Fix OpenStack Nova SecurityGroupExtension based on live tests

So there were a few problems, but the core ugly one is that what you pass in for creating a rule allowing groups' access is not the same thing you get back from a group with such a rule, which makes mapping between the arguments and the output insanely painful. So now, well, we do some insanely painful stuff.
2013-10-03 17:51:54 -07:00 · 2013-10-03 17:51:54 -07:00 · 46b8fd0eee
parent e017b8904c
commit 46b8fd0eee
11 changed files with 197 additions and 123 deletions
--- a/apis/openstack-nova/src/main/java/org/jclouds/openstack/nova/v2_0/compute/extensions/NovaSecurityGroupExtension.java
+++ b/apis/openstack-nova/src/main/java/org/jclouds/openstack/nova/v2_0/compute/extensions/NovaSecurityGroupExtension.java
@ -59,7 +59,6 @@ import com.google.common.base.Optional;
 import com.google.common.base.Supplier;
 import com.google.common.cache.LoadingCache;
 import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.Iterables;
 import com.google.common.collect.Multimap;
 import com.google.common.util.concurrent.ListeningExecutorService;
@ -204,8 +203,8 @@ public class NovaSecurityGroupExtension implements SecurityGroupExtension {
   @Override
   public SecurityGroup addIpPermission(IpPermission ipPermission, SecurityGroup group) {
      String zone = group.getLocation().getId();
-      String id = group.getId();
+      ZoneAndId groupZoneAndId = ZoneAndId.fromSlashEncoded(group.getId());
-
+      String id = groupZoneAndId.getId();
      Optional<? extends SecurityGroupApi> sgApi = api.getSecurityGroupExtensionForZone(zone);
      if (!sgApi.isPresent()) {
@ -246,48 +245,22 @@ public class NovaSecurityGroupExtension implements SecurityGroupExtension {
                                        Multimap<String, String> tenantIdGroupNamePairs,
                                        Iterable<String> ipRanges,
                                        Iterable<String> groupIds, SecurityGroup group) {
-      String zone = group.getLocation().getId();
+      IpPermission.Builder permBuilder = IpPermission.builder();
-      String id = group.getId();
+      permBuilder.ipProtocol(protocol);
      permBuilder.fromPort(startPort);
      permBuilder.toPort(endPort);
      permBuilder.tenantIdGroupNamePairs(tenantIdGroupNamePairs);
      permBuilder.cidrBlocks(ipRanges);
      permBuilder.groupIds(groupIds);
-      Optional<? extends SecurityGroupApi> sgApi = api.getSecurityGroupExtensionForZone(zone);
+      return addIpPermission(permBuilder.build(), group);
      if (!sgApi.isPresent()) {
         return null;
      }
      if (Iterables.size(ipRanges) > 0) {
         for (String cidr : ipRanges) {
            sgApi.get().createRuleAllowingCidrBlock(id,
                    Ingress.builder()
                            .ipProtocol(protocol)
                            .fromPort(startPort)
                            .toPort(endPort)
                            .build(),
                    cidr);
         }
      }
      if (Iterables.size(groupIds) > 0) {
         for (String zoneAndGroupRaw : groupIds) {
            ZoneAndId zoneAndId = ZoneAndId.fromSlashEncoded(zoneAndGroupRaw);
            String groupId = zoneAndId.getId();
            sgApi.get().createRuleAllowingSecurityGroupId(id,
                    Ingress.builder()
                            .ipProtocol(protocol)
                            .fromPort(startPort)
                            .toPort(endPort)
                            .build(),
                    groupId);
         }
      }
      return getSecurityGroupById(ZoneAndId.fromZoneAndId(zone, id).slashEncode());
   }
   @Override
   public SecurityGroup removeIpPermission(IpPermission ipPermission, SecurityGroup group) {
      String zone = group.getLocation().getId();
-      String id = group.getId();
+      ZoneAndId groupZoneAndId = ZoneAndId.fromSlashEncoded(group.getId());
