@Override public SecurityGroup addIpPermission(IpPermission ipPermission, SecurityGroup group) { String region = AWSUtils.getRegionFromLocationOrNull(group.getLocation()); String id = group.getProviderId(); client.getSecurityGroupApi().get().authorizeSecurityGroupIngressInRegion(region, id, ipPermission); return getSecurityGroupById(group.getId()); }
@Override public SecurityGroup addIpPermission(IpPermission ipPermission, SecurityGroup group) { String region = AWSUtils.getRegionFromLocationOrNull(group.getLocation()); String name = group.getName(); if (!ipPermission.getCidrBlocks().isEmpty()) { for (String cidr : ipPermission.getCidrBlocks()) { client.getSecurityGroupApi().get(). authorizeSecurityGroupIngressInRegion(region, name, ipPermission.getIpProtocol(), ipPermission.getFromPort(), ipPermission.getToPort(), cidr); } } if (!ipPermission.getTenantIdGroupNamePairs().isEmpty()) { for (String userId : ipPermission.getTenantIdGroupNamePairs().keySet()) { for (String groupName : ipPermission.getTenantIdGroupNamePairs().get(userId)) { client.getSecurityGroupApi().get(). authorizeSecurityGroupIngressInRegion(region, name, new UserIdGroupPair(userId, groupName)); } } } return getSecurityGroupById(new RegionAndName(region, group.getName()).slashEncode()); }
@Override public SecurityGroup removeIpPermission(IpPermission ipPermission, SecurityGroup group) { SecurityGroupBuilder builder = SecurityGroupBuilder.fromSecurityGroup(checkNotNull(group, "group")); builder.ipPermissions(); builder.ipPermissions(filter(group.getIpPermissions(), not(equalTo(ipPermission)))); SecurityGroup newGroup = builder.build(); if (groups.containsKey(newGroup.getId())) { groups.remove(newGroup.getId()); } groups.put(newGroup.getId(), newGroup); return newGroup; }
public static SecurityGroupBuilder fromSecurityGroup(SecurityGroup group) { return new SecurityGroupBuilder().providerId(group.getProviderId()) .name(group.getName()) .id(group.getId()) .location(group.getLocation()) .uri(group.getUri()) .userMetadata(group.getUserMetadata()) .tags(group.getTags()) .ipPermissions(group.getIpPermissions()) .ownerId(group.getOwnerId()); }
public void testAddIpPermissionCidrFromParams() { HttpRequest addRule = HttpRequest.builder().method("GET") .endpoint("http://localhost:8080/client/api") .addQueryParam("response", "json") .addQueryParam("command", "authorizeSecurityGroupIngress") .addQueryParam("securitygroupid", "13") .build(); HttpResponse getWithRuleResponse = HttpResponse.builder().statusCode(200) .payload(payloadFromResource("/getsecuritygroupresponse_extension_byid_with_cidr.json")) .build(); ImmutableList.of(addRule, queryAsyncJobResultAuthorizeIngress, getWithRule), ImmutableList.of(addRuleResponse, queryAsyncJobResultAuthorizeIngressResponse, getWithRuleResponse) ).getSecurityGroupExtension().get(); ImmutableSet.of("1.1.1.1/24"), emptyStringSet(), origGroup); assertEquals(1, newGroup.getIpPermissions().size()); IpPermission newPerm = Iterables.getOnlyElement(newGroup.getIpPermissions()); assertNotNull(newPerm); assertEquals(newPerm.getIpProtocol(), IpProtocol.UDP); assertEquals(newPerm.getFromPort(), 11); assertEquals(newPerm.getToPort(), 11); assertEquals(newPerm.getCidrBlocks().size(), 1); assertTrue(newPerm.getCidrBlocks().contains("1.1.1.1/24"));
@Test(groups = { "integration", "live" }, singleThreaded = true, dependsOnMethods = "testAddIpPermissionsFromSpec") public void testAddIpPermissionForAnyProtocol() { ComputeService computeService = view.getComputeService(); Optional<SecurityGroupExtension> securityGroupExtension = computeService.getSecurityGroupExtension(); assertTrue(securityGroupExtension.isPresent(), "security group extension was not present"); SecurityGroup group = securityGroupExtension.get().getSecurityGroupById(groupId); assertNotNull(group, "No security group was found with id: " + groupId); IpPermission openAll = IpPermissions.permitAnyProtocol(); SecurityGroup allOpenSecurityGroup = securityGroupExtension.get().addIpPermission(openAll, group); assertTrue(allOpenSecurityGroup.getIpPermissions().contains(openAll)); }
