1
0
Fork 0
mirror of https://github.com/fog/fog.git synced 2022-11-09 13:51:43 -05:00

Merge pull request #804 from estonfer/fixed_sec_tests

wrangled security tests into working
This commit is contained in:
Eric Stonfer 2012-03-21 14:02:57 -07:00
commit 53671afbc9
5 changed files with 54 additions and 53 deletions

View file

@ -117,6 +117,7 @@ module Fog
@data ||= Hash.new do |hash, region| @data ||= Hash.new do |hash, region|
hash[region] = Hash.new do |region_hash, key| hash[region] = Hash.new do |region_hash, key|
owner_id = Fog::AWS::Mock.owner_id owner_id = Fog::AWS::Mock.owner_id
security_group_id = Fog::AWS::Mock.security_group_id
region_hash[key] = { region_hash[key] = {
:deleted_at => {}, :deleted_at => {},
:addresses => {}, :addresses => {},
@ -135,25 +136,25 @@ module Fog
'default' => { 'default' => {
'groupDescription' => 'default group', 'groupDescription' => 'default group',
'groupName' => 'default', 'groupName' => 'default',
'groupId' => 'sg-11223344', 'groupId' => security_group_id,
'ipPermissionsEgress' => [], 'ipPermissionsEgress' => [],
'ipPermissions' => [ 'ipPermissions' => [
{ {
'groups' => [{'groupName' => 'default', 'userId' => owner_id}], 'groups' => [{'groupName' => 'default', 'userId' => owner_id, 'groupId' => security_group_id }],
'fromPort' => -1, 'fromPort' => -1,
'toPort' => -1, 'toPort' => -1,
'ipProtocol' => 'icmp', 'ipProtocol' => 'icmp',
'ipRanges' => [] 'ipRanges' => []
}, },
{ {
'groups' => [{'groupName' => 'default', 'userId' => owner_id}], 'groups' => [{'groupName' => 'default', 'userId' => owner_id, 'groupId' => security_group_id}],
'fromPort' => 0, 'fromPort' => 0,
'toPort' => 65535, 'toPort' => 65535,
'ipProtocol' => 'tcp', 'ipProtocol' => 'tcp',
'ipRanges' => [] 'ipRanges' => []
}, },
{ {
'groups' => [{'groupName' => 'default', 'userId' => owner_id}], 'groups' => [{'groupName' => 'default', 'userId' => owner_id, 'groupId' => security_group_id}],
'fromPort' => 0, 'fromPort' => 0,
'toPort' => 65535, 'toPort' => 65535,
'ipProtocol' => 'udp', 'ipProtocol' => 'udp',

View file

@ -44,7 +44,6 @@ module Fog
def save def save
requires :vpc_id, :cidr_block requires :vpc_id, :cidr_block
data = connection.create_subnet(vpc_id, cidr_block).body['subnetSet'].first data = connection.create_subnet(vpc_id, cidr_block).body['subnetSet'].first
puts data
new_attributes = data.reject {|key,value| key == 'requestId'} new_attributes = data.reject {|key,value| key == 'requestId'}
merge_attributes(new_attributes) merge_attributes(new_attributes)
true true

