private List<Listener> buildListeners(AWSLoadBalancerContext context) { return context.loadBalancerStateExpanded.routes.stream().map(routeConfiguration -> { Listener listener = new Listener() .withLoadBalancerPort(Integer.parseInt(routeConfiguration.port)) .withInstancePort(Integer.parseInt(routeConfiguration.instancePort)); // Convert HTTPS protocol on the load balancer to TCP thus the load balancer will act // as a SSL Pass-through. Set the instance protocol to be TCP as well as both protocols // must be on the same layer if (LoadBalancerDescription.Protocol.HTTPS.name() .equalsIgnoreCase(routeConfiguration.protocol)) { listener.setProtocol(LoadBalancerDescription.Protocol.TCP.name()); listener.setInstanceProtocol(LoadBalancerDescription.Protocol.TCP.name()); } else { listener.setProtocol(routeConfiguration.protocol); listener.setInstanceProtocol(routeConfiguration.instanceProtocol); } return listener; }).collect(Collectors.toList()); }
private void verifyListeners(List<RouteConfiguration> routeConfigurations, List<ListenerDescription> listenerDescriptions) { routeConfigurations.forEach(route -> { Listener listener = getListenerByPort(Integer.valueOf(route.port), listenerDescriptions); assertEquals(Integer.valueOf(route.port), listener.getLoadBalancerPort()); assertEquals(Integer.valueOf(route.instancePort), listener.getInstancePort()); // Load Balancer https protocol is translated to tcp if (Protocol.HTTPS.name().equalsIgnoreCase(route.protocol)) { assertEquals(Protocol.TCP.name(), listener.getProtocol()); assertEquals(Protocol.TCP.name(), listener.getInstanceProtocol()); } else { assertEquals(route.protocol, listener.getProtocol()); assertEquals(route.instanceProtocol, listener.getInstanceProtocol()); } }); }
@Override public void execute(Context context) throws Exception { String key = "elb/" + resource.id; context.output(key, String.format("status=%s, http=%s, https=%s", resource.status, resource.listenHTTP, resource.listenHTTPS)); if (resource.remoteELB != null) { context.output(key, "dns=" + resource.remoteELB.getDNSName()); for (ListenerDescription description : resource.remoteELB.getListenerDescriptions()) { Listener listener = description.getListener(); context.output(key, String.format("listener=%s:%d=>%s:%d, cert=%s", listener.getProtocol(), listener.getLoadBalancerPort(), listener.getInstanceProtocol(), listener.getInstancePort(), listener.getSSLCertificateId())); } } }
@Override public void execute(Context context) throws Exception { String elbName = resource.remoteELB.getLoadBalancerName(); CreateLoadBalancerListenersRequest request = new CreateLoadBalancerListenersRequest() .withLoadBalancerName(elbName); if (addedProtocols.contains("HTTP")) { request.getListeners().add(new Listener("HTTP", 80, 80)); } if (addedProtocols.contains("HTTPS")) { String certARN = resource.amazonCertARN != null ? resource.amazonCertARN : resource.cert.remoteCert.getServerCertificateMetadata().getArn(); request.getListeners().add(new Listener() .withProtocol("HTTPS") .withLoadBalancerPort(443) .withInstanceProtocol("HTTP") .withInstancePort(80) .withSSLCertificateId(certARN)); } logger.info("create ELB listeners, request={}", request); AWS.elb.elb.createLoadBalancerListeners(request); }
