github.com/niedbalski/juju@v0.0.0-20190215020005-8ff100488e47/provider/gce/google/conn_network_test.go (about) 1 // Copyright 2014 Canonical Ltd. 2 // Licensed under the AGPLv3, see LICENCE file for details. 3 4 package google_test 5 6 import ( 7 "regexp" 8 "sort" 9 10 "github.com/juju/collections/set" 11 "github.com/juju/errors" 12 jc "github.com/juju/testing/checkers" 13 "google.golang.org/api/compute/v1" 14 gc "gopkg.in/check.v1" 15 16 "github.com/juju/juju/network" 17 "github.com/juju/juju/provider/gce/google" 18 ) 19 20 func (s *connSuite) TestConnectionIngressRules(c *gc.C) { 21 s.FakeConn.Firewalls = []*compute.Firewall{{ 22 Name: "spam", 23 TargetTags: []string{"spam"}, 24 SourceRanges: []string{"10.0.0.0/24", "192.168.1.0/24"}, 25 Allowed: []*compute.FirewallAllowed{ 26 { 27 IPProtocol: "tcp", 28 Ports: []string{"80-81", "92"}, 29 }, { 30 IPProtocol: "udp", 31 Ports: []string{"443", "100-120"}, 32 }, 33 }, 34 }} 35 36 ports, err := s.Conn.IngressRules("spam") 37 c.Assert(err, jc.ErrorIsNil) 38 c.Check( 39 ports, jc.DeepEquals, 40 []network.IngressRule{ 41 network.MustNewIngressRule( 42 "tcp", 80, 81, "10.0.0.0/24", "192.168.1.0/24"), 43 network.MustNewIngressRule( 44 "tcp", 92, 92, "10.0.0.0/24", "192.168.1.0/24"), 45 network.MustNewIngressRule( 46 "udp", 100, 120, "10.0.0.0/24", "192.168.1.0/24"), 47 network.MustNewIngressRule( 48 "udp", 443, 443, "10.0.0.0/24", "192.168.1.0/24")}) 49 } 50 51 func (s *connSuite) TestConnectionIngressRulesCollapse(c *gc.C) { 52 s.FakeConn.Firewalls = []*compute.Firewall{{ 53 Name: "spam", 54 TargetTags: []string{"spam"}, 55 SourceRanges: []string{"10.0.0.0/24", "192.168.1.0/24"}, 56 Allowed: []*compute.FirewallAllowed{{ 57 IPProtocol: "tcp", 58 Ports: []string{"81"}, 59 }, { 60 IPProtocol: "tcp", 61 Ports: []string{"82"}, 62 }, { 63 IPProtocol: "tcp", 64 Ports: []string{"80"}, 65 }, { 66 IPProtocol: "tcp", 67 Ports: []string{"83"}, 68 }, { 69 IPProtocol: "tcp", 70 Ports: []string{"92"}, 71 }}, 72 }} 73 74 ports, err := s.Conn.IngressRules("spam") 75 c.Assert(err, jc.ErrorIsNil) 76 c.Check( 77 ports, jc.DeepEquals, 78 []network.IngressRule{ 79 network.MustNewIngressRule( 80 "tcp", 80, 83, "10.0.0.0/24", "192.168.1.0/24"), 81 network.MustNewIngressRule( 82 "tcp", 92, 92, "10.0.0.0/24", "192.168.1.0/24")}) 83 } 84 85 func (s *connSuite) TestConnectionIngressRulesDefaultCIDR(c *gc.C) { 86 s.FakeConn.Firewalls = []*compute.Firewall{{ 87 Name: "spam", 88 TargetTags: []string{"spam"}, 89 Allowed: []*compute.FirewallAllowed{{ 90 IPProtocol: "tcp", 91 Ports: []string{"80-81", "92"}, 92 }}, 93 }} 94 95 ports, err := s.Conn.IngressRules("spam") 96 c.Assert(err, jc.ErrorIsNil) 97 c.Check( 98 ports, jc.DeepEquals, 99 []network.IngressRule{ 100 network.MustNewIngressRule( 