From 75ea538d1b5d0b9b5cbeff208f5d43cea89aaa75 Mon Sep 17 00:00:00 2001 From: Jacek Pielaszkiewicz Date: Fri, 27 Jun 2014 13:12:34 +0200 Subject: [PATCH] Add libvirt network filter support to security-containers [Feature] libvirt network filters implementation [Cause] N/A [Solution] - It was assumed that network filters are defined per container. - A new parameter networkFilterConfig has been added to the container config file. - Unit test have been updated due to a new configuration parameter in the container confg file. - "Network integration" tests for security-containers have been implemented. The tests assume that in the environment are two containers (Buisness and Private). Both of them are mutually isolated and both have the Internet access. [Verification] Build, install, run tests Signed-off-by: Jacek Pielaszkiewicz Change-Id: Ibc08d85c1a362119fb71d80f66184a5c67b5c721 --- common/libvirt/network-filter.cpp | 81 ++++++ common/libvirt/network-filter.hpp | 67 +++++ common/libvirt/network.hpp | 1 - server/configs/containers/business.conf | 1 + server/configs/containers/private.conf | 1 + server/configs/libvirt-config/business-network.xml | 5 +- .../configs/libvirt-config/business-nwfilter.xml | 8 + server/configs/libvirt-config/business.xml | 1 + server/configs/libvirt-config/private-network.xml | 5 +- server/configs/libvirt-config/private-nwfilter.xml | 8 + server/configs/libvirt-config/private.xml | 1 + server/container-config.hpp | 7 + server/container.cpp | 2 + server/network-admin.cpp | 2 + server/network-admin.hpp | 2 + tests/integration_tests/CMakeLists.txt | 1 + tests/integration_tests/__init__.py | 1 + .../integration_tests/network_tests/CMakeLists.txt | 26 ++ tests/integration_tests/network_tests/__init__.py | 4 + .../network_tests/network_common.py | 297 +++++++++++++++++++++ .../network_tests/network_tests.py | 65 +++++ tests/integration_tests/sc_int_tests.py | 4 +- tests/unit_tests/libvirt/network.cpp | 23 ++ .../ut-container-admin/containers/buggy.conf.in | 1 + .../ut-container-admin/containers/missing.conf | 1 + .../containers/test-no-shutdown.conf.in | 1 + .../ut-container-admin/containers/test.conf.in | 1 + .../configs/ut-container/containers/buggy.conf | 1 + .../configs/ut-container/containers/test-dbus.conf | 1 + .../configs/ut-container/containers/test.conf | 1 + .../ut-container/libvirt-config/network-filter.xml | 4 + .../ut-container/libvirt-config/test-dbus.xml.in | 1 + .../configs/ut-container/libvirt-config/test.xml | 1 + .../containers/console1-dbus.conf | 1 + .../ut-containers-manager/containers/console1.conf | 1 + .../containers/console2-dbus.conf | 1 + .../ut-containers-manager/containers/console2.conf | 1 + .../containers/console3-dbus.conf | 1 + .../ut-containers-manager/containers/console3.conf | 1 + .../libvirt-config/console1.xml | 1 + .../libvirt-config/console2.xml | 1 + .../libvirt-config/console3.xml | 1 + .../libvirt-config/network1-filter.xml | 3 + .../libvirt-config/network2-filter.xml | 3 + .../libvirt-config/network3-filter.xml | 3 + .../ut-network-admin/containers/buggy.conf.in | 1 + .../ut-network-admin/containers/missing.conf | 1 + .../ut-network-admin/containers/test.conf.in | 1 + .../libvirt-config/buggy-network-filter.xml | 1 + .../libvirt-config/network-filter.xml | 4 + .../configs/ut-server/containers/container1.conf | 1 + .../configs/ut-server/containers/container2.conf | 1 + .../configs/ut-server/containers/container3.conf | 1 + .../ut-server/libvirt-config/container1.xml | 1 + .../ut-server/libvirt-config/container2.xml | 1 + .../ut-server/libvirt-config/container3.xml | 1 + .../ut-server/libvirt-config/network1-filter.xml | 3 + .../ut-server/libvirt-config/network2-filter.xml | 3 + .../ut-server/libvirt-config/network3-filter.xml | 3 + 59 files changed, 661 insertions(+), 6 deletions(-) create mode 100644 common/libvirt/network-filter.cpp create mode 100644 common/libvirt/network-filter.hpp create mode 100644 server/configs/libvirt-config/business-nwfilter.xml create mode 100644 server/configs/libvirt-config/private-nwfilter.xml create mode 100644 tests/integration_tests/network_tests/CMakeLists.txt create mode 100644 tests/integration_tests/network_tests/__init__.py create mode 100755 tests/integration_tests/network_tests/network_common.py create mode 100644 tests/integration_tests/network_tests/network_tests.py create mode 100644 tests/unit_tests/server/configs/ut-container/libvirt-config/network-filter.xml create mode 100644 tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network1-filter.xml create mode 100644 tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network2-filter.xml create mode 100644 tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network3-filter.xml create mode 100644 tests/unit_tests/server/configs/ut-network-admin/libvirt-config/buggy-network-filter.xml create mode 100644 tests/unit_tests/server/configs/ut-network-admin/libvirt-config/network-filter.xml create mode 100644 tests/unit_tests/server/configs/ut-server/libvirt-config/network1-filter.xml create mode 100644 tests/unit_tests/server/configs/ut-server/libvirt-config/network2-filter.xml create mode 100644 tests/unit_tests/server/configs/ut-server/libvirt-config/network3-filter.xml diff --git a/common/libvirt/network-filter.cpp b/common/libvirt/network-filter.cpp new file mode 100644 index 0000000..94fd96d --- /dev/null +++ b/common/libvirt/network-filter.cpp @@ -0,0 +1,81 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Jan Olszak + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file + * @author Jan Olszak (j.olszak@samsung.com) + * @brief Implementation of the class wrapping libvirt network + */ + +#include "config.hpp" + +#include "logger/logger.hpp" +#include "libvirt/network-filter.hpp" +#include "libvirt/helpers.hpp" +#include "libvirt/exception.hpp" + + +namespace security_containers { +namespace libvirt { + +LibvirtNWFilter::LibvirtNWFilter(const std::string& configXML) + : mCon(LIBVIRT_LXC_ADDRESS), mNetFilter(nullptr), + mDetachOnExit(false) +{ + mNetFilter = virNWFilterDefineXML(mCon.get(), configXML.c_str()); + + if (mNetFilter == nullptr) { + LOGE("Error while definig a network filter:\n" + << libvirtFormatError()); + throw LibvirtOperationException(); + } +} + +LibvirtNWFilter::~LibvirtNWFilter() +{ + if (!mDetachOnExit) + { + if (virNWFilterUndefine(mNetFilter) < 0) { + LOGE("Error while undefining the network filter:\n" + << libvirtFormatError()); + } + } + + if (virNWFilterFree(mNetFilter) < 0) { + LOGE("Error while destroying the network filter object:\n" + << libvirtFormatError()); + } +} + +void LibvirtNWFilter::setDetachOnExit() +{ + mDetachOnExit = true; +} + +virNWFilterPtr LibvirtNWFilter::get() +{ + return mNetFilter; +} + +LibvirtNWFilter::operator bool() const +{ + return mNetFilter != nullptr; +} + +} // namespace libvirt +} // namespace security_containers diff --git a/common/libvirt/network-filter.hpp b/common/libvirt/network-filter.hpp new file mode 100644 index 0000000..ad6d8c4 --- /dev/null +++ b/common/libvirt/network-filter.hpp @@ -0,0 +1,67 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Jan Olszak + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file + * @author Jan Olszak (j.olszak@samsung.com) + * @brief Declaration of the class wrapping libvirt network + */ + +#ifndef COMMON_LIBVIRT_NETWORK_FILTER_HPP +#define COMMON_LIBVIRT_NETWORK_FILTER_HPP + +#include "libvirt/connection.hpp" + +#include + + +namespace security_containers { +namespace libvirt { + +class LibvirtNWFilter { + +public: + LibvirtNWFilter(const std::string& configXML); + ~LibvirtNWFilter(); + + /** + * @return The libvirt network pointer + */ + virNWFilterPtr get(); + + /** + * @return libvirt network pointer is not NULL + */ + operator bool() const; + + /** + * Set whether container should be detached on exit. + */ + void setDetachOnExit(); + +private: + LibvirtConnection mCon; + virNWFilterPtr mNetFilter; + bool mDetachOnExit; +}; + +} // namespace libvirt +} // namespace security_containers + + +#endif // COMMON_LIBVIRT_NETWORK_FILTER_HPP diff --git a/common/libvirt/network.hpp b/common/libvirt/network.hpp index 92a73da..26e3b0a 100644 --- a/common/libvirt/network.hpp +++ b/common/libvirt/network.hpp @@ -55,7 +55,6 @@ private: virNetworkPtr mNet; }; - } // namespace libvirt } // namespace security_containers diff --git a/server/configs/containers/business.conf b/server/configs/containers/business.conf index f16ccb4..1b711b4 100644 --- a/server/configs/containers/business.conf +++ b/server/configs/containers/business.conf @@ -5,6 +5,7 @@ "switchToDefaultAfterTimeout" : true, "config" : "../libvirt-config/business.xml", "networkConfig" : "../libvirt-config/business-network.xml", + "networkFilterConfig" : "../libvirt-config/business-nwfilter.xml", "runMountPoint" : "business/run", "permittedToSend" : [ "/tmp/.*" ], "permittedToRecv" : [ "/tmp/.*" ] diff --git a/server/configs/containers/private.conf b/server/configs/containers/private.conf index cde88c3..a981caf 100644 --- a/server/configs/containers/private.conf +++ b/server/configs/containers/private.conf @@ -5,6 +5,7 @@ "switchToDefaultAfterTimeout" : true, "config" : "../libvirt-config/private.xml", "networkConfig" : "../libvirt-config/private-network.xml", + "networkFilterConfig" : "../libvirt-config/private-nwfilter.xml", "runMountPoint" : "private/run", "permittedToSend" : [ "/tmp/.*" ], "permittedToRecv" : [ "/tmp/.*" ] diff --git a/server/configs/libvirt-config/business-network.xml b/server/configs/libvirt-config/business-network.xml index 1cc7eeb..beb5c80 100644 --- a/server/configs/libvirt-config/business-network.xml +++ b/server/configs/libvirt-config/business-network.xml @@ -3,9 +3,10 @@ cc0951f9-3397-4272-ae05-66c19229accf - + + - + diff --git a/server/configs/libvirt-config/business-nwfilter.xml b/server/configs/libvirt-config/business-nwfilter.xml new file mode 100644 index 0000000..ea7453e --- /dev/null +++ b/server/configs/libvirt-config/business-nwfilter.xml @@ -0,0 +1,8 @@ + + + + + + + + diff --git a/server/configs/libvirt-config/business.xml b/server/configs/libvirt-config/business.xml index deaf000..c2539e9 100644 --- a/server/configs/libvirt-config/business.xml +++ b/server/configs/libvirt-config/business.xml @@ -99,6 +99,7 @@ + diff --git a/server/configs/libvirt-config/private-network.xml b/server/configs/libvirt-config/private-network.xml index 76add2c..f917b52 100644 --- a/server/configs/libvirt-config/private-network.xml +++ b/server/configs/libvirt-config/private-network.xml @@ -3,9 +3,10 @@ 5b25f83d-ccb6-45f0-9d5c-c05199c261bd - + + - + diff --git a/server/configs/libvirt-config/private-nwfilter.xml b/server/configs/libvirt-config/private-nwfilter.xml new file mode 100644 index 0000000..f3bd8ca --- /dev/null +++ b/server/configs/libvirt-config/private-nwfilter.xml @@ -0,0 +1,8 @@ + + + + + + + + diff --git a/server/configs/libvirt-config/private.xml b/server/configs/libvirt-config/private.xml index 532cd76..d6ce465 100644 --- a/server/configs/libvirt-config/private.xml +++ b/server/configs/libvirt-config/private.xml @@ -99,6 +99,7 @@ + diff --git a/server/container-config.hpp b/server/container-config.hpp index f5f202e..e679abb 100644 --- a/server/container-config.hpp +++ b/server/container-config.hpp @@ -60,6 +60,12 @@ struct ContainerConfig { std::string networkConfig; /** + * + * Container's libvirt (XML) network filter config file. + */ + std::string networkFilterConfig; + + /** * Container's CFS quota in us when it's in the foreground */ std::int64_t cpuQuotaForeground; @@ -92,6 +98,7 @@ struct ContainerConfig { switchToDefaultAfterTimeout, config, networkConfig, + networkFilterConfig, cpuQuotaForeground, cpuQuotaBackground, runMountPoint, diff --git a/server/container.cpp b/server/container.cpp index 6fcaf77..62b2c65a 100644 --- a/server/container.cpp +++ b/server/container.cpp @@ -66,6 +66,8 @@ Container::Container(const std::string& containerConfigPath, const std::string baseConfigPath = utils::dirName(containerConfigPath); mConfig.config = fs::absolute(mConfig.config, baseConfigPath).string(); mConfig.networkConfig = fs::absolute(mConfig.networkConfig, baseConfigPath).string(); + mConfig.networkFilterConfig = fs::absolute(mConfig.networkFilterConfig, + baseConfigPath).string(); if (!mConfig.runMountPoint.empty()) { mRunMountPoint = fs::absolute(mConfig.runMountPoint, baseRunMountPointPath).string(); } diff --git a/server/network-admin.cpp b/server/network-admin.cpp index 763dec0..6553d62 100644 --- a/server/network-admin.cpp +++ b/server/network-admin.cpp @@ -57,6 +57,7 @@ std::string getNetworkName(virNetworkPtr net) NetworkAdmin::NetworkAdmin(const ContainerConfig& config) : mConfig(config), + mNWFilter(utils::readFileContent(mConfig.networkFilterConfig)), mNetwork(utils::readFileContent(mConfig.networkConfig)), mId(getNetworkName(mNetwork.get())), mDetachOnExit(false) @@ -143,6 +144,7 @@ bool NetworkAdmin::isActive() void NetworkAdmin::setDetachOnExit() { mDetachOnExit = true; + mNWFilter.setDetachOnExit(); } diff --git a/server/network-admin.hpp b/server/network-admin.hpp index 8ddb883..0ec3a74 100644 --- a/server/network-admin.hpp +++ b/server/network-admin.hpp @@ -28,6 +28,7 @@ #include "container-config.hpp" +#include "libvirt/network-filter.hpp" #include "libvirt/network.hpp" @@ -69,6 +70,7 @@ public: private: const ContainerConfig& mConfig; + libvirt::LibvirtNWFilter mNWFilter; libvirt::LibvirtNetwork mNetwork; const std::string mId; bool mDetachOnExit; diff --git a/tests/integration_tests/CMakeLists.txt b/tests/integration_tests/CMakeLists.txt index 3f96c47..c0289c3 100644 --- a/tests/integration_tests/CMakeLists.txt +++ b/tests/integration_tests/CMakeLists.txt @@ -38,3 +38,4 @@ INSTALL(PROGRAMS ${main_SCRIPT} DESTINATION ${SCRIPT_INSTALL_DIR}) ## Subdirectories ############################################################## ADD_SUBDIRECTORY(common) ADD_SUBDIRECTORY(image_tests) +ADD_SUBDIRECTORY(network_tests) diff --git a/tests/integration_tests/__init__.py b/tests/integration_tests/__init__.py index 731d042..634cfe6 100644 --- a/tests/integration_tests/__init__.py +++ b/tests/integration_tests/__init__.py @@ -1,3 +1,4 @@ __all__ = ["common", + "network_tests", "image_tests" ] diff --git a/tests/integration_tests/network_tests/CMakeLists.txt b/tests/integration_tests/network_tests/CMakeLists.txt new file mode 100644 index 0000000..374c8c1 --- /dev/null +++ b/tests/integration_tests/network_tests/CMakeLists.txt @@ -0,0 +1,26 @@ +# Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# @file CMakeLists.txt +# @author Jacek Pielaszkiewicz (j.pielaszkie@samsung.com) +# + +MESSAGE(STATUS "Including network tests to Integration Tests...") + +SET(TEST_NETWORK_DEST_DIR "${TEST_DEST_DIR}/network_tests") + +FILE(GLOB net_test_SCRIPTS *.py) + +INSTALL(FILES ${net_test_SCRIPTS} DESTINATION ${TEST_NETWORK_DEST_DIR}) diff --git a/tests/integration_tests/network_tests/__init__.py b/tests/integration_tests/network_tests/__init__.py new file mode 100644 index 0000000..a41c5d7 --- /dev/null +++ b/tests/integration_tests/network_tests/__init__.py @@ -0,0 +1,4 @@ +__all__ = ["network_common", + "network_tests" + ] + diff --git a/tests/integration_tests/network_tests/network_common.py b/tests/integration_tests/network_tests/network_common.py new file mode 100755 index 0000000..2b64920 --- /dev/null +++ b/tests/integration_tests/network_tests/network_common.py @@ -0,0 +1,297 @@ +#Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file network_common.py.in +# @author Jacek Pielaszkiewicz (j.pielaszkie@samsung.com) +# + +from sc_integration_tests.common import sc_test_utils +import subprocess +import string +import sys +import os + +# Debug command on/off +DEBUG_COMMAND=False + +# Test urls +TEST_URL_INTERNET=["www.samsung.com", "www.google.com", "www.oracle.com"] + +# Path to test container +TEST_CONTAINER_PATH="/opt/usr/containers/private" + +# Device Ethernet device +ETHERNET_DEVICE="usb0" +ETHERNET_DEVICE_DETECT=False + +# Test containers +CONTAINER_T1="business" +CONTAINER_T2="private" + +containers=[CONTAINER_T1, CONTAINER_T2] + +# Null device +OUTPUT_TO_NULL_DEVICE=" >/dev/null 2>&1 " + +# Ping timeout +PING_TIME_OUT=3 + +# The calss store test cases results +class TestNetworkInfo: + testName = "" + testItemType = [] + testItemName = [] + testItemStatus = [] + testItemResult = [] + testItemDescription = [] + + def __init__(self, tn): + self.testName = tn + +# ---------------------------------------------------------- +# Functions print info/error/warning message +# +def LOG_INFO(arg): + print("[Info] " + arg) + +def LOG_ERROR(arg): + print("[Error] " + arg) + +def LOG_WARNING(arg): + print("[Warning] " + arg) + +def LOG_DEBUG(arg): + print("[Debug] " + arg) + +# ---------------------------------------------------------- +# The function tests mandatory user privileges +# +def test_run_user(): + if(os.getegid() != 0 or os.geteuid() != 0): + return 1 + return 0 + +# ---------------------------------------------------------- +# The function runs os command +# +def runCommand(cmd, blockDebug=False): + null_device_str = OUTPUT_TO_NULL_DEVICE + if(DEBUG_COMMAND): + null_device_str = "" + + run_cmd = "( " + cmd + " ) " + null_device_str + + rc=0 + try: + out=sc_test_utils.launchProc(run_cmd) + except Exception: + rc=1 + + if(DEBUG_COMMAND and not blockDebug): + LOG_DEBUG("[DEBUG CMD] RC = " + str(rc) + "; CMD = " + run_cmd) + + return rc + +# ---------------------------------------------------------- +# The function runs os command and read output +# +def runCommandAndReadOutput(cmd): + proc=subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE) + while(True): + # Return code + rcode=proc.poll() + + # Get line + ret=proc.stdout.readline() + ret=ret.translate(None, "\n") + + # Ignore empty lines + if(ret != ""): + yield ret + + # Test return code + if(rcode is not None): + break + +# ---------------------------------------------------------- +# The function checks whether test container image is present in system +# +def test_guest_image(): + rc = runCommand("/usr/bin/chroot " + TEST_CONTAINER_PATH + " /bin/true") + if( rc != 0 ): + return 1 + return 0 + +# ---------------------------------------------------------- +# The functions gets active ethernet device +# +def getActiveEthernetDevice(): + cmd=["/usr/sbin/ip -o link | /usr/bin/awk \' /ether/ { split( $2, list, \":\" ); print list[1] }\'"] + iter = runCommandAndReadOutput(cmd) + for val in iter: + ETHERNET_DEVICE=val + + if(ETHERNET_DEVICE == ""): + return 1 + + return 0 + +# ---------------------------------------------------------- +# The function checks whether mandatory tools are present in +# the system +# +def test_mandatory_toos(): + + tools =["/usr/bin/ping"] + root_tools=[TEST_CONTAINER_PATH] + + for i in range(len(tools)): + rc = runCommand("/usr/bin/ls " + root_tools[i] + tools[i]) + if( rc != 0 ): + if( root_tools[i] != "" ): + LOG_ERROR("No " + tools[i] + " command in guest") + else: + LOG_ERROR("No " + tools[i] + " command in host") + return 1 + return 0 + +def virshCmd(args): + return runCommand("/usr/bin/virsh -c lxc:/// " + args) + +# ---------------------------------------------------------- +# The function tests single test case result +# +def test_result(expected_result, result): + if((expected_result >= 0 and result == expected_result) or (expected_result < 0 and result != 0)): + return 0 + return 1 + +# ---------------------------------------------------------- +# The function performs single internet access test +# +def internetAccessTest(container): + count=0 + for item in TEST_URL_INTERNET: + LOG_INFO(" Test for URL : " + item); + rc = virshCmd("lxc-enter-namespace " + container + \ + " --noseclabel -- /usr/bin/ping -c 3 -W " + \ + str(PING_TIME_OUT) + " " + item) + if(rc != 0): + count = count + 1 + + if(count != 0): + return 1 + + return 0; + +# ---------------------------------------------------------- +# The function performs single internet access test +# +def networkVisibiltyTest(container, dest_ip): + return virshCmd("lxc-enter-namespace " + container + \ + " --noseclabel -- /usr/bin/ping -c 3 -W " + \ + str(PING_TIME_OUT) + " " + dest_ip) + +def printInternetAccessTestStatus(container, testInfo1): + + text = " Internet access for container: " + container + \ + "; TCS = " + testInfo1.testItemResult[len(testInfo1.testItemResult)-1] + + if(testInfo1.testItemResult[len(testInfo1.testItemResult)-1] == "Success"): + LOG_INFO(text) + else: + LOG_ERROR(text) + +def networkVisibiltyTestStatus(src, dest, ip, testInfo2): + + text = " Container access: " + src + \ + " -> " + dest + \ + " [" + ip + "]" + \ + "; TCS = " + testInfo2.testItemResult[len(testInfo2.testItemResult)-1] + + if(testInfo2.testItemResult[len(testInfo2.testItemResult)-1] == "Success"): + LOG_INFO(text) + else: + LOG_ERROR(text) + +# ---------------------------------------------------------- +# The function performs test case for two containers - Business and Private. +# Both containers are mutually isolated and have access to the Internet. +# +def twoNetworks(): + ltestInfo = TestNetworkInfo("Two networks tests") + + # 0. Test data + containers_list = [CONTAINER_T1, CONTAINER_T2] + dest_containers_list = [CONTAINER_T2, CONTAINER_T1] + test_ip_list = [["192.168.101.2"], ["192.168.102.2"]] + test_1_expected_res = [ 0, 0] + test_2_expected_res = [-1, -1] + + # 1. Enable internet access for both networks + LOG_INFO(" - Setup device") + + # 2. Internet access + LOG_INFO(" - Two containers environment network test case execution") + LOG_INFO(" - Internet access test") + for i in range(len(containers_list)): + + # - Test case info + ltestInfo.testItemType.append("[Two nets] Internet access") + ltestInfo.testItemName.append(containers_list[i]) + ltestInfo.testItemDescription.append("Internet access test for : " + containers_list[i]) + + # - Perform test + rc = internetAccessTest(containers_list[i]) + + # - Test status store + if(test_result(test_1_expected_res[i], rc) == 0): + ltestInfo.testItemStatus.append(0) + ltestInfo.testItemResult.append("Success") + else: + ltestInfo.testItemStatus.append(1) + ltestInfo.testItemResult.append("Error") + + # - Print status + printInternetAccessTestStatus(containers_list[i], ltestInfo) + + # 3. Mutual containers visibility + LOG_INFO(" - Containers isolation") + for i in range(len(containers_list)): + # Interate over destynation ips + dest_ips = test_ip_list[i] + + for j in range(len(dest_ips)): + # - Test case info + ltestInfo.testItemType.append("[Two nets] Visibility") + ltestInfo.testItemName.append(containers_list[i] + "->" + dest_containers_list[i]) + ltestInfo.testItemDescription.append("Container