Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do @security_groups_format = { 'requestId' => String, 'securityGroupInfo' => [{ 'groupDescription' => String, 'groupName' => String, 'ipPermissions' => [{ 'fromPort' => Integer, 'groups' => [{ 'groupName' => String, 'userId' => String }], 'ipProtocol' => String, 'ipRanges' => [], 'toPort' => Integer, }], 'ipPermissionsEgress' => [], 'ownerId' => String }] } @owner_id = Fog::Compute[:aws].describe_security_groups('group-name' => 'default').body['securityGroupInfo'].first['ownerId'] tests('success') do tests("#create_security_group('fog_security_group', 'tests group')").formats(AWS::Compute::Formats::BASIC) do Fog::Compute[:aws].create_security_group('fog_security_group', 'tests group').body end tests("#create_security_group('fog_security_group_two', 'tests group')").formats(AWS::Compute::Formats::BASIC) do Fog::Compute[:aws].create_security_group('fog_security_group_two', 'tests group').body end to_be_revoked = [] expected_permissions = [] permission = { 'SourceSecurityGroupName' => 'default' } tests("#authorize_security_group_ingress('fog_security_group', #{permission.inspect})").formats(AWS::Compute::Formats::BASIC) do Fog::Compute[:aws].authorize_security_group_ingress('fog_security_group', permission).body end to_be_revoked.push([permission, expected_permissions.dup]) expected_permissions = [ {"groups"=>[{"groupName"=>"default", "userId"=>@owner_id}], "fromPort"=>1, "ipRanges"=>[], "ipProtocol"=>"tcp", "toPort"=>65535}, {"groups"=>[{"groupName"=>"default", "userId"=>@owner_id}], "fromPort"=>1, "ipRanges"=>[], "ipProtocol"=>"udp", "toPort"=>65535}, {"groups"=>[{"groupName"=>"default", "userId"=>@owner_id}], "fromPort"=>-1, "ipRanges"=>[], "ipProtocol"=>"icmp", "toPort"=>-1} ] tests("#describe_security_groups('group-name' => 'fog_security_group')").returns([]) do array_differences(expected_permissions, Fog::Compute[:aws].describe_security_groups('group-name' => 'fog_security_group').body['securityGroupInfo'].first['ipPermissions']) end permission = { 'SourceSecurityGroupName' => 'fog_security_group_two', 'SourceSecurityGroupOwnerId' => @owner_id } tests("#authorize_security_group_ingress('fog_security_group', #{permission.inspect})").formats(AWS::Compute::Formats::BASIC) do Fog::Compute[:aws].authorize_security_group_ingress('fog_security_group', permission).body end to_be_revoked.push([permission, expected_permissions.dup]) expected_permissions = [ {"groups"=> [{"userId"=>@owner_id, "groupName"=>"default"}, {"userId"=>@owner_id, "groupName"=>"fog_security_group_two"}], "ipRanges"=>[], "ipProtocol"=>"tcp", "fromPort"=>1, "toPort"=>65535}, {"groups"=> [{"userId"=>@owner_id, "groupName"=>"default"}, {"userId"=>@owner_id, "groupName"=>"fog_security_group_two"}], "ipRanges"=>[], "ipProtocol"=>"udp", "fromPort"=>1, "toPort"=>65535}, {"groups"=> [{"userId"=>@owner_id, "groupName"=>"default"}, {"userId"=>@owner_id, "groupName"=>"fog_security_group_two"}], "ipRanges"=>[], "ipProtocol"=>"icmp", "fromPort"=>-1, "toPort"=>-1} ] tests("#describe_security_groups('group-name' => 'fog_security_group')").returns([]) do array_differences(expected_permissions, Fog::Compute[:aws].describe_security_groups('group-name' => 'fog_security_group').body['securityGroupInfo'].first['ipPermissions']) end permission = { 'IpProtocol' => 'tcp', 'FromPort' => '22', 'ToPort' => '22' } tests("#authorize_security_group_ingress('fog_security_group', #{permission.inspect})").formats(AWS::Compute::Formats::BASIC) do