func TestList(t *testing.T) {
th.SetupHTTP()
defer th.TeardownHTTP()
th.Mux.HandleFunc("/v2.0/security-group-rules", func(w http.ResponseWriter, r *http.Request) {
th.TestMethod(t, r, "GET")
th.TestHeader(t, r, "X-Auth-Token", fake.TokenID)
w.Header().Add("Content-Type", "application/json")
w.WriteHeader(http.StatusOK)
fmt.Fprintf(w, `
{
"security_group_rules": [
{
"direction": "egress",
"ethertype": "IPv6",
"id": "3c0e45ff-adaf-4124-b083-bf390e5482ff",
"port_range_max": null,
"port_range_min": null,
"protocol": null,
"remote_group_id": null,
"remote_ip_prefix": null,
"security_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
"tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550"
},
{
"direction": "egress",
"ethertype": "IPv4",
"id": "93aa42e5-80db-4581-9391-3a608bd0e448",
"port_range_max": null,
"port_range_min": null,
"protocol": null,
"remote_group_id": null,
"remote_ip_prefix": null,
"security_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
"tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550"
}
]
}
`)
})
count := 0
rules.List(fake.ServiceClient(), rules.ListOpts{}).EachPage(func(page pagination.Page) (bool, error) {
count++
actual, err := rules.ExtractRules(page)
if err != nil {
t.Errorf("Failed to extract secrules: %v", err)
return false, err
}
expected := []rules.SecGroupRule{
{
Direction: "egress",
EtherType: "IPv6",
ID: "3c0e45ff-adaf-4124-b083-bf390e5482ff",
PortRangeMax: 0,
PortRangeMin: 0,
Protocol: "",
RemoteGroupID: "",
RemoteIPPrefix: "",
SecGroupID: "85cc3048-abc3-43cc-89b3-377341426ac5",
TenantID: "e4f50856753b4dc6afee5fa6b9b6c550",
},
{
Direction: "egress",
EtherType: "IPv4",
ID: "93aa42e5-80db-4581-9391-3a608bd0e448",
PortRangeMax: 0,
PortRangeMin: 0,
Protocol: "",
RemoteGroupID: "",
RemoteIPPrefix: "",
SecGroupID: "85cc3048-abc3-43cc-89b3-377341426ac5",
TenantID: "e4f50856753b4dc6afee5fa6b9b6c550",
},
}
th.CheckDeepEquals(t, expected, actual)
return true, nil
})
if count != 1 {
t.Errorf("Expected 1 page, got %d", count)
}
}
func (os *OpenStack) ensureSecurityGroup(tenantID string) (string, error) {
var securitygroup *groups.SecGroup
opts := groups.ListOpts{
TenantID: tenantID,
Name: securitygroupName,
}
pager := groups.List(os.network, opts)
err := pager.EachPage(func(page pagination.Page) (bool, error) {
sg, err := groups.ExtractGroups(page)
if err != nil {
glog.Errorf("Get openstack securitygroups error: %v", err)
return false, err
}
if len(sg) > 0 {
securitygroup = &sg[0]
}
return true, err
})
if err != nil {
return "", err
}
// If securitygroup doesn't exist, create a new one
if securitygroup == nil {
securitygroup, err = groups.Create(os.network, groups.CreateOpts{
Name: securitygroupName,
TenantID: tenantID,
}).Extract()
if err != nil {
return "", err
}
}
var secGroupsRules int
listopts := rules.ListOpts{
TenantID: tenantID,
Direction: string(rules.DirIngress),
SecGroupID: securitygroup.ID,
}
rulesPager := rules.List(os.network, listopts)
err = rulesPager.EachPage(func(page pagination.Page) (bool, error) {
r, err := rules.ExtractRules(page)
if err != nil {
glog.Errorf("Get openstack securitygroup rules error: %v", err)
return false, err
}
secGroupsRules = len(r)
return true, err
})
if err != nil {
return "", err
}
// create new rules
if secGroupsRules == 0 {
// create egress rule
_, err = rules.Create(os.network, rules.CreateOpts{
TenantID: tenantID,
SecGroupID: securitygroup.ID,
Direction: rules.DirEgress,
EtherType: rules.EtherType4,
}).Extract()
// create ingress rule
_, err := rules.Create(os.network, rules.CreateOpts{
TenantID: tenantID,
SecGroupID: securitygroup.ID,
Direction: rules.DirIngress,
EtherType: rules.EtherType4,
}).Extract()
if err != nil {
return "", err
}
}
return securitygroup.ID, nil
}
