Skip to content
Snippets Groups Projects
Commit c6a7c452 authored by André Carvalho's avatar André Carvalho
Browse files

drivers/amazonec2: adds flag to prevent mutating security groups 


Signed-off-by: default avatarAndré Carvalho <asantostc@gmail.com>
parent 7890e8dc
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
drivers/amazonec2/amazonec2.go
+ 11
0
View file @ c6a7c452
...@@ -86,6 +86,7 @@ type Driver struct { ...@@ -86,6 +86,7 @@ type Driver struct {
SecurityGroupName string SecurityGroupName string
SecurityGroupNames []string SecurityGroupNames []string
SecurityGroupReadOnly bool
OpenPorts []string OpenPorts []string
Tags string Tags string
ReservationId string ReservationId string
...@@ -161,6 +162,11 @@ func (d *Driver) GetCreateFlags() []mcnflag.Flag { ...@@ -161,6 +162,11 @@ func (d *Driver) GetCreateFlags() []mcnflag.Flag {
Usage: "AWS VPC subnet id", Usage: "AWS VPC subnet id",
EnvVar: "AWS_SUBNET_ID", EnvVar: "AWS_SUBNET_ID",
}, },
mcnflag.BoolFlag{
Name: "amazonec2-security-group-readonly",
Usage: "Skip adding default rules to security groups",
EnvVar: "AWS_SECURITY_GROUP_READONLY",
},
mcnflag.StringSliceFlag{ mcnflag.StringSliceFlag{
Name: "amazonec2-security-group", Name: "amazonec2-security-group",
Usage: "AWS VPC security group", Usage: "AWS VPC security group",
...@@ -348,6 +354,7 @@ func (d *Driver) SetConfigFromFlags(flags drivers.DriverOptions) error { ...@@ -348,6 +354,7 @@ func (d *Driver) SetConfigFromFlags(flags drivers.DriverOptions) error {
d.VpcId = flags.String("amazonec2-vpc-id") d.VpcId = flags.String("amazonec2-vpc-id")
d.SubnetId = flags.String("amazonec2-subnet-id") d.SubnetId = flags.String("amazonec2-subnet-id")
d.SecurityGroupNames = flags.StringSlice("amazonec2-security-group") d.SecurityGroupNames = flags.StringSlice("amazonec2-security-group")
d.SecurityGroupReadOnly = flags.Bool("amazonec2-security-group-readonly")
d.Tags = flags.String("amazonec2-tags") d.Tags = flags.String("amazonec2-tags")
zone := flags.String("amazonec2-zone") zone := flags.String("amazonec2-zone")
d.Zone = zone[:] d.Zone = zone[:]
...@@ -1141,6 +1148,10 @@ func (d *Driver) configureSecurityGroups(groupNames []string) error { ...@@ -1141,6 +1148,10 @@ func (d *Driver) configureSecurityGroups(groupNames []string) error {
} }
func (d *Driver) configureSecurityGroupPermissions(group *ec2.SecurityGroup) ([]*ec2.IpPermission, error) { func (d *Driver) configureSecurityGroupPermissions(group *ec2.SecurityGroup) ([]*ec2.IpPermission, error) {
if d.SecurityGroupReadOnly {
log.Debug("Skipping permission configuration on security groups")
return nil, nil
}
hasPorts := make(map[string]bool) hasPorts := make(map[string]bool)
for _, p := range group.IpPermissions { for _, p := range group.IpPermissions {
if p.FromPort != nil { if p.FromPort != nil {
......
drivers/amazonec2/amazonec2_test.go
+ 9
0
View file @ c6a7c452
...@@ -98,6 +98,15 @@ func TestConfigureSecurityGroupPermissionsDockerAndSsh(t *testing.T) { ...@@ -98,6 +98,15 @@ func TestConfigureSecurityGroupPermissionsDockerAndSsh(t *testing.T) {
assert.Empty(t, perms) assert.Empty(t, perms)
} }
func TestConfigureSecurityGroupPermissionsSkipReadOnly(t *testing.T) {
driver := NewTestDriver()
driver.SecurityGroupReadOnly = true
perms, err := driver.configureSecurityGroupPermissions(securityGroup)
assert.Nil(t, err)
assert.Len(t, perms, 0)
}
func TestConfigureSecurityGroupPermissionsOpenPorts(t *testing.T) { func TestConfigureSecurityGroupPermissionsOpenPorts(t *testing.T) {
driver := NewTestDriver() driver := NewTestDriver()
driver.OpenPorts = []string{"8888/tcp", "8080/udp", "9090"} driver.OpenPorts = []string{"8888/tcp", "8080/udp", "9090"}
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment