github.com/niedbalski/juju@v0.0.0-20190215020005-8ff100488e47/provider/oracle/testing/fakefirewall.go (about) 1 // Copyright 2017 Canonical Ltd. 2 // Licensed under the AGPLv3, see LICENCE file for details. 3 4 package testing 5 6 import ( 7 "github.com/juju/go-oracle-cloud/api" 8 "github.com/juju/go-oracle-cloud/common" 9 "github.com/juju/go-oracle-cloud/response" 10 11 "github.com/juju/juju/provider/oracle/network" 12 ) 13 14 // FakeRules implement common.RuleAPI interface 15 type FakeRules struct { 16 All response.AllSecRules 17 AllErr error 18 Create response.SecRule 19 CreateErr error 20 DeleteErr error 21 } 22 23 var _ network.FirewallerAPI = (*FakeFirewallAPI)(nil) 24 25 func (f FakeRules) AllSecRules([]api.Filter) (response.AllSecRules, error) { 26 return f.All, f.AllErr 27 } 28 func (f FakeRules) CreateSecRule(api.SecRuleParams) (response.SecRule, error) { 29 return f.Create, f.CreateErr 30 } 31 func (f FakeRules) DeleteSecRule(name string) error { 32 return f.DeleteErr 33 } 34 35 // FakeAcl implements the common.AclAPI interface 36 type FakeAcl struct { 37 Acls response.AllAcls 38 Acl response.Acl 39 AclErr error 40 Create response.Acl 41 CreateErr error 42 DeleteErr error 43 } 44 45 func (f FakeAcl) AclDetails(string) (response.Acl, error) { 46 return f.Acl, f.AclErr 47 } 48 49 func (f FakeAcl) CreateAcl(string, string, bool, []string) (response.Acl, error) { 50 return f.Create, f.CreateErr 51 } 52 53 func (f FakeAcl) DeleteAcl(string) error { 54 return f.DeleteErr 55 } 56 57 func (f FakeAcl) AllAcls([]api.Filter) (response.AllAcls, error) { 58 return f.Acls, nil 59 } 60 61 // FakeSecIp implements common.SecIpAPI interface 62 type FakeSecIp struct { 63 All response.AllSecIpLists 64 AllErr error 65 Create response.SecIpList 66 CreateErr error 67 AllDefault response.AllSecIpLists 68 AllDefaultErr error 69 } 70 71 func (f FakeSecIp) AllSecIpLists([]api.Filter) (response.AllSecIpLists, error) { 72 return f.All, f.AllErr 73 } 74 75 func (f FakeSecIp) CreateSecIpList(string, string, []string) (response.SecIpList, error) { 76 return f.Create, f.CreateErr 77 } 78 func (f FakeSecIp) AllDefaultSecIpLists([]api.Filter) (response.AllSecIpLists, error) { 79 return f.AllDefault, f.AllDefaultErr 80 } 81 82 // FakeIpAddressPrefixSet type implements the common.IpAddressPrefixSetAPI interface 83 type FakeIpAddressprefixSet struct { 84 Create response.IpAddressPrefixSet 85 CreateErr error 86 All response.AllIpAddressPrefixSets 87 AllErr error 88 } 89 90 func (f FakeIpAddressprefixSet) CreateIpAddressPrefixSet( 91 api.IpAddressPrefixSetParams) (response.IpAddressPrefixSet, error) { 92 return f.Create, f.CreateErr 93 } 94 95 func (f FakeIpAddressprefixSet) AllIpAddressPrefixSets( 96 []api.Filter, 97 ) (response.AllIpAddressPrefixSets, error) { 98 return f.All, f.AllErr 99 } 100 101 // FakeSecList implement the common.SecListAPI interface 102 type FakeSecList struct { 103 SecList response.SecList 104 SecListErr error 105 DeleteErr error 106 Create response.SecList 107 CreateErr error 108 } 109 110 func (f FakeSecList) SecListDetails(string) (response.SecList, error) { 111 return f.SecList, f.SecListErr 112 } 113 func (f FakeSecList) DeleteSecList(string) error { 114 return f.DeleteErr 115 } 116 func (f FakeSecList) CreateSecList(string, string, common.SecRuleAction, common.SecRuleAction) (response.SecList, error) { 117 return f.Create, f.CreateErr 118 } 119 120 // type FakeSecRules imeplements the common.SecRulesAPI interface 121 type FakeSecRules struct { 122 All response.AllSecurityRules 123 AllErr error 124 DeleteErr error 125 Create response.SecurityRule 