Skip to content

Commit

Permalink
add firewall import step
Browse files Browse the repository at this point in the history 
refactor firewall transaction handling
  • Loading branch information
nam committed Nov 29, 2019
1 parent e76ca49 commit 674c879
Show file tree
Hide file tree
Showing 22 changed files with 366 additions and 127 deletions.
3 changes: 2 additions & 1 deletion apiserver/common/crossmodel/crossmodel.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import (

"github.com/juju/juju/apiserver/params"
"github.com/juju/juju/core/crossmodel"
"github.com/juju/juju/core/firewall"
"github.com/juju/juju/core/life"
"github.com/juju/juju/core/status"
"github.com/juju/juju/network"
Expand Down Expand Up @@ -249,7 +250,7 @@ func validateIngressNetworks(backend Backend, networks []string) error {
}

// Check that the required ingress is allowed.
rule, err := backend.FirewallRule(state.JujuApplicationOfferRule)
rule, err := backend.FirewallRule(firewall.JujuApplicationOfferRule)
if err != nil && !errors.IsNotFound(err) {
return errors.Trace(err)
}
Expand Down
3 changes: 2 additions & 1 deletion apiserver/common/crossmodel/interface.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (
"gopkg.in/macaroon.v2-unstable"

"github.com/juju/juju/core/crossmodel"
"github.com/juju/juju/core/firewall"
"github.com/juju/juju/core/status"
"github.com/juju/juju/permission"
"github.com/juju/juju/state"
Expand Down Expand Up @@ -83,7 +84,7 @@ type Backend interface {
WatchOfferStatus(offerUUID string) (state.NotifyWatcher, error)

// FirewallRule returns the firewall rule for the specified service.
FirewallRule(service state.WellKnownServiceType) (*state.FirewallRule, error)
FirewallRule(service firewall.WellKnownServiceType) (*state.FirewallRule, error)

// ApplyOperation applies a model operation to the state.
ApplyOperation(op state.ModelOperation) error
Expand Down
3 changes: 2 additions & 1 deletion apiserver/common/crossmodel/state.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
"gopkg.in/juju/names.v3"

"github.com/juju/juju/core/crossmodel"
"github.com/juju/juju/core/firewall"
"github.com/juju/juju/state"
)

Expand Down Expand Up @@ -169,7 +170,7 @@ func (s stateShim) IngressNetworks(relationKey string) (state.RelationNetworks,
return api.Networks(relationKey)
}

func (s stateShim) FirewallRule(service state.WellKnownServiceType) (*state.FirewallRule, error) {
func (s stateShim) FirewallRule(service firewall.WellKnownServiceType) (*state.FirewallRule, error) {
api := state.NewFirewallRules(s.State)
return api.Rule(service)
}
Expand Down
5 changes: 3 additions & 2 deletions apiserver/facades/client/firewallrules/firewallrules.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import (
"github.com/juju/juju/apiserver/common"
"github.com/juju/juju/apiserver/facade"
"github.com/juju/juju/apiserver/params"
"github.com/juju/juju/core/firewall"
"github.com/juju/juju/permission"
"github.com/juju/juju/state"
)
Expand Down Expand Up @@ -87,7 +88,7 @@ func (api *API) SetFirewallRules(args params.FirewallRuleArgs) (params.ErrorResu
for i, arg := range args.Args {
logger.Debugf("saving firewall rule %+v", arg)
err := api.backend.SaveFirewallRule(state.NewFirewallRule(
state.WellKnownServiceType(arg.KnownService), arg.WhitelistCIDRS))
firewall.WellKnownServiceType(arg.KnownService), arg.WhitelistCIDRS))
results[i].Error = common.ServerError(err)
}
errResults.Results = results
Expand All @@ -107,7 +108,7 @@ func (api *API) ListFirewallRules() (params.ListFirewallRulesResults, error) {
listResults.Rules = make([]params.FirewallRule, len(rules))
for i, r := range rules {
listResults.Rules[i] = params.FirewallRule{
KnownService: params.KnownServiceValue(r.WellKnownServiceType()),
KnownService: params.KnownServiceValue(r.WellKnownService()),
WhitelistCIDRS: r.WhitelistCIDRs(),
}
}
Expand Down
3 changes: 2 additions & 1 deletion apiserver/facades/client/firewallrules/firewallrules_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import (
"github.com/juju/juju/apiserver/facades/client/firewallrules"
"github.com/juju/juju/apiserver/params"
apiservertesting "github.com/juju/juju/apiserver/testing"
"github.com/juju/juju/core/firewall"
"github.com/juju/juju/state"
coretesting "github.com/juju/juju/testing"
)
Expand Down Expand Up @@ -74,7 +75,7 @@ func (s *FirewallRulesSuite) TestSetFirewallRules(c *gc.C) {
})
c.Assert(err, jc.ErrorIsNil)
c.Assert(result, jc.DeepEquals, params.ErrorResults{[]params.ErrorResult{{Error: nil}}})
c.Assert(s.backend.rules["juju-controller"], jc.DeepEquals, state.NewFirewallRule(state.JujuControllerRule, []string{"1.2.3.4/8"}))
c.Assert(s.backend.rules["juju-controller"], jc.DeepEquals, state.NewFirewallRule(firewall.JujuControllerRule, []string{"1.2.3.4/8"}))
}

