Search in sources :

Example 6 with AWSSecurityGroupClient

use of com.vmware.photon.controller.model.adapters.awsadapter.util.AWSSecurityGroupClient in project photon-model by vmware.

the class AWSSecurityGroupService method getAWSClient.

private DeferredResult<AWSSecurityGroupContext> getAWSClient(AWSSecurityGroupContext context) {
    if (context.request.isMockRequest) {
        return DeferredResult.completed(context);
    }
    DeferredResult<AWSSecurityGroupContext> r = new DeferredResult<>();
    this.clientManager.getOrCreateEC2ClientAsync(context.credentials, context.securityGroup.regionId, this).whenComplete((client, t) -> {
        if (t != null) {
            r.fail(t);
            return;
        }
        context.client = new AWSSecurityGroupClient(this, client);
        r.complete(context);
    });
    return r;
}
Also used : AWSSecurityGroupClient(com.vmware.photon.controller.model.adapters.awsadapter.util.AWSSecurityGroupClient) DeferredResult(com.vmware.xenon.common.DeferredResult)

Example 7 with AWSSecurityGroupClient

use of com.vmware.photon.controller.model.adapters.awsadapter.util.AWSSecurityGroupClient in project photon-model by vmware.

the class AWSUtils method createSecurityGroupOnDefaultVPC.

// method create a security group in the VPC from custom properties or the default VPC
private static String createSecurityGroupOnDefaultVPC(AWSInstanceContext aws) {
    String vpcId = null;
    // get the subnet cidr (if any)
    String subnetCidr = null;
    // in case subnet will be obtained from the default vpc, the security group should
    // as well be created there
    Vpc defaultVPC = getDefaultVPC(aws);
    if (defaultVPC != null) {
        vpcId = defaultVPC.getVpcId();
        subnetCidr = defaultVPC.getCidrBlock();
    }
    // no subnet or no vpc is not an option...
    if (subnetCidr == null || vpcId == null) {
        throw new AmazonServiceException("default VPC not found");
    }
    return new AWSSecurityGroupClient(aws.amazonEC2Client).createDefaultSecurityGroupWithDefaultRules(defaultVPC);
}
Also used : AWSSecurityGroupClient(com.vmware.photon.controller.model.adapters.awsadapter.util.AWSSecurityGroupClient) Vpc(com.amazonaws.services.ec2.model.Vpc) AmazonServiceException(com.amazonaws.AmazonServiceException)

Example 8 with AWSSecurityGroupClient

use of com.vmware.photon.controller.model.adapters.awsadapter.util.AWSSecurityGroupClient in project photon-model by vmware.

the class AWSInstanceContext method createSecurityGroup.

