github.com/juju/juju@v0.0.0-20240430160146-1752b71fcf00/tests/suites/firewall/ssh_allow.sh (about) 1 run_firewall_ssh() { 2 echo 3 4 file="${TEST_DIR}/network-health.txt" 5 6 ensure "firewall-ssh" "${file}" 7 8 juju add-machine 9 wait_for_machine_agent_status "0" "started" 10 11 echo "==> Verifying default setting" 12 juju model-config ssh-allow | check "0.0.0.0/0,::/0" 13 model_uuid=$(juju show-model --format json | jq -r '.["firewall-ssh"]["model-uuid"]') 14 secgroup=$(aws ec2 describe-security-groups | jq -r ".SecurityGroups[] | select(.GroupName == \"juju-${model_uuid}\")") 15 echo $secgroup | jq -r ".IpPermissions[] | select(.FromPort == 22) | .IpRanges[0].CidrIp" | check "0.0.0.0/0" 16 echo $secgroup | jq -r ".IpPermissions[] | select(.FromPort == 22) | .Ipv6Ranges[0].CidrIpv6" | check "::/0" 17 18 echo "==> Verifying changed setting" 19 juju model-config ssh-allow="192.168.0.0/24" 20 attempt=0 21 while true; do 22 secgroup=$(aws ec2 describe-security-groups | jq -r ".SecurityGroups[] | select(.GroupName == \"juju-${model_uuid}\")") 23 ingress=$(echo $secgroup | jq -r ".IpPermissions[] | select(.FromPort == 22) | .IpRanges[0].CidrIp") 24 ingressv6=$(echo $secgroup | jq -r ".IpPermissions[] | select(.FromPort == 22) | .IpRanges[0].CidrIpv6") 25 if [ "${ingress}" == "192.168.0.0/24" ] && [ "${ingressv6}" == "null" ]; then 26 break 27 fi 28 if [ $attempt -eq 5 ]; then 29 echo "$(red 'timeout: waiting for ssh allow to update in aws')" 30 fi 31 attempt=$((attempt + 1)) 32 sleep 1 33 done 34 } 35 36 test_firewall_ssh() { 37 if [ "$(skip 'test_firewall_ssh')" ]; then 38 echo "==> TEST SKIPPED: test_firewall_ssh" 39 return 40 fi 41 42 ( 43 set_verbosity 44 45 cd .. || exit 46 47 run "run_firewall_ssh" 48 ) 49 }