@Override public void deleteRules( final String name, final Collection<String> ipRanges, final String protocol, final int port ) { IpPermission permission = new IpPermission(); permission = permission.withIpProtocol( protocol ) .withFromPort( port ) .withToPort( port ) .withIpRanges( ipRanges ); RevokeSecurityGroupIngressRequest request = new RevokeSecurityGroupIngressRequest(); request = request.withGroupName( name ).withIpPermissions( permission ); client.revokeSecurityGroupIngress( request ); }
@Override public int hashCode() { final int prime = 31; int hashCode = 1; hashCode = prime * hashCode + ((getFromPort() == null) ? 0 : getFromPort().hashCode()); hashCode = prime * hashCode + ((getIpProtocol() == null) ? 0 : getIpProtocol().hashCode()); hashCode = prime * hashCode + ((getIpv6Ranges() == null) ? 0 : getIpv6Ranges().hashCode()); hashCode = prime * hashCode + ((getPrefixListIds() == null) ? 0 : getPrefixListIds().hashCode()); hashCode = prime * hashCode + ((getToPort() == null) ? 0 : getToPort().hashCode()); hashCode = prime * hashCode + ((getUserIdGroupPairs() == null) ? 0 : getUserIdGroupPairs().hashCode()); hashCode = prime * hashCode + ((getIpv4Ranges() == null) ? 0 : getIpv4Ranges().hashCode()); return hashCode; }
protected static IpRule toIpRule( IpPermission permission ) { BasicIpRule rule = new BasicIpRule(); rule.setFromPort( permission.getFromPort() ); rule.setToPort( permission.getToPort() ); rule.setIpProtocol( permission.getIpProtocol() ); rule.setIpRanges( permission.getIpRanges() ); return rule; }
protected static IpPermission toIpPermission( IpRule rule ) { IpPermission permission = new IpPermission(); permission.setIpProtocol( rule.getIpProtocol() ); permission.setToPort( rule.getToPort() ); permission.setFromPort( rule.getFromPort() ); permission.setIpRanges( rule.getIpRanges() ); return permission; }
default void addClassicLinkIngress(SecurityGroupLookup lookup, String classicLinkGroupName, String groupId, NetflixAmazonCredentials credentials, String vpcId) { if (classicLinkGroupName == null) { return; } lookup.getSecurityGroupById(credentials.getName(), groupId, vpcId).ifPresent(targetGroupUpdater -> { SecurityGroup targetGroup = targetGroupUpdater.getSecurityGroup(); lookup.getSecurityGroupByName(credentials.getName(), classicLinkGroupName, vpcId) .map(updater -> updater.getSecurityGroup().getGroupId()) .ifPresent(classicLinkGroupId -> { // don't attach if there's already some rule already configured if (targetGroup.getIpPermissions().stream() .anyMatch(p -> p.getUserIdGroupPairs().stream() .anyMatch(p2 -> p2.getGroupId().equals(classicLinkGroupId)))) { return; } targetGroupUpdater.addIngress(Collections.singletonList( new IpPermission() .withIpProtocol("tcp").withFromPort(80).withToPort(65535) .withUserIdGroupPairs( new UserIdGroupPair() .withUserId(credentials.getAccountId()) .withGroupId(classicLinkGroupId) .withVpcId(vpcId) ) )); }); }); } }
.withCidrIp("0.0.0.0/0"); IpPermission ip_perm = new IpPermission() .withIpProtocol("tcp") .withToPort(80) .withFromPort(80) .withIpv4Ranges(ip_range); IpPermission ip_perm2 = new IpPermission() .withIpProtocol("tcp") .withToPort(22) .withFromPort(22) .withIpv4Ranges(ip_range);
public IpPermission unmarshall(StaxUnmarshallerContext context) throws Exception { IpPermission ipPermission = new IpPermission(); int originalDepth = context.getCurrentDepth(); int targetDepth = originalDepth + 1; ipPermission.setFromPort(IntegerStaxUnmarshaller.getInstance().unmarshall(context)); continue; ipPermission.setIpProtocol(StringStaxUnmarshaller.getInstance().unmarshall(context)); continue; ipPermission.withIpv6Ranges(new ArrayList<Ipv6Range>()); continue; ipPermission.withIpv6Ranges(Ipv6RangeStaxUnmarshaller.getInstance().unmarshall(context)); continue; ipPermission.withPrefixListIds(new ArrayList<PrefixListId>()); continue; ipPermission.withPrefixListIds(PrefixListIdStaxUnmarshaller.getInstance().unmarshall(context)); continue; ipPermission.setToPort(IntegerStaxUnmarshaller.getInstance().unmarshall(context)); continue; ipPermission.withUserIdGroupPairs(new ArrayList<UserIdGroupPair>()); continue; ipPermission.withUserIdGroupPairs(UserIdGroupPairStaxUnmarshaller.getInstance().unmarshall(context));