@Test(groups = { "integration", "live" }, singleThreaded = true, dependsOnMethods = "testRemoveIpPermissionWithCidrExclusionGroup", alwaysRun = true) public void testDeleteSecurityGroup() { skipIfSecurityGroupsNotSupported(); ComputeService computeService = view.getComputeService(); Optional<SecurityGroupExtension> securityGroupExtension = computeService.getSecurityGroupExtension(); assertTrue(securityGroupExtension.isPresent(), "security group extension was not present"); Optional<SecurityGroup> optGroup = getGroup(securityGroupExtension.get()); assertTrue(optGroup.isPresent()); SecurityGroup group = optGroup.get(); assertTrue(securityGroupExtension.get().removeSecurityGroup(group.getId())); }
public void testGetSecurityGroupById() { HttpRequest getSecurityGroup = HttpRequest.builder().method("GET").endpoint( URI.create("https://az-1.region-a.geo-1.compute.hpcloudsvc.com/v2/3456/os-security-groups/160")).headers( ImmutableMultimap.<String, String> builder().put("Accept", "application/json").put("X-Auth-Token", authToken).build()).build(); HttpResponse getSecurityGroupResponse = HttpResponse.builder().statusCode(200).payload( payloadFromResource("/securitygroup_details_extension.json")).build(); Builder<HttpRequest, HttpResponse> requestResponseMap = ImmutableMap.<HttpRequest, HttpResponse> builder(); requestResponseMap.put(keystoneAuthWithUsernameAndPasswordAndTenantName, responseWithKeystoneAccess); requestResponseMap.put(extensionsOfNovaRequest, extensionsOfNovaResponse); requestResponseMap.put(getSecurityGroup, getSecurityGroupResponse); requestResponseMap.put(list, listResponse); SecurityGroupExtension extension = requestsSendResponses(requestResponseMap.build()).getSecurityGroupExtension().get(); SecurityGroup group = extension.getSecurityGroupById(region + "/160"); assertEquals(group.getId(), region + "/160"); }
@Test(groups = { "integration", "live" }, dependsOnMethods = "testCreateSecurityGroup") public void testCreateNodeWithSecurityGroup() throws RunNodesException, InterruptedException, ExecutionException { ComputeService computeService = view.getComputeService(); Optional<SecurityGroupExtension> securityGroupExtension = computeService.getSecurityGroupExtension(); assertTrue(securityGroupExtension.isPresent(), "security group extension was not present"); NodeMetadata node = getOnlyElement(computeService.createNodesInGroup(nodeGroup, 1, options().securityGroups(groupId))); try { Set<SecurityGroup> groups = securityGroupExtension.get().listSecurityGroupsForNode(node.getId()); assertEquals(groups.size(), 1, "node has " + groups.size() + " groups"); assertEquals(getOnlyElement(groups).getId(), groupId); } finally { computeService.destroyNodesMatching(inGroup(node.getGroup())); } }
@Override public SecurityGroup removeIpPermission(IpPermission ipPermission, SecurityGroup group) { String region = group.getLocation().getId(); RegionAndId groupRegionAndId = RegionAndId.fromSlashEncoded(group.getId()); String id = groupRegionAndId.getId(); if (!sgApi.isPresent()) { return null; org.jclouds.openstack.nova.v2_0.domain.SecurityGroup securityGroup = sgApi.get().get(id); if (!ipPermission.getCidrBlocks().isEmpty()) { for (String cidr : ipPermission.getCidrBlocks()) { for (SecurityGroupRule rule : filter(securityGroup.getRules(), and(ruleCidr(cidr), ruleProtocol(ipPermission.getIpProtocol()), ruleStartPort(ipPermission.getFromPort()), ruleEndPort(ipPermission.getToPort())))) { sgApi.get().deleteRule(rule.getId()); if (!ipPermission.getGroupIds().isEmpty()) { for (String groupId : ipPermission.getGroupIds()) { for (SecurityGroupRule rule : filter(securityGroup.getRules(), and(ruleGroup(groupId), ruleProtocol(ipPermission.getIpProtocol()), ruleStartPort(ipPermission.getFromPort()),
@Test public void testCreateGroupAddPermissionsAndDelete() { SecurityGroupDefinition sgDef = new SecurityGroupDefinition() .allowingInternalPorts(8097, 8098) .allowingInternalPortRange(6000, 7999) .allowingPublicPort(8099); final String securityGroupName = Identifiers.makeRandomLowercaseId(15); final SecurityGroupEditor editor = makeEditor(); final SecurityGroup testGroup = createTestGroup(securityGroupName, editor); assertEquals(testGroup.getName(), "jclouds#" + securityGroupName); final SecurityGroup updated = editor.addPermissions(testGroup, sgDef.getPermissions()); final Optional<SecurityGroup> fromCloud = editor.findSecurityGroupByName(securityGroupName); assertTrue(fromCloud.isPresent()); final SecurityGroup cloudGroup = fromCloud.get(); assertPermissionsEqual(updated.getIpPermissions(), cloudGroup.getIpPermissions()); editor.removeSecurityGroup(updated); final Optional<SecurityGroup> afterRemove = editor.findSecurityGroupByName(securityGroupName); assertFalse(afterRemove.isPresent()); }
Optional<SecurityGroup> optGroup = getGroup(securityGroupExtension.get()); assertTrue(optGroup.isPresent()); SecurityGroup group = optGroup.get(); assertTrue(newGroup.getIpPermissions().contains(perm)); secondBuilder.fromPort(fromPort); secondBuilder.toPort(toPort); secondBuilder.groupId(group.getId()); emptyMultimap(), emptyStringSet(), ImmutableSet.of(group.getId()), newGroup); assertTrue(secondNewGroup.getIpPermissions().contains(secondPerm), "permissions for second group should contain " + secondPerm + " but do not: " + secondNewGroup.getIpPermissions()); thirdBuilder.toPort(toPort); if (securityGroupExtension.get().supportsTenantIdGroupIdPairs()) { thirdBuilder.tenantIdGroupNamePair(group.getOwnerId(), group.getProviderId()); } else if (securityGroupExtension.get().supportsTenantIdGroupNamePairs()) { thirdBuilder.tenantIdGroupNamePair(group.getOwnerId(), group.getName()); assertTrue(thirdNewGroup.getIpPermissions().contains(thirdPerm));
@Override public SecurityGroup addIpPermission(IpProtocol protocol, int startPort, int endPort, Multimap<String, String> tenantIdGroupNamePairs, Iterable<String> ipRanges, Iterable<String> groupIds, SecurityGroup group) { String region = AWSUtils.getRegionFromLocationOrNull(group.getLocation()); String id = group.getProviderId(); IpPermission.Builder builder = IpPermission.builder(); builder.ipProtocol(protocol); builder.fromPort(startPort); builder.toPort(endPort); if (!Iterables.isEmpty(ipRanges)) { for (String cidr : ipRanges) { builder.cidrBlock(cidr); } } if (!tenantIdGroupNamePairs.isEmpty()) { for (String userId : tenantIdGroupNamePairs.keySet()) { for (String groupString : tenantIdGroupNamePairs.get(userId)) { String[] parts = AWSUtils.parseHandle(groupString); String groupId = parts[1]; builder.tenantIdGroupNamePair(userId, groupId); } } } client.getSecurityGroupApi().get().authorizeSecurityGroupIngressInRegion(region, id, builder.build()); return getSecurityGroupById(group.getId()); }
@Test public void testGroupAddIsIdempotent() { SecurityGroupDefinition sgDef = new SecurityGroupDefinition() .allowingInternalPorts(8097, 8098) .allowingInternalPortRange(6000, 7999) .allowingPublicPort(8099); final String securityGroupName = Identifiers.makeRandomLowercaseId(15); final SecurityGroupEditor editor = makeEditor(); SecurityGroup group1 = createTestGroup(securityGroupName, editor); assertEquals(group1.getName(), "jclouds#" + securityGroupName); group1 = editor.addPermissions(group1, sgDef.getPermissions()); final SecurityGroup group2 = createTestGroup(securityGroupName, editor); assertEquals(group2.getName(), group1.getName()); assertPermissionsEqual(group2.getIpPermissions(), group1.getIpPermissions()); editor.removeSecurityGroup(group2); final Optional<SecurityGroup> afterRemove = editor.findSecurityGroupByName(securityGroupName); assertFalse(afterRemove.isPresent()); }
@Test public void testApplyWithCidr() { NovaSecurityGroupInRegionToSecurityGroup parser = createGroupParser(); SecurityGroupInRegion origGroup = new SecurityGroupInRegion(securityGroupWithCidr(), region.getId(), allGroups); SecurityGroup newGroup = parser.apply(origGroup); assertEquals(newGroup.getId(), origGroup.getRegion() + "/" + origGroup.getSecurityGroup().getId()); assertEquals(newGroup.getProviderId(), origGroup.getSecurityGroup().getId()); assertEquals(newGroup.getName(), origGroup.getSecurityGroup().getName()); assertEquals(newGroup.getOwnerId(), origGroup.getSecurityGroup().getTenantId()); final IpPermission permission = Iterables.getOnlyElement(newGroup.getIpPermissions()); assertEquals(permission.getFromPort(), 10); assertEquals(permission.getToPort(), 20); assertEquals(Iterables.getOnlyElement(permission.getCidrBlocks()), IP_RANGE); assertTrue(permission.getGroupIds().isEmpty()); assertEquals(newGroup.getLocation().getId(), origGroup.getRegion()); }
