Search in sources :

Example 1 with GroupIdentifier

use of com.amazonaws.services.ec2.model.GroupIdentifier in project elasticsearch by elastic.

the class AwsEc2UnicastHostsProvider method fetchDynamicNodes.

protected List<DiscoveryNode> fetchDynamicNodes() {
    List<DiscoveryNode> discoNodes = new ArrayList<>();
    DescribeInstancesResult descInstances;
    try {
        // Query EC2 API based on AZ, instance state, and tag.
        // NOTE: we don't filter by security group during the describe instances request for two reasons:
        // 1. differences in VPCs require different parameters during query (ID vs Name)
        // 2. We want to use two different strategies: (all security groups vs. any security groups)
        descInstances = SocketAccess.doPrivileged(() -> client.describeInstances(buildDescribeInstancesRequest()));
    } catch (AmazonClientException e) {
        logger.info("Exception while retrieving instance list from AWS API: {}", e.getMessage());
        logger.debug("Full exception:", e);
        return discoNodes;
    }
    logger.trace("building dynamic unicast discovery nodes...");
    for (Reservation reservation : descInstances.getReservations()) {
        for (Instance instance : reservation.getInstances()) {
            // lets see if we can filter based on groups
            if (!groups.isEmpty()) {
                List<GroupIdentifier> instanceSecurityGroups = instance.getSecurityGroups();
                ArrayList<String> securityGroupNames = new ArrayList<String>();
                ArrayList<String> securityGroupIds = new ArrayList<String>();
                for (GroupIdentifier sg : instanceSecurityGroups) {
                    securityGroupNames.add(sg.getGroupName());
                    securityGroupIds.add(sg.getGroupId());
                }
                if (bindAnyGroup) {
                    // We check if we can find at least one group name or one group id in groups.
                    if (disjoint(securityGroupNames, groups) && disjoint(securityGroupIds, groups)) {
                        logger.trace("filtering out instance {} based on groups {}, not part of {}", instance.getInstanceId(), instanceSecurityGroups, groups);
                        // continue to the next instance
                        continue;
                    }
                } else {
                    // We need tp match all group names or group ids, otherwise we ignore this instance
                    if (!(securityGroupNames.containsAll(groups) || securityGroupIds.containsAll(groups))) {
                        logger.trace("filtering out instance {} based on groups {}, does not include all of {}", instance.getInstanceId(), instanceSecurityGroups, groups);
                        // continue to the next instance
                        continue;
                    }
                }
            }
            String address = null;
            if (hostType.equals(PRIVATE_DNS)) {
                address = instance.getPrivateDnsName();
            } else if (hostType.equals(PRIVATE_IP)) {
                address = instance.getPrivateIpAddress();
            } else if (hostType.equals(PUBLIC_DNS)) {
                address = instance.getPublicDnsName();
            } else if (hostType.equals(PUBLIC_IP)) {
                address = instance.getPublicIpAddress();
            } else if (hostType.startsWith(TAG_PREFIX)) {
                // Reading the node host from its metadata
                String tagName = hostType.substring(TAG_PREFIX.length());
                logger.debug("reading hostname from [{}] instance tag", tagName);
                List<Tag> tags = instance.getTags();
                for (Tag tag : tags) {
                    if (tag.getKey().equals(tagName)) {
                        address = tag.getValue();
                        logger.debug("using [{}] as the instance address", address);
                    }
                }
            } else {
                throw new IllegalArgumentException(hostType + " is unknown for discovery.ec2.host_type");
            }
            if (address != null) {
                try {
                    // we only limit to 1 port per address, makes no sense to ping 100 ports
                    TransportAddress[] addresses = transportService.addressesFromString(address, 1);
                    for (int i = 0; i < addresses.length; i++) {
                        logger.trace("adding {}, address {}, transport_address {}", instance.getInstanceId(), address, addresses[i]);
                        discoNodes.add(new DiscoveryNode(instance.getInstanceId(), "#cloud-" + instance.getInstanceId() + "-" + i, addresses[i], emptyMap(), emptySet(), Version.CURRENT.minimumCompatibilityVersion()));
                    }
                } catch (Exception e) {
                    final String finalAddress = address;
                    logger.warn((Supplier<?>) () -> new ParameterizedMessage("failed to add {}, address {}", instance.getInstanceId(), finalAddress), e);
                }
            } else {
                logger.trace("not adding {}, address is null, host_type {}", instance.getInstanceId(), hostType);
            }
        }
    }
    logger.debug("using dynamic discovery nodes {}", discoNodes);
    return discoNodes;
}
Also used : DiscoveryNode(org.elasticsearch.cluster.node.DiscoveryNode) Instance(com.amazonaws.services.ec2.model.Instance) TransportAddress(org.elasticsearch.common.transport.TransportAddress) AmazonClientException(com.amazonaws.AmazonClientException) ArrayList(java.util.ArrayList) Collections.disjoint(java.util.Collections.disjoint) AmazonClientException(com.amazonaws.AmazonClientException) GroupIdentifier(com.amazonaws.services.ec2.model.GroupIdentifier) DescribeInstancesResult(com.amazonaws.services.ec2.model.DescribeInstancesResult) Reservation(com.amazonaws.services.ec2.model.Reservation) Supplier(org.apache.logging.log4j.util.Supplier) ParameterizedMessage(org.apache.logging.log4j.message.ParameterizedMessage) Tag(com.amazonaws.services.ec2.model.Tag)

