Examples with SecurityGroupState com.vmware.photon.controller.model.resources.SecurityGroupService.SecurityGroupState used on opensource projects

Example 11 with SecurityGroupState

use of com.vmware.photon.controller.model.resources.SecurityGroupService.SecurityGroupState in project photon-model by vmware.

the class AWSRebootServiceTest method assertAndSetVMSecurityGroupsToBeDeleted.

private void assertAndSetVMSecurityGroupsToBeDeleted(Instance instance, ComputeState vm) {
    // This assert is only suitable for real (non-mocking env).
    if (this.isMock) {
        return;
    }
    this.host.log(Level.INFO, "%s: Assert security groups configuration for [%s] VM", this.currentTestName.getMethodName(), this.vmState.name);
    // Get the SecurityGroupStates that were provided in the request ComputeState
    Collector<SecurityGroupState, ?, Map<String, SecurityGroupState>> convertToMap = Collectors.<SecurityGroupState, String, SecurityGroupState>toMap(sg -> sg.name, sg -> sg);
    Map<String, SecurityGroupState> currentSGNamesToStates = vm.networkInterfaceLinks.stream().map(nicLink -> this.host.getServiceState(null, NetworkInterfaceState.class, UriUtils.buildUri(this.host, nicLink))).<// collect all SecurityGroup States from all NIC states
    SecurityGroupState>flatMap(nicState -> nicState.securityGroupLinks.stream().map(sgLink -> {
        SecurityGroupState sgState = this.host.getServiceState(null, SecurityGroupState.class, UriUtils.buildUri(this.host, sgLink));
        return sgState;
    })).collect(convertToMap);
    // Compare ComputeState after provisioning to the ComputeState in the request
    assertNotNull("Instance should have security groups attached.", instance.getSecurityGroups());
    // Provisioned Instance should have the same number of SecurityGroups as requested
    assertEquals(instance.getSecurityGroups().size(), currentSGNamesToStates.size());
    for (SecurityGroupState currentSGState : currentSGNamesToStates.values()) {
        // Get corresponding requested state
        GroupIdentifier provisionedGroupIdentifier = null;
        for (GroupIdentifier awsGroupIdentifier : instance.getSecurityGroups()) {
            if (awsGroupIdentifier.getGroupId().equals(currentSGState.id)) {
                provisionedGroupIdentifier = awsGroupIdentifier;
                break;
            }
        }
        // Ensure that the requested SecurityGroup was actually provisioned
        assertNotNull(provisionedGroupIdentifier);
        if (currentSGState.name.contains(TestAWSSetupUtils.AWS_NEW_GROUP_PREFIX)) {
            this.sgToCleanUp = currentSGState.id;
            SecurityGroup awsSecurityGroup = getSecurityGroupsIdUsingEC2Client(this.client, provisionedGroupIdentifier.getGroupId());
            assertNotNull(awsSecurityGroup);
            // Validate rules are correctly created as requested
            IpPermission awsIngressRule = awsSecurityGroup.getIpPermissions().get(0);
            IpPermission awsEgressRule = awsSecurityGroup.getIpPermissionsEgress().get(1);
            assertNotNull(awsIngressRule);
            assertNotNull(awsEgressRule);
            assertEquals("Error in created ingress rule", awsIngressRule.getIpProtocol(), currentSGState.ingress.get(0).protocol);
            assertEquals("Error in created ingress rule", awsIngressRule.getIpv4Ranges().get(0).getCidrIp(), currentSGState.ingress.get(0).ipRangeCidr);
            assertEquals("Error in created egress rule", awsEgressRule.getIpProtocol(), currentSGState.egress.get(0).protocol);
            assertEquals("Error in created egress rule", awsEgressRule.getIpv4Ranges().get(0).getCidrIp(), currentSGState.egress.get(0).ipRangeCidr);
        }
    }
}

Example 12 with SecurityGroupState

use of com.vmware.photon.controller.model.resources.SecurityGroupService.SecurityGroupState in project photon-model by vmware.

the class AWSSecurityGroupEnumerationAdapterService method createResponse.

