juju-core

Merge lp://staging/~thumper/juju-core/more-ipperms into lp://staging/~juju/juju-core/trunk

more-ipperms
Merge into trunk

Proposed by Tim Penhey on 2013-04-22

Status:	Work in progress
Proposed branch:	lp://staging/~thumper/juju-core/more-ipperms
Merge into:	lp://staging/~juju/juju-core/trunk
Diff against target:	32 lines (+4/-1) 1 file modified environs/ec2/ec2.go (+4/-1)
To merge this branch:	bzr merge lp://staging/~thumper/juju-core/more-ipperms
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Juju Engineering		2013-04-22	Pending
Review via email: mp+159994@code.staging.launchpad.net

Description of the change

Keep the groupId from ec2 permission groups.

If ec2 tells us only group Id values, and not Names, then we need to be
able to reproduce this when wanting to revoke permissions.

https://codereview.appspot.com/8649047/

Revision history for this message

Tim Penhey (thumper) wrote on 2013-04-22:

Reviewers: mp+159994_code.launchpad.net,

Message:
Please take a look.

Description:
Keep the groupId from ec2 permission groups.

If ec2 tells us only group Id values, and not Names, then we need to be
able to reproduce this when wanting to revoke permissions.

https://code.launchpad.net/~thumper/juju-core/more-ipperms/+merge/159994

(do not edit description out of merge proposal)

Please review this at https://codereview.appspot.com/8649047/

Affected files:
A [revision details]
M environs/ec2/ec2.go

Index: [revision details]
=== added file '[revision details]'
--- [revision details] 2012-01-01 00:00:00 +0000
+++ [revision details] 2012-01-01 00:00:00 +0000
@@ -0,0 +1,2 @@
+Old revision:
<email address hidden>
+New revision: <email address hidden>

Index: environs/ec2/ec2.go
=== modified file 'environs/ec2/ec2.go'
--- environs/ec2/ec2.go 2013-04-16 07:37:30 +0000
+++ environs/ec2/ec2.go 2013-04-22 00:22:03 +0000
@@ -918,6 +918,7 @@
   fromPort int
   toPort int
   groupName string
+ groupId string
   ipAddr string
  }

@@ -936,9 +937,11 @@
    }
    for _, g := range p.SourceGroups {
     k.groupName = g.Name
+ k.groupId = g.Id
     m[k] = true
    }
    k.groupName = ""
+ k.groupId = ""
    for _, ip := range p.SourceIPs {
     k.ipAddr = ip
     m[k] = true
@@ -961,7 +964,7 @@
    if p.ipAddr != "" {
     ipp.SourceIPs = []string{p.ipAddr}
    } else {
- ipp.SourceGroups = []ec2.UserSecurityGroup{{Name: p.groupName}}
+ ipp.SourceGroups = []ec2.UserSecurityGroup{{Name: p.groupName, Id:
p.groupId}}
    }
    ps = append(ps, ipp)
   }

Revision history for this message

Roger Peppe (rogpeppe) wrote on 2013-04-22:

Thanks very much for getting to the bottom of this issue. This does not
LGTM though because I don't believe the fix is correct (see below).
Also, if the live tests didn't fail, we could do with a test please.

https://codereview.appspot.com/8649047/diff/1/environs/ec2/ec2.go
File environs/ec2/ec2.go (right):

https://codereview.appspot.com/8649047/diff/1/environs/ec2/ec2.go#newcode921
environs/ec2/ec2.go:921: groupId string
I'm not sure this is right.

We use the permKey as unique key representing a group permission - the
permissions passed into ensureGroup have perms with only the group name
set, so they won't compare equal to permissions with the group id set,
so this breaks the logic in that function.

I think the right fix is probably to use groupId exclusively. This means
that the ensureGroup in setUpGroups needs to change, because the group
perms refer back to the group itself, and we can't provide its id before
we've created it. So I suggest creating the jujuGroupName group with no
permissions before calling ensureGroup using SourceGroups with the
appropriate id filled out.

This means an extra round trip when starting an instance, but that's
probably no big deal compared to the amount of time it takes anyway.

https://codereview.appspot.com/8649047/

Unmerged revisions

1189. By Tim Penhey on 2013-04-22

Remember the id as well for the groups.

1188. By Dimiter Naydenov on 2013-04-19

environs/cloudinit: fix raring issue

This works around LP bug #1103881, so cloudinit will
succeed on raring, rather than failing to execute
any scripts. The problem seems to be upgrading upstart
causes unexpected failures.

This has been tested live on ec2/eu-west-1 as well.

R=fwereade, rog
CC=
https://codereview.appspot.com/8648047

1187. By Roger Peppe on 2013-04-19

state/statecmd: fix ServiceGet

Fixes bugs #1130149 and #1170425.

R=dimitern, TheMue, fwereade, danilo.segan
CC=
https://codereview.appspot.com/8851045

1186. By William Reade on 2013-04-19

cmd/juju: alphabetise status output fields

R=dimitern
CC=
https://codereview.appspot.com/8834047

1185. By Raphaël Badin on 2013-04-19

Add constraints support to the MAAS provider.

It does not add support for MAAS-specific constraints ('maas-name' and
'maas-tag') because juju-core currently does not support provider-specific
constraints yet.
Also, the constraint 'CpuPower' has no obvious meaning in MAAS so it is simply
ignored (with a warning).

I had to change the testservice in gomaasapi so that the 'acquire' operation
is now recorded (hence the change to existing tests).
[https://code.launchpad.net/~rvb/gomaasapi/record-node-acquire/+merge/159404].

This change was successfully tested in the MAAS lab.

1184. By William Reade on 2013-04-19