Examples with SecurityGroup software.amazon.awssdk.services.ec2.model.SecurityGroup used on opensource projects

Search in sources :

Example 6 with SecurityGroup

use of software.amazon.awssdk.services.ec2.model.SecurityGroup in project photon-model by vmware.

the class TestAWSSecurityGroupService method testAllocateSecurityGroupUpdate.

/*
     * update an existing security group to the required default ports
     */
@Test
public void testAllocateSecurityGroupUpdate() throws Throwable {
    String groupId = this.client.createDefaultSecurityGroup(null);
    List<IpPermission> rules = new ArrayList<>();
    IpRange ipRange = new IpRange().withCidrIp(DEFAULT_ALLOWED_NETWORK);
    rules.add(new IpPermission().withIpProtocol(DEFAULT_PROTOCOL).withFromPort(22).withToPort(22).withIpv4Ranges(ipRange));
    this.client.addIngressRules(groupId, rules);
    SecurityGroup updatedGroup = this.client.getDefaultSecurityGroup(null);
    validateDefaultRules(updatedGroup.getIpPermissions());
    this.client.deleteSecurityGroup(groupId);
}
Also used : IpRange(com.amazonaws.services.ec2.model.IpRange) ArrayList(java.util.ArrayList) IpPermission(com.amazonaws.services.ec2.model.IpPermission) SecurityGroup(com.amazonaws.services.ec2.model.SecurityGroup) Test(org.junit.Test)

Example 7 with SecurityGroup

use of software.amazon.awssdk.services.ec2.model.SecurityGroup in project photon-model by vmware.

the class AWSUtils method getOrCreateSecurityGroups.

