apis/openstack-nova/src/main/java/org/jclouds/openstack/nova/v2_0/compute/functions/NovaSecurityGroupInRegionToSecurityGroup.java - jclouds - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.jclouds.openstack.nova.v2_0.compute.functions;

 import static com.google.common.base.Preconditions.checkNotNull;
 import static com.google.common.base.Preconditions.checkState;
 import static com.google.common.collect.Iterables.filter;
 import static com.google.common.collect.Iterables.transform;

 import java.util.Collection;
 import java.util.Map;

 import javax.annotation.Resource;
 import javax.inject.Named;
 import javax.inject.Singleton;

 import org.jclouds.compute.domain.SecurityGroup;
 import org.jclouds.compute.domain.SecurityGroupBuilder;
 import org.jclouds.compute.reference.ComputeServiceConstants;
 import org.jclouds.domain.Location;
 import org.jclouds.logging.Logger;
 import org.jclouds.net.domain.IpPermission;
 import org.jclouds.openstack.nova.v2_0.domain.SecurityGroupRule;
 import org.jclouds.openstack.nova.v2_0.domain.TenantIdAndName;
 import org.jclouds.openstack.nova.v2_0.domain.regionscoped.SecurityGroupInRegion;

 import com.google.common.base.Function;
 import com.google.common.base.Predicates;
 import com.google.common.base.Supplier;
 import com.google.common.collect.Iterables;
 import com.google.inject.Inject;


 /**
  * A function for transforming a Nova-specific SecurityGroup into a generic
  * SecurityGroup object.
  */
 @Singleton
 public class NovaSecurityGroupInRegionToSecurityGroup implements Function<SecurityGroupInRegion, SecurityGroup> {
     @Resource
     @Named(ComputeServiceConstants.COMPUTE_LOGGER)
     protected Logger logger = Logger.NULL;

     protected final Supplier<Map<String, Location>> locationIndex;

     @Inject
     public NovaSecurityGroupInRegionToSecurityGroup(Supplier<Map<String, Location>> locationIndex) {
         this.locationIndex = checkNotNull(locationIndex, "locationIndex");
     }

     @Override
     public SecurityGroup apply(final SecurityGroupInRegion groupInRegion) {
         SecurityGroupBuilder builder = new SecurityGroupBuilder();

         final org.jclouds.openstack.nova.v2_0.domain.SecurityGroup group = groupInRegion.getSecurityGroup();
         builder.id(group.getId());
         builder.providerId(group.getId());
         builder.ownerId(group.getTenantId());
         builder.name(group.getName());
         if (group.getRules() != null) {
            builder.ipPermissions(filter(transform(group.getRules(), new Function<SecurityGroupRule, IpPermission>() {
               @Override
               public IpPermission apply(SecurityGroupRule input) {
                  return securityGroupRuleToIpPermission(groupInRegion, input);
               }
            }), Predicates.notNull()));
         }

         final String regionId = groupInRegion.getRegion();
         Location region = locationIndex.get().get(regionId);
         checkState(region != null, "location %s not in locationIndex: %s", regionId, locationIndex.get());

         builder.location(region);

         builder.id(regionId + "/" + group.getId());

         return builder.build();
     }

     private IpPermission securityGroupRuleToIpPermission(SecurityGroupInRegion groupInRegion, SecurityGroupRule rule) {
         IpPermission.Builder builder = IpPermission.builder();
         builder.ipProtocol(rule.getIpProtocol());
         builder.fromPort(rule.getFromPort());
         builder.toPort(rule.getToPort());
         final TenantIdAndName ruleGroup = rule.getGroup();
         if (ruleGroup != null) {
            final org.jclouds.openstack.nova.v2_0.domain.SecurityGroup owningGroup =
               groupInRegion.getSecurityGroup();
            final Collection<org.jclouds.openstack.nova.v2_0.domain.SecurityGroup> referredGroup =
               groupInRegion.getGroupsByName().get(ruleGroup);
            if (null == referredGroup) {
               logger.warn("Unknown group %s used in security rule, refusing to add it to %s (%s)",
                  ruleGroup, owningGroup.getName(), owningGroup.getId());
               return null;
            }
            /*  Checking referredGroup.size(), see comments on SecurityGroupInRegion.getGroupsByName(). If there are
                duplicate groups with the same tenant-id-and-name as that of ruleGroup then it is not possible
                with the Nova /v2/12345/os-security-groups API to know which group is intended, as the only
                information it returns about referred groups is the tenant id and name:
                         "group": {
                            "tenant_id": "a0ade3ca76784719845363979dc1014e",
                            "name": "jclouds-qa-scheduler-docker-entity"
                         },
               Rather than pick one group at random and risk using the wrong group, here we fall back to the
               least-worst option(?) and refuse to add any rule.

