func (s *networkSuite) TestNetworkNames(c *gc.C) {
for i, test := range networkNameTests {
c.Logf("test %d: %q", i, test.pattern)
c.Check(names.IsNetwork(test.pattern), gc.Equals, test.valid)
if test.valid {
expectTag := fmt.Sprintf("%s-%s", names.NetworkTagKind, test.pattern)
c.Check(names.NewNetworkTag(test.pattern).String(), gc.Equals, expectTag)
} else {
expectErr := fmt.Sprintf("%q is not a valid network name", test.pattern)
testNetworkTag := func() { names.NewNetworkTag(test.pattern) }
c.Check(testNetworkTag, gc.PanicMatches, regexp.QuoteMeta(expectErr))
}
}
}
func (s *firewallerSuite) TestGetMachineActiveNetworks(c *gc.C) {
s.openPorts(c)
args := addFakeEntities(params.Entities{Entities: []params.Entity{
{Tag: s.machines[0].Tag().String()},
{Tag: s.machines[1].Tag().String()},
{Tag: s.machines[2].Tag().String()},
{Tag: s.service.Tag().String()},
{Tag: s.units[0].Tag().String()},
}})
networkTag := names.NewNetworkTag(network.DefaultPublic)
expectResults := []string{networkTag.String()}
result, err := s.firewaller.GetMachineActiveNetworks(args)
c.Assert(err, jc.ErrorIsNil)
c.Assert(result, jc.DeepEquals, params.StringsResults{
Results: []params.StringsResult{
{Result: expectResults},
{Result: nil, Error: nil},
{Result: expectResults},
{Error: apiservertesting.ErrUnauthorized},
{Error: apiservertesting.ErrUnauthorized},
{Error: apiservertesting.NotFoundError("machine 42")},
{Error: apiservertesting.ErrUnauthorized},
{Error: apiservertesting.ErrUnauthorized},
{Error: apiservertesting.ErrUnauthorized},
{Error: apiservertesting.ErrUnauthorized},
{Error: apiservertesting.ErrUnauthorized},
},
})
}
func (task *provisionerTask) prepareNetworkAndInterfaces(networkInfo []network.InterfaceInfo) (
networks []params.Network, ifaces []params.NetworkInterface, err error) {
if len(networkInfo) == 0 {
return nil, nil, nil
}
visitedNetworks := set.NewStrings()
for _, info := range networkInfo {
if !names.IsValidNetwork(info.NetworkName) {
return nil, nil, errors.Errorf("invalid network name %q", info.NetworkName)
}
networkTag := names.NewNetworkTag(info.NetworkName).String()
if !visitedNetworks.Contains(networkTag) {
networks = append(networks, params.Network{
Tag: networkTag,
ProviderId: string(info.ProviderId),
CIDR: info.CIDR,
VLANTag: info.VLANTag,
})
visitedNetworks.Add(networkTag)
}
ifaces = append(ifaces, params.NetworkInterface{
InterfaceName: info.ActualInterfaceName(),
MACAddress: info.MACAddress,
NetworkTag: networkTag,
IsVirtual: info.IsVirtual(),
Disabled: info.Disabled,
})
}
return networks, ifaces, nil
}
func (task *provisionerTask) prepareNetworkAndInterfaces(networkInfo []network.Info) (
networks []params.Network, ifaces []params.NetworkInterface) {
if len(networkInfo) == 0 {
return nil, nil
}
visitedNetworks := set.NewStrings()
for _, info := range networkInfo {
networkTag := names.NewNetworkTag(info.NetworkName).String()
if !visitedNetworks.Contains(networkTag) {
networks = append(networks, params.Network{
Tag: networkTag,
ProviderId: info.ProviderId,
CIDR: info.CIDR,
VLANTag: info.VLANTag,
})
visitedNetworks.Add(networkTag)
}
ifaces = append(ifaces, params.NetworkInterface{
InterfaceName: info.InterfaceName,
MACAddress: info.MACAddress,
NetworkTag: networkTag,
IsVirtual: info.IsVirtual(),
})
}
return networks, ifaces
}
// GetMachineActiveNetworks returns the tags of the all networks the
// each given machine has open ports on.
