Issue 336: define ip permissions syntax

compute/pom.xml

@@ -73,7 +73,7 @@
                 <configuration>
                     <instructions>
                         <Bundle-SymbolicName>${project.artifactId}</Bundle-SymbolicName>
-                        <Export-Package>org.jclouds.compute*;version="${project.version}",org.jclouds.cim*;version="${project.version}",org.jclouds.ovf*;version="${project.version}",org.jclouds.ssh*;version="${project.version}"</Export-Package>
+                        <Export-Package>org.jclouds.net*;version="${project.version}",org.jclouds.compute*;version="${project.version}",org.jclouds.cim*;version="${project.version}",org.jclouds.ovf*;version="${project.version}",org.jclouds.ssh*;version="${project.version}"</Export-Package>
                         <Import-Package>!org.jclouds.compute.*;org.jclouds*;version="${project.version}",*</Import-Package>
                         <Fragment-Host>jclouds-core;bundle-version="[1.3,2)"</Fragment-Host>
                     </instructions>

compute/src/main/java/org/jclouds/net/domain/IpPermission.java

@@ -0,0 +1,238 @@
+/**
+ * Licensed to jclouds, Inc. (jclouds) under one or more
+ * contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  jclouds licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.jclouds.net.domain;
+
+import static com.google.common.base.Objects.equal;
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import java.util.Set;
+
+import org.jclouds.net.util.IpPermissions;
+
+import com.google.common.annotations.Beta;
+import com.google.common.base.Objects;
+import com.google.common.base.Objects.ToStringHelper;
+import com.google.common.collect.ImmutableMultimap;
+import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.Iterables;
+import com.google.common.collect.LinkedHashMultimap;
+import com.google.common.collect.Multimap;
+import com.google.common.collect.Sets;
+
+/**
+ * Ingress access to a destination protocol on particular ports by source, which could be an ip
+ * range (cidrblock), set of explicit security group ids in the current tenant, or security group
+ * names in another tenant.
+ * 
+ * @author Adrian Cole
+ * @see IpPermissions
+ */
+@Beta
+public class IpPermission implements Comparable<IpPermission> {
+   public static Builder builder() {
+      return new Builder();
+   }
+
+   public static class Builder {
+      private IpProtocol ipProtocol;
+      private int fromPort;
+      private int toPort;
+      private Multimap<String, String> tenantIdGroupNamePairs = LinkedHashMultimap.create();
+      private Set<String> groupIds = Sets.newLinkedHashSet();
+      private Set<String> cidrBlocks = Sets.newLinkedHashSet();
+
+      /**
+       * 
+       * @see IpPermission#getIpProtocol()
+       */
+      public Builder ipProtocol(IpProtocol ipProtocol) {
+         this.ipProtocol = ipProtocol;
+         return this;
+      }
+
+      /**
+       * 
+       * @see IpPermission#getFromPort()
+       */
+      public Builder fromPort(int fromPort) {
+         this.fromPort = fromPort;
+         return this;
+      }
+
+      /**
+       * 
+       * @see IpPermission#getToPort()
+       */
+      public Builder toPort(int toPort) {
+         this.toPort = toPort;
+         return this;
+      }
+
+      /**
+       * @see IpPermission#getTenantIdGroupNamePairs()
+       */
+      public Builder tenantIdGroupNamePair(String tenantId, String groupName) {
+         this.tenantIdGroupNamePairs.put(tenantId, groupName);
+         return this;
+      }
+
+      /**
+       * @see IpPermission#getTenantIdGroupNamePairs()
+       */
+      public Builder tenantIdGroupNamePairs(Multimap<String, String> tenantIdGroupNamePairs) {
+         this.tenantIdGroupNamePairs.putAll(tenantIdGroupNamePairs);
+         return this;
+      }
+
+      /**
+       * @see IpPermission#getCidrBlocks()
+       */
+      public Builder cidrBlock(String cidrBlock) {
+         this.cidrBlocks.add(cidrBlock);
+         return this;
+      }
+
+      /**
+       * @see IpPermission#getCidrBlocks()
