kotovalexarian-likes-github/fog--fog-aws
1
0
Fork 0
mirror of https://github.com/fog/fog-aws.git synced 2022-11-09 13:50:52 -05:00
Code Releases Activity

Merge pull request #348 from lanej/lanej/fix-efs-test

Browse source 
fix default_security_group detection
This commit is contained in:
Josh Lane 2017-11-09 07:47:46 -08:00 committed by GitHub
commit 16be496bd1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
16 changed files with 196 additions and 185 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
lib/fog/aws/requests/compute/authorize_security_group_egress.rb
View file

@ -57,14 +57,16 @@ module Fog
class Mock
def authorize_security_group_egress(group_name, options = {})
options = Fog::AWS.parse_security_group_options(group_name, options)
if options.key?('GroupName')
group_name = options['GroupName']
else
group_name = self.data[:security_groups].reject { |k,v| v['groupId'] != options['GroupId'] } .keys.first
end
group = if options.key?('GroupName')
self.data[:security_groups].values.find { |v| v['groupName'] == options['GroupName'] }
else
self.data[:security_groups][options.fetch('GroupId')]
end
response = Excon::Response.new
group = self.data[:security_groups][group_name] || raise(Fog::Compute::AWS::NotFound.new("The security group '#{group_name}' does not exist"))
group ||
raise(Fog::Compute::AWS::NotFound.new("The security group '#{group_name}' does not exist"))
verify_permission_options(options, group['vpcId'] != nil)

44
lib/fog/aws/requests/compute/authorize_security_group_ingress.rb
View file

@ -80,14 +80,16 @@ module Fog
class Mock
def authorize_security_group_ingress(group_name, options = {})
options = Fog::AWS.parse_security_group_options(group_name, options)
if options.key?('GroupName')
group_name = options['GroupName']
else
group_name = self.data[:security_groups].reject { |k,v| v['groupId'] != options['GroupId'] } .keys.first
end
group = if options.key?('GroupName')
self.data[:security_groups].values.find { |v| v['groupName'] == options['GroupName'] }
else
self.data[:security_groups][options.fetch('GroupId')]
end
response = Excon::Response.new
group = self.data[:security_groups][group_name] || raise(Fog::Compute::AWS::NotFound.new("The security group '#{group_name}' does not exist"))
group ||
raise(Fog::Compute::AWS::NotFound.new("The security group '#{group_name}' does not exist"))
verify_permission_options(options, group['vpcId'] != nil)
@ -150,14 +152,15 @@ module Fog
else
options['SourceSecurityGroupName']
end
source_group_id=self.data[:security_groups][group_name]['groupId']
source_group_id, _ = self.data[:security_groups].find { |_,v| v['groupName'] == group_name }
['tcp', 'udp'].each do |protocol|
normalized_permissions << {
'ipProtocol' => protocol,
'fromPort' => 1,
'toPort' => 65535,
'groups' => [{
'groupName' => options['SourceSecurityGroupName'],
'groupName' => group_name,
'userId' => options['SourceSecurityGroupOwnerId'] || self.data[:owner_id],
'groupId' => source_group_id
}],
@ -169,7 +172,7 @@ module Fog
'fromPort' => -1,
'toPort' => -1,
'groups' => [{
'groupName' => options['SourceSecurityGroupName'],
'groupName' => group_name,
'userId' => options['SourceSecurityGroupOwnerId'] || self.data[:owner_id],
'groupId' => source_group_id
}],
@ -188,18 +191,19 @@ module Fog
groups = (permission['Groups'] || []).map do |authorized_group|
security_group = if group_name = authorized_group['GroupName']
self.data[:security_groups][group_name]
self.data[:security_groups].values.find { |sg| sg['groupName'] == group_name }
elsif group_id = authorized_group['GroupId']
self.data[:security_groups].values.find { |sg| sg['groupId'] == group_id }
end ||
raise(Fog::Compute::AWS::NotFound.new("The security group '#{group_name || group_id}' does not exist"))
self.data[:security_groups][group_id]
end
security_group ||
raise(Fog::Compute::AWS::NotFound.new("The security group '#{group_name || group_id}' does not exist"))
{
'groupName' => authorized_group['GroupName'] || security_group["groupName"],
'userId' => authorized_group['UserId'] || self.data[:owner_id],
'groupId' => authorized_group["GroupId"] || security_group['groupId']
}
end
{
'groupName' => authorized_group['GroupName'] || security_group['groupName'],
'userId' => authorized_group['UserId'] || self.data[:owner_id],
'groupId' => authorized_group["GroupId"] || security_group['groupId']
}
end
if ['tcp', 'udp', 'icmp'].include?(permission['IpProtocol'])
@ -208,7 +212,7 @@ module Fog
'fromPort' => Integer(permission['FromPort']),
'toPort' => Integer(permission['ToPort']),
'groups' => groups,
'ipRanges' => (permission['IpRanges'] || []).map {|r| { 'cidrIp' => r['CidrIp'] } }
'ipRanges' => (permission['IpRanges'] || []).map {|r| { 'cidrIp' => r['CidrIp'] } }
}
else
normalized_permissions << {