      String id = groupZoneAndId.getId();
      Optional<? extends SecurityGroupApi> sgApi = api.getSecurityGroupExtensionForZone(zone);
@ -328,42 +301,15 @@ public class NovaSecurityGroupExtension implements SecurityGroupExtension {
                                           Multimap<String, String> tenantIdGroupNamePairs,
                                           Iterable<String> ipRanges,
                                           Iterable<String> groupIds, SecurityGroup group) {
-      String zone = group.getLocation().getId();
+      IpPermission.Builder permBuilder = IpPermission.builder();
-      String id = group.getId();
+      permBuilder.ipProtocol(protocol);
      permBuilder.fromPort(startPort);
      permBuilder.toPort(endPort);
      permBuilder.tenantIdGroupNamePairs(tenantIdGroupNamePairs);
      permBuilder.cidrBlocks(ipRanges);
      permBuilder.groupIds(groupIds);
-      Optional<? extends SecurityGroupApi> sgApi = api.getSecurityGroupExtensionForZone(zone);
+      return removeIpPermission(permBuilder.build(), group);
      if (!sgApi.isPresent()) {
         return null;
      }
      org.jclouds.openstack.nova.v2_0.domain.SecurityGroup securityGroup = sgApi.get().get(id);
      if (Iterables.size(ipRanges) > 0) {
         for (String cidr : ipRanges) {
            for (SecurityGroupRule rule : filter(securityGroup.getRules(),
                    and(ruleCidr(cidr),
                            ruleProtocol(protocol),
                            ruleStartPort(startPort),
                            ruleEndPort(endPort)))) {
               sgApi.get().deleteRule(rule.getId());
            }
         }
      }
      if (Iterables.size(groupIds) > 0) {
         for (String groupId : groupIds) {
            for (SecurityGroupRule rule : filter(securityGroup.getRules(),
                    and(ruleGroup(groupId),
                            ruleProtocol(protocol),
                            ruleStartPort(startPort),
                            ruleEndPort(endPort)))) {
               sgApi.get().deleteRule(rule.getId());
            }
         }
      }
      return getSecurityGroupById(ZoneAndId.fromZoneAndId(zone, id).slashEncode());
   }
   @Override
--- a/apis/openstack-nova/src/main/java/org/jclouds/openstack/nova/v2_0/compute/functions/NovaSecurityGroupInZoneToSecurityGroup.java
+++ b/apis/openstack-nova/src/main/java/org/jclouds/openstack/nova/v2_0/compute/functions/NovaSecurityGroupInZoneToSecurityGroup.java
@ -68,6 +68,8 @@ public class NovaSecurityGroupInZoneToSecurityGroup implements Function<Security
      builder.location(zone);
      builder.id(group.getZone() + "/" + group.getSecurityGroup().getId());
      return builder.build();
   }
 }
--- a/apis/openstack-nova/src/main/java/org/jclouds/openstack/nova/v2_0/compute/functions/SecurityGroupRuleToIpPermission.java
+++ b/apis/openstack-nova/src/main/java/org/jclouds/openstack/nova/v2_0/compute/functions/SecurityGroupRuleToIpPermission.java
@ -16,15 +16,30 @@
 */
 package org.jclouds.openstack.nova.v2_0.compute.functions;
 import static com.google.common.base.Preconditions.checkNotNull;
 import static com.google.common.collect.Iterables.filter;
 import static com.google.common.collect.Iterables.getFirst;
 import java.util.Map;
 import java.util.concurrent.atomic.AtomicReference;
 import javax.annotation.Resource;
 import javax.inject.Inject;
 import javax.inject.Named;
 import org.jclouds.compute.reference.ComputeServiceConstants;
 import org.jclouds.domain.Location;
 import org.jclouds.logging.Logger;
 import org.jclouds.net.domain.IpPermission;
 import org.jclouds.openstack.nova.v2_0.domain.SecurityGroupRule;
 import org.jclouds.openstack.nova.v2_0.domain.zonescoped.SecurityGroupInZone;
 import org.jclouds.openstack.nova.v2_0.domain.zonescoped.ZoneAndName;
 import com.google.common.base.Function;
 import com.google.common.base.Predicate;