+       */
+      public Builder cidrBlocks(Iterable<String> cidrBlocks) {
+         Iterables.addAll(this.cidrBlocks, cidrBlocks);
+         return this;
+      }
+
+      /**
+       * @see IpPermission#getGroupIds()
+       */
+      public Builder groupId(String groupId) {
+         this.groupIds.add(groupId);
+         return this;
+      }
+
+      /**
+       * @see IpPermission#getGroupIds()
+       */
+      public Builder groupIds(Iterable<String> groupIds) {
+         Iterables.addAll(this.groupIds, groupIds);
+         return this;
+      }
+
+      public IpPermission build() {
+         return new IpPermission(ipProtocol, fromPort, toPort, tenantIdGroupNamePairs, groupIds, cidrBlocks);
+      }
+   }
+
+   private final int fromPort;
+   private final int toPort;
+   private final Multimap<String, String> tenantIdGroupNamePairs;
+   private final Set<String> groupIds;
+   private final IpProtocol ipProtocol;
+   private final Set<String> cidrBlocks;
+
+   protected IpPermission(IpProtocol ipProtocol, int fromPort, int toPort,
+            Multimap<String, String> tenantIdGroupNamePairs, Iterable<String> groupIds, Iterable<String> cidrBlocks) {
+      this.fromPort = fromPort;
+      this.toPort = toPort;
+      this.tenantIdGroupNamePairs = ImmutableMultimap.copyOf(checkNotNull(tenantIdGroupNamePairs,
+               "tenantIdGroupNamePairs"));
+      this.ipProtocol = checkNotNull(ipProtocol, "ipProtocol");
+      this.groupIds = ImmutableSet.copyOf(checkNotNull(groupIds, "groupIds"));
+      this.cidrBlocks = ImmutableSet.copyOf(checkNotNull(cidrBlocks, "cidrBlocks"));
+   }
+
+   /**
+    * {@inheritDoc}
+    */
+   public int compareTo(IpPermission o) {
+      return (this == o) ? 0 : getIpProtocol().compareTo(o.getIpProtocol());
+   }
+
+   /**
+    * destination IP protocol
+    */
+   public IpProtocol getIpProtocol() {
+      return ipProtocol;
+   }
+
+   /**
+    * Start of destination port range for the TCP and UDP protocols, or an ICMP type number. An ICMP
+    * type number of -1 indicates a wildcard (i.e., any ICMP type number).
+    */
+   public int getFromPort() {
+      return fromPort;
+   }
+
+   /**
+    * End of destination port range for the TCP and UDP protocols, or an ICMP code. An ICMP code of
+    * -1 indicates a wildcard (i.e., any ICMP code).
+    */
+   public int getToPort() {
+      return toPort;
+   }
+
+   /**
+    * source of traffic allowed is on basis of another group in a tenant, as opposed to by cidr
+    */
+   public Multimap<String, String> getTenantIdGroupNamePairs() {
+      return tenantIdGroupNamePairs;
+   }
+
+   /**
+    * source of traffic allowed is on basis of another groupid in the same tenant
+    */
+   public Set<String> getGroupIds() {
+      return groupIds;
+   }
+
+   /**
+    * source of traffic is a cidrRange
+    */
+   public Set<String> getCidrBlocks() {
+      return cidrBlocks;
+   }
+
+   @Override
+   public boolean equals(Object o) {
+      if (this == o)
+         return true;
+      // allow subtypes
+      if (o == null || !(o instanceof IpPermission))
+         return false;
+      IpPermission that = IpPermission.class.cast(o);
+      return equal(this.ipProtocol, that.ipProtocol) && equal(this.fromPort, that.fromPort)
+               && equal(this.toPort, that.toPort) && equal(this.tenantIdGroupNamePairs, that.tenantIdGroupNamePairs)
+               && equal(this.groupIds, that.groupIds) && equal(this.cidrBlocks, that.cidrBlocks);
+   }
+
+   @Override
+   public int hashCode() {
+      return Objects.hashCode(ipProtocol, fromPort, toPort, tenantIdGroupNamePairs, groupIds, groupIds);
+   }
+
+   @Override
+   public String toString() {
+      return string().toString();
+   }
+
+   protected ToStringHelper string() {
+      return Objects.toStringHelper("").add("ipProtocol", ipProtocol).add("fromPort", fromPort).add("toPort", toPort)
+               .add("tenantIdGroupNamePairs", tenantIdGroupNamePairs).add("groupIds", groupIds).add("groupIds",
+                        groupIds);
+   }
+
+}

