apis/ec2/src/main/java/org/jclouds/ec2/compute/loaders/CreateSecurityGroupIfNeeded.java - jclouds - Git at Google

 /**
  * Licensed to jclouds, Inc. (jclouds) under one or more
  * contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  jclouds licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.jclouds.ec2.compute.loaders;

 import static com.google.common.base.Preconditions.checkNotNull;

 import javax.annotation.Resource;
 import javax.inject.Inject;
 import javax.inject.Named;
 import javax.inject.Singleton;

 import org.jclouds.compute.reference.ComputeServiceConstants;
 import org.jclouds.ec2.EC2Client;
 import org.jclouds.ec2.compute.domain.RegionAndName;
 import org.jclouds.ec2.compute.domain.RegionNameAndIngressRules;
 import org.jclouds.ec2.domain.IpProtocol;
 import org.jclouds.ec2.domain.UserIdGroupPair;
 import org.jclouds.ec2.services.SecurityGroupClient;
 import org.jclouds.logging.Logger;

 import com.google.common.base.Predicate;
 import com.google.common.cache.CacheLoader;
 import com.google.common.collect.Iterables;

 /**
  *
  * @author Adrian Cole
  */
 @Singleton
 public class CreateSecurityGroupIfNeeded extends CacheLoader<RegionAndName, String> {
    @Resource
    @Named(ComputeServiceConstants.COMPUTE_LOGGER)
    protected Logger logger = Logger.NULL;
    protected final SecurityGroupClient securityClient;
    protected final Predicate<RegionAndName> securityGroupEventualConsistencyDelay;

    @Inject
    public CreateSecurityGroupIfNeeded(EC2Client ec2Client,
          @Named("SECURITY") Predicate<RegionAndName> securityGroupEventualConsistencyDelay) {
       this(checkNotNull(ec2Client, "ec2Client").getSecurityGroupServices(), securityGroupEventualConsistencyDelay);
    }

    public CreateSecurityGroupIfNeeded(SecurityGroupClient securityClient,
          @Named("SECURITY") Predicate<RegionAndName> securityGroupEventualConsistencyDelay) {
       this.securityClient = checkNotNull(securityClient, "securityClient");
       this.securityGroupEventualConsistencyDelay = checkNotNull(securityGroupEventualConsistencyDelay,
             "securityGroupEventualConsistencyDelay");
    }

    @Override
    public String load(RegionAndName from) {
       RegionNameAndIngressRules realFrom = RegionNameAndIngressRules.class.cast(from);
       createSecurityGroupInRegion(from.getRegion(), from.getName(), realFrom.getPorts());
       return from.getName();
    }

    private void createSecurityGroupInRegion(String region, String name, int... ports) {
       checkNotNull(region, "region");
       checkNotNull(name, "name");
       logger.debug(">> creating securityGroup region(%s) name(%s)", region, name);
       try {
          securityClient.createSecurityGroupInRegion(region, name, name);
          boolean created = securityGroupEventualConsistencyDelay.apply(new RegionAndName(region, name));
          if (!created)
             throw new RuntimeException(String.format("security group %s/%s is not available after creating", region,
                   name));
          logger.debug("<< created securityGroup(%s)", name);
          for (int port : ports) {
             createIngressRuleForTCPPort(region, name, port);
          }
          if (ports.length > 0) {
             authorizeGroupToItself(region, name);
          }
       } catch (IllegalStateException e) {
          logger.debug("<< reused securityGroup(%s)", name);
       }
    }

    protected void createIngressRuleForTCPPort(String region, String name, int port) {
       logger.debug(">> authorizing securityGroup region(%s) name(%s) port(%s)", region, name, port);
       securityClient.authorizeSecurityGroupIngressInRegion(region, name, IpProtocol.TCP, port, port, "0.0.0.0/0");
       logger.debug("<< authorized securityGroup(%s)", name);
    }

    protected void authorizeGroupToItself(String region, String name) {
       logger.debug(">> authorizing securityGroup region(%s) name(%s) permission to itself", region, name);
       String myOwnerId = Iterables.get(securityClient.describeSecurityGroupsInRegion(region, name), 0).getOwnerId();
       securityClient.authorizeSecurityGroupIngressInRegion(region, name, new UserIdGroupPair(myOwnerId, name));
       logger.debug("<< authorized securityGroup(%s)", name);
    }