/**
 * Having the enumerated SecurityGroup Ids, query the States and provide them in the response
 */
private DeferredResult<AWSSecurityGroupEnumerationResponse> createResponse(SecurityGroupEnumContext context) {
    AWSSecurityGroupEnumerationResponse response = new AWSSecurityGroupEnumerationResponse();
    if (context.enumExternalResourcesIds == null || context.enumExternalResourcesIds.isEmpty()) {
        DeferredResult<AWSSecurityGroupEnumerationResponse> deferredResult = new DeferredResult<>();
        deferredResult.complete(response);
        return deferredResult;
    }
    Query.Builder findSecurityGroupStates = Builder.create().addKindFieldClause(SecurityGroupState.class).addFieldClause(ResourceState.FIELD_NAME_COMPUTE_HOST_LINK, context.request.parentCompute.documentSelfLink).addInClause(SecurityGroupState.FIELD_NAME_ID, context.enumExternalResourcesIds);
    QueryTop<SecurityGroupState> querySecurityGroupStates = new QueryTop<>(context.service.getHost(), findSecurityGroupStates.build(), SecurityGroupState.class, context.request.parentCompute.tenantLinks).setMaxResultsLimit(context.enumExternalResourcesIds.size());
    querySecurityGroupStates.setClusterType(ServiceTypeCluster.INVENTORY_SERVICE);
    return querySecurityGroupStates.queryDocuments(sgState -> response.securityGroupStates.put(sgState.id, sgState.documentSelfLink)).thenApply(aVoid -> response);
}

Example 13 with SecurityGroupState

use of com.vmware.photon.controller.model.resources.SecurityGroupService.SecurityGroupState in project photon-model by vmware.

the class TestProvisionAWSSecurityGroup method testInvalidAuthAWSSecurityGroup.

@Test
public void testInvalidAuthAWSSecurityGroup() throws Throwable {
    // create credentials
    Operation authResponse = new Operation();
    TestUtils.postCredentials(this.host, authResponse, this.privateKey, "invalid");
    AuthCredentialsServiceState creds = authResponse.getBody(AuthCredentialsServiceState.class);
    // create resource pool
    Operation poolResponse = new Operation();
    TestUtils.postResourcePool(this.host, poolResponse);
    ResourcePoolState pool = poolResponse.getBody(ResourcePoolState.class);
    // create sq service
    Operation securityGroupResponse = new Operation();
    SecurityGroupState securityGroupInitialState = buildSecurityGroupState(creds, pool);
    TestUtils.postSecurityGroup(this.host, securityGroupInitialState, securityGroupResponse);
    SecurityGroupState securityGroupState = securityGroupResponse.getBody(SecurityGroupState.class);
    // set up security group task state
    ProvisionSecurityGroupTaskState task = new ProvisionSecurityGroupTaskState();
    task.requestType = SecurityGroupInstanceRequest.InstanceRequestType.CREATE;
    task.securityGroupDescriptionLinks = Stream.of(securityGroupState.documentSelfLink).collect(Collectors.toSet());
    task.customProperties = new HashMap<>();
    task.customProperties.put(NETWORK_STATE_ID_PROP_NAME, this.vpcId);
    Operation provision = new Operation();
    provisionSecurityGroup(task, provision);
    ProvisionSecurityGroupTaskState ps = provision.getBody(ProvisionSecurityGroupTaskState.class);
    waitForTaskFailure(this.host, UriUtils.buildUri(this.host, ps.documentSelfLink));
}

Example 14 with SecurityGroupState

use of com.vmware.photon.controller.model.resources.SecurityGroupService.SecurityGroupState in project photon-model by vmware.

the class TestProvisionAWSSecurityGroup method buildSecurityGroupState.

