[GitHub] brooklyn-server pull request #319: Clean up duplicated code in JcloudsLocati...
Github user asfgit closed the pull request at: https://github.com/apache/brooklyn-server/pull/319 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] brooklyn-server pull request #319: Clean up duplicated code in JcloudsLocati...
Github user sjcorbett commented on a diff in the pull request: https://github.com/apache/brooklyn-server/pull/319#discussion_r83867577 --- Diff: locations/jclouds/src/main/java/org/apache/brooklyn/location/jclouds/networking/SharedLocationSecurityGroupCustomizer.java --- @@ -76,6 +79,14 @@ private RangeSet udpPortRanges; /** + * Tested only on AWS only. + * It depends on the cloud provider and jclouds driver whether security group allows opening ICMP. + */ +private Boolean openIcmp; + +private Collection updatedSecurityGroups; --- End diff -- Delete this and `getUpdatedSecurityGroups` and add a new method to the class (not sure of the best name for it, maybe simply `doCustomize`?) that performs the customisation and returns the new security groups. `customize(JcloudsLocation, ComputeService, JcloudsMachineLocation)` should call this new method and discard the result. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] brooklyn-server pull request #319: Clean up duplicated code in JcloudsLocati...
Github user sjcorbett commented on a diff in the pull request: https://github.com/apache/brooklyn-server/pull/319#discussion_r83863239 --- Diff: utils/common/src/main/java/org/apache/brooklyn/util/net/Networking.java --- @@ -241,7 +241,12 @@ public static void checkPortsValid(Map ports) { public static RangeSet portRulesToRanges(Collection portRules) { RangeSet result = TreeRangeSet.create(); for (String portRule : portRules) { -if (portRule.contains("-")) { +if (portRule.isEmpty()) { +throw new IllegalArgumentException("portRule shouldn't be empty"); +} +if (portRule.equals("-1")) { +result.add(Range.closed(Integer.parseInt("-1"), Integer.parseInt("-1"))); --- End diff -- Is this necessary? Strikes me as surprising and I can't see where it's required in these changes. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] brooklyn-server pull request #319: Clean up duplicated code in JcloudsLocati...
Github user duncangrant commented on a diff in the pull request: https://github.com/apache/brooklyn-server/pull/319#discussion_r78344937 --- Diff: locations/jclouds/src/main/java/org/apache/brooklyn/location/jclouds/networking/SharedLocationSecurityGroupCustomizer.java --- @@ -74,6 +74,9 @@ private RangeSet tcpPortRanges; private RangeSet udpPortRanges; +private Boolean openIcmp; --- End diff -- Looks like this fails on Azure - because Azure SGs don't support ICMP - probably should add a comment documenting what will happen in this case --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] brooklyn-server pull request #319: Clean up duplicated code in JcloudsLocati...
Github user duncangrant commented on a diff in the pull request: https://github.com/apache/brooklyn-server/pull/319#discussion_r77539548 --- Diff: locations/jclouds/src/main/java/org/apache/brooklyn/location/jclouds/networking/SharedLocationSecurityGroupCustomizer.java --- @@ -74,6 +74,9 @@ private RangeSet tcpPortRanges; private RangeSet udpPortRanges; +private Boolean openIcmp; --- End diff -- Looks useful - AWS let's you specify a protocol - does it just do "ALL"? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] brooklyn-server pull request #319: Clean up duplicated code in JcloudsLocati...
Github user bostko commented on a diff in the pull request: https://github.com/apache/brooklyn-server/pull/319#discussion_r77530894 --- Diff: locations/jclouds/src/main/java/org/apache/brooklyn/location/jclouds/networking/SharedLocationSecurityGroupCustomizer.java --- @@ -72,9 +74,17 @@ */ private int[] inboundPorts; +private IpProtocol ipProtocol; +private RangeSet portRanges; --- End diff -- I think to hold on this syntax for now and revert to your way. `org.jclouds.net.domain.IpPermission` has much more fields than just protocol and ports. The most accurate syntax is to use json representation of `IpPermission` but I'd like to keep it now, until someone else asks. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] brooklyn-server pull request #319: Clean up duplicated code in JcloudsLocati...