101 "tcp", 80, 81, "0.0.0.0/0"), 102 network.MustNewIngressRule( 103 "tcp", 92, 92, "0.0.0.0/0")}) 104 } 105 106 func (s *connSuite) TestConnectionPortsAPI(c *gc.C) { 107 s.FakeConn.Firewalls = []*compute.Firewall{{ 108 Name: "spam", 109 TargetTags: []string{"spam"}, 110 SourceRanges: []string{"0.0.0.0/0"}, 111 Allowed: []*compute.FirewallAllowed{{ 112 IPProtocol: "tcp", 113 Ports: []string{"80-81"}, 114 }}, 115 }} 116 117 _, err := s.Conn.IngressRules("eggs") 118 c.Assert(err, jc.ErrorIsNil) 119 120 c.Check(s.FakeConn.Calls, gc.HasLen, 1) 121 c.Check(s.FakeConn.Calls[0].FuncName, gc.Equals, "GetFirewalls") 122 c.Check(s.FakeConn.Calls[0].ProjectID, gc.Equals, "spam") 123 c.Check(s.FakeConn.Calls[0].Name, gc.Equals, "eggs") 124 } 125 126 func (s *connSuite) TestConnectionOpenPortsAdd(c *gc.C) { 127 s.FakeConn.Err = errors.NotFoundf("spam") 128 129 rule := network.MustNewIngressRule("tcp", 80, 81) // leave out CIDR to check default 130 rule2 := network.MustNewIngressRule("udp", 80, 81, "0.0.0.0/0") 131 rule3 := network.MustNewIngressRule("tcp", 100, 120, "192.168.1.0/24", "10.0.0.0/24") 132 rule4 := network.MustNewIngressRule("udp", 67, 67, "10.0.0.0/24") 133 err := s.Conn.OpenPortsWithNamer("spam", google.HashSuffixNamer, rule, rule2, rule3, rule4) 134 c.Assert(err, jc.ErrorIsNil) 135 136 c.Check(s.FakeConn.Calls, gc.HasLen, 4) 137 c.Check(s.FakeConn.Calls[0].FuncName, gc.Equals, "GetFirewalls") 138 c.Check(s.FakeConn.Calls[1].FuncName, gc.Equals, "AddFirewall") 139 c.Check(s.FakeConn.Calls[1].Firewall, jc.DeepEquals, &compute.Firewall{ 140 Name: "spam-4eebe8d7a9", 141 TargetTags: []string{"spam"}, 142 SourceRanges: []string{"192.168.1.0/24", "10.0.0.0/24"}, 143 Allowed: []*compute.FirewallAllowed{{ 144 IPProtocol: "tcp", 145 Ports: []string{"100-120"}, 146 }}, 147 }) 148 c.Check(s.FakeConn.Calls[2].FuncName, gc.Equals, "AddFirewall") 149 c.Check(s.FakeConn.Calls[2].Firewall, jc.DeepEquals, &compute.Firewall{ 150 Name: "spam-a34d80f7b6", 151 TargetTags: []string{"spam"}, 152 SourceRanges: []string{"10.0.0.0/24"}, 153 Allowed: []*compute.FirewallAllowed{{ 154 IPProtocol: "udp", 155 Ports: []string{"67"}, 156 }}, 157 }) 158 c.Check(s.FakeConn.Calls[3].FuncName, gc.Equals, "AddFirewall") 159 c.Check(s.FakeConn.Calls[3].Firewall, jc.DeepEquals, &compute.Firewall{ 160 Name: "spam", 161 TargetTags: []string{"spam"}, 162 SourceRanges: []string{"0.0.0.0/0"}, 163 Allowed: []*compute.FirewallAllowed{{ 164 IPProtocol: "tcp", 165 Ports: []string{"80-81"}, 166 }, { 167 IPProtocol: "udp", 168 Ports: []string{"80-81"}, 169 }}, 170 }) 171 } 172 173 func (s *connSuite) TestConnectionOpenPortsUpdateSameCIDR(c *gc.C) { 174 s.FakeConn.Firewalls = []*compute.Firewall{{ 175 Name: "spam-ad7554", 176 TargetTags: []string{"spam"}, 