protected void createIngressRuleForTCPPort(String region, String name, int port) { logger.debug(">> authorizing securityGroup region(%s) name(%s) port(%s)", region, name, port); securityClient.authorizeSecurityGroupIngressInRegion(region, name, IpProtocol.TCP, port, port, "0.0.0.0/0"); logger.debug("<< authorized securityGroup(%s)", name); }
protected void createIngressRuleForTCPPort(String region, String name, int port) { logger.debug(">> authorizing securityGroup region(%s) name(%s) port(%s)", region, name, port); securityClient.authorizeSecurityGroupIngressInRegion(region, name, IpProtocol.TCP, port, port, "0.0.0.0/0"); logger.debug("<< authorized securityGroup(%s)", name); }
protected void createIngressRuleForTCPPort(String region, String name, int port) { logger.debug(">> authorizing securityGroup region(%s) name(%s) port(%s)", region, name, port); securityClient.authorizeSecurityGroupIngressInRegion(region, name, IpProtocol.TCP, port, port, "0.0.0.0/0"); logger.debug("<< authorized securityGroup(%s)", name); }
private void initSecurityGroup(TemplateBuilderSpec spec, String securityGroup) { if (!isEC2) { return; } // in case of AWS, we are going to create the security group, if it doesn't exist AWSEC2Api ec2Api = compute.getContext().unwrapApi(AWSEC2Api.class); SecurityGroupApi securityGroupApi = ec2Api.getSecurityGroupApi().get(); String region = spec.getLocationId(); if (region == null) { region = "us-east-1"; } Set<SecurityGroup> securityGroups = securityGroupApi.describeSecurityGroupsInRegion(region, securityGroup); if (!securityGroups.isEmpty()) { LOGGER.info("Security group: '" + securityGroup + "' is found in region '" + region + '\''); return; } LOGGER.info("Security group: '" + securityGroup + "' is not found in region '" + region + "', creating it on the fly"); securityGroupApi.createSecurityGroupInRegion(region, securityGroup, securityGroup); for (Map.Entry<Integer, Integer> portRangeEntry : portRangeMap.entrySet()) { int startPort = portRangeEntry.getKey(); int endPort = portRangeEntry.getValue(); securityGroupApi.authorizeSecurityGroupIngressInRegion(region, securityGroup, TCP, startPort, endPort, CIDR_RANGE); } }
securityGroupApi.authorizeSecurityGroupIngressInRegion(region, securityGroup, IpProtocol.TCP, 22, 22, "0.0.0.0/0"); securityGroupApi.authorizeSecurityGroupIngressInRegion(region, securityGroup, IpProtocol.TCP, 9000, 9001, "0.0.0.0/0"); securityGroupApi.authorizeSecurityGroupIngressInRegion(region, securityGroup, IpProtocol.TCP, 5701, 5751, "0.0.0.0/0");
protected void authorizeGroupToItself(String region, String name) { logger.debug(">> authorizing securityGroup region(%s) name(%s) permission to itself", region, name); String myOwnerId = Iterables.get(securityClient.describeSecurityGroupsInRegion(region, name), 0).getOwnerId(); securityClient.authorizeSecurityGroupIngressInRegion(region, name, new UserIdGroupPair(myOwnerId, name)); logger.debug("<< authorized securityGroup(%s)", name); }
protected void authorizeGroupToItself(String region, String name) { logger.debug(">> authorizing securityGroup region(%s) name(%s) permission to itself", region, name); String myOwnerId = Iterables.get(securityClient.describeSecurityGroupsInRegion(region, name), 0).getOwnerId(); securityClient.authorizeSecurityGroupIngressInRegion(region, name, new UserIdGroupPair(myOwnerId, name)); logger.debug("<< authorized securityGroup(%s)", name); }
protected void authorizeGroupToItself(String region, String name) { logger.debug(">> authorizing securityGroup region(%s) name(%s) permission to itself", region, name); String myOwnerId = Iterables.get(securityClient.describeSecurityGroupsInRegion(region, name), 0).getOwnerId(); securityClient.authorizeSecurityGroupIngressInRegion(region, name, new UserIdGroupPair(myOwnerId, name)); logger.debug("<< authorized securityGroup(%s)", name); }
@Override public SecurityGroup addIpPermission(IpProtocol protocol, int startPort, int endPort, Multimap<String, String> tenantIdGroupNamePairs, Iterable<String> ipRanges, Iterable<String> groupIds, SecurityGroup group) { String region = AWSUtils.getRegionFromLocationOrNull(group.getLocation()); String name = group.getName(); if (!Iterables.isEmpty(ipRanges)) { for (String cidr : ipRanges) { client.getSecurityGroupApi().get(). authorizeSecurityGroupIngressInRegion(region, name, protocol, startPort, endPort, cidr); } } if (!tenantIdGroupNamePairs.isEmpty()) { for (String userId : tenantIdGroupNamePairs.keySet()) { for (String groupName : tenantIdGroupNamePairs.get(userId)) { client.getSecurityGroupApi().get(). authorizeSecurityGroupIngressInRegion(region, name, new UserIdGroupPair(userId, groupName)); } } } return getSecurityGroupById(new RegionAndName(region, group.getName()).slashEncode()); }
