Merge remote-tracking branch 'laszlo/CLOUDSTACK-8279'

This closes #90 Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2025-11-04 00:02:37 +01:00 · 2015-03-02 16:35:27 +05:30 · 2015-03-02 16:35:27 +05:30 · 541c23ed07
commit 541c23ed07
parent 62e179b16d df11bb2811
2 changed files with 124 additions and 92 deletions
--- a/core/src/com/cloud/agent/api/routing/SetFirewallRulesCommand.java
+++ b/core/src/com/cloud/agent/api/routing/SetFirewallRulesCommand.java
@ -53,7 +53,7 @@ public class SetFirewallRulesCommand extends NetworkElementCommand {
             *  each entry format      <ip>:protocol:srcport:destport:scidr:
             *  reverted entry format  <ip>:reverted:0:0:0:
             */
-            if (fwTO.revoked() == true) {
+            if (fwTO.revoked()) {
                StringBuilder sb = new StringBuilder();
                /* This entry is added just to make sure atleast there will one entry in the list to get the ipaddress */
                sb.append(fwTO.getSrcIp()).append(":reverted:0:0:0:");
@ -77,7 +77,7 @@ public class SetFirewallRulesCommand extends NetworkElementCommand {
            if (cidr == null || cidr.isEmpty()) {
                sb.append("0.0.0.0/0");
            } else {
-                Boolean firstEntry = true;
+                boolean firstEntry = true;
                for (String tag : cidr) {
                    if (!firstEntry)
                        sb.append("-");
--- a/core/test/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResourceTest.java
+++ b/core/test/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResourceTest.java
@ -24,6 +24,8 @@ import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;

 import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
 import java.util.HashMap;
 import java.util.LinkedList;
 import java.util.List;
@ -80,6 +82,9 @@ import com.cloud.network.vpc.NetworkACLItem.TrafficType;
 import com.cloud.network.vpc.VpcGateway;
 import com.cloud.utils.ExecutionResult;
 import com.cloud.utils.net.NetUtils;
+import com.google.common.base.Function;
+import com.google.common.base.Predicate;
+import com.google.common.collect.Collections2;

@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(loader = AnnotationConfigContextLoader.class)
@ -669,7 +674,13 @@ public class VirtualRoutingResourceTest implements VirtualRouterDeployer {

    private void verifyArgs(SetFirewallRulesCommand cmd, String script, String args) {
        assertEquals(script, VRScripts.FIREWALL_INGRESS);
-        assertEquals(args, " -F -a 64.10.10.10:ICMP:0:0:10.10.1.1/24-10.10.1.2/24:,64.10.10.10:TCP:22:80:10.10.1.1/24-10.10.1.2/24:,64.10.10.10:reverted:0:0:0:,");
+
+        //Since the arguments are generated with a Set
+        //one can not make a bet on the order
+        assertTrue(args.startsWith(" -F -a "));
+        assertTrue(args.contains("64.10.10.10:ICMP:0:0:10.10.1.1/24-10.10.1.2/24:"));
+        assertTrue(args.contains("64.10.10.10:reverted:0:0:0:"));
+        assertTrue(args.contains("64.10.10.10:TCP:22:80:10.10.1.1/24-10.10.1.2/24:"));
    }

    @Test
