@Test public void testAddPermissionWhenNoExtension() { IpPermission ssh = newPermission(22); IpPermission jmx = newPermission(31001); when(securityApi.listSecurityGroupsForNode(NODE_ID)).thenReturn(Collections.<SecurityGroup>emptySet()); RuntimeException exception = null; try { customizer.addPermissionsToLocation(jcloudsMachineLocation, ImmutableList.of(ssh, jmx)); } catch(RuntimeException e){ exception = e; } assertNotNull(exception); }
@Test(groups = { "integration", "live" }, singleThreaded = true) public void testListSecurityGroupsForNode() throws RunNodesException, InterruptedException, ExecutionException { skipIfSecurityGroupsNotSupported(); ComputeService computeService = view.getComputeService(); Optional<SecurityGroupExtension> securityGroupExtension = computeService.getSecurityGroupExtension(); assertTrue(securityGroupExtension.isPresent(), "security extension was not present"); for (SecurityGroup securityGroup : securityGroupExtension.get().listSecurityGroupsForNode("uk-1/97374b9f-c706-4c4a-ae5a-48b6d2e58db9")) { logger.info(securityGroup.toString()); } }
@Test public void testAddRuleNotRetriedByDefault() { IpPermission ssh = newPermission(22); SecurityGroup sharedGroup = newGroup(customizer.getNameForSharedSecurityGroup()); SecurityGroup uniqueGroup = newGroup("unique"); when(securityApi.listSecurityGroupsForNode(NODE_ID)).thenReturn(ImmutableSet.of(sharedGroup, uniqueGroup)); when(securityApi.addIpPermission(eq(ssh), eq(uniqueGroup))) .thenThrow(new RuntimeException("exception creating " + ssh)); when(computeService.getContext().unwrap().getId()).thenReturn("aws-ec2"); try { customizer.addPermissionsToLocation(jcloudsMachineLocation, ImmutableList.of(ssh)); } catch (Exception e) { assertTrue(e.getMessage().contains("repeated errors from provider"), "message=" + e.getMessage()); } verify(securityApi, never()).createSecurityGroup(anyString(), any(Location.class)); verify(securityApi, times(1)).addIpPermission(ssh, uniqueGroup); }
@Test public void testSecurityGroupsLoadedWhenAddingPermissionsToUncachedNode() { IpPermission ssh = newPermission(22); SecurityGroup sharedGroup = newGroup(customizer.getNameForSharedSecurityGroup()); SecurityGroup uniqueGroup = newGroup("unique"); when(securityApi.listSecurityGroupsForNode(NODE_ID)).thenReturn(ImmutableSet.of(sharedGroup, uniqueGroup)); when(computeService.getContext().unwrap().getId()).thenReturn("aws-ec2"); SecurityGroup updatedSecurityGroup = newGroup(uniqueGroup.getId(), ImmutableSet.of(ssh)); when(securityApi.addIpPermission(ssh, sharedGroup)).thenReturn(updatedSecurityGroup); SecurityGroup updatedUniqueSecurityGroup = newGroup(uniqueGroup.getId(), ImmutableSet.of(ssh)); when(securityApi.addIpPermission(ssh, updatedUniqueSecurityGroup)).thenReturn(updatedUniqueSecurityGroup); // Expect first call to list security groups on nodeId, second to use cached version customizer.addPermissionsToLocation(jcloudsMachineLocation, ImmutableSet.of(ssh)); customizer.addPermissionsToLocation(jcloudsMachineLocation, ImmutableSet.of(ssh)); verify(securityApi, times(1)).listSecurityGroupsForNode(NODE_ID); verify(securityApi, times(2)).addIpPermission(ssh, uniqueGroup); verify(securityApi, never()).addIpPermission(any(IpPermission.class), eq(sharedGroup)); }
@Test public void testAddPermissionsToNode() { IpPermission ssh = newPermission(22); IpPermission jmx = newPermission(31001); SecurityGroup sharedGroup = newGroup(customizer.getNameForSharedSecurityGroup()); SecurityGroup group = newGroup("id"); when(securityApi.listSecurityGroupsForNode(NODE_ID)).thenReturn(ImmutableSet.of(sharedGroup, group)); SecurityGroup updatedSecurityGroup = newGroup("id", ImmutableSet.of(ssh, jmx)); when(securityApi.addIpPermission(ssh, group)).thenReturn(updatedSecurityGroup); when(securityApi.addIpPermission(jmx, group)).thenReturn(updatedSecurityGroup); when(computeService.getContext().unwrap().getId()).thenReturn("aws-ec2"); customizer.addPermissionsToLocation(jcloudsMachineLocation, ImmutableList.of(ssh, jmx)); verify(securityApi, never()).createSecurityGroup(anyString(), any(Location.class)); verify(securityApi, times(1)).addIpPermission(ssh, group); verify(securityApi, times(1)).addIpPermission(jmx, group); }