 }
	/**
	* Licensed to jclouds, Inc. (jclouds) under one or more
	* contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. jclouds licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/
	package org.jclouds.ec2.compute.loaders;

	import static com.google.common.base.Preconditions.checkNotNull;

	import javax.annotation.Resource;
	import javax.inject.Inject;
	import javax.inject.Named;
	import javax.inject.Singleton;

	import org.jclouds.compute.reference.ComputeServiceConstants;
	import org.jclouds.ec2.EC2Client;
	import org.jclouds.ec2.compute.domain.RegionAndName;
	import org.jclouds.ec2.compute.domain.RegionNameAndIngressRules;
	import org.jclouds.ec2.domain.IpProtocol;
	import org.jclouds.ec2.domain.UserIdGroupPair;
	import org.jclouds.ec2.services.SecurityGroupClient;
	import org.jclouds.logging.Logger;

	import com.google.common.base.Predicate;
	import com.google.common.cache.CacheLoader;
	import com.google.common.collect.Iterables;

	/**
	*
	* @author Adrian Cole
	*/
	@Singleton
	public class CreateSecurityGroupIfNeeded extends CacheLoader<RegionAndName, String> {
	@Resource
	@Named(ComputeServiceConstants.COMPUTE_LOGGER)
	protected Logger logger = Logger.NULL;
	protected final SecurityGroupClient securityClient;
	protected final Predicate<RegionAndName> securityGroupEventualConsistencyDelay;

	@Inject
	public CreateSecurityGroupIfNeeded(EC2Client ec2Client,
	@Named("SECURITY") Predicate<RegionAndName> securityGroupEventualConsistencyDelay) {
	this(checkNotNull(ec2Client, "ec2Client").getSecurityGroupServices(), securityGroupEventualConsistencyDelay);
	}

	public CreateSecurityGroupIfNeeded(SecurityGroupClient securityClient,
	@Named("SECURITY") Predicate<RegionAndName> securityGroupEventualConsistencyDelay) {
	this.securityClient = checkNotNull(securityClient, "securityClient");
	this.securityGroupEventualConsistencyDelay = checkNotNull(securityGroupEventualConsistencyDelay,
	"securityGroupEventualConsistencyDelay");
	}

	@Override
	public String load(RegionAndName from) {
	RegionNameAndIngressRules realFrom = RegionNameAndIngressRules.class.cast(from);
	createSecurityGroupInRegion(from.getRegion(), from.getName(), realFrom.getPorts());
	return from.getName();
	}

	private void createSecurityGroupInRegion(String region, String name, int... ports) {
	checkNotNull(region, "region");
	checkNotNull(name, "name");
	logger.debug(">> creating securityGroup region(%s) name(%s)", region, name);
	try {
	securityClient.createSecurityGroupInRegion(region, name, name);
	boolean created = securityGroupEventualConsistencyDelay.apply(new RegionAndName(region, name));
	if (!created)
	throw new RuntimeException(String.format("security group %s/%s is not available after creating", region,
	name));
	logger.debug("<< created securityGroup(%s)", name);
	for (int port : ports) {
	createIngressRuleForTCPPort(region, name, port);
	}
	if (ports.length > 0) {
	authorizeGroupToItself(region, name);
	}
	} catch (IllegalStateException e) {
	logger.debug("<< reused securityGroup(%s)", name);
	}
	}

	protected void createIngressRuleForTCPPort(String region, String name, int port) {
	logger.debug(">> authorizing securityGroup region(%s) name(%s) port(%s)", region, name, port);
	securityClient.authorizeSecurityGroupIngressInRegion(region, name, IpProtocol.TCP, port, port, "0.0.0.0/0");
	logger.debug("<< authorized securityGroup(%s)", name);
	}

	protected void authorizeGroupToItself(String region, String name) {
	logger.debug(">> authorizing securityGroup region(%s) name(%s) permission to itself", region, name);
	String myOwnerId = Iterables.get(securityClient.describeSecurityGroupsInRegion(region, name), 0).getOwnerId();
	securityClient.authorizeSecurityGroupIngressInRegion(region, name, new UserIdGroupPair(myOwnerId, name));
	logger.debug("<< authorized securityGroup(%s)", name);
	}

	}