@Override public boolean apply(Firewall input) { boolean groupsMatchTags = (permission.getGroupIds().isEmpty() && input.getSourceTags().isEmpty()) || !Sets.intersection(permission.getGroupIds(), input.getSourceTags()).isEmpty(); boolean cidrsMatchRanges =(permission.getCidrBlocks().isEmpty() && input.getSourceRanges().isEmpty()) || !Sets.intersection(permission.getCidrBlocks(), input.getSourceRanges()).isEmpty(); boolean firewallHasPorts = hasProtocol(permission.getIpProtocol()).apply(input) && ((permission.getFromPort() == 0 && permission.getToPort() == 0) || hasPortRange(Range.closed(permission.getFromPort(), permission.getToPort())).apply(input)); return groupsMatchTags && cidrsMatchRanges && firewallHasPorts; } };
@Override public boolean apply(Firewall input) { boolean groupsMatchTags = (permission.getGroupIds().isEmpty() && input.getSourceTags().isEmpty()) || !Sets.intersection(permission.getGroupIds(), input.getSourceTags()).isEmpty(); boolean cidrsMatchRanges = (permission.getCidrBlocks().isEmpty() && input.getSourceRanges().isEmpty()) || !Sets.intersection(permission.getCidrBlocks(), input.getSourceRanges()).isEmpty(); boolean firewallHasPorts = hasProtocol(permission.getIpProtocol()).apply(input) && ((permission.getFromPort() == 0 && permission.getToPort() == 0) || hasPortRange(Range.closed(permission.getFromPort(), permission.getToPort())).apply(input)); return groupsMatchTags && cidrsMatchRanges && firewallHasPorts; } };
@Override public SecurityGroup removeIpPermission(final IpPermission ipPermission, final SecurityGroup group) { checkNotNull(group, "group"); checkNotNull(ipPermission, "ipPermission"); final String id = checkNotNull(group.getId(), "group.getId()"); final String ruleName = NetworkSecurityGroups.createRuleName( azureComputeConstants.tcpRuleFormat(), ipPermission.getFromPort(), ipPermission.getToPort()); // remove rule to NSG removeRuleFromNetworkSecurityGroup(id, ruleName); return transformNetworkSecurityGroupToSecurityGroup(id); }
private void assertPermissionsAdded(int expectedFrom, int expectedTo, IpProtocol expectedProtocol) { ArgumentCaptor<List> listArgumentCaptor = ArgumentCaptor.forClass(List.class); verify(sgCustomizer).addPermissionsToLocationAndReturnSecurityGroup(any(JcloudsMachineLocation.class), listArgumentCaptor.capture()); IpPermission ipPermission = (IpPermission) listArgumentCaptor.getValue().get(0); assertEquals(ipPermission.getFromPort(), expectedFrom); assertEquals(ipPermission.getToPort(), expectedTo); assertEquals(ipPermission.getIpProtocol(), expectedProtocol); }
@Override public boolean apply(Firewall.Rule input) { return permission.getIpProtocol().equals(input.getIpProtocol()) && ((input.getPorts().isEmpty() && permission.getFromPort() == 0 && permission.getToPort() == 0) || (input.getPorts().asRanges().size() == 1 && permission.getFromPort() == Iterables.getOnlyElement(input.getPorts().asRanges()).lowerEndpoint() && permission.getToPort() == Iterables.getOnlyElement(input.getPorts().asRanges()).upperEndpoint())); } };
@Override public boolean apply(Firewall.Rule input) { return permission.getIpProtocol().equals(input.getIpProtocol()) && ((input.getPorts().isEmpty() && permission.getFromPort() == 0 && permission.getToPort() == 0) || (input.getPorts().asRanges().size() == 1 && permission.getFromPort() == Iterables.getOnlyElement(input.getPorts().asRanges()).lowerEndpoint() && permission.getToPort() == Iterables.getOnlyElement(input.getPorts().asRanges()).upperEndpoint())); } };