@ -1003,95 +1014,116 @@ public class VirtualRoutingResourceTest implements VirtualRouterDeployer {
        assertEquals(path, "/var/cache/cloud/");
        assertTrue(filename.startsWith("VR-"));
        assertTrue(filename.endsWith(".cfg"));
-        assertEquals(content, "#Apache CloudStack Virtual Router Config File\n" +
-                "<version>\n" +
-                "1.0\n" +
-                "</version>\n" +
-                "<script>\n" +
-                "/opt/cloud/bin/ipassoc.sh -A -s -f -l 64.1.1.10/24 -c eth2 -g 64.1.1.1\n" +
-                "</script>\n" +
-                "<script>\n" +
-                "/opt/cloud/bin/ipassoc.sh -D -l 64.1.1.11/24 -c eth2 -g 64.1.1.1\n" +
-                "</script>\n" +
-                "<script>\n" +
-                "/opt/cloud/bin/ipassoc.sh -A -l 65.1.1.11/24 -c eth2 -g 65.1.1.1\n" +
-                "</script>\n" +
-                "<script>\n" +
-                "/opt/cloud/bin/vpc_ipassoc.sh  -A  -l 64.1.1.10 -c eth2 -g 64.1.1.1 -m 24 -n 64.1.1.0\n" +
-                "</script>\n" +
-                "<script>\n" +
-                "/opt/cloud/bin/vpc_privateGateway.sh  -A  -l 64.1.1.10 -c eth2\n" +
-                "</script>\n" +
-                "<script>\n" +
-                "/opt/cloud/bin/vpc_ipassoc.sh  -D  -l 64.1.1.11 -c eth2 -g 64.1.1.1 -m 24 -n 64.1.1.0\n" +
-                "</script>\n" +
-                "<script>\n" +
-                "/opt/cloud/bin/vpc_privateGateway.sh  -D  -l 64.1.1.11 -c eth2\n" +
-                "</script>\n" +
-                "<script>\n" +
-                "/opt/cloud/bin/vpc_ipassoc.sh  -A  -l 65.1.1.11 -c eth2 -g 65.1.1.1 -m 24 -n 65.1.1.0\n" +
-                "</script>\n" +
-                "<script>\n" +
-                "/opt/cloud/bin/firewall_ingress.sh  -F -a 64.10.10.10:ICMP:0:0:10.10.1.1/24-10.10.1.2/24:,64.10.10.10:TCP:22:80:10.10.1.1/24-10.10.1.2/24:,64.10.10.10:reverted:0:0:0:,\n" +
-                "</script>\n" +
-                "<script>\n" +
-                "/opt/cloud/bin/firewall_nat.sh -A -P tcp -l 64.1.1.10 -p 22:80 -r 10.10.1.10 -d 22:80\n" +
-                "</script>\n" +
-                "<script>\n" +
-                "/opt/cloud/bin/firewall_nat.sh -D -P udp -l 64.1.1.11 -p 8080:8080 -r 10.10.1.11 -d 8080:8080\n" +
-                "</script>\n" +
-                "<script>\n" +
-                "/opt/cloud/bin/vpc_portforwarding.sh -A -P tcp -l 64.1.1.10 -p 22:80 -r 10.10.1.10 -d 22-80\n" +
-                "</script>\n" +
-                "<script>\n" +
-                "/opt/cloud/bin/vpc_portforwarding.sh -D -P udp -l 64.1.1.11 -p 8080:8080 -r 10.10.1.11 -d 8080-8080\n" +
-                "</script>\n" +
-                "<script>\n" +
-                "/opt/cloud/bin/createIpAlias.sh 1:169.254.3.10:255.255.255.0-2:169.254.3.11:255.255.255.0-3:169.254.3.12:255.255.255.0-\n" +
-                "</script>\n" +
-                "<script>\n" +
-                "/opt/cloud/bin/deleteIpAlias.sh 1:169.254.3.10:255.255.255.0-2:169.254.3.11:255.255.255.0-3:169.254.3.12:255.255.255.0-- 1:169.254.3.10:255.255.255.0-2:169.254.3.11:255.255.255.0-3:169.254.3.12:255.255.255.0-\n" +
