Openstack Security group support for UDP and ICMP (spinnaker#2580)

Author: gadresushrut

app/scripts/modules/openstack/common/validateType.directive.js

@@ -0,0 +1,38 @@
+'use strict';
+
+let angular = require('angular');
+
+module.exports = angular.module('spinnaker.openstack.validateType.directive', [
+])
+.directive('validateType', [
+  function() {
+
+    var link = function($scope, $element, $attrs, ctrl) {
+
+      var validate = function(viewValue) {
+        var comparisonModel = $attrs.validateType;
+
+        if(parseInt(viewValue, 10) === -1 && parseInt(comparisonModel, 10) > -1)  {
+          ctrl.$setValidity('validateType', false);
+        }
+        else {
+          ctrl.$setValidity('validateType', true);
+        }
+        return viewValue;
+      };
+
+      ctrl.$parsers.unshift(validate);
+      ctrl.$formatters.push(validate);
+
+      $attrs.$observe('validateType', function() {
+        return validate(ctrl.$viewValue);
+      });
+    };
+
+    return {
+      require: 'ngModel',
+      link: link
+    };
+
+  }
+]);

app/scripts/modules/openstack/securityGroup/configure/wizard/basicSettings.html

@@ -42,6 +42,20 @@ <h3 us-spinner="{radius:30, width:8, length: 16}"></h3>
             <input type="text" class="form-control input-sm" ng-disabled="true" ng-model="securityGroup.stack" />
           </div>
       </div>
+      <div class="form-group">
+          <div class="col-md-3 sm-label-right">Detail <help-field key="openstack.securitygroup.detail"></help-field></div>
+          <div class="col-md-7" ng-if="isNew">
+              <input type="text"
+                     class="form-control input-sm"
+                     ng-model="securityGroup.detail"
+                     name="detailName"
+                     ng-change="ctrl.updateName()"
+                     ng-pattern="/^[a-zA-Z0-9]*$/"/>
+          </div>
+          <div class="col-md-7" ng-if="!isNew">
+              <input type="text" class="form-control input-sm" ng-disabled="true" ng-model="securityGroup.detail" />
+          </div>
+      </div>
       <div class="form-group">
         <div class="col-md-3 sm-label-right">Description <help-field key="openstack.securitygroup.description"></help-field></div>
         <div class="col-md-7">

app/scripts/modules/openstack/securityGroup/configure/wizard/rules.controller.js

@@ -4,13 +4,98 @@ let angular = require('angular');
 
 module.exports = angular.module('spinnaker.securityGroup.configure.openstack.ports', [
     require('../../transformer.js'),
+    require('../../../common/validateType.directive.js'),
 ])
-  .controller('openstackSecurityGroupRulesController', function($scope, openstackSecurityGroupTransformer) {
+  .controller('openstackSecurityGroupRulesController', function($scope, openstackSecurityGroupTransformer, infrastructureCaches, securityGroupReader, cacheInitializer, rx) {
+    this.infiniteScroll = {
+      currentItems: 20,
+    };
+
+    $scope.$watch('securityGroup.region', function() {
+      var account = $scope.securityGroup.credentials || $scope.securityGroup.account;
+      $scope.loadSecurityGroups(account, $scope.securityGroup.region);
+    });
+
+    $scope.$watch('securityGroup.account', function() {
+      var account = $scope.securityGroup.credentials || $scope.securityGroup.account;
+      $scope.loadSecurityGroups(account, $scope.securityGroup.region);
+    });
+
+    this.addMoreItems = () => this.infiniteScroll.currentItems += 20;
+
     this.addRule = function() {
       $scope.securityGroup.rules.push(openstackSecurityGroupTransformer.constructNewIngressRule());
     };
 