177 SourceRanges: []string{"192.168.1.0/24", "10.0.0.0/24"}, 178 Allowed: []*compute.FirewallAllowed{{ 179 IPProtocol: "tcp", 180 Ports: []string{"80-81"}, 181 }}, 182 }} 183 184 rules := network.MustNewIngressRule("tcp", 443, 443, "192.168.1.0/24", "10.0.0.0/24") 185 err := s.Conn.OpenPortsWithNamer("spam", google.HashSuffixNamer, rules) 186 c.Assert(err, jc.ErrorIsNil) 187 188 c.Check(s.FakeConn.Calls, gc.HasLen, 2) 189 c.Check(s.FakeConn.Calls[0].FuncName, gc.Equals, "GetFirewalls") 190 c.Check(s.FakeConn.Calls[1].FuncName, gc.Equals, "UpdateFirewall") 191 sort.Strings(s.FakeConn.Calls[1].Firewall.Allowed[0].Ports) 192 c.Check(s.FakeConn.Calls[1].Firewall, jc.DeepEquals, &compute.Firewall{ 193 Name: "spam-ad7554", 194 TargetTags: []string{"spam"}, 195 SourceRanges: []string{"10.0.0.0/24", "192.168.1.0/24"}, 196 Allowed: []*compute.FirewallAllowed{{ 197 IPProtocol: "tcp", 198 Ports: []string{"443", "80-81"}, 199 }}, 200 }) 201 } 202 203 func (s *connSuite) TestConnectionOpenPortsUpdateAddCIDR(c *gc.C) { 204 s.FakeConn.Firewalls = []*compute.Firewall{{ 205 Name: "spam-arbitrary-name", 206 TargetTags: []string{"spam"}, 207 SourceRanges: []string{"192.168.1.0/24"}, 208 Allowed: []*compute.FirewallAllowed{{ 209 IPProtocol: "tcp", 210 Ports: []string{"80-81"}, 211 }}, 212 }} 213 214 rules := network.MustNewIngressRule("tcp", 80, 81, "10.0.0.0/24") 215 err := s.Conn.OpenPortsWithNamer("spam", google.HashSuffixNamer, rules) 216 c.Assert(err, jc.ErrorIsNil) 217 218 c.Check(s.FakeConn.Calls, gc.HasLen, 2) 219 c.Check(s.FakeConn.Calls[0].FuncName, gc.Equals, "GetFirewalls") 220 c.Check(s.FakeConn.Calls[1].FuncName, gc.Equals, "UpdateFirewall") 221 sort.Strings(s.FakeConn.Calls[1].Firewall.Allowed[0].Ports) 222 c.Check(s.FakeConn.Calls[1].Name, gc.Equals, "spam-arbitrary-name") 223 c.Check(s.FakeConn.Calls[1].Firewall, jc.DeepEquals, &compute.Firewall{ 224 Name: "spam-arbitrary-name", 225 TargetTags: []string{"spam"}, 226 SourceRanges: []string{"10.0.0.0/24", "192.168.1.0/24"}, 227 Allowed: []*compute.FirewallAllowed{{ 228 IPProtocol: "tcp", 229 Ports: []string{"80-81"}, 230 }}, 231 }) 232 } 233 234 func (s *connSuite) TestConnectionOpenPortsUpdateAndAdd(c *gc.C) { 235 s.FakeConn.Firewalls = []*compute.Firewall{{ 236 Name: "spam-d01a82", 237 TargetTags: []string{"spam"}, 238 SourceRanges: []string{"192.168.1.0/24"}, 239 Allowed: []*compute.FirewallAllowed{{ 240 IPProtocol: "tcp", 241 Ports: []string{"80-81"}, 242 }}, 243 }, { 244 Name: "spam-8e65efabcd", 245 TargetTags: []string{"spam"}, 246 SourceRanges: []string{"172.0.0.0/24"}, 247 Allowed: []*compute.FirewallAllowed{{ 248 IPProtocol: "tcp", 249 Ports: []string{"100-120", "443"}, 250 }}, 251 }} 252 253 rule1 := network.MustNewIngressRule("tcp", 443, 