github.com/axw/juju@v0.0.0-20161005053422-4bd6544d08d4/apiserver/firewaller/firewaller_test.go (about) 1 // Copyright 2014 Canonical Ltd. 2 // Licensed under the AGPLv3, see LICENCE file for details. 3 4 package firewaller_test 5 6 import ( 7 "sort" 8 9 jc "github.com/juju/testing/checkers" 10 gc "gopkg.in/check.v1" 11 "gopkg.in/juju/names.v2" 12 13 commontesting "github.com/juju/juju/apiserver/common/testing" 14 "github.com/juju/juju/apiserver/facade" 15 "github.com/juju/juju/apiserver/firewaller" 16 "github.com/juju/juju/apiserver/params" 17 apiservertesting "github.com/juju/juju/apiserver/testing" 18 "github.com/juju/juju/state" 19 statetesting "github.com/juju/juju/state/testing" 20 ) 21 22 type firewallerSuite struct { 23 firewallerBaseSuite 24 *commontesting.ModelWatcherTest 25 26 firewaller *firewaller.FirewallerAPI 27 } 28 29 var _ = gc.Suite(&firewallerSuite{}) 30 31 func (s *firewallerSuite) SetUpTest(c *gc.C) { 32 s.firewallerBaseSuite.setUpTest(c) 33 34 _, err := s.State.AddSubnet(state.SubnetInfo{CIDR: "10.20.30.0/24"}) 35 c.Assert(err, jc.ErrorIsNil) 36 37 // Create a firewaller API for the machine. 38 firewallerAPI, err := firewaller.NewFirewallerAPI( 39 s.State, 40 s.resources, 41 s.authorizer, 42 ) 43 c.Assert(err, jc.ErrorIsNil) 44 s.firewaller = firewallerAPI 45 s.ModelWatcherTest = commontesting.NewModelWatcherTest(s.firewaller, s.State, s.resources) 46 } 47 48 func (s *firewallerSuite) TestFirewallerFailsWithNonEnvironManagerUser(c *gc.C) { 49 constructor := func(st *state.State, res facade.Resources, auth facade.Authorizer) error { 50 _, err := firewaller.NewFirewallerAPI(st, res, auth) 51 return err 52 } 53 s.testFirewallerFailsWithNonEnvironManagerUser(c, constructor) 54 } 55 56 func (s *firewallerSuite) TestLife(c *gc.C) { 57 s.testLife(c, s.firewaller) 58 } 59 60 func (s *firewallerSuite) TestInstanceId(c *gc.C) { 61 s.testInstanceId(c, s.firewaller) 62 } 63 64 func (s *firewallerSuite) TestWatchModelMachines(c *gc.C) { 65 s.testWatchModelMachines(c, s.firewaller) 66 } 67 68 func (s *firewallerSuite) TestWatch(c *gc.C) { 69 s.testWatch(c, s.firewaller, cannotWatchUnits) 70 } 71 72 func (s *firewallerSuite) TestWatchUnits(c *gc.C) { 73 s.testWatchUnits(c, s.firewaller) 74 } 75 76 func (s *firewallerSuite) TestGetExposed(c *gc.C) { 77 s.testGetExposed(c, s.firewaller) 78 } 79 80 func (s *firewallerSuite) TestGetAssignedMachine(c *gc.C) { 81 s.testGetAssignedMachine(c, s.firewaller) 82 } 83 84 func (s *firewallerSuite) openPorts(c *gc.C) { 85 // Open some ports on the units. 86 err := s.units[0].OpenPortsOnSubnet("10.20.30.0/24", "tcp", 1234, 1400) 87 c.Assert(err, jc.ErrorIsNil) 88 err = s.units[0].OpenPort("tcp", 4321) 89 c.Assert(err, jc.ErrorIsNil) 90 err = s.units[2].OpenPorts("udp", 1111, 2222) 91 c.Assert(err, jc.ErrorIsNil) 92 } 93 94 func (s *firewallerSuite) TestWatchOpenedPorts(c *gc.C) { 95 c.Assert(s.resources.Count(), gc.Equals, 0) 96 97 s.openPorts(c) 98 expectChanges := []string{ 99 "0:", // empty subnet is ok (until it can be made mandatory) 100 "0:10.20.30.0/24", 101 "2:", 102 } 103 104 fakeEnvTag := names.NewModelTag("deadbeef-deaf-face-feed-0123456789ab") 105 args := addFakeEntities(params.Entities{Entities: []params.Entity{ 106 {Tag: fakeEnvTag.String()}, 107 {Tag: s.machines[0].Tag().String()}, 108 {Tag: s.service.Tag().String()}, 109 {Tag: s.units[0].Tag().String()}, 110 }}) 111 result, err := s.firewaller.WatchOpenedPorts(args) 112 sort.Strings(result.Results[0].Changes) 113 c.Assert(err, jc.ErrorIsNil) 114 c.Assert(result, jc.DeepEquals, params.StringsWatchResults{ 115 Results: []params.StringsWatchResult{ 116 {Changes: expectChanges, StringsWatcherId: "1"}, 117 {Error: apiservertesting.ErrUnauthorized}, 118 {Error: apiservertesting.ErrUnauthorized}, 119 {Error: apiservertesting.ErrUnauthorized}, 120 {Error: apiservertesting.ErrUnauthorized}, 121 {Error: apiservertesting.ErrUnauthorized}, 122 {Error: apiservertesting.ErrUnauthorized}, 123 {Error: apiservertesting.ErrUnauthorized}, 124 {Error: apiservertesting.ErrUnauthorized}, 125 {Error: apiservertesting.ErrUnauthorized}, 126 }, 127 }) 128 129 // Verify the resource was registered and stop when done 130 c.Assert(s.resources.Count(), gc.Equals, 1) 131 c.Assert(result.Results[0].StringsWatcherId, gc.Equals, "1") 132 resource := s.resources.Get("1") 133 defer statetesting.AssertStop(c, resource) 134 135 // Check that the Watch has consumed the initial event ("returned" in 136 // the Watch call) 137 wc := statetesting.NewStringsWatcherC(c, s.State, resource.