mirror of
https://github.com/fog/fog-aws.git
synced 2022-11-09 13:50:52 -05:00
Merge pull request #356 from engineyard/authorize-vpc-to-rds-sg
Authorize vpc to rds sg
This commit is contained in:
Josh Lane
GitHub
commit
75184e8d38
7 changed files with 59 additions and 22 deletions
|
|
@ -29,8 +29,9 @@ module Fog
|
|||
|
||||
# group_owner_id defaults to the current owner_id
|
||||
def authorize_ec2_security_group(group_name, group_owner_id=owner_id)
|
||||
key = group_name.match(/^sg-/) ? 'EC2SecurityGroupId' : 'EC2SecurityGroupName'
|
||||
authorize_ingress({
|
||||
'EC2SecurityGroupName' => group_name,
|
||||
key => group_name,
|
||||
'EC2SecurityGroupOwnerId' => group_owner_id
|
||||
})
|
||||
end
|
||||
|
|
@ -56,8 +57,9 @@ module Fog
|
|||
|
||||
# group_owner_id defaults to the current owner_id
|
||||
def revoke_ec2_security_group(group_name, group_owner_id=owner_id)
|
||||
key = group_name.match(/^sg-/) ? 'EC2SecurityGroupId' : 'EC2SecurityGroupName'
|
||||
revoke_ingress({
|
||||
'EC2SecurityGroupName' => group_name,
|
||||
key => group_name,
|
||||
'EC2SecurityGroupOwnerId' => group_owner_id
|
||||
})
|
||||
end
|
||||
|
|
|
|||
|
|
@ -164,7 +164,7 @@ module Fog
|
|||
@data = nil
|
||||
end
|
||||
|
||||
attr_accessor :region
|
||||
attr_accessor :region, :aws_access_key_id
|
||||
|
||||
def initialize(options={})
|
||||
@use_iam_profile = options[:use_iam_profile]
|
||||
|
|
|
|||
|
|
@ -15,8 +15,8 @@ module Fog
|
|||
# * response<~Excon::Response>:
|
||||
# * body<~Hash>:
|
||||
def authorize_db_security_group_ingress(name, opts={})
|
||||
unless opts.key?('CIDRIP') || (opts.key?('EC2SecurityGroupName') && opts.key?('EC2SecurityGroupOwnerId'))
|
||||
raise ArgumentError, 'Must specify CIDRIP, or both EC2SecurityGroupName and EC2SecurityGroupOwnerId'
|
||||
unless opts.key?('CIDRIP') || ((opts.key?('EC2SecurityGroupName') || opts.key?('EC2SecurityGroupId')) && opts.key?('EC2SecurityGroupOwnerId'))
|
||||
raise ArgumentError, 'Must specify CIDRIP, or one of EC2SecurityGroupName or EC2SecurityGroupId, and EC2SecurityGroupOwnerId'
|
||||
end
|
||||
|
||||
request({
|
||||
|
|
@ -29,8 +29,13 @@ module Fog
|
|||
|
||||
class Mock
|
||||
def authorize_db_security_group_ingress(name, opts = {})
|
||||
unless opts.key?('CIDRIP') || (opts.key?('EC2SecurityGroupName') && opts.key?('EC2SecurityGroupOwnerId'))
|
||||
raise ArgumentError, 'Must specify CIDRIP, or both EC2SecurityGroupName and EC2SecurityGroupOwnerId'
|
||||
unless opts.key?('CIDRIP') || ((opts.key?('EC2SecurityGroupName') || opts.key?('EC2SecurityGroupId')) && opts.key?('EC2SecurityGroupOwnerId'))
|
||||
raise ArgumentError, 'Must specify CIDRIP, or one of EC2SecurityGroupName or EC2SecurityGroupId, and EC2SecurityGroupOwnerId'
|
||||
end
|
||||
|
||||
if ec2_security_group_id = opts.delete("EC2SecurityGroupId")
|
||||
ec2_security_group = (Fog::Compute::AWS::Mock.data[self.region][self.aws_access_key_id][:security_groups] || {}).values.detect { |sg| sg['groupId'] == ec2_security_group_id }
|
||||
opts['EC2SecurityGroupName'] = ec2_security_group['groupName']
|
||||
end
|
||||
|