access for : " + containers_list[i]) + + # Perform test + rc = networkVisibiltyTest(containers_list[i], dest_ips[j]) + + # - Test status store + if(test_result(test_2_expected_res[i], rc) == 0): + ltestInfo.testItemStatus.append(0) + ltestInfo.testItemResult.append("Success") + else: + ltestInfo.testItemStatus.append(1) + ltestInfo.testItemResult.append("Error") + + # - Print status + networkVisibiltyTestStatus(containers_list[i], dest_containers_list[i], dest_ips[j], ltestInfo) + + LOG_INFO(" - Clean environment") + + return ltestInfo diff --git a/tests/integration_tests/network_tests/network_tests.py b/tests/integration_tests/network_tests/network_tests.py new file mode 100644 index 0000000..bd118a2 --- /dev/null +++ b/tests/integration_tests/network_tests/network_tests.py @@ -0,0 +1,65 @@ +#Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file network_tests.py +# @author Jacek Pielaszkiewicz (j.pielaszkie@samsung.com) +# + +'''! Module used to test network in containers + +@author: Jacek Pielaszkiewicz (j.pielaszkie@samsung.com) +''' +import unittest +from sc_integration_tests.common import sc_test_utils +from network_common import * + +class NetworkTestCase(unittest.TestCase): + '''! Test case to check network configuration + ''' + def setUp(self): + # Function setup host machine to perform tests + # + # 1. Check user permisions + if(test_run_user() == 1): + self.assertTrue(False, "ROOT user is required to run the test") + return + + # 2. Test container images + if(test_guest_image() == 1): + self.assertTrue(False, "No test container in path :" + TEST_CONTAINER_PATH) + return + + # 3. Test mandatory tools + if(test_mandatory_toos() == 1): + self.assertTrue(False, "No mandatory tools on host or in guest") + return + + # 4. Ethernet device obtaning + if(ETHERNET_DEVICE_DETECT and getActiveEthernetDevice() == 1): + self.assertTrue(False, "Cannot obtain ethernet device") + return + + def test_01twoNetworks(self): + '''! Checks networks configuration + ''' + print("\n") + ret=twoNetworks() + for item in ret.testItemStatus: + self.assertTrue(item == 0) + +def main(): + unittest.main(verbosity=2) + +if __name__ == "__main__": + main() diff --git a/tests/integration_tests/sc_int_tests.py b/tests/integration_tests/sc_int_tests.py index 42e2812..60d1ed3 100644 --- a/tests/integration_tests/sc_int_tests.py +++ b/tests/integration_tests/sc_int_tests.py @@ -5,12 +5,14 @@ Security-containers integration tests launcher. Launches all integration tests. ''' import unittest +from sc_integration_tests.network_tests import * from sc_integration_tests.image_tests import * # add tests here... test_groups = [ - image_tests + image_tests, + network_tests ] diff --git a/tests/unit_tests/libvirt/network.cpp b/tests/unit_tests/libvirt/network.cpp index 09adcc8..b158ecd 100644 --- a/tests/unit_tests/libvirt/network.cpp +++ b/tests/unit_tests/libvirt/network.cpp @@ -26,6 +26,7 @@ #include "config.hpp" #include "ut.hpp" +#include "libvirt/network-filter.hpp" #include "libvirt/network.hpp" #include "libvirt/exception.hpp" @@ -56,12 +57,27 @@ const std::string CORRECT_CONFIG_XML = "" " " ""; +const std::string CORRECT_CONFIG_FILTER_XML = "" + " " + " " + " " + " " + " " + " " + ""; + const std::string BUGGY_CONFIG_XML = "<>"; +const std::string BUGGY_CONFIG_FILTER_XML = "<> nwFilterPtr; + BOOST_REQUIRE_NO_THROW(nwFilterPtr.reset(new LibvirtNWFilter(CORRECT_CONFIG_FILTER_XML))); + BOOST_REQUIRE_NO_THROW(nwFilterPtr.reset()); + std::unique_ptr netPtr; BOOST_REQUIRE_NO_THROW(netPtr.reset(new LibvirtNetwork(CORRECT_CONFIG_XML))); BOOST_REQUIRE_NO_THROW(netPtr.reset()); @@ -69,17 +85,24 @@ BOOST_AUTO_TEST_CASE(ConstructorDestructorTest) BOOST_AUTO_TEST_CASE(BuggyConfigTest) { + BOOST_REQUIRE_THROW(LibvirtNWFilter filter(BUGGY_CONFIG_FILTER_XML), LibvirtOperationException); BOOST_REQUIRE_THROW(LibvirtNetwork net(BUGGY_CONFIG_XML), LibvirtOperationException); } BOOST_AUTO_TEST_CASE(DefinitionTest) { + LibvirtNWFilter filter(CORRECT_CONFIG_FILTER_XML); + BOOST_CHECK(filter.get() != NULL); + LibvirtNetwork net(CORRECT_CONFIG_XML); BOOST_CHECK(net.get() != NULL); } BOOST_AUTO_TEST_CASE(BoolTest) { + LibvirtNWFilter filter(CORRECT_CONFIG_FILTER_XML); + BOOST_CHECK(filter); + LibvirtNetwork net(CORRECT_CONFIG_XML); BOOST_CHECK(net); } diff --git a/tests/unit_tests/server/configs/ut-container-admin/containers/buggy.conf.in b/tests/unit_tests/server/configs/ut-container-admin/containers/buggy.conf.in index 341052b..9ebef78 100644 --- a/tests/unit_tests/server/configs/ut-container-admin/containers/buggy.conf.in +++ b/tests/unit_tests/server/configs/ut-container-admin/containers/buggy.conf.in @@ -3,6 +3,7 @@ "switchToDefaultAfterTimeout" : true, "config" : "@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-container-admin/libvirt-config/buggy.xml", "networkConfig" : "", + "networkFilterConfig" : "", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "", diff --git a/tests/unit_tests/server/configs/ut-container-admin/containers/missing.conf b/tests/unit_tests/server/configs/ut-container-admin/containers/missing.conf index 7ac04e9..1943228 100644 --- a/tests/unit_tests/server/configs/ut-container-admin/containers/missing.conf +++ b/tests/unit_tests/server/configs/ut-container-admin/containers/missing.conf @@ -3,6 +3,7 @@ "switchToDefaultAfterTimeout" : true, "config" : "/this/is/a/missing/file/path/missing.xml", "networkConfig" : "", + "networkFilterConfig" : "", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "", diff --git a/tests/unit_tests/server/configs/ut-container-admin/containers/test-no-shutdown.conf.in