@Override public boolean apply(IpPermission arg0) { return arg0.getIpProtocol() == IpProtocol.TCP && arg0.getFromPort() == 80 && arg0.getToPort() == 80 && arg0.getCidrBlocks().equals(ImmutableSet.of("0.0.0.0/0")); } }
@Override public SecurityGroup addIpPermission(final IpPermission ipPermission, final SecurityGroup group) { checkNotNull(group, "group"); checkNotNull(ipPermission, "ipPermission"); final String id = checkNotNull(group.getId(), "group.getId()"); final int priority = NetworkSecurityGroups.getFirstAvailablePriority( NetworkSecurityGroups.getCustomRules(api.getNetworkSecurityGroupApi().getFullDetails(group.getName()))); final String ruleName = NetworkSecurityGroups.createRuleName( azureComputeConstants.tcpRuleFormat(), ipPermission.getFromPort(), ipPermission.getToPort()); // add rule to NSG addRuleToNetworkSecurityGroup(id, ruleName, priority, ipPermission); return transformNetworkSecurityGroupToSecurityGroup(id); }
@Override public boolean apply(@Nullable Rule input) { return input.getRemoteIpPrefix() != null && input.getRemoteIpPrefix().equals(cidr) && input.getProtocol() != null && input.getProtocol().name().equals(ipPermission.getIpProtocol().name()) && input.getPortRangeMin() != null && input.getPortRangeMin() == ipPermission.getFromPort() && input.getPortRangeMax() != null && input.getPortRangeMax() == ipPermission.getToPort(); } })) {
@Override public boolean apply(@Nullable Rule input) { return input.getRemoteGroupId() != null && input.getRemoteGroupId().equals(groupId) && input.getProtocol() != null && input.getProtocol().name().equals(ipPermission.getIpProtocol().name()) && input.getPortRangeMin() != null && input.getPortRangeMin() == ipPermission.getFromPort() && input.getPortRangeMax() != null && input.getPortRangeMax() == ipPermission.getToPort(); } })) {
@Override public boolean apply(@Nullable Rule input) { return input.getRemoteIpPrefix() != null && input.getRemoteIpPrefix().equals(cidr) && input.getProtocol() != null && input.getProtocol().name().equals(ipPermission.getIpProtocol().name()) && input.getPortRangeMin() != null && input.getPortRangeMin() == ipPermission.getFromPort() && input.getPortRangeMax() != null && input.getPortRangeMax() == ipPermission.getToPort(); } })) {
@Override public boolean apply(@Nullable Rule input) { return input.getRemoteGroupId() != null && input.getRemoteGroupId().equals(groupId) && input.getProtocol() != null && input.getProtocol().name().equals(ipPermission.getIpProtocol().name()) && input.getPortRangeMin() != null && input.getPortRangeMin() == ipPermission.getFromPort() && input.getPortRangeMax() != null && input.getPortRangeMax() == ipPermission.getToPort(); } })) {
@Override public SecurityGroup addIpPermission(IpPermission ipPermission, SecurityGroup group) { return addIpPermission(ipPermission.getIpProtocol(), ipPermission.getFromPort(), ipPermission.getToPort(), ipPermission.getTenantIdGroupNamePairs(), ipPermission.getCidrBlocks(), ipPermission.getGroupIds(), group); }
@Override public SecurityGroup removeIpPermission(IpPermission ipPermission, SecurityGroup group) { return removeIpPermission(ipPermission.getIpProtocol(), ipPermission.getFromPort(), ipPermission.getToPort(), ipPermission.getTenantIdGroupNamePairs(), ipPermission.getCidrBlocks(), ipPermission.getGroupIds(), group); }
