func (s *FirewallerGlobalModeSuite) TestGlobalModeRestartUnexposedService(c *gc.C) {
// Start firewaller and open ports.
fw, err := firewaller.NewFirewaller(s.firewaller)
c.Assert(err, gc.IsNil)
svc := s.AddTestingService(c, "wordpress", s.charm)
err = svc.SetExposed()
c.Assert(err, gc.IsNil)
u, m := s.addUnit(c, svc)
s.startInstance(c, m)
err = u.OpenPort("tcp", 80)
c.Assert(err, gc.IsNil)
err = u.OpenPort("tcp", 8080)
c.Assert(err, gc.IsNil)
s.assertEnvironPorts(c, []network.Port{{"tcp", 80}, {"tcp", 8080}})
// Stop firewaller and clear exposed flag on service.
err = fw.Stop()
c.Assert(err, gc.IsNil)
err = svc.ClearExposed()
c.Assert(err, gc.IsNil)
// Start firewaller and check port.
fw, err = firewaller.NewFirewaller(s.firewaller)
c.Assert(err, gc.IsNil)
defer func() { c.Assert(fw.Stop(), gc.IsNil) }()
s.assertEnvironPorts(c, nil)
}
func (s *GlobalModeSuite) TestRestartUnexposedService(c *gc.C) {
// Start firewaller and open ports.
fw, err := firewaller.NewFirewaller(s.firewaller)
c.Assert(err, jc.ErrorIsNil)
svc := s.AddTestingService(c, "wordpress", s.charm)
err = svc.SetExposed()
c.Assert(err, jc.ErrorIsNil)
u, m := s.addUnit(c, svc)
s.startInstance(c, m)
err = u.OpenPort("tcp", 80)
c.Assert(err, jc.ErrorIsNil)
err = u.OpenPort("tcp", 8080)
c.Assert(err, jc.ErrorIsNil)
s.assertEnvironPorts(c, []network.PortRange{{80, 80, "tcp"}, {8080, 8080, "tcp"}})
// Stop firewaller and clear exposed flag on service.
err = worker.Stop(fw)
c.Assert(err, jc.ErrorIsNil)
err = svc.ClearExposed()
c.Assert(err, jc.ErrorIsNil)
// Start firewaller and check port.
fw, err = firewaller.NewFirewaller(s.firewaller)
c.Assert(err, jc.ErrorIsNil)
defer statetesting.AssertKillAndWait(c, fw)
s.assertEnvironPorts(c, nil)
}
func (s *FirewallerGlobalModeSuite) TestGlobalModeRestartPortCount(c *gc.C) {
// Start firewaller and open ports.
fw, err := firewaller.NewFirewaller(s.firewaller)
c.Assert(err, gc.IsNil)
svc1 := s.AddTestingService(c, "wordpress", s.charm)
err = svc1.SetExposed()
c.Assert(err, gc.IsNil)
u1, m1 := s.addUnit(c, svc1)
s.startInstance(c, m1)
err = u1.OpenPort("tcp", 80)
c.Assert(err, gc.IsNil)
err = u1.OpenPort("tcp", 8080)
c.Assert(err, gc.IsNil)
s.assertEnvironPorts(c, []network.Port{{"tcp", 80}, {"tcp", 8080}})
// Stop firewaller and add another service using the port.
err = fw.Stop()
c.Assert(err, gc.IsNil)
svc2 := s.AddTestingService(c, "moinmoin", s.charm)
err = svc2.SetExposed()
c.Assert(err, gc.IsNil)
u2, m2 := s.addUnit(c, svc2)
s.startInstance(c, m2)
err = u2.OpenPort("tcp", 80)
c.Assert(err, gc.IsNil)
// Start firewaller and check port.
fw, err = firewaller.NewFirewaller(s.firewaller)
c.Assert(err, gc.IsNil)
defer func() { c.Assert(fw.Stop(), gc.IsNil) }()
s.assertEnvironPorts(c, []network.Port{{"tcp", 80}, {"tcp", 8080}})
// Closing a port opened by a different unit won't touch the environment.
