Example 1 with GroupIdentifier
use of com.amazonaws.services.ec2.model.GroupIdentifier in project elasticsearch by elastic.
the class AwsEc2UnicastHostsProvider method fetchDynamicNodes.
protected List<DiscoveryNode> fetchDynamicNodes() {
List<DiscoveryNode> discoNodes = new ArrayList<>();
DescribeInstancesResult descInstances;
try {
// Query EC2 API based on AZ, instance state, and tag.
// NOTE: we don't filter by security group during the describe instances request for two reasons:
// 1. differences in VPCs require different parameters during query (ID vs Name)
// 2. We want to use two different strategies: (all security groups vs. any security groups)
descInstances = SocketAccess.doPrivileged(() -> client.describeInstances(buildDescribeInstancesRequest()));
} catch (AmazonClientException e) {
logger.info("Exception while retrieving instance list from AWS API: {}", e.getMessage());
logger.debug("Full exception:", e);
return discoNodes;
}
logger.trace("building dynamic unicast discovery nodes...");
for (Reservation reservation : descInstances.getReservations()) {
for (Instance instance : reservation.getInstances()) {
// lets see if we can filter based on groups
if (!groups.isEmpty()) {
List<GroupIdentifier> instanceSecurityGroups = instance.getSecurityGroups();
ArrayList<String> securityGroupNames = new ArrayList<String>();
ArrayList<String> securityGroupIds = new ArrayList<String>();
for (GroupIdentifier sg : instanceSecurityGroups) {
securityGroupNames.add(sg.getGroupName());
securityGroupIds.add(sg.getGroupId());
}
if (bindAnyGroup) {
// We check if we can find at least one group name or one group id in groups.
if (disjoint(securityGroupNames, groups) && disjoint(securityGroupIds, groups)) {
logger.trace("filtering out instance {} based on groups {}, not part of {}", instance.getInstanceId(), instanceSecurityGroups, groups);
// continue to the next instance
continue;
}
} else {
// We need tp match all group names or group ids, otherwise we ignore this instance
if (!(securityGroupNames.containsAll(groups) || securityGroupIds.containsAll(groups))) {
logger.trace("filtering out instance {} based on groups {}, does not include all of {}", instance.getInstanceId(), instanceSecurityGroups, groups);
// continue to the next instance
continue;
}
}
}
String address = null;
if (hostType.equals(PRIVATE_DNS)) {
address = instance.getPrivateDnsName();
} else if (hostType.equals(PRIVATE_IP)) {
address = instance.getPrivateIpAddress();
} else if (hostType.equals(PUBLIC_DNS)) {
address = instance.getPublicDnsName();
} else if (hostType.equals(PUBLIC_IP)) {
address = instance.getPublicIpAddress();
} else if (hostType.startsWith(TAG_PREFIX)) {
// Reading the node host from its metadata
String tagName = hostType.substring(TAG_PREFIX.length());
logger.debug("reading hostname from [{}] instance tag", tagName);
List<Tag> tags = instance.getTags();
for (Tag tag : tags) {
if (tag.getKey().equals(tagName)) {
address = tag.getValue();
logger.debug("using [{}] as the instance address", address);
}
}
} else {
throw new IllegalArgumentException(hostType + " is unknown for discovery.ec2.host_type");
}
if (address != null) {
try {
// we only limit to 1 port per address, makes no sense to ping 100 ports
TransportAddress[] addresses = transportService.addressesFromString(address, 1);
for (int i = 0; i < addresses.length; i++) {
logger.trace("adding {}, address {}, transport_address {}", instance.getInstanceId(), address, addresses[i]);
discoNodes.add(new DiscoveryNode(instance.getInstanceId(), "#cloud-" + instance.getInstanceId() + "-" + i, addresses[i], emptyMap(), emptySet(), Version.CURRENT.minimumCompatibilityVersion()));
}
} catch (Exception e) {
final String finalAddress = address;
logger.warn((Supplier<?>) () -> new ParameterizedMessage("failed to add {}, address {}", instance.getInstanceId(), finalAddress), e);
}
} else {
logger.trace("not adding {}, address is null, host_type {}", instance.getInstanceId(), hostType);
}
}
}
logger.debug("using dynamic discovery nodes {}", discoNodes);
return discoNodes;
}
Also used :
DiscoveryNode(org.elasticsearch.cluster.node.DiscoveryNode)
Instance(com.amazonaws.services.ec2.model.Instance)
TransportAddress(org.elasticsearch.common.transport.TransportAddress)
AmazonClientException(com.amazonaws.AmazonClientException)
ArrayList(java.util.ArrayList)
Collections.disjoint(java.util.Collections.disjoint)
AmazonClientException(com.amazonaws.AmazonClientException)
GroupIdentifier(com.amazonaws.services.ec2.model.GroupIdentifier)
DescribeInstancesResult(com.amazonaws.services.ec2.model.DescribeInstancesResult)
Reservation(com.amazonaws.services.ec2.model.Reservation)
Supplier(org.apache.logging.log4j.util.Supplier)
ParameterizedMessage(org.apache.logging.log4j.message.ParameterizedMessage)
Tag(com.amazonaws.services.ec2.model.Tag)
Example 2 with GroupIdentifier
use of com.amazonaws.services.ec2.model.GroupIdentifier in project photon-model by vmware.