 import com.google.common.base.Supplier;
 import com.google.common.cache.LoadingCache;
 import com.google.common.util.concurrent.Atomics;
 /**
@ -37,8 +52,18 @@ public class SecurityGroupRuleToIpPermission implements Function<SecurityGroupRu
   @Resource
   @Named(ComputeServiceConstants.COMPUTE_LOGGER)
   protected Logger logger = Logger.NULL;
-   
+   protected final Predicate<AtomicReference<ZoneAndName>> returnSecurityGroupExistsInZone;
-   public SecurityGroupRuleToIpPermission() {
+   protected final Supplier<Map<String, Location>> locationIndex;
   LoadingCache<ZoneAndName, SecurityGroupInZone> groupMap;
   @Inject
   public SecurityGroupRuleToIpPermission(@Named("SECURITYGROUP_PRESENT") Predicate<AtomicReference<ZoneAndName>> returnSecurityGroupExistsInZone,
                                          Supplier<Map<String, Location>> locationIndex,
                                          LoadingCache<ZoneAndName, SecurityGroupInZone> groupMap) {
      this.returnSecurityGroupExistsInZone = checkNotNull(returnSecurityGroupExistsInZone,
              "returnSecurityGroupExistsInZone");
      this.locationIndex = checkNotNull(locationIndex, "locationIndex");
      this.groupMap = checkNotNull(groupMap, "groupMap");
   }
   @Override
@ -47,11 +72,28 @@ public class SecurityGroupRuleToIpPermission implements Function<SecurityGroupRu
      builder.ipProtocol(rule.getIpProtocol());
      builder.fromPort(rule.getFromPort());
      builder.toPort(rule.getToPort());
-      if (rule.getGroup() != null) 
+      if (rule.getGroup() != null) {
-         builder.tenantIdGroupNamePair(rule.getGroup().getTenantId(), rule.getGroup().getName());
+         String zone = getFirst(filter(locationIndex.get().keySet(), isSecurityGroupInZone(rule.getGroup().getName())),
                 null);
         if (zone != null) {
            SecurityGroupInZone group = groupMap.getUnchecked(ZoneAndName.fromZoneAndName(zone, rule.getGroup().getName()));
            builder.groupId(zone + "/" + group.getSecurityGroup().getId());
         }
      }
      if (rule.getIpRange() != null)
         builder.cidrBlock(rule.getIpRange());
      return builder.build();
   }
   protected Predicate<String> isSecurityGroupInZone(final String groupName) {
      return new Predicate<String>() {
         @Override
         public boolean apply(String zone) {
            AtomicReference<ZoneAndName> securityGroupInZoneRef = Atomics.newReference(ZoneAndName.fromZoneAndName(zone, groupName));
            return returnSecurityGroupExistsInZone.apply(securityGroupInZoneRef);
         }
      };
   }
 }
--- a/apis/openstack-nova/src/test/java/org/jclouds/openstack/nova/v2_0/compute/extensions/NovaSecurityGroupExtensionExpectTest.java
+++ b/apis/openstack-nova/src/test/java/org/jclouds/openstack/nova/v2_0/compute/extensions/NovaSecurityGroupExtensionExpectTest.java
@ -52,6 +52,13 @@ import com.google.common.collect.Sets;
 public class NovaSecurityGroupExtensionExpectTest extends BaseNovaComputeServiceExpectTest {
   protected String zone = "az-1.region-a.geo-1";
   protected HttpRequest list = HttpRequest.builder().method("GET").endpoint(
           URI.create("https://az-1.region-a.geo-1.compute.hpcloudsvc.com/v1.1/3456/os-security-groups")).headers(
           ImmutableMultimap.<String, String> builder().put("Accept", "application/json").put("X-Auth-Token",
                   authToken).build()).build();
   protected HttpResponse listResponse = HttpResponse.builder().statusCode(200).payload(
           payloadFromResource("/securitygroup_list_extension.json")).build();
   @Override
   protected Properties setupProperties() {
@ -61,13 +68,6 @@ public class NovaSecurityGroupExtensionExpectTest extends BaseNovaComputeService
   }
   public void testListSecurityGroups() {
      HttpRequest list = HttpRequest.builder().method("GET").endpoint(
