@Override public SecurityGroup removeIpPermission(IpPermission ipPermission, SecurityGroup group) { SecurityGroupBuilder builder = SecurityGroupBuilder.fromSecurityGroup(checkNotNull(group, "group")); builder.ipPermissions(); builder.ipPermissions(filter(group.getIpPermissions(), not(equalTo(ipPermission)))); SecurityGroup newGroup = builder.build(); if (groups.containsKey(newGroup.getId())) { groups.remove(newGroup.getId()); } groups.put(newGroup.getId(), newGroup); return newGroup; }
@Override public SecurityGroup removeIpPermission(IpPermission ipPermission, SecurityGroup group) { SecurityGroupBuilder builder = SecurityGroupBuilder.fromSecurityGroup(checkNotNull(group, "group")); builder.ipPermissions(); builder.ipPermissions(filter(group.getIpPermissions(), not(equalTo(ipPermission)))); SecurityGroup newGroup = builder.build(); if (groups.containsKey(newGroup.getId())) { groups.remove(newGroup.getId()); } groups.put(newGroup.getId(), newGroup); return newGroup; }
@Override public SecurityGroup removeIpPermission(IpPermission ipPermission, SecurityGroup group) { SecurityGroupBuilder builder = SecurityGroupBuilder.fromSecurityGroup(checkNotNull(group, "group")); builder.ipPermissions(); builder.ipPermissions(filter(group.getIpPermissions(), not(equalTo(ipPermission)))); SecurityGroup newGroup = builder.build(); if (groups.containsKey(newGroup.getId())) { groups.remove(newGroup.getId()); } groups.put(newGroup.getId(), newGroup); return newGroup; }
@Test(groups = { "integration", "live" }, singleThreaded = true, dependsOnMethods = "testAddIpPermissionsFromSpec") public void testAddIpPermissionForAnyProtocol() { ComputeService computeService = view.getComputeService(); Optional<SecurityGroupExtension> securityGroupExtension = computeService.getSecurityGroupExtension(); assertTrue(securityGroupExtension.isPresent(), "security group extension was not present"); SecurityGroup group = securityGroupExtension.get().getSecurityGroupById(groupId); assertNotNull(group, "No security group was found with id: " + groupId); IpPermission openAll = IpPermissions.permitAnyProtocol(); SecurityGroup allOpenSecurityGroup = securityGroupExtension.get().addIpPermission(openAll, group); assertTrue(allOpenSecurityGroup.getIpPermissions().contains(openAll)); }
@Test(groups = { "integration", "live" }, singleThreaded = true, dependsOnMethods = "testAddIpPermission") public void testRemoveIpPermission() { skipIfSecurityGroupsNotSupported(); ComputeService computeService = view.getComputeService(); Optional<SecurityGroupExtension> securityGroupExtension = computeService.getSecurityGroupExtension(); assertTrue(securityGroupExtension.isPresent(), "security group extension was not present"); Optional<SecurityGroup> optGroup = getGroup(securityGroupExtension.get()); assertTrue(optGroup.isPresent()); SecurityGroup group = optGroup.get(); IpPermission portRangeIpPermission = createPortRangePermission(); IpPermission singlePortIpPermission = createSinglePortPermission(); SecurityGroup newGroup = securityGroupExtension.get().removeIpPermission(portRangeIpPermission, group); SecurityGroup emptyGroup = securityGroupExtension.get().removeIpPermission(singlePortIpPermission, newGroup); assertEquals(Iterables.size(emptyGroup.getIpPermissions()), 0, "Group should have no permissions, but has " + Iterables.size(emptyGroup.getIpPermissions())); }
@Test(groups = { "integration", "live" }, singleThreaded = true, dependsOnMethods = "testAddIpPermissionWithCidrExclusionGroup") public void testRemoveIpPermissionWithCidrExclusionGroup() { skipIfSecurityGroupsNotSupported(); ComputeService computeService = view.getComputeService(); Optional<SecurityGroupExtension> securityGroupExtension = computeService.getSecurityGroupExtension(); assertTrue(securityGroupExtension.isPresent(), "security group extension was not present"); if (!securityGroupExtension.get().supportsExclusionCidrBlocks()) { throw new SkipException("Test cannot run without CIDR exclusion groups available."); } Optional<SecurityGroup> optGroup = getGroup(securityGroupExtension.get()); assertTrue(optGroup.isPresent()); SecurityGroup group = optGroup.get(); IpPermission cidrExclusionPermission = createCidrExclusionPermission(); SecurityGroup emptyGroup = securityGroupExtension.get().removeIpPermission(cidrExclusionPermission, group); assertFalse(emptyGroup.getIpPermissions().contains(cidrExclusionPermission)); }
