@Override protected DeferredResult<RemoteResourcesPage> getExternalResources( String nextPageLink) { this.service.logFine(() -> "Getting SecurityGroups from AWS"); DescribeSecurityGroupsRequest securityGroupsRequest = new DescribeSecurityGroupsRequest(); String msg = "Getting AWS Security Groups [" + this.request.original.resourceReference + "]"; AWSDeferredResultAsyncHandler<DescribeSecurityGroupsRequest, DescribeSecurityGroupsResult> asyncHandler = new AWSDeferredResultAsyncHandler<>(this.service, msg); this.amazonEC2Client.describeSecurityGroupsAsync(securityGroupsRequest, asyncHandler); return asyncHandler.toDeferredResult().thenCompose((securityGroupsResult) -> { RemoteResourcesPage page = new RemoteResourcesPage(); for (SecurityGroup securityGroup : securityGroupsResult.getSecurityGroups()) { page.resourcesPage.put(securityGroup.getGroupId(), securityGroup); } return DeferredResult.completed(page); }); }
public static void tearDownTestVpc( AmazonEC2AsyncClient client, VerificationHost host, Map<String, Object> awsTestContext, boolean isMock) { if (!isMock && !vpcIdExists(client, AWS_DEFAULT_VPC_ID)) { final String vpcId = (String) awsTestContext.get(VPC_KEY); final String subnetId = (String) awsTestContext.get(SUBNET_KEY); final String internetGatewayId = (String) awsTestContext.get(INTERNET_GATEWAY_KEY); final String securityGroupId = (String) awsTestContext.get(SECURITY_GROUP_KEY); // clean up VPC and all its dependencies if creating one at setUp deleteSecurityGroupUsingEC2Client(client, host, securityGroupId); SecurityGroup securityGroup = new AWSSecurityGroupClient(client) .getSecurityGroup(AWS_DEFAULT_GROUP_NAME, vpcId); if (securityGroup != null) { deleteSecurityGroupUsingEC2Client(client, host, securityGroup.getGroupId()); } deleteSubnet(client, subnetId); detachInternetGateway(client, vpcId, internetGatewayId); deleteInternetGateway(client, internetGatewayId); deleteVPC(client, vpcId); } }
private void validateAWSArtifacts(String securityGroupDescriptionLink, AuthCredentialsServiceState creds) throws Throwable { SecurityGroupState securityGroup = getSecurityGroupState(securityGroupDescriptionLink); AWSSecurityGroupClient client = new AWSSecurityGroupClient( AWSUtils.getAsyncClient(creds, this.region, getExecutor())); // if any artifact is not present then an error will be thrown SecurityGroup sg = client.getSecurityGroupById( securityGroup.customProperties.get(AWSSecurityGroupService.SECURITY_GROUP_ID)); assertNotNull(sg); assertNotNull(sg.getIpPermissions()); assertTrue(sg.getIpPermissions().size() == 2); // check that there is a rule that enables internal communication assertTrue(isInternalRule(sg.getGroupId(), sg.getIpPermissions())); assertNotNull(sg.getIpPermissionsEgress()); // there are two egress rules (one that was added as part of this test, and the default one) assertTrue(sg.getIpPermissionsEgress().size() == 2); // check that there is a rule that enables internal communication assertTrue(isInternalRule(sg.getGroupId(), sg.getIpPermissionsEgress())); }
@Test public void testDefaultSecurityGroupPorts() throws Throwable { // create the group String groupId = this.client.createDefaultSecurityGroup(null); // allow the default ports this.client.addIngressRules(groupId, this.client.getDefaultRules(this.subnet)); // get the updated CM group SecurityGroup group = this.client.getDefaultSecurityGroup(null); List<IpPermission> rules = group.getIpPermissions(); assertTrue(rules.size() > 0); validateDefaultRules(rules); // lets delete the default CM group this.client.deleteSecurityGroup(groupId); }
