vcloud-edge_gateway 1.5.0 → 1.5.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/CHANGELOG.md +15 -0
- data/README.md +1 -3
- data/examples/vcloud-configure-edge/vpn-tunnels.yaml +40 -0
- data/jenkins.sh +2 -0
- data/jenkins_tests.sh +2 -0
- data/lib/vcloud/edge_gateway/configuration_generator/gateway_ipsec_vpn_service.rb +64 -0
- data/lib/vcloud/edge_gateway/edge_gateway_configuration.rb +15 -0
- data/lib/vcloud/edge_gateway/gateway_ipsec_vpn_configuration_differ.rb +18 -0
- data/lib/vcloud/edge_gateway/schema/edge_gateway.rb +2 -1
- data/lib/vcloud/edge_gateway/schema/gateway_ipsec_vpn_service.rb +97 -0
- data/lib/vcloud/edge_gateway/version.rb +1 -1
- data/lib/vcloud/edge_gateway.rb +3 -0
- data/rbenv_version.sh +1 -0
- data/spec/integration/edge_gateway/configure_load_balancer_spec.rb +13 -1
- data/spec/integration/edge_gateway/configure_multiple_services_spec.rb +10 -0
- data/spec/integration/edge_gateway/configure_nat_spec.rb +12 -0
- data/spec/spec_helper.rb +1 -1
- data/spec/vcloud/edge_gateway/edge_gateway_configuration_spec.rb +191 -9
- data/spec/vcloud/edge_gateway/vpn_schema_validation_spec.rb +110 -0
- data/vcloud-edge_gateway.gemspec +1 -1
- metadata +80 -51
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 86f8618c4225d55bb5925210f8e2d61e8871dcdb
|
4
|
+
data.tar.gz: 09347c90c0b67feb8a0ed4caa81a507cd2f7bbca
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 97df5193a9687af5e10abff2278cb96870a7940b2f4ad3219244732275eab494fee4eaa7ab135cc3231c2af9d66b50bb47d4fc723a4189e7f7b4814642e772de
|
7
|
+
data.tar.gz: 77ae86c795dd2c8937c38a30d340ac551c09a2db9559359d816b94e8b84be51f4d8a2459be8c1c0c09526ae2952080ca91ff0a75b215654c5df789598659f2ff
|
data/CHANGELOG.md
CHANGED
@@ -1,9 +1,24 @@
|
|
1
|
+
## 1.5.2 (2015-07-20)
|
2
|
+
|
3
|
+
- Update vCloud Core to 1.1.0 to pick up a bugfix.
|
4
|
+
|
5
|
+
## 1.5.1 (2015-03-30)
|
6
|
+
|
7
|
+
Bugfixes:
|
8
|
+
|
9
|
+
- Upgrade vCloud Core dependency to version 1.0.2 to pull in fix for this
|
10
|
+
error:
|
11
|
+
|
12
|
+
undefined method `redisplay_progressbar' for Fog::Formatador:Class
|
13
|
+
|
1
14
|
## 1.5.0 (2015-03-04)
|
2
15
|
|
3
16
|
Features:
|
17
|
+
|
4
18
|
- Add support for static routes, thanks @geriBatai!
|
5
19
|
|
6
20
|
Documentation:
|
21
|
+
|
7
22
|
- Correct the Copyright notice
|
8
23
|
- Guide for integration tests moved to GDS Operations web site
|
9
24
|
|
data/README.md
CHANGED
@@ -42,9 +42,7 @@ You can configure the following services on an existing edgegateway using
|
|
42
42
|
- firewall_service
|
43
43
|
- nat_service
|
44
44
|
- load_balancer_service
|
45
|
-
|
46
|
-
NB: DHCP and VPN Services are not yet supported by the Fog platform underneath.
|
47
|
-
Support for these is being considered.
|
45
|
+
- gateway_ipsec_vpn_service
|
48
46
|
|
49
47
|
The `vcloud-edge-configure` tool takes an input YAML file describing one
|
50
48
|
or more of these services and updates the edge gateway configuration to match,
|
@@ -0,0 +1,40 @@
|
|
1
|
+
# Example configuration file for defining VPN tunnels on the vShield Edge Gateway
|
2
|
+
#
|
3
|
+
# Note that applying this configuration file will replace the current VPN tunnels
|
4
|
+
# on the vShield Edge Gateway.
|
5
|
+
#
|
6
|
+
# Here be dragons:
|
7
|
+
# The vSE isn't the best at validating settings before trying to configure
|
8
|
+
# itself with them. Values for the following, that the vSE does not expect,
|
9
|
+
# could cause it to get into a bad state.
|
10
|
+
#
|
11
|
+
# mtu - Maximum for your network.
|
12
|
+
# local_ip_address - IP address that belongs to the external network of the vSE
|
13
|
+
# local_subnets - A local subnet which is directly attached to the vSE
|
14
|
+
---
|
15
|
+
gateway: testing_gateway
|
16
|
+
gateway_ipsec_vpn_service:
|
17
|
+
enabled: true
|
18
|
+
tunnels:
|
19
|
+
- :name: 'staging_tunnel'
|
20
|
+
:enabled: true
|
21
|
+
:rule_type: 'DNAT'
|
22
|
+
:description: 'test tunnel'
|
23
|
+
:ipsec_vpn_local_peer:
|
24
|
+
:id: '1223-123UDH-22222'
|
25
|
+
:name: 'foobarbaz'
|
26
|
+
:peer_ip_address: '172.16.3.16'
|
27
|
+
:peer_id: '1223-123UDH-12321'
|
28
|
+
:local_ip_address: '172.16.10.2'
|
29
|
+
:local_id: '202UB-9602-UB629'
|
30
|
+
:peer_subnets:
|
31
|
+
- :name: '192.168.0.0/18'
|
32
|
+
:gateway: '192.168.0.0'
|
33
|
+
:netmask: '255.255.192.0'
|
34
|
+
:shared_secret: 'Secretsecretsecretsecretsecretsecret123456789'
|
35
|
+
:encryption_protocol: 'AES'
|
36
|
+
:mtu: 1500
|
37
|
+
:local_subnets:
|
38
|
+
- :name: 'test subnet'
|
39
|
+
:gateway: '192.168.90.254'
|
40
|
+
:netmask: '255.255.255.0'
|
data/jenkins.sh
CHANGED
data/jenkins_tests.sh
CHANGED
@@ -0,0 +1,64 @@
|
|
1
|
+
module Vcloud
|
2
|
+
module EdgeGateway
|
3
|
+
module ConfigurationGenerator
|
4
|
+
|
5
|
+
class GatewayIpsecVpnService
|
6
|
+
def initialize input_config
|
7
|
+
@input_config = input_config
|
8
|
+
end
|
9
|
+
|
10
|
+
def generate_fog_config
|
11
|
+
if @input_config
|
12
|
+
gateway_ipsec_vpn_service = {}
|
13
|
+
gateway_ipsec_vpn_service[:IsEnabled] = @input_config.key?(:enabled) ? @input_config[:enabled].to_s : 'true'
|
14
|
+
gateway_ipsec_vpn_service[:Tunnel] = populate_vpn_tunnels
|
15
|
+
gateway_ipsec_vpn_service
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
def populate_vpn_tunnels
|
20
|
+
tunnels = @input_config[:tunnels]
|
21
|
+
tunnels.collect do |tunnel|
|
22
|
+
new_tunnel = populate_tunnel(tunnel)
|
23
|
+
new_tunnel
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
def populate_tunnel(tunnel)
|
28
|
+
vpn_tunnel = {}
|
29
|
+
vpn_tunnel[:Name] = tunnel[:name]
|
30
|
+
vpn_tunnel[:Description] = tunnel[:description]
|
31
|
+
vpn_tunnel[:IpsecVpnLocalPeer] = {
|
32
|
+
:Id => tunnel[:ipsec_vpn_local_peer][:id],
|
33
|
+
:Name => tunnel[:ipsec_vpn_local_peer][:name]
|
34
|
+
}
|
35
|
+
vpn_tunnel[:PeerIpAddress] = tunnel[:peer_ip_address]
|
36
|
+
vpn_tunnel[:PeerId] = tunnel[:peer_id]
|
37
|
+
vpn_tunnel[:LocalIpAddress] = tunnel[:local_ip_address]
|
38
|
+
vpn_tunnel[:LocalId] = tunnel[:local_id]
|
39
|
+
vpn_tunnel[:PeerSubnet] =
|
40
|
+
tunnel[:peer_subnets].map do |subnet|
|
41
|
+
{ :Name => subnet[:name],
|
42
|
+
:Gateway => subnet[:gateway],
|
43
|
+
:Netmask => subnet[:netmask]
|
44
|
+
}
|
45
|
+
end
|
46
|
+
vpn_tunnel[:SharedSecret] = tunnel[:shared_secret]
|
47
|
+
vpn_tunnel[:SharedSecretEncrypted] = tunnel[:shared_secret_encrypted] if tunnel.key?(:shared_secret_encrypted)
|
48
|
+
vpn_tunnel[:EncryptionProtocol] = tunnel[:encryption_protocol]
|
49
|
+
vpn_tunnel[:Mtu] = tunnel[:mtu]
|
50
|
+
vpn_tunnel[:IsEnabled] = tunnel[:enabled]
|
51
|
+
vpn_tunnel[:LocalSubnet] =
|
52
|
+
tunnel[:local_subnets].map do |subnet|
|
53
|
+
{ :Name => subnet[:name],
|
54
|
+
:Gateway => subnet[:gateway],
|
55
|
+
:Netmask => subnet[:netmask]
|
56
|
+
}
|
57
|
+
end
|
58
|
+
vpn_tunnel
|
59
|
+
end
|
60
|
+
|
61
|
+
end
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
@@ -48,6 +48,21 @@ module Vcloud
|
|
48
48
|
end
|
49
49
|
end
|
50
50
|
|
51
|
+
gateway_ipsec_vpn_service_config = EdgeGateway::ConfigurationGenerator::GatewayIpsecVpnService.new(
|
52
|
+
local_config[:gateway_ipsec_vpn_service]
|
53
|
+
).generate_fog_config
|
54
|
+
|
55
|
+
unless gateway_ipsec_vpn_service_config.nil?