/*
     * method will create new or validate existing security group has the necessary settings for CM
     * to function. It will return the security group id that is required during instance
     * provisioning. for each nicContext element provided, for each of its securityGroupStates,
     * security group is discovered from AWS in case that there are no securityGroupStates, security
     * group ID is obtained from the custom properties in case that none of the above methods
     * discover a security group, the default one is discovered from AWS in case that none of the
     * above method discover a security group, a new security group is created
     */
public static List<String> getOrCreateSecurityGroups(AWSInstanceContext aws, AWSNicContext nicCtx) {
    String groupId;
    SecurityGroup group;
    List<String> groupIds = new ArrayList<>();
    AWSSecurityGroupClient client = new AWSSecurityGroupClient(aws.amazonEC2Client);
    if (nicCtx != null) {
        if (nicCtx.securityGroupStates != null && !nicCtx.securityGroupStates.isEmpty()) {
            List<String> securityGroupNames = nicCtx.securityGroupStates.stream().map(securityGroupState -> securityGroupState.name).collect(Collectors.toList());
            List<SecurityGroup> securityGroups = client.getSecurityGroups(new ArrayList<>(securityGroupNames), nicCtx.vpc.getVpcId());
            for (SecurityGroup securityGroup : securityGroups) {
                groupIds.add(securityGroup.getGroupId());
            }
            return groupIds;
        }
    }
    // use the security group provided in the description properties
    String sgId = getFromCustomProperties(aws.child.description, AWSConstants.AWS_SECURITY_GROUP_ID);
    if (sgId != null) {
        return Arrays.asList(sgId);
    }
    // in case no group is configured in the properties, attempt to discover the default one
    if (nicCtx != null && nicCtx.vpc != null) {
        try {
            group = client.getSecurityGroup(DEFAULT_SECURITY_GROUP_NAME, nicCtx.vpc.getVpcId());
            if (group != null) {
                return Arrays.asList(group.getGroupId());
            }
        } catch (AmazonServiceException t) {
            if (!t.getMessage().contains(DEFAULT_SECURITY_GROUP_NAME)) {
                throw t;
            }
        }
    }
    // if the group doesn't exist an exception is thrown. We won't throw a
    // missing group exception
    // we will continue and create the group
    groupId = createSecurityGroupOnDefaultVPC(aws);
    return Collections.singletonList(groupId);
}
Also used : AmazonCloudWatchAsyncClientBuilder(com.amazonaws.services.cloudwatch.AmazonCloudWatchAsyncClientBuilder) PowerState(com.vmware.photon.controller.model.resources.ComputeService.PowerState) AWSStaticCredentialsProvider(com.amazonaws.auth.AWSStaticCredentialsProvider) Arrays(java.util.Arrays) AmazonS3ClientBuilder(com.amazonaws.services.s3.AmazonS3ClientBuilder) PROVISIONED_SSD_MIN_SIZE_IN_MB(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.PROVISIONED_SSD_MIN_SIZE_IN_MB) AWSCsvBillParser(com.vmware.photon.controller.model.adapters.awsadapter.util.AWSCsvBillParser) DEVICE_NAME(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.DEVICE_NAME) ObjectListing(com.amazonaws.services.s3.model.ObjectListing) INSTANCE_STATE(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.INSTANCE_STATE) AmazonElasticLoadBalancingAsyncClientBuilder(com.amazonaws.services.elasticloadbalancing.AmazonElasticLoadBalancingAsyncClientBuilder) AssumeRoleRequest(com.amazonaws.services.securitytoken.model.AssumeRoleRequest) Utils(com.vmware.xenon.common.Utils) DescribeInstancesRequest(com.amazonaws.services.ec2.model.DescribeInstancesRequest) AWSSecurityTokenServiceException(com.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException) Map(java.util.Map) Credentials(com.amazonaws.services.securitytoken.model.Credentials) EXTERNAL_ID_KEY(com.vmware.photon.controller.model.adapterapi.EndpointConfigRequest.EXTERNAL_ID_KEY) TransferManagerBuilder(com.amazonaws.services.s3.transfer.TransferManagerBuilder) AWSClientManager(com.vmware.photon.controller.model.adapters.awsadapter.util.AWSClientManager) AmazonServiceException(com.amazonaws.AmazonServiceException) AWSAsyncHandler(com.vmware.photon.controller.model.adapters.awsadapter.util.AWSAsyncHandler) StatelessService(com.vmware.xenon.common.StatelessService) Set(java.util.Set) SecurityGroup(com.amazonaws.services.ec2.model.SecurityGroup) AmazonS3Client(com.amazonaws.services.s3.AmazonS3Client) AWSSecurityTokenServiceAsyncClientBuilder(com.amazonaws.services.securitytoken.AWSSecurityTokenServiceAsyncClientBuilder) ResourceOperation(com.vmware.photon.controller.model.adapters.registry.operations.ResourceOperation) AssumeRoleResult(com.amazonaws.services.securitytoken.model.AssumeRoleResult) BackoffStrategy(com.amazonaws.retry.RetryPolicy.BackoffStrategy) Tag(com.amazonaws.services.ec2.model.Tag) DeferredResult(com.vmware.xenon.common.DeferredResult) STATUS_CODE_UNAUTHORIZED(com.vmware.xenon.common.Operation.STATUS_CODE_UNAUTHORIZED) DescribeTagsRequest(com.amazonaws.services.ec2.model.DescribeTagsRequest) ComputeService(com.vmware.photon.controller.model.resources.ComputeService) VOLUME_TYPE_PROVISIONED_SSD(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.VOLUME_TYPE_PROVISIONED_SSD) AWSDeferredResultAsyncHandler(com.vmware.photon.controller.model.adapters.awsadapter.util.AWSDeferredResultAsyncHandler) AmazonClientException(com.amazonaws.AmazonClientException) SESSION_TOKEN_KEY(com.vmware.photon.controller.model.adapterapi.EndpointConfigRequest.SESSION_TOKEN_KEY) OperationContext(com.vmware.xenon.common.OperationContext) InstanceAttributeName(com.amazonaws.services.ec2.model.InstanceAttributeName) ComputeDescriptionService(com.vmware.photon.controller.model.resources.ComputeDescriptionService) InstanceBlockDeviceMappingSpecification(com.amazonaws.services.ec2.model.InstanceBlockDeviceMappingSpecification) INSTANCE_STATE_STOPPING(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.INSTANCE_STATE_STOPPING) ArrayList(java.util.ArrayList) Regions(com.amazonaws.regions.Regions) InstanceStateChange(com.amazonaws.services.ec2.model.InstanceStateChange) ServiceStateCollectionUpdateRequest(com.vmware.xenon.common.ServiceStateCollectionUpdateRequest) UriPaths(com.vmware.photon.controller.model.UriPaths) BiConsumer(java.util.function.BiConsumer) AWSCredentialsProvider(com.amazonaws.auth.AWSCredentialsProvider) Filter(com.amazonaws.services.ec2.model.Filter) InstanceState(com.amazonaws.services.ec2.model.InstanceState) AmazonS3(com.amazonaws.services.s3.AmazonS3) DEVICE_TYPE(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.DEVICE_TYPE) ResourceState(com.vmware.photon.controller.model.resources.ResourceState) STATUS_CODE_FORBIDDEN(com.vmware.xenon.common.Operation.STATUS_CODE_FORBIDDEN) INSTANCE_STATE_RUNNING(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.INSTANCE_STATE_RUNNING) DeleteTagsRequest(com.amazonaws.services.ec2.model.DeleteTagsRequest) Bucket(com.amazonaws.services.s3.model.Bucket) ModifyInstanceAttributeResult(com.amazonaws.services.ec2.model.ModifyInstanceAttributeResult) VOLUME_TYPE_GENERAL_PURPOSED_SSD(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.VOLUME_TYPE_GENERAL_PURPOSED_SSD) ClientConfiguration(com.amazonaws.ClientConfiguration) AsyncHandler(com.amazonaws.handlers.AsyncHandler) AmazonEC2Exception(com.amazonaws.services.ec2.model.AmazonEC2Exception) PROVISIONED_SSD_MAX_SIZE_IN_MB(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.PROVISIONED_SSD_MAX_SIZE_IN_MB) ComputeEnumerateAdapterRequest(com.vmware.photon.controller.model.adapters.util.ComputeEnumerateAdapterRequest) AWSNicContext(com.vmware.photon.controller.model.adapters.awsadapter.AWSInstanceContext.AWSNicContext) PhotonModelUriUtils.createInventoryUri(com.vmware.photon.controller.model.util.PhotonModelUriUtils.createInventoryUri) RetryPolicy(com.amazonaws.retry.RetryPolicy) AmazonEC2AsyncClient(com.amazonaws.services.ec2.AmazonEC2AsyncClient) Service(com.vmware.xenon.common.Service) AWSSecurityTokenServiceAsync(com.amazonaws.services.securitytoken.AWSSecurityTokenServiceAsync) AuthCredentialsServiceState(com.vmware.xenon.services.common.AuthCredentialsService.AuthCredentialsServiceState) Pair(com.vmware.photon.controller.model.adapters.util.Pair) DEFAULT_BACKOFF_STRATEGY(com.amazonaws.retry.PredefinedRetryPolicies.DEFAULT_BACKOFF_STRATEGY) INSTANCE_STATE_SHUTTING_DOWN(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.INSTANCE_STATE_SHUTTING_DOWN) Date(java.util.Date) AwsClientBuilder(com.amazonaws.client.builder.AwsClientBuilder) AmazonEC2AsyncClientBuilder(com.amazonaws.services.ec2.AmazonEC2AsyncClientBuilder) CreateTagsRequest(com.amazonaws.services.ec2.model.CreateTagsRequest) EbsInstanceBlockDeviceSpecification(com.amazonaws.services.ec2.model.EbsInstanceBlockDeviceSpecification) DescribeAvailabilityZonesRequest(com.amazonaws.services.ec2.model.DescribeAvailabilityZonesRequest) DEFAULT_SECURITY_GROUP_NAME(com.vmware.photon.controller.model.adapters.awsadapter.util.AWSSecurityGroupClient.DEFAULT_SECURITY_GROUP_NAME) Collection(java.util.Collection) DescribeInstancesResult(com.amazonaws.services.ec2.model.DescribeInstancesResult) UUID(java.util.UUID) INSTANCE_STATE_PENDING(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.INSTANCE_STATE_PENDING) Collectors(java.util.stream.Collectors) ServiceHost(com.vmware.xenon.common.ServiceHost) VOLUME_TYPE(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.VOLUME_TYPE) DEFAULT_RETRY_CONDITION(com.amazonaws.retry.PredefinedRetryPolicies.DEFAULT_RETRY_CONDITION) Objects(java.util.Objects) AmazonElasticLoadBalancingAsyncClient(com.amazonaws.services.elasticloadbalancing.AmazonElasticLoadBalancingAsyncClient) List(java.util.List) Optional(java.util.Optional) AWS_MOCK_HOST_SYSTEM_PROPERTY(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.AWS_MOCK_HOST_SYSTEM_PROPERTY) DiskService(com.vmware.photon.controller.model.resources.DiskService) TransferManager(com.amazonaws.services.s3.transfer.TransferManager) DescribeAvailabilityZonesResult(com.amazonaws.services.ec2.model.DescribeAvailabilityZonesResult) AmazonCloudWatchAsyncClient(com.amazonaws.services.cloudwatch.AmazonCloudWatchAsyncClient) HashMap(java.util.HashMap) SESSION_EXPIRATION_TIME_MICROS_KEY(com.vmware.photon.controller.model.adapterapi.EndpointConfigRequest.SESSION_EXPIRATION_TIME_MICROS_KEY) DeleteSecurityGroupResult(com.amazonaws.services.ec2.model.DeleteSecurityGroupResult) Level(java.util.logging.Level) BasicSessionCredentials(com.amazonaws.auth.BasicSessionCredentials) Datapoint(com.amazonaws.services.cloudwatch.model.Datapoint) AWSSecurityGroupClient(com.vmware.photon.controller.model.adapters.awsadapter.util.AWSSecurityGroupClient) DescribeVpcsResult(com.amazonaws.services.ec2.model.DescribeVpcsResult) INSTANCE_STATE_STOPPED(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.INSTANCE_STATE_STOPPED) CollectionUtils(org.apache.commons.collections.CollectionUtils) AWS_S3PROXY_SYSTEM_PROPERTY(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.AWS_S3PROXY_SYSTEM_PROPERTY) Instance(com.amazonaws.services.ec2.model.Instance) TagDescription(com.amazonaws.services.ec2.model.TagDescription) ExecutorService(java.util.concurrent.ExecutorService) AmazonWebServiceRequest(com.amazonaws.AmazonWebServiceRequest) BasicAWSCredentials(com.amazonaws.auth.BasicAWSCredentials) AWS_TAG_NAME(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.AWS_TAG_NAME) Vpc(com.amazonaws.services.ec2.model.Vpc) EncryptionUtils(com.vmware.photon.controller.model.security.util.EncryptionUtils) Operation(com.vmware.xenon.common.Operation) DeleteSecurityGroupRequest(com.amazonaws.services.ec2.model.DeleteSecurityGroupRequest) TimeUnit(java.util.concurrent.TimeUnit) Consumer(java.util.function.Consumer) DescribeTagsResult(com.amazonaws.services.ec2.model.DescribeTagsResult) ModifyInstanceAttributeRequest(com.amazonaws.services.ec2.model.ModifyInstanceAttributeRequest) ARN_KEY(com.vmware.photon.controller.model.adapterapi.EndpointConfigRequest.ARN_KEY) Collections(java.util.Collections) AWSSecurityGroupClient(com.vmware.photon.controller.model.adapters.awsadapter.util.AWSSecurityGroupClient) ArrayList(java.util.ArrayList) AmazonServiceException(com.amazonaws.AmazonServiceException) SecurityGroup(com.amazonaws.services.ec2.model.SecurityGroup)

