summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTrygve Laugstøl <trygvis@inamo.no>2021-01-03 23:58:21 +0100
committerTrygve Laugstøl <trygvis@inamo.no>2021-01-03 23:58:21 +0100
commit4dcc43061d05f14ceddbb9f3a0c43ab908b89a4b (patch)
tree6287e48715840f68ae3449e491fb3a0b5a45f480
parentb7d0da791505ec08bc5e87dc1f5245078c8b3d42 (diff)
downloadrules-sandbox-4dcc43061d05f14ceddbb9f3a0c43ab908b89a4b.tar.gz
rules-sandbox-4dcc43061d05f14ceddbb9f3a0c43ab908b89a4b.tar.bz2
rules-sandbox-4dcc43061d05f14ceddbb9f3a0c43ab908b89a4b.tar.xz
rules-sandbox-4dcc43061d05f14ceddbb9f3a0c43ab908b89a4b.zip
VPN work.
Also better sorting of output objects.
-rw-r--r--acme.yaml13
-rw-r--r--out/phase-1.yaml325
-rw-r--r--out/vpn0.yaml (renamed from out/vs0.yaml)58
-rw-r--r--src/main/java/io/trygvis/rules/acme/AcmeIo.java19
-rw-r--r--src/main/java/io/trygvis/rules/engine/Main.java2
-rw-r--r--src/main/resources/io/trygvis/rules/acme/acme.drl9
-rw-r--r--src/main/resources/io/trygvis/rules/acme/vpn.drl30
-rw-r--r--src/main/resources/io/trygvis/rules/machine/machine.drl6
8 files changed, 266 insertions, 196 deletions
diff --git a/acme.yaml b/acme.yaml
index 6e9f617..80517b7 100644
--- a/acme.yaml
+++ b/acme.yaml
@@ -37,16 +37,5 @@ data:
---
type: io.trygvis.rules.acme.WgNet
data:
- name: vs0
+ name: vpn0
domain: vpn.acme.com
-
----
-type: io.trygvis.rules.acme.WgHost
-data:
- name: ws-1
- net: vs0
----
-type: io.trygvis.rules.acme.WgHost
-data:
- name: ws-2
- net: vs0
diff --git a/out/phase-1.yaml b/out/phase-1.yaml
index 48a6365..7347ca8 100644
--- a/out/phase-1.yaml
+++ b/out/phase-1.yaml
@@ -1,47 +1,137 @@
---
-type: "io.trygvis.rules.dba.Container"
+type: "io.trygvis.rules.acme.AcmeMyApp"
data:
- cluster:
- name: "acme-ci"
- name: "app"
- machineRole: "statera-console"
- image: "statera-console"
- tag: "development"
+ environment: "ci"
+ dockerTag: "development"
+---
+type: "io.trygvis.rules.acme.AcmeMyApp"
+data:
+ environment: "production"
+ dockerTag: "master"
+---
+type: "io.trygvis.rules.acme.AcmeServer"
+data:
+ machine:
+ name: "acme-2"
+ fqdn: "acme-2.machine.acme.com"
+---
+type: "io.trygvis.rules.acme.AcmeServer"
+data:
+ machine:
+ name: "acme-1"
+ fqdn: "acme-1.machine.acme.com"
+---
+type: "io.trygvis.rules.acme.AcmeServer"
+data:
+ machine:
+ name: "acme-3"
+ fqdn: "acme-3.machine.acme.com"
+---
+type: "io.trygvis.rules.acme.AcmeServer"
+data:
+ machine:
+ name: "acme-2"
+ fqdn: "acme-2.machine.acme.com"
+---
+type: "io.trygvis.rules.acme.AcmeServer"
+data:
+ machine:
+ name: "acme-3"
+ fqdn: "acme-3.machine.acme.com"
+---
+type: "io.trygvis.rules.acme.AcmeServer"
+data:
+ machine:
+ name: "acme-1"
+ fqdn: "acme-1.machine.acme.com"
+---
+type: "io.trygvis.rules.acme.WgHost"
+data:
+ name: "acme-1"
+ net: "vpn0"
+ publicName: "acme-1.machine.acme.com"
+ netToNetIp: null
+ networkIp: null
+---
+type: "io.trygvis.rules.acme.WgHost"
+data:
+ name: "acme-2"
+ net: "vpn0"
