Refactor NAT rule creation.

tintoy · tintoy · commit a44544883406 · 2016-11-03T17:28:12.000+11:00
diff --git a/client.go b/client.go
@@ -226,39 +226,7 @@ func (driver *Driver) deployServer() (*compute.Server, error) {
 	log.Debugf("Server '%s' ('%s') has been successfully deployed...", driver.ServerID, server.Name)
 
 	driver.PrivateIPAddress = *server.Network.PrimaryAdapter.PrivateIPv4Address
-
-	log.Debugf("Creating NAT rule for server '%s' ('%s')...", driver.MachineName, driver.PrivateIPAddress)
-
-	natRule, err := driver.getExistingNATRuleByInternalIP(driver.PrivateIPAddress)
-	if natRule == nil {
-		err = driver.ensurePublicIPAvailable()
-		if err != nil {
-			return nil, err
-		}
-
-		natRuleID, err := client.AddNATRule(driver.NetworkDomainID, driver.PrivateIPAddress, nil)
-		if err != nil {
-			return nil, err
-		}
-		natRule, err = client.GetNATRule(natRuleID)
-		if err != nil {
-			return nil, err
-		}
-		if natRule == nil {
-			return nil, fmt.Errorf("Failed to retrieve newly-created NAT rule '%s' for server '%s'", natRuleID, driver.MachineName)
-		}
-	} else {
-		log.Debugf("NAT rule already exists (Id = '%s').", natRule.ID)
-	}
-
-	driver.IPAddress = natRule.ExternalIPAddress
-
-	log.Debugf("Created NAT rule '%s' for server '%s' (Ext:'%s' -> Int:'%s').",
-		driver.NATRuleID,
-		driver.MachineName,
-		driver.IPAddress,
-		driver.PrivateIPAddress,
-	)
+	driver.IPAddress = driver.PrivateIPAddress // NAT rule not created yet.
 
 	return server, nil
 }
@@ -297,39 +265,111 @@ func (driver *Driver) buildDeploymentConfiguration() (deploymentConfiguration co
 	return
 }
 
-// Ensure that at least one public IP address is available in the target network domain.
-func (driver *Driver) ensurePublicIPAvailable() error {
-	if driver.NetworkDomainID == "" {
-		return errors.New("Network domain has not been resolved.")
+// Has a NAT rule been created for the server?
+func (driver *Driver) isNATRuleCreated() bool {
+	return driver.NATRuleID != ""
+}
+
+// Create a NAT rule to expose the server.
+func (driver *Driver) createNATRuleForServer() error {
+	if !driver.isServerCreated() {
+		return errors.New("Server has not been created")
 	}
 
-	log.Debugf("Verifying that network domain '%s' has a public IP available for server '%s'...", driver.NetworkDomainName, driver.MachineName)
+	if driver.isNATRuleCreated() {
+		return fmt.Errorf("NAT rule '%s' has already been created for server '%s'", driver.NATRuleID, driver.MachineName)
+	}
+
+	log.Debugf("Creating NAT rule for server '%s' ('%s')...", driver.MachineName, driver.PrivateIPAddress)
+
+	natRule, err := driver.getExistingNATRuleByInternalIP(driver.PrivateIPAddress)
+	if natRule == nil {
+		err = driver.ensurePublicIPAvailable()
+		if err != nil {
+			return err
+		}
+
+		client, err := driver.getCloudControlClient()
+		if err != nil {
+			return err
+		}
+
+		driver.NATRuleID, err = client.AddNATRule(driver.NetworkDomainID, driver.PrivateIPAddress, nil)
+		if err != nil {
+			return err
+		}
+		natRule, err = client.GetNATRule(driver.NATRuleID)
+		if err != nil {
+			return err
+		}
+		if natRule == nil {
+			return fmt.Errorf("Failed to retrieve newly-created NAT rule '%s' for server '%s'", driver.NATRuleID, driver.MachineName)
+		}
+
+		log.Debugf("Created NAT rule '%s' for server '%s'", driver.NATRuleID)
+	} else {
+		driver.NATRuleID = natRule.ID
+
+		log.Debugf("NAT rule already exists (Id = '%s').", driver.NATRuleID)
+	}
+
+	driver.IPAddress = natRule.ExternalIPAddress
+
+	log.Debugf("Created NAT rule '%s' for server '%s' (Ext:'%s' -> Int:'%s').",
+		driver.NATRuleID,
+		driver.MachineName,
+		driver.IPAddress,
+		driver.PrivateIPAddress,
+	)
+
+	return nil
+}
+
+// Delete the the server's NAT rule (if any).
+func (driver *Driver) deleteNATRuleForServer() error {
+	if !driver.isServerCreated() {
+		return errors.New("Server has not been created")
+	}
+
+	if !driver.isNATRuleCreated() {
+		log.Debugf("Not deleting NAT rule for server '%s' (no NAT rule was created for it).")
+
+		return nil
+	}
+
+	log.Debugf("Deleting NAT rule '%s' for server '%s' (Ext:'%s' -> Int:'%s')...", driver.NATRuleID, driver.MachineName, driver.IPAddress, driver.PrivateIPAddress)
 
 	client, err := driver.getCloudControlClient()
 	if err != nil {
 		return err
 	}
 
-	availableIPs, err := client.GetAvailablePublicIPAddresses(driver.NetworkDomainID)
+	natRule, err := client.GetNATRule(driver.NATRuleID)
 	if err != nil {
 		return err
 	}
+	if natRule == nil {
+		log.Debugf("NAT rule '%s' not found; will treat it as already deleted.")
 
