@Override public IpPermission apply(final NetworkSecurityRule rule) { if (!InboundRule.apply(rule)) { logger.warn(">> ignoring non-inbound network security rule %s...", rule.name()); return null; } IpPermission permissions = IpPermissions.permit(IpProtocol.fromValue(rule.properties().protocol().name())); String portRange = rule.properties().destinationPortRange(); if (!"*".equals(portRange)) { String[] range = portRange.split("-"); // One single element if it is a single port permissions = PortSelection.class.cast(permissions).fromPort(Integer.parseInt(range[0])) .to(Integer.parseInt(range[range.length - 1])); } if (!"*".equals(rule.properties().sourceAddressPrefix())) { permissions = ToSourceSelection.class.cast(permissions).originatingFromCidrBlock( rule.properties().sourceAddressPrefix()); } return permissions; }
public IpPermissions exceptOriginatingFromCidrBlocks(Iterable<String> excludedCidrIps) { return new IpPermissions(getIpProtocol(), getFromPort(), getToPort(), ImmutableMultimap.<String, String> of(), ImmutableSet.<String> of(), ImmutableSet.<String> of(), excludedCidrIps); }
@Test(groups = { "integration", "live" }, singleThreaded = true, dependsOnMethods = "testAddIpPermissionsFromSpec") public void testAddIpPermissionForAnyProtocol() { ComputeService computeService = view.getComputeService(); Optional<SecurityGroupExtension> securityGroupExtension = computeService.getSecurityGroupExtension(); assertTrue(securityGroupExtension.isPresent(), "security group extension was not present"); SecurityGroup group = securityGroupExtension.get().getSecurityGroupById(groupId); assertNotNull(group, "No security group was found with id: " + groupId); IpPermission openAll = IpPermissions.permitAnyProtocol(); SecurityGroup allOpenSecurityGroup = securityGroupExtension.get().addIpPermission(openAll, group); assertTrue(allOpenSecurityGroup.getIpPermissions().contains(openAll)); }
public void testProtocolICMPAny() { IpPermissions authorization = IpPermissions.permitICMP().originatingFromSecurityGroupId("groupId"); assertEquals(authorization, IpPermission.builder().ipProtocol(IpProtocol.ICMP).fromPort(-1).toPort(-1) .groupId("groupId").build()); }
public void testProtocolICMPAny() { IpPermissions authorization = IpPermissions.permitICMP().originatingFromSecurityGroupId("groupId"); assertEquals(authorization, IpPermission.builder().ipProtocol(IpProtocol.ICMP).fromPort(-1).toPort(-1) .groupId("groupId").build()); }
@Override public IpPermission apply(final NetworkSecurityRule rule) { if (!InboundRule.apply(rule)) { logger.warn(">> ignoring non-inbound network security rule %s...", rule.name()); return null; } IpPermission permissions = IpPermissions.permit(IpProtocol.fromValue(rule.properties().protocol().name())); String portRange = rule.properties().destinationPortRange(); if (!"*".equals(portRange)) { String[] range = portRange.split("-"); // One single element if it is a single port permissions = PortSelection.class.cast(permissions).fromPort(Integer.parseInt(range[0])) .to(Integer.parseInt(range[range.length - 1])); } if (!"*".equals(rule.properties().sourceAddressPrefix())) { permissions = ToSourceSelection.class.cast(permissions).originatingFromCidrBlock( rule.properties().sourceAddressPrefix()); } return permissions; }
public IpPermissions originatingFromCidrBlocks(Iterable<String> cidrIps) { return new IpPermissions(getIpProtocol(), getFromPort(), getToPort(), ImmutableMultimap.<String, String> of(), ImmutableSet.<String> of(), cidrIps, ImmutableSet.<String> of()); }
@Test(expectedExceptions = IllegalArgumentException.class) public void testAllProtocolInvalidCidrMultiple() { IpPermissions authorization = IpPermissions.permitAnyProtocol(); assertEquals(authorization, IpPermission.builder().ipProtocol(IpProtocol.ALL).fromPort(1).toPort(65535) .cidrBlocks(ImmutableSet.of("a.0.0.0/0", "0.0.0.0/0")).build()); }
public void testProtocolICMPTypeAnyCode() { IpPermissions authorization = IpPermissions.permitICMP().type(8).originatingFromSecurityGroupId("groupId"); assertEquals(authorization, IpPermission.builder().ipProtocol(IpProtocol.ICMP).fromPort(8).toPort(-1) .groupId("groupId").build()); }
