https-github-com-bit
diff --git a/‎Godeps/Godeps.json‎
Lines changed: 19 additions & 1 deletion b/‎Godeps/Godeps.json‎
Lines changed: 19 additions & 1 deletion
diff --git a/‎drivers/amazonec2/amazonec2.go‎
Lines changed: 109 additions & 81 deletions b/‎drivers/amazonec2/amazonec2.go‎
Lines changed: 109 additions & 81 deletions
@@ -55,21 +55,28 @@ var (
 
 type Driver struct {
 	*drivers.BaseDriver
-	clientFactory           func() Ec2Client
-	awsCredentials          awsCredentials
-	Id                      string
-	AccessKey               string
-	SecretKey               string
-	SessionToken            string
-	Region                  string
-	AMI                     string
-	SSHKeyID                int
-	KeyName                 string
-	InstanceId              string
-	InstanceType            string
-	PrivateIPAddress        string
-	SecurityGroupId         string
-	SecurityGroupName       string
+	clientFactory    func() Ec2Client
+	awsCredentials   awsCredentials
+	Id               string
+	AccessKey        string
+	SecretKey        string
+	SessionToken     string
+	Region           string
+	AMI              string
+	SSHKeyID         int
+	KeyName          string
+	InstanceId       string
+	InstanceType     string
+	PrivateIPAddress string
+
+	// NB: SecurityGroupId expanded from single value to slice on 26 Feb 2016 - we maintain both for host storage backwards compatibility.
+	SecurityGroupId  string
+	SecurityGroupIds []string
+
+	// NB: SecurityGroupName expanded from single value to slice on 26 Feb 2016 - we maintain both for host storage backwards compatibility.
+	SecurityGroupName  string
+	SecurityGroupNames []string
+
 	Tags                    string
 	ReservationId           string
 	DeviceName              string
@@ -138,10 +145,10 @@ func (d *Driver) GetCreateFlags() []mcnflag.Flag {
 			Usage:  "AWS VPC subnet id",
 			EnvVar: "AWS_SUBNET_ID",
 		},
-		mcnflag.StringFlag{
+		mcnflag.StringSliceFlag{
 			Name:   "amazonec2-security-group",
 			Usage:  "AWS VPC security group",
-			Value:  defaultSecurityGroup,
+			Value:  []string{defaultSecurityGroup},
 			EnvVar: "AWS_SECURITY_GROUP",
 		},
 		mcnflag.StringFlag{
@@ -225,14 +232,14 @@ func (d *Driver) GetCreateFlags() []mcnflag.Flag {
 func NewDriver(hostName, storePath string) *Driver {
 	id := generateId()
 	driver := &Driver{
-		Id:                id,
-		AMI:               defaultAmiId,
-		Region:            defaultRegion,
-		InstanceType:      defaultInstanceType,
-		RootSize:          defaultRootSize,
-		Zone:              defaultZone,
-		SecurityGroupName: defaultSecurityGroup,
-		SpotPrice:         defaultSpotPrice,
+		Id:                 id,
+		AMI:                defaultAmiId,
+		Region:             defaultRegion,
+		InstanceType:       defaultInstanceType,
+		RootSize:           defaultRootSize,
+		Zone:               defaultZone,
+		SecurityGroupNames: []string{defaultSecurityGroup},
+		SpotPrice:          defaultSpotPrice,
 		BaseDriver: &drivers.BaseDriver{
 			SSHUser:     defaultSSHUser,
 			MachineName: hostName,
@@ -282,7 +289,7 @@ func (d *Driver) SetConfigFromFlags(flags drivers.DriverOptions) error {
 	d.InstanceType = flags.String("amazonec2-instance-type")
 	d.VpcId = flags.String("amazonec2-vpc-id")
 	d.SubnetId = flags.String("amazonec2-subnet-id")
-	d.SecurityGroupName = flags.String("amazonec2-security-group")
+	d.SecurityGroupNames = flags.StringSlice("amazonec2-security-group")
 	d.Tags = flags.String("amazonec2-tags")
 	zone := flags.String("amazonec2-zone")
 	d.Zone = zone[:]
@@ -448,6 +455,31 @@ func (d *Driver) instanceIpAvailable() bool {
 	return false
 }
 
+func makePointerSlice(stackSlice []string) []*string {
+	pointerSlice := []*string{}
+	for i := range stackSlice {
+		pointerSlice = append(pointerSlice, &stackSlice[i])
+	}
+	return pointerSlice
+}
+
+// Support migrating single string Driver fields to slices.
+func migrateStringToSlice(value string, values []string) (result []string) {
+	if value != "" {
+		result = append(result, value)
+	}
+	result = append(result, values...)
+	return
+}
+
+func (d *Driver) securityGroupNames() (ids []string) {
+	return migrateStringToSlice(d.SecurityGroupName, d.SecurityGroupNames)
+}
+
+func (d *Driver) securityGroupIds() (ids []string) {
+	return migrateStringToSlice(d.SecurityGroupId, d.SecurityGroupIds)
+}
+
 func (d *Driver) Create() error {
 	if err := d.checkPrereqs(); err != nil {
 		return err
@@ -459,7 +491,7 @@ func (d *Driver) Create() error {
 		return fmt.Errorf("unable to create key pair: %s", err)
 	}
 
-	if err := d.configureSecurityGroup(d.SecurityGroupName); err != nil {
+	if err := d.configureSecurityGroups(d.securityGroupNames()); err != nil {
 		return err
 	}
 
