NovaApi novaApi = ContextBuilder .newBuilder("openstack-nova") .credentials("username", "api_key") .buildApi(NovaApi.class); Ingress ingress = Ingress.builder().fromPort(80).toPort(80).ipProtocol(IpProtocol.TCP).build(); SecurityGroupApi securityGroupApi = novaApi.getSecurityGroupExtensionForZone("RegionOne").get(); SecurityGroup securityGroup = securityGroupApi.createWithDescription("name", "description"); SecurityGroupRule rule = securityGroupApi.createRuleAllowingCidrBlock(securityGroup.getName(), ingress, "0.0.0.0/0"); securityGroupApi.delete(securityGroup.getId());
@Override public SecurityGroupInZone apply(ZoneSecurityGroupNameAndPorts zoneSecurityGroupNameAndPorts) { checkNotNull(zoneSecurityGroupNameAndPorts, "zoneSecurityGroupNameAndPorts"); String zoneId = zoneSecurityGroupNameAndPorts.getZone(); Optional<? extends SecurityGroupApi> api = novaApi.getSecurityGroupExtensionForZone(zoneId); checkArgument(api.isPresent(), "Security groups are required, but the extension is not availablein zone %s!", zoneId); logger.debug(">> creating securityGroup %s", zoneSecurityGroupNameAndPorts); try { SecurityGroup securityGroup = api.get().createWithDescription( zoneSecurityGroupNameAndPorts.getName(), zoneSecurityGroupNameAndPorts.getName()); logger.debug("<< created securityGroup(%s)", securityGroup); for (int port : zoneSecurityGroupNameAndPorts.getPorts()) { authorizeGroupToItselfAndAllIPsToTCPPort(api.get(), securityGroup, port); } return new SecurityGroupInZone(api.get().get(securityGroup.getId()), zoneId); } catch (IllegalStateException e) { logger.trace("<< trying to find securityGroup(%s): %s", zoneSecurityGroupNameAndPorts, e.getMessage()); SecurityGroup group = find(api.get().list(), nameEquals(zoneSecurityGroupNameAndPorts .getName())); logger.debug("<< reused securityGroup(%s)", group.getId()); return new SecurityGroupInZone(group, zoneId); } }
/** * Revokes access to the specified ports of the node, from the specified source. */ @Override public void revoke(ComputeService service, NodeMetadata node, String source, int... ports) { String region = AWSUtils.parseHandle(node.getId())[0]; Optional<? extends SecurityGroupApi> securityGroupApi = getSecurityGroup(service, region); if (securityGroupApi.isPresent()) { String groupName = "jclouds-" + node.getGroup(); Optional<? extends SecurityGroup> securityGroup = getSecurityGroupForGroup(securityGroupApi.get(), groupName); if (securityGroup.isPresent()) { try { for (SecurityGroupRule rule : getAllRuleMatching(securityGroup.get(), source, ports)) { securityGroupApi.get().deleteRule(rule.getId()); } } catch (IllegalStateException e) { //noop } } } }
@Override public SecurityGroup getSecurityGroupById(String id) { RegionAndId regionAndId = RegionAndId.fromSlashEncoded(checkNotNull(id, "id")); String region = regionAndId.getRegion(); String groupId = regionAndId.getId(); Optional<? extends SecurityGroupApi> sgApi = api.getSecurityGroupApi(region); if (!sgApi.isPresent()) { return null; } final FluentIterable<org.jclouds.openstack.nova.v2_0.domain.SecurityGroup> allGroups = sgApi.get().list(); SecurityGroupInRegion rawGroup = new SecurityGroupInRegion(sgApi.get().get(groupId), region, allGroups); return groupConverter.apply(rawGroup); }
@Override public boolean removeSecurityGroup(String id) { checkNotNull(id, "id"); ZoneAndId zoneAndId = ZoneAndId.fromSlashEncoded(id); String zone = zoneAndId.getZone(); String groupId = zoneAndId.getId(); Optional<? extends SecurityGroupApi> sgApi = api.getSecurityGroupExtensionForZone(zone); if (!sgApi.isPresent()) { return false; } if (sgApi.get().get(groupId) == null) { return false; } sgApi.get().delete(groupId); // TODO: test this clear happens groupCreator.invalidate(new ZoneSecurityGroupNameAndPorts(zone, groupId, ImmutableSet.<Integer> of())); return true; }
securityGroup = securityGroupApi.createWithDescription(SECURITY_GROUP_NAME, "test security group"); assertNotNull(securityGroup); SecurityGroupRule rule = securityGroupApi.createRuleAllowingCidrBlock(securityGroup.getId(), Ingress .builder().ipProtocol(IpProtocol.TCP).fromPort(port).toPort(port).build(), "0.0.0.0/0"); assertNotNull(rule); SecurityGroupRule rule2 = securityGroupApi.createRuleAllowingSecurityGroupId(securityGroup.getId(), Ingress.builder().ipProtocol(IpProtocol.TCP).fromPort(port).toPort(port).build(), securityGroup .getId()); securityGroup = securityGroupApi.get(securityGroup.getId()); securityGroupApi.delete(securityGroup.getId());
/** * Returns the {@link SecurityGroup} instance for the target group. */ private static Optional<? extends SecurityGroup> getSecurityGroupForGroup(final SecurityGroupApi securityGroupApi, final String group) { return securityGroupApi.list().firstMatch(new Predicate<org.jclouds.openstack.nova.v2_0.domain.SecurityGroup>() { @Override public boolean apply(org.jclouds.openstack.nova.v2_0.domain.SecurityGroup secGrp) { return secGrp.getName().equals(group); } }); }
private void cleanupOrphanedSecurityGroupsInZone(Set<String> groups, String zoneId) { Optional<? extends SecurityGroupApi> securityGroupApi = novaApi.getSecurityGroupExtensionForZone(zoneId); if (securityGroupApi.isPresent()) { for (String group : groups) { for (SecurityGroup securityGroup : Iterables.filter(securityGroupApi.get().list(), SecurityGroupPredicates.nameMatches(namingConvention.create().containsGroup(group)))) { ZoneAndName zoneAndName = ZoneAndName.fromZoneAndName(zoneId, securityGroup.getName()); logger.debug(">> deleting securityGroup(%s)", zoneAndName); securityGroupApi.get().delete(securityGroup.getId()); // TODO: test this clear happens securityGroupMap.invalidate(zoneAndName); logger.debug("<< deleted securityGroup(%s)", zoneAndName); } } } }
public void createGetAndDeleteSecurityGroup() throws Exception { for (String zoneId : api.getConfiguredZones()) { SecurityGroupApi securityGroupApi = api.getSecurityGroupExtensionForZone(zoneId).get(); SecurityGroup securityGroup = null; String id; try { securityGroup = securityGroupApi .createWithDescription(SECURITY_GROUP_NAME, "test security group"); assertNotNull(securityGroup); id = securityGroup.getId(); SecurityGroup theGroup = securityGroupApi.get(id); assertNotNull(theGroup); } finally { if (securityGroup != null) { securityGroupApi.delete(securityGroup.getId()); } } } }
sgApi.get().createRuleAllowingCidrBlock(id, Ingress.builder() .ipProtocol(ipPermission.getIpProtocol()) ZoneAndId zoneAndId = ZoneAndId.fromSlashEncoded(zoneAndGroupRaw); String groupId = zoneAndId.getId(); sgApi.get().createRuleAllowingSecurityGroupId(id, Ingress.builder() .ipProtocol(ipPermission.getIpProtocol())