|
56
|
+
differ = EdgeGateway::GatewayIpsecVpnConfigurationDiffer.new(
|
57
|
+
remote_config[:GatewayIpsecVpnService],
|
58
|
+
gateway_ipsec_vpn_service_config
|
59
|
+
)
|
60
|
+
unless differ.diff.empty?
|
61
|
+
diff[:GatewayIpsecVpnService] = differ.diff
|
62
|
+
new_config[:GatewayIpsecVpnService] = gateway_ipsec_vpn_service_config
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
51
66
|
load_balancer_service_config =
|
52
67
|
EdgeGateway::ConfigurationGenerator::LoadBalancerService.new(
|
53
68
|
edge_gateway_interfaces
|
@@ -0,0 +1,18 @@
|
|
1
|
+
module Vcloud
|
2
|
+
module EdgeGateway
|
3
|
+
class GatewayIpsecVpnConfigurationDiffer < ConfigurationDiffer
|
4
|
+
|
5
|
+
def strip_fields_for_differ_to_ignore(config)
|
6
|
+
deep_cloned_config = Marshal.load( Marshal.dump(config) )
|
7
|
+
if deep_cloned_config.key?(:GatewayIpsecVpnService)
|
8
|
+
deep_cloned_config[:GatewayIpsecVpnService].each do |vpn|
|
9
|
+
vpn.delete(:Id)
|
10
|
+
end
|
11
|
+
end
|
12
|
+
deep_cloned_config
|
13
|
+
end
|
14
|
+
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
end
|
@@ -10,7 +10,8 @@ module Vcloud
|
|
10
10
|
firewall_service: FIREWALL_SERVICE,
|
11
11
|
nat_service: NAT_SERVICE,
|
12
12
|
load_balancer_service: LOAD_BALANCER_SERVICE,
|
13
|
-
static_routing_service: STATIC_ROUTING_SERVICE
|
13
|
+
static_routing_service: STATIC_ROUTING_SERVICE,
|
14
|
+
gateway_ipsec_vpn_service: GATEWAY_IPSEC_VPN_SERVICE
|
14
15
|
}
|
15
16
|
}
|
16
17
|
|
@@ -0,0 +1,97 @@
|
|
1
|
+
module Vcloud
|
2
|
+
module EdgeGateway
|
3
|
+
module Schema
|
4
|
+
|
5
|
+
VPN_LOCAL_PEER = {
|
6
|
+
type: Hash,
|
7
|
+
allowed_empty: false,
|
8
|
+
internals: {
|
9
|
+
id: {
|
10
|
+
type: 'string_or_number',
|
11
|
+
required: true,
|
12
|
+
allowed_empty: false,
|
13
|
+
},
|
14
|
+
name: {
|
15
|
+
type: 'string_or_number',
|
16
|
+
required: true,
|
17
|
+
allowed_empty: false,
|
18
|
+
}
|
19
|
+
}
|
20
|
+
}
|
21
|
+
|
22
|
+
VPN_SUBNETS = {
|
23
|
+
type: Hash,
|
24
|
+
allowed_empty: false,
|
25
|
+
internals: {
|
26
|
+
name: {
|
27
|
+
type: 'string_or_number',
|
28
|
+
required: true,
|
29
|
+
allowed_empty: false
|
30
|
+
},
|
31
|
+
gateway: {
|
32
|
+
type: 'ip_address_range',
|
33
|
+
required: true,
|
34
|
+
allowed_empty: false
|
35
|
+
},
|
36
|
+
netmask: {
|
37
|
+
type: 'ip_address_range',
|
38
|
+
required: true,
|
39
|
+
allowed_empty: false
|
40
|
+
}
|
41
|
+
}
|
42
|
+
}
|
43
|
+
|
44
|
+
VPN_RULE = {
|
45
|
+
type: Hash,
|
46
|
+
internals: {
|
47
|
+
enabled: {type: 'boolean', required: false},
|
48
|
+
name: {type: 'string_or_number', required: true},
|
49
|
+
description: {type: 'string_or_number', required: false},
|
50
|
+
ipsec_vpn_local_peer: {
|
51
|
+
type: Hash,
|
52
|
+
required: true,
|
53
|
+
allowed_empty: false,
|
54
|
+
each_element_is: VPN_LOCAL_PEER
|
55
|
+
},
|
56
|
+
local_id: {type: 'string', required: true, allowed_empty: false},
|
57
|
+
peer_id: {type: 'string', required: true, allowed_empty: false},
|
58
|
+
peer_ip_address: {type: 'ip_address_range', required: true},
|
59
|
+
local_ip_address: {type: 'ip_address_range', required: true, allowed_empty: false},
|
60
|
+
peer_subnets: {
|
61
|
+
type: Array,
|
62
|
+
required: true,
|
63
|
+
allowed_empty: false,
|
64
|
+
each_element_is: VPN_SUBNETS
|
65
|
+
},
|
66
|
+
shared_secret: {type: 'string', required: false, allowed_empty: true},
|
67
|
+
shared_secret_encrypted: {type: 'boolean', required: false},
|
68
|
+
encryption_protocol: {type: 'string', required: true, acceptable_values: 'AES'},
|
69
|
+
mtu: {type: 'string_or_number', required: true},
|
70
|
+
local_subnets: {
|
71
|
+
type: Array,
|
72
|
+
required: true,
|
73
|
+
allowed_empty: false,
|
74
|
+
each_element_is: VPN_SUBNETS
|
75
|
+
},
|
76
|
+
rule_type: {type: 'enum', required: true, acceptable_values: ['SNAT', 'DNAT'] }
|
77
|
+
}
|
78
|
+
}
|
79
|
+
|
80
|
+
GATEWAY_IPSEC_VPN_SERVICE = {
|
81
|
+
type: Hash,
|
82
|
+
allowed_empty: true,
|
83
|
+
required: false,
|
84
|
+
internals: {
|
85
|
+
enabled: {type: 'boolean', required: false},
|
86
|
+
tunnels: {
|
87
|
+
type: Array,
|
88
|
+
required: false,
|
89
|
+
allowed_empty: true,
|
90
|
+
each_element_is: VPN_RULE
|
91
|
+
}
|
92
|
+
}
|
93
|
+
}
|
94
|
+
|
95
|
+
end
|
96
|
+
end
|
97
|
+
end
|
data/lib/vcloud/edge_gateway.rb
CHANGED
@@ -3,6 +3,7 @@ require 'vcloud/edge_gateway/version'
|
|
3
3
|
require 'vcloud/core'
|
4
4
|
|
5
5
|
require 'vcloud/edge_gateway/schema/nat_service'
|
6
|
+
require 'vcloud/edge_gateway/schema/gateway_ipsec_vpn_service'
|
6
7
|
require 'vcloud/edge_gateway/schema/firewall_service'
|
