1
// Copyright 2014 Canonical Ltd.
2
// Licensed under the AGPLv3, see LICENCE file for details.
4
package firewaller_test
9
jc "github.com/juju/testing/checkers"
10
gc "gopkg.in/check.v1"
11
"gopkg.in/juju/names.v2"
13
commontesting "github.com/juju/juju/apiserver/common/testing"
14
"github.com/juju/juju/apiserver/facade"
15
"github.com/juju/juju/apiserver/firewaller"
16
"github.com/juju/juju/apiserver/params"
17
apiservertesting "github.com/juju/juju/apiserver/testing"
18
"github.com/juju/juju/state"
19
statetesting "github.com/juju/juju/state/testing"
22
type firewallerSuite struct {
24
*commontesting.ModelWatcherTest
26
firewaller *firewaller.FirewallerAPI
29
var _ = gc.Suite(&firewallerSuite{})
31
func (s *firewallerSuite) SetUpTest(c *gc.C) {
32
s.firewallerBaseSuite.setUpTest(c)
34
_, err := s.State.AddSubnet(state.SubnetInfo{CIDR: "10.20.30.0/24"})
35
c.Assert(err, jc.ErrorIsNil)
37
// Create a firewaller API for the machine.
38
firewallerAPI, err := firewaller.NewFirewallerAPI(
43
c.Assert(err, jc.ErrorIsNil)
44
s.firewaller = firewallerAPI
45
s.ModelWatcherTest = commontesting.NewModelWatcherTest(s.firewaller, s.State, s.resources, commontesting.HasSecrets)
48
func (s *firewallerSuite) TestFirewallerFailsWithNonEnvironManagerUser(c *gc.C) {
49
constructor := func(st *state.State, res facade.Resources, auth facade.Authorizer) error {
50
_, err := firewaller.NewFirewallerAPI(st, res, auth)
53
s.testFirewallerFailsWithNonEnvironManagerUser(c, constructor)
56
func (s *firewallerSuite) TestLife(c *gc.C) {
57
s.testLife(c, s.firewaller)
60
func (s *firewallerSuite) TestInstanceId(c *gc.C) {
61
s.testInstanceId(c, s.firewaller)
64
func (s *firewallerSuite) TestWatchModelMachines(c *gc.C) {
65
s.testWatchModelMachines(c, s.firewaller)
68
func (s *firewallerSuite) TestWatch(c *gc.C) {
69
s.testWatch(c, s.firewaller, cannotWatchUnits)
72
func (s *firewallerSuite) TestWatchUnits(c *gc.C) {
73
s.testWatchUnits(c, s.firewaller)
76
func (s *firewallerSuite) TestGetExposed(c *gc.C) {
77
s.testGetExposed(c, s.firewaller)
80
func (s *firewallerSuite) TestGetAssignedMachine(c *gc.C) {
81
s.testGetAssignedMachine(c, s.firewaller)
84
func (s *firewallerSuite) openPorts(c *gc.C) {
85
// Open some ports on the units.
86
err := s.units[0].OpenPortsOnSubnet("10.20.30.0/24", "tcp", 1234, 1400)
87
c.Assert(err, jc.ErrorIsNil)
88
err = s.units[0].OpenPort("tcp", 4321)
89
c.Assert(err, jc.ErrorIsNil)
90
err = s.units[2].OpenPorts("udp", 1111, 2222)
91
c.Assert(err, jc.ErrorIsNil)
94
func (s *firewallerSuite) TestWatchOpenedPorts(c *gc.C) {
95
c.Assert(s.resources.Count(), gc.Equals, 0)
98
expectChanges := []string{
99
"0:", // empty subnet is ok (until it can be made mandatory)
104
fakeEnvTag := names.NewModelTag("deadbeef-deaf-face-feed-0123456789ab")
105
args := addFakeEntities(params.Entities{Entities: []params.Entity{
106
{Tag: fakeEnvTag.String()},
107
{Tag: s.machines[0].Tag().String()},
108
{Tag: s.service.Tag().String()},
109
{Tag: s.units[0].Tag().String()},
111
result, err := s.firewaller.WatchOpenedPorts(args)
112
sort.Strings(result.Results[0].Changes)
113
c.Assert(err, jc.ErrorIsNil)
114
c.Assert(result, jc.DeepEquals, params.StringsWatchResults{
115
Results: []params.StringsWatchResult{
116
{Changes: expectChanges, StringsWatcherId: "1"},
117
{Error: apiservertesting.ErrUnauthorized},
118
{Error: apiservertesting.ErrUnauthorized},
119
{Error: apiservertesting.ErrUnauthorized},
120
{Error: apiservertesting.ErrUnauthorized},
121
{Error: apiservertesting.ErrUnauthorized},
122
{Error: apiservertesting.ErrUnauthorized},
123
{Error: apiservertesting.ErrUnauthorized},
124
{Error: apiservertesting.ErrUnauthorized},
125
