|
Isolation based on Security Groups in Advance zone |
|
|
|
|
|
|
|
Hypervisor support: KVM Xen |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Testcase ID |
Testcase Description |
Steps |
Expected results |
Priority |
Type |
Automatable |
|
|
Create Zone |
|
|
|
|
|
|
1 |
Create Advance Zone SG enabled via API |
Create Advance Zone SG enabled using API |
zone creation should be successful. |
P0 |
Functional |
Y |
|
2 |
Create Advance Zone and enable SG via API |
1.Create Advance Zone using API |
zone creation should be successful. |
P0 |
Functional |
Y |
|
3 |
Create Advance Zone SG enabled via API |
1.Create Advance Zone SG enabled using API |
listZones Api should return zone with "securitygroupsenabled":true |
P0 |
Functional |
Y |
|
4 |
Create Advance zone (SG disabled) via API |
1.Create Advance Zone using API |
listZones Api should return zone with "securitygroupsenabled":false |
P0 |
Functional |
Y |
|
5 |
Create Advance zone SG enabled and Advance zone SG disabled using API |
1.Create Advance zone SG enabled and Advance zone SG disabled using API |
listZones Api should return only non-SG enabled Zones |
P0 |
Functional |
Y |
|
6 |
Check the triggered API calls by enabling &disabling the SG through UI |
1.triggered API calls by enabling &disabling the SG through UI |
Api call's should be triggered with valid values like when we enabled ,parameter should include securityenabled=true and when we disbale securityenabled=false parameter shoud include |
P0 |
Functional |
Y |
|
7 |
Check the Zone wizard for default value |
1.Click on Add Zone |
1.Check the default supported cluster as KVM |
|
Functional |
Y |
|
8 |
Create ADV zone SG enabled with more than 1 physical network |
Setup: |
1. make sure that default SG enabled shared network is present on PhysicalNetwork1(Nic1) |
P0 |
Functional |
Y |
|
|
|
|
|
|
|
|
|
|
Supported Hypervisor |
|
|
|
|
|
|
9 |
Create ADV Zone SG enabled HPV KVM |
1. Add Advance Zone with SG |
zone creation with HPV KVM should be successful. |
P0 |
Functional |
Y |
|
10 |
Create ADV Zone SG enabled HPV XEN |
1. Add Advance Zone with SG |
zone creation with HPV XEN should be successful. |
P0 |
Functional |
Y |
|
11 |
Create ADV Zone SG enabled HPV other than KVM or XEN |
1. Add Advance Zone with SG |
In zone creation, either there is no provision to create cluster with HPV other than KVM or XEN, or zone creation should fail with HPV other than KVM or XEN. |
P0 |
Functional |
Y |
|
12 |
Create ADV Zone SG enabled HPV XEN, launch zone. Create another cluster HPV other than KVM or XEN |
1. Add Advance Zone with SG |
After zone creation, either there is no provision to create cluster with HPV other than KVM or XEN, or zone creation should fail with HPV other than KVM or XEN. |
P0 |
Functional |
Y |
|
|
|
|
|
|
|
|
|
|
External Device unsupported |
|
|
|
|
|
|
13 |
ADV zone SG enabled external device F5 unsupported |
In ADV zone SG enabled, either there is no provision to add external device F5 or adding external device F5 fails |
In ADV zone SG enabled, either there is no provision to add external device F5 or adding external device F5 fails |
P0 |
Functional |
Y |
|
14 |
ADV zone SG enabled external device SRX unsupported |
In ADV zone SG enabled, either there is no provision to add external device SRX or adding external device SRX fails |
In ADV zone SG enabled, either there is no provision to add external device SRX or adding external device SRX fails |
P0 |
Functional |
Y |
|
15 |
ADV zone SG enabled external device netscaler unsupported |
In ADV zone SG enabled, either there is no provision to add external device netscaler or adding external device netscaler fails |
In ADV zone SG enabled, either there is no provision to add external device netscaler or adding external device netscaler fails |
P0 |
Functional |
Y |
|
16 |
Verify the Network service providers |
Check the Network service providers |
It should only show VR as supported provider |
P0 |
Functional |
Y |
