mirror of
https://github.com/fog/fog.git
synced 2022-11-09 13:51:43 -05:00
Merge pull request #804 from estonfer/fixed_sec_tests
wrangled security tests into working
This commit is contained in:
commit
53671afbc9
5 changed files with 54 additions and 53 deletions
|
@ -117,6 +117,7 @@ module Fog
|
||||||
@data ||= Hash.new do |hash, region|
|
@data ||= Hash.new do |hash, region|
|
||||||
hash[region] = Hash.new do |region_hash, key|
|
hash[region] = Hash.new do |region_hash, key|
|
||||||
owner_id = Fog::AWS::Mock.owner_id
|
owner_id = Fog::AWS::Mock.owner_id
|
||||||
|
security_group_id = Fog::AWS::Mock.security_group_id
|
||||||
region_hash[key] = {
|
region_hash[key] = {
|
||||||
:deleted_at => {},
|
:deleted_at => {},
|
||||||
:addresses => {},
|
:addresses => {},
|
||||||
|
@ -135,25 +136,25 @@ module Fog
|
||||||
'default' => {
|
'default' => {
|
||||||
'groupDescription' => 'default group',
|
'groupDescription' => 'default group',
|
||||||
'groupName' => 'default',
|
'groupName' => 'default',
|
||||||
'groupId' => 'sg-11223344',
|
'groupId' => security_group_id,
|
||||||
'ipPermissionsEgress' => [],
|
'ipPermissionsEgress' => [],
|
||||||
'ipPermissions' => [
|
'ipPermissions' => [
|
||||||
{
|
{
|
||||||
'groups' => [{'groupName' => 'default', 'userId' => owner_id}],
|
'groups' => [{'groupName' => 'default', 'userId' => owner_id, 'groupId' => security_group_id }],
|
||||||
'fromPort' => -1,
|
'fromPort' => -1,
|
||||||
'toPort' => -1,
|
'toPort' => -1,
|
||||||
'ipProtocol' => 'icmp',
|
'ipProtocol' => 'icmp',
|
||||||
'ipRanges' => []
|
'ipRanges' => []
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
'groups' => [{'groupName' => 'default', 'userId' => owner_id}],
|
'groups' => [{'groupName' => 'default', 'userId' => owner_id, 'groupId' => security_group_id}],
|
||||||
'fromPort' => 0,
|
'fromPort' => 0,
|
||||||
'toPort' => 65535,
|
'toPort' => 65535,
|
||||||
'ipProtocol' => 'tcp',
|
'ipProtocol' => 'tcp',
|
||||||
'ipRanges' => []
|
'ipRanges' => []
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
'groups' => [{'groupName' => 'default', 'userId' => owner_id}],
|
'groups' => [{'groupName' => 'default', 'userId' => owner_id, 'groupId' => security_group_id}],
|
||||||
'fromPort' => 0,
|
'fromPort' => 0,
|
||||||
'toPort' => 65535,
|
'toPort' => 65535,
|
||||||
'ipProtocol' => 'udp',
|
'ipProtocol' => 'udp',
|
||||||
|
|
|
@ -44,7 +44,6 @@ module Fog
|
||||||
def save
|
def save
|
||||||
requires :vpc_id, :cidr_block
|
requires :vpc_id, :cidr_block
|
||||||
data = connection.create_subnet(vpc_id, cidr_block).body['subnetSet'].first
|
data = connection.create_subnet(vpc_id, cidr_block).body['subnetSet'].first
|
||||||
puts data
|
|
||||||
new_attributes = data.reject {|key,value| key == 'requestId'}
|
new_attributes = data.reject {|key,value| key == 'requestId'}
|
||||||
merge_attributes(new_attributes)
|
merge_attributes(new_attributes)
|
||||||
true
|
true
|
||||||
|
|
|
@ -138,7 +138,7 @@ module Fog
|
||||||
if !is_vpc && options['IpProtocol'] && !['tcp', 'udp', 'icmp'].include?(options['IpProtocol'])
|
if !is_vpc && options['IpProtocol'] && !['tcp', 'udp', 'icmp'].include?(options['IpProtocol'])
|
||||||