/**
 * For the provided SecurityGroupState, create corresponding SecurityGroup on AWS.
 */
private DeferredResult<Void> createSecurityGroup(AWSSecurityGroupClient client, AWSInstanceContext context, AWSNicContext nicCtx, SecurityGroupState missingSecurityGroupState) {
    // Once AWS security group creation is done PATCH SecurityGroupState.id {{
    Function<String, DeferredResult<SecurityGroupState>> patchSecurityGroupState = (ignore) -> {
        SecurityGroupState patchSecurityGroup = new SecurityGroupState();
        // updated after creating SG in AWS
        patchSecurityGroup.id = missingSecurityGroupState.id;
        Operation op = Operation.createPatch(context.service.getHost(), missingSecurityGroupState.documentSelfLink).setBody(patchSecurityGroup);
        return context.service.sendWithDeferredResult(op, SecurityGroupState.class);
    };
    // use state name for both group name and description
    return client.createSecurityGroupAsync(missingSecurityGroupState.name, missingSecurityGroupState.name, nicCtx.vpc.getVpcId()).thenCompose(sgId -> {
        nicCtx.securityGroupIds.add(sgId);
        // keep the new ID in order to patch the state after creation is done
        missingSecurityGroupState.id = sgId;
        return DeferredResult.completed(sgId);
    }).thenCompose(patchSecurityGroupState).thenApply(ignore -> (Void) null);
}
Also used : InstanceNetworkInterfaceSpecification(com.amazonaws.services.ec2.model.InstanceNetworkInterfaceSpecification) DescribeSubnetsRequest(com.amazonaws.services.ec2.model.DescribeSubnetsRequest) DescribeVpcsRequest(com.amazonaws.services.ec2.model.DescribeVpcsRequest) CREATE_CONTEXT_PROP_NAME(com.vmware.photon.controller.model.ComputeProperties.CREATE_CONTEXT_PROP_NAME) Function(java.util.function.Function) CreateSubnetResult(com.amazonaws.services.ec2.model.CreateSubnetResult) Collections.singletonList(java.util.Collections.singletonList) ArrayList(java.util.ArrayList) DescribeSubnetsResult(com.amazonaws.services.ec2.model.DescribeSubnetsResult) ComputeInstanceRequest(com.vmware.photon.controller.model.adapterapi.ComputeInstanceRequest) SecurityGroupState(com.vmware.photon.controller.model.resources.SecurityGroupService.SecurityGroupState) HashSet(java.util.HashSet) AWSSecurityGroupClient(com.vmware.photon.controller.model.adapters.awsadapter.util.AWSSecurityGroupClient) DescribeVpcsResult(com.amazonaws.services.ec2.model.DescribeVpcsResult) URI_PARAM_INSTANCE_TYPE(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.URI_PARAM_INSTANCE_TYPE) SubnetState(com.vmware.photon.controller.model.resources.SubnetService.SubnetState) Filter(com.amazonaws.services.ec2.model.Filter) Collections.singletonMap(java.util.Collections.singletonMap) URI(java.net.URI) Subnet(com.amazonaws.services.ec2.model.Subnet) StatelessService(com.vmware.xenon.common.StatelessService) AWS_TAG_NAME(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.AWS_TAG_NAME) Vpc(com.amazonaws.services.ec2.model.Vpc) Collection(java.util.Collection) Operation(com.vmware.xenon.common.Operation) Set(java.util.Set) DiskState(com.vmware.photon.controller.model.resources.DiskService.DiskState) Collectors(java.util.stream.Collectors) AWS_VPC_ID_FILTER(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.AWS_VPC_ID_FILTER) URI_PARAM_ENDPOINT(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.URI_PARAM_ENDPOINT) InstanceType(com.vmware.photon.controller.model.support.InstanceTypeList.InstanceType) List(java.util.List) BaseComputeInstanceContext(com.vmware.photon.controller.model.adapters.util.instance.BaseComputeInstanceContext) AWS_SUBNET_ID_FILTER(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.AWS_SUBNET_ID_FILTER) Tag(com.amazonaws.services.ec2.model.Tag) DeferredResult(com.vmware.xenon.common.DeferredResult) UriUtils(com.vmware.xenon.common.UriUtils) DiskService(com.vmware.photon.controller.model.resources.DiskService) AWSDeferredResultAsyncHandler(com.vmware.photon.controller.model.adapters.awsadapter.util.AWSDeferredResultAsyncHandler) CreateSubnetRequest(com.amazonaws.services.ec2.model.CreateSubnetRequest) AmazonEC2AsyncClient(com.amazonaws.services.ec2.AmazonEC2AsyncClient) SecurityGroupState(com.vmware.photon.controller.model.resources.SecurityGroupService.SecurityGroupState) Operation(com.vmware.xenon.common.Operation) DeferredResult(com.vmware.xenon.common.DeferredResult)

Example 9 with AWSSecurityGroupClient

use of com.vmware.photon.controller.model.adapters.awsadapter.util.AWSSecurityGroupClient in project photon-model by vmware.

the class AWSInstanceContext method createSecurityGroupsIfNotExist.

