Skip to content
Browse files

New unit test for referenced security groups

  • Loading branch information...
1 parent 9656a9d commit a06c3ed182005b209a34d2da1fed7ba99a84f918 @Metallion Metallion committed Apr 25, 2012
View
1 tests/cucumber/environment.rb
@@ -3,6 +3,7 @@
TIMEOUT_BASE = 10
TIMEOUT_CREATE_INSTANCE = TIMEOUT_BASE * 20
TIMEOUT_TERMINATE_INSTANCE = TIMEOUT_BASE * 20
+TIMEOUT_PACKET_SENDING = TIMEOUT_BASE * 6
IO.popen("cd #{VDC_ROOT}/dcmgr && ./bin/vdc-debug vnet edges") { |debug_io|
while !(line = debug_io.readline).nil?
View
65 tests/cucumber/features/firewall/security_group_reference.feature
@@ -0,0 +1,65 @@
+Feature: Security groups referencing other security groups
+
+ Scenario: Single nic
+ Given the volume "wmi-secgtest" exists
+ And the instance_spec "is-demospec" exists for api until 11.12
+ And security group A exists with the following rules
+ """
+ tcp:22,22,ip4:0.0.0.0
+ """
+ And security group B exists with the following rules
+ """
+ tcp:22,22,ip4:0.0.0.0
+ tcp:345,345,<Group A>
+ """
+ And security group C exists with the following rules
+ """
+ tcp:22,22,ip4:0.0.0.0
+ """
+
+ And an instance instB1 is started in group B that listens on tcp port 345
+ And an instance instA1 is started in group A that listens on tcp port 345
+ And an instance instA2 is started in group A that listens on tcp port 345
+ And an instance instC1 is started in group C that listens on tcp port 345
+
+ When instance instA1 sends a tcp packet to instance instB1 on port 345
+ Then the packet should arrive successfully
+
+ When instance instA2 sends a tcp packet to instance instB1 on port 345
+ Then the packet should arrive successfully
+
+ When instance instB1 sends a tcp packet to instance instA1 on port 345
+ Then the packet should not arrive successfully
+
+ When instance instB1 sends a tcp packet to instance instA2 on port 345
+ Then the packet should not arrive successfully
+
+ When instance instC1 sends a tcp packet to instance instB1 on port 345
+ Then the packet should not arrive successfully
+
+ When we successfully start an instance instA3 in group A that listens on tcp port 345
+ And instance instA3 sends a tcp packet to instance instB1 on port 345
+ Then the packet should arrive successfully
+
+ When we update security group B with the following rules
+ """
+ tcp:22,22,ip4:0.0.0.0
+ """
+
+ When instance instA1 sends a tcp packet to instance instB1 on port 345
+ Then the packet should not arrive successfully
+
+ When instance instA2 sends a tcp packet to instance instB1 on port 345
+ Then the packet should not arrive successfully
+
+ When instance instA3 sends a tcp packet to instance instB1 on port 345
+ Then the packet should not arrive successfully
+
+ When we successfully terminate instance instA1
+ And we successfully terminate instance instA2
+ And we successfully terminate instance instA3
+ And we successfully terminate instance instB1
+ And we successfully terminate instance instC1
+ And we successfully delete security group A
+ And we successfully delete security group B
+ And we successfully delete security group C
View
2 tests/cucumber/features/firewall/step_definitions/isolation_steps.rb
@@ -48,7 +48,7 @@
@instances[sender] = @api_last_result
end
- @ping_result[sender][ip] = ssh_command(@instances[sender]["id"], "ubuntu", "/opt/ping.rb #{ip} #{TIMEOUT_BASE}", TIMEOUT_BASE).chomp
+ @ping_result[sender][ip] = ssh_command(@instances[sender]["id"], "ubuntu", "/opt/ping.rb #{ip} #{TIMEOUT_PACKET_SENDING}", TIMEOUT_PACKET_SENDING).chomp
@last_sender_name = sender
@last_pinged_ip = ip
end
View
24 tests/cucumber/features/firewall/step_definitions/nat_steps.rb
@@ -39,17 +39,26 @@
