launchpad.net/~rogpeppe/juju-core/500-errgo-fix@v0.0.0-20140213181702-000000002356/worker/firewaller/firewaller_test.go (about) 1 // Copyright 2012, 2013 Canonical Ltd. 2 // Licensed under the AGPLv3, see LICENCE file for details. 3 4 package firewaller_test 5 6 import ( 7 gc "launchpad.net/gocheck" 8 "reflect" 9 stdtesting "testing" 10 "time" 11 12 "launchpad.net/juju-core/environs/config" 13 "launchpad.net/juju-core/instance" 14 "launchpad.net/juju-core/juju" 15 "launchpad.net/juju-core/juju/testing" 16 "launchpad.net/juju-core/provider/dummy" 17 "launchpad.net/juju-core/state" 18 "launchpad.net/juju-core/state/api" 19 apifirewaller "launchpad.net/juju-core/state/api/firewaller" 20 coretesting "launchpad.net/juju-core/testing" 21 "launchpad.net/juju-core/utils" 22 "launchpad.net/juju-core/worker" 23 "launchpad.net/juju-core/worker/firewaller" 24 ) 25 26 func TestPackage(t *stdtesting.T) { 27 coretesting.MgoTestPackage(t) 28 } 29 30 type FirewallerSuite struct { 31 testing.JujuConnSuite 32 op <-chan dummy.Operation 33 charm *state.Charm 34 35 st *api.State 36 firewaller *apifirewaller.State 37 } 38 39 var _ worker.Worker = (*firewaller.Firewaller)(nil) 40 41 // assertPorts retrieves the open ports of the instance and compares them 42 // to the expected. 43 func (s *FirewallerSuite) assertPorts(c *gc.C, inst instance.Instance, machineId string, expected []instance.Port) { 44 s.BackingState.StartSync() 45 start := time.Now() 46 for { 47 got, err := inst.Ports(machineId) 48 if err != nil { 49 c.Fatal(err) 50 return 51 } 52 instance.SortPorts(got) 53 instance.SortPorts(expected) 54 if reflect.DeepEqual(got, expected) { 55 c.Succeed() 56 return 57 } 58 if time.Since(start) > coretesting.LongWait { 59 c.Fatalf("timed out: expected %q; got %q", expected, got) 60 return 61 } 62 time.Sleep(coretesting.ShortWait) 63 } 64 } 65 66 // assertEnvironPorts retrieves the open ports of environment and compares them 67 // to the expected. 68 func (s *FirewallerSuite) assertEnvironPorts(c *gc.C, expected []instance.Port) { 69 s.BackingState.StartSync() 70 start := time.Now() 71 for { 72 got, err := s.Conn.Environ.Ports() 73 if err != nil { 74 c.Fatal(err) 75 return 76 } 77 instance.SortPorts(got) 78 instance.SortPorts(expected) 79 if reflect.DeepEqual(got, expected) { 80 c.Succeed() 81 return 82 } 83 if time.Since(start) > coretesting.LongWait { 84 c.Fatalf("timed out: expected %q; got %q", expected, got) 85 return 86 } 87 time.Sleep(coretesting.ShortWait) 88 } 89 } 90 91 var _ = gc.Suite(&FirewallerSuite{}) 92 93 func (s *FirewallerSuite) SetUpTest(c *gc.C) { 94 s.JujuConnSuite.SetUpTest(c) 95 s.charm = s.AddTestingCharm(c, "dummy") 96 97 // Create a manager machine and login to the API. 98 machine, err := s.State.AddMachine("quantal", state.JobManageEnviron) 99 c.Assert(err, gc.IsNil) 100 password, err := utils.RandomPassword() 101 c.Assert(err, gc.IsNil) 102 err = machine.SetPassword(password) 103 c.Assert(err, gc.IsNil) 104 err = machine.SetProvisioned("i-manager", "fake_nonce", nil) 105 c.Assert(err, gc.IsNil) 106 s.st = s.OpenAPIAsMachine(c, machine.Tag(), password, "fake_nonce") 107 c.Assert(s.st, gc.NotNil) 108 109 // Create the firewaller API facade. 