cyoi 0.8.0 → 0.8.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a3fba8bd87ffbf411952d31cf1c8e9cabfcf8cd0
-  data.tar.gz: 55688a09f5dba6f443ed83330eef6c0bc46349f1
+  metadata.gz: 36f61c51fee0e4ba9db53a34d0103b2fbf559c8d
+  data.tar.gz: a1695ed090fd51f46151b4d1515a6d7fc1797feb
 SHA512:
-  metadata.gz: 6e5c897fccb38b5fb9ded020a03bd5bdb1b28346ec41945d5d63fb4d331b4f2fea8fc1d929a05b06c1484c748c1b83faaec41ee8c95568502174f6fa0fc988e8
-  data.tar.gz: 08208b223d39521fa851a1767716c3e6c4b25242aa46917fb6438c1bc2aeb741217a4284d0121e6aef9630e7120e31d4b6169de04c2fc17f846a194407a9a53e
+  metadata.gz: 2db327e54b76daed99683367197ab66267e9b274b57564bd941559314eb47fa05744030aa1020732ae39222437b946745524ffc5c2cd847a6fad4d0bf11a3ade
+  data.tar.gz: bb1114b3ca410bf4084493448282f43b868ad37b6b57152030d66a5b7d83255d297c83353ca639b2484c9c17aadac729fbef24b1c1909424ef3570dadb5cd1b8

data/ChangeLog.md

@@ -7,6 +7,8 @@ Cyoi (choose-your-own-infrastructure) is a library to ask an end-user to choose
 * openstack - detection of nova vs neutron networking
 * openstack nova - continues to provision a floating IP
 * openstack neutron - asks to select a subnet and then an available IP
+* create_security_group can take a list of ports to open [v0.8.1]
+* allow for legacy API usage of create_security_group [v0.8.2]
 
 ## v0.7
 

data/lib/cyoi/providers/clients/fog_provider_client.rb

@@ -13,8 +13,8 @@ class Cyoi::Providers::Clients::FogProviderClient
     setup_fog_connection
   end
 
+  # Implement in subclasses
   def setup_fog_connection
-    raise "must implement"
   end
 
   def create_key_pair(key_pair_name)
@@ -80,26 +80,21 @@ class Cyoi::Providers::Clients::FogProviderClient
   # Creates or reuses an security group and opens ports.
   #
   # +security_group_name+ is the name to be created or reused
-  # +ports+ is a hash of name/port for ports to open, for example:
-  # {
-  #   ssh: 22,
-  #   http: 80,
-  #   https: 443
-  # }
+  # +ports+ is a hash of name/port for ports to open
+  #
   # protocol defaults to TCP
   # You can also use a more verbose +ports+ using the format:
-  # {
-  #   ssh: 22,
-  #   http: { ports: (80..82) },
-  #   mosh: { protocol: "udp", ports: (60000..60050) }
-  #   mosh: { protocol: "rdp", ports: (3398..3398), ip_ranges: [ { cidrIp: "196.212.12.34/32" } ] }
-  # }
+  # * 22,
+  # * { ports: (80..82) },
+  # * { protocol: "udp", ports: (60000..60050) }
+  # * { protocol: "rdp", ports: (3398..3398), ip_ranges: [ { cidrIp: "196.212.12.34/32" } ] }
+  #
   # In this example, 
   #  * TCP 22 will be opened for ssh from any ip_range,
   #  * TCP ports 80, 81, 82 for http from any ip_range,
   #  * UDP 60000 -> 60050 for mosh from any ip_range and
   #  * TCP 3398 for RDP from ip range: 96.212.12.34/32
-  def create_security_group(security_group_name, description, ports)
+  def create_security_group(security_group_name, description, defns)
     security_groups = fog_compute.security_groups
     unless sg = security_groups.find { |s| s.name == security_group_name }
       sg = fog_compute.security_groups.create(name: security_group_name, description: description)
@@ -109,12 +104,24 @@ class Cyoi::Providers::Clients::FogProviderClient
     end
     ip_permissions = ip_permissions(sg)
     ports_opened = 0
-    ports.each do |name, port_defn|
-      (protocol, port_range, ip_range) = extract_port_definition(port_defn)
-      unless port_open?(ip_permissions, port_range, protocol, ip_range)
-        authorize_port_range(sg, port_range, protocol, ip_range)
-        puts " -> opened #{name} ports #{protocol.upcase} #{port_range.min}..#{port_range.max} from IP range #{ip_range}"
-        ports_opened += 1
+
+    # Unnest { ports: 22 } and { ports: { ports: 22..22 }} legacy inputs
+    if defns.is_a?(Hash) && defns[:ports].is_a?(Hash)
+      defns = defns[:ports]
+    end
+
+    unless defns.is_a?(Array)
+      defns = [defns]
+    end
+    defns.each do |port_defn|
+      port_defns = port_defn.is_a?(Array) ? port_defn : [port_defn]
+      port_defns.each do |port_defn|
+        (protocol, port_range, ip_range) = extract_port_definition(port_defn)
+        unless port_open?(ip_permissions, port_range, protocol, ip_range)
+          authorize_port_range(sg, port_range, protocol, ip_range)
+          puts " -> opened #{security_group_name} ports #{protocol.upcase} #{port_range.min}..#{port_range.max} from IP range #{ip_range}"
+          ports_opened += 1
+        end
       end
     end
     puts " -> no additional ports opened" if ports_opened == 0
@@ -122,7 +129,7 @@ class Cyoi::Providers::Clients::FogProviderClient
   end
 
