dumplingmiku/ubicloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
pykello/resolve-slice
ubicloud/spec/routes/api/project/location/firewall_spec.rb
Jeremy Evans 215f09541a Make access_tag only for project <-> accounts join table 
For the includers of HyperTagMethods, this changes the authorization
code and object_tag member validation code to look at the project_id
column for the object, instead of looking a row with the project and
object in the access_tag table.

This removes all calls to associate_with_project, other than
those for Account.  It removes the projects association for
the includers of HyperTagMethods, and adds a project association to
the models that didn't already have one, since there is only a single
project for each object now.

Most HyperTagMethods code is inlined into Account, since it is only
user of the code now.  Temporarily, other models will still include
HyperTagMethods for the before_destroy hook, but eventually it will
go away completely.

The associations in Projects that previous used access_tag as a join
table, are changed from many_to_many to one_to_many, except for
Account (which still uses the join table).

Project#has_resources now needs separate queries for all of the
resource classes to see if there any associated objects.

This causes a lot of fallout in the specs, but unfortunately that is
unavoidable due the extensive use of projects.first in the specs to
get the related project for the objects, as well as the extensive
use of associate_with_project.
2025-01-17 08:32:46 -08:00

165 lines
5.7 KiB
Ruby
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# frozen_string_literal: true
require_relative "../../spec_helper"
RSpec.describe Clover, "firewall" do
let(:user) { create_account }
let(:project) { project_with_default_policy(user) }
let(:firewall) { Firewall.create_with_id(name: "default-firewall", location: "hetzner-fsn1", project_id: project.id) }
describe "unauthenticated" do
it "not delete" do
delete "/project/#{project.ubid}/location/#{TEST_LOCATION}/firewall/#{firewall.name}"
expect(last_response).to have_api_error(401, "Please login to continue")
end
it "not get" do
get "/project/#{project.ubid}/location/#{TEST_LOCATION}/firewall/#{firewall.name}"
expect(last_response).to have_api_error(401, "Please login to continue")
end
it "not associate" do
get "/project/#{project.ubid}/location/#{TEST_LOCATION}/firewall/#{firewall.name}/attach-subnet"
expect(last_response).to have_api_error(401, "Please login to continue")
end
it "not dissociate" do
get "/project/#{project.ubid}/location/#{TEST_LOCATION}/firewall/#{firewall.name}/detach-subnet"
expect(last_response).to have_api_error(401, "Please login to continue")
end
end
describe "authenticated" do
before do
login_api(user.email)
end
it "success get all location firewalls" do
Firewall.create_with_id(name: "#{firewall.name}-2", location: "hetzner-fsn1", project_id: project.id)
get "/project/#{project.ubid}/location/#{TEST_LOCATION}/firewall"
expect(last_response.status).to eq(200)
expect(JSON.parse(last_response.body)["items"].length).to eq(2)
end
it "success get firewall" do
get "/project/#{project.ubid}/location/#{TEST_LOCATION}/firewall/#{firewall.name}"
expect(last_response.status).to eq(200)
end
it "get does not exist for invalid name" do
get "/project/#{project.ubid}/location/#{TEST_LOCATION}/firewall/foo_name"
expect(last_response).to have_api_error(404, "Sorry, we couldnt find the resource youre looking for.")
end
it "get does not exist for valid name" do
get "/project/#{project.ubid}/location/#{TEST_LOCATION}/firewall/fooname"
expect(last_response).to have_api_error(404, "Sorry, we couldnt find the resource youre looking for.")
end
it "success post" do
post "/project/#{project.ubid}/location/#{TEST_LOCATION}/firewall/foo-name", {
description: "Firewall description"
}.to_json
expect(last_response.status).to eq(200)
end
it "failure post" do
post "/project/#{project.ubid}/location/#{TEST_LOCATION}/firewall/FooName", {
description: "Firewall description"
}.to_json
expect(last_response).to have_api_error(400, "Validation failed for following fields: name")
end
it "success delete" do
delete "/project/#{project.ubid}/location/#{TEST_LOCATION}/firewall/_#{firewall.ubid}"
expect(last_response.status).to eq(204)
end
it "delete not exist for valid ubid format" do
delete "/project/#{project.ubid}/location/#{TEST_LOCATION}/firewall/_#{"0" * 26}"
expect(last_response.status).to eq(204)
end
it "delete not exist for invalid ubid format" do
delete "/project/#{project.ubid}/location/#{TEST_LOCATION}/firewall/_foo_ubid"
expect(last_response.status).to eq(204)
end
it "attach to subnet" do
ps = Prog::Vnet::SubnetNexus.assemble(project.id, name: "test-ps", location: "hetzner-fsn1").subject
expect(PrivateSubnet).to receive(:from_ubid).and_return(ps)
expect(ps).to receive(:incr_update_firewall_rules)
post "/project/#{project.ubid}/location/#{TEST_LOCATION}/firewall/_#{firewall.ubid}/attach-subnet", {
private_subnet_id: ps.ubid
}.to_json
expect(firewall.private_subnets.count).to eq(1)
expect(firewall.private_subnets.first.id).to eq(ps.id)
expect(last_response.status).to eq(200)
end
it "attach to subnet not exist" do
post "/project/#{project.ubid}/location/#{TEST_LOCATION}/firewall/_#{firewall.ubid}/attach-subnet", {
private_subnet_id: "fooubid"
}.to_json
expect(last_response).to have_api_error(400, "Validation failed for following fields: private_subnet_id")
end
it "detach from subnet" do
ps = Prog::Vnet::SubnetNexus.assemble(project.id, name: "test-ps", location: "hetzner-fsn1").subject
expect(PrivateSubnet).to receive(:from_ubid).and_return(ps)
expect(ps).to receive(:incr_update_firewall_rules)
post "/project/#{project.ubid}/location/#{TEST_LOCATION}/firewall/_#{firewall.ubid}/detach-subnet", {
private_subnet_id: ps.ubid
}.to_json
expect(last_response.status).to eq(200)
end
it "detach from subnet not exist" do
post "/project/#{project.ubid}/location/#{TEST_LOCATION}/firewall/_#{firewall.ubid}/detach-subnet", {
private_subnet_id: "fooubid"
}.to_json
expect(last_response).to have_api_error(400, "Validation failed for following fields: private_subnet_id")
end
it "attach and detach" do
ps = Prog::Vnet::SubnetNexus.assemble(project.id, name: "test-ps", location: "hetzner-fsn1").subject
expect(PrivateSubnet).to receive(:from_ubid).and_return(ps).twice
expect(ps).to receive(:incr_update_firewall_rules).twice
post "/project/#{project.ubid}/location/#{TEST_LOCATION}/firewall/_#{firewall.ubid}/attach-subnet", {
private_subnet_id: ps.ubid
}.to_json
expect(firewall.private_subnets.count).to eq(1)
post "/project/#{project.ubid}/location/#{TEST_LOCATION}/firewall/_#{firewall.ubid}/detach-subnet", {
private_subnet_id: ps.ubid
}.to_json
expect(firewall.reload.private_subnets.count).to eq(0)
end
end
end
Reference in New Issue View Git Blame Copy Permalink