cyoi 0.8.2 → 0.8.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 36f61c51fee0e4ba9db53a34d0103b2fbf559c8d
-  data.tar.gz: a1695ed090fd51f46151b4d1515a6d7fc1797feb
+  metadata.gz: b88ef3e5f5668e5a52188ea9480a61926909c388
+  data.tar.gz: 72e166d5644c3b52427c4bfbaf22140dc8a01679
 SHA512:
-  metadata.gz: 2db327e54b76daed99683367197ab66267e9b274b57564bd941559314eb47fa05744030aa1020732ae39222437b946745524ffc5c2cd847a6fad4d0bf11a3ade
-  data.tar.gz: bb1114b3ca410bf4084493448282f43b868ad37b6b57152030d66a5b7d83255d297c83353ca639b2484c9c17aadac729fbef24b1c1909424ef3570dadb5cd1b8
+  metadata.gz: c954c0b314728d8abf4a5fa5aaa21790100c42499c6b627c32451e020f6fa8690c4f5b575c76483b99b83ea6fd72b7c09385128f1f01187e65afd2c47b948020
+  data.tar.gz: beb99edf501386f00f8d2ff7041e8a9207d715cd3d49c720534bb8b52e8959d01582456ed20d52e9441579110058a3ee2bde0059b6f645ad17fc33bfb3b33f37

data/ChangeLog.md

@@ -9,6 +9,7 @@ Cyoi (choose-your-own-infrastructure) is a library to ask an end-user to choose
 * openstack neutron - asks to select a subnet and then an available IP
 * create_security_group can take a list of ports to open [v0.8.1]
 * allow for legacy API usage of create_security_group [v0.8.2]
+* fixed create_security_group support for OpenStack & AWS [v0.8.3]
 
 ## v0.7
 

data/Guardfile

@@ -1,6 +1,6 @@
 guard "rspec", spec_paths: ["spec/unit"] do
   watch(%r{^spec/unit})
-  # watch(%r{^lib/cyoi})    { |m| "spec" }
+  watch(%r{^lib/cyoi})    { |m| "spec" }
   # watch(%r{^lib/cyoi/cli/(?:|provider_)address})    { |m| "spec/integration/cli/address" }
   watch(%r{^lib/cyoi/cli/(?:|provider_)key_pair})    { |m| "spec/unit/cli" }
 end

data/lib/cyoi/providers/clients/aws_provider_client.rb

@@ -73,6 +73,23 @@ class Cyoi::Providers::Clients::AwsProviderClient < Cyoi::Providers::Clients::Fo
     gateway.id
   end
 
+  def ip_permissions(sg)
+    sg.ip_permissions
+  end
+
+  def port_open?(ip_permissions, port_range, protocol, ip_range)
+    ip_permissions && ip_permissions.find do |ip|
+     ip["ipProtocol"] == protocol \
+     && ip["ipRanges"].detect { |range| range["cidrIp"] == ip_range } \
+     && ip["fromPort"] <= port_range.min \
+     && ip["toPort"] >= port_range.max
+    end
+  end
+
+  def authorize_port_range(sg, port_range, protocol, ip_range)
+    sg.authorize_port_range(port_range, {:ip_protocol => protocol, :cidr_ip => ip_range})
+  end
+
   def find_server_device(server, device)
     server.volumes.all.find {|v| v.device == device}
   end

data/lib/cyoi/providers/clients/fog_provider_client.rb

@@ -10,7 +10,7 @@ class Cyoi::Providers::Clients::FogProviderClient
   def initialize(attributes)
     @attributes = attributes.is_a?(Hash) ? ReadWriteSettings.new(attributes) : attributes
     raise "@attributes must be ReadWriteSettings (or Hash)" unless @attributes.is_a?(ReadWriteSettings)
-    setup_fog_connection
+    setup_fog_connection unless attributes.delete("skip_fog_setup")
   end
 
   # Implement in subclasses
@@ -129,20 +129,15 @@ class Cyoi::Providers::Clients::FogProviderClient
   end
 
   def port_open?(ip_permissions, port_range, protocol, ip_range)
-    ip_permissions && ip_permissions.find do |ip|
-      ip["ipProtocol"] == protocol \
-      && ip["ipRanges"].detect { |range| range["cidrIp"] == ip_range } \
-      && ip["fromPort"] <= port_range.min \
-      && ip["toPort"] >= port_range.max
-    end
+    raise "must implement"
   end
 
   def authorize_port_range(sg, port_range, protocol, ip_range)
-    sg.authorize_port_range(port_range, {:ip_protocol => protocol, :cidr_ip => ip_range})
+    raise "must implement"
   end
 
   def ip_permissions(sg)
-    sg.ip_permissions
+    raise "must implement"
   end
 
   # Any of the following +port_defn+ can be used:

data/lib/cyoi/providers/clients/openstack_provider_client.rb

@@ -69,19 +69,19 @@ class Cyoi::Providers::Clients::OpenStackProviderClient < Cyoi::Providers::Clien
     sg.security_group_rules
   end
 
