----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/25796/ -----------------------------------------------------------
Review request for cloudstack, edison su and Min Chen. Repository: cloudstack-git Description ------- Attempting to create shared network on the advanced zone set up fails with following exception since the script tried to create network with "shared network with securitygroup enabled" network offering , when the real intent was to create network with "shared network" Root cause for this issue , is we query for networkoffering with "name=DefaultSharedNetworkOffering" which results in returning 2 entries , "DefaultSharedNetworkOffering" and "DefaultSharedNetworkOfferingWithSGService". The script ends up picking the network offering of "DefaultSharedNetworkOfferingWithSGService" Fixed test scripts to use additional parameter displayText="Offering for Shared networks" when listing Network offerings,so that it returns only default shared network offering. Also made the names of the shared network created in test_acl_sharednetwork_deployVM-impersonation.py unique so that it does not clash with the ones used in test_acl_sharednetwork.py Diffs ----- test/integration/component/test_acl_sharednetwork.py 12a590e test/integration/component/test_acl_sharednetwork_deployVM-impersonation.py fba3d33 Diff: https://reviews.apache.org/r/25796/diff/ Testing ------- Tested on advanced zone set up with simulator build: Validate that admin user in ROOT domain is NOT allowed to deploy VM in a shared network created with scope="account" for an account ... === TestName: test_deployVM_in_sharedNetwork_scope_account_ROOTadmin | Status : SUCCESS === ok Validate that user in ROOT domain is NOT allowed to deploy VM in a shared network created with scope="account" for an account ... === TestName: test_deployVM_in_sharedNetwork_scope_account_ROOTuser | Status : SUCCESS === ok Validate that regular user from a domain different from that of the account is NOT allowed to deploy VM in a shared network created with scope="account" for an account ... === TestName: test_deployVM_in_sharedNetwork_scope_account_differentdomain | Status : SUCCESS === ok Validate that an admin user under the same domain but belonging to a different account is allowed to deploy VM in a shared network created with scope="account" for an account ... === TestName: test_deployVM_in_sharedNetwork_scope_account_domainadminuser | Status : SUCCESS === ok Validate that any other user in same domain is NOT allowed to deploy VM in a shared network created with scope="account" for an account ... === TestName: test_deployVM_in_sharedNetwork_scope_account_domainuser | Status : SUCCESS === ok Validate that regular user in the account is allowed to deploy VM in a shared network created with scope="account" for an account ... === TestName: test_deployVM_in_sharedNetwork_scope_account_user | Status : SUCCESS === ok Validate that admin user in ROOT domain is allowed to deploy VM in a shared network created with scope="all" ... === TestName: test_deployVM_in_sharedNetwork_scope_all_ROOTadmin | Status : SUCCESS === ok Validate that regular user in ROOT domain is allowed to deploy VM in a shared network created with scope="all" ... === TestName: test_deployVM_in_sharedNetwork_scope_all_ROOTuser | Status : SUCCESS === ok Validate that regular user in "ROOT" domain is allowed to deploy VM in a shared network created with scope="all" ... === TestName: test_deployVM_in_sharedNetwork_scope_all_domainadminuser | Status : SUCCESS === ok Validate that regular user in a domain is allowed to deploy VM in a shared network created with scope="all" ... === TestName: test_deployVM_in_sharedNetwork_scope_all_domainuser | Status : SUCCESS === ok Validate that regular user in a subdomain under ROOT is allowed to deploy VM in a shared network created with scope="all" ... === TestName: test_deployVM_in_sharedNetwork_scope_all_subdomainadminuser | Status : SUCCESS === ok Validate that regular user in any subdomain is allowed to deploy VM in a shared network created with scope="all" ... === TestName: test_deployVM_in_sharedNetwork_scope_all_subdomainuser | Status : SUCCESS === ok Validate that admin in ROOT domain is NOT allowed to deploy VM in a shared network created with scope="domain" and no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_scope_domain_nosubdomainaccess_ROOTadmin | Status : SUCCESS === ok Validate that user in ROOT domain is NOT allowed to deploy VM in a shared network created with scope="domain" and no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_scope_domain_nosubdomainaccess_ROOTuser | Status : SUCCESS === ok Validate that admin user in a domain is allowed to deploy VM in a shared network