7
8
|
require 'vcloud/edge_gateway/schema/load_balancer_service'
|
8
9
|
require 'vcloud/edge_gateway/schema/static_routing_service'
|
@@ -13,10 +14,12 @@ require 'vcloud/edge_gateway/configure'
|
|
13
14
|
require 'vcloud/edge_gateway/configuration_generator/id_ranges'
|
14
15
|
require 'vcloud/edge_gateway/configuration_generator/firewall_service'
|
15
16
|
require 'vcloud/edge_gateway/configuration_generator/nat_service'
|
17
|
+
require 'vcloud/edge_gateway/configuration_generator/gateway_ipsec_vpn_service'
|
16
18
|
require 'vcloud/edge_gateway/configuration_generator/load_balancer_service'
|
17
19
|
require 'vcloud/edge_gateway/configuration_generator/static_routing_service'
|
18
20
|
require 'vcloud/edge_gateway/configuration_differ'
|
19
21
|
require 'vcloud/edge_gateway/nat_configuration_differ'
|
22
|
+
require 'vcloud/edge_gateway/gateway_ipsec_vpn_configuration_differ'
|
20
23
|
require 'vcloud/edge_gateway/firewall_configuration_differ'
|
21
24
|
require 'vcloud/edge_gateway/load_balancer_configuration_differ'
|
22
25
|
require 'vcloud/edge_gateway/static_routing_configuration_differ'
|
data/rbenv_version.sh
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
export RBENV_VERSION="2.1.2"
|
@@ -46,6 +46,8 @@ module Vcloud
|
|
46
46
|
end
|
47
47
|
|
48
48
|
it "should only make one EdgeGateway update task, to minimise EdgeGateway reload events" do
|
49
|
+
pending("This test will fail until https://github.com/fog/fog/pull/3695 is merged and released by Fog")
|
50
|
+
|
49
51
|
last_task = IntegrationHelper.get_last_task(@test_params.edge_gateway)
|
50
52
|
diff = EdgeGateway::Configure.new(@initial_load_balancer_config_file, @vars_config_file).update
|
51
53
|
tasks_elapsed = IntegrationHelper.get_tasks_since(@test_params.edge_gateway, last_task)
|
@@ -56,18 +58,24 @@ module Vcloud
|
|
56
58
|
end
|
57
59
|
|
58
60
|
it "should have configured at least one LoadBancer Pool entry" do
|
61
|
+
pending("This test will fail until https://github.com/fog/fog/pull/3695 is merged and released by Fog")
|
62
|
+
|
59
63
|
edge_service_config = @edge_gateway.vcloud_attributes[:Configuration][:EdgeGatewayServiceConfiguration]
|
60
64
|
remote_vcloud_config = edge_service_config[:LoadBalancerService]
|
61
65
|
expect(remote_vcloud_config[:Pool].empty?).to be_false
|
62
66
|
end
|
63
67
|
|
64
68
|
it "should have configured at least one LoadBancer VirtualServer entry" do
|
69
|
+
pending("This test will fail until https://github.com/fog/fog/pull/3695 is merged and released by Fog")
|
70
|
+
|
65
71
|
edge_service_config = @edge_gateway.vcloud_attributes[:Configuration][:EdgeGatewayServiceConfiguration]
|
66
72
|
remote_vcloud_config = edge_service_config[:LoadBalancerService]
|
67
73
|
expect(remote_vcloud_config[:VirtualServer].empty?).to be_false
|
68
74
|
end
|
69
75
|
|
70
76
|
it "should have configured the same number of Pools as in our configuration" do
|
77
|
+
pending("This test will fail until https://github.com/fog/fog/pull/3695 is merged and released by Fog")
|
78
|
+
|
71
79
|
edge_service_config = @edge_gateway.vcloud_attributes[:Configuration][:EdgeGatewayServiceConfiguration]
|
72
80
|
remote_vcloud_config = edge_service_config[:LoadBalancerService]
|
73
81
|
expect(remote_vcloud_config[:Pool].size).
|
@@ -75,6 +83,8 @@ module Vcloud
|
|
75
83
|
end
|
76
84
|
|
77
85
|
it "should have configured the same number of VirtualServers as in our configuration" do
|
86
|
+
pending("This test will fail until https://github.com/fog/fog/pull/3695 is merged and released by Fog")
|
87
|
+
|
78
88
|
edge_service_config = @edge_gateway.vcloud_attributes[:Configuration][:EdgeGatewayServiceConfiguration]
|
79
89
|
remote_vcloud_config = edge_service_config[:LoadBalancerService]
|
80
90
|
expect(remote_vcloud_config[:VirtualServer].size).
|
@@ -82,6 +92,8 @@ module Vcloud
|
|
82
92
|
end
|
83
93
|
|
84
94
|
it "should not then configure the LoadBalancerService if updated again with the same configuration" do
|
95
|
+
pending("This test will fail until https://github.com/fog/fog/pull/3695 is merged and released by Fog")
|
96
|
+
|
85
97
|
expect(Vcloud::Core.logger).to receive(:info).
|
86
98
|
with('EdgeGateway::Configure.update: Configuration is already up to date. Skipping.')
|
87
99
|
diff = EdgeGateway::Configure.new(@initial_load_balancer_config_file, @vars_config_file).update
|
@@ -126,7 +138,7 @@ module Vcloud
|
|
126
138
|
config_file = IntegrationHelper.fixture_file('load_balancer_single_virtual_server_invalid_pool.yaml.mustache')
|
127
139
|
expect { EdgeGateway::Configure.new(config_file, @vars_config_file).update }.