@Test public void testAllocateSecurityGroupUpdate() throws Throwable { String groupId = this.client.createDefaultSecurityGroup(null); List<IpPermission> rules = new ArrayList<>(); IpRange ipRange = new IpRange().withCidrIp(DEFAULT_ALLOWED_NETWORK); rules.add(new IpPermission() .withIpProtocol(DEFAULT_PROTOCOL) .withFromPort(22) .withToPort(22) .withIpv4Ranges(ipRange)); this.client.addIngressRules(groupId, rules); SecurityGroup updatedGroup = this.client.getDefaultSecurityGroup(null); validateDefaultRules(updatedGroup.getIpPermissions()); this.client.deleteSecurityGroup(groupId); }
/** * This method fetches all security groups in an aws account. * @return List<SecurityGroup> returns all security groups. * @throws AmazonClientException */ public List<SecurityGroup> getAllSecurityGroups() throws AmazonClientException { List<SecurityGroup> allSecurityGroups; try { DescribeSecurityGroupsResult describeSecurityGroupsResult = this.amazonEc2.describeSecurityGroups(); allSecurityGroups = describeSecurityGroupsResult.getSecurityGroups(); } catch(AmazonClientException e) { System.out.println("ERROR : fetching all security groups in the account."); throw e; } List<String> allSecurityGroupsNames = allSecurityGroups.stream().map(e -> e.getGroupName()).collect(Collectors.toList()); System.out.println("INFO : Security Groups Names : " + allSecurityGroupsNames); return allSecurityGroups; }
/** * This method returns list of Evaluation objects. * @param nonCompliantSecurityGroups * @return List<Evaluation> returns list of Evaluation objects. */ private List<Evaluation> createEvaluations(List<SecurityGroup> nonCompliantSecurityGroups) { List<Evaluation> evaluations = new ArrayList<>(); if ( nonCompliantSecurityGroups == null || nonCompliantSecurityGroups.size() > 0 ) { for(SecurityGroup sg: nonCompliantSecurityGroups) { String securityGroupName = sg.getGroupName(); Evaluation evaluation = new Evaluation(); evaluation.setComplianceResourceId(securityGroupName); evaluation.setComplianceResourceType(COMPLIANCE_RESOURCE_TYPE); evaluation.setComplianceType(ComplianceType.NON_COMPLIANT); evaluation.setOrderingTimestamp(new Date()); evaluations.add(evaluation); } } System.out.println("INFO : Number of evaluations : " + evaluations.size()); return evaluations; }
/** * Validates the actual security group permissions against the pre-defined network rules. * * @param client the EC2 client * @param configuration the configuration to be validated * @param accumulator the exception condition accumulator * @param localizationContext the localization context */ private void checkSecurityGroups(AmazonEC2Client client, Configured configuration, PluginExceptionConditionAccumulator accumulator, LocalizationContext localizationContext) { List<String> securityGroupIds = EC2InstanceTemplate.CSV_SPLITTER.splitToList( configuration.getConfigurationValue(SECURITY_GROUP_IDS, localizationContext)); List<SecurityGroup> securityGroups = Collections.emptyList(); try { DescribeSecurityGroupsResult result = client.describeSecurityGroups( new DescribeSecurityGroupsRequest().withGroupIds(securityGroupIds)); securityGroups = result.getSecurityGroups(); } catch (AmazonServiceException e) { if (!e.getErrorCode().startsWith(INVALID_SECURITY_GROUP)) { throw Throwables.propagate(e); } // Otherwise, the error should be caught in anther validation, // EC2InstanceTemplateConfigurationValidator.checkSecurityGroupIds() } for (Direction direction : Direction.values()) { checkRulesForSecurityGroups(securityGroups, direction, accumulator, localizationContext); } }