func (s *FirewallRulesSuite) TestSetFirewallRulesPermission(c *gc.C) {
Expand Down
5 changes: 3 additions & 2 deletions apiserver/facades/client/firewallrules/mock_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
"gopkg.in/juju/names.v3"

"github.com/juju/juju/apiserver/facades/client/firewallrules"
"github.com/juju/juju/core/firewall"
"github.com/juju/juju/state"
)

Expand All @@ -32,15 +33,15 @@ func (m *mockBackend) ModelTag() names.ModelTag {
func (m *mockBackend) SaveFirewallRule(rule state.FirewallRule) error {
m.MethodCall(m, "SaveFirewallRule")
m.PopNoErr()
m.rules[string(rule.WellKnownServiceType())] = rule
m.rules[string(rule.WellKnownService())] = rule
return nil
}

func (m *mockBackend) ListFirewallRules() ([]*state.FirewallRule, error) {
m.MethodCall(m, "ListFirewallRules")
m.PopNoErr()
frls := make([]*state.FirewallRule, 1)
firewareRule := state.NewFirewallRule(state.JujuApplicationOfferRule, []string{"1.2.3.4/8"})
firewareRule := state.NewFirewallRule(firewall.JujuApplicationOfferRule, []string{"1.2.3.4/8"})
frls[0] = &firewareRule
return frls, nil
}
Expand Down
3 changes: 2 additions & 1 deletion apiserver/facades/controller/crossmodelrelations/crossmodelrelations_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import (
"github.com/juju/juju/apiserver/params"
apiservertesting "github.com/juju/juju/apiserver/testing"
"github.com/juju/juju/core/crossmodel"
corefirewall "github.com/juju/juju/core/firewall"
"github.com/juju/juju/core/life"
"github.com/juju/juju/core/status"
"github.com/juju/juju/state"
Expand Down Expand Up @@ -370,7 +371,7 @@ func (s *crossmodelRelationsSuite) TestPublishIngressNetworkChangesRejected(c *g

c.Assert(err, jc.ErrorIsNil)
rule := state.NewFirewallRule("", []string{"10.1.1.1/8"})
s.st.firewallRules[state.JujuApplicationOfferRule] = &rule
s.st.firewallRules[corefirewall.JujuApplicationOfferRule] = &rule
results, err := s.api.PublishIngressNetworkChanges(params.IngressNetworksChanges{
Changes: []params.IngressNetworksChangeEvent{
{
Expand Down
7 changes: 4 additions & 3 deletions apiserver/facades/controller/crossmodelrelations/mock_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ import (
"github.com/juju/juju/apiserver/common/firewall"
"github.com/juju/juju/apiserver/facades/controller/crossmodelrelations"
"github.com/juju/juju/core/crossmodel"
corefirewall "github.com/juju/juju/core/firewall"
"github.com/juju/juju/core/status"
"github.com/juju/juju/state"
coretesting "github.com/juju/juju/testing"
Expand Down Expand Up @@ -48,7 +49,7 @@ type mockState struct {
offerConnections map[int]*mockOfferConnection
offerConnectionsByKey map[string]*mockOfferConnection
remoteEntities map[names.Tag]string
firewallRules map[state.WellKnownServiceType]*state.FirewallRule
firewallRules map[corefirewall.WellKnownServiceType]*state.FirewallRule
ingressNetworks map[string][]string
}