+ publicName: "acme-2.machine.acme.com"
+ netToNetIp: null
+ networkIp: null
+---
+type: "io.trygvis.rules.acme.WgHost"
+data:
+ name: "acme-3"
+ net: "vpn0"
+ publicName: "acme-3.machine.acme.com"
+ netToNetIp: null
+ networkIp: null
+---
+type: "io.trygvis.rules.acme.WgHost"
+data:
+ name: "ws-1"
+ net: "vpn0"
+ publicName: null
+ netToNetIp: null
+ networkIp: null
+---
+type: "io.trygvis.rules.acme.WgHost"
+data:
+ name: "ws-2"
+ net: "vpn0"
+ publicName: null
+ netToNetIp: null
+ networkIp: null
+---
+type: "io.trygvis.rules.acme.WgNet"
+data:
+ name: "vpn0"
+ domain: "vpn.acme.com"
+---
+type: "io.trygvis.rules.dba.Cluster"
+data:
+ name: "acme-ci"
+---
+type: "io.trygvis.rules.dba.Cluster"
+data:
+ name: "acme-production"
---
type: "io.trygvis.rules.dba.Container"
data:
cluster:
- name: "acme-ci"
+ name: "acme-production"
name: "app"
- machineRole: "4tune-web"
- image: "4tune-web"
- tag: "development"
+ machineRole: "4tune-api"
+ image: "4tune-api"
+ tag: "master"
---
type: "io.trygvis.rules.dba.Container"
data:
cluster:
name: "acme-production"
name: "app"
- machineRole: "statera"
- image: "statera"
+ machineRole: "4tune-web"
+ image: "4tune-web"
tag: "master"
---
type: "io.trygvis.rules.dba.Container"
data:
cluster:
- name: "acme-production"
+ name: "acme-ci"
name: "app"
- machineRole: "statera-console"
- image: "statera-console"
- tag: "master"
+ machineRole: "4tune-web"
+ image: "4tune-web"
+ tag: "development"
---
type: "io.trygvis.rules.dba.Container"
data:
cluster:
name: "acme-ci"
name: "app"
- machineRole: "statera"
- image: "statera"
+ machineRole: "statera-console"
+ image: "statera-console"
tag: "development"
---
type: "io.trygvis.rules.dba.Container"
@@ -49,8 +139,8 @@ data:
cluster:
name: "acme-production"
name: "app"
- machineRole: "4tune-api"
- image: "4tune-api"
+ machineRole: "statera-console"
+ image: "statera-console"
tag: "master"
---
type: "io.trygvis.rules.dba.Container"
@@ -65,20 +155,20 @@ data:
type: "io.trygvis.rules.dba.Container"
data:
cluster:
- name: "acme-production"
+ name: "acme-ci"
name: "app"
- machineRole: "4tune-web"
- image: "4tune-web"
- tag: "master"
+ machineRole: "statera"
+ image: "statera"
+ tag: "development"
---
type: "io.trygvis.rules.dba.Container"
data:
cluster:
- name: "acme-ci"
- name: "db"
- machineRole: "pdb"
- image: "postgresql"
- tag: "13"
+ name: "acme-production"
+ name: "app"
+ machineRole: "statera"
+ image: "statera"
+ tag: "master"
---
type: "io.trygvis.rules.dba.Container"
data:
@@ -92,7 +182,7 @@ data:
type: "io.trygvis.rules.dba.Container"
data:
cluster:
- name: "acme-ci"
+ name: "acme-production"
name: "db"
machineRole: "mdb"
image: "mongodb"
@@ -101,72 +191,30 @@ data:
type: "io.trygvis.rules.dba.Container"
data:
cluster:
- name: "acme-production"
+ name: "acme-ci"
name: "db"
machineRole: "mdb"
image: "mongodb"
tag: "3.2"
---
-type: "io.trygvis.rules.acme.AcmeMyApp"
-data:
- environment: "ci"
