Updated Branches: refs/heads/master a906f9f4e -> 5f524ee6c
http://git-wip-us.apache.org/repos/asf/incubator-jclouds/blob/5f524ee6/providers/aws-ec2/src/main/java/org/jclouds/aws/ec2/compute/extensions/AWSEC2SecurityGroupExtension.java ---------------------------------------------------------------------- diff --git a/providers/aws-ec2/src/main/java/org/jclouds/aws/ec2/compute/extensions/AWSEC2SecurityGroupExtension.java b/providers/aws-ec2/src/main/java/org/jclouds/aws/ec2/compute/extensions/AWSEC2SecurityGroupExtension.java new file mode 100644 index 0000000..c0e21f0 --- /dev/null +++ b/providers/aws-ec2/src/main/java/org/jclouds/aws/ec2/compute/extensions/AWSEC2SecurityGroupExtension.java @@ -0,0 +1,177 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.jclouds.aws.ec2.compute.extensions; + +import static com.google.common.base.Preconditions.checkNotNull; +import static com.google.common.base.Predicates.equalTo; +import static com.google.common.base.Predicates.not; +import static com.google.common.base.Predicates.notNull; +import static com.google.common.collect.Iterables.concat; +import static com.google.common.collect.Iterables.filter; +import static com.google.common.collect.Iterables.getOnlyElement; +import static com.google.common.collect.Iterables.toArray; +import static com.google.common.collect.Iterables.transform; + +import java.util.NoSuchElementException; +import java.util.Set; +import java.util.concurrent.ConcurrentMap; + +import javax.inject.Inject; +import javax.inject.Named; +import javax.inject.Provider; + +import org.jclouds.Constants; +import org.jclouds.aws.ec2.AWSEC2Client; +import org.jclouds.aws.util.AWSUtils; +import org.jclouds.collect.Memoized; +import org.jclouds.compute.domain.SecurityGroup; +import org.jclouds.compute.domain.SecurityGroupBuilder; +import org.jclouds.compute.extensions.SecurityGroupExtension; +import org.jclouds.compute.functions.GroupNamingConvention; +import org.jclouds.compute.functions.GroupNamingConvention.Factory; +import org.jclouds.domain.Location; +import org.jclouds.ec2.compute.domain.RegionAndName; +import org.jclouds.ec2.compute.domain.RegionNameAndIngressRules; +import org.jclouds.ec2.compute.extensions.EC2SecurityGroupExtension; +import org.jclouds.ec2.domain.RunningInstance; +import org.jclouds.ec2.domain.UserIdGroupPair; +import org.jclouds.location.Region; +import org.jclouds.net.domain.IpPermission; +import org.jclouds.net.domain.IpProtocol; + +import com.google.common.base.Function; +import com.google.common.base.Predicate; +import com.google.common.base.Supplier; +import com.google.common.cache.LoadingCache; +import com.google.common.collect.ImmutableSet; +import com.google.common.collect.Iterables; +import com.google.common.collect.Multimap; +import com.google.common.collect.Sets; +import com.google.common.util.concurrent.ListenableFuture; +import com.google.common.util.concurrent.ListeningExecutorService; +import com.google.common.util.concurrent.UncheckedTimeoutException; + +/** + * An extension to compute service to allow for the manipulation of {@link SecurityGroup}s. Implementation + * is optional by providers. + * + * @author Andrew Bayer + */ +public class AWSEC2SecurityGroupExtension extends EC2SecurityGroupExtension { + protected final AWSEC2Client client; + + @Inject + public AWSEC2SecurityGroupExtension(AWSEC2Client client, + @Named(Constants.PROPERTY_USER_THREADS) ListeningExecutorService userExecutor, + @Region Supplier<Set<String>> regions, + Function<org.jclouds.ec2.domain.SecurityGroup, SecurityGroup> groupConverter, + @Memoized Supplier<Set<? extends Location>> locations, + @Named("SECURITY") LoadingCache<RegionAndName, String> groupCreator, + GroupNamingConvention.Factory namingConvention) { + super(client, userExecutor, regions, groupConverter, locations, groupCreator, namingConvention); + this.client = checkNotNull(client, "client"); + } + + + @Override + public SecurityGroup addIpPermission(IpPermission ipPermission, SecurityGroup group) { + + String region = AWSUtils.getRegionFromLocationOrNull(group.getLocation()); + String name = group.getName(); + + client.getSecurityGroupServices().authorizeSecurityGroupIngressInRegion(region, name, ipPermission); + + return getSecurityGroupById(new RegionAndName(region, group.getName()).slashEncode()); + } + + @Override + public SecurityGroup addIpPermission(IpProtocol protocol, int startPort, int endPort, + Multimap<String, String> tenantIdGroupNamePairs, + Iterable<String> ipRanges, + Iterable<String> groupIds, SecurityGroup group) { + String region = AWSUtils.getRegionFromLocationOrNull(group.getLocation()); + String name = group.getName(); + + IpPermission.Builder builder = IpPermission.builder(); + + builder.ipProtocol(protocol); + builder.fromPort(startPort); + builder.toPort(endPort); + + if (Iterables.size(ipRanges) > 0) { + for (String cidr : ipRanges) { + builder.cidrBlock(cidr); + } + } + + if (tenantIdGroupNamePairs.size() > 0) { + for (String userId : tenantIdGroupNamePairs.keySet()) { + for (String groupName : tenantIdGroupNamePairs.get(userId)) { + builder.tenantIdGroupNamePair(userId, groupName); + } + } + } + + client.getSecurityGroupServices().authorizeSecurityGroupIngressInRegion(region, name, builder.build()); + + return getSecurityGroupById(new RegionAndName(region, group.getName()).slashEncode()); + } + + @Override + public SecurityGroup removeIpPermission(IpPermission ipPermission, SecurityGroup group) { + String region = AWSUtils.getRegionFromLocationOrNull(group.getLocation()); + String name = group.getName(); + + client.getSecurityGroupServices().revokeSecurityGroupIngressInRegion(region, name, ipPermission); + + return getSecurityGroupById(new RegionAndName(region, group.getName()).slashEncode()); + } + + @Override + public SecurityGroup removeIpPermission(IpProtocol protocol, int startPort, int endPort, + Multimap<String, String> tenantIdGroupNamePairs, + Iterable<String> ipRanges, + Iterable<String> groupIds, SecurityGroup group) { + String region = AWSUtils.getRegionFromLocationOrNull(group.getLocation()); + String name = group.getName(); + + + IpPermission.Builder builder = IpPermission.builder(); + + builder.ipProtocol(protocol); + builder.fromPort(startPort); + builder.toPort(endPort); + + if (Iterables.size(ipRanges) > 0) { + for (String cidr : ipRanges) { + builder.cidrBlock(cidr); + } + } + + if (tenantIdGroupNamePairs.size() > 0) { + for (String userId : tenantIdGroupNamePairs.keySet()) { + for (String groupName : tenantIdGroupNamePairs.get(userId)) { + builder.tenantIdGroupNamePair(userId, groupName); + } + } + } + + client.getSecurityGroupServices().revokeSecurityGroupIngressInRegion(region, name, builder.build()); + + return getSecurityGroupById(new RegionAndName(region, group.getName()).slashEncode()); + } +} http://git-wip-us.apache.org/repos/asf/incubator-jclouds/blob/5f524ee6/providers/aws-ec2/src/main/java/org/jclouds/aws/ec2/compute/loaders/AWSEC2CreateSecurityGroupIfNeeded.java ---------------------------------------------------------------------- diff --git a/providers/aws-ec2/src/main/java/org/jclouds/aws/ec2/compute/loaders/AWSEC2CreateSecurityGroupIfNeeded.java b/providers/aws-ec2/src/main/java/org/jclouds/aws/ec2/compute/loaders/AWSEC2CreateSecurityGroupIfNeeded.java index ad14efe..6676ef6 100644 --- a/providers/aws-ec2/src/main/java/org/jclouds/aws/ec2/compute/loaders/AWSEC2CreateSecurityGroupIfNeeded.java +++ b/providers/aws-ec2/src/main/java/org/jclouds/aws/ec2/compute/loaders/AWSEC2CreateSecurityGroupIfNeeded.java @@ -32,10 +32,10 @@ import org.jclouds.aws.ec2.services.AWSSecurityGroupClient; import org.jclouds.compute.reference.ComputeServiceConstants; import org.jclouds.ec2.compute.domain.RegionAndName; import org.jclouds.ec2.compute.domain.RegionNameAndIngressRules; -import org.jclouds.ec2.domain.IpPermission; -import org.jclouds.ec2.domain.IpProtocol; import org.jclouds.ec2.domain.UserIdGroupPair; import org.jclouds.logging.Logger; +import org.jclouds.net.domain.IpPermission; +import org.jclouds.net.domain.IpProtocol; import com.google.common.base.Predicate; import com.google.common.cache.CacheLoader; @@ -95,7 +95,7 @@ public class AWSEC2CreateSecurityGroupIfNeeded extends CacheLoader<RegionAndName .fromPort(range.getKey()) .toPort(range.getValue()) .ipProtocol(IpProtocol.TCP) - .ipRange("0.0.0.0/0") + .cidrBlock("0.0.0.0/0") .build()); } @@ -104,13 +104,13 @@ public class AWSEC2CreateSecurityGroupIfNeeded extends CacheLoader<RegionAndName .fromPort(0) .toPort(65535) .ipProtocol(IpProtocol.TCP) - .userIdGroupPair(myOwnerId, name) + .tenantIdGroupNamePair(myOwnerId, name) .build()); permissions.add(IpPermission.builder() .fromPort(0) .toPort(65535) .ipProtocol(IpProtocol.UDP) - .userIdGroupPair(myOwnerId, name) + .tenantIdGroupNamePair(myOwnerId, name) .build()); } http://git-wip-us.apache.org/repos/asf/incubator-jclouds/blob/5f524ee6/providers/aws-ec2/src/main/java/org/jclouds/aws/ec2/services/AWSSecurityGroupAsyncClient.java ---------------------------------------------------------------------- diff --git a/providers/aws-ec2/src/main/java/org/jclouds/aws/ec2/services/AWSSecurityGroupAsyncClient.java b/providers/aws-ec2/src/main/java/org/jclouds/aws/ec2/services/AWSSecurityGroupAsyncClient.java index 75a6f9b..25acb03 100644 --- a/providers/aws-ec2/src/main/java/org/jclouds/aws/ec2/services/AWSSecurityGroupAsyncClient.java +++ b/providers/aws-ec2/src/main/java/org/jclouds/aws/ec2/services/AWSSecurityGroupAsyncClient.java @@ -33,12 +33,12 @@ import org.jclouds.aws.filters.FormSigner; import