@Override public SecurityGroup addIpPermission(IpPermission ipPermission, SecurityGroup group) { return addIpPermission(ipPermission.getIpProtocol(), ipPermission.getFromPort(), ipPermission.getToPort(), ipPermission.getTenantIdGroupNamePairs(), ipPermission.getCidrBlocks(), ipPermission.getGroupIds(), group); }
@Override public SecurityGroup removeIpPermission(IpPermission ipPermission, SecurityGroup group) { return removeIpPermission(ipPermission.getIpProtocol(), ipPermission.getFromPort(), ipPermission.getToPort(), ipPermission.getTenantIdGroupNamePairs(), ipPermission.getCidrBlocks(), ipPermission.getGroupIds(), group); }
@Override public boolean apply(SecurityGroup scipPermission) { for (IpPermission ipPermission : scipPermission.getIpPermissions()) { if (ipPermission.getFromPort() == fromPort && ipPermission.getToPort() == toPort && ipPermission.getIpProtocol() == ipProtocol) { return true; } } return false; } };
@Override public boolean apply(IpPermission arg0) { return arg0.getTenantIdGroupNamePairs().equals(ImmutableMultimap.of(group.getOwnerId(), group1Id)) && arg0.getFromPort() == 80 && arg0.getToPort() == 80 && arg0.getIpProtocol() == IpProtocol.TCP; } }));
@Test public void testApplyWithGroup() { NovaSecurityGroupInRegionToSecurityGroup parser = createGroupParser(); final org.jclouds.openstack.nova.v2_0.domain.SecurityGroup otherGroup = securityGroupWithCidr(); SecurityGroupInRegion origGroup = new SecurityGroupInRegion(securityGroupWithGroup(), region.getId(), allGroups); SecurityGroup newGroup = parser.apply(origGroup); assertEquals(newGroup.getId(), origGroup.getRegion() + "/" + origGroup.getSecurityGroup().getId()); assertEquals(newGroup.getProviderId(), origGroup.getSecurityGroup().getId()); assertEquals(newGroup.getName(), origGroup.getSecurityGroup().getName()); assertEquals(newGroup.getOwnerId(), origGroup.getSecurityGroup().getTenantId()); final IpPermission permission = Iterables.getOnlyElement(newGroup.getIpPermissions()); assertEquals(Iterables.getOnlyElement(permission.getGroupIds()), region.getId() + "/" + otherGroup.getId()); assertEquals(permission.getFromPort(), 10); assertEquals(permission.getToPort(), 20); assertTrue(permission.getCidrBlocks().isEmpty()); assertEquals(newGroup.getLocation().getId(), origGroup.getRegion()); }
public void addIpPermissionCidrFromParams() throws Exception { enqueueRegions(DEFAULT_REGION); enqueueXml(DEFAULT_REGION, "/authorize_securitygroup_ingress_response.xml"); enqueueXml(DEFAULT_REGION, "/describe_securitygroups_extension_cidr.xml"); enqueueXml(DEFAULT_REGION, "/availabilityZones.xml"); SecurityGroup newGroup = extension() .addIpPermission(permByCidrBlock.getIpProtocol(), permByCidrBlock.getFromPort(), permByCidrBlock.getToPort(), permByCidrBlock.getTenantIdGroupNamePairs(), permByCidrBlock.getCidrBlocks(), permByCidrBlock.getGroupIds(), group); IpPermission newPerm = Iterables.getOnlyElement(newGroup.getIpPermissions()); assertEquals(newPerm, permByCidrBlock); assertPosted(DEFAULT_REGION, "Action=DescribeRegions"); assertPosted(DEFAULT_REGION, "Action=AuthorizeSecurityGroupIngress&GroupId=sg-3c6ef654&IpPermissions.0.IpProtocol=tcp&IpPermissions.0.FromPort=22&IpPermissions.0.ToPort=40&IpPermissions.0.IpRanges.0.CidrIp=0.0.0.0/0"); assertPosted(DEFAULT_REGION, "Action=DescribeSecurityGroups&GroupId.1=sg-3c6ef654"); assertPosted(DEFAULT_REGION, "Action=DescribeAvailabilityZones"); }