err = u1.ClosePort("tcp", 80)
c.Assert(err, gc.IsNil)
s.assertEnvironPorts(c, []network.Port{{"tcp", 80}, {"tcp", 8080}})
// Closing a port used just once changes the environment.
err = u1.ClosePort("tcp", 8080)
c.Assert(err, gc.IsNil)
s.assertEnvironPorts(c, []network.Port{{"tcp", 80}})
// Closing the last port also modifies the environment.
err = u2.ClosePort("tcp", 80)
c.Assert(err, gc.IsNil)
s.assertEnvironPorts(c, nil)
}
func (s *FirewallerSuite) TestMultipleUnits(c *gc.C) {
fw, err := firewaller.NewFirewaller(s.firewaller)
c.Assert(err, gc.IsNil)
defer func() { c.Assert(fw.Stop(), gc.IsNil) }()
svc := s.AddTestingService(c, "wordpress", s.charm)
err = svc.SetExposed()
c.Assert(err, gc.IsNil)
u1, m1 := s.addUnit(c, svc)
inst1 := s.startInstance(c, m1)
err = u1.OpenPort("tcp", 80)
c.Assert(err, gc.IsNil)
u2, m2 := s.addUnit(c, svc)
inst2 := s.startInstance(c, m2)
err = u2.OpenPort("tcp", 80)
c.Assert(err, gc.IsNil)
s.assertPorts(c, inst1, m1.Id(), []network.PortRange{{80, 80, "tcp"}})
s.assertPorts(c, inst2, m2.Id(), []network.PortRange{{80, 80, "tcp"}})
err = u1.ClosePort("tcp", 80)
c.Assert(err, gc.IsNil)
err = u2.ClosePort("tcp", 80)
c.Assert(err, gc.IsNil)
s.assertPorts(c, inst1, m1.Id(), nil)
s.assertPorts(c, inst2, m2.Id(), nil)
}
func (s *InstanceModeSuite) TestStartWithStateOpenPortsBroken(c *gc.C) {
svc := s.AddTestingService(c, "wordpress", s.charm)
err := svc.SetExposed()
c.Assert(err, jc.ErrorIsNil)
u, m := s.addUnit(c, svc)
inst := s.startInstance(c, m)
err = u.OpenPort("tcp", 80)
c.Assert(err, jc.ErrorIsNil)
// Nothing open without firewaller.
s.assertPorts(c, inst, m.Id(), nil)
dummy.SetInstanceBroken(inst, "OpenPorts")
// Starting the firewaller should attempt to open the ports,
// and fail due to the method being broken.
fw, err := firewaller.NewFirewaller(s.firewaller)
c.Assert(err, jc.ErrorIsNil)
errc := make(chan error, 1)
go func() { errc <- fw.Wait() }()
s.BackingState.StartSync()
select {
case err := <-errc:
c.Assert(err, gc.ErrorMatches,
`cannot respond to units changes for "machine-1": dummyInstance.OpenPorts is broken`)
case <-time.After(coretesting.LongWait):
fw.Kill()
fw.Wait()
c.Fatal("timed out waiting for firewaller to stop")
}
}
func (s *FirewallerSuite) TestDeadMachine(c *gc.C) {
fw, err := firewaller.NewFirewaller(s.firewaller)
c.Assert(err, gc.IsNil)
defer func() { c.Assert(fw.Stop(), gc.IsNil) }()
svc := s.AddTestingService(c, "wordpress", s.charm)
err = svc.SetExposed()
c.Assert(err, gc.IsNil)
u, m := s.addUnit(c, svc)
inst := s.startInstance(c, m)
err = u.OpenPort("tcp", 80)
c.Assert(err, gc.IsNil)
s.assertPorts(c, inst, m.Id(), []network.Port{{"tcp", 80}})
// Remove unit and service, also tested without. Has no effect.
err = u.EnsureDead()
c.Assert(err, gc.IsNil)
err = u.Remove()
c.Assert(err, gc.IsNil)
err = svc.Destroy()
c.Assert(err, gc.IsNil)
// Kill machine.
