Add Integration Tests for Security Groups

This commit adds some integration tests for security groups. Some tests remain ignored,
pending further implementation work.

It also adds an enum for security group rules protocol, and adds a missing 'description'
field to rules.

Author: twoseat

cloudfoundry-client-reactor/src/test/java/org/cloudfoundry/reactor/client/v2/securitygroups/ReactorSecurityGroupsTest.java

@@ -55,6 +55,10 @@
 import static io.netty.handler.codec.http.HttpResponseStatus.ACCEPTED;
 import static io.netty.handler.codec.http.HttpResponseStatus.NO_CONTENT;
 import static io.netty.handler.codec.http.HttpResponseStatus.OK;
+import static org.cloudfoundry.client.v2.securitygroups.Protocol.ALL;
+import static org.cloudfoundry.client.v2.securitygroups.Protocol.ICMP;
+import static org.cloudfoundry.client.v2.securitygroups.Protocol.TCP;
+import static org.cloudfoundry.client.v2.securitygroups.Protocol.UDP;
 
 public final class ReactorSecurityGroupsTest extends AbstractClientApiTest {
 
@@ -77,24 +81,24 @@ public void create() {
             .create(CreateSecurityGroupRequest.builder()
                 .name("my_super_sec_group")
                 .rule(RuleEntity.builder()
-                    .protocol("icmp")
+                    .protocol(ICMP)
                     .destination("0.0.0.0/0")
                     .type(0)
                     .code(1)
                     .build())
                 .rule(RuleEntity.builder()
-                    .protocol("tcp")
+                    .protocol(TCP)
                     .destination("0.0.0.0/0")
                     .ports("2048-3000")
                     .log(true)
                     .build())
                 .rule(RuleEntity.builder()
-                    .protocol("udp")
+                    .protocol(UDP)
                     .destination("0.0.0.0/0")
                     .ports("53, 5353")
                     .build())
                 .rule(RuleEntity.builder()
-                    .protocol("all")
+                    .protocol(ALL)
                     .destination("0.0.0.0/0")
                     .build())
                 .build())
@@ -108,24 +112,24 @@ public void create() {
                 .entity(SecurityGroupEntity.builder()
                     .name("my_super_sec_group")
                     .rule(RuleEntity.builder()
-                        .protocol("icmp")
+                        .protocol(ICMP)
                         .destination("0.0.0.0/0")
                         .type(0)
                         .code(1)
                         .build())
                     .rule(RuleEntity.builder()
-                        .protocol("tcp")
+                        .protocol(TCP)
                         .destination("0.0.0.0/0")
                         .ports("2048-3000")
                         .log(true)
                         .build())
                     .rule(RuleEntity.builder()
-                        .protocol("udp")
+                        .protocol(UDP)
                         .destination("0.0.0.0/0")
                         .ports("53, 5353")
                         .build())
                     .rule(RuleEntity.builder()
-                        .protocol("all")
+                        .protocol(ALL)
                         .destination("0.0.0.0/0")
                         .build())
                     .runningDefault(false)
@@ -286,7 +290,7 @@ public void list() {
                     .entity(SecurityGroupEntity.builder()
                         .name("name-67")
                         .rule(RuleEntity.builder()
-                            .protocol("udp")
+                            .protocol(UDP)
                             .ports("8080")
                             .destination("198.41.191.47/1")
                             .build())
@@ -304,7 +308,7 @@ public void list() {
                     .entity(SecurityGroupEntity.builder()
                         .name("name-68")
                         .rule(RuleEntity.builder()
-                            .protocol("udp")
+                            .protocol(UDP)
                             .ports("8080")
                             .destination("198.41.191.47/1")
                             .build())
@@ -322,7 +326,7 @@ public void list() {
                     .entity(SecurityGroupEntity.builder()
                         .name("name-69")
                         .rule(RuleEntity.builder()
-                            .protocol("udp")
+                            .protocol(UDP)
                             .ports("8080")
                             .destination("198.41.191.47/1")
                             .build())
@@ -366,7 +370,7 @@ public void listRunning() {
                         .rule(RuleEntity.builder()
                             .destination("198.41.191.47/1")
                             .ports("8080")
-                            .protocol("udp")
+                            .protocol(UDP)
                             .build())
                         .runningDefault(true)
                         .stagingDefault(false)
@@ -407,7 +411,7 @@ public void listStaging() {
                         .rule(RuleEntity.builder()
                             .destination("198.41.191.47/1")
                             .ports("8080")
-                            .protocol("udp")
+                            .protocol(UDP)
                             .build())
                         .runningDefault(false)
                         .stagingDefault(true)
@@ -447,7 +451,7 @@ public void setRunning() {
                     .rule(RuleEntity.builder()
                         .destination("198.41.191.47/1")
                         .ports("8080")
-                        .protocol("udp")
+                        .protocol(UDP)
                         .build())
                     .runningDefault(true)
                     .stagingDefault(false)
@@ -486,7 +490,7 @@ public void setStaging() {
                     .rule(RuleEntity.builder()
                         .destination("198.41.191.47/1")
                         .ports("8080")
-                        .protocol("udp")
+                        .protocol(UDP)
                         .build())
                     .runningDefault(false)
                     .stagingDefault(true)

