Example 1 with IPRange
use of io.cdap.cdap.runtime.spi.common.IPRange in project cdap by caskdata.
the class DataprocClient method getFirewallTargetTags.
/**
* Finds ingress firewall rules for the configured network that matches the required firewall port as
* defined in {@link FirewallPort}.
*
* @return a {@link Collection} of tags that need to be added to the VM to have those firewall rules applies
* @throws IOException If failed to discover those firewall rules
*/
private List<String> getFirewallTargetTags(Network network, boolean useInternalIP) throws IOException, RetryableProvisionException {
FirewallList firewalls;
try {
firewalls = compute.firewalls().list(conf.getNetworkHostProjectID()).execute();
} catch (Exception e) {
handleRetryableExceptions(e);
throw e;
}
List<String> tags = new ArrayList<>();
Set<FirewallPort> requiredPorts = EnumSet.allOf(FirewallPort.class);
// Iterate all firewall rules and see if it has ingress rules for all required firewall port.
for (Firewall firewall : Optional.ofNullable(firewalls.getItems()).orElse(Collections.emptyList())) {
// network is a url like https://www.googleapis.com/compute/v1/projects/<project>/<region>/networks/<name>
// we want to get the last section of the path and compare to the configured network name
int idx = firewall.getNetwork().lastIndexOf('/');
String networkName = idx >= 0 ? firewall.getNetwork().substring(idx + 1) : firewall.getNetwork();
if (!networkName.equals(network.getName())) {
continue;
}
String direction = firewall.getDirection();
if (!"INGRESS".equals(direction) || firewall.getAllowed() == null) {
continue;
}
if (useInternalIP) {
// private IP blocks in order to be able to communicate with Dataproc.
try {
List<IPRange> sourceRanges = Optional.ofNullable(firewall.getSourceRanges()).map(DataprocUtils::parseIPRanges).orElse(Collections.emptyList());
if (!sourceRanges.isEmpty()) {
boolean isPrivate = PRIVATE_IP_RANGES.stream().anyMatch(privateRange -> sourceRanges.stream().anyMatch(privateRange::isOverlap));
if (!isPrivate) {
continue;
}
}
} catch (Exception e) {
LOG.warn("Failed to parse source ranges from firewall rule {}", firewall.getName(), e);
}
}
for (Firewall.Allowed allowed : firewall.getAllowed()) {
String protocol = allowed.getIPProtocol();
boolean addTag = false;
if ("all".equalsIgnoreCase(protocol)) {
requiredPorts.clear();
addTag = true;
} else if ("tcp".equalsIgnoreCase(protocol) && isPortAllowed(allowed.getPorts(), FirewallPort.SSH.port)) {
requiredPorts.remove(FirewallPort.SSH);
addTag = true;
}
if (addTag && firewall.getTargetTags() != null && !firewall.getTargetTags().isEmpty()) {
tags.add(firewall.getTargetTags().iterator().next());
}
}
}
if (!requiredPorts.isEmpty()) {
String portList = requiredPorts.stream().map(p -> String.valueOf(p.port)).collect(Collectors.joining(","));
throw new IllegalArgumentException(String.format("Could not find an ingress firewall rule for network '%s' in project '%s' for ports '%s'. " + "Please create a rule to allow incoming traffic on those ports for your IP range.", network.getName(), conf.getNetworkHostProjectID(), portList));
}
return tags;
}
Also used :
FirewallList(com.google.api.services.compute.model.FirewallList)
HttpURLConnection(java.net.HttpURLConnection)
NetworkPeering(com.google.api.services.compute.model.NetworkPeering)
Arrays(java.util.Arrays)
OperationFuture(com.google.api.gax.longrunning.OperationFuture)
NotFoundException(com.google.api.gax.rpc.NotFoundException)
LoggerFactory(org.slf4j.LoggerFactory)
HttpStatus(org.apache.http.HttpStatus)
FixedCredentialsProvider(com.google.api.gax.core.FixedCredentialsProvider)
Network(com.google.api.services.compute.model.Network)
DeleteClusterRequest(com.google.cloud.dataproc.v1.DeleteClusterRequest)
GoogleJsonResponseException(com.google.api.client.googleapis.json.GoogleJsonResponseException)
GeneralSecurityException(java.security.GeneralSecurityException)
GetClusterRequest(com.google.cloud.dataproc.v1.GetClusterRequest)
Cluster(com.google.cloud.dataproc.v1.Cluster)
NodeInitializationAction(com.google.cloud.dataproc.v1.NodeInitializationAction)
Map(java.util.Map)
CredentialsProvider(com.google.api.gax.core.CredentialsProvider)
ParseException(java.text.ParseException)
EnumSet(java.util.EnumSet)
AutoscalingConfig(com.google.cloud.dataproc.v1.AutoscalingConfig)
ImmutableSet(com.google.common.collect.ImmutableSet)
ClusterStatus(com.google.cloud.dataproc.v1.ClusterStatus)
JacksonFactory(com.google.api.client.json.jackson2.JacksonFactory)
Predicate(java.util.function.Predicate)
Collection(java.util.Collection)
HttpTransport(com.google.api.client.http.HttpTransport)
Status(com.google.rpc.Status)
Set(java.util.Set)
GoogleNetHttpTransport(com.google.api.client.googleapis.javanet.GoogleNetHttpTransport)
HttpResponseException(com.google.api.client.http.HttpResponseException)
Collectors(java.util.stream.Collectors)
