Add back the removed test for OpenFirewallRules

Author: wongni

pkg/cloud/network.go

@@ -30,6 +30,7 @@ type NetworkIface interface {
 	ResolveNetworkStatuses(*capcv1.CloudStackCluster) error
 	ResolveNetwork(*capcv1.CloudStackCluster, *capcv1.Network) error
 	CreateIsolatedNetwork(*capcv1.CloudStackCluster) error
+	OpenFirewallRules(networkID string) error
 	FetchPublicIP(*capcv1.CloudStackCluster) (*cloudstack.PublicIpAddress, error)
 	ResolveLoadBalancerRuleDetails(*capcv1.CloudStackCluster) error
 	GetOrCreateLoadBalancerRule(*capcv1.CloudStackCluster) error
@@ -145,7 +146,7 @@ func (c *client) CreateIsolatedNetwork(csCluster *capcv1.CloudStackCluster) (ret
 		return err
 	}
 
-	if err := c.openFirewallRules(zoneStatus.Network.ID); err != nil {
+	if err := c.OpenFirewallRules(zoneStatus.Network.ID); err != nil {
 		return err
 	}
 
@@ -271,7 +272,7 @@ func (c *client) AssociatePublicIPAddress(csCluster *capcv1.CloudStackCluster) (
 	return nil
 }
 
-func (c *client) openFirewallRules(networkID string) (retErr error) {
+func (c *client) OpenFirewallRules(networkID string) (retErr error) {
 	p := c.cs.Firewall.NewCreateEgressFirewallRuleParams(networkID, NetworkProtocolTCP)
 	_, retErr = c.cs.Firewall.CreateEgressFirewallRule(p)
 	if retErr != nil && strings.Contains(strings.ToLower(retErr.Error()), "there is already") { // Already a firewall rule here.

pkg/cloud/network_test.go

@@ -127,6 +127,10 @@ var _ = Describe("Network", func() {
 				PublicIpAddresses: []*csapi.PublicIpAddress{{Id: dummies.PublicIPID, Ipaddress: "fakeIP"}}}, nil)
 		as.EXPECT().NewAssociateIpAddressParams().Return(&csapi.AssociateIpAddressParams{})
 		as.EXPECT().AssociateIpAddress(gomock.Any())
+		fs.EXPECT().NewCreateEgressFirewallRuleParams(dummies.ISONet1.ID, cloud.NetworkProtocolTCP).
+			Return(&csapi.CreateEgressFirewallRuleParams{})
+		fs.EXPECT().CreateEgressFirewallRule(&csapi.CreateEgressFirewallRuleParams{}).
+			Return(&csapi.CreateEgressFirewallRuleResponse{}, nil)
 
 		// Will add cluster tag once to Network and once to PublicIP.
 		createdByResponse := &csapi.ListTagsResponse{Tags: []*csapi.Tag{{Key: cloud.CreatedByCAPCTagName, Value: "1"}}}
@@ -149,6 +153,35 @@ var _ = Describe("Network", func() {
 		Ω(client.GetOrCreateIsolatedNetwork(dummies.CSCluster)).Should(Succeed())
 	})
 
+	Context("for a closed firewall", func() {
+		It("OpenFirewallRule asks CloudStack to open the firewall", func() {
+			dummies.Zone1.Network = dummies.ISONet1
+			dummies.CSCluster.Status.Zones = capcv1.ZoneStatusMap{dummies.Zone1.ID: dummies.Zone1}
+			dummies.CSCluster.Status.PublicIPNetworkID = dummies.ISONet1.ID
+			fs.EXPECT().NewCreateEgressFirewallRuleParams(dummies.ISONet1.ID, cloud.NetworkProtocolTCP).
+				Return(&csapi.CreateEgressFirewallRuleParams{})
+			fs.EXPECT().CreateEgressFirewallRule(&csapi.CreateEgressFirewallRuleParams{}).
+				Return(&csapi.CreateEgressFirewallRuleResponse{}, nil)
+
+			Ω(client.OpenFirewallRules(dummies.ISONet1.ID)).Should(Succeed())
+		})
+	})
+
+	Context("for an open firewall", func() {
+		It("OpenFirewallRule asks CloudStack to open the firewall anyway, but doesn't fail", func() {
+			dummies.Zone1.Network = dummies.ISONet1
+			dummies.CSCluster.Status.Zones = capcv1.ZoneStatusMap{dummies.Zone1.ID: dummies.Zone1}
+			dummies.CSCluster.Status.PublicIPNetworkID = dummies.ISONet1.ID
+
+			fs.EXPECT().NewCreateEgressFirewallRuleParams(dummies.ISONet1.ID, "tcp").
+				Return(&csapi.CreateEgressFirewallRuleParams{})
+			fs.EXPECT().CreateEgressFirewallRule(&csapi.CreateEgressFirewallRuleParams{}).
+				Return(&csapi.CreateEgressFirewallRuleResponse{}, errors.New("there is already a rule like this"))
+
+			Ω(client.OpenFirewallRules(dummies.ISONet1.ID)).Should(Succeed())
+		})
+	})
+
 	Context("in an isolated network with public IPs available", func() {
 		It("will resolve public IP details given an endpoint spec", func() {
 			ipAddress := "192.168.1.14"