110 s.firewaller = s.st.Firewaller() 111 c.Assert(s.firewaller, gc.NotNil) 112 } 113 114 func (s *FirewallerSuite) TestStartStop(c *gc.C) { 115 fw, err := firewaller.NewFirewaller(s.firewaller) 116 c.Assert(err, gc.IsNil) 117 c.Assert(fw.Stop(), gc.IsNil) 118 } 119 120 func (s *FirewallerSuite) addUnit(c *gc.C, svc *state.Service) (*state.Unit, *state.Machine) { 121 units, err := juju.AddUnits(s.State, svc, 1, "") 122 c.Assert(err, gc.IsNil) 123 u := units[0] 124 id, err := u.AssignedMachineId() 125 c.Assert(err, gc.IsNil) 126 m, err := s.State.Machine(id) 127 c.Assert(err, gc.IsNil) 128 return u, m 129 } 130 131 func (s *FirewallerSuite) setGlobalMode(c *gc.C) { 132 // TODO(rog) This should not be possible - you shouldn't 133 // be able to set the firewalling mode after an environment 134 // has bootstrapped. 135 oldConfig := s.Conn.Environ.Config() 136 attrs := oldConfig.AllAttrs() 137 delete(attrs, "admin-secret") 138 delete(attrs, "ca-private-key") 139 attrs["firewall-mode"] = config.FwGlobal 140 newConfig, err := config.New(config.NoDefaults, attrs) 141 c.Assert(err, gc.IsNil) 142 err = s.State.SetEnvironConfig(newConfig, oldConfig) 143 c.Assert(err, gc.IsNil) 144 err = s.Conn.Environ.SetConfig(newConfig) 145 c.Assert(err, gc.IsNil) 146 } 147 148 // startInstance starts a new instance for the given machine. 149 func (s *FirewallerSuite) startInstance(c *gc.C, m *state.Machine) instance.Instance { 150 inst, hc := testing.AssertStartInstance(c, s.Conn.Environ, m.Id()) 151 err := m.SetProvisioned(inst.Id(), "fake_nonce", hc) 152 c.Assert(err, gc.IsNil) 153 return inst 154 } 155 156 func (s *FirewallerSuite) TestNotExposedService(c *gc.C) { 157 fw, err := firewaller.NewFirewaller(s.firewaller) 158 c.Assert(err, gc.IsNil) 159 defer func() { c.Assert(fw.Stop(), gc.IsNil) }() 160 161 svc := s.AddTestingService(c, "wordpress", s.charm) 162 u, m := s.addUnit(c, svc) 163 inst := s.startInstance(c, m) 164 165 err = u.OpenPort("tcp", 80) 166 c.Assert(err, gc.IsNil) 167 err = u.OpenPort("tcp", 8080) 168 c.Assert(err, gc.IsNil) 169 170 s.assertPorts(c, inst, m.Id(), nil) 171 172 err = u.ClosePort("tcp", 80) 173 c.Assert(err, gc.IsNil) 174 175 s.assertPorts(c, inst, m.Id(), nil) 176 } 177 178 func (s *FirewallerSuite) TestExposedService(c *gc.C) { 179 fw, err := firewaller.NewFirewaller(s.firewaller) 180 c.Assert(err, gc.IsNil) 181 defer func() { c.Assert(fw.Stop(), gc.IsNil) }() 182 183 svc := s.AddTestingService(c, "wordpress", s.charm) 184 185 err = svc.SetExposed() 186 c.Assert(err, gc.IsNil) 187 u, m := s.addUnit(c, svc) 188 inst := s.startInstance(c, m) 189 190 err = u.OpenPort("tcp", 80) 191 c.Assert(err, gc.IsNil) 192 err = u.OpenPort("tcp", 8080) 193 c.Assert(err, gc.IsNil) 194 195 