|
|
VPC unsupported |
|
|
|
|
|
|
17 |
ADV zone SG enabled VPC unsupported |
In ADV zone SG enabled, either there is no provision to add VPC or adding VPC fails |
In ADV zone SG enabled, either there is no provision to add VPC or adding VPC fails |
P0 |
Functional |
Y |
|
|
Create shared SG enabled Networks |
|
|
|
|
|
|
18 |
In multiple ADV zones SG enabled create 1 SG enabled zone wide network |
1. Create 3 ADV zone SG enabled |
In each ADV zone SG enabled shared zone wide network added |
P0 |
Functional |
Y |
|
19 |
create 1 SG enabled account specific network |
1. In ADV zone SG enabled, create : |
In ADV zone SG enabled shared account specific networks added |
P0 |
Functional |
Y |
|
20 |
create 1 SG enabled domain wide network with subdomain access set to true |
1. In ADV zone SG enabled, create : |
In ADV zone SG enabled shared domain wide networks added |
P0 |
Functional |
Y |
|
21 |
In multiple ADV zones SG enabled add multiple SG enabled zone wide network same vlan same subnet |
1. Create 3 ADV zones SG enabled |
In each ADV zone SG enabled multiple shared zone wide networks added |
P0 |
Functional |
Y |
|
22 |
add multiple SG enabled account specific networks same vlan same subnet |
1. In ADV zone 1 SG enabled, create : |
In ADV zone SG enabled shared account specific networks added |
P0 |
Functional |
Y |
|
23 |
add multiple shared domain wide networks with subdomain access set to true for domain same vlan same subnet |
1. In ADV zone 1 SG enabled, create : |
In ADV zone SG enabled shared domain wide networks added |
P0 |
Functional |
Y |
|
24 |
Extend IP range for existing SG enabled zone wide network for several times (with in the same subnet) when all the IPs in 1 SG network are consumed and deploy a VM |
1. In SG enabled zone wide network deploy VMs to consume all Ips. |
extend IP range in same subnet & deploy VMs several times succeed |
P0 |
Functional |
Y |
|
25 |
Extend IP range for existing SG enabled domain wide network for several times (with in the same subnet) when all the IPs in 1 SG network are consumed and deploy a VM |
1. In SG enabled domain wide network deploy VMs to consume all Ips. |
extend IP range in same subnet & deploy VMs several times succeed |
P0 |
Functional |
Y |
|
26 |
Extend IP range for existing SG enabled account specific network for several times (with in the same subnet) when all the IPs in 1 SG network are consumed and deploy a VM |
1. In SG enabled account specific network deploy VMs to consume all Ips. |
extend IP range in same subnet & deploy VMs several times succeed |
P0 |
Functional |
Y |
|
27 |
Extend IP range for existing multiple shared SG enabled account specific networks for several times (with in the same subnet) when all the IPs in all SG networks are consumed and deploy a VM |
1. In SG enabled account specific network deploy VMs to consume all Ips. |
extend IP range in same subnet & deploy VMs several times succeed |
P0 |
Functional |
Y |
|
28 |
delete one of the IP range while not in use in SG enabled zone wide network |
In SG enabled zone wide network with multiple IP ranges & no VMs in network, delete one of the IP range |
delete one of the IP range while not in use in SG enabled zone wide network succeed |
P0 |
Functional |
Y |
|
29 |
delete one of the IP range while not in use in SG enabled domain wide network |
In SG enabled domain wide network with multiple IP ranges & no VMs in network, delete one of the IP range |
delete one of the IP range while not in use in SG enabled domain wide network succeed |
P0 |
Functional |
Y |
|
30 |
delete one of the IP range while not in use in SG enabled account specific network |
In SG enabled account specific network with multiple IP ranges & no VMs in network, delete one of the IP range |
delete one of the IP range while not in use in SG enabled account specific network succeed |
P0 |
Functional |
Y |
|
31 |
delete one of the IP range while in use in SG enabled zone wide network |