err = m.Refresh()
c.Assert(err, gc.IsNil)
err = m.EnsureDead()
c.Assert(err, gc.IsNil)
s.assertPorts(c, inst, m.Id(), nil)
}
func (s *FirewallerSuite) TestSetClearExposedService(c *gc.C) {
fw, err := firewaller.NewFirewaller(s.firewaller)
c.Assert(err, gc.IsNil)
defer func() { c.Assert(fw.Stop(), gc.IsNil) }()
svc := s.AddTestingService(c, "wordpress", s.charm)
u, m := s.addUnit(c, svc)
inst := s.startInstance(c, m)
err = u.OpenPort("tcp", 80)
c.Assert(err, gc.IsNil)
err = u.OpenPort("tcp", 8080)
c.Assert(err, gc.IsNil)
// Not exposed service, so no open port.
s.assertPorts(c, inst, m.Id(), nil)
// SeExposed opens the ports.
err = svc.SetExposed()
c.Assert(err, gc.IsNil)
s.assertPorts(c, inst, m.Id(), []network.Port{{"tcp", 80}, {"tcp", 8080}})
// ClearExposed closes the ports again.
err = svc.ClearExposed()
c.Assert(err, gc.IsNil)
s.assertPorts(c, inst, m.Id(), nil)
}
func (s *InstanceModeSuite) TestRemoveUnit(c *gc.C) {
fw, err := firewaller.NewFirewaller(s.firewaller)
c.Assert(err, jc.ErrorIsNil)
defer statetesting.AssertKillAndWait(c, fw)
svc := s.AddTestingService(c, "wordpress", s.charm)
err = svc.SetExposed()
c.Assert(err, jc.ErrorIsNil)
u1, m1 := s.addUnit(c, svc)
inst1 := s.startInstance(c, m1)
err = u1.OpenPort("tcp", 80)
c.Assert(err, jc.ErrorIsNil)
u2, m2 := s.addUnit(c, svc)
inst2 := s.startInstance(c, m2)
err = u2.OpenPort("tcp", 80)
c.Assert(err, jc.ErrorIsNil)
s.assertPorts(c, inst1, m1.Id(), []network.PortRange{{80, 80, "tcp"}})
s.assertPorts(c, inst2, m2.Id(), []network.PortRange{{80, 80, "tcp"}})
// Remove unit.
err = u1.EnsureDead()
c.Assert(err, jc.ErrorIsNil)
err = u1.Remove()
c.Assert(err, jc.ErrorIsNil)
s.assertPorts(c, inst1, m1.Id(), nil)
s.assertPorts(c, inst2, m2.Id(), []network.PortRange{{80, 80, "tcp"}})
}
func (s *InstanceModeSuite) TestDeadMachine(c *gc.C) {
fw, err := firewaller.NewFirewaller(s.firewaller)
c.Assert(err, jc.ErrorIsNil)
defer statetesting.AssertKillAndWait(c, fw)
svc := s.AddTestingService(c, "wordpress", s.charm)
err = svc.SetExposed()
c.Assert(err, jc.ErrorIsNil)
u, m := s.addUnit(c, svc)
inst := s.startInstance(c, m)
err = u.OpenPort("tcp", 80)
c.Assert(err, jc.ErrorIsNil)
s.assertPorts(c, inst, m.Id(), []network.PortRange{{80, 80, "tcp"}})
// Remove unit and service, also tested without. Has no effect.
err = u.EnsureDead()
c.Assert(err, jc.ErrorIsNil)
err = u.Remove()
c.Assert(err, jc.ErrorIsNil)
err = svc.Destroy()
c.Assert(err, jc.ErrorIsNil)
// Kill machine.
err = m.Refresh()
c.Assert(err, jc.ErrorIsNil)
err = m.EnsureDead()
c.Assert(err, jc.ErrorIsNil)
s.assertPorts(c, inst, m.Id(), nil)
}
func (s *InstanceModeSuite) TestSetClearExposedService(c *gc.C) {
fw, err := firewaller.NewFirewaller(s.firewaller)
c.Assert(err, jc.ErrorIsNil)
defer statetesting.AssertKillAndWait(c, fw)
svc := s.AddTestingService(c, "wordpress", s.charm)
u, m := s.addUnit(c, svc)
inst := s.startInstance(c, m)
err = u.OpenPort("tcp", 80)
c.Assert(err, jc.ErrorIsNil)
err = u.OpenPort("tcp", 8080)
c.Assert(err, jc.ErrorIsNil)
// Not exposed service, so no open port.
