use of com.vmware.photon.controller.model.resources.SecurityGroupService.SecurityGroupState in project photon-model by vmware.
the class SecurityGroupServiceTest method buildValidStartState.
private static SecurityGroupService.SecurityGroupState buildValidStartState(boolean assignHost) {
SecurityGroupService.SecurityGroupState securityGroupState = new SecurityGroupService.SecurityGroupState();
securityGroupState.id = UUID.randomUUID().toString();
securityGroupState.name = securityGroupState.id;
securityGroupState.tenantLinks = new ArrayList<>();
securityGroupState.tenantLinks.add("tenant-linkA");
securityGroupState.ingress = getAllowIngressRules();
securityGroupState.egress = getAllowEgressRules();
securityGroupState.regionId = "regionId";
securityGroupState.authCredentialsLink = "/link/to/auth";
securityGroupState.resourcePoolLink = "/link/to/rp";
if (assignHost) {
securityGroupState.computeHostLink = "host-1";
}
try {
securityGroupState.instanceAdapterReference = new URI("http://instanceAdapterReference");
} catch (Exception e) {
securityGroupState.instanceAdapterReference = null;
}
return securityGroupState;
}
use of com.vmware.photon.controller.model.resources.SecurityGroupService.SecurityGroupState in project photon-model by vmware.
the class TestAWSEnumerationTask method testTagEnumeration.
@Test
public void testTagEnumeration() throws Throwable {
if (this.isMock) {
return;
}
setUpTestVolume(this.host, this.client, this.awsTestContext, this.isMock);
this.snapshotId = (String) this.awsTestContext.get(TestAWSSetupUtils.SNAPSHOT_KEY);
this.ebsBlockDevice = new EbsBlockDevice().withSnapshotId(this.snapshotId);
this.blockDeviceMapping = new BlockDeviceMapping().withDeviceName(BLOCK_DEVICE_NAME).withEbs(this.ebsBlockDevice);
this.diskId = (String) this.awsTestContext.get(TestAWSSetupUtils.DISK_KEY);
this.host.log("Running test: " + this.currentTestName.getMethodName());
// VM tags
Tag tag1 = new Tag(VM_TAG_KEY_1, VM_TAG_VALUE_1);
Tag tag2 = new Tag(VM_TAG_KEY_2, VM_TAG_VALUE_2);
Tag tag3 = new Tag(VM_TAG_KEY_3, VM_TAG_VALUE_3);
List<Tag> vmTags = Arrays.asList(tag1, tag2, tag3);
// SG tag
List<Tag> sgTags = new ArrayList<>();
sgTags.add(new Tag(INITIAL_SG_TAG, INITIAL_SG_TAG));
// Network tag
List<Tag> networkTags = new ArrayList<>();
networkTags.add(new Tag(INITIAL_VPC_TAG, INITIAL_VPC_TAG));
// Subnet tag
List<Tag> subnetTags = new ArrayList<>();
subnetTags.add(new Tag(INITIAL_SUBNET_TAG, INITIAL_SUBNET_TAG));
// Disk tag
List<Tag> diskTags = new ArrayList<>();
diskTags.add(new Tag(INITIAL_DISK_TAG, INITIAL_DISK_TAG));
try {
String linuxVMId1 = provisionAWSEBSVMWithEC2Client(this.host, this.client, EC2_LINUX_AMI, this.subnetId, this.securityGroupId, this.blockDeviceMapping);
this.instancesToCleanUp.add(linuxVMId1);
waitForProvisioningToComplete(this.instancesToCleanUp, this.host, this.client, ZERO);
// Tag the first VM with a name and add some additional tags
tagResourcesWithName(this.client, VM_NAME, linuxVMId1);
List<Tag> linuxVMId1Tags = Arrays.asList(tag1, tag2);
// tag vm, default SG, VPC, Subnet and Disk
tagResources(this.client, linuxVMId1Tags, linuxVMId1);
tagResources(this.client, sgTags, this.securityGroupId);
tagResources(this.client, networkTags, this.vpcId);
tagResources(this.client, subnetTags, this.subnetId);
tagResources(this.client, diskTags, this.diskId);
enumerateResources(this.host, this.computeHost, this.endpointState, this.isMock, TEST_CASE_INITIAL);
String linuxVMId2 = provisionAWSEBSVMWithEC2Client(this.host, this.client, EC2_LINUX_AMI, this.subnetId, this.securityGroupId, this.blockDeviceMapping);