public static String provisionAWSLoadBalancerWithEC2Client(VerificationHost host, AmazonElasticLoadBalancingAsyncClient client, String name, String subnetId, String securityGroupId, List<String> instanceIds) { if (name == null) { name = LOAD_BALANCER_NAME_PREFIX + System.currentTimeMillis(); } Listener defaultListener = new Listener().withInstancePort(80) .withInstanceProtocol("HTTP") .withLoadBalancerPort(80) .withProtocol("HTTP"); CreateLoadBalancerRequest request = new CreateLoadBalancerRequest() .withLoadBalancerName(name) .withSubnets(Collections.singletonList(subnetId)) .withSecurityGroups(Collections.singleton(securityGroupId)) .withListeners(Collections.singleton(defaultListener)); CreateLoadBalancerResult result = null; try { result = client.createLoadBalancer(request); } catch (Exception e) { host.log(Level.SEVERE, "Error encountered in provisioning load balancer on AWS: %s", Utils.toString(e)); } assertNotNull(result); assertNotNull(result.getDNSName()); if (instanceIds != null) { registerAWSInstancesToLoadBalancer(host, client, name, instanceIds); } return name; }
private Listener getListenerByPort(Integer port, List<ListenerDescription> descriptions) { ListenerDescription listenerDescription = descriptions.stream() .filter(ld -> ld.getListener().getLoadBalancerPort().equals(port)).findFirst() .orElse(null); assertNotNull(listenerDescription); return listenerDescription.getListener(); }
@Override public List<Integer> check(final LoadBalancerDescription loadBalancerDescription) { return loadBalancerDescription.getListenerDescriptions() .stream() .map(ListenerDescription::getListener) .map(Listener::getLoadBalancerPort) .filter(p -> !jobsProperties.getElbAllowedPorts().contains(p)) .collect(Collectors.toList()); }
@Override public void execute(Context context) throws Exception { CreateLoadBalancerRequest request = new CreateLoadBalancerRequest() .withLoadBalancerName(resource.name) .withScheme(resource.scheme.orElse(null)) .withTags(new Tag().withKey("cloud-manager:env").withValue(context.env.name)); if (resource.subnet != null) { request.withSecurityGroups(resource.securityGroup.remoteSecurityGroup.getGroupId()) .withSubnets(resource.subnet.remoteSubnets.stream().map(Subnet::getSubnetId).collect(Collectors.toList())); } else { List<String> zones = AWS.ec2.availabilityZones(); request.withAvailabilityZones(zones.get(0)); } if (resource.listenHTTP) { request.getListeners().add(new Listener("HTTP", 80, 80)); } if (resource.listenHTTPS) { String certARN = resource.amazonCertARN != null ? resource.amazonCertARN : resource.cert.remoteCert.getServerCertificateMetadata().getArn(); request.getListeners().add(new Listener() .withProtocol("HTTPS") .withLoadBalancerPort(443) .withInstanceProtocol("HTTP") .withInstancePort(80) .withSSLCertificateId(certARN)); } resource.remoteELB = AWS.elb.createELB(request); configureELB(context.env.region); configureHealthCheck(); context.output(String.format("elb/%s/DNS", resource.id), resource.remoteELB.getDNSName()); }
@Test void httpsCertChangedWithNewLocalCert() { elb.listenHTTPS = true; elb.remoteELB = new LoadBalancerDescription() .withListenerDescriptions(new ListenerDescription().withListener(new Listener("HTTPS", 443, 80))); elb.cert = new ServerCert("cert"); elb.cert.foundInLocal(); assertTrue(elb.httpsCertChanged()); }
@Before public void setUp() throws Exception { this.violationSinkMock = mock(ViolationSink.class); this.clientProviderMock = mock(ClientProvider.class); this.accountIdSupplierMock = mock(AccountIdSupplier.class); this.jobsPropertiesMock = mock(JobsProperties.class); this.portsChecker = mock(PortsChecker.class); this.securityGroupsChecker = mock(SecurityGroupsChecker.class); this.mockAwsELBClient = mock(AmazonElasticLoadBalancingClient.class); this.mockAwsApplications = mock(AwsApplications.class); this.mockViolationService = mock(ViolationService.class); this.fetchTaupageYamlMock = mock(FetchTaupageYaml.class); this.mockAmiDetailsProvider = mock(AmiDetailsProvider.class); this.mockEC2InstanceProvider = mock(EC2InstanceProvider.class); final Listener listener = new Listener("HTTPS", 80, 80); final ListenerDescription listenerDescription = new ListenerDescription(); listenerDescription.setListener(listener); final ArrayList<LoadBalancerDescription> elbs = newArrayList(); final