org.jclouds.ec2.binders.BindGroupIdsToIndexedFormParams; import org.jclouds.ec2.binders.BindIpPermissionToIndexedFormParams; import org.jclouds.ec2.binders.BindIpPermissionsToIndexedFormParams; -import org.jclouds.ec2.domain.IpPermission; import org.jclouds.ec2.domain.SecurityGroup; import org.jclouds.ec2.services.SecurityGroupAsyncClient; import org.jclouds.ec2.xml.DescribeSecurityGroupsResponseHandler; import org.jclouds.javax.annotation.Nullable; import org.jclouds.location.functions.RegionToEndpointOrProviderIfNull; +import org.jclouds.net.domain.IpPermission; import org.jclouds.rest.annotations.BinderParam; import org.jclouds.rest.annotations.EndpointParam; import org.jclouds.rest.annotations.Fallback; http://git-wip-us.apache.org/repos/asf/incubator-jclouds/blob/5f524ee6/providers/aws-ec2/src/main/java/org/jclouds/aws/ec2/services/AWSSecurityGroupClient.java ---------------------------------------------------------------------- diff --git a/providers/aws-ec2/src/main/java/org/jclouds/aws/ec2/services/AWSSecurityGroupClient.java b/providers/aws-ec2/src/main/java/org/jclouds/aws/ec2/services/AWSSecurityGroupClient.java index 383b0fd..ac3b301 100644 --- a/providers/aws-ec2/src/main/java/org/jclouds/aws/ec2/services/AWSSecurityGroupClient.java +++ b/providers/aws-ec2/src/main/java/org/jclouds/aws/ec2/services/AWSSecurityGroupClient.java @@ -18,10 +18,10 @@ package org.jclouds.aws.ec2.services; import java.util.Set; import org.jclouds.aws.ec2.options.CreateSecurityGroupOptions; -import org.jclouds.ec2.domain.IpPermission; import org.jclouds.ec2.domain.SecurityGroup; import org.jclouds.ec2.services.SecurityGroupClient; import org.jclouds.javax.annotation.Nullable; +import org.jclouds.net.domain.IpPermission; import com.google.common.annotations.Beta; http://git-wip-us.apache.org/repos/asf/incubator-jclouds/blob/5f524ee6/providers/aws-ec2/src/test/java/org/jclouds/aws/ec2/compute/AWSEC2ComputeServiceLiveTest.java ---------------------------------------------------------------------- diff --git a/providers/aws-ec2/src/test/java/org/jclouds/aws/ec2/compute/AWSEC2ComputeServiceLiveTest.java b/providers/aws-ec2/src/test/java/org/jclouds/aws/ec2/compute/AWSEC2ComputeServiceLiveTest.java index 7ee0e9d..ae39523 100644 --- a/providers/aws-ec2/src/test/java/org/jclouds/aws/ec2/compute/AWSEC2ComputeServiceLiveTest.java +++ b/providers/aws-ec2/src/test/java/org/jclouds/aws/ec2/compute/AWSEC2ComputeServiceLiveTest.java @@ -48,11 +48,11 @@ import org.jclouds.compute.predicates.NodePredicates; import org.jclouds.domain.LoginCredentials; import org.jclouds.ec2.EC2Client; import org.jclouds.ec2.compute.EC2ComputeServiceLiveTest; -import org.jclouds.ec2.domain.IpProtocol; import org.jclouds.ec2.domain.KeyPair; import org.jclouds.ec2.domain.SecurityGroup; import org.jclouds.ec2.services.InstanceClient; import org.jclouds.ec2.services.KeyPairClient; +import org.jclouds.net.domain.IpProtocol; import org.jclouds.scriptbuilder.domain.Statements; import org.testng.annotations.Test; http://git-wip-us.apache.org/repos/asf/incubator-jclouds/blob/5f524ee6/providers/aws-ec2/src/test/java/org/jclouds/aws/ec2/compute/extensions/AWSEC2SecurityGroupExtensionExpectTest.java ---------------------------------------------------------------------- diff --git a/providers/aws-ec2/src/test/java/org/jclouds/aws/ec2/compute/extensions/AWSEC2SecurityGroupExtensionExpectTest.java b/providers/aws-ec2/src/test/java/org/jclouds/aws/ec2/compute/extensions/AWSEC2SecurityGroupExtensionExpectTest.java new file mode 100644 index 0000000..4bae7c3 --- /dev/null +++ b/providers/aws-ec2/src/test/java/org/jclouds/aws/ec2/compute/extensions/AWSEC2SecurityGroupExtensionExpectTest.java @@ -0,0 +1,367 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.jclouds.aws.ec2.compute.extensions; + +import static org.testng.Assert.assertEquals; +import static org.testng.Assert.assertNotNull; +import static org.testng.Assert.assertTrue; + +import java.util.Set; + +import javax.ws.rs.core.MediaType; + +import org.jclouds.aws.ec2.compute.internal.BaseAWSEC2ComputeServiceExpectTest; +import org.jclouds.compute.domain.SecurityGroup; +import org.jclouds.compute.domain.SecurityGroupBuilder; +import org.jclouds.compute.extensions.SecurityGroupExtension; +import org.jclouds.domain.Location; +import org.jclouds.domain.LocationBuilder; +import org.jclouds.domain.LocationScope; +import org.jclouds.ec2.compute.domain.RegionAndName; +import org.jclouds.http.HttpRequest; +import org.jclouds.http.HttpResponse; +import org.jclouds.net.domain.IpPermission; +import org.jclouds.net.domain.IpProtocol; +import org.testng.annotations.Test; + +import com.google.common.collect.ImmutableMap; +import com.google.common.collect.ImmutableMap.Builder; +import com.google.common.collect.ImmutableMultimap; +import