/**
 * When there are SecurityGroupStates for the new VM to be provisioned, for which there are no
 * corresponding existing SecurityGroups in AWS, the missing SecurityGroups are created
 */
private DeferredResult<AWSInstanceContext> createSecurityGroupsIfNotExist(AWSInstanceContext context) {
    if (context.nics.isEmpty()) {
        return DeferredResult.completed(context);
    }
    List<DeferredResult<Void>> createSecurityGroupsDRs = new ArrayList<>();
    AWSSecurityGroupClient sgClient = new AWSSecurityGroupClient(context.amazonEC2Client);
    for (AWSNicContext nicCtx : context.nics) {
        if (nicCtx.securityGroupStates == null) {
            continue;
        }
        Collection<String> foundIds = nicCtx.securityGroupIds;
        List<SecurityGroupState> missingSecurityGroupStates = nicCtx.securityGroupStates.stream().filter(sgState -> !foundIds.contains(sgState.id)).collect(Collectors.toList());
        for (SecurityGroupState missingSGState : missingSecurityGroupStates) {
            DeferredResult<Void> createSGWithRulesDR = createSecurityGroup(sgClient, context, nicCtx, missingSGState).thenCompose(ignore -> createIngressRules(context, nicCtx, missingSGState, sgClient)).thenCompose(ignore -> createEgressRules(context, nicCtx, missingSGState, sgClient)).thenApply(ignore -> (Void) null);
            createSecurityGroupsDRs.add(createSGWithRulesDR);
        }
    }
    return DeferredResult.allOf(createSecurityGroupsDRs).handle((all, exc) -> {
        if (exc != null) {
            String msg = String.format("Error creating SecurityGroups in AWS for [%s] VM.", context.child.name);
            throw new IllegalStateException(msg, exc);
        }
        return context;
    });
}
Also used : InstanceNetworkInterfaceSpecification(com.amazonaws.services.ec2.model.InstanceNetworkInterfaceSpecification) DescribeSubnetsRequest(com.amazonaws.services.ec2.model.DescribeSubnetsRequest) DescribeVpcsRequest(com.amazonaws.services.ec2.model.DescribeVpcsRequest) CREATE_CONTEXT_PROP_NAME(com.vmware.photon.controller.model.ComputeProperties.CREATE_CONTEXT_PROP_NAME) Function(java.util.function.Function) CreateSubnetResult(com.amazonaws.services.ec2.model.CreateSubnetResult) Collections.singletonList(java.util.Collections.singletonList) ArrayList(java.util.ArrayList) DescribeSubnetsResult(com.amazonaws.services.ec2.model.DescribeSubnetsResult) ComputeInstanceRequest(com.vmware.photon.controller.model.adapterapi.ComputeInstanceRequest) SecurityGroupState(com.vmware.photon.controller.model.resources.SecurityGroupService.SecurityGroupState) HashSet(java.util.HashSet) AWSSecurityGroupClient(com.vmware.photon.controller.model.adapters.awsadapter.util.AWSSecurityGroupClient) DescribeVpcsResult(com.amazonaws.services.ec2.model.DescribeVpcsResult) URI_PARAM_INSTANCE_TYPE(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.URI_PARAM_INSTANCE_TYPE) SubnetState(com.vmware.photon.controller.model.resources.SubnetService.SubnetState) Filter(com.amazonaws.services.ec2.model.Filter) Collections.singletonMap(java.util.Collections.singletonMap) URI(java.net.URI) Subnet(com.amazonaws.services.ec2.model.Subnet) StatelessService(com.vmware.xenon.common.StatelessService) AWS_TAG_NAME(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.AWS_TAG_NAME) Vpc(com.amazonaws.services.ec2.model.Vpc) Collection(java.util.Collection) Operation(com.vmware.xenon.common.Operation) Set(java.util.Set) DiskState(com.vmware.photon.controller.model.resources.DiskService.DiskState) Collectors(java.util.stream.Collectors) AWS_VPC_ID_FILTER(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.AWS_VPC_ID_FILTER) URI_PARAM_ENDPOINT(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.URI_PARAM_ENDPOINT) InstanceType(com.vmware.photon.controller.model.support.InstanceTypeList.InstanceType) List(java.util.List) BaseComputeInstanceContext(com.vmware.photon.controller.model.adapters.util.instance.BaseComputeInstanceContext) AWS_SUBNET_ID_FILTER(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.AWS_SUBNET_ID_FILTER) Tag(com.amazonaws.services.ec2.model.Tag) DeferredResult(com.vmware.xenon.common.DeferredResult) UriUtils(com.vmware.xenon.common.UriUtils) DiskService(com.vmware.photon.controller.model.resources.DiskService) AWSDeferredResultAsyncHandler(com.vmware.photon.controller.model.adapters.awsadapter.util.AWSDeferredResultAsyncHandler) CreateSubnetRequest(com.amazonaws.services.ec2.model.CreateSubnetRequest) AmazonEC2AsyncClient(com.amazonaws.services.ec2.AmazonEC2AsyncClient) SecurityGroupState(com.vmware.photon.controller.model.resources.SecurityGroupService.SecurityGroupState) ArrayList(java.util.ArrayList) AWSSecurityGroupClient(com.vmware.photon.controller.model.adapters.awsadapter.util.AWSSecurityGroupClient) DeferredResult(com.vmware.xenon.common.DeferredResult)