@Test public void testRemovePermissionsFromNode() { IpPermission ssh = newPermission(22); IpPermission jmx = newPermission(31001); SecurityGroup sharedGroup = newGroup(customizer.getNameForSharedSecurityGroup()); SecurityGroup group = newGroup("id"); when(securityApi.listSecurityGroupsForNode(NODE_ID)).thenReturn(ImmutableSet.of(sharedGroup, group)); SecurityGroup updatedSecurityGroup = newGroup("id", ImmutableSet.of(ssh, jmx)); when(securityApi.addIpPermission(ssh, group)).thenReturn(updatedSecurityGroup); when(securityApi.addIpPermission(jmx, group)).thenReturn(updatedSecurityGroup); when(computeService.getContext().unwrap().getId()).thenReturn("aws-ec2"); customizer.addPermissionsToLocation(jcloudsMachineLocation, ImmutableList.of(ssh, jmx)); customizer.removePermissionsFromLocation(jcloudsMachineLocation, ImmutableList.of(jmx)); verify(securityApi, never()).removeIpPermission(ssh, group); verify(securityApi, times(1)).removeIpPermission(jmx, group); }
@Test(groups = { "integration", "live" }, dependsOnMethods = "testCreateSecurityGroup") public void testCreateNodeWithSecurityGroup() throws RunNodesException, InterruptedException, ExecutionException { ComputeService computeService = view.getComputeService(); Optional<SecurityGroupExtension> securityGroupExtension = computeService.getSecurityGroupExtension(); assertTrue(securityGroupExtension.isPresent(), "security group extension was not present"); NodeMetadata node = getOnlyElement(computeService.createNodesInGroup(nodeGroup, 1, options().securityGroups(groupId))); try { Set<SecurityGroup> groups = securityGroupExtension.get().listSecurityGroupsForNode(node.getId()); assertEquals(groups.size(), 1, "node has " + groups.size() + " groups"); assertEquals(getOnlyElement(groups).getId(), groupId); } finally { computeService.destroyNodesMatching(inGroup(node.getGroup())); } }
Instance instance = Iterables.getFirst(instances, null); if (instance != null) { SecurityGroup group = Iterables.find(securityGroupExtension.listSecurityGroupsForNode(instance.getNodeMetadata().getId()), new Predicate<SecurityGroup>() { @Override
@Test public void testRemoveMultiplePermissionsFromNode() { IpPermission ssh = newPermission(22); IpPermission jmx = newPermission(31001); SecurityGroup sharedGroup = newGroup(customizer.getNameForSharedSecurityGroup()); SecurityGroup group = newGroup("id"); when(securityApi.listSecurityGroupsForNode(NODE_ID)).thenReturn(ImmutableSet.of(sharedGroup, group)); SecurityGroup updatedSecurityGroup = newGroup("id", ImmutableSet.of(ssh, jmx)); when(securityApi.addIpPermission(ssh, group)).thenReturn(updatedSecurityGroup); when(securityApi.addIpPermission(jmx, group)).thenReturn(updatedSecurityGroup); when(computeService.getContext().unwrap().getId()).thenReturn("aws-ec2"); customizer.addPermissionsToLocation(jcloudsMachineLocation, ImmutableList.of(ssh, jmx)); when(securityApi.removeIpPermission(ssh, group)).thenReturn(updatedSecurityGroup); when(securityApi.removeIpPermission(jmx, group)).thenReturn(updatedSecurityGroup); customizer.removePermissionsFromLocation(jcloudsMachineLocation, ImmutableList.of(ssh, jmx)); verify(securityApi, times(1)).removeIpPermission(ssh, group); verify(securityApi, times(1)).removeIpPermission(jmx, group); }
