vcloud-network-configurator 0.1.0

data/spec/component/load_balancer_spec.rb

@@ -0,0 +1,67 @@
+require 'spec_helper'
+require 'nokogiri'
+require 'equivalent-xml'
+require 'component/load_balancer'
+
+
+describe "load balancer" do
+  before :each do
+    @interfaces = {
+      "TestData" => "https://vendor-api-url.net/admin/network/1000"
+    }
+  end
+
+  it "should be able to generate XML that matches what we created directly through the control panel" do
+    load_balancer do
+      configure "Signonotron" do
+        pool ["172.16.0.2", "172.16.0.3"] do
+          http :enabled => false
+          https :health_check_port => 9401
+        end
+
+        virtual_server :name => "Signonotron public", :interface => "TestData", :ip => "200.11.99.71"
+        virtual_server :name => "Signonotron internal", :interface => "TestData", :ip => "172.16.1.1"
+      end
+
+      configure "Search" do
+        pool ["172.12.0.2", "172.12.0.3", "172.12.0.4"] do
+          http :health_check_port => 9509
+          https :health_check_port => 9409
+        end
+
+        virtual_server :name => "Search internal", :interface => "TestData", :ip => "172.12.1.3"
+      end
+
+      configure "Router" do
+        pool ["172.11.0.2", "172.11.0.3", "172.11.0.4"] do
+          http
+          https
+        end
+
+        virtual_server :name => "Router public", :interface => "TestData", :ip => "200.11.99.73"
+      end
+
+      configure "router-internal" do
+        pool ["172.11.0.2", "172.11.0.3", "172.11.0.4"] do
+          http :port => 8080, :health_check_path => "/router/management/status"
+          https :enabled => false
+        end
+
+        virtual_server :name => "Router internal", :interface => "TestData", :ip => "172.11.1.1"
+      end
+
+    end
+
+    Nokogiri::XML(Component::LoadBalancer.generate_xml(@interfaces).doc.root.to_s).should be_equivalent_to Nokogiri::XML(File.open("spec/component/lb.xml"))
+  end
+
+  it "should blow up if pool is not defined before virtual server" do
+    expect  { load_balancer do
+      configure "Signonotron" do
+        virtual_server :name => "Signonotron public", :interface => "TestData", :ip => "200.11.99.71"
+        virtual_server :name => "Signonotron internal", :interface => "TestData", :ip => "172.16.1.1"
+      end
+    end }.to raise_error
+  end
+end
+

