From d8709738e2e289403f40f13f9f92bac913020f56 Mon Sep 17 00:00:00 2001 From: Tony Song Date: Tue, 18 Aug 2020 16:37:10 -0500 Subject: [PATCH 1/5] Allow multiple ips when creating a security group --- README.md | 6 +++--- lib/kitchen/driver/ec2.rb | 6 ++++-- spec/kitchen/driver/ec2_spec.rb | 18 +++++++++++++++++- 3 files changed, 24 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index ac1ec622..e0cb8ef3 100644 --- a/README.md +++ b/README.md @@ -237,11 +237,11 @@ security_group_filter: value: 'MyOtherSG' ``` -### `security_group_cidr_ip` +#### `security_group_cidr_ips` -The EC2 [security group][group_docs] ip, in CIDR block format, to use when creating the security group. +The EC2 [security group][group_docs] ip(s), in CIDR block format, to use when creating the security group. -The default is "0.0.0.0/0". +The default is ["0.0.0.0/0"]. #### `region` diff --git a/lib/kitchen/driver/ec2.rb b/lib/kitchen/driver/ec2.rb index c5d0e8f7..d74ce495 100644 --- a/lib/kitchen/driver/ec2.rb +++ b/lib/kitchen/driver/ec2.rb @@ -59,7 +59,7 @@ class Ec2 < Kitchen::Driver::Base default_config :ebs_optimized, false default_config :security_group_ids, nil default_config :security_group_filter, nil - default_config :security_group_cidr_ip, "0.0.0.0/0" + default_config :security_group_cidr_ips, ["0.0.0.0/0"] default_config :tags, "created-by" => "test-kitchen" default_config :user_data do |driver| if driver.windows_os? @@ -785,7 +785,9 @@ def create_security_group(state) ip_protocol: "tcp", from_port: port, to_port: port, - ip_ranges: [{ cidr_ip: config[:security_group_cidr_ip] }], + ip_ranges: config[:security_group_cidr_ips].map do |cidr_ip| + { cidr_ip: cidr_ip } + end } end ) diff --git a/spec/kitchen/driver/ec2_spec.rb b/spec/kitchen/driver/ec2_spec.rb index fb23ab48..bb8e5ea7 100644 --- a/spec/kitchen/driver/ec2_spec.rb +++ b/spec/kitchen/driver/ec2_spec.rb @@ -552,7 +552,7 @@ context "with a ip address configured" do before do - config[:security_group_cidr_ip] = "1.2.3.4/32" + config[:security_group_cidr_ips] = ["1.2.3.4/32"] expect(actual_client).to receive(:describe_subnets).with(filters: [{ name: "subnet-id", values: ["subnet-1234"] }]).and_return(double(subnets: [double(vpc_id: "vpc-1")])) expect(actual_client).to receive(:create_security_group).with(group_name: /kitchen-/, description: /Test Kitchen for/, vpc_id: "vpc-1").and_return(double(group_id: "sg-9876")) expect(actual_client).to receive(:authorize_security_group_ingress).with(group_id: "sg-9876", ip_permissions: [ @@ -566,6 +566,22 @@ include_examples "common create" end + context "with multiple ip addresses configured" do + before do + config[:security_group_cidr_ips] = ["10.0.0.0/22", "172.16.0.0/24"] + expect(actual_client).to receive(:describe_subnets).with(filters: [{ name: "subnet-id", values: ["subnet-1234"] }]).and_return(double(subnets: [double(vpc_id: "vpc-1")])) + expect(actual_client).to receive(:create_security_group).with(group_name: /kitchen-/, description: /Test Kitchen for/, vpc_id: "vpc-1").and_return(double(group_id: "sg-9876")) + expect(actual_client).to receive(:authorize_security_group_ingress).with(group_id: "sg-9876", ip_permissions: [ + { ip_protocol: "tcp", from_port: 22, to_port: 22, ip_ranges: [{ cidr_ip: "10.0.0.0/22" }, { cidr_ip: "172.16.0.0/24" }] }, + { ip_protocol: "tcp", from_port: 3389, to_port: 22, ip_ranges: [{ cidr_ip: "10.0.0.0/22" }, { cidr_ip: "172.16.0.0/24" }] }, + { ip_protocol: "tcp", from_port: 5985, to_port: 22, ip_ranges: [{ cidr_ip: "10.0.0.0/22" }, { cidr_ip: "172.16.0.0/24" }] }, + { ip_protocol: "tcp", from_port: 5986, to_port: 22, ip_ranges: [{ cidr_ip: "10.0.0.0/22" }, { cidr_ip: "172.16.0.0/24" }] }, + ]) + end + + include_examples "common create" + end + context "with a default VPC" do before do config.delete(:subnet_id) From ba919985f28842412999520c6315f0e973b35221 Mon Sep 17 00:00:00 2001 From: Tony Song Date: Tue, 18 Aug 2020 16:51:24 -0500 Subject: [PATCH 2/5] Fix typos in ec2_spec.rb --- spec/kitchen/driver/ec2_spec.