cloudfoundry
diff --git a/‎src/code.cloudfoundry.org/policy-server/cc_client/client.go‎
Lines changed: 79 additions & 0 deletions b/‎src/code.cloudfoundry.org/policy-server/cc_client/client.go‎
Lines changed: 79 additions & 0 deletions
diff --git a/‎src/code.cloudfoundry.org/policy-server/cc_client/client_test.go‎
Lines changed: 160 additions & 0 deletions b/‎src/code.cloudfoundry.org/policy-server/cc_client/client_test.go‎
Lines changed: 160 additions & 0 deletions
diff --git a/‎src/code.cloudfoundry.org/policy-server/cc_client/fakes/cc_client.go‎
Lines changed: 79 additions & 0 deletions b/‎src/code.cloudfoundry.org/policy-server/cc_client/fakes/cc_client.go‎
Lines changed: 79 additions & 0 deletions
@@ -22,13 +22,56 @@ type CCClient interface {
 	GetSubjectSpaces(token, subjectId string) (map[string]struct{}, error)
 	GetLiveAppGUIDs(token string, appGUIDs []string) (map[string]struct{}, error)
 	GetLiveSpaceGUIDs(token string, spaceGUIDs []string) (map[string]struct{}, error)
+	GetSecurityGroups(token string) ([]SecurityGroupResource, error)
 }
 
 type Client struct {
 	Logger     lager.Logger
 	JSONClient json_client.JsonClient
 }
 
+type GetSecurityGroupsResponse struct {
+	Pagination struct {
+		TotalPages int `json:"total_pages"`
+		First      struct {
+			Href string `json:"href"`
+		} `json:"first"`
+		Last struct {
+			Href string `json:"href"`
+		} `json:"last"`
+		Next struct {
+			Href string `json:"href"`
+		} `json:"next"`
+	} `json:"pagination"`
+	Resources []SecurityGroupResource `json:"resources"`
+}
+
+type SecurityGroupResource struct {
+	GUID            string `json:"guid"`
+	Name            string `json:"name"`
+	GloballyEnabled struct {
+		Running bool `json:"running"`
+		Staging bool `json:"staging"`
+	} `json:"globally_enabled"`
+	Rules []struct {
+		Protocol    string `json:"protocol"`
+		Destination string `json:"destination"`
+		Ports       string `json:"ports"`
+		Type        int    `json:"type"`
+		Code        int    `json:"code"`
+		Description string `json:"description"`
+		Log         bool   `json:"log"`
+	} `json:"rules"`
+	Relationships struct {
+		StagingSpaces struct {
+			Data []map[string]string `json:"data"`
+		} `json:"staging_spaces"`
+		RunningSpaces struct {
+			Data []map[string]string `json:"data"`
+		} `json:"running_spaces"`
+	} `json:"relationships"`
+}
+
 type AppsV3Response struct {
 	Pagination struct {
 		TotalPages int `json:"total_pages"`
@@ -312,3 +355,39 @@ func (c *Client) GetSubjectSpaces(token, subjectId string) (map[string]struct{},
 
 	return subjectSpaces, nil
 }
+
+func (c *Client) GetSecurityGroups(token string) ([]SecurityGroupResource, error) {
+	token = fmt.Sprintf("bearer %s", token)
+
+	securityGroups := []SecurityGroupResource{}
+
+	nextPage := "?"
+	for nextPage != "" {
+		queryParams := strings.Split(nextPage, "?")[1]
+		response, err := c.makeGetSecurityGroupsRequest(queryParams, token)
+		if err != nil {
+			return nil, err
+		}
+		for _, resource := range response.Resources {
+			securityGroups = append(securityGroups, resource)
+		}
+		nextPage = response.Pagination.Next.Href
+	}
+	return securityGroups, nil
+}
+
+func (c *Client) makeGetSecurityGroupsRequest(queryParams, token string) (*GetSecurityGroupsResponse, error) {
+	route := "/v3/security_groups"
+
+	if queryParams != "" {
+		route = fmt.Sprintf("%s?%s", route, queryParams)
+	}
+
+	var response GetSecurityGroupsResponse
+	err := c.JSONClient.Do("GET", route, nil, &response, token)
+	if err != nil {
+		return nil, fmt.Errorf("json client do: %s", err)
+	}
+
+	return &response, nil
+}
@@ -574,4 +574,164 @@ var _ = Describe("Client", func() {
 			})
 		})
 	})
+
+	Describe("GetSecurityGroups", func() {
+		BeforeEach(func() {
+			fakeJSONClient.DoStub = func(method, route string, reqData, respData interface{}, token string) error {
+				err := json.Unmarshal([]byte(fixtures.OneSecurityGroup), respData)
+				Expect(err).ToNot(HaveOccurred())
+				return nil
+			}
+		})
+
+		It("polls the Cloud Controller successfully", func() {
+			sgs, err := client.GetSecurityGroups("some-token")
+			Expect(err).NotTo(HaveOccurred())
+			Expect(fakeJSONClient.DoCallCount()).To(Equal(1))
+
+			method, route, reqData, _, _ := fakeJSONClient.DoArgsForCall(0)
+
+			Expect(method).To(Equal("GET"))
+			Expect(route).To(Equal("/v3/security_groups"))
+			Expect(reqData).To(BeNil())
+
+			Expect(len(sgs)).To(Equal(1))
+			Expect(sgs[0].Name).To(Equal("my-group0"))
+			Expect(sgs[0].GUID).To(Equal("b85a788e-671f-4549-814d-e34cdb2f539a"))
+			Expect(sgs[0].GloballyEnabled.Running).To(BeTrue())
+			Expect(sgs[0].GloballyEnabled.Staging).To(BeFalse())
+			Expect(sgs[0].Rules[0].Protocol).To(Equal("tcp"))
+			Expect(sgs[0].Rules[1].Protocol).To(Equal("icmp"))
+		})
+
+		Context("when there are no security groups", func() {
+			BeforeEach(func() {
+				fakeJSONClient.DoStub = func(method, route string, reqData, respData interface{}, token string) error {
+					err := json.Unmarshal([]byte(fixtures.NoSecurityGroups), respData)
+					Expect(err).ToNot(HaveOccurred())
+					return nil
+				}
+			})
+
+			It("Returns them all", func() {
+				sgs, err := client.GetSecurityGroups("some-token")
+				Expect(err).NotTo(HaveOccurred())
+				Expect(fakeJSONClient.DoCallCount()).To(Equal(1))
+
+				method, route, reqData, _, _ := fakeJSONClient.DoArgsForCall(0)
+
+				Expect(method).To(Equal("GET"))
+				Expect(route).To(Equal("/v3/security_groups"))
+				Expect(reqData).To(BeNil())
+
+				Expect(len(sgs)).To(Equal(0))
+			})
+		})
+
+		Context("when multiple security groups are returned", func() {
+			BeforeEach(func() {
+				fakeJSONClient.DoStub = func(method, route string, reqData, respData interface{}, token string) error {
+					err := json.Unmarshal([]byte(fixtures.TwoSecurityGroups), respData)
+					Expect(err).ToNot(HaveOccurred())
+					return nil
+				}
+			})
+
+			It("Returns them all", func() {
+				sgs, err := client.GetSecurityGroups("some-token")
+				Expect(err).NotTo(HaveOccurred())
+				Expect(fakeJSONClient.DoCallCount()).To(Equal(1))
+
+				method, route, reqData, _, _ := fakeJSONClient.DoArgsForCall(0)
+
+				Expect(method).To(Equal("GET"))
+				Expect(route).To(Equal("/v3/security_groups"))
+				Expect(reqData).To(BeNil())
+
+				Expect(len(sgs)).To(Equal(2))