@Override public SecurityGroup addIpPermission(IpProtocol protocol, int startPort, int endPort, Multimap<String, String> tenantIdGroupNamePairs, Iterable<String> ipRanges, Iterable<String> groupIds, SecurityGroup group) { String region = AWSUtils.getRegionFromLocationOrNull(group.getLocation()); String name = group.getName(); if (!Iterables.isEmpty(ipRanges)) { for (String cidr : ipRanges) { client.getSecurityGroupApi().get(). authorizeSecurityGroupIngressInRegion(region, name, protocol, startPort, endPort, cidr); } } if (!tenantIdGroupNamePairs.isEmpty()) { for (String userId : tenantIdGroupNamePairs.keySet()) { for (String groupName : tenantIdGroupNamePairs.get(userId)) { client.getSecurityGroupApi().get(). authorizeSecurityGroupIngressInRegion(region, name, new UserIdGroupPair(userId, groupName)); } } } return getSecurityGroupById(new RegionAndName(region, group.getName()).slashEncode()); }
@Override public SecurityGroup addIpPermission(IpProtocol protocol, int startPort, int endPort, Multimap<String, String> tenantIdGroupNamePairs, Iterable<String> ipRanges, Iterable<String> groupIds, SecurityGroup group) { String region = AWSUtils.getRegionFromLocationOrNull(group.getLocation()); String name = group.getName(); if (!Iterables.isEmpty(ipRanges)) { for (String cidr : ipRanges) { client.getSecurityGroupApi().get(). authorizeSecurityGroupIngressInRegion(region, name, protocol, startPort, endPort, cidr); } } if (!tenantIdGroupNamePairs.isEmpty()) { for (String userId : tenantIdGroupNamePairs.keySet()) { for (String groupName : tenantIdGroupNamePairs.get(userId)) { client.getSecurityGroupApi().get(). authorizeSecurityGroupIngressInRegion(region, name, new UserIdGroupPair(userId, groupName)); } } } return getSecurityGroupById(new RegionAndName(region, group.getName()).slashEncode()); }
@Test(enabled = false) void testCreateSecurityGroupIngressCidr() throws InterruptedException, ExecutionException, TimeoutException { securityGroupName = INSTANCE_PREFIX + "ingress"; try { client.getSecurityGroupApi().get().deleteSecurityGroupInRegion(null, securityGroupName); } catch (Exception e) { } client.getSecurityGroupApi().get().createSecurityGroupInRegion(null, securityGroupName, securityGroupName); client.getSecurityGroupApi().get().authorizeSecurityGroupIngressInRegion(null, securityGroupName, IpProtocol.TCP, 80, 80, "0.0.0.0/0"); client.getSecurityGroupApi().get().authorizeSecurityGroupIngressInRegion(null, securityGroupName, IpProtocol.TCP, 443, 443, "0.0.0.0/0"); client.getSecurityGroupApi().get().authorizeSecurityGroupIngressInRegion(null, securityGroupName, IpProtocol.TCP, 22, 22, "0.0.0.0/0"); }
@SuppressWarnings("unchecked") @Test public void testWhenPort22AndToItselfAuthorizesIngressTwice() throws ExecutionException { SecurityGroupApi client = createMock(SecurityGroupApi.class); Predicate<RegionAndName> tester = Predicates.alwaysTrue(); SecurityGroup group = createNiceMock(SecurityGroup.class); Set<SecurityGroup> groups = ImmutableSet.<SecurityGroup> of(group); client.createSecurityGroupInRegion("region", "group", "group"); client.authorizeSecurityGroupIngressInRegion("region", "group", IpProtocol.TCP, 22, 22, "0.0.0.0/0"); expect(client.describeSecurityGroupsInRegion("region", "group")).andReturn(Set.class.cast(groups)); expect(group.getOwnerId()).andReturn("ownerId"); client.authorizeSecurityGroupIngressInRegion("region", "group", new UserIdGroupPair("ownerId", "group")); replay(client); replay(group); CreateSecurityGroupIfNeeded function = new CreateSecurityGroupIfNeeded(client, tester); assertEquals("group", function.load(new RegionNameAndIngressRules("region", "group", new int[] { 22 }, true, null))); verify(client); verify(group); }
/** * Authorizes access to the specified ports of the node, from the specified source. */ @Override public void authorize(ComputeService service, NodeMetadata node, String source, int... ports) { String region = AWSUtils.parseHandle(node.getId())[0]; EC2Api ec2Api = service.getContext().unwrapApi(EC2Api.class); String groupName = "jclouds#" + node.getGroup(); for (int port : ports) { try { ec2Api.getSecurityGroupApi().get() .authorizeSecurityGroupIngressInRegion(region, groupName, IpProtocol.TCP, port, port, source); } catch (IllegalStateException e) { //noop } } }