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/spec/kitchen/driver/ec2_spec.rb b/spec/kitchen/driver/ec2_spec.rb index bb8e5ea7..7889cb73 100644 --- a/spec/kitchen/driver/ec2_spec.rb +++ b/spec/kitchen/driver/ec2_spec.rb @@ -573,9 +573,9 @@ expect(actual_client).to receive(:create_security_group).with(group_name: /kitchen-/, description: /Test Kitchen for/, vpc_id: "vpc-1").and_return(double(group_id: "sg-9876")) expect(actual_client).to receive(:authorize_security_group_ingress).with(group_id: "sg-9876", ip_permissions: [ { ip_protocol: "tcp", from_port: 22, to_port: 22, ip_ranges: [{ cidr_ip: "10.0.0.0/22" }, { cidr_ip: "172.16.0.0/24" }] }, - { ip_protocol: "tcp", from_port: 3389, to_port: 22, ip_ranges: [{ cidr_ip: "10.0.0.0/22" }, { cidr_ip: "172.16.0.0/24" }] }, - { ip_protocol: "tcp", from_port: 5985, to_port: 22, ip_ranges: [{ cidr_ip: "10.0.0.0/22" }, { cidr_ip: "172.16.0.0/24" }] }, - { ip_protocol: "tcp", from_port: 5986, to_port: 22, ip_ranges: [{ cidr_ip: "10.0.0.0/22" }, { cidr_ip: "172.16.0.0/24" }] }, + { ip_protocol: "tcp", from_port: 3389, to_port: 3389, ip_ranges: [{ cidr_ip: "10.0.0.0/22" }, { cidr_ip: "172.16.0.0/24" }] }, + { ip_protocol: "tcp", from_port: 5985, to_port: 5985, ip_ranges: [{ cidr_ip: "10.0.0.0/22" }, { cidr_ip: "172.16.0.0/24" }] }, + { ip_protocol: "tcp", from_port: 5986, to_port: 5986, ip_ranges: [{ cidr_ip: "10.0.0.0/22" }, { cidr_ip: "172.16.0.0/24" }] }, ]) end From 26d2902422f5f79f6a712fca9e623402d2962849 Mon Sep 17 00:00:00 2001 From: Tony Song Date: Wed, 19 Aug 2020 11:17:03 -0500 Subject: [PATCH 3/5] Update README.md on security_group_cidr_ips option --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e0cb8ef3..ea9d447a 100644 --- a/README.md +++ b/README.md @@ -239,7 +239,7 @@ security_group_filter: #### `security_group_cidr_ips` -The EC2 [security group][group_docs] ip(s), in CIDR block format, to use when creating the security group. +An Array of EC2 [security group][group_docs] ip(s), in CIDR block format, to use when creating the security group. The default is ["0.0.0.0/0"]. From 7d74a626c70d304b1d57cd1e213a122916e561ba Mon Sep 17 00:00:00 2001 From: Tony Song Date: Wed, 19 Aug 2020 11:27:21 -0500 Subject: [PATCH 4/5] Add a comma after the last item of ip_permissions --- lib/kitchen/driver/ec2.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/kitchen/driver/ec2.rb b/lib/kitchen/driver/ec2.rb index d74ce495..4536792f 100644 --- a/lib/kitchen/driver/ec2.rb +++ b/lib/kitchen/driver/ec2.rb @@ -787,7 +787,7 @@ def create_security_group(state) to_port: port, ip_ranges: config[:security_group_cidr_ips].map do |cidr_ip| { cidr_ip: cidr_ip } - end + end, } end ) From d177ef8435b6f3055c7b2c426f99d3b8f60c5bf3 Mon Sep 17 00:00:00 2001 From: Tony Song Date: Fri, 28 Aug 2020 10:16:27 -0500 Subject: [PATCH 5/5] Optionally allow an arr for security_group_cidr_ip --- README.md | 6 +++--- lib/kitchen/driver/ec2.rb | 4 ++-- spec/kitchen/driver/ec2_spec.rb | 24 ++++++++++++++++++++---- 3 files changed, 25 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index ea9d447a..5176b1ac 100644 --- a/README.md +++ b/README.md @@ -237,11 +237,11 @@ security_group_filter: value: 'MyOtherSG' ``` -#### `security_group_cidr_ips` +#### `security_group_cidr_ip` -An Array of EC2 [security group][group_docs] ip(s), in CIDR block format, to use when creating the security group. +The EC2 [security group][group_docs] ip address, in CIDR block format, to use when creating the security group. Optionally, you