github.com/gophercloud/gophercloud@v1.11.0/internal/acceptance/openstack/networking/v2/extensions/fwaas/fwaas.go (about) 1 package fwaas 2 3 import ( 4 "fmt" 5 "strconv" 6 "testing" 7 8 "github.com/gophercloud/gophercloud" 9 "github.com/gophercloud/gophercloud/internal/acceptance/tools" 10 "github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/fwaas/firewalls" 11 "github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/fwaas/policies" 12 "github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/fwaas/routerinsertion" 13 "github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/fwaas/rules" 14 th "github.com/gophercloud/gophercloud/testhelper" 15 ) 16 17 // CreateFirewall will create a Firewall with a random name and a specified 18 // policy ID. An error will be returned if the firewall could not be created. 19 func CreateFirewall(t *testing.T, client *gophercloud.ServiceClient, policyID string) (*firewalls.Firewall, error) { 20 firewallName := tools.RandomString("TESTACC-", 8) 21 firewallDescription := tools.RandomString("TESTACC-DESC-", 8) 22 23 t.Logf("Attempting to create firewall %s", firewallName) 24 25 iTrue := true 26 createOpts := firewalls.CreateOpts{ 27 Name: firewallName, 28 Description: firewallDescription, 29 PolicyID: policyID, 30 AdminStateUp: &iTrue, 31 } 32 33 firewall, err := firewalls.Create(client, createOpts).Extract() 34 if err != nil { 35 return firewall, err 36 } 37 38 t.Logf("Waiting for firewall to become active.") 39 if err := WaitForFirewallState(client, firewall.ID, "ACTIVE"); err != nil { 40 return firewall, err 41 } 42 43 t.Logf("Successfully created firewall %s", firewallName) 44 45 th.AssertEquals(t, firewall.Name, firewallName) 46 th.AssertEquals(t, firewall.Description, firewallDescription) 47 48 return firewall, nil 49 } 50 51 // CreateFirewallOnRouter will create a Firewall with a random name and a 52 // specified policy ID attached to a specified Router. An error will be 53 // returned if the firewall could not be created. 54 func CreateFirewallOnRouter(t *testing.T, client *gophercloud.ServiceClient, policyID string, routerID string) (*firewalls.Firewall, error) { 55 firewallName := tools.RandomString("TESTACC-", 8) 56 firewallDescription := tools.RandomString("TESTACC-DESC-", 8) 57 58 t.Logf("Attempting to create firewall %s", firewallName) 59 60 firewallCreateOpts := firewalls.CreateOpts{ 61 Name: firewallName, 62 Description: firewallDescription, 63 PolicyID: policyID, 64 } 65 66 createOpts := routerinsertion.CreateOptsExt{ 67 CreateOptsBuilder: firewallCreateOpts, 68 RouterIDs: []string{routerID}, 69 } 70 71 firewall, err := firewalls.Create(client, createOpts).Extract() 72 if err != nil { 73 return firewall, err 74 } 75 76 t.Logf("Waiting for firewall to become active.") 77 if err := WaitForFirewallState(client, firewall.ID, "ACTIVE"); err != nil { 78 return firewall, err 79 } 80 81 t.Logf("Successfully created firewall %s", firewallName) 82 83 th.AssertEquals(t, firewall.Name, firewallName) 84 th.AssertEquals(t, firewall.Description, firewallDescription) 85 86 return firewall, nil 87 } 88 89 // CreatePolicy will create a Firewall Policy with a random name and given 90 // rule. An error will be returned if the rule could not be created. 91 func CreatePolicy(t *testing.T, client *gophercloud.ServiceClient, ruleID string) (*policies.Policy, error) { 92 policyName := tools.RandomString("TESTACC-", 8) 93 policyDescription := tools.RandomString("TESTACC-DESC-", 8) 94 95 t.Logf("Attempting to create policy %s", policyName) 96 97 createOpts := policies.CreateOpts{ 98 Name: policyName, 99 Description: policyDescription, 100 Rules: []string{ 101 ruleID, 102 }, 103 } 104 105 policy, err := policies.Create(client, createOpts).Extract() 106 if err != nil { 107 return policy, err 108 } 109 110 t.Logf("Successfully created policy %s", policyName) 111 112 th.AssertEquals(t, policy.Name, policyName) 113 th.AssertEquals(t, policy.Description, policyDescription) 114 th.AssertEquals(t, len(policy.Rules), 1) 115 116 return policy, nil 117 } 118 119 // CreateRule will create a Firewall Rule with a random source address and 120 // source port, destination address and port. An error will be returned if 121 // the rule could not be created. 