| /** |
| * Licensed to jclouds, Inc. (jclouds) under one or more |
| * contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. jclouds licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| package org.jclouds.cloudstack.features; |
| |
| import static org.testng.Assert.assertEquals; |
| import static org.testng.Assert.assertTrue; |
| |
| import java.io.IOException; |
| import java.net.HttpURLConnection; |
| import java.net.URL; |
| import java.util.NoSuchElementException; |
| |
| import org.jclouds.cloudstack.domain.IngressRule; |
| import org.jclouds.cloudstack.domain.SecurityGroup; |
| import org.jclouds.cloudstack.domain.VirtualMachine; |
| import org.jclouds.cloudstack.domain.Zone; |
| import org.jclouds.cloudstack.internal.BaseCloudStackClientLiveTest; |
| import org.jclouds.cloudstack.options.AccountInDomainOptions; |
| import org.jclouds.cloudstack.options.DeployVirtualMachineOptions; |
| import org.jclouds.cloudstack.options.ListSecurityGroupsOptions; |
| import org.jclouds.util.Strings2; |
| import org.testng.annotations.AfterGroups; |
| import org.testng.annotations.Test; |
| |
| import com.google.common.base.Predicate; |
| import com.google.common.collect.ImmutableSet; |
| import com.google.common.collect.Iterables; |
| import com.google.common.net.HostAndPort; |
| |
| /** |
| * Tests behavior of {@code SecurityGroupClient} |
| * |
| * @author Adrian Cole |
| */ |
| @Test(groups = "live", singleThreaded = true, testName = "SecurityGroupClientLiveTest") |
| public class SecurityGroupClientLiveTest extends BaseCloudStackClientLiveTest { |
| public SecurityGroupClientLiveTest() { |
| prefix += "2"; |
| } |
| |
| private SecurityGroup group; |
| private boolean securityGroupsSupported; |
| private VirtualMachine vm; |
| private Zone zone; |
| |
| @Test |
| public void testCreateDestroySecurityGroup() { |
| try { |
| zone = Iterables.find(client.getZoneClient().listZones(), new Predicate<Zone>() { |
| |
| @Override |
| public boolean apply(Zone arg0) { |
| return arg0.isSecurityGroupsEnabled(); |
| } |
| |
| }); |
| securityGroupsSupported = true; |
| for (SecurityGroup securityGroup : client.getSecurityGroupClient().listSecurityGroups( |
| ListSecurityGroupsOptions.Builder.named(prefix))) { |
| for (IngressRule rule : securityGroup.getIngressRules()) |
| assertTrue(jobComplete.apply(client.getSecurityGroupClient().revokeIngressRule(rule.getId())), rule.toString()); |
| client.getSecurityGroupClient().deleteSecurityGroup(securityGroup.getId()); |
| } |
| group = client.getSecurityGroupClient().createSecurityGroup(prefix); |
| assertEquals(group.getName(), prefix); |
| checkGroup(group); |
| try { |
| client.getSecurityGroupClient().createSecurityGroup(prefix); |
| assert false; |
| } catch (IllegalStateException e) { |
| |
| } |
| } catch (NoSuchElementException e) { |
| e.printStackTrace(); |
| } |
| } |
| |
| public static String getCurrentCIDR() throws IOException { |
| URL url = new URL("http://checkip.amazonaws.com/"); |
| HttpURLConnection connection = (HttpURLConnection) url.openConnection(); |
| connection.connect(); |
| return Strings2.toStringAndClose(connection.getInputStream()).trim() + "/32"; |
| } |
| |
| @Test(dependsOnMethods = "testCreateDestroySecurityGroup") |
| public void testCreateIngress() throws Exception { |
| if (!securityGroupsSupported) |
| return; |
| String cidr = getCurrentCIDR(); |
| ImmutableSet<String> cidrs = ImmutableSet.of(cidr); |
| assertTrue(jobComplete.apply(client.getSecurityGroupClient().authorizeIngressICMPToCIDRs(group.getId(), 0, 8, cidrs)), group.toString()); |
| assertTrue(jobComplete.apply(client.getSecurityGroupClient().authorizeIngressPortsToCIDRs(group.getId(), "TCP", 22, |
| 22, cidrs)), group.toString()); |
| |
| AccountInDomainOptions.Builder.accountInDomain(group.getAccount(), group.getDomainId()); |
| |
| // replace with get once bug is fixed where getGroup returns only one |
| // ingress rule |
| group = Iterables.find(client.getSecurityGroupClient().listSecurityGroups(), new Predicate<SecurityGroup>() { |
| |
| @Override |
| public boolean apply(SecurityGroup input) { |
| return input.getId() == group.getId(); |
| } |
| |
| }); |
| |
| IngressRule ICMPPingRule = Iterables.find(group.getIngressRules(), new Predicate<IngressRule>() { |
| |
| @Override |
| public boolean apply(IngressRule input) { |
| return "icmp".equals(input.getProtocol()); |
| } |
| |
| }); |
| |