the class TestAWSProvisionTask method assertVMSercurityGroupsConfiguration.
private void assertVMSercurityGroupsConfiguration(Instance instance, ComputeState vm) {
// This assert is only suitable for real (non-mocking env).
if (this.isMock) {
return;
}
this.host.log(Level.INFO, "%s: Assert security groups configuration for [%s] VM", this.currentTestName.getMethodName(), this.vmState.name);
// Get the SecurityGroupStates that were provided in the request ComputeState
Collector<SecurityGroupState, ?, Map<String, SecurityGroupState>> convertToMap = Collectors.<SecurityGroupState, String, SecurityGroupState>toMap(sg -> sg.name, sg -> sg);
Map<String, SecurityGroupState> currentSGNamesToStates = vm.networkInterfaceLinks.stream().map(nicLink -> this.host.getServiceState(null, NetworkInterfaceState.class, UriUtils.buildUri(this.host, nicLink))).<// collect all SecurityGroup States from all NIC states
SecurityGroupState>flatMap(nicState -> nicState.securityGroupLinks.stream().map(sgLink -> {
SecurityGroupState sgState = this.host.getServiceState(null, SecurityGroupState.class, UriUtils.buildUri(this.host, sgLink));
return sgState;
})).collect(convertToMap);
// Compare ComputeState after provisioning to the ComputeState in the request
assertNotNull("Instance should have security groups attached.", instance.getSecurityGroups());
// Provisioned Instance should have the same number of SecurityGroups as requested
assertEquals(instance.getSecurityGroups().size(), currentSGNamesToStates.size());
for (SecurityGroupState currentSGState : currentSGNamesToStates.values()) {
// Get corresponding requested state
GroupIdentifier provisionedGroupIdentifier = null;
for (GroupIdentifier awsGroupIdentifier : instance.getSecurityGroups()) {
if (awsGroupIdentifier.getGroupId().equals(currentSGState.id)) {
provisionedGroupIdentifier = awsGroupIdentifier;
break;
}
}
// Ensure that the requested SecurityGroup was actually provisioned
assertNotNull(provisionedGroupIdentifier);
if (currentSGState.name.contains(TestAWSSetupUtils.AWS_NEW_GROUP_PREFIX)) {
this.sgToCleanUp = currentSGState.id;
SecurityGroup awsSecurityGroup = getSecurityGroupsIdUsingEC2Client(this.client, provisionedGroupIdentifier.getGroupId());
assertNotNull(awsSecurityGroup);
// Validate rules are correctly created as requested
IpPermission awsIngressRule = awsSecurityGroup.getIpPermissions().get(0);
IpPermission awsEgressRule = awsSecurityGroup.getIpPermissionsEgress().get(1);
assertNotNull(awsIngressRule);
assertNotNull(awsEgressRule);
assertEquals("Error in created ingress rule", awsIngressRule.getIpProtocol(), currentSGState.ingress.get(0).protocol);
assertEquals("Error in created ingress rule", awsIngressRule.getIpv4Ranges().get(0).getCidrIp(), currentSGState.ingress.get(0).ipRangeCidr);
assertEquals("Error in created egress rule", awsEgressRule.getIpProtocol(), currentSGState.egress.get(0).protocol);
assertEquals("Error in created egress rule", awsEgressRule.getIpv4Ranges().get(0).getCidrIp(), currentSGState.egress.get(0).ipRangeCidr);
}
}
}
Also used :
AuthCredentialsServiceState(com.vmware.xenon.services.common.AuthCredentialsService.AuthCredentialsServiceState)
ProvisionComputeTaskService(com.vmware.photon.controller.model.tasks.ProvisionComputeTaskService)
TestAWSSetupUtils.createAWSComputeHost(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSComputeHost)
PhotonModelServices(com.vmware.photon.controller.model.PhotonModelServices)
VerificationHost(com.vmware.xenon.common.test.VerificationHost)
TestAWSSetupUtils.createAWSResourcePool(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSResourcePool)
TestAWSSetupUtils.tearDownTestVpc(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.tearDownTestVpc)
DEVICE_NAME(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.DEVICE_NAME)
TestAWSSetupUtils.setUpTestVpc(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.setUpTestVpc)
CommandLineArgumentParser(com.vmware.xenon.common.CommandLineArgumentParser)
Utils(com.vmware.xenon.common.Utils)
AWSBlockDeviceNameMapper(com.vmware.photon.controller.model.adapters.awsadapter.util.AWSBlockDeviceNameMapper)
TestAWSSetupUtils.verifyRemovalOfResourceState(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.verifyRemovalOfResourceState)
Map(java.util.Map)
GroupIdentifier(com.amazonaws.services.ec2.model.GroupIdentifier)
After(org.junit.After)
TestUtils.getExecutor(com.vmware.photon.controller.model.adapters.awsadapter.TestUtils.getExecutor)
Collector(java.util.stream.Collector)
ProvisioningUtils(com.vmware.photon.controller.model.tasks.ProvisioningUtils)
AwsNicSpecs(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.AwsNicSpecs)
EndpointState(com.vmware.photon.controller.model.resources.EndpointService.EndpointState)
ComputeStatsResponse(com.vmware.photon.controller.model.adapterapi.ComputeStatsResponse)
ComputeStatsRequest(com.vmware.photon.controller.model.adapterapi.ComputeStatsRequest)
NetworkInterfaceState(com.vmware.photon.controller.model.resources.NetworkInterfaceService.NetworkInterfaceState)