func (f *FirewallerAPI) GetMachineActiveNetworks(args params.Entities) (params.StringsResults, error) {
result := params.StringsResults{
Results: make([]params.StringsResult, len(args.Entities)),
}
canAccess, err := f.accessMachine()
if err != nil {
return params.StringsResults{}, err
}
for i, entity := range args.Entities {
machineTag, err := names.ParseMachineTag(entity.Tag)
if err != nil {
result.Results[i].Error = common.ServerError(common.ErrPerm)
continue
}
machine, err := f.getMachine(canAccess, machineTag)
if err != nil {
result.Results[i].Error = common.ServerError(err)
continue
}
ports, err := machine.AllPorts()
if err != nil {
result.Results[i].Error = common.ServerError(err)
continue
}
for _, port := range ports {
networkTag := names.NewNetworkTag(port.NetworkName()).String()
result.Results[i].Result = append(result.Results[i].Result, networkTag)
}
}
return result, nil
}
func (s *commonSuite) TestAuthFuncForTagKind(c *gc.C) {
// TODO(dimitern): This list of all supported tags and kinds needs
// to live in juju/names.
uuid, err := utils.NewUUID()
c.Assert(err, jc.ErrorIsNil)
allTags := []names.Tag{
nil, // invalid tag
names.NewActionTag(uuid.String()),
names.NewCharmTag("cs:precise/missing"),
names.NewModelTag(uuid.String()),
names.NewFilesystemTag("20/20"),
names.NewLocalUserTag("user"),
names.NewMachineTag("42"),
names.NewNetworkTag("public"),
names.NewRelationTag("wordpress:mysql mysql:db"),
names.NewServiceTag("wordpress"),
names.NewSpaceTag("apps"),
names.NewStorageTag("foo/42"),
names.NewUnitTag("wordpress/5"),
names.NewUserTag("joe"),
names.NewVolumeTag("80/20"),
}
for i, allowedTag := range allTags {
c.Logf("test #%d: allowedTag: %v", i, allowedTag)
var allowedKind string
if allowedTag != nil {
allowedKind = allowedTag.Kind()
}
getAuthFunc := common.AuthFuncForTagKind(allowedKind)
authFunc, err := getAuthFunc()
if allowedKind == "" {
c.Check(err, gc.ErrorMatches, "tag kind cannot be empty")
c.Check(authFunc, gc.IsNil)
continue
} else if !c.Check(err, jc.ErrorIsNil) {
continue
}
for j, givenTag := range allTags {
c.Logf("test #%d.%d: givenTag: %v", i, j, givenTag)
var givenKind string
if givenTag != nil {
givenKind = givenTag.Kind()
}
if allowedKind == givenKind {
c.Check(authFunc(givenTag), jc.IsTrue)
} else {
c.Check(authFunc(givenTag), jc.IsFalse)
}
}
}
}
// parsePortsKey parses a ports document global key coming from the
// ports watcher (e.g. "42:juju-public") and returns the machine and
// network tags from its components (in the last example "machine-42"
// and "network-juju-public").
func parsePortsKey(change string) (machineTag names.MachineTag, networkTag names.NetworkTag, err error) {
defer errors.DeferredAnnotatef(&err, "invalid ports change %q", change)
parts := strings.SplitN(change, ":", 2)
if len(parts) != 2 {
return names.MachineTag{}, names.NetworkTag{}, errors.Errorf("unexpected format")
}
machineId, networkName := parts[0], parts[1]
return names.NewMachineTag(machineId), names.NewNetworkTag(networkName), nil
}
// networkNamesToTags returns the given network names converted to
// tags, or an error.
func networkNamesToTags(networks []string) ([]string, error) {
var tags []string
for _, network := range networks {
if !names.IsValidNetwork(network) {
return nil, fmt.Errorf("%q is not a valid network name", network)
}
tags = append(tags, names.NewNetworkTag(network).String())
}
return tags, nil
}
func (task *provisionerTask) prepareNetworkAndInterfaces(networkInfo []network.InterfaceInfo) (
networks []params.Network, ifaces []params.NetworkInterface, err error) {
if len(networkInfo) == 0 {
return nil, nil, nil
}
visitedNetworks := set.NewStrings()
for _, info := range networkInfo {
// TODO(dimitern): The following few fields are required, but no longer
// matter and will be dropped or changed soon as part of making spaces
// and subnets usable across the board.
