infrataster-plugin-firewall 0.1.1 → 0.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5c6fb638743aa14b0bfdcb5aaffa6ae8b4af64d5
-  data.tar.gz: ffae74342cd92a04bf17796f4b4509bdcfd445ab
+  metadata.gz: c9751ed03e14bd64062a285efc92e046a2d1333a
+  data.tar.gz: 32870da8afb15060171490c4b69723cc18e986fd
 SHA512:
-  metadata.gz: 472b21cf931b06826e6fe510dc1013d63974c1688fc90dbbce73b8efafbdf61d0c39b764cb4e83308bb58fdfab247cda0d276ec71bfa87c8abcfb0f86a2e94c9
-  data.tar.gz: fb4b7b7354ad85674f26df7a0ed4f00f883cc08b6157107ea40838e5fcfaec261de2665d25cd8102f2f8195514f015863fddbf4c4e9daf3a0a26c68c35b66b02
+  metadata.gz: f95fcddd18c769bbeee75762ba7010e1b500fcb094a32e339fd216815122bfa5a18e9fcb3c225455cffd2aa5fc9b879176310bbae4695078a5618c38a11cdd7f
+  data.tar.gz: c74860305244ba8f7bfdc51364b517c3e79c26af87fca2b397174da8faeb08613c9cae47fcca6b0687c2f10ea2d3bd18691bcda063bcb531591c961ce67714d3

data/README.md

@@ -5,21 +5,12 @@
 
 Firewall plugin for Infrataster.
 
-## Installation
-
-Add this line to your application's Gemfile:
-
-```ruby
-gem 'infrataster-plugin-firewall'
-```
-
-And then execute:
-
-    $ bundle
-
-Or install it yourself as:
+## Why Infrataster::Plugin::Firewall
 
-    $ gem install infrataster-plugin-firewall
+We want to test connectivity between a source server and a destination server.
+But the servers could not respond because of no service provided on the port which we want to test.
+So, this plugin tests tcp/udp with tcpdump which can get packets on destination servers.
+Tcpdump can capture packets even if iptables or firewalld drops the packets.
 