created with scope="domain" and no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_scope_domain_nosubdomainaccess_domainadminuser | Status : SUCCESS === ok Validate that regular user in a domain is allowed to deploy VM in a shared network created with scope="domain" and no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_scope_domain_nosubdomainaccess_domainuser | Status : SUCCESS === ok Validate that admin user in the parent domain is NOT allowed to deploy VM in a shared network created with scope="domain" and no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_scope_domain_nosubdomainaccess_parentdomainadminuser | Status : SUCCESS === ok Validate that user in the parent domain is NOT allowed to deploy VM in a shared network created with scope="domain" and no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_scope_domain_nosubdomainaccess_parentdomainuser | Status : SUCCESS === ok Validate that admin user in a subdomain is NOT allowed to deploy VM in a shared network created with scope="domain" and no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_scope_domain_nosubdomainaccess_subdomainadminuser | Status : SUCCESS === ok Validate that regular user in a subdomain is NOT allowed to deploy VM in a shared network created with scope="domain" and no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_scope_domain_nosubdomainaccess_subdomainuser | Status : SUCCESS === ok Validate that admin user in ROOT domain is NOT allowed to deploy VM in a shared network created with scope="domain" and with subdomain access for any domain ... === TestName: test_deployVM_in_sharedNetwork_scope_domain_withsubdomainaccess_ROOTadmin | Status : SUCCESS === ok Validate that regular user in ROOT domain is NOT allowed to deploy VM in a shared network created with scope="domain" and with subdomain access for any domain ... === TestName: test_deployVM_in_sharedNetwork_scope_domain_withsubdomainaccess_ROOTuser | Status : SUCCESS === ok Validate that admin user in a domain is allowed to deploy VM in a shared network created with scope="domain" and with subdomain access for the domain ... === TestName: test_deployVM_in_sharedNetwork_scope_domain_withsubdomainaccess_domainadminuser | Status : SUCCESS === ok Validate that regular user in a domain is allowed to deploy VM in a shared network created with scope="domain" and with subdomain access for the domain ... === TestName: test_deployVM_in_sharedNetwork_scope_domain_withsubdomainaccess_domainuser | Status : SUCCESS === ok Validate that admin user in a parent domain is NOT allowed to deploy VM in a shared network created with scope="domain" and with subdomain access for any domain ... === TestName: test_deployVM_in_sharedNetwork_scope_domain_withsubdomainaccess_parentdomainadminuser | Status : SUCCESS === ok Validate that regular user in a parent domain is NOT allowed to deploy VM in a shared network created with scope="domain" and with subdomain access for the domain ... === TestName: test_deployVM_in_sharedNetwork_scope_domain_withsubdomainaccess_parentdomainuser | Status : SUCCESS === ok Validate that an admin user in a subdomain is allowed to deploy VM in a shared network created with scope="domain" and with subdomain access for the parent domain ... === TestName: test_deployVM_in_sharedNetwork_scope_domain_withsubdomainaccess_subdomainadminuser | Status : SUCCESS === ok Validate that regular user in a subdomain is allowed to deploy VM in a shared network created with scope="domain" and with subdomain access for the parent domain ... === TestName: test_deployVM_in_sharedNetwork_scope_domain_withsubdomainaccess_subdomainuser | Status : SUCCESS === ok ---------------------------------------------------------------------- Ran 28 tests in 126.034s OK Valiate that ROOT admin is NOT able to deploy a VM for a user in ROOT domain in a shared network with scope=account which the user does not have access to ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_account_ROOTuser | Status : SUCCESS === ok Valiate that ROOT admin is NOT able to deploy a VM for a admin user in a shared network with scope=account which the admin user does not have access to ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_account_differentdomain | Status : SUCCESS === ok Valiate that ROOT admin is NOT able to deploy a VM for admin user in the same domain but in a different account in a shared network with scope=account ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_account_domainadminuser | Status : SUCCESS === ok Valiate that ROOT admin is NOT able to deploy a VM for user in the same domain but in a different account in a shared network with scope=account ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_account_domainuser | Status : SUCCESS === ok Valiate that ROOT admin is able to deploy a VM for regular user in a shared network with scope=account ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_account_user | Status : SUCCESS === ok Valiate that ROOT admin is able to deploy a VM for user in ROOT domain in a shared network with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_all_ROOTuser | Status : SUCCESS === ok Valiate that ROOT admin is able to deploy a VM for a domain admin users in a shared network with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_all_domainadminuser | Status : SUCCESS === ok Valiate that ROOT admin is able to deploy a VM for other users in a shared network with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_all_domainuser | Status : SUCCESS === ok Valiate that ROOT admin is able to deploy a VM for admin user in a domain in a shared network with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_all_subdomainadminuser | Status : SUCCESS === ok Valiate that ROOT admin is able to deploy a VM for any user in a subdomain in a shared network with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_all_subdomainuser | Status : SUCCESS === ok Valiate that ROOT admin is NOT able to deploy a VM for parent domain admin user in a shared network with scope=domain with no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_nosubdomainaccess_ROOTuser | Status : SUCCESS === ok Valiate that ROOT admin is able to deploy a VM for domain admin user in a shared network with scope=domain with no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_nosubdomainaccess_domainadminuser | Status : SUCCESS === ok Valiate that ROOT admin is able to deploy a VM for domain user in a shared network with scope=domain with no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_nosubdomainaccess_domainuser | Status : SUCCESS === ok Valiate that ROOT admin is NOT able to deploy a VM for parent domain admin user in a shared network with scope=domain with no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_nosubdomainaccess_parentdomainadminuser | Status : SUCCESS === ok Valiate that ROOT admin is NOT able to deploy a VM for parent domain user in a shared network with scope=domain with no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_nosubdomainaccess_parentdomainuser | Status : SUCCESS === ok Valiate that ROOT admin is NOT able to deploy a VM for sub domain admin user in a shared network with scope=domain with no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_nosubdomainaccess_subdomainadminuser | Status : SUCCESS === ok Valiate that ROOT admin is NOT able to deploy a VM for sub domain user in a shared network with scope=domain with no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_nosubdomainaccess_subdomainuser | Status : SUCCESS === ok Valiate that ROOT admin is NOT able to deploy a VM for user in ROOT domain in a shared network with scope=domain with subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_withsubdomainaccess_ROOTuser | Status : SUCCESS === ok Valiate that ROOT admin is able to deploy a VM for domain admin user in a shared network with scope=domain with subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_withsubdomainaccess_domainadminuser | Status : SUCCESS === ok Valiate that ROOT admin is able to deploy a VM for domain user in a shared network with scope=domain with subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_withsubdomainaccess_domainuser | Status : SUCCESS === ok Valiate that ROOT admin is NOT able to deploy a VM for parent domain admin user in a shared network with scope=domain with subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_withsubdomainaccess_parentdomainadminuser | Status : SUCCESS === ok Valiate that ROOT admin is NOT able to deploy a VM for parent domain user in a shared network with scope=domain with subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_withsubdomainaccess_parentdomainuser | Status : SUCCESS === ok Valiate that ROOT admin is able to deploy a VM for subdomain admin user in a shared network with scope=domain with subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_withsubdomainaccess_subdomainadminuser | Status : SUCCESS === ok Valiate that ROOT admin is able to deploy a VM for subdomain user in a shared network with scope=domain with subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_admin_scope_domain_withsubdomainaccess_subdomainuser | Status : SUCCESS === ok Valiate that Domain admin is NOT able to deploy a VM for an regular user in ROOT domain in a shared network with scope=account ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_account_ROOTuser | Status : SUCCESS === ok Valiate that Domain admin is able NOT able to deploy