@Test(groups = { "integration", "live" }, singleThreaded = true, dependsOnMethods = "testAddIpPermission") public void testRemoveIpPermission() { skipIfSecurityGroupsNotSupported(); ComputeService computeService = view.getComputeService(); Optional<SecurityGroupExtension> securityGroupExtension = computeService.getSecurityGroupExtension(); assertTrue(securityGroupExtension.isPresent(), "security group extension was not present"); Optional<SecurityGroup> optGroup = getGroup(securityGroupExtension.get()); assertTrue(optGroup.isPresent()); SecurityGroup group = optGroup.get(); IpPermission portRangeIpPermission = createPortRangePermission(); IpPermission singlePortIpPermission = createSinglePortPermission(); SecurityGroup newGroup = securityGroupExtension.get().removeIpPermission(portRangeIpPermission, group); SecurityGroup emptyGroup = securityGroupExtension.get().removeIpPermission(singlePortIpPermission, newGroup); assertEquals(Iterables.size(emptyGroup.getIpPermissions()), 0, "Group should have no permissions, but has " + Iterables.size(emptyGroup.getIpPermissions())); }
@Test public void testRemoveMultiplePermissionsFromNode() { IpPermission ssh = newPermission(22); IpPermission jmx = newPermission(31001); SecurityGroup sharedGroup = newGroup(customizer.getNameForSharedSecurityGroup()); SecurityGroup group = newGroup("id"); when(securityApi.listSecurityGroupsForNode(NODE_ID)).thenReturn(ImmutableSet.of(sharedGroup, group)); SecurityGroup updatedSecurityGroup = newGroup("id", ImmutableSet.of(ssh, jmx)); when(securityApi.addIpPermission(ssh, group)).thenReturn(updatedSecurityGroup); when(securityApi.addIpPermission(jmx, group)).thenReturn(updatedSecurityGroup); when(computeService.getContext().unwrap().getId()).thenReturn("aws-ec2"); customizer.addPermissionsToLocation(jcloudsMachineLocation, ImmutableList.of(ssh, jmx)); when(securityApi.removeIpPermission(ssh, group)).thenReturn(updatedSecurityGroup); when(securityApi.removeIpPermission(jmx, group)).thenReturn(updatedSecurityGroup); customizer.removePermissionsFromLocation(jcloudsMachineLocation, ImmutableList.of(ssh, jmx)); verify(securityApi, times(1)).removeIpPermission(ssh, group); verify(securityApi, times(1)).removeIpPermission(jmx, group); }
@Test(groups = { "integration", "live" }, singleThreaded = true, dependsOnMethods = "testAddIpPermissionWithCidrExclusionGroup") public void testRemoveIpPermissionWithCidrExclusionGroup() { skipIfSecurityGroupsNotSupported(); ComputeService computeService = view.getComputeService(); Optional<SecurityGroupExtension> securityGroupExtension = computeService.getSecurityGroupExtension(); assertTrue(securityGroupExtension.isPresent(), "security group extension was not present"); if (!securityGroupExtension.get().supportsExclusionCidrBlocks()) { throw new SkipException("Test cannot run without CIDR exclusion groups available."); } Optional<SecurityGroup> optGroup = getGroup(securityGroupExtension.get()); assertTrue(optGroup.isPresent()); SecurityGroup group = optGroup.get(); IpPermission cidrExclusionPermission = createCidrExclusionPermission(); SecurityGroup emptyGroup = securityGroupExtension.get().removeIpPermission(cidrExclusionPermission, group); assertFalse(emptyGroup.getIpPermissions().contains(cidrExclusionPermission)); }
@Test public void testRemovePermissionsFromNode() { IpPermission ssh = newPermission(22); IpPermission jmx = newPermission(31001); SecurityGroup sharedGroup = newGroup(customizer.getNameForSharedSecurityGroup()); SecurityGroup group = newGroup("id"); when(securityApi.listSecurityGroupsForNode(NODE_ID)).thenReturn(ImmutableSet.of(sharedGroup, group)); SecurityGroup updatedSecurityGroup = newGroup("id", ImmutableSet.of(ssh, jmx)); when(securityApi.addIpPermission(ssh, group)).thenReturn(updatedSecurityGroup); when(securityApi.addIpPermission(jmx, group)).thenReturn(updatedSecurityGroup); when(computeService.getContext().unwrap().getId()).thenReturn("aws-ec2"); customizer.addPermissionsToLocation(jcloudsMachineLocation, ImmutableList.of(ssh, jmx)); customizer.removePermissionsFromLocation(jcloudsMachineLocation, ImmutableList.of(jmx)); verify(securityApi, never()).removeIpPermission(ssh, group); verify(securityApi, times(1)).removeIpPermission(jmx, group); }