s.assertPorts(c, inst, m.Id(), []instance.Port{{"tcp", 80}, {"tcp", 8080}}) 196 197 err = u.ClosePort("tcp", 80) 198 c.Assert(err, gc.IsNil) 199 200 s.assertPorts(c, inst, m.Id(), []instance.Port{{"tcp", 8080}}) 201 } 202 203 func (s *FirewallerSuite) TestMultipleExposedServices(c *gc.C) { 204 fw, err := firewaller.NewFirewaller(s.firewaller) 205 c.Assert(err, gc.IsNil) 206 defer func() { c.Assert(fw.Stop(), gc.IsNil) }() 207 208 svc1 := s.AddTestingService(c, "wordpress", s.charm) 209 err = svc1.SetExposed() 210 c.Assert(err, gc.IsNil) 211 212 u1, m1 := s.addUnit(c, svc1) 213 inst1 := s.startInstance(c, m1) 214 err = u1.OpenPort("tcp", 80) 215 c.Assert(err, gc.IsNil) 216 err = u1.OpenPort("tcp", 8080) 217 c.Assert(err, gc.IsNil) 218 219 svc2 := s.AddTestingService(c, "mysql", s.charm) 220 c.Assert(err, gc.IsNil) 221 err = svc2.SetExposed() 222 c.Assert(err, gc.IsNil) 223 224 u2, m2 := s.addUnit(c, svc2) 225 inst2 := s.startInstance(c, m2) 226 err = u2.OpenPort("tcp", 3306) 227 c.Assert(err, gc.IsNil) 228 229 s.assertPorts(c, inst1, m1.Id(), []instance.Port{{"tcp", 80}, {"tcp", 8080}}) 230 s.assertPorts(c, inst2, m2.Id(), []instance.Port{{"tcp", 3306}}) 231 232 err = u1.ClosePort("tcp", 80) 233 c.Assert(err, gc.IsNil) 234 err = u2.ClosePort("tcp", 3306) 235 c.Assert(err, gc.IsNil) 236 237 s.assertPorts(c, inst1, m1.Id(), []instance.Port{{"tcp", 8080}}) 238 s.assertPorts(c, inst2, m2.Id(), nil) 239 } 240 241 func (s *FirewallerSuite) TestMachineWithoutInstanceId(c *gc.C) { 242 fw, err := firewaller.NewFirewaller(s.firewaller) 243 c.Assert(err, gc.IsNil) 244 defer func() { c.Assert(fw.Stop(), gc.IsNil) }() 245 246 svc := s.AddTestingService(c, "wordpress", s.charm) 247 err = svc.SetExposed() 248 c.Assert(err, gc.IsNil) 249 // add a unit but don't start its instance yet. 250 u1, m1 := s.addUnit(c, svc) 251 252 // add another unit and start its instance, so that 253 // we're sure the firewaller has seen the first instance. 254 u2, m2 := s.addUnit(c, svc) 255 inst2 := s.startInstance(c, m2) 256 err = u2.OpenPort("tcp", 80) 257 c.Assert(err, gc.IsNil) 258 s.assertPorts(c, inst2, m2.Id(), []instance.Port{{"tcp", 80}}) 259 260 inst1 := s.startInstance(c, m1) 261 err = u1.OpenPort("tcp", 8080) 262 c.Assert(err, gc.IsNil) 263 s.assertPorts(c, inst1, m1.Id(), []instance.Port{{"tcp", 8080}}) 264 } 265 266 func (s *FirewallerSuite) TestMultipleUnits(c *gc.C) { 267 fw, err := firewaller.NewFirewaller(s.firewaller) 268 c.Assert(err, gc.IsNil) 269 defer func() { c.Assert(fw.Stop(), gc.IsNil) }() 270 271 svc := s.AddTestingService(c, "wordpress", s.charm) 272 err = svc.SetExposed() 273 c.Assert(err, gc.IsNil) 274 275 u1, m1 := s.addUnit(c, svc) 276 inst1 := s.startInstance(c, m1) 277 err = u1.OpenPort("tcp", 80) 278 c.Assert(err, gc.IsNil) 279 280 u2, m2 := s.addUnit(c, svc) 281 inst2 := s.startInstance(c, m2) 282 err = u2.OpenPort("tcp", 80) 283 c.Assert(err, gc.IsNil) 284 285 s.assertPorts(c, inst1, m1.Id(), []instance.Port{{"tcp", 