/** * Authorizes access to the specified ports of the node, from the specified source. */ @Override public void authorize(ComputeService service, NodeMetadata node, String source, int... ports) { String region = AWSUtils.parseHandle(node.getId())[0]; Optional<? extends SecurityGroupApi> securityGroupApi = getSecurityGroup(service, region); if (securityGroupApi.isPresent()) { String groupName = "jclouds-" + node.getGroup(); Optional<? extends SecurityGroup> securityGroup = getSecurityGroupForGroup(securityGroupApi.get(), groupName); if (securityGroup.isPresent()) { for (int port : ports) { try { securityGroupApi.get().createRuleAllowingCidrBlock(securityGroup.get().getId(), Ingress.builder() .ipProtocol(IpProtocol.TCP) .fromPort(port).toPort(port).build(), source); } catch (IllegalStateException e) { //noop } } } } }
org.jclouds.openstack.nova.v2_0.domain.SecurityGroup securityGroup = sgApi.get().get(id); ruleStartPort(ipPermission.getFromPort()), ruleEndPort(ipPermission.getToPort())))) { sgApi.get().deleteRule(rule.getId()); ruleStartPort(ipPermission.getFromPort()), ruleEndPort(ipPermission.getToPort())))) { sgApi.get().deleteRule(rule.getId());
Optional<? extends SecurityGroup> group = securityGroupApi.get().list().firstMatch(new Predicate<SecurityGroup>() { @Override public boolean apply(SecurityGroup secGrp) { for (int port : ports) { try { securityGroupApi.get().createRuleAllowingCidrBlock(group.get().getId(), Ingress.builder() .ipProtocol(org.jclouds.openstack.nova.v2_0.domain.IpProtocol.TCP)
@Override public boolean removeSecurityGroup(String id) { checkNotNull(id, "id"); RegionAndId regionAndId = RegionAndId.fromSlashEncoded(id); String region = regionAndId.getRegion(); String groupId = regionAndId.getId(); Optional<? extends SecurityGroupApi> sgApi = api.getSecurityGroupApi(region); if (!sgApi.isPresent()) { return false; } // Would be nice to delete the group and invalidate the cache atomically - i.e. use a mutex. // Will make sure that a create operation in parallel won't see inconsistent state. boolean deleted = sgApi.get().delete(groupId); for (SecurityGroup cachedSg : groupCreator.asMap().values()) { if (id.equals(cachedSg.getId())) { String groupName = cachedSg.getName(); groupCreator.invalidate(new RegionSecurityGroupNameAndPorts(region, groupName, ImmutableSet.<Integer>of())); break; } } return deleted; }
@Override public SecurityGroup getSecurityGroupById(String id) { RegionAndId regionAndId = RegionAndId.fromSlashEncoded(checkNotNull(id, "id")); String region = regionAndId.getRegion(); String groupId = regionAndId.getId(); Optional<? extends SecurityGroupApi> sgApi = api.getSecurityGroupApi(region); if (!sgApi.isPresent()) { return null; } SecurityGroupInRegion rawGroup = new SecurityGroupInRegion(sgApi.get().get(groupId), region); return groupConverter.apply(rawGroup); }
public void testCreateSecurityGroupWhenResponseIs2xx() throws Exception { HttpRequest create = HttpRequest.builder().method("POST").endpoint( URI.create("https://az-1.region-a.geo-1.compute.hpcloudsvc.com/v1.1/3456/os-security-groups")).headers( ImmutableMultimap.<String, String> builder().put("Accept", "application/json").put("X-Auth-Token", authToken).build()) .payload( payloadFromStringWithContentType( "{\"security_group\":{\"name\":\"jclouds-test\",\"description\":\"jclouds-test\"}}", "application/json")).build(); HttpResponse createResponse = HttpResponse.builder().statusCode(200).payload( payloadFromResource("/securitygroup_created.json")).build(); NovaApi apiWhenSecurityGroupsExist = requestsSendResponses(keystoneAuthWithUsernameAndPasswordAndTenantName, responseWithKeystoneAccess, extensionsOfNovaRequest, extensionsOfNovaResponse, create, createResponse); assertEquals(apiWhenSecurityGroupsExist.getSecurityGroupExtensionForZone("az-1.region-a.geo-1").get() .createWithDescription("jclouds-test", "jclouds-test").toString(), createExpected().toString()); }