public static String getSecurityGroupId() { connect(); DescribeSecurityGroupsRequest req = new DescribeSecurityGroupsRequest(); ArrayList<String> groupNames = new ArrayList<String>(); groupNames.add(Configuration.SECURITY_GROUP_NAME); req.setGroupNames(groupNames); DescribeSecurityGroupsResult res = client.describeSecurityGroups(req); List<SecurityGroup> securityGroups = res.getSecurityGroups(); if (securityGroups == null || securityGroups.size() == 0) return null; return securityGroups.get(0).getGroupId(); }
@Override public Map<String, SecurityGroupCheckDetails> check(final Collection<String> groupIds, final String account, final Region region) { final DescribeSecurityGroupsRequest describeSecurityGroupsRequest = new DescribeSecurityGroupsRequest(); describeSecurityGroupsRequest.setGroupIds(groupIds); final AmazonEC2Client amazonEC2Client = clientProvider.getClient( AmazonEC2Client.class, account, region); final DescribeSecurityGroupsResult describeSecurityGroupsResult = amazonEC2Client.describeSecurityGroups( describeSecurityGroupsRequest); final ImmutableMap.Builder<String, SecurityGroupCheckDetails> result = ImmutableMap.builder(); for (final SecurityGroup securityGroup : describeSecurityGroupsResult.getSecurityGroups()) { final List<String> offendingRules = securityGroup.getIpPermissions().stream() .filter(isOffending) .map(Object::toString) .collect(toList()); if (!offendingRules.isEmpty()) { final SecurityGroupCheckDetails details = new SecurityGroupCheckDetails( securityGroup.getGroupName(), ImmutableList.copyOf(offendingRules)); result.put(securityGroup.getGroupId(), details); } } return result.build(); }
@SuppressWarnings("unchecked") @Before public void setUp() throws Exception { final ClientProvider mockClientProvider = mock(ClientProvider.class); final AmazonEC2Client mockEC2 = mock(AmazonEC2Client.class); mockPredicate = (Predicate<IpPermission>) mock(Predicate.class); when(mockClientProvider.getClient(any(), any(), any())).thenReturn(mockEC2); securityGroupsChecker = new SecurityGroupsCheckerImpl(mockClientProvider, mockPredicate); final DescribeSecurityGroupsResult securityGroups = new DescribeSecurityGroupsResult() .withSecurityGroups(new SecurityGroup() .withGroupId("sg-12345678") .withGroupName("my-sec-group") .withIpPermissions(new IpPermission() .withIpProtocol("tcp") .withIpv4Ranges(new IpRange().withCidrIp("0.0.0.0/0")) .withFromPort(0) .withToPort(65535) .withIpv6Ranges(new Ipv6Range().withCidrIpv6("::/0")) .withUserIdGroupPairs(new UserIdGroupPair() .withUserId("111222333444") .withGroupId("sg-11223344")))); when(mockEC2.describeSecurityGroups(any())).thenReturn(securityGroups); }
/** * {@inheritDoc} */ @Override public List<SecurityGroup> getSecurityGroups(Long userNo, Long platformNo) { // セキュリティグループを取得 AwsProcessClient awsProcessClient = awsProcessClientFactory.createAwsProcessClient(userNo, platformNo); DescribeSecurityGroupsRequest request = new DescribeSecurityGroupsRequest(); PlatformAws platformAws = platformAwsDao.read(platformNo); if (BooleanUtils.isTrue(platformAws.getVpc())) { // VPCの場合、VPC IDが同じものを抽出 request.withFilters(new Filter().withName("vpc-id").withValues(platformAws.getVpcId())); } else { // 非VPCの場合、VPC IDが空のものを抽出 request.withFilters(new Filter().withName("vpc-id").withValues("")); } DescribeSecurityGroupsResult result = awsProcessClient.getEc2Client().describeSecurityGroups(request); List<SecurityGroup> securityGroups = result.getSecurityGroups(); // ソート Collections.sort(securityGroups, Comparators.COMPARATOR_SECURITY_GROUP); return securityGroups; }
