github.com/niedbalski/juju@v0.0.0-20190215020005-8ff100488e47/provider/rackspace/firewaller.go

github.com/niedbalski/juju@v0.0.0-20190215020005-8ff100488e47/provider/rackspace/firewaller.go (about)

     1  // Copyright 2015 Canonical Ltd.
     2  // Licensed under the AGPLv3, see LICENCE file for details.
     3  
     4  package rackspace
     5  
     6  import (
     7  	"github.com/juju/errors"
     8  
     9  	"github.com/juju/juju/core/instance"
    10  	"github.com/juju/juju/environs"
    11  	"github.com/juju/juju/environs/context"
    12  	"github.com/juju/juju/environs/instances"
    13  	"github.com/juju/juju/network"
    14  	"github.com/juju/juju/provider/common"
    15  	"github.com/juju/juju/provider/openstack"
    16  )
    17  
    18  type firewallerFactory struct {
    19  }
    20  
    21  var _ openstack.FirewallerFactory = (*firewallerFactory)(nil)
    22  
    23  // GetFirewaller implements FirewallerFactory
    24  func (f *firewallerFactory) GetFirewaller(env environs.Environ) openstack.Firewaller {
    25  	return &rackspaceFirewaller{}
    26  }
    27  
    28  type rackspaceFirewaller struct{}
    29  
    30  var _ openstack.Firewaller = (*rackspaceFirewaller)(nil)
    31  
    32  // OpenPorts is not supported.
    33  func (c *rackspaceFirewaller) OpenPorts(ctx context.ProviderCallContext, rules []network.IngressRule) error {
    34  	return errors.NotSupportedf("OpenPorts")
    35  }
    36  
    37  // ClosePorts is not supported.
    38  func (c *rackspaceFirewaller) ClosePorts(ctx context.ProviderCallContext, rules []network.IngressRule) error {
    39  	return errors.NotSupportedf("ClosePorts")
    40  }
    41  
    42  // IngressRules returns the port ranges opened for the whole environment.
    43  // Must only be used if the environment was setup with the
    44  // FwGlobal firewall mode.
    45  func (c *rackspaceFirewaller) IngressRules(ctx context.ProviderCallContext) ([]network.IngressRule, error) {
    46  	return nil, errors.NotSupportedf("Ports")
    47  }
    48  
    49  // DeleteGroups implements OpenstackFirewaller interface.
    50  func (c *rackspaceFirewaller) DeleteGroups(ctx context.ProviderCallContext, names ...string) error {
    51  	return nil
    52  }
    53  
    54  // DeleteAllModelGroups implements OpenstackFirewaller interface.
    55  func (c *rackspaceFirewaller) DeleteAllModelGroups(ctx context.ProviderCallContext) error {
    56  	return nil
    57  }
    58  
    59  // DeleteAllControllerGroups implements OpenstackFirewaller interface.
    60  func (c *rackspaceFirewaller) DeleteAllControllerGroups(ctx context.ProviderCallContext, controllerUUID string) error {
    61  	return nil
    62  }
    63  
    64  func (c *rackspaceFirewaller) UpdateGroupController(ctx context.ProviderCallContext, controllerUUID string) error {
    65  	return nil
    66  }
    67  
    68  // GetSecurityGroups implements OpenstackFirewaller interface.
    69  func (c *rackspaceFirewaller) GetSecurityGroups(ctx context.ProviderCallContext, ids ...instance.Id) ([]string, error) {
    70  	return nil, nil
    71  }
    72  
    73  // SetUpGroups implements OpenstackFirewaller interface.
    74  func (c *rackspaceFirewaller) SetUpGroups(ctx context.ProviderCallContext, controllerUUID, machineId string, apiPort int) ([]string, error) {
    75  	return nil, nil
    76  }
    77  
    78  // OpenInstancePorts implements Firewaller interface.
    79  func (c *rackspaceFirewaller) OpenInstancePorts(ctx context.ProviderCallContext, inst instances.Instance, machineId string, rules []network.IngressRule) error {
    80  	return c.changeIngressRules(ctx, inst, true, rules)
    81  }
    82  
    83  // CloseInstancePorts implements Firewaller interface.
    84  func (c *rackspaceFirewaller) CloseInstancePorts(ctx context.ProviderCallContext, inst instances.Instance, machineId string, rules []network.IngressRule) error {
    85  	return c.changeIngressRules(ctx, inst, false, rules)
    86  }
    87  
    88  // InstanceIngressRules implements Firewaller interface.
    89  func (c *rackspaceFirewaller) InstanceIngressRules(ctx context.ProviderCallContext, inst instances.Instance, machineId string) ([]network.IngressRule, error) {
    90  	_, configurator, err := c.getInstanceConfigurator(ctx, inst)
    91  	if err != nil {
    92  		return nil, errors.Trace(err)
    93  	}
    94  	rules, err := configurator.FindIngressRules()
    95  	if err != nil {
    96  		common.HandleCredentialError(IsAuthorisationFailure, err, ctx)
    97  	}
    98  	return rules, err
    99  }
   100  
   101  func (c *rackspaceFirewaller) changeIngressRules(ctx context.ProviderCallContext, inst instances.Instance, insert bool, rules []network.IngressRule) error {
   102  	addresses, sshClient, err := c.getInstanceConfigurator(ctx, inst)
   103  	if err != nil {
   104  		return errors.Trace(err)
   105  	}
   106  
   107  	for _, addr := range addresses {
   108  		if addr.Scope == network.ScopePublic {
   109  			err = sshClient.ChangeIngressRules(addr.Value, insert, rules)
   110  			if err != nil {
   111  				common.HandleCredentialError(IsAuthorisationFailure, err, ctx)
   112  				return errors.Trace(err)
   113  			}
   114  		}
   115  	}
   116  	return nil
   117  }
   118  
   119  func (c *rackspaceFirewaller) getInstanceConfigurator(ctx context.ProviderCallContext, inst instances.Instance) ([]network.Address, common.InstanceConfigurator, error) {
   120  	addresses, err := inst.Addresses(ctx)
   121  	if err != nil {
   122  		common.HandleCredentialError(IsAuthorisationFailure, err, ctx)
   123  		return nil, nil, errors.Trace(err)
   124  	}
   125  	if len(addresses) == 0 {
   126  		return addresses, nil, errors.New("No addresses found")
   127  	}
   128  
   129  	client := common.NewSshInstanceConfigurator(addresses[0].Value)
   130  	return addresses, client, err
   131  }