Example 2 with GroupIdentifier

use of com.amazonaws.services.ec2.model.GroupIdentifier in project photon-model by vmware.

the class TestAWSProvisionTask method assertVMSercurityGroupsConfiguration.

private void assertVMSercurityGroupsConfiguration(Instance instance, ComputeState vm) {
    // This assert is only suitable for real (non-mocking env).
    if (this.isMock) {
        return;
    }
    this.host.log(Level.INFO, "%s: Assert security groups configuration for [%s] VM", this.currentTestName.getMethodName(), this.vmState.name);
    // Get the SecurityGroupStates that were provided in the request ComputeState
    Collector<SecurityGroupState, ?, Map<String, SecurityGroupState>> convertToMap = Collectors.<SecurityGroupState, String, SecurityGroupState>toMap(sg -> sg.name, sg -> sg);
    Map<String, SecurityGroupState> currentSGNamesToStates = vm.networkInterfaceLinks.stream().map(nicLink -> this.host.getServiceState(null, NetworkInterfaceState.class, UriUtils.buildUri(this.host, nicLink))).<// collect all SecurityGroup States from all NIC states
    SecurityGroupState>flatMap(nicState -> nicState.securityGroupLinks.stream().map(sgLink -> {
        SecurityGroupState sgState = this.host.getServiceState(null, SecurityGroupState.class, UriUtils.buildUri(this.host, sgLink));
        return sgState;
    })).collect(convertToMap);
    // Compare ComputeState after provisioning to the ComputeState in the request
    assertNotNull("Instance should have security groups attached.", instance.getSecurityGroups());
    // Provisioned Instance should have the same number of SecurityGroups as requested
    assertEquals(instance.getSecurityGroups().size(), currentSGNamesToStates.size());
    for (SecurityGroupState currentSGState : currentSGNamesToStates.values()) {
        // Get corresponding requested state
        GroupIdentifier provisionedGroupIdentifier = null;
        for (GroupIdentifier awsGroupIdentifier : instance.getSecurityGroups()) {
            if (awsGroupIdentifier.getGroupId().equals(currentSGState.id)) {
                provisionedGroupIdentifier = awsGroupIdentifier;
                break;
            }
        }
        // Ensure that the requested SecurityGroup was actually provisioned
        assertNotNull(provisionedGroupIdentifier);
        if (currentSGState.name.contains(TestAWSSetupUtils.AWS_NEW_GROUP_PREFIX)) {
            this.sgToCleanUp = currentSGState.id;
            SecurityGroup awsSecurityGroup = getSecurityGroupsIdUsingEC2Client(this.client, provisionedGroupIdentifier.getGroupId());
            assertNotNull(awsSecurityGroup);
            // Validate rules are correctly created as requested
            IpPermission awsIngressRule = awsSecurityGroup.getIpPermissions().get(0);
            IpPermission awsEgressRule = awsSecurityGroup.getIpPermissionsEgress().get(1);
            assertNotNull(awsIngressRule);
            assertNotNull(awsEgressRule);
            assertEquals("Error in created ingress rule", awsIngressRule.getIpProtocol(), currentSGState.ingress.get(0).protocol);
            assertEquals("Error in created ingress rule", awsIngressRule.getIpv4Ranges().get(0).getCidrIp(), currentSGState.ingress.get(0).ipRangeCidr);
            assertEquals("Error in created egress rule", awsEgressRule.getIpProtocol(), currentSGState.egress.get(0).protocol);
            assertEquals("Error in created egress rule", awsEgressRule.getIpv4Ranges().get(0).getCidrIp(), currentSGState.egress.get(0).ipRangeCidr);
        }
    }
}
Also used : AuthCredentialsServiceState(com.vmware.xenon.services.common.AuthCredentialsService.AuthCredentialsServiceState) ProvisionComputeTaskService(com.vmware.photon.controller.model.tasks.ProvisionComputeTaskService) TestAWSSetupUtils.createAWSComputeHost(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSComputeHost) PhotonModelServices(com.vmware.photon.controller.model.PhotonModelServices) VerificationHost(com.vmware.xenon.common.test.VerificationHost) TestAWSSetupUtils.createAWSResourcePool(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSResourcePool) TestAWSSetupUtils.tearDownTestVpc(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.tearDownTestVpc) DEVICE_NAME(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.DEVICE_NAME) TestAWSSetupUtils.setUpTestVpc(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.setUpTestVpc) CommandLineArgumentParser(com.vmware.xenon.common.CommandLineArgumentParser) Utils(com.vmware.xenon.common.Utils) AWSBlockDeviceNameMapper(com.vmware.photon.controller.model.adapters.awsadapter.util.AWSBlockDeviceNameMapper) TestAWSSetupUtils.verifyRemovalOfResourceState(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.verifyRemovalOfResourceState) Map(java.util.Map) GroupIdentifier(com.amazonaws.services.ec2.model.GroupIdentifier) After(org.junit.After) TestUtils.getExecutor(com.vmware.photon.controller.model.adapters.awsadapter.TestUtils.getExecutor) Collector(java.util.stream.Collector) ProvisioningUtils(com.vmware.photon.controller.model.tasks.ProvisioningUtils) AwsNicSpecs(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.AwsNicSpecs) EndpointState(com.vmware.photon.controller.model.resources.EndpointService.EndpointState