126 CreateErr error 127 } 128 129 func (f FakeSecRules) AllSecurityRules([]api.Filter) (response.AllSecurityRules, error) { 130 return f.All, f.AllErr 131 } 132 func (f FakeSecRules) DeleteSecurityRule(string) error { 133 return f.DeleteErr 134 } 135 func (f FakeSecRules) CreateSecurityRule( 136 api.SecurityRuleParams, 137 ) (response.SecurityRule, error) { 138 return f.Create, f.CreateErr 139 } 140 141 // FakeApplications type implements the common.ApplicationsAPI 142 type FakeApplication struct { 143 All response.AllSecApplications 144 AllErr error 145 Default response.AllSecApplications 146 DefaultErr error 147 Create response.SecApplication 148 CreateErr error 149 } 150 151 func (f FakeApplication) AllSecApplications([]api.Filter) (response.AllSecApplications, error) { 152 return f.All, f.AllErr 153 } 154 155 func (f FakeApplication) DefaultSecApplications([]api.Filter) (response.AllSecApplications, error) { 156 return f.Default, f.DefaultErr 157 } 158 159 func (f FakeApplication) CreateSecApplication(api.SecApplicationParams) (response.SecApplication, error) { 160 return f.Create, f.CreateErr 161 } 162 163 type FakeAssociation struct { 164 All response.AllSecAssociations 165 AllErr error 166 } 167 168 func (f FakeAssociation) AllSecAssociations([]api.Filter) (response.AllSecAssociations, error) { 169 return f.All, f.AllErr 170 } 171 172 // FakeFirewallAPI used to mock the internal Firewaller implementation 173 // This type implements the network.FirewallerAPI interface 174 type FakeFirewallAPI struct { 175 FakeComposer 176 FakeRules 177 FakeAcl 178 FakeSecIp 179 FakeIpAddressprefixSet 180 FakeSecList 181 FakeSecRules 182 FakeApplication 183 FakeAssociation 184 } 185 186 var ( 187 DefaultFakeRules = FakeRules{ 188 All: response.AllSecRules{ 189 Result: []response.SecRule{ 190 { 191 Action: common.SecRulePermit, 192 Application: "/Compute-acme/jack.jones@example.com/video_streaming_udp", 193 Name: "/Compute-acme/jack.jones@example.com/es_to_videoservers_stream", 194 Dst_list: "seclist:/Compute-acme/jack.jones@example.com/allowed_video_servers", 195 Src_list: "seciplist:/Compute-acme/jack.jones@example.com/es_iplist", 196 Uri: "https://api-z999.compute.us0.oraclecloud.com/secrule/Compute-acme/jack.jones@example.com/es_to_videoservers_stream", 197 Src_is_ip: "true", 198 Dst_is_ip: "false", 199 }, 200 }, 201 }, 202 AllErr: nil, 203 } 204 205 DefaultSecApplications = FakeApplication{ 206 All: response.AllSecApplications{ 207 Result: []response.SecApplication{ 208 { 209 Description: "Juju created security application", 210 Dport: "17070", 211 Icmpcode: "", 212 Icmptype: "", 213 Name: "/Compute-a432100/sgiulitti@cloudbase.com/juju-72324bcb-e837-4542-8867-844282af22e3-7993630e-d13b-43a3-850e-a1778c7e394e", 214 Protocol: "tcp", 215 Uri: "https://compute.uscom-central-1.oraclecloud.com/secapplication/Compute-a432100/sgiulitti%40cloudbase.com/juju-72324bcb-e837-4542-8867-844282af22e3-7993630e-d13b-43a3-850e-a1778c7e394e", 216 Value1: 17070, 217 Value2: -1, 218 Id: "1869cb17-5b12-49c5-a09a-046da8899bc9", 219 }, 220 { 221 Description: "Juju created security application", 222 Dport: "37017", 223 Icmpcode: "", 224 Icmptype: "", 225 Name: "/Compute-a432100/sgiulitti@cloudbase.com/juju-72324bcb-e837-4542-8867-844282af22e3-ef8a7955-4315-47a2-83c1-8d2978ab77c7", 226 Protocol: "tcp", 227 Uri: "https://compute.uscom-central-1.oraclecloud.com/secapplication/Compute-a432100/sgiulitti%40cloudbase.com/juju-72324bcb-e837-4542-8867-844282af22e3-ef8a7955-4315-47a2-83c1-8d2978ab77c7", 228 Value1: 37017, 229 Value2: -1, 230 Id: "cbefdac0-7684-4f81-a575-825c175aa7b4", 231 }, 232 }, 233 }, 234 AllErr: nil, 235 Default: response.AllSecApplications{ 236 Result: []response.SecApplication{ 237 { 238 Description: "", 239 Dport: "", 240 Icmpcode: "", 241 Icmptype: "", 242 Name: "/oracle/public/all", 243 Protocol: "all", 244 Uri: "https://compute.uscom-central-1.oraclecloud.com/secapplication/oracle/public/all", 245 Value1: 0, 246 Value2: 0, 247 Id: "381c2267-1b38-4bbd-b53d-5149deddb094", 248 }, 249 { 250 Description: "", 251 Dport: "", 252 Icmpcode: "", 253 Icmptype: "echo", 254 Name: "/oracle/public/pings", 255 Protocol: "icmp", 256 Uri: "https://compute.uscom-central-1.oraclecloud.com/secapplication/oracle/public/pings", 257 Value1: 8, 258 Value2: 0, 259 Id: "57b0350b-2f02-4a2d-b5ec-cf731de36027", 260 }, 261 { 262 Description: "", 263 Dport: "", 264 Icmpcode: "", 265 Icmptype: "", 266 Name: "/oracle/public/icmp", 267 Protocol: "icmp", 268 Uri: "https://compute.uscom-central-1.oraclecloud.com/secapplication/oracle/public/icmp", 269 Value1: 255, 270 Value2: 255, 271 Id: "abb27ccd-1872-48f9-86ef-38c72d6f8a38", 272 }, 273 { 274 Description: "", 275 Dport: "", 276 Icmpcode: "", 277 Icmptype: "reply", 278 Name: "/oracle/public/ping-reply", 279 Protocol: "icmp", 280 Uri: "https://compute.uscom-central-1.oraclecloud.com/secapplication/oracle/public/ping-reply", 281 Value1: 0, 282 Value2: 0, 283 Id: "3ad808d4-b740-42c1-805c-57feb7c96d40", 284 }, 285 { 286 Description: "", 287 Dport: "3306", 288 Icmpcode: "", 289 Icmptype: "", 290 Name: "/oracle/public/mysql", 291 Protocol: "tcp", 292 Uri: "https://compute.uscom-central-1.oraclecloud.com/secapplication/oracle/public/mysql", 293 Value1: 3306, 294 Value2: -1, 295 Id: "2fb5eaff-3127-4334-8b03-367a44bb83bd", 296 }, 297 { 298 Description: "", 299 Dport: "22", 300 Icmpcode: "", 301 Icmptype: "", 302 Name: "/oracle/public/ssh", 303 Protocol: "tcp", 304 Uri: "https://compute.uscom-central-1.oraclecloud.com/secapplication/oracle/public/ssh", 305 Value1: 22, Value2: -1, 306 Id: "5f027043-f6b3-4e1a-b9fa-a10d075744de", 307 }, 308 }, 309 }, 310 DefaultErr: nil, 311 } 312 313 DefaultSecIp = FakeSecIp{ 314 All: response.AllSecIpLists{ 315 Result: []response.SecIpList{ 316 { 317 Description: nil, 318 Name: "/oracle/public/site", 319 Secipentries: []string{ 320 "10.60.32.128/26", 321 "10.60.32.0/26", 322 "10.60.37.0/26", 323 "10.60.33.0/26", 324 "10.60.36.128/26", 325 "10.60.36.0/26", 326 }, 327 Uri: "https://compute.uscom-central-1.oraclecloud.com/seciplist/oracle/public/site", 328 Group_id: "1003", 329 Id: "492ad26e-4c86-44bb-a439-535614d25f56", 330 }, 331 { 332 Description: nil, 333 Name: "/oracle/public/paas-infra", 334 Secipentries: []string{ 335 "10.199.34.192/26", 336 "160.34.15.48/29", 337 "100.64.0.0/24", 338 }, 339 Uri: "https://compute.uscom-central-1.oraclecloud.com/seciplist/oracle/public/paas-infra", 340 Group_id: "1006", 341 Id: "a671b8b6-2422-45ef-84fc-c65010f0c1a5", 342 }, 343 { 344 Description: nil, 345 Name: "/oracle/public/instance", 346 Secipentries: []string{ 347 "10.31.0.0/19", 348 "10.2.0.0/26", 349 "10.16.0.0/19", 350 "10.31.32.0/19", 351 "10.16.64.0/19", 352 "10.16.32.0/19", 353 "10.16.128.0/19", 354 "10.16.160.0/19", 355 "10.16.192.0/19", 356 "10.16.224.0/19", 357 "10.28.192.0/19", 358 "10.28.224.0/19", 359 }, 360 Uri: "https://compute.uscom-central-1.oraclecloud.com/seciplist/oracle/public/instance", 361 Group_id: "1004", 362 Id: "5c3a5100-ced7-43f8-a5cd-10dce263db33", 363 }, 364 { 365 Description: nil, 366 Name: "/oracle/public/public-internet", 367 Secipentries: []string{"0.0.0.0/0"}, 368 Uri: "https://compute.uscom-central-1.oraclecloud.com/seciplist/oracle/public/public-internet", 