@Override public SecurityGroup removeIpPermission(IpProtocol protocol, int startPort, int endPort, Multimap<String, String> tenantIdGroupNamePairs, Iterable<String> ipRanges, Iterable<String> groupIds, SecurityGroup group) { String region = AWSUtils.getRegionFromLocationOrNull(group.getLocation()); String name = group.getName(); if (!Iterables.isEmpty(ipRanges)) { for (String cidr : ipRanges) { client.getSecurityGroupApi().get(). revokeSecurityGroupIngressInRegion(region, name, protocol, startPort, endPort, cidr); } } if (!tenantIdGroupNamePairs.isEmpty()) { for (String userId : tenantIdGroupNamePairs.keySet()) { for (String groupName : tenantIdGroupNamePairs.get(userId)) { client.getSecurityGroupApi().get(). revokeSecurityGroupIngressInRegion(region, name, new UserIdGroupPair(userId, groupName)); } } } return getSecurityGroupById(new RegionAndName(region, group.getName()).slashEncode()); }
@Override public SecurityGroup removeIpPermission(IpProtocol protocol, int startPort, int endPort, Multimap<String, String> tenantIdGroupNamePairs, Iterable<String> ipRanges, Iterable<String> groupIds, SecurityGroup group) { String region = AWSUtils.getRegionFromLocationOrNull(group.getLocation()); String name = group.getName(); if (!Iterables.isEmpty(ipRanges)) { for (String cidr : ipRanges) { client.getSecurityGroupApi().get(). revokeSecurityGroupIngressInRegion(region, name, protocol, startPort, endPort, cidr); } } if (!tenantIdGroupNamePairs.isEmpty()) { for (String userId : tenantIdGroupNamePairs.keySet()) { for (String groupName : tenantIdGroupNamePairs.get(userId)) { client.getSecurityGroupApi().get(). revokeSecurityGroupIngressInRegion(region, name, new UserIdGroupPair(userId, groupName)); } } } return getSecurityGroupById(new RegionAndName(region, group.getName()).slashEncode()); }
@Override public SecurityGroup removeIpPermission(IpProtocol protocol, int startPort, int endPort, Multimap<String, String> tenantIdGroupNamePairs, Iterable<String> ipRanges, Iterable<String> groupIds, SecurityGroup group) { String region = AWSUtils.getRegionFromLocationOrNull(group.getLocation()); String name = group.getName(); if (!Iterables.isEmpty(ipRanges)) { for (String cidr : ipRanges) { client.getSecurityGroupApi().get(). revokeSecurityGroupIngressInRegion(region, name, protocol, startPort, endPort, cidr); } } if (!tenantIdGroupNamePairs.isEmpty()) { for (String userId : tenantIdGroupNamePairs.keySet()) { for (String groupName : tenantIdGroupNamePairs.get(userId)) { client.getSecurityGroupApi().get(). revokeSecurityGroupIngressInRegion(region, name, new UserIdGroupPair(userId, groupName)); } } } return getSecurityGroupById(new RegionAndName(region, group.getName()).slashEncode()); }
/** * Revokes access to the specified ports of the node, from the specified source. */ @Override public void revoke(ComputeService service, NodeMetadata node, String source, int... ports) { String region = AWSUtils.parseHandle(node.getId())[0]; EC2Api ec2Api = service.getContext().unwrapApi(EC2Api.class); String groupName = "jclouds#" + node.getGroup() + "#" + region; for (int port : ports) { try { ec2Api.getSecurityGroupApi().get() .revokeSecurityGroupIngressInRegion(region, groupName, IpProtocol.TCP, port, port, source); } catch (IllegalStateException e) { //noop } } }
@Override public SecurityGroup removeIpPermission(IpPermission ipPermission, SecurityGroup group) { String region = AWSUtils.getRegionFromLocationOrNull(group.getLocation()); String name = group.getName(); if (!ipPermission.getCidrBlocks().isEmpty()) { for (String cidr : ipPermission.getCidrBlocks()) { client.getSecurityGroupApi().get(). revokeSecurityGroupIngressInRegion(region, name, ipPermission.getIpProtocol(), ipPermission.getFromPort(), ipPermission.getToPort(), cidr); } } if (!ipPermission.getTenantIdGroupNamePairs().isEmpty()) { for (String userId : ipPermission.getTenantIdGroupNamePairs().keySet()) { for (String groupName : ipPermission.getTenantIdGroupNamePairs().get(userId)) { client.getSecurityGroupApi().get(). revokeSecurityGroupIngressInRegion(region, name, new UserIdGroupPair(userId, groupName)); } } } return getSecurityGroupById(new RegionAndName(region, group.getName()).slashEncode()); }