Example 8 with SecurityGroup

use of software.amazon.awssdk.services.ec2.model.SecurityGroup in project photon-model by vmware.

the class AWSComputeDiskDay2ServiceTest method assertAndSetVMSecurityGroupsToBeDeleted.

private void assertAndSetVMSecurityGroupsToBeDeleted(Instance instance, ComputeState vm) {
    // This assert is only suitable for real (non-mocking env).
    if (this.isMock) {
        return;
    }
    this.host.log(Level.INFO, "%s: Assert security groups configuration for [%s] VM", this.currentTestName.getMethodName(), this.vmState.name);
    // Get the SecurityGroupStates that were provided in the request ComputeState
    Collector<SecurityGroupService.SecurityGroupState, ?, Map<String, SecurityGroupService.SecurityGroupState>> convertToMap = Collectors.<SecurityGroupService.SecurityGroupState, String, SecurityGroupService.SecurityGroupState>toMap(sg -> sg.name, sg -> sg);
    Map<String, SecurityGroupService.SecurityGroupState> currentSGNamesToStates = vm.networkInterfaceLinks.stream().map(nicLink -> this.host.getServiceState(null, NetworkInterfaceService.NetworkInterfaceState.class, UriUtils.buildUri(this.host, nicLink))).<// collect all SecurityGroup States from all NIC states
    SecurityGroupService.SecurityGroupState>flatMap(nicState -> nicState.securityGroupLinks.stream().map(sgLink -> {
        SecurityGroupService.SecurityGroupState sgState = this.host.getServiceState(null, SecurityGroupService.SecurityGroupState.class, UriUtils.buildUri(this.host, sgLink));
        return sgState;
    })).collect(convertToMap);
    // Compare ComputeState after provisioning to the ComputeState in the request
    assertNotNull("Instance should have security groups attached.", instance.getSecurityGroups());
    // Provisioned Instance should have the same number of SecurityGroups as requested
    assertEquals(instance.getSecurityGroups().size(), currentSGNamesToStates.size());
    for (SecurityGroupService.SecurityGroupState currentSGState : currentSGNamesToStates.values()) {
        // Get corresponding requested state
        GroupIdentifier provisionedGroupIdentifier = null;
        for (GroupIdentifier awsGroupIdentifier : instance.getSecurityGroups()) {
            if (awsGroupIdentifier.getGroupId().equals(currentSGState.id)) {
                provisionedGroupIdentifier = awsGroupIdentifier;
                break;
            }
        }
        // Ensure that the requested SecurityGroup was actually provisioned
        assertNotNull(provisionedGroupIdentifier);
        if (currentSGState.name.contains(TestAWSSetupUtils.AWS_NEW_GROUP_PREFIX)) {
            this.sgToCleanUp = currentSGState.id;
            SecurityGroup awsSecurityGroup = getSecurityGroupsIdUsingEC2Client(this.client, provisionedGroupIdentifier.getGroupId());
            assertNotNull(awsSecurityGroup);
            // Validate rules are correctly created as requested
            IpPermission awsIngressRule = awsSecurityGroup.getIpPermissions().get(0);
            IpPermission awsEgressRule = awsSecurityGroup.getIpPermissionsEgress().get(1);
            assertNotNull(awsIngressRule);
            assertNotNull(awsEgressRule);
            assertEquals("Error in created ingress rule", awsIngressRule.getIpProtocol(), currentSGState.ingress.get(0).protocol);
            assertEquals("Error in created ingress rule", awsIngressRule.getIpv4Ranges().get(0).getCidrIp(), currentSGState.ingress.get(0).ipRangeCidr);
            assertEquals("Error in created egress rule", awsEgressRule.getIpProtocol(), currentSGState.egress.get(0).protocol);
            assertEquals("Error in created egress rule", awsEgressRule.getIpv4Ranges().get(0).getCidrIp(), currentSGState.egress.get(0).ipRangeCidr);
        }
    }
}
Also used : Arrays(java.util.Arrays) ProvisionComputeTaskService(com.vmware.photon.controller.model.tasks.ProvisionComputeTaskService) TestAWSSetupUtils.createAWSComputeHost(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSComputeHost) ServiceMetadata(com.vmware.photon.controller.model.util.StartServicesHelper.ServiceMetadata) PhotonModelServices(com.vmware.photon.controller.model.PhotonModelServices) VerificationHost(com.vmware.xenon.common.test.VerificationHost) TestAWSSetupUtils.createAWSResourcePool(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSResourcePool) TestAWSSetupUtils.tearDownTestVpc(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.tearDownTestVpc) DEVICE_NAME(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.DEVICE_NAME) TestAWSSetupUtils.setUpTestVpc(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.setUpTestVpc) ResourceOperationRequest(com.vmware.photon.controller.model.adapters.registry.operations.ResourceOperationRequest) CommandLineArgumentParser(com.vmware.xenon.common.CommandLineArgumentParser) Utils(com.vmware.xenon.common.Utils) TaskFactoryService(com.vmware.xenon.services.common.TaskFactoryService) StartServicesHelper(com.vmware.photon.controller.model.util.StartServicesHelper) Gson(com.google.gson.Gson) AWSBlockDeviceNameMapper(com.vmware.photon.controller.model.adapters.awsadapter.util.AWSBlockDeviceNameMapper) TestAWSSetupUtils.verifyRemovalOfResourceState(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.verifyRemovalOfResourceState) Duration(java.time.Duration) Map(java.util.Map) GroupIdentifier(com.amazonaws.services