s.assertPorts(c, inst, m.Id(), nil)
// SeExposed opens the ports.
err = svc.SetExposed()
c.Assert(err, jc.ErrorIsNil)
s.assertPorts(c, inst, m.Id(), []network.PortRange{{80, 80, "tcp"}, {8080, 8080, "tcp"}})
// ClearExposed closes the ports again.
err = svc.ClearExposed()
c.Assert(err, jc.ErrorIsNil)
s.assertPorts(c, inst, m.Id(), nil)
}
func (s *InstanceModeSuite) TestStartWithState(c *gc.C) {
svc := s.AddTestingService(c, "wordpress", s.charm)
err := svc.SetExposed()
c.Assert(err, jc.ErrorIsNil)
u, m := s.addUnit(c, svc)
inst := s.startInstance(c, m)
err = u.OpenPort("tcp", 80)
c.Assert(err, jc.ErrorIsNil)
err = u.OpenPort("tcp", 8080)
c.Assert(err, jc.ErrorIsNil)
// Nothing open without firewaller.
s.assertPorts(c, inst, m.Id(), nil)
// Starting the firewaller opens the ports.
fw, err := firewaller.NewFirewaller(s.firewaller)
c.Assert(err, jc.ErrorIsNil)
defer statetesting.AssertKillAndWait(c, fw)
s.assertPorts(c, inst, m.Id(), []network.PortRange{{80, 80, "tcp"}, {8080, 8080, "tcp"}})
err = svc.SetExposed()
c.Assert(err, jc.ErrorIsNil)
}
func (s *FirewallerSuite) TestRemoveMachine(c *gc.C) {
fw, err := firewaller.NewFirewaller(s.firewaller)
c.Assert(err, gc.IsNil)
defer func() { c.Assert(fw.Stop(), gc.IsNil) }()
svc := s.AddTestingService(c, "wordpress", s.charm)
err = svc.SetExposed()
c.Assert(err, gc.IsNil)
u, m := s.addUnit(c, svc)
inst := s.startInstance(c, m)
err = u.OpenPort("tcp", 80)
c.Assert(err, gc.IsNil)
s.assertPorts(c, inst, m.Id(), []network.Port{{"tcp", 80}})
// Remove unit.
err = u.EnsureDead()
c.Assert(err, gc.IsNil)
err = u.Remove()
c.Assert(err, gc.IsNil)
// Remove machine. Nothing bad should happen, but can't
// assert port state since the machine must have been
// destroyed and we lost its reference.
err = m.Refresh()
c.Assert(err, gc.IsNil)
err = m.EnsureDead()
c.Assert(err, gc.IsNil)
err = m.Remove()
c.Assert(err, gc.IsNil)
}
func (s *GlobalModeSuite) TestStartWithUnexposedService(c *gc.C) {
m, err := s.State.AddMachine("quantal", state.JobHostUnits)
c.Assert(err, jc.ErrorIsNil)
s.startInstance(c, m)
svc := s.AddTestingService(c, "wordpress", s.charm)
u, err := svc.AddUnit()
c.Assert(err, jc.ErrorIsNil)
err = u.AssignToMachine(m)
c.Assert(err, jc.ErrorIsNil)
err = u.OpenPort("tcp", 80)
c.Assert(err, jc.ErrorIsNil)
// Starting the firewaller, no open ports.
fw, err := firewaller.NewFirewaller(s.firewaller)
c.Assert(err, jc.ErrorIsNil)
defer statetesting.AssertKillAndWait(c, fw)
s.assertEnvironPorts(c, nil)
// Expose service.