com.google.common.collect.ImmutableSet; +import com.google.common.collect.Iterables; +import com.google.common.collect.LinkedHashMultimap; +import com.google.common.collect.Multimap; +import com.google.common.collect.Sets; +import com.google.common.util.concurrent.Futures; + +/** + * + * @author Andrew Bayer + */ +@Test(groups = "unit", testName = "AWSEC2SecurityGroupExtensionExpectTest") +public class AWSEC2SecurityGroupExtensionExpectTest extends BaseAWSEC2ComputeServiceExpectTest { + + public void testAddIpPermissionCidrFromIpPermission() { + HttpRequest describeSecurityGroupsSingleRequest = + formSigner.filter(HttpRequest.builder() + .method("POST") + .endpoint("https://ec2."; + region + ".amazonaws.com/") + .addHeader("Host", "ec2." + region + ".amazonaws.com") + .addFormParam("Action", "DescribeSecurityGroups") + .addFormParam("GroupName.1", "jclouds#some-group").build()); + + HttpResponse describeSecurityGroupsSingleResponse = + HttpResponse.builder().statusCode(200) + .payload(payloadFromResourceWithContentType( + "/describe_securitygroups_extension_cidr.xml", MediaType.APPLICATION_XML)).build(); + + + HttpRequest authorizeSecurityGroupIngressRequestRange = + formSigner.filter(HttpRequest.builder() + .method("POST") + .endpoint("https://ec2."; + region + ".amazonaws.com/") + .addHeader("Host", "ec2." + region + ".amazonaws.com") + .addFormParam("Action", "AuthorizeSecurityGroupIngress") + .addFormParam("GroupId", "jclouds#some-group") + .addFormParam("IpPermissions.0.FromPort", "22") + .addFormParam("IpPermissions.0.IpProtocol", "tcp") + .addFormParam("IpPermissions.0.IpRanges.0.CidrIp", "0.0.0.0/0") + .addFormParam("IpPermissions.0.ToPort", "40") + .build()); + + Builder<HttpRequest, HttpResponse> requestResponseMap = ImmutableMap.<HttpRequest, HttpResponse> builder(); + requestResponseMap.put(describeRegionsRequest, describeRegionsResponse); + requestResponseMap.put(describeAvailabilityZonesRequest, describeAvailabilityZonesResponse); + requestResponseMap.put(describeSecurityGroupsSingleRequest, describeSecurityGroupsSingleResponse); + requestResponseMap.put(createKeyPairRequest, createKeyPairResponse); + requestResponseMap.put(createSecurityGroupRequest, createSecurityGroupResponse); + + requestResponseMap.put(authorizeSecurityGroupIngressRequestRange, authorizeSecurityGroupIngressResponse); + + IpPermission.Builder builder = IpPermission.builder(); + + builder.ipProtocol(IpProtocol.TCP); + builder.fromPort(22); + builder.toPort(40); + builder.cidrBlock("0.0.0.0/0"); + + IpPermission perm = builder.build(); + + SecurityGroupExtension extension = requestsSendResponses(requestResponseMap.build()).getSecurityGroupExtension().get(); + + SecurityGroupBuilder groupBuilder = new SecurityGroupBuilder(); + groupBuilder.id("jclouds#some-group"); + groupBuilder.providerId("sg-3c6ef654"); + groupBuilder.name("jclouds#some-group"); + groupBuilder.location(new LocationBuilder() + .scope(LocationScope.REGION) + .id(region) + .description("region") + .build()); + + SecurityGroup origGroup = groupBuilder.build(); + + SecurityGroup newGroup = extension.addIpPermission(perm, origGroup); + + assertEquals(1, newGroup.getIpPermissions().size()); + + IpPermission newPerm = Iterables.getOnlyElement(newGroup.getIpPermissions()); + + assertNotNull(newPerm); + assertEquals(IpProtocol.TCP, newPerm.getIpProtocol()); + assertEquals(22, newPerm.getFromPort()); + assertEquals(40, newPerm.getToPort()); + assertEquals(1, newPerm.getCidrBlocks().size()); + assertTrue(newPerm.getCidrBlocks().contains("0.0.0.0/0")); + } + + public void testAddIpPermissionCidrFromParams() { + HttpRequest describeSecurityGroupsSingleRequest = + formSigner.filter(HttpRequest.builder() + .method("POST") + .endpoint("https://ec2."; + region + ".amazonaws.com/") + .addHeader("Host", "ec2." + region + ".amazonaws.com") + .addFormParam("Action", "DescribeSecurityGroups") + .addFormParam("GroupName.1", "jclouds#some-group").build()); + + HttpResponse describeSecurityGroupsSingleResponse = + HttpResponse.builder().statusCode(200) + .payload(payloadFromResourceWithContentType( + "/describe_securitygroups_extension_cidr.xml", MediaType.APPLICATION_XML)).build(); + + + HttpRequest authorizeSecurityGroupIngressRequestRange = + formSigner.filter(HttpRequest.builder() + .method("POST") + .endpoint("https://ec2."; + region + ".amazonaws.com/") + .addHeader("Host", "ec2." + region + ".amazonaws.com") + .addFormParam("Action", "AuthorizeSecurityGroupIngress") + .addFormParam("GroupId", "jclouds#some-group") + .addFormParam("IpPermissions.0.FromPort", "22") + .addFormParam("IpPermissions.0.IpProtocol", "tcp") + .addFormParam("IpPermissions.0.IpRanges.0.CidrIp", "0.0.0.0/0") + .addFormParam("IpPermissions.0.ToPort", "40") + .build()); + + Builder<HttpRequest, HttpResponse> requestResponseMap = ImmutableMap.