data/spec/component/nat.xml

@@ -0,0 +1,146 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EdgeGatewayServiceConfiguration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.vmware.com/vcloud/v1.5" xsi:schemaLocation="http://www.vmware.com/vcloud/v1.5 http://vendor-api-url.net/v1.5/schema/master.xsd">
+  <NatService>
+    <IsEnabled>true</IsEnabled>
+    <NatRule>
+      <RuleType>SNAT</RuleType>
+      <IsEnabled>true</IsEnabled>
+      <Id>65538</Id>
+      <GatewayNatRule>
+        <Interface href="https://vendor-api-url.net/admin/network/1000" name="TestData" type="application/vnd.vmware.admin.network+xml"/>
+        <OriginalIp>172.10.0.0/8</OriginalIp>
+        <TranslatedIp>200.11.99.70</TranslatedIp>
+      </GatewayNatRule>
+    </NatRule>
+    <NatRule>
+      <RuleType>DNAT</RuleType>
+      <IsEnabled>true</IsEnabled>
+      <Id>65539</Id>
+      <GatewayNatRule>
+        <Interface href="https://vendor-api-url.net/admin/network/1000" name="TestData" type="application/vnd.vmware.admin.network+xml"/>
+        <OriginalIp>200.11.99.70</OriginalIp>
+        <OriginalPort>22</OriginalPort>
+        <TranslatedIp>172.10.0.100</TranslatedIp>
+        <TranslatedPort>22</TranslatedPort>
+        <Protocol>tcp</Protocol>
+      </GatewayNatRule>
+    </NatRule>
+    <NatRule>
+      <RuleType>DNAT</RuleType>
+      <IsEnabled>true</IsEnabled>
+      <Id>65540</Id>
+      <GatewayNatRule>
+        <Interface href="https://vendor-api-url.net/admin/network/1000" name="TestData" type="application/vnd.vmware.admin.network+xml"/>
+        <OriginalIp>200.11.99.72</OriginalIp>
+        <OriginalPort>443</OriginalPort>
+        <TranslatedIp>172.16.0.2</TranslatedIp>
+        <TranslatedPort>443</TranslatedPort>
+        <Protocol>tcp</Protocol>
+      </GatewayNatRule>
+    </NatRule>
+    <NatRule>
+      <RuleType>DNAT</RuleType>
+      <IsEnabled>true</IsEnabled>
+      <Id>65537</Id>
+      <GatewayNatRule>
+        <Interface href="https://vendor-api-url.net/admin/network/1000" name="TestData" type="application/vnd.vmware.admin.network+xml"/>
+        <OriginalIp>200.11.99.70</OriginalIp>
+        <OriginalPort>80</OriginalPort>
+        <TranslatedIp>172.10.0.3</TranslatedIp>
+        <TranslatedPort>80</TranslatedPort>
+        <Protocol>tcp</Protocol>
+      </GatewayNatRule>
+    </NatRule>
+    <NatRule>
+      <RuleType>DNAT</RuleType>
+      <IsEnabled>true</IsEnabled>
+      <Id>65542</Id>
+      <GatewayNatRule>
+        <Interface href="https://vendor-api-url.net/admin/network/1000" name="TestData" type="application/vnd.vmware.admin.network+xml"/>
+        <OriginalIp>200.11.99.70</OriginalIp>
+        <OriginalPort>1022</OriginalPort>
+        <TranslatedIp>172.10.0.200</TranslatedIp>
+        <TranslatedPort>22</TranslatedPort>
+        <Protocol>tcp</Protocol>
+      </GatewayNatRule>
+    </NatRule>
+    <NatRule>
+      <RuleType>DNAT</RuleType>
+      <IsEnabled>true</IsEnabled>
+      <Id>65543</Id>
+      <GatewayNatRule>