Github user duncangrant commented on a diff in the pull request: https://github.com/apache/brooklyn-server/pull/319#discussion_r77522771 --- Diff: locations/jclouds/src/main/java/org/apache/brooklyn/location/jclouds/networking/InboundPortsJcloudsLocationCustomizer.java --- @@ -36,6 +36,7 @@ import static org.apache.brooklyn.location.jclouds.networking.NetworkingEffectors.*; @Beta +@Deprecated --- End diff -- This class has only existed a couple of weeks? Can we just deleted it? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] brooklyn-server pull request #319: Clean up duplicated code in JcloudsLocati...
Github user bostko commented on a diff in the pull request: https://github.com/apache/brooklyn-server/pull/319#discussion_r77519756 --- Diff: locations/jclouds/src/main/java/org/apache/brooklyn/location/jclouds/networking/NetworkingEffectors.java --- @@ -65,38 +64,28 @@ @SuppressWarnings("rawtypes") private static class OpenPortsInSecurityGroupBody extends EffectorBody { @Override -public Iterable call(ConfigBag parameters) { +public Collection call(ConfigBag parameters) { List rawPortRules = parameters.get(INBOUND_PORTS_LIST); IpProtocol ipProtocol = parameters.get(INBOUND_PORTS_LIST_PROTOCOL); -JcloudsMachineLocation jcloudsMachineLocation = parameters.get(JCLOUDS_MACHINE_LOCATIN); Preconditions.checkNotNull(ipProtocol, INBOUND_PORTS_LIST_PROTOCOL.getName() + " cannot be null"); Preconditions.checkNotNull(rawPortRules, INBOUND_PORTS_LIST.getName() + " cannot be null"); -MutableList.Builder ipPermissionsBuilder = MutableList.builder(); -for (Range portRule : Networking.portRulesToRanges(rawPortRules).asRanges()) { -ipPermissionsBuilder.add( -IpPermission.builder() -.ipProtocol(ipProtocol) -.fromPort(portRule.lowerEndpoint()) -.toPort(portRule.upperEndpoint()) -.cidrBlock(Cidr.UNIVERSAL.toString()) -.build()); -} -JcloudsLocationSecurityGroupCustomizer customizer = JcloudsLocationSecurityGroupCustomizer.getInstance(entity()); -if (jcloudsMachineLocation == null) { -Optional jcloudsMachineLocationOptional = tryFind( -(Iterable) getLocationsCheckingAncestors(null, entity()), -instanceOf(JcloudsMachineLocation.class)); -if (!jcloudsMachineLocationOptional.isPresent()) { -throw new IllegalArgumentException("Tried to execute open ports effector on an entity with no JcloudsMachineLocation"); -} else { -jcloudsMachineLocation = (JcloudsMachineLocation)jcloudsMachineLocationOptional.get(); -} +SharedLocationSecurityGroupCustomizer locationSecurityGroupCustomizer = new SharedLocationSecurityGroupCustomizer(); + locationSecurityGroupCustomizer.setIpProtocol(ipProtocol.name()); +locationSecurityGroupCustomizer.setPortRanges(rawPortRules); --- End diff -- Sorry, I didn't push latest changes. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] brooklyn-server pull request #319: Clean up duplicated code in JcloudsLocati...
Github user duncangrant commented on a diff in the pull request: https://github.com/apache/brooklyn-server/pull/319#discussion_r77518183 --- Diff: locations/jclouds/src/main/java/org/apache/brooklyn/location/jclouds/networking/SharedLocationSecurityGroupCustomizer.java --- @@ -72,9 +74,17 @@ */ private int[] inboundPorts; +private IpProtocol ipProtocol; +private RangeSet portRanges; --- End diff -- I don't like this. It makes the yaml more complicated. If you want to merge the tcpPortRanges and udpPortRanges then I'd prefer you change it to accept something like: portRanges: tcp/22, udp/1000-1100, 8080 where it defaults to tcp when no protocol set. Otherwise you'd need to created 2 shared security groups - so that you could configure both tcp and udp ports. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] brooklyn-server pull request #319: Clean up duplicated code in JcloudsLocati...