<HttpRequest, HttpResponse> builder(); + requestResponseMap.put(describeRegionsRequest, describeRegionsResponse); + requestResponseMap.put(describeAvailabilityZonesRequest, describeAvailabilityZonesResponse); + requestResponseMap.put(describeSecurityGroupsSingleRequest, describeSecurityGroupsSingleResponse); + requestResponseMap.put(createKeyPairRequest, createKeyPairResponse); + requestResponseMap.put(createSecurityGroupRequest, createSecurityGroupResponse); + + requestResponseMap.put(authorizeSecurityGroupIngressRequestRange, authorizeSecurityGroupIngressResponse); + + SecurityGroupExtension extension = requestsSendResponses(requestResponseMap.build()).getSecurityGroupExtension().get(); + + SecurityGroupBuilder groupBuilder = new SecurityGroupBuilder(); + groupBuilder.id("jclouds#some-group"); + groupBuilder.providerId("sg-3c6ef654"); + groupBuilder.name("jclouds#some-group"); + groupBuilder.location(new LocationBuilder() + .scope(LocationScope.REGION) + .id(region) + .description("region") + .build()); + + SecurityGroup origGroup = groupBuilder.build(); + + SecurityGroup newGroup = extension.addIpPermission(IpProtocol.TCP, + 22, + 40, + emptyMultimap(), + ImmutableSet.of("0.0.0.0/0"), + emptyStringSet(), + origGroup); + + assertEquals(1, newGroup.getIpPermissions().size()); + + IpPermission newPerm = Iterables.getOnlyElement(newGroup.getIpPermissions()); + + assertNotNull(newPerm); + assertEquals(IpProtocol.TCP, newPerm.getIpProtocol()); + assertEquals(22, newPerm.getFromPort()); + assertEquals(40, newPerm.getToPort()); + assertEquals(1, newPerm.getCidrBlocks().size()); + assertTrue(newPerm.getCidrBlocks().contains("0.0.0.0/0")); + } + + public void testAddIpPermissionGroupFromIpPermission() { + HttpRequest describeSecurityGroupsSingleRequest = + formSigner.filter(HttpRequest.builder() + .method("POST") + .endpoint("https://ec2."; + region + ".amazonaws.com/") + .addHeader("Host", "ec2." + region + ".amazonaws.com") + .addFormParam("Action", "DescribeSecurityGroups") + .addFormParam("GroupName.1", "jclouds#some-group").build()); + + HttpResponse describeSecurityGroupsSingleResponse = + HttpResponse.builder().statusCode(200) + .payload(payloadFromResourceWithContentType( + "/describe_securitygroups_extension_group.xml", MediaType.APPLICATION_XML)).build(); + + + HttpRequest authorizeSecurityGroupIngressRequestGroupTenant = + formSigner.filter(HttpRequest.builder() + .method("POST") + .endpoint("https://ec2."; + region + ".amazonaws.com/") + .addHeader("Host", "ec2." + region + ".amazonaws.com") + .addFormParam("Action", "AuthorizeSecurityGroupIngress") + .addFormParam("GroupId", "jclouds#some-group") + .addFormParam("IpPermissions.0.FromPort", "22") + .addFormParam("IpPermissions.0.Groups.0.GroupName", "jclouds#some-group") + .addFormParam("IpPermissions.0.Groups.0.UserId", "993194456877") + .addFormParam("IpPermissions.0.IpProtocol", "tcp") + .addFormParam("IpPermissions.0.ToPort", "40") + .build()); + + Builder<HttpRequest, HttpResponse> requestResponseMap = ImmutableMap.<HttpRequest, HttpResponse> builder(); + requestResponseMap.put(describeRegionsRequest, describeRegionsResponse); + requestResponseMap.put(describeAvailabilityZonesRequest, describeAvailabilityZonesResponse); + requestResponseMap.put(describeSecurityGroupsSingleRequest, describeSecurityGroupsSingleResponse); + requestResponseMap.put(createKeyPairRequest, createKeyPairResponse); + requestResponseMap.put(createSecurityGroupRequest, createSecurityGroupResponse); + + requestResponseMap.put(authorizeSecurityGroupIngressRequestGroupTenant, authorizeSecurityGroupIngressResponse); + + IpPermission.Builder builder = IpPermission.builder(); + + builder.ipProtocol(IpProtocol.TCP); + builder.fromPort(22); + builder.toPort(40); + builder.tenantIdGroupNamePair("993194456877", "jclouds#some-group"); + + IpPermission perm = builder.build(); + + SecurityGroupExtension extension = requestsSendResponses(requestResponseMap.build()).getSecurityGroupExtension().get(); + + SecurityGroupBuilder groupBuilder = new SecurityGroupBuilder(); + groupBuilder.id("jclouds#some-group"); + groupBuilder.providerId("sg-3c6ef654"); + groupBuilder.name("jclouds#some-group"); + groupBuilder.location(new LocationBuilder() + .scope(LocationScope.REGION) + .id(region) + .description("region") + .build()); + groupBuilder.ownerId("993194456877"); + + SecurityGroup origGroup = groupBuilder.build(); + + SecurityGroup newGroup = extension.addIpPermission(perm, origGroup); + + assertEquals(1, newGroup.getIpPermissions().size()); + + IpPermission newPerm = Iterables.getOnlyElement(newGroup.getIpPermissions()); + + assertNotNull(newPerm); + assertEquals(IpProtocol.TCP, newPerm.getIpProtocol()); + assertEquals(22, newPerm.getFromPort()); + assertEquals(40, newPerm.getToPort()); + assertEquals(0, newPerm.getCidrBlocks().size()); + assertEquals(1, newPerm.getTenantIdGroupNamePairs().size()); + assertTrue(newPerm.getTenantIdGroupNamePairs().keySet().contains(origGroup.getOwnerId())); + assertTrue(newPerm.getTenantIdGroupNamePairs().values().contains(origGroup.getName())); + } + + + public void testAddIpPermissionGroupFromParams() { + HttpRequest describeSecurityGroupsSingleRequest = + formSigner.filter(HttpRequest.builder() + .method("POST") + .endpoint("https://ec2."; + region + ".amazonaws.com/") + .addHeader("Host", "ec2." + region + ".amazonaws.com") + .addFormParam("Action", "DescribeSecurityGroups") + .addFormParam("GroupName.1", "jclouds#some-group").build()); + + HttpResponse describeSecurityGroupsSingleResponse = + HttpResponse.builder().statusCode(200) + .payload(payloadFromResourceWithContentType( + "/describe_securitygroups_extension_group.xml", MediaType.APPLICATION_XML)).build(); + + + HttpRequest authorizeSecurityGroupIngressRequestGroupTenant = + formSigner.filter(HttpRequest.builder() + .method("POST") + .endpoint("https://ec2."; + region + ".amazonaws.com/") + .addHeader("Host", "ec2." + region + ".amazonaws.com") + .addFormParam("Action", "AuthorizeSecurityGroupIngress") + .addFormParam("GroupId", "jclouds#some-group") + .addFormParam("IpPermissions.0.FromPort", "22") + .addFormParam("IpPermissions.0.Groups.0.GroupName", "jclouds#some-group") + .addFormParam("IpPermissions.0.Groups.0.UserId", "993194456877") + .addFormParam("IpPermissions.0.IpProtocol", "tcp") + .addFormParam("IpPermissions.0.ToPort", "40") + .build()); + + Builder<HttpRequest, HttpResponse> requestResponseMap = ImmutableMap.<HttpRequest, HttpResponse> builder(); + requestResponseMap.put(describeRegionsRequest, describeRegionsResponse); + requestResponseMap.put(describeAvailabilityZonesRequest, describeAvailabilityZonesResponse); + requestResponseMap.put(describeSecurityGroupsSingleRequest, describeSecurityGroupsSingleResponse); + requestResponseMap.put(createKeyPairRequest, createKeyPairResponse); + requestResponseMap.put(createSecurityGroupRequest, createSecurityGroupResponse); + + requestResponseMap.put(authorizeSecurityGroupIngressRequestGroupTenant, authorizeSecurityGroupIngressResponse); + + SecurityGroupExtension extension = requestsSendResponses(requestResponseMap.build()).getSecurityGroupExtension().get(); + + SecurityGroupBuilder groupBuilder = new SecurityGroupBuilder(); + groupBuilder.id("jclouds#some-group"); + groupBuilder.providerId("sg-3c6ef654"); + groupBuilder.name("jclouds#some-group"); + groupBuilder.ownerId("993194456877"); + groupBuilder.location(new LocationBuilder() + .scope(LocationScope.REGION) + .id(region) + .description("region") + .build()); + + SecurityGroup origGroup = groupBuilder.build(); + + ImmutableMultimap.Builder<String, String> permBuilder = ImmutableMultimap.builder(); + permBuilder.put(origGroup.getOwnerId(), origGroup.getName()); + + SecurityGroup newGroup = extension.addIpPermission(IpProtocol.TCP, + 22, + 40, + permBuilder.build(), + emptyStringSet(), + emptyStringSet(), + origGroup); + + assertEquals(1, newGroup.getIpPermissions().size()); + + IpPermission newPerm = Iterables.getOnlyElement(newGroup.getIpPermissions()); + + assertNotNull(newPerm); + assertEquals(IpProtocol.TCP, newPerm.getIpProtocol()); + assertEquals(22, newPerm.getFromPort()); + assertEquals(40, newPerm.getToPort()); + assertEquals(0, newPerm.getCidrBlocks().size()); + assertEquals(1, newPerm.getTenantIdGroupNamePairs().size()); + assertTrue(newPerm.getTenantIdGroupNamePairs().keySet().contains(origGroup.getOwnerId())); + assertTrue(newPerm.getTenantIdGroupNamePairs().values().contains(origGroup.getName())); + } + + private Multimap<String, String> emptyMultimap() { + return LinkedHashMultimap.create(); + } + + private Set<String> emptyStringSet() { + return Sets.newLinkedHashSet(); + } +} http://git-wip-us.apache.org/repos/asf/incubator-jclouds/blob/5f524ee6/providers/aws-ec2/src/test/java/org/jclouds/aws/ec2/compute/extensions/AWSEC2SecurityGroupExtensionLiveTest.java ---------------------------------------------------------------------- diff --git a/providers/aws-ec2/src/test/java/org/jclouds/aws/ec2/compute/extensions/AWSEC2SecurityGroupExtensionLiveTest.java b/providers/aws-ec2/src/test/java/org/jclouds/aws/ec2/compute/extensions/AWSEC2SecurityGroupExtensionLiveTest.java new file mode 100644 index 0000000..9de4f24 --- /dev/null +++ b/providers/aws-ec2/src/test/java/org/jclouds/aws/ec2/compute/extensions/AWSEC2SecurityGroupExtensionLiveTest.java @@ -0,0 +1,39 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.jclouds.aws.ec2.compute.extensions; + +import static com.google.common.collect.Iterables.transform; + +import