diff options
author | Trygve Laugstøl <trygvis@inamo.no> | 2021-01-03 23:58:21 +0100 |
---|---|---|
committer | Trygve Laugstøl <trygvis@inamo.no> | 2021-01-03 23:58:21 +0100 |
commit | 4dcc43061d05f14ceddbb9f3a0c43ab908b89a4b (patch) | |
tree | 6287e48715840f68ae3449e491fb3a0b5a45f480 | |
parent | b7d0da791505ec08bc5e87dc1f5245078c8b3d42 (diff) | |
download | rules-sandbox-4dcc43061d05f14ceddbb9f3a0c43ab908b89a4b.tar.gz rules-sandbox-4dcc43061d05f14ceddbb9f3a0c43ab908b89a4b.tar.bz2 rules-sandbox-4dcc43061d05f14ceddbb9f3a0c43ab908b89a4b.tar.xz rules-sandbox-4dcc43061d05f14ceddbb9f3a0c43ab908b89a4b.zip |
VPN work.
Also better sorting of output objects.
-rw-r--r-- | acme.yaml | 13 | ||||
-rw-r--r-- | out/phase-1.yaml | 325 | ||||
-rw-r--r-- | out/vpn0.yaml (renamed from out/vs0.yaml) | 58 | ||||
-rw-r--r-- | src/main/java/io/trygvis/rules/acme/AcmeIo.java | 19 | ||||
-rw-r--r-- | src/main/java/io/trygvis/rules/engine/Main.java | 2 | ||||
-rw-r--r-- | src/main/resources/io/trygvis/rules/acme/acme.drl | 9 | ||||
-rw-r--r-- | src/main/resources/io/trygvis/rules/acme/vpn.drl | 30 | ||||
-rw-r--r-- | src/main/resources/io/trygvis/rules/machine/machine.drl | 6 |
8 files changed, 266 insertions, 196 deletions
@@ -37,16 +37,5 @@ data: --- type: io.trygvis.rules.acme.WgNet data: - name: vs0 + name: vpn0 domain: vpn.acme.com - ---- -type: io.trygvis.rules.acme.WgHost -data: - name: ws-1 - net: vs0 ---- -type: io.trygvis.rules.acme.WgHost -data: - name: ws-2 - net: vs0 diff --git a/out/phase-1.yaml b/out/phase-1.yaml index 48a6365..7347ca8 100644 --- a/out/phase-1.yaml +++ b/out/phase-1.yaml @@ -1,47 +1,137 @@ --- -type: "io.trygvis.rules.dba.Container" +type: "io.trygvis.rules.acme.AcmeMyApp" data: - cluster: - name: "acme-ci" - name: "app" - machineRole: "statera-console" - image: "statera-console" - tag: "development" + environment: "ci" + dockerTag: "development" +--- +type: "io.trygvis.rules.acme.AcmeMyApp" +data: + environment: "production" + dockerTag: "master" +--- +type: "io.trygvis.rules.acme.AcmeServer" +data: + machine: + name: "acme-2" + fqdn: "acme-2.machine.acme.com" +--- +type: "io.trygvis.rules.acme.AcmeServer" +data: + machine: + name: "acme-1" + fqdn: "acme-1.machine.acme.com" +--- +type: "io.trygvis.rules.acme.AcmeServer" +data: + machine: + name: "acme-3" + fqdn: "acme-3.machine.acme.com" +--- +type: "io.trygvis.rules.acme.AcmeServer" +data: + machine: + name: "acme-2" + fqdn: "acme-2.machine.acme.com" +--- +type: "io.trygvis.rules.acme.AcmeServer" +data: + machine: + name: "acme-3" + fqdn: "acme-3.machine.acme.com" +--- +type: "io.trygvis.rules.acme.AcmeServer" +data: + machine: + name: "acme-1" + fqdn: "acme-1.machine.acme.com" +--- +type: "io.trygvis.rules.acme.WgHost" +data: + name: "acme-1" + net: "vpn0" + publicName: "acme-1.machine.acme.com" + netToNetIp: null + networkIp: null +--- +type: "io.trygvis.rules.acme.WgHost" +data: + name: "acme-2" + net: "vpn0" + publicName: "acme-2.machine.acme.com" + netToNetIp: null + networkIp: null +--- +type: "io.trygvis.rules.acme.WgHost" +data: + name: "acme-3" + net: "vpn0" + publicName: "acme-3.machine.acme.com" + netToNetIp: null + networkIp: null +--- +type: "io.trygvis.rules.acme.WgHost" +data: + name: "ws-1" + net: "vpn0" + publicName: null + netToNetIp: null + networkIp: null +--- +type: "io.trygvis.rules.acme.WgHost" +data: + name: "ws-2" + net: "vpn0" + publicName: null + netToNetIp: null + networkIp: null +--- +type: "io.trygvis.rules.acme.WgNet" +data: + name: "vpn0" + domain: "vpn.acme.com" +--- +type: "io.trygvis.rules.dba.Cluster" +data: + name: "acme-ci" +--- +type: "io.trygvis.rules.dba.Cluster" +data: + name: "acme-production" --- type: "io.trygvis.rules.dba.Container" data: cluster: - name: "acme-ci" + name: "acme-production" name: "app" - machineRole: "4tune-web" - image: "4tune-web" - tag: "development" + machineRole: "4tune-api" + image: "4tune-api" + tag: "master" --- type: "io.trygvis.rules.dba.Container" data: cluster: name: "acme-production" name: "app" - machineRole: "statera" - image: "statera" + machineRole: "4tune-web" + image: "4tune-web" tag: "master" --- type: "io.trygvis.rules.dba.Container" data: cluster: - name: "acme-production" + name: "acme-ci" name: "app" - machineRole: "statera-console" - image: "statera-console" - tag: "master" + machineRole: "4tune-web" + image: "4tune-web" + tag: "development" --- type: "io.trygvis.rules.dba.Container" data: cluster: name: "acme-ci" name: "app" - machineRole: "statera" - image: "statera" + machineRole: "statera-console" + image: "statera-console" tag: "development" --- type: "io.trygvis.rules.dba.Container" @@ -49,8 +139,8 @@ data: cluster: name: "acme-production" name: "app" - machineRole: "4tune-api" - image: "4tune-api" + machineRole: "statera-console" + image: "statera-console" tag: "master" --- type: "io.trygvis.rules.dba.Container" @@ -65,20 +155,20 @@ data: type: "io.trygvis.rules.dba.Container" data: cluster: - name: "acme-production" + name: "acme-ci" name: "app" - machineRole: "4tune-web" - image: "4tune-web" - tag: "master" + machineRole: "statera" + image: "statera" + tag: "development" --- type: "io.trygvis.rules.dba.Container" data: cluster: - name: "acme-ci" - name: "db" - machineRole: "pdb" - image: "postgresql" - tag: "13" + name: "acme-production" + name: "app" + machineRole: "statera" + image: "statera" + tag: "master" --- type: "io.trygvis.rules.dba.Container" data: @@ -92,7 +182,7 @@ data: type: "io.trygvis.rules.dba.Container" data: cluster: - name: "acme-ci" + name: "acme-production" name: "db" machineRole: "mdb" image: "mongodb" @@ -101,72 +191,30 @@ data: type: "io.trygvis.rules.dba.Container" data: cluster: - name: "acme-production" + name: "acme-ci" name: "db" machineRole: "mdb" image: "mongodb" tag: "3.2" --- -type: "io.trygvis.rules.acme.AcmeMyApp" -data: - environment: "ci" - dockerTag: "development" ---- -type: "io.trygvis.rules.acme.AcmeMyApp" -data: - environment: "production" - dockerTag: "master" ---- -type: "io.trygvis.rules.acme.WgHost" -data: - name: "acme-1" - machine: - name: "acme-1" - fqdn: "acme-1.machine.acme.com" - net: "vs0" - publicName: null - netToNetIp: null - networkIp: null ---- -type: "io.trygvis.rules.acme.WgHost" -data: - name: "acme-2" - machine: - name: "acme-2" - fqdn: "acme-2.machine.acme.com" - net: "vs0" - publicName: null - netToNetIp: null - networkIp: null ---- -type: "io.trygvis.rules.acme.WgHost" +type: "io.trygvis.rules.dba.Container" data: - name: "acme-3" - machine: - name: "acme-3" - fqdn: "acme-3.machine.acme.com" - net: "vs0" - publicName: null - netToNetIp: null - networkIp: null + cluster: + name: "acme-ci" + name: "db" + machineRole: "pdb" + image: "postgresql" + tag: "13" --- -type: "io.trygvis.rules.acme.WgHost" +type: "io.trygvis.rules.dns.DnsEntry" data: - name: "ws-1" - machine: null - net: "vs0" - publicName: null - netToNetIp: null - networkIp: null + fqdn: "ws-1.vpn.acme.com" + type: "A" --- -type: "io.trygvis.rules.acme.WgHost" +type: "io.trygvis.rules.dns.DnsEntry" data: - name: "ws-2" - machine: null - net: "vs0" - publicName: null - netToNetIp: null - networkIp: null + fqdn: "acme-2.machine.acme.com" + type: "A" --- type: "io.trygvis.rules.dns.DnsEntry" data: @@ -175,66 +223,57 @@ data: --- type: "io.trygvis.rules.dns.DnsEntry" data: - fqdn: "ws-1.vpn.acme.com" + fqdn: "acme-3.machine.acme.com" type: "A" --- type: "io.trygvis.rules.dns.DnsEntry" data: - fqdn: "acme-2.vpn.acme.com" + fqdn: "acme-1.vpn.acme.com" type: "A" --- type: "io.trygvis.rules.dns.DnsEntry" data: - fqdn: "acme-3.vpn.acme.com" + fqdn: "acme-2.vpn.acme.com" type: "A" --- type: "io.trygvis.rules.dns.DnsEntry" data: - fqdn: "acme-1.vpn.acme.com" + fqdn: "acme-1.machine.acme.com" type: "A" --- -type: "io.trygvis.rules.dba.Cluster" -data: - name: "acme-ci" ---- -type: "io.trygvis.rules.dba.Cluster" +type: "io.trygvis.rules.dns.DnsEntry" data: - name: "acme-production" + fqdn: "acme-3.vpn.acme.com" + type: "A" --- -type: "io.trygvis.rules.terraform.ScalewayMachine" +type: "io.trygvis.rules.dns.DnsEntryTerraformExpression" data: - machine: - name: "acme-1" + entry: fqdn: "acme-1.machine.acme.com" + type: "A" key: "acme-1" + expression: "scaleway_instance_ip.acme-1.address" --- -type: "io.trygvis.rules.terraform.ScalewayMachine" +type: "io.trygvis.rules.dns.DnsEntryTerraformExpression" data: - machine: - name: "acme-2" + entry: fqdn: "acme-2.machine.acme.com" + type: "A" key: "acme-2" + expression: "scaleway_instance_ip.acme-2.address" --- -type: "io.trygvis.rules.terraform.ScalewayMachine" +type: "io.trygvis.rules.dns.DnsEntryTerraformExpression" data: - machine: - name: "acme-3" + entry: fqdn: "acme-3.machine.acme.com" + type: "A" key: "acme-3" + expression: "scaleway_instance_ip.acme-3.address" --- -type: "io.trygvis.rules.terraform.ScalewayMachine" -data: - machine: - name: "ws-1" - fqdn: null - key: "ws-1" ---- -type: "io.trygvis.rules.terraform.ScalewayMachine" +type: "io.trygvis.rules.engine.KeyValue" data: - machine: - name: "ws-2" - fqdn: null - key: "ws-2" + key: "rm-gen" + value: null --- type: "io.trygvis.rules.machine.Machine" data: @@ -261,30 +300,58 @@ data: name: "ws-2" fqdn: null --- -type: "io.trygvis.rules.acme.AcmeServer" +type: "io.trygvis.rules.terraform.ScalewayMachine" data: machine: - name: "acme-3" - fqdn: "acme-3.machine.acme.com" + name: "acme-1" + fqdn: "acme-1.machine.acme.com" + key: "acme-1" --- -type: "io.trygvis.rules.acme.AcmeServer" +type: "io.trygvis.rules.terraform.ScalewayMachine" data: machine: name: "acme-1" fqdn: "acme-1.machine.acme.com" + key: "acme-1" --- -type: "io.trygvis.rules.acme.AcmeServer" +type: "io.trygvis.rules.terraform.ScalewayMachine" data: machine: name: "acme-2" fqdn: "acme-2.machine.acme.com" + key: "acme-2" --- -type: "io.trygvis.rules.engine.KeyValue" +type: "io.trygvis.rules.terraform.ScalewayMachine" data: - key: "rm-gen" - value: null + machine: + name: "acme-2" + fqdn: "acme-2.machine.acme.com" + key: "acme-2" --- -type: "io.trygvis.rules.acme.WgNet" +type: "io.trygvis.rules.terraform.ScalewayMachine" data: - name: "vs0" - domain: "vpn.acme.com" + machine: + name: "acme-3" + fqdn: "acme-3.machine.acme.com" + key: "acme-3" +--- +type: "io.trygvis.rules.terraform.ScalewayMachine" +data: + machine: + name: "acme-3" + fqdn: "acme-3.machine.acme.com" + key: "acme-3" +--- +type: "io.trygvis.rules.terraform.ScalewayMachine" +data: + machine: + name: "ws-1" + fqdn: null + key: "ws-1" +--- +type: "io.trygvis.rules.terraform.ScalewayMachine" +data: + machine: + name: "ws-2" + fqdn: null + key: "ws-2" diff --git