b/tests/unit_tests/server/configs/ut-container-admin/containers/test-no-shutdown.conf.in index 8f4da35..2360ac6 100644 --- a/tests/unit_tests/server/configs/ut-container-admin/containers/test-no-shutdown.conf.in +++ b/tests/unit_tests/server/configs/ut-container-admin/containers/test-no-shutdown.conf.in @@ -3,6 +3,7 @@ "switchToDefaultAfterTimeout" : true, "config" : "@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-container-admin/libvirt-config/test-no-shutdown.xml", "networkConfig" : "", + "networkFilterConfig" : "", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "", diff --git a/tests/unit_tests/server/configs/ut-container-admin/containers/test.conf.in b/tests/unit_tests/server/configs/ut-container-admin/containers/test.conf.in index badc3da..52da12a 100644 --- a/tests/unit_tests/server/configs/ut-container-admin/containers/test.conf.in +++ b/tests/unit_tests/server/configs/ut-container-admin/containers/test.conf.in @@ -3,6 +3,7 @@ "switchToDefaultAfterTimeout" : true, "config" : "@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-container-admin/libvirt-config/test.xml", "networkConfig" : "", + "networkFilterConfig" : "", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "", diff --git a/tests/unit_tests/server/configs/ut-container/containers/buggy.conf b/tests/unit_tests/server/configs/ut-container/containers/buggy.conf index 0dc866a..5f59a89 100644 --- a/tests/unit_tests/server/configs/ut-container/containers/buggy.conf +++ b/tests/unit_tests/server/configs/ut-container/containers/buggy.conf @@ -3,6 +3,7 @@ "switchToDefaultAfterTimeout" : true, "config" : "/missing/file/path/libvirt.xml", "networkConfig" : "../libvirt-config/network.xml", + "networkFilterConfig" : "../libvirt-config/network-filter.xml", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "", diff --git a/tests/unit_tests/server/configs/ut-container/containers/test-dbus.conf b/tests/unit_tests/server/configs/ut-container/containers/test-dbus.conf index bf35f07..f646f80 100644 --- a/tests/unit_tests/server/configs/ut-container/containers/test-dbus.conf +++ b/tests/unit_tests/server/configs/ut-container/containers/test-dbus.conf @@ -3,6 +3,7 @@ "switchToDefaultAfterTimeout" : true, "config" : "../libvirt-config/test-dbus.xml", "networkConfig" : "../libvirt-config/network.xml", + "networkFilterConfig" : "../libvirt-config/network-filter.xml", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "/tmp/ut-container", diff --git a/tests/unit_tests/server/configs/ut-container/containers/test.conf b/tests/unit_tests/server/configs/ut-container/containers/test.conf index dc81e44..cfd08c4 100644 --- a/tests/unit_tests/server/configs/ut-container/containers/test.conf +++ b/tests/unit_tests/server/configs/ut-container/containers/test.conf @@ -3,6 +3,7 @@ "switchToDefaultAfterTimeout" : true, "config" : "../libvirt-config/test.xml", "networkConfig" : "../libvirt-config/network.xml", + "networkFilterConfig" : "../libvirt-config/network-filter.xml", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "", diff --git a/tests/unit_tests/server/configs/ut-container/libvirt-config/network-filter.xml b/tests/unit_tests/server/configs/ut-container/libvirt-config/network-filter.xml new file mode 100644 index 0000000..fa1490e --- /dev/null +++ b/tests/unit_tests/server/configs/ut-container/libvirt-config/network-filter.xml @@ -0,0 +1,4 @@ + + 37ec6a98-a8f2-4033-8146-a71deb1f0008 + + diff --git a/tests/unit_tests/server/configs/ut-container/libvirt-config/test-dbus.xml.in b/tests/unit_tests/server/configs/ut-container/libvirt-config/test-dbus.xml.in index 555a9c6..d927f11 100644 --- a/tests/unit_tests/server/configs/ut-container/libvirt-config/test-dbus.xml.in +++ b/tests/unit_tests/server/configs/ut-container/libvirt-config/test-dbus.xml.in @@ -16,6 +16,7 @@ + diff --git a/tests/unit_tests/server/configs/ut-container/libvirt-config/test.xml b/tests/unit_tests/server/configs/ut-container/libvirt-config/test.xml index 4205758..a6bab81 100644 --- a/tests/unit_tests/server/configs/ut-container/libvirt-config/test.xml +++ b/tests/unit_tests/server/configs/ut-container/libvirt-config/test.xml @@ -12,6 +12,7 @@ + diff --git a/tests/unit_tests/server/configs/ut-containers-manager/containers/console1-dbus.conf b/tests/unit_tests/server/configs/ut-containers-manager/containers/console1-dbus.conf index ef49f19..af3380b 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/containers/console1-dbus.conf +++ b/tests/unit_tests/server/configs/ut-containers-manager/containers/console1-dbus.conf @@ -3,6 +3,7 @@ "switchToDefaultAfterTimeout" : true, "config" : "../libvirt-config/console1-dbus.xml", "networkConfig" : "../libvirt-config/network1.xml", + "networkFilterConfig" : "../libvirt-config/network1-filter.xml", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "/tmp/ut-containers-manager/console1-dbus", diff --git a/tests/unit_tests/server/configs/ut-containers-manager/containers/console1.conf b/tests/unit_tests/server/configs/ut-containers-manager/containers/console1.conf index b26e02e..e7bcf3f 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/containers/console1.conf +++ b/tests/unit_tests/server/configs/ut-containers-manager/containers/console1.conf @@ -3,6 +3,7 @@ "switchToDefaultAfterTimeout" : true, "config" : "../libvirt-config/console1.xml", "networkConfig" : "../libvirt-config/network1.xml", + "networkFilterConfig" : "../libvirt-config/network1-filter.xml", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "", diff --git a/tests/unit_tests/server/configs/ut-containers-manager/containers/console2-dbus.conf b/tests/unit_tests/server/configs/ut-containers-manager/containers/console2-dbus.conf index 