Example 10 with AWSSecurityGroupClient

use of com.vmware.photon.controller.model.adapters.awsadapter.util.AWSSecurityGroupClient in project photon-model by vmware.

the class AWSInstanceContext method getSecurityGroups.

/**
 * For every NIC's security group states obtain existing SecurityGroup objects from AWS and
 * store their IDs and Names in context.
 */
private DeferredResult<AWSInstanceContext> getSecurityGroups(AWSInstanceContext context) {
    if (context.nics.isEmpty()) {
        return DeferredResult.completed(context);
    }
    List<DeferredResult<Void>> getSecurityGroupsDRs = new ArrayList<>();
    AWSSecurityGroupClient client = new AWSSecurityGroupClient(context.amazonEC2Client);
    for (AWSNicContext nicCtx : context.nics) {
        getSecurityGroupsDRs.add(getSecurityGroupsPerNIC(client, nicCtx, context.child.name));
    }
    return DeferredResult.allOf(getSecurityGroupsDRs).handle((all, exc) -> {
        if (exc != null) {
            String msg = String.format("Error getting SecurityGroups from AWS for [%s] VM.", context.child.name);
            throw new IllegalStateException(msg, exc);
        }
        return context;
    });
}
Also used : AWSSecurityGroupClient(com.vmware.photon.controller.model.adapters.awsadapter.util.AWSSecurityGroupClient) ArrayList(java.util.ArrayList) DeferredResult(com.vmware.xenon.common.DeferredResult)

Aggregations

AWSSecurityGroupClient (com.vmware.photon.controller.model.adapters.awsadapter.util.AWSSecurityGroupClient)12 SecurityGroup (com.amazonaws.services.ec2.model.SecurityGroup)6 ArrayList (java.util.ArrayList)6 AmazonEC2AsyncClient (com.amazonaws.services.ec2.AmazonEC2AsyncClient)5 Vpc (com.amazonaws.services.ec2.model.Vpc)5 List (java.util.List)5 AmazonServiceException (com.amazonaws.AmazonServiceException)4 Filter (com.amazonaws.services.ec2.model.Filter)4 Tag (com.amazonaws.services.ec2.model.Tag)4 DiskService (com.vmware.photon.controller.model.resources.DiskService)4 SecurityGroupState (com.vmware.photon.controller.model.resources.SecurityGroupService.SecurityGroupState)4 DeferredResult (com.vmware.xenon.common.DeferredResult)4 Operation (com.vmware.xenon.common.Operation)4 SubnetState (com.vmware.photon.controller.model.resources.SubnetService.SubnetState)3 UriUtils (com.vmware.xenon.common.UriUtils)3 Collection (java.util.Collection)3 HashSet (java.util.HashSet)3 AsyncHandler (com.amazonaws.handlers.AsyncHandler)2 AmazonEC2Exception (com.amazonaws.services.ec2.model.AmazonEC2Exception)2 CreateSubnetRequest (com.amazonaws.services.ec2.model.CreateSubnetRequest)2