a VM for an regular user from a differnt domain in a shared network with scope=account ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_account_differentdomain | Status : SUCCESS === ok Valiate that Domain admin is NOT able to deploy a VM for an admin user in the same domain but belonging to a different account in a shared network with scope=account ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_account_domainadminuser | Status : SUCCESS === ok Valiate that Domain admin is NOT able to deploy a VM for user in the same domain but belonging to a different account in a shared network with scope=account ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_account_domainuser | Status : SUCCESS === ok Valiate that Domain admin is able to deploy a VM for an regular user in a shared network with scope=account ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_account_user | Status : SUCCESS === ok Valiate that Domain admin is NOT able to deploy a VM for user in ROOT domain in a shared network with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_all_ROOTuser | Status : SUCCESS === ok Valiate that Domain admin is NOT able to deploy a VM for user in other domain in a shared network with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_all_crossdomainuser | Status : SUCCESS === ok Valiate that Domain admin is able to deploy a VM for a domain admin user in a shared network with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_all_domainadminuser | Status : SUCCESS === ok Valiate that Domain admin is able to deploy a VM for a domain user in a shared network with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_all_domainuser | Status : SUCCESS === ok Valiate that Domain admin is able to deploy a VM for a sub domain admin user in a shared network with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_all_subdomainadminuser | Status : SUCCESS === ok Valiate that Domain admin is able to deploy a VM for a sub domain user in a shared network with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_all_subdomainuser | Status : SUCCESS === ok Valiate that Domain admin is NOT able to deploy a VM for user in ROOT domain in a shared network with scope=Domain and no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_nosubdomainaccess_ROOTuser | Status : SUCCESS === ok Valiate that Domain admin is able to deploy a VM for domain admin user in a shared network with scope=Domain and no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_nosubdomainaccess_domainadminuser | Status : SUCCESS === ok Valiate that Domain admin is able to deploy a VM for domain user in a shared network with scope=Domain and no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_nosubdomainaccess_domainuser | Status : SUCCESS === ok Valiate that Domain admin is NOT able to deploy a VM for parent domain admin user in a shared network with scope=Domain and no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_nosubdomainaccess_parentdomainadminuser | Status : SUCCESS === ok Valiate that Domain admin is NOT able to deploy a VM for parent domain user in a shared network with scope=Domain and no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_nosubdomainaccess_parentdomainuser | Status : SUCCESS === ok Valiate that Domain admin is NOT able to deploy a VM for sub domain admin user in a shared network with scope=Domain and no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_nosubdomainaccess_subdomainadminuser | Status : SUCCESS === ok Valiate that Domain admin is NOT able to deploy a VM for sub domain user in a shared network with scope=Domain and no subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_nosubdomainaccess_subdomainuser | Status : SUCCESS === ok Valiate that Domain admin is NOT able to deploy a VM for user in ROOT domain in a shared network with scope=Domain and subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_withsubdomainaccess_ROOTuser | Status : SUCCESS === ok Valiate that Domain admin is able to deploy a VM for admin user in domain in a shared network with scope=Domain and subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_withsubdomainaccess_domainadminuser | Status : SUCCESS === ok Valiate that Domain admin is able to deploy a VM for regular user in domain in a shared network with scope=Domain and subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_withsubdomainaccess_domainuser | Status : SUCCESS === ok Valiate that Domain admin is NOT able to deploy a VM for admin user in parent domain in a shared network with scope=Domain and subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_withsubdomainaccess_parentdomainadminuser | Status : SUCCESS === ok Valiate that Domain admin is NOT able to deploy a VM for