From f0e9705f46518a010f17d29e779138aada0dfcdb Mon Sep 17 00:00:00 2001
From: "Ruben S. Montero" <rsmontero@opennebula.org>
Date: Tue, 23 Dec 2014 00:09:45 +0100
Subject: [PATCH] feature #3175: Fix minor bugs. Add simple test

---
 src/vnm_mad/remotes/lib/address.rb            |   2 +-
 src/vnm_mad/remotes/lib/security_groups.rb    |   2 +-
 .../remotes/lib/security_groups_iptables.rb   |   8 +-
 src/vnm_mad/remotes/test/sg_test_pre.rb       | 146 ++++++++++++++++++
 4 files changed, 154 insertions(+), 4 deletions(-)
 create mode 100755 src/vnm_mad/remotes/test/sg_test_pre.rb

diff --git a/src/vnm_mad/remotes/lib/address.rb b/src/vnm_mad/remotes/lib/address.rb
index f32838b7d4..c934126bf7 100644
--- a/src/vnm_mad/remotes/lib/address.rb
+++ b/src/vnm_mad/remotes/lib/address.rb
@@ -21,7 +21,7 @@ module VNMNetwork
     # This methods translates an address range to a set of IPv4 networks
     # in CIDR notation
     #   @param ip_start [String] First IP of the range in dot notation
-    #   @param size [String] The number of IPs in the range
+    #   @param size [Fixnum] The number of IPs in the range
     #
     #   @return [Array<String>] The networks in CIDR
     def self.to_nets(ip_start, size)
diff --git a/src/vnm_mad/remotes/lib/security_groups.rb b/src/vnm_mad/remotes/lib/security_groups.rb
index 494b2b1b46..e8e3b92539 100644
--- a/src/vnm_mad/remotes/lib/security_groups.rb
+++ b/src/vnm_mad/remotes/lib/security_groups.rb
@@ -100,7 +100,7 @@ module VNMNetwork
         def net
             return [] if @ip.nil? || @size.nil?
 
-            VNMNetwork::to_nets(@ip, @size)
+            VNMNetwork::to_nets(@ip, @size.to_i)
         end
 
         # Expand the ICMP type with associated codes if any 
diff --git a/src/vnm_mad/remotes/lib/security_groups_iptables.rb b/src/vnm_mad/remotes/lib/security_groups_iptables.rb
index c709eba104..7ad36e0282 100644
--- a/src/vnm_mad/remotes/lib/security_groups_iptables.rb
+++ b/src/vnm_mad/remotes/lib/security_groups_iptables.rb
@@ -111,7 +111,7 @@ module SGIPTables
         #   iptables -A one-3-0-i -m set --match-set one-3-0-1-i-nr src,dst -j RETURN
         #   ipset add -exist one-3-0-1-i-ni 10.0.0.0/24,icmp:8/0
         def process_net_icmp_type(cmds, vars)
-            if rule.rule_type == :inbound
+            if @rule_type == :inbound
                 chain = vars[:chain_in]
                 set = "#{vars[:set_sg_in]}-ni"
                 dir = "src,dst"
@@ -127,7 +127,7 @@ module SGIPTables
             net.each do |n|
                 icmp_type_expand.each do |type_code|
                     cmds.add :ipset, "add -exist #{set} #{n},icmp:#{type_code}"
-                end if rule.icmp_type_expand
+                end
             end
         end
     end
@@ -142,6 +142,10 @@ module SGIPTables
 
             @vars = SGIPTables.vars(@vm, @nic, @sg_id)
         end
+
+        def new_rule(rule)
+            RuleIPTables.new(rule)
+        end 
     end
 