@Override @SuppressWarnings("rawtypes") protected boolean isEqual(AbstractResource newResource) { SecurityGroup oldSG = this.getResource(); SecurityGroup newSG = (SecurityGroup) newResource.getResource(); if (notEqual(oldSG.getOwnerId(), newSG.getOwnerId())) return false; if (notEqual(oldSG.getGroupName(), newSG.getGroupName())) return false; if (notEqual(oldSG.getGroupId(), newSG.getGroupId())) return false; if (notEqual(oldSG.getDescription(), newSG.getDescription())) return false; if (notEqualIpPermission(oldSG.getIpPermissions(), newSG.getIpPermissions())) return false; if (notEqualIpPermission(oldSG.getIpPermissionsEgress(), newSG.getIpPermissionsEgress())) return false; if (notEqual(oldSG.getVpcId(), newSG.getVpcId())) return false; if (notEqualCollection(oldSG.getTags(), newSG.getTags())) return false; return true; }
@Override public Collection<String> listRuleSets() { DescribeSecurityGroupsRequest request = new DescribeSecurityGroupsRequest(); DescribeSecurityGroupsResult result = null; try { result = client.describeSecurityGroups( request ); } catch ( Exception e ) { LOG.warn( "Error while getting security groups", e ); return new LinkedList<String>(); } Collection<String> groups = new ArrayList<String>(); for( SecurityGroup group : result.getSecurityGroups() ) { groups.add( group.getGroupName() ); } return groups; }
public void createDescribeSecurityGroupResult(String vpcId, String SecurityGroupIds) { Collection<SecurityGroup> securityGroup = new ArrayList<SecurityGroup>(); for (int i = 0; i < SecurityGroupIds.split(",").length; i++) { securityGroup.add(new SecurityGroup() .withGroupId(SecurityGroupIds.split(",")[i]) .withGroupName(SecurityGroupIds.split(",")[i]) .withVpcId(vpcId)); } DescribeSecurityGroupsResult securityGroupResult = new DescribeSecurityGroupsResult() .withSecurityGroups(securityGroup); doReturn(securityGroupResult).when(ec2).describeSecurityGroups(); }
public static List<String> getOrCreateDefaultSecurityGroup(AmazonEC2AsyncClient amazonEC2Client, AWSNicContext nicCtx) { AWSSecurityGroupClient client = new AWSSecurityGroupClient(amazonEC2Client); // in case no group is configured in the properties, attempt to discover the default one if (nicCtx != null && nicCtx.vpc != null) { try { SecurityGroup group = client.getSecurityGroup( DEFAULT_SECURITY_GROUP_NAME, nicCtx.vpc.getVpcId()); if (group != null) { return Arrays.asList(group.getGroupId()); } } catch (AmazonServiceException t) { if (!t.getMessage().contains( DEFAULT_SECURITY_GROUP_NAME)) { throw t; } } } // if the group doesn't exist an exception is thrown. We won't throw a // missing group exception // we will continue and create the group String groupId = client.createDefaultSecurityGroupWithDefaultRules(nicCtx.vpc); return Collections.singletonList(groupId); }
public SecurityGroup getSecurityGroupById(String groupId) { SecurityGroup cellGroup = null; DescribeSecurityGroupsRequest req = new DescribeSecurityGroupsRequest() .withGroupIds(groupId); DescribeSecurityGroupsResult cellGroups = this.client.describeSecurityGroups(req); if (cellGroups != null) { cellGroup = cellGroups.getSecurityGroups().get(0); } return cellGroup; }
public List<SecurityGroup> getSecurityGroups(List<String> names, String vpcId) { DescribeSecurityGroupsRequest req = new DescribeSecurityGroupsRequest(); req.withFilters(new Filter(AWS_GROUP_NAME_FILTER, names)); if (vpcId != null) { req.withFilters(new Filter(AWS_VPC_ID_FILTER, Collections.singletonList(vpcId))); } DescribeSecurityGroupsResult groups = this.client.describeSecurityGroups(req); return groups != null ? groups.getSecurityGroups() : Collections.emptyList(); }