4
lib/fog/aws/requests/compute/create_network_interface.rb
View file

@ -73,11 +73,11 @@ module Fog
groups = {}
if options['GroupSet']
options['GroupSet'].each do |group_id|
group_obj = self.data[:security_groups].select { |k,v| v['groupId'] == group_id }.first
group_obj = self.data[:security_groups][group_id]
if group_obj.nil?
raise Fog::Compute::AWS::Error.new("Unknown security group '#{group_id}' specified")
end
groups[group_id] = group_obj
groups[group_id] = group_obj['groupName']
end
end

40
lib/fog/aws/requests/compute/create_security_group.rb
View file

@ -35,27 +35,29 @@ module Fog
response = Excon::Response.new
vpc_id ||= Fog::AWS::Mock.default_vpc_for(region)
group_id = Fog::AWS::Mock.security_group_id
unless self.data[:security_groups][name]
data = {
'groupDescription' => description,
'groupName' => name,
'groupId' => Fog::AWS::Mock.security_group_id,
'ipPermissionsEgress' => [],
'ipPermissions' => [],
'ownerId' => self.data[:owner_id],
'vpcId' => vpc_id
}
self.data[:security_groups][name] = data
response.body = {
'requestId' => Fog::AWS::Mock.request_id,
'groupId' => data['groupId'],
'return' => true
}
response
else
raise Fog::Compute::AWS::Error.new("InvalidGroup.Duplicate => The security group '#{name}' already exists")
if self.data[:security_groups].find { |_,v| v['groupName'] == name }
raise Fog::Compute::AWS::Error,
"InvalidGroup.Duplicate => The security group '#{name}' already exists"
end
self.data[:security_groups][group_id] = {
'groupDescription' => description,
'groupName' => name,
'groupId' => group_id,
'ipPermissionsEgress' => [],
'ipPermissions' => [],
'ownerId' => self.data[:owner_id],
'vpcId' => vpc_id
}
response.body = {
'requestId' => Fog::AWS::Mock.request_id,
'groupId' => group_id,
'return' => true
}
response
end
end
end

26
lib/fog/aws/requests/compute/create_vpc.rb
View file

@ -77,6 +77,32 @@ module Fog
# Manually override since Amazon doesn't let you create a default one
self.data[:network_acls][default_nacl.network_acl_id]['default'] = true
# create default security groups
default_elb_group_name = "default_elb_#{Fog::Mock.random_hex(6)}"
default_elb_group_id = Fog::AWS::Mock.security_group_id
Fog::Compute::AWS::Mock.data[region][@aws_access_key_id][:security_groups][default_elb_group_id] = {
'groupDescription' => 'default_elb security group',
'groupName' => default_elb_group_name,
'groupId' => default_elb_group_id,
'ipPermissions' => [],
'ownerId' => self.data[:owner_id],
'vpcId' => vpc_id
}
default_group_name = 'default'
default_group_id = Fog::AWS::Mock.security_group_id
Fog::Compute::AWS::Mock.data[region][@aws_access_key_id][:security_groups][default_group_id] = {
'groupDescription' => default_group_name,
'groupName' => default_group_name,
'groupId' => default_group_id,
'ipPermissions' => [],
'ownerId' => self.data[:owner_id],
'vpcId' => vpc_id
}
response.body = {
'requestId' => Fog::AWS::Mock.request_id,
'vpcSet' => [vpc]

