Issue 8649047: Keep the groupId from ec2 permission groups.

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Issue 8649047: Keep the groupId from ec2 permission groups.

Can't Edit
Can't Publish+Mail
Start Review

Created:
11 years, 10 months ago by thumper

Modified:
11 years, 10 months ago

Reviewers:
mp+159994, rog

Visibility:
Public.

Description

Keep the groupId from ec2 permission groups. If ec2 tells us only group Id values, and not Names, then we need to be able to reproduce this when wanting to revoke permissions. https://code.launchpad.net/~thumper/juju-core/more-ipperms/+merge/159994 (do not edit description out of merge proposal)

Patch Set 1 #

Total comments: 1

Created: 11 years, 10 months ago

Download [raw] [tar.bz2]

		Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+6 lines, -1 line)			Patch
	A	[revision details]	View		1 chunk	+2 lines, -0 lines	0 comments	Download
	M	environs/ec2/ec2.go	View		3 chunks	+4 lines, -1 line	1 comment	Download

Messages

Total messages: 2

Expand All Messages | Collapse All Messages

rog

11 years, 10 months ago (2013-04-22 07:30:11 UTC) #2

Thanks very much for getting to the bottom of this issue. This does not LGTM
though because I don't believe the fix is correct (see below). Also, if the live
tests didn't fail, we could do with a test please.

https://codereview.appspot.com/8649047/diff/1/environs/ec2/ec2.go
File environs/ec2/ec2.go (right):

https://codereview.appspot.com/8649047/diff/1/environs/ec2/ec2.go#newcode921
environs/ec2/ec2.go:921: groupId   string
I'm not sure this is right.

We use the permKey as unique key representing a group permission - the
permissions passed into ensureGroup have perms with only the group name set, so
they won't compare equal to permissions with the group id set, so this breaks
the logic in that function.

I think the right fix is probably to use groupId exclusively. This means that
the ensureGroup in setUpGroups needs to change, because the group perms refer
back to the group itself, and we can't provide its id before we've created it.
So I suggest creating the jujuGroupName group with no permissions before calling
ensureGroup using SourceGroups with the appropriate id filled out.

This means an extra round trip when starting an instance, but that's probably no
big deal compared to the amount of time it takes anyway.

Expand All Messages | Collapse All Messages