[GitHub] brooklyn-server pull request #276: (For Review) Effector for opening inbound...
Github user nakomis commented on a diff in the pull request:
https://github.com/apache/brooklyn-server/pull/276#discussion_r75093029
--- Diff:
locations/jclouds/src/main/java/org/apache/brooklyn/location/jclouds/networking/NetworkingEffectors.java
---
@@ -0,0 +1,88 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.brooklyn.location.jclouds.networking;
+
+import com.google.common.base.Optional;
+import com.google.common.base.Preconditions;
+import com.google.common.base.Predicates;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.Iterables;
+import com.google.common.collect.Range;
+import com.google.common.reflect.TypeToken;
+import org.apache.brooklyn.api.effector.Effector;
+import org.apache.brooklyn.api.location.Location;
+import org.apache.brooklyn.config.ConfigKey;
+import org.apache.brooklyn.core.config.ConfigKeys;
+import org.apache.brooklyn.core.effector.EffectorBody;
+import org.apache.brooklyn.core.effector.Effectors;
+import org.apache.brooklyn.location.jclouds.JcloudsMachineLocation;
+import org.apache.brooklyn.util.collections.MutableList;
+import org.apache.brooklyn.util.core.BrooklynNetworkUtils;
+import org.apache.brooklyn.util.core.config.ConfigBag;
+import org.apache.brooklyn.util.net.Cidr;
+import org.apache.brooklyn.util.net.Networking;
+import org.jclouds.net.domain.IpPermission;
+import org.jclouds.net.domain.IpProtocol;
+
+import java.util.List;
+
+public class NetworkingEffectors {
+// Intentionally not use CloudLocationConfig.INBOUND_PORTS to make
richer syntax and rename it to differ it from the first in a ConfigBag
+public static final ConfigKey INBOUND_PORTS_LIST =
ConfigKeys.newConfigKey(new TypeToken() {}, "inbound.ports.list",
+"Ports to open from the effector", ImmutableList.of());
+public static final ConfigKey INBOUND_PORTS_LIST_PROTOCOL
= ConfigKeys.newConfigKey(new TypeToken() {},
"inbound.ports.list.protocol",
+"Protocol for ports to open. Possible values: TCP, UDP, ICMP,
ALL.", IpProtocol.TCP);
+
+public static Effector
openPortsInSecurityGroupEffector() {
+return
(Effector)Effectors.effector(Iterable.class,
"openPortsInSecurityGroup")
--- End diff --
This fails to build in IntelliJ, replacing with `return
(Effector)Effectors.effector((new
TypeToken(){}).getRawType(),
"openPortsInSecurityGroup")` would keep IDEs happy, but it builds in Maven, so
no strong feelings
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-server pull request #276: (For Review) Effector for opening inbound...
Github user aledsage commented on a diff in the pull request:
https://github.com/apache/brooklyn-server/pull/276#discussion_r72586637
--- Diff:
software/base/src/main/java/org/apache/brooklyn/entity/software/base/SoftwareProcess.java
---
@@ -147,6 +147,8 @@
@SetFromFlag("runDir")
AttributeSensorAndConfigKey RUN_DIR =
BrooklynConfigKeys.RUN_DIR;
+ConfigKey ADD_OPEN_PORTS_EFFECTOR =
ConfigKeys.newBooleanConfigKey("effector.add.openPorts", "Flag which adds
effector for opening ports through Cloud security groups");
--- End diff --
I prefer giving an explicit default, rather than null.
(But I do see you handle null in SoftwareProcessImpl.init, so the code does
work).
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-server pull request #276: (For Review) Effector for opening inbound...