+        <Interface href="https://vendor-api-url.net/admin/network/1000" name="TestData" type="application/vnd.vmware.admin.network+xml"/>
+        <OriginalIp>200.11.99.74</OriginalIp>
+        <OriginalPort>443</OriginalPort>
+        <TranslatedIp>172.16.0.2</TranslatedIp>
+        <TranslatedPort>443</TranslatedPort>
+        <Protocol>tcp</Protocol>
+      </GatewayNatRule>
+    </NatRule>
+    <NatRule>
+      <RuleType>DNAT</RuleType>
+      <IsEnabled>true</IsEnabled>
+      <Id>65544</Id>
+      <GatewayNatRule>
+        <Interface href="https://vendor-api-url.net/admin/network/1000" name="TestData" type="application/vnd.vmware.admin.network+xml"/>
+        <OriginalIp>200.11.99.75</OriginalIp>
+        <OriginalPort>80</OriginalPort>
+        <TranslatedIp>172.10.0.20</TranslatedIp>
+        <TranslatedPort>80</TranslatedPort>
+        <Protocol>tcp</Protocol>
+      </GatewayNatRule>
+    </NatRule>
+    <NatRule>
+      <RuleType>DNAT</RuleType>
+      <IsEnabled>true</IsEnabled>
+      <Id>65545</Id>
+      <GatewayNatRule>
+        <Interface href="https://vendor-api-url.net/admin/network/1000" name="TestData" type="application/vnd.vmware.admin.network+xml"/>
+        <OriginalIp>200.11.99.76</OriginalIp>
+        <OriginalPort>80</OriginalPort>
+        <TranslatedIp>172.10.0.21</TranslatedIp>
+        <TranslatedPort>80</TranslatedPort>
+        <Protocol>tcp</Protocol>
+      </GatewayNatRule>
+    </NatRule>
+    <NatRule>
+      <RuleType>DNAT</RuleType>
+      <IsEnabled>true</IsEnabled>
+      <Id>65546</Id>
+      <GatewayNatRule>
+        <Interface href="https://vendor-api-url.net/admin/network/1000" name="TestData" type="application/vnd.vmware.admin.network+xml"/>
+        <OriginalIp>200.11.99.75</OriginalIp>
+        <OriginalPort>443</OriginalPort>
+        <TranslatedIp>172.16.0.2</TranslatedIp>
+        <TranslatedPort>443</TranslatedPort>
+        <Protocol>tcp</Protocol>
+      </GatewayNatRule>
+    </NatRule>
+    <NatRule>
+      <RuleType>DNAT</RuleType>
+      <IsEnabled>true</IsEnabled>
+      <Id>65547</Id>
+      <GatewayNatRule>
+        <Interface href="https://vendor-api-url.net/admin/network/1000" name="TestData" type="application/vnd.vmware.admin.network+xml"/>
+        <OriginalIp>200.11.99.76</OriginalIp>
+        <OriginalPort>443</OriginalPort>
+        <TranslatedIp>172.16.0.2</TranslatedIp>
+        <TranslatedPort>443</TranslatedPort>
+        <Protocol>tcp</Protocol>
+      </GatewayNatRule>
+    </NatRule>
+    <NatRule>
+      <RuleType>DNAT</RuleType>
+      <IsEnabled>true</IsEnabled>
+      <Id>65548</Id>
+      <GatewayNatRule>
+        <Interface href="https://vendor-api-url.net/admin/network/1000" name="TestData" type="application/vnd.vmware.admin.network+xml"/>
+        <OriginalIp>200.11.99.70</OriginalIp>
+        <OriginalPort>443</OriginalPort>
+        <TranslatedIp>172.16.5.0</TranslatedIp>
+        <TranslatedPort>443</TranslatedPort>
+        <Protocol>tcp</Protocol>
+      </GatewayNatRule>
+    </NatRule>
+  </NatService>
+</EdgeGatewayServiceConfiguration>

