use of com.vmware.photon.controller.model.adapters.awsadapter.util.AWSSecurityGroupClient in project photon-model by vmware.
the class AWSUtils method getOrCreateSecurityGroups.
/*
* method will create new or validate existing security group has the necessary settings for CM
* to function. It will return the security group id that is required during instance
* provisioning. for each nicContext element provided, for each of its securityGroupStates,
* security group is discovered from AWS in case that there are no securityGroupStates, security
* group ID is obtained from the custom properties in case that none of the above methods
* discover a security group, the default one is discovered from AWS in case that none of the
* above method discover a security group, a new security group is created
*/
public static List<String> getOrCreateSecurityGroups(AWSInstanceContext aws, AWSNicContext nicCtx) {
String groupId;
SecurityGroup group;
List<String> groupIds = new ArrayList<>();
AWSSecurityGroupClient client = new AWSSecurityGroupClient(aws.amazonEC2Client);
if (nicCtx != null) {
if (nicCtx.securityGroupStates != null && !nicCtx.securityGroupStates.isEmpty()) {
List<String> securityGroupNames = nicCtx.securityGroupStates.stream().map(securityGroupState -> securityGroupState.name).collect(Collectors.toList());
List<SecurityGroup> securityGroups = client.getSecurityGroups(new ArrayList<>(securityGroupNames), nicCtx.vpc.getVpcId());
for (SecurityGroup securityGroup : securityGroups) {
groupIds.add(securityGroup.getGroupId());
}
return groupIds;
}
}
// use the security group provided in the description properties
String sgId = getFromCustomProperties(aws.child.description, AWSConstants.AWS_SECURITY_GROUP_ID);
if (sgId != null) {
return Arrays.asList(sgId);
}
// in case no group is configured in the properties, attempt to discover the default one
if (nicCtx != null && nicCtx.vpc != null) {
try {
group = client.getSecurityGroup(DEFAULT_SECURITY_GROUP_NAME, nicCtx.vpc.getVpcId());
if (group != null) {
return Arrays.asList(group.getGroupId());
}
} catch (AmazonServiceException t) {
if (!t.getMessage().contains(DEFAULT_SECURITY_GROUP_NAME)) {
throw t;
}
}
}
// if the group doesn't exist an exception is thrown. We won't throw a
// missing group exception
// we will continue and create the group
groupId = createSecurityGroupOnDefaultVPC(aws);
return Collections.singletonList(groupId);
}
use of com.vmware.photon.controller.model.adapters.awsadapter.util.AWSSecurityGroupClient in project photon-model by vmware.
the class TestAWSSetupUtils method createOrGetDefaultSecurityGroupForGivenVPC.
/**
* Returns an existing security group for a VPC if it exists otherwise creates a new security group.
*/
public static SecurityGroup createOrGetDefaultSecurityGroupForGivenVPC(AmazonEC2AsyncClient client, String vpcID) {
List<SecurityGroup> securityGroupsInVPC = client.describeSecurityGroups().getSecurityGroups().stream().filter(sg -> sg.getVpcId().equals(vpcID)).collect(Collectors.toList());
if (securityGroupsInVPC != null && !securityGroupsInVPC.isEmpty()) {
for (SecurityGroup sg : securityGroupsInVPC) {
// Do not use newly provisioned security groups as this could interfere with the cleanup logic of other tests.
if (!sg.getGroupName().startsWith(AWS_NEW_GROUP_PREFIX)) {
return sg;
}
}
}
String securityGroupId = new AWSSecurityGroupClient(client).createDefaultSecurityGroup(vpcID);
tagResources(client, Arrays.asList(securityGroupId), TAG_KEY_FOR_TEST_RESOURCES, TAG_VALUE_FOR_TEST_RESOURCES + TAG_SG);
DescribeSecurityGroupsResult result = client.describeSecurityGroups(new DescribeSecurityGroupsRequest().withGroupIds(Arrays.asList(securityGroupId)));
return result.getSecurityGroups().get(0);
}
use of com.vmware.photon.controller.model.adapters.awsadapter.util.AWSSecurityGroupClient in project photon-model by vmware.
the class TestAWSSetupUtils method tearDownTestVpc.
public static void tearDownTestVpc(AmazonEC2AsyncClient client, VerificationHost host, Map<String, Object> awsTestContext, boolean isMock) {
// if we feel the need to delete resources on every test run.