     ############################################################################
diff --git a/src/vnm_mad/remotes/test/sg_test_pre.rb b/src/vnm_mad/remotes/test/sg_test_pre.rb
new file mode 100755
index 0000000000..49a0a73160
--- /dev/null
+++ b/src/vnm_mad/remotes/test/sg_test_pre.rb
@@ -0,0 +1,146 @@
+#!/usr/bin/env ruby
+
+# -------------------------------------------------------------------------- #
+# Copyright 2002-2014, OpenNebula Project (OpenNebula.org), C12G Labs        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License. You may obtain    #
+# a copy of the License at                                                   #
+#                                                                            #
+# http://www.apache.org/licenses/LICENSE-2.0                                 #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS,          #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+#--------------------------------------------------------------------------- #
+
+
+$: << File.dirname(__FILE__) + '/..'
+$: << File.dirname(__FILE__) + '/../lib'
+$: << File.dirname(__FILE__) + '/../../../mad/ruby'
+
+require 'vnmmad'
+
+module VNMMAD
+module VNMNetwork
+    class Nics < Array
+        def initialize(hypervisor)
+            @nicClass = NicTest
+        end
+    end
+
+    class NicTest < Hash
+        def initialize
+            super(nil)
+        end
+
+        def get_info(vm)
+        end
+
+        def get_tap(vm)
+            self[:tap] = "vnet0"
+            self
+        end
+    end
+
+    class Commands < Array
+        def run!
+            self.each{ |c| puts "#{c}"}
+            clear
+            return ""
+        end
+    end
+end
+end
+
+vm_xml=<<EOF
+<VM>
+  <ID>3</ID>
+  <TEMPLATE>
+    <NIC>
+      <AR_ID><![CDATA[0]]></AR_ID>
+      <BRIDGE><![CDATA[vbr0]]></BRIDGE>
+      <FILTER_IP_SPOOFING><![CDATA[YES]]></FILTER_IP_SPOOFING>
+      <FILTER_MAC_SPOOFING><![CDATA[YES]]></FILTER_MAC_SPOOFING>
+      <IP><![CDATA[10.0.0.7]]></IP>
+      <MAC><![CDATA[02:00:0a:00:00:07]]></MAC>
+      <NETWORK><![CDATA[test]]></NETWORK>
+      <NETWORK_ID><![CDATA[0]]></NETWORK_ID>
+      <NETWORK_UNAME><![CDATA[ruben]]></NETWORK_UNAME>
+      <NIC_ID><![CDATA[0]]></NIC_ID>
+      <SECURITY_GROUPS><![CDATA[100]]></SECURITY_GROUPS>
+      <VLAN><![CDATA[NO]]></VLAN>
+    </NIC>
+    <SECURITY_GROUP_RULE>
+      <PROTOCOL><![CDATA[TCP]]></PROTOCOL>
+      <RULE_TYPE><![CDATA[outbound]]></RULE_TYPE>
+      <SECURITY_GROUP_ID><![CDATA[100]]></SECURITY_GROUP_ID>
+      <SECURITY_GROUP_NAME><![CDATA[Test]]></SECURITY_GROUP_NAME>
+    </SECURITY_GROUP_RULE>
+    <SECURITY_GROUP_RULE>
+      <PROTOCOL><![CDATA[TCP]]></PROTOCOL>
+      <RANGE><![CDATA[80,22]]></RANGE>
+      <RULE_TYPE><![CDATA[inbound]]></RULE_TYPE>
+      <SECURITY_GROUP_ID><![CDATA[100]]></SECURITY_GROUP_ID>
+      <SECURITY_GROUP_NAME><![CDATA[Test]]></SECURITY_GROUP_NAME>
+    </SECURITY_GROUP_RULE>
+    <SECURITY_GROUP_RULE>
+      <ICMP_TYPE><![CDATA[8]]></ICMP_TYPE>
+      <PROTOCOL><![CDATA[ICMP]]></PROTOCOL>
+      <RULE_TYPE><![CDATA[inbound]]></RULE_TYPE>
+      <SECURITY_GROUP_ID><![CDATA[100]]></SECURITY_GROUP_ID>
+      <SECURITY_GROUP_NAME><![CDATA[Test]]></SECURITY_GROUP_NAME>
+    </SECURITY_GROUP_RULE>
+    <SECURITY_GROUP_RULE>
+      <AR_ID><![CDATA[0]]></AR_ID>
+      <ICMP_TYPE><![CDATA[0]]></ICMP_TYPE>
+      <IP><![CDATA[10.0.0.7]]></IP>
+      <MAC><![CDATA[02:00:0a:00:00:07]]></MAC>
+      <NETWORK_ID><![CDATA[0]]></NETWORK_ID>
+      <PROTOCOL><![CDATA[ICMP]]></PROTOCOL>
+      <RULE_TYPE><![CDATA[outbound]]></RULE_TYPE>
+      <SECURITY_GROUP_ID><![CDATA[100]]></SECURITY_GROUP_ID>
+      <SECURITY_GROUP_NAME><![CDATA[Test]]></SECURITY_GROUP_NAME>
+      <SIZE><![CDATA[27]]></SIZE>
+      <TYPE><![CDATA[IP4]]></TYPE>
+    </SECURITY_GROUP_RULE>
+    <SECURITY_GROUP_RULE>
+      <IP><![CDATA[192.168.10.3]]></IP>
+      <PROTOCOL><![CDATA[TCP]]></PROTOCOL>
+      <RANGE><![CDATA[80:100,22]]></RANGE>
+      <RULE_TYPE><![CDATA[inbound]]></RULE_TYPE>
+      <SECURITY_GROUP_ID><![CDATA[100]]></SECURITY_GROUP_ID>
+      <SECURITY_GROUP_NAME><![CDATA[Test]]></SECURITY_GROUP_NAME>
+      <SIZE><![CDATA[23]]></SIZE>
+    </SECURITY_GROUP_RULE>
+    <SECURITY_GROUP_RULE>
+      <AR_ID><![CDATA[0]]></AR_ID>
+      <ICMP_TYPE><![CDATA[3]]></ICMP_TYPE>
+      <IP><![CDATA[10.0.0.7]]></IP>
+      <MAC><![CDATA[02:00:0a:00:00:07]]></MAC>
+      <NETWORK_ID><![CDATA[0]]></NETWORK_ID>
+      <PROTOCOL><![CDATA[ICMP]]></PROTOCOL>
+      <RULE_TYPE><![CDATA[outbound]]></RULE_TYPE>
+      <SECURITY_GROUP_ID><![CDATA[100]]></SECURITY_GROUP_ID>
+      <SECURITY_GROUP_NAME><![CDATA[Test]]></SECURITY_GROUP_NAME>
+      <SIZE><![CDATA[27]]></SIZE>
+      <TYPE><![CDATA[IP4]]></TYPE>
+    </SECURITY_GROUP_RULE>
+    <SECURITY_GROUP_RULE>
+      <IP><![CDATA[172.168.0.0]]></IP>
+      <PROTOCOL><![CDATA[UDP]]></PROTOCOL>
+      <RULE_TYPE><![CDATA[outbound]]></RULE_TYPE>
+      <SECURITY_GROUP_ID><![CDATA[100]]></SECURITY_GROUP_ID>
+      <SECURITY_GROUP_NAME><![CDATA[Test]]></SECURITY_GROUP_NAME>
+      <SIZE><![CDATA[255]]></SIZE>
+    </SECURITY_GROUP_RULE>
+    <TEMPLATE_ID><![CDATA[0]]></TEMPLATE_ID>
+    <VMID><![CDATA[0]]></VMID>
+  </TEMPLATE>
+</VM>
+EOF
+
+one_sg = VNMMAD::OpenNebulaSG.new(vm_xml, "one-0", "test")
+one_sg.activate
\ No newline at end of file