              URI.create("https://az-1.region-a.geo-1.compute.hpcloudsvc.com/v1.1/3456/os-security-groups")).headers(
              ImmutableMultimap.<String, String> builder().put("Accept", "application/json").put("X-Auth-Token",
                      authToken).build()).build();
      HttpResponse listResponse = HttpResponse.builder().statusCode(200).payload(
              payloadFromResource("/securitygroup_list.json")).build();
      Builder<HttpRequest, HttpResponse> requestResponseMap = ImmutableMap.<HttpRequest, HttpResponse> builder();
@ -149,15 +149,24 @@ public class NovaSecurityGroupExtensionExpectTest extends BaseNovaComputeService
      Builder<HttpRequest, HttpResponse> requestResponseMap = ImmutableMap.<HttpRequest, HttpResponse> builder();
      requestResponseMap.put(keystoneAuthWithUsernameAndPasswordAndTenantName, responseWithKeystoneAccess);
      requestResponseMap.put(extensionsOfNovaRequest, extensionsOfNovaResponse);
-      requestResponseMap.put(getSecurityGroup, getSecurityGroupResponse).build();
+      requestResponseMap.put(getSecurityGroup, getSecurityGroupResponse);
      requestResponseMap.put(list, listResponse).build();
      SecurityGroupExtension extension = requestsSendResponses(requestResponseMap.build()).getSecurityGroupExtension().get();
      SecurityGroup group = extension.getSecurityGroupById(zone + "/160");
-      assertEquals(group.getId(), "160");
+      assertEquals(group.getId(), zone + "/160");
   }
   public void testCreateSecurityGroup() {
      HttpRequest getSecurityGroup = HttpRequest.builder().method("GET").endpoint(
              URI.create("https://az-1.region-a.geo-1.compute.hpcloudsvc.com/v1.1/3456/os-security-groups/160")).headers(
              ImmutableMultimap.<String, String> builder().put("Accept", "application/json").put("X-Auth-Token",
                      authToken).build()).build();
      HttpResponse getSecurityGroupResponse = HttpResponse.builder().statusCode(200).payload(
              payloadFromResource("/securitygroup_details_extension.json")).build();
      HttpRequest create = HttpRequest.builder().method("POST").endpoint(
              URI.create("https://az-1.region-a.geo-1.compute.hpcloudsvc.com/v1.1/3456/os-security-groups")).headers(
              ImmutableMultimap.<String, String> builder().put("Accept", "application/json").put("X-Auth-Token",
@ -182,7 +191,8 @@ public class NovaSecurityGroupExtensionExpectTest extends BaseNovaComputeService
      requestResponseMap.put(keystoneAuthWithUsernameAndPasswordAndTenantName, responseWithKeystoneAccess);
      requestResponseMap.put(extensionsOfNovaRequest, extensionsOfNovaResponse);
      requestResponseMap.put(create, createResponse);
-      requestResponseMap.put(list, listResponse).build();
+      requestResponseMap.put(list, listResponse);
      requestResponseMap.put(getSecurityGroup, getSecurityGroupResponse).build();
      SecurityGroupExtension extension = requestsSendResponses(requestResponseMap.build()).getSecurityGroupExtension().get();
@ -191,7 +201,7 @@ public class NovaSecurityGroupExtensionExpectTest extends BaseNovaComputeService
              .id(zone)
              .description("zone")
              .build());
-      assertEquals(group.getId(), "160");
+      assertEquals(group.getId(), zone + "/160");
   }
   public void testRemoveSecurityGroup() {
@ -250,9 +260,9 @@ public class NovaSecurityGroupExtensionExpectTest extends BaseNovaComputeService
      SecurityGroupExtension extension = orderedRequestsSendResponses(ImmutableList.of(keystoneAuthWithUsernameAndPasswordAndTenantName,
-              extensionsOfNovaRequest, getSecurityGroup, createRule, getSecurityGroup),
+              extensionsOfNovaRequest, getSecurityGroup, createRule, getSecurityGroup, list, list),
              ImmutableList.of(responseWithKeystoneAccess, extensionsOfNovaResponse, getSecurityGroupNoRulesResponse,
