Java 类com.amazonaws.services.ec2.model.UserIdGroupPair 实例源码

@SuppressWarnings("unchecked")
@Before
public void setUp() throws Exception {
    final ClientProvider mockClientProvider = mock(ClientProvider.class);
    final AmazonEC2Client mockEC2 = mock(AmazonEC2Client.class);
    mockPredicate = (Predicate<IpPermission>) mock(Predicate.class);

    when(mockClientProvider.getClient(any(), any(), any())).thenReturn(mockEC2);

    securityGroupsChecker = new SecurityGroupsCheckerImpl(mockClientProvider, mockPredicate);

    final DescribeSecurityGroupsResult securityGroups = new DescribeSecurityGroupsResult()
            .withSecurityGroups(new SecurityGroup()
                    .withGroupId("sg-12345678")
                    .withGroupName("my-sec-group")
                    .withIpPermissions(new IpPermission()
                            .withIpProtocol("tcp")
                            .withIpv4Ranges(new IpRange().withCidrIp("0.0.0.0/0"))
                            .withFromPort(0)
                            .withToPort(65535)
                            .withIpv6Ranges(new Ipv6Range().withCidrIpv6("::/0"))
                            .withUserIdGroupPairs(new UserIdGroupPair()
                                    .withUserId("111222333444")
                                    .withGroupId("sg-11223344"))));
    when(mockEC2.describeSecurityGroups(any())).thenReturn(securityGroups);
}

@Override
public void execute(Context context) throws Exception {
    List<IpPermission> permissions = new ArrayList<>();

    addedIngressRules.forEach((protocol, sources) -> {
        IpPermission permission = new IpPermission()
            .withIpProtocol(protocol.ipProtocol)
            .withFromPort(protocol.fromPort)
            .withToPort(protocol.toPort);

        for (SecurityGroup.Source source : sources) {
            if (source.securityGroup != null) {
                permission.getUserIdGroupPairs()
                    .add(new UserIdGroupPair().withGroupId(source.securityGroup.remoteSecurityGroup.getGroupId()));
            } else if (source.ipRange != null) {
                permission.getIpv4Ranges().add(source.ipRange);
            }
        }

        permissions.add(permission);
    });

    AWS.ec2.createSGIngressRules(resource.remoteSecurityGroup.getGroupId(), permissions);
}

@Test
void linkDeleteSGRuleTask() {
    Tasks tasks = new Tasks();

    SecurityGroup adminSG = new SecurityGroup("admin");
    adminSG.remoteSecurityGroup = new com.amazonaws.services.ec2.model.SecurityGroup().withGroupId("admin");
    SecurityGroup webSG = new SecurityGroup("web");
    webSG.remoteSecurityGroup = new com.amazonaws.services.ec2.model.SecurityGroup().withGroupId("web")
                                                                                    .withIpPermissions(new IpPermission().withUserIdGroupPairs(new UserIdGroupPair().withGroupId("admin")));

    DeleteSGTask deleteAdminTask = tasks.add(new DeleteSGTask(adminSG));

    DeleteSGTask deleteWebTask = tasks.add(new DeleteSGTask(webSG));
    DeleteSGRuleTask deleteWebRuleTask = tasks.add(new DeleteSGRuleTask(webSG, webSG.remoteSecurityGroup.getIpPermissions()));
    deleteWebTask.dependsOn(deleteWebTask);

    new SGTaskPlanner(tasks).plan();

    assertTrue(deleteAdminTask.dependencies.contains(deleteWebRuleTask));
}

private IpPermission buildInnerRule(String securityGroupId) {
    return new IpPermission()
            .withIpProtocol(ALL_PROTOCOLS)
            .withUserIdGroupPairs(Collections.singletonList(
                    new UserIdGroupPair()
                    .withGroupId(securityGroupId)
            ));
}

@Test
public void testAllTrafficFromSecurityGroups() throws Exception {
    assertThat(pred).rejects(
            new IpPermission()
                    .withIpProtocol("-1")
                    .withUserIdGroupPairs(
                            new UserIdGroupPair().withUserId("111222333444").withGroupId("sg-11223344")));
}

