github.com/altoros/juju-vmware@v0.0.0-20150312064031-f19ae857ccca/apiserver/firewaller/firewaller_test.go (about) 1 // Copyright 2014 Canonical Ltd. 2 // Licensed under the AGPLv3, see LICENCE file for details. 3 4 package firewaller_test 5 6 import ( 7 "github.com/juju/names" 8 jc "github.com/juju/testing/checkers" 9 gc "gopkg.in/check.v1" 10 11 "github.com/juju/juju/apiserver/common" 12 commontesting "github.com/juju/juju/apiserver/common/testing" 13 "github.com/juju/juju/apiserver/firewaller" 14 "github.com/juju/juju/apiserver/params" 15 apiservertesting "github.com/juju/juju/apiserver/testing" 16 "github.com/juju/juju/network" 17 "github.com/juju/juju/state" 18 statetesting "github.com/juju/juju/state/testing" 19 ) 20 21 type firewallerSuite struct { 22 firewallerBaseSuite 23 *commontesting.EnvironWatcherTest 24 25 firewaller *firewaller.FirewallerAPI 26 } 27 28 var _ = gc.Suite(&firewallerSuite{}) 29 30 func (s *firewallerSuite) SetUpTest(c *gc.C) { 31 s.firewallerBaseSuite.setUpTest(c) 32 33 // Create a firewaller API for the machine. 34 firewallerAPI, err := firewaller.NewFirewallerAPI( 35 s.State, 36 s.resources, 37 s.authorizer, 38 ) 39 c.Assert(err, jc.ErrorIsNil) 40 s.firewaller = firewallerAPI 41 s.EnvironWatcherTest = commontesting.NewEnvironWatcherTest(s.firewaller, s.State, s.resources, commontesting.HasSecrets) 42 } 43 44 func (s *firewallerSuite) TestFirewallerFailsWithNonEnvironManagerUser(c *gc.C) { 45 constructor := func(st *state.State, res *common.Resources, auth common.Authorizer) error { 46 _, err := firewaller.NewFirewallerAPI(st, res, auth) 47 return err 48 } 49 s.testFirewallerFailsWithNonEnvironManagerUser(c, constructor) 50 } 51 52 func (s *firewallerSuite) TestLife(c *gc.C) { 53 s.testLife(c, s.firewaller) 54 } 55 56 func (s *firewallerSuite) TestInstanceId(c *gc.C) { 57 s.testInstanceId(c, s.firewaller) 58 } 59 60 func (s *firewallerSuite) TestWatchEnvironMachines(c *gc.C) { 61 s.testWatchEnvironMachines(c, s.firewaller) 62 } 63 64 func (s *firewallerSuite) TestWatch(c *gc.C) { 65 s.testWatch(c, s.firewaller, cannotWatchUnits) 66 } 67 68 func (s *firewallerSuite) TestWatchUnits(c *gc.C) { 69 s.testWatchUnits(c, s.firewaller) 70 } 71 72 func (s *firewallerSuite) TestGetExposed(c *gc.C) { 73 s.testGetExposed(c, s.firewaller) 74 } 75 76 func (s *firewallerSuite) TestOpenedPortsNotImplemented(c *gc.C) { 77 apiservertesting.AssertNotImplemented(c, s.firewaller, "OpenedPorts") 78 } 79 80 func (s *firewallerSuite) TestGetAssignedMachine(c *gc.C) { 81 s.testGetAssignedMachine(c, s.firewaller) 82 } 83 84 func (s *firewallerSuite) openPorts(c *gc.C) { 85 // Open some ports on the units. 86 err := s.units[0].OpenPorts("tcp", 1234, 1400) 87 c.Assert(err, jc.ErrorIsNil) 88 err = s.units[0].OpenPort("tcp", 4321) 89 c.Assert(err, jc.ErrorIsNil) 90 err = s.units[2].OpenPorts("udp", 1111, 2222) 91 c.Assert(err, jc.ErrorIsNil) 92 } 93 94 func (s *firewallerSuite) TestWatchOpenedPorts(c *gc.C) { 95 c.Assert(s.resources.Count(), gc.Equals, 0) 96 97 s.openPorts(c) 98 expectChanges := []string{ 99 "0:juju-public", 100 "2:juju-public", 101 } 102 103 fakeEnvTag := names.NewEnvironTag("deadbeef-deaf-face-feed-0123456789ab") 104 args := addFakeEntities(params.Entities{Entities: []params.Entity{ 105 {Tag: fakeEnvTag.String()}, 106 {Tag: s.machines[0].Tag().String()}, 107 {Tag: s.service.Tag().String()}, 108 {Tag: s.units[0].Tag().String()}, 109 }}) 110 result, err := s.firewaller.WatchOpenedPorts(args) 111 c.Assert(err, jc.ErrorIsNil) 112 c.Assert(result, jc.DeepEquals, params.StringsWatchResults{ 113 Results: []params.StringsWatchResult{ 114 {Changes: expectChanges, StringsWatcherId: "1"}, 115 {Error: apiservertesting.ErrUnauthorized}, 