err = svc.SetExposed()
c.Assert(err, jc.ErrorIsNil)
s.assertEnvironPorts(c, []network.PortRange{{80, 80, "tcp"}})
}
func (s *FirewallerSuite) TestStartWithPartialState(c *gc.C) {
m, err := s.State.AddMachine("quantal", state.JobHostUnits)
c.Assert(err, gc.IsNil)
inst := s.startInstance(c, m)
svc := s.AddTestingService(c, "wordpress", s.charm)
err = svc.SetExposed()
c.Assert(err, gc.IsNil)
// Starting the firewaller, no open ports.
fw, err := firewaller.NewFirewaller(s.firewaller)
c.Assert(err, gc.IsNil)
defer func() { c.Assert(fw.Stop(), gc.IsNil) }()
s.assertPorts(c, inst, m.Id(), nil)
// Complete steps to open port.
u, err := svc.AddUnit()
c.Assert(err, gc.IsNil)
err = u.AssignToMachine(m)
c.Assert(err, gc.IsNil)
err = u.OpenPort("tcp", 80)
c.Assert(err, gc.IsNil)
s.assertPorts(c, inst, m.Id(), []network.Port{{"tcp", 80}})
}
func (s *FirewallerGlobalModeSuite) TestGlobalModeStartWithUnexposedService(c *gc.C) {
m, err := s.State.AddMachine("quantal", state.JobHostUnits)
c.Assert(err, gc.IsNil)
s.startInstance(c, m)
svc := s.AddTestingService(c, "wordpress", s.charm)
u, err := svc.AddUnit()
c.Assert(err, gc.IsNil)
err = u.AssignToMachine(m)
c.Assert(err, gc.IsNil)
err = u.OpenPort("tcp", 80)
c.Assert(err, gc.IsNil)
// Starting the firewaller, no open ports.
fw, err := firewaller.NewFirewaller(s.firewaller)
c.Assert(err, gc.IsNil)
defer func() { c.Assert(fw.Stop(), gc.IsNil) }()
s.assertEnvironPorts(c, nil)
// Expose service.
err = svc.SetExposed()
c.Assert(err, gc.IsNil)
s.assertEnvironPorts(c, []network.Port{{"tcp", 80}})
}
func (s *FirewallerSuite) TestStartWithState(c *gc.C) {
svc := s.AddTestingService(c, "wordpress", s.charm)
err := svc.SetExposed()
c.Assert(err, gc.IsNil)
u, m := s.addUnit(c, svc)
inst := s.startInstance(c, m)
err = u.OpenPort("tcp", 80)
c.Assert(err, gc.IsNil)
err = u.OpenPort("tcp", 8080)
c.Assert(err, gc.IsNil)
// Nothing open without firewaller.
s.assertPorts(c, inst, m.Id(), nil)
// Starting the firewaller opens the ports.
fw, err := firewaller.NewFirewaller(s.firewaller)
c.Assert(err, gc.IsNil)
defer func() { c.Assert(fw.Stop(), gc.IsNil) }()
s.assertPorts(c, inst, m.Id(), []network.Port{{"tcp", 80}, {"tcp", 8080}})
err = svc.SetExposed()
c.Assert(err, gc.IsNil)
}
func (s *FirewallerSuite) TestRemoveUnit(c *gc.C) {
fw, err := firewaller.NewFirewaller(s.firewaller)
c.Assert(err, gc.IsNil)
defer func() { c.Assert(fw.Stop(), gc.IsNil) }()
svc := s.AddTestingService(c, "wordpress", s.charm)
err = svc.SetExposed()
c.Assert(err, gc.IsNil)
u1, m1 := s.addUnit(c, svc)
inst1 := s.startInstance(c, m1)
err = u1.OpenPort("tcp", 80)
c.Assert(err, gc.IsNil)
u2, m2 := s.addUnit(c, svc)
inst2 := s.startInstance(c, m2)
err = u2.OpenPort("tcp", 80)
c.Assert(err, gc.IsNil)
s.assertPorts(c, inst1, m1.Id(), []network.Port{{"tcp", 80}})
s.assertPorts(c, inst2, m2.Id(), []network.Port{{"tcp", 80}})
// Remove unit.