@Test(groups = { "integration", "live" }, singleThreaded = true, dependsOnMethods = "testAddIpPermissionsFromSpec") public void testAddIpPermissionWithCidrExclusionGroup() { skipIfSecurityGroupsNotSupported(); ComputeService computeService = view.getComputeService(); Optional<SecurityGroupExtension> securityGroupExtension = computeService.getSecurityGroupExtension(); assertTrue(securityGroupExtension.isPresent(), "security group extension was not present"); if (!securityGroupExtension.get().supportsExclusionCidrBlocks()) { throw new SkipException("Test cannot run without CIDR exclusion groups available."); } Optional<SecurityGroup> optGroup = getGroup(securityGroupExtension.get()); assertTrue(optGroup.isPresent()); SecurityGroup group = optGroup.get(); IpPermission cidrExclusionPermission = createCidrExclusionPermission(); Set<IpPermission> expectedPermissions = ImmutableSet.of(cidrExclusionPermission); SecurityGroup securityGroupWithExclusion = securityGroupExtension.get().addIpPermission(cidrExclusionPermission, group); assertTrue(securityGroupWithExclusion.getIpPermissions().containsAll(expectedPermissions)); }
@Test(groups = { "integration", "live" }, singleThreaded = true, dependsOnMethods = "testGetSecurityGroupById") public void testAddIpPermission() { skipIfSecurityGroupsNotSupported(); ComputeService computeService = view.getComputeService(); Optional<SecurityGroupExtension> securityGroupExtension = computeService.getSecurityGroupExtension(); assertTrue(securityGroupExtension.isPresent(), "security group extension was not present"); Optional<SecurityGroup> optGroup = getGroup(securityGroupExtension.get()); assertTrue(optGroup.isPresent()); SecurityGroup group = optGroup.get(); IpPermission portRangeIpPermission = createPortRangePermission(); IpPermission singlePortIpPermission = createSinglePortPermission(); Set<IpPermission> expectedPermissions = ImmutableSet.of(portRangeIpPermission, singlePortIpPermission); SecurityGroup onePermissionAdded = securityGroupExtension.get().addIpPermission(portRangeIpPermission, group); SecurityGroup twoPermissionsAdded = securityGroupExtension.get().addIpPermission(singlePortIpPermission, onePermissionAdded); assertEquals(twoPermissionsAdded.getIpPermissions(), expectedPermissions); }
private void doOneSecurityEditorOperationCycle(String id, SecurityGroupEditor editor, JcloudsSshMachineLocation machine) { SecurityGroup securityGroup = editor.createSecurityGroup(id); final String groupId = securityGroup.getId(); final IpPermission permission = aPermission(); securityGroup = editor.addPermission(securityGroup, permission); assertTrue(securityGroup.getIpPermissions().contains(permission)); securityGroup = editor.removePermission(securityGroup, permission); assertFalse(securityGroup.getIpPermissions().contains(permission)); assertTrue(editor.removeSecurityGroup(securityGroup)); final Set<SecurityGroup> securityGroups = editor.listSecurityGroupsForNode(machine.getNode().getId()); for (SecurityGroup s: securityGroups) { assertFalse(s.getId().equals(groupId)); } }
@Override public boolean apply(SecurityGroup scipPermission) { for (IpPermission ipPermission : scipPermission.getIpPermissions()) { if (ipPermission.getFromPort() == fromPort && ipPermission.getToPort() == toPort && ipPermission.getIpProtocol() == ipProtocol) { return true; } } return false; } };