-  # Hook method for FogProviderClient#create_security_group
   def port_open?(ip_permissions, port_range, protocol, ip_range)
     ip_permissions && ip_permissions.find do |ip|
-      ip["ip_protocol"] == protocol \
-      && ip["ip_range"].select { |range| range["cidr"] == ip_range } \
-      && ip["from_port"] <= port_range.min \
-      && ip["to_port"] >= port_range.max
+      ip.ip_protocol == protocol \
+      && ip.ip_range["cidr"] == ip_range \
+      && ip.from_port <= port_range.min \
+      && ip.to_port >= port_range.max
     end
   end
 
   # Hook method for FogProviderClient#create_security_group
   def authorize_port_range(sg, port_range, protocol, ip_range)
-    sg.create_security_group_rule(port_range.min, port_range.max, protocol, ip_range)
+    rules = ip_permissions(sg)
+    rules.create(from_port: port_range.min, to_port: port_range.max, ip_range: {"cidr" => ip_range}, ip_protocol: protocol)
   end
 
   def find_server_device(server, device)

data/lib/cyoi/version.rb

@@ -1,3 +1,3 @@
 module Cyoi
-  VERSION = "0.8.2"
+  VERSION = "0.8.3"
 end

data/spec/unit/providers/clients/{fog_provider_client_spec.rb → aws_provider_client_spec.rb}

@@ -1,23 +1,19 @@
-require "cyoi/providers/clients/fog_provider_client"
-require "fog/openstack/models/compute/security_groups"
+require "cyoi/providers/clients/aws_provider_client"
+require "fog/aws/models/compute/security_group"
+require "fog/aws/models/compute/security_groups"
 
-describe Cyoi::Providers::Clients::FogProviderClient do
+describe Cyoi::Providers::Clients::AwsProviderClient do
   let(:provider_attributes) do
     {
-      "name" => "openstack",
-      "credentials" => {
-        "openstack_username" => "USERNAME",
-        "openstack_api_key" => "PASSWORD",
-        "openstack_tenant" => "TENANT",
-        "openstack_auth_url" => "http://someurl.com/v2/tokens",
-        "openstack_region" => "REGION"
-      }
+      "name" => "aws",
+      "credentials" => {},
+      "skip_fog_setup" => true
     }
   end
-  let(:fog_compute) { instance_double("Fog::Compute::OpenStack::Real") }
-  let(:security_groups) { instance_double("Fog::Compute::OpenStack::SecurityGroups") }
-  let(:security_group) { instance_double("Fog::Compute::OpenStack::SecurityGroup") }
-  subject { Cyoi::Providers::Clients::FogProviderClient.new(provider_attributes) }
+  let(:fog_compute) { instance_double("Fog::Compute::AWS::Real") }
+  let(:security_groups) { instance_double("Fog::Compute::AWS::SecurityGroups") }
+  let(:security_group) { instance_double("Fog::Compute::AWS::SecurityGroup") }
+  subject { Cyoi::Providers::Clients::AwsProviderClient.new(provider_attributes) }
 
   before do
     expect(subject).to receive(:fog_compute).at_least(1).times.and_return(fog_compute)
@@ -75,7 +71,7 @@ describe Cyoi::Providers::Clients::FogProviderClient do
       expect(fog_compute).to receive(:security_groups).and_return(security_groups)
       expect(security_groups).to receive(:find).and_return(security_group)
       expect(subject).to receive(:puts).with("Reusing security group foo")
-      expect(security_group).to receive(:ip_permissions).and_return([{"fromPort"=>22, "toPort"=>22, "ipRanges"=>[{"cidrIp" => "0.0.0.0/0"}], "ipProtocol"=>"tcp"}])
+      expect(security_group).to receive(:ip_permissions).and_return([{"fromPort" => 22, "toPort" => 22, "ipRanges" => [{"cidrIp" => "0.0.0.0/0"}], "ipProtocol" => "tcp"}])
       expect(subject).to receive(:puts).with(" -> no additional ports opened")
 
       subject.create_security_group("foo", "foo", 22)

data/spec/unit/providers/clients/openstack_provider_client_spec.rb

@@ -1,5 +1,8 @@
 require "fog"
 require "fog/openstack"
+require "fog/openstack/models/compute/security_groups"
+require "fog/openstack/models/compute/security_group_rule"
+require "fog/openstack/models/compute/security_group_rules"
 require 'fog/openstack/models/network/subnets'
 require "cyoi/providers"
 