|
128
140
|
to raise_error(
|
129
|
-
|
141
|
+
/Load balancer virtual server integration-test-vs-1 does not have a valid backing pool/
|
130
142
|
)
|
131
143
|
end
|
132
144
|
|
@@ -37,6 +37,8 @@ module Vcloud
|
|
37
37
|
end
|
38
38
|
|
39
39
|
it "should only create one edgeGateway update task when updating the configuration" do
|
40
|
+
pending("This test will fail until https://github.com/fog/fog/pull/3695 is merged and released by Fog")
|
41
|
+
|
40
42
|
last_task = IntegrationHelper.get_last_task(@test_params.edge_gateway)
|
41
43
|
diff = EdgeGateway::Configure.new(@initial_config_file, @vars_config_file).update
|
42
44
|
tasks_elapsed = IntegrationHelper.get_tasks_since(@test_params.edge_gateway, last_task)
|
@@ -48,6 +50,8 @@ module Vcloud
|
|
48
50
|
end
|
49
51
|
|
50
52
|
it "should now have nat and firewall rules configured, no load balancer yet" do
|
53
|
+
pending("This test will fail until https://github.com/fog/fog/pull/3695 is merged and released by Fog")
|
54
|
+
|
51
55
|
remote_vcloud_config = @edge_gateway.vcloud_attributes[:Configuration][:EdgeGatewayServiceConfiguration]
|
52
56
|
expect(remote_vcloud_config[:FirewallService][:FirewallRule].empty?).to be_false
|
53
57
|
expect(remote_vcloud_config[:NatService][:NatRule].empty?).to be_false
|
@@ -56,6 +60,8 @@ module Vcloud
|
|
56
60
|
end
|
57
61
|
|
58
62
|
it "should not update the EdgeGateway again if the config hasn't changed" do
|
63
|
+
pending("This test will fail until https://github.com/fog/fog/pull/3695 is merged and released by Fog")
|
64
|
+
|
59
65
|
last_task = IntegrationHelper.get_last_task(@test_params.edge_gateway)
|
60
66
|
diff = EdgeGateway::Configure.new(@initial_config_file, @vars_config_file).update
|
61
67
|
tasks_elapsed = IntegrationHelper.get_tasks_since(@test_params.edge_gateway, last_task)
|
@@ -65,6 +71,8 @@ module Vcloud
|
|
65
71
|
end
|
66
72
|
|
67
73
|
it "should only create one additional edgeGateway update task when adding the LoadBalancer config" do
|
74
|
+
pending("This test will fail until https://github.com/fog/fog/pull/3695 is merged and released by Fog")
|
75
|
+
|
68
76
|
last_task = IntegrationHelper.get_last_task(@test_params.edge_gateway)
|
69
77
|
diff = EdgeGateway::Configure.new(@adding_load_balancer_config_file, @vars_config_file).update
|
70
78
|
tasks_elapsed = IntegrationHelper.get_tasks_since(@test_params.edge_gateway, last_task)
|
@@ -75,6 +83,8 @@ module Vcloud
|
|
75
83
|
end
|
76
84
|
|
77
85
|
it "should not update the EdgeGateway again if we reapply the 'adding load balancer' config" do
|
86
|
+
pending("This test will fail until https://github.com/fog/fog/pull/3695 is merged and released by Fog")
|
87
|
+
|
78
88
|
last_task = IntegrationHelper.get_last_task(@test_params.edge_gateway)
|
79
89
|
diff = EdgeGateway::Configure.new(@adding_load_balancer_config_file, @vars_config_file).update
|
80
90
|
tasks_elapsed = IntegrationHelper.get_tasks_since(@test_params.edge_gateway, last_task)
|
@@ -48,6 +48,8 @@ module Vcloud
|
|
48
48
|
end
|
49
49
|
|
50
50
|
it "should only make one EdgeGateway update task, to minimise EdgeGateway reload events" do
|
51
|
+
pending("This test will fail until https://github.com/fog/fog/pull/3695 is merged and released by Fog")
|
52
|
+
|
51
53
|
last_task = IntegrationHelper.get_last_task(@test_params.edge_gateway)
|
52
54
|
diff = EdgeGateway::Configure.new(@initial_nat_config_file, @vars_config_file).update
|
53
55
|
tasks_elapsed = IntegrationHelper.get_tasks_since(@test_params.edge_gateway, last_task)
|
@@ -58,17 +60,23 @@ module Vcloud
|
|
58
60
|
end
|
59
61
|
|
60
62
|
it "should have configured at least one NAT rule" do
|
63
|
+
pending("This test will fail until https://github.com/fog/fog/pull/3695 is merged and released by Fog")
|
64
|
+
|
61
65
|
remote_vcloud_config = @edge_gateway.vcloud_attributes[:Configuration][:EdgeGatewayServiceConfiguration][:NatService]
|
62
66
|
expect(remote_vcloud_config[:NatRule].empty?).to be_false
|
63
67
|
end
|
64
68
|
|
65
69
|
it "should have configured the same number of nat rules as in our configuration" do
|
70
|
+
pending("This test will fail until https://github.com/fog/fog/pull/3695 is merged and released by Fog")
|
71
|
+
|
66
72
|
remote_vcloud_config = @edge_gateway.vcloud_attributes[:Configuration][:EdgeGatewayServiceConfiguration][:NatService]
|
67
73
|
expect(remote_vcloud_config[:NatRule].size).
|
68
74
|
to eq(@local_vcloud_config[:NatRule].size)
|
69
75
|
end
|
70
76
|
|
71
77
|
it "and then should not configure the firewall service if updated again with the same configuration (idempotency)" do
|
78
|
+
pending("This test will fail until https://github.com/fog/fog/pull/3695 is merged and released by Fog")
|
79
|
+
|
72
80
|
expect(Vcloud::Core.logger).to receive(:info).with('EdgeGateway::Configure.update: Configuration is already up to date. Skipping.')
|
73
81
|
diff = EdgeGateway::Configure.new(@initial_nat_config_file, @vars_config_file).update
|
74
82
|
|
@@ -83,6 +91,8 @@ module Vcloud
|
|
83
91
|
end
|
84
92
|
|
85
93
|
it "should configure DNAT rule" do
|
94
|
+
pending("This test will fail until https://github.com/fog/fog/pull/3695 is merged and released by Fog")
|
95
|
+
|
86
96
|
dnat_rule = @nat_service[:NatRule].first
|
87
97
|
expect(dnat_rule).not_to be_nil
|
88
98
|
expect(dnat_rule[:RuleType]).to eq('DNAT')
|
@@ -97,6 +107,8 @@ module Vcloud
|
|
97
107
|
end
|
98
108
|
|
99
109
|
it "should configure SNAT rule" do
|
110
|
+
pending("This test will fail until https://github.com/fog/fog/pull/3695 is merged and released by Fog")
|
111
|
+
|
100
112
|
snat_rule = @nat_service[:NatRule].last
|
101
113
|
expect(snat_rule).not_to be_nil
|
102
114
|
expect(snat_rule[:RuleType]).to eq('SNAT')
|
data/spec/spec_helper.rb
CHANGED
@@ -21,6 +21,7 @@ module Vcloud
|
|
21
21
|
@test_config = {
|
22
22
|
:gateway => @edge_gateway_id,
|
23
23
|
:nat_service => test_nat_config,
|
24
|
+
:gateway_ipsec_vpn_service => test_vpn_config,
|
24
25
|
:firewall_service => test_firewall_config,
|
25
26
|
:load_balancer_service => test_load_balancer_config,
|
26
27
|
:static_routing_service => test_static_routing_config
|
@@ -28,6 +29,7 @@ module Vcloud
|
|
28
29
|
@remote_config = {
|
29
30
|
:FirewallService => different_firewall_config,
|
30
31
|
:NatService => different_nat_config,
|
32
|
+
:GatewayIpsecVpnService => different_vpn_config,
|
31
33
|
:LoadBalancerService => different_load_balancer_config,
|
32
34
|
:StaticRoutingService => different_static_routing_config
|
33
35
|
}
|
@@ -51,11 +53,13 @@ module Vcloud
|
|
51
53
|
@test_config = {
|
52
54
|
:gateway => @edge_gateway_id,
|
53
55
|
:nat_service => test_nat_config,
|
56
|
+
:gateway_ipsec_vpn_service => test_vpn_config,
|
54
57
|
:firewall_service => test_firewall_config,
