dumplingmiku/ubicloud
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ubicloud/spec/model/firewall_spec.rb
Jeremy Evans 1227c7e377 Set project_id columns when creating objects for 6 models 
For the following 6 models:

* ApiKey
* Firewall
* LoadBalancer
* MinioCluster
* PrivateSubnet
* Vm

Set the project_id when creating the object.  Continue to use
associate_with_project to update access_tag, and have
associate_with_project check that project_id is already set
correctly.  This is a temporary state until all project_id
columns have been correctly populated.

Unfortunately, this causes a large amount of fallout in the tests.
This adds the necessary project_id keyword arguments, so that a
future commit can just drop most of the associate_with_project
calls.
2025-01-14 11:56:06 -08:00

91 lines
4 KiB
Ruby
Raw Permalink Blame History

# frozen_string_literal: true
require_relative "spec_helper"
RSpec.describe Firewall do
describe "Firewall" do
let(:fw) {
described_class.create_with_id(name: "test-fw", description: "test fw desc", location: "hetzner-fsn1")
}
it "inserts firewall rules" do
fw.insert_firewall_rule("10.0.0.16/28", Sequel.pg_range(80..5432))
expect(fw.firewall_rules.count).to eq(1)
expect(fw.firewall_rules.first.cidr.to_s).to eq("10.0.0.16/28")
pr = fw.firewall_rules.first.port_range
expect(pr.begin).to eq(80)
expect(pr.end).to eq(5433)
end
it "increments VMs update_firewall_rules if there is a VM" do
private_subnet = instance_double(PrivateSubnet)
expect(fw).to receive(:private_subnets).and_return([private_subnet])
expect(private_subnet).to receive(:incr_update_firewall_rules)
fw.insert_firewall_rule("0.0.0.0/0", nil)
end
it "bulk sets firewall rules" do
fw.insert_firewall_rule("10.0.0.16/28", Sequel.pg_range(80..5432))
fw.insert_firewall_rule("0.0.0.0/32", Sequel.pg_range(5432..5432))
fw.replace_firewall_rules([{cidr: "0.0.0.0/32", port_range: Sequel.pg_range(5432..5432)}])
expect(fw.reload.firewall_rules.count).to eq(1)
expect(fw.reload.firewall_rules.first.cidr.to_s).to eq("0.0.0.0/32")
end
it "associates with a private subnet" do
ps = PrivateSubnet.create_with_id(name: "test-ps", location: "hetzner-fsn1", net6: "2001:db8::/64", net4: "10.0.0.0/24")
expect(ps).to receive(:incr_update_firewall_rules)
fw.associate_with_private_subnet(ps)
expect(fw.private_subnets.count).to eq(1)
expect(fw.private_subnets.first.id).to eq(ps.id)
end
it "disassociates from a private subnet" do
ps = PrivateSubnet.create_with_id(name: "test-ps", location: "hetzner-fsn1", net6: "2001:db8::/64", net4: "10.0.0.0/24")
fw.associate_with_private_subnet(ps, apply_firewalls: false)
expect(fw.private_subnets.count).to eq(1)
expect(ps).to receive(:incr_update_firewall_rules)
fw.disassociate_from_private_subnet(ps)
expect(fw.reload.private_subnets.count).to eq(0)
expect(FirewallsPrivateSubnets.where(firewall_id: fw.id).count).to eq(0)
end
it "disassociates from a private subnet without applying firewalls" do
ps = PrivateSubnet.create_with_id(name: "test-ps", location: "hetzner-fsn1", net6: "2001:db8::/64", net4: "10.0.0.0/24")
fw.associate_with_private_subnet(ps, apply_firewalls: false)
expect(fw.private_subnets.count).to eq(1)
expect(ps).not_to receive(:incr_update_firewall_rules)
fw.disassociate_from_private_subnet(ps, apply_firewalls: false)
expect(fw.reload.private_subnets.count).to eq(0)
expect(FirewallsPrivateSubnets.where(firewall_id: fw.id).count).to eq(0)
end
it "destroys firewall" do
ps = PrivateSubnet.create_with_id(name: "test-ps", location: "hetzner-fsn1", net6: "2001:db8::/64", net4: "10.0.0.0/24")
fw.associate_with_private_subnet(ps, apply_firewalls: false)
expect(fw.reload.private_subnets.count).to eq(1)
expect(fw.private_subnets).to receive(:each).and_return([ps])
expect(FirewallsPrivateSubnets.where(firewall_id: fw.id).count).to eq(1)
fw.destroy
expect(FirewallsPrivateSubnets.where(firewall_id: fw.id).count).to eq(0)
expect(described_class[fw.id]).to be_nil
end
it "removes referencing access control entries and object tag memberships" do
account = Account.create_with_id(email: "test@example.com")
project = account.create_project_with_default_policy("project-1", default_policy: false)
tag = ObjectTag.create_with_id(project_id: project.id, name: "t")
tag.add_member(fw.id)
fw.update(project_id: project.id)
fw.associate_with_project(project)
ace = AccessControlEntry.create_with_id(project_id: project.id, subject_id: account.id, object_id: fw.id)
fw.destroy
expect(tag.member_ids).to be_empty
expect(ace).not_to be_exists
end
end
end
Reference in a new issue View git blame Copy permalink