public void testCreateSecurityGroupRuleForSecurityGroupIdWhenResponseIs2xx() throws Exception { HttpRequest createRule = HttpRequest .builder() .method("POST") .endpoint("https://az-1.region-a.geo-1.compute.hpcloudsvc.com/v1.1/3456/os-security-group-rules") .addHeader("Accept", "application/json") .addHeader("X-Auth-Token", authToken) .payload( payloadFromStringWithContentType( "{\"security_group_rule\":{\"group_id\":\"999\",\"parent_group_id\":\"161\",\"ip_protocol\":\"tcp\",\"from_port\":\"80\",\"to_port\":\"8080\"}}", "application/json")).build(); HttpResponse createRuleResponse = HttpResponse.builder().statusCode(200).payload( payloadFromResource("/securitygrouprule_created.json")).build(); NovaApi apiWhenSecurityGroupsExist = requestsSendResponses(keystoneAuthWithUsernameAndPasswordAndTenantName, responseWithKeystoneAccess, extensionsOfNovaRequest, extensionsOfNovaResponse, createRule, createRuleResponse); assertEquals(apiWhenSecurityGroupsExist.getSecurityGroupExtensionForZone("az-1.region-a.geo-1").get() .createRuleAllowingSecurityGroupId("161", Ingress.builder().ipProtocol(IpProtocol.TCP).fromPort(80).toPort(8080).build(), "999") .toString(), createRuleExpected().toString()); }
securityGroup = securityGroupApi.createWithDescription(SECURITY_GROUP_NAME, "test security group"); assertNotNull(securityGroup); SecurityGroupRule rule = securityGroupApi.createRuleAllowingCidrBlock(securityGroup.getId(), Ingress .builder().ipProtocol(IpProtocol.TCP).fromPort(port).toPort(port).build(), "0.0.0.0/0"); assertNotNull(rule); SecurityGroupRule rule2 = securityGroupApi.createRuleAllowingSecurityGroupId(securityGroup.getId(), Ingress.builder().ipProtocol(IpProtocol.TCP).fromPort(port).toPort(port).build(), securityGroup .getId()); securityGroup = securityGroupApi.get(securityGroup.getId()); securityGroupApi.delete(securityGroup.getId());
@Override public Set<? extends SecurityGroupInRegion> apply(final String from) { Optional<? extends SecurityGroupApi> sgApi = api.getSecurityGroupApi(from); if (!sgApi.isPresent()) { return ImmutableSet.of(); } final FluentIterable<org.jclouds.openstack.nova.v2_0.domain.SecurityGroup> allGroups = sgApi.get().list(); return allGroups.transform(groupToGroupInRegion(allGroups, from)).toSet(); }
private void cleanupOrphanedSecurityGroupsInZone(Set<String> groups, String zoneId) { Optional<? extends SecurityGroupApi> securityGroupApi = novaApi.getSecurityGroupExtensionForZone(zoneId); if (securityGroupApi.isPresent()) { for (String group : groups) { for (SecurityGroup securityGroup : Iterables.filter(securityGroupApi.get().list(), SecurityGroupPredicates.nameMatches(namingConvention.create().containsGroup(group)))) { ZoneAndName zoneAndName = ZoneAndName.fromZoneAndName(zoneId, securityGroup.getName()); logger.debug(">> deleting securityGroup(%s)", zoneAndName); securityGroupApi.get().delete(securityGroup.getId()); // TODO: test this clear happens securityGroupMap.invalidate(zoneAndName); logger.debug("<< deleted securityGroup(%s)", zoneAndName); } } } }