AlreadyExistsException(com.google.api.gax.rpc.AlreadyExistsException)
Node(io.cdap.cdap.runtime.spi.provisioner.Node)
InstanceGroupConfig(com.google.cloud.dataproc.v1.InstanceGroupConfig)
Objects(java.util.Objects)
List(java.util.List)
HttpStatusCodes(com.google.api.client.http.HttpStatusCodes)
Stream(java.util.stream.Stream)
OperationsClient(com.google.longrunning.OperationsClient)
HttpCredentialsAdapter(com.google.auth.http.HttpCredentialsAdapter)
FirewallList(com.google.api.services.compute.model.FirewallList)
FieldMask(com.google.protobuf.FieldMask)
IPRange(io.cdap.cdap.runtime.spi.common.IPRange)
SSHPublicKey(io.cdap.cdap.runtime.spi.ssh.SSHPublicKey)
Optional(java.util.Optional)
Compute(com.google.api.services.compute.Compute)
SoftwareConfig(com.google.cloud.dataproc.v1.SoftwareConfig)
DataprocUtils(io.cdap.cdap.runtime.spi.common.DataprocUtils)
Instance(com.google.api.services.compute.model.Instance)
ClusterConfig(com.google.cloud.dataproc.v1.ClusterConfig)
SimpleDateFormat(java.text.SimpleDateFormat)
HashMap(java.util.HashMap)
HttpRequest(com.google.api.client.http.HttpRequest)
UpdateClusterRequest(com.google.cloud.dataproc.v1.UpdateClusterRequest)
Operation(com.google.longrunning.Operation)
GceClusterConfig(com.google.cloud.dataproc.v1.GceClusterConfig)
ArrayList(java.util.ArrayList)
ClusterOperationMetadata(com.google.cloud.dataproc.v1.ClusterOperationMetadata)
HashSet(java.util.HashSet)
Strings(com.google.common.base.Strings)
NetworkList(com.google.api.services.compute.model.NetworkList)
DiskConfig(com.google.cloud.dataproc.v1.DiskConfig)
HttpRequestInitializer(com.google.api.client.http.HttpRequestInitializer)
AccessConfig(com.google.api.services.compute.model.AccessConfig)
Firewall(com.google.api.services.compute.model.Firewall)
SocketTimeoutException(java.net.SocketTimeoutException)
ShieldedInstanceConfig(com.google.cloud.dataproc.v1.ShieldedInstanceConfig)
StreamSupport(java.util.stream.StreamSupport)
Nullable(javax.annotation.Nullable)
ClusterControllerClient(com.google.cloud.dataproc.v1.ClusterControllerClient)
RetryableProvisionException(io.cdap.cdap.runtime.spi.provisioner.RetryableProvisionException)
Logger(org.slf4j.Logger)
EncryptionConfig(com.google.cloud.dataproc.v1.EncryptionConfig)
IOException(java.io.IOException)
ApiException(com.google.api.gax.rpc.ApiException)
ClusterControllerSettings(com.google.cloud.dataproc.v1.ClusterControllerSettings)
ExecutionException(java.util.concurrent.ExecutionException)
TimeUnit(java.util.concurrent.TimeUnit)
Duration(com.google.protobuf.Duration)
EndpointConfig(com.google.cloud.dataproc.v1.EndpointConfig)
LifecycleConfig(com.google.cloud.dataproc.v1.LifecycleConfig)
Collections(java.util.Collections)
ArrayList(java.util.ArrayList)
IPRange(io.cdap.cdap.runtime.spi.common.IPRange)
NotFoundException(com.google.api.gax.rpc.NotFoundException)
GoogleJsonResponseException(com.google.api.client.googleapis.json.GoogleJsonResponseException)
GeneralSecurityException(java.security.GeneralSecurityException)
ParseException(java.text.ParseException)
HttpResponseException(com.google.api.client.http.HttpResponseException)
AlreadyExistsException(com.google.api.gax.rpc.AlreadyExistsException)
SocketTimeoutException(java.net.SocketTimeoutException)
RetryableProvisionException(io.cdap.cdap.runtime.spi.provisioner.RetryableProvisionException)
IOException(java.io.IOException)
ApiException(com.google.api.gax.rpc.ApiException)
ExecutionException(java.util.concurrent.ExecutionException)
Firewall(com.google.api.services.compute.model.Firewall)
Aggregations
GoogleNetHttpTransport (com.google.api.client.googleapis.javanet.GoogleNetHttpTransport)1
GoogleJsonResponseException (com.google.api.client.googleapis.json.GoogleJsonResponseException)1
HttpRequest (com.google.api.client.http.HttpRequest)1
HttpRequestInitializer (com.google.api.client.http.HttpRequestInitializer)1
HttpResponseException (com.google.api.client.http.HttpResponseException)1
HttpStatusCodes (com.google.api.client.http.HttpStatusCodes)1
HttpTransport (com.google.api.client.http.HttpTransport)1
JacksonFactory (com.google.api.client.json.jackson2.JacksonFactory)1
CredentialsProvider (com.google.api.gax.core.CredentialsProvider)1
FixedCredentialsProvider (com.google.api.gax.core.FixedCredentialsProvider)1
OperationFuture (com.google.api.gax.longrunning.OperationFuture)1
AlreadyExistsException (com.google.api.gax.rpc.AlreadyExistsException)1
ApiException (com.google.api.gax.rpc.ApiException)1
NotFoundException (com.google.api.gax.rpc.NotFoundException)1
Compute (com.google.api.services.compute.Compute)1
AccessConfig (com.google.api.services.compute.model.AccessConfig)1
Firewall (com.google.api.services.compute.model.Firewall)1
FirewallList (com.google.api.services.compute.model.FirewallList)1
Instance (com.google.api.services.compute.model.Instance)1
Network (com.google.api.services.compute.model.Network)1