|
55
58
|
:load_balancer_service => test_load_balancer_config
|
56
59
|
}
|
57
60
|
@remote_config = {
|
58
61
|
:FirewallService => different_firewall_config,
|
62
|
+
:GatewayIpsecVpnService => different_vpn_config,
|
59
63
|
:NatService => different_nat_config,
|
60
64
|
:LoadBalancerService => different_load_balancer_config
|
61
65
|
}
|
@@ -80,6 +84,11 @@ module Vcloud
|
|
80
84
|
expect(proposed_nat_config).to eq(expected_nat_config)
|
81
85
|
end
|
82
86
|
|
87
|
+
it "proposed config contains vpn config in the form expected" do
|
88
|
+
proposed_vpn_config = @proposed_config.config[:GatewayIpsecVpnService]
|
89
|
+
expect(proposed_vpn_config).to eq(expected_vpn_config)
|
90
|
+
end
|
91
|
+
|
83
92
|
it "proposed config contains load balancer config in the form expected" do
|
84
93
|
proposed_load_balancer_config = @proposed_config.config[:LoadBalancerService]
|
85
94
|
expect(proposed_load_balancer_config).to eq(expected_load_balancer_config)
|
@@ -87,15 +96,16 @@ module Vcloud
|
|
87
96
|
|
88
97
|
it "proposed diff contains changes for all services" do
|
89
98
|
diff = @proposed_config.diff
|
90
|
-
expect(diff.keys).to eq([:FirewallService, :NatService, :LoadBalancerService])
|
91
|
-
expect(diff[:FirewallService]).to
|
92
|
-
expect(diff[:NatService]).to
|
93
|
-
expect(diff[:
|
99
|
+
expect(diff.keys).to eq([:FirewallService, :NatService, :GatewayIpsecVpnService, :LoadBalancerService])
|
100
|
+
expect(diff[:FirewallService]).to have_at_least(1).items
|
101
|
+
expect(diff[:NatService]).to have_at_least(1).items
|
102
|
+
expect(diff[:GatewayIpsecVpnService]).to have_at_least(1).items
|
103
|
+
expect(diff[:LoadBalancerService]).to have_at_least(1).items
|
94
104
|
end
|
95
105
|
|
96
106
|
end
|
97
107
|
|
98
|
-
context "firewall config has changed and nat has not, load_balancer absent" do
|
108
|
+
context "firewall config has changed and nat has not, load_balancer and VPN absent" do
|
99
109
|
|
100
110
|
before(:each) do
|
101
111
|
@test_config = {
|
@@ -139,15 +149,17 @@ module Vcloud
|
|
139
149
|
|
140
150
|
end
|
141
151
|
|
142
|
-
context "firewall config has changed and nat & load_balancer configs are absent" do
|
152
|
+
context "firewall and VPN config has changed and nat & load_balancer configs are absent" do
|
143
153
|
|
144
154
|
before(:each) do
|
145
155
|
@test_config = {
|
146
156
|
:gateway => @edge_gateway_id,
|
147
|
-
:firewall_service => test_firewall_config
|
157
|
+
:firewall_service => test_firewall_config,
|
158
|
+
:gateway_ipsec_vpn_service => test_vpn_config
|
148
159
|
}
|
149
160
|
@remote_config = {
|
150
161
|
:FirewallService => different_firewall_config,
|
162
|
+
:GatewayIpsecVpnService => different_vpn_config,
|
151
163
|
:NatService => same_nat_config,
|
152
164
|
:LoadBalancerService => same_load_balancer_config,
|
153
165
|
}
|
@@ -162,6 +174,11 @@ module Vcloud
|
|
162
174
|
expect(@proposed_config.update_required?).to be(true)
|
163
175
|
end
|
164
176
|
|
177
|
+
it "proposed config contains VPN config in the form expected" do
|
178
|
+
proposed_vpn_config = @proposed_config.config[:GatewayIpsecVpnService]
|
179
|
+
expect(proposed_vpn_config).to eq(expected_vpn_config)
|
180
|
+
end
|
181
|
+
|
165
182
|
it "proposed config contains firewall config in the form expected" do
|
166
183
|
proposed_firewall_config = @proposed_config.config[:FirewallService]
|
167
184
|
expect(proposed_firewall_config).to eq(expected_firewall_config)
|
@@ -175,9 +192,9 @@ module Vcloud
|
|
175
192
|
expect(@proposed_config.config.key?(:LoadBalancerService)).to be(false)
|
176
193
|
end
|
177
194
|
|
178
|
-
it "proposed diff contains changes for firewall service" do
|
195
|
+
it "proposed diff contains changes for firewall and VPN service" do
|
179
196
|
diff = @proposed_config.diff
|
180
|
-
expect(diff.keys).to eq([:FirewallService])
|
197
|
+
expect(diff.keys).to eq([:FirewallService, :GatewayIpsecVpnService])
|
181
198
|
expect(diff[:FirewallService]).to have_at_least(1).items
|
182
199
|
end
|
183
200
|
|
@@ -328,12 +345,14 @@ module Vcloud
|
|
328
345
|
@test_config = {
|
329
346
|
:gateway => @edge_gateway_id,
|
330
347
|
:nat_service => test_nat_config,
|
348
|
+
:gateway_ipsec_vpn_service => test_vpn_config,
|
331
349
|
:firewall_service => test_firewall_config,
|
332
350
|
:load_balancer_service => test_load_balancer_config,
|
333
351
|
}
|
334
352
|
@remote_config = {
|
335
353
|
:FirewallService => same_firewall_config,
|
336
354
|
:NatService => same_nat_config,
|
355
|
+
:GatewayIpsecVpnService => same_vpn_config,
|
337
356
|
:LoadBalancerService => same_load_balancer_config,
|
338
357
|
}
|
339
358
|
@proposed_config = EdgeGateway::EdgeGatewayConfiguration.new(
|
@@ -582,6 +601,10 @@ module Vcloud
|
|
582
601
|
expect(@proposed_config.config.key?(:NatService)).to be(false)
|
583
602
|
end
|
584
603
|
|
604
|
+
it "proposed config does not contain vpn config" do
|
605
|
+
expect(@proposed_config.config.key?(:GatewayIpsecVpnService)).to be(false)
|
606
|
+
end
|
607
|
+
|
585
608
|
it "proposed config does not contain firewall config" do
|
586
609
|
expect(@proposed_config.config.key?(:FirewallService)).to be(false)
|
587
610
|
end
|
@@ -594,6 +617,49 @@ module Vcloud
|
|
594
617
|
|
595
618
|
end
|
596
619
|
|
620
|
+
context "there is no remote GatewayIpsecVpnService config, but we are trying to update it" do
|
621
|
+
|
622
|
+
before(:each) do
|
623
|
+
@test_config = {
|
624
|
+
:gateway => @edge_gateway_id,
|
625
|
+
:gateway_ipsec_vpn_service => test_vpn_config,
|
626
|
+
}
|
627
|
+
@remote_config = {
|
628
|
+
:FirewallService => different_firewall_config,
|
629
|
+
:NatService => different_nat_config,
|
630
|
+
}
|
631
|
+
@proposed_config = EdgeGateway::EdgeGatewayConfiguration.new(
|
632
|
+
@test_config,
|
633
|
+
@remote_config,
|
634
|
+
@edge_gw_interface_list
|
635
|
+
)
|
636
|
+
end
|
637
|
+
|
638
|
+
it "requires update" do
|
639
|
+
expect(@proposed_config.update_required?).to be(true)
|
640
|
+
end
|
641
|
+
|
642
|
+
it "proposed config contains gateway_ipsec_vpn_service config in the form expected" do
|
643
|
+
proposed_vpn_config = @proposed_config.config[:GatewayIpsecVpnService]
|
644
|
+
expect(proposed_vpn_config).to eq(expected_vpn_config)
|
645
|
+
end
|
646
|
+
|
647
|
+
it "proposed config does not contain nat config" do
|
648
|
+
expect(@proposed_config.config.key?(:NatService)).to be(false)
|
649
|
+
end
|
650
|
+
|
651
|
+
it "proposed config does not contain firewall config" do
|
652
|
+
expect(@proposed_config.config.key?(:FirewallService)).to be(false)
|
653
|
+
end
|
654
|
+
|
655
|
+
it "proposed diff contains changes for VPN service" do
|
656
|
+
diff = @proposed_config.diff
|
657
|
+
expect(diff.keys).to eq([:GatewayIpsecVpnService])
|
658
|
+