116 {Error: apiservertesting.ErrUnauthorized}, 117 {Error: apiservertesting.ErrUnauthorized}, 118 {Error: apiservertesting.ErrUnauthorized}, 119 {Error: apiservertesting.ErrUnauthorized}, 120 {Error: apiservertesting.ErrUnauthorized}, 121 {Error: apiservertesting.ErrUnauthorized}, 122 {Error: apiservertesting.ErrUnauthorized}, 123 {Error: apiservertesting.ErrUnauthorized}, 124 }, 125 }) 126 127 // Verify the resource was registered and stop when done 128 c.Assert(s.resources.Count(), gc.Equals, 1) 129 c.Assert(result.Results[0].StringsWatcherId, gc.Equals, "1") 130 resource := s.resources.Get("1") 131 defer statetesting.AssertStop(c, resource) 132 133 // Check that the Watch has consumed the initial event ("returned" in 134 // the Watch call) 135 wc := statetesting.NewStringsWatcherC(c, s.State, resource.(state.StringsWatcher)) 136 wc.AssertNoChange() 137 } 138 139 func (s *firewallerSuite) TestGetMachinePorts(c *gc.C) { 140 s.openPorts(c) 141 142 networkTag := names.NewNetworkTag(network.DefaultPublic).String() 143 args := params.MachinePortsParams{ 144 Params: []params.MachinePorts{ 145 {MachineTag: s.machines[0].Tag().String(), NetworkTag: networkTag}, 146 {MachineTag: s.machines[1].Tag().String(), NetworkTag: networkTag}, 147 {MachineTag: s.machines[2].Tag().String(), NetworkTag: networkTag}, 148 {MachineTag: s.machines[0].Tag().String(), NetworkTag: "invalid"}, 149 {MachineTag: "machine-42", NetworkTag: networkTag}, 150 {MachineTag: s.machines[0].Tag().String(), NetworkTag: "network-missing"}, 151 }, 152 } 153 unit0Tag := s.units[0].Tag().String() 154 expectPortsMachine0 := []params.MachinePortRange{ 155 {UnitTag: unit0Tag, PortRange: network.PortRange{ 156 FromPort: 1234, ToPort: 1400, Protocol: "tcp", 157 }}, 158 {UnitTag: unit0Tag, PortRange: network.PortRange{ 159 FromPort: 4321, ToPort: 4321, Protocol: "tcp", 160 }}, 161 } 162 unit2Tag := s.units[2].Tag().String() 163 expectPortsMachine2 := []params.MachinePortRange{ 164 {UnitTag: unit2Tag, PortRange: network.PortRange{ 165 FromPort: 1111, ToPort: 2222, Protocol: "udp", 166 }}, 167 } 168 result, err := s.firewaller.GetMachinePorts(args) 169 c.Assert(err, jc.ErrorIsNil) 170 c.Assert(result, jc.DeepEquals, params.MachinePortsResults{ 171 Results: []params.MachinePortsResult{ 172 {Ports: expectPortsMachine0}, 173 {Error: nil, Ports: nil}, 174 {Ports: expectPortsMachine2}, 175 {Error: apiservertesting.ErrUnauthorized}, 176 {Error: apiservertesting.NotFoundError("machine 42")}, 177 {Error: nil, Ports: nil}, 178 }, 179 }) 180 181 } 182 183 func (s *firewallerSuite) TestGetMachineActiveNetworks(c *gc.C) { 184 s.openPorts(c) 185 186 args := addFakeEntities(params.Entities{Entities: []params.Entity{ 187 {Tag: s.machines[0].Tag().String()}, 188 {Tag: s.machines[1].Tag().String()}, 189 {Tag: s.machines[2].Tag().String()}, 190 {Tag: s.service.Tag().String()}, 191 {Tag: s.units[0].Tag().String()}, 192 }}) 193 networkTag := names.NewNetworkTag(network.DefaultPublic) 194 expectResults := []string{networkTag.String()} 195 result, err := s.firewaller.GetMachineActiveNetworks(args) 196 c.Assert(err, jc.ErrorIsNil) 197 c.Assert(result, jc.DeepEquals, params.StringsResults{ 198 Results: []params.StringsResult{ 199 {Result: expectResults}, 200 {Result: nil, Error: nil}, 201 {Result: expectResults}, 202 {Error: apiservertesting.ErrUnauthorized}, 203 {Error: apiservertesting.ErrUnauthorized}, 204 {Error: apiservertesting.NotFoundError("machine 42")}, 205 {Error: apiservertesting.ErrUnauthorized}, 206 {Error: apiservertesting.ErrUnauthorized}, 207 {Error: apiservertesting.ErrUnauthorized}, 208 {Error: apiservertesting.ErrUnauthorized}, 209 {Error: apiservertesting.ErrUnauthorized}, 210 }, 211 }) 212 }