@Test public void testSharedGroupLoadedWhenItExistsButIsNotCached() { Template template = mock(Template.class); TemplateOptions templateOptions = mock(TemplateOptions.class); when(template.getLocation()).thenReturn(location); when(template.getOptions()).thenReturn(templateOptions); JcloudsLocation jcloudsLocation = new JcloudsLocation(MutableMap.of("deferConstruction", true)); SecurityGroup shared = newGroup(customizer.getNameForSharedSecurityGroup()); SecurityGroup irrelevant = newGroup("irrelevant"); when(securityApi.createSecurityGroup(shared.getName(), location)).thenReturn(shared); when(securityApi.createSecurityGroup(irrelevant.getName(), location)).thenReturn(irrelevant); when(securityApi.listSecurityGroupsInLocation(location)).thenReturn(ImmutableSet.of(irrelevant, shared)); when(securityApi.addIpPermission(any(IpPermission.class), eq(shared))).thenReturn(shared); when(securityApi.addIpPermission(any(IpPermission.class), eq(irrelevant))).thenReturn(irrelevant); customizer.customize(jcloudsLocation, computeService, template); verify(securityApi).listSecurityGroupsInLocation(location); verify(securityApi, never()).createSecurityGroup(anyString(), any(Location.class)); }
@Test public void testAddRuleNotRetriedByDefault() { IpPermission ssh = newPermission(22); SecurityGroup sharedGroup = newGroup(customizer.getNameForSharedSecurityGroup()); SecurityGroup uniqueGroup = newGroup("unique"); when(securityApi.listSecurityGroupsForNode(NODE_ID)).thenReturn(ImmutableSet.of(sharedGroup, uniqueGroup)); when(securityApi.addIpPermission(eq(ssh), eq(uniqueGroup))) .thenThrow(new RuntimeException("exception creating " + ssh)); when(computeService.getContext().unwrap().getId()).thenReturn("aws-ec2"); try { customizer.addPermissionsToLocation(jcloudsMachineLocation, ImmutableList.of(ssh)); } catch (Exception e) { assertTrue(e.getMessage().contains("repeated errors from provider"), "message=" + e.getMessage()); } verify(securityApi, never()).createSecurityGroup(anyString(), any(Location.class)); verify(securityApi, times(1)).addIpPermission(ssh, uniqueGroup); }
@Test public void testSecurityGroupAddedWhenJcloudsLocationCustomised() { Template template = mock(Template.class); TemplateOptions templateOptions = mock(TemplateOptions.class); when(template.getLocation()).thenReturn(location); when(template.getOptions()).thenReturn(templateOptions); SecurityGroup group = newGroup("id"); when(securityApi.createSecurityGroup(anyString(), eq(location))).thenReturn(group); when(securityApi.addIpPermission(any(IpPermission.class), eq(group))).thenReturn(group); // Two Brooklyn.JcloudsLocations added to same Jclouds.Location JcloudsLocation jcloudsLocationA = new JcloudsLocation(MutableMap.of("deferConstruction", true)); JcloudsLocation jcloudsLocationB = new JcloudsLocation(MutableMap.of("deferConstruction", true)); customizer.customize(jcloudsLocationA, computeService, template); customizer.customize(jcloudsLocationB, computeService, template); // One group with three permissions shared by both locations. // Expect TCP, UDP and ICMP between members of group and SSH to Brooklyn verify(securityApi).createSecurityGroup(anyString(), eq(location)); verify(securityApi, times(4)).addIpPermission(any(IpPermission.class), eq(group)); // New groups set on options verify(templateOptions, times(2)).securityGroups(anyString()); }
@Test public void testAddPermissionsToNode() { IpPermission ssh = newPermission(22); IpPermission jmx = newPermission(31001); SecurityGroup sharedGroup = newGroup(customizer.getNameForSharedSecurityGroup()); SecurityGroup group = newGroup("id"); when(securityApi.listSecurityGroupsForNode(NODE_ID)).thenReturn(ImmutableSet.of(sharedGroup, group)); SecurityGroup updatedSecurityGroup = newGroup("id", ImmutableSet.of(ssh, jmx)); when(securityApi.addIpPermission(ssh, group)).thenReturn(updatedSecurityGroup); when(securityApi.addIpPermission(jmx, group)).thenReturn(updatedSecurityGroup); when(computeService.getContext().unwrap().getId()).thenReturn("aws-ec2"); customizer.addPermissionsToLocation(jcloudsMachineLocation, ImmutableList.of(ssh, jmx)); verify(securityApi, never()).createSecurityGroup(anyString(), any(Location.class)); verify(securityApi, times(1)).addIpPermission(ssh, group); verify(securityApi, times(1)).addIpPermission(jmx, group); }
