github.com/vmware/go-vcloud-director/v2@v2.24.0/govcd/nsxt_firewall_group_static_security_group_test.go (about) 1 //go:build network || nsxt || functional || openapi || ALL 2 3 package govcd 4 5 import ( 6 "github.com/vmware/go-vcloud-director/v2/types/v56" 7 . "gopkg.in/check.v1" 8 ) 9 10 // Test_NsxtSecurityGroup tests out CRUD of Static NSX-T Security Group 11 // 12 // Note. Security Group is one type of Firewall Group 13 func (vcd *TestVCD) Test_NsxtStaticSecurityGroup(check *C) { 14 skipNoNsxtConfiguration(vcd, check) 15 skipOpenApiEndpointTest(vcd, check, types.OpenApiPathVersion1_0_0+types.OpenApiEndpointFirewallGroups) 16 17 org, err := vcd.client.GetOrgByName(vcd.config.VCD.Org) 18 check.Assert(err, IsNil) 19 20 nsxtVdc, err := org.GetVDCByName(vcd.config.VCD.Nsxt.Vdc, false) 21 check.Assert(err, IsNil) 22 23 edge, err := nsxtVdc.GetNsxtEdgeGatewayByName(vcd.config.VCD.Nsxt.EdgeGateway) 24 check.Assert(err, IsNil) 25 26 fwGroupDefinition := &types.NsxtFirewallGroup{ 27 Name: check.TestName(), 28 Description: check.TestName() + "-Description", 29 Type: types.FirewallGroupTypeSecurityGroup, 30 EdgeGatewayRef: &types.OpenApiReference{ID: edge.EdgeGateway.ID}, 31 } 32 33 // Create firewall group and add to cleanup if it was created 34 createdSecGroup, err := nsxtVdc.CreateNsxtFirewallGroup(fwGroupDefinition) 35 check.Assert(err, IsNil) 36 openApiEndpoint := types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointFirewallGroups + createdSecGroup.NsxtFirewallGroup.ID 37 AddToCleanupListOpenApi(createdSecGroup.NsxtFirewallGroup.Name, check.TestName(), openApiEndpoint) 38 39 check.Assert(createdSecGroup.NsxtFirewallGroup.ID, Not(Equals), "") 40 check.Assert(createdSecGroup.NsxtFirewallGroup.EdgeGatewayRef.Name, Equals, vcd.config.VCD.Nsxt.EdgeGateway) 41 42 check.Assert(createdSecGroup.NsxtFirewallGroup.Description, Equals, fwGroupDefinition.Description) 43 check.Assert(createdSecGroup.NsxtFirewallGroup.Name, Equals, fwGroupDefinition.Name) 44 check.Assert(createdSecGroup.NsxtFirewallGroup.Type, Equals, fwGroupDefinition.Type) 45 46 // Update and compare 47 createdSecGroup.NsxtFirewallGroup.Description = "updated-description" 48 createdSecGroup.NsxtFirewallGroup.Name = check.TestName() + "-updated" 49 50 updatedSecGroup, err := createdSecGroup.Update(createdSecGroup.NsxtFirewallGroup) 51 check.Assert(err, IsNil) 52 check.Assert(updatedSecGroup.NsxtFirewallGroup, DeepEquals, createdSecGroup.NsxtFirewallGroup) 53 54 check.Assert(updatedSecGroup, DeepEquals, createdSecGroup) 55 56 // Get all Firewall Groups and check if the created one is there 57 allSecGroups, err := org.GetAllNsxtFirewallGroups(nil, types.FirewallGroupTypeSecurityGroup) 58 check.Assert(err, IsNil) 59 fwGroupFound := false 60 for i := range allSecGroups { 61 if allSecGroups[i].NsxtFirewallGroup.ID == updatedSecGroup.NsxtFirewallGroup.ID { 62 fwGroupFound = true 63 break 64 } 65 } 66 check.Assert(fwGroupFound, Equals, true) 67 68 // Get firewall group by name using Org 69 secGroupByName, err := org.GetNsxtFirewallGroupByName(updatedSecGroup.NsxtFirewallGroup.Name, types.FirewallGroupTypeSecurityGroup) 70 check.Assert(err, IsNil) 71 72 secGroupById, err := org.GetNsxtFirewallGroupById(updatedSecGroup.NsxtFirewallGroup.ID) 73 check.Assert(err, IsNil) 74 check.Assert(secGroupById.NsxtFirewallGroup, DeepEquals, secGroupByName.NsxtFirewallGroup) 75 76 // // Get firewall group by name using Vdc 77 vdcSecGroupByName, err := nsxtVdc.GetNsxtFirewallGroupByName(updatedSecGroup.NsxtFirewallGroup.Name, types.FirewallGroupTypeSecurityGroup) 