juju-core

Merge lp:~themue/juju-core/go-ec2-security-group-config into lp:~juju/juju-core/trunk

  1. go-ec2-security-group-config
  2. Merge into trunk
Proposed by Frank Mueller
Status: Merged
Merged at revision: 610
Proposed branch: lp:~themue/juju-core/go-ec2-security-group-config
Merge into: lp:~juju/juju-core/trunk
Diff against target: 159 lines (+59/-1)
4 files modified
environs/config/config.go (+28/-0)
environs/config/config_test.go (+25/-0)
environs/ec2/config_test.go (+1/-1)
environs/ec2/ec2.go (+5/-0)
To merge this branch: bzr merge lp:~themue/juju-core/go-ec2-security-group-config
Reviewer Review Type Date Requested Status
The Go Language Gophers Pending
Review via email: mp+127318@code.launchpad.net

Description of the change

ec2: added security group configuration

Added a configuration option to enable and disable the
usage of one security group per machine in EC2. Currently
only the configuration change is not used, only hints
in ec2.go.

https://codereview.appspot.com/6596051/

To post a comment you must log in.
Revision history for this message
Gustavo Niemeyer (niemeyer) wrote :

This is going in the right direction, but this problem is not specific
to EC2, so we can take another step forward and have it ready for the
next providers. I suggest introducing:

     firewall-mode: default / global

With an internal API such as:

     func (c *Config) FirewallMode() FirewallMode { ... }

     type FirewallMode string

     const (
             FwDefault FirewallMode = "default"
             FwGlobal FirewallMode = "global"
     )

https://codereview.appspot.com/6596051/

Revision history for this message
Gustavo Niemeyer (niemeyer) wrote :

LGTM, but please add a test where indicated.

https://codereview.appspot.com/6596051/diff/3001/environs/config/config.go
File environs/config/config.go (right):

https://codereview.appspot.com/6596051/diff/3001/environs/config/config.go#newcode10
environs/config/config.go:10: // per machine of global.
// FirewallMode defines the way in which the environment
// handles opening and closing of firewall ports.

https://codereview.appspot.com/6596051/diff/3001/environs/config/config.go#newcode13
environs/config/config.go:13: const (
// FwDefault is the environment-specific default mode.

https://codereview.appspot.com/6596051/diff/3001/environs/config/config.go#newcode14
environs/config/config.go:14: FwDefault FirewallMode = "default"
<empty line>
// FwGlobal requests the use of a single firewall group for all
machines.
// When ports are opened for one machine, all machines will have the
same
// port opened.

https://codereview.appspot.com/6596051/diff/3001/environs/config/config_test.go
File environs/config/config_test.go (right):

https://codereview.appspot.com/6596051/diff/3001/environs/config/config_test.go#newcode133
environs/config/config_test.go:133: },
We need a test here.

https://codereview.appspot.com/6596051/

Revision history for this message
Gustavo Niemeyer (niemeyer) wrote :

LGTM

https://codereview.appspot.com/6596051/diff/3002/environs/config/config.go
File environs/config/config.go (right):

https://codereview.appspot.com/6596051/diff/3002/environs/config/config.go#newcode78
environs/config/config.go:78: return nil, fmt.Errorf("invalid firewall
mode %q in environment configuration", firewallMode)
Good catch.

This should follow the existing convention above:

"invalid firewall mode in environment configuration: %q"