expect(diff[:GatewayIpsecVpnService]).to have_at_least(1).items
|
659
|
+
end
|
660
|
+
|
661
|
+
end
|
662
|
+
|
597
663
|
def test_firewall_config
|
598
664
|
{
|
599
665
|
:policy => "drop",
|
@@ -630,6 +696,37 @@ module Vcloud
|
|
630
696
|
}
|
631
697
|
end
|
632
698
|
|
699
|
+
def test_vpn_config
|
700
|
+
{
|
701
|
+
:tunnels => [{
|
702
|
+
:enabled => 'true',
|
703
|
+
:name => 'foo',
|
704
|
+
:description => 'test tunnel',
|
705
|
+
:ipsec_vpn_local_peer => {
|
706
|
+
:id => "1223-123UDH-22222",
|
707
|
+
:name => "foobarbaz"
|
708
|
+
},
|
709
|
+
:peer_ip_address => "172.16.3.16",
|
710
|
+
:peer_id => "1223-123UDH-12321",
|
711
|
+
:local_ip_address => "172.16.10.2",
|
712
|
+
:local_id => "202UB-9602-UB629",
|
713
|
+
:peer_subnets => [{
|
714
|
+
:name => '192.168.0.0/18',
|
715
|
+
:gateway => '192.168.0.0',
|
716
|
+
:netmask => '255.255.192.0'
|
717
|
+
}],
|
718
|
+
:shared_secret => "shhh I'm secret",
|
719
|
+
:encryption_protocol => "AES",
|
720
|
+
:mtu => 1500,
|
721
|
+
:local_subnets => [{
|
722
|
+
:name => 'VDC Network',
|
723
|
+
:gateway => '192.168.90.254',
|
724
|
+
:netmask => '255.255.255.0'
|
725
|
+
}]
|
726
|
+
}]
|
727
|
+
}
|
728
|
+
end
|
729
|
+
|
633
730
|
|
634
731
|
def test_static_routing_config
|
635
732
|
{
|
@@ -720,6 +817,26 @@ module Vcloud
|
|
720
817
|
}
|
721
818
|
end
|
722
819
|
|
820
|
+
def different_vpn_config
|
821
|
+
{
|
822
|
+
:IsEnabled => 'true',
|
823
|
+
:Tunnel => [{
|
824
|
+
:Name => "foobarbaz",
|
825
|
+
:Description => "foobarbaz",
|
826
|
+
:IpsecVpnThirdPartyPeer => {
|
827
|
+
:PeerId => '172.16.3.17'
|
828
|
+
},
|
829
|
+
:Local_Id => '172.16.10.3',
|
830
|
+
:Peer_Id => '172.16.10.4',
|
831
|
+
:PeerIpAddress => '172.16.3.17',
|
832
|
+
:LocalIpAddress => '172.16.10.19',
|
833
|
+
:PeerSubnet => '255.0.0.0/16',
|
834
|
+
:LocalSubnet => '255.0.0/16',
|
835
|
+
:Mtu => '30000'
|
836
|
+
}]
|
837
|
+
}
|
838
|
+
end
|
839
|
+
|
723
840
|
def different_static_routing_config
|
724
841
|
{
|
725
842
|
:StaticRoutingService => [{
|
@@ -921,6 +1038,39 @@ module Vcloud
|
|
921
1038
|
}
|
922
1039
|
end
|
923
1040
|
|
1041
|
+
def same_vpn_config
|
1042
|
+
{
|
1043
|
+
:IsEnabled => 'true',
|
1044
|
+
:Tunnel => [{
|
1045
|
+
:Name => "foo",
|
1046
|
+
:Description => 'test tunnel',
|
1047
|
+
:IpsecVpnLocalPeer => {
|
1048
|
+
:Id => '1223-123UDH-22222',
|
1049
|
+
:Name => 'foobarbaz'
|
1050
|
+
},
|
1051
|
+
:PeerIpAddress => "172.16.3.16",
|
1052
|
+
:PeerId => "1223-123UDH-12321",
|
1053
|
+
:LocalIpAddress => "172.16.10.2",
|
1054
|
+
:LocalId => "202UB-9602-UB629",
|
1055
|
+
:PeerSubnet => [{
|
1056
|
+
:Name => "192.168.0.0/18",
|
1057
|
+
:Gateway => "192.168.0.0",
|
1058
|
+
:Netmask => "255.255.192.0",
|
1059
|
+
}],
|
1060
|
+
:SharedSecret => "shhh I'm secret",
|
1061
|
+
:EncryptionProtocol => "AES",
|
1062
|
+
:Mtu => 1500,
|
1063
|
+
:IsEnabled => 'true',
|
1064
|
+
:LocalSubnet => [{
|
1065
|
+
:Name => "VDC Network",
|
1066
|
+
:Gateway => "192.168.90.254",
|
1067
|
+
:Netmask => "255.255.255.0"
|
1068
|
+
}
|
1069
|
+
]
|
1070
|
+
}]
|
1071
|
+
}
|
1072
|
+
end
|
1073
|
+
|
924
1074
|
def same_load_balancer_config
|
925
1075
|
{
|
926
1076
|
:IsEnabled=>"true",
|
@@ -1107,6 +1257,38 @@ module Vcloud
|
|
1107
1257
|
}
|
1108
1258
|
end
|
1109
1259
|
|
1260
|
+
def expected_vpn_config
|
1261
|
+
{
|
1262
|
+
:IsEnabled => 'true',
|
1263
|
+
:Tunnel => [{
|
1264
|
+
:Name => "foo",
|
1265
|
+
:Description => 'test tunnel',
|
1266
|
+
:IpsecVpnLocalPeer => {
|
1267
|
+
:Id => '1223-123UDH-22222',
|
1268
|
+
:Name => 'foobarbaz'
|
1269
|
+
},
|
1270
|
+
:PeerIpAddress => "172.16.3.16",
|
1271
|
+
:PeerId => "1223-123UDH-12321",
|
1272
|
+
:LocalIpAddress => "172.16.10.2",
|
1273
|
+
:LocalId => "202UB-9602-UB629",
|
1274
|
+
:PeerSubnet => [{
|
1275
|
+
:Name => "192.168.0.0/18",
|
1276
|
+
:Gateway => "192.168.0.0",
|
1277
|
+
:Netmask => "255.255.192.0",
|
1278
|
+
}],
|
1279
|
+
:SharedSecret => "shhh I'm secret",
|
1280
|
+
:EncryptionProtocol => "AES",
|
1281
|
+
:Mtu => 1500,
|
1282
|
+
:IsEnabled => 'true',
|
1283
|
+
:LocalSubnet => [{
|
1284
|
+
:Name => "VDC Network",
|
1285
|
+
:Gateway => "192.168.90.254",
|
1286
|
+
:Netmask => "255.255.255.0"
|
1287
|
+
}]
|
1288
|
+
}]
|
1289
|
+
}
|
1290
|
+
end
|
1291
|
+
|
1110
1292
|
def expected_load_balancer_config
|
1111
1293
|
{
|
1112
1294
|
:IsEnabled=>"true",
|
@@ -0,0 +1,110 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
module Vcloud
|
4
|
+
describe "vpn service schema validation" do
|
5
|
+
context "validate vpn tunnel" do
|
6
|
+
it "validate ok if only mandatory fields are provided" do
|
7
|
+
vpn_tunnel = {
|
8
|
+
name: 'badger',
|
9
|
+
rule_type: 'DNAT',
|
10
|
+
ipsec_vpn_local_peer: {
|
11
|
+
id: '1223-123UDH-66666',
|
12
|
+
name: 'hamster'
|
13
|
+
},
|
14
|
+
local_id: '202UB-9602-UB630',
|
15
|
+
peer_id: '1223-123UDH-XXXXX',
|
16
|
+
peer_ip_address: '172.16.3.73',
|
17
|
+
local_ip_address: '10.10.0.1',
|
18
|
+
peer_subnets: [{
|
19
|
+
name: '192.168.0.0/21',
|
20
|
+
gateway: '192.168.0.0',
|
21
|
+
netmask: '255.0.0.0'
|
22
|
+
}],
|
23
|
+
encryption_protocol: 'AES',
|
24
|
+
mtu: 9800,
|
25
|
+
local_subnets: [{
|
26
|
+
name: 'expelliarmus',
|
27
|
+
gateway: '192.168.90.254',
|
28
|
+
netmask: '255.255.255.0'
|
29
|
+
}]
|
30
|
+
}
|
31
|
+
validator = Vcloud::Core::ConfigValidator.validate(:base, vpn_tunnel, Vcloud::EdgeGateway::Schema::VPN_RULE)
|
32
|
+
expect(validator.valid?).to be_true
|
33
|
+
expect(validator.errors).to be_empty
|
34
|
+
|
35
|
+
end
|
36
|
+
|
37
|
+
context "mandatory field validation" do
|
38
|
+
before(:each) do
|
39
|
+
@vpn_tunnel = {
|
40
|
+
name: 'badger',
|
41
|
+
rule_type: 'DNAT',
|
42
|
+
ipsec_vpn_local_peer: {
|
43
|
+
id: '1223-123UDH-66666',
|
44
|
+
name: 'hamster'
|
45
|
+
},
|
46
|
+
local_id: '202UB-9602-UB630',
|
47
|
+
peer_id: '1223-123UDH-XXXXX',
|
48
|
+
peer_ip_address: '172.16.3.73',
|
49
|
+
local_ip_address: '10.10.0.1',
|
50
|
+
peer_subnets: [{
|
51
|
+
name: '192.168.0.0/21',
|
52
|
+
gateway: '192.168.0.0',
|
53
|
+
netmask: '255.0.0.0'
|
54
|
+
}],
|
55
|
+
encryption_protocol: 'AES',
|
56
|
+
mtu: 9800,
|
57
|
+
local_subnets: [{
|
58
|
+
name: 'expelliarmus',
|
59
|
+
gateway: '192.168.90.254',
|
60
|
+
netmask: '255.255.255.0'
|
61
|
+
}]
|
62
|
+
}
|
63
|
+
end
|
64
|
+
mandatory_fields = [:name, :rule_type, :ipsec_vpn_local_peer, :local_id,
|
65
|
+
:peer_id, :peer_ip_address, :local_ip_address,
|
66
|
+
:peer_subnets, :encryption_protocol, :mtu, :local_subnets]
|
67
|
+
mandatory_fields.each do |mandatory_field|
|
68
|
+
it "should error since mandatory field #{mandatory_field} is missing" do
|
69
|
+
@vpn_tunnel.delete(mandatory_field)
|
70
|
+
validator = Vcloud::Core::ConfigValidator.validate(:base, @vpn_tunnel, Vcloud::EdgeGateway::Schema::VPN_RULE)