18
lib/fog/aws/requests/compute/delete_security_group.rb
View file

@ -47,12 +47,12 @@ module Fog
raise Fog::Compute::AWS::Error.new("May not specify both group_name and group_id")
end
if id
name = self.data[:security_groups].reject { |k,v| v['groupId'] != id } .keys.first
if name
id, _ = self.data[:security_groups].find { |_,v| v['groupName'] == name }
end
unless self.data[:security_groups][name]
raise Fog::Compute::AWS::NotFound.new("The security group '#{name}' does not exist")
unless self.data[:security_groups][id]
raise Fog::Compute::AWS::NotFound.new("The security group '#{id}' does not exist")
end
response = Excon::Response.new
@ -61,14 +61,14 @@ module Fog
# ec2 authorizations
self.region_data.each do |_, key_data|
key_data[:security_groups].each do |group_name, group|
next if group == self.data[:security_groups][name]
key_data[:security_groups].each do |group_id, group|
next if group == self.data[:security_groups][group_id]
group['ipPermissions'].each do |group_ip_permission|
group_ip_permission['groups'].each do |group_group_permission|
if group_group_permission['groupName'] == name &&
if group_group_permission['groupId'] == group_id &&
group_group_permission['userId'] == self.data[:owner_id]
used_by_groups << "#{key_data[:owner_id]}:#{group_name}"
used_by_groups << "#{key_data[:owner_id]}:#{group['groupName']}"
end
end
end
@ -100,7 +100,7 @@ module Fog
raise Fog::Compute::AWS::Error.new("InUse => There are active instances using security group '#{name}'")
end
self.data[:security_groups].delete(name)
self.data[:security_groups].delete(id)
response.status = 200
response.body = {
'requestId' => Fog::AWS::Mock.request_id,

30
lib/fog/aws/requests/compute/describe_network_interface_attribute.rb
View file

@ -42,23 +42,25 @@ module Fog
class Mock
def describe_network_interface_attribute(network_interface_id, attribute)
response = Excon::Response.new
if self.data[:network_interfaces][network_interface_id]
network_interface = self.data[:network_interfaces][network_interface_id]
response.status = 200
response.body = {
'requestId' => Fog::AWS::Mock.request_id,
'networkInterfaceId' => network_interface_id
}
case attribute
when 'description', 'groupSet', 'sourceDestCheck', 'attachment'
response.body[attribute] = self.data[:network_interfaces][network_interface_id][attribute]
else
raise Fog::Compute::AWS::Error.new("Illegal attribute '#{attribute}' specified")
end
response
else
unless network_interface
raise Fog::Compute::AWS::NotFound.new("The network interface '#{network_interface_id}' does not exist")
end
response.status = 200
response.body = {
'requestId' => Fog::AWS::Mock.request_id,
'networkInterfaceId' => network_interface_id
}
case attribute
when 'description', 'groupSet', 'sourceDestCheck', 'attachment'
response.body[attribute] = network_interface[attribute]
else
raise Fog::Compute::AWS::Error.new("Illegal attribute '#{attribute}' specified")
end
response
end
end
end

36
lib/fog/aws/requests/compute/describe_security_groups.rb
View file

@ -66,22 +66,46 @@ module Fog
'protocol' => 'ipProtocol',
'to-port' => 'toPort'
}
security_group_groups = lambda { |security_group| (security_group['ipPermissions'] || []).map { |permission| permission["groups"] }.flatten.compact.uniq }
security_group_groups = lambda do |security_group|
(security_group['ipPermissions'] || []).map do |permission|
permission['groups']
end.flatten.compact.uniq
end
for filter_key, filter_value in filters
if permission_key = filter_key.split('ip-permission.')[1]
if permission_key == 'group-name'
security_group_info = security_group_info.reject{|security_group| !security_group_groups.call(security_group).find {|group| [*filter_value].include?(group['groupName'])}}
security_group_info = security_group_info.reject do |security_group|
!security_group_groups.call(security_group).find do |group|
[*filter_value].include?(group['groupName'])
end
end
elsif permission_key == 'group-id'
security_group_info = security_group_info.reject{|security_group| !security_group_groups.call(security_group).find {|group| [*filter_value].include?(group['groupId'])}}
security_group_info = security_group_info.reject do |security_group|
!security_group_groups.call(security_group).find do |group|
[*filter_value].include?(group['groupId'])
end
end
elsif permission_key == 'user-id'
security_group_info = security_group_info.reject{|security_group| !security_group_groups.call(security_group).find {|group| [*filter_value].include?(group['userId'])}}
security_group_info = security_group_info.reject do |security_group|
!security_group_groups.call(security_group).find do |group|
[*filter_value].include?(group['userId'])
end
end
else
aliased_key = permission_aliases[filter_key]
security_group_info = security_group_info.reject{|security_group| !security_group['ipPermissions'].find {|permission| [*filter_value].include?(permission[aliased_key])}}
security_group_info = security_group_info.reject do |security_group|
!security_group['ipPermissions'].find do |permission|
[*filter_value].include?(permission[aliased_key])
end
end
end
else
aliased_key = aliases[filter_key]
security_group_info = security_group_info.reject{|security_group| ![*filter_value].include?(security_group[aliased_key])}
security_group_info = security_group_info.reject do |security_group|
![*filter_value].include?(security_group[aliased_key])
end
end
end

6
lib/fog/aws/requests/compute/modify_network_interface_attribute.rb
View file

@ -54,11 +54,11 @@ module Fog
when 'groupSet'
groups = {}
value.each do |group_id|
name = self.data[:security_groups].select { |k,v| v['groupId'] == group_id } .first.first
if name.nil?
security_group = self.data[:security_groups][group_id]
if security_group.nil?
raise Fog::Compute::AWS::Error.new("Unknown security group '#{group_id}' specified")
end
groups[group_id] = name
groups[group_id] = security_group['groupName']
end
nic['groupSet'] = groups
when 'sourceDestCheck'

44
lib/fog/aws/requests/compute/revoke_security_group_egress.rb
View file

@ -57,40 +57,34 @@ module Fog
class Mock
def revoke_security_group_egress(group_name, options = {})
options = Fog::AWS.parse_security_group_options(group_name, options)
if options.key?('GroupName')
group_name = options['GroupName']
else
group_name = self.data[:security_groups].reject { |k,v| v['groupId'] != options['GroupId'] } .keys.first
end
group = self.data[:security_groups].values.find { |v| v['groupName'] == group_name }
group ||
raise(Fog::Compute::AWS::NotFound.new("The security group '#{group_name}' does not exist"))
response = Excon::Response.new
group = self.data[:security_groups][group_name]
if group
verify_permission_options(options, group['vpcId'] != nil)
verify_permission_options(options, group['vpcId'] != nil)
normalized_permissions = normalize_permissions(options)
normalized_permissions = normalize_permissions(options)
normalized_permissions.each do |permission|
if matching_permission = find_matching_permission_egress(group, permission)
matching_permission['ipRanges'] -= permission['ipRanges']
matching_permission['groups'] -= permission['groups']
normalized_permissions.each do |permission|
if matching_permission = find_matching_permission_egress(group, permission)
matching_permission['ipRanges'] -= permission['ipRanges']
matching_permission['groups'] -= permission['groups']
if matching_permission['ipRanges'].empty? && matching_permission['groups'].empty?
group['ipPermissionsEgress'].delete(matching_permission)
end
if matching_permission['ipRanges'].empty? && matching_permission['groups'].empty?
group['ipPermissionsEgress'].delete(matching_permission)
end
end
response.status = 200
response.body = {
'requestId' => Fog::AWS::Mock.request_id,
'return' => true
}
response
else
raise Fog::Compute::AWS::NotFound.new("The security group '#{group_name}' does not exist")
end
response.status = 200
response.body = {
'requestId' => Fog::AWS::Mock.request_id,
'return' => true
}
response
end
end
end

43
lib/fog/aws/requests/compute/revoke_security_group_ingress.rb
View file

@ -57,40 +57,33 @@ module Fog
class Mock
def revoke_security_group_ingress(group_name, options = {})
options = Fog::AWS.parse_security_group_options(group_name, options)
if options.key?('GroupName')
group_name = options['GroupName']
else
group_name = self.data[:security_groups].reject { |k,v| v['groupId'] != options['GroupId'] } .keys.first
end
group = self.data[:security_groups].values.find { |v| v['groupName'] == group_name }
group ||
raise(Fog::Compute::AWS::NotFound.new("The security group '#{group_name}' does not exist"))
response = Excon::Response.new
group = self.data[:security_groups][group_name]
if group
verify_permission_options(options, group['vpcId'] != nil)
verify_permission_options(options, group['vpcId'] != nil)
normalized_permissions = normalize_permissions(options)
normalized_permissions = normalize_permissions(options)
normalized_permissions.each do |permission|
if matching_permission = find_matching_permission(group, permission)
matching_permission['ipRanges'] -= permission['ipRanges']
matching_permission['groups'] -= permission['groups']
normalized_permissions.each do |permission|
if matching_permission = find_matching_permission(group, permission)
matching_permission['ipRanges'] -= permission['ipRanges']
matching_permission['groups'] -= permission['groups']
if matching_permission['ipRanges'].empty? && matching_permission['groups'].empty?
group['ipPermissions'].delete(matching_permission)
end
if matching_permission['ipRanges'].empty? && matching_permission['groups'].empty?
group['ipPermissions'].delete(matching_permission)
end
end
response.status = 200
response.body = {
'requestId' => Fog::AWS::Mock.request_id,
'return' => true
}
response
else
raise Fog::Compute::AWS::NotFound.new("The security group '#{group_name}' does not exist")
end
response.status = 200
response.body = {
'requestId' => Fog::AWS::Mock.request_id,
'return' => true
}
response
end
end
end

12
lib/fog/aws/requests/efs/create_mount_target.rb
View file

@ -25,8 +25,10 @@ module Fog
class Mock
def create_mount_target(file_system_id, subnet_id, options={})
response = Excon::Response.new
default_security_group = mock_compute.data[:security_groups]['default']
security_groups = options["SecurityGroups"] || [default_security_group['groupId']]
default_security_group = mock_compute.data[:security_groups].find do |_, sg|
sg['groupDescription'] == 'default_elb security group'
end
security_groups = options["SecurityGroups"] || [default_security_group.first]
unless file_system = self.data[:file_systems][file_system_id]
raise Fog::AWS::EFS::NotFound.new("invalid file system ID: #{file_system_id}")
@ -41,8 +43,10 @@ module Fog
raise Fog::AWS::EFS::InvalidSubnet.new("invalid subnet ID: #{subnet_id}")
end
security_groups.each do |sg|
raise Fog::AWS::EFS::NotFound.new("invalid security group ID: #{sg}") unless mock_compute.data[:security_groups].values.detect { |sgd| sgd["groupId"] == sg }
security_groups.each do |group_id|
unless mock_compute.data[:security_groups][group_id]
raise Fog::AWS::EFS::NotFound.new("invalid security group ID: #{group_id}")
end
end
id = "fsmt-#{Fog::Mock.random_letters(8)}"

43
lib/fog/aws/requests/elb/create_load_balancer.rb
View file

@ -111,53 +111,22 @@ module Fog
when 'EC2-Classic'
Fog::Compute::AWS::Mock.data[region][@aws_access_key_id][:security_groups]['amazon-elb-sg']
when 'EC2-VPC-Default'
# find or create default vpc
compute = Fog::Compute::AWS::new(:aws_access_key_id => @aws_access_key_id, :aws_secret_access_key => @aws_secret_access_key)
unless vpc = compute.vpcs.all.first
vpc = compute.vpcs.create('cidr_block' => '10.0.0.0/24')
end
default_sg = Fog::Compute::AWS::Mock.data[region][@aws_access_key_id][:security_groups].values.find { |sg|
vpc = compute.vpcs.all.first ||
compute.vpcs.create('cidr_block' => '10.0.0.0/24')
Fog::Compute::AWS::Mock.data[region][@aws_access_key_id][:security_groups].values.find { |sg|
sg['groupName'] =~ /^default_elb/ &&
sg["vpcId"] == vpc.id
}
unless default_sg
default_sg = {
'groupDescription' => 'default_elb security group',
'groupName' => "default_elb_#{Fog::Mock.random_hex(6)}",
'groupId' => Fog::AWS::Mock.security_group_id,
'ipPermissionsEgress' => [],
'ipPermissions' => [],
'ownerId' => self.data[:owner_id],
'vpcId' => vpc.id
}
Fog::Compute::AWS::Mock.data[region][@aws_access_key_id][:security_groups]['default'] = default_sg
end
default_sg
when 'EC2-VPC'
# find or create default vpc security group
vpc_id = subnets.first["vpcId"]
default_sg = Fog::Compute::AWS::Mock.data[region][@aws_access_key_id][:security_groups].values.find { |sg|
Fog::Compute::AWS::Mock.data[region][@aws_access_key_id][:security_groups].values.find { |sg|
sg['groupName'] == 'default' &&
sg["vpcId"] == vpc_id
}
unless default_sg
default_sg = {
'groupDescription' => 'default elb security group',
'groupName' => 'default',
'groupId' => Fog::AWS::Mock.security_group_id,
'ipPermissionsEgress' => [],
'ipPermissions' => [],
'ownerId' => self.data[:owner_id],
'vpcId' => vpc_id
}
Fog::Compute::AWS::Mock.data[region][@aws_access_key_id][:security_groups]['default'] = default_sg
end
default_sg
end
self.data[:tags] ||= {}
self.data[:tags][lb_name] = {}

4
tests/models/efs/mount_target_tests.rb
View file

@ -5,7 +5,9 @@ Shindo.tests("AWS::EFS | mount target", ["aws", "efs"]) do
if Fog.mocking?
vpc = Fog::Compute[:aws].vpcs.create(:cidr_block => "10.0.0.0/16")
subnet = Fog::Compute[:aws].subnets.create(:vpc_id => vpc.id, :cidr_block => "10.0.1.0/24")
default_security_group_data = Fog::Compute[:aws].data[:security_groups]['default']
default_security_group_data = Fog::Compute[:aws].data[:security_groups].values.find do |sg|
sg['groupDescription'] == 'default_elb security group'
end
default_security_group = Fog::Compute[:aws].security_groups.new(default_security_group_data)
else
vpc = Fog::Compute[:aws].vpcs.first

15
tests/requests/compute/network_interface_tests.rb
View file

@ -47,18 +47,6 @@ Shindo.tests('Fog::Compute[:aws] | network interface requests', ['aws']) do
@subnet_id = @subnet.subnet_id
@security_group_id = @security_group.group_id
@security_groups = [
@security_group.name, {
'groupDescription' => @security_group.description,
'groupName' => @security_group.name,
'groupId' => @security_group_id,
'ipPermissionsEgress' => [],
'ipPermissions' => [],
'ownerId' => @owner_id,
'vpcId' => @vpc.id
}
]
DESCRIPTION = "Small and green"
tests("#create_network_interface(#{@subnet_id})").formats(@network_interface_create_format) do
data = Fog::Compute[:aws].create_network_interface(@subnet_id, {"PrivateIpAddress" => "10.0.10.23"}).body
@ -164,7 +152,8 @@ Shindo.tests('Fog::Compute[:aws] | network interface requests', ['aws']) do
tests("#describe_network_interface_attribute(#{@nic2_id}, 'description')").returns(DESCRIPTION) do
Fog::Compute[:aws].describe_network_interface_attribute(@nic2_id, 'description').body["description"]
end
tests("#describe_network_interface_attribute(#{@nic2_id}, 'groupSet')").returns({ @security_group_id => @security_groups }) do
tests("#describe_network_interface_attribute(#{@nic2_id}, 'groupSet')").returns({ @security_group_id => @security_group.name }) do
Fog::Compute[:aws].describe_network_interface_attribute(@nic2_id, 'groupSet').body["groupSet"]
end

2
tests/requests/efs/file_system_tests.rb
View file

@ -33,7 +33,7 @@ Shindo.tests('AWS::EFS | file systems', ['aws', 'efs']) do
:vpc_id => vpc.id,
:cidr_block => "10.0.1.0/24"
)
default_security_group = Fog::Compute[:aws].security_groups.detect { |sg| sg.description == 'default group' }
default_security_group = Fog::Compute[:aws].security_groups.detect { |sg| sg.description == 'default_elb security group' }
else
vpc = Fog::Compute[:aws].vpcs.first
subnet = vpc.subnets.first