Permalink
Browse files

Automatically create security groups, ensuring that at the very least…

… port 22 is opened


Fixes #11
  • Loading branch information...
1 parent ac5a419 commit c777836df76b90ceda113e8d460ce51214545ff7 @rtyler committed May 20, 2012
Showing with 62 additions and 3 deletions.
  1. +3 −1 lib/blimpy/box.rb
  2. +3 −1 lib/blimpy/boxes/aws.rb
  3. +21 −0 lib/blimpy/securitygroups.rb
  4. +1 −1 lib/blimpy/version.rb
  5. +34 −0 spec/blimpy/securitygroups_spec.rb
View
@@ -1,14 +1,15 @@
require 'blimpy/helpers/state'
require 'blimpy/livery'
require 'blimpy/keys'
+require 'blimpy/securitygroups'
require 'blimpy/boxes'
module Blimpy
class Box
include Blimpy::Helpers::State
attr_reader :allowed_regions, :region
- attr_accessor :image_id, :flavor, :group
+ attr_accessor :image_id, :flavor, :group, :ports
attr_accessor :name, :tags, :fleet_id, :username, :livery
@@ -33,6 +34,7 @@ def initialize(server=nil)
@group = nil
@name = 'Unnamed Box'
@tags = {}
+ @ports = []
@server = server
@fleet_id = 0
@ssh_connected = false
View
@@ -46,10 +46,12 @@ def create_host
tags = @tags.merge({:Name => @name, :CreatedBy => 'Blimpy', :BlimpyFleetId => @fleet_id})
Blimpy::Keys.import_key(fog)
+ generated_group = Blimpy::SecurityGroups.ensure_group(fog, @ports + [22])
+ groups = [@group, generated_group].compact
fog.servers.create(:image_id => @image_id,
:flavor_id => @flavor,
:key_name => Blimpy::Keys.key_name,
- :groups => [@group],
+ :groups => groups,
:tags => tags)
end
end
@@ -12,5 +12,26 @@ def self.group_id(ports)
# Lolwut, #hash is inconsistent between ruby processes
"Blimpy-#{Zlib.crc32(ports.inspect)}"
end
+
+ def self.ensure_group(fog, ports)
+ name = group_id(ports)
+
+ exists = fog.security_groups.get(name)
+
+ if exists.nil?
+ create_group(fog, ports)
+ end
+ name
+ end
+
+ def self.create_group(fog, ports)
+ name = group_id(ports)
+ group = fog.security_groups.create(:name => name,
+ :description => "Custom Blimpy security group for #{ports.inspect}")
+ ports.each do |port|
+ group.authorize_port_range(port .. port)
+ end
+ group.save
+ end
end
end
View
@@ -1,3 +1,3 @@
module Blimpy
- VERSION = "0.3.4"
+ VERSION = "0.3.5"
end
@@ -2,6 +2,9 @@
require 'blimpy/securitygroups'
describe Blimpy::SecurityGroups do
+ let(:fog) { mock('Fog object') }
+ let(:ports) { [22, 8080] }
+
describe '#group_id' do
it 'should return nil for an empty port Array' do
subject.group_id([]).should be_nil
@@ -19,4 +22,35 @@
end
end
end
+
+ describe '#ensure_group' do
+ context 'for a group that exists' do
+ it 'should bail and not try to create the group' do
+ fog.stub_chain(:security_groups, :get).and_return(true)
+ subject.should_receive(:create_group).never
+ subject.should_receive(:group_id).and_return('fake-id')
+ name = subject.ensure_group(fog, ports)
+ name.should == 'fake-id'
+ end
+ end
+
+ context "for a group that doesn't exist" do
+ it 'should create the group' do
+ fog.stub_chain(:security_groups, :get).and_return(nil)
+ subject.should_receive(:create_group).once
+ subject.ensure_group(fog, ports)
+ end
+ end
+ end
+
+ describe '#create_group' do
+ let(:group) { mock('Fog SecurityGroup') }
+ it 'should authorize the port ranges for every port' do
+ fog.stub_chain(:security_groups, :create).and_return(group)
+ group.should_receive(:authorize_port_range).with(22..22)
+ group.should_receive(:authorize_port_range).with(8080..8080)
+ group.should_receive(:save)
+ subject.create_group(fog, ports)
+ end
+ end
end

0 comments on commit c777836

Please sign in to comment.