public Firewall build() { return new Firewall(super.id, super.creationTimestamp, super.selfLink, super.name, super.description, network, sourceRanges.build(), sourceTags.build(), targetTags.build(), allowed.build()); }
public Builder fromFirewall(Firewall in) { return super.fromResource(in).network(in.getNetwork()).sourceRanges(in.getSourceRanges()).sourceTags(in .getSourceTags()).targetTags(in.getTargetTags()).allowed(in.getAllowed()); }
@Override public boolean apply(Firewall input) { return Iterables.elementsEqual(permission.getGroupIds(), input.getSourceTags()) && Iterables.elementsEqual(permission.getCidrBlocks(), input.getSourceRanges()) && (input.getAllowed().size() == 1 && ruleEqualsIpPermission(permission).apply(Iterables.getOnlyElement(input.getAllowed()))); } };
private void assertFirewallEquals(Firewall result, FirewallOptions expected) { assertEquals(result.name(), expected.name()); assertEquals(getOnlyElement(result.sourceRanges()), getOnlyElement(expected.sourceRanges())); assertEquals(getOnlyElement(result.sourceTags()), getOnlyElement(expected.sourceTags())); assertEquals(getOnlyElement(result.targetTags()), getOnlyElement(expected.targetTags())); assertEquals(result.allowed(), expected.getAllowed()); } }
/** * Convenience method for populating common parts of the IpPermission. * @param fw * @param protocol * @return a pre-populated builder. */ private IpPermission.Builder populateBuilder(Firewall fw, IpProtocol protocol) { IpPermission.Builder builder = IpPermission.builder(); builder.ipProtocol(protocol); if (!fw.getSourceRanges().isEmpty()) { builder.cidrBlocks(fw.getSourceRanges()); } if (!fw.getSourceTags().isEmpty()) { builder.groupIds(fw.getSourceTags()); } return builder; } }
private void cleanUpFirewallsForGroup(final String groupName) { GroupNamingConvention namingScheme = namingConvention.create(); FirewallApi firewallApi = api.firewalls(); for (Firewall firewall : concat(firewallApi.list())) { String foundGroup = namingScheme.groupInUniqueNameOrNull(firewall.name()); if ((foundGroup != null) && foundGroup.equals(groupName)){ AtomicReference<Operation> operation = Atomics.newReference(firewallApi.delete(firewall.name())); operationDone.apply(operation); if (operation.get().httpErrorStatusCode() != null) { logger.warn("delete orphaned firewall %s failed. Http Error Code: %d HttpError: %s", operation.get().targetId(), operation.get().httpErrorStatusCode(), operation.get().httpErrorMessage()); } } } }
Firewall firewall = firewallApi.get(firewallName); validateFirewall(firewall, network); if (!firewall.targetTags().isEmpty()) { tags.addAll(firewall.targetTags());
@Override public boolean apply(Firewall fw) { return Iterables.any(fw.getAllowed(), new Predicate<Rule>() { @Override public boolean apply(Rule input) { return input.getPorts().encloses(portRange); } }); } };
@Override public SecurityGroup removeIpPermission(IpPermission ipPermission, SecurityGroup group) { checkNotNull(group, "group"); checkNotNull(ipPermission, "ipPermission"); checkNotNull(api.getNetworkApiForProject(userProject.get()).get(group.getId()) == null, "network for group is null"); ListOptions options = new ListOptions.Builder().filter("network eq .*/" + group.getName()); FluentIterable<Firewall> fws = api.getFirewallApiForProject(userProject.get()).list(options).concat(); for (Firewall fw : fws) { if (equalsIpPermission(ipPermission).apply(fw)) { AtomicReference<Operation> operation = Atomics.newReference(api.getFirewallApiForProject(userProject.get()) .delete(fw.getName())); retry(operationDonePredicate, operationCompleteCheckTimeout, operationCompleteCheckInterval, MILLISECONDS).apply(operation); checkState(!operation.get().getHttpError().isPresent(), "Could not delete firewall, operation failed" + operation); } } return getSecurityGroupById(group.getId()); }