(state.StringsWatcher)) 138 wc.AssertNoChange() 139 } 140 141 func (s *firewallerSuite) TestGetMachinePorts(c *gc.C) { 142 s.openPorts(c) 143 144 subnetTag := names.NewSubnetTag("10.20.30.0/24").String() 145 args := params.MachinePortsParams{ 146 Params: []params.MachinePorts{ 147 {MachineTag: s.machines[0].Tag().String(), SubnetTag: ""}, 148 {MachineTag: s.machines[0].Tag().String(), SubnetTag: subnetTag}, 149 {MachineTag: s.machines[1].Tag().String(), SubnetTag: ""}, 150 {MachineTag: s.machines[2].Tag().String(), SubnetTag: ""}, 151 {MachineTag: s.machines[0].Tag().String(), SubnetTag: "invalid"}, 152 {MachineTag: "machine-42", SubnetTag: ""}, 153 {MachineTag: s.machines[0].Tag().String(), SubnetTag: "subnet-bad"}, 154 }, 155 } 156 unit0Tag := s.units[0].Tag().String() 157 expectPortsMachine0NoSubnet := []params.MachinePortRange{ 158 {UnitTag: unit0Tag, PortRange: params.PortRange{ 159 FromPort: 4321, ToPort: 4321, Protocol: "tcp", 160 }}, 161 } 162 expectPortsMachine0WithSubnet := []params.MachinePortRange{ 163 {UnitTag: unit0Tag, PortRange: params.PortRange{ 164 FromPort: 1234, ToPort: 1400, Protocol: "tcp", 165 }}, 166 } 167 unit2Tag := s.units[2].Tag().String() 168 expectPortsMachine2 := []params.MachinePortRange{ 169 {UnitTag: unit2Tag, PortRange: params.PortRange{ 170 FromPort: 1111, ToPort: 2222, Protocol: "udp", 171 }}, 172 } 173 result, err := s.firewaller.GetMachinePorts(args) 174 c.Assert(err, jc.ErrorIsNil) 175 c.Assert(result, jc.DeepEquals, params.MachinePortsResults{ 176 Results: []params.MachinePortsResult{ 177 {Ports: expectPortsMachine0NoSubnet}, 178 {Ports: expectPortsMachine0WithSubnet}, 179 {Error: nil, Ports: nil}, 180 {Ports: expectPortsMachine2}, 181 {Error: apiservertesting.ServerError(`"invalid" is not a valid tag`)}, 182 {Error: apiservertesting.NotFoundError("machine 42")}, 183 {Error: apiservertesting.ServerError(`"subnet-bad" is not a valid subnet tag`)}, 184 }, 185 }) 186 187 } 188 189 func (s *firewallerSuite) TestGetMachineActiveSubnets(c *gc.C) { 190 s.openPorts(c) 191 192 subnetTag := names.NewSubnetTag("10.20.30.0/24").String() 193 args := addFakeEntities(params.Entities{Entities: []params.Entity{ 194 {Tag: s.machines[0].Tag().String()}, 195 {Tag: s.machines[1].Tag().String()}, 196 {Tag: s.machines[2].Tag().String()}, 197 {Tag: s.service.Tag().String()}, 198 {Tag: s.units[0].Tag().String()}, 199 }}) 200 expectResultsMachine0 := []string{subnetTag, ""} 201 expectResultsMachine2 := []string{""} 202 result, err := s.firewaller.GetMachineActiveSubnets(args) 203 c.Assert(err, jc.ErrorIsNil) 204 c.Assert(result, jc.DeepEquals, params.StringsResults{ 205 Results: []params.StringsResult{ 206 {Result: expectResultsMachine0}, 207 {Result: nil, Error: nil}, 208 {Result: expectResultsMachine2}, 209 {Error: apiservertesting.ServerError(`"application-wordpress" is not a valid machine tag`)}, 210 {Error: apiservertesting.ServerError(`"unit-wordpress-0" is not a valid machine tag`)}, 211 {Error: apiservertesting.NotFoundError("machine 42")}, 212 {Error: apiservertesting.ServerError(`"unit-foo-0" is not a valid machine tag`)}, 213 {Error: apiservertesting.ServerError(`"application-bar" is not a valid machine tag`)}, 214 {Error: apiservertesting.ServerError(`"user-foo" is not a valid machine tag`)}, 215 {Error: apiservertesting.ServerError(`"foo-bar" is not a valid tag`)}, 216 {Error: apiservertesting.ServerError(`"" is not a valid tag`)}, 217 }, 218 }) 219 }