In SG enabled zone wide network with multiple IP ranges & VMs in IP range of network, delete one of the IP range with VMs. |
delete one of the IP range while in use by VMs in SG enabled zone wide network fail |
P0 |
Functional |
Y |
|
32 |
delete one of the IP range while in use in SG enabled domain wide network |
In SG enabled domain wide network with multiple IP ranges & VMs in IP range of network, delete one of the IP range with VMs. |
delete one of the IP range while in use by VMs in SG enabled domain wide network fail |
P0 |
Functional |
Y |
|
33 |
delete one of the IP range while in use in SG enabled account specific network |
In SG enabled account specific network with multiple IP ranges & VMs in IP range of network, delete one of the IP range with VMs. |
delete one of the IP range while in use by VMs in SG enabled account specific network fail |
P0 |
Functional |
Y |
|
34 |
delete SG zone wide network while in use |
In SG enabled zone wide network with multiple IP ranges & VMs in IP range of network, delete network |
delete zone wide network while in use by VMs fail 431 The IP range can't be deleted because it has allocated public IP addresses. |
P0 |
Functional |
Y |
|
35 |
delete SG domain wide network while in use |
In SG enabled domain wide network with multiple IP ranges & VMs in IP range of network, delete network |
delete domain wide network while in use by VMs fail |
P0 |
Functional |
Y |
|
36 |
delete SG account specific network while in use |
In SG enabled account specific network with multiple IP ranges & VMs in IP range of network, delete network |
delete account specific network while in use by VMs fail |
P0 |
Functional |
Y |
|
37 |
delete SG zone wide network when there are no VMs |
delete SG zone wide network when there are no VMs |
delete SG zone wide network when there are no VMs succeed |
P0 |
Functional |
Y |
|
38 |
delete SG domain wide network when there are no VMs |
delete SG domain wide network when there are no VMs |
delete SG domain wide network when there are no VMs succeed |
P0 |
Functional |
Y |
|
39 |
delete SG account specific network when there are no VMs |
delete SG account specific network when there are no VMs |
delete SG account specific network when there are no VMs succeed |
P0 |
Functional |
Y |
|
40 |
ADV zone SG enabled isolate networks not supported |
In ADV zone 1 SG enabled, no provision to add isolate network |
In ADV zone 1 SG enabled, no provision to add isolate network |
P0 |
Functional |
Y |
|
41 |
ADV zone SG enabled VPC networks not supported |
In ADV zone 1 SG enabled, add VPC network |
In ADV zone 1 SG enabled, add VPC network fail |
P0 |
Functional |
Y |
|
42 |
ADV zone SG enabled, only admin allowed to create guest networks |
1. Create Advance zone SG enabled |
3. domain admin cannot Add guest network even via API. |
P0 |
Functional |
Y |
|
43 |
Admin allowed to add a Shared Network SG enabled with a Vlan Id that is already associated with another Shared network SG enabled. |
1.As Admin, create a shared network SG enabled with vlan id say 123 |
User should be allowed to create this network. |
P1 |
Functional |
Y |
|
44 |
Admin not allowed to add a Shared Network SG enabled without specifying a Vlan Id ,Guest Gateway,Guest Netmask,Guest start IP,Guest End IP |
1.As Admin, create a shared network SG enabled with out specifying Vlan Id ,Guest Gateway,Guest Netmask,Guest start IP,Guest End IP |
User should not be allowed to create this network.He should be forced to add all the required values.Following error message is presented to the user "StartIp/endIp/gateway/netmask are required when create network of type Shared and network of type Isolated with service SourceNat disabled" |
P1 |
Functional |
Y |
|
45 |
Admin allowed to add a Shared Network SG enabled with a Vlan Id that is already associated with Zone vlan |
1.As Admin, create a shared network by providing a vlan that is part of Zone Vlan. |
User should be allowed to create this network. |
P1 |