@@ -14,7 +17,8 @@ describe "cyoi address openstack" do
         "openstack_tenant" => "TENANT",
         "openstack_auth_url" => "http://someurl.com/v2/tokens",
         "openstack_region" => "REGION"
-      }
+      },
+      "skip_fog_setup" => true
     }
   end
 
@@ -107,4 +111,118 @@ describe "cyoi address openstack" do
       end
     end
   end
+
+  describe "create_security_group" do
+    let(:security_groups) { instance_double("Fog::Compute::OpenStack::SecurityGroups") }
+    let(:security_group) { instance_double("Fog::Compute::OpenStack::SecurityGroup") }
+    let(:security_group_rules) { instance_double("Fog::Compute::OpenStack::SecurityGroupRules") }
+    let(:security_group_rule) { instance_double("Fog::Compute::OpenStack::SecurityGroupRule",
+      from_port: 22, to_port: 22, ip_range: [{"cidrIp" => "0.0.0.0/0"}], ip_protocol: "tcp") }
+
+    before do
+      expect(subject).to receive(:fog_compute).at_least(1).times.and_return(fog_compute)
+    end
+
+    it "add new single port to new SecurityGroup" do
+      expect(fog_compute).to receive(:security_groups).twice.and_return(security_groups)
+      expect(security_groups).to receive(:find).and_return(nil)
+      expect(security_groups).to receive(:create).with(name: "foo", description: "foo").and_return(security_group)
+      expect(subject).to receive(:puts).with("Created security group foo")
+      expect(security_group).to receive(:security_group_rules).twice.and_return(security_group_rules)
+      expect(security_group_rules).to receive(:find)
+      expect(security_group_rules).to receive(:create).with(from_port: 22, to_port: 22, ip_protocol: "tcp", ip_range: {"cidr" => "0.0.0.0/0"})
+      expect(subject).to receive(:puts).with(" -> opened foo ports TCP 22..22 from IP range 0.0.0.0/0")
+
+      subject.create_security_group("foo", "foo", 22)
+    end
+
+    it "add new single port by integer to existing SecurityGroup" do
+      expect(fog_compute).to receive(:security_groups).and_return(security_groups)
+      expect(security_groups).to receive(:find).and_return(security_group)
+      expect(subject).to receive(:puts).with("Reusing security group foo")
+      expect(security_group).to receive(:security_group_rules).twice.and_return(security_group_rules)
+      expect(security_group_rules).to receive(:find)
+      expect(security_group_rules).to receive(:create).with(from_port: 22, to_port: 22, ip_protocol: "tcp", ip_range: {"cidr" => "0.0.0.0/0"})
+      expect(subject).to receive(:puts).with(" -> opened foo ports TCP 22..22 from IP range 0.0.0.0/0")
+
+      subject.create_security_group("foo", "foo", 22)
+    end
+
+    context 'legacy API used by old bosh-bootstrap - allow :ports key' do
+      it "add new single port by :ports key to existing SecurityGroup" do
+        expect(fog_compute).to receive(:security_groups).and_return(security_groups)
+        expect(security_groups).to receive(:find).and_return(security_group)
+        expect(subject).to receive(:puts).with("Reusing security group foo")
+      expect(security_group).to receive(:security_group_rules).twice.and_return(security_group_rules)
+      expect(security_group_rules).to receive(:find)
+      expect(security_group_rules).to receive(:create).with(from_port: 22, to_port: 22, ip_protocol: "tcp", ip_range: {"cidr" => "0.0.0.0/0"})
+        expect(subject).to receive(:puts).with(" -> opened foo ports TCP 22..22 from IP range 0.0.0.0/0")
+
+        subject.create_security_group("foo", "foo", ports: 22)
+      end
+
+    it "add UDP ports by :ports key" do
+      expect(fog_compute).to receive(:security_groups).and_return(security_groups)
+      expect(security_groups).to receive(:find).and_return(security_group)
+      expect(subject).to receive(:puts).with("Reusing security group foo")
+      expect(security_group).to receive(:security_group_rules).twice.and_return(security_group_rules)
+      expect(security_group_rules).to receive(:find)
+      expect(security_group_rules).to receive(:create).with(from_port: 53, to_port: 53, ip_protocol: "udp", ip_range: {"cidr" => "0.0.0.0/0"})
+      expect(subject).to receive(:puts).with(" -> opened foo ports UDP 53..53 from IP range 0.0.0.0/0")
+
+      subject.create_security_group("foo", "foo", ports: { protocol: "udp", ports: (53..53) })
+    end
+    end
+