org.jclouds.compute.extensions.SecurityGroupExtension; +import org.jclouds.compute.extensions.internal.BaseSecurityGroupExtensionLiveTest; +import org.testng.annotations.Test; + +import com.google.inject.Module; + +/** + * Live test for aws-ec2 {@link SecurityGroupExtension} implementation + * + * @author Andrew Bayer + * + */ +@Test(groups = "live", singleThreaded = true, testName = "AWSEC2SecurityGroupExtensionLiveTest") +public class AWSEC2SecurityGroupExtensionLiveTest extends BaseSecurityGroupExtensionLiveTest { + + public AWSEC2SecurityGroupExtensionLiveTest() { + provider = "aws-ec2"; + } +} http://git-wip-us.apache.org/repos/asf/incubator-jclouds/blob/5f524ee6/providers/aws-ec2/src/test/java/org/jclouds/aws/ec2/compute/loaders/AWSEC2CreateSecurityGroupIfNeededTest.java ---------------------------------------------------------------------- diff --git a/providers/aws-ec2/src/test/java/org/jclouds/aws/ec2/compute/loaders/AWSEC2CreateSecurityGroupIfNeededTest.java b/providers/aws-ec2/src/test/java/org/jclouds/aws/ec2/compute/loaders/AWSEC2CreateSecurityGroupIfNeededTest.java index db3093c..269a8f0 100644 --- a/providers/aws-ec2/src/test/java/org/jclouds/aws/ec2/compute/loaders/AWSEC2CreateSecurityGroupIfNeededTest.java +++ b/providers/aws-ec2/src/test/java/org/jclouds/aws/ec2/compute/loaders/AWSEC2CreateSecurityGroupIfNeededTest.java @@ -30,10 +30,10 @@ import java.util.concurrent.ExecutionException; import org.jclouds.aws.ec2.services.AWSSecurityGroupClient; import org.jclouds.ec2.compute.domain.RegionAndName; import org.jclouds.ec2.compute.domain.RegionNameAndIngressRules; -import org.jclouds.ec2.domain.IpPermission; -import org.jclouds.ec2.domain.IpProtocol; import org.jclouds.ec2.domain.SecurityGroup; import org.jclouds.ec2.domain.UserIdGroupPair; +import org.jclouds.net.domain.IpPermission; +import org.jclouds.net.domain.IpProtocol; import org.testng.annotations.Test; import com.google.common.base.Predicate; @@ -63,20 +63,20 @@ public class AWSEC2CreateSecurityGroupIfNeededTest { .fromPort(22) .toPort(22) .ipProtocol(IpProtocol.TCP) - .ipRange("0.0.0.0/0") + .cidrBlock("0.0.0.0/0") .build()); permissions.add(IpPermission.builder() .fromPort(0) .toPort(65535) .ipProtocol(IpProtocol.TCP) - .userIdGroupPair("ownerId", "group") + .tenantIdGroupNamePair("ownerId", "group") .build()); permissions.add(IpPermission.builder() .fromPort(0) .toPort(65535) .ipProtocol(IpProtocol.UDP) - .userIdGroupPair("ownerId", "group") + .tenantIdGroupNamePair("ownerId", "group") .build()); client.createSecurityGroupInRegion("region", "group", "group"); http://git-wip-us.apache.org/repos/asf/incubator-jclouds/blob/5f524ee6/providers/aws-ec2/src/test/java/org/jclouds/aws/ec2/parse/DescribeSecurityGroupsResponseTest.java ---------------------------------------------------------------------- diff --git a/providers/aws-ec2/src/test/java/org/jclouds/aws/ec2/parse/DescribeSecurityGroupsResponseTest.java b/providers/aws-ec2/src/test/java/org/jclouds/aws/ec2/parse/DescribeSecurityGroupsResponseTest.java index 40e49dd..8f948f5 100644 --- a/providers/aws-ec2/src/test/java/org/jclouds/aws/ec2/parse/DescribeSecurityGroupsResponseTest.java +++ b/providers/aws-ec2/src/test/java/org/jclouds/aws/ec2/parse/DescribeSecurityGroupsResponseTest.java @@ -25,12 +25,12 @@ import static org.testng.Assert.assertEquals; import java.io.InputStream; import java.util.Set; -import org.jclouds.ec2.domain.IpPermission; -import org.jclouds.ec2.domain.IpProtocol; import org.jclouds.ec2.domain.SecurityGroup; import org.jclouds.ec2.xml.BaseEC2HandlerTest; import org.jclouds.ec2.xml.DescribeSecurityGroupsResponseHandler; import org.jclouds.http.functions.ParseSax; +import org.jclouds.net.domain.IpPermission; +import org.jclouds.net.domain.IpProtocol; import org.jclouds.reflect.Invocation; import org.jclouds.rest.internal.GeneratedHttpRequest; import org.testng.annotations.Test; @@ -69,7 +69,7 @@ public class DescribeSecurityGroupsResponseTest extends BaseEC2HandlerTest { // .vpcId("vpc-99999999") .ipPermission(IpPermission.builder() .ipProtocol(IpProtocol.ALL) - .userIdGroupPair("123123123123","sg-11111111").build()) + .tenantIdGroupNamePair("123123123123","sg-11111111").build()) // .ipPermissionEgress(IpPermission.builder() // .ipProtocol(IpProtocol.ALL) // .ipRange("0.0.0.0/0").build()) http://git-wip-us.apache.org/repos/asf/incubator-jclouds/blob/5f524ee6/providers/aws-ec2/src/test/java/org/jclouds/aws/ec2/services/AWSSecurityGroupAsyncClientTest.java ---------------------------------------------------------------------- diff --git a/providers/aws-ec2/src/test/java/org/jclouds/aws/ec2/services/AWSSecurityGroupAsyncClientTest.java b/providers/aws-ec2/src/test/java/org/jclouds/aws/ec2/services/AWSSecurityGroupAsyncClientTest.java