StatelessService(com.vmware.xenon.common.StatelessService)
AWS_VM_REQUEST_TIMEOUT_MINUTES(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.AWS_VM_REQUEST_TIMEOUT_MINUTES)
DescribeVolumesResult(com.amazonaws.services.ec2.model.DescribeVolumesResult)
TestUtils(com.vmware.photon.controller.model.tasks.TestUtils)
Set(java.util.Set)
DiskState(com.vmware.photon.controller.model.resources.DiskService.DiskState)
UUID(java.util.UUID)
SecurityGroup(com.amazonaws.services.ec2.model.SecurityGroup)
Collectors(java.util.stream.Collectors)
VOLUME_TYPE(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.VOLUME_TYPE)
TestAWSSetupUtils.avalabilityZoneIdentifier(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.avalabilityZoneIdentifier)
TestAWSSetupUtils.getSecurityGroupsIdUsingEC2Client(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.getSecurityGroupsIdUsingEC2Client)
List(java.util.List)
TagService(com.vmware.photon.controller.model.resources.TagService)
Tag(com.amazonaws.services.ec2.model.Tag)
UriUtils(com.vmware.xenon.common.UriUtils)
ComputeService(com.vmware.photon.controller.model.resources.ComputeService)
DiskService(com.vmware.photon.controller.model.resources.DiskService)
SingleResourceTaskCollectionStage(com.vmware.photon.controller.model.tasks.monitoring.SingleResourceStatsCollectionTaskService.SingleResourceTaskCollectionStage)
InstanceNetworkInterface(com.amazonaws.services.ec2.model.InstanceNetworkInterface)
TestAWSSetupUtils.deleteSecurityGroupUsingEC2Client(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.deleteSecurityGroupUsingEC2Client)
DISK_IOPS(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.DISK_IOPS)
PhotonModelMetricServices(com.vmware.photon.controller.model.PhotonModelMetricServices)
ResourcePoolState(com.vmware.photon.controller.model.resources.ResourcePoolService.ResourcePoolState)
HashMap(java.util.HashMap)
TestAWSSetupUtils.zoneId(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.zoneId)
ProvisionComputeTaskState(com.vmware.photon.controller.model.tasks.ProvisionComputeTaskService.ProvisionComputeTaskState)
ArrayList(java.util.ArrayList)
Level(java.util.logging.Level)
SecurityGroupState(com.vmware.photon.controller.model.resources.SecurityGroupService.SecurityGroupState)
HashSet(java.util.HashSet)
TestAWSSetupUtils.getAwsInstancesByIds(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.getAwsInstancesByIds)
TagState(com.vmware.photon.controller.model.resources.TagService.TagState)
InstanceBlockDeviceMapping(com.amazonaws.services.ec2.model.InstanceBlockDeviceMapping)
ComputeState(com.vmware.photon.controller.model.resources.ComputeService.ComputeState)
TestName(org.junit.rules.TestName)
DescribeVolumesRequest(com.amazonaws.services.ec2.model.DescribeVolumesRequest)
Volume(com.amazonaws.services.ec2.model.Volume)
PLACEMENT_LINK(com.vmware.photon.controller.model.ComputeProperties.PLACEMENT_LINK)
ComputeStats(com.vmware.photon.controller.model.adapterapi.ComputeStatsResponse.ComputeStats)
DEVICE_TYPE(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.DEVICE_TYPE)
Instance(com.amazonaws.services.ec2.model.Instance)
Before(org.junit.Before)
TestAWSSetupUtils.createAWSAuthentication(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSAuthentication)
PhotonModelTaskServices(com.vmware.photon.controller.model.tasks.PhotonModelTaskServices)
Assert.assertNotNull(org.junit.Assert.assertNotNull)
Operation(com.vmware.xenon.common.Operation)
Assert.assertTrue(org.junit.Assert.assertTrue)
TestAWSSetupUtils.getCompute(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.getCompute)
Test(org.junit.Test)
ServiceStat(com.vmware.xenon.common.ServiceStats.ServiceStat)
TimeUnit(java.util.concurrent.TimeUnit)
TestAWSSetupUtils.createAWSVMResource(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSVMResource)
Rule(org.junit.Rule)
PhotonModelAdaptersRegistryAdapters(com.vmware.photon.controller.model.adapters.registry.PhotonModelAdaptersRegistryAdapters)
PhotonModelConstants(com.vmware.photon.controller.model.constants.PhotonModelConstants)
TestAWSSetupUtils.regionId(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.regionId)
TestAWSSetupUtils.setAwsClientMockInfo(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.setAwsClientMockInfo)
IpPermission(com.amazonaws.services.ec2.model.IpPermission)
Collections(java.util.Collections)
Assert.assertEquals(org.junit.Assert.assertEquals)
AmazonEC2AsyncClient(com.amazonaws.services.ec2.AmazonEC2AsyncClient)
NetworkInterfaceState(com.vmware.photon.controller.model.resources.NetworkInterfaceService.NetworkInterfaceState)
SecurityGroupState(com.vmware.photon.controller.model.resources.SecurityGroupService.SecurityGroupState)
IpPermission(com.amazonaws.services.ec2.model.IpPermission)
SecurityGroup(com.amazonaws.services.ec2.model.SecurityGroup)
Map(java.util.Map)
HashMap(java.util.HashMap)
GroupIdentifier(com.amazonaws.services.ec2.model.GroupIdentifier)
Example 3 with GroupIdentifier
use of com.amazonaws.services.ec2.model.GroupIdentifier in project photon-model by vmware.
the class AWSComputeDiskDay2ServiceTest method assertAndSetVMSecurityGroupsToBeDeleted.
private void assertAndSetVMSecurityGroupsToBeDeleted(Instance instance, ComputeState vm) {
// This assert is only suitable for real (non-mocking env).
if (this.isMock) {
return;
}
this.host.log(Level.INFO, "%s: Assert security groups configuration for [%s] VM", this.currentTestName.getMethodName(), this.vmState.name);
// Get the SecurityGroupStates that were provided in the request ComputeState
Collector<SecurityGroupService.SecurityGroupState, ?, Map<String, SecurityGroupService.SecurityGroupState>> convertToMap = Collectors.<SecurityGroupService.SecurityGroupState, String, SecurityGroupService.SecurityGroupState>toMap(sg -> sg.name, sg -> sg);
Map<String, SecurityGroupService.SecurityGroupState> currentSGNamesToStates = vm.networkInterfaceLinks.stream().map(nicLink -> this.host.getServiceState(null, NetworkInterfaceService.NetworkInterfaceState.class, UriUtils.buildUri(this.host, nicLink))).<// collect all SecurityGroup States from all NIC states
SecurityGroupService.SecurityGroupState>flatMap(nicState -> nicState.securityGroupLinks.stream().map(sgLink -> {
SecurityGroupService.SecurityGroupState sgState = this.host.getServiceState(null, SecurityGroupService.SecurityGroupState.class, UriUtils.buildUri(this.host, sgLink));
return sgState;
})).collect(convertToMap);
// Compare ComputeState after provisioning to the ComputeState in the request
assertNotNull("Instance should have security groups attached.", instance.getSecurityGroups());
// Provisioned Instance should have the same number of SecurityGroups as requested
assertEquals(instance.getSecurityGroups().size(), currentSGNamesToStates.size());
for (SecurityGroupService.SecurityGroupState currentSGState : currentSGNamesToStates.values()) {
// Get corresponding requested state
GroupIdentifier provisionedGroupIdentifier = null;
for (GroupIdentifier awsGroupIdentifier : instance.getSecurityGroups()) {
if (awsGroupIdentifier.getGroupId().equals(currentSGState.id)) {
provisionedGroupIdentifier = awsGroupIdentifier;
break;
}
}
// Ensure that the requested SecurityGroup was actually provisioned
assertNotNull(provisionedGroupIdentifier);
if (currentSGState.name.contains(TestAWSSetupUtils.AWS_NEW_GROUP_PREFIX)) {
this.sgToCleanUp = currentSGState.id;
SecurityGroup awsSecurityGroup = getSecurityGroupsIdUsingEC2Client(this.client, provisionedGroupIdentifier.getGroupId());
assertNotNull(awsSecurityGroup);
// Validate rules are correctly created as requested
IpPermission awsIngressRule = awsSecurityGroup.getIpPermissions().get(0);
IpPermission awsEgressRule = awsSecurityGroup.getIpPermissionsEgress().get(1);
assertNotNull(awsIngressRule);
assertNotNull(awsEgressRule);
assertEquals("Error in created ingress rule", awsIngressRule.getIpProtocol(), currentSGState.ingress.get(0).protocol);
assertEquals("Error in created ingress rule", awsIngressRule.getIpv4Ranges().get(0).getCidrIp(), currentSGState.ingress.get(0).ipRangeCidr);
assertEquals("Error in created egress rule", awsEgressRule.getIpProtocol(), currentSGState.egress.get(0).protocol);
assertEquals("Error in created egress rule", awsEgressRule.getIpv4Ranges().get(0).getCidrIp(), currentSGState.egress.get(0).ipRangeCidr);
}
}
}
Also used :
Arrays(java.util.Arrays)
ProvisionComputeTaskService(com.vmware.photon.controller.model.tasks.ProvisionComputeTaskService)
TestAWSSetupUtils.createAWSComputeHost(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSComputeHost)
ServiceMetadata(com.vmware.photon.controller.model.util.StartServicesHelper.ServiceMetadata)
PhotonModelServices(com.vmware.photon.controller.model.PhotonModelServices)
VerificationHost(com.vmware.xenon.common.test.VerificationHost)
TestAWSSetupUtils.createAWSResourcePool(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSResourcePool)
TestAWSSetupUtils.tearDownTestVpc(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.tearDownTestVpc)
DEVICE_NAME(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.DEVICE_NAME)
TestAWSSetupUtils.setUpTestVpc(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.setUpTestVpc)
ResourceOperationRequest(com.vmware.photon.controller.model.adapters.registry.operations.ResourceOperationRequest)
CommandLineArgumentParser(com.vmware.xenon.common.CommandLineArgumentParser)
Utils(com.vmware.xenon.common.Utils)
TaskFactoryService(com.vmware.xenon.services.common.TaskFactoryService)