compute/src/main/java/org/jclouds/net/domain/IpProtocol.java

@@ -0,0 +1,42 @@
+/**
+ * Licensed to jclouds, Inc. (jclouds) under one or more
+ * contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  jclouds licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.jclouds.net.domain;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.common.annotations.Beta;
+
+/**
+ * @author Adrian Cole
+ * 
+ */
+@Beta
+public enum IpProtocol {
+
+   TCP, UDP, ICMP, ALL, UNRECOGNIZED;
+
+   public static IpProtocol fromValue(String protocol) {
+      try {
+         return valueOf(checkNotNull(protocol, "protocol").toUpperCase());
+      } catch (IllegalArgumentException e) {
+         return UNRECOGNIZED;
+      }
+   }
+
+}

compute/src/main/java/org/jclouds/net/util/IpPermissions.java

@@ -0,0 +1,149 @@
+/**
+ * Licensed to jclouds, Inc. (jclouds) under one or more
+ * contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  jclouds licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.jclouds.net.util;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import org.jclouds.net.domain.IpPermission;
+import org.jclouds.net.domain.IpProtocol;
+
+import com.google.common.collect.ImmutableMultimap;
+import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.Multimap;
+
+/**
+ * 
+ * Shortcut to create ingress rules
+ * 
+ * @author Adrian Cole
+ */
+public class IpPermissions extends IpPermission {
+
+   protected IpPermissions(IpProtocol ipProtocol, int fromPort, int toPort,
+         Multimap<String, String> tenantIdGroupPairs, Iterable<String> groupIds, Iterable<String> cidrBlocks) {
+      super(ipProtocol, fromPort, toPort, tenantIdGroupPairs, groupIds, tenantIdGroupPairs.size() == 0 ? cidrBlocks
+            : ImmutableSet.<String> of());
+   }
+
+   public static ICMPTypeSelection permitICMP() {
+      return new ICMPTypeSelection();
+   }
+
+   public static ToSourceSelection permitAnyProtocol() {
+      return new ToSourceSelection(IpProtocol.ALL, 1, 65535);
+   }
+
+   public static PortSelection permit(IpProtocol protocol) {
+      return new PortSelection(checkNotNull(protocol, "protocol"));
+   }
+
+   public static class ICMPTypeSelection extends ToSourceSelection {
+
+      ICMPTypeSelection() {
+         super(IpProtocol.ICMP, -1, -1);
+      }
+
+      /**
+       * @param type ex. 8 for ECHO (i.e. Ping)
+       * @see <a href="http://www.iana.org/assignments/icmp-parameters/icmp-parameters.xml"> ICMP Types</a>
+       */
+      public AndCodeSelection type(int type) {
+         return new AndCodeSelection(type);
+      }
+   }
+
+   public static class AndCodeSelection extends ToSourceSelection {
+      AndCodeSelection(int type) {
+         super(IpProtocol.ICMP, type, -1);
+      }
+
+      public ToSourceSelection andCode(int code) {
+         return new ToSourceSelection(getIpProtocol(), getFromPort(), code);