.ec2.model.GroupIdentifier) After(org.junit.After) ResourcePoolService(com.vmware.photon.controller.model.resources.ResourcePoolService) TestUtils.getExecutor(com.vmware.photon.controller.model.adapters.awsadapter.TestUtils.getExecutor) ProvisionDiskTaskService(com.vmware.photon.controller.model.tasks.ProvisionDiskTaskService) ServiceDocumentQueryResult(com.vmware.xenon.common.ServiceDocumentQueryResult) Collector(java.util.stream.Collector) ProvisioningUtils(com.vmware.photon.controller.model.tasks.ProvisioningUtils) EndpointState(com.vmware.photon.controller.model.resources.EndpointService.EndpointState) TestRequestSender(com.vmware.xenon.common.test.TestRequestSender) AWS_VM_REQUEST_TIMEOUT_MINUTES(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.AWS_VM_REQUEST_TIMEOUT_MINUTES) ResourceOperationResponse(com.vmware.photon.controller.model.adapterapi.ResourceOperationResponse) TestUtils(com.vmware.photon.controller.model.tasks.TestUtils) DiskState(com.vmware.photon.controller.model.resources.DiskService.DiskState) CompletionException(java.util.concurrent.CompletionException) SecurityGroup(com.amazonaws.services.ec2.model.SecurityGroup) Collectors(java.util.stream.Collectors) TestAWSSetupUtils.getResourceState(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.getResourceState) TestAWSSetupUtils.avalabilityZoneIdentifier(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.avalabilityZoneIdentifier) TestAWSSetupUtils.getSecurityGroupsIdUsingEC2Client(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.getSecurityGroupsIdUsingEC2Client) List(java.util.List) TestAWSSetupUtils.getAwsDisksByIds(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.getAwsDisksByIds) NetworkInterfaceService(com.vmware.photon.controller.model.resources.NetworkInterfaceService) AWSSupportedOS(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.AWSSupportedOS) ResourceOperation(com.vmware.photon.controller.model.adapters.registry.operations.ResourceOperation) UriUtils(com.vmware.xenon.common.UriUtils) TaskState(com.vmware.xenon.common.TaskState) FactoryService(com.vmware.xenon.common.FactoryService) DiskService(com.vmware.photon.controller.model.resources.DiskService) TaskService(com.vmware.xenon.services.common.TaskService) ServiceMetadata.factoryService(com.vmware.photon.controller.model.util.StartServicesHelper.ServiceMetadata.factoryService) TestAWSSetupUtils.deleteSecurityGroupUsingEC2Client(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.deleteSecurityGroupUsingEC2Client) PhotonModelMetricServices(com.vmware.photon.controller.model.PhotonModelMetricServices) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) Level(java.util.logging.Level) TestAWSSetupUtils.getAwsInstancesByIds(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.getAwsInstancesByIds) AuthCredentialsService(com.vmware.xenon.services.common.AuthCredentialsService) UriPaths(com.vmware.photon.controller.model.UriPaths) TestProvisionAWSDisk.createAWSDiskState(com.vmware.photon.controller.model.adapters.awsadapter.TestProvisionAWSDisk.createAWSDiskState) ComputeState(com.vmware.photon.controller.model.resources.ComputeService.ComputeState) TestName(org.junit.rules.TestName) Volume(com.amazonaws.services.ec2.model.Volume) PLACEMENT_LINK(com.vmware.photon.controller.model.ComputeProperties.PLACEMENT_LINK) DEVICE_TYPE(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.DEVICE_TYPE) Instance(com.amazonaws.services.ec2.model.Instance) Before(org.junit.Before) TestAWSSetupUtils.createAWSAuthentication(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSAuthentication) PhotonModelTaskServices(com.vmware.photon.controller.model.tasks.PhotonModelTaskServices) Assert.assertNotNull(org.junit.Assert.assertNotNull) AWSStorageType(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.AWSStorageType) Operation(com.vmware.xenon.common.Operation) SecurityGroupService(com.vmware.photon.controller.model.resources.SecurityGroupService) Assert.assertTrue(org.junit.Assert.assertTrue) Test(org.junit.Test) AWSSupportedVirtualizationTypes(com.vmware.photon.controller.model.adapters.awsadapter.AWSConstants.AWSSupportedVirtualizationTypes) TimeUnit(java.util.concurrent.TimeUnit) TestAWSSetupUtils.createAWSVMResource(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSVMResource) Rule(org.junit.Rule) TestContext(com.vmware.xenon.common.test.TestContext) PhotonModelAdaptersRegistryAdapters(com.vmware.photon.controller.model.adapters.registry.PhotonModelAdaptersRegistryAdapters) PhotonModelConstants(com.vmware.photon.controller.model.constants.PhotonModelConstants) TestAWSSetupUtils.regionId(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.regionId) TestAWSSetupUtils.setAwsClientMockInfo(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.setAwsClientMockInfo) IpPermission(com.amazonaws.services.ec2.model.IpPermission) Collections(java.util.Collections) Assert.assertEquals(org.junit.Assert.assertEquals) AmazonEC2AsyncClient(com.amazonaws.services.ec2.AmazonEC2AsyncClient) IpPermission(com.amazonaws.services.ec2.model.IpPermission) SecurityGroupService(com.vmware.photon.controller.model.resources.SecurityGroupService) SecurityGroup(com.amazonaws.services.ec2.model.SecurityGroup) Map(java.util.Map) HashMap(java.util.HashMap) GroupIdentifier(com.amazonaws.services.ec2.model.GroupIdentifier)