Fog::Compute[:aws].authorize_security_group_ingress('fog_security_group', permission).body end to_be_revoked.push([permission, expected_permissions.dup]) # previous did nothing tests("#describe_security_groups('group-name' => 'fog_security_group')").returns([]) do array_differences(expected_permissions, Fog::Compute[:aws].describe_security_groups('group-name' => 'fog_security_group').body['securityGroupInfo'].first['ipPermissions']) end permission = { 'IpProtocol' => 'tcp', 'FromPort' => '22', 'ToPort' => '22', 'CidrIp' => '10.0.0.0/8' } tests("#authorize_security_group_ingress('fog_security_group', #{permission.inspect})").formats(AWS::Compute::Formats::BASIC) do Fog::Compute[:aws].authorize_security_group_ingress('fog_security_group', permission).body end to_be_revoked.push([permission, expected_permissions.dup]) expected_permissions += [ {"groups"=>[], "ipRanges"=>[{"cidrIp"=>"10.0.0.0/8"}], "ipProtocol"=>"tcp", "fromPort"=>22, "toPort"=>22} ] tests("#describe_security_groups('group-name' => 'fog_security_group')").returns([]) do array_differences(expected_permissions, Fog::Compute[:aws].describe_security_groups('group-name' => 'fog_security_group').body['securityGroupInfo'].first['ipPermissions']) end # authorize with nested IpProtocol without IpRanges or Groups does nothing permissions = { 'IpPermissions' => [ { 'IpProtocol' => 'tcp', 'FromPort' => '22', 'ToPort' => '22' } ] } tests("#authorize_security_group_ingress('fog_security_group', #{permissions.inspect})").formats(AWS::Compute::Formats::BASIC) do Fog::Compute[:aws].authorize_security_group_ingress('fog_security_group', permissions).body end to_be_revoked.push([permissions, expected_permissions.dup]) # previous did nothing tests("#describe_security_groups('group-name' => 'fog_security_group')").returns([]) do array_differences(expected_permissions, Fog::Compute[:aws].describe_security_groups('group-name' => 'fog_security_group').body['securityGroupInfo'].first['ipPermissions']) end # authorize with nested IpProtocol with IpRanges permissions = { 'IpPermissions' => [ { 'IpProtocol' => 'tcp', 'FromPort' => '80', 'ToPort' => '80', 'IpRanges' => [{ 'CidrIp' => '192.168.0.0/24' }] } ] } tests("#authorize_security_group_ingress('fog_security_group', #{permissions.inspect})").formats(AWS::Compute::Formats::BASIC) do Fog::Compute[:aws].authorize_security_group_ingress('fog_security_group', permissions).body end to_be_revoked.push([permissions, expected_permissions.dup]) expected_permissions += [ {"groups"=>[], "ipRanges"=>[{"cidrIp"=>"192.168.0.0/24"}], "ipProtocol"=>"tcp", "fromPort"=>80, "toPort"=>80} ] tests("#describe_security_groups('group-name' => 'fog_security_group')").returns([]) do array_differences(expected_permissions, Fog::Compute[:aws].describe_security_groups('group-name' => 'fog_security_group').body['securityGroupInfo'].first['ipPermissions']) end # authorize with nested IpProtocol with Groups permissions = { 'IpPermissions' => [ { 'IpProtocol' => 'tcp', 'FromPort' => '8000', 'ToPort' => '8000', 'Groups' => [{ 'GroupName' => 'fog_security_group_two' }] } ] } tests("#authorize_security_group_ingress('fog_security_group', #{permissions.inspect})").formats(AWS::Compute::Formats::BASIC) do Fog::Compute[:aws].authorize_security_group_ingress('fog_security_group', permissions).body end to_be_revoked.push([permissions, expected_permissions.dup]) expected_permissions += [ {"groups"=>[{"userId"=>@owner_id, "groupName"=>"fog_security_group_two"}], "ipRanges"=>[], "ipProtocol"=>"tcp", "fromPort"=>8000, "toPort"=>8000} ] tests("#describe_security_groups('group-name' => 