@Override public SecurityGroup removeIpPermission(IpPermission ipPermission, SecurityGroup group) { String region = AWSUtils.getRegionFromLocationOrNull(group.getLocation()); String name = group.getName(); if (!ipPermission.getCidrBlocks().isEmpty()) { for (String cidr : ipPermission.getCidrBlocks()) { client.getSecurityGroupApi().get(). revokeSecurityGroupIngressInRegion(region, name, ipPermission.getIpProtocol(), ipPermission.getFromPort(), ipPermission.getToPort(), cidr); } } if (!ipPermission.getTenantIdGroupNamePairs().isEmpty()) { for (String userId : ipPermission.getTenantIdGroupNamePairs().keySet()) { for (String groupName : ipPermission.getTenantIdGroupNamePairs().get(userId)) { client.getSecurityGroupApi().get(). revokeSecurityGroupIngressInRegion(region, name, new UserIdGroupPair(userId, groupName)); } } } return getSecurityGroupById(new RegionAndName(region, group.getName()).slashEncode()); }
@Override public SecurityGroup removeIpPermission(IpPermission ipPermission, SecurityGroup group) { String region = AWSUtils.getRegionFromLocationOrNull(group.getLocation()); String name = group.getName(); if (!ipPermission.getCidrBlocks().isEmpty()) { for (String cidr : ipPermission.getCidrBlocks()) { client.getSecurityGroupApi().get(). revokeSecurityGroupIngressInRegion(region, name, ipPermission.getIpProtocol(), ipPermission.getFromPort(), ipPermission.getToPort(), cidr); } } if (!ipPermission.getTenantIdGroupNamePairs().isEmpty()) { for (String userId : ipPermission.getTenantIdGroupNamePairs().keySet()) { for (String groupName : ipPermission.getTenantIdGroupNamePairs().get(userId)) { client.getSecurityGroupApi().get(). revokeSecurityGroupIngressInRegion(region, name, new UserIdGroupPair(userId, groupName)); } } } return getSecurityGroupById(new RegionAndName(region, group.getName()).slashEncode()); }
/** * Removes all rules. */ @Override public void flush(ComputeService service, NodeMetadata node) { String region = AWSUtils.parseHandle(node.getId())[0]; EC2Api ec2Api = service.getContext().unwrapApi(EC2Api.class); String groupName = "jclouds#" + node.getGroup() + "#" + region; Set<SecurityGroup> matchedSecurityGroups = ec2Api.getSecurityGroupApi().get().describeSecurityGroupsInRegion(region, groupName); for (SecurityGroup securityGroup : matchedSecurityGroups) { for (IpPermission ipPermission : securityGroup) { for (String cdr : ipPermission.getCidrBlocks()) { ec2Api.getSecurityGroupApi().get().revokeSecurityGroupIngressInRegion(region, groupName, IpProtocol.TCP, ipPermission.getFromPort(), ipPermission.getToPort(), cdr ); } } } //We want at least ssh access from everywhere. authorize(service, node, "0.0.0.0/0", 22); }
@Test void testAuthorizeSecurityGroupIngressCidr() { String groupName = PREFIX + "ingress"; cleanupAndSleep(groupName); try { client.createSecurityGroupInRegion(null, groupName, groupName); client.authorizeSecurityGroupIngressInRegion(null, groupName, IpProtocol.TCP, 80, 80, "0.0.0.0/0"); assertEventually(new GroupHasPermission(client, groupName, new TCPPort80AllIPs())); client.revokeSecurityGroupIngressInRegion(null, groupName, IpProtocol.TCP, 80, 80, "0.0.0.0/0"); assertEventually(new GroupHasNoPermissions(client, groupName)); } finally { client.deleteSecurityGroupInRegion(null, groupName); } }
@Test void testAuthorizeSecurityGroupIngressSourcePort() { String groupName = PREFIX + "ingress"; cleanupAndSleep(groupName); try { client.createSecurityGroupInRegion(null, groupName, groupName); client.authorizeSecurityGroupIngressInRegion(null, groupName, IpProtocol.TCP, 80, 80, "0.0.0.0/0"); assertEventually(new GroupHasPermission(client, groupName, new TCPPort80AllIPs())); client.revokeSecurityGroupIngressInRegion(null, groupName, IpProtocol.TCP, 80, 80, "0.0.0.0/0"); assertEventually(new GroupHasNoPermissions(client, groupName)); } finally { client.deleteSecurityGroupInRegion(null, groupName); } }
client.revokeSecurityGroupIngressInRegion(null, group2Name, new UserIdGroupPair(group.getOwnerId(), group1Name)); assertEventually(new GroupHasNoPermissions(client, group2Name));
client.revokeSecurityGroupIngressInRegion(null, group2Name, new UserIdGroupPair(group.getOwnerId(), group1Name)); assertEventually(new GroupHasNoPermissions(client, group2Name));