   def port_open?(ip_permissions, port_range, protocol, ip_range)
-    ip_permissions && ip_permissions.find do |ip| 
+    ip_permissions && ip_permissions.find do |ip|
       ip["ipProtocol"] == protocol \
       && ip["ipRanges"].detect { |range| range["cidrIp"] == ip_range } \
       && ip["fromPort"] <= port_range.min \
@@ -160,6 +167,9 @@ class Cyoi::Providers::Clients::FogProviderClient
     elsif port_defn.is_a? Hash
       protocol = port_defn[:protocol] if port_defn[:protocol]
       port_range = port_defn[:ports]  if port_defn[:ports]
+      if port_range.is_a? Integer
+        port_range = (port_range..port_range)
+      end
       ip_range = port_defn[:ip_range] if port_defn[:ip_range]
     end
     [protocol, port_range, ip_range]

data/lib/cyoi/providers/clients/openstack_provider_client.rb

@@ -66,7 +66,7 @@ class Cyoi::Providers::Clients::OpenStackProviderClient < Cyoi::Providers::Clien
 
   # Hook method for FogProviderClient#create_security_group
   def ip_permissions(sg)
-    sg.rules
+    sg.security_group_rules
   end
 
   # Hook method for FogProviderClient#create_security_group

data/lib/cyoi/version.rb

@@ -1,3 +1,3 @@
 module Cyoi
-  VERSION = "0.8.0"
+  VERSION = "0.8.2"
 end

data/spec/unit/providers/clients/fog_provider_client_spec.rb

@@ -0,0 +1,121 @@
+require "cyoi/providers/clients/fog_provider_client"
+require "fog/openstack/models/compute/security_groups"
+
+describe Cyoi::Providers::Clients::FogProviderClient do
+  let(:provider_attributes) do
+    {
+      "name" => "openstack",
+      "credentials" => {
+        "openstack_username" => "USERNAME",
+        "openstack_api_key" => "PASSWORD",
+        "openstack_tenant" => "TENANT",
+        "openstack_auth_url" => "http://someurl.com/v2/tokens",
+        "openstack_region" => "REGION"
+      }
+    }
+  end
+  let(:fog_compute) { instance_double("Fog::Compute::OpenStack::Real") }
+  let(:security_groups) { instance_double("Fog::Compute::OpenStack::SecurityGroups") }
+  let(:security_group) { instance_double("Fog::Compute::OpenStack::SecurityGroup") }
+  subject { Cyoi::Providers::Clients::FogProviderClient.new(provider_attributes) }
+
+  before do
+    expect(subject).to receive(:fog_compute).at_least(1).times.and_return(fog_compute)
+  end
+
+  describe "create_security_group" do
+    it "add new single port to new SecurityGroup" do
+      expect(fog_compute).to receive(:security_groups).twice.and_return(security_groups)
+      expect(security_groups).to receive(:find).and_return(nil)
+      expect(security_groups).to receive(:create).with(name: "foo", description: "foo").and_return(security_group)
+      expect(subject).to receive(:puts).with("Created security group foo")
+      expect(security_group).to receive(:ip_permissions)
+      expect(security_group).to receive(:authorize_port_range).with(22..22, {:ip_protocol=>"tcp", :cidr_ip=>"0.0.0.0/0"})
+      expect(subject).to receive(:puts).with(" -> opened foo ports TCP 22..22 from IP range 0.0.0.0/0")
+