76c5e49..0db0a8a 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/containers/console2-dbus.conf +++ b/tests/unit_tests/server/configs/ut-containers-manager/containers/console2-dbus.conf @@ -3,6 +3,7 @@ "switchToDefaultAfterTimeout" : false, "config" : "../libvirt-config/console2-dbus.xml", "networkConfig" : "../libvirt-config/network2.xml", + "networkFilterConfig" : "../libvirt-config/network2-filter.xml", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "/tmp/ut-containers-manager/console2-dbus", diff --git a/tests/unit_tests/server/configs/ut-containers-manager/containers/console2.conf b/tests/unit_tests/server/configs/ut-containers-manager/containers/console2.conf index f609a85..9e0b7c5 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/containers/console2.conf +++ b/tests/unit_tests/server/configs/ut-containers-manager/containers/console2.conf @@ -3,6 +3,7 @@ "switchToDefaultAfterTimeout" : true, "config" : "../libvirt-config/console2.xml", "networkConfig" : "../libvirt-config/network2.xml", + "networkFilterConfig" : "../libvirt-config/network2-filter.xml", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "", diff --git a/tests/unit_tests/server/configs/ut-containers-manager/containers/console3-dbus.conf b/tests/unit_tests/server/configs/ut-containers-manager/containers/console3-dbus.conf index 592cbfa..14a8a60 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/containers/console3-dbus.conf +++ b/tests/unit_tests/server/configs/ut-containers-manager/containers/console3-dbus.conf @@ -3,6 +3,7 @@ "switchToDefaultAfterTimeout" : true, "config" : "../libvirt-config/console3-dbus.xml", "networkConfig" : "../libvirt-config/network3.xml", + "networkFilterConfig" : "../libvirt-config/network3-filter.xml", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "/tmp/ut-containers-manager/console3-dbus", diff --git a/tests/unit_tests/server/configs/ut-containers-manager/containers/console3.conf b/tests/unit_tests/server/configs/ut-containers-manager/containers/console3.conf index e249df7..6ace25e 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/containers/console3.conf +++ b/tests/unit_tests/server/configs/ut-containers-manager/containers/console3.conf @@ -3,6 +3,7 @@ "switchToDefaultAfterTimeout" : true, "config" : "../libvirt-config/console3.xml", "networkConfig" : "../libvirt-config/network3.xml", + "networkFilterConfig" : "../libvirt-config/network3-filter.xml", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "", diff --git a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console1.xml b/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console1.xml index 9ca7f5e..81ded84 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console1.xml +++ b/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console1.xml @@ -12,6 +12,7 @@ + diff --git a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console2.xml b/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console2.xml index ca8400a..90abf67 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console2.xml +++ b/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console2.xml @@ -12,6 +12,7 @@ + diff --git a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console3.xml b/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console3.xml index d3224ff..3c08bb2 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console3.xml +++ b/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console3.xml @@ -12,6 +12,7 @@ + diff --git a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network1-filter.xml b/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network1-filter.xml new file mode 100644 index 0000000..df0befd --- /dev/null +++ b/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network1-filter.xml @@ -0,0 +1,3 @@ + + 37ec6a98-a8f2-4033-8146-a71deb1f0003 + diff --git a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network2-filter.xml b/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network2-filter.xml new file mode 100644 index 0000000..68d7dab --- /dev/null +++ b/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network2-filter.xml @@ -0,0 +1,3 @@ + + 37ec6a98-a8f2-4033-8146-a71deb1f0002 + diff --git a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network3-filter.xml b/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network3-filter.xml new file mode 100644 index 0000000..5e44805 --- /dev/null +++ b/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network3-filter.xml @@ -0,0 +1,3 @@ + + 37ec6a98-a8f2-4033-8146-a71deb1f0004 + diff --git a/tests/unit_tests/server/configs/ut-network-admin/containers/buggy.conf.in b/tests/unit_tests/server/configs/ut-network-admin/containers/buggy.conf.in index 2b88e29..48d0ef8 100644 --- a/tests/unit_tests/server/configs/ut-network-admin/containers/buggy.conf.in +++ b/tests/unit_tests/server/configs/ut-network-admin/containers/buggy.conf.in @@ -3,6 +3,7 @@ "switchToDefaultAfterTimeout" : true, "config" : "", "networkConfig" : "@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-network-admin/libvirt-config/buggy-network.xml", + "networkFilterConfig" : "@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-network-admin/libvirt-config/buggy-network-filter.xml", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "", diff --git a/tests/unit_tests/server/configs/ut-network-admin/containers/missing.conf b/tests/unit_tests/server/configs/ut-network-admin/containers/missing.conf index ca580a1..b60814d 100644 --- a/tests/unit_tests/server/configs/ut-network-admin/containers/missing.conf +++ b/tests/unit_tests/server/configs/ut-network-admin/containers/missing.conf @@ -3,6 +3,7 @@ "switchToDefaultAfterTimeout" : true, "config" : "", "networkConfig" : "", + "networkFilterConfig" : "", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "", diff --git a/tests/unit_tests/server/configs/ut-network-admin/containers/test.conf.in b/tests/unit_tests/server/configs/ut-network-admin/containers/test.conf.in index 547c6cd..1dce4ea 100644 --- a/tests/unit_tests/server/configs/ut-network-admin/containers/test.conf.in +++ b/tests/unit_tests/server/configs/ut-network-admin/containers/test.conf.in @@ -3,6 +3,7 @@ "switchToDefaultAfterTimeout" : true, "config" : "", "networkConfig" : "@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-network-admin/libvirt-config/network.xml", + "networkFilterConfig" : "@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-network-admin/libvirt-config/network-filter.xml", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "", diff --git a/tests/unit_tests/server/configs/ut-network-admin/libvirt-config/buggy-network-filter.xml b/tests/unit_tests/server/configs/ut-network-admin/libvirt-config/buggy-network-filter.xml new file mode 100644 index 0000000..de0f81e --- /dev/null +++ b/tests/unit_tests/server/configs/ut-network-admin/libvirt-config/buggy-network-filter.xml @@ -0,0 +1 @@ +<> diff --git a/tests/unit_tests/server/configs/ut-network-admin/libvirt-config/network-filter.xml b/tests/unit_tests/server/configs/ut-network-admin/libvirt-config/network-filter.xml new file mode 100644 index 0000000..658c129 --- /dev/null +++ b/tests/unit_tests/server/configs/ut-network-admin/libvirt-config/network-filter.xml @@ -0,0 +1,4 @@ + + 37ec6a98-a8f2-4033-8146-a71deb1f0001 + + diff --git a/tests/unit_tests/server/configs/ut-server/containers/container1.conf b/tests/unit_tests/server/configs/ut-server/containers/container1.conf index f93690a..b0f523f 100644 --- a/tests/unit_tests/server/configs/ut-server/containers/container1.conf +++ b/tests/unit_tests/server/configs/ut-server/containers/container1.conf @@ -3,6 +3,7 @@ "switchToDefaultAfterTimeout" : true, "config" : "../libvirt-config/container1.xml", "networkConfig" : "../libvirt-config/network1.xml", + "networkFilterConfig" : "../libvirt-config/network1-filter.xml", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "", diff --git a/tests/unit_tests/server/configs/ut-server/containers/container2.conf b/tests/unit_tests/server/configs/ut-server/containers/container2.conf index f519018..8a1fde1 100644 --- a/tests/unit_tests/server/configs/ut-server/containers/container2.conf +++ b/tests/unit_tests/server/configs/ut-server/containers/container2.conf @@ -3,6 +3,7 @@ "switchToDefaultAfterTimeout" : true, "config" : "../libvirt-config/container2.xml", "networkConfig" : "../libvirt-config/network2.xml", + "networkFilterConfig" : "../libvirt-config/network2-filter.xml", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "", diff --git a/tests/unit_tests/server/configs/ut-server/containers/container3.conf b/tests/unit_tests/server/configs/ut-server/containers/container3.conf index 3c5989e..be23c63 100644 --- a/tests/unit_tests/server/configs/ut-server/containers/container3.conf +++ b/tests/unit_tests/server/configs/ut-server/containers/container3.conf @@ -3,6 +3,7 @@ "switchToDefaultAfterTimeout" : true, "config" : "../libvirt-config/container3.xml", "networkConfig" : "../libvirt-config/network3.xml", + "networkFilterConfig" : "../libvirt-config/network3-filter.xml", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "", diff --git a/tests/unit_tests/server/configs/ut-server/libvirt-config/container1.xml b/tests/unit_tests/server/configs/ut-server/libvirt-config/container1.xml index 8571df7..913168b 100644 --- a/tests/unit_tests/server/configs/ut-server/libvirt-config/container1.xml +++ b/tests/unit_tests/server/configs/ut-server/libvirt-config/container1.xml @@ -12,6 +12,7 @@ + diff --git a/tests/unit_tests/server/configs/ut-server/libvirt-config/container2.xml b/tests/unit_tests/server/configs/ut-server/libvirt-config/container2.xml index 23f7a76..904765e 100644 --- a/tests/unit_tests/server/configs/ut-server/libvirt-config/container2.xml +++ b/tests/unit_tests/server/configs/ut-server/libvirt-config/container2.xml @@ -12,6 +12,7 @@ + diff --git a/tests/unit_tests/server/configs/ut-server/libvirt-config/container3.xml b/tests/unit_tests/server/configs/ut-server/libvirt-config/container3.xml index 59ea557..569c592 100644 --- a/tests/unit_tests/server/configs/ut-server/libvirt-config/container3.xml +++ b/tests/unit_tests/server/configs/ut-server/libvirt-config/container3.xml @@ -12,6 +12,7 @@ + diff --git a/tests/unit_tests/server/configs/ut-server/libvirt-config/network1-filter.xml b/tests/unit_tests/server/configs/ut-server/libvirt-config/network1-filter.xml new file mode 100644 index 0000000..b1dc861 --- /dev/null +++ b/tests/unit_tests/server/configs/ut-server/libvirt-config/network1-filter.xml @@ -0,0 +1,3 @@ + + 37ec6a98-a8f2-4033-8146-a71deb1f0006 + diff --git a/tests/unit_tests/server/configs/ut-server/libvirt-config/network2-filter.xml b/tests/unit_tests/server/configs/ut-server/libvirt-config/network2-filter.xml new file mode 100644 index 0000000..45911ce --- /dev/null +++ b/tests/unit_tests/server/configs/ut-server/libvirt-config/network2-filter.xml @@ -0,0 +1,3 @@ + + 37ec6a98-a8f2-4033-8146-a71deb1f0005 + diff --git a/tests/unit_tests/server/configs/ut-server/libvirt-config/network3-filter.xml b/tests/unit_tests/server/configs/ut-server/libvirt-config/network3-filter.xml new file mode 100644 index 0000000..84416fb --- /dev/null +++ b/tests/unit_tests/server/configs/ut-server/libvirt-config/network3-filter.xml @@ -0,0 +1,3 @@ + + 37ec6a98-a8f2-4033-8146-a71deb1f0007 + -- 2.7.4