spec/beaker/hypervisor/aws_sdk_spec.rb in beaker-aws-0.5.0 vs spec/beaker/hypervisor/aws_sdk_spec.rb in beaker-aws-0.6.0
- old
+ new
@@ -990,10 +990,12 @@
end
describe '#ensure_group' do
let(:vpc) { instance_double(Aws::EC2::Types::Vpc, :vpc_id => 1) }
let(:ports) { [22, 80, 8080] }
+ let(:default_sg_cidr_ips) { ['0.0.0.0/0'] }
+
subject(:ensure_group) { aws.ensure_group(vpc, ports) }
let(:mock_client) { instance_double(Aws::EC2::Client) }
before :each do
@@ -1028,19 +1030,20 @@
context 'when group does not exist' do
let(:group) { nil }
it 'creates group if group.nil?' do
- expect(aws).to receive(:create_group).with(vpc, ports).and_return(group)
+ expect(aws).to receive(:create_group).with(vpc, ports, default_sg_cidr_ips).and_return(group)
allow(mock_client).to receive(:describe_security_groups).with(any_args).and_return(security_group_result)
expect(ensure_group).to eq(group)
end
end
end
describe '#create_group' do
- let(:rv) { double('rv') }
+ let(:group_vpc_id) { 'vpc-someid' }
+ let(:rv) { instance_double(Aws::EC2::Types::Vpc, :vpc_id => group_vpc_id) }
let(:ports) { [22, 80, 8080] }
subject(:create_group) { aws.create_group(rv, ports) }
let(:group) { instance_double(Aws::EC2::Types::SecurityGroup, :group_id => 1) }
let(:mock_client) { instance_double(Aws::EC2::Client) }
@@ -1063,63 +1066,88 @@
end
it 'creates group with expected arguments' do
group_name = "Beaker-1521896090"
group_desc = "Custom Beaker security group for #{ports.to_a}"
+
expect(mock_client).to receive(:create_security_group).with(
:group_name => group_name,
:description => group_desc,
).and_return(group)
allow(mock_client).to receive(:authorize_security_group_ingress).with(include(:group_id => group.group_id)).at_least(:once)
expect(create_group).to eq(group)
end
+ context 'it is called with VPC as first param' do
+ it 'creates group with expected arguments including vpc id' do
+ group_name = "Beaker-1521896090"
+ group_desc = "Custom Beaker security group for #{ports.to_a}"
+
+ allow(rv).to receive(:is_a?).with(String).and_return(false)
+ allow(rv).to receive(:is_a?).with(Aws::EC2::Types::Vpc).and_return(true)
+
+ expect(mock_client).to receive(:create_security_group).with(
+ :group_name => group_name,
+ :description => group_desc,
+ :vpc_id => group_vpc_id,
+ ).and_return(group)
+ allow(mock_client).to receive(:authorize_security_group_ingress).with(include(:group_id => group.group_id)).at_least(:once)
+ expect(create_group).to eq(group)
+ end
+ end
+
it 'authorizes requested ports for group' do
allow(mock_client).to receive(:create_security_group).with(any_args).and_return(group)
ports.each do |port|
expect(mock_client).to receive(:authorize_security_group_ingress).with(include(:to_port => port)).once
end
expect(create_group).to eq(group)
end
+
+ context 'security group CIDRs are passed' do
+ let(:sg_cidr_ips) { ['172.28.40.0/24', '172.20.112.0/20'] }
+ subject(:create_group_with_cidr) { aws.create_group(rv, ports, sg_cidr_ips) }
+
+ it 'authorizes requested CIDR for group' do
+ allow(mock_client).to receive(:create_security_group).with(any_args).and_return(group)
+
+ sg_cidr_ips.each do |cidr_ip|
+ expect(mock_client).to receive(:authorize_security_group_ingress).with(include(:cidr_ip => cidr_ip)).exactly(3).times
+ end
+
+ expect(create_group_with_cidr).to eq(group)
+ end
+ end
end
describe '#load_fog_credentials' do
# Receive#and_call_original below allows us to test the core load_fog_credentials method
let(:dot_fog) { '.fog' }
subject(:load_fog_credentials) { aws.load_fog_credentials(dot_fog) }
- it 'returns loaded fog credentials' do
- creds = {:access_key_id => 'awskey', :secret_access_key => 'awspass', :session_token => nil}
- fog_hash = {:default => {:aws_access_key_id => 'awskey', :aws_secret_access_key => 'awspass'}}
+ it 'returns AWS::Credentials with loaded fog credentials and session token' do
+ fog_creds = {:aws_access_key_id => 'awskey', :aws_secret_access_key => 'awspass', :aws_session_token => 'sometoken'}
+ aws_creds = {:access_key_id => 'awskey', :secret_access_key => 'awspass', :session_token => 'sometoken'}
expect(aws).to receive(:load_fog_credentials).and_call_original
- expect(YAML).to receive(:load_file).and_return(fog_hash)
- expect(load_fog_credentials).to have_attributes(creds)
+ expect(aws).to receive(:get_fog_credentials).and_return(fog_creds)
+ expect(load_fog_credentials).to have_attributes(aws_creds)
end
- it 'returns loaded fog credentials with session token' do
- creds = {:access_key_id => 'awskey', :secret_access_key => 'awspass', :session_token => 'sometoken'}
- fog_hash = {:default => {:aws_access_key_id => 'awskey', :aws_secret_access_key => 'awspass', :aws_session_token => 'sometoken'}}
- expect(aws).to receive(:load_fog_credentials).and_call_original
- expect(YAML).to receive(:load_file).and_return(fog_hash)
- expect(load_fog_credentials).to have_attributes(creds)
- end
-
context 'raises errors' do
- it 'if missing access_key credential' do
- fog_hash = {:default => {:aws_secret_access_key => 'awspass'}}
+ it 'if missing aws_access_key_id credential' do
+ creds = {:aws_secret_access_key => 'awspass'}
err_text = "You must specify an aws_access_key_id in your .fog file (#{dot_fog}) for ec2 instances!"
expect(aws).to receive(:load_fog_credentials).and_call_original
- expect(YAML).to receive(:load_file).and_return(fog_hash)
+ expect(aws).to receive(:get_fog_credentials).and_return(creds)
expect { load_fog_credentials }.to raise_error(err_text)
end
- it 'if missing secret_key credential' do
- dot_fog = '.fog'
- fog_hash = {:default => {:aws_access_key_id => 'awskey'}}
+ it 'if missing aws_secret_access_key credential' do
+ creds = {:aws_access_key_id => 'awskey'}
err_text = "You must specify an aws_secret_access_key in your .fog file (#{dot_fog}) for ec2 instances!"
expect(aws).to receive(:load_fog_credentials).and_call_original
- expect(YAML).to receive(:load_file).and_return(fog_hash)
+ expect(aws).to receive(:get_fog_credentials).and_return(creds)
expect { load_fog_credentials }.to raise_error(err_text)
end
end
end