- dockerTag: "development"
----
-type: "io.trygvis.rules.acme.AcmeMyApp"
-data:
- environment: "production"
- dockerTag: "master"
----
-type: "io.trygvis.rules.acme.WgHost"
-data:
- name: "acme-1"
- machine:
- name: "acme-1"
- fqdn: "acme-1.machine.acme.com"
- net: "vs0"
- publicName: null
- netToNetIp: null
- networkIp: null
----
-type: "io.trygvis.rules.acme.WgHost"
-data:
- name: "acme-2"
- machine:
- name: "acme-2"
- fqdn: "acme-2.machine.acme.com"
- net: "vs0"
- publicName: null
- netToNetIp: null
- networkIp: null
----
-type: "io.trygvis.rules.acme.WgHost"
+type: "io.trygvis.rules.dba.Container"
data:
- name: "acme-3"
- machine:
- name: "acme-3"
- fqdn: "acme-3.machine.acme.com"
- net: "vs0"
- publicName: null
- netToNetIp: null
- networkIp: null
+ cluster:
+ name: "acme-ci"
+ name: "db"
+ machineRole: "pdb"
+ image: "postgresql"
+ tag: "13"
---
-type: "io.trygvis.rules.acme.WgHost"
+type: "io.trygvis.rules.dns.DnsEntry"
data:
- name: "ws-1"
- machine: null
- net: "vs0"
- publicName: null
- netToNetIp: null
- networkIp: null
+ fqdn: "ws-1.vpn.acme.com"
+ type: "A"
---
-type: "io.trygvis.rules.acme.WgHost"
+type: "io.trygvis.rules.dns.DnsEntry"
data:
- name: "ws-2"
- machine: null
- net: "vs0"
- publicName: null
- netToNetIp: null
- networkIp: null
+ fqdn: "acme-2.machine.acme.com"
+ type: "A"
---
type: "io.trygvis.rules.dns.DnsEntry"
data:
@@ -175,66 +223,57 @@ data:
---
type: "io.trygvis.rules.dns.DnsEntry"
data:
- fqdn: "ws-1.vpn.acme.com"
+ fqdn: "acme-3.machine.acme.com"
type: "A"
---
type: "io.trygvis.rules.dns.DnsEntry"
data:
- fqdn: "acme-2.vpn.acme.com"
+ fqdn: "acme-1.vpn.acme.com"
type: "A"
---
type: "io.trygvis.rules.dns.DnsEntry"
data:
- fqdn: "acme-3.vpn.acme.com"
+ fqdn: "acme-2.vpn.acme.com"
type: "A"
---
type: "io.trygvis.rules.dns.DnsEntry"
data:
- fqdn: "acme-1.vpn.acme.com"
+ fqdn: "acme-1.machine.acme.com"
type: "A"
---
-type: "io.trygvis.rules.dba.Cluster"
-data:
- name: "acme-ci"
----
-type: "io.trygvis.rules.dba.Cluster"
+type: "io.trygvis.rules.dns.DnsEntry"
data:
- name: "acme-production"
+ fqdn: "acme-3.vpn.acme.com"
+ type: "A"
---
-type: "io.trygvis.rules.terraform.ScalewayMachine"
+type: "io.trygvis.rules.dns.DnsEntryTerraformExpression"
data:
- machine:
- name: "acme-1"
+ entry:
fqdn: "acme-1.machine.acme.com"
+ type: "A"
key: "acme-1"
+ expression: "scaleway_instance_ip.acme-1.address"
---
-type: "io.trygvis.rules.terraform.ScalewayMachine"
+type: "io.trygvis.rules.dns.DnsEntryTerraformExpression"
data:
- machine:
- name: "acme-2"
+ entry:
fqdn: "acme-2.machine.acme.com"
+ type: "A"
key: "acme-2"
+ expression: "scaleway_instance_ip.acme-2.address"
---
-type: "io.trygvis.rules.terraform.ScalewayMachine"
+type: "io.trygvis.rules.dns.DnsEntryTerraformExpression"
data:
- machine:
- name: "acme-3"
+ entry:
fqdn: "acme-3.machine.acme.com"
+ type: "A"
key: "acme-3"
+ expression: "scaleway_instance_ip.acme-3.address"
---
