diff --git a/daisy_workflows/image_test/network/network.wf.json b/daisy_workflows/image_test/network/network.wf.json
@@ -21,6 +21,14 @@
         }
       ]
     },
+    "create-testee-ipforward-disk": {
+      "CreateDisks": [
+        {
+          "Name": "disk-testee-ipforward-img",
+          "SourceImage": "${source_image}"
+        }
+      ]
+    },
     "create-tester-disk": {
       "CreateDisks": [
         {
@@ -44,7 +52,21 @@
               "AccessConfigs": [{"Type": "ONE_TO_ONE_NAT"}],
               "AliasIpRanges": [{"ipCidrRange": "${alias_ip}/${alias_ip_mask}"}]
             }
-          ]
+          ],
+          "canIpForward": false
+        }
+      ]
+    },
+    "create-testee-ipforward-instance": {
+      "CreateInstances": [
+        {
+          "Name": "inst-network-testee-ipforward",
+          "RealName": "inst-network-testee-ipforward-${DATETIME}-${ID}",
+          "Disks": [{"Source": "disk-testee-ipforward-img"}],
+          "Metadata": {
+            "startup-script": "INSTANCE=inst-network-testee-${DATETIME}-${ID}; ${SOURCE:testee.sh}"
+          },
+          "canIpForward": true
         }
       ]
     },
@@ -60,16 +82,35 @@
             "debian_install_google_api_python_client": "yes",
             "testee": "inst-network-testee-${DATETIME}-${ID}",
             "alias_ip": "${alias_ip}",
-            "alias_ip_mask": "${alias_ip_mask}"
-          }
+            "alias_ip_mask": "${alias_ip_mask}",
+            "testee_ipforward": "inst-network-testee-ipforward-${DATETIME}-${ID}",
+            "zone": "${ZONE}",
+            "project": "${PROJECT}"
+          },
+          "Scopes": [
+            "https://www.googleapis.com/auth/devstorage.read_only",
+            "https://www.googleapis.com/auth/compute"
+          ]
         }
       ]
     },
     "wait-for-testee-instance": {
       "Timeout": "5m",
       "WaitForInstancesSignal": [
-        {
+          {
           "Name": "inst-network-testee",
+          "SerialOutput": {
+            "Port": 1,
+            "SuccessMatch": "BOOTED"
+          }
+        }
+      ]
+    },
+    "wait-for-testee-ipforward-instance": {
+      "Timeout": "5m",
+      "WaitForInstancesSignal": [
+        {
+          "Name": "inst-network-testee-ipforward",
           "SerialOutput": {
             "Port": 1,
             "SuccessMatch": "BOOTED",
@@ -95,7 +136,9 @@
   "Dependencies": {
     "create-testee-instance": ["create-testee-disk"],
     "wait-for-testee-instance": ["create-testee-instance"],
-    "create-tester-instance": ["wait-for-testee-instance", "create-tester-disk"],
+    "create-testee-ipforward-instance": ["create-testee-ipforward-disk", "wait-for-testee-instance"],
+    "wait-for-testee-ipforward-instance": ["create-testee-ipforward-instance"],
+    "create-tester-instance": ["wait-for-testee-ipforward-instance", "create-tester-disk"],
     "wait-for-testee-check": ["create-tester-instance"]
   }
 }