this.instancesToCleanUp.add(linuxVMId2);
waitForProvisioningToComplete(this.instancesToCleanUp, this.host, this.client, ZERO);
// Name the second VM and add some tags
tagResourcesWithName(this.client, VM_UPDATED_NAME, linuxVMId2);
List<Tag> linuxVMId2Tags = Arrays.asList(tag2, tag3);
tagResources(this.client, linuxVMId2Tags, linuxVMId2);
// Un-tag the resources
unTagResources(this.client, sgTags, this.securityGroupId);
unTagResources(this.client, networkTags, this.vpcId);
unTagResources(this.client, subnetTags, this.subnetId);
unTagResources(this.client, diskTags, this.diskId);
// re-init tag arrays
sgTags = new ArrayList<>();
networkTags = new ArrayList<>();
subnetTags = new ArrayList<>();
diskTags = new ArrayList<>();
// new key-value set remotely should result in a new tag state created locally
// and a new tag link added to the SecurityGroupState, NetworkState, SubnetState and
// DiskState
sgTags.add(new Tag(SECONDARY_SG_TAG, SECONDARY_SG_TAG));
networkTags.add(new Tag(SECONDARY_VPC_TAG, SECONDARY_VPC_TAG));
subnetTags.add(new Tag(SECONDARY_SUBNET_TAG, SECONDARY_SUBNET_TAG));
diskTags.add(new Tag(SECONDARY_DISK_TAG, SECONDARY_DISK_TAG));
// tag again default SG, VPC, Subnet and Disk
tagResources(this.client, diskTags, this.diskId);
tagResources(this.client, sgTags, this.securityGroupId);
tagResources(this.client, networkTags, this.vpcId);
tagResources(this.client, subnetTags, this.subnetId);
enumerateResources(this.host, this.computeHost, this.endpointState, this.isMock, TEST_CASE_INITIAL);
validateComputeName(linuxVMId1, VM_NAME);
validateComputeName(linuxVMId2, VM_UPDATED_NAME);
// Validate tag states number
int allTagsNumber = vmTags.size() + sgTags.size() + networkTags.size() + subnetTags.size() + diskTags.size();
queryDocumentsAndAssertExpectedCount(this.host, allTagsNumber, TagService.FACTORY_LINK, false);
ServiceDocumentQueryResult serviceDocumentQueryResult = queryAllFactoryResources(this.host, TagService.FACTORY_LINK);
Map<String, TagState> tagsMap = new HashMap<>();
for (Entry<String, Object> entry : serviceDocumentQueryResult.documents.entrySet()) {
tagsMap.put(entry.getKey(), Utils.fromJson(entry.getValue(), TagState.class));
}
// validate security group tags
Map<String, SecurityGroupState> allSecurityGroupStatesMap = ProvisioningUtils.<SecurityGroupState>getResourceStates(this.host, SecurityGroupService.FACTORY_LINK, SecurityGroupState.class);
SecurityGroupState defaultSgState = allSecurityGroupStatesMap.get(this.securityGroupId);
// ensure one link is deleted and one new is added to the sg state. One additional
// link is an internal tag.
assertNotNull(defaultSgState.tagLinks);
assertEquals("Wrong number of security-group tag links found.", 1 + internalTagsCount1, defaultSgState.tagLinks.size());
// validate vpc tags
Map<String, NetworkState> allNetworkStatesMap = ProvisioningUtils.<NetworkState>getResourceStates(this.host, NetworkService.FACTORY_LINK, NetworkState.class);
NetworkState defaultNetworkState = allNetworkStatesMap.get(this.vpcId);
// ensure one link is deleted and one new is added to the network state. One additional
// link is an internal tag.
assertEquals("Wrong number of network tag links found.", 1 + internalTagsCount1, defaultNetworkState.tagLinks.size());
// validate subnet tags
Map<String, SubnetState> allSubnetStatesMap = ProvisioningUtils.<SubnetState>getResourceStates(this.host, SubnetService.FACTORY_LINK, SubnetState.class);
SubnetState defaultSubnetState = allSubnetStatesMap.get(this.subnetId);
// ensure one link is deleted and one new is added to the subnet state. One additional
// link is an internal tag.