View file

@ -138,7 +138,7 @@ module Fog
if !is_vpc && options['IpProtocol'] && !['tcp', 'udp', 'icmp'].include?(options['IpProtocol']) if !is_vpc && options['IpProtocol'] && !['tcp', 'udp', 'icmp'].include?(options['IpProtocol'])
raise Fog::Compute::AWS::Error.new("InvalidPermission.Malformed => Unsupported IP protocol \"#{options['IpProtocol']}\" - supported: [tcp, udp, icmp]") raise Fog::Compute::AWS::Error.new("InvalidPermission.Malformed => Unsupported IP protocol \"#{options['IpProtocol']}\" - supported: [tcp, udp, icmp]")
end end
if options['IpProtocol'] && (!options['FromPort'] || !options['ToPort']) if !is_vpc && (options['IpProtocol'] && (!options['FromPort'] || !options['ToPort']))
raise Fog::Compute::AWS::Error.new("InvalidPermission.Malformed => TCP/UDP port (-1) out of range") raise Fog::Compute::AWS::Error.new("InvalidPermission.Malformed => TCP/UDP port (-1) out of range")
end end
if options.has_key?('IpPermissions') if options.has_key?('IpPermissions')
@ -151,14 +151,14 @@ module Fog
def normalize_permissions(options) def normalize_permissions(options)
normalized_permissions = [] normalized_permissions = []
if options['SourceSecurityGroupName'] if options['SourceSecurityGroupName']
source_group_id=self.data[:security_groups][options['SourceSecurityGroupName']]['groupId']
['tcp', 'udp'].each do |protocol| ['tcp', 'udp'].each do |protocol|
normalized_permissions << { normalized_permissions << {
'ipProtocol' => protocol, 'ipProtocol' => protocol,
'fromPort' => 1, 'fromPort' => 1,
'toPort' => 65535, 'toPort' => 65535,
'groups' => [{'groupName' => options['SourceSecurityGroupName'], 'userId' => options['SourceSecurityGroupOwnerId'] || self.data[:owner_id]}], 'groups' => [{'groupName' => options['SourceSecurityGroupName'], 'userId' => options['SourceSecurityGroupOwnerId'] || self.data[:owner_id], 'groupId' => source_group_id }],
'ipRanges' => [] 'ipRanges' => []
} }
end end
@ -166,7 +166,7 @@ module Fog
'ipProtocol' => 'icmp', 'ipProtocol' => 'icmp',
'fromPort' => -1, 'fromPort' => -1,
'toPort' => -1, 'toPort' => -1,
'groups' => [{'groupName' => options['SourceSecurityGroupName'], 'userId' => options['SourceSecurityGroupOwnerId'] || self.data[:owner_id]}], 'groups' => [{'groupName' => options['SourceSecurityGroupName'], 'userId' => options['SourceSecurityGroupOwnerId'] || self.data[:owner_id], 'groupId' => source_group_id }],
'ipRanges' => [] 'ipRanges' => []
} }
elsif options['CidrIp'] elsif options['CidrIp']
@ -179,13 +179,21 @@ module Fog
} }
elsif options['IpPermissions'] elsif options['IpPermissions']
options['IpPermissions'].each do |permission| options['IpPermissions'].each do |permission|
normalized_permissions << { if ['tcp', 'udp', 'icmp'].include?(permission['IpProtocol'])
'ipProtocol' => permission['IpProtocol'], normalized_permissions << {
'fromPort' => Integer(permission['FromPort']), 'ipProtocol' => permission['IpProtocol'],
'toPort' => Integer(permission['ToPort']), 'fromPort' => Integer(permission['FromPort']),
'groups' => (permission['Groups'] || []).map {|g| {'groupName' => g['GroupName'], 'userId' => g['UserId'] || self.data[:owner_id]} }, 'toPort' => Integer(permission['ToPort']),
'ipRanges' => (permission['IpRanges'] || []).map {|r| { 'cidrIp' => r['CidrIp'] } } 'groups' => (permission['Groups'] || []).map {|g| {'groupName' => g['GroupName'], 'userId' => g['UserId'] || self.data[:owner_id], 'groupId' => self.data[:security_groups][g['GroupName']]['groupId']} },
} 'ipRanges' => (permission['IpRanges'] || []).map {|r| { 'cidrIp' => r['CidrIp'] } }
}
else
normalized_permissions << {
'ipProtocol' => permission['IpProtocol'],
'groups' => (permission['Groups'] || []).map {|g| {'groupName' => g['GroupName'], 'userId' => g['UserId'] || self.data[:owner_id], 'groupId' => self.data[:security_groups][g['GroupName']]['groupId']} },
'ipRanges' => (permission['IpRanges'] || []).map {|r| { 'cidrIp' => r['CidrIp'] } }
}
end
end end
end end

View file

@ -71,7 +71,7 @@ module Fog
} }
for filter_key, filter_value in filters for filter_key, filter_value in filters
if permission_key = filter_key.split('ip-permission.')[1] if permission_key = filter_key.split('ip-permission.')[1]
if permission_key == 'group-name' if permission_key == 'group-name'
security_group_info = security_group_info.reject{|security_group| !security_group['ipPermissions']['groups'].detect {|group| [*filter_value].include?(group['groupName'])}} security_group_info = security_group_info.reject{|security_group| !security_group['ipPermissions']['groups'].detect {|group| [*filter_value].include?(group['groupName'])}}
elsif permission_key == 'group-id' elsif permission_key == 'group-id'
security_group_info = security_group_info.reject{|security_group| !security_group['ipPermissions']['groups'].detect {|group| [*filter_value].include?(group['groupId'])}} security_group_info = security_group_info.reject{|security_group| !security_group['ipPermissions']['groups'].detect {|group| [*filter_value].include?(group['groupId'])}}