for (SecurityGroup group : result.getSecurityGroups()) for (IpPermission perm : group.getIpPermissions()) if (perm.getFromPort() == from && perm.getToPort() == to) ipPermissions.addAll(perm.getIpRanges()); for (SecurityGroup group : result.getSecurityGroups()) for (IpPermission perm : group.getIpPermissions()) if (perm.getFromPort() == from && perm.getToPort() == to) ipPermissions.addAll(perm.getIpRanges());
public IpPermission unmarshall(StaxUnmarshallerContext context) throws Exception { IpPermission ipPermission = new IpPermission(); int originalDepth = context.getCurrentDepth(); int targetDepth = originalDepth + 1; ipPermission.setIpProtocol(StringStaxUnmarshaller.getInstance().unmarshall(context)); continue; ipPermission.setFromPort(IntegerStaxUnmarshaller.getInstance().unmarshall(context)); continue; ipPermission.setToPort(IntegerStaxUnmarshaller.getInstance().unmarshall(context)); continue; ipPermission.getUserIdGroupPairs().add(UserIdGroupPairStaxUnmarshaller.getInstance().unmarshall(context)); continue; ipPermission.getIpRanges().add(StringStaxUnmarshaller.getInstance().unmarshall(context)); continue; ipPermission.getPrefixListIds().add(PrefixListIdStaxUnmarshaller.getInstance().unmarshall(context)); continue;
IpPermission ip = new IpPermission(); ip.setIpProtocol("tcp"); ip.setFromPort(22); ip.setToPort(22); AuthorizeSecurityGroupIngressRequest r = new AuthorizeSecurityGroupIngressRequest(); r = r.withIpPermissions(ip.withIpRanges("0.0.0.0/0")); r.setGroupId(g.getGroupId()); try {
List<SGRuleVH> sgruleList = new ArrayList<>(); permissions.forEach(obj-> { String ipProtocol = obj.getIpProtocol(); Integer fromPort = obj.getFromPort(); Integer toPort = obj.getToPort(); String fromPortStr ; String toPortStr ; fromPortStr = fromPort==null?"":fromPort==-1?"All":fromPort.toString(); toPortStr = toPort==null?"":toPort==-1?"All":toPort.toString(); obj.getIpv4Ranges().forEach(iprange-> { String cidrIp = iprange.getCidrIp(); SGRuleVH rule = new SGRuleVH(groupId,type, fromPortStr, toPortStr,"", cidrIp, "-1".equals(ipProtocol)?"All":ipProtocol); sgruleList.add(rule); }); obj.getIpv6Ranges().forEach(iprange-> { String cidrIpv6 = iprange.getCidrIpv6(); SGRuleVH rule = new SGRuleVH(groupId,type, fromPortStr, toPortStr,cidrIpv6, "", "-1".equals(ipProtocol)?"All":ipProtocol);
private void filterOutExistingRules(List<IpPermission> permissionsToApply, SecurityGroup targetGroup) { permissionsToApply.forEach(permission -> { permission.getUserIdGroupPairs().removeIf(pair -> targetGroup.getIpPermissions().stream().anyMatch(targetPermission -> targetPermission.getFromPort().equals(permission.getFromPort()) && targetPermission.getToPort().equals(permission.getToPort()) && targetPermission.getUserIdGroupPairs().stream().anyMatch(t -> t.getGroupId().equals(pair.getGroupId())) ) ); permission.getIpv4Ranges().removeIf(range -> targetGroup.getIpPermissions().stream().anyMatch(targetPermission -> targetPermission.getFromPort().equals(permission.getFromPort()) && targetPermission.getToPort().equals(permission.getToPort()) && targetPermission.getIpv4Ranges().contains(range) ) ); permission.getIpv6Ranges().removeIf(range -> targetGroup.getIpPermissions().stream().anyMatch(targetPermission -> targetPermission.getFromPort().equals(permission.getFromPort()) && targetPermission.getToPort().equals(permission.getToPort()) && targetPermission.getIpv6Ranges().contains(range) ) ); }); }
@SuppressWarnings({"SimplifiableIfStatement"}) private static boolean opensUnallowedPorts(final IpPermission rule, final Set<Integer> allowedPorts) { final String protocol = rule.getIpProtocol(); if (protocol != null) { final Integer fromPort = rule.getFromPort(); final Integer toPort = rule.getToPort();
.stream() .map(p -> { p.setUserIdGroupPairs(p.getUserIdGroupPairs().stream().map(UserIdGroupPair::clone).collect(Collectors.toList())); return p; }) .filter(p -> p.getUserIdGroupPairs().isEmpty() || p.getUserIdGroupPairs().stream().allMatch(pair -> targetGroups.stream() .anyMatch(g -> g.getSourceId().equals(pair.getGroupId())))) .collect(Collectors.toList()); permission.getUserIdGroupPairs().forEach(pair -> { MigrateSecurityGroupReference targetReference = targetGroups.stream().filter(group -> group.getSourceId().equals(pair.getGroupId()) results.setIngressUpdates(targetPermissions.stream().filter(p -> !p.getUserIdGroupPairs().isEmpty() || !p.getIpRanges().isEmpty()).collect(Collectors.toList()));
/** * One or more IP ranges. * <p> * Returns a reference to this object so that method calls can be chained together. * * @param ipRanges One or more IP ranges. * * @return A reference to this updated object so that method calls can be chained * together. */ public IpPermission withIpRanges(String... ipRanges) { if (getIpRanges() == null) setIpRanges(new java.util.ArrayList<String>(ipRanges.length)); for (String value : ipRanges) { getIpRanges().add(value); } return this; }
.anyMatch(p -> p.getUserIdGroupPairs().stream().anyMatch(u -> u.getGroupId().equals(elbGroupId))); if (!hasElbIngressPermission) { sourceDescription.getListenerDescriptions().forEach(l -> { Listener listener = l.getListener(); IpPermission newPermission = new IpPermission().withIpProtocol("tcp") .withFromPort(listener.getInstancePort()).withToPort(listener.getInstancePort()) .withUserIdGroupPairs(new UserIdGroupPair().withGroupId(elbGroupId).withVpcId(target.getVpcId())); targetAmazonEC2.authorizeSecurityGroupIngress(new AuthorizeSecurityGroupIngressRequest() .withGroupId(appGroup.getGroupId())
private void addPublicIngress(AmazonEC2 targetAmazonEC2, String elbGroupId, LoadBalancerDescription sourceDescription) { List<IpPermission> permissions = sourceDescription.getListenerDescriptions().stream().map(l -> new IpPermission() .withIpProtocol("tcp") .withFromPort(l.getListener().getLoadBalancerPort()) .withToPort(l.getListener().getLoadBalancerPort()) .withIpv4Ranges(new IpRange().withCidrIp("0.0.0.0/0")) //TODO(cfieber)-ipv6 ).collect(Collectors.toList()); targetAmazonEC2.authorizeSecurityGroupIngress(new AuthorizeSecurityGroupIngressRequest() .withGroupId(elbGroupId) .withIpPermissions(permissions) ); }
public IpPermission unmarshall(StaxUnmarshallerContext context) throws Exception { IpPermission ipPermission = new IpPermission(); int originalDepth = context.getCurrentDepth(); int targetDepth = originalDepth + 1; ipPermission.setFromPort(IntegerStaxUnmarshaller.getInstance().unmarshall(context)); continue; ipPermission.setIpProtocol(StringStaxUnmarshaller.getInstance().unmarshall(context)); continue; ipPermission.withIpv6Ranges(new ArrayList<Ipv6Range>()); continue; ipPermission.withIpv6Ranges(Ipv6RangeStaxUnmarshaller.getInstance().unmarshall(context)); continue; ipPermission.withPrefixListIds(new ArrayList<PrefixListId>()); continue; ipPermission.withPrefixListIds(PrefixListIdStaxUnmarshaller.getInstance().unmarshall(context)); continue; ipPermission.setToPort(IntegerStaxUnmarshaller.getInstance().unmarshall(context)); continue; ipPermission.withUserIdGroupPairs(new ArrayList<UserIdGroupPair>()); continue; ipPermission.withUserIdGroupPairs(UserIdGroupPairStaxUnmarshaller.getInstance().unmarshall(context));
/** * List SG ACL's */ public List<String> listACL(int from, int to) { AmazonEC2 client = null; try { client = getEc2Client(); List<String> ipPermissions = new ArrayList<String>(); DescribeSecurityGroupsRequest req = new DescribeSecurityGroupsRequest().withGroupNames(Arrays.asList(config.getACLGroupName())); DescribeSecurityGroupsResult result = client.describeSecurityGroups(req); for (SecurityGroup group : result.getSecurityGroups()) { for (IpPermission perm : group.getIpPermissions()) { if (perm.getFromPort() == from && perm.getToPort() == to) { ipPermissions.addAll(perm.getIpRanges()); } } } return ipPermissions; } finally { if (client != null) client.shutdown(); } }
@Override public void addRules( final String name, final Collection<String> ipRanges, final String protocol, final int fromPort, final int toPort ) { IpPermission ipPermission = new IpPermission(); ipPermission.withIpRanges( ipRanges ) .withIpProtocol( protocol ) .withFromPort( fromPort ) .withToPort( toPort ); try { AuthorizeSecurityGroupIngressRequest request = new AuthorizeSecurityGroupIngressRequest(); request = request.withGroupName( name ).withIpPermissions( ipPermission ); client.authorizeSecurityGroupIngress( request ); } catch ( Exception e ) { LOG.error( "Error whilt adding rule to security group: {}", name, e ); } }