assertEquals("Wrong number of subnet tag links found.", 1 + internalTagsCount1, defaultSubnetState.tagLinks.size());
// validate disk tags
Map<String, DiskState> allDiskStatesMap = ProvisioningUtils.<DiskState>getResourceStates(this.host, DiskService.FACTORY_LINK, DiskState.class);
DiskState defaultDiskState = allDiskStatesMap.get(this.diskId);
// ensure one link is deleted and one new is added to the disk state
assertEquals("Wrong number of disk tag links found.", 1 + internalTagsCount1, defaultDiskState.tagLinks.size());
// ensure EBS disk has an internal type tag set
assertTrue(defaultDiskState.tagLinks.contains(TagsUtil.newTagState(TAG_KEY_TYPE, AWSResourceType.ebs_block.toString(), false, this.endpointState.tenantLinks).documentSelfLink));
// validate vm tags
Map<Tag, String> vmTagLinks = new HashMap<>();
for (Tag tag : vmTags) {
for (TagState tagState : tagsMap.values()) {
if (tagState.key.equals(tag.getKey())) {
vmTagLinks.put(tag, tagState.documentSelfLink);
}
}
}
ComputeState linuxVMId1ComputeState = getComputeByAWSId(this.host, linuxVMId1);
// compute has 2 remote tags + 1 local tag
assertEquals(linuxVMId1Tags.size() + internalTagsCount1, linuxVMId1ComputeState.tagLinks.size());
for (Tag tag : linuxVMId1Tags) {
assertTrue(linuxVMId1ComputeState.tagLinks.contains(vmTagLinks.get(tag)));
}
ComputeState linuxVMId2ComputeState = getComputeByAWSId(this.host, linuxVMId2);
assertEquals(linuxVMId2Tags.size() + internalTagsCount1, linuxVMId2ComputeState.tagLinks.size());
for (Tag tag : linuxVMId2Tags) {
assertTrue(linuxVMId2ComputeState.tagLinks.contains(vmTagLinks.get(tag)));
}
} catch (Throwable t) {
this.host.log("Exception occurred during test execution: %s", t.getMessage());
if (t instanceof AssertionError) {
fail("Assert exception occurred during test execution: " + t.getMessage());
}
} finally {
// un-tag default SG
unTagResources(this.client, sgTags, this.securityGroupId);
// un-tag default VPC
unTagResources(this.client, networkTags, this.vpcId);
// un-tag default Subnet
unTagResources(this.client, subnetTags, this.subnetId);
// un-tag default Disk
unTagResources(this.client, diskTags, this.diskId);
tearDownTestDisk(this.client, this.host, this.awsTestContext, this.isMock);
}
}
use of com.vmware.photon.controller.model.resources.SecurityGroupService.SecurityGroupState in project photon-model by vmware.
the class TestAWSSetupUtils method createSecurityGroupState.
public static SecurityGroupState createSecurityGroupState(VerificationHost host, ComputeState computeHost, EndpointState endpointState, boolean existing, Map<String, Object> awsTestContext) throws Throwable {
SecurityGroupState securityGroupState = new SecurityGroupState();
if (existing) {
securityGroupState.id = (String) awsTestContext.get(SECURITY_GROUP_KEY);
securityGroupState.name = (String) awsTestContext.get(SECURITY_GROUP_NAME_KEY);
} else {
securityGroupState.id = "sg-" + UUID.randomUUID().toString().substring(0, 8);
securityGroupState.name = AWS_NEW_GROUP_PREFIX + securityGroupState.id;
}
securityGroupState.authCredentialsLink = endpointState.authCredentialsLink;
securityGroupState.regionId = regionId;
securityGroupState.endpointLink = endpointState.documentSelfLink;
securityGroupState.endpointLinks = new HashSet<String>();
securityGroupState.endpointLinks.add(endpointState.documentSelfLink);
securityGroupState.tenantLinks = endpointState.tenantLinks;
Rule ssh = new Rule();
ssh.name = "ssh";
ssh.protocol = "tcp";
ssh.ipRangeCidr = "0.0.0.0/0";
ssh.ports = "22";
securityGroupState.ingress = new ArrayList<>();
securityGroupState.ingress.add(ssh);
Rule out = new Rule();
out.name = "out";
out.protocol = "tcp";
out.ipRangeCidr = "0.0.0.0/0";
out.ports = "1-65535";
securityGroupState.egress = new ArrayList<>();
securityGroupState.egress.add(out);
securityGroupState.regionId = "regionId";
securityGroupState.resourcePoolLink = "/link/to/rp";
securityGroupState.instanceAdapterReference = new URI("http://instanceAdapterReference");
return TestUtils.doPost(host, securityGroupState, SecurityGroupState.class, UriUtils.buildUri(host, SecurityGroupService.FACTORY_LINK));
}
use of com.vmware.photon.controller.model.resources.SecurityGroupService.SecurityGroupState in project photon-model by vmware.