data/spec/component/nat_spec.rb

@@ -0,0 +1,28 @@
+require 'spec_helper'
+require 'nokogiri'
+require 'equivalent-xml'
+require 'component/nat'
+
+describe "nat" do
+
+  it "should be able to generate XML that matches what we created directly through the control panel" do
+    nat do
+      snat :interface => "TestData", :original => { :ip => "172.10.0.0/8" }, :translated => { :ip => "200.11.99.70" }, :id => 65538
+      dnat :interface => "TestData", :original => { :ip => "200.11.99.70", :port => 22 }, :translated => { :ip => "172.10.0.100", :port => 22 }, :id => 65539
+      dnat :interface => "TestData", :original => { :ip => "200.11.99.72", :port => 443 }, :translated => { :ip => "172.16.0.2", :port => 443 }, :id => 65540
+      dnat :interface => "TestData", :original => { :ip => "200.11.99.70", :port => 80 }, :translated => { :ip => "172.10.0.3", :port => 80 }, :id => 65537
+      dnat :interface => "TestData", :original => { :ip => "200.11.99.70", :port => 1022 }, :translated => { :ip => "172.10.0.200", :port => 22 }, :id => 65542
+      dnat :interface => "TestData", :original => { :ip => "200.11.99.74", :port => 443 }, :translated => { :ip => "172.16.0.2", :port => 443 }, :id => 65543
+      dnat :interface => "TestData", :original => { :ip => "200.11.99.75", :port => 80 }, :translated => { :ip => "172.10.0.20", :port => 80 }, :id => 65544
+      dnat :interface => "TestData", :original => { :ip => "200.11.99.76", :port => 80 }, :translated => { :ip => "172.10.0.21", :port => 80 }, :id => 65545
+      dnat :interface => "TestData", :original => { :ip => "200.11.99.75", :port => 443 }, :translated => { :ip => "172.16.0.2", :port => 443 }, :id => 65546
+      dnat :interface => "TestData", :original => { :ip => "200.11.99.76", :port => 443 }, :translated => { :ip => "172.16.0.2", :port => 443 }, :id => 65547
+      dnat :interface => "TestData", :original => { :ip => "200.11.99.70", :port => 443 }, :translated => { :ip => "172.16.5.0", :port => 443 }, :id => 65548
+    end
+
+    interfaces = {
+      "TestData" => "https://vendor-api-url.net/admin/network/1000"
+    }
+    Nokogiri::XML(Component::NAT.generate_xml(interfaces).doc.root.to_s).should be_equivalent_to Nokogiri::XML(File.open("spec/component/nat.xml"))
+  end
+end