Expand All @@ -61,7 +62,7 @@ func newMockState() *mockState {
offers: make(map[string]*crossmodel.ApplicationOffer),
offerConnections: make(map[int]*mockOfferConnection),
offerConnectionsByKey: make(map[string]*mockOfferConnection),
firewallRules: make(map[state.WellKnownServiceType]*state.FirewallRule),
firewallRules: make(map[corefirewall.WellKnownServiceType]*state.FirewallRule),
ingressNetworks: make(map[string][]string),
}
}
Expand Down Expand Up @@ -119,7 +120,7 @@ func (st *mockState) AddOfferConnection(arg state.AddOfferConnectionParams) (cro
return oc, nil
}

func (st *mockState) FirewallRule(service state.WellKnownServiceType) (*state.FirewallRule, error) {
func (st *mockState) FirewallRule(service corefirewall.WellKnownServiceType) (*state.FirewallRule, error) {
if r, ok := st.firewallRules[service]; ok {
return r, nil
}
Expand Down
3 changes: 2 additions & 1 deletion apiserver/facades/controller/firewaller/firewaller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import (
"github.com/juju/juju/apiserver/common/firewall"
"github.com/juju/juju/apiserver/facade"
"github.com/juju/juju/apiserver/params"
corefirewall "github.com/juju/juju/core/firewall"
"github.com/juju/juju/core/network"
"github.com/juju/juju/core/status"
"github.com/juju/juju/state"
Expand Down Expand Up @@ -488,7 +489,7 @@ func (f *FirewallerAPIV4) SetRelationsStatus(args params.SetStatus) (params.Erro
func (f *FirewallerAPIV4) FirewallRules(args params.KnownServiceArgs) (params.ListFirewallRulesResults, error) {
var result params.ListFirewallRulesResults
for _, knownService := range args.KnownServices {
rule, err := f.st.FirewallRule(state.WellKnownServiceType(knownService))
rule, err := f.st.FirewallRule(corefirewall.WellKnownServiceType(knownService))
if err != nil && !errors.IsNotFound(err) {
return result, common.ServerError(err)
}
Expand Down
5 changes: 3 additions & 2 deletions apiserver/facades/controller/firewaller/firewaller_unit_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ import (
"github.com/juju/juju/apiserver/params"
apiservertesting "github.com/juju/juju/apiserver/testing"
"github.com/juju/juju/core/crossmodel"
"github.com/juju/juju/core/firewall"
"github.com/juju/juju/core/status"
"github.com/juju/juju/state"
coretesting "github.com/juju/juju/testing"
Expand Down Expand Up @@ -123,8 +124,8 @@ func (s *RemoteFirewallerSuite) TestSetRelationStatus(c *gc.C) {
}