78 check.Assert(err, IsNil) 79 80 vdcSecGroupById, err := nsxtVdc.GetNsxtFirewallGroupById(updatedSecGroup.NsxtFirewallGroup.ID) 81 check.Assert(err, IsNil) 82 check.Assert(vdcSecGroupById.NsxtFirewallGroup.ID, Not(Equals), "") 83 check.Assert(vdcSecGroupByName.NsxtFirewallGroup, DeepEquals, vdcSecGroupById.NsxtFirewallGroup) 84 check.Assert(vdcSecGroupByName.NsxtFirewallGroup, DeepEquals, secGroupById.NsxtFirewallGroup) 85 86 // Get Security Group using Edge Gateway 87 edgeSecGroup, err := edge.GetNsxtFirewallGroupByName(updatedSecGroup.NsxtFirewallGroup.Name, types.FirewallGroupTypeSecurityGroup) 88 check.Assert(err, IsNil) 89 check.Assert(edgeSecGroup.NsxtFirewallGroup, DeepEquals, secGroupByName.NsxtFirewallGroup) 90 91 associatedVms, err := edgeSecGroup.GetAssociatedVms() 92 // Try to list associated VMs and expect an empty list (because no Org VDC network is attached) 93 check.Assert(err, IsNil) 94 check.Assert(len(associatedVms), Equals, 0) 95 96 // Remove 97 err = createdSecGroup.Delete() 98 check.Assert(err, IsNil) 99 } 100 101 // Test_NsxtSecurityGroupGetAssociatedVms tests if member routed Org VDC networks are added correctly to 102 // Security Groups and if associated VMs are correctly reported back 103 // 104 // Note. Security Group is one type of Firewall Group 105 func (vcd *TestVCD) Test_NsxtSecurityGroupGetAssociatedVms(check *C) { 106 skipNoNsxtConfiguration(vcd, check) 107 skipOpenApiEndpointTest(vcd, check, types.OpenApiPathVersion1_0_0+types.OpenApiEndpointFirewallGroups) 108 109 org, err := vcd.client.GetOrgByName(vcd.config.VCD.Org) 110 check.Assert(err, IsNil) 111 112 nsxtVdc, err := org.GetVDCByName(vcd.config.VCD.Nsxt.Vdc, false) 113 check.Assert(err, IsNil) 114 115 edge, err := nsxtVdc.GetNsxtEdgeGatewayByName(vcd.config.VCD.Nsxt.EdgeGateway) 116 check.Assert(err, IsNil) 117 118 // Setup prerequisites - Routed Org VDC and add 2 VMs. With vApp and standalone 119 routedNet := createNsxtRoutedNetwork(check, vcd, nsxtVdc, edge.EdgeGateway.ID) 120 openApiEndpoint := types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointOrgVdcNetworks + routedNet.OpenApiOrgVdcNetwork.ID 121 AddToCleanupListOpenApi(routedNet.OpenApiOrgVdcNetwork.Name, check.TestName(), openApiEndpoint) 122 123 vapp, vappVm := createVappVmAndAttachNetwork(check, vcd, nsxtVdc, routedNet) 124 PrependToCleanupList(vapp.VApp.Name, "vapp", vcd.nsxtVdc.Vdc.Name, check.TestName()) 125 126 // VMs are prependend to clean up list to make sure they are removed before routed network 127 standaloneVm := createStandaloneVm(check, vcd, nsxtVdc, routedNet) 128 PrependToCleanupList(standaloneVm.VM.ID, "standaloneVm", "", check.TestName()) 129 130 secGroupDefinition := &types.NsxtFirewallGroup{ 131 Name: check.TestName(), 132 Description: check.TestName() + "-Description", 133 Type: types.FirewallGroupTypeSecurityGroup, 134 EdgeGatewayRef: &types.OpenApiReference{ID: edge.EdgeGateway.ID}, 135 Members: []types.OpenApiReference{ 136 {ID: routedNet.OpenApiOrgVdcNetwork.ID}, 137 }, 138 } 139 140 // Create firewall group and add to cleanup if it was created 141 createdSecGroup, err := nsxtVdc.CreateNsxtFirewallGroup(secGroupDefinition) 142 check.Assert(err, IsNil) 143 openApiEndpoint = types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointFirewallGroups + createdSecGroup.NsxtFirewallGroup.ID 144 AddToCleanupListOpenApi(createdSecGroup.NsxtFirewallGroup.Name, check.TestName(), openApiEndpoint) 145 146 // Expect to see VM created