443, "192.168.1.0/24") 254 rule2 := network.MustNewIngressRule("tcp", 80, 100, "10.0.0.0/24") 255 rule3 := network.MustNewIngressRule("tcp", 443, 443, "10.0.0.0/24") 256 rule4 := network.MustNewIngressRule("udp", 67, 67, "172.0.0.0/24") 257 err := s.Conn.OpenPortsWithNamer("spam", google.HashSuffixNamer, rule1, rule2, rule3, rule4) 258 c.Assert(err, jc.ErrorIsNil) 259 260 c.Check(s.FakeConn.Calls, gc.HasLen, 4) 261 c.Check(s.FakeConn.Calls[0].FuncName, gc.Equals, "GetFirewalls") 262 c.Check(s.FakeConn.Calls[1].FuncName, gc.Equals, "UpdateFirewall") 263 sort.Strings(s.FakeConn.Calls[1].Firewall.Allowed[0].Ports) 264 c.Check(s.FakeConn.Calls[1].Name, gc.Equals, "spam-8e65efabcd") 265 c.Check(s.FakeConn.Calls[1].Firewall, jc.DeepEquals, &compute.Firewall{ 266 Name: "spam-8e65efabcd", 267 TargetTags: []string{"spam"}, 268 SourceRanges: []string{"172.0.0.0/24"}, 269 Allowed: []*compute.FirewallAllowed{{ 270 IPProtocol: "tcp", 271 Ports: []string{"100-120", "443"}, 272 }, { 273 IPProtocol: "udp", 274 Ports: []string{"67"}, 275 }}, 276 }) 277 c.Check(s.FakeConn.Calls[2].FuncName, gc.Equals, "AddFirewall") 278 sort.Strings(s.FakeConn.Calls[2].Firewall.Allowed[0].Ports) 279 c.Check(s.FakeConn.Calls[2].Firewall, jc.DeepEquals, &compute.Firewall{ 280 Name: "spam-a34d80f7b6", 281 TargetTags: []string{"spam"}, 282 SourceRanges: []string{"10.0.0.0/24"}, 283 Allowed: []*compute.FirewallAllowed{{ 284 IPProtocol: "tcp", 285 Ports: []string{"443", "80-100"}, 286 }}, 287 }) 288 c.Check(s.FakeConn.Calls[3].FuncName, gc.Equals, "UpdateFirewall") 289 sort.Strings(s.FakeConn.Calls[3].Firewall.Allowed[0].Ports) 290 c.Check(s.FakeConn.Calls[3].Name, gc.Equals, "spam-d01a82") 291 c.Check(s.FakeConn.Calls[3].Firewall, jc.DeepEquals, &compute.Firewall{ 292 Name: "spam-d01a82", 293 TargetTags: []string{"spam"}, 294 SourceRanges: []string{"192.168.1.0/24"}, 295 Allowed: []*compute.FirewallAllowed{{ 296 IPProtocol: "tcp", 297 Ports: []string{"443", "80-81"}, 298 }}, 299 }) 300 } 301 302 func (s *connSuite) TestConnectionClosePortsRemove(c *gc.C) { 303 s.FakeConn.Firewalls = []*compute.Firewall{{ 304 Name: "spam", 305 TargetTags: []string{"spam"}, 306 SourceRanges: []string{"0.0.0.0/0"}, 307 Allowed: []*compute.FirewallAllowed{{ 308 IPProtocol: "tcp", 309 Ports: []string{"443"}, 310 }}, 311 }} 312 313 rule := network.MustNewIngressRule("tcp", 443, 443) 314 err := s.Conn.ClosePorts("spam", rule) 315 c.Assert(err, jc.ErrorIsNil) 316 317 c.Check(s.FakeConn.Calls, gc.HasLen, 2) 318 c.Check(s.FakeConn.Calls[0].FuncName, gc.Equals, "GetFirewalls") 319 c.Check(s.FakeConn.Calls[1].FuncName, gc.Equals, "RemoveFirewall") 320 c.Check(s.FakeConn.Calls[1].Name, gc.Equals, "spam") 321 } 322 323 func (s *connSuite) TestConnectionClosePortsUpdate(c *gc.C) { 