Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(3998)
Issues Repositories Search
Open Issues | Closed Issues | All Issues | Sign in with your Google Account to create issues and add comments

Issue 14309043: provider/ec2: Use security group ids in EC2 API

Can't Edit
Can't Publish+Mail
Start Review
Created:
10 years, 7 months ago by gz
Modified:
10 years, 7 months ago
Reviewers:
mp+188958, rog
Visibility:
Public.

Description

provider/ec2: Use security group ids in EC2 API The additional options available with VPC security groups comes with the limitation that they must be referred to by id rather than by name. To support the otherwise mostly transparent default VPC mode some new accounts use, switch our provider infrastructure to lookup and use ids. This adds some additional overhead in ec2 api roundtrips, which would be avoidable in the ec2-classic case by detecting if the account is default-vpc enabled using DescribeAccountAttributes and continuing to just use the names if not. For now, that is punted on that in favour of verifying the new codepath works in all cases. There are a couple of work items pending for this branch. I have run and confirmed that a subset of the live tests, including those most related to security group handling, pass on both classic and default vpc regions. However, a clean run of the whole live suite on trunk is eluding me. Two small updates to goamz are required for the local live suite to pass. These are both approved, but need to land, and dependencies.csv updated. https://code.launchpad.net/~gz/juju-core/secgroup_vpc/+merge/188958 (do not edit description out of merge proposal)

Patch Set 1 #

Total comments: 16

Patch Set 2 : provider/ec2: Use security group ids in EC2 API #

Unified diffs Side-by-side diffs Delta from patch set Stats (+131 lines, -57 lines) Patch
A [revision details] View 1 1 chunk +2 lines, -0 lines 0 comments Download
M dependencies.tsv View 1 1 chunk +1 line, -1 line 0 comments Download
M provider/ec2/ec2.go View 1 13 chunks +103 lines, -47 lines 0 comments Download
M provider/ec2/live_test.go View 1 3 chunks +25 lines, -9 lines 0 comments Download

Messages

Total messages: 3
gz
Please take a look.
10 years, 7 months ago (2013-10-02 23:09:37 UTC) #1
rog
LGTM with some thoughts and suggestions below. https://codereview.appspot.com/14309043/diff/1/provider/ec2/ec2.go File provider/ec2/ec2.go (left): https://codereview.appspot.com/14309043/diff/1/provider/ec2/ec2.go#oldcode796 provider/ec2/ec2.go:796: SourceGroups: sourceGroups, ...
10 years, 7 months ago (2013-10-03 00:08:52 UTC) #2
gz
10 years, 7 months ago (2013-10-03 14:12:27 UTC) #3 
Please take a look.

https://codereview.appspot.com/14309043/diff/1/provider/ec2/ec2.go
File provider/ec2/ec2.go (right):

https://codereview.appspot.com/14309043/diff/1/provider/ec2/ec2.go#newcode465
provider/ec2/ec2.go:465: func (e *environ) lookupGroupInfoByName(groupName
string) (ec2.SecurityGroupInfo, error) {
On 2013/10/03 00:08:53, rog wrote:
> The "lookup" part of this method name seems a bit superfluous to me.
> 
> I think "groupInfoByName" and "groupByName" would read quite nicely.

Done.

https://codereview.appspot.com/14309043/diff/1/provider/ec2/ec2.go#newcode502
provider/ec2/ec2.go:502: filter.Add("instance.group-id", group.Id)
On 2013/10/03 00:08:53, rog wrote:
> I think this (and probably other stuff too) will need the dependencies.tsv
file
> to be updated.

Now it's landed, have updated the dependencies.tsv file.

https://codereview.appspot.com/14309043/diff/1/provider/ec2/ec2.go#newcode885
provider/ec2/ec2.go:885: // If it exists, its permissions are set to perms.
On 2013/10/03 00:08:53, rog wrote:
> Ah, I see now, I think.
> 
> This could perhaps do with a comment:
> // Any entries in perms without a SourceIPs entry
> // will be given permissions for the named group
> // only.

That's reasonable, have added something along those lines.

https://codereview.appspot.com/14309043/diff/1/provider/ec2/ec2.go#newcode953
provider/ec2/ec2.go:953: // id in source groups, using group ids only.
On 2013/10/03 00:08:53, rog wrote:
> This comment no longer makes much sense.
> 
> How about something like:
> 
> // newPermSetForGroup returns a set of all the permissions
> // in the given slice of IPPerms. It ignores the name
> // and owner id in source groups; any entry with
> // no source IPs will be assigned to the given group.
> 
> ?

Have added something along these lines.

https://codereview.appspot.com/14309043/diff/1/provider/ec2/live_test.go
File provider/ec2/live_test.go (right):

https://codereview.appspot.com/14309043/diff/1/provider/ec2/live_test.go#newc...
provider/ec2/live_test.go:255: inst_ids := []instance.Id{inst0.Id(), inst1.Id()}
On 2013/10/03 00:08:53, rog wrote:
> s/inst_ids/instIds/

Done.

https://codereview.appspot.com/14309043/diff/1/provider/ec2/live_test.go#newc...
provider/ec2/live_test.go:256: ids_from_insts := func(insts []instance.Instance)
(ids []instance.Id) {
On 2013/10/03 00:08:53, rog wrote:
> s/ids_from_insts/idsFromInsts/

Done.

https://codereview.appspot.com/14309043/diff/1/provider/ec2/live_test.go#newc...
provider/ec2/live_test.go:265: all_insts, err := t.Env.AllInstances()
On 2013/10/03 00:08:53, rog wrote:
> s/all_insts/allInsts/

Done.

https://codereview.appspot.com/14309043/diff/1/provider/ec2/live_test.go#newc...
provider/ec2/live_test.go:435: func hasSecurityGroup(r amzec2.Instance, g
amzec2.SecurityGroup) bool {
Also renamed this from r.
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b