index 2ad3467..9ebead5 100644 --- a/providers/aws-ec2/src/test/java/org/jclouds/aws/ec2/services/AWSSecurityGroupAsyncClientTest.java +++ b/providers/aws-ec2/src/test/java/org/jclouds/aws/ec2/services/AWSSecurityGroupAsyncClientTest.java @@ -22,13 +22,13 @@ import java.io.IOException; import org.jclouds.Fallbacks.EmptySetOnNotFoundOr404; import org.jclouds.Fallbacks.VoidOnNotFoundOr404; -import org.jclouds.ec2.domain.IpPermission; -import org.jclouds.ec2.domain.IpProtocol; import org.jclouds.ec2.util.IpPermissions; import org.jclouds.ec2.xml.DescribeSecurityGroupsResponseHandler; import org.jclouds.http.HttpRequest; import org.jclouds.http.functions.ParseSax; import org.jclouds.http.functions.ReleasePayloadAndReturn; +import org.jclouds.net.domain.IpPermission; +import org.jclouds.net.domain.IpProtocol; import org.jclouds.rest.internal.GeneratedHttpRequest; import org.testng.annotations.Test; http://git-wip-us.apache.org/repos/asf/incubator-jclouds/blob/5f524ee6/providers/aws-ec2/src/test/java/org/jclouds/aws/ec2/services/AWSSecurityGroupClientLiveTest.java ---------------------------------------------------------------------- diff --git a/providers/aws-ec2/src/test/java/org/jclouds/aws/ec2/services/AWSSecurityGroupClientLiveTest.java b/providers/aws-ec2/src/test/java/org/jclouds/aws/ec2/services/AWSSecurityGroupClientLiveTest.java index 0ec81dd..76c7e91 100644 --- a/providers/aws-ec2/src/test/java/org/jclouds/aws/ec2/services/AWSSecurityGroupClientLiveTest.java +++ b/providers/aws-ec2/src/test/java/org/jclouds/aws/ec2/services/AWSSecurityGroupClientLiveTest.java @@ -21,11 +21,11 @@ import static org.testng.Assert.assertNotNull; import java.util.Set; -import org.jclouds.ec2.domain.IpPermission; -import org.jclouds.ec2.domain.IpProtocol; import org.jclouds.ec2.domain.SecurityGroup; import org.jclouds.ec2.services.SecurityGroupClientLiveTest; import org.jclouds.ec2.util.IpPermissions; +import org.jclouds.net.domain.IpPermission; +import org.jclouds.net.domain.IpProtocol; import org.testng.annotations.Test; import com.google.common.base.Predicate; @@ -69,7 +69,7 @@ public class AWSSecurityGroupClientLiveTest extends SecurityGroupClientLiveTest assertEventually(new GroupHasPermission(client, group2Name, new Predicate<IpPermission>() { @Override public boolean apply(IpPermission arg0) { - return arg0.getUserIdGroupPairs().equals(ImmutableMultimap.of(group.getOwnerId(), group1Name)) + return arg0.getTenantIdGroupNamePairs().equals(ImmutableMultimap.of(group.getOwnerId(), group1Name)) && arg0.getFromPort() == 80 && arg0.getToPort() == 80 && arg0.getIpProtocol() == IpProtocol.TCP; } })); http://git-wip-us.apache.org/repos/asf/incubator-jclouds/blob/5f524ee6/providers/gogrid/src/main/java/org/jclouds/gogrid/compute/GoGridComputeService.java ---------------------------------------------------------------------- diff --git a/providers/gogrid/src/main/java/org/jclouds/gogrid/compute/GoGridComputeService.java b/providers/gogrid/src/main/java/org/jclouds/gogrid/compute/GoGridComputeService.java index 3f5935c..8e34a5e 100644 --- a/providers/gogrid/src/main/java/org/jclouds/gogrid/compute/GoGridComputeService.java +++ b/providers/gogrid/src/main/java/org/jclouds/gogrid/compute/GoGridComputeService.java @@ -37,6 +37,7 @@ import org.jclouds.compute.domain.Image; import org.jclouds.compute.domain.NodeMetadata; import org.jclouds.compute.domain.TemplateBuilder; import org.jclouds.compute.extensions.ImageExtension; +import org.jclouds.compute.extensions.SecurityGroupExtension; import org.jclouds.compute.internal.BaseComputeService; import org.jclouds.compute.internal.PersistNodeCredentials; import org.jclouds.compute.options.TemplateOptions; @@ -81,12 +82,12 @@ public class GoGridComputeService extends BaseComputeService { InitializeRunScriptOnNodeOrPlaceInBadMap.Factory initScriptRunnerFactory, InitAdminAccess initAdminAccess, RunScriptOnNode.Factory runScriptOnNodeFactory, PersistNodeCredentials persistNodeCredentials, Timeouts timeouts, @Named(Constants.PROPERTY_USER_THREADS) ListeningExecutorService userExecutor, - Optional<ImageExtension> imageExtension) { + Optional<ImageExtension> imageExtension, Optional<SecurityGroupExtension> securityGroupExtension) { super(context, credentialStore, images, hardwareProfiles, locations, listNodesStrategy, getImageStrategy, getNodeMetadataStrategy, runNodesAndAddToSetStrategy, rebootNodeStrategy, destroyNodeStrategy, resumeNodeStrategy, suspendNodeStrategy, templateBuilderProvider, templateOptionsProvider, nodeRunning, nodeTerminated, nodeSuspended, initScriptRunnerFactory, initAdminAccess, runScriptOnNodeFactory, - persistNodeCredentials, timeouts, userExecutor, imageExtension); + persistNodeCredentials, timeouts, userExecutor, imageExtension, securityGroupExtension); } /**