80}}) 286 s.assertPorts(c, inst2, m2.Id(), []instance.Port{{"tcp", 80}}) 287 288 err = u1.ClosePort("tcp", 80) 289 c.Assert(err, gc.IsNil) 290 err = u2.ClosePort("tcp", 80) 291 c.Assert(err, gc.IsNil) 292 293 s.assertPorts(c, inst1, m1.Id(), nil) 294 s.assertPorts(c, inst2, m2.Id(), nil) 295 } 296 297 func (s *FirewallerSuite) TestStartWithState(c *gc.C) { 298 svc := s.AddTestingService(c, "wordpress", s.charm) 299 err := svc.SetExposed() 300 c.Assert(err, gc.IsNil) 301 u, m := s.addUnit(c, svc) 302 inst := s.startInstance(c, m) 303 304 err = u.OpenPort("tcp", 80) 305 c.Assert(err, gc.IsNil) 306 err = u.OpenPort("tcp", 8080) 307 c.Assert(err, gc.IsNil) 308 309 // Nothing open without firewaller. 310 s.assertPorts(c, inst, m.Id(), nil) 311 312 // Starting the firewaller opens the ports. 313 fw, err := firewaller.NewFirewaller(s.firewaller) 314 c.Assert(err, gc.IsNil) 315 defer func() { c.Assert(fw.Stop(), gc.IsNil) }() 316 317 s.assertPorts(c, inst, m.Id(), []instance.Port{{"tcp", 80}, {"tcp", 8080}}) 318 319 err = svc.SetExposed() 320 c.Assert(err, gc.IsNil) 321 } 322 323 func (s *FirewallerSuite) TestStartWithPartialState(c *gc.C) { 324 m, err := s.State.AddMachine("quantal", state.JobHostUnits) 325 c.Assert(err, gc.IsNil) 326 inst := s.startInstance(c, m) 327 328 svc := s.AddTestingService(c, "wordpress", s.charm) 329 err = svc.SetExposed() 330 c.Assert(err, gc.IsNil) 331 332 // Starting the firewaller, no open ports. 333 fw, err := firewaller.NewFirewaller(s.firewaller) 334 c.Assert(err, gc.IsNil) 335 defer func() { c.Assert(fw.Stop(), gc.IsNil) }() 336 337 s.assertPorts(c, inst, m.Id(), nil) 338 339 // Complete steps to open port. 340 u, err := svc.AddUnit() 341 c.Assert(err, gc.IsNil) 342 err = u.AssignToMachine(m) 343 c.Assert(err, gc.IsNil) 344 err = u.OpenPort("tcp", 80) 345 c.Assert(err, gc.IsNil) 346 347 s.assertPorts(c, inst, m.Id(), []instance.Port{{"tcp", 80}}) 348 } 349 350 func (s *FirewallerSuite) TestStartWithUnexposedService(c *gc.C) { 351 m, err := s.State.AddMachine("quantal", state.JobHostUnits) 352 c.Assert(err, gc.IsNil) 353 inst := s.startInstance(c, m) 354 355 svc := s.AddTestingService(c, "wordpress", s.charm) 356 u, err := svc.AddUnit() 357 c.Assert(err, gc.IsNil) 358 err = u.AssignToMachine(m) 359 c.Assert(err, gc.IsNil) 360 err = u.OpenPort("tcp", 80) 361 c.Assert(err, gc.IsNil) 362 363 // Starting the firewaller, no open ports. 364 fw, err := firewaller.NewFirewaller(s.firewaller) 365 c.Assert(err, gc.IsNil) 366 defer func() { c.Assert(fw.Stop(), gc.IsNil) }() 367 368 s.assertPorts(c, inst, m.Id(), nil) 369 370 // Expose service. 