+      subject.create_security_group("foo", "foo", 22)
+    end
+
+    it "add new single port by integer to existing SecurityGroup" do
+      expect(fog_compute).to receive(:security_groups).and_return(security_groups)
+      expect(security_groups).to receive(:find).and_return(security_group)
+      expect(subject).to receive(:puts).with("Reusing security group foo")
+      expect(security_group).to receive(:ip_permissions)
+      expect(security_group).to receive(:authorize_port_range).with(22..22, {:ip_protocol=>"tcp", :cidr_ip=>"0.0.0.0/0"})
+      expect(subject).to receive(:puts).with(" -> opened foo ports TCP 22..22 from IP range 0.0.0.0/0")
+
+      subject.create_security_group("foo", "foo", 22)
+    end
+
+    context 'legacy API used by old bosh-bootstrap - allow :ports key' do
+      it "add new single port by :ports key to existing SecurityGroup" do
+        expect(fog_compute).to receive(:security_groups).and_return(security_groups)
+        expect(security_groups).to receive(:find).and_return(security_group)
+        expect(subject).to receive(:puts).with("Reusing security group foo")
+        expect(security_group).to receive(:ip_permissions)
+        expect(security_group).to receive(:authorize_port_range).with(22..22, {:ip_protocol=>"tcp", :cidr_ip=>"0.0.0.0/0"})
+        expect(subject).to receive(:puts).with(" -> opened foo ports TCP 22..22 from IP range 0.0.0.0/0")
+
+        subject.create_security_group("foo", "foo", ports: 22)
+      end
+
+    it "add UDP ports by :ports key" do
+      expect(fog_compute).to receive(:security_groups).and_return(security_groups)
+      expect(security_groups).to receive(:find).and_return(security_group)
+      expect(subject).to receive(:puts).with("Reusing security group foo")
+      expect(security_group).to receive(:ip_permissions)
+      expect(security_group).to receive(:authorize_port_range).with(53..53, {:ip_protocol=>"udp", :cidr_ip=>"0.0.0.0/0"})
+      expect(subject).to receive(:puts).with(" -> opened foo ports UDP 53..53 from IP range 0.0.0.0/0")
+
+      subject.create_security_group("foo", "foo", ports: { protocol: "udp", ports: (53..53) })
+    end
+    end
+
+    it "add skip existing single port on existing SecurityGroup" do
+      expect(fog_compute).to receive(:security_groups).and_return(security_groups)
+      expect(security_groups).to receive(:find).and_return(security_group)
+      expect(subject).to receive(:puts).with("Reusing security group foo")
+      expect(security_group).to receive(:ip_permissions).and_return([{"fromPort"=>22, "toPort"=>22, "ipRanges"=>[{"cidrIp" => "0.0.0.0/0"}], "ipProtocol"=>"tcp"}])
+      expect(subject).to receive(:puts).with(" -> no additional ports opened")
+
+      subject.create_security_group("foo", "foo", 22)
+    end
+
+    it "add new range of ports" do
+      expect(fog_compute).to receive(:security_groups).and_return(security_groups)
+      expect(security_groups).to receive(:find).and_return(security_group)
+      expect(subject).to receive(:puts).with("Reusing security group foo")