public SecurityGroup getSecurityGroup(String name, String vpcId) { SecurityGroup cellGroup = null; DescribeSecurityGroupsRequest req = new DescribeSecurityGroupsRequest() .withFilters(new Filter("group-name", Collections.singletonList(name))); if (vpcId != null) { req.withFilters(new Filter("vpc-id", Collections.singletonList(vpcId))); } DescribeSecurityGroupsResult cellGroups = this.client.describeSecurityGroups(req); if (cellGroups != null && !cellGroups.getSecurityGroups().isEmpty()) { cellGroup = cellGroups.getSecurityGroups().get(0); } return cellGroup; }
public SecurityGroup getDefaultSecurityGroup(String vpcId) { SecurityGroup cellGroup = null; DescribeSecurityGroupsRequest req = new DescribeSecurityGroupsRequest() .withFilters(new Filter("group-name", Collections.singletonList(DEFAULT_SECURITY_GROUP_NAME))); if (vpcId != null) { req.withFilters(new Filter("vpc-id", Collections.singletonList(vpcId))); } DescribeSecurityGroupsResult cellGroups = this.client.describeSecurityGroups(req); if (cellGroups != null && !cellGroups.getSecurityGroups().isEmpty()) { cellGroup = cellGroups.getSecurityGroups().get(0); } return cellGroup; }
public static SecurityGroup getSecurityGroupsIdUsingEC2Client(AmazonEC2AsyncClient client, String awsGroupId) { if (awsGroupId == null) { return null; } DescribeSecurityGroupsRequest describeSGsRequest = new DescribeSecurityGroupsRequest() .withFilters(new Filter(AWSConstants.AWS_GROUP_ID_FILTER,Collections.singletonList(awsGroupId))); DescribeSecurityGroupsResult describeSGResult = client.describeSecurityGroups(describeSGsRequest); if (describeSGResult.getSecurityGroups().size() > 0) { return describeSGResult.getSecurityGroups().get(0); } else { return null; } }
public static void deleteSecurityGroupUsingEC2Client(AmazonEC2AsyncClient client, VerificationHost host, String awsGroupId) { host.log(Level.INFO, "Starting to delete aws Security group with id %s", awsGroupId); if (awsGroupId == null) { return; } try { DeleteSecurityGroupRequest deleteSecurityGroupRequest = new DeleteSecurityGroupRequest() .withGroupId(awsGroupId); client.deleteSecurityGroup(deleteSecurityGroupRequest); host.waitFor( "Timeout waiting for AWS to delete a SecurityGroup with name " + awsGroupId, () -> { // Check if the SG is actually not present on AWS after the delete operation SecurityGroup discoveredSGOnAWS = getSecurityGroupsIdUsingEC2Client(client, awsGroupId); if (discoveredSGOnAWS != null) { // Requested SG was not deleted from AWS return false; } host.log("Deleted SG with id: %s", awsGroupId); return true; }); } catch (Exception e) { String message = e.getMessage(); if (!message.contains("The security group '" + awsGroupId + "' already exists")) { throw e; } } }
private void deleteProvisionedVMs() throws Throwable { if (this.isMock) { return; } // store the network links and disk links for removal check later List<String> resourcesToDelete = new ArrayList<>(); if (this.vmState.diskLinks != null) { resourcesToDelete.addAll(this.vmState.diskLinks); } if (this.vmState.networkInterfaceLinks != null) { resourcesToDelete.addAll(this.vmState.networkInterfaceLinks); } TestAWSSetupUtils.deleteVMs(this.vmState.documentSelfLink, this.isMock, this.host); if (!this.isMock && !vpcIdExists(this.client, TestAWSSetupUtils.AWS_DEFAULT_VPC_ID)) { SecurityGroup securityGroup = new AWSSecurityGroupClient(this.client) .getSecurityGroup(AWS_DEFAULT_GROUP_NAME, (String) this .awsTestContext.get(TestAWSSetupUtils.VPC_KEY)); if (securityGroup != null) { deleteSecurityGroupUsingEC2Client(this.client, this.host, securityGroup.getGroupId()); } deleteSecurityGroupUsingEC2Client(this.client, this.host, this.sgToCleanUp); } verifyRemovalOfResourceState(this.host, resourcesToDelete); this.vmState = null; this.sgToCleanUp = null; }