'fog_security_group')").returns([]) do array_differences(expected_permissions, Fog::Compute[:aws].describe_security_groups('group-name' => 'fog_security_group').body['securityGroupInfo'].first['ipPermissions']) end # authorize with nested IpProtocol with IpRanges and Groups # try integers on this one instead of strings permissions = { 'IpPermissions' => [ { 'IpProtocol' => 'tcp', 'FromPort' => 9000, 'ToPort' => 9000, 'IpRanges' => [{ 'CidrIp' => '172.16.0.0/24' }], 'Groups' => [{ 'GroupName' => 'fog_security_group_two' }] } ] } tests("#authorize_security_group_ingress('fog_security_group', #{permissions.inspect})").formats(AWS::Compute::Formats::BASIC) do Fog::Compute[:aws].authorize_security_group_ingress('fog_security_group', permissions).body end to_be_revoked.push([permissions, expected_permissions.dup]) expected_permissions += [ {"groups"=> [{"userId"=>@owner_id, "groupName"=>"fog_security_group_two"}], "ipRanges"=>[{"cidrIp"=>"172.16.0.0/24"}], "ipProtocol"=>"tcp", "fromPort"=>9000, "toPort"=>9000} ] tests("#describe_security_groups('group-name' => 'fog_security_group')").returns([]) do array_differences(expected_permissions, Fog::Compute[:aws].describe_security_groups('group-name' => 'fog_security_group').body['securityGroupInfo'].first['ipPermissions']) end tests("#describe_security_groups").formats(@security_groups_format) do Fog::Compute[:aws].describe_security_groups.body end tests("#describe_security_groups('group-name' => 'fog_security_group')").formats(@security_groups_format) do Fog::Compute[:aws].describe_security_groups('group-name' => 'fog_security_group').body end to_be_revoked.reverse.each do |permission, expected_permissions_after| tests("#revoke_security_group_ingress('fog_security_group', #{permission.inspect})").formats(AWS::Compute::Formats::BASIC) do Fog::Compute[:aws].revoke_security_group_ingress('fog_security_group', permission).body end tests("#describe_security_groups('group-name' => 'fog_security_group')").returns([]) do array_differences(expected_permissions_after, Fog::Compute[:aws].describe_security_groups('group-name' => 'fog_security_group').body['securityGroupInfo'].first['ipPermissions']) end end tests("#delete_security_group('fog_security_group')").formats(AWS::Compute::Formats::BASIC) do Fog::Compute[:aws].delete_security_group('fog_security_group').body end tests("#delete_security_group('fog_security_group_two')").formats(AWS::Compute::Formats::BASIC) do Fog::Compute[:aws].delete_security_group('fog_security_group_two').body end end tests('failure') do @security_group = Fog::Compute[:aws].security_groups.create(:description => 'tests group', :name => 'fog_security_group') @other_security_group = Fog::Compute[:aws].security_groups.create(:description => 'tests group', :name => 'fog_other_security_group') tests("duplicate #create_security_group(#{@security_group.name}, #{@security_group.description})").raises(Fog::Compute::AWS::Error) do Fog::Compute[:aws].create_security_group(@security_group.name, @security_group.description) end tests("#authorize_security_group_ingress('not_a_group_name', {'FromPort' => 80, 'IpProtocol' => 'tcp', 'toPort' => 80})").raises(Fog::Compute::AWS::NotFound) do Fog::Compute[:aws].authorize_security_group_ingress( 'not_a_group_name', { 'FromPort' => 80, 'IpProtocol' => 'tcp', 'ToPort' => 80, } ) end tests("#authorize_security_group_ingress('not_a_group_name', {'SourceSecurityGroupName' => 'not_a_group_name', 'SourceSecurityGroupOwnerId' => '#{@owner_id}'})").raises(Fog::Compute::AWS::NotFound) do