in associated VM query 147 associatedVms, err := createdSecGroup.GetAssociatedVms() 148 check.Assert(err, IsNil) 149 150 check.Assert(len(associatedVms), Equals, 2) 151 152 foundStandalone := false 153 foundVappVm := false 154 for i := range associatedVms { 155 if associatedVms[i].VmRef.ID == standaloneVm.VM.ID { 156 foundStandalone = true 157 } 158 159 if associatedVms[i].VappRef != nil && associatedVms[i].VmRef.ID == vappVm.VM.ID && 160 associatedVms[i].VappRef.ID == vapp.VApp.ID { 161 foundVappVm = true 162 } 163 } 164 165 check.Assert(foundStandalone, Equals, true) 166 check.Assert(foundVappVm, Equals, true) 167 task, err := vapp.Delete() 168 check.Assert(err, IsNil) 169 err = task.WaitTaskCompletion() 170 check.Assert(err, IsNil) 171 err = standaloneVm.Delete() 172 check.Assert(err, IsNil) 173 err = createdSecGroup.Delete() 174 check.Assert(err, IsNil) 175 err = routedNet.Delete() 176 check.Assert(err, IsNil) 177 } 178 179 func createNsxtRoutedNetwork(check *C, vcd *TestVCD, vdc *Vdc, edgeGatewayId string) *OpenApiOrgVdcNetwork { 180 orgVdcNetworkConfig := &types.OpenApiOrgVdcNetwork{ 181 Name: check.TestName() + "routed-net", 182 Description: check.TestName() + "-description", 183 184 // On v35.0 orgVdc is not supported anymore. Using ownerRef instead. 185 OwnerRef: &types.OpenApiReference{ID: vcd.nsxtVdc.Vdc.ID}, 186 187 NetworkType: types.OrgVdcNetworkTypeRouted, 188 189 // Connection is used for "routed" network 190 Connection: &types.Connection{ 191 RouterRef: types.OpenApiReference{ 192 ID: edgeGatewayId, 193 }, 194 ConnectionType: "INTERNAL", 195 }, 196 Subnets: types.OrgVdcNetworkSubnets{ 197 Values: []types.OrgVdcNetworkSubnetValues{ 198 { 199 Gateway: "2.1.1.1", 200 PrefixLength: 24, 201 IPRanges: types.OrgVdcNetworkSubnetIPRanges{ 202 Values: []types.OrgVdcNetworkSubnetIPRangeValues{ 203 { 204 StartAddress: "2.1.1.20", 205 EndAddress: "2.1.1.30", 206 }, 207 }}, 208 }, 209 }, 210 }, 211 } 212 213 orgVdcNet, err := vdc.CreateOpenApiOrgVdcNetwork(orgVdcNetworkConfig) 214 check.Assert(err, IsNil) 215 return orgVdcNet 216 } 217 218 func createStandaloneVm(check *C, vcd *TestVCD, vdc *Vdc, net *OpenApiOrgVdcNetwork) *VM { 219 params := types.CreateVmParams{ 220 Name: check.TestName() + "-standalone", 221 PowerOn: false, 222 CreateVm: &types.Vm{ 223 Name: check.TestName() + "-standalone", 224 VirtualHardwareSection: nil, 225 NetworkConnectionSection: &types.NetworkConnectionSection{ 226 Info: "Network Configuration for VM", 227 PrimaryNetworkConnectionIndex: 0, 228 NetworkConnection: []*types.NetworkConnection{ 229 &types.NetworkConnection{ 230 Network: net.OpenApiOrgVdcNetwork.Name, 231 NeedsCustomization: false, 232 NetworkConnectionIndex: 0, 233 IPAddress: "any", 234 IsConnected: true, 235 IPAddressAllocationMode: "DHCP", 236 NetworkAdapterType: "VMXNET3", 237 }, 238 }, 239 Link: nil, 240 }, 241 VmSpecSection: &types.VmSpecSection{ 242 Modified: addrOf(true), 243 Info: "Virtual Machine specification", 244 OsType: "debian10Guest", 245 NumCpus: addrOf(1), 246 NumCoresPerSocket: addrOf(1), 247 CpuResourceMhz: &types.CpuResourceMhz{ 248 Configured: 0, 249 }, 250 MemoryResourceMb: &types.MemoryResourceMb{ 251 Configured: 512, 252 }, 253 DiskSection: &types.DiskSection{ 254 DiskSettings: []*types.DiskSettings{ 255 &types.DiskSettings{ 256 SizeMb: 1024, 257 UnitNumber: 0, 258 BusNumber: 0, 259 AdapterType: "5", 260 ThinProvisioned: addrOf(true), 261 OverrideVmDefault: false, 262 }, 263 }, 264 }, 265 266 HardwareVersion: &types.HardwareVersion{Value: "vmx-14"}, 267 VmToolsVersion: "", 268 VirtualCpuType: "VM32", 269 }, 270 GuestCustomizationSection: &types.GuestCustomizationSection{ 271 Info: "Specifies Guest OS Customization Settings", 272 ComputerName: "standalone1", 273 }, 274 }, 275 Xmlns: types.XMLNamespaceVCloud, 276 } 277 278 vm, err := vdc.CreateStandaloneVm(¶ms) 279 check.Assert(err, IsNil) 280 check.Assert(vm, NotNil) 281 return vm 282 } 283 284 func createVappVmAndAttachNetwork(check *C, vcd *TestVCD, vdc *Vdc, net *OpenApiOrgVdcNetwork) (*VApp, *VM) { 285 vapp, err := vdc.CreateRawVApp(check.TestName(), check.TestName()+"description") 286 check.Assert(err, IsNil) 287 288 check.Assert(vapp, NotNil) 289 290 // Attach network to vApp 291 orgVdcNetworkWithHREF, err := vdc.GetOrgVdcNetworkById(net.OpenApiOrgVdcNetwork.ID, true) 292 check.Assert(err, IsNil) 293 294 networkConfigurations := vapp.VApp.NetworkConfigSection.NetworkConfig 295 vappConfiguration := types.VAppNetworkConfiguration{ 296 NetworkName: net.OpenApiOrgVdcNetwork.Name, 297 Configuration: &types.NetworkConfiguration{ 298 ParentNetwork: &types.Reference{ 299 HREF: orgVdcNetworkWithHREF.OrgVDCNetwork.HREF, 300 }, 301 RetainNetInfoAcrossDeployments: addrOf(false), 302 FenceMode: types.FenceModeBridged, 303 }, 304 IsDeployed: false, 305 } 306 307 networkConfigurations = append(networkConfigurations, 308 vappConfiguration) 309 310 task, err := updateNetworkConfigurations(vapp, networkConfigurations) 311 check.Assert(err, IsNil) 312 313 err = task.WaitTaskCompletion() 314 check.Assert(err, IsNil) 315 // EOF Attach network to vApp 316 317 desiredNetConfig := &types.NetworkConnectionSection{} 318 desiredNetConfig.PrimaryNetworkConnectionIndex = 0 319 desiredNetConfig.NetworkConnection = append(desiredNetConfig.NetworkConnection, 320 &types.NetworkConnection{ 321 IsConnected: true, 322 IPAddressAllocationMode: types.IPAllocationModePool, 323 Network: net.OpenApiOrgVdcNetwork.Name, 324 NetworkConnectionIndex: 0, 325 }, 326 ) 327 328 emptyVmDefinition := &types.RecomposeVAppParamsForEmptyVm{ 329 CreateItem: &types.CreateItem{ 330 Name: check.TestName(), 331 Description: "created by " + check.TestName(), 332 GuestCustomizationSection: nil, 333 VmSpecSection: &types.VmSpecSection{ 334 Modified: addrOf(true), 335 Info: "Virtual Machine specification", 336 OsType: "debian10Guest", 337 NumCpus: addrOf(2), 338 NumCoresPerSocket: addrOf(1), 339 CpuResourceMhz: &types.CpuResourceMhz{Configured: 1}, 340 MemoryResourceMb: &types.MemoryResourceMb{Configured: 1024}, 341 DiskSection: &types.DiskSection{DiskSettings: []*types.DiskSettings{ 342 &types.DiskSettings{ 343 AdapterType: "5", 344 SizeMb: int64(16384), 345 BusNumber: 0, 346 UnitNumber: 0, 347 ThinProvisioned: addrOf(true), 348 OverrideVmDefault: true, 349 }, 350 }}, 351 HardwareVersion: &types.HardwareVersion{Value: "vmx-13"}, // need support older version vCD 352 VmToolsVersion: "", 353 VirtualCpuType: "VM32", 354 TimeSyncWithHost: nil, 355 }, 356 }, 357 AllEULAsAccepted: true, 358 } 359 360 createdVm, err := vapp.AddEmptyVm(emptyVmDefinition) 361 check.Assert(err, IsNil) 362 363 // Network could have been configured while creating VM, but on some slow systems 364 // the network is not yet found just after creating it so creating a VM without network and 365 // adding it later buys some time 366 err = createdVm.UpdateNetworkConnectionSection(desiredNetConfig) 367 check.Assert(err, IsNil) 368 369 check.Assert(err, IsNil) 370 check.Assert(createdVm, NotNil) 371 372 return vapp, createdVm 373 }