Пример #1
0
// ClosePorts sends a request to the GCE API to close the provided port
// ranges on the named firewall. If the firewall does not exist nothing
// happens. If the firewall is left with no ports then it is removed.
// Otherwise it will be left with just the open ports it has that do not
// match the provided port ranges. The call blocks until the ports are
// closed or the request fails.
func (gce Connection) ClosePorts(fwname string, ports ...network.PortRange) error {
	// Compose the full set of open ports.
	currentPorts, err := gce.Ports(fwname)
	if err != nil {
		return errors.Trace(err)
	}
	inputPortsSet := network.NewPortSet(ports...)
	if inputPortsSet.IsEmpty() {
		return nil
	}
	currentPortsSet := network.NewPortSet(currentPorts...)
	newPortsSet := currentPortsSet.Difference(inputPortsSet)

	// Send the request, depending on the current ports.
	if newPortsSet.IsEmpty() {
		// Delete a firewall.
		// TODO(ericsnow) Handle case where firewall does not exist.
		if err := gce.raw.RemoveFirewall(gce.projectID, fwname); err != nil {
			return errors.Annotatef(err, "closing port(s) %+v", ports)
		}
		return nil
	}

	// Update an existing firewall.
	firewall := firewallSpec(fwname, newPortsSet)
	if err := gce.raw.UpdateFirewall(gce.projectID, fwname, firewall); err != nil {
		return errors.Annotatef(err, "closing port(s) %+v", ports)
	}
	return nil
}
Пример #2
0
// OpenPorts sends a request to the GCE API to open the provided port
// ranges on the named firewall. If the firewall does not exist yet it
// is created, with the provided port ranges opened. Otherwise the
// existing firewall is updated to add the provided port ranges to the
// ports it already has open. The call blocks until the ports are
// opened or the request fails.
func (gce Connection) OpenPorts(fwname string, ports ...network.PortRange) error {
	// TODO(ericsnow) Short-circuit if ports is empty.

	// Compose the full set of open ports.
	currentPorts, err := gce.Ports(fwname)
	if err != nil {
		return errors.Trace(err)
	}
	inputPortsSet := network.NewPortSet(ports...)
	if inputPortsSet.IsEmpty() {
		return nil
	}
	currentPortsSet := network.NewPortSet(currentPorts...)

	// Send the request, depending on the current ports.
	if currentPortsSet.IsEmpty() {
		// Create a new firewall.
		firewall := firewallSpec(fwname, inputPortsSet)
		if err := gce.raw.AddFirewall(gce.projectID, firewall); err != nil {
			return errors.Annotatef(err, "opening port(s) %+v", ports)
		}
		return nil
	}

	// Update an existing firewall.
	newPortsSet := currentPortsSet.Union(inputPortsSet)
	firewall := firewallSpec(fwname, newPortsSet)
	if err := gce.raw.UpdateFirewall(gce.projectID, fwname, firewall); err != nil {
		return errors.Annotatef(err, "opening port(s) %+v", ports)
	}
	return nil
}
Пример #3
0
func (s *PortSetSuite) TestPortSetUnion(c *gc.C) {
	portSet1 := network.NewPortSet(s.portRange2)
	portSet2 := network.NewPortSet(s.portRange3)
	result := portSet1.Union(portSet2)

	s.checkPortSetTCP(c, result, 79, 80, 81)
}
Пример #4
0
func (s *PortSetSuite) TestPortSetIntersection(c *gc.C) {
	s.portRange2.ToPort = 83
	portSet1 := network.NewPortSet(s.portRange2)
	portSet2 := network.NewPortSet(s.portRange3)
	result := portSet1.Intersection(portSet2)

	s.checkPortSetTCP(c, result, 80, 81)
}
Пример #5
0
func (s *PortSetSuite) TestPortSetDifference(c *gc.C) {
	s.portRange2.ToPort = 83
	portSet1 := network.NewPortSet(s.portRange2)
	portSet2 := network.NewPortSet(s.portRange3)
	result := portSet1.Difference(portSet2)

	s.checkPortSetTCP(c, result, 82, 83)
}
Пример #6
0
func (s *PortSetSuite) TestPortSetIntersectionEmpty(c *gc.C) {
	portSet1 := network.NewPortSet(s.portRange1)
	portSet2 := network.NewPortSet(s.portRange2)
	result := portSet1.Intersection(portSet2)
	isEmpty := result.IsEmpty()

	c.Check(isEmpty, jc.IsTrue)
}
Пример #7
0
func (s *PortSetSuite) TestPortSetDifferenceEmpty(c *gc.C) {
	portSet1 := network.NewPortSet(s.portRange2)
	result := portSet1.Difference(portSet1)
	isEmpty := result.IsEmpty()

	c.Check(isEmpty, jc.IsTrue)
}
Пример #8
0
func (s *PortSetSuite) TestPortSetAdd(c *gc.C) {
	portSet := network.NewPortSet(s.portRange2)
	c.Check(portSet.IsEmpty(), jc.IsFalse)
	portSet.Add("tcp", 81)

	s.checkPortSetTCP(c, portSet, 80, 81)
}
Пример #9
0
func (s *networkSuite) TestFirewallSpec(c *gc.C) {
	ports := network.NewPortSet(
		network.MustParsePortRange("80-81/tcp"),
		network.MustParsePortRange("8888/tcp"),
		network.MustParsePortRange("1234/udp"),
	)
	fw := google.FirewallSpec("spam", ports)