raise Fog::Compute::AWS::Error.new("InvalidPermission.Malformed => Unsupported IP protocol \"#{options['IpProtocol']}\" - supported: [tcp, udp, icmp]")
|
raise Fog::Compute::AWS::Error.new("InvalidPermission.Malformed => Unsupported IP protocol \"#{options['IpProtocol']}\" - supported: [tcp, udp, icmp]")
|
||||||
end
|
end
|
||||||
if options['IpProtocol'] && (!options['FromPort'] || !options['ToPort'])
|
if !is_vpc && (options['IpProtocol'] && (!options['FromPort'] || !options['ToPort']))
|
||||||
raise Fog::Compute::AWS::Error.new("InvalidPermission.Malformed => TCP/UDP port (-1) out of range")
|
raise Fog::Compute::AWS::Error.new("InvalidPermission.Malformed => TCP/UDP port (-1) out of range")
|
||||||
end
|
end
|
||||||
if options.has_key?('IpPermissions')
|
if options.has_key?('IpPermissions')
|
||||||
|
@ -151,14 +151,14 @@ module Fog
|
||||||
|
|
||||||
def normalize_permissions(options)
|
def normalize_permissions(options)
|
||||||
normalized_permissions = []
|
normalized_permissions = []
|
||||||
|
|
||||||
if options['SourceSecurityGroupName']
|
if options['SourceSecurityGroupName']
|
||||||
|
source_group_id=self.data[:security_groups][options['SourceSecurityGroupName']]['groupId']
|
||||||
['tcp', 'udp'].each do |protocol|
|
['tcp', 'udp'].each do |protocol|
|
||||||
normalized_permissions << {
|
normalized_permissions << {
|
||||||
'ipProtocol' => protocol,
|
'ipProtocol' => protocol,
|
||||||
'fromPort' => 1,
|
'fromPort' => 1,
|
||||||
'toPort' => 65535,
|
'toPort' => 65535,
|
||||||
'groups' => [{'groupName' => options['SourceSecurityGroupName'], 'userId' => options['SourceSecurityGroupOwnerId'] || self.data[:owner_id]}],
|
'groups' => [{'groupName' => options['SourceSecurityGroupName'], 'userId' => options['SourceSecurityGroupOwnerId'] || self.data[:owner_id], 'groupId' => source_group_id }],
|
||||||
'ipRanges' => []
|
'ipRanges' => []
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
@ -166,7 +166,7 @@ module Fog
|
||||||
'ipProtocol' => 'icmp',
|
'ipProtocol' => 'icmp',
|
||||||
'fromPort' => -1,
|
'fromPort' => -1,
|
||||||
'toPort' => -1,
|
'toPort' => -1,
|
||||||
'groups' => [{'groupName' => options['SourceSecurityGroupName'], 'userId' => options['SourceSecurityGroupOwnerId'] || self.data[:owner_id]}],
|
'groups' => [{'groupName' => options['SourceSecurityGroupName'], 'userId' => options['SourceSecurityGroupOwnerId'] || self.data[:owner_id], 'groupId' => source_group_id }],
|
||||||
'ipRanges' => []
|
'ipRanges' => []
|
||||||
}
|
}
|
||||||
elsif options['CidrIp']
|
elsif options['CidrIp']
|
||||||
|
@ -179,13 +179,21 @@ module Fog
|
||||||
}
|
}
|
||||||
elsif options['IpPermissions']
|
elsif options['IpPermissions']
|
||||||
options['IpPermissions'].each do |permission|
|
options['IpPermissions'].each do |permission|
|
||||||
normalized_permissions << {
|
if ['tcp', 'udp', 'icmp'].include?(permission['IpProtocol'])
|
||||||
'ipProtocol' => permission['IpProtocol'],
|
normalized_permissions << {
|
||||||
'fromPort' => Integer(permission['FromPort']),
|
'ipProtocol' => permission['IpProtocol'],
|
||||||
'toPort' => Integer(permission['ToPort']),
|
'fromPort' => Integer(permission['FromPort']),
|
||||||