| assert ICMPPingRule.getId() != null : ICMPPingRule; |
| assert "icmp".equals(ICMPPingRule.getProtocol()) : ICMPPingRule; |
| assert ICMPPingRule.getStartPort() == -1 : ICMPPingRule; |
| assert ICMPPingRule.getEndPort() == -1 : ICMPPingRule; |
| assert ICMPPingRule.getICMPCode() == 0 : ICMPPingRule; |
| assert ICMPPingRule.getICMPType() == 8 : ICMPPingRule; |
| assert ICMPPingRule.getAccount() == null : ICMPPingRule; |
| assert ICMPPingRule.getSecurityGroupName() == null : ICMPPingRule; |
| assert cidr.equals(ICMPPingRule.getCIDR()) : ICMPPingRule; |
| |
| IngressRule SSHRule = Iterables.find(group.getIngressRules(), new Predicate<IngressRule>() { |
| |
| @Override |
| public boolean apply(IngressRule input) { |
| return "tcp".equals(input.getProtocol()); |
| } |
| |
| }); |
| |
| assert SSHRule.getId() != null : SSHRule; |
| assert "tcp".equals(SSHRule.getProtocol()) : SSHRule; |
| assert SSHRule.getStartPort() == 22 : SSHRule; |
| assert SSHRule.getEndPort() == 22 : SSHRule; |
| assert SSHRule.getICMPCode() == -1 : SSHRule; |
| assert SSHRule.getICMPType() == -1 : SSHRule; |
| assert SSHRule.getAccount() == null : SSHRule; |
| assert SSHRule.getSecurityGroupName() == null : SSHRule; |
| assert cidr.equals(SSHRule.getCIDR()) : SSHRule; |
| |
| } |
| |
| public void testListSecurityGroup() throws Exception { |
| if (!securityGroupsSupported) |
| return; |
| for (SecurityGroup securityGroup : client.getSecurityGroupClient().listSecurityGroups()) |
| checkGroup(securityGroup); |
| } |
| |
| @Test(dependsOnMethods = "testCreateIngress") |
| public void testCreateVMInSecurityGroup() throws Exception { |
| if (!securityGroupsSupported) |
| return; |
| String defaultTemplate = template != null ? template.getImageId() : null; |
| vm = VirtualMachineClientLiveTest.createVirtualMachineWithSecurityGroupInZone(zone.getId(), |
| defaultTemplateOrPreferredInZone(defaultTemplate, client, zone.getId()), group.getId(), client, |
| jobComplete, virtualMachineRunning); |
| if (vm.getPassword() != null && !loginCredentials.hasPasswordOption()) |
| loginCredentials = loginCredentials.toBuilder().password(vm.getPassword()).build(); |
| // ingress port 22 |
| checkSSH(HostAndPort.fromParts(vm.getIPAddress(), 22)); |
| // ingress icmp disabled as this is platform dependent and may actually |
| // just try tcp port 7 |
| // assert InetAddress.getByName(vm.getIPAddress()).isReachable(1000) : vm; |
| } |
| |
| protected void checkGroup(SecurityGroup group) { |
| // http://bugs.cloud.com/show_bug.cgi?id=8968 |
| if (group.getIngressRules().size() <= 1) |
| assertEquals(group, client.getSecurityGroupClient().getSecurityGroup(group.getId())); |
| assert group.getId() != null : group; |
| assert group.getName() != null : group; |
| assert group.getAccount() != null : group; |
| assert group.getDomain() != null : group; |
| assert group.getDomainId() != null : group; |
| assert group.getIngressRules() != null : group; |
| } |
| |
| @Test |
| public void testCreateVMWithoutSecurityGroupAssignsDefault() throws Exception { |
| if (!securityGroupsSupported) |
| return; |
| String defaultTemplate = template != null ? template.getImageId() : null; |
| VirtualMachine newVm = VirtualMachineClientLiveTest.createVirtualMachineWithOptionsInZone(DeployVirtualMachineOptions.NONE, |
| zone.getId(), defaultTemplateOrPreferredInZone(defaultTemplate, client, zone.getId()), client, |
| jobComplete, virtualMachineRunning); |
| try { |
| VirtualMachine runningVm = client.getVirtualMachineClient().getVirtualMachine(newVm.getId()); |
| assertTrue(runningVm.getSecurityGroups().size() == 1); |
| assertEquals(Iterables.getOnlyElement(runningVm.getSecurityGroups()).getName(), "default"); |
| } finally { |
| assertTrue(jobComplete.apply(client.getVirtualMachineClient().destroyVirtualMachine(newVm.getId()))); |
| } |
| } |
| |
| @AfterGroups(groups = "live") |
| protected void tearDown() { |
| if (vm != null) { |
| assertTrue(jobComplete.apply(client.getVirtualMachineClient().destroyVirtualMachine(vm.getId()))); |
| } |
| if (group != null) { |
| for (IngressRule rule : group.getIngressRules()) |
| assertTrue(jobComplete.apply(client.getSecurityGroupClient().revokeIngressRule(rule.getId())), rule.toString()); |
| client.getSecurityGroupClient().deleteSecurityGroup(group.getId()); |
| assertEquals(client.getSecurityGroupClient().getSecurityGroup(group.getId()), null); |
| } |
| super.tearDown(); |
| } |
| |
| } |