Functional |
Y |
|
|
VM Operations |
|
|
|
|
|
|
46 |
DeployVM on Adv zone SG enabled shared nw in with more than 1 physical network. |
1. ADV zone SG enabled |
1. make sure that shared GuestNetwork is present on PhysicalNetwork0(Nic0) 2. VM deployment should be successful without any issues and the communication is fine. |
P3 |
Functional |
Y |
|
47 |
Update the Traffic label and deploy the VM |
Setup: |
4. make sure that shared GuestNetwork is present on PhysicalNetwork0(Nic0) 5. VM deployment should be successful without any issues and the communication is fine. |
P3 |
Functional |
Y |
|
48 |
ADV zone SG enabled multiple shared nw zone wide, Only Users in any account of any domain in that zone allowed to deploy VMs to that shared nw |
1. Create ADV zone 1 SG enabled , ADV zone 2 SG enabled |
3. shared networks zone wide nw1 nw2 created |
P1 |
Functional |
Y |
|
49 |
ADV zone SG enabled multiple account specific network, Only Users in that account allowed to deploy VMs to that network |
1. Create ADV zone SG enabled |
3. shared networks account specific nw1 nw2 nw3 added |
P1 |
Functional |
Y |
|
50 |
ADV zone SG enabled multiple shared nw domain wide, Only Users in accounts of that domain allowed to deploy VMs to that shared nw |
1. Create ADV zone SG enabled |
3. shared networks domain wide nw1 nw2 nw3 added |
P1 |
Functional |
Y |
|
51 |
In advance zone SG enabled, delete account which has shared networks scope account |
1. Create Advance zone SG enabled |
3. 3 guest netoworks for account d1domainA added |
P1 |
Functional |
Y |
|
52 |
deploy VM when all the IPs are consumed in 1 zone wide network |
deploy VM when all the IPs are consumed in 1 zone wide network |
deploy VM when all the IPs are consumed in 1 zone wide network fail |
P1 |
Functional |
Y |
|
53 |
deploy VM when all the IPs are consumed in 1 domain wide network |
deploy VM when all the IPs are consumed in 1 domain wide network |
deploy VM when all the IPs are consumed in 1 domain wide network fail |
P1 |
Functional |
Y |
|
54 |
deploy VM when all the IPs are consumed in 1 account specific network |
deploy VM when all the IPs are consumed in 1account specific network |
deploy VM when all the IPs are consumed in 1 account specific network fail |
P1 |
Functional |
Y |
|
55 |
deployVM with more than 1 SG enabled zone wide network list |
deployVM with more than 1 SG enabled zone wide network list |
error 431 Only support one zone wide network per VM if security group enabled |
P1 |
Functional |
Y |
|
56 |
deploy Multiple VMs using different SG enabled network but using the same security group |
deploy Multiple VMs using different SG enabled network but using the same security group |
|
P2 |
Functional |
Y |
|
57 |
destroy a VM when all the Ips in zone wide network are consumed and deploy a VM |
destroy a VM when all the Ips in zone wide network are consumed and deploy a VM |
destroy a VM when all the Ips in zone wide network are consumed and deploy a VM sould succeed |
P1 |
Functional |
Y |
|
58 |
DeployVM with default SG |
Setup |
VM deployment should be successful |
P1 |
Functional |
Y |
|
58 |
DeployVM with default SG & shared network |
Setup |
VM deployment should be successful |
P1 |
Functional |
Y |
|
59 |
DeployVM with CustomSG with shared network |
Setup |
VM deployment should be successful |
P2 |
Functional |
Y |
|
60 |
Deploy VM with more than 1 Nic connected to SG through API/UI |
Setup |
its should fail and shows error messge like "errortext":"Only support one network per VM if security group enabled" |
P2 |
Functional |
Y |
|
61 |
Deploy VM with more than 1 Nic with shared through API/UI |
|
VM deployement should be successful |
P2 |
Functional |
Y |
|
62 |
Stop &Start the VMs |
Set up: |
VM should be Up and running ,all the rules existing rules should programmed cirrectly |
P1 |
Functional |
Y |
|
63 |
Reboot the VMS |
Set up: |
VM should be Up and running ,all the rules existing rules should programmed cirrectly |
P1 |