||||
response = Excon::Response.new
|
||||
|
|
@ -42,7 +47,7 @@ module Fog
|
|||
end
|
||||
sec_group['IPRanges'] << opts.merge({"Status" => 'authorizing'})
|
||||
else
|
||||
if sec_group['EC2SecurityGroups'].find{|h| h['EC2SecurityGroupName'] == opts['EC2SecurityGroupName']}
|
||||
if sec_group['EC2SecurityGroups'].find{|h| h['EC2SecurityGroupName'] == opts['EC2SecurityGroupName'] || h['EC2SecurityGroupId'] == opts['EC2SecurityGroupId']}
|
||||
raise Fog::AWS::RDS::AuthorizationAlreadyExists.new("AuthorizationAlreadyExists => #{opts['EC2SecurityGroupName']} is alreay defined")
|
||||
end
|
||||
sec_group['EC2SecurityGroups'] << opts.merge({"Status" => 'authorizing'})
|
||||
|
|
|
|||
|
|
@ -31,15 +31,14 @@ module Fog
|
|||
end
|
||||
|
||||
# collection = Fog::Compute::AWS.new(:aws_access_key_id => 'mock key', :aws_secret_access_key => 'mock secret')
|
||||
collection = Fog::Compute[:aws]
|
||||
collection.region = @region
|
||||
compute_data = Fog::Compute::AWS::Mock.data[self.region][self.aws_access_key_id]
|
||||
|
||||
subnets = subnet_ids.map do |snid|
|
||||
subnet = collection.subnets.get(snid)
|
||||
subnet = compute_data[:subnets].detect { |s| s['subnetId'] == snid }
|
||||
raise Fog::AWS::RDS::NotFound.new("InvalidSubnet => The subnet '#{snid}' was not found") if subnet.nil?
|
||||
subnet
|
||||
end
|
||||
vpc_id = subnets.first.vpc_id
|
||||
vpc_id = subnets.first['vpcId']
|
||||
|
||||
data = {
|
||||
'DBSubnetGroupName' => name,
|
||||
|
|
|
|||
|
|
@ -26,6 +26,8 @@ module Fog
|
|||
raise Fog::AWS::RDS::NotFound.new("DBSubnetGroupNotFound => The subnet group '#{name}' doesn't exists")
|
||||
end
|
||||
|
||||
self.data[:subnet_groups].delete(name)
|
||||
|
||||
response.body = {
|
||||
'ResponseMetadata'=>{ 'RequestId'=> Fog::AWS::Mock.request_id },
|
||||
'return' => true,
|
||||
|
|
|
|||
|
|
@ -15,8 +15,8 @@ module Fog
|
|||
# * response<~Excon::Response>:
|
||||
# * body<~Hash>:
|
||||
def revoke_db_security_group_ingress(name, opts={})
|
||||
unless opts.key?('CIDRIP') || (opts.key?('EC2SecurityGroupName') && opts.key?('EC2SecurityGroupOwnerId'))
|
||||
raise ArgumentError, 'Must specify CIDRIP, or both EC2SecurityGroupName and EC2SecurityGroupOwnerId'
|
||||
unless opts.key?('CIDRIP') || ((opts.key?('EC2SecurityGroupName') || opts.key?('EC2SecurityGroupId')) && opts.key?('EC2SecurityGroupOwnerId'))
|
||||
raise ArgumentError, 'Must specify CIDRIP, or one of EC2SecurityGroupName or EC2SecurityGroupId, and EC2SecurityGroupOwnerId'
|
||||
end
|
||||
|
||||
request({
|
||||
|
|
@ -29,8 +29,13 @@ module Fog
|
|||
|
||||
class Mock
|
||||
def revoke_db_security_group_ingress(name, opts = {})
|
||||
unless opts.key?('CIDRIP') || (opts.key?('EC2SecurityGroupName') && opts.key?('EC2SecurityGroupOwnerId'))
|
||||
raise ArgumentError, 'Must specify CIDRIP, or both EC2SecurityGroupName and EC2SecurityGroupOwnerId'
|
||||
unless opts.key?('CIDRIP') || ((opts.key?('EC2SecurityGroupName') || opts.key?('EC2SecurityGroupId')) && opts.key?('EC2SecurityGroupOwnerId'))
|
||||
raise ArgumentError, 'Must specify CIDRIP, or one of EC2SecurityGroupName or EC2SecurityGroupId, and EC2SecurityGroupOwnerId'