Example 9 with SecurityGroup

use of software.amazon.awssdk.services.ec2.model.SecurityGroup in project photon-model by vmware.

the class AWSLoadBalancerServiceTest method testCreateUpdateDeleteLoadBalancer.

@Test
public void testCreateUpdateDeleteLoadBalancer() throws Throwable {
    // set name with invalid characters and more than 32 characters
    this.lbName = generateLbName() + "-1234567890-1234567890-1234567890_;.,/";
    LoadBalancerState lb = createLoadBalancerState(this.lbName);
    // Provision load balancer
    kickOffLoadBalancerProvision(InstanceRequestType.CREATE, lb.documentSelfLink, TaskStage.FINISHED);
    lb = getServiceSynchronously(lb.documentSelfLink, LoadBalancerState.class);
    this.lbName = lb.name;
    if (!this.isMock) {
        assertNotNull(lb.securityGroupLinks);
        String securityGroupDocumentSelfLink = lb.securityGroupLinks.iterator().next();
        assertNotNull(securityGroupDocumentSelfLink);
        SecurityGroupState sgs = getServiceSynchronously(securityGroupDocumentSelfLink, SecurityGroupState.class);
        this.sgId = sgs.id;
        LoadBalancerDescription awsLoadBalancer = getAwsLoadBalancer(this.lbName);
        assertNotNull(awsLoadBalancer);
        assertEquals(awsLoadBalancer.getDNSName(), lb.address);
        assertEquals("internet-facing", awsLoadBalancer.getScheme());
        assertEquals(1, awsLoadBalancer.getInstances().size());
        List<ListenerDescription> listeners = awsLoadBalancer.getListenerDescriptions();
        assertEquals(2, listeners.size());
        verifyListeners(lb.routes, listeners);
        verifyHealthCheckConfiguration(lb.routes.get(0), awsLoadBalancer.getHealthCheck());
        SecurityGroup securityGroup = getAwsSecurityGroup(sgs.id);
        assertNotNull(securityGroup);
        String lbSecGroupId = awsLoadBalancer.getSecurityGroups().stream().findFirst().orElse(null);
        assertEquals(securityGroup.getGroupId(), lbSecGroupId);
    }
    // Update load balancer from 1 machines to 2 to simulate scale-out
    if (!this.isMock) {
        lb.computeLinks = new HashSet<>(Arrays.asList(this.cs1.documentSelfLink, this.cs2.documentSelfLink));
        putServiceSynchronously(lb.documentSelfLink, lb);
    }
    kickOffLoadBalancerProvision(InstanceRequestType.UPDATE, lb.documentSelfLink, TaskStage.FINISHED);
    if (!this.isMock) {
        LoadBalancerDescription awsLoadBalancer = getAwsLoadBalancer(this.lbName);
        assertNotNull(awsLoadBalancer);
        assertEquals(2, awsLoadBalancer.getInstances().size());
        // Update load balancer from 2 machines to 1 to simulate scale-in
        lb.computeLinks = Collections.singleton(this.cs1.documentSelfLink);
        putServiceSynchronously(lb.documentSelfLink, lb);
        kickOffLoadBalancerProvision(InstanceRequestType.UPDATE, lb.documentSelfLink, TaskStage.FINISHED);
        awsLoadBalancer = getAwsLoadBalancer(this.lbName);
        assertNotNull(awsLoadBalancer);
        assertEquals(1, awsLoadBalancer.getInstances().size());
    }
    kickOffLoadBalancerProvision(InstanceRequestType.DELETE, lb.documentSelfLink, TaskStage.FINISHED);
    if (!this.isMock) {
        assertNull(getAwsLoadBalancer(this.lbName));
        assertNull(getAwsSecurityGroup(this.sgId));
    }
    this.lbName = null;
    this.sgId = null;
}
Also used : ListenerDescription(com.amazonaws.services.elasticloadbalancing.model.ListenerDescription) SecurityGroupState(com.vmware.photon.controller.model.resources.SecurityGroupService.SecurityGroupState) SecurityGroup(com.amazonaws.services.ec2.model.SecurityGroup) LoadBalancerDescription(com.amazonaws.services.elasticloadbalancing.model.LoadBalancerDescription) LoadBalancerState(com.vmware.photon.controller.model.resources.LoadBalancerService.LoadBalancerState) BaseModelTest(com.vmware.photon.controller.model.helpers.BaseModelTest) Test(org.junit.Test)

Example 10 with SecurityGroup

use of software.amazon.awssdk.services.ec2.model.SecurityGroup in project photon-model by vmware.