|
71
|
+
expect(validator.valid?).to be_false
|
72
|
+
expect(validator.errors).to eq(["base: missing '#{mandatory_field}' parameter"])
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
76
|
+
|
77
|
+
it "should accept optional fields: original_port, translated_port and protocol as input" do
|
78
|
+
vpn_tunnel = {
|
79
|
+
name: 'badger',
|
80
|
+
rule_type: 'DNAT',
|
81
|
+
ipsec_vpn_local_peer: {
|
82
|
+
id: '1223-123UDH-66666',
|
83
|
+
name: 'hamster'
|
84
|
+
},
|
85
|
+
local_id: '202UB-9602-UB630',
|
86
|
+
peer_id: '1223-123UDH-XXXXX',
|
87
|
+
peer_ip_address: '172.16.3.73',
|
88
|
+
local_ip_address: '10.10.0.1',
|
89
|
+
peer_subnets: [{
|
90
|
+
name: '192.168.0.0/21',
|
91
|
+
gateway: '192.168.0.0',
|
92
|
+
netmask: '255.0.0.0'
|
93
|
+
}],
|
94
|
+
encryption_protocol: 'AES',
|
95
|
+
mtu: 9800,
|
96
|
+
local_subnets: [{
|
97
|
+
name: 'expelliarmus',
|
98
|
+
gateway: '192.168.90.254',
|
99
|
+
netmask: '255.255.255.0'
|
100
|
+
}],
|
101
|
+
description: 'foobarbaz'
|
102
|
+
}
|
103
|
+
validator = Vcloud::Core::ConfigValidator.validate(:base, vpn_tunnel, Vcloud::EdgeGateway::Schema::VPN_RULE)
|
104
|
+
expect(validator.valid?).to be_true
|
105
|
+
expect(validator.errors).to be_empty
|
106
|
+
end
|
107
|
+
end
|
108
|
+
|
109
|
+
end
|
110
|
+
end
|
data/vcloud-edge_gateway.gemspec
CHANGED
@@ -21,7 +21,7 @@ Gem::Specification.new do |s|
|
|
21
21
|
|
22
22
|
s.required_ruby_version = '>= 1.9.3'
|
23
23
|
|
24
|
-
s.add_runtime_dependency 'vcloud-core', '~> 1.
|
24
|
+
s.add_runtime_dependency 'vcloud-core', '~> 1.1.0'
|
25
25
|
s.add_runtime_dependency 'hashdiff'
|
26
26
|
s.add_development_dependency 'pry'
|
27
27
|
s.add_development_dependency 'rake'
|
metadata
CHANGED
@@ -1,115 +1,141 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: vcloud-edge_gateway
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.5.
|
5
|
-
prerelease:
|
4
|
+
version: 1.5.2
|
6
5
|
platform: ruby
|
7
6
|
authors:
|
8
7
|
- Anna Shipman
|
9
8
|
autorequire:
|
10
9
|
bindir: bin
|
11
10
|
cert_chain: []
|
12
|
-
date: 2015-
|
11
|
+
date: 2015-09-21 00:00:00.000000000 Z
|
13
12
|
dependencies:
|
14
13
|
- !ruby/object:Gem::Dependency
|
15
14
|
name: vcloud-core
|
16
|
-
requirement:
|
17
|
-
none: false
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
18
16
|
requirements:
|
19
|
-
- - ~>
|
17
|
+
- - "~>"
|
20
18
|
- !ruby/object:Gem::Version
|
21
|
-
version: 1.
|
19
|
+
version: 1.1.0
|
22
20
|
type: :runtime
|
23
21
|
prerelease: false
|
24
|
-
version_requirements:
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: 1.1.0
|
25
27
|
- !ruby/object:Gem::Dependency
|
26
28
|
name: hashdiff
|
27
|
-
requirement:
|
28
|
-
none: false
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
29
30
|
requirements:
|
30
|
-
- -
|
31
|
+
- - ">="
|
31
32
|
- !ruby/object:Gem::Version
|
32
33
|
version: '0'
|
33
34
|
type: :runtime
|
34
35
|
prerelease: false
|
35
|
-
version_requirements:
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - ">="
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0'
|
36
41
|
- !ruby/object:Gem::Dependency
|
37
42
|
name: pry
|
38
|
-
requirement:
|
39
|
-
none: false
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
40
44
|
requirements:
|
41
|
-
- -
|
45
|
+
- - ">="
|
42
46
|
- !ruby/object:Gem::Version
|
43
47
|
version: '0'
|
44
48
|
type: :development
|
45
49
|
prerelease: false
|
46
|
-
version_requirements:
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - ">="
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '0'
|
47
55
|
- !ruby/object:Gem::Dependency
|
48
56
|
name: rake
|
49
|
-
requirement:
|
50
|
-
none: false
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
51
58
|
requirements:
|
52
|
-
- -
|
59
|
+
- - ">="
|
53
60
|
- !ruby/object:Gem::Version
|
54
61
|
version: '0'
|
55
62
|
type: :development
|
56
63
|
prerelease: false
|
57
|
-
version_requirements:
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ">="
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '0'
|
58
69
|
- !ruby/object:Gem::Dependency
|
59
70
|
name: rspec
|
60
|
-
requirement:
|
61
|
-
none: false
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
62
72
|
requirements:
|
63
|
-
- - ~>
|
73
|
+
- - "~>"
|
64
74
|
- !ruby/object:Gem::Version
|
65
75
|
version: 2.14.1
|
66
76
|
type: :development
|
67
77
|
prerelease: false
|
68
|
-
version_requirements:
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - "~>"
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: 2.14.1
|
69
83
|
- !ruby/object:Gem::Dependency
|
70
84
|
name: rubocop
|
71
|
-
requirement:
|
72
|
-
none: false
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
73
86
|
requirements:
|
74
|
-
- - ~>
|
87
|
+
- - "~>"
|
75
88
|
- !ruby/object:Gem::Version
|
76
89
|
version: 0.23.0
|
77
90
|
type: :development
|
78
91
|
prerelease: false
|
79
|
-
version_requirements:
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - "~>"
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: 0.23.0
|
80
97
|
- !ruby/object:Gem::Dependency
|
81
98
|
name: simplecov
|
82
|
-
requirement:
|
83
|
-
none: false
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
84
100
|
requirements:
|
85
|
-
- - ~>
|
101
|
+
- - "~>"
|
86
102
|
- !ruby/object:Gem::Version
|
87
103
|
version: 0.7.1
|
88
104
|
type: :development
|
89
105
|
prerelease: false
|
90
|
-
version_requirements:
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
107
|
+
requirements:
|
108
|
+
- - "~>"
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: 0.7.1
|
91
111
|
- !ruby/object:Gem::Dependency
|
92
112
|
name: gem_publisher
|
93
|
-
requirement:
|
94
|
-
none: false
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
95
114
|
requirements:
|
96
|
-
- - =
|
115
|
+
- - '='
|
97
116
|
- !ruby/object:Gem::Version
|
98
117
|
version: 1.2.0
|
99
118
|
type: :development
|
100
119
|
prerelease: false
|
101
|
-
version_requirements:
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
requirements:
|
122
|
+
- - '='
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: 1.2.0
|
102
125
|
- !ruby/object:Gem::Dependency
|
103
126
|
name: vcloud-tools-tester
|
104
|
-
requirement:
|
105
|
-
none: false
|
127
|
+
requirement: !ruby/object:Gem::Requirement
|
106
128
|
requirements:
|
107
|
-
- - ~>
|
129
|
+
- - "~>"
|
108
130
|
- !ruby/object:Gem::Version
|
109
131
|
version: 1.0.0
|
110
132
|
type: :development
|
111
133
|
prerelease: false
|
112
|
-
version_requirements:
|
134
|
+
version_requirements: !ruby/object:Gem::Requirement
|
135
|
+
requirements:
|
136
|
+
- - "~>"
|
137
|
+
- !ruby/object:Gem::Version
|
138
|
+
version: 1.0.0
|
113
139
|
description: Tool to configure a VMware vCloud Edge Gateway. Uses vcloud-core.