371 err = svc.SetExposed() 372 c.Assert(err, gc.IsNil) 373 s.assertPorts(c, inst, m.Id(), []instance.Port{{"tcp", 80}}) 374 } 375 376 func (s *FirewallerSuite) TestSetClearExposedService(c *gc.C) { 377 fw, err := firewaller.NewFirewaller(s.firewaller) 378 c.Assert(err, gc.IsNil) 379 defer func() { c.Assert(fw.Stop(), gc.IsNil) }() 380 381 svc := s.AddTestingService(c, "wordpress", s.charm) 382 383 u, m := s.addUnit(c, svc) 384 inst := s.startInstance(c, m) 385 err = u.OpenPort("tcp", 80) 386 c.Assert(err, gc.IsNil) 387 err = u.OpenPort("tcp", 8080) 388 c.Assert(err, gc.IsNil) 389 390 // Not exposed service, so no open port. 391 s.assertPorts(c, inst, m.Id(), nil) 392 393 // SeExposed opens the ports. 394 err = svc.SetExposed() 395 c.Assert(err, gc.IsNil) 396 397 s.assertPorts(c, inst, m.Id(), []instance.Port{{"tcp", 80}, {"tcp", 8080}}) 398 399 // ClearExposed closes the ports again. 400 err = svc.ClearExposed() 401 c.Assert(err, gc.IsNil) 402 403 s.assertPorts(c, inst, m.Id(), nil) 404 } 405 406 func (s *FirewallerSuite) TestRemoveUnit(c *gc.C) { 407 fw, err := firewaller.NewFirewaller(s.firewaller) 408 c.Assert(err, gc.IsNil) 409 defer func() { c.Assert(fw.Stop(), gc.IsNil) }() 410 411 svc := s.AddTestingService(c, "wordpress", s.charm) 412 err = svc.SetExposed() 413 c.Assert(err, gc.IsNil) 414 415 u1, m1 := s.addUnit(c, svc) 416 inst1 := s.startInstance(c, m1) 417 err = u1.OpenPort("tcp", 80) 418 c.Assert(err, gc.IsNil) 419 420 u2, m2 := s.addUnit(c, svc) 421 inst2 := s.startInstance(c, m2) 422 err = u2.OpenPort("tcp", 80) 423 c.Assert(err, gc.IsNil) 424 425 s.assertPorts(c, inst1, m1.Id(), []instance.Port{{"tcp", 80}}) 426 s.assertPorts(c, inst2, m2.Id(), []instance.Port{{"tcp", 80}}) 427 428 // Remove unit. 429 err = u1.EnsureDead() 430 c.Assert(err, gc.IsNil) 431 err = u1.Remove() 432 c.Assert(err, gc.IsNil) 433 434 s.assertPorts(c, inst1, m1.Id(), nil) 435 s.assertPorts(c, inst2, m2.Id(), []instance.Port{{"tcp", 80}}) 436 } 437 438 func (s *FirewallerSuite) TestRemoveService(c *gc.C) { 439 fw, err := firewaller.NewFirewaller(s.firewaller) 440 c.Assert(err, gc.IsNil) 441 defer func() { c.Assert(fw.Stop(), gc.IsNil) }() 442 443 svc := s.AddTestingService(c, "wordpress", s.charm) 444 err = svc.SetExposed() 445 c.Assert(err, gc.IsNil) 446 447 u, m := s.addUnit(c, svc) 448 inst := s.startInstance(c, m) 449 err = u.OpenPort("tcp", 80) 450 c.Assert(err, gc.IsNil) 451 452 s.assertPorts(c, inst, m.Id(), []instance.Port{{"tcp", 80}}) 453 454 // Remove service. 455 err = u.EnsureDead() 456 c.Assert(err, gc.IsNil) 457 err = u.Remove() 458 c.Assert(err, gc.IsNil) 459 err = svc.Destroy() 460 c.Assert(err, gc.IsNil) 461 s.assertPorts(c, inst, m.Id(), nil) 462 } 463 464 func (s *FirewallerSuite) TestRemoveMultipleServices(c *gc.C) { 465 fw, err := firewaller.NewFirewaller(s.firewaller) 466 c.Assert(err, gc.IsNil) 467 defer func() { c.Assert(fw.Stop(), gc.IsNil) }() 468 469 svc1 := s.AddTestingService(c, "wordpress", s.charm) 470 err = svc1.SetExposed() 471 c.Assert(err, gc.IsNil) 472 473 u1, m1 := s.addUnit(c, svc1) 474 inst1 := s.startInstance(c, m1) 475 err = u1.OpenPort("tcp", 80) 476 c.Assert(err, gc.IsNil) 477 478 svc2 := s.AddTestingService(c, "mysql", s.charm) 479 err = svc2.SetExposed() 480 c.Assert(err, gc.IsNil) 481 482 u2, m2 := s.addUnit(c, svc2) 483 inst2 := s.startInstance(c, m2) 484 err = u2.OpenPort("tcp", 3306) 485 c.Assert(err, gc.IsNil) 486 487 s.assertPorts(c, inst1, m1.Id(), []instance.Port{{"tcp", 80}}) 488 s.assertPorts(c, inst2, m2.Id(), []instance.Port{{"tcp", 3306}}) 489 490 // Remove services. 