[jira] [Commented] (JCLOUDS-1309) GCE SecurityGroupExtension implementation

Thu, 15 Jun 2017 01:21:24 -0700 

    [ 
https://issues.apache.org/jira/browse/JCLOUDS-1309?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16050143#comment-16050143
 ] 

Ignasi Barrera commented on JCLOUDS-1309:
-----------------------------------------

See also the discussion thread in the jclouds-dev mailing list: 
https://s.apache.org/jclouds-gce-sge

> GCE SecurityGroupExtension implementation
> -----------------------------------------
>
>                 Key: JCLOUDS-1309
>                 URL: https://issues.apache.org/jira/browse/JCLOUDS-1309
>             Project: jclouds
>          Issue Type: Improvement
>          Components: jclouds-compute
>    Affects Versions: 2.0.1
>            Reporter: Svetoslav Neykov
>              Labels: google-compute-engine
>
> I'd like to try implement the {{SecurityGroupExtension}} interface for GCE. 
> Looking at the documentation it seems that the combination of firewall rules 
> and node tags is flexible enough to allow us implement the functionality.
> It's been tried before but the implementation's been removed (see \[1]). It's 
> main drawback is that for each security group the code creates a new network.
> Currently the biggest mismatch between the jclouds abstraction and the GCE 
> functionality is that its firewall rules must be attached to a network. 
> Here's my suggested approach:
>   * IpPermission roughly corresponds to a firewall rule
>   * SecurityGroup is just a collection of firewall rules (there's no cloud 
> resources that corresponds to it). The firewall rules of a security group 
> share the same prefix - {{jclouds-sg-<sg name>-<permission suffix>}}. They 
> all belong to the same network.
>   * *They key bit*: {{createSecurityGroup}} accepts a {{Location}} with a 
> scope of {{Network}}, returning a custom implementation of {{SecurityGroup}} 
> which keeps a reference to the network, so all {{IpPermission}} objects added 
> subsequently will be on it.
> While the suggested approach fits into the {{SecurityGroupExtension}} 
> interface it's different enough from the other implementations that it might 
> not be worth the trouble of implementing and supporting (even be harmful as 
> users might be surprised by the different behaviour).
> Would be interested in hearing other opinions on the approach.
> \[1] 
> https://github.com/jclouds/jclouds/commit/2ba48dc9f66416b5d8515bd6a07b27a213d89a7c



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to