	allowed := []*compute.FirewallAllowed{{
		IPProtocol: "tcp",
		Ports:      []string{"80", "81", "8888"},
	}, {
		IPProtocol: "udp",
		Ports:      []string{"1234"},
	}}
	sort.Sort(ByIPProtocol(fw.Allowed))
	for i := range fw.Allowed {
		sort.Strings(fw.Allowed[i].Ports)
	}
	c.Check(fw, jc.DeepEquals, &compute.Firewall{
		Name:         "spam",
		TargetTags:   []string{"spam"},
		SourceRanges: []string{"0.0.0.0/0"},
		Allowed:      allowed,
	})
}
Пример #10
0
func (s *PortSetSuite) TestPortSetAddRanges(c *gc.C) {
	s.portRange2.ToPort = 83
	portSet := network.NewPortSet(s.portRange2)
	c.Check(portSet.IsEmpty(), jc.IsFalse)
	portSet.AddRanges(s.portRange3)

	s.checkPortSetTCP(c, portSet, s.getPorts(79, 83)...)
}
Пример #11
0
func (s *PortSetSuite) TestPortSetRemoveRanges(c *gc.C) {
	portSet := network.NewPortSet(s.portRange1)
	portSet.RemoveRanges(
		s.portRange2,
		network.PortRange{7000, 8049, "tcp"},
		network.PortRange{8051, 8074, "tcp"},
		network.PortRange{8080, 9000, "tcp"},
	)

	s.checkPortSetTCP(c, portSet, 8050, 8075, 8076, 8077, 8078, 8079)
}
Пример #12
0
func (s *PortSetSuite) TestPortSetContainsNotFound(c *gc.C) {
	portSet := network.NewPortSet(s.portRange2)
	isfound := portSet.Contains("tcp", 81)

	c.Assert(isfound, jc.IsFalse)
}
Пример #13
0
func (s *PortSetSuite) TestPortSetSize(c *gc.C) {
	portSet := network.NewPortSet(s.portRange1)
	c.Assert(portSet.Size(), gc.Equals, 100)
}
Пример #14
0
func (s *PortSetSuite) TestPortSetIsEmpty(c *gc.C) {
	portSet := network.NewPortSet()
	c.Assert(portSet.IsEmpty(), jc.IsTrue)
}
Пример #15
0
func (s *PortSetSuite) TestNewPortSet(c *gc.C) {
	portSet := network.NewPortSet(s.portRange1)
	c.Assert(portSet.IsEmpty(), jc.IsFalse)

	s.checkPortSetTCP(c, portSet, s.getPorts(8000, 8099)...)
}
Пример #16
0
func (s *PortSetSuite) TestPortSetPortStrings(c *gc.C) {
	portSet := network.NewPortSet(s.portRange3)
	ports := portSet.PortStrings("tcp")

	c.Check(ports, jc.SameContents, []string{"79", "80", "81"})
}
Пример #17
0
func (s *PortSetSuite) TestPortSetPortNumbers(c *gc.C) {
	portSet := network.NewPortSet(s.portRange3)
	ports := portSet.PortNumbers("tcp")

	c.Check(ports, jc.SameContents, []int{79, 80, 81})
}
Пример #18
0
func (s *PortSetSuite) TestPortSetPorts(c *gc.C) {
	portSet := network.NewPortSet(s.portRange3)
	ports := portSet.Ports()

	s.checkPorts(c, ports, "tcp", 79, 80, 81)
}
Пример #19
0
func (s *PortSetSuite) TestPortSetProtocols(c *gc.C) {
	portSet := network.NewPortSet(s.portRange2, s.portRange4)
	protocols := portSet.Protocols()

	c.Check(protocols, jc.SameContents, []string{"tcp", "udp"})
}
Пример #20
0
func (s *PortSetSuite) TestPortSetContainsRangesOverlapping(c *gc.C) {
	portSet := network.NewPortSet(s.portRange1)
	isfound := portSet.ContainsRanges(network.PortRange{7000, 8049, "tcp"})

	c.Assert(isfound, jc.IsFalse)
}
Пример #21
0
func (s *PortSetSuite) TestPortSetContainsRangesSingleNoMatch(c *gc.C) {
	portSet := network.NewPortSet(s.portRange1)
	isfound := portSet.ContainsRanges(s.portRange2)

	c.Assert(isfound, jc.IsFalse)
}
Пример #22
0
func (s *PortSetSuite) TestPortSetContainsRangesSingleMatch(c *gc.C) {
	portSet := network.NewPortSet(s.portRange1)
	isfound := portSet.ContainsRanges(network.PortRange{8080, 8080, "tcp"})

	c.Assert(isfound, jc.IsTrue)
}
Пример #23
0
func (s *PortSetSuite) TestPortSetIsNotEmpty(c *gc.C) {
	portSet := network.NewPortSet(s.portRange2)
	c.Assert(portSet.IsEmpty(), jc.IsFalse)
}
Пример #24
0
func (s *PortSetSuite) TestPortSetRemove(c *gc.C) {
	portSet := network.NewPortSet(s.portRange2)
	portSet.Remove("tcp", 80)

	c.Assert(portSet.Ports(), gc.HasLen, 0)
}