-                "</script>\n" +
-                "<script>\n" +
-                "/opt/cloud/bin/dnsmasq.sh 10.1.20.2:10.1.20.1:255.255.255.0:10.1.20.5-10.1.21.2:10.1.21.1:255.255.255.0:10.1.21.5-\n" +
-                "</script>\n" +
-                "<script>\n" +
-                "/opt/cloud/bin/vpn_l2tp.sh -r 10.10.1.10-10.10.1.20 -p sharedkey -s 124.10.10.10 -l 10.10.1.1 -c  -C 10.1.1.1/24 -i eth2\n" +
-                "</script>\n" +
-                "<script>\n" +
-                "/opt/cloud/bin/vpn_l2tp.sh -d  -s 124.10.10.10 -C 10.1.1.1/24 -i eth2\n" +
-                "</script>\n" +
-                "<script>\n" +
-                "/opt/cloud/bin/vpn_l2tp.sh -r 10.10.1.10-10.10.1.20 -p sharedkey -s 124.10.10.10 -l 10.10.1.1 -c  -C 10.1.1.1/24 -i eth1\n" +
-                "</script>\n" +
-                "<script>\n" +
-                "/opt/cloud/bin/firewall_nat.sh -A -P tcp -l 64.1.1.10 -p 22:80 -r 10.10.1.10 -d 22:80\n" +
-                "</script>\n" +
-                "<script>\n" +
-                "/opt/cloud/bin/firewall_nat.sh -D -P udp -l 64.1.1.11 -p 8080:8080 -r 10.10.1.11 -d 8080:8080\n" +
-                "</script>\n" +
-                "<script>\n" +
-                "/opt/cloud/bin/vpc_portforwarding.sh -A -P tcp -l 64.1.1.10 -p 22:80 -r 10.10.1.10 -d 22-80\n" +
-                "</script>\n" +
-                "<script>\n" +
-                "/opt/cloud/bin/vpc_portforwarding.sh -D -P udp -l 64.1.1.11 -p 8080:8080 -r 10.10.1.11 -d 8080-8080\n" +
-                "</script>\n" +
-                "<script>\n" +
-                "/opt/cloud/bin/edithosts.sh  -m 12:34:56:78:90:AB -4 10.1.10.2 -h vm1\n" +
-                "</script>\n" +
-                "<script>\n" +
-                "/opt/cloud/bin/edithosts.sh  -m 12:34:56:78:90:AB -h vm1 -6 2001:db8:0:0:0:ff00:42:8329 -u 00:03:00:01:12:34:56:78:90:AB\n" +
-                "</script>\n" +
-                "<script>\n" +
-                "/opt/cloud/bin/edithosts.sh  -m 12:34:56:78:90:AB -4 10.1.10.2 -h vm1 -6 2001:db8:0:0:0:ff00:42:8329 -u 00:03:00:01:12:34:56:78:90:AB\n" +
-                "</script>\n" +
-                "<script>\n" +
-                "/opt/cloud/bin/savepassword.sh -v 10.1.10.4 -p 123pass\n" +
-                "</script>\n" +
-                "<script>\n" +
-                "/opt/cloud/bin/vmdata.py -d eyIxMC4xLjEwLjQiOltbInVzZXJkYXRhIiwidXNlci1kYXRhIiwidXNlci1kYXRhIl0sWyJtZXRhZGF0YSIsInNlcnZpY2Utb2ZmZXJpbmciLCJzZXJ2aWNlT2ZmZXJpbmciXSxbIm1ldGFkYXRhIiwiYXZhaWxhYmlsaXR5LXpvbmUiLCJ6b25lTmFtZSJdLFsibWV0YWRhdGEiLCJsb2NhbC1pcHY0IiwiMTAuMS4xMC40Il0sWyJtZXRhZGF0YSIsImxvY2FsLWhvc3RuYW1lIiwidGVzdC12bSJdLFsibWV0YWRhdGEiLCJwdWJsaWMtaXB2NCIsIjExMC4xLjEwLjQiXSxbIm1ldGFkYXRhIiwicHVibGljLWhvc3RuYW1lIiwiaG9zdG5hbWUiXSxbIm1ldGFkYXRhIiwiaW5zdGFuY2UtaWQiLCJpLTQtVk0iXSxbIm1ldGFkYXRhIiwidm0taWQiLCI0Il0sWyJtZXRhZGF0YSIsInB1YmxpYy1rZXlzIiwicHVibGlja2V5Il0sWyJtZXRhZGF0YSIsImNsb3VkLWlkZW50aWZpZXIiLCJDbG91ZFN0YWNrLXt0ZXN0fSJdXX0=\n" +
-                "</script>" +
-                "\n");
+        Collection<String> filteredScripts = Collections2.transform(Collections2.filter (
