brooklyn-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From aledsage <...@git.apache.org>
Subject [GitHub] brooklyn-server pull request #425: Factor security group code out into separ...
Date Wed, 16 Nov 2016 23:13:24 GMT
Github user aledsage commented on a diff in the pull request:

    https://github.com/apache/brooklyn-server/pull/425#discussion_r88353338
  
    --- Diff: locations/jclouds/src/main/java/org/apache/brooklyn/location/jclouds/networking/JcloudsLocationSecurityGroupEditor.java
---
    @@ -0,0 +1,303 @@
    +/*
    + * Licensed to the Apache Software Foundation (ASF) under one
    + * or more contributor license agreements.  See the NOTICE file
    + * distributed with this work for additional information
    + * regarding copyright ownership.  The ASF licenses this file
    + * to you under the Apache License, Version 2.0 (the
    + * "License"); you may not use this file except in compliance
    + * with the License.  You may obtain a copy of the License at
    + *
    + *     http://www.apache.org/licenses/LICENSE-2.0
    + *
    + * Unless required by applicable law or agreed to in writing,
    + * software distributed under the License is distributed on an
    + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
    + * KIND, either express or implied.  See the License for the
    + * specific language governing permissions and limitations
    + * under the License.
    + */
    +package org.apache.brooklyn.location.jclouds.networking;
    +
    +import com.google.common.base.Optional;
    +import com.google.common.base.Predicate;
    +import com.google.common.base.Predicates;
    +import com.google.common.collect.ImmutableList;
    +import com.google.common.collect.Iterables;
    +import org.apache.brooklyn.util.exceptions.Exceptions;
    +import org.jclouds.aws.AWSResponseException;
    +import org.jclouds.compute.ComputeService;
    +import org.jclouds.compute.domain.SecurityGroup;
    +import org.jclouds.compute.extensions.SecurityGroupExtension;
    +import org.jclouds.domain.Location;
    +import org.jclouds.net.domain.IpPermission;
    +import org.slf4j.Logger;
    +import org.slf4j.LoggerFactory;
    +
    +import java.util.Iterator;
    +import java.util.Set;
    +import java.util.concurrent.Callable;
    +
    +/**
    + * Utility for manipulating security groups.
    + *
    + * For convenience, constructors take an argument of a {@link ComputeService} and extract
from it the
    + * information needed to edit groups. However, not all compute services support the security
group extension,
    + * so if the editor is being created for a compute service where it is not known in advance
then users
    + * should query {@link #hasServiceSupport()} before calling the methods to edit security
groups.
    + */
    +public class JcloudsLocationSecurityGroupEditor {
    +
    +    private static final Logger LOG = LoggerFactory.getLogger(JcloudsLocationSecurityGroupEditor.class);
    +    public static final java.lang.String JCLOUDS_PREFIX = "jclouds#";
    +
    +    private final Location location;
    +    private final ComputeService computeService;
    +    private final Optional<SecurityGroupExtension> securityApi;
    +    private final String locationId;
    +    private final Predicate<Exception> isExceptionRetryable;
    +
    +    /**
    +     * Constructor for editor that will retry operations upon exceptions.
    +     * @param location JClouds location where security groups will be managed.
    +     * @param computeService The JClouds compute service instance.
    +     * @param predicate A predicate indicating whether the customiser can retry a request
(e.g. to add a security group
    +     * or a rule) if the attempted operation throws a Throwable.
    +     */
    +    public JcloudsLocationSecurityGroupEditor(Location location, ComputeService computeService,
Predicate predicate) {
    +        this.location = location;
    +        this.computeService = computeService;
    +        this.locationId = this.computeService.getContext().unwrap().getId();
    +        this.securityApi = this.computeService.getSecurityGroupExtension(); // TODO surely
check for isPresent else throw?
    +        this.isExceptionRetryable = predicate;
    +    }
    +
    +    /**
    +     * Constructor for editor that never retries requests if the attempted operation
fails.
    +     * @param location JClouds location where security groups will be managed.
    +     * @param computeService The JClouds compute service instance.
    +     */
    +    public JcloudsLocationSecurityGroupEditor(Location location, ComputeService computeService)