|
||||
end
|
||||
|
||||
if ec2_security_group_id = opts.delete("EC2SecurityGroupId")
|
||||
ec2_security_group = (Fog::Compute::AWS::Mock.data[self.region][self.aws_access_key_id][:security_groups] || {}).values.detect { |sg| sg['groupId'] == ec2_security_group_id }
|
||||
opts['EC2SecurityGroupName'] = ec2_security_group['groupName']
|
||||
end
|
||||
|
||||
response = Excon::Response.new
|
||||
|
|
|
|||
|
|
@ -6,9 +6,9 @@ Shindo.tests("AWS::RDS | security_group", ['aws', 'rds']) do
|
|||
|
||||
tests("#description").returns('fog test') { @instance.description }
|
||||
|
||||
tests("#authorize_ec2_security_group").succeeds do
|
||||
@ec2_sec_group = Fog::Compute[:aws].security_groups.create(:name => 'fog-test', :description => 'fog test')
|
||||
@ec2_sec_group = Fog::Compute[:aws].security_groups.create(:name => uniq_id("fog-rds-test"), :description => 'fog test')
|
||||
|
||||
tests("#authorize_ec2_security_group('#{@ec2_sec_group.name}')").succeeds do
|
||||
@instance.authorize_ec2_security_group(@ec2_sec_group.name)
|
||||
returns('authorizing') do
|
||||
@instance.ec2_security_groups.find{|h| h['EC2SecurityGroupName'] == @ec2_sec_group.name}['Status']
|
||||
|
|
@ -17,9 +17,7 @@ Shindo.tests("AWS::RDS | security_group", ['aws', 'rds']) do
|
|||
|
||||
@instance.wait_for { ready? }
|
||||
|
||||
tests("#revoke_ec2_security_group").succeeds do
|
||||
pending if Fog.mocking?
|
||||
|
||||
tests("#revoke_ec2_security_group('#{@ec2_sec_group.name}')").succeeds do
|
||||
@instance.revoke_ec2_security_group(@ec2_sec_group.name)
|
||||
|
||||
returns('revoking') do
|
||||
|
|
@ -29,9 +27,35 @@ Shindo.tests("AWS::RDS | security_group", ['aws', 'rds']) do
|
|||
@instance.wait_for { ready? }
|
||||
|
||||
returns(false) { @instance.ec2_security_groups.any?{|h| h['EC2SecurityGroupName'] == @ec2_sec_group.name} }
|
||||
@ec2_sec_group.destroy
|
||||
end
|
||||
|
||||
@instance.wait_for { ready? }
|
||||
|
||||
tests("#authorize_ec2_security_group('#{@ec2_sec_group.group_id}')").succeeds do
|
||||
@instance.authorize_ec2_security_group(@ec2_sec_group.group_id)
|
||||
returns('authorizing') do
|
||||
@instance.ec2_security_groups.find{|h| h['EC2SecurityGroupName'] == @ec2_sec_group.name}['Status']
|
||||
end
|
||||
end
|
||||
|
||||
@instance.wait_for { ready? }
|
||||
|
||||
tests("#revoke_ec2_security_group('#{@ec2_sec_group.group_id}')").succeeds do
|
||||
@instance.revoke_ec2_security_group(@ec2_sec_group.group_id)
|
||||
|
||||
returns('revoking') do
|
||||
@instance.ec2_security_groups.find{|h| h['EC2SecurityGroupName'] == @ec2_sec_group.name}['Status']
|
||||
end
|
||||
|
||||
@instance.wait_for { ready? }
|
||||
|
||||
returns(false) { @instance.ec2_security_groups.any?{|h| h['EC2SecurityGroupId'] == @ec2_sec_group.group_id} }
|
||||
end
|
||||
|
||||
@instance.wait_for { ready? }
|
||||
|
||||
@ec2_sec_group.destroy
|
||||
|
||||
tests("#authorize_cidrip").succeeds do
|
||||
@cidr = '127.0.0.1/32'
|
||||
@instance.authorize_cidrip(@cidr)
|
||||
|
|
|
|||
Loading…
Reference in a new issue