Functional |
Y |
|
64 |
Destroy and restore VM |
Set up: |
VM should be Up and running ,all the rules existing rules should programmed cirrectly |
P1 |
Functional |
Y |
|
65 |
Destroy and Expunge VM |
Set up: |
All the rules belongs to expunged VM should be removed/free |
P1 |
Functional |
Y |
|
66 |
upgrade default SG enable network offering |
Set up: |
It should fail with proper error message |
P1 |
Functional |
Y |
|
67 |
migrateVM that has nic connect to SG enabled network |
Set up: |
VM migrations should be successful.if it not supported then Message should be clear. |
P1 |
Functional |
Y |
|
68 |
Migrate VM of account specific network from 1 host to another & verify SG rule re-programming |
Migrate VM of account specific network from 1 host to another & verify SG rule re-programming |
Migrate VM of account specific networks successful |
P1 |
Functional |
Y |
|
69 |
Migrate VM of domain wide network from 1 host to another & verify SG rule re-programming |
Migrate VM of domain wide network from 1 host to another & verify SG rule re-programming |
Migrate VM of domain wide networks successful |
P1 |
Functional |
Y |
|
70 |
Migrate VM of zone wide network from 1 host to another & verify SG rule re-programming |
Migrate VM of zone wide network from 1 host to another & verify SG rule re-programming |
Migrate VM of zone wide networks successful |
P1 |
Functional |
Y |
|
71 |
Check creation of default SG enable network without VLAN |
Check creation of default SG enable network without VLAN |
Creation shoud be failed with proper error message |
P1 |
Functional |
Y |
|
72 |
Delete the default security groups |
Set up: |
Delete SG group should be successful if no VMS asiiocated with default SG |
P1 |
Functional |
Y |
|
73 |
Check systemVM have a NIC in the Shared SG network, |
create Advanace Zone with SG enble |
System Vms should up and running |
P1 |
Functional |
Y |
|
74 |
Verify the Network service providers |
Check the Network service providers |
It should only show VR as supported provider |
P1 |
Functional |
Y |
|
|
|
|
|
|
|
|
|
|
shared networks operation |
|
|
|
|
|
|
75 |
ADV zone SG enabled, restart multiple account specific networks, restart VR |
Restart multiple account specific networks |
Restart shared network account specific networks successful |
P1 |
Functional |
Y |
|
76 |
ADV zone SG enabled, restart multiple domain wide, restart VR |
Restart multiple domain wide networks |
Restart shared network domain wide networks successful |
P1 |
Functional |
Y |
|
77 |
ADV zone SG enabled, restart multiple zone wide networks, restart VR |
Restart multiple zone wide networks |
Restart shared network zone wide networks successful |
P1 |
Functional |
Y |
|
78 |
verify Security Group rules programming of VMs of account specific networks when the host is put in maintenance. Verfiy after host restart. |
verify Security Group rules programming of VMs of account specific networks when the host is put in maintenance |
|
P1 |
Sanity |
Y |
|
79 |
verify Security Group rules programming of VMs of zone wide networks when the host is put in maintenance. Verfiy after host restart. |
verify Security Group rules programming of VMs of zone wide networks when the host is put in maintenance |
|
P1 |
Sanity |
Y |
|
80 |
verify Security Group rules programming of VMs of domain wide networks when the host is put in maintenance. Verfiy after host restart. |
verify Security Group rules programming of VMs of domain wide networks when the host is put in maintenance |
|
P1 |
Sanity |
Y |
|
|
|
|
|
|
|
|
|
|
Basic Sanity ON security Grpups |
|
|
|
|
|
|
81 |
Deploy a VM without passing any Security Groups |
1.To the default security group, Add a TCP ingress rule for a port range (22-80) for any ipaddress (cidr1). |
1. VM should be deployed as part of default security group. |
P1 |
Sanity |
Y |
|
82 |
Deploy a VM by passing a Security Group. |
1.To the default security group, Add a TCP ingress rule for a port range (22-80) for any ipaddress (cidr1). |