) ComputeStatsResponse(com.vmware.photon.controller.model.adapterapi.ComputeStatsResponse) ComputeStatsRequest(com.vmware.photon.controller.model.adapterapi.ComputeStatsRequest) NetworkInterfaceState(com.vmware.photon.controller.model.resources.NetworkInterfaceService.NetworkInterfaceState) StatelessService(com.vmware.xenon.common.StatelessService) AWS_VM_REQUEST_TIMEOUT_MINUTES(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.AWS_VM_REQUEST_TIMEOUT_MINUTES) DescribeVolumesResult(com.amazonaws.services.ec2.model.DescribeVolumesResult) TestUtils(com.vmware.photon.controller.model.tasks.TestUtils) Set(java.util.Set) DiskState(com.vmware.photon.controller.model.resources.DiskService.DiskState) UUID(java.util.UUID) SecurityGroup(com.amazonaws.services.ec2.model.SecurityGroup) Collectors(java.util.stream.Collectors) VOLUME_TYPE(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.VOLUME_TYPE) TestAWSSetupUtils.avalabilityZoneIdentifier(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.avalabilityZoneIdentifier) TestAWSSetupUtils.getSecurityGroupsIdUsingEC2Client(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.getSecurityGroupsIdUsingEC2Client) List(java.util.List) TagService(com.vmware.photon.controller.model.resources.TagService) Tag(com.amazonaws.services.ec2.model.Tag) UriUtils(com.vmware.xenon.common.UriUtils) ComputeService(com.vmware.photon.controller.model.resources.ComputeService) DiskService(com.vmware.photon.controller.model.resources.DiskService) SingleResourceTaskCollectionStage(com.vmware.photon.controller.model.tasks.monitoring.SingleResourceStatsCollectionTaskService.SingleResourceTaskCollectionStage) InstanceNetworkInterface(com.amazonaws.services.ec2.model.InstanceNetworkInterface) TestAWSSetupUtils.deleteSecurityGroupUsingEC2Client(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.deleteSecurityGroupUsingEC2Client) DISK_IOPS(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.DISK_IOPS) PhotonModelMetricServices(com.vmware.photon.controller.model.PhotonModelMetricServices) ResourcePoolState(com.vmware.photon.controller.model.resources.ResourcePoolService.ResourcePoolState) HashMap(java.util.HashMap) TestAWSSetupUtils.zoneId(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.zoneId) ProvisionComputeTaskState(com.vmware.photon.controller.model.tasks.ProvisionComputeTaskService.ProvisionComputeTaskState) ArrayList(java.util.ArrayList) Level(java.util.logging.Level) SecurityGroupState(com.vmware.photon.controller.model.resources.SecurityGroupService.SecurityGroupState) HashSet(java.util.HashSet) TestAWSSetupUtils.getAwsInstancesByIds(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.getAwsInstancesByIds) TagState(com.vmware.photon.controller.model.resources.TagService.TagState) InstanceBlockDeviceMapping(com.amazonaws.services.ec2.model.InstanceBlockDeviceMapping) ComputeState(com.vmware.photon.controller.model.resources.ComputeService.ComputeState) TestName(org.junit.rules.TestName) DescribeVolumesRequest(com.amazonaws.services.ec2.model.DescribeVolumesRequest) Volume(com.amazonaws.services.ec2.model.Volume) PLACEMENT_LINK(com.vmware.photon.controller.model.ComputeProperties.PLACEMENT_LINK) ComputeStats(com.vmware.photon.controller.model.adapterapi.ComputeStatsResponse.ComputeStats) DEVICE_TYPE(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.DEVICE_TYPE) Instance(com.amazonaws.services.ec2.model.Instance) Before(org.junit.Before) TestAWSSetupUtils.createAWSAuthentication(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSAuthentication) PhotonModelTaskServices(com.vmware.photon.controller.model.tasks.PhotonModelTaskServices) Assert.assertNotNull(org.junit.Assert.assertNotNull) Operation(com.vmware.xenon.common.Operation) Assert.assertTrue(org.junit.Assert.assertTrue) TestAWSSetupUtils.getCompute(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.getCompute) Test(org.junit.Test) ServiceStat(com.vmware.xenon.common.ServiceStats.ServiceStat) TimeUnit(java.util.concurrent.TimeUnit) TestAWSSetupUtils.createAWSVMResource(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSVMResource) Rule(org.junit.Rule) PhotonModelAdaptersRegistryAdapters(com.vmware.photon.controller.model.adapters.registry.PhotonModelAdaptersRegistryAdapters) PhotonModelConstants(com.vmware.photon.controller.model.constants.PhotonModelConstants) TestAWSSetupUtils.regionId(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.regionId) TestAWSSetupUtils.setAwsClientMockInfo(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.setAwsClientMockInfo) IpPermission(com.amazonaws.services.ec2.model.IpPermission) Collections(java.util.Collections) Assert.assertEquals(org.junit.Assert.assertEquals) AmazonEC2AsyncClient(com.amazonaws.services.ec2.AmazonEC2AsyncClient) NetworkInterfaceState(com.vmware.photon.controller.model.resources.NetworkInterfaceService.NetworkInterfaceState) SecurityGroupState(com.vmware.photon.controller.model.resources.SecurityGroupService.SecurityGroupState) IpPermission(com.amazonaws.services.ec2.model.IpPermission) SecurityGroup(com.amazonaws.services.ec2.model.SecurityGroup) Map(java.util.Map) HashMap(java.util.HashMap) GroupIdentifier(com.amazonaws.services.ec2.model.GroupIdentifier)