{
    +        this(location, computeService, Predicates.alwaysFalse());
    +    }
    +
    +
    +    /**
    +     * Flag to indicate whether the given compute service has support for security groups.
    +     */
    +    public boolean hasServiceSupport() {
    +        return securityApi.isPresent();
    +    }
    +
    +    /**
    +     * Get the location in which security groups will be created or searched.
    +     */
    +    public Location getLocation() {
    +        return location;
    +    }
    +
    +    /**
    +     * Get the location id from the compute service (e.g. "aws-ec2").
    +     */
    +    public String getLocationId() {
    +        return locationId;
    +    }
    +
    +    public Set<SecurityGroup> getSecurityGroupsForNode(final String nodeId) {
    +        return securityApi.get().listSecurityGroupsForNode(nodeId);
    +    }
    +
    +    /**
    +     * Create the security group. As we use jclouds, groups are created with names prefixed
    +     * with {@link #JCLOUDS_PREFIX}. This method is idempotent.
    +     * @param name Name of the group to create
    +     * @return The created group.
    +     */
    +    public SecurityGroup createSecurityGroup(final String name) {
    +
    +        LOG.debug("Creating security group {} in {}", name, location);
    +        Callable<SecurityGroup> callable = new Callable<SecurityGroup>()
{
    +            @Override
    +            public SecurityGroup call() throws Exception {
    +                return securityApi.get().createSecurityGroup(name, location);
    +            }
    +        };
    +        return runOperationWithRetry(callable);
    +    }
    +
    +    /**
    +     * Removes a security group and its permissions.
    +     * @return true if the group was found and removed.
    +     */
    +    public Boolean removeSecurityGroup(final SecurityGroup group) {
    +
    +        LOG.debug("Removing security group {} in {}", group.getName(), location);
    +        Callable<Boolean> callable = new Callable<Boolean>() {
    +            @Override
    +            public Boolean call() throws Exception {
    +                return securityApi.get().removeSecurityGroup(group.getId());
    +            }
    +        };
    +        return runOperationWithRetry(callable);
    +    }
    +
    +    public Set<SecurityGroup> listSecurityGroupsForNode(final String nodeId) {
    +        return securityApi.get().listSecurityGroupsForNode(nodeId);
    +    }
    +
    +    public Iterable<SecurityGroup> findSecurityGroupsMatching(Predicate predicate)
{
    +        final Set<SecurityGroup> locationGroups = securityApi.get().listSecurityGroupsInLocation(location);
    +        return Iterables.filter(locationGroups, predicate);
    +    }
    +
    +    /**
    +     * @see #findSecurityGroupByName(String)
    +     */
    +    public static class AmbiguousGroupName extends IllegalArgumentException {
    +        public AmbiguousGroupName(String s) {
    +            super(s);
    +        }
    +    }
    +
    +    /**
    +     * Find a security group with the given name. As we use jclouds, groups are created
with names prefixed
    +     * with {@link #JCLOUDS_PREFIX}. For convenience this method accepts names either
with or without the prefix.
    +     * @param name Name of the group to find.
    +     * @return An optional of the group.
    +     * @throws AmbiguousGroupName in the unexpected case that the cloud returns more
than one matching group.
    +     */
    +    public Optional<SecurityGroup> findSecurityGroupByName(final String name) {
    +        final String query = name.startsWith(JCLOUDS_PREFIX) ? name : JCLOUDS_PREFIX
+ name;
    +        final Iterable<SecurityGroup> groupsMatching = findSecurityGroupsMatching(new
Predicate<SecurityGroup>() {
    +            @Override
    +            public boolean apply(final SecurityGroup input) {
    +                return input.getName().equals(query);
    +            }
    +        });
    +        final ImmutableList<SecurityGroup> matches = ImmutableList.copyOf(groupsMatching);
    +        if (matches.size() == 0) {
    +            return Optional.absent();
    +        } else if (matches.size() == 1) {
    +            return Optional.of(matches.get(0));
    +        } else {
    +            throw new AmbiguousGroupName("Unexpected result of multiple groups matching
" + name);
    --- End diff --
    
    Ah, ignore me - it's an exact name match, rather than a predicate!


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message