+      expect(security_group).to receive(:ip_permissions)
+      expect(security_group).to receive(:authorize_port_range).with(60000..60050, {:ip_protocol=>"tcp", :cidr_ip=>"0.0.0.0/0"})
+      expect(subject).to receive(:puts).with(" -> opened foo ports TCP 60000..60050 from IP range 0.0.0.0/0")
+
+      subject.create_security_group("foo", "foo", ports: 60000..60050)
+    end
+
+    it "add UDP ports" do
+      expect(fog_compute).to receive(:security_groups).and_return(security_groups)
+      expect(security_groups).to receive(:find).and_return(security_group)
+      expect(subject).to receive(:puts).with("Reusing security group foo")
+      expect(security_group).to receive(:ip_permissions)
+      expect(security_group).to receive(:authorize_port_range).with(53..53, {:ip_protocol=>"udp", :cidr_ip=>"0.0.0.0/0"})
+      expect(subject).to receive(:puts).with(" -> opened foo ports UDP 53..53 from IP range 0.0.0.0/0")
+
+      subject.create_security_group("foo", "foo", { protocol: "udp", ports: (53..53) })
+    end
+
+    it "add list of unrelated ports" do
+      expect(fog_compute).to receive(:security_groups).and_return(security_groups)
+      expect(security_groups).to receive(:find).and_return(security_group)
+      expect(subject).to receive(:puts).with("Reusing security group foo")
+      expect(security_group).to receive(:ip_permissions)
+      expect(security_group).to receive(:authorize_port_range).with(22..22, {:ip_protocol=>"tcp", :cidr_ip=>"0.0.0.0/0"})
+      expect(security_group).to receive(:authorize_port_range).with(443..443, {:ip_protocol=>"tcp", :cidr_ip=>"0.0.0.0/0"})
+      expect(security_group).to receive(:authorize_port_range).with(4443..4443, {:ip_protocol=>"tcp", :cidr_ip=>"0.0.0.0/0"})
+      expect(subject).to receive(:puts).with(" -> opened foo ports TCP 22..22 from IP range 0.0.0.0/0")
+      expect(subject).to receive(:puts).with(" -> opened foo ports TCP 443..443 from IP range 0.0.0.0/0")
+      expect(subject).to receive(:puts).with(" -> opened foo ports TCP 4443..4443 from IP range 0.0.0.0/0")
+
+      subject.create_security_group("foo", "foo", [22, 443, 4443])
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cyoi
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.8.2
 platform: ruby
 authors:
 - Dr Nic Williams
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-02-06 00:00:00.000000000 Z
+date: 2014-02-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: fog
@@ -192,6 +192,7 @@ files:
 - spec/unit/.gitkeep
 - spec/unit/cli/image_spec.rb
 - spec/unit/cli/key_pair_spec.rb
+- spec/unit/providers/clients/fog_provider_client_spec.rb
 - spec/unit/providers/clients/openstack_provider_client_spec.rb
 homepage: https://github.com/drnic/cyoi
 licenses:
@@ -239,4 +240,5 @@ test_files:
 - spec/unit/.gitkeep
 - spec/unit/cli/image_spec.rb
 - spec/unit/cli/key_pair_spec.rb
+- spec/unit/providers/clients/fog_provider_client_spec.rb
 - spec/unit/providers/clients/openstack_provider_client_spec.rb