github.com/niedbalski/juju@v0.0.0-20190215020005-8ff100488e47/apiserver/common/firewall/firewall_test.go (about) 1 // Copyright 2017 Canonical Ltd. 2 // Licensed under the AGPLv3, see LICENCE file for details. 3 4 package firewall_test 5 6 import ( 7 jc "github.com/juju/testing/checkers" 8 gc "gopkg.in/check.v1" 9 "gopkg.in/juju/charm.v6" 10 "gopkg.in/juju/names.v2" 11 12 "github.com/juju/juju/apiserver/common" 13 "github.com/juju/juju/apiserver/common/firewall" 14 "github.com/juju/juju/apiserver/params" 15 apiservertesting "github.com/juju/juju/apiserver/testing" 16 "github.com/juju/juju/network" 17 "github.com/juju/juju/state" 18 coretesting "github.com/juju/juju/testing" 19 ) 20 21 var _ = gc.Suite(&FirewallSuite{}) 22 23 type FirewallSuite struct { 24 coretesting.BaseSuite 25 26 resources *common.Resources 27 authorizer *apiservertesting.FakeAuthorizer 28 st *mockState 29 } 30 31 func (s *FirewallSuite) SetUpTest(c *gc.C) { 32 s.BaseSuite.SetUpTest(c) 33 34 s.resources = common.NewResources() 35 s.AddCleanup(func(_ *gc.C) { s.resources.StopAll() }) 36 37 s.authorizer = &apiservertesting.FakeAuthorizer{ 38 Tag: names.NewMachineTag("0"), 39 Controller: true, 40 } 41 42 s.st = newMockState(coretesting.ModelTag.Id()) 43 } 44 45 func (s *FirewallSuite) TestWatchEgressAddressesForRelations(c *gc.C) { 46 db2Relation := newMockRelation(123) 47 db2Relation.ruwApp = "django" 48 // Initial event. 49 db2Relation.ew.changes <- []string{} 50 db2Relation.endpoints = []state.Endpoint{ 51 { 52 ApplicationName: "django", 53 Relation: charm.Relation{ 54 Name: "db", 55 Interface: "db2", 56 Role: "requirer", 57 Limit: 1, 58 Scope: charm.ScopeGlobal, 59 }, 60 }, 61 } 62 s.st.relations["remote-db2:db django:db"] = db2Relation 63 s.st.remoteEntities[names.NewRelationTag("remote-db2:db django:db")] = "token-db2:db django:db" 64 // django/0 and django/1 are initially in scope 65 db2Relation.ruw.changes <- params.RelationUnitsChange{ 66 Changed: map[string]params.UnitSettings{ 67 "django/0": {}, 68 "django/1": {}, 69 }, 70 } 71 72 unit := newMockUnit("django/0") 73 unit.publicAddress = network.NewScopedAddress("1.2.3.4", network.ScopePublic) 74 unit.machineId = "0" 75 s.st.units["django/0"] = unit 76 unit1 := newMockUnit("django/1") 77 unit1.publicAddress = network.NewScopedAddress("4.3.2.1", network.ScopePublic) 78 unit1.machineId = "1" 79 s.st.units["django/1"] = unit1 80 s.st.machines["0"] = newMockMachine("0") 81 s.st.machines["1"] = newMockMachine("1") 82 app := newMockApplication("django") 83 app.units = []*mockUnit{unit, unit1} 84 s.st.applications["django"] = app 85 86 result, err := firewall.WatchEgressAddressesForRelations( 87 s.resources, s.st, 88 params.Entities{Entities: []params.Entity{{ 89 Tag: names.NewRelationTag("remote-db2:db django:db").String(), 90 }}}) 91 c.Assert(err, jc.ErrorIsNil) 92 c.Assert(result.Results, gc.HasLen, 1) 93 c.Assert(result.Results[0].Changes, jc.SameContents, []string{"1.2.3.4/32", "4.3.2.1/32"}) 94 c.Assert(result.Results[0].Error, gc.IsNil) 95 c.Assert(result.Results[0].StringsWatcherId, gc.Equals, "1") 96 97 resource := s.resources.Get("1") 98 c.Assert(resource, gc.NotNil) 99 c.Assert(resource, gc.Implements, new(state.StringsWatcher)) 100 101 s.st.CheckCallNames(c, "KeyRelation", "Application", "Unit", "Machine", "Unit", "Machine") 102 s.st.CheckCall(c, 0, "KeyRelation", "remote-db2:db django:db") 103 s.st.CheckCall(c, 1, "Application", "django") 104 105 django0Call := s.st.Calls()[2] 106 django0MachineCall := s.st.Calls()[3] 107 django1Call := s.st.Calls()[4] 108 django1MachineCall := s.st.Calls()[5] 109 110 c.Assert(django0Call.Args, gc.HasLen, 1) 111 if django0Call.Args[0] == "django/1" { 112 django0Call, django1Call = django1Call, django0Call 113 django0MachineCall, django1MachineCall = django1MachineCall, django0MachineCall 114 } 115 c.Assert(django0Call.Args, jc.DeepEquals, []interface{}{"django/0"}) 116 c.Assert(django0MachineCall.Args, jc.DeepEquals, []interface{}{"0"}) 117 c.Assert(django1Call.Args, jc.DeepEquals, []interface{}{"django/1"}) 118 c.Assert(django1MachineCall.Args, jc.DeepEquals, []interface{}{"1"}) 119 } 120 121 func (s *FirewallSuite) TestWatchEgressAddressesForRelationsIgnoresProvider(c *gc.C) { 122 db2Relation := newMockRelation(123) 123 // Initial event. 124 db2Relation.ew.changes <- []string{} 125 db2Relation.endpoints = []state.Endpoint{ 126 { 127 ApplicationName: "db2", 128 Relation: charm.Relation{ 129 Name: "data", 130 Interface: "db2", 131 Role: "provider", 132 Limit: 1, 133 Scope: charm.ScopeGlobal, 134 }, 135 }, 136 } 137 138 s.st.relations["remote-db2:db django:db"] = db2Relation 139 app := newMockApplication("db2") 140 s.st.applications["db2"] = app 141 s.st.remoteEntities[names.NewRelationTag("remote-db2:db django:db")] = "token-db2:db django:db" 142 143 result, err := firewall.WatchEgressAddressesForRelations( 144 s.resources, s.st, 145 params.Entities{Entities: []params.Entity{{ 146 Tag: names.NewRelationTag("remote-db2:db django:db").String(), 147 }}}) 148 c.Assert(err, jc.ErrorIsNil) 149 c.Assert(result.Results, gc.HasLen, 1) 150 c.Assert(result.Results[0].Error, gc.ErrorMatches, "egress network for application db2 without requires endpoint not supported") 151 }