324 s.FakeConn.Firewalls = []*compute.Firewall{{ 325 Name: "spam", 326 TargetTags: []string{"spam"}, 327 SourceRanges: []string{"0.0.0.0/0"}, 328 Allowed: []*compute.FirewallAllowed{{ 329 IPProtocol: "tcp", 330 Ports: []string{"80-81", "443"}, 331 }}, 332 }} 333 334 rule := network.MustNewIngressRule("tcp", 443, 443) 335 err := s.Conn.ClosePorts("spam", rule) 336 c.Assert(err, jc.ErrorIsNil) 337 338 c.Check(s.FakeConn.Calls, gc.HasLen, 2) 339 c.Check(s.FakeConn.Calls[0].FuncName, gc.Equals, "GetFirewalls") 340 c.Check(s.FakeConn.Calls[1].FuncName, gc.Equals, "UpdateFirewall") 341 sort.Strings(s.FakeConn.Calls[1].Firewall.Allowed[0].Ports) 342 c.Check(s.FakeConn.Calls[1].Firewall, jc.DeepEquals, &compute.Firewall{ 343 Name: "spam", 344 TargetTags: []string{"spam"}, 345 SourceRanges: []string{"0.0.0.0/0"}, 346 Allowed: []*compute.FirewallAllowed{{ 347 IPProtocol: "tcp", 348 Ports: []string{"80-81"}, 349 }}, 350 }) 351 } 352 353 func (s *connSuite) TestConnectionClosePortsCollapseUpdate(c *gc.C) { 354 s.FakeConn.Firewalls = []*compute.Firewall{{ 355 Name: "spam", 356 TargetTags: []string{"spam"}, 357 SourceRanges: []string{"0.0.0.0/0"}, 358 Allowed: []*compute.FirewallAllowed{{ 359 IPProtocol: "tcp", 360 Ports: []string{"80-80", "100-120", "81-81", "82-82"}, 361 }}, 362 }} 363 364 rule := network.MustNewIngressRule("tcp", 80, 82) 365 err := s.Conn.ClosePorts("spam", rule) 366 c.Assert(err, jc.ErrorIsNil) 367 368 c.Check(s.FakeConn.Calls, gc.HasLen, 2) 369 c.Check(s.FakeConn.Calls[0].FuncName, gc.Equals, "GetFirewalls") 370 c.Check(s.FakeConn.Calls[1].FuncName, gc.Equals, "UpdateFirewall") 371 sort.Strings(s.FakeConn.Calls[1].Firewall.Allowed[0].Ports) 372 c.Check(s.FakeConn.Calls[1].Firewall, jc.DeepEquals, &compute.Firewall{ 373 Name: "spam", 374 TargetTags: []string{"spam"}, 375 SourceRanges: []string{"0.0.0.0/0"}, 376 Allowed: []*compute.FirewallAllowed{{ 377 IPProtocol: "tcp", 378 Ports: []string{"100-120"}, 379 }}, 380 }) 381 } 382 383 func (s *connSuite) TestConnectionClosePortsRemoveCIDR(c *gc.C) { 384 s.FakeConn.Firewalls = []*compute.Firewall{{ 385 Name: "glass-onion", 386 TargetTags: []string{"spam"}, 387 SourceRanges: []string{"192.168.1.0/24", "10.0.0.0/24"}, 388 Allowed: []*compute.FirewallAllowed{{ 389 IPProtocol: "tcp", 390 Ports: []string{"80-81", "443"}, 391 }}, 392 }} 393 394 rule := network.MustNewIngressRule("tcp", 443, 443, "192.168.1.0/24") 395 rule2 := network.MustNewIngressRule("tcp", 80, 81, "192.168.1.0/24") 396 err := s.Conn.ClosePorts("spam", rule, rule2) 397 c.Assert(err, jc.ErrorIsNil) 398 399 c.Check(s.FakeConn.Calls, gc.HasLen, 2) 400 c.Check(s.FakeConn.Calls[0].FuncName, gc.Equals, "GetFirewalls") 401 c.Check(s.FakeConn.Calls[1].FuncName, gc.Equals, "UpdateFirewall") 402 