Package org.platformlayer.service.cloud.openstack.ops

Source Code of org.platformlayer.service.cloud.openstack.ops.EnsureFirewallIngress

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
package org.platformlayer.service.cloud.openstack.ops;

import javax.inject.Inject;

import org.openstack.client.OpenstackException;
import org.openstack.client.common.OpenstackComputeClient;
import org.openstack.model.compute.CreateSecurityGroupRuleRequest;
import org.openstack.model.compute.SecurityGroup;
import org.openstack.model.compute.SecurityGroupRule;
import org.openstack.model.compute.Server;
import org.platformlayer.ops.Handler;
import org.platformlayer.ops.OpsContext;
import org.platformlayer.ops.OpsException;
import org.platformlayer.ops.networks.NetworkPoint;
import org.platformlayer.service.cloud.openstack.model.OpenstackCloud;
import org.platformlayer.service.cloud.openstack.model.OpenstackPublicEndpoint;
import org.platformlayer.service.cloud.openstack.ops.openstack.CloudBehaviours;
import org.platformlayer.service.cloud.openstack.ops.openstack.OpenstackCloudContext;
import org.platformlayer.service.cloud.openstack.ops.openstack.OpenstackCloudHelpers;
import org.platformlayer.service.cloud.openstack.ops.openstack.OpenstackComputeMachine;

import com.google.common.base.Objects;

public class EnsureFirewallIngress {
  public OpenstackPublicEndpoint model;

  @Inject
  OpenstackCloudContext cloudContext;

  // Set by handler
  String publicAddress;

  @Inject
  OpenstackCloudHelpers openstackHelpers;

  @Handler
  public void handler(OpenstackCloud cloud, OpenstackComputeMachine machine) throws OpsException, OpenstackException {
    CloudBehaviours cloudBehaviours = new CloudBehaviours(cloud);

    OpenstackComputeClient openstackComputeClient = cloudContext.getComputeClient(cloud);

    // Find the public address, although the OpenStack firewall may be blocking it
    publicAddress = machine.getNetworkPoint().getBestAddress(NetworkPoint.forPublicInternet());

    if (cloudBehaviours.supportsSecurityGroups()) {
      Server server = machine.getServer();
      SecurityGroup securityGroup = openstackHelpers.getMachineSecurityGroup(openstackComputeClient, server);

      securityGroup = openstackComputeClient.root().securityGroups().securityGroup(securityGroup.getId()).show();

      SecurityGroupRule matchingRule = findMatchingRule(securityGroup);

      if (OpsContext.isConfigure()) {
        if (matchingRule == null) {
          CreateSecurityGroupRuleRequest rule = new CreateSecurityGroupRuleRequest();
          rule.setCidr("0.0.0.0/0");
          rule.setIpProtocol("tcp");
          rule.setFromPort(model.publicPort);
          rule.setToPort(model.publicPort);
          rule.setParentGroupId(securityGroup.getId());

          openstackComputeClient.root().securityGroupRules().create(rule);
        }
      }

      if (OpsContext.isDelete()) {
        if (matchingRule != null) {
          openstackComputeClient.root().securityGroupRules().securityGroupRule(matchingRule.id).delete();
        }
      }
    }
  }

  private SecurityGroupRule findMatchingRule(SecurityGroup securityGroup) {
    for (SecurityGroupRule rule : securityGroup.getRules()) {
      if (!Objects.equal("tcp", rule.ipProtocol)) {
        continue;
      }
      if (!Objects.equal(model.publicPort, rule.fromPort)) {
        continue;
      }
      if (!Objects.equal(model.publicPort, rule.toPort)) {
        continue;
      }

      if (rule.ipRange == null) {
        continue;
      }

      if (!Objects.equal(rule.ipRange.cidr, "0.0.0.0/0")) {
        continue;
      }

      return rule;
    }
    return null;
  }

  public String getPublicAddress() {
    return publicAddress;
  }
}
TOP

Related Classes of org.platformlayer.service.cloud.openstack.ops.EnsureFirewallIngress

  • org.openstack.client.common.OpenstackComputeClient
  • org.openstack.model.compute.CreateSecurityGroupRuleRequest
  • org.openstack.model.compute.SecurityGroup
  • org.openstack.model.compute.SecurityGroupRule
  • org.openstack.model.compute.Server
  • org.platformlayer.service.cloud.openstack.ops.openstack.CloudBehaviours
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.