+    it "add skip existing single port on existing SecurityGroup" do
+      expect(fog_compute).to receive(:security_groups).and_return(security_groups)
+      expect(security_groups).to receive(:find).and_return(security_group)
+      expect(subject).to receive(:puts).with("Reusing security group foo")
+      expect(security_group).to receive(:security_group_rules).and_return(security_group_rules)
+      expect(security_group_rules).to receive(:find).and_return(security_group_rule)
+      expect(subject).to receive(:puts).with(" -> no additional ports opened")
+
+      subject.create_security_group("foo", "foo", 22)
+    end
+
+    it "add new range of ports" do
+      expect(fog_compute).to receive(:security_groups).and_return(security_groups)
+      expect(security_groups).to receive(:find).and_return(security_group)
+      expect(subject).to receive(:puts).with("Reusing security group foo")
+      expect(security_group).to receive(:security_group_rules).twice.and_return(security_group_rules)
+      expect(security_group_rules).to receive(:find)
+      expect(security_group_rules).to receive(:create).with(from_port: 60000, to_port: 60050, ip_protocol: "tcp", ip_range: {"cidr" => "0.0.0.0/0"})
+      expect(subject).to receive(:puts).with(" -> opened foo ports TCP 60000..60050 from IP range 0.0.0.0/0")
+
+      subject.create_security_group("foo", "foo", ports: 60000..60050)
+    end
+
+    it "add UDP ports" do
+      expect(fog_compute).to receive(:security_groups).and_return(security_groups)
+      expect(security_groups).to receive(:find).and_return(security_group)
+      expect(subject).to receive(:puts).with("Reusing security group foo")
+      expect(security_group).to receive(:security_group_rules).twice.and_return(security_group_rules)
+      expect(security_group_rules).to receive(:find)
+      expect(security_group_rules).to receive(:create).with(from_port: 53, to_port: 53, ip_protocol: "udp", ip_range: {"cidr" => "0.0.0.0/0"})
+      expect(subject).to receive(:puts).with(" -> opened foo ports UDP 53..53 from IP range 0.0.0.0/0")
+
+      subject.create_security_group("foo", "foo", { protocol: "udp", ports: (53..53) })
+    end
+
+    it "add list of unrelated ports" do
+      expect(fog_compute).to receive(:security_groups).and_return(security_groups)
+      expect(security_groups).to receive(:find).and_return(security_group)
+      expect(subject).to receive(:puts).with("Reusing security group foo")
+      expect(security_group).to receive(:security_group_rules).at_least(1).times.and_return(security_group_rules)
+      expect(security_group_rules).to receive(:find).at_least(1).times
+      expect(security_group_rules).to receive(:create).with(from_port: 22, to_port: 22, ip_protocol: "tcp", ip_range: {"cidr" => "0.0.0.0/0"})
+      expect(security_group_rules).to receive(:create).with(from_port: 443, to_port: 443, ip_protocol: "tcp", ip_range: {"cidr" => "0.0.0.0/0"})
+      expect(security_group_rules).to receive(:create).with(from_port: 4443, to_port: 4443, ip_protocol: "tcp", ip_range: {"cidr" => "0.0.0.0/0"})
+      expect(subject).to receive(:puts).with(" -> opened foo ports TCP 22..22 from IP range 0.0.0.0/0")
+      expect(subject).to receive(:puts).with(" -> opened foo ports TCP 443..443 from IP range 0.0.0.0/0")
+      expect(subject).to receive(:puts).with(" -> opened foo ports TCP 4443..4443 from IP range 0.0.0.0/0")
+
+      subject.create_security_group("foo", "foo", [22, 443, 4443])
+    end
+  end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cyoi
 version: !ruby/object:Gem::Version
-  version: 0.8.2
+  version: 0.8.3
 platform: ruby
 authors:
 - Dr Nic Williams
@@ -192,7 +192,7 @@ files:
 - spec/unit/.gitkeep
 - spec/unit/cli/image_spec.rb
 - spec/unit/cli/key_pair_spec.rb
-- spec/unit/providers/clients/fog_provider_client_spec.rb
+- spec/unit/providers/clients/aws_provider_client_spec.rb
 - spec/unit/providers/clients/openstack_provider_client_spec.rb
 homepage: https://github.com/drnic/cyoi
 licenses:
@@ -240,5 +240,5 @@ test_files:
 - spec/unit/.gitkeep
 - spec/unit/cli/image_spec.rb
 - spec/unit/cli/key_pair_spec.rb
-- spec/unit/providers/clients/fog_provider_client_spec.rb
+- spec/unit/providers/clients/aws_provider_client_spec.rb
 - spec/unit/providers/clients/openstack_provider_client_spec.rb