{Error: apiservertesting.ErrUnauthorized},
129
// Verify the resource was registered and stop when done
130
c.Assert(s.resources.Count(), gc.Equals, 1)
131
c.Assert(result.Results[0].StringsWatcherId, gc.Equals, "1")
132
resource := s.resources.Get("1")
133
defer statetesting.AssertStop(c, resource)
135
// Check that the Watch has consumed the initial event ("returned" in
137
wc := statetesting.NewStringsWatcherC(c, s.State, resource.(state.StringsWatcher))
141
func (s *firewallerSuite) TestGetMachinePorts(c *gc.C) {
144
subnetTag := names.NewSubnetTag("10.20.30.0/24").String()
145
args := params.MachinePortsParams{
146
Params: []params.MachinePorts{
147
{MachineTag: s.machines[0].Tag().String(), SubnetTag: ""},
148
{MachineTag: s.machines[0].Tag().String(), SubnetTag: subnetTag},
149
{MachineTag: s.machines[1].Tag().String(), SubnetTag: ""},
150
{MachineTag: s.machines[2].Tag().String(), SubnetTag: ""},
151
{MachineTag: s.machines[0].Tag().String(), SubnetTag: "invalid"},
152
{MachineTag: "machine-42", SubnetTag: ""},
153
{MachineTag: s.machines[0].Tag().String(), SubnetTag: "subnet-bad"},
156
unit0Tag := s.units[0].Tag().String()
157
expectPortsMachine0NoSubnet := []params.MachinePortRange{
158
{UnitTag: unit0Tag, PortRange: params.PortRange{
159
FromPort: 4321, ToPort: 4321, Protocol: "tcp",
162
expectPortsMachine0WithSubnet := []params.MachinePortRange{
163
{UnitTag: unit0Tag, PortRange: params.PortRange{
164
FromPort: 1234, ToPort: 1400, Protocol: "tcp",
167
unit2Tag := s.units[2].Tag().String()
168
expectPortsMachine2 := []params.MachinePortRange{
169
{UnitTag: unit2Tag, PortRange: params.PortRange{
170
FromPort: 1111, ToPort: 2222, Protocol: "udp",
173
result, err := s.firewaller.GetMachinePorts(args)
174
c.Assert(err, jc.ErrorIsNil)
175
c.Assert(result, jc.DeepEquals, params.MachinePortsResults{
176
Results: []params.MachinePortsResult{
177
{Ports: expectPortsMachine0NoSubnet},
178
{Ports: expectPortsMachine0WithSubnet},
179
{Error: nil, Ports: nil},
180
{Ports: expectPortsMachine2},
181
{Error: apiservertesting.ServerError(`"invalid" is not a valid tag`)},
182
{Error: apiservertesting.NotFoundError("machine 42")},
183
{Error: apiservertesting.ServerError(`"subnet-bad" is not a valid subnet tag`)},
189
func (s *firewallerSuite) TestGetMachineActiveSubnets(c *gc.C) {
192
subnetTag := names.NewSubnetTag("10.20.30.0/24").String()
193
args := addFakeEntities(params.Entities{Entities: []params.Entity{
194
{Tag: s.machines[0].Tag().String()},
195
{Tag: s.machines[1].Tag().String()},
196
{Tag: s.machines[2].Tag().String()},
197
{Tag: s.service.Tag().String()},
198
{Tag: s.units[0].Tag().String()},
200
expectResultsMachine0 := []string{subnetTag, ""}
201
expectResultsMachine2 := []string{""}
202
result, err := s.firewaller.GetMachineActiveSubnets(args)
203
c.Assert(err, jc.ErrorIsNil)
204
c.Assert(result, jc.DeepEquals, params.StringsResults{
205
Results: []params.StringsResult{
206
{Result: expectResultsMachine0},
207
{Result: nil, Error: nil},
208
{Result: expectResultsMachine2},
209
{Error: apiservertesting.ServerError(`"application-wordpress" is not a valid machine tag`)},
210
{Error: apiservertesting.ServerError(`"unit-wordpress-0" is not a valid machine tag`)},
211
{Error: apiservertesting.NotFoundError("machine 42")},
212
{Error: apiservertesting.ServerError(`"unit-foo-0" is not a valid machine tag`)},
213
{Error: apiservertesting.ServerError(`"application-bar" is not a valid machine tag`)},
214
{Error: apiservertesting.ServerError(`"user-foo" is not a valid machine tag`)},
215
{Error: apiservertesting.ServerError(`"foo-bar" is not a valid tag`)},
216
{Error: apiservertesting.ServerError(`"" is not a valid tag`)},