/** * Authorizes access to the specified ports of the node, from the specified source. */ @Override public void authorize(ComputeService service, NodeMetadata node, String source, int... ports) { String region = AWSUtils.parseHandle(node.getId())[0]; Optional<? extends SecurityGroupApi> securityGroupApi = getSecurityGroup(service, region); if (securityGroupApi.isPresent()) { String groupName = "jclouds-" + node.getGroup(); Optional<? extends SecurityGroup> securityGroup = getSecurityGroupForGroup(securityGroupApi.get(), groupName); if (securityGroup.isPresent()) { for (int port : ports) { try { securityGroupApi.get().createRuleAllowingCidrBlock(securityGroup.get().getId(), Ingress.builder() .ipProtocol(IpProtocol.TCP) .fromPort(port).toPort(port).build(), source); } catch (IllegalStateException e) { //noop } } } } }
public void testCreateSecurityGroupRuleForCidrBlockWhenResponseIs2xx() throws Exception { HttpRequest createRule = HttpRequest .builder() .method("POST") .endpoint("https://az-1.region-a.geo-1.compute.hpcloudsvc.com/v2/3456/os-security-group-rules") .addHeader("Accept", "application/json") .addHeader("X-Auth-Token", authToken) .payload( payloadFromStringWithContentType( "{\"security_group_rule\":{\"parent_group_id\":\"161\",\"cidr\":\"0.0.0.0/0\",\"ip_protocol\":\"tcp\",\"from_port\":\"80\",\"to_port\":\"8080\"}}", "application/json")).build(); HttpResponse createRuleResponse = HttpResponse.builder().statusCode(200).payload( payloadFromResource("/securitygrouprule_created.json")).build(); NovaApi apiWhenSecurityGroupsExist = requestsSendResponses(keystoneAuthWithUsernameAndPasswordAndTenantName, responseWithKeystoneAccess, extensionsOfNovaRequest, extensionsOfNovaResponse, createRule, createRuleResponse); assertEquals(apiWhenSecurityGroupsExist.getSecurityGroupApi("az-1.region-a.geo-1").get() .createRuleAllowingCidrBlock("161", Ingress.builder().ipProtocol(IpProtocol.TCP).fromPort(80).toPort(8080).build(), "0.0.0.0/0") .toString(), createRuleExpected().toString()); }
public void testCreateSecurityGroupRuleForSecurityGroupIdWhenResponseIs2xx() throws Exception { HttpRequest createRule = HttpRequest .builder() .method("POST") .endpoint("https://az-1.region-a.geo-1.compute.hpcloudsvc.com/v2/3456/os-security-group-rules") .addHeader("Accept", "application/json") .addHeader("X-Auth-Token", authToken) .payload( payloadFromStringWithContentType( "{\"security_group_rule\":{\"group_id\":\"999\",\"parent_group_id\":\"161\",\"ip_protocol\":\"tcp\",\"from_port\":\"80\",\"to_port\":\"8080\"}}", "application/json")).build(); HttpResponse createRuleResponse = HttpResponse.builder().statusCode(200).payload( payloadFromResource("/securitygrouprule_created.json")).build(); NovaApi apiWhenSecurityGroupsExist = requestsSendResponses(keystoneAuthWithUsernameAndPasswordAndTenantName, responseWithKeystoneAccess, extensionsOfNovaRequest, extensionsOfNovaResponse, createRule, createRuleResponse); assertEquals(apiWhenSecurityGroupsExist.getSecurityGroupApi("az-1.region-a.geo-1").get() .createRuleAllowingSecurityGroupId("161", Ingress.builder().ipProtocol(IpProtocol.TCP).fromPort(80).toPort(8080).build(), "999") .toString(), createRuleExpected().toString()); }
public void testCreateSecurityGroupRuleForSecurityGroupIdWhenResponseIs2xx() throws Exception { HttpRequest createRule = HttpRequest .builder() .method("POST") .endpoint("https://az-1.region-a.geo-1.compute.hpcloudsvc.com/v1.1/3456/os-security-group-rules") .addHeader("Accept", "application/json") .addHeader("X-Auth-Token", authToken) .payload( payloadFromStringWithContentType( "{\"security_group_rule\":{\"group_id\":\"999\",\"parent_group_id\":\"161\",\"ip_protocol\":\"tcp\",\"from_port\":\"80\",\"to_port\":\"8080\"}}", "application/json")).build(); HttpResponse createRuleResponse = HttpResponse.builder().statusCode(200).payload( payloadFromResource("/securitygrouprule_created.json")).build(); NovaApi apiWhenSecurityGroupsExist = requestsSendResponses(keystoneAuthWithUsernameAndPasswordAndTenantName, responseWithKeystoneAccess, extensionsOfNovaRequest, extensionsOfNovaResponse, createRule, createRuleResponse); assertEquals(apiWhenSecurityGroupsExist.getSecurityGroupExtensionForZone("az-1.region-a.geo-1").get() .createRuleAllowingSecurityGroupId("161", Ingress.builder().ipProtocol(IpProtocol.TCP).fromPort(80).toPort(8080).build(), "999") .toString(), createRuleExpected().toString()); }