Example 3 with GroupIdentifier

use of com.amazonaws.services.ec2.model.GroupIdentifier in project photon-model by vmware.

the class AWSComputeDiskDay2ServiceTest method assertAndSetVMSecurityGroupsToBeDeleted.

private void assertAndSetVMSecurityGroupsToBeDeleted(Instance instance, ComputeState vm) {
    // This assert is only suitable for real (non-mocking env).
    if (this.isMock) {
        return;
    }
    this.host.log(Level.INFO, "%s: Assert security groups configuration for [%s] VM", this.currentTestName.getMethodName(), this.vmState.name);
    // Get the SecurityGroupStates that were provided in the request ComputeState
    Collector<SecurityGroupService.SecurityGroupState, ?, Map<String, SecurityGroupService.SecurityGroupState>> convertToMap = Collectors.<SecurityGroupService.SecurityGroupState, String, SecurityGroupService.SecurityGroupState>toMap(sg -> sg.name, sg -> sg);
    Map<String, SecurityGroupService.SecurityGroupState> currentSGNamesToStates = vm.networkInterfaceLinks.stream().map(nicLink -> this.host.getServiceState(null, NetworkInterfaceService.NetworkInterfaceState.class, UriUtils.buildUri(this.host, nicLink))).<// collect all SecurityGroup States from all NIC states
    SecurityGroupService.SecurityGroupState>flatMap(nicState -> nicState.securityGroupLinks.stream().map(sgLink -> {
        SecurityGroupService.SecurityGroupState sgState = this.host.getServiceState(null, SecurityGroupService.SecurityGroupState.class, UriUtils.buildUri(this.host, sgLink));
        return sgState;
    })).collect(convertToMap);
    // Compare ComputeState after provisioning to the ComputeState in the request
    assertNotNull("Instance should have security groups attached.", instance.getSecurityGroups());
    // Provisioned Instance should have the same number of SecurityGroups as requested
    assertEquals(instance.getSecurityGroups().size(), currentSGNamesToStates.size());
    for (SecurityGroupService.SecurityGroupState currentSGState : currentSGNamesToStates.values()) {
        // Get corresponding requested state
        GroupIdentifier provisionedGroupIdentifier = null;
        for (GroupIdentifier awsGroupIdentifier : instance.getSecurityGroups()) {
            if (awsGroupIdentifier.getGroupId().equals(currentSGState.id)) {
                provisionedGroupIdentifier = awsGroupIdentifier;
                break;
            }
        }
        // Ensure that the requested SecurityGroup was actually provisioned
        assertNotNull(provisionedGroupIdentifier);
        if (currentSGState.name.contains(TestAWSSetupUtils.AWS_NEW_GROUP_PREFIX)) {
            this.sgToCleanUp = currentSGState.id;
            SecurityGroup awsSecurityGroup = getSecurityGroupsIdUsingEC2Client(this.client, provisionedGroupIdentifier.getGroupId());
            assertNotNull(awsSecurityGroup);
            // Validate rules are correctly created as requested
            IpPermission awsIngressRule = awsSecurityGroup.getIpPermissions().get(0);
            IpPermission awsEgressRule = awsSecurityGroup.getIpPermissionsEgress().get(1);
            assertNotNull(awsIngressRule);
            assertNotNull(awsEgressRule);
            assertEquals("Error in created ingress rule", awsIngressRule.getIpProtocol(), currentSGState.ingress.get(0).protocol);
            assertEquals("Error in created ingress rule", awsIngressRule.getIpv4Ranges().get(0).getCidrIp(), currentSGState.ingress.get(0).ipRangeCidr);
            assertEquals("Error in created egress rule", awsEgressRule.getIpProtocol(), currentSGState.egress.get(0).protocol);
            assertEquals("Error in created egress rule", awsEgressRule.getIpv4Ranges().get(0).getCidrIp(), currentSGState.egress.get(0).ipRangeCidr);
        }
    }
}
Also used : Arrays(java.util.Arrays) ProvisionComputeTaskService(com.vmware.photon.controller.model.tasks.ProvisionComputeTaskService) TestAWSSetupUtils.createAWSComputeHost(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSComputeHost) ServiceMetadata(com.vmware.photon.controller.model.util.StartServicesHelper.ServiceMetadata) PhotonModelServices(com.vmware.photon.controller.model.PhotonModelServices) VerificationHost(com.vmware.xenon.common.test.VerificationHost) TestAWSSetupUtils.createAWSResourcePool(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSResourcePool) TestAWSSetupUtils.tearDownTestVpc(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.tearDownTestVpc) DEVICE_NAME(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.DEVICE_NAME) TestAWSSetupUtils.setUpTestVpc(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.setUpTestVpc) ResourceOperationRequest(com.vmware.photon.controller.model.adapters.registry.operations.ResourceOperationRequest) CommandLineArgumentParser(com.vmware.xenon.common.CommandLineArgumentParser) Utils(com.vmware.xenon.common.Utils) TaskFactoryService(com.vmware.xenon.services.common.TaskFactoryService) StartServicesHelper(com.vmware.photon.controller.model.util.StartServicesHelper) Gson(com.google.gson.Gson) AWSBlockDeviceNameMapper(com.vmware.photon.controller.model.adapters.awsadapter.util.AWSBlockDeviceNameMapper) TestAWSSetupUtils.verifyRemovalOfResourceState(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.verifyRemovalOfResourceState) Duration(java.time.Duration) Map(java.util.Map) GroupIdentifier(com.amazonaws