'groups' => (permission['Groups'] || []).map {|g| {'groupName' => g['GroupName'], 'userId' => g['UserId'] || self.data[:owner_id]} },
|
'toPort' => Integer(permission['ToPort']),
|
||||||
'ipRanges' => (permission['IpRanges'] || []).map {|r| { 'cidrIp' => r['CidrIp'] } }
|
'groups' => (permission['Groups'] || []).map {|g| {'groupName' => g['GroupName'], 'userId' => g['UserId'] || self.data[:owner_id], 'groupId' => self.data[:security_groups][g['GroupName']]['groupId']} },
|
||||||
}
|
'ipRanges' => (permission['IpRanges'] || []).map {|r| { 'cidrIp' => r['CidrIp'] } }
|
||||||
|
}
|
||||||
|
else
|
||||||
|
normalized_permissions << {
|
||||||
|
'ipProtocol' => permission['IpProtocol'],
|
||||||
|
'groups' => (permission['Groups'] || []).map {|g| {'groupName' => g['GroupName'], 'userId' => g['UserId'] || self.data[:owner_id], 'groupId' => self.data[:security_groups][g['GroupName']]['groupId']} },
|
||||||
|
'ipRanges' => (permission['IpRanges'] || []).map {|r| { 'cidrIp' => r['CidrIp'] } }
|
||||||
|
}
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -71,7 +71,7 @@ module Fog
|
||||||
}
|
}
|
||||||
for filter_key, filter_value in filters
|
for filter_key, filter_value in filters
|
||||||
if permission_key = filter_key.split('ip-permission.')[1]
|
if permission_key = filter_key.split('ip-permission.')[1]
|
||||||
if permission_key == 'group-name'
|
if permission_key == 'group-name'
|
||||||
security_group_info = security_group_info.reject{|security_group| !security_group['ipPermissions']['groups'].detect {|group| [*filter_value].include?(group['groupName'])}}
|
security_group_info = security_group_info.reject{|security_group| !security_group['ipPermissions']['groups'].detect {|group| [*filter_value].include?(group['groupName'])}}
|
||||||
elsif permission_key == 'group-id'
|
elsif permission_key == 'group-id'
|
||||||
security_group_info = security_group_info.reject{|security_group| !security_group['ipPermissions']['groups'].detect {|group| [*filter_value].include?(group['groupId'])}}
|
security_group_info = security_group_info.reject{|security_group| !security_group['ipPermissions']['groups'].detect {|group| [*filter_value].include?(group['groupId'])}}
|
||||||
|
|
|
@ -13,7 +13,7 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
|
||||||
'groupName' => String,
|
'groupName' => String,
|
||||||
'ipPermissions' => [{
|
'ipPermissions' => [{
|
||||||
'fromPort' => Fog::Nullable::Integer,
|
'fromPort' => Fog::Nullable::Integer,
|
||||||
'groups' => [{ 'groupName' => Fog::Nullable::String, 'userId' => String }],
|
'groups' => [{ 'groupName' => Fog::Nullable::String, 'userId' => String, 'groupId' => String }],
|
||||||
'ipProtocol' => String,
|
'ipProtocol' => String,
|
||||||
'ipRanges' => [],
|
'ipRanges' => [],
|
||||||
'toPort' => Fog::Nullable::Integer,
|
'toPort' => Fog::Nullable::Integer,
|
||||||
|
@ -25,17 +25,17 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
|
||||||
}
|
}
|
||||||
|
|
||||||
@owner_id = Fog::Compute[:aws].describe_security_groups('group-name' => 'default').body['securityGroupInfo'].first['ownerId']
|
@owner_id = Fog::Compute[:aws].describe_security_groups('group-name' => 'default').body['securityGroupInfo'].first['ownerId']
|
||||||
|