 ## Usage
 
@@ -61,6 +52,28 @@ Finished in 21.35 seconds (files took 0.7851 seconds to load)
 $
 ```
 
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'infrataster-plugin-firewall'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install infrataster-plugin-firewall
+
+## Requirement
+
+This plugin uses nc(netcat) and tcpdump.
+You need to run tcpdump on destination servers with sudo, 
+and nc on source servers.
+
 ## Release Notes
 
 [Release Notes](./RELEASE_NOTES.md)

data/RELEASE_NOTES.md

@@ -1,5 +1,11 @@
 # Release Notes
 
+## v0.1.2
+
+* Fit not wait forever even if udp
+* Add src address filter to capture
+* Fix to accept String for node
+
 ## v0.1.1
 
 * Add acceptable port format like 80/tcp.

data/lib/infrataster/plugin/firewall/transfer.rb

@@ -31,15 +31,17 @@ module Infrataster
         end
 
         def transport_reachable?
+          src_addr  = Util.address(@src_node)
           dest_addr = Util.address(@dest_node)
-          bpf_options = { :'dst host' => dest_addr,
+          bpf_options = { :'src host' => src_addr,
+                          :'dst host' => dest_addr,
                           :'dst port' => @dest_port,
                           @protocol.downcase => nil }
           bpf_options.merge!(:'src port' => @source_port) if @source_port
           bpf = Capture.bpf(bpf_options)
           capture = Capture.new(@dest_node, bpf)
           capture.open do
-            nc_option = @protocol == :udp ? '-u' : '-t'
+            nc_option = @protocol == :udp ? '-w1 -u' : '-w1 -t'
             nc_option += @source_port ? " -p #{@source_port}" : ''
             @src_node.server
               .ssh_exec("echo test|nc #{dest_addr} #{@dest_port} #{nc_option}")

data/lib/infrataster/plugin/firewall/util.rb

@@ -5,7 +5,7 @@ module Infrataster
       # Util
       class Util
         def self.address(node)
-          if node.respond_to?(:server)
+          if node.class == Resources::ServerResource
             node.server.address
           else
             node.to_s

data/lib/infrataster/plugin/firewall/version.rb

@@ -2,7 +2,7 @@ module Infrataster
   module Plugin
     # Infrataster plugin for firewall
     module Firewall
-      VERSION = '0.1.1'
+      VERSION = '0.1.2'
     end
   end
 end

data/spec/unit/lib/infrataster/contexts/firewall_context_spec.rb

@@ -0,0 +1,38 @@
+require 'unit/spec_helper'
+
+module Infrataster
+  # Infrataster contexts
+  module Contexts
+    describe FirewallContext do
+      let(:context) do
+        Infrataster::Contexts::FirewallContext.new(nil, nil)
+      end
+      it 'should have matcher `be_reachable`' do
+        expect(context).to respond_to(:be_reachable)
+      end
+      it 'should have chain `icmp`' do
+        expect(context.be_reachable).to respond_to(:icmp)
+      end
+      it 'should have chain `tcp`' do
+        expect(context.be_reachable).to respond_to(:tcp)
+      end
+      it 'should have chain `udp`' do
+        expect(context.be_reachable).to respond_to(:udp)
+      end
+      it 'should have chain `dest_port`' do
+        expect(context.be_reachable).to respond_to(:dest_port)
+      end
+      it 'should have chain `source_port`' do
+        expect(context.be_reachable).to respond_to(:source_port)
+      end
+      it 'should have failure_message' do
+        expect(context.be_reachable)
+          .to respond_to(:failure_message)
+      end
+      it 'should have failure_message_when_negated' do
+        expect(context.be_reachable)
+          .to respond_to(:failure_message_when_negated)
+      end
+    end
+  end
+end

data/spec/unit/lib/infrataster/helpers/firewall_resource_helper_spec.rb

@@ -0,0 +1,15 @@
+require 'unit/spec_helper'
+
+module Infrataster
+  # Infrataster Helpers
+  module Helpers
+    describe ResourceHelper do
+      context '#firewall' do
+        it 'should respond instance of Resources::FirewallResource' do
+          expect(firewall(:dst))
+            .to be_a_kind_of(Resources::FirewallResource)
+        end
+      end
+    end
+  end
+end

data/spec/unit/lib/infrataster/plugin/firewall/capture_spec.rb

@@ -0,0 +1,49 @@
+require 'unit/spec_helper'
+
+module Infrataster
+  module Plugin
+    # Infrataster plugin firewall
+    module Firewall
+      describe Capture do
+        before(:all) do
+          Infrataster::Server.define(:src, '192.168.33.10')
+          Infrataster::Server.define(:dst, '192.168.33.11')
+        end
+        after(:all)  { Infrataster::Server.clear_all }
+        describe '#open' do
+          let(:capture) do
+            ssh  = double('ssh')
+            allow(ssh).to receive(:open_channel)
+            allow(ssh).to receive(:closed?).and_return(false)
+            node = double('node')
+            allow(node).to receive(:server).and_return(ssh)
+            allow(node).to receive(:ssh).and_yield(ssh)
+            capture = Capture.new(node)
+            capture.instance_variable_set(:@ssh, ssh)
+            capture
+          end
+          context 'block given' do
+            it 'should call block with closing' do
+              capture.instance_variable_set(:@connected, true)
+              capture.instance_variable_set(:@start_sec, 0)
+              allow(capture).to receive(:run_check).and_return(true)
+              result = nil
+              expect(capture).to receive(:close).once
+              capture.open { result = true }
+              expect(result).to be true
+            end
+          end
+          context 'no block given' do
+            it 'should call block without closing' do
+              capture.instance_variable_set(:@connected, true)
+              capture.instance_variable_set(:@start_sec, 0)
+              allow(capture).to receive(:run_check).and_return(true)
+              expect(capture).not_to receive(:close)
+              capture.open
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/spec/unit/lib/infrataster/plugin/firewall/transfer_spec.rb

@@ -0,0 +1,54 @@
+require 'unit/spec_helper'
+
+module Infrataster
+  module Plugin