-	if len(availableIPs) == 0 {
-		log.Debugf("There are no available public IPs in network domain '%s'; a new block of public IPs will be allocated.", driver.NetworkDomainID)
+		driver.NATRuleID = ""
 
-		blockID, err := client.AddPublicIPBlock(driver.NetworkDomainID)
-		if err != nil {
-			return err
-		}
+		return nil
+	}
 
-		log.Debugf("Allocated new public IP block '%s'.", blockID)
+	err = client.DeleteNATRule(driver.NATRuleID)
+	if err != nil {
+		return err
 	}
 
+	log.Debugf("Deleted NAT rule '%s'.", driver.NATRuleID)
+
+	driver.NATRuleID = ""
+	driver.IPAddress = driver.PrivateIPAddress
+
 	return nil
 }
 
-// Find the existing NAT rule (if any) for the specified internal IPv4 address.
+// Find the existing NAT rule (if any) that forwards IPv4 traffic to specified internal address.
 func (driver *Driver) getExistingNATRuleByInternalIP(internalIPAddress string) (*compute.NATRule, error) {
 	if driver.NetworkDomainID == "" {
 		return nil, errors.New("Network domain has not been resolved.")
@@ -362,3 +402,40 @@ func (driver *Driver) getExistingNATRuleByInternalIP(internalIPAddress string) (
 
 	return nil, nil
 }
+
+// Ensure that at least one public IP address is available in the target network domain.
+func (driver *Driver) ensurePublicIPAvailable() error {
+	if driver.NetworkDomainID == "" {
+		return errors.New("Network domain has not been resolved.")
+	}
+
+	log.Debugf("Verifying that network domain '%s' has a public IP available for server '%s'...", driver.NetworkDomainName, driver.MachineName)
+
+	client, err := driver.getCloudControlClient()
+	if err != nil {
+		return err
+	}
+
+	availableIPs, err := client.GetAvailablePublicIPAddresses(driver.NetworkDomainID)
+	if err != nil {
+		return err
+	}
+
+	if len(availableIPs) == 0 {
+		log.Debugf("There are no available public IPs in network domain '%s'; a new block of public IPs will be allocated.", driver.NetworkDomainID)
+
+		blockID, err := client.AddPublicIPBlock(driver.NetworkDomainID)
+		if err != nil {
+			return err
+		}
+
+		log.Debugf("Allocated new public IP block '%s'.", blockID)
+	}
+
+	return nil
+}
+
+// Has a firewall rule been created to allow inbound SSH for the server?
+func (driver *Driver) isSSHFirewallRuleCreated() bool {
+	return driver.SSHFirewallRuleID != ""
+}
diff --git a/driver.go b/driver.go
@@ -64,6 +64,12 @@ type Driver struct {
 	// The initial password used to authenticate to target machines when installing the SSH key.
 	SSHBootstrapPassword string
 
+	// Create a firewall rule to allow SSH access to the taret server?
+	CreateSSHFirewallRule bool
+
+	// The Id of the firewall rule (if any) created for inbound SSH access to the target server.
+	SSHFirewallRuleID string
+
 	// The CloudControl API client.
 	client *compute.Client
 }
@@ -129,6 +135,10 @@ func (driver *Driver) GetCreateFlags() []mcnflag.Flag {
 			Usage:  "The initial SSH password used to bootstrap SSH key authentication",
 			Value:  "",
 		},
+		mcnflag.BoolFlag{
+			Name:  "ddcloud-create-ssh-firewall-rule",
+			Usage: "Create a firewall rule to allow SSH access to the taret server? Default: false",
+		},
 	}
 }
 
@@ -154,6 +164,8 @@ func (driver *Driver) SetConfigFromFlags(flags drivers.DriverOptions) error {
 
 	driver.SSHBootstrapPassword = flags.String("ddcloud-ssh-bootstrap-password")
 
+	driver.CreateSSHFirewallRule = flags.Bool("ddcloud-create-ssh-firewall-rule")
+
 	log.Debugf("docker-machine-driver-ddcloud %s", DriverVersion)
 
 	return nil
@@ -219,9 +231,13 @@ func (driver *Driver) Create() error {
 		return err
 	}
 
-	log.Infof("Server '%s' has private IP '%s'.", driver.MachineName, driver.IPAddress)
+	err = driver.createNATRuleForServer()
+	if err != nil {
+		return err
+	}
 
-	// TODO: Create NAT and firewall rules, if required.
+	log.Infof("Server '%s' has private IP '%s'.", driver.MachineName, driver.PrivateIPAddress)
+	log.Infof("Server '%s' has public IP '%s'.", driver.MachineName, driver.IPAddress)
 
 	log.Infof("Configuring SSH key for server '%s' ('%s')...", driver.MachineName, driver.IPAddress)
 	err = driver.installSSHKey()
diff --git a/vendor/github.com/DimensionDataResearch/go-dd-cloud-compute b/vendor/github.com/DimensionDataResearch/go-dd-cloud-compute