Github user duncangrant commented on a diff in the pull request: https://github.com/apache/brooklyn-server/pull/319#discussion_r77517736 --- Diff: locations/jclouds/src/main/java/org/apache/brooklyn/location/jclouds/networking/NetworkingEffectors.java --- @@ -65,38 +64,28 @@ @SuppressWarnings("rawtypes") private static class OpenPortsInSecurityGroupBody extends EffectorBody { @Override -public Iterable call(ConfigBag parameters) { +public Collection call(ConfigBag parameters) { List rawPortRules = parameters.get(INBOUND_PORTS_LIST); IpProtocol ipProtocol = parameters.get(INBOUND_PORTS_LIST_PROTOCOL); -JcloudsMachineLocation jcloudsMachineLocation = parameters.get(JCLOUDS_MACHINE_LOCATIN); Preconditions.checkNotNull(ipProtocol, INBOUND_PORTS_LIST_PROTOCOL.getName() + " cannot be null"); Preconditions.checkNotNull(rawPortRules, INBOUND_PORTS_LIST.getName() + " cannot be null"); -MutableList.Builder ipPermissionsBuilder = MutableList.builder(); -for (Range portRule : Networking.portRulesToRanges(rawPortRules).asRanges()) { -ipPermissionsBuilder.add( -IpPermission.builder() -.ipProtocol(ipProtocol) -.fromPort(portRule.lowerEndpoint()) -.toPort(portRule.upperEndpoint()) -.cidrBlock(Cidr.UNIVERSAL.toString()) -.build()); -} -JcloudsLocationSecurityGroupCustomizer customizer = JcloudsLocationSecurityGroupCustomizer.getInstance(entity()); -if (jcloudsMachineLocation == null) { -Optional jcloudsMachineLocationOptional = tryFind( -(Iterable) getLocationsCheckingAncestors(null, entity()), -instanceOf(JcloudsMachineLocation.class)); -if (!jcloudsMachineLocationOptional.isPresent()) { -throw new IllegalArgumentException("Tried to execute open ports effector on an entity with no JcloudsMachineLocation"); -} else { -jcloudsMachineLocation = (JcloudsMachineLocation)jcloudsMachineLocationOptional.get(); -} +SharedLocationSecurityGroupCustomizer locationSecurityGroupCustomizer = new SharedLocationSecurityGroupCustomizer(); + locationSecurityGroupCustomizer.setIpProtocol(ipProtocol.name()); +locationSecurityGroupCustomizer.setPortRanges(rawPortRules); --- End diff -- I'm not sure what is going on here. You create a SharedLocationSecurityGroupCustomizer, configure it, and then don't use it? You then create another one below here that you don't configure but you use to customize the location. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] brooklyn-server pull request #319: Clean up duplicated code in JcloudsLocati...
GitHub user bostko opened a pull request: https://github.com/apache/brooklyn-server/pull/319 Clean up duplicated code in JcloudsLocationCustomizers Unite the code from https://github.com/apache/brooklyn-server/pull/276 and https://github.com/apache/brooklyn-server/pull/292 You can merge this pull request into a Git repository by running: $ git pull https://github.com/bostko/brooklyn-server cleanup-security-group-customizers Alternatively you can review and apply these changes as the patch at: https://github.com/apache/brooklyn-server/pull/319.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #319 commit 96b16fca05f4fb1902f6694efda170d9f3a037d3 Author: Valentin Aitken Date: 2016-09-05T10:00:48Z Clean up duplicated code in JcloudsLocationCustomizers --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---