#!/usr/bin/env bash

# **sec_groups.sh**

# Test security groups via the command line

echo "*********************************************************************"
echo "Begin DevStack Exercise: $0"
echo "*********************************************************************"

# This script exits on an error so that errors don't compound and you see
# only the first error that occured.
set -o errexit

# Print the commands being run so that we can see the command that triggers
# an error.  It is also useful for following allowing as the install occurs.
set -o xtrace


# Settings
# ========

# Keep track of the current directory
EXERCISE_DIR=$(cd $(dirname "$0") && pwd)
TOP_DIR=$(cd $EXERCISE_DIR/..; pwd)

# Import common functions
source $TOP_DIR/functions

# Import configuration
source $TOP_DIR/openrc

# Import exercise configuration
source $TOP_DIR/exerciserc


# Testing Security Groups
# =======================

# List security groups
nova secgroup-list

# Create random name for new sec group and create secgroup of said name
SEC_GROUP_NAME="ex-secgroup-$(openssl rand -hex 4)"
nova secgroup-create $SEC_GROUP_NAME 'a test security group'

# Add some rules to the secgroup
RULES_TO_ADD=( 22 3389 5900 )

for RULE in "${RULES_TO_ADD[@]}"; do
    nova secgroup-add-rule $SEC_GROUP_NAME tcp $RULE $RULE 0.0.0.0/0
done

# Check to make sure rules were added
SEC_GROUP_RULES=( $(nova secgroup-list-rules $SEC_GROUP_NAME | grep -v \- | grep -v 'Source Group' | cut -d '|' -f3 | tr -d ' ') )
for i in "${RULES_TO_ADD[@]}"; do
    skip=
    for j in "${SEC_GROUP_RULES[@]}"; do
        [[ $i == $j ]] && { skip=1; break; }
    done
    [[ -n $skip ]] || exit 1
done

# Delete rules and secgroup
for RULE in "${RULES_TO_ADD[@]}"; do
    nova secgroup-delete-rule $SEC_GROUP_NAME tcp $RULE $RULE 0.0.0.0/0
done

# Delete secgroup
nova secgroup-delete $SEC_GROUP_NAME || \
    die $LINENO "Failure deleting security group $SEC_GROUP_NAME"

set +o xtrace
echo "*********************************************************************"
echo "SUCCESS: End DevStack Exercise: $0"
echo "*********************************************************************"