+                Arrays.asList(content.split("</?script>")), new Predicate<String>() {
+
+                    @Override
+                    public boolean apply(String str) {
+                        return str.trim().startsWith("/opt/cloud");
+                    }
+                }), new Function<String, String>() {
+
+                    @Override
+                    public String apply(String str) {
+                        return str.trim();
+                    }
+                });
+        String[] scripts = filteredScripts.toArray(new String[filteredScripts
+                .size()]);
+
+        assertEquals(
+                "/opt/cloud/bin/ipassoc.sh -A -s -f -l 64.1.1.10/24 -c eth2 -g 64.1.1.1",
+                scripts[0]);
+
+        assertEquals(
+                "/opt/cloud/bin/ipassoc.sh -D -l 64.1.1.11/24 -c eth2 -g 64.1.1.1",
+                scripts[1]);
+
+        assertEquals(
+                "/opt/cloud/bin/ipassoc.sh -A -l 65.1.1.11/24 -c eth2 -g 65.1.1.1",
+                scripts[2]);
+        assertEquals(
+                "/opt/cloud/bin/vpc_ipassoc.sh  -A  -l 64.1.1.10 -c eth2 -g 64.1.1.1 -m 24 -n 64.1.1.0",
+                scripts[3]);
+        assertEquals(
+                "/opt/cloud/bin/vpc_privateGateway.sh  -A  -l 64.1.1.10 -c eth2",
+                scripts[4]);
+        assertEquals(
+                "/opt/cloud/bin/vpc_ipassoc.sh  -D  -l 64.1.1.11 -c eth2 -g 64.1.1.1 -m 24 -n 64.1.1.0",
+                scripts[5]);
+        assertEquals(
+                "/opt/cloud/bin/vpc_privateGateway.sh  -D  -l 64.1.1.11 -c eth2",
+                scripts[6]);
+        assertEquals(
+                "/opt/cloud/bin/vpc_ipassoc.sh  -A  -l 65.1.1.11 -c eth2 -g 65.1.1.1 -m 24 -n 65.1.1.0",
+                scripts[7]);
+        //the list generated by SetFirewallCmd is actually generated through a Set
+        //therefore we can not bet on the order of the parameters
+        assertTrue(
+                scripts[8].matches("/opt/cloud/bin/firewall_ingress.sh  -F -a .*"));
+        assertTrue(
+                scripts[8].contains("64.10.10.10:ICMP:0:0:10.10.1.1/24-10.10.1.2/24:"));
+        assertTrue(
+                scripts[8].contains("64.10.10.10:TCP:22:80:10.10.1.1/24-10.10.1.2/24:"));
+        assertTrue(
+                scripts[8].contains("64.10.10.10:reverted:0:0:0:"));
+
+        assertEquals(
+                "/opt/cloud/bin/firewall_nat.sh -A -P tcp -l 64.1.1.10 -p 22:80 -r 10.10.1.10 -d 22:80",
+                scripts[9]);
+        assertEquals(
+                "/opt/cloud/bin/firewall_nat.sh -D -P udp -l 64.1.1.11 -p 8080:8080 -r 10.10.1.11 -d 8080:8080",
+                scripts[10]);
+        assertEquals(
+                "/opt/cloud/bin/vpc_portforwarding.sh -A -P tcp -l 64.1.1.10 -p 22:80 -r 10.10.1.10 -d 22-80",
+                scripts[11]);
+        assertEquals(
+                "/opt/cloud/bin/vpc_portforwarding.sh -D -P udp -l 64.1.1.11 -p 8080:8080 -r 10.10.1.11 -d 8080-8080",
+                scripts[12]);
+        assertEquals(
+                "/opt/cloud/bin/createIpAlias.sh 1:169.254.3.10:255.255.255.0-2:169.254.3.11:255.255.255.0-3:169.254.3.12:255.255.255.0-",