public void testRemoveIpPermissionGroupFromParams() { HttpRequest revokeRule = HttpRequest.builder().method("GET") .endpoint("http://localhost:8080/client/api") .addQueryParam("response", "json") .addQueryParam("command", "revokeSecurityGroupIngress") .addQueryParam("id", "5") .addQueryParam("apiKey", "APIKEY") .addQueryParam("signature", "bEzvrLtO7aEWkIqJgUeTnd+0XbY=") .addHeader("Accept", "application/json") .build(); HttpResponse getWithRuleResponse = HttpResponse.builder().statusCode(200) .payload(payloadFromResource("/getsecuritygroupresponse_extension_byid_with_group.json")) .build(); SecurityGroupExtension extension = orderedRequestsSendResponses( ImmutableList.of(getWithRule, revokeRule, queryAsyncJobResultAuthorizeIngress, getWithRule), ImmutableList.of(getWithRuleResponse, revokeRuleResponse, queryAsyncJobResultAuthorizeIngressResponse, getEmptyResponse) ).getSecurityGroupExtension().get(); ImmutableMultimap.Builder<String, String> permBuilder = ImmutableMultimap.builder(); permBuilder.put("adrian", "adriancole"); SecurityGroup origGroup = new SecurityGroupBuilder().id("13").build(); SecurityGroup newGroup = extension.removeIpPermission(IpProtocol.TCP, 22, 22, permBuilder.build(), emptyStringSet(), emptyStringSet(), origGroup); assertEquals(newGroup.getIpPermissions().size(), 0); }
public void testRemoveIpPermissionCidrFromParams() { HttpRequest revokeRule = HttpRequest.builder().method("GET") .endpoint("http://localhost:8080/client/api") .addQueryParam("response", "json") .addQueryParam("command", "revokeSecurityGroupIngress") .addQueryParam("id", "6") .addQueryParam("apiKey", "APIKEY") .addQueryParam("signature", "H7cY/MEYGN7df1hiz0mMAFVBfa8=") .addHeader("Accept", "application/json") .build(); HttpResponse getWithRuleResponse = HttpResponse.builder().statusCode(200) .payload(payloadFromResource("/getsecuritygroupresponse_extension_byid_with_cidr.json")) .build(); SecurityGroupExtension extension = orderedRequestsSendResponses( ImmutableList.of(getWithRule, revokeRule, queryAsyncJobResultAuthorizeIngress, getWithRule), ImmutableList.of(getWithRuleResponse, revokeRuleResponse, queryAsyncJobResultAuthorizeIngressResponse, getEmptyResponse) ).getSecurityGroupExtension().get(); SecurityGroup origGroup = new SecurityGroupBuilder().id("13").build(); SecurityGroup newGroup = extension.removeIpPermission(IpProtocol.UDP, 11, 11, emptyMultimap(), ImmutableSet.of("1.1.1.1/24"), emptyStringSet(), origGroup); assertEquals(newGroup.getIpPermissions().size(), 0); }
public void testRemoveIpPermissionCidrFromIpPermission() { HttpRequest revokeRule = HttpRequest.builder().method("GET") .endpoint("http://localhost:8080/client/api") .addQueryParam("response", "json") .addQueryParam("command", "revokeSecurityGroupIngress") .addQueryParam("id", "6") .addQueryParam("apiKey", "APIKEY") .addQueryParam("signature", "H7cY/MEYGN7df1hiz0mMAFVBfa8=") .addHeader("Accept", "application/json") .build(); HttpResponse getWithRuleResponse = HttpResponse.builder().statusCode(200) .payload(payloadFromResource("/getsecuritygroupresponse_extension_byid_with_cidr.json")) .build(); SecurityGroupExtension extension = orderedRequestsSendResponses( ImmutableList.of(getWithRule, revokeRule, queryAsyncJobResultAuthorizeIngress, getWithRule), ImmutableList.of(getWithRuleResponse, revokeRuleResponse, queryAsyncJobResultAuthorizeIngressResponse, getEmptyResponse) ).getSecurityGroupExtension().get(); IpPermission.Builder builder = IpPermission.builder(); builder.ipProtocol(IpProtocol.UDP); builder.fromPort(11); builder.toPort(11); builder.cidrBlock("1.1.1.1/24"); IpPermission perm = builder.build(); SecurityGroup origGroup = new SecurityGroupBuilder().id("13").build(); SecurityGroup newGroup = extension.removeIpPermission(perm, origGroup); assertEquals(newGroup.getIpPermissions().size(), 0); }
public void testRemoveIpPermissionGroupFromIpPermission() { HttpRequest revokeRule = HttpRequest.builder().method("GET") .endpoint("http://localhost:8080/client/api") .addQueryParam("response", "json") .addQueryParam("command", "revokeSecurityGroupIngress") .addQueryParam("id", "5") .addQueryParam("apiKey", "APIKEY") .addQueryParam("signature", "bEzvrLtO7aEWkIqJgUeTnd+0XbY=") .addHeader("Accept", "application/json") .build(); HttpResponse getWithRuleResponse = HttpResponse.builder().statusCode(200) .payload(payloadFromResource("/getsecuritygroupresponse_extension_byid_with_group.json")) .build(); SecurityGroupExtension extension = orderedRequestsSendResponses( ImmutableList.of(getWithRule, revokeRule, queryAsyncJobResultAuthorizeIngress, getWithRule), ImmutableList.of(getWithRuleResponse, revokeRuleResponse, queryAsyncJobResultAuthorizeIngressResponse, getEmptyResponse) ).getSecurityGroupExtension().get(); IpPermission.Builder builder = IpPermission.builder(); builder.ipProtocol(IpProtocol.TCP); builder.fromPort(22); builder.toPort(22); builder.tenantIdGroupNamePair("adrian", "adriancole"); IpPermission perm = builder.build(); SecurityGroup origGroup = new SecurityGroupBuilder().id("13").build(); SecurityGroup newGroup = extension.removeIpPermission(perm, origGroup); assertEquals(newGroup.getIpPermissions().size(), 0); }