@Test public void testAddRuleRetriedOnAwsFailure() { IpPermission ssh = newPermission(22); SecurityGroup sharedGroup = newGroup(customizer.getNameForSharedSecurityGroup()); SecurityGroup uniqueGroup = newGroup("unique"); customizer.setRetryExceptionPredicate(JcloudsLocationSecurityGroupCustomizer.newAwsExceptionRetryPredicate()); when(securityApi.listSecurityGroupsForNode(NODE_ID)).thenReturn(ImmutableSet.of(sharedGroup, uniqueGroup)); when(securityApi.addIpPermission(any(IpPermission.class), eq(uniqueGroup))) .thenThrow(newAwsResponseExceptionWithCode("InvalidGroup.InUse")) .thenThrow(newAwsResponseExceptionWithCode("DependencyViolation")) .thenThrow(newAwsResponseExceptionWithCode("RequestLimitExceeded")) .thenThrow(newAwsResponseExceptionWithCode("Blocked")) .thenReturn(sharedGroup); when(computeService.getContext().unwrap().getId()).thenReturn("aws-ec2"); try { customizer.addPermissionsToLocation(jcloudsMachineLocation, ImmutableList.of(ssh)); } catch (Exception e) { String expected = "repeated errors from provider"; assertTrue(e.getMessage().contains(expected), "expected exception message to contain " + expected + ", was: " + e.getMessage()); } verify(securityApi, never()).createSecurityGroup(anyString(), any(Location.class)); verify(securityApi, times(4)).addIpPermission(ssh, uniqueGroup); }
SecurityGroup sharedGroup = newGroup(customizer.getNameForSharedSecurityGroup()); SecurityGroup uniqueGroup = newGroup("unique"); when(securityApi.listSecurityGroupsForNode(NODE_ID)).thenReturn(ImmutableSet.of(sharedGroup, uniqueGroup)); when(securityApi.addIpPermission(eq(ssh), eq(uniqueGroup))) .thenThrow(new RuntimeException(new Exception(message)))
@Test public void testAddPermissionsToNodeUsesUncachedSecurityGroup() { JcloudsLocation jcloudsLocation = new JcloudsLocation(MutableMap.of("deferConstruction", true)); SecurityGroup sharedGroup = newGroup(customizer.getNameForSharedSecurityGroup()); SecurityGroup uniqueGroup = newGroup("unique"); Template template = mock(Template.class); TemplateOptions templateOptions = mock(TemplateOptions.class); when(template.getLocation()).thenReturn(location); when(template.getOptions()).thenReturn(templateOptions); when(securityApi.createSecurityGroup(anyString(), eq(location))).thenReturn(sharedGroup); when(securityApi.addIpPermission(any(IpPermission.class), eq(uniqueGroup))).thenReturn(uniqueGroup); when(securityApi.addIpPermission(any(IpPermission.class), eq(sharedGroup))).thenReturn(sharedGroup); when(computeService.getContext().unwrap().getId()).thenReturn("aws-ec2"); // Call customize to cache the shared group customizer.customize(jcloudsLocation, computeService, template); reset(securityApi); when(securityApi.listSecurityGroupsForNode(NODE_ID)).thenReturn(ImmutableSet.of(uniqueGroup, sharedGroup)); IpPermission ssh = newPermission(22); SecurityGroup updatedSharedSecurityGroup = newGroup(sharedGroup.getId(), ImmutableSet.of(ssh)); when(securityApi.addIpPermission(ssh, uniqueGroup)).thenReturn(updatedSharedSecurityGroup); SecurityGroup updatedUniqueSecurityGroup = newGroup("unique", ImmutableSet.of(ssh)); when(securityApi.addIpPermission(ssh, sharedGroup)).thenReturn(updatedUniqueSecurityGroup); customizer.addPermissionsToLocation(jcloudsMachineLocation, ImmutableSet.of(ssh)); // Expect the per-machine group to have been altered, not the shared group verify(securityApi).addIpPermission(ssh, uniqueGroup); verify(securityApi, never()).addIpPermission(any(IpPermission.class), eq(sharedGroup)); }
@Test(groups = { "integration", "live" }, dependsOnMethods = "testCreateSecurityGroup") public void testCreateNodeWithInboundPorts() throws RunNodesException, InterruptedException, ExecutionException { ComputeService computeService = view.getComputeService(); Optional<SecurityGroupExtension> securityGroupExtension = computeService.getSecurityGroupExtension(); assertTrue(securityGroupExtension.isPresent(), "security group extension was not present"); NodeMetadata node = getOnlyElement(computeService.createNodesInGroup(nodeGroup, 1, options().inboundPorts(22, 23, 24, 8000))); try { Set<SecurityGroup> groups = securityGroupExtension.get().listSecurityGroupsForNode(node.getId()); assertEquals(groups.size(), 1, "node has " + groups.size() + " groups"); SecurityGroup group = getOnlyElement(groups); assertEquals(group.getIpPermissions().size(), 2); assertTrue(group.getIpPermissions().contains(IpPermissions.permit(TCP).fromPort(22).to(24))); assertTrue(group.getIpPermissions().contains(IpPermissions.permit(TCP).port(8000))); } finally { computeService.destroyNodesMatching(inGroup(node.getGroup())); } }