1. VM should be deployed as part of only SG1 not default security group. |
P1 |
Sanity |
Y |
|
83 |
Deploy a VM by passing a list of Security Groups. |
1. Create a Security Group SG1. |
1. VM should be deployed as part of all 3 SG rules. |
P1 |
Sanity |
Y |
|
|
CIDR based Ingress rules |
|
|
|
|
|
|
84 |
Deploy a VM in a Security group which has an ingress rule that allows TCP protocols for a port range for a cidr. |
1.Create a Security Group SG1. |
1. VM deployment should succeed. |
P1 |
Sanity |
Y |
|
85 |
Deploy a VM in a Security group which has an ingress rule that allows ICMP protocols for -1 type and -1 code for a cidr. |
1.Create a Security Group SG1. |
1. VM deployment should succeed. |
P1 |
Sanity |
Y |
|
86 |
Deploy few Vms in a Security group which has an ingress rule that allows TCP protocols for cidr1. |
1.Create a Security Group SG1. |
Before Step4: |
P1 |
Sanity |
Y |
|
87 |
Deploy few Vms in a Security group which has an ingress rule that allows TCP protocols for cidr1. |
1.Create a Security Group SG1. |
Before Step4: |
P1 |
Sanity |
Y |
|
88 |
Deploy few Vms in a Security group which has an ingress rule that allows TCP protocols for cidr1 and cidr2. |
1.Create a Security Group SG1. |
Before Step4: |
P1 |
Sanity |
Y |
|
89 |
Deploy few Vms in a Security group which has an ingress rule that allows ICMP protocols for cidr1 and cidr2. |
1.Create a Security Group SG1. |
Before Step4: |
P1 |
Sanity |
Y |
|
90 |
Deploy a VM by passing a list of Security Groups each of which has ingress rule that allows TCP for cidr. Add ingress rule to each Security Group to allow ICMP for cidr. |
1. Create SG1. Add TCP ingress rule port range (22-80) for any ipaddress (cidr1). |
4. VM should be deployed as part of all 3 SG rules & accessible from cidr1,cidr2 and cidr3. |
P1 |
Sanity |
Y |
|
91 |
Add Ingress rules when the VM is in stopped state. |
1.Create a Security Group SG1. |
As part of starting the VM , we should see the iptable rules being reprogrammed. |
P1 |
Sanity |
Y |
|
92 |
Delete an Ingress rules when the VM is in stopped state. |
1.Create a Security Group SG1. |
Before Step4: |
P1 |
Sanity |
Y |
|
|
Account based ingress rules |
|
|
|
|
|
|
93 |
Deploy a VM in a Security group which has an ingress rule that allows TCP protocols for a port range for another Security Group - SG2. |
1. Deploy few Vms in Security Group - SG2. |
VM should get deployed successfully. |
P1 |
Sanity |
Y |
|
94 |
VM should be accessible using their vm name from any other VM. |
1. Deploy few VM in Security Group - SG2. |
VM should get deployed successfully. |
P1 |
Sanity |
Y |
|
95 |
Deploy a VM in a Security group which has an ingress rule that allows ICMP protocols for a port range for another Security Group - SG2. |
1. Deploy few Vms in Security Group - SG2. |
VM should get deployed successfully. |
P1 |
Sanity |
Y |
|
96 |
Deploy a VM in a SG that is allowed Ingress access to another Security Group. |
Pre-Red: |
This should result in the new VM's ipaddress being added to the ingress chain of all the Vms that are part of SG1. |
P1 |
Sanity |
Y |
|
97 |
Deploy VM in multiple Sgs each of which is allowed Ingress access to another Security Group. |
Pre-Red: |
This should result in new VM's ipaddress being added to ingress chain of all the Vms that are part of SG1 SG3 SG5 |
P1 |
Sanity |
Y |
|
98 |
Stop a VM that is in a SG that is allowed Ingress access to another Security Group. |
Pre-Red: |
This should result in the stopped VM's ipaddress being removed from the ingress chain of all the Vms that are part of SG1. |
P1 |
Sanity |
Y |
|
99 |
Stop and Start a VM that is in a SG that is allowed Ingress access to another Security Group. |
Pre-Red: |
After Step1: |
P1 |
Sanity |
Y |
|
100 |
Destroy a VM that is in a SG that is allowed Ingress access to another Security Group. |
Pre-Red: |
This should result in the destroyed VM's ipaddress being removed from the ingress chain of all the Vms that are part of SG1. |
