Merge pull request #81 from tzumainn/security-group-subcollection

Add security group subcollection to providers, cloud tenants, and vms
ManageIQ · Oct 5, 2017 · c25a180 · c25a180
2 parents a7084be + fed2730
commit c25a180
Show file tree

Hide file tree

Showing 8 changed files with 182 additions and 0 deletions.
diff --git a/app/controllers/api/cloud_tenants_controller.rb b/app/controllers/api/cloud_tenants_controller.rb
@@ -1,4 +1,5 @@
 module Api
   class CloudTenantsController < BaseController
+    include Subcollections::SecurityGroups
   end
 end
diff --git a/app/controllers/api/providers_controller.rb b/app/controllers/api/providers_controller.rb
@@ -17,6 +17,7 @@ class ProvidersController < BaseController
     include Subcollections::CloudTenants
     include Subcollections::CustomAttributes
     include Subcollections::LoadBalancers
+    include Subcollections::SecurityGroups
     include Subcollections::Vms
 
     def create_resource(type, _id, data = {})

diff --git a/app/controllers/api/subcollections/security_groups.rb b/app/controllers/api/subcollections/security_groups.rb
@@ -0,0 +1,9 @@
+module Api
+  module Subcollections
+    module SecurityGroups
+      def security_groups_query_resource(object)
+        object.respond_to?(:security_groups) ? object.security_groups : []
+      end
+    end
+  end
+end
diff --git a/app/controllers/api/vms_controller.rb b/app/controllers/api/vms_controller.rb
@@ -5,6 +5,7 @@ class VmsController < BaseController
     include Subcollections::PolicyProfiles
     include Subcollections::Accounts
     include Subcollections::CustomAttributes
+    include Subcollections::SecurityGroups
     include Subcollections::Software
     include Subcollections::Snapshots
     include Subcollections::MetricRollups

diff --git a/config/api.yml b/config/api.yml
@@ -494,6 +494,8 @@
     - :subcollection
     :verbs: *gp
     :klass: CloudTenant
+    :subcollections:
+    - :security_groups
     :collection_actions:
       :get:
       - :name: read
@@ -1650,6 +1652,7 @@
     - :cloud_tenants
     - :custom_attributes
     - :load_balancers
+    - :security_groups
     - :vms
     :collection_actions:
       :get:
@@ -2072,6 +2075,14 @@
       :get:
       - :name: read
         :identifier: security_group_show
+    :subcollection_actions:
+      :get:
+      - :name: read
+        :identifier: security_group_show_list
+    :subresource_actions:
+      :get:
+      - :name: read
+        :identifier: security_group_show
   :servers:
     :description: EVM Servers
     :options:
@@ -2707,6 +2718,7 @@
     - :policy_profiles
     - :accounts
     - :custom_attributes
+    - :security_groups
     - :software
     - :snapshots
     - :metric_rollups

diff --git a/spec/requests/cloud_tenants_spec.rb b/spec/requests/cloud_tenants_spec.rb
@@ -46,4 +46,51 @@
       expect(response).to have_http_status(:forbidden)
     end
   end
+
+  context 'security groups subcollection' do
+    before do
+      @cloud_tenant = FactoryGirl.create(:cloud_tenant)
+      @security_group = FactoryGirl.create(:security_group, :cloud_tenant => @cloud_tenant)
+    end
+
+    it 'queries all security groups from a cloud tenant' do
+      api_basic_authorize subcollection_action_identifier(:cloud_tenants, :security_groups, :read, :get)
+
+      get(api_cloud_tenant_security_groups_url(nil, @cloud_tenant))
+
+      expected = {
+        'resources' => [
+          { 'href' => api_cloud_tenant_security_group_url(nil, @cloud_tenant, @security_group) }
+        ]
+
+      }
+      expect(response).to have_http_status(:ok)
+      expect(response.parsed_body).to include(expected)
+    end
+
+    it "will not show a cloud tenant's security groups without the appropriate role" do
+      api_basic_authorize
+
+      get(api_cloud_tenant_security_groups_url(nil, @cloud_tenant))
+
+      expect(response).to have_http_status(:forbidden)
+    end
+
+    it 'queries a single security group' do
+      api_basic_authorize action_identifier(:security_groups, :read, :subresource_actions, :get)
+
+      get(api_cloud_tenant_security_group_url(nil, @cloud_tenant, @security_group))
+
+      expect(response).to have_http_status(:ok)
+      expect(response.parsed_body).to include('id' => @security_group.id.to_s)
+    end
+
+    it "will not show a cloud tenant's security group without the appropriate role" do
+      api_basic_authorize
+
+      get(api_cloud_tenant_security_group_url(nil, @cloud_tenant, @security_group))
+
+      expect(response).to have_http_status(:forbidden)
+    end
+  end
 end
diff --git a/spec/requests/providers_spec.rb b/spec/requests/providers_spec.rb
@@ -1122,6 +1122,67 @@ def gen_import_request
     end
   end
 
