github.com/mhilton/juju-juju@v0.0.0-20150901100907-a94dd2c73455/apiserver/firewaller/firewaller_test.go (about) 1 // Copyright 2014 Canonical Ltd. 2 // Licensed under the AGPLv3, see LICENCE file for details. 3 4 package firewaller_test 5 6 import ( 7 "sort" 8 9 "github.com/juju/names" 10 jc "github.com/juju/testing/checkers" 11 gc "gopkg.in/check.v1" 12 13 "github.com/juju/juju/apiserver/common" 14 commontesting "github.com/juju/juju/apiserver/common/testing" 15 "github.com/juju/juju/apiserver/firewaller" 16 "github.com/juju/juju/apiserver/params" 17 apiservertesting "github.com/juju/juju/apiserver/testing" 18 "github.com/juju/juju/network" 19 "github.com/juju/juju/state" 20 statetesting "github.com/juju/juju/state/testing" 21 ) 22 23 type firewallerSuite struct { 24 firewallerBaseSuite 25 *commontesting.EnvironWatcherTest 26 27 firewaller *firewaller.FirewallerAPI 28 } 29 30 var _ = gc.Suite(&firewallerSuite{}) 31 32 func (s *firewallerSuite) SetUpTest(c *gc.C) { 33 s.firewallerBaseSuite.setUpTest(c) 34 35 // Create a firewaller API for the machine. 36 firewallerAPI, err := firewaller.NewFirewallerAPI( 37 s.State, 38 s.resources, 39 s.authorizer, 40 ) 41 c.Assert(err, jc.ErrorIsNil) 42 s.firewaller = firewallerAPI 43 s.EnvironWatcherTest = commontesting.NewEnvironWatcherTest(s.firewaller, s.State, s.resources, commontesting.HasSecrets) 44 } 45 46 func (s *firewallerSuite) TestFirewallerFailsWithNonEnvironManagerUser(c *gc.C) { 47 constructor := func(st *state.State, res *common.Resources, auth common.Authorizer) error { 48 _, err := firewaller.NewFirewallerAPI(st, res, auth) 49 return err 50 } 51 s.testFirewallerFailsWithNonEnvironManagerUser(c, constructor) 52 } 53 54 func (s *firewallerSuite) TestLife(c *gc.C) { 55 s.testLife(c, s.firewaller) 56 } 57 58 func (s *firewallerSuite) TestInstanceId(c *gc.C) { 59 s.testInstanceId(c, s.firewaller) 60 } 61 62 func (s *firewallerSuite) TestWatchEnvironMachines(c *gc.C) { 63 s.testWatchEnvironMachines(c, s.firewaller) 64 } 65 66 func (s *firewallerSuite) TestWatch(c *gc.C) { 67 s.testWatch(c, s.firewaller, cannotWatchUnits) 68 } 69 70 func (s *firewallerSuite) TestWatchUnits(c *gc.C) { 71 s.testWatchUnits(c, s.firewaller) 72 } 73 74 func (s *firewallerSuite) TestGetExposed(c *gc.C) { 75 s.testGetExposed(c, s.firewaller) 76 } 77 78 func (s *firewallerSuite) TestOpenedPortsNotImplemented(c *gc.C) { 79 apiservertesting.AssertNotImplemented(c, s.firewaller, "OpenedPorts") 80 } 81 82 func (s *firewallerSuite) TestGetAssignedMachine(c *gc.C) { 83 s.testGetAssignedMachine(c, s.firewaller) 84 } 85 86 func (s *firewallerSuite) openPorts(c *gc.C) { 87 // Open some ports on the units. 88 err := s.units[0].OpenPorts("tcp", 1234, 1400) 89 c.Assert(err, jc.ErrorIsNil) 90 err = s.units[0].OpenPort("tcp", 4321) 91 c.Assert(err, jc.ErrorIsNil) 92 err = s.units[2].OpenPorts("udp", 1111, 2222) 93 c.Assert(err, jc.ErrorIsNil) 94 } 95 96 func (s *firewallerSuite) TestWatchOpenedPorts(c *gc.C) { 97 c.Assert(s.resources.Count(), gc.Equals, 0) 98 99 s.openPorts(c) 100 expectChanges := []string{ 101 "0:juju-public", 102 "2:juju-public", 103 } 104 105 fakeEnvTag := names.NewEnvironTag("deadbeef-deaf-face-feed-0123456789ab") 106 args := addFakeEntities(params.Entities{Entities: []params.Entity{ 107 {Tag: fakeEnvTag.String()}, 108 {Tag: s.machines[0].Tag().String()}, 109 {Tag: s.service.Tag().String()}, 110 {Tag: s.units[0].Tag().String()}, 111 }}) 112 result, err := s.firewaller.WatchOpenedPorts(args) 113 sort.Strings(result.Results[0].Changes) 114 c.Assert(err, jc.ErrorIsNil) 115 c.Assert(result, jc.DeepEquals, params.StringsWatchResults{ 116 Results: []params.StringsWatchResult{ 117 {Changes: expectChanges, StringsWatcherId: "1"}, 118 {Error: apiservertesting.ErrUnauthorized}, 119 {Error: apiservertesting.ErrUnauthorized}, 120 {Error: apiservertesting.ErrUnauthorized}, 121 {Error: apiservertesting.ErrUnauthorized}, 122 {Error: apiservertesting.ErrUnauthorized}, 123 {Error: apiservertesting.ErrUnauthorized}, 124 {Error: apiservertesting.ErrUnauthorized}, 125 {Error: apiservertesting.ErrUnauthorized}, 126 {Error: apiservertesting.ErrUnauthorized}, 127 }, 128 }) 129 130 // Verify the resource was registered and stop when done 131 c.Assert(s.resources.Count(), gc.Equals, 1) 132 c.Assert(result.Results[0].StringsWatcherId, gc.Equals, "1") 133 resource := s.resources.Get("1") 134 defer statetesting.AssertStop(c, resource) 135 136 // Check that the Watch has consumed the initial event ("returned" in 137 // the Watch call) 138 wc := statetesting.NewStringsWatcherC(c, s.State, resource.(state.StringsWatcher)) 139 wc.AssertNoChange() 140 } 141 142 func (s *firewallerSuite) TestGetMachinePorts(c *gc.C) { 143 s.openPorts(c) 144 145 networkTag := names.NewNetworkTag(network.DefaultPublic).String() 146 args := params.MachinePortsParams{ 147 Params: []params.MachinePorts{ 148 {MachineTag: s.machines[0].Tag().String(), NetworkTag: networkTag}, 149 {MachineTag: s.machines[1].Tag().String(), NetworkTag: networkTag}, 150 {MachineTag: s.machines[2].Tag().String(), NetworkTag: networkTag}, 151 {MachineTag: s.machines[0].Tag().String(), NetworkTag: "invalid"}, 152 {MachineTag: "machine-42", NetworkTag: networkTag}, 153 {MachineTag: s.machines[0].Tag().String(), NetworkTag: "network-missing"}, 154 }, 155 } 156 unit0Tag := s.units[0].Tag().String() 157 expectPortsMachine0 := []params.MachinePortRange{ 158 {UnitTag: unit0Tag, PortRange: params.PortRange{ 159 FromPort: 1234, ToPort: 1400, Protocol: "tcp", 160 }}, 161 {UnitTag: unit0Tag, PortRange: params.PortRange{ 162 FromPort: 4321, ToPort: 4321, Protocol: "tcp", 163 }}, 164 } 165 unit2Tag := s.units[2].Tag().String() 166 expectPortsMachine2 := []params.MachinePortRange{ 167 {UnitTag: unit2Tag, PortRange: params.PortRange{ 168 FromPort: 1111, ToPort: 2222, Protocol: "udp", 169 }}, 170 } 171 result, err := s.firewaller.GetMachinePorts(args) 172 c.Assert(err, jc.ErrorIsNil) 173 c.Assert(result, jc.DeepEquals, params.MachinePortsResults{ 174 Results: []params.MachinePortsResult{ 175 {Ports: expectPortsMachine0}, 176 {Error: nil, Ports: nil}, 177 {Ports: expectPortsMachine2}, 178 {Error: apiservertesting.ErrUnauthorized}, 179 {Error: apiservertesting.NotFoundError("machine 42")}, 180 {Error: nil, Ports: nil}, 181 }, 182 }) 183 184 } 185 186 func (s *firewallerSuite) TestGetMachineActiveNetworks(c *gc.C) { 187 s.openPorts(c) 188 189 args := addFakeEntities(params.Entities{Entities: []params.Entity{ 190 {Tag: s.machines[0].Tag().String()}, 191 {Tag: s.machines[1].Tag().String()}, 192 {Tag: s.machines[2].Tag().String()}, 193 {Tag: s.service.Tag().String()}, 194 {Tag: s.units[0].Tag().String()}, 195 }}) 196 networkTag := names.NewNetworkTag(network.DefaultPublic) 197 expectResults := []string{networkTag.String()} 198 result, err := s.firewaller.GetMachineActiveNetworks(args) 199 c.Assert(err, jc.ErrorIsNil) 200 c.Assert(result, jc.DeepEquals, params.StringsResults{ 201 Results: []params.StringsResult{ 202 {Result: expectResults}, 203 {Result: nil, Error: nil}, 204 {Result: expectResults}, 205 {Error: apiservertesting.ErrUnauthorized}, 206 {Error: apiservertesting.ErrUnauthorized}, 207 {Error: apiservertesting.NotFoundError("machine 42")}, 208 {Error: apiservertesting.ErrUnauthorized}, 209 {Error: apiservertesting.ErrUnauthorized}, 210 {Error: apiservertesting.ErrUnauthorized}, 211 {Error: apiservertesting.ErrUnauthorized}, 212 {Error: apiservertesting.ErrUnauthorized}, 213 }, 214 }) 215 }