491 err = u2.EnsureDead() 492 c.Assert(err, gc.IsNil) 493 err = u2.Remove() 494 c.Assert(err, gc.IsNil) 495 err = svc2.Destroy() 496 c.Assert(err, gc.IsNil) 497 498 err = u1.EnsureDead() 499 c.Assert(err, gc.IsNil) 500 err = u1.Remove() 501 c.Assert(err, gc.IsNil) 502 err = svc1.Destroy() 503 c.Assert(err, gc.IsNil) 504 505 s.assertPorts(c, inst1, m1.Id(), nil) 506 s.assertPorts(c, inst2, m2.Id(), nil) 507 } 508 509 func (s *FirewallerSuite) TestDeadMachine(c *gc.C) { 510 fw, err := firewaller.NewFirewaller(s.firewaller) 511 c.Assert(err, gc.IsNil) 512 defer func() { c.Assert(fw.Stop(), gc.IsNil) }() 513 514 svc := s.AddTestingService(c, "wordpress", s.charm) 515 err = svc.SetExposed() 516 c.Assert(err, gc.IsNil) 517 518 u, m := s.addUnit(c, svc) 519 inst := s.startInstance(c, m) 520 err = u.OpenPort("tcp", 80) 521 c.Assert(err, gc.IsNil) 522 523 s.assertPorts(c, inst, m.Id(), []instance.Port{{"tcp", 80}}) 524 525 // Remove unit and service, also tested without. Has no effect. 526 err = u.EnsureDead() 527 c.Assert(err, gc.IsNil) 528 err = u.Remove() 529 c.Assert(err, gc.IsNil) 530 err = svc.Destroy() 531 c.Assert(err, gc.IsNil) 532 533 // Kill machine. 534 err = m.Refresh() 535 c.Assert(err, gc.IsNil) 536 err = m.EnsureDead() 537 c.Assert(err, gc.IsNil) 538 539 s.assertPorts(c, inst, m.Id(), nil) 540 } 541 542 func (s *FirewallerSuite) TestRemoveMachine(c *gc.C) { 543 fw, err := firewaller.NewFirewaller(s.firewaller) 544 c.Assert(err, gc.IsNil) 545 defer func() { c.Assert(fw.Stop(), gc.IsNil) }() 546 547 svc := s.AddTestingService(c, "wordpress", s.charm) 548 err = svc.SetExposed() 549 c.Assert(err, gc.IsNil) 550 551 u, m := s.addUnit(c, svc) 552 inst := s.startInstance(c, m) 553 err = u.OpenPort("tcp", 80) 554 c.Assert(err, gc.IsNil) 555 556 s.assertPorts(c, inst, m.Id(), []instance.Port{{"tcp", 80}}) 557 558 // Remove unit. 559 err = u.EnsureDead() 560 c.Assert(err, gc.IsNil) 561 err = u.Remove() 562 c.Assert(err, gc.IsNil) 563 564 // Remove machine. Nothing bad should happen, but can't 565 // assert port state since the machine must have been 566 // destroyed and we lost its reference. 567 err = m.Refresh() 568 c.Assert(err, gc.IsNil) 569 err = m.EnsureDead() 570 c.Assert(err, gc.IsNil) 571 err = m.Remove() 572 c.Assert(err, gc.IsNil) 573 } 574 575 func (s *FirewallerSuite) TestGlobalMode(c *gc.C) { 576 // Change configuration. 577 s.setGlobalMode(c) 578 579 // Start firewaller and open ports. 