https://codereview.appspot.com/6596051/

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'environs/config/config.go'
2--- environs/config/config.go 2012-09-21 11:39:56 +0000
3+++ environs/config/config.go 2012-10-02 15:34:21 +0000
4@@ -6,6 +6,20 @@
5 "launchpad.net/juju-core/version"
6 )
7
8+// FirewallMode defines the way in which the environment
9+// handles opening and closing of firewall ports.
10+type FirewallMode string
11+
12+const (
13+ // FwDefault is the environment-specific default mode.
14+ FwDefault FirewallMode = "default"
15+
16+ // FwGlobal requests the use of a single firewall group for all machines.
17+ // When ports are opened for one machine, all machines will have the same
18+ // port opened.
19+ FwGlobal FirewallMode = "global"
20+)
21+
22 // Config holds an immutable environment configuration.
23 type Config struct {
24 m, t map[string]interface{}
25@@ -58,6 +72,12 @@
26 }
27 }
28
29+ // Check firewall mode.
30+ firewallMode := FirewallMode(c.m["firewall-mode"].(string))
31+ if firewallMode != FwDefault && firewallMode != FwGlobal {
32+ return nil, fmt.Errorf("invalid firewall mode %q in environment configuration", firewallMode)
33+ }
34+
35 // Copy unknown attributes onto the type-specific map.
36 for k, v := range attrs {
37 if _, ok := fields[k]; !ok {
38@@ -87,6 +107,12 @@
39 return c.m["authorized-keys"].(string)
40 }
41
42+// FirewallMode returns whether the firewall should
43+// manage ports per machine or global.
44+func (c *Config) FirewallMode() FirewallMode {
45+ return FirewallMode(c.m["firewall-mode"].(string))
46+}
47+
48 // AgentVersion returns the proposed version number for the agent tools.
49 // It returns the zero version if unset.
50 func (c *Config) AgentVersion() version.Number {
51@@ -143,6 +169,7 @@
52 "default-series": schema.String(),
53 "authorized-keys": schema.String(),
54 "authorized-keys-path": schema.String(),
55+ "firewall-mode": schema.String(),
56 "agent-version": schema.String(),
57 "development": schema.Bool(),
58 }
59@@ -151,6 +178,7 @@
60 "default-series": version.Current.Series,
61 "authorized-keys": "",
62 "authorized-keys-path": "",
63+ "firewall-mode": FwDefault,
64 "agent-version": schema.Omit,
65 "development": false,
66 }
67
68=== modified file 'environs/config/config_test.go'
69--- environs/config/config_test.go 2012-09-06 09:29:52 +0000
70+++ environs/config/config_test.go 2012-10-02 15:34:21 +0000
71@@ -130,6 +130,30 @@
72 "name": "",
73 },
74 "empty name in environment configuration",
75+ }, {
76+ // Default firewall mode.
77+ attrs{
78+ "type": "my-type",
79+ "name": "my-name",
80+ "firewall-mode": config.FwDefault,
81+ },
82+ "",
83+ }, {
84+ // Global firewall mode.
85+ attrs{
86+ "type": "my-type",
87+ "name": "my-name",
88+ "firewall-mode": config.FwGlobal,
89+ },
90+ "",
91+ }, {
92+ // Illegal firewall mode.
93+ attrs{
94+ "type": "my-type",
95+ "name": "my-name",
96+ "firewall-mode": "illegal",
97+ },
98+ "invalid firewall mode .* in environment configuration",
99 },
100 }
101
102@@ -213,6 +237,7 @@
103 "type": "my-type",
104 "name": "my-name",
105 "authorized-keys": "my-keys",
106+ "firewall-mode": string(config.FwDefault),
107 "default-series": version.Current.Series,
108 "unknown": "my-unknown",
109 }
110
111=== modified file 'environs/ec2/config_test.go'
112--- environs/ec2/config_test.go 2012-07-26 15:54:58 +0000
113+++ environs/ec2/config_test.go 2012-10-02 15:34:21 +0000
114@@ -235,7 +235,7 @@
115
116 func (s *ConfigSuite) TestConfig(c *C) {
117 for i, t := range configTests {
118- c.Logf("test %d: %q", i, t.config)
119+ c.Logf("test %d: %v", i, t.config)
120 t.check(c)
121 }
122 }
123
124=== modified file 'environs/ec2/ec2.go'
125--- environs/ec2/ec2.go 2012-09-28 13:25:35 +0000
126+++ environs/ec2/ec2.go 2012-10-02 15:34:21 +0000
127@@ -566,6 +566,7 @@
128 return nil
129 }
130 // Give permissions for anyone to access the given ports.
131+ // TODO(mue) Choose group depending on inst.e.Config().FirewallMode().
132 ipPerms := portsToIPPerms(ports)
133 g := ec2.SecurityGroup{Name: inst.e.machineGroupName(machineId)}
134 _, err := inst.e.ec2().AuthorizeSecurityGroup(g, ipPerms)
135@@ -599,6 +600,7 @@
136 // Revoke permissions for anyone to access the given ports.
137 // Note that ec2 allows the revocation of permissions that aren't
138 // granted, so this is naturally idempotent.
139+ // TODO(mue) Choose group depending on inst.e.Config().FirewallMode().
140 g := ec2.SecurityGroup{Name: inst.e.machineGroupName(machineId)}
141 _, err := inst.e.ec2().RevokeSecurityGroup(g, portsToIPPerms(ports))
142 if err != nil {
143@@ -622,6 +624,7 @@
144 }
145
146 func (inst *instance) Ports(machineId int) (ports []state.Port, err error) {
147+ // TODO(mue) Choose group depending on inst.e.Config().FirewallMode().
148 g := ec2.SecurityGroup{Name: inst.e.machineGroupName(machineId)}
149 resp, err := inst.e.ec2().SecurityGroups([]ec2.SecurityGroup{g}, nil)
150 if err != nil {
151@@ -685,6 +688,8 @@
152 if err != nil {
153 return nil, err
154 }
155+ // TODO(mue) Ensure machine group only if e.Config().FirewallMode()
156+ // is config.FwDefault.
157 jujuMachineGroup, err := e.ensureGroup(e.machineGroupName(machineId), nil)
158 if err != nil {
159 return nil, err

Subscribers

People subscribed via source and target branches