Github user aledsage commented on a diff in the pull request:
https://github.com/apache/brooklyn-server/pull/276#discussion_r72586500
--- Diff:
locations/jclouds/src/main/java/org/apache/brooklyn/location/jclouds/networking/NetworkingEffectors.java
---
@@ -0,0 +1,80 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.brooklyn.location.jclouds.networking;
+
+import com.google.common.base.Optional;
+import com.google.common.base.Preconditions;
+import com.google.common.base.Predicates;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.Iterables;
+import com.google.common.collect.Range;
+import com.google.common.reflect.TypeToken;
+import org.apache.brooklyn.api.effector.Effector;
+import org.apache.brooklyn.api.location.Location;
+import org.apache.brooklyn.config.ConfigKey;
+import org.apache.brooklyn.core.config.ConfigKeys;
+import org.apache.brooklyn.core.effector.EffectorBody;
+import org.apache.brooklyn.core.effector.Effectors;
+import org.apache.brooklyn.location.jclouds.JcloudsMachineLocation;
+import org.apache.brooklyn.util.collections.MutableList;
+import org.apache.brooklyn.util.core.BrooklynNetworkUtils;
+import org.apache.brooklyn.util.core.config.ConfigBag;
+import org.apache.brooklyn.util.net.Cidr;
+import org.jclouds.net.domain.IpPermission;
+import org.jclouds.net.domain.IpProtocol;
+
+import java.util.List;
+
+public class NetworkingEffectors {
+public static final ConfigKey INBOUND_PORTS_EFFECTOR =
ConfigKeys.newConfigKey(new TypeToken() {},
"inbound.ports.effector",
--- End diff --
"inbound.ports.effector" seems like a strange name. This isn't an effector,
I believe: it's a parameter for the effector, yes?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-server pull request #276: (For Review) Effector for opening inbound...
Github user aledsage commented on a diff in the pull request:
https://github.com/apache/brooklyn-server/pull/276#discussion_r72586282
--- Diff:
locations/jclouds/src/main/java/org/apache/brooklyn/location/jclouds/networking/NetworkingEffectors.java
---
@@ -0,0 +1,80 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.brooklyn.location.jclouds.networking;
+
+import com.google.common.base.Optional;
+import com.google.common.base.Preconditions;
+import com.google.common.base.Predicates;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.Iterables;
+import com.google.common.collect.Range;
+import com.google.common.reflect.TypeToken;
+import org.apache.brooklyn.api.effector.Effector;
+import org.apache.brooklyn.api.location.Location;
+import org.apache.brooklyn.config.ConfigKey;
+import org.apache.brooklyn.core.config.ConfigKeys;
+import org.apache.brooklyn.core.effector.EffectorBody;
+import org.apache.brooklyn.core.effector.Effectors;
+import org.apache.brooklyn.location.jclouds.JcloudsMachineLocation;
+import org.apache.brooklyn.util.collections.MutableList;
+import org.apache.brooklyn.util.core.BrooklynNetworkUtils;
+import org.apache.brooklyn.util.core.config.ConfigBag;
+import org.apache.brooklyn.util.net.Cidr;
+import org.jclouds.net.domain.IpPermission;
+import org.jclouds.net.domain.IpProtocol;
+
+import java.util.List;
+
+public class NetworkingEffectors {
+public static final ConfigKey INBOUND_PORTS_EFFECTOR =
ConfigKeys.newConfigKey(new TypeToken() {},
"inbound.ports.effector",
+"Ports to open from the effector", ImmutableList.of());
+
+public static Effector openPortsInSecurityGroupEffector() {
+return Effectors.effector(Void.class, "openPortsInSecurityGroup")
+.parameter(INBOUND_PORTS_EFFECTOR)
+.description("Open ports in Cloud Security Group")
+.impl(new OpenPortsInSecurityGroupBody())
+.build();
+}
+
+private static class OpenPortsInSecurityGroupBody extends
EffectorBody {
--- End diff --
We'd also like this to work in other clouds, such as downsteram projects
that use vCloudDirector via the brooklyn-networking `SubnetTier`. I need to
think about that more, for how we structure that.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-server pull request #276: (For Review) Effector for opening inbound...