+    # Infrataster plugin firewall
+    module Firewall
+      describe Transfer do
+        before(:all) do
+          Infrataster::Server.define(:src, '192.168.33.10')
+          Infrataster::Server.define(:dst, '192.168.33.11')
+        end
+        after(:all)  { Infrataster::Server.clear_all }
+        describe '#reachable?' do
+          context 'if @protocol == :icmp' do
+            let(:transfer) do
+              Transfer.new(server(:src), server(:dst), protocol: :icmp)
+            end
+            it 'should be true if PING_OK' do
+              allow(server(:src).server)
+                .to receive(:ssh_exec).and_return('PING_OK')
+              expect(transfer.reachable?).to be true
+            end
+          end
+          context 'if @protocol == :tcp' do
+            let(:transfer) do
+              Transfer.new(server(:src), server(:dst), protocol: :tcp)
+            end
+            it 'should be true if capture result is OK' do
+              allow(server(:src).server).to receive(:ssh_exec).and_return(true)
+              allow_any_instance_of(Capture)
+                .to receive(:open) { |&block| block.call }
+              allow_any_instance_of(Capture)
+                .to receive(:result).and_return(true)
+              expect(transfer.reachable?).to be true
+            end
+          end
+          context 'if @protocol == :udp' do
+            let(:transfer) do
+              Transfer.new(server(:src), server(:dst), protocol: :udp)
+            end
+            it 'should be true if capture result is OK' do
+              allow(server(:src).server).to receive(:ssh_exec).and_return(true)
+              allow_any_instance_of(Capture)
+                .to receive(:open) { |&block| block.call }
+              allow_any_instance_of(Capture)
+                .to receive(:result).and_return(true)
+              expect(transfer.reachable?).to be true
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/spec/unit/lib/infrataster/plugin/firewall/util_spec.rb

@@ -0,0 +1,28 @@
+require 'unit/spec_helper'
+
+module Infrataster
+  module Plugin
+    # Infrataster plugin firewall
+    module Firewall
+      describe Util do
+        describe 'address' do
+          before(:all) { Infrataster::Server.define(:src, '192.168.33.10') }
+          after(:all)  { Infrataster::Server.clear_all }
+
+          context 'if node.server is given' do
+            let(:node) { server(:src) }
+            it 'should respond node.server.addrress' do
+              expect(Util.address(node)).to eql(node.server.address)
+            end
+          end
+          context 'if node.server is String' do
+            let(:node) { '192.168.33.11' }
+            it 'should respond node.to_s' do
+              expect(Util.address(node)).to eql(node.to_s)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/spec/unit/lib/infrataster/plugin/firewall/version_spec.rb

@@ -0,0 +1,13 @@
+require 'unit/spec_helper'
+
+module Infrataster
+  # Infrataster plugin
+  module Plugin
+    describe Firewall do
+      it 'should have VERSION like 0.1.1' do
+        expect(Infrataster::Plugin::Firewall::VERSION)
+          .to match(/^\d+\.\d+\.\d+$/)
+      end
+    end
+  end
+end

data/spec/unit/lib/infrataster/resources/firewall_resource_spec.rb

@@ -0,0 +1,26 @@
+require 'unit/spec_helper'
+
+module Infrataster
+  # Infrataster Resources
+  module Resources
+    describe FirewallResource do
+      let(:resource) { FirewallResource.new(:src, :dst) }
+
+      describe '#to_s' do
+        it 'should respond "via firewall"' do
+          expect(resource.to_s).to eql('via firewall')
+        end
+      end
+      describe '#src_node' do
+        it 'should respond first argument for initializing' do
+          expect(resource.src_node).to eql(:src)
+        end
+      end
+      describe '#dest_node' do
+        it 'should respond second argument for initializing' do
+          expect(resource.dest_node).to eql(:dst)
+        end
+      end
+    end
+  end
+end

data/spec/unit/spec_helper.rb

@@ -0,0 +1,16 @@
+require 'coveralls'
+Coveralls.wear!
+
+require 'simplecov'
+
+SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter[
+  SimpleCov::Formatter::HTMLFormatter,
+  Coveralls::SimpleCov::Formatter
+]
+SimpleCov.start do
+  add_filter '.bundle/'
+end
+
+require 'rspec'
+require 'infrataster/rspec'
+require 'infrataster-plugin-firewall'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: infrataster-plugin-firewall
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
 platform: ruby
 authors:
 - Hiroshi Ota
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-04-26 00:00:00.000000000 Z
+date: 2015-05-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: infrataster
@@ -136,6 +136,14 @@ files:
 - spec/integration/firewall_spec.rb
 - spec/integration/vm/Vagrantfile
 - spec/spec_helper.rb
+- spec/unit/lib/infrataster/contexts/firewall_context_spec.rb
+- spec/unit/lib/infrataster/helpers/firewall_resource_helper_spec.rb
+- spec/unit/lib/infrataster/plugin/firewall/capture_spec.rb
+- spec/unit/lib/infrataster/plugin/firewall/transfer_spec.rb
+- spec/unit/lib/infrataster/plugin/firewall/util_spec.rb
+- spec/unit/lib/infrataster/plugin/firewall/version_spec.rb
+- spec/unit/lib/infrataster/resources/firewall_resource_spec.rb
+- spec/unit/spec_helper.rb
 homepage: https://github.com/otahi/infrataster-plugin-firewall
 licenses:
 - MIT
@@ -164,3 +172,11 @@ test_files:
 - spec/integration/firewall_spec.rb
 - spec/integration/vm/Vagrantfile
 - spec/spec_helper.rb
+- spec/unit/lib/infrataster/contexts/firewall_context_spec.rb
+- spec/unit/lib/infrataster/helpers/firewall_resource_helper_spec.rb
+- spec/unit/lib/infrataster/plugin/firewall/capture_spec.rb
+- spec/unit/lib/infrataster/plugin/firewall/transfer_spec.rb
+- spec/unit/lib/infrataster/plugin/firewall/util_spec.rb
+- spec/unit/lib/infrataster/plugin/firewall/version_spec.rb
+- spec/unit/lib/infrataster/resources/firewall_resource_spec.rb
+- spec/unit/spec_helper.rb