+      }
+
+   }
+
+   public static class PortSelection extends ToSourceSelection {
+
+      PortSelection(IpProtocol ipProtocol) {
+         super(ipProtocol, ipProtocol == IpProtocol.ICMP ? -1 : 1, ipProtocol == IpProtocol.ICMP ? -1 : 65535);
+      }
+
+      public ToPortSelection fromPort(int port) {
+         return new ToPortSelection(getIpProtocol(), port);
+      }
+      
+      public ToSourceSelection port(int port) {
+         return new ToSourceSelection(getIpProtocol(), port, port);
+      }
+   }
+
+   public static class ToPortSelection extends ToSourceSelection {
+
+      ToPortSelection(IpProtocol ipProtocol, int fromPort) {
+         super(ipProtocol, fromPort, ipProtocol == IpProtocol.ICMP ? -1 : 65535);
+      }
+
+      public ToSourceSelection to(int port) {
+         return new ToSourceSelection(getIpProtocol(), getFromPort(), port);
+      }
+   }
+
+   public static class ToGroupSourceSelection extends IpPermissions {
+
+      protected ToGroupSourceSelection(IpProtocol ipProtocol, int fromPort, int toPort) {
+         super(ipProtocol, fromPort, toPort, ImmutableMultimap.<String, String> of(), ImmutableSet.<String> of(),
+               ImmutableSet.of("0.0.0.0/0"));
+      }
+
+      public IpPermissions originatingFromSecurityGroupId(String groupId) {
+         return originatingFromSecurityGroupIds(ImmutableSet.of(checkNotNull(groupId, "groupId")));
+      }
+
+      public IpPermissions originatingFromSecurityGroupIds(Iterable<String> groupIds) {
+         return new IpPermissions(getIpProtocol(), getFromPort(), getToPort(), getTenantIdGroupNamePairs(), groupIds,
+               ImmutableSet.<String> of());
+      }
+   }
+
+   public static class ToSourceSelection extends ToGroupSourceSelection {
+      ToSourceSelection(IpProtocol ipProtocol, int fromPort, int toPort) {
+         super(ipProtocol, fromPort, toPort);
+      }
+
+      public IpPermissions originatingFromCidrBlock(String cidrIp) {
+         return originatingFromCidrBlocks(ImmutableSet.of(checkNotNull(cidrIp, "cidrIp")));
+      }
+
+      public IpPermissions originatingFromCidrBlocks(Iterable<String> cidrIps) {
+         return new IpPermissions(getIpProtocol(), getFromPort(), getToPort(),
+               ImmutableMultimap.<String, String> of(), ImmutableSet.<String> of(), cidrIps);
+      }
+
+      public IpPermissions originatingFromTenantAndSecurityGroup(String tenantId, String groupName) {
+         return toTenantsGroupsNamed(ImmutableMultimap.of(checkNotNull(tenantId, "tenantId"),
+               checkNotNull(groupName, "groupName")));
+      }
+
+      public IpPermissions toTenantsGroupsNamed(Multimap<String, String> tenantIdGroupNamePairs) {
+         return new IpPermissions(getIpProtocol(), getFromPort(), getToPort(), tenantIdGroupNamePairs, getGroupIds(),
+               ImmutableSet.<String> of());
+      }
+   }
+}