sort.Strings(s.FakeConn.Calls[1].Firewall.Allowed[0].Ports) 403 c.Check(s.FakeConn.Calls[1].Firewall, jc.DeepEquals, &compute.Firewall{ 404 Name: "glass-onion", 405 TargetTags: []string{"spam"}, 406 SourceRanges: []string{"10.0.0.0/24"}, 407 Allowed: []*compute.FirewallAllowed{{ 408 IPProtocol: "tcp", 409 Ports: []string{"443", "80-81"}, 410 }}, 411 }) 412 } 413 414 func (s *connSuite) TestConnectionCloseMoMatches(c *gc.C) { 415 s.FakeConn.Firewalls = []*compute.Firewall{{ 416 Name: "spam", 417 TargetTags: []string{"spam"}, 418 SourceRanges: []string{"0.0.0.0/0"}, 419 Allowed: []*compute.FirewallAllowed{{ 420 IPProtocol: "tcp", 421 Ports: []string{"80-81", "443"}, 422 }}, 423 }} 424 425 rule := network.MustNewIngressRule("tcp", 100, 110, "192.168.0.1/24") 426 err := s.Conn.ClosePorts("spam", rule) 427 c.Assert(err, gc.ErrorMatches, regexp.QuoteMeta(`closing port(s) [100-110/tcp from 192.168.0.1/24] over non-matching rules not supported`)) 428 429 c.Check(s.FakeConn.Calls, gc.HasLen, 1) 430 c.Check(s.FakeConn.Calls[0].FuncName, gc.Equals, "GetFirewalls") 431 } 432 433 func (s *connSuite) TestNetworks(c *gc.C) { 434 s.FakeConn.Networks = []*compute.Network{{ 435 Name: "kamar-taj", 436 }} 437 results, err := s.Conn.Networks() 438 c.Assert(err, jc.ErrorIsNil) 439 c.Assert(results, gc.HasLen, 1) 440 c.Assert((*results[0]).Name, gc.Equals, "kamar-taj") 441 442 c.Check(s.FakeConn.Calls, gc.HasLen, 1) 443 c.Check(s.FakeConn.Calls[0].FuncName, gc.Equals, "ListNetworks") 444 c.Check(s.FakeConn.Calls[0].ProjectID, gc.Equals, "spam") 445 } 446 447 func (s *connSuite) TestSubnetworks(c *gc.C) { 448 s.FakeConn.Subnetworks = []*compute.Subnetwork{{ 449 Name: "heptapod", 450 }} 451 results, err := s.Conn.Subnetworks("us-central1") 452 c.Assert(err, jc.ErrorIsNil) 453 c.Assert(results, gc.HasLen, 1) 454 c.Assert((*results[0]).Name, gc.Equals, "heptapod") 455 456 c.Check(s.FakeConn.Calls, gc.HasLen, 1) 457 c.Check(s.FakeConn.Calls[0].FuncName, gc.Equals, "ListSubnetworks") 458 c.Check(s.FakeConn.Calls[0].ProjectID, gc.Equals, "spam") 459 c.Check(s.FakeConn.Calls[0].Region, gc.Equals, "us-central1") 460 } 461 462 func (s *connSuite) TestRandomSuffixNamer(c *gc.C) { 463 ruleset := google.NewRuleSetFromRules( 464 network.MustNewIngressRule("tcp", 80, 80), 465 network.MustNewIngressRule("tcp", 80, 90, "10.0.10.0/24"), 466 ) 467 i := 0 468 for _, firewall := range ruleset { 469 i++ 470 c.Logf("%#v", *firewall) 471 name, err := google.RandomSuffixNamer(firewall, "mischief", set.NewStrings()) 472 c.Assert(err, jc.ErrorIsNil) 473 if firewall.SourceCIDRs[0] == "0.0.0.0/0" { 474 c.Assert(name, gc.Equals, "mischief") 475 } else { 476 c.Assert(name, gc.Matches, "mischief-[0-9a-f]{8}") 477 } 478 } 479 c.Assert(i, gc.Equals, 2) 480 }