-                      createRuleResponse, getSecurityGroupResponse)).getSecurityGroupExtension().get();
+                      createRuleResponse, getSecurityGroupResponse, listResponse, listResponse)).getSecurityGroupExtension().get();
      IpPermission.Builder builder = IpPermission.builder();
@ -299,9 +309,9 @@ public class NovaSecurityGroupExtensionExpectTest extends BaseNovaComputeService
      SecurityGroupExtension extension = orderedRequestsSendResponses(ImmutableList.of(keystoneAuthWithUsernameAndPasswordAndTenantName,
-              extensionsOfNovaRequest, getSecurityGroup, createRule, getSecurityGroup),
+              extensionsOfNovaRequest, getSecurityGroup, createRule, getSecurityGroup, list, list),
              ImmutableList.of(responseWithKeystoneAccess, extensionsOfNovaResponse, getSecurityGroupNoRulesResponse,
-                      createRuleResponse, getSecurityGroupResponse)).getSecurityGroupExtension().get();
+                      createRuleResponse, getSecurityGroupResponse, listResponse, listResponse)).getSecurityGroupExtension().get();
      SecurityGroup origGroup = extension.getSecurityGroupById(zone + "/160");
@ -345,9 +355,9 @@ public class NovaSecurityGroupExtensionExpectTest extends BaseNovaComputeService
      SecurityGroupExtension extension = orderedRequestsSendResponses(ImmutableList.of(keystoneAuthWithUsernameAndPasswordAndTenantName,
-              extensionsOfNovaRequest, getSecurityGroup, createRule, getSecurityGroup),
+              extensionsOfNovaRequest, getSecurityGroup, createRule, getSecurityGroup, list, list),
              ImmutableList.of(responseWithKeystoneAccess, extensionsOfNovaResponse, getSecurityGroupNoRulesResponse,
-                      createRuleResponse, getSecurityGroupResponse)).getSecurityGroupExtension().get();
+                      createRuleResponse, getSecurityGroupResponse, listResponse, listResponse)).getSecurityGroupExtension().get();
      IpPermission.Builder builder = IpPermission.builder();
@ -394,9 +404,9 @@ public class NovaSecurityGroupExtensionExpectTest extends BaseNovaComputeService
      SecurityGroupExtension extension = orderedRequestsSendResponses(ImmutableList.of(keystoneAuthWithUsernameAndPasswordAndTenantName,
-              extensionsOfNovaRequest, getSecurityGroup, createRule, getSecurityGroup),
+              extensionsOfNovaRequest, getSecurityGroup, createRule, getSecurityGroup, list, list),
              ImmutableList.of(responseWithKeystoneAccess, extensionsOfNovaResponse, getSecurityGroupNoRulesResponse,
-                      createRuleResponse, getSecurityGroupResponse)).getSecurityGroupExtension().get();
+                      createRuleResponse, getSecurityGroupResponse, listResponse, listResponse)).getSecurityGroupExtension().get();
      SecurityGroup origGroup = extension.getSecurityGroupById(zone + "/160");
--- a/apis/openstack-nova/src/test/java/org/jclouds/openstack/nova/v2_0/compute/functions/NovaSecurityGroupInZoneToSecurityGroupTest.java
+++ b/apis/openstack-nova/src/test/java/org/jclouds/openstack/nova/v2_0/compute/functions/NovaSecurityGroupInZoneToSecurityGroupTest.java
@ -41,7 +41,6 @@ import com.google.common.collect.ImmutableSet;
@Test(groups = "unit", testName = "NovaSecurityGroupInZoneToSecurityGroupTest")
 public class NovaSecurityGroupInZoneToSecurityGroupTest {
   private static final SecurityGroupRuleToIpPermission ruleConverter = new SecurityGroupRuleToIpPermission();
   Location provider = new LocationBuilder().scope(LocationScope.PROVIDER).id("openstack-nova")
           .description("openstack-nova").build();
   Location zone = new LocationBuilder().id("az-1.region-a.geo-1").description("az-1.region-a.geo-1")
@ -58,11 +57,12 @@ public class NovaSecurityGroupInZoneToSecurityGroupTest {
      SecurityGroup newGroup = parser.apply(origGroup);
-      assertEquals(newGroup.getId(), origGroup.getSecurityGroup().getId());