the class AWSRebootServiceTest method assertAndSetVMSecurityGroupsToBeDeleted.

private void assertAndSetVMSecurityGroupsToBeDeleted(Instance instance, ComputeState vm) {
    // This assert is only suitable for real (non-mocking env).
    if (this.isMock) {
        return;
    }
    this.host.log(Level.INFO, "%s: Assert security groups configuration for [%s] VM", this.currentTestName.getMethodName(), this.vmState.name);
    // Get the SecurityGroupStates that were provided in the request ComputeState
    Collector<SecurityGroupState, ?, Map<String, SecurityGroupState>> convertToMap = Collectors.<SecurityGroupState, String, SecurityGroupState>toMap(sg -> sg.name, sg -> sg);
    Map<String, SecurityGroupState> currentSGNamesToStates = vm.networkInterfaceLinks.stream().map(nicLink -> this.host.getServiceState(null, NetworkInterfaceState.class, UriUtils.buildUri(this.host, nicLink))).<// collect all SecurityGroup States from all NIC states
    SecurityGroupState>flatMap(nicState -> nicState.securityGroupLinks.stream().map(sgLink -> {
        SecurityGroupState sgState = this.host.getServiceState(null, SecurityGroupState.class, UriUtils.buildUri(this.host, sgLink));
        return sgState;
    })).collect(convertToMap);
    // Compare ComputeState after provisioning to the ComputeState in the request
    assertNotNull("Instance should have security groups attached.", instance.getSecurityGroups());
    // Provisioned Instance should have the same number of SecurityGroups as requested
    assertEquals(instance.getSecurityGroups().size(), currentSGNamesToStates.size());
    for (SecurityGroupState currentSGState : currentSGNamesToStates.values()) {
        // Get corresponding requested state
        GroupIdentifier provisionedGroupIdentifier = null;
        for (GroupIdentifier awsGroupIdentifier : instance.getSecurityGroups()) {
            if (awsGroupIdentifier.getGroupId().equals(currentSGState.id)) {
                provisionedGroupIdentifier = awsGroupIdentifier;
                break;
            }
        }
        // Ensure that the requested SecurityGroup was actually provisioned
        assertNotNull(provisionedGroupIdentifier);
        if (currentSGState.name.contains(TestAWSSetupUtils.AWS_NEW_GROUP_PREFIX)) {
            this.sgToCleanUp = currentSGState.id;
            SecurityGroup awsSecurityGroup = getSecurityGroupsIdUsingEC2Client(this.client, provisionedGroupIdentifier.getGroupId());
            assertNotNull(awsSecurityGroup);
            // Validate rules are correctly created as requested
            IpPermission awsIngressRule = awsSecurityGroup.getIpPermissions().get(0);
            IpPermission awsEgressRule = awsSecurityGroup.getIpPermissionsEgress().get(1);
            assertNotNull(awsIngressRule);
            assertNotNull(awsEgressRule);
            assertEquals("Error in created ingress rule", awsIngressRule.getIpProtocol(), currentSGState.ingress.get(0).protocol);
            assertEquals("Error in created ingress rule", awsIngressRule.getIpv4Ranges().get(0).getCidrIp(), currentSGState.ingress.get(0).ipRangeCidr);
            assertEquals("Error in created egress rule", awsEgressRule.getIpProtocol(), currentSGState.egress.get(0).protocol);
            assertEquals("Error in created egress rule", awsEgressRule.getIpv4Ranges().get(0).getCidrIp(), currentSGState.egress.get(0).ipRangeCidr);
        }
    }
}
Also used : Service(com.vmware.xenon.common.Service) AuthCredentialsServiceState(com.vmware.xenon.services.common.AuthCredentialsService.AuthCredentialsServiceState) ProvisionComputeTaskService(com.vmware.photon.controller.model.tasks.ProvisionComputeTaskService) TestAWSSetupUtils.createAWSComputeHost(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSComputeHost) PhotonModelServices(com.vmware.photon.controller.model.PhotonModelServices) VerificationHost(com.vmware.xenon.common.test.VerificationHost) TestAWSSetupUtils.createAWSResourcePool(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSResourcePool) TestAWSSetupUtils.tearDownTestVpc(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.tearDownTestVpc) TestAWSSetupUtils.setUpTestVpc(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.setUpTestVpc) ResourceOperationRequest(com.vmware.photon.controller.model.adapters.registry.operations.ResourceOperationRequest) CommandLineArgumentParser(com.vmware.xenon.common.CommandLineArgumentParser) Utils(com.vmware.xenon.common.Utils) TestAWSSetupUtils.verifyRemovalOfResourceState(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.verifyRemovalOfResourceState) Map(java.util.Map) GroupIdentifier(com.amazonaws.services.ec2.model.GroupIdentifier) After(org.junit.After) TestUtils.getExecutor(com.vmware.photon.controller.model.adapters.awsadapter.TestUtils.getExecutor) Collector(java.util.stream.Collector) ProvisioningUtils(com.vmware.photon.controller.model.tasks.ProvisioningUtils) AwsNicSpecs(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