func (s *RemoteFirewallerSuite) TestFirewallRules(c *gc.C) {
rule := state.NewFirewallRule(state.JujuApplicationOfferRule, []string{"192.168.0.0/16"})
s.st.firewallRules[state.JujuApplicationOfferRule] = &rule
rule := state.NewFirewallRule(firewall.JujuApplicationOfferRule, []string{"192.168.0.0/16"})
s.st.firewallRules[firewall.JujuApplicationOfferRule] = &rule
result, err := s.api.FirewallRules(params.KnownServiceArgs{
KnownServices: []params.KnownServiceValue{params.JujuApplicationOfferRule, params.SSHRule}})
c.Assert(err, jc.ErrorIsNil)
Expand Down
7 changes: 4 additions & 3 deletions apiserver/facades/controller/firewaller/mock_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ import (
"github.com/juju/juju/apiserver/params"
"github.com/juju/juju/controller"
"github.com/juju/juju/core/crossmodel"
corefirewall "github.com/juju/juju/core/firewall"
"github.com/juju/juju/core/status"
"github.com/juju/juju/environs/config"
"github.com/juju/juju/state"
Expand All @@ -37,7 +38,7 @@ type mockState struct {
macaroons map[names.Tag]*macaroon.Macaroon
relations map[string]*mockRelation
controllerInfo map[string]*mockControllerInfo
firewallRules map[state.WellKnownServiceType]*state.FirewallRule
firewallRules map[corefirewall.WellKnownServiceType]*state.FirewallRule
subnetsWatcher *mockStringsWatcher
modelWatcher *mockNotifyWatcher
configAttrs map[string]interface{}
Expand All @@ -50,7 +51,7 @@ func newMockState(modelUUID string) *mockState {
remoteEntities: make(map[names.Tag]string),
macaroons: make(map[names.Tag]*macaroon.Macaroon),
controllerInfo: make(map[string]*mockControllerInfo),
firewallRules: make(map[state.WellKnownServiceType]*state.FirewallRule),
firewallRules: make(map[corefirewall.WellKnownServiceType]*state.FirewallRule),
subnetsWatcher: newMockStringsWatcher(),
modelWatcher: newMockNotifyWatcher(),
configAttrs: coretesting.FakeConfig(),
Expand Down Expand Up @@ -110,7 +111,7 @@ func (st *mockState) FindEntity(tag names.Tag) (state.Entity, error) {
return nil, errors.NotImplementedf("FindEntity")
}

func (st *mockState) FirewallRule(service state.WellKnownServiceType) (*state.FirewallRule, error) {
func (st *mockState) FirewallRule(service corefirewall.WellKnownServiceType) (*state.FirewallRule, error) {
r, ok := st.firewallRules[service]
if !ok {
return nil, errors.NotFoundf("firewall rule for %q", service)
Expand Down
5 changes: 3 additions & 2 deletions apiserver/facades/controller/firewaller/state.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
"gopkg.in/macaroon.v2-unstable"

"github.com/juju/juju/apiserver/common/firewall"
corefirewall "github.com/juju/juju/core/firewall"
"github.com/juju/juju/state"
)

Expand All @@ -24,7 +25,7 @@ type State interface {

FindEntity(tag names.Tag) (state.Entity, error)

FirewallRule(service state.WellKnownServiceType) (*state.FirewallRule, error)
FirewallRule(service corefirewall.WellKnownServiceType) (*state.FirewallRule, error)

Subnet(id string) (Subnet, error)

Expand Down Expand Up @@ -58,7 +59,7 @@ func (st stateShim) WatchOpenedPorts() state.StringsWatcher {
return st.st.WatchOpenedPorts()
}

func (st stateShim) FirewallRule(service state.WellKnownServiceType) (*state.FirewallRule, error) {
func (st stateShim) FirewallRule(service corefirewall.WellKnownServiceType) (*state.FirewallRule, error) {
api := state.NewFirewallRules(st.st)
return api.Rule(service)
}
Expand Down
28 changes: 28 additions & 0 deletions core/firewall/firewall.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
// Copyright 2019 Canonical Ltd.
// Licensed under the AGPLv3, see LICENCE file for details.

package firewall

import "github.com/juju/errors"

const (
// SSHRule is a rule for SSH connections.
SSHRule = WellKnownServiceType("ssh")

// JujuControllerRule is a rule for connections to the Juju controller.
JujuControllerRule = WellKnownServiceType("juju-controller")

// JujuApplicationOfferRule is a rule for connections to a Juju offer.
JujuApplicationOfferRule = WellKnownServiceType("juju-application-offer")
)

// WellKnownService defines a service for which firewall rules may be applied.
type WellKnownServiceType string

func (v WellKnownServiceType) Validate() error {
switch v {
case SSHRule, JujuControllerRule, JujuApplicationOfferRule:
return nil
}
return errors.NotValidf("well known service type %q", v)
}
Loading

0 comments on commit 674c879

Please sign in to comment.