Github user aledsage commented on a diff in the pull request:
https://github.com/apache/brooklyn-server/pull/276#discussion_r72585871
--- Diff:
locations/jclouds/src/main/java/org/apache/brooklyn/location/jclouds/networking/NetworkingEffectors.java
---
@@ -0,0 +1,80 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.brooklyn.location.jclouds.networking;
+
+import com.google.common.base.Optional;
+import com.google.common.base.Preconditions;
+import com.google.common.base.Predicates;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.Iterables;
+import com.google.common.collect.Range;
+import com.google.common.reflect.TypeToken;
+import org.apache.brooklyn.api.effector.Effector;
+import org.apache.brooklyn.api.location.Location;
+import org.apache.brooklyn.config.ConfigKey;
+import org.apache.brooklyn.core.config.ConfigKeys;
+import org.apache.brooklyn.core.effector.EffectorBody;
+import org.apache.brooklyn.core.effector.Effectors;
+import org.apache.brooklyn.location.jclouds.JcloudsMachineLocation;
+import org.apache.brooklyn.util.collections.MutableList;
+import org.apache.brooklyn.util.core.BrooklynNetworkUtils;
+import org.apache.brooklyn.util.core.config.ConfigBag;
+import org.apache.brooklyn.util.net.Cidr;
+import org.jclouds.net.domain.IpPermission;
+import org.jclouds.net.domain.IpProtocol;
+
+import java.util.List;
+
+public class NetworkingEffectors {
+public static final ConfigKey INBOUND_PORTS_EFFECTOR =
ConfigKeys.newConfigKey(new TypeToken() {},
"inbound.ports.effector",
+"Ports to open from the effector", ImmutableList.of());
+
+public static Effector openPortsInSecurityGroupEffector() {
+return Effectors.effector(Void.class, "openPortsInSecurityGroup")
+.parameter(INBOUND_PORTS_EFFECTOR)
+.description("Open ports in Cloud Security Group")
+.impl(new OpenPortsInSecurityGroupBody())
+.build();
+}
+
+private static class OpenPortsInSecurityGroupBody extends
EffectorBody {
+@Override
+public Void call(ConfigBag parameters) {
+List rawPortRules =
parameters.get(INBOUND_PORTS_EFFECTOR);
+Preconditions.checkNotNull(rawPortRules, "ports cannot be
null");
+MutableList.Builder ipPermissionsBuilder =
MutableList.builder();
+for (Range portRule :
BrooklynNetworkUtils.portRulesToRanges(rawPortRules).asRanges()) {
+ipPermissionsBuilder.add(
+IpPermission.builder()
+.ipProtocol(IpProtocol.TCP)
--- End diff --
We want this to support both UPD and TCP, so the effector to indicate which
is required.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-server pull request #276: (For Review) Effector for opening inbound...
Github user aledsage commented on a diff in the pull request:
https://github.com/apache/brooklyn-server/pull/276#discussion_r72585710
--- Diff:
core/src/main/java/org/apache/brooklyn/util/core/BrooklynNetworkUtils.java ---
@@ -39,4 +43,22 @@ public static InetAddress getLocalhostInetAddress() {
Networking.getLocalHost()), InetAddress.class);
}
+// TODO it does not add adjacent intervals: {[22, 22], [23, 23]} is
not merged to {[22, 23]}
+public static RangeSet portRulesToRanges(Collection
portRules) {
+RangeSet result = TreeRangeSet.create();
+for (String portRule : portRules) {
+if (portRule.contains("-")) {
+String[] fromTo = portRule.split("-");
+assert fromTo.length == 2;
--- End diff --
Don't use `assert` for validating user input. Instead we'd want to throw a
nicer `IllegalArgumentException` to tell the caller that they passed in the
wrong input.
Only use `assert` when it's about the internal invariants of a class (e.g.
validating args in private methods, etc).
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-server pull request #276: (For Review) Effector for opening inbound...
Github user nakomis commented on a diff in the pull request:
https://github.com/apache/brooklyn-server/pull/276#discussion_r72585644
--- Diff:
core/src/main/java/org/apache/brooklyn/util/core/BrooklynNetworkUtils.java ---
@@ -39,4 +43,22 @@ public static InetAddress getLocalhostInetAddress() {
Networking.getLocalHost()), InetAddress.class);
}
+// TODO it does not add adjacent intervals: {[22, 22], [23, 23]} is
not merged to {[22, 23]}
+public static RangeSet portRulesToRanges(Collection
portRules) {
+RangeSet result = TreeRangeSet.create();
+for (String portRule : portRules) {
+if (portRule.contains("-")) {
+String[] fromTo = portRule.split("-");
+assert fromTo.length == 2;
--- End diff --
Assertions are disabled by default, use `Preconditions.checkState`
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
