@Override public IpPermission apply(final NetworkSecurityRule rule) { if (!InboundRule.apply(rule)) { logger.warn(">> ignoring non-inbound network security rule %s...", rule.name()); return null; } IpPermission permissions = IpPermissions.permit(IpProtocol.fromValue(rule.properties().protocol().name())); String portRange = rule.properties().destinationPortRange(); if (!"*".equals(portRange)) { String[] range = portRange.split("-"); // One single element if it is a single port permissions = PortSelection.class.cast(permissions).fromPort(Integer.parseInt(range[0])) .to(Integer.parseInt(range[range.length - 1])); } if (!"*".equals(rule.properties().sourceAddressPrefix())) { permissions = ToSourceSelection.class.cast(permissions).originatingFromCidrBlock( rule.properties().sourceAddressPrefix()); } return permissions; }
@Test(groups = { "integration", "live" }, dependsOnMethods = "testCreateSecurityGroup") public void testCreateNodeWithInboundPorts() throws RunNodesException, InterruptedException, ExecutionException { ComputeService computeService = view.getComputeService(); Optional<SecurityGroupExtension> securityGroupExtension = computeService.getSecurityGroupExtension(); assertTrue(securityGroupExtension.isPresent(), "security group extension was not present"); NodeMetadata node = getOnlyElement(computeService.createNodesInGroup(nodeGroup, 1, options().inboundPorts(22, 23, 24, 8000))); try { Set<SecurityGroup> groups = securityGroupExtension.get().listSecurityGroupsForNode(node.getId()); assertEquals(groups.size(), 1, "node has " + groups.size() + " groups"); SecurityGroup group = getOnlyElement(groups); assertEquals(group.getIpPermissions().size(), 2); assertTrue(group.getIpPermissions().contains(IpPermissions.permit(TCP).fromPort(22).to(24))); assertTrue(group.getIpPermissions().contains(IpPermissions.permit(TCP).port(8000))); } finally { computeService.destroyNodesMatching(inGroup(node.getGroup())); } }
@Override public IpPermission apply(final NetworkSecurityRule rule) { if (!InboundRule.apply(rule)) { logger.warn(">> ignoring non-inbound network security rule %s...", rule.name()); return null; } IpPermission permissions = IpPermissions.permit(IpProtocol.fromValue(rule.properties().protocol().name())); String portRange = rule.properties().destinationPortRange(); if (!"*".equals(portRange)) { String[] range = portRange.split("-"); // One single element if it is a single port permissions = PortSelection.class.cast(permissions).fromPort(Integer.parseInt(range[0])) .to(Integer.parseInt(range[range.length - 1])); } if (!"*".equals(rule.properties().sourceAddressPrefix())) { permissions = ToSourceSelection.class.cast(permissions).originatingFromCidrBlock( rule.properties().sourceAddressPrefix()); } return permissions; }
public ToPortSelection fromPort(int port) { return new ToPortSelection(getIpProtocol(), port); }
public ToPortSelection fromPort(int port) { return new ToPortSelection(getIpProtocol(), port); }
public ToPortSelection fromPort(int port) { return new ToPortSelection(getIpProtocol(), port); }
public ToSourceSelection to(int port) { return new ToSourceSelection(getIpProtocol(), getFromPort(), port); } }
public ToPortSelection fromPort(int port) { return new ToPortSelection(getIpProtocol(), port); }
public ToSourceSelection to(int port) { return new ToSourceSelection(getIpProtocol(), getFromPort(), port); } }
public ToSourceSelection to(int port) { return new ToSourceSelection(getIpProtocol(), getFromPort(), port); } }
public void testProtocolFromAndToPortAndUserGroups() { IpPermissions authorization = IpPermissions.permit(IpProtocol.ICMP).fromPort(8).to(0) .originatingFromTenantAndSecurityGroup("tenantId", "groupName"); assertEquals(authorization, IpPermission.builder().ipProtocol(IpProtocol.ICMP).fromPort(8).toPort(0) .tenantIdGroupNamePair("tenantId", "groupName").build()); } }
public void testProtocolFromAndToPortAndGroupIds() { IpPermissions authorization = IpPermissions.permit(IpProtocol.UDP).fromPort(11).to(53) .originatingFromSecurityGroupId("groupId"); assertEquals(authorization, IpPermission.builder().ipProtocol(IpProtocol.UDP).fromPort(11).toPort(53) .groupId("groupId").build()); }
public ToSourceSelection to(int port) { return new ToSourceSelection(getIpProtocol(), getFromPort(), port); } }
public void testProtocolFromAndToPortAndGroupIds() { IpPermissions authorization = IpPermissions.permit(IpProtocol.UDP).fromPort(11).to(53) .originatingFromSecurityGroupId("groupId"); assertEquals(authorization, IpPermission.builder().ipProtocol(IpProtocol.UDP).fromPort(11).toPort(53) .groupId("groupId").build()); }
public void testProtocolFromAndToPortAndUserGroups() { IpPermissions authorization = IpPermissions.permit(IpProtocol.ICMP).fromPort(8).to(0) .originatingFromTenantAndSecurityGroup("tenantId", "groupName"); assertEquals(authorization, IpPermission.builder().ipProtocol(IpProtocol.ICMP).fromPort(8).toPort(0) .tenantIdGroupNamePair("tenantId", "groupName").build()); } }