127
131
t.LiveTests.TearDownTest(c)
128
132
t.LoggingSuite.TearDownTest(c)
135
func (t *LiveTests) TestEnsureGroupSetsGroupId(c *gc.C) {
136
rules := []nova.RuleInfo{
137
{ // First group explicitly asks for all services
143
{ // Second group should only allow access from within the group
149
groupName := "juju-test-group-" + randomName()
150
// Make sure things are clean before we start, and clean when we are done
152
c.Check(openstack.DiscardSecurityGroup(t.Env, groupName), gc.IsNil)
156
group, err := openstack.EnsureGroup(t.Env, groupName, rules)
157
c.Assert(err, gc.IsNil)
158
c.Check(group.Rules, gc.HasLen, 2)
159
c.Check(*group.Rules[0].IPProtocol, gc.Equals, "tcp")
160
c.Check(*group.Rules[0].FromPort, gc.Equals, 22)
161
c.Check(*group.Rules[0].ToPort, gc.Equals, 22)
162
c.Check(group.Rules[0].IPRange["cidr"], gc.Equals, "0.0.0.0/0")
163
c.Check(group.Rules[0].Group.Name, gc.Equals, "")
164
c.Check(group.Rules[0].Group.TenantId, gc.Equals, "")
165
c.Check(*group.Rules[1].IPProtocol, gc.Equals, "tcp")
166
c.Check(*group.Rules[1].FromPort, gc.Equals, 1)
167
c.Check(*group.Rules[1].ToPort, gc.Equals, 65535)
168
c.Check(group.Rules[1].IPRange, gc.HasLen, 0)
169
c.Check(group.Rules[1].Group.Name, gc.Equals, groupName)
170
c.Check(group.Rules[1].Group.TenantId, gc.Equals, group.TenantId)
173
func (t *LiveTests) TestSetupGlobalGroupExposesCorrectPorts(c *gc.C) {
174
groupName := "juju-test-group-" + randomName()
175
// Make sure things are clean before we start, and will be clean when we finish
177
c.Check(openstack.DiscardSecurityGroup(t.Env, groupName), gc.IsNil)
181
statePort := 12345 // Default 37017
182
apiPort := 34567 // Default 17070
183
group, err := openstack.SetUpGlobalGroup(t.Env, groupName, statePort, apiPort)
184
c.Assert(err, gc.IsNil)
185
c.Assert(err, gc.IsNil)
186
// We default to exporting 22, statePort, apiPort, and icmp/udp/tcp on
187
// all ports to other machines inside the same group
188
// TODO(jam): 2013-09-18 http://pad.lv/1227142
189
// We shouldn't be exposing the API and State ports on all the machines
190
// that *aren't* hosting the state server. (And once we finish
191
// client-via-API we can disable the State port as well.)
192
stringRules := make([]string, 0, len(group.Rules))
193
for _, rule := range group.Rules {
194
ruleStr := fmt.Sprintf("%s %d %d %q %q",
198
rule.IPRange["cidr"],
201
stringRules = append(stringRules, ruleStr)
203
// We don't care about the ordering, so we sort the result, and compare it.
204
expectedRules := []string{
205
`tcp 22 22 "0.0.0.0/0" ""`,
206
fmt.Sprintf(`tcp %d %d "0.0.0.0/0" ""`, statePort, statePort),
207
fmt.Sprintf(`tcp %d %d "0.0.0.0/0" ""`, apiPort, apiPort),
208
fmt.Sprintf(`tcp 1 65535 "" "%s"`, groupName),
209
fmt.Sprintf(`udp 1 65535 "" "%s"`, groupName),
210
fmt.Sprintf(`icmp -1 -1 "" "%s"`, groupName),
212
sort.Strings(stringRules)
213
sort.Strings(expectedRules)
214
c.Check(stringRules, gc.DeepEquals, expectedRules)