You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@jclouds.apache.org by "Ignasi Barrera (JIRA)" <ji...@apache.org> on 2017/06/15 08:21:00 UTC

[jira] [Commented] (JCLOUDS-1309) GCE SecurityGroupExtension implementation

    [ https://issues.apache.org/jira/browse/JCLOUDS-1309?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16050143#comment-16050143 ] 

Ignasi Barrera commented on JCLOUDS-1309:
-----------------------------------------

See also the discussion thread in the jclouds-dev mailing list: https://s.apache.org/jclouds-gce-sge

> GCE SecurityGroupExtension implementation
> -----------------------------------------
>
>                 Key: JCLOUDS-1309
>                 URL: https://issues.apache.org/jira/browse/JCLOUDS-1309
>             Project: jclouds
>          Issue Type: Improvement
>          Components: jclouds-compute
>    Affects Versions: 2.0.1
>            Reporter: Svetoslav Neykov
>              Labels: google-compute-engine
>
> I'd like to try implement the {{SecurityGroupExtension}} interface for GCE. Looking at the documentation it seems that the combination of firewall rules and node tags is flexible enough to allow us implement the functionality.
> It's been tried before but the implementation's been removed (see \[1]). It's main drawback is that for each security group the code creates a new network.
> Currently the biggest mismatch between the jclouds abstraction and the GCE functionality is that its firewall rules must be attached to a network. 
> Here's my suggested approach:
>   * IpPermission roughly corresponds to a firewall rule
>   * SecurityGroup is just a collection of firewall rules (there's no cloud resources that corresponds to it). The firewall rules of a security group share the same prefix - {{jclouds-sg-<sg name>-<permission suffix>}}. They all belong to the same network.
>   * *They key bit*: {{createSecurityGroup}} accepts a {{Location}} with a scope of {{Network}}, returning a custom implementation of {{SecurityGroup}} which keeps a reference to the network, so all {{IpPermission}} objects added subsequently will be on it.
> While the suggested approach fits into the {{SecurityGroupExtension}} interface it's different enough from the other implementations that it might not be worth the trouble of implementing and supporting (even be harmful as users might be surprised by the different behaviour).
> Would be interested in hearing other opinions on the approach.
> \[1] https://github.com/jclouds/jclouds/commit/2ba48dc9f66416b5d8515bd6a07b27a213d89a7c



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)