+				Expect(sgs[1].Name).To(Equal("my-group2"))
+				Expect(sgs[1].GUID).To(Equal("second-guid"))
+				Expect(sgs[1].GloballyEnabled.Running).To(BeFalse())
+				Expect(sgs[1].GloballyEnabled.Staging).To(BeTrue())
+				Expect(sgs[1].Rules[0].Protocol).To(Equal("tcp"))
+				Expect(sgs[1].Rules[0].Ports).To(Equal("53"))
+			})
+		})
+
+		Context("when there are multiple pages", func() {
+			BeforeEach(func() {
+				fakeJSONClient.DoStub = func(method, route string, reqData, respData interface{}, token string) error {
+					if route == "/v3/security_groups?page=2&per_page=1" {
+						err := json.Unmarshal([]byte(fixtures.SecurityGroupsMultiplePagesPg2), respData)
+						Expect(err).ToNot(HaveOccurred())
+					} else if route == "/v3/security_groups?page=3&per_page=1" {
+						err := json.Unmarshal([]byte(fixtures.SecurityGroupsMultiplePagesPg3), respData)
+						Expect(err).ToNot(HaveOccurred())
+					} else {
+						err := json.Unmarshal([]byte(fixtures.SecurityGroupsMultiplePages), respData)
+						Expect(err).ToNot(HaveOccurred())
+					}
+					return nil
+				}
+			})
+
+			It("returns all the security groups", func() {
+				sgs, err := client.GetSecurityGroups("some-token")
+				Expect(err).NotTo(HaveOccurred())
+				Expect(fakeJSONClient.DoCallCount()).To(Equal(3))
+
+				method, route, reqData, _, token := fakeJSONClient.DoArgsForCall(0)
+
+				Expect(method).To(Equal("GET"))
+				Expect(route).To(Equal("/v3/security_groups"))
+				Expect(reqData).To(BeNil())
+				Expect(token).To(Equal("bearer some-token"))
+
+				method, route, reqData, _, token = fakeJSONClient.DoArgsForCall(1)
+
+				Expect(method).To(Equal("GET"))
+				Expect(route).To(Equal("/v3/security_groups?page=2&per_page=1"))
+				Expect(reqData).To(BeNil())
+				Expect(token).To(Equal("bearer some-token"))
+
+				method, route, reqData, _, token = fakeJSONClient.DoArgsForCall(2)
+
+				Expect(method).To(Equal("GET"))
+				Expect(route).To(Equal("/v3/security_groups?page=3&per_page=1"))
+				Expect(reqData).To(BeNil())
+				Expect(token).To(Equal("bearer some-token"))
+
+				Expect(len(sgs)).To(Equal(3))
+				Expect(sgs[0].Name).To(Equal("my-group0"))
+				Expect(sgs[0].GUID).To(Equal("b85a788e-671f-4549-814d-e34cdb2f539a"))
+				Expect(sgs[0].GloballyEnabled.Running).To(BeTrue())
+				Expect(sgs[0].GloballyEnabled.Staging).To(BeFalse())
+				Expect(sgs[0].Rules[0].Protocol).To(Equal("tcp"))
+				Expect(sgs[0].Rules[1].Protocol).To(Equal("icmp"))
+				Expect(sgs[1].Name).To(Equal("my-group2"))
+				Expect(sgs[1].GUID).To(Equal("second-guid"))
+				Expect(sgs[1].GloballyEnabled.Running).To(BeFalse())
+				Expect(sgs[1].GloballyEnabled.Staging).To(BeTrue())
+				Expect(sgs[1].Rules[0].Protocol).To(Equal("tcp"))
+				Expect(sgs[1].Rules[0].Ports).To(Equal("53"))
+				Expect(sgs[2].Name).To(Equal("my-group3"))
+				Expect(sgs[2].GUID).To(Equal("third-guid"))
+				Expect(sgs[2].GloballyEnabled.Running).To(BeTrue())
+				Expect(sgs[2].GloballyEnabled.Staging).To(BeTrue())
+				Expect(sgs[2].Rules[0].Protocol).To(Equal("tcp"))
+				Expect(sgs[2].Rules[0].Ports).To(Equal("123"))
+			})
+		})
+
+		Context("when the json client returns an error", func() {
+			BeforeEach(func() {
+				fakeJSONClient.DoReturns(errors.New("kissa ja undulaatti"))
+			})
+
+			It("returns a helpful error", func() {
+				_, err := client.GetSubjectSpaces("some-token", "some-subject-id")
+				Expect(err).To(MatchError(ContainSubstring("json client do: kissa ja undulaatti")))
+			})
+		})
+	})
 })