/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.jclouds.cloudsigma2.functions;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Maps;
import com.google.gson.JsonArray;
import com.google.gson.JsonObject;
import com.google.inject.Guice;
import org.jclouds.cloudsigma2.domain.FirewallAction;
import org.jclouds.cloudsigma2.domain.FirewallDirection;
import org.jclouds.cloudsigma2.domain.FirewallIpProtocol;
import org.jclouds.cloudsigma2.domain.FirewallPolicy;
import org.jclouds.cloudsigma2.domain.FirewallRule;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;
import java.net.URI;
import java.util.Map;
/**
* @author Vladimir Shevchenko
*/
@Test(groups = "unit")
public class FirewallPolicyToJsonTest {
private static final FirewallPolicyToJson FIREWALL_POLICY_TO_JSON = Guice
.createInjector()
.getInstance(FirewallPolicyToJson.class);
private FirewallPolicy input;
private JsonObject expected;
@BeforeMethod
public void setUp() throws Exception {
Map<String, String> meta = Maps.newHashMap();
meta.put("description", "test firewall policy");
meta.put("test_key_1", "test_value_1");
meta.put("test_key_2", "test_value_2");
input = new FirewallPolicy.Builder()
.meta(meta)
.name("My awesome policy")
.resourceUri(new URI("/api/2.0/fwpolicies/cf8479b4-c98b-46c8-ab9c-108bb00c8218/"))
.rules(ImmutableList.of(
new FirewallRule.Builder()
.action(FirewallAction.DROP)
.comment("Drop traffic from the VM to IP address 23.0.0.0/32")
.direction(FirewallDirection.OUT)
.destinationIp("23.0.0.0/32")
.build()
, new FirewallRule.Builder()
.action(FirewallAction.ACCEPT)
.comment("Allow SSH traffic to the VM from our office in Dubai")
.direction(FirewallDirection.IN)
.destinationPort("22")
.ipProtocol(FirewallIpProtocol.TCP)
.sourceIp("172.66.32.0/24")
.build()
, new FirewallRule.Builder()
.action(FirewallAction.DROP)
.comment("Drop all other SSH traffic to the VM")
.direction(FirewallDirection.IN)
.destinationPort("22")
.ipProtocol(FirewallIpProtocol.TCP)
.build()
, new FirewallRule.Builder()
.action(FirewallAction.DROP)
.comment("Drop all UDP traffic to the VM, not originating from 172.66.32.55")
.direction(FirewallDirection.IN)
.ipProtocol(FirewallIpProtocol.UDP)
.sourceIp("!172.66.32.55/32")
.build()
, new FirewallRule.Builder()
.action(FirewallAction.DROP)
.comment("Drop any traffic, to the VM with destination port not between 1-1024")
.direction(FirewallDirection.IN)
.destinationPort("!1:1024")
.ipProtocol(FirewallIpProtocol.TCP)
.build()
))
.build();
expected = new JsonObject();
expected.addProperty("name", "My awesome policy");
JsonObject metaObject = new JsonObject();
metaObject.addProperty("description", "test firewall policy");
metaObject.addProperty("test_key_1", "test_value_1");
metaObject.addProperty("test_key_2", "test_value_2");
expected.add("meta", metaObject);
JsonObject rule1Object = new JsonObject();
rule1Object.addProperty("action", "drop");
rule1Object.addProperty("comment", "Drop traffic from the VM to IP address 23.0.0.0/32");
rule1Object.addProperty("direction", "out");
rule1Object.addProperty("dst_ip", "23.0.0.0/32");
JsonObject rule2Object = new JsonObject();
rule2Object.addProperty("action", "accept");
rule2Object.addProperty("comment", "Allow SSH traffic to the VM from our office in Dubai");
rule2Object.addProperty("direction", "in");
rule2Object.addProperty("dst_port", "22");
rule2Object.addProperty("ip_proto", "tcp");
rule2Object.addProperty("src_ip", "172.66.32.0/24");
JsonObject rule3Object = new JsonObject();
rule3Object.addProperty("action", "drop");
rule3Object.addProperty("comment", "Drop all other SSH traffic to the VM");
rule3Object.addProperty("direction", "in");
rule3Object.addProperty("dst_port", "22");
rule3Object.addProperty("ip_proto", "tcp");
JsonObject rule4Object = new JsonObject();
rule4Object.addProperty("action", "drop");
rule4Object.addProperty("comment", "Drop all UDP traffic to the VM, not originating from 172.66.32.55");
rule4Object.addProperty("direction", "in");
rule4Object.addProperty("ip_proto", "udp");
rule4Object.addProperty("src_ip", "!172.66.32.55/32");
JsonObject rule5Object = new JsonObject();
rule5Object.addProperty("action", "drop");
rule5Object.addProperty("comment", "Drop any traffic, to the VM with destination port not between 1-1024");
rule5Object.addProperty("direction", "in");
rule5Object.addProperty("dst_port", "!1:1024");
rule5Object.addProperty("ip_proto", "tcp");
JsonArray rulesArray = new JsonArray();
rulesArray.add(rule1Object);
rulesArray.add(rule2Object);
rulesArray.add(rule3Object);
rulesArray.add(rule4Object);
rulesArray.add(rule5Object);
expected.add("rules", rulesArray);
}
public void test() {
Assert.assertEquals(FIREWALL_POLICY_TO_JSON.apply(input), expected);
}
}