               See https://issues.apache.org/jira/browse/JCLOUDS-1234.
            */
            if (referredGroup.size() != 1) {
               logger.warn("Ambiguous group %s used in security rule, refusing to add it to %s (%s)",
                  ruleGroup, owningGroup.getName(), owningGroup.getId());
               return null;
            }
            builder.groupId(groupInRegion.getRegion() + "/" + Iterables.getOnlyElement(referredGroup).getId());
         }
         if (rule.getIpRange() != null) {
             builder.cidrBlock(rule.getIpRange());
         }
         return builder.build();
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.jclouds.openstack.nova.v2_0.compute.functions;

	import static com.google.common.base.Preconditions.checkNotNull;
	import static com.google.common.base.Preconditions.checkState;
	import static com.google.common.collect.Iterables.filter;
	import static com.google.common.collect.Iterables.transform;

	import java.util.Collection;
	import java.util.Map;

	import javax.annotation.Resource;
	import javax.inject.Named;
	import javax.inject.Singleton;

	import org.jclouds.compute.domain.SecurityGroup;
	import org.jclouds.compute.domain.SecurityGroupBuilder;
	import org.jclouds.compute.reference.ComputeServiceConstants;
	import org.jclouds.domain.Location;
	import org.jclouds.logging.Logger;
	import org.jclouds.net.domain.IpPermission;
	import org.jclouds.openstack.nova.v2_0.domain.SecurityGroupRule;
	import org.jclouds.openstack.nova.v2_0.domain.TenantIdAndName;
	import org.jclouds.openstack.nova.v2_0.domain.regionscoped.SecurityGroupInRegion;

	import com.google.common.base.Function;
	import com.google.common.base.Predicates;
	import com.google.common.base.Supplier;
	import com.google.common.collect.Iterables;
	import com.google.inject.Inject;


	/**
	* A function for transforming a Nova-specific SecurityGroup into a generic
	* SecurityGroup object.
	*/
	@Singleton
	public class NovaSecurityGroupInRegionToSecurityGroup implements Function<SecurityGroupInRegion, SecurityGroup> {
	@Resource
	@Named(ComputeServiceConstants.COMPUTE_LOGGER)
	protected Logger logger = Logger.NULL;

	protected final Supplier<Map<String, Location>> locationIndex;

	@Inject
	public NovaSecurityGroupInRegionToSecurityGroup(Supplier<Map<String, Location>> locationIndex) {
	this.locationIndex = checkNotNull(locationIndex, "locationIndex");
	}

	@Override
	public SecurityGroup apply(final SecurityGroupInRegion groupInRegion) {
	SecurityGroupBuilder builder = new SecurityGroupBuilder();

	final org.jclouds.openstack.nova.v2_0.domain.SecurityGroup group = groupInRegion.getSecurityGroup();
	builder.id(group.getId());
	builder.providerId(group.getId());
	builder.ownerId(group.getTenantId());
	builder.name(group.getName());
	if (group.getRules() != null) {
	builder.ipPermissions(filter(transform(group.getRules(), new Function<SecurityGroupRule, IpPermission>() {
	@Override
	public IpPermission apply(SecurityGroupRule input) {
	return securityGroupRuleToIpPermission(groupInRegion, input);
	}
	}), Predicates.notNull()));
	}

	final String regionId = groupInRegion.getRegion();
	Location region = locationIndex.get().get(regionId);
	checkState(region != null, "location %s not in locationIndex: %s", regionId, locationIndex.get());

	builder.location(region);

	builder.id(regionId + "/" + group.getId());

	return builder.build();
	}

	private IpPermission securityGroupRuleToIpPermission(SecurityGroupInRegion groupInRegion, SecurityGroupRule rule) {
	IpPermission.Builder builder = IpPermission.builder();
	builder.ipProtocol(rule.getIpProtocol());
	builder.fromPort(rule.getFromPort());
	builder.toPort(rule.getToPort());
	final TenantIdAndName ruleGroup = rule.getGroup();
	if (ruleGroup != null) {
	final org.jclouds.openstack.nova.v2_0.domain.SecurityGroup owningGroup =
	groupInRegion.getSecurityGroup();
	final Collection<org.jclouds.openstack.nova.v2_0.domain.SecurityGroup> referredGroup =
	groupInRegion.getGroupsByName().get(ruleGroup);
	if (null == referredGroup) {
	logger.warn("Unknown group %s used in security rule, refusing to add it to %s (%s)",
	ruleGroup, owningGroup.getName(), owningGroup.getId());
	return null;
	}
	/* Checking referredGroup.size(), see comments on SecurityGroupInRegion.getGroupsByName(). If there are
	duplicate groups with the same tenant-id-and-name as that of ruleGroup then it is not possible
	with the Nova /v2/12345/os-security-groups API to know which group is intended, as the only
	information it returns about referred groups is the tenant id and name:
	"group": {
	"tenant_id": "a0ade3ca76784719845363979dc1014e",
	"name": "jclouds-qa-scheduler-docker-entity"
	},
	Rather than pick one group at random and risk using the wrong group, here we fall back to the
	least-worst option(?) and refuse to add any rule.

	See https://issues.apache.org/jira/browse/JCLOUDS-1234.
	*/
	if (referredGroup.size() != 1) {
	logger.warn("Ambiguous group %s used in security rule, refusing to add it to %s (%s)",
	ruleGroup, owningGroup.getName(), owningGroup.getId());
	return null;
	}
	builder.groupId(groupInRegion.getRegion() + "/" + Iterables.getOnlyElement(referredGroup).getId());
	}
	if (rule.getIpRange() != null) {
	builder.cidrBlock(rule.getIpRange());
	}
	return builder.build();
	}
	}