ArrayList<TagDescription> tagDescriptions = newArrayList(); final LoadBalancerDescription publicELB = new LoadBalancerDescription(); publicELB.setScheme("internet-facing"); publicELB.setListenerDescriptions(newArrayList(listenerDescription)); publicELB.setCanonicalHostedZoneName("test.com"); publicELB.setInstances(asList(new Instance("i1"), new Instance("i2"))); publicELB.setLoadBalancerName("publicELB"); elbs.add(publicELB); tagDescriptions.add( new TagDescription() .withLoadBalancerName("publicELB") .withTags(newArrayList( new Tag().withKey("someTag").withValue("someValue")))); final LoadBalancerDescription privateELB = new LoadBalancerDescription(); privateELB.setScheme("internal"); privateELB.setCanonicalHostedZoneName("internal.org"); privateELB.setLoadBalancerName("privateELB"); elbs.add(privateELB); for (int i = 1; i <= 20; i++) { final String loadBalancerName = "kubeELB" + i; final LoadBalancerDescription kubeELB = new LoadBalancerDescription(); kubeELB.setScheme("internet-facing"); kubeELB.setCanonicalHostedZoneName("test" + i + ".com"); kubeELB.setLoadBalancerName(loadBalancerName); elbs.add(kubeELB); tagDescriptions.add( new TagDescription() .withLoadBalancerName(loadBalancerName) .withTags(newArrayList( new Tag().withKey("someTag").withValue("someValue"), new Tag().withKey("kubernetes.io/cluster/").withValue("owned")))); } mockDescribeELBResult = new DescribeLoadBalancersResult(); mockDescribeELBResult.setLoadBalancerDescriptions(elbs); mockDescribeTagsResult = new DescribeTagsResult(); mockDescribeTagsResult.setTagDescriptions(tagDescriptions); regions.add(REGION1); when(clientProviderMock.getClient(any(), any(String.class), any(Region.class))).thenReturn(mockAwsELBClient); when(mockEC2InstanceProvider.getById(anyString(), any(Region.class), anyString())) .thenReturn(Optional.of(new com.amazonaws.services.ec2.model.Instance().withInstanceId("foo").withImageId("bar"))); when(mockAmiDetailsProvider.getAmiDetails(anyString(), any(Region.class), anyString())) .thenReturn(ImmutableMap.of("ami_id", "bar")); }
public void startListener(AwsProcessClient awsProcessClient, Long loadBalancerNo, Integer loadBalancerPort) { AwsLoadBalancer awsLoadBalancer = awsLoadBalancerDao.read(loadBalancerNo); LoadBalancerListener listener = loadBalancerListenerDao.read(loadBalancerNo, loadBalancerPort); try { // リスナー作成情報 CreateLoadBalancerListenersRequest request = new CreateLoadBalancerListenersRequest(); request.withLoadBalancerName(awsLoadBalancer.getName()); Listener listener2 = new Listener(); listener2.withProtocol(listener.getProtocol()); listener2.withLoadBalancerPort(listener.getLoadBalancerPort()); listener2.withInstancePort(listener.getServicePort()); if (listener.getSslKeyNo() != null) { AwsSslKey awsSslKey = awsSslKeyDao.read(listener.getSslKeyNo()); listener2.withSSLCertificateId(awsSslKey.getSslcertificateid()); } request.withListeners(listener2); // リスナーの作成 awsProcessClient.getElbClient().createLoadBalancerListeners(request); if (log.isInfoEnabled()) { log.info(MessageUtils.getMessage("IPROCESS-200121", awsLoadBalancer.getName(), listener.getLoadBalancerPort())); } // イベントログ出力 processLogger.debug(null, null, "AwsElbListenerCreate", new Object[] { awsProcessClient.getPlatform().getPlatformName(), awsLoadBalancer.getName(), listener.getLoadBalancerPort() }); } catch (RuntimeException e) { // ステータスを更新 listener = loadBalancerListenerDao.read(loadBalancerNo, loadBalancerPort); listener.setStatus(LoadBalancerListenerStatus.WARNING.toString()); loadBalancerListenerDao.update(listener); throw e; } // ステータスを更新 listener = loadBalancerListenerDao.read(loadBalancerNo, loadBalancerPort); listener.setStatus(LoadBalancerListenerStatus.RUNNING.toString()); listener.setConfigure(false); loadBalancerListenerDao.update(listener); }