+      assertEquals(newGroup.getId(), origGroup.getZone() + "/" + origGroup.getSecurityGroup().getId());
      assertEquals(newGroup.getProviderId(), origGroup.getSecurityGroup().getId());
      assertEquals(newGroup.getName(), origGroup.getSecurityGroup().getName());
      assertEquals(newGroup.getOwnerId(), origGroup.getSecurityGroup().getTenantId());
-      assertEquals(newGroup.getIpPermissions(), ImmutableSet.copyOf(transform(origGroup.getSecurityGroup().getRules(), ruleConverter)));
+      assertEquals(newGroup.getIpPermissions(), ImmutableSet.copyOf(transform(origGroup.getSecurityGroup().getRules(),
              NovaSecurityGroupToSecurityGroupTest.ruleConverter)));
      assertEquals(newGroup.getLocation().getId(), origGroup.getZone());
   }
@ -75,16 +75,17 @@ public class NovaSecurityGroupInZoneToSecurityGroupTest {
      SecurityGroup newGroup = parser.apply(origGroup);
-      assertEquals(newGroup.getId(), origGroup.getSecurityGroup().getId());
+      assertEquals(newGroup.getId(), origGroup.getZone() + "/" + origGroup.getSecurityGroup().getId());
      assertEquals(newGroup.getProviderId(), origGroup.getSecurityGroup().getId());
      assertEquals(newGroup.getName(), origGroup.getSecurityGroup().getName());
      assertEquals(newGroup.getOwnerId(), origGroup.getSecurityGroup().getTenantId());
-      assertEquals(newGroup.getIpPermissions(), ImmutableSet.copyOf(transform(origGroup.getSecurityGroup().getRules(), ruleConverter)));
+      assertEquals(newGroup.getIpPermissions(), ImmutableSet.copyOf(transform(origGroup.getSecurityGroup().getRules(),
              NovaSecurityGroupToSecurityGroupTest.ruleConverter)));
      assertEquals(newGroup.getLocation().getId(), origGroup.getZone());
   }
   private NovaSecurityGroupInZoneToSecurityGroup createGroupParser() {
-      NovaSecurityGroupToSecurityGroup baseParser = new NovaSecurityGroupToSecurityGroup(ruleConverter);
+      NovaSecurityGroupToSecurityGroup baseParser = new NovaSecurityGroupToSecurityGroup(NovaSecurityGroupToSecurityGroupTest.ruleConverter);
      NovaSecurityGroupInZoneToSecurityGroup parser = new NovaSecurityGroupInZoneToSecurityGroup(baseParser, locationIndex);
--- a/apis/openstack-nova/src/test/java/org/jclouds/openstack/nova/v2_0/compute/functions/NovaSecurityGroupToSecurityGroupTest.java
+++ b/apis/openstack-nova/src/test/java/org/jclouds/openstack/nova/v2_0/compute/functions/NovaSecurityGroupToSecurityGroupTest.java
@ -19,12 +19,29 @@ package org.jclouds.openstack.nova.v2_0.compute.functions;
 import static com.google.common.collect.Iterables.transform;
 import static org.testng.Assert.assertEquals;
 import java.util.Map;
 import java.util.concurrent.atomic.AtomicReference;
 import org.jclouds.compute.domain.SecurityGroup;
 import org.jclouds.domain.Location;
 import org.jclouds.domain.LocationBuilder;
 import org.jclouds.domain.LocationScope;
 import org.jclouds.net.domain.IpProtocol;
 import org.jclouds.openstack.nova.v2_0.domain.SecurityGroupRule;
 import org.jclouds.openstack.nova.v2_0.domain.TenantIdAndName;
 import org.jclouds.openstack.nova.v2_0.domain.zonescoped.SecurityGroupInZone;
 import org.jclouds.openstack.nova.v2_0.domain.zonescoped.ZoneAndName;
 import org.testng.annotations.Test;
 import com.google.common.base.Functions;
 import com.google.common.base.Predicate;
 import com.google.common.base.Predicates;
 import com.google.common.base.Supplier;
 import com.google.common.base.Suppliers;
 import com.google.common.cache.CacheBuilder;
 import com.google.common.cache.CacheLoader;
 import com.google.common.cache.LoadingCache;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.ImmutableSet;
 /**
@ -33,10 +50,29 @@ import com.google.common.collect.ImmutableSet;
@Test(groups = "unit", testName = "NovaSecurityGroupToSecurityGroupTest")
 public class NovaSecurityGroupToSecurityGroupTest {
-   private static final SecurityGroupRuleToIpPermission ruleConverter = new SecurityGroupRuleToIpPermission();