|
114
140
|
email:
|
115
141
|
- anna.shipman@digital.cabinet-office.gov.uk
|
@@ -119,8 +145,8 @@ executables:
|
|
119
145
|
extensions: []
|
120
146
|
extra_rdoc_files: []
|
121
147
|
files:
|
122
|
-
- .gitignore
|
123
|
-
- .travis.yml
|
148
|
+
- ".gitignore"
|
149
|
+
- ".travis.yml"
|
124
150
|
- CHANGELOG.md
|
125
151
|
- CONTRIBUTING.md
|
126
152
|
- Gemfile
|
@@ -136,12 +162,14 @@ files:
|
|
136
162
|
- examples/vcloud-configure-edge/template-nat-rules.yaml.mustache
|
137
163
|
- examples/vcloud-configure-edge/template-vars-env1.yaml
|
138
164
|
- examples/vcloud-configure-edge/template-vars-env2.yaml
|
165
|
+
- examples/vcloud-configure-edge/vpn-tunnels.yaml
|
139
166
|
- jenkins.sh
|
140
167
|
- jenkins_tests.sh
|
141
168
|
- lib/vcloud/edge_gateway.rb
|
142
169
|
- lib/vcloud/edge_gateway/cli.rb
|
143
170
|
- lib/vcloud/edge_gateway/configuration_differ.rb
|
144
171
|
- lib/vcloud/edge_gateway/configuration_generator/firewall_service.rb
|
172
|
+
- lib/vcloud/edge_gateway/configuration_generator/gateway_ipsec_vpn_service.rb
|
145
173
|
- lib/vcloud/edge_gateway/configuration_generator/id_ranges.rb
|
146
174
|
- lib/vcloud/edge_gateway/configuration_generator/load_balancer_service.rb
|
147
175
|
- lib/vcloud/edge_gateway/configuration_generator/nat_service.rb
|
@@ -149,15 +177,18 @@ files:
|
|
149
177
|
- lib/vcloud/edge_gateway/configure.rb
|
150
178
|
- lib/vcloud/edge_gateway/edge_gateway_configuration.rb
|
151
179
|
- lib/vcloud/edge_gateway/firewall_configuration_differ.rb
|
180
|
+
- lib/vcloud/edge_gateway/gateway_ipsec_vpn_configuration_differ.rb
|
152
181
|
- lib/vcloud/edge_gateway/load_balancer_configuration_differ.rb
|
153
182
|
- lib/vcloud/edge_gateway/nat_configuration_differ.rb
|
154
183
|
- lib/vcloud/edge_gateway/schema/edge_gateway.rb
|
155
184
|
- lib/vcloud/edge_gateway/schema/firewall_service.rb
|
185
|
+
- lib/vcloud/edge_gateway/schema/gateway_ipsec_vpn_service.rb
|
156
186
|
- lib/vcloud/edge_gateway/schema/load_balancer_service.rb
|
157
187
|
- lib/vcloud/edge_gateway/schema/nat_service.rb
|
158
188
|
- lib/vcloud/edge_gateway/schema/static_routing_service.rb
|
159
189
|
- lib/vcloud/edge_gateway/static_routing_configuration_differ.rb
|
160
190
|
- lib/vcloud/edge_gateway/version.rb
|
191
|
+
- rbenv_version.sh
|
161
192
|
- spec/integration/edge_gateway/configure_firewall_spec.rb
|
162
193
|
- spec/integration/edge_gateway/configure_load_balancer_spec.rb
|
163
194
|
- spec/integration/edge_gateway/configure_multiple_services_spec.rb
|
@@ -206,34 +237,31 @@ files:
|
|
206
237
|
- spec/vcloud/edge_gateway/nat_configuration_differ_spec.rb
|
207
238
|
- spec/vcloud/edge_gateway/nat_schema_validation_spec.rb
|
208
239
|
- spec/vcloud/edge_gateway/static_routing_schema_validation_spec.rb
|
240
|
+
- spec/vcloud/edge_gateway/vpn_schema_validation_spec.rb
|
209
241
|
- vcloud-edge_gateway.gemspec
|
210
242
|
homepage: http://github.com/gds-operations/vcloud-edge_gateway
|
211
243
|
licenses:
|
212
244
|
- MIT
|
245
|
+
metadata: {}
|
213
246
|
post_install_message:
|
214
247
|
rdoc_options: []
|
215
248
|
require_paths:
|
216
249
|
- lib
|
217
250
|
required_ruby_version: !ruby/object:Gem::Requirement
|
218
|
-
none: false
|
219
251
|
requirements:
|
220
|
-
- -
|
252
|
+
- - ">="
|
221
253
|
- !ruby/object:Gem::Version
|
222
254
|
version: 1.9.3
|
223
255
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
224
|
-
none: false
|
225
256
|
requirements:
|
226
|
-
- -
|
257
|
+
- - ">="
|
227
258
|
- !ruby/object:Gem::Version
|
228
259
|
version: '0'
|
229
|
-
segments:
|
230
|
-
- 0
|
231
|
-
hash: 3095233766048741
|
232
260
|
requirements: []
|
233
261
|
rubyforge_project:
|
234
|
-
rubygems_version:
|
262
|
+
rubygems_version: 2.2.2
|
235
263
|
signing_key:
|
236
|
-
specification_version:
|
264
|
+
specification_version: 4
|
237
265
|
summary: Tool to configure a VMware vCloud Edge Gateway
|
238
266
|
test_files:
|
239
267
|
- spec/integration/edge_gateway/configure_firewall_spec.rb
|
@@ -284,3 +312,4 @@ test_files:
|
|
284
312
|
- spec/vcloud/edge_gateway/nat_configuration_differ_spec.rb
|
285
313
|
- spec/vcloud/edge_gateway/nat_schema_validation_spec.rb
|
286
314
|
- spec/vcloud/edge_gateway/static_routing_schema_validation_spec.rb
|
315
|
+
- spec/vcloud/edge_gateway/vpn_schema_validation_spec.rb
|