+    this.getSecurityGroupRefreshTime = function() {
+       return infrastructureCaches.securityGroups.getStats().ageMax;
+    };
+
+    $scope.allSecurityGroupsUpdated = new rx.Subject();
+
+    $scope.initializeSecurityGroups = function() {
+       return securityGroupReader.getAllSecurityGroups().then(function (securityGroups) {
+         $scope.state.securityGroupsLoaded = true;
+         var account = $scope.securityGroup.credentials || $scope.securityGroup.account;
+         var region = $scope.securityGroup.region;
+
+         if(account && region) {
+           $scope.availableSecurityGroups = _.filter(securityGroups[account].openstack[region]);
+         } else {
+           $scope.availableSecurityGroups = securityGroups;
+         }
+
+         //Add CIDR at the start of avaibleSecurityGroup Collection.
+         var cidrObj = {
+           id: 'CIDR',
+           name: 'CIDR'
+         };
+
+         if ($scope.availableSecurityGroups.unshift && $scope.availableSecurityGroups.some(g => g.id !== 'CIDR')) {
+           $scope.availableSecurityGroups.unshift(cidrObj);
+         }
+
+         $scope.allSecurityGroupsUpdated.onNext();
+       });
+    };
+
+    $scope.remoteSecurityGroupSelected = function(indx, remoteSecurityGroupId) {
+      var rule = $scope.securityGroup.rules[indx];
+      if(remoteSecurityGroupId === 'CIDR') {
+        if(rule.prevcidr === '') {
+          rule.cidr = '0.0.0.0/0';
+          rule.prevcidr = '0.0.0.0/0';
+        }
+        else  {
+          rule.cidr = rule.prevcidr;
+        }
+      }
+      else  {
+        rule.prevcidr = rule.cidr;
+        rule.cidr = '';
+      }
+    };
+
+    this.refreshSecurityGroups = function() {
+       $scope.state.refreshingSecurityGroups = true;
+       return cacheInitializer.refreshCache('securityGroups').then(function() {
+         return $scope.initializeSecurityGroups().then(function() {
+           $scope.state.refreshingSecurityGroups = false;
+         }, function() {
+           $scope.state.refreshingSecurityGroups = false;
+         });
+       }, function() {
+         $scope.state.refreshingSecurityGroups = false;
+       });
+    };
+
     this.removeRule = function(i) {
       $scope.securityGroup.rules.splice(i, 1);
     };
+
+    $scope.loadSecurityGroups = function(account, region) {
+      if(account !== undefined && region !== undefined)  {
+        $scope.initializeSecurityGroups();
+      }
+    };
   });