a/out/vs0.yaml b/out/vpn0.yaml index 2ca168b..038ebd6 100644 --- a/out/vs0.yaml +++ b/out/vpn0.yaml @@ -2,41 +2,31 @@ type: "io.trygvis.rules.acme.WgHost" data: name: "acme-1" - machine: - name: "acme-1" - fqdn: "acme-1.machine.acme.com" - net: "vs0" - publicName: null + net: "vpn0" + publicName: "acme-1.machine.acme.com" netToNetIp: null networkIp: null --- type: "io.trygvis.rules.acme.WgHost" data: name: "acme-2" - machine: - name: "acme-2" - fqdn: "acme-2.machine.acme.com" - net: "vs0" - publicName: null + net: "vpn0" + publicName: "acme-2.machine.acme.com" netToNetIp: null networkIp: null --- type: "io.trygvis.rules.acme.WgHost" data: name: "acme-3" - machine: - name: "acme-3" - fqdn: "acme-3.machine.acme.com" - net: "vs0" - publicName: null + net: "vpn0" + publicName: "acme-3.machine.acme.com" netToNetIp: null networkIp: null --- type: "io.trygvis.rules.acme.WgHost" data: name: "ws-1" - machine: null - net: "vs0" + net: "vpn0" publicName: null netToNetIp: null networkIp: null @@ -44,12 +34,26 @@ data: type: "io.trygvis.rules.acme.WgHost" data: name: "ws-2" - machine: null - net: "vs0" + net: "vpn0" publicName: null netToNetIp: null networkIp: null --- +type: "io.trygvis.rules.acme.WgNet" +data: + name: "vpn0" + domain: "vpn.acme.com" +--- +type: "io.trygvis.rules.dns.DnsEntry" +data: + fqdn: "ws-1.vpn.acme.com" + type: "A" +--- +type: "io.trygvis.rules.dns.DnsEntry" +data: + fqdn: "acme-2.machine.acme.com" + type: "A" +--- type: "io.trygvis.rules.dns.DnsEntry" data: fqdn: "ws-2.vpn.acme.com" @@ -57,7 +61,12 @@ data: --- type: "io.trygvis.rules.dns.DnsEntry" data: - fqdn: "ws-1.vpn.acme.com" + fqdn: "acme-3.machine.acme.com" + type: "A" +--- +type: "io.trygvis.rules.dns.DnsEntry" +data: + fqdn: "acme-1.vpn.acme.com" type: "A" --- type: "io.trygvis.rules.dns.DnsEntry" @@ -67,12 +76,12 @@ data: --- type: "io.trygvis.rules.dns.DnsEntry" data: - fqdn: "acme-3.vpn.acme.com" + fqdn: "acme-1.machine.acme.com" type: "A" --- type: "io.trygvis.rules.dns.DnsEntry" data: - fqdn: "acme-1.vpn.acme.com" + fqdn: "acme-3.vpn.acme.com" type: "A" --- type: "io.trygvis.rules.machine.Machine" @@ -99,8 +108,3 @@ type: "io.trygvis.rules.machine.Machine" data: name: "ws-2" fqdn: null ---- -type: "io.trygvis.rules.acme.WgNet" -data: - name: "vs0" - domain: "vpn.acme.com" diff --git a/src/main/java/io/trygvis/rules/acme/AcmeIo.java b/src/main/java/io/trygvis/rules/acme/AcmeIo.java index 488c93a..0bd0f1e 100644 --- a/src/main/java/io/trygvis/rules/acme/AcmeIo.java +++ b/src/main/java/io/trygvis/rules/acme/AcmeIo.java @@ -15,8 +15,8 @@ import java.lang.reflect.InvocationTargetException; import java.util.ArrayList; import java.util.Collection; import java.util.Comparator; -import java.util.HashMap; import java.util.List; +import java.util.TreeMap; import java.util.function.Function; @SuppressWarnings("unchecked") @@ -83,10 +83,6 @@ public class AcmeIo { private static <A, T extends Comparable<T>> Comparator comparable(Class<A> klass, String name) { - if (klass.getName().contains("Wg")) { - System.out.println("AcmeIo.invoker"); - } - try { var method = klass.getMethod("get" + name.substring(0, 1).toUpperCase() + name.substring(1)); if (!method.isAccessible()) { @@ -98,6 +94,17 @@ public class AcmeIo { try { var x = (T) method.invoke(a); var y = (T) method.invoke(b); + + if (x == null && y == null) { + return 0; + } + + if (x == null) { + return -1; + } else if (y == null) { + return 1; + } + return x.compareTo(y); } catch (IllegalAccessException | InvocationTargetException e) { throw new RuntimeException(e); @@ -133,7 +140,7 @@ public class AcmeIo { } } - var facts = new HashMap<Class<?