StartServicesHelper(com.vmware.photon.controller.model.util.StartServicesHelper)
Gson(com.google.gson.Gson)
AWSBlockDeviceNameMapper(com.vmware.photon.controller.model.adapters.awsadapter.util.AWSBlockDeviceNameMapper)
TestAWSSetupUtils.verifyRemovalOfResourceState(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.verifyRemovalOfResourceState)
Duration(java.time.Duration)
Map(java.util.Map)
GroupIdentifier(com.amazonaws.services.ec2.model.GroupIdentifier)
After(org.junit.After)
ResourcePoolService(com.vmware.photon.controller.model.resources.ResourcePoolService)
TestUtils.getExecutor(com.vmware.photon.controller.model.adapters.awsadapter.TestUtils.getExecutor)
ProvisionDiskTaskService(com.vmware.photon.controller.model.tasks.ProvisionDiskTaskService)
ServiceDocumentQueryResult(com.vmware.xenon.common.ServiceDocumentQueryResult)
Collector(java.util.stream.Collector)
ProvisioningUtils(com.vmware.photon.controller.model.tasks.ProvisioningUtils)
EndpointState(com.vmware.photon.controller.model.resources.EndpointService.EndpointState)
TestRequestSender(com.vmware.xenon.common.test.TestRequestSender)
AWS_VM_REQUEST_TIMEOUT_MINUTES(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.AWS_VM_REQUEST_TIMEOUT_MINUTES)
ResourceOperationResponse(com.vmware.photon.controller.model.adapterapi.ResourceOperationResponse)
TestUtils(com.vmware.photon.controller.model.tasks.TestUtils)
DiskState(com.vmware.photon.controller.model.resources.DiskService.DiskState)
CompletionException(java.util.concurrent.CompletionException)
SecurityGroup(com.amazonaws.services.ec2.model.SecurityGroup)
Collectors(java.util.stream.Collectors)
TestAWSSetupUtils.getResourceState(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.getResourceState)
TestAWSSetupUtils.avalabilityZoneIdentifier(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.avalabilityZoneIdentifier)
TestAWSSetupUtils.getSecurityGroupsIdUsingEC2Client(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.getSecurityGroupsIdUsingEC2Client)
List(java.util.List)
TestAWSSetupUtils.getAwsDisksByIds(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.getAwsDisksByIds)
NetworkInterfaceService(com.vmware.photon.controller.model.resources.NetworkInterfaceService)
AWSSupportedOS(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.AWSSupportedOS)
ResourceOperation(com.vmware.photon.controller.model.adapters.registry.operations.ResourceOperation)
UriUtils(com.vmware.xenon.common.UriUtils)
TaskState(com.vmware.xenon.common.TaskState)
FactoryService(com.vmware.xenon.common.FactoryService)
DiskService(com.vmware.photon.controller.model.resources.DiskService)
TaskService(com.vmware.xenon.services.common.TaskService)
ServiceMetadata.factoryService(com.vmware.photon.controller.model.util.StartServicesHelper.ServiceMetadata.factoryService)
TestAWSSetupUtils.deleteSecurityGroupUsingEC2Client(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.deleteSecurityGroupUsingEC2Client)
PhotonModelMetricServices(com.vmware.photon.controller.model.PhotonModelMetricServices)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
Level(java.util.logging.Level)
TestAWSSetupUtils.getAwsInstancesByIds(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.getAwsInstancesByIds)
AuthCredentialsService(com.vmware.xenon.services.common.AuthCredentialsService)
UriPaths(com.vmware.photon.controller.model.UriPaths)
TestProvisionAWSDisk.createAWSDiskState(com.vmware.photon.controller.model.adapters.awsadapter.TestProvisionAWSDisk.createAWSDiskState)
ComputeState(com.vmware.photon.controller.model.resources.ComputeService.ComputeState)
TestName(org.junit.rules.TestName)
Volume(com.amazonaws.services.ec2.model.Volume)
PLACEMENT_LINK(com.vmware.photon.controller.model.ComputeProperties.PLACEMENT_LINK)
DEVICE_TYPE(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.DEVICE_TYPE)
Instance(com.amazonaws.services.ec2.model.Instance)
Before(org.junit.Before)
TestAWSSetupUtils.createAWSAuthentication(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSAuthentication)
PhotonModelTaskServices(com.vmware.photon.controller.model.tasks.PhotonModelTaskServices)
Assert.assertNotNull(org.junit.Assert.assertNotNull)
AWSStorageType(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.AWSStorageType)
Operation(com.vmware.xenon.common.Operation)
SecurityGroupService(com.vmware.photon.controller.model.resources.SecurityGroupService)
Assert.assertTrue(org.junit.Assert.assertTrue)
Test(org.junit.Test)
