org.apache.brooklyn.location.jclouds.networking

Class JcloudsLocationSecurityGroupCustomizer

java.lang.Object

org.apache.brooklyn.core.objs.BasicConfigurableObject

org.apache.brooklyn.location.jclouds.BasicJcloudsLocationCustomizer

org.apache.brooklyn.location.jclouds.networking.JcloudsLocationSecurityGroupCustomizer

All Implemented Interfaces:

EntityInitializer, Configurable, Identifiable, HasBrooklynManagementContext, ManagementContextInjectable, JcloudsLocationCustomizer

public class JcloudsLocationSecurityGroupCustomizer
extends BasicJcloudsLocationCustomizer

Configures custom security groups on Jclouds locations.

This customizer can be injected into JcloudsLocation.obtainOnce(org.apache.brooklyn.util.core.config.ConfigBag) using the JcloudsLocationConfig.JCLOUDS_LOCATION_CUSTOMIZERS configuration key. It will be executed after the provisiioning of the JcloudsMachineLocation to apply app-specific customization related to the security groups.

SecurityGroupExtension is an optional extension to the jclouds compute service. It allows the manipulation of security groups.

Since:

0.7.0

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.brooklyn.core.objs.BasicConfigurableObject

BasicConfigurableObject.BasicConfigurationSupport

Nested classes/interfaces inherited from interface org.apache.brooklyn.api.objs.Configurable

Configurable.ConfigurationSupport

Method Summary

Modifier and Type	Method and Description
JcloudsLocationSecurityGroupCustomizer	addPermissionsToLocation(JcloudsMachineLocation location, org.jclouds.net.domain.IpPermission... permissions)
JcloudsLocationSecurityGroupCustomizer	addPermissionsToLocation(JcloudsMachineLocation location, java.lang.Iterable<org.jclouds.net.domain.IpPermission> permissions) Applies the given security group permissions to the given location.
JcloudsLocationSecurityGroupCustomizer	addPermissionsToLocation(JcloudsMachineLocation location, SecurityGroupDefinition securityGroupDefinition)
java.util.Collection<org.jclouds.compute.domain.SecurityGroup>	addPermissionsToLocationAndReturnSecurityGroup(JcloudsMachineLocation location, java.lang.Iterable<org.jclouds.net.domain.IpPermission> permissions)
void	customize(JcloudsLocation location, org.jclouds.compute.ComputeService computeService, org.jclouds.compute.domain.Template template) Replaces security groups configured on the given template with one that allows SSH access on port 22 and allows communication on all ports between machines in the same group.
java.lang.String	getBrooklynCidrBlock()
static JcloudsLocationSecurityGroupCustomizer	getInstance(Entity entity) Gets a customizer for the given entity's application.
static JcloudsLocationSecurityGroupCustomizer	getInstance(java.lang.String applicationId) Gets the customizer for the given applicationId.
static <any>	newAwsExceptionRetryPredicate()
void	removePermissionsFromLocation(JcloudsMachineLocation location, java.lang.Iterable<org.jclouds.net.domain.IpPermission> permissions) Removes the given security group permissions from the given node.
JcloudsLocationSecurityGroupCustomizer	setRetryExceptionPredicate(<any> predicate)
JcloudsLocationSecurityGroupCustomizer	setSshCidrSupplier(<any> cidrSupplier)

Methods inherited from class org.apache.brooklyn.location.jclouds.BasicJcloudsLocationCustomizer

apply, customize, customize, customize, customize, postRelease, postReleaseOnObtainError, preRelease, preReleaseOnObtainError

Methods inherited from class org.apache.brooklyn.core.objs.BasicConfigurableObject

config, getBrooklynManagementContext, getConfig, getId, setManagementContext

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

getInstance

public static JcloudsLocationSecurityGroupCustomizer getInstance(java.lang.String applicationId)

Gets the customizer for the given applicationId. Multiple calls to this method with the same application context will return the same JcloudsLocationSecurityGroupCustomizer instance.

Parameters:

applicationId - An identifier for the application the customizer is to be used for

Returns:

the unique customizer for the given context

getInstance

public static JcloudsLocationSecurityGroupCustomizer getInstance(Entity entity)

Gets a customizer for the given entity's application. Multiple calls to this method with entities in the same application will return the same JcloudsLocationSecurityGroupCustomizer instance.