369 Group_id: "1002", 370 Id: "26fc6f14-4c3c-4059-a813-8a76ff141a0b", 371 }, 372 }, 373 }, 374 AllErr: nil, 375 } 376 377 DefaultFakeSecList = FakeSecList{ 378 SecList: response.SecList{ 379 Account: "/Compute-acme/default", 380 Name: "/Compute-acme/jack.jones@example.com/allowed_video_servers", 381 Uri: "https://api-z999.compute.us0.oraclecloud.com/seclist/Compute-acme/jack.jones@example.com/allowed_video_servers", 382 Outbound_cidr_policy: "PERMIT", 383 Policy: common.SecRulePermit, 384 }, 385 SecListErr: nil, 386 Create: response.SecList{ 387 Account: "/Compute-acme/default", 388 Name: "/Compute-acme/jack.jones@example.com/allowed_video_servers", 389 Uri: "https://api-z999.compute.us0.oraclecloud.com/seclist/Compute-acme/jack.jones@example.com/allowed_video_servers", 390 Outbound_cidr_policy: "PERMIT", 391 Policy: common.SecRuleDeny, 392 }, 393 CreateErr: nil, 394 } 395 396 DefaultFakeAssociation = FakeAssociation{ 397 All: response.AllSecAssociations{ 398 Result: []response.SecAssociation{ 399 { 400 Name: "/Compute-a432100/sgiulitti@cloudbase.com/faa46f2e-28c9-4500-b060-0997717540a6/9e5c3f31-1769-46b6-bdc3-b8f3db0f0479", 401 Seclist: "/Compute-a432100/default/default", 402 Vcable: "/Compute-a432100/sgiulitti@cloudbase.com/faa46f2e-28c9-4500-b060-0997717540a6", 403 Uri: "https://compute.uscom-central-1.oraclecloud.com/secassociation/Compute-a432100/sgiulitti%40cloudbase.com/faa46f2e-28c9-4500-b060-0997717540a6/9e5c3f31-1769-46b6-bdc3-b8f3db0f0479", 404 }, 405 }, 406 }, 407 AllErr: nil, 408 } 409 410 DefaultFakeAcl = FakeAcl{ 411 Acl: response.Acl{ 412 Name: "/Compute-a432100/gsamfira@cloudbase.com/juju-b3329a64-58f5-416c-85f7-e24de0beb979-0", 413 Description: "ACL for machine 0", 414 EnableFlag: false, 415 Tags: []string{}, 416 Uri: "https://compute.uscom-central-1.oraclecloud.com:443/network/v1/acl/Compute-a432100/gsamfira@cloudbase.com/juju-b3329a64-58f5-416c-85f7-e24de0beb979-0", 417 }, 418 AclErr: nil, 419 Create: response.Acl{ 420 Name: "/Compute-a432100/gsamfira@cloudbase.com/juju-b3329a64-58f5-416c-85f7-e24de0beb979-0", 421 Description: "ACL for machine 0", 422 EnableFlag: false, 423 Tags: []string{}, 424 Uri: "https://compute.uscom-central-1.oraclecloud.com:443/network/v1/acl/Compute-a432100/gsamfira@cloudbase.com/juju-b3329a64-58f5-416c-85f7-e24de0beb979-0", 425 }, 426 } 427 428 DefaultFakeSecrules = FakeSecRules{ 429 All: response.AllSecurityRules{}, 430 AllErr: nil, 431 Create: response.SecurityRule{ 432 Name: "/Compute-acme/jack.jones@example.com/secrule1", 433 Uri: "https://api-z999.compute.us0.oraclecloud.com:443/network/v1/secrule/Compute-acme/jack.jones@example.com/secrule1", 434 Description: "Sample security rule", 435 Tags: nil, 436 Acl: "/Compute-acme/jack.jones@example.com/acl1", 437 FlowDirection: common.Egress, 438 SrcVnicSet: "/Compute-acme/jack.jones@example.com/vnicset1", 439 DstVnicSet: "/Compute-acme/jack.jones@example.com/vnicset2", 440 SrcIpAddressPrefixSets: []string{"/Compute-acme/jack.jones@example.com/ipaddressprefixset1"}, 441 DstIpAddressPrefixSets: nil, 442 SecProtocols: []string{"/Compute-acme/jack.jones@example.com/secprotocol1"}, 443 EnabledFlag: true, 444 }, 445 } 446 447 DefaultFakeFirewallAPI = &FakeFirewallAPI{ 448 FakeComposer: FakeComposer{ 449 Compose: "/Compute-acme/jack.jones@example.com/allowed_video_servers", 450 }, 451 FakeRules: DefaultFakeRules, 452 FakeApplication: DefaultSecApplications, 453 FakeSecIp: DefaultSecIp, 454 FakeSecList: DefaultFakeSecList, 455 FakeAssociation: DefaultFakeAssociation, 456 FakeAcl: DefaultFakeAcl, 457 FakeSecRules: DefaultFakeSecrules, 458 } 459 )