122 func CreateRule(t *testing.T, client *gophercloud.ServiceClient) (*rules.Rule, error) { 123 ruleName := tools.RandomString("TESTACC-", 8) 124 sourceAddress := fmt.Sprintf("192.168.1.%d", tools.RandomInt(1, 100)) 125 sourcePort := strconv.Itoa(tools.RandomInt(1, 100)) 126 destinationAddress := fmt.Sprintf("192.168.2.%d", tools.RandomInt(1, 100)) 127 destinationPort := strconv.Itoa(tools.RandomInt(1, 100)) 128 129 t.Logf("Attempting to create rule %s with source %s:%s and destination %s:%s", 130 ruleName, sourceAddress, sourcePort, destinationAddress, destinationPort) 131 132 createOpts := rules.CreateOpts{ 133 Name: ruleName, 134 Protocol: rules.ProtocolTCP, 135 Action: "allow", 136 SourceIPAddress: sourceAddress, 137 SourcePort: sourcePort, 138 DestinationIPAddress: destinationAddress, 139 DestinationPort: destinationPort, 140 } 141 142 rule, err := rules.Create(client, createOpts).Extract() 143 if err != nil { 144 return rule, err 145 } 146 147 t.Logf("Rule %s successfully created", ruleName) 148 149 th.AssertEquals(t, rule.Name, ruleName) 150 th.AssertEquals(t, rule.Protocol, rules.ProtocolTCP) 151 th.AssertEquals(t, rule.SourceIPAddress, sourceAddress) 152 th.AssertEquals(t, rule.SourcePort, sourcePort) 153 th.AssertEquals(t, rule.DestinationIPAddress, destinationAddress) 154 th.AssertEquals(t, rule.DestinationPort, destinationPort) 155 156 return rule, nil 157 } 158 159 // DeleteFirewall will delete a firewall with a specified ID. A fatal error 160 // will occur if the delete was not successful. This works best when used as 161 // a deferred function. 162 func DeleteFirewall(t *testing.T, client *gophercloud.ServiceClient, firewallID string) { 163 t.Logf("Attempting to delete firewall: %s", firewallID) 164 165 err := firewalls.Delete(client, firewallID).ExtractErr() 166 if err != nil { 167 t.Fatalf("Unable to delete firewall %s: %v", firewallID, err) 168 } 169 170 t.Logf("Waiting for firewall to delete.") 171 if err := WaitForFirewallState(client, firewallID, "DELETED"); err != nil { 172 t.Logf("Unable to delete firewall: %s", firewallID) 173 } 174 175 t.Logf("Firewall deleted: %s", firewallID) 176 } 177 178 // DeletePolicy will delete a policy with a specified ID. A fatal error will 179 // occur if the delete was not successful. This works best when used as a 180 // deferred function. 181 func DeletePolicy(t *testing.T, client *gophercloud.ServiceClient, policyID string) { 182 t.Logf("Attempting to delete policy: %s", policyID) 183 184 err := policies.Delete(client, policyID).ExtractErr() 185 if err != nil { 186 t.Fatalf("Unable to delete policy %s: %v", policyID, err) 187 } 188 189 t.Logf("Deleted policy: %s", policyID) 190 } 191 192 // DeleteRule will delete a rule with a specified ID. A fatal error will occur 193 // if the delete was not successful. This works best when used as a deferred 194 // function. 195 func DeleteRule(t *testing.T, client *gophercloud.ServiceClient, ruleID string) { 196 t.Logf("Attempting to delete rule: %s", ruleID) 197 198 err := rules.Delete(client, ruleID).ExtractErr() 199 if err != nil { 200 t.Fatalf("Unable to delete rule %s: %v", ruleID, err) 201 } 202 203 t.Logf("Deleted rule: %s", ruleID) 204 } 205 206 // WaitForFirewallState will wait until a firewall reaches a given state. 207 func WaitForFirewallState(client *gophercloud.ServiceClient, firewallID, status string) error { 208 return tools.WaitFor(func() (bool, error) { 209 current, err := firewalls.Get(client, firewallID).Extract() 210 if err != nil { 211 if httpStatus, ok := err.(gophercloud.ErrDefault404); ok { 212 if httpStatus.Actual == 404 { 213 if status == "DELETED" { 214 return true, nil 215 } 216 } 217 } 218 return false, err 219 } 220 221 if current.Status == status { 222 return true, nil 223 } 224 225 return false, nil 226 }) 227 }