public void addIpPermissionCidrFromIpPermission() throws Exception { enqueueRegions(DEFAULT_REGION); enqueueXml(DEFAULT_REGION, "/authorize_securitygroup_ingress_response.xml"); enqueueXml(DEFAULT_REGION, "/describe_securitygroups_extension_cidr.xml"); enqueueXml(DEFAULT_REGION, "/availabilityZones.xml"); SecurityGroup newGroup = extension().addIpPermission(permByCidrBlock, group); assertEquals(1, newGroup.getIpPermissions().size()); IpPermission newPerm = Iterables.getOnlyElement(newGroup.getIpPermissions()); assertEquals(newPerm, permByCidrBlock); assertPosted(DEFAULT_REGION, "Action=DescribeRegions"); assertPosted(DEFAULT_REGION, "Action=AuthorizeSecurityGroupIngress&GroupId=sg-3c6ef654&IpPermissions.0.IpProtocol=tcp&IpPermissions.0.FromPort=22&IpPermissions.0.ToPort=40&IpPermissions.0.IpRanges.0.CidrIp=0.0.0.0/0"); assertPosted(DEFAULT_REGION, "Action=DescribeSecurityGroups&GroupId.1=sg-3c6ef654"); assertPosted(DEFAULT_REGION, "Action=DescribeAvailabilityZones"); }
public void addIpPermissionGroupFromIpPermission() throws Exception { enqueueRegions(DEFAULT_REGION); enqueueXml(DEFAULT_REGION, "/authorize_securitygroup_ingress_response.xml"); enqueueXml(DEFAULT_REGION, "/describe_securitygroups_extension_group.xml"); enqueueXml(DEFAULT_REGION, "/availabilityZones.xml"); SecurityGroup newGroup = extension().addIpPermission(permByGroup, group); assertEquals(1, newGroup.getIpPermissions().size()); IpPermission newPerm = Iterables.getOnlyElement(newGroup.getIpPermissions()); assertEquals(newPerm, permByGroup); assertPosted(DEFAULT_REGION, "Action=DescribeRegions"); assertPosted(DEFAULT_REGION, "Action=AuthorizeSecurityGroupIngress&GroupId=sg-3c6ef654&IpPermissions.0.IpProtocol=tcp&IpPermissions.0.FromPort=22&IpPermissions.0.ToPort=40&IpPermissions.0.Groups.0.UserId=993194456877&IpPermissions.0.Groups.0.GroupId=sg-3c6ef654"); assertPosted(DEFAULT_REGION, "Action=DescribeSecurityGroups&GroupId.1=sg-3c6ef654"); assertPosted(DEFAULT_REGION, "Action=DescribeAvailabilityZones"); }
@Test public void testCreateGroupAddPermissionsAndDelete() { SecurityGroupDefinition sgDef = new SecurityGroupDefinition() .allowingInternalPorts(8097, 8098) .allowingInternalPortRange(6000, 7999) .allowingPublicPort(8099); final String securityGroupName = Identifiers.makeRandomLowercaseId(15); final SecurityGroupEditor editor = makeEditor(); final SecurityGroup testGroup = createTestGroup(securityGroupName, editor); assertEquals(testGroup.getName(), "jclouds#" + securityGroupName); final SecurityGroup updated = editor.addPermissions(testGroup, sgDef.getPermissions()); final Optional<SecurityGroup> fromCloud = editor.findSecurityGroupByName(securityGroupName); assertTrue(fromCloud.isPresent()); final SecurityGroup cloudGroup = fromCloud.get(); assertPermissionsEqual(updated.getIpPermissions(), cloudGroup.getIpPermissions()); editor.removeSecurityGroup(updated); final Optional<SecurityGroup> afterRemove = editor.findSecurityGroupByName(securityGroupName); assertFalse(afterRemove.isPresent()); }
@Test public void testApplyWithCidr() { NovaSecurityGroupInRegionToSecurityGroup parser = createGroupParser(); SecurityGroupInRegion origGroup = new SecurityGroupInRegion(securityGroupWithCidr(), region.getId(), allGroups); SecurityGroup newGroup = parser.apply(origGroup); assertEquals(newGroup.getId(), origGroup.getRegion() + "/" + origGroup.getSecurityGroup().getId()); assertEquals(newGroup.getProviderId(), origGroup.getSecurityGroup().getId()); assertEquals(newGroup.getName(), origGroup.getSecurityGroup().getName()); assertEquals(newGroup.getOwnerId(), origGroup.getSecurityGroup().getTenantId()); final IpPermission permission = Iterables.getOnlyElement(newGroup.getIpPermissions()); assertEquals(permission.getFromPort(), 10); assertEquals(permission.getToPort(), 20); assertEquals(Iterables.getOnlyElement(permission.getCidrBlocks()), IP_RANGE); assertTrue(permission.getGroupIds().isEmpty()); assertEquals(newGroup.getLocation().getId(), origGroup.getRegion()); }