View file

@ -13,7 +13,7 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
'groupName' => String, 'groupName' => String,
'ipPermissions' => [{ 'ipPermissions' => [{
'fromPort' => Fog::Nullable::Integer, 'fromPort' => Fog::Nullable::Integer,
'groups' => [{ 'groupName' => Fog::Nullable::String, 'userId' => String }], 'groups' => [{ 'groupName' => Fog::Nullable::String, 'userId' => String, 'groupId' => String }],
'ipProtocol' => String, 'ipProtocol' => String,
'ipRanges' => [], 'ipRanges' => [],
'toPort' => Fog::Nullable::Integer, 'toPort' => Fog::Nullable::Integer,
@ -25,17 +25,17 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
} }
@owner_id = Fog::Compute[:aws].describe_security_groups('group-name' => 'default').body['securityGroupInfo'].first['ownerId'] @owner_id = Fog::Compute[:aws].describe_security_groups('group-name' => 'default').body['securityGroupInfo'].first['ownerId']
@group_id_default = Fog::Compute[:aws].describe_security_groups('group-name' => 'default').body['securityGroupInfo'].first['groupId']
tests('success') do tests('success') do
tests("#create_security_group('fog_security_group', 'tests group')").formats(@create_security_group_format) do tests("#create_security_group('fog_security_group', 'tests group')").formats(@create_security_group_format) do
Fog::Compute[:aws].create_security_group('fog_security_group', 'tests group').body Fog::Compute[:aws].create_security_group('fog_security_group', 'tests group').body
end end
tests("#create_security_group('fog_security_group_two', 'tests group')").formats(@create_security_group_format) do tests("#create_security_group('fog_security_group_two', 'tests group')").formats(@create_security_group_format) do
Fog::Compute[:aws].create_security_group('fog_security_group_two', 'tests group').body Fog::Compute[:aws].create_security_group('fog_security_group_two', 'tests group').body
end end
@group_id_two = Fog::Compute[:aws].describe_security_groups('group-name' => 'fog_security_group_two').body['securityGroupInfo'].first['groupId']
group_id = Fog::Compute[:aws].describe_security_groups('group-name' => 'fog_security_group').body['securityGroupInfo'].first['groupId'] group_id = Fog::Compute[:aws].describe_security_groups('group-name' => 'fog_security_group').body['securityGroupInfo'].first['groupId']
to_be_revoked = [] to_be_revoked = []
expected_permissions = [] expected_permissions = []
@ -48,17 +48,17 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
to_be_revoked.push([permission, expected_permissions.dup]) to_be_revoked.push([permission, expected_permissions.dup])
expected_permissions = [ expected_permissions = [
{"groups"=>[{"groupName"=>"default", "userId"=>@owner_id}], {"groups"=>[{"groupName"=>"default", "userId"=>@owner_id, "groupId"=>@group_id_default}],
"fromPort"=>1, "fromPort"=>1,
"ipRanges"=>[], "ipRanges"=>[],
"ipProtocol"=>"tcp", "ipProtocol"=>"tcp",
"toPort"=>65535}, "toPort"=>65535},
{"groups"=>[{"groupName"=>"default", "userId"=>@owner_id}], {"groups"=>[{"groupName"=>"default", "userId"=>@owner_id, "groupId"=>@group_id_default}],
"fromPort"=>1, "fromPort"=>1,
"ipRanges"=>[], "ipRanges"=>[],
"ipProtocol"=>"udp", "ipProtocol"=>"udp",
"toPort"=>65535}, "toPort"=>65535},
{"groups"=>[{"groupName"=>"default", "userId"=>@owner_id}], {"groups"=>[{"groupName"=>"default", "userId"=>@owner_id, "groupId"=>@group_id_default}],
"fromPort"=>-1, "fromPort"=>-1,
"ipRanges"=>[], "ipRanges"=>[],
"ipProtocol"=>"icmp", "ipProtocol"=>"icmp",
@ -82,22 +82,22 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
expected_permissions = [ expected_permissions = [
{"groups"=> {"groups"=>
[{"userId"=>@owner_id, "groupName"=>"default"}, [{"userId"=>@owner_id, "groupName"=>"default", "groupId"=>@group_id_default},
{"userId"=>@owner_id, "groupName"=>"fog_security_group_two"}], {"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}],
"ipRanges"=>[], "ipRanges"=>[],
"ipProtocol"=>"tcp", "ipProtocol"=>"tcp",
"fromPort"=>1, "fromPort"=>1,
"toPort"=>65535}, "toPort"=>65535},
{"groups"=> {"groups"=>
[{"userId"=>@owner_id, "groupName"=>"default"}, [{"userId"=>@owner_id, "groupName"=>"default", "groupId"=>@group_id_default},
{"userId"=>@owner_id, "groupName"=>"fog_security_group_two"}], {"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}],
"ipRanges"=>[], "ipRanges"=>[],
"ipProtocol"=>"udp", "ipProtocol"=>"udp",
"fromPort"=>1, "fromPort"=>1,
"toPort"=>65535}, "toPort"=>65535},
{"groups"=> {"groups"=>
[{"userId"=>@owner_id, "groupName"=>"default"}, [{"userId"=>@owner_id, "groupName"=>"default", "groupId"=>@group_id_default},