private SecurityGroupState buildSecurityGroupState(AuthCredentialsServiceState creds, ResourcePoolState pool) {
    URI tenantFactoryURI = UriUtils.buildFactoryUri(this.host, TenantService.class);
    SecurityGroupState securityGroup = new SecurityGroupState();
    securityGroup.id = UUID.randomUUID().toString();
    securityGroup.name = "test-sg-" + securityGroup.id;
    securityGroup.tenantLinks = new ArrayList<>();
    securityGroup.tenantLinks.add(UriUtils.buildUriPath(tenantFactoryURI.getPath(), "tenantA"));
    securityGroup.ingress = getGlobalSSHRule();
    securityGroup.egress = getGlobalSSHRule();
    securityGroup.egress.get(0).ipRangeCidr = this.vpc.getCidrBlock();
    securityGroup.authCredentialsLink = creds.documentSelfLink;
    securityGroup.resourcePoolLink = pool.documentSelfLink;
    securityGroup.regionId = this.region;
    securityGroup.instanceAdapterReference = UriUtils.buildUri(ServiceHost.LOCAL_HOST, this.host.getPort(), AWSUriPaths.AWS_SECURITY_GROUP_ADAPTER, null);
    return securityGroup;
}

Example 15 with SecurityGroupState

use of com.vmware.photon.controller.model.resources.SecurityGroupService.SecurityGroupState in project photon-model by vmware.

the class TestProvisionAWSSecurityGroup method testProvisionAWSSecurityGroupPartialFailure.

@Test
public void testProvisionAWSSecurityGroupPartialFailure() throws Throwable {
    // create credentials
    Operation authResponse = new Operation();
    TestUtils.postCredentials(this.host, authResponse, this.privateKey, this.privateKeyId);
    AuthCredentialsServiceState creds = authResponse.getBody(AuthCredentialsServiceState.class);
    // create resource pool
    Operation poolResponse = new Operation();
    TestUtils.postResourcePool(this.host, poolResponse);
    ResourcePoolState pool = poolResponse.getBody(ResourcePoolState.class);
    // create two security groups
    Operation securityGroupResponse = new Operation();
    SecurityGroupState initialSecurityGroupState = buildSecurityGroupState(creds, pool);
    TestUtils.postSecurityGroup(this.host, initialSecurityGroupState, securityGroupResponse);
    SecurityGroupState securityGroupState1 = securityGroupResponse.getBody(SecurityGroupState.class);
    initialSecurityGroupState = buildSecurityGroupState(creds, pool);
    TestUtils.postSecurityGroup(this.host, initialSecurityGroupState, securityGroupResponse);
    SecurityGroupState securityGroupState2 = securityGroupResponse.getBody(SecurityGroupState.class);
    // delete the second security group to simulate failure
    TestUtils.deleteSecurityGroup(this.host, securityGroupState2.documentSelfLink);
    // verify the second security group is gone
    try {
        getSecurityGroupState(securityGroupState2.documentSelfLink);
    } catch (Exception ex) {
        assertTrue(ex instanceof ServiceNotFoundException);
    }
    // set up security group task state
    ProvisionSecurityGroupTaskState task = new ProvisionSecurityGroupTaskState();
    task.requestType = SecurityGroupInstanceRequest.InstanceRequestType.CREATE;
    task.securityGroupDescriptionLinks = Stream.of(securityGroupState1.documentSelfLink, securityGroupState2.documentSourceLink).collect(Collectors.toSet());
    task.customProperties = new HashMap<>();
    task.customProperties.put(NETWORK_STATE_ID_PROP_NAME, this.vpcId);
    Operation provision = new Operation();
    provisionSecurityGroup(task, provision);
    ProvisionSecurityGroupTaskState ps = provision.getBody(ProvisionSecurityGroupTaskState.class);
    waitForTaskFailure(this.host, UriUtils.buildUri(this.host, ps.documentSelfLink));
    validateAWSArtifacts(securityGroupState1.documentSelfLink, creds);
    // validate that the second security group was not created
    assertNull(getAWSSecurityGroup(securityGroupState2.name, creds));
    // reuse previous task, but switch to a delete
    task.requestType = SecurityGroupInstanceRequest.InstanceRequestType.DELETE;
    Operation remove = new Operation();
    provisionSecurityGroup(task, remove);
    ProvisionSecurityGroupTaskState removeTask = remove.getBody(ProvisionSecurityGroupTaskState.class);
    waitForTaskFailure(this.host, UriUtils.buildUri(this.host, removeTask.documentSelfLink));
    // verify security group state is gone
    try {
        getSecurityGroupState(securityGroupState1.documentSelfLink);
    } catch (Exception ex) {
        assertTrue(ex instanceof ServiceNotFoundException);
    }
}