public void testListSecurityGroupsForNode() { HttpRequest serverReq = HttpRequest.builder().method("GET").endpoint( URI.create("https://az-1.region-a.geo-1.compute.hpcloudsvc.com/v2/3456/os-create-server-ext/8d0a6ca5-8849-4b3d-b86e-f24c92490ebb")) .headers( ImmutableMultimap.<String, String> builder().put("Accept", "application/json").put("X-Auth-Token", authToken).build()).build(); HttpResponse serverResponse = HttpResponse.builder().statusCode(200).payload( payloadFromResource("/server_with_security_groups_extension.json")).build(); HttpRequest list = HttpRequest.builder().method("GET").endpoint( URI.create("https://az-1.region-a.geo-1.compute.hpcloudsvc.com/v2/3456/servers/8d0a6ca5-8849-4b3d-b86e-f24c92490ebb/os-security-groups")).headers( ImmutableMultimap.<String, String> builder().put("Accept", "application/json").put("X-Auth-Token", authToken).build()).build(); HttpResponse listResponse = HttpResponse.builder().statusCode(200).payload( payloadFromResource("/securitygroup_list.json")).build(); Builder<HttpRequest, HttpResponse> requestResponseMap = ImmutableMap.<HttpRequest, HttpResponse> builder(); requestResponseMap.put(keystoneAuthWithUsernameAndPasswordAndTenantName, responseWithKeystoneAccess); requestResponseMap.put(extensionsOfNovaRequest, extensionsOfNovaResponse); requestResponseMap.put(serverReq, serverResponse); requestResponseMap.put(list, listResponse); SecurityGroupExtension extension = requestsSendResponses(requestResponseMap.build()).getSecurityGroupExtension().get(); Set<SecurityGroup> groups = extension.listSecurityGroupsForNode(region + "/8d0a6ca5-8849-4b3d-b86e-f24c92490ebb"); assertEquals(groups.size(), 1); }
public void testListSecurityGroupsForNode() { HttpRequest listSecurityGroups = HttpRequest.builder().method("GET") .endpoint("http://localhost:8080/client/api") .addQueryParam("response", "json") .addQueryParam("command", "listSecurityGroups") .addQueryParam("listAll", "true") .addQueryParam("virtualmachineid", "some-node") .addQueryParam("apiKey", "APIKEY") .addQueryParam("signature", "x4f9fGMjIHXl5biaaFK5oOEONcg=") .addHeader("Accept", "application/json") .build(); HttpResponse listSecurityGroupsResponse = HttpResponse.builder().statusCode(200) .payload(payloadFromResource("/listsecuritygroupsresponse.json")) .build(); Map<HttpRequest, HttpResponse> requestResponseMap = ImmutableMap.<HttpRequest, HttpResponse> builder() .put(listTemplates, listTemplatesResponse) .put(listOsTypes, listOsTypesResponse) .put(listOsCategories, listOsCategoriesResponse) .put(listZones, listZonesResponse) .put(listServiceOfferings, listServiceOfferingsResponse) .put(listAccounts, listAccountsResponse) .put(listNetworks, listNetworksResponse) .put(getZone, getZoneResponse) .put(listSecurityGroups, listSecurityGroupsResponse) .build(); SecurityGroupExtension extension = requestsSendResponses(requestResponseMap).getSecurityGroupExtension().get(); Set<SecurityGroup> groups = extension.listSecurityGroupsForNode("some-node"); assertEquals(groups.size(), 5); }
Set<SecurityGroup> groups = extension.listSecurityGroupsForNode(new RegionAndName(region, "i-2baa5550").slashEncode()); assertEquals(1, groups.size());
Set<SecurityGroup> groupsOnNode = securityApi.listSecurityGroupsForNode(nodeId); SecurityGroup securityGroup = Iterables.getOnlyElement(groupsOnNode); effectorResult = task.getUnchecked(); assertTrue(Iterables.tryFind(effectorResult, ruleExistsPredicate(-1, -1, ICMP)).isPresent()); groupsOnNode = securityApi.listSecurityGroupsForNode(nodeId); securityGroup = Iterables.getOnlyElement(groupsOnNode); assertTrue(ruleExistsPredicate(-1, -1, ICMP).apply(securityGroup));