-type: "io.trygvis.rules.terraform.ScalewayMachine"
-data:
- machine:
- name: "ws-1"
- fqdn: null
- key: "ws-1"
----
-type: "io.trygvis.rules.terraform.ScalewayMachine"
+type: "io.trygvis.rules.engine.KeyValue"
data:
- machine:
- name: "ws-2"
- fqdn: null
- key: "ws-2"
+ key: "rm-gen"
+ value: null
---
type: "io.trygvis.rules.machine.Machine"
data:
@@ -261,30 +300,58 @@ data:
name: "ws-2"
fqdn: null
---
-type: "io.trygvis.rules.acme.AcmeServer"
+type: "io.trygvis.rules.terraform.ScalewayMachine"
data:
machine:
- name: "acme-3"
- fqdn: "acme-3.machine.acme.com"
+ name: "acme-1"
+ fqdn: "acme-1.machine.acme.com"
+ key: "acme-1"
---
-type: "io.trygvis.rules.acme.AcmeServer"
+type: "io.trygvis.rules.terraform.ScalewayMachine"
data:
machine:
name: "acme-1"
fqdn: "acme-1.machine.acme.com"
+ key: "acme-1"
---
-type: "io.trygvis.rules.acme.AcmeServer"
+type: "io.trygvis.rules.terraform.ScalewayMachine"
data:
machine:
name: "acme-2"
fqdn: "acme-2.machine.acme.com"
+ key: "acme-2"
---
-type: "io.trygvis.rules.engine.KeyValue"
+type: "io.trygvis.rules.terraform.ScalewayMachine"
data:
- key: "rm-gen"
- value: null
+ machine:
+ name: "acme-2"
+ fqdn: "acme-2.machine.acme.com"
+ key: "acme-2"
---
-type: "io.trygvis.rules.acme.WgNet"
+type: "io.trygvis.rules.terraform.ScalewayMachine"
data:
- name: "vs0"
- domain: "vpn.acme.com"
+ machine:
+ name: "acme-3"
+ fqdn: "acme-3.machine.acme.com"
+ key: "acme-3"
+---
+type: "io.trygvis.rules.terraform.ScalewayMachine"
+data:
+ machine:
+ name: "acme-3"
+ fqdn: "acme-3.machine.acme.com"
+ key: "acme-3"
+---
+type: "io.trygvis.rules.terraform.ScalewayMachine"
+data:
+ machine:
+ name: "ws-1"
+ fqdn: null
+ key: "ws-1"
+---
+type: "io.trygvis.rules.terraform.ScalewayMachine"
+data:
+ machine:
+ name: "ws-2"
+ fqdn: null
+ key: "ws-2"
diff --git a/out/vs0.yaml b/out/vpn0.yaml
index 2ca168b..038ebd6 100644
--- a/out/vs0.yaml
+++ b/out/vpn0.yaml
@@ -2,41 +2,31 @@
type: "io.trygvis.rules.acme.WgHost"
data:
name: "acme-1"
- machine:
- name: "acme-1"
- fqdn: "acme-1.machine.acme.com"
- net: "vs0"
- publicName: null
+ net: "vpn0"
+ publicName: "acme-1.machine.acme.com"
netToNetIp: null
networkIp: null
---
type: "io.trygvis.rules.acme.WgHost"
data:
name: "acme-2"
- machine:
- name: "acme-2"
- fqdn: "acme-2.machine.acme.com"
- net: "vs0"
- publicName: null
+ net: "vpn0"
+ publicName: "acme-2.machine.acme.com"
netToNetIp: null
networkIp: null
---
type: "io.trygvis.rules.acme.WgHost"
data:
name: "acme-3"
- machine:
- name: "acme-3"
- fqdn: "acme-3.machine.acme.com"
- net: "vs0"
- publicName: null
+ net: "vpn0"
+ publicName: "acme-3.machine.acme.com"
netToNetIp: null
networkIp: null
---
type: "io.trygvis.rules.acme.WgHost"
data:
name: "ws-1"
- machine: null
- net: "vs0"
+ net: "vpn0"
publicName: null
netToNetIp: null
networkIp: null
@@ -44,12 +34,26 @@ data:
type: "io.trygvis.rules.acme.WgHost"
data:
name: "ws-2"
- machine: null
- net: "vs0"
+ net: "vpn0"
publicName: null