P1 |
Sanity |
Y |
|
101 |
Destroy a VM in SG that is allowed Ingress access to multiple Sgs. |
Pre-Red: |
This should result in the destroyed VM's ipaddress being removed from the ingress chain of all the Vms that are part of SG1 SG3 SG4 |
P1 |
Sanity |
Y |
|
102 |
Restore a destroyed VM that is in a SG that is allowed Ingress access to another Security Group. |
Pre-Red: |
After Step1: |
P1 |
Sanity |
Y |
|
103 |
Reboot a VM that is in a SG that is allowed Ingress access to another Security Group. |
Pre-Red: |
After Reboot is successful: |
P1 |
Sanity |
Y |
|
|
CIDR based Ingress rules |
|
|
|
|
|
|
104 |
Deploy a VM in a Security group which has NO egress rules. |
1.Create a Security Group SG1. |
1. VM deployment should succeed. |
P1 |
Sanity |
Y |
|
105 |
Deploy a VM in a Security group which has an egress rule that allows TCP protocols for a port range for a cidr. |
1.Create a Security Group SG1. |
1. VM deployment should succeed. |
P1 |
Sanity |
Y |
|
106 |
Deploy a VM in a Security group which has an egress rule that allows ICMP protocols for 1 type and 1 code for a cidr. |
1.Create a Security Group SG1. |
1. VM deployment should succeed. |
P1 |
Sanity |
Y |
|
107 |
Deploy few Vms in a Security group which has an egress rule that allows TCP protocols for cidr1. |
1.Create a Security Group SG1. |
Before Step4: |
P1 |
Sanity |
Y |
|
108 |
Deploy few Vms in a Security group which has an egress rule that allows TCP protocols for cidr1. |
1.Create a Security Group SG1. |
Before Step4: |
P1 |
Sanity |
Y |
|
109 |
Deploy few Vms in a Security group which has an egress rule that allows TCP protocols for cidr1 and cidr2. |
1.Create a Security Group SG1. |
|
P1 |
Sanity |
Y |
|
106 |
Deploy a VM by passing a list of Security Groups each of which has egress rule that allows TCP for cidr. Add egress rule to each Security Group to allow ICMP for cidr. |
1. Create SG1. Add TCP egress rule port range (22-80) for any ipaddress (cidr1). |
4. VM should be deployed as part of all 3 SG rules. From this VM able to access cidr1,cidr2 and cidr3. |
P1 |
Sanity |
Y |
|
111 |
Deploy few Vms in a Security group which has an egress rule that allows ICMP protocols for cidr1 and cidr2. |
1.Create a Security Group SG1. |
Before Step4: |
P1 |
Sanity |
Y |
|
112 |
Add egress rules when the VM is in stopped state. |
1.Create a Security Group SG1. |
As part of starting the VM , we should see the iptable rules being reprogrammed. |
P1 |
Sanity |
Y |
|
113 |
Delete an egress rules when the VM is in stopped state. |
1.Create a Security Group SG1. |
Before Step4: |
P1 |
Sanity |
Y |
|
|
CIDR based egress rules |
|
|
|
|
|
|
114 |
Deploy a VM in a Security group which has NO egress rules. |
1.Create a Security Group SG1. |
1. VM deployment should succeed. |
P1 |
Sanity |
Y |
|
115 |
Deploy a VM in a Security group which has an egress rule that allows TCP protocols for a port range for a cidr. |
1.Create a Security Group SG1. |
1. VM deployment should succeed. |
P1 |
Sanity |
Y |
|
116 |
Deploy a VM in a Security group which has an egress rule that allows ICMP protocols for 1 type and 1 code for a cidr. |
1.Create a Security Group SG1. |
1. VM deployment should succeed. |
P1 |
Sanity |
Y |
|
117 |
Deploy few Vms in a Security group which has an egress rule that allows TCP protocols for cidr1. |
1.Create a Security Group SG1. |
Before Step4: |
P1 |
Sanity |
Y |
|
118 |
Deploy few Vms in a Security group which has an egress rule that allows TCP protocols for cidr1. |
1.Create a Security Group SG1. |
Before Step4: |
P1 |
Sanity |
Y |
|
119 |
Deploy few Vms in a Security group which has an egress rule that allows TCP protocols for cidr1 and cidr2. |
1.Create a Security Group SG1. |
|
P1 |
Sanity |
Y |
|
120 |
Deploy a VM by passing a list of Security Groups each of which has egress rule that allows TCP for cidr. Add egress rule to each Security Group to allow ICMP for cidr. |
1. Create SG1. Add TCP egress rule port range (22-80) for any ipaddress (cidr1). |