580 fw, err := firewaller.NewFirewaller(s.firewaller) 581 c.Assert(err, gc.IsNil) 582 defer func() { c.Assert(fw.Stop(), gc.IsNil) }() 583 584 svc1 := s.AddTestingService(c, "wordpress", s.charm) 585 err = svc1.SetExposed() 586 c.Assert(err, gc.IsNil) 587 588 u1, m1 := s.addUnit(c, svc1) 589 s.startInstance(c, m1) 590 err = u1.OpenPort("tcp", 80) 591 c.Assert(err, gc.IsNil) 592 err = u1.OpenPort("tcp", 8080) 593 c.Assert(err, gc.IsNil) 594 595 svc2 := s.AddTestingService(c, "moinmoin", s.charm) 596 c.Assert(err, gc.IsNil) 597 err = svc2.SetExposed() 598 c.Assert(err, gc.IsNil) 599 600 u2, m2 := s.addUnit(c, svc2) 601 s.startInstance(c, m2) 602 err = u2.OpenPort("tcp", 80) 603 c.Assert(err, gc.IsNil) 604 605 s.assertEnvironPorts(c, []instance.Port{{"tcp", 80}, {"tcp", 8080}}) 606 607 // Closing a port opened by a different unit won't touch the environment. 608 err = u1.ClosePort("tcp", 80) 609 c.Assert(err, gc.IsNil) 610 s.assertEnvironPorts(c, []instance.Port{{"tcp", 80}, {"tcp", 8080}}) 611 612 // Closing a port used just once changes the environment. 613 err = u1.ClosePort("tcp", 8080) 614 c.Assert(err, gc.IsNil) 615 s.assertEnvironPorts(c, []instance.Port{{"tcp", 80}}) 616 617 // Closing the last port also modifies the environment. 618 err = u2.ClosePort("tcp", 80) 619 c.Assert(err, gc.IsNil) 620 s.assertEnvironPorts(c, nil) 621 } 622 623 func (s *FirewallerSuite) TestGlobalModeStartWithUnexposedService(c *gc.C) { 624 // Change configuration. 625 s.setGlobalMode(c) 626 627 m, err := s.State.AddMachine("quantal", state.JobHostUnits) 628 c.Assert(err, gc.IsNil) 629 s.startInstance(c, m) 630 631 svc := s.AddTestingService(c, "wordpress", s.charm) 632 u, err := svc.AddUnit() 633 c.Assert(err, gc.IsNil) 634 err = u.AssignToMachine(m) 635 c.Assert(err, gc.IsNil) 636 err = u.OpenPort("tcp", 80) 637 c.Assert(err, gc.IsNil) 638 639 // Starting the firewaller, no open ports. 640 fw, err := firewaller.NewFirewaller(s.firewaller) 641 c.Assert(err, gc.IsNil) 642 defer func() { c.Assert(fw.Stop(), gc.IsNil) }() 643 644 s.assertEnvironPorts(c, nil) 645 646 // Expose service. 647 err = svc.SetExposed() 648 c.Assert(err, gc.IsNil) 649 s.assertEnvironPorts(c, []instance.Port{{"tcp", 80}}) 650 } 651 652 func (s *FirewallerSuite) TestGlobalModeRestart(c *gc.C) { 653 // Change configuration. 654 s.setGlobalMode(c) 655 656 // Start firewaller and open ports. 657 fw, err := firewaller.NewFirewaller(s.firewaller) 658 c.Assert(err, gc.IsNil) 659 660 svc := s.AddTestingService(c, "wordpress", s.charm) 661 err = svc.SetExposed() 662 c.Assert(err, gc.IsNil) 663 664 u, m := s.addUnit(c, svc) 665 s.startInstance(c, m) 666 err = u.OpenPort("tcp", 80) 667 c.Assert(err, gc.IsNil) 668 err = u.OpenPort("tcp", 8080) 669 c.Assert(err, gc.IsNil) 670 671 s.assertEnvironPorts(c, []instance.Port{{"tcp", 80}, {"tcp", 8080}}) 672 673 // Stop firewaller and close one and open a different port. 674 err = fw.Stop() 675 c.Assert(err, gc.IsNil) 676 677 err = u.ClosePort("tcp", 8080) 678 c.Assert(err, gc.IsNil) 679 err = u.OpenPort("tcp", 8888) 680 c.Assert(err, gc.IsNil) 681 682 // Start firewaller and check port. 683 fw, err = firewaller.NewFirewaller(s.firewaller) 684 c.Assert(err, gc.IsNil) 685 defer func() { c.Assert(fw.Stop(), gc.IsNil) }() 686 687 s.assertEnvironPorts(c, []instance.Port{{"tcp", 80}, {"tcp", 8888}}) 688 } 689 690 func (s *FirewallerSuite) TestGlobalModeRestartUnexposedService(c *gc.C) { 691 // Change configuration. 