netToNetIp: null
networkIp: null
---
+type: "io.trygvis.rules.acme.WgNet"
+data:
+ name: "vpn0"
+ domain: "vpn.acme.com"
+---
+type: "io.trygvis.rules.dns.DnsEntry"
+data:
+ fqdn: "ws-1.vpn.acme.com"
+ type: "A"
+---
+type: "io.trygvis.rules.dns.DnsEntry"
+data:
+ fqdn: "acme-2.machine.acme.com"
+ type: "A"
+---
type: "io.trygvis.rules.dns.DnsEntry"
data:
fqdn: "ws-2.vpn.acme.com"
@@ -57,7 +61,12 @@ data:
---
type: "io.trygvis.rules.dns.DnsEntry"
data:
- fqdn: "ws-1.vpn.acme.com"
+ fqdn: "acme-3.machine.acme.com"
+ type: "A"
+---
+type: "io.trygvis.rules.dns.DnsEntry"
+data:
+ fqdn: "acme-1.vpn.acme.com"
type: "A"
---
type: "io.trygvis.rules.dns.DnsEntry"
@@ -67,12 +76,12 @@ data:
---
type: "io.trygvis.rules.dns.DnsEntry"
data:
- fqdn: "acme-3.vpn.acme.com"
+ fqdn: "acme-1.machine.acme.com"
type: "A"
---
type: "io.trygvis.rules.dns.DnsEntry"
data:
- fqdn: "acme-1.vpn.acme.com"
+ fqdn: "acme-3.vpn.acme.com"
type: "A"
---
type: "io.trygvis.rules.machine.Machine"
@@ -99,8 +108,3 @@ type: "io.trygvis.rules.machine.Machine"
data:
name: "ws-2"
fqdn: null
----
-type: "io.trygvis.rules.acme.WgNet"
-data:
- name: "vs0"
- domain: "vpn.acme.com"
diff --git a/src/main/java/io/trygvis/rules/acme/AcmeIo.java b/src/main/java/io/trygvis/rules/acme/AcmeIo.java
index 488c93a..0bd0f1e 100644
--- a/src/main/java/io/trygvis/rules/acme/AcmeIo.java
+++ b/src/main/java/io/trygvis/rules/acme/AcmeIo.java
@@ -15,8 +15,8 @@ import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Comparator;
-import java.util.HashMap;
import java.util.List;
+import java.util.TreeMap;
import java.util.function.Function;
@SuppressWarnings("unchecked")
@@ -83,10 +83,6 @@ public class AcmeIo {
private static <A, T extends Comparable<T>> Comparator comparable(Class<A> klass, String name) {
- if (klass.getName().contains("Wg")) {
- System.out.println("AcmeIo.invoker");
- }
-
try {
var method = klass.getMethod("get" + name.substring(0, 1).toUpperCase() + name.substring(1));
if (!method.isAccessible()) {
@@ -98,6 +94,17 @@ public class AcmeIo {
try {
var x = (T) method.invoke(a);
var y = (T) method.invoke(b);
+
+ if (x == null && y == null) {
+ return 0;
+ }
+
+ if (x == null) {
+ return -1;
+ } else if (y == null) {
+ return 1;
+ }
+
return x.compareTo(y);
} catch (IllegalAccessException | InvocationTargetException e) {
throw new RuntimeException(e);
@@ -133,7 +140,7 @@ public class AcmeIo {
}
}
- var facts = new HashMap<Class<?>, FactCollection<Object>>(factHandles.size());
+ var facts = new TreeMap<Class<?>, FactCollection<Object>>(Comparator.comparing(Class::getName));
for (var handle : factHandles) {
if (handle instanceof DefaultFactHandle h) {
var obj = h.getObject();
diff --git a/src/main/java/io/trygvis/rules/engine/Main.java b/src/main/java/io/trygvis/rules/engine/Main.java
index a3b0259..5556db7 100644
--- a/src/main/java/io/trygvis/rules/engine/Main.java
+++ b/src/main/java/io/trygvis/rules/engine/Main.java