>, FactCollection<Object>>(factHandles.size()); + var facts = new TreeMap<Class<?>, FactCollection<Object>>(Comparator.comparing(Class::getName)); for (var handle : factHandles) { if (handle instanceof DefaultFactHandle h) { var obj = h.getObject(); diff --git a/src/main/java/io/trygvis/rules/engine/Main.java b/src/main/java/io/trygvis/rules/engine/Main.java index a3b0259..5556db7 100644 --- a/src/main/java/io/trygvis/rules/engine/Main.java +++ b/src/main/java/io/trygvis/rules/engine/Main.java @@ -38,7 +38,7 @@ public class Main { io.dump("phase-1", session.getFactHandles()); - io.dump("vs0", session.getFactHandles(), (Object o) -> { + io.dump("vpn0", session.getFactHandles(), (Object o) -> { return o.getClass().getName().contains("Wg") || o instanceof Machine || o instanceof DnsEntry; }); diff --git a/src/main/resources/io/trygvis/rules/acme/acme.drl b/src/main/resources/io/trygvis/rules/acme/acme.drl index e2cb9da..72d296c 100644 --- a/src/main/resources/io/trygvis/rules/acme/acme.drl +++ b/src/main/resources/io/trygvis/rules/acme/acme.drl @@ -8,6 +8,11 @@ declare AcmeServer machine : Machine end +//declare MachinePublicName +// machine : Machine +// fqdn : String +//end + rule "Ops" when $ops: AcmeOps() @@ -45,8 +50,10 @@ end rule "Set public domain for ACME servers" when - $s : AcmeServer() + $m : Machine(fqdn == null) + $s : AcmeServer(machine == $m) then var fqdn = "%s.machine.acme.com".formatted($s.machine.name); $s.machine.fqdn = fqdn; + update($s.machine) end diff --git a/src/main/resources/io/trygvis/rules/acme/vpn.drl b/src/main/resources/io/trygvis/rules/acme/vpn.drl index 3f62fbd..cfdbef9 100644 --- a/src/main/resources/io/trygvis/rules/acme/vpn.drl +++ b/src/main/resources/io/trygvis/rules/acme/vpn.drl @@ -2,6 +2,7 @@ package io.trygvis.rules.acme; import io.trygvis.rules.machine.Machine; import io.trygvis.rules.dns.DnsEntry; +import io.trygvis.rules.acme.AcmeServer; dialect "mvel" @@ -12,34 +13,35 @@ end declare WgHost name : String - machine : Machine +// machine : Machine net : String publicName : String netToNetIp : String networkIp : String end -rule "Set name from machine's name" - salience 10 -when - $h : WgHost(name == null, machine != null) -then - $h.name = $h.machine.name; - - update($h) -end - rule "WgHost VPN machines" when - $machine : Machine(name.startsWith("acme-")) - $wgNet : WgNet(name == "vs0") + $machine : Machine() + $wgNet : WgNet(name == "vpn0") + not(WgHost(name == $machine.name)) then var wgHost = new WgHost(); - wgHost.machine = $machine; + wgHost.name = $machine.name; wgHost.net = $wgNet.name; + wgHost.publicName = $machine.fqdn; insert(wgHost) end +rule "Set public name of WgHost" +when + $host : WgHost(publicName == null) + $m : Machine(name == $host.name, fqdn != null) +then + $host.publicName = $m.fqdn; + update($host) +end + rule "Make DNS entries for all VPN hosts" when $h : WgHost() diff --git a/src/main/resources/io/trygvis/rules/machine/machine.drl b/src/main/resources/io/trygvis/rules/machine/machine.drl index df0d002..a9a379f 100644 --- a/src/main/resources/io/trygvis/rules/machine/machine.drl +++ b/src/main/resources/io/trygvis/rules/machine/machine.drl @@ -4,9 +4,3 @@ import io.trygvis.rules.dba.Cluster; import io.trygvis.rules.dba.Container; import io.trygvis.rules.machine.Machine; import io.trygvis.rules.dns.DnsEntry; - -rule "New machine" -when - $container: Container() -then -end |