+                scripts[13]);
+        assertEquals(
+                "/opt/cloud/bin/deleteIpAlias.sh 1:169.254.3.10:255.255.255.0-2:169.254.3.11:255.255.255.0-3:169.254.3.12:255.255.255.0-- 1:169.254.3.10:255.255.255.0-2:169.254.3.11:255.255.255.0-3:169.254.3.12:255.255.255.0-",
+                scripts[14]);
+        assertEquals(
+                "/opt/cloud/bin/dnsmasq.sh 10.1.20.2:10.1.20.1:255.255.255.0:10.1.20.5-10.1.21.2:10.1.21.1:255.255.255.0:10.1.21.5-",
+                scripts[15]);
+        assertEquals(
+                "/opt/cloud/bin/vpn_l2tp.sh -r 10.10.1.10-10.10.1.20 -p sharedkey -s 124.10.10.10 -l 10.10.1.1 -c  -C 10.1.1.1/24 -i eth2",
+                scripts[16]);
+        assertEquals(
+                "/opt/cloud/bin/vpn_l2tp.sh -d  -s 124.10.10.10 -C 10.1.1.1/24 -i eth2",
+                scripts[17]);
+        assertEquals(
+                "/opt/cloud/bin/vpn_l2tp.sh -r 10.10.1.10-10.10.1.20 -p sharedkey -s 124.10.10.10 -l 10.10.1.1 -c  -C 10.1.1.1/24 -i eth1",
+                scripts[18]);
+        assertEquals(
+                "/opt/cloud/bin/firewall_nat.sh -A -P tcp -l 64.1.1.10 -p 22:80 -r 10.10.1.10 -d 22:80",
+                scripts[19]);
+        assertEquals(
+                "/opt/cloud/bin/firewall_nat.sh -D -P udp -l 64.1.1.11 -p 8080:8080 -r 10.10.1.11 -d 8080:8080",
+                scripts[20]);
+        assertEquals(
+                "/opt/cloud/bin/vpc_portforwarding.sh -A -P tcp -l 64.1.1.10 -p 22:80 -r 10.10.1.10 -d 22-80",
+                scripts[21]);
+        assertEquals(
+                "/opt/cloud/bin/vpc_portforwarding.sh -D -P udp -l 64.1.1.11 -p 8080:8080 -r 10.10.1.11 -d 8080-8080",
+                scripts[22]);
+        assertEquals(
+                "/opt/cloud/bin/edithosts.sh  -m 12:34:56:78:90:AB -4 10.1.10.2 -h vm1",
+                scripts[23]);
+        assertEquals(
+                "/opt/cloud/bin/edithosts.sh  -m 12:34:56:78:90:AB -h vm1 -6 2001:db8:0:0:0:ff00:42:8329 -u 00:03:00:01:12:34:56:78:90:AB",
+                scripts[24]);
+        assertEquals(
+                "/opt/cloud/bin/edithosts.sh  -m 12:34:56:78:90:AB -4 10.1.10.2 -h vm1 -6 2001:db8:0:0:0:ff00:42:8329 -u 00:03:00:01:12:34:56:78:90:AB",
+                scripts[25]);
+        assertEquals("/opt/cloud/bin/savepassword.sh -v 10.1.10.4 -p 123pass",
+                scripts[26]);
+        assertEquals(
+                "/opt/cloud/bin/vmdata.py -d eyIxMC4xLjEwLjQiOltbInVzZXJkYXRhIiwidXNlci1kYXRhIiwidXNlci1kYXRhIl0sWyJtZXRhZGF0YSIsInNlcnZpY2Utb2ZmZXJpbmciLCJzZXJ2aWNlT2ZmZXJpbmciXSxbIm1ldGFkYXRhIiwiYXZhaWxhYmlsaXR5LXpvbmUiLCJ6b25lTmFtZSJdLFsibWV0YWRhdGEiLCJsb2NhbC1pcHY0IiwiMTAuMS4xMC40Il0sWyJtZXRhZGF0YSIsImxvY2FsLWhvc3RuYW1lIiwidGVzdC12bSJdLFsibWV0YWRhdGEiLCJwdWJsaWMtaXB2NCIsIjExMC4xLjEwLjQiXSxbIm1ldGFkYXRhIiwicHVibGljLWhvc3RuYW1lIiwiaG9zdG5hbWUiXSxbIm1ldGFkYXRhIiwiaW5zdGFuY2UtaWQiLCJpLTQtVk0iXSxbIm1ldGFkYXRhIiwidm0taWQiLCI0Il0sWyJtZXRhZGF0YSIsInB1YmxpYy1rZXlzIiwicHVibGlja2V5Il0sWyJtZXRhZGF0YSIsImNsb3VkLWlkZW50aWZpZXIiLCJDbG91ZFN0YWNrLXt0ZXN0fSJdXX0=",
+                scripts[27]);
    }

 }