4. VM should be deployed as part of all 3 SG rules. From this VM able to access cidr1,cidr2 and cidr3. |
P1 |
Sanity |
Y |
|
121 |
Deploy few Vms in a Security group which has an egress rule that allows ICMP protocols for cidr1 and cidr2. |
1.Create a Security Group SG1. |
Before Step4: |
P1 |
Sanity |
Y |
|
122 |
Add egress rules when the VM is in stopped state. |
1.Create a Security Group SG1. |
As part of starting the VM , we should see the iptable rules being reprogrammed. |
P1 |
Sanity |
Y |
|
123 |
Delete an egress rules when the VM is in stopped state. |
1.Create a Security Group SG1. |
Before Step4: |
P1 |
Sanity |
Y |
|
|
Account based egress rules |
|
|
|
|
|
|
124 |
Deploy a VM in a Security group which has an egress rule that allows TCP protocols for a port range for another Security Group - SG2. |
1. Deploy few Vms in Security Group - SG2 that has a TCP ingress rules that allows port 22-80 for SG1. |
VM should get deployed successfully. |
P1 |
Sanity |
Y |
|
125 |
Deploy a VM in a Security group which has an egress rule that allows ICMP protocols for another Security Group - SG2. |
1. Deploy few Vms in Security Group - SG2 that has a ICMP ingress rules that allows SG2. |
VM should get deployed successfully. |
P1 |
Sanity |
Y |
|
126 |
Deploy a VM in a SG that is allowed egress access to another Security Group. |
Pre-Red: |
This should result in the new VM's ipaddress being added to the egress chain of all the Vms that are part of SG1. |
P1 |
Sanity |
Y |
|
127 |
Deploy VM in multiple SGs each of which is allowed egress access to another Security Group. |
Pre-Red: |
This should result in new VM's ipaddress being added to ingress chain of all the Vms that are part of SG1 SG3 SG5 |
P1 |
Sanity |
Y |
|
128 |
Stop a VM that is in a SG that is allowed egress access to another Security Group. |
Pre-Red: |
This should result in the stopped VM's ipaddress being removed from the egress chain of all the Vms that are part of SG1. |
P1 |
Sanity |
Y |
|
129 |
Stop and Start a VM that is in a SG that is allowed egress access to another Security Group. |
Pre-Red: |
After Step1: |
P1 |
Sanity |
Y |
|
130 |
Destroy a VM that is in a SG that is allowed egress access to another Security Group. |
Pre-Red: |
This should result in the destroyed VM's ipaddress being removed from the egress chain of all the Vms that are part of SG1. |
P1 |
Sanity |
Y |
|
131 |
Restore a destroyed VM that is in a SG that is allowed egress access to another Security Group. |
Pre-Red: |
After Step1: |
P1 |
Sanity |
Y |
|
132 |
Reboot a VM that is in a SG that is allowed egress access to another Security Group. |
Pre-Red: |
After Reboot is successful: |
P1 |
Sanity |
Y |
|
133 |
Deploy a VM in a Security group that allows for all Vms with in the Security Group to communicate with each other |
1. Create a Security Group SG1 that has a TCP ingress rules that allows port 22-80 for SG1. |
VM should get deployed successfully. |
P1 |
Sanity |
Y |
|
134 |
Deploy a VM in a Security group that allows for all Vms with in the Security Group to communicate with each other. This Security Group should also have restricted egress access to few other cidrs. |
1. Create a Security Group SG1 that has a TCP ingress rules that allows port 22-80 for SG1. |
After Step2: |
P1 |
Sanity |
Y |
|
|
Upgrade |
|
|
|
|
|
|
135 |
Upgrade from 2.2.14(Advance zone with SG)to 3.0.x(campo) |
1.Install 2.2.14 GA build |
#Check that all Vms(including System Vms) are still functioning and can access the network. |
P1 |
Functional |
Y |
|
136 |
Upgrade from 3.0.5 advance zone to campo |
1.Install 3.0.5 GA build |
#Check that all Vms(including System Vms) are still functioning and can access the network. |
P1 |
Functional |
Y |
|
137 |
Upgrade from 3.0.6 advance zone to campo |
1.Install 3.0.6 GA build |
#Check that all Vms(including System Vms) are still functioning and can access the network. |
P1 |
Functional |
Y |
Labels parameters |