Parameters:

entity - The entity the customizer is to be used for

Returns:

the unique customizer for the entity's owning application

setRetryExceptionPredicate

public JcloudsLocationSecurityGroupCustomizer setRetryExceptionPredicate(<any> predicate)

Parameters:

predicate - A predicate whose return value indicates whether a request to add a security group or permission may be retried after its input Exception was thrown.

Returns:

this

setSshCidrSupplier

public JcloudsLocationSecurityGroupCustomizer setSshCidrSupplier(<any> cidrSupplier)

Parameters:

cidrSupplier - A supplier returning a CIDR for hosts that are allowed to SSH to locations.

addPermissionsToLocation

public JcloudsLocationSecurityGroupCustomizer addPermissionsToLocation(JcloudsMachineLocation location,
                                                                       org.jclouds.net.domain.IpPermission... permissions)

See Also:

addPermissionsToLocation(JcloudsMachineLocation, java.lang.Iterable)

addPermissionsToLocation

public JcloudsLocationSecurityGroupCustomizer addPermissionsToLocation(JcloudsMachineLocation location,
                                                                       SecurityGroupDefinition securityGroupDefinition)

See Also:

addPermissionsToLocation(JcloudsMachineLocation, java.lang.Iterable)

addPermissionsToLocation

public JcloudsLocationSecurityGroupCustomizer addPermissionsToLocation(JcloudsMachineLocation location,
                                                                       java.lang.Iterable<org.jclouds.net.domain.IpPermission> permissions)

Applies the given security group permissions to the given location.

Takes no action if the location's compute service does not have a security group extension.

The synchronized block is to serialize the permission changes, preventing race conditions in some clouds. If multiple customizations of the same group are done in parallel the changes may not be picked up by later customizations, meaning the same rule could possibly be added twice, which would fail. A finer grained mechanism would be preferable here, but we have no access to the information required, so this brute force serializing is required. TODO investigate whether this can be improved. Can the synchronization be moved to the class org.apache.brooklyn.location.jclouds.networking.SecurityGroupEditor?

Parameters:

location - Location to gain permissions

permissions - The set of permissions to be applied to the location

addPermissionsToLocationAndReturnSecurityGroup

public java.util.Collection<org.jclouds.compute.domain.SecurityGroup> addPermissionsToLocationAndReturnSecurityGroup(JcloudsMachineLocation location,
                                                                                                                     java.lang.Iterable<org.jclouds.net.domain.IpPermission> permissions)

removePermissionsFromLocation

public void removePermissionsFromLocation(JcloudsMachineLocation location,
                                          java.lang.Iterable<org.jclouds.net.domain.IpPermission> permissions)

Removes the given security group permissions from the given node.

Takes no action if the compute service does not have a security group extension.

Parameters:

location - Location of the node to remove permissions from

permissions - The set of permissions to be removed from the node

customize

public void customize(JcloudsLocation location,
                      org.jclouds.compute.ComputeService computeService,
                      org.jclouds.compute.domain.Template template)

Replaces security groups configured on the given template with one that allows SSH access on port 22 and allows communication on all ports between machines in the same group. Security groups are reused when templates have equal locations.

This method is called by Brooklyn when obtaining machines, as part of the JcloudsLocationCustomizer contract. It should not be called from anywhere else.

Specified by:

customize in interface JcloudsLocationCustomizer

Overrides:

customize in class BasicJcloudsLocationCustomizer

Parameters:

location - The Brooklyn location that has called this method while obtaining a machine

computeService - The compute service being used by the location argument to provision a machine

template - The machine template created by the location argument

getBrooklynCidrBlock

public java.lang.String getBrooklynCidrBlock()

Returns:

the CIDR block used to configure Brooklyn's in security groups

newAwsExceptionRetryPredicate

public static <any> newAwsExceptionRetryPredicate()

Returns:

A predicate that is true if an exception contains an AWSResponseException whose error code is either InvalidGroup.InUse, DependencyViolation or RequestLimitExceeded.