public void testCreateSecurityGroupRuleForCidrBlockWhenResponseIs2xx() throws Exception { HttpRequest createRule = HttpRequest .builder() .method("POST") .endpoint("https://az-1.region-a.geo-1.compute.hpcloudsvc.com/v1.1/3456/os-security-group-rules") .addHeader("Accept", "application/json") .addHeader("X-Auth-Token", authToken) .payload( payloadFromStringWithContentType( "{\"security_group_rule\":{\"parent_group_id\":\"161\",\"cidr\":\"0.0.0.0/0\",\"ip_protocol\":\"tcp\",\"from_port\":\"80\",\"to_port\":\"8080\"}}", "application/json")).build(); HttpResponse createRuleResponse = HttpResponse.builder().statusCode(200).payload( payloadFromResource("/securitygrouprule_created.json")).build(); NovaApi apiWhenSecurityGroupsExist = requestsSendResponses(keystoneAuthWithUsernameAndPasswordAndTenantName, responseWithKeystoneAccess, extensionsOfNovaRequest, extensionsOfNovaResponse, createRule, createRuleResponse); assertEquals(apiWhenSecurityGroupsExist.getSecurityGroupExtensionForZone("az-1.region-a.geo-1").get() .createRuleAllowingCidrBlock("161", Ingress.builder().ipProtocol(IpProtocol.TCP).fromPort(80).toPort(8080).build(), "0.0.0.0/0") .toString(), createRuleExpected().toString()); }
public T fromIngress(Ingress in) { return this .ipProtocol(in.getIpProtocol()) .fromPort(in.getFromPort()) .toPort(in.getToPort()); } }
public T fromIngress(Ingress in) { return this .ipProtocol(in.getIpProtocol()) .fromPort(in.getFromPort()) .toPort(in.getToPort()); } }
private void authorizeGroupToItselfAndAllIPsToTCPPort( org.jclouds.openstack.nova.v2_0.extensions.SecurityGroupApi securityGroupApi, org.jclouds.openstack.nova.v2_0.domain.SecurityGroup securityGroup, int port) { logger.debug(">> authorizing securityGroup(%s) permission to 0.0.0.0/0 on port %d", securityGroup, port); securityGroupApi.createRuleAllowingCidrBlock(securityGroup.getId(), Ingress.builder().ipProtocol(IpProtocol.TCP).fromPort(port).toPort(port).build(), "0.0.0.0/0"); logger.debug("<< authorized securityGroup(%s) permission to 0.0.0.0/0 on port %d", securityGroup, port); }
public T fromIngress(Ingress in) { return this .ipProtocol(in.getIpProtocol()) .fromPort(in.getFromPort()) .toPort(in.getToPort()); } }
private void authorizeGroupToItselfAndAllIPsToTCPPort(SecurityGroupApi securityGroupApi, SecurityGroup securityGroup, int port) { logger.debug(">> authorizing securityGroup(%s) permission to 0.0.0.0/0 on port %d", securityGroup, port); securityGroupApi.createRuleAllowingCidrBlock(securityGroup.getId(), Ingress.builder().ipProtocol( IpProtocol.TCP).fromPort(port).toPort(port).build(), "0.0.0.0/0"); logger.debug("<< authorized securityGroup(%s) permission to 0.0.0.0/0 on port %d", securityGroup, port); } }
private void authorizeGroupToItselfAndAllIPsToTCPPort(SecurityGroupApi securityGroupApi, SecurityGroup securityGroup, int port) { logger.debug(">> authorizing securityGroup(%s) permission to 0.0.0.0/0 on port %d", securityGroup, port); securityGroupApi.createRuleAllowingCidrBlock(securityGroup.getId(), Ingress.builder().ipProtocol( IpProtocol.TCP).fromPort(port).toPort(port).build(), "0.0.0.0/0"); logger.debug("<< authorized securityGroup(%s) permission to 0.0.0.0/0 on port %d", securityGroup, port); } }
public T fromIngress(Ingress in) { return this .ipProtocol(in.getIpProtocol()) .fromPort(in.getFromPort()) .toPort(in.getToPort()); } }
public T fromIngress(Ingress in) { return this .ipProtocol(in.getIpProtocol()) .fromPort(in.getFromPort()) .toPort(in.getToPort()); } }
private void authorizeGroupToItselfAndAllIPsToTCPPort(SecurityGroupApi securityGroupApi, SecurityGroup securityGroup, int port) { logger.debug(">> authorizing securityGroup(%s) permission to 0.0.0.0/0 on port %d", securityGroup, port); securityGroupApi.createRuleAllowingCidrBlock(securityGroup.getId(), Ingress.builder().ipProtocol( IpProtocol.TCP).fromPort(port).toPort(port).build(), "0.0.0.0/0"); logger.debug("<< authorized securityGroup(%s) permission to 0.0.0.0/0 on port %d", securityGroup, port); } }
private void authorizeGroupToItselfAndAllIPsToTCPPort( org.jclouds.openstack.nova.v2_0.extensions.SecurityGroupApi securityGroupApi, org.jclouds.openstack.nova.v2_0.domain.SecurityGroup securityGroup, int port) { logger.debug(">> authorizing securityGroup(%s) permission to 0.0.0.0/0 on port %d", securityGroup, port); securityGroupApi.createRuleAllowingCidrBlock(securityGroup.getId(), Ingress.builder().ipProtocol(IpProtocol.TCP).fromPort(port).toPort(port).build(), "0.0.0.0/0"); logger.debug("<< authorized securityGroup(%s) permission to 0.0.0.0/0 on port %d", securityGroup, port); }
public T fromIngress(Ingress in) { return this .ipProtocol(in.getIpProtocol()) .fromPort(in.getFromPort()) .toPort(in.getToPort()); } }
private void authorizeGroupToItselfAndAllIPsToTCPPort(SecurityGroupApi securityGroupApi, SecurityGroup securityGroup, int port) { logger.debug(">> authorizing securityGroup(%s) permission to 0.0.0.0/0 on port %d", securityGroup, port); securityGroupApi.createRuleAllowingCidrBlock(securityGroup.getId(), Ingress.builder().ipProtocol( IpProtocol.TCP).fromPort(port).toPort(port).build(), "0.0.0.0/0"); logger.debug("<< authorized securityGroup(%s) permission to 0.0.0.0/0 on port %d", securityGroup, port); } }