AWSSupportedVirtualizationTypes(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.AWSSupportedVirtualizationTypes)
TimeUnit(java.util.concurrent.TimeUnit)
TestAWSSetupUtils.createAWSVMResource(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSVMResource)
Rule(org.junit.Rule)
TestContext(com.vmware.xenon.common.test.TestContext)
PhotonModelAdaptersRegistryAdapters(com.vmware.photon.controller.model.adapters.registry.PhotonModelAdaptersRegistryAdapters)
PhotonModelConstants(com.vmware.photon.controller.model.constants.PhotonModelConstants)
TestAWSSetupUtils.regionId(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.regionId)
TestAWSSetupUtils.setAwsClientMockInfo(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.setAwsClientMockInfo)
IpPermission(com.amazonaws.services.ec2.model.IpPermission)
Collections(java.util.Collections)
Assert.assertEquals(org.junit.Assert.assertEquals)
AmazonEC2AsyncClient(com.amazonaws.services.ec2.AmazonEC2AsyncClient)
IpPermission(com.amazonaws.services.ec2.model.IpPermission)
SecurityGroupService(com.vmware.photon.controller.model.resources.SecurityGroupService)
SecurityGroup(com.amazonaws.services.ec2.model.SecurityGroup)
Map(java.util.Map)
HashMap(java.util.HashMap)
GroupIdentifier(com.amazonaws.services.ec2.model.GroupIdentifier)
Example 4 with GroupIdentifier
use of com.amazonaws.services.ec2.model.GroupIdentifier in project photon-model by vmware.
the class AWSRebootServiceTest method assertAndSetVMSecurityGroupsToBeDeleted.
private void assertAndSetVMSecurityGroupsToBeDeleted(Instance instance, ComputeState vm) {
// This assert is only suitable for real (non-mocking env).
if (this.isMock) {
return;
}
this.host.log(Level.INFO, "%s: Assert security groups configuration for [%s] VM", this.currentTestName.getMethodName(), this.vmState.name);
// Get the SecurityGroupStates that were provided in the request ComputeState
Collector<SecurityGroupState, ?, Map<String, SecurityGroupState>> convertToMap = Collectors.<SecurityGroupState, String, SecurityGroupState>toMap(sg -> sg.name, sg -> sg);
Map<String, SecurityGroupState> currentSGNamesToStates = vm.networkInterfaceLinks.stream().map(nicLink -> this.host.getServiceState(null, NetworkInterfaceState.class, UriUtils.buildUri(this.host, nicLink))).<// collect all SecurityGroup States from all NIC states
SecurityGroupState>flatMap(nicState -> nicState.securityGroupLinks.stream().map(sgLink -> {
SecurityGroupState sgState = this.host.getServiceState(null, SecurityGroupState.class, UriUtils.buildUri(this.host, sgLink));
return sgState;
})).collect(convertToMap);
// Compare ComputeState after provisioning to the ComputeState in the request
assertNotNull("Instance should have security groups attached.", instance.getSecurityGroups());
// Provisioned Instance should have the same number of SecurityGroups as requested
assertEquals(instance.getSecurityGroups().size(), currentSGNamesToStates.size());
for (SecurityGroupState currentSGState : currentSGNamesToStates.values()) {
// Get corresponding requested state
GroupIdentifier provisionedGroupIdentifier = null;
for (GroupIdentifier awsGroupIdentifier : instance.getSecurityGroups()) {
if (awsGroupIdentifier.getGroupId().equals(currentSGState.id)) {
provisionedGroupIdentifier = awsGroupIdentifier;
break;
}
}
// Ensure that the requested SecurityGroup was actually provisioned
assertNotNull(provisionedGroupIdentifier);
if (currentSGState.name.contains(TestAWSSetupUtils.AWS_NEW_GROUP_PREFIX)) {
this.sgToCleanUp = currentSGState.id;
SecurityGroup awsSecurityGroup = getSecurityGroupsIdUsingEC2Client(this.client, provisionedGroupIdentifier.getGroupId());
assertNotNull(awsSecurityGroup);
// Validate rules are correctly created as requested
IpPermission awsIngressRule = awsSecurityGroup.getIpPermissions().get(0);
IpPermission awsEgressRule = awsSecurityGroup.getIpPermissionsEgress().get(1);
assertNotNull(awsIngressRule);
assertNotNull(awsEgressRule);
assertEquals("Error in created ingress rule", awsIngressRule.getIpProtocol(), currentSGState.ingress.get(0).protocol);
assertEquals("Error in created ingress rule", awsIngressRule.getIpv4Ranges().get(0).getCidrIp(), currentSGState.ingress.get(0).ipRangeCidr);
assertEquals("Error in created egress rule", awsEgressRule.getIpProtocol(), currentSGState.egress.get(0).protocol);
assertEquals("Error in created egress rule", awsEgressRule.getIpv4Ranges().get(0).getCidrIp(), currentSGState.egress.get(0).ipRangeCidr);
}
}
}
Also used :