private SecurityGroup getAWSSecurityGroup(String name, AuthCredentialsServiceState creds) throws Throwable { AWSSecurityGroupClient client = new AWSSecurityGroupClient( AWSUtils.getAsyncClient(creds, this.region, getExecutor())); // if any artifact is not present then an error will be thrown return client.getSecurityGroup(name, this.vpcId); }
private void deleteProvisionedVMs() throws Throwable { // store the network links and disk links for removal check later List<String> resourcesToDelete = new ArrayList<>(); if (this.vmState.diskLinks != null) { resourcesToDelete.addAll(this.vmState.diskLinks); } if (this.vmState.networkInterfaceLinks != null) { resourcesToDelete.addAll(this.vmState.networkInterfaceLinks); } TestAWSSetupUtils.deleteVMs(this.vmState.documentSelfLink, this.isMock, this.host); if (!this.isMock && !vpcIdExists(this.client, TestAWSSetupUtils.AWS_DEFAULT_VPC_ID)) { SecurityGroup securityGroup = new AWSSecurityGroupClient(this.client) .getSecurityGroup(TestAWSSetupUtils.AWS_DEFAULT_GROUP_NAME, (String) this.awsTestContext.get(TestAWSSetupUtils.VPC_KEY)); if (securityGroup != null) { deleteSecurityGroupUsingEC2Client(this.client, this.host, securityGroup.getGroupId()); } deleteSecurityGroupUsingEC2Client(this.client, this.host, this.sgToCleanUp); } verifyRemovalOfResourceState(this.host, resourcesToDelete); this.vmState = null; this.sgToCleanUp = null; }
private SecurityGroup getAwsSecurityGroup(String id) { try { return this.securityGroupClient.getSecurityGroupById(id); } catch (Exception e) { this.host.log("Exception describing security group with id '%s': %s", id, e.toString()); } return null; }
@Test public void testAllocateSecurityGroup() throws Throwable { this.client.createDefaultSecurityGroup(null); SecurityGroup group = this.client.getDefaultSecurityGroup(null); validateDefaultRules(group.getIpPermissions()); this.client.deleteSecurityGroup(group.getGroupId()); }
@Test public void testUpdateIngressRules() throws Throwable { String groupID = this.client.createDefaultSecurityGroup(null); ArrayList<Rule> rules = TestUtils.getAllowIngressRules(); this.client.addIngressRules(groupID, this.client.buildRules(rules)); SecurityGroup awsSG = this.client.getSecurityGroupById(groupID); List<IpPermission> ingress = awsSG.getIpPermissions(); for (IpPermission rule : ingress) { assertDefaultRules(rule); } this.client.deleteSecurityGroup(groupID); }
@Test public void testGetAllSecurityGroups() { when(ec2UtilsImpl.getAllSecurityGroups()).thenReturn(sgs); List<SecurityGroup> output = ec2UtilsImpl.getAllSecurityGroups(); assertEquals(2, output.size()); }
@Test public void testGetNonComplaintSecurityGroups() { EC2UtilsImpl ec2UtilsImpl = new EC2UtilsImpl(); List<SecurityGroup> nonCompliantSecurityGroups = ec2UtilsImpl.getNonComplaintSecurityGroups(sgs); assertEquals(1, nonCompliantSecurityGroups.size()); assertEquals("VAS_NONCOMPLIANT", nonCompliantSecurityGroups.get(0).getGroupName()); }
public static void main(String[] args) { final String USAGE = "To run this example, supply a group id\n" + "Ex: DescribeSecurityGroups <group-id>\n"; if (args.length != 1) { System.out.println(USAGE); System.exit(1); } String group_id = args[0]; final AmazonEC2 ec2 = AmazonEC2ClientBuilder.defaultClient(); DescribeSecurityGroupsRequest request = new DescribeSecurityGroupsRequest() .withGroupIds(group_id); DescribeSecurityGroupsResult response = ec2.describeSecurityGroups(request); for(SecurityGroup group : response.getSecurityGroups()) { System.out.printf( "Found security group with id %s, " + "vpc id %s " + "and description %s", group.getGroupId(), group.getVpcId(), group.getDescription()); } }