@group_id_default = Fog::Compute[:aws].describe_security_groups('group-name' => 'default').body['securityGroupInfo'].first['groupId']
|
||||||
|
|
||||||
tests('success') do
|
tests('success') do
|
||||||
|
|
||||||
tests("#create_security_group('fog_security_group', 'tests group')").formats(@create_security_group_format) do
|
tests("#create_security_group('fog_security_group', 'tests group')").formats(@create_security_group_format) do
|
||||||
Fog::Compute[:aws].create_security_group('fog_security_group', 'tests group').body
|
Fog::Compute[:aws].create_security_group('fog_security_group', 'tests group').body
|
||||||
end
|
end
|
||||||
|
|
||||||
tests("#create_security_group('fog_security_group_two', 'tests group')").formats(@create_security_group_format) do
|
tests("#create_security_group('fog_security_group_two', 'tests group')").formats(@create_security_group_format) do
|
||||||
Fog::Compute[:aws].create_security_group('fog_security_group_two', 'tests group').body
|
Fog::Compute[:aws].create_security_group('fog_security_group_two', 'tests group').body
|
||||||
end
|
end
|
||||||
|
@group_id_two = Fog::Compute[:aws].describe_security_groups('group-name' => 'fog_security_group_two').body['securityGroupInfo'].first['groupId']
|
||||||
group_id = Fog::Compute[:aws].describe_security_groups('group-name' => 'fog_security_group').body['securityGroupInfo'].first['groupId']
|
group_id = Fog::Compute[:aws].describe_security_groups('group-name' => 'fog_security_group').body['securityGroupInfo'].first['groupId']
|
||||||
to_be_revoked = []
|
to_be_revoked = []
|
||||||
expected_permissions = []
|
expected_permissions = []
|
||||||
|
@ -48,17 +48,17 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
|
||||||
to_be_revoked.push([permission, expected_permissions.dup])
|
to_be_revoked.push([permission, expected_permissions.dup])
|
||||||
|
|
||||||
expected_permissions = [
|
expected_permissions = [
|
||||||
{"groups"=>[{"groupName"=>"default", "userId"=>@owner_id}],
|
{"groups"=>[{"groupName"=>"default", "userId"=>@owner_id, "groupId"=>@group_id_default}],
|
||||||
"fromPort"=>1,
|
"fromPort"=>1,
|
||||||
"ipRanges"=>[],
|
"ipRanges"=>[],
|
||||||
"ipProtocol"=>"tcp",
|
"ipProtocol"=>"tcp",
|
||||||
"toPort"=>65535},
|
"toPort"=>65535},
|
||||||
{"groups"=>[{"groupName"=>"default", "userId"=>@owner_id}],
|
{"groups"=>[{"groupName"=>"default", "userId"=>@owner_id, "groupId"=>@group_id_default}],
|
||||||
"fromPort"=>1,
|
"fromPort"=>1,
|
||||||
"ipRanges"=>[],
|
"ipRanges"=>[],
|
||||||
"ipProtocol"=>"udp",
|
"ipProtocol"=>"udp",
|
||||||
"toPort"=>65535},
|
"toPort"=>65535},
|
||||||
{"groups"=>[{"groupName"=>"default", "userId"=>@owner_id}],
|
{"groups"=>[{"groupName"=>"default", "userId"=>@owner_id, "groupId"=>@group_id_default}],
|
||||||
"fromPort"=>-1,
|
"fromPort"=>-1,
|
||||||
"ipRanges"=>[],
|
"ipRanges"=>[],
|
||||||
"ipProtocol"=>"icmp",
|
"ipProtocol"=>"icmp",
|
||||||
|
@ -82,22 +82,22 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
|
||||||
|
|
||||||
expected_permissions = [
|
expected_permissions = [
|
||||||
{"groups"=>
|
{"groups"=>
|
||||||
[{"userId"=>@owner_id, "groupName"=>"default"},
|
[{"userId"=>@owner_id, "groupName"=>"default", "groupId"=>@group_id_default},