if (!isMock && awsTestContext.containsKey(DELETE_RESOURCES_KEY)) {
final String vpcId = (String) awsTestContext.get(VPC_KEY);
final String subnetId = (String) awsTestContext.get(SUBNET_KEY);
final String internetGatewayId = (String) awsTestContext.get(INTERNET_GATEWAY_KEY);
final String securityGroupId = (String) awsTestContext.get(SECURITY_GROUP_KEY);
// clean up VPC and all its dependencies if creating one at setUp
deleteSecurityGroupUsingEC2Client(client, host, securityGroupId);
SecurityGroup securityGroup = new AWSSecurityGroupClient(client).getSecurityGroup(AWS_DEFAULT_GROUP_NAME, vpcId);
if (securityGroup != null) {
deleteSecurityGroupUsingEC2Client(client, host, securityGroup.getGroupId());
}
deleteSubnet(client, subnetId);
detachInternetGateway(client, vpcId, internetGatewayId);
deleteInternetGateway(client, internetGatewayId);
deleteVPC(client, vpcId);
}
}
use of com.vmware.photon.controller.model.adapters.awsadapter.util.AWSSecurityGroupClient in project photon-model by vmware.
the class AWSLoadBalancerServiceTest method setUp.
@Override
@Before
public void setUp() throws Throwable {
CommandLineArgumentParser.parseFromProperties(this);
try {
PhotonModelServices.startServices(this.host);
PhotonModelMetricServices.startServices(this.host);
PhotonModelTaskServices.startServices(this.host);
PhotonModelAdaptersRegistryAdapters.startServices(this.host);
AWSAdaptersTestUtils.startServicesSynchronously(this.host);
AuthCredentialsServiceState creds = new AuthCredentialsServiceState();
creds.privateKey = this.secretKey;
creds.privateKeyId = this.accessKey;
TestContext lbWaitContext = new TestContext(1, Duration.ofSeconds(30L));
AWSUtils.getAwsLoadBalancingAsyncClient(creds, this.regionId, getExecutor()).exceptionally(t -> {
lbWaitContext.fail(t);
throw new CompletionException(t);
}).thenAccept(ec2Client -> {
this.client = ec2Client;
lbWaitContext.complete();
});
lbWaitContext.await();
TestContext ec2WaitContext = new TestContext(1, Duration.ofSeconds(30L));
AWSUtils.getEc2AsyncClient(creds, this.regionId, getExecutor()).exceptionally(t -> {
ec2WaitContext.fail(t);
throw new CompletionException(t);
}).thenAccept(ec2Client -> {
this.ec2client = ec2Client;
ec2WaitContext.complete();
});
ec2WaitContext.await();
TestContext secGroupWaitContext = new TestContext(1, Duration.ofSeconds(30L));
AWSUtils.getEc2AsyncClient(creds, this.regionId, getExecutor()).exceptionally(t -> {
secGroupWaitContext.fail(t);
throw new CompletionException(t);
}).thenAccept(ec2Client -> {
this.securityGroupClient = new AWSSecurityGroupClient(ec2Client);
secGroupWaitContext.complete();
});
secGroupWaitContext.await();
this.host.setTimeoutSeconds(this.timeoutSeconds);
this.endpointState = createEndpointState();
String vm1 = "vm1";
String vm2 = "vm2";
if (!this.isMock) {
vm1 = provisionAWSVMWithEC2Client(this.host, this.ec2client, EC2_LINUX_AMI, this.subnetId, null);
this.instancesToCleanUp.add(vm1);
vm2 = provisionAWSVMWithEC2Client(this.host, this.ec2client, EC2_LINUX_AMI, this.subnetId, null);
this.instancesToCleanUp.add(vm2);
}
this.cs1 = createComputeState(vm1);
this.cs2 = createComputeState(vm2);
} catch (Throwable e) {
this.host.log("Error starting up services for the test %s", e.getMessage());
throw new Exception(e);
}
}
use of com.vmware.photon.controller.model.adapters.awsadapter.util.AWSSecurityGroupClient in project photon-model by vmware.
the class AWSUtils method getOrCreateDefaultSecurityGroup.
public static List<String> getOrCreateDefaultSecurityGroup(AmazonEC2AsyncClient amazonEC2Client, AWSNicContext nicCtx) {
AWSSecurityGroupClient client = new AWSSecurityGroupClient(amazonEC2Client);
// in case no group is configured in the properties, attempt to discover the default one
if (nicCtx != null && nicCtx.vpc != null) {
try {
SecurityGroup group = client.getSecurityGroup(DEFAULT_SECURITY_GROUP_NAME, nicCtx.vpc.getVpcId());
if (group != null) {
return Arrays.asList(group.getGroupId());
}
} catch (AmazonServiceException t) {
if (!t.getMessage().contains(DEFAULT_SECURITY_GROUP_NAME)) {
throw t;
}
}
}
// if the group doesn't exist an exception is thrown. We won't throw a
// missing group exception
// we will continue and create the group
String groupId = client.createDefaultSecurityGroupWithDefaultRules(nicCtx.vpc);
return Collections.singletonList(groupId);
}
Aggregations