cloudfoundry-client-reactor/src/test/java/org/cloudfoundry/reactor/client/v2/spaces/ReactorSpacesTest.java

@@ -122,6 +122,7 @@
 import static io.netty.handler.codec.http.HttpResponseStatus.ACCEPTED;
 import static io.netty.handler.codec.http.HttpResponseStatus.NO_CONTENT;
 import static io.netty.handler.codec.http.HttpResponseStatus.OK;
+import static org.cloudfoundry.client.v2.securitygroups.Protocol.UDP;
 import static org.cloudfoundry.client.v2.serviceinstances.ServiceInstance.builder;
 
 public final class ReactorSpacesTest extends AbstractClientApiTest {
@@ -1088,7 +1089,7 @@ public void listSecurityGroups() {
                         .rule(RuleEntity.builder()
                             .destination("198.41.191.47/1")
                             .ports("8080")
-                            .protocol("udp")
+                            .protocol(UDP)
                             .build())
                         .runningDefault(false)
                         .spacesUrl("/v2/security_groups/a3728437-fe41-42c1-875c-b59cffc7498c/spaces")

cloudfoundry-client/src/main/java/org/cloudfoundry/client/v2/securitygroups/Protocol.java

@@ -0,0 +1,78 @@
+/*
+ * Copyright 2013-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.cloudfoundry.client.v2.securitygroups;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonValue;
+
+/**
+ * The protocol of a {@link RuleEntity}
+ */
+public enum Protocol {
+
+    /**
+     * All protocols
+     */
+    ALL("all"),
+
+    /**
+     * ICMP protocol
+     */
+    ICMP("icmp"),
+
+    /**
+     * TCP protocol
+     */
+    TCP("tcp"),
+
+    /**
+     * UDP protocol
+     */
+    UDP("udp");
+
+    private final String value;
+
+    Protocol(String value) {
+        this.value = value;
+    }
+
+    @JsonCreator
+    public static Protocol from(String s) {
+        switch (s.toLowerCase()) {
+            case "all":
+                return ALL;
+            case "icmp":
+                return ICMP;
+            case "tcp":
+                return TCP;
+            case "udp":
+                return UDP;
+            default:
+                throw new IllegalArgumentException(String.format("Unknown protocol: %s", s));
+        }
+    }
+
+    @JsonValue
+    public String getValue() {
+        return this.value;
+    }
+
+    @Override
+    public String toString() {
+        return getValue();
+    }
+}

cloudfoundry-client/src/main/java/org/cloudfoundry/client/v2/securitygroups/_RuleEntity.java

@@ -29,12 +29,19 @@
 abstract class _RuleEntity {
 
     /**
-     * The control signal for icmp
+     * The code control signal for icmp
      */
     @JsonProperty("code")
     @Nullable
     abstract Integer getCode();
 
+    /**
+     * The description of the rule
+     */
+    @JsonProperty("description")
+    @Nullable
+    abstract String getDescription();
+
     /**
      * The destination
      */
@@ -61,10 +68,10 @@ abstract class _RuleEntity {
      */
     @JsonProperty("protocol")
     @Nullable
-    abstract String getProtocol();
+    abstract Protocol getProtocol();
 
     /**
-     * The control signal for icmp
+     * The type control signal for icmp
      */
     @JsonProperty("type")
     @Nullable

cloudfoundry-operations/src/main/java/org/cloudfoundry/operations/spaces/_Rule.java

@@ -16,6 +16,7 @@
 
 package org.cloudfoundry.operations.spaces;
 
+import org.cloudfoundry.client.v2.securitygroups.Protocol;
 import org.immutables.value.Value;
 