can provide an array of ip addresses instead when having multiple ip addresses for the security group is desirable. -The default is ["0.0.0.0/0"]. +The default is "0.0.0.0/0". #### `region` diff --git a/lib/kitchen/driver/ec2.rb b/lib/kitchen/driver/ec2.rb index 4536792f..568f283a 100644 --- a/lib/kitchen/driver/ec2.rb +++ b/lib/kitchen/driver/ec2.rb @@ -59,7 +59,7 @@ class Ec2 < Kitchen::Driver::Base default_config :ebs_optimized, false default_config :security_group_ids, nil default_config :security_group_filter, nil - default_config :security_group_cidr_ips, ["0.0.0.0/0"] + default_config :security_group_cidr_ip, "0.0.0.0/0" default_config :tags, "created-by" => "test-kitchen" default_config :user_data do |driver| if driver.windows_os? @@ -785,7 +785,7 @@ def create_security_group(state) ip_protocol: "tcp", from_port: port, to_port: port, - ip_ranges: config[:security_group_cidr_ips].map do |cidr_ip| + ip_ranges: Array(config[:security_group_cidr_ip]).map do |cidr_ip| { cidr_ip: cidr_ip } end, } diff --git a/spec/kitchen/driver/ec2_spec.rb b/spec/kitchen/driver/ec2_spec.rb index 7889cb73..d476270b 100644 --- a/spec/kitchen/driver/ec2_spec.rb +++ b/spec/kitchen/driver/ec2_spec.rb @@ -550,9 +550,9 @@ include_examples "common create" end - context "with a ip address configured" do + context "with an ip address configured as a string" do before do - config[:security_group_cidr_ips] = ["1.2.3.4/32"] + config[:security_group_cidr_ip] = "1.2.3.4/32" expect(actual_client).to receive(:describe_subnets).with(filters: [{ name: "subnet-id", values: ["subnet-1234"] }]).and_return(double(subnets: [double(vpc_id: "vpc-1")])) expect(actual_client).to receive(:create_security_group).with(group_name: /kitchen-/, description: /Test Kitchen for/, vpc_id: "vpc-1").and_return(double(group_id: "sg-9876")) expect(actual_client).to receive(:authorize_security_group_ingress).with(group_id: "sg-9876", ip_permissions: [ @@ -566,9 +566,25 @@ include_examples "common create" end - context "with multiple ip addresses configured" do + context "with an ip address configured as an array" do before do - config[:security_group_cidr_ips] = ["10.0.0.0/22", "172.16.0.0/24"] + config[:security_group_cidr_ip] = ["10.0.0.0/22"] + expect(actual_client).to receive(:describe_subnets).with(filters: [{ name: "subnet-id", values: ["subnet-1234"] }]).and_return(double(subnets: [double(vpc_id: "vpc-1")])) + expect(actual_client).to receive(:create_security_group).with(group_name: /kitchen-/, description: /Test Kitchen for/, vpc_id: "vpc-1").and_return(double(group_id: "sg-9876")) + expect(actual_client).to receive(:authorize_security_group_ingress).with(group_id: "sg-9876", ip_permissions: [ + { ip_protocol: "tcp", from_port: 22, to_port: 22, ip_ranges: [{ cidr_ip: "10.0.0.0/22" }] }, + { ip_protocol: "tcp", from_port: 3389, to_port: 3389, ip_ranges: [{ cidr_ip: "10.0.0.0/22" }] }, + { ip_protocol: "tcp", from_port: 5985, to_port: 5985, ip_ranges: [{ cidr_ip: "10.0.0.0/22" }] }, + { ip_protocol: "tcp", from_port: 5986, to_port: 5986, ip_ranges: [{ cidr_ip: "10.0.0.0/22" }] }, + ]) + end + + include_examples "common create" + end + + context "with multiple ip addresses configured as an array" do + before do + config[:security_group_cidr_ip] = ["10.0.0.0/22", "172.16.0.0/24"] expect(actual_client).to receive(:describe_subnets).with(filters: [{ name: "subnet-id", values: ["subnet-1234"] }]).and_return(double(subnets: [double(vpc_id: "vpc-1")])) expect(actual_client).to receive(:create_security_group).with(group_name: /kitchen-/, description: /Test Kitchen for/, vpc_id: "vpc-1").and_return(double(group_id: "sg-9876")) expect(actual_client).to receive(:authorize_security_group_ingress).with(group_id: "sg-9876", ip_permissions: [