+  context 'security groups subcollection' do
+    before do
+      @provider = FactoryGirl.create(:ems_openstack).network_manager
+      @infra_provider = FactoryGirl.create(:ems_openstack_infra)
+      @security_group = FactoryGirl.create(:security_group, :ext_management_system => @provider)
+    end
+
+    it 'queries all security groups from a provider that responds to security_groups' do
+      api_basic_authorize subcollection_action_identifier(:providers, :security_groups, :read, :get)
+
+      get(api_provider_security_groups_url(nil, @provider))
+
+      expected = {
+        'resources' => [
+          { 'href' => api_provider_security_group_url(nil, @provider, @security_group) }
+        ]
+
+      }
+      expect(response).to have_http_status(:ok)
+      expect(response.parsed_body).to include(expected)
+    end
+
+    it 'does not error when querying a provider that does not respond to security_groups' do
+      api_basic_authorize subcollection_action_identifier(:providers, :security_groups, :read, :get)
+
+      get(api_provider_security_groups_url(nil, @infra_provider))
+
+      expected = {
+        'resources' => []
+
+      }
+      expect(response).to have_http_status(:ok)
+      expect(response.parsed_body).to include(expected)
+    end
+
+    it "will not show a provider's security groups without the appropriate role" do
+      api_basic_authorize
+
+      get(api_provider_security_groups_url(nil, @provider))
+
+      expect(response).to have_http_status(:forbidden)
+    end
+
+    it 'queries a single security group' do
+      api_basic_authorize action_identifier(:security_groups, :read, :subresource_actions, :get)
+
+      get(api_provider_security_group_url(nil, @provider, @security_group))
+
+      expect(response).to have_http_status(:ok)
+      expect(response.parsed_body).to include('id' => @security_group.id.to_s)
+    end
+
+    it "will not show a provider's security group without the appropriate role" do
+      api_basic_authorize
+
+      get(api_provider_security_group_url(nil, @provider, @security_group))
+
+      expect(response).to have_http_status(:forbidden)
+    end
+  end
+
   describe 'edit custom_attributes on providers' do
     context 'provider_class=provider' do
       let(:generic_provider) { FactoryGirl.create(:provider) }

diff --git a/spec/requests/vms_spec.rb b/spec/requests/vms_spec.rb
@@ -1642,4 +1642,54 @@ def update_raw_power_state(state, *vms)
       expect(response).to have_http_status(:forbidden)
     end
   end
+
+  context 'security groups subcollection' do
+    before do
+      @network_port = FactoryGirl.create(:network_port, :device => vm_openstack)
+      @security_group = FactoryGirl.create(:security_group, :cloud_tenant => @cloud_tenant)
+      @network_port_security_group = FactoryGirl.create(:network_port_security_group,
+                                                        :network_port   => @network_port,
+                                                        :security_group => @security_group)
+    end
+
+    it 'queries all security groups from a vm' do
+      api_basic_authorize subcollection_action_identifier(:vms, :security_groups, :read, :get)
+
+      get(api_vm_security_groups_url(nil, vm_openstack))
+
+      expected = {
+        'resources' => [
+          { 'href' => api_vm_security_group_url(nil, vm_openstack, @security_group) }
+        ]
+
+      }
+      expect(response).to have_http_status(:ok)
+      expect(response.parsed_body).to include(expected)
+    end
+
+    it "will not show a vm's security groups without the appropriate role" do
+      api_basic_authorize
+
+      get(api_vm_security_groups_url(nil, vm_openstack))
+
+      expect(response).to have_http_status(:forbidden)
+    end
+
+    it 'queries a single security group' do
+      api_basic_authorize action_identifier(:security_groups, :read, :subresource_actions, :get)
+
+      get(api_vm_security_group_url(nil, vm_openstack, @security_group))
+
+      expect(response).to have_http_status(:ok)
+      expect(response.parsed_body).to include('id' => @security_group.id.to_s)
+    end
+
+    it "will not show a vm's security group without the appropriate role" do
+      api_basic_authorize
+
+      get(api_vm_security_group_url(nil, vm_openstack, @security_group))
+
+      expect(response).to have_http_status(:forbidden)
+    end
+  end
 end