 @Value.Immutable
@@ -34,6 +35,6 @@ abstract class _Rule {
     /**
      * The protocol
      */
-    abstract String getProtocol();
+    abstract Protocol getProtocol();
 
 }

integration-test/src/test/java/org/cloudfoundry/CloudFoundryCleaner.java

@@ -36,6 +36,8 @@
 import org.cloudfoundry.client.v2.routes.DeleteRouteRequest;
 import org.cloudfoundry.client.v2.routes.ListRoutesRequest;
 import org.cloudfoundry.client.v2.routes.RouteEntity;
+import org.cloudfoundry.client.v2.securitygroups.DeleteSecurityGroupRequest;
+import org.cloudfoundry.client.v2.securitygroups.ListSecurityGroupsRequest;
 import org.cloudfoundry.client.v2.serviceinstances.DeleteServiceInstanceRequest;
 import org.cloudfoundry.client.v2.serviceinstances.ListServiceInstancesRequest;
 import org.cloudfoundry.client.v2.shareddomains.DeleteSharedDomainRequest;
@@ -112,6 +114,7 @@ void clean() {
             .thenMany(cleanApplicationsV2(this.cloudFoundryClient, this.nameFactory))
             .thenMany(cleanApplicationsV3(this.cloudFoundryClient, this.nameFactory))
             .thenMany(cleanPackages(this.cloudFoundryClient))
+            .thenMany(cleanSecurityGroups(this.cloudFoundryClient, this.nameFactory))
             .thenMany(cleanServiceInstances(this.cloudFoundryClient, this.nameFactory))
             .thenMany(cleanUserProvidedServiceInstances(this.cloudFoundryClient, this.nameFactory))
             .thenMany(cleanSharedDomains(this.cloudFoundryClient, this.nameFactory))
@@ -337,6 +340,21 @@ private static Flux<Void> cleanRoutes(CloudFoundryClient cloudFoundryClient, Nam
                 })));
     }
 
+    private static Flux<Void> cleanSecurityGroups(CloudFoundryClient cloudFoundryClient, NameFactory nameFactory) {
+        return PaginationUtils
+            .requestClientV2Resources(page -> cloudFoundryClient.securityGroups()
+                .list(ListSecurityGroupsRequest.builder()
+                    .page(page)
+                    .build()))
+            .filter(securityGroup -> nameFactory.isSecurityGroupName(ResourceUtils.getEntity(securityGroup).getName()))
+            .flatMap(securityGroup -> cloudFoundryClient.securityGroups()
+                .delete(DeleteSecurityGroupRequest.builder()
+                    .securityGroupId(ResourceUtils.getId(securityGroup))
+                    .build())
+                .doOnError(t -> LOGGER.error("Unable to delete security group {}", ResourceUtils.getEntity(securityGroup).getName(), t))
+            .then());
+    }
+
     private static Flux<Void> cleanServiceInstances(CloudFoundryClient cloudFoundryClient, NameFactory nameFactory) {
         return PaginationUtils
             .requestClientV2Resources(page -> cloudFoundryClient.serviceInstances()

integration-test/src/test/java/org/cloudfoundry/NameFactory.java

@@ -47,6 +47,8 @@ public interface NameFactory {
 
     String QUOTA_DEFINITION_PREFIX = "test-quota-definition-";
 
+    String SECURITY_GROUP_PREFIX = "test-security-group-";
+
     String SERVICE_INSTANCE_PREFIX = "test-service-instance-";
 
     String SPACE_PREFIX = "test-space-";
@@ -196,6 +198,15 @@ default String getQuotaDefinitionName() {
         return getName(QUOTA_DEFINITION_PREFIX);
     }
 
+    /**
+     * Creates a security group name
+     *
+     * @return the security group name
+     */
+    default String getSecurityGroupName() {
+        return getName(SECURITY_GROUP_PREFIX);
+    }
+
     /**
      * Creates a service instance name
      *
@@ -396,6 +407,16 @@ default boolean isQuotaDefinitionName(String candidate) {
         return isName(QUOTA_DEFINITION_PREFIX, candidate);
     }
 
+    /**
+     * Tests a name to determine if it is a security group name
+     *
+     * @param candidate the candidate name
+     * @return {@code true} if the name is a security group name, {@code false} otherwise
+     */
+    default boolean isSecurityGroupName(String candidate) {
+        return isName(SECURITY_GROUP_PREFIX, candidate);
+    }
+
     /**
      * Tests a name to determine if it is a service instance name
      *