public SecurityGroup createSecurityGroup(CreateSecurityGroupRequest request) { logger.info("create security group, groupName={}", request.getGroupName()); SecurityGroup securityGroup = new SecurityGroup(); CreateSecurityGroupResult result = ec2.createSecurityGroup(request); securityGroup.setGroupName(request.getGroupName()); securityGroup.setGroupId(result.getGroupId()); return securityGroup; }
public void createSecurityGroupIfDoesNotExist(String groupName) { checkState(!isNullOrEmpty(groupName)); List<SecurityGroup> groups = newArrayList(); try { LOG.debug("checking if the security group [{}] already exists on region [{}].", groupName, DEFAULT_API_REGION.getName()); groups = ec2_.describeSecurityGroups(new DescribeSecurityGroupsRequest().withGroupNames(groupName)).getSecurityGroups(); } catch (AmazonServiceException exception) { LOG.debug("The security group {} does not already exist on region {}.", groupName, DEFAULT_API_REGION.getName()); } if (groups.isEmpty()) { LOG.debug("Creating the security group [{}] on region [{}].", groupName, DEFAULT_API_REGION.getName()); CreateSecurityGroupResult createSecurityGroup = ec2_.createSecurityGroup(new CreateSecurityGroupRequest() .withGroupName(groupName) .withDescription("default-app-group")); LOG.debug("The security group [{}] was created on region [{}], and its id is [{}]", groupName, DEFAULT_API_REGION.getName(), createSecurityGroup.getGroupId()); authorizeTcpAndSshIngressTraffic(groupName); } }
@Override public List<SecurityGroup> getSecurityGroups(Long userNo, Long platformNo) { List<SecurityGroup> groups = new ArrayList<SecurityGroup>(); groups.add(new SecurityGroup().withGroupName("default")); groups.add(new SecurityGroup().withGroupName("group01")); groups.add(new SecurityGroup().withGroupName("group02")); return groups; }
@Override protected SecurityGroup convertObject(GroupDescription from) { SecurityGroup to = new SecurityGroup(); to.setOwnerId(from.getOwner()); to.setGroupName(from.getName()); to.setDescription(from.getDescription()); to.setIpPermissions(new IpPermissionConverter().convert(from.getPermissions())); return to; }
public List<SecurityGroup> describeSecurityGroupsByVpcId(AwsProcessClient awsProcessClient, String vpcId) { DescribeSecurityGroupsRequest request = new DescribeSecurityGroupsRequest(); request.withFilters(new Filter().withName("vpc-id").withValues(vpcId)); DescribeSecurityGroupsResult result = awsProcessClient.getEc2Client().describeSecurityGroups(request); List<SecurityGroup> securityGroups = result.getSecurityGroups(); return securityGroups; }
/** * SecurityGroupNameの一覧を取得する * * @param userNo ユーザ番号 * @param platformNo プラットフォーム番号 * @param vpcId vpcId(vpc以外の場合はNULL) * @return SecurityGroupNameの一覧 */ private List<String> getSecurityGroupNames(Long userNo, Long platformNo, String vpcId) { List<String> groupNames = new ArrayList<String>(); List<SecurityGroup> groups = awsDescribeService.getSecurityGroups(userNo, platformNo); for (SecurityGroup group : groups) { groupNames.add(group.getGroupName()); } return groupNames; }
@Override public ImmutableSet<SecurityGroupPermission> getPermissions(String groupName, String dataCenter) { Optional<SecurityGroup> securityGroup = getSecurityGroup(groupName, dataCenter); if (securityGroup.isPresent()) { return fromIpPermissions(securityGroup.get().getIpPermissions()); } return ImmutableSet.of(); }
private static Predicate<SecurityGroup> withGroupName(final String groupName) { return new Predicate<SecurityGroup>() { @Override public boolean apply(SecurityGroup securityGroup) { return securityGroup.getGroupName().equals(groupName); } }; }
