From 4dcc43061d05f14ceddbb9f3a0c43ab908b89a4b Mon Sep 17 00:00:00 2001 From: Trygve Laugstøl Date: Sun, 3 Jan 2021 23:58:21 +0100 Subject: VPN work. Also better sorting of output objects. --- acme.yaml | 13 +- out/phase-1.yaml | 325 +++++++++++++-------- out/vpn0.yaml | 110 +++++++ out/vs0.yaml | 106 ------- src/main/java/io/trygvis/rules/acme/AcmeIo.java | 19 +- src/main/java/io/trygvis/rules/engine/Main.java | 2 +- src/main/resources/io/trygvis/rules/acme/acme.drl | 9 +- src/main/resources/io/trygvis/rules/acme/vpn.drl | 30 +- .../resources/io/trygvis/rules/machine/machine.drl | 6 - 9 files changed, 345 insertions(+), 275 deletions(-) create mode 100644 out/vpn0.yaml delete mode 100644 out/vs0.yaml diff --git a/acme.yaml b/acme.yaml index 6e9f617..80517b7 100644 --- a/acme.yaml +++ b/acme.yaml @@ -37,16 +37,5 @@ data: --- type: io.trygvis.rules.acme.WgNet data: - name: vs0 + name: vpn0 domain: vpn.acme.com - ---- -type: io.trygvis.rules.acme.WgHost -data: - name: ws-1 - net: vs0 ---- -type: io.trygvis.rules.acme.WgHost -data: - name: ws-2 - net: vs0 diff --git a/out/phase-1.yaml b/out/phase-1.yaml index 48a6365..7347ca8 100644 --- a/out/phase-1.yaml +++ b/out/phase-1.yaml @@ -1,47 +1,137 @@ --- -type: "io.trygvis.rules.dba.Container" +type: "io.trygvis.rules.acme.AcmeMyApp" data: - cluster: - name: "acme-ci" - name: "app" - machineRole: "statera-console" - image: "statera-console" - tag: "development" + environment: "ci" + dockerTag: "development" +--- +type: "io.trygvis.rules.acme.AcmeMyApp" +data: + environment: "production" + dockerTag: "master" +--- +type: "io.trygvis.rules.acme.AcmeServer" +data: + machine: + name: "acme-2" + fqdn: "acme-2.machine.acme.com" +--- +type: "io.trygvis.rules.acme.AcmeServer" +data: + machine: + name: "acme-1" + fqdn: "acme-1.machine.acme.com" +--- +type: "io.trygvis.rules.acme.AcmeServer" +data: + machine: + name: "acme-3" + fqdn: "acme-3.machine.acme.com" +--- +type: "io.trygvis.rules.acme.AcmeServer" +data: + machine: + name: "acme-2" + fqdn: "acme-2.machine.acme.com" +--- +type: "io.trygvis.rules.acme.AcmeServer" +data: + machine: + name: "acme-3" + fqdn: "acme-3.machine.acme.com" +--- +type: "io.trygvis.rules.acme.AcmeServer" +data: + machine: + name: "acme-1" + fqdn: "acme-1.machine.acme.com" +--- +type: "io.trygvis.rules.acme.WgHost" +data: + name: "acme-1" + net: "vpn0" + publicName: "acme-1.machine.acme.com" + netToNetIp: null + networkIp: null +--- +type: "io.trygvis.rules.acme.WgHost" +data: + name: "acme-2" + net: "vpn0" + publicName: "acme-2.machine.acme.com" + netToNetIp: null + networkIp: null +--- +type: "io.trygvis.rules.acme.WgHost" +data: + name: "acme-3" + net: "vpn0" + publicName: "acme-3.machine.acme.com" + netToNetIp: null + networkIp: null +--- +type: "io.trygvis.rules.acme.WgHost" +data: + name: "ws-1" + net: "vpn0" + publicName: null + netToNetIp: null + networkIp: null +--- +type: "io.trygvis.rules.acme.WgHost" +data: + name: "ws-2" + net: "vpn0" + publicName: null + netToNetIp: null + networkIp: null +--- +type: "io.trygvis.rules.acme.WgNet" +data: + name: "vpn0" + domain: "vpn.acme.com" +--- +type: "io.trygvis.rules.dba.Cluster" +data: + name: "acme-ci" +--- +type: "io.trygvis.rules.dba.Cluster" +data: + name: "acme-production" --- type: "io.trygvis.rules.dba.Container" data: cluster: - name: "acme-ci" + name: "acme-production" name: "app" - machineRole: "4tune-web" - image: "4tune-web" - tag: "development" + machineRole: "4tune-api" + image: "4tune-api" + tag: "master" --- type: "io.trygvis.rules.dba.Container" data: cluster: name: "acme-production" name: "app" - machineRole: "statera" - image: "statera" + machineRole: "4tune-web" + image: "4tune-web" tag: "master" --- type: "io.trygvis.rules.dba.Container" data: cluster: - name: "acme-production" + name: "acme-ci" name: "app" - machineRole: "statera-console" - image: "statera-console" - tag: "master" + machineRole: "4tune-web" + image: "4tune-web" + tag: "development" --- type: "io.trygvis.rules.dba.Container" data: cluster: name: "acme-ci" name: "app" - machineRole: "statera" - image: "statera" + machineRole: "statera-console" + image: "statera-console" tag: "development" --- type: "io.trygvis.rules.dba.Container" @@ -49,8 +139,8 @@ data: cluster: name: "acme-production" name: "app" - machineRole: "4tune-api" - image: "4tune-api" + machineRole: "statera-console" + image: "statera-console" tag: "master" --- type: "io.trygvis.rules.dba.Container" @@ -65,20 +155,20 @@ data: type: "io.trygvis.rules.dba.Container" data: cluster: - name: "acme-production" + name: "acme-ci" name: "app" - machineRole: "4tune-web" - image: "4tune-web" - tag: "master" + machineRole: "statera" + image: "statera" + tag: "development" --- type: "io.trygvis.rules.dba.Container" data: cluster: - name: "acme-ci" - name: "db" - machineRole: "pdb" - image: "postgresql" - tag: "13" + name: "acme-production" + name: "app" + machineRole: "statera" + image: "statera" + tag: "master" --- type: "io.trygvis.rules.dba.Container" data: @@ -92,7 +182,7 @@ data: type: "io.trygvis.rules.dba.Container" data: cluster: - name: "acme-ci" + name: "acme-production" name: "db" machineRole: "mdb" image: "mongodb" @@ -101,72 +191,30 @@ data: type: "io.trygvis.rules.dba.Container" data: cluster: - name: "acme-production" + name: "acme-ci" name: "db" machineRole: "mdb" image: "mongodb" tag: "3.2" --- -type: "io.trygvis.rules.acme.AcmeMyApp" -data: - environment: "ci" - dockerTag: "development" ---- -type: "io.trygvis.rules.acme.AcmeMyApp" -data: - environment: "production" - dockerTag: "master" ---- -type: "io.trygvis.rules.acme.WgHost" -data: - name: "acme-1" - machine: - name: "acme-1" - fqdn: "acme-1.machine.acme.com" - net: "vs0" - publicName: null - netToNetIp: null - networkIp: null ---- -type: "io.trygvis.rules.acme.WgHost" -data: - name: "acme-2" - machine: - name: "acme-2" - fqdn: "acme-2.machine.acme.com" - net: "vs0" - publicName: null - netToNetIp: null - networkIp: null ---- -type: "io.trygvis.rules.acme.WgHost" +type: "io.trygvis.rules.dba.Container" data: - name: "acme-3" - machine: - name: "acme-3" - fqdn: "acme-3.machine.acme.com" - net: "vs0" - publicName: null - netToNetIp: null - networkIp: null + cluster: + name: "acme-ci" + name: "db" + machineRole: "pdb" + image: "postgresql" + tag: "13" --- -type: "io.trygvis.rules.acme.WgHost" +type: "io.trygvis.rules.dns.DnsEntry" data: - name: "ws-1" - machine: null - net: "vs0" - publicName: null - netToNetIp: null - networkIp: null + fqdn: "ws-1.vpn.acme.com" + type: "A" --- -type: "io.trygvis.rules.acme.WgHost" +type: "io.trygvis.rules.dns.DnsEntry" data: - name: "ws-2" - machine: null - net: "vs0" - publicName: null - netToNetIp: null - networkIp: null + fqdn: "acme-2.machine.acme.com" + type: "A" --- type: "io.trygvis.rules.dns.DnsEntry" data: @@ -175,66 +223,57 @@ data: --- type: "io.trygvis.rules.dns.DnsEntry" data: - fqdn: "ws-1.vpn.acme.com" + fqdn: "acme-3.machine.acme.com" type: "A" --- type: "io.trygvis.rules.dns.DnsEntry" data: - fqdn: "acme-2.vpn.acme.com" + fqdn: "acme-1.vpn.acme.com" type: "A" --- type: "io.trygvis.rules.dns.DnsEntry" data: - fqdn: "acme-3.vpn.acme.com" + fqdn: "acme-2.vpn.acme.com" type: "A" --- type: "io.trygvis.rules.dns.DnsEntry" data: - fqdn: "acme-1.vpn.acme.com" + fqdn: "acme-1.machine.acme.com" type: "A" --- -type: "io.trygvis.rules.dba.Cluster" -data: - name: "acme-ci" ---- -type: "io.trygvis.rules.dba.Cluster" +type: "io.trygvis.rules.dns.DnsEntry" data: - name: "acme-production" + fqdn: "acme-3.vpn.acme.com" + type: "A" --- -type: "io.trygvis.rules.terraform.ScalewayMachine" +type: "io.trygvis.rules.dns.DnsEntryTerraformExpression" data: - machine: - name: "acme-1" + entry: fqdn: "acme-1.machine.acme.com" + type: "A" key: "acme-1" + expression: "scaleway_instance_ip.acme-1.address" --- -type: "io.trygvis.rules.terraform.ScalewayMachine" +type: "io.trygvis.rules.dns.DnsEntryTerraformExpression" data: - machine: - name: "acme-2" + entry: fqdn: "acme-2.machine.acme.com" + type: "A" key: "acme-2" + expression: "scaleway_instance_ip.acme-2.address" --- -type: "io.trygvis.rules.terraform.ScalewayMachine" +type: "io.trygvis.rules.dns.DnsEntryTerraformExpression" data: - machine: - name: "acme-3" + entry: fqdn: "acme-3.machine.acme.com" + type: "A" key: "acme-3" + expression: "scaleway_instance_ip.acme-3.address" --- -type: "io.trygvis.rules.terraform.ScalewayMachine" -data: - machine: - name: "ws-1" - fqdn: null - key: "ws-1" ---- -type: "io.trygvis.rules.terraform.ScalewayMachine" +type: "io.trygvis.rules.engine.KeyValue" data: - machine: - name: "ws-2" - fqdn: null - key: "ws-2" + key: "rm-gen" + value: null --- type: "io.trygvis.rules.machine.Machine" data: @@ -261,30 +300,58 @@ data: name: "ws-2" fqdn: null --- -type: "io.trygvis.rules.acme.AcmeServer" +type: "io.trygvis.rules.terraform.ScalewayMachine" data: machine: - name: "acme-3" - fqdn: "acme-3.machine.acme.com" + name: "acme-1" + fqdn: "acme-1.machine.acme.com" + key: "acme-1" --- -type: "io.trygvis.rules.acme.AcmeServer" +type: "io.trygvis.rules.terraform.ScalewayMachine" data: machine: name: "acme-1" fqdn: "acme-1.machine.acme.com" + key: "acme-1" --- -type: "io.trygvis.rules.acme.AcmeServer" +type: "io.trygvis.rules.terraform.ScalewayMachine" data: machine: name: "acme-2" fqdn: "acme-2.machine.acme.com" + key: "acme-2" --- -type: "io.trygvis.rules.engine.KeyValue" +type: "io.trygvis.rules.terraform.ScalewayMachine" data: - key: "rm-gen" - value: null + machine: + name: "acme-2" + fqdn: "acme-2.machine.acme.com" + key: "acme-2" --- -type: "io.trygvis.rules.acme.WgNet" +type: "io.trygvis.rules.terraform.ScalewayMachine" data: - name: "vs0" - domain: "vpn.acme.com" + machine: + name: "acme-3" + fqdn: "acme-3.machine.acme.com" + key: "acme-3" +--- +type: "io.trygvis.rules.terraform.ScalewayMachine" +data: + machine: + name: "acme-3" + fqdn: "acme-3.machine.acme.com" + key: "acme-3" +--- +type: "io.trygvis.rules.terraform.ScalewayMachine" +data: + machine: + name: "ws-1" + fqdn: null + key: "ws-1" +--- +type: "io.trygvis.rules.terraform.ScalewayMachine" +data: + machine: + name: "ws-2" + fqdn: null + key: "ws-2" diff --git a/out/vpn0.yaml b/out/vpn0.yaml new file mode 100644 index 0000000..038ebd6 --- /dev/null +++ b/out/vpn0.yaml @@ -0,0 +1,110 @@ +--- +type: "io.trygvis.rules.acme.WgHost" +data: + name: "acme-1" + net: "vpn0" + publicName: "acme-1.machine.acme.com" + netToNetIp: null + networkIp: null +--- +type: "io.trygvis.rules.acme.WgHost" +data: + name: "acme-2" + net: "vpn0" + publicName: "acme-2.machine.acme.com" + netToNetIp: null + networkIp: null +--- +type: "io.trygvis.rules.acme.WgHost" +data: + name: "acme-3" + net: "vpn0" + publicName: "acme-3.machine.acme.com" + netToNetIp: null + networkIp: null +--- +type: "io.trygvis.rules.acme.WgHost" +data: + name: "ws-1" + net: "vpn0" + publicName: null + netToNetIp: null + networkIp: null +--- +type: "io.trygvis.rules.acme.WgHost" +data: + name: "ws-2" + net: "vpn0" + publicName: null + netToNetIp: null + networkIp: null +--- +type: "io.trygvis.rules.acme.WgNet" +data: + name: "vpn0" + domain: "vpn.acme.com" +--- +type: "io.trygvis.rules.dns.DnsEntry" +data: + fqdn: "ws-1.vpn.acme.com" + type: "A" +--- +type: "io.trygvis.rules.dns.DnsEntry" +data: + fqdn: "acme-2.machine.acme.com" + type: "A" +--- +type: "io.trygvis.rules.dns.DnsEntry" +data: + fqdn: "ws-2.vpn.acme.com" + type: "A" +--- +type: "io.trygvis.rules.dns.DnsEntry" +data: + fqdn: "acme-3.machine.acme.com" + type: "A" +--- +type: "io.trygvis.rules.dns.DnsEntry" +data: + fqdn: "acme-1.vpn.acme.com" + type: "A" +--- +type: "io.trygvis.rules.dns.DnsEntry" +data: + fqdn: "acme-2.vpn.acme.com" + type: "A" +--- +type: "io.trygvis.rules.dns.DnsEntry" +data: + fqdn: "acme-1.machine.acme.com" + type: "A" +--- +type: "io.trygvis.rules.dns.DnsEntry" +data: + fqdn: "acme-3.vpn.acme.com" + type: "A" +--- +type: "io.trygvis.rules.machine.Machine" +data: + name: "acme-1" + fqdn: "acme-1.machine.acme.com" +--- +type: "io.trygvis.rules.machine.Machine" +data: + name: "acme-2" + fqdn: "acme-2.machine.acme.com" +--- +type: "io.trygvis.rules.machine.Machine" +data: + name: "acme-3" + fqdn: "acme-3.machine.acme.com" +--- +type: "io.trygvis.rules.machine.Machine" +data: + name: "ws-1" + fqdn: null +--- +type: "io.trygvis.rules.machine.Machine" +data: + name: "ws-2" + fqdn: null diff --git a/out/vs0.yaml b/out/vs0.yaml deleted file mode 100644 index 2ca168b..0000000 --- a/out/vs0.yaml +++ /dev/null @@ -1,106 +0,0 @@ ---- -type: "io.trygvis.rules.acme.WgHost" -data: - name: "acme-1" - machine: - name: "acme-1" - fqdn: "acme-1.machine.acme.com" - net: "vs0" - publicName: null - netToNetIp: null - networkIp: null ---- -type: "io.trygvis.rules.acme.WgHost" -data: - name: "acme-2" - machine: - name: "acme-2" - fqdn: "acme-2.machine.acme.com" - net: "vs0" - publicName: null - netToNetIp: null - networkIp: null ---- -type: "io.trygvis.rules.acme.WgHost" -data: - name: "acme-3" - machine: - name: "acme-3" - fqdn: "acme-3.machine.acme.com" - net: "vs0" - publicName: null - netToNetIp: null - networkIp: null ---- -type: "io.trygvis.rules.acme.WgHost" -data: - name: "ws-1" - machine: null - net: "vs0" - publicName: null - netToNetIp: null - networkIp: null ---- -type: "io.trygvis.rules.acme.WgHost" -data: - name: "ws-2" - machine: null - net: "vs0" - publicName: null - netToNetIp: null - networkIp: null ---- -type: "io.trygvis.rules.dns.DnsEntry" -data: - fqdn: "ws-2.vpn.acme.com" - type: "A" ---- -type: "io.trygvis.rules.dns.DnsEntry" -data: - fqdn: "ws-1.vpn.acme.com" - type: "A" ---- -type: "io.trygvis.rules.dns.DnsEntry" -data: - fqdn: "acme-2.vpn.acme.com" - type: "A" ---- -type: "io.trygvis.rules.dns.DnsEntry" -data: - fqdn: "acme-3.vpn.acme.com" - type: "A" ---- -type: "io.trygvis.rules.dns.DnsEntry" -data: - fqdn: "acme-1.vpn.acme.com" - type: "A" ---- -type: "io.trygvis.rules.machine.Machine" -data: - name: "acme-1" - fqdn: "acme-1.machine.acme.com" ---- -type: "io.trygvis.rules.machine.Machine" -data: - name: "acme-2" - fqdn: "acme-2.machine.acme.com" ---- -type: "io.trygvis.rules.machine.Machine" -data: - name: "acme-3" - fqdn: "acme-3.machine.acme.com" ---- -type: "io.trygvis.rules.machine.Machine" -data: - name: "ws-1" - fqdn: null ---- -type: "io.trygvis.rules.machine.Machine" -data: - name: "ws-2" - fqdn: null ---- -type: "io.trygvis.rules.acme.WgNet" -data: - name: "vs0" - domain: "vpn.acme.com" diff --git a/src/main/java/io/trygvis/rules/acme/AcmeIo.java b/src/main/java/io/trygvis/rules/acme/AcmeIo.java index 488c93a..0bd0f1e 100644 --- a/src/main/java/io/trygvis/rules/acme/AcmeIo.java +++ b/src/main/java/io/trygvis/rules/acme/AcmeIo.java @@ -15,8 +15,8 @@ import java.lang.reflect.InvocationTargetException; import java.util.ArrayList; import java.util.Collection; import java.util.Comparator; -import java.util.HashMap; import java.util.List; +import java.util.TreeMap; import java.util.function.Function; @SuppressWarnings("unchecked") @@ -83,10 +83,6 @@ public class AcmeIo { private static > Comparator comparable(Class klass, String name) { - if (klass.getName().contains("Wg")) { - System.out.println("AcmeIo.invoker"); - } - try { var method = klass.getMethod("get" + name.substring(0, 1).toUpperCase() + name.substring(1)); if (!method.isAccessible()) { @@ -98,6 +94,17 @@ public class AcmeIo { try { var x = (T) method.invoke(a); var y = (T) method.invoke(b); + + if (x == null && y == null) { + return 0; + } + + if (x == null) { + return -1; + } else if (y == null) { + return 1; + } + return x.compareTo(y); } catch (IllegalAccessException | InvocationTargetException e) { throw new RuntimeException(e); @@ -133,7 +140,7 @@ public class AcmeIo { } } - var facts = new HashMap, FactCollection>(factHandles.size()); + var facts = new TreeMap, FactCollection>(Comparator.comparing(Class::getName)); for (var handle : factHandles) { if (handle instanceof DefaultFactHandle h) { var obj = h.getObject(); diff --git a/src/main/java/io/trygvis/rules/engine/Main.java b/src/main/java/io/trygvis/rules/engine/Main.java index a3b0259..5556db7 100644 --- a/src/main/java/io/trygvis/rules/engine/Main.java +++ b/src/main/java/io/trygvis/rules/engine/Main.java @@ -38,7 +38,7 @@ public class Main { io.dump("phase-1", session.getFactHandles()); - io.dump("vs0", session.getFactHandles(), (Object o) -> { + io.dump("vpn0", session.getFactHandles(), (Object o) -> { return o.getClass().getName().contains("Wg") || o instanceof Machine || o instanceof DnsEntry; }); diff --git a/src/main/resources/io/trygvis/rules/acme/acme.drl b/src/main/resources/io/trygvis/rules/acme/acme.drl index e2cb9da..72d296c 100644 --- a/src/main/resources/io/trygvis/rules/acme/acme.drl +++ b/src/main/resources/io/trygvis/rules/acme/acme.drl @@ -8,6 +8,11 @@ declare AcmeServer machine : Machine end +//declare MachinePublicName +// machine : Machine +// fqdn : String +//end + rule "Ops" when $ops: AcmeOps() @@ -45,8 +50,10 @@ end rule "Set public domain for ACME servers" when - $s : AcmeServer() + $m : Machine(fqdn == null) + $s : AcmeServer(machine == $m) then var fqdn = "%s.machine.acme.com".formatted($s.machine.name); $s.machine.fqdn = fqdn; + update($s.machine) end diff --git a/src/main/resources/io/trygvis/rules/acme/vpn.drl b/src/main/resources/io/trygvis/rules/acme/vpn.drl index 3f62fbd..cfdbef9 100644 --- a/src/main/resources/io/trygvis/rules/acme/vpn.drl +++ b/src/main/resources/io/trygvis/rules/acme/vpn.drl @@ -2,6 +2,7 @@ package io.trygvis.rules.acme; import io.trygvis.rules.machine.Machine; import io.trygvis.rules.dns.DnsEntry; +import io.trygvis.rules.acme.AcmeServer; dialect "mvel" @@ -12,34 +13,35 @@ end declare WgHost name : String - machine : Machine +// machine : Machine net : String publicName : String netToNetIp : String networkIp : String end -rule "Set name from machine's name" - salience 10 -when - $h : WgHost(name == null, machine != null) -then - $h.name = $h.machine.name; - - update($h) -end - rule "WgHost VPN machines" when - $machine : Machine(name.startsWith("acme-")) - $wgNet : WgNet(name == "vs0") + $machine : Machine() + $wgNet : WgNet(name == "vpn0") + not(WgHost(name == $machine.name)) then var wgHost = new WgHost(); - wgHost.machine = $machine; + wgHost.name = $machine.name; wgHost.net = $wgNet.name; + wgHost.publicName = $machine.fqdn; insert(wgHost) end +rule "Set public name of WgHost" +when + $host : WgHost(publicName == null) + $m : Machine(name == $host.name, fqdn != null) +then + $host.publicName = $m.fqdn; + update($host) +end + rule "Make DNS entries for all VPN hosts" when $h : WgHost() diff --git a/src/main/resources/io/trygvis/rules/machine/machine.drl b/src/main/resources/io/trygvis/rules/machine/machine.drl index df0d002..a9a379f 100644 --- a/src/main/resources/io/trygvis/rules/machine/machine.drl +++ b/src/main/resources/io/trygvis/rules/machine/machine.drl @@ -4,9 +4,3 @@ import io.trygvis.rules.dba.Cluster; import io.trygvis.rules.dba.Container; import io.trygvis.rules.machine.Machine; import io.trygvis.rules.dns.DnsEntry; - -rule "New machine" -when - $container: Container() -then -end -- cgit v1.2.3