regular user in parent domain in a shared network with scope=Domain and subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_withsubdomainaccess_parentdomainuser | Status : SUCCESS === ok Valiate that Domain admin is able to deploy a VM for admin user in subdomain in a shared network with scope=Domain and subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_withsubdomainaccess_subdomainadminuser | Status : SUCCESS === ok Valiate that Domain admin is able to deploy a VM for regular user in subdomain in a shared network with scope=Domain and subdomain access ... === TestName: test_deployVM_in_sharedNetwork_as_domainadmin_scope_domain_withsubdomainaccess_subdomainuser | Status : SUCCESS === ok Valiate that regular user is able NOT able to deploy a VM for another user in the same domain in a shared network with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_regularuser_scope_all_anotherusersamedomain | Status : SUCCESS === ok Valiate that regular user is able NOT able to deploy a VM for another user in a different domain in a shared network with scope=all ... === TestName: test_deployVM_in_sharedNetwork_as_regularuser_scope_all_crossdomain | Status : SUCCESS === ok ---------------------------------------------------------------------- Ran 51 tests in 198.445s OK mysql> select * from network_offerings where id=7; +----+------------------------------+--------------------------------------+------------------------------+------------------------------+---------+---------+--------------+------+-------------+--------------+---------------------+---------------+---------------------+---------+---------+--------------+----------------------+---------------------------+----------+--------------------------+---------+------------+--------------------+-------------------------+--------------------+-------------------+--------+---------------+-------------+-----------+-----------------------+------------------------+--------------------+----------------------+ | id | name | uuid | unique_name | display_text | nw_rate | mc_rate | traffic_type | tags | system_only | specify_vlan | service_offering_id | conserve_mode | created | removed | default | availability | dedicated_lb_service | shared_source_nat_service | sort_key | redundant_router_service | state | guest_type | elastic_ip_service | eip_associate_public_ip | elastic_lb_service | specify_ip_ranges | inline | is_persistent | internal_lb | public_lb | egress_default_policy | concurrent_connections | keep_alive_enabled | supports_streched_l2 | +----+------------------------------+--------------------------------------+------------------------------+------------------------------+---------+---------+--------------+------+-------------+--------------+---------------------+---------------+---------------------+---------+---------+--------------+----------------------+---------------------------+----------+--------------------------+---------+------------+--------------------+-------------------------+--------------------+-------------------+--------+---------------+-------------+-----------+-----------------------+------------------------+--------------------+----------------------+ | 7 | DefaultSharedNetworkOffering | d02e56d7-9ba0-47cc-8c7b-39098c4d020a | DefaultSharedNetworkOffering | Offering for Shared networks | NULL | NULL | Guest | NULL | 0 | 1 | NULL | 1 | 2014-09-09 17:03:27 | NULL | 1 | Optional | 1 | 0 | 0 | 0 | Enabled | Shared | 0 | 1 | 0 | 1 | 0 | 0 | 0 | 0 | 0 | NULL | 0 | 0 | +----+------------------------------+--------------------------------------+------------------------------+------------------------------+---------+---------+--------------+------+-------------+--------------+---------------------+---------------+---------------------+---------+---------+--------------+----------------------+---------------------------+----------+--------------------------+---------+------------+--------------------+-------------------------+--------------------+-------------------+--------+---------------+-------------+-----------+-----------------------+------------------------+--------------------+----------------------+ 1 row in set (0.00 sec) mysql>select id,name,network_offering_id from networks; | 419 | SharedNetwork-All | 7 | | 420 | SharedNetwork-Domain-nosubdomain | 7 | | 421 | SharedNetwork-Domain-withsubdomain | 7 | | 422 | SharedNetwork-Account | 7 | | 423 | SharedNetwork-All-impersonation | 7 | | 424 | SharedNetwork-Domain-nosubdomain-impersonation | 7 | | 425 | SharedNetwork-Domain-withsubdomain-impersonation | 7 | | 426 | SharedNetwork-Account-impersonation | 7 | +-----+--------------------------------------------------------------+---------------------+ Thanks, sangeetha hariharan
