diff --git a/cats_suite_helpers/cats_suite_helpers.go b/cats_suite_helpers/cats_suite_helpers.go index dee5bd993..333495e0e 100644 --- a/cats_suite_helpers/cats_suite_helpers.go +++ b/cats_suite_helpers/cats_suite_helpers.go @@ -438,6 +438,17 @@ func VolumeServicesDescribe(description string, callback func()) bool { }) } +func IPv6SecurityGroupsDescribe(description string, callback func()) bool { + return Describe("[ipv6 security groups]", func() { + BeforeEach(func() { + if !Config.GetIncludeIPv6() { + Skip(skip_messages.SkipIPv6) + } + }) + Describe(description, callback) + }) +} + func GetNServerResponses(n int, domainName, externalPort1 string) ([]string, error) { var responses []string diff --git a/security_groups/ipv6_security_groups.go b/security_groups/ipv6_security_groups.go new file mode 100644 index 000000000..4ba3e628b --- /dev/null +++ b/security_groups/ipv6_security_groups.go @@ -0,0 +1,91 @@ +package security_groups_test + +import ( + "net" + "strings" + + . "github.com/cloudfoundry/cf-acceptance-tests/cats_suite_helpers" + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + . "github.com/onsi/gomega/gexec" + + "github.com/cloudfoundry/cf-acceptance-tests/helpers/app_helpers" + "github.com/cloudfoundry/cf-acceptance-tests/helpers/assets" + "github.com/cloudfoundry/cf-acceptance-tests/helpers/random_name" + "github.com/cloudfoundry/cf-test-helpers/v2/cf" + "github.com/cloudfoundry/cf-test-helpers/v2/helpers" +) + +var _ = IPv6SecurityGroupsDescribe("IPv6 Security Group", func() { + var ( + appName string + securityGroupName string + orgName string + spaceName string + ) + + BeforeEach(func() { + appName = random_name.CATSRandomName("APP-IPv6") + orgName = TestSetup.RegularUserContext().Org + spaceName = TestSetup.RegularUserContext().Space + securityGroupName = "ipv6_public_networks" + + By("pushing simple python app") + Expect(cf.Cf( + "push", appName, + "-p", assets.NewAssets().Python, + "-m", DEFAULT_MEMORY_LIMIT, + ).Wait(Config.CfPushTimeoutDuration())).To(Exit(0)) + }) + + AfterEach(func() { + app_helpers.AppReport(appName) + Expect(cf.Cf("delete", appName, "-f", "-r").Wait()).To(Exit(0)) + }) + + assertAppCanConnect := func() { + response := helpers.CurlAppWithStatusCode(Config, appName, "/ipv6-test") + responseParts := strings.Split(response, "\n") + ipAddress := responseParts[0] + statusCode := responseParts[1] + + parsedIP := net.ParseIP(ipAddress) + Expect(parsedIP).NotTo(BeNil(), "Expected a valid IP address") + Expect(statusCode).To(Equal("200")) + } + + assertAppCanNotConnect := func() { + response := helpers.CurlAppWithStatusCode(Config, appName, "/ipv6-test") + responseParts := strings.Split(response, "\n") + bodyResponce := responseParts[0] + statusCode := responseParts[1] + + Expect(bodyResponce).To(ContainSubstring("Connection refused")) + Expect(statusCode).To(Equal("500")) + } + + Describe("Default IPv6 security groups are working", func() { + It("validates IPv6 with security groups enabled", func() { + assertAppCanConnect() + }) + + It("unbinds the wide-open security group", func() { + By("unbinding the wide-open security group") + unbindSecurityGroup(securityGroupName, orgName, spaceName) + }) + + It("validates IPv6 with security groups disabled", func() { + assertAppCanNotConnect() + }) + + It("binds the wide-open security group", func() { + By("binding the wide-open security group") + bindSecurityGroup(securityGroupName, orgName, spaceName) + }) + + It("validates IPv6 with security groups enabled", func() { + assertAppCanConnect() + }) + + }) +})