+   private static final Location provider = new LocationBuilder().scope(LocationScope.PROVIDER).id("openstack-nova")
           .description("openstack-nova").build();
   private static final Location zone = new LocationBuilder().id("az-1.region-a.geo-1").description("az-1.region-a.geo-1")
           .scope(LocationScope.ZONE).parent(provider).build();
   private static final Supplier<Map<String, Location>> locationIndex = Suppliers.<Map<String, Location>> ofInstance(ImmutableMap
           .<String, Location>of("az-1.region-a.geo-1", zone));
   private static final Predicate<AtomicReference<ZoneAndName>> returnSecurityGroupExistsInZone = Predicates.alwaysTrue();
   private static final Map<ZoneAndName, SecurityGroupInZone> groupMap = ImmutableMap.of(
           ZoneAndName.fromZoneAndName("az-1.region-a.geo-1", "some-group"), new SecurityGroupInZone(securityGroupWithGroup(), "az-1.region-a.geo-1"),
           ZoneAndName.fromZoneAndName("az-1.region-a.geo-1", "some-other-group"), new SecurityGroupInZone(securityGroupWithCidr(), "az-1.region-a.geo-1"));
   // weird compilation error means have to declare extra generics for call to build() - see https://bugs.eclipse.org/bugs/show_bug.cgi?id=365818
   private static final Supplier <LoadingCache<ZoneAndName, SecurityGroupInZone>> groupCache = Suppliers.<LoadingCache<ZoneAndName,SecurityGroupInZone>> ofInstance(
           CacheBuilder.newBuilder().<ZoneAndName, SecurityGroupInZone>build(CacheLoader.from(Functions.forMap(groupMap))));
   public static final SecurityGroupRuleToIpPermission ruleConverter = new SecurityGroupRuleToIpPermission(returnSecurityGroupExistsInZone, locationIndex,
           groupCache.get());
   public static org.jclouds.openstack.nova.v2_0.domain.SecurityGroup securityGroupWithGroup() {
-      TenantIdAndName group = TenantIdAndName.builder().tenantId("tenant").name("name").build();
+      TenantIdAndName group = TenantIdAndName.builder().tenantId("tenant").name("some-other-group").build();
      SecurityGroupRule ruleToConvert = SecurityGroupRule.builder()
              .id("some-id")
@ -71,7 +107,7 @@ public class NovaSecurityGroupToSecurityGroupTest {
      org.jclouds.openstack.nova.v2_0.domain.SecurityGroup origGroup = org.jclouds.openstack.nova.v2_0.domain.SecurityGroup.builder()
              .tenantId("tenant")
              .id("some-id")
-              .name("some-group")
+              .name("some-other-group")
              .description("some-description")
              .rules(ruleToConvert)
              .build();
--- a/apis/openstack-nova/src/test/java/org/jclouds/openstack/nova/v2_0/compute/functions/SecurityGroupRuleToIpPermissionTest.java
+++ b/apis/openstack-nova/src/test/java/org/jclouds/openstack/nova/v2_0/compute/functions/SecurityGroupRuleToIpPermissionTest.java
@ -39,7 +39,7 @@ public class SecurityGroupRuleToIpPermissionTest {
   @Test
   public void testApplyWithGroup() {
-      TenantIdAndName group = TenantIdAndName.builder().tenantId("tenant").name("name").build();
+      TenantIdAndName group = TenantIdAndName.builder().tenantId("tenant").name("some-group").build();
      SecurityGroupRule ruleToConvert = SecurityGroupRule.builder()
         .id("some-id")
@ -50,15 +50,12 @@ public class SecurityGroupRuleToIpPermissionTest {
         .parentGroupId("some-other-id")
         .build();
-      SecurityGroupRuleToIpPermission converter = new SecurityGroupRuleToIpPermission();
+      IpPermission convertedPerm = NovaSecurityGroupToSecurityGroupTest.ruleConverter.apply(ruleToConvert);
      IpPermission convertedPerm = converter.apply(ruleToConvert);
      assertEquals(convertedPerm.getIpProtocol(), ruleToConvert.getIpProtocol());
      assertEquals(convertedPerm.getFromPort(), ruleToConvert.getFromPort());
      assertEquals(convertedPerm.getToPort(), ruleToConvert.getToPort());