@Override public boolean apply(Firewall input) { return input.getSourceTags() != null && input.getSourceTags().contains(sourceTag); } };
@Override public boolean apply(Firewall input) { return input != null && input.getNetwork().equals(network.getSelfLink()); } };
@Override public boolean apply(Firewall input) { return input.getSourceRanges() != null && input.getSourceRanges().contains(sourceRange); } };
@Override public boolean apply(final Firewall input) { // If any of the targetTags on the firewall apply or the firewall has no target tags... return Iterables.any(input.getTargetTags(), Predicates.in(tags)) || Predicates.equalTo(0).apply(input.getTargetTags().size()); } }).toSet();
@Override public boolean apply(Firewall input) { return Iterables.elementsEqual(permission.getGroupIds(), input.getSourceTags()) && Iterables.elementsEqual(permission.getCidrBlocks(), input.getSourceRanges()) && (input.getAllowed().size() == 1 && ruleEqualsIpPermission(permission).apply(Iterables.getOnlyElement(input.getAllowed()))); } };
/** * Convenience method for populating common parts of the IpPermission. * @param fw * @param protocol * @return a pre-populated builder. */ private IpPermission.Builder populateBuilder(Firewall fw, IpProtocol protocol) { IpPermission.Builder builder = IpPermission.builder(); builder.ipProtocol(protocol); if (!fw.getSourceRanges().isEmpty()) { builder.cidrBlocks(fw.getSourceRanges()); } if (!fw.getSourceTags().isEmpty()) { builder.groupIds(fw.getSourceTags()); } return builder; } }
private void cleanUpFirewallsForGroup(final String groupName) { GroupNamingConvention namingScheme = namingConvention.create(); FirewallApi firewallApi = api.firewalls(); for (Firewall firewall : concat(firewallApi.list())) { String foundGroup = namingScheme.groupInUniqueNameOrNull(firewall.name()); if ((foundGroup != null) && foundGroup.equals(groupName)){ AtomicReference<Operation> operation = Atomics.newReference(firewallApi.delete(firewall.name())); operationDone.apply(operation); if (operation.get().httpErrorStatusCode() != null) { logger.warn("delete orphaned firewall %s failed. Http Error Code: %d HttpError: %s", operation.get().targetId(), operation.get().httpErrorStatusCode(), operation.get().httpErrorMessage()); } } } }
Firewall firewall = firewallApi.get(firewallName); validateFirewall(firewall, network); if (!firewall.targetTags().isEmpty()) { tags.addAll(firewall.targetTags());
@Override public boolean apply(Firewall fw) { return Iterables.any(fw.getAllowed(), new Predicate<Rule>() { @Override public boolean apply(Rule input) { return input.getPorts().encloses(portRange); } }); } };
@Override public SecurityGroup removeIpPermission(IpPermission ipPermission, SecurityGroup group) { checkNotNull(group, "group"); checkNotNull(ipPermission, "ipPermission"); checkNotNull(api.getNetworkApiForProject(userProject.get()).get(group.getId()) == null, "network for group is null"); ListOptions options = new ListOptions.Builder().filter("network eq .*/" + group.getName()); FluentIterable<Firewall> fws = api.getFirewallApiForProject(userProject.get()).list(options).concat(); for (Firewall fw : fws) { if (equalsIpPermission(ipPermission).apply(fw)) { AtomicReference<Operation> operation = Atomics.newReference(api.getFirewallApiForProject(userProject.get()) .delete(fw.getName())); retry(operationDonePredicate, operationCompleteCheckTimeout, operationCompleteCheckInterval, MILLISECONDS).apply(operation); checkState(!operation.get().getHttpError().isPresent(), "Could not delete firewall, operation failed" + operation); } } return getSecurityGroupById(group.getId()); }