Given /^security group (.+) exists with the following rules$/ do |group_name, rules|
@security_groups = {} if @security_groups.nil?
+
steps %Q{
When we make a successful api create call to security_groups with the following options
- | description |
- | static nat test group: #{group_name} |
+ | description |
+ | cucumber test group: #{group_name} |
Then the previous api call should be successful
And from the previous api call take {"id":} and save it to <registry:group_#{group_name}>
+ }
+
+ # Fill in the proper uuid if another group is referenced
+ parsed_rules = rules.gsub(/<Group (.+)>/) { |group|
+ grp_name = group.split(" ").last
+ variable_get_value "<registry:group_#{grp_name}"
+ }
+
+ steps %Q{
When we successfully set the following rules for the security group
"""
- #{rules}
+ #{parsed_rules}
"""
- Then the previous api call should be successful
}
end
@@ -124,7 +133,12 @@
sender_address = @instances[sender]["vif"].first["ipv4"]["address"]
receiver_address = @instances[receiver]["vif"].first["ipv4"][which_address]
- @used_ip = ssh_command(@instances[sender]["id"], "ubuntu", "/opt/tcp.rb #{receiver_address} #{port} #{TIMEOUT_BASE}", TIMEOUT_BASE+10).chomp
+ begin
+ @used_ip = ssh_command(@instances[sender]["id"], "ubuntu", "/opt/tcp.rb #{receiver_address} #{port} #{TIMEOUT_PACKET_SENDING} 2> /dev/null", TIMEOUT_PACKET_SENDING+10).chomp
+ rescue RuntimeError => e
+ raise unless e.message[0..13] == "Retry Failure:"
+ @used_ip = "false"
+ end
@last_sender = sender
end
View
53 tests/cucumber/features/firewall/step_definitions/reference_steps.rb
@@ -0,0 +1,53 @@
+# encoding: utf-8
+begin require 'rspec/expectations'; rescue LoadError; require 'spec/expectations'; end
+require 'cucumber/formatter/unicode'
+
+Before do
+end
+
+After do
+end
+
+require 'socket'
+require 'timeout'
+
+Given /^an instance (.+) is started in group (.+) that listens on (tcp|udp) port (\d+)$/ do |instance_name, group_name, protocol, port|
+ steps %Q{
+ Given an instance #{instance_name} is started with the following options
+ | image_id | instance_spec_id | ssh_key_id | security_groups | user_data |
+ | wmi-secgtest | is-demospec | ssh-demo | <registry:group_#{group_name}> | #{protocol}:#{port} |
+ }
+end
+
+When /^we successfully start an instance (.+) in group (.+) that listens on (tcp|udp) port (\d+)$/ do |instance_name, group_name, protocol, port|
+ steps %Q{
+ Given an instance #{instance_name} is started with the following options
+ | image_id | instance_spec_id | ssh_key_id | security_groups | user_data |
+ | wmi-secgtest | is-demospec | ssh-demo | <registry:group_#{group_name}> | #{protocol}:#{port} |
+ Then the started instance should start ssh in 60 seconds or less
+ }
+end
+
+When /^instance (.+) sends a (tcp|udp) packet to instance (.+) on port (\d+)$/ do |sender_name, protocol, receiver_name, port|
+ steps %Q{
+ When instance #{sender_name} sends a #{protocol} packet to #{receiver_name}'s inside address on port #{port}
+ }
+end
+
+Then /^the packet (should|should\snot) arrive successfully$/ do |result|
+ if result == "should"
+ steps %{Then it should use its inside ip}
+ else
+ steps %{Then it should fail to send the packet}
+ end
+end
+
+When /^we update security group (.+) with the following rules$/ do |group_name,rules|
+ rules_with_line_breaks = rules.inspect.slice(1,rules.inspect.length-2)
+ group_uuid = variable_get_value "<registry:group_#{group_name}>"
+ steps %Q{
+ When we make a successful api update call to security_groups/#{group_uuid} with the following options
+ | rule |
+ | #{rules_with_line_breaks} |
+ }
+end

0 comments on commit a06c3ed

Please sign in to comment.
Something went wrong with that request. Please try again.