compute/src/test/java/org/jclouds/net/util/IpPermissionsTest.java

@@ -0,0 +1,100 @@
+/**
+ * Licensed to jclouds, Inc. (jclouds) under one or more
+ * contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  jclouds licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.jclouds.net.util;
+
+import static org.testng.Assert.assertEquals;
+
+import org.jclouds.net.domain.IpPermission;
+import org.jclouds.net.domain.IpProtocol;
+import org.testng.annotations.Test;
+
+import com.google.common.collect.ImmutableSet;
+
+/**
+ * Tests possible uses of IpPermissions
+ * 
+ * @author Adrian Cole
+ */
+@Test(testName = "IpPermissionsTest")
+public class IpPermissionsTest {
+   public void testAllProtocol() {
+      IpPermissions authorization = IpPermissions.permitAnyProtocol();
+      assertEquals(authorization, IpPermission.builder().ipProtocol(IpProtocol.ALL).fromPort(1).toPort(65535)
+               .cidrBlock("0.0.0.0/0").build());
+   }
+
+   public void testAllProtocolCidrBound() {
+      IpPermissions authorization = IpPermissions.permit(IpProtocol.ALL).originatingFromCidrBlock("1.1.1.1/32");
+      assertEquals(authorization, IpPermission.builder().ipProtocol(IpProtocol.ALL).fromPort(1).toPort(65535)
+               .cidrBlock("1.1.1.1/32").build());
+   }
+
+   public void testJustProtocolAndCidr() {
+      IpPermissions authorization = IpPermissions.permit(IpProtocol.TCP).originatingFromCidrBlock("1.1.1.1/32");
+      assertEquals(authorization, IpPermission.builder().ipProtocol(IpProtocol.TCP).fromPort(1).toPort(65535)
+               .cidrBlock("1.1.1.1/32").build());
+   }
+
+   public void testAnyProtocol() {
+      IpPermissions authorization = IpPermissions.permitAnyProtocol().originatingFromCidrBlock("1.1.1.1/32");
+      assertEquals(authorization, IpPermission.builder().ipProtocol(IpProtocol.ALL).fromPort(1).toPort(65535)
+               .cidrBlock("1.1.1.1/32").build());
+   }
+
+   public void testMultipleCidrs() {
+      IpPermissions authorization = IpPermissions.permit(IpProtocol.TCP).originatingFromCidrBlocks(
+               ImmutableSet.of("1.1.1.1/32", "1.1.1.2/32"));
+      assertEquals(authorization, IpPermission.builder().ipProtocol(IpProtocol.TCP).fromPort(1).toPort(65535)
+               .cidrBlocks(ImmutableSet.of("1.1.1.1/32", "1.1.1.2/32")).build());
+   }
+
+   public void testProtocolFromAndToPortAndGroupIds() {
+      IpPermissions authorization = IpPermissions.permit(IpProtocol.UDP).fromPort(11).to(53)
+               .originatingFromSecurityGroupId("groupId");
+      assertEquals(authorization, IpPermission.builder().ipProtocol(IpProtocol.UDP).fromPort(11).toPort(53)
+               .groupId("groupId").build());
+   }
+
+   public void testProtocolICMPAny() {
+      IpPermissions authorization = IpPermissions.permitICMP().originatingFromSecurityGroupId("groupId");
+      assertEquals(authorization, IpPermission.builder().ipProtocol(IpProtocol.ICMP).fromPort(-1).toPort(-1)
+               .groupId("groupId").build());
+   }
+
+   public void testProtocolICMPTypeAnyCode() {
+      IpPermissions authorization = IpPermissions.permitICMP().type(8).originatingFromSecurityGroupId("groupId");
+      assertEquals(authorization, IpPermission.builder().ipProtocol(IpProtocol.ICMP).fromPort(8).toPort(-1)
+               .groupId("groupId").build());
+   }
+
+   public void testProtocolICMPTypeCode() {
+      IpPermissions authorization = IpPermissions.permitICMP().type(8).andCode(0).originatingFromSecurityGroupId(
+               "groupId");
+      assertEquals(authorization, IpPermission.builder().ipProtocol(IpProtocol.ICMP).fromPort(8).toPort(0).groupId(
+               "groupId").build());
+   }
+
+   public void testProtocolFromAndToPortAndUserGroups() {
+      IpPermissions authorization = IpPermissions.permit(IpProtocol.ICMP).fromPort(8).to(0)
+               .originatingFromTenantAndSecurityGroup("tenantId", "groupName");
+
+      assertEquals(authorization, IpPermission.builder().ipProtocol(IpProtocol.ICMP).fromPort(8).toPort(0)
+               .tenantIdGroupNamePair("tenantId", "groupName").build());
+   }
+}