Add create security group for OpenStack

cloudfoundry-community-attic · Jan 31, 2013 · a0dea9c · a0dea9c
1 parent da27b3f
commit a0dea9c
Showing 1 changed file with 34 additions and 0 deletions.
diff --git a/lib/bosh-cloudfoundry/providers/openstack.rb b/lib/bosh-cloudfoundry/providers/openstack.rb
@@ -15,4 +15,38 @@ def provision_public_ip_address
     address.ip
     # TODO catch error and return nil
   end
+
+  # Creates or reuses an OpenStack security group and opens ports.
+  #
+  # +security_group_name+ is the name to be created or reused
+  # +ports+ is a hash of name/port for ports to open, for example:
+  # {
+  #   ssh: 22,
+  #   http: 80,
+  #   https: 443
+  # }
+  def create_security_group(security_group_name, ports)
+    security_groups = fog_compute.security_groups
+    unless sg = security_groups.find { |s| s.name == security_group_name }
+      sg = fog_compute.security_groups.create(name: security_group_name, description: security_group_name)
+      puts "Created security group #{security_group_name}"
+    else
+      puts "Reusing security group #{security_group_name}"
+    end
+    ip_permissions = sg.rules
+    ports_opened = 0
+    ports.each do |name, port|
+      unless port_open?(ip_permissions, port)
+        sg.create_security_group_rule(port, port)
+        puts " -> opened #{name} port #{port}"
+        ports_opened += 1
+      end
+    end
+    puts " -> no additional ports opened" if ports_opened == 0
+    true
+  end
+
+  def port_open?(ip_permissions, port)
+    ip_permissions && ip_permissions.find {|ip| ip["from_port"] <= port && ip["to_port"] >= port }
+  end
 end