def add_security_rules_inbound_efs(self, infrastructure, security_group):
ags_allowed_to_efs = select_all(
infrastructure,
lambda item: item.kind == 'infrastructure/virtual-machine' and item
.specification.authorized_to_efs)
for asg in ags_allowed_to_efs:
for subnet_in_asg in asg.specification.subnet_names:
subnet = select_single(
infrastructure,
lambda item: item.kind == 'infrastructure/subnet' and item.
specification.name == subnet_in_asg)
rule_defined = select_first(
security_group.specification.rules, lambda item: item.
source_address_prefix == subnet.specification.cidr_block
and item.destination_port_range == 2049)
if rule_defined is None:
rule = self.get_config_or_default(
self.docs, 'infrastructure/security-group-rule')
rule.specification.name = 'sg-rule-nfs-default-from-' + subnet.specification.name
rule.specification.description = 'NFS inbound for ' + subnet.specification.name
rule.specification.direction = 'ingress'
rule.specification.protocol = 'tcp'
rule.specification.destination_port_range = 2049
rule.specification.source_address_prefix = subnet.specification.cidr_block
rule.specification.destination_address_prefix = '*'
security_group.specification.rules.append(
rule.specification)
rules = []
for rule in security_group.specification.rules:
rules.append(objdict_to_dict(rule))
security_group.specification.rules = rules
def run(self):
infrastructure_docs = select_all(self.docs, lambda x: x.kind.startswith('infrastructure/'))
for i in range(len(infrastructure_docs)):
infrastructure_docs[i]['version'] = VERSION
return infrastructure_docs
def assert_consistent_os_family(self):
# Before this issue https://github.com/epiphany-platform/epiphany/issues/195 gets resolved,
# we are forced to do assertion here.
def _get_os_indicator(vm_doc):
expected_indicators = {
"ubuntu": "ubuntu",
"rhel": "redhat",
"redhat": "redhat",
"centos": "centos",
}
if vm_doc.provider == "azure":
# Example image offers:
# - UbuntuServer
# - RHEL
# - CentOS
for indicator in expected_indicators:
if indicator in vm_doc.specification.storage_image_reference.offer.lower(
):
return expected_indicators[indicator]
if vm_doc.provider == "aws":
# Example public/official AMI names:
# - ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-20200611
# - RHEL-7.8_HVM_GA-20200225-x86_64-1-Hourly2-GP2
# - CentOS 7.8.2003 x86_64
for indicator in expected_indicators:
if indicator in vm_doc.specification.os_full_name.lower():
return expected_indicators[indicator]
# When name is completely custom we just skip the check
return None
virtual_machine_docs = select_all(
self.infrastructure_docs,
lambda x: x.kind == 'infrastructure/virtual-machine',
)
os_indicators = {
_get_os_indicator(vm_doc)
for vm_doc in virtual_machine_docs
}
if len(os_indicators) > 1:
raise Exception(
"Detected mixed Linux distros in config, Epirepo will not work properly. Please inspect your config manifest. Forgot to define repository VM document?"
)
def get_infra_docs(self, input_docs):
if self.provider == 'any':
# For any we can include the machine documents from the minimal-cluster-config
infra = select_all(
input_docs,
lambda x: x.kind.startswith('infrastructure/machine'))
else:
# VMs are curently the infrastructure documents the user might interact with for:
# - type/size
# - distro
# - network security rules
# ...
# So we add the defaults here.
# TODO: Check if we want to include possible other infrastructure documents.
infra = load_all_yaml_objs(types.DEFAULT, self.provider,
'infrastructure/virtual-machine')
return infra
def init(self):
input = load_all_yaml_objs(types.DEFAULT, self.provider,
'configuration/minimal-cluster-config')
input[0].specification.name = self.name
if self.is_full_config:
config = self.get_config_docs(input)
config_only = select_all(
config, lambda x: not (x.kind.startswith('epiphany-cluster')))
if self.provider == 'any':
# for any provider we want to use the default config from minimal-cluster-config
cluster_model = select_single(
input, lambda x: x.kind == 'epiphany-cluster')
else:
# for azure|aws provider we want to use the extended defaults cluster-config after dry run.
# TODO: We probably wants this comming from seperate documents since Azure and AWS overlap now...
cluster_model = select_single(
config, lambda x: x.kind == 'epiphany-cluster')
infra = self.get_infra_docs(input)
docs = [cluster_model, *config_only, *infra]
else:
docs = [*input]
# set the provider and version for all docs
for doc in docs:
doc['provider'] = self.provider
doc['version'] = VERSION
# remove SET_BY_AUTOMATION fields
remove_value(docs, 'SET_BY_AUTOMATION')
# save document
save_manifest(docs, self.name, self.name + '.yml')
self.logger.info('Initialized new configuration and saved it to "' +
os.path.join(get_build_path(self.name), self.name +
'.yml') + '"')
return 0
def run(self):
infrastructure_docs = select_all(
self.docs, lambda x: x.kind.startswith('infrastructure/'))
return infrastructure_docs
def test_select_all_returns_empty_list_if_there_is_no_matching_elements():
actual = select_all(DATA,
lambda item: item.name == 'name-that-does-not-exist')
assert (actual == [])
def test_select_all_returns_all_matching_elements():
actual = select_all(DATA, lambda item: item.name == 'test-name23')
assert (len(actual) == 2)
assert (actual[0].index == 2)
assert (actual[1].index == 3)