app/scripts/modules/openstack/securityGroup/configure/wizard/rules.html

@@ -5,8 +5,9 @@
         <thead>
         <tr>
           <th style="width: 15%">Protocol</th>
-          <th style="width: 15%">From Port</th>
-          <th style="width: 15%">To Port</th>
+          <th style="width: 12%" uib-tooltip="From Port is used for TCP and UDP, Type is used for ICMP.">From Port/Type</th>
+          <th style="width: 12%" uib-tooltip="To Port is used for TCP and UDP, Code is used for ICMP.">To Port/Code</th>
+          <th style="width: 20%" uib-tooltip="Remote value can either be a security group or a CIDR.">Remote</th>
           <th style="width: 15%">CIDR</th>
           <th></th>
         </tr>
@@ -15,14 +16,51 @@
           <tbody>
             <tr ng-repeat="rule in securityGroup.rules">
               <td><select class="form-control input-sm" ng-model="rule.ruleType"
-                          ng-options="protocol as protocol.toUpperCase() for protocol in ['tcp']" required></select></td>
-              <td><input class="form-control input-sm" name="fromPort_{{$index}}" type="number" min="1" max="{{rule.toPort}}" ng-model="rule.fromPort" required/></td>
-              <td><input class="form-control input-sm" name="toPort_{{$index}}" type="number" min="{{rule.fromPort}}" max="65535" ng-model="rule.toPort" required/></td>
-              <td><input class="form-control input-sm" type="text" ng-model="rule.cidr" required/></td>
+                          ng-options="protocol as protocol.toUpperCase() for protocol in ['TCP', 'UDP','ICMP']" required></select></td>
+
+              <!--If ruleType is equal to TCP or UDP-->
+              <td ng-if="rule.ruleType.toUpperCase() === 'TCP' || rule.ruleType.toUpperCase() === 'UDP' ">
+                  <input class="form-control input-sm" name="fromPort_{{$index}}" type="number" min="1" max="{{rule.toPort}}" ng-model="rule.fromPort" required/>
+              </td>
+              <td ng-if="rule.ruleType.toUpperCase() === 'TCP' || rule.ruleType.toUpperCase() === 'UDP' ">
+                  <input class="form-control input-sm" name="toPort_{{$index}}" type="number" min="{{rule.fromPort}}" max="65535" ng-model="rule.toPort" required/>
+              </td>
+
+              <!--If ruleType equal to ICMP-->
+              <td ng-if="rule.ruleType.toUpperCase() === 'ICMP' ">
+                  <input class="form-control input-sm" name="icmpType_{{$index}}"
+                         type="number" min="-1" max="255" ng-model="rule.icmpType" required
+                         validate-type="{{rule.icmpCode}}" icmp-index="{{$index}}"/>
+              </td>
+              <td ng-if="rule.ruleType.toUpperCase() === 'ICMP' ">
+                  <input class="form-control input-sm" name="icmpCode_{{$index}}"
+                         type="number" min="-1" max="255" ng-model="rule.icmpCode" required/>
+              </td>
+
+              <td>
+                  <ui-select ng-model="rule.remoteSecurityGroupId" class="form-control input-sm" required style="width: 100%" on-select="remoteSecurityGroupSelected($index, rule.remoteSecurityGroupId)">
+                      <ui-select-match>{{$select.selected.name}}</ui-select-match>
+                      <ui-select-choices repeat="securityGroup.id as securityGroup in availableSecurityGroups | filter: $select.search | limitTo: rulesController.infiniteScroll.currentItems"
+                                         infinite-scroll="rulesController.addMoreItems()"
+                                         infinite-scroll-distance="2">
+                          <span ng-bind-html="securityGroup.name | highlight: $select.search"></span>
+                      </ui-select-choices>
+                  </ui-select>
+              </td>
+
+              <td ng-if="rule.remoteSecurityGroupId.id === undefined && rule.remoteSecurityGroupId === 'CIDR'">
+                <input class="form-control input-sm" type="text" ng-model="rule.cidr" required ng-disabled="!(rule.remoteSecurityGroupId.id === undefined && rule.remoteSecurityGroupId === 'CIDR')" />
+              </td>
+              <td ng-if="rule.remoteSecurityGroupId.id === undefined && rule.remoteSecurityGroupId !== 'CIDR'">
+                <input class="form-control input-sm" type="text" ng-model="rule.cidr" ng-disabled="rule.remoteSecurityGroupId.id === undefined && rule.remoteSecurityGroupId !== 'CIDR'"/>
+              </td>
+
               <td><a class="sm-label"
                      ng-click="rulesController.removeRule($index)">
                 <span class="glyphicon glyphicon-trash"></span></a>
               </td>
+
+              <!--Validation-->
               <td>
                 <validation-error ng-if="rules['fromPort_'+$index].$error.min"
                                   message="Port should be greater than 0.">
@@ -36,6 +74,23 @@
                 <validation-error ng-if="rules['toPort_'+$index].$error.max"
                                   message="Port should be less than or equal to 65535.">
                 </validation-error>
+
+                <validation-error ng-if="rules['icmpType_'+$index].$error.min"
+                                  message="ICMP Type should be greater than or equal to -1.">
+                </validation-error>
+                <validation-error ng-if="rules['icmpType_'+$index].$error.max"
+                                  message="ICMP Type should be less than or equal to 255.">
+                </validation-error>
+                <validation-error ng-if="rules['icmpType_'+$index].$error.validateType"
+                                  message="ICMP Type cannot be -1 when Code is greater that -1.">
+                </validation-error>
+
+                <validation-error ng-if="rules['icmpCode_'+$index].$error.min"
+                                  message="ICMP Code should be greater than or equal to -1.">
+                </validation-error>
+                <validation-error ng-if="rules['icmpCode_'+$index].$error.max"
+                                  message="ICMP Code should be less than or equal to 255.">
+                </validation-error>
               </td>
             </tr>
           </tbody>
@@ -51,5 +106,18 @@
         </div>
       </table>
     </div>
+  <div class="col-md-12" style="margin-top: 20px">
+    <div class="col-md-12">
+        <p>
+            <span ng-if="state.refreshingSecurityGroups"><span class="small glyphicon glyphicon-refresh glyphicon-spinning"></span></span>
+            Security groups
+            <span ng-if="!state.refreshingSecurityGroups">last refreshed {{ rulesController.getSecurityGroupRefreshTime() | timestamp }}</span>
+            <span ng-if="state.refreshingSecurityGroups"> refreshing...</span>
+        </p>
+        <p>If you're not finding a security group that was recently added,
+            <a href ng-click="rulesController.refreshSecurityGroups()">click here</a> to refresh the list.
+        </p>
+    </div>
+  </div>
 </div>
 </ng-form>

app/scripts/modules/openstack/securityGroup/configure/wizard/upsert.controller.js

@@ -17,7 +17,7 @@ module.exports = angular.module('spinnaker.securityGroup.openstack.create.contro
   .controller('openstackUpsertSecurityGroupController', function($q, $scope, $uibModalInstance, $state,
                                                                  application, securityGroup,
                                                                  accountService, openstackSecurityGroupTransformer, securityGroupReader, loadBalancerReader,
-                                                                 _, searchService, v2modalWizardService, securityGroupWriter, taskMonitorService) {
+                                                                 _, searchService, v2modalWizardService, securityGroupWriter, taskMonitorService, namingService) {
     var ctrl = this;
     $scope.isNew = !securityGroup.edit;
     $scope.securityGroup = securityGroup;
@@ -133,17 +133,15 @@ module.exports = angular.module('spinnaker.securityGroup.openstack.create.contro
     }
     else {
       $scope.securityGroup = openstackSecurityGroupTransformer.prepareForEdit(securityGroup);
-      $scope.securityGroup.stack = extractStack($scope.securityGroup.name);
+
+      var result = namingService.parseServerGroupName($scope.securityGroup.name);
+      $scope.securityGroup.stack = result.stack;
+      $scope.securityGroup.detail = result.freeFormDetails;
       $scope.state.accountsLoaded = true;
     }
 
     initializeSecurityGroupNames();
 
-    function extractStack(securityGroupName) {
-      var n = securityGroupName.indexOf('-');
-      return securityGroupName.slice( n + 1 , securityGroupName.length);
-    }
-
     // Controller API
     this.updateName = function() {
       $scope.securityGroup.name = this.getName();
@@ -152,7 +150,7 @@ module.exports = angular.module('spinnaker.securityGroup.openstack.create.contro
 
     this.getName = function() {
       var securityGroup = $scope.securityGroup;
-      var securityGroupName = [application.name, (securityGroup.stack || '')].join('-');
+      var securityGroupName = _.compact([application.name, (securityGroup.stack), (securityGroup.detail)]).join('-');
       return _.trimRight(securityGroupName, '-');
     };
 
@@ -172,7 +170,10 @@ module.exports = angular.module('spinnaker.securityGroup.openstack.create.contro
             cloudProvider: 'openstack',
           };
 
-          return securityGroupWriter.upsertSecurityGroup($scope.securityGroup, application, descriptor, params);
+          var copyOfSG = angular.copy($scope.securityGroup);
+          copyOfSG = openstackSecurityGroupTransformer.prepareForSaving(copyOfSG);
+
+          return securityGroupWriter.upsertSecurityGroup(copyOfSG, application, descriptor, params);
         }
       );
     };

app/scripts/modules/openstack/securityGroup/configure/wizard/upsert.controller.spec.js

@@ -33,12 +33,12 @@ describe('Controller: openstackCreateSecurityGroupCtrl', function() {
     };
 
     this.testEditData = {
-      account: undefined, region: 'region1', name: 'sc111', edit: true, rules: [ ], accountName: undefined, stack: 'sc111'
+      account: undefined, region: 'region1', name: 'sc111', edit: true, rules: [ ], accountName: undefined, description: undefined, detail: '', stack: ''
     };
 
 
     this.securityGroupDefaults = {
-      provider: 'openstack', region: '', stack: '', detail: '', account: 'account1', rules: []
+      provider: 'openstack', region: '', stack: '', description: '', detail: '', account: 'account1', rules: []
     };
 
     this.$scope = $rootScope.$new();

app/scripts/modules/openstack/securityGroup/details/details.html

@@ -44,18 +44,36 @@ <h3 select-on-dbl-click>
         <dd>{{securityGroup.description}}</dd>
       </dl>
     </collapsible-section>
-    <collapsible-section heading="Rules ({{securityGroup.ipRangeRules.length || 0}})" expanded="{{!!(securityGroup.ipRangeRules && securityGroup.ipRangeRules.length)}}">
+    <collapsible-section heading="IP Range Rules ({{securityGroup.ipRangeRules.length || 0}})" expanded="{{!!(securityGroup.ipRangeRules && securityGroup.ipRangeRules.length)}}">
       <div ng-if="!securityGroup.ipRangeRules.length">None</div>
 
       <dl ng-class="insightCtrl.vm.filtersExpanded ? '' : 'dl-horizontal dl-medium'"
           ng-repeat="ipRangeRule in securityGroup.ipRangeRules | orderBy: 'range.ip'">
         <dt>IP Range</dt>
         <dd>{{ipRangeRule.range.ip}}{{ipRangeRule.range.cidr}}</dd>
-        <dt ng-if="ipRangeRule.portRanges && ipRangeRule.portRanges[0].startPort">Port Ranges</dt>
-        <dd ng-repeat="portRange in ipRangeRule.portRanges" ng-if="portRange.startPort && portRange.endPort">
+        <dt ng-if="ipRangeRule.portRanges && ipRangeRule.portRanges.length">Port Ranges</dt>
+        <dd ng-repeat="portRange in ipRangeRule.portRanges">
           {{ipRangeRule.protocol}}: {{portRange.startPort}} &rarr; {{portRange.endPort}}
         </dd>
       </dl>
     </collapsible-section>
+    <collapsible-section heading="Security Group Rules ({{securityGroup.securityGroupRules.length || 0}})" expanded="{{!!securityGroup.securityGroupRules.length}}">
+          <div ng-if="!securityGroup.securityGroupRules.length">None</div>
+
+          <dl ng-class="insightCtrl.vm.filtersExpanded ? '' : 'dl-horizontal dl-medium'"
+              ng-repeat="rule in securityGroup.securityGroupRules | orderBy: 'securityGroup.name' ">
+            <dt>Security Group</dt>
+            <dd ng-if="rule.securityGroup.name">
+                  <a ui-sref="^.securityGroupDetails({name: rule.securityGroup.name, accountId: rule.securityGroup.accountName, region: rule.securityGroup.region, vpcId: rule.securityGroup.vpcId, provider: 'openstack'})">
+                      <account-tag account="rule.securityGroup.accountName || rule.securityGroup.accountId" ng-if="rule.securityGroup.accountName !== securityGroup.accountName"></account-tag>
+                    {{rule.securityGroup.name}} ({{rule.securityGroup.id}})
+                </a>
+            </dd>
+            <dt ng-if="rule.portRanges && rule.portRanges.length !== null">Port Ranges</dt>
+            <dd ng-repeat="portRange in rule.portRanges">
+                  {{rule.protocol}}: {{portRange.startPort}} &rarr; {{portRange.endPort}}
+              </dd>
+        </dl>
+    </collapsible-section>
   </div>
 </div>