err = u1.EnsureDead()
c.Assert(err, gc.IsNil)
err = u1.Remove()
c.Assert(err, gc.IsNil)
s.assertPorts(c, inst1, m1.Id(), nil)
s.assertPorts(c, inst2, m2.Id(), []network.Port{{"tcp", 80}})
}
func (s *FirewallerSuite) TestRemoveService(c *gc.C) {
fw, err := firewaller.NewFirewaller(s.firewaller)
c.Assert(err, gc.IsNil)
defer func() { c.Assert(fw.Stop(), gc.IsNil) }()
svc := s.AddTestingService(c, "wordpress", s.charm)
err = svc.SetExposed()
c.Assert(err, gc.IsNil)
u, m := s.addUnit(c, svc)
inst := s.startInstance(c, m)
err = u.OpenPort("tcp", 80)
c.Assert(err, gc.IsNil)
s.assertPorts(c, inst, m.Id(), []network.Port{{"tcp", 80}})
// Remove service.
err = u.EnsureDead()
c.Assert(err, gc.IsNil)
err = u.Remove()
c.Assert(err, gc.IsNil)
err = svc.Destroy()
c.Assert(err, gc.IsNil)
s.assertPorts(c, inst, m.Id(), nil)
}
func (s *GlobalModeSuite) TestGlobalMode(c *gc.C) {
// Start firewaller and open ports.
fw, err := firewaller.NewFirewaller(s.firewaller)
c.Assert(err, jc.ErrorIsNil)
defer statetesting.AssertKillAndWait(c, fw)
svc1 := s.AddTestingService(c, "wordpress", s.charm)
err = svc1.SetExposed()
c.Assert(err, jc.ErrorIsNil)
u1, m1 := s.addUnit(c, svc1)
s.startInstance(c, m1)
err = u1.OpenPorts("tcp", 80, 90)
c.Assert(err, jc.ErrorIsNil)
err = u1.OpenPort("tcp", 8080)
c.Assert(err, jc.ErrorIsNil)
svc2 := s.AddTestingService(c, "moinmoin", s.charm)
c.Assert(err, jc.ErrorIsNil)
err = svc2.SetExposed()
c.Assert(err, jc.ErrorIsNil)
u2, m2 := s.addUnit(c, svc2)
s.startInstance(c, m2)
err = u2.OpenPorts("tcp", 80, 90)
c.Assert(err, jc.ErrorIsNil)
s.assertEnvironPorts(c, []network.PortRange{{80, 90, "tcp"}, {8080, 8080, "tcp"}})
// Closing a port opened by a different unit won't touch the environment.
err = u1.ClosePorts("tcp", 80, 90)
c.Assert(err, jc.ErrorIsNil)
s.assertEnvironPorts(c, []network.PortRange{{80, 90, "tcp"}, {8080, 8080, "tcp"}})
// Closing a port used just once changes the environment.
err = u1.ClosePort("tcp", 8080)
c.Assert(err, jc.ErrorIsNil)
s.assertEnvironPorts(c, []network.PortRange{{80, 90, "tcp"}})
// Closing the last port also modifies the environment.
err = u2.ClosePorts("tcp", 80, 90)
c.Assert(err, jc.ErrorIsNil)
s.assertEnvironPorts(c, nil)
}
func (s *FirewallerSuite) TestRemoveMultipleServices(c *gc.C) {
fw, err := firewaller.NewFirewaller(s.firewaller)
c.Assert(err, gc.IsNil)
defer func() { c.Assert(fw.Stop(), gc.IsNil) }()
svc1 := s.AddTestingService(c, "wordpress", s.charm)
err = svc1.SetExposed()
c.Assert(err, gc.IsNil)
u1, m1 := s.addUnit(c, svc1)
inst1 := s.startInstance(c, m1)
err = u1.OpenPort("tcp", 80)
c.Assert(err, gc.IsNil)
svc2 := s.AddTestingService(c, "mysql", s.charm)
err = svc2.SetExposed()
c.Assert(err, gc.IsNil)
u2, m2 := s.addUnit(c, svc2)
inst2 := s.startInstance(c, m2)
err = u2.OpenPort("tcp", 3306)
c.Assert(err, gc.IsNil)
s.assertPorts(c, inst1, m1.Id(), []network.PortRange{{80, 80, "tcp"}})
s.assertPorts(c, inst2, m2.Id(), []network.PortRange{{3306, 3306, "tcp"}})
// Remove services.