List<IpPermission> findDeletedIngressRules() {
    List<IpPermission> deletedRules = new ArrayList<>();

    for (IpPermission permission : remoteIngressRules) {
        // delete all traffic rules
        if ("-1".equals(permission.getIpProtocol())) {
            deletedRules.add(permission);
            continue;
        }

        Protocol protocol = new Protocol(permission.getIpProtocol(), permission.getFromPort(), permission.getToPort());
        List<SecurityGroup.Source> sources = localIngressRules.get(protocol);
        if (sources == null) {
            deletedRules.add(permission);
            continue;
        }

        List<IpRange> deletedIpRanges = permission.getIpv4Ranges().stream()
                                                  .filter(ipRange -> !containsIpRange(sources, ipRange))
                                                  .collect(Collectors.toList());

        List<UserIdGroupPair> deletedSecurityGroupIds = new ArrayList<>();
        deletedSecurityGroupIds.addAll(permission.getUserIdGroupPairs().stream()
            .filter(userGroup -> !containsSourceUserGroup(sources, userGroup))
            .map(userGroup -> new UserIdGroupPair().withUserId(userGroup.getUserId()).withGroupId(userGroup.getGroupId()))
            .collect(Collectors.toList()));

        if (!deletedIpRanges.isEmpty() || !deletedSecurityGroupIds.isEmpty()) {
            IpPermission rule = new IpPermission()
                .withIpProtocol(permission.getIpProtocol())
                .withFromPort(permission.getFromPort())
                .withToPort(permission.getToPort())
                .withIpv4Ranges(deletedIpRanges)
                .withUserIdGroupPairs(deletedSecurityGroupIds);
            deletedRules.add(rule);
        }
    }

    return deletedRules;
}

private boolean remoteIngressRuleContainsSource(IpPermission rule, SecurityGroup.Source source) {
    if (source.securityGroup != null && source.securityGroup.remoteSecurityGroup != null) {
        for (UserIdGroupPair userGroup : rule.getUserIdGroupPairs()) {
            if (userGroup.getGroupId().equals(source.securityGroup.remoteSecurityGroup.getGroupId()))
                return true;
        }
    }
    return false;
}

@Override
public void execute(Context context) throws Exception {
    for (IpPermission permission : deletedIngressRules) {
        for (UserIdGroupPair userGroup : permission.getUserIdGroupPairs()) {
            // it's not allowed to put both groupName and groupId in request
            userGroup.setGroupName(null);
        }
    }

    AWS.ec2.deleteSGIngressRules(resource.remoteSecurityGroup.getGroupId(), deletedIngressRules);
}

private void linkDeleteRuleTask(DeleteSGRuleTask ruleTask) {
    for (IpPermission rule : ruleTask.deletedIngressRules) {
        for (UserIdGroupPair userIdGroup : rule.getUserIdGroupPairs()) {
            final String sourceSGId = userIdGroup.getGroupId();

            all(DeleteSGTask.class).stream()
                .filter(task -> sourceSGId.equals(task.resource.remoteSecurityGroup.getGroupId()))
                .findAny().ifPresent(task -> task.dependsOn(ruleTask));
        }
    }
}

@Override
protected UserIdGroupPair convertObject(String[] from) {
    UserIdGroupPair to = new UserIdGroupPair();

    to.setUserId(from[0]);
    to.setGroupName(from[1]);

    return to;
}

private boolean containsSourceUserGroup(Collection<SecurityGroup.Source> sources, final UserIdGroupPair sourceUserGroup) {
    return sources.stream().anyMatch(source -> source.securityGroup != null && source.securityGroup.remoteSecurityGroup != null
        && sourceUserGroup.getGroupId().equals(source.securityGroup.remoteSecurityGroup.getGroupId()));
}

@Override
public int compare(UserIdGroupPair uig1, UserIdGroupPair uig2) {
    return new CompareToBuilder().append(uig1.getGroupId(), uig2.getGroupId()).toComparison();
}