Fog::Compute[:aws].authorize_security_group_ingress( 'not_a_group_name', { 'SourceSecurityGroupName' => 'not_a_group_name', 'SourceSecurityGroupOwnerId' => @owner_id } ) end tests("#authorize_security_group_ingress('fog_security_group', {'IpPermissions' => [{'IpProtocol' => 'tcp', 'FromPort' => 80, 'ToPort' => 80, 'IpRanges' => [{'CidrIp' => '10.0.0.0/8'}]}]})").formats(AWS::Compute::Formats::BASIC) do Fog::Compute[:aws].authorize_security_group_ingress('fog_security_group', {'IpPermissions' => [{'IpProtocol' => 'tcp', 'FromPort' => 80, 'ToPort' => 80, 'IpRanges' => [{'CidrIp' => '10.0.0.0/8'}]}]}).body end tests("#authorize_security_group_ingress('fog_security_group', {'IpPermissions' => [{'IpProtocol' => 'tcp', 'FromPort' => 80, 'ToPort' => 80, 'IpRanges' => [{'CidrIp' => '10.0.0.0/8'}]}]})").raises(Fog::Compute::AWS::Error) do Fog::Compute[:aws].authorize_security_group_ingress('fog_security_group', {'IpPermissions' => [{'IpProtocol' => 'tcp', 'FromPort' => 80, 'ToPort' => 80, 'IpRanges' => [{'CidrIp' => '10.0.0.0/8'}]}]}) end tests("#authorize_security_group_ingress('fog_security_group', {'IpPermissions' => [{'Groups' => [{'GroupName' => '#{@other_security_group.name}'}], 'FromPort' => 80, 'ToPort' => 80, 'IpProtocol' => 'tcp'}]})").formats(AWS::Compute::Formats::BASIC) do Fog::Compute[:aws].authorize_security_group_ingress('fog_security_group', {'IpPermissions' => [{'Groups' => [{'GroupName' => @other_security_group.name}], 'FromPort' => 80, 'ToPort' => 80, 'IpProtocol' => 'tcp'}]}).body end tests("#delete_security_group('#{@other_security_group.name}')").raises(Fog::Compute::AWS::Error) do Fog::Compute[:aws].delete_security_group(@other_security_group.name) end broken_params = [ {}, { "IpProtocol" => "what" }, { "IpProtocol" => "tcp" }, { "IpProtocol" => "what", "FromPort" => 1, "ToPort" => 1 }, ] broken_params += broken_params.map do |broken_params_item| { "IpPermissions" => [broken_params_item] } end broken_params += [ { "IpPermissions" => [] }, { "IpPermissions" => nil } ] broken_params.each do |broken_params_item| tests("#authorize_security_group_ingress('fog_security_group', #{broken_params_item.inspect})").raises(Fog::Compute::AWS::Error) do Fog::Compute[:aws].authorize_security_group_ingress('fog_security_group', broken_params_item) end tests("#revoke_security_group_ingress('fog_security_group', #{broken_params_item.inspect})").raises(Fog::Compute::AWS::Error) do Fog::Compute[:aws].revoke_security_group_ingress('fog_security_group', broken_params_item) end end tests("#revoke_security_group_ingress('not_a_group_name', {'FromPort' => 80, 'IpProtocol' => 'tcp', 'toPort' => 80})").raises(Fog::Compute::AWS::NotFound) do Fog::Compute[:aws].revoke_security_group_ingress( 'not_a_group_name', { 'FromPort' => 80, 'IpProtocol' => 'tcp', 'ToPort' => 80, } ) end tests("#revoke_security_group_ingress('not_a_group_name', {'SourceSecurityGroupName' => 'not_a_group_name', 'SourceSecurityGroupOwnerId' => '#{@owner_id}'})").raises(Fog::Compute::AWS::NotFound) do Fog::Compute[:aws].revoke_security_group_ingress( 'not_a_group_name', { 'SourceSecurityGroupName' => 'not_a_group_name', 'SourceSecurityGroupOwnerId' => @owner_id } ) end tests("#delete_security_group('not_a_group_name')").raises(Fog::Compute::AWS::NotFound) do Fog::Compute[:aws].delete_security_group('not_a_group_name') end @security_group.destroy @other_security_group.destroy tests("#delete_security_group('default')").raises(Fog::Compute::AWS::Error) do Fog::Compute[:aws].delete_security_group('default') end end end