/**
* Applies the given security group permissions to the given node with the given compute service.
*
* <p>Takes no action if the compute service does not have a security group extension.
*
* @param permissions The set of permissions to be applied to the node
* @param nodeId The id of the node to update
* @param computeService The compute service to use to apply the changes
*/
@VisibleForTesting
Map<String, SecurityGroup> addPermissionsToLocation(
Iterable<IpPermission> permissions, final String nodeId, ComputeService computeService) {
if (!computeService.getSecurityGroupExtension().isPresent()) {
LOG.warn(
"Security group extension for {} absent; cannot update node {} with {}",
new Object[] {computeService, nodeId, permissions});
return ImmutableMap.of();
}
final SecurityGroupExtension securityApi = computeService.getSecurityGroupExtension().get();
final String locationId = computeService.getContext().unwrap().getId();
// Expect to have two security groups on the node: one shared between all nodes in the location,
// that is cached in sharedGroupCache, and one created by Jclouds that is unique to the node.
// Relies on customize having been called before. This should be safe because the arguments
// needed to call this method are not available until post-instance creation.
SecurityGroup machineUniqueSecurityGroup = getSecurityGroup(nodeId, securityApi, locationId);
MutableList<IpPermission> newPermissions = MutableList.copyOf(permissions);
Iterables.removeAll(newPermissions, machineUniqueSecurityGroup.getIpPermissions());
MutableMap<String, SecurityGroup> addedSecurityGroups = MutableMap.of();
for (IpPermission permission : newPermissions) {
SecurityGroup addedPermission =
addPermission(permission, machineUniqueSecurityGroup, securityApi);
addedSecurityGroups.put(addedPermission.getId(), addedPermission);
}
return addedSecurityGroups;
}