@Test(groups = { "integration", "live" }, singleThreaded = true) public void testCreateSecurityGroup() throws RunNodesException, InterruptedException, ExecutionException { skipIfSecurityGroupsNotSupported(); ComputeService computeService = view.getComputeService(); Location location = getNodeTemplate().getLocation(); Optional<SecurityGroupExtension> securityGroupExtension = computeService.getSecurityGroupExtension(); assertTrue(securityGroupExtension.isPresent(), "security extension was not present"); SecurityGroup group = securityGroupExtension.get().createSecurityGroup(secGroupName, location); logger.info("Group created: %s", group); assertTrue(group.getName().contains(secGroupName)); groupId = group.getId(); }
verify(securityApi, never()).createSecurityGroup(anyString(), any(Location.class)); verify(securityApi, times(3)).addIpPermission(ssh, uniqueGroup);
@Test public void testAddRuleRetriedOnAwsFailure() { IpPermission ssh = newPermission(22); SecurityGroup sharedGroup = newGroup(customizer.getNameForSharedSecurityGroup()); SecurityGroup uniqueGroup = newGroup("unique"); customizer.setRetryExceptionPredicate(JcloudsLocationSecurityGroupCustomizer.newAwsExceptionRetryPredicate()); when(securityApi.listSecurityGroupsForNode(NODE_ID)).thenReturn(ImmutableSet.of(sharedGroup, uniqueGroup)); when(securityApi.addIpPermission(any(IpPermission.class), eq(uniqueGroup))) .thenThrow(newAwsResponseExceptionWithCode("InvalidGroup.InUse")) .thenThrow(newAwsResponseExceptionWithCode("DependencyViolation")) .thenThrow(newAwsResponseExceptionWithCode("RequestLimitExceeded")) .thenThrow(newAwsResponseExceptionWithCode("Blocked")) .thenReturn(sharedGroup); when(computeService.getContext().unwrap().getId()).thenReturn("aws-ec2"); try { customizer.addPermissionsToLocation(jcloudsMachineLocation, ImmutableList.of(ssh)); } catch (Exception e) { String expected = "repeated errors from provider"; assertTrue(e.getMessage().contains(expected), "expected exception message to contain " + expected + ", was: " + e.getMessage()); } verify(securityApi, never()).createSecurityGroup(anyString(), any(Location.class)); verify(securityApi, times(4)).addIpPermission(ssh, uniqueGroup); }
@Test public void testAddPermissionsToNodeUsesUncachedSecurityGroup() { JcloudsLocation jcloudsLocation = new JcloudsLocation(MutableMap.of("deferConstruction", true)); SecurityGroup sharedGroup = newGroup(customizer.getNameForSharedSecurityGroup()); SecurityGroup uniqueGroup = newGroup("unique"); Template template = mock(Template.class); TemplateOptions templateOptions = mock(TemplateOptions.class); when(template.getLocation()).thenReturn(location); when(template.getOptions()).thenReturn(templateOptions); when(securityApi.createSecurityGroup(anyString(), eq(location))).thenReturn(sharedGroup); when(securityApi.addIpPermission(any(IpPermission.class), eq(uniqueGroup))).thenReturn(uniqueGroup); when(securityApi.addIpPermission(any(IpPermission.class), eq(sharedGroup))).thenReturn(sharedGroup); when(computeService.getContext().unwrap().getId()).thenReturn("aws-ec2"); // Call customize to cache the shared group customizer.customize(jcloudsLocation, computeService, template); reset(securityApi); when(securityApi.listSecurityGroupsForNode(NODE_ID)).thenReturn(ImmutableSet.of(uniqueGroup, sharedGroup)); IpPermission ssh = newPermission(22); SecurityGroup updatedSharedSecurityGroup = newGroup(sharedGroup.getId(), ImmutableSet.of(ssh)); when(securityApi.addIpPermission(ssh, uniqueGroup)).thenReturn(updatedSharedSecurityGroup); SecurityGroup updatedUniqueSecurityGroup = newGroup("unique", ImmutableSet.of(ssh)); when(securityApi.addIpPermission(ssh, sharedGroup)).thenReturn(updatedUniqueSecurityGroup); customizer.addPermissionsToLocation(jcloudsMachineLocation, ImmutableSet.of(ssh)); // Expect the per-machine group to have been altered, not the shared group verify(securityApi).addIpPermission(ssh, uniqueGroup); verify(securityApi, never()).addIpPermission(any(IpPermission.class), eq(sharedGroup)); }
