func TestRequiredCreateOpts(t *testing.T) { res := rules.Create(fake.ServiceClient(), rules.CreateOpts{Direction: rules.DirIngress}) if res.Err == nil { t.Fatalf("Expected error, got none") } res = rules.Create(fake.ServiceClient(), rules.CreateOpts{Direction: rules.DirIngress, EtherType: rules.EtherType4}) if res.Err == nil { t.Fatalf("Expected error, got none") } res = rules.Create(fake.ServiceClient(), rules.CreateOpts{Direction: rules.DirIngress, EtherType: rules.EtherType4}) if res.Err == nil { t.Fatalf("Expected error, got none") } res = rules.Create(fake.ServiceClient(), rules.CreateOpts{Direction: rules.DirIngress, EtherType: rules.EtherType4, SecGroupID: "something", Protocol: "foo"}) if res.Err == nil { t.Fatalf("Expected error, got none") } }
func TestCreate(t *testing.T) { th.SetupHTTP() defer th.TeardownHTTP() th.Mux.HandleFunc("/v2.0/security-group-rules", func(w http.ResponseWriter, r *http.Request) { th.TestMethod(t, r, "POST") th.TestHeader(t, r, "X-Auth-Token", fake.TokenID) th.TestHeader(t, r, "Content-Type", "application/json") th.TestHeader(t, r, "Accept", "application/json") th.TestJSONRequest(t, r, ` { "security_group_rule": { "direction": "ingress", "port_range_min": 80, "ethertype": "IPv4", "port_range_max": 80, "protocol": "tcp", "remote_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5", "security_group_id": "a7734e61-b545-452d-a3cd-0189cbd9747a" } } `) w.Header().Add("Content-Type", "application/json") w.WriteHeader(http.StatusCreated) fmt.Fprintf(w, ` { "security_group_rule": { "direction": "ingress", "ethertype": "IPv4", "id": "2bc0accf-312e-429a-956e-e4407625eb62", "port_range_max": 80, "port_range_min": 80, "protocol": "tcp", "remote_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5", "remote_ip_prefix": null, "security_group_id": "a7734e61-b545-452d-a3cd-0189cbd9747a", "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550" } } `) }) opts := rules.CreateOpts{ Direction: "ingress", PortRangeMin: 80, EtherType: rules.EtherType4, PortRangeMax: 80, Protocol: "tcp", RemoteGroupID: "85cc3048-abc3-43cc-89b3-377341426ac5", SecGroupID: "a7734e61-b545-452d-a3cd-0189cbd9747a", } _, err := rules.Create(fake.ServiceClient(), opts).Extract() th.AssertNoErr(t, err) }
func resourceNetworkingSecGroupRuleV2Create(d *schema.ResourceData, meta interface{}) error { config := meta.(*Config) networkingClient, err := config.networkingV2Client(d.Get("region").(string)) if err != nil { return fmt.Errorf("Error creating OpenStack networking client: %s", err) } portRangeMin := d.Get("port_range_min").(int) portRangeMax := d.Get("port_range_max").(int) protocol := d.Get("protocol").(string) if protocol == "" { if portRangeMin != 0 || portRangeMax != 0 { return fmt.Errorf("A protocol must be specified when using port_range_min and port_range_max") } } opts := rules.CreateOpts{ SecGroupID: d.Get("security_group_id").(string), PortRangeMin: d.Get("port_range_min").(int), PortRangeMax: d.Get("port_range_max").(int), RemoteGroupID: d.Get("remote_group_id").(string), RemoteIPPrefix: d.Get("remote_ip_prefix").(string), TenantID: d.Get("tenant_id").(string), } if v, ok := d.GetOk("direction"); ok { direction := resourceNetworkingSecGroupRuleV2DetermineDirection(v.(string)) opts.Direction = direction } if v, ok := d.GetOk("ethertype"); ok { ethertype := resourceNetworkingSecGroupRuleV2DetermineEtherType(v.(string)) opts.EtherType = ethertype } if v, ok := d.GetOk("protocol"); ok { protocol := resourceNetworkingSecGroupRuleV2DetermineProtocol(v.(string)) opts.Protocol = protocol } log.Printf("[DEBUG] Create OpenStack Neutron security group: %#v", opts) security_group_rule, err := rules.Create(networkingClient, opts).Extract() if err != nil { return err } log.Printf("[DEBUG] OpenStack Neutron Security Group Rule created: %#v", security_group_rule) d.SetId(security_group_rule.ID) return resourceNetworkingSecGroupRuleV2Read(d, meta) }
// CreateSecurityGroupRule will create a security group rule with a random name // and random port between 80 and 99. // An error will be returned if one was failed to be created. func CreateSecurityGroupRule(t *testing.T, client *gophercloud.ServiceClient, secGroupID string) (*rules.SecGroupRule, error) { t.Logf("Attempting to create security group rule in group: %s", secGroupID) fromPort := tools.RandomInt(80, 89) toPort := tools.RandomInt(90, 99) createOpts := rules.CreateOpts{ Direction: "ingress", EtherType: "IPv4", SecGroupID: secGroupID, PortRangeMin: fromPort, PortRangeMax: toPort, Protocol: rules.ProtocolTCP, } rule, err := rules.Create(client, createOpts).Extract() if err != nil { return rule, err } t.Logf("Created security group rule: %s", rule.ID) return rule, nil }
func (os *OpenStack) ensureSecurityGroup(tenantID string) (string, error) { var securitygroup *groups.SecGroup opts := groups.ListOpts{ TenantID: tenantID, Name: securitygroupName, } pager := groups.List(os.network, opts) err := pager.EachPage(func(page pagination.Page) (bool, error) { sg, err := groups.ExtractGroups(page) if err != nil { glog.Errorf("Get openstack securitygroups error: %v", err) return false, err } if len(sg) > 0 { securitygroup = &sg[0] } return true, err }) if err != nil { return "", err } // If securitygroup doesn't exist, create a new one if securitygroup == nil { securitygroup, err = groups.Create(os.network, groups.CreateOpts{ Name: securitygroupName, TenantID: tenantID, }).Extract() if err != nil { return "", err } } var secGroupsRules int listopts := rules.ListOpts{ TenantID: tenantID, Direction: string(rules.DirIngress), SecGroupID: securitygroup.ID, } rulesPager := rules.List(os.network, listopts) err = rulesPager.EachPage(func(page pagination.Page) (bool, error) { r, err := rules.ExtractRules(page) if err != nil { glog.Errorf("Get openstack securitygroup rules error: %v", err) return false, err } secGroupsRules = len(r) return true, err }) if err != nil { return "", err } // create new rules if secGroupsRules == 0 { // create egress rule _, err = rules.Create(os.network, rules.CreateOpts{ TenantID: tenantID, SecGroupID: securitygroup.ID, Direction: rules.DirEgress, EtherType: rules.EtherType4, }).Extract() // create ingress rule _, err := rules.Create(os.network, rules.CreateOpts{ TenantID: tenantID, SecGroupID: securitygroup.ID, Direction: rules.DirIngress, EtherType: rules.EtherType4, }).Extract() if err != nil { return "", err } } return securitygroup.ID, nil }