data/spec/integration/authorization_failed_spec.rb

@@ -0,0 +1,26 @@
+require 'spec_helper'
+require 'vcloud_network_configurator'
+
+describe "happy path" do
+
+  before :each do
+    WebMock.disable_net_connect!
+    WebMock.reset!
+
+    session_url = "https://super%40preview:man@www.vcloud.eggplant.com/sessions"
+
+    stub_request(:post, session_url).
+      with(:headers => {'Accept'=>'application/*+xml;version=5.1', 'User-Agent'=>'Ruby'}).
+      to_return(:status => 401)
+  end
+
+  it "should abort on failure of authorization" do
+    args = ["-u", "super", "-p", "man", "-U", "123321", "-d",
+            "spec/integration/test_data/rules_dir", "-e", "preview",
+            "-c", "firewall", "https://www.vcloud.eggplant.com"]
+
+    configurator = VcloudNetworkConfigurator.new(args)
+    expect { configurator.execute }.to raise_error(SystemExit, "Could not authenticate user")
+  end
+
+end

data/spec/integration/happy_path_firewall_spec.rb

@@ -0,0 +1,74 @@
+require 'spec_helper'
+require 'vcloud_network_configurator'
+
+describe "happy path" do
+
+  before :each do
+    WebMock.disable_net_connect!
+    WebMock.reset!
+
+    session_url = "https://super%40preview:man@www.vcloud.eggplant.com/sessions"
+    edge_gateway_configure_url = "https://www.vcloud.eggplant.com/admin/edgeGateway/123321/action/configureServices"
+    task_url = "https://www.vcloud.eggplant.com/api/tasks/10"
+
+    stub_request(:post, session_url).
+      with(:headers => {'Accept'=>'application/*+xml;version=5.1', 'User-Agent'=>'Ruby'}).
+      to_return(:status => 200,
+                :body => File.read('spec/integration/test_data/happy_path_auth_response.xml'),
+                :headers => { 'x-vcloud-authorization' => '123321'})
+
+    stub_request(:post, edge_gateway_configure_url).
+      with(:body => configure_firewall_xml,
+           :headers => { 'Accept'=>'application/*+xml;version=5.1',
+                         'Content-Type'=>'application/vnd.vmware.admin.edgeGatewayServiceConfiguration+xml',
+                         'User-Agent'=>'Ruby',
+                         'X-Vcloud-Authorization'=>'123321' }).
+      to_return(:status => 202, :body => configure_task_xml)
+
+    stub_request(:get, task_url).
+      with(:headers => {'Accept'=>'application/*+xml;version=5.1', 'User-Agent'=>'Ruby', 'X-Vcloud-Authorization'=>'123321'}).
+      to_return(:status => 200, :body => configure_task_xml, :headers => {})
+  end
+
+  it "should configure edgegateway successfully" do
+    args = ["-u", "super", "-p", "man", "-U", "123321", "-d",
+            "spec/integration/test_data/rules_dir", "-e", "preview",
+            "-c", "firewall", "https://www.vcloud.eggplant.com"]
+
+    configurator = VcloudNetworkConfigurator.new(args)
+    configurator.execute.should be_true
+  end
+end
+
+def configure_task_xml
+%q{<Task href="https://www.vcloud.eggplant.com/api/tasks/10" status="success"></Task>}
+end
+
+def configure_firewall_xml
+  %q{<?xml version="1.0" encoding="UTF-8"?>
+<EdgeGatewayServiceConfiguration xmlns="http://www.vmware.com/vcloud/v1.5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.vmware.com/vcloud/v1.5 http://vendor-api-url.net/v1.5/schema/master.xsd">
+  <FirewallService>
+    <IsEnabled>true</IsEnabled>
+    <DefaultAction>drop</DefaultAction>
+    <LogDefaultAction>false</LogDefaultAction>
+    <FirewallRule>
+      <Id>1</Id>
+      <IsEnabled>true</IsEnabled>
+      <MatchOnTranslate>false</MatchOnTranslate>
+      <Description>allow all boxes to access peppers box on port 22</Description>
+      <Policy>allow</Policy>
+      <Protocols>
+        <Tcp>true</Tcp>
+      </Protocols>
+      <Port>22</Port>
+      <DestinationPortRange>22</DestinationPortRange>
+      <DestinationIp>172.11.0.1</DestinationIp>
+      <SourcePort>-1</SourcePort>
+      <SourcePortRange>Any</SourcePortRange>
+      <SourceIp>172.10.0.0/24</SourceIp>
+      <EnableLogging>false</EnableLogging>
+    </FirewallRule>
+  </FirewallService>
+</EdgeGatewayServiceConfiguration>
+}
+end