{"userId"=>@owner_id, "groupName"=>"fog_security_group_two"}], {"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}],
"ipRanges"=>[], "ipRanges"=>[],
"ipProtocol"=>"icmp", "ipProtocol"=>"icmp",
"fromPort"=>-1, "fromPort"=>-1,
@ -199,13 +199,12 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
to_be_revoked.push([permissions, expected_permissions.dup]) to_be_revoked.push([permissions, expected_permissions.dup])
expected_permissions += [ expected_permissions += [
{"groups"=>[{"userId"=>@owner_id, "groupName"=>"fog_security_group_two"}], {"groups"=>[{"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}],
"ipRanges"=>[], "ipRanges"=>[],
"ipProtocol"=>"tcp", "ipProtocol"=>"tcp",
"fromPort"=>8000, "fromPort"=>8000,
"toPort"=>8000} "toPort"=>8000}
] ]
tests("#describe_security_groups('group-name' => 'fog_security_group')").returns([]) do tests("#describe_security_groups('group-name' => 'fog_security_group')").returns([]) do
array_differences(expected_permissions, Fog::Compute[:aws].describe_security_groups('group-name' => 'fog_security_group').body['securityGroupInfo'].first['ipPermissions']) array_differences(expected_permissions, Fog::Compute[:aws].describe_security_groups('group-name' => 'fog_security_group').body['securityGroupInfo'].first['ipPermissions'])
end end
@ -229,7 +228,7 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
expected_permissions += [ expected_permissions += [
{"groups"=> {"groups"=>
[{"userId"=>@owner_id, "groupName"=>"fog_security_group_two"}], [{"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}],
"ipRanges"=>[{"cidrIp"=>"172.16.0.0/24"}], "ipRanges"=>[{"cidrIp"=>"172.16.0.0/24"}],
"ipProtocol"=>"tcp", "ipProtocol"=>"tcp",
"fromPort"=>9000, "fromPort"=>9000,
@ -275,32 +274,22 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
group_id = Fog::Compute[:aws].describe_security_groups('group-name' => 'vpc_security_group').body['securityGroupInfo'].first['groupId'] group_id = Fog::Compute[:aws].describe_security_groups('group-name' => 'vpc_security_group').body['securityGroupInfo'].first['groupId']
# Access group with name in options array permissions = {
permission = { 'IpProtocol' => '42', 'FromPort' => '22', 'ToPort' => '22', 'CidrIp' => '10.0.0.0/8' } 'IpPermissions' => [
{
'IpProtocol' => '42',
'IpRanges' => [{ 'CidrIp' => '10.0.0.0/8' }],
}
]
}
expected_permissions = [ expected_permissions = [
{"groups"=>[], {"groups"=>[],
"ipRanges"=>[{"cidrIp"=>"10.0.0.0/8"}], "ipRanges"=>[{"cidrIp"=>"10.0.0.0/8"}],
"ipProtocol"=>"42", "ipProtocol"=>"42"}
"fromPort"=>22,
"toPort"=>22}
] ]
options = permission.clone options = permissions.clone
options['GroupName'] = 'vpc_security_group'
tests("#authorize_security_group_ingress(#{options.inspect})").formats(AWS::Compute::Formats::BASIC) do
Fog::Compute[:aws].authorize_security_group_ingress(options).body
end
tests("#describe_security_groups('group-name' => 'vpc_security_group')").returns([]) do
array_differences(expected_permissions, Fog::Compute[:aws].describe_security_groups('group-name' => 'vpc_security_group').body['securityGroupInfo'].first['ipPermissions'])
end
tests("#revoke_security_group_ingress(#{options.inspect})").formats(AWS::Compute::Formats::BASIC) do
Fog::Compute[:aws].revoke_security_group_ingress(options).body
end
# Access group with id in options array
options = permission.clone
options['GroupId'] = group_id options['GroupId'] = group_id
tests("#authorize_security_group_ingress(#{options.inspect})").formats(AWS::Compute::Formats::BASIC) do tests("#authorize_security_group_ingress(#{options.inspect})").formats(AWS::Compute::Formats::BASIC) do
Fog::Compute[:aws].authorize_security_group_ingress(options).body Fog::Compute[:aws].authorize_security_group_ingress(options).body
@ -314,9 +303,13 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
Fog::Compute[:aws].revoke_security_group_ingress(options).body Fog::Compute[:aws].revoke_security_group_ingress(options).body
end end
vpc_group=Fog::Compute[:aws].security_groups.get_by_id(group_id)
vpc_group.destroy
Fog::Compute[:aws].delete_vpc(vpc_id) Fog::Compute[:aws].delete_vpc(vpc_id)
end end
## Rate limiting seems to want us to take a break otherwise it will throw errors
tests('failure') do tests('failure') do
@security_group = Fog::Compute[:aws].security_groups.create(:description => 'tests group', :name => 'fog_security_group') @security_group = Fog::Compute[:aws].security_groups.create(:description => 'tests group', :name => 'fog_security_group')