err = u2.EnsureDead()
c.Assert(err, gc.IsNil)
err = u2.Remove()
c.Assert(err, gc.IsNil)
err = svc2.Destroy()
c.Assert(err, gc.IsNil)
err = u1.EnsureDead()
c.Assert(err, gc.IsNil)
err = u1.Remove()
c.Assert(err, gc.IsNil)
err = svc1.Destroy()
c.Assert(err, gc.IsNil)
s.assertPorts(c, inst1, m1.Id(), nil)
s.assertPorts(c, inst2, m2.Id(), nil)
}
func (s *NoneModeSuite) TestStopImmediatelyWhenModeNone(c *gc.C) {
fw, err := firewaller.NewFirewaller(s.firewaller)
c.Assert(err, jc.ErrorIsNil)
defer func() {
fw.Kill()
fw.Wait()
}()
wait := make(chan error)
go func() {
wait <- fw.Wait()
}()
select {
case err := <-wait:
c.Assert(err, gc.ErrorMatches, `firewaller is disabled when firewall-mode is "none"`)
case <-time.After(coretesting.LongWait):
c.Fatalf("timed out")
}
}
func (s *FirewallerSuite) TestNotExposedService(c *gc.C) {
fw, err := firewaller.NewFirewaller(s.firewaller)
c.Assert(err, gc.IsNil)
defer func() { c.Assert(fw.Stop(), gc.IsNil) }()
svc := s.AddTestingService(c, "wordpress", s.charm)
u, m := s.addUnit(c, svc)
inst := s.startInstance(c, m)
err = u.OpenPort("tcp", 80)
c.Assert(err, gc.IsNil)
err = u.OpenPort("tcp", 8080)
c.Assert(err, gc.IsNil)
s.assertPorts(c, inst, m.Id(), nil)
err = u.ClosePort("tcp", 80)
c.Assert(err, gc.IsNil)
s.assertPorts(c, inst, m.Id(), nil)
}
func (s *InstanceModeSuite) TestNotExposedService(c *gc.C) {
fw, err := firewaller.NewFirewaller(s.firewaller)
c.Assert(err, jc.ErrorIsNil)
defer statetesting.AssertKillAndWait(c, fw)
svc := s.AddTestingService(c, "wordpress", s.charm)
u, m := s.addUnit(c, svc)
inst := s.startInstance(c, m)
err = u.OpenPort("tcp", 80)
c.Assert(err, jc.ErrorIsNil)
err = u.OpenPort("tcp", 8080)
c.Assert(err, jc.ErrorIsNil)
s.assertPorts(c, inst, m.Id(), nil)
err = u.ClosePort("tcp", 80)
c.Assert(err, jc.ErrorIsNil)
s.assertPorts(c, inst, m.Id(), nil)
}
func (s *InstanceModeSuite) TestMultipleExposedServices(c *gc.C) {
fw, err := firewaller.NewFirewaller(s.firewaller)
c.Assert(err, jc.ErrorIsNil)
defer statetesting.AssertKillAndWait(c, fw)
svc1 := s.AddTestingService(c, "wordpress", s.charm)
err = svc1.SetExposed()
c.Assert(err, jc.ErrorIsNil)
u1, m1 := s.addUnit(c, svc1)
inst1 := s.startInstance(c, m1)
err = u1.OpenPort("tcp", 80)
c.Assert(err, jc.ErrorIsNil)
err = u1.OpenPort("tcp", 8080)
c.Assert(err, jc.ErrorIsNil)
svc2 := s.AddTestingService(c, "mysql", s.charm)
c.Assert(err, jc.ErrorIsNil)
err = svc2.SetExposed()
c.Assert(err, jc.ErrorIsNil)
u2, m2 := s.addUnit(c, svc2)
inst2 := s.startInstance(c, m2)
err = u2.OpenPort("tcp", 3306)
c.Assert(err, jc.ErrorIsNil)
s.assertPorts(c, inst1, m1.Id(), []network.PortRange{{80, 80, "tcp"}, {8080, 8080, "tcp"}})
s.assertPorts(c, inst2, m2.Id(), []network.PortRange{{3306, 3306, "tcp"}})
err = u1.ClosePort("tcp", 80)
c.Assert(err, jc.ErrorIsNil)
err = u2.ClosePort("tcp", 3306)
c.Assert(err, jc.ErrorIsNil)
s.assertPorts(c, inst1, m1.Id(), []network.PortRange{{8080, 8080, "tcp"}})
s.assertPorts(c, inst2, m2.Id(), nil)
}
func (s *InstanceModeSuite) TestMachineWithoutInstanceId(c *gc.C) {
fw, err := firewaller.NewFirewaller(s.firewaller)
c.Assert(err, jc.ErrorIsNil)
defer statetesting.AssertKillAndWait(c, fw)
svc := s.AddTestingService(c, "wordpress", s.charm)
err = svc.SetExposed()
c.Assert(err, jc.ErrorIsNil)
// add a unit but don't start its instance yet.