if info.NetworkName == "" {
info.NetworkName = network.DefaultPrivate
}
if info.ProviderId == "" {
info.ProviderId = network.DefaultPrivate
}
if info.CIDR == "" {
// TODO(dimitern): This is only when NOT using addressable
// containers, as we don't fetch the subnet details, but since
// networks in state are going away real soon, it's not important.
info.CIDR = "0.0.0.0/32"
}
if !names.IsValidNetwork(info.NetworkName) {
return nil, nil, errors.Errorf("invalid network name %q", info.NetworkName)
}
networkTag := names.NewNetworkTag(info.NetworkName).String()
if !visitedNetworks.Contains(networkTag) {
networks = append(networks, params.Network{
Tag: networkTag,
ProviderId: string(info.ProviderId),
CIDR: info.CIDR,
VLANTag: info.VLANTag,
})
visitedNetworks.Add(networkTag)
}
ifaces = append(ifaces, params.NetworkInterface{
InterfaceName: info.ActualInterfaceName(),
MACAddress: info.MACAddress,
NetworkTag: networkTag,
IsVirtual: info.IsVirtual(),
Disabled: info.Disabled,
})
}
return networks, ifaces, nil
}
func (s *machineSuite) TestOpenedPorts(c *gc.C) {
networkTag := names.NewNetworkTag(network.DefaultPublic)
unitTag := s.units[0].Tag().(names.UnitTag)
// No ports opened at first.
ports, err := s.apiMachine.OpenedPorts(networkTag)
c.Assert(err, jc.ErrorIsNil)
c.Assert(ports, gc.HasLen, 0)
// Open a port and check again.
err = s.units[0].OpenPort("tcp", 1234)
c.Assert(err, jc.ErrorIsNil)
ports, err = s.apiMachine.OpenedPorts(networkTag)
c.Assert(err, jc.ErrorIsNil)
c.Assert(ports, jc.DeepEquals, map[network.PortRange]names.UnitTag{
network.PortRange{FromPort: 1234, ToPort: 1234, Protocol: "tcp"}: unitTag,
})
}
func (s *firewallerSuite) TestGetMachinePorts(c *gc.C) {
s.openPorts(c)
networkTag := names.NewNetworkTag(network.DefaultPublic).String()
args := params.MachinePortsParams{
Params: []params.MachinePorts{
{MachineTag: s.machines[0].Tag().String(), NetworkTag: networkTag},
{MachineTag: s.machines[1].Tag().String(), NetworkTag: networkTag},
{MachineTag: s.machines[2].Tag().String(), NetworkTag: networkTag},
{MachineTag: s.machines[0].Tag().String(), NetworkTag: "invalid"},
{MachineTag: "machine-42", NetworkTag: networkTag},
{MachineTag: s.machines[0].Tag().String(), NetworkTag: "network-missing"},
},
}
unit0Tag := s.units[0].Tag().String()
expectPortsMachine0 := []params.MachinePortRange{
{UnitTag: unit0Tag, PortRange: params.PortRange{
FromPort: 1234, ToPort: 1400, Protocol: "tcp",
}},
{UnitTag: unit0Tag, PortRange: params.PortRange{
FromPort: 4321, ToPort: 4321, Protocol: "tcp",
}},
}
unit2Tag := s.units[2].Tag().String()
expectPortsMachine2 := []params.MachinePortRange{
{UnitTag: unit2Tag, PortRange: params.PortRange{
FromPort: 1111, ToPort: 2222, Protocol: "udp",
}},
}
result, err := s.firewaller.GetMachinePorts(args)
c.Assert(err, jc.ErrorIsNil)
c.Assert(result, jc.DeepEquals, params.MachinePortsResults{
Results: []params.MachinePortsResult{
{Ports: expectPortsMachine0},
{Error: nil, Ports: nil},
{Ports: expectPortsMachine2},
{Error: apiservertesting.ErrUnauthorized},
{Error: apiservertesting.NotFoundError("machine 42")},
{Error: nil, Ports: nil},
},
})
}
func (s *machineSuite) TestActiveNetworks(c *gc.C) {
// No ports opened at first, no networks.
