|
| 1 | +#!/usr/bin/env bash |
| 2 | + |
| 3 | +# **sec_groups.sh** |
| 4 | + |
| 5 | +# Test security groups via the command line tools that ship with it. |
| 6 | + |
| 7 | +echo "*********************************************************************" |
| 8 | +echo "Begin DevStack Exercise: $0" |
| 9 | +echo "*********************************************************************" |
| 10 | + |
| 11 | +# This script exits on an error so that errors don't compound and you see |
| 12 | +# only the first error that occured. |
| 13 | +set -o errexit |
| 14 | + |
| 15 | +# Print the commands being run so that we can see the command that triggers |
| 16 | +# an error. It is also useful for following allowing as the install occurs. |
| 17 | +set -o xtrace |
| 18 | + |
| 19 | + |
| 20 | +# Settings |
| 21 | +# ======== |
| 22 | + |
| 23 | +# Keep track of the current directory |
| 24 | +EXERCISE_DIR=$(cd $(dirname "$0") && pwd) |
| 25 | +TOP_DIR=$(cd $EXERCISE_DIR/..; pwd) |
| 26 | + |
| 27 | +# Import common functions |
| 28 | +source $TOP_DIR/functions |
| 29 | + |
| 30 | +# Import configuration |
| 31 | +source $TOP_DIR/openrc |
| 32 | + |
| 33 | +# Import exercise configuration |
| 34 | +source $TOP_DIR/exerciserc |
| 35 | + |
| 36 | + |
| 37 | +# Testing Security Groups |
| 38 | +# ============= |
| 39 | + |
| 40 | +# List security groups |
| 41 | +nova secgroup-list |
| 42 | + |
| 43 | +# Create random name for new sec group and create secgroup of said name |
| 44 | +SEC_GROUP_NAME="sec-group-$(openssl rand -hex 4)" |
| 45 | +nova secgroup-create $SEC_GROUP_NAME 'a test security group' |
| 46 | + |
| 47 | +# Add some rules to the secgroup |
| 48 | +RULES_TO_ADD=( 22 3389 5900 ) |
| 49 | + |
| 50 | +for RULE in "${RULES_TO_ADD[@]}"; do |
| 51 | + nova secgroup-add-rule $SEC_GROUP_NAME tcp $RULE $RULE 0.0.0.0/00 |
| 52 | +done |
| 53 | + |
| 54 | +# Check to make sure rules were added |
| 55 | +SEC_GROUP_RULES=( $(nova secgroup-list-rules $SEC_GROUP_NAME | grep -v \- | grep -v 'Source Group' | cut -d '|' -f3 | tr -d ' ') ) |
| 56 | +for i in "${RULES_TO_ADD[@]}"; do |
| 57 | + skip= |
| 58 | + for j in "${SEC_GROUP_RULES[@]}"; do |
| 59 | + [[ $i == $j ]] && { skip=1; break; } |
| 60 | + done |
| 61 | + [[ -n $skip ]] || exit 1 |
| 62 | +done |
| 63 | + |
| 64 | +# Delete rules and secgroup |
| 65 | +for RULE in "${RULES_TO_ADD[@]}"; do |
| 66 | + nova secgroup-delete-rule $SEC_GROUP_NAME tcp $RULE $RULE 0.0.0.0/00 |
| 67 | +done |
| 68 | +nova secgroup-delete $SEC_GROUP_NAME |
| 69 | + |
| 70 | + |
| 71 | +set +o xtrace |
| 72 | +echo "*********************************************************************" |
| 73 | +echo "SUCCESS: End DevStack Exercise: $0" |
| 74 | +echo "*********************************************************************" |
0 commit comments