public void testMultipleCidrs() { IpPermissions authorization = IpPermissions.permit(IpProtocol.TCP).originatingFromCidrBlocks( ImmutableSet.of("1.1.1.1/32", "1.1.1.2/32")); assertEquals(authorization, IpPermission.builder().ipProtocol(IpProtocol.TCP).fromPort(1).toPort(65535) .cidrBlocks(ImmutableSet.of("1.1.1.1/32", "1.1.1.2/32")).build()); }
public IpPermissions exceptOriginatingFromCidrBlocks(Iterable<String> excludedCidrIps) { return new IpPermissions(getIpProtocol(), getFromPort(), getToPort(), ImmutableMultimap.<String, String> of(), ImmutableSet.<String> of(), ImmutableSet.<String> of(), excludedCidrIps); }
@Test(expectedExceptions = IllegalArgumentException.class) public void testAllProtocolInvalidExclusionCidrMultiple() { IpPermissions authorization = IpPermissions.permitAnyProtocol(); assertEquals(authorization, IpPermission.builder().ipProtocol(IpProtocol.ALL).fromPort(1).toPort(65535) .exclusionCidrBlocks(ImmutableSet.of("a.0.0.0/0", "0.0.0.0/0")).build()); }
public void testProtocolICMPTypeAnyCode() { IpPermissions authorization = IpPermissions.permitICMP().type(8).originatingFromSecurityGroupId("groupId"); assertEquals(authorization, IpPermission.builder().ipProtocol(IpProtocol.ICMP).fromPort(8).toPort(-1) .groupId("groupId").build()); }
@Test(groups = { "integration", "live" }, dependsOnMethods = "testCreateSecurityGroup") public void testCreateNodeWithInboundPorts() throws RunNodesException, InterruptedException, ExecutionException { ComputeService computeService = view.getComputeService(); Optional<SecurityGroupExtension> securityGroupExtension = computeService.getSecurityGroupExtension(); assertTrue(securityGroupExtension.isPresent(), "security group extension was not present"); NodeMetadata node = getOnlyElement(computeService.createNodesInGroup(nodeGroup, 1, options().inboundPorts(22, 23, 24, 8000))); try { Set<SecurityGroup> groups = securityGroupExtension.get().listSecurityGroupsForNode(node.getId()); assertEquals(groups.size(), 1, "node has " + groups.size() + " groups"); SecurityGroup group = getOnlyElement(groups); assertEquals(group.getIpPermissions().size(), 2); assertTrue(group.getIpPermissions().contains(IpPermissions.permit(TCP).fromPort(22).to(24))); assertTrue(group.getIpPermissions().contains(IpPermissions.permit(TCP).port(8000))); } finally { computeService.destroyNodesMatching(inGroup(node.getGroup())); } }
public IpPermissions originatingFromCidrBlocks(Iterable<String> cidrIps) { return new IpPermissions(getIpProtocol(), getFromPort(), getToPort(), ImmutableMultimap.<String, String> of(), ImmutableSet.<String> of(), cidrIps, ImmutableSet.<String> of()); }
@Test(expectedExceptions = IllegalArgumentException.class) public void testAllProtocolInvalidCidr() { IpPermissions authorization = IpPermissions.permitAnyProtocol(); assertEquals(authorization, IpPermission.builder().ipProtocol(IpProtocol.ALL).fromPort(1).toPort(65535) .cidrBlock("a.0.0.0/0").build()); }
public void testProtocolICMPTypeCode() { IpPermissions authorization = IpPermissions.permitICMP().type(8).andCode(0).originatingFromSecurityGroupId( "groupId"); assertEquals(authorization, IpPermission.builder().ipProtocol(IpProtocol.ICMP).fromPort(8).toPort(0).groupId( "groupId").build()); }
public void testMultipleCidrsExclusions() { IpPermissions authorization = IpPermissions.permit(IpProtocol.TCP).exceptOriginatingFromCidrBlocks( ImmutableSet.of("1.1.1.1/32", "1.1.1.2/32")); assertEquals(authorization, IpPermission.builder().ipProtocol(IpProtocol.TCP).fromPort(1).toPort(65535) .exclusionCidrBlocks(ImmutableSet.of("1.1.1.1/32", "1.1.1.2/32")).build()); }
public IpPermissions originatingFromCidrBlocks(Iterable<String> cidrIps) { return new IpPermissions(getIpProtocol(), getFromPort(), getToPort(), ImmutableMultimap.<String, String> of(), ImmutableSet.<String> of(), cidrIps); }
@Test(expectedExceptions = IllegalArgumentException.class) public void testAllProtocolInvalidExclusionCidr() { IpPermissions authorization = IpPermissions.permitAnyProtocol(); assertEquals(authorization, IpPermission.builder().ipProtocol(IpProtocol.ALL).fromPort(1).toPort(65535) .exclusionCidrBlock("a.0.0.0/0").build()); }