nets, err := s.apiMachine.ActiveNetworks()
c.Assert(err, jc.ErrorIsNil)
c.Assert(nets, gc.HasLen, 0)
// Open a port and check again.
err = s.units[0].OpenPort("tcp", 1234)
c.Assert(err, jc.ErrorIsNil)
nets, err = s.apiMachine.ActiveNetworks()
c.Assert(err, jc.ErrorIsNil)
c.Assert(nets, jc.DeepEquals, []names.NetworkTag{
names.NewNetworkTag(network.DefaultPublic),
})
// Remove all ports, no networks.
ports, err := s.machines[0].OpenedPorts(network.DefaultPublic)
c.Assert(err, jc.ErrorIsNil)
err = ports.Remove()
c.Assert(err, jc.ErrorIsNil)
nets, err = s.apiMachine.ActiveNetworks()
c.Assert(err, jc.ErrorIsNil)
c.Assert(nets, gc.HasLen, 0)
}
expectKind: names.ActionTagKind,
expectType: names.ActionTag{},
resultId: "wordpress/0" + names.ActionMarker + "333",
}, {
tag: "foo",
resultErr: `"foo" is not a valid tag`,
}}
var makeTag = map[string]func(string) names.Tag{
names.MachineTagKind: func(tag string) names.Tag { return names.NewMachineTag(tag) },
names.UnitTagKind: func(tag string) names.Tag { return names.NewUnitTag(tag) },
names.ServiceTagKind: func(tag string) names.Tag { return names.NewServiceTag(tag) },
names.RelationTagKind: func(tag string) names.Tag { return names.NewRelationTag(tag) },
names.EnvironTagKind: func(tag string) names.Tag { return names.NewEnvironTag(tag) },
names.UserTagKind: func(tag string) names.Tag { return names.NewUserTag(tag) },
names.NetworkTagKind: func(tag string) names.Tag { return names.NewNetworkTag(tag) },
names.ActionTagKind: func(tag string) names.Tag { return names.NewActionTag(tag) },
}
func (*tagSuite) TestParseTag(c *gc.C) {
for i, test := range parseTagTests {
c.Logf("test %d: %q expectKind %q", i, test.tag, test.expectKind)
tag, err := names.ParseTag(test.tag)
if test.resultErr != "" {
c.Assert(err, gc.ErrorMatches, test.resultErr)
c.Assert(tag, gc.IsNil)
// If the tag has a valid kind which matches the
// expected kind, test that using an empty
// expectKind does not change the error message.
if tagKind, err := names.TagKind(test.tag); err == nil && tagKind == test.expectKind {
// NetworkTag returns the network tag of the interface.
func (ni *NetworkInterface) NetworkTag() string {
return names.NewNetworkTag(ni.doc.NetworkName).String()
}
// Tag returns the network tag.
func (n *Network) Tag() string {
return names.NewNetworkTag(n.doc.Name).String()
}
// Tag returns the network tag.
func (n *Network) Tag() names.Tag {
return names.NewNetworkTag(n.doc.Name)
}
// NetworkTag returns the network tag of the interface.
func (ni *NetworkInterface) NetworkTag() names.NetworkTag {
return names.NewNetworkTag(ni.doc.NetworkName)
}
testNetworkTag := func() { names.NewNetworkTag(test.pattern) }
c.Check(testNetworkTag, gc.PanicMatches, regexp.QuoteMeta(expectErr))
}
}
}
var parseNetworkTagTests = []struct {
tag string
expected names.Tag
err error
}{{
tag: "",
err: names.InvalidTagError("", ""),
}, {
tag: "network-dave",
expected: names.NewNetworkTag("dave"),
}, {
tag: "dave",
err: names.InvalidTagError("dave", ""),
}, {
tag: "network-dave/0",
err: names.InvalidTagError("network-dave/0", names.NetworkTagKind),
}, {
tag: "network",
err: names.InvalidTagError("network", ""),
}, {
tag: "user-dave",
err: names.InvalidTagError("user-dave", names.NetworkTagKind),
}}
func (s *networkSuite) TestParseNetworkTag(c *gc.C) {