.services.ec2.model.GroupIdentifier) After(org.junit.After) ResourcePoolService(com.vmware.photon.controller.model.resources.ResourcePoolService) TestUtils.getExecutor(com.vmware.photon.controller.model.adapters.awsadapter.TestUtils.getExecutor) ProvisionDiskTaskService(com.vmware.photon.controller.model.tasks.ProvisionDiskTaskService) ServiceDocumentQueryResult(com.vmware.xenon.common.ServiceDocumentQueryResult) Collector(java.util.stream.Collector) ProvisioningUtils(com.vmware.photon.controller.model.tasks.ProvisioningUtils) EndpointState(com.vmware.photon.controller.model.resources.EndpointService.EndpointState) TestRequestSender(com.vmware.xenon.common.test.TestRequestSender) AWS_VM_REQUEST_TIMEOUT_MINUTES(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.AWS_VM_REQUEST_TIMEOUT_MINUTES) ResourceOperationResponse(com.vmware.photon.controller.model.adapterapi.ResourceOperationResponse) TestUtils(com.vmware.photon.controller.model.tasks.TestUtils) DiskState(com.vmware.photon.controller.model.resources.DiskService.DiskState) CompletionException(java.util.concurrent.CompletionException) SecurityGroup(com.amazonaws.services.ec2.model.SecurityGroup) Collectors(java.util.stream.Collectors) TestAWSSetupUtils.getResourceState(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.getResourceState) TestAWSSetupUtils.avalabilityZoneIdentifier(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.avalabilityZoneIdentifier) TestAWSSetupUtils.getSecurityGroupsIdUsingEC2Client(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.getSecurityGroupsIdUsingEC2Client) List(java.util.List) TestAWSSetupUtils.getAwsDisksByIds(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.getAwsDisksByIds) NetworkInterfaceService(com.vmware.photon.controller.model.resources.NetworkInterfaceService) AWSSupportedOS(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.AWSSupportedOS) ResourceOperation(com.vmware.photon.controller.model.adapters.registry.operations.ResourceOperation) UriUtils(com.vmware.xenon.common.UriUtils) TaskState(com.vmware.xenon.common.TaskState) FactoryService(com.vmware.xenon.common.FactoryService) DiskService(com.vmware.photon.controller.model.resources.DiskService) TaskService(com.vmware.xenon.services.common.TaskService) ServiceMetadata.factoryService(com.vmware.photon.controller.model.util.StartServicesHelper.ServiceMetadata.factoryService) TestAWSSetupUtils.deleteSecurityGroupUsingEC2Client(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.deleteSecurityGroupUsingEC2Client) PhotonModelMetricServices(com.vmware.photon.controller.model.PhotonModelMetricServices) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) Level(java.util.logging.Level) TestAWSSetupUtils.getAwsInstancesByIds(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.getAwsInstancesByIds) AuthCredentialsService(com.vmware.xenon.services.common.AuthCredentialsService) UriPaths(com.vmware.photon.controller.model.UriPaths) TestProvisionAWSDisk.createAWSDiskState(com.vmware.photon.controller.model.adapters.awsadapter.TestProvisionAWSDisk.createAWSDiskState) ComputeState(com.vmware.photon.controller.model.resources.ComputeService.ComputeState) TestName(org.junit.rules.TestName) Volume(com.amazonaws.services.ec2.model.Volume) PLACEMENT_LINK(com.vmware.photon.controller.model.ComputeProperties.PLACEMENT_LINK) DEVICE_TYPE(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.DEVICE_TYPE) Instance(com.amazonaws.services.ec2.model.Instance) Before(org.junit.Before) TestAWSSetupUtils.createAWSAuthentication(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSAuthentication) PhotonModelTaskServices(com.vmware.photon.controller.model.tasks.PhotonModelTaskServices) Assert.assertNotNull(org.junit.Assert.assertNotNull) AWSStorageType(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.AWSStorageType) Operation(com.vmware.xenon.common.Operation) SecurityGroupService(com.vmware.photon.controller.model.resources.SecurityGroupService) Assert.assertTrue(org.junit.Assert.assertTrue) Test(org.junit.Test) AWSSupportedVirtualizationTypes(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.AWSSupportedVirtualizationTypes) TimeUnit(java.util.concurrent.TimeUnit) TestAWSSetupUtils.createAWSVMResource(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSVMResource) Rule(org.junit.Rule) TestContext(com.vmware.xenon.common.test.TestContext) PhotonModelAdaptersRegistryAdapters(com.vmware.photon.controller.model.adapters.registry.PhotonModelAdaptersRegistryAdapters) PhotonModelConstants(com.vmware.photon.controller.model.constants.PhotonModelConstants) TestAWSSetupUtils.regionId(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.regionId) TestAWSSetupUtils.setAwsClientMockInfo(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.setAwsClientMockInfo) IpPermission(com.amazonaws.services.ec2.model.IpPermission) Collections(java.util.Collections) Assert.assertEquals(org.junit.Assert.assertEquals) AmazonEC2AsyncClient(com.amazonaws.services.ec2.AmazonEC2AsyncClient) IpPermission(com.amazonaws.services.ec2.model.IpPermission) SecurityGroupService(com.vmware.photon.controller.model.resources.SecurityGroupService) SecurityGroup(com.amazonaws.services.ec2.model.SecurityGroup) Map(java.util.Map) HashMap(java.util.HashMap) GroupIdentifier(com.amazonaws.services.ec2.model.GroupIdentifier)