data/spec/integration/happy_path_loadbalancer_spec.rb

@@ -0,0 +1,173 @@
+require 'spec_helper'
+require 'vcloud_network_configurator'
+
+describe "happy path for lb configurations" do
+
+  before :each do
+    WebMock.disable_net_connect!
+    WebMock.reset!
+
+    session_url = "https://super%40preview:man@www.vcloud.eggplant.com/sessions"
+    edge_gateway_configure_url = "https://www.vcloud.eggplant.com/admin/edgeGateway/123321/action/configureServices"
+    task_url = "https://www.vcloud.eggplant.com/api/tasks/10"
+
+    stub_request(:post, session_url).
+      with(:headers => {'Accept'=>'application/*+xml;version=5.1', 'User-Agent'=>'Ruby'}).
+      to_return(:status => 200,
+                :body => File.read('spec/integration/test_data/happy_path_auth_response.xml'),
+                :headers => { 'x-vcloud-authorization' => '123321'})
+
+    stub_request(:post, edge_gateway_configure_url).
+      with(:body => configure_lb_xml,
+           :headers => { 'Accept'=>'application/*+xml;version=5.1',
+                         'Content-Type'=>'application/vnd.vmware.admin.edgeGatewayServiceConfiguration+xml',
+                         'User-Agent'=>'Ruby',
+                         'X-Vcloud-Authorization'=>'123321' }).
+      to_return(:status => 202, :body => configure_task_xml)
+
+    stub_request(:get, task_url).
+      with(:headers => {'Accept'=>'application/*+xml;version=5.1', 'User-Agent'=>'Ruby', 'X-Vcloud-Authorization'=>'123321'}).
+      to_return(:status => 200, :body => configure_task_xml, :headers => {})
+  end
+
+  it "should configure edgegateway successfully" do
+    args = ["-u", "super", "-p", "man", "-U", "123321", "-d",
+            "spec/integration/test_data/rules_dir", "-e", "preview",
+            "-c", "lb", "https://www.vcloud.eggplant.com"]
+
+    configurator = VcloudNetworkConfigurator.new(args)
+    configurator.execute.should be_true
+  end
+end
+
+def configure_task_xml
+%q{<Task href="https://www.vcloud.eggplant.com/api/tasks/10" status="success"></Task>}
+end
+
+def configure_lb_xml
+  %q{<?xml version="1.0" encoding="UTF-8"?>
+<EdgeGatewayServiceConfiguration xmlns="http://www.vmware.com/vcloud/v1.5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.vmware.com/vcloud/v1.5 http://vendor-api-url.net/v1.5/schema/master.xsd">
+  <LoadBalancerService>
+    <IsEnabled>false</IsEnabled>
+    <Pool>
+      <Name>Frontend pool</Name>
+      <ServicePort>
+        <IsEnabled>true</IsEnabled>
+        <Protocol>HTTP</Protocol>
+        <Algorithm>ROUND_ROBIN</Algorithm>
+        <Port>80</Port>
+        <HealthCheckPort/>
+        <HealthCheck>
+          <Mode>HTTP</Mode>
+          <Uri>/</Uri>
+          <HealthThreshold>2</HealthThreshold>
+          <UnhealthThreshold>3</UnhealthThreshold>
+          <Interval>5</Interval>
+          <Timeout>15</Timeout>
+        </HealthCheck>
+      </ServicePort>
+      <ServicePort>
+        <IsEnabled>true</IsEnabled>
+        <Protocol>HTTPS</Protocol>
+        <Algorithm>ROUND_ROBIN</Algorithm>
+        <Port>443</Port>
+        <HealthCheckPort/>
+        <HealthCheck>
+          <Mode>SSL</Mode>
+          <Uri>/</Uri>
+          <HealthThreshold>2</HealthThreshold>
+          <UnhealthThreshold>3</UnhealthThreshold>
+          <Interval>5</Interval>
+          <Timeout>15</Timeout>
+        </HealthCheck>
+      </ServicePort>
+      <ServicePort>
+        <IsEnabled>false</IsEnabled>
+        <Protocol>TCP</Protocol>
+        <Algorithm>ROUND_ROBIN</Algorithm>
+        <Port/>
+        <HealthCheckPort/>
+        <HealthCheck>
+          <Mode>TCP</Mode>
+          <HealthThreshold>2</HealthThreshold>
+          <UnhealthThreshold>3</UnhealthThreshold>
+          <Interval>5</Interval>
+          <Timeout>15</Timeout>
+        </HealthCheck>
+      </ServicePort>
+      <Member>
+        <IpAddress>20.2.0.1</IpAddress>
+        <Weight>1</Weight>
+        <ServicePort>
+          <Protocol>HTTP</Protocol>
+          <Port>80</Port>
+          <HealthCheckPort/>
+        </ServicePort>
+        <ServicePort>
+          <Protocol>HTTPS</Protocol>
+          <Port>443</Port>
+          <HealthCheckPort/>
+        </ServicePort>
+        <ServicePort>
+          <Protocol>TCP</Protocol>
+          <Port/>
+          <HealthCheckPort/>
+        </ServicePort>
+      </Member>
+      <Member>
+        <IpAddress>20.3.0.2</IpAddress>
+        <Weight>1</Weight>
+        <ServicePort>
+          <Protocol>HTTP</Protocol>
+          <Port>80</Port>
+          <HealthCheckPort/>
+        </ServicePort>
+        <ServicePort>
+          <Protocol>HTTPS</Protocol>
+          <Port>443</Port>
+          <HealthCheckPort/>
+        </ServicePort>
+        <ServicePort>
+          <Protocol>TCP</Protocol>
+          <Port/>
+          <HealthCheckPort/>
+        </ServicePort>
+      </Member>
+      <Operational>false</Operational>
+    </Pool>
+    <VirtualServer>
+      <IsEnabled>true</IsEnabled>
+      <Name>VDC-1</Name>
+      <Interface type="application/vnd.vmware.vcloud.orgVdcNetwork+xml" name="VDC-1" href="http://interface.vdc-1/19237"/>
+      <IpAddress>20.1.0.2</IpAddress>
+      <ServiceProfile>
+        <IsEnabled>true</IsEnabled>
+        <Protocol>HTTP</Protocol>
+        <Port>80</Port>
+        <Persistence>
+          <Method/>
+        </Persistence>
+      </ServiceProfile>
+      <ServiceProfile>
+        <IsEnabled>true</IsEnabled>
+        <Protocol>HTTPS</Protocol>
+        <Port>443</Port>
+        <Persistence>
+          <Method/>
+        </Persistence>
+      </ServiceProfile>
+      <ServiceProfile>
+        <IsEnabled>false</IsEnabled>
+        <Protocol>TCP</Protocol>
+        <Port/>
+        <Persistence>
+          <Method/>
+        </Persistence>
+      </ServiceProfile>
+      <Logging>false</Logging>
+      <Pool>Frontend pool</Pool>
+    </VirtualServer>
+  </LoadBalancerService>
+</EdgeGatewayServiceConfiguration>
+}
+end