@Override public SecurityGroup addIpPermission(IpPermission ipPermission, SecurityGroup group) { String region = AWSUtils.getRegionFromLocationOrNull(group.getLocation()); String name = group.getName(); if (!ipPermission.getCidrBlocks().isEmpty()) { for (String cidr : ipPermission.getCidrBlocks()) { client.getSecurityGroupApi().get(). authorizeSecurityGroupIngressInRegion(region, name, ipPermission.getIpProtocol(), ipPermission.getFromPort(), ipPermission.getToPort(), cidr); } } if (!ipPermission.getTenantIdGroupNamePairs().isEmpty()) { for (String userId : ipPermission.getTenantIdGroupNamePairs().keySet()) { for (String groupName : ipPermission.getTenantIdGroupNamePairs().get(userId)) { client.getSecurityGroupApi().get(). authorizeSecurityGroupIngressInRegion(region, name, new UserIdGroupPair(userId, groupName)); } } } return getSecurityGroupById(new RegionAndName(region, group.getName()).slashEncode()); }
@Test(enabled = false) void testCreateSecurityGroupIngressCidr() throws InterruptedException, ExecutionException, TimeoutException { securityGroupName = instancePrefix + "ingress"; try { client.getSecurityGroupApi().get().deleteSecurityGroupInRegion(null, securityGroupName); } catch (Exception e) { } client.getSecurityGroupApi().get().createSecurityGroupInRegion(null, securityGroupName, securityGroupName); for (int port : new int[] { 80, 443, 22 }) { client.getSecurityGroupApi().get().authorizeSecurityGroupIngressInRegion(null, securityGroupName, IpProtocol.TCP, port, port, "0.0.0.0/0"); } }
@Override public SecurityGroup addIpPermission(IpPermission ipPermission, SecurityGroup group) { String region = AWSUtils.getRegionFromLocationOrNull(group.getLocation()); String name = group.getName(); if (!ipPermission.getCidrBlocks().isEmpty()) { for (String cidr : ipPermission.getCidrBlocks()) { client.getSecurityGroupApi().get(). authorizeSecurityGroupIngressInRegion(region, name, ipPermission.getIpProtocol(), ipPermission.getFromPort(), ipPermission.getToPort(), cidr); } } if (!ipPermission.getTenantIdGroupNamePairs().isEmpty()) { for (String userId : ipPermission.getTenantIdGroupNamePairs().keySet()) { for (String groupName : ipPermission.getTenantIdGroupNamePairs().get(userId)) { client.getSecurityGroupApi().get(). authorizeSecurityGroupIngressInRegion(region, name, new UserIdGroupPair(userId, groupName)); } } } return getSecurityGroupById(new RegionAndName(region, group.getName()).slashEncode()); }
@Override public SecurityGroup addIpPermission(IpPermission ipPermission, SecurityGroup group) { String region = AWSUtils.getRegionFromLocationOrNull(group.getLocation()); String name = group.getName(); if (!ipPermission.getCidrBlocks().isEmpty()) { for (String cidr : ipPermission.getCidrBlocks()) { client.getSecurityGroupApi().get(). authorizeSecurityGroupIngressInRegion(region, name, ipPermission.getIpProtocol(), ipPermission.getFromPort(), ipPermission.getToPort(), cidr); } } if (!ipPermission.getTenantIdGroupNamePairs().isEmpty()) { for (String userId : ipPermission.getTenantIdGroupNamePairs().keySet()) { for (String groupName : ipPermission.getTenantIdGroupNamePairs().get(userId)) { client.getSecurityGroupApi().get(). authorizeSecurityGroupIngressInRegion(region, name, new UserIdGroupPair(userId, groupName)); } } } return getSecurityGroupById(new RegionAndName(region, group.getName()).slashEncode()); }
@Test void testAuthorizeSecurityGroupIngressCidr() { String groupName = PREFIX + "ingress"; cleanupAndSleep(groupName); try { client.createSecurityGroupInRegion(null, groupName, groupName); client.authorizeSecurityGroupIngressInRegion(null, groupName, IpProtocol.TCP, 80, 80, "0.0.0.0/0"); assertEventually(new GroupHasPermission(client, groupName, new TCPPort80AllIPs())); client.revokeSecurityGroupIngressInRegion(null, groupName, IpProtocol.TCP, 80, 80, "0.0.0.0/0"); assertEventually(new GroupHasNoPermissions(client, groupName)); } finally { client.deleteSecurityGroupInRegion(null, groupName); } }
@Test void testAuthorizeSecurityGroupIngressSourcePort() { String groupName = PREFIX + "ingress"; cleanupAndSleep(groupName); try { client.createSecurityGroupInRegion(null, groupName, groupName); client.authorizeSecurityGroupIngressInRegion(null, groupName, IpProtocol.TCP, 80, 80, "0.0.0.0/0"); assertEventually(new GroupHasPermission(client, groupName, new TCPPort80AllIPs())); client.revokeSecurityGroupIngressInRegion(null, groupName, IpProtocol.TCP, 80, 80, "0.0.0.0/0"); assertEventually(new GroupHasNoPermissions(client, groupName)); } finally { client.deleteSecurityGroupInRegion(null, groupName); } }