Service(com.vmware.xenon.common.Service)
AuthCredentialsServiceState(com.vmware.xenon.services.common.AuthCredentialsService.AuthCredentialsServiceState)
ProvisionComputeTaskService(com.vmware.photon.controller.model.tasks.ProvisionComputeTaskService)
TestAWSSetupUtils.createAWSComputeHost(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSComputeHost)
PhotonModelServices(com.vmware.photon.controller.model.PhotonModelServices)
VerificationHost(com.vmware.xenon.common.test.VerificationHost)
TestAWSSetupUtils.createAWSResourcePool(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSResourcePool)
TestAWSSetupUtils.tearDownTestVpc(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.tearDownTestVpc)
TestAWSSetupUtils.setUpTestVpc(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.setUpTestVpc)
ResourceOperationRequest(com.vmware.photon.controller.model.adapters.registry.operations.ResourceOperationRequest)
CommandLineArgumentParser(com.vmware.xenon.common.CommandLineArgumentParser)
Utils(com.vmware.xenon.common.Utils)
TestAWSSetupUtils.verifyRemovalOfResourceState(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.verifyRemovalOfResourceState)
Map(java.util.Map)
GroupIdentifier(com.amazonaws.services.ec2.model.GroupIdentifier)
After(org.junit.After)
TestUtils.getExecutor(com.vmware.photon.controller.model.adapters.awsadapter.TestUtils.getExecutor)
Collector(java.util.stream.Collector)
ProvisioningUtils(com.vmware.photon.controller.model.tasks.ProvisioningUtils)
AwsNicSpecs(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.AwsNicSpecs)
EndpointState(com.vmware.photon.controller.model.resources.EndpointService.EndpointState)
NetworkInterfaceState(com.vmware.photon.controller.model.resources.NetworkInterfaceService.NetworkInterfaceState)
StatelessService(com.vmware.xenon.common.StatelessService)
AWS_VM_REQUEST_TIMEOUT_MINUTES(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.AWS_VM_REQUEST_TIMEOUT_MINUTES)
ResourceOperationResponse(com.vmware.photon.controller.model.adapterapi.ResourceOperationResponse)
TestUtils(com.vmware.photon.controller.model.tasks.TestUtils)
UUID(java.util.UUID)
SecurityGroup(com.amazonaws.services.ec2.model.SecurityGroup)
Collectors(java.util.stream.Collectors)
TestAWSSetupUtils.getSecurityGroupsIdUsingEC2Client(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.getSecurityGroupsIdUsingEC2Client)
List(java.util.List)
ResourceOperation(com.vmware.photon.controller.model.adapters.registry.operations.ResourceOperation)
UriUtils(com.vmware.xenon.common.UriUtils)
ComputeService(com.vmware.photon.controller.model.resources.ComputeService)
TaskState(com.vmware.xenon.common.TaskState)
TestAWSSetupUtils.deleteSecurityGroupUsingEC2Client(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.deleteSecurityGroupUsingEC2Client)
PhotonModelMetricServices(com.vmware.photon.controller.model.PhotonModelMetricServices)
ResourcePoolState(com.vmware.photon.controller.model.resources.ResourcePoolService.ResourcePoolState)
HashMap(java.util.HashMap)
TestAWSSetupUtils.zoneId(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.zoneId)
Function(java.util.function.Function)
ProvisionComputeTaskState(com.vmware.photon.controller.model.tasks.ProvisionComputeTaskService.ProvisionComputeTaskState)
ArrayList(java.util.ArrayList)
Level(java.util.logging.Level)
SecurityGroupState(com.vmware.photon.controller.model.resources.SecurityGroupService.SecurityGroupState)
TestAWSSetupUtils.getAwsInstancesByIds(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.getAwsInstancesByIds)
ComputeState(com.vmware.photon.controller.model.resources.ComputeService.ComputeState)
TestName(org.junit.rules.TestName)
Instance(com.amazonaws.services.ec2.model.Instance)
Before(org.junit.Before)
TestAWSSetupUtils.createAWSAuthentication(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSAuthentication)
PhotonModelTaskServices(com.vmware.photon.controller.model.tasks.PhotonModelTaskServices)
Assert.assertNotNull(org.junit.Assert.assertNotNull)
Operation(com.vmware.xenon.common.Operation)
TestAWSSetupUtils.getCompute(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.getCompute)
Test(org.junit.Test)
TimeUnit(java.util.concurrent.TimeUnit)
TestAWSSetupUtils.createAWSVMResource(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSVMResource)
Rule(org.junit.Rule)
TestContext(com.vmware.xenon.common.test.TestContext)
PhotonModelAdaptersRegistryAdapters(com.vmware.photon.controller.model.adapters.registry.PhotonModelAdaptersRegistryAdapters)