Example 4 with GroupIdentifier

use of com.amazonaws.services.ec2.model.GroupIdentifier in project photon-model by vmware.

the class AWSRebootServiceTest method assertAndSetVMSecurityGroupsToBeDeleted.

private void assertAndSetVMSecurityGroupsToBeDeleted(Instance instance, ComputeState vm) {
    // This assert is only suitable for real (non-mocking env).
    if (this.isMock) {
        return;
    }
    this.host.log(Level.INFO, "%s: Assert security groups configuration for [%s] VM", this.currentTestName.getMethodName(), this.vmState.name);
    // Get the SecurityGroupStates that were provided in the request ComputeState
    Collector<SecurityGroupState, ?, Map<String, SecurityGroupState>> convertToMap = Collectors.<SecurityGroupState, String, SecurityGroupState>toMap(sg -> sg.name, sg -> sg);
    Map<String, SecurityGroupState> currentSGNamesToStates = vm.networkInterfaceLinks.stream().map(nicLink -> this.host.getServiceState(null, NetworkInterfaceState.class, UriUtils.buildUri(this.host, nicLink))).<// collect all SecurityGroup States from all NIC states
    SecurityGroupState>flatMap(nicState -> nicState.securityGroupLinks.stream().map(sgLink -> {
        SecurityGroupState sgState = this.host.getServiceState(null, SecurityGroupState.class, UriUtils.buildUri(this.host, sgLink));
        return sgState;
    })).collect(convertToMap);
    // Compare ComputeState after provisioning to the ComputeState in the request
    assertNotNull("Instance should have security groups attached.", instance.getSecurityGroups());
    // Provisioned Instance should have the same number of SecurityGroups as requested
    assertEquals(instance.getSecurityGroups().size(), currentSGNamesToStates.size());
    for (SecurityGroupState currentSGState : currentSGNamesToStates.values()) {
        // Get corresponding requested state
        GroupIdentifier provisionedGroupIdentifier = null;
        for (GroupIdentifier awsGroupIdentifier : instance.getSecurityGroups()) {
            if (awsGroupIdentifier.getGroupId().equals(currentSGState.id)) {
                provisionedGroupIdentifier = awsGroupIdentifier;
                break;
            }
        }
        // Ensure that the requested SecurityGroup was actually provisioned
        assertNotNull(provisionedGroupIdentifier);
        if (currentSGState.name.contains(TestAWSSetupUtils.AWS_NEW_GROUP_PREFIX)) {
            this.sgToCleanUp = currentSGState.id;
            SecurityGroup awsSecurityGroup = getSecurityGroupsIdUsingEC2Client(this.client, provisionedGroupIdentifier.getGroupId());
            assertNotNull(awsSecurityGroup);
            // Validate rules are correctly created as requested
            IpPermission awsIngressRule = awsSecurityGroup.getIpPermissions().get(0);
            IpPermission awsEgressRule = awsSecurityGroup.getIpPermissionsEgress().get(1);
            assertNotNull(awsIngressRule);
            assertNotNull(awsEgressRule);
            assertEquals("Error in created ingress rule", awsIngressRule.getIpProtocol(), currentSGState.ingress.get(0).protocol);
            assertEquals("Error in created ingress rule", awsIngressRule.getIpv4Ranges().get(0).getCidrIp(), currentSGState.ingress.get(0).ipRangeCidr);
            assertEquals("Error in created egress rule", awsEgressRule.getIpProtocol(), currentSGState.egress.get(0).protocol);
            assertEquals("Error in created egress rule", awsEgressRule.getIpv4Ranges().get(0).getCidrIp(), currentSGState.egress.get(0).ipRangeCidr);
        }
    }
}
Also used : Service(com.vmware.xenon.common.Service) AuthCredentialsServiceState(com.vmware.xenon.services.common.AuthCredentialsService.AuthCredentialsServiceState) ProvisionComputeTaskService(com.vmware.photon.controller.model.tasks.ProvisionComputeTaskService) TestAWSSetupUtils.createAWSComputeHost(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSComputeHost) PhotonModelServices(com.vmware.photon.controller.model.PhotonModelServices) VerificationHost(com.vmware.xenon.common.test.VerificationHost) TestAWSSetupUtils.createAWSResourcePool(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSResourcePool) TestAWSSetupUtils.tearDownTestVpc(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.tearDownTestVpc) TestAWSSetupUtils.setUpTestVpc(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.setUpTestVpc) ResourceOperationRequest(com.vmware.photon.controller.model.adapters.registry.operations.ResourceOperationRequest) CommandLineArgumentParser(com.vmware.xenon.common.CommandLineArgumentParser) Utils(com.vmware.xenon.common.Utils) TestAWSSetupUtils.verifyRemovalOfResourceState(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.verifyRemovalOfResourceState) Map(java.util.Map) GroupIdentifier(com.amazonaws.services.ec2.model.GroupIdentifier) After(org.junit.After) TestUtils.getExecutor(com.vmware.photon.controller.model.adapters.awsadapter.TestUtils.getExecutor) Collector(java.util.stream.Collector) ProvisioningUtils(com.vmware.photon.controller.model.tasks.ProvisioningUtils) AwsNicSpecs(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.AwsNicSpecs) EndpointState(com.vmware.photon.controller.model.resources.EndpointService.EndpointState) NetworkInterfaceState(com.vmware.photon.controller.model.resources.NetworkInterfaceService.NetworkInterfaceState) StatelessService(com.vmware.xenon.common.StatelessService) AWS_VM_REQUEST_TIMEOUT_MINUTES(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.AWS_VM_REQUEST_TIMEOUT_MINUTES) ResourceOperationResponse(com.vmware.photon.controller.model.adapterapi.ResourceOperationResponse) TestUtils(com.vmware.photon.controller.model.tasks.TestUtils) UUID(java.util.UUID) SecurityGroup(com.amazonaws.services.ec2.model.SecurityGroup) Collectors(java.util.stream.Collectors) TestAWSSetupUtils.getSecurityGroupsIdUsingEC2Client(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.getSecurityGroupsIdUsingEC2Client) List(java.util.List) ResourceOperation(com.vmware.photon.controller.model.adapters.registry.operations.ResourceOperation) UriUtils(com.vmware.xenon.common.UriUtils) ComputeService(com.vmware.photon.controller.model.resources.ComputeService) TaskState(com.vmware.xenon.common.TaskState) TestAWSSetupUtils.deleteSecurityGroupUsingEC2Client(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.deleteSecurityGroupUsingEC2Client) PhotonModelMetricServices(com.vmware.photon.controller.model.PhotonModelMetricServices) ResourcePoolState(com.vmware.photon.controller.model.resources.ResourcePoolService.ResourcePoolState) HashMap(java.util.HashMap) TestAWSSetupUtils.zoneId(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.zoneId) Function(java.util.function.Function) ProvisionComputeTaskState(com.vmware.photon.controller.model.tasks.ProvisionComputeTaskService.ProvisionComputeTaskState) ArrayList(java.util.ArrayList) Level(java.util.logging.Level) SecurityGroupState(com.vmware.photon.controller.model.resources.SecurityGroupService.SecurityGroupState) TestAWSSetupUtils.getAwsInstancesByIds(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.getAwsInstancesByIds) ComputeState(com.vmware.photon.controller.model.resources.ComputeService.ComputeState) TestName(org.junit.rules.TestName) Instance(com.amazonaws.services.ec2.model.Instance) Before(org.junit.Before) TestAWSSetupUtils.createAWSAuthentication(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSAuthentication) PhotonModelTaskServices(com.vmware.photon.controller.model.tasks.PhotonModelTaskServices) Assert.assertNotNull(org.junit.Assert.assertNotNull) Operation(com.vmware.xenon.common.Operation) TestAWSSetupUtils.getCompute(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.getCompute) Test(org.junit.Test) TimeUnit(java.util.concurrent.TimeUnit) TestAWSSetupUtils.createAWSVMResource(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSVMResource) Rule(org.junit.Rule) TestContext(com.vmware.xenon.common.test.TestContext) PhotonModelAdaptersRegistryAdapters(com.vmware.photon.controller.model.adapters.registry.PhotonModelAdaptersRegistryAdapters) TestAWSSetupUtils.regionId(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.regionId) TestAWSSetupUtils.setAwsClientMockInfo(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.setAwsClientMockInfo) IpPermission(com.amazonaws.services.ec2.model.IpPermission) Collections(java.util.Collections) Assert.assertEquals(org.junit.Assert.assertEquals) AmazonEC2AsyncClient(com.amazonaws.services.ec2.AmazonEC2AsyncClient) NetworkInterfaceState(com.vmware.photon.controller.model.resources.NetworkInterfaceService.NetworkInterfaceState) SecurityGroupState(com.vmware.photon.controller.model.resources.SecurityGroupService.SecurityGroupState) IpPermission(com.amazonaws.services.ec2.model.IpPermission) SecurityGroup(com.amazonaws.services.ec2.model.SecurityGroup) Map(java.util.Map) HashMap(java.util.HashMap) GroupIdentifier(com.amazonaws.services.ec2.model.GroupIdentifier)