692 s.setGlobalMode(c) 693 694 // Start firewaller and open ports. 695 fw, err := firewaller.NewFirewaller(s.firewaller) 696 c.Assert(err, gc.IsNil) 697 698 svc := s.AddTestingService(c, "wordpress", s.charm) 699 err = svc.SetExposed() 700 c.Assert(err, gc.IsNil) 701 702 u, m := s.addUnit(c, svc) 703 s.startInstance(c, m) 704 err = u.OpenPort("tcp", 80) 705 c.Assert(err, gc.IsNil) 706 err = u.OpenPort("tcp", 8080) 707 c.Assert(err, gc.IsNil) 708 709 s.assertEnvironPorts(c, []instance.Port{{"tcp", 80}, {"tcp", 8080}}) 710 711 // Stop firewaller and clear exposed flag on service. 712 err = fw.Stop() 713 c.Assert(err, gc.IsNil) 714 715 err = svc.ClearExposed() 716 c.Assert(err, gc.IsNil) 717 718 // Start firewaller and check port. 719 fw, err = firewaller.NewFirewaller(s.firewaller) 720 c.Assert(err, gc.IsNil) 721 defer func() { c.Assert(fw.Stop(), gc.IsNil) }() 722 723 s.assertEnvironPorts(c, nil) 724 } 725 726 func (s *FirewallerSuite) TestGlobalModeRestartPortCount(c *gc.C) { 727 // Change configuration. 728 s.setGlobalMode(c) 729 730 // Start firewaller and open ports. 731 fw, err := firewaller.NewFirewaller(s.firewaller) 732 c.Assert(err, gc.IsNil) 733 734 svc1 := s.AddTestingService(c, "wordpress", s.charm) 735 err = svc1.SetExposed() 736 c.Assert(err, gc.IsNil) 737 738 u1, m1 := s.addUnit(c, svc1) 739 s.startInstance(c, m1) 740 err = u1.OpenPort("tcp", 80) 741 c.Assert(err, gc.IsNil) 742 err = u1.OpenPort("tcp", 8080) 743 c.Assert(err, gc.IsNil) 744 745 s.assertEnvironPorts(c, []instance.Port{{"tcp", 80}, {"tcp", 8080}}) 746 747 // Stop firewaller and add another service using the port. 748 err = fw.Stop() 749 c.Assert(err, gc.IsNil) 750 751 svc2 := s.AddTestingService(c, "moinmoin", s.charm) 752 err = svc2.SetExposed() 753 c.Assert(err, gc.IsNil) 754 755 u2, m2 := s.addUnit(c, svc2) 756 s.startInstance(c, m2) 757 err = u2.OpenPort("tcp", 80) 758 c.Assert(err, gc.IsNil) 759 760 // Start firewaller and check port. 761 fw, err = firewaller.NewFirewaller(s.firewaller) 762 c.Assert(err, gc.IsNil) 763 defer func() { c.Assert(fw.Stop(), gc.IsNil) }() 764 765 s.assertEnvironPorts(c, []instance.Port{{"tcp", 80}, {"tcp", 8080}}) 766 767 // Closing a port opened by a different unit won't touch the environment. 768 err = u1.ClosePort("tcp", 80) 769 c.Assert(err, gc.IsNil) 770 s.assertEnvironPorts(c, []instance.Port{{"tcp", 80}, {"tcp", 8080}}) 771 772 // Closing a port used just once changes the environment. 773 err = u1.ClosePort("tcp", 8080) 774 c.Assert(err, gc.IsNil) 775 s.assertEnvironPorts(c, []instance.Port{{"tcp", 80}}) 776 777 // Closing the last port also modifies the environment. 778 err = u2.ClosePort("tcp", 80) 779 c.Assert(err, gc.IsNil) 780 s.assertEnvironPorts(c, nil) 781 }