TestAWSSetupUtils.regionId(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.regionId)
TestAWSSetupUtils.setAwsClientMockInfo(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.setAwsClientMockInfo)
IpPermission(com.amazonaws.services.ec2.model.IpPermission)
Collections(java.util.Collections)
Assert.assertEquals(org.junit.Assert.assertEquals)
AmazonEC2AsyncClient(com.amazonaws.services.ec2.AmazonEC2AsyncClient)
NetworkInterfaceState(com.vmware.photon.controller.model.resources.NetworkInterfaceService.NetworkInterfaceState)
SecurityGroupState(com.vmware.photon.controller.model.resources.SecurityGroupService.SecurityGroupState)
IpPermission(com.amazonaws.services.ec2.model.IpPermission)
SecurityGroup(com.amazonaws.services.ec2.model.SecurityGroup)
Map(java.util.Map)
HashMap(java.util.HashMap)
GroupIdentifier(com.amazonaws.services.ec2.model.GroupIdentifier)
Example 5 with GroupIdentifier
use of com.amazonaws.services.ec2.model.GroupIdentifier in project SimianArmy by Netflix.
the class InstanceInSecurityGroup method getInstanceSecurityGroups.
/**
* Gets the security groups for a list of instance ids of the same region. The default implementation
* is using an AWS client. The method can be overridden in subclasses to get the security groups differently.
* @param region
* the region of the instances
* @param instanceIds
* the instance ids, all instances should be in the same region.
* @return
* the map from instance id to the list of security group names the instance has
*/
protected Map<String, List<String>> getInstanceSecurityGroups(String region, String... instanceIds) {
Map<String, List<String>> result = Maps.newHashMap();
if (instanceIds == null || instanceIds.length == 0) {
return result;
}
AWSClient awsClient = new AWSClient(region, awsCredentialsProvider);
for (Instance instance : awsClient.describeInstances(instanceIds)) {
// Ignore instances that are in VPC
if (StringUtils.isNotEmpty(instance.getVpcId())) {
LOGGER.info(String.format("Instance %s is in VPC and is ignored.", instance.getInstanceId()));
continue;
}
if (!"running".equals(instance.getState().getName())) {
LOGGER.info(String.format("Instance %s is not running, state is %s.", instance.getInstanceId(), instance.getState().getName()));
continue;
}
List<String> sgs = Lists.newArrayList();
for (GroupIdentifier groupId : instance.getSecurityGroups()) {
sgs.add(groupId.getGroupName());
}
result.put(instance.getInstanceId(), sgs);
}
return result;
}
Also used :
Instance(com.amazonaws.services.ec2.model.Instance)
List(java.util.List)
AWSClient(com.netflix.simianarmy.client.aws.AWSClient)
GroupIdentifier(com.amazonaws.services.ec2.model.GroupIdentifier)
Aggregations
GroupIdentifier (com.amazonaws.services.ec2.model.GroupIdentifier)10
Instance (com.amazonaws.services.ec2.model.Instance)7
ArrayList (java.util.ArrayList)7
Operation (com.vmware.xenon.common.Operation)4
List (java.util.List)4
AmazonEC2AsyncClient (com.amazonaws.services.ec2.AmazonEC2AsyncClient)3
IpPermission (com.amazonaws.services.ec2.model.IpPermission)3
SecurityGroup (com.amazonaws.services.ec2.model.SecurityGroup)3
Tag (com.amazonaws.services.ec2.model.Tag)3
PhotonModelMetricServices (com.vmware.photon.controller.model.PhotonModelMetricServices)3
PhotonModelServices (com.vmware.photon.controller.model.PhotonModelServices)3
AWS_VM_REQUEST_TIMEOUT_MINUTES (com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.AWS_VM_REQUEST_TIMEOUT_MINUTES)3
TestAWSSetupUtils.createAWSAuthentication (com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSAuthentication)3
TestAWSSetupUtils.createAWSComputeHost (com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSComputeHost)3
TestAWSSetupUtils.createAWSResourcePool (com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSResourcePool)3
TestAWSSetupUtils.createAWSVMResource (com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSVMResource)3
TestAWSSetupUtils.deleteSecurityGroupUsingEC2Client (com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.deleteSecurityGroupUsingEC2Client)3
TestAWSSetupUtils.getAwsInstancesByIds (com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.getAwsInstancesByIds)3
TestAWSSetupUtils.getSecurityGroupsIdUsingEC2Client (com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.getSecurityGroupsIdUsingEC2Client)3
TestAWSSetupUtils.regionId (com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.regionId)3
