use of com.vmware.photon.controller.model.adapters.awsadapter.util.AWSSecurityGroupClient in project photon-model by vmware.
the class AWSSecurityGroupService method getAWSClient.
private DeferredResult<AWSSecurityGroupContext> getAWSClient(AWSSecurityGroupContext context) {
if (context.request.isMockRequest) {
return DeferredResult.completed(context);
}
DeferredResult<AWSSecurityGroupContext> r = new DeferredResult<>();
this.clientManager.getOrCreateEC2ClientAsync(context.credentials, context.securityGroup.regionId, this).whenComplete((client, t) -> {
if (t != null) {
r.fail(t);
return;
}
context.client = new AWSSecurityGroupClient(this, client);
r.complete(context);
});
return r;
}
use of com.vmware.photon.controller.model.adapters.awsadapter.util.AWSSecurityGroupClient in project photon-model by vmware.
the class AWSUtils method createSecurityGroupOnDefaultVPC.
// method create a security group in the VPC from custom properties or the default VPC
private static String createSecurityGroupOnDefaultVPC(AWSInstanceContext aws) {
String vpcId = null;
// get the subnet cidr (if any)
String subnetCidr = null;
// in case subnet will be obtained from the default vpc, the security group should
// as well be created there
Vpc defaultVPC = getDefaultVPC(aws);
if (defaultVPC != null) {
vpcId = defaultVPC.getVpcId();
subnetCidr = defaultVPC.getCidrBlock();
}
// no subnet or no vpc is not an option...
if (subnetCidr == null || vpcId == null) {
throw new AmazonServiceException("default VPC not found");
}
return new AWSSecurityGroupClient(aws.amazonEC2Client).createDefaultSecurityGroupWithDefaultRules(defaultVPC);
}
use of com.vmware.photon.controller.model.adapters.awsadapter.util.AWSSecurityGroupClient in project photon-model by vmware.
the class AWSInstanceContext method createSecurityGroup.
/**
* For the provided SecurityGroupState, create corresponding SecurityGroup on AWS.
*/
private DeferredResult<Void> createSecurityGroup(AWSSecurityGroupClient client, AWSInstanceContext context, AWSNicContext nicCtx, SecurityGroupState missingSecurityGroupState) {
// Once AWS security group creation is done PATCH SecurityGroupState.id {{
Function<String, DeferredResult<SecurityGroupState>> patchSecurityGroupState = (ignore) -> {
SecurityGroupState patchSecurityGroup = new SecurityGroupState();
// updated after creating SG in AWS
patchSecurityGroup.id = missingSecurityGroupState.id;
Operation op = Operation.createPatch(context.service.getHost(), missingSecurityGroupState.documentSelfLink).setBody(patchSecurityGroup);
return context.service.sendWithDeferredResult(op, SecurityGroupState.class);
};
// use state name for both group name and description
return client.createSecurityGroupAsync(missingSecurityGroupState.name, missingSecurityGroupState.name, nicCtx.vpc.getVpcId()).thenCompose(sgId -> {
nicCtx.securityGroupIds.add(sgId);
// keep the new ID in order to patch the state after creation is done
missingSecurityGroupState.id = sgId;
return DeferredResult.completed(sgId);
}).thenCompose(patchSecurityGroupState).thenApply(ignore -> (Void) null);
}
use of com.vmware.photon.controller.model.adapters.awsadapter.util.AWSSecurityGroupClient in project photon-model by vmware.
the class AWSInstanceContext method createSecurityGroupsIfNotExist.
/**
* When there are SecurityGroupStates for the new VM to be provisioned, for which there are no
* corresponding existing SecurityGroups in AWS, the missing SecurityGroups are created
*/
private DeferredResult<AWSInstanceContext> createSecurityGroupsIfNotExist(AWSInstanceContext context) {
if (context.nics.isEmpty()) {
return DeferredResult.completed(context);
}
List<DeferredResult<Void>> createSecurityGroupsDRs = new ArrayList<>();
AWSSecurityGroupClient sgClient = new AWSSecurityGroupClient(context.amazonEC2Client);
for (AWSNicContext nicCtx : context.nics) {
if (nicCtx.securityGroupStates == null) {
continue;
}
Collection<String> foundIds = nicCtx.securityGroupIds;
List<SecurityGroupState> missingSecurityGroupStates = nicCtx.securityGroupStates.stream().filter(sgState -> !foundIds.contains(sgState.id)).collect(Collectors.toList());
for (SecurityGroupState missingSGState : missingSecurityGroupStates) {
DeferredResult<Void> createSGWithRulesDR = createSecurityGroup(sgClient, context, nicCtx, missingSGState).thenCompose(ignore -> createIngressRules(context, nicCtx, missingSGState, sgClient)).thenCompose(ignore -> createEgressRules(context, nicCtx, missingSGState, sgClient)).thenApply(ignore -> (Void) null);
createSecurityGroupsDRs.add(createSGWithRulesDR);
}
}
return DeferredResult.allOf(createSecurityGroupsDRs).handle((all, exc) -> {
if (exc != null) {
String msg = String.format("Error creating SecurityGroups in AWS for [%s] VM.", context.child.name);
throw new IllegalStateException(msg, exc);
}
return context;
});
}
use of com.vmware.photon.controller.model.adapters.awsadapter.util.AWSSecurityGroupClient in project photon-model by vmware.
the class AWSInstanceContext method getSecurityGroups.
/**
* For every NIC's security group states obtain existing SecurityGroup objects from AWS and
* store their IDs and Names in context.
*/
private DeferredResult<AWSInstanceContext> getSecurityGroups(AWSInstanceContext context) {
if (context.nics.isEmpty()) {
return DeferredResult.completed(context);
}
List<DeferredResult<Void>> getSecurityGroupsDRs = new ArrayList<>();
AWSSecurityGroupClient client = new AWSSecurityGroupClient(context.amazonEC2Client);
for (AWSNicContext nicCtx : context.nics) {
getSecurityGroupsDRs.add(getSecurityGroupsPerNIC(client, nicCtx, context.child.name));
}
return DeferredResult.allOf(getSecurityGroupsDRs).handle((all, exc) -> {
if (exc != null) {
String msg = String.format("Error getting SecurityGroups from AWS for [%s] VM.", context.child.name);
throw new IllegalStateException(msg, exc);
}
return context;
});
}
Aggregations