group = securityGroupExtension.createSecurityGroup(clusterSpec.getClusterName(), instance.getNodeMetadata().getLocation());
@Test(groups = {"integration", "live"}, singleThreaded = true) public void testListSecurityGroups() throws Exception { skipIfSecurityGroupsNotSupported(); final long begin = new Date().getTime(); ComputeService computeService = view.getComputeService(); Optional<SecurityGroupExtension> securityGroupExtension = computeService.getSecurityGroupExtension(); assertTrue(securityGroupExtension.isPresent(), "security extension was not present"); logger.info("Loading security groups"); final SecurityGroupExtension security = securityGroupExtension.get(); Set<SecurityGroup> beforeAdd = security.listSecurityGroups(); int countBeforeAdd = beforeAdd.size(); logger.info("Found %d security groups", countBeforeAdd); String someUnlikelyName = String.valueOf(new Random().nextInt(1000000) + 1000000); logger.info("Adding security group %s", someUnlikelyName); final SecurityGroup testGroup = security.createSecurityGroup(someUnlikelyName, getNodeTemplate().getLocation()); try { verifyAndDeleteSecurityGroup(security, countBeforeAdd, testGroup); } catch (Exception e) { logger.error(e, "Exception caught, live test leaking security group %s", testGroup.getName()); throw e; } final long end = new Date().getTime(); assertTrue(end - begin < TimeUnit.MINUTES.toMillis(5)); // see https://issues.apache.org/jira/browse/JCLOUDS-1235 }
SecurityGroup group = extension.createSecurityGroup("test", ZoneToLocationTest.one); assertEquals(group.getId(), "30"); assertEquals(group.getIpPermissions().size(), 0);
SecurityGroup group = extension.createSecurityGroup("test", ZoneToLocationTest.two); assertEquals(group.getId(), "30"); assertEquals(group.getIpPermissions().size(), 0);
@Override public void provisionNetwork(VirtualNetwork network) { String name = network.config().get(VirtualNetwork.NETWORK_ID); SecurityGroupExtension extension = location.getComputeService().getSecurityGroupExtension().get(); Set<SecurityGroup> groups = extension.listSecurityGroups(); String id = null; // Look for existing security group with the desired name for (SecurityGroup each : groups) { if (each.getName().equalsIgnoreCase(name)) { id = each.getId(); break; } } // If not found then create a new group if (id == null) { Location region = location.getComputeService().listAssignableLocations().iterator().next(); SecurityGroup added = extension.createSecurityGroup(name, region); id = added.getId(); IpPermission rules = IpPermission.builder() .cidrBlock(network.config().get(VirtualNetwork.NETWORK_CIDR).toString()) .ipProtocol(IpProtocol.TCP) .fromPort(1) .toPort(65535) .build(); extension.addIpPermission(rules, added); LOG.info("Added new security group {} with ID {}: {}", new Object[] { added.getName(), id, rules.toString() }); } // Use the OpenStack UUID as the virtual network id network.sensors().set(VirtualNetwork.NETWORK_ID, id); }
