Commit c6a7c452 authored by André Carvalho's avatar André Carvalho

drivers/amazonec2: adds flag to prevent mutating security groups

Signed-off-by: default avatarAndré Carvalho <[email protected]>
parent 7890e8dc
......@@ -86,6 +86,7 @@ type Driver struct {
SecurityGroupName string
SecurityGroupNames []string
SecurityGroupReadOnly bool
OpenPorts []string
Tags string
ReservationId string
......@@ -161,6 +162,11 @@ func (d *Driver) GetCreateFlags() []mcnflag.Flag {
Usage: "AWS VPC subnet id",
EnvVar: "AWS_SUBNET_ID",
},
mcnflag.BoolFlag{
Name: "amazonec2-security-group-readonly",
Usage: "Skip adding default rules to security groups",
EnvVar: "AWS_SECURITY_GROUP_READONLY",
},
mcnflag.StringSliceFlag{
Name: "amazonec2-security-group",
Usage: "AWS VPC security group",
......@@ -348,6 +354,7 @@ func (d *Driver) SetConfigFromFlags(flags drivers.DriverOptions) error {
d.VpcId = flags.String("amazonec2-vpc-id")
d.SubnetId = flags.String("amazonec2-subnet-id")
d.SecurityGroupNames = flags.StringSlice("amazonec2-security-group")
d.SecurityGroupReadOnly = flags.Bool("amazonec2-security-group-readonly")
d.Tags = flags.String("amazonec2-tags")
zone := flags.String("amazonec2-zone")
d.Zone = zone[:]
......@@ -1141,6 +1148,10 @@ func (d *Driver) configureSecurityGroups(groupNames []string) error {
}
func (d *Driver) configureSecurityGroupPermissions(group *ec2.SecurityGroup) ([]*ec2.IpPermission, error) {
if d.SecurityGroupReadOnly {
log.Debug("Skipping permission configuration on security groups")
return nil, nil
}
hasPorts := make(map[string]bool)
for _, p := range group.IpPermissions {
if p.FromPort != nil {
......
......@@ -98,6 +98,15 @@ func TestConfigureSecurityGroupPermissionsDockerAndSsh(t *testing.T) {
assert.Empty(t, perms)
}
func TestConfigureSecurityGroupPermissionsSkipReadOnly(t *testing.T) {
driver := NewTestDriver()
driver.SecurityGroupReadOnly = true
perms, err := driver.configureSecurityGroupPermissions(securityGroup)
assert.Nil(t, err)
assert.Len(t, perms, 0)
}
func TestConfigureSecurityGroupPermissionsOpenPorts(t *testing.T) {
driver := NewTestDriver()
driver.OpenPorts = []string{"8888/tcp", "8080/udp", "9090"}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment