Whirr
  1. Whirr
  2. WHIRR-249

Firewall authorization should be idempotent

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.6.0
    • Component/s: None
    • Labels:
      None

      Description

      Sometimes firewall rules are left over from a previous cluster that wasn't shut down properly, leading to cluster launch failure. This can be fixed by making FirewallSettings.authorizeIngress idempotent.

      1. WHIRR-249.patch
        5 kB
        Andrei Savu
      2. WHIRR-249.patch
        5 kB
        Andrei Savu

        Activity

        Hide
        Andrei Savu added a comment -

        Attached patch with integration tests.

        Show
        Andrei Savu added a comment - Attached patch with integration tests.
        Hide
        Andrei Savu added a comment -

        I've also discovered a bug in jclouds. If I specify an empty description when creating a new security group the call signature is wrong.

        For the following call:

        ec2Client.getSecurityGroupServices()
          .createSecurityGroupInRegion(REGION, groupName, "");
        

        I get this exception:

        -------------------------------------------------------------------------------
        Test set: org.apache.whirr.service.jclouds.integration.FirewallSettingsTest
        -------------------------------------------------------------------------------
        Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 4.905 sec <<< FAILURE!
        testFirewallAuthorizationIsIdempotent(org.apache.whirr.service.jclouds.integration.FirewallSettingsTest)  Time elapsed: 1.035 sec  <<< ERROR!
        org.jclouds.rest.AuthorizationException: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
                at org.jclouds.aws.handlers.ParseAWSErrorFromXmlContent.refineException(ParseAWSErrorFromXmlContent.java:114)
                at org.jclouds.aws.handlers.ParseAWSErrorFromXmlContent.handleError(ParseAWSErrorFromXmlContent.java:85)
                at org.jclouds.http.handlers.DelegatingErrorHandler.handleError(DelegatingErrorHandler.java:69)
                at org.jclouds.http.internal.BaseHttpCommandExecutorService$HttpResponseCallable.shouldContinue(BaseHttpCommandExecutorService.java:200)
                at org.jclouds.http.internal.BaseHttpCommandExecutorService$HttpResponseCallable.call(BaseHttpCommandExecutorService.java:165)
                at org.jclouds.http.internal.BaseHttpCommandExecutorService$HttpResponseCallable.call(BaseHttpCommandExecutorService.java:134)
                at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
                at java.util.concurrent.FutureTask.run(FutureTask.java:138)
                at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
                at java.lang.Thread.run(Thread.java:662)
        Caused by: org.jclouds.http.HttpResponseException: command: POST https://ec2.us-east-1.amazonaws.com/ HTTP/1.1 failed with response: HTTP/1.1 403 Forbidden; content: [The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.]
                at org.jclouds.aws.handlers.ParseAWSErrorFromXmlContent.handleError(ParseAWSErrorFromXmlContent.java:74)
                ... 9 more
        
        Show
        Andrei Savu added a comment - I've also discovered a bug in jclouds. If I specify an empty description when creating a new security group the call signature is wrong. For the following call: ec2Client.getSecurityGroupServices() .createSecurityGroupInRegion(REGION, groupName, ""); I get this exception: ------------------------------------------------------------------------------- Test set: org.apache.whirr.service.jclouds.integration.FirewallSettingsTest ------------------------------------------------------------------------------- Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 4.905 sec <<< FAILURE! testFirewallAuthorizationIsIdempotent(org.apache.whirr.service.jclouds.integration.FirewallSettingsTest) Time elapsed: 1.035 sec <<< ERROR! org.jclouds.rest.AuthorizationException: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details. at org.jclouds.aws.handlers.ParseAWSErrorFromXmlContent.refineException(ParseAWSErrorFromXmlContent.java:114) at org.jclouds.aws.handlers.ParseAWSErrorFromXmlContent.handleError(ParseAWSErrorFromXmlContent.java:85) at org.jclouds.http.handlers.DelegatingErrorHandler.handleError(DelegatingErrorHandler.java:69) at org.jclouds.http.internal.BaseHttpCommandExecutorService$HttpResponseCallable.shouldContinue(BaseHttpCommandExecutorService.java:200) at org.jclouds.http.internal.BaseHttpCommandExecutorService$HttpResponseCallable.call(BaseHttpCommandExecutorService.java:165) at org.jclouds.http.internal.BaseHttpCommandExecutorService$HttpResponseCallable.call(BaseHttpCommandExecutorService.java:134) at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) at java.util.concurrent.FutureTask.run(FutureTask.java:138) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662) Caused by: org.jclouds.http.HttpResponseException: command: POST https://ec2.us-east-1.amazonaws.com/ HTTP/1.1 failed with response: HTTP/1.1 403 Forbidden; content: [The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.] at org.jclouds.aws.handlers.ParseAWSErrorFromXmlContent.handleError(ParseAWSErrorFromXmlContent.java:74) ... 9 more
        Hide
        Adrian Cole added a comment -

        Yeah we should ignore the param for an empty description. Thnx for catching.

        Show
        Adrian Cole added a comment - Yeah we should ignore the param for an empty description. Thnx for catching.
        Show
        Adrian Cole added a comment - http://code.google.com/p/jclouds/issues/detail?id=576
        Hide
        Andrei Savu added a comment -

        Fixed one checkstyle error - unused import; it's nice to have that check running on mvn install. I'm planning to commit this tomorrow.

        Show
        Andrei Savu added a comment - Fixed one checkstyle error - unused import; it's nice to have that check running on mvn install. I'm planning to commit this tomorrow.
        Hide
        Tom White added a comment -

        > Fixed one checkstyle error - unused import; it's nice to have that check running on mvn install.

        +1

        Findbugs next? WHIRR-321

        Show
        Tom White added a comment - > Fixed one checkstyle error - unused import; it's nice to have that check running on mvn install. +1 Findbugs next? WHIRR-321
        Hide
        Andrei Savu added a comment -

        I've just committed this. Thanks Tom for reviewing.

        Findbugs next? WHIRR-321

        Sounds great!

        Show
        Andrei Savu added a comment - I've just committed this. Thanks Tom for reviewing. Findbugs next? WHIRR-321 Sounds great!

          People

          • Assignee:
            Andrei Savu
            Reporter:
            Tom White
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development