@Test public void testApplyWithGroup() { NovaSecurityGroupInRegionToSecurityGroup parser = createGroupParser(); final org.jclouds.openstack.nova.v2_0.domain.SecurityGroup otherGroup = securityGroupWithCidr(); SecurityGroupInRegion origGroup = new SecurityGroupInRegion(securityGroupWithGroup(), region.getId(), allGroups); SecurityGroup newGroup = parser.apply(origGroup); assertEquals(newGroup.getId(), origGroup.getRegion() + "/" + origGroup.getSecurityGroup().getId()); assertEquals(newGroup.getProviderId(), origGroup.getSecurityGroup().getId()); assertEquals(newGroup.getName(), origGroup.getSecurityGroup().getName()); assertEquals(newGroup.getOwnerId(), origGroup.getSecurityGroup().getTenantId()); final IpPermission permission = Iterables.getOnlyElement(newGroup.getIpPermissions()); assertEquals(Iterables.getOnlyElement(permission.getGroupIds()), region.getId() + "/" + otherGroup.getId()); assertEquals(permission.getFromPort(), 10); assertEquals(permission.getToPort(), 20); assertTrue(permission.getCidrBlocks().isEmpty()); assertEquals(newGroup.getLocation().getId(), origGroup.getRegion()); }
public static SecurityGroupBuilder fromSecurityGroup(SecurityGroup group) { return new SecurityGroupBuilder().providerId(group.getProviderId()) .name(group.getName()) .id(group.getId()) .location(group.getLocation()) .uri(group.getUri()) .userMetadata(group.getUserMetadata()) .tags(group.getTags()) .ipPermissions(group.getIpPermissions()) .ownerId(group.getOwnerId()); }
public static SecurityGroupBuilder fromSecurityGroup(SecurityGroup group) { return new SecurityGroupBuilder().providerId(group.getProviderId()) .name(group.getName()) .id(group.getId()) .location(group.getLocation()) .uri(group.getUri()) .userMetadata(group.getUserMetadata()) .tags(group.getTags()) .ipPermissions(group.getIpPermissions()) .ownerId(group.getOwnerId()); }
public static SecurityGroupBuilder fromSecurityGroup(SecurityGroup group) { return new SecurityGroupBuilder().providerId(group.getProviderId()) .name(group.getName()) .id(group.getId()) .location(group.getLocation()) .uri(group.getUri()) .userMetadata(group.getUserMetadata()) .tags(group.getTags()) .ipPermissions(group.getIpPermissions()) .ownerId(group.getOwnerId()); }
public void addIpPermissionGroupFromParams() throws Exception { enqueueRegions(DEFAULT_REGION); enqueueXml(DEFAULT_REGION, "/authorize_securitygroup_ingress_response.xml"); enqueueXml(DEFAULT_REGION, "/describe_securitygroups_extension_group.xml"); enqueueXml(DEFAULT_REGION, "/availabilityZones.xml"); SecurityGroup newGroup = extension() .addIpPermission(permByGroup.getIpProtocol(), permByGroup.getFromPort(), permByGroup.getToPort(), permByGroup.getTenantIdGroupNamePairs(), permByGroup.getCidrBlocks(), permByGroup.getGroupIds(), group); IpPermission newPerm = Iterables.getOnlyElement(newGroup.getIpPermissions()); assertEquals(newPerm, permByGroup); assertPosted(DEFAULT_REGION, "Action=DescribeRegions"); assertPosted(DEFAULT_REGION, "Action=AuthorizeSecurityGroupIngress&GroupId=sg-3c6ef654&IpPermissions.0.IpProtocol=tcp&IpPermissions.0.FromPort=22&IpPermissions.0.ToPort=40&IpPermissions.0.Groups.0.UserId=993194456877&IpPermissions.0.Groups.0.GroupId=sg-3c6ef654"); assertPosted(DEFAULT_REGION, "Action=DescribeSecurityGroups&GroupId.1=sg-3c6ef654"); assertPosted(DEFAULT_REGION, "Action=DescribeAvailabilityZones"); }
public void addIpPermissionCidrFromParams() throws Exception { enqueueRegions(DEFAULT_REGION); enqueueXml(DEFAULT_REGION, "/authorize_securitygroup_ingress_response.xml"); enqueueXml(DEFAULT_REGION, "/describe_securitygroups_extension_cidr.xml"); enqueueXml(DEFAULT_REGION, "/availabilityZones.xml"); SecurityGroup newGroup = extension() .addIpPermission(permByCidrBlock.getIpProtocol(), permByCidrBlock.getFromPort(), permByCidrBlock.getToPort(), permByCidrBlock.getTenantIdGroupNamePairs(), permByCidrBlock.getCidrBlocks(), permByCidrBlock.getGroupIds(), group); IpPermission newPerm = Iterables.getOnlyElement(newGroup.getIpPermissions()); assertEquals(newPerm, permByCidrBlock); assertPosted(DEFAULT_REGION, "Action=DescribeRegions"); assertPosted(DEFAULT_REGION, "Action=AuthorizeSecurityGroupIngress&GroupId=sg-3c6ef654&IpPermissions.0.IpProtocol=tcp&IpPermissions.0.FromPort=22&IpPermissions.0.ToPort=40&IpPermissions.0.IpRanges.0.CidrIp=0.0.0.0/0"); assertPosted(DEFAULT_REGION, "Action=DescribeSecurityGroups&GroupId.1=sg-3c6ef654"); assertPosted(DEFAULT_REGION, "Action=DescribeAvailabilityZones"); }