@Test(groups = {"integration", "live"}, singleThreaded = true) public void testSecurityGroupCacheInvalidated() throws Exception { ComputeService computeService = view.getComputeService(); Optional<SecurityGroupExtension> securityGroupExtension = computeService.getSecurityGroupExtension(); assertTrue(securityGroupExtension.isPresent(), "security extension was not present"); final SecurityGroupExtension security = securityGroupExtension.get(); final SecurityGroup seedGroup = security.createSecurityGroup(secGroupNameToDelete, getNodeTemplate().getLocation()); boolean deleted = security.removeSecurityGroup(seedGroup.getId()); assertTrue(deleted, "just created security group failed deletion"); final SecurityGroup recreatedGroup = security.createSecurityGroup(secGroupNameToDelete, getNodeTemplate().getLocation()); // Makes sure the security group exists and is re-created and is not just returned from cache security.addIpPermission(IpPermission.builder() .fromPort(1000) .toPort(1000) .cidrBlock("1.1.1.1/32") .ipProtocol(IpProtocol.TCP) .build(), recreatedGroup); boolean deleted2 = security.removeSecurityGroup(recreatedGroup.getId()); assertTrue(deleted2, "just created security group failed deletion"); }
SecurityGroup group = extension.createSecurityGroup("test", new LocationBuilder() .scope(LocationScope.REGION) .id(region)
@Test(groups = {"integration", "live"}, singleThreaded = true) public void testSecurityGroupCacheInvalidatedWhenDeletedExternally() throws Exception { String testSecurityGroupName = secGroupNameToDelete + "-externally"; ComputeService computeService = view.getComputeService(); Optional<SecurityGroupExtension> securityGroupExtension = computeService.getSecurityGroupExtension(); assertTrue(securityGroupExtension.isPresent(), "security extension was not present"); final SecurityGroupExtension security = securityGroupExtension.get(); final SecurityGroup seedGroup = security.createSecurityGroup(testSecurityGroupName, getNodeTemplate().getLocation()); deleteSecurityGroupFromAnotherView(seedGroup); boolean deleted = security.removeSecurityGroup(seedGroup.getId()); assertFalse(deleted, "SG deleted externally so should've failed deletion"); final SecurityGroup recreatedGroup = security.createSecurityGroup(testSecurityGroupName, getNodeTemplate().getLocation()); // Makes sure the security group exists and is re-created and is not just returned from cache security.addIpPermission(IpPermission.builder() .fromPort(1000) .toPort(1000) .cidrBlock("1.1.1.1/32") .ipProtocol(IpProtocol.TCP) .build(), recreatedGroup); boolean deleted2 = security.removeSecurityGroup(recreatedGroup.getId()); assertTrue(deleted2, "just created security group failed deletion"); }
SecurityGroup group = extension.createSecurityGroup("some-group", new LocationBuilder() .scope(LocationScope.REGION) .id(region)
public void createSecurityGroup() throws Exception { enqueueRegions(DEFAULT_REGION); enqueueXml(DEFAULT_REGION, "/created_securitygroup.xml"); // TODO: ridiculously chatty enqueueXml(DEFAULT_REGION, "/describe_securitygroups_extension_single.xml"); enqueueXml(DEFAULT_REGION, "/describe_securitygroups_extension_single.xml"); enqueueXml(DEFAULT_REGION, "/describe_securitygroups_extension_single.xml"); enqueueXml(DEFAULT_REGION, "/availabilityZones.xml"); SecurityGroup newGroup = extension() .createSecurityGroup(group.getName().replace("jclouds#", ""), group.getLocation()); assertEquals(newGroup.getId(), group.getId()); assertEquals(newGroup.getProviderId(), group.getProviderId()); assertEquals(newGroup.getName(), group.getName()); assertEquals(newGroup.getLocation().getId(), group.getLocation().getId()); // One from response has a parent assertPosted(DEFAULT_REGION, "Action=DescribeRegions"); assertPosted(DEFAULT_REGION, "Action=CreateSecurityGroup&GroupName=jclouds%23some-group&GroupDescription=jclouds%23some-group"); assertPosted(DEFAULT_REGION, "Action=DescribeSecurityGroups&Filter.1.Name=group-name&Filter.1.Value.1=jclouds%23some-group"); assertPosted(DEFAULT_REGION, "Action=DescribeSecurityGroups&Filter.1.Name=group-name&Filter.1.Value.1=jclouds%23some-group"); assertPosted(DEFAULT_REGION, "Action=DescribeSecurityGroups&GroupId.1=sg-3c6ef654"); assertPosted(DEFAULT_REGION, "Action=DescribeAvailabilityZones"); }