From 2f606eaf4e4e02642e663dfee855d26d0bb17e41 Mon Sep 17 00:00:00 2001 From: "Lovett, Trevor" Date: Tue, 21 Jan 2020 11:37:47 -0600 Subject: [PATCH] [VVP] Disallow vf_module_index look ups per R-55307 Change-Id: I2aa9502cbb38f4b1be943d6d100164de1e1b1628 Issue-ID: VVP-354 Signed-off-by: Lovett, Trevor --- .../test_vf_module_index/fail/contrail/base.yaml | 42 +++++++++ .../test_vf_module_index/fail/port/base.yaml | 43 ++++++++++ .../test_vf_module_index/fail/server/base.yaml | 46 ++++++++++ .../fixtures/test_vf_module_index/pass/base.yaml | 86 +++++++++++++++++++ ice_validator/tests/helpers.py | 3 + ice_validator/tests/test_vf_module_index.py | 99 ++++++++++++++++++++++ 6 files changed, 319 insertions(+) create mode 100644 ice_validator/tests/fixtures/test_vf_module_index/fail/contrail/base.yaml create mode 100644 ice_validator/tests/fixtures/test_vf_module_index/fail/port/base.yaml create mode 100644 ice_validator/tests/fixtures/test_vf_module_index/fail/server/base.yaml create mode 100644 ice_validator/tests/fixtures/test_vf_module_index/pass/base.yaml create mode 100644 ice_validator/tests/test_vf_module_index.py diff --git a/ice_validator/tests/fixtures/test_vf_module_index/fail/contrail/base.yaml b/ice_validator/tests/fixtures/test_vf_module_index/fail/contrail/base.yaml new file mode 100644 index 0000000..5f75a13 --- /dev/null +++ b/ice_validator/tests/fixtures/test_vf_module_index/fail/contrail/base.yaml @@ -0,0 +1,42 @@ +# -*- coding: utf8 -*- +# ============LICENSE_START==================================================== +# org.onap.vvp/validation-scripts +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the "License"); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the "License"); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +resources: + + vm_type_a_0_db_vmi_0_ip_0: + type: OS::ContrailV2::InstanceIp + properties: + instance_ip_address: { get_param: [contrail_ips, {get_param: vf_module_index}] } \ No newline at end of file diff --git a/ice_validator/tests/fixtures/test_vf_module_index/fail/port/base.yaml b/ice_validator/tests/fixtures/test_vf_module_index/fail/port/base.yaml new file mode 100644 index 0000000..c8d36ee --- /dev/null +++ b/ice_validator/tests/fixtures/test_vf_module_index/fail/port/base.yaml @@ -0,0 +1,43 @@ +# -*- coding: utf8 -*- +# ============LICENSE_START==================================================== +# org.onap.vvp/validation-scripts +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the "License"); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the "License"); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +resources: + + vm_type_a_0_db_port_0: + type: OS::Neutron::Port + properties: + fixed_ips: + - ip_address: { get_param: [vm_type_a_db_v6_ips, { get_param: vf_module_index }] } diff --git a/ice_validator/tests/fixtures/test_vf_module_index/fail/server/base.yaml b/ice_validator/tests/fixtures/test_vf_module_index/fail/server/base.yaml new file mode 100644 index 0000000..bd89df1 --- /dev/null +++ b/ice_validator/tests/fixtures/test_vf_module_index/fail/server/base.yaml @@ -0,0 +1,46 @@ +# -*- coding: utf8 -*- +# ============LICENSE_START==================================================== +# org.onap.vvp/validation-scripts +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the "License"); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the "License"); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +resources: + vm_type_a_server_0: + type: OS::Nova::Server + properties: + name: { get_param: [vm_type_a_names, {get_param: vf_module_index}] } + flavor: { get_param: vm_type_a_flavor_name} + image: { get_param: vm_type_a_image_name} + metadata: + my_attribute: {get_param: environment_context} + diff --git a/ice_validator/tests/fixtures/test_vf_module_index/pass/base.yaml b/ice_validator/tests/fixtures/test_vf_module_index/pass/base.yaml new file mode 100644 index 0000000..708f1ab --- /dev/null +++ b/ice_validator/tests/fixtures/test_vf_module_index/pass/base.yaml @@ -0,0 +1,86 @@ +# -*- coding: utf8 -*- +# ============LICENSE_START==================================================== +# org.onap.vvp/validation-scripts +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the "License"); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the "License"); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +resources: + vm_type_a_server_0: + type: OS::Nova::Server + properties: + name: { get_param: [vm_type_a_names, 0] } + flavor: { get_param: vm_type_a_flavor_name} + image: { get_param: vm_type_a_image_name} + metadata: + my_attribute: {get_param: environment_context} + + vm_type_a_server_1: + type: OS::Nova::Server + properties: + name: { get_param: vm_type_a_name_0 } + flavor: { get_param: vm_type_a_flavor_name} + image: { get_param: vm_type_a_image_name} + metadata: + my_attribute: {get_param: environment_context} + + vm_type_a_0_db_port_0: + type: OS::Neutron::Port + properties: + fixed_ips: + - ip_address: { get_param: vm_type_a_db_v6_ip_0 } + + vm_type_a_0_int_db_port_0: + type: OS::Neutron::Port + properties: + fixed_ips: + - ip_address: { get_param: [vm_ips, {get_param: vf_module_index}] } + + vm_type_a_0_db_vmi_0_ip_0: + type: OS::ContrailV2::InstanceIp + properties: + instance_ip_address: { get_param: contrail_ip_0 } + + vm_type_a_0_db_vmi_0_ip_1: + type: OS::ContrailV2::InstanceIp + properties: + instance_ip_address: { get_param: [contrail_ips, 0] } + + vm_type_a_0_db_vmi_0_ip_2: + type: OS::ContrailV2::InstanceIp + properties: + instance_ip_address: { get_param: [contrail_ips, get_param: index] } + + vm_type_a_int_0_db_vmi_0_ip_0: + type: OS::ContrailV2::InstanceIp + properties: + instance_ip_address: { get_param: [contrail_ips, get_param: vf_module_index] } \ No newline at end of file diff --git a/ice_validator/tests/helpers.py b/ice_validator/tests/helpers.py index f4a368c..ec14bc0 100644 --- a/ice_validator/tests/helpers.py +++ b/ice_validator/tests/helpers.py @@ -255,6 +255,9 @@ def traverse(data, search_key, func, path=None): traverse(value, search_key, func, curr_path) elif value == search_key: func(curr_path, value) + elif search_key == data: + curr_path = path + [data] + func(curr_path, data) def check_indices(pattern, values, value_type): diff --git a/ice_validator/tests/test_vf_module_index.py b/ice_validator/tests/test_vf_module_index.py new file mode 100644 index 0000000..df27189 --- /dev/null +++ b/ice_validator/tests/test_vf_module_index.py @@ -0,0 +1,99 @@ +# -*- coding: utf8 -*- +# ============LICENSE_START==================================================== +# org.onap.vvp/validation-scripts +# =================================================================== +# Copyright © 2019 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the "License"); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the "License"); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +from tests.helpers import validates, traverse +from tests.structures import Heat + + +class Finder: + """ + If called sets found flag to True (used by traverse in uses_vf_module_index + """ + + def __init__(self): + self.found = False + + def __call__(self, path, value): + self.found = True + + +def uses_vf_module_index(prop_value): + """ + Returns True if prop_value uses vf_module_index, False otherwise + """ + finder = Finder() + traverse(prop_value, "vf_module_index", finder) + return finder.found + + +def check_vf_module_index_errors(yaml_file, resource_type, property): + """ + Finds all resources of resource_type where the property uses vf_module_index and + returns a set of all resource IDs that violate the condition. + """ + resources = Heat(yaml_file).get_resource_by_type(resource_type) + errors = set() + for r_id, resource in resources.items(): + if ( + resource_type in ("OS::Neutron::Port", "OS::ContrailV2::InstanceIp") + and "_int_" in r_id + ): + continue # rules do not apply to internal IPs + prop_value = resource.get("properties", {}).get(property) + if uses_vf_module_index(prop_value): + errors.add(r_id) + assert not errors, ( + "The following {} resources use " + "vf_module_index to look up the {} property, " + "but that is not supported: {}" + ).format(resource_type, property, ", ".join(errors)) + + +@validates("R-55307") +def test_no_vf_module_index_server_names(yaml_file): + check_vf_module_index_errors(yaml_file, "OS::Nova::Server", "name") + + +@validates("R-55307") +def test_no_vf_module_index_port_ips(yaml_file): + check_vf_module_index_errors(yaml_file, "OS::Neutron::Port", "fixed_ips") + + +@validates("R-55307") +def test_no_vf_module_index_contrail_ips(yaml_file): + check_vf_module_index_errors( + yaml_file, "OS::ContrailV2::InstanceIp", "instance_ip_address" + ) -- 2.16.6