.AwsNicSpecs) EndpointState(com.vmware.photon.controller.model.resources.EndpointService.EndpointState) NetworkInterfaceState(com.vmware.photon.controller.model.resources.NetworkInterfaceService.NetworkInterfaceState) StatelessService(com.vmware.xenon.common.StatelessService) AWS_VM_REQUEST_TIMEOUT_MINUTES(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.AWS_VM_REQUEST_TIMEOUT_MINUTES) ResourceOperationResponse(com.vmware.photon.controller.model.adapterapi.ResourceOperationResponse) TestUtils(com.vmware.photon.controller.model.tasks.TestUtils) UUID(java.util.UUID) SecurityGroup(com.amazonaws.services.ec2.model.SecurityGroup) Collectors(java.util.stream.Collectors) TestAWSSetupUtils.getSecurityGroupsIdUsingEC2Client(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.getSecurityGroupsIdUsingEC2Client) List(java.util.List) ResourceOperation(com.vmware.photon.controller.model.adapters.registry.operations.ResourceOperation) UriUtils(com.vmware.xenon.common.UriUtils) ComputeService(com.vmware.photon.controller.model.resources.ComputeService) TaskState(com.vmware.xenon.common.TaskState) TestAWSSetupUtils.deleteSecurityGroupUsingEC2Client(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.deleteSecurityGroupUsingEC2Client) PhotonModelMetricServices(com.vmware.photon.controller.model.PhotonModelMetricServices) ResourcePoolState(com.vmware.photon.controller.model.resources.ResourcePoolService.ResourcePoolState) HashMap(java.util.HashMap) TestAWSSetupUtils.zoneId(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.zoneId) Function(java.util.function.Function) ProvisionComputeTaskState(com.vmware.photon.controller.model.tasks.ProvisionComputeTaskService.ProvisionComputeTaskState) ArrayList(java.util.ArrayList) Level(java.util.logging.Level) SecurityGroupState(com.vmware.photon.controller.model.resources.SecurityGroupService.SecurityGroupState) TestAWSSetupUtils.getAwsInstancesByIds(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.getAwsInstancesByIds) ComputeState(com.vmware.photon.controller.model.resources.ComputeService.ComputeState) TestName(org.junit.rules.TestName) Instance(com.amazonaws.services.ec2.model.Instance) Before(org.junit.Before) TestAWSSetupUtils.createAWSAuthentication(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSAuthentication) PhotonModelTaskServices(com.vmware.photon.controller.model.tasks.PhotonModelTaskServices) Assert.assertNotNull(org.junit.Assert.assertNotNull) Operation(com.vmware.xenon.common.Operation) TestAWSSetupUtils.getCompute(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.getCompute) Test(org.junit.Test) TimeUnit(java.util.concurrent.TimeUnit) TestAWSSetupUtils.createAWSVMResource(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.createAWSVMResource) Rule(org.junit.Rule) TestContext(com.vmware.xenon.common.test.TestContext) PhotonModelAdaptersRegistryAdapters(com.vmware.photon.controller.model.adapters.registry.PhotonModelAdaptersRegistryAdapters) TestAWSSetupUtils.regionId(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.regionId) TestAWSSetupUtils.setAwsClientMockInfo(com.vmware.photon.controller.model.adapters.awsadapter.TestAWSSetupUtils.setAwsClientMockInfo) IpPermission(com.amazonaws.services.ec2.model.IpPermission) Collections(java.util.Collections) Assert.assertEquals(org.junit.Assert.assertEquals) AmazonEC2AsyncClient(com.amazonaws.services.ec2.AmazonEC2AsyncClient) NetworkInterfaceState(com.vmware.photon.controller.model.resources.NetworkInterfaceService.NetworkInterfaceState) SecurityGroupState(com.vmware.photon.controller.model.resources.SecurityGroupService.SecurityGroupState) IpPermission(com.amazonaws.services.ec2.model.IpPermission) SecurityGroup(com.amazonaws.services.ec2.model.SecurityGroup) Map(java.util.Map) HashMap(java.util.HashMap) GroupIdentifier(com.amazonaws.services.ec2.model.GroupIdentifier)

Aggregations

SecurityGroup (com.amazonaws.services.ec2.model.SecurityGroup)31 DescribeSecurityGroupsResult (com.amazonaws.services.ec2.model.DescribeSecurityGroupsResult)12 DescribeSecurityGroupsRequest (com.amazonaws.services.ec2.model.DescribeSecurityGroupsRequest)11 Test (org.junit.Test)10 IpPermission (com.amazonaws.services.ec2.model.IpPermission)9 ArrayList (java.util.ArrayList)8 Instance (com.amazonaws.services.ec2.model.Instance)7 HashMap (java.util.HashMap)7 AmazonEC2AsyncClient (com.amazonaws.services.ec2.AmazonEC2AsyncClient)6 SecurityGroupState (com.vmware.photon.controller.model.resources.SecurityGroupService.SecurityGroupState)6 Operation (com.vmware.xenon.common.Operation)6 Utils (com.vmware.xenon.common.Utils)6 Map (java.util.Map)6 Filter (com.amazonaws.services.ec2.model.Filter)5 Collections (java.util.Collections)5 List (java.util.List)5 TimeUnit (java.util.concurrent.TimeUnit)5 Level (java.util.logging.Level)5 Collectors (java.util.stream.Collectors)5 Before (org.junit.Before)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial