mirror of
https://github.com/fog/fog-aws.git
synced 2022-11-09 13:50:52 -05:00
98 lines
3.4 KiB
Ruby
98 lines
3.4 KiB
Ruby
Shindo.tests("Fog::Compute[:aws] | security_group", ['aws']) do
|
|
|
|
model_tests(Fog::Compute[:aws].security_groups, {:description => 'foggroupdescription', :name => 'foggroupname'}, true)
|
|
|
|
tests("authorize and revoke helpers") do
|
|
@group = Fog::Compute[:aws].security_groups.create(:name => "foggroup", :description => "fog group desc")
|
|
|
|
@other_group = Fog::Compute[:aws].security_groups.create(:name => 'fog other group', :description => 'another fog group')
|
|
@other_group.reload
|
|
|
|
@other_user_id = Fog::AWS::Mock.owner_id
|
|
@other_users_group_id = Fog::AWS::Mock.security_group_id
|
|
|
|
test("authorize access by another security group") do
|
|
@group.authorize_group_and_owner(@other_group.name)
|
|
@group.reload
|
|
@group.ip_permissions.size == 3
|
|
end
|
|
|
|
test("revoke access from another security group") do
|
|
@group.revoke_group_and_owner(@other_group.name)
|
|
@group.reload
|
|
@group.ip_permissions.empty?
|
|
end
|
|
|
|
test("authorize access to a port range") do
|
|
@group.authorize_port_range(5000..6000)
|
|
@group.reload
|
|
@group.ip_permissions.size == 1
|
|
end
|
|
|
|
test("revoke access to a port range") do
|
|
@group.revoke_port_range(5000..6000)
|
|
@group.reload
|
|
@group.ip_permissions.empty?
|
|
end
|
|
|
|
test("authorize access at a port range (egress rule)") do
|
|
@group.authorize_port_range(5000..6000, :direction => 'egress')
|
|
@group.reload
|
|
ip_permission_egress = @group.ip_permissions_egress.find do |permission|
|
|
permission['fromPort'] == 5000 &&
|
|
permission['toPort'] == 6000 &&
|
|
permission['ipProtocol'] == 'tcp' &&
|
|
permission['ipRanges'] == [{ 'cidrIp' => '0.0.0.0/0' }]
|
|
end
|
|
!ip_permission_egress.nil?
|
|
end
|
|
|
|
test("revoke access at a port range (egress rule)") do
|
|
@group.revoke_port_range(5000..6000, :direction => 'egress')
|
|
@group.reload
|
|
ip_permission_egress = @group.ip_permissions_egress.find do |permission|
|
|
permission['fromPort'] == 5000 &&
|
|
permission['toPort'] == 6000 &&
|
|
permission['ipProtocol'] == 'tcp' &&
|
|
permission['ipRanges'] == [{ 'cidrIp' => '0.0.0.0/0' }]
|
|
end
|
|
ip_permission_egress.nil?
|
|
end
|
|
|
|
group_forms = [
|
|
"#{@other_group.owner_id}:#{@other_group.group_id}", # deprecated form
|
|
@other_group.group_id,
|
|
{@other_group.owner_id => @other_group.group_id},
|
|
]
|
|
|
|
group_forms.each do |group_arg|
|
|
test("authorize port range access by another security group #{group_arg.inspect}") do
|
|
@other_group.reload
|
|
@group.authorize_port_range(5000..6000, {:group => group_arg})
|
|
@group.reload
|
|
@group.ip_permissions.size == 1
|
|
end
|
|
|
|
test("revoke port range access by another security group") do
|
|
@other_group.reload
|
|
@group.revoke_port_range(5000..6000, {:group => group_arg})
|
|
@group.reload
|
|
@group.ip_permissions.empty?
|
|
end
|
|
end
|
|
|
|
[
|
|
{ @other_user_id => @other_users_group_id }
|
|
].each do |group_arg|
|
|
test("does not authorize port range access by an invalid security group #{group_arg.inspect}") do
|
|
raises(Fog::AWS::Compute::NotFound, "The security group '#{@other_users_group_id}' does not exist") {
|
|
@other_group.reload
|
|
@group.authorize_port_range(5000..6000, {:group => group_arg})
|
|
}
|
|
end
|
|
end
|
|
|
|
@other_group.destroy
|
|
@group.destroy
|
|
end
|
|
end
|