the class AWSInstanceContext method createSecurityGroup.
/**
* For the provided SecurityGroupState, create corresponding SecurityGroup on AWS.
*/
private DeferredResult<Void> createSecurityGroup(AWSSecurityGroupClient client, AWSInstanceContext context, AWSNicContext nicCtx, SecurityGroupState missingSecurityGroupState) {
// Once AWS security group creation is done PATCH SecurityGroupState.id {{
Function<String, DeferredResult<SecurityGroupState>> patchSecurityGroupState = (ignore) -> {
SecurityGroupState patchSecurityGroup = new SecurityGroupState();
// updated after creating SG in AWS
patchSecurityGroup.id = missingSecurityGroupState.id;
Operation op = Operation.createPatch(context.service.getHost(), missingSecurityGroupState.documentSelfLink).setBody(patchSecurityGroup);
return context.service.sendWithDeferredResult(op, SecurityGroupState.class);
};
// use state name for both group name and description
return client.createSecurityGroupAsync(missingSecurityGroupState.name, missingSecurityGroupState.name, nicCtx.vpc.getVpcId()).thenCompose(sgId -> {
nicCtx.securityGroupIds.add(sgId);
// keep the new ID in order to patch the state after creation is done
missingSecurityGroupState.id = sgId;
return DeferredResult.completed(sgId);
}).thenCompose(patchSecurityGroupState).thenApply(ignore -> (Void) null);
}
use of com.vmware.photon.controller.model.resources.SecurityGroupService.SecurityGroupState in project photon-model by vmware.
the class AWSInstanceContext method createSecurityGroupsIfNotExist.
/**
* When there are SecurityGroupStates for the new VM to be provisioned, for which there are no
* corresponding existing SecurityGroups in AWS, the missing SecurityGroups are created
*/
private DeferredResult<AWSInstanceContext> createSecurityGroupsIfNotExist(AWSInstanceContext context) {
if (context.nics.isEmpty()) {
return DeferredResult.completed(context);
}
List<DeferredResult<Void>> createSecurityGroupsDRs = new ArrayList<>();
AWSSecurityGroupClient sgClient = new AWSSecurityGroupClient(context.amazonEC2Client);
for (AWSNicContext nicCtx : context.nics) {
if (nicCtx.securityGroupStates == null) {
continue;
}
Collection<String> foundIds = nicCtx.securityGroupIds;
List<SecurityGroupState> missingSecurityGroupStates = nicCtx.securityGroupStates.stream().filter(sgState -> !foundIds.contains(sgState.id)).collect(Collectors.toList());
for (SecurityGroupState missingSGState : missingSecurityGroupStates) {
DeferredResult<Void> createSGWithRulesDR = createSecurityGroup(sgClient, context, nicCtx, missingSGState).thenCompose(ignore -> createIngressRules(context, nicCtx, missingSGState, sgClient)).thenCompose(ignore -> createEgressRules(context, nicCtx, missingSGState, sgClient)).thenApply(ignore -> (Void) null);
createSecurityGroupsDRs.add(createSGWithRulesDR);
}
}
return DeferredResult.allOf(createSecurityGroupsDRs).handle((all, exc) -> {
if (exc != null) {
String msg = String.format("Error creating SecurityGroups in AWS for [%s] VM.", context.child.name);
throw new IllegalStateException(msg, exc);
}
return context;
});
}
Aggregations