@@ -38,7 +38,7 @@ public class Main {
io.dump("phase-1", session.getFactHandles());
- io.dump("vs0", session.getFactHandles(), (Object o) -> {
+ io.dump("vpn0", session.getFactHandles(), (Object o) -> {
return o.getClass().getName().contains("Wg") || o instanceof Machine || o instanceof DnsEntry;
});
diff --git a/src/main/resources/io/trygvis/rules/acme/acme.drl b/src/main/resources/io/trygvis/rules/acme/acme.drl
index e2cb9da..72d296c 100644
--- a/src/main/resources/io/trygvis/rules/acme/acme.drl
+++ b/src/main/resources/io/trygvis/rules/acme/acme.drl
@@ -8,6 +8,11 @@ declare AcmeServer
machine : Machine
end
+//declare MachinePublicName
+// machine : Machine
+// fqdn : String
+//end
+
rule "Ops"
when
$ops: AcmeOps()
@@ -45,8 +50,10 @@ end
rule "Set public domain for ACME servers"
when
- $s : AcmeServer()
+ $m : Machine(fqdn == null)
+ $s : AcmeServer(machine == $m)
then
var fqdn = "%s.machine.acme.com".formatted($s.machine.name);
$s.machine.fqdn = fqdn;
+ update($s.machine)
end
diff --git a/src/main/resources/io/trygvis/rules/acme/vpn.drl b/src/main/resources/io/trygvis/rules/acme/vpn.drl
index 3f62fbd..cfdbef9 100644
--- a/src/main/resources/io/trygvis/rules/acme/vpn.drl
+++ b/src/main/resources/io/trygvis/rules/acme/vpn.drl
@@ -2,6 +2,7 @@ package io.trygvis.rules.acme;
import io.trygvis.rules.machine.Machine;
import io.trygvis.rules.dns.DnsEntry;
+import io.trygvis.rules.acme.AcmeServer;
dialect "mvel"
@@ -12,34 +13,35 @@ end
declare WgHost
name : String
- machine : Machine
+// machine : Machine
net : String
publicName : String
netToNetIp : String
networkIp : String
end
-rule "Set name from machine's name"
- salience 10
-when
- $h : WgHost(name == null, machine != null)
-then
- $h.name = $h.machine.name;
-
- update($h)
-end
-
rule "WgHost VPN machines"
when
- $machine : Machine(name.startsWith("acme-"))
- $wgNet : WgNet(name == "vs0")
+ $machine : Machine()
+ $wgNet : WgNet(name == "vpn0")
+ not(WgHost(name == $machine.name))
then
var wgHost = new WgHost();
- wgHost.machine = $machine;
+ wgHost.name = $machine.name;
wgHost.net = $wgNet.name;
+ wgHost.publicName = $machine.fqdn;
insert(wgHost)
end
+rule "Set public name of WgHost"
+when
+ $host : WgHost(publicName == null)
+ $m : Machine(name == $host.name, fqdn != null)
+then
+ $host.publicName = $m.fqdn;
+ update($host)
+end
+
rule "Make DNS entries for all VPN hosts"
when
$h : WgHost()
diff --git a/src/main/resources/io/trygvis/rules/machine/machine.drl b/src/main/resources/io/trygvis/rules/machine/machine.drl
index df0d002..a9a379f 100644
--- a/src/main/resources/io/trygvis/rules/machine/machine.drl
+++ b/src/main/resources/io/trygvis/rules/machine/machine.drl
@@ -4,9 +4,3 @@ import io.trygvis.rules.dba.Cluster;
import io.trygvis.rules.dba.Container;
import io.trygvis.rules.machine.Machine;
import io.trygvis.rules.dns.DnsEntry;
-
-rule "New machine"
-when
- $container: Container()
-then
-end