-      assertTrue(convertedPerm.getTenantIdGroupNamePairs().containsKey(group.getTenantId()));
+      assertTrue(convertedPerm.getGroupIds().contains("az-1.region-a.geo-1/some-id"));
      assertTrue(convertedPerm.getTenantIdGroupNamePairs().containsValue(group.getName()));
      assertTrue(convertedPerm.getCidrBlocks().size() == 0);
   }
@ -73,9 +70,7 @@ public class SecurityGroupRuleToIpPermissionTest {
         .parentGroupId("some-other-id")
         .build();
-      SecurityGroupRuleToIpPermission converter = new SecurityGroupRuleToIpPermission();
+      IpPermission convertedPerm = NovaSecurityGroupToSecurityGroupTest.ruleConverter.apply(ruleToConvert);
      IpPermission convertedPerm = converter.apply(ruleToConvert);
      assertEquals(convertedPerm.getIpProtocol(), ruleToConvert.getIpProtocol());
      assertEquals(convertedPerm.getFromPort(), ruleToConvert.getFromPort());
--- a/apis/openstack-nova/src/test/resources/securitygroup_details_extension.json
+++ b/apis/openstack-nova/src/test/resources/securitygroup_details_extension.json
@ -16,8 +16,8 @@
              {
                 "from_port": 22,
                 "group": {
-                     "tenant_id": "admin",
+                     "tenant_id": "tenant0",
-                     "name": "11111"
+                     "name": "name0"
                  },
                  "ip_protocol": "tcp",
                  "to_port": 22,
--- a/apis/openstack-nova/src/test/resources/securitygroup_list_extension.json
+++ b/apis/openstack-nova/src/test/resources/securitygroup_list_extension.json
@ -42,10 +42,10 @@
          "id":119
        }
      ],
-      "tenant_id":"dev_16767499955063",
+        "tenant_id": "tenant0",
-      "id":160,
+        "id": 160,
-      "name":"jclouds-test",
+        "name": "name0",
-      "description":"jclouds-test"
+        "description": "description0"
    }
  ]
 }
--- a/compute/src/test/java/org/jclouds/compute/extensions/internal/BaseSecurityGroupExtensionLiveTest.java
+++ b/compute/src/test/java/org/jclouds/compute/extensions/internal/BaseSecurityGroupExtensionLiveTest.java
@ -244,8 +244,9 @@ public abstract class BaseSecurityGroupExtensionLiveTest extends BaseComputeServ
                                                                                     emptyStringSet(),
                                                                                     ImmutableSet.of(group.getId()),
                                                                                     newGroup);
-         
+
-         assertTrue(secondNewGroup.getIpPermissions().contains(secondPerm)); 
+         assertTrue(secondNewGroup.getIpPermissions().contains(secondPerm), "permissions for second group should contain "
                 + secondPerm + " but do not: " + secondNewGroup.getIpPermissions());
      }
      if (securityGroupExtension.get().supportsTenantIdGroupNamePairs()
--- a/providers/hpcloud-compute/src/test/java/org/jclouds/hpcloud/compute/compute/extensions/HPCloudComputeSecurityGroupExtensionLiveTest.java
+++ b/providers/hpcloud-compute/src/test/java/org/jclouds/hpcloud/compute/compute/extensions/HPCloudComputeSecurityGroupExtensionLiveTest.java
@ -0,0 +1,41 @@
 /*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.jclouds.hpcloud.compute.compute.extensions;
 import org.jclouds.compute.extensions.internal.BaseSecurityGroupExtensionLiveTest;
 import org.jclouds.sshj.config.SshjSshClientModule;
 import org.testng.annotations.Test;
 import com.google.inject.Module;
 /**
 * 
 * @author Andrew Bayer
 * 
 */
@Test(groups = "live", singleThreaded = true, testName = "HPCloudComputeImageExtensionLiveTest")
 public class HPCloudComputeSecurityGroupExtensionLiveTest extends BaseSecurityGroupExtensionLiveTest {
   public HPCloudComputeSecurityGroupExtensionLiveTest() {
      provider = "hpcloud-compute";
   }
   @Override
   protected Module getSshModule() {
      return new SshjSshClientModule();
   }
 }