|
||||||
{"userId"=>@owner_id, "groupName"=>"fog_security_group_two"}],
|
{"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}],
|
||||||
"ipRanges"=>[],
|
"ipRanges"=>[],
|
||||||
"ipProtocol"=>"tcp",
|
"ipProtocol"=>"tcp",
|
||||||
"fromPort"=>1,
|
"fromPort"=>1,
|
||||||
"toPort"=>65535},
|
"toPort"=>65535},
|
||||||
{"groups"=>
|
{"groups"=>
|
||||||
[{"userId"=>@owner_id, "groupName"=>"default"},
|
[{"userId"=>@owner_id, "groupName"=>"default", "groupId"=>@group_id_default},
|
||||||
{"userId"=>@owner_id, "groupName"=>"fog_security_group_two"}],
|
{"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}],
|
||||||
"ipRanges"=>[],
|
"ipRanges"=>[],
|
||||||
"ipProtocol"=>"udp",
|
"ipProtocol"=>"udp",
|
||||||
"fromPort"=>1,
|
"fromPort"=>1,
|
||||||
"toPort"=>65535},
|
"toPort"=>65535},
|
||||||
{"groups"=>
|
{"groups"=>
|
||||||
[{"userId"=>@owner_id, "groupName"=>"default"},
|
[{"userId"=>@owner_id, "groupName"=>"default", "groupId"=>@group_id_default},
|
||||||
{"userId"=>@owner_id, "groupName"=>"fog_security_group_two"}],
|
{"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}],
|
||||||
"ipRanges"=>[],
|
"ipRanges"=>[],
|
||||||
"ipProtocol"=>"icmp",
|
"ipProtocol"=>"icmp",
|
||||||
"fromPort"=>-1,
|
"fromPort"=>-1,
|
||||||
|
@ -199,13 +199,12 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
|
||||||
to_be_revoked.push([permissions, expected_permissions.dup])
|
to_be_revoked.push([permissions, expected_permissions.dup])
|
||||||
|
|
||||||
expected_permissions += [
|
expected_permissions += [
|
||||||
{"groups"=>[{"userId"=>@owner_id, "groupName"=>"fog_security_group_two"}],
|
{"groups"=>[{"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}],
|
||||||
"ipRanges"=>[],
|
"ipRanges"=>[],
|
||||||
"ipProtocol"=>"tcp",
|
"ipProtocol"=>"tcp",
|
||||||
"fromPort"=>8000,
|
"fromPort"=>8000,
|
||||||
"toPort"=>8000}
|
"toPort"=>8000}
|
||||||
]
|
]
|
||||||
|
|
||||||
tests("#describe_security_groups('group-name' => 'fog_security_group')").returns([]) do
|
tests("#describe_security_groups('group-name' => 'fog_security_group')").returns([]) do
|
||||||
array_differences(expected_permissions, Fog::Compute[:aws].describe_security_groups('group-name' => 'fog_security_group').body['securityGroupInfo'].first['ipPermissions'])
|
array_differences(expected_permissions, Fog::Compute[:aws].describe_security_groups('group-name' => 'fog_security_group').body['securityGroupInfo'].first['ipPermissions'])
|
||||||
end
|
end
|
||||||
|
@ -229,7 +228,7 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
|
||||||
|
|
||||||
expected_permissions += [
|
expected_permissions += [
|
||||||
{"groups"=>
|
{"groups"=>
|
||||||
[{"userId"=>@owner_id, "groupName"=>"fog_security_group_two"}],
|
[{"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}],
|
||||||
"ipRanges"=>[{"cidrIp"=>"172.16.0.0/24"}],
|
"ipRanges"=>[{"cidrIp"=>"172.16.0.0/24"}],
|
||||||
"ipProtocol"=>"tcp",
|
"ipProtocol"=>"tcp",
|
||||||
"fromPort"=>9000,
|
"fromPort"=>9000,
|
||||||
|
@ -275,32 +274,22 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
|
||||||
|
|
||||||
group_id = Fog::Compute[:aws].describe_security_groups('group-name' => 'vpc_security_group').body['securityGroupInfo'].first['groupId']