u1, m1 := s.addUnit(c, svc)
// add another unit and start its instance, so that
// we're sure the firewaller has seen the first instance.
u2, m2 := s.addUnit(c, svc)
inst2 := s.startInstance(c, m2)
err = u2.OpenPort("tcp", 80)
c.Assert(err, jc.ErrorIsNil)
s.assertPorts(c, inst2, m2.Id(), []network.PortRange{{80, 80, "tcp"}})
inst1 := s.startInstance(c, m1)
err = u1.OpenPort("tcp", 8080)
c.Assert(err, jc.ErrorIsNil)
s.assertPorts(c, inst1, m1.Id(), []network.PortRange{{8080, 8080, "tcp"}})
}
func (s *FirewallerSuite) TestMachineWithoutInstanceId(c *gc.C) {
fw, err := firewaller.NewFirewaller(s.firewaller)
c.Assert(err, gc.IsNil)
defer func() { c.Assert(fw.Stop(), gc.IsNil) }()
svc := s.AddTestingService(c, "wordpress", s.charm)
err = svc.SetExposed()
c.Assert(err, gc.IsNil)
// add a unit but don't start its instance yet.
u1, m1 := s.addUnit(c, svc)
// add another unit and start its instance, so that
// we're sure the firewaller has seen the first instance.
u2, m2 := s.addUnit(c, svc)
inst2 := s.startInstance(c, m2)
err = u2.OpenPort("tcp", 80)
c.Assert(err, gc.IsNil)
s.assertPorts(c, inst2, m2.Id(), []network.Port{{"tcp", 80}})
inst1 := s.startInstance(c, m1)
err = u1.OpenPort("tcp", 8080)
c.Assert(err, gc.IsNil)
s.assertPorts(c, inst1, m1.Id(), []network.Port{{"tcp", 8080}})
}
func (s *NoneModeSuite) TestStopImmediately(c *gc.C) {
fw, err := firewaller.NewFirewaller(s.firewaller)
c.Assert(err, jc.ErrorIsNil)
err = workertest.CheckKilled(c, fw)
c.Check(err, jc.ErrorIsNil)
}
func (s *GlobalModeSuite) TestStartStop(c *gc.C) {
fw, err := firewaller.NewFirewaller(s.firewaller)
c.Assert(err, jc.ErrorIsNil)
statetesting.AssertKillAndWait(c, fw)
}
func (s *NoneModeSuite) TestDoesNotStartAtAll(c *gc.C) {
fw, err := firewaller.NewFirewaller(s.firewaller)
c.Assert(err, gc.ErrorMatches, `firewaller is disabled when firewall-mode is "none"`)
c.Assert(fw, gc.IsNil)
}
func (s *FirewallerSuite) TestStartStop(c *gc.C) {
fw, err := firewaller.NewFirewaller(s.firewaller)
c.Assert(err, gc.IsNil)
c.Assert(fw.Stop(), gc.IsNil)
}