github.com/mponton/terratest@v0.44.0/modules/azure/nsg_test.go

github.com/mponton/terratest@v0.44.0/modules/azure/nsg_test.go (about)

     1  //go:build azure
     2  // +build azure
     3  
     4  // NOTE: We use build tags to differentiate azure testing because we currently do not have azure access setup for
     5  // CircleCI.
     6  
     7  package azure
     8  
     9  import (
    10  	"fmt"
    11  	"testing"
    12  
    13  	"github.com/stretchr/testify/assert"
    14  	"github.com/stretchr/testify/require"
    15  
    16  	"github.com/Azure/azure-sdk-for-go/services/network/mgmt/2019-09-01/network"
    17  )
    18  
    19  func TestPortRangeParsing(t *testing.T) {
    20  	var cases = []struct {
    21  		portRange    string
    22  		expectedLo   int
    23  		expectedHi   int
    24  		expectsError bool
    25  	}{
    26  		{"22", 22, 22, false},
    27  		{"22-80", 22, 80, false},
    28  		{"*", 0, 65535, false},
    29  		{"*-*", 0, 0, true},
    30  		{"22-", 0, 0, true},
    31  		{"-80", 0, 0, true},
    32  		{"-", 0, 0, true},
    33  		{"80-22", 22, 80, false},
    34  	}
    35  
    36  	for _, tt := range cases {
    37  		t.Run(tt.portRange, func(t *testing.T) {
    38  			lo, hi, err := parsePortRangeString(tt.portRange)
    39  			if !tt.expectsError {
    40  				require.NoError(t, err)
    41  			}
    42  			assert.Equal(t, tt.expectedLo, int(lo))
    43  			assert.Equal(t, tt.expectedHi, int(hi))
    44  		})
    45  	}
    46  }
    47  
    48  func TestNsgRuleSummaryConversion(t *testing.T) {
    49  	// Quick test to make sure the safe nil handling is working
    50  	name := "test name"
    51  	sdkStruct := network.SecurityRulePropertiesFormat{}
    52  
    53  	// Verify the nil values were correctly defaulted to "" without a panic
    54  	result := convertToNsgRuleSummary(&name, &sdkStruct)
    55  	assert.Equal(t, "", result.Description)
    56  	assert.Equal(t, "", result.SourcePortRange)
    57  	assert.Equal(t, "", result.DestinationPortRange)
    58  	assert.Equal(t, "", result.SourceAddressPrefix)
    59  	assert.Equal(t, "", result.DestinationAddressPrefix)
    60  	assert.Equal(t, int32(0), result.Priority)
    61  }
    62  
    63  func TestAllowSourcePort(t *testing.T) {
    64  	var cases = []struct {
    65  		CaseName        string
    66  		SourcePortRange string
    67  		Access          string
    68  		TestPort        string
    69  		Result          bool
    70  	}{
    71  		{"22 allowed", "22", "Allow", "22", true},
    72  		{"22 denied", "22", "Deny", "22", false},
    73  		{"22 doesn't allow 80", "22", "Allow", "80", false},
    74  		{"Any allows any", "*", "Allow", "*", true},
    75  		{"Allows a range of ports", "80-90", "Allow", "80", true},
    76  		{"Allows a range of ports", "80-90", "Allow", "85", true},
    77  		{"Allows a range of ports", "80-90", "Allow", "90", true},
    78  		{"Blocks a range of ports", "80-90", "Deny", "80", false},
    79  		{"Blocks a range of ports", "80-90", "Deny", "85", false},
    80  		{"Blocks a range of ports", "80-90", "Deny", "90", false},
    81  	}
    82  
    83  	for _, tt := range cases {
    84  		t.Run(tt.CaseName, func(t *testing.T) {
    85  			summary := NsgRuleSummary{}
    86  			summary.SourcePortRange = tt.SourcePortRange
    87  			summary.Access = tt.Access
    88  			result := summary.AllowsSourcePort(t, tt.TestPort)
    89  			assert.Equal(t, tt.Result, result)
    90  		})
    91  	}
    92  }
    93  
    94  func TestAllowDestinationPort(t *testing.T) {
    95  	var cases = []struct {
    96  		CaseName        string
    97  		SourcePortRange string
    98  		Access          string
    99  		TestPort        string
   100  		Result          bool
   101  	}{
   102  		{"22 allowed", "22", "Allow", "22", true},
   103  		{"22 denied", "22", "Deny", "22", false},
   104  		{"22 doesn't allow 80", "22", "Allow", "80", false},
   105  		{"Any allows any", "*", "Allow", "*", true},
   106  		{"Allows a range of ports", "80-90", "Allow", "80", true},
   107  		{"Allows a range of ports", "80-90", "Allow", "85", true},
   108  		{"Allows a range of ports", "80-90", "Allow", "90", true},
   109  		{"Blocks a range of ports", "80-90", "Deny", "80", false},
   110  		{"Blocks a range of ports", "80-90", "Deny", "85", false},
   111  		{"Blocks a range of ports", "80-90", "Deny", "90", false},
   112  	}
   113  
   114  	for _, tt := range cases {
   115  		t.Run(tt.CaseName, func(t *testing.T) {
   116  			summary := NsgRuleSummary{}
   117  			summary.DestinationPortRange = tt.SourcePortRange
   118  			summary.Access = tt.Access
   119  			result := summary.AllowsDestinationPort(t, tt.TestPort)
   120  			assert.Equal(t, tt.Result, result)
   121  		})
   122  	}
   123  }
   124  
   125  func TestFindSummarizedRule(t *testing.T) {
   126  	var cases = []struct {
   127  		SearchString string
   128  		Result       bool
   129  	}{
   130  		{"rule_1", true},
   131  		{"rule_2", true},
   132  		{"rule_3", true},
   133  		{"rule_4", true},
   134  		{"rule_5", true},
   135  		{"rule_6", false},
   136  		{"", false},
   137  		{"foo", false},
   138  	}
   139  
   140  	ruleList := NsgRuleSummaryList{}
   141  	rules := make([]NsgRuleSummary, 0)
   142  
   143  	// Create some base rules
   144  	for i := 1; i <= 5; i++ {
   145  		rule := NsgRuleSummary{}
   146  		rule.Name = fmt.Sprintf("rule_%d", i)
   147  		rules = append(rules, rule)
   148  	}
   149  	ruleList.SummarizedRules = rules
   150  
   151  	for _, tt := range cases {
   152  		t.Run(tt.SearchString, func(t *testing.T) {
   153  			match := ruleList.FindRuleByName(tt.SearchString)
   154  			if tt.Result {
   155  				assert.Equal(t, tt.SearchString, match.Name)
   156  			} else {
   157  				assert.Equal(t, match, NsgRuleSummary{})
   158  			}
   159  		})
   160  	}
   161  }