Example 5 with GroupIdentifier

use of com.amazonaws.services.ec2.model.GroupIdentifier in project SimianArmy by Netflix.

the class InstanceInSecurityGroup method getInstanceSecurityGroups.

/**
 * Gets the security groups for a list of instance ids of the same region. The default implementation
 * is using an AWS client. The method can be overridden in subclasses to get the security groups differently.
 * @param region
 *      the region of the instances
 * @param instanceIds
 *      the instance ids, all instances should be in the same region.
 * @return
 *      the map from instance id to the list of security group names the instance has
 */
protected Map<String, List<String>> getInstanceSecurityGroups(String region, String... instanceIds) {
    Map<String, List<String>> result = Maps.newHashMap();
    if (instanceIds == null || instanceIds.length == 0) {
        return result;
    }
    AWSClient awsClient = new AWSClient(region, awsCredentialsProvider);
    for (Instance instance : awsClient.describeInstances(instanceIds)) {
        // Ignore instances that are in VPC
        if (StringUtils.isNotEmpty(instance.getVpcId())) {
            LOGGER.info(String.format("Instance %s is in VPC and is ignored.", instance.getInstanceId()));
            continue;
        }
        if (!"running".equals(instance.getState().getName())) {
            LOGGER.info(String.format("Instance %s is not running, state is %s.", instance.getInstanceId(), instance.getState().getName()));
            continue;
        }
        List<String> sgs = Lists.newArrayList();
        for (GroupIdentifier groupId : instance.getSecurityGroups()) {
            sgs.add(groupId.getGroupName());
        }
        result.put(instance.getInstanceId(), sgs);
    }
    return result;
}
Also used : Instance(com.amazonaws.services.ec2.model.Instance) List(java.util.List) AWSClient(com.netflix.simianarmy.client.aws.AWSClient) GroupIdentifier(com.amazonaws.services.ec2.model.GroupIdentifier)

Aggregations

GroupIdentifier (com.amazonaws.services.ec2.model.GroupIdentifier)10 Instance (com.amazonaws.services.ec2.model.Instance)7 ArrayList (java.util.ArrayList)7 Operation (com.vmware.xenon.common.Operation)4 List (java.util.List)4 AmazonEC2AsyncClient (com.amazonaws.services.ec2.AmazonEC2AsyncClient)3 IpPermission (com.amazonaws.services.ec2.model.IpPermission)3 SecurityGroup (com.amazonaws.services.ec2.model.SecurityGroup)3 Tag (com.amazonaws.services.ec2.model.Tag)3 PhotonModelMetricServices (com.vmware.photon.controller.model.PhotonModelMetricServices)3 PhotonModelServices (com.vmware.photon.controller.model.PhotonModelServices)3 AWS_VM_REQUEST_TIMEOUT_MINUTES (com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.AWS_VM_REQUEST_TIMEOUT_MINUTES)3 TestAWSSetupUtils.createAWSAuthentication (com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSAuthentication)3 TestAWSSetupUtils.createAWSComputeHost (com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSComputeHost)3 TestAWSSetupUtils.createAWSResourcePool (com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSResourcePool)3 TestAWSSetupUtils.createAWSVMResource (com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSVMResource)3 TestAWSSetupUtils.deleteSecurityGroupUsingEC2Client (com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.deleteSecurityGroupUsingEC2Client)3 TestAWSSetupUtils.getAwsInstancesByIds (com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.getAwsInstancesByIds)3 TestAWSSetupUtils.getSecurityGroupsIdUsingEC2Client (com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.getSecurityGroupsIdUsingEC2Client)3 TestAWSSetupUtils.regionId (com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.regionId)3