|
group_id = Fog::Compute[:aws].describe_security_groups('group-name' => 'vpc_security_group').body['securityGroupInfo'].first['groupId']
|
||||||
|
|
||||||
# Access group with name in options array
|
permissions = {
|
||||||
permission = { 'IpProtocol' => '42', 'FromPort' => '22', 'ToPort' => '22', 'CidrIp' => '10.0.0.0/8' }
|
'IpPermissions' => [
|
||||||
|
{
|
||||||
|
'IpProtocol' => '42',
|
||||||
|
'IpRanges' => [{ 'CidrIp' => '10.0.0.0/8' }],
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
expected_permissions = [
|
expected_permissions = [
|
||||||
{"groups"=>[],
|
{"groups"=>[],
|
||||||
"ipRanges"=>[{"cidrIp"=>"10.0.0.0/8"}],
|
"ipRanges"=>[{"cidrIp"=>"10.0.0.0/8"}],
|
||||||
"ipProtocol"=>"42",
|
"ipProtocol"=>"42"}
|
||||||
"fromPort"=>22,
|
|
||||||
"toPort"=>22}
|
|
||||||
]
|
]
|
||||||
|
|
||||||
options = permission.clone
|
options = permissions.clone
|
||||||
options['GroupName'] = 'vpc_security_group'
|
|
||||||
tests("#authorize_security_group_ingress(#{options.inspect})").formats(AWS::Compute::Formats::BASIC) do
|
|
||||||
Fog::Compute[:aws].authorize_security_group_ingress(options).body
|
|
||||||
end
|
|
||||||
|
|
||||||
tests("#describe_security_groups('group-name' => 'vpc_security_group')").returns([]) do
|
|
||||||
array_differences(expected_permissions, Fog::Compute[:aws].describe_security_groups('group-name' => 'vpc_security_group').body['securityGroupInfo'].first['ipPermissions'])
|
|
||||||
end
|
|
||||||
|
|
||||||
tests("#revoke_security_group_ingress(#{options.inspect})").formats(AWS::Compute::Formats::BASIC) do
|
|
||||||
Fog::Compute[:aws].revoke_security_group_ingress(options).body
|
|
||||||
end
|
|
||||||
|
|
||||||
# Access group with id in options array
|
|
||||||
options = permission.clone
|
|
||||||
options['GroupId'] = group_id
|
options['GroupId'] = group_id
|
||||||
tests("#authorize_security_group_ingress(#{options.inspect})").formats(AWS::Compute::Formats::BASIC) do
|
tests("#authorize_security_group_ingress(#{options.inspect})").formats(AWS::Compute::Formats::BASIC) do
|
||||||
Fog::Compute[:aws].authorize_security_group_ingress(options).body
|
Fog::Compute[:aws].authorize_security_group_ingress(options).body
|
||||||
|
@ -314,9 +303,13 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
|
||||||
Fog::Compute[:aws].revoke_security_group_ingress(options).body
|
Fog::Compute[:aws].revoke_security_group_ingress(options).body
|
||||||
end
|
end
|
||||||
|
|
||||||
|
vpc_group=Fog::Compute[:aws].security_groups.get_by_id(group_id)
|
||||||
|
vpc_group.destroy
|
||||||
|
|
||||||
Fog::Compute[:aws].delete_vpc(vpc_id)
|
Fog::Compute[:aws].delete_vpc(vpc_id)
|
||||||
|
|
||||||
end
|
end
|
||||||
|
## Rate limiting seems to want us to take a break otherwise it will throw errors
|
||||||
tests('failure') do
|
tests('failure') do
|
||||||
|
|
||||||
@security_group = Fog::Compute[:aws].security_groups.create(:description => 'tests group', :name => 'fog_security_group')
|
@security_group = Fog::Compute[:aws].security_groups.create(:description => 'tests group', :name => 'fog_security_group')
|
||||||
|
|
Loading…
Reference in a new issue