@Override public SecurityGroup removeIpPermission(IpProtocol protocol, int startPort, int endPort, Multimap<String, String> tenantIdGroupNamePairs, Iterable<String> ipRanges, Iterable<String> groupIds, SecurityGroup group) { String region = AWSUtils.getRegionFromLocationOrNull(group.getLocation()); String id = group.getProviderId(); IpPermission.Builder builder = IpPermission.builder(); builder.ipProtocol(protocol); builder.fromPort(startPort); builder.toPort(endPort); if (Iterables.size(ipRanges) > 0) { for (String cidr : ipRanges) { builder.cidrBlock(cidr); } } if (tenantIdGroupNamePairs.size() > 0) { for (String userId : tenantIdGroupNamePairs.keySet()) { for (String groupString : tenantIdGroupNamePairs.get(userId)) { String[] parts = AWSUtils.parseHandle(groupString); String groupId = parts[1]; builder.tenantIdGroupNamePair(userId, groupId); } } } client.getSecurityGroupApi().get().revokeSecurityGroupIngressInRegion(region, id, builder.build()); return getSecurityGroupById(group.getId()); }
public void addIpPermissionGroupFromParams() throws Exception { enqueueRegions(DEFAULT_REGION); enqueueXml(DEFAULT_REGION, "/authorize_securitygroup_ingress_response.xml"); enqueueXml(DEFAULT_REGION, "/describe_securitygroups_extension_group.xml"); enqueueXml(DEFAULT_REGION, "/availabilityZones.xml"); SecurityGroup newGroup = extension() .addIpPermission(permByGroup.getIpProtocol(), permByGroup.getFromPort(), permByGroup.getToPort(), permByGroup.getTenantIdGroupNamePairs(), permByGroup.getCidrBlocks(), permByGroup.getGroupIds(), group); IpPermission newPerm = Iterables.getOnlyElement(newGroup.getIpPermissions()); assertEquals(newPerm, permByGroup); assertPosted(DEFAULT_REGION, "Action=DescribeRegions"); assertPosted(DEFAULT_REGION, "Action=AuthorizeSecurityGroupIngress&GroupId=sg-3c6ef654&IpPermissions.0.IpProtocol=tcp&IpPermissions.0.FromPort=22&IpPermissions.0.ToPort=40&IpPermissions.0.Groups.0.UserId=993194456877&IpPermissions.0.Groups.0.GroupId=sg-3c6ef654"); assertPosted(DEFAULT_REGION, "Action=DescribeSecurityGroups&GroupId.1=sg-3c6ef654"); assertPosted(DEFAULT_REGION, "Action=DescribeAvailabilityZones"); }
@Test public void testApply() { IngressRule ruleToConvert = IngressRule.builder() .id("some-id") .account("some-account") .securityGroupName("some-group-name") .protocol(IpProtocol.TCP.toString()) .startPort(10) .endPort(20) .CIDR("0.0.0.0/0") .build(); org.jclouds.cloudstack.domain.SecurityGroup origGroup = org.jclouds.cloudstack.domain.SecurityGroup.builder() .id("some-id") .name("some-group") .description("some-description") .account("some-account") .ingressRules(ImmutableSet.of(ruleToConvert)) .build(); CloudStackSecurityGroupToSecurityGroup parser = createGroupParser(); SecurityGroup group = parser.apply(origGroup); assertEquals(group.getId(), origGroup.getId()); assertEquals(group.getProviderId(), origGroup.getId()); assertEquals(group.getName(), origGroup.getName()); assertEquals(group.getOwnerId(), origGroup.getAccount()); assertEquals(group.getIpPermissions(), ImmutableSet.copyOf(transform(origGroup.getIngressRules(), ruleConverter))); }
public void addIpPermissionCidrFromIpPermission() throws Exception { enqueueRegions(DEFAULT_REGION); enqueueXml(DEFAULT_REGION, "/authorize_securitygroup_ingress_response.xml"); enqueueXml(DEFAULT_REGION, "/describe_securitygroups_extension_cidr.xml"); enqueueXml(DEFAULT_REGION, "/availabilityZones.xml"); SecurityGroup newGroup = extension().addIpPermission(permByCidrBlock, group); assertEquals(1, newGroup.getIpPermissions().size()); IpPermission newPerm = Iterables.getOnlyElement(newGroup.getIpPermissions()); assertEquals(newPerm, permByCidrBlock); assertPosted(DEFAULT_REGION, "Action=DescribeRegions"); assertPosted(DEFAULT_REGION, "Action=AuthorizeSecurityGroupIngress&GroupId=sg-3c6ef654&IpPermissions.0.IpProtocol=tcp&IpPermissions.0.FromPort=22&IpPermissions.0.ToPort=40&IpPermissions.0.IpRanges.0.CidrIp=0.0.0.0/0"); assertPosted(DEFAULT_REGION, "Action=DescribeSecurityGroups&GroupId.1=sg-3c6ef654"); assertPosted(DEFAULT_REGION, "Action=DescribeAvailabilityZones"); }