@@ -473,7 +505,7 @@ func (d *Driver) Create() error {
 	}
 	netSpecs := []*ec2.InstanceNetworkInterfaceSpecification{{
 		DeviceIndex:              aws.Int64(0), // eth0
-		Groups:                   []*string{&d.SecurityGroupId},
+		Groups:                   makePointerSlice(d.securityGroupIds()),
 		SubnetId:                 &d.SubnetId,
 		AssociatePublicIpAddress: aws.Bool(!d.PrivateIPOnly),
 	}}
@@ -866,14 +898,18 @@ func (d *Driver) configureTags(tagGroups string) error {
 	return nil
 }
 
-func (d *Driver) configureSecurityGroup(groupName string) error {
-	log.Debugf("configuring security group in %s", d.VpcId)
+func (d *Driver) configureSecurityGroups(groupNames []string) error {
+	if len(groupNames) == 0 {
+		log.Debugf("no security groups to configure in %s", d.VpcId)
+		return nil
+	}
+
+	log.Debugf("configuring security groups in %s", d.VpcId)
 
-	var group *ec2.SecurityGroup
 	filters := []*ec2.Filter{
 		{
 			Name:   aws.String("group-name"),
-			Values: []*string{&groupName},
+			Values: makePointerSlice(groupNames),
 		},
 		{
 			Name:   aws.String("vpc-id"),
@@ -887,47 +923,52 @@ func (d *Driver) configureSecurityGroup(groupName string) error {
 		return err
 	}
 
-	if len(groups.SecurityGroups) > 0 {
-		log.Debugf("found existing security group (%s) in %s", groupName, d.VpcId)
-		group = groups.SecurityGroups[0]
+	var groupsByName = make(map[string]*ec2.SecurityGroup)
+	for _, securityGroup := range groups.SecurityGroups {
+		groupsByName[*securityGroup.GroupName] = securityGroup
 	}
 
-	// if not found, create
-	if group == nil {
-		log.Debugf("creating security group (%s) in %s", groupName, d.VpcId)
-		groupResp, err := d.getClient().CreateSecurityGroup(&ec2.CreateSecurityGroupInput{
-			GroupName:   &groupName,
-			Description: aws.String("Docker Machine"),
-			VpcId:       &d.VpcId,
-		})
-		if err != nil {
-			return err
-		}
-		// Manually translate into the security group construct
-		group = &ec2.SecurityGroup{
-			GroupId:   groupResp.GroupId,
-			VpcId:     aws.String(d.VpcId),
-			GroupName: aws.String(groupName),
-		}
-		// wait until created (dat eventual consistency)
-		log.Debugf("waiting for group (%s) to become available", *group.GroupId)
-		if err := mcnutils.WaitFor(d.securityGroupAvailableFunc(*group.GroupId)); err != nil {
-			return err
+	for _, groupName := range groupNames {
+		var group *ec2.SecurityGroup
+		securityGroup, ok := groupsByName[groupName]
+		if ok {
+			log.Debugf("found existing security group (%s) in %s", groupName, d.VpcId)
+			group = securityGroup
+		} else {
+			log.Debugf("creating security group (%s) in %s", groupName, d.VpcId)
+			groupResp, err := d.getClient().CreateSecurityGroup(&ec2.CreateSecurityGroupInput{
+				GroupName:   aws.String(groupName),
+				Description: aws.String("Docker Machine"),
+				VpcId:       aws.String(d.VpcId),
+			})
+			if err != nil {
+				return err
+			}
+			// Manually translate into the security group construct
+			group = &ec2.SecurityGroup{
+				GroupId:   groupResp.GroupId,
+				VpcId:     aws.String(d.VpcId),
+				GroupName: aws.String(groupName),
+			}
+			// wait until created (dat eventual consistency)
+			log.Debugf("waiting for group (%s) to become available", *group.GroupId)
+			if err := mcnutils.WaitFor(d.securityGroupAvailableFunc(*group.GroupId)); err != nil {
+				return err
+			}
 		}
-	}
-
-	d.SecurityGroupId = *group.GroupId
+		d.SecurityGroupIds = append(d.SecurityGroupIds, *group.GroupId)
 
-	perms := d.configureSecurityGroupPermissions(group)
+		perms := d.configureSecurityGroupPermissions(group)
 
-	if len(perms) != 0 {
-		log.Debugf("authorizing group %s with permissions: %v", groupName, perms)
-		_, err := d.getClient().AuthorizeSecurityGroupIngress(&ec2.AuthorizeSecurityGroupIngressInput{
-			GroupId:       group.GroupId,
-			IpPermissions: perms,
-		})
-		if err != nil {
-			return err
+		if len(perms) != 0 {
+			log.Debugf("authorizing group %s with permissions: %v", groupNames, perms)
+			_, err := d.getClient().AuthorizeSecurityGroupIngress(&ec2.AuthorizeSecurityGroupIngressInput{
+				GroupId:       group.GroupId,
+				IpPermissions: perms,
+			})
+			if err != nil {
+				return err
+			}
 		}
 	}
 
@@ -985,19 +1026,6 @@ func (d *Driver) configureSecurityGroupPermissions(group *ec2.SecurityGroup) []*
 	return perms
 }
 
-func (d *Driver) deleteSecurityGroup() error {
-	log.Debugf("deleting security group %s", d.SecurityGroupId)
-
-	_, err := d.getClient().DeleteSecurityGroup